Menu
▾
▴
[Jnode-svn-commits] SF.net SVN: jnode: [3319] trunk/core/src/classpath/javax/javax/security
|
From: <ls...@us...> - 2007-06-25 19:32:12
|
Revision: 3319
http://jnode.svn.sourceforge.net/jnode/?rev=3319&view=rev
Author: lsantha
Date: 2007-06-25 12:32:06 -0700 (Mon, 25 Jun 2007)
Log Message:
-----------
Openjdk integration.
Removed Paths:
-------------
trunk/core/src/classpath/javax/javax/security/auth/kerberos/KerberosKey.java
trunk/core/src/classpath/javax/javax/security/auth/kerberos/KerberosTicket.java
trunk/core/src/classpath/javax/javax/security/auth/kerberos/KeyImpl.java
trunk/core/src/classpath/javax/javax/security/sasl/Sasl.java
Deleted: trunk/core/src/classpath/javax/javax/security/auth/kerberos/KerberosKey.java
===================================================================
--- trunk/core/src/classpath/javax/javax/security/auth/kerberos/KerberosKey.java 2007-06-25 19:30:49 UTC (rev 3318)
+++ trunk/core/src/classpath/javax/javax/security/auth/kerberos/KerberosKey.java 2007-06-25 19:32:06 UTC (rev 3319)
@@ -1,180 +0,0 @@
-/* KerberosKey.java -- kerberos key
- Copyright (C) 2006 Free Software Foundation, Inc.
-
-This file is part of GNU Classpath.
-
-GNU Classpath is free software; you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation; either version 2, or (at your option)
-any later version.
-
-GNU Classpath is distributed in the hope that it will be useful, but
-WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with GNU Classpath; see the file COPYING. If not, write to the
-Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
-02110-1301 USA.
-
-Linking this library statically or dynamically with other modules is
-making a combined work based on this library. Thus, the terms and
-conditions of the GNU General Public License cover the whole
-combination.
-
-As a special exception, the copyright holders of this library give you
-permission to link this library with independent modules to produce an
-executable, regardless of the license terms of these independent
-modules, and to copy and distribute the resulting executable under
-terms of your choice, provided that you also meet, for each linked
-independent module, the terms and conditions of the license of that
-module. An independent module is a module which is not derived from
-or based on this library. If you modify this library, you may extend
-this exception to your version of the library, but you are not
-obligated to do so. If you do not wish to do so, delete this
-exception statement from your version. */
-
-
-package javax.security.auth.kerberos;
-
-import gnu.classpath.NotImplementedException;
-
-import java.io.Serializable;
-
-import javax.crypto.SecretKey;
-import javax.security.auth.DestroyFailedException;
-import javax.security.auth.Destroyable;
-
-/**
- * This class represents a Kerberos key. See the Kerberos
- * authentication RFC for more information:
- * <a href="http://www.ietf.org/rfc/rfc1510.txt">RFC 1510</a>.
- *
- * @since 1.4
- */
-public class KerberosKey
- implements Serializable, SecretKey, Destroyable
-{
- private static final long serialVersionUID = -4625402278148246993L;
-
- private KerberosPrincipal principal;
- private int versionNum;
- private KeyImpl key;
-
- /**
- * Construct a new key with the indicated principal and key.
- * @param principal the principal
- * @param key the key's data
- * @param type the key's type
- * @param version the key's version number
- */
- public KerberosKey(KerberosPrincipal principal, byte[] key, int type,
- int version)
- {
- this.principal = principal;
- this.versionNum = version;
- this.key = new KeyImpl(key, type);
- }
-
- /**
- * Construct a new key with the indicated principal and a password.
- * @param principal the principal
- * @param passwd the password to use
- * @param algo the algorithm; if null the "DES" algorithm is used
- */
- public KerberosKey(KerberosPrincipal principal, char[] passwd, String algo)
- // Not implemented because KeyImpl really does nothing here.
- throws NotImplementedException
- {
- this.principal = principal;
- this.versionNum = 0; // FIXME: correct?
- this.key = new KeyImpl(passwd, algo);
- }
-
- /**
- * Return the name of the algorithm used to create this key.
- */
- public final String getAlgorithm()
- {
- checkDestroyed();
- return key.algorithm;
- }
-
- /**
- * Return the format of this key. This implementation always returns "RAW".
- */
- public final String getFormat()
- {
- checkDestroyed();
- // Silly, but specified.
- return "RAW";
- }
-
- /**
- * Return the principal associated with this key.
- */
- public final KerberosPrincipal getPrincipal()
- {
- checkDestroyed();
- return principal;
- }
-
- /**
- * Return the type of this key.
- */
- public final int getKeyType()
- {
- checkDestroyed();
- return key.type;
- }
-
- /**
- * Return the version number of this key.
- */
- public final int getVersionNumber()
- {
- checkDestroyed();
- return versionNum;
- }
-
- /**
- * Return the encoded form of this key.
- */
- public final byte[] getEncoded()
- {
- checkDestroyed();
- return (byte[]) key.key.clone();
- }
-
- /**
- * Destroy this key.
- */
- public void destroy() throws DestroyFailedException
- {
- if (key == null)
- throw new DestroyFailedException("already destroyed");
- key = null;
- }
-
- /**
- * Return true if this key has been destroyed. After this has been
- * called, other methods on this object will throw IllegalStateException.
