|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
*/ |
|
|
|
package sun.security.jgss; |
|
|
|
import java.lang.reflect.InvocationTargetException; |
|
import org.ietf.jgss.*; |
|
import java.security.AccessController; |
|
import java.security.Provider; |
|
import java.security.Security; |
|
import java.util.ArrayList; |
|
import java.util.HashSet; |
|
import java.util.HashMap; |
|
import java.util.Enumeration; |
|
import java.util.Iterator; |
|
import sun.security.jgss.spi.*; |
|
import sun.security.jgss.wrapper.NativeGSSFactory; |
|
import sun.security.jgss.wrapper.SunNativeProvider; |
|
import sun.security.action.GetPropertyAction; |
|
|
|
/** |
|
* This class stores the list of providers that this |
|
* GSS-Implementation is configured to use. The GSSManagerImpl class |
|
* queries this class whenever it needs a mechanism's factory.<p> |
|
* |
|
* This class stores an ordered list of pairs of the form |
|
* {@code <provider, oid>}. When it attempts to instantiate a mechanism |
|
* defined by oid o, it steps through the list looking for an entry |
|
* with oid=o, or with oid=null. (An entry with oid=null matches all |
|
* mechanisms.) When it finds such an entry, the corresponding |
|
* provider is approached for the mechanism's factory class. |
|
* At instantiation time this list in initialized to contain those |
|
* system wide providers that contain a property of the form |
|
* "GssApiMechanism.x.y.z..." where "x.y.z..." is a numeric object |
|
* identifier with numbers x, y, z, etc. Such a property is defined |
|
* to map to that provider's implementation of the MechanismFactory |
|
* interface for the mechanism x.y.z... |
|
* As and when a MechanismFactory is instantiated, it is |
|
* cached for future use. <p> |
|
* |
|
* An application can cause more providers to be added by means of |
|
* the addProviderAtFront and addProviderAtEnd methods on |
|
* GSSManager which get delegated to this class. The |
|
* addProviderAtFront method can also cause a change in the ordering |
|
* of the providers without adding any new providers, by causing a |
|
* provider to move up in a list. The method addProviderAtEnd can |
|
* only add providers at the end of the list if they are not already |
|
* in the list. The rationale is that an application will call |
|
* addProviderAtFront when it wants a provider to be used in |
|
* preference over the default ones. And it will call |
|
* addProviderAtEnd when it wants a provider to be used in case |
|
* the system ones don't suffice.<p> |
|
* |
|
* If a mechanism's factory is being obtained from a provider as a |
|
* result of encountering a entryof the form {@code <provider, oid>} where |
|
* oid is non-null, then the assumption is that the application added |
|
* this entry and it wants this mechanism to be obtained from this |
|
* provider. Thus is the provider does not actually contain the |
|
* requested mechanism, an exception will be thrown. However, if the |
|
* entry were of the form {@code <provider, null>}, then it is viewed more |
|
* liberally and is simply skipped over if the provider does not claim to |
|
* support the requested mechanism. |
|
*/ |
|
|
|
public final class ProviderList { |
|
|
|
private static final String PROV_PROP_PREFIX = "GssApiMechanism."; |
|
private static final int PROV_PROP_PREFIX_LEN = |
|
PROV_PROP_PREFIX.length(); |
|
|
|
private static final String SPI_MECH_FACTORY_TYPE |
|
