1. /*

  2.  * @(#)KerberosPrincipal.java	1.15 03/01/23

  3.  *

  4.  * Copyright 2003 Sun Microsystems, Inc. All rights reserved.

  5.  * SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.

  6.  */

  7.   

  8. package javax.security.auth.kerberos;

  9. 

  10. import java.io.*;

  11. import sun.security.krb5.Asn1Exception;

  12. import sun.security.krb5.KrbException;

  13. import sun.security.krb5.PrincipalName;

  14. import sun.security.krb5.Realm;

  15. import sun.security.util.*;

  16. 

  17. /**

  18.  * This class encapsulates a Kerberos principal.

  19.  *

  20.  * @author Mayank Upadhyay

  21.  * @version 1.15, 01/23/03

  22.  * @since 1.4

  23.  */

  24. 

  25. public final class KerberosPrincipal 

  26.     implements java.security.Principal, java.io.Serializable {

  27. 

  28.     //name types

  29.     

  30.     /**

  31.      * unknown name type

  32.      */

  33. 

  34.     public static final int KRB_NT_UNKNOWN =   0;

  35.     

  36.     /**

  37.      * user principal name type

  38.      */

  39. 

  40.     public static final int KRB_NT_PRINCIPAL = 1;

  41.     

  42.     /**

  43.      * service and other unique instance (krbtgt) name type

  44.      */

  45.     public static final int KRB_NT_SRV_INST =  2;

  46.     

  47.     /**

  48.      * service with host name as instance (telnet, rcommands) name type

  49.      */

  50. 

  51.     public static final int KRB_NT_SRV_HST =   3;

  52.     

  53.     /**

  54.      * service with host as remaining components name type

  55.      */

  56. 

  57.     public static final int KRB_NT_SRV_XHST =  4;

  58.     

  59.     /**

  60.      * unique ID name type

  61.      */

  62. 

  63.     public static final int KRB_NT_UID = 5;

  64. 

  65. 

  66.     private transient String fullName;

  67. 

  68.     private transient String realm;

  69. 

  70.     private transient int nameType;

  71. 

  72.     private static final char NAME_REALM_SEPARATOR = '@';

  73. 

  74.     /** 

  75.      * Constructs a KerberosPrincipal from the provided string input. The 

  76.      * name type for this  principal defaults to 

  77.      * {@link #KRB_NT_PRINCIPAL KRB_NT_PRINCIPAL}

  78.      * This string is assumed to contain a name in the format

  79.      * that is specified in Section 2.1.1. (Kerberos Principal Name Form) of 

  80.      * <a href=http://www.ietf.org/rfc/rfc1964.txt> RFC 1964 </a>

  81.      * (for example, <i>duke@FOO.COM</i>, where <i>duke</i>

  82.      * represents a principal, and <i>FOO.COM</i> represents a realm).

  83.      * 

  84.      * <p>If the input name does not contain a realm, the default realm

  85.      * is used. The default realm can be specified either in a Kerberos 

  86.      * configuration file or via the java.security.krb5.realm

  87.      * system property. For more information, 

  88.      * <a href="../../../../../guide/security/jgss/tutorials/index.html">

  89.      * Kerberos Requirements </a>

  90.      * 

  91.      * @param name the principal name

  92.      * @throws IllegalArgumentException if name is improperly

  93.      * formatted, if name is null, or if name does not contain 

  94.      * the realm to use and the default realm is not specified

  95.      * in either a Kerberos configuration file or via the 

  96.      * java.security.krb5.realm system property.

  97.      */

  98.     /*

  99.      * TBD:  Research what encoding would be most appropriate to use

  100.      *       when converting the String to bytes. And document that.

  101.      */

  102.     public KerberosPrincipal(String name) {

  103. 

  104. 	PrincipalName krb5Principal = null;

  105. 

  106. 	try {

  107. 	    // Appends the default realm if it is missing

  108. 	    krb5Principal = new PrincipalName(name, KRB_NT_PRINCIPAL);

  109. 	} catch (KrbException e) {

  110. 	    throw new IllegalArgumentException(e.getMessage());

  111. 	}

  112. 	nameType = KRB_NT_PRINCIPAL;  // default name type

  113. 	fullName = krb5Principal.toString();

  114. 	realm = krb5Principal.getRealmString();

  115.     }

  116. 

  117.     /** 

  118.      * Constructs a KerberosPrincipal from the provided string and

  119.      * name type input.  The string is assumed to contain a name in the

  120.      * format that is specified in Section 2.1 (Mandatory Name Forms) of

  121.      * <a href=http://www.ietf.org/rfc/rfc1964.txt>RFC 1964</a>.

  122.      * Valid name types are specified in Section 7.2 (Principal Names) of

  123.      * <a href=http://www.ietf.org/rfc/rfc1510.txt>RFC 1510</a>.

  124.      * The input name must be consistent with the provided name type.

  125.      * (for example, <i>duke@FOO.COM</i>, is a valid input string for the

  126.      * name type, KRB_NT_PRINCIPAL where <i>duke</i>

  127.      * represents a principal, and <i>FOO.COM</i> represents a realm).

  128. 

  129.      * <p> If the input name does not contain a realm, the default realm

  130.      * is used. The default realm can be specified either in a Kerberos

  131.      * configuration file or via the java.security.krb5.realm

  132.      * system property. For more information, see

  133.      * <a href="../../../../../guide/security/jgss/tutorials/index.html">

  134.      * Kerberos Requirements</a>.

  135.      * 

  136.      * @param name the principal name

  137.      * @param nameType the name type of the principal 

  138.      * @throws IllegalArgumentException if name is improperly

  139.      * formatted, if name is null, if the nameType is not supported,  

  140.      * or if name does not contain the realm to use and the default 

  141.      * realm is not specified in either a Kerberos configuration 

  142.      * file or via the java.security.krb5.realm system property.

