Search in sources :

Example 1 with EXTERNALBindRequest

use of com.unboundid.ldap.sdk.EXTERNALBindRequest in project ldapsdk by pingidentity.

the class CommandLineToolInteractiveModeProcessor method promptForLDAPArguments.

/**
 * Interactively prompts for the arguments used to connect and optionally
 * authenticate to the directory server.
 *
 * @param  argList  The list to which the string representations of all LDAP
 *                  arguments should be added.
 * @param  test     Indicates whether to attempt to use the arguments to
 *                  establish an LDAP connection.
 *
 * @throws  LDAPException  If a problem is encountered while interacting with
 *                         the user, or if the user wants to quit.
 */
private void promptForLDAPArguments(@NotNull final List<String> argList, final boolean test) throws LDAPException {
    final LDAPCommandLineTool ldapTool = (LDAPCommandLineTool) tool;
    argList.clear();
    // Get the address of the directory server.
    final String defaultHostname;
    final StringArgument hostnameArgument = parser.getStringArgument("hostname");
    if (hostnameArgument.isPresent()) {
        defaultHostname = hostnameArgument.getValue();
    } else {
        defaultHostname = "localhost";
    }
    ArgumentHelper.reset(hostnameArgument);
    final String hostname = promptForString(INFO_INTERACTIVE_LDAP_PROMPT_HOST.get(), defaultHostname, true);
    ArgumentHelper.addValueSuppressException(hostnameArgument, hostname);
    argList.add("--hostname");
    argList.add(hostname);
    // If this tool is running with access to Directory Server data, and if the
    // selected hostname is "localhost" or a loopback address, then try to load
    // information about the server's connection handlers.
    List<LDAPConnectionHandlerConfiguration> serverListenerConfigs = null;
    final File dsInstanceRoot = InternalSDKHelper.getPingIdentityServerRoot();
    if (dsInstanceRoot != null) {
        final File configFile = StaticUtils.constructPath(dsInstanceRoot, "config", "config.ldif");
        if (configFile.exists() && configFile.isFile()) {
            try {
                serverListenerConfigs = LDAPConnectionHandlerConfiguration.readConfiguration(configFile, true);
            } catch (final Exception e) {
                Debug.debugException(e);
            }
        }
    }
    // Determine the type of connection security to use.
    final BooleanArgument useSSLArgument = parser.getBooleanArgument("useSSL");
    final BooleanArgument useStartTLSArgument = parser.getBooleanArgument("useStartTLS");
    final String defaultSecurityChoice;
    if (useSSLArgument.isPresent()) {
        defaultSecurityChoice = "1";
    } else if (useStartTLSArgument.isPresent()) {
        defaultSecurityChoice = "3";
    } else if ((serverListenerConfigs != null) && (!serverListenerConfigs.isEmpty())) {
        final LDAPConnectionHandlerConfiguration cfg = serverListenerConfigs.get(0);
        if (cfg.usesSSL()) {
            defaultSecurityChoice = "1";
        } else if (cfg.supportsStartTLS()) {
            defaultSecurityChoice = "3";
        } else {
            defaultSecurityChoice = "5";
        }
    } else {
        defaultSecurityChoice = "1";
    }
    ArgumentHelper.reset(useSSLArgument);
    ArgumentHelper.reset(useStartTLSArgument);
    final boolean useSSL;
    final boolean useStartTLS;
    final boolean defaultTrust;
    final int securityType = getNumberedMenuChoice(INFO_INTERACTIVE_LDAP_SECURITY_PROMPT.get(), false, defaultSecurityChoice, INFO_INTERACTIVE_LDAP_SECURITY_OPTION_SSL_DEFAULT.get(), INFO_INTERACTIVE_LDAP_SECURITY_OPTION_SSL_MANUAL.get(), INFO_INTERACTIVE_LDAP_SECURITY_OPTION_START_TLS_DEFAULT.get(), INFO_INTERACTIVE_LDAP_SECURITY_OPTION_START_TLS_MANUAL.get(), INFO_INTERACTIVE_LDAP_SECURITY_OPTION_NONE.get());
    switch(securityType) {
        case 0:
            useSSL = true;
            useStartTLS = false;
            defaultTrust = true;
            argList.add("--useSSL");
            ArgumentHelper.incrementOccurrencesSuppressException(useSSLArgument);
            break;
        case 1:
            useSSL = true;
            useStartTLS = false;
            defaultTrust = false;
            argList.add("--useSSL");
            ArgumentHelper.incrementOccurrencesSuppressException(useSSLArgument);
            break;
        case 2:
            useSSL = false;
            useStartTLS = true;
            defaultTrust = true;
            argList.add("--useStartTLS");
            ArgumentHelper.incrementOccurrencesSuppressException(useStartTLSArgument);
            break;
        case 3:
            useSSL = false;
            useStartTLS = true;
            defaultTrust = false;
            argList.add("--useStartTLS");
            ArgumentHelper.incrementOccurrencesSuppressException(useStartTLSArgument);
            break;
        case 4:
        default:
            useSSL = false;
            useStartTLS = false;
            defaultTrust = false;
            break;
    }
    // If we are to use security without default trust configuration, then
    // prompt for the appropriate settings.
    BindRequest bindRequest = null;
    boolean trustAll = false;
    byte[] keyStorePIN = null;
    byte[] trustStorePIN = null;
    File keyStorePath = null;
    File trustStorePath = null;
    String certificateNickname = null;
    String keyStoreFormat = null;
    String trustStoreFormat = null;
    final StringArgument keyStorePasswordArgument = parser.getStringArgument("keyStorePassword");
    final StringArgument trustStorePasswordArgument = parser.getStringArgument("trustStorePassword");
    final StringArgument saslOptionArgument = parser.getStringArgument("saslOption");
