public interface DigestMD5SASLBindRequest extends SASLBindRequest
Compared to CRAM-MD5, DIGEST-MD5 prevents chosen plain-text attacks, and permits the use of third party authentication servers, mutual authentication, and optimized re-authentication if a client has recently authenticated to a server.
The authentication and optional authorization identity is specified using an
authorization ID, or authzId
, as defined in RFC 4513 section 5.2.1.8.
Modifier and Type | Field and Description |
---|---|
static String |
CIPHER_3DES
Indicates that the client will accept connection encryption using the
high strength triple-DES cipher.
|
static String |
CIPHER_DES
Indicates that the client will accept connection encryption using the
medium strength DES cipher.
|
static String |
CIPHER_HIGH
Indicates that the client will accept connection encryption using the
strongest supported cipher, as long as the cipher is considered to be
high strength.
|
static String |
CIPHER_LOW
Indicates that the client will accept connection encryption using the
strongest supported cipher, even if the strongest cipher is considered to
be medium or low strength.
|
static String |
CIPHER_MEDIUM
Indicates that the client will accept connection encryption using the
strongest supported cipher, as long as the cipher is considered to be
high or medium strength.
|
static String |
CIPHER_RC4_128
Indicates that the client will accept connection encryption using the
high strength 128-bit RC4 cipher.
|
static String |
CIPHER_RC4_40
Indicates that the client will accept connection encryption using the low
strength 40-bit RC4 cipher.
|
static String |
CIPHER_RC4_56
Indicates that the client will accept connection encryption using the
medium strength 56-bit RC4 cipher.
|
static String |
QOP_AUTH
Indicates that the client will accept authentication only.
|
static String |
QOP_AUTH_CONF
Indicates that the client will accept authentication with connection
integrity protection and encryption.
|
static String |
QOP_AUTH_INT
Indicates that the client will accept authentication with connection
integrity protection.
|
static String |
SASL_MECHANISM_NAME
The name of the SASL mechanism based on DIGEST-MD5 authentication.
|
AUTHENTICATION_TYPE_SASL, AUTHENTICATION_TYPE_SIMPLE, OBFUSCATED_PASSWORD
Modifier and Type | Method and Description |
---|---|
DigestMD5SASLBindRequest |
addAdditionalAuthParam(String name,
String value)
Adds the provided additional authentication parameter to the list of
parameters to be passed to the underlying mechanism implementation.
|
DigestMD5SASLBindRequest |
addControl(Control control)
Adds the provided control to this request.
|
DigestMD5SASLBindRequest |
addQOP(String... qopValues)
Adds the provided quality of protection (QOP) values to the ordered list
of QOP values that the client is willing to accept.
|
BindClient |
createBindClient(String serverName)
Creates a new bind client which can be used to perform the authentication
process.
|
Map<String,String> |
getAdditionalAuthParams()
Returns a map containing the provided additional authentication
parameters to be passed to the underlying mechanism implementation.
|
String |
getAuthenticationID()
Returns the authentication ID of the user.
|
byte |
getAuthenticationType()
Returns the authentication mechanism identifier for this SASL bind
request as defined by the LDAP protocol, which is always
0xA3 . |
String |
getAuthorizationID()
Returns the optional authorization ID of the user which represents an
alternate authorization identity which should be used for subsequent
operations performed on the connection.
|
String |
getCipher()
Returns the cipher name or strength that the client is willing to use
when connection encryption quality of protection,
AUTH-CONF , is requested. |
<C extends Control> |
getControl(ControlDecoder<C> decoder,
DecodeOptions options)
Decodes and returns the first control in this request having an OID
corresponding to the provided control decoder.
|
List<Control> |
getControls()
Returns a
List containing the controls included with this
request. |
int |
getMaxReceiveBufferSize()
Returns the maximum size of the receive buffer in bytes.
|
int |
getMaxSendBufferSize()
Returns the maximum size of the send buffer in bytes.
|
String |
getName()
Returns the name of the Directory object that the client wishes to bind
as, which is always the empty string for SASL authentication.
