linkerlau/my-jdk
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(jdk8): move files to new folder to avoid resources compiled.

Browse Source
This commit is contained in:
linkerlau
2025-09-07 15:25:52 +08:00
parent 3f0047bf6f
commit 8c35cfb1c0
17415 changed files with 217 additions and 213 deletions
Download Patch File Download Diff File Expand all files Collapse all files

168
jdkSrc/jdk8/com/sun/security/auth/LdapPrincipal.java Normal file
View File

@@ -0,0 +1,168 @@
/*
* Copyright (c) 2006, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package com.sun.security.auth;
import java.io.IOException;
import java.io.InvalidObjectException;
import java.io.ObjectInputStream;
import java.security.Principal;
import javax.naming.InvalidNameException;
import javax.naming.ldap.LdapName;
/**
* A principal identified by a distinguished name as specified by
* <a href="http://www.ietf.org/rfc/rfc2253.txt">RFC 2253</a>.
*
* <p>
* After successful authentication, a user {@link java.security.Principal}
* can be associated with a particular {@link javax.security.auth.Subject}
* to augment that <code>Subject</code> with an additional identity.
* Authorization decisions can then be based upon the
* <code>Principal</code>s that are associated with a <code>Subject</code>.
*
* <p>
* This class is immutable.
*
* @since 1.6
*/
@jdk.Exported
public final class LdapPrincipal implements Principal, java.io.Serializable {
private static final long serialVersionUID = 6820120005580754861L;
/**
* The principal's string name
*
* @serial
*/
private final String nameString;
/**
* The principal's name
*
* @serial
*/
private final LdapName name;
/**
* Creates an LDAP principal.
*
* @param name The principal's string distinguished name.
* @throws InvalidNameException If a syntax violation is detected.
* @exception NullPointerException If the <code>name</code> is
* <code>null</code>.
*/
public LdapPrincipal(String name) throws InvalidNameException {
if (name == null) {
throw new NullPointerException("null name is illegal");
}
this.name = getLdapName(name);
nameString = name;
}
/**
* Compares this principal to the specified object.
*
* @param object The object to compare this principal against.
* @return true if they are equal; false otherwise.
*/
public boolean equals(Object object) {
if (this == object) {
return true;
}
if (object instanceof LdapPrincipal) {
try {
return
name.equals(getLdapName(((LdapPrincipal)object).getName()));
} catch (InvalidNameException e) {
return false;
}
}
return false;
}
/**
* Computes the hash code for this principal.
*
* @return The principal's hash code.
*/
public int hashCode() {
return name.hashCode();
}
/**
* Returns the name originally used to create this principal.
*
* @return The principal's string name.
*/
public String getName() {
return nameString;
}
/**
* Creates a string representation of this principal's name in the format
* defined by <a href="http://www.ietf.org/rfc/rfc2253.txt">RFC 2253</a>.
* If the name has zero components an empty string is returned.
*
* @return The principal's string name.
*/
public String toString() {
return name.toString();
}
// Create an LdapName object from a string distinguished name.
private LdapName getLdapName(String name) throws InvalidNameException {
return new LdapName(name);
}
/**
* Restores the state of this object from the stream.
*
* @param stream the {@code ObjectInputStream} from which data is read
* @throws IOException if an I/O error occurs
* @throws ClassNotFoundException if a serialized class cannot be loaded
*/
private void readObject(ObjectInputStream stream)
throws IOException, ClassNotFoundException {
stream.defaultReadObject();
if ((name == null) || (nameString == null)) {
throw new InvalidObjectException(
"null name/nameString is illegal");
}
try {
if (!name.equals(getLdapName(nameString))) {
throw new InvalidObjectException("Inconsistent names");
}
} catch (InvalidNameException e) {
InvalidObjectException nse = new InvalidObjectException(
"Invalid Name");
nse.initCause(e);
throw nse;
}
}
}

170
jdkSrc/jdk8/com/sun/security/auth/NTDomainPrincipal.java Normal file
View File

@@ -0,0 +1,170 @@
/*
* Copyright (c) 1999, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package com.sun.security.auth;
import java.io.IOException;
import java.io.InvalidObjectException;
import java.io.ObjectInputStream;
import java.security.Principal;
/**
* <p> This class implements the <code>Principal</code> interface
* and represents the name of the Windows NT domain into which the
* user authenticated. This will be a domain name if the user logged
* into a Windows NT domain, a workgroup name if the user logged into
* a workgroup, or a machine name if the user logged into a standalone
* configuration.
*
* <p> Principals such as this <code>NTDomainPrincipal</code>
* may be associated with a particular <code>Subject</code>
* to augment that <code>Subject</code> with an additional
* identity. Refer to the <code>Subject</code> class for more information
* on how to achieve this. Authorization decisions can then be based upon
* the Principals associated with a <code>Subject</code>.
*
* @see java.security.Principal
* @see javax.security.auth.Subject
*/
@jdk.Exported
public class NTDomainPrincipal implements Principal, java.io.Serializable {
private static final long serialVersionUID = -4408637351440771220L;
/**
* @serial
*/
private String name;
/**
* Create an <code>NTDomainPrincipal</code> with a Windows NT domain name.
*
* <p>
*
* @param name the Windows NT domain name for this user. <p>
*
* @exception NullPointerException if the <code>name</code>
* is <code>null</code>.
*/
public NTDomainPrincipal(String name) {
if (name == null) {
java.text.MessageFormat form = new java.text.MessageFormat
(sun.security.util.ResourcesMgr.getString
("invalid.null.input.value",
"sun.security.util.AuthResources"));
Object[] source = {"name"};
throw new NullPointerException(form.format(source));
}
this.name = name;
}
/**
* Return the Windows NT domain name for this
* <code>NTDomainPrincipal</code>.
*
* <p>
*
* @return the Windows NT domain name for this
* <code>NTDomainPrincipal</code>
*/
public String getName() {
return name;
}
/**
* Return a string representation of this <code>NTDomainPrincipal</code>.
*
* <p>
*
* @return a string representation of this <code>NTDomainPrincipal</code>.
*/
public String toString() {
java.text.MessageFormat form = new java.text.MessageFormat
(sun.security.util.ResourcesMgr.getString
("NTDomainPrincipal.name",
"sun.security.util.AuthResources"));
Object[] source = {name};
return form.format(source);
}
/**
* Compares the specified Object with this <code>NTDomainPrincipal</code>
* for equality. Returns true if the given object is also a
* <code>NTDomainPrincipal</code> and the two NTDomainPrincipals
* have the same name.
*
* <p>
*
* @param o Object to be compared for equality with this
* <code>NTDomainPrincipal</code>.
*
* @return true if the specified Object is equal equal to this
* <code>NTDomainPrincipal</code>.
*/
public boolean equals(Object o) {
if (o == null)
return false;
if (this == o)
return true;
if (!(o instanceof NTDomainPrincipal))
return false;
NTDomainPrincipal that = (NTDomainPrincipal)o;
return name.equals(that.getName());
}
/**
* Return a hash code for this <code>NTDomainPrincipal</code>.
*
* <p>
*
* @return a hash code for this <code>NTDomainPrincipal</code>.
*/
public int hashCode() {
return this.getName().hashCode();
}
/**
* Restores the state of this object from the stream.
*
* @param stream the {@code ObjectInputStream} from which data is read
* @throws IOException if an I/O error occurs
* @throws ClassNotFoundException if a serialized class cannot be loaded
*/
private void readObject(ObjectInputStream stream)
throws IOException, ClassNotFoundException {
stream.defaultReadObject();
if (name == null) {
java.text.MessageFormat form = new java.text.MessageFormat
(sun.security.util.ResourcesMgr.getString
("invalid.null.input.value",
"sun.security.util.AuthResources"));
Object[] source = {"name"};
throw new InvalidObjectException(form.format(source));
}
}
}

120
jdkSrc/jdk8/com/sun/security/auth/NTNumericCredential.java Normal file
View File

@@ -0,0 +1,120 @@
/*
* Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package com.sun.security.auth;
/**
* <p> This class abstracts an NT security token
* and provides a mechanism to do same-process security impersonation.
*
*/
@jdk.Exported
public class NTNumericCredential {
private long impersonationToken;
/**
* Create an <code>NTNumericCredential</code> with an integer value.
*
* <p>
*
* @param token the Windows NT security token for this user. <p>
*
*/
public NTNumericCredential(long token) {
this.impersonationToken = token;
}
/**
* Return an integer representation of this
* <code>NTNumericCredential</code>.
*
* <p>
*
* @return an integer representation of this
* <code>NTNumericCredential</code>.
*/
public long getToken() {
return impersonationToken;
}
/**
* Return a string representation of this <code>NTNumericCredential</code>.
*
* <p>
*
* @return a string representation of this <code>NTNumericCredential</code>.
*/
public String toString() {
java.text.MessageFormat form = new java.text.MessageFormat
(sun.security.util.ResourcesMgr.getString
("NTNumericCredential.name",
"sun.security.util.AuthResources"));
Object[] source = {Long.toString(impersonationToken)};
return form.format(source);
}
/**
* Compares the specified Object with this <code>NTNumericCredential</code>
* for equality. Returns true if the given object is also a
* <code>NTNumericCredential</code> and the two NTNumericCredentials
* represent the same NT security token.
*
* <p>
*
* @param o Object to be compared for equality with this
* <code>NTNumericCredential</code>.
*
* @return true if the specified Object is equal equal to this
* <code>NTNumericCredential</code>.
*/
public boolean equals(Object o) {
if (o == null)
return false;
if (this == o)
return true;
if (!(o instanceof NTNumericCredential))
return false;
NTNumericCredential that = (NTNumericCredential)o;
if (impersonationToken == that.getToken())
return true;
return false;
}
/**
* Return a hash code for this <code>NTNumericCredential</code>.
*
* <p>
*
* @return a hash code for this <code>NTNumericCredential</code>.
*/
public int hashCode() {
return (int)this.impersonationToken;
}
}

185
jdkSrc/jdk8/com/sun/security/auth/NTSid.java Normal file
View File

@@ -0,0 +1,185 @@
/*
* Copyright (c) 1999, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package com.sun.security.auth;
import java.io.IOException;
import java.io.InvalidObjectException;
import java.io.ObjectInputStream;
import java.security.Principal;
/**
* <p> This class implements the <code>Principal</code> interface
* and represents information about a Windows NT user, group or realm.
*
* <p> Windows NT chooses to represent users, groups and realms (or domains)
* with not only common names, but also relatively unique numbers. These
* numbers are called Security IDentifiers, or SIDs. Windows NT
* also provides services that render these SIDs into string forms.
* This class represents these string forms.
*
* <p> Principals such as this <code>NTSid</code>
* may be associated with a particular <code>Subject</code>
* to augment that <code>Subject</code> with an additional
* identity. Refer to the <code>Subject</code> class for more information
* on how to achieve this. Authorization decisions can then be based upon
* the Principals associated with a <code>Subject</code>.
*
* @see java.security.Principal
* @see javax.security.auth.Subject
*/
@jdk.Exported
public class NTSid implements Principal, java.io.Serializable {
private static final long serialVersionUID = 4412290580770249885L;
/**
* @serial
*/
private String sid;
/**
* Create an <code>NTSid</code> with a Windows NT SID.
*
* <p>
*
* @param stringSid the Windows NT SID. <p>
*
* @exception NullPointerException if the <code>String</code>
* is <code>null</code>.
*
* @exception IllegalArgumentException if the <code>String</code>
* has zero length.
*/
public NTSid (String stringSid) {
if (stringSid == null) {
java.text.MessageFormat form = new java.text.MessageFormat
(sun.security.util.ResourcesMgr.getString
("invalid.null.input.value",
"sun.security.util.AuthResources"));
Object[] source = {"stringSid"};
throw new NullPointerException(form.format(source));
}
if (stringSid.length() == 0) {
throw new IllegalArgumentException
(sun.security.util.ResourcesMgr.getString
("Invalid.NTSid.value",
"sun.security.util.AuthResources"));
}
sid = stringSid;
}
/**
* Return a string version of this <code>NTSid</code>.
*
* <p>
*
* @return a string version of this <code>NTSid</code>
*/
public String getName() {
return sid;
}
/**
* Return a string representation of this <code>NTSid</code>.
*
* <p>
*
* @return a string representation of this <code>NTSid</code>.
*/
public String toString() {
java.text.MessageFormat form = new java.text.MessageFormat
(sun.security.util.ResourcesMgr.getString
("NTSid.name",
"sun.security.util.AuthResources"));
Object[] source = {sid};
return form.format(source);
}
/**
* Compares the specified Object with this <code>NTSid</code>
* for equality. Returns true if the given object is also a
* <code>NTSid</code> and the two NTSids have the same String
* representation.
*
* <p>
*
* @param o Object to be compared for equality with this
* <code>NTSid</code>.
*
* @return true if the specified Object is equal to this
* <code>NTSid</code>.
*/
public boolean equals(Object o) {
if (o == null)
return false;
if (this == o)
return true;
if (!(o instanceof NTSid))
return false;
NTSid that = (NTSid)o;
return sid.equals(that.sid);
}
/**
* Return a hash code for this <code>NTSid</code>.
*
* <p>
*
* @return a hash code for this <code>NTSid</code>.
*/
public int hashCode() {
return sid.hashCode();
}
/**
* Restores the state of this object from the stream.
*
* @param stream the {@code ObjectInputStream} from which data is read
* @throws IOException if an I/O error occurs
* @throws ClassNotFoundException if a serialized class cannot be loaded
*/
private void readObject(ObjectInputStream stream)
throws IOException, ClassNotFoundException {
stream.defaultReadObject();
if (sid == null) {
java.text.MessageFormat form = new java.text.MessageFormat
(sun.security.util.ResourcesMgr.getString
("invalid.null.input.value",
"sun.security.util.AuthResources"));
Object[] source = {"stringSid"};
throw new InvalidObjectException(form.format(source));
}
if (sid.length() == 0) {
throw new InvalidObjectException
(sun.security.util.ResourcesMgr.getString
("Invalid.NTSid.value",
"sun.security.util.AuthResources"));
}
}
}

109
jdkSrc/jdk8/com/sun/security/auth/NTSidDomainPrincipal.java Normal file
View File

@@ -0,0 +1,109 @@
/*
* Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package com.sun.security.auth;
/**
* <p> This class extends <code>NTSid</code>
* and represents a Windows NT user's domain SID.
*
* <p> An NT user only has a domain SID if in fact they are logged
* into an NT domain. If the user is logged into a workgroup or
* just a standalone configuration, they will NOT have a domain SID.
*
* <p> Principals such as this <code>NTSidDomainPrincipal</code>
* may be associated with a particular <code>Subject</code>
* to augment that <code>Subject</code> with an additional
* identity. Refer to the <code>Subject</code> class for more information
* on how to achieve this. Authorization decisions can then be based upon
* the Principals associated with a <code>Subject</code>.
*
* @see java.security.Principal
* @see javax.security.auth.Subject
*/
@jdk.Exported
public class NTSidDomainPrincipal extends NTSid {
private static final long serialVersionUID = 5247810785821650912L;
/**
* Create an <code>NTSidDomainPrincipal</code> with a Windows NT SID.
*
* <p>
*
* @param name a string version of the Windows NT SID for this
* user's domain.<p>
*
* @exception NullPointerException if the <code>name</code>
* is <code>null</code>.
*/
public NTSidDomainPrincipal(String name) {
super(name);
}
/**
* Return a string representation of this <code>NTSidDomainPrincipal</code>.
*
* <p>
*
* @return a string representation of this
* <code>NTSidDomainPrincipal</code>.
*/
public String toString() {
java.text.MessageFormat form = new java.text.MessageFormat
(sun.security.util.ResourcesMgr.getString
("NTSidDomainPrincipal.name",
"sun.security.util.AuthResources"));
Object[] source = {getName()};
return form.format(source);
}
/**
* Compares the specified Object with this <code>NTSidDomainPrincipal</code>
* for equality. Returns true if the given object is also a
* <code>NTSidDomainPrincipal</code> and the two NTSidDomainPrincipals
* have the same SID.
*
* <p>
*
* @param o Object to be compared for equality with this
* <code>NTSidDomainPrincipal</code>.
*
* @return true if the specified Object is equal equal to this
* <code>NTSidDomainPrincipal</code>.
*/
public boolean equals(Object o) {
if (o == null)
return false;
if (this == o)
return true;
if (!(o instanceof NTSidDomainPrincipal))
return false;
return super.equals(o);
}
}

105
jdkSrc/jdk8/com/sun/security/auth/NTSidGroupPrincipal.java Normal file
View File

@@ -0,0 +1,105 @@
/*
* Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package com.sun.security.auth;
/**
* <p> This class extends <code>NTSid</code>
* and represents one of the groups to which a Windows NT user belongs.
*
* <p> Principals such as this <code>NTSidGroupPrincipal</code>
* may be associated with a particular <code>Subject</code>
* to augment that <code>Subject</code> with an additional
* identity. Refer to the <code>Subject</code> class for more information
* on how to achieve this. Authorization decisions can then be based upon
* the Principals associated with a <code>Subject</code>.
*
* @see java.security.Principal
* @see javax.security.auth.Subject
* @see com.sun.security.auth.NTSid
*/
@jdk.Exported
public class NTSidGroupPrincipal extends NTSid {
private static final long serialVersionUID = -1373347438636198229L;
/**
* Create an <code>NTSidGroupPrincipal</code> with a Windows NT group name.
*
* <p>
*
* @param name the Windows NT group SID for this user. <p>
*
* @exception NullPointerException if the <code>name</code>
* is <code>null</code>.
*/
public NTSidGroupPrincipal(String name) {
super(name);
}
/**
* Return a string representation of this <code>NTSidGroupPrincipal</code>.
*
* <p>
*
* @return a string representation of this <code>NTSidGroupPrincipal</code>.
*/
public String toString() {
java.text.MessageFormat form = new java.text.MessageFormat
(sun.security.util.ResourcesMgr.getString
("NTSidGroupPrincipal.name",
"sun.security.util.AuthResources"));
Object[] source = {getName()};
return form.format(source);
}
/**
* Compares the specified Object with this <code>NTSidGroupPrincipal</code>
* for equality. Returns true if the given object is also a
* <code>NTSidGroupPrincipal</code> and the two NTSidGroupPrincipals
* have the same SID.
*
* <p>
*
* @param o Object to be compared for equality with this
* <code>NTSidGroupPrincipal</code>.
*
* @return true if the specified Object is equal equal to this
* <code>NTSidGroupPrincipal</code>.
*/
public boolean equals(Object o) {
if (o == null)
return false;
if (this == o)
return true;
if (!(o instanceof NTSidGroupPrincipal))
return false;
return super.equals(o);
}
}

108
jdkSrc/jdk8/com/sun/security/auth/NTSidPrimaryGroupPrincipal.java Normal file
View File

@@ -0,0 +1,108 @@
/*
* Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package com.sun.security.auth;
/**
* <p> This class extends <code>NTSid</code>
* and represents a Windows NT user's primary group SID.
*
* <p> Principals such as this <code>NTSidPrimaryGroupPrincipal</code>
* may be associated with a particular <code>Subject</code>
* to augment that <code>Subject</code> with an additional
* identity. Refer to the <code>Subject</code> class for more information
* on how to achieve this. Authorization decisions can then be based upon
* the Principals associated with a <code>Subject</code>.
*
* @see java.security.Principal
* @see javax.security.auth.Subject
*/
@jdk.Exported
public class NTSidPrimaryGroupPrincipal extends NTSid {
private static final long serialVersionUID = 8011978367305190527L;
/**
* Create an <code>NTSidPrimaryGroupPrincipal</code> with a Windows NT
* group SID.
*
* <p>
*
* @param name the primary Windows NT group SID for this user. <p>
*
* @exception NullPointerException if the <code>name</code>
* is <code>null</code>.
*/
public NTSidPrimaryGroupPrincipal(String name) {
super(name);
}
/**
* Return a string representation of this
* <code>NTSidPrimaryGroupPrincipal</code>.
*
* <p>
*
* @return a string representation of this
* <code>NTSidPrimaryGroupPrincipal</code>.
*/
public String toString() {
java.text.MessageFormat form = new java.text.MessageFormat
(sun.security.util.ResourcesMgr.getString
("NTSidPrimaryGroupPrincipal.name",
"sun.security.util.AuthResources"));
Object[] source = {getName()};
return form.format(source);
}
/**
* Compares the specified Object with this
* <code>NTSidPrimaryGroupPrincipal</code>
* for equality. Returns true if the given object is also a
* <code>NTSidPrimaryGroupPrincipal</code> and the two
* NTSidPrimaryGroupPrincipals have the same SID.
*
* <p>
*
* @param o Object to be compared for equality with this
* <code>NTSidPrimaryGroupPrincipal</code>.
*
* @return true if the specified Object is equal equal to this
* <code>NTSidPrimaryGroupPrincipal</code>.
*/
public boolean equals(Object o) {
if (o == null)
return false;
if (this == o)
return true;
if (!(o instanceof NTSidPrimaryGroupPrincipal))
return false;
return super.equals(o);
}
}

103
jdkSrc/jdk8/com/sun/security/auth/NTSidUserPrincipal.java Normal file
View File