= "sun.security.jgss.spi.MechanismFactory"; |
|
|
|
|
|
private static final String DEFAULT_MECH_PROP = |
|
"sun.security.jgss.mechanism"; |
|
|
|
public static final Oid DEFAULT_MECH_OID; |
|
|
|
static { |
|
|
|
|
|
|
|
|
|
*/ |
|
Oid defOid = null; |
|
String defaultOidStr = AccessController.doPrivileged |
|
(new GetPropertyAction(DEFAULT_MECH_PROP)); |
|
if (defaultOidStr != null) { |
|
defOid = GSSUtil.createOid(defaultOidStr); |
|
} |
|
DEFAULT_MECH_OID = |
|
(defOid == null ? GSSUtil.GSS_KRB5_MECH_OID : defOid); |
|
} |
|
|
|
private ArrayList<PreferencesEntry> preferences = |
|
new ArrayList<PreferencesEntry>(5); |
|
private HashMap<PreferencesEntry, MechanismFactory> factories = |
|
new HashMap<PreferencesEntry, MechanismFactory>(5); |
|
private HashSet<Oid> mechs = new HashSet<Oid>(5); |
|
|
|
final private GSSCaller caller; |
|
|
|
public ProviderList(GSSCaller caller, boolean useNative) { |
|
this.caller = caller; |
|
Provider[] provList; |
|
if (useNative) { |
|
provList = new Provider[1]; |
|
provList[0] = new SunNativeProvider(); |
|
} else { |
|
provList = Security.getProviders(); |
|
} |
|
|
|
for (int i = 0; i < provList.length; i++) { |
|
Provider prov = provList[i]; |
|
try { |
|
addProviderAtEnd(prov, null); |
|
} catch (GSSException ge) { |
|
|
|
GSSUtil.debug("Error in adding provider " + |
|
prov.getName() + ": " + ge); |
|
} |
|
} // End of for loop |
|
} |
|
|
|
|
|
|
|
|
|
|
|
*/ |
|
private boolean isMechFactoryProperty(String prop) { |
|
return (prop.startsWith(PROV_PROP_PREFIX) || |
|
prop.regionMatches(true, 0, |
|
PROV_PROP_PREFIX, 0, |
|
PROV_PROP_PREFIX_LEN)); |
|
} |
|
|
|
private Oid getOidFromMechFactoryProperty(String prop) |
|
throws GSSException { |
|
|
|
String oidPart = prop.substring(PROV_PROP_PREFIX_LEN); |
|
return new Oid(oidPart); |
|
} |
|
|
|
|
|
synchronized public MechanismFactory getMechFactory(Oid mechOid) |
|
throws GSSException { |
|
if (mechOid == null) mechOid = ProviderList.DEFAULT_MECH_OID; |
|
return getMechFactory(mechOid, null); |
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
*/ |
|
synchronized public MechanismFactory getMechFactory(Oid mechOid, |
|
Provider p) |
|
throws GSSException { |
|
|
|
if (mechOid == null) mechOid = ProviderList.DEFAULT_MECH_OID; |
|
|
|
if (p == null) { |
|
|
|
String className; |
|
PreferencesEntry entry; |
|
|
|
Iterator<PreferencesEntry> list = preferences.iterator(); |
|
while (list.hasNext()) { |
|
entry = list.next(); |
|
if (entry.impliesMechanism(mechOid)) { |
|
MechanismFactory retVal = getMechFactory(entry, mechOid); |
|
if (retVal != null) return retVal; |
|
} |
|
} |
|
throw new GSSExceptionImpl(GSSException.BAD_MECH, mechOid); |
|
} else { |
|
// Use the impl from the specified provider; return null if the |
|
|
|
PreferencesEntry entry = new PreferencesEntry(p, mechOid); |
|
return getMechFactory(entry, mechOid); |
|
} |
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
*/ |
|
private MechanismFactory getMechFactory(PreferencesEntry e, Oid mechOid) |
|
throws GSSException { |
|
Provider p = e.getProvider(); |
|
|
|
|
|
|
|
|
|
*/ |
|
PreferencesEntry searchEntry = new PreferencesEntry(p, mechOid); |
|
MechanismFactory retVal = factories.get(searchEntry); |
|
if (retVal == null) { |
|
|
|
|
|
|
|
*/ |
|
String prop = PROV_PROP_PREFIX + mechOid.toString(); |
|
String className = p.getProperty(prop); |
|
if (className != null) { |
|
retVal = getMechFactoryImpl(p, className, mechOid, caller); |
