1 /*
   2  * Copyright (c) 1999, 2015, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.  Oracle designates this
   8  * particular file as subject to the "Classpath" exception as provided
   9  * by Oracle in the LICENSE file that accompanied this code.
  10  *
  11  * This code is distributed in the hope that it will be useful, but WITHOUT
  12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any
  23  * questions.
  24  */
  25 
  26 package javax.security.sasl;
  27 
  28 import javax.security.auth.callback.CallbackHandler;
  29 
  30 import java.util.Enumeration;
  31 import java.util.Iterator;
  32 import java.util.Map;
  33 import java.util.Set;
  34 import java.util.HashSet;
  35 import java.util.Collections;
  36 import java.security.InvalidParameterException;
  37 import java.security.NoSuchAlgorithmException;
  38 import java.security.Provider;
  39 import java.security.Provider.Service;
  40 import java.security.Security;
  41 
  42 /**
  43  * A static class for creating SASL clients and servers.
  44  *<p>
  45  * This class defines the policy of how to locate, load, and instantiate
  46  * SASL clients and servers.
  47  *<p>
  48  * For example, an application or library gets a SASL client by doing
  49  * something like:
  50  *<blockquote><pre>
  51  * SaslClient sc = Sasl.createSaslClient(mechanisms,
  52  *     authorizationId, protocol, serverName, props, callbackHandler);
  53  *</pre></blockquote>
  54  * It can then proceed to use the instance to create an authentication connection.
  55  *<p>
  56  * Similarly, a server gets a SASL server by using code that looks as follows:
  57  *<blockquote><pre>
  58  * SaslServer ss = Sasl.createSaslServer(mechanism,
  59  *     protocol, serverName, props, callbackHandler);
  60  *</pre></blockquote>
  61  *
  62  * @since 1.5
  63  *
  64  * @author Rosanna Lee
  65  * @author Rob Weltman
  66  */
  67 public class Sasl {
  68     // Cannot create one of these
  69     private Sasl() {
  70     }
  71 
  72     /**
  73      * The name of a property that specifies the quality-of-protection to use.
  74      * The property contains a comma-separated, ordered list
  75      * of quality-of-protection values that the
  76      * client or server is willing to support.  A qop value is one of
  77      * <ul>
  78      * <li>{@code "auth"} - authentication only</li>
  79      * <li>{@code "auth-int"} - authentication plus integrity protection</li>
  80      * <li>{@code "auth-conf"} - authentication plus integrity and confidentiality
  81      * protection</li>
  82      * </ul>
  83      *
  84      * The order of the list specifies the preference order of the client or
  85      * server. If this property is absent, the default qop is {@code "auth"}.
  86      * The value of this constant is {@code "javax.security.sasl.qop"}.
  87      */
  88     public static final String QOP = "javax.security.sasl.qop";
  89 
  90     /**
  91      * The name of a property that specifies the cipher strength to use.
  92      * The property contains a comma-separated, ordered list
  93      * of cipher strength values that
  94      * the client or server is willing to support. A strength value is one of
  95      * <ul>
  96      * <li>{@code "low"}</li>
  97      * <li>{@code "medium"}</li>
  98      * <li>{@code "high"}</li>
  99      * </ul>
 100      * The order of the list specifies the preference order of the client or
 101      * server.  An implementation should allow configuration of the meaning
 102      * of these values.  An application may use the Java Cryptography
 103      * Extension (JCE) with JCE-aware mechanisms to control the selection of
 104      * cipher suites that match the strength values.
 105      * <BR>
 106      * If this property is absent, the default strength is
 107      * {@code "high,medium,low"}.
 108      * The value of this constant is {@code "javax.security.sasl.strength"}.
 109      */
 110     public static final String STRENGTH = "javax.security.sasl.strength";
 111 
 112     /**
 113      * The name of a property that specifies whether the
 114      * server must authenticate to the client. The property contains
 115      * {@code "true"} if the server must
 116      * authenticate the to client; {@code "false"} otherwise.
 117      * The default is {@code "false"}.
 118      * <br>The value of this constant is
 119      * {@code "javax.security.sasl.server.authentication"}.
