/*
* Copyright (c) 2009, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package sun.security.ssl;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.Permission;
import java.security.Principal;
import java.security.PrivilegedAction;
import javax.crypto.SecretKey;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginException;
A helper class for Kerberos APIs.
/**
* A helper class for Kerberos APIs.
*/
public final class Krb5Helper {
private Krb5Helper() { }
// loads Krb5Proxy implementation class if available
private static final String IMPL_CLASS =
"sun.security.ssl.krb5.Krb5ProxyImpl";
private static final Krb5Proxy proxy =
AccessController.doPrivileged(new PrivilegedAction<Krb5Proxy>() {
@Override
public Krb5Proxy run() {
try {
Class<?> c = Class.forName(IMPL_CLASS, true, null);
return (Krb5Proxy)c.newInstance();
} catch (ClassNotFoundException cnf) {
return null;
} catch (InstantiationException e) {
throw new AssertionError(e);
} catch (IllegalAccessException e) {
throw new AssertionError(e);
}
}});
private static void ensureAvailable() {
if (proxy == null)
throw new AssertionError("Kerberos should be available");
}
Returns the Subject associated with client-side of the SSL socket.
/**
* Returns the Subject associated with client-side of the SSL socket.
*/
public static Subject getClientSubject(AccessControlContext acc)
throws LoginException {
ensureAvailable();
return proxy.getClientSubject(acc);
}
Returns the Subject associated with server-side of the SSL socket.
/**
* Returns the Subject associated with server-side of the SSL socket.
*/
public static Subject getServerSubject(AccessControlContext acc)
throws LoginException {
ensureAvailable();
return proxy.getServerSubject(acc);
}
Returns the KerberosKeys for the default server-side principal.
/**
* Returns the KerberosKeys for the default server-side principal.
*/
public static Object getServiceCreds(AccessControlContext acc)
throws LoginException {
ensureAvailable();
return proxy.getServiceCreds(acc);
}
Returns the server-side principal name associated with the KerberosKey.
/**
* Returns the server-side principal name associated with the KerberosKey.
*/
public static String getServerPrincipalName(Object serviceCreds) {
ensureAvailable();
return proxy.getServerPrincipalName(serviceCreds);
}
Returns the hostname embedded in the principal name.
/**
* Returns the hostname embedded in the principal name.
*/
public static String getPrincipalHostName(Principal principal) {
ensureAvailable();
return proxy.getPrincipalHostName(principal);
}
Returns a ServicePermission for the principal name and action.
/**
* Returns a ServicePermission for the principal name and action.
*/
public static Permission getServicePermission(String principalName,
String action) {
ensureAvailable();
return proxy.getServicePermission(principalName, action);
}
Determines if the Subject might contain creds for princ.
/**
* Determines if the Subject might contain creds for princ.
*/
public static boolean isRelated(Subject subject, Principal princ) {
ensureAvailable();
return proxy.isRelated(subject, princ);
}
}