src/share/classes/sun/security/jgss/spnego/SpNegoMechFactory.java - toolchain/jdk/jdk9_jdk - Git at Google

 /*
  * Copyright (c) 2005, 2009, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License version 2 only, as
  * published by the Free Software Foundation.  Oracle designates this
  * particular file as subject to the "Classpath" exception as provided
  * by Oracle in the LICENSE file that accompanied this code.
  *
  * This code is distributed in the hope that it will be useful, but WITHOUT
  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * version 2 for more details (a copy is included in the LICENSE file that
  * accompanied this code).
  *
  * You should have received a copy of the GNU General Public License version
  * 2 along with this work; if not, write to the Free Software Foundation,
  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  *
  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  * or visit www.oracle.com if you need additional information or have any
  * questions.
  */

 package sun.security.jgss.spnego;

 import org.ietf.jgss.*;
 import sun.security.jgss.*;
 import sun.security.jgss.spi.*;
 import sun.security.jgss.krb5.Krb5MechFactory;
 import sun.security.jgss.krb5.Krb5InitCredential;
 import sun.security.jgss.krb5.Krb5AcceptCredential;
 import sun.security.jgss.krb5.Krb5NameElement;
 import java.security.Provider;
 import java.util.Vector;

 /**
  * SpNego Mechanism plug in for JGSS
  * This is the properties object required by the JGSS framework.
  * All mechanism specific information is defined here.
  *
  * @author Seema Malkani
  * @since 1.6
  */

 public final class SpNegoMechFactory implements MechanismFactory {

     static final Provider PROVIDER =
         new sun.security.jgss.SunProvider();

     static final Oid GSS_SPNEGO_MECH_OID =
         GSSUtil.createOid("1.3.6.1.5.5.2");

     private static Oid[] nameTypes =
         new Oid[] { GSSName.NT_USER_NAME,
                         GSSName.NT_HOSTBASED_SERVICE,
                         GSSName.NT_EXPORT_NAME};

     // The default underlying mech of SPNEGO, must not be SPNEGO itself.
     private static final Oid DEFAULT_SPNEGO_MECH_OID =
             ProviderList.DEFAULT_MECH_OID.equals(GSS_SPNEGO_MECH_OID)?
                 GSSUtil.GSS_KRB5_MECH_OID:
                 ProviderList.DEFAULT_MECH_OID;

     // Use an instance of a GSSManager whose provider list
     // does not include native provider
     final GSSManagerImpl manager;
     final Oid[] availableMechs;

     private static SpNegoCredElement getCredFromSubject(GSSNameSpi name,
                                                         boolean initiate)
         throws GSSException {
         Vector<SpNegoCredElement> creds =
             GSSUtil.searchSubject(name, GSS_SPNEGO_MECH_OID,
                 initiate, SpNegoCredElement.class);

         SpNegoCredElement result = ((creds == null || creds.isEmpty()) ?
                                     null : creds.firstElement());

         // Force permission check before returning the cred to caller
         if (result != null) {
             GSSCredentialSpi cred = result.getInternalCred();
             if (GSSUtil.isKerberosMech(cred.getMechanism())) {
                 if (initiate) {
                     Krb5InitCredential krbCred = (Krb5InitCredential) cred;
                     Krb5MechFactory.checkInitCredPermission
                         ((Krb5NameElement) krbCred.getName());
                 } else {
                     Krb5AcceptCredential krbCred = (Krb5AcceptCredential) cred;
                     Krb5MechFactory.checkAcceptCredPermission
                         ((Krb5NameElement) krbCred.getName(), name);
                 }
             }
         }
         return result;
     }

     public SpNegoMechFactory(GSSCaller caller) {
         manager = new GSSManagerImpl(caller, false);
         Oid[] mechs = manager.getMechs();
         availableMechs = new Oid[mechs.length-1];
         for (int i = 0, j = 0; i < mechs.length; i++) {
             // Skip SpNego mechanism
             if (!mechs[i].equals(GSS_SPNEGO_MECH_OID)) {
                 availableMechs[j++] = mechs[i];
             }
         }
         // Move the preferred mech to first place
         for (int i=0; i<availableMechs.length; i++) {
             if (availableMechs[i].equals(DEFAULT_SPNEGO_MECH_OID)) {
                 if (i != 0) {
                     availableMechs[i] = availableMechs[0];
                     availableMechs[0] = DEFAULT_SPNEGO_MECH_OID;
                 }
                 break;
             }
         }
     }

     public GSSNameSpi getNameElement(String nameStr, Oid nameType)
             throws GSSException {
         return manager.getNameElement(
                 nameStr, nameType, DEFAULT_SPNEGO_MECH_OID);
     }

     public GSSNameSpi getNameElement(byte[] name, Oid nameType)
             throws GSSException {
         return manager.getNameElement(name, nameType, DEFAULT_SPNEGO_MECH_OID);
     }

     public GSSCredentialSpi getCredentialElement(GSSNameSpi name,
            int initLifetime, int acceptLifetime,
            int usage) throws GSSException {