- */
- public boolean isDestroyed()
- {
- return key == null;
- }
-
- private void checkDestroyed()
- {
- if (key == null)
- throw new IllegalStateException("key is destroyed");
- }
-
- public String toString()
- {
- // FIXME: random choice here.
- return principal + ":" + versionNum;
- }
-}
Deleted: trunk/core/src/classpath/javax/javax/security/auth/kerberos/KerberosTicket.java
===================================================================
--- trunk/core/src/classpath/javax/javax/security/auth/kerberos/KerberosTicket.java 2007-06-25 19:30:49 UTC (rev 3318)
+++ trunk/core/src/classpath/javax/javax/security/auth/kerberos/KerberosTicket.java 2007-06-25 19:32:06 UTC (rev 3319)
@@ -1,339 +0,0 @@
-/* KerberosTicket.java -- a kerberos ticket
- Copyright (C) 2006 Free Software Foundation, Inc.
-
-This file is part of GNU Classpath.
-
-GNU Classpath is free software; you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation; either version 2, or (at your option)
-any later version.
-
-GNU Classpath is distributed in the hope that it will be useful, but
-WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with GNU Classpath; see the file COPYING. If not, write to the
-Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
-02110-1301 USA.
-
-Linking this library statically or dynamically with other modules is
-making a combined work based on this library. Thus, the terms and
-conditions of the GNU General Public License cover the whole
-combination.
-
-As a special exception, the copyright holders of this library give you
-permission to link this library with independent modules to produce an
-executable, regardless of the license terms of these independent
-modules, and to copy and distribute the resulting executable under
-terms of your choice, provided that you also meet, for each linked
-independent module, the terms and conditions of the license of that
-module. An independent module is a module which is not derived from
-or based on this library. If you modify this library, you may extend
-this exception to your version of the library, but you are not
-obligated to do so. If you do not wish to do so, delete this
-exception statement from your version. */
-
-
-package javax.security.auth.kerberos;
-
-import gnu.classpath.NotImplementedException;
-
-import java.io.Serializable;
-import java.net.InetAddress;
-import java.util.Date;
-
-import javax.crypto.SecretKey;
-import javax.security.auth.DestroyFailedException;
-import javax.security.auth.Destroyable;
-import javax.security.auth.RefreshFailedException;
-import javax.security.auth.Refreshable;
-
-/**
- * This class represents a Kerberos ticket. See the Kerberos
- * authentication RFC for more information:
- * <a href="http://www.ietf.org/rfc/rfc1510.txt">RFC 1510</a>.
- *
- * @since 1.4
- */
-public class KerberosTicket
- implements Destroyable, Serializable, Refreshable
-{
- private static final long serialVersionUID = 7395334370157380539L;
-
- // Indices of the various flags. From the kerberos spec.
- // We only list the ones we use.
- private static final int FORWARDABLE = 1;
- private static final int FORWARDED = 2;
- private static final int PROXIABLE = 3;
- private static final int PROXY = 4;
- private static final int POSTDATED = 6;
- private static final int RENEWABLE = 8;
- private static final int INITIAL = 9;
- private static final int NUM_FLAGS = 12;
-
- private byte[] asn1Encoding;
- private KeyImpl sessionKey;
- private boolean[] flags;
- private Date authTime;
- private Date startTime;
- private Date endTime;
- private Date renewTill;
- private KerberosPrincipal client;
- private KerberosPrincipal server;
- private InetAddress[] clientAddresses;
-
- /**
- * Create a new ticket given all the facts about it.
- *
- * Note that flags may be null or "short"; any flags not specified
- * will be taken to be false.
- *
- * If the key is not renewable, then renewTill may be null.
- *
- * If authTime is null, then it is taken to be the same as startTime.
- *
- * If clientAddresses is null, then the ticket can be used anywhere.
- *
- * @param asn1Encoding the contents of the ticket, as ASN1
- * @param client the client principal
- * @param server the server principal
- * @param key the contents of the session key
- * @param type the type of the key
- * @param flags an array of flags, as specified by the RFC
- * @param authTime when the client was authenticated
- * @param startTime starting time at which the ticket is valid
- * @param endTime ending time, after which the ticket is invalid
- * @param renewTill for a rewewable ticket, the time before which it must
- * be renewed
- * @param clientAddresses a possibly-null array of addresses where this
- * ticket may be used
- */
- public KerberosTicket(byte[] asn1Encoding, KerberosPrincipal client,
- KerberosPrincipal server, byte[] key, int type,
- boolean[] flags, Date authTime, Date startTime,
- Date endTime, Date renewTill,
- InetAddress[] clientAddresses)
- {
- this.asn1Encoding = (byte[]) asn1Encoding.clone();
- this.sessionKey = new KeyImpl(key, type);
- this.flags = new boolean[NUM_FLAGS];
- if (flags != null)
- System.arraycopy(flags, 0, this.flags, 0,
- Math.min(flags.length, NUM_FLAGS));
- this.flags = (boolean[]) flags.clone();
- this.authTime = (Date) authTime.clone();
- this.startTime = (Date) ((startTime == null)
- ? authTime : startTime).clone();
- this.endTime = (Date) endTime.clone();
- this.renewTill = (Date) renewTill.clone();
- this.client = client;
- this.server = server;
- this.clientAddresses = (clientAddresses == null
- ? null
- : (InetAddress[]) clientAddresses.clone());
- }
-
- /**
- * Destroy this ticket. This discards secret information. After this
- * method is called, other methods will throw IllegalStateException.
