Source code

001/*
002 *  Licensed to the Apache Software Foundation (ASF) under one
003 *  or more contributor license agreements.  See the NOTICE file
004 *  distributed with this work for additional information
005 *  regarding copyright ownership.  The ASF licenses this file
006 *  to you under the Apache License, Version 2.0 (the
007 *  "License"); you may not use this file except in compliance
008 *  with the License.  You may obtain a copy of the License at
009 *
010 *    http://www.apache.org/licenses/LICENSE-2.0
011 *
012 *  Unless required by applicable law or agreed to in writing,
013 *  software distributed under the License is distributed on an
014 *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015 *  KIND, either express or implied.  See the License for the
016 *  specific language governing permissions and limitations
017 *  under the License.
018 *
019 */
020package org.apache.directory.server.ldap.handlers.sasl.digestMD5;
021
022
023import java.util.HashMap;
024import java.util.Map;
025
026import javax.security.auth.callback.CallbackHandler;
027import javax.security.sasl.Sasl;
028import javax.security.sasl.SaslServer;
029
030import org.apache.directory.api.ldap.model.constants.SupportedSaslMechanisms;
031import org.apache.directory.api.ldap.model.message.BindRequest;
032import org.apache.directory.server.core.api.CoreSession;
033import org.apache.directory.server.ldap.LdapServer;
034import org.apache.directory.server.ldap.LdapSession;
035import org.apache.directory.server.ldap.handlers.sasl.AbstractMechanismHandler;
036import org.apache.directory.server.ldap.handlers.sasl.SaslConstants;
037
038
039/**
040 * The DIGEST-MD5 mechanism handler.
041 * 
042 * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
043 */
044public class DigestMd5MechanismHandler extends AbstractMechanismHandler
045{
046    /**
047     * Create a list of all the configured realms.
048     * 
049     * @param ldapServer the LdapServer for which we want to get the realms
050     * @return a list of realms, separated by spaces
051     */
052    private String getActiveRealms( LdapServer ldapServer )
053    {
054        StringBuilder realms = new StringBuilder();
055        boolean isFirst = true;
056
057        for ( String realm : ldapServer.getSaslRealms() )
058        {
059            if ( isFirst )
060            {
061                isFirst = false;
062            }
063            else
064            {
065                realms.append( ' ' );
066            }
067
068            realms.append( realm );
069        }
070
071        return realms.toString();
072    }
073
074
075    public SaslServer handleMechanism( LdapSession ldapSession, BindRequest bindRequest ) throws Exception
076    {
077        SaslServer ss = ( SaslServer ) ldapSession.getSaslProperty( SaslConstants.SASL_SERVER );
078
079        if ( ss == null )
080        {
081            CoreSession adminSession = ldapSession.getLdapServer().getDirectoryService().getAdminSession();
082
083            CallbackHandler callbackHandler = new DigestMd5CallbackHandler( ldapSession, adminSession, bindRequest );
084
085            ss = Sasl.createSaslServer(
086                SupportedSaslMechanisms.DIGEST_MD5,
087                SaslConstants.LDAP_PROTOCOL,
088                ( String ) ldapSession.getSaslProperty( SaslConstants.SASL_HOST ),
089                ( Map<String, String> ) ldapSession.getSaslProperty( SaslConstants.SASL_PROPS ),
090                callbackHandler );
091            ldapSession.putSaslProperty( SaslConstants.SASL_SERVER, ss );
092        }
093
094        return ss;
095    }
096
097
098    /**
099     * {@inheritDoc}
100     */
101    public void init( LdapSession ldapSession )
102    {
103        // Store the host in the ldap session
104        String saslHost = ldapSession.getLdapServer().getSaslHost();
105        String userBaseDn = ldapSession.getLdapServer().getSearchBaseDn();
106
107        ldapSession.putSaslProperty( SaslConstants.SASL_HOST, saslHost );
108        ldapSession.putSaslProperty( SaslConstants.SASL_USER_BASE_DN, userBaseDn );
109
110        Map<String, String> saslProps = new HashMap<>();
111        saslProps.put( Sasl.QOP, ldapSession.getLdapServer().getSaslQopString() );
112        saslProps.put( "com.sun.security.sasl.digest.realm", getActiveRealms( ldapSession.getLdapServer() ) );
113        ldapSession.putSaslProperty( SaslConstants.SASL_PROPS, saslProps );
114    }
115
116
117    /**
118     * Remove the Host, UserBaseDn, props and Mechanism property.
119     * 
120     * @param ldapSession the LdapSession instance
121     */
122    public void cleanup( LdapSession ldapSession )
123    {
124        // Inject the Sasl Filter
125        insertSaslFilter( ldapSession );
126
127        // and cleanup the useless informations
128        ldapSession.removeSaslProperty( SaslConstants.SASL_HOST );
129        ldapSession.removeSaslProperty( SaslConstants.SASL_USER_BASE_DN );
130        ldapSession.removeSaslProperty( SaslConstants.SASL_MECH );
131        ldapSession.removeSaslProperty( SaslConstants.SASL_PROPS );
132        ldapSession.removeSaslProperty( SaslConstants.SASL_AUTHENT_USER );
133    }
134}