3
* ====================================================================
4
* Licensed to the Apache Software Foundation (ASF) under one
5
* or more contributor license agreements. See the NOTICE file
6
* distributed with this work for additional information
7
* regarding copyright ownership. The ASF licenses this file
8
* to you under the Apache License, Version 2.0 (the
9
* "License"); you may not use this file except in compliance
10
* with the License. You may obtain a copy of the License at
12
* http://www.apache.org/licenses/LICENSE-2.0
14
* Unless required by applicable law or agreed to in writing,
15
* software distributed under the License is distributed on an
16
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17
* KIND, either express or implied. See the License for the
18
* specific language governing permissions and limitations
20
* ====================================================================
24
package org.apache.subversion.javahl.callback;
26
import java.util.Date;
27
import java.util.List;
28
import java.util.logging.Logger;
31
* <p>The interface for requesting authentication credentials from the
32
* user. Should the javahl bindings need the matching information,
33
* these methodes will be called.</p>
35
* <p>This callback can also be used to provide the equivalent of the
36
* <code>--no-auth-cache</code> and <code>--non-interactive</code>
37
* arguments accepted by the command-line client.</p>
41
public interface AuthnCallback
44
* Abstract base class for callback results.
46
public abstract class AuthnResult
48
protected boolean save = false; // Allow saving the credentials
49
protected boolean trust = false; // SSL server cert trust
50
protected String identity = null; // Username or client cert filename
51
protected String secret = null; // Password or client cert passphrase
55
* The result type used by {@see #usernamePrompt}.
57
public static final class UsernameResult
59
implements java.io.Serializable
61
// Update the serialVersionUID when there is a incompatible change made to
62
// this class. See the java documentation for when a change is incompatible.
63
// http://java.sun.com/javase/7/docs/platform/serialization/spec/version.html#6678
64
private static final long serialVersionUID = 1L;
67
* Set the username in the result.
68
* Assumes the result may not be stored permanently.
69
* @param username The username.
71
public UsernameResult(String username)
77
* Set the username in the result.
78
* @param username The username.
79
* @param maySave Set if the result may be stored permanently.
81
public UsernameResult(String username, boolean maySave)
90
* @param realm The realm from which the question originates.
91
* @param maySave Indiceates whether saving credentials is allowed;
92
* if <code>false</code>, the <code>maySave</code> flag
93
* in the return value will be ignored.
94
* @return The result, or <code>null</code> if cancelled.
96
public UsernameResult usernamePrompt(String realm, boolean maySave);
100
* The result type used by {@see #userPasswordPrompt}.
102
public static final class UserPasswordResult
104
implements java.io.Serializable
106
// Update the serialVersionUID when there is a incompatible change made to
107
// this class. See the java documentation for when a change is incompatible.
108
// http://java.sun.com/javase/7/docs/platform/serialization/spec/version.html#6678
109
private static final long serialVersionUID = 1L;
112
* Set the username and password in the result.
113
* Assumes the result may not be stored permanently.
114
* @param username The username.
115
* @param password The password.
117
public UserPasswordResult(String username, String password)
124
* Set the username and password in the result.
125
* @param username The user name.
126
* @param password The password.
127
* @param maySave Set if the result may be stored permanently.
129
public UserPasswordResult(String username, String password,
139
* Ask for a username and password.
140
* @param realm The realm from which the question originates.
141
* @param username The username for the realm, if known; may be <code>null</code>.
142
* @param maySave Indiceates whether saving credentials is allowed;
143
* if <code>false</code>, the <code>maySave</code> flag
144
* in the return value will be ignored.
145
* @return The result, or <code>null</code> if cancelled.
147
public UserPasswordResult userPasswordPrompt(String realm, String username,
152
* Information about why parsing a server SSL certificate failed.
154
public static class SSLServerCertFailures implements java.io.Serializable
156
// Update the serialVersionUID when there is a incompatible change made to
157
// this class. See the java documentation for when a change is incompatible.
