src/java.security.sasl/share/classes/javax/security/sasl/Sasl.java
author phh
Sat, 30 Nov 2019 14:33:05 -0800
changeset 59330 5b96c12f909d
parent 54802 b0a1572ec64a
permissions -rw-r--r--
8234541: C1 emits an empty message when it inlines successfully Summary: Use "inline" as the message when successfull Reviewed-by: thartmann, mdoerr Contributed-by: navy.xliu@gmail.com

/*
 * Copyright (c) 1999, 2019, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.  Oracle designates this
 * particular file as subject to the "Classpath" exception as provided
 * by Oracle in the LICENSE file that accompanied this code.
 *
 * This code is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * version 2 for more details (a copy is included in the LICENSE file that
 * accompanied this code).
 *
 * You should have received a copy of the GNU General Public License version
 * 2 along with this work; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 * or visit www.oracle.com if you need additional information or have any
 * questions.
 */

package javax.security.sasl;

import javax.security.auth.callback.CallbackHandler;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.HashSet;
import java.util.Collections;
import java.security.InvalidParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.Provider.Service;
import java.security.Security;
import java.util.logging.Level;
import java.util.logging.Logger;

/**
 * A static class for creating SASL clients and servers.
 *<p>
 * This class defines the policy of how to locate, load, and instantiate
 * SASL clients and servers.
 *<p>
 * For example, an application or library gets a SASL client by doing
 * something like:
 *<blockquote><pre>
 * SaslClient sc = Sasl.createSaslClient(mechanisms,
 *     authorizationId, protocol, serverName, props, callbackHandler);
 *</pre></blockquote>
 * It can then proceed to use the instance to create an authentication connection.
 *<p>
 * Similarly, a server gets a SASL server by using code that looks as follows:
 *<blockquote><pre>
 * SaslServer ss = Sasl.createSaslServer(mechanism,
 *     protocol, serverName, props, callbackHandler);
 *</pre></blockquote>
 *
 * @since 1.5
 *
 * @author Rosanna Lee
 * @author Rob Weltman
 */
public class Sasl {

    private static List<String> disabledMechanisms = new ArrayList<>();

    static {
        String prop = AccessController.doPrivileged(
                (PrivilegedAction<String>)
                () -> Security.getProperty("jdk.sasl.disabledMechanisms"));

        if (prop != null) {
            for (String s : prop.split("\\s*,\\s*")) {
                if (!s.isEmpty()) {
                    disabledMechanisms.add(s);
                }
            }
        }
    }

    private static final String SASL_LOGGER_NAME = "javax.security.sasl";

    /**
     * Logger for debug messages
     */
    private static final Logger logger = Logger.getLogger(SASL_LOGGER_NAME);

    // Cannot create one of these
    private Sasl() {
    }

    /**
     * The name of a property that specifies the quality-of-protection to use.
     * The property contains a comma-separated, ordered list
     * of quality-of-protection values that the
     * client or server is willing to support.  A qop value is one of
     * <ul>
     * <li>{@code "auth"} - authentication only</li>
     * <li>{@code "auth-int"} - authentication plus integrity protection</li>
     * <li>{@code "auth-conf"} - authentication plus integrity and confidentiality
     * protection</li>
     * </ul>
     *
     * The order of the list specifies the preference order of the client or
     * server. If this property is absent, the default qop is {@code "auth"}.
     * The value of this constant is {@code "javax.security.sasl.qop"}.
     */
    public static final String QOP = "javax.security.sasl.qop";

    /**
     * The name of a property that specifies the cipher strength to use.
     * The property contains a comma-separated, ordered list
     * of cipher strength values that
     * the client or server is willing to support. A strength value is one of
     * <ul>
     * <li>{@code "low"}</li>
     * <li>{@code "medium"}</li>
     * <li>{@code "high"}</li>
     * </ul>
     * The order of the list specifies the preference order of the client or
     * server.  An implementation should allow configuration of the meaning
     * of these values.  An application may use the Java Cryptography
     * Extension (JCE) with JCE-aware mechanisms to control the selection of
     * cipher suites that match the strength values.
     * <BR>
     * If this property is absent, the default strength is
     * {@code "high,medium,low"}.
     * The value of this constant is {@code "javax.security.sasl.strength"}.
     */
    public static final String STRENGTH = "javax.security.sasl.strength";

