View Javadoc
1   /*
2    *  Licensed to the Apache Software Foundation (ASF) under one
3    *  or more contributor license agreements.  See the NOTICE file
4    *  distributed with this work for additional information
5    *  regarding copyright ownership.  The ASF licenses this file
6    *  to you under the Apache License, Version 2.0 (the
7    *  "License"); you may not use this file except in compliance
8    *  with the License.  You may obtain a copy of the License at
9    *  
10   *    http://www.apache.org/licenses/LICENSE-2.0
11   *  
12   *  Unless required by applicable law or agreed to in writing,
13   *  software distributed under the License is distributed on an
14   *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   *  KIND, either express or implied.  See the License for the
16   *  specific language governing permissions and limitations
17   *  under the License. 
18   *  
19   */
20  package org.apache.directory.server.core.jndi;
21  
22  
23  import java.util.Hashtable;
24  
25  import javax.naming.ConfigurationException;
26  import javax.naming.Context;
27  import javax.naming.NamingException;
28  
29  import org.apache.directory.api.ldap.model.constants.AuthenticationLevel;
30  import org.apache.directory.api.ldap.model.exception.LdapInvalidDnException;
31  import org.apache.directory.api.ldap.model.name.Dn;
32  import org.apache.directory.api.util.Strings;
33  import org.apache.directory.server.i18n.I18n;
34  
35  
36  /**
37   * A wrapper around a JNDI environment which checks for correct LDAP specific 
38   * environment settings.
39   *
40   * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
41   */
42  public class LdapJndiProperties
43  {
44      private static final String SASL_AUTHID = "java.naming.security.sasl.authorizationId";
45  
46      private Dn providerDn;
47      private Dn bindDn;
48      private String saslAuthId;
49      private AuthenticationLevel level;
50      private String saslMechanism;
51      private byte[] credentials;
52  
53  
54      public static AuthenticationLevel getAuthenticationLevel( Hashtable env ) throws NamingException
55      {
56          AuthenticationLevel level;
57          Object credobj = env.get( Context.SECURITY_CREDENTIALS );
58          Object authentication = env.get( Context.SECURITY_AUTHENTICATION );
59  
60          // -------------------------------------------------------------------
61          // Figure out and set the authentication level and mechanisms
62          // -------------------------------------------------------------------
63  
64          if ( authentication == null )
65          {
66              // if the property is not set but Context.SECURITY_CREDENTIALS is then SIMPLE
67              if ( credobj == null )
68              {
69                  level = AuthenticationLevel.NONE;
70              }
71              else
72              {
73                  level = AuthenticationLevel.SIMPLE;
74              }
75          }
76          else if ( !( authentication instanceof String ) )
77          {
78              throw new ConfigurationException( I18n.err( I18n.ERR_483, authentication.getClass(),
79                  Context.SECURITY_AUTHENTICATION ) );
80          }
81          else
82          {
83              if ( AuthenticationLevel.NONE.toString().equals( authentication ) )
84              {
85                  level = AuthenticationLevel.NONE;
86              }
87              else if ( AuthenticationLevel.SIMPLE.toString().equals( authentication ) )
88              {
89                  level = AuthenticationLevel.SIMPLE;
90              }
91              else
92              {
93                  level = AuthenticationLevel.STRONG;
94              }
95          }
96  
97          return level;
98      }
99  
100 
101     public static LdapJndiProperties getLdapJndiProperties( Hashtable env ) throws NamingException
102     {
103         if ( env == null )
104         {
105             throw new ConfigurationException( "environment cannot be null" );
106         }
107 
108         LdapJndiPropertiesjndi/LdapJndiProperties.html#LdapJndiProperties">LdapJndiProperties props = new LdapJndiProperties();
109         Object principal = env.get( Context.SECURITY_PRINCIPAL );
110         Object credobj = env.get( Context.SECURITY_CREDENTIALS );
111         Object authentication = env.get( Context.SECURITY_AUTHENTICATION );
112 
113         // -------------------------------------------------------------------
114         // check for the provider URL property 
115         // -------------------------------------------------------------------
116 
117         if ( !env.containsKey( Context.PROVIDER_URL ) )
118         {
119             String msg = I18n.err( I18n.ERR_484, Context.PROVIDER_URL );
120             throw new ConfigurationException( msg );
121         }
122 
123         String url = ( String ) env.get( Context.PROVIDER_URL );
124 
125         if ( url == null )
126         {
127             String msg = I18n.err( I18n.ERR_485, Context.PROVIDER_URL );
128             throw new ConfigurationException( msg );
129         }
130 
131         if ( url.trim().equals( "" ) )
132         {
133             props.providerDn = Dn.ROOT_DSE;
134         }
135         else
136         {
137             try
138             {
139                 props.providerDn = new Dn( url );
