001 /* KerberosPrincipal.java -- a kerberos principal 002 Copyright (C) 2006 Free Software Foundation, Inc. 003 004 This file is part of GNU Classpath. 005 006 GNU Classpath is free software; you can redistribute it and/or modify 007 it under the terms of the GNU General Public License as published by 008 the Free Software Foundation; either version 2, or (at your option) 009 any later version. 010 011 GNU Classpath is distributed in the hope that it will be useful, but 012 WITHOUT ANY WARRANTY; without even the implied warranty of 013 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 014 General Public License for more details. 015 016 You should have received a copy of the GNU General Public License 017 along with GNU Classpath; see the file COPYING. If not, write to the 018 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 019 02110-1301 USA. 020 021 Linking this library statically or dynamically with other modules is 022 making a combined work based on this library. Thus, the terms and 023 conditions of the GNU General Public License cover the whole 024 combination. 025 026 As a special exception, the copyright holders of this library give you 027 permission to link this library with independent modules to produce an 028 executable, regardless of the license terms of these independent 029 modules, and to copy and distribute the resulting executable under 030 terms of your choice, provided that you also meet, for each linked 031 independent module, the terms and conditions of the license of that 032 module. An independent module is a module which is not derived from 033 or based on this library. If you modify this library, you may extend 034 this exception to your version of the library, but you are not 035 obligated to do so. If you do not wish to do so, delete this 036 exception statement from your version. */ 037 038 039 package javax.security.auth.kerberos; 040 041 import gnu.classpath.NotImplementedException; 042 import gnu.classpath.SystemProperties; 043 044 import java.io.Serializable; 045 import java.security.Principal; 046 047 /** 048 * This represents a Kerberos principal. See the Kerberos 049 * authentication RFC for more information: 050 * <a href="http://www.ietf.org/rfc/rfc1510.txt">RFC 1510</a>. 051 * 052 * @since 1.4 053 */ 054 public final class KerberosPrincipal 055 implements Serializable, Principal 056 { 057 // Uncomment when serialization is correct. 058 // private static final long serialVersionUID = -7374788026156829911L; 059 060 /** 061 * Constant from the RFC: "Just the name of the principal as in DCE, or 062 * for users". 063 */ 064 public static final int KRB_NT_PRINCIPAL = 1; 065 066 /** 067 * Constant from the RFC: "Service and other unique instance (krbtgt)". 068 */ 069 public static final int KRB_NT_SRV_HST = 3; 070 071 /** 072 * Constant from the RFC: "Service with host name as instance (telnet, 073 * rcommands)". 074 */ 075 public static final int KRB_NT_SRV_INST = 2; 076 077 /** 078 * Constant from the RFC: "Service with host as remaining components". 079 */ 080 public static final int KRB_NT_SRV_XHST = 4; 081 082 /** 083 * Constant from the RFC: "Unique ID". 084 */ 085 public static final int KRB_NT_UID = 5; 086 087 /** 088 * Constant from the RFC: "Name type not known". 089 */ 090 public static final int KRB_NT_UNKNOWN = 0; 091 092 private String name; 093 private int type; 094 private String realm; 095 096 /** 097 * Create a new instance with the given name and a type of 098 * {@link #KRB_NT_PRINCIPAL}. 099 * @param name the principal's name 100 */ 101 public KerberosPrincipal(String name) 102 { 103 this(name, KRB_NT_PRINCIPAL); 104 } 105 106 /** 107 * Create a new instance with the given name and type. The name is 108 * parsed according to the rules in the RFC. If there is no realm, 109 * then the local realm is used instead. 110 * 111 * @param name the principal's name 112 * @param type the principal's type 113 */ 114 public KerberosPrincipal(String name, int type) 115 // Marked as unimplemented because we don't look for the realm as needed. 116 throws NotImplementedException 117 { 118 if (type < KRB_NT_UNKNOWN || type > KRB_NT_UID) 119 throw new IllegalArgumentException("unknown type: " + type); 120 this.name = name; 121 this.type = type; 122 this.realm = parseRealm(); 123 } 124 125 private String parseRealm() 126 { 127 // Handle quoting as specified by the Kerberos RFC. 128 int i, len = name.length(); 129 boolean quoted = false; 130 for (i = 0; i < len; ++i) 131 { 132 if (quoted) 133 { 134 quoted = false; 135 continue; 136 } 137 char c = name.charAt(i); 138 if (c == '\\') 139 { 140 quoted = true; 141 continue; 142 } 143 if (c == '@') 144 break; 145 } 146 if (quoted || i == len - 1) 147 throw new IllegalArgumentException("malformed principal: " + name); 148 if (i < len) 149 { 150 // We have the realm. FIXME: verify its syntax? 151 return name.substring(i + 1); 152 } 153 // Try to find the default realm. 154 String def = SystemProperties.getProperty("java.security.krb5.realm"); 155 if (def != null) 156 return def; 157 // Now ask the system. 158 // FIXME: use java.security.krb5.conf, 159 // or $JAVA_HOME/lib/security/krb5.conf to find the krb config file. 160 // Then pass to native code using krb5_set_config_files() and 161 // krb5_get_default_realm(). But... what about /etc/krb5.conf? 162 throw new IllegalArgumentException("default realm can't be found"); 163 } 164 165 /** 166 * Return the name of this principal. 167 */ 168 public String getName() 169 { 170 return name; 171 } 172 173 /** 174 * Return the realm of this principal. 175 */ 176 public String getRealm() 177 { 178 return realm; 179 } 180 181 /** 182 * Return the type of this principal. 183 */ 184 public int getNameType() 185 { 186 return type; 187 } 188 189 public int hashCode() 190 { 191 return name.hashCode(); 192 } 193 194 public boolean equals(Object other) 195 { 196 if (! (other instanceof KerberosPrincipal)) 197 return false; 198 KerberosPrincipal kp = (KerberosPrincipal) other; 199 return name.equals(kp.name) && type == kp.type; 200 } 201 202 public String toString() 203 { 204 // This is what came to mind. 205 return name + ":" + type; 206 } 207 }