001: /*
002: * Copyright 2000-2003 Sun Microsystems, Inc. All Rights Reserved.
003: * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
004: *
005: * This code is free software; you can redistribute it and/or modify it
006: * under the terms of the GNU General Public License version 2 only, as
007: * published by the Free Software Foundation. Sun designates this
008: * particular file as subject to the "Classpath" exception as provided
009: * by Sun in the LICENSE file that accompanied this code.
010: *
011: * This code is distributed in the hope that it will be useful, but WITHOUT
012: * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
013: * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
014: * version 2 for more details (a copy is included in the LICENSE file that
015: * accompanied this code).
016: *
017: * You should have received a copy of the GNU General Public License version
018: * 2 along with this work; if not, write to the Free Software Foundation,
019: * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
020: *
021: * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
022: * CA 95054 USA or visit www.sun.com if you need additional information or
023: * have any questions.
024: */
025:
026: package com.sun.security.sasl.util;
027:
028: import javax.security.sasl.Sasl;
029: import java.util.Map;
030:
031: /**
032: * Static class that contains utilities for dealing with Java SASL
033: * security policy-related properties.
034: *
035: * @author Rosanna Lee
036: */
037: final public class PolicyUtils {
038: // Can't create one of these
039: private PolicyUtils() {
040: }
041:
042: public final static int NOPLAINTEXT = 0x0001;
043: public final static int NOACTIVE = 0x0002;
044: public final static int NODICTIONARY = 0x0004;
045: public final static int FORWARD_SECRECY = 0x0008;
046: public final static int NOANONYMOUS = 0x0010;
047: public final static int PASS_CREDENTIALS = 0x0200;
048:
049: /**
050: * Determines whether a mechanism's characteristics, as defined in flags,
051: * fits the security policy properties found in props.
052: * @param flags The mechanism's security characteristics
053: * @param props The security policy properties to check
054: * @return true if passes; false if fails
055: */
056: public static boolean checkPolicy(int flags, Map props) {
057: if (props == null) {
058: return true;
059: }
060:
061: if ("true".equalsIgnoreCase((String) props
062: .get(Sasl.POLICY_NOPLAINTEXT))
063: && (flags & NOPLAINTEXT) == 0) {
064: return false;
065: }
066: if ("true".equalsIgnoreCase((String) props
067: .get(Sasl.POLICY_NOACTIVE))
068: && (flags & NOACTIVE) == 0) {
069: return false;
070: }
071: if ("true".equalsIgnoreCase((String) props
072: .get(Sasl.POLICY_NODICTIONARY))
073: && (flags & NODICTIONARY) == 0) {
074: return false;
075: }
076: if ("true".equalsIgnoreCase((String) props
077: .get(Sasl.POLICY_NOANONYMOUS))
078: && (flags & NOANONYMOUS) == 0) {
079: return false;
080: }
081: if ("true".equalsIgnoreCase((String) props
082: .get(Sasl.POLICY_FORWARD_SECRECY))
083: && (flags & FORWARD_SECRECY) == 0) {
084: return false;
085: }
086: if ("true".equalsIgnoreCase((String) props
087: .get(Sasl.POLICY_PASS_CREDENTIALS))
088: && (flags & PASS_CREDENTIALS) == 0) {
089: return false;
090: }
091:
092: return true;
093: }
094:
095: /**
096: * Given a list of mechanisms and their characteristics, select the
097: * subset that conforms to the policies defined in props.
098: * Useful for SaslXXXFactory.getMechanismNames(props) implementations.
099: *
100: */
101: public static String[] filterMechs(String[] mechs, int[] policies,
102: Map props) {
103: if (props == null) {
104: return (String[]) mechs.clone();
105: }
106:
107: boolean[] passed = new boolean[mechs.length];
108: int count = 0;
109: for (int i = 0; i < mechs.length; i++) {
110: if (passed[i] = checkPolicy(policies[i], props)) {
111: ++count;
112: }
113: }
114: String[] answer = new String[count];
115: for (int i = 0, j = 0; i < mechs.length; i++) {
116: if (passed[i]) {
117: answer[j++] = mechs[i];
118: }
119: }
120:
121: return answer;
122: }
123: }
|