[multiple changes]

2004-09-21 Andreas Tobler <a.tobler@schweiz.ch> Import the big Crypto/Jessie/Security merge from Classpath. * Makefile.am: Add imported files. * Makefile.in: Regenerate. 2004-08-14 Casey Marshall <csm@gnu.org> The Big Crypto Merge of 2004. * javax/security/auth/x500/X500Principal.java: Replaced with GNU Crypto's version. Files imported from GNU Crypto. * javax/crypto/BadPaddingException.java * javax/crypto/Cipher.java * javax/crypto/CipherInputStream.java * javax/crypto/CipherOutputStream.java * javax/crypto/CipherSpi.java * javax/crypto/EncryptedPrivateKeyInfo.java * javax/crypto/ExemptionMechanism.java * javax/crypto/ExemptionMechanismException.java * javax/crypto/ExemptionMechanismSpi.java * javax/crypto/IllegalBlockSizeException.java * javax/crypto/KeyAgreement.java * javax/crypto/KeyAgreementSpi.java * javax/crypto/KeyGenerator.java * javax/crypto/KeyGeneratorSpi.java * javax/crypto/Mac.java * javax/crypto/MacSpi.java * javax/crypto/Makefile.am * javax/crypto/NoSuchPaddingException.java * javax/crypto/NullCipher.java * javax/crypto/NullCipherImpl.java * javax/crypto/SealedObject.java * javax/crypto/SecretKey.java * javax/crypto/SecretKeyFactory.java * javax/crypto/SecretKeyFactorySpi.java * javax/crypto/ShortBufferException.java * javax/crypto/interfaces/DHKey.java * javax/crypto/interfaces/DHPrivateKey.java * javax/crypto/interfaces/DHPublicKey.java * javax/crypto/interfaces/PBEKey.java * javax/crypto/spec/DESKeySpec.java * javax/crypto/spec/DESedeKeySpec.java * javax/crypto/spec/DHGenParameterSpec.java * javax/crypto/spec/DHParameterSpec.java * javax/crypto/spec/DHPrivateKeySpec.java * javax/crypto/spec/DHPublicKeySpec.java * javax/crypto/spec/IvParameterSpec.java * javax/crypto/spec/PBEKeySpec.java * javax/crypto/spec/PBEParameterSpec.java * javax/crypto/spec/RC2ParameterSpec.java * javax/crypto/spec/RC5ParameterSpec.java * javax/crypto/spec/SecretKeySpec.java * javax/security/auth/AuthPermission.java * javax/security/auth/DestroyFailedException.java * javax/security/auth/Destroyable.java * javax/security/auth/Policy.java * javax/security/auth/PrivateCredentialPermission.java * javax/security/auth/RefreshFailedException.java * javax/security/auth/Refreshable.java * javax/security/auth/Subject.java * javax/security/auth/SubjectDomainCombiner.java * javax/security/auth/callback/Callback.java * javax/security/auth/callback/CallbackHandler.java * javax/security/auth/callback/ChoiceCallback.java * javax/security/auth/callback/ConfirmationCallback.java * javax/security/auth/callback/LanguageCallback.java * javax/security/auth/callback/NameCallback.java * javax/security/auth/callback/PasswordCallback.java * javax/security/auth/callback/TextInputCallback.java * javax/security/auth/callback/TextOutputCallback.java * javax/security/auth/callback/UnsupportedCallbackException.java * javax/security/auth/login/AccountExpiredException.java * javax/security/auth/login/AppConfigurationEntry.java * javax/security/auth/login/Configuration.java * javax/security/auth/login/CredentialExpiredException.java * javax/security/auth/login/FailedLoginException.java * javax/security/auth/login/LoginContext.java * javax/security/auth/login/LoginException.java * javax/security/auth/login/NullConfiguration.java * javax/security/auth/x500/X500PrivateCredential.java * javax/security/sasl/AuthenticationException.java * javax/security/sasl/AuthorizeCallback.java * javax/security/sasl/RealmCallback.java * javax/security/sasl/RealmChoiceCallback.java * javax/security/sasl/Sasl.java * javax/security/sasl/SaslClient.java * javax/security/sasl/SaslClientFactory.java * javax/security/sasl/SaslException.java * javax/security/sasl/SaslServer.java * javax/security/sasl/SaslServerFactory.java * org/ietf/jgss/ChannelBinding.java * org/ietf/jgss/GSSContext.java * org/ietf/jgss/GSSCredential.java * org/ietf/jgss/GSSException.java * org/ietf/jgss/GSSManager.java * org/ietf/jgss/GSSName.java * org/ietf/jgss/MessageProp.java * org/ietf/jgss/Oid.java * org/ietf/jgss/MessagesBundle.properties Files imported from Jessie <http://www.nongnu.org/jessie/> * javax/net/ServerSocketFactory.java * javax/net/SocketFactory.java * javax/net/VanillaServerSocketFactory.java * javax/net/VanillaSocketFactory.java * javax/net/ssl/HandshakeCompletedEvent.java * javax/net/ssl/HandshakeCompletedListener.java * javax/net/ssl/HostnameVerifier.java * javax/net/ssl/HttpsURLConnection.java * javax/net/ssl/KeyManager.java * javax/net/ssl/KeyManagerFactory.java * javax/net/ssl/KeyManagerFactorySpi.java * javax/net/ssl/ManagerFactoryParameters.java * javax/net/ssl/SSLContext.java * javax/net/ssl/SSLContextSpi.java * javax/net/ssl/SSLException.java * javax/net/ssl/SSLHandshakeException.java * javax/net/ssl/SSLKeyException.java * javax/net/ssl/SSLPeerUnverifiedException.java * javax/net/ssl/SSLPermission.java * javax/net/ssl/SSLProtocolException.java * javax/net/ssl/SSLServerSocket.java * javax/net/ssl/SSLServerSocketFactory.java * javax/net/ssl/SSLSession.java * javax/net/ssl/SSLSessionBindingEvent.java * javax/net/ssl/SSLSessionBindingListener.java * javax/net/ssl/SSLSessionContext.java * javax/net/ssl/SSLSocket.java * javax/net/ssl/SSLSocketFactory.java * javax/net/ssl/TrivialHostnameVerifier.java * javax/net/ssl/TrustManager.java * javax/net/ssl/TrustManagerFactory.java * javax/net/ssl/TrustManagerFactorySpi.java * javax/net/ssl/X509KeyManager.java * javax/net/ssl/X509TrustManager.java * javax/security/cert/Certificate.java * javax/security/cert/CertificateEncodingException.java * javax/security/cert/CertificateException.java * javax/security/cert/CertificateExpiredException.java * javax/security/cert/CertificateNotYetValidException.java * javax/security/cert/CertificateParsingException.java * javax/security/cert/X509CertBridge.java * javax/security/cert/X509Certificate.java 2004-08-20 Casey Marshall <csm@gnu.org> * java/security/cert/X509CRLSelector.java: New file. * java/security/cert/X509CertSelector.java: New file. From-SVN: r87795
author: Andreas Tobler <a.tobler@schweiz.ch> 2004-09-21 10:33:35 +0200
committer: Andreas Tobler <andreast@gcc.gnu.org> 2004-09-21 10:33:35 +0200
commit: 6f5ce93bab1c1ce6df0e71aa450f841f3d979bbc (patch)
tree: 9ec0d44b2435653b3e450bf4293546636a609d31 /libjava/javax/security/sasl/SaslClient.java
parent: c93320c457dc75596c5482cdbef7783ad6cdaf2e (diff)
download: gcc-6f5ce93bab1c1ce6df0e71aa450f841f3d979bbc.zip
gcc-6f5ce93bab1c1ce6df0e71aa450f841f3d979bbc.tar.gz
gcc-6f5ce93bab1c1ce6df0e71aa450f841f3d979bbc.tar.bz2
1 files changed, 231 insertions, 0 deletions
diff --git a/libjava/javax/security/sasl/SaslClient.java b/libjava/javax/security/sasl/SaslClient.java
new file mode 100644
index 0000000..ca95ced
--- /dev/null
+++ b/libjava/javax/security/sasl/SaslClient.java
@@ -0,0 +1,231 @@
+/* SaslClient.java
+   Copyright (C) 2003, Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpathis free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpathis distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation Inc., 59 Temple Place - Suite 330, Boston, MA
+02111-1307 USA
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version.  */
+
+
+package javax.security.sasl;
+
+/**
+ * <p>Performs SASL authentication as a client.</p>
+ *
+ * <p>A protocol library such as one for LDAP gets an instance of this class in
+ * order to perform authentication defined by a specific SASL mechanism.
