java/ldapjndi/saslSearchClient.java

4035N/A/*
4035N/A * CDDL HEADER START
4035N/A *
4035N/A * The contents of this file are subject to the terms of the
4035N/A * Common Development and Distribution License, Version 1.0 only
4035N/A * (the "License").  You may not use this file except in compliance
4035N/A * with the License.
4035N/A *
6982N/A * You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
6982N/A * or http://forgerock.org/license/CDDLv1.0.html.
4035N/A * See the License for the specific language governing permissions
4035N/A * and limitations under the License.
4035N/A *
4035N/A * When distributing Covered Code, include this CDDL HEADER in each
6982N/A * file and include the License file at legal-notices/CDDLv1_0.txt.
6982N/A * If applicable, add the following below this CDDL HEADER, with the
6982N/A * fields enclosed by brackets "[]" replaced with your own identifying
6982N/A * information:
4035N/A *      Portions Copyright [yyyy] [name of copyright owner]
4035N/A *
4035N/A * CDDL HEADER END
4035N/A *
4035N/A *
4035N/A *      Copyright 2008 Sun Microsystems, Inc.
4035N/A */
4035N/A
4035N/Aimport java.util.Hashtable;
4035N/Aimport javax.naming.Context;
4035N/Aimport javax.naming.NamingException;
4035N/Aimport javax.naming.directory.Attributes;
4035N/Aimport javax.naming.ldap.LdapContext;
4035N/Aimport javax.naming.ldap.InitialLdapContext;
4035N/Aimport javax.naming.CompositeName;
4035N/Aimport javax.naming.directory.BasicAttribute;
4035N/Aimport javax.naming.directory.BasicAttributes;
4035N/Aimport javax.naming.CommunicationException;
4035N/Aimport javax.naming.directory.InvalidSearchFilterException;
4035N/Aimport javax.security.sasl.AuthenticationException;
4056N/Aimport javax.naming.NamingEnumeration;
4056N/Aimport javax.naming.directory.SearchResult;
4056N/Aimport javax.naming.directory.SearchControls;
4035N/Aimport java.util.HashSet;
4035N/Aimport java.util.Iterator;
4035N/A
4035N/A/**
4035N/A *  Perform an Ldap search using SASL as authentication mechanism.
4035N/A *  Supports sasl encryption.
4035N/A *  The function returns the ldap error code
4035N/A */
4035N/Apublic class saslSearchClient {
4035N/A
4035N/A  /**
4035N/A   * Main.
4035N/A   *
4035N/A   * @param args arguments
4035N/A   */
4035N/A  public static void main(String[] args) {
4035N/A
4035N/A    // Ldapsearch parameters
4035N/A    String hostname = null;
4035N/A    String ldapPort = null;
4035N/A    String basedn = null;
4035N/A    String filter = null;
4056N/A    int scope;
4035N/A
4035N/A
4035N/A    // SASL options
4035N/A    String mechanism = null;
4035N/A    String authid = null;
4035N/A    String password = null;
4035N/A    String authzid = null;
4035N/A    String realm = null;
4035N/A    String qop = null;
4035N/A    String strength = null;
4035N/A    String maxbufsize = null;
4035N/A
4035N/A
4035N/A    String errorCode = null;
4035N/A    String errorMessage = null;
4035N/A    String errorCause = null;
4035N/A
4035N/A
4035N/A    Hashtable envLdap  = new Hashtable();
4035N/A    LdapContext ctx = null;
4056N/A    SearchControls searchControls = null;
4056N/A    NamingEnumeration results = null;
4035N/A
4035N/A
4035N/A
4035N/A    for (int k=0; k< args.length; k++) {
4035N/A      String opt1 = args[k];
4035N/A      String val1 = args[k+1];
4035N/A
4035N/A      // Get ldapsearch parameters
4035N/A      if (opt1.equals("-h")) {
4035N/A        hostname = val1;
4035N/A      }
4035N/A      if (opt1.equals("-p")) {
4035N/A        ldapPort = val1;
4035N/A      }
4035N/A      if (opt1.equals("-s")) {
4056N/A        if (val1.equals("base")) {
4056N/A          scope = SearchControls.OBJECT_SCOPE;
4056N/A        } else if (opt1.equals("one")) {
4056N/A          scope = SearchControls.ONELEVEL_SCOPE;
4056N/A        } else {
4056N/A          // default scope: "sub"
4056N/A          scope = SearchControls.SUBTREE_SCOPE;
4056N/A        }
4056N/A        searchControls = new SearchControls();
4056N/A        searchControls.setSearchScope(scope);
4035N/A      }
4035N/A      if (opt1.equals("-b")) {
4035N/A        basedn = val1;
4035N/A      }
4035N/A      if (opt1.equals("-f")) {
4035N/A        filter = val1;
4035N/A      }
4035N/A
4035N/A      // Get SASL options
4035N/A      if (opt1.equals("--mech")) {
4035N/A        mechanism = val1;
4035N/A      }
4035N/A      if (opt1.equals("--authid")) {
4035N/A        authid = val1;
4035N/A      }
4035N/A      if (opt1.equals("-w")) {
4035N/A          password = val1;
4035N/A        }
4035N/A      if (opt1.equals("--authzid")) {
4035N/A        authzid = val1;
4035N/A      }
4035N/A      if (opt1.equals("--realm")) {