@@ -0,0 +1,103 @@
/*
* Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package com.sun.security.auth;
/**
* <p> This class extends <code>NTSid</code>
* and represents a Windows NT user's SID.
*
* <p> Principals such as this <code>NTSidUserPrincipal</code>
* may be associated with a particular <code>Subject</code>
* to augment that <code>Subject</code> with an additional
* identity. Refer to the <code>Subject</code> class for more information
* on how to achieve this. Authorization decisions can then be based upon
* the Principals associated with a <code>Subject</code>.
*
* @see java.security.Principal
* @see javax.security.auth.Subject
*/
@jdk.Exported
public class NTSidUserPrincipal extends NTSid {
private static final long serialVersionUID = -5573239889517749525L;
/**
* Create an <code>NTSidUserPrincipal</code> with a Windows NT SID.
*
* <p>
*
* @param name a string version of the Windows NT SID for this user.<p>
*
* @exception NullPointerException if the <code>name</code>
* is <code>null</code>.
*/
public NTSidUserPrincipal(String name) {
super(name);
}
/**
* Return a string representation of this <code>NTSidUserPrincipal</code>.
*
* <p>
*
* @return a string representation of this <code>NTSidUserPrincipal</code>.
*/
public String toString() {
java.text.MessageFormat form = new java.text.MessageFormat
(sun.security.util.ResourcesMgr.getString
("NTSidUserPrincipal.name",
"sun.security.util.AuthResources"));
Object[] source = {getName()};
return form.format(source);
}
/**
* Compares the specified Object with this <code>NTSidUserPrincipal</code>
* for equality. Returns true if the given object is also a
* <code>NTSidUserPrincipal</code> and the two NTSidUserPrincipals
* have the same SID.
*
* <p>
*
* @param o Object to be compared for equality with this
* <code>NTSidUserPrincipal</code>.
*
* @return true if the specified Object is equal equal to this
* <code>NTSidUserPrincipal</code>.
*/
public boolean equals(Object o) {
if (o == null)
return false;
if (this == o)
return true;
if (!(o instanceof NTSidUserPrincipal))
return false;
return super.equals(o);
}
}

165
jdkSrc/jdk8/com/sun/security/auth/NTUserPrincipal.java Normal file
View File

@@ -0,0 +1,165 @@
/*
* Copyright (c) 1999, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package com.sun.security.auth;
import java.io.IOException;
import java.io.InvalidObjectException;
import java.io.ObjectInputStream;
import java.security.Principal;
/**
* <p> This class implements the <code>Principal</code> interface
* and represents a Windows NT user.
*
* <p> Principals such as this <code>NTUserPrincipal</code>
* may be associated with a particular <code>Subject</code>
* to augment that <code>Subject</code> with an additional
* identity. Refer to the <code>Subject</code> class for more information
* on how to achieve this. Authorization decisions can then be based upon
* the Principals associated with a <code>Subject</code>.
*
* @see java.security.Principal
* @see javax.security.auth.Subject
*/
@jdk.Exported
public class NTUserPrincipal implements Principal, java.io.Serializable {
private static final long serialVersionUID = -8737649811939033735L;
/**
* @serial
*/
private String name;
/**
* Create an <code>NTUserPrincipal</code> with a Windows NT username.
*
* <p>
*
* @param name the Windows NT username for this user. <p>
*
* @exception NullPointerException if the <code>name</code>
* is <code>null</code>.
*/
public NTUserPrincipal(String name) {
if (name == null) {
java.text.MessageFormat form = new java.text.MessageFormat
(sun.security.util.ResourcesMgr.getString
("invalid.null.input.value",
"sun.security.util.AuthResources"));
Object[] source = {"name"};
throw new NullPointerException(form.format(source));
}
this.name = name;
}
/**
* Return the Windows NT username for this <code>NTPrincipal</code>.
*
* <p>
*
* @return the Windows NT username for this <code>NTPrincipal</code>
*/
public String getName() {
return name;
}
/**
* Return a string representation of this <code>NTPrincipal</code>.
*
* <p>
*
* @return a string representation of this <code>NTPrincipal</code>.
*/
public String toString() {
java.text.MessageFormat form = new java.text.MessageFormat
(sun.security.util.ResourcesMgr.getString
("NTUserPrincipal.name",
"sun.security.util.AuthResources"));
Object[] source = {name};
return form.format(source);
}
/**
* Compares the specified Object with this <code>NTUserPrincipal</code>
* for equality. Returns true if the given object is also a
* <code>NTUserPrincipal</code> and the two NTUserPrincipals
* have the same name.
*
* <p>
*
* @param o Object to be compared for equality with this
* <code>NTPrincipal</code>.
*
* @return true if the specified Object is equal equal to this
* <code>NTPrincipal</code>.
*/
public boolean equals(Object o) {
if (o == null)
return false;
if (this == o)
return true;
if (!(o instanceof NTUserPrincipal))
return false;
NTUserPrincipal that = (NTUserPrincipal)o;
return name.equals(that.getName());
}
/**
* Return a hash code for this <code>NTUserPrincipal</code>.
*
* <p>
*
* @return a hash code for this <code>NTUserPrincipal</code>.
*/
public int hashCode() {
return this.getName().hashCode();
}
/**
* Restores the state of this object from the stream.
*
* @param stream the {@code ObjectInputStream} from which data is read
* @throws IOException if an I/O error occurs
* @throws ClassNotFoundException if a serialized class cannot be loaded
*/
private void readObject(ObjectInputStream stream)
throws IOException, ClassNotFoundException {
stream.defaultReadObject();
if (name == null) {
java.text.MessageFormat form = new java.text.MessageFormat
(sun.security.util.ResourcesMgr.getString
("invalid.null.input.value",
"sun.security.util.AuthResources"));
Object[] source = {"name"};
throw new InvalidObjectException(form.format(source));
}
}
}

305
jdkSrc/jdk8/com/sun/security/auth/PolicyFile.java Normal file
View File

@@ -0,0 +1,305 @@
/*
* Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package com.sun.security.auth;
import java.security.CodeSource;
import java.security.PermissionCollection;
import javax.security.auth.Subject;
/**
* This class represents a default implementation for
* <code>javax.security.auth.Policy</code>.
*
* <p> This object stores the policy for entire Java runtime,
* and is the amalgamation of multiple static policy
* configurations that resides in files.
* The algorithm for locating the policy file(s) and reading their
* information into this <code>Policy</code> object is:
*
* <ol>
* <li>
* Loop through the security properties,
* <i>auth.policy.url.1</i>, <i>auth.policy.url.2</i>, ...,
* <i>auth.policy.url.X</i>".
* Each property value specifies a <code>URL</code> pointing to a
* policy file to be loaded. Read in and load each policy.
*
* <li>
* The <code>java.lang.System</code> property <i>java.security.auth.policy</i>
* may also be set to a <code>URL</code> pointing to another policy file
* (which is the case when a user uses the -D switch at runtime).
* If this property is defined, and its use is allowed by the
* security property file (the Security property,
* <i>policy.allowSystemProperty</i> is set to <i>true</i>),
* also load that policy.
*
* <li>
* If the <i>java.security.auth.policy</i> property is defined using
* "==" (rather than "="), then ignore all other specified
* policies and only load this policy.
* </ol>
*
* Each policy file consists of one or more grant entries, each of
* which consists of a number of permission entries.
*
* <pre>
* grant signedBy "<b>alias</b>", codeBase "<b>URL</b>",
* principal <b>principalClass</b> "<b>principalName</b>",
* principal <b>principalClass</b> "<b>principalName</b>",
* ... {
*
* permission <b>Type</b> "<b>name</b> "<b>action</b>",
* signedBy "<b>alias</b>";
* permission <b>Type</b> "<b>name</b> "<b>action</b>",
* signedBy "<b>alias</b>";
* ....
* };
* </pre>
*
* All non-bold items above must appear as is (although case
* doesn't matter and some are optional, as noted below).
* Italicized items represent variable values.
*
* <p> A grant entry must begin with the word <code>grant</code>.
* The <code>signedBy</code> and <code>codeBase</code>
* name/value pairs are optional.
* If they are not present, then any signer (including unsigned code)
* will match, and any codeBase will match. Note that the
* <code>principal</code> name/value pair is not optional.
* This <code>Policy</code> implementation only permits
* Principal-based grant entries. Note that the <i>principalClass</i>
* may be set to the wildcard value, *, which allows it to match
* any <code>Principal</code> class. In addition, the <i>principalName</i>
* may also be set to the wildcard value, *, allowing it to match
* any <code>Principal</code> name. When setting the <i>principalName</i>
* to the *, do not surround the * with quotes.
*
* <p> A permission entry must begin with the word <code>permission</code>.
* The word <code><i>Type</i></code> in the template above is
* a specific permission type, such as <code>java.io.FilePermission</code>
* or <code>java.lang.RuntimePermission</code>.
*
* <p> The "<i>action</i>" is required for
* many permission types, such as <code>java.io.FilePermission</code>
* (where it specifies what type of file access that is permitted).
* It is not required for categories such as
* <code>java.lang.RuntimePermission</code>
* where it is not necessary - you either have the
* permission specified by the <code>"<i>name</i>"</code>
* value following the type name or you don't.
*
* <p> The <code>signedBy</code> name/value pair for a permission entry
* is optional. If present, it indicates a signed permission. That is,
* the permission class itself must be signed by the given alias in
* order for it to be granted. For example,
* suppose you have the following grant entry:
*
* <pre>
* grant principal foo.com.Principal "Duke" {
* permission Foo "foobar", signedBy "FooSoft";
* }
* </pre>
*
* <p> Then this permission of type <i>Foo</i> is granted if the
* <code>Foo.class</code> permission has been signed by the
* "FooSoft" alias, or if <code>Foo.class</code> is a
* system class (i.e., is found on the CLASSPATH).
*
* <p> Items that appear in an entry must appear in the specified order
* (<code>permission</code>, <i>Type</i>, "<i>name</i>", and
* "<i>action</i>"). An entry is terminated with a semicolon.
*
* <p> Case is unimportant for the identifiers (<code>permission</code>,
* <code>signedBy</code>, <code>codeBase</code>, etc.) but is
* significant for the <i>Type</i>
* or for any string that is passed in as a value. <p>
*
* <p> An example of two entries in a policy configuration file is
* <pre>
* // if the code is comes from "foo.com" and is running as "Duke",
* // grant it read/write to all files in /tmp.
*
* grant codeBase "foo.com", principal foo.com.Principal "Duke" {
* permission java.io.FilePermission "/tmp/*", "read,write";
* };
*
* // grant any code running as "Duke" permission to read
* // the "java.vendor" Property.
*
* grant principal foo.com.Principal "Duke" {
* permission java.util.PropertyPermission "java.vendor";
* </pre>
*
* <p> This <code>Policy</code> implementation supports
* special handling for PrivateCredentialPermissions.
* If a grant entry is configured with a
* <code>PrivateCredentialPermission</code>,
* and the "Principal Class/Principal Name" for that
* <code>PrivateCredentialPermission</code> is "self",
* then the entry grants the specified <code>Subject</code> permission to
* access its own private Credential. For example,
* the following grants the <code>Subject</code> "Duke"
* access to its own a.b.Credential.
*
* <pre>
* grant principal foo.com.Principal "Duke" {
* permission javax.security.auth.PrivateCredentialPermission
* "a.b.Credential self",
* "read";
* };
* </pre>
*
* The following grants the <code>Subject</code> "Duke"
* access to all of its own private Credentials:
*
* <pre>
* grant principal foo.com.Principal "Duke" {
* permission javax.security.auth.PrivateCredentialPermission
* "* self",
* "read";
* };
* </pre>
*
* The following grants all Subjects authenticated as a
* <code>SolarisPrincipal</code> (regardless of their respective names)
* permission to access their own private Credentials:
*
* <pre>
* grant principal com.sun.security.auth.SolarisPrincipal * {
* permission javax.security.auth.PrivateCredentialPermission
* "* self",
* "read";
* };
* </pre>
*
* The following grants all Subjects permission to access their own
* private Credentials:
*
* <pre>
* grant principal * * {
* permission javax.security.auth.PrivateCredentialPermission
* "* self",
* "read";
* };
* </pre>
* @deprecated As of JDK&nbsp;1.4, replaced by
* <code>sun.security.provider.PolicyFile</code>.
* This class is entirely deprecated.
*
* @see java.security.CodeSource
* @see java.security.Permissions
* @see java.security.ProtectionDomain
* @see java.security.Security security properties
*/
@jdk.Exported(false)
@Deprecated
public class PolicyFile extends javax.security.auth.Policy {
private final sun.security.provider.AuthPolicyFile apf;
/**
* Initializes the Policy object and reads the default policy
* configuration file(s) into the Policy object.
*/
public PolicyFile() {
apf = new sun.security.provider.AuthPolicyFile();
}
/**
* Refreshes the policy object by re-reading all the policy files.
*
* <p>
*
* @exception SecurityException if the caller doesn't have permission
* to refresh the <code>Policy</code>.
*/
@Override
public void refresh() {
apf.refresh();
}
/**
* Examines this <code>Policy</code> and returns the Permissions granted
* to the specified <code>Subject</code> and <code>CodeSource</code>.
*
* <p> Permissions for a particular <i>grant</i> entry are returned
* if the <code>CodeSource</code> constructed using the codebase and
* signedby values specified in the entry <code>implies</code>
* the <code>CodeSource</code> provided to this method, and if the
* <code>Subject</code> provided to this method contains all of the
* Principals specified in the entry.
*
* <p> The <code>Subject</code> provided to this method contains all
* of the Principals specified in the entry if, for each
* <code>Principal</code>, "P1", specified in the <i>grant</i> entry
* one of the following two conditions is met:
*
* <p>
* <ol>
* <li> the <code>Subject</code> has a
* <code>Principal</code>, "P2", where
* <code>P2.getClass().getName()</code> equals the
* P1's class name, and where
* <code>P2.getName()</code> equals the P1's name.
*
* <li> P1 implements
* <code>com.sun.security.auth.PrincipalComparator</code>,
* and <code>P1.implies</code> the provided <code>Subject</code>.
* </ol>
*
* <p> Note that this <code>Policy</code> implementation has
* special handling for PrivateCredentialPermissions.
* When this method encounters a <code>PrivateCredentialPermission</code>
* which specifies "self" as the <code>Principal</code> class and name,
* it does not add that <code>Permission</code> to the returned
* <code>PermissionCollection</code>. Instead, it builds
* a new <code>PrivateCredentialPermission</code>
* for each <code>Principal</code> associated with the provided
* <code>Subject</code>. Each new <code>PrivateCredentialPermission</code>
* contains the same Credential class as specified in the
* originally granted permission, as well as the Class and name
* for the respective <code>Principal</code>.
*
* <p>
*
* @param subject the Permissions granted to this <code>Subject</code>
* and the additionally provided <code>CodeSource</code>
* are returned. <p>
*
* @param codesource the Permissions granted to this <code>CodeSource</code>
* and the additionally provided <code>Subject</code>
* are returned.
*
* @return the Permissions granted to the provided <code>Subject</code>
* <code>CodeSource</code>.
*/
@Override
public PermissionCollection getPermissions(final Subject subject,
final CodeSource codesource) {
return apf.getPermissions(subject, codesource);
}
}

65
jdkSrc/jdk8/com/sun/security/auth/PrincipalComparator.java Normal file
View File

@@ -0,0 +1,65 @@
/*
* Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package com.sun.security.auth;
/**
* An object that implements the <code>java.security.Principal</code>
* interface typically also implements this interface to provide
* a means for comparing that object to a specified <code>Subject</code>.
*
* <p> The comparison is achieved via the <code>implies</code> method.
* The implementation of the <code>implies</code> method determines
* whether this object "implies" the specified <code>Subject</code>.
* One example application of this method may be for
* a "group" object to imply a particular <code>Subject</code>
* if that <code>Subject</code> belongs to the group.
* Another example application of this method would be for
* "role" object to imply a particular <code>Subject</code>
* if that <code>Subject</code> is currently acting in that role.
*
* <p> Although classes that implement this interface typically
* also implement the <code>java.security.Principal</code> interface,
* it is not required. In other words, classes may implement the
* <code>java.security.Principal</code> interface by itself,
* the <code>PrincipalComparator</code> interface by itself,
* or both at the same time.
*
* @see java.security.Principal
* @see javax.security.auth.Subject
*/
@jdk.Exported
public interface PrincipalComparator {
/**
* Check if the specified <code>Subject</code> is implied by
* this object.
*
* <p>
*
* @return true if the specified <code>Subject</code> is implied by
* this object, or false otherwise.
*/
boolean implies(javax.security.auth.Subject subject);
}

217
jdkSrc/jdk8/com/sun/security/auth/SolarisNumericGroupPrincipal.java Normal file
View File

@@ -0,0 +1,217 @@
/*
* Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package com.sun.security.auth;
import java.security.Principal;
/**
* <p> This class implements the <code>Principal</code> interface
* and represents a user's Solaris group identification number (GID).
*
* <p> Principals such as this <code>SolarisNumericGroupPrincipal</code>
* may be associated with a particular <code>Subject</code>
* to augment that <code>Subject</code> with an additional
* identity. Refer to the <code>Subject</code> class for more information
* on how to achieve this. Authorization decisions can then be based upon
* the Principals associated with a <code>Subject</code>.
* @deprecated As of JDK&nbsp;1.4, replaced by
* {@link UnixNumericGroupPrincipal}.
* This class is entirely deprecated.
*
* @see java.security.Principal
* @see javax.security.auth.Subject
*/
@jdk.Exported(false)
@Deprecated
public class SolarisNumericGroupPrincipal implements
Principal,
java.io.Serializable {
private static final long serialVersionUID = 2345199581042573224L;
private static final java.util.ResourceBundle rb =
java.security.AccessController.doPrivileged
(new java.security.PrivilegedAction<java.util.ResourceBundle>() {
public java.util.ResourceBundle run() {
return (java.util.ResourceBundle.getBundle
("sun.security.util.AuthResources"));
}
});
/**
* @serial
*/
private String name;
/**
* @serial
*/
private boolean primaryGroup;
/**
* Create a <code>SolarisNumericGroupPrincipal</code> using a
* <code>String</code> representation of the user's
* group identification number (GID).
*
* <p>
*
* @param name the user's group identification number (GID)
* for this user. <p>
*
* @param primaryGroup true if the specified GID represents the
* primary group to which this user belongs.
*
* @exception NullPointerException if the <code>name</code>
* is <code>null</code>.
*/
public SolarisNumericGroupPrincipal(String name, boolean primaryGroup) {
if (name == null)
throw new NullPointerException(rb.getString("provided.null.name"));
this.name = name;
this.primaryGroup = primaryGroup;
}
/**
* Create a <code>SolarisNumericGroupPrincipal</code> using a
* long representation of the user's group identification number (GID).
*
* <p>
*
* @param name the user's group identification number (GID) for this user
* represented as a long. <p>
*
* @param primaryGroup true if the specified GID represents the
* primary group to which this user belongs.
*
*/
public SolarisNumericGroupPrincipal(long name, boolean primaryGroup) {
this.name = (new Long(name)).toString();
this.primaryGroup = primaryGroup;
}
/**
* Return the user's group identification number (GID) for this
* <code>SolarisNumericGroupPrincipal</code>.
*
* <p>
*
* @return the user's group identification number (GID) for this
* <code>SolarisNumericGroupPrincipal</code>
*/
public String getName() {
return name;
}
/**
* Return the user's group identification number (GID) for this
* <code>SolarisNumericGroupPrincipal</code> as a long.
*
* <p>
*
* @return the user's group identification number (GID) for this
* <code>SolarisNumericGroupPrincipal</code> as a long.
*/
public long longValue() {
return ((new Long(name)).longValue());
}
/**
* Return whether this group identification number (GID) represents
* the primary group to which this user belongs.
*
* <p>
*
* @return true if this group identification number (GID) represents
* the primary group to which this user belongs,
* or false otherwise.
*/
public boolean isPrimaryGroup() {
return primaryGroup;
}
/**
* Return a string representation of this
* <code>SolarisNumericGroupPrincipal</code>.
*
* <p>
*
* @return a string representation of this
* <code>SolarisNumericGroupPrincipal</code>.
*/
public String toString() {
return((primaryGroup ?
rb.getString
("SolarisNumericGroupPrincipal.Primary.Group.") + name :
rb.getString
("SolarisNumericGroupPrincipal.Supplementary.Group.") + name));
}
/**
* Compares the specified Object with this
* <code>SolarisNumericGroupPrincipal</code>
* for equality. Returns true if the given object is also a
* <code>SolarisNumericGroupPrincipal</code> and the two
* SolarisNumericGroupPrincipals
* have the same group identification number (GID).
*
* <p>
*
* @param o Object to be compared for equality with this
* <code>SolarisNumericGroupPrincipal</code>.
*
* @return true if the specified Object is equal equal to this
* <code>SolarisNumericGroupPrincipal</code>.
*/
public boolean equals(Object o) {
if (o == null)
return false;
if (this == o)
return true;
if (!(o instanceof SolarisNumericGroupPrincipal))
return false;
SolarisNumericGroupPrincipal that = (SolarisNumericGroupPrincipal)o;
if (this.getName().equals(that.getName()) &&
this.isPrimaryGroup() == that.isPrimaryGroup())
return true;
return false;
}
/**
* Return a hash code for this <code>SolarisNumericGroupPrincipal</code>.
*
* <p>
*
* @return a hash code for this <code>SolarisNumericGroupPrincipal</code>.
*/
public int hashCode() {
return toString().hashCode();
}
}

183
jdkSrc/jdk8/com/sun/security/auth/SolarisNumericUserPrincipal.java Normal file
View File