    /**
     * The name of a property that specifies whether the
     * server must authenticate to the client. The property contains
     * {@code "true"} if the server must
     * authenticate the to client; {@code "false"} otherwise.
     * The default is {@code "false"}.
     * <br>The value of this constant is
     * {@code "javax.security.sasl.server.authentication"}.
     */
    public static final String SERVER_AUTH =
    "javax.security.sasl.server.authentication";

    /**
     * The name of a property that specifies the bound server name for
     * an unbound server. A server is created as an unbound server by setting
     * the {@code serverName} argument in {@link #createSaslServer} as null.
     * The property contains the bound host name after the authentication
     * exchange has completed. It is only available on the server side.
     * <br>The value of this constant is
     * {@code "javax.security.sasl.bound.server.name"}.
     */
    public static final String BOUND_SERVER_NAME =
    "javax.security.sasl.bound.server.name";

    /**
     * The name of a property that specifies the maximum size of the receive
     * buffer in bytes of {@code SaslClient}/{@code SaslServer}.
     * The property contains the string representation of an integer.
     * <br>If this property is absent, the default size
     * is defined by the mechanism.
     * <br>The value of this constant is {@code "javax.security.sasl.maxbuffer"}.
     */
    public static final String MAX_BUFFER = "javax.security.sasl.maxbuffer";

    /**
     * The name of a property that specifies the maximum size of the raw send
     * buffer in bytes of {@code SaslClient}/{@code SaslServer}.
     * The property contains the string representation of an integer.
     * The value of this property is negotiated between the client and server
     * during the authentication exchange.
     * <br>The value of this constant is {@code "javax.security.sasl.rawsendsize"}.
     */
    public static final String RAW_SEND_SIZE = "javax.security.sasl.rawsendsize";

    /**
     * The name of a property that specifies whether to reuse previously
     * authenticated session information. The property contains "true" if the
     * mechanism implementation may attempt to reuse previously authenticated
     * session information; it contains "false" if the implementation must
     * not reuse previously authenticated session information.  A setting of
     * "true" serves only as a hint: it does not necessarily entail actual
     * reuse because reuse might not be possible due to a number of reasons,
     * including, but not limited to, lack of mechanism support for reuse,
     * expiration of reusable information, and the peer's refusal to support
     * reuse.
     *
     * The property's default value is "false".  The value of this constant
     * is "javax.security.sasl.reuse".
     *
     * Note that all other parameters and properties required to create a
     * SASL client/server instance must be provided regardless of whether
     * this property has been supplied. That is, you cannot supply any less
     * information in anticipation of reuse.
     *
     * Mechanism implementations that support reuse might allow customization
     * of its implementation, for factors such as cache size, timeouts, and
     * criteria for reusability. Such customizations are
     * implementation-dependent.
     */
     public static final String REUSE = "javax.security.sasl.reuse";

    /**
     * The name of a property that specifies
     * whether mechanisms susceptible to simple plain passive attacks (e.g.,
     * "PLAIN") are not permitted. The property
     * contains {@code "true"} if such mechanisms are not permitted;
     * {@code "false"} if such mechanisms are permitted.
     * The default is {@code "false"}.
     * <br>The value of this constant is
     * {@code "javax.security.sasl.policy.noplaintext"}.
     */
    public static final String POLICY_NOPLAINTEXT =
    "javax.security.sasl.policy.noplaintext";

    /**
     * The name of a property that specifies whether
     * mechanisms susceptible to active (non-dictionary) attacks
     * are not permitted.
     * The property contains {@code "true"}
     * if mechanisms susceptible to active attacks
     * are not permitted; {@code "false"} if such mechanisms are permitted.
     * The default is {@code "false"}.
     * <br>The value of this constant is
     * {@code "javax.security.sasl.policy.noactive"}.
     */
    public static final String POLICY_NOACTIVE =
    "javax.security.sasl.policy.noactive";

