diff options
Diffstat (limited to 'qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/sasl/external/ExternalSaslServer.java')
-rw-r--r-- | qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/sasl/external/ExternalSaslServer.java | 125 |
1 files changed, 125 insertions, 0 deletions
diff --git a/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/sasl/external/ExternalSaslServer.java b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/sasl/external/ExternalSaslServer.java new file mode 100644 index 0000000000..e1007d91e0 --- /dev/null +++ b/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/sasl/external/ExternalSaslServer.java @@ -0,0 +1,125 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.qpid.server.security.auth.sasl.external; + +import java.security.Principal; + +import javax.security.auth.x500.X500Principal; +import javax.security.sasl.SaslException; +import javax.security.sasl.SaslServer; + +import org.apache.log4j.Logger; +import org.apache.qpid.server.security.auth.UsernamePrincipal; +import org.apache.qpid.transport.network.security.ssl.SSLUtil; + +public class ExternalSaslServer implements SaslServer +{ + private static final Logger LOGGER = Logger.getLogger(ExternalSaslServer.class); + + public static final String MECHANISM = "EXTERNAL"; + + private boolean _complete = false; + private final Principal _externalPrincipal; + private boolean _useFullDN = false; + + public ExternalSaslServer(Principal externalPrincipal, boolean useFullDN) + { + _useFullDN = useFullDN; + _externalPrincipal = externalPrincipal; + } + + public String getMechanismName() + { + return MECHANISM; + } + + public byte[] evaluateResponse(byte[] response) throws SaslException + { + _complete = true; + return null; + } + + public boolean isComplete() + { + return _complete; + } + + public String getAuthorizationID() + { + return getAuthenticatedPrincipal().getName(); + } + + public byte[] unwrap(byte[] incoming, int offset, int len) throws SaslException + { + throw new SaslException("Unsupported operation"); + } + + public byte[] wrap(byte[] outgoing, int offset, int len) throws SaslException + { + throw new SaslException("Unsupported operation"); + } + + public Object getNegotiatedProperty(String propName) + { + return null; + } + + public void dispose() throws SaslException + { + } + + public Principal getAuthenticatedPrincipal() + { + if (_externalPrincipal instanceof X500Principal && !_useFullDN) + { + // Construct username as <CN>@<DC1>.<DC2>.<DC3>....<DCN> + String username; + String dn = ((X500Principal) _externalPrincipal).getName(X500Principal.RFC2253); + + if(LOGGER.isDebugEnabled()) + { + LOGGER.debug("Parsing username from Principal DN: " + dn); + } + + username = SSLUtil.getIdFromSubjectDN(dn); + if (username.isEmpty()) + { + // CN is empty => Cannot construct username => Authentication failed => return null + if(LOGGER.isDebugEnabled()) + { + LOGGER.debug("CN value was empty in Principal name, unable to construct username"); + } + return null; + } + if(LOGGER.isDebugEnabled()) + { + LOGGER.debug("Constructing Principal with username: " + username); + } + return new UsernamePrincipal(username); + } + else + { + if(LOGGER.isDebugEnabled()) + { + LOGGER.debug("Using external Principal: " + _externalPrincipal); + } + return _externalPrincipal; + } + } +} |