140             }
141             catch ( LdapInvalidDnException lide )
142             {
143                 String msg = I18n.err( I18n.ERR_733, url );
144                 throw new ConfigurationException( msg );
145             }
146         }
147 
148         // -------------------------------------------------------------------
149         // Figure out and set the authentication level and mechanisms
150         // -------------------------------------------------------------------
151 
152         if ( authentication == null )
153         {
154             // if the property is not set but Context.SECURITY_CREDENTIALS is then SIMPLE
155             if ( credobj == null )
156             {
157                 props.level = AuthenticationLevel.NONE;
158             }
159             else
160             {
161                 props.level = AuthenticationLevel.SIMPLE;
162             }
163         }
164         else if ( !( authentication instanceof String ) )
165         {
166             throw new ConfigurationException( I18n.err( I18n.ERR_483, authentication.getClass(),
167                 Context.SECURITY_AUTHENTICATION ) );
168         }
169         else
170         {
171             if ( AuthenticationLevel.NONE.toString().equals( authentication ) )
172             {
173                 props.level = AuthenticationLevel.NONE;
174             }
175             else if ( AuthenticationLevel.SIMPLE.toString().equals( authentication ) )
176             {
177                 props.level = AuthenticationLevel.SIMPLE;
178             }
179             else
180             {
181                 props.level = AuthenticationLevel.STRONG;
182                 props.saslMechanism = ( String ) authentication;
183             }
184         }
185 
186         // -------------------------------------------------------------------
187         // Figure out and set the security principal bindDn and saslAuthId
188         // -------------------------------------------------------------------
189 
190         if ( principal == null && props.level == AuthenticationLevel.SIMPLE )
191         {
192             throw new ConfigurationException( I18n.err( I18n.ERR_487, Context.SECURITY_PRINCIPAL ) );
193         }
194         else if ( principal == null && props.level == AuthenticationLevel.NONE )
195         {
196             props.bindDn = Dn.EMPTY_DN;
197         }
198         else if ( !( principal instanceof String ) )
199         {
200             throw new ConfigurationException( I18n.err( I18n.ERR_483, principal.getClass(), Context.SECURITY_PRINCIPAL ) );
201         }
202         else if ( ( ( String ) principal ).trim().equals( "" ) )
203         {
204             props.bindDn = Dn.EMPTY_DN;
205         }
206         else
207         {
208             try
209             {
210                 props.providerDn = new Dn( ( String ) principal );
211             }
212             catch ( LdapInvalidDnException lide )
213             {
214                 String msg = I18n.err( I18n.ERR_733, principal );
215                 throw new ConfigurationException( msg );
216             }
217 
218         }
219 
220         if ( env.get( SASL_AUTHID ) != null && props.level == AuthenticationLevel.STRONG )
221         {
222             Object obj = env.get( SASL_AUTHID );
223             if ( obj instanceof String )
224             {
225                 props.saslAuthId = ( String ) obj;
226             }
227             else
228             {
229                 throw new ConfigurationException( I18n.err( I18n.ERR_483, obj.getClass(), SASL_AUTHID ) );
230             }
231             props.saslAuthId = ( String ) principal;
232         }
233 
234         // -------------------------------------------------------------------
235         // Figure out the credentials
236         // -------------------------------------------------------------------
237 
238         if ( props.level == AuthenticationLevel.SIMPLE && credobj == null )
239         {
240             throw new ConfigurationException( I18n.err( I18n.ERR_489 ) );
241         }
242         else if ( credobj != null )
243         {
244             if ( credobj instanceof String )
245             {
246                 props.credentials = Strings.getBytesUtf8( ( String ) credobj );
247             }
248             else if ( credobj instanceof byte[] )
249             {
250                 props.credentials = ( byte[] ) credobj;
251             }
252             else
253             {
254                 throw new ConfigurationException( I18n.err( I18n.ERR_483, credobj.getClass(),
255                     Context.SECURITY_CREDENTIALS ) );
256             }
257         }
258 
259         return props;
260     }
261 
262 
263     public Dn getBindDn()
264     {
265         return bindDn;
266     }
267 
268 
269     public Dn getProviderDn()
270     {
271         return providerDn;
272     }
273 
274 
275     public String getSaslAuthId()
276     {
277         return saslAuthId;
278     }
279 
280 
281     public AuthenticationLevel getAuthenticationLevel()
282     {
283         return level;
284     }
285 
286 
287     public String getSaslMechanism()
288     {
289         return saslMechanism;
290     }
291 
292 
293     public byte[] getCredentials()
294     {
295         return credentials;
296     }
297 }