    /**
     * The name of a property that specifies whether
     * mechanisms susceptible to passive dictionary attacks are not permitted.
     * The property contains {@code "true"}
     * if mechanisms susceptible to dictionary attacks are not permitted;
     * {@code "false"} if such mechanisms are permitted.
     * The default is {@code "false"}.
     *<br>
     * The value of this constant is
     * {@code "javax.security.sasl.policy.nodictionary"}.
     */
    public static final String POLICY_NODICTIONARY =
    "javax.security.sasl.policy.nodictionary";

    /**
     * The name of a property that specifies whether mechanisms that accept
     * anonymous login are not permitted. The property contains {@code "true"}
     * if mechanisms that accept anonymous login are not permitted;
     * {@code "false"}
     * if such mechanisms are permitted. The default is {@code "false"}.
     *<br>
     * The value of this constant is
     * {@code "javax.security.sasl.policy.noanonymous"}.
     */
    public static final String POLICY_NOANONYMOUS =
    "javax.security.sasl.policy.noanonymous";

     /**
      * The name of a property that specifies whether mechanisms that implement
      * forward secrecy between sessions are required. Forward secrecy
      * means that breaking into one session will not automatically
      * provide information for breaking into future sessions.
      * The property
      * contains {@code "true"} if mechanisms that implement forward secrecy
      * between sessions are required; {@code "false"} if such mechanisms
      * are not required. The default is {@code "false"}.
      *<br>
      * The value of this constant is
      * {@code "javax.security.sasl.policy.forward"}.
      */
    public static final String POLICY_FORWARD_SECRECY =
    "javax.security.sasl.policy.forward";

    /**
     * The name of a property that specifies whether
     * mechanisms that pass client credentials are required. The property
     * contains {@code "true"} if mechanisms that pass
     * client credentials are required; {@code "false"}
     * if such mechanisms are not required. The default is {@code "false"}.
     *<br>
     * The value of this constant is
     * {@code "javax.security.sasl.policy.credentials"}.
     */
    public static final String POLICY_PASS_CREDENTIALS =
    "javax.security.sasl.policy.credentials";

    /**
     * The name of a property that specifies the credentials to use.
     * The property contains a mechanism-specific Java credential object.
     * Mechanism implementations may examine the value of this property
     * to determine whether it is a class that they support.
     * The property may be used to supply credentials to a mechanism that
     * supports delegated authentication.
     *<br>
     * The value of this constant is
     * {@code "javax.security.sasl.credentials"}.
     */
    public static final String CREDENTIALS = "javax.security.sasl.credentials";