4035N/A        realm = val1;
4035N/A      }
4035N/A      if (opt1.equals("--qop")) {
4035N/A        qop = val1;
4035N/A      }
4035N/A      if (opt1.equals("--strength")) {
4035N/A        strength = val1;
4035N/A      }
4035N/A      if (opt1.equals("--maxbufsize")) {
4035N/A        maxbufsize = val1;
4035N/A      }
4035N/A      k++;
4035N/A    }
4035N/A
4035N/A
4035N/A
4035N/A
4035N/A    String provider = "ldap://"  + hostname + ":" + ldapPort  + "/";
4035N/A
4035N/A    envLdap.put("java.naming.factory.initial",
4035N/A        "com.sun.jndi.ldap.LdapCtxFactory");
4035N/A    envLdap.put(Context.PROVIDER_URL, provider);
4035N/A
4035N/A    if (mechanism != null) {
4035N/A      envLdap.put(Context.SECURITY_AUTHENTICATION, mechanism);
4035N/A    }
4035N/A
4035N/A    envLdap.put(Context.SECURITY_PRINCIPAL, authid);
4035N/A    envLdap.put(Context.SECURITY_CREDENTIALS, password);
4035N/A
4035N/A    if (authzid != null) {
4035N/A      envLdap.put("javax.security.sasl.authorizationId", authzid);
4035N/A    }
4035N/A    if (realm != null) {
4035N/A      envLdap.put("javax.security.sasl.realm", realm);
4035N/A    }
4035N/A    if (qop != null) {
4035N/A      envLdap.put("javax.security.sasl.qop", qop);
4035N/A    }
4035N/A    if (strength != null) {
4035N/A      envLdap.put("javax.security.sasl.strength", strength);
4035N/A    }
4035N/A    if (maxbufsize != null) {
4035N/A      envLdap.put("javax.security.sasl.maxbuf", maxbufsize);
4035N/A    }
4035N/A
4035N/A    try {
4035N/A      System.out.println("Search with SASL auth " + mechanism);
4035N/A      System.out.println("Authentication ID " + authid);
4035N/A      System.out.println("Password " + password);
4035N/A      System.out.println("Authorization ID " + authzid);
4035N/A      System.out.println("Realm " + realm);
4035N/A      System.out.println("Quality of Protection " + qop);
4035N/A      System.out.println("Cipher Strength " + strength);
4035N/A      System.out.println("Maximum receive buffer size " + maxbufsize);
4035N/A
4035N/A      // connect to server
4035N/A      ctx = new InitialLdapContext(envLdap, null);
4035N/A
4035N/A      // issue ldapsearch
4056N/A      results = ctx.search(basedn, filter, searchControls);
4035N/A
4035N/A      ctx.close();
4035N/A    } catch (CommunicationException e1) {
4035N/A      e1.printStackTrace();
4035N/A      errorMessage = e1.getMessage();
4035N/A      if (e1.getCause() != null)
4035N/A        errorCause = e1.getCause().toString();
4035N/A    } catch (InvalidSearchFilterException e2) {
4035N/A      e2.printStackTrace();
4035N/A      errorMessage = e2.getMessage();
4035N/A      if (e2.getCause() != null)
4035N/A        errorCause = e2.getCause().toString();
4035N/A    } catch (NamingException e3) {
4035N/A      e3.printStackTrace();
4035N/A      errorMessage = e3.getMessage();
4035N/A      if (e3.getCause() != null)
4035N/A        errorCause = e3.getCause().toString();
4035N/A    } catch (Exception e4) {
4035N/A      e4.printStackTrace();
4035N/A      errorMessage = e4.getMessage();
4035N/A      if (e4.getCause() != null)
4035N/A        errorCause = e4.getCause().toString();
4035N/A    }
4035N/A
4035N/A
4035N/A    String NO_COMMON_QOP_LAYER =
4035N/A        "No common protection layer between client and server";
4035N/A
4035N/A
4035N/A    // No error, the modify is success
4035N/A    if ( errorMessage == null ) {
4035N/A      errorCode = "0";
4035N/A    } else {
4035N/A      System.out.println();
4035N/A      System.out.println(errorMessage);
4035N/A      if (errorCause != null)
4035N/A        System.out.println(errorCause);
4035N/A      System.out.println();
4035N/A      System.out.println();
4035N/A      if (errorCause != null && errorCause.indexOf(NO_COMMON_QOP_LAYER) != -1) {
4035N/A        // return 89-LDAP_PARAM_ERROR, which is also returned by ldap clients
4035N/A        errorCode = "89";
4035N/A      } else {
4035N/A        int ind = errorMessage.indexOf("-");
4035N/A        if ( ind > 0 ) {
4035N/A          errorCode = errorMessage.substring(18, ind-1);
4035N/A        } else errorCode = "0";
4035N/A      }
4035N/A    }
4035N/A
4056N/A    try {
4056N/A      if ((errorCode.equals("0")) && (results != null)) {
4056N/A        while (results.hasMore()) {
4056N/A          SearchResult searchResult = (SearchResult) results.next();
4056N/A          System.out.println(searchResult.toString());
4056N/A        }
4056N/A        results.close();
4056N/A      }
4056N/A    } catch (NamingException ne) {
4056N/A      ne.printStackTrace();
4056N/A    }
4056N/A
4035N/A    int RC = Integer.parseInt(errorCode);
4035N/A    System.exit(RC);
4035N/A  }
4035N/A
4035N/A}