Source code

001/*
002 *  Licensed to the Apache Software Foundation (ASF) under one
003 *  or more contributor license agreements.  See the NOTICE file
004 *  distributed with this work for additional information
005 *  regarding copyright ownership.  The ASF licenses this file
006 *  to you under the Apache License, Version 2.0 (the
007 *  "License"); you may not use this file except in compliance
008 *  with the License.  You may obtain a copy of the License at
009 *
010 *    http://www.apache.org/licenses/LICENSE-2.0
011 *
012 *  Unless required by applicable law or agreed to in writing,
013 *  software distributed under the License is distributed on an
014 *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015 *  KIND, either express or implied.  See the License for the
016 *  specific language governing permissions and limitations
017 *  under the License.
018 *
019 */
020package org.apache.directory.server.ldap.handlers.sasl.external.certificate;
021
022import org.apache.directory.api.ldap.model.message.BindRequest;
023import org.apache.directory.server.core.api.CoreSession;
024import org.apache.directory.server.ldap.LdapSession;
025import org.apache.directory.server.ldap.handlers.sasl.AbstractMechanismHandler;
026import org.apache.directory.server.ldap.handlers.sasl.SaslConstants;
027
028import javax.security.sasl.SaslServer;
029
030/**
031 * The External Sasl mechanism handler which to authenticate user by client certificate (ssl).
032 *
033 * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
034 */
035public class CertificateMechanismHandler extends AbstractMechanismHandler
036{
037    public SaslServer handleMechanism( LdapSession ldapSession, BindRequest bindRequest ) throws Exception
038    {
039        SaslServer ss = ( SaslServer ) ldapSession.getSaslProperty( SaslConstants.SASL_SERVER );
040
041        if ( ss == null )
042        {
043            String saslHost = ldapSession.getLdapServer().getSaslHost();
044            String userBaseDn = ldapSession.getLdapServer().getSearchBaseDn();
045            ldapSession.putSaslProperty( SaslConstants.SASL_HOST, saslHost );
046            ldapSession.putSaslProperty( SaslConstants.SASL_USER_BASE_DN, userBaseDn );
047
048            CoreSession adminSession = ldapSession.getLdapServer().getDirectoryService().getAdminSession();
049
050            ss = new ExternalSaslServer( ldapSession, adminSession, bindRequest );
051
052            ldapSession.putSaslProperty( SaslConstants.SASL_SERVER, ss );
053        }
054
055        return ss;
056    }
057
058
059    /**
060     * {@inheritDoc}
061     */
062    public void init( LdapSession ldapSession )
063    {
064        // Store the host in the ldap session
065        String saslHost = ldapSession.getLdapServer().getSaslHost();
066        ldapSession.putSaslProperty( SaslConstants.SASL_HOST, saslHost );
067    }
068
069
070    /**
071     * Remove the SaslServer and Mechanism property.
072     * 
073     * @param ldapSession the Ldapsession instance
074     */
075    public void cleanup( LdapSession ldapSession )
076    {
077        ldapSession.clearSaslProperties();
078    }
079}