@@ -0,0 +1,183 @@
/*
* Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package com.sun.security.auth;
import java.security.Principal;
/**
* <p> This class implements the <code>Principal</code> interface
* and represents a user's Solaris identification number (UID).
*
* <p> Principals such as this <code>SolarisNumericUserPrincipal</code>
* may be associated with a particular <code>Subject</code>
* to augment that <code>Subject</code> with an additional
* identity. Refer to the <code>Subject</code> class for more information
* on how to achieve this. Authorization decisions can then be based upon
* the Principals associated with a <code>Subject</code>.
* @deprecated As of JDK&nbsp;1.4, replaced by
* {@link UnixNumericUserPrincipal}.
* This class is entirely deprecated.
*
* @see java.security.Principal
* @see javax.security.auth.Subject
*/
@jdk.Exported(false)
@Deprecated
public class SolarisNumericUserPrincipal implements
Principal,
java.io.Serializable {
private static final long serialVersionUID = -3178578484679887104L;
private static final java.util.ResourceBundle rb =
java.security.AccessController.doPrivileged
(new java.security.PrivilegedAction<java.util.ResourceBundle>() {
public java.util.ResourceBundle run() {
return (java.util.ResourceBundle.getBundle
("sun.security.util.AuthResources"));
}
});
/**
* @serial
*/
private String name;
/**
* Create a <code>SolarisNumericUserPrincipal</code> using a
* <code>String</code> representation of the
* user's identification number (UID).
*
* <p>
*
* @param name the user identification number (UID) for this user.
*
* @exception NullPointerException if the <code>name</code>
* is <code>null</code>.
*/
public SolarisNumericUserPrincipal(String name) {
if (name == null)
throw new NullPointerException(rb.getString("provided.null.name"));
this.name = name;
}
/**
* Create a <code>SolarisNumericUserPrincipal</code> using a
* long representation of the user's identification number (UID).
*
* <p>
*
* @param name the user identification number (UID) for this user
* represented as a long.
*/
public SolarisNumericUserPrincipal(long name) {
this.name = (new Long(name)).toString();
}
/**
* Return the user identification number (UID) for this
* <code>SolarisNumericUserPrincipal</code>.
*
* <p>
*
* @return the user identification number (UID) for this
* <code>SolarisNumericUserPrincipal</code>
*/
public String getName() {
return name;
}
/**
* Return the user identification number (UID) for this
* <code>SolarisNumericUserPrincipal</code> as a long.
*
* <p>
*
* @return the user identification number (UID) for this
* <code>SolarisNumericUserPrincipal</code> as a long.
*/
public long longValue() {
return ((new Long(name)).longValue());
}
/**
* Return a string representation of this
* <code>SolarisNumericUserPrincipal</code>.
*
* <p>
*
* @return a string representation of this
* <code>SolarisNumericUserPrincipal</code>.
*/
public String toString() {
return(rb.getString("SolarisNumericUserPrincipal.") + name);
}
/**
* Compares the specified Object with this
* <code>SolarisNumericUserPrincipal</code>
* for equality. Returns true if the given object is also a
* <code>SolarisNumericUserPrincipal</code> and the two
* SolarisNumericUserPrincipals
* have the same user identification number (UID).
*
* <p>
*
* @param o Object to be compared for equality with this
* <code>SolarisNumericUserPrincipal</code>.
*
* @return true if the specified Object is equal equal to this
* <code>SolarisNumericUserPrincipal</code>.
*/
public boolean equals(Object o) {
if (o == null)
return false;
if (this == o)
return true;
if (!(o instanceof SolarisNumericUserPrincipal))
return false;
SolarisNumericUserPrincipal that = (SolarisNumericUserPrincipal)o;
if (this.getName().equals(that.getName()))
return true;
return false;
}
/**
* Return a hash code for this <code>SolarisNumericUserPrincipal</code>.
*
* <p>
*
* @return a hash code for this <code>SolarisNumericUserPrincipal</code>.
*/
public int hashCode() {
return name.hashCode();
}
}

147
jdkSrc/jdk8/com/sun/security/auth/SolarisPrincipal.java Normal file
View File

@@ -0,0 +1,147 @@
/*
* Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package com.sun.security.auth;
import java.security.Principal;
/**
* <p> This class implements the <code>Principal</code> interface
* and represents a Solaris user.
*
* <p> Principals such as this <code>SolarisPrincipal</code>
* may be associated with a particular <code>Subject</code>
* to augment that <code>Subject</code> with an additional
* identity. Refer to the <code>Subject</code> class for more information
* on how to achieve this. Authorization decisions can then be based upon
* the Principals associated with a <code>Subject</code>.
*
* @deprecated As of JDK&nbsp;1.4, replaced by
* {@link UnixPrincipal}.
* This class is entirely deprecated.
* @see java.security.Principal
* @see javax.security.auth.Subject
*/
@jdk.Exported(false)
@Deprecated
public class SolarisPrincipal implements Principal, java.io.Serializable {
private static final long serialVersionUID = -7840670002439379038L;
private static final java.util.ResourceBundle rb =
java.security.AccessController.doPrivileged
(new java.security.PrivilegedAction<java.util.ResourceBundle>() {
public java.util.ResourceBundle run() {
return (java.util.ResourceBundle.getBundle
("sun.security.util.AuthResources"));
}
});
/**
* @serial
*/
private String name;
/**
* Create a SolarisPrincipal with a Solaris username.
*
* <p>
*
* @param name the Unix username for this user.
*
* @exception NullPointerException if the <code>name</code>
* is <code>null</code>.
*/
public SolarisPrincipal(String name) {
if (name == null)
throw new NullPointerException(rb.getString("provided.null.name"));
this.name = name;
}
/**
* Return the Unix username for this <code>SolarisPrincipal</code>.
*
* <p>
*
* @return the Unix username for this <code>SolarisPrincipal</code>
*/
public String getName() {
return name;
}
/**
* Return a string representation of this <code>SolarisPrincipal</code>.
*
* <p>
*
* @return a string representation of this <code>SolarisPrincipal</code>.
*/
public String toString() {
return(rb.getString("SolarisPrincipal.") + name);
}
/**
* Compares the specified Object with this <code>SolarisPrincipal</code>
* for equality. Returns true if the given object is also a
* <code>SolarisPrincipal</code> and the two SolarisPrincipals
* have the same username.
*
* <p>
*
* @param o Object to be compared for equality with this
* <code>SolarisPrincipal</code>.
*
* @return true if the specified Object is equal equal to this
* <code>SolarisPrincipal</code>.
*/
public boolean equals(Object o) {
if (o == null)
return false;
if (this == o)
return true;
if (!(o instanceof SolarisPrincipal))
return false;
SolarisPrincipal that = (SolarisPrincipal)o;
if (this.getName().equals(that.getName()))
return true;
return false;
}
/**
* Return a hash code for this <code>SolarisPrincipal</code>.
*
* <p>
*
* @return a hash code for this <code>SolarisPrincipal</code>.
*/
public int hashCode() {
return name.hashCode();
}
}

241
jdkSrc/jdk8/com/sun/security/auth/UnixNumericGroupPrincipal.java Normal file
View File

@@ -0,0 +1,241 @@
/*
* Copyright (c) 2000, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package com.sun.security.auth;
import java.io.IOException;
import java.io.InvalidObjectException;
import java.io.ObjectInputStream;
import java.security.Principal;
/**
* <p> This class implements the <code>Principal</code> interface
* and represents a user's Unix group identification number (GID).
*
* <p> Principals such as this <code>UnixNumericGroupPrincipal</code>
* may be associated with a particular <code>Subject</code>
* to augment that <code>Subject</code> with an additional
* identity. Refer to the <code>Subject</code> class for more information
* on how to achieve this. Authorization decisions can then be based upon
* the Principals associated with a <code>Subject</code>.
*
* @see java.security.Principal
* @see javax.security.auth.Subject
*/
@jdk.Exported
public class UnixNumericGroupPrincipal implements
Principal,
java.io.Serializable {
private static final long serialVersionUID = 3941535899328403223L;
/**
* @serial
*/
private String name;
/**
* @serial
*/
private boolean primaryGroup;
/**
* Create a <code>UnixNumericGroupPrincipal</code> using a
* <code>String</code> representation of the user's
* group identification number (GID).
*
* <p>
*
* @param name the user's group identification number (GID)
* for this user. <p>
*
* @param primaryGroup true if the specified GID represents the
* primary group to which this user belongs.
*
* @exception NullPointerException if the <code>name</code>
* is <code>null</code>.
*/
public UnixNumericGroupPrincipal(String name, boolean primaryGroup) {
if (name == null) {
java.text.MessageFormat form = new java.text.MessageFormat
(sun.security.util.ResourcesMgr.getString
("invalid.null.input.value",
"sun.security.util.AuthResources"));
Object[] source = {"name"};
throw new NullPointerException(form.format(source));
}
this.name = name;
this.primaryGroup = primaryGroup;
}
/**
* Create a <code>UnixNumericGroupPrincipal</code> using a
* long representation of the user's group identification number (GID).
*
* <p>
*
* @param name the user's group identification number (GID) for this user
* represented as a long. <p>
*
* @param primaryGroup true if the specified GID represents the
* primary group to which this user belongs.
*
*/
public UnixNumericGroupPrincipal(long name, boolean primaryGroup) {
this.name = (new Long(name)).toString();
this.primaryGroup = primaryGroup;
}
/**
* Return the user's group identification number (GID) for this
* <code>UnixNumericGroupPrincipal</code>.
*
* <p>
*
* @return the user's group identification number (GID) for this
* <code>UnixNumericGroupPrincipal</code>
*/
public String getName() {
return name;
}
/**
* Return the user's group identification number (GID) for this
* <code>UnixNumericGroupPrincipal</code> as a long.
*
* <p>
*
* @return the user's group identification number (GID) for this
* <code>UnixNumericGroupPrincipal</code> as a long.
*/
public long longValue() {
return ((new Long(name)).longValue());
}
/**
* Return whether this group identification number (GID) represents
* the primary group to which this user belongs.
*
* <p>
*
* @return true if this group identification number (GID) represents
* the primary group to which this user belongs,
* or false otherwise.
*/
public boolean isPrimaryGroup() {
return primaryGroup;
}
/**
* Return a string representation of this
* <code>UnixNumericGroupPrincipal</code>.
*
* <p>
*
* @return a string representation of this
* <code>UnixNumericGroupPrincipal</code>.
*/
public String toString() {
if (primaryGroup) {
java.text.MessageFormat form = new java.text.MessageFormat
(sun.security.util.ResourcesMgr.getString
("UnixNumericGroupPrincipal.Primary.Group.name",
"sun.security.util.AuthResources"));
Object[] source = {name};
return form.format(source);
} else {
java.text.MessageFormat form = new java.text.MessageFormat
(sun.security.util.ResourcesMgr.getString
("UnixNumericGroupPrincipal.Supplementary.Group.name",
"sun.security.util.AuthResources"));
Object[] source = {name};
return form.format(source);
}
}
/**
* Compares the specified Object with this
* <code>UnixNumericGroupPrincipal</code>
* for equality. Returns true if the given object is also a
* <code>UnixNumericGroupPrincipal</code> and the two
* UnixNumericGroupPrincipals
* have the same group identification number (GID).
*
* <p>
*
* @param o Object to be compared for equality with this
* <code>UnixNumericGroupPrincipal</code>.
*
* @return true if the specified Object is equal equal to this
* <code>UnixNumericGroupPrincipal</code>.
*/
public boolean equals(Object o) {
if (o == null)
return false;
if (this == o)
return true;
if (!(o instanceof UnixNumericGroupPrincipal))
return false;
UnixNumericGroupPrincipal that = (UnixNumericGroupPrincipal)o;
return this.getName().equals(that.getName()) &&
this.isPrimaryGroup() == that.isPrimaryGroup();
}
/**
* Return a hash code for this <code>UnixNumericGroupPrincipal</code>.
*
* <p>
*
* @return a hash code for this <code>UnixNumericGroupPrincipal</code>.
*/
public int hashCode() {
return toString().hashCode();
}
/**
* Restores the state of this object from the stream.
*
* @param stream the {@code ObjectInputStream} from which data is read
* @throws IOException if an I/O error occurs
* @throws ClassNotFoundException if a serialized class cannot be loaded
*/
private void readObject(ObjectInputStream stream)
throws IOException, ClassNotFoundException {
stream.defaultReadObject();
if (name == null) {
java.text.MessageFormat form = new java.text.MessageFormat
(sun.security.util.ResourcesMgr.getString
("invalid.null.input.value",
"sun.security.util.AuthResources"));
Object[] source = {"name"};
throw new InvalidObjectException(form.format(source));
}
}
}

200
jdkSrc/jdk8/com/sun/security/auth/UnixNumericUserPrincipal.java Normal file
View File

@@ -0,0 +1,200 @@
/*
* Copyright (c) 2000, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package com.sun.security.auth;
import java.io.IOException;
import java.io.InvalidObjectException;
import java.io.ObjectInputStream;
import java.security.Principal;
/**
* <p> This class implements the <code>Principal</code> interface
* and represents a user's Unix identification number (UID).
*
* <p> Principals such as this <code>UnixNumericUserPrincipal</code>
* may be associated with a particular <code>Subject</code>
* to augment that <code>Subject</code> with an additional
* identity. Refer to the <code>Subject</code> class for more information
* on how to achieve this. Authorization decisions can then be based upon
* the Principals associated with a <code>Subject</code>.
*
* @see java.security.Principal
* @see javax.security.auth.Subject
*/
@jdk.Exported
public class UnixNumericUserPrincipal implements
Principal,
java.io.Serializable {
private static final long serialVersionUID = -4329764253802397821L;
/**
* @serial
*/
private String name;
/**
* Create a <code>UnixNumericUserPrincipal</code> using a
* <code>String</code> representation of the
* user's identification number (UID).
*
* <p>
*
* @param name the user identification number (UID) for this user.
*
* @exception NullPointerException if the <code>name</code>
* is <code>null</code>.
*/
public UnixNumericUserPrincipal(String name) {
if (name == null) {
java.text.MessageFormat form = new java.text.MessageFormat
(sun.security.util.ResourcesMgr.getString
("invalid.null.input.value",
"sun.security.util.AuthResources"));
Object[] source = {"name"};
throw new NullPointerException(form.format(source));
}
this.name = name;
}
/**
* Create a <code>UnixNumericUserPrincipal</code> using a
* long representation of the user's identification number (UID).
*
* <p>
*
* @param name the user identification number (UID) for this user
* represented as a long.
*/
public UnixNumericUserPrincipal(long name) {
this.name = (new Long(name)).toString();
}
/**
* Return the user identification number (UID) for this
* <code>UnixNumericUserPrincipal</code>.
*
* <p>
*
* @return the user identification number (UID) for this
* <code>UnixNumericUserPrincipal</code>
*/
public String getName() {
return name;
}
/**
* Return the user identification number (UID) for this
* <code>UnixNumericUserPrincipal</code> as a long.
*
* <p>
*
* @return the user identification number (UID) for this
* <code>UnixNumericUserPrincipal</code> as a long.
*/
public long longValue() {
return ((new Long(name)).longValue());
}
/**
* Return a string representation of this
* <code>UnixNumericUserPrincipal</code>.
*
* <p>
*
* @return a string representation of this
* <code>UnixNumericUserPrincipal</code>.
*/
public String toString() {
java.text.MessageFormat form = new java.text.MessageFormat
(sun.security.util.ResourcesMgr.getString
("UnixNumericUserPrincipal.name",
"sun.security.util.AuthResources"));
Object[] source = {name};
return form.format(source);
}
/**
* Compares the specified Object with this
* <code>UnixNumericUserPrincipal</code>
* for equality. Returns true if the given object is also a
* <code>UnixNumericUserPrincipal</code> and the two
* UnixNumericUserPrincipals
* have the same user identification number (UID).
*
* <p>
*
* @param o Object to be compared for equality with this
* <code>UnixNumericUserPrincipal</code>.
*
* @return true if the specified Object is equal equal to this
* <code>UnixNumericUserPrincipal</code>.
*/
public boolean equals(Object o) {
if (o == null)
return false;
if (this == o)
return true;
if (!(o instanceof UnixNumericUserPrincipal))
return false;
UnixNumericUserPrincipal that = (UnixNumericUserPrincipal)o;
return this.getName().equals(that.getName());
}
/**
* Return a hash code for this <code>UnixNumericUserPrincipal</code>.
*
* <p>
*
* @return a hash code for this <code>UnixNumericUserPrincipal</code>.
*/
public int hashCode() {
return name.hashCode();
}
/**
* Restores the state of this object from the stream.
*
* @param stream the {@code ObjectInputStream} from which data is read
* @throws IOException if an I/O error occurs
* @throws ClassNotFoundException if a serialized class cannot be loaded
*/
private void readObject(ObjectInputStream stream)
throws IOException, ClassNotFoundException {
stream.defaultReadObject();
if (name == null) {
java.text.MessageFormat form = new java.text.MessageFormat
(sun.security.util.ResourcesMgr.getString
("invalid.null.input.value",
"sun.security.util.AuthResources"));
Object[] source = {"name"};
throw new InvalidObjectException(form.format(source));
}
}
}

165
jdkSrc/jdk8/com/sun/security/auth/UnixPrincipal.java Normal file
View File

@@ -0,0 +1,165 @@
/*
* Copyright (c) 2000, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package com.sun.security.auth;
import java.io.IOException;
import java.io.InvalidObjectException;
import java.io.ObjectInputStream;
import java.security.Principal;
/**
* <p> This class implements the <code>Principal</code> interface
* and represents a Unix user.
*
* <p> Principals such as this <code>UnixPrincipal</code>
* may be associated with a particular <code>Subject</code>
* to augment that <code>Subject</code> with an additional
* identity. Refer to the <code>Subject</code> class for more information
* on how to achieve this. Authorization decisions can then be based upon
* the Principals associated with a <code>Subject</code>.
*
* @see java.security.Principal
* @see javax.security.auth.Subject
*/
@jdk.Exported
public class UnixPrincipal implements Principal, java.io.Serializable {
private static final long serialVersionUID = -2951667807323493631L;
/**
* @serial
*/
private String name;
/**
* Create a UnixPrincipal with a Unix username.
*
* <p>
*
* @param name the Unix username for this user.
*
* @exception NullPointerException if the <code>name</code>
* is <code>null</code>.
*/
public UnixPrincipal(String name) {
if (name == null) {
java.text.MessageFormat form = new java.text.MessageFormat
(sun.security.util.ResourcesMgr.getString
("invalid.null.input.value",
"sun.security.util.AuthResources"));
Object[] source = {"name"};
throw new NullPointerException(form.format(source));
}
this.name = name;
}
/**
* Return the Unix username for this <code>UnixPrincipal</code>.
*
* <p>
*
* @return the Unix username for this <code>UnixPrincipal</code>
*/
public String getName() {
return name;
}
/**
* Return a string representation of this <code>UnixPrincipal</code>.
*
* <p>
*
* @return a string representation of this <code>UnixPrincipal</code>.
*/
public String toString() {
java.text.MessageFormat form = new java.text.MessageFormat
(sun.security.util.ResourcesMgr.getString
("UnixPrincipal.name",
"sun.security.util.AuthResources"));
Object[] source = {name};
return form.format(source);
}
/**
* Compares the specified Object with this <code>UnixPrincipal</code>
* for equality. Returns true if the given object is also a
* <code>UnixPrincipal</code> and the two UnixPrincipals
* have the same username.
*
* <p>
*
* @param o Object to be compared for equality with this
* <code>UnixPrincipal</code>.
*
* @return true if the specified Object is equal equal to this
* <code>UnixPrincipal</code>.
*/
public boolean equals(Object o) {
if (o == null)
return false;
if (this == o)
return true;
if (!(o instanceof UnixPrincipal))
return false;
UnixPrincipal that = (UnixPrincipal)o;
return this.getName().equals(that.getName());
}
/**
* Return a hash code for this <code>UnixPrincipal</code>.
*
* <p>
*
* @return a hash code for this <code>UnixPrincipal</code>.
*/
public int hashCode() {
return name.hashCode();
}
/**
* Restores the state of this object from the stream.
*
* @param stream the {@code ObjectInputStream} from which data is read
* @throws IOException if an I/O error occurs
* @throws ClassNotFoundException if a serialized class cannot be loaded
*/
private void readObject(ObjectInputStream stream)
throws IOException, ClassNotFoundException {
stream.defaultReadObject();
if (name == null) {
java.text.MessageFormat form = new java.text.MessageFormat
(sun.security.util.ResourcesMgr.getString
("invalid.null.input.value",
"sun.security.util.AuthResources"));
Object[] source = {"name"};
throw new InvalidObjectException(form.format(source));
}
}
}

131
jdkSrc/jdk8/com/sun/security/auth/UserPrincipal.java Normal file
View File

@@ -0,0 +1,131 @@
/*
* Copyright (c) 2005, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package com.sun.security.auth;
import java.io.IOException;
import java.io.InvalidObjectException;
import java.io.ObjectInputStream;
import java.security.Principal;
/**
* A user principal identified by a username or account name.
*
* <p>
* After successful authentication, a user {@link java.security.Principal}
* can be associated with a particular {@link javax.security.auth.Subject}
* to augment that <code>Subject</code> with an additional identity.
* Authorization decisions can then be based upon the
* <code>Principal</code>s that are associated with a <code>Subject</code>.
*
* <p>
* This class is immutable.
*
* @since 1.6
*/
@jdk.Exported
public final class UserPrincipal implements Principal, java.io.Serializable {
private static final long serialVersionUID = 892106070870210969L;
/**
* The principal's name
*
* @serial
*/
private final String name;
/**
* Creates a principal.
*
* @param name The principal's string name.
* @exception NullPointerException If the <code>name</code> is
* <code>null</code>.
*/
public UserPrincipal(String name) {
if (name == null) {
throw new NullPointerException("null name is illegal");
}
this.name = name;
}
/**
* Compares this principal to the specified object.
*
* @param object The object to compare this principal against.
* @return true if they are equal; false otherwise.
*/
public boolean equals(Object object) {
if (this == object) {
return true;
}
if (object instanceof UserPrincipal) {
return name.equals(((UserPrincipal)object).getName());
}
return false;
}
/**
* Returns a hash code for this principal.
*
* @return The principal's hash code.
*/
public int hashCode() {
return name.hashCode();
}
/**
* Returns the name of this principal.
*
* @return The principal's name.
*/
public String getName() {
return name;
}
/**
* Returns a string representation of this principal.
*
* @return The principal's name.
*/
public String toString() {
return name;
}
/**
* Restores the state of this object from the stream.
*
* @param stream the {@code ObjectInputStream} from which data is read
* @throws IOException if an I/O error occurs
* @throws ClassNotFoundException if a serialized class cannot be loaded
*/
private void readObject(ObjectInputStream stream)
throws IOException, ClassNotFoundException {
stream.defaultReadObject();
if (name == null) {
throw new InvalidObjectException("null name is illegal");
}
}
}

