From 554fd8c5195424bdbcabf5de30fdc183aba391bd Mon Sep 17 00:00:00 2001 From: upstream source tree Date: Sun, 15 Mar 2015 20:14:05 -0400 Subject: obtained gcc-4.6.4.tar.bz2 from upstream website; verified gcc-4.6.4.tar.bz2.sig; imported gcc-4.6.4 source tree from verified upstream tarball. downloading a git-generated archive based on the 'upstream' tag should provide you with a source tree that is binary identical to the one extracted from the above tarball. if you have obtained the source via the command 'git clone', however, do note that line-endings of files in your working directory might differ from line-endings of the respective files in the upstream repository. --- .../javax/security/auth/AuthPermission.java | 146 +++++ .../security/auth/DestroyFailedException.java | 67 ++ .../classpath/javax/security/auth/Destroyable.java | 64 ++ libjava/classpath/javax/security/auth/Policy.java | 79 +++ .../security/auth/PrivateCredentialPermission.java | 326 ++++++++++ .../security/auth/RefreshFailedException.java | 63 ++ .../classpath/javax/security/auth/Refreshable.java | 65 ++ libjava/classpath/javax/security/auth/Subject.java | 557 +++++++++++++++++ .../javax/security/auth/SubjectDomainCombiner.java | 97 +++ .../javax/security/auth/callback/Callback.java | 64 ++ .../security/auth/callback/CallbackHandler.java | 155 +++++ .../security/auth/callback/ChoiceCallback.java | 236 +++++++ .../auth/callback/ConfirmationCallback.java | 505 +++++++++++++++ .../security/auth/callback/LanguageCallback.java | 100 +++ .../javax/security/auth/callback/NameCallback.java | 178 ++++++ .../security/auth/callback/PasswordCallback.java | 168 +++++ .../security/auth/callback/TextInputCallback.java | 177 ++++++ .../security/auth/callback/TextOutputCallback.java | 140 +++++ .../callback/UnsupportedCallbackException.java | 101 +++ .../javax/security/auth/callback/package.html | 46 ++ .../auth/kerberos/DelegationPermission.java | 136 ++++ .../javax/security/auth/kerberos/KerberosKey.java | 180 ++++++ .../security/auth/kerberos/KerberosPrincipal.java | 207 ++++++ .../security/auth/kerberos/KerberosTicket.java | 372 +++++++++++ .../javax/security/auth/kerberos/KeyImpl.java | 102 +++ .../security/auth/kerberos/ServicePermission.java | 172 +++++ .../security/auth/login/AccountException.java | 64 ++ .../auth/login/AccountExpiredException.java | 64 ++ .../auth/login/AccountLockedException.java | 64 ++ .../auth/login/AccountNotFoundException.java | 64 ++ .../security/auth/login/AppConfigurationEntry.java | 143 +++++ .../javax/security/auth/login/Configuration.java | 121 ++++ .../security/auth/login/CredentialException.java | 64 ++ .../auth/login/CredentialExpiredException.java | 64 ++ .../auth/login/CredentialNotFoundException.java | 65 ++ .../security/auth/login/FailedLoginException.java | 63 ++ .../javax/security/auth/login/LoginContext.java | 265 ++++++++ .../javax/security/auth/login/LoginException.java | 65 ++ .../security/auth/login/NullConfiguration.java | 62 ++ .../javax/security/auth/login/package.html | 46 ++ libjava/classpath/javax/security/auth/package.html | 46 ++ .../javax/security/auth/spi/LoginModule.java | 122 ++++ .../classpath/javax/security/auth/spi/package.html | 46 ++ .../javax/security/auth/x500/X500Principal.java | 556 +++++++++++++++++ .../security/auth/x500/X500PrivateCredential.java | 149 +++++ .../javax/security/auth/x500/package.html | 46 ++ .../classpath/javax/security/cert/Certificate.java | 176 ++++++ .../cert/CertificateEncodingException.java | 60 ++ .../javax/security/cert/CertificateException.java | 60 ++ .../security/cert/CertificateExpiredException.java | 60 ++ .../cert/CertificateNotYetValidException.java | 60 ++ .../security/cert/CertificateParsingException.java | 59 ++ .../javax/security/cert/X509CertBridge.java | 201 ++++++ .../javax/security/cert/X509Certificate.java | 189 ++++++ libjava/classpath/javax/security/cert/package.html | 46 ++ libjava/classpath/javax/security/package.html | 46 ++ .../security/sasl/AuthenticationException.java | 107 ++++ .../javax/security/sasl/AuthorizeCallback.java | 175 ++++++ .../javax/security/sasl/RealmCallback.java | 77 +++ .../javax/security/sasl/RealmChoiceCallback.java | 73 +++ libjava/classpath/javax/security/sasl/Sasl.java | 694 +++++++++++++++++++++ .../classpath/javax/security/sasl/SaslClient.java | 232 +++++++ .../javax/security/sasl/SaslClientFactory.java | 118 ++++ .../javax/security/sasl/SaslException.java | 189 ++++++ .../classpath/javax/security/sasl/SaslServer.java | 227 +++++++ .../javax/security/sasl/SaslServerFactory.java | 116 ++++ libjava/classpath/javax/security/sasl/package.html | 46 ++ 67 files changed, 9693 insertions(+) create mode 100644 libjava/classpath/javax/security/auth/AuthPermission.java create mode 100644 libjava/classpath/javax/security/auth/DestroyFailedException.java create mode 100644 libjava/classpath/javax/security/auth/Destroyable.java create mode 100644 libjava/classpath/javax/security/auth/Policy.java create mode 100644 libjava/classpath/javax/security/auth/PrivateCredentialPermission.java create mode 100644 libjava/classpath/javax/security/auth/RefreshFailedException.java create mode 100644 libjava/classpath/javax/security/auth/Refreshable.java create mode 100644 libjava/classpath/javax/security/auth/Subject.java create mode 100644 libjava/classpath/javax/security/auth/SubjectDomainCombiner.java create mode 100644 libjava/classpath/javax/security/auth/callback/Callback.java create mode 100644 libjava/classpath/javax/security/auth/callback/CallbackHandler.java create mode 100644 libjava/classpath/javax/security/auth/callback/ChoiceCallback.java create mode 100644 libjava/classpath/javax/security/auth/callback/ConfirmationCallback.java create mode 100644 libjava/classpath/javax/security/auth/callback/LanguageCallback.java create mode 100644 libjava/classpath/javax/security/auth/callback/NameCallback.java create mode 100644 libjava/classpath/javax/security/auth/callback/PasswordCallback.java create mode 100644 libjava/classpath/javax/security/auth/callback/TextInputCallback.java create mode 100644 libjava/classpath/javax/security/auth/callback/TextOutputCallback.java create mode 100644 libjava/classpath/javax/security/auth/callback/UnsupportedCallbackException.java create mode 100644 libjava/classpath/javax/security/auth/callback/package.html create mode 100644 libjava/classpath/javax/security/auth/kerberos/DelegationPermission.java create mode 100644 libjava/classpath/javax/security/auth/kerberos/KerberosKey.java create mode 100644 libjava/classpath/javax/security/auth/kerberos/KerberosPrincipal.java create mode 100644 libjava/classpath/javax/security/auth/kerberos/KerberosTicket.java create mode 100644 libjava/classpath/javax/security/auth/kerberos/KeyImpl.java create mode 100644 libjava/classpath/javax/security/auth/kerberos/ServicePermission.java create mode 100644 libjava/classpath/javax/security/auth/login/AccountException.java create mode 100644 libjava/classpath/javax/security/auth/login/AccountExpiredException.java create mode 100644 libjava/classpath/javax/security/auth/login/AccountLockedException.java create mode 100644 libjava/classpath/javax/security/auth/login/AccountNotFoundException.java create mode 100644 libjava/classpath/javax/security/auth/login/AppConfigurationEntry.java create mode 100644 libjava/classpath/javax/security/auth/login/Configuration.java create mode 100644 libjava/classpath/javax/security/auth/login/CredentialException.java create mode 100644 libjava/classpath/javax/security/auth/login/CredentialExpiredException.java create mode 100644 libjava/classpath/javax/security/auth/login/CredentialNotFoundException.java create mode 100644 libjava/classpath/javax/security/auth/login/FailedLoginException.java create mode 100644 libjava/classpath/javax/security/auth/login/LoginContext.java create mode 100644 libjava/classpath/javax/security/auth/login/LoginException.java create mode 100644 libjava/classpath/javax/security/auth/login/NullConfiguration.java create mode 100644 libjava/classpath/javax/security/auth/login/package.html create mode 100644 libjava/classpath/javax/security/auth/package.html create mode 100644 libjava/classpath/javax/security/auth/spi/LoginModule.java create mode 100644 libjava/classpath/javax/security/auth/spi/package.html create mode 100644 libjava/classpath/javax/security/auth/x500/X500Principal.java create mode 100644 libjava/classpath/javax/security/auth/x500/X500PrivateCredential.java create mode 100644 libjava/classpath/javax/security/auth/x500/package.html create mode 100644 libjava/classpath/javax/security/cert/Certificate.java create mode 100644 libjava/classpath/javax/security/cert/CertificateEncodingException.java create mode 100644 libjava/classpath/javax/security/cert/CertificateException.java create mode 100644 libjava/classpath/javax/security/cert/CertificateExpiredException.java create mode 100644 libjava/classpath/javax/security/cert/CertificateNotYetValidException.java create mode 100644 libjava/classpath/javax/security/cert/CertificateParsingException.java create mode 100644 libjava/classpath/javax/security/cert/X509CertBridge.java create mode 100644 libjava/classpath/javax/security/cert/X509Certificate.java create mode 100644 libjava/classpath/javax/security/cert/package.html create mode 100644 libjava/classpath/javax/security/package.html create mode 100644 libjava/classpath/javax/security/sasl/AuthenticationException.java create mode 100644 libjava/classpath/javax/security/sasl/AuthorizeCallback.java create mode 100644 libjava/classpath/javax/security/sasl/RealmCallback.java create mode 100644 libjava/classpath/javax/security/sasl/RealmChoiceCallback.java create mode 100644 libjava/classpath/javax/security/sasl/Sasl.java create mode 100644 libjava/classpath/javax/security/sasl/SaslClient.java create mode 100644 libjava/classpath/javax/security/sasl/SaslClientFactory.java create mode 100644 libjava/classpath/javax/security/sasl/SaslException.java create mode 100644 libjava/classpath/javax/security/sasl/SaslServer.java create mode 100644 libjava/classpath/javax/security/sasl/SaslServerFactory.java create mode 100644 libjava/classpath/javax/security/sasl/package.html (limited to 'libjava/classpath/javax/security') diff --git a/libjava/classpath/javax/security/auth/AuthPermission.java b/libjava/classpath/javax/security/auth/AuthPermission.java new file mode 100644 index 000000000..176ed9fb4 --- /dev/null +++ b/libjava/classpath/javax/security/auth/AuthPermission.java @@ -0,0 +1,146 @@ +/* AuthPermission.java -- permissions related to authentication. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.security.auth; + +import java.security.BasicPermission; + +/** + *

A permission controlling access to authentication service. The + * actions field of auth permission objects is ignored; the whole + * of the permission is defined by the target.

+ * + *

The authentication permission targets recognized are:

+ * + *
+ *
doAs
+ * + *

Allows access to the {@link + * Subject#doAs(javax.security.auth.Subject java.security.PrivilegedAction)} + * methods.

+ * + *
doAsPrivileged
+ * + *

Allows access to the {@link + * Subject#doAsPrivileged(javax.security.auth.Subject, + * java.security.PrivilegedAction, java.security.AccessControlContext)} + * methods.

+ * + *
getSubject
+ * + *

Allows access to the {@link Subject} associated with a + * thread.

+ * + *
getSubjectFromDomainCombiner
+ * + *

Allows access to the {@link Subject} associated with a + * {@link SubjectDomainCombiner}.

+ * + *
setReadOnly
+ * + *

Allows a {@link Subject} to be marked as read-only.

+ * + *
modifyPrincipals
+ * + *

Allows the set of principals of a subject to be modified.

+ * + *
modifyPublicCredentials
+ * + *

Allows the set of public credentials of a subject to be + * modified.

+ * + *
modifyPrivateCredentials
+ * + *

Allows the set of private credentials of a subject to be + * modified.

+ * + *
refreshCredential
+ * + *

Allows a {@link Refreshable} credential to be refreshed.

+ * + *
destroyCredential
+ * + *

Allows a {@link Destroyable} credential to be destroyed.

+ * + *
createLoginContext.name
+ * + *

Allows a {@link javax.security.auth.login.LoginContext} for the + * given name. name can also be a wildcard ('*'), + * which allows the creation of a context with any name.

+ * + *
getLoginConfiguration
+ * + *

Allows the system-wide login {@link + * javax.security.auth.login.Configuration} to be retrieved.

+ * + *
setLoginConfiguration
+ * + *

Allows the system-wide login {@link + * javax.security.auth.login.Configuration} to be set.

+ * + *
refreshLoginConfiguration
+ * + *

Allows the system-wide login {@link + * javax.security.auth.login.Configuration} to be refreshed.

+ *
+ */ +public final class AuthPermission extends BasicPermission +{ + + /** + * Creates a new authentication permission for the given target name. + * + * @param name The target name. + */ + public AuthPermission (String name) + { + super (name); + } + + /** + * Creates a new authentication permission for the given target name. + * The actions list is not used by this class. + * + * @param name The target name. + * @param actions The action list. + */ + public AuthPermission (String name, String actions) + { + super (name, actions); + } +} diff --git a/libjava/classpath/javax/security/auth/DestroyFailedException.java b/libjava/classpath/javax/security/auth/DestroyFailedException.java new file mode 100644 index 000000000..98de82bd4 --- /dev/null +++ b/libjava/classpath/javax/security/auth/DestroyFailedException.java @@ -0,0 +1,67 @@ +/* DestroyFailedException.java -- signals an object could not be destroyed. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.security.auth; + +/** + * An exception thrown when the {@link Destroyable#destroy()} method + * fails for a credential. + * + * @see Destroyable + */ +public class DestroyFailedException extends Exception +{ + + /** + * Creates a new DestroyFailedException with no detail message. + */ + public DestroyFailedException() + { + super(); + } + + /** + * Creates a new DestroyFailedException with a detail message. + * + * @param message The detail message. + */ + public DestroyFailedException (String message) + { + super (message); + } +} diff --git a/libjava/classpath/javax/security/auth/Destroyable.java b/libjava/classpath/javax/security/auth/Destroyable.java new file mode 100644 index 000000000..1ebd85c07 --- /dev/null +++ b/libjava/classpath/javax/security/auth/Destroyable.java @@ -0,0 +1,64 @@ +/* Destroyable.java -- an immutable object that may be destroyed. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.security.auth; + +/** + * An interface for objects that are immutable but whose sensitive + * data may be wiped out. + */ +public interface Destroyable +{ + + /** + * Destroy this object, clearing all sensitive fields appropriately. + * + * @throws DestroyFailedException If this object could not be + * destroyed. + * @throws SecurityException If the caller does not have permission + * to destroy this object. + */ + void destroy() throws DestroyFailedException; + + /** + * Tells whether or not this object has been destroyed. + * + * @return True if this object has been destroyed. + */ + boolean isDestroyed(); +} diff --git a/libjava/classpath/javax/security/auth/Policy.java b/libjava/classpath/javax/security/auth/Policy.java new file mode 100644 index 000000000..4da9a84df --- /dev/null +++ b/libjava/classpath/javax/security/auth/Policy.java @@ -0,0 +1,79 @@ +/* Policy.java -- deprecated precursor to java.security.Policy. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.security.auth; + +import java.security.CodeSource; +import java.security.PermissionCollection; + +/** + * @deprecated The classes java.security.Policy and + * java.security.ProtectionDomain provide the functionality of this class. + */ +public abstract class Policy +{ + + private static Policy policy; + + protected Policy() + { + } + + public static synchronized Policy getPolicy() + { + SecurityManager sm = System.getSecurityManager(); + if (sm != null) + { + sm.checkPermission (new AuthPermission ("getPolicy")); + } + return policy; + } + + public static synchronized void setPolicy (Policy p) + { + SecurityManager sm = System.getSecurityManager(); + if (sm != null) + { + sm.checkPermission (new AuthPermission ("setPolicy")); + } + policy = p; + } + + public abstract PermissionCollection getPermissions (Subject subject, CodeSource source); + public abstract void refresh(); +} diff --git a/libjava/classpath/javax/security/auth/PrivateCredentialPermission.java b/libjava/classpath/javax/security/auth/PrivateCredentialPermission.java new file mode 100644 index 000000000..1982eef3d --- /dev/null +++ b/libjava/classpath/javax/security/auth/PrivateCredentialPermission.java @@ -0,0 +1,326 @@ +/* PrivateCredentialPermission.java -- permissions governing private credentials. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.security.auth; + +import java.io.Serializable; + +import java.security.Permission; +import java.security.PermissionCollection; + +import java.util.HashSet; +import java.util.Iterator; +import java.util.Set; +import java.util.StringTokenizer; + +/** + * A permission governing access to a private credential. The action of this + * permission is always "read" -- meaning that the private credential + * information can be read from an object. + * + *

The target of this permission is formatted as follows:

+ * + *

CredentialClassName ( PrinicpalClassName PrincipalName )*

+ * + *

CredentialClassName is either the name of a private credential + * class name, or a wildcard character ('*'). + * PrinicpalClassName is the class name of a principal object, and + * PrincipalName is a string representing the principal, or the + * wildcard character.

+ */ +public final class PrivateCredentialPermission extends Permission + implements Serializable +{ + /** + * For compatability with Sun's JDK 1.4.2 rev. 5 + */ + private static final long serialVersionUID = 5284372143517237068L; + + // Fields. + // ------------------------------------------------------------------------- + + /** + * @serial The credential class name. + */ + private final String credentialClass; + + /** + * @serial The principals, a set of CredOwner objects (an undocumented + * inner class of this class). + */ + private final Set principals; + + /** + * @serial Who knows? + */ + private final boolean testing; + + // Constructor. + // ------------------------------------------------------------------------- + + /** + * Create a new private credential permission. + * + * @param name The permission target name. + * @param actions The list of actions, which, for this class, must be + * "read". + */ + public PrivateCredentialPermission (final String name, String actions) + { + super(name); + actions = actions.trim().toLowerCase(); + if (!"read".equals (actions)) + { + throw new IllegalArgumentException("actions must be \"read\""); + } + StringTokenizer st = new StringTokenizer (name, " \"'"); + principals = new HashSet(); + if (st.countTokens() < 3 || (st.countTokens() & 1) == 0) + { + throw new IllegalArgumentException ("badly formed credential name"); + } + credentialClass = st.nextToken(); + while (st.hasMoreTokens()) + { + principals.add (new CredOwner (st.nextToken(), st.nextToken())); + } + testing = false; // WTF ever. + } + + // Instance methods. + // ------------------------------------------------------------------------- + + public boolean equals (Object o) + { + if (! (o instanceof PrivateCredentialPermission)) + { + return false; + } + PrivateCredentialPermission that = (PrivateCredentialPermission) o; + if (!that.getActions().equals (getActions())) + { + return false; + } + if (!that.getCredentialClass().equals (getCredentialClass())) + { + return false; + } + + final String[][] principals = getPrincipals(); + final String[][] that_principals = that.getPrincipals(); + if (that_principals == null) + { + return false; + } + if (that_principals.length != principals.length) + { + return false; + } + for (int i = 0; i < principals.length; i++) + { + if (!principals[i][0].equals (that_principals[i][0]) || + !principals[i][1].equals (that_principals[i][1])) + { + return false; + } + } + return true; + } + + /** + * Returns the actions this permission encompasses. For private credential + * permissions, this is always the string "read". + * + * @return The list of actions. + */ + public String getActions() + { + return "read"; + } + + /** + * Returns the credential class name that was embedded in this permission's + * target name. + * + * @return The credential class name. + */ + public String getCredentialClass() + { + return credentialClass; + } + + /** + * Returns the principal list that was embedded in this permission's target + * name. + * + *

Each element of the returned array is a pair; the first element is the + * principal class name, and the second is the principal name. + * + * @return The principal list. + */ + public String[][] getPrincipals() + { + String[][] ret = new String[principals.size()][]; + Iterator it = principals.iterator(); + for (int i = 0; i < principals.size() && it.hasNext(); i++) + { + CredOwner co = (CredOwner) it.next(); + ret[i] = new String[] { co.getPrincipalClass(), co.getPrincipalName() }; + } + return ret; + } + + public int hashCode() + { + return credentialClass.hashCode() + principals.hashCode(); + } + + /** + * Test if this permission implies another. This method returns true if: + * + *

    + *
  1. p is an instance of PrivateCredentialPermission
  2. . + *
  3. The credential class name of this instance matches that of p, + * and one of the principals of p is contained in the principals of + * this class. Thus, + *
      + *
    • [ * P "foo" ] implies [ C P "foo" ]
    • + *
    • [ C P1 "foo" ] implies [ C P1 "foo" P2 "bar" ]
    • + *
    • [ C P1 "*" ] implies [ C P1 "foo" ]
    • + *
    + *
+ * + * @param p The permission to check. + * @return True if this permission implies p. + */ + public boolean implies (Permission p) + { + if (! (p instanceof PrivateCredentialPermission)) + { + return false; + } + PrivateCredentialPermission that = (PrivateCredentialPermission) p; + if (!credentialClass.equals ("*") + && !credentialClass.equals (that.getCredentialClass())) + { + return false; + } + String[][] principals = getPrincipals(); + String[][] that_principals = that.getPrincipals(); + if (that_principals == null) + { + return false; + } + for (int i = 0; i < principals.length; i++) + { + for (int j = 0; j < that_principals.length; j++) + { + if (principals[i][0].equals (that_principals[j][0]) && + (principals[i][1].equals ("*") || + principals[i][1].equals (that_principals[j][1]))) + { + return true; + } + } + } + return false; + } + + /** + * This method is not necessary for this class, thus it always returns null. + * + * @return null. + */ + public PermissionCollection newPermissionCollection() + { + return null; + } + + // Inner class. + // ------------------------------------------------------------------------- + + /** + * An undocumented inner class present for serialization compatibility. + */ + private static class CredOwner implements Serializable + { + + // Fields. + // ----------------------------------------------------------------------- + + private final String principalClass; + private final String principalName; + + // Constructor. + // ----------------------------------------------------------------------- + + CredOwner (final String principalClass, final String principalName) + { + this.principalClass = principalClass; + this.principalName = principalName; + } + + // Instance methods. + // ----------------------------------------------------------------------- + + public boolean equals (Object o) + { + if (!(o instanceof CredOwner)) + { + return false; + } + return principalClass.equals (((CredOwner) o).getPrincipalClass()) && + principalName.equals (((CredOwner) o).getPrincipalName()); + } + + public int hashCode() + { + return principalClass.hashCode() + principalName.hashCode(); + } + + public String getPrincipalClass() + { + return principalClass; + } + + public String getPrincipalName() + { + return principalName; + } + } +} diff --git a/libjava/classpath/javax/security/auth/RefreshFailedException.java b/libjava/classpath/javax/security/auth/RefreshFailedException.java new file mode 100644 index 000000000..6b8f94dcd --- /dev/null +++ b/libjava/classpath/javax/security/auth/RefreshFailedException.java @@ -0,0 +1,63 @@ +/* RefreshFailedException.java -- signals a failed refresh. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.security.auth; + +/** + * A signal that a call to {@link Refreshable#refresh()} failed. + */ +public class RefreshFailedException extends Exception +{ + + /** + * Create a new RefreshFailedException with no detail message. + */ + public RefreshFailedException() + { + } + + /** + * Create a new RefreshFailedException with a detail message. + * + * @param message The detail message. + */ + public RefreshFailedException (String message) + { + super (message); + } +} diff --git a/libjava/classpath/javax/security/auth/Refreshable.java b/libjava/classpath/javax/security/auth/Refreshable.java new file mode 100644 index 000000000..14d766079 --- /dev/null +++ b/libjava/classpath/javax/security/auth/Refreshable.java @@ -0,0 +1,65 @@ +/* Refreshable.java -- an object whose state may be refreshed. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.security.auth; + +/** + * An object whose internal state may be refreshed: as in a + * credential object with a expiry date. + */ +public interface Refreshable +{ + + /** + * Tells whether or not this object is current. Refreshable objects that + * are not current may need to be refreshed. + * + * @return Whether this object is current. + */ + boolean isCurrent(); + + /** + * Refresh this object. The process involved in refreshing an object is + * per-implementation dependent. + * + * @throws RefreshFailedException If refreshing this object fails. + * @throws SecurityException If the caller does not have permission to + * refresh, or to take the steps involved in refreshing, this object. + */ + void refresh() throws RefreshFailedException; +} diff --git a/libjava/classpath/javax/security/auth/Subject.java b/libjava/classpath/javax/security/auth/Subject.java new file mode 100644 index 000000000..e9b0804a5 --- /dev/null +++ b/libjava/classpath/javax/security/auth/Subject.java @@ -0,0 +1,557 @@ +/* Subject.java -- a single entity in the system. + Copyright (C) 2004, 2005 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.security.auth; + +import java.io.IOException; +import java.io.ObjectInputStream; +import java.io.ObjectOutputStream; +import java.io.Serializable; + +import java.security.AccessControlContext; +import java.security.AccessController; +import java.security.DomainCombiner; +import java.security.Principal; +import java.security.PrivilegedAction; +import java.security.PrivilegedActionException; +import java.security.PrivilegedExceptionAction; + +import java.util.AbstractSet; +import java.util.Collection; +import java.util.Collections; +import java.util.HashSet; +import java.util.Iterator; +import java.util.LinkedList; +import java.util.Set; + +public final class Subject implements Serializable +{ + // Fields. + // ------------------------------------------------------------------------- + + private static final long serialVersionUID = -8308522755600156056L; + + /** + * @serial The set of principals. The type of this field is SecureSet, a + * private inner class. + */ + private final Set principals; + + /** + * @serial The read-only flag. + */ + private boolean readOnly; + + private final transient SecureSet pubCred; + private final transient SecureSet privCred; + + // Constructors. + // ------------------------------------------------------------------------- + + public Subject() + { + principals = new SecureSet (this, SecureSet.PRINCIPALS); + pubCred = new SecureSet (this, SecureSet.PUBLIC_CREDENTIALS); + privCred = new SecureSet (this, SecureSet.PRIVATE_CREDENTIALS); + readOnly = false; + } + + public Subject (final boolean readOnly, + final Set principals, + final Set pubCred, final Set privCred) + { + if (principals == null || pubCred == null || privCred == null) + { + throw new NullPointerException(); + } + this.principals = new SecureSet (this, SecureSet.PRINCIPALS, principals); + this.pubCred = new SecureSet (this, SecureSet.PUBLIC_CREDENTIALS, pubCred); + this.privCred = new SecureSet (this, SecureSet.PRIVATE_CREDENTIALS, privCred); + this.readOnly = readOnly; + } + + // Class methods. + // ------------------------------------------------------------------------- + + /** + *

Returns the subject associated with the given {@link + * AccessControlContext}.

