| /* |
| * Licensed to the Apache Software Foundation (ASF) under one |
| * or more contributor license agreements. See the NOTICE file |
| * distributed with this work for additional information |
| * regarding copyright ownership. The ASF licenses this file |
| * to you under the Apache License, Version 2.0 (the |
| * "License"); you may not use this file except in compliance |
| * with the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, |
| * software distributed under the License is distributed on an |
| * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| * KIND, either express or implied. See the License for the |
| * specific language governing permissions and limitations |
| * under the License. |
| * |
| */ |
| package org.apache.directory.server.core.api; |
| |
| |
| import java.net.SocketAddress; |
| import java.security.Principal; |
| |
| import org.apache.directory.api.ldap.model.constants.AuthenticationLevel; |
| import org.apache.directory.api.ldap.model.exception.LdapInvalidDnException; |
| import org.apache.directory.api.ldap.model.name.Dn; |
| import org.apache.directory.api.ldap.model.schema.SchemaManager; |
| import org.apache.directory.server.i18n.I18n; |
| |
| |
| /** |
| * An alternative X500 user implementation that has access to the distinguished |
| * name of the principal as well as the String representation. |
| * |
| * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a> |
| */ |
| public final class LdapPrincipal implements Principal, Cloneable |
| { |
| /** the normalized distinguished name of the principal */ |
| private Dn dn = Dn.EMPTY_DN; |
| |
| /** the authentication level for this principal */ |
| private AuthenticationLevel authenticationLevel; |
| |
| /** The userPassword |
| * @todo security risk remove this immediately |
| */ |
| private byte[][] userPasswords; |
| |
| /** The SchemaManager */ |
| private SchemaManager schemaManager; |
| |
| private SocketAddress clientAddress; |
| private SocketAddress serverAddress; |
| |
| |
| /** |
| * Creates a new LDAP/X500 principal without any group associations. Keep |
| * this package friendly so only code in the package can create a |
| * trusted principal. |
| * |
| * @param schemaManager The SchemaManager |
| * @param dn the normalized distinguished name of the principal |
| * @param authenticationLevel the authentication level for this principal |
| */ |
| public LdapPrincipal( SchemaManager schemaManager, Dn dn, AuthenticationLevel authenticationLevel ) |
| { |
| this.schemaManager = schemaManager; |
| this.dn = dn; |
| |
| if ( !dn.isSchemaAware() ) |
| { |
| throw new IllegalStateException( I18n.err( I18n.ERR_436 ) ); |
| } |
| |
| this.authenticationLevel = authenticationLevel; |
| this.userPasswords = null; |
| } |
| |
| |
| /** |
| * Creates a new LDAP/X500 principal without any group associations. Keep |
| * this package friendly so only code in the package can create a |
| * trusted principal. |
| * |
| * @param schemaManager The SchemaManager |
| * @param dn the normalized distinguished name of the principal |
| * @param authenticationLevel the authentication level for this principal |
| * @param userPassword The user password |
| */ |
| public LdapPrincipal( SchemaManager schemaManager, Dn dn, AuthenticationLevel authenticationLevel, |
| byte[] userPassword ) |
| { |
| this.dn = dn; |
| this.authenticationLevel = authenticationLevel; |
| this.userPasswords = new byte[1][]; |
| this.userPasswords[0] = new byte[userPassword.length]; |
| System.arraycopy( userPassword, 0, this.userPasswords[0], 0, userPassword.length ); |
| this.schemaManager = schemaManager; |
| } |
| |
| |
| /** |
| * Creates a principal for the no name anonymous user whose Dn is the empty |
| * String. |
| */ |
| public LdapPrincipal() |
| { |
| authenticationLevel = AuthenticationLevel.NONE; |
