Example 1 with InternalUseOnly
use of com.unboundid.util.InternalUseOnly in project ldapsdk by pingidentity.
the class GSSAPIBindRequest method run.
/**
* Perform the privileged portion of the authentication processing.
*
* @return {@code null}, since no return value is actually needed.
*
* @throws LDAPException If a problem occurs during processing.
*/
@InternalUseOnly()
@Override()
@NotNull()
public Object run() throws LDAPException {
unhandledCallbackMessages.clear();
final LDAPConnection connection = conn.get();
final HashMap<String, Object> saslProperties = new HashMap<>(StaticUtils.computeMapCapacity(2));
saslProperties.put(Sasl.QOP, SASLQualityOfProtection.toString(allowedQoP));
saslProperties.put(Sasl.SERVER_AUTH, "true");
switch(channelBindingType) {
case NONE:
// No action is required.
break;
case TLS_SERVER_END_POINT:
saslProperties.put(PROPERTY_CHANNEL_BINDING_DATA, generateTLSServerEndPointChannelBindingData(connection));
break;
default:
// This should never happen.
throw new LDAPException(ResultCode.PARAM_ERROR, ERR_GSSAPI_UNSUPPORTED_CHANNEL_BINDING_TYPE.get(channelBindingType.getName()));
}
final SaslClient saslClient;
try {
String serverName = saslClientServerName;
if (serverName == null) {
serverName = connection.getConnectedAddress();
}
final String[] mechanisms = { GSSAPI_MECHANISM_NAME };
saslClient = Sasl.createSaslClient(mechanisms, authorizationID, servicePrincipalProtocol, serverName, saslProperties, this);
} catch (final Exception e) {
Debug.debugException(e);
throw new LDAPException(ResultCode.LOCAL_ERROR, ERR_GSSAPI_CANNOT_CREATE_SASL_CLIENT.get(StaticUtils.getExceptionMessage(e)), e);
}
final SASLClientBindHandler bindHandler = new SASLClientBindHandler(this, connection, GSSAPI_MECHANISM_NAME, saslClient, getControls(), getResponseTimeoutMillis(connection), unhandledCallbackMessages);
try {
return bindHandler.processSASLBind();
} finally {
messageID = bindHandler.getMessageID();
}
}
Also used :
HashMap(java.util.HashMap)
ASN1OctetString(com.unboundid.asn1.ASN1OctetString)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
SaslClient(javax.security.sasl.SaslClient)
InternalUseOnly(com.unboundid.util.InternalUseOnly)
NotNull(com.unboundid.util.NotNull)
Example 2 with InternalUseOnly
use of com.unboundid.util.InternalUseOnly in project ldapsdk by pingidentity.
the class InternalSDKHelper method getPreferredPromptTrustManagerChain.
/**
* Retrieves an aggregate trust manager that can be used to interactively
* prompt the user about whether to trust a presented certificate chain as a
* last resort, but will try other alternatives first, including the
* JVM-default trust store and, if the tool is run with access to a Ping
* Identity Directory Server instance, then it will also try to use the
* server's default trust store and information in the topology registry.
*
* @param expectedAddresses An optional collection of the addresses that the
* client is expected to use to connect to one of
* the target servers. This may be {@code null} or
* empty if no expected addresses are available, if
* this trust manager is only expected to be used
* to validate client certificates, or if no server
* address validation should be performed. If a
* non-empty collection is provided, then the trust
* manager may issue a warning if the certificate
* does not contain any of these addresses.
*
* @return An aggregate trust manager that can be used to interactively
* prompt the user about whether to trust a presented certificate
* chain as a last resort, but will try other alternatives first.
*/
@InternalUseOnly()
@NotNull()
public static AggregateTrustManager getPreferredPromptTrustManagerChain(@Nullable final Collection<String> expectedAddresses) {
final List<X509TrustManager> trustManagers = new ArrayList<>(4);
trustManagers.add(JVMDefaultTrustManager.getInstance());
final File pingIdentityServerRoot = InternalSDKHelper.getPingIdentityServerRoot();
if (pingIdentityServerRoot != null) {
final File serverTrustStore = StaticUtils.constructPath(pingIdentityServerRoot, "config", "truststore");
if (serverTrustStore.exists()) {
trustManagers.add(new TrustStoreTrustManager(serverTrustStore));
}
final File serverConfigFile = StaticUtils.constructPath(pingIdentityServerRoot, "config", "config.ldif");
if (serverConfigFile.exists()) {
trustManagers.add(new TopologyRegistryTrustManager(serverConfigFile, TimeUnit.MINUTES.toMillis(5L)));
}
}
trustManagers.add(new PromptTrustManager(null, true, expectedAddresses, null, null));
return new AggregateTrustManager(false, trustManagers);
}
Also used :
PromptTrustManager(com.unboundid.util.ssl.PromptTrustManager)
TopologyRegistryTrustManager(com.unboundid.ldap.sdk.unboundidds.TopologyRegistryTrustManager)
X509TrustManager(javax.net.ssl.X509TrustManager)
TrustStoreTrustManager(com.unboundid.util.ssl.TrustStoreTrustManager)
ArrayList(java.util.ArrayList)
File(java.io.File)
AggregateTrustManager(com.unboundid.util.ssl.AggregateTrustManager)
InternalUseOnly(com.unboundid.util.InternalUseOnly)
NotNull(com.unboundid.util.NotNull)
Example 3 with InternalUseOnly
use of com.unboundid.util.InternalUseOnly in project ldapsdk by pingidentity.
