1 /*

     2  * Copyright (c) 2009, 2013, Oracle and/or its affiliates. All rights reserved.

     3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

     4  *

     5  * This code is free software; you can redistribute it and/or modify it

     6  * under the terms of the GNU General Public License version 2 only, as

     7  * published by the Free Software Foundation.  Oracle designates this

     8  * particular file as subject to the "Classpath" exception as provided

     9  * by Oracle in the LICENSE file that accompanied this code.

    10  *

    11  * This code is distributed in the hope that it will be useful, but WITHOUT

    12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or

    13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License

    14  * version 2 for more details (a copy is included in the LICENSE file that

    15  * accompanied this code).

    16  *

    17  * You should have received a copy of the GNU General Public License version

    18  * 2 along with this work; if not, write to the Free Software Foundation,

    19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

    20  *

    21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA

    22  * or visit www.oracle.com if you need additional information or have any

    23  * questions.

    24  */

    25 

    26 package sun.security.ssl;

    27 

    28 import java.security.AccessControlContext;

    29 import java.security.AccessController;

    30 import java.security.Permission;

    31 import java.security.Principal;

    32 import java.security.PrivilegedAction;

    33 import javax.crypto.SecretKey;

    34 import javax.security.auth.Subject;

    35 import javax.security.auth.login.LoginException;

    36 

    37 /**

    38  * A helper class for Kerberos APIs.

    39  */

    40 public final class Krb5Helper {

    41 

    42     private Krb5Helper() { }

    43 

    44     // loads Krb5Proxy implementation class if available

    45     private static final String IMPL_CLASS =

    46         "sun.security.ssl.krb5.Krb5ProxyImpl";

    47 

    48     private static final Krb5Proxy proxy =

    49         AccessController.doPrivileged(new PrivilegedAction<Krb5Proxy>() {

    50             @Override

    51             public Krb5Proxy run() {

    52                 try {

    53                     Class<?> c = Class.forName(IMPL_CLASS, true, null);

    54                     return (Krb5Proxy)c.newInstance();

    55                 } catch (ClassNotFoundException cnf) {

    56                     return null;

    57                 } catch (InstantiationException e) {

    58                     throw new AssertionError(e);

    59                 } catch (IllegalAccessException e) {

    60                     throw new AssertionError(e);

    61                 }

    62             }});

    63 

    64     /**

    65      * Returns true if Kerberos is available.

    66      */

    67     public static boolean isAvailable() {

    68         return proxy != null;

    69     }

    70 

    71     private static void ensureAvailable() {

    72         if (proxy == null)

    73             throw new AssertionError("Kerberos should have been available");

    74     }

    75 

    76     /**

    77      * Returns the Subject associated with client-side of the SSL socket.

    78      */

    79     public static Subject getClientSubject(AccessControlContext acc)

    80             throws LoginException {

    81         ensureAvailable();

    82         return proxy.getClientSubject(acc);

    83     }

    84 

    85     /**

    86      * Returns the Subject associated with server-side of the SSL socket.

    87      */

    88     public static Subject getServerSubject(AccessControlContext acc)

    89             throws LoginException {

    90         ensureAvailable();

    91         return proxy.getServerSubject(acc);

    92     }

    93 

    94     /**

    95      * Returns the KerberosKeys for the default server-side principal.

    96      */

    97     public static Object getServiceCreds(AccessControlContext acc)

    98             throws LoginException {

    99         ensureAvailable();

   100         return proxy.getServiceCreds(acc);

   101     }

   102 

   103     /**

   104      * Returns the server-side principal name associated with the KerberosKey.

   105      */

   106     public static String getServerPrincipalName(Object serviceCreds) {

   107         ensureAvailable();

   108         return proxy.getServerPrincipalName(serviceCreds);

   109     }

   110 

   111     /**

   112      * Returns the hostname embedded in the principal name.

   113      */

   114     public static String getPrincipalHostName(Principal principal) {

   115         ensureAvailable();

   116         return proxy.getPrincipalHostName(principal);

   117     }

   118 

   119     /**

   120      * Returns a ServicePermission for the principal name and action.

   121      */

   122     public static Permission getServicePermission(String principalName,

   123             String action) {

   124         ensureAvailable();

   125         return proxy.getServicePermission(principalName, action);

   126     }

   127 

   128     /**

   129      * Determines if the Subject might contain creds for princ.

   130      */

   131     public static boolean isRelated(Subject subject, Principal princ) {

   132         ensureAvailable();

   133         return proxy.isRelated(subject, princ);

   134     }

   135 }