1 /* 2 * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 package sun.security.jgss.wrapper; 26 27 import org.ietf.jgss.*; 28 import java.security.Provider; 29 import sun.security.jgss.GSSUtil; 30 import sun.security.jgss.spi.GSSCredentialSpi; 31 import sun.security.jgss.spi.GSSNameSpi; 32 33 /** 34 * This class is essentially a wrapper class for the gss_cred_id_t 35 * structure of the native GSS library. 36 * @author Valerie Peng 37 * @since 1.6 38 */ 39 public class GSSCredElement implements GSSCredentialSpi { 40 41 private int usage; 42 long pCred; // Pointer to the gss_cred_id_t structure 43 private GSSNameElement name = null; 44 private GSSLibStub cStub; 45 46 // Perform the necessary ServicePermission check on this cred doServicePermCheck()47 void doServicePermCheck() throws GSSException { 48 if (GSSUtil.isKerberosMech(cStub.getMech())) { 49 if (System.getSecurityManager() != null) { 50 if (isInitiatorCredential()) { 51 String tgsName = Krb5Util.getTGSName(name); 52 Krb5Util.checkServicePermission(tgsName, "initiate"); 53 } 54 if (isAcceptorCredential() && 55 name != GSSNameElement.DEF_ACCEPTOR) { 56 String krbName = name.getKrbName(); 57 Krb5Util.checkServicePermission(krbName, "accept"); 58 } 59 } 60 } 61 } 62 63 // Construct delegation cred using the actual context mech and srcName 64 // Warning: called by NativeUtil.c GSSCredElement(long pCredentials, GSSNameElement srcName, Oid mech)65 GSSCredElement(long pCredentials, GSSNameElement srcName, Oid mech) 66 throws GSSException { 67 pCred = pCredentials; 68 cStub = GSSLibStub.getInstance(mech); 69 usage = GSSCredential.INITIATE_ONLY; 70 name = srcName; 71 } 72 GSSCredElement(GSSNameElement name, int lifetime, int usage, GSSLibStub stub)73 GSSCredElement(GSSNameElement name, int lifetime, int usage, 74 GSSLibStub stub) throws GSSException { 75 cStub = stub; 76 this.usage = usage; 77 78 if (name != null) { // Could be GSSNameElement.DEF_ACCEPTOR 79 this.name = name; 80 doServicePermCheck(); 81 pCred = cStub.acquireCred(this.name.pName, lifetime, usage); 82 } else { 83 pCred = cStub.acquireCred(0, lifetime, usage); 84 this.name = new GSSNameElement(cStub.getCredName(pCred), cStub); 85 doServicePermCheck(); 86 } 87 } 88 getProvider()89 public Provider getProvider() { 90 return SunNativeProvider.INSTANCE; 91 } 92 dispose()93 public void dispose() throws GSSException { 94 name = null; 95 if (pCred != 0) { 96 pCred = cStub.releaseCred(pCred); 97 } 98 } 99 getName()100 public GSSNameElement getName() throws GSSException { 101 return (name == GSSNameElement.DEF_ACCEPTOR ? 102 null : name); 103 } 104 getInitLifetime()105 public int getInitLifetime() throws GSSException { 106 if (isInitiatorCredential()) { 107 return cStub.getCredTime(pCred); 108 } else return 0; 109 } 110 getAcceptLifetime()111 public int getAcceptLifetime() throws GSSException { 112 if (isAcceptorCredential()) { 113 return cStub.getCredTime(pCred); 114 } else return 0; 115 } 116 isInitiatorCredential()117 public boolean isInitiatorCredential() { 118 return (usage != GSSCredential.ACCEPT_ONLY); 119 } 120 isAcceptorCredential()121 public boolean isAcceptorCredential() { 122 return (usage != GSSCredential.INITIATE_ONLY); 123 } 124 getMechanism()125 public Oid getMechanism() { 126 return cStub.getMech(); 127 } 128 toString()129 public String toString() { 130 // No hex bytes available for native impl 131 return "N/A"; 132 } 133 134 @SuppressWarnings("deprecation") finalize()135 protected void finalize() throws Throwable { 136 dispose(); 137 } 138 139 @Override impersonate(GSSNameSpi name)140 public GSSCredentialSpi impersonate(GSSNameSpi name) throws GSSException { 141 throw new GSSException(GSSException.FAILURE, -1, 142 "Not supported yet"); 143 } 144 } 145