sasl/gsskerb/PropertiesFileCallbackHandler.java

0N/A/*
2362N/A * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved.
0N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
0N/A *
0N/A * This code is free software; you can redistribute it and/or modify it
0N/A * under the terms of the GNU General Public License version 2 only, as
0N/A * published by the Free Software Foundation.
0N/A *
0N/A * This code is distributed in the hope that it will be useful, but WITHOUT
0N/A * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
0N/A * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
0N/A * version 2 for more details (a copy is included in the LICENSE file that
0N/A * accompanied this code).
0N/A *
0N/A * You should have received a copy of the GNU General Public License version
0N/A * 2 along with this work; if not, write to the Free Software Foundation,
0N/A * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
0N/A *
2362N/A * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
2362N/A * or visit www.oracle.com if you need additional information or have any
2362N/A * questions.
0N/A */
0N/A
0N/Aimport javax.security.auth.callback.*;
0N/Aimport java.util.Map;
0N/Aimport java.util.Properties;
0N/Aimport java.io.*;
0N/Aimport javax.security.sasl.AuthorizeCallback;
0N/Aimport javax.security.sasl.RealmCallback;
0N/A
0N/Apublic final class PropertiesFileCallbackHandler implements CallbackHandler {
0N/A    private Properties pwDb, namesDb, proxyDb;
0N/A
0N/A    /**
0N/A     * Contents of files are in the Properties file format.
0N/A     *
0N/A     * @param pwFile name of file containing name/password pairs
0N/A     * @param namesFile name of file containing name to canonicalized name
0N/A     * @param proxyFile name of file containing authname to list of authzids
0N/A     */
0N/A    public PropertiesFileCallbackHandler(String pwFile, String namesFile,
0N/A        String proxyFile) throws IOException {
0N/A        String dir = System.getProperty("test.src");
0N/A        if (dir == null) {
0N/A            dir = ".";
0N/A        }
0N/A        dir = dir + "/";
0N/A
0N/A        if (pwFile != null) {
0N/A            pwDb = new Properties();
0N/A            pwDb.load(new FileInputStream(dir+pwFile));
0N/A        }
0N/A
0N/A        if (namesFile != null) {
0N/A            namesDb = new Properties();
0N/A            namesDb.load(new FileInputStream(dir+namesFile));
0N/A        }
0N/A
0N/A        if (proxyFile != null) {
0N/A            proxyDb = new Properties();
0N/A            proxyDb.load(new FileInputStream(dir+proxyFile));
0N/A        }
0N/A    }
0N/A
0N/A    public void handle(Callback[] callbacks)
0N/A        throws UnsupportedCallbackException {
0N/A        NameCallback ncb = null;
0N/A        PasswordCallback pcb = null;
0N/A        AuthorizeCallback acb = null;
0N/A        RealmCallback rcb = null;
0N/A
0N/A        for (int i = 0; i < callbacks.length; i++) {
0N/A            if (callbacks[i] instanceof NameCallback) {
0N/A                ncb = (NameCallback) callbacks[i];
0N/A            } else if (callbacks[i] instanceof PasswordCallback) {
0N/A                pcb = (PasswordCallback) callbacks[i];
0N/A            } else if (callbacks[i] instanceof AuthorizeCallback) {
0N/A                acb = (AuthorizeCallback) callbacks[i];
0N/A            } else if (callbacks[i] instanceof RealmCallback) {
0N/A                rcb = (RealmCallback) callbacks[i];
0N/A            } else {
0N/A                throw new UnsupportedCallbackException(callbacks[i]);
0N/A            }
0N/A        }
0N/A
0N/A        // Process retrieval of password; can get password iff
0N/A        // username is available in NameCallback
0N/A        //
0N/A        // Ignore realm for now; could potentially use different dbs for
0N/A        // different realms
0N/A
0N/A        if (pcb != null && ncb != null) {
0N/A            String username = ncb.getDefaultName();
0N/A            String pw = pwDb.getProperty(username);
0N/A            if (pw != null) {
0N/A                char[] pwchars = pw.toCharArray();
0N/A                pcb.setPassword(pwchars);
0N/A                // Clear pw
0N/A                for (int i = 0; i <pwchars.length; i++) {
0N/A                    pwchars[i] = 0;
0N/A                }
0N/A
0N/A                // Set canonicalized username if any
0N/A                String canonAuthid =
0N/A                    (namesDb != null? namesDb.getProperty(username) : null);
0N/A                if (canonAuthid != null) {
0N/A                    ncb.setName(canonAuthid);
0N/A                }
0N/A            }
0N/A        }
0N/A
0N/A        // Check for authorization
0N/A
0N/A        // Ignore realm for now; could potentially use different dbs for
0N/A        // different realms
0N/A
0N/A        if (acb != null) {
0N/A            String authid = acb.getAuthenticationID();
0N/A            String authzid = acb.getAuthorizationID();
0N/A            if (authid.equals(authzid)) {
0N/A                // Self is always authorized
0N/A                acb.setAuthorized(true);
0N/A
0N/A            } else {
0N/A                // Check db for allowed authzids
0N/A                String authzes = (proxyDb != null ? proxyDb.getProperty(authid)
0N/A                    : null);
0N/A                if (authzes != null && authzes.indexOf(authzid) >= 0) {
0N/A                    // XXX need to search for subtrings or use StringTokenizer
0N/A                    // to avoid incorrectly matching subnames
0N/A                    acb.setAuthorized(true);
0N/A                }
0N/A            }
0N/A
0N/A            if (acb.isAuthorized()) {
0N/A                // Set canonicalized name
0N/A                String canonAuthzid = (namesDb != null ?
0N/A                    namesDb.getProperty(authzid) : null);
0N/A                if (canonAuthzid != null) {
0N/A                    acb.setAuthorizedID(canonAuthzid);
0N/A                }
0N/A            }
0N/A        }
0N/A    }
0N/A}