| author | weijun |
| Wed, 20 May 2009 10:12:00 +0800 | |
| changeset 2918 | 395b9ffa7cc6 |
| parent 2 | 90ce3da70b43 |
| child 3949 | 00603a93b589 |
| permissions | -rw-r--r-- |
| 2 | 1 |
/* |
|
2918
395b9ffa7cc6
6682516: SPNEGO_HTTP_AUTH/WWW_KRB and SPNEGO_HTTP_AUTH/WWW_SPNEGO failed on all non-windows platforms
weijun
parents:
2
diff
changeset
|
2 |
* Portions Copyright 2000-2009 Sun Microsystems, Inc. All Rights Reserved. |
| 2 | 3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 |
* |
|
5 |
* This code is free software; you can redistribute it and/or modify it |
|
6 |
* under the terms of the GNU General Public License version 2 only, as |
|
7 |
* published by the Free Software Foundation. Sun designates this |
|
8 |
* particular file as subject to the "Classpath" exception as provided |
|
9 |
* by Sun in the LICENSE file that accompanied this code. |
|
10 |
* |
|
11 |
* This code is distributed in the hope that it will be useful, but WITHOUT |
|
12 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
13 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
14 |
* version 2 for more details (a copy is included in the LICENSE file that |
|
15 |
* accompanied this code). |
|
16 |
* |
|
17 |
* You should have received a copy of the GNU General Public License version |
|
18 |
* 2 along with this work; if not, write to the Free Software Foundation, |
|
19 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
20 |
* |
|
21 |
* Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, |
|
22 |
* CA 95054 USA or visit www.sun.com if you need additional information or |
|
23 |
* have any questions. |
|
24 |
*/ |
|
25 |
||
26 |
/* |
|
27 |
* |
|
28 |
* (C) Copyright IBM Corp. 1999 All Rights Reserved. |
|
29 |
* Copyright 1997 The Open Group Research Institute. All rights reserved. |
|
30 |
*/ |
|
31 |
||
32 |
package sun.security.krb5; |
|
33 |
||
34 |
import sun.security.krb5.internal.*; |
|
35 |
import sun.security.util.*; |
|
36 |
import java.net.*; |
|
37 |
import java.util.Vector; |
|
38 |
import java.io.IOException; |
|
39 |
import java.math.BigInteger; |
|
40 |
import sun.security.krb5.internal.ccache.CCacheOutputStream; |
|
41 |
||
42 |
||
43 |
/** |
|
44 |
* This class encapsulates a Kerberos principal. |
|
45 |
*/ |
|
46 |
public class PrincipalName |
|
47 |
implements Cloneable {
|
|
48 |
||
49 |
//name types |
|
50 |
||
51 |
/** |
|
52 |
* Name type not known |
|
53 |
*/ |
|
54 |
public static final int KRB_NT_UNKNOWN = 0; |
|
55 |
||
56 |
/** |
|
57 |
* Just the name of the principal as in DCE, or for users |
|
58 |
*/ |
|
59 |
public static final int KRB_NT_PRINCIPAL = 1; |
|
60 |
||
61 |
/** |
|
62 |
* Service and other unique instance (krbtgt) |
|
63 |
*/ |
|
64 |
public static final int KRB_NT_SRV_INST = 2; |
|
65 |
||
66 |
/** |
|
67 |
* Service with host name as instance (telnet, rcommands) |
|
68 |
*/ |
|
69 |
public static final int KRB_NT_SRV_HST = 3; |
|
70 |
||
71 |
/** |
|
72 |
* Service with host as remaining components |
|
73 |
*/ |
|
74 |
public static final int KRB_NT_SRV_XHST = 4; |
|
75 |
||
76 |
/** |
|
77 |
* Unique ID |
|
78 |
*/ |
|
79 |
public static final int KRB_NT_UID = 5; |
|
80 |
||
81 |
||
82 |
||
83 |
/** |
|
84 |
* TGS Name |
|
85 |
*/ |
|
86 |
public static final String TGS_DEFAULT_SRV_NAME = "krbtgt"; |
|
87 |
public static final int TGS_DEFAULT_NT = KRB_NT_SRV_INST; |
|
88 |