         SpNegoCredElement credElement = getCredFromSubject
             (name, (usage != GSSCredential.ACCEPT_ONLY));

         if (credElement == null) {
             // get CredElement for the default Mechanism
             credElement = new SpNegoCredElement
                 (manager.getCredentialElement(name, initLifetime,
                 acceptLifetime, null, usage));
         }
         return credElement;
     }

     public GSSContextSpi getMechanismContext(GSSNameSpi peer,
                              GSSCredentialSpi myInitiatorCred, int lifetime)
         throws GSSException {
         // get SpNego mechanism context
         if (myInitiatorCred == null) {
             myInitiatorCred = getCredFromSubject(null, true);
         } else if (!(myInitiatorCred instanceof SpNegoCredElement)) {
             // convert to SpNegoCredElement
             SpNegoCredElement cred = new SpNegoCredElement(myInitiatorCred);
             return new SpNegoContext(this, peer, cred, lifetime);
         }
         return new SpNegoContext(this, peer, myInitiatorCred, lifetime);
     }

     public GSSContextSpi getMechanismContext(GSSCredentialSpi myAcceptorCred)
         throws GSSException {
         // get SpNego mechanism context
         if (myAcceptorCred == null) {
             myAcceptorCred = getCredFromSubject(null, false);
         } else if (!(myAcceptorCred instanceof SpNegoCredElement)) {
             // convert to SpNegoCredElement
             SpNegoCredElement cred = new SpNegoCredElement(myAcceptorCred);
             return new SpNegoContext(this, cred);
         }
         return new SpNegoContext(this, myAcceptorCred);
     }

     public GSSContextSpi getMechanismContext(byte[] exportedContext)
         throws GSSException {
         // get SpNego mechanism context
         return new SpNegoContext(this, exportedContext);
     }

     public final Oid getMechanismOid() {
         return GSS_SPNEGO_MECH_OID;
     }

     public Provider getProvider() {
         return PROVIDER;
     }

     public Oid[] getNameTypes() {
         // nameTypes is cloned in GSSManager.getNamesForMech
         return nameTypes;
     }
 }
	/*
	* Copyright (c) 2005, 2009, Oracle and/or its affiliates. All rights reserved.
	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
	*
	* This code is free software; you can redistribute it and/or modify it
	* under the terms of the GNU General Public License version 2 only, as
	* published by the Free Software Foundation. Oracle designates this
	* particular file as subject to the "Classpath" exception as provided
	* by Oracle in the LICENSE file that accompanied this code.
	*
	* This code is distributed in the hope that it will be useful, but WITHOUT
	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
	* version 2 for more details (a copy is included in the LICENSE file that
	* accompanied this code).
	*
	* You should have received a copy of the GNU General Public License version
	* 2 along with this work; if not, write to the Free Software Foundation,
	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
	*
	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
	* or visit www.oracle.com if you need additional information or have any
	* questions.
	*/

	package sun.security.jgss.spnego;

	import org.ietf.jgss.*;
	import sun.security.jgss.*;
	import sun.security.jgss.spi.*;
	import sun.security.jgss.krb5.Krb5MechFactory;
	import sun.security.jgss.krb5.Krb5InitCredential;
	import sun.security.jgss.krb5.Krb5AcceptCredential;
	import sun.security.jgss.krb5.Krb5NameElement;
	import java.security.Provider;
	import java.util.Vector;

	/**
	* SpNego Mechanism plug in for JGSS
	* This is the properties object required by the JGSS framework.
	* All mechanism specific information is defined here.
	*
	* @author Seema Malkani
	* @since 1.6
	*/

	public final class SpNegoMechFactory implements MechanismFactory {

	static final Provider PROVIDER =
	new sun.security.jgss.SunProvider();

	static final Oid GSS_SPNEGO_MECH_OID =
	GSSUtil.createOid("1.3.6.1.5.5.2");

	private static Oid[] nameTypes =
	new Oid[] { GSSName.NT_USER_NAME,
	GSSName.NT_HOSTBASED_SERVICE,
	GSSName.NT_EXPORT_NAME};

	// The default underlying mech of SPNEGO, must not be SPNEGO itself.
	private static final Oid DEFAULT_SPNEGO_MECH_OID =
	ProviderList.DEFAULT_MECH_OID.equals(GSS_SPNEGO_MECH_OID)?
	GSSUtil.GSS_KRB5_MECH_OID:
	ProviderList.DEFAULT_MECH_OID;