|
factories.put(searchEntry, retVal); |
|
} else { |
|
|
|
|
|
|
|
|
|
|
|
*/ |
|
if (e.getOid() != null) { |
|
throw new GSSExceptionImpl(GSSException.BAD_MECH, |
|
"Provider " + p.getName() + |
|
" does not support mechanism " + mechOid); |
|
} |
|
} |
|
} |
|
return retVal; |
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
*/ |
|
private static MechanismFactory getMechFactoryImpl(Provider p, |
|
String className, |
|
Oid mechOid, |
|
GSSCaller caller) |
|
throws GSSException { |
|
|
|
try { |
|
Class<?> baseClass = Class.forName(SPI_MECH_FACTORY_TYPE); |
|
|
|
/* |
|
* Load the implementation class with the same class loader |
|
* that was used to load the provider. |
|
* In order to get the class loader of a class, the |
|
* caller's class loader must be the same as or an ancestor of |
|
* the class loader being returned. Otherwise, the caller must |
|
* have "getClassLoader" permission, or a SecurityException |
|
* will be thrown. |
|
*/ |
|
|
|
ClassLoader cl = p.getClass().getClassLoader(); |
|
Class<?> implClass; |
|
if (cl != null) { |
|
implClass = cl.loadClass(className); |
|
} else { |
|
implClass = Class.forName(className); |
|
} |
|
|
|
if (baseClass.isAssignableFrom(implClass)) { |
|
|
|
java.lang.reflect.Constructor<?> c = |
|
implClass.getConstructor(GSSCaller.class); |
|
MechanismFactory mf = (MechanismFactory) (c.newInstance(caller)); |
|
|
|
if (mf instanceof NativeGSSFactory) { |
|
((NativeGSSFactory) mf).setMech(mechOid); |
|
} |
|
return mf; |
|
} else { |
|
throw createGSSException(p, className, "is not a " + |
|
SPI_MECH_FACTORY_TYPE, null); |
|
} |
|
} catch (ClassNotFoundException e) { |
|
throw createGSSException(p, className, "cannot be created", e); |
|
} catch (NoSuchMethodException e) { |
|
throw createGSSException(p, className, "cannot be created", e); |
|
} catch (InvocationTargetException e) { |
|
throw createGSSException(p, className, "cannot be created", e); |
|
} catch (InstantiationException e) { |
|
throw createGSSException(p, className, "cannot be created", e); |
|
} catch (IllegalAccessException e) { |
|
throw createGSSException(p, className, "cannot be created", e); |
|
} catch (SecurityException e) { |
|
throw createGSSException(p, className, "cannot be created", e); |
|
} |
|
} |
|
|
|
|
|
private static GSSException createGSSException(Provider p, |
|
String className, |
|
String trailingMsg, |
|
Exception cause) { |
|
String errClassInfo = className + " configured by " + |
|
p.getName() + " for GSS-API Mechanism Factory "; |
|
return new GSSExceptionImpl(GSSException.BAD_MECH, |
|
errClassInfo + trailingMsg, |
|
cause); |
|
} |
|
|
|
public Oid[] getMechs() { |
|
return mechs.toArray(new Oid[] {}); |
|
} |
|
|
|
synchronized public void addProviderAtFront(Provider p, Oid mechOid) |
|
throws GSSException { |
|
|
|
PreferencesEntry newEntry = new PreferencesEntry(p, mechOid); |
|
PreferencesEntry oldEntry; |
|
boolean foundSomeMech; |
|
|
|
Iterator<PreferencesEntry> list = preferences.iterator(); |
|
while (list.hasNext()) { |
|
oldEntry = list.next(); |
|
if (newEntry.implies(oldEntry)) |
|
list.remove(); |
|
} |
|
|
|
if (mechOid == null) { |
|
foundSomeMech = addAllMechsFromProvider(p); |
|
} else { |
|
String oidStr = mechOid.toString(); |
|
if (p.getProperty(PROV_PROP_PREFIX + oidStr) == null) |
|
throw new GSSExceptionImpl(GSSException.BAD_MECH, |
|
"Provider " + p.getName() |
|
+ " does not support " |
|