185
jdkSrc/jdk8/com/sun/security/auth/X500Principal.java Normal file
View File

@@ -0,0 +1,185 @@
/*
* Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package com.sun.security.auth;
import java.security.Principal;
import sun.security.x509.X500Name;
/**
* <p> This class represents an X.500 <code>Principal</code>.
* X500Principals have names such as,
* "CN=Duke, OU=JavaSoft, O=Sun Microsystems, C=US"
* (RFC 1779 style).
*
* <p> Principals such as this <code>X500Principal</code>
* may be associated with a particular <code>Subject</code>
* to augment that <code>Subject</code> with an additional
* identity. Refer to the <code>Subject</code> class for more information
* on how to achieve this. Authorization decisions can then be based upon
* the Principals associated with a <code>Subject</code>.
*
* @see java.security.Principal
* @see javax.security.auth.Subject
* @deprecated A new X500Principal class is available in the Java platform.
* This X500Principal classs is entirely deprecated and
* is here to allow for a smooth transition to the new
* class.
* @see javax.security.auth.x500.X500Principal
*/
@jdk.Exported(false)
@Deprecated
public class X500Principal implements Principal, java.io.Serializable {
private static final long serialVersionUID = -8222422609431628648L;
private static final java.util.ResourceBundle rb =
java.security.AccessController.doPrivileged
(new java.security.PrivilegedAction<java.util.ResourceBundle>() {
public java.util.ResourceBundle run() {
return (java.util.ResourceBundle.getBundle
("sun.security.util.AuthResources"));
}
});
/**
* @serial
*/
private String name;
transient private X500Name thisX500Name;
/**
* Create a X500Principal with an X.500 Name,
* such as "CN=Duke, OU=JavaSoft, O=Sun Microsystems, C=US"
* (RFC 1779 style).
*
* <p>
*
* @param name the X.500 name
*
* @exception NullPointerException if the <code>name</code>
* is <code>null</code>. <p>
*
* @exception IllegalArgumentException if the <code>name</code>
* is improperly specified.
*/
public X500Principal(String name) {
if (name == null)
throw new NullPointerException(rb.getString("provided.null.name"));
try {
thisX500Name = new X500Name(name);
} catch (Exception e) {
throw new IllegalArgumentException(e.toString());
}
this.name = name;
}
/**
* Return the Unix username for this <code>X500Principal</code>.
*
* <p>
*
* @return the Unix username for this <code>X500Principal</code>
*/
public String getName() {
return thisX500Name.getName();
}
/**
* Return a string representation of this <code>X500Principal</code>.
*
* <p>
*
* @return a string representation of this <code>X500Principal</code>.
*/
public String toString() {
return thisX500Name.toString();
}
/**
* Compares the specified Object with this <code>X500Principal</code>
* for equality.
*
* <p>
*
* @param o Object to be compared for equality with this
* <code>X500Principal</code>.
*
* @return true if the specified Object is equal equal to this
* <code>X500Principal</code>.
*/
public boolean equals(Object o) {
if (o == null)
return false;
if (this == o)
return true;
if (o instanceof X500Principal) {
X500Principal that = (X500Principal)o;
try {
X500Name thatX500Name = new X500Name(that.getName());
return thisX500Name.equals(thatX500Name);
} catch (Exception e) {
// any parsing exceptions, return false
return false;
}
} else if (o instanceof Principal) {
// this will return 'true' if 'o' is a sun.security.x509.X500Name
// and the X500Names are equal
return o.equals(thisX500Name);
}
return false;
}
/**
* Return a hash code for this <code>X500Principal</code>.
*
* <p>
*
* @return a hash code for this <code>X500Principal</code>.
*/
public int hashCode() {
return thisX500Name.hashCode();
}
/**
* Reads this object from a stream (i.e., deserializes it)
*/
private void readObject(java.io.ObjectInputStream s) throws
java.io.IOException,
java.io.NotActiveException,
ClassNotFoundException {
s.defaultReadObject();
// re-create thisX500Name
thisX500Name = new X500Name(name);
}
}

319
jdkSrc/jdk8/com/sun/security/auth/callback/DialogCallbackHandler.java Normal file
View File

@@ -0,0 +1,319 @@
/*
* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package com.sun.security.auth.callback;
/* JAAS imports */
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.ConfirmationCallback;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.TextOutputCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
/* Java imports */
import java.awt.Component;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.swing.Box;
import javax.swing.JLabel;
import javax.swing.JOptionPane;
import javax.swing.JPasswordField;
import javax.swing.JTextField;
/**
* <p>
* Uses a Swing dialog window to query the user for answers to
* authentication questions.
* This can be used by a JAAS application to instantiate a
* CallbackHandler
* @see javax.security.auth.callback
* @deprecated This class will be removed in a future release.
*/
@jdk.Exported(false)
@Deprecated
public class DialogCallbackHandler implements CallbackHandler {
/* -- Fields -- */
/* The parent window, or null if using the default parent */
private Component parentComponent;
private static final int JPasswordFieldLen = 8 ;
private static final int JTextFieldLen = 8 ;
/* -- Methods -- */
/**
* Creates a callback dialog with the default parent window.
*/
public DialogCallbackHandler() { }
/**
* Creates a callback dialog and specify the parent window.
*
* @param parentComponent the parent window -- specify <code>null</code>
* for the default parent
*/
public DialogCallbackHandler(Component parentComponent) {
this.parentComponent = parentComponent;
}
/*
* An interface for recording actions to carry out if the user
* clicks OK for the dialog.
*/
private static interface Action {
void perform();
}
/**
* Handles the specified set of callbacks.
*
* @param callbacks the callbacks to handle
* @throws UnsupportedCallbackException if the callback is not an
* instance of NameCallback or PasswordCallback
*/
public void handle(Callback[] callbacks)
throws UnsupportedCallbackException
{
/* Collect messages to display in the dialog */
final List<Object> messages = new ArrayList<>(3);
/* Collection actions to perform if the user clicks OK */
final List<Action> okActions = new ArrayList<>(2);
ConfirmationInfo confirmation = new ConfirmationInfo();
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof TextOutputCallback) {
TextOutputCallback tc = (TextOutputCallback) callbacks[i];
switch (tc.getMessageType()) {
case TextOutputCallback.INFORMATION:
confirmation.messageType = JOptionPane.INFORMATION_MESSAGE;
break;
case TextOutputCallback.WARNING:
confirmation.messageType = JOptionPane.WARNING_MESSAGE;
break;
case TextOutputCallback.ERROR:
confirmation.messageType = JOptionPane.ERROR_MESSAGE;
break;
default:
throw new UnsupportedCallbackException(
callbacks[i], "Unrecognized message type");
}
messages.add(tc.getMessage());
} else if (callbacks[i] instanceof NameCallback) {
final NameCallback nc = (NameCallback) callbacks[i];
JLabel prompt = new JLabel(nc.getPrompt());
final JTextField name = new JTextField(JTextFieldLen);
String defaultName = nc.getDefaultName();
if (defaultName != null) {
name.setText(defaultName);
}
/*
* Put the prompt and name in a horizontal box,
* and add that to the set of messages.
*/
Box namePanel = Box.createHorizontalBox();
namePanel.add(prompt);
namePanel.add(name);
messages.add(namePanel);
/* Store the name back into the callback if OK */
okActions.add(new Action() {
public void perform() {
nc.setName(name.getText());
}
});
} else if (callbacks[i] instanceof PasswordCallback) {
final PasswordCallback pc = (PasswordCallback) callbacks[i];
JLabel prompt = new JLabel(pc.getPrompt());
final JPasswordField password =
new JPasswordField(JPasswordFieldLen);
if (!pc.isEchoOn()) {
password.setEchoChar('*');
}
Box passwordPanel = Box.createHorizontalBox();
passwordPanel.add(prompt);
passwordPanel.add(password);
messages.add(passwordPanel);
okActions.add(new Action() {
public void perform() {
pc.setPassword(password.getPassword());
}
});
} else if (callbacks[i] instanceof ConfirmationCallback) {
ConfirmationCallback cc = (ConfirmationCallback)callbacks[i];
confirmation.setCallback(cc);
if (cc.getPrompt() != null) {
messages.add(cc.getPrompt());
}
} else {
throw new UnsupportedCallbackException(
callbacks[i], "Unrecognized Callback");
}
}
/* Display the dialog */
int result = JOptionPane.showOptionDialog(
parentComponent,
messages.toArray(),
"Confirmation", /* title */
confirmation.optionType,
confirmation.messageType,
null, /* icon */
confirmation.options, /* options */
confirmation.initialValue); /* initialValue */
/* Perform the OK actions */
if (result == JOptionPane.OK_OPTION
|| result == JOptionPane.YES_OPTION)
{
Iterator<Action> iterator = okActions.iterator();
while (iterator.hasNext()) {
iterator.next().perform();
}
}
confirmation.handleResult(result);
}
/*
* Provides assistance with translating between JAAS and Swing
* confirmation dialogs.
*/
private static class ConfirmationInfo {
private int[] translations;
int optionType = JOptionPane.OK_CANCEL_OPTION;
Object[] options = null;
Object initialValue = null;
int messageType = JOptionPane.QUESTION_MESSAGE;
private ConfirmationCallback callback;
/* Set the confirmation callback handler */
void setCallback(ConfirmationCallback callback)
throws UnsupportedCallbackException
{
this.callback = callback;
int confirmationOptionType = callback.getOptionType();
switch (confirmationOptionType) {
case ConfirmationCallback.YES_NO_OPTION:
optionType = JOptionPane.YES_NO_OPTION;
translations = new int[] {
JOptionPane.YES_OPTION, ConfirmationCallback.YES,
JOptionPane.NO_OPTION, ConfirmationCallback.NO,
JOptionPane.CLOSED_OPTION, ConfirmationCallback.NO
};
break;
case ConfirmationCallback.YES_NO_CANCEL_OPTION:
optionType = JOptionPane.YES_NO_CANCEL_OPTION;
translations = new int[] {
JOptionPane.YES_OPTION, ConfirmationCallback.YES,
JOptionPane.NO_OPTION, ConfirmationCallback.NO,
JOptionPane.CANCEL_OPTION, ConfirmationCallback.CANCEL,
JOptionPane.CLOSED_OPTION, ConfirmationCallback.CANCEL
};
break;
case ConfirmationCallback.OK_CANCEL_OPTION:
optionType = JOptionPane.OK_CANCEL_OPTION;
translations = new int[] {
JOptionPane.OK_OPTION, ConfirmationCallback.OK,
JOptionPane.CANCEL_OPTION, ConfirmationCallback.CANCEL,
JOptionPane.CLOSED_OPTION, ConfirmationCallback.CANCEL
};
break;
case ConfirmationCallback.UNSPECIFIED_OPTION:
options = callback.getOptions();
/*
* There's no way to know if the default option means
* to cancel the login, but there isn't a better way
* to guess this.
*/
translations = new int[] {
JOptionPane.CLOSED_OPTION, callback.getDefaultOption()
};
break;
default:
throw new UnsupportedCallbackException(
callback,
"Unrecognized option type: " + confirmationOptionType);
}
int confirmationMessageType = callback.getMessageType();
switch (confirmationMessageType) {
case ConfirmationCallback.WARNING:
messageType = JOptionPane.WARNING_MESSAGE;
break;
case ConfirmationCallback.ERROR:
messageType = JOptionPane.ERROR_MESSAGE;
break;
case ConfirmationCallback.INFORMATION:
messageType = JOptionPane.INFORMATION_MESSAGE;
break;
default:
throw new UnsupportedCallbackException(
callback,
"Unrecognized message type: " + confirmationMessageType);
}
}
/* Process the result returned by the Swing dialog */
void handleResult(int result) {
if (callback == null) {
return;
}
for (int i = 0; i < translations.length; i += 2) {
if (translations[i] == result) {
result = translations[i + 1];
break;
}
}
callback.setSelectedIndex(result);
}
}
}

262
jdkSrc/jdk8/com/sun/security/auth/callback/TextCallbackHandler.java Normal file
View File

@@ -0,0 +1,262 @@
/*
* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package com.sun.security.auth.callback;
/* JAAS imports */
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.ConfirmationCallback;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.TextOutputCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
/* Java imports */
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.PushbackInputStream;
import java.util.Arrays;
import sun.security.util.Password;
/**
* <p>
* Prompts and reads from the command line for answers to authentication
* questions.
* This can be used by a JAAS application to instantiate a
* CallbackHandler
* @see javax.security.auth.callback
*/
@jdk.Exported
public class TextCallbackHandler implements CallbackHandler {
/**
* <p>Creates a callback handler that prompts and reads from the
* command line for answers to authentication questions.
* This can be used by JAAS applications to instantiate a
* CallbackHandler.
*/
public TextCallbackHandler() { }
/**
* Handles the specified set of callbacks.
*
* @param callbacks the callbacks to handle
* @throws IOException if an input or output error occurs.
* @throws UnsupportedCallbackException if the callback is not an
* instance of NameCallback or PasswordCallback
*/
public void handle(Callback[] callbacks)
throws IOException, UnsupportedCallbackException
{
ConfirmationCallback confirmation = null;
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof TextOutputCallback) {
TextOutputCallback tc = (TextOutputCallback) callbacks[i];
String text;
switch (tc.getMessageType()) {
case TextOutputCallback.INFORMATION:
text = "";
break;
case TextOutputCallback.WARNING:
text = "Warning: ";
break;
case TextOutputCallback.ERROR:
text = "Error: ";
break;
default:
throw new UnsupportedCallbackException(
callbacks[i], "Unrecognized message type");
}
String message = tc.getMessage();
if (message != null) {
text += message;
}
if (text != null) {
System.err.println(text);
}
} else if (callbacks[i] instanceof NameCallback) {
NameCallback nc = (NameCallback) callbacks[i];
if (nc.getDefaultName() == null) {
System.err.print(nc.getPrompt());
} else {
System.err.print(nc.getPrompt() +
" [" + nc.getDefaultName() + "] ");
}
System.err.flush();
String result = readLine();
if (result.equals("")) {
result = nc.getDefaultName();
}
nc.setName(result);
} else if (callbacks[i] instanceof PasswordCallback) {
PasswordCallback pc = (PasswordCallback) callbacks[i];
System.err.print(pc.getPrompt());
System.err.flush();
pc.setPassword(Password.readPassword(System.in, pc.isEchoOn()));
} else if (callbacks[i] instanceof ConfirmationCallback) {
confirmation = (ConfirmationCallback) callbacks[i];
} else {
throw new UnsupportedCallbackException(
callbacks[i], "Unrecognized Callback");
}
}
/* Do the confirmation callback last. */
if (confirmation != null) {
doConfirmation(confirmation);
}
}
/* Reads a line of input */
private String readLine() throws IOException {
String result = new BufferedReader
(new InputStreamReader(System.in)).readLine();
if (result == null) {
throw new IOException("Cannot read from System.in");
}
return result;
}
private void doConfirmation(ConfirmationCallback confirmation)
throws IOException, UnsupportedCallbackException
{
String prefix;
int messageType = confirmation.getMessageType();
switch (messageType) {
case ConfirmationCallback.WARNING:
prefix = "Warning: ";
break;
case ConfirmationCallback.ERROR:
prefix = "Error: ";
break;
case ConfirmationCallback.INFORMATION:
prefix = "";
break;
default:
throw new UnsupportedCallbackException(
confirmation, "Unrecognized message type: " + messageType);
}
class OptionInfo {
String name;
int value;
OptionInfo(String name, int value) {
this.name = name;
this.value = value;
}
}
OptionInfo[] options;
int optionType = confirmation.getOptionType();
switch (optionType) {
case ConfirmationCallback.YES_NO_OPTION:
options = new OptionInfo[] {
new OptionInfo("Yes", ConfirmationCallback.YES),
new OptionInfo("No", ConfirmationCallback.NO)
};
break;
case ConfirmationCallback.YES_NO_CANCEL_OPTION:
options = new OptionInfo[] {
new OptionInfo("Yes", ConfirmationCallback.YES),
new OptionInfo("No", ConfirmationCallback.NO),
new OptionInfo("Cancel", ConfirmationCallback.CANCEL)
};
break;
case ConfirmationCallback.OK_CANCEL_OPTION:
options = new OptionInfo[] {
new OptionInfo("OK", ConfirmationCallback.OK),
new OptionInfo("Cancel", ConfirmationCallback.CANCEL)
};
break;
case ConfirmationCallback.UNSPECIFIED_OPTION:
String[] optionStrings = confirmation.getOptions();
options = new OptionInfo[optionStrings.length];
for (int i = 0; i < options.length; i++) {
options[i] = new OptionInfo(optionStrings[i], i);
}
break;
default:
throw new UnsupportedCallbackException(
confirmation, "Unrecognized option type: " + optionType);
}
int defaultOption = confirmation.getDefaultOption();
String prompt = confirmation.getPrompt();
if (prompt == null) {
prompt = "";
}
prompt = prefix + prompt;
if (!prompt.equals("")) {
System.err.println(prompt);
}
for (int i = 0; i < options.length; i++) {
if (optionType == ConfirmationCallback.UNSPECIFIED_OPTION) {
// defaultOption is an index into the options array
System.err.println(
i + ". " + options[i].name +
(i == defaultOption ? " [default]" : ""));
} else {
// defaultOption is an option value
System.err.println(
i + ". " + options[i].name +
(options[i].value == defaultOption ? " [default]" : ""));
}
}
System.err.print("Enter a number: ");
System.err.flush();
int result;
try {
result = Integer.parseInt(readLine());
if (result < 0 || result > (options.length - 1)) {
result = defaultOption;
}
result = options[result].value;
} catch (NumberFormatException e) {
result = defaultOption;
}
confirmation.setSelectedIndex(result);
}
}

27
jdkSrc/jdk8/com/sun/security/auth/callback/package-info.java Normal file
View File

@@ -0,0 +1,27 @@
/*
* Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
@jdk.Exported
package com.sun.security.auth.callback;

141
jdkSrc/jdk8/com/sun/security/auth/login/ConfigFile.java Normal file
View File

@@ -0,0 +1,141 @@
/*
* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package com.sun.security.auth.login;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import java.net.URI;
// NOTE: As of JDK 8, this class instantiates
// sun.security.provider.ConfigFile.Spi and forwards all methods to that
// implementation. All implementation fixes and enhancements should be made to
// sun.security.provider.ConfigFile.Spi and not this class.
// See JDK-8005117 for more information.
/**
* This class represents a default implementation for
* {@code javax.security.auth.login.Configuration}.
*
* <p> This object stores the runtime login configuration representation,
* and is the amalgamation of multiple static login
* configurations that resides in files.
* The algorithm for locating the login configuration file(s) and reading their
* information into this {@code Configuration} object is:
*
* <ol>
* <li>
* Loop through the security properties,
* <i>login.config.url.1</i>, <i>login.config.url.2</i>, ...,
* <i>login.config.url.X</i>.
* Each property value specifies a {@code URL} pointing to a
* login configuration file to be loaded. Read in and load
* each configuration.
*
* <li>
* The {@code java.lang.System} property
* <i>java.security.auth.login.config</i>
* may also be set to a {@code URL} pointing to another
* login configuration file
* (which is the case when a user uses the -D switch at runtime).
* If this property is defined, and its use is allowed by the
* security property file (the Security property,
* <i>policy.allowSystemProperty</i> is set to <i>true</i>),
* also load that login configuration.
*
* <li>
* If the <i>java.security.auth.login.config</i> property is defined using
* "==" (rather than "="), then ignore all other specified
* login configurations and only load this configuration.
*
* <li>
* If no system or security properties were set, try to read from the file,
* ${user.home}/.java.login.config, where ${user.home} is the value
* represented by the "user.home" System property.
* </ol>
*
* <p> The configuration syntax supported by this implementation
* is exactly that syntax specified in the
* {@code javax.security.auth.login.Configuration} class.
*
* @see javax.security.auth.login.LoginContext
* @see java.security.Security security properties
*/
@jdk.Exported
public class ConfigFile extends Configuration {
private final sun.security.provider.ConfigFile.Spi spi;
/**
* Create a new {@code Configuration} object.
*
* @throws SecurityException if the {@code Configuration} can not be
* initialized
*/
public ConfigFile() {
spi = new sun.security.provider.ConfigFile.Spi();
}
/**
* Create a new {@code Configuration} object from the specified {@code URI}.
*
* @param uri the {@code URI}
* @throws SecurityException if the {@code Configuration} can not be
* initialized
* @throws NullPointerException if {@code uri} is null
*/
public ConfigFile(URI uri) {
spi = new sun.security.provider.ConfigFile.Spi(uri);
}
/**
* Retrieve an entry from the {@code Configuration} using an application
* name as an index.
*
* @param applicationName the name used to index the {@code Configuration}
* @return an array of {@code AppConfigurationEntry} which correspond to
* the stacked configuration of {@code LoginModule}s for this
* application, or null if this application has no configured
* {@code LoginModule}s.
*/
@Override
public AppConfigurationEntry[] getAppConfigurationEntry
(String applicationName) {
return spi.engineGetAppConfigurationEntry(applicationName);
}
/**
* Refresh and reload the {@code Configuration} by re-reading all of the
* login configurations.
*
* @throws SecurityException if the caller does not have permission
* to refresh the {@code Configuration}
*/
@Override
public void refresh() {
spi.engineRefresh();
}
}

27
jdkSrc/jdk8/com/sun/security/auth/login/package-info.java Normal file
View File

@@ -0,0 +1,27 @@
/*
* Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
@jdk.Exported
package com.sun.security.auth.login;

