Examples with GSSAPIBindRequest com.unboundid.ldap.sdk.GSSAPIBindRequest used on opensource projects

Example 1 with GSSAPIBindRequest

use of com.unboundid.ldap.sdk.GSSAPIBindRequest in project ldapsdk by pingidentity.

the class SASLUtils method createGSSAPIBindRequest.

/**
 * Creates a SASL GSSAPI bind request using the provided password and set of
 * options.
 *
 * @param  password           The password to use for the bind request.
 * @param  promptForPassword  Indicates whether to interactively prompt for
 *                            the password if one is needed but none was
 *                            provided.
 * @param  tool               The command-line tool whose input and output
 *                            streams should be used when prompting for the
 *                            bind password.  It may be {@code null} only if
 *                            {@code promptForPassword} is {@code false}.
 * @param  options            The set of SASL options for the bind request.
 * @param  controls           The set of controls to include in the request.
 *
 * @return  The SASL GSSAPI bind request that was created.
 *
 * @throws  LDAPException  If a problem is encountered while trying to create
 *                         the SASL bind request.
 */
@NotNull()
private static GSSAPIBindRequest createGSSAPIBindRequest(@Nullable final byte[] password, final boolean promptForPassword, @Nullable final CommandLineTool tool, @NotNull final Map<String, String> options, @Nullable final Control[] controls) throws LDAPException {
    // The authID option is required.
    final String authID = options.remove(StaticUtils.toLowerCase(SASL_OPTION_AUTH_ID));
    if (authID == null) {
        throw new LDAPException(ResultCode.PARAM_ERROR, ERR_SASL_MISSING_REQUIRED_OPTION.get(SASL_OPTION_AUTH_ID, GSSAPIBindRequest.GSSAPI_MECHANISM_NAME));
    }
    final GSSAPIBindRequestProperties gssapiProperties = new GSSAPIBindRequestProperties(authID, password);
    // The authzID option is optional.
    gssapiProperties.setAuthorizationID(options.remove(StaticUtils.toLowerCase(SASL_OPTION_AUTHZ_ID)));
    // The configFile option is optional.
    gssapiProperties.setConfigFilePath(options.remove(StaticUtils.toLowerCase(SASL_OPTION_CONFIG_FILE)));
    // The debug option is optional.
    gssapiProperties.setEnableGSSAPIDebugging(getBooleanValue(options, SASL_OPTION_DEBUG, false));
    // The kdcAddress option is optional.
    gssapiProperties.setKDCAddress(options.remove(StaticUtils.toLowerCase(SASL_OPTION_KDC_ADDRESS)));
    // The protocol option is optional.
    final String protocol = options.remove(StaticUtils.toLowerCase(SASL_OPTION_PROTOCOL));
    if (protocol != null) {
        gssapiProperties.setServicePrincipalProtocol(protocol);
    }
    // The realm option is optional.
    gssapiProperties.setRealm(options.remove(StaticUtils.toLowerCase(SASL_OPTION_REALM)));
    // The QoP option is optional, and may contain multiple values that need to
    // be parsed.
    final String qopString = options.remove(StaticUtils.toLowerCase(SASL_OPTION_QOP));
    if (qopString != null) {
        gssapiProperties.setAllowedQoP(SASLQualityOfProtection.decodeQoPList(qopString));
    }
    // The renewTGT option is optional.
    gssapiProperties.setRenewTGT(getBooleanValue(options, SASL_OPTION_RENEW_TGT, false));
    // The requireCache option is optional.
    gssapiProperties.setRequireCachedCredentials(getBooleanValue(options, SASL_OPTION_REQUIRE_CACHE, false));
    // The ticketCache option is optional.
    gssapiProperties.setTicketCachePath(options.remove(StaticUtils.toLowerCase(SASL_OPTION_TICKET_CACHE_PATH)));
    // The useTicketCache option is optional.
    gssapiProperties.setUseTicketCache(getBooleanValue(options, SASL_OPTION_USE_TICKET_CACHE, true));
    // Ensure no unsupported options were provided.
    ensureNoUnsupportedOptions(options, GSSAPIBindRequest.GSSAPI_MECHANISM_NAME);
    // requireTicketCache=true.
    if (password == null) {
        if (!(gssapiProperties.useTicketCache() && gssapiProperties.requireCachedCredentials())) {
            if (promptForPassword) {
                tool.getOriginalOut().print(INFO_LDAP_TOOL_ENTER_BIND_PASSWORD.get());
                gssapiProperties.setPassword(PasswordReader.readPassword());
                tool.getOriginalOut().println();
            } else {
                throw new LDAPException(ResultCode.PARAM_ERROR, ERR_SASL_OPTION_GSSAPI_PASSWORD_REQUIRED.get());
            }
        }
    }
    return new GSSAPIBindRequest(gssapiProperties, controls);
}

Example 2 with GSSAPIBindRequest

use of com.unboundid.ldap.sdk.GSSAPIBindRequest in project ldapsdk by pingidentity.

the class SASLUtilsTestCase method testValidGSSAPIBindMinimal.

