Path: blob/aarch64-shenandoah-jdk8u272-b10/jdk/src/share/classes/javax/security/auth/kerberos/KerberosPrincipal.java
38918 views
/*1* Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation. Oracle designates this7* particular file as subject to the "Classpath" exception as provided8* by Oracle in the LICENSE file that accompanied this code.9*10* This code is distributed in the hope that it will be useful, but WITHOUT11* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or12* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License13* version 2 for more details (a copy is included in the LICENSE file that14* accompanied this code).15*16* You should have received a copy of the GNU General Public License version17* 2 along with this work; if not, write to the Free Software Foundation,18* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.19*20* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA21* or visit www.oracle.com if you need additional information or have any22* questions.23*/2425package javax.security.auth.kerberos;2627import java.io.*;28import sun.security.krb5.KrbException;29import sun.security.krb5.PrincipalName;30import sun.security.krb5.Realm;31import sun.security.util.*;3233/**34* This class encapsulates a Kerberos principal.35*36* @author Mayank Upadhyay37* @since 1.438*/3940public final class KerberosPrincipal41implements java.security.Principal, java.io.Serializable {4243private static final long serialVersionUID = -7374788026156829911L;4445//name types4647/**48* unknown name type.49*/5051public static final int KRB_NT_UNKNOWN = 0;5253/**54* user principal name type.55*/5657public static final int KRB_NT_PRINCIPAL = 1;5859/**60* service and other unique instance (krbtgt) name type.61*/62public static final int KRB_NT_SRV_INST = 2;6364/**65* service with host name as instance (telnet, rcommands) name type.66*/6768public static final int KRB_NT_SRV_HST = 3;6970/**71* service with host as remaining components name type.72*/7374public static final int KRB_NT_SRV_XHST = 4;7576/**77* unique ID name type.78*/7980public static final int KRB_NT_UID = 5;8182/**83* Enterprise name (alias)84*/85static final int KRB_NT_ENTERPRISE = 10;8687private transient String fullName;8889private transient String realm;9091private transient int nameType;929394/**95* Constructs a KerberosPrincipal from the provided string input. The96* name type for this principal defaults to97* {@link #KRB_NT_PRINCIPAL KRB_NT_PRINCIPAL}98* This string is assumed to contain a name in the format99* that is specified in Section 2.1.1. (Kerberos Principal Name Form) of100* <a href=http://www.ietf.org/rfc/rfc1964.txt> RFC 1964 </a>101* (for example, <i>[email protected]</i>, where <i>duke</i>102* represents a principal, and <i>FOO.COM</i> represents a realm).103*104* <p>If the input name does not contain a realm, the default realm105* is used. The default realm can be specified either in a Kerberos106* configuration file or via the java.security.krb5.realm107* system property. For more information,108* <a href="../../../../../technotes/guides/security/jgss/tutorials/index.html">109* Kerberos Requirements </a>110*111* @param name the principal name112* @throws IllegalArgumentException if name is improperly113* formatted, if name is null, or if name does not contain114* the realm to use and the default realm is not specified115* in either a Kerberos configuration file or via the116* java.security.krb5.realm system property.117*/118public KerberosPrincipal(String name) {119this(name, KRB_NT_PRINCIPAL);120}121122/**123* Constructs a KerberosPrincipal from the provided string and124* name type input. The string is assumed to contain a name in the125* format that is specified in Section 2.1 (Mandatory Name Forms) of126* <a href=http://www.ietf.org/rfc/rfc1964.txt>RFC 1964</a>.127* Valid name types are specified in Section 6.2 (Principal Names) of128* <a href=http://www.ietf.org/rfc/rfc4120.txt>RFC 4120</a>.129* The input name must be consistent with the provided name type.130* (for example, <i>[email protected]</i>, is a valid input string for the131* name type, KRB_NT_PRINCIPAL where <i>duke</i>132* represents a principal, and <i>FOO.COM</i> represents a realm).133134* <p> If the input name does not contain a realm, the default realm135* is used. The default realm can be specified either in a Kerberos136* configuration file or via the java.security.krb5.realm137* system property. For more information, see138* <a href="../../../../../technotes/guides/security/jgss/tutorials/index.html">139* Kerberos Requirements</a>.140*141* @param