001/* 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, 013 * software distributed under the License is distributed on an 014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 015 * KIND, either express or implied. See the License for the 016 * specific language governing permissions and limitations 017 * under the License. 018 * 019 */ 020package org.apache.directory.server.ldap.handlers.sasl.digestMD5; 021 022 023import java.util.HashMap; 024import java.util.Map; 025 026import javax.security.auth.callback.CallbackHandler; 027import javax.security.sasl.Sasl; 028import javax.security.sasl.SaslServer; 029 030import org.apache.directory.api.ldap.model.constants.SupportedSaslMechanisms; 031import org.apache.directory.api.ldap.model.message.BindRequest; 032import org.apache.directory.server.core.api.CoreSession; 033import org.apache.directory.server.ldap.LdapServer; 034import org.apache.directory.server.ldap.LdapSession; 035import org.apache.directory.server.ldap.handlers.sasl.AbstractMechanismHandler; 036import org.apache.directory.server.ldap.handlers.sasl.SaslConstants; 037 038 039/** 040 * The DIGEST-MD5 mechanism handler. 041 * 042 * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a> 043 */ 044public class DigestMd5MechanismHandler extends AbstractMechanismHandler 045{ 046 /** 047 * Create a list of all the configured realms. 048 * 049 * @param ldapServer the LdapServer for which we want to get the realms 050 * @return a list of realms, separated by spaces 051 */ 052 private String getActiveRealms( LdapServer ldapServer ) 053 { 054 StringBuilder realms = new StringBuilder(); 055 boolean isFirst = true; 056 057 for ( String realm : ldapServer.getSaslRealms() ) 058 { 059 if ( isFirst ) 060 { 061 isFirst = false; 062 } 063 else 064 { 065 realms.append( ' ' ); 066 } 067 068 realms.append( realm ); 069 } 070 071 return realms.toString(); 072 } 073 074 075 public SaslServer handleMechanism( LdapSession ldapSession, BindRequest bindRequest ) throws Exception 076 { 077 SaslServer ss = ( SaslServer ) ldapSession.getSaslProperty( SaslConstants.SASL_SERVER ); 078 079 if ( ss == null ) 080 { 081 CoreSession adminSession = ldapSession.getLdapServer().getDirectoryService().getAdminSession(); 082 083 CallbackHandler callbackHandler = new DigestMd5CallbackHandler( ldapSession, adminSession, bindRequest ); 084 085 ss = Sasl.createSaslServer( 086 SupportedSaslMechanisms.DIGEST_MD5, 087 SaslConstants.LDAP_PROTOCOL, 088 ( String ) ldapSession.getSaslProperty( SaslConstants.SASL_HOST ), 089 ( Map<String, String> ) ldapSession.getSaslProperty( SaslConstants.SASL_PROPS ), 090 callbackHandler ); 091 ldapSession.putSaslProperty( SaslConstants.SASL_SERVER, ss ); 092 } 093 094 return ss; 095 } 096 097 098 /** 099 * {@inheritDoc} 100 */ 101 public void init( LdapSession ldapSession ) 102 { 103 // Store the host in the ldap session 104 String saslHost = ldapSession.getLdapServer().getSaslHost(); 105 String userBaseDn = ldapSession.getLdapServer().getSearchBaseDn(); 106 107 ldapSession.putSaslProperty( SaslConstants.SASL_HOST, saslHost ); 108 ldapSession.putSaslProperty( SaslConstants.SASL_USER_BASE_DN, userBaseDn ); 109 110 Map<String, String> saslProps = new HashMap<>(); 111 saslProps.put( Sasl.QOP, ldapSession.getLdapServer().getSaslQopString() ); 112 saslProps.put( "com.sun.security.sasl.digest.realm", getActiveRealms( ldapSession.getLdapServer() ) ); 113 ldapSession.putSaslProperty( SaslConstants.SASL_PROPS, saslProps ); 114 } 115 116 117 /** 118 * Remove the Host, UserBaseDn, props and Mechanism property. 119 * 120 * @param ldapSession the LdapSession instance 121 */ 122 public void cleanup( LdapSession ldapSession ) 123 { 124 // Inject the Sasl Filter 125 insertSaslFilter( ldapSession ); 126 127 // and cleanup the useless informations 128 ldapSession.removeSaslProperty( SaslConstants.SASL_HOST ); 129 ldapSession.removeSaslProperty( SaslConstants.SASL_USER_BASE_DN ); 130 ldapSession.removeSaslProperty( SaslConstants.SASL_MECH ); 131 ldapSession.removeSaslProperty( SaslConstants.SASL_PROPS ); 132 ldapSession.removeSaslProperty( SaslConstants.SASL_AUTHENT_USER ); 133 } 134}