archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-28 07:14:30 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8241761: Typos: empty lines in javadoc, inconsistent indents, etc. (security-libs only)

Browse source 
Reviewed-by: weijun
This commit is contained in:
Ivan Gerasimov 2020-04-01 18:38:05 -07:00
parent cc25927f2d
commit 3790e58090
65 changed files with 606 additions and 620 deletions
Download patch file Download diff file Expand all files Collapse all files

20
src/java.security.sasl/share/classes/com/sun/security/sasl/ClientFactoryImpl.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1999, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1999, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -39,15 +39,15 @@ import javax.security.auth.callback.UnsupportedCallbackException;
import static java.nio.charset.StandardCharsets.UTF_8;
/**
* Client factory for EXTERNAL, CRAM-MD5, PLAIN.
*
* Requires the following callbacks to be satisfied by callback handler
* when using CRAM-MD5 or PLAIN.
* - NameCallback (to get username)
* - PasswordCallback (to get password)
*
* @author Rosanna Lee
*/
* Client factory for EXTERNAL, CRAM-MD5, PLAIN.
*
* Requires the following callbacks to be satisfied by callback handler
* when using CRAM-MD5 or PLAIN.
* - NameCallback (to get username)
* - PasswordCallback (to get password)
*
* @author Rosanna Lee
*/
final public class ClientFactoryImpl implements SaslClientFactory {
private static final String[] myMechs = {
"EXTERNAL",

28
src/java.security.sasl/share/classes/com/sun/security/sasl/CramMD5Base.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2017, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -36,11 +36,11 @@ import java.util.Arrays;
import java.util.logging.Logger;
/**
* Base class for implementing CRAM-MD5 client and server mechanisms.
*
* @author Vincent Ryan
* @author Rosanna Lee
*/
* Base class for implementing CRAM-MD5 client and server mechanisms.
*
* @author Vincent Ryan
* @author Rosanna Lee
*/
abstract class CramMD5Base {
protected boolean completed = false;
protected boolean aborted = false;
@ -70,10 +70,10 @@ abstract class CramMD5Base {
}
/**
* Unwraps the incoming buffer. CRAM-MD5 supports no security layer.
*
* @throws SaslException If attempt to use this method.
*/
* Unwraps the incoming buffer. CRAM-MD5 supports no security layer.
*
* @throws SaslException If attempt to use this method.
*/
public byte[] unwrap(byte[] incoming, int offset, int len)
throws SaslException {
if (completed) {
@ -86,10 +86,10 @@ abstract class CramMD5Base {
}
/**
* Wraps the outgoing buffer. CRAM-MD5 supports no security layer.
*
* @throws SaslException If attempt to use this method.
*/
* Wraps the outgoing buffer. CRAM-MD5 supports no security layer.
*
* @throws SaslException If attempt to use this method.
*/
public byte[] wrap(byte[] outgoing, int offset, int len) throws SaslException {
if (completed) {
throw new IllegalStateException(

22
src/java.security.sasl/share/classes/com/sun/security/sasl/CramMD5Client.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1999, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1999, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -34,16 +34,16 @@ import java.util.logging.Level;
import static java.nio.charset.StandardCharsets.UTF_8;
/**
* Implements the CRAM-MD5 SASL client-side mechanism.
* (<A HREF="http://www.ietf.org/rfc/rfc2195.txt">RFC 2195</A>).
* CRAM-MD5 has no initial response. It receives bytes from
* the server as a challenge, which it hashes by using MD5 and the password.
* It concatenates the authentication ID with this result and returns it
* as the response to the challenge. At that point, the exchange is complete.
*
* @author Vincent Ryan
* @author Rosanna Lee
*/
* Implements the CRAM-MD5 SASL client-side mechanism.
* (<A HREF="http://www.ietf.org/rfc/rfc2195.txt">RFC 2195</A>).
* CRAM-MD5 has no initial response. It receives bytes from
* the server as a challenge, which it hashes by using MD5 and the password.
* It concatenates the authentication ID with this result and returns it
* as the response to the challenge. At that point, the exchange is complete.
*
* @author Vincent Ryan
* @author Rosanna Lee
*/
final class CramMD5Client extends CramMD5Base implements SaslClient {
private String username;