    if (!defaultTrust) {
        // If the user wants to connect securely, then get the appropriate set of
        // arguments pertaining to key and trust managers.
        ArgumentHelper.reset(keyStorePasswordArgument);
        ArgumentHelper.reset(trustStorePasswordArgument);
        ArgumentHelper.reset(parser.getNamedArgument("keyStorePasswordFile"));
        ArgumentHelper.reset(parser.getNamedArgument("promptForKeyStorePassword"));
        ArgumentHelper.reset(parser.getNamedArgument("trustStorePasswordFile"));
        ArgumentHelper.reset(parser.getNamedArgument("promptForTrustStorePassword"));
        if (useSSL || useStartTLS) {
            final StringArgument keyStorePathArgument = parser.getStringArgument("keyStorePath");
            final StringArgument keyStoreFormatArgument = parser.getStringArgument("keyStoreFormat");
            // Determine if a client certificate should be presented.
            final String defaultStoreTypeChoice;
            if (keyStoreFormatArgument.isPresent()) {
                final String format = keyStoreFormatArgument.getValue();
                if (format.equalsIgnoreCase(CryptoHelper.KEY_STORE_TYPE_PKCS_12)) {
                    defaultStoreTypeChoice = "3";
                } else {
                    defaultStoreTypeChoice = "2";
                }
            } else if (keyStorePathArgument.isPresent()) {
                defaultStoreTypeChoice = "2";
            } else {
                defaultStoreTypeChoice = "1";
            }
            final String defaultKeyStorePath;
            if (keyStorePathArgument.isPresent()) {
                defaultKeyStorePath = keyStorePathArgument.getValue();
            } else {
                defaultKeyStorePath = null;
            }
            final String defaultCertNickname;
            final StringArgument certNicknameArgument = parser.getStringArgument("certNickname");
            if (certNicknameArgument.isPresent()) {
                defaultCertNickname = certNicknameArgument.getValue();
            } else {
                defaultCertNickname = null;
            }
            ArgumentHelper.reset(keyStorePathArgument);
            ArgumentHelper.reset(keyStoreFormatArgument);
            ArgumentHelper.reset(certNicknameArgument);
            final int keystoreType = getNumberedMenuChoice(INFO_INTERACTIVE_LDAP_CLIENT_CERT_PROMPT.get(), false, defaultStoreTypeChoice, INFO_INTERACTIVE_LDAP_CLIENT_CERT_OPTION_NO.get(), INFO_INTERACTIVE_LDAP_CLIENT_CERT_OPTION_JKS.get(), INFO_INTERACTIVE_LDAP_CLIENT_CERT_OPTION_PKCS12.get());
            ArgumentHelper.reset(keyStoreFormatArgument);
            switch(keystoreType) {
                case 1:
                    keyStoreFormat = CryptoHelper.KEY_STORE_TYPE_JKS;
                    break;
                case 2:
                    keyStoreFormat = CryptoHelper.KEY_STORE_TYPE_PKCS_12;
                    break;
                case 0:
                default:
                    break;
            }
            if (keyStoreFormat != null) {
                ArgumentHelper.addValueSuppressException(keyStoreFormatArgument, keyStoreFormat);
                // Get the path to the keystore file.
                keyStorePath = promptForPath(INFO_INTERACTIVE_LDAP_KEYSTORE_PATH_PROMPT.get(), defaultKeyStorePath, true, true, true, true, false);
                argList.add("--keyStorePath");
                argList.add(keyStorePath.getAbsolutePath());
                ArgumentHelper.addValueSuppressException(keyStorePathArgument, keyStorePath.getAbsolutePath());
                // Get the PIN needed to access the keystore.
                keyStorePIN = promptForPassword(INFO_INTERACTIVE_LDAP_KEYSTORE_PIN_PROMPT.get(), null, false);
                if (keyStorePIN != null) {
                    argList.add("--keyStorePassword");
                    argList.add("***REDACTED***");
                    ArgumentHelper.addValueSuppressException(keyStorePasswordArgument, StaticUtils.toUTF8String(keyStorePIN));
                }
                argList.add("--keyStoreFormat");
                argList.add(keyStoreFormat);
                certificateNickname = promptForString(INFO_INTERACTIVE_LDAP_CERT_NICKNAME_PROMPT.get(), defaultCertNickname, false);
                if (certificateNickname != null) {
                    argList.add("--certNickname");
                    argList.add(certificateNickname);
                    ArgumentHelper.addValueSuppressException(certNicknameArgument, certificateNickname);
                }
                if (ldapTool.supportsAuthentication() && promptForYesNo(INFO_INTERACTIVE_LDAP_CERT_AUTH_PROMPT.get(), false, true)) {
                    bindRequest = new EXTERNALBindRequest();
                    argList.add("--saslOption");
                    argList.add("mech=EXTERNAL");
                    ArgumentHelper.reset(saslOptionArgument);
                    ArgumentHelper.addValueSuppressException(saslOptionArgument, "mech=EXTERNAL");
                }
            }
            // Determine how to trust the server certificate.
            final BooleanArgument trustAllArgument = parser.getBooleanArgument("trustAll");
            final StringArgument trustStorePathArgument = parser.getStringArgument("trustStorePath");
            final StringArgument trustStoreFormatArgument = parser.getStringArgument("trustStoreFormat");
            final String defaultTrustTypeChoice;
            if (trustAllArgument.isPresent()) {
                defaultTrustTypeChoice = "4";
            } else if (trustStoreFormatArgument.isPresent()) {
                final String format = trustStoreFormatArgument.getValue();