    /**
     * Creates a {@code SaslClient} using the parameters supplied.
     *
     * This method uses the
     * {@extLink security_guide_jca JCA Security Provider Framework},
     * described in the
     * "Java Cryptography Architecture (JCA) Reference Guide", for
     * locating and selecting a {@code SaslClient} implementation.
     *
     * First, it
     * obtains an ordered list of {@code SaslClientFactory} instances from
     * the registered security providers for the "SaslClientFactory" service
     * and the specified SASL mechanism(s). It then invokes
     * {@code createSaslClient()} on each factory instance on the list
     * until one produces a non-null {@code SaslClient} instance. It returns
     * the non-null {@code SaslClient} instance, or null if the search fails
     * to produce a non-null {@code SaslClient} instance.
     *<p>
     * A security provider for SaslClientFactory registers with the
     * JCA Security Provider Framework keys of the form <br>
     * {@code SaslClientFactory.}<em>{@code mechanism_name}</em>
     * <br>
     * and values that are class names of implementations of
     * {@code javax.security.sasl.SaslClientFactory}.
     *
     * For example, a provider that contains a factory class,
     * {@code com.wiz.sasl.digest.ClientFactory}, that supports the
     * "DIGEST-MD5" mechanism would register the following entry with the JCA:
     * {@code SaslClientFactory.DIGEST-MD5 com.wiz.sasl.digest.ClientFactory}
     *<p>
     * See the
     * "Java Cryptography Architecture API Specification &amp; Reference"
     * for information about how to install and configure security service
     *  providers.
     *
     * @implNote
     * The JDK Reference Implementation additionally uses the
     * {@code jdk.security.provider.preferred}
     * {@link Security#getProperty(String) Security} property to determine
     * the preferred provider order for the specified algorithm. This
     * may be different than the order of providers returned by
     * {@link Security#getProviders() Security.getProviders()}.
     * <p>
     * If a mechanism is listed in the {@code jdk.sasl.disabledMechanisms}
     * security property, it will be ignored and won't be negotiated.
     *
     * @param mechanisms The non-null list of mechanism names to try. Each is the
     * IANA-registered name of a SASL mechanism. (e.g. "GSSAPI", "CRAM-MD5").
     * @param authorizationId The possibly null protocol-dependent
     * identification to be used for authorization.
     * If null or empty, the server derives an authorization
     * ID from the client's authentication credentials.
     * When the SASL authentication completes successfully,
     * the specified entity is granted access.
     *
     * @param protocol The non-null string name of the protocol for which
     * the authentication is being performed (e.g., "ldap").
     *
     * @param serverName The non-null fully-qualified host name of the server
     * to authenticate to.
     *
     * @param props The possibly null set of properties used to
     * select the SASL mechanism and to configure the authentication
     * exchange of the selected mechanism.
     * For example, if {@code props} contains the
     * {@code Sasl.POLICY_NOPLAINTEXT} property with the value
     * {@code "true"}, then the selected
     * SASL mechanism must not be susceptible to simple plain passive attacks.
     * In addition to the standard properties declared in this class,
     * other, possibly mechanism-specific, properties can be included.
     * Properties not relevant to the selected mechanism are ignored,
     * including any map entries with non-String keys.
     *
     * @param cbh The possibly null callback handler to used by the SASL
     * mechanisms to get further information from the application/library
     * to complete the authentication. For example, a SASL mechanism might
     * require the authentication ID, password and realm from the caller.
     * The authentication ID is requested by using a {@code NameCallback}.
     * The password is requested by using a {@code PasswordCallback}.
     * The realm is requested by using a {@code RealmChoiceCallback} if there is a list
     * of realms to choose from, and by using a {@code RealmCallback} if
     * the realm must be entered.
     *
     *@return A possibly null {@code SaslClient} created using the parameters
     * supplied. If null, cannot find a {@code SaslClientFactory}
     * that will produce one.
     *@exception SaslException If cannot create a {@code SaslClient} because
     * of an error.
     */
    public static SaslClient createSaslClient(
        String[] mechanisms,
        String authorizationId,
        String protocol,
        String serverName,
        Map<String,?> props,
        CallbackHandler cbh) throws SaslException {

        SaslClient mech = null;
        SaslClientFactory fac;
        Service service;
        String mechName;

        for (int i = 0; i < mechanisms.length; i++) {
            if ((mechName=mechanisms[i]) == null) {
                throw new NullPointerException(
                    "Mechanism name cannot be null");
            } else if (mechName.length() == 0) {
                continue;
            } else if (isDisabled(mechName)) {
                logger.log(Level.FINE,
                        "Disabled " + mechName + " mechanism ignored");
                continue;
            }
            String type = "SaslClientFactory";
            Provider[] provs = Security.getProviders(type + "." + mechName);
            if (provs != null) {
                for (Provider p : provs) {
                    service = p.getService(type, mechName);
                    if (service == null) {
                        // no such service exists
                        continue;
                    }

                    fac = (SaslClientFactory) loadFactory(service);
                    if (fac != null) {
                        mech = fac.createSaslClient(
                            new String[]{mechanisms[i]}, authorizationId,
                            protocol, serverName, props, cbh);
                        if (mech != null) {
                            return mech;
                        }
                    }
                }
            }
        }
        return null;
    }