+ * Invoking methods on the <code>SaslClient</code> instance process challenges
+ * and create responses according to the SASL mechanism implemented by the
+ * <code>SaslClient</code>. As the authentication proceeds, the instance
+ * encapsulates the state of a SASL client's authentication exchange.</p>
+ *
+ * <p>Here's an example of how an LDAP library might use a <code>SaslClient</code>.
+ * It first gets an instance of a SaslClient:</p>
+ * <pre>
+ *SaslClient sc =
+ *      Sasl.createSaslClient(mechanisms, authorizationID, protocol,
+ *                            serverName, props, callbackHandler);
+ * </pre>
+ *
+ * <p>It can then proceed to use the client for authentication. For example, an
+ * LDAP library might use the client as follows:</p>
+ * <pre>
+ * // Get initial response and send to server
+ *byte[] response = sc.hasInitialResponse()
+ *      ? sc.evaluateChallenge(new byte[0]) : null;
+ *LdapResult res = ldap.sendBindRequest(dn, sc.getName(), response);
+ *while (!sc.isComplete()
+ *       && ((res.status == SASL_BIND_IN_PROGRESS) || (res.status == SUCCESS))) {
+ *   response = sc.evaluateChallenge( res.getBytes() );
+ *   if (res.status == SUCCESS) {
+ *      // we're done; don't expect to send another BIND
+ *      if ( response != null ) {
+ *         throw new SaslException(
+ *               "Protocol error: attempting to send response after completion");
+ *      }
+ *      break;
+ *   }
+ *   res = ldap.sendBindRequest(dn, sc.getName(), response);
+ *}
+ *if (sc.isComplete() && (res.status == SUCCESS) ) {
+ *   String qop = (String)sc.getNegotiatedProperty(Sasl.QOP);
+ *   if ((qop != null)
+ *         && (qop.equalsIgnoreCase("auth-int")
+ *            || qop.equalsIgnoreCase("auth-conf"))) {
+ *      // Use SaslClient.wrap() and SaslClient.unwrap() for future
+ *      // communication with server
+ *      ldap.in = new SecureInputStream(sc, ldap.in);
+ *      ldap.out = new SecureOutputStream(sc, ldap.out);
+ *   }
+ *}
+ * </pre>
+ *
+ * <p>If the mechanism has an initial response, the library invokes
+ * {@link #evaluateChallenge(byte[])} with an empty challenge to get the initial
+ * response. Protocols such as IMAP4, which do not include an initial response
+ * with their first authentication command to the server, initiate the
+ * authentication without first calling {@link #hasInitialResponse()} or
+ * {@link #evaluateChallenge(byte[])}. When the server responds to the command,
+ * it sends an initial challenge. For a SASL mechanism in which the client sends
+ * data first, the server should have issued a challenge with no data. This will
+ * then result in a call (on the client) to {@link #evaluateChallenge(byte[])}
+ * with an empty challenge.</p>
+ *
+ * @see Sasl
+ * @see SaslClientFactory
+ * @version $Revision: 1.1 $
+ */
+public interface SaslClient
+{
+
+  /**
+   * Returns the IANA-registered mechanism name of this SASL client. (e.g.
+   * "CRAM-MD5", "GSSAPI").
+   *
+   * @return a non-null string representing the IANA-registered mechanism name.
+   */
+  String getMechanismName();
+
+  /**
+   * Determines if this mechanism has an optional initial response. If
+   * <code>true</code>, caller should call {@link #evaluateChallenge(byte[])}
+   * with an empty array to get the initial response.
+   *
+   * @return <code>true</code> if this mechanism has an initial response.
+   */
+  boolean hasInitialResponse();
+
+  /**
+   * Evaluates the challenge data and generates a response. If a challenge is
+   * received from the server during the authentication process, this method is
+   * called to prepare an appropriate next response to submit to the server.
+   *
+   * @param challenge the non-null challenge sent from the server. The
+   * challenge array may have zero length.
+   * @return the possibly <code>null</code> reponse to send to the server. It
+   * is <code>null</code> if the challenge accompanied a "SUCCESS" status and
+   * the challenge only contains data for the client to update its state and no
+   * response needs to be sent to the server. The response is a zero-length
+   * byte array if the client is to send a response with no data.
+   * @throws SaslException if an error occurred while processing the challenge
+   * or generating a response.
+   */
+  byte[] evaluateChallenge(byte[] challenge) throws SaslException;
+
+  /**
+   * Determines if the authentication exchange has completed. This method may
+   * be called at any time, but typically, it will not be called until the
+   * caller has received indication from the server (in a protocol-specific
+   * manner) that the exchange has completed.