+ * + *

All this method does is retrieve the Subject object from the supplied + * context's {@link DomainCombiner}, if any, and if it is an instance of + * a {@link SubjectDomainCombiner}. + * + * @param context The context to retrieve the subject from. + * @return The subject assoctiated with the context, or null + * if there is none. + * @throws NullPointerException If subject is null. + * @throws SecurityException If the caller does not have permission to get + * the subject ("getSubject" target of {@link AuthPermission}. + */ + public static Subject getSubject (final AccessControlContext context) + { + final SecurityManager sm = System.getSecurityManager(); + if (sm != null) + { + sm.checkPermission (new AuthPermission ("getSubject")); + } + DomainCombiner dc = context.getDomainCombiner(); + if (!(dc instanceof SubjectDomainCombiner)) + { + return null; + } + return ((SubjectDomainCombiner) dc).getSubject(); + } + + /** + *

Run a method as another subject. This method will obtain the current + * {@link AccessControlContext} for this thread, then creates another with + * a {@link SubjectDomainCombiner} with the given subject. The supplied + * action will then be run with the modified context.

+ * + * @param subject The subject to run as. + * @param action The action to run. + * @return The value returned by the privileged action. + * @throws SecurityException If the caller is not allowed to run under a + * different identity ("doAs" target of {@link AuthPermission}. + */ + public static Object doAs (final Subject subject, final PrivilegedAction action) + { + final SecurityManager sm = System.getSecurityManager(); + if (sm != null) + { + sm.checkPermission (new AuthPermission ("doAs")); + } + AccessControlContext context = + new AccessControlContext (AccessController.getContext(), + new SubjectDomainCombiner (subject)); + return AccessController.doPrivileged (action, context); + } + + /** + *

Run a method as another subject. This method will obtain the current + * {@link AccessControlContext} for this thread, then creates another with + * a {@link SubjectDomainCombiner} with the given subject. The supplied + * action will then be run with the modified context.

+ * + * @param subject The subject to run as. + * @param action The action to run. + * @return The value returned by the privileged action. + * @throws SecurityException If the caller is not allowed to run under a + * different identity ("doAs" target of {@link AuthPermission}. + * @throws PrivilegedActionException If the action throws an exception. + */ + public static Object doAs (final Subject subject, + final PrivilegedExceptionAction action) + throws PrivilegedActionException + { + final SecurityManager sm = System.getSecurityManager(); + if (sm != null) + { + sm.checkPermission (new AuthPermission ("doAs")); + } + AccessControlContext context = + new AccessControlContext (AccessController.getContext(), + new SubjectDomainCombiner(subject)); + return AccessController.doPrivileged (action, context); + } + + /** + *

Run a method as another subject. This method will create a new + * {@link AccessControlContext} derived from the given one, with a + * {@link SubjectDomainCombiner} with the given subject. The supplied + * action will then be run with the modified context.

+ * + * @param subject The subject to run as. + * @param action The action to run. + * @param acc The context to use. + * @return The value returned by the privileged action. + * @throws SecurityException If the caller is not allowed to run under a + * different identity ("doAsPrivileged" target of {@link + * AuthPermission}. + */ + public static Object doAsPrivileged (final Subject subject, + final PrivilegedAction action, + final AccessControlContext acc) + { + final SecurityManager sm = System.getSecurityManager(); + if (sm != null) + { + sm.checkPermission (new AuthPermission ("doAsPrivileged")); + } + AccessControlContext context = + new AccessControlContext (acc, new SubjectDomainCombiner (subject)); + return AccessController.doPrivileged (action, context); + } + + /** + *

Run a method as another subject. This method will create a new + * {@link AccessControlContext} derived from the given one, with a + * {@link SubjectDomainCombiner} with the given subject. The supplied + * action will then be run with the modified context.

+ * + * @param subject The subject to run as. + * @param action The action to run. + * @param acc The context to use. + * @return The value returned by the privileged action. + * @throws SecurityException If the caller is not allowed to run under a + * different identity ("doAsPrivileged" target of + * {@link AuthPermission}. + * @throws PrivilegedActionException If the action throws an exception. + */ + public static Object doAsPrivileged (final Subject subject, + final PrivilegedExceptionAction action, + AccessControlContext acc) + throws PrivilegedActionException + { + final SecurityManager sm = System.getSecurityManager(); + if (sm != null) + { + sm.checkPermission (new AuthPermission ("doAsPrivileged")); + } + if (acc == null) + acc = new AccessControlContext (new java.security.ProtectionDomain[0]); + AccessControlContext context = + new AccessControlContext (acc, new SubjectDomainCombiner (subject)); + return AccessController.doPrivileged (action, context); + } + + // Instance methods. + // ------------------------------------------------------------------------- + + public boolean equals (Object o) + { + if (!(o instanceof Subject)) + { + return false; + } + Subject that = (Subject) o; + return principals.containsAll (that.getPrincipals()) && + pubCred.containsAll (that.getPublicCredentials()) && + privCred.containsAll (that.getPrivateCredentials()); + } + + public Set getPrincipals() + { + return principals; + } + + public Set getPrincipals(Class clazz) + { + HashSet result = new HashSet (principals.size()); + for (Iterator it = principals.iterator(); it.hasNext(); ) + { + Object o = it.next(); + if (o != null && clazz.isAssignableFrom (o.getClass())) + { + result.add(o); + } + } + return Collections.unmodifiableSet (result); + } + + public Set getPrivateCredentials() + { + return privCred; + } + + public Set getPrivateCredentials (Class clazz) + { + HashSet result = new HashSet (privCred.size()); + for (Iterator it = privCred.iterator(); it.hasNext(); ) + { + Object o = it.next(); + if (o != null && clazz.isAssignableFrom (o.getClass())) + { + result.add(o); + } + } + return Collections.unmodifiableSet (result); + } + + public Set getPublicCredentials() + { + return pubCred; + } + + public Set getPublicCredentials (Class clazz) + { + HashSet result = new HashSet (pubCred.size()); + for (Iterator it = pubCred.iterator(); it.hasNext(); ) + { + Object o = it.next(); + if (o != null && clazz.isAssignableFrom (o.getClass())) + { + result.add(o); + } + } + return Collections.unmodifiableSet (result); + } + + public int hashCode() + { + return principals.hashCode() + privCred.hashCode() + pubCred.hashCode(); + } + + /** + *

Returns whether or not this subject is read-only.

+ * + * @return True is this subject is read-only. + */ + public boolean isReadOnly() + { + return readOnly; + } + + /** + *

Marks this subject as read-only.

+ * + * @throws SecurityException If the caller does not have permission to + * set this subject as read-only ("setReadOnly" target of + * {@link AuthPermission}. + */ + public void setReadOnly() + { + final SecurityManager sm = System.getSecurityManager(); + if (sm != null) + { + sm.checkPermission (new AuthPermission ("setReadOnly")); + } + readOnly = true; + } + + public String toString() + { + return Subject.class.getName() + " [ principals=" + principals + + ", private credentials=" + privCred + ", public credentials=" + + pubCred + ", read-only=" + readOnly + " ]"; + } + + // Inner class. + // ------------------------------------------------------------------------- + + /** + * An undocumented inner class that is used for sets in the parent class. + */ + private static class SecureSet extends AbstractSet implements Serializable + { + // Fields. + // ----------------------------------------------------------------------- + + private static final long serialVersionUID = 7911754171111800359L; + + static final int PRINCIPALS = 0; + static final int PUBLIC_CREDENTIALS = 1; + static final int PRIVATE_CREDENTIALS = 2; + + private final Subject subject; + private final LinkedList elements; + private final transient int type; + + // Constructors. + // ----------------------------------------------------------------------- + + SecureSet (final Subject subject, final int type, final Collection inElements) + { + this (subject, type); + for (Iterator it = inElements.iterator(); it.hasNext(); ) + { + Object o = it.next(); + if (type == PRINCIPALS && !(o instanceof Principal)) + { + throw new IllegalArgumentException(o+" is not a Principal"); + } + if (!this.elements.contains (o)) + { + this.elements.add (o); + } + } + } + + SecureSet (final Subject subject, final int type) + { + this.subject = subject; + this.type = type; + this.elements = new LinkedList(); + } + + // Instance methods. + // ----------------------------------------------------------------------- + + public synchronized int size() + { + return elements.size(); + } + + public Iterator iterator() + { + return elements.iterator(); + } + + public synchronized boolean add(Object element) + { + if (subject.isReadOnly()) + { + throw new IllegalStateException ("subject is read-only"); + } + final SecurityManager sm = System.getSecurityManager(); + switch (type) + { + case PRINCIPALS: + if (sm != null) + { + sm.checkPermission (new AuthPermission ("modifyPrincipals")); + } + if (!(element instanceof Principal)) + { + throw new IllegalArgumentException ("element is not a Principal"); + } + break; + + case PUBLIC_CREDENTIALS: + if (sm != null) + { + sm.checkPermission (new AuthPermission ("modifyPublicCredentials")); + } + break; + + case PRIVATE_CREDENTIALS: + if (sm != null) + { + sm.checkPermission (new AuthPermission ("modifyPrivateCredentials")); + } + break; + + default: + throw new Error ("this statement should be unreachable"); + } + + if (elements.contains (element)) + { + return false; + } + + return elements.add (element); + } + + public synchronized boolean remove (final Object element) + { + if (subject.isReadOnly()) + { + throw new IllegalStateException ("subject is read-only"); + } + final SecurityManager sm = System.getSecurityManager(); + switch (type) + { + case PRINCIPALS: + if (sm != null) + { + sm.checkPermission (new AuthPermission ("modifyPrincipals")); + } + if (!(element instanceof Principal)) + { + throw new IllegalArgumentException ("element is not a Principal"); + } + break; + + case PUBLIC_CREDENTIALS: + if (sm != null) + { + sm.checkPermission (new AuthPermission ("modifyPublicCredentials")); + } + break; + + case PRIVATE_CREDENTIALS: + if (sm != null) + { + sm.checkPermission (new AuthPermission ("modifyPrivateCredentials")); + } + break; + + default: + throw new Error("this statement should be unreachable"); + } + + return elements.remove(element); + } + + public synchronized boolean contains (final Object element) + { + return elements.contains (element); + } + + public boolean removeAll (final Collection c) + { + if (subject.isReadOnly()) + { + throw new IllegalStateException ("subject is read-only"); + } + return super.removeAll (c); + } + + public boolean retainAll (final Collection c) + { + if (subject.isReadOnly()) + { + throw new IllegalStateException ("subject is read-only"); + } + return super.retainAll (c); + } + + public void clear() + { + if (subject.isReadOnly()) + { + throw new IllegalStateException ("subject is read-only"); + } + elements.clear(); + } + + private synchronized void writeObject (ObjectOutputStream out) + throws IOException + { + throw new UnsupportedOperationException ("FIXME: determine serialization"); + } + + private void readObject (ObjectInputStream in) + throws ClassNotFoundException, IOException + { + throw new UnsupportedOperationException ("FIXME: determine serialization"); + } + } +} diff --git a/libjava/classpath/javax/security/auth/SubjectDomainCombiner.java b/libjava/classpath/javax/security/auth/SubjectDomainCombiner.java new file mode 100644 index 000000000..927e7479d --- /dev/null +++ b/libjava/classpath/javax/security/auth/SubjectDomainCombiner.java @@ -0,0 +1,97 @@ +/* SubjectDomainCombiner.java -- domain combiner for Subjects. + Copyright (C) 2004, 2005 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.security.auth; + +import java.security.DomainCombiner; +import java.security.Principal; +import java.security.ProtectionDomain; + +import java.util.LinkedList; + +public class SubjectDomainCombiner implements DomainCombiner +{ + + // Field. + // ------------------------------------------------------------------------- + + private final Subject subject; + + // Constructor. + // ------------------------------------------------------------------------- + + public SubjectDomainCombiner (final Subject subject) + { + this.subject = subject; + } + + // Instance methods. + // ------------------------------------------------------------------------- + + public ProtectionDomain[] combine (final ProtectionDomain[] current, + final ProtectionDomain[] assigned) + { + LinkedList domains = new LinkedList(); + Principal[] principals = null; + if (subject != null) + principals = (Principal[]) subject.getPrincipals().toArray (new Principal[0]); + if (current != null) + { + for (int i = 0; i < current.length; i++) + { + domains.add (new ProtectionDomain (current[i].getCodeSource(), + current[i].getPermissions(), + current[i].getClassLoader(), + principals)); + } + } + if (assigned != null) + { + for (int i = 0; i < assigned.length; i++) + { + domains.add (assigned[i]); + } + } + return (ProtectionDomain[]) domains.toArray (new ProtectionDomain[domains.size()]); + } + + public Subject getSubject() + { + return subject; + } +} diff --git a/libjava/classpath/javax/security/auth/callback/Callback.java b/libjava/classpath/javax/security/auth/callback/Callback.java new file mode 100644 index 000000000..359828e1a --- /dev/null +++ b/libjava/classpath/javax/security/auth/callback/Callback.java @@ -0,0 +1,64 @@ +/* Callback.java -- marker interface for callback classes + Copyright (C) 2003, Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.security.auth.callback; + +/** + *

Implementations of this interface are passed to a {@link CallbackHandler}, + * allowing underlying security services the ability to interact with a calling + * application to retrieve specific authentication data such as usernames and + * passwords, or to display certain information, such as error and warning + * messages.

+ * + *

Callback implementations do not retrieve or display the + * information requested by underlying security services. Callback + * implementations simply provide the means to pass such requests to + * applications, and for applications, if appropriate, to return requested + * information back to the underlying security services.

+ * + * @see CallbackHandler + * @see ChoiceCallback + * @see ConfirmationCallback + * @see LanguageCallback + * @see NameCallback + * @see PasswordCallback + * @see TextInputCallback + * @see TextOutputCallback + */ +public interface Callback { +} diff --git a/libjava/classpath/javax/security/auth/callback/CallbackHandler.java b/libjava/classpath/javax/security/auth/callback/CallbackHandler.java new file mode 100644 index 000000000..8d22943ca --- /dev/null +++ b/libjava/classpath/javax/security/auth/callback/CallbackHandler.java @@ -0,0 +1,155 @@ +/* CallbackHandler.java -- base interface for callback handlers. + Copyright (C) 2003, Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.security.auth.callback; + +import java.io.IOException; + +/** + *

An application implements a CallbackHandler and passes it to + * underlying security services so that they may interact with the application + * to retrieve specific authentication data, such as usernames and passwords, or + * to display certain information, such as error and warning messages.

+ * + *

CallbackHandlers are implemented in an application-dependent + * fashion. For example, implementations for an application with a graphical + * user interface (GUI) may pop up windows to prompt for requested information + * or to display error messages. An implementation may also choose to obtain + * requested information from an alternate source without asking the end user.

+ * + *

Underlying security services make requests for different types of + * information by passing individual Callbacks to the CallbackHandler. + * The CallbackHandler implementation decides how to retrieve and + * display information depending on the {@link Callback}s passed to it. For + * example, if the underlying service needs a username and password to + * authenticate a user, it uses a {@link NameCallback} and + * {@link PasswordCallback}. The CallbackHandler can then choose + * to prompt for a username and password serially, or to prompt for both in a + * single window.

+ * + *

A default CallbackHandler class implementation may be + * specified in the auth.login.defaultCallbackHandler security + * property. The security property can be set in the Java security properties + * file located in the file named + * <JAVA_HOME>/lib/security/java.security, where + * <JAVA_HOME> refers to the directory where the SDK was + * installed.

+ * + *

If the security property is set to the fully qualified name of a + * CallbackHandler implementation class, then a + * LoginContextwill load the specified CallbackHandler + * and pass it to the underlying LoginModules. The + * LoginContext only loads the default handler if one was not + * provided.

+ * + *

All default handler implementations must provide a public zero-argument + * constructor.

+ * + */ +public interface CallbackHandler +{ + + /** + *

Retrieve or display the information requested in the provided + * {@link Callback}s.

+ * + *

The handle() method implementation checks the instance(s) + * of the {@link Callback} object(s) passed in to retrieve or display the + * requested information. The following example is provided to help + * demonstrate what an handle() method implementation might look + * like. This example code is for guidance only. Many details, including + * proper error handling, are left out for simplicity.

+ * + *
+   *public void handle(Callback[] callbacks)
+   *throws IOException, UnsupportedCallbackException {
+   *   for (int i = 0; i < callbacks.length; i++) {
+   *      if (callbacks[i] instanceof TextOutputCallback) {
+   *         // display the message according to the specified type
+   *         TextOutputCallback toc = (TextOutputCallback)callbacks[i];
+   *         switch (toc.getMessageType()) {
+   *         case TextOutputCallback.INFORMATION:
+   *            System.out.println(toc.getMessage());
+   *            break;
+   *         case TextOutputCallback.ERROR:
+   *            System.out.println("ERROR: " + toc.getMessage());
+   *            break;
+   *         case TextOutputCallback.WARNING:
+   *            System.out.println("WARNING: " + toc.getMessage());
+   *            break;
+   *         default:
+   *            throw new IOException("Unsupported message type: "
+   *                  + toc.getMessageType());
+   *         }
+   *      } else if (callbacks[i] instanceof NameCallback) {
+   *         // prompt the user for a username
+   *         NameCallback nc = (NameCallback)callbacks[i];
+   *         // ignore the provided defaultName
+   *         System.err.print(nc.getPrompt());
+   *         System.err.flush();
+   *         nc.setName((new BufferedReader(
+   *               new InputStreamReader(System.in))).readLine());
+   *      } else if (callbacks[i] instanceof PasswordCallback) {
+   *         // prompt the user for sensitive information
+   *         PasswordCallback pc = (PasswordCallback)callbacks[i];
+   *         System.err.print(pc.getPrompt());
+   *         System.err.flush();
+   *         pc.setPassword(readPassword(System.in));
+   *      } else {
+   *         throw new UnsupportedCallbackException(
+   *               callbacks[i], "Unrecognized Callback");
+   *      }
+   *   }
+   *}
+   *
+   * // Reads user password from given input stream.
+   *private char[] readPassword(InputStream in) throws IOException {
+   *   // insert code to read a user password from the input stream
+   *}
+   * 
+ * + * @param callbacks an array of {@link Callback} objects provided by an + * underlying security service which contains the information requested to + * be retrieved or displayed. + * @throws IOException if an input or output error occurs. + * @throws UnsupportedCallbackException if the implementation of this method + * does not support one or more of the Callbacks specified in the + * callbacks parameter. + */ + void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException; +} diff --git a/libjava/classpath/javax/security/auth/callback/ChoiceCallback.java b/libjava/classpath/javax/security/auth/callback/ChoiceCallback.java new file mode 100644 index 000000000..30bddd559 --- /dev/null +++ b/libjava/classpath/javax/security/auth/callback/ChoiceCallback.java @@ -0,0 +1,236 @@ +/* ChoiceCallback.java -- callback for a choice of values. + Copyright (C) 2003, Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.security.auth.callback; + +import java.io.Serializable; + +/** + * Underlying security services instantiate and pass a + * ChoiceCallback to the handle() method of a + * {@link CallbackHandler} to display a list of choices and to retrieve the + * selected choice(s). + * + * @see CallbackHandler + */ +public class ChoiceCallback implements Callback, Serializable +{ + + // Constants and variables + // ------------------------------------------------------------------------- + + /** + * @serial + * @since 1.4 + */ + private String prompt; + + /** + * @serial the list of choices. + * @since 1.4 + */ + private String[] choices; + + /** + * @serial the choice to be used as the default choice. + * @since 1.4 + */ + private int defaultChoice; + + /** + * @serial whether multiple selections are allowed from the list of choices. + * @since 1.4 + */ + private boolean multipleSelectionsAllowed; + + /** + * @serial the selected choices, represented as indexes into the choices list. + * @since 1.4 + */ + private int[] selections; + + // Constructor(s) + //-------------------------------------------------------------------------- + + /** + * Construct a ChoiceCallback with a prompt, a list of choices, + * a default choice, and a boolean specifying whether or not multiple + * selections from the list of choices are allowed. + * + * @param prompt the prompt used to describe the list of choices. + * @param choices the list of choices. + * @param defaultChoice the choice to be used as the default choice when the + * list of choices are displayed. This value is represented as an index into + * the choices array. + * @param multipleSelectionsAllowed boolean specifying whether or not + * multiple selections can be made from the list of choices. + * @throws IllegalArgumentException if prompt is null, + * if prompt has a length of 0, if choices + * is null, if choices has a length of 0, + * if any element from choices is null, if any + * element from choices has a length of 0 or if + * defaultChoice does not fall within the array boundaries of + * choices. + */ + public ChoiceCallback(String prompt, String[] choices, int defaultChoice, + boolean multipleSelectionsAllowed) + { + super(); + + setPrompt(prompt); + setChoices(choices); + if (defaultChoice < 0 || defaultChoice >= this.choices.length) + { + throw new IllegalArgumentException("default choice is out of bounds"); + } + this.defaultChoice = defaultChoice; + this.multipleSelectionsAllowed = multipleSelectionsAllowed; + } + + // Instance methods + // ------------------------------------------------------------------------- + + /** + * Get the prompt. + * + * @return the prompt. + */ + public String getPrompt() + { + return prompt; + } + + /** + * Get the list of choices. + * + * @return the list of choices. + */ + public String[] getChoices() + { + return choices; + } + + /** + * Get the defaultChoice. + * + * @return the defaultChoice, represented as an index into the choices list. + */ + public int getDefaultChoice() + { + return defaultChoice; + } + + /** + * Get the boolean determining whether multiple selections from the choices + * list are allowed. + * + * @return whether multiple selections are allowed. + */ + public boolean allowMultipleSelections() + { + return multipleSelectionsAllowed; + } + + /** + * Set the selected choice. + * + * @param selection the selection represented as an index into the choices + * list. + * @see #getSelectedIndexes() + */ + public void setSelectedIndex(int selection) + { + this.selections = new int[1]; + this.selections[0] = selection; + } + + /** + * Set the selected choices. + * + * @param selections the selections represented as indexes into the choices + * list. + * @throws UnsupportedOperationException if multiple selections are not + * allowed, as determined by allowMultipleSelections. + * @see #getSelectedIndexes() + */ + public void setSelectedIndexes(int[] selections) + { + if (!multipleSelectionsAllowed) + { + throw new UnsupportedOperationException("not allowed"); + } + + this.selections = selections; + } + + /** + * Get the selected choices. + * + * @return the selected choices, represented as indexes into the choices list. + * @see #setSelectedIndexes(int[]) + */ + public int[] getSelectedIndexes() + { + return selections; + } + + private void setPrompt(String prompt) throws IllegalArgumentException + { + if ((prompt == null) || (prompt.length() == 0)) + { + throw new IllegalArgumentException("invalid prompt"); + } + this.prompt = prompt; + } + + private void setChoices(String[] choices) throws IllegalArgumentException + { + if (choices == null || choices.length == 0) + { + throw new IllegalArgumentException("invalid choices"); + } + for (int i = 0; i < choices.length; i++) + { + if (choices[i] == null || choices[i].length() == 0) + { + throw new IllegalArgumentException("invalid choice at index #"+i); + } + } + this.choices = choices; + } +} diff --git a/libjava/classpath/javax/security/auth/callback/ConfirmationCallback.java b/libjava/classpath/javax/security/auth/callback/ConfirmationCallback.java new file mode 100644 index 000000000..8f89bf5fa --- /dev/null +++ b/libjava/classpath/javax/security/auth/callback/ConfirmationCallback.java @@ -0,0 +1,505 @@ +/* ConfirmationCallback.java -- callback for confirmations. + Copyright (C) 2003, Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.security.auth.callback; + +import java.io.Serializable; + +/** + * Underlying security services instantiate and pass a + * ConfirmationCallback to the handle() method of a + * {@link CallbackHandler} to ask for YES/NO, OK/CANCEL, YES/NO/CANCEL or other + * similar confirmations. + * + * @see CallbackHandler + */ +public class ConfirmationCallback implements Callback, Serializable +{ + + // Constants and variables + // ------------------------------------------------------------------------- + + /** + *

Unspecified option type.

+ * + *

The getOptionType method returns this value if this + * ConfirmationCallback was instantiated with options + * instead of an optionType.

+ */ + public static final int UNSPECIFIED_OPTION = -1; + + /** + *

YES/NO confirmation option.

+ * + *

An underlying security service specifies this as the optionType + * to a ConfirmationCallback constructor if it requires a + * confirmation which can be answered with either YES or + * NO.

+ */ + public static final int YES_NO_OPTION = 0; + + /** + *

YES/NO/CANCEL confirmation confirmation option.

+ * + *

An underlying security service specifies this as the optionType + * to a ConfirmationCallback constructor if it requires a + * confirmation which can be answered with either YES, + * NO or CANCEL. + */ + public static final int YES_NO_CANCEL_OPTION = 1; + + /** + *

OK/CANCEL confirmation confirmation option.

