6516

Committed 11 Mar 2026 12:15AM UTC coverage: 46.217%. Remained the same

Build # 6516

Build Type

push

github

Committed by

web-flow

Commit Message

Update dependency org.eclipse.jdt:ecj to v3.45.0

Coverage Stats

276 of 734 branches covered (37.6%)

Branch coverage included in aggregate %.

1019 of 2068 relevant lines covered (49.27%)

1.0 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

10.78

/Source/JNA/waffle-jna/src/main/java/waffle/windows/auth/impl/WindowsAuthProviderImpl.java

/*
 * SPDX-License-Identifier: MIT
 * See LICENSE file for details.
 *
 * Copyright 2010-2026 The Waffle Project Contributors: https://github.com/Waffle/waffle/graphs/contributors
 */
package waffle.windows.auth.impl;

import com.sun.jna.platform.win32.Advapi32;
import com.sun.jna.platform.win32.Kernel32;
import com.sun.jna.platform.win32.Netapi32Util;
import com.sun.jna.platform.win32.Netapi32Util.DomainTrust;
import com.sun.jna.platform.win32.Secur32;
import com.sun.jna.platform.win32.Sspi;
import com.sun.jna.platform.win32.Sspi.CtxtHandle;
import com.sun.jna.platform.win32.SspiUtil.ManagedSecBufferDesc;
import com.sun.jna.platform.win32.Win32Exception;
import com.sun.jna.platform.win32.WinBase;
import com.sun.jna.platform.win32.WinError;
import com.sun.jna.platform.win32.WinNT.HANDLEByReference;
import com.sun.jna.ptr.IntByReference;

import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.ArrayList;
import java.util.List;

import waffle.util.cache.Cache;
import waffle.windows.auth.IWindowsAccount;
import waffle.windows.auth.IWindowsAuthProvider;
import waffle.windows.auth.IWindowsComputer;
import waffle.windows.auth.IWindowsCredentialsHandle;
import waffle.windows.auth.IWindowsDomain;
import waffle.windows.auth.IWindowsIdentity;
import waffle.windows.auth.IWindowsSecurityContext;

/**
 * Windows Auth Provider.
 */
public class WindowsAuthProviderImpl implements IWindowsAuthProvider {

    /** The Continue Context Timeout. */
    public static final int CONTINUE_CONTEXT_TIMEOUT = 30;

    /**
     * The Class ContinueContext.
     */
    private static class ContinueContext {
        /** The continue handle. */
        private CtxtHandle continueHandle;

        /** The server credential. */
        private IWindowsCredentialsHandle serverCredential;

        /**
         * Instantiates a new continue context.
         *
         * @param handle
         *            the handle
         * @param windowsCredential
         *            the windows credential
         */
        ContinueContext(final CtxtHandle handle, final IWindowsCredentialsHandle windowsCredential) {
            this.continueHandle = handle;
            this.serverCredential = windowsCredential;
        }
    }

    /** The continue contexts. */
    private final Cache<String, ContinueContext> continueContexts;

    /**
     * Instantiates a new windows auth provider impl.
     */
    public WindowsAuthProviderImpl() {
        this(WindowsAuthProviderImpl.CONTINUE_CONTEXT_TIMEOUT);
    }

    /**
     * A Windows authentication provider.
     *
     * @param continueContextsTimeout
     *            Timeout for security contexts in seconds.
     */
    public WindowsAuthProviderImpl(final int continueContextsTimeout) {
        this.continueContexts = Cache.newCache(continueContextsTimeout);
    }

    @Override
    public IWindowsSecurityContext acceptSecurityToken(final String connectionId, final byte[] token,
            final String securityPackage) {

        if (token == null || token.length == 0) {
            this.resetSecurityToken(connectionId);
            throw new Win32Exception(WinError.SEC_E_INVALID_TOKEN);
        }

        CtxtHandle continueHandle = null;
        IWindowsCredentialsHandle serverCredential;
        ContinueContext continueContext = this.continueContexts.get(connectionId);
        if (continueContext != null) {
            continueHandle = continueContext.continueHandle;
            serverCredential = continueContext.serverCredential;
        } else {
            serverCredential = new WindowsCredentialsHandleImpl(null, Sspi.SECPKG_CRED_INBOUND, securityPackage);
            serverCredential.initialize();
        }

