| author | roland |
| Thu, 08 Jan 2015 11:00:38 +0100 | |
| changeset 28486 | b0df113b962e |
| parent 25859 | 3317bb8137f4 |
| permissions | -rw-r--r-- |
| 2 | 1 |
/* |
|
10336
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
5506
diff
changeset
|
2 |
* Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. |
| 2 | 3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 |
* |
|
5 |
* This code is free software; you can redistribute it and/or modify it |
|
6 |
* under the terms of the GNU General Public License version 2 only, as |
|
| 5506 | 7 |
* published by the Free Software Foundation. Oracle designates this |
| 2 | 8 |
* particular file as subject to the "Classpath" exception as provided |
| 5506 | 9 |
* by Oracle in the LICENSE file that accompanied this code. |
| 2 | 10 |
* |
11 |
* This code is distributed in the hope that it will be useful, but WITHOUT |
|
12 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
13 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
14 |
* version 2 for more details (a copy is included in the LICENSE file that |
|
15 |
* accompanied this code). |
|
16 |
* |
|
17 |
* You should have received a copy of the GNU General Public License version |
|
18 |
* 2 along with this work; if not, write to the Free Software Foundation, |
|
19 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
20 |
* |
|
| 5506 | 21 |
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
22 |
* or visit www.oracle.com if you need additional information or have any |
|
23 |
* questions. |
|
| 2 | 24 |
*/ |
25 |
||
26 |
package com.sun.security.sasl.util; |
|
27 |
||
28 |
import javax.security.sasl.Sasl; |
|
29 |
import java.util.Map; |
|
30 |
||
31 |
/** |
|
32 |
* Static class that contains utilities for dealing with Java SASL |
|
33 |
* security policy-related properties. |
|
34 |
* |
|
35 |
* @author Rosanna Lee |
|
36 |
*/ |
|
37 |
final public class PolicyUtils {
|
|
38 |
// Can't create one of these |
|
39 |
private PolicyUtils() {
|
|
40 |
} |
|
41 |
||
42 |
public final static int NOPLAINTEXT = 0x0001; |
|
43 |
public final static int NOACTIVE = 0x0002; |
|
44 |
public final static int NODICTIONARY = 0x0004; |
|
45 |
public final static int FORWARD_SECRECY = 0x0008; |
|
46 |
public final static int NOANONYMOUS = 0x0010; |
|
47 |
public final static int PASS_CREDENTIALS = 0x0200; |
|
48 |
||
49 |
/** |
|
50 |
* Determines whether a mechanism's characteristics, as defined in flags, |
|
51 |
* fits the security policy properties found in props. |
|
52 |
* @param flags The mechanism's security characteristics |
|
53 |
* @param props The security policy properties to check |
|
54 |
* @return true if passes; false if fails |
|
55 |
*/ |
|
|
10336
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
5506
diff
changeset
|
56 |
public static boolean checkPolicy(int flags, Map<String, ?> props) {
|
| 2 | 57 |
if (props == null) {
|
58 |
return true; |
|
59 |
} |
|
60 |
||
61 |
if ("true".equalsIgnoreCase((String)props.get(Sasl.POLICY_NOPLAINTEXT))
|
|
62 |
&& (flags&NOPLAINTEXT) == 0) {
|
|
63 |
return false; |
|
64 |
} |
|
65 |
if ("true".equalsIgnoreCase((String)props.get(Sasl.POLICY_NOACTIVE))
|
|
66 |
&& (flags&NOACTIVE) == 0) {
|
|
67 |
return false; |
|
68 |
} |
|
69 |
if ("true".equalsIgnoreCase((String)props.get(Sasl.POLICY_NODICTIONARY))
|
|
70 |
&& (flags&NODICTIONARY) == 0) {
|
|
71 |
return false; |
|
72 |
} |
|
73 |
if ("true".equalsIgnoreCase((String)props.get(Sasl.POLICY_NOANONYMOUS))
|
|
74 |
&& (flags&NOANONYMOUS) == 0) {
|
|
75 |
return false; |
|
76 |
} |
|
77 |
if ("true".equalsIgnoreCase((String)props.get(Sasl.POLICY_FORWARD_SECRECY))
|
|
78 |
&& (flags&FORWARD_SECRECY) == 0) {
|
|
79 |
return false; |
|
80 |
} |
|
81 |
if ("true".equalsIgnoreCase((String)props.get(Sasl.POLICY_PASS_CREDENTIALS))
|
|
82 |
&& (flags&PASS_CREDENTIALS) == 0) {
|
|
83 |
return false; |
|
84 |
} |
|
85 |
||
86 |
return true; |
|
87 |
} |
|
88 |
||
89 |
/** |
|
90 |
* Given a list of mechanisms and their characteristics, select the |
|
91 |
* subset that conforms to the policies defined in props. |
|
92 |
* Useful for SaslXXXFactory.getMechanismNames(props) implementations. |
|
93 |
* |
|
94 |
*/ |
|
95 |
public static String[] filterMechs(String[] mechs, int[] policies, |
|
|
10336
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
5506
diff
changeset
|
96 |
Map<String, ?> props) {
|
| 2 | 97 |
if (props == null) {
|
98 |
return mechs.clone(); |
|
99 |
} |
|
100 |
||
101 |
boolean[] passed = new boolean[mechs.length]; |
|
102 |
int count = 0; |
|
103 |
for (int i = 0; i< mechs.length; i++) {
|
|
104 |
if (passed[i] = checkPolicy(policies[i], props)) {
|
|
105 |
++count; |
|
106 |
} |
|
107 |
} |
|
108 |
String[] answer = new String[count]; |
|
109 |
for (int i = 0, j=0; i< mechs.length; i++) {
|
|
110 |
if (passed[i]) {
|
|
111 |
answer[j++] = mechs[i]; |
|
112 |
} |
|
113 |
} |
|
114 |
||
115 |
return answer; |
|
116 |
} |
|
117 |
} |