 120      */
 121     public static final String SERVER_AUTH =
 122     "javax.security.sasl.server.authentication";
 123 
 124     /**
 125      * The name of a property that specifies the bound server name for
 126      * an unbound server. A server is created as an unbound server by setting
 127      * the {@code serverName} argument in {@link #createSaslServer} as null.
 128      * The property contains the bound host name after the authentication
 129      * exchange has completed. It is only available on the server side.
 130      * <br>The value of this constant is
 131      * {@code "javax.security.sasl.bound.server.name"}.
 132      */
 133     public static final String BOUND_SERVER_NAME =
 134     "javax.security.sasl.bound.server.name";
 135 
 136     /**
 137      * The name of a property that specifies the maximum size of the receive
 138      * buffer in bytes of {@code SaslClient}/{@code SaslServer}.
 139      * The property contains the string representation of an integer.
 140      * <br>If this property is absent, the default size
 141      * is defined by the mechanism.
 142      * <br>The value of this constant is {@code "javax.security.sasl.maxbuffer"}.
 143      */
 144     public static final String MAX_BUFFER = "javax.security.sasl.maxbuffer";
 145 
 146     /**
 147      * The name of a property that specifies the maximum size of the raw send
 148      * buffer in bytes of {@code SaslClient}/{@code SaslServer}.
 149      * The property contains the string representation of an integer.
 150      * The value of this property is negotiated between the client and server
 151      * during the authentication exchange.
 152      * <br>The value of this constant is {@code "javax.security.sasl.rawsendsize"}.
 153      */
 154     public static final String RAW_SEND_SIZE = "javax.security.sasl.rawsendsize";
 155 
 156     /**
 157      * The name of a property that specifies whether to reuse previously
 158      * authenticated session information. The property contains "true" if the
 159      * mechanism implementation may attempt to reuse previously authenticated
 160      * session information; it contains "false" if the implementation must
 161      * not reuse previously authenticated session information.  A setting of
 162      * "true" serves only as a hint: it does not necessarily entail actual
 163      * reuse because reuse might not be possible due to a number of reasons,
 164      * including, but not limited to, lack of mechanism support for reuse,
 165      * expiration of reusable information, and the peer's refusal to support
 166      * reuse.
 167      *
 168      * The property's default value is "false".  The value of this constant
 169      * is "javax.security.sasl.reuse".
 170      *
 171      * Note that all other parameters and properties required to create a
 172      * SASL client/server instance must be provided regardless of whether
 173      * this property has been supplied. That is, you cannot supply any less
 174      * information in anticipation of reuse.
 175      *
 176      * Mechanism implementations that support reuse might allow customization
 177      * of its implementation, for factors such as cache size, timeouts, and
 178      * criteria for reusability. Such customizations are
 179      * implementation-dependent.
 180      */
 181      public static final String REUSE = "javax.security.sasl.reuse";
 182 
 183     /**
 184      * The name of a property that specifies
 185      * whether mechanisms susceptible to simple plain passive attacks (e.g.,
 186      * "PLAIN") are not permitted. The property
 187      * contains {@code "true"} if such mechanisms are not permitted;
 188      * {@code "false"} if such mechanisms are permitted.
 189      * The default is {@code "false"}.
 190      * <br>The value of this constant is
 191      * {@code "javax.security.sasl.policy.noplaintext"}.
 192      */
 193     public static final String POLICY_NOPLAINTEXT =
 194     "javax.security.sasl.policy.noplaintext";
 195 
 196     /**
 197      * The name of a property that specifies whether
 198      * mechanisms susceptible to active (non-dictionary) attacks
 199      * are not permitted.
 200      * The property contains {@code "true"}
 201      * if mechanisms susceptible to active attacks
 202      * are not permitted; {@code "false"} if such mechanisms are permitted.
 203      * The default is {@code "false"}.
 204      * <br>The value of this constant is
 205      * {@code "javax.security.sasl.policy.noactive"}.
 206      */
 207     public static final String POLICY_NOACTIVE =
 208     "javax.security.sasl.policy.noactive";
 209 
 210     /**
 211      * The name of a property that specifies whether
 212      * mechanisms susceptible to passive dictionary attacks are not permitted.