    private static Object loadFactory(Service service)
        throws SaslException {
        try {
            /*
             * Load the implementation class with the same class loader
             * that was used to load the provider.
             * In order to get the class loader of a class, the
             * caller's class loader must be the same as or an ancestor of
             * the class loader being returned. Otherwise, the caller must
             * have "getClassLoader" permission, or a SecurityException
             * will be thrown.
             */
            return service.newInstance(null);
        } catch (InvalidParameterException | NoSuchAlgorithmException e) {
            throw new SaslException("Cannot instantiate service " + service, e);
        }
    }


    /**
     * Creates a {@code SaslServer} for the specified mechanism.
     *
     * This method uses the
     * {@extLink security_guide_jca JCA Security Provider Framework},
     * described in the
     * "Java Cryptography Architecture (JCA) Reference Guide", for
     * locating and selecting a {@code SaslClient} implementation.
     *
     * First, it
     * obtains an ordered list of {@code SaslServerFactory} instances from
     * the registered security providers for the "SaslServerFactory" service
     * and the specified mechanism. It then invokes
     * {@code createSaslServer()} on each factory instance on the list
     * until one produces a non-null {@code SaslServer} instance. It returns
     * the non-null {@code SaslServer} instance, or null if the search fails
     * to produce a non-null {@code SaslServer} instance.
     *<p>
     * A security provider for SaslServerFactory registers with the
     * JCA Security Provider Framework keys of the form <br>
     * {@code SaslServerFactory.}<em>{@code mechanism_name}</em>
     * <br>
     * and values that are class names of implementations of
     * {@code javax.security.sasl.SaslServerFactory}.
     *
     * For example, a provider that contains a factory class,
     * {@code com.wiz.sasl.digest.ServerFactory}, that supports the
     * "DIGEST-MD5" mechanism would register the following entry with the JCA:
     * {@code SaslServerFactory.DIGEST-MD5  com.wiz.sasl.digest.ServerFactory}
     *<p>
     * See the
     * "Java Cryptography Architecture API Specification &amp; Reference"
     * for information about how to install and configure security
     * service providers.
     *
     * @implNote
     * The JDK Reference Implementation additionally uses the
     * {@code jdk.security.provider.preferred}
     * {@link Security#getProperty(String) Security} property to determine
     * the preferred provider order for the specified algorithm. This
     * may be different than the order of providers returned by
     * {@link Security#getProviders() Security.getProviders()}.
     * <p>
     * If {@code mechanism} is listed in the {@code jdk.sasl.disabledMechanisms}
     * security property, it will be ignored and this method returns {@code null}.
     *
     * @param mechanism The non-null mechanism name. It must be an
     * IANA-registered name of a SASL mechanism. (e.g. "GSSAPI", "CRAM-MD5").
     * @param protocol The non-null string name of the protocol for which
     * the authentication is being performed (e.g., "ldap").
     * @param serverName The fully qualified host name of the server, or null
     * if the server is not bound to any specific host name. If the mechanism
     * does not allow an unbound server, a {@code SaslException} will
     * be thrown.
     * @param props The possibly null set of properties used to
     * select the SASL mechanism and to configure the authentication
     * exchange of the selected mechanism.
     * For example, if {@code props} contains the
     * {@code Sasl.POLICY_NOPLAINTEXT} property with the value
     * {@code "true"}, then the selected
     * SASL mechanism must not be susceptible to simple plain passive attacks.
     * In addition to the standard properties declared in this class,
     * other, possibly mechanism-specific, properties can be included.
     * Properties not relevant to the selected mechanism are ignored,
     * including any map entries with non-String keys.
     *
     * @param cbh The possibly null callback handler to used by the SASL
     * mechanisms to get further information from the application/library
     * to complete the authentication. For example, a SASL mechanism might
     * require the authentication ID, password and realm from the caller.
     * The authentication ID is requested by using a {@code NameCallback}.
     * The password is requested by using a {@code PasswordCallback}.
     * The realm is requested by using a {@code RealmChoiceCallback} if there is a list
     * of realms to choose from, and by using a {@code RealmCallback} if
     * the realm must be entered.
     *
     *@return A possibly null {@code SaslServer} created using the parameters
     * supplied. If null, cannot find a {@code SaslServerFactory}
     * that will produce one.
     *@exception SaslException If cannot create a {@code SaslServer} because
     * of an error.
     **/
    public static SaslServer
        createSaslServer(String mechanism,
                    String protocol,
                    String serverName,
                    Map<String,?> props,
                    javax.security.auth.callback.CallbackHandler cbh)
        throws SaslException {