                if (format.equalsIgnoreCase(CryptoHelper.KEY_STORE_TYPE_PKCS_12)) {
                    defaultTrustTypeChoice = "3";
                } else {
                    defaultTrustTypeChoice = "2";
                }
            } else if (trustStorePathArgument.isPresent()) {
                defaultTrustTypeChoice = "2";
            } else {
                defaultTrustTypeChoice = "1";
            }
            final String defaultTrustStorePath;
            if (trustStorePathArgument.isPresent()) {
                defaultTrustStorePath = trustStorePathArgument.getValue();
            } else {
                defaultTrustStorePath = null;
            }
            ArgumentHelper.reset(trustAllArgument);
            ArgumentHelper.reset(trustStorePathArgument);
            ArgumentHelper.reset(trustStoreFormatArgument);
            final int trustType = getNumberedMenuChoice(INFO_INTERACTIVE_LDAP_TRUST_PROMPT.get(), false, defaultTrustTypeChoice, INFO_INTERACTIVE_LDAP_TRUST_OPTION_PROMPT.get(), INFO_INTERACTIVE_LDAP_TRUST_OPTION_JKS.get(), INFO_INTERACTIVE_LDAP_TRUST_OPTION_PKCS12.get(), INFO_INTERACTIVE_LDAP_TRUST_OPTION_BLIND.get());
            switch(trustType) {
                case 1:
                    trustStoreFormat = CryptoHelper.KEY_STORE_TYPE_JKS;
                    break;
                case 2:
                    trustStoreFormat = CryptoHelper.KEY_STORE_TYPE_PKCS_12;
                    break;
                case 3:
                    trustAll = true;
                    argList.add("--trustAll");
                    ArgumentHelper.incrementOccurrencesSuppressException(trustAllArgument);
                    break;
                case 0:
                default:
                    // We will interactively prompt the user about whether to trust the
                    // certificate in the test section below.  However, to avoid
                    // prompting the user twice, we will configure the tool behind the
                    // scenes to trust all certificates.
                    ArgumentHelper.incrementOccurrencesSuppressException(trustAllArgument);
                    break;
            }
            if (trustStoreFormat != null) {
                ArgumentHelper.addValueSuppressException(trustStoreFormatArgument, trustStoreFormat);
                // Get the path to the truststore file.
                trustStorePath = promptForPath(INFO_INTERACTIVE_LDAP_TRUSTSTORE_PATH_PROMPT.get(), defaultTrustStorePath, true, true, true, true, false);
                argList.add("--trustStorePath");
                argList.add(trustStorePath.getAbsolutePath());
                ArgumentHelper.addValueSuppressException(trustStorePathArgument, trustStorePath.getAbsolutePath());
                // Get the PIN needed to access the truststore.
                trustStorePIN = promptForPassword(INFO_INTERACTIVE_LDAP_TRUSTSTORE_PIN_PROMPT.get(), null, false);
                if (trustStorePIN != null) {
                    argList.add("--trustStorePassword");
                    argList.add("***REDACTED***");
                    ArgumentHelper.addValueSuppressException(trustStorePasswordArgument, StaticUtils.toUTF8String(trustStorePIN));
                }
                argList.add("--trustStoreFormat");
                argList.add(trustStoreFormat);
            }
        } else {
            ArgumentHelper.reset(parser.getNamedArgument("keyStorePath"));
            ArgumentHelper.reset(parser.getNamedArgument("keyStoreFormat"));
            ArgumentHelper.reset(parser.getNamedArgument("trustStorePath"));
            ArgumentHelper.reset(parser.getNamedArgument("trustStoreFormat"));
            ArgumentHelper.reset(parser.getNamedArgument("certNickname"));
        }
    }
    // Get the port of the directory server.
    int defaultPort;
    final IntegerArgument portArgument = parser.getIntegerArgument("port");
    if (portArgument.getNumOccurrences() > 0) {
        // Note -- We're using getNumOccurrences here because isPresent also
        // returns true if there is a default value, and that could be wrong in
        // this case because the default value doesn't know about SSL.
        defaultPort = portArgument.getValue();
    } else if (useSSL) {
        defaultPort = 636;
        if (serverListenerConfigs != null) {
            for (final LDAPConnectionHandlerConfiguration cfg : serverListenerConfigs) {
                if (cfg.usesSSL()) {
                    defaultPort = cfg.getPort();
                    break;
                }
            }
        }
    } else if (useStartTLS) {
        defaultPort = 389;
        if (serverListenerConfigs != null) {
            for (final LDAPConnectionHandlerConfiguration cfg : serverListenerConfigs) {
                if (cfg.supportsStartTLS()) {
                    defaultPort = cfg.getPort();
                    break;
                }
            }
        }
    } else {
        defaultPort = 389;
        if (serverListenerConfigs != null) {
            for (final LDAPConnectionHandlerConfiguration cfg : serverListenerConfigs) {
                if (!cfg.usesSSL()) {
                    defaultPort = cfg.getPort();
                    break;
                }
            }
        }
    }
    ArgumentHelper.reset(portArgument);
    final int port = promptForInteger(INFO_INTERACTIVE_LDAP_PROMPT_PORT.get(), defaultPort, 1, 65_535, true);
    argList.add("--port");
    argList.add(String.valueOf(port));
    ArgumentHelper.addValueSuppressException(portArgument, String.valueOf(port));
    // Determine how to authenticate to the directory server.
    if (ldapTool.supportsAuthentication()) {
        final DNArgument bindDNArgument = parser.getDNArgument("bindDN");