||
89 |
public static final char NAME_COMPONENT_SEPARATOR = '/'; |
|
90 |
public static final char NAME_REALM_SEPARATOR = '@'; |
|
91 |
public static final char REALM_COMPONENT_SEPARATOR = '.'; |
|
92 |
||
93 |
public static final String NAME_COMPONENT_SEPARATOR_STR = "/"; |
|
94 |
public static final String NAME_REALM_SEPARATOR_STR = "@"; |
|
95 |
public static final String REALM_COMPONENT_SEPARATOR_STR = "."; |
|
96 |
||
97 |
private int nameType; |
|
98 |
private String[] nameStrings; // Principal names don't mutate often |
|
99 |
||
100 |
private Realm nameRealm; // optional; a null realm means use default |
|
101 |
// Note: the nameRealm is not included in the default ASN.1 encoding |
|
102 |
||
103 |
// salt for principal |
|
104 |
private String salt = null; |
|
105 |
||
106 |
protected PrincipalName() {
|
|
107 |
} |
|
108 |
||
109 |
public PrincipalName(String[] nameParts, int type) |
|
110 |
throws IllegalArgumentException, IOException {
|
|
111 |
if (nameParts == null) {
|
|
112 |
throw new IllegalArgumentException("Null input not allowed");
|
|
113 |
} |
|
114 |
nameStrings = new String[nameParts.length]; |
|
115 |
System.arraycopy(nameParts, 0, nameStrings, 0, nameParts.length); |
|
116 |
nameType = type; |
|
117 |
nameRealm = null; |
|
118 |
} |
|
119 |
||
120 |
public PrincipalName(String[] nameParts) throws IOException {
|
|
121 |
this(nameParts, KRB_NT_UNKNOWN); |
|
122 |
} |
|
123 |
||
124 |
public Object clone() {
|
|
125 |
PrincipalName pName = new PrincipalName(); |
|
126 |
pName.nameType = nameType; |
|
127 |
if (nameStrings != null) {
|
|
128 |
pName.nameStrings = |
|
129 |
new String[nameStrings.length]; |
|
130 |
System.arraycopy(nameStrings,0,pName.nameStrings,0, |
|
131 |
nameStrings.length); |
|
132 |
} |
|
133 |
if (nameRealm != null) {
|
|
134 |
pName.nameRealm = (Realm)nameRealm.clone(); |
|
135 |
} |
|
136 |
return pName; |
|
137 |
} |
|
138 |
||
139 |
/* |
|
140 |
* Added to workaround a bug where the equals method that takes a |
|
141 |
* PrincipalName is not being called but Object.equals(Object) is |
|
142 |
* being called. |
|
143 |
*/ |
|
144 |
public boolean equals(Object o) {
|
|
145 |
if (o instanceof PrincipalName) |
|
146 |
return equals((PrincipalName)o); |
|
147 |
else |
|
148 |
return false; |
|
149 |
} |
|
150 |
||
151 |
public boolean equals(PrincipalName other) {
|
|
152 |
||
153 |
||
154 |
if (!equalsWithoutRealm(other)) {
|
|
155 |
return false; |
|
156 |
} |
|
157 |
||
158 |
if ((nameRealm != null && other.nameRealm == null) || |
|
159 |
(nameRealm == null && other.nameRealm != null)) {
|
|
160 |
return false; |
|
161 |
} |
|
162 |
||
163 |
if (nameRealm != null && other.nameRealm != null) {
|
|
164 |
if (!nameRealm.equals(other.nameRealm)) {
|
|
165 |
return false; |
|
166 |
} |
|
167 |
} |
|
168 |
||
169 |
return true; |
|
170 |
} |
|
171 |
||
172 |
boolean equalsWithoutRealm(PrincipalName other) {
|
|
173 |
||
174 |
||
175 |
if (nameType != KRB_NT_UNKNOWN && |
|
176 |
other.nameType != KRB_NT_UNKNOWN && |
|
177 |
nameType != other.nameType) |
|
178 |
return false; |
|
179 |
||
180 |
if ((nameStrings != null && other.nameStrings == null) || |
|
181 |
(nameStrings == null && other.nameStrings != null)) |
|
182 |
return false; |
|
183 |
||
184 |
if (nameStrings != null && other.nameStrings != null) {
|
|
185 |
if (nameStrings.length != other.nameStrings.length) |
|
186 |
