| /* |
| * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. |
| * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
| * |
| * This code is free software; you can redistribute it and/or modify it |
| * under the terms of the GNU General Public License version 2 only, as |
| * published by the Free Software Foundation. Oracle designates this |
| * particular file as subject to the "Classpath" exception as provided |
| * by Oracle in the LICENSE file that accompanied this code. |
| * |
| * This code is distributed in the hope that it will be useful, but WITHOUT |
| * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
| * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
| * version 2 for more details (a copy is included in the LICENSE file that |
| * accompanied this code). |
| * |
| * You should have received a copy of the GNU General Public License version |
| * 2 along with this work; if not, write to the Free Software Foundation, |
| * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
| * |
| * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
| * or visit www.oracle.com if you need additional information or have any |
| * questions. |
| */ |
| |
| package com.sun.security.sasl.util; |
| |
| import javax.security.sasl.Sasl; |
| import java.util.Map; |
| |
| /** |
| * Static class that contains utilities for dealing with Java SASL |
| * security policy-related properties. |
| * |
| * @author Rosanna Lee |
| */ |
| final public class PolicyUtils { |
| // Can't create one of these |
| private PolicyUtils() { |
| } |
| |
| public final static int NOPLAINTEXT = 0x0001; |
| public final static int NOACTIVE = 0x0002; |
| public final static int NODICTIONARY = 0x0004; |
| public final static int FORWARD_SECRECY = 0x0008; |
| public final static int NOANONYMOUS = 0x0010; |
| public final static int PASS_CREDENTIALS = 0x0200; |
| |
| /** |
| * Determines whether a mechanism's characteristics, as defined in flags, |
| * fits the security policy properties found in props. |
| * @param flags The mechanism's security characteristics |
| * @param props The security policy properties to check |
| * @return true if passes; false if fails |
| */ |
| public static boolean checkPolicy(int flags, Map<String, ?> props) { |
| if (props == null) { |
| return true; |
| } |
| |
| if ("true".equalsIgnoreCase((String)props.get(Sasl.POLICY_NOPLAINTEXT)) |
| && (flags&NOPLAINTEXT) == 0) { |
| return false; |
| } |
| if ("true".equalsIgnoreCase((String)props.get(Sasl.POLICY_NOACTIVE)) |
| && (flags&NOACTIVE) == 0) { |
| return false; |
| } |
| if ("true".equalsIgnoreCase((String)props.get(Sasl.POLICY_NODICTIONARY)) |
| && (flags&NODICTIONARY) == 0) { |
| return false; |
| } |
| if ("true".equalsIgnoreCase((String)props.get(Sasl.POLICY_NOANONYMOUS)) |
| && (flags&NOANONYMOUS) == 0) { |
| return false; |
| } |
| if ("true".equalsIgnoreCase((String)props.get(Sasl.POLICY_FORWARD_SECRECY)) |
| && (flags&FORWARD_SECRECY) == 0) { |
| return false; |
| } |
| if ("true".equalsIgnoreCase((String)props.get(Sasl.POLICY_PASS_CREDENTIALS)) |
| && (flags&PASS_CREDENTIALS) == 0) { |
| return false; |
| } |
| |
| return true; |
| } |
| |
| /** |
| * Given a list of mechanisms and their characteristics, select the |
| * subset that conforms to the policies defined in props. |
| * Useful for SaslXXXFactory.getMechanismNames(props) implementations. |
| * |
| */ |
| public static String[] filterMechs(String[] mechs, int[] policies, |
| Map<String, ?> props) { |
| if (props == null) { |
| return mechs.clone(); |
| } |
| |
| boolean[] passed = new boolean[mechs.length]; |
| int count = 0; |
| for (int i = 0; i< mechs.length; i++) { |
| if (passed[i] = checkPolicy(policies[i], props)) { |
| ++count; |
| } |
| } |
| String[] answer = new String[count]; |
| for (int i = 0, j=0; i< mechs.length; i++) { |
| if (passed[i]) { |
| answer[j++] = mechs[i]; |
| } |
| } |
| |
| return answer; |
| } |
| } |