|
byte[] |
getPassword()
Returns the password of the user that the client wishes to bind as.
|
List<String> |
getQOPs()
Returns the ordered list of quality of protection (QOP) values that the
client is willing to accept.
|
String |
getRealm()
Returns the optional realm containing the user's account.
|
String |
getSASLMechanism()
Returns the SASL mechanism for this SASL bind request.
|
boolean |
isServerAuth()
Returns
true if the server must authenticate to the client. |
DigestMD5SASLBindRequest |
setAuthenticationID(String authenticationID)
Sets the authentication ID of the user.
|
DigestMD5SASLBindRequest |
setAuthorizationID(String authorizationID)
Sets the optional authorization ID of the user which represents an
alternate authorization identity which should be used for subsequent
operations performed on the connection.
|
DigestMD5SASLBindRequest |
setCipher(String cipher)
Sets the cipher name or strength that the client is willing to use when
connection encryption quality of protection,
AUTH-CONF , is requested. |
DigestMD5SASLBindRequest |
setMaxReceiveBufferSize(int size)
Sets the maximum size of the receive buffer in bytes.
|
DigestMD5SASLBindRequest |
setMaxSendBufferSize(int size)
Sets the maximum size of the send buffer in bytes.
|
DigestMD5SASLBindRequest |
setPassword(byte[] password)
Sets the password of the user that the client wishes to bind as.
|
DigestMD5SASLBindRequest |
setPassword(char[] password)
Sets the password of the user that the client wishes to bind as.
|
DigestMD5SASLBindRequest |
setRealm(String realm)
Sets the optional realm containing the user's account.
|
DigestMD5SASLBindRequest |
setServerAuth(boolean serverAuth)
Specifies whether the server must authenticate to the client.
|
containsControl
static final String CIPHER_3DES
static final String CIPHER_DES
static final String CIPHER_HIGH
static final String CIPHER_LOW
static final String CIPHER_MEDIUM
static final String CIPHER_RC4_128
static final String CIPHER_RC4_40
static final String CIPHER_RC4_56
static final String QOP_AUTH
static final String QOP_AUTH_CONF
static final String QOP_AUTH_INT
static final String SASL_MECHANISM_NAME
DigestMD5SASLBindRequest addAdditionalAuthParam(String name, String value)
name
- The name of the additional authentication parameter.value
- The value of the additional authentication parameter.UnsupportedOperationException
- If this bind request does not permit additional
authentication parameters to be added.NullPointerException
- If name
or value
was null
.DigestMD5SASLBindRequest addControl(Control control)
Request
addControl
in interface BindRequest
addControl
in interface Request
addControl
in interface SASLBindRequest
control
- The control to be added to this request.DigestMD5SASLBindRequest addQOP(String... qopValues)
By default the client will accept AUTH
.
qopValues
- The quality of protection values that the client is willing to
accept.UnsupportedOperationException
- If this bind request does not permit QOP values to be added.NullPointerException
- If qopValues
was null
.QOP_AUTH
,
QOP_AUTH_INT
,
QOP_AUTH_CONF
BindClient createBindClient(String serverName) throws LdapException
BindRequest
createBindClient
in interface BindRequest
createBindClient
in interface SASLBindRequest
serverName
- The non-null fully-qualified host name of the server to
authenticate to.LdapException
- If an error occurred while creating the bind client context.Map<String,String> getAdditionalAuthParams()
String getAuthenticationID()
byte getAuthenticationType()
0xA3
.getAuthenticationType
in interface BindRequest
getAuthenticationType
in interface SASLBindRequest
String getAuthorizationID()
null
.String getCipher()
AUTH-CONF
, is requested.