return false; |
|
187 |
for (int i = 0; i < nameStrings.length; i++) |
|
188 |
if (!nameStrings[i].equals(other.nameStrings[i])) |
|
189 |
return false; |
|
190 |
} |
|
191 |
||
192 |
return true; |
|
193 |
||
194 |
} |
|
195 |
||
196 |
/** |
|
197 |
* Returns the ASN.1 encoding of the |
|
198 |
* <xmp> |
|
199 |
* PrincipalName ::= SEQUENCE {
|
|
200 |
* name-type [0] Int32, |
|
201 |
* name-string [1] SEQUENCE OF KerberosString |
|
202 |
* } |
|
203 |
* |
|
204 |
* KerberosString ::= GeneralString (IA5String) |
|
205 |
* </xmp> |
|
206 |
* |
|
207 |
* <p> |
|
208 |
* This definition reflects the Network Working Group RFC 4120 |
|
209 |
* specification available at |
|
210 |
* <a href="http://www.ietf.org/rfc/rfc4120.txt"> |
|
211 |
* http://www.ietf.org/rfc/rfc4120.txt</a>. |
|
212 |
* |
|
213 |
* @param encoding a Der-encoded data. |
|
214 |
* @exception Asn1Exception if an error occurs while decoding |
|
215 |
* an ASN1 encoded data. |
|
216 |
* @exception Asn1Exception if there is an ASN1 encoding error |
|
217 |
* @exception IOException if an I/O error occurs |
|
218 |
* @exception IllegalArgumentException if encoding is null |
|
219 |
* reading encoded data. |
|
220 |
* |
|
221 |
*/ |
|
222 |
public PrincipalName(DerValue encoding) |
|
223 |
throws Asn1Exception, IOException {
|
|
224 |
nameRealm = null; |
|
225 |
DerValue der; |
|
226 |
if (encoding == null) {
|
|
227 |
throw new IllegalArgumentException("Null input not allowed");
|
|
228 |
} |
|
229 |
if (encoding.getTag() != DerValue.tag_Sequence) {
|
|
230 |
throw new Asn1Exception(Krb5.ASN1_BAD_ID); |
|
231 |
} |
|
232 |
der = encoding.getData().getDerValue(); |
|
233 |
if ((der.getTag() & 0x1F) == 0x00) {
|
|
234 |
BigInteger bint = der.getData().getBigInteger(); |
|
235 |
nameType = bint.intValue(); |
|
236 |
} else {
|
|
237 |
throw new Asn1Exception(Krb5.ASN1_BAD_ID); |
|
238 |
} |
|
239 |
der = encoding.getData().getDerValue(); |
|
240 |
if ((der.getTag() & 0x01F) == 0x01) {
|
|
241 |
DerValue subDer = der.getData().getDerValue(); |
|
242 |
if (subDer.getTag() != DerValue.tag_SequenceOf) {
|
|
243 |
throw new Asn1Exception(Krb5.ASN1_BAD_ID); |
|
244 |
} |
|
245 |
Vector<String> v = new Vector<String> (); |
|
246 |
DerValue subSubDer; |
|
247 |
while(subDer.getData().available() > 0) {
|
|
248 |
subSubDer = subDer.getData().getDerValue(); |
|
249 |
v.addElement(subSubDer.getGeneralString()); |
|
250 |
} |
|
251 |
if (v.size() > 0) {
|
|
252 |
nameStrings = new String[v.size()]; |
|
253 |
v.copyInto(nameStrings); |
|
254 |
} else {
|
|
255 |
nameStrings = new String[] {""};
|
|
256 |
} |
|
257 |
} else {
|
|
258 |
throw new Asn1Exception(Krb5.ASN1_BAD_ID); |
|
259 |
} |
|
260 |
} |
|
261 |
||
262 |
/** |
|
263 |
* Parse (unmarshal) a <code>PrincipalName</code> from a DER |
|
264 |
* input stream. This form |
|
265 |
* parsing might be used when expanding a value which is part of |
|
266 |
* a constructed sequence and uses explicitly tagged type. |
|
267 |
* |
|
268 |
* @exception Asn1Exception on error. |
|
269 |
* @param data the Der input stream value, which contains one or |
|
270 |
* more marshaled value. |
|
271 |
* @param explicitTag tag number. |
|
272 |
* @param optional indicate if this data field is optional |
|
273 |
* @return an instance of <code>PrincipalName</code>. |
|
274 |
* |
|
275 |
*/ |
|
276 |
public static PrincipalName parse(DerInputStream data, |
