Path: blob/aarch64-shenandoah-jdk8u272-b10/jdk/src/share/classes/sun/security/ssl/Krb5Helper.java
38830 views
/*1* Copyright (c) 2009, 2020, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation. Oracle designates this7* particular file as subject to the "Classpath" exception as provided8* by Oracle in the LICENSE file that accompanied this code.9*10* This code is distributed in the hope that it will be useful, but WITHOUT11* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or12* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License13* version 2 for more details (a copy is included in the LICENSE file that14* accompanied this code).15*16* You should have received a copy of the GNU General Public License version17* 2 along with this work; if not, write to the Free Software Foundation,18* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.19*20* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA21* or visit www.oracle.com if you need additional information or have any22* questions.23*/2425package sun.security.ssl;2627import java.security.AccessControlContext;28import java.security.AccessController;29import java.security.Permission;30import java.security.Principal;31import java.security.PrivilegedAction;32import javax.crypto.SecretKey;33import javax.security.auth.Subject;34import javax.security.auth.login.LoginException;3536/**37* A helper class for Kerberos APIs.38*/39public final class Krb5Helper {4041private Krb5Helper() { }4243// loads Krb5Proxy implementation class if available44private static final String IMPL_CLASS =45"sun.security.ssl.krb5.Krb5ProxyImpl";4647private static final Krb5Proxy proxy =48AccessController.doPrivileged(new PrivilegedAction<Krb5Proxy>() {49@Override50public Krb5Proxy run() {51try {52Class<?> c = Class.forName(IMPL_CLASS, true, null);53return (Krb5Proxy)c.newInstance();54} catch (ClassNotFoundException cnf) {55return null;56} catch (InstantiationException e) {57throw new AssertionError(e);58} catch (IllegalAccessException e) {59throw new AssertionError(e);60}61}});6263private static void ensureAvailable() {64if (proxy == null)65throw new AssertionError("Kerberos should be available");66}6768/**69* Returns the Subject associated with client-side of the SSL socket.70*/71public static Subject getClientSubject(AccessControlContext acc)72throws LoginException {73ensureAvailable();74return proxy.getClientSubject(acc);75}7677/**78* Returns the Subject associated with server-side of the SSL socket.79*/80public static Subject getServerSubject(AccessControlContext acc)81throws LoginException {82ensureAvailable();83return proxy.getServerSubject(acc);84}8586/**87* Returns the KerberosKeys for the default server-side principal.88*/89public static Object getServiceCreds(AccessControlContext acc)90throws LoginException {91ensureAvailable();92return proxy.getServiceCreds(acc);93}9495/**96* Returns the server-side principal name associated with the KerberosKey.97*/98public static String getServerPrincipalName(Object serviceCreds) {99ensureAvailable();100return proxy.getServerPrincipalName(serviceCreds);101}102103/**104* Returns the hostname embedded in the principal name.105*/106public static String getPrincipalHostName(Principal principal) {107ensureAvailable();108return proxy.getPrincipalHostName(principal);109}110111/**112* Returns a ServicePermission for the principal name and action.113*/114public static Permission getServicePermission(String principalName,115String action) {116ensureAvailable();117return proxy.getServicePermission(principalName, action);118}119120/**121* Determines if the Subject might contain creds for princ.122*/123public static boolean isRelated(Subject subject, Principal princ) {124ensureAvailable();125return proxy.isRelated(subject, princ);126}127}128129130