        WindowsSecurityContextImpl sc;

        int rc;
        int tokenSize = Sspi.MAX_TOKEN_SIZE;

        do {
            final ManagedSecBufferDesc pbServerToken = new ManagedSecBufferDesc(Sspi.SECBUFFER_TOKEN, tokenSize);
            final ManagedSecBufferDesc pbClientToken = new ManagedSecBufferDesc(Sspi.SECBUFFER_TOKEN, token);
            final IntByReference pfClientContextAttr = new IntByReference();

            final CtxtHandle phNewServerContext = new CtxtHandle();
            rc = Secur32.INSTANCE.AcceptSecurityContext(serverCredential.getHandle(), continueHandle, pbClientToken,
                    Sspi.ISC_REQ_CONNECTION, Sspi.SECURITY_NATIVE_DREP, phNewServerContext, pbServerToken,
                    pfClientContextAttr, null);

            sc = new WindowsSecurityContextImpl();
            sc.setCredentialsHandle(serverCredential);
            sc.setSecurityPackage(securityPackage);
            sc.setSecurityContext(phNewServerContext);

            switch (rc) {
                case WinError.SEC_E_BUFFER_TOO_SMALL:
                    tokenSize += Sspi.MAX_TOKEN_SIZE;
                    sc.dispose();
                    WindowsSecurityContextImpl.dispose(continueHandle);
                    break;
                case WinError.SEC_E_OK:
                    // the security context received from the client was accepted
                    this.resetSecurityToken(connectionId);
                    // if an output token was generated by the function, it must be sent to the client process
                    if (pbServerToken.pBuffers != null && pbServerToken.cBuffers == 1
                            && pbServerToken.getBuffer(0).cbBuffer > 0) {
                        sc.setToken(pbServerToken.getBuffer(0).getBytes() == null ? new byte[0]
                                : pbServerToken.getBuffer(0).getBytes().clone());
                    }
                    sc.setContinue(false);
                    break;
                case WinError.SEC_I_CONTINUE_NEEDED:
                    // the server must send the output token to the client and wait for a returned token
                    continueContext = new ContinueContext(phNewServerContext, serverCredential);
                    this.continueContexts.put(connectionId, continueContext);
                    sc.setToken(pbServerToken.getBuffer(0).getBytes() == null ? new byte[0]
                            : pbServerToken.getBuffer(0).getBytes().clone());
                    sc.setContinue(true);
                    break;
                default:
                    sc.dispose();
                    WindowsSecurityContextImpl.dispose(continueHandle);
                    this.resetSecurityToken(connectionId);
                    throw new Win32Exception(rc);
            }
        } while (rc == WinError.SEC_E_BUFFER_TOO_SMALL);

        return sc;
    }

    @Override
    public IWindowsComputer getCurrentComputer() {
        try {
            return new WindowsComputerImpl(InetAddress.getLocalHost().getHostName());
        } catch (final UnknownHostException e) {
            throw new RuntimeException(e);
        }
    }

    @Override
    public IWindowsDomain[] getDomains() {
        final List<IWindowsDomain> domains = new ArrayList<>();
        final DomainTrust[] trusts = Netapi32Util.getDomainTrusts();
        for (final DomainTrust trust : trusts) {
            domains.add(new WindowsDomainImpl(trust));
        }
        return domains.toArray(new IWindowsDomain[0]);
    }

    @Override
    public IWindowsIdentity logonDomainUser(final String username, final String domain, final String password) {
        return this.logonDomainUserEx(username, domain, password, WinBase.LOGON32_LOGON_NETWORK,
                WinBase.LOGON32_PROVIDER_DEFAULT);
    }

    @Override
    public IWindowsIdentity logonDomainUserEx(final String username, final String domain, final String password,
            final int logonType, final int logonProvider) {
        final HANDLEByReference phUser = new HANDLEByReference();
        if (!Advapi32.INSTANCE.LogonUser(username, domain, password, logonType, logonProvider, phUser)) {
            throw new Win32Exception(Kernel32.INSTANCE.GetLastError());
        }
        return new WindowsIdentityImpl(phUser.getValue());
    }

    @Override
    public IWindowsIdentity logonUser(final String username, final String password) {
        // username@domain UPN format is natively supported by the
        // Windows LogonUser API process domain\\username format
        final String[] userNameDomain = username.split("\\\\", 2);
        if (userNameDomain.length == 2) {
            return this.logonDomainUser(userNameDomain[1], userNameDomain[0], password);
        }
        return this.logonDomainUser(username, null, password);
    }

    @Override
    public IWindowsAccount lookupAccount(final String username) {
        return new WindowsAccountImpl(username);
    }

    @Override
    public void resetSecurityToken(final String connectionId) {
        this.continueContexts.remove(connectionId);
    }

    /**
     * Number of elements in the continue contexts map.
     *
     * @return Number of elements in the hash map.
     */
    public int getContinueContextsSize() {
        return this.continueContexts.size();
    }
}