|
277 |
byte explicitTag, boolean |
|
278 |
optional) |
|
279 |
throws Asn1Exception, IOException {
|
|
280 |
||
281 |
if ((optional) && (((byte)data.peekByte() & (byte)0x1F) != |
|
282 |
explicitTag)) |
|
283 |
return null; |
|
284 |
DerValue der = data.getDerValue(); |
|
285 |
if (explicitTag != (der.getTag() & (byte)0x1F)) |
|
286 |
throw new Asn1Exception(Krb5.ASN1_BAD_ID); |
|
287 |
else {
|
|
288 |
DerValue subDer = der.getData().getDerValue(); |
|
289 |
return new PrincipalName(subDer); |
|
290 |
} |
|
291 |
} |
|
292 |
||
293 |
||
294 |
// This is protected because the definition of a principal |
|
295 |
// string is fixed |
|
296 |
// XXX Error checkin consistent with MIT krb5_parse_name |
|
297 |
// Code repetition, realm parsed again by class Realm |
|
298 |
protected static String[] parseName(String name) {
|
|
299 |
||
300 |
Vector<String> tempStrings = new Vector<String> (); |
|
301 |
String temp = name; |
|
302 |
int i = 0; |
|
303 |
int componentStart = 0; |
|
304 |
String component; |
|
305 |
||
306 |
while (i < temp.length()) {
|
|
307 |
if (temp.charAt(i) == NAME_COMPONENT_SEPARATOR) {
|
|
308 |
/* |
|
309 |
* If this separator is escaped then don't treat it |
|
310 |
* as a separator |
|
311 |
*/ |
|
312 |
if (i > 0 && temp.charAt(i - 1) == '\\') {
|
|
313 |
temp = temp.substring(0, i - 1) + |
|
314 |
temp.substring(i, temp.length()); |
|
315 |
continue; |
|
316 |
} |
|
317 |
else {
|
|
318 |
if (componentStart < i) {
|
|
319 |
component = temp.substring(componentStart, i); |
|
320 |
tempStrings.addElement(component); |
|
321 |
} |
|
322 |
componentStart = i + 1; |
|
323 |
} |
|
324 |
} else |
|
325 |
if (temp.charAt(i) == NAME_REALM_SEPARATOR) {
|
|
326 |
/* |
|
327 |
* If this separator is escaped then don't treat it |
|
328 |
* as a separator |
|
329 |
*/ |
|
330 |
if (i > 0 && temp.charAt(i - 1) == '\\') {
|
|
331 |
temp = temp.substring(0, i - 1) + |
|
332 |
temp.substring(i, temp.length()); |
|
333 |
continue; |
|
334 |
} else {
|
|
335 |
if (componentStart < i) {
|
|
336 |
component = temp.substring(componentStart, i); |
|
337 |
tempStrings.addElement(component); |
|
338 |
} |
|
339 |
componentStart = i + 1; |
|
340 |
break; |
|
341 |
} |
|
342 |
} |
|
343 |
i++; |
|
344 |
} |
|
345 |
||
346 |
if (i == temp.length()) |
|
347 |
if (componentStart < i) {
|
|
348 |
component = temp.substring(componentStart, i); |
|
349 |
tempStrings.addElement(component); |
|
350 |
} |
|
351 |
||
352 |
String[] result = new String[tempStrings.size()]; |
|
353 |
tempStrings.copyInto(result); |
|
354 |
return result; |
|
355 |
} |
|
356 |
||
357 |
public PrincipalName(String name, int type) |
|
358 |
throws RealmException {
|
|
359 |
if (name == null) {
|
|
360 |
throw new IllegalArgumentException("Null name not allowed");
|
|
361 |
} |
|
362 |
String[] nameParts = parseName(name); |
|
363 |
Realm tempRealm = null; |
|
364 |
String realmString = Realm.parseRealmAtSeparator(name); |
|
365 |
||
366 |
if (realmString == null) {
|
|
367 |
try {
|
|
368 |
Config config = Config.getInstance(); |
|
369 |
realmString = config.getDefaultRealm(); |
|
370 |
} catch (KrbException e) {
|
|
371 |
RealmException re = |
|
372 |
new RealmException(e.getMessage()); |
|
373 |
re.initCause(e); |
|
374 |
throw re; |
|
375 |
} |
|
376 |
} |
|
377 |
||
378 |
if (realmString != null) |
|
379 |
tempRealm = new Realm(realmString); |
