1. /*

  2.  * @(#)KerberosPrincipal.java	1.18 04/02/03

  3.  *

  4.  * Copyright 2004 Sun Microsystems, Inc. All rights reserved.

  5.  * SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.

  6.  */

  7.   

  8. package javax.security.auth.kerberos;

  9. 

  10. import java.io.*;

  11. import sun.security.krb5.Asn1Exception;

  12. import sun.security.krb5.KrbException;

  13. import sun.security.krb5.PrincipalName;

  14. import sun.security.krb5.Realm;

  15. import sun.security.util.*;

  16. 

  17. /**

  18.  * This class encapsulates a Kerberos principal.

  19.  *

  20.  * @author Mayank Upadhyay

  21.  * @version 1.18, 02/03/04

  22.  * @since 1.4

  23.  */

  24. 

  25. public final class KerberosPrincipal 

  26.     implements java.security.Principal, java.io.Serializable {

  27. 

  28.     private static final long serialVersionUID = -7374788026156829911L;

  29. 

  30.     //name types

  31.     

  32.     /**

  33.      * unknown name type.

  34.      */

  35. 

  36.     public static final int KRB_NT_UNKNOWN =   0;

  37.     

  38.     /**

  39.      * user principal name type.

  40.      */

  41. 

  42.     public static final int KRB_NT_PRINCIPAL = 1;

  43.     

  44.     /**

  45.      * service and other unique instance (krbtgt) name type.

  46.      */

  47.     public static final int KRB_NT_SRV_INST =  2;

  48.     

  49.     /**

  50.      * service with host name as instance (telnet, rcommands) name type.

  51.      */

  52. 

  53.     public static final int KRB_NT_SRV_HST =   3;

  54.     

  55.     /**

  56.      * service with host as remaining components name type.

  57.      */

  58. 

  59.     public static final int KRB_NT_SRV_XHST =  4;

  60.     

  61.     /**

  62.      * unique ID name type.

  63.      */

  64. 

  65.     public static final int KRB_NT_UID = 5;

  66. 

  67. 

  68.     private transient String fullName;

  69. 

  70.     private transient String realm;

  71. 

  72.     private transient int nameType;

  73. 

  74.     private static final char NAME_REALM_SEPARATOR = '@';

  75. 

  76.     /** 

  77.      * Constructs a KerberosPrincipal from the provided string input. The 

  78.      * name type for this  principal defaults to 

  79.      * {@link #KRB_NT_PRINCIPAL KRB_NT_PRINCIPAL}

  80.      * This string is assumed to contain a name in the format

  81.      * that is specified in Section 2.1.1. (Kerberos Principal Name Form) of 

  82.      * <a href=http://www.ietf.org/rfc/rfc1964.txt> RFC 1964 </a>

  83.      * (for example, <i>duke@FOO.COM</i>, where <i>duke</i>

  84.      * represents a principal, and <i>FOO.COM</i> represents a realm).

  85.      * 

  86.      * <p>If the input name does not contain a realm, the default realm

  87.      * is used. The default realm can be specified either in a Kerberos 

  88.      * configuration file or via the java.security.krb5.realm

  89.      * system property. For more information, 

  90.      * <a href="../../../../../guide/security/jgss/tutorials/index.html">

  91.      * Kerberos Requirements </a>

  92.      * 

  93.      * @param name the principal name

  94.      * @throws IllegalArgumentException if name is improperly

  95.      * formatted, if name is null, or if name does not contain 

  96.      * the realm to use and the default realm is not specified

  97.      * in either a Kerberos configuration file or via the 

  98.      * java.security.krb5.realm system property.

  99.      */

  100.     /*

  101.      * TBD:  Research what encoding would be most appropriate to use

  102.      *       when converting the String to bytes. And document that.

  103.      */

  104.     public KerberosPrincipal(String name) {

  105. 

  106. 	PrincipalName krb5Principal = null;

  107. 

  108. 	try {

  109. 	    // Appends the default realm if it is missing

  110. 	    krb5Principal = new PrincipalName(name, KRB_NT_PRINCIPAL);

  111. 	} catch (KrbException e) {

  112. 	    throw new IllegalArgumentException(e.getMessage());

  113. 	}

  114. 	nameType = KRB_NT_PRINCIPAL;  // default name type

  115. 	fullName = krb5Principal.toString();

  116. 	realm = krb5Principal.getRealmString();

  117.     }

  118. 

  119.     /** 

  120.      * Constructs a KerberosPrincipal from the provided string and

  121.      * name type input.  The string is assumed to contain a name in the

  122.      * format that is specified in Section 2.1 (Mandatory Name Forms) of

  123.      * <a href=http://www.ietf.org/rfc/rfc1964.txt>RFC 1964</a>.