/**
 * Tests the ability to create a valid GSSAPI bind request with the minimal
 * set of options.
 *
 * @throws  Exception  If an unexpected problem occurs.
 */
@Test()
public void testValidGSSAPIBindMinimal() throws Exception {
    final BindRequest bindRequest = SASLUtils.createBindRequest(null, "password", null, "mech=GSSAPI", "authID=test.user@EXAMPLE.COM");
    assertNotNull(bindRequest);
    assertTrue(bindRequest instanceof GSSAPIBindRequest);
    final GSSAPIBindRequest gssapiBind = (GSSAPIBindRequest) bindRequest;
    assertNotNull(gssapiBind.getAuthenticationID());
    assertEquals(gssapiBind.getAuthenticationID(), "test.user@EXAMPLE.COM");
    assertNull(gssapiBind.getAuthorizationID());
    assertFalse(gssapiBind.enableGSSAPIDebugging());
    assertNotNull(gssapiBind.getConfigFilePath());
    assertNull(gssapiBind.getKDCAddress());
    assertNull(gssapiBind.getRealm());
    assertNotNull(gssapiBind.getAllowedQoP());
    assertEquals(gssapiBind.getAllowedQoP(), Arrays.asList(SASLQualityOfProtection.AUTH));
    assertNotNull(gssapiBind.getServicePrincipalProtocol());
    assertEquals(gssapiBind.getServicePrincipalProtocol(), "ldap");
    assertTrue(gssapiBind.useTicketCache());
    assertFalse(gssapiBind.requireCachedCredentials());
    assertNull(gssapiBind.getTicketCachePath());
    assertFalse(gssapiBind.renewTGT());
}

Example 3 with GSSAPIBindRequest

use of com.unboundid.ldap.sdk.GSSAPIBindRequest in project ldapsdk by pingidentity.

the class AuthenticationDetailsTestCase method testAuthTypeGSSAPIMinimal.

/**
 * Tests the behavior for the case in which the JSON object has an
 * authentication-details field that has an authentication type of GSSAPI and
 * a minimal set of properties.
 *
 * @throws  Exception  If an unexpected problem occurs.
 */
@Test()
public void testAuthTypeGSSAPIMinimal() throws Exception {
    final InMemoryDirectoryServer ds = getTestDS();
    final JSONObject o = new JSONObject(new JSONField("server-details", new JSONObject(new JSONField("single-server", new JSONObject(new JSONField("address", "localhost"), new JSONField("port", ds.getListenPort()))))), new JSONField("authentication-details", new JSONObject(new JSONField("authentication-type", "GSSAPI"), new JSONField("authentication-id", "john.doe@EXAMPLE.COM"), new JSONField("password", "password"))));
    final LDAPConnectionDetailsJSONSpecification spec = new LDAPConnectionDetailsJSONSpecification(o);
    assertNotNull(spec.getBindRequest());
    assertTrue(spec.getBindRequest() instanceof GSSAPIBindRequest);
    final GSSAPIBindRequest bindRequest = (GSSAPIBindRequest) spec.getBindRequest();
    assertEquals(bindRequest.getAuthenticationID(), "john.doe@EXAMPLE.COM");
    assertNull(bindRequest.getAuthorizationID());
    assertEquals(bindRequest.getPasswordString(), "password");
    assertNotNull(bindRequest.getConfigFilePath());
    assertNull(bindRequest.getKDCAddress());
    assertEquals(bindRequest.getAllowedQoP(), Collections.singletonList(SASLQualityOfProtection.AUTH));
    assertNull(bindRequest.getRealm());
    assertFalse(bindRequest.renewTGT());
    assertFalse(bindRequest.requireCachedCredentials());
    assertNull(bindRequest.getTicketCachePath());
    assertTrue(bindRequest.useSubjectCredentialsOnly());
    assertTrue(bindRequest.useTicketCache());
}

Example 4 with GSSAPIBindRequest

use of com.unboundid.ldap.sdk.GSSAPIBindRequest in project ldapsdk by pingidentity.

the class AuthenticationDetailsTestCase method testAuthTypeGSSAPIComplete.