|
380 |
||
381 |
switch (type) {
|
|
382 |
case KRB_NT_SRV_HST: |
|
383 |
if (nameParts.length >= 2) {
|
|
|
2918
395b9ffa7cc6
6682516: SPNEGO_HTTP_AUTH/WWW_KRB and SPNEGO_HTTP_AUTH/WWW_SPNEGO failed on all non-windows platforms
weijun
parents:
2
diff
changeset
|
384 |
String hostName = nameParts[1]; |
| 2 | 385 |
try {
|
|
2918
395b9ffa7cc6
6682516: SPNEGO_HTTP_AUTH/WWW_KRB and SPNEGO_HTTP_AUTH/WWW_SPNEGO failed on all non-windows platforms
weijun
parents:
2
diff
changeset
|
386 |
// RFC4120 does not recommend canonicalizing a hostname. |
|
395b9ffa7cc6
6682516: SPNEGO_HTTP_AUTH/WWW_KRB and SPNEGO_HTTP_AUTH/WWW_SPNEGO failed on all non-windows platforms
weijun
parents:
2
diff
changeset
|
387 |
// However, for compatibility reason, we will try |
|
395b9ffa7cc6
6682516: SPNEGO_HTTP_AUTH/WWW_KRB and SPNEGO_HTTP_AUTH/WWW_SPNEGO failed on all non-windows platforms
weijun
parents:
2
diff
changeset
|
388 |
// canonicalize it and see if the output looks better. |
|
395b9ffa7cc6
6682516: SPNEGO_HTTP_AUTH/WWW_KRB and SPNEGO_HTTP_AUTH/WWW_SPNEGO failed on all non-windows platforms
weijun
parents:
2
diff
changeset
|
389 |
|
|
395b9ffa7cc6
6682516: SPNEGO_HTTP_AUTH/WWW_KRB and SPNEGO_HTTP_AUTH/WWW_SPNEGO failed on all non-windows platforms
weijun
parents:
2
diff
changeset
|
390 |
String canonicalized = (InetAddress.getByName(hostName)). |
|
395b9ffa7cc6
6682516: SPNEGO_HTTP_AUTH/WWW_KRB and SPNEGO_HTTP_AUTH/WWW_SPNEGO failed on all non-windows platforms
weijun
parents:
2
diff
changeset
|
391 |
getCanonicalHostName(); |
|
395b9ffa7cc6
6682516: SPNEGO_HTTP_AUTH/WWW_KRB and SPNEGO_HTTP_AUTH/WWW_SPNEGO failed on all non-windows platforms
weijun
parents:
2
diff
changeset
|
392 |
|
|
395b9ffa7cc6
6682516: SPNEGO_HTTP_AUTH/WWW_KRB and SPNEGO_HTTP_AUTH/WWW_SPNEGO failed on all non-windows platforms
weijun
parents:
2
diff
changeset
|
393 |
// Looks if canonicalized is a longer format of hostName, |
|
395b9ffa7cc6
6682516: SPNEGO_HTTP_AUTH/WWW_KRB and SPNEGO_HTTP_AUTH/WWW_SPNEGO failed on all non-windows platforms
weijun
parents:
2
diff
changeset
|
394 |
// we accept cases like |
|
395b9ffa7cc6
6682516: SPNEGO_HTTP_AUTH/WWW_KRB and SPNEGO_HTTP_AUTH/WWW_SPNEGO failed on all non-windows platforms
weijun
parents:
2
diff
changeset
|
395 |
// bunny -> bunny.rabbit.hole |
|
395b9ffa7cc6
6682516: SPNEGO_HTTP_AUTH/WWW_KRB and SPNEGO_HTTP_AUTH/WWW_SPNEGO failed on all non-windows platforms
weijun
parents:
2
diff
changeset
|
396 |
if (canonicalized.toLowerCase() |
|
395b9ffa7cc6
6682516: SPNEGO_HTTP_AUTH/WWW_KRB and SPNEGO_HTTP_AUTH/WWW_SPNEGO failed on all non-windows platforms
weijun
parents:
2
diff
changeset
|
397 |
.startsWith(hostName.toLowerCase()+".")) {
|
|
395b9ffa7cc6
6682516: SPNEGO_HTTP_AUTH/WWW_KRB and SPNEGO_HTTP_AUTH/WWW_SPNEGO failed on all non-windows platforms
weijun
parents:
2
diff
changeset
|
398 |
hostName = canonicalized; |
|
395b9ffa7cc6
6682516: SPNEGO_HTTP_AUTH/WWW_KRB and SPNEGO_HTTP_AUTH/WWW_SPNEGO failed on all non-windows platforms
weijun
parents:
2
diff
changeset
|
399 |
} |
| 2 | 400 |
} catch (UnknownHostException e) {
|
|
2918
395b9ffa7cc6
6682516: SPNEGO_HTTP_AUTH/WWW_KRB and SPNEGO_HTTP_AUTH/WWW_SPNEGO failed on all non-windows platforms
weijun
parents:
2
diff
changeset
|
401 |
// no canonicalization, use old |
| 2 | 402 |
} |
|
2918
395b9ffa7cc6
6682516: SPNEGO_HTTP_AUTH/WWW_KRB and SPNEGO_HTTP_AUTH/WWW_SPNEGO failed on all non-windows platforms
