Package com.unboundid.util
Class SASLUtils
- java.lang.Object
-
- com.unboundid.util.SASLUtils
-
@ThreadSafety(level=COMPLETELY_THREADSAFE) public final class SASLUtils extends java.lang.Object
This class provides a utility that may be used to help process SASL bind operations using the LDAP SDK.
-
-
Field Summary
Fields Modifier and Type Field Description static java.lang.String
SASL_OPTION_AUTH_ID
The name of the SASL option that specifies the authentication ID.static java.lang.String
SASL_OPTION_AUTHZ_ID
The name of the SASL option that specifies the authorization ID.static java.lang.String
SASL_OPTION_CONFIG_FILE
The name of the SASL option that specifies the path to the JAAS config file.static java.lang.String
SASL_OPTION_DEBUG
The name of the SASL option that indicates whether debugging should be enabled.static java.lang.String
SASL_OPTION_KDC_ADDRESS
The name of the SASL option that specifies the KDC address.static java.lang.String
SASL_OPTION_MECHANISM
The name of the SASL option that specifies the desired SASL mechanism to use to authenticate to the server.static java.lang.String
SASL_OPTION_OTP
The name of the SASL option that specifies a one-time password.static java.lang.String
SASL_OPTION_PROMPT_FOR_STATIC_PW
The name of the SASL option that may be used to indicate whether to prompt for a static password.static java.lang.String
SASL_OPTION_PROTOCOL
The name of the SASL option that specifies the GSSAPI service principal protocol.static java.lang.String
SASL_OPTION_QOP
The name of the SASL option that specifies the quality of protection that should be used for communication that occurs after the authentication has completed.static java.lang.String
SASL_OPTION_REALM
The name of the SASL option that specifies the realm name.static java.lang.String
SASL_OPTION_RENEW_TGT
The name of the SASL option that indicates whether to attempt to renew the Kerberos TGT for an existing session.static java.lang.String
SASL_OPTION_REQUIRE_CACHE
The name of the SASL option that indicates whether to require an existing Kerberos session from the ticket cache.static java.lang.String
SASL_OPTION_TICKET_CACHE_PATH
The name of the SASL option that specifies the path to the Kerberos ticket cache to use.static java.lang.String
SASL_OPTION_TOTP_PASSWORD
The name of the SASL option that specifies the TOTP authentication code.static java.lang.String
SASL_OPTION_TRACE
The name of the SASL option that specifies the trace string.static java.lang.String
SASL_OPTION_USE_TICKET_CACHE
The name of the SASL option that specifies whether to use a Kerberos ticket cache.
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static SASLBindRequest
createBindRequest(java.lang.String bindDN, byte[] password, boolean promptForPassword, CommandLineTool tool, java.lang.String mechanism, java.util.List<java.lang.String> options, Control... controls)
Creates a new SASL bind request using the provided information.static SASLBindRequest
createBindRequest(java.lang.String bindDN, byte[] password, java.lang.String mechanism, java.lang.String... options)
Creates a new SASL bind request using the provided information.static SASLBindRequest
createBindRequest(java.lang.String bindDN, byte[] password, java.lang.String mechanism, java.util.List<java.lang.String> options, Control... controls)
Creates a new SASL bind request using the provided information.static SASLBindRequest
createBindRequest(java.lang.String bindDN, java.lang.String password, java.lang.String mechanism, java.lang.String... options)
Creates a new SASL bind request using the provided information.static SASLBindRequest
createBindRequest(java.lang.String bindDN, java.lang.String password, java.lang.String mechanism, java.util.List<java.lang.String> options, Control... controls)
Creates a new SASL bind request using the provided information.static void
ensureNoUnsupportedOptions(java.util.Map<java.lang.String,java.lang.String> options, java.lang.String mechanism)
Ensures that the provided map is empty, and will throw an exception if it isn't.static SASLMechanismInfo
getSASLMechanismInfo(java.lang.String mechanism)
Retrieves information about the specified SASL mechanism.static java.util.List<SASLMechanismInfo>
getSupportedSASLMechanisms()
Retrieves information about the SASL mechanisms supported for use by this class.static java.util.List<java.lang.String>
getUsage(int maxWidth)
Retrieves lines that make up the SASL usage information, optionally wrapping long lines.static java.lang.String
getUsageString(int maxWidth)
Retrieves a string representation of the SASL usage information.
