diff options
author | Endi Sukma Dewata <edewata@redhat.com> | 2012-03-24 02:27:47 -0500 |
---|---|---|
committer | Endi Sukma Dewata <edewata@redhat.com> | 2012-03-26 11:43:54 -0500 |
commit | 621d9e5c413e561293d7484b93882d985b3fe15f (patch) | |
tree | 638f3d75761c121d9a8fb50b52a12a6686c5ac5c /base/common/src/com/netscape/cmscore/ldapconn/LdapBoundConnection.java | |
parent | 40d3643b8d91886bf210aa27f711731c81a11e49 (diff) | |
download | pki-621d9e5c413e561293d7484b93882d985b3fe15f.tar.gz pki-621d9e5c413e561293d7484b93882d985b3fe15f.tar.xz pki-621d9e5c413e561293d7484b93882d985b3fe15f.zip |
Removed unnecessary pki folder.
Previously the source code was located inside a pki folder.
This folder was created during svn migration and is no longer
needed. This folder has now been removed and the contents have
been moved up one level.
Ticket #131
Diffstat (limited to 'base/common/src/com/netscape/cmscore/ldapconn/LdapBoundConnection.java')
-rw-r--r-- | base/common/src/com/netscape/cmscore/ldapconn/LdapBoundConnection.java | 220 |
1 files changed, 220 insertions, 0 deletions
diff --git a/base/common/src/com/netscape/cmscore/ldapconn/LdapBoundConnection.java b/base/common/src/com/netscape/cmscore/ldapconn/LdapBoundConnection.java new file mode 100644 index 000000000..fc97ab48c --- /dev/null +++ b/base/common/src/com/netscape/cmscore/ldapconn/LdapBoundConnection.java @@ -0,0 +1,220 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cmscore.ldapconn; + +import java.util.Properties; + +import netscape.ldap.LDAPConnection; +import netscape.ldap.LDAPException; +import netscape.ldap.LDAPRebind; +import netscape.ldap.LDAPRebindAuth; +import netscape.ldap.LDAPSocketFactory; +import netscape.ldap.LDAPv2; + +import com.netscape.certsrv.apps.CMS; + +/** + * A LDAP connection that is bound to a server host, port, secure type. + * and authentication. + * Makes a LDAP connection and authentication when instantiated. + * Cannot establish another LDAP connection or authentication after + * construction. LDAPConnection connect and authentication methods are + * overridden to prevent this. + */ +public class LdapBoundConnection extends LDAPConnection { + /** + * + */ + private static final long serialVersionUID = -2242077674357271559L; + // LDAPConnection calls authenticate so must set this for first + // authenticate call. + private boolean mAuthenticated = false; + + /** + * Instantiates a connection to a ldap server, secure or non-secure + * connection with Ldap basic bind dn & pw authentication. + */ + public LdapBoundConnection( + LdapConnInfo connInfo, LdapAuthInfo authInfo) + throws LDAPException { + // this LONG line to satisfy super being the first call. (yuk) + super( + authInfo.getAuthType() == LdapAuthInfo.LDAP_AUTHTYPE_SSLCLIENTAUTH ? + new LdapJssSSLSocketFactory(authInfo.getParms()[0]) : + (connInfo.getSecure() ? new LdapJssSSLSocketFactory() : null)); + + // Set option to automatically follow referrals. + // Use the same credentials to follow referrals; this is the easiest + // thing to do without any complicated configuration using + // different hosts. + // If client auth is used don't have dn and pw to follow referrals. + + boolean followReferrals = connInfo.getFollowReferrals(); + + setOption(LDAPv2.REFERRALS, new Boolean(followReferrals)); + if (followReferrals && + authInfo.getAuthType() != LdapAuthInfo.LDAP_AUTHTYPE_SSLCLIENTAUTH) { + LDAPRebind rebindInfo = + new ARebindInfo(authInfo.getParms()[0], + authInfo.getParms()[1]); + + setOption(LDAPv2.REFERRALS_REBIND_PROC, rebindInfo); + } + + if (authInfo.getAuthType() == LdapAuthInfo.LDAP_AUTHTYPE_SSLCLIENTAUTH) { + // will be bound to client auth cert mapped entry. + super.connect(connInfo.getHost(), connInfo.getPort()); + CMS.debug( + "Established LDAP connection with SSL client auth to " + + connInfo.getHost() + ":" + connInfo.getPort()); + } else { // basic auth + String binddn = authInfo.getParms()[0]; + String bindpw = authInfo.getParms()[1]; + + super.connect(connInfo.getVersion(), + connInfo.getHost(), connInfo.getPort(), binddn, bindpw); + CMS.debug( + "Established LDAP connection using basic authentication to" + + " host " + connInfo.getHost() + + " port " + connInfo.getPort() + + " as " + binddn); + } + } + + /** + * Instantiates a connection to a ldap server, secure or non-secure + * connection with Ldap basic bind dn & pw authentication. + */ + public LdapBoundConnection(String host, int port, int version, + LDAPSocketFactory fac, + String bindDN, String bindPW) + throws LDAPException { + super(fac); + if (bindDN != null) { + super.connect(version, host, port, bindDN, bindPW); + CMS.debug( + "Established LDAP connection using basic authentication " + + " as " + bindDN + " to " + host + ":" + port); + } else { + if (fac == null && bindDN == null) { + throw new IllegalArgumentException( + "Ldap bound connection must have authentication info."); + } + // automatically authenticated if it's ssl client auth. + super.connect(version, host, port, null, null); + CMS.debug( + "Established LDAP connection using SSL client authentication " + + "to " + host + ":" + port); + } + } + + /** + * Overrides same method in LDAPConnection to do prevent re-authentication. + */ + public void authenticate(int version, String dn, String pw) + throws LDAPException { + + /** + * if (mAuthenticated) { + * throw new RuntimeException( + * "this LdapBoundConnection already authenticated: auth(v,dn,pw)"); + * } + **/ + super.authenticate(version, dn, pw); + mAuthenticated = true; + } + + /** + * Overrides same method in LDAPConnection to do prevent re-authentication. + */ + public void authenticate(String dn, String pw) + throws LDAPException { + + /** + * if (mAuthenticated) { + * throw new RuntimeException( + * "this LdapBoundConnection already authenticated: auth(dn,pw)"); + * } + **/ + super.authenticate(3, dn, pw); + mAuthenticated = true; + } + + /** + * Overrides same method in LDAPConnection to do prevent re-authentication. + */ + public void authenticate(String dn, String mech, String packageName, + Properties props, Object getter) + throws LDAPException { + + /** + * if (mAuthenticated) { + * throw new RuntimeException( + * "this LdapBoundConnection already authenticated: auth(mech)"); + * } + **/ + super.authenticate(dn, mech, packageName, props, getter); + mAuthenticated = true; + } + + /** + * Overrides same method in LDAPConnection to do prevent re-authentication. + */ + public void authenticate(String dn, String mechs[], String packageName, + Properties props, Object getter) + throws LDAPException { + + /** + * if (mAuthenticated) { + * throw new RuntimeException( + * "this LdapBoundConnection is already authenticated: auth(mechs)"); + * } + **/ + super.authenticate(dn, mechs, packageName, props, getter); + mAuthenticated = true; + } + + /** + * overrides parent's connect to prevent re-connect. + */ + public void connect(String host, int port) throws LDAPException { + throw new RuntimeException( + "this LdapBoundConnection is already connected: conn(host,port)"); + } + + /** + * overrides parent's connect to prevent re-connect. + */ + public void connect(int version, String host, int port, + String dn, String pw) throws LDAPException { + throw new RuntimeException( + "this LdapBoundConnection is already connected: conn(version,h,p)"); + } +} + +class ARebindInfo implements LDAPRebind { + private LDAPRebindAuth mRebindAuthInfo = null; + + public ARebindInfo(String binddn, String pw) { + mRebindAuthInfo = new LDAPRebindAuth(binddn, pw); + } + + public LDAPRebindAuth getRebindAuthentication(String host, int port) { + return mRebindAuthInfo; + } +} |