 213      * The property contains {@code "true"}
 214      * if mechanisms susceptible to dictionary attacks are not permitted;
 215      * {@code "false"} if such mechanisms are permitted.
 216      * The default is {@code "false"}.
 217      *<br>
 218      * The value of this constant is
 219      * {@code "javax.security.sasl.policy.nodictionary"}.
 220      */
 221     public static final String POLICY_NODICTIONARY =
 222     "javax.security.sasl.policy.nodictionary";
 223 
 224     /**
 225      * The name of a property that specifies whether mechanisms that accept
 226      * anonymous login are not permitted. The property contains {@code "true"}
 227      * if mechanisms that accept anonymous login are not permitted;
 228      * {@code "false"}
 229      * if such mechanisms are permitted. The default is {@code "false"}.
 230      *<br>
 231      * The value of this constant is
 232      * {@code "javax.security.sasl.policy.noanonymous"}.
 233      */
 234     public static final String POLICY_NOANONYMOUS =
 235     "javax.security.sasl.policy.noanonymous";
 236 
 237      /**
 238       * The name of a property that specifies whether mechanisms that implement
 239       * forward secrecy between sessions are required. Forward secrecy
 240       * means that breaking into one session will not automatically
 241       * provide information for breaking into future sessions.
 242       * The property
 243       * contains {@code "true"} if mechanisms that implement forward secrecy
 244       * between sessions are required; {@code "false"} if such mechanisms
 245       * are not required. The default is {@code "false"}.
 246       *<br>
 247       * The value of this constant is
 248       * {@code "javax.security.sasl.policy.forward"}.
 249       */
 250     public static final String POLICY_FORWARD_SECRECY =
 251     "javax.security.sasl.policy.forward";
 252 
 253     /**
 254      * The name of a property that specifies whether
 255      * mechanisms that pass client credentials are required. The property
 256      * contains {@code "true"} if mechanisms that pass
 257      * client credentials are required; {@code "false"}
 258      * if such mechanisms are not required. The default is {@code "false"}.
 259      *<br>
 260      * The value of this constant is
 261      * {@code "javax.security.sasl.policy.credentials"}.
 262      */
 263     public static final String POLICY_PASS_CREDENTIALS =
 264     "javax.security.sasl.policy.credentials";
 265 
 266     /**
 267      * The name of a property that specifies the credentials to use.
 268      * The property contains a mechanism-specific Java credential object.
 269      * Mechanism implementations may examine the value of this property
 270      * to determine whether it is a class that they support.
 271      * The property may be used to supply credentials to a mechanism that
 272      * supports delegated authentication.
 273      *<br>
 274      * The value of this constant is
 275      * {@code "javax.security.sasl.credentials"}.
 276      */
 277     public static final String CREDENTIALS = "javax.security.sasl.credentials";
 278 
 279     /**
 280      * Creates a {@code SaslClient} using the parameters supplied.
 281      *
 282      * This method uses the
 283 <a href="{@docRoot}/../technotes/guides/security/crypto/CryptoSpec.html#Provider">JCA Security Provider Framework</a>, described in the
 284      * "Java Cryptography Architecture API Specification &amp; Reference", for
 285      * locating and selecting a {@code SaslClient} implementation.
 286      *
 287      * First, it
 288      * obtains an ordered list of {@code SaslClientFactory} instances from
 289      * the registered security providers for the "SaslClientFactory" service
 290      * and the specified SASL mechanism(s). It then invokes
 291      * {@code createSaslClient()} on each factory instance on the list
 292      * until one produces a non-null {@code SaslClient} instance. It returns
 293      * the non-null {@code SaslClient} instance, or null if the search fails
 294      * to produce a non-null {@code SaslClient} instance.
 295      *<p>
 296      * A security provider for SaslClientFactory registers with the
 297      * JCA Security Provider Framework keys of the form <br>
 298      * {@code SaslClientFactory.}<em>{@code mechanism_name}</em>
 299      * <br>
 300      * and values that are class names of implementations of
 301      * {@code javax.security.sasl.SaslClientFactory}.