32
src/java.security.sasl/share/classes/com/sun/security/sasl/CramMD5Server.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -36,21 +36,21 @@ import javax.security.auth.callback.*;
import static java.nio.charset.StandardCharsets.UTF_8;
/**
* Implements the CRAM-MD5 SASL server-side mechanism.
* (<A HREF="http://www.ietf.org/rfc/rfc2195.txt">RFC 2195</A>).
* CRAM-MD5 has no initial response.
*
* client <---- M={random, timestamp, server-fqdn} ------- server
* client ----- {username HMAC_MD5(pw, M)} --------------> server
*
* CallbackHandler must be able to handle the following callbacks:
* - NameCallback: default name is name of user for whom to get password
* - PasswordCallback: must fill in password; if empty, no pw
* - AuthorizeCallback: must setAuthorized() and canonicalized authorization id
* - auth id == authzid, but needed to get canonicalized authzid
*
* @author Rosanna Lee
*/
* Implements the CRAM-MD5 SASL server-side mechanism.
* (<A HREF="http://www.ietf.org/rfc/rfc2195.txt">RFC 2195</A>).
* CRAM-MD5 has no initial response.
*
* client <---- M={random, timestamp, server-fqdn} ------- server
* client ----- {username HMAC_MD5(pw, M)} --------------> server
*
* CallbackHandler must be able to handle the following callbacks:
* - NameCallback: default name is name of user for whom to get password
* - PasswordCallback: must fill in password; if empty, no pw
* - AuthorizeCallback: must setAuthorized() and canonicalized authorization id
* - auth id == authzid, but needed to get canonicalized authzid
*
* @author Rosanna Lee
*/
final class CramMD5Server extends CramMD5Base implements SaslServer {
private String fqdn;
private byte[] challengeData = null;

32
src/java.security.sasl/share/classes/com/sun/security/sasl/ExternalClient.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1999, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1999, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -30,13 +30,13 @@ import javax.security.sasl.*;
import static java.nio.charset.StandardCharsets.UTF_8;
/**
* Implements the EXTERNAL SASL client mechanism.
* (<A HREF="http://www.ietf.org/rfc/rfc2222.txt">RFC 2222</A>).
* The EXTERNAL mechanism returns the optional authorization ID as
* the initial response. It processes no challenges.
*
* @author Rosanna Lee
*/
* Implements the EXTERNAL SASL client mechanism.
* (<A HREF="http://www.ietf.org/rfc/rfc2222.txt">RFC 2222</A>).
* The EXTERNAL mechanism returns the optional authorization ID as
* the initial response. It processes no challenges.
*
* @author Rosanna Lee
*/
final class ExternalClient implements SaslClient {
private byte[] username;
private boolean completed = false;
@ -103,10 +103,10 @@ final class ExternalClient implements SaslClient {
}
/**
* Unwraps the incoming buffer.
*
* @throws SaslException Not applicable to this mechanism.
*/
* Unwraps the incoming buffer.
*
* @throws SaslException Not applicable to this mechanism.
*/
public byte[] unwrap(byte[] incoming, int offset, int len)
throws SaslException {
if (completed) {
@ -118,10 +118,10 @@ final class ExternalClient implements SaslClient {
}
/**
* Wraps the outgoing buffer.
*
* @throws SaslException Not applicable to this mechanism.
*/
* Wraps the outgoing buffer.
*
* @throws SaslException Not applicable to this mechanism.
*/
public byte[] wrap(byte[] outgoing, int offset, int len)
throws SaslException {
if (completed) {

30
src/java.security.sasl/share/classes/com/sun/security/sasl/PlainClient.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -30,12 +30,12 @@ import javax.security.sasl.*;
import static java.nio.charset.StandardCharsets.UTF_8;
/**
* Implements the PLAIN SASL client mechanism.
* (<A
* HREF="http://ftp.isi.edu/in-notes/rfc2595.txt">RFC 2595</A>)
*
* @author Rosanna Lee
*/
* Implements the PLAIN SASL client mechanism.
* (<A
* HREF="http://ftp.isi.edu/in-notes/rfc2595.txt">RFC 2595</A>)
*
* @author Rosanna Lee
*/
final class PlainClient implements SaslClient {
private boolean completed = false;
private byte[] pw;
@ -135,10 +135,10 @@ final class PlainClient implements SaslClient {
}
/**
* Unwraps the incoming buffer.
*
* @throws SaslException Not applicable to this mechanism.
*/
* Unwraps the incoming buffer.
*
* @throws SaslException Not applicable to this mechanism.
*/
public byte[] unwrap(byte[] incoming, int offset, int len)
throws SaslException {
if (completed) {
@ -150,10 +150,10 @@ final class PlainClient implements SaslClient {
}
/**
* Wraps the outgoing buffer.
*
* @throws SaslException Not applicable to this mechanism.
*/
* Wraps the outgoing buffer.
*
* @throws SaslException Not applicable to this mechanism.
*/
public byte[] wrap(byte[] outgoing, int offset, int len) throws SaslException {
if (completed) {
throw new SaslException(

18
src/java.security.sasl/share/classes/com/sun/security/sasl/ServerFactoryImpl.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2006, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -32,14 +32,14 @@ import java.util.Map;
import javax.security.auth.callback.CallbackHandler;
/**
* Server factory for CRAM-MD5.
*
* Requires the following callback to be satisfied by callback handler
* when using CRAM-MD5.
* - AuthorizeCallback (to get canonicalized authzid)
*
* @author Rosanna Lee
*/
* Server factory for CRAM-MD5.
*
* Requires the following callback to be satisfied by callback handler
* when using CRAM-MD5.
* - AuthorizeCallback (to get canonicalized authzid)
*
* @author Rosanna Lee
*/
final public class ServerFactoryImpl implements SaslServerFactory {
private static final String[] myMechs = {
"CRAM-MD5", //

