0N/A * The contents of this file are subject to the terms of the 0N/A * Common Development and Distribution License, Version 1.0 only 0N/A * (the "License"). You may not use this file except in compliance 0N/A * You can obtain a copy of the license at 0N/A * See the License for the specific language governing permissions 0N/A * and limitations under the License. 0N/A * When distributing Covered Code, include this CDDL HEADER in each 0N/A * file and include the License file at 0N/A * add the following below this CDDL HEADER, with the fields enclosed 873N/A * by brackets "[]" replaced with your own identifying information: 0N/A * Portions Copyright [yyyy] [name of copyright owner] 4495N/A * Copyright 2006-2009 Sun Microsystems, Inc. 0N/A * This class provides an implementation of a SASL mechanism that relies on some 0N/A * form of authentication that has already been done outside the LDAP layer. At 0N/A * the present time, this implementation only provides support for SSL-based 0N/A * clients that presented their own certificate to the Directory Server during 0N/A * the negotiation process. Future implementations may be updated to look in 0N/A * other places to find and evaluate this external authentication information. 1400N/A * The tracer object for the debug logger. 0N/A // The attribute type that should hold the certificates to use for the 0N/A // Indicates whether to attempt to validate the certificate presented by the 0N/A // client with a certificate in the user's entry. 1008N/A // The current configuration for this SASL mechanism handler. 0N/A * Creates a new instance of this SASL mechanism handler. No initialization 0N/A * should be done in this method, as it should all be performed in the 0N/A * <CODE>initializeSASLMechanismHandler</CODE> method. 0N/A // See if we should attempt to validate client certificates against those in 0N/A // the corresponding user's entry. 0N/A // Get the attribute type to use for validating the certificates. If none 0N/A // is provided, then default to the userCertificate type. 0N/A // Get the client connection used for the bind request, and get the 0N/A // security manager for that connection. If either are null, then fail. 824N/A // Get the certificate mapper to use to map the certificate to a user entry. 0N/A // Use the Directory Server certificate mapper to map the client certificate 0N/A // chain to a single user DN. 0N/A // If the user DN is null, then we couldn't establish a mapping and 0N/A // therefore the authentication failed. 0N/A // Get the userCertificate attribute from the user's entry for use in the 0N/A // validation process. 0N/A // This is not a password-based mechanism. 0N/A // This may be considered a secure mechanism. 1008N/A // See if we should attempt to validate client certificates against those in 1008N/A // the corresponding user's entry. 1008N/A // Get the attribute type to use for validating the certificates. If none 1008N/A // is provided, then default to the userCertificate type.