Back to index... 
/*
 
 * Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
 
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 
 *
 
 * This code is free software; you can redistribute it and/or modify it
 
 * under the terms of the GNU General Public License version 2 only, as
 
 * published by the Free Software Foundation.  Oracle designates this
 
 * particular file as subject to the "Classpath" exception as provided
 
 * by Oracle in the LICENSE file that accompanied this code.
 
 *
 
 * This code is distributed in the hope that it will be useful, but WITHOUT
 
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 
 * version 2 for more details (a copy is included in the LICENSE file that
 
 * accompanied this code).
 
 *
 
 * You should have received a copy of the GNU General Public License version
 
 * 2 along with this work; if not, write to the Free Software Foundation,
 
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 
 *
 
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 
 * or visit www.oracle.com if you need additional information or have any
 
 * questions.
 
 */
 
package sun.security.jgss.wrapper;
 







import org.ietf.jgss.*;







import java.security.Provider;







import sun.security.jgss.GSSUtil;







import sun.security.jgss.spi.GSSCredentialSpi;







import sun.security.jgss.spi.GSSNameSpi;














/**







 * This class is essentially a wrapper class for the gss_cred_id_t







 * structure of the native GSS library.







 * @author Valerie Peng







 * @since 1.6







 */







public class GSSCredElement implements GSSCredentialSpi {














    private int usage;







    long pCred; // Pointer to the gss_cred_id_t structure







    private GSSNameElement name = null;







    private GSSLibStub cStub;














    // Perform the necessary ServicePermission check on this cred







    void doServicePermCheck() throws GSSException {







        if (GSSUtil.isKerberosMech(cStub.getMech())) {







            if (System.getSecurityManager() != null) {







                if (isInitiatorCredential()) {







                    String tgsName = Krb5Util.getTGSName(name);







                    Krb5Util.checkServicePermission(tgsName, "initiate");







                }







                if (isAcceptorCredential() &&







                    name != GSSNameElement.DEF_ACCEPTOR) {







                    String krbName = name.getKrbName();







                    Krb5Util.checkServicePermission(krbName, "accept");







                }







            }







        }







    }














    // Construct delegation cred using the actual context mech and srcName







    GSSCredElement(long pCredentials, GSSNameElement srcName, Oid mech)







        throws GSSException {







        pCred = pCredentials;







        cStub = GSSLibStub.getInstance(mech);







        usage = GSSCredential.INITIATE_ONLY;







        name = srcName;







    }














    GSSCredElement(GSSNameElement name, int lifetime, int usage,







                   GSSLibStub stub) throws GSSException {







        cStub = stub;







        this.usage = usage;














        if (name != null) { // Could be GSSNameElement.DEF_ACCEPTOR







            this.name = name;







            doServicePermCheck();







            pCred = cStub.acquireCred(this.name.pName, lifetime, usage);







        } else {







            pCred = cStub.acquireCred(0, lifetime, usage);







            this.name = new GSSNameElement(cStub.getCredName(pCred), cStub);







            doServicePermCheck();







        }







    }














    public Provider getProvider() {







        return SunNativeProvider.INSTANCE;







    }














    public void dispose() throws GSSException {







        name = null;







        if (pCred != 0) {







            pCred = cStub.releaseCred(pCred);







        }







    }














    public GSSNameElement getName() throws GSSException {







        return (name == GSSNameElement.DEF_ACCEPTOR ?







            null : name);







    }














    public int getInitLifetime() throws GSSException {







        if (isInitiatorCredential()) {







            return cStub.getCredTime(pCred);







        } else return 0;







    }














    public int getAcceptLifetime() throws GSSException {







        if (isAcceptorCredential()) {







            return cStub.getCredTime(pCred);







        } else return 0;







    }














    public boolean isInitiatorCredential() {







        return (usage != GSSCredential.ACCEPT_ONLY);







    }














    public boolean isAcceptorCredential() {







        return (usage != GSSCredential.INITIATE_ONLY);







    }














    public Oid getMechanism() {







        return cStub.getMech();







    }














    public String toString() {







        // No hex bytes available for native impl







        return "N/A";







    }














    protected void finalize() throws Throwable {







        dispose();







    }














    @Override







    public GSSCredentialSpi impersonate(GSSNameSpi name) throws GSSException {







        throw new GSSException(GSSException.FAILURE, -1,







                "Not supported yet");







    }







}






Back to index...