1 /* |
|
2 * Copyright (c) 2009, 2013, Oracle and/or its affiliates. All rights reserved. |
|
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
|
4 * |
|
5 * This code is free software; you can redistribute it and/or modify it |
|
6 * under the terms of the GNU General Public License version 2 only, as |
|
7 * published by the Free Software Foundation. Oracle designates this |
|
8 * particular file as subject to the "Classpath" exception as provided |
|
9 * by Oracle in the LICENSE file that accompanied this code. |
|
10 * |
|
11 * This code is distributed in the hope that it will be useful, but WITHOUT |
|
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
14 * version 2 for more details (a copy is included in the LICENSE file that |
|
15 * accompanied this code). |
|
16 * |
|
17 * You should have received a copy of the GNU General Public License version |
|
18 * 2 along with this work; if not, write to the Free Software Foundation, |
|
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
20 * |
|
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
|
22 * or visit www.oracle.com if you need additional information or have any |
|
23 * questions. |
|
24 */ |
|
25 |
|
26 package sun.security.ssl; |
|
27 |
|
28 import java.security.AccessControlContext; |
|
29 import java.security.AccessController; |
|
30 import java.security.Permission; |
|
31 import java.security.Principal; |
|
32 import java.security.PrivilegedAction; |
|
33 import javax.crypto.SecretKey; |
|
34 import javax.security.auth.Subject; |
|
35 import javax.security.auth.login.LoginException; |
|
36 |
|
37 /** |
|
38 * A helper class for Kerberos APIs. |
|
39 */ |
|
40 public final class Krb5Helper { |
|
41 |
|
42 private Krb5Helper() { } |
|
43 |
|
44 // loads Krb5Proxy implementation class if available |
|
45 private static final String IMPL_CLASS = |
|
46 "sun.security.ssl.krb5.Krb5ProxyImpl"; |
|
47 |
|
48 private static final Krb5Proxy proxy = |
|
49 AccessController.doPrivileged(new PrivilegedAction<Krb5Proxy>() { |
|
50 @Override |
|
51 public Krb5Proxy run() { |
|
52 try { |
|
53 Class<?> c = Class.forName(IMPL_CLASS, true, null); |
|
54 return (Krb5Proxy)c.newInstance(); |
|
55 } catch (ClassNotFoundException cnf) { |
|
56 return null; |
|
57 } catch (InstantiationException e) { |
|
58 throw new AssertionError(e); |
|
59 } catch (IllegalAccessException e) { |
|
60 throw new AssertionError(e); |
|
61 } |
|
62 }}); |
|
63 |
|
64 /** |
|
65 * Returns true if Kerberos is available. |
|
66 */ |
|
67 public static boolean isAvailable() { |
|
68 return proxy != null; |
|
69 } |
|
70 |
|
71 private static void ensureAvailable() { |
|
72 if (proxy == null) |
|
73 throw new AssertionError("Kerberos should have been available"); |
|
74 } |
|
75 |
|
76 /** |
|
77 * Returns the Subject associated with client-side of the SSL socket. |
|
78 */ |
|
79 public static Subject getClientSubject(AccessControlContext acc) |
|
80 throws LoginException { |
|
81 ensureAvailable(); |
|
82 return proxy.getClientSubject(acc); |
|
83 } |
|
84 |
|
85 /** |
|
86 * Returns the Subject associated with server-side of the SSL socket. |
|
87 */ |
|
88 public static Subject getServerSubject(AccessControlContext acc) |
|
89 throws LoginException { |
|
90 ensureAvailable(); |
|
91 return proxy.getServerSubject(acc); |
|
92 } |
|
93 |
|
94 /** |
|
95 * Returns the KerberosKeys for the default server-side principal. |
|
96 */ |
|
97 public static Object getServiceCreds(AccessControlContext acc) |
|
98 throws LoginException { |
|
99 ensureAvailable(); |
|
100 return proxy.getServiceCreds(acc); |
|
101 } |
|
102 |
|
103 /** |
|
104 * Returns the server-side principal name associated with the KerberosKey. |
|
105 */ |
|
106 public static String getServerPrincipalName(Object serviceCreds) { |
|
107 ensureAvailable(); |
|
108 return proxy.getServerPrincipalName(serviceCreds); |
|
109 } |
|
110 |
|
111 /** |
|
112 * Returns the hostname embedded in the principal name. |
|
113 */ |
|
114 public static String getPrincipalHostName(Principal principal) { |
|
115 ensureAvailable(); |
|
116 return proxy.getPrincipalHostName(principal); |
|
117 } |
|
118 |
|
119 /** |
|
120 * Returns a ServicePermission for the principal name and action. |
|
121 */ |
|
122 public static Permission getServicePermission(String principalName, |
|
123 String action) { |
|
124 ensureAvailable(); |
|
125 return proxy.getServicePermission(principalName, action); |
|
126 } |
|
127 |
|
128 /** |
|
129 * Determines if the Subject might contain creds for princ. |
|
130 */ |
|
131 public static boolean isRelated(Subject subject, Principal princ) { |
|
132 ensureAvailable(); |
|
133 return proxy.isRelated(subject, princ); |
|
134 } |
|
135 } |
|