-
-
-
Field Detail
-
SASL_OPTION_AUTH_ID
public static final java.lang.String SASL_OPTION_AUTH_ID
The name of the SASL option that specifies the authentication ID. It may be used in conjunction with the CRAM-MD5, DIGEST-MD5, GSSAPI, and PLAIN mechanisms.- See Also:
- Constant Field Values
-
SASL_OPTION_AUTHZ_ID
public static final java.lang.String SASL_OPTION_AUTHZ_ID
The name of the SASL option that specifies the authorization ID. It may be used in conjunction with the DIGEST-MD5, GSSAPI, and PLAIN mechanisms.- See Also:
- Constant Field Values
-
SASL_OPTION_CONFIG_FILE
public static final java.lang.String SASL_OPTION_CONFIG_FILE
The name of the SASL option that specifies the path to the JAAS config file. It may be used in conjunction with the GSSAPI mechanism.- See Also:
- Constant Field Values
-
SASL_OPTION_DEBUG
public static final java.lang.String SASL_OPTION_DEBUG
The name of the SASL option that indicates whether debugging should be enabled. It may be used in conjunction with the GSSAPI mechanism.- See Also:
- Constant Field Values
-
SASL_OPTION_KDC_ADDRESS
public static final java.lang.String SASL_OPTION_KDC_ADDRESS
The name of the SASL option that specifies the KDC address. It may be used in conjunction with the GSSAPI mechanism.- See Also:
- Constant Field Values
-
SASL_OPTION_MECHANISM
public static final java.lang.String SASL_OPTION_MECHANISM
The name of the SASL option that specifies the desired SASL mechanism to use to authenticate to the server.- See Also:
- Constant Field Values
-
SASL_OPTION_OTP
public static final java.lang.String SASL_OPTION_OTP
The name of the SASL option that specifies a one-time password. It may be used in conjunction with the UNBOUNDID-DELIVERED-OTP and UNBOUNDID-YUBIKEY-OTP mechanisms.- See Also:
- Constant Field Values
-
SASL_OPTION_PROMPT_FOR_STATIC_PW
public static final java.lang.String SASL_OPTION_PROMPT_FOR_STATIC_PW
The name of the SASL option that may be used to indicate whether to prompt for a static password. It may be used in conjunction with the UNBOUNDID-TOTP and UNBOUNDID-YUBIKEY-OTP mechanisms.- See Also:
- Constant Field Values
-
SASL_OPTION_PROTOCOL
public static final java.lang.String SASL_OPTION_PROTOCOL
The name of the SASL option that specifies the GSSAPI service principal protocol. It may be used in conjunction with the GSSAPI mechanism.- See Also:
- Constant Field Values
-
SASL_OPTION_QOP
public static final java.lang.String SASL_OPTION_QOP
The name of the SASL option that specifies the quality of protection that should be used for communication that occurs after the authentication has completed.- See Also:
- Constant Field Values
-
SASL_OPTION_REALM
public static final java.lang.String SASL_OPTION_REALM
The name of the SASL option that specifies the realm name. It may be used in conjunction with the DIGEST-MD5 and GSSAPI mechanisms.- See Also:
- Constant Field Values
-
SASL_OPTION_REQUIRE_CACHE
public static final java.lang.String SASL_OPTION_REQUIRE_CACHE
The name of the SASL option that indicates whether to require an existing Kerberos session from the ticket cache. It may be used in conjunction with the GSSAPI mechanism.- See Also:
- Constant Field Values
-
SASL_OPTION_RENEW_TGT
public static final java.lang.String SASL_OPTION_RENEW_TGT
The name of the SASL option that indicates whether to attempt to renew the Kerberos TGT for an existing session. It may be used in conjunction with the GSSAPI mechanism.- See Also:
- Constant Field Values
-
SASL_OPTION_TICKET_CACHE_PATH
public static final java.lang.String SASL_OPTION_TICKET_CACHE_PATH
The name of the SASL option that specifies the path to the Kerberos ticket cache to use. It may be used in conjunction with the GSSAPI mechanism.- See Also:
- Constant Field Values
-
SASL_OPTION_TOTP_PASSWORD
public static final java.lang.String SASL_OPTION_TOTP_PASSWORD
The name of the SASL option that specifies the TOTP authentication code. It may be used in conjunction with the UNBOUNDID-TOTP mechanism.- See Also:
- Constant Field Values
-
SASL_OPTION_TRACE
public static final java.lang.String SASL_OPTION_TRACE
The name of the SASL option that specifies the trace string. It may be used in conjunction with the ANONYMOUS mechanism.- See Also:
- Constant Field Values
-
SASL_OPTION_USE_TICKET_CACHE
public static final java.lang.String SASL_OPTION_USE_TICKET_CACHE
The name of the SASL option that specifies whether to use a Kerberos ticket cache. It may be used in conjunction with the GSSAPI mechanism.- See Also:
- Constant Field Values
-
-
Method Detail
-
getSupportedSASLMechanisms
public static java.util.List<SASLMechanismInfo> getSupportedSASLMechanisms()
Retrieves information about the SASL mechanisms supported for use by this class.- Returns:
- Information about the SASL mechanisms supported for use by this class.