124
src/java.security.sasl/share/classes/com/sun/security/sasl/digest/DigestMD5Client.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -45,56 +45,56 @@ import javax.security.auth.callback.Callback;
import javax.security.auth.callback.UnsupportedCallbackException;
/**
* An implementation of the DIGEST-MD5
* (<a href="http://www.ietf.org/rfc/rfc2831.txt">RFC 2831</a>) SASL
* (<a href="http://www.ietf.org/rfc/rfc2222.txt">RFC 2222</a>) mechanism.
*
* The DIGEST-MD5 SASL mechanism specifies two modes of authentication.
* - Initial Authentication
* - Subsequent Authentication - optional, (currently unsupported)
*
* Required callbacks:
* - RealmChoiceCallback
* shows user list of realms server has offered; handler must choose one
* from list
* - RealmCallback
* shows user the only realm server has offered or none; handler must
* enter realm to use
* - NameCallback
* handler must enter username to use for authentication
* - PasswordCallback
* handler must enter password for username to use for authentication
*
* Environment properties that affect behavior of implementation:
*
* javax.security.sasl.qop
* quality of protection; list of auth, auth-int, auth-conf; default is "auth"
* javax.security.sasl.strength
* auth-conf strength; list of high, medium, low; default is highest
* available on platform ["high,medium,low"].
* high means des3 or rc4 (128); medium des or rc4-56; low is rc4-40;
* choice of cipher depends on its availablility on platform
* javax.security.sasl.maxbuf
* max receive buffer size; default is 65536
* javax.security.sasl.sendmaxbuffer
* max send buffer size; default is 65536; (min with server max recv size)
*
* com.sun.security.sasl.digest.cipher
* name a specific cipher to use; setting must be compatible with the
* setting of the javax.security.sasl.strength property.
*
* @see <a href="http://www.ietf.org/rfc/rfc2222.txt">RFC 2222</a>
* - Simple Authentication and Security Layer (SASL)
* @see <a href="http://www.ietf.org/rfc/rfc2831.txt">RFC 2831</a>
* - Using Digest Authentication as a SASL Mechanism
* @see <a href="http://java.sun.com/products/jce">Java(TM)
* Cryptography Extension 1.2.1 (JCE)</a>
* @see <a href="http://java.sun.com/products/jaas">Java(TM)
* Authentication and Authorization Service (JAAS)</a>
*
* @author Jonathan Bruce
* @author Rosanna Lee
*/
* An implementation of the DIGEST-MD5
* (<a href="http://www.ietf.org/rfc/rfc2831.txt">RFC 2831</a>) SASL
* (<a href="http://www.ietf.org/rfc/rfc2222.txt">RFC 2222</a>) mechanism.
*
* The DIGEST-MD5 SASL mechanism specifies two modes of authentication.
* - Initial Authentication
* - Subsequent Authentication - optional, (currently unsupported)
*
* Required callbacks:
* - RealmChoiceCallback
* shows user list of realms server has offered; handler must choose one
* from list
* - RealmCallback
* shows user the only realm server has offered or none; handler must
* enter realm to use
* - NameCallback
* handler must enter username to use for authentication
* - PasswordCallback
* handler must enter password for username to use for authentication
*
* Environment properties that affect behavior of implementation:
*
* javax.security.sasl.qop
* quality of protection; list of auth, auth-int, auth-conf; default is "auth"
* javax.security.sasl.strength
* auth-conf strength; list of high, medium, low; default is highest
* available on platform ["high,medium,low"].
* high means des3 or rc4 (128); medium des or rc4-56; low is rc4-40;
* choice of cipher depends on its availablility on platform
* javax.security.sasl.maxbuf
* max receive buffer size; default is 65536
* javax.security.sasl.sendmaxbuffer
* max send buffer size; default is 65536; (min with server max recv size)
*
* com.sun.security.sasl.digest.cipher
* name a specific cipher to use; setting must be compatible with the
* setting of the javax.security.sasl.strength property.
*
* @see <a href="http://www.ietf.org/rfc/rfc2222.txt">RFC 2222</a>
* - Simple Authentication and Security Layer (SASL)
* @see <a href="http://www.ietf.org/rfc/rfc2831.txt">RFC 2831</a>
* - Using Digest Authentication as a SASL Mechanism
* @see <a href="http://java.sun.com/products/jce">Java(TM)
* Cryptography Extension 1.2.1 (JCE)</a>
* @see <a href="http://java.sun.com/products/jaas">Java(TM)
* Authentication and Authorization Service (JAAS)</a>
*
* @author Jonathan Bruce
* @author Rosanna Lee
*/
final class DigestMD5Client extends DigestMD5Base implements SaslClient {
private static final String MY_CLASS_NAME = DigestMD5Client.class.getName();
@ -136,17 +136,17 @@ final class DigestMD5Client extends DigestMD5Base implements SaslClient {
private byte[] authzidBytes; // byte repr of authzid
/**
* Constructor for DIGEST-MD5 mechanism.
*
* @param authzid A non-null String representing the principal
* for which authorization is being granted..
* @param digestURI A non-null String representing detailing the
* combined protocol and host being used for authentication.
* @param props The possibly null properties to be used by the SASL
* mechanism to configure the authentication exchange.
* @param cbh The non-null CallbackHanlder object for callbacks
* @throws SaslException if no authentication ID or password is supplied
*/
* Constructor for DIGEST-MD5 mechanism.
*
* @param authzid A non-null String representing the principal
* for which authorization is being granted..
* @param digestURI A non-null String representing detailing the
* combined protocol and host being used for authentication.
* @param props The possibly null properties to be used by the SASL
* mechanism to configure the authentication exchange.
* @param cbh The non-null CallbackHanlder object for callbacks
* @throws SaslException if no authentication ID or password is supplied
*/
DigestMD5Client(String authzid, String protocol, String serverName,
Map<String, ?> props, CallbackHandler cbh) throws SaslException {

