jgss/krb5/SubjectComber.java

0N/A/*
4102N/A * Copyright (c) 2002, 2011, Oracle and/or its affiliates. All rights reserved.
0N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
0N/A *
0N/A * This code is free software; you can redistribute it and/or modify it
0N/A * under the terms of the GNU General Public License version 2 only, as
2362N/A * published by the Free Software Foundation.  Oracle designates this
0N/A * particular file as subject to the "Classpath" exception as provided
2362N/A * by Oracle in the LICENSE file that accompanied this code.
0N/A *
0N/A * This code is distributed in the hope that it will be useful, but WITHOUT
0N/A * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
0N/A * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
0N/A * version 2 for more details (a copy is included in the LICENSE file that
0N/A * accompanied this code).
0N/A *
0N/A * You should have received a copy of the GNU General Public License version
0N/A * 2 along with this work; if not, write to the Free Software Foundation,
0N/A * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
0N/A *
2362N/A * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
2362N/A * or visit www.oracle.com if you need additional information or have any
2362N/A * questions.
0N/A */
0N/A
0N/Apackage sun.security.jgss.krb5;
0N/A
0N/Aimport javax.security.auth.kerberos.KerberosTicket;
0N/Aimport javax.security.auth.kerberos.KerberosKey;
0N/Aimport javax.security.auth.Subject;
0N/Aimport javax.security.auth.DestroyFailedException;
0N/Aimport java.util.Iterator;
0N/Aimport java.util.ArrayList;
0N/Aimport java.util.List;
0N/Aimport java.util.Set;
4102N/Aimport javax.security.auth.kerberos.KeyTab;
0N/A
0N/A/**
4102N/A * This utility looks through the current Subject and retrieves private
4102N/A * credentials for the desired client/server principals.
0N/A *
0N/A * @author Ram Marti
0N/A * @since 1.4.2
0N/A */
0N/A
0N/Aclass SubjectComber {
0N/A
0N/A    private static final boolean DEBUG = Krb5Util.DEBUG;
0N/A
0N/A    /**
0N/A     * Default constructor
0N/A     */
0N/A    private SubjectComber() {  // Cannot create one of these
0N/A    }
0N/A
4102N/A    static <T> T find(Subject subject, String serverPrincipal,
4102N/A        String clientPrincipal, Class<T> credClass) {
0N/A
4102N/A        return (T)findAux(subject, serverPrincipal, clientPrincipal, credClass,
0N/A            true);
0N/A    }
0N/A
4102N/A    static <T> List<T> findMany(Subject subject, String serverPrincipal,
4102N/A        String clientPrincipal, Class<T> credClass) {
0N/A
4102N/A        return (List<T>)findAux(subject, serverPrincipal, clientPrincipal, credClass,
0N/A            false);
0N/A    }
0N/A
0N/A    /**
4102N/A     * Find private credentials for the specified client/server principals
0N/A     * in the subject. Returns null if the subject is null.