1	/*
2	* SPDX-License-Identifier: MIT
3	* See LICENSE file for details.
4	*
5	* Copyright 2010-2026 The Waffle Project Contributors: https://github.com/Waffle/waffle/graphs/contributors
6	*/
7	package waffle.windows.auth.impl;
8
9	import com.sun.jna.platform.win32.Advapi32;
10	import com.sun.jna.platform.win32.Kernel32;
11	import com.sun.jna.platform.win32.Netapi32Util;
12	import com.sun.jna.platform.win32.Netapi32Util.DomainTrust;
13	import com.sun.jna.platform.win32.Secur32;
14	import com.sun.jna.platform.win32.Sspi;
15	import com.sun.jna.platform.win32.Sspi.CtxtHandle;
16	import com.sun.jna.platform.win32.SspiUtil.ManagedSecBufferDesc;
17	import com.sun.jna.platform.win32.Win32Exception;
18	import com.sun.jna.platform.win32.WinBase;
19	import com.sun.jna.platform.win32.WinError;
20	import com.sun.jna.platform.win32.WinNT.HANDLEByReference;
21	import com.sun.jna.ptr.IntByReference;
22
23	import java.net.InetAddress;
24	import java.net.UnknownHostException;
25	import java.util.ArrayList;
26	import java.util.List;
27
28	import waffle.util.cache.Cache;
29	import waffle.windows.auth.IWindowsAccount;
30	import waffle.windows.auth.IWindowsAuthProvider;
31	import waffle.windows.auth.IWindowsComputer;
32	import waffle.windows.auth.IWindowsCredentialsHandle;
33	import waffle.windows.auth.IWindowsDomain;
34	import waffle.windows.auth.IWindowsIdentity;
35	import waffle.windows.auth.IWindowsSecurityContext;
36
37	/**
38	* Windows Auth Provider.
39	*/
40	public class WindowsAuthProviderImpl implements IWindowsAuthProvider {
41
42	/** The Continue Context Timeout. */
43	public static final int CONTINUE_CONTEXT_TIMEOUT = 30;
44
45	/**
46	* The Class ContinueContext.
47	*/
48	private static class ContinueContext {
49	/** The continue handle. */
50	private CtxtHandle continueHandle;
51
52	/** The server credential. */
53	private IWindowsCredentialsHandle serverCredential;
54
55	/**
56	* Instantiates a new continue context.
57	*
58	* @param handle
59	* the handle
60	* @param windowsCredential
61	* the windows credential
62	*/
63	ContinueContext(final CtxtHandle handle, final IWindowsCredentialsHandle windowsCredential) {	×
64	this.continueHandle = handle;	×
65	this.serverCredential = windowsCredential;	×
66	}	×
67	}
68
69	/** The continue contexts. */
70	private final Cache<String, ContinueContext> continueContexts;
71
72	/**
73	* Instantiates a new windows auth provider impl.
74	*/
75	public WindowsAuthProviderImpl() {
76	this(WindowsAuthProviderImpl.CONTINUE_CONTEXT_TIMEOUT);	2✔
77	}	2✔
78
79	/**
80	* A Windows authentication provider.
81	*
82	* @param continueContextsTimeout
83	* Timeout for security contexts in seconds.
84	*/
85	public WindowsAuthProviderImpl(final int continueContextsTimeout) {	2✔
86	this.continueContexts = Cache.newCache(continueContextsTimeout);	2✔
87	}	2✔
88
89	@Override
90	public IWindowsSecurityContext acceptSecurityToken(final String connectionId, final byte[] token,
91	final String securityPackage) {
92
93	if (token == null \|\| token.length == 0) {	×
94	this.resetSecurityToken(connectionId);	×
95	throw new Win32Exception(WinError.SEC_E_INVALID_TOKEN);	×
96	}
97
98	CtxtHandle continueHandle = null;	×
99	IWindowsCredentialsHandle serverCredential;
100	ContinueContext continueContext = this.continueContexts.get(connectionId);	×
101	if (continueContext != null) {	×
102	continueHandle = continueContext.continueHandle;	×
103	serverCredential = continueContext.serverCredential;	×
104	} else {
105	serverCredential = new WindowsCredentialsHandleImpl(null, Sspi.SECPKG_CRED_INBOUND, securityPackage);	×
106	serverCredential.initialize();	×
107	}
108
109	WindowsSecurityContextImpl sc;
110
111	int rc;
112	int tokenSize = Sspi.MAX_TOKEN_SIZE;	×
113
114	do {
115	final ManagedSecBufferDesc pbServerToken = new ManagedSecBufferDesc(Sspi.SECBUFFER_TOKEN, tokenSize);	×
116	final ManagedSecBufferDesc pbClientToken = new ManagedSecBufferDesc(Sspi.SECBUFFER_TOKEN, token);	×
117	final IntByReference pfClientContextAttr = new IntByReference();	×
118
119	final CtxtHandle phNewServerContext = new CtxtHandle();	×
120	rc = Secur32.INSTANCE.AcceptSecurityContext(serverCredential.getHandle(), continueHandle, pbClientToken,	×