	// Use an instance of a GSSManager whose provider list
	// does not include native provider
	final GSSManagerImpl manager;
	final Oid[] availableMechs;

	private static SpNegoCredElement getCredFromSubject(GSSNameSpi name,
	boolean initiate)
	throws GSSException {
	Vector<SpNegoCredElement> creds =
	GSSUtil.searchSubject(name, GSS_SPNEGO_MECH_OID,
	initiate, SpNegoCredElement.class);

	SpNegoCredElement result = ((creds == null \|\| creds.isEmpty()) ?
	null : creds.firstElement());

	// Force permission check before returning the cred to caller
	if (result != null) {
	GSSCredentialSpi cred = result.getInternalCred();
	if (GSSUtil.isKerberosMech(cred.getMechanism())) {
	if (initiate) {
	Krb5InitCredential krbCred = (Krb5InitCredential) cred;
	Krb5MechFactory.checkInitCredPermission
	((Krb5NameElement) krbCred.getName());
	} else {
	Krb5AcceptCredential krbCred = (Krb5AcceptCredential) cred;
	Krb5MechFactory.checkAcceptCredPermission
	((Krb5NameElement) krbCred.getName(), name);
	}
	}
	}
	return result;
	}

	public SpNegoMechFactory(GSSCaller caller) {
	manager = new GSSManagerImpl(caller, false);
	Oid[] mechs = manager.getMechs();
	availableMechs = new Oid[mechs.length-1];
	for (int i = 0, j = 0; i < mechs.length; i++) {
	// Skip SpNego mechanism
	if (!mechs[i].equals(GSS_SPNEGO_MECH_OID)) {
	availableMechs[j++] = mechs[i];
	}
	}
	// Move the preferred mech to first place
	for (int i=0; i<availableMechs.length; i++) {
	if (availableMechs[i].equals(DEFAULT_SPNEGO_MECH_OID)) {
	if (i != 0) {
	availableMechs[i] = availableMechs[0];
	availableMechs[0] = DEFAULT_SPNEGO_MECH_OID;
	}
	break;
	}
	}
	}

	public GSSNameSpi getNameElement(String nameStr, Oid nameType)
	throws GSSException {
	return manager.getNameElement(
	nameStr, nameType, DEFAULT_SPNEGO_MECH_OID);
	}

	public GSSNameSpi getNameElement(byte[] name, Oid nameType)
	throws GSSException {
	return manager.getNameElement(name, nameType, DEFAULT_SPNEGO_MECH_OID);
	}

	public GSSCredentialSpi getCredentialElement(GSSNameSpi name,
	int initLifetime, int acceptLifetime,
	int usage) throws GSSException {

	SpNegoCredElement credElement = getCredFromSubject
	(name, (usage != GSSCredential.ACCEPT_ONLY));

	if (credElement == null) {
	// get CredElement for the default Mechanism
	credElement = new SpNegoCredElement
	(manager.getCredentialElement(name, initLifetime,
	acceptLifetime, null, usage));
	}
	return credElement;
	}

	public GSSContextSpi getMechanismContext(GSSNameSpi peer,
	GSSCredentialSpi myInitiatorCred, int lifetime)
	throws GSSException {
	// get SpNego mechanism context
	if (myInitiatorCred == null) {
	myInitiatorCred = getCredFromSubject(null, true);
	} else if (!(myInitiatorCred instanceof SpNegoCredElement)) {
	// convert to SpNegoCredElement
	SpNegoCredElement cred = new SpNegoCredElement(myInitiatorCred);
	return new SpNegoContext(this, peer, cred, lifetime);
	}
	return new SpNegoContext(this, peer, myInitiatorCred, lifetime);
	}

	public GSSContextSpi getMechanismContext(GSSCredentialSpi myAcceptorCred)
	throws GSSException {
	// get SpNego mechanism context
	if (myAcceptorCred == null) {
	myAcceptorCred = getCredFromSubject(null, false);
	} else if (!(myAcceptorCred instanceof SpNegoCredElement)) {
	// convert to SpNegoCredElement
	SpNegoCredElement cred = new SpNegoCredElement(myAcceptorCred);
	return new SpNegoContext(this, cred);
	}
	return new SpNegoContext(this, myAcceptorCred);
	}

	public GSSContextSpi getMechanismContext(byte[] exportedContext)
	throws GSSException {
	// get SpNego mechanism context
	return new SpNegoContext(this, exportedContext);
	}

	public final Oid getMechanismOid() {
	return GSS_SPNEGO_MECH_OID;
	}

	public Provider getProvider() {
	return PROVIDER;
	}

	public Oid[] getNameTypes() {
	// nameTypes is cloned in GSSManager.getNamesForMech
	return nameTypes;
	}
	}