• Home
• com.unboundid
• unboundid-ldapsdk
• 4.0.14
• source code
• UnboundIDCertificatePlusPasswordBindRequest.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.unboundid.ldap.sdk.unboundidds.UnboundIDCertificatePlusPasswordBindRequest Maven / Gradle / Ivy

/*
 * Copyright 2012-2019 Ping Identity Corporation
 * All Rights Reserved.
 */
/*
 * Copyright (C) 2015-2019 Ping Identity Corporation
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License (GPLv2 only)
 * or the terms of the GNU Lesser General Public License (LGPLv2.1 only)
 * as published by the Free Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, see .
 */
package com.unboundid.ldap.sdk.unboundidds;



import java.util.ArrayList;
import java.util.List;

import com.unboundid.asn1.ASN1OctetString;
import com.unboundid.ldap.sdk.BindResult;
import com.unboundid.ldap.sdk.Control;
import com.unboundid.ldap.sdk.InternalSDKHelper;
import com.unboundid.ldap.sdk.LDAPConnection;
import com.unboundid.ldap.sdk.LDAPException;
import com.unboundid.ldap.sdk.SASLBindRequest;
import com.unboundid.ldap.sdk.ToCodeArgHelper;
import com.unboundid.ldap.sdk.ToCodeHelper;
import com.unboundid.util.ThreadSafety;
import com.unboundid.util.ThreadSafetyLevel;
import com.unboundid.util.Validator;



/**
 * This class provides support for an UnboundID-proprietary SASL mechanism that
 * provides multifactor authentication using the combination of a client
 * certificate (presented during SSL/TLS negotiation) and a static password.
 * 

 * 

 *   NOTE:  This class, and other classes within the
 *   {@code com.unboundid.ldap.sdk.unboundidds} package structure, are only
 *   supported for use against Ping Identity, UnboundID, and
 *   Nokia/Alcatel-Lucent 8661 server products.  These classes provide support
 *   for proprietary functionality or for external specifications that are not
 *   considered stable or mature enough to be guaranteed to work in an
 *   interoperable way with other types of LDAP servers.
 * 
 * 

 * The name for this SASL mechanism is "UNBOUNDID-CERTIFICATE-PLUS-PASSWORD".
 * The SASL credentials consist simply of the static password for the user
 * identified by the certificate, to make the SASL mechanism as easy as possible
 * to use from other client APIs.
 */
@ThreadSafety(level=ThreadSafetyLevel.NOT_THREADSAFE)
public final class UnboundIDCertificatePlusPasswordBindRequest
       extends SASLBindRequest
{
  /**
   * The name for the UnboundID certificate plus password SASL mechanism.
   */
  public static final String UNBOUNDID_CERT_PLUS_PW_MECHANISM_NAME =
       "UNBOUNDID-CERTIFICATE-PLUS-PASSWORD";



  /**
   * The serial version UID for this serializable class.
   */
  private static final long serialVersionUID = 8863298749835036708L;



  // The password to use to authenticate.
  private final ASN1OctetString password;

  // The message ID from the last LDAP message sent from this request.
  private volatile int messageID = -1;



  /**
   * Creates a new certificate plus password bind request with the provided
   * information.
   *
   * @param  password  The password to use to authenticate as user identified by
   *                   the certificate.  It must not be {@code null} or empty.
   * @param  controls  The set of controls to include in the bind request.  It
   *                   may be {@code null} or empty if no request controls are
   *                   needed.
   */
  public UnboundIDCertificatePlusPasswordBindRequest(final String password,
                                                     final Control... controls)
  {
    this(new ASN1OctetString(CRED_TYPE_SASL, password), controls);
  }



  /**
   * Creates a new certificate plus password bind request with the provided
   * information.
   *
   * @param  password  The password to use to authenticate as user identified by
   *                   the certificate.  It must not be {@code null} or empty.
   * @param  controls  The set of controls to include in the bind request.  It
   *                   may be {@code null} or empty if no request controls are
   *                   needed.
   */
  public UnboundIDCertificatePlusPasswordBindRequest(final byte[] password,
                                                     final Control... controls)
  {
    this(new ASN1OctetString(CRED_TYPE_SASL, password), controls);
  }



  /**
   * Creates a new certificate plus password bind request with the provided
   * information.
   *
   * @param  password  The password to use to authenticate as user identified by
   *                   the certificate.  It must not be {@code null} or empty.
   * @param  controls  The set of controls to include in the bind request.  It
   *                   may be {@code null} or empty if no request controls are
   *                   needed.
   */
  private UnboundIDCertificatePlusPasswordBindRequest(
               final ASN1OctetString password, final Control... controls)
  {
    super(controls);