        final StringArgument bindPasswordArgument = parser.getStringArgument("bindPassword");
        ArgumentHelper.reset(bindPasswordArgument);
        ArgumentHelper.reset(parser.getNamedArgument("bindPasswordFile"));
        ArgumentHelper.reset(parser.getNamedArgument("promptForBindPassword"));
        if (bindRequest == null) {
            final String defaultAuthTypeChoice;
            final String defaultBindDN;
            if (saslOptionArgument.isPresent()) {
                defaultAuthTypeChoice = "2";
                defaultBindDN = null;
            } else {
                defaultAuthTypeChoice = "1";
                if (bindDNArgument.isPresent()) {
                    defaultBindDN = bindDNArgument.getStringValue();
                } else {
                    defaultBindDN = null;
                }
            }
            ArgumentHelper.reset(bindDNArgument);
            boolean useSimpleAuth = false;
            boolean useSASLAuth = false;
            final int authMethod = getNumberedMenuChoice(INFO_INTERACTIVE_LDAP_AUTH_PROMPT.get(), false, defaultAuthTypeChoice, INFO_INTERACTIVE_LDAP_AUTH_OPTION_SIMPLE.get(), INFO_INTERACTIVE_LDAP_AUTH_OPTION_SASL.get(), INFO_INTERACTIVE_LDAP_AUTH_OPTION_NONE.get());
            switch(authMethod) {
                case 0:
                    useSimpleAuth = true;
                    break;
                case 1:
                    useSASLAuth = true;
                    break;
                case 2:
                default:
                    break;
            }
            if (useSimpleAuth) {
                ArgumentHelper.reset(saslOptionArgument);
                final DN bindDN = promptForDN(INFO_INTERACTIVE_LDAP_AUTH_BIND_DN_PROMPT.get(), defaultBindDN, true);
                if (bindDN.isNullDN()) {
                    bindRequest = new SimpleBindRequest();
                    argList.add("--bindDN");
                    argList.add("");
                    argList.add("--bindPassword");
                    argList.add("");
                    ArgumentHelper.addValueSuppressException(bindDNArgument, "");
                    ArgumentHelper.addValueSuppressException(bindPasswordArgument, "");
                } else {
                    final byte[] bindPassword = promptForPassword(INFO_INTERACTIVE_LDAP_AUTH_PW_PROMPT.get(), null, true);
                    bindRequest = new SimpleBindRequest(bindDN, bindPassword);
                    argList.add("--bindDN");
                    argList.add(bindDN.toString());
                    argList.add("--bindPassword");
                    argList.add("***REDACTED***");
                    ArgumentHelper.addValueSuppressException(bindDNArgument, bindDN.toString());
                    ArgumentHelper.addValueSuppressException(bindPasswordArgument, StaticUtils.toUTF8String(bindPassword));
                }
            } else if (useSASLAuth) {
                String defaultMechChoice = null;
                String defaultAuthID = null;
                String defaultAuthzID = null;
                String defaultRealm = null;
                if (saslOptionArgument.isPresent()) {
                    for (final String saslOption : saslOptionArgument.getValues()) {
                        final String lowerOption = StaticUtils.toLowerCase(saslOption);
                        if (lowerOption.equals("mech=cram-md5")) {
                            defaultMechChoice = "1";
                        } else if (lowerOption.equals("mech=digest-md5")) {
                            defaultMechChoice = "2";
                        } else if (lowerOption.equals("mech=plain")) {
                            defaultMechChoice = "3";
                        } else if (lowerOption.startsWith("authid=")) {
                            defaultAuthID = saslOption.substring(7);
                        } else if (lowerOption.startsWith("authzid=")) {
                            defaultAuthzID = saslOption.substring(8);
                        } else if (lowerOption.startsWith("realm=")) {
                            defaultRealm = saslOption.substring(6);
                        }
                    }
                }
                ArgumentHelper.reset(saslOptionArgument);
                final int mech = getNumberedMenuChoice(INFO_INTERACTIVE_LDAP_AUTH_SASL_PROMPT.get(), false, defaultMechChoice, INFO_INTERACTIVE_LDAP_SASL_OPTION_CRAM_MD5.get(), INFO_INTERACTIVE_LDAP_SASL_OPTION_DIGEST_MD5.get(), INFO_INTERACTIVE_LDAP_SASL_OPTION_PLAIN.get());
                switch(mech) {
                    case 0:
                        String authID = promptForString(INFO_INTERACTIVE_LDAP_AUTH_AUTHID_PROMPT.get(), defaultAuthID, true);
                        byte[] pw = promptForPassword(INFO_INTERACTIVE_LDAP_AUTH_PW_PROMPT.get(), null, true);
                        bindRequest = new CRAMMD5BindRequest(authID, pw);
                        argList.add("--saslOption");
                        argList.add("mech=CRAM-MD5");
                        argList.add("--saslOption");
                        argList.add("authID=" + authID);
                        argList.add("--bindPassword");
                        argList.add("***REDACTED***");
                        ArgumentHelper.addValueSuppressException(saslOptionArgument, "mech=CRAM-MD5");
                        ArgumentHelper.addValueSuppressException(saslOptionArgument, "authID=" + authID);
                        ArgumentHelper.addValueSuppressException(bindPasswordArgument, StaticUtils.toUTF8String(pw));
                        break;
                    case 1:
                        authID = promptForString(INFO_INTERACTIVE_LDAP_AUTH_AUTHID_PROMPT.get(), defaultAuthID, true);