+ * + *

An underlying security service specifies this as the optionType + * to a ConfirmationCallback constructor if it requires a + * confirmation which can be answered with either OK or + * CANCEL.

+ */ + public static final int OK_CANCEL_OPTION = 2; + + /** + *

YES option.

+ * + *

If an optionType was specified to this + * ConfirmationCallback, this option may be specified as a + * defaultOption or returned as the selected index.

+ */ + public static final int YES = 0; + + /** + *

NO option.

+ * + *

If an optionType was specified to this + * ConfirmationCallback, this option may be specified as a + * defaultOption or returned as the selected index.

+ */ + public static final int NO = 1; + + /** + *

CANCEL option.

+ * + *

If an optionType was specified to this + * ConfirmationCallback, this option may be specified as a + * defaultOption or returned as the selected index.

+ */ + public static final int CANCEL = 2; + + /** + *

OK option.

+ * + *

If an optionType was specified to this + * ConfirmationCallback, this option may be specified as a + * defaultOption or returned as the selected index.

+ */ + public static final int OK = 3; + + /** INFORMATION message type. */ + public static final int INFORMATION = 0; + + /** WARNING message type. */ + public static final int WARNING = 1; + + /** ERROR message type. */ + public static final int ERROR = 2; + + /** + * @serial + * @since 1.4 + */ + private String prompt; + + /** + * @serial + * @since 1.4 + */ + private int messageType; + + /** + * @serial + * @since 1.4 + */ + private int optionType; + + /** + * @serial + * @since 1.4 + */ + private int defaultOption; + + /** + * @serial + * @since 1.4 + */ + private String[] options = null; + + /** + * @serial + * @since 1.4 + */ + private int selection; + + // Constructor(s) + // ------------------------------------------------------------------------- + + /** + *

Construct a ConfirmationCallback with a message type, an + * option type and a default option.

+ * + *

Underlying security services use this constructor if they require + * either a YES/NO, YES/NO/CANCEL or OK/CANCEL confirmation.

+ * + * @param messageType the message type (INFORMATION, WARNING or ERROR). + * @param optionType the option type (YES_NO_OPTION, YES_NO_CANCEL_OPTION or + * OK_CANCEL_OPTION). + * @param defaultOption the default option from the provided optionType (YES, + * NO, CANCEL or OK). + * @throws IllegalArgumentException if messageType is not either + * INFORMATION, WARNING, or ERROR, if + * optionType is not either YES_NO_OPTION, + * YES_NO_CANCEL_OPTION, or OK_CANCEL_OPTION, or if + * defaultOption does not correspond to one of the options in + * optionType. + */ + public ConfirmationCallback(int messageType, int optionType, int defaultOption) + throws IllegalArgumentException + { + super(); + + setMessageType(messageType); + setOptionType(optionType, defaultOption); + this.defaultOption = defaultOption; + } + + /** + *

Construct a ConfirmationCallback with a message type, a + * list of options and a default option.

+ * + *

Underlying security services use this constructor if they require a + * confirmation different from the available preset confirmations provided + * (for example, CONTINUE/ABORT or STOP/GO). The confirmation options are + * listed in the options array, and are displayed by the + * {@link CallbackHandler} implementation in a manner consistent with the + * way preset options are displayed.

+ * + * @param messageType the message type (INFORMATION, WARNING or ERROR). + * @param options the list of confirmation options. + * @param defaultOption the default option, represented as an index into the + * options array. + * @throws IllegalArgumentException if messageType is not either + * INFORMATION, WARNING, or ERROR, if + * options is null, if options has a + * length of 0, if any element from options is + * null, if any element from options has a length + * of 0, or if defaultOption does not lie within + * the array boundaries of options. + */ + public ConfirmationCallback(int messageType, String[] options, int defaultOption) + { + super(); + + setMessageType(messageType); + setOptions(options, defaultOption); + this.defaultOption = defaultOption; + } + + /** + *

Construct a ConfirmationCallback with a prompt, message + * type, an option type and a default option.

+ * + *

Underlying security services use this constructor if they require + * either a YES/NO, YES/NO/CANCEL or OK/CANCEL confirmation.

+ * + * @param prompt the prompt used to describe the list of options. + * @param messageType the message type (INFORMATION, WARNING or ERROR). + * @param optionType the option type (YES_NO_OPTION, YES_NO_CANCEL_OPTION or + * OK_CANCEL_OPTION). + * @param defaultOption the default option from the provided optionType (YES, + * NO, CANCEL or OK). + * @throws IllegalArgumentException if prompt is null, + * if prompt has a length of 0, if + * messageType is not either INFORMATION, + * WARNING, or ERROR, if optionType is + * not either YES_NO_OPTION, YES_NO_CANCEL_OPTION, + * or OK_CANCEL_OPTION, or if defaultOption does + * not correspond to one of the options in optionType. + */ + public ConfirmationCallback(String prompt, int messageType, int optionType, + int defaultOption) + { + super(); + + setPrompt(prompt); + setMessageType(messageType); + setOptionType(optionType, defaultOption); + this.defaultOption = defaultOption; + } + + /** + *

Construct a ConfirmationCallback with a prompt, message + * type, a list of options and a default option.

+ * + *

Underlying security services use this constructor if they require a + * confirmation different from the available preset confirmations provided + * (for example, CONTINUE/ABORT or STOP/GO). The confirmation options are + * listed in the options array, and are displayed by the + * {@link CallbackHandler} implementation in a manner consistent with the + * way preset options are displayed.

+ * + * @param prompt the prompt used to describe the list of options. + * @param messageType the message type (INFORMATION, WARNING or ERROR). + * @param options the list of confirmation options. + * @param defaultOption the default option, represented as an index into the + * options array. + * @throws IllegalArgumentException if prompt is null, + * if prompt has a length of 0, if + * messageType is not either INFORMATION, + * WARNING, or ERROR, if options is + * null, if options has a length of 0, + * if any element from options is null, if any + * element from options has a length of 0, or if + * defaultOption does not lie within the array boundaries of + * options. + */ + public ConfirmationCallback(String prompt, int messageType, String[] options, + int defaultOption) + { + super(); + + setPrompt(prompt); + setMessageType(messageType); + setOptions(options, defaultOption); + this.defaultOption = defaultOption; + } + + // Class methods + // ------------------------------------------------------------------------- + + // Instance methods + // ------------------------------------------------------------------------- + + /** + * Get the prompt. + * + * @return the prompt, or null if this + * ConfirmationCallback was instantiated without a prompt. + */ + public String getPrompt() + { + return prompt; + } + + /** + * Get the message type. + * + * @return the message type (INFORMATION, WARNING or ERROR). + */ + public int getMessageType() + { + return messageType; + } + + /** + *

Get the option type.

+ * + *

If this method returns {@link #UNSPECIFIED_OPTION}, then this + * ConfirmationCallback was instantiated with options + * instead of an optionType. In this case, invoke the + * {@link #getOptions()} method to determine which confirmation options to + * display.

+ * + * @return the option type (YES_NO_OPTION, YES_NO_CANCEL_OPTION or + * OK_CANCEL_OPTION), or UNSPECIFIED_OPTION if this + * ConfirmationCallback was instantiated with options + * instead of an optionType. + */ + public int getOptionType() + { + if (options != null) + { + return UNSPECIFIED_OPTION; + } + return optionType; + } + + /** + * Get the confirmation options. + * + * @return the list of confirmation options, or null if this + * ConfirmationCallback was instantiated with an + * optionType instead of options. + */ + public String[] getOptions() + { + return options; + } + + /** + * Get the default option. + * + * @return the default option, represented as YES, NO, + * OK or CANCEL if an optionType was + * specified to the constructor of this ConfirmationCallback. + * Otherwise, this method returns the default option as an index into the + * options array specified to the constructor of this + * ConfirmationCallback. + */ + public int getDefaultOption() + { + return defaultOption; + } + + /** + * Set the selected confirmation option. + * + * @param selection the selection represented as YES, + * NO, OK or CANCEL if an + * optionType was specified to the constructor of this + * ConfirmationCallback. Otherwise, the selection + * represents the index into the options array specified to the + * constructor of this ConfirmationCallback. + * @see #getSelectedIndex() + */ + public void setSelectedIndex(int selection) + { + if (options != null) + { + setOptions(options, selection); + } + else + { + setOptionType(optionType, selection); + } + } + + /** + * Get the selected confirmation option. + * + * @return the selected confirmation option represented as YES, + * NO, OK or CANCEL if an + * optionType was specified to the constructor of this + * ConfirmationCallback. Otherwise, this method returns the + * selected confirmation option as an index into the options + * array specified to the constructor of this ConfirmationCallback. + * @see #setSelectedIndex(int) + */ + public int getSelectedIndex() + { + return this.selection; + } + + private void setMessageType(int messageType) throws IllegalArgumentException + { + switch (messageType) + { + case INFORMATION: + case WARNING: + case ERROR: this.messageType = messageType; break; + default: throw new IllegalArgumentException("illegal message type"); + } + } + + private void setOptionType(int optionType, int selectedOption) + throws IllegalArgumentException + { + switch (optionType) + { + case YES_NO_OPTION: + this.optionType = optionType; + switch (selectedOption) + { + case YES: + case NO: this.selection = selectedOption; break; + default: throw new IllegalArgumentException("invalid option"); + } + break; + case YES_NO_CANCEL_OPTION: + this.optionType = optionType; + switch (selectedOption) + { + case YES: + case NO: + case CANCEL: this.selection = selectedOption; break; + default: throw new IllegalArgumentException("invalid option"); + } + break; + case OK_CANCEL_OPTION: + this.optionType = optionType; + switch (selectedOption) + { + case OK: + case CANCEL: this.selection = selectedOption; break; + default: throw new IllegalArgumentException("invalid option"); + } + break; + default: + throw new IllegalArgumentException("illegal option type"); + } + } + + private void setOptions(String[] options, int selectedOption) + throws IllegalArgumentException + { + if ((selectedOption < 0) || (selectedOption > options.length - 1)) + { + throw new IllegalArgumentException("invalid selection"); + } + if ((options == null) || (options.length == 0)) + { + throw new IllegalArgumentException("options is null or empty"); + } + for (int i = 0; i < options.length; i++) + { + if ((options[i] == null) || (options[i].length() == 0)) + { + throw new IllegalArgumentException("options[" + i + "] is null or empty"); + } + } + this.options = options; + this.selection = selectedOption; + } + + private void setPrompt(String prompt) throws IllegalArgumentException + { + if ((prompt == null) || (prompt.length() == 0)) + { + throw new IllegalArgumentException("prompt is null or empty"); + } + this.prompt = prompt; + } +} diff --git a/libjava/classpath/javax/security/auth/callback/LanguageCallback.java b/libjava/classpath/javax/security/auth/callback/LanguageCallback.java new file mode 100644 index 000000000..e0190e6cc --- /dev/null +++ b/libjava/classpath/javax/security/auth/callback/LanguageCallback.java @@ -0,0 +1,100 @@ +/* LanguageCallback.java -- callback for language choices. + Copyright (C) 2003, Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.security.auth.callback; + +import java.io.Serializable; +import java.util.Locale; + +/** + * Underlying security services instantiate and pass a LanguageCallback + * to the handle() method of a {@link CallbackHandler} to retrieve + * the {@link Locale} used for localizing text. + * + * @see CallbackHandler + */ +public class LanguageCallback implements Callback, Serializable +{ + + // Constants and variables + // ------------------------------------------------------------------------- + + /** + * @serial + * @since 1.4 + */ + private Locale locale; + + // Constructor(s) + // ------------------------------------------------------------------------- + + /** Construct a LanguageCallback. */ + public LanguageCallback() + { + super(); + } + + // Class methods + // ------------------------------------------------------------------------- + + // Instance methods + // ------------------------------------------------------------------------- + + /** + * Set the retrieved Locale. + * + * @param locale the retrieved Locale. + * @see #getLocale() + */ + public void setLocale(Locale locale) + { + this.locale = locale; + } + + /** + * Get the retrieved Locale. + * + * @return the retrieved Locale, or null if no Locale could be + * retrieved. + * @see #setLocale(Locale) + */ + public Locale getLocale() + { + return locale; + } +} diff --git a/libjava/classpath/javax/security/auth/callback/NameCallback.java b/libjava/classpath/javax/security/auth/callback/NameCallback.java new file mode 100644 index 000000000..4b8bf1c69 --- /dev/null +++ b/libjava/classpath/javax/security/auth/callback/NameCallback.java @@ -0,0 +1,178 @@ +/* NameCallback.java -- callback for user names. + Copyright (C) 2003, Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.security.auth.callback; + +import java.io.Serializable; + +/** + * Underlying security services instantiate and pass a NameCallback + * to the handle() method of a {@link CallbackHandler} to retrieve + * name information. + * + * @see CallbackHandler + */ +public class NameCallback implements Callback, Serializable +{ + + // Constants and variables + // ------------------------------------------------------------------------- + + /** + * @serial + * @since 1.4 + */ + private String prompt; + + /** + * @serial + * @since 1.4 + */ + private String defaultName; + + /** + * @serial + * @since 1.4 + */ + private String inputName; + + // Constructor(s) + // ------------------------------------------------------------------------- + + /** + * Construct a NameCallback with a prompt. + * + * @param prompt the prompt used to request the name. + * @throws IllegalArgumentException if prompt is null + * or if prompt has a length of 0. + */ + public NameCallback(String prompt) + { + super(); + + setPrompt(prompt); + } + + /** + * Construct a NameCallback with a prompt and default name. + * + * @param prompt the prompt used to request the information. + * @param defaultName the name to be used as the default name displayed with + * the prompt. + * @throws IllegalArgumentException if prompt is null + * or if prompt has a length of 0, if + * defaultName is null, or if defaultName + * has a length of 0. + */ + public NameCallback(String prompt, String defaultName) + throws IllegalArgumentException + { + super(); + + setPrompt(prompt); + setDefaultName(defaultName); + } + + // Class methods + // ------------------------------------------------------------------------- + + // Instance methods + // ------------------------------------------------------------------------- + + /** + * Get the prompt. + * + * @return the prompt. + */ + public String getPrompt() + { + return prompt; + } + + /** + * Get the default name. + * + * @return the default name, or null if this + * NameCallback was not instantiated with a + * defaultName. + */ + public String getDefaultName() + { + return defaultName; + } + + /** + * Set the retrieved name. + * + * @param name the retrieved name (which may be null). + * @see #getName() + */ + public void setName(String name) + { + this.inputName = name; + } + + /** + * Get the retrieved name. + * + * @return the retrieved name (which may be null) + * @see #setName(String) + */ + public String getName() + { + return inputName; + } + + private void setPrompt(String prompt) throws IllegalArgumentException + { + if ((prompt == null) || (prompt.length() == 0)) + { + throw new IllegalArgumentException("invalid prompt"); + } + this.prompt = prompt; + } + + private void setDefaultName(String defaultName) throws IllegalArgumentException + { + if ((defaultName == null) || (defaultName.length() == 0)) + { + throw new IllegalArgumentException("invalid default name"); + } + this.defaultName = defaultName; + } +} diff --git a/libjava/classpath/javax/security/auth/callback/PasswordCallback.java b/libjava/classpath/javax/security/auth/callback/PasswordCallback.java new file mode 100644 index 000000000..6309aacba --- /dev/null +++ b/libjava/classpath/javax/security/auth/callback/PasswordCallback.java @@ -0,0 +1,168 @@ +/* PasswordCallback.java -- callback for passwords. + Copyright (C) 2003, Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.security.auth.callback; + +import java.io.Serializable; + +/** + * Underlying security services instantiate and pass a PasswordCallback + * to the handle() method of a {@link CallbackHandler} to retrieve + * password information. + * + * @see CallbackHandler, + */ +public class PasswordCallback implements Callback, Serializable +{ + + // Constants and variables + // ------------------------------------------------------------------------- + + /** + * @serial + * @since 1.4 + */ + private String prompt; + + /** + * @serial + * @since 1.4 + */ + private boolean echoOn; + + /** + * @serial + * @since 1.4 + */ + private char[] inputPassword; + + // Constructor(s) + // ------------------------------------------------------------------------- + + /** + * Construct a PasswordCallback with a prompt and a boolean + * specifying whether the password should be displayed as it is being typed. + * + * @param prompt the prompt used to request the password. + * @param echoOn true if the password should be displayed as it + * is being typed. + * @throws IllegalArgumentException if prompt is null + * or if prompt has a length of 0. + */ + public PasswordCallback(String prompt, boolean echoOn) + { + super(); + + setPrompt(prompt); + this.echoOn = echoOn; + } + + // Class methods + // ------------------------------------------------------------------------- + + // Instance methods + // ------------------------------------------------------------------------- + + /** + * Get the prompt. + * + * @return the prompt. + */ + public String getPrompt() + { + return prompt; + } + + /** + * Return whether the password should be displayed as it is being typed. + * + * @return the whether the password should be displayed as it is being typed. + */ + public boolean isEchoOn() + { + return echoOn; + } + + /** + *

Set the retrieved password.

+ * + *

This method makes a copy of the input password before storing it.

+ * + * @param password the retrieved password, which may be null. + * @see #getPassword() + */ + public void setPassword(char[] password) + { + inputPassword = (password == null ? null : (char[]) password.clone()); + } + + /** + *

Get the retrieved password.

+ * + *

This method returns a copy of the retrieved password.

+ * + * @return the retrieved password, which may be null. + * @see #setPassword(char[]) + */ + public char[] getPassword() + { + return (inputPassword == null ? null : (char[]) inputPassword.clone()); + } + + /** Clear the retrieved password. */ + public void clearPassword() + { + if (inputPassword != null) + { + for (int i = 0; i < inputPassword.length; i++) + { + inputPassword[i] = '\0'; + } + inputPassword = null; + } + } + + private void setPrompt(String prompt) throws IllegalArgumentException + { + if ((prompt == null) || (prompt.length() == 0)) + { + throw new IllegalArgumentException("invalid prompt"); + } + this.prompt = prompt; + } +} diff --git a/libjava/classpath/javax/security/auth/callback/TextInputCallback.java b/libjava/classpath/javax/security/auth/callback/TextInputCallback.java new file mode 100644 index 000000000..1fe071327 --- /dev/null +++ b/libjava/classpath/javax/security/auth/callback/TextInputCallback.java @@ -0,0 +1,177 @@ +/* TextInputCallback.java -- callbacks for user input. + Copyright (C) 2003, Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.security.auth.callback; + +import java.io.Serializable; + +/** + * Underlying security services instantiate and pass a TextInputCallback + * to the handle() method of a {@link CallbackHandler} to retrieve + * generic text information. + * + * @see CallbackHandler + */ +public class TextInputCallback implements Callback, Serializable +{ + + // Constants and variables + // ------------------------------------------------------------------------- + + /** + * @serial + * @since 1.4 + */ + private String prompt; + + /** + * @serial + * @since 1.4 + */ + private String defaultText; + + /** + * @serial + * @since 1.4 + */ + private String inputText; + + // Constructor(s) + // ------------------------------------------------------------------------- + + /** + * Construct a TextInputCallback with a prompt. + * + * @param prompt the prompt used to request the information. + * @throws IllegalArgumentException if prompt is null + * or if prompt has a length of 0. + */ + public TextInputCallback(String prompt) throws IllegalArgumentException + { + super(); + + setPrompt(prompt); + } + + /** + * Construct a TextInputCallback with a prompt and default + * input value. + * + * @param prompt the prompt used to request the information. + * @param defaultText the text to be used as the default text displayed with + * the prompt. + * @throws IllegalArgumentException if prompt is null, + * if prompt has a length of 0, if + * defaultText is null or if defaultText + * has a length of 0. + */ + public TextInputCallback(String prompt, String defaultText) + throws IllegalArgumentException + { + super(); + + setPrompt(prompt); + setDefaultText(defaultText); + } + + // Class methods + // ------------------------------------------------------------------------- + + // Instance methods + // ------------------------------------------------------------------------- + + /** + * Get the prompt. + * + * @return the prompt. + */ + public String getPrompt() + { + return prompt; + } + + /** + * Get the default text. + * + * @return the default text, or null if this + * TextInputCallback was not instantiated with + * defaultText. + */ + public String getDefaultText() + { + return defaultText; + } + + /** + * Set the retrieved text. + * + * @param text the retrieved text, which may be null. + */ + public void setText(String text) + { + this.inputText = text; + } + + /** + * Get the retrieved text. + * + * @return the retrieved text, which may be null. + */ + public String getText() + { + return inputText; + } + + private void setPrompt(String prompt) throws IllegalArgumentException + { + if ((prompt == null) || (prompt.length() == 0)) + { + throw new IllegalArgumentException("invalid prompt"); + } + this.prompt = prompt; + } + + private void setDefaultText(String defaultText) throws IllegalArgumentException + { + if ((defaultText == null) || (defaultText.length() == 0)) + { + throw new IllegalArgumentException("invalid default text"); + } + this.defaultText = defaultText; + } +} diff --git a/libjava/classpath/javax/security/auth/callback/TextOutputCallback.java b/libjava/classpath/javax/security/auth/callback/TextOutputCallback.java new file mode 100644 index 000000000..0ab3a040f --- /dev/null +++ b/libjava/classpath/javax/security/auth/callback/TextOutputCallback.java @@ -0,0 +1,140 @@ +/* TextOutputCallback.java -- callback for text output. + Copyright (C) 2003 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.security.auth.callback; + +import java.io.Serializable; + +/** + *

Underlying security services instantiate and pass a + * TextOutputCallback to the handle() method of a + * {@link CallbackHandler} to display information messages, warning messages and + * error messages.

+ * + * @see CallbackHandler + */ +public class TextOutputCallback implements Callback, Serializable +{ + + // Constants and variables + // ------------------------------------------------------------------------- + + /** Information message */ + public static final int INFORMATION = 0; + + /** Warning message */ + public static final int WARNING = 1; + + /** Error message */ + public static final int ERROR = 2; + + /** + * @serial + * @since 1.4 + */ + private int messageType; + + /** + * @serial + * @since 1.4 + */ + private String message; + + // Constructor(s) + // ------------------------------------------------------------------------- + + /** + *

Construct a TextOutputCallback with a message type and + * message to be displayed.

+ * + * @param messageType the message type (INFORMATION, WARNING or ERROR). + * @param message the message to be displayed. + * @throws IllegalArgumentException if messageType is not either + * INFORMATION, WARNING or ERROR, if + * message is null, or if message has + * a length of 0. + */ + public TextOutputCallback(int messageType, String message) + throws IllegalArgumentException + { + switch (messageType) + { + case INFORMATION: + case WARNING: + case ERROR: this.messageType = messageType; break; + default: throw new IllegalArgumentException("invalid message type"); + } + + setMessage(message); + } + + // Class methods + // ------------------------------------------------------------------------- + + // Instance methods + // ------------------------------------------------------------------------- + + /** + *

Returns the message's messageType.

+ * + * @return the message type (INFORMATION, WARNING or ERROR). + */ + public int getMessageType() + { + return messageType; + } + + /** + *

Returns the message to be displayed.