-
getSASLMechanismInfo
public static SASLMechanismInfo getSASLMechanismInfo(java.lang.String mechanism)
Retrieves information about the specified SASL mechanism.- Parameters:
mechanism
- The name of the SASL mechanism for which to retrieve information. It will not be treated in a case-sensitive manner.- Returns:
- Information about the requested SASL mechanism, or
null
if no information about the specified mechanism is available.
-
createBindRequest
public static SASLBindRequest createBindRequest(java.lang.String bindDN, java.lang.String password, java.lang.String mechanism, java.lang.String... options) throws LDAPException
Creates a new SASL bind request using the provided information.- Parameters:
bindDN
- The bind DN to use for the SASL bind request. For most SASL mechanisms, this should benull
, since the identity of the target user should be specified in some other way (e.g., via an "authID" SASL option).password
- The password to use for the SASL bind request. It may benull
if no password is required for the desired SASL mechanism.mechanism
- The name of the SASL mechanism to use. It may benull
if the provided set of options contains a "mech" option to specify the desired SASL option.options
- The set of SASL options to use when creating the bind request, in the form "name=value". It may benull
or empty if no SASL options are needed and a value was provided for themechanism
argument. If the set of SASL options includes a "mech" option, then themechanism
argument must benull
or have a value that matches the value of the "mech" SASL option.- Returns:
- The SASL bind request created using the provided information.
- Throws:
LDAPException
- If a problem is encountered while trying to create the SASL bind request.
-
createBindRequest
public static SASLBindRequest createBindRequest(java.lang.String bindDN, java.lang.String password, java.lang.String mechanism, java.util.List<java.lang.String> options, Control... controls) throws LDAPException
Creates a new SASL bind request using the provided information.- Parameters:
bindDN
- The bind DN to use for the SASL bind request. For most SASL mechanisms, this should benull
, since the identity of the target user should be specified in some other way (e.g., via an "authID" SASL option).password
- The password to use for the SASL bind request. It may benull
if no password is required for the desired SASL mechanism.mechanism
- The name of the SASL mechanism to use. It may benull
if the provided set of options contains a "mech" option to specify the desired SASL option.options
- The set of SASL options to use when creating the bind request, in the form "name=value". It may benull
or empty if no SASL options are needed and a value was provided for themechanism
argument. If the set of SASL options includes a "mech" option, then themechanism
argument must benull
or have a value that matches the value of the "mech" SASL option.controls
- The set of controls to include in the request.- Returns:
- The SASL bind request created using the provided information.
- Throws:
LDAPException
- If a problem is encountered while trying to create the SASL bind request.
-
createBindRequest
public static SASLBindRequest createBindRequest(java.lang.String bindDN, byte[] password, java.lang.String mechanism, java.lang.String... options) throws LDAPException
Creates a new SASL bind request using the provided information.- Parameters:
bindDN
- The bind DN to use for the SASL bind request. For most SASL mechanisms, this should benull
, since the identity of the target user should be specified in some other way (e.g., via an "authID" SASL option).password
- The password to use for the SASL bind request. It may benull
if no password is required for the desired SASL mechanism.mechanism
- The name of the SASL mechanism to use. It may benull
if the provided set of options contains a "mech" option to specify the desired SASL option.options
- The set of SASL options to use when creating the bind request, in the form "name=value". It may benull
or empty if no SASL options are needed and a value was provided for themechanism
argument. If the set of SASL options includes a "mech" option, then themechanism
argument must benull
or have a value that matches the value of the "mech" SASL option.- Returns:
- The SASL bind request created using the provided information.