+ oidStr); |
|
mechs.add(mechOid); |
|
foundSomeMech = true; |
|
} |
|
|
|
if (foundSomeMech) { |
|
preferences.add(0, newEntry); |
|
} |
|
} |
|
|
|
synchronized public void addProviderAtEnd(Provider p, Oid mechOid) |
|
throws GSSException { |
|
|
|
PreferencesEntry newEntry = new PreferencesEntry(p, mechOid); |
|
PreferencesEntry oldEntry; |
|
boolean foundSomeMech; |
|
|
|
Iterator<PreferencesEntry> list = preferences.iterator(); |
|
while (list.hasNext()) { |
|
oldEntry = list.next(); |
|
if (oldEntry.implies(newEntry)) |
|
return; |
|
} |
|
|
|
// System.out.println("addProviderAtEnd: No it is not redundant"); |
|
|
|
if (mechOid == null) |
|
foundSomeMech = addAllMechsFromProvider(p); |
|
else { |
|
String oidStr = mechOid.toString(); |
|
if (p.getProperty(PROV_PROP_PREFIX + oidStr) == null) |
|
throw new GSSExceptionImpl(GSSException.BAD_MECH, |
|
"Provider " + p.getName() |
|
+ " does not support " |
|
+ oidStr); |
|
mechs.add(mechOid); |
|
foundSomeMech = true; |
|
} |
|
|
|
if (foundSomeMech) { |
|
preferences.add(newEntry); |
|
} |
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
*/ |
|
private boolean addAllMechsFromProvider(Provider p) { |
|
|
|
String prop; |
|
boolean retVal = false; |
|
|
|
|
|
Enumeration<Object> props = p.keys(); |
|
|
|
|
|
while (props.hasMoreElements()) { |
|
prop = (String) props.nextElement(); |
|
if (isMechFactoryProperty(prop)) { |
|
|
|
try { |
|
Oid mechOid = getOidFromMechFactoryProperty(prop); |
|
mechs.add(mechOid); |
|
retVal = true; |
|
} catch (GSSException e) { |
|
|
|
GSSUtil.debug("Ignore the invalid property " + |
|
prop + " from provider " + p.getName()); |
|
} |
|
} // Processed GSS property |
|
} // while loop |
|
|
|
return retVal; |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
*/ |
|
private static final class PreferencesEntry { |
|
private Provider p; |
|
private Oid oid; |
|
PreferencesEntry(Provider p, Oid oid) { |
|
this.p = p; |
|
this.oid = oid; |
|
} |
|
|
|
public boolean equals(Object other) { |
|
if (this == other) { |
|
return true; |
|
} |
|
|
|
if (!(other instanceof PreferencesEntry)) { |
|
return false; |
|
} |
|
|
|
PreferencesEntry that = (PreferencesEntry)other; |
|
if (this.p.getName().equals(that.p.getName())) { |
|
if (this.oid != null && that.oid != null) { |
|
return this.oid.equals(that.oid); |
|
} else { |
|
return (this.oid == null && that.oid == null); |
|
} |
|
} |
|
|
|
return false; |
|
} |
|
|
|
public int hashCode() { |
|
int result = 17; |
|
|
|
result = 37 * result + p.getName().hashCode(); |
|
if (oid != null) { |
|
result = 37 * result + oid.hashCode(); |
|
} |
|
|
|
return result; |
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
*/ |
|
boolean implies(Object other) { |
|
|
|
if (other instanceof PreferencesEntry) { |
|
PreferencesEntry temp = (PreferencesEntry) other; |
|
return (equals(temp) || |
|
p.getName().equals(temp.p.getName()) && |
|
oid == null); |
|
} else { |
|
return false; |
|
} |
|
} |
|
|
|
Provider getProvider() { |
|
return p; |
|
} |
|
|
|
Oid getOid() { |
|
return oid; |
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
*/ |
|
boolean impliesMechanism(Oid oid) { |
|
return (this.oid == null || this.oid.equals(oid)); |
|
} |
|
|
|
|
|
public String toString() { |
|
StringBuffer buf = new StringBuffer("<"); |
|
buf.append(p.getName()); |
|
buf.append(", "); |
|
buf.append(oid); |
|
buf.append(">"); |
|
return buf.toString(); |
|
} |
|
} |
|
} |