Back to index...

	/*
	* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
	*
	* This code is free software; you can redistribute it and/or modify it
	* under the terms of the GNU General Public License version 2 only, as
	* published by the Free Software Foundation. Oracle designates this
	* particular file as subject to the "Classpath" exception as provided
	* by Oracle in the LICENSE file that accompanied this code.
	*
	* This code is distributed in the hope that it will be useful, but WITHOUT
	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
	* version 2 for more details (a copy is included in the LICENSE file that
	* accompanied this code).
	*
	* You should have received a copy of the GNU General Public License version
	* 2 along with this work; if not, write to the Free Software Foundation,
	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
	*
	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
	* or visit www.oracle.com if you need additional information or have any
	* questions.
	*/

	package com.sun.security.sasl.util;

	import javax.security.sasl.*;
	import java.io.*;
	import java.util.Map;
	import java.util.StringTokenizer;

	import java.util.logging.Logger;
	import java.util.logging.Level;

	import sun.misc.HexDumpEncoder;

	/**
	* The base class used by client and server implementations of SASL
	* mechanisms to process properties passed in the props argument
	* and strings with the same format (e.g., used in digest-md5).
	*
	* Also contains utilities for doing int to network-byte-order
	* transformations.
	*
	* @author Rosanna Lee
	*/
	public abstract class AbstractSaslImpl {

	protected boolean completed = false;
	protected boolean privacy = false;
	protected boolean integrity = false;
	protected byte[] qop; // ordered list of qops
	protected byte allQop; // a mask indicating which QOPs are requested
	protected byte[] strength; // ordered list of cipher strengths

	// These are relevant only when privacy or integray have been negotiated
	protected int sendMaxBufSize = 0; // specified by peer but can override
	protected int recvMaxBufSize = 65536; // optionally specified by self
	protected int rawSendSize; // derived from sendMaxBufSize

	protected String myClassName;

	protected AbstractSaslImpl(Map<String, ?> props, String className)
	throws SaslException {
	myClassName = className;

	// Parse properties to set desired context options
	if (props != null) {
	String prop;

	// "auth", "auth-int", "auth-conf"
	qop = parseQop(prop=(String)props.get(Sasl.QOP));
	logger.logp(Level.FINE, myClassName, "constructor",
	"SASLIMPL01:Preferred qop property: {0}", prop);
	allQop = combineMasks(qop);

	if (logger.isLoggable(Level.FINE)) {
	logger.logp(Level.FINE, myClassName, "constructor",
	"SASLIMPL02:Preferred qop mask: {0}", new Byte(allQop));

	if (qop.length > 0) {
	StringBuffer qopbuf = new StringBuffer();
	for (int i = 0; i < qop.length; i++) {
	qopbuf.append(Byte.toString(qop[i]));
	qopbuf.append(' ');
	}
	logger.logp(Level.FINE, myClassName, "constructor",
	"SASLIMPL03:Preferred qops : {0}", qopbuf.toString());
	}
	}

	// "low", "medium", "high"
	strength = parseStrength(prop=(String)props.get(Sasl.STRENGTH));
	logger.logp(Level.FINE, myClassName, "constructor",
	"SASLIMPL04:Preferred strength property: {0}", prop);
	if (logger.isLoggable(Level.FINE) && strength.length > 0) {
	StringBuffer strbuf = new StringBuffer();
	for (int i = 0; i < strength.length; i++) {
	strbuf.append(Byte.toString(strength[i]));
	strbuf.append(' ');
	}
	logger.logp(Level.FINE, myClassName, "constructor",
	"SASLIMPL05:Cipher strengths: {0}", strbuf.toString());
	}