/**
 * Tests the behavior for the case in which the JSON object has an
 * authentication-details field that has an authentication type of GSSAPI and
 * a complete set of properties set to non-default values.
 *
 * @throws  Exception  If an unexpected problem occurs.
 */
@Test()
public void testAuthTypeGSSAPIComplete() throws Exception {
    final File configFile = createTempFile();
    final File ticketCache = createTempFile();
    final InMemoryDirectoryServer ds = getTestDS();
    final JSONObject o = new JSONObject(new JSONField("server-details", new JSONObject(new JSONField("single-server", new JSONObject(new JSONField("address", "localhost"), new JSONField("port", ds.getListenPort()))))), new JSONField("authentication-details", new JSONObject(new JSONField("authentication-type", "GSSAPI"), new JSONField("authentication-id", "john.doe@EXAMPLE.COM"), new JSONField("authorization-id", "another.user@EXAMPLE.COM"), new JSONField("config-file-path", configFile.getAbsolutePath()), new JSONField("kdc-address", "kdc.example.com"), new JSONField("qop", "auth-conf"), new JSONField("realm", "EXAMPLE.COM"), new JSONField("renew-tgt", true), new JSONField("require-cached-credentials", true), new JSONField("ticket-cache-path", ticketCache.getAbsolutePath()), new JSONField("use-subject-credentials-only", false), new JSONField("use-ticket-cache", false))));
    final LDAPConnectionDetailsJSONSpecification spec = new LDAPConnectionDetailsJSONSpecification(o);
    assertNotNull(spec.getBindRequest());
    assertTrue(spec.getBindRequest() instanceof GSSAPIBindRequest);
    final GSSAPIBindRequest bindRequest = (GSSAPIBindRequest) spec.getBindRequest();
    assertEquals(bindRequest.getAuthenticationID(), "john.doe@EXAMPLE.COM");
    assertEquals(bindRequest.getAuthorizationID(), "another.user@EXAMPLE.COM");
    assertNull(bindRequest.getPasswordString());
    assertEquals(bindRequest.getConfigFilePath(), configFile.getAbsolutePath());
    assertEquals(bindRequest.getKDCAddress(), "kdc.example.com");
    assertEquals(bindRequest.getAllowedQoP(), Collections.singletonList(SASLQualityOfProtection.AUTH_CONF));
    assertEquals(bindRequest.getRealm(), "EXAMPLE.COM");
    assertTrue(bindRequest.renewTGT());
    assertTrue(bindRequest.requireCachedCredentials());
    assertEquals(bindRequest.getTicketCachePath(), ticketCache.getAbsolutePath());
    assertFalse(bindRequest.useSubjectCredentialsOnly());
    assertFalse(bindRequest.useTicketCache());
}

Example 5 with GSSAPIBindRequest

use of com.unboundid.ldap.sdk.GSSAPIBindRequest in project ldapsdk by pingidentity.

the class SASLUtilsTestCase method testValidGSSAPIBindAllOptions.

/**
 * Tests the ability to create a valid GSSAPI bind request with a full set of
 * options.
 *
 * @throws  Exception  If an unexpected problem occurs.
 */
@Test()
public void testValidGSSAPIBindAllOptions() throws Exception {
    final BindRequest bindRequest = SASLUtils.createBindRequest(null, (String) null, null, "mech=GSSAPI", "authID=test.user@EXAMPLE.COM", "authzID=another.user@EXAMPLE.COM", "configFile=/tmp/jaas.conf", "debug=true", "kdcAddress=kdc.example.com", "protocol=foo", "realm=EXAMPLE.COM", "renewTGT=true", "useTicketCache=true", "ticketCache=/tmp/ticket.cache", "requireCache=true", "qop=auth-conf");
    assertNotNull(bindRequest);
    assertTrue(bindRequest instanceof GSSAPIBindRequest);
    final GSSAPIBindRequest gssapiBind = (GSSAPIBindRequest) bindRequest;
    assertNotNull(gssapiBind.getAuthenticationID());
    assertEquals(gssapiBind.getAuthenticationID(), "test.user@EXAMPLE.COM");
    assertNotNull(gssapiBind.getAuthorizationID());
    assertEquals(gssapiBind.getAuthorizationID(), "another.user@EXAMPLE.COM");
    assertTrue(gssapiBind.enableGSSAPIDebugging());
    assertNotNull(gssapiBind.getConfigFilePath());
    assertEquals(gssapiBind.getConfigFilePath(), "/tmp/jaas.conf");
    assertNotNull(gssapiBind.getKDCAddress());
    assertEquals(gssapiBind.getKDCAddress(), "kdc.example.com");
    assertNotNull(gssapiBind.getRealm());
    assertEquals(gssapiBind.getRealm(), "EXAMPLE.COM");
    assertNotNull(gssapiBind.getAllowedQoP());
    assertEquals(gssapiBind.getAllowedQoP(), Arrays.asList(SASLQualityOfProtection.AUTH_CONF));
    assertNotNull(gssapiBind.getServicePrincipalProtocol());
    assertEquals(gssapiBind.getServicePrincipalProtocol(), "foo");
    assertTrue(gssapiBind.useTicketCache());
    assertTrue(gssapiBind.requireCachedCredentials());
    assertNotNull(gssapiBind.getTicketCachePath());
    assertEquals(gssapiBind.getTicketCachePath(), "/tmp/ticket.cache");
    assertTrue(gssapiBind.renewTGT());
}