001/* 002 * CDDL HEADER START 003 * 004 * The contents of this file are subject to the terms of the 005 * Common Development and Distribution License, Version 1.0 only 006 * (the "License"). You may not use this file except in compliance 007 * with the License. 008 * 009 * You can obtain a copy of the license at legal-notices/CDDLv1_0.txt 010 * or http://forgerock.org/license/CDDLv1.0.html. 011 * See the License for the specific language governing permissions 012 * and limitations under the License. 013 * 014 * When distributing Covered Code, include this CDDL HEADER in each 015 * file and include the License file at legal-notices/CDDLv1_0.txt. 016 * If applicable, add the following below this CDDL HEADER, with the 017 * fields enclosed by brackets "[]" replaced with your own identifying 018 * information: 019 * Portions Copyright [yyyy] [name of copyright owner] 020 * 021 * CDDL HEADER END 022 * 023 * 024 * Copyright 2010 Sun Microsystems, Inc. 025 * Portions Copyright 2011-2014 ForgeRock AS 026 */ 027 028package org.forgerock.opendj.ldap.requests; 029 030import java.util.List; 031 032import org.forgerock.i18n.LocalizedIllegalArgumentException; 033import org.forgerock.opendj.ldap.DecodeException; 034import org.forgerock.opendj.ldap.DecodeOptions; 035import org.forgerock.opendj.ldap.LdapException; 036import org.forgerock.opendj.ldap.controls.Control; 037import org.forgerock.opendj.ldap.controls.ControlDecoder; 038 039/** 040 * The CRAM-MD5 SASL bind request as defined in draft-ietf-sasl-crammd5. This 041 * SASL mechanism allows a client to perform a simple challenge-response 042 * authentication method, using a keyed MD5 digest. This mechanism does not 043 * provide a security layer. 044 * <p> 045 * The CRAM-MD5 mechanism is intended to have limited use on the Internet. The 046 * mechanism offers inadequate protection against common attacks against 047 * application-level protocols and is prone to interoperability problems. 048 * <p> 049 * The authentication identity is specified using an authorization ID, or 050 * {@code authzId}, as defined in RFC 4513 section 5.2.1.8. 051 * 052 * @see <a 053 * href="http://tools.ietf.org/html/draft-ietf-sasl-crammd5">draft-ietf-sasl-crammd5 054 * - The CRAM-MD5 SASL Mechanism </a> 055 * @see <a href="http://tools.ietf.org/html/rfc4513#section-5.2.1.8">RFC 4513 - 056 * SASL Authorization Identities (authzId) </a> 057 */ 058public interface CRAMMD5SASLBindRequest extends SASLBindRequest { 059 060 /** 061 * The name of the SASL mechanism based on CRAM-MD5 authentication. 062 */ 063 String SASL_MECHANISM_NAME = "CRAM-MD5"; 064 065 @Override 066 CRAMMD5SASLBindRequest addControl(Control control); 067 068 @Override 069 BindClient createBindClient(String serverName) throws LdapException; 070 071 /** 072 * Returns the authentication ID of the user. The authentication ID usually 073 * has the form "dn:" immediately followed by the distinguished name of the 074 * user, or "u:" followed by a user ID string, but other forms are 075 * permitted. 076 * 077 * @return The authentication ID of the user. 078 */ 079 String getAuthenticationID(); 080 081 /** 082 * Returns the authentication mechanism identifier for this SASL bind 083 * request as defined by the LDAP protocol, which is always {@code 0xA3}. 084 * 085 * @return The authentication mechanism identifier. 086 */ 087 @Override 088 byte getAuthenticationType(); 089 090 @Override 091 <C extends Control> C getControl(ControlDecoder<C> decoder, DecodeOptions options) 092 throws DecodeException; 093 094 @Override 095 List<Control> getControls(); 096 097 /** 098 * Returns the name of the Directory object that the client wishes to bind 099 * as, which is always the empty string for SASL authentication. 100 * 101 * @return The name of the Directory object that the client wishes to bind 102 * as. 103 */ 104 @Override 105 String getName(); 106 107 /** 108 * Returns the password of the user that the client wishes to bind as. 109 * <p> 110 * Unless otherwise indicated, implementations will store a reference to the 111 * returned password byte array, allowing applications to overwrite the 112 * password after it has been used. 113 * 114 * @return The password of the user that the client wishes to bind as. 115 */ 116 byte[] getPassword(); 117 118 @Override 119 String getSASLMechanism(); 120 121 /** 122 * Sets the authentication ID of the user. The authentication ID usually has 123 * the form "dn:" immediately followed by the distinguished name of the 124 * user, or "u:" followed by a user ID string, but other forms are 125 * permitted. 126 * 127 * @param authenticationID 128 * The authentication ID of the user. 129 * @return This bind request 130 * @throws UnsupportedOperationException 131 * If this bind request does not permit the authentication ID to 132 * be set.. 133 * @throws LocalizedIllegalArgumentException 134 * If {@code authenticationID} was non-empty and did not contain 135 * a valid authorization ID type. 136 * @throws NullPointerException 137 * If {@code authenticationID} was {@code null}. 138 */ 139 CRAMMD5SASLBindRequest setAuthenticationID(String authenticationID); 140 141 /** 142 * Sets the password of the user that the client wishes to bind as. 143 * <p> 144 * Unless otherwise indicated, implementations will store a reference to the 145 * provided password byte array, allowing applications to overwrite the 146 * password after it has been used. 147 * 148 * @param password 149 * The password of the user that the client wishes to bind as, 150 * which may be empty. 151 * @return This bind request. 152 * @throws UnsupportedOperationException 153 * If this bind request does not permit the password to be set. 154 * @throws NullPointerException 155 * If {@code password} was {@code null}. 156 */ 157 CRAMMD5SASLBindRequest setPassword(byte[] password); 158 159 /** 160 * Sets the password of the user that the client wishes to bind as. The 161 * password will be converted to a UTF-8 octet string. 162 * 163 * @param password 164 * The password of the user that the client wishes to bind as. 165 * @return This bind request. 166 * @throws UnsupportedOperationException 167 * If this bind request does not permit the password to be set. 168 * @throws NullPointerException 169 * If {@code password} was {@code null}. 170 */ 171 CRAMMD5SASLBindRequest setPassword(char[] password); 172 173}