84
src/java.security.sasl/share/classes/com/sun/security/sasl/digest/DigestMD5Server.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -42,47 +42,47 @@ import javax.security.auth.callback.*;
import static java.nio.charset.StandardCharsets.*;
/**
* An implementation of the DIGEST-MD5 server SASL mechanism.
* (<a href="http://www.ietf.org/rfc/rfc2831.txt">RFC 2831</a>)
* <p>
* The DIGEST-MD5 SASL mechanism specifies two modes of authentication.
* <ul><li>Initial Authentication
* <li>Subsequent Authentication - optional, (currently not supported)
* </ul>
*
* Required callbacks:
* - RealmCallback
* used as key by handler to fetch password
* - NameCallback
* used as key by handler to fetch password
* - PasswordCallback
* handler must enter password for username/realm supplied
* - AuthorizeCallback
* handler must verify that authid/authzids are allowed and set
* authorized ID to be the canonicalized authzid (if applicable).
*
* Environment properties that affect the implementation:
* javax.security.sasl.qop:
* specifies list of qops; default is "auth"; typically, caller should set
* this to "auth, auth-int, auth-conf".
* javax.security.sasl.strength
* specifies low/medium/high strength of encryption; default is all available
* ciphers [high,medium,low]; high means des3 or rc4 (128); medium des or
* rc4-56; low is rc4-40.
* javax.security.sasl.maxbuf
* specifies max receive buf size; default is 65536
* javax.security.sasl.sendmaxbuffer
* specifies max send buf size; default is 65536 (min of this and client's max
* recv size)
*
* com.sun.security.sasl.digest.utf8:
* "true" means to use UTF-8 charset; "false" to use ISO-8859-1 encoding;
* default is "true".
* com.sun.security.sasl.digest.realm:
* space-separated list of realms; default is server name (fqdn parameter)
*
* @author Rosanna Lee
*/
* An implementation of the DIGEST-MD5 server SASL mechanism.
* (<a href="http://www.ietf.org/rfc/rfc2831.txt">RFC 2831</a>)
* <p>
* The DIGEST-MD5 SASL mechanism specifies two modes of authentication.
* <ul><li>Initial Authentication
* <li>Subsequent Authentication - optional, (currently not supported)
* </ul>
*
* Required callbacks:
* - RealmCallback
* used as key by handler to fetch password
* - NameCallback
* used as key by handler to fetch password
* - PasswordCallback
* handler must enter password for username/realm supplied
* - AuthorizeCallback
* handler must verify that authid/authzids are allowed and set
* authorized ID to be the canonicalized authzid (if applicable).
*
* Environment properties that affect the implementation:
* javax.security.sasl.qop:
* specifies list of qops; default is "auth"; typically, caller should set
* this to "auth, auth-int, auth-conf".
* javax.security.sasl.strength
* specifies low/medium/high strength of encryption; default is all available
* ciphers [high,medium,low]; high means des3 or rc4 (128); medium des or
* rc4-56; low is rc4-40.
* javax.security.sasl.maxbuf
* specifies max receive buf size; default is 65536
* javax.security.sasl.sendmaxbuffer
* specifies max send buf size; default is 65536 (min of this and client's max
* recv size)
*
* com.sun.security.sasl.digest.utf8:
* "true" means to use UTF-8 charset; "false" to use ISO-8859-1 encoding;
* default is "true".
* com.sun.security.sasl.digest.realm:
* space-separated list of realms; default is server name (fqdn parameter)
*
* @author Rosanna Lee
*/
final class DigestMD5Server extends DigestMD5Base implements SaslServer {
private static final String MY_CLASS_NAME = DigestMD5Server.class.getName();