weijun
parents:
2
diff
changeset
|
403 |
nameParts[1] = hostName.toLowerCase(); |
| 2 | 404 |
} |
405 |
nameStrings = nameParts; |
|
406 |
nameType = type; |
|
407 |
// We will try to get realm name from the mapping in |
|
408 |
// the configuration. If it is not specified |
|
409 |
// we will use the default realm. This nametype does |
|
410 |
// not allow a realm to be specified. The name string must of |
|
411 |
// the form service@host and this is internally changed into |
|
412 |
// service/host by Kerberos |
|
413 |
||
414 |
String mapRealm = mapHostToRealm(nameParts[1]); |
|
415 |
if (mapRealm != null) {
|
|
416 |
nameRealm = new Realm(mapRealm); |
|
417 |
} else {
|
|
418 |
nameRealm = tempRealm; |
|
419 |
} |
|
420 |
break; |
|
421 |
case KRB_NT_UNKNOWN: |
|
422 |
case KRB_NT_PRINCIPAL: |
|
423 |
case KRB_NT_SRV_INST: |
|
424 |
case KRB_NT_SRV_XHST: |
|
425 |
case KRB_NT_UID: |
|
426 |
nameStrings = nameParts; |
|
427 |
nameType = type; |
|
428 |
nameRealm = tempRealm; |
|
429 |
break; |
|
430 |
default: |
|
431 |
throw new IllegalArgumentException("Illegal name type");
|
|
432 |
} |
|
433 |
} |
|
434 |
||
435 |
public PrincipalName(String name) throws RealmException {
|
|
436 |
this(name, KRB_NT_UNKNOWN); |
|
437 |
} |
|
438 |
||
439 |
public PrincipalName(String name, String realm) throws RealmException {
|
|
440 |
this(name, KRB_NT_UNKNOWN); |
|
441 |
nameRealm = new Realm(realm); |
|
442 |
} |
|
443 |
||
444 |
public String getRealmAsString() {
|
|
445 |
return getRealmString(); |
|
446 |
} |
|
447 |
||
448 |
public String getPrincipalNameAsString() {
|
|
449 |
StringBuffer temp = new StringBuffer(nameStrings[0]); |
|
450 |
for (int i = 1; i < nameStrings.length; i++) |
|
451 |
temp.append(nameStrings[i]); |
|
452 |
return temp.toString(); |
|
453 |
} |
|
454 |
||
455 |
public int hashCode() {
|
|
456 |
return toString().hashCode(); |
|
457 |
} |
|
458 |
||
459 |
public String getName() {
|
|
460 |
return toString(); |
|
461 |
} |
|
462 |
||
463 |
public int getNameType() {
|
|
464 |
return nameType; |
|
465 |
} |
|
466 |
||
467 |
public String[] getNameStrings() {
|
|
468 |
return nameStrings; |
|
469 |
} |
|
470 |
||
471 |
public byte[][] toByteArray() {
|
|
472 |
byte[][] result = new byte[nameStrings.length][]; |
|
473 |
for (int i = 0; i < nameStrings.length; i++) {
|
|
474 |
result[i] = new byte[nameStrings[i].length()]; |
|
475 |
result[i] = nameStrings[i].getBytes(); |
|
476 |
} |
|
477 |
return result; |
|
478 |
} |
|
479 |
||
480 |
public String getRealmString() {
|
|
481 |
if (nameRealm != null) |
|
482 |
return nameRealm.toString(); |
|
483 |
return null; |
|
484 |
} |
|
485 |
||
486 |
public Realm getRealm() {
|
|
487 |
return nameRealm; |
|
488 |
} |
|
489 |
||
490 |
public void setRealm(Realm new_nameRealm) throws RealmException {
|
|
491 |
nameRealm = new_nameRealm; |
|
492 |
} |
|
493 |
||
494 |
public void setRealm(String realmsString) throws RealmException {
|
|
495 |
nameRealm = new Realm(realmsString); |
|
496 |
} |
|
497 |
||
498 |
public String getSalt() {
|
|
499 |
if (salt == null) {
|
|
500 |
StringBuffer salt = new StringBuffer(); |
|
501 |
if (nameRealm != null) {
|
|
502 |
salt.append(nameRealm.toString()); |
|
503 |
} |
|
504 |
for (int i = 0; i < nameStrings.length; i++) {
|
|
505 |
salt.append(nameStrings[i]); |
|
506 |
} |
|
507 |