+   *
+   * @return <code>true</code> if the authentication exchange has completed;
+   * <code>false</code> otherwise.
+   */
+  boolean isComplete();
+
+  /**
+   * <p>Unwraps a byte array received from the server. This method can be
+   * called only after the authentication exchange has completed (i.e., when
+   * {@link #isComplete()} returns <code>true</code>) and only if the
+   * authentication exchange has negotiated integrity and/or privacy as the
+   * quality of protection; otherwise, an {@link IllegalStateException} is
+   * thrown.</p>
+   *
+   * <p><code>incoming</code> is the contents of the SASL buffer as defined in
+   * RFC 2222 without the leading four octet field that represents the length.
+   * <code>offset</code> and <code>len</code> specify the portion of incoming
+   * to use.</p>
+   *
+   * @param incoming a non-null byte array containing the encoded bytes from
+   * the server.
+   * @param offset the starting position at <code>incoming</code> of the bytes
+   * to use.
+   * @param len the number of bytes from <code>incoming</code> to use.
+   * @return a non-null byte array containing the decoded bytes.
+   * @throws SaslException if <code>incoming</code> cannot be successfully
+   * unwrapped.
+   * @throws IllegalStateException if the authentication exchange has not
+   * completed, or if the negotiated quality of protection has neither
+   * integrity nor privacy.
+   */
+  byte[] unwrap(byte[] incoming, int offset, int len) throws SaslException;
+
+  /**
+   * <p>Wraps a byte array to be sent to the server. This method can be called
+   * only after the authentication exchange has completed (i.e., when
+   * {@link #isComplete()} returns <code>true</code>) and only if the
+   * authentication exchange has negotiated integrity and/or privacy as the
+   * quality of protection; otherwise, an {@link IllegalStateException} is
+   * thrown.</p>
+   *
+   * <p>The result of this method will make up the contents of the SASL buffer
+   * as defined in RFC 2222 without the leading four octet field that
+   * represents the length. <code>offset</code> and <code>len</code> specify
+   * the portion of <code>outgoing</code> to use.</p>
+   *
+   * @param outgoing a non-null byte array containing the bytes to encode.
+   * @param offset the starting position at <code>outgoing</code> of the bytes
+   * to use.
+   * @param len the number of bytes from <code>outgoing</code> to use.
+   * @return a non-null byte array containing the encoded bytes.
+   * @throws SaslException if <code>outgoing</code> cannot be successfully
+   * wrapped.
+   * @throws IllegalStateException if the authentication exchange has not
+   * completed, or if the negotiated quality of protection has neither
+   * integrity nor privacy.
+   */
+  byte[] wrap(byte[] outgoing, int offset, int len) throws SaslException;
+
+  /**
+   * Retrieves the negotiated property. This method can be called only after
+   * the authentication exchange has completed (i.e., when {@link #isComplete()}
+   * returns <code>true</code>); otherwise, an {@link IllegalStateException} is
+   * thrown.
+   *
+   * @param propName the non-null property name.
+   * @return the value of the negotiated property. If <code>null</code>, the
+   * property was not negotiated or is not applicable to this mechanism.
+   * @throws IllegalStateException if this authentication exchange has not
+   * completed.
+   */
+  Object getNegotiatedProperty(String propName) throws SaslException;
+
+  /**
+   * Disposes of any system resources or security-sensitive information the
+   * <code>SaslClient</code> might be using. Invoking this method invalidates
+   * the <code>SaslClient</code> instance. This method is idempotent.
+   *
+   * @throws SaslException if a problem was encountered while disposing of the
+   * resources.
+   */
+  void dispose() throws SaslException;
+}
author	Andreas Tobler <a.tobler@schweiz.ch>	2004-09-21 10:33:35 +0200
committer	Andreas Tobler <andreast@gcc.gnu.org>	2004-09-21 10:33:35 +0200
commit	6f5ce93bab1c1ce6df0e71aa450f841f3d979bbc (patch)
tree	9ec0d44b2435653b3e450bf4293546636a609d31 /libjava/javax/security/sasl/SaslClient.java
parent	c93320c457dc75596c5482cdbef7783ad6cdaf2e (diff)
download	gcc-6f5ce93bab1c1ce6df0e71aa450f841f3d979bbc.zip gcc-6f5ce93bab1c1ce6df0e71aa450f841f3d979bbc.tar.gz gcc-6f5ce93bab1c1ce6df0e71aa450f841f3d979bbc.tar.bz2