158
// http://java.sun.com/javase/7/docs/platform/serialization/spec/version.html#6678
159
private static final long serialVersionUID = 1L;
162
* The certificate is not yet valid.
164
public boolean notYetValid()
166
return ((failures & NOT_YET_VALID) != 0);
170
* The certificate has expired.
172
public boolean expired()
174
return ((failures & EXPIRED) != 0);
178
* Certificate's CN (hostname) does not match the remote hostname.
180
public boolean cnMismatch()
182
return ((failures & CN_MISMATCH) != 0);
186
* Certificate authority is unknown (i.e., not trusted).
188
public boolean unknownCA()
190
return ((failures & UNKNOWN_CA) != 0);
194
* Other failure. This can happen if an unknown failure occurs
195
* that we do not handle yet.
197
public boolean other()
199
return ((failures & OTHER) != 0 || (failures & ~ALL_KNOWN) != 0);
202
/** @return the internal bitfield representation of the failures. */
203
public int getFailures()
208
private static final int NOT_YET_VALID = 0x00000001;
209
private static final int EXPIRED = 0x00000002;
210
private static final int CN_MISMATCH = 0x00000004;
211
private static final int UNKNOWN_CA = 0x00000008;
212
private static final int OTHER = 0x40000000;
214
private static final int ALL_KNOWN = (NOT_YET_VALID | EXPIRED
215
| CN_MISMATCH | UNKNOWN_CA
218
/* This private constructor is used by the native implementation. */
219
private SSLServerCertFailures(int failures)
221
/* Double-check that we did not forget to map any of the
222
failure flags, and flag an "other" failure. */
223
final int missing = (failures & ~ALL_KNOWN);
226
Logger log = Logger.getLogger("org.apache.subversion.javahl");
227
log.warning(String.format("Unknown SSL certificate parsing "
228
+ "failure flags: %1$x", missing));
231
this.failures = failures;
234
private int failures;
238
* Detailed information about the parsed server SSL certificate.
240
public static class SSLServerCertInfo implements java.io.Serializable
242
// Update the serialVersionUID when there is a incompatible change made to
243
// this class. See the java documentation for when a change is incompatible.
244
// http://java.sun.com/javase/7/docs/platform/serialization/spec/version.html#6678
245
private static final long serialVersionUID = 1L;
248
* @return The subject of the certificate.
250
public String getSubject()
256
* @return The certificate issuer.
258
public String getIssuer()
264
* @return The from which the certificate is valid.
266
public Date getValidFrom()
272
* @return The date after which the certificate is no longer valid.
274
public Date getValidTo()
280
* @return The certificate fingerprint.
282
public byte[] getFingerprint()
288
* @return A list of host names that the certificate represents.
290
public List<String> getHostnames()
296
* @return the Base64-encoded raw certificate data.
298
public String getCert()
303
/* This private constructor is used by the native implementation. */
304
private SSLServerCertInfo(String subject, String issuer,
305
long validFrom, long validTo,
307
List<String> hostnames,
310
this.subject = subject;
311
this.issuer = issuer;
312
this.validFrom = new Date(validFrom);
313
this.validTo = new Date(validTo);
314
this.fingerprint = fingerprint;
315
this.hostnames = hostnames;
316
this.asciiCert = asciiCert;
319
private String subject;
320
private String issuer;
321
private Date validFrom;
322
private Date validTo;
323
private byte[] fingerprint;
324
private List<String> hostnames;
325
private String asciiCert;
329
* The result type used by {@see #sslServerTrustPrompt}.
331
public static final class SSLServerTrustResult
333
implements java.io.Serializable
335
// Update the serialVersionUID when there is a incompatible change made to
336
// this class. See the java documentation for when a change is incompatible.
337
// http://java.sun.com/javase/7/docs/platform/serialization/spec/version.html#6678
338
private static final long serialVersionUID = 1L;
341
* Create a result that rejects the certificate.
343
public static SSLServerTrustResult reject()
345
return new SSLServerTrustResult(false, false);
349
* Create a result that temporarily accepts the certificate,
350
* for the duration of the current connection.