return salt.toString(); |
|
508 |
} |
|
509 |
return salt; |
|
510 |
} |
|
511 |
||
512 |
public void setSalt(String salt) {
|
|
513 |
this.salt = salt; |
|
514 |
} |
|
515 |
||
516 |
public String toString() {
|
|
517 |
StringBuffer str = new StringBuffer(); |
|
518 |
for (int i = 0; i < nameStrings.length; i++) {
|
|
519 |
if (i > 0) |
|
520 |
str.append("/");
|
|
521 |
str.append(nameStrings[i]); |
|
522 |
} |
|
523 |
if (nameRealm != null) {
|
|
524 |
str.append("@");
|
|
525 |
str.append(nameRealm.toString()); |
|
526 |
} |
|
527 |
||
528 |
return str.toString(); |
|
529 |
} |
|
530 |
||
531 |
public String getNameString() {
|
|
532 |
StringBuffer str = new StringBuffer(); |
|
533 |
for (int i = 0; i < nameStrings.length; i++) {
|
|
534 |
if (i > 0) |
|
535 |
str.append("/");
|
|
536 |
str.append(nameStrings[i]); |
|
537 |
} |
|
538 |
return str.toString(); |
|
539 |
} |
|
540 |
||
541 |
/** |
|
542 |
* Encodes a <code>PrincipalName</code> object. |
|
543 |
* @return the byte array of the encoded PrncipalName object. |
|
544 |
* @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. |
|
545 |
* @exception IOException if an I/O error occurs while reading encoded data. |
|
546 |
* |
|
547 |
*/ |
|
548 |
public byte[] asn1Encode() throws Asn1Exception, IOException {
|
|
549 |
DerOutputStream bytes = new DerOutputStream(); |
|
550 |
DerOutputStream temp = new DerOutputStream(); |
|
551 |
BigInteger bint = BigInteger.valueOf(this.nameType); |
|
552 |
temp.putInteger(bint); |
|
553 |
bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x00), temp); |
|
554 |
temp = new DerOutputStream(); |
|
555 |
DerValue der[] = new DerValue[nameStrings.length]; |
|
556 |
for (int i = 0; i < nameStrings.length; i++) {
|
|
557 |
der[i] = new DerValue(DerValue.tag_GeneralString, nameStrings[i]); |
|
558 |
} |
|
559 |
temp.putSequence(der); |
|
560 |
bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x01), temp); |
|
561 |
temp = new DerOutputStream(); |
|
562 |
temp.write(DerValue.tag_Sequence, bytes); |
|
563 |
return temp.toByteArray(); |
|
564 |
} |
|
565 |
||
566 |
||
567 |
/** |
|
568 |
* Checks if two <code>PrincipalName</code> objects have identical values in their corresponding data fields. |
|
569 |
* |
|
570 |
* @param pname the other <code>PrincipalName</code> object. |
|
571 |
* @return true if two have identical values, otherwise, return false. |
|
572 |
*/ |
|
573 |
// It is used in <code>sun.security.krb5.internal.ccache</code> package. |
|
574 |
public boolean match(PrincipalName pname) {
|
|
575 |
boolean matched = true; |
|
576 |
//name type is just a hint, no two names can be the same ignoring name type. |
|
577 |
// if (this.nameType != pname.nameType) {
|
|
578 |
// matched = false; |
|
579 |
// } |
|
580 |
if ((this.nameRealm != null) && (pname.nameRealm != null)) {
|
|
581 |
if (!(this.nameRealm.toString().equalsIgnoreCase(pname.nameRealm.toString()))) {
|
|
582 |
matched = false; |
|
583 |
} |
|
584 |
} |
|
585 |
if (this.nameStrings.length != pname.nameStrings.length) {
|
|
586 |
matched = false; |
|
587 |
} else {
|
|
588 |
for (int i = 0; i < this.nameStrings.length; i++) {
|
|
589 |
if (!(this.nameStrings[i].equalsIgnoreCase(pname.nameStrings[i]))) {
|
|
590 |
matched = false; |
|
591 |
} |
|
592 |
} |
|
593 |
} |
|
594 |
return matched; |
|
595 |
} |
|
596 |
||
597 |
/** |
|
598 |
