private void BindSecure(System.String username, System.String password, AuthenticationTypes authenticationTypes)
{
if ((authenticationTypes & AuthenticationTypes.Secure) != 0) {
LoginContext loginContext = null;
try {
if (username != null && password != null) {
AuthenticationCallbackHandler callbackHandler = new AuthenticationCallbackHandler (username,password);
loginContext = new LoginContext (SecurityAppName, callbackHandler);
}
else
loginContext = new LoginContext (SecurityAppName);
loginContext.login ();
}
catch (Exception e) {
throw new LdapException ("Failed to create login security context", 80, "", e);
}
Krb5Helper krb5Helper = null;
try {
krb5Helper = new Krb5Helper ("ldap@" + conn.Host, username, loginContext.getSubject (), authenticationTypes, SecurityMech);
}
finally {
loginContext.logout();
}
sbyte [] token = krb5Helper.ExchangeTokens (Krb5Helper.EmptyToken);
for (;;) {
LdapResponseQueue queue = Bind(LdapConnection.Ldap_V3, username, token, null, null, AuthenticationMech);
LdapResponse res = (LdapResponse) queue.getResponse ();
if (res.ResultCode != LdapException.SASL_BIND_IN_PROGRESS &&
res.ResultCode != LdapException.SUCCESS) {
krb5Helper.Dispose();
throw new LdapException(ExceptionMessages.CONNECTION_ERROR, res.ResultCode, res.ErrorMessage);
}
Asn1OctetString serverSaslCreds = ((RfcBindResponse)res.Asn1Object.Response).ServerSaslCreds;
token = serverSaslCreds != null ? serverSaslCreds.byteValue () : null;
token = krb5Helper.ExchangeTokens(token == null ? Krb5Helper.EmptyToken : token);
if (res.ResultCode != LdapException.SASL_BIND_IN_PROGRESS)
break;
conn.ReplaceStreams (conn.InputStream,conn.OutputStream);
}
System.IO.Stream inStream = conn.InputStream;
System.IO.Stream newIn = new SecureStream (inStream, krb5Helper);
System.IO.Stream outStream = conn.OutputStream;
System.IO.Stream newOut = new SecureStream (outStream, krb5Helper);
conn.ReplaceStreams (newIn,newOut);
}
}