View Javadoc
1   /*
2    * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
3    * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4    *
5    * This code is free software; you can redistribute it and/or modify it
6    * under the terms of the GNU General Public License version 2 only, as
7    * published by the Free Software Foundation.  Oracle designates this
8    * particular file as subject to the "Classpath" exception as provided
9    * by Oracle in the LICENSE file that accompanied this code.
10   *
11   * This code is distributed in the hope that it will be useful, but WITHOUT
12   * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13   * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
14   * version 2 for more details (a copy is included in the LICENSE file that
15   * accompanied this code).
16   *
17   * You should have received a copy of the GNU General Public License version
18   * 2 along with this work; if not, write to the Free Software Foundation,
19   * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20   *
21   * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22   * or visit www.oracle.com if you need additional information or have any
23   * questions.
24   */
25  
26  package sun.security.jgss.wrapper;
27  
28  import org.ietf.jgss.*;
29  import java.security.Provider;
30  import java.security.Security;
31  import java.io.IOException;
32  import java.io.UnsupportedEncodingException;
33  import sun.security.jgss.GSSUtil;
34  import sun.security.util.ObjectIdentifier;
35  import sun.security.util.DerInputStream;
36  import sun.security.util.DerOutputStream;
37  import sun.security.jgss.GSSUtil;
38  import sun.security.jgss.GSSExceptionImpl;
39  import sun.security.jgss.spi.GSSNameSpi;
40  
41  /**
42   * This class is essentially a wrapper class for the gss_name_t
43   * structure of the native GSS library.
44   * @author Valerie Peng
45   * @since 1.6
46   */
47  
48  public class GSSNameElement implements GSSNameSpi {
49  
50      long pName = 0; // Pointer to the gss_name_t structure
51      private String printableName;
52      private Oid printableType;
53      private GSSLibStub cStub;
54  
55      static final GSSNameElement DEF_ACCEPTOR = new GSSNameElement();
56  
57      private static Oid getNativeNameType(Oid nameType, GSSLibStub stub) {
58          if (GSSUtil.NT_GSS_KRB5_PRINCIPAL.equals(nameType)) {
59              Oid[] supportedNTs = null;
60              try {
61                  supportedNTs = stub.inquireNamesForMech();
62              } catch (GSSException ge) {
63                  if (ge.getMajor() == GSSException.BAD_MECH &&
64                      GSSUtil.isSpNegoMech(stub.getMech())) {
65                      // Workaround known Heimdal issue and retry with KRB5
66                      try {
67                          stub = GSSLibStub.getInstance
68                              (GSSUtil.GSS_KRB5_MECH_OID);
69                          supportedNTs = stub.inquireNamesForMech();
70                      } catch (GSSException ge2) {
71                          // Should never happen
72                          SunNativeProvider.debug("Name type list unavailable: " +
73                              ge2.getMajorString());
74                      }
75                  } else {
76                      SunNativeProvider.debug("Name type list unavailable: " +
77                          ge.getMajorString());
78                  }
79              }
80              if (supportedNTs != null) {
81                  for (int i = 0; i < supportedNTs.length; i++) {
82                      if (supportedNTs[i].equals(nameType)) return nameType;
83                  }
84                  // Special handling the specified name type
85                  SunNativeProvider.debug("Override " + nameType +
86                      " with mechanism default(null)");
87                  return null; // Use mechanism specific default
88              }
89          }
90          return nameType;
91      }
92  
93      private GSSNameElement() {
94          printableName = "<DEFAULT ACCEPTOR>";
95      }
96  
97      GSSNameElement(long pNativeName, GSSLibStub stub) throws GSSException {
98          assert(stub != null);
99          if (pNativeName == 0) {
100             throw new GSSException(GSSException.BAD_NAME);
101         }
102         // Note: pNativeName is assumed to be a MN.