* Writes data field values of <code>PrincipalName</code> in FCC format to an output stream. |
|
599 |
* |
|
600 |
* @param cos a <code>CCacheOutputStream</code> for writing data. |
|
601 |
* @exception IOException if an I/O exception occurs. |
|
602 |
* @see sun.security.krb5.internal.ccache.CCacheOutputStream |
|
603 |
*/ |
|
604 |
public void writePrincipal(CCacheOutputStream cos) throws IOException {
|
|
605 |
cos.write32(nameType); |
|
606 |
cos.write32(nameStrings.length); |
|
607 |
if (nameRealm != null) {
|
|
608 |
byte[] realmBytes = null; |
|
609 |
realmBytes = nameRealm.toString().getBytes(); |
|
610 |
cos.write32(realmBytes.length); |
|
611 |
cos.write(realmBytes, 0, realmBytes.length); |
|
612 |
} |
|
613 |
byte[] bytes = null; |
|
614 |
for (int i = 0; i < nameStrings.length; i++) {
|
|
615 |
bytes = nameStrings[i].getBytes(); |
|
616 |
cos.write32(bytes.length); |
|
617 |
cos.write(bytes, 0, bytes.length); |
|
618 |
} |
|
619 |
} |
|
620 |
||
621 |
/** |
|
622 |
* Creates a KRB_NT_SRV_INST name from the supplied |
|
623 |
* name components and realm. |
|
624 |
* @param primary the primary component of the name |
|
625 |
* @param instance the instance component of the name |
|
626 |
* @param realm the realm |
|
627 |
* @throws KrbException |
|
628 |
*/ |
|
629 |
protected PrincipalName(String primary, String instance, String realm, |
|
630 |
int type) |
|
631 |
throws KrbException {
|
|
632 |
||
633 |
if (type != KRB_NT_SRV_INST) {
|
|
634 |
throw new KrbException(Krb5.KRB_ERR_GENERIC, "Bad name type"); |
|
635 |
} |
|
636 |
||
637 |
String[] nParts = new String[2]; |
|
638 |
nParts[0] = primary; |
|
639 |
nParts[1] = instance; |
|
640 |
||
641 |
this.nameStrings = nParts; |
|
642 |
this.nameRealm = new Realm(realm); |
|
643 |
this.nameType = type; |
|
644 |
} |
|
645 |
||
646 |
/** |
|
647 |
* Returns the instance component of a name. |
|
648 |
* In a multi-component name such as a KRB_NT_SRV_INST |
|
649 |
* name, the second component is returned. |
|
650 |
* Null is returned if there are not two or more |
|
651 |
* components in the name. |
|
652 |
* @returns instance component of a multi-component name. |
|
653 |
*/ |
|
654 |
public String getInstanceComponent() |
|
655 |
{
|
|
656 |
if (nameStrings != null && nameStrings.length >= 2) |
|
657 |
{
|
|
658 |
return new String(nameStrings[1]); |
|
659 |
} |
|
660 |
||
661 |
return null; |
|
662 |
} |
|
663 |
||
664 |
static String mapHostToRealm(String name) {
|
|
665 |
String result = null; |
|
666 |
try {
|
|
667 |
String subname = null; |
|
668 |
Config c = Config.getInstance(); |
|
669 |
if ((result = c.getDefault(name, "domain_realm")) != null) |
|
670 |
return result; |
|
671 |
else {
|
|
672 |
for (int i = 1; i < name.length(); i++) {
|
|
673 |
if ((name.charAt(i) == '.') && (i != name.length() - 1)) { //mapping could be .ibm.com = AUSTIN.IBM.COM
|
|
674 |
subname = name.substring(i); |
|
675 |
result = c.getDefault(subname, "domain_realm"); |
|
676 |
if (result != null) {
|
|
677 |
break; |
|
678 |
} |
|
679 |
else {
|
|
680 |
subname = name.substring(i + 1); //or mapping could be ibm.com = AUSTIN.IBM.COM |
|
681 |
result = c.getDefault(subname, "domain_realm"); |
|
682 |
if (result != null) {
|
|
683 |
break; |
|
684 |
} |
|
685 |
} |
|
686 |
} |
|
687 |
} |
|
688 |
} |
|
689 |
} catch (KrbException e) {
|
|
690 |
} |
|
691 |
return result; |
|
692 |
} |
|
693 |
||
694 |
} |