Search in sources :

Example 6 with ResultCodeEnum

use of org.apache.directory.api.ldap.model.message.ResultCodeEnum in project directory-ldap-api by apache.

the class LdapNetworkConnection method bindSasl.

/**
 * Process the SASL Bind. It's a dialog with the server, we will send a first BindRequest, receive
 * a response and the, if this response is a challenge, continue by sending a new BindRequest with
 * the requested informations.
 *
 * @param saslRequest The SASL request object containing all the needed parameters
 * @return A {@link BindResponse} containing the result
 * @throws LdapException if some error occurred
 */
public BindFuture bindSasl(SaslRequest saslRequest) throws LdapException {
    // First switch to anonymous state
    authenticated.set(false);
    // try to connect, if we aren't already connected.
    connect();
    // If the session has not been establish, or is closed, we get out immediately
    checkSession();
    BindRequest bindRequest = createBindRequest((String) null, null, saslRequest.getSaslMechanism(), saslRequest.getControls());
    // Update the messageId
    int newId = messageId.incrementAndGet();
    bindRequest.setMessageId(newId);
    if (LOG.isDebugEnabled()) {
        LOG.debug(I18n.msg(I18n.MSG_03205_SENDING_REQUEST, bindRequest));
    }
    // Create a future for this Bind operation
    BindFuture bindFuture = new BindFuture(this, newId);
    // Store it in the future Map
    addToFutureMap(newId, bindFuture);
    try {
        BindResponse bindResponse;
        byte[] response;
        ResultCodeEnum result;
        // Creating a map for SASL properties
        Map<String, Object> properties = new HashMap<>();
        // Quality of Protection SASL property
        if (saslRequest.getQualityOfProtection() != null) {
            properties.put(Sasl.QOP, saslRequest.getQualityOfProtection().getValue());
        }
        // Security Strength SASL property
        if (saslRequest.getSecurityStrength() != null) {
            properties.put(Sasl.STRENGTH, saslRequest.getSecurityStrength().getValue());
        }
        // Mutual Authentication SASL property
        if (saslRequest.isMutualAuthentication()) {
            properties.put(Sasl.SERVER_AUTH, "true");
        }
        // Creating a SASL Client
        SaslClient sc = Sasl.createSaslClient(new String[] { bindRequest.getSaslMechanism() }, saslRequest.getAuthorizationId(), "ldap", config.getLdapHost(), properties, new SaslCallbackHandler(saslRequest));
        // for the requested mechanism. We then produce an Exception
        if (sc == null) {
            String message = "Cannot find a SASL factory for the " + bindRequest.getSaslMechanism() + " mechanism";
            LOG.error(message);
            throw new LdapException(message);
        }
        // deal with it immediately.
        if (sc.hasInitialResponse()) {
            byte[] challengeResponse = sc.evaluateChallenge(Strings.EMPTY_BYTES);
            // Stores the challenge's response, and send it to the server
            bindRequest.setCredentials(challengeResponse);
            writeRequest(bindRequest);
            // Get the server's response, blocking
            bindResponse = bindFuture.get(timeout, TimeUnit.MILLISECONDS);
            if (bindResponse == null) {
                // We didn't received anything : this is an error
                if (LOG.isErrorEnabled()) {
                    LOG.error(I18n.err(I18n.ERR_03203_OP_FAILED_TIMEOUT, "Bind"));
                }
                throw new LdapException(TIME_OUT_ERROR);
            }
            result = bindResponse.getLdapResult().getResultCode();
        } else {
            // Copy the bindRequest without setting the credentials
            BindRequest bindRequestCopy = new BindRequestImpl();
            bindRequestCopy.setMessageId(newId);
            bindRequestCopy.setName(bindRequest.getName());
            bindRequestCopy.setSaslMechanism(bindRequest.getSaslMechanism());
            bindRequestCopy.setSimple(bindRequest.isSimple());
            bindRequestCopy.setVersion3(bindRequest.getVersion3());
            bindRequestCopy.addAllControls(bindRequest.getControls().values().toArray(new Control[0]));
            writeRequest(bindRequestCopy);
            bindResponse = bindFuture.get(timeout, TimeUnit.MILLISECONDS);
            if (bindResponse == null) {
                // We didn't received anything : this is an error
                if (LOG.isErrorEnabled()) {
                    LOG.error(I18n.err(I18n.ERR_03203_OP_FAILED_TIMEOUT, "Bind"));
                }
                throw new LdapException(TIME_OUT_ERROR);
            }
            result = bindResponse.getLdapResult().getResultCode();
        }
        while (!sc.isComplete() && ((result == ResultCodeEnum.SASL_BIND_IN_PROGRESS) || (result == ResultCodeEnum.SUCCESS))) {
            response = sc.evaluateChallenge(bindResponse.getServerSaslCreds());
            if (result == ResultCodeEnum.SUCCESS) {
                if (response != null) {
                    throw new LdapException("protocol error");
                }
            } else {
                newId = messageId.incrementAndGet();
                bindRequest.setMessageId(newId);
                bindRequest.setCredentials(response);
                addToFutureMap(newId, bindFuture);
                writeRequest(bindRequest);
                bindResponse = bindFuture.get(timeout, TimeUnit.MILLISECONDS);
                if (bindResponse == null) {
                    // We didn't received anything : this is an error
                    if (LOG.isErrorEnabled()) {
                        LOG.error(I18n.err(I18n.ERR_03203_OP_FAILED_TIMEOUT, "Bind"));
                    }
                    throw new LdapException(TIME_OUT_ERROR);
                }
                result = bindResponse.getLdapResult().getResultCode();
            }
        }
        bindFuture.set(bindResponse);
        return bindFuture;
    } catch (LdapException e) {
        throw e;
    } catch (Exception e) {
        LOG.error(e.getMessage());
        throw new LdapException(e);
    }
}
Also used : ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap) HashMap(java.util.HashMap) BindRequest(org.apache.directory.api.ldap.model.message.BindRequest) BindFuture(org.apache.directory.ldap.client.api.future.BindFuture) BindResponse(org.apache.directory.api.ldap.model.message.BindResponse) UnresolvedAddressException(java.nio.channels.UnresolvedAddressException) ConnectException(java.net.ConnectException) IOException(java.io.IOException) LdapInvalidDnException(org.apache.directory.api.ldap.model.exception.LdapInvalidDnException) InvalidConnectionException(org.apache.directory.ldap.client.api.exception.InvalidConnectionException) LdapOperationException(org.apache.directory.api.ldap.model.exception.LdapOperationException) LdapAuthenticationException(org.apache.directory.api.ldap.model.exception.LdapAuthenticationException) MessageEncoderException(org.apache.directory.api.ldap.codec.api.MessageEncoderException) CursorException(org.apache.directory.api.ldap.model.cursor.CursorException) DecoderException(org.apache.directory.api.asn1.DecoderException) LdapNoPermissionException(org.apache.directory.api.ldap.model.exception.LdapNoPermissionException) LdapOtherException(org.apache.directory.api.ldap.model.exception.LdapOtherException) ProtocolEncoderException(org.apache.mina.filter.codec.ProtocolEncoderException) LdapException(org.apache.directory.api.ldap.model.exception.LdapException) ResultCodeEnum(org.apache.directory.api.ldap.model.message.ResultCodeEnum) SaslClient(javax.security.sasl.SaslClient) Control(org.apache.directory.api.ldap.model.message.Control) OpaqueControl(org.apache.directory.api.ldap.model.message.controls.OpaqueControl) SaslCallbackHandler(org.apache.directory.ldap.client.api.callback.SaslCallbackHandler) LdapException(org.apache.directory.api.ldap.model.exception.LdapException) BindRequestImpl(org.apache.directory.api.ldap.model.message.BindRequestImpl)

