001/*
002 * Copyright 2011-2014 UnboundID Corp.
003 * All Rights Reserved.
004 */
005/*
006 * Copyright (C) 2011-2014 UnboundID Corp.
007 *
008 * This program is free software; you can redistribute it and/or modify
009 * it under the terms of the GNU General Public License (GPLv2 only)
010 * or the terms of the GNU Lesser General Public License (LGPLv2.1 only)
011 * as published by the Free Software Foundation.
012 *
013 * This program is distributed in the hope that it will be useful,
014 * but WITHOUT ANY WARRANTY; without even the implied warranty of
015 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
016 * GNU General Public License for more details.
017 *
018 * You should have received a copy of the GNU General Public License
019 * along with this program; if not, see <http://www.gnu.org/licenses>.
020 */
021package com.unboundid.ldap.sdk;
022
023
024
025import java.io.Serializable;
026import java.util.ArrayList;
027import java.util.Arrays;
028import java.util.Collection;
029import java.util.Collections;
030import java.util.Iterator;
031import java.util.LinkedHashSet;
032import java.util.List;
033import java.util.Set;
034
035import com.unboundid.asn1.ASN1OctetString;
036import com.unboundid.util.Mutable;
037import com.unboundid.util.StaticUtils;
038import com.unboundid.util.ThreadSafety;
039import com.unboundid.util.ThreadSafetyLevel;
040import com.unboundid.util.Validator;
041
042
043
044/**
045 * This class provides a data structure that may be used to hold a number of
046 * properties that may be used during processing for a SASL GSSAPI bind
047 * operation.
048 */
049@Mutable()
050@ThreadSafety(level=ThreadSafetyLevel.NOT_THREADSAFE)
051public final class GSSAPIBindRequestProperties
052       implements Serializable
053{
054  /**
055   * The serial version UID for this serializable class.
056   */
057  private static final long serialVersionUID = 6872295509330315713L;
058
059
060
061  // The password for the GSSAPI bind request.
062  private ASN1OctetString password;
063
064  // Indicates whether to enable JVM-level debugging for GSSAPI processing.
065  private boolean enableGSSAPIDebugging;
066
067  // Indicates whether to attempt to renew the client's existing ticket-granting
068  // ticket if authentication uses an existing Kerberos session.
069  private boolean renewTGT;
070
071  // Indicates whether to require that the credentials be obtained from the
072  // ticket cache such that authentication will fail if the client does not have
073  // an existing Kerberos session.
074  private boolean requireCachedCredentials;
075
076  // Indicates whether to allow the client to use credentials that are outside
077  // of the current subject.
078  private boolean useSubjectCredentialsOnly;
079
080  // Indicates whether to enable the use of a ticket cache.
081  private boolean useTicketCache;
082
083  // The SASL quality of protection value(s) allowed for the DIGEST-MD5 bind
084  // request.
085  private List<SASLQualityOfProtection> allowedQoP;
086
087  // The names of any system properties that should not be altered by GSSAPI
088  // processing.
089  private Set<String> suppressedSystemProperties;
090
091  // The authentication ID string for the GSSAPI bind request.
092  private String authenticationID;
093
094  // The authorization ID string for the GSSAPI bind request, if available.
095  private String authorizationID;
096
097  // The path to the JAAS configuration file to use for bind processing.
098  private String configFilePath;
099
100  // The name that will be used to identify this client in the JAAS framework.
101  private String jaasClientName;
102
103  // The KDC address for the GSSAPI bind request, if available.
104  private String kdcAddress;
105
106  // The realm for the GSSAPI bind request, if available.
107  private String realm;
108
109  // The server name to use when creating the SASL client.
110  private String saslClientServerName;
111
112  // The protocol that should be used in the Kerberos service principal for
113  // the server system.
114  private String servicePrincipalProtocol;
115
116  // The path to the Kerberos ticket cache to use.
117  private String ticketCachePath;
118
119
120
121  /**
122   * Creates a new set of GSSAPI bind request properties with the provided
123   * information.
124   *
125   * @param  authenticationID  The authentication ID for the GSSAPI bind
126   *                           request.  It may be {@code null} if an existing
127   *                           Kerberos session should be used.