+ * + * @return the message to be displayed. + */ + public String getMessage() + { + return message; + } + + private void setMessage(String message) throws IllegalArgumentException + { + if ((message == null) || (message.length() == 0)) + { + throw new IllegalArgumentException("invalid message"); + } + this.message = message; + } +} diff --git a/libjava/classpath/javax/security/auth/callback/UnsupportedCallbackException.java b/libjava/classpath/javax/security/auth/callback/UnsupportedCallbackException.java new file mode 100644 index 000000000..f5308b9ea --- /dev/null +++ b/libjava/classpath/javax/security/auth/callback/UnsupportedCallbackException.java @@ -0,0 +1,101 @@ +/* UnsupportedCallbackException.java -- signals an unsupported callback type. + Copyright (C) 2003, Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.security.auth.callback; + +/** + * Signals that a {@link CallbackHandler} does not recognize a particular + * {@link Callback}. + * + */ +public class UnsupportedCallbackException extends Exception +{ + + // Constants and variables + // ------------------------------------------------------------------------- + + /** @serial */ + private Callback callback; + + // Constructor(s) + // ------------------------------------------------------------------------- + + /** + * Constructs an UnsupportedCallbackException with no detail + * message. + * + * @param callback the unrecognized {@link Callback}. + */ + public UnsupportedCallbackException(Callback callback) + { + super(); + + this.callback = callback; + } + + /** + * Constructs an UnsupportedCallbackException with the specified + * detail message. A detail message is a {@link String} that describes this + * particular exception. + * + * @param callback the unrecognized {@link Callback}. + * @param msg the detail message. + */ + public UnsupportedCallbackException(Callback callback, String msg) + { + super(msg); + + this.callback = callback; + } + + // Class methods + // ------------------------------------------------------------------------- + + // Instance methods + // ------------------------------------------------------------------------- + + /** + * Get the unrecognized {@link Callback}. + * + * @return the unrecognized {@link Callback}. + */ + public Callback getCallback() + { + return this.callback; + } +} diff --git a/libjava/classpath/javax/security/auth/callback/package.html b/libjava/classpath/javax/security/auth/callback/package.html new file mode 100644 index 000000000..f927f1c30 --- /dev/null +++ b/libjava/classpath/javax/security/auth/callback/package.html @@ -0,0 +1,46 @@ + + + + +GNU Classpath - javax.security.auth.callback + + +

+ + + diff --git a/libjava/classpath/javax/security/auth/kerberos/DelegationPermission.java b/libjava/classpath/javax/security/auth/kerberos/DelegationPermission.java new file mode 100644 index 000000000..42bb9c73c --- /dev/null +++ b/libjava/classpath/javax/security/auth/kerberos/DelegationPermission.java @@ -0,0 +1,136 @@ +/* DelegationPermission.java -- kerberos delegation permission + Copyright (C) 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.security.auth.kerberos; + +import java.security.BasicPermission; +import java.security.Permission; +import java.security.PermissionCollection; +import java.util.Enumeration; +import java.util.Vector; + +/** + * @since 1.4 + */ +public final class DelegationPermission + extends BasicPermission +{ + // FIXME: Enable this when serialization works. + // private static final long serialVersionUID = 883133252142523922L; + + /** + * Create a new instance with the given name. + */ + public DelegationPermission(String name) + { + super(name); + checkSyntax(name); + } + + /** + * Create a new instance with the given name and actions. + * + * The name consists of two parts: first the subordinate + * service principal, then the target service principal. + * Each principal is surrounded by quotes; the two are separated + * by a space. + * + * @param name the name + * @param actions the actions; this is ignored + */ + public DelegationPermission(String name, String actions) + { + super(name, actions); + checkSyntax(name); + } + + private static void checkSyntax(String name) + { + int index = name.indexOf('"', 1); + int len = name.length(); + if (name.charAt(0) != '"' || name.charAt(len - 1) != '"' + || index == -1 || index + 3 >= len + || name.charAt(index + 1) != ' ' + || name.charAt(index + 2) != '"') + // FIXME: better message here. + throw new IllegalArgumentException("invalid syntax for principals"); + } + + public boolean implies(Permission perm) + { + return equals(perm); + } + + public PermissionCollection newPermissionCollection() + { + // FIXME: don't know how to serialize here. I suspect this + // class has to have a particular name, etc ... + return new PermissionCollection() + { + private Vector permissions = new Vector(); + + public void add(Permission perm) + { + if (isReadOnly()) + throw new SecurityException("readonly"); + if (! (perm instanceof DelegationPermission)) + throw new IllegalArgumentException("can only add DelegationPermissions"); + permissions.add(perm); + } + + public boolean implies(Permission perm) + { + if (! (perm instanceof DelegationPermission)) + return false; + Enumeration e = elements(); + while (e.hasMoreElements()) + { + DelegationPermission dp = (DelegationPermission) e.nextElement(); + if (dp.implies(perm)) + return true; + } + return false; + } + + public Enumeration elements() + { + return permissions.elements(); + } + }; + } +} diff --git a/libjava/classpath/javax/security/auth/kerberos/KerberosKey.java b/libjava/classpath/javax/security/auth/kerberos/KerberosKey.java new file mode 100644 index 000000000..e5735fbd5 --- /dev/null +++ b/libjava/classpath/javax/security/auth/kerberos/KerberosKey.java @@ -0,0 +1,180 @@ +/* KerberosKey.java -- kerberos key + Copyright (C) 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.security.auth.kerberos; + +import gnu.classpath.NotImplementedException; + +import java.io.Serializable; + +import javax.crypto.SecretKey; +import javax.security.auth.DestroyFailedException; +import javax.security.auth.Destroyable; + +/** + * This class represents a Kerberos key. See the Kerberos + * authentication RFC for more information: + * RFC 1510. + * + * @since 1.4 + */ +public class KerberosKey + implements Serializable, SecretKey, Destroyable +{ + private static final long serialVersionUID = -4625402278148246993L; + + private KerberosPrincipal principal; + private int versionNum; + private KeyImpl key; + + /** + * Construct a new key with the indicated principal and key. + * @param principal the principal + * @param key the key's data + * @param type the key's type + * @param version the key's version number + */ + public KerberosKey(KerberosPrincipal principal, byte[] key, int type, + int version) + { + this.principal = principal; + this.versionNum = version; + this.key = new KeyImpl(key, type); + } + + /** + * Construct a new key with the indicated principal and a password. + * @param principal the principal + * @param passwd the password to use + * @param algo the algorithm; if null the "DES" algorithm is used + */ + public KerberosKey(KerberosPrincipal principal, char[] passwd, String algo) + // Not implemented because KeyImpl really does nothing here. + throws NotImplementedException + { + this.principal = principal; + this.versionNum = 0; // FIXME: correct? + this.key = new KeyImpl(passwd, algo); + } + + /** + * Return the name of the algorithm used to create this key. + */ + public final String getAlgorithm() + { + checkDestroyed(); + return key.algorithm; + } + + /** + * Return the format of this key. This implementation always returns "RAW". + */ + public final String getFormat() + { + checkDestroyed(); + // Silly, but specified. + return "RAW"; + } + + /** + * Return the principal associated with this key. + */ + public final KerberosPrincipal getPrincipal() + { + checkDestroyed(); + return principal; + } + + /** + * Return the type of this key. + */ + public final int getKeyType() + { + checkDestroyed(); + return key.type; + } + + /** + * Return the version number of this key. + */ + public final int getVersionNumber() + { + checkDestroyed(); + return versionNum; + } + + /** + * Return the encoded form of this key. + */ + public final byte[] getEncoded() + { + checkDestroyed(); + return (byte[]) key.key.clone(); + } + + /** + * Destroy this key. + */ + public void destroy() throws DestroyFailedException + { + if (key == null) + throw new DestroyFailedException("already destroyed"); + key = null; + } + + /** + * Return true if this key has been destroyed. After this has been + * called, other methods on this object will throw IllegalStateException. + */ + public boolean isDestroyed() + { + return key == null; + } + + private void checkDestroyed() + { + if (key == null) + throw new IllegalStateException("key is destroyed"); + } + + public String toString() + { + // FIXME: random choice here. + return principal + ":" + versionNum; + } +} diff --git a/libjava/classpath/javax/security/auth/kerberos/KerberosPrincipal.java b/libjava/classpath/javax/security/auth/kerberos/KerberosPrincipal.java new file mode 100644 index 000000000..4ba767226 --- /dev/null +++ b/libjava/classpath/javax/security/auth/kerberos/KerberosPrincipal.java @@ -0,0 +1,207 @@ +/* KerberosPrincipal.java -- a kerberos principal + Copyright (C) 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.security.auth.kerberos; + +import gnu.classpath.NotImplementedException; +import gnu.classpath.SystemProperties; + +import java.io.Serializable; +import java.security.Principal; + +/** + * This represents a Kerberos principal. See the Kerberos + * authentication RFC for more information: + * RFC 1510. + * + * @since 1.4 + */ +public final class KerberosPrincipal + implements Serializable, Principal +{ + // Uncomment when serialization is correct. + // private static final long serialVersionUID = -7374788026156829911L; + + /** + * Constant from the RFC: "Just the name of the principal as in DCE, or + * for users". + */ + public static final int KRB_NT_PRINCIPAL = 1; + + /** + * Constant from the RFC: "Service and other unique instance (krbtgt)". + */ + public static final int KRB_NT_SRV_HST = 3; + + /** + * Constant from the RFC: "Service with host name as instance (telnet, + * rcommands)". + */ + public static final int KRB_NT_SRV_INST = 2; + + /** + * Constant from the RFC: "Service with host as remaining components". + */ + public static final int KRB_NT_SRV_XHST = 4; + + /** + * Constant from the RFC: "Unique ID". + */ + public static final int KRB_NT_UID = 5; + + /** + * Constant from the RFC: "Name type not known". + */ + public static final int KRB_NT_UNKNOWN = 0; + + private String name; + private int type; + private String realm; + + /** + * Create a new instance with the given name and a type of + * {@link #KRB_NT_PRINCIPAL}. + * @param name the principal's name + */ + public KerberosPrincipal(String name) + { + this(name, KRB_NT_PRINCIPAL); + } + + /** + * Create a new instance with the given name and type. The name is + * parsed according to the rules in the RFC. If there is no realm, + * then the local realm is used instead. + * + * @param name the principal's name + * @param type the principal's type + */ + public KerberosPrincipal(String name, int type) + // Marked as unimplemented because we don't look for the realm as needed. + throws NotImplementedException + { + if (type < KRB_NT_UNKNOWN || type > KRB_NT_UID) + throw new IllegalArgumentException("unknown type: " + type); + this.name = name; + this.type = type; + this.realm = parseRealm(); + } + + private String parseRealm() + { + // Handle quoting as specified by the Kerberos RFC. + int i, len = name.length(); + boolean quoted = false; + for (i = 0; i < len; ++i) + { + if (quoted) + { + quoted = false; + continue; + } + char c = name.charAt(i); + if (c == '\\') + { + quoted = true; + continue; + } + if (c == '@') + break; + } + if (quoted || i == len - 1) + throw new IllegalArgumentException("malformed principal: " + name); + if (i < len) + { + // We have the realm. FIXME: verify its syntax? + return name.substring(i + 1); + } + // Try to find the default realm. + String def = SystemProperties.getProperty("java.security.krb5.realm"); + if (def != null) + return def; + // Now ask the system. + // FIXME: use java.security.krb5.conf, + // or $JAVA_HOME/lib/security/krb5.conf to find the krb config file. + // Then pass to native code using krb5_set_config_files() and + // krb5_get_default_realm(). But... what about /etc/krb5.conf? + throw new IllegalArgumentException("default realm can't be found"); + } + + /** + * Return the name of this principal. + */ + public String getName() + { + return name; + } + + /** + * Return the realm of this principal. + */ + public String getRealm() + { + return realm; + } + + /** + * Return the type of this principal. + */ + public int getNameType() + { + return type; + } + + public int hashCode() + { + return name.hashCode(); + } + + public boolean equals(Object other) + { + if (! (other instanceof KerberosPrincipal)) + return false; + KerberosPrincipal kp = (KerberosPrincipal) other; + return name.equals(kp.name) && type == kp.type; + } + + public String toString() + { + // This is what came to mind. + return name + ":" + type; + } +} diff --git a/libjava/classpath/javax/security/auth/kerberos/KerberosTicket.java b/libjava/classpath/javax/security/auth/kerberos/KerberosTicket.java new file mode 100644 index 000000000..ff70b9f4e --- /dev/null +++ b/libjava/classpath/javax/security/auth/kerberos/KerberosTicket.java @@ -0,0 +1,372 @@ +/* KerberosTicket.java -- a kerberos ticket + Copyright (C) 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.security.auth.kerberos; + +import gnu.classpath.NotImplementedException; + +import java.io.Serializable; +import java.net.InetAddress; +import java.util.Date; + +import javax.crypto.SecretKey; +import javax.security.auth.DestroyFailedException; +import javax.security.auth.Destroyable; +import javax.security.auth.RefreshFailedException; +import javax.security.auth.Refreshable; + +/** + * This class represents a Kerberos ticket. See the Kerberos + * authentication RFC for more information: + * RFC 1510. + * + * @since 1.4 + */ +public class KerberosTicket + implements Destroyable, Serializable, Refreshable +{ + private static final long serialVersionUID = 7395334370157380539L; + + // Indices of the various flags. From the kerberos spec. + // We only list the ones we use. + private static final int FORWARDABLE = 1; + private static final int FORWARDED = 2; + private static final int PROXIABLE = 3; + private static final int PROXY = 4; + private static final int POSTDATED = 6; + private static final int RENEWABLE = 8; + private static final int INITIAL = 9; + private static final int NUM_FLAGS = 12; + + private byte[] asn1Encoding; + private KeyImpl sessionKey; + private boolean[] flags; + private Date authTime; + private Date startTime; + private Date endTime; + private Date renewTill; + private KerberosPrincipal client; + private KerberosPrincipal server; + private InetAddress[] clientAddresses; + + /** + * Create a new ticket given all the facts about it. + * + * Note that flags may be null or "short"; any flags not specified + * will be taken to be false. + * + * If the key is not renewable, then renewTill may be null. + * + * If authTime is null, then it is taken to be the same as startTime. + * + * If clientAddresses is null, then the ticket can be used anywhere. + * + * @param asn1Encoding the contents of the ticket, as ASN1 + * @param client the client principal + * @param server the server principal + * @param key the contents of the session key + * @param type the type of the key + * @param flags an array of flags, as specified by the RFC + * @param authTime when the client was authenticated + * @param startTime starting time at which the ticket is valid + * @param endTime ending time, after which the ticket is invalid + * @param renewTill for a rewewable ticket, the time before which it must + * be renewed + * @param clientAddresses a possibly-null array of addresses where this + * ticket may be used + */ + public KerberosTicket(byte[] asn1Encoding, KerberosPrincipal client, + KerberosPrincipal server, byte[] key, int type, + boolean[] flags, Date authTime, Date startTime, + Date endTime, Date renewTill, + InetAddress[] clientAddresses) + { + this.asn1Encoding = (byte[]) asn1Encoding.clone(); + this.sessionKey = new KeyImpl(key, type); + this.flags = new boolean[NUM_FLAGS]; + if (flags != null) + System.arraycopy(flags, 0, this.flags, 0, + Math.min(flags.length, NUM_FLAGS)); + this.flags = (boolean[]) flags.clone(); + this.authTime = (Date) authTime.clone(); + this.startTime = (Date) ((startTime == null) + ? authTime : startTime).clone(); + this.endTime = (Date) endTime.clone(); + this.renewTill = (Date) renewTill.clone(); + this.client = client; + this.server = server; + this.clientAddresses = (clientAddresses == null + ? null + : (InetAddress[]) clientAddresses.clone()); + } + + /** + * Destroy this ticket. This discards secret information. After this + * method is called, other methods will throw IllegalStateException. + */ + public void destroy() throws DestroyFailedException + { + if (sessionKey == null) + throw new DestroyFailedException("already destroyed"); + sessionKey = null; + asn1Encoding = null; + } + + /** + * Return true if this ticket has been destroyed. + */ + public boolean isDestroyed() + { + return sessionKey == null; + } + + /** + * Return true if the ticket is currently valid. This is true if + * the system time is between the ticket's start and end times. + */ + public boolean isCurrent() + { + long now = System.currentTimeMillis(); + return startTime.getTime() <= now && now <= endTime.getTime(); + } + + /** + * If the ticket is renewable, and the renewal time has not yet elapsed, + * attempt to renew the ticket. + * @throws RefreshFailedException if the renewal fails for any reason + */ + public void refresh() throws RefreshFailedException, NotImplementedException + { + if (! isRenewable()) + throw new RefreshFailedException("not renewable"); + if (renewTill != null + && System.currentTimeMillis() >= renewTill.getTime()) + throw new RefreshFailedException("renewal time elapsed"); + // FIXME: must contact the KDC. + // Use the java.security.krb5.kdc property... + throw new RefreshFailedException("not implemented"); + } + + /** + * Return the client principal for this ticket. + */ + public final KerberosPrincipal getClient() + { + return client; + } + + /** + * Return the server principal for this ticket. + */ + public final KerberosPrincipal getServer() + { + return server; + } + + /** + * Return true if this ticket is forwardable. + */ + public final boolean isForwardable() + { + return flags[FORWARDABLE]; + } + + /** + * Return true if this ticket has been forwarded. + */ + public final boolean isForwarded() + { + return flags[FORWARDED]; + } + + /** + * Return true if this ticket is proxiable. + */ + public final boolean isProxiable() + { + return flags[PROXIABLE]; + } + + /** + * Return true if this ticket is a proxy ticket. + */ + public final boolean isProxy() + { + return flags[PROXY]; + } + + /** + * Return true if this ticket was post-dated. + */ + public final boolean isPostdated() + { + return flags[POSTDATED]; + } + + /** + * Return true if this ticket is renewable. + */ + public final boolean isRenewable() + { + return flags[RENEWABLE]; + } + + /** + * Return true if this ticket was granted by an application + * server, and not via a ticket-granting ticket. + */ + public final boolean isInitial() + { + return flags[INITIAL]; + } + + /** + * Return the flags for this ticket as a boolean array. + * See the RFC to understand what the different entries mean. + */ + public final boolean[] getFlags() + { + return (boolean[]) flags.clone(); + } + + /** + * Return the authentication time for this ticket. + */ + public final Date getAuthTime() + { + return (Date) authTime.clone(); + } + + /** + * Return the start time for this ticket. + */ + public final Date getStartTime() + { + return (Date) startTime.clone(); + } + + /** + * Return the end time for this ticket. + */ + public final Date getEndTime() + { + return (Date) endTime.clone(); + } + + /** + * Return the renewal time for this ticket. For a non-renewable + * ticket, this will return null. + */ + public final Date getRenewTill() + { + return flags[RENEWABLE] ? ((Date) renewTill.clone()) : null; + } + + /** + * Return the allowable client addresses for this ticket. This will + * return null if the ticket can be used anywhere. + */ + public final InetAddress[] getClientAddresses() + { + return (clientAddresses == null + ? null + : (InetAddress[]) clientAddresses.clone()); + } + + /** + * Return the encoded form of this ticket. + */ + public final byte[] getEncoded() + { + checkDestroyed(); + return (byte[]) sessionKey.key.clone(); + } + + /** + * Return the secret key associated with this ticket. + */ + public final SecretKey getSessionKey() + { + checkDestroyed(); + return sessionKey; + } + + private void checkDestroyed() + { + if (sessionKey == null) + throw new IllegalStateException("key is destroyed"); + } + + public String toString() + { + return getClass().getName() + + "[client=" + client + + ",server=" + server + + ",sessionKey=" + sessionKey + + ",flags=" + flags + + ",authTime=" + authTime + + ",startTime= " + startTime + + ",endTime=" + endTime + + ",renewTill=" + renewTill + + ",clientAddresses=" + clientAddresses + + "]"; + } + + /** + *

+ * Returns the type of the session key in accordance with + * RFC1510. This usually corresponds to the encryption + * algorithm used by the key, though more than one algorithm + * may use the same key type (e.g. DES with different checksum + * mechanisms and chaining modes). Negative values are reserved + * for local use. Non-negative values are for officially assigned + * type fields. The RFC defines: + *