| userPasswords = null; |
| } |
| |
| |
| /** |
| * Creates a principal for the no name anonymous user whose Dn is the empty |
| * String. |
| * |
| * @param schemaManager The SchemaManager |
| */ |
| public LdapPrincipal( SchemaManager schemaManager ) |
| { |
| authenticationLevel = AuthenticationLevel.NONE; |
| userPasswords = null; |
| this.schemaManager = schemaManager; |
| } |
| |
| |
| /** |
| * Gets a cloned copy of the normalized distinguished name of this |
| * principal as a {@link org.apache.directory.api.ldap.model.name.Dn}. |
| * |
| * @return the cloned distinguished name of the principal as a {@link org.apache.directory.api.ldap.model.name.Dn} |
| */ |
| public Dn getDn() |
| { |
| return dn; |
| } |
| |
| |
| /** |
| * Returns the normalized distinguished name of the principal as a String. |
| */ |
| @Override |
| public String getName() |
| { |
| return dn.getNormName(); |
| } |
| |
| |
| /** |
| * Gets the authentication level associated with this LDAP principle. |
| * |
| * @return the authentication level |
| */ |
| public AuthenticationLevel getAuthenticationLevel() |
| { |
| return authenticationLevel; |
| } |
| |
| |
| public byte[][] getUserPasswords() |
| { |
| return userPasswords; |
| } |
| |
| |
| public void setUserPassword( byte[]... userPasswords ) |
| { |
| this.userPasswords = new byte[userPasswords.length][]; |
| int pos = 0; |
| |
| for ( byte[] userPassword : userPasswords ) |
| { |
| this.userPasswords[pos] = new byte[userPassword.length]; |
| System.arraycopy( userPassword, 0, this.userPasswords[pos], 0, userPassword.length ); |
| pos++; |
| } |
| } |
| |
| |
| /** |
| * Clone the object. This is done so that we don't store the |
| * password in a LdapPrincipal more than necessary. |
| */ |
| @Override |
| public Object clone() throws CloneNotSupportedException |
| { |
| LdapPrincipal clone = ( LdapPrincipal ) super.clone(); |
| |
| if ( userPasswords != null ) |
| { |
| clone.setUserPassword( userPasswords ); |
| } |
| |
| return clone; |
| } |
| |
| |
| /** |
| * @return the schemaManager |
| */ |
| public SchemaManager getSchemaManager() |
| { |
| return schemaManager; |
| } |
| |
| |
| /** |
| * @param schemaManager the schemaManager to set |
| */ |
| public void setSchemaManager( SchemaManager schemaManager ) |
| { |
| this.schemaManager = schemaManager; |
| |
| if ( !dn.isSchemaAware() ) |
| { |
| try |
| { |
| dn = new Dn( schemaManager, dn ); |
| } |
| catch ( LdapInvalidDnException lide ) |
| { |
| // TODO: manage this exception |
| } |
| } |
| } |
| |
| |
| /** |
| * @return the clientAddress |
| */ |
| public SocketAddress getClientAddress() |
| { |
| return clientAddress; |
| } |
| |
| |
| /** |
| * @param clientAddress the clientAddress to set |
| */ |
| public void setClientAddress( SocketAddress clientAddress ) |
| { |
| this.clientAddress = clientAddress; |
| } |
| |
| |
| /** |
| * @return the serverAddress |
| */ |
| public SocketAddress getServerAddress() |
| { |
| return serverAddress; |
| } |
| |
| |
| /** |
| * @param serverAddress the serverAddress to set |
| */ |
| public void setServerAddress( SocketAddress serverAddress ) |
| { |
| this.serverAddress = serverAddress; |
| } |
| |
| |
| /** |
| * Returns string representation of the normalized distinguished name |
| * of this principal. |
| */ |
| @Override |
| public String toString() |
| { |
| StringBuilder sb = new StringBuilder(); |
| |
| if ( dn.isSchemaAware() ) |
| { |
| sb.append( "(n)" ); |
| } |
| |
| sb.append( "['" ); |
| sb.append( dn.getName() ); |
| sb.append( "'" ); |
| |
| if ( clientAddress != null ) |
| { |
| sb.append( ", client@" ); |
| sb.append( clientAddress ); |
| } |
| |
| if ( serverAddress != null ) |
| { |
| sb.append( ", server@" ); |
| sb.append( serverAddress ); |
| } |
| |
| sb.append( "]" ); |
| |
| return sb.toString(); |
| } |
| } |