- */
- public void destroy() throws DestroyFailedException
- {
- if (sessionKey == null)
- throw new DestroyFailedException("already destroyed");
- sessionKey = null;
- asn1Encoding = null;
- }
-
- /**
- * Return true if this ticket has been destroyed.
- */
- public boolean isDestroyed()
- {
- return sessionKey == null;
- }
-
- /**
- * Return true if the ticket is currently valid. This is true if
- * the system time is between the ticket's start and end times.
- */
- public boolean isCurrent()
- {
- long now = System.currentTimeMillis();
- return startTime.getTime() <= now && now <= endTime.getTime();
- }
-
- /**
- * If the ticket is renewable, and the renewal time has not yet elapsed,
- * attempt to renew the ticket.
- * @throws RefreshFailedException if the renewal fails for any reason
- */
- public void refresh() throws RefreshFailedException, NotImplementedException
- {
- if (! isRenewable())
- throw new RefreshFailedException("not renewable");
- if (renewTill != null
- && System.currentTimeMillis() >= renewTill.getTime())
- throw new RefreshFailedException("renewal time elapsed");
- // FIXME: must contact the KDC.
- // Use the java.security.krb5.kdc property...
- throw new RefreshFailedException("not implemented");
- }
-
- /**
- * Return the client principal for this ticket.
- */
- public final KerberosPrincipal getClient()
- {
- return client;
- }
-
- /**
- * Return the server principal for this ticket.
- */
- public final KerberosPrincipal getServer()
- {
- return server;
- }
-
- /**
- * Return true if this ticket is forwardable.
- */
- public final boolean isForwardable()
- {
- return flags[FORWARDABLE];
- }
-
- /**
- * Return true if this ticket has been forwarded.
- */
- public final boolean isForwarded()
- {
- return flags[FORWARDED];
- }
-
- /**
- * Return true if this ticket is proxiable.
- */
- public final boolean isProxiable()
- {
- return flags[PROXIABLE];
- }
-
- /**
- * Return true if this ticket is a proxy ticket.
- */
- public final boolean isProxy()
- {
- return flags[PROXY];
- }
-
- /**
- * Return true if this ticket was post-dated.
- */
- public final boolean isPostdated()
- {
- return flags[POSTDATED];
- }
-
- /**
- * Return true if this ticket is renewable.
- */
- public final boolean isRenewable()
- {
- return flags[RENEWABLE];
- }
-
- /**
- * Return true if this ticket was granted by an application
- * server, and not via a ticket-granting ticket.
- */
- public final boolean isInitial()
- {
- return flags[INITIAL];
- }
-
- /**
- * Return the flags for this ticket as a boolean array.
- * See the RFC to understand what the different entries mean.
- */
- public final boolean[] getFlags()
- {
- return (boolean[]) flags.clone();
- }
-
- /**
- * Return the authentication time for this ticket.
- */
- public final Date getAuthTime()
- {
- return (Date) authTime.clone();
- }
-
- /**
- * Return the start time for this ticket.
- */
- public final Date getStartTime()
- {
- return (Date) startTime.clone();
- }
-
- /**
- * Return the end time for this ticket.
- */
- public final Date getEndTime()
- {
- return (Date) endTime.clone();
- }
-
- /**
- * Return the renewal time for this ticket. For a non-renewable
- * ticket, this will return null.
- */
- public final Date getRenewTill()
- {
- return flags[RENEWABLE] ? ((Date) renewTill.clone()) : null;
- }
-
- /**
- * Return the allowable client addresses for this ticket. This will
- * return null if the ticket can be used anywhere.
- */
- public final InetAddress[] getClientAddresses()
- {
- return (clientAddresses == null
- ? null
- : (InetAddress[]) clientAddresses.clone());
- }
-
- /**
- * Return the encoded form of this ticket.
- */
- public final byte[] getEncoded()
- {
- checkDestroyed();
- return (byte[]) sessionKey.key.clone();
- }
-
- /**
- * Return the secret key associated with this ticket.
- */
- public final SecretKey getSessionKey()
- {
- checkDestroyed();
- return sessionKey;
- }
-
- private void checkDestroyed()
- {
- if (sessionKey == null)
- throw new IllegalStateException("key is destroyed");
- }
-
- public String toString()
- {
- return "FIXME bob";
- }
-}
Deleted: trunk/core/src/classpath/javax/javax/security/auth/kerberos/KeyImpl.java
===================================================================
--- trunk/core/src/classpath/javax/javax/security/auth/kerberos/KeyImpl.java 2007-06-25 19:30:49 UTC (rev 3318)
+++ trunk/core/src/classpath/javax/javax/security/auth/kerberos/KeyImpl.java 2007-06-25 19:32:06 UTC (rev 3319)
@@ -1,93 +0,0 @@
-/* KeyImpl.java -- kerberos key implementation
- Copyright (C) 2006 Free Software Foundation, Inc.
-
-This file is part of GNU Classpath.
-
-GNU Classpath is free software; you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation; either version 2, or (at your option)
-any later version.
-
-GNU Classpath is distributed in the hope that it will be useful, but
-WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with GNU Classpath; see the file COPYING. If not, write to the
-Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
-02110-1301 USA.