  143.      */

  144. 

  145.     public KerberosPrincipal(String name, int nameType) {

  146. 

  147. 	PrincipalName krb5Principal = null;

  148. 

  149. 	try {

  150. 	    // Appends the default realm if it is missing

  151. 	    krb5Principal  = new PrincipalName(name,nameType);

  152. 	} catch (KrbException e) {

  153. 	    throw new IllegalArgumentException(e.getMessage());

  154. 	}

  155. 	 

  156. 	this.nameType = nameType;

  157. 	fullName = krb5Principal.toString();

  158. 	realm = krb5Principal.getRealmString();

  159.     }

  160.     /**

  161.      * Returns the realm component of this Kerberos principal.

  162.      *

  163.      * @return the realm component of this Kerberos principal.

  164.      */

  165.     public String getRealm() {

  166. 	return realm;

  167.     }

  168. 

  169.     /**

  170.      * Returns a hashcode for this principal. The hash code is defined to 

  171.      * be the result of the following  calculation:

  172.      * <pre><code>

  173.      *  hashCode = getName().hashCode();

  174.      * </code></pre>

  175.      * 

  176.      * @return a hashCode() for the <code>KerberosPrincipal</code>

  177.      */

  178.     public int hashCode() {

  179. 	return getName().hashCode();

  180.     }

  181. 

  182.     /**

  183.      * Compares the specified Object with this Principal for equality.

  184.      * Returns true if the given object is also a 

  185.      * <code>KerberosPrincipal</code> and the two

  186.      * <code>KerberosPrincipal</code> instances are equivalent. 

  187.      * More formally two <code>KerberosPrincipal</code> instances are equal 

  188.      * if the values returned by <code>getName()</code> are equal and the 

  189.      * values returned by <code>getNameType()</code> are equal.

  190.      *

  191.      * @param other the Object to compare to

  192.      * @return true if the Object passed in represents the same principal

  193.      * as this one, false otherwise.

  194.      */

  195.     public boolean equals(Object other) {

  196. 

  197. 	if (other == this)

  198. 	    return true;

  199. 

  200. 	if (! (other instanceof KerberosPrincipal)) {

  201. 	    return false;

  202. 	} else {

  203. 	    String myFullName = getName();

  204. 	    String otherFullName = ((KerberosPrincipal) other).getName();

  205. 	    if (nameType == ((KerberosPrincipal)other).nameType && 

  206. 		myFullName.equals(otherFullName)) {

  207. 		 return true;

  208. 	    }

  209. 	} 

  210. 	return false;

  211.     }

  212. 

  213.     /**

  214.      * Save the KerberosPrincipal object to a stream

  215.      *

  216.      * @serialData this <code>KerberosPrincipal</code> is serialized

  217.      *		by writing out the PrincipalName and the

  218.      *		realm in their DER-encoded form as specified in Section 5.2 of

  219.      *		<a href=http://www.ietf.org/rfc/rfc1510.txt> RFC1510</a>. 

  220.      */ 

  221. 

  222.     private synchronized void writeObject(ObjectOutputStream oos) 

  223. 	throws IOException {

  224. 

  225. 	PrincipalName krb5Principal = null;

  226. 	try {

  227. 	    krb5Principal  = new PrincipalName(fullName,nameType);

  228. 	    oos.writeObject(krb5Principal.asn1Encode());

  229. 	    oos.writeObject(krb5Principal.getRealm().asn1Encode());

  230. 	} catch (Exception e) {

  231. 	    IOException ioe = new IOException(e.getMessage());

  232. 	    ioe.initCause(e);

  233. 	    throw ioe; 

  234. 	}

  235.     }

  236. 

  237.     /**

  238.      * Reads this object from a stream (i.e., deserializes it)

  239.      */

  240. 

  241.     private synchronized void readObject(ObjectInputStream ois)

  242. 	 throws IOException, ClassNotFoundException {

  243. 	byte[] asn1EncPrincipal = (byte [])ois.readObject();

  244. 	byte[] encRealm = (byte [])ois.readObject();

  245. 	try {

  246. 	   PrincipalName krb5Principal = new PrincipalName(new 

  247. 						DerValue(asn1EncPrincipal));

  248. 	   realm = (new Realm(new DerValue(encRealm))).toString();

  249. 	   fullName = krb5Principal.toString() + NAME_REALM_SEPARATOR +

  250. 			 realm.toString(); 

  251. 	   nameType = krb5Principal.getNameType();

  252. 	} catch (Exception e) {

  253. 	    IOException ioe = new IOException(e.getMessage());

  254. 	    ioe.initCause(e);

  255. 	    throw ioe; 

  256. 	}

  257.     }	

  258. 	

  259.     /**

  260.      * The returned string corresponds to the single-string

  261.      * representation of a Kerberos Principal name as specified in

  262.      * Section 2.1 of <a href=http://www.ietf.org/rfc/rfc1964.txt>RFC 1964</a>.

  263.      *

  264.      * @return the principal name.

  265.      */

  266.     public String getName() {

  267. 	return fullName;

  268.     }

  269. 

  270.     /**

  271.      * Returns the name type of the KerberosPrincipal. Valid name types

  272.      * are specified in Section 7.2 of

  273.      * <a href=http://www.ietf.org/rfc/rfc1510.txt> RFC1510</a>. 

  274.      *

  275.      * @return the name type.

  276.      *

  277.      */

  278. 

  279.     public int getNameType() {

  280. 	return nameType;

  281.     }

  282.     

  283.     // Inherits javadocs from Object

  284.     public String toString() {

  285. 	return getName();

  286.     }

  287. }