                        String authzID = promptForString(INFO_INTERACTIVE_LDAP_AUTH_AUTHZID_PROMPT.get(), defaultAuthzID, false);
                        final String realm = promptForString(INFO_INTERACTIVE_LDAP_AUTH_REALM_PROMPT.get(), defaultRealm, false);
                        pw = promptForPassword(INFO_INTERACTIVE_LDAP_AUTH_PW_PROMPT.get(), null, true);
                        bindRequest = new DIGESTMD5BindRequest(authID, authzID, pw, realm);
                        argList.add("--saslOption");
                        argList.add("mech=DIGEST-MD5");
                        argList.add("--saslOption");
                        argList.add("authID=" + authID);
                        ArgumentHelper.addValueSuppressException(saslOptionArgument, "mech=DIGEST-MD5");
                        ArgumentHelper.addValueSuppressException(saslOptionArgument, "authID=" + authID);
                        if (authzID != null) {
                            argList.add("--saslOption");
                            argList.add("authzID=" + authzID);
                            ArgumentHelper.addValueSuppressException(saslOptionArgument, "authzID=" + authzID);
                        }
                        if (realm != null) {
                            argList.add("--saslOption");
                            argList.add("realm=" + realm);
                            ArgumentHelper.addValueSuppressException(saslOptionArgument, "realm=" + realm);
                        }
                        argList.add("--bindPassword");
                        argList.add("***REDACTED***");
                        ArgumentHelper.addValueSuppressException(bindPasswordArgument, StaticUtils.toUTF8String(pw));
                        break;
                    case 2:
                        authID = promptForString(INFO_INTERACTIVE_LDAP_AUTH_AUTHID_PROMPT.get(), defaultAuthID, true);
                        authzID = promptForString(INFO_INTERACTIVE_LDAP_AUTH_AUTHZID_PROMPT.get(), defaultAuthzID, false);
                        pw = promptForPassword(INFO_INTERACTIVE_LDAP_AUTH_PW_PROMPT.get(), null, true);
                        bindRequest = new PLAINBindRequest(authID, authzID, pw);
                        argList.add("--saslOption");
                        argList.add("mech=PLAIN");
                        argList.add("--saslOption");
                        argList.add("authID=" + authID);
                        ArgumentHelper.addValueSuppressException(saslOptionArgument, "mech=PLAIN");
                        ArgumentHelper.addValueSuppressException(saslOptionArgument, "authID=" + authID);
                        if (authzID != null) {
                            argList.add("--saslOption");
                            argList.add("authzID=" + authzID);
                            ArgumentHelper.addValueSuppressException(saslOptionArgument, "authzID=" + authzID);
                        }
                        argList.add("--bindPassword");
                        argList.add("***REDACTED***");
                        ArgumentHelper.addValueSuppressException(bindPasswordArgument, StaticUtils.toUTF8String(pw));
                        break;
                }
            }
        } else {
            ArgumentHelper.reset(bindDNArgument);
        }
    }
    if (test) {
        // Perform the necessary initialization for SSL/TLS communication.
        final SSLUtil sslUtil;
        if (useSSL || useStartTLS) {
            final KeyManager keyManager;
            if (keyStorePath == null) {
                keyManager = null;
            } else {
                final char[] pinChars;
                if (keyStorePIN == null) {
                    pinChars = null;
                } else {
                    final String pinString = StaticUtils.toUTF8String(keyStorePIN);
                    pinChars = pinString.toCharArray();
                }
                try {
                    keyManager = new KeyStoreKeyManager(keyStorePath, pinChars, keyStoreFormat, certificateNickname, true);
                } catch (final Exception e) {
                    Debug.debugException(e);
                    tool.wrapErr(0, wrapColumn, ERR_INTERACTIVE_LDAP_CANNOT_CREATE_KEY_MANAGER.get(StaticUtils.getExceptionMessage(e)));
                    if (promptForYesNo(INFO_INTERACTIVE_LDAP_RETRY_PROMPT.get(), true, true)) {
                        promptForLDAPArguments(argList, test);
                        return;
                    } else {
                        throw new LDAPException(ResultCode.LOCAL_ERROR, "", e);
                    }
                }
            }
            final TrustManager trustManager;
            if (trustAll) {
                trustManager = new TrustAllTrustManager();
            } else if (trustStorePath == null) {
                trustManager = InternalSDKHelper.getPreferredPromptTrustManagerChain(null);
            } else {
                final char[] pinChars;
                if (trustStorePIN == null) {
                    pinChars = null;
                } else {
                    final String pinString = StaticUtils.toUTF8String(trustStorePIN);
                    pinChars = pinString.toCharArray();
                }
                try {
                    trustManager = new TrustStoreTrustManager(trustStorePath, pinChars, trustStoreFormat, true);
                } catch (final Exception e) {
                    Debug.debugException(e);
                    tool.wrapErr(0, wrapColumn, ERR_INTERACTIVE_LDAP_CANNOT_CREATE_TRUST_MANAGER.get(StaticUtils.getExceptionMessage(e)));
                    if (promptForYesNo(INFO_INTERACTIVE_LDAP_RETRY_PROMPT.get(), true, true)) {
                        promptForLDAPArguments(argList, test);