 302      *
 303      * For example, a provider that contains a factory class,
 304      * {@code com.wiz.sasl.digest.ClientFactory}, that supports the
 305      * "DIGEST-MD5" mechanism would register the following entry with the JCA:
 306      * {@code SaslClientFactory.DIGEST-MD5 com.wiz.sasl.digest.ClientFactory}
 307      *<p>
 308      * See the
 309      * "Java Cryptography Architecture API Specification &amp; Reference"
 310      * for information about how to install and configure security service
 311      *  providers.
 312      *
 313      * @param mechanisms The non-null list of mechanism names to try. Each is the
 314      * IANA-registered name of a SASL mechanism. (e.g. "GSSAPI", "CRAM-MD5").
 315      * @param authorizationId The possibly null protocol-dependent
 316      * identification to be used for authorization.
 317      * If null or empty, the server derives an authorization
 318      * ID from the client's authentication credentials.
 319      * When the SASL authentication completes successfully,
 320      * the specified entity is granted access.
 321      *
 322      * @param protocol The non-null string name of the protocol for which
 323      * the authentication is being performed (e.g., "ldap").
 324      *
 325      * @param serverName The non-null fully-qualified host name of the server
 326      * to authenticate to.
 327      *
 328      * @param props The possibly null set of properties used to
 329      * select the SASL mechanism and to configure the authentication
 330      * exchange of the selected mechanism.
 331      * For example, if {@code props} contains the
 332      * {@code Sasl.POLICY_NOPLAINTEXT} property with the value
 333      * {@code "true"}, then the selected
 334      * SASL mechanism must not be susceptible to simple plain passive attacks.
 335      * In addition to the standard properties declared in this class,
 336      * other, possibly mechanism-specific, properties can be included.
 337      * Properties not relevant to the selected mechanism are ignored,
 338      * including any map entries with non-String keys.
 339      *
 340      * @param cbh The possibly null callback handler to used by the SASL
 341      * mechanisms to get further information from the application/library
 342      * to complete the authentication. For example, a SASL mechanism might
 343      * require the authentication ID, password and realm from the caller.
 344      * The authentication ID is requested by using a {@code NameCallback}.
 345      * The password is requested by using a {@code PasswordCallback}.
 346      * The realm is requested by using a {@code RealmChoiceCallback} if there is a list
 347      * of realms to choose from, and by using a {@code RealmCallback} if
 348      * the realm must be entered.
 349      *
 350      *@return A possibly null {@code SaslClient} created using the parameters
 351      * supplied. If null, cannot find a {@code SaslClientFactory}
 352      * that will produce one.
 353      *@exception SaslException If cannot create a {@code SaslClient} because
 354      * of an error.
 355      */
 356     public static SaslClient createSaslClient(
 357         String[] mechanisms,
 358         String authorizationId,
 359         String protocol,
 360         String serverName,
 361         Map<String,?> props,
 362         CallbackHandler cbh) throws SaslException {
 363 
 364         SaslClient mech = null;
 365         SaslClientFactory fac;
 366         Service service;
 367         String mechName;
 368 
 369         for (int i = 0; i < mechanisms.length; i++) {
 370             if ((mechName=mechanisms[i]) == null) {
 371                 throw new NullPointerException(
 372                     "Mechanism name cannot be null");
 373             } else if (mechName.length() == 0) {
 374                 continue;
 375             }
 376             String type = "SaslClientFactory";
 377             Provider[] provs = Security.getProviders(type + "." + mechName);
 378             if (provs != null) {
 379                 for (Provider p : provs) {
 380                     service = p.getService(type, mechName);
 381                     if (service == null) {
 382                         // no such service exists
 383                         continue;
 384                     }
 385 
 386                     fac = (SaslClientFactory) loadFactory(service);
 387                     if (fac != null) {
 388                         mech = fac.createSaslClient(
 389                             new String[]{mechanisms[i]}, authorizationId,
 390                             protocol, serverName, props, cbh);
 391                         if (mech != null) {
 392                             return mech;
 393                         }
 394                     }
 395                 }
 396             }
 397         }
 398         return null;
 399     }
 400 
 401     private static Object loadFactory(Service service)
 402         throws SaslException {
 403         try {
 404             /*
 405              * Load the implementation class with the same class loader
 406              * that was used to load the provider.