-
-Linking this library statically or dynamically with other modules is
-making a combined work based on this library. Thus, the terms and
-conditions of the GNU General Public License cover the whole
-combination.
-
-As a special exception, the copyright holders of this library give you
-permission to link this library with independent modules to produce an
-executable, regardless of the license terms of these independent
-modules, and to copy and distribute the resulting executable under
-terms of your choice, provided that you also meet, for each linked
-independent module, the terms and conditions of the license of that
-module. An independent module is a module which is not derived from
-or based on this library. If you modify this library, you may extend
-this exception to your version of the library, but you are not
-obligated to do so. If you do not wish to do so, delete this
-exception statement from your version. */
-
-
-package javax.security.auth.kerberos;
-
-import java.io.Serializable;
-
-import javax.crypto.SecretKey;
-
-/**
- * Note that the name of this class is fixed by the serialization
- * spec, even though the class itself is not public.
- */
-final class KeyImpl implements Serializable, SecretKey
-{
- // Enable this when serialization works.
- // private static final long serialVersionUID = -7889313790214321193L;
-
- public String algorithm;
- public int type;
- public byte[] key;
-
- public KeyImpl(byte[] key, int type)
- {
- // From kerberos spec.
- if (type == 0)
- this.algorithm = null;
- else if (type == 1)
- this.algorithm = "DES";
- else
- this.algorithm = "FIXME";
- this.type = type;
- this.key = (byte[]) key.clone();
- }
-
- public KeyImpl(char[] passwd, String algo)
- {
- this.algorithm = (algo == null) ? "DES" : algo;
- this.type = 0; // FIXME
- this.key = null; // double FIXME
- }
-
- public String getAlgorithm()
- {
- return algorithm;
- }
-
- public byte[] getEncoded()
- {
- return key;
- }
-
- public String getFormat()
- {
- // FIXME.
- return null;
- }
-}
Deleted: trunk/core/src/classpath/javax/javax/security/sasl/Sasl.java
===================================================================
--- trunk/core/src/classpath/javax/javax/security/sasl/Sasl.java 2007-06-25 19:30:49 UTC (rev 3318)
+++ trunk/core/src/classpath/javax/javax/security/sasl/Sasl.java 2007-06-25 19:32:06 UTC (rev 3319)
@@ -1,694 +0,0 @@
-/* Sasl.java --
- Copyright (C) 2003, 2004, 2005 Free Software Foundation, Inc.
-
-This file is part of GNU Classpath.
-
-GNU Classpath is free software; you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation; either version 2, or (at your option)
-any later version.
-
-GNU Classpath is distributed in the hope that it will be useful, but
-WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with GNU Classpath; see the file COPYING. If not, write to the
-Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
-02110-1301 USA.
-
-Linking this library statically or dynamically with other modules is
-making a combined work based on this library. Thus, the terms and
-conditions of the GNU General Public License cover the whole
-combination.
-
-As a special exception, the copyright holders of this library give you
-permission to link this library with independent modules to produce an
-executable, regardless of the license terms of these independent
-modules, and to copy and distribute the resulting executable under
-terms of your choice, provided that you also meet, for each linked
-independent module, the terms and conditions of the license of that
-module. An independent module is a module which is not derived from
-or based on this library. If you modify this library, you may extend
-this exception to your version of the library, but you are not
-obligated to do so. If you do not wish to do so, delete this
-exception statement from your version. */
-
-
-package javax.security.sasl;
-
-import java.security.Provider;
-import java.security.Security;
-import java.util.Enumeration;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.Map;
-import java.util.Vector;
-
-import javax.security.auth.callback.CallbackHandler;
-
-/**
- * <p>A static class for creating SASL clients and servers.</p>
- *
- * <p>This class defines the policy of how to locate, load, and instantiate SASL
- * clients and servers.</p>
- *
- * <p>For example, an application or library gets a SASL client instance by
- * doing something like:</p>
- *
- * <pre>
- *SaslClient sc =
- * Sasl.createSaslClient(mechanisms, authorizationID, protocol,
- * serverName, props, callbackHandler);
- * </pre>
- *
- * <p>It can then proceed to use the instance to create an authenticated
- * connection.</p>
- *
- * <p>Similarly, a server gets a SASL server instance by using code that looks
- * as follows:</p>
- *
- * <pre>
- *SaslServer ss =
- * Sasl.createSaslServer(mechanism, protocol, serverName, props,
- * callbackHandler);
- * </pre>
- *
- * @since 1.5
- */
-public class Sasl
-{
-
- // Constants and variables
- // -------------------------------------------------------------------------
-
- /**
- * <p>The name of a property that specifies the quality-of-protection to use.
