001/*
002 * The contents of this file are subject to the terms of the Common Development and
003 * Distribution License (the License). You may not use this file except in compliance with the
004 * License.
005 *
006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
007 * specific language governing permission and limitations under the License.
008 *
009 * When distributing Covered Software, include this CDDL Header Notice in each file and include
010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
011 * Header, with the fields enclosed by brackets [] replaced by your own identifying
012 * information: "Portions Copyright [year] [name of copyright owner]".
013 *
014 * Copyright 2008 Sun Microsystems, Inc.
015 * Portions Copyright 2013-2016 ForgeRock AS.
016 */
017package org.opends.server.authorization.dseecompat;
018
019import static org.opends.messages.AccessControlMessages.*;
020
021import org.forgerock.i18n.slf4j.LocalizedLogger;
022import org.opends.server.core.DirectoryServer;
023
024/** The AuthMethod class represents an authmethod bind rule keyword expression. */
025public class AuthMethod implements KeywordBindRule {
026  private static final LocalizedLogger logger = LocalizedLogger.getLoggerForThisClass();
027
028    /** Enumeration representing the authentication method. */
029    private final EnumAuthMethod authMethod;
030    /** The SASL mechanism if the authentication method is SASL. */
031    private final String saslMech;
032    /** Enumeration representing the bind rule operation type. */
033    private final EnumBindRuleType type;
034
035    /**
036     * Create a class representing an authmethod bind rule keyword from the
037     * provided method and bind rule type.
038     * @param type An enumeration representing the type of the expression.
039     * @param saslMech The string representation of the SASL Mechanism.
040     * @param method  An Enumeration of the authentication method.
041     */
042    private AuthMethod(EnumAuthMethod method, String saslMech,
043                       EnumBindRuleType type) {
044        this.authMethod=method;
045        this.saslMech = saslMech;
046        this.type=type;
047    }
048
049    /**
050     * Decode a string representing an authmethod bind rule.
051     * @param expr  The string representing the bind rule.
052     * @param type An enumeration representing the bind rule type.
053     * @return  A keyword bind rule class that can be used to evaluate the
054     * bind rule.
055     * @throws AciException If the expression string is invalid.
056     */
057    public static KeywordBindRule decode(String expr, EnumBindRuleType type)
058    throws AciException  {
059      String lowerExpr = expr.toLowerCase();
060      if ("none".equals(lowerExpr))
061      {
062        return new AuthMethod(EnumAuthMethod.AUTHMETHOD_NONE, null, type);
063      }
064      else if ("simple".equals(lowerExpr))
065      {
066        return new AuthMethod(EnumAuthMethod.AUTHMETHOD_SIMPLE, null, type);
067      }
068      else if ("ssl".equals(lowerExpr))
069      {
070        return new AuthMethod(EnumAuthMethod.AUTHMETHOD_SSL, "EXTERNAL", type);
071      }
072      else if (expr.length() > 5 && lowerExpr.startsWith("sasl "))
073      {
074        String saslMech = expr.substring(5);
075        if (DirectoryServer.getSASLMechanismHandler(saslMech) == null) {
076          logger.info(NOTE_ACI_SYNTAX_DUBIOUS_AUTHMETHOD_SASL_MECHANISM, saslMech);
077        }
078        return new AuthMethod(EnumAuthMethod.AUTHMETHOD_SASL, saslMech, type);
079      }
080
081      throw new AciException(WARN_ACI_SYNTAX_INVALID_AUTHMETHOD_EXPRESSION.get(expr));
082    }
083
084    /**
085     * Evaluate authmethod bind rule using the provided evaluation context.
086     * @param evalCtx  An evaluation context to use.
087     * @return  An enumeration evaluation result.
088     */
089    @Override
090    public EnumEvalResult evaluate(AciEvalContext evalCtx) {
091        EnumEvalResult matched =
092             evalCtx.hasAuthenticationMethod(authMethod, saslMech);
093        return matched.getRet(type, false);
094    }
095
096    @Override
097    public String toString()
098    {
099      final StringBuilder sb = new StringBuilder();
100      toString(sb);
101      return sb.toString();
102    }
103
104    @Override
105    public final void toString(StringBuilder buffer)
106    {
107      buffer.append(super.toString());
108    }
109}