1 /* 2 * Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 package sun.security.jgss.wrapper; 26 27 import org.ietf.jgss.*; 28 import java.security.Provider; 29 import sun.security.jgss.GSSUtil; 30 import sun.security.jgss.spi.GSSCredentialSpi; 31 import sun.security.jgss.spi.GSSNameSpi; 32 33 /** 34 * This class is essentially a wrapper class for the gss_cred_id_t 35 * structure of the native GSS library. 36 * @author Valerie Peng 37 * @since 1.6 38 */ 39 public class GSSCredElement implements GSSCredentialSpi { 40 41 private int usage; 42 long pCred; // Pointer to the gss_cred_id_t structure 43 private GSSNameElement name = null; 44 private GSSLibStub cStub; 45 46 // Perform the necessary ServicePermission check on this cred doServicePermCheck()47 void doServicePermCheck() throws GSSException { 48 if (GSSUtil.isKerberosMech(cStub.getMech())) { 49 if (System.getSecurityManager() != null) { 50 if (isInitiatorCredential()) { 51 String tgsName = Krb5Util.getTGSName(name); 52 Krb5Util.checkServicePermission(tgsName, "initiate"); 53 } 54 if (isAcceptorCredential() && 55 name != GSSNameElement.DEF_ACCEPTOR) { 56 String krbName = name.getKrbName(); 57 Krb5Util.checkServicePermission(krbName, "accept"); 58 } 59 } 60 } 61 } 62 63 // Construct delegation cred using the actual context mech and srcName GSSCredElement(long pCredentials, GSSNameElement srcName, Oid mech)64 GSSCredElement(long pCredentials, GSSNameElement srcName, Oid mech) 65 throws GSSException { 66 pCred = pCredentials; 67 cStub = GSSLibStub.getInstance(mech); 68 usage = GSSCredential.INITIATE_ONLY; 69 name = srcName; 70 } 71 GSSCredElement(GSSNameElement name, int lifetime, int usage, GSSLibStub stub)72 GSSCredElement(GSSNameElement name, int lifetime, int usage, 73 GSSLibStub stub) throws GSSException { 74 cStub = stub; 75 this.usage = usage; 76 77 if (name != null) { // Could be GSSNameElement.DEF_ACCEPTOR 78 this.name = name; 79 doServicePermCheck(); 80 pCred = cStub.acquireCred(this.name.pName, lifetime, usage); 81 } else { 82 pCred = cStub.acquireCred(0, lifetime, usage); 83 this.name = new GSSNameElement(cStub.getCredName(pCred), cStub); 84 doServicePermCheck(); 85 } 86 } 87 getProvider()88 public Provider getProvider() { 89 return SunNativeProvider.INSTANCE; 90 } 91 dispose()92 public void dispose() throws GSSException { 93 name = null; 94 if (pCred != 0) { 95 pCred = cStub.releaseCred(pCred); 96 } 97 } 98 getName()99 public GSSNameElement getName() throws GSSException { 100 return (name == GSSNameElement.DEF_ACCEPTOR ? 101 null : name); 102 } 103 getInitLifetime()104 public int getInitLifetime() throws GSSException { 105 if (isInitiatorCredential()) { 106 return cStub.getCredTime(pCred); 107 } else return 0; 108 } 109 getAcceptLifetime()110 public int getAcceptLifetime() throws GSSException { 111 if (isAcceptorCredential()) { 112 return cStub.getCredTime(pCred); 113 } else return 0; 114 } 115 isInitiatorCredential()116 public boolean isInitiatorCredential() { 117 return (usage != GSSCredential.ACCEPT_ONLY); 118 } 119 isAcceptorCredential()120 public boolean isAcceptorCredential() { 121 return (usage != GSSCredential.INITIATE_ONLY); 122 } 123 getMechanism()124 public Oid getMechanism() { 125 return cStub.getMech(); 126 } 127 toString()128 public String toString() { 129 // No hex bytes available for native impl 130 return "N/A"; 131 } 132 133 @SuppressWarnings("deprecation") finalize()134 protected void finalize() throws Throwable { 135 dispose(); 136 } 137 138 @Override impersonate(GSSNameSpi name)139 public GSSCredentialSpi impersonate(GSSNameSpi name) throws GSSException { 140 throw new GSSException(GSSException.FAILURE, -1, 141 "Not supported yet"); 142 } 143 } 144