128   * @param  password          The password for the GSSAPI bind request.  It may
129   *                           be {@code null} if an existing Kerberos session
130   *                           should be used.
131   */
132  public GSSAPIBindRequestProperties(final String authenticationID,
133                                     final String password)
134  {
135    this(authenticationID, null,
136         (password == null ? null : new ASN1OctetString(password)), null, null,
137         null);
138  }
139
140
141
142  /**
143   * Creates a new set of GSSAPI bind request properties with the provided
144   * information.
145   *
146   * @param  authenticationID  The authentication ID for the GSSAPI bind
147   *                           request.  It may be {@code null} if an existing
148   *                           Kerberos session should be used.
149   * @param  password          The password for the GSSAPI bind request.  It may
150   *                           be {@code null} if an existing Kerberos session
151   *                           should be used.
152   */
153  public GSSAPIBindRequestProperties(final String authenticationID,
154                                     final byte[] password)
155  {
156    this(authenticationID, null,
157         (password == null ? null : new ASN1OctetString(password)), null, null,
158         null);
159  }
160
161
162
163  /**
164   * Creates a new set of GSSAPI bind request properties with the provided
165   * information.
166   *
167   * @param  authenticationID  The authentication ID for the GSSAPI bind
168   *                           request.  It may be {@code null} if an existing
169   *                           Kerberos session should be used.
170   * @param  authorizationID   The authorization ID for the GSSAPI bind request.
171   *                           It may be {@code null} if the authorization ID
172   *                           should be the same as the authentication ID.
173   * @param  password          The password for the GSSAPI bind request.  It may
174   *                           be {@code null} if an existing Kerberos session
175   *                           should be used.
176   * @param  realm             The realm to use for the authentication.  It may
177   *                           be {@code null} to attempt to use the default
178   *                           realm from the system configuration.
179   * @param  kdcAddress        The address of the Kerberos key distribution
180   *                           center.  It may be {@code null} to attempt to use
181   *                           the default KDC from the system configuration.
182   * @param  configFilePath    The path to the JAAS configuration file to use
183   *                           for the authentication processing.  It may be
184   *                           {@code null} to use the default JAAS
185   *                           configuration.
186   */
187  GSSAPIBindRequestProperties(final String authenticationID,
188                              final String authorizationID,
189                              final ASN1OctetString password,
190                              final String realm,
191                              final String kdcAddress,
192                              final String configFilePath)
193  {
194    this.authenticationID = authenticationID;
195    this.authorizationID  = authorizationID;
196    this.password         = password;
197    this.realm            = realm;
198    this.kdcAddress       = kdcAddress;
199    this.configFilePath   = configFilePath;
200
201    servicePrincipalProtocol   = "ldap";
202    enableGSSAPIDebugging      = false;
203    jaasClientName             = "GSSAPIBindRequest";
204    renewTGT                   = false;
205    useSubjectCredentialsOnly  = true;
206    useTicketCache             = true;
207    requireCachedCredentials   = false;
208    saslClientServerName       = null;
209    ticketCachePath            = null;
210    suppressedSystemProperties = Collections.emptySet();
211    allowedQoP                 = Collections.unmodifiableList(Arrays.asList(
212         SASLQualityOfProtection.AUTH));
213  }
214
215
216
217  /**
218   * Retrieves the authentication ID for the GSSAPI bind request, if defined.
219   *
220   * @return  The authentication ID for the GSSAPI bind request, or {@code null}
221   *          if an existing Kerberos session should be used.
222   */
223  public String getAuthenticationID()
224  {
225    return authenticationID;
226  }
227
228
229
230  /**
231   * Sets the authentication ID for the GSSAPI bind request.
232   *
233   * @param  authenticationID  The authentication ID for the GSSAPI bind
234   *                           request.  It may be {@code null} if an existing
235   *                           Kerberos session should be used.
236   */
237  public void setAuthenticationID(final String authenticationID)
238  {
239    this.authenticationID = authenticationID;
240  }
241
242
243
244  /**
245   * Retrieves the authorization ID for the GSSAPI bind request, if defined.