+ *
    + *
  • 0 — null
  • + *
  • 1 — DES (in CBC mode with either MD4 or MD5 checksums)
  • + *
+ * + * @return the type of session key used by this ticket. + */ + public final int getSessionKeyType() + { + return sessionKey.type; + } + +} diff --git a/libjava/classpath/javax/security/auth/kerberos/KeyImpl.java b/libjava/classpath/javax/security/auth/kerberos/KeyImpl.java new file mode 100644 index 000000000..a7cf3d212 --- /dev/null +++ b/libjava/classpath/javax/security/auth/kerberos/KeyImpl.java @@ -0,0 +1,102 @@ +/* KeyImpl.java -- kerberos key implementation + Copyright (C) 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.security.auth.kerberos; + +import java.io.Serializable; + +import javax.crypto.SecretKey; + +/** + * Note that the name of this class is fixed by the serialization + * spec, even though the class itself is not public. + */ +final class KeyImpl implements Serializable, SecretKey +{ + // Enable this when serialization works. + // private static final long serialVersionUID = -7889313790214321193L; + + public String algorithm; + public int type; + public byte[] key; + + public KeyImpl(byte[] key, int type) + { + // From kerberos spec. + if (type == 0) + this.algorithm = null; + else if (type == 1) + this.algorithm = "DES"; + else + this.algorithm = "FIXME"; + this.type = type; + this.key = (byte[]) key.clone(); + } + + public KeyImpl(char[] passwd, String algo) + { + this.algorithm = (algo == null) ? "DES" : algo; + this.type = 0; // FIXME + this.key = null; // double FIXME + } + + public String getAlgorithm() + { + return algorithm; + } + + public byte[] getEncoded() + { + return key; + } + + public String getFormat() + { + // FIXME. + return null; + } + + public String toString() + { + return getClass().getName() + + "[type=" + type + + ",algorithm=" + algorithm + + "]"; + } + +} diff --git a/libjava/classpath/javax/security/auth/kerberos/ServicePermission.java b/libjava/classpath/javax/security/auth/kerberos/ServicePermission.java new file mode 100644 index 000000000..4412ea459 --- /dev/null +++ b/libjava/classpath/javax/security/auth/kerberos/ServicePermission.java @@ -0,0 +1,172 @@ +/* ServicePermission.java -- kerberos service permission + Copyright (C) 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.security.auth.kerberos; + +import java.security.Permission; +import java.security.PermissionCollection; +import java.util.Enumeration; +import java.util.StringTokenizer; +import java.util.Vector; + +/** + * This represents permission to access to a Kerberos service principal. + * See the Kerberos authentication RFC for more information: + * RFC 1510. + * + * @since 1.4 + */ +public final class ServicePermission + extends Permission +{ + // FIXME: Enable this when serialization works. + // private static final long serialVersionUID = -1227585031618624935L; + + private static final int INITIATE = 1; + private static final int ACCEPT = 2; + + private int flags; + + /** + * Create a new service permission with the indicated name and actions. + * + * The name is the name of the kerberos principal for the service. + * + * The actions are a comma-separated list of strings. The recognized + * actions are "initiate" and "accept". The "initiate" action means + * that the holder of the permission can access the service. The + * "accept" action means that the holder of the permission can operate + * as this service. + * + * @param name the prinicpal's name + * @param action the allowed actions + */ + public ServicePermission(String name, String action) + { + super(name); + parseActions(action); + } + + public boolean implies(Permission perm) + { + if (! (perm instanceof ServicePermission)) + return false; + ServicePermission sp = (ServicePermission) perm; + if ((flags & sp.flags) != sp.flags) + return false; + return getName().equals(sp.getName()); + } + + public boolean equals(Object obj) + { + if (! (obj instanceof ServicePermission)) + return false; + ServicePermission sp = (ServicePermission) obj; + return flags == sp.flags && getName().equals(sp.getName()); + } + + public int hashCode() + { + return getName().hashCode() + flags; + } + + /** + * Return a string representing the actions. + */ + public String getActions() + { + if (flags == (INITIATE | ACCEPT)) + return "initiate,accept"; + if (flags == INITIATE) + return "initiate"; + if (flags == ACCEPT) + return "accept"; + return ""; + } + + public PermissionCollection newPermissionCollection() + { + return new PermissionCollection() + { + private Vector permissions = new Vector(); + + public void add(Permission perm) + { + if (isReadOnly()) + throw new SecurityException("readonly"); + if (! (perm instanceof ServicePermission)) + throw new IllegalArgumentException("can only add DelegationPermissions"); + permissions.add(perm); + } + + public boolean implies(Permission perm) + { + if (! (perm instanceof ServicePermission)) + return false; + Enumeration e = elements(); + while (e.hasMoreElements()) + { + ServicePermission sp = (ServicePermission) e.nextElement(); + if (sp.implies(perm)) + return true; + } + return false; + } + + public Enumeration elements() + { + return permissions.elements(); + } + }; + } + + private void parseActions(String actions) + { + StringTokenizer tok = new StringTokenizer(actions, ","); + while (tok.hasMoreTokens()) + { + String token = tok.nextToken(); + if ("accept".equals(token)) + flags |= ACCEPT; + else if ("initiate".equals(token)) + flags |= INITIATE; + else + throw new IllegalArgumentException("unrecognized token: " + token); + } + } +} diff --git a/libjava/classpath/javax/security/auth/login/AccountException.java b/libjava/classpath/javax/security/auth/login/AccountException.java new file mode 100644 index 000000000..32f739a31 --- /dev/null +++ b/libjava/classpath/javax/security/auth/login/AccountException.java @@ -0,0 +1,64 @@ +/* AccountException.java -- generic account exception + Copyright (C) 2005 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.security.auth.login; + +/** + * This is the base class for various account-related exceptions. + * @since 1.5 + */ +public class AccountException extends LoginException +{ + private static final long serialVersionUID = -2112878680072211787L; + + /** + * Create a new exception object. + */ + public AccountException() + { + } + + /** + * Create a new exception with the indicated detail message. + * @param message the detail message + */ + public AccountException(String message) + { + super(message); + } +} diff --git a/libjava/classpath/javax/security/auth/login/AccountExpiredException.java b/libjava/classpath/javax/security/auth/login/AccountExpiredException.java new file mode 100644 index 000000000..c2b61c6e0 --- /dev/null +++ b/libjava/classpath/javax/security/auth/login/AccountExpiredException.java @@ -0,0 +1,64 @@ +/* AccountExpiredException.java + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.security.auth.login; + +/** + * An exception that signals that an attempt was made to login to an account + * that has expired. + */ +public class AccountExpiredException extends AccountException +{ + + // Constant. + // ------------------------------------------------------------------------- + + private static final long serialVersionUID = -6064064890162661560L; + + // Constructors. + // ------------------------------------------------------------------------- + + public AccountExpiredException() + { + } + + public AccountExpiredException (String message) + { + super (message); + } +} diff --git a/libjava/classpath/javax/security/auth/login/AccountLockedException.java b/libjava/classpath/javax/security/auth/login/AccountLockedException.java new file mode 100644 index 000000000..bcb8b4f8d --- /dev/null +++ b/libjava/classpath/javax/security/auth/login/AccountLockedException.java @@ -0,0 +1,64 @@ +/* AccountLockedException.java -- exception indicating locked account + Copyright (C) 2005 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.security.auth.login; + +/** + * An exception indicating that an account is locked. + * @since 1.5 + */ +public class AccountLockedException extends AccountException +{ + private static final long serialVersionUID = 8280345554014066334L; + + /** + * Create a new exception object. + */ + public AccountLockedException() + { + } + + /** + * Create a new exception with the indicated detail message. + * @param message the detail message + */ + public AccountLockedException(String message) + { + super(message); + } +} diff --git a/libjava/classpath/javax/security/auth/login/AccountNotFoundException.java b/libjava/classpath/javax/security/auth/login/AccountNotFoundException.java new file mode 100644 index 000000000..e74ca0163 --- /dev/null +++ b/libjava/classpath/javax/security/auth/login/AccountNotFoundException.java @@ -0,0 +1,64 @@ +/* AccountNotFoundException.java -- exception indicating account not found + Copyright (C) 2005 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.security.auth.login; + +/** + * An exception indicating that an account was not found. + * @since 1.5 + */ +public class AccountNotFoundException extends AccountException +{ + private static final long serialVersionUID = 1498349563916294614L; + + /** + * Create a new exception object. + */ + public AccountNotFoundException() + { + } + + /** + * Create a new exception with the given detail message. + * @param message the detail message + */ + public AccountNotFoundException(String message) + { + super(message); + } +} diff --git a/libjava/classpath/javax/security/auth/login/AppConfigurationEntry.java b/libjava/classpath/javax/security/auth/login/AppConfigurationEntry.java new file mode 100644 index 000000000..044c9105b --- /dev/null +++ b/libjava/classpath/javax/security/auth/login/AppConfigurationEntry.java @@ -0,0 +1,143 @@ +/* AppConfigurationEntry.java + Copyright (C) 2004, 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.security.auth.login; + +import java.util.Collections; +import java.util.HashMap; +import java.util.Map; + +public class AppConfigurationEntry +{ + // Fields. + // ------------------------------------------------------------------------- + + private final String loginModuleName; + private final LoginModuleControlFlag controlFlag; + private final Map options; + + // Constructor. + // ------------------------------------------------------------------------- + + public AppConfigurationEntry (final String loginModuleName, + final LoginModuleControlFlag controlFlag, + final Map options) + { + if (loginModuleName == null || loginModuleName.length() == 0) + throw new IllegalArgumentException ("module name cannot be null nor empty"); + + if (LoginModuleControlFlag.OPTIONAL != controlFlag && + LoginModuleControlFlag.REQUIRED != controlFlag && + LoginModuleControlFlag.REQUISITE != controlFlag && + LoginModuleControlFlag.SUFFICIENT != controlFlag) + throw new IllegalArgumentException ("invalid controlFlag"); + + if (options == null) + throw new IllegalArgumentException ("options cannot be null"); + + this.loginModuleName = loginModuleName; + this.controlFlag = controlFlag; + this.options = Collections.unmodifiableMap (new HashMap (options)); + } + + // Instance methods. + // ------------------------------------------------------------------------- + + public LoginModuleControlFlag getControlFlag() + { + return controlFlag; + } + + public String getLoginModuleName() + { + return loginModuleName; + } + + public Map getOptions() + { + return options; + } + + // Object methods ---------------------------------------------------------- + + public String toString() + { + + return loginModuleName + "\t" + + String.valueOf(controlFlag) + "\t" + + String.valueOf(options); + } + + // Inner class. + // ------------------------------------------------------------------------- + + public static class LoginModuleControlFlag + { + + // Constants. + // ----------------------------------------------------------------------- + + public static final LoginModuleControlFlag OPTIONAL = new LoginModuleControlFlag(); + public static final LoginModuleControlFlag REQUIRED = new LoginModuleControlFlag(); + public static final LoginModuleControlFlag REQUISITE = new LoginModuleControlFlag(); + public static final LoginModuleControlFlag SUFFICIENT = new LoginModuleControlFlag(); + + // Constructor. + // ----------------------------------------------------------------------- + + private LoginModuleControlFlag() + { + } + + // Instance methods. + // ----------------------------------------------------------------------- + + public String toString() + { + if (this == LoginModuleControlFlag.REQUIRED) + return "REQUIRED"; + if (this == LoginModuleControlFlag.REQUISITE) + return "REQUISITE"; + if (this == LoginModuleControlFlag.SUFFICIENT) + return "SUFFICIENT"; + if (this == LoginModuleControlFlag.OPTIONAL) + return "OPTIONAL"; + return "???"; + } + } +} diff --git a/libjava/classpath/javax/security/auth/login/Configuration.java b/libjava/classpath/javax/security/auth/login/Configuration.java new file mode 100644 index 000000000..fe56f8a59 --- /dev/null +++ b/libjava/classpath/javax/security/auth/login/Configuration.java @@ -0,0 +1,121 @@ +/* Configuration.java + Copyright (C) 2004, 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.security.auth.login; + +import gnu.javax.security.auth.login.GnuConfiguration; + +import java.security.AccessController; +import java.security.PrivilegedAction; +import java.security.Security; + +import javax.security.auth.AuthPermission; + +public abstract class Configuration +{ + // Fields. + // ------------------------------------------------------------------------- + + private static Configuration config; + + // Constructors. + // ------------------------------------------------------------------------- + + protected Configuration() + { + } + + // Class methods. + // ------------------------------------------------------------------------- + + public static synchronized Configuration getConfiguration() + { + SecurityManager sm = System.getSecurityManager(); + if (sm != null) + sm.checkPermission (new AuthPermission ("getLoginConfiguration")); + return getConfig(); + } + + public static synchronized void setConfiguration (Configuration config) + { + SecurityManager sm = System.getSecurityManager(); + if (sm != null) + sm.checkPermission (new AuthPermission ("setLoginConfiguration")); + Configuration.config = config; + } + + // Abstract methods. + // ------------------------------------------------------------------------- + + public abstract AppConfigurationEntry[] getAppConfigurationEntry (String applicationName); + + public abstract void refresh(); + + // Package-private methods. + // ------------------------------------------------------------------------- + + /** + * Get the current configuration, bypassing security checks. + */ + static Configuration getConfig() + { + if (config == null) + { + String conf = (String) AccessController.doPrivileged + (new PrivilegedAction() + { + public Object run() + { + return Security.getProperty ("login.configuration.provider"); + } + }); + try + { + if (conf != null) + config = (Configuration) Class.forName (conf).newInstance(); + else + config = new GnuConfiguration(); + } + catch (Exception x) + { + config = new GnuConfiguration(); + } + } + return config; + } +} diff --git a/libjava/classpath/javax/security/auth/login/CredentialException.java b/libjava/classpath/javax/security/auth/login/CredentialException.java new file mode 100644 index 000000000..980adde9e --- /dev/null +++ b/libjava/classpath/javax/security/auth/login/CredentialException.java @@ -0,0 +1,64 @@ +/* CredentialException.java -- generic credential exception + Copyright (C) 2005 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.security.auth.login; + +/** + * This is the base class for various credential-related exceptions. + * @since 1.5 + */ +public class CredentialException extends LoginException +{ + private static final long serialVersionUID = -4772893876810601859L; + + /** + * Create a new exception object. + */ + public CredentialException() + { + } + + /** + * Create a new exception with the given detail message. + * @param message the detail message + */ + public CredentialException(String message) + { + super(message); + } +} diff --git a/libjava/classpath/javax/security/auth/login/CredentialExpiredException.java b/libjava/classpath/javax/security/auth/login/CredentialExpiredException.java new file mode 100644 index 000000000..9827a3d86 --- /dev/null +++ b/libjava/classpath/javax/security/auth/login/CredentialExpiredException.java @@ -0,0 +1,64 @@ +/* CredentialExpiredException.java + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.security.auth.login; + +/** + * An exception that signals an attempt to login with a credential that + * has expired. + */ +public class CredentialExpiredException extends CredentialException +{ + + // Constant. + // ------------------------------------------------------------------------- + + private static final long serialVersionUID = -5344739593859737937L; + + // Constructors. + // ------------------------------------------------------------------------- + + public CredentialExpiredException() + { + } + + public CredentialExpiredException (String message) + { + super (message); + } +} diff --git a/libjava/classpath/javax/security/auth/login/CredentialNotFoundException.java b/libjava/classpath/javax/security/auth/login/CredentialNotFoundException.java new file mode 100644 index 000000000..08ac115e3 --- /dev/null +++ b/libjava/classpath/javax/security/auth/login/CredentialNotFoundException.java @@ -0,0 +1,65 @@ +/* CredentialNotFoundException.java -- exception thrown when credentials + expire + Copyright (C) 2005 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.security.auth.login; + +/** + * An exception that indicates that a credential was not found. + * @since 1.5 + */ +public class CredentialNotFoundException extends CredentialException +{ + private static final long serialVersionUID = -7779934467214319475L; + + /** + * Create a new exception. + */ + public CredentialNotFoundException() + { + } + + /** + * Create a new exception with the given detail message. + * @param message the detail message + */ + public CredentialNotFoundException(String message) + { + super(message); + } +} diff --git a/libjava/classpath/javax/security/auth/login/FailedLoginException.java b/libjava/classpath/javax/security/auth/login/FailedLoginException.java new file mode 100644 index 000000000..db975fbdd --- /dev/null +++ b/libjava/classpath/javax/security/auth/login/FailedLoginException.java @@ -0,0 +1,63 @@ +/* FailedLoginException.java + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.security.auth.login; + +/** + * An exception that signals that an attempt to login was unsuccessful. + */ +public class FailedLoginException extends LoginException +{ + + // Constant. + // ------------------------------------------------------------------------- + + private static final long serialVersionUID = 802556922354616286L; + + // Constructors. + // ------------------------------------------------------------------------- + + public FailedLoginException() + { + } + + public FailedLoginException (String message) + { + super (message); + } +} diff --git a/libjava/classpath/javax/security/auth/login/LoginContext.java b/libjava/classpath/javax/security/auth/login/LoginContext.java new file mode 100644 index 000000000..b2e4b97b6 --- /dev/null +++ b/libjava/classpath/javax/security/auth/login/LoginContext.java @@ -0,0 +1,265 @@ +/* LoginContext.java + Copyright (C) 2004, 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.security.auth.login; + +import gnu.java.security.action.GetSecurityPropertyAction; + +import java.security.AccessController; + +import java.util.HashMap; +import java.util.Map; + +import javax.security.auth.Subject; +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.spi.LoginModule; + +public class LoginContext +{ + + private static final String OTHER = "other"; + + private final String name; + private final CallbackHandler cbHandler; + private final Subject subject; + private final AppConfigurationEntry[] entries; + private final LoginModule[] modules; + private final Map sharedState; + + public LoginContext (final String name) throws LoginException + { + this (name, new Subject(), defaultHandler()); + } + + public LoginContext (final String name, final CallbackHandler cbHandler) + throws LoginException + { + this (name, new Subject(), cbHandler); + } + + public LoginContext (final String name, final Subject subject) + throws LoginException + { + this (name, subject, defaultHandler()); + } + + public LoginContext (final String name, final Subject subject, + final CallbackHandler cbHandler) + throws LoginException + { + this (name, subject, cbHandler, null); + } + + /** @since 1.5 */ + public LoginContext (final String name, final Subject subject, + final CallbackHandler cbHandler, + Configuration config) + throws LoginException + { + this.name = name; + this.subject = subject; + this.cbHandler = cbHandler; + if (config == null) + config = Configuration.getConfig(); + AppConfigurationEntry[] entries = config.getAppConfigurationEntry (name); + if (entries == null) + entries = config.getAppConfigurationEntry (OTHER); + if (entries == null) + throw new LoginException ("no configured modules for application " + + name); + this.entries = entries; + modules = new LoginModule[entries.length]; + sharedState = new HashMap(); + for (int i = 0; i < entries.length; i++) + modules[i] = lookupModule (entries[i], subject, sharedState); + } + + /** + * Returns the authenticated subject, or the parameter passed to one + * of the constructors. null is returned if the previous + * login attempt failed and there was no subject provided. + * + * @return The subject, or null. + */ + public Subject getSubject() + { + return subject; + } + + /** + * Logs a subject in, using all login modules configured for this + * application. This method will call the {@link LoginModule#login()} + * method of each module configured for this application, stopping + * if a REQUISITE module fails or if a SUFFICIENT module succeeds. If + * the overall login attempt fails, a {@link LoginException} will be + * thrown. + * + * @throws LoginException If logging in fails. + */ + public void login() throws LoginException + { + boolean failure = false; + for (int i = 0; i < modules.length; i++) + { + try + { + boolean result = modules[i].login(); + if (!result) + { + if (entries[i].getControlFlag() == + AppConfigurationEntry.LoginModuleControlFlag.REQUISITE) + throw new LoginException ("REQUISITE module " + entries[i].getLoginModuleName() + + " failed"); + else if (entries[i].getControlFlag() == + AppConfigurationEntry.LoginModuleControlFlag.REQUIRED) + failure = true; + } + else + { + if (entries[i].getControlFlag() == + AppConfigurationEntry.LoginModuleControlFlag.SUFFICIENT) + break; + } + } + catch (LoginException le) + { + if (entries[i].getControlFlag() != + AppConfigurationEntry.LoginModuleControlFlag.REQUISITE) + continue; + for (int j = 0; j < modules.length; j++) + modules[i].abort(); + throw le; + } + } + if (failure) + throw new LoginException ("not all REQUIRED modules succeeded"); + + for (int i = 0; i < modules.length; i++) + modules[i].commit(); + } + + /** + * Logs a subject out, cleaning up any state that may be in memory. + * + * @throws LoginException If logging out fails. + */ + public void logout() throws LoginException + { + for (int i = 0; i < modules.length; i++) + modules[i].logout(); + } + + // Own methods. + + /** + * Fetch the default callback handler, based on the + * auth.login.defaultCallbackHandler property, or null if it is not + * set. + */ + private static CallbackHandler defaultHandler() + { + GetSecurityPropertyAction act = + new GetSecurityPropertyAction ("auth.login.defaultCallbackHandler"); + String classname = (String) AccessController.doPrivileged (act); + if (classname != null) + { + try + { + return (CallbackHandler) Class.forName (classname).newInstance(); + } + catch (ClassNotFoundException cnfe) + { + return null; + } + catch (ClassCastException cce) + { + return null; + } + catch (IllegalAccessException iae) + { + return null; + } + catch (InstantiationException ie) + { + return null; + } + } + return null; + } + + private LoginModule lookupModule (AppConfigurationEntry entry, + Subject subject, Map sharedState) + throws LoginException + { + LoginModule module = null; + Exception cause = null; + try + { + ClassLoader cl = Thread.currentThread().getContextClassLoader(); + Class c = Class.forName(entry.getLoginModuleName(), true, cl); + module = (LoginModule) c.newInstance(); + } + catch (ClassNotFoundException cnfe) + { + cause = cnfe; + } + catch (ClassCastException cce) + { + cause = cce; + } + catch (IllegalAccessException iae) + { + cause = iae; + } + catch (InstantiationException ie) + { + cause = ie; + } + + if (cause != null) + { + LoginException le = new LoginException ("could not load module " + + entry.getLoginModuleName()); + le.initCause (cause); + throw le; + } + + module.initialize (subject, cbHandler, sharedState, entry.getOptions()); + return module; + } +} diff --git a/libjava/classpath/javax/security/auth/login/LoginException.java b/libjava/classpath/javax/security/auth/login/LoginException.java new file mode 100644 index 000000000..46ec33aed --- /dev/null +++ b/libjava/classpath/javax/security/auth/login/LoginException.java @@ -0,0 +1,65 @@ +/* LoginException.java + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.security.auth.login; + +import java.security.GeneralSecurityException; + +/** + * A general exception during authentication and authorization. + */ +public class LoginException extends GeneralSecurityException +{ + + // Constant. + // ------------------------------------------------------------------------- + + private static final long serialVersionUID = -4679091624035232488L; + + // Constructors. + // ------------------------------------------------------------------------- + + public LoginException() + { + } + + public LoginException (String message) + { + super (message); + } +} diff --git a/libjava/classpath/javax/security/auth/login/NullConfiguration.java b/libjava/classpath/javax/security/auth/login/NullConfiguration.java new file mode 100644 index 000000000..a3f0c9943 --- /dev/null +++ b/libjava/classpath/javax/security/auth/login/NullConfiguration.java @@ -0,0 +1,62 @@ +/* NullConfiguration.java -- no-op default login configuration. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.security.auth.login; + +final class NullConfiguration extends Configuration +{ + + // Contructor. + // ------------------------------------------------------------------------- + + NullConfiguration() + { + } + + // Instance methods. + // ------------------------------------------------------------------------- + + public AppConfigurationEntry[] getAppConfigurationEntry (String applicationName) + { + return null; + } + + public void refresh() + { + } +} diff --git a/libjava/classpath/javax/security/auth/login/package.html b/libjava/classpath/javax/security/auth/login/package.html new file mode 100644 index 000000000..dcb7710cc --- /dev/null +++ b/libjava/classpath/javax/security/auth/login/package.html @@ -0,0 +1,46 @@ + + + + +GNU Classpath - javax.security.auth.login + + +

+ + + diff --git a/libjava/classpath/javax/security/auth/package.html b/libjava/classpath/javax/security/auth/package.html new file mode 100644 index 000000000..9888552c9 --- /dev/null +++ b/libjava/classpath/javax/security/auth/package.html @@ -0,0 +1,46 @@ + + + + +GNU Classpath - javax.security.auth + + +

+ + + diff --git a/libjava/classpath/javax/security/auth/spi/LoginModule.java b/libjava/classpath/javax/security/auth/spi/LoginModule.java new file mode 100644 index 000000000..197cd692e --- /dev/null +++ b/libjava/classpath/javax/security/auth/spi/LoginModule.java @@ -0,0 +1,122 @@ +/* LoginModule.java -- interface for login implementations. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.security.auth.spi; + +import java.util.Map; + +import javax.security.auth.Subject; +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.login.LoginException; + +/** + * The base interface for login methods in the Java Authentication and + * Authorization Service (JAAS). + * + *

This interface is used by service providers that implement login + * services, and is used internally by the JAAS system. It is not useful + * to application programmers, who should use the {@link + * javax.security.auth.login.LoginContext} instead. + * + * @author Casey Marshall (csm@gnu.org) + */ +public interface LoginModule +{ + /** + * Abort the current login attempt. This is called after {@link #login()} + * if the overall login attempt fails (that is, if one of the other login + * modules that is REQUIRED or REQUISITE fails). This method should clean + * up this module's saved state, if any. + * + * @return True if the abort succeeded, or false if this module should + * be ignored. + * @throws LoginException If the abort fails. + */ + boolean abort() throws LoginException; + + /** + * Commit the current login attempt. This is called after {@link + * #login()} if the overall login attempt succeeds (that is, all + * methods have satisfied all REQUIRED, REQUISITE, SUFFICIENT and + * OPTIONAL module requirements). + * + * @return True if the commit succeeded, or false if this module + * should be ignored. + * @throws LoginException If the commit fails. + */ + boolean commit() throws LoginException; + + /** + * Initializes this login module. This method is called when the + * instance implementing this interface is instantiated, and should + * perform any initialization based on the given parameters. + * Implementations should ignore state variables and options they do + * not recognize. + * + * @param subject The subject being authenticated. + * @param handler The callback handler for user input. + * @param sharedState A mapping that is shared between all login + * modules. + * @param options A mapping of options given to this module. + */ + void initialize(Subject subject, CallbackHandler handler, + Map sharedState, Map options); + + /** + * Authenticates a subject to the system. This is the primary + * mechanism by which subjects are authenticated, and typically + * implementations will ask for credentials (for example, a user + * name and password) which will then be verified. + * + * @return True if the subject was authenticated, or false if this + * module should be ignored. + * @throws LoginException If this method fails. + */ + boolean login() throws LoginException; + + /** + * Logs a subject out. This is primarily used for modules that must + * destroy or remove the authentication state associated with a + * logged-in subject. + * + * @return True if the logout succeeds, or false if this module + * should be ignored. + * @throws LoginException If this method fails. + */ + boolean logout() throws LoginException; +} diff --git a/libjava/classpath/javax/security/auth/spi/package.html b/libjava/classpath/javax/security/auth/spi/package.html new file mode 100644 index 000000000..9f3de395e --- /dev/null +++ b/libjava/classpath/javax/security/auth/spi/package.html @@ -0,0 +1,46 @@ + + + + +GNU Classpath - javax.security.auth.spi + + +

