1 /*
2  * Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved.
3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4  *
5  * This code is free software; you can redistribute it and/or modify it
6  * under the terms of the GNU General Public License version 2 only, as
7  * published by the Free Software Foundation.  Oracle designates this
8  * particular file as subject to the "Classpath" exception as provided
9  * by Oracle in the LICENSE file that accompanied this code.
10  *
11  * This code is distributed in the hope that it will be useful, but WITHOUT
12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
14  * version 2 for more details (a copy is included in the LICENSE file that
15  * accompanied this code).
16  *
17  * You should have received a copy of the GNU General Public License version
18  * 2 along with this work; if not, write to the Free Software Foundation,
19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20  *
21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22  * or visit www.oracle.com if you need additional information or have any
23  * questions.
24  */
25 
26 package sun.security.ssl;
27 
28 import java.security.AccessControlContext;
29 import java.security.AccessController;
30 import java.security.Permission;
31 import java.security.Principal;
32 import java.security.PrivilegedAction;
33 import javax.crypto.SecretKey;
34 import javax.security.auth.Subject;
35 import javax.security.auth.login.LoginException;
36 
37 /**
38  * A helper class for Kerberos APIs.
39  */
40 public final class Krb5Helper {
41 
Krb5Helper()42     private Krb5Helper() { }
43 
44     // loads Krb5Proxy implementation class if available
45     private static final String IMPL_CLASS =
46         "sun.security.ssl.krb5.Krb5ProxyImpl";
47 
48     private static final Krb5Proxy proxy =
49         AccessController.doPrivileged(new PrivilegedAction<Krb5Proxy>() {
50             public Krb5Proxy run() {
51                 try {
52                     Class<?> c = Class.forName(IMPL_CLASS, true, null);
53                     return (Krb5Proxy)c.newInstance();
54                 } catch (ClassNotFoundException cnf) {
55                     return null;
56                 } catch (InstantiationException e) {
57                     throw new AssertionError(e);
58                 } catch (IllegalAccessException e) {
59                     throw new AssertionError(e);
60                 }
61             }});
62 
63     /**
64      * Returns true if Kerberos is available.
65      */
isAvailable()66     public static boolean isAvailable() {
67         return proxy != null;
68     }
69 
ensureAvailable()70     private static void ensureAvailable() {
71         if (proxy == null)
72             throw new AssertionError("Kerberos should have been available");
73     }
74 
75     /**
76      * Returns the Subject associated with client-side of the SSL socket.
77      */
getClientSubject(AccessControlContext acc)78     public static Subject getClientSubject(AccessControlContext acc)
79             throws LoginException {
80         ensureAvailable();
81         return proxy.getClientSubject(acc);
82     }
83 
84     /**
85      * Returns the Subject associated with server-side of the SSL socket.
86      */
getServerSubject(AccessControlContext acc)87     public static Subject getServerSubject(AccessControlContext acc)
88             throws LoginException {
89         ensureAvailable();
90         return proxy.getServerSubject(acc);
91     }
92 
93     /**
94      * Returns the KerberosKeys for the default server-side principal.
95      */
getServerKeys(AccessControlContext acc)96     public static SecretKey[] getServerKeys(AccessControlContext acc)
97             throws LoginException {
98         ensureAvailable();
99         return proxy.getServerKeys(acc);
100     }
101 
102     /**
103      * Returns the server-side principal name associated with the KerberosKey.
104      */
getServerPrincipalName(SecretKey kerberosKey)105     public static String getServerPrincipalName(SecretKey kerberosKey) {
106         ensureAvailable();
107         return proxy.getServerPrincipalName(kerberosKey);
108     }
109 
110     /**
111      * Returns the hostname embedded in the principal name.
112      */
getPrincipalHostName(Principal principal)113     public static String getPrincipalHostName(Principal principal) {
114         ensureAvailable();
115         return proxy.getPrincipalHostName(principal);
116     }
117 
118     /**
119      * Returns a ServicePermission for the principal name and action.
120      */
getServicePermission(String principalName, String action)121     public static Permission getServicePermission(String principalName,
122             String action) {
123         ensureAvailable();
124         return proxy.getServicePermission(principalName, action);
125     }
126 }
127