246   *
247   * @return  The authorizationID for the GSSAPI bind request, or {@code null}
248   *          if the authorization ID should be the same as the authentication
249   *          ID.
250   */
251  public String getAuthorizationID()
252  {
253    return authorizationID;
254  }
255
256
257
258  /**
259   * Specifies the authorization ID for the GSSAPI bind request.
260   *
261   * @param  authorizationID  The authorization ID for the GSSAPI bind request.
262   *                          It may be {@code null} if the authorization ID
263   *                          should be the same as the authentication ID.
264   */
265  public void setAuthorizationID(final String authorizationID)
266  {
267    this.authorizationID = authorizationID;
268  }
269
270
271
272  /**
273   * Retrieves the password that should be used for the GSSAPI bind request, if
274   * defined.
275   *
276   * @return  The password that should be used for the GSSAPI bind request, or
277   *          {@code null} if an existing Kerberos session should be used.
278   */
279  public ASN1OctetString getPassword()
280  {
281    return password;
282  }
283
284
285
286  /**
287   * Specifies the password that should be used for the GSSAPI bind request.
288   *
289   * @param  password  The password that should be used for the GSSAPI bind
290   *                   request.  It may be {@code null} if an existing
291   *                   Kerberos session should be used.
292   */
293  public void setPassword(final String password)
294  {
295    if (password == null)
296    {
297      this.password = null;
298    }
299    else
300    {
301      this.password = new ASN1OctetString(password);
302    }
303  }
304
305
306
307  /**
308   * Specifies the password that should be used for the GSSAPI bind request.
309   *
310   * @param  password  The password that should be used for the GSSAPI bind
311   *                   request.  It may be {@code null} if an existing
312   *                   Kerberos session should be used.
313   */
314  public void setPassword(final byte[] password)
315  {
316    if (password == null)
317    {
318      this.password = null;
319    }
320    else
321    {
322      this.password = new ASN1OctetString(password);
323    }
324  }
325
326
327
328  /**
329   * Specifies the password that should be used for the GSSAPI bind request.
330   *
331   * @param  password  The password that should be used for the GSSAPI bind
332   *                   request.  It may be {@code null} if an existing
333   *                   Kerberos session should be used.
334   */
335  public void setPassword(final ASN1OctetString password)
336  {
337    this.password = password;
338  }
339
340
341
342  /**
343   * Retrieves the realm to use for the GSSAPI bind request, if defined.
344   *
345   * @return  The realm to use for the GSSAPI bind request, or {@code null} if
346   *          the request should attempt to use the default realm from the
347   *          system configuration.
348   */
349  public String getRealm()
350  {
351    return realm;
352  }
353
354
355
356  /**
357   * Specifies the realm to use for the GSSAPI bind request.
358   *
359   * @param  realm  The realm to use for the GSSAPI bind request.  It may be
360   *                {@code null} if the request should attempt to use the
361   *                default realm from the system configuration.
362   */
363  public void setRealm(final String realm)
364  {
365    this.realm = realm;
366  }
367
368
369
370  /**
371   * Retrieves the list of allowed qualities of protection that may be used for
372   * communication that occurs on the connection after the authentication has
373   * completed, in order from most preferred to least preferred.
374   *
375   * @return  The list of allowed qualities of protection that may be used for
376   *          communication that occurs on the connection after the
377   *          authentication has completed, in order from most preferred to
378   *          least preferred.
379   */
380  public List<SASLQualityOfProtection> getAllowedQoP()
381  {
382    return allowedQoP;
383  }
384
385
386
387  /**
388   * Specifies the list of allowed qualities of protection that may be used for
389   * communication that occurs on the connection after the authentication has
390   * completed, in order from most preferred to least preferred.
391   *
392   * @param  allowedQoP  The list of allowed qualities of protection that may be
393   *                     used for communication that occurs on the connection
394   *                     after the authentication has completed, in order from
395   *                     most preferred to least preferred.  If this is
396   *                     {@code null} or empty, then a list containing only the
397   *                     {@link SASLQualityOfProtection#AUTH} quality of
398   *                     protection value will be used.