398
jdkSrc/jdk8/com/sun/security/auth/module/Crypt.java Normal file
View File

@@ -0,0 +1,398 @@
/*
* Copyright (c) 2000, 2003, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/* Copyright (c) 1988 AT&T */
/* All Rights Reserved */
/**
* Implements the UNIX crypt(3) function, based on a direct port of the
* libc crypt function.
*
* <p>
* From the crypt man page:
* <p>
* crypt() is the password encryption routine, based on the NBS
* Data Encryption Standard, with variations intended (among
* other things) to frustrate use of hardware implementations
* of the DES for key search.
* <p>
* The first argument to crypt() is normally a user's typed
* password. The second is a 2-character string chosen from
* the set [a-zA-Z0-9./]. the salt string is used to perturb
* the DES algorithm in one
* of 4096 different ways, after which the password is used as
* the key to encrypt repeatedly a constant string. The
* returned value points to the encrypted password, in the same
* alphabet as the salt. The first two characters are the salt
* itself.
*
* @author Roland Schemers
*/
package com.sun.security.auth.module;
class Crypt {
/* EXPORT DELETE START */
private static final byte[] IP = {
58, 50, 42, 34, 26, 18, 10, 2,
60, 52, 44, 36, 28, 20, 12, 4,
62, 54, 46, 38, 30, 22, 14, 6,
64, 56, 48, 40, 32, 24, 16, 8,
57, 49, 41, 33, 25, 17, 9, 1,
59, 51, 43, 35, 27, 19, 11, 3,
61, 53, 45, 37, 29, 21, 13, 5,
63, 55, 47, 39, 31, 23, 15, 7,
};
private static final byte[] FP = {
40, 8, 48, 16, 56, 24, 64, 32,
39, 7, 47, 15, 55, 23, 63, 31,
38, 6, 46, 14, 54, 22, 62, 30,
37, 5, 45, 13, 53, 21, 61, 29,
36, 4, 44, 12, 52, 20, 60, 28,
35, 3, 43, 11, 51, 19, 59, 27,
34, 2, 42, 10, 50, 18, 58, 26,
33, 1, 41, 9, 49, 17, 57, 25,
};
private static final byte[] PC1_C = {
57, 49, 41, 33, 25, 17, 9,
1, 58, 50, 42, 34, 26, 18,
10, 2, 59, 51, 43, 35, 27,
19, 11, 3, 60, 52, 44, 36,
};
private static final byte[] PC1_D = {
63, 55, 47, 39, 31, 23, 15,
7, 62, 54, 46, 38, 30, 22,
14, 6, 61, 53, 45, 37, 29,
21, 13, 5, 28, 20, 12, 4,
};
private static final byte[] shifts = { 1,1,2,2,2,2,2,2,1,2,2,2,2,2,2,1, };
private static final byte[] PC2_C = {
14, 17, 11, 24, 1, 5,
3, 28, 15, 6, 21, 10,
23, 19, 12, 4, 26, 8,
16, 7, 27, 20, 13, 2,
};
private static final byte[] PC2_D = {
41,52,31,37,47,55,
30,40,51,45,33,48,
44,49,39,56,34,53,
46,42,50,36,29,32,
};
private byte[] C = new byte[28];
private byte[] D = new byte[28];
private byte[] KS;
private byte[] E = new byte[48];
private static final byte[] e2 = {
32, 1, 2, 3, 4, 5,
4, 5, 6, 7, 8, 9,
8, 9,10,11,12,13,
12,13,14,15,16,17,
16,17,18,19,20,21,
20,21,22,23,24,25,
24,25,26,27,28,29,
28,29,30,31,32, 1,
};
private void setkey(byte[] key) {
int i, j, k;
byte t;
if (KS == null) {
KS = new byte[16*48];
}
for (i = 0; i < 28; i++) {
C[i] = key[PC1_C[i]-1];
D[i] = key[PC1_D[i]-1];
}
for (i = 0; i < 16; i++) {
for (k = 0; k < shifts[i]; k++) {
t = C[0];
for (j = 0; j < 28-1; j++)
C[j] = C[j+1];
C[27] = t;
t = D[0];
for (j = 0; j < 28-1; j++)
D[j] = D[j+1];
D[27] = t;
}
for (j = 0; j < 24; j++) {
int index = i * 48;
KS[index+j] = C[PC2_C[j]-1];
KS[index+j+24] = D[PC2_D[j]-28-1];
}
}
for (i = 0; i < 48; i++)
E[i] = e2[i];
}
private static final byte[][] S = {
{14, 4,13, 1, 2,15,11, 8, 3,10, 6,12, 5, 9, 0, 7,
0,15, 7, 4,14, 2,13, 1,10, 6,12,11, 9, 5, 3, 8,
4, 1,14, 8,13, 6, 2,11,15,12, 9, 7, 3,10, 5, 0,
15,12, 8, 2, 4, 9, 1, 7, 5,11, 3,14,10, 0, 6,13},
{15, 1, 8,14, 6,11, 3, 4, 9, 7, 2,13,12, 0, 5,10,
3,13, 4, 7,15, 2, 8,14,12, 0, 1,10, 6, 9,11, 5,
0,14, 7,11,10, 4,13, 1, 5, 8,12, 6, 9, 3, 2,15,
13, 8,10, 1, 3,15, 4, 2,11, 6, 7,12, 0, 5,14, 9},
{10, 0, 9,14, 6, 3,15, 5, 1,13,12, 7,11, 4, 2, 8,
13, 7, 0, 9, 3, 4, 6,10, 2, 8, 5,14,12,11,15, 1,
13, 6, 4, 9, 8,15, 3, 0,11, 1, 2,12, 5,10,14, 7,
1,10,13, 0, 6, 9, 8, 7, 4,15,14, 3,11, 5, 2,12},
{7,13,14, 3, 0, 6, 9,10, 1, 2, 8, 5,11,12, 4,15,
13, 8,11, 5, 6,15, 0, 3, 4, 7, 2,12, 1,10,14, 9,
10, 6, 9, 0,12,11, 7,13,15, 1, 3,14, 5, 2, 8, 4,
3,15, 0, 6,10, 1,13, 8, 9, 4, 5,11,12, 7, 2,14},
{2,12, 4, 1, 7,10,11, 6, 8, 5, 3,15,13, 0,14, 9,
14,11, 2,12, 4, 7,13, 1, 5, 0,15,10, 3, 9, 8, 6,
4, 2, 1,11,10,13, 7, 8,15, 9,12, 5, 6, 3, 0,14,
11, 8,12, 7, 1,14, 2,13, 6,15, 0, 9,10, 4, 5, 3},
{12, 1,10,15, 9, 2, 6, 8, 0,13, 3, 4,14, 7, 5,11,
10,15, 4, 2, 7,12, 9, 5, 6, 1,13,14, 0,11, 3, 8,
9,14,15, 5, 2, 8,12, 3, 7, 0, 4,10, 1,13,11, 6,
4, 3, 2,12, 9, 5,15,10,11,14, 1, 7, 6, 0, 8,13},
{4,11, 2,14,15, 0, 8,13, 3,12, 9, 7, 5,10, 6, 1,
13, 0,11, 7, 4, 9, 1,10,14, 3, 5,12, 2,15, 8, 6,
1, 4,11,13,12, 3, 7,14,10,15, 6, 8, 0, 5, 9, 2,
6,11,13, 8, 1, 4,10, 7, 9, 5, 0,15,14, 2, 3,12},
{13, 2, 8, 4, 6,15,11, 1,10, 9, 3,14, 5, 0,12, 7,
1,15,13, 8,10, 3, 7, 4,12, 5, 6,11, 0,14, 9, 2,
7,11, 4, 1, 9,12,14, 2, 0, 6,10,13,15, 3, 5, 8,
2, 1,14, 7, 4,10, 8,13,15,12, 9, 0, 3, 5, 6,11},
};
private static final byte[] P = {
16, 7,20,21,
29,12,28,17,
1,15,23,26,
5,18,31,10,
2, 8,24,14,
32,27, 3, 9,
19,13,30, 6,
22,11, 4,25,
};
private byte[] L = new byte[64];
private byte[] tempL = new byte[32];
private byte[] f = new byte[32];
private byte[] preS = new byte[48];
private void encrypt(byte[] block,int fake) {
int i;
int t, j, k;
int R = 32; // &L[32]
if (KS == null) {
KS = new byte[16*48];
}
for(j=0; j < 64; j++) {
L[j] = block[IP[j]-1];
}
for(i=0; i < 16; i++) {
int index = i * 48;
for(j=0; j < 32; j++) {
tempL[j] = L[R+j];
}
for(j=0; j < 48; j++) {
preS[j] = (byte) (L[R+E[j]-1] ^ KS[index+j]);
}
for(j=0; j < 8; j++) {
t = 6*j;
k = S[j][(preS[t+0]<<5)+
(preS[t+1]<<3)+
(preS[t+2]<<2)+
(preS[t+3]<<1)+
(preS[t+4]<<0)+
(preS[t+5]<<4)];
t = 4*j;
f[t+0] = (byte) ((k>>3)&01);
f[t+1] = (byte) ((k>>2)&01);
f[t+2] = (byte) ((k>>1)&01);
f[t+3] = (byte) ((k>>0)&01);
}
for(j=0; j < 32; j++) {
L[R+j] = (byte) (L[j] ^ f[P[j]-1]);
}
for(j=0; j < 32; j++) {
L[j] = tempL[j];
}
}
for(j=0; j < 32; j++) {
t = L[j];
L[j] = L[R+j];
L[R+j] = (byte)t;
}
for(j=0; j < 64; j++) {
block[j] = L[FP[j]-1];
}
}
/* EXPORT DELETE END */
/**
* Creates a new Crypt object for use with the crypt method.
*
*/
public Crypt()
{
// does nothing at this time
super();
}
/**
* Implements the libc crypt(3) function.
*
* @param pw the password to "encrypt".
*
* @param salt the salt to use.
*
* @return A new byte[13] array that contains the encrypted
* password. The first two characters are the salt.
*
*/
public synchronized byte[] crypt(byte[] pw, byte[] salt) {
int c, i, j, pwi;
byte temp;
byte[] block = new byte[66];
byte[] iobuf = new byte[13];
/* EXPORT DELETE START */
pwi = 0;
for(i=0; pwi < pw.length && i < 64; pwi++) {
c = pw[pwi];
for(j=0; j < 7; j++, i++) {
block[i] = (byte) ((c>>(6-j)) & 01);
}
i++;
}
setkey(block);
for(i=0; i < 66; i++) {
block[i] = 0;
}
for(i=0; i < 2; i++) {
c = salt[i];
iobuf[i] = (byte)c;
if(c > 'Z')
c -= 6;
if(c > '9')
c -= 7;
c -= '.';
for(j=0; j < 6; j++) {
if( ((c>>j) & 01) != 0) {
temp = E[6*i+j];
E[6*i+j] = E[6*i+j+24];
E[6*i+j+24] = temp;
}
}
}
for(i=0; i < 25; i++) {
encrypt(block,0);
}
for(i=0; i < 11; i++) {
c = 0;
for(j=0; j < 6; j++) {
c <<= 1;
c |= block[6*i+j];
}
c += '.';
if(c > '9') {
c += 7;
}
if(c > 'Z') {
c += 6;
}
iobuf[i+2] = (byte)c;
}
//iobuf[i+2] = 0;
if(iobuf[1] == 0) {
iobuf[1] = iobuf[0];
}
/* EXPORT DELETE END */
return(iobuf);
}
/**
* program to test the crypt routine.
*
* The first parameter is the cleartext password, the second is
* the salt to use. The salt should be two characters from the
* set [a-zA-Z0-9./]. Outputs the crypt result.
*
* @param arg command line arguments.
*
*/
public static void main(String arg[]) {
if (arg.length!=2) {
System.err.println("usage: Crypt password salt");
System.exit(1);
}
Crypt c = new Crypt();
try {
byte result[] = c.crypt
(arg[0].getBytes("ISO-8859-1"), arg[1].getBytes("ISO-8859-1"));
for (int i=0; i<result.length; i++) {
System.out.println(" "+i+" "+(char)result[i]);
}
} catch (java.io.UnsupportedEncodingException uee) {
// cannot happen
}
}
}

779
jdkSrc/jdk8/com/sun/security/auth/module/JndiLoginModule.java Normal file
View File

@@ -0,0 +1,779 @@
/*
* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package com.sun.security.auth.module;
import javax.security.auth.*;
import javax.security.auth.callback.*;
import javax.security.auth.login.*;
import javax.security.auth.spi.*;
import javax.naming.*;
import javax.naming.directory.*;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Map;
import java.util.LinkedList;
import java.util.ResourceBundle;
import com.sun.security.auth.UnixPrincipal;
import com.sun.security.auth.UnixNumericUserPrincipal;
import com.sun.security.auth.UnixNumericGroupPrincipal;
/**
* <p> The module prompts for a username and password
* and then verifies the password against the password stored in
* a directory service configured under JNDI.
*
* <p> This <code>LoginModule</code> interoperates with
* any conformant JNDI service provider. To direct this
* <code>LoginModule</code> to use a specific JNDI service provider,
* two options must be specified in the login <code>Configuration</code>
* for this <code>LoginModule</code>.
* <pre>
* user.provider.url=<b>name_service_url</b>
* group.provider.url=<b>name_service_url</b>
* </pre>
*
* <b>name_service_url</b> specifies
* the directory service and path where this <code>LoginModule</code>
* can access the relevant user and group information. Because this
* <code>LoginModule</code> only performs one-level searches to
* find the relevant user information, the <code>URL</code>
* must point to a directory one level above where the user and group
* information is stored in the directory service.
* For example, to instruct this <code>LoginModule</code>
* to contact a NIS server, the following URLs must be specified:
* <pre>
* user.provider.url="nis://<b>NISServerHostName</b>/<b>NISDomain</b>/user"
* group.provider.url="nis://<b>NISServerHostName</b>/<b>NISDomain</b>/system/group"
* </pre>
*
* <b>NISServerHostName</b> specifies the server host name of the
* NIS server (for example, <i>nis.sun.com</i>, and <b>NISDomain</b>
* specifies the domain for that NIS server (for example, <i>jaas.sun.com</i>.
* To contact an LDAP server, the following URLs must be specified:
* <pre>
* user.provider.url="ldap://<b>LDAPServerHostName</b>/<b>LDAPName</b>"
* group.provider.url="ldap://<b>LDAPServerHostName</b>/<b>LDAPName</b>"
* </pre>
*
* <b>LDAPServerHostName</b> specifies the server host name of the
* LDAP server, which may include a port number
* (for example, <i>ldap.sun.com:389</i>),
* and <b>LDAPName</b> specifies the entry name in the LDAP directory
* (for example, <i>ou=People,o=Sun,c=US</i> and <i>ou=Groups,o=Sun,c=US</i>
* for user and group information, respectively).
*
* <p> The format in which the user's information must be stored in
* the directory service is specified in RFC 2307. Specifically,
* this <code>LoginModule</code> will search for the user's entry in the
* directory service using the user's <i>uid</i> attribute,
* where <i>uid=<b>username</b></i>. If the search succeeds,
* this <code>LoginModule</code> will then
* obtain the user's encrypted password from the retrieved entry
* using the <i>userPassword</i> attribute.
* This <code>LoginModule</code> assumes that the password is stored
* as a byte array, which when converted to a <code>String</code>,
* has the following format:
* <pre>
* "{crypt}<b>encrypted_password</b>"
* </pre>
*
* The LDAP directory server must be configured
* to permit read access to the userPassword attribute.
* If the user entered a valid username and password,
* this <code>LoginModule</code> associates a
* <code>UnixPrincipal</code>, <code>UnixNumericUserPrincipal</code>,
* and the relevant UnixNumericGroupPrincipals with the
* <code>Subject</code>.
*
* <p> This LoginModule also recognizes the following <code>Configuration</code>
* options:
* <pre>
* debug if, true, debug messages are output to System.out.
*
* useFirstPass if, true, this LoginModule retrieves the
* username and password from the module's shared state,
* using "javax.security.auth.login.name" and
* "javax.security.auth.login.password" as the respective
* keys. The retrieved values are used for authentication.
* If authentication fails, no attempt for a retry is made,
* and the failure is reported back to the calling
* application.
*
* tryFirstPass if, true, this LoginModule retrieves the
* the username and password from the module's shared state,
* using "javax.security.auth.login.name" and
* "javax.security.auth.login.password" as the respective
* keys. The retrieved values are used for authentication.
* If authentication fails, the module uses the
* CallbackHandler to retrieve a new username and password,
* and another attempt to authenticate is made.
* If the authentication fails, the failure is reported
* back to the calling application.
*
* storePass if, true, this LoginModule stores the username and password
* obtained from the CallbackHandler in the module's
* shared state, using "javax.security.auth.login.name" and
* "javax.security.auth.login.password" as the respective
* keys. This is not performed if existing values already
* exist for the username and password in the shared state,
* or if authentication fails.
*
* clearPass if, true, this <code>LoginModule</code> clears the
* username and password stored in the module's shared state
* after both phases of authentication (login and commit)
* have completed.
* </pre>
*
*/
@jdk.Exported
public class JndiLoginModule implements LoginModule {
private static final ResourceBundle rb = AccessController.doPrivileged(
new PrivilegedAction<ResourceBundle>() {
public ResourceBundle run() {
return ResourceBundle.getBundle(
"sun.security.util.AuthResources");
}
}
);
/** JNDI Provider */
public final String USER_PROVIDER = "user.provider.url";
public final String GROUP_PROVIDER = "group.provider.url";
// configurable options
private boolean debug = false;
private boolean strongDebug = false;
private String userProvider;
private String groupProvider;
private boolean useFirstPass = false;
private boolean tryFirstPass = false;
private boolean storePass = false;
private boolean clearPass = false;
// the authentication status
private boolean succeeded = false;
private boolean commitSucceeded = false;
// username, password, and JNDI context
private String username;
private char[] password;
DirContext ctx;
// the user (assume it is a UnixPrincipal)
private UnixPrincipal userPrincipal;
private UnixNumericUserPrincipal UIDPrincipal;
private UnixNumericGroupPrincipal GIDPrincipal;
private LinkedList<UnixNumericGroupPrincipal> supplementaryGroups =
new LinkedList<>();
// initial state
private Subject subject;
private CallbackHandler callbackHandler;
private Map<String, Object> sharedState;
private Map<String, ?> options;
private static final String CRYPT = "{crypt}";
private static final String USER_PWD = "userPassword";
private static final String USER_UID = "uidNumber";
private static final String USER_GID = "gidNumber";
private static final String GROUP_ID = "gidNumber";
private static final String NAME = "javax.security.auth.login.name";
private static final String PWD = "javax.security.auth.login.password";
/**
* Initialize this <code>LoginModule</code>.
*
* <p>
*
* @param subject the <code>Subject</code> to be authenticated. <p>
*
* @param callbackHandler a <code>CallbackHandler</code> for communicating
* with the end user (prompting for usernames and
* passwords, for example). <p>
*
* @param sharedState shared <code>LoginModule</code> state. <p>
*
* @param options options specified in the login
* <code>Configuration</code> for this particular
* <code>LoginModule</code>.
*/
// Unchecked warning from (Map<String, Object>)sharedState is safe
// since javax.security.auth.login.LoginContext passes a raw HashMap.
// Unchecked warnings from options.get(String) are safe since we are
// passing known keys.
@SuppressWarnings("unchecked")
public void initialize(Subject subject, CallbackHandler callbackHandler,
Map<String,?> sharedState,
Map<String,?> options) {
this.subject = subject;
this.callbackHandler = callbackHandler;
this.sharedState = (Map<String, Object>)sharedState;
this.options = options;
// initialize any configured options
debug = "true".equalsIgnoreCase((String)options.get("debug"));
strongDebug =
"true".equalsIgnoreCase((String)options.get("strongDebug"));
userProvider = (String)options.get(USER_PROVIDER);
groupProvider = (String)options.get(GROUP_PROVIDER);
tryFirstPass =
"true".equalsIgnoreCase((String)options.get("tryFirstPass"));
useFirstPass =
"true".equalsIgnoreCase((String)options.get("useFirstPass"));
storePass =
"true".equalsIgnoreCase((String)options.get("storePass"));
clearPass =
"true".equalsIgnoreCase((String)options.get("clearPass"));
}
/**
* <p> Prompt for username and password.
* Verify the password against the relevant name service.
*
* <p>
*
* @return true always, since this <code>LoginModule</code>
* should not be ignored.
*
* @exception FailedLoginException if the authentication fails. <p>
*
* @exception LoginException if this <code>LoginModule</code>
* is unable to perform the authentication.
*/
public boolean login() throws LoginException {
if (userProvider == null) {
throw new LoginException
("Error: Unable to locate JNDI user provider");
}
if (groupProvider == null) {
throw new LoginException
("Error: Unable to locate JNDI group provider");
}
if (debug) {
System.out.println("\t\t[JndiLoginModule] user provider: " +
userProvider);
System.out.println("\t\t[JndiLoginModule] group provider: " +
groupProvider);
}
// attempt the authentication
if (tryFirstPass) {
try {
// attempt the authentication by getting the
// username and password from shared state
attemptAuthentication(true);
// authentication succeeded
succeeded = true;
if (debug) {
System.out.println("\t\t[JndiLoginModule] " +
"tryFirstPass succeeded");
}
return true;
} catch (LoginException le) {
// authentication failed -- try again below by prompting
cleanState();
if (debug) {
System.out.println("\t\t[JndiLoginModule] " +
"tryFirstPass failed with:" +
le.toString());
}
}
} else if (useFirstPass) {
try {
// attempt the authentication by getting the
// username and password from shared state
attemptAuthentication(true);
// authentication succeeded
succeeded = true;
if (debug) {
System.out.println("\t\t[JndiLoginModule] " +
"useFirstPass succeeded");
}
return true;
} catch (LoginException le) {
// authentication failed
cleanState();
if (debug) {
System.out.println("\t\t[JndiLoginModule] " +
"useFirstPass failed");
}
throw le;
}
}
// attempt the authentication by prompting for the username and pwd
try {
attemptAuthentication(false);
// authentication succeeded
succeeded = true;
if (debug) {
System.out.println("\t\t[JndiLoginModule] " +
"regular authentication succeeded");
}
return true;
} catch (LoginException le) {
cleanState();
if (debug) {
System.out.println("\t\t[JndiLoginModule] " +
"regular authentication failed");
}
throw le;
}
}
/**
* Abstract method to commit the authentication process (phase 2).
*
* <p> This method is called if the LoginContext's
* overall authentication succeeded
* (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules
* succeeded).
*
* <p> If this LoginModule's own authentication attempt
* succeeded (checked by retrieving the private state saved by the
* <code>login</code> method), then this method associates a
* <code>UnixPrincipal</code>
* with the <code>Subject</code> located in the
* <code>LoginModule</code>. If this LoginModule's own
* authentication attempted failed, then this method removes
* any state that was originally saved.
*
* <p>
*
* @exception LoginException if the commit fails
*
* @return true if this LoginModule's own login and commit
* attempts succeeded, or false otherwise.
*/
public boolean commit() throws LoginException {
if (succeeded == false) {
return false;
} else {
if (subject.isReadOnly()) {
cleanState();
throw new LoginException ("Subject is Readonly");
}
// add Principals to the Subject
if (!subject.getPrincipals().contains(userPrincipal))
subject.getPrincipals().add(userPrincipal);
if (!subject.getPrincipals().contains(UIDPrincipal))
subject.getPrincipals().add(UIDPrincipal);
if (!subject.getPrincipals().contains(GIDPrincipal))
subject.getPrincipals().add(GIDPrincipal);
for (int i = 0; i < supplementaryGroups.size(); i++) {
if (!subject.getPrincipals().contains
(supplementaryGroups.get(i)))
subject.getPrincipals().add(supplementaryGroups.get(i));
}
if (debug) {
System.out.println("\t\t[JndiLoginModule]: " +
"added UnixPrincipal,");
System.out.println("\t\t\t\tUnixNumericUserPrincipal,");
System.out.println("\t\t\t\tUnixNumericGroupPrincipal(s),");
System.out.println("\t\t\t to Subject");
}
}
// in any case, clean out state
cleanState();
commitSucceeded = true;
return true;
}
/**
* <p> This method is called if the LoginContext's
* overall authentication failed.
* (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules
* did not succeed).
*
* <p> If this LoginModule's own authentication attempt
* succeeded (checked by retrieving the private state saved by the
* <code>login</code> and <code>commit</code> methods),
* then this method cleans up any state that was originally saved.
*
* <p>
*
* @exception LoginException if the abort fails.
*
* @return false if this LoginModule's own login and/or commit attempts
* failed, and true otherwise.
*/
public boolean abort() throws LoginException {
if (debug)
System.out.println("\t\t[JndiLoginModule]: " +
"aborted authentication failed");
if (succeeded == false) {
return false;
} else if (succeeded == true && commitSucceeded == false) {
// Clean out state
succeeded = false;
cleanState();
userPrincipal = null;
UIDPrincipal = null;
GIDPrincipal = null;
supplementaryGroups = new LinkedList<UnixNumericGroupPrincipal>();
} else {
// overall authentication succeeded and commit succeeded,
// but someone else's commit failed
logout();
}
return true;
}
/**
* Logout a user.
*
* <p> This method removes the Principals
* that were added by the <code>commit</code> method.
*
* <p>
*
* @exception LoginException if the logout fails.
*
* @return true in all cases since this <code>LoginModule</code>
* should not be ignored.
*/
public boolean logout() throws LoginException {
if (subject.isReadOnly()) {
cleanState();
throw new LoginException ("Subject is Readonly");
}
subject.getPrincipals().remove(userPrincipal);
subject.getPrincipals().remove(UIDPrincipal);
subject.getPrincipals().remove(GIDPrincipal);
for (int i = 0; i < supplementaryGroups.size(); i++) {
subject.getPrincipals().remove(supplementaryGroups.get(i));
}
// clean out state
cleanState();
succeeded = false;
commitSucceeded = false;
userPrincipal = null;
UIDPrincipal = null;
GIDPrincipal = null;
supplementaryGroups = new LinkedList<UnixNumericGroupPrincipal>();
if (debug) {
System.out.println("\t\t[JndiLoginModule]: " +
"logged out Subject");
}
return true;
}
/**
* Attempt authentication
*
* <p>
*
* @param getPasswdFromSharedState boolean that tells this method whether
* to retrieve the password from the sharedState.
*/
private void attemptAuthentication(boolean getPasswdFromSharedState)
throws LoginException {
String encryptedPassword = null;
// first get the username and password
getUsernamePassword(getPasswdFromSharedState);
try {
// get the user's passwd entry from the user provider URL
InitialContext iCtx = new InitialContext();
ctx = (DirContext)iCtx.lookup(userProvider);
/*
SearchControls controls = new SearchControls
(SearchControls.ONELEVEL_SCOPE,
0,
5000,
new String[] { USER_PWD },
false,
false);
*/
SearchControls controls = new SearchControls();
NamingEnumeration<SearchResult> ne = ctx.search("",
"(uid=" + username + ")",
controls);
if (ne.hasMore()) {
SearchResult result = ne.next();
Attributes attributes = result.getAttributes();
// get the password
// this module works only if the LDAP directory server
// is configured to permit read access to the userPassword
// attribute. The directory administrator need to grant
// this access.
//
// A workaround would be to make the server do authentication
// by setting the Context.SECURITY_PRINCIPAL
// and Context.SECURITY_CREDENTIALS property.
// However, this would make it not work with systems that
// don't do authentication at the server (like NIS).
//
// Setting the SECURITY_* properties and using "simple"
// authentication for LDAP is recommended only for secure
// channels. For nonsecure channels, SSL is recommended.
Attribute pwd = attributes.get(USER_PWD);
String encryptedPwd = new String((byte[])pwd.get(), "UTF8");
encryptedPassword = encryptedPwd.substring(CRYPT.length());
// check the password
if (verifyPassword
(encryptedPassword, new String(password)) == true) {
// authentication succeeded
if (debug)
System.out.println("\t\t[JndiLoginModule] " +
"attemptAuthentication() succeeded");
} else {
// authentication failed
if (debug)
System.out.println("\t\t[JndiLoginModule] " +
"attemptAuthentication() failed");
throw new FailedLoginException("Login incorrect");
}
// save input as shared state only if
// authentication succeeded
if (storePass &&
!sharedState.containsKey(NAME) &&
!sharedState.containsKey(PWD)) {
sharedState.put(NAME, username);
sharedState.put(PWD, password);
}
// create the user principal
userPrincipal = new UnixPrincipal(username);
// get the UID
Attribute uid = attributes.get(USER_UID);
String uidNumber = (String)uid.get();
UIDPrincipal = new UnixNumericUserPrincipal(uidNumber);
if (debug && uidNumber != null) {
System.out.println("\t\t[JndiLoginModule] " +
"user: '" + username + "' has UID: " +
uidNumber);
}
// get the GID
Attribute gid = attributes.get(USER_GID);
String gidNumber = (String)gid.get();
GIDPrincipal = new UnixNumericGroupPrincipal
(gidNumber, true);
if (debug && gidNumber != null) {
System.out.println("\t\t[JndiLoginModule] " +
"user: '" + username + "' has GID: " +
gidNumber);
}
// get the supplementary groups from the group provider URL
ctx = (DirContext)iCtx.lookup(groupProvider);
ne = ctx.search("", new BasicAttributes("memberUid", username));
while (ne.hasMore()) {
result = ne.next();
attributes = result.getAttributes();
gid = attributes.get(GROUP_ID);
String suppGid = (String)gid.get();
if (!gidNumber.equals(suppGid)) {
UnixNumericGroupPrincipal suppPrincipal =
new UnixNumericGroupPrincipal(suppGid, false);
supplementaryGroups.add(suppPrincipal);
if (debug && suppGid != null) {
System.out.println("\t\t[JndiLoginModule] " +
"user: '" + username +
"' has Supplementary Group: " +
suppGid);
}
}
}
} else {
// bad username
if (debug) {
System.out.println("\t\t[JndiLoginModule]: User not found");
}
throw new FailedLoginException("User not found");
}
} catch (NamingException ne) {
// bad username
if (debug) {
System.out.println("\t\t[JndiLoginModule]: User not found");
ne.printStackTrace();
}
throw new FailedLoginException("User not found");
} catch (java.io.UnsupportedEncodingException uee) {
// password stored in incorrect format
if (debug) {
System.out.println("\t\t[JndiLoginModule]: " +
"password incorrectly encoded");
uee.printStackTrace();
}
throw new LoginException("Login failure due to incorrect " +
"password encoding in the password database");
}
// authentication succeeded
}
/**
* Get the username and password.
* This method does not return any value.
* Instead, it sets global name and password variables.
*
* <p> Also note that this method will set the username and password
* values in the shared state in case subsequent LoginModules
* want to use them via use/tryFirstPass.
*
* <p>
*
* @param getPasswdFromSharedState boolean that tells this method whether
* to retrieve the password from the sharedState.
*/
private void getUsernamePassword(boolean getPasswdFromSharedState)
throws LoginException {
if (getPasswdFromSharedState) {
// use the password saved by the first module in the stack
username = (String)sharedState.get(NAME);
password = (char[])sharedState.get(PWD);
return;
}
// prompt for a username and password
if (callbackHandler == null)
throw new LoginException("Error: no CallbackHandler available " +
"to garner authentication information from the user");
String protocol = userProvider.substring(0, userProvider.indexOf(":"));
Callback[] callbacks = new Callback[2];
callbacks[0] = new NameCallback(protocol + " "
+ rb.getString("username."));
callbacks[1] = new PasswordCallback(protocol + " " +
rb.getString("password."),
false);
try {
callbackHandler.handle(callbacks);
username = ((NameCallback)callbacks[0]).getName();
char[] tmpPassword = ((PasswordCallback)callbacks[1]).getPassword();
password = new char[tmpPassword.length];
System.arraycopy(tmpPassword, 0,
password, 0, tmpPassword.length);
((PasswordCallback)callbacks[1]).clearPassword();
} catch (java.io.IOException ioe) {
throw new LoginException(ioe.toString());
} catch (UnsupportedCallbackException uce) {
throw new LoginException("Error: " + uce.getCallback().toString() +
" not available to garner authentication information " +
"from the user");
}
// print debugging information
if (strongDebug) {
System.out.println("\t\t[JndiLoginModule] " +
"user entered username: " +
username);
System.out.print("\t\t[JndiLoginModule] " +
"user entered password: ");
for (int i = 0; i < password.length; i++)
System.out.print(password[i]);
System.out.println();
}
}
/**
* Verify a password against the encrypted passwd from /etc/shadow
*/
private boolean verifyPassword(String encryptedPassword, String password) {
if (encryptedPassword == null)
return false;
Crypt c = new Crypt();
try {
byte oldCrypt[] = encryptedPassword.getBytes("UTF8");
byte newCrypt[] = c.crypt(password.getBytes("UTF8"),
oldCrypt);
if (newCrypt.length != oldCrypt.length)
return false;
for (int i = 0; i < newCrypt.length; i++) {
if (oldCrypt[i] != newCrypt[i])
return false;
}
} catch (java.io.UnsupportedEncodingException uee) {
// cannot happen, but return false just to be safe
return false;
}
return true;
}
/**
* Clean out state because of a failed authentication attempt
*/
private void cleanState() {
username = null;
if (password != null) {
for (int i = 0; i < password.length; i++)
password[i] = ' ';
password = null;
}
ctx = null;
if (clearPass) {
sharedState.remove(NAME);
sharedState.remove(PWD);
}
}
}

