1 /*
2 * Copyright (c) 2000, 2003, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package com.sun.security.sasl.util;
27
28 import javax.security.sasl.Sasl;
29 import java.util.Map;
30
31 /**
32 * Static class that contains utilities for dealing with Java SASL
33 * security policy-related properties.
34 *
35 * @author Rosanna Lee
36 */
37 final public class PolicyUtils {
38 // Can't create one of these
39 private PolicyUtils() {
40 }
41
42 public final static int NOPLAINTEXT = 0x0001;
43 public final static int NOACTIVE = 0x0002;
44 public final static int NODICTIONARY = 0x0004;
45 public final static int FORWARD_SECRECY = 0x0008;
46 public final static int NOANONYMOUS = 0x0010;
47 public final static int PASS_CREDENTIALS = 0x0200;
48
49 /**
50 * Determines whether a mechanism's characteristics, as defined in flags,
51 * fits the security policy properties found in props.
52 * @param flags The mechanism's security characteristics
53 * @param props The security policy properties to check
54 * @return true if passes; false if fails
55 */
56 public static boolean checkPolicy(int flags, Map props) {
57 if (props == null) {
58 return true;
59 }
60
61 if ("true".equalsIgnoreCase((String)props.get(Sasl.POLICY_NOPLAINTEXT))
62 && (flags&NOPLAINTEXT) == 0) {
63 return false;
64 }
65 if ("true".equalsIgnoreCase((String)props.get(Sasl.POLICY_NOACTIVE))
66 && (flags&NOACTIVE) == 0) {
67 return false;
68 }
69 if ("true".equalsIgnoreCase((String)props.get(Sasl.POLICY_NODICTIONARY))
70 && (flags&NODICTIONARY) == 0) {
71 return false;
72 }
73 if ("true".equalsIgnoreCase((String)props.get(Sasl.POLICY_NOANONYMOUS))
74 && (flags&NOANONYMOUS) == 0) {
75 return false;
76 }
77 if ("true".equalsIgnoreCase((String)props.get(Sasl.POLICY_FORWARD_SECRECY))
78 && (flags&FORWARD_SECRECY) == 0) {
79 return false;
80 }
81 if ("true".equalsIgnoreCase((String)props.get(Sasl.POLICY_PASS_CREDENTIALS))
82 && (flags&PASS_CREDENTIALS) == 0) {
83 return false;
84 }
85
86 return true;
87 }
88
89 /**
90 * Given a list of mechanisms and their characteristics, select the
91 * subset that conforms to the policies defined in props.
92 * Useful for SaslXXXFactory.getMechanismNames(props) implementations.
93 *
94 */
95 public static String[] filterMechs(String[] mechs, int[] policies,
96 Map props) {
97 if (props == null) {
98 return mechs.clone();
99 }
100
101 boolean[] passed = new boolean[mechs.length];
102 int count = 0;
103 for (int i = 0; i< mechs.length; i++) {
104 if (passed[i] = checkPolicy(policies[i], props)) {
105 ++count;
106 }
107 }
108 String[] answer = new String[count];
109 for (int i = 0, j=0; i< mechs.length; i++) {
110 if (passed[i]) {
111 answer[j++] = mechs[i];
112 }
113 }
114
115 return answer;
116 }
117 }