1 /*
2 * Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package sun.security.ssl.krb5;
27
28 import java.security.AccessControlContext;
29 import java.security.Permission;
30 import java.security.Principal;
31 import javax.crypto.SecretKey;
32 import javax.security.auth.Subject;
33 import javax.security.auth.kerberos.KerberosKey;
34 import javax.security.auth.kerberos.ServicePermission;
35 import javax.security.auth.login.LoginException;
36
37 import sun.security.jgss.GSSCaller;
38 import sun.security.jgss.krb5.Krb5Util;
39 import sun.security.krb5.PrincipalName;
40 import sun.security.ssl.Krb5Proxy;
41
42 /**
43 * An implementatin of Krb5Proxy that simply delegates to the appropriate
44 * Kerberos APIs.
45 */
46 public class Krb5ProxyImpl implements Krb5Proxy {
47
48 public Krb5ProxyImpl() { }
49
50 @Override
51 public Subject getClientSubject(AccessControlContext acc)
52 throws LoginException {
53 return Krb5Util.getSubject(GSSCaller.CALLER_SSL_CLIENT, acc);
54 }
55
56 @Override
57 public Subject getServerSubject(AccessControlContext acc)
58 throws LoginException {
59 return Krb5Util.getSubject(GSSCaller.CALLER_SSL_SERVER, acc);
60 }
61
62 @Override
63 public SecretKey[] getServerKeys(AccessControlContext acc)
64 throws LoginException {
65 return Krb5Util.getKeys(GSSCaller.CALLER_SSL_SERVER, null, acc);
66 }
67
68 @Override
69 public String getServerPrincipalName(SecretKey kerberosKey) {
70 return ((KerberosKey)kerberosKey).getPrincipal().getName();
71 }
72
73 @Override
74 public String getPrincipalHostName(Principal principal) {
75 if (principal == null) {
76 return null;
77 }
78 String hostName = null;
79 try {
80 PrincipalName princName =
81 new PrincipalName(principal.getName(),
82 PrincipalName.KRB_NT_SRV_HST);
83 String[] nameParts = princName.getNameStrings();
84 if (nameParts.length >= 2) {
85 hostName = nameParts[1];
86 }
87 } catch (Exception e) {
88 // ignore
89 }
90 return hostName;
91 }
92
93
94 @Override
95 public Permission getServicePermission(String principalName,
96 String action) {
97 return new ServicePermission(principalName, action);
98 }
99 }