 407              * In order to get the class loader of a class, the
 408              * caller's class loader must be the same as or an ancestor of
 409              * the class loader being returned. Otherwise, the caller must
 410              * have "getClassLoader" permission, or a SecurityException
 411              * will be thrown.
 412              */
 413             return service.newInstance(null);
 414         } catch (InvalidParameterException | NoSuchAlgorithmException e) {
 415             throw new SaslException("Cannot instantiate service " + service, e);
 416         }
 417     }
 418 
 419 
 420     /**
 421      * Creates a {@code SaslServer} for the specified mechanism.
 422      *
 423      * This method uses the
 424 <a href="{@docRoot}/../technotes/guides/security/crypto/CryptoSpec.html#Provider">JCA Security Provider Framework</a>,
 425      * described in the
 426      * "Java Cryptography Architecture API Specification &amp; Reference", for
 427      * locating and selecting a {@code SaslServer} implementation.
 428      *
 429      * First, it
 430      * obtains an ordered list of {@code SaslServerFactory} instances from
 431      * the registered security providers for the "SaslServerFactory" service
 432      * and the specified mechanism. It then invokes
 433      * {@code createSaslServer()} on each factory instance on the list
 434      * until one produces a non-null {@code SaslServer} instance. It returns
 435      * the non-null {@code SaslServer} instance, or null if the search fails
 436      * to produce a non-null {@code SaslServer} instance.
 437      *<p>
 438      * A security provider for SaslServerFactory registers with the
 439      * JCA Security Provider Framework keys of the form <br>
 440      * {@code SaslServerFactory.}<em>{@code mechanism_name}</em>
 441      * <br>
 442      * and values that are class names of implementations of
 443      * {@code javax.security.sasl.SaslServerFactory}.
 444      *
 445      * For example, a provider that contains a factory class,
 446      * {@code com.wiz.sasl.digest.ServerFactory}, that supports the
 447      * "DIGEST-MD5" mechanism would register the following entry with the JCA:
 448      * {@code SaslServerFactory.DIGEST-MD5  com.wiz.sasl.digest.ServerFactory}
 449      *<p>
 450      * See the
 451      * "Java Cryptography Architecture API Specification &amp; Reference"
 452      * for information about how to install and configure security
 453      * service providers.
 454      *
 455      * @param mechanism The non-null mechanism name. It must be an
 456      * IANA-registered name of a SASL mechanism. (e.g. "GSSAPI", "CRAM-MD5").
 457      * @param protocol The non-null string name of the protocol for which
 458      * the authentication is being performed (e.g., "ldap").
 459      * @param serverName The fully qualified host name of the server, or null
 460      * if the server is not bound to any specific host name. If the mechanism
 461      * does not allow an unbound server, a {@code SaslException} will
 462      * be thrown.
 463      * @param props The possibly null set of properties used to
 464      * select the SASL mechanism and to configure the authentication
 465      * exchange of the selected mechanism.
 466      * For example, if {@code props} contains the
 467      * {@code Sasl.POLICY_NOPLAINTEXT} property with the value
 468      * {@code "true"}, then the selected
 469      * SASL mechanism must not be susceptible to simple plain passive attacks.
 470      * In addition to the standard properties declared in this class,
 471      * other, possibly mechanism-specific, properties can be included.
 472      * Properties not relevant to the selected mechanism are ignored,
 473      * including any map entries with non-String keys.
 474      *
 475      * @param cbh The possibly null callback handler to used by the SASL
 476      * mechanisms to get further information from the application/library
 477      * to complete the authentication. For example, a SASL mechanism might
 478      * require the authentication ID, password and realm from the caller.
 479      * The authentication ID is requested by using a {@code NameCallback}.
 480      * The password is requested by using a {@code PasswordCallback}.
 481      * The realm is requested by using a {@code RealmChoiceCallback} if there is a list
 482      * of realms to choose from, and by using a {@code RealmCallback} if
 483      * the realm must be entered.