                        return;
                    } else {
                        throw new LDAPException(ResultCode.LOCAL_ERROR, "", e);
                    }
                }
            }
            sslUtil = new SSLUtil(keyManager, trustManager);
        } else {
            sslUtil = null;
        }
        // Create and establish the connection.
        final LDAPConnection conn;
        if (useSSL) {
            try {
                conn = new LDAPConnection(sslUtil.createSSLSocketFactory());
            } catch (final Exception e) {
                Debug.debugException(e);
                tool.wrapErr(0, wrapColumn, ERR_INTERACTIVE_LDAP_CANNOT_CREATE_SOCKET_FACTORY.get(StaticUtils.getExceptionMessage(e)), e);
                if (promptForYesNo(INFO_INTERACTIVE_LDAP_RETRY_PROMPT.get(), true, true)) {
                    promptForLDAPArguments(argList, test);
                    return;
                } else {
                    throw new LDAPException(ResultCode.LOCAL_ERROR, "", e);
                }
            }
        } else {
            conn = new LDAPConnection();
        }
        try {
            try {
                conn.connect(hostname, port);
            } catch (final LDAPException le) {
                Debug.debugException(le);
                tool.wrapErr(0, wrapColumn, ERR_INTERACTIVE_LDAP_CANNOT_CONNECT.get(hostname, port, le.getResultString()));
                if (promptForYesNo(INFO_INTERACTIVE_LDAP_RETRY_PROMPT.get(), true, true)) {
                    promptForLDAPArguments(argList, test);
                    return;
                } else {
                    throw new LDAPException(le.getResultCode(), "", le);
                }
            }
            // If we should use StartTLS to secure the connection, then do so now.
            if (useStartTLS) {
                try {
                    final ExtendedResult startTLSResult = conn.processExtendedOperation(new StartTLSExtendedRequest(sslUtil.createSSLContext()));
                    if (startTLSResult.getResultCode() != ResultCode.SUCCESS) {
                        throw new LDAPException(startTLSResult);
                    }
                } catch (final Exception e) {
                    Debug.debugException(e);
                    final String msg;
                    if (e instanceof LDAPException) {
                        msg = ((LDAPException) e).getResultString();
                    } else {
                        msg = StaticUtils.getExceptionMessage(e);
                    }
                    tool.wrapErr(0, wrapColumn, ERR_INTERACTIVE_LDAP_CANNOT_PERFORM_STARTTLS.get(msg));
                    if (promptForYesNo(INFO_INTERACTIVE_LDAP_RETRY_PROMPT.get(), true, true)) {
                        promptForLDAPArguments(argList, test);
                        return;
                    } else {
                        throw new LDAPException(ResultCode.LOCAL_ERROR, "", e);
                    }
                }
            }
            // Authenticate the connection if appropriate.
            if (bindRequest != null) {
                try {
                    conn.bind(bindRequest);
                } catch (final LDAPException le) {
                    Debug.debugException(le);
                    tool.wrapErr(0, wrapColumn, ERR_INTERACTIVE_LDAP_CANNOT_AUTHENTICATE.get(le.getResultString()));
                    if (promptForYesNo(INFO_INTERACTIVE_LDAP_RETRY_PROMPT.get(), true, true)) {
                        promptForLDAPArguments(argList, test);
                        return;
                    } else {
                        throw new LDAPException(le.getResultCode(), "", le);
                    }
                }
            }
        } finally {
            conn.close();
        }
    }
}
Also used : TrustStoreTrustManager(com.unboundid.util.ssl.TrustStoreTrustManager) BindRequest(com.unboundid.ldap.sdk.BindRequest) EXTERNALBindRequest(com.unboundid.ldap.sdk.EXTERNALBindRequest) DIGESTMD5BindRequest(com.unboundid.ldap.sdk.DIGESTMD5BindRequest) SimpleBindRequest(com.unboundid.ldap.sdk.SimpleBindRequest) PLAINBindRequest(com.unboundid.ldap.sdk.PLAINBindRequest) CRAMMD5BindRequest(com.unboundid.ldap.sdk.CRAMMD5BindRequest) PLAINBindRequest(com.unboundid.ldap.sdk.PLAINBindRequest) DN(com.unboundid.ldap.sdk.DN) TrustAllTrustManager(com.unboundid.util.ssl.TrustAllTrustManager) SSLUtil(com.unboundid.util.ssl.SSLUtil) DNArgument(com.unboundid.util.args.DNArgument) SimpleBindRequest(com.unboundid.ldap.sdk.SimpleBindRequest) IntegerArgument(com.unboundid.util.args.IntegerArgument) DIGESTMD5BindRequest(com.unboundid.ldap.sdk.DIGESTMD5BindRequest) KeyStoreKeyManager(com.unboundid.util.ssl.KeyStoreKeyManager) KeyManager(javax.net.ssl.KeyManager) KeyStoreKeyManager(com.unboundid.util.ssl.KeyStoreKeyManager) LDAPConnectionHandlerConfiguration(com.unboundid.ldap.sdk.unboundidds.LDAPConnectionHandlerConfiguration) BooleanArgument(com.unboundid.util.args.BooleanArgument) CRAMMD5BindRequest(com.unboundid.ldap.sdk.CRAMMD5BindRequest) LDAPConnection(com.unboundid.ldap.sdk.LDAPConnection) ArgumentException(com.unboundid.util.args.ArgumentException) LDAPException(com.unboundid.ldap.sdk.LDAPException) StringArgument(com.unboundid.util.args.StringArgument) TrustManager(javax.net.ssl.TrustManager) TrustAllTrustManager(com.unboundid.util.ssl.TrustAllTrustManager) TrustStoreTrustManager(com.unboundid.util.ssl.TrustStoreTrustManager) EXTERNALBindRequest(com.unboundid.ldap.sdk.EXTERNALBindRequest) LDAPException(com.unboundid.ldap.sdk.LDAPException) ExtendedResult(com.unboundid.ldap.sdk.ExtendedResult) File(java.io.File) StartTLSExtendedRequest(com.unboundid.ldap.sdk.extensions.StartTLSExtendedRequest)

