-
Notifications
You must be signed in to change notification settings - Fork 33
/
Util.java
273 lines (255 loc) · 10.9 KB
/
Util.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
/*
* Copyright (c) 2000, 2020 Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2020, 2022 Contributors to the Eclipse Foundation
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Public License v. 2.0, which is available at
* http://www.eclipse.org/legal/epl-2.0.
*
* This Source Code may also be made available under the following Secondary
* Licenses when the conditions for such availability set forth in the
* Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
* version 2 with the GNU Classpath Exception, which is available at
* https://www.gnu.org/software/classpath/license.html.
*
* SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
*/
package com.sun.messaging.jms.ra;
import jakarta.resource.spi.security.PasswordCredential;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.security.auth.Subject;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Iterator;
import java.util.Set;
/**
* Util methods for the OpenMQ Resource Adapter for JMS
*/
public class Util {
/** Disable Constructor */
private Util() {
}
/**
* Generic equals method
*
* @param a object 1
* @param b object 2
*
* @return true if objects a and b are equal; false otherwise
*/
public static boolean isEqual(Object a, Object b) {
if (a == null) {
return (b == null);
} else {
return a.equals(b);
}
}
/**
* Checks two PassWordCredential instances for equality
*
* @param a PasswordCredential 1
* @param b PasswordCredential 2
*
* @return true if PasswordCredential a and PasswordCredential b are equal; false otherwise
*/
public static boolean isPasswordCredentialEqual(PasswordCredential a, PasswordCredential b) {
if (a == b) {
return true;
}
if ((a == null) && (b != null)) {
return false;
}
if ((a != null) && (b == null)) {
return false;
}
if (!isEqual(a.getUserName(), b.getUserName())) {
return false;
}
String p1 = null;
String p2 = null;
if (a.getPassword() != null) {
p1 = new String(a.getPassword());
}
if (b.getPassword() != null) {
p2 = new String(b.getPassword());
}
return (isEqual(p1, p2));
}
/**
* Returns a PasswordCredential by resolving the ManagedConnectionFactory, Subject, and ConnectionRequestInfo passed in.
*
* If the Subject is non-null, non-empty, it will be the src of the pc info. else, if it is empty, the MCF should be
* used else if it null, the CRI, is used if non-empty else the MCF is used.
*
* @return The PasswordCredential
*/
public static PasswordCredential getPasswordCredential(final com.sun.messaging.jms.ra.ManagedConnectionFactory mcf, final Subject subject,
com.sun.messaging.jms.ra.ConnectionRequestInfo myinfo) throws jakarta.resource.ResourceException {
String username2use = null;
String password2use = null;
PasswordCredential pc = null;
// System.out.println("MQRA:U:getPC()-subject="+subject+":CRInfo="+myinfo);
if (subject != null) {
// System.out.println("MQRA:U:getPC:non-null subject");
pc = (PasswordCredential) AccessController.doPrivileged(new PrivilegedAction<Object>() {
@Override
public Object run() {
Set creds = subject.getPrivateCredentials(PasswordCredential.class);
if (creds == null) {
// System.out.println("MQRA:U:getPC:null creds-return null pc");
return null;
}
Iterator iter = creds.iterator();
while (iter.hasNext()) {
PasswordCredential temp = (PasswordCredential) iter.next();
if (temp != null) {
// System.out.println("MQRA:U:getPC:pwc from subject="+temp.toString());
// Sufficient if username is non-null; do not retrieve the pw
if (temp.getUserName() != null) {
// System.out.println("MQRA:U:getPC:un+pw exist;return pwc="+temp.toString());
return temp;
}
}
}
// System.out.println("MQRA:U:getPC:null or empty subject-return null pc");
return null;
}
});
}
// Return only if a valid PasswordCredential is obtained
if (pc != null) {
// System.out.println("MQRA:U:getPC:-returning real pc from Subject");
return pc;
} else {
// else need to construct a pc from CRI or MCF
if (myinfo != null) {
if (myinfo.getUserName() != null) {
// System.out.println("MQRA:U:getPC():non-null CRI:creating pwc from CRI");