 484      *
 485      *@return A possibly null {@code SaslServer} created using the parameters
 486      * supplied. If null, cannot find a {@code SaslServerFactory}
 487      * that will produce one.
 488      *@exception SaslException If cannot create a {@code SaslServer} because
 489      * of an error.
 490      **/
 491     public static SaslServer
 492         createSaslServer(String mechanism,
 493                     String protocol,
 494                     String serverName,
 495                     Map<String,?> props,
 496                     javax.security.auth.callback.CallbackHandler cbh)
 497         throws SaslException {
 498 
 499         SaslServer mech = null;
 500         SaslServerFactory fac;
 501         Service service;
 502 
 503         if (mechanism == null) {
 504             throw new NullPointerException("Mechanism name cannot be null");
 505         } else if (mechanism.length() == 0) {
 506             return null;
 507         }
 508 
 509         String type = "SaslServerFactory";
 510         Provider[] provs = Security.getProviders(type + "." + mechanism);
 511         if (provs != null) {
 512             for (Provider p : provs) {
 513                 service = p.getService(type, mechanism);
 514                 if (service == null) {
 515                     throw new SaslException("Provider does not support " +
 516                         mechanism + " " + type);
 517                 }
 518                 fac = (SaslServerFactory) loadFactory(service);
 519                 if (fac != null) {
 520                     mech = fac.createSaslServer(
 521                         mechanism, protocol, serverName, props, cbh);
 522                     if (mech != null) {
 523                         return mech;
 524                     }
 525                 }
 526             }
 527         }
 528         return null;
 529     }
 530 
 531     /**
 532      * Gets an enumeration of known factories for producing {@code SaslClient}.
 533      * This method uses the same algorithm for locating factories as
 534      * {@code createSaslClient()}.
 535      * @return A non-null enumeration of known factories for producing
 536      * {@code SaslClient}.
 537      * @see #createSaslClient
 538      */
 539     public static Enumeration<SaslClientFactory> getSaslClientFactories() {
 540         Set<Object> facs = getFactories("SaslClientFactory");
 541         final Iterator<Object> iter = facs.iterator();
 542         return new Enumeration<SaslClientFactory>() {
 543             public boolean hasMoreElements() {
 544                 return iter.hasNext();
 545             }
 546             public SaslClientFactory nextElement() {
 547                 return (SaslClientFactory)iter.next();
 548             }
 549         };
 550     }
 551 
 552     /**
 553      * Gets an enumeration of known factories for producing {@code SaslServer}.
 554      * This method uses the same algorithm for locating factories as
 555      * {@code createSaslServer()}.
 556      * @return A non-null enumeration of known factories for producing
 557      * {@code SaslServer}.
 558      * @see #createSaslServer
 559      */
 560     public static Enumeration<SaslServerFactory> getSaslServerFactories() {
 561         Set<Object> facs = getFactories("SaslServerFactory");
 562         final Iterator<Object> iter = facs.iterator();
 563         return new Enumeration<SaslServerFactory>() {
 564             public boolean hasMoreElements() {
 565                 return iter.hasNext();
 566             }
 567             public SaslServerFactory nextElement() {
 568                 return (SaslServerFactory)iter.next();
 569             }
 570         };
 571     }
 572 
 573     private static Set<Object> getFactories(String serviceName) {
 574         HashSet<Object> result = new HashSet<Object>();
 575 
 576         if ((serviceName == null) || (serviceName.length() == 0) ||
 577             (serviceName.endsWith("."))) {
 578             return result;
 579         }
 580 
 581         Provider[] provs = Security.getProviders();
 582         Object fac;
 583 
 584         for (Provider p : provs) {
 585 
 586             Iterator<Service> iter = p.getServices().iterator();
 587             while (iter.hasNext()) {
 588                 Service s = iter.next();
 589                 if (s.getType().equals(serviceName)) {
 590                     try {
 591                         fac = loadFactory(s);
 592                         if (fac != null) {
 593                             result.add(fac);
 594                         }
 595                     } catch (Exception ignore) {
 596                     }
 597                 }
 598             }
 599         }
 600         return Collections.unmodifiableSet(result);
 601     }
 602 }