Example 2 with EXTERNALBindRequest

use of com.unboundid.ldap.sdk.EXTERNALBindRequest in project ldapsdk by pingidentity.

the class JSONAccessLogRequestHandlerTestCase method testEXTERNALBindFailure.

/**
 * Provides test coverage for a failed SASL EXTERNAL bind operation.
 *
 * @throws  Exception  If an unexpected problem occurs.
 */
@Test()
public void testEXTERNALBindFailure() throws Exception {
    logHandler.clear();
    final LDAPConnection conn = new LDAPConnection("127.0.0.1", failurePort);
    // The connect message.
    waitForCount(1);
    List<JSONObject> logMessages = getLogMessageObjects();
    assertEquals(logMessages.size(), 1);
    assertEquals(logMessages.get(0).getFieldAsString("message-type"), "connect");
    try {
        conn.bind(new EXTERNALBindRequest());
    } catch (final Exception e) {
    // This was expected.
    }
    // The request and response
    waitForCount(2);
    logMessages = getLogMessageObjects();
    assertEquals(logMessages.size(), 2);
    assertEquals(logMessages.get(0).getFieldAsString("message-type"), "request");
    assertEquals(logMessages.get(0).getFieldAsString("operation-type"), "bind");
    assertEquals(logMessages.get(0).getFieldAsString("dn"), "");
    assertEquals(logMessages.get(0).getFieldAsString("authentication-type"), "sasl");
    assertEquals(logMessages.get(0).getFieldAsString("sasl-mechanism"), "EXTERNAL");
    assertEquals(logMessages.get(1).getFieldAsString("message-type"), "response");
    assertEquals(logMessages.get(1).getFieldAsString("operation-type"), "bind");
    assertEquals(logMessages.get(1).getFieldAsInteger("result-code-value").intValue(), 32);
    assertTrue(logMessages.get(1).hasField("diagnostic-message"));
    assertTrue(logMessages.get(1).hasField("matched-dn"));
    assertTrue(logMessages.get(1).hasField("referral-urls"));
    conn.close();
    // The unbind and disconnect messages.
    waitForCount(2);
    logMessages = getLogMessageObjects();
    assertEquals(logMessages.size(), 2);
    assertEquals(logMessages.get(0).getFieldAsString("message-type"), "request");
    assertEquals(logMessages.get(0).getFieldAsString("operation-type"), "unbind");
    assertEquals(logMessages.get(1).getFieldAsString("message-type"), "disconnect");
}
Also used : EXTERNALBindRequest(com.unboundid.ldap.sdk.EXTERNALBindRequest) JSONObject(com.unboundid.util.json.JSONObject) LDAPConnection(com.unboundid.ldap.sdk.LDAPConnection) LDAPException(com.unboundid.ldap.sdk.LDAPException) Test(org.testng.annotations.Test)

Example 3 with EXTERNALBindRequest

use of com.unboundid.ldap.sdk.EXTERNALBindRequest in project ldapsdk by pingidentity.

the class AuthenticationDetailsTestCase method testAuthTypeEXTERNALNonEmptyAuthorizationID.

/**
 * Tests the behavior for the case in which the JSON object has an
 * authentication-details field that has an authentication type of EXTERNAL
 * and has a non-empty authorization-id field.
 *
 * @throws  Exception  If an unexpected problem occurs.
 */
@Test()
public void testAuthTypeEXTERNALNonEmptyAuthorizationID() throws Exception {
    final InMemoryDirectoryServer ds = getTestDS();
    final JSONObject o = new JSONObject(new JSONField("server-details", new JSONObject(new JSONField("single-server", new JSONObject(new JSONField("address", "localhost"), new JSONField("port", ds.getListenPort()))))), new JSONField("authentication-details", new JSONObject(new JSONField("authentication-type", "EXTERNAL"), new JSONField("authorization-id", "u:authzid"))));
    final LDAPConnectionDetailsJSONSpecification spec = new LDAPConnectionDetailsJSONSpecification(o);
    assertNotNull(spec.getBindRequest());
    assertTrue(spec.getBindRequest() instanceof EXTERNALBindRequest);
    final EXTERNALBindRequest bindRequest = (EXTERNALBindRequest) spec.getBindRequest();
    assertEquals(bindRequest.getAuthorizationID(), "u:authzid");
}
Also used : EXTERNALBindRequest(com.unboundid.ldap.sdk.EXTERNALBindRequest) InMemoryDirectoryServer(com.unboundid.ldap.listener.InMemoryDirectoryServer) Test(org.testng.annotations.Test)

Example 4 with EXTERNALBindRequest

use of com.unboundid.ldap.sdk.EXTERNALBindRequest in project ldapsdk by pingidentity.

the class AuthenticationDetailsTestCase method testAuthTypeEXTERNALNoAuthorizationID.