- * The property contains a comma-separated, ordered list of quality-of-
- * protection values that the client or server is willing to support. A qop
- * value is one of:</p>
- *
- * <ul>
- * <li><code>"auth"</code> - authentication only,</li>
- * <li><code>"auth-int"</code> - authentication plus integrity
- * protection,</li>
- * <li><code>"auth-conf"</code> - authentication plus integrity and
- * confidentiality protection.</li>
- * </ul>
- *
- * <p>The order of the list specifies the preference order of the client or
- * server.</p>
- *
- * <p>If this property is absent, the default qop is <code>"auth"</code>.</p>
- *
- * <p>The value of this constant is <code>"javax.security.sasl.qop"</code>.</p>
- */
- public static final String QOP = "javax.security.sasl.qop";
-
- /**
- * <p>The name of a property that specifies the cipher strength to use. The
- * property contains a comma-separated, ordered list of cipher strength
- * values that the client or server is willing to support. A strength value
- * is one of:</p>
- *
- * <ul>
- * <li><code>"low"</code>,</li>
- * <li><code>"medium"</code>,</li>
- * <li><code>"high"</code>.</li>
- * </ul>
- *
- * <p>The order of the list specifies the preference order of the client or
- * server. An implementation should allow configuration of the meaning of
- * these values. An application may use the Java Cryptography Extension (JCE)
- * with JCE-aware mechanisms to control the selection of cipher suites that
- * match the strength values.</p>
- *
- * <p>If this property is absent, the default strength is
- * <code>"high,medium,low"</code>.</p>
- *
- * <p>The value of this constant is <code>"javax.security.sasl.strength"</code>.
- * </p>
- */
- public static final String STRENGTH = "javax.security.sasl.strength";
-
- /**
- * <p>The name of a property that specifies whether the server must authenticate
- * to the client. The property contains <code>"true"</code> if the server
- * must authenticate the to client; <code>"false"</code> otherwise. The
- * default is <code>"false"</code>.</p>
- *
- * <p>The value of this constant is
- * <code>"javax.security.sasl.server.authentication"</code>.</p>
- */
- public static final String SERVER_AUTH = "javax.security.sasl.server.authentication";
-
- /**
- * <p>The name of a property that specifies the maximum size of the receive
- * buffer in bytes of {@link SaslClient}/{@link SaslServer}. The property
- * contains the string representation of an integer.</p>
- *
- * <p>If this property is absent, the default size is defined by the
- * mechanism.</p>
- *
- * <p>The value of this constant is <code>"javax.security.sasl.maxbuffer"</code>.
- * </p>
- */
- public static final String MAX_BUFFER = "javax.security.sasl.maxbuffer";
-
- /**
- * <p>The name of a property that specifies the maximum size of the raw send
- * buffer in bytes of {@link SaslClient}/{@link SaslServer}. The property
- * contains the string representation of an integer. The value of this
- * property is negotiated between the client and server during the
- * authentication exchange.</p>
- *
- * <p>The value of this constant is <code>"javax.security.sasl.rawsendsize"</code>.
- * </p>
- */
- public static final String RAW_SEND_SIZE = "javax.security.sasl.rawsendsize";
-
- /**
- * <p>The name of a property that specifies whether mechanisms susceptible
- * to simple plain passive attacks (e.g., "PLAIN") are not permitted. The
- * property contains <code>"true"</code> if such mechanisms are not
- * permitted; <code>"false"</code> if such mechanisms are permitted. The
- * default is <code>"false"</code>.</p>
- *
- * <p>The value of this constant is <code>"javax.security.sasl.policy.noplaintext"</code>.
- * </p>
- */
- public static final String POLICY_NOPLAINTEXT = "javax.security.sasl.policy.noplaintext";
-
- /**
- * <p>The name of a property that specifies whether mechanisms susceptible to
- * active (non-dictionary) attacks are not permitted. The property contains
- * <code>"true"</code> if mechanisms susceptible to active attacks are not
- * permitted; <code>"false"</code> if such mechanisms are permitted. The
- * default is <code>"false"</code>.</p>
- *
- * <p>The value of this constant is <code>"javax.security.sasl.policy.noactive"</code>.
- * </p>
- */
- public static final String POLICY_NOACTIVE = "javax.security.sasl.policy.noactive";
-
- /**
- * <p>The name of a property that specifies whether mechanisms susceptible to
- * passive dictionary attacks are not permitted. The property contains
- * <code>"true"</code> if mechanisms susceptible to dictionary attacks are
- * not permitted; <code>"false"</code> if such mechanisms are permitted. The
- * default is <code>"false"</code>.</p>
- *
- * <p>The value of this constant is <code>"javax.security.sasl.policy.nodictionary"</code>.
- * </p>
- */
- public static final String POLICY_NODICTIONARY = "javax.security.sasl.policy.nodictionary";
-
- /**
- * <p>The name of a property that specifies whether mechanisms that accept
- * anonymous login are not permitted. The property contains <code>"true"</code>
- * if mechanisms that accept anonymous login are not permitted; <code>"false"
- * </code> if such mechanisms are permitted. The default is <code>"false"</code>.
- * </p>
- *
- * <p>The value of this constant is <code>"javax.security.sasl.policy.noanonymous"</code>.
- * </p>
- */
- public static final String POLICY_NOANONYMOUS = "javax.security.sasl.policy.noanonymous";
-
- /**
- * The name of a property that specifies whether mechanisms that implement
- * forward secrecy between sessions are required. Forward secrecy means that
- * breaking into one session will not automatically provide information for
- * breaking into future sessions. The property contains <code>"true"</code>
- * if mechanisms that implement forward secrecy between sessions are
- * required; <code>"false"</code> if such mechanisms are not required. The
- * default is <code>"false"</code>.
- *
- * <p>The value of this constant is <code>"javax.security.sasl.policy.forward"</code>.
- * </p>
- */
- public static final String POLICY_FORWARD_SECRECY = "javax.security.sasl.policy.forward";
-
- /**
- * The name of a property that specifies whether mechanisms that pass client
- * credentials are required. The property contains <code>"true"</code> if
- * mechanisms that pass client credentials are required; <code>"false"</code>
- * if such mechanisms are not required. The default is <code>"false"</code>.