+ + + diff --git a/libjava/classpath/javax/security/auth/x500/X500Principal.java b/libjava/classpath/javax/security/auth/x500/X500Principal.java new file mode 100644 index 000000000..0a1e8c665 --- /dev/null +++ b/libjava/classpath/javax/security/auth/x500/X500Principal.java @@ -0,0 +1,556 @@ +/* X500Principal.java -- X.500 principal. + Copyright (C) 2003, 2004, 2005 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.security.auth.x500; + +import gnu.java.lang.CPStringBuilder; + +import gnu.java.security.OID; +import gnu.java.security.der.DER; +import gnu.java.security.der.DERReader; +import gnu.java.security.der.DERValue; + +import java.io.ByteArrayInputStream; +import java.io.EOFException; +import java.io.IOException; +import java.io.InputStream; +import java.io.NotActiveException; +import java.io.ObjectInputStream; +import java.io.ObjectOutputStream; +import java.io.Reader; +import java.io.Serializable; +import java.io.StringReader; + +import java.security.Principal; + +import java.util.ArrayList; +import java.util.HashSet; +import java.util.Iterator; +import java.util.LinkedHashMap; +import java.util.LinkedList; +import java.util.List; +import java.util.Locale; +import java.util.Map; +import java.util.Set; + +public final class X500Principal implements Principal, Serializable +{ + private static final long serialVersionUID = -500463348111345721L; + + // Constants and fields. + // ------------------------------------------------------------------------ + + public static final String CANONICAL = "CANONICAL"; + public static final String RFC1779 = "RFC1779"; + public static final String RFC2253 = "RFC2253"; + + private static final OID CN = new OID("2.5.4.3"); + private static final OID C = new OID("2.5.4.6"); + private static final OID L = new OID("2.5.4.7"); + private static final OID ST = new OID("2.5.4.8"); + private static final OID STREET = new OID("2.5.4.9"); + private static final OID O = new OID("2.5.4.10"); + private static final OID OU = new OID("2.5.4.11"); + private static final OID DC = new OID("0.9.2342.19200300.100.1.25"); + private static final OID UID = new OID("0.9.2342.19200300.100.1.1"); + + private transient List components; + private transient Map currentRdn; + private transient boolean fixed; + private transient byte[] encoded; + + // Constructors. + // ------------------------------------------------------------------------ + + private X500Principal() + { + components = new LinkedList(); + currentRdn = new LinkedHashMap(); + components.add (currentRdn); + } + + public X500Principal (String name) + { + this(); + if (name == null) + throw new NullPointerException(); + try + { + parseString (name); + } + catch (IOException ioe) + { + IllegalArgumentException iae = new IllegalArgumentException("malformed name"); + iae.initCause (ioe); + throw iae; + } + } + + public X500Principal (byte[] encoded) + { + this(new ByteArrayInputStream (encoded)); + } + + public X500Principal (InputStream encoded) + { + this(); + try + { + parseDer (encoded); + } + catch (IOException ioe) + { + throw new IllegalArgumentException (ioe.toString()); + } + } + + // Instance methods. + // ------------------------------------------------------------------------ + + public int hashCode() + { + int result = size(); + for (int i = 0; i < size(); ++i) + { + Map m = (Map) components.get(i); + for (Iterator it2 = m.entrySet().iterator(); it2.hasNext(); ) + { + Map.Entry e = (Map.Entry) it2.next(); + // We don't bother looking at the value of the entry. + result = result * 31 + ((OID) e.getKey()).hashCode(); + } + } + return result; + } + + public boolean equals(Object o) + { + if (!(o instanceof X500Principal)) + return false; + if (size() != ((X500Principal) o).size()) + return false; + for (int i = 0; i < size(); i++) + { + Map m = (Map) components.get (i); + for (Iterator it2 = m.entrySet().iterator(); it2.hasNext(); ) + { + Map.Entry e = (Map.Entry) it2.next(); + OID oid = (OID) e.getKey(); + String v1 = (String) e.getValue(); + String v2 = ((X500Principal) o).getComponent (oid, i); + if (v2 == null) + return false; + if (!compressWS (v1).equalsIgnoreCase (compressWS (v2))) + return false; + } + } + return true; + } + + public byte[] getEncoded() + { + if (encoded == null) + encodeDer(); + return (byte[]) encoded.clone(); + } + + public String getName() + { + return getName (RFC2253); + } + + public String getName (final String format) + { + boolean rfc2253 = RFC2253.equalsIgnoreCase (format) || + CANONICAL.equalsIgnoreCase (format); + boolean rfc1779 = RFC1779.equalsIgnoreCase (format); + boolean canon = CANONICAL.equalsIgnoreCase (format); + if (! (rfc2253 || rfc1779 || canon)) + throw new IllegalArgumentException ("unsupported format " + format); + CPStringBuilder str = new CPStringBuilder(); + for (Iterator it = components.iterator(); it.hasNext(); ) + { + Map m = (Map) it.next(); + for (Iterator it2 = m.entrySet().iterator(); it2.hasNext(); ) + { + Map.Entry entry = (Map.Entry) it2.next(); + OID oid = (OID) entry.getKey(); + String value = (String) entry.getValue(); + if (oid.equals (CN)) + str.append ("CN"); + else if (oid.equals (C)) + str.append ("C"); + else if (oid.equals (L)) + str.append ("L"); + else if (oid.equals (ST)) + str.append ("ST"); + else if (oid.equals (STREET)) + str.append ("STREET"); + else if (oid.equals (O)) + str.append ("O"); + else if (oid.equals (OU)) + str.append ("OU"); + else if (oid.equals (DC) && rfc2253) + str.append ("DC"); + else if (oid.equals (UID) && rfc2253) + str.append ("UID"); + else + str.append (oid.toString()); + str.append('='); + str.append(value); + if (it2.hasNext()) + str.append('+'); + } + if (it.hasNext()) + str.append(','); + } + if (canon) + return str.toString().toUpperCase (Locale.US).toLowerCase (Locale.US); + return str.toString(); + } + + public String toString() + { + return getName (RFC2253); + } + + // Serialization methods. + // ------------------------------------------------------------------------ + + private void writeObject (ObjectOutputStream out) throws IOException + { + if (encoded != null) + encodeDer(); + out.writeObject (encoded); + } + + private void readObject (ObjectInputStream in) + throws IOException, NotActiveException, ClassNotFoundException + { + byte[] buf = (byte[]) in.readObject(); + parseDer (new ByteArrayInputStream (buf)); + } + + // Own methods. + // ------------------------------------------------------------------------- + + private int size() + { + return components.size(); + } + + private String getComponent(OID oid, int rdn) + { + if (rdn >= size()) + return null; + return (String) ((Map) components.get (rdn)).get (oid); + } + + private void encodeDer() + { + ArrayList name = new ArrayList(components.size()); + for (Iterator it = components.iterator(); it.hasNext(); ) + { + Map m = (Map) it.next(); + if (m.isEmpty()) + continue; + Set rdn = new HashSet(); + for (Iterator it2 = m.entrySet().iterator(); it2.hasNext(); ) + { + Map.Entry e = (Map.Entry) it2.next(); + ArrayList atav = new ArrayList(2); + atav.add(new DERValue(DER.OBJECT_IDENTIFIER, e.getKey())); + atav.add(new DERValue(DER.UTF8_STRING, e.getValue())); + rdn.add(new DERValue(DER.SEQUENCE|DER.CONSTRUCTED, atav)); + } + name.add(new DERValue(DER.SET|DER.CONSTRUCTED, rdn)); + } + DERValue val = new DERValue(DER.SEQUENCE|DER.CONSTRUCTED, name); + encoded = val.getEncoded(); + } + + private int sep; + + private void parseString(String str) throws IOException + { + Reader in = new StringReader(str); + while (true) + { + String key = readAttributeType(in); + if (key == null) + break; + String value = readAttributeValue(in); + putComponent(key, value); + if (sep == ',') + newRelativeDistinguishedName(); + if (sep == -1) + break; + } + } + + private String readAttributeType(Reader in) throws IOException + { + CPStringBuilder buf = new CPStringBuilder(); + int ch; + while ((ch = in.read()) != '=') + { + if (ch == -1) + { + if (buf.length() > 0) + throw new EOFException("partial name read: " + buf); + return null; + } + if (ch > 127) + throw new IOException("Invalid char: " + (char) ch); + if (Character.isLetterOrDigit((char) ch) || ch == '-' || ch == '.') + buf.append((char) ch); + else + throw new IOException("Invalid char: " + (char) ch); + } + return buf.toString(); + } + + private String readAttributeValue(Reader in) throws IOException + { + CPStringBuilder buf = new CPStringBuilder(); + int ch = in.read(); + if (ch == '#') + { + while (true) + { + ch = in.read(); + if (('a' <= ch && ch <= 'f') || ('A' <= ch && ch <= 'F') + || Character.isDigit((char) ch)) + buf.append((char) ch); + else if (ch == '+' || ch == ',') + { + sep = ch; + String hex = buf.toString(); + return new String(toByteArray(hex)); + } + else + throw new IOException("illegal character: " + (char) ch); + } + } + else if (ch == '"') + { + while (true) + { + ch = in.read(); + if (ch == '"') + break; + else if (ch == '\\') + { + ch = in.read(); + if (ch == -1) + throw new EOFException(); + if (('a' <= ch && ch <= 'f') || ('A' <= ch && ch <= 'F') + || Character.isDigit((char) ch)) + { + int i = Character.digit((char) ch, 16) << 4; + ch = in.read(); + if (!(('a' <= ch && ch <= 'f') || ('A' <= ch && ch <= 'F') + || Character.isDigit((char) ch))) + throw new IOException("illegal hex char"); + i |= Character.digit((char) ch, 16); + buf.append((char) i); + } + else + buf.append((char) ch); + } + else + buf.append((char) ch); + } + sep = in.read(); + if (sep != '+' && sep != ',') + throw new IOException("illegal character: " + (char) ch); + return buf.toString(); + } + else + { + while (true) + { + switch (ch) + { + case '+': + case ',': + sep = ch; + return buf.toString(); + case '\\': + ch = in.read(); + if (ch == -1) + throw new EOFException(); + if (('a' <= ch && ch <= 'f') || ('A' <= ch && ch <= 'F') + || Character.isDigit((char) ch)) + { + int i = Character.digit((char) ch, 16) << 4; + ch = in.read(); + if (!(('a' <= ch && ch <= 'f') || ('A' <= ch && ch <= 'F') + || Character.isDigit((char) ch))) + throw new IOException("illegal hex char"); + i |= Character.digit((char) ch, 16); + buf.append((char) i); + } + else + buf.append((char) ch); + break; + case '=': + case '<': + case '>': + case '#': + case ';': + throw new IOException("illegal character: " + (char) ch); + case -1: + sep = -1; + return buf.toString (); + default: + buf.append((char) ch); + } + ch = in.read (); + } + } + } + + private void parseDer (InputStream encoded) throws IOException + { + DERReader der = new DERReader (encoded); + DERValue name = der.read(); + if (!name.isConstructed()) + throw new IOException ("malformed Name"); + this.encoded = name.getEncoded(); + int len = 0; + while (len < name.getLength()) + { + DERValue rdn = der.read(); + if (!rdn.isConstructed()) + throw new IOException ("badly formed RDNSequence"); + int len2 = 0; + while (len2 < rdn.getLength()) + { + DERValue atav = der.read(); + if (!atav.isConstructed()) + throw new IOException ("badly formed AttributeTypeAndValue"); + DERValue val = der.read(); + if (val.getTag() != DER.OBJECT_IDENTIFIER) + throw new IOException ("badly formed AttributeTypeAndValue"); + OID oid = (OID) val.getValue(); + val = der.read(); + if (!(val.getValue() instanceof String)) + throw new IOException ("badly formed AttributeTypeAndValue"); + String value = (String) val.getValue(); + putComponent(oid, value); + len2 += atav.getEncodedLength(); + } + len += rdn.getEncodedLength(); + if (len < name.getLength()) + newRelativeDistinguishedName(); + } + } + + private void newRelativeDistinguishedName() + { + currentRdn = new LinkedHashMap(); + components.add(currentRdn); + } + + private void putComponent(OID oid, String value) + { + currentRdn.put(oid, value); + } + + private void putComponent(String name, String value) + { + name = name.trim().toLowerCase(); + if (name.equals("cn")) + putComponent(CN, value); + else if (name.equals("c")) + putComponent(C, value); + else if (name.equals("l")) + putComponent(L, value); + else if (name.equals("street")) + putComponent(STREET, value); + else if (name.equals("st")) + putComponent(ST, value); + else if (name.equals ("o")) + putComponent (O, value); + else if (name.equals ("ou")) + putComponent (OU, value); + else if (name.equals("dc")) + putComponent(DC, value); + else if (name.equals("uid")) + putComponent(UID, value); + else + putComponent(new OID(name), value); + } + + private static String compressWS(String str) + { + CPStringBuilder buf = new CPStringBuilder(); + char lastChar = 0; + for (int i = 0; i < str.length(); i++) + { + char c = str.charAt(i); + if (Character.isWhitespace(c)) + { + if (!Character.isWhitespace(lastChar)) + buf.append(' '); + } + else + buf.append(c); + lastChar = c; + } + return buf.toString().trim(); + } + + private static byte[] toByteArray (String str) + { + int limit = str.length(); + byte[] result = new byte[((limit + 1) / 2)]; + int i = 0, j = 0; + if ((limit % 2) == 1) + { + result[j++] = (byte) Character.digit (str.charAt(i++), 16); + } + while (i < limit) + { + result[j ] = (byte) (Character.digit (str.charAt(i++), 16) << 4); + result[j++] |= (byte) Character.digit (str.charAt(i++), 16); + } + return result; + } +} diff --git a/libjava/classpath/javax/security/auth/x500/X500PrivateCredential.java b/libjava/classpath/javax/security/auth/x500/X500PrivateCredential.java new file mode 100644 index 000000000..8cba93c6f --- /dev/null +++ b/libjava/classpath/javax/security/auth/x500/X500PrivateCredential.java @@ -0,0 +1,149 @@ +/* X500PrivateCredential.java -- certificate and private key pair. + Copyright (C) 2003, 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.security.auth.x500; + +import java.security.PrivateKey; +import java.security.cert.X509Certificate; + +import javax.security.auth.Destroyable; + +/** + * A pairing of a {@link X509Certificate} and its corresponding {@link + * PrivateKey}, with an optional keystore alias. + */ +public final class X500PrivateCredential implements Destroyable +{ + + // Fields. + // ------------------------------------------------------------------------- + + private PrivateKey key; + private X509Certificate certificate; + private String alias; + + // Constructors. + // ------------------------------------------------------------------------- + + /** + * Creates a new private credential with no associated keystore alias. + * + * @param certificate The X.509 certificate. + * @param key The private key. + * @throws IllegalArgumentException If either parameter is null. + */ + public X500PrivateCredential (X509Certificate certificate, PrivateKey key) + { + if (certificate == null || key == null) + throw new IllegalArgumentException(); + this.certificate = certificate; + this.key = key; + } + + /** + * Creates a new private credential with a keystore alias. + * + * @param certificate The X.509 certificate. + * @param key The private key. + * @param alias The keystore alias for this credential. + * @throws IllegalArgumentException If any parameter is null. + */ + public X500PrivateCredential (X509Certificate certificate, PrivateKey key, + String alias) + { + this (certificate, key); + if (alias == null) + throw new IllegalArgumentException(); + this.alias = alias; + } + + // Instance methods. + // ------------------------------------------------------------------------- + + /** + * Returns the certificate of this credential. + * + * @return The certificate of this credential. + */ + public X509Certificate getCertificate() + { + return certificate; + } + + /** + * Returns the private key of this credential. + * + * @return The private key of this credential. + */ + public PrivateKey getPrivateKey() + { + return key; + } + + /** + * Returns the keystore alias of this credential, or null if not present. + * + * @return The keystore alias, or null. + */ + public String getAlias() + { + return alias; + } + + /** + * Destroy the sensitive data of this credential, setting the certificate, + * private key, and keystore alias to null. + */ + public void destroy() + { + certificate = null; + key = null; + alias = null; + } + + /** + * Tells whether or not this credential has been destroyed, and that + * the certificate and private key fields are null. + * + * @return True if this object has been destroyed. + */ + public boolean isDestroyed() + { + return certificate == null && key == null; + } +} diff --git a/libjava/classpath/javax/security/auth/x500/package.html b/libjava/classpath/javax/security/auth/x500/package.html new file mode 100644 index 000000000..449be814f --- /dev/null +++ b/libjava/classpath/javax/security/auth/x500/package.html @@ -0,0 +1,46 @@ + + + + +GNU Classpath - javax.security.auth.x500 + + +

+ + + diff --git a/libjava/classpath/javax/security/cert/Certificate.java b/libjava/classpath/javax/security/cert/Certificate.java new file mode 100644 index 000000000..50c7340fb --- /dev/null +++ b/libjava/classpath/javax/security/cert/Certificate.java @@ -0,0 +1,176 @@ +/* Certificate.java -- base class of public-key certificates. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.security.cert; + +import java.security.InvalidKeyException; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.PublicKey; +import java.security.SignatureException; + +import java.util.Arrays; +import java.util.zip.Adler32; + +/** + *

The base class for public-key certificates.

+ * + *

This class is deprecated in favor of the {@link + * java.security.cert.Certificate} class. It should not be used in new + * applications.

+ */ +public abstract class Certificate +{ + + // Constructors. + // ------------------------------------------------------------------------- + + public Certificate() + { + super(); + } + + // Instance methods. + // ------------------------------------------------------------------------- + + /** + *

Tests if this certificate equals another.

+ * + * @param other The object to test. + * @return True if the certificates are equal. + */ + public boolean equals(Object other) + { + if (other == null || !(other instanceof Certificate)) + { + return false; + } + if (other == this) + { + return true; + } + try + { + return Arrays.equals(getEncoded(), ((Certificate) other).getEncoded()); + } + catch (CertificateEncodingException cee) + { + return false; + } + } + + /** + *

Computes a hash code for this certificate.

+ * + * @return The hash code. + */ + public int hashCode() + { + try + { + Adler32 csum = new Adler32(); + csum.update(getEncoded()); + return (int) csum.getValue(); + } + catch (CertificateEncodingException cee) + { + return 0; + } + } + + // Abstract methods. + // ------------------------------------------------------------------------- + + /** + *

Return the encoded form of this certificate.

+ * + * @return The encoded form. + * @throws CertificateEncodingException If the certificate could not be + * encoded. + */ + public abstract byte[] getEncoded() throws CertificateEncodingException; + + /** + *

Verifies the signature of this certificate.

+ * + * @param key The signer's public key. + * @throws CertificateException + * @throws NoSuchAlgorithmException If the algorithm used to sign the + * certificate is not available. + * @throws InvalidKeyException If the supplied key is not appropriate for the + * certificate's signature algorithm. + * @throws NoSuchProviderException + * @throws SignatureException If the signature could not be verified. + */ + public abstract void verify(PublicKey key) + throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, + NoSuchProviderException, SignatureException; + + /** + *

Verifies the signature of this certificate, using the specified security + * provider.

+ * + * @param key The signer's public key. + * @param sigProvider The name of the signature provider. + * @throws CertificateException + * @throws NoSuchAlgorithmException If the algorithm used to sign the + * certificate is not available. + * @throws InvalidKeyException If the supplied key is not appropriate for the + * certificate's signature algorithm. + * @throws NoSuchProviderException If sigProvider is not the name of an + * installed provider. + * @throws SignatureException If the signature could not be verified. + */ + public abstract void verify(PublicKey key, String sigProvider) + throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, + NoSuchProviderException, SignatureException; + + /** + *

Returns a printable representation of this certificate.

+ * + * @return The string. + */ + public abstract String toString(); + + /** + *

Returns this certificate's public key.

+ * + * @return The public key. + */ + public abstract PublicKey getPublicKey(); +} diff --git a/libjava/classpath/javax/security/cert/CertificateEncodingException.java b/libjava/classpath/javax/security/cert/CertificateEncodingException.java new file mode 100644 index 000000000..47aedcf05 --- /dev/null +++ b/libjava/classpath/javax/security/cert/CertificateEncodingException.java @@ -0,0 +1,60 @@ +/* CertificateEncodingException.java -- certificate encoding exception. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.security.cert; + +/** + *

Signals a problem when encoding certificates.

+ * + *

This class is deprecated in favor of the {@link + * java.security.cert.CertificateEncodingException} class. It should not be used + * in new applications.

+ */ +public class CertificateEncodingException extends CertificateException +{ + + public CertificateEncodingException() + { + super(); + } + + public CertificateEncodingException(String msg) + { + super(msg); + } +} diff --git a/libjava/classpath/javax/security/cert/CertificateException.java b/libjava/classpath/javax/security/cert/CertificateException.java new file mode 100644 index 000000000..270cc926f --- /dev/null +++ b/libjava/classpath/javax/security/cert/CertificateException.java @@ -0,0 +1,60 @@ +/* CertificateException.java -- certificate exception. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.security.cert; + +/** + *

Signals a generic problem with certificates.

+ * + *

This class is deprecated in favor of the {@link + * java.security.cert.CertificateException} class. It should not be used in new + * applications.

+ */ +public class CertificateException extends Exception +{ + + public CertificateException() + { + super(); + } + + public CertificateException(String msg) + { + super(msg); + } +} diff --git a/libjava/classpath/javax/security/cert/CertificateExpiredException.java b/libjava/classpath/javax/security/cert/CertificateExpiredException.java new file mode 100644 index 000000000..3a8c0515e --- /dev/null +++ b/libjava/classpath/javax/security/cert/CertificateExpiredException.java @@ -0,0 +1,60 @@ +/* CertificateExpiredException.java -- certificate expired exception. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.security.cert; + +/** + *

Signals that a certificate has expired.

+ * + *

This class is deprecated in favor of the {@link + * java.security.cert.CertificateExpiredException} class. It should not be used + * in new applications.

+ */ +public class CertificateExpiredException extends CertificateException +{ + + public CertificateExpiredException() + { + super(); + } + + public CertificateExpiredException(String msg) + { + super(msg); + } +} diff --git a/libjava/classpath/javax/security/cert/CertificateNotYetValidException.java b/libjava/classpath/javax/security/cert/CertificateNotYetValidException.java new file mode 100644 index 000000000..22a7c4a22 --- /dev/null +++ b/libjava/classpath/javax/security/cert/CertificateNotYetValidException.java @@ -0,0 +1,60 @@ +/* CertificateNotYetValidException.java -- certificate not yet valid exception. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.security.cert; + +/** + *

Signals that a certificate is not yet valid.

+ * + *

This class is deprecated in favor of the {@link + * java.security.cert.CertificateNotYetValidException} class. It should not be + * used in new applications.

+ */ +public class CertificateNotYetValidException extends CertificateException +{ + + public CertificateNotYetValidException() + { + super(); + } + + public CertificateNotYetValidException(String msg) + { + super(msg); + } +} diff --git a/libjava/classpath/javax/security/cert/CertificateParsingException.java b/libjava/classpath/javax/security/cert/CertificateParsingException.java new file mode 100644 index 000000000..f359f8d7a --- /dev/null +++ b/libjava/classpath/javax/security/cert/CertificateParsingException.java @@ -0,0 +1,59 @@ +/* CertificateParsingException.java -- certificate parsing exception. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.security.cert; + +/** + *

Signals a parsing error when decoding a certificate.

+ * + *

This class is deprecated. It should not be used in new + * applications.

+ */ +public class CertificateParsingException extends CertificateException +{ + + public CertificateParsingException() + { + super(); + } + + public CertificateParsingException(String msg) + { + super(msg); + } +} diff --git a/libjava/classpath/javax/security/cert/X509CertBridge.java b/libjava/classpath/javax/security/cert/X509CertBridge.java new file mode 100644 index 000000000..36fc4202a --- /dev/null +++ b/libjava/classpath/javax/security/cert/X509CertBridge.java @@ -0,0 +1,201 @@ +/* X509CertBridge.java -- bridge between JDK and JSSE cert APIs. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.security.cert; + +import java.math.BigInteger; +import java.security.InvalidKeyException; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.Principal; +import java.security.PublicKey; +import java.security.SignatureException; +import java.util.Date; + +/** + *

An implementation of the {@link X509Certificate} class that delegates + * calls to a {@link java.security.cert.X509Certificate}.

+ */ +final class X509CertBridge extends X509Certificate +{ + + // Fields. + // ------------------------------------------------------------------------- + + private java.security.cert.X509Certificate cert; + + // Constructor. + // ------------------------------------------------------------------------- + + X509CertBridge(java.security.cert.X509Certificate cert) + { + this.cert = cert; + } + + // Instance methods. + // ------------------------------------------------------------------------- + + public byte[] getEncoded() throws CertificateEncodingException + { + try + { + return cert.getEncoded(); + } + catch (java.security.cert.CertificateEncodingException cee) + { + throw new CertificateEncodingException(cee.getMessage()); + } + } + + public void verify(PublicKey key) + throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, + NoSuchProviderException, SignatureException + { + try + { + cert.verify(key); + } + catch (java.security.cert.CertificateException ce) + { + throw new CertificateException(ce.getMessage()); + } + } + + public void verify(PublicKey key, String sigProvider) + throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, + NoSuchProviderException, SignatureException + { + try + { + cert.verify(key, sigProvider); + } + catch (java.security.cert.CertificateException ce) + { + throw new CertificateException(ce.getMessage()); + } + } + + public String toString() + { + return cert.toString(); + } + + public PublicKey getPublicKey() + { + return cert.getPublicKey(); + } + + public void checkValidity() + throws CertificateExpiredException, CertificateNotYetValidException + { + try + { + cert.checkValidity(); + } + catch (java.security.cert.CertificateExpiredException cee) + { + throw new CertificateExpiredException(cee.getMessage()); + } + catch (java.security.cert.CertificateNotYetValidException cnyve) + { + throw new CertificateNotYetValidException(cnyve.getMessage()); + } + } + + public void checkValidity(Date date) + throws CertificateExpiredException, CertificateNotYetValidException + { + try + { + cert.checkValidity(date); + } + catch (java.security.cert.CertificateExpiredException cee) + { + throw new CertificateExpiredException(cee.getMessage()); + } + catch (java.security.cert.CertificateNotYetValidException cnyve) + { + throw new CertificateNotYetValidException(cnyve.getMessage()); + } + } + + public int getVersion() + { + return cert.getVersion(); + } + + public BigInteger getSerialNumber() + { + return cert.getSerialNumber(); + } + + public Principal getIssuerDN() + { + return cert.getIssuerDN(); + } + + public Principal getSubjectDN() + { + return cert.getSubjectDN(); + } + + public Date getNotBefore() + { + return cert.getNotBefore(); + } + + public Date getNotAfter() + { + return cert.getNotAfter(); + } + + public String getSigAlgName() + { + return cert.getSigAlgName(); + } + + public String getSigAlgOID() + { + return cert.getSigAlgOID(); + } + + public byte[] getSigAlgParams() + { + return cert.getSigAlgParams(); + } +} diff --git a/libjava/classpath/javax/security/cert/X509Certificate.java b/libjava/classpath/javax/security/cert/X509Certificate.java new file mode 100644 index 000000000..e7f6b05e4 --- /dev/null +++ b/libjava/classpath/javax/security/cert/X509Certificate.java @@ -0,0 +1,189 @@ +/* X509Certificate.java -- base class of X.509 certificates. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.security.cert; + +import java.io.ByteArrayInputStream; +import java.io.InputStream; + +import java.math.BigInteger; + +import java.security.Principal; +import java.security.cert.CertificateFactory; + +import java.util.Date; + +/** + *

The base class of all X.509 certificates.

+ * + *

This class is deprecated in favor of the {@link + * java.security.cert.X509Certificate} class. It should not be used in new + * applications.

+ */ +public abstract class X509Certificate extends Certificate +{ + + // Class methods. + // ------------------------------------------------------------------------- + + /** + *

Get an instance of X509Certificate for the given encoded bytes.

+ * + * @param encoded The encoded certificate. + * @return An instance of X509Certificate. + * @throws CertificateException If the encoded certificate cannot be parsed. + */ + public static X509Certificate getInstance(byte[] encoded) + throws CertificateException + { + return getInstance(new ByteArrayInputStream(encoded)); + } + + /** + *

Get an instance of X509Certificate for the given encoded stream.

+ * + * @param encoded The encoded certificate stream.. + * @return An instance of X509Certificate. + * @throws CertificateException If the encoded certificate cannot be parsed. + */ + public static X509Certificate getInstance(InputStream encoded) + throws CertificateException + { + try + { + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + return new X509CertBridge((java.security.cert.X509Certificate) + cf.generateCertificate(encoded)); + } + catch (java.security.cert.CertificateException ce) + { + throw new CertificateException(ce.getMessage()); + } + } + + // Abstract methods. + // ------------------------------------------------------------------------- + + /** + *

Check if this certificate is valid now.

+ * + * @throws CertificateExpiredException If the certificate has expired. + * @throws CertificateNotYetValidException If the certificate is not yet valid. + * @see #checkValidity(java.util.Date) + */ + public abstract void checkValidity() + throws CertificateExpiredException, CertificateNotYetValidException; + + /** + *

Check if this certificate is valid for the given date.

+ * + * @param date The date to check. + * @throws CertificateExpiredException If the certificate has expired. + * @throws CertificateNotYetValidException If the certificate is not yet valid. + */ + public abstract void checkValidity(Date date) + throws CertificateExpiredException, CertificateNotYetValidException; + + /** + *

Returns the X.509 version number.

+ * + * @return The version number. + */ + public abstract int getVersion(); + + /** + *

Returns this certificate's serial number.

+ * + * @return The serial number. + */ + public abstract BigInteger getSerialNumber(); + + /** + *

Returns the distinguished name of this certificate's issuer.

+ * + * @return The issuer's distinguished name. + */ + public abstract Principal getIssuerDN(); + + /** + *

Returns the distinguished name of this certificate's subject.

+ * + * @return The subject's distinguished name. + */ + public abstract Principal getSubjectDN(); + + /** + *

Returns the not before portion of this certificate's validity + * period.

+ * + * @return The not before date. + */ + public abstract Date getNotBefore(); + + /** + *

Returns the not after portion of this certificate's validity + * period.

+ * + * @return The not after date. + */ + public abstract Date getNotAfter(); + + /** + *

Returns the name of this certificate's signature algorithm.

+ * + * @return The name of the signature algorithm. + */ + public abstract String getSigAlgName(); + + /** + *

Returns the object identifier (OID) of this certificate's signature + * algorithm. The returned string is a sequence of integers separated by + * periods.

+ * + * @return The signature OID. + */ + public abstract String getSigAlgOID(); + + /** + *

Returns the signature parameters. The returned byte array contains the + * raw DER-encoded parameters.

+ * + * @return The signature parameters. + */ + public abstract byte[] getSigAlgParams(); +} diff --git a/libjava/classpath/javax/security/cert/package.html b/libjava/classpath/javax/security/cert/package.html new file mode 100644 index 000000000..7c6e88717 --- /dev/null +++ b/libjava/classpath/javax/security/cert/package.html @@ -0,0 +1,46 @@ + + + + +GNU Classpath - javax.security.cert + + +

+ + + diff --git a/libjava/classpath/javax/security/package.html b/libjava/classpath/javax/security/package.html new file mode 100644 index 000000000..bbc295674 --- /dev/null +++ b/libjava/classpath/javax/security/package.html @@ -0,0 +1,46 @@ + + + + +GNU Classpath - javax.security + + +

+ + + diff --git a/libjava/classpath/javax/security/sasl/AuthenticationException.java b/libjava/classpath/javax/security/sasl/AuthenticationException.java new file mode 100644 index 000000000..0f674645d --- /dev/null +++ b/libjava/classpath/javax/security/sasl/AuthenticationException.java @@ -0,0 +1,107 @@ +/* AuthenticationException.java -- + Copyright (C) 2003, 2004, 2005 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.security.sasl; + +/** + *

This exception is thrown by a SASL mechanism implementation to indicate + * that the SASL exchange has failed due to reasons related to authentication, + * such as an invalid identity, passphrase, or key.

+ * + *

Note that the lack of an AuthenticationException does not + * mean that the failure was not due to an authentication error. A SASL + * mechanism implementation might throw the more general {@link SaslException} + * instead of AuthenticationException if it is unable to determine + * the nature of the failure, or if does not want to disclose the nature of the + * failure, for example, due to security reasons.

