View Javadoc
1   /*
2    * Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
3    * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4    *
5    * This code is free software; you can redistribute it and/or modify it
6    * under the terms of the GNU General Public License version 2 only, as
7    * published by the Free Software Foundation.  Oracle designates this
8    * particular file as subject to the "Classpath" exception as provided
9    * by Oracle in the LICENSE file that accompanied this code.
10   *
11   * This code is distributed in the hope that it will be useful, but WITHOUT
12   * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13   * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
14   * version 2 for more details (a copy is included in the LICENSE file that
15   * accompanied this code).
16   *
17   * You should have received a copy of the GNU General Public License version
18   * 2 along with this work; if not, write to the Free Software Foundation,
19   * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20   *
21   * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22   * or visit www.oracle.com if you need additional information or have any
23   * questions.
24   */
25  package sun.security.jgss.wrapper;
26  
27  import org.ietf.jgss.*;
28  import java.security.Provider;
29  import sun.security.jgss.GSSUtil;
30  import sun.security.jgss.spi.GSSCredentialSpi;
31  import sun.security.jgss.spi.GSSNameSpi;
32  
33  /**
34   * This class is essentially a wrapper class for the gss_cred_id_t
35   * structure of the native GSS library.
36   * @author Valerie Peng
37   * @since 1.6
38   */
39  public class GSSCredElement implements GSSCredentialSpi {
40  
41      private int usage;
42      long pCred; // Pointer to the gss_cred_id_t structure
43      private GSSNameElement name = null;
44      private GSSLibStub cStub;
45  
46      // Perform the necessary ServicePermission check on this cred
47      void doServicePermCheck() throws GSSException {
48          if (GSSUtil.isKerberosMech(cStub.getMech())) {
49              if (System.getSecurityManager() != null) {
50                  if (isInitiatorCredential()) {
51                      String tgsName = Krb5Util.getTGSName(name);
52                      Krb5Util.checkServicePermission(tgsName, "initiate");
53                  }
54                  if (isAcceptorCredential() &&
55                      name != GSSNameElement.DEF_ACCEPTOR) {
56                      String krbName = name.getKrbName();
57                      Krb5Util.checkServicePermission(krbName, "accept");
58                  }
59              }
60          }
61      }
62  
63      // Construct delegation cred using the actual context mech and srcName
64      GSSCredElement(long pCredentials, GSSNameElement srcName, Oid mech)
65          throws GSSException {
66          pCred = pCredentials;
67          cStub = GSSLibStub.getInstance(mech);
68          usage = GSSCredential.INITIATE_ONLY;
69          name = srcName;
70      }
71  
72      GSSCredElement(GSSNameElement name, int lifetime, int usage,
73                     GSSLibStub stub) throws GSSException {
74          cStub = stub;
75          this.usage = usage;
76  
77          if (name != null) { // Could be GSSNameElement.DEF_ACCEPTOR
78              this.name = name;
79              doServicePermCheck();
80              pCred = cStub.acquireCred(this.name.pName, lifetime, usage);
81          } else {
82              pCred = cStub.acquireCred(0, lifetime, usage);
83              this.name = new GSSNameElement(cStub.getCredName(pCred), cStub);
84              doServicePermCheck();
85          }
86      }
87  
88      public Provider getProvider() {
89          return SunNativeProvider.INSTANCE;
90      }
91  
92      public void dispose() throws GSSException {
93          name = null;
94          if (pCred != 0) {
95              pCred = cStub.releaseCred(pCred);
96          }
97      }
98  
99      public GSSNameElement getName() throws GSSException {
100         return (name == GSSNameElement.DEF_ACCEPTOR ?
101             null : name);
102     }
103 
104     public int getInitLifetime() throws GSSException {
105         if (isInitiatorCredential()) {
106             return cStub.getCredTime(pCred);
107         } else return 0;
108     }
109 
110     public int getAcceptLifetime() throws GSSException {
111         if (isAcceptorCredential()) {
112             return cStub.getCredTime(pCred);
113         } else return 0;
114     }
115 
116     public boolean isInitiatorCredential() {
117         return (usage != GSSCredential.ACCEPT_ONLY);
118     }
119 
120     public boolean isAcceptorCredential() {
121         return (usage != GSSCredential.INITIATE_ONLY);
122     }
123 
124     public Oid getMechanism() {
125         return cStub.getMech();
126     }
127 
128     public String toString() {
129         // No hex bytes available for native impl
130         return "N/A";
131     }
132 
133     protected void finalize() throws Throwable {
134         dispose();
135     }
136 
137     @Override
138     public GSSCredentialSpi impersonate(GSSNameSpi name) throws GSSException {
139         throw new GSSException(GSSException.FAILURE, -1,
140                 "Not supported yet");
141     }
142 }