From c28215025c2fa52d5091543b4cee94005bd49b83 Mon Sep 17 00:00:00 2001 From: Neil Wilson Date: Thu, 25 May 2023 10:19:28 -0500 Subject: [PATCH] Include channel binding type in GSSAPI duplicate Fixed an issue in which a non-default channel binding type was not preserved when duplicating a GSSAPI bind request. Also, added a method to retrieve the channel binding type in use for a GSSAPI bind request. --- docs/release-notes.html | 21 ++++++---- .../unboundid/ldap/sdk/GSSAPIBindRequest.java | 17 +++++++++ .../ldap/sdk/GSSAPIBindRequestTestCase.java | 38 +++++++++++++++++++ 3 files changed, 69 insertions(+), 7 deletions(-) diff --git a/docs/release-notes.html b/docs/release-notes.html index 56d501b35..82f7df054 100644 --- a/docs/release-notes.html +++ b/docs/release-notes.html @@ -34,13 +34,6 @@

Version 6.0.9



-
  • - Added a ResultCode.getStandardName method that can be used to retrieve the name - assigned to the associated result code in the relevant specification. This may - not be available for result codes that are not defined in known specifications. -

    -
  • -
  • Added a new HTTPProxySocketFactory class that can be used to allow establishing LDAP and LDAPS connections through an HTTP proxy server, and added a new @@ -64,6 +57,20 @@

    Version 6.0.9



  • +
  • + Fixed an issue in which a non-default channel binding type was not preserved when + duplicating a GSSAPI bind request. Also, added a method to retrieve the channel + binding type in use for a GSSAPI bind request. +

    +
  • + +
  • + Added a ResultCode.getStandardName method that can be used to retrieve the name + assigned to the associated result code in the relevant specification. This may + not be available for result codes that are not defined in known specifications. +