939
jdkSrc/jdk8/com/sun/security/auth/module/KeyStoreLoginModule.java Normal file
View File

@@ -0,0 +1,939 @@
/*
* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package com.sun.security.auth.module;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.*;
import java.security.cert.*;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.*;
import javax.security.auth.Destroyable;
import javax.security.auth.DestroyFailedException;
import javax.security.auth.Subject;
import javax.security.auth.x500.*;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.ConfirmationCallback;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.TextOutputCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import sun.security.util.Password;
/**
* Provides a JAAS login module that prompts for a key store alias and
* populates the subject with the alias's principal and credentials. Stores
* an <code>X500Principal</code> for the subject distinguished name of the
* first certificate in the alias's credentials in the subject's principals,
* the alias's certificate path in the subject's public credentials, and a
* <code>X500PrivateCredential</code> whose certificate is the first
* certificate in the alias's certificate path and whose private key is the
* alias's private key in the subject's private credentials. <p>
*
* Recognizes the following options in the configuration file:
* <dl>
*
* <dt> <code>keyStoreURL</code> </dt>
* <dd> A URL that specifies the location of the key store. Defaults to
* a URL pointing to the .keystore file in the directory specified by the
* <code>user.home</code> system property. The input stream from this
* URL is passed to the <code>KeyStore.load</code> method.
* "NONE" may be specified if a <code>null</code> stream must be
* passed to the <code>KeyStore.load</code> method.
* "NONE" should be specified if the KeyStore resides
* on a hardware token device, for example.</dd>
*
* <dt> <code>keyStoreType</code> </dt>
* <dd> The key store type. If not specified, defaults to the result of
* calling <code>KeyStore.getDefaultType()</code>.
* If the type is "PKCS11", then keyStoreURL must be "NONE"
* and privateKeyPasswordURL must not be specified.</dd>
*
* <dt> <code>keyStoreProvider</code> </dt>
* <dd> The key store provider. If not specified, uses the standard search
* order to find the provider. </dd>
*
* <dt> <code>keyStoreAlias</code> </dt>
* <dd> The alias in the key store to login as. Required when no callback
* handler is provided. No default value. </dd>
*
* <dt> <code>keyStorePasswordURL</code> </dt>
* <dd> A URL that specifies the location of the key store password. Required
* when no callback handler is provided and
* <code>protected</code> is false.
* No default value. </dd>
*
* <dt> <code>privateKeyPasswordURL</code> </dt>
* <dd> A URL that specifies the location of the specific private key password
* needed to access the private key for this alias.
* The keystore password
* is used if this value is needed and not specified. </dd>
*
* <dt> <code>protected</code> </dt>
* <dd> This value should be set to "true" if the KeyStore
* has a separate, protected authentication path
* (for example, a dedicated PIN-pad attached to a smart card).
* Defaults to "false". If "true" keyStorePasswordURL and
* privateKeyPasswordURL must not be specified.</dd>
*
* </dl>
*/
@jdk.Exported
public class KeyStoreLoginModule implements LoginModule {
private static final ResourceBundle rb = AccessController.doPrivileged(
new PrivilegedAction<ResourceBundle>() {
public ResourceBundle run() {
return ResourceBundle.getBundle(
"sun.security.util.AuthResources");
}
}
);
/* -- Fields -- */
private static final int UNINITIALIZED = 0;
private static final int INITIALIZED = 1;
private static final int AUTHENTICATED = 2;
private static final int LOGGED_IN = 3;
private static final int PROTECTED_PATH = 0;
private static final int TOKEN = 1;
private static final int NORMAL = 2;
private static final String NONE = "NONE";
private static final String P11KEYSTORE = "PKCS11";
private static final TextOutputCallback bannerCallback =
new TextOutputCallback
(TextOutputCallback.INFORMATION,
rb.getString("Please.enter.keystore.information"));
private final ConfirmationCallback confirmationCallback =
new ConfirmationCallback
(ConfirmationCallback.INFORMATION,
ConfirmationCallback.OK_CANCEL_OPTION,
ConfirmationCallback.OK);
private Subject subject;
private CallbackHandler callbackHandler;
private Map<String, Object> sharedState;
private Map<String, ?> options;
private char[] keyStorePassword;
private char[] privateKeyPassword;
private KeyStore keyStore;
private String keyStoreURL;
private String keyStoreType;
private String keyStoreProvider;
private String keyStoreAlias;
private String keyStorePasswordURL;
private String privateKeyPasswordURL;
private boolean debug;
private javax.security.auth.x500.X500Principal principal;
private Certificate[] fromKeyStore;
private java.security.cert.CertPath certP = null;
private X500PrivateCredential privateCredential;
private int status = UNINITIALIZED;
private boolean nullStream = false;
private boolean token = false;
private boolean protectedPath = false;
/* -- Methods -- */
/**
* Initialize this <code>LoginModule</code>.
*
* <p>
*
* @param subject the <code>Subject</code> to be authenticated. <p>
*
* @param callbackHandler a <code>CallbackHandler</code> for communicating
* with the end user (prompting for usernames and
* passwords, for example),
* which may be <code>null</code>. <p>
*
* @param sharedState shared <code>LoginModule</code> state. <p>
*
* @param options options specified in the login
* <code>Configuration</code> for this particular
* <code>LoginModule</code>.
*/
// Unchecked warning from (Map<String, Object>)sharedState is safe
// since javax.security.auth.login.LoginContext passes a raw HashMap.
@SuppressWarnings("unchecked")
public void initialize(Subject subject,
CallbackHandler callbackHandler,
Map<String,?> sharedState,
Map<String,?> options)
{
this.subject = subject;
this.callbackHandler = callbackHandler;
this.sharedState = (Map<String, Object>)sharedState;
this.options = options;
processOptions();
status = INITIALIZED;
}
private void processOptions() {
keyStoreURL = (String) options.get("keyStoreURL");
if (keyStoreURL == null) {
keyStoreURL =
"file:" +
System.getProperty("user.home").replace(
File.separatorChar, '/') +
'/' + ".keystore";
} else if (NONE.equals(keyStoreURL)) {
nullStream = true;
}
keyStoreType = (String) options.get("keyStoreType");
if (keyStoreType == null) {
keyStoreType = KeyStore.getDefaultType();
}
if (P11KEYSTORE.equalsIgnoreCase(keyStoreType)) {
token = true;
}
keyStoreProvider = (String) options.get("keyStoreProvider");
keyStoreAlias = (String) options.get("keyStoreAlias");
keyStorePasswordURL = (String) options.get("keyStorePasswordURL");
privateKeyPasswordURL = (String) options.get("privateKeyPasswordURL");
protectedPath = "true".equalsIgnoreCase((String)options.get
("protected"));
debug = "true".equalsIgnoreCase((String) options.get("debug"));
if (debug) {
debugPrint(null);
debugPrint("keyStoreURL=" + keyStoreURL);
debugPrint("keyStoreType=" + keyStoreType);
debugPrint("keyStoreProvider=" + keyStoreProvider);
debugPrint("keyStoreAlias=" + keyStoreAlias);
debugPrint("keyStorePasswordURL=" + keyStorePasswordURL);
debugPrint("privateKeyPasswordURL=" + privateKeyPasswordURL);
debugPrint("protectedPath=" + protectedPath);
debugPrint(null);
}
}
/**
* Authenticate the user.
*
* <p> Get the Keystore alias and relevant passwords.
* Retrieve the alias's principal and credentials from the Keystore.
*
* <p>
*
* @exception FailedLoginException if the authentication fails. <p>
*
* @return true in all cases (this <code>LoginModule</code>
* should not be ignored).
*/
public boolean login() throws LoginException {
switch (status) {
case UNINITIALIZED:
default:
throw new LoginException("The login module is not initialized");
case INITIALIZED:
case AUTHENTICATED:
if (token && !nullStream) {
throw new LoginException
("if keyStoreType is " + P11KEYSTORE +
" then keyStoreURL must be " + NONE);
}
if (token && privateKeyPasswordURL != null) {
throw new LoginException
("if keyStoreType is " + P11KEYSTORE +
" then privateKeyPasswordURL must not be specified");
}
if (protectedPath &&
(keyStorePasswordURL != null ||
privateKeyPasswordURL != null)) {
throw new LoginException
("if protected is true then keyStorePasswordURL and " +
"privateKeyPasswordURL must not be specified");
}
// get relevant alias and password info
if (protectedPath) {
getAliasAndPasswords(PROTECTED_PATH);
} else if (token) {
getAliasAndPasswords(TOKEN);
} else {
getAliasAndPasswords(NORMAL);
}
// log into KeyStore to retrieve data,
// then clear passwords
try {
getKeyStoreInfo();
} finally {
if (privateKeyPassword != null &&
privateKeyPassword != keyStorePassword) {
Arrays.fill(privateKeyPassword, '\0');
privateKeyPassword = null;
}
if (keyStorePassword != null) {
Arrays.fill(keyStorePassword, '\0');
keyStorePassword = null;
}
}
status = AUTHENTICATED;
return true;
case LOGGED_IN:
return true;
}
}
/** Get the alias and passwords to use for looking up in the KeyStore. */
@SuppressWarnings("fallthrough")
private void getAliasAndPasswords(int env) throws LoginException {
if (callbackHandler == null) {
// No callback handler - check for alias and password options
switch (env) {
case PROTECTED_PATH:
checkAlias();
break;
case TOKEN:
checkAlias();
checkStorePass();
break;
case NORMAL:
checkAlias();
checkStorePass();
checkKeyPass();
break;
}
} else {
// Callback handler available - prompt for alias and passwords
NameCallback aliasCallback;
if (keyStoreAlias == null || keyStoreAlias.length() == 0) {
aliasCallback = new NameCallback(
rb.getString("Keystore.alias."));
} else {
aliasCallback =
new NameCallback(rb.getString("Keystore.alias."),
keyStoreAlias);
}
PasswordCallback storePassCallback = null;
PasswordCallback keyPassCallback = null;
switch (env) {
case PROTECTED_PATH:
break;
case NORMAL:
keyPassCallback = new PasswordCallback
(rb.getString("Private.key.password.optional."), false);
// fall thru
case TOKEN:
storePassCallback = new PasswordCallback
(rb.getString("Keystore.password."), false);
break;
}
prompt(aliasCallback, storePassCallback, keyPassCallback);
}
if (debug) {
debugPrint("alias=" + keyStoreAlias);
}
}
private void checkAlias() throws LoginException {
if (keyStoreAlias == null) {
throw new LoginException
("Need to specify an alias option to use " +
"KeyStoreLoginModule non-interactively.");
}
}
private void checkStorePass() throws LoginException {
if (keyStorePasswordURL == null) {
throw new LoginException
("Need to specify keyStorePasswordURL option to use " +
"KeyStoreLoginModule non-interactively.");
}
InputStream in = null;
try {
in = new URL(keyStorePasswordURL).openStream();
keyStorePassword = Password.readPassword(in);
} catch (IOException e) {
LoginException le = new LoginException
("Problem accessing keystore password \"" +
keyStorePasswordURL + "\"");
le.initCause(e);
throw le;
} finally {
if (in != null) {
try {
in.close();
} catch (IOException ioe) {
LoginException le = new LoginException(
"Problem closing the keystore password stream");
le.initCause(ioe);
throw le;
}
}
}
}
private void checkKeyPass() throws LoginException {
if (privateKeyPasswordURL == null) {
privateKeyPassword = keyStorePassword;
} else {
InputStream in = null;
try {
in = new URL(privateKeyPasswordURL).openStream();
privateKeyPassword = Password.readPassword(in);
} catch (IOException e) {
LoginException le = new LoginException
("Problem accessing private key password \"" +
privateKeyPasswordURL + "\"");
le.initCause(e);
throw le;
} finally {
if (in != null) {
try {
in.close();
} catch (IOException ioe) {
LoginException le = new LoginException(
"Problem closing the private key password stream");
le.initCause(ioe);
throw le;
}
}
}
}
}
private void prompt(NameCallback aliasCallback,
PasswordCallback storePassCallback,
PasswordCallback keyPassCallback)
throws LoginException {
if (storePassCallback == null) {
// only prompt for alias
try {
callbackHandler.handle(
new Callback[] {
bannerCallback, aliasCallback, confirmationCallback
});
} catch (IOException e) {
LoginException le = new LoginException
("Problem retrieving keystore alias");
le.initCause(e);
throw le;
} catch (UnsupportedCallbackException e) {
throw new LoginException(
"Error: " + e.getCallback().toString() +
" is not available to retrieve authentication " +
" information from the user");
}
int confirmationResult = confirmationCallback.getSelectedIndex();
if (confirmationResult == ConfirmationCallback.CANCEL) {
throw new LoginException("Login cancelled");
}
saveAlias(aliasCallback);
} else if (keyPassCallback == null) {
// prompt for alias and key store password
try {
callbackHandler.handle(
new Callback[] {
bannerCallback, aliasCallback,
storePassCallback, confirmationCallback
});
} catch (IOException e) {
LoginException le = new LoginException
("Problem retrieving keystore alias and password");
le.initCause(e);
throw le;
} catch (UnsupportedCallbackException e) {
throw new LoginException(
"Error: " + e.getCallback().toString() +
" is not available to retrieve authentication " +
" information from the user");
}
int confirmationResult = confirmationCallback.getSelectedIndex();
if (confirmationResult == ConfirmationCallback.CANCEL) {
throw new LoginException("Login cancelled");
}
saveAlias(aliasCallback);
saveStorePass(storePassCallback);
} else {
// prompt for alias, key store password, and key password
try {
callbackHandler.handle(
new Callback[] {
bannerCallback, aliasCallback,
storePassCallback, keyPassCallback,
confirmationCallback
});
} catch (IOException e) {
LoginException le = new LoginException
("Problem retrieving keystore alias and passwords");
le.initCause(e);
throw le;
} catch (UnsupportedCallbackException e) {
throw new LoginException(
"Error: " + e.getCallback().toString() +
" is not available to retrieve authentication " +
" information from the user");
}
int confirmationResult = confirmationCallback.getSelectedIndex();
if (confirmationResult == ConfirmationCallback.CANCEL) {
throw new LoginException("Login cancelled");
}
saveAlias(aliasCallback);
saveStorePass(storePassCallback);
saveKeyPass(keyPassCallback);
}
}
private void saveAlias(NameCallback cb) {
keyStoreAlias = cb.getName();
}
private void saveStorePass(PasswordCallback c) {
keyStorePassword = c.getPassword();
if (keyStorePassword == null) {
/* Treat a NULL password as an empty password */
keyStorePassword = new char[0];
}
c.clearPassword();
}
private void saveKeyPass(PasswordCallback c) {
privateKeyPassword = c.getPassword();
if (privateKeyPassword == null || privateKeyPassword.length == 0) {
/*
* Use keystore password if no private key password is
* specified.
*/
privateKeyPassword = keyStorePassword;
}
c.clearPassword();
}
/** Get the credentials from the KeyStore. */
private void getKeyStoreInfo() throws LoginException {
/* Get KeyStore instance */
try {
if (keyStoreProvider == null) {
keyStore = KeyStore.getInstance(keyStoreType);
} else {
keyStore =
KeyStore.getInstance(keyStoreType, keyStoreProvider);
}
} catch (KeyStoreException e) {
LoginException le = new LoginException
("The specified keystore type was not available");
le.initCause(e);
throw le;
} catch (NoSuchProviderException e) {
LoginException le = new LoginException
("The specified keystore provider was not available");
le.initCause(e);
throw le;
}
/* Load KeyStore contents from file */
InputStream in = null;
try {
if (nullStream) {
// if using protected auth path, keyStorePassword will be null
keyStore.load(null, keyStorePassword);
} else {
in = new URL(keyStoreURL).openStream();
keyStore.load(in, keyStorePassword);
}
} catch (MalformedURLException e) {
LoginException le = new LoginException
("Incorrect keyStoreURL option");
le.initCause(e);
throw le;
} catch (GeneralSecurityException e) {
LoginException le = new LoginException
("Error initializing keystore");
le.initCause(e);
throw le;
} catch (IOException e) {
LoginException le = new LoginException
("Error initializing keystore");
le.initCause(e);
throw le;
} finally {
if (in != null) {
try {
in.close();
} catch (IOException ioe) {
LoginException le = new LoginException
("Error initializing keystore");
le.initCause(ioe);
throw le;
}
}
}
/* Get certificate chain and create a certificate path */
try {
fromKeyStore =
keyStore.getCertificateChain(keyStoreAlias);
if (fromKeyStore == null
|| fromKeyStore.length == 0
|| !(fromKeyStore[0] instanceof X509Certificate))
{
throw new FailedLoginException(
"Unable to find X.509 certificate chain in keystore");
} else {
LinkedList<Certificate> certList = new LinkedList<>();
for (int i=0; i < fromKeyStore.length; i++) {
certList.add(fromKeyStore[i]);
}
CertificateFactory certF=
CertificateFactory.getInstance("X.509");
certP =
certF.generateCertPath(certList);
}
} catch (KeyStoreException e) {
LoginException le = new LoginException("Error using keystore");
le.initCause(e);
throw le;
} catch (CertificateException ce) {
LoginException le = new LoginException
("Error: X.509 Certificate type unavailable");
le.initCause(ce);
throw le;
}
/* Get principal and keys */
try {
X509Certificate certificate = (X509Certificate)fromKeyStore[0];
principal = new javax.security.auth.x500.X500Principal
(certificate.getSubjectDN().getName());
// if token, privateKeyPassword will be null
