553N/A * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. 0N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 0N/A * This code is free software; you can redistribute it and/or modify it 0N/A * under the terms of the GNU General Public License version 2 only, as 553N/A * published by the Free Software Foundation. Oracle designates this 0N/A * particular file as subject to the "Classpath" exception as provided 553N/A * by Oracle in the LICENSE file that accompanied this code. 0N/A * This code is distributed in the hope that it will be useful, but WITHOUT 0N/A * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 0N/A * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 0N/A * version 2 for more details (a copy is included in the LICENSE file that 0N/A * accompanied this code). 0N/A * You should have received a copy of the GNU General Public License version 0N/A * 2 along with this work; if not, write to the Free Software Foundation, 0N/A * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 553N/A * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 553N/A * or visit www.oracle.com if you need additional information or have any 0N/A * (C) Copyright IBM Corp. 1999 All Rights Reserved. 0N/A * Copyright 1997 The Open Group Research Institute. All rights reserved. 0N/A * This class maintains key-value pairs of Kerberos configurable constants 0N/A * from configuration file or from user specified system properties. 0N/A * Only allow a single instance of Config. 0N/A * Hashtable used to store configuration infomation. 0N/A // these are used for hexdecimal calculation. 0N/A * Specified by system properties. Must be both null or non-null. 0N/A // used for native interface 0N/A * Gets an instance of Config class. One and only one instance (the 0N/A * singleton) is returned. 0N/A * @exception KrbException if error occurs when constructing a Config 0N/A * instance. Possible causes would be either of java.security.krb5.realm or 0N/A * java.security.krb5.kdc not specified, error reading configuration file. 0N/A * Refresh and reload the Configuration. This could involve, 0N/A * for example reading the Configuration file again or getting 0N/A * the java.security.krb5.* system properties again. 0N/A * @exception KrbException if error occurs when constructing a Config 0N/A * instance. Possible causes would be either of java.security.krb5.realm or 0N/A * java.security.krb5.kdc not specified, error reading configuration file. 0N/A // split the "10.x.y" version number 0N/A // sanity check the "10." part of the version 0N/A // check if Mac OS X 10.7(.y) 0N/A // was not an integer 0N/A * Private constructor - can not be instantiated externally. 0N/A * If either one system property is specified, we throw exception. 0N/A // The user can specify a list of kdc hosts separated by ":" 0N/A (
"System property java.security.krb5.kdc and " +
0N/A "java.security.krb5.realm both must be set or " +
0N/A "neither must be set.");
0N/A // Always read the Kerberos configuration file 0N/A // OK. Will go on with file 0N/A // No krb5.conf, no problem. We'll use DNS or system property etc. 0N/A * Gets the default int value for the specified name. 0N/A * @param name the name. 0N/A * @return the default Integer, null is returned if no such name and 0N/A * value are found in configuration file, or error occurs when parsing 0N/A * string to integer. 0N/A " to minimum value");
* Gets the default int value for the specified name in the specified * section. <br>This method is quicker by using section name as the * @param sectio the name string of the section. * @return the default Integer, null is returned if no such name and * value are found in configuration file, or error occurs when parsing * Gets the default string value for the specified name. * @return the default value, null is returned if it cannot be found. * This method does the real job to recursively search through the * @param k the key string. * @param t stanzaTable or sub hashtable within it. * @return the value found in config file, returns null if no value * matched with the key is found. for (
int i =
0; i <
length; i++) {
* Gets the default string value for the specified name in the * <br>This method is quicker by using the section name as the search key. * @param section the name of the section. * @return the default value, null is returned if it cannot be found. for (
int i =
0; i <
length; i++) {
* Gets the default boolean value for the specified name. * @return the default boolean value, false is returned if it cannot be * Gets the default boolean value for the specified name in the * <br>This method is quicker by using the section name as the search key. * @param section the name of the section. * @return the default boolean value, false is returned if it cannot be * Parses a string to an integer. The convertible strings include the * string representations of positive integers, negative integers, and * hex decimal integers. Valid inputs are, e.g., -1234, +1234, * @param input the String to be converted to an Integer. * @return an numeric value represented by the string * @exception NumberFormationException if the String does not contain a for (
int j =
1; j < i; j++) {
* Finds the matching value in the hashtable. * Reads name/value pairs to the memory from the configuration * file. The default location of the configuration file is in java home * Configuration file contains information about the default realm, * ticket parameters, location of the KDC and the admin server for * known realms, etc. The file is divided into sections. Each section * contains one or more name/value pairs with one pair per line. A * default_realm = EXAMPLE.COM * default_tgs_enctypes = des-cbc-md5 * default_tkt_enctypes = des-cbc-md5 * kdc = kerberos.example.com * kdc = kerberos-1.example.com * admin_server = kerberos.example.com * kdc = orange.sample.com * admin_server = orange.sample.com * blue.sample.com = TEST.SAMPLE.COM * .backup.com = EXAMPLE.COM * @params fileName the conf file, cannot be null * @return the content, null if fileName is empty * @throws IOException if there is an I/O or format error // ignore comments and blank line in the configuration file. // Comments start with #. // In practice, a subsection might look like: // kdc = kerberos.example.com // Before parsed into stanza table, it needs to be // converted into formal style: // kdc = kerberos.example.com // So, if a line is "{", adhere to the previous line. "Config file should not start with \"{\"");
* Parses stanza names and values from configuration file to * stanzaTable (Hashtable). Hashtable key would be stanza names, * (libdefaults, realms, domain_realms, etc), and the hashtable value * would be another hashtable which contains the key-value pairs under for (
int i =
0; i < v.