	// Max receive buffer size
	prop = (String)props.get(Sasl.MAX_BUFFER);
	if (prop != null) {
	try {
	logger.logp(Level.FINE, myClassName, "constructor",
	"SASLIMPL06:Max receive buffer size: {0}", prop);
	recvMaxBufSize = Integer.parseInt(prop);
	} catch (NumberFormatException e) {
	throw new SaslException(
	"Property must be string representation of integer: " +
	Sasl.MAX_BUFFER);
	}
	}

	// Max send buffer size
	prop = (String)props.get(MAX_SEND_BUF);
	if (prop != null) {
	try {
	logger.logp(Level.FINE, myClassName, "constructor",
	"SASLIMPL07:Max send buffer size: {0}", prop);
	sendMaxBufSize = Integer.parseInt(prop);
	} catch (NumberFormatException e) {
	throw new SaslException(
	"Property must be string representation of integer: " +
	MAX_SEND_BUF);
	}
	}
	} else {
	qop = DEFAULT_QOP;
	allQop = NO_PROTECTION;
	strength = STRENGTH_MASKS;
	}
	}

	/**
	* Determines whether this mechanism has completed.
	*
	* @return true if has completed; false otherwise;
	*/
	public boolean isComplete() {
	return completed;
	}

	/**
	* Retrieves the negotiated property.
	* @exception IllegalStateException if this authentication exchange has
	* not completed
	*/
	public Object getNegotiatedProperty(String propName) {
	if (!completed) {
	throw new IllegalStateException("SASL authentication not completed");
	}
	switch (propName) {
	case Sasl.QOP:
	if (privacy) {
	return "auth-conf";
	} else if (integrity) {
	return "auth-int";
	} else {
	return "auth";
	}
	case Sasl.MAX_BUFFER:
	return Integer.toString(recvMaxBufSize);
	case Sasl.RAW_SEND_SIZE:
	return Integer.toString(rawSendSize);
	case MAX_SEND_BUF:
	return Integer.toString(sendMaxBufSize);
	default:
	return null;
	}
	}

	protected static final byte combineMasks(byte[] in) {
	byte answer = 0;
	for (int i = 0; i < in.length; i++) {
	answer \|= in[i];
	}
	return answer;
	}

	protected static final byte findPreferredMask(byte pref, byte[] in) {
	for (int i = 0; i < in.length; i++) {
	if ((in[i]&pref) != 0) {
	return in[i];
	}
	}
	return (byte)0;
	}

	private static final byte[] parseQop(String qop) throws SaslException {
	return parseQop(qop, null, false);
	}

	protected static final byte[] parseQop(String qop, String[] saveTokens,
	boolean ignore) throws SaslException {
	if (qop == null) {
	return DEFAULT_QOP; // default
	}

	return parseProp(Sasl.QOP, qop, QOP_TOKENS, QOP_MASKS, saveTokens, ignore);
	}

	private static final byte[] parseStrength(String strength)
	throws SaslException {
	if (strength == null) {
	return DEFAULT_STRENGTH; // default
	}

	return parseProp(Sasl.STRENGTH, strength, STRENGTH_TOKENS,
	STRENGTH_MASKS, null, false);
	}

	private static final byte[] parseProp(String propName, String propVal,
	String[] vals, byte[] masks, String[] tokens, boolean ignore)
	throws SaslException {

	StringTokenizer parser = new StringTokenizer(propVal, ", \t\n");
	String token;
	byte[] answer = new byte[vals.length];
	int i = 0;
	boolean found;

	while (parser.hasMoreTokens() && i < answer.length) {
	token = parser.nextToken();
	found = false;
	for (int j = 0; !found && j < vals.length; j++) {
	if (token.equalsIgnoreCase(vals[j])) {
	found = true;
	answer[i++] = masks[j];
	if (tokens != null) {
	tokens[j] = token; // save what was parsed
	}
	}
	}
	if (!found && !ignore) {
	throw new SaslException(
	"Invalid token in " + propName + ": " + propVal);
	}
	}
	// Initialize rest of array with 0
	for (int j = i; j < answer.length; j++) {
	answer[j] = 0;
	}
	return answer;
	}


