/*
* Copyright (c) 2002, 2006, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package sun.security.jgss.krb5;
import javax.security.auth.kerberos.KerberosTicket;
import javax.security.auth.kerberos.KerberosKey;
import javax.security.auth.Subject;
import javax.security.auth.DestroyFailedException;
import java.util.Iterator;
import java.util.ArrayList;
import java.util.List;
import java.util.Set;
/**
* This utility looks through the current Subject and retrieves a ticket or key
* for the desired client/server principals.
*
* @author Ram Marti
* @since 1.4.2
*/
class SubjectComber {
private static final boolean DEBUG = Krb5Util.DEBUG;
/**
* Default constructor
*/
private SubjectComber() { // Cannot create one of these
}
static Object find(Subject subject, String serverPrincipal,
String clientPrincipal, Class credClass) {
return findAux(subject, serverPrincipal, clientPrincipal, credClass,
true);
}
static Object findMany(Subject subject, String serverPrincipal,
String clientPrincipal, Class credClass) {
return findAux(subject, serverPrincipal, clientPrincipal, credClass,
false);
}
/**
* Find the ticket or key for the specified client/server principals
* in the subject. Returns null if the subject is null.
*
* @return the ticket or key
*/
private static Object findAux(Subject subject, String serverPrincipal,
String clientPrincipal, Class credClass, boolean oneOnly) {
if (subject == null) {
return null;
} else {
List<Object> answer = (oneOnly ? null : new ArrayList<Object>());
if (credClass == KerberosKey.class) {
// We are looking for a KerberosKey credentials for the
// serverPrincipal
Iterator<KerberosKey> iterator =
subject.getPrivateCredentials(KerberosKey.class).iterator();
while (iterator.hasNext()) {
KerberosKey key = iterator.next();
if (serverPrincipal == null ||
serverPrincipal.equals(key.getPrincipal().getName())) {
if (DEBUG) {
System.out.println("Found key for "
+ key.getPrincipal() + "(" +
key.getKeyType() + ")");
}
if (oneOnly) {
return key;
} else {
if (serverPrincipal == null) {
// Record name so that keys returned will all
// belong to the same principal
serverPrincipal =
key.getPrincipal().getName();
}
answer.add(key);
}
}
}
} else if (credClass == KerberosTicket.class) {
// we are looking for a KerberosTicket credentials
// for client-service principal pair
Set<Object> pcs = subject.getPrivateCredentials();
synchronized (pcs) {
Iterator<Object> iterator = pcs.iterator();
while (iterator.hasNext()) {
Object obj = iterator.next();
if (obj instanceof KerberosTicket) {
KerberosTicket ticket = (KerberosTicket)obj;
if (DEBUG) {
System.out.println("Found ticket for "
+ ticket.getClient()
+ " to go to "
+ ticket.getServer()
+ " expiring on "
+ ticket.getEndTime());
}
if (!ticket.isCurrent()) {
// let us remove the ticket from the Subject
// Note that both TGT and service ticket will be
// removed upon expiration
if (!subject.isReadOnly()) {
iterator.remove();
try {
ticket.destroy();
if (DEBUG) {
System.out.println("Removed and destroyed "
+ "the expired Ticket \n"
+ ticket);
}
} catch (DestroyFailedException dfe) {
if (DEBUG) {
System.out.println("Expired ticket not" +
" detroyed successfully. " + dfe);
}
}
}
} else {
if (serverPrincipal == null ||
ticket.getServer().getName().equals(serverPrincipal)) {
if (clientPrincipal == null ||
clientPrincipal.equals(
ticket.getClient().getName())) {
if (oneOnly) {
return ticket;
} else {
// Record names so that tickets will
// all belong to same principals
if (clientPrincipal == null) {
clientPrincipal =
ticket.getClient().getName();
}
if (serverPrincipal == null) {
serverPrincipal =
ticket.getServer().getName();
}
answer.add(ticket);
}
}
}
}
}
}
}
}
return answer;
}
}
}