Key privateKey = keyStore.getKey(keyStoreAlias, privateKeyPassword);
if (privateKey == null
|| !(privateKey instanceof PrivateKey))
{
throw new FailedLoginException(
"Unable to recover key from keystore");
}
privateCredential = new X500PrivateCredential(
certificate, (PrivateKey) privateKey, keyStoreAlias);
} catch (KeyStoreException e) {
LoginException le = new LoginException("Error using keystore");
le.initCause(e);
throw le;
} catch (NoSuchAlgorithmException e) {
LoginException le = new LoginException("Error using keystore");
le.initCause(e);
throw le;
} catch (UnrecoverableKeyException e) {
FailedLoginException fle = new FailedLoginException
("Unable to recover key from keystore");
fle.initCause(e);
throw fle;
}
if (debug) {
debugPrint("principal=" + principal +
"\n certificate="
+ privateCredential.getCertificate() +
"\n alias =" + privateCredential.getAlias());
}
}
/**
* Abstract method to commit the authentication process (phase 2).
*
* <p> This method is called if the LoginContext's
* overall authentication succeeded
* (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules
* succeeded).
*
* <p> If this LoginModule's own authentication attempt
* succeeded (checked by retrieving the private state saved by the
* <code>login</code> method), then this method associates a
* <code>X500Principal</code> for the subject distinguished name of the
* first certificate in the alias's credentials in the subject's
* principals,the alias's certificate path in the subject's public
* credentials, and a<code>X500PrivateCredential</code> whose certificate
* is the first certificate in the alias's certificate path and whose
* private key is the alias's private key in the subject's private
* credentials. If this LoginModule's own
* authentication attempted failed, then this method removes
* any state that was originally saved.
*
* <p>
*
* @exception LoginException if the commit fails
*
* @return true if this LoginModule's own login and commit
* attempts succeeded, or false otherwise.
*/
public boolean commit() throws LoginException {
switch (status) {
case UNINITIALIZED:
default:
throw new LoginException("The login module is not initialized");
case INITIALIZED:
logoutInternal();
throw new LoginException("Authentication failed");
case AUTHENTICATED:
if (commitInternal()) {
return true;
} else {
logoutInternal();
throw new LoginException("Unable to retrieve certificates");
}
case LOGGED_IN:
return true;
}
}
private boolean commitInternal() throws LoginException {
/* If the subject is not readonly add to the principal and credentials
* set; otherwise just return true
*/
if (subject.isReadOnly()) {
throw new LoginException ("Subject is set readonly");
} else {
subject.getPrincipals().add(principal);
subject.getPublicCredentials().add(certP);
subject.getPrivateCredentials().add(privateCredential);
status = LOGGED_IN;
return true;
}
}
/**
* <p> This method is called if the LoginContext's
* overall authentication failed.
* (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules
* did not succeed).
*
* <p> If this LoginModule's own authentication attempt
* succeeded (checked by retrieving the private state saved by the
* <code>login</code> and <code>commit</code> methods),
* then this method cleans up any state that was originally saved.
*
* <p> If the loaded KeyStore's provider extends
* <code>java.security.AuthProvider</code>,
* then the provider's <code>logout</code> method is invoked.
*
* <p>
*
* @exception LoginException if the abort fails.
*
* @return false if this LoginModule's own login and/or commit attempts
* failed, and true otherwise.
*/
public boolean abort() throws LoginException {
switch (status) {
case UNINITIALIZED:
default:
return false;
case INITIALIZED:
return false;
case AUTHENTICATED:
logoutInternal();
return true;
case LOGGED_IN:
logoutInternal();
return true;
}
}
/**
* Logout a user.
*
* <p> This method removes the Principals, public credentials and the
* private credentials that were added by the <code>commit</code> method.
*
* <p> If the loaded KeyStore's provider extends
* <code>java.security.AuthProvider</code>,
* then the provider's <code>logout</code> method is invoked.
*
* <p>
*
* @exception LoginException if the logout fails.
*
* @return true in all cases since this <code>LoginModule</code>
* should not be ignored.
*/
public boolean logout() throws LoginException {
if (debug)
debugPrint("Entering logout " + status);
switch (status) {
case UNINITIALIZED:
throw new LoginException
("The login module is not initialized");
case INITIALIZED:
case AUTHENTICATED:
default:
// impossible for LoginModule to be in AUTHENTICATED
// state
// assert status != AUTHENTICATED;
return false;
case LOGGED_IN:
logoutInternal();
return true;
}
}
private void logoutInternal() throws LoginException {
if (debug) {
debugPrint("Entering logoutInternal");
}
// assumption is that KeyStore.load did a login -
// perform explicit logout if possible
LoginException logoutException = null;
Provider provider = keyStore.getProvider();
if (provider instanceof AuthProvider) {
AuthProvider ap = (AuthProvider)provider;
try {
ap.logout();
if (debug) {
debugPrint("logged out of KeyStore AuthProvider");
}
} catch (LoginException le) {
// save but continue below
logoutException = le;
}
}
if (subject.isReadOnly()) {
// attempt to destroy the private credential
// even if the Subject is read-only
principal = null;
certP = null;
status = INITIALIZED;
// destroy the private credential
Iterator<Object> it = subject.getPrivateCredentials().iterator();
while (it.hasNext()) {
Object obj = it.next();
if (privateCredential.equals(obj)) {
privateCredential = null;
try {
((Destroyable)obj).destroy();
if (debug)
debugPrint("Destroyed private credential, " +
obj.getClass().getName());
break;
} catch (DestroyFailedException dfe) {
LoginException le = new LoginException
("Unable to destroy private credential, "
+ obj.getClass().getName());
le.initCause(dfe);
throw le;
}
}
}
// throw an exception because we can not remove
// the principal and public credential from this
// read-only Subject
throw new LoginException
("Unable to remove Principal ("
+ "X500Principal "
+ ") and public credential (certificatepath) "
+ "from read-only Subject");
}
if (principal != null) {
subject.getPrincipals().remove(principal);
principal = null;
}
if (certP != null) {
subject.getPublicCredentials().remove(certP);
certP = null;
}
if (privateCredential != null) {
subject.getPrivateCredentials().remove(privateCredential);
privateCredential = null;
}
// throw pending logout exception if there is one
if (logoutException != null) {
throw logoutException;
}
status = INITIALIZED;
}
private void debugPrint(String message) {
// we should switch to logging API
if (message == null) {
System.err.println();
} else {
System.err.println("Debug KeyStoreLoginModule: " + message);
}
}
}

1306
jdkSrc/jdk8/com/sun/security/auth/module/Krb5LoginModule.java Normal file
View File

File diff suppressed because it is too large Load Diff

1068
jdkSrc/jdk8/com/sun/security/auth/module/LdapLoginModule.java Normal file
View File

File diff suppressed because it is too large Load Diff

399
jdkSrc/jdk8/com/sun/security/auth/module/NTLoginModule.java Normal file
View File

@@ -0,0 +1,399 @@
/*
* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package com.sun.security.auth.module;
import java.util.*;
import java.io.IOException;
import javax.security.auth.*;
import javax.security.auth.callback.*;
import javax.security.auth.login.*;
import javax.security.auth.spi.*;
import java.security.Principal;
import com.sun.security.auth.NTUserPrincipal;
import com.sun.security.auth.NTSidUserPrincipal;
import com.sun.security.auth.NTDomainPrincipal;
import com.sun.security.auth.NTSidDomainPrincipal;
import com.sun.security.auth.NTSidPrimaryGroupPrincipal;
import com.sun.security.auth.NTSidGroupPrincipal;
import com.sun.security.auth.NTNumericCredential;
/**
* <p> This <code>LoginModule</code>
* renders a user's NT security information as some number of
* <code>Principal</code>s
* and associates them with a <code>Subject</code>.
*
* <p> This LoginModule recognizes the debug option.
* If set to true in the login Configuration,
* debug messages will be output to the output stream, System.out.
*
* <p> This LoginModule also recognizes the debugNative option.
* If set to true in the login Configuration,
* debug messages from the native component of the module
* will be output to the output stream, System.out.
*
* @see javax.security.auth.spi.LoginModule
*/
@jdk.Exported
public class NTLoginModule implements LoginModule {
private NTSystem ntSystem;
// initial state
private Subject subject;
private CallbackHandler callbackHandler;
private Map<String, ?> sharedState;
private Map<String, ?> options;
// configurable option
private boolean debug = false;
private boolean debugNative = false;
// the authentication status
private boolean succeeded = false;
private boolean commitSucceeded = false;
private NTUserPrincipal userPrincipal; // user name
private NTSidUserPrincipal userSID; // user SID
private NTDomainPrincipal userDomain; // user domain
private NTSidDomainPrincipal domainSID; // domain SID
private NTSidPrimaryGroupPrincipal primaryGroup; // primary group
private NTSidGroupPrincipal groups[]; // supplementary groups
private NTNumericCredential iToken; // impersonation token
/**
* Initialize this <code>LoginModule</code>.
*
* <p>
*
* @param subject the <code>Subject</code> to be authenticated. <p>
*
* @param callbackHandler a <code>CallbackHandler</code> for communicating
* with the end user (prompting for usernames and
* passwords, for example). This particular LoginModule only
* extracts the underlying NT system information, so this
* parameter is ignored.<p>
*
* @param sharedState shared <code>LoginModule</code> state. <p>
*
* @param options options specified in the login
* <code>Configuration</code> for this particular
* <code>LoginModule</code>.
*/
public void initialize(Subject subject, CallbackHandler callbackHandler,
Map<String,?> sharedState,
Map<String,?> options)
{
this.subject = subject;
this.callbackHandler = callbackHandler;
this.sharedState = sharedState;
this.options = options;
// initialize any configured options
debug = "true".equalsIgnoreCase((String)options.get("debug"));
debugNative="true".equalsIgnoreCase((String)options.get("debugNative"));
if (debugNative == true) {
debug = true;
}
}
/**
* Import underlying NT system identity information.
*
* <p>
*
* @return true in all cases since this <code>LoginModule</code>
* should not be ignored.
*
* @exception FailedLoginException if the authentication fails. <p>
*
* @exception LoginException if this <code>LoginModule</code>
* is unable to perform the authentication.
*/
public boolean login() throws LoginException {
succeeded = false; // Indicate not yet successful
ntSystem = new NTSystem(debugNative);
if (ntSystem == null) {
if (debug) {
System.out.println("\t\t[NTLoginModule] " +
"Failed in NT login");
}
throw new FailedLoginException
("Failed in attempt to import the " +
"underlying NT system identity information");
}
if (ntSystem.getName() == null) {
throw new FailedLoginException
("Failed in attempt to import the " +
"underlying NT system identity information");
}
userPrincipal = new NTUserPrincipal(ntSystem.getName());
if (debug) {
System.out.println("\t\t[NTLoginModule] " +
"succeeded importing info: ");
System.out.println("\t\t\tuser name = " +
userPrincipal.getName());
}
if (ntSystem.getUserSID() != null) {
userSID = new NTSidUserPrincipal(ntSystem.getUserSID());
if (debug) {
System.out.println("\t\t\tuser SID = " +
userSID.getName());
}
}
if (ntSystem.getDomain() != null) {
userDomain = new NTDomainPrincipal(ntSystem.getDomain());
if (debug) {
System.out.println("\t\t\tuser domain = " +
userDomain.getName());
}
}
if (ntSystem.getDomainSID() != null) {
domainSID =
new NTSidDomainPrincipal(ntSystem.getDomainSID());
if (debug) {
System.out.println("\t\t\tuser domain SID = " +
domainSID.getName());
}
}
if (ntSystem.getPrimaryGroupID() != null) {
primaryGroup =
new NTSidPrimaryGroupPrincipal(ntSystem.getPrimaryGroupID());
if (debug) {
System.out.println("\t\t\tuser primary group = " +
primaryGroup.getName());
}
}
if (ntSystem.getGroupIDs() != null &&
ntSystem.getGroupIDs().length > 0) {
String groupSIDs[] = ntSystem.getGroupIDs();
groups = new NTSidGroupPrincipal[groupSIDs.length];
for (int i = 0; i < groupSIDs.length; i++) {
groups[i] = new NTSidGroupPrincipal(groupSIDs[i]);
if (debug) {
System.out.println("\t\t\tuser group = " +
groups[i].getName());
}
}
}
if (ntSystem.getImpersonationToken() != 0) {
iToken = new NTNumericCredential(ntSystem.getImpersonationToken());
if (debug) {
System.out.println("\t\t\timpersonation token = " +
ntSystem.getImpersonationToken());
}
}
succeeded = true;
return succeeded;
}
/**
* <p> This method is called if the LoginContext's
* overall authentication succeeded
* (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules
* succeeded).
*
* <p> If this LoginModule's own authentication attempt
* succeeded (checked by retrieving the private state saved by the
* <code>login</code> method), then this method associates some
* number of various <code>Principal</code>s
* with the <code>Subject</code> located in the
* <code>LoginModuleContext</code>. If this LoginModule's own
* authentication attempted failed, then this method removes
* any state that was originally saved.
*
* <p>
*
* @exception LoginException if the commit fails.
*
* @return true if this LoginModule's own login and commit
* attempts succeeded, or false otherwise.
*/
public boolean commit() throws LoginException {
if (succeeded == false) {
if (debug) {
System.out.println("\t\t[NTLoginModule]: " +
"did not add any Principals to Subject " +
"because own authentication failed.");
}
return false;
}
if (subject.isReadOnly()) {
throw new LoginException ("Subject is ReadOnly");
}
Set<Principal> principals = subject.getPrincipals();
// we must have a userPrincipal - everything else is optional
if (!principals.contains(userPrincipal)) {
principals.add(userPrincipal);
}
if (userSID != null && !principals.contains(userSID)) {
principals.add(userSID);
}
if (userDomain != null && !principals.contains(userDomain)) {
principals.add(userDomain);
}
if (domainSID != null && !principals.contains(domainSID)) {
principals.add(domainSID);
}
if (primaryGroup != null && !principals.contains(primaryGroup)) {
principals.add(primaryGroup);
}
for (int i = 0; groups != null && i < groups.length; i++) {
if (!principals.contains(groups[i])) {
principals.add(groups[i]);
}
}
Set<Object> pubCreds = subject.getPublicCredentials();
if (iToken != null && !pubCreds.contains(iToken)) {
pubCreds.add(iToken);
}
commitSucceeded = true;
return true;
}
/**
* <p> This method is called if the LoginContext's
* overall authentication failed.
* (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules
* did not succeed).
*
* <p> If this LoginModule's own authentication attempt
* succeeded (checked by retrieving the private state saved by the
* <code>login</code> and <code>commit</code> methods),
* then this method cleans up any state that was originally saved.
*
* <p>
*
* @exception LoginException if the abort fails.
*
* @return false if this LoginModule's own login and/or commit attempts
* failed, and true otherwise.
*/
public boolean abort() throws LoginException {
if (debug) {
System.out.println("\t\t[NTLoginModule]: " +
"aborted authentication attempt");
}
if (succeeded == false) {
return false;
} else if (succeeded == true && commitSucceeded == false) {
ntSystem = null;
userPrincipal = null;
userSID = null;
userDomain = null;
domainSID = null;
primaryGroup = null;
groups = null;
iToken = null;
succeeded = false;
} else {
// overall authentication succeeded and commit succeeded,
// but someone else's commit failed
logout();
}
return succeeded;
}
/**
* Logout the user.
*
* <p> This method removes the <code>NTUserPrincipal</code>,
* <code>NTDomainPrincipal</code>, <code>NTSidUserPrincipal</code>,
* <code>NTSidDomainPrincipal</code>, <code>NTSidGroupPrincipal</code>s,
* and <code>NTSidPrimaryGroupPrincipal</code>
* that may have been added by the <code>commit</code> method.
*
* <p>
*
* @exception LoginException if the logout fails.
*
* @return true in all cases since this <code>LoginModule</code>
* should not be ignored.
*/
public boolean logout() throws LoginException {
if (subject.isReadOnly()) {
throw new LoginException ("Subject is ReadOnly");
}
Set<Principal> principals = subject.getPrincipals();
if (principals.contains(userPrincipal)) {
principals.remove(userPrincipal);
}
if (principals.contains(userSID)) {
principals.remove(userSID);
}
if (principals.contains(userDomain)) {
principals.remove(userDomain);
}
if (principals.contains(domainSID)) {
principals.remove(domainSID);
}
if (principals.contains(primaryGroup)) {
principals.remove(primaryGroup);
}
for (int i = 0; groups != null && i < groups.length; i++) {
if (principals.contains(groups[i])) {
principals.remove(groups[i]);
}
}
Set<Object> pubCreds = subject.getPublicCredentials();
if (pubCreds.contains(iToken)) {
pubCreds.remove(iToken);
}
succeeded = false;
commitSucceeded = false;
userPrincipal = null;
userDomain = null;
userSID = null;
domainSID = null;
groups = null;
primaryGroup = null;
iToken = null;
ntSystem = null;
if (debug) {
System.out.println("\t\t[NTLoginModule] " +
"completed logout processing");
}
return true;
}
}