    Validator.ensureFalse((password.getValueLength() == 0),
         "The bind password must not be empty");

    this.password = password;
  }



  /**
   * Retrieves the password to use to authenticate as the user identified by the
   * certificate.
   *
   * @return  The password to use to authenticate as the user identified by the
   *          certificate.
   */
  public ASN1OctetString getPassword()
  {
    return password;
  }



  /**
   * {@inheritDoc}
   */
  @Override()
  public String getSASLMechanismName()
  {
    return UNBOUNDID_CERT_PLUS_PW_MECHANISM_NAME;
  }



  /**
   * {@inheritDoc}
   */
  @Override()
  protected BindResult process(final LDAPConnection connection, final int depth)
            throws LDAPException
  {
    messageID = InternalSDKHelper.nextMessageID(connection);
    return sendBindRequest(connection, "", password, getControls(),
         getResponseTimeoutMillis(connection));
  }



  /**
   * {@inheritDoc}
   */
  @Override()
  public int getLastMessageID()
  {
    return messageID;
  }



  /**
   * {@inheritDoc}
   */
  @Override()
  public UnboundIDCertificatePlusPasswordBindRequest duplicate()
  {
    return duplicate(getControls());
  }



  /**
   * {@inheritDoc}
   */
  @Override()
  public UnboundIDCertificatePlusPasswordBindRequest duplicate(
              final Control[] controls)
  {
    final UnboundIDCertificatePlusPasswordBindRequest bindRequest =
         new UnboundIDCertificatePlusPasswordBindRequest(password, controls);
    bindRequest.setResponseTimeoutMillis(getResponseTimeoutMillis(null));
    return bindRequest;
  }



  /**
   * {@inheritDoc}
   */
  @Override()
  public UnboundIDCertificatePlusPasswordBindRequest getRebindRequest(
              final String host, final int port)
  {
    return duplicate();
  }



  /**
   * {@inheritDoc}
   */
  @Override()
  public void toString(final StringBuilder buffer)
  {
    buffer.append("UnboundIDCertificatePlusPasswordBindRequest(");

    final Control[] controls = getControls();
    if (controls.length > 0)
    {
      buffer.append("controls={");
      for (int i=0; i < controls.length; i++)
      {
        if (i > 0)
        {
          buffer.append(", ");
        }

        buffer.append(controls[i]);
      }
      buffer.append('}');
    }

    buffer.append(')');
  }



  /**
   * {@inheritDoc}
   */
  @Override()
  public void toCode(final List lineList, final String requestID,
                     final int indentSpaces, final boolean includeProcessing)
  {
    // Create the request variable.
    final ArrayList constructorArgs = new ArrayList<>(2);
    constructorArgs.add(ToCodeArgHelper.createString("---redacted-password---",
         "Bind Password"));

    final Control[] controls = getControls();
    if (controls.length > 0)
    {
      constructorArgs.add(ToCodeArgHelper.createControlArray(controls,
           "Bind Controls"));
    }

    ToCodeHelper.generateMethodCall(lineList, indentSpaces,
         "UnboundIDCertificatePlusPasswordBindRequest", requestID + "Request",
         "new UnboundIDCertificatePlusPasswordBindRequest", constructorArgs);


    // Add lines for processing the request and obtaining the result.
    if (includeProcessing)
    {
      // Generate a string with the appropriate indent.
      final StringBuilder buffer = new StringBuilder();
      for (int i=0; i < indentSpaces; i++)
      {
        buffer.append(' ');
      }
      final String indent = buffer.toString();

      lineList.add("");
      lineList.add(indent + "try");
      lineList.add(indent + '{');
      lineList.add(indent + "  BindResult " + requestID +
           "Result = connection.bind(" + requestID + "Request);");
      lineList.add(indent + "  // The bind was processed successfully.");
      lineList.add(indent + '}');
      lineList.add(indent + "catch (LDAPException e)");
      lineList.add(indent + '{');
      lineList.add(indent + "  // The bind failed.  Maybe the following will " +
           "help explain why.");
      lineList.add(indent + "  // Note that the connection is now likely in " +
           "an unauthenticated state.");
      lineList.add(indent + "  ResultCode resultCode = e.getResultCode();");
      lineList.add(indent + "  String message = e.getMessage();");
      lineList.add(indent + "  String matchedDN = e.getMatchedDN();");
      lineList.add(indent + "  String[] referralURLs = e.getReferralURLs();");
      lineList.add(indent + "  Control[] responseControls = " +
           "e.getResponseControls();");
      lineList.add(indent + '}');
    }
  }
}