352
public static SSLServerTrustResult acceptTemporarily()
354
return new SSLServerTrustResult(true, false);
358
* Create a result that permanently accepts the certificate.
360
public static SSLServerTrustResult acceptPermanently()
362
return new SSLServerTrustResult(true, true);
365
private SSLServerTrustResult(boolean accept, boolean maySave)
373
* Ask if we trust the server certificate.
374
* @param realm The realm from which the question originates.
375
* @param failures The result of parsing the certificate;
376
* if <code>null</code>, there were no failures.
377
* @param info Information extracted from the certificate.
378
* @param maySave Indiceates whether saving credentials is allowed;
379
* if <code>false</code>, the <code>maySave</code> flag
380
* in the return value will be ignored.
381
* @return The result, or <code>null</code> if cancelled.
383
public SSLServerTrustResult
384
sslServerTrustPrompt(String realm,
385
SSLServerCertFailures failures,
386
SSLServerCertInfo info,
391
* The result type used by {@see #sslClientCertPrompt}.
393
public static final class SSLClientCertResult
395
implements java.io.Serializable
397
// Update the serialVersionUID when there is a incompatible change made to
398
// this class. See the java documentation for when a change is incompatible.
399
// http://java.sun.com/javase/7/docs/platform/serialization/spec/version.html#6678
400
private static final long serialVersionUID = 1L;
403
* Set the absolute path of the cerfiticate file in the result.
404
* Assumes the result may not be stored permanently.
405
* @param path The absolute path of the certificate.
407
public SSLClientCertResult(String path)
413
* Set the absolute path of the cerfiticate file in the result.
414
* @param path The absolute path of the certificate.
415
* @param maySave Set if the result may be stored permanently.
417
public SSLClientCertResult(String path, boolean maySave)
425
* Ask for the (local) file name of a client SSL certificate.
426
* @param realm The realm from which the question originates.
427
* @param maySave Indiceates whether saving credentials is allowed;
428
* if <code>false</code>, the <code>maySave</code> flag
429
* in the return value will be ignored.
430
* @return The result, or <code>null</code> if cancelled.
432
public SSLClientCertResult
433
sslClientCertPrompt(String realm, boolean maySave);
437
* The result type used by {@see #sslClientCertPassphrasePrompt}.
439
public static final class SSLClientCertPassphraseResult
441
implements java.io.Serializable
443
// Update the serialVersionUID when there is a incompatible change made to
444
// this class. See the java documentation for when a change is incompatible.
445
// http://java.sun.com/javase/7/docs/platform/serialization/spec/version.html#6678
446
private static final long serialVersionUID = 1L;
449
* Set the cerfiticate passphrase in the result.
450
* Assumes the result may not be stored permanently.
451
* @param passphrase The passphrase for decrypting the certificate.
453
public SSLClientCertPassphraseResult(String passphrase)
459
* Set the cerfiticate passphrase in the result.
460
* @param passphrase The passphrase for decrypting the certificate.
461
* @param maySave Set if the result may be stored permanently.
463
public SSLClientCertPassphraseResult(String passphrase, boolean maySave)
471
* Ask for passphrase for decrypting a client SSL certificate.
472
* @param realm The realm from which the question originates.
473
* @param maySave Indiceates whether saving credentials is allowed;
474
* if <code>false</code>, the <code>maySave</code> flag
475
* in the return value will be ignored.
476
* @return The result, or <code>null</code> if cancelled.
478
public SSLClientCertPassphraseResult
479
sslClientCertPassphrasePrompt(String realm, boolean maySave);
483
* Ask if a password may be stored on disk in plaintext.
484
* @param realm The realm from which the question originates.
485
* @return <code>true</code> if the password may be stored in plaintext.
487
public boolean allowStorePlaintextPassword(String realm);
490
* Ask if a certificate passphrase may be stored on disk in plaintext.
491
* @param realm The realm from which the question originates.
492
* @return <code>true</code> if the passphrase may be stored in plaintext.
494
public boolean allowStorePlaintextPassphrase(String realm);