28 import org.ietf.jgss.*; |
28 import org.ietf.jgss.*; |
29 import java.security.Provider; |
29 import java.security.Provider; |
30 import java.security.Security; |
30 import java.security.Security; |
31 import java.io.IOException; |
31 import java.io.IOException; |
32 import java.io.UnsupportedEncodingException; |
32 import java.io.UnsupportedEncodingException; |
|
33 import sun.security.krb5.Realm; |
33 import sun.security.jgss.GSSUtil; |
34 import sun.security.jgss.GSSUtil; |
34 import sun.security.util.ObjectIdentifier; |
35 import sun.security.util.ObjectIdentifier; |
35 import sun.security.util.DerInputStream; |
36 import sun.security.util.DerInputStream; |
36 import sun.security.util.DerOutputStream; |
37 import sun.security.util.DerOutputStream; |
37 import sun.security.jgss.GSSUtil; |
38 import sun.security.jgss.GSSUtil; |
38 import sun.security.jgss.GSSExceptionImpl; |
39 import sun.security.jgss.GSSExceptionImpl; |
39 import sun.security.jgss.spi.GSSNameSpi; |
40 import sun.security.jgss.spi.GSSNameSpi; |
|
41 |
|
42 import javax.security.auth.kerberos.ServicePermission; |
40 |
43 |
41 /** |
44 /** |
42 * This class is essentially a wrapper class for the gss_name_t |
45 * This class is essentially a wrapper class for the gss_name_t |
43 * structure of the native GSS library. |
46 * structure of the native GSS library. |
44 * @author Valerie Peng |
47 * @author Valerie Peng |
148 } |
151 } |
149 } |
152 } |
150 pName = cStub.importName(name, nameType); |
153 pName = cStub.importName(name, nameType); |
151 setPrintables(); |
154 setPrintables(); |
152 |
155 |
|
156 SecurityManager sm = System.getSecurityManager(); |
|
157 if (sm != null && !Realm.AUTODEDUCEREALM) { |
|
158 String krbName = getKrbName(); |
|
159 int atPos = krbName.lastIndexOf('@'); |
|
160 if (atPos != -1) { |
|
161 String atRealm = krbName.substring(atPos); |
|
162 if (nameType.equals(GSSUtil.NT_GSS_KRB5_PRINCIPAL) |
|
163 && new String(nameBytes).endsWith(atRealm)) { |
|
164 // Created from Kerberos name with realm, no need to check |
|
165 } else { |
|
166 try { |
|
167 sm.checkPermission(new ServicePermission(atRealm, "-")); |
|
168 } catch (SecurityException se) { |
|
169 // Do not chain the actual exception to hide info |
|
170 throw new GSSException(GSSException.FAILURE); |
|
171 } |
|
172 } |
|
173 } |
|
174 } |
|
175 |
153 SunNativeProvider.debug("Imported " + printableName + " w/ type " + |
176 SunNativeProvider.debug("Imported " + printableName + " w/ type " + |
154 printableType); |
177 printableType); |
155 } |
178 } |
156 |
179 |
157 private void setPrintables() throws GSSException { |
180 private void setPrintables() throws GSSException { |