You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by ka...@apache.org on 2010/09/13 11:38:49 UTC
svn commit: r996470 - in
/directory/shared/trunk/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api:
NoVerificationTrustManager.java SaslRequest.java callback/
callback/SaslCallbackHandler.java
Author: kayyagari
Date: Mon Sep 13 09:38:48 2010
New Revision: 996470
URL: http://svn.apache.org/viewvc?rev=996470&view=rev
Log:
o a holder for the data required for SASL request processing
o a callback handler used in SASL operations
o a blind X509 trust manager
Added:
directory/shared/trunk/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/NoVerificationTrustManager.java
directory/shared/trunk/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/SaslRequest.java
directory/shared/trunk/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/callback/
directory/shared/trunk/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/callback/SaslCallbackHandler.java
Added: directory/shared/trunk/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/NoVerificationTrustManager.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/NoVerificationTrustManager.java?rev=996470&view=auto
==============================================================================
--- directory/shared/trunk/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/NoVerificationTrustManager.java (added)
+++ directory/shared/trunk/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/NoVerificationTrustManager.java Mon Sep 13 09:38:48 2010
@@ -0,0 +1,61 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+
+package org.apache.directory.ldap.client.api;
+
+
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+
+import javax.net.ssl.X509TrustManager;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+
+/**
+ * An implementation of {@link X509TrustManager} which trusts the given certificates without verifying them.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public class NoVerificationTrustManager implements X509TrustManager
+{
+
+ private static final Logger LOG = LoggerFactory.getLogger( NoVerificationTrustManager.class );
+
+
+ public void checkClientTrusted( X509Certificate[] x509Certificates, String s ) throws CertificateException
+ {
+ LOG.debug( "checkClientTrusted {}", x509Certificates[0] );
+ }
+
+
+ public void checkServerTrusted( X509Certificate[] x509Certificates, String s ) throws CertificateException
+ {
+ LOG.debug( "checkServerTrusted {}", x509Certificates[0] );
+ }
+
+
+ public X509Certificate[] getAcceptedIssuers()
+ {
+ return new X509Certificate[0];
+ }
+
+}
Added: directory/shared/trunk/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/SaslRequest.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/SaslRequest.java?rev=996470&view=auto
==============================================================================
--- directory/shared/trunk/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/SaslRequest.java (added)
+++ directory/shared/trunk/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/SaslRequest.java Mon Sep 13 09:38:48 2010
@@ -0,0 +1,103 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+
+package org.apache.directory.ldap.client.api;
+
+
+import java.util.HashMap;
+import java.util.Map;
+
+import org.apache.directory.shared.ldap.message.BindRequest;
+
+
+/**
+ * Holds the data required to complete the SASL operation
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public class SaslRequest
+{
+ /** the bind request */
+ private BindRequest bindReq;
+
+ /** the sasl mechaism's properties */
+ private Map<String, String> saslMechProps = new HashMap<String, String>();
+
+ /** SASL realm name on the server */
+ private String realmName;
+
+ /** the authorization ID of the entity */
+ private String authorizationId;
+
+
+ protected SaslRequest( BindRequest bindReq )
+ {
+ this.bindReq = bindReq;
+ }
+
+
+ public BindRequest getBindReq()
+ {
+ return bindReq;
+ }
+
+
+ public Map<String, String> getSaslMechProps()
+ {
+ return saslMechProps;
+ }
+
+
+ public void setSaslMechProps( Map<String, String> saslMechProps )
+ {
+ this.saslMechProps = saslMechProps;
+ }
+
+
+ public String getRealmName()
+ {
+ return realmName;
+ }
+
+
+ public void setRealmName( String realmName )
+ {
+ this.realmName = realmName;
+ }
+
+
+ public String getAuthorizationId()
+ {
+ return authorizationId;
+ }
+
+
+ public void setAuthorizationId( String authorizationId )
+ {
+ this.authorizationId = authorizationId;
+ }
+
+
+ public void setBindReq( BindRequest bindReq )
+ {
+ this.bindReq = bindReq;
+ }
+
+}
Added: directory/shared/trunk/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/callback/SaslCallbackHandler.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/callback/SaslCallbackHandler.java?rev=996470&view=auto
==============================================================================
--- directory/shared/trunk/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/callback/SaslCallbackHandler.java (added)
+++ directory/shared/trunk/ldap-client-api/src/main/java/org/apache/directory/ldap/client/api/callback/SaslCallbackHandler.java Mon Sep 13 09:38:48 2010
@@ -0,0 +1,95 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+
+package org.apache.directory.ldap.client.api.callback;
+
+
+import java.io.IOException;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.security.sasl.RealmCallback;
+
+import org.apache.directory.ldap.client.api.SaslRequest;
+import org.apache.directory.shared.ldap.util.StringTools;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+
+/**
+ * The CallbackHandler implementation used by the LdapConnection during SASL mechanism based bind operations.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public class SaslCallbackHandler implements CallbackHandler
+{
+
+ private SaslRequest saslReq;
+
+ private static final Logger LOG = LoggerFactory.getLogger( SaslCallbackHandler.class );
+
+ public SaslCallbackHandler( SaslRequest saslReq )
+ {
+ this.saslReq = saslReq;
+ }
+
+
+ public void handle( Callback[] callbacks ) throws IOException, UnsupportedCallbackException
+ {
+ for ( Callback cb : callbacks )
+ {
+ if ( cb instanceof NameCallback )
+ {
+ NameCallback ncb = ( NameCallback ) cb;
+
+ String name = saslReq.getBindReq().getName().getRdn().getUpValue().getString();
+ LOG.debug( "sending name {} in the NameCallback", name );
+
+ ncb.setName( name );
+ }
+
+ else if ( cb instanceof PasswordCallback )
+ {
+ PasswordCallback pcb = ( PasswordCallback ) cb;
+ LOG.debug( "sending credentials in the PasswordCallback" );
+ pcb.setPassword( StringTools.utf8ToString( saslReq.getBindReq().getCredentials() ).toCharArray() );
+ }
+
+ else if( cb instanceof RealmCallback )
+ {
+ RealmCallback rcb = ( RealmCallback ) cb;
+
+ if( saslReq.getRealmName() != null )
+ {
+ LOG.debug( "sending the user specified realm value {} in the RealmCallback", saslReq.getRealmName() );
+ rcb.setText( saslReq.getRealmName() );
+ }
+ else
+ {
+ LOG.debug( "No user specified relam value, sending the default realm value {} in the RealmCallback", rcb.getDefaultText() );
+ rcb.setText( rcb.getDefaultText() );
+ }
+ }
+ }
+ }
+}