103         pName = pNativeName;
104         cStub = stub;
105         setPrintables();
106     }
107 
108     GSSNameElement(byte[] nameBytes, Oid nameType, GSSLibStub stub)
109         throws GSSException {
110         assert(stub != null);
111         if (nameBytes == null) {
112             throw new GSSException(GSSException.BAD_NAME);
113         }
114         cStub = stub;
115         byte[] name = nameBytes;
116 
117         if (nameType != null) {
118             // Special handling the specified name type if
119             // necessary
120             nameType = getNativeNameType(nameType, stub);
121 
122             if (GSSName.NT_EXPORT_NAME.equals(nameType)) {
123                 // Need to add back the mech Oid portion (stripped
124                 // off by GSSNameImpl class prior to calling this
125                 // method) for "NT_EXPORT_NAME"
126                 byte[] mechBytes = null;
127                 DerOutputStream dout = new DerOutputStream();
128                 Oid mech = cStub.getMech();
129                 try {
130                     dout.putOID(new ObjectIdentifier(mech.toString()));
131                 } catch (IOException e) {
132                     throw new GSSExceptionImpl(GSSException.FAILURE, e);
133                 }
134                 mechBytes = dout.toByteArray();
135                 name = new byte[2 + 2 + mechBytes.length + 4 + nameBytes.length];
136                 int pos = 0;
137                 name[pos++] = 0x04;
138                 name[pos++] = 0x01;
139                 name[pos++] = (byte) (mechBytes.length>>>8);
140                 name[pos++] = (byte) mechBytes.length;
141                 System.arraycopy(mechBytes, 0, name, pos, mechBytes.length);
142                 pos += mechBytes.length;
143                 name[pos++] = (byte) (nameBytes.length>>>24);
144                 name[pos++] = (byte) (nameBytes.length>>>16);
145                 name[pos++] = (byte) (nameBytes.length>>>8);
146                 name[pos++] = (byte) nameBytes.length;
147                 System.arraycopy(nameBytes, 0, name, pos, nameBytes.length);
148             }
149         }
150         pName = cStub.importName(name, nameType);
151         setPrintables();
152 
153         SunNativeProvider.debug("Imported " + printableName + " w/ type " +
154                                 printableType);
155     }
156 
157     private void setPrintables() throws GSSException {
158         Object[] printables = null;
159         printables = cStub.displayName(pName);
160         assert((printables != null) && (printables.length == 2));
161         printableName = (String) printables[0];
162         assert(printableName != null);
163         printableType = (Oid) printables[1];
164         if (printableType == null) {
165             printableType = GSSName.NT_USER_NAME;
166         }
167     }
168 
169     // Need to be public for GSSUtil.getSubject()
170     public String getKrbName() throws GSSException {
171         long mName = 0;
172         GSSLibStub stub = cStub;
173         if (!GSSUtil.isKerberosMech(cStub.getMech())) {
174             stub = GSSLibStub.getInstance(GSSUtil.GSS_KRB5_MECH_OID);
175         }
176         mName = stub.canonicalizeName(pName);
177         Object[] printables2 = stub.displayName(mName);
178         stub.releaseName(mName);
179         SunNativeProvider.debug("Got kerberized name: " + printables2[0]);
180         return (String) printables2[0];
181     }
182 
183     public Provider getProvider() {
184         return SunNativeProvider.INSTANCE;
185     }
186 
187     public boolean equals(GSSNameSpi other) throws GSSException {
188         if (!(other instanceof GSSNameElement)) {
189             return false;
190         }
191         return cStub.compareName(pName, ((GSSNameElement)other).pName);
192     }
193 
194     public boolean equals(Object other) {
195         if (!(other instanceof GSSNameElement)) {
196             return false;
197         }
198         try {
199             return equals((GSSNameElement) other);
200         } catch (GSSException ex) {
201             return false;
202         }
203     }
204 
205     public int hashCode() {
206         return new Long(pName).hashCode();
207     }
208 
209     public byte[] export() throws GSSException {
210         byte[] nameVal = cStub.exportName(pName);
211 
212         // Need to strip off the mech Oid portion of the exported
213         // bytes since GSSNameImpl class will subsequently add it.
214         int pos = 0;
215         if ((nameVal[pos++] != 0x04) ||
216             (nameVal[pos++] != 0x01))
217             throw new GSSException(GSSException.BAD_NAME);
218 
219         int mechOidLen  = (((0xFF & nameVal[pos++]) << 8) |
220                            (0xFF & nameVal[pos++]));
221         ObjectIdentifier temp = null;
222         try {
223             DerInputStream din = new DerInputStream(nameVal, pos,
224                                                     mechOidLen);
225             temp = new ObjectIdentifier(din);
226         } catch (IOException e) {
227             throw new GSSExceptionImpl(GSSException.BAD_NAME, e);
228         }
229         Oid mech2 = new Oid(temp.toString());
230         assert(mech2.equals(getMechanism()));
231         pos += mechOidLen;
232         int mechPortionLen = (((0xFF & nameVal[pos++]) << 24) |
233                               ((0xFF & nameVal[pos++]) << 16) |
234                               ((0xFF & nameVal[pos++]) << 8) |
235                               (0xFF & nameVal[pos++]));
236         byte[] mechPortion = new byte[mechPortionLen];
237         System.arraycopy(nameVal, pos, mechPortion, 0, mechPortionLen);
238         return mechPortion;
239     }
240 
241     public Oid getMechanism() {
242         return cStub.getMech();
243     }
244 
245     public String toString() {
246         return printableName;
247     }
248 
249     public Oid getStringNameType() {
250         return printableType;
251     }
252 
253     public boolean isAnonymousName() {
254         return (GSSName.NT_ANONYMOUS.equals(printableType));
255     }
256 
257     public void dispose() {
258         if (pName != 0) {
259             cStub.releaseName(pName);
260             pName = 0;
261         }
262     }
263 
264     protected void finalize() throws Throwable {
265         dispose();
266     }
267 }