399   */
400  public void setAllowedQoP(final List<SASLQualityOfProtection> allowedQoP)
401  {
402    if ((allowedQoP == null) || allowedQoP.isEmpty())
403    {
404      this.allowedQoP = Collections.unmodifiableList(Arrays.asList(
405           SASLQualityOfProtection.AUTH));
406    }
407    else
408    {
409      this.allowedQoP = Collections.unmodifiableList(
410           new ArrayList<SASLQualityOfProtection>(allowedQoP));
411    }
412  }
413
414
415
416  /**
417   * Specifies the list of allowed qualities of protection that may be used for
418   * communication that occurs on the connection after the authentication has
419   * completed, in order from most preferred to least preferred.
420   *
421   * @param  allowedQoP  The list of allowed qualities of protection that may be
422   *                     used for communication that occurs on the connection
423   *                     after the authentication has completed, in order from
424   *                     most preferred to least preferred.  If this is
425   *                     {@code null} or empty, then a list containing only the
426   *                     {@link SASLQualityOfProtection#AUTH} quality of
427   *                     protection value will be used.
428   */
429  public void setAllowedQoP(final SASLQualityOfProtection... allowedQoP)
430  {
431    setAllowedQoP(StaticUtils.toList(allowedQoP));
432  }
433
434
435
436  /**
437   * Retrieves the address to use for the Kerberos key distribution center,
438   * if defined.
439   *
440   * @return  The address to use for the Kerberos key distribution center, or
441   *          {@code null} if request should attempt to determine the KDC
442   *          address from the system configuration.
443   */
444  public String getKDCAddress()
445  {
446    return kdcAddress;
447  }
448
449
450
451  /**
452   * Specifies the address to use for the Kerberos key distribution center.
453   *
454   * @param  kdcAddress  The address to use for the Kerberos key distribution
455   *                     center.  It may be {@code null} if the request should
456   *                     attempt to determine the KDC address from the system
457   *                     configuration.
458   */
459  public void setKDCAddress(final String kdcAddress)
460  {
461    this.kdcAddress = kdcAddress;
462  }
463
464
465
466  /**
467   * Retrieves the name that will be used to identify this client in the JAAS
468   * framework.
469   *
470   * @return  The name that will be used to identify this client in the JAAS
471   *          framework.
472   */
473  public String getJAASClientName()
474  {
475    return jaasClientName;
476  }
477
478
479
480  /**
481   * Specifies the name that will be used to identify this client in the JAAS
482   * framework.
483   *
484   * @param  jaasClientName  The name that will be used to identify this client
485   *                         in the JAAS framework.  It must not be
486   *                         {@code null} or empty.
487   */
488  public void setJAASClientName(final String jaasClientName)
489  {
490    Validator.ensureNotNull(jaasClientName);
491
492    this.jaasClientName = jaasClientName;
493  }
494
495
496
497  /**
498   * Retrieves the path to a JAAS configuration file that should be used when
499   * processing the GSSAPI bind request, if defined.
500   *
501   * @return  The path to a JAAS configuration file that should be used when
502   *          processing the GSSAPI bind request, or {@code null} if a JAAS
503   *          configuration file should be automatically constructed for the
504   *          bind request.
505   */
506  public String getConfigFilePath()
507  {
508    return configFilePath;
509  }
510
511
512
513  /**
514   * Specifies the path to a JAAS configuration file that should be used when
515   * processing the GSSAPI bind request.
516   *
517   * @param  configFilePath  The path to a JAAS configuration file that should
518   *                         be used when processing the GSSAPI bind request.
519   *                         It may be {@code null} if a configuration file
520   *                         should be automatically constructed for the bind
521   *                         request.
522   */
523  public void setConfigFilePath(final String configFilePath)
524  {
525    this.configFilePath = configFilePath;
526  }
527
528
529
530  /**
531   * Retrieves the server name that should be used when creating the Java
532   * {@code SaslClient}, if one is defined.
533   *
534   * @return  The server name that should be used when creating the Java
535   *          {@code SaslClient}, or {@code null} if none is defined and the
536   *          {@code SaslClient} should use the address specified when
537   *          establishing the connection.