0N/A     *
4102N/A     * @return the private credentials
0N/A     */
4102N/A    private static <T> Object findAux(Subject subject, String serverPrincipal,
4102N/A        String clientPrincipal, Class<T> credClass, boolean oneOnly) {
0N/A
0N/A        if (subject == null) {
0N/A            return null;
0N/A        } else {
4102N/A            List<T> answer = (oneOnly ? null : new ArrayList<T>());
0N/A
4102N/A            if (credClass == KeyTab.class) {    // Principal un-related
4102N/A                // We are looking for credentials unrelated to serverPrincipal
4102N/A                Iterator<T> iterator =
4102N/A                    subject.getPrivateCredentials(credClass).iterator();
0N/A                while (iterator.hasNext()) {
4102N/A                    T t = iterator.next();
4102N/A                    if (DEBUG) {
4102N/A                        System.out.println("Found " + credClass.getSimpleName());
4102N/A                    }
4102N/A                    if (oneOnly) {
4102N/A                        return t;
4102N/A                    } else {
4102N/A                        answer.add(t);
4102N/A                    }
4102N/A                }
4102N/A            } else if (credClass == KerberosKey.class) {
4102N/A                // We are looking for credentials for the serverPrincipal
4102N/A                Iterator<T> iterator =
4102N/A                    subject.getPrivateCredentials(credClass).iterator();
4102N/A                while (iterator.hasNext()) {
4102N/A                    T t = iterator.next();
4102N/A                    String name = ((KerberosKey)t).getPrincipal().getName();
4102N/A                    if (serverPrincipal == null || serverPrincipal.equals(name)) {
0N/A                         if (DEBUG) {
4102N/A                             System.out.println("Found " +
4102N/A                                     credClass.getSimpleName() + " for " + name);
0N/A                         }
0N/A                         if (oneOnly) {
4102N/A                             return t;
0N/A                         } else {
0N/A                             if (serverPrincipal == null) {
0N/A                                 // Record name so that keys returned will all
0N/A                                 // belong to the same principal
4102N/A                                 serverPrincipal = name;
0N/A                             }
4102N/A                             answer.add(t);
0N/A                         }
0N/A                    }
0N/A                }
0N/A            } else if (credClass == KerberosTicket.class) {
0N/A                // we are looking for a KerberosTicket credentials
0N/A                // for client-service principal pair
0N/A                Set<Object> pcs = subject.getPrivateCredentials();
0N/A                synchronized (pcs) {
0N/A                    Iterator<Object> iterator = pcs.iterator();
0N/A                    while (iterator.hasNext()) {
0N/A                        Object obj = iterator.next();
0N/A                        if (obj instanceof KerberosTicket) {
0N/A                            KerberosTicket ticket = (KerberosTicket)obj;
0N/A                            if (DEBUG) {
0N/A                                System.out.println("Found ticket for "
0N/A                                                    + ticket.getClient()
0N/A                                                    + " to go to "
0N/A                                                    + ticket.getServer()
0N/A                                                    + " expiring on "
0N/A                                                    + ticket.getEndTime());
0N/A                            }
0N/A                            if (!ticket.isCurrent()) {
0N/A                                // let us remove the ticket from the Subject
0N/A                                // Note that both TGT and service ticket will be
0N/A                                // removed  upon expiration
0N/A                                if (!subject.isReadOnly()) {
0N/A                                    iterator.remove();
0N/A                                    try {
0N/A                                        ticket.destroy();
0N/A                                        if (DEBUG) {
0N/A                                            System.out.println("Removed and destroyed "
0N/A                                                        + "the expired Ticket \n"
0N/A                                                        + ticket);
0N/A
0N/A                                        }
0N/A                                    } catch (DestroyFailedException dfe) {
0N/A                                        if (DEBUG) {
0N/A                                            System.out.println("Expired ticket not" +
0N/A                                                    " detroyed successfully. " + dfe);
0N/A                                        }
0N/A                                    }
0N/A
0N/A                                }
0N/A                            } else {
0N/A                                if (serverPrincipal == null ||
0N/A                                    ticket.getServer().getName().equals(serverPrincipal))  {
0N/A
0N/A                                    if (clientPrincipal == null ||
0N/A                                        clientPrincipal.equals(
0N/A                                            ticket.getClient().getName())) {
0N/A                                        if (oneOnly) {
0N/A                                            return ticket;
0N/A                                        } else {
0N/A                                            // Record names so that tickets will
0N/A                                            // all belong to same principals
0N/A                                            if (clientPrincipal == null) {
0N/A                                                clientPrincipal =
0N/A                                                ticket.getClient().getName();
0N/A                                            }
0N/A                                            if (serverPrincipal == null) {
0N/A                                                serverPrincipal =
0N/A                                                ticket.getServer().getName();
0N/A                                            }
4102N/A                                            answer.add((T)ticket);
0N/A                                        }
0N/A                                    }
0N/A                                }
0N/A                            }
0N/A                        }
0N/A                    }
0N/A                }
0N/A            }
0N/A            return answer;
0N/A        }
0N/A    }
0N/A}