    +
  • +
  • Updated support for passphrase-encrypted input and output streams to provide a mechanism for caching the derived secret keys so that it's not necessary to diff --git a/src/com/unboundid/ldap/sdk/GSSAPIBindRequest.java b/src/com/unboundid/ldap/sdk/GSSAPIBindRequest.java index f3dd34f2a..09046a29d 100644 --- a/src/com/unboundid/ldap/sdk/GSSAPIBindRequest.java +++ b/src/com/unboundid/ldap/sdk/GSSAPIBindRequest.java @@ -978,6 +978,22 @@ public Set getSuppressedSystemProperties() + /** + * Retrieves the type of channel binding that should be used for this GSSAPI + * bind request. + * + * @return The type of channel binding that should be used for this GSSAPI + * bind request, or {@link GSSAPIChannelBindingType#NONE} if no + * channel binding should be used. + */ + @NotNull() + public GSSAPIChannelBindingType getChannelBindingType() + { + return channelBindingType; + } + + + /** * Indicates whether JVM-level debugging should be enabled for GSSAPI bind * processing. @@ -1762,6 +1778,7 @@ public GSSAPIBindRequest duplicate(@Nullable final Control[] controls) gssapiProperties.setIsInitiator(isInitiator); gssapiProperties.setSuppressedSystemProperties( suppressedSystemProperties); + gssapiProperties.setChannelBindingType(channelBindingType); final GSSAPIBindRequest bindRequest = new GSSAPIBindRequest(gssapiProperties, controls); diff --git a/tests/unit/src/com/unboundid/ldap/sdk/GSSAPIBindRequestTestCase.java b/tests/unit/src/com/unboundid/ldap/sdk/GSSAPIBindRequestTestCase.java index 3d7372f3c..0cc61d3f2 100644 --- a/tests/unit/src/com/unboundid/ldap/sdk/GSSAPIBindRequestTestCase.java +++ b/tests/unit/src/com/unboundid/ldap/sdk/GSSAPIBindRequestTestCase.java @@ -154,6 +154,10 @@ public void testConstructor1() assertNotNull(r.getSuppressedSystemProperties()); assertTrue(r.getSuppressedSystemProperties().isEmpty()); + assertNotNull(r.getChannelBindingType()); + assertEquals(r.getChannelBindingType(), + GSSAPIChannelBindingType.NONE); + assertFalse(r.enableGSSAPIDebugging()); assertNotNull(r.getRebindRequest("127.0.0.1", 389)); @@ -245,6 +249,10 @@ public void testConstructor2() assertNotNull(r.getSuppressedSystemProperties()); assertTrue(r.getSuppressedSystemProperties().isEmpty()); + assertNotNull(r.getChannelBindingType()); + assertEquals(r.getChannelBindingType(), + GSSAPIChannelBindingType.NONE); + assertFalse(r.enableGSSAPIDebugging()); assertNotNull(r.getRebindRequest("127.0.0.1", 389)); @@ -340,6 +348,10 @@ public void testConstructor3() assertNotNull(r.getSuppressedSystemProperties()); assertTrue(r.getSuppressedSystemProperties().isEmpty()); + assertNotNull(r.getChannelBindingType()); + assertEquals(r.getChannelBindingType(), + GSSAPIChannelBindingType.NONE); + assertFalse(r.enableGSSAPIDebugging()); assertNotNull(r.getRebindRequest("127.0.0.1", 389)); @@ -431,6 +443,10 @@ public void testConstructor4() assertNotNull(r.getSuppressedSystemProperties()); assertTrue(r.getSuppressedSystemProperties().isEmpty()); + assertNotNull(r.getChannelBindingType()); + assertEquals(r.getChannelBindingType(), + GSSAPIChannelBindingType.NONE); + assertFalse(r.enableGSSAPIDebugging()); assertNotNull(r.getRebindRequest("127.0.0.1", 389)); @@ -522,6 +538,10 @@ public void testConstructor5() assertNotNull(r.getSuppressedSystemProperties()); assertTrue(r.getSuppressedSystemProperties().isEmpty()); + assertNotNull(r.getChannelBindingType()); + assertEquals(r.getChannelBindingType(), + GSSAPIChannelBindingType.NONE); + assertFalse(r.enableGSSAPIDebugging()); assertNotNull(r.getRebindRequest("127.0.0.1", 389)); @@ -619,6 +639,10 @@ public void testConstructor6() assertNotNull(r.getSuppressedSystemProperties()); assertTrue(r.getSuppressedSystemProperties().isEmpty()); + assertNotNull(r.getChannelBindingType()); + assertEquals(r.getChannelBindingType(), + GSSAPIChannelBindingType.NONE); + assertFalse(r.enableGSSAPIDebugging()); assertNotNull(r.getRebindRequest("127.0.0.1", 389)); @@ -721,6 +745,10 @@ public void testConstructor7() assertNotNull(r.getSuppressedSystemProperties()); assertTrue(r.getSuppressedSystemProperties().isEmpty()); + assertNotNull(r.getChannelBindingType()); + assertEquals(r.getChannelBindingType(), + GSSAPIChannelBindingType.NONE); + assertFalse(r.enableGSSAPIDebugging()); assertNotNull(r.getRebindRequest("127.0.0.1", 389)); @@ -818,6 +846,10 @@ public void testConstructor8() assertNotNull(r.getSuppressedSystemProperties()); assertTrue(r.getSuppressedSystemProperties().isEmpty()); + assertNotNull(r.getChannelBindingType()); + assertEquals(r.getChannelBindingType(), + GSSAPIChannelBindingType.NONE); + assertFalse(r.enableGSSAPIDebugging()); assertNotNull(r.getRebindRequest("127.0.0.1", 389)); @@ -879,6 +911,8 @@ public void testPropertiesConstructor() "java.security.krb5.kdc", "javax.security.auth.useSubjectCredsOnly")); gssapiProperties.setEnableGSSAPIDebugging(true); + gssapiProperties.setChannelBindingType( + GSSAPIChannelBindingType.TLS_SERVER_END_POINT); GSSAPIBindRequest r = new GSSAPIBindRequest(gssapiProperties, controls); r = r.duplicate(); @@ -940,6 +974,10 @@ public void testPropertiesConstructor() "java.security.krb5.kdc", "javax.security.auth.useSubjectCredsOnly")); + assertNotNull(r.getChannelBindingType()); + assertEquals(r.getChannelBindingType(), + GSSAPIChannelBindingType.TLS_SERVER_END_POINT); + assertTrue(r.enableGSSAPIDebugging()); assertNotNull(r.getRebindRequest("127.0.0.1", 389));