View Javadoc
1   /*
2    *  Licensed to the Apache Software Foundation (ASF) under one
3    *  or more contributor license agreements.  See the NOTICE file
4    *  distributed with this work for additional information
5    *  regarding copyright ownership.  The ASF licenses this file
6    *  to you under the Apache License, Version 2.0 (the
7    *  "License"); you may not use this file except in compliance
8    *  with the License.  You may obtain a copy of the License at
9    *
10   *    http://www.apache.org/licenses/LICENSE-2.0
11   *
12   *  Unless required by applicable law or agreed to in writing,
13   *  software distributed under the License is distributed on an
14   *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   *  KIND, either express or implied.  See the License for the
16   *  specific language governing permissions and limitations
17   *  under the License.
18   *
19   */
20  package org.apache.directory.server.ldap.handlers.sasl.digestMD5;
21  
22  
23  import java.util.HashMap;
24  import java.util.Map;
25  
26  import javax.security.auth.callback.CallbackHandler;
27  import javax.security.sasl.Sasl;
28  import javax.security.sasl.SaslServer;
29  
30  import org.apache.directory.api.ldap.model.constants.SupportedSaslMechanisms;
31  import org.apache.directory.api.ldap.model.message.BindRequest;
32  import org.apache.directory.server.core.api.CoreSession;
33  import org.apache.directory.server.ldap.LdapServer;
34  import org.apache.directory.server.ldap.LdapSession;
35  import org.apache.directory.server.ldap.handlers.sasl.AbstractMechanismHandler;
36  import org.apache.directory.server.ldap.handlers.sasl.SaslConstants;
37  
38  
39  /**
40   * The DIGEST-MD5 mechanism handler.
41   * 
42   * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
43   */
44  public class DigestMd5MechanismHandler extends AbstractMechanismHandler
45  {
46      /**
47       * Create a list of all the configured realms.
48       * 
49       * @param ldapServer the LdapServer for which we want to get the realms
50       * @return a list of realms, separated by spaces
51       */
52      private String getActiveRealms( LdapServer ldapServer )
53      {
54          StringBuilder realms = new StringBuilder();
55          boolean isFirst = true;
56  
57          for ( String realm : ldapServer.getSaslRealms() )
58          {
59              if ( isFirst )
60              {
61                  isFirst = false;
62              }
63              else
64              {
65                  realms.append( ' ' );
66              }
67  
68              realms.append( realm );
69          }
70  
71          return realms.toString();
72      }
73  
74  
75      public SaslServer handleMechanism( LdapSession ldapSession, BindRequest bindRequest ) throws Exception
76      {
77          SaslServer ss = ( SaslServer ) ldapSession.getSaslProperty( SaslConstants.SASL_SERVER );
78  
79          if ( ss == null )
80          {
81              CoreSession adminSession = ldapSession.getLdapServer().getDirectoryService().getAdminSession();
82  
83              CallbackHandler callbackHandler = new DigestMd5CallbackHandler( ldapSession, adminSession, bindRequest );
84  
85              ss = Sasl.createSaslServer(
86                  SupportedSaslMechanisms.DIGEST_MD5,
87                  SaslConstants.LDAP_PROTOCOL,
88                  ( String ) ldapSession.getSaslProperty( SaslConstants.SASL_HOST ),
89                  ( Map<String, String> ) ldapSession.getSaslProperty( SaslConstants.SASL_PROPS ),
90                  callbackHandler );
91              ldapSession.putSaslProperty( SaslConstants.SASL_SERVER, ss );
92          }
93  
94          return ss;
95      }
96  
97  
98      /**
99       * {@inheritDoc}
100      */
101     public void init( LdapSession ldapSession )
102     {
103         // Store the host in the ldap session
104         String saslHost = ldapSession.getLdapServer().getSaslHost();
105         String userBaseDn = ldapSession.getLdapServer().getSearchBaseDn();
106 
107         ldapSession.putSaslProperty( SaslConstants.SASL_HOST, saslHost );
108         ldapSession.putSaslProperty( SaslConstants.SASL_USER_BASE_DN, userBaseDn );
109 
110         Map<String, String> saslProps = new HashMap<>();
111         saslProps.put( Sasl.QOP, ldapSession.getLdapServer().getSaslQopString() );
112         saslProps.put( "com.sun.security.sasl.digest.realm", getActiveRealms( ldapSession.getLdapServer() ) );
113         ldapSession.putSaslProperty( SaslConstants.SASL_PROPS, saslProps );
114     }
115 
116 
117     /**
118      * Remove the Host, UserBaseDn, props and Mechanism property.
119      * 
120      * @param ldapSession the LdapSession instance
121      */
122     public void cleanup( LdapSession ldapSession )
123     {
124         // Inject the Sasl Filter
125         insertSaslFilter( ldapSession );
126 
127         // and cleanup the useless informations
128         ldapSession.removeSaslProperty( SaslConstants.SASL_HOST );
129         ldapSession.removeSaslProperty( SaslConstants.SASL_USER_BASE_DN );
130         ldapSession.removeSaslProperty( SaslConstants.SASL_MECH );
131         ldapSession.removeSaslProperty( SaslConstants.SASL_PROPS );
132         ldapSession.removeSaslProperty( SaslConstants.SASL_AUTHENT_USER );
133     }
134 }