size(); i++) {
// find the next stanza name // find the next stanza name // find the next stanza name * Gets the default Java configuration file name. * use its value, no matter if the file exists or not. Otherwise, we * and return it if the file exists. * The method returns null if it cannot find a Java config file. * Gets the default native configuration file name. * Depending on the OS type, the method returns the default native * kerberos config file name, which is at windows directory with * /etc/krb5.conf otherwise. Mac OSX X has a different file name. * Note: When the Terminal Service is started in Windows (from 2003), * there are two kinds of Windows directories: A system one (say, * C:\Windows), and a user-private one (say, C:\Users\Me\Windows). * We will first look for krb5.ini in the user-private one. If not * found, try the system one instead. * This method will always return a non-null non-empty file name, * even if that file does not exist. * Parses key-value pairs under a stanza name. * Parses key-value pairs under [realms]. The key would be the realm * name, the value would be another hashtable which contains * information for the realm given within a pair of braces. for (
int k = i +
1; k <
end; k++) {
* Parses key-value pairs within each braces under [realms]. * Compares the key with the known keys to see if it exists. for (
int i =
0; i < v.
size(); i++) {
* For testing purpose. This method lists all information being parsed from * the configuration file to the hashtable. for (
int i =
0; i < v.
size(); i++) {
* Returns the default encryption types. // only two delimiters are allowed to use // according to Kerberos DCE doc. for (
int i =
0; i <
len; i++) {
"no supported default etypes for " +
enctypes);
* Get the etype and checksum value for the specified encryption and * This method converts the string representation of encryption type and * checksum type to int value that can be later used by EType and * Resets the default kdc realm. * We do not need to synchronize these methods since assignments are atomic * This method was useless. Kept here in case some class still calls it. * Check to use addresses in tickets * use addresses if "no_addresses" or "noaddresses" is set to false // use addresses if "no_addresses" is set to false // use addresses if "noaddresses" is set to false * Check if need to use DNS to locate Kerberos services * Check if need to use DNS to locate the KDC return useDNS(
"dns_lookup_kdc");
* Check if need to use DNS to locate the Realm return useDNS(
"dns_lookup_realm");
* @throws KrbException where no realm can be located * @return the default realm, always non null // use DNS to locate Kerberos realm * Returns a list of KDC's with each KDC separated by a space * @param realm the realm for which the KDC list is desired * @throws KrbException if there's no way to find KDC for the realm * @return the list of KDCs separated by a space, always non null * Locate Kerberos realm using DNS * @return the Kerberos realm // use DNS to locate Kerberos realm "Unable to locate Kerberos realm: " + e.
getMessage());
// get the domain realm mapping from the configuration "Unable to locate Kerberos realm");
* Check if the provided realm is the correct realm * @return the realm if correct, or null otherwise // if no DNS TXT records found, try again using sub-realm * @param realm the realm for which the master KDC is desired // locate DNS SRV record using UDP // locate DNS SRV record using TCP "Unable to locate KDC for realm " +
realm);
// Shows the content of the Config object for debug purpose. // A string value, just print it // A table, start a new sub-section... // ...indent, print "key = ", and // ...go recursively into value // A vector of strings, print them inside [ and ]