- *
- * <p>The value of this constant is <code>"javax.security.sasl.policy.credentials"</code>.
- * </p>
- */
- public static final String POLICY_PASS_CREDENTIALS = "javax.security.sasl.policy.credentials";
-
- /**
- * <p>The name of a property that specifies whether to reuse previously
- * authenticated session information. The property contains <code>"true"</code>
- * if the mechanism implementation may attempt to reuse previously
- * authenticated session information; it contains <code>"false"</code> if the
- * implementation must not reuse previously authenticated session information.
- * A setting of <code>"true"</code> serves only as a hint; it does not
- * necessarily entail actual reuse because reuse might not be possible due to
- * a number of reasons, including, but not limited to, lack of mechanism
- * support for reuse, expiration of reusable information, and the peer's
- * refusal to support reuse. The property's default value is <code>"false"</code>.
- * </p>
- *
- * <p>The value of this constant is <code>"javax.security.sasl.reuse"</code>.
- * Note that all other parameters and properties required to create a SASL
- * client/server instance must be provided regardless of whether this
- * property has been supplied. That is, you cannot supply any less
- * information in anticipation of reuse. Mechanism implementations that
- * support reuse might allow customization of its implementation for factors
- * such as cache size, timeouts, and criteria for reuseability. Such
- * customizations are implementation-dependent.</p>
- */
- public static final String REUSE = "javax.security.sasl.reuse";
-
- private static final String CLIENT_FACTORY_SVC = "SaslClientFactory.";
- private static final String SERVER_FACTORY_SVC = "SaslServerFactory.";
- private static final String ALIAS = "Alg.Alias.";
-
- // Constructor(s)
- // -------------------------------------------------------------------------
-
- private Sasl()
- {
- super();
- }
-
- // Class methods
- // -------------------------------------------------------------------------
-
- /**
- * Creates a {@link SaslClient} for the specified mechanism.
- *
- * <p>This method uses the JCA Security Provider Framework, described in the
- * "Java Cryptography Architecture API Specification & Reference", for
- * locating and selecting a {@link SaslClient} implementation.</p>
- *
- * <p>First, it obtains an ordered list of {@link SaslClientFactory}
- * instances from the registered security providers for the
- * <code>"SaslClientFactory"</code> service and the specified mechanism. It
- * then invokes <code>createSaslClient()</code> on each factory instance on
- * the list until one produces a non-null {@link SaslClient} instance. It
- * returns the non-null {@link SaslClient} instance, or <code>null</code> if
- * the search fails to produce a non-null {@link SaslClient} instance.</p>
- *
- * <p>A security provider for <code>SaslClientFactory</code> registers with
- * the JCA Security Provider Framework keys of the form:</p>
- *
- * <pre>
- * SaslClientFactory.mechanism_name
- * </pre>
- *
- * <p>and values that are class names of implementations of {@link
- * SaslClientFactory}.</p>
- *
- * <p>For example, a provider that contains a factory class,
- * <code>com.wiz.sasl.digest.ClientFactory</code>, that supports the
- * <code>"DIGEST-MD5"</code> mechanism would register the following entry
- * with the JCA:</p>
- *
- * <pre>
- * SaslClientFactory.DIGEST-MD5 com.wiz.sasl.digest.ClientFactory
- * </pre>
- *
- * <p>See the "Java Cryptography Architecture API Specification &
- * Reference" for information about how to install and configure security
- * service providers.</p>
- *
- * @param mechanisms the non-null list of mechanism names to try. Each is the
- * IANA-registered name of a SASL mechanism. (e.g. "GSSAPI", "CRAM-MD5").
- * @param authorizationID the possibly <code>null</code> protocol-dependent
- * identification to be used for authorization. If <code>null</code> or
- * empty, the server derives an authorization ID from the client's
- * authentication credentials. When the SASL authentication completes
- * successfully, the specified entity is granted access.
- * @param protocol the non-null string name of the protocol for which the
- * authentication is being performed (e.g. "ldap").
- * @param serverName the non-null fully-qualified host name of the server to
- * authenticate to.
- * @param props the possibly null set of properties used to select the SASL
- * mechanism and to configure the authentication exchange of the selected
- * mechanism. For example, if props contains the {@link Sasl#POLICY_NOPLAINTEXT}
- * property with the value <code>"true"</code>, then the selected SASL
- * mechanism must not be susceptible to simple plain passive attacks. In
- * addition to the standard properties declared in this class, other,
- * possibly mechanism-specific, properties can be included. Properties not
- * relevant to the selected mechanism are ignored.
- * @param cbh the possibly <code>null</code> callback handler to used by the
- * SASL mechanisms to get further information from the application/library to
- * complete the authentication. For example, a SASL mechanism might require
- * the authentication ID, password and realm from the caller. The
- * authentication ID is requested by using a
- * {@link javax.security.auth.callback.NameCallback}. The password is
- * requested by using a {@link javax.security.auth.callback.PasswordCallback}.
- * The realm is requested by using a {@link RealmChoiceCallback} if there is
- * a list of realms to choose from, and by using a {@link RealmCallback} if
- * the realm must be entered.
- * @return a possibly <code>null</code> {@link SaslClient} created using the
- * parameters supplied. If <code>null</code>, the method could not find a
- * {@link SaslClientFactory} that will produce one.