28
src/java.security.sasl/share/classes/com/sun/security/sasl/digest/FactoryImpl.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2006, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -34,12 +34,12 @@ import com.sun.security.sasl.util.PolicyUtils;
/**
* Client and server factory for DIGEST-MD5 SASL client/server mechanisms.
* See DigestMD5Client and DigestMD5Server for input requirements.
*
* @author Jonathan Bruce
* @author Rosanna Lee
*/
* Client and server factory for DIGEST-MD5 SASL client/server mechanisms.
* See DigestMD5Client and DigestMD5Server for input requirements.
*
* @author Jonathan Bruce
* @author Rosanna Lee
*/
public final class FactoryImpl implements SaslClientFactory,
SaslServerFactory{
@ -50,8 +50,8 @@ SaslServerFactory{
PolicyUtils.NOPLAINTEXT|PolicyUtils.NOANONYMOUS};
/**
* Empty constructor.
*/
* Empty constructor.
*/
public FactoryImpl() {
}
@ -112,11 +112,11 @@ SaslServerFactory{
}
/**
* Returns the authentication mechanisms that this factory can produce.
*
* @return String[] {"DigestMD5"} if policies in env match those of this
* factory.
*/
* Returns the authentication mechanisms that this factory can produce.
*
* @return String[] {"DigestMD5"} if policies in env match those of this
* factory.
*/
public String[] getMechanismNames(Map<String,?> env) {
return PolicyUtils.filterMechs(myMechs, mechPolicies, env);
}

18
src/java.security.sasl/share/classes/com/sun/security/sasl/digest/SecurityCtx.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2003, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -28,14 +28,14 @@ package com.sun.security.sasl.digest;
import javax.security.sasl.SaslException;
/**
* Interface used for classes implementing integrity checking and privacy
* for DIGEST-MD5 SASL mechanism implementation.
*
* @see <a href="http://www.ietf.org/rfc/rfc2831.txt">RFC 2831</a>
* - Using Digest Authentication as a SASL Mechanism
*
* @author Jonathan Bruce
*/
* Interface used for classes implementing integrity checking and privacy
* for DIGEST-MD5 SASL mechanism implementation.
*
* @see <a href="http://www.ietf.org/rfc/rfc2831.txt">RFC 2831</a>
* - Using Digest Authentication as a SASL Mechanism
*
* @author Jonathan Bruce
*/
interface SecurityCtx {

26
src/java.security.sasl/share/classes/com/sun/security/sasl/ntlm/FactoryImpl.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2010, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -34,11 +34,11 @@ import com.sun.security.sasl.util.PolicyUtils;
/**
* Client and server factory for NTLM SASL client/server mechanisms.
* See NTLMClient and NTLMServer for input requirements.
*
* @since 1.7
*/
* Client and server factory for NTLM SASL client/server mechanisms.
* See NTLMClient and NTLMServer for input requirements.
*
* @since 1.7
*/
public final class FactoryImpl implements SaslClientFactory,
SaslServerFactory{
@ -49,8 +49,8 @@ SaslServerFactory{
};
/**
* Empty constructor.
*/
* Empty constructor.
*/
public FactoryImpl() {
}
@ -114,11 +114,11 @@ SaslServerFactory{
}
/**
* Returns the authentication mechanisms that this factory can produce.
*
* @return String[] {"NTLM"} if policies in env match those of this
* factory.
*/
* Returns the authentication mechanisms that this factory can produce.
*
* @return String[] {"NTLM"} if policies in env match those of this
* factory.
*/
public String[] getMechanismNames(Map<String,?> env) {
return PolicyUtils.filterMechs(myMechs, mechPolicies, env);
}

