001    /*
002     * CDDL HEADER START
003     *
004     * The contents of this file are subject to the terms of the
005     * Common Development and Distribution License, Version 1.0 only
006     * (the "License").  You may not use this file except in compliance
007     * with the License.
008     *
009     * You can obtain a copy of the license at
010     * trunk/opends/resource/legal-notices/OpenDS.LICENSE
011     * or https://OpenDS.dev.java.net/OpenDS.LICENSE.
012     * See the License for the specific language governing permissions
013     * and limitations under the License.
014     *
015     * When distributing Covered Code, include this CDDL HEADER in each
016     * file and include the License file at
017     * trunk/opends/resource/legal-notices/OpenDS.LICENSE.  If applicable,
018     * add the following below this CDDL HEADER, with the fields enclosed
019     * by brackets "[]" replaced with your own identifying information:
020     *      Portions Copyright [yyyy] [name of copyright owner]
021     *
022     * CDDL HEADER END
023     *
024     *
025     *      Copyright 2008 Sun Microsystems, Inc.
026     */
027    
028    package org.opends.server.authorization.dseecompat;
029    import org.opends.messages.Message;
030    
031    import static org.opends.messages.AccessControlMessages.*;
032    import org.opends.server.core.DirectoryServer;
033    import static org.opends.server.loggers.ErrorLogger.logError;
034    
035    
036    
037    /**
038     * The AuthMethod class represents an authmethod bind rule keyword expression.
039     */
040    public class AuthMethod implements KeywordBindRule {
041    
042        /*
043         * Enumeration representing the authentication method.
044         */
045        private EnumAuthMethod authMethod=null;
046    
047        /**
048         * The SASL mechanism if the authentication method is SASL.
049         */
050        private String saslMech = null;
051    
052        /*
053         * Enumeration representing the bind rule operation type.
054         */
055        private EnumBindRuleType type=null;
056    
057        /**
058         * Create a class representing an authmethod bind rule keyword from the
059         * provided method and bind rule type.
060         * @param type An enumeration representing the type of the expression.
061         * @param saslMech The string representation of the SASL Mechanism.
062         * @param method  An Enumeration of the authentication method.
063         */
064        private AuthMethod(EnumAuthMethod method, String saslMech,
065                           EnumBindRuleType type) {
066            this.authMethod=method;
067            this.saslMech = saslMech;
068            this.type=type;
069        }
070    
071        /**
072         * Decode a string representing an authmethod bind rule.
073         * @param expr  The string representing the bind rule.
074         * @param type An enumeration representing the bind rule type.
075         * @return  A keyword bind rule class that can be used to evaluate the
076         * bind rule.
077         * @throws AciException If the expression string is invalid.
078         */
079        public static KeywordBindRule decode(String expr, EnumBindRuleType type)
080        throws AciException  {
081          String lowerExpr = expr.toLowerCase();
082          if (lowerExpr.equals("none"))
083          {
084            return new AuthMethod(EnumAuthMethod.AUTHMETHOD_NONE, null, type);
085          }
086          else if (lowerExpr.equals("simple"))
087          {
088            return new AuthMethod(EnumAuthMethod.AUTHMETHOD_SIMPLE, null, type);
089          }
090          else if (lowerExpr.equals("ssl"))
091          {
092            return new AuthMethod(EnumAuthMethod.AUTHMETHOD_SSL, "EXTERNAL", type);
093          }
094          else if (expr.length() > 5 && lowerExpr.startsWith("sasl "))
095          {
096            String saslMech = expr.substring(5);
097            if (DirectoryServer.getSASLMechanismHandler(saslMech) == null) {
098              logError(NOTE_ACI_SYNTAX_DUBIOUS_AUTHMETHOD_SASL_MECHANISM.
099                        get(saslMech));
100            }
101            return new AuthMethod(EnumAuthMethod.AUTHMETHOD_SASL, saslMech, type);
102          }
103    
104          Message message = WARN_ACI_SYNTAX_INVALID_AUTHMETHOD_EXPRESSION.get(expr);
105          throw new AciException(message);
106        }
107    
108        /**
109         * Evaluate authmethod bind rule using the provided evaluation context.
110         * @param evalCtx  An evaluation context to use.
111         * @return  An enumeration evaluation result.
112         */
113        public EnumEvalResult evaluate(AciEvalContext evalCtx) {
114            EnumEvalResult matched =
115                 evalCtx.hasAuthenticationMethod(authMethod, saslMech);
116            return matched.getRet(type, false);
117        }
118    }