name the principal name142* @param nameType the name type of the principal143* @throws IllegalArgumentException if name is improperly144* formatted, if name is null, if the nameType is not supported,145* or if name does not contain the realm to use and the default146* realm is not specified in either a Kerberos configuration147* file or via the java.security.krb5.realm system property.148*/149150public KerberosPrincipal(String name, int nameType) {151152PrincipalName krb5Principal = null;153154try {155// Appends the default realm if it is missing156krb5Principal = new PrincipalName(name,nameType);157} catch (KrbException e) {158throw new IllegalArgumentException(e.getMessage());159}160161// A ServicePermission with a principal in the deduced realm and162// any action must be granted if no realm is provided by caller.163if (krb5Principal.isRealmDeduced() && !Realm.AUTODEDUCEREALM) {164SecurityManager sm = System.getSecurityManager();165if (sm != null) {166try {167sm.checkPermission(new ServicePermission(168"@" + krb5Principal.getRealmAsString(), "-"));169} catch (SecurityException se) {170// Swallow the actual exception to hide info171throw new SecurityException("Cannot read realm info");172}173}174}175this.nameType = nameType;176fullName = krb5Principal.toString();177realm = krb5Principal.getRealmString();178}179/**180* Returns the realm component of this Kerberos principal.181*182* @return the realm component of this Kerberos principal.183*/184public String getRealm() {185return realm;186}187188/**189* Returns a hashcode for this principal. The hash code is defined to190* be the result of the following calculation:191* <pre>{@code192* hashCode = getName().hashCode();193* }</pre>194*195* @return a hashCode() for the {@code KerberosPrincipal}196*/197public int hashCode() {198return getName().hashCode();199}200201/**202* Compares the specified Object with this Principal for equality.203* Returns true if the given object is also a204* {@code KerberosPrincipal} and the two205* {@code KerberosPrincipal} instances are equivalent.206* More formally two {@code KerberosPrincipal} instances are equal207* if the values returned by {@code getName()} are equal.208*209* @param other the Object to compare to210* @return true if the Object passed in represents the same principal211* as this one, false otherwise.212*/213public boolean equals(Object other) {214215if (other == this)216return true;217218if (! (other instanceof KerberosPrincipal)) {219return false;220}221String myFullName = getName();222String otherFullName = ((KerberosPrincipal) other).getName();223return myFullName.equals(otherFullName);224}225226/**227* Save the KerberosPrincipal object to a stream228*229* @serialData this {@code KerberosPrincipal} is serialized230* by writing out the PrincipalName and the231* realm in their DER-encoded form as specified in Section 5.2.2 of232* <a href=http://www.ietf.org/rfc/rfc4120.txt> RFC4120</a>.233*/234private void writeObject(ObjectOutputStream oos)235throws IOException {236237PrincipalName krb5Principal;238try {239krb5Principal = new PrincipalName(fullName, nameType);240oos.writeObject(krb5Principal.asn1Encode());241oos.writeObject(krb5Principal.getRealm().asn1Encode());242} catch (Exception e) {243throw new IOException(e);244}245}246247/**248* Reads this object from a stream (i.e., deserializes it)249*/250private void readObject(ObjectInputStream ois)251throws IOException, ClassNotFoundException {252byte[] asn1EncPrincipal = (byte [])ois.readObject();253byte[] encRealm = (byte [])ois.readObject();254try {255Realm realmObject = new Realm(new DerValue(encRealm));256PrincipalName krb5Principal = new PrincipalName(257new DerValue(asn1EncPrincipal), realmObject);258realm = realmObject.toString();259fullName = krb5Principal.toString();260nameType = krb5Principal.getNameType();261} catch (Exception e) {262throw new IOException(e);263}264}265266/**267* The returned string corresponds to the single-string268* representation of a Kerberos Principal name as specified in269* Section 2.1 of <a href=http://www.ietf.org/rfc/rfc1964.txt>RFC 1964</a>.270*271* @return the principal name.272*/273public String getName() {274return fullName;275}276277/**278* Returns the name type of the KerberosPrincipal. Valid name types279* are specified in Section 6.2 of280* <a href=http://www.ietf.org/rfc/rfc4120.txt> RFC4120</a>.281*282* @return the name type.283*/284public int getNameType() {285return nameType;286}287288// Inherits javadocs from Object289public String toString() {290return getName();291}292}293294295