538   */
539  public String getSASLClientServerName()
540  {
541    return saslClientServerName;
542  }
543
544
545
546  /**
547   * Specifies the server name that should be used when creating the Java
548   * {@code SaslClient}.
549   *
550   * @param  saslClientServerName  The server name that should be used when
551   *                               creating the Java {@code SaslClient}.  It may
552   *                               be {@code null} to indicate that the
553   *                               {@code SaslClient} should be created with the
554   *
555   */
556  public void setSASLClientServerName(final String saslClientServerName)
557  {
558    this.saslClientServerName = saslClientServerName;
559  }
560
561
562
563  /**
564   * Retrieves the protocol specified in the service principal that the
565   * directory server uses for its communication with the KDC.  The service
566   * principal is usually something like "ldap/directory.example.com", where
567   * "ldap" is the protocol and "directory.example.com" is the fully-qualified
568   * address of the directory server system, but some servers may allow
569   * authentication with a service principal with a protocol other than "ldap".
570   *
571   * @return  The protocol specified in the service principal that the directory
572   *          server uses for its communication with the KDC.
573   */
574  public String getServicePrincipalProtocol()
575  {
576    return servicePrincipalProtocol;
577  }
578
579
580
581  /**
582   * Specifies the protocol specified in the service principal that the
583   * directory server uses for its communication with the KDC.  This should
584   * generally be "ldap", but some servers may allow a service principal with a
585   * protocol other than "ldap".
586   *
587   * @param  servicePrincipalProtocol  The protocol specified in the service
588   *                                   principal that the directory server uses
589   *                                   for its communication with the KDC.
590   */
591  public void setServicePrincipalProtocol(final String servicePrincipalProtocol)
592  {
593    Validator.ensureNotNull(servicePrincipalProtocol);
594
595    this.servicePrincipalProtocol = servicePrincipalProtocol;
596  }
597
598
599
600  /**
601   * Indicates whether to allow the client to use credentials that are outside
602   * of the current subject, obtained via some system-specific mechanism.
603   *
604   * @return  {@code true} if the client will only be allowed to use credentials
605   *          that are within the current subject, or {@code false} if the
606   *          client will be allowed to use credentials outside the current
607   *          subject.
608   */
609  public boolean useSubjectCredentialsOnly()
610  {
611    return useSubjectCredentialsOnly;
612  }
613
614
615
616  /**
617   * Specifies whether to allow the client to use credentials that are outside
618   * the current subject.  If this is {@code false}, then a system-specific
619   * mechanism may be used in an attempt to obtain credentials from an
620   * existing session.
621   *
622   * @param  useSubjectCredentialsOnly  Indicates whether to allow the client to
623   *                                    use credentials that are outside of the
624   *                                    current subject.
625   */
626  public void setUseSubjectCredentialsOnly(
627                   final boolean useSubjectCredentialsOnly)
628  {
629    this.useSubjectCredentialsOnly = useSubjectCredentialsOnly;
630  }
631
632
633
634  /**
635   * Indicates whether to enable the use of a ticket cache to to avoid the need
636   * to supply credentials if the client already has an existing Kerberos
637   * session.
638   *
639   * @return  {@code true} if a ticket cache may be used to take advantage of an
640   *          existing Kerberos session, or {@code false} if Kerberos
641   *          credentials should always be provided.
642   */
643  public boolean useTicketCache()
644  {
645    return useTicketCache;
646  }
647
648
649
650  /**
651   * Specifies whether to enable the use of a ticket cache to to avoid the need
652   * to supply credentials if the client already has an existing Kerberos
653   * session.
654   *
655   * @param  useTicketCache  Indicates whether to enable the use of a ticket
656   *                         cache to to avoid the need to supply credentials if
657   *                         the client already has an existing Kerberos
658   *                         session.
659   */
660  public void setUseTicketCache(final boolean useTicketCache)
661  {
662    this.useTicketCache = useTicketCache;
663  }
664
665
666
667  /**
668   * Indicates whether GSSAPI authentication should only occur using an existing
669   * Kerberos session.
670   *
671   * @return  {@code true} if GSSAPI authentication should only use an existing
672   *          Kerberos session and should fail if the client does not have an
673   *          existing session, or {@code false} if the client will be allowed
674   *          to create a new session if one does not already exist.