+ * + * @since 1.5 + */ +public class AuthenticationException extends SaslException +{ + + // Constants and variables + // ------------------------------------------------------------------------- + + // Constructor(s) + // ------------------------------------------------------------------------- + + /** + * Constructs a new instance of AuthenticationException. The + * root exception and the detailed message are null. + */ + public AuthenticationException() + { + super(); + } + + /** + * Constructs a new instance of AuthenticationException with a + * detailed message. The root exception is null. + * + * @param detail a possibly null string containing details of + * the exception. + * @see Throwable#getMessage() + */ + public AuthenticationException(String detail) + { + super(detail); + } + + /** + * Constructs a new instance of AuthenticationException with a + * detailed message and a root exception. + * + * @param detail a possibly null string containing details of + * the exception. + * @param ex a possibly null root exception that caused this + * exception. + * @see Throwable#getMessage() + * @see SaslException#getCause() + */ + public AuthenticationException(String detail, Throwable ex) + { + super(detail, ex); + } + + // Class methods + // ------------------------------------------------------------------------- + + // Instance methods + // ------------------------------------------------------------------------- +} diff --git a/libjava/classpath/javax/security/sasl/AuthorizeCallback.java b/libjava/classpath/javax/security/sasl/AuthorizeCallback.java new file mode 100644 index 000000000..fa3b29a3d --- /dev/null +++ b/libjava/classpath/javax/security/sasl/AuthorizeCallback.java @@ -0,0 +1,175 @@ +/* AuthorizeCallback.java -- + Copyright (C) 2003, 2004, 2005 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.security.sasl; + +import java.io.Serializable; +import javax.security.auth.callback.Callback; + +/** + * This callback is used by {@link SaslServer} to determine whether one entity + * (identified by an authenticated authentication ID) can act on behalf of + * another entity (identified by an authorization ID). + * + * @since 1.5 + */ +public class AuthorizeCallback implements Callback, Serializable +{ + // Constants and variables + // ------------------------------------------------------------------------- + + private static final long serialVersionUID = -2353344186490470805L; + + /** @serial The (authenticated) authentication id to check. */ + private String authenticationID = null; + + /** @serial The authorization id to check. */ + private String authorizationID = null; + + /** + * @serial The id of the authorized entity. If null, the id of the authorized + * entity is authorizationID. + */ + private String authorizedID = null; + + /** + * @serial A flag indicating whether the authentication id is allowed to act + * on behalf of the authorization id. + */ + private boolean authorized = false; + + // Constructor(s) + // ------------------------------------------------------------------------- + + /** + * Constructs an instance of AuthorizeCallback. + * + * @param authnID the (authenticated) authentication ID. + * @param authzID the authorization ID. + */ + public AuthorizeCallback(String authnID, String authzID) + { + super(); + + this.authenticationID = authnID; + this.authorizationID = authzID; + } + + // Class methods + // ------------------------------------------------------------------------- + + // Instance methods + // ------------------------------------------------------------------------- + + /** + * Returns the authentication ID to check. + * + * @return the authentication ID to check + */ + public String getAuthenticationID() + { + return authenticationID; + } + + /** + * Returns the authorization ID to check. + * + * @return the authorization ID to check. + */ + public String getAuthorizationID() + { + return authorizationID; + } + + /** + * Determines if the identity represented by authentication ID is allowed to + * act on behalf of the authorization ID. + * + * @return true if authorization is allowed; false + * otherwise. + * @see #setAuthorized(boolean) + * @see #getAuthorizedID() + */ + public boolean isAuthorized() + { + return authorized; + } + + /** + * Sets if authorization is allowed or not. + * + * @param authorized true if authorization is allowed; + * false otherwise. + * @see #isAuthorized() + * @see #setAuthorizedID(String) + */ + public void setAuthorized(boolean authorized) + { + this.authorized = authorized; + } + + /** + * Returns the ID of the authorized user. + * + * @return the ID of the authorized user. null means the + * authorization failed. + * @see #setAuthorized(boolean) + * @see #setAuthorizedID(String) + */ + public String getAuthorizedID() + { + if (!authorized) + { + return null; + } + return (authorizedID != null ? authorizedID : authorizationID); + } + + /** + * Sets the ID of the authorized entity. Called by handler only when the ID + * is different from {@link #getAuthorizationID()}. For example, the ID might + * need to be canonicalized for the environment in which it will be used. + * + * @see #setAuthorized(boolean) + * @see #getAuthorizedID() + */ + public void setAuthorizedID(String id) + { + this.authorizedID = id; + } +} diff --git a/libjava/classpath/javax/security/sasl/RealmCallback.java b/libjava/classpath/javax/security/sasl/RealmCallback.java new file mode 100644 index 000000000..7cb36433f --- /dev/null +++ b/libjava/classpath/javax/security/sasl/RealmCallback.java @@ -0,0 +1,77 @@ +/* RealmCallback.java -- + Copyright (C) 2003, 2004, 2005 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.security.sasl; + +import javax.security.auth.callback.TextInputCallback; + +/** + * This callback is used by {@link SaslClient} and {@link SaslServer} to + * retrieve realm information. + * + * @since 1.5 + */ +public class RealmCallback extends TextInputCallback +{ + + /** + * Constructs a RealmCallback with a prompt. + * + * @param prompt the non-null prompt to use to request the realm information. + * @throws IllegalArgumentException if prompt is null + * or empty. + */ + public RealmCallback(String prompt) + { + super(prompt); + } + + /** + * Constructs a RealmCallback with a prompt and default realm + * information. + * + * @param prompt the non-null prompt to use to request the realm information. + * @param defaultRealmInfo the non-null default realm information to use. + * @throws IllegalArgumentException if prompt is null + * or empty, or if defaultRealm is empty or null. + */ + public RealmCallback(String prompt, String defaultRealmInfo) + { + super(prompt, defaultRealmInfo); + } +} diff --git a/libjava/classpath/javax/security/sasl/RealmChoiceCallback.java b/libjava/classpath/javax/security/sasl/RealmChoiceCallback.java new file mode 100644 index 000000000..7068a504b --- /dev/null +++ b/libjava/classpath/javax/security/sasl/RealmChoiceCallback.java @@ -0,0 +1,73 @@ +/* RealmChoiceCallback.java -- + Copyright (C) 2003, 2004, 2005 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.security.sasl; + +import javax.security.auth.callback.ChoiceCallback; + +/** + * This callback is used by {@link SaslClient} and {@link SaslServer} to obtain + * a realm given a list of realm choices. + * + * @since 1.5 + */ +public class RealmChoiceCallback extends ChoiceCallback +{ + + /** + * Constructs a RealmChoiceCallback with a prompt, a list of + * choices and a default choice. + * + * @param prompt the non-null prompt to use to request the realm. + * @param choices the non-null list of realms to choose from. + * @param defaultChoice the choice to be used as the default when the list of + * choices is displayed. It is an index into the choices array. + * @param multiple true if multiple choices allowed; + * false otherwise. + * @throws IllegalArgumentException if prompt is null + * or empty, if choices has a length of 0, if any + * element from choices is null or empty, or if + * defaultChoice does not fall within the array boundary of + * choices. + */ + public RealmChoiceCallback(String prompt, String[] choices, int defaultChoice, + boolean multiple) + { + super(prompt, choices, defaultChoice, multiple); + } +} diff --git a/libjava/classpath/javax/security/sasl/Sasl.java b/libjava/classpath/javax/security/sasl/Sasl.java new file mode 100644 index 000000000..402ad6ede --- /dev/null +++ b/libjava/classpath/javax/security/sasl/Sasl.java @@ -0,0 +1,694 @@ +/* Sasl.java -- + Copyright (C) 2003, 2004, 2005 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.security.sasl; + +import java.security.Provider; +import java.security.Security; +import java.util.Enumeration; +import java.util.HashSet; +import java.util.Iterator; +import java.util.Map; +import java.util.Vector; + +import javax.security.auth.callback.CallbackHandler; + +/** + *

A static class for creating SASL clients and servers.

+ * + *

This class defines the policy of how to locate, load, and instantiate SASL + * clients and servers.

+ * + *

For example, an application or library gets a SASL client instance by + * doing something like:

+ * + *
+ *SaslClient sc =
+ *      Sasl.createSaslClient(mechanisms, authorizationID, protocol,
+ *                            serverName, props, callbackHandler);
+ * 
+ * + *

It can then proceed to use the instance to create an authenticated + * connection.

+ * + *

Similarly, a server gets a SASL server instance by using code that looks + * as follows:

+ * + *
+ *SaslServer ss =
+ *      Sasl.createSaslServer(mechanism, protocol, serverName, props,
+ *                            callbackHandler);
+ * 
+ * + * @since 1.5 + */ +public class Sasl +{ + + // Constants and variables + // ------------------------------------------------------------------------- + + /** + *

The name of a property that specifies the quality-of-protection to use. + * The property contains a comma-separated, ordered list of quality-of- + * protection values that the client or server is willing to support. A qop + * value is one of:

+ * + *
    + *
  • "auth" - authentication only,
  • + *
  • "auth-int" - authentication plus integrity + * protection,
  • + *
  • "auth-conf" - authentication plus integrity and + * confidentiality protection.
  • + *
+ * + *

The order of the list specifies the preference order of the client or + * server.

+ * + *

If this property is absent, the default qop is "auth".

+ * + *

The value of this constant is "javax.security.sasl.qop".

+ */ + public static final String QOP = "javax.security.sasl.qop"; + + /** + *

The name of a property that specifies the cipher strength to use. The + * property contains a comma-separated, ordered list of cipher strength + * values that the client or server is willing to support. A strength value + * is one of:

+ * + *
    + *
  • "low",
  • + *
  • "medium",
  • + *
  • "high".
  • + *
+ * + *

The order of the list specifies the preference order of the client or + * server. An implementation should allow configuration of the meaning of + * these values. An application may use the Java Cryptography Extension (JCE) + * with JCE-aware mechanisms to control the selection of cipher suites that + * match the strength values.

+ * + *

If this property is absent, the default strength is + * "high,medium,low".

+ * + *

The value of this constant is "javax.security.sasl.strength". + *

+ */ + public static final String STRENGTH = "javax.security.sasl.strength"; + + /** + *

The name of a property that specifies whether the server must authenticate + * to the client. The property contains "true" if the server + * must authenticate the to client; "false" otherwise. The + * default is "false".

+ * + *

The value of this constant is + * "javax.security.sasl.server.authentication".

+ */ + public static final String SERVER_AUTH = "javax.security.sasl.server.authentication"; + + /** + *

The name of a property that specifies the maximum size of the receive + * buffer in bytes of {@link SaslClient}/{@link SaslServer}. The property + * contains the string representation of an integer.

+ * + *

If this property is absent, the default size is defined by the + * mechanism.

+ * + *

The value of this constant is "javax.security.sasl.maxbuffer". + *

+ */ + public static final String MAX_BUFFER = "javax.security.sasl.maxbuffer"; + + /** + *

The name of a property that specifies the maximum size of the raw send + * buffer in bytes of {@link SaslClient}/{@link SaslServer}. The property + * contains the string representation of an integer. The value of this + * property is negotiated between the client and server during the + * authentication exchange.

+ * + *

The value of this constant is "javax.security.sasl.rawsendsize". + *

+ */ + public static final String RAW_SEND_SIZE = "javax.security.sasl.rawsendsize"; + + /** + *

The name of a property that specifies whether mechanisms susceptible + * to simple plain passive attacks (e.g., "PLAIN") are not permitted. The + * property contains "true" if such mechanisms are not + * permitted; "false" if such mechanisms are permitted. The + * default is "false".

+ * + *

The value of this constant is "javax.security.sasl.policy.noplaintext". + *

+ */ + public static final String POLICY_NOPLAINTEXT = "javax.security.sasl.policy.noplaintext"; + + /** + *

The name of a property that specifies whether mechanisms susceptible to + * active (non-dictionary) attacks are not permitted. The property contains + * "true" if mechanisms susceptible to active attacks are not + * permitted; "false" if such mechanisms are permitted. The + * default is "false".

+ * + *

The value of this constant is "javax.security.sasl.policy.noactive". + *

+ */ + public static final String POLICY_NOACTIVE = "javax.security.sasl.policy.noactive"; + + /** + *

The name of a property that specifies whether mechanisms susceptible to + * passive dictionary attacks are not permitted. The property contains + * "true" if mechanisms susceptible to dictionary attacks are + * not permitted; "false" if such mechanisms are permitted. The + * default is "false".

+ * + *

The value of this constant is "javax.security.sasl.policy.nodictionary". + *

+ */ + public static final String POLICY_NODICTIONARY = "javax.security.sasl.policy.nodictionary"; + + /** + *

The name of a property that specifies whether mechanisms that accept + * anonymous login are not permitted. The property contains "true" + * if mechanisms that accept anonymous login are not permitted; "false" + * if such mechanisms are permitted. The default is "false". + *

+ * + *

The value of this constant is "javax.security.sasl.policy.noanonymous". + *

+ */ + public static final String POLICY_NOANONYMOUS = "javax.security.sasl.policy.noanonymous"; + + /** + * The name of a property that specifies whether mechanisms that implement + * forward secrecy between sessions are required. Forward secrecy means that + * breaking into one session will not automatically provide information for + * breaking into future sessions. The property contains "true" + * if mechanisms that implement forward secrecy between sessions are + * required; "false" if such mechanisms are not required. The + * default is "false". + * + *

The value of this constant is "javax.security.sasl.policy.forward". + *

+ */ + public static final String POLICY_FORWARD_SECRECY = "javax.security.sasl.policy.forward"; + + /** + * The name of a property that specifies whether mechanisms that pass client + * credentials are required. The property contains "true" if + * mechanisms that pass client credentials are required; "false" + * if such mechanisms are not required. The default is "false". + * + *

The value of this constant is "javax.security.sasl.policy.credentials". + *

+ */ + public static final String POLICY_PASS_CREDENTIALS = "javax.security.sasl.policy.credentials"; + + /** + *

The name of a property that specifies whether to reuse previously + * authenticated session information. The property contains "true" + * if the mechanism implementation may attempt to reuse previously + * authenticated session information; it contains "false" if the + * implementation must not reuse previously authenticated session information. + * A setting of "true" serves only as a hint; it does not + * necessarily entail actual reuse because reuse might not be possible due to + * a number of reasons, including, but not limited to, lack of mechanism + * support for reuse, expiration of reusable information, and the peer's + * refusal to support reuse. The property's default value is "false". + *

+ * + *

The value of this constant is "javax.security.sasl.reuse". + * Note that all other parameters and properties required to create a SASL + * client/server instance must be provided regardless of whether this + * property has been supplied. That is, you cannot supply any less + * information in anticipation of reuse. Mechanism implementations that + * support reuse might allow customization of its implementation for factors + * such as cache size, timeouts, and criteria for reuseability. Such + * customizations are implementation-dependent.

+ */ + public static final String REUSE = "javax.security.sasl.reuse"; + + private static final String CLIENT_FACTORY_SVC = "SaslClientFactory."; + private static final String SERVER_FACTORY_SVC = "SaslServerFactory."; + private static final String ALIAS = "Alg.Alias."; + + // Constructor(s) + // ------------------------------------------------------------------------- + + private Sasl() + { + super(); + } + + // Class methods + // ------------------------------------------------------------------------- + + /** + * Creates a {@link SaslClient} for the specified mechanism. + * + *

This method uses the JCA Security Provider Framework, described in the + * "Java Cryptography Architecture API Specification & Reference", for + * locating and selecting a {@link SaslClient} implementation.

+ * + *

First, it obtains an ordered list of {@link SaslClientFactory} + * instances from the registered security providers for the + * "SaslClientFactory" service and the specified mechanism. It + * then invokes createSaslClient() on each factory instance on + * the list until one produces a non-null {@link SaslClient} instance. It + * returns the non-null {@link SaslClient} instance, or null if + * the search fails to produce a non-null {@link SaslClient} instance.

+ * + *

A security provider for SaslClientFactory registers with + * the JCA Security Provider Framework keys of the form:

+ * + *
+   *    SaslClientFactory.mechanism_name
+   * 
+ * + *

and values that are class names of implementations of {@link + * SaslClientFactory}.

+ * + *

For example, a provider that contains a factory class, + * com.wiz.sasl.digest.ClientFactory, that supports the + * "DIGEST-MD5" mechanism would register the following entry + * with the JCA:

+ * + *
+   *    SaslClientFactory.DIGEST-MD5     com.wiz.sasl.digest.ClientFactory
+   * 
+ * + *

See the "Java Cryptography Architecture API Specification & + * Reference" for information about how to install and configure security + * service providers.

+ * + * @param mechanisms the non-null list of mechanism names to try. Each is the + * IANA-registered name of a SASL mechanism. (e.g. "GSSAPI", "CRAM-MD5"). + * @param authorizationID the possibly null protocol-dependent + * identification to be used for authorization. If null or + * empty, the server derives an authorization ID from the client's + * authentication credentials. When the SASL authentication completes + * successfully, the specified entity is granted access. + * @param protocol the non-null string name of the protocol for which the + * authentication is being performed (e.g. "ldap"). + * @param serverName the non-null fully-qualified host name of the server to + * authenticate to. + * @param props the possibly null set of properties used to select the SASL + * mechanism and to configure the authentication exchange of the selected + * mechanism. For example, if props contains the {@link Sasl#POLICY_NOPLAINTEXT} + * property with the value "true", then the selected SASL + * mechanism must not be susceptible to simple plain passive attacks. In + * addition to the standard properties declared in this class, other, + * possibly mechanism-specific, properties can be included. Properties not + * relevant to the selected mechanism are ignored. + * @param cbh the possibly null callback handler to used by the + * SASL mechanisms to get further information from the application/library to + * complete the authentication. For example, a SASL mechanism might require + * the authentication ID, password and realm from the caller. The + * authentication ID is requested by using a + * {@link javax.security.auth.callback.NameCallback}. The password is + * requested by using a {@link javax.security.auth.callback.PasswordCallback}. + * The realm is requested by using a {@link RealmChoiceCallback} if there is + * a list of realms to choose from, and by using a {@link RealmCallback} if + * the realm must be entered. + * @return a possibly null {@link SaslClient} created using the + * parameters supplied. If null, the method could not find a + * {@link SaslClientFactory} that will produce one. + * @throws SaslException if a {@link SaslClient} cannot be created because + * of an error. + */ + public static SaslClient createSaslClient(String[] mechanisms, + String authorizationID, + String protocol, + String serverName, + Map props, + CallbackHandler cbh) + throws SaslException + { + if (mechanisms == null) + { + return null; + } + Provider[] providers = Security.getProviders(); + if (providers == null || providers.length == 0) + { + return null; + } + + SaslClient result = null; + SaslClientFactory factory = null; + String m, clazz = null, upper, alias; + int j; + Provider p; + for (int i = 0; i < mechanisms.length; i++) + { + m = mechanisms[i]; + if (m == null) + continue; + for (j = 0; j < providers.length; j++) + { + p = providers[j]; + if (p != null) + { + // try the name as is + clazz = p.getProperty(CLIENT_FACTORY_SVC + m); + if (clazz == null) // try all uppercase + { + upper = m.toUpperCase(); + clazz = p.getProperty(CLIENT_FACTORY_SVC + upper); + if (clazz == null) // try if it's an alias + { + alias = p.getProperty(ALIAS + CLIENT_FACTORY_SVC + m); + if (alias == null) // try all-uppercase alias name + { + alias = p.getProperty(ALIAS + CLIENT_FACTORY_SVC + upper); + if (alias == null) // spit the dummy + continue; + } + clazz = p.getProperty(CLIENT_FACTORY_SVC + alias); + } + } + if (clazz == null) + continue; + else + clazz = clazz.trim(); + } + + try + { + result = null; + factory = (SaslClientFactory) Class.forName(clazz).newInstance(); + result = factory.createSaslClient(mechanisms, authorizationID, + protocol, serverName, props, cbh); + } + catch (ClassCastException ignored) // ignore instantiation exceptions + { + } + catch (ClassNotFoundException ignored) + { + } + catch (InstantiationException ignored) + { + } + catch (IllegalAccessException ignored) + { + } + if (result != null) + return result; + } + } + return null; + } + + /** + * Gets an enumeration of known factories for producing a {@link SaslClient} + * instance. This method uses the same sources for locating factories as + * createSaslClient(). + * + * @return a non-null {@link Enumeration} of known factories for producing a + * {@link SaslClient} instance. + * @see #createSaslClient(String[],String,String,String,Map,CallbackHandler) + */ + public static Enumeration getSaslClientFactories() + { + Vector result = new Vector(); + HashSet names = new HashSet(); + Provider[] providers = Security.getProviders(); + Iterator it; + if (providers != null) + { + Provider p; + String key; + for (int i = 0; i < providers.length; i++) + { + p = providers[i]; + for (it = p.keySet().iterator(); it.hasNext(); ) + { + key = (String) it.next(); + // add key's binding (a) it is a class of a client factory, + // and (b) the key does not include blanks + if (key.startsWith(CLIENT_FACTORY_SVC) && key.indexOf(" ") == -1) + { + names.add(p.getProperty(key)); + break; + } + } + } + } + // we have the factory class names in names; instantiate and enumerate + String c; + for (it = names.iterator(); it.hasNext(); ) + { + c = (String) it.next(); + try + { + SaslClientFactory f = (SaslClientFactory) Class.forName(c).newInstance(); + if (f != null) + result.add(f); + } catch (ClassCastException ignored) { // ignore instantiation exceptions + } catch (ClassNotFoundException ignored) { + } catch (InstantiationException ignored) { + } catch (IllegalAccessException ignored) { + } + } + + return result.elements(); + } + + /** + * Creates a {@link SaslServer} for the specified mechanism. + * + *

This method uses the JCA Security Provider Framework, described in the + * "Java Cryptography Architecture API Specification & Reference", for + * locating and selecting a SaslServer implementation.

+ * + *

First, it obtains an ordered list of {@link SaslServerFactory} + * instances from the registered security providers for the + * "SaslServerFactory" service and the specified mechanism. It + * then invokes createSaslServer() on each factory instance on + * the list until one produces a non-null {@link SaslServer} instance. It + * returns the non-null {@link SaslServer} instance, or null if + * the search fails to produce a non-null {@link SaslServer} instance.

+ * + *

A security provider for {@link SaslServerFactory} registers with the + * JCA Security Provider Framework keys of the form:

+ * + *
+   *    SaslServerFactory.mechanism_name
+   * 
+ * + *

and values that are class names of implementations of {@link + * SaslServerFactory}.

+ * + *

For example, a provider that contains a factory class, + * com.wiz.sasl.digest.ServerFactory, that supports the + * "DIGEST-MD5" mechanism would register the following entry + * with the JCA:

+ * + *
+   *    SaslServerFactory.DIGEST-MD5     com.wiz.sasl.digest.ServerFactory
+   * 
+ * + *

See the "Java Cryptography Architecture API Specification & + * Reference" for information about how to install and configure security + * service providers.

+ * + * @param mechanism the non-null mechanism name. It must be an + * IANA-registered name of a SASL mechanism. (e.g. "GSSAPI", "CRAM-MD5"). + * @param protocol the non-null string name of the protocol for which the + * authentication is being performed (e.g. "ldap"). + * @param serverName the non-null fully qualified host name of the server. + * @param props the possibly null set of properties used to + * select the SASL mechanism and to configure the authentication exchange of + * the selected mechanism. For example, if props contains the {@link + * Sasl#POLICY_NOPLAINTEXT} property with the value "true", then + * the selected SASL mechanism must not be susceptible to simple plain + * passive attacks. In addition to the standard properties declared in this + * class, other, possibly mechanism-specific, properties can be included. + * Properties not relevant to the selected mechanism are ignored. + * @param cbh the possibly null callback handler to used by the + * SASL mechanisms to get further information from the application/library to + * complete the authentication. For example, a SASL mechanism might require + * the authentication ID, password and realm from the caller. The + * authentication ID is requested by using a + * {@link javax.security.auth.callback.NameCallback}. The password is + * requested by using a {@link javax.security.auth.callback.PasswordCallback}. + * The realm is requested by using a {@link RealmChoiceCallback} if there is + * a list of realms to choose from, and by using a {@link RealmCallback} if + * the realm must be entered. + * @return a possibly null {@link SaslServer} created using the + * parameters supplied. If null, the method cannot find a + * {@link SaslServerFactory} instance that will produce one. + * @throws SaslException if a {@link SaslServer} instance cannot be created + * because of an error. + */ + public static SaslServer createSaslServer(String mechanism, String protocol, + String serverName, + Map props, + CallbackHandler cbh) + throws SaslException + { + if (mechanism == null) + return null; + Provider[] providers = Security.getProviders(); + if (providers == null || providers.length == 0) + return null; + + SaslServer result = null; + SaslServerFactory factory = null; + String clazz = null, upper, alias = null; + int j; + Provider p; + for (j = 0; j < providers.length; j++) + { + p = providers[j]; + if (p != null) + { + // try the name as is + clazz = p.getProperty(SERVER_FACTORY_SVC + mechanism); + if (clazz == null) // try all uppercase + { + upper = mechanism.toUpperCase(); + clazz = p.getProperty(SERVER_FACTORY_SVC + upper); + if (clazz == null) // try if it's an alias + { + alias = p.getProperty(ALIAS + SERVER_FACTORY_SVC + mechanism); + if (alias == null) // try all-uppercase alias name + { + alias = p.getProperty(ALIAS + SERVER_FACTORY_SVC + upper); + if (alias == null) // spit the dummy + continue; + } + } + clazz = p.getProperty(SERVER_FACTORY_SVC + alias); + } + } + if (clazz == null) + continue; + else + clazz = clazz.trim(); + + try + { + result = null; + factory = (SaslServerFactory) Class.forName(clazz).newInstance(); + result = + factory.createSaslServer(mechanism, protocol, serverName, props, cbh); + } + catch (ClassCastException ignored) // ignore instantiation exceptions + { + } + catch (ClassNotFoundException ignored) + { + } + catch (InstantiationException ignored) + { + } + catch (IllegalAccessException ignored) + { + } + if (result != null) + return result; + } + return null; + } + + /** + * Gets an enumeration of known factories for producing a {@link SaslServer} + * instance. This method uses the same sources for locating factories as + * createSaslServer(). + * + * @return a non-null {@link Enumeration} of known factories for producing a + * {@link SaslServer} instance. + * @see #createSaslServer(String,String,String,Map,CallbackHandler) + */ + public static Enumeration getSaslServerFactories() + { + Vector result = new Vector(); + HashSet names = new HashSet(); + Provider[] providers = Security.getProviders(); + Iterator it; + if (providers != null) + { + Provider p; + String key; + for (int i = 0; i < providers.length; i++) + { + p = providers[i]; + for (it = p.keySet().iterator(); it.hasNext(); ) + { + key = (String) it.next(); + // add key's binding (a) it is a class of a server factory, + // and (b) the key does not include blanks + if (key.startsWith(SERVER_FACTORY_SVC) && key.indexOf(" ") == -1) + { + names.add(p.getProperty(key)); + break; + } + } + } + } + // we have the factory class names in names; instantiate and enumerate + String c; + for (it = names.iterator(); it.hasNext(); ) + { + c = (String) it.next(); + try + { + SaslServerFactory f = (SaslServerFactory) Class.forName(c).newInstance(); + if (f != null) + result.add(f); + } + catch (ClassCastException ignored) // ignore instantiation exceptions + { + } + catch (ClassNotFoundException ignored) + { + } + catch (InstantiationException ignored) + { + } + catch (IllegalAccessException ignored) + { + } + } + + return result.elements(); + } +} diff --git a/libjava/classpath/javax/security/sasl/SaslClient.java b/libjava/classpath/javax/security/sasl/SaslClient.java new file mode 100644 index 000000000..58eb5e298 --- /dev/null +++ b/libjava/classpath/javax/security/sasl/SaslClient.java @@ -0,0 +1,232 @@ +/* SaslClient.java -- + Copyright (C) 2003, 2004, 2005 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.security.sasl; + +/** + *

Performs SASL authentication as a client.

