Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
PojavLauncherTeam
GitHub Repository: PojavLauncherTeam/openjdk-multiarch-jdk8u
 Path: blob/aarch64-shenandoah-jdk8u272-b10/jdk/src/share/classes/sun/security/jgss/LoginConfigImpl.java
38830 views
1
/*

2
 * Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved.

3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

4
 *

5
 * This code is free software; you can redistribute it and/or modify it

6
 * under the terms of the GNU General Public License version 2 only, as

7
 * published by the Free Software Foundation.  Oracle designates this

8
 * particular file as subject to the "Classpath" exception as provided

9
 * by Oracle in the LICENSE file that accompanied this code.

10
 *

11
 * This code is distributed in the hope that it will be useful, but WITHOUT

12
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or

13
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License

14
 * version 2 for more details (a copy is included in the LICENSE file that

15
 * accompanied this code).

16
 *

17
 * You should have received a copy of the GNU General Public License version

18
 * 2 along with this work; if not, write to the Free Software Foundation,

19
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

20
 *

21
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA

22
 * or visit www.oracle.com if you need additional information or have any

23
 * questions.

24
 */

25


26
package sun.security.jgss;

27


28
import java.util.HashMap;

29
import javax.security.auth.login.AppConfigurationEntry;

30
import javax.security.auth.login.Configuration;

31
import org.ietf.jgss.Oid;

32
import sun.security.action.GetPropertyAction;

33


34
/**

35
 * A Configuration implementation especially designed for JGSS.

36
 *

37
 * @author weijun.wang

38
 * @since 1.6

39
 */

40
public class LoginConfigImpl extends Configuration {

41


42
    private final Configuration config;

43
    private final GSSCaller caller;

44
    private final String mechName;

45
    private static final sun.security.util.Debug debug =

46
        sun.security.util.Debug.getInstance("gssloginconfig", "\t[GSS LoginConfigImpl]");

47


48
    public static final boolean HTTP_USE_GLOBAL_CREDS;

49


50
    static {

51
        String prop = GetPropertyAction

52
                .privilegedGetProperty("http.use.global.creds");

53
        //HTTP_USE_GLOBAL_CREDS = "true".equalsIgnoreCase(prop); // default false

54
        HTTP_USE_GLOBAL_CREDS = !"false".equalsIgnoreCase(prop); // default true

55
    }

56


57


58
    /**

59
     * A new instance of LoginConfigImpl must be created for each login request

60
     * since it's only used by a single (caller, mech) pair

61
     * @param caller defined in GSSUtil as CALLER_XXX final fields

62
     * @param mech defined in GSSUtil as XXX_MECH_OID final fields

63
     */

64
    public LoginConfigImpl(GSSCaller caller, Oid mech) {

65


66
        this.caller = caller;

67


68
        if (mech.equals(GSSUtil.GSS_KRB5_MECH_OID)) {

69
            mechName = "krb5";

70
        } else {

71
            throw new IllegalArgumentException(mech.toString() + " not supported");

72
        }

73
        config = java.security.AccessController.doPrivileged

74
                (new java.security.PrivilegedAction <Configuration> () {

75
            public Configuration run() {

76
                return Configuration.getConfiguration();

77
            }

78
        });

79
    }

80


81
    /**

82
     * @param name Almost useless, since the (caller, mech) is already passed

83
     *             into constructor. The only use will be detecting OTHER which

84
     *             is called in LoginContext

85
     */

86
    public AppConfigurationEntry[] getAppConfigurationEntry(String name) {

87


88
        AppConfigurationEntry[] entries = null;

89


90
        // This is the second call from LoginContext, which we will just ignore

91
        if ("OTHER".equalsIgnoreCase(name)) {

92
            return null;

93
        }

94


95
        String[] alts = null;

96


97
        // Compatibility:

98
        // For the 4 old callers, old entry names will be used if the new

99
        // entry name is not provided.