86
src/java.security.sasl/share/classes/com/sun/security/sasl/ntlm/NTLMClient.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2010, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -42,48 +42,48 @@ import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
/**
* Required callbacks:
* - RealmCallback
* handle can provide domain info for authentication, optional
* - NameCallback
* handler must enter username to use for authentication
* - PasswordCallback
* handler must enter password for username to use for authentication
*
* Environment properties that affect behavior of implementation:
*
* javax.security.sasl.qop
* String, quality of protection; only "auth" is accepted, default "auth"
*
* com.sun.security.sasl.ntlm.version
* String, name a specific version to use; can be:
* LM/NTLM: Original NTLM v1
* LM: Original NTLM v1, LM only
* NTLM: Original NTLM v1, NTLM only
* NTLM2: NTLM v1 with Client Challenge
* LMv2/NTLMv2: NTLM v2
* LMv2: NTLM v2, LM only
* NTLMv2: NTLM v2, NTLM only
* If not specified, use system property "ntlm.version". If
* still not specified, use default value "LMv2/NTLMv2".
*
* com.sun.security.sasl.ntlm.random
* java.util.Random, the nonce source to be used in NTLM v2 or NTLM v1 with
* Client Challenge. Default null, an internal java.util.Random object
* will be used
*
* Negotiated Properties:
*
* javax.security.sasl.qop
* Always "auth"
*
* com.sun.security.sasl.html.domain
* The domain for the user, provided by the server
*
* @see <a href="http://www.ietf.org/rfc/rfc2222.txt">RFC 2222</a>
* - Simple Authentication and Security Layer (SASL)
*
*/
* Required callbacks:
* - RealmCallback
* handle can provide domain info for authentication, optional
* - NameCallback
* handler must enter username to use for authentication
* - PasswordCallback
* handler must enter password for username to use for authentication
*
* Environment properties that affect behavior of implementation:
*
* javax.security.sasl.qop
* String, quality of protection; only "auth" is accepted, default "auth"
*
* com.sun.security.sasl.ntlm.version
* String, name a specific version to use; can be:
* LM/NTLM: Original NTLM v1
* LM: Original NTLM v1, LM only
* NTLM: Original NTLM v1, NTLM only
* NTLM2: NTLM v1 with Client Challenge
* LMv2/NTLMv2: NTLM v2
* LMv2: NTLM v2, LM only
* NTLMv2: NTLM v2, NTLM only
* If not specified, use system property "ntlm.version". If
* still not specified, use default value "LMv2/NTLMv2".
*
* com.sun.security.sasl.ntlm.random
* java.util.Random, the nonce source to be used in NTLM v2 or NTLM v1 with
* Client Challenge. Default null, an internal java.util.Random object
* will be used
*
* Negotiated Properties:
*
* javax.security.sasl.qop
* Always "auth"
*
* com.sun.security.sasl.html.domain
* The domain for the user, provided by the server
*
* @see <a href="http://www.ietf.org/rfc/rfc2222.txt">RFC 2222</a>
* - Simple Authentication and Security Layer (SASL)
*
*/
final class NTLMClient implements SaslClient {
private static final String NTLM_VERSION =

84
src/java.security.sasl/share/classes/com/sun/security/sasl/ntlm/NTLMServer.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2010, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2010, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -39,47 +39,47 @@ import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.sasl.*;
/**
* Required callbacks:
* - RealmCallback
* used as key by handler to fetch password, optional
* - NameCallback
* used as key by handler to fetch password
* - PasswordCallback
* handler must enter password for username/realm supplied
*
* Environment properties that affect the implementation:
*
* javax.security.sasl.qop
* String, quality of protection; only "auth" is accepted, default "auth"
*
* com.sun.security.sasl.ntlm.version
* String, name a specific version to accept:
* LM/NTLM: Original NTLM v1
* LM: Original NTLM v1, LM only
* NTLM: Original NTLM v1, NTLM only
* NTLM2: NTLM v1 with Client Challenge
* LMv2/NTLMv2: NTLM v2
* LMv2: NTLM v2, LM only
* NTLMv2: NTLM v2, NTLM only
* If not specified, use system property "ntlm.version". If also
* not specified, all versions are accepted.
*
* com.sun.security.sasl.ntlm.domain
* String, the domain of the server, default is server name (fqdn parameter)
*
* com.sun.security.sasl.ntlm.random
* java.util.Random, the nonce source. Default null, an internal
* java.util.Random object will be used
*
* Negotiated Properties:
*
* javax.security.sasl.qop
* Always "auth"
*
* com.sun.security.sasl.ntlm.hostname
* The hostname for the user, provided by the client
*
*/
* Required callbacks:
* - RealmCallback
* used as key by handler to fetch password, optional
* - NameCallback
* used as key by handler to fetch password
* - PasswordCallback
* handler must enter password for username/realm supplied
*
* Environment properties that affect the implementation:
*
* javax.security.sasl.qop
* String, quality of protection; only "auth" is accepted, default "auth"
*
* com.sun.security.sasl.ntlm.version
* String, name a specific version to accept:
* LM/NTLM: Original NTLM v1
* LM: Original NTLM v1, LM only
* NTLM: Original NTLM v1, NTLM only
* NTLM2: NTLM v1 with Client Challenge
* LMv2/NTLMv2: NTLM v2
* LMv2: NTLM v2, LM only
* NTLMv2: NTLM v2, NTLM only
* If not specified, use system property "ntlm.version". If also
* not specified, all versions are accepted.
*
* com.sun.security.sasl.ntlm.domain
* String, the domain of the server, default is server name (fqdn parameter)
*
* com.sun.security.sasl.ntlm.random
* java.util.Random, the nonce source. Default null, an internal
* java.util.Random object will be used
*
* Negotiated Properties:
*
* javax.security.sasl.qop
* Always "auth"
*
* com.sun.security.sasl.ntlm.hostname
* The hostname for the user, provided by the client
*
*/
final class NTLMServer implements SaslServer {

