2004-11-16 Andreas Tobler <a.tobler@schweiz.ch>

	* Makefile.am: Add imported files.
	* Makefile.in: Regenerate.

	2004-10-24  Casey Marshall  <csm@gnu.org>

	* javax/security/auth/login/LoginContext.java: Implemented.
	* javax/security/auth/login/Configuration.java (getConfig): New method.
	* javax/security/auth/spi/LoginModule.java,
	* gnu/java/security/action/GetSecurityPropertyAction.java: New files.


git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@90718 138bc75d-0d04-0410-961f-82ee72b054a4

2 files changed, 220 insertions, 0 deletions

diff --git a/libjava/javax/security/auth/login/Configuration.java b/libjava/javax/security/auth/login/Configuration.java
index 4a55013ca2b..4425770d6fa 100644
--- a/libjava/javax/security/auth/login/Configuration.java
+++ b/libjava/javax/security/auth/login/Configuration.java
@@ -106,4 +106,15 @@ public abstract class Configuration
   public abstract AppConfigurationEntry[] getAppConfigurationEntry (String applicationName);
 
   public abstract void refresh();
+
+  // Package-private methods.
+  // -------------------------------------------------------------------------
+
+  /**
+   * Get the current configuration, bypassing security checks.
+   */
+  static Configuration getConfig()
+  {
+    return config;
+  }
 }
diff --git a/libjava/javax/security/auth/login/LoginContext.java b/libjava/javax/security/auth/login/LoginContext.java
index da88e841282..aa4d611d98c 100644
--- a/libjava/javax/security/auth/login/LoginContext.java
+++ b/libjava/javax/security/auth/login/LoginContext.java
@@ -38,7 +38,216 @@ exception statement from your version. */
 
 package javax.security.auth.login;
 
+import gnu.java.security.action.GetSecurityPropertyAction;
+
+import java.security.AccessController;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.spi.LoginModule;
+
 public class LoginContext
 {
 
+  private static final String OTHER = "other";
+
+  private final String name;
+  private final CallbackHandler cbHandler;
+  private final Subject subject;
+  private final AppConfigurationEntry[] entries;
+  private final LoginModule[] modules;
+  private final Map sharedState;
+
+  public LoginContext (final String name) throws LoginException
+  {
+    this (name, new Subject(), defaultHandler());
+  }
+
+  public LoginContext (final String name, final CallbackHandler cbHandler)
+    throws LoginException
+  {
+    this (name, new Subject(), cbHandler);
+  }
+
+  public LoginContext (final String name, final Subject subject)
+    throws LoginException
+  {
+    this (name, subject, defaultHandler());
+  }
+
+  public LoginContext (final String name, final Subject subject,
+                       final CallbackHandler cbHandler)
+    throws LoginException
+  {
+    Configuration config = Configuration.getConfig();
+    AppConfigurationEntry[] entries = config.getAppConfigurationEntry (name);
+    if (entries == null)
+      entries = config.getAppConfigurationEntry (OTHER);
+    if (entries == null)
+      throw new LoginException ("no configured modules for application "
+                                + name);
+    this.entries = entries;
+    modules = new LoginModule[entries.length];
+    sharedState = new HashMap();
+    for (int i = 0; i < entries.length; i++)
+      modules[i] = lookupModule (entries[i], subject, sharedState);
+    this.name = name;
+    this.subject = subject;
+    this.cbHandler = cbHandler;
+  }
+
+  /**
+   * Returns the authenticated subject, or the parameter passed to one
+   * of the constructors. <code>null</code> is returned if the previous
+   * login attempt failed and there was no subject provided.
+   *
+   * @return The subject, or null.
+   */
+  public Subject getSubject()
+  {
+    return subject;
+  }
+
+  /**
+   * Logs a subject in, using all login modules configured for this
+   * application. This method will call the {@link LoginModule#login()}
+   * method of each module configured for this application, stopping
+   * if a REQUISITE module fails or if a SUFFICIENT module succeeds. If
+   * the overall login attempt fails, a {@link LoginException} will be
+   * thrown.
+   *
+   * @throws LoginException If logging in fails.
+   */
+  public void login() throws LoginException
+  {
+    boolean failure = false;
+    for (int i = 0; i < modules.length; i++)
+      {
+        try
+          {
+            boolean result = modules[i].login();
+            if (!result)
+              {
+                if (entries[i].getControlFlag() ==
+                    AppConfigurationEntry.LoginModuleControlFlag.REQUISITE)
+                  throw new LoginException ("REQUISITE module " + entries[i].getLoginModuleName()
+                                            + " failed");
+                else if (entries[i].getControlFlag() ==
+                         AppConfigurationEntry.LoginModuleControlFlag.REQUIRED)
+                  failure = true;
+              }
+            else
+              {
+                if (entries[i].getControlFlag() ==
+                    AppConfigurationEntry.LoginModuleControlFlag.SUFFICIENT)
+                  break;
+              }
+          }
+        catch (LoginException le)
+          {
+            if (entries[i].getControlFlag() !=
+                AppConfigurationEntry.LoginModuleControlFlag.REQUISITE)
+              continue;
+            for (int j = 0; j < modules.length; j++)
+              modules[i].abort();
+            throw le;
+          }
+      }
+    if (failure)
+      throw new LoginException ("not all REQUIRED modules succeeded");
+
+    for (int i = 0; i < modules.length; i++)
+      modules[i].commit();
+  }
+
+  /**
+   * Logs a subject out, cleaning up any state that may be in memory.
+   *
+   * @throws LoginException If logging out fails.
+   */
+  public void logout() throws LoginException
+  {
+    for (int i = 0; i < modules.length; i++)
+      modules[i].logout();
+  }
+
+  // Own methods.
+
+  /**
+   * Fetch the default callback handler, based on the
+   * auth.login.defaultCallbackHandler property, or null if it is not
+   * set.
+   */
+  private static CallbackHandler defaultHandler()
+  {
+    GetSecurityPropertyAction act =
+      new GetSecurityPropertyAction ("auth.login.defaultCallbackHandler");
+    String classname = (String) AccessController.doPrivileged (act);
+    if (classname != null)
+      {
+        try
+          {
+            return (CallbackHandler) Class.forName (classname).newInstance();
+          }
+        catch (ClassNotFoundException cnfe)
+          {
+            return null;
+          }
+        catch (ClassCastException cce)
+          {
+            return null;
+          }
+        catch (IllegalAccessException iae)
+          {
+            return null;
+          }
+        catch (InstantiationException ie)
+          {
+            return null;
+          }
+      }
+    return null;
+  }
+
+  private LoginModule lookupModule (AppConfigurationEntry entry,
+                                    Subject subject, Map sharedState)
+    throws LoginException
+  {
+    LoginModule module = null;
+    Exception cause = null;
+    try
+      {
+        module = (LoginModule) Class.forName (entry.getLoginModuleName()).newInstance();
+      }
+    catch (ClassNotFoundException cnfe)
+      {
+        cause = cnfe;
+      }
+    catch (ClassCastException cce)
+      {
+        cause = cce;
+      }
+    catch (IllegalAccessException iae)
+      {
+        cause = iae;
+      }
+    catch (InstantiationException ie)
+      {
+        cause = ie;
+      }
+
+    if (cause != null)
+      {
+        LoginException le = new LoginException ("could not load module "
+                                                + entry.getLoginModuleName());
+        le.initCause (cause);
+        throw le;
+      }
+
+    module.initialize (subject, cbHandler, sharedState, entry.getOptions());
+    return module;
+  }
 }