0N/A/*
2362N/A * Copyright (c) 1999, 2006, Oracle and/or its affiliates. All rights reserved.
0N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
0N/A *
0N/A * This code is free software; you can redistribute it and/or modify it
0N/A * under the terms of the GNU General Public License version 2 only, as
2362N/A * published by the Free Software Foundation. Oracle designates this
0N/A * particular file as subject to the "Classpath" exception as provided
2362N/A * by Oracle in the LICENSE file that accompanied this code.
0N/A *
0N/A * This code is distributed in the hope that it will be useful, but WITHOUT
0N/A * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
0N/A * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
0N/A * version 2 for more details (a copy is included in the LICENSE file that
0N/A * accompanied this code).
0N/A *
0N/A * You should have received a copy of the GNU General Public License version
0N/A * 2 along with this work; if not, write to the Free Software Foundation,
0N/A * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
0N/A *
2362N/A * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
2362N/A * or visit www.oracle.com if you need additional information or have any
2362N/A * questions.
0N/A */
0N/A
0N/Apackage com.sun.security.sasl;
0N/A
0N/Aimport javax.security.sasl.*;
0N/Aimport com.sun.security.sasl.util.PolicyUtils;
0N/A
0N/Aimport java.util.Map;
0N/Aimport java.io.IOException;
0N/Aimport javax.security.auth.callback.Callback;
0N/Aimport javax.security.auth.callback.CallbackHandler;
0N/Aimport javax.security.auth.callback.NameCallback;
0N/Aimport javax.security.auth.callback.PasswordCallback;
0N/Aimport javax.security.auth.callback.UnsupportedCallbackException;
0N/A
0N/A/**
0N/A * Client factory for EXTERNAL, CRAM-MD5, PLAIN.
0N/A *
0N/A * Requires the following callbacks to be satisfied by callback handler
0N/A * when using CRAM-MD5 or PLAIN.
0N/A * - NameCallback (to get username)
0N/A * - PasswordCallback (to get password)
0N/A *
0N/A * @author Rosanna Lee
0N/A */
0N/Afinal public class ClientFactoryImpl implements SaslClientFactory {
0N/A private static final String myMechs[] = {
0N/A "EXTERNAL",
0N/A "CRAM-MD5",
0N/A "PLAIN",
0N/A };
0N/A
0N/A private static final int mechPolicies[] = {
0N/A // %%% RL: Policies should actually depend on the external channel
0N/A PolicyUtils.NOPLAINTEXT|PolicyUtils.NOACTIVE|PolicyUtils.NODICTIONARY,
0N/A PolicyUtils.NOPLAINTEXT|PolicyUtils.NOANONYMOUS, // CRAM-MD5
0N/A PolicyUtils.NOANONYMOUS, // PLAIN
0N/A };
0N/A
0N/A private static final int EXTERNAL = 0;
0N/A private static final int CRAMMD5 = 1;
0N/A private static final int PLAIN = 2;
0N/A
0N/A public ClientFactoryImpl() {
0N/A }
0N/A
0N/A public SaslClient createSaslClient(String[] mechs,
0N/A String authorizationId,
0N/A String protocol,
0N/A String serverName,
0N/A Map<String,?> props,
0N/A CallbackHandler cbh) throws SaslException {
0N/A
0N/A for (int i = 0; i < mechs.length; i++) {
0N/A if (mechs[i].equals(myMechs[EXTERNAL])
0N/A && PolicyUtils.checkPolicy(mechPolicies[EXTERNAL], props)) {
0N/A return new ExternalClient(authorizationId);
0N/A
0N/A } else if (mechs[i].equals(myMechs[CRAMMD5])
0N/A && PolicyUtils.checkPolicy(mechPolicies[CRAMMD5], props)) {
0N/A
0N/A Object[] uinfo = getUserInfo("CRAM-MD5", authorizationId, cbh);
0N/A
0N/A // Callee responsible for clearing bytepw
0N/A return new CramMD5Client((String) uinfo[0],
0N/A (byte []) uinfo[1]);
0N/A
0N/A } else if (mechs[i].equals(myMechs[PLAIN])
0N/A && PolicyUtils.checkPolicy(mechPolicies[PLAIN], props)) {
0N/A
0N/A Object[] uinfo = getUserInfo("PLAIN", authorizationId, cbh);
0N/A
0N/A // Callee responsible for clearing bytepw
0N/A return new PlainClient(authorizationId,
0N/A (String) uinfo[0], (byte []) uinfo[1]);
0N/A }
0N/A }
0N/A return null;
0N/A };
0N/A
0N/A public String[] getMechanismNames(Map<String,?> props) {
0N/A return PolicyUtils.filterMechs(myMechs, mechPolicies, props);
0N/A }
0N/A
0N/A /**
0N/A * Gets the authentication id and password. The
0N/A * password is converted to bytes using UTF-8 and stored in bytepw.
0N/A * The authentication id is stored in authId.
0N/A *
0N/A * @param prefix The non-null prefix to use for the prompt (e.g., mechanism
0N/A * name)
0N/A * @param authorizationId The possibly null authorization id. This is used
0N/A * as a default for the NameCallback. If null, it is not used in prompt.
0N/A * @param cbh The non-null callback handler to use.
0N/A * @return an {authid, passwd} pair
0N/A */
0N/A private Object[] getUserInfo(String prefix, String authorizationId,
0N/A CallbackHandler cbh) throws SaslException {
0N/A if (cbh == null) {
0N/A throw new SaslException(
0N/A "Callback handler to get username/password required");
0N/A }
0N/A try {
0N/A String userPrompt = prefix + " authentication id: ";
0N/A String passwdPrompt = prefix + " password: ";
0N/A
0N/A NameCallback ncb = authorizationId == null?
0N/A new NameCallback(userPrompt) :
0N/A new NameCallback(userPrompt, authorizationId);
0N/A
0N/A PasswordCallback pcb = new PasswordCallback(passwdPrompt, false);
0N/A
0N/A cbh.handle(new Callback[]{ncb,pcb});
0N/A
0N/A char[] pw = pcb.getPassword();
0N/A
0N/A byte[] bytepw;
0N/A String authId;
0N/A
0N/A if (pw != null) {
0N/A bytepw = new String(pw).getBytes("UTF8");
0N/A pcb.clearPassword();
0N/A } else {
0N/A bytepw = null;
0N/A }
0N/A
0N/A authId = ncb.getName();
0N/A
0N/A return new Object[]{authId, bytepw};
0N/A
0N/A } catch (IOException e) {
0N/A throw new SaslException("Cannot get password", e);
0N/A } catch (UnsupportedCallbackException e) {
0N/A throw new SaslException("Cannot get userid/password", e);
0N/A }
0N/A }
0N/A}