675   */
676  public boolean requireCachedCredentials()
677  {
678    return requireCachedCredentials;
679  }
680
681
682
683  /**
684   * Specifies whether an GSSAPI authentication should only occur using an
685   * existing Kerberos session.
686   *
687   * @param  requireCachedCredentials  Indicates whether an existing Kerberos
688   *                                   session will be required for
689   *                                   authentication.  If {@code true}, then
690   *                                   authentication will fail if the client
691   *                                   does not already have an existing
692   *                                   Kerberos session.  This will be ignored
693   *                                   if {@code useTicketCache} is false.
694   */
695  public void setRequireCachedCredentials(
696                   final boolean requireCachedCredentials)
697  {
698    this.requireCachedCredentials = requireCachedCredentials;
699  }
700
701
702
703  /**
704   * Retrieves the path to the Kerberos ticket cache file that should be used
705   * during authentication, if defined.
706   *
707   * @return  The path to the Kerberos ticket cache file that should be used
708   *          during authentication, or {@code null} if the default ticket cache
709   *          file should be used.
710   */
711  public String getTicketCachePath()
712  {
713    return ticketCachePath;
714  }
715
716
717
718  /**
719   * Specifies the path to the Kerberos ticket cache file that should be used
720   * during authentication.
721   *
722   * @param  ticketCachePath  The path to the Kerberos ticket cache file that
723   *                          should be used during authentication.  It may be
724   *                          {@code null} if the default ticket cache file
725   *                          should be used.
726   */
727  public void setTicketCachePath(final String ticketCachePath)
728  {
729    this.ticketCachePath = ticketCachePath;
730  }
731
732
733
734  /**
735   * Indicates whether to attempt to renew the client's ticket-granting ticket
736   * (TGT) if an existing Kerberos session is used to authenticate.
737   *
738   * @return  {@code true} if the client should attempt to renew its
739   *          ticket-granting ticket if the authentication is processed using an
740   *          existing Kerberos session, or {@code false} if not.
741   */
742  public boolean renewTGT()
743  {
744    return renewTGT;
745  }
746
747
748
749  /**
750   * Specifies whether to attempt to renew the client's ticket-granting ticket
751   * (TGT) if an existing Kerberos session is used to authenticate.
752   *
753   * @param  renewTGT  Indicates whether to attempt to renew the client's
754   *                   ticket-granting ticket if an existing Kerberos session is
755   *                   used to authenticate.
756   */
757  public void setRenewTGT(final boolean renewTGT)
758  {
759    this.renewTGT = renewTGT;
760  }
761
762
763
764  /**
765   * Retrieves a set of system properties that will not be altered by GSSAPI
766   * processing.
767   *
768   * @return  A set of system properties that will not be altered by GSSAPI
769   *          processing.
770   */
771  public Set<String> getSuppressedSystemProperties()
772  {
773    return suppressedSystemProperties;
774  }
775
776
777
778  /**
779   * Specifies a set of system properties that will not be altered by GSSAPI
780   * processing.  This should generally only be used in cases in which the
781   * specified system properties are known to already be set correctly for the
782   * desired authentication processing.
783   *
784   * @param  suppressedSystemProperties  A set of system properties that will
785   *                                     not be altered by GSSAPI processing.
786   *                                     It may be {@code null} or empty to
787   *                                     indicate that no properties should be
788   *                                     suppressed.
789   */
790  public void setSuppressedSystemProperties(
791                   final Collection<String> suppressedSystemProperties)
792  {
793    if (suppressedSystemProperties == null)
794    {
795      this.suppressedSystemProperties = Collections.emptySet();
796    }
797    else
798    {
799      this.suppressedSystemProperties = Collections.unmodifiableSet(
800           new LinkedHashSet<String>(suppressedSystemProperties));
801    }
802  }
803
804
805
806  /**
807   * Indicates whether JVM-level debugging should be enabled for GSSAPI bind
808   * processing.  If this is enabled, then debug information may be written to
809   * standard error when performing GSSAPI processing that could be useful for
810   * debugging authentication problems.