22
src/java.security.sasl/share/classes/javax/security/sasl/AuthorizeCallback.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -28,16 +28,16 @@ package javax.security.sasl;
import javax.security.auth.callback.Callback;
/**
* This callback is used by {@code SaslServer} to determine whether
* one entity (identified by an authenticated authentication id)
* can act on
* behalf of another entity (identified by an authorization id).
*
* @since 1.5
*
* @author Rosanna Lee
* @author Rob Weltman
*/
* This callback is used by {@code SaslServer} to determine whether
* one entity (identified by an authenticated authentication id)
* can act on
* behalf of another entity (identified by an authorization id).
*
* @since 1.5
*
* @author Rosanna Lee
* @author Rob Weltman
*/
public class AuthorizeCallback implements Callback, java.io.Serializable {
/**
* The (authenticated) authentication id to check.

18
src/java.security.sasl/share/classes/javax/security/sasl/RealmCallback.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -28,14 +28,14 @@ package javax.security.sasl;
import javax.security.auth.callback.TextInputCallback;
/**
* This callback is used by {@code SaslClient} and {@code SaslServer}
* to retrieve realm information.
*
* @since 1.5
*
* @author Rosanna Lee
* @author Rob Weltman
*/
* This callback is used by {@code SaslClient} and {@code SaslServer}
* to retrieve realm information.
*
* @since 1.5
*
* @author Rosanna Lee
* @author Rob Weltman
*/
public class RealmCallback extends TextInputCallback {
/**

18
src/java.security.sasl/share/classes/javax/security/sasl/RealmChoiceCallback.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -28,14 +28,14 @@ package javax.security.sasl;
import javax.security.auth.callback.ChoiceCallback;
/**
* This callback is used by {@code SaslClient} and {@code SaslServer}
* to obtain a realm given a list of realm choices.
*
* @since 1.5
*
* @author Rosanna Lee
* @author Rob Weltman
*/
* This callback is used by {@code SaslClient} and {@code SaslServer}
* to obtain a realm given a list of realm choices.
*
* @since 1.5
*
* @author Rosanna Lee
* @author Rob Weltman
*/
public class RealmChoiceCallback extends ChoiceCallback {
/**

35
src/java.security.sasl/share/classes/javax/security/sasl/SaslClient.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1999, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -27,7 +27,7 @@ package javax.security.sasl;
/**
* Performs SASL authentication as a client.
*<p>
* <p>
* A protocol library such as one for LDAP gets an instance of this
* class in order to perform authentication defined by a specific SASL
* mechanism. Invoking methods on the {@code SaslClient} instance
@ -35,16 +35,16 @@ package javax.security.sasl;
* mechanism implemented by the {@code SaslClient}.
* As the authentication proceeds, the instance
* encapsulates the state of a SASL client's authentication exchange.
*<p>
* <p>
* Here's an example of how an LDAP library might use a {@code SaslClient}.
* It first gets an instance of a {@code SaslClient}:
*<blockquote><pre>{@code
* <blockquote><pre>{@code
* SaslClient sc = Sasl.createSaslClient(mechanisms,
* authorizationId, protocol, serverName, props, callbackHandler);
*}</pre></blockquote>
* }</pre></blockquote>
* It can then proceed to use the client for authentication.
* For example, an LDAP library might use the client as follows:
*<blockquote><pre>{@code
* <blockquote><pre>{@code
* // Get initial response and send to server
* byte[] response = (sc.hasInitialResponse() ? sc.evaluateChallenge(new byte[0]) :
* null);
@ -74,7 +74,7 @@ package javax.security.sasl;
* ldap.out = new SecureOutputStream(sc, ldap.out);
* }
* }
*}</pre></blockquote>
* }</pre></blockquote>
*
* If the mechanism has an initial response, the library invokes
* {@code evaluateChallenge()} with an empty
@ -135,14 +135,14 @@ public abstract interface SaslClient {
throws SaslException;
/**
* Determines whether the authentication exchange has completed.
* This method may be called at any time, but typically, it
* will not be called until the caller has received indication
* from the server
* (in a protocol-specific manner) that the exchange has completed.
*
* @return true if the authentication exchange has completed; false otherwise.
*/
* Determines whether the authentication exchange has completed.
* This method may be called at any time, but typically, it
* will not be called until the caller has received indication
* from the server
* (in a protocol-specific manner) that the exchange has completed.
*
* @return true if the authentication exchange has completed; false otherwise.
*/
public abstract boolean isComplete();
/**
@ -152,7 +152,7 @@ public abstract interface SaslClient {
* the authentication exchange has negotiated integrity and/or privacy
* as the quality of protection; otherwise, an
* {@code IllegalStateException} is thrown.
*<p>
* <p>
* {@code incoming} is the contents of the SASL buffer as defined in RFC 2222
* without the leading four octet field that represents the length.
* {@code offset} and {@code len} specify the portion of {@code incoming}
@ -179,7 +179,7 @@ public abstract interface SaslClient {
* the authentication exchange has negotiated integrity and/or privacy
* as the quality of protection; otherwise, an
* {@code IllegalStateException} is thrown.
*<p>
* <p>
* The result of this method will make up the contents of the SASL buffer
* as defined in RFC 2222 without the leading four octet field that
* represents the length.
@ -215,7 +215,6 @@ public abstract interface SaslClient {
* @exception IllegalStateException if this authentication exchange
* has not completed
*/
public abstract Object getNegotiatedProperty(String propName);
/**