Aggregations

ResultCodeEnum (org.apache.directory.api.ldap.model.message.ResultCodeEnum)6 DecoderException (org.apache.directory.api.asn1.DecoderException)3 LdapResult (org.apache.directory.api.ldap.model.message.LdapResult)3 ResultResponse (org.apache.directory.api.ldap.model.message.ResultResponse)3 TLV (org.apache.directory.api.asn1.ber.tlv.TLV)2 LdapException (org.apache.directory.api.ldap.model.exception.LdapException)2 LdapInvalidDnException (org.apache.directory.api.ldap.model.exception.LdapInvalidDnException)2 BindResponse (org.apache.directory.api.ldap.model.message.BindResponse)2 Dn (org.apache.directory.api.ldap.model.name.Dn)2 IOException (java.io.IOException)1 ConnectException (java.net.ConnectException)1 UnresolvedAddressException (java.nio.channels.UnresolvedAddressException)1 HashMap (java.util.HashMap)1 ConcurrentHashMap (java.util.concurrent.ConcurrentHashMap)1 SaslClient (javax.security.sasl.SaslClient)1 BerValue (org.apache.directory.api.asn1.ber.tlv.BerValue)1 IntegerDecoderException (org.apache.directory.api.asn1.ber.tlv.IntegerDecoderException)1 AddResponseDsml (org.apache.directory.api.dsmlv2.response.AddResponseDsml)1 BindResponseDsml (org.apache.directory.api.dsmlv2.response.BindResponseDsml)1 CompareResponseDsml (org.apache.directory.api.dsmlv2.response.CompareResponseDsml)1