the class InternalSDKHelper method getPingIdentityServerRoot.
/**
* Retrieves the path to the instance root directory for the Ping Identity
* Directory Server (or related Ping Identity server product) with which this
* instance of the LDAP SDK is associated.
*
* @return The path to the associated Ping Identity server instance root, or
* {@code null} if the LDAP SDK is not running with knowledge of an
* associated Ping Identity server instance.
*/
@InternalUseOnly()
@Nullable()
public static File getPingIdentityServerRoot() {
final String propertyValue = StaticUtils.getSystemProperty("com.unboundid.directory.server.ServerRoot");
if (propertyValue != null) {
try {
final File f = new File(propertyValue);
if (f.exists() && f.isDirectory()) {
return f;
}
} catch (final Exception e) {
Debug.debugException(e);
}
}
final String environmentVariableValue = StaticUtils.getEnvironmentVariable("INSTANCE_ROOT");
if (environmentVariableValue != null) {
try {
final File f = new File(environmentVariableValue);
if (f.exists() && f.isDirectory()) {
return f;
}
} catch (final Exception e) {
Debug.debugException(e);
}
}
return null;
}
Also used :
File(java.io.File)
InternalUseOnly(com.unboundid.util.InternalUseOnly)
Nullable(com.unboundid.util.Nullable)
Example 4 with InternalUseOnly
use of com.unboundid.util.InternalUseOnly in project ldapsdk by pingidentity.
the class LDAPListener method run.
/**
* Operates in a loop, waiting for client connections to arrive and ensuring
* that they are handled properly. This method is for internal use only and
* must not be called by third-party code.
*/
@InternalUseOnly()
@Override()
public void run() {
thread.set(Thread.currentThread());
final LDAPListenerExceptionHandler exceptionHandler = config.getExceptionHandler();
try {
startLatch.countDown();
while (!stopRequested.get()) {
final Socket s;
try {
s = serverSocket.get().accept();
} catch (final Exception e) {
Debug.debugException(e);
if ((e instanceof SocketException) && serverSocket.get().isClosed()) {
return;
}
if (exceptionHandler != null) {
exceptionHandler.connectionCreationFailure(null, e);
}
continue;
}
final LDAPListenerClientConnection c;
try {
c = new LDAPListenerClientConnection(this, s, config.getRequestHandler(), config.getExceptionHandler());
} catch (final LDAPException le) {
Debug.debugException(le);
if (exceptionHandler != null) {
exceptionHandler.connectionCreationFailure(s, le);
}
continue;
}
final int maxConnections = config.getMaxConnections();
if ((maxConnections > 0) && (establishedConnections.size() >= maxConnections)) {
c.close(new LDAPException(ResultCode.BUSY, ERR_LDAP_LISTENER_MAX_CONNECTIONS_ESTABLISHED.get(maxConnections)));
continue;
}
establishedConnections.put(c.getConnectionID(), c);
c.start();
}
} finally {
final ServerSocket s = serverSocket.getAndSet(null);
if (s != null) {
try {
s.close();
} catch (final Exception e) {
Debug.debugException(e);
}
}
serverSocket.set(null);
thread.set(null);
}
}
Also used :
SocketException(java.net.SocketException)
LDAPException(com.unboundid.ldap.sdk.LDAPException)
ServerSocket(java.net.ServerSocket)
Socket(java.net.Socket)
ServerSocket(java.net.ServerSocket)
IOException(java.io.IOException)
SocketException(java.net.SocketException)
LDAPException(com.unboundid.ldap.sdk.LDAPException)
InternalUseOnly(com.unboundid.util.InternalUseOnly)
Example 5 with InternalUseOnly
use of com.unboundid.util.InternalUseOnly in project ldapsdk by pingidentity.
the class LDAPListenerClientConnection method run.
/**
* Operates in a loop, waiting for a request to arrive from the client and
* handing it off to the request handler for processing. This method is for
* internal use only and must not be invoked by external callers.
*/
@InternalUseOnly()
@Override()
public void run() {
try {
while (true) {
final LDAPMessage requestMessage;
try {
requestMessage = LDAPMessage.readFrom(asn1Reader, false);
if (requestMessage == null) {
// so we won't notify the exception handler.
try {
close();
} catch (final IOException ioe) {
Debug.debugException(ioe);
}
return;
}
} catch (final LDAPException le) {
// This indicates that the client sent a malformed request.
Debug.debugException(le);
close(le);
return;
}
try {
final int messageID = requestMessage.getMessageID();
final List<Control> controls = requestMessage.getControls();
LDAPMessage responseMessage;
switch(requestMessage.getProtocolOpType()) {
case LDAPMessage.PROTOCOL_OP_TYPE_ABANDON_REQUEST:
requestHandler.processAbandonRequest(messageID, requestMessage.getAbandonRequestProtocolOp(), controls);
responseMessage = null;
break;
case LDAPMessage.PROTOCOL_OP_TYPE_ADD_REQUEST:
try {
responseMessage = requestHandler.processAddRequest(messageID, requestMessage.getAddRequestProtocolOp(), controls);
} catch (final Exception e) {
Debug.debugException(e);
responseMessage = new LDAPMessage(messageID, new AddResponseProtocolOp(ResultCode.OTHER_INT_VALUE, null, ERR_CONN_REQUEST_HANDLER_FAILURE.get(StaticUtils.getExceptionMessage(e)), null));
}
break;
case LDAPMessage.PROTOCOL_OP_TYPE_BIND_REQUEST:
try {
responseMessage = requestHandler.processBindRequest(messageID, requestMessage.getBindRequestProtocolOp(), controls);
} catch (final Exception e) {
Debug.debugException(e);
responseMessage = new LDAPMessage(messageID, new BindResponseProtocolOp(ResultCode.OTHER_INT_VALUE, null, ERR_CONN_REQUEST_HANDLER_FAILURE.get(StaticUtils.getExceptionMessage(e)), null, null));
}
break;
case LDAPMessage.PROTOCOL_OP_TYPE_COMPARE_REQUEST:
try {
responseMessage = requestHandler.processCompareRequest(messageID, requestMessage.getCompareRequestProtocolOp(), controls);
} catch (final Exception e) {
Debug.debugException(e);
responseMessage = new LDAPMessage(messageID, new CompareResponseProtocolOp(ResultCode.OTHER_INT_VALUE, null, ERR_CONN_REQUEST_HANDLER_FAILURE.get(StaticUtils.getExceptionMessage(e)), null));
}
break;
case LDAPMessage.PROTOCOL_OP_TYPE_DELETE_REQUEST:
try {
responseMessage = requestHandler.processDeleteRequest(messageID, requestMessage.getDeleteRequestProtocolOp(), controls);
} catch (final Exception e) {
Debug.debugException(e);
responseMessage = new LDAPMessage(messageID, new DeleteResponseProtocolOp(ResultCode.OTHER_INT_VALUE, null, ERR_CONN_REQUEST_HANDLER_FAILURE.get(StaticUtils.getExceptionMessage(e)), null));
}
break;
case LDAPMessage.PROTOCOL_OP_TYPE_EXTENDED_REQUEST:
try {
responseMessage = requestHandler.processExtendedRequest(messageID, requestMessage.getExtendedRequestProtocolOp(), controls);
} catch (final Exception e) {
Debug.debugException(e);
responseMessage = new LDAPMessage(messageID, new ExtendedResponseProtocolOp(ResultCode.OTHER_INT_VALUE, null, ERR_CONN_REQUEST_HANDLER_FAILURE.get(StaticUtils.getExceptionMessage(e)), null, null, null));
}
break;
case LDAPMessage.PROTOCOL_OP_TYPE_MODIFY_REQUEST:
try {
responseMessage = requestHandler.processModifyRequest(messageID, requestMessage.getModifyRequestProtocolOp(), controls);
} catch (final Exception e) {
Debug.debugException(e);
responseMessage = new LDAPMessage(messageID, new ModifyResponseProtocolOp(ResultCode.OTHER_INT_VALUE, null, ERR_CONN_REQUEST_HANDLER_FAILURE.get(StaticUtils.getExceptionMessage(e)), null));
}
break;
case LDAPMessage.PROTOCOL_OP_TYPE_MODIFY_DN_REQUEST:
try {
responseMessage = requestHandler.processModifyDNRequest(messageID, requestMessage.getModifyDNRequestProtocolOp(), controls);
} catch (final Exception e) {
Debug.debugException(e);
responseMessage = new LDAPMessage(messageID, new ModifyDNResponseProtocolOp(ResultCode.OTHER_INT_VALUE, null, ERR_CONN_REQUEST_HANDLER_FAILURE.get(StaticUtils.getExceptionMessage(e)), null));
}
break;
case LDAPMessage.PROTOCOL_OP_TYPE_SEARCH_REQUEST:
try {
responseMessage = requestHandler.processSearchRequest(messageID, requestMessage.getSearchRequestProtocolOp(), controls);
} catch (final Exception e) {
Debug.debugException(e);
responseMessage = new LDAPMessage(messageID, new SearchResultDoneProtocolOp(ResultCode.OTHER_INT_VALUE, null, ERR_CONN_REQUEST_HANDLER_FAILURE.get(StaticUtils.getExceptionMessage(e)), null));
}
break;
case LDAPMessage.PROTOCOL_OP_TYPE_UNBIND_REQUEST:
requestHandler.processUnbindRequest(messageID, requestMessage.getUnbindRequestProtocolOp(), controls);
close();
return;
default:
close(new LDAPException(ResultCode.PROTOCOL_ERROR, ERR_CONN_INVALID_PROTOCOL_OP_TYPE.get(StaticUtils.toHex(requestMessage.getProtocolOpType()))));
return;
}
if (responseMessage != null) {
try {
sendMessage(responseMessage);
} catch (final LDAPException le) {
Debug.debugException(le);
close(le);
return;
}
}
} catch (final Throwable t) {
close(new LDAPException(ResultCode.LOCAL_ERROR, ERR_CONN_EXCEPTION_IN_REQUEST_HANDLER.get(String.valueOf(requestMessage), StaticUtils.getExceptionMessage(t))));
StaticUtils.throwErrorOrRuntimeException(t);
}
}
} finally {
if (listener != null) {
listener.connectionClosed(this);
}
}
}
Also used :
ExtendedResponseProtocolOp(com.unboundid.ldap.protocol.ExtendedResponseProtocolOp)
DeleteResponseProtocolOp(com.unboundid.ldap.protocol.DeleteResponseProtocolOp)
LDAPMessage(com.unboundid.ldap.protocol.LDAPMessage)
AddResponseProtocolOp(com.unboundid.ldap.protocol.AddResponseProtocolOp)
ModifyDNResponseProtocolOp(com.unboundid.ldap.protocol.ModifyDNResponseProtocolOp)
IOException(java.io.IOException)
LDAPRuntimeException(com.unboundid.ldap.sdk.LDAPRuntimeException)
LDAPException(com.unboundid.ldap.sdk.LDAPException)
IOException(java.io.IOException)
Control(com.unboundid.ldap.sdk.Control)
BindResponseProtocolOp(com.unboundid.ldap.protocol.BindResponseProtocolOp)
LDAPException(com.unboundid.ldap.sdk.LDAPException)
SearchResultDoneProtocolOp(com.unboundid.ldap.protocol.SearchResultDoneProtocolOp)
CompareResponseProtocolOp(com.unboundid.ldap.protocol.CompareResponseProtocolOp)
ModifyResponseProtocolOp(com.unboundid.ldap.protocol.ModifyResponseProtocolOp)
InternalUseOnly(com.unboundid.util.InternalUseOnly)
Aggregations
InternalUseOnly (com.unboundid.util.InternalUseOnly)7
LDAPException (com.unboundid.ldap.sdk.LDAPException)3
IOException (java.io.IOException)3
LDAPMessage (com.unboundid.ldap.protocol.LDAPMessage)2
NotNull (com.unboundid.util.NotNull)2
File (java.io.File)2
ASN1OctetString (com.unboundid.asn1.ASN1OctetString)1
AddResponseProtocolOp (com.unboundid.ldap.protocol.AddResponseProtocolOp)1
BindResponseProtocolOp (com.unboundid.ldap.protocol.BindResponseProtocolOp)1
CompareResponseProtocolOp (com.unboundid.ldap.protocol.CompareResponseProtocolOp)1
DeleteResponseProtocolOp (com.unboundid.ldap.protocol.DeleteResponseProtocolOp)1
ExtendedResponseProtocolOp (com.unboundid.ldap.protocol.ExtendedResponseProtocolOp)1
ModifyDNResponseProtocolOp (com.unboundid.ldap.protocol.ModifyDNResponseProtocolOp)1
ModifyResponseProtocolOp (com.unboundid.ldap.protocol.ModifyResponseProtocolOp)1
SearchResultDoneProtocolOp (com.unboundid.ldap.protocol.SearchResultDoneProtocolOp)1
Control (com.unboundid.ldap.sdk.Control)1
LDAPRuntimeException (com.unboundid.ldap.sdk.LDAPRuntimeException)1
CancelExtendedRequest (com.unboundid.ldap.sdk.extensions.CancelExtendedRequest)1
TopologyRegistryTrustManager (com.unboundid.ldap.sdk.unboundidds.TopologyRegistryTrustManager)1
Nullable (com.unboundid.util.Nullable)1