- Throws:
LDAPException
- If a problem is encountered while trying to create the SASL bind request.
-
createBindRequest
public static SASLBindRequest createBindRequest(java.lang.String bindDN, byte[] password, java.lang.String mechanism, java.util.List<java.lang.String> options, Control... controls) throws LDAPException
Creates a new SASL bind request using the provided information.- Parameters:
bindDN
- The bind DN to use for the SASL bind request. For most SASL mechanisms, this should benull
, since the identity of the target user should be specified in some other way (e.g., via an "authID" SASL option).password
- The password to use for the SASL bind request. It may benull
if no password is required for the desired SASL mechanism.mechanism
- The name of the SASL mechanism to use. It may benull
if the provided set of options contains a "mech" option to specify the desired SASL option.options
- The set of SASL options to use when creating the bind request, in the form "name=value". It may benull
or empty if no SASL options are needed and a value was provided for themechanism
argument. If the set of SASL options includes a "mech" option, then themechanism
argument must benull
or have a value that matches the value of the "mech" SASL option.controls
- The set of controls to include in the request.- Returns:
- The SASL bind request created using the provided information.
- Throws:
LDAPException
- If a problem is encountered while trying to create the SASL bind request.
-
createBindRequest
public static SASLBindRequest createBindRequest(java.lang.String bindDN, byte[] password, boolean promptForPassword, CommandLineTool tool, java.lang.String mechanism, java.util.List<java.lang.String> options, Control... controls) throws LDAPException
Creates a new SASL bind request using the provided information.- Parameters:
bindDN
- The bind DN to use for the SASL bind request. For most SASL mechanisms, this should benull
, since the identity of the target user should be specified in some other way (e.g., via an "authID" SASL option).password
- The password to use for the SASL bind request. It may benull
if no password is required for the desired SASL mechanism.promptForPassword
- Indicates whether to interactively prompt for the password if one is needed but none was provided.tool
- The command-line tool whose input and output streams should be used when prompting for the bind password. It may benull
ifpromptForPassword
isfalse
.mechanism
- The name of the SASL mechanism to use. It may benull
if the provided set of options contains a "mech" option to specify the desired SASL option.options
- The set of SASL options to use when creating the bind request, in the form "name=value". It may benull
or empty if no SASL options are needed and a value was provided for themechanism
argument. If the set of SASL options includes a "mech" option, then themechanism
argument must benull
or have a value that matches the value of the "mech" SASL option.controls
- The set of controls to include in the request.- Returns:
- The SASL bind request created using the provided information.
- Throws:
LDAPException
- If a problem is encountered while trying to create the SASL bind request.
-
ensureNoUnsupportedOptions
@InternalUseOnly public static void ensureNoUnsupportedOptions(java.util.Map<java.lang.String,java.lang.String> options, java.lang.String mechanism) throws LDAPException
Ensures that the provided map is empty, and will throw an exception if it isn't. This method is intended for internal use only.- Parameters:
options
- The map of options to ensure is empty.mechanism
- The associated SASL mechanism.- Throws:
LDAPException
- If the map of SASL options is not empty.
-
getUsageString
public static java.lang.String getUsageString(int maxWidth)
Retrieves a string representation of the SASL usage information. This will include the supported SASL mechanisms and the properties that may be used with each.- Parameters:
maxWidth
- The maximum line width to use for the output. If this is less than or equal to zero, then no wrapping will be performed.- Returns:
- A string representation of the usage information
-
getUsage
public static java.util.List<java.lang.String> getUsage(int maxWidth)
Retrieves lines that make up the SASL usage information, optionally wrapping long lines.- Parameters:
maxWidth
- The maximum line width to use for the output. If this is less than or equal to zero, then no wrapping will be performed.- Returns:
- The lines that make up the SASL usage information.
-
-