121	Sspi.ISC_REQ_CONNECTION, Sspi.SECURITY_NATIVE_DREP, phNewServerContext, pbServerToken,
122	pfClientContextAttr, null);
123
124	sc = new WindowsSecurityContextImpl();	×
125	sc.setCredentialsHandle(serverCredential);	×
126	sc.setSecurityPackage(securityPackage);	×
127	sc.setSecurityContext(phNewServerContext);	×
128
129	switch (rc) {	×
130	case WinError.SEC_E_BUFFER_TOO_SMALL:
131	tokenSize += Sspi.MAX_TOKEN_SIZE;	×
132	sc.dispose();	×
133	WindowsSecurityContextImpl.dispose(continueHandle);	×
134	break;	×
135	case WinError.SEC_E_OK:
136	// the security context received from the client was accepted
137	this.resetSecurityToken(connectionId);	×
138	// if an output token was generated by the function, it must be sent to the client process
139	if (pbServerToken.pBuffers != null && pbServerToken.cBuffers == 1	×
140	&& pbServerToken.getBuffer(0).cbBuffer > 0) {	×
141	sc.setToken(pbServerToken.getBuffer(0).getBytes() == null ? new byte[0]	×
142	: pbServerToken.getBuffer(0).getBytes().clone());	×
143	}
144	sc.setContinue(false);	×
145	break;	×
146	case WinError.SEC_I_CONTINUE_NEEDED:
147	// the server must send the output token to the client and wait for a returned token
148	continueContext = new ContinueContext(phNewServerContext, serverCredential);	×
149	this.continueContexts.put(connectionId, continueContext);	×
150	sc.setToken(pbServerToken.getBuffer(0).getBytes() == null ? new byte[0]	×
151	: pbServerToken.getBuffer(0).getBytes().clone());	×
152	sc.setContinue(true);	×
153	break;	×
154	default:
155	sc.dispose();	×
156	WindowsSecurityContextImpl.dispose(continueHandle);	×
157	this.resetSecurityToken(connectionId);	×
158	throw new Win32Exception(rc);	×
159	}
160	} while (rc == WinError.SEC_E_BUFFER_TOO_SMALL);	×
161
162	return sc;	×
163	}
164
165	@Override
166	public IWindowsComputer getCurrentComputer() {
167	try {
168	return new WindowsComputerImpl(InetAddress.getLocalHost().getHostName());	2✔
169	} catch (final UnknownHostException e) {	×
170	throw new RuntimeException(e);	×
171	}
172	}
173
174	@Override
175	public IWindowsDomain[] getDomains() {
176	final List<IWindowsDomain> domains = new ArrayList<>();	×
177	final DomainTrust[] trusts = Netapi32Util.getDomainTrusts();	×
178	for (final DomainTrust trust : trusts) {	×
179	domains.add(new WindowsDomainImpl(trust));	×
180	}
181	return domains.toArray(new IWindowsDomain[0]);	×
182	}
183
184	@Override
185	public IWindowsIdentity logonDomainUser(final String username, final String domain, final String password) {
186	return this.logonDomainUserEx(username, domain, password, WinBase.LOGON32_LOGON_NETWORK,	×
187	WinBase.LOGON32_PROVIDER_DEFAULT);
188	}
189
190	@Override
191	public IWindowsIdentity logonDomainUserEx(final String username, final String domain, final String password,
192	final int logonType, final int logonProvider) {
193	final HANDLEByReference phUser = new HANDLEByReference();	2✔
194	if (!Advapi32.INSTANCE.LogonUser(username, domain, password, logonType, logonProvider, phUser)) {	2!
195	throw new Win32Exception(Kernel32.INSTANCE.GetLastError());	2✔
196	}
197	return new WindowsIdentityImpl(phUser.getValue());	×
198	}
199
200	@Override
201	public IWindowsIdentity logonUser(final String username, final String password) {
202	// username@domain UPN format is natively supported by the
203	// Windows LogonUser API process domain\\username format
204	final String[] userNameDomain = username.split("\\\\", 2);	×
205	if (userNameDomain.length == 2) {	×
206	return this.logonDomainUser(userNameDomain[1], userNameDomain[0], password);	×
207	}
208	return this.logonDomainUser(username, null, password);	×
209	}
210
211	@Override
212	public IWindowsAccount lookupAccount(final String username) {
213	return new WindowsAccountImpl(username);	2✔
214	}
215
216	@Override
217	public void resetSecurityToken(final String connectionId) {
218	this.continueContexts.remove(connectionId);	×
219	}	×
220
221	/**
222	* Number of elements in the continue contexts map.
223	*
224	* @return Number of elements in the hash map.
225	*/
226	public int getContinueContextsSize() {
227	return this.continueContexts.size();	×
228	}
229	}

Waffle / waffle / 6516

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous