java/ldapjndi/saslSearchClient.java

/*
 * CDDL HEADER START
 *
 * The contents of this file are subject to the terms of the
 * Common Development and Distribution License, Version 1.0 only
 * (the "License").  You may not use this file except in compliance
 * with the License.
 *
 * You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
 * or http://forgerock.org/license/CDDLv1.0.html.
 * See the License for the specific language governing permissions
 * and limitations under the License.
 *
 * When distributing Covered Code, include this CDDL HEADER in each
 * file and include the License file at legal-notices/CDDLv1_0.txt.
 * If applicable, add the following below this CDDL HEADER, with the
 * fields enclosed by brackets "[]" replaced with your own identifying
 * information:
 *      Portions Copyright [yyyy] [name of copyright owner]
 *
 * CDDL HEADER END
 *
 *
 *      Copyright 2008 Sun Microsystems, Inc.
 */

import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.NamingException;
import javax.naming.directory.Attributes;
import javax.naming.ldap.LdapContext;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.CompositeName;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.CommunicationException;
import javax.naming.directory.InvalidSearchFilterException;
import javax.security.sasl.AuthenticationException;
import javax.naming.NamingEnumeration;
import javax.naming.directory.SearchResult;
import javax.naming.directory.SearchControls;
import java.util.HashSet;
import java.util.Iterator;

/**
 *  Perform an Ldap search using SASL as authentication mechanism.
 *  Supports sasl encryption.
 *  The function returns the ldap error code
 */
public class saslSearchClient {

  /**
   * Main.
   *
   * @param args arguments
   */
  public static void main(String[] args) {

    // Ldapsearch parameters
    String hostname = null;
    String ldapPort = null;
    String basedn = null;
    String filter = null;
    int scope;


    // SASL options
    String mechanism = null;
    String authid = null;
    String password = null;
    String authzid = null;
    String realm = null;
    String qop = null;
    String strength = null;
    String maxbufsize = null;


    String errorCode = null;
    String errorMessage = null;
    String errorCause = null;


    Hashtable envLdap  = new Hashtable();
    LdapContext ctx = null;
    SearchControls searchControls = null;
    NamingEnumeration results = null;


    for (int k=0; k< args.length; k++) {
      String opt1 = args[k];
      String val1 = args[k+1];

      // Get ldapsearch parameters
      if (opt1.equals("-h")) {
        hostname = val1;
      }
      if (opt1.equals("-p")) {
        ldapPort = val1;
      }
      if (opt1.equals("-s")) {
        if (val1.equals("base")) {
          scope = SearchControls.OBJECT_SCOPE;
        } else if (opt1.equals("one")) {
          scope = SearchControls.ONELEVEL_SCOPE;
        } else {
          // default scope: "sub"
          scope = SearchControls.SUBTREE_SCOPE;
        }
        searchControls = new SearchControls();
        searchControls.setSearchScope(scope);
      }
      if (opt1.equals("-b")) {
        basedn = val1;
      }
      if (opt1.equals("-f")) {
        filter = val1;
      }

      // Get SASL options
      if (opt1.equals("--mech")) {
        mechanism = val1;
      }
      if (opt1.equals("--authid")) {
        authid = val1;
      }
      if (opt1.equals("-w")) {
          password = val1;
        }
      if (opt1.equals("--authzid")) {
        authzid = val1;
      }
      if (opt1.equals("--realm")) {
        realm = val1;
      }
      if (opt1.equals("--qop")) {
        qop = val1;
      }
      if (opt1.equals("--strength")) {
        strength = val1;
      }
      if (opt1.equals("--maxbufsize")) {
        maxbufsize = val1;
      }
      k++;
    }


    String provider = "ldap://"  + hostname + ":" + ldapPort  + "/";

    envLdap.put("java.naming.factory.initial",
        "com.sun.jndi.ldap.LdapCtxFactory");
    envLdap.put(Context.PROVIDER_URL, provider);

    if (mechanism != null) {
      envLdap.put(Context.SECURITY_AUTHENTICATION, mechanism);
    }

    envLdap.put(Context.SECURITY_PRINCIPAL, authid);
    envLdap.put(Context.SECURITY_CREDENTIALS, password);

    if (authzid != null) {
      envLdap.put("javax.security.sasl.authorizationId", authzid);
    }
    if (realm != null) {
      envLdap.put("javax.security.sasl.realm", realm);
    }
    if (qop != null) {
      envLdap.put("javax.security.sasl.qop", qop);
    }
    if (strength != null) {
      envLdap.put("javax.security.sasl.strength", strength);
    }
    if (maxbufsize != null) {
      envLdap.put("javax.security.sasl.maxbuf", maxbufsize);
    }

    try {
      System.out.println("Search with SASL auth " + mechanism);
      System.out.println("Authentication ID " + authid);
      System.out.println("Password " + password);
      System.out.println("Authorization ID " + authzid);
      System.out.println("Realm " + realm);
      System.out.println("Quality of Protection " + qop);
      System.out.println("Cipher Strength " + strength);
      System.out.println("Maximum receive buffer size " + maxbufsize);

      // connect to server
      ctx = new InitialLdapContext(envLdap, null);

      // issue ldapsearch
      results = ctx.search(basedn, filter, searchControls);

      ctx.close();
    } catch (CommunicationException e1) {
      e1.printStackTrace();
      errorMessage = e1.getMessage();
      if (e1.getCause() != null)
        errorCause = e1.getCause().toString();
    } catch (InvalidSearchFilterException e2) {
      e2.printStackTrace();
      errorMessage = e2.getMessage();
      if (e2.getCause() != null)
        errorCause = e2.getCause().toString();
    } catch (NamingException e3) {
      e3.printStackTrace();
      errorMessage = e3.getMessage();
      if (e3.getCause() != null)
        errorCause = e3.getCause().toString();
    } catch (Exception e4) {
      e4.printStackTrace();
      errorMessage = e4.getMessage();
      if (e4.getCause() != null)
        errorCause = e4.getCause().toString();
    }


    String NO_COMMON_QOP_LAYER =
        "No common protection layer between client and server";


    // No error, the modify is success
    if ( errorMessage == null ) {
      errorCode = "0";
    } else {
      System.out.println();
      System.out.println(errorMessage);
      if (errorCause != null)
        System.out.println(errorCause);
      System.out.println();
      System.out.println();
      if (errorCause != null && errorCause.indexOf(NO_COMMON_QOP_LAYER) != -1) {
        // return 89-LDAP_PARAM_ERROR, which is also returned by ldap clients
        errorCode = "89";
      } else {
        int ind = errorMessage.indexOf("-");
        if ( ind > 0 ) {
          errorCode = errorMessage.substring(18, ind-1);
        } else errorCode = "0";
      }
    }

    try {
      if ((errorCode.equals("0")) && (results != null)) {
        while (results.hasMore()) {
          SearchResult searchResult = (SearchResult) results.next();
          System.out.println(searchResult.toString());
        }
        results.close();
      }
    } catch (NamingException ne) {
      ne.printStackTrace();
    }

    int RC = Integer.parseInt(errorCode);
    System.exit(RC);
  }

}