/*
 * Copyright (c) 2002, 2006, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.  Oracle designates this
 * particular file as subject to the "Classpath" exception as provided
 * by Oracle in the LICENSE file that accompanied this code.
 *
 * This code is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * version 2 for more details (a copy is included in the LICENSE file that
 * accompanied this code).
 *
 * You should have received a copy of the GNU General Public License version
 * 2 along with this work; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 * or visit www.oracle.com if you need additional information or have any
 * questions.
 */

package sun.security.jgss.krb5;

import javax.security.auth.kerberos.KerberosTicket;
import javax.security.auth.kerberos.KerberosKey;
import javax.security.auth.Subject;
import javax.security.auth.DestroyFailedException;
import java.util.Iterator;
import java.util.ArrayList;
import java.util.List;
import java.util.Set;

This utility looks through the current Subject and retrieves a ticket or key for the desired client/server principals.
Author:Ram Marti
Since:1.4.2
/** * This utility looks through the current Subject and retrieves a ticket or key * for the desired client/server principals. * * @author Ram Marti * @since 1.4.2 */
class SubjectComber { private static final boolean DEBUG = Krb5Util.DEBUG;
Default constructor
/** * Default constructor */
private SubjectComber() { // Cannot create one of these } static Object find(Subject subject, String serverPrincipal, String clientPrincipal, Class credClass) { return findAux(subject, serverPrincipal, clientPrincipal, credClass, true); } static Object findMany(Subject subject, String serverPrincipal, String clientPrincipal, Class credClass) { return findAux(subject, serverPrincipal, clientPrincipal, credClass, false); }
Find the ticket or key for the specified client/server principals in the subject. Returns null if the subject is null.
Returns:the ticket or key
/** * Find the ticket or key for the specified client/server principals * in the subject. Returns null if the subject is null. * * @return the ticket or key */
private static Object findAux(Subject subject, String serverPrincipal, String clientPrincipal, Class credClass, boolean oneOnly) { if (subject == null) { return null; } else { List<Object> answer = (oneOnly ? null : new ArrayList<Object>()); if (credClass == KerberosKey.class) { // We are looking for a KerberosKey credentials for the // serverPrincipal Iterator<KerberosKey> iterator = subject.getPrivateCredentials(KerberosKey.class).iterator(); while (iterator.hasNext()) { KerberosKey key = iterator.next(); if (serverPrincipal == null || serverPrincipal.equals(key.getPrincipal().getName())) { if (DEBUG) { System.out.println("Found key for " + key.getPrincipal() + "(" + key.getKeyType() + ")"); } if (oneOnly) { return key; } else { if (serverPrincipal == null) { // Record name so that keys returned will all // belong to the same principal serverPrincipal = key.getPrincipal().getName(); } answer.add(key); } } } } else if (credClass == KerberosTicket.class) { // we are looking for a KerberosTicket credentials // for client-service principal pair Set<Object> pcs = subject.getPrivateCredentials(); synchronized (pcs) { Iterator<Object> iterator = pcs.iterator(); while (iterator.hasNext()) { Object obj = iterator.next(); if (obj instanceof KerberosTicket) { @SuppressWarnings("unchecked") KerberosTicket ticket = (KerberosTicket)obj; if (DEBUG) { System.out.println("Found ticket for " + ticket.getClient() + " to go to " + ticket.getServer() + " expiring on " + ticket.getEndTime()); } if (!ticket.isCurrent()) { // let us remove the ticket from the Subject // Note that both TGT and service ticket will be // removed upon expiration if (!subject.isReadOnly()) { iterator.remove(); try { ticket.destroy(); if (DEBUG) { System.out.println("Removed and destroyed " + "the expired Ticket \n" + ticket); } } catch (DestroyFailedException dfe) { if (DEBUG) { System.out.println("Expired ticket not" + " detroyed successfully. " + dfe); } } } } else { if (serverPrincipal == null || ticket.getServer().getName().equals(serverPrincipal)) { if (clientPrincipal == null || clientPrincipal.equals( ticket.getClient().getName())) { if (oneOnly) { return ticket; } else { // Record names so that tickets will // all belong to same principals if (clientPrincipal == null) { clientPrincipal = ticket.getClient().getName(); } if (serverPrincipal == null) { serverPrincipal = ticket.getServer().getName(); } answer.add(ticket); } } } } } } } } return answer; } } }