54
src/java.security.sasl/share/classes/javax/security/sasl/SaslServer.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -27,7 +27,7 @@ package javax.security.sasl;
/**
* Performs SASL authentication as a server.
*<p>
* <p>
* A server such an LDAP server gets an instance of this
* class in order to perform authentication defined by a specific SASL
* mechanism. Invoking methods on the {@code SaslServer} instance
@ -35,19 +35,19 @@ package javax.security.sasl;
* mechanism implemented by the {@code SaslServer}.
* As the authentication proceeds, the instance
* encapsulates the state of a SASL server's authentication exchange.
*<p>
* <p>
* Here's an example of how an LDAP server might use a {@code SaslServer}.
* It first gets an instance of a {@code SaslServer} for the SASL mechanism
* requested by the client:
*<blockquote><pre>
* <blockquote><pre>
* SaslServer ss = Sasl.createSaslServer(mechanism,
* "ldap", myFQDN, props, callbackHandler);
*</pre></blockquote>
* </pre></blockquote>
* It can then proceed to use the server for authentication.
* For example, suppose the LDAP server received an LDAP BIND request
* containing the name of the SASL mechanism and an (optional) initial
* response. It then might use the server as follows:
*<blockquote><pre>{@code
* <blockquote><pre>{@code
* while (!ss.isComplete()) {
* try {
* byte[] challenge = ss.evaluateResponse(response);
@ -55,27 +55,27 @@ package javax.security.sasl;
* status = ldap.sendBindResponse(mechanism, challenge, SUCCESS);
* } else {
* status = ldap.sendBindResponse(mechanism, challenge,
SASL_BIND_IN_PROGRESS);
* SASL_BIND_IN_PROGRESS);
* response = ldap.readBindRequest();
* }
* } catch (SaslException e) {
* status = ldap.sendErrorResponse(e);
* break;
* status = ldap.sendErrorResponse(e);
* break;
* }
* }
* if (ss.isComplete() && status == SUCCESS) {
* String qop = (String) sc.getNegotiatedProperty(Sasl.QOP);
* if (qop != null
* && (qop.equalsIgnoreCase("auth-int")
* || qop.equalsIgnoreCase("auth-conf"))) {
* String qop = (String) sc.getNegotiatedProperty(Sasl.QOP);
* if (qop != null
* && (qop.equalsIgnoreCase("auth-int")
* || qop.equalsIgnoreCase("auth-conf"))) {
*
* // Use SaslServer.wrap() and SaslServer.unwrap() for future
* // communication with client
* ldap.in = new SecureInputStream(ss, ldap.in);
* ldap.out = new SecureOutputStream(ss, ldap.out);
* }
* // Use SaslServer.wrap() and SaslServer.unwrap() for future
* // communication with client
* ldap.in = new SecureInputStream(ss, ldap.in);
* ldap.out = new SecureOutputStream(ss, ldap.out);
* }
* }
*}</pre></blockquote>
* }</pre></blockquote>
*
* @since 1.5
*
@ -121,12 +121,12 @@ public abstract interface SaslServer {
throws SaslException;
/**
* Determines whether the authentication exchange has completed.
* This method is typically called after each invocation of
* {@code evaluateResponse()} to determine whether the
* authentication has completed successfully or should be continued.
* @return true if the authentication exchange has completed; false otherwise.
*/
* Determines whether the authentication exchange has completed.
* This method is typically called after each invocation of
* {@code evaluateResponse()} to determine whether the
* authentication has completed successfully or should be continued.
* @return true if the authentication exchange has completed; false otherwise.
*/
public abstract boolean isComplete();
/**
@ -145,7 +145,7 @@ public abstract interface SaslServer {
* the authentication exchange has negotiated integrity and/or privacy
* as the quality of protection; otherwise,
* an {@code IllegalStateException} is thrown.
*<p>
* <p>
* {@code incoming} is the contents of the SASL buffer as defined in RFC 2222
* without the leading four octet field that represents the length.
* {@code offset} and {@code len} specify the portion of {@code incoming}
@ -171,7 +171,7 @@ public abstract interface SaslServer {
* completed (i.e., when {@code isComplete()} returns true) and only if
* the authentication exchange has negotiated integrity and/or privacy
* as the quality of protection; otherwise, a {@code SaslException} is thrown.
*<p>
* <p>
* The result of this method
* will make up the contents of the SASL buffer as defined in RFC 2222
* without the leading four octet field that represents the length.