148
jdkSrc/jdk8/com/sun/security/auth/module/NTSystem.java Normal file
View File

@@ -0,0 +1,148 @@
/*
* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package com.sun.security.auth.module;
/**
* <p> This class implementation retrieves and makes available NT
* security information for the current user.
*
*/
@jdk.Exported
public class NTSystem {
private native void getCurrent(boolean debug);
private native long getImpersonationToken0();
private String userName;
private String domain;
private String domainSID;
private String userSID;
private String groupIDs[];
private String primaryGroupID;
private long impersonationToken;
/**
* Instantiate an <code>NTSystem</code> and load
* the native library to access the underlying system information.
*/
public NTSystem() {
this(false);
}
/**
* Instantiate an <code>NTSystem</code> and load
* the native library to access the underlying system information.
*/
NTSystem(boolean debug) {
loadNative();
getCurrent(debug);
}
/**
* Get the username for the current NT user.
*
* <p>
*
* @return the username for the current NT user.
*/
public String getName() {
return userName;
}
/**
* Get the domain for the current NT user.
*
* <p>
*
* @return the domain for the current NT user.
*/
public String getDomain() {
return domain;
}
/**
* Get a printable SID for the current NT user's domain.
*
* <p>
*
* @return a printable SID for the current NT user's domain.
*/
public String getDomainSID() {
return domainSID;
}
/**
* Get a printable SID for the current NT user.
*
* <p>
*
* @return a printable SID for the current NT user.
*/
public String getUserSID() {
return userSID;
}
/**
* Get a printable primary group SID for the current NT user.
*
* <p>
*
* @return the primary group SID for the current NT user.
*/
public String getPrimaryGroupID() {
return primaryGroupID;
}
/**
* Get the printable group SIDs for the current NT user.
*
* <p>
*
* @return the group SIDs for the current NT user.
*/
public String[] getGroupIDs() {
return groupIDs == null ? null : groupIDs.clone();
}
/**
* Get an impersonation token for the current NT user.
*
* <p>
*
* @return an impersonation token for the current NT user.
*/
public synchronized long getImpersonationToken() {
if (impersonationToken == 0) {
impersonationToken = getImpersonationToken0();
}
return impersonationToken;
}
private void loadNative() {
System.loadLibrary("jaas_nt");
}
}

315
jdkSrc/jdk8/com/sun/security/auth/module/SolarisLoginModule.java Normal file
View File

@@ -0,0 +1,315 @@
/*
* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package com.sun.security.auth.module;
import java.util.*;
import java.io.IOException;
import javax.security.auth.*;
import javax.security.auth.callback.*;
import javax.security.auth.login.*;
import javax.security.auth.spi.*;
import com.sun.security.auth.SolarisPrincipal;
import com.sun.security.auth.SolarisNumericUserPrincipal;
import com.sun.security.auth.SolarisNumericGroupPrincipal;
/**
* <p> This <code>LoginModule</code> imports a user's Solaris
* <code>Principal</code> information (<code>SolarisPrincipal</code>,
* <code>SolarisNumericUserPrincipal</code>,
* and <code>SolarisNumericGroupPrincipal</code>)
* and associates them with the current <code>Subject</code>.
*
* <p> This LoginModule recognizes the debug option.
* If set to true in the login Configuration,
* debug messages will be output to the output stream, System.out.
* @deprecated As of JDK1.4, replaced by
* <code>com.sun.security.auth.module.UnixLoginModule</code>.
* This LoginModule is entirely deprecated and
* is here to allow for a smooth transition to the new
* UnixLoginModule.
*
*/
@jdk.Exported(false)
@Deprecated
public class SolarisLoginModule implements LoginModule {
// initial state
private Subject subject;
private CallbackHandler callbackHandler;
private Map<String, ?> sharedState;
private Map<String, ?> options;
// configurable option
private boolean debug = true;
// SolarisSystem to retrieve underlying system info
private SolarisSystem ss;
// the authentication status
private boolean succeeded = false;
private boolean commitSucceeded = false;
// Underlying system info
private SolarisPrincipal userPrincipal;
private SolarisNumericUserPrincipal UIDPrincipal;
private SolarisNumericGroupPrincipal GIDPrincipal;
private LinkedList<SolarisNumericGroupPrincipal> supplementaryGroups =
new LinkedList<>();
/**
* Initialize this <code>LoginModule</code>.
*
* <p>
*
* @param subject the <code>Subject</code> to be authenticated. <p>
*
* @param callbackHandler a <code>CallbackHandler</code> for communicating
* with the end user (prompting for usernames and
* passwords, for example). <p>
*
* @param sharedState shared <code>LoginModule</code> state. <p>
*
* @param options options specified in the login
* <code>Configuration</code> for this particular
* <code>LoginModule</code>.
*/
public void initialize(Subject subject, CallbackHandler callbackHandler,
Map<String,?> sharedState,
Map<String,?> options)
{
this.subject = subject;
this.callbackHandler = callbackHandler;
this.sharedState = sharedState;
this.options = options;
// initialize any configured options
debug = "true".equalsIgnoreCase((String)options.get("debug"));
}
/**
* Authenticate the user (first phase).
*
* <p> The implementation of this method attempts to retrieve the user's
* Solaris <code>Subject</code> information by making a native Solaris
* system call.
*
* <p>
*
* @exception FailedLoginException if attempts to retrieve the underlying
* system information fail.
*
* @return true in all cases (this <code>LoginModule</code>
* should not be ignored).
*/
public boolean login() throws LoginException {
long[] solarisGroups = null;
ss = new SolarisSystem();
if (ss == null) {
succeeded = false;
throw new FailedLoginException
("Failed in attempt to import " +
"the underlying system identity information");
} else {
userPrincipal = new SolarisPrincipal(ss.getUsername());
UIDPrincipal = new SolarisNumericUserPrincipal(ss.getUid());
GIDPrincipal = new SolarisNumericGroupPrincipal(ss.getGid(), true);
if (ss.getGroups() != null && ss.getGroups().length > 0)
solarisGroups = ss.getGroups();
for (int i = 0; i < solarisGroups.length; i++) {
SolarisNumericGroupPrincipal ngp =
new SolarisNumericGroupPrincipal
(solarisGroups[i], false);
if (!ngp.getName().equals(GIDPrincipal.getName()))
supplementaryGroups.add(ngp);
}
if (debug) {
System.out.println("\t\t[SolarisLoginModule]: " +
"succeeded importing info: ");
System.out.println("\t\t\tuid = " + ss.getUid());
System.out.println("\t\t\tgid = " + ss.getGid());
solarisGroups = ss.getGroups();
for (int i = 0; i < solarisGroups.length; i++) {
System.out.println("\t\t\tsupp gid = " + solarisGroups[i]);
}
}
succeeded = true;
return true;
}
}
/**
* Commit the authentication (second phase).
*
* <p> This method is called if the LoginContext's
* overall authentication succeeded
* (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules
* succeeded).
*
* <p> If this LoginModule's own authentication attempt
* succeeded (the importing of the Solaris authentication information
* succeeded), then this method associates the Solaris Principals
* with the <code>Subject</code> currently tied to the
* <code>LoginModule</code>. If this LoginModule's
* authentication attempted failed, then this method removes
* any state that was originally saved.
*
* <p>
*
* @exception LoginException if the commit fails
*
* @return true if this LoginModule's own login and commit attempts
* succeeded, or false otherwise.
*/
public boolean commit() throws LoginException {
if (succeeded == false) {
if (debug) {
System.out.println("\t\t[SolarisLoginModule]: " +
"did not add any Principals to Subject " +
"because own authentication failed.");
}
return false;
}
if (subject.isReadOnly()) {
throw new LoginException ("Subject is Readonly");
}
if (!subject.getPrincipals().contains(userPrincipal))
subject.getPrincipals().add(userPrincipal);
if (!subject.getPrincipals().contains(UIDPrincipal))
subject.getPrincipals().add(UIDPrincipal);
if (!subject.getPrincipals().contains(GIDPrincipal))
subject.getPrincipals().add(GIDPrincipal);
for (int i = 0; i < supplementaryGroups.size(); i++) {
if (!subject.getPrincipals().contains(supplementaryGroups.get(i)))
subject.getPrincipals().add(supplementaryGroups.get(i));
}
if (debug) {
System.out.println("\t\t[SolarisLoginModule]: " +
"added SolarisPrincipal,");
System.out.println("\t\t\t\tSolarisNumericUserPrincipal,");
System.out.println("\t\t\t\tSolarisNumericGroupPrincipal(s),");
System.out.println("\t\t\t to Subject");
}
commitSucceeded = true;
return true;
}
/**
* Abort the authentication (second phase).
*
* <p> This method is called if the LoginContext's
* overall authentication failed.
* (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules
* did not succeed).
*
* <p> This method cleans up any state that was originally saved
* as part of the authentication attempt from the <code>login</code>
* and <code>commit</code> methods.
*
* <p>
*
* @exception LoginException if the abort fails
*
* @return false if this LoginModule's own login and/or commit attempts
* failed, and true otherwise.
*/
public boolean abort() throws LoginException {
if (debug) {
System.out.println("\t\t[SolarisLoginModule]: " +
"aborted authentication attempt");
}
if (succeeded == false) {
return false;
} else if (succeeded == true && commitSucceeded == false) {
// Clean out state
succeeded = false;
ss = null;
userPrincipal = null;
UIDPrincipal = null;
GIDPrincipal = null;
supplementaryGroups =
new LinkedList<SolarisNumericGroupPrincipal>();
} else {
// overall authentication succeeded and commit succeeded,
// but someone else's commit failed
logout();
}
return true;
}
/**
* Logout the user
*
* <p> This method removes the Principals associated
* with the <code>Subject</code>.
*
* <p>
*
* @exception LoginException if the logout fails
*
* @return true in all cases (this <code>LoginModule</code>
* should not be ignored).
*/
public boolean logout() throws LoginException {
if (debug) {
System.out.println("\t\t[SolarisLoginModule]: " +
"Entering logout");
}
if (subject.isReadOnly()) {
throw new LoginException ("Subject is Readonly");
}
// remove the added Principals from the Subject
subject.getPrincipals().remove(userPrincipal);
subject.getPrincipals().remove(UIDPrincipal);
subject.getPrincipals().remove(GIDPrincipal);
for (int i = 0; i < supplementaryGroups.size(); i++) {
subject.getPrincipals().remove(supplementaryGroups.get(i));
}
// clean out state
ss = null;
succeeded = false;
commitSucceeded = false;
userPrincipal = null;
UIDPrincipal = null;
GIDPrincipal = null;
supplementaryGroups = new LinkedList<SolarisNumericGroupPrincipal>();
if (debug) {
System.out.println("\t\t[SolarisLoginModule]: " +
"logged out Subject");
}
return true;
}
}

95
jdkSrc/jdk8/com/sun/security/auth/module/SolarisSystem.java Normal file
View File

@@ -0,0 +1,95 @@
/*
* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package com.sun.security.auth.module;
/**
* <p> This class implementation retrieves and makes available Solaris
* UID/GID/groups information for the current user.
*
*/
@jdk.Exported
public class SolarisSystem {
private native void getSolarisInfo();
protected String username;
protected long uid;
protected long gid;
protected long[] groups;
/**
* Instantiate a <code>SolarisSystem</code> and load
* the native library to access the underlying system information.
*/
public SolarisSystem() {
System.loadLibrary("jaas_unix");
getSolarisInfo();
}
/**
* Get the username for the current Solaris user.
*
* <p>
*
* @return the username for the current Solaris user.
*/
public String getUsername() {
return username;
}
/**
* Get the UID for the current Solaris user.
*
* <p>
*
* @return the UID for the current Solaris user.
*/
public long getUid() {
return uid;
}
/**
* Get the GID for the current Solaris user.
*
* <p>
*
* @return the GID for the current Solaris user.
*/
public long getGid() {
return gid;
}
/**
* Get the supplementary groups for the current Solaris user.
*
* <p>
*
* @return the supplementary groups for the current Solaris user.
*/
public long[] getGroups() {
return groups == null ? null : groups.clone();
}
}

308
jdkSrc/jdk8/com/sun/security/auth/module/UnixLoginModule.java Normal file
View File

@@ -0,0 +1,308 @@
/*
* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package com.sun.security.auth.module;
import java.util.*;
import java.io.IOException;
import javax.security.auth.*;
import javax.security.auth.callback.*;
import javax.security.auth.login.*;
import javax.security.auth.spi.*;
import com.sun.security.auth.UnixPrincipal;
import com.sun.security.auth.UnixNumericUserPrincipal;
import com.sun.security.auth.UnixNumericGroupPrincipal;
/**
* <p> This <code>LoginModule</code> imports a user's Unix
* <code>Principal</code> information (<code>UnixPrincipal</code>,
* <code>UnixNumericUserPrincipal</code>,
* and <code>UnixNumericGroupPrincipal</code>)
* and associates them with the current <code>Subject</code>.
*
* <p> This LoginModule recognizes the debug option.
* If set to true in the login Configuration,
* debug messages will be output to the output stream, System.out.
*
*/
@jdk.Exported
public class UnixLoginModule implements LoginModule {
// initial state
private Subject subject;
private CallbackHandler callbackHandler;
private Map<String, ?> sharedState;
private Map<String, ?> options;
// configurable option
private boolean debug = true;
// UnixSystem to retrieve underlying system info
private UnixSystem ss;
// the authentication status
private boolean succeeded = false;
private boolean commitSucceeded = false;
// Underlying system info
private UnixPrincipal userPrincipal;
private UnixNumericUserPrincipal UIDPrincipal;
private UnixNumericGroupPrincipal GIDPrincipal;
private LinkedList<UnixNumericGroupPrincipal> supplementaryGroups =
new LinkedList<>();
/**
* Initialize this <code>LoginModule</code>.
*
* <p>
*
* @param subject the <code>Subject</code> to be authenticated. <p>
*
* @param callbackHandler a <code>CallbackHandler</code> for communicating
* with the end user (prompting for usernames and
* passwords, for example). <p>
*
* @param sharedState shared <code>LoginModule</code> state. <p>
*
* @param options options specified in the login
* <code>Configuration</code> for this particular
* <code>LoginModule</code>.
*/
public void initialize(Subject subject, CallbackHandler callbackHandler,
Map<String,?> sharedState,
Map<String,?> options) {
this.subject = subject;
this.callbackHandler = callbackHandler;
this.sharedState = sharedState;
this.options = options;
// initialize any configured options
debug = "true".equalsIgnoreCase((String)options.get("debug"));
}
/**
* Authenticate the user (first phase).
*
* <p> The implementation of this method attempts to retrieve the user's
* Unix <code>Subject</code> information by making a native Unix
* system call.
*
* <p>
*
* @exception FailedLoginException if attempts to retrieve the underlying
* system information fail.
*
* @return true in all cases (this <code>LoginModule</code>
* should not be ignored).
*/
public boolean login() throws LoginException {
long[] unixGroups = null;
ss = new UnixSystem();
if (ss == null) {
succeeded = false;
throw new FailedLoginException
("Failed in attempt to import " +
"the underlying system identity information");
} else {
userPrincipal = new UnixPrincipal(ss.getUsername());
UIDPrincipal = new UnixNumericUserPrincipal(ss.getUid());
GIDPrincipal = new UnixNumericGroupPrincipal(ss.getGid(), true);
if (ss.getGroups() != null && ss.getGroups().length > 0) {
unixGroups = ss.getGroups();
for (int i = 0; i < unixGroups.length; i++) {
UnixNumericGroupPrincipal ngp =
new UnixNumericGroupPrincipal
(unixGroups[i], false);
if (!ngp.getName().equals(GIDPrincipal.getName()))
supplementaryGroups.add(ngp);
}
}
if (debug) {
System.out.println("\t\t[UnixLoginModule]: " +
"succeeded importing info: ");
System.out.println("\t\t\tuid = " + ss.getUid());
System.out.println("\t\t\tgid = " + ss.getGid());
unixGroups = ss.getGroups();
for (int i = 0; i < unixGroups.length; i++) {
System.out.println("\t\t\tsupp gid = " + unixGroups[i]);
}
}
succeeded = true;
return true;
}
}
/**
* Commit the authentication (second phase).
*
* <p> This method is called if the LoginContext's
* overall authentication succeeded
* (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules
* succeeded).
*
* <p> If this LoginModule's own authentication attempt
* succeeded (the importing of the Unix authentication information
* succeeded), then this method associates the Unix Principals
* with the <code>Subject</code> currently tied to the
* <code>LoginModule</code>. If this LoginModule's
* authentication attempted failed, then this method removes
* any state that was originally saved.
*
* <p>
*
* @exception LoginException if the commit fails
*
* @return true if this LoginModule's own login and commit attempts
* succeeded, or false otherwise.
*/
public boolean commit() throws LoginException {
if (succeeded == false) {
if (debug) {
System.out.println("\t\t[UnixLoginModule]: " +
"did not add any Principals to Subject " +
"because own authentication failed.");
}
return false;
} else {
if (subject.isReadOnly()) {
throw new LoginException
("commit Failed: Subject is Readonly");
}
if (!subject.getPrincipals().contains(userPrincipal))
subject.getPrincipals().add(userPrincipal);
if (!subject.getPrincipals().contains(UIDPrincipal))
subject.getPrincipals().add(UIDPrincipal);
if (!subject.getPrincipals().contains(GIDPrincipal))
subject.getPrincipals().add(GIDPrincipal);
for (int i = 0; i < supplementaryGroups.size(); i++) {
if (!subject.getPrincipals().contains
(supplementaryGroups.get(i)))
subject.getPrincipals().add(supplementaryGroups.get(i));
}
if (debug) {
System.out.println("\t\t[UnixLoginModule]: " +
"added UnixPrincipal,");
System.out.println("\t\t\t\tUnixNumericUserPrincipal,");
System.out.println("\t\t\t\tUnixNumericGroupPrincipal(s),");
System.out.println("\t\t\t to Subject");
}
commitSucceeded = true;
return true;
}
}
/**
* Abort the authentication (second phase).
*
* <p> This method is called if the LoginContext's
* overall authentication failed.
* (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules
* did not succeed).
*
* <p> This method cleans up any state that was originally saved
* as part of the authentication attempt from the <code>login</code>
* and <code>commit</code> methods.
*
* <p>
*
* @exception LoginException if the abort fails
*
* @return false if this LoginModule's own login and/or commit attempts
* failed, and true otherwise.
*/
public boolean abort() throws LoginException {
if (debug) {
System.out.println("\t\t[UnixLoginModule]: " +
"aborted authentication attempt");
}
if (succeeded == false) {
return false;
} else if (succeeded == true && commitSucceeded == false) {
// Clean out state
succeeded = false;
ss = null;
userPrincipal = null;
UIDPrincipal = null;
GIDPrincipal = null;
supplementaryGroups = new LinkedList<UnixNumericGroupPrincipal>();
} else {
// overall authentication succeeded and commit succeeded,
// but someone else's commit failed
logout();
}
return true;
}
/**
* Logout the user
*
* <p> This method removes the Principals associated
* with the <code>Subject</code>.
*
* <p>
*
* @exception LoginException if the logout fails
*
* @return true in all cases (this <code>LoginModule</code>
* should not be ignored).
*/
public boolean logout() throws LoginException {
if (subject.isReadOnly()) {
throw new LoginException
("logout Failed: Subject is Readonly");
}
// remove the added Principals from the Subject
subject.getPrincipals().remove(userPrincipal);
subject.getPrincipals().remove(UIDPrincipal);
subject.getPrincipals().remove(GIDPrincipal);
for (int i = 0; i < supplementaryGroups.size(); i++) {
subject.getPrincipals().remove(supplementaryGroups.get(i));
}
// clean out state
ss = null;
succeeded = false;
commitSucceeded = false;
userPrincipal = null;
UIDPrincipal = null;
GIDPrincipal = null;
supplementaryGroups = new LinkedList<UnixNumericGroupPrincipal>();
if (debug) {
System.out.println("\t\t[UnixLoginModule]: " +
"logged out Subject");
}
return true;
}
}

95
jdkSrc/jdk8/com/sun/security/auth/module/UnixSystem.java Normal file
View File

@@ -0,0 +1,95 @@
/*
* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package com.sun.security.auth.module;
/**
* <p> This class implementation retrieves and makes available Unix
* UID/GID/groups information for the current user.
*
*/
@jdk.Exported
public class UnixSystem {
private native void getUnixInfo();
protected String username;
protected long uid;
protected long gid;
protected long[] groups;
/**
* Instantiate a <code>UnixSystem</code> and load
* the native library to access the underlying system information.
*/
public UnixSystem() {
System.loadLibrary("jaas_unix");
getUnixInfo();
}
/**
* Get the username for the current Unix user.
*
* <p>
*
* @return the username for the current Unix user.
*/
public String getUsername() {
return username;
}
/**
* Get the UID for the current Unix user.
*
* <p>
*
* @return the UID for the current Unix user.
*/
public long getUid() {
return uid;
}
/**
* Get the GID for the current Unix user.
*
* <p>
*
* @return the GID for the current Unix user.
*/
public long getGid() {
return gid;
}
/**
* Get the supplementary groups for the current Unix user.
*
* <p>
*
* @return the supplementary groups for the current Unix user.
*/
public long[] getGroups() {
return groups == null ? null : groups.clone();
}
}

27
jdkSrc/jdk8/com/sun/security/auth/module/package-info.java Normal file
View File

@@ -0,0 +1,27 @@
/*
* Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
@jdk.Exported
package com.sun.security.auth.module;

27
jdkSrc/jdk8/com/sun/security/auth/package-info.java Normal file
View File

@@ -0,0 +1,27 @@
/*
* Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
@jdk.Exported
package com.sun.security.auth;