- * @throws SaslException if a {@link SaslClient} cannot be created because
- * of an error.
- */
- public static SaslClient createSaslClient(String[] mechanisms,
- String authorizationID,
- String protocol,
- String serverName,
- Map<String, ?> props,
- CallbackHandler cbh)
- throws SaslException
- {
- if (mechanisms == null)
- {
- return null;
- }
- Provider[] providers = Security.getProviders();
- if (providers == null || providers.length == 0)
- {
- return null;
- }
-
- SaslClient result = null;
- SaslClientFactory factory = null;
- String m, clazz = null, upper, alias;
- int j;
- Provider p;
- for (int i = 0; i < mechanisms.length; i++)
- {
- m = mechanisms[i];
- if (m == null)
- continue;
- for (j = 0; j < providers.length; j++)
- {
- p = providers[j];
- if (p != null)
- {
- // try the name as is
- clazz = p.getProperty(CLIENT_FACTORY_SVC + m);
- if (clazz == null) // try all uppercase
- {
- upper = m.toUpperCase();
- clazz = p.getProperty(CLIENT_FACTORY_SVC + upper);
- if (clazz == null) // try if it's an alias
- {
- alias = p.getProperty(ALIAS + CLIENT_FACTORY_SVC + m);
- if (alias == null) // try all-uppercase alias name
- {
- alias = p.getProperty(ALIAS + CLIENT_FACTORY_SVC + upper);
- if (alias == null) // spit the dummy
- continue;
- }
- clazz = p.getProperty(CLIENT_FACTORY_SVC + alias);
- }
- }
- if (clazz == null)
- continue;
- else
- clazz = clazz.trim();
- }
-
- try
- {
- result = null;
- factory = (SaslClientFactory) Class.forName(clazz).newInstance();
- result = factory.createSaslClient(mechanisms, authorizationID,
- protocol, serverName, props, cbh);
- }
- catch (ClassCastException ignored) // ignore instantiation exceptions
- {
- }
- catch (ClassNotFoundException ignored)
- {
- }
- catch (InstantiationException ignored)
- {
- }
- catch (IllegalAccessException ignored)
- {
- }
- if (result != null)
- return result;
- }
- }
- return null;
- }
-
- /**
- * Gets an enumeration of known factories for producing a {@link SaslClient}
- * instance. This method uses the same sources for locating factories as
- * <code>createSaslClient()</code>.
- *
- * @return a non-null {@link Enumeration} of known factories for producing a
- * {@link SaslClient} instance.
- * @see #createSaslClient(String[],String,String,String,Map,CallbackHandler)
- */
- public static Enumeration<SaslClientFactory> getSaslClientFactories()
- {
- Vector result = new Vector();
- HashSet names = new HashSet();
- Provider[] providers = Security.getProviders();
- Iterator it;
- if (providers != null)
- {
- Provider p;
- String key;
- for (int i = 0; i < providers.length; i++)
- {
- p = providers[i];
- for (it = p.keySet().iterator(); it.hasNext(); )
- {
- key = (String) it.next();
- // add key's binding (a) it is a class of a client factory,
- // and (b) the key does not include blanks
- if (key.startsWith(CLIENT_FACTORY_SVC) && key.indexOf(" ") == -1)
- {
- names.add(p.getProperty(key));
- break;
- }
- }
- }
- }
- // we have the factory class names in names; instantiate and enumerate
- String c;
- for (it = names.iterator(); it.hasNext(); )
- {
- c = (String) it.next();
- try
- {
- SaslClientFactory f = (SaslClientFactory) Class.forName(c).newInstance();
- if (f != null)
- result.add(f);
- } catch (ClassCastException ignored) { // ignore instantiation exceptions
- } catch (ClassNotFoundException ignored) {
- } catch (InstantiationException ignored) {
- } catch (IllegalAccessException ignored) {
- }
- }
-
- return result.elements();
- }
-
- /**
- * Creates a {@link SaslServer} for the specified mechanism.
- *
- * <p>This method uses the JCA Security Provider Framework, described in the
- * "Java Cryptography Architecture API Specification & Reference", for
- * locating and selecting a SaslServer implementation.</p>
- *
- * <p>First, it obtains an ordered list of {@link SaslServerFactory}
- * instances from the registered security providers for the
- * <code>"SaslServerFactory"</code> service and the specified mechanism. It
- * then invokes <code>createSaslServer()</code> on each factory instance on
- * the list until one produces a non-null {@link SaslServer} instance. It
- * returns the non-null {@link SaslServer} instance, or <code>null</code> if
- * the search fails to produce a non-null {@link SaslServer} instance.</p>
- *
- * <p>A security provider for {@link SaslServerFactory} registers with the
- * JCA Security Provider Framework keys of the form:</p>
- *
- * <pre>
- * SaslServerFactory.mechanism_name
- * </pre>
- *
- * <p>and values that are class names of implementations of {@link
- * SaslServerFactory}.</p>
- *
- * <p>For example, a provider that contains a factory class,
- * <code>com.wiz.sasl.digest.ServerFactory</code>, that supports the
- * <code>"DIGEST-MD5"</code> mechanism would register the following entry
- * with the JCA:</p>
- *
- * <pre>
- * SaslServerFactory.DIGEST-MD5 com.wiz.sasl.digest.ServerFactory
- * </pre>
- *
- * <p>See the "Java Cryptography Architecture API Specification &
- * Reference" for information about how to install and configure security
- * service providers.</p>
- *
- * @param mechanism the non-null mechanism name. It must be an
- * IANA-registered name of a SASL mechanism. (e.g. "GSSAPI", "CRAM-MD5").