811   *
812   * @return  {@code true} if JVM-level debugging should be enabled for GSSAPI
813   *          bind processing, or {@code false} if not.
814   */
815  public boolean enableGSSAPIDebugging()
816  {
817    return enableGSSAPIDebugging;
818  }
819
820
821
822  /**
823   * Specifies whether JVM-level debugging should be enabled for GSSAPI bind
824   * processing.  If this is enabled, then debug information may be written to
825   * standard error when performing GSSAPI processing that could be useful for
826   * debugging authentication problems.
827   *
828   * @param  enableGSSAPIDebugging  Specifies whether JVM-level debugging should
829   *                                be enabled for GSSAPI bind processing.
830   */
831  public void setEnableGSSAPIDebugging(final boolean enableGSSAPIDebugging)
832  {
833    this.enableGSSAPIDebugging = enableGSSAPIDebugging;
834  }
835
836
837
838  /**
839   * Retrieves a string representation of the GSSAPI bind request properties.
840   *
841   * @return  A string representation of the GSSAPI bind request properties.
842   */
843  @Override()
844  public String toString()
845  {
846    final StringBuilder buffer = new StringBuilder();
847    toString(buffer);
848    return buffer.toString();
849  }
850
851
852
853  /**
854   * Appends a string representation of the GSSAPI bind request properties to
855   * the provided buffer.
856   *
857   * @param  buffer  The buffer to which the information should be appended.
858   */
859  public void toString(final StringBuilder buffer)
860  {
861    buffer.append("GSSAPIBindRequestProperties(");
862    if (authenticationID != null)
863    {
864      buffer.append("authenticationID='");
865      buffer.append(authenticationID);
866      buffer.append("', ");
867    }
868
869    if (authorizationID != null)
870    {
871      buffer.append("authorizationID='");
872      buffer.append(authorizationID);
873      buffer.append("', ");
874    }
875
876    if (realm != null)
877    {
878      buffer.append("realm='");
879      buffer.append(realm);
880      buffer.append("', ");
881    }
882
883    buffer.append("qop='");
884    buffer.append(SASLQualityOfProtection.toString(allowedQoP));
885    buffer.append("', ");
886
887    if (kdcAddress != null)
888    {
889      buffer.append("kdcAddress='");
890      buffer.append(kdcAddress);
891      buffer.append("', ");
892    }
893
894    buffer.append("useSubjectCredentialsOnly=");
895    buffer.append(useSubjectCredentialsOnly);
896    buffer.append(", ");
897
898    if (useTicketCache)
899    {
900      buffer.append("useTicketCache=true, requireCachedCredentials=");
901      buffer.append(requireCachedCredentials);
902      buffer.append(", renewTGT=");
903      buffer.append(renewTGT);
904      buffer.append(", ");
905
906      if (ticketCachePath != null)
907      {
908        buffer.append("ticketCachePath='");
909        buffer.append(ticketCachePath);
910        buffer.append("', ");
911      }
912    }
913    else
914    {
915      buffer.append("useTicketCache=false, ");
916    }
917
918    buffer.append("jaasClientName='");
919    buffer.append(jaasClientName);
920    buffer.append("', ");
921
922    if (configFilePath != null)
923    {
924      buffer.append("configFilePath='");
925      buffer.append(configFilePath);
926      buffer.append("', ");
927    }
928
929    if (saslClientServerName != null)
930    {
931      buffer.append("saslClientServerName='");
932      buffer.append(saslClientServerName);
933      buffer.append("', ");
934    }
935
936    buffer.append("servicePrincipalProtocol='");
937    buffer.append(servicePrincipalProtocol);
938    buffer.append("', suppressedSystemProperties={");
939
940    final Iterator<String> propIterator = suppressedSystemProperties.iterator();
941    while (propIterator.hasNext())
942    {
943      buffer.append('\'');
944      buffer.append(propIterator.next());
945      buffer.append('\'');
946
947      if (propIterator.hasNext())
948      {
949        buffer.append(", ");
950      }
951    }
952
953    buffer.append("}, enableGSSAPIDebugging=");
954    buffer.append(enableGSSAPIDebugging);
955    buffer.append(')');
956  }
957}