J. Duke | 319a3b9 | 2007-12-01 00:00:00 +0000 | [diff] [blame^] | 1 | /* |
| 2 | * Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. |
| 3 | * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
| 4 | * |
| 5 | * This code is free software; you can redistribute it and/or modify it |
| 6 | * under the terms of the GNU General Public License version 2 only, as |
| 7 | * published by the Free Software Foundation. |
| 8 | * |
| 9 | * This code is distributed in the hope that it will be useful, but WITHOUT |
| 10 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
| 11 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
| 12 | * version 2 for more details (a copy is included in the LICENSE file that |
| 13 | * accompanied this code). |
| 14 | * |
| 15 | * You should have received a copy of the GNU General Public License version |
| 16 | * 2 along with this work; if not, write to the Free Software Foundation, |
| 17 | * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
| 18 | * |
| 19 | * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, |
| 20 | * CA 95054 USA or visit www.sun.com if you need additional information or |
| 21 | * have any questions. |
| 22 | */ |
| 23 | |
| 24 | import javax.security.auth.callback.*; |
| 25 | import java.util.Map; |
| 26 | import java.util.Properties; |
| 27 | import java.io.*; |
| 28 | import javax.security.sasl.AuthorizeCallback; |
| 29 | import javax.security.sasl.RealmCallback; |
| 30 | |
| 31 | public final class PropertiesFileCallbackHandler implements CallbackHandler { |
| 32 | private Properties pwDb, namesDb, proxyDb; |
| 33 | |
| 34 | /** |
| 35 | * Contents of files are in the Properties file format. |
| 36 | * |
| 37 | * @param pwFile name of file containing name/password pairs |
| 38 | * @param namesFile name of file containing name to canonicalized name |
| 39 | * @param proxyFile name of file containing authname to list of authzids |
| 40 | */ |
| 41 | public PropertiesFileCallbackHandler(String pwFile, String namesFile, |
| 42 | String proxyFile) throws IOException { |
| 43 | String dir = System.getProperty("test.src"); |
| 44 | if (dir == null) { |
| 45 | dir = "."; |
| 46 | } |
| 47 | dir = dir + "/"; |
| 48 | |
| 49 | if (pwFile != null) { |
| 50 | pwDb = new Properties(); |
| 51 | pwDb.load(new FileInputStream(dir+pwFile)); |
| 52 | } |
| 53 | |
| 54 | if (namesFile != null) { |
| 55 | namesDb = new Properties(); |
| 56 | namesDb.load(new FileInputStream(dir+namesFile)); |
| 57 | } |
| 58 | |
| 59 | if (proxyFile != null) { |
| 60 | proxyDb = new Properties(); |
| 61 | proxyDb.load(new FileInputStream(dir+proxyFile)); |
| 62 | } |
| 63 | } |
| 64 | |
| 65 | public void handle(Callback[] callbacks) |
| 66 | throws UnsupportedCallbackException { |
| 67 | NameCallback ncb = null; |
| 68 | PasswordCallback pcb = null; |
| 69 | AuthorizeCallback acb = null; |
| 70 | RealmCallback rcb = null; |
| 71 | |
| 72 | for (int i = 0; i < callbacks.length; i++) { |
| 73 | if (callbacks[i] instanceof NameCallback) { |
| 74 | ncb = (NameCallback) callbacks[i]; |
| 75 | } else if (callbacks[i] instanceof PasswordCallback) { |
| 76 | pcb = (PasswordCallback) callbacks[i]; |
| 77 | } else if (callbacks[i] instanceof AuthorizeCallback) { |
| 78 | acb = (AuthorizeCallback) callbacks[i]; |
| 79 | } else if (callbacks[i] instanceof RealmCallback) { |
| 80 | rcb = (RealmCallback) callbacks[i]; |
| 81 | } else { |
| 82 | throw new UnsupportedCallbackException(callbacks[i]); |
| 83 | } |
| 84 | } |
| 85 | |
| 86 | // Process retrieval of password; can get password iff |
| 87 | // username is available in NameCallback |
| 88 | // |
| 89 | // Ignore realm for now; could potentially use different dbs for |
| 90 | // different realms |
| 91 | |
| 92 | if (pcb != null && ncb != null) { |
| 93 | String username = ncb.getDefaultName(); |
| 94 | String pw = pwDb.getProperty(username); |
| 95 | if (pw != null) { |
| 96 | char[] pwchars = pw.toCharArray(); |
| 97 | pcb.setPassword(pwchars); |
| 98 | // Clear pw |
| 99 | for (int i = 0; i <pwchars.length; i++) { |
| 100 | pwchars[i] = 0; |
| 101 | } |
| 102 | |
| 103 | // Set canonicalized username if any |
| 104 | String canonAuthid = |
| 105 | (namesDb != null? namesDb.getProperty(username) : null); |
| 106 | if (canonAuthid != null) { |
| 107 | ncb.setName(canonAuthid); |
| 108 | } |
| 109 | } |
| 110 | } |
| 111 | |
| 112 | // Check for authorization |
| 113 | |
| 114 | // Ignore realm for now; could potentially use different dbs for |
| 115 | // different realms |
| 116 | |
| 117 | if (acb != null) { |
| 118 | String authid = acb.getAuthenticationID(); |
| 119 | String authzid = acb.getAuthorizationID(); |
| 120 | if (authid.equals(authzid)) { |
| 121 | // Self is always authorized |
| 122 | acb.setAuthorized(true); |
| 123 | |
| 124 | } else { |
| 125 | // Check db for allowed authzids |
| 126 | String authzes = (proxyDb != null ? proxyDb.getProperty(authid) |
| 127 | : null); |
| 128 | if (authzes != null && authzes.indexOf(authzid) >= 0) { |
| 129 | // XXX need to search for subtrings or use StringTokenizer |
| 130 | // to avoid incorrectly matching subnames |
| 131 | acb.setAuthorized(true); |
| 132 | } |
| 133 | } |
| 134 | |
| 135 | if (acb.isAuthorized()) { |
| 136 | // Set canonicalized name |
| 137 | String canonAuthzid = (namesDb != null ? |
| 138 | namesDb.getProperty(authzid) : null); |
| 139 | if (canonAuthzid != null) { |
| 140 | acb.setAuthorizedID(canonAuthzid); |
| 141 | } |
| 142 | } |
| 143 | } |
| 144 | } |
| 145 | } |