By default the client will accept connection encryption using the
strongest supported cipher, even if the strongest cipher is considered to
be medium or low strength. This is equivalent to CIPHER_LOW
.
null
, indicating
that the default cipher should be used.<C extends Control> C getControl(ControlDecoder<C> decoder, DecodeOptions options) throws DecodeException
Request
getControl
in interface BindRequest
getControl
in interface Request
getControl
in interface SASLBindRequest
C
- The type of control to be decoded and returned.decoder
- The control decoder.options
- The set of decode options which should be used when decoding
the control.null
if the control is not
included with this request.DecodeException
- If the control could not be decoded because it was malformed
in some way (e.g. the control value was missing, or its
content could not be decoded).List<Control> getControls()
Request
List
containing the controls included with this
request. The returned List
may be modified if permitted by this
request.getControls
in interface BindRequest
getControls
in interface Request
getControls
in interface SASLBindRequest
List
containing the controls.int getMaxReceiveBufferSize()
int getMaxSendBufferSize()
String getName()
getName
in interface BindRequest
getName
in interface SASLBindRequest
byte[] getPassword()
Unless otherwise indicated, implementations will store a reference to the returned password byte array, allowing applications to overwrite the password after it has been used.
List<String> getQOPs()
By default the client will accept AUTH
.
String getRealm()
null
.String getSASLMechanism()
SASLBindRequest
getSASLMechanism
in interface SASLBindRequest
boolean isServerAuth()
true
if the server must authenticate to the client. The
default is false
.true
if the server must authenticate to the client.DigestMD5SASLBindRequest setAuthenticationID(String authenticationID)
authenticationID
- The authentication ID of the user.LocalizedIllegalArgumentException
- If authenticationID
was non-empty and did not contain
a valid authorization ID type.UnsupportedOperationException
- If this bind request does not permit the authentication ID to
be set.NullPointerException
- If authenticationID
was null
.DigestMD5SASLBindRequest setAuthorizationID(String authorizationID)
authorizationID
- The authorization ID of the user, which may be null
.LocalizedIllegalArgumentException
- If authorizationID
was non-empty and did not contain
a valid authorization ID type.UnsupportedOperationException
- If this bind request does not permit the authorization ID to
be set.DigestMD5SASLBindRequest setCipher(String cipher)
AUTH-CONF
, is requested.
By default the client will accept connection encryption using the
strongest supported cipher, even if the strongest cipher is considered to
be medium or low strength. This is equivalent to CIPHER_LOW
.
cipher
- The cipher that the client is willing to use if connection
encryption QOP is negotiated. May be null
, indicating
that the default cipher should be used.UnsupportedOperationException
- If this bind request does not permit the cipher name or
strength to be set.QOP_AUTH_CONF
,
CIPHER_3DES
,
CIPHER_RC4_128
,
CIPHER_DES
,
CIPHER_RC4_56
,
CIPHER_RC4_40
,
CIPHER_HIGH
,
CIPHER_MEDIUM
,
CIPHER_LOW
DigestMD5SASLBindRequest setMaxReceiveBufferSize(int size)
size
- The maximum size of the receive buffer in bytes.UnsupportedOperationException
- If this bind request does not permit the buffer size to be
set.DigestMD5SASLBindRequest setMaxSendBufferSize(int size)
size
- The maximum size of the send buffer in bytes.UnsupportedOperationException
- If this bind request does not permit the buffer size to be
set.DigestMD5SASLBindRequest setPassword(byte[] password)
Unless otherwise indicated, implementations will store a reference to the provided password byte array, allowing applications to overwrite the password after it has been used.
password
- The password of the user that the client wishes to bind as,
which may be empty.UnsupportedOperationException
- If this bind request does not permit the password to be set.NullPointerException
- If password
was null
.DigestMD5SASLBindRequest setPassword(char[] password)
password
- The password of the user that the client wishes to bind as.UnsupportedOperationException
- If this bind request does not permit the password to be set.NullPointerException
- If password
was null
.DigestMD5SASLBindRequest setRealm(String realm)
realm
- The name of the realm containing the user's account, which may
be null
.UnsupportedOperationException
- If this bind request does not permit the realm to be set.NullPointerException
- If realm
was null
.DigestMD5SASLBindRequest setServerAuth(boolean serverAuth)
false
.serverAuth
- true
if the server must authenticate to the client or
false
otherwise.UnsupportedOperationException
- If this bind request does not permit server auth to be set.Copyright 2010-2017 ForgeRock AS.