1 /* 2 * Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package sun.security.ssl.krb5; 27 28 import java.security.AccessControlContext; 29 import java.security.Permission; 30 import java.security.Principal; 31 import javax.crypto.SecretKey; 32 import javax.security.auth.Subject; 33 import javax.security.auth.kerberos.KerberosKey; 34 import javax.security.auth.kerberos.ServicePermission; 35 import javax.security.auth.login.LoginException; 36 37 import sun.security.jgss.GSSCaller; 38 import sun.security.jgss.krb5.Krb5Util; 39 import sun.security.krb5.PrincipalName; 40 import sun.security.ssl.Krb5Proxy; 41 42 /** 43 * An implementatin of Krb5Proxy that simply delegates to the appropriate 44 * Kerberos APIs. 45 */ 46 public class Krb5ProxyImpl implements Krb5Proxy { 47 48 public Krb5ProxyImpl() { } 49 50 @Override 51 public Subject getClientSubject(AccessControlContext acc) 52 throws LoginException { 53 return Krb5Util.getSubject(GSSCaller.CALLER_SSL_CLIENT, acc); 54 } 55 56 @Override 57 public Subject getServerSubject(AccessControlContext acc) 58 throws LoginException { 59 return Krb5Util.getSubject(GSSCaller.CALLER_SSL_SERVER, acc); 60 } 61 62 @Override 63 public SecretKey[] getServerKeys(AccessControlContext acc) 64 throws LoginException { 65 return Krb5Util.getKeys(GSSCaller.CALLER_SSL_SERVER, null, acc); 66 } 67 68 @Override 69 public String getServerPrincipalName(SecretKey kerberosKey) { 70 return ((KerberosKey)kerberosKey).getPrincipal().getName(); 71 } 72 73 @Override 74 public String getPrincipalHostName(Principal principal) { 75 if (principal == null) { 76 return null; 77 } 78 String hostName = null; 79 try { 80 PrincipalName princName = 81 new PrincipalName(principal.getName(), 82 PrincipalName.KRB_NT_SRV_HST); 83 String[] nameParts = princName.getNameStrings(); 84 if (nameParts.length >= 2) { 85 hostName = nameParts[1]; 86 } 87 } catch (Exception e) { 88 // ignore 89 } 90 return hostName; 91 } 92 93 94 @Override 95 public Permission getServicePermission(String principalName, 96 String action) { 97 return new ServicePermission(principalName, action); 98 } 99 }