        SaslServer mech = null;
        SaslServerFactory fac;
        Service service;

        if (mechanism == null) {
            throw new NullPointerException("Mechanism name cannot be null");
        } else if (mechanism.length() == 0) {
            return null;
        } else if (isDisabled(mechanism)) {
            logger.log(Level.FINE,
                    "Disabled " + mechanism + " mechanism ignored");
            return null;
        }

        String type = "SaslServerFactory";
        Provider[] provs = Security.getProviders(type + "." + mechanism);
        if (provs != null) {
            for (Provider p : provs) {
                service = p.getService(type, mechanism);
                if (service == null) {
                    throw new SaslException("Provider does not support " +
                        mechanism + " " + type);
                }
                fac = (SaslServerFactory) loadFactory(service);
                if (fac != null) {
                    mech = fac.createSaslServer(
                        mechanism, protocol, serverName, props, cbh);
                    if (mech != null) {
                        return mech;
                    }
                }
            }
        }
        return null;
    }

    /**
     * Gets an enumeration of known factories for producing {@code SaslClient}.
     * This method uses the same algorithm for locating factories as
     * {@code createSaslClient()}.
     * @return A non-null enumeration of known factories for producing
     * {@code SaslClient}.
     * @see #createSaslClient
     */
    public static Enumeration<SaslClientFactory> getSaslClientFactories() {
        Set<Object> facs = getFactories("SaslClientFactory");
        final Iterator<Object> iter = facs.iterator();
        return new Enumeration<SaslClientFactory>() {
            public boolean hasMoreElements() {
                return iter.hasNext();
            }
            public SaslClientFactory nextElement() {
                return (SaslClientFactory)iter.next();
            }
        };
    }

    /**
     * Gets an enumeration of known factories for producing {@code SaslServer}.
     * This method uses the same algorithm for locating factories as
     * {@code createSaslServer()}.
     * @return A non-null enumeration of known factories for producing
     * {@code SaslServer}.
     * @see #createSaslServer
     */
    public static Enumeration<SaslServerFactory> getSaslServerFactories() {
        Set<Object> facs = getFactories("SaslServerFactory");
        final Iterator<Object> iter = facs.iterator();
        return new Enumeration<SaslServerFactory>() {
            public boolean hasMoreElements() {
                return iter.hasNext();
            }
            public SaslServerFactory nextElement() {
                return (SaslServerFactory)iter.next();
            }
        };
    }

    private static Set<Object> getFactories(String serviceName) {
        HashSet<Object> result = new HashSet<Object>();

        if ((serviceName == null) || (serviceName.length() == 0) ||
            (serviceName.endsWith("."))) {
            return result;
        }

        Provider[] provs = Security.getProviders();
        Object fac;

        for (Provider p : provs) {

            Iterator<Service> iter = p.getServices().iterator();
            while (iter.hasNext()) {
                Service s = iter.next();
                if (s.getType().equals(serviceName)) {
                    try {
                        fac = loadFactory(s);
                        if (fac != null) {
                            result.add(fac);
                        }
                    } catch (Exception ignore) {
                    }
                }
            }
        }
        return Collections.unmodifiableSet(result);
    }

    private static boolean isDisabled(String name) {
        return disabledMechanisms.contains(name);
    }
}