jgss/wrapper/GSSCredElement.java

0N/A/*
2362N/A * Copyright (c) 2005, 2006, Oracle and/or its affiliates. All rights reserved.
0N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
0N/A *
0N/A * This code is free software; you can redistribute it and/or modify it
0N/A * under the terms of the GNU General Public License version 2 only, as
2362N/A * published by the Free Software Foundation.  Oracle designates this
0N/A * particular file as subject to the "Classpath" exception as provided
2362N/A * by Oracle in the LICENSE file that accompanied this code.
0N/A *
0N/A * This code is distributed in the hope that it will be useful, but WITHOUT
0N/A * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
0N/A * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
0N/A * version 2 for more details (a copy is included in the LICENSE file that
0N/A * accompanied this code).
0N/A *
0N/A * You should have received a copy of the GNU General Public License version
0N/A * 2 along with this work; if not, write to the Free Software Foundation,
0N/A * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
0N/A *
2362N/A * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
2362N/A * or visit www.oracle.com if you need additional information or have any
2362N/A * questions.
0N/A */
0N/Apackage sun.security.jgss.wrapper;
0N/A
0N/Aimport org.ietf.jgss.*;
0N/Aimport java.security.Provider;
0N/Aimport sun.security.jgss.GSSUtil;
0N/Aimport sun.security.jgss.spi.GSSCredentialSpi;
0N/A
0N/A/**
0N/A * This class is essentially a wrapper class for the gss_cred_id_t
0N/A * structure of the native GSS library.
0N/A * @author Valerie Peng
0N/A * @since 1.6
0N/A */
0N/Apublic class GSSCredElement implements GSSCredentialSpi {
0N/A
0N/A    private int usage;
0N/A    long pCred; // Pointer to the gss_cred_id_t structure
0N/A    private GSSNameElement name = null;
0N/A    private GSSLibStub cStub;
0N/A
0N/A    // Perform the necessary ServicePermission check on this cred
0N/A    void doServicePermCheck() throws GSSException {
0N/A        if (GSSUtil.isKerberosMech(cStub.getMech())) {
0N/A            if (System.getSecurityManager() != null) {
0N/A                if (isInitiatorCredential()) {
0N/A                    String tgsName = Krb5Util.getTGSName(name);
0N/A                    Krb5Util.checkServicePermission(tgsName, "initiate");
0N/A                }
0N/A                if (isAcceptorCredential() &&
0N/A                    name != GSSNameElement.DEF_ACCEPTOR) {
0N/A                    String krbName = name.getKrbName();
0N/A                    Krb5Util.checkServicePermission(krbName, "accept");
0N/A                }
0N/A            }
0N/A        }
0N/A    }
0N/A
0N/A    // Construct delegation cred using the actual context mech and srcName
0N/A    GSSCredElement(long pCredentials, GSSNameElement srcName, Oid mech)
0N/A        throws GSSException {
0N/A        pCred = pCredentials;
0N/A        cStub = GSSLibStub.getInstance(mech);
0N/A        usage = GSSCredential.INITIATE_ONLY;
0N/A        name = srcName;
0N/A    }
0N/A
0N/A    GSSCredElement(GSSNameElement name, int lifetime, int usage,
0N/A                   GSSLibStub stub) throws GSSException {
0N/A        cStub = stub;
0N/A        this.usage = usage;
0N/A
0N/A        if (name != null) { // Could be GSSNameElement.DEF_ACCEPTOR
0N/A            this.name = name;
0N/A            doServicePermCheck();
0N/A            pCred = cStub.acquireCred(this.name.pName, lifetime, usage);
0N/A        } else {
0N/A            pCred = cStub.acquireCred(0, lifetime, usage);
0N/A            this.name = new GSSNameElement(cStub.getCredName(pCred), cStub);
0N/A            doServicePermCheck();
0N/A        }
0N/A    }
0N/A
0N/A    public Provider getProvider() {
0N/A        return SunNativeProvider.INSTANCE;
0N/A    }
0N/A
0N/A    public void dispose() throws GSSException {
0N/A        name = null;
0N/A        if (pCred != 0) {
0N/A            pCred = cStub.releaseCred(pCred);
0N/A        }
0N/A    }
0N/A
0N/A    public GSSNameElement getName() throws GSSException {
0N/A        return (name == GSSNameElement.DEF_ACCEPTOR ?
0N/A            null : name);
0N/A    }
0N/A
0N/A    public int getInitLifetime() throws GSSException {
0N/A        if (isInitiatorCredential()) {
0N/A            return cStub.getCredTime(pCred);
0N/A        } else return 0;
0N/A    }
0N/A
0N/A    public int getAcceptLifetime() throws GSSException {
0N/A        if (isAcceptorCredential()) {
0N/A            return cStub.getCredTime(pCred);
0N/A        } else return 0;
0N/A    }
0N/A
0N/A    public boolean isInitiatorCredential() {
0N/A        return (usage != GSSCredential.ACCEPT_ONLY);
0N/A    }
0N/A
0N/A    public boolean isAcceptorCredential() {
0N/A        return (usage != GSSCredential.INITIATE_ONLY);
0N/A    }
0N/A
0N/A    public Oid getMechanism() {
0N/A        return cStub.getMech();
0N/A    }
0N/A
0N/A    public String toString() {
0N/A        // No hex bytes available for native impl
0N/A        return "N/A";
0N/A    }
0N/A
0N/A    protected void finalize() throws Throwable {
0N/A        dispose();
0N/A    }
0N/A}