	/**
	* Outputs a byte array. Can be null.
	*/
	protected static final void traceOutput(String srcClass, String srcMethod,
	String traceTag, byte[] output) {
	traceOutput(srcClass, srcMethod, traceTag, output, 0,
	output == null ? 0 : output.length);
	}

	protected static final void traceOutput(String srcClass, String srcMethod,
	String traceTag, byte[] output, int offset, int len) {
	try {
	int origlen = len;
	Level lev;

	if (!logger.isLoggable(Level.FINEST)) {
	len = Math.min(16, len);
	lev = Level.FINER;
	} else {
	lev = Level.FINEST;
	}

	String content;

	if (output != null) {
	ByteArrayOutputStream out = new ByteArrayOutputStream(len);
	new HexDumpEncoder().encodeBuffer(
	new ByteArrayInputStream(output, offset, len), out);
	content = out.toString();
	} else {
	content = "NULL";
	}

	// Message id supplied by caller as part of traceTag
	logger.logp(lev, srcClass, srcMethod, "{0} ( {1} ): {2}",
	new Object[] {traceTag, new Integer(origlen), content});
	} catch (Exception e) {
	logger.logp(Level.WARNING, srcClass, srcMethod,
	"SASLIMPL09:Error generating trace output: {0}", e);
	}
	}


	/**
	* Returns the integer represented by 4 bytes in network byte order.
	*/
	protected static final int networkByteOrderToInt(byte[] buf, int start,
	int count) {
	if (count > 4) {
	throw new IllegalArgumentException("Cannot handle more than 4 bytes");
	}

	int answer = 0;

	for (int i = 0; i < count; i++) {
	answer <<= 8;
	answer \|= ((int)buf[start+i] & 0xff);
	}
	return answer;
	}

	/**
	* Encodes an integer into 4 bytes in network byte order in the buffer
	* supplied.
	*/
	protected static final void intToNetworkByteOrder(int num, byte[] buf,
	int start, int count) {
	if (count > 4) {
	throw new IllegalArgumentException("Cannot handle more than 4 bytes");
	}

	for (int i = count-1; i >= 0; i--) {
	buf[start+i] = (byte)(num & 0xff);
	num >>>= 8;
	}
	}

	// ---------------- Constants -----------------
	private static final String SASL_LOGGER_NAME = "javax.security.sasl";
	protected static final String MAX_SEND_BUF = "javax.security.sasl.sendmaxbuffer";

	/**
	* Logger for debug messages
	*/
	protected static final Logger logger = Logger.getLogger(SASL_LOGGER_NAME);

	// default 0 (no protection); 1 (integrity only)
	protected static final byte NO_PROTECTION = (byte)1;
	protected static final byte INTEGRITY_ONLY_PROTECTION = (byte)2;
	protected static final byte PRIVACY_PROTECTION = (byte)4;

	protected static final byte LOW_STRENGTH = (byte)1;
	protected static final byte MEDIUM_STRENGTH = (byte)2;
	protected static final byte HIGH_STRENGTH = (byte)4;

	private static final byte[] DEFAULT_QOP = new byte[]{NO_PROTECTION};
	private static final String[] QOP_TOKENS = {"auth-conf",
	"auth-int",
	"auth"};
	private static final byte[] QOP_MASKS = {PRIVACY_PROTECTION,
	INTEGRITY_ONLY_PROTECTION,
	NO_PROTECTION};

	private static final byte[] DEFAULT_STRENGTH = new byte[]{
	HIGH_STRENGTH, MEDIUM_STRENGTH, LOW_STRENGTH};
	private static final String[] STRENGTH_TOKENS = {"low",
	"medium",
	"high"};
	private static final byte[] STRENGTH_MASKS = {LOW_STRENGTH,
	MEDIUM_STRENGTH,
	HIGH_STRENGTH};
	}

Back to index...