1 /* 2 * Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package sun.security.ssl; 27 28 import java.security.AccessControlContext; 29 import java.security.AccessController; 30 import java.security.Permission; 31 import java.security.Principal; 32 import java.security.PrivilegedAction; 33 import javax.crypto.SecretKey; 34 import javax.security.auth.Subject; 35 import javax.security.auth.login.LoginException; 36 37 /** 38 * A helper class for Kerberos APIs. 39 */ 40 public final class Krb5Helper { 41 Krb5Helper()42 private Krb5Helper() { } 43 44 // loads Krb5Proxy implementation class if available 45 private static final String IMPL_CLASS = 46 "sun.security.ssl.krb5.Krb5ProxyImpl"; 47 48 private static final Krb5Proxy proxy = 49 AccessController.doPrivileged(new PrivilegedAction<Krb5Proxy>() { 50 public Krb5Proxy run() { 51 try { 52 Class<?> c = Class.forName(IMPL_CLASS, true, null); 53 return (Krb5Proxy)c.newInstance(); 54 } catch (ClassNotFoundException cnf) { 55 return null; 56 } catch (InstantiationException e) { 57 throw new AssertionError(e); 58 } catch (IllegalAccessException e) { 59 throw new AssertionError(e); 60 } 61 }}); 62 63 /** 64 * Returns true if Kerberos is available. 65 */ isAvailable()66 public static boolean isAvailable() { 67 return proxy != null; 68 } 69 ensureAvailable()70 private static void ensureAvailable() { 71 if (proxy == null) 72 throw new AssertionError("Kerberos should have been available"); 73 } 74 75 /** 76 * Returns the Subject associated with client-side of the SSL socket. 77 */ getClientSubject(AccessControlContext acc)78 public static Subject getClientSubject(AccessControlContext acc) 79 throws LoginException { 80 ensureAvailable(); 81 return proxy.getClientSubject(acc); 82 } 83 84 /** 85 * Returns the Subject associated with server-side of the SSL socket. 86 */ getServerSubject(AccessControlContext acc)87 public static Subject getServerSubject(AccessControlContext acc) 88 throws LoginException { 89 ensureAvailable(); 90 return proxy.getServerSubject(acc); 91 } 92 93 /** 94 * Returns the KerberosKeys for the default server-side principal. 95 */ getServerKeys(AccessControlContext acc)96 public static SecretKey[] getServerKeys(AccessControlContext acc) 97 throws LoginException { 98 ensureAvailable(); 99 return proxy.getServerKeys(acc); 100 } 101 102 /** 103 * Returns the server-side principal name associated with the KerberosKey. 104 */ getServerPrincipalName(SecretKey kerberosKey)105 public static String getServerPrincipalName(SecretKey kerberosKey) { 106 ensureAvailable(); 107 return proxy.getServerPrincipalName(kerberosKey); 108 } 109 110 /** 111 * Returns the hostname embedded in the principal name. 112 */ getPrincipalHostName(Principal principal)113 public static String getPrincipalHostName(Principal principal) { 114 ensureAvailable(); 115 return proxy.getPrincipalHostName(principal); 116 } 117 118 /** 119 * Returns a ServicePermission for the principal name and action. 120 */ getServicePermission(String principalName, String action)121 public static Permission getServicePermission(String principalName, 122 String action) { 123 ensureAvailable(); 124 return proxy.getServicePermission(principalName, action); 125 } 126 } 127