001/* KerberosPrincipal.java -- a kerberos principal 002 Copyright (C) 2006 Free Software Foundation, Inc. 003 004This file is part of GNU Classpath. 005 006GNU Classpath is free software; you can redistribute it and/or modify 007it under the terms of the GNU General Public License as published by 008the Free Software Foundation; either version 2, or (at your option) 009any later version. 010 011GNU Classpath is distributed in the hope that it will be useful, but 012WITHOUT ANY WARRANTY; without even the implied warranty of 013MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 014General Public License for more details. 015 016You should have received a copy of the GNU General Public License 017along with GNU Classpath; see the file COPYING. If not, write to the 018Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 01902110-1301 USA. 020 021Linking this library statically or dynamically with other modules is 022making a combined work based on this library. Thus, the terms and 023conditions of the GNU General Public License cover the whole 024combination. 025 026As a special exception, the copyright holders of this library give you 027permission to link this library with independent modules to produce an 028executable, regardless of the license terms of these independent 029modules, and to copy and distribute the resulting executable under 030terms of your choice, provided that you also meet, for each linked 031independent module, the terms and conditions of the license of that 032module. An independent module is a module which is not derived from 033or based on this library. If you modify this library, you may extend 034this exception to your version of the library, but you are not 035obligated to do so. If you do not wish to do so, delete this 036exception statement from your version. */ 037 038 039package javax.security.auth.kerberos; 040 041import gnu.classpath.NotImplementedException; 042import gnu.classpath.SystemProperties; 043 044import java.io.Serializable; 045import java.security.Principal; 046 047/** 048 * This represents a Kerberos principal. See the Kerberos 049 * authentication RFC for more information: 050 * <a href="http://www.ietf.org/rfc/rfc1510.txt">RFC 1510</a>. 051 * 052 * @since 1.4 053 */ 054public final class KerberosPrincipal 055 implements Serializable, Principal 056{ 057 // Uncomment when serialization is correct. 058 // private static final long serialVersionUID = -7374788026156829911L; 059 060 /** 061 * Constant from the RFC: "Just the name of the principal as in DCE, or 062 * for users". 063 */ 064 public static final int KRB_NT_PRINCIPAL = 1; 065 066 /** 067 * Constant from the RFC: "Service and other unique instance (krbtgt)". 068 */ 069 public static final int KRB_NT_SRV_HST = 3; 070 071 /** 072 * Constant from the RFC: "Service with host name as instance (telnet, 073 * rcommands)". 074 */ 075 public static final int KRB_NT_SRV_INST = 2; 076 077 /** 078 * Constant from the RFC: "Service with host as remaining components". 079 */ 080 public static final int KRB_NT_SRV_XHST = 4; 081 082 /** 083 * Constant from the RFC: "Unique ID". 084 */ 085 public static final int KRB_NT_UID = 5; 086 087 /** 088 * Constant from the RFC: "Name type not known". 089 */ 090 public static final int KRB_NT_UNKNOWN = 0; 091 092 private String name; 093 private int type; 094 private String realm; 095 096 /** 097 * Create a new instance with the given name and a type of 098 * {@link #KRB_NT_PRINCIPAL}. 099 * @param name the principal's name 100 */ 101 public KerberosPrincipal(String name) 102 { 103 this(name, KRB_NT_PRINCIPAL); 104 } 105 106 /** 107 * Create a new instance with the given name and type. The name is 108 * parsed according to the rules in the RFC. If there is no realm, 109 * then the local realm is used instead. 110 * 111 * @param name the principal's name 112 * @param type the principal's type 113 */ 114 public KerberosPrincipal(String name, int type) 115 // Marked as unimplemented because we don't look for the realm as needed. 116 throws NotImplementedException 117 { 118 if (type < KRB_NT_UNKNOWN || type > KRB_NT_UID) 119 throw new IllegalArgumentException("unknown type: " + type); 120 this.name = name; 121 this.type = type; 122 this.realm = parseRealm(); 123 } 124 125 private String parseRealm() 126 { 127 // Handle quoting as specified by the Kerberos RFC. 128 int i, len = name.length(); 129 boolean quoted = false; 130 for (i = 0; i < len; ++i) 131 { 132 if (quoted) 133 { 134 quoted = false; 135 continue; 136 } 137 char c = name.charAt(i); 138 if (c == '\\') 139 { 140 quoted = true; 141 continue; 142 } 143 if (c == '@') 144 break; 145 } 146 if (quoted || i == len - 1) 147 throw new IllegalArgumentException("malformed principal: " + name); 148 if (i < len) 149 { 150 // We have the realm. FIXME: verify its syntax? 151 return name.substring(i + 1); 152 } 153 // Try to find the default realm. 154 String def = SystemProperties.getProperty("java.security.krb5.realm"); 155 if (def != null) 156 return def; 157 // Now ask the system. 158 // FIXME: use java.security.krb5.conf, 159 // or $JAVA_HOME/lib/security/krb5.conf to find the krb config file. 160 // Then pass to native code using krb5_set_config_files() and 161 // krb5_get_default_realm(). But... what about /etc/krb5.conf? 162 throw new IllegalArgumentException("default realm can't be found"); 163 } 164 165 /** 166 * Return the name of this principal. 167 */ 168 public String getName() 169 { 170 return name; 171 } 172 173 /** 174 * Return the realm of this principal. 175 */ 176 public String getRealm() 177 { 178 return realm; 179 } 180 181 /** 182 * Return the type of this principal. 183 */ 184 public int getNameType() 185 { 186 return type; 187 } 188 189 public int hashCode() 190 { 191 return name.hashCode(); 192 } 193 194 public boolean equals(Object other) 195 { 196 if (! (other instanceof KerberosPrincipal)) 197 return false; 198 KerberosPrincipal kp = (KerberosPrincipal) other; 199 return name.equals(kp.name) && type == kp.type; 200 } 201 202 public String toString() 203 { 204 // This is what came to mind. 205 return name + ":" + type; 206 } 207}