- * @param protocol the non-null string name of the protocol for which the
- * authentication is being performed (e.g. "ldap").
- * @param serverName the non-null fully qualified host name of the server.
- * @param props the possibly <code>null</code> set of properties used to
- * select the SASL mechanism and to configure the authentication exchange of
- * the selected mechanism. For example, if props contains the {@link
- * Sasl#POLICY_NOPLAINTEXT} property with the value <code>"true"</code>, then
- * the selected SASL mechanism must not be susceptible to simple plain
- * passive attacks. In addition to the standard properties declared in this
- * class, other, possibly mechanism-specific, properties can be included.
- * Properties not relevant to the selected mechanism are ignored.
- * @param cbh the possibly <code>null</code> callback handler to used by the
- * SASL mechanisms to get further information from the application/library to
- * complete the authentication. For example, a SASL mechanism might require
- * the authentication ID, password and realm from the caller. The
- * authentication ID is requested by using a
- * {@link javax.security.auth.callback.NameCallback}. The password is
- * requested by using a {@link javax.security.auth.callback.PasswordCallback}.
- * The realm is requested by using a {@link RealmChoiceCallback} if there is
- * a list of realms to choose from, and by using a {@link RealmCallback} if
- * the realm must be entered.
- * @return a possibly <code>null</code> {@link SaslServer} created using the
- * parameters supplied. If <code>null</code>, the method cannot find a
- * {@link SaslServerFactory} instance that will produce one.
- * @throws SaslException if a {@link SaslServer} instance cannot be created
- * because of an error.
- */
- public static SaslServer createSaslServer(String mechanism, String protocol,
- String serverName,
- Map<String, ?> props,
- CallbackHandler cbh)
- throws SaslException
- {
- if (mechanism == null)
- return null;
- Provider[] providers = Security.getProviders();
- if (providers == null || providers.length == 0)
- return null;
-
- SaslServer result = null;
- SaslServerFactory factory = null;
- String clazz = null, upper, alias = null;
- int j;
- Provider p;
- for (j = 0; j < providers.length; j++)
- {
- p = providers[j];
- if (p != null)
- {
- // try the name as is
- clazz = p.getProperty(SERVER_FACTORY_SVC + mechanism);
- if (clazz == null) // try all uppercase
- {
- upper = mechanism.toUpperCase();
- clazz = p.getProperty(SERVER_FACTORY_SVC + upper);
- if (clazz == null) // try if it's an alias
- {
- alias = p.getProperty(ALIAS + SERVER_FACTORY_SVC + mechanism);
- if (alias == null) // try all-uppercase alias name
- {
- alias = p.getProperty(ALIAS + SERVER_FACTORY_SVC + upper);
- if (alias == null) // spit the dummy
- continue;
- }
- }
- clazz = p.getProperty(SERVER_FACTORY_SVC + alias);
- }
- }
- if (clazz == null)
- continue;
- else
- clazz = clazz.trim();
-
- try
- {
- result = null;
- factory = (SaslServerFactory) Class.forName(clazz).newInstance();
- result =
- factory.createSaslServer(mechanism, protocol, serverName, props, cbh);
- }
- catch (ClassCastException ignored) // ignore instantiation exceptions
- {
- }
- catch (ClassNotFoundException ignored)
- {
- }
- catch (InstantiationException ignored)
- {
- }
- catch (IllegalAccessException ignored)
- {
- }
- if (result != null)
- return result;
- }
- return null;
- }
-
- /**
- * Gets an enumeration of known factories for producing a {@link SaslServer}
- * instance. This method uses the same sources for locating factories as
- * <code>createSaslServer()</code>.
- *
- * @return a non-null {@link Enumeration} of known factories for producing a
- * {@link SaslServer} instance.
- * @see #createSaslServer(String,String,String,Map,CallbackHandler)
- */
- public static Enumeration<SaslServerFactory> getSaslServerFactories()
- {
- Vector result = new Vector();
- HashSet names = new HashSet();
- Provider[] providers = Security.getProviders();
- Iterator it;
- if (providers != null)
- {
- Provider p;
- String key;
- for (int i = 0; i < providers.length; i++)
- {
- p = providers[i];
- for (it = p.keySet().iterator(); it.hasNext(); )
- {
- key = (String) it.next();
- // add key's binding (a) it is a class of a server factory,
- // and (b) the key does not include blanks
- if (key.startsWith(SERVER_FACTORY_SVC) && key.indexOf(" ") == -1)
- {
- names.add(p.getProperty(key));
- break;
- }
- }
- }
- }
- // we have the factory class names in names; instantiate and enumerate
- String c;
- for (it = names.iterator(); it.hasNext(); )
- {
- c = (String) it.next();
- try
- {
- SaslServerFactory f = (SaslServerFactory) Class.forName(c).newInstance();
- if (f != null)
- result.add(f);
- }
- catch (ClassCastException ignored) // ignore instantiation exceptions
- {
- }
- catch (ClassNotFoundException ignored)
- {
- }
- catch (InstantiationException ignored)
- {
- }
- catch (IllegalAccessException ignored)
- {
- }
- }
-
- return result.elements();
- }
-}
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