username2use = myinfo.getUserName();
password2use = myinfo.getPassword();
} else {
// System.out.println("MQRA:U:getPC():non-null CRI BUT un==null:creating pwc from MCF");
username2use = mcf.getUserName();
password2use = mcf.getPassword();
}
} else {
// need to construct a pc from MCF
// System.out.println("MQRA:U:getPC():null CRI:creating pwc from MCF");
username2use = mcf.getUserName();
password2use = mcf.getPassword();
}
char[] password = password2use.toCharArray();
pc = new PasswordCredential(username2use, password);
// System.out.println("MQRA:U:getPC:-returning pc from CRI/MCF");
return pc;
}
}
/**
* Returns whether a Subject has a valid PasswordCredential or not. A valid PWC is a non-null, non-empty username in the
* PWC of the subject
*
* @return true if subject has a valid PWC; false otherwise
*/
public static boolean isPasswordCredentialValid(final Subject subject) throws jakarta.resource.ResourceException {
if (subject == null) {
return false;
}
Boolean pwcValid = (Boolean) AccessController.doPrivileged(new PrivilegedAction<Object>() {
@Override
public Object run() {
Set creds = subject.getPrivateCredentials(PasswordCredential.class);
if (creds == null) {
return Boolean.FALSE;
}
Iterator iter = creds.iterator();
String un;
while (iter.hasNext()) {
PasswordCredential temp = (PasswordCredential) iter.next();
if (temp != null) {
un = temp.getUserName();
if (un != null && !("".equals(un))) {
return Boolean.TRUE;
}
}
}
return Boolean.FALSE;
}
});
return pwcValid.booleanValue();
}
/**
* Returns a PasswordCredential by resolving the ManagedConnectionFactory, Subject, and ConnectionRequestInfo passed in.
*
* If the Subject is non-null, non-empty, it will be the src of the pc info. else, if it is empty, the MCF should be
* used else if it null, the CRI, is used if non-empty else the MCF is used.
*
* @return The PasswordCredential
*/
public static PasswordCredential getPasswordCredentialOld(final com.sun.messaging.jms.ra.ManagedConnectionFactory mcf, final Subject subject,
com.sun.messaging.jms.ra.ConnectionRequestInfo myinfo) throws jakarta.resource.ResourceException {
// System.out.println("MQRA:U:getPC()-"+subject+":CRInfo="+myinfo);
if (subject == null) {
// System.out.println("MQRA:U:getPC:-null subject");
if (myinfo == null) {
// System.out.println("MQRA:U:getPC:-no crinfo;returning null");
return null;
} else {
// Can't create a PC with null values
if (myinfo.getUserName() == null || myinfo.getPassword() == null) {
// System.out.println("MQRA:U:getPC()-null un+pw;returning null");
return null;
}
char[] password = myinfo.getPassword().toCharArray();
PasswordCredential pc = new PasswordCredential(myinfo.getUserName(), password);
pc.setManagedConnectionFactory(mcf);
// System.out.println("MQRA:U:getPC:-returning real pc");
return pc;
}
} else {
// System.out.println("MQRA:U:getPC:non-null subject");
PasswordCredential pc = (PasswordCredential) AccessController.doPrivileged(new PrivilegedAction<Object>() {
@Override
public Object run() {
Set creds = subject.getPrivateCredentials(PasswordCredential.class);
Iterator iter = creds.iterator();
while (iter.hasNext()) {
PasswordCredential temp = (PasswordCredential) iter.next();
// if (temp != null) {
// System.out.println("MQRA:U:getPC:pwc from subject="+temp.toString());
// }
if (temp != null && temp.getManagedConnectionFactory() != null && temp.getManagedConnectionFactory().equals(mcf)) {
// System.out.println("MQRA:U:getPC:mcf == subject mcf-return real pc");
return temp;
}
}
// System.out.println("MQRA:U:getPC:mcf != subject mcf-return null pc");
return null;
}
});
if (pc == null) {
// System.out.println("MQRA:U:getPC:null pc;throw exc-null credentials");
throw new jakarta.resource.spi.SecurityException("MQRA:U:getPC:Null credentials");
} else {
// System.out.println("MQRA:U:getPC():returning a valid pc");
return pc;
}
}
}
public static Object jndiLookup(String jndiName) throws NamingException {
InitialContext ic = null;
Object obj = null;
try {
ic = new InitialContext();
obj = ic.lookup(jndiName);
} finally {
if (ic != null) {
try {
ic.close();
} catch (Exception e) {
}
}
}
return obj;
}
}