001/*
002 * CDDL HEADER START
003 *
004 * The contents of this file are subject to the terms of the
005 * Common Development and Distribution License, Version 1.0 only
006 * (the "License").  You may not use this file except in compliance
007 * with the License.
008 *
009 * You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
010 * or http://forgerock.org/license/CDDLv1.0.html.
011 * See the License for the specific language governing permissions
012 * and limitations under the License.
013 *
014 * When distributing Covered Code, include this CDDL HEADER in each
015 * file and include the License file at legal-notices/CDDLv1_0.txt.
016 * If applicable, add the following below this CDDL HEADER, with the
017 * fields enclosed by brackets "[]" replaced with your own identifying
018 * information:
019 *      Portions Copyright [yyyy] [name of copyright owner]
020 *
021 * CDDL HEADER END
022 *
023 *
024 *      Copyright 2010 Sun Microsystems, Inc.
025 *      Portions Copyright 2011-2014 ForgeRock AS
026 */
027
028package org.forgerock.opendj.ldap.requests;
029
030import java.util.List;
031
032import org.forgerock.i18n.LocalizedIllegalArgumentException;
033import org.forgerock.opendj.ldap.DecodeException;
034import org.forgerock.opendj.ldap.DecodeOptions;
035import org.forgerock.opendj.ldap.LdapException;
036import org.forgerock.opendj.ldap.controls.Control;
037import org.forgerock.opendj.ldap.controls.ControlDecoder;
038
039/**
040 * The CRAM-MD5 SASL bind request as defined in draft-ietf-sasl-crammd5. This
041 * SASL mechanism allows a client to perform a simple challenge-response
042 * authentication method, using a keyed MD5 digest. This mechanism does not
043 * provide a security layer.
044 * <p>
045 * The CRAM-MD5 mechanism is intended to have limited use on the Internet. The
046 * mechanism offers inadequate protection against common attacks against
047 * application-level protocols and is prone to interoperability problems.
048 * <p>
049 * The authentication identity is specified using an authorization ID, or
050 * {@code authzId}, as defined in RFC 4513 section 5.2.1.8.
051 *
052 * @see <a
053 *      href="http://tools.ietf.org/html/draft-ietf-sasl-crammd5">draft-ietf-sasl-crammd5
054 *      - The CRAM-MD5 SASL Mechanism </a>
055 * @see <a href="http://tools.ietf.org/html/rfc4513#section-5.2.1.8">RFC 4513 -
056 *      SASL Authorization Identities (authzId) </a>
057 */
058public interface CRAMMD5SASLBindRequest extends SASLBindRequest {
059
060    /**
061     * The name of the SASL mechanism based on CRAM-MD5 authentication.
062     */
063    String SASL_MECHANISM_NAME = "CRAM-MD5";
064
065    @Override
066    CRAMMD5SASLBindRequest addControl(Control control);
067
068    @Override
069    BindClient createBindClient(String serverName) throws LdapException;
070
071    /**
072     * Returns the authentication ID of the user. The authentication ID usually
073     * has the form "dn:" immediately followed by the distinguished name of the
074     * user, or "u:" followed by a user ID string, but other forms are
075     * permitted.
076     *
077     * @return The authentication ID of the user.
078     */
079    String getAuthenticationID();
080
081    /**
082     * Returns the authentication mechanism identifier for this SASL bind
083     * request as defined by the LDAP protocol, which is always {@code 0xA3}.
084     *
085     * @return The authentication mechanism identifier.
086     */
087    @Override
088    byte getAuthenticationType();
089
090    @Override
091    <C extends Control> C getControl(ControlDecoder<C> decoder, DecodeOptions options)
092            throws DecodeException;
093
094    @Override
095    List<Control> getControls();
096
097    /**
098     * Returns the name of the Directory object that the client wishes to bind
099     * as, which is always the empty string for SASL authentication.
100     *
101     * @return The name of the Directory object that the client wishes to bind
102     *         as.
103     */
104    @Override
105    String getName();
106
107    /**
108     * Returns the password of the user that the client wishes to bind as.
109     * <p>
110     * Unless otherwise indicated, implementations will store a reference to the
111     * returned password byte array, allowing applications to overwrite the
112     * password after it has been used.
113     *
114     * @return The password of the user that the client wishes to bind as.
115     */
116    byte[] getPassword();
117
118    @Override
119    String getSASLMechanism();
120
121    /**
122     * Sets the authentication ID of the user. The authentication ID usually has
123     * the form "dn:" immediately followed by the distinguished name of the
124     * user, or "u:" followed by a user ID string, but other forms are
125     * permitted.
126     *
127     * @param authenticationID
128     *            The authentication ID of the user.
129     * @return This bind request
130     * @throws UnsupportedOperationException
131     *             If this bind request does not permit the authentication ID to
132     *             be set..
133     * @throws LocalizedIllegalArgumentException
134     *             If {@code authenticationID} was non-empty and did not contain
135     *             a valid authorization ID type.
136     * @throws NullPointerException
137     *             If {@code authenticationID} was {@code null}.
138     */
139    CRAMMD5SASLBindRequest setAuthenticationID(String authenticationID);
140
141    /**
142     * Sets the password of the user that the client wishes to bind as.
143     * <p>
144     * Unless otherwise indicated, implementations will store a reference to the
145     * provided password byte array, allowing applications to overwrite the
146     * password after it has been used.
147     *
148     * @param password
149     *            The password of the user that the client wishes to bind as,
150     *            which may be empty.
151     * @return This bind request.
152     * @throws UnsupportedOperationException
153     *             If this bind request does not permit the password to be set.
154     * @throws NullPointerException
155     *             If {@code password} was {@code null}.
156     */
157    CRAMMD5SASLBindRequest setPassword(byte[] password);
158
159    /**
160     * Sets the password of the user that the client wishes to bind as. The
161     * password will be converted to a UTF-8 octet string.
162     *
163     * @param password
164     *            The password of the user that the client wishes to bind as.
165     * @return This bind request.
166     * @throws UnsupportedOperationException
167     *             If this bind request does not permit the password to be set.
168     * @throws NullPointerException
169     *             If {@code password} was {@code null}.
170     */
171    CRAMMD5SASLBindRequest setPassword(char[] password);
172
173}