1 /*
   2  * Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.  Oracle designates this
   8  * particular file as subject to the "Classpath" exception as provided
   9  * by Oracle in the LICENSE file that accompanied this code.
  10  *
  11  * This code is distributed in the hope that it will be useful, but WITHOUT
  12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any
  23  * questions.
  24  */
  25 
  26 package sun.security.ssl;
  27 
  28 import java.security.AccessControlContext;
  29 import java.security.AccessController;
  30 import java.security.Permission;
  31 import java.security.Principal;
  32 import java.security.PrivilegedAction;
  33 import javax.crypto.SecretKey;
  34 import javax.security.auth.Subject;
  35 import javax.security.auth.login.LoginException;
  36 
  37 /**
  38  * A helper class for Kerberos APIs.
  39  */
  40 public final class Krb5Helper {
  41 
  42     private Krb5Helper() { }
  43 
  44     // loads Krb5Proxy implementation class if available
  45     private static final String IMPL_CLASS =
  46         "sun.security.ssl.krb5.Krb5ProxyImpl";
  47 
  48     private static final Krb5Proxy proxy =
  49         AccessController.doPrivileged(new PrivilegedAction<Krb5Proxy>() {
  50             public Krb5Proxy run() {
  51                 try {
  52                     Class<?> c = Class.forName(IMPL_CLASS, true, null);
  53                     return (Krb5Proxy)c.newInstance();
  54                 } catch (ClassNotFoundException cnf) {
  55                     return null;
  56                 } catch (InstantiationException e) {
  57                     throw new AssertionError(e);
  58                 } catch (IllegalAccessException e) {
  59                     throw new AssertionError(e);
  60                 }
  61             }});
  62 
  63     /**
  64      * Returns true if Kerberos is available.
  65      */
  66     public static boolean isAvailable() {
  67         return proxy != null;
  68     }
  69 
  70     private static void ensureAvailable() {
  71         if (proxy == null)
  72             throw new AssertionError("Kerberos should have been available");
  73     }
  74 
  75     /**
  76      * Returns the Subject associated with client-side of the SSL socket.
  77      */
  78     public static Subject getClientSubject(AccessControlContext acc)
  79             throws LoginException {
  80         ensureAvailable();
  81         return proxy.getClientSubject(acc);
  82     }
  83 
  84     /**
  85      * Returns the Subject associated with server-side of the SSL socket.
  86      */
  87     public static Subject getServerSubject(AccessControlContext acc)
  88             throws LoginException {
  89         ensureAvailable();
  90         return proxy.getServerSubject(acc);
  91     }
  92 
  93     /**
  94      * Returns the KerberosKeys for the default server-side principal.
  95      */
  96     public static SecretKey[] getServerKeys(AccessControlContext acc)
  97             throws LoginException {
  98         ensureAvailable();
  99         return proxy.getServerKeys(acc);
 100     }
 101 
 102     /**
 103      * Returns the server-side principal name associated with the KerberosKey.
 104      */
 105     public static String getServerPrincipalName(SecretKey kerberosKey) {
 106         ensureAvailable();
 107         return proxy.getServerPrincipalName(kerberosKey);
 108     }
 109 
 110     /**
 111      * Returns the hostname embedded in the principal name.
 112      */
 113     public static String getPrincipalHostName(Principal principal) {
 114         ensureAvailable();
 115         return proxy.getPrincipalHostName(principal);
 116     }
 117 
 118     /**
 119      * Returns a ServicePermission for the principal name and action.
 120      */
 121     public static Permission getServicePermission(String principalName,
 122             String action) {
 123         ensureAvailable();
 124         return proxy.getServicePermission(principalName, action);
 125     }
 126 }