001: /*
002: * Copyright 2004 Sun Microsystems, Inc. All rights reserved.
003: * PROPRIETARY/CONFIDENTIAL. Use of this product is subject to license terms.
004: */
005: package com.sun.portal.monitoring.security.sasl;
006:
007: import javax.security.auth.callback.*;
008: import javax.security.sasl.Sasl;
009: import javax.security.sasl.SaslException;
010: import javax.security.sasl.SaslServer;
011: import java.io.IOException;
012: import java.io.UnsupportedEncodingException;
013:
014: public class PlainServer implements SaslServer {
015: public PlainServer(CallbackHandler callbackHandler) {
016: this .callbackHandler = callbackHandler;
017: }
018:
019: public String getMechanismName() {
020: return SaslContext.MECHANISM_NAME;
021: }
022:
023: private String[] getAuthorizationIdUserPassword(
024: final byte[] response) throws SaslException {
025: final String[] result = new String[3];
026: result[0] = "";
027: result[1] = "";
028: result[2] = "";
029:
030: int index1 = 0;
031: Boolean foundIndex1 = Boolean.FALSE;
032:
033: int index2 = 0;
034: Boolean foundIndex2 = Boolean.FALSE;
035:
036: for (int i = 0; i < response.length; i++) {
037: if (!foundIndex1.booleanValue()) {
038: if (response[i] == SEPARATOR) {
039: index1 = i;
040: foundIndex1 = Boolean.TRUE;
041: }
042: } else {
043: if (response[i] == SEPARATOR) {
044: index2 = i;
045: foundIndex2 = Boolean.TRUE;
046: }
047: }
048: }
049:
050: final int authorizationIdLength;
051: final int userIdLength;
052: final int passwordLength;
053: if (foundIndex2.booleanValue()) {
054: // Got authorizationId, userId, password
055: authorizationIdLength = index1;
056: userIdLength = index2 - index1 - 1;
057: passwordLength = response.length - index2 - 1;
058:
059: final byte[] authorizationId = new byte[authorizationIdLength];
060: final byte[] userId = new byte[userIdLength];
061: final byte[] password = new byte[passwordLength];
062:
063: System.arraycopy(response, 0, authorizationId, 0,
064: authorizationIdLength);
065: System.arraycopy(response, index1 + 1, userId, 0,
066: userIdLength);
067: System.arraycopy(response, index2 + 1, password, 0,
068: passwordLength);
069:
070: try {
071: result[0] = new String(authorizationId, "UTF-8");
072: result[1] = new String(userId, "UTF-8");
073: result[2] = new String(password, "UTF-8");
074: } catch (UnsupportedEncodingException uee) {
075: throw new SaslException(uee.toString());
076: }
077: } else if (foundIndex1.booleanValue()) {
078: // Got userId, password
079: authorizationIdLength = userIdLength = index1;
080: passwordLength = response.length - index1 - 1;
081:
082: final byte[] authorizationId = new byte[authorizationIdLength];
083: final byte[] userId = new byte[userIdLength];
084: final byte[] password = new byte[passwordLength];
085:
086: System.arraycopy(response, 0, authorizationId, 0,
087: authorizationIdLength);
088: System.arraycopy(response, 0, userId, 0, userIdLength);
089: System.arraycopy(response, index1 + 1, password, 0,
090: passwordLength);
091:
092: try {
093: result[0] = new String(authorizationId, "UTF-8");
094: result[1] = new String(userId, "UTF-8");
095: result[2] = new String(password, "UTF-8");
096: } catch (UnsupportedEncodingException uee) {
097: throw new SaslException(uee.toString());
098: }
099: }
100:
101: return result;
102: }
103:
104: private Boolean validUser(String userId, String password)
105: throws SaslException {
106: Boolean result = Boolean.FALSE;
107:
108: final String userPrompt = "PortalServerPlain: UserId";
109: final String passwordPrompt = "PortalServerPlain: Password";
110: final NameCallback cbName = new NameCallback(userPrompt);
111: final PasswordCallback cbPassword = new PasswordCallback(
112: passwordPrompt, false);
113:
114: String validUserId;
115: String validPassword;
116: try {
117: callbackHandler
118: .handle(new Callback[] { cbName, cbPassword });
119: validUserId = cbName.getName();
120: validPassword = new String(cbPassword.getPassword());
121: } catch (IOException ioe) {
122: throw new SaslException(ioe.toString());
123: } catch (UnsupportedCallbackException uce) {
124: throw new SaslException(uce.toString());
125: }
126:
127: if (userId.equals(validUserId)
128: && password.equals(validPassword)) {
129: result = Boolean.TRUE;
130: }
131:
132: return result;
133: }
134:
135: private byte[] evaluate(final byte[] response) throws SaslException {
136: final String[] aup = getAuthorizationIdUserPassword(response);
137: if (!validUser(aup[1], aup[2]).booleanValue()) {
138: throw new SaslException("Invalid user-name, password");
139: }
140:
141: authorizationId = aup[0];
142: return new String("Authentication Success").getBytes();
143: }
144:
145: public final byte[] evaluateResponse(final byte[] response)
146: throws SaslException {
147: if (complete.booleanValue()) {
148: throw new SaslException("Authentication already complete!");
149: } else {
150: complete = Boolean.TRUE;
151: return evaluate(response);
152: }
153: }
154:
155: public final boolean isComplete() {
156: return complete.booleanValue();
157: }
158:
159: public final String getAuthorizationID() {
160: return authorizationId;
161: }
162:
163: public final byte[] unwrap(final byte[] bytes, final int i,
164: final int i1) throws SaslException {
165: if (complete.booleanValue()) {
166: throw new SaslException("This mechanism supports QOP <"
167: + QUALITY_OF_PROTECTION + "> only!");
168: } else {
169: throw new SaslException("Authentication not yet complete!");
170: }
171: }
172:
173: public final byte[] wrap(final byte[] bytes, final int i,
174: final int i1) throws SaslException {
175: if (complete.booleanValue()) {
176: throw new SaslException("This mechanism supports QOP <"
177: + QUALITY_OF_PROTECTION + "> only!");
178: } else {
179: throw new SaslException("Authentication not yet complete!");
180: }
181: }
182:
183: public final Object getNegotiatedProperty(final String propertyName) {
184: if (propertyName.equals(Sasl.QOP)) {
185: return QUALITY_OF_PROTECTION;
186: } else {
187: return null;
188: }
189: }
190:
191: public final void dispose() throws SaslException {
192: // Nothing!
193: }
194:
195: private Boolean complete = Boolean.FALSE;
196: private String authorizationId = null;
197: private final String QUALITY_OF_PROTECTION = "auth";
198: private final byte SEPARATOR = 0;
199:
200: private CallbackHandler callbackHandler;
201: }
|