100


101
        if ("krb5".equals(mechName)) {

102
            if (caller == GSSCaller.CALLER_INITIATE) {

103
                alts = new String[] {

104
                    "com.sun.security.jgss.krb5.initiate",

105
                    "com.sun.security.jgss.initiate",

106
                };

107
            } else if (caller == GSSCaller.CALLER_ACCEPT) {

108
                alts = new String[] {

109
                    "com.sun.security.jgss.krb5.accept",

110
                    "com.sun.security.jgss.accept",

111
                };

112
            } else if (caller == GSSCaller.CALLER_SSL_CLIENT) {

113
                alts = new String[] {

114
                    "com.sun.security.jgss.krb5.initiate",

115
                    "com.sun.net.ssl.client",

116
                };

117
            } else if (caller == GSSCaller.CALLER_SSL_SERVER) {

118
                alts = new String[] {

119
                    "com.sun.security.jgss.krb5.accept",

120
                    "com.sun.net.ssl.server",

121
                };

122
            } else if (caller instanceof HttpCaller) {

123
                alts = new String[] {

124
                    "com.sun.security.jgss.krb5.initiate",

125
                };

126
            } else if (caller == GSSCaller.CALLER_UNKNOWN) {

127
                throw new AssertionError("caller not defined");

128
            }

129
        } else {

130
            throw new IllegalArgumentException(mechName + " not supported");

131
            // No other mech at the moment, maybe --

132
            /*

133
            switch (caller) {

134
            case GSSUtil.CALLER_INITIATE:

135
            case GSSUtil.CALLER_SSL_CLIENT:

136
            case GSSUtil.CALLER_HTTP_NEGOTIATE:

137
                alts = new String[] {

138
                    "com.sun.security.jgss." + mechName + ".initiate",

139
                };

140
                break;

141
            case GSSUtil.CALLER_ACCEPT:

142
            case GSSUtil.CALLER_SSL_SERVER:

143
                alts = new String[] {

144
                    "com.sun.security.jgss." + mechName + ".accept",

145
                };

146
                break;

147
            case GSSUtil.CALLER_UNKNOWN:

148
                // should never use

149
                throw new AssertionError("caller cannot be unknown");

150
            default:

151
                throw new AssertionError("caller not defined");

152
            }

153
             */

154
        }

155
        for (String alt: alts) {

156
            entries = config.getAppConfigurationEntry(alt);

157
            if (debug != null) {

158
                debug.println("Trying " + alt +

159
                        ((entries == null)?": does not exist.":": Found!"));

160
            }

161
            if (entries != null) {

162
                break;

163
            }

164
        }

165


166
        if (entries == null) {

167
            if (debug != null) {

168
                debug.println("Cannot read JGSS entry, use default values instead.");

169
            }

170
            entries = getDefaultConfigurationEntry();

171
        }

172
        return entries;

173
    }

174


175
    /**

176
     * Default value for a caller-mech pair when no entry is defined in

177
     * the system-wide Configuration object.

178
     */

179
    private AppConfigurationEntry[] getDefaultConfigurationEntry() {

180
        HashMap <String, String> options = new HashMap <String, String> (2);

181


182
        if (mechName == null || mechName.equals("krb5")) {

183
            if (isServerSide(caller)) {

184
                // Assuming the keytab file can be found through

185
                // krb5 config file or under user home directory

186
                options.put("useKeyTab", "true");

187
                options.put("storeKey", "true");

188
                options.put("doNotPrompt", "true");

189
                options.put("principal", "*");

190
                options.put("isInitiator", "false");

191
            } else {

192
                if (caller instanceof HttpCaller && !HTTP_USE_GLOBAL_CREDS) {

193
                    options.put("useTicketCache", "false");

194
                } else {

195
                    options.put("useTicketCache", "true");

196
                }

197
                options.put("doNotPrompt", "false");

198
            }

199
            return new AppConfigurationEntry[] {

200
                new AppConfigurationEntry(

201
                        "com.sun.security.auth.module.Krb5LoginModule",

202
                        AppConfigurationEntry.LoginModuleControlFlag.REQUIRED,

203
                        options)

204
            };

205
        }

206
        return null;

207
    }

208


209
    private static boolean isServerSide (GSSCaller caller) {

210
        return GSSCaller.CALLER_ACCEPT == caller ||

211
               GSSCaller.CALLER_SSL_SERVER == caller;

212
    }

213
}

214


215