/**
 * Tests the behavior for the case in which the JSON object has an
 * authentication-details field that has an authentication type of EXTERNAL
 * and does not have an authorization-id field.
 *
 * @throws  Exception  If an unexpected problem occurs.
 */
@Test()
public void testAuthTypeEXTERNALNoAuthorizationID() throws Exception {
    final InMemoryDirectoryServer ds = getTestDS();
    final JSONObject o = new JSONObject(new JSONField("server-details", new JSONObject(new JSONField("single-server", new JSONObject(new JSONField("address", "localhost"), new JSONField("port", ds.getListenPort()))))), new JSONField("authentication-details", new JSONObject(new JSONField("authentication-type", "EXTERNAL"))));
    final LDAPConnectionDetailsJSONSpecification spec = new LDAPConnectionDetailsJSONSpecification(o);
    assertNotNull(spec.getBindRequest());
    assertTrue(spec.getBindRequest() instanceof EXTERNALBindRequest);
    final EXTERNALBindRequest bindRequest = (EXTERNALBindRequest) spec.getBindRequest();
    assertNull(bindRequest.getAuthorizationID());
}
Also used : EXTERNALBindRequest(com.unboundid.ldap.sdk.EXTERNALBindRequest) InMemoryDirectoryServer(com.unboundid.ldap.listener.InMemoryDirectoryServer) Test(org.testng.annotations.Test)

Example 5 with EXTERNALBindRequest

use of com.unboundid.ldap.sdk.EXTERNALBindRequest in project ldapsdk by pingidentity.

the class SASLUtilsTestCase method testValidEXTERNALBind.

/**
 * Tests the ability to create a valid EXTERNAL bind request.
 *
 * @throws  Exception  If an unexpected problem occurs.
 */
@Test()
public void testValidEXTERNALBind() throws Exception {
    final BindRequest bindRequest = SASLUtils.createBindRequest(null, (String) null, null, "mech=EXTERNAL");
    assertNotNull(bindRequest);
    assertTrue(bindRequest instanceof EXTERNALBindRequest);
}
Also used : EXTERNALBindRequest(com.unboundid.ldap.sdk.EXTERNALBindRequest) ANONYMOUSBindRequest(com.unboundid.ldap.sdk.ANONYMOUSBindRequest) GSSAPIBindRequest(com.unboundid.ldap.sdk.GSSAPIBindRequest) UnboundIDCertificatePlusPasswordBindRequest(com.unboundid.ldap.sdk.unboundidds.UnboundIDCertificatePlusPasswordBindRequest) BindRequest(com.unboundid.ldap.sdk.BindRequest) SCRAMSHA512BindRequest(com.unboundid.ldap.sdk.SCRAMSHA512BindRequest) SingleUseTOTPBindRequest(com.unboundid.ldap.sdk.unboundidds.SingleUseTOTPBindRequest) PLAINBindRequest(com.unboundid.ldap.sdk.PLAINBindRequest) UnboundIDYubiKeyOTPBindRequest(com.unboundid.ldap.sdk.unboundidds.UnboundIDYubiKeyOTPBindRequest) EXTERNALBindRequest(com.unboundid.ldap.sdk.EXTERNALBindRequest) DIGESTMD5BindRequest(com.unboundid.ldap.sdk.DIGESTMD5BindRequest) UnboundIDDeliveredOTPBindRequest(com.unboundid.ldap.sdk.unboundidds.UnboundIDDeliveredOTPBindRequest) OAUTHBEARERBindRequest(com.unboundid.ldap.sdk.OAUTHBEARERBindRequest) UnboundIDTOTPBindRequest(com.unboundid.ldap.sdk.unboundidds.UnboundIDTOTPBindRequest) SCRAMSHA1BindRequest(com.unboundid.ldap.sdk.SCRAMSHA1BindRequest) SCRAMSHA256BindRequest(com.unboundid.ldap.sdk.SCRAMSHA256BindRequest) CRAMMD5BindRequest(com.unboundid.ldap.sdk.CRAMMD5BindRequest) Test(org.testng.annotations.Test)

Aggregations

EXTERNALBindRequest (com.unboundid.ldap.sdk.EXTERNALBindRequest)8 Test (org.testng.annotations.Test)6 LDAPException (com.unboundid.ldap.sdk.LDAPException)4 InMemoryDirectoryServer (com.unboundid.ldap.listener.InMemoryDirectoryServer)3 LDAPConnection (com.unboundid.ldap.sdk.LDAPConnection)3 BindRequest (com.unboundid.ldap.sdk.BindRequest)2 CRAMMD5BindRequest (com.unboundid.ldap.sdk.CRAMMD5BindRequest)2 DIGESTMD5BindRequest (com.unboundid.ldap.sdk.DIGESTMD5BindRequest)2 PLAINBindRequest (com.unboundid.ldap.sdk.PLAINBindRequest)2 SimpleBindRequest (com.unboundid.ldap.sdk.SimpleBindRequest)2 ArgumentException (com.unboundid.util.args.ArgumentException)2 ANONYMOUSBindRequest (com.unboundid.ldap.sdk.ANONYMOUSBindRequest)1 Control (com.unboundid.ldap.sdk.Control)1 DN (com.unboundid.ldap.sdk.DN)1 ExtendedResult (com.unboundid.ldap.sdk.ExtendedResult)1 GSSAPIBindRequest (com.unboundid.ldap.sdk.GSSAPIBindRequest)1 OAUTHBEARERBindRequest (com.unboundid.ldap.sdk.OAUTHBEARERBindRequest)1 SCRAMSHA1BindRequest (com.unboundid.ldap.sdk.SCRAMSHA1BindRequest)1 SCRAMSHA256BindRequest (com.unboundid.ldap.sdk.SCRAMSHA256BindRequest)1 SCRAMSHA512BindRequest (com.unboundid.ldap.sdk.SCRAMSHA512BindRequest)1