+ * + *

A protocol library such as one for LDAP gets an instance of this class in + * order to perform authentication defined by a specific SASL mechanism. + * Invoking methods on the SaslClient instance process challenges + * and create responses according to the SASL mechanism implemented by the + * SaslClient. As the authentication proceeds, the instance + * encapsulates the state of a SASL client's authentication exchange.

+ * + *

Here's an example of how an LDAP library might use a SaslClient. + * It first gets an instance of a SaslClient:

+ *
+ *SaslClient sc =
+ *      Sasl.createSaslClient(mechanisms, authorizationID, protocol,
+ *                            serverName, props, callbackHandler);
+ * 
+ * + *

It can then proceed to use the client for authentication. For example, an + * LDAP library might use the client as follows:

+ *
+ * // Get initial response and send to server
+ *byte[] response = sc.hasInitialResponse()
+ *      ? sc.evaluateChallenge(new byte[0]) : null;
+ *LdapResult res = ldap.sendBindRequest(dn, sc.getName(), response);
+ *while (!sc.isComplete()
+ *       && ((res.status == SASL_BIND_IN_PROGRESS) || (res.status == SUCCESS))) {
+ *   response = sc.evaluateChallenge( res.getBytes() );
+ *   if (res.status == SUCCESS) {
+ *      // we're done; don't expect to send another BIND
+ *      if ( response != null ) {
+ *         throw new SaslException(
+ *               "Protocol error: attempting to send response after completion");
+ *      }
+ *      break;
+ *   }
+ *   res = ldap.sendBindRequest(dn, sc.getName(), response);
+ *}
+ *if (sc.isComplete() && (res.status == SUCCESS) ) {
+ *   String qop = (String)sc.getNegotiatedProperty(Sasl.QOP);
+ *   if ((qop != null)
+ *         && (qop.equalsIgnoreCase("auth-int")
+ *            || qop.equalsIgnoreCase("auth-conf"))) {
+ *      // Use SaslClient.wrap() and SaslClient.unwrap() for future
+ *      // communication with server
+ *      ldap.in = new SecureInputStream(sc, ldap.in);
+ *      ldap.out = new SecureOutputStream(sc, ldap.out);
+ *   }
+ *}
+ * 
+ * + *

If the mechanism has an initial response, the library invokes + * {@link #evaluateChallenge(byte[])} with an empty challenge to get the initial + * response. Protocols such as IMAP4, which do not include an initial response + * with their first authentication command to the server, initiate the + * authentication without first calling {@link #hasInitialResponse()} or + * {@link #evaluateChallenge(byte[])}. When the server responds to the command, + * it sends an initial challenge. For a SASL mechanism in which the client sends + * data first, the server should have issued a challenge with no data. This will + * then result in a call (on the client) to {@link #evaluateChallenge(byte[])} + * with an empty challenge.

+ * + * @see Sasl + * @see SaslClientFactory + * + * @since 1.5 + */ +public interface SaslClient +{ + + /** + * Returns the IANA-registered mechanism name of this SASL client. (e.g. + * "CRAM-MD5", "GSSAPI"). + * + * @return a non-null string representing the IANA-registered mechanism name. + */ + String getMechanismName(); + + /** + * Determines if this mechanism has an optional initial response. If + * true, caller should call {@link #evaluateChallenge(byte[])} + * with an empty array to get the initial response. + * + * @return true if this mechanism has an initial response. + */ + boolean hasInitialResponse(); + + /** + * Evaluates the challenge data and generates a response. If a challenge is + * received from the server during the authentication process, this method is + * called to prepare an appropriate next response to submit to the server. + * + * @param challenge the non-null challenge sent from the server. The + * challenge array may have zero length. + * @return the possibly null reponse to send to the server. It + * is null if the challenge accompanied a "SUCCESS" status and + * the challenge only contains data for the client to update its state and no + * response needs to be sent to the server. The response is a zero-length + * byte array if the client is to send a response with no data. + * @throws SaslException if an error occurred while processing the challenge + * or generating a response. + */ + byte[] evaluateChallenge(byte[] challenge) throws SaslException; + + /** + * Determines if the authentication exchange has completed. This method may + * be called at any time, but typically, it will not be called until the + * caller has received indication from the server (in a protocol-specific + * manner) that the exchange has completed. + * + * @return true if the authentication exchange has completed; + * false otherwise. + */ + boolean isComplete(); + + /** + *

Unwraps a byte array received from the server. This method can be + * called only after the authentication exchange has completed (i.e., when + * {@link #isComplete()} returns true) and only if the + * authentication exchange has negotiated integrity and/or privacy as the + * quality of protection; otherwise, an {@link IllegalStateException} is + * thrown.

+ * + *

incoming is the contents of the SASL buffer as defined in + * RFC 2222 without the leading four octet field that represents the length. + * offset and len specify the portion of incoming + * to use.

+ * + * @param incoming a non-null byte array containing the encoded bytes from + * the server. + * @param offset the starting position at incoming of the bytes + * to use. + * @param len the number of bytes from incoming to use. + * @return a non-null byte array containing the decoded bytes. + * @throws SaslException if incoming cannot be successfully + * unwrapped. + * @throws IllegalStateException if the authentication exchange has not + * completed, or if the negotiated quality of protection has neither + * integrity nor privacy. + */ + byte[] unwrap(byte[] incoming, int offset, int len) throws SaslException; + + /** + *

Wraps a byte array to be sent to the server. This method can be called + * only after the authentication exchange has completed (i.e., when + * {@link #isComplete()} returns true) and only if the + * authentication exchange has negotiated integrity and/or privacy as the + * quality of protection; otherwise, an {@link IllegalStateException} is + * thrown.

+ * + *

The result of this method will make up the contents of the SASL buffer + * as defined in RFC 2222 without the leading four octet field that + * represents the length. offset and len specify + * the portion of outgoing to use.

+ * + * @param outgoing a non-null byte array containing the bytes to encode. + * @param offset the starting position at outgoing of the bytes + * to use. + * @param len the number of bytes from outgoing to use. + * @return a non-null byte array containing the encoded bytes. + * @throws SaslException if outgoing cannot be successfully + * wrapped. + * @throws IllegalStateException if the authentication exchange has not + * completed, or if the negotiated quality of protection has neither + * integrity nor privacy. + */ + byte[] wrap(byte[] outgoing, int offset, int len) throws SaslException; + + /** + * Retrieves the negotiated property. This method can be called only after + * the authentication exchange has completed (i.e., when {@link #isComplete()} + * returns true); otherwise, an {@link IllegalStateException} is + * thrown. + * + * @param propName the non-null property name. + * @return the value of the negotiated property. If null, the + * property was not negotiated or is not applicable to this mechanism. + * @throws IllegalStateException if this authentication exchange has not + * completed. + */ + Object getNegotiatedProperty(String propName); + + /** + * Disposes of any system resources or security-sensitive information the + * SaslClient might be using. Invoking this method invalidates + * the SaslClient instance. This method is idempotent. + * + * @throws SaslException if a problem was encountered while disposing of the + * resources. + */ + void dispose() throws SaslException; +} diff --git a/libjava/classpath/javax/security/sasl/SaslClientFactory.java b/libjava/classpath/javax/security/sasl/SaslClientFactory.java new file mode 100644 index 000000000..be80fd9f1 --- /dev/null +++ b/libjava/classpath/javax/security/sasl/SaslClientFactory.java @@ -0,0 +1,118 @@ +/* SaslClientFactory.java + Copyright (C) 2003, 2005, Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.security.sasl; + +import java.util.Map; + +import javax.security.auth.callback.CallbackHandler; + +/** + *

An interface for creating instances of {@link SaslClient}. A class that + * implements this interface must be thread-safe and handle multiple + * simultaneous requests. It must also have a public constructor that accepts + * no arguments.

+ * + *

This interface is not normally accessed directly by a client, which will + * use the {@link Sasl} static methods to create a client instance instead. + * However, a particular environment may provide and install a new or different + * SaslClientFactory.

+ * + * @see SaslClient + * @see Sasl + * + * @since 1.5 + */ +public interface SaslClientFactory +{ + + /** + * Creates a {@link SaslClient} using the parameters supplied. + * + * @param mechanisms the non-null list of mechanism names to try. Each is the + * IANA-registered name of a SASL mechanism (e.g. "GSSAPI", "CRAM-MD5"). + * @param authorizationID the possibly null protocol-dependent identification + * to be used for authorization. If null or empty, the server + * derives an authorization ID from the client's authentication credentials. + * When the SASL authentication completes successfully, the specified entity + * is granted access. + * @param protocol the non-null string name of the protocol for which the + * authentication is being performed (e.g. "ldap"). + * @param serverName the non-null fully qualified host name of the server to + * authenticate to. + * @param props the possibly null set of properties used to + * select the SASL mechanism and to configure the authentication exchange of + * the selected mechanism. See the {@link Sasl} class for a list of standard + * properties. Other, possibly mechanism-specific, properties can be included. + * Properties not relevant to the selected mechanism are ignored. + * @param cbh the possibly null callback handler to used by the + * SASL mechanisms to get further information from the application/library to + * complete the authentication. For example, a SASL mechanism might require + * the authentication ID, password and realm from the caller. The + * authentication ID is requested by using a + * {@link javax.security.auth.callback.NameCallback}. The password is + * requested by using a {@link javax.security.auth.callback.PasswordCallback}. + * The realm is requested by using a {@link RealmChoiceCallback} if there is + * a list of realms to choose from, and by using a {@link RealmCallback} if + * the realm must be entered. + * @return a possibly null {@link SaslClient} created using the + * parameters supplied. If null, this factory cannot produce a + * {@link SaslClient} using the parameters supplied. + * @throws SaslException if a {@link SaslClient} instance cannot be created + * because of an error. + */ + SaslClient createSaslClient(String[] mechanisms, String authorizationID, + String protocol, String serverName, + Map props, CallbackHandler cbh) + throws SaslException; + + /** + * Returns an array of names of mechanisms that match the specified mechanism + * selection policies. + * + * @param props the possibly null set of properties used to + * specify the security policy of the SASL mechanisms. For example, if props + * contains the {@link Sasl#POLICY_NOPLAINTEXT} property with the value + * "true", then the factory must not return any SASL mechanisms + * that are susceptible to simple plain passive attacks. See the {@link Sasl} + * class for a complete list of policy properties. Non-policy related + * properties, if present in props, are ignored. + * @return a non-null array containing IANA-registered SASL mechanism names. + */ + String[] getMechanismNames(Map props); +} diff --git a/libjava/classpath/javax/security/sasl/SaslException.java b/libjava/classpath/javax/security/sasl/SaslException.java new file mode 100644 index 000000000..f4407e761 --- /dev/null +++ b/libjava/classpath/javax/security/sasl/SaslException.java @@ -0,0 +1,189 @@ +/* SaslException.java + Copyright (C) 2003, 2005, Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.security.sasl; + +import gnu.java.lang.CPStringBuilder; + +import java.io.IOException; +import java.io.PrintStream; +import java.io.PrintWriter; +import java.io.Serializable; + +/** + * This class represents an error that has occurred when using SASL. + * + * @since 1.5 + */ +public class SaslException extends IOException implements Serializable +{ + + // Constants and variables + // ------------------------------------------------------------------------- + + private static final long serialVersionUID = 4579784287983423626L; + + /** + * @serial The possibly null root cause exception. + */ + private Throwable _exception = null; + + // Constructor(s) + // ------------------------------------------------------------------------- + + /** + * Constructs a new instance of SaslException. The root + * exception and the detailed message are null. + */ + public SaslException() + { + super(); + } + + /** + * Constructs a new instance of SaslException with a detailed + * message. The root exception is null. + * + * @param detail a possibly null string containing details of the exception. + * @see Throwable#getMessage() + */ + public SaslException(String detail) + { + super(detail); + } + + /** + * Constructs a new instance of SaslException with a detailed + * message and a root exception. For example, a SaslException + * might result from a problem with the callback handler, which might throw a + * {@link javax.security.auth.callback.UnsupportedCallbackException} if it + * does not support the requested callback, or throw an {@link IOException} + * if it had problems obtaining data for the callback. The + * SaslException's root exception would be then be the exception + * thrown by the callback handler. + * + * @param detail a possibly null string containing details of + * the exception. + * @param ex a possibly null root exception that caused this + * exception. + * @see Throwable#getMessage() + * @see #getCause() + */ + public SaslException(String detail, Throwable ex) + { + super(detail); + _exception = ex; + } + + // Class methods + // ------------------------------------------------------------------------- + + // Instance methods + // ------------------------------------------------------------------------- + + /** + * Returns the cause of this throwable or null if the cause is + * nonexistent or unknown. The cause is the throwable that caused this + * exception to be thrown. + * + * @return the possibly null exception that caused this exception. + */ + public Throwable getCause() + { + return _exception; + } + + /** + * Prints this exception's stack trace to System.err. If this + * exception has a root exception; the stack trace of the root exception is + * also printed to System.err. + */ + public void printStackTrace() + { + super.printStackTrace(); + if (_exception != null) + _exception.printStackTrace(); + } + + /** + * Prints this exception's stack trace to a print stream. If this exception + * has a root exception; the stack trace of the root exception is also + * printed to the print stream. + * + * @param ps the non-null print stream to which to print. + */ + public void printStackTrace(PrintStream ps) + { + super.printStackTrace(ps); + if (_exception != null) + _exception.printStackTrace(ps); + } + + /** + * Prints this exception's stack trace to a print writer. If this exception + * has a root exception; the stack trace of the root exception is also + * printed to the print writer. + * + * @param pw the non-null print writer to use for output. + */ + public void printStackTrace(PrintWriter pw) + { + super.printStackTrace(pw); + if (_exception != null) + _exception.printStackTrace(pw); + } + + /** + * Returns the string representation of this exception. The string + * representation contains this exception's class name, its detailed + * messsage, and if it has a root exception, the string representation of the + * root exception. This string representation is meant for debugging and not + * meant to be interpreted programmatically. + * + * @return the non-null string representation of this exception. + * @see Throwable#getMessage() + */ + public String toString() + { + CPStringBuilder sb = new CPStringBuilder(this.getClass().getName()) + .append(": ").append(super.toString()); + if (_exception != null) + sb.append("; caused by: ").append(_exception.toString()); + return sb.toString(); + } +} diff --git a/libjava/classpath/javax/security/sasl/SaslServer.java b/libjava/classpath/javax/security/sasl/SaslServer.java new file mode 100644 index 000000000..d30b8f6ba --- /dev/null +++ b/libjava/classpath/javax/security/sasl/SaslServer.java @@ -0,0 +1,227 @@ +/* SaslServer.java + Copyright (C) 2003, 2005, Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.security.sasl; + +/** + *

Performs SASL authentication as a server.

+ * + *

A server such as an LDAP server gets an instance of this class in order to + * perform authentication defined by a specific SASL mechanism. Invoking methods + * on the SaslServer instance generates challenges corresponding to + * the SASL mechanism implemented by the SaslServer instance. As + * the authentication proceeds, the instance encapsulates the state of a SASL + * server's authentication exchange.

+ * + *

Here's an example of how an LDAP server might use a SaslServer + * instance. It first gets an instance of a SaslServer for the SASL + * mechanism requested by the client:

+ * + *
+ *SaslServer ss =
+ *      Sasl.createSaslServer(mechanism, "ldap", myFQDN, props, callbackHandler);
+ * 
+ * + *

It can then proceed to use the server for authentication. For example, + * suppose the LDAP server received an LDAP BIND request containing the name of + * the SASL mechanism and an (optional) initial response. It then might use the + * server as follows:

+ * + *
+ *while (!ss.isComplete()) {
+ *   try {
+ *      byte[] challenge = ss.evaluateResponse(response);
+ *      if (ss.isComplete()) {
+ *         status = ldap.sendBindResponse(mechanism, challenge, SUCCESS);
+ *      } else {
+ *         status = ldap.sendBindResponse(mechanism, challenge, SASL_BIND_IN_PROGRESS);
+ *         response = ldap.readBindRequest();
+ *      }
+ *   } catch (SaslException x) {
+ *      status = ldap.sendErrorResponse(x);
+ *      break;
+ *   }
+ *}
+ *if (ss.isComplete() && (status == SUCCESS)) {
+ *   String qop = (String) sc.getNegotiatedProperty(Sasl.QOP);
+ *   if (qop != null
+ *         && (qop.equalsIgnoreCase("auth-int")
+ *            || qop.equalsIgnoreCase("auth-conf"))) {
+ *      // Use SaslServer.wrap() and SaslServer.unwrap() for future
+ *      // communication with client
+ *      ldap.in = new SecureInputStream(ss, ldap.in);
+ *      ldap.out = new SecureOutputStream(ss, ldap.out);
+ *   }
+ *}
+ * 
+ * + * @see Sasl + * @see SaslServerFactory + * + * @since 1.5 + */ +public interface SaslServer +{ + + /** + * Returns the IANA-registered mechanism name of this SASL server (e.g. + * "CRAM-MD5", "GSSAPI"). + * + * @return a non-null string representing the IANA-registered mechanism name. + */ + String getMechanismName(); + + /** + * Evaluates the response data and generates a challenge. If a response is + * received from the client during the authentication process, this method is + * called to prepare an appropriate next challenge to submit to the client. + * The challenge is null if the authentication has succeeded and + * no more challenge data is to be sent to the client. It is non-null if the + * authentication must be continued by sending a challenge to the client, or + * if the authentication has succeeded but challenge data needs to be + * processed by the client. {@link #isComplete()} should be called after each + * call to evaluateResponse(),to determine if any further + * response is needed from the client. + * + * @param response the non-null (but possibly empty) response sent by the + * client. + * @return the possibly null challenge to send to the client. + * It is null if the authentication has succeeded and there is + * no more challenge data to be sent to the client. + * @throws SaslException if an error occurred while processing the response + * or generating a challenge. + */ + byte[] evaluateResponse(byte[] response) throws SaslException; + + /** + * Determines if the authentication exchange has completed. This method is + * typically called after each invocation of {@link #evaluateResponse(byte[])} + * to determine whether the authentication has completed successfully or + * should be continued. + * + * @return true if the authentication exchange has completed; + * false otherwise. + */ + boolean isComplete(); + + /** + * Reports the authorization ID in effect for the client of this session This + * method can only be called if {@link #isComplete()} returns true. + * + * @return the authorization ID of the client. + * @throws IllegalStateException if this authentication session has not + * completed. + */ + String getAuthorizationID(); + + /** + *

Unwraps a byte array received from the client. This method can be called + * only after the authentication exchange has completed (i.e., when + * {@link #isComplete()} returns true) and only if the + * authentication exchange has negotiated integrity and/or privacy as the + * quality of protection; otherwise, an {@link IllegalStateException} is + * thrown.

+ * + *

incoming is the contents of the SASL buffer as defined in + * RFC 2222 without the leading four octet field that represents the length. + * offset and len specify the portion of incoming + * to use.

+ * + * @param incoming a non-null byte array containing the encoded bytes from + * the client. + * @param offset the starting position at incoming of the bytes + * to use. + * @param len the number of bytes from incoming to use. + * @return a non-null byte array containing the decoded bytes. + * @throws SaslException if incoming cannot be successfully + * unwrapped. + * @throws IllegalStateException if the authentication exchange has not + * completed, or if the negotiated quality of protection has neither + * integrity nor privacy. + */ + byte[] unwrap(byte[] incoming, int offset, int len) throws SaslException; + + /** + *

Wraps a byte array to be sent to the client. This method can be called + * only after the authentication exchange has completed (i.e., when + * {@link #isComplete()} returns true) and only if the + * authentication exchange has negotiated integrity and/or privacy as the + * quality of protection; otherwise, an {@link IllegalStateException} is + * thrown.

+ * + *

The result of this method will make up the contents of the SASL buffer + * as defined in RFC 2222 without the leading four octet field that + * represents the length. offset and len specify + * the portion of outgoing to use. + * + * @param outgoing a non-null byte array containing the bytes to encode. + * @param offset the starting position at outgoing of the bytes + * to use. + * @param len the number of bytes from outgoing to use. + * @return a non-null byte array containing the encoded bytes. + * @throws SaslException if outgoing cannot be successfully + * wrapped. + * @throws IllegalStateException if the authentication exchange has not + * completed, or if the negotiated quality of protection has neither + * integrity nor privacy. + */ + byte[] wrap(byte[] outgoing, int offset, int len) throws SaslException; + + /** + * Retrieves the negotiated property. This method can be called only after + * the authentication exchange has completed (i.e., when + * {@link #isComplete()} returns true); otherwise, an + * {@link IllegalStateException} is thrown. + * + * @return the value of the negotiated property. If null, the + * property was not negotiated or is not applicable to this mechanism. + * @throws IllegalStateException if this authentication exchange has not + * completed. + */ + Object getNegotiatedProperty(String propName); + + /** + * Disposes of any system resources or security-sensitive information the + * SaslServer might be using. Invoking this method invalidates + * the SaslServer instance. This method is idempotent. + * + * @throws SaslException if a problem was encountered while disposing of the + * resources. + */ + void dispose() throws SaslException; +} diff --git a/libjava/classpath/javax/security/sasl/SaslServerFactory.java b/libjava/classpath/javax/security/sasl/SaslServerFactory.java new file mode 100644 index 000000000..b51ce3dba --- /dev/null +++ b/libjava/classpath/javax/security/sasl/SaslServerFactory.java @@ -0,0 +1,116 @@ +/* SaslServerFactory.java + Copyright (C) 2003, 2005, Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.security.sasl; + +import java.util.Map; + +import javax.security.auth.callback.CallbackHandler; + +/** + *

An interface for creating instances of {@link SaslServer}. A class that + * implements this interface must be thread-safe and handle multiple + * simultaneous requests. It must also have a public constructor that accepts + * no arguments.

+ * + *

This interface is not normally accessed directly by a server, which will + * use the {@link Sasl} static methods to create a {@link SaslServer} instance + * instead. However, a particular environment may provide and install a new or + * different SaslServerFactory.

+ * + * @see SaslServer + * @see Sasl + * + * @since 1.5 + */ +public interface SaslServerFactory +{ + + /** + * Creates a {@link SaslServer} instance using the parameters supplied. It + * returns null if no {@link SaslServer} instance can be created + * using the parameters supplied. Throws {@link SaslException} if it cannot + * create a {@link SaslServer} because of an error. + * + * @param mechanism the non-null IANA-registered name of a SASL mechanism + * (e.g. "GSSAPI", "CRAM-MD5"). + * @param protocol the non-null string name of the protocol for which the + * authentication is being performed (e.g. "ldap"). + * @param serverName the non-null fully qualified host name of the server to + * authenticate to. + * @param props the possibly null set of properties used to select the SASL + * mechanism and to configure the authentication exchange of the selected + * mechanism. See the {@link Sasl} class for a list of standard properties. + * Other, possibly mechanism-specific, properties can be included. Properties + * not relevant to the selected mechanism are ignored. + * @param cbh the possibly null callback handler to used by the SASL + * mechanisms to get further information from the application/library to + * complete the authentication. For example, a SASL mechanism might require + * the authentication ID, password and realm from the caller. The + * authentication ID is requested by using a + * {@link javax.security.auth.callback.NameCallback}. The password is + * requested by using a {@link javax.security.auth.callback.PasswordCallback}. + * The realm is requested by using a {@link RealmChoiceCallback} if there is + * a list of realms to choose from, and by using a {@link RealmCallback} if + * the realm must be entered. + * @return a possibly null {@link SaslServer} created using the parameters + * supplied. If null is returned, it means that this factory + * cannot produce a {@link SaslServer} using the parameters supplied. + * @throws SaslException if a SaslServer instance cannot be created because + * of an error. + */ + SaslServer createSaslServer(String mechanism, String protocol, + String serverName, Map props, + CallbackHandler cbh) + throws SaslException; + + /** + * Returns an array of names of mechanisms that match the specified mechanism + * selection policies. + * + * @param props the possibly null set of properties used to + * specify the security policy of the SASL mechanisms. For example, if props + * contains the {@link Sasl#POLICY_NOPLAINTEXT} property with the value + * "true", then the factory must not return any SASL mechanisms + * that are susceptible to simple plain passive attacks. See the {@link Sasl} + * class for a complete list of policy properties. Non-policy related + * properties, if present in props, are ignored. + * @return a non-null array containing IANA-registered SASL mechanism names. + */ + String[] getMechanismNames(Map props); +} diff --git a/libjava/classpath/javax/security/sasl/package.html b/libjava/classpath/javax/security/sasl/package.html new file mode 100644 index 000000000..4cde67043 --- /dev/null +++ b/libjava/classpath/javax/security/sasl/package.html @@ -0,0 +1,46 @@ + + + + +GNU Classpath - javax.security.sasl + + +

+ + + -- cgit v1.2.3