  124.      * Valid name types are specified in Section 7.2 (Principal Names) of

  125.      * <a href=http://www.ietf.org/rfc/rfc1510.txt>RFC 1510</a>.

  126.      * The input name must be consistent with the provided name type.

  127.      * (for example, <i>duke@FOO.COM</i>, is a valid input string for the

  128.      * name type, KRB_NT_PRINCIPAL where <i>duke</i>

  129.      * represents a principal, and <i>FOO.COM</i> represents a realm).

  130. 

  131.      * <p> If the input name does not contain a realm, the default realm

  132.      * is used. The default realm can be specified either in a Kerberos

  133.      * configuration file or via the java.security.krb5.realm

  134.      * system property. For more information, see

  135.      * <a href="../../../../../guide/security/jgss/tutorials/index.html">

  136.      * Kerberos Requirements</a>.

  137.      * 

  138.      * @param name the principal name

  139.      * @param nameType the name type of the principal 

  140.      * @throws IllegalArgumentException if name is improperly

  141.      * formatted, if name is null, if the nameType is not supported,  

  142.      * or if name does not contain the realm to use and the default 

  143.      * realm is not specified in either a Kerberos configuration 

  144.      * file or via the java.security.krb5.realm system property.

  145.      */

  146. 

  147.     public KerberosPrincipal(String name, int nameType) {

  148. 

  149. 	PrincipalName krb5Principal = null;

  150. 

  151. 	try {

  152. 	    // Appends the default realm if it is missing

  153. 	    krb5Principal  = new PrincipalName(name,nameType);

  154. 	} catch (KrbException e) {

  155. 	    throw new IllegalArgumentException(e.getMessage());

  156. 	}

  157. 	 

  158. 	this.nameType = nameType;

  159. 	fullName = krb5Principal.toString();

  160. 	realm = krb5Principal.getRealmString();

  161.     }

  162.     /**

  163.      * Returns the realm component of this Kerberos principal.

  164.      *

  165.      * @return the realm component of this Kerberos principal.

  166.      */

  167.     public String getRealm() {

  168. 	return realm;

  169.     }

  170. 

  171.     /**

  172.      * Returns a hashcode for this principal. The hash code is defined to 

  173.      * be the result of the following  calculation:

  174.      * <pre><code>

  175.      *  hashCode = getName().hashCode();

  176.      * </code></pre>

  177.      * 

  178.      * @return a hashCode() for the <code>KerberosPrincipal</code>

  179.      */

  180.     public int hashCode() {

  181. 	return getName().hashCode();

  182.     }

  183. 

  184.     /**

  185.      * Compares the specified Object with this Principal for equality.

  186.      * Returns true if the given object is also a 

  187.      * <code>KerberosPrincipal</code> and the two

  188.      * <code>KerberosPrincipal</code> instances are equivalent. 

  189.      * More formally two <code>KerberosPrincipal</code> instances are equal 

  190.      * if the values returned by <code>getName()</code> are equal and the 

  191.      * values returned by <code>getNameType()</code> are equal.

  192.      *

  193.      * @param other the Object to compare to

  194.      * @return true if the Object passed in represents the same principal

  195.      * as this one, false otherwise.

  196.      */

  197.     public boolean equals(Object other) {

  198. 

  199. 	if (other == this)

  200. 	    return true;

  201. 

  202. 	if (! (other instanceof KerberosPrincipal)) {

  203. 	    return false;

  204. 	} else {

  205. 	    String myFullName = getName();

  206. 	    String otherFullName = ((KerberosPrincipal) other).getName();

  207. 	    if (nameType == ((KerberosPrincipal)other).nameType && 

  208. 		myFullName.equals(otherFullName)) {

  209. 		 return true;

  210. 	    }

  211. 	} 

  212. 	return false;

  213.     }

  214. 

  215.     /**

  216.      * Save the KerberosPrincipal object to a stream

  217.      *

  218.      * @serialData this <code>KerberosPrincipal</code> is serialized

  219.      *		by writing out the PrincipalName and the

  220.      *		realm in their DER-encoded form as specified in Section 5.2 of

  221.      *		<a href=http://www.ietf.org/rfc/rfc1510.txt> RFC1510</a>. 

  222.      */ 

  223. 

  224.     private synchronized void writeObject(ObjectOutputStream oos) 

  225. 	throws IOException {

  226. 

  227. 	PrincipalName krb5Principal = null;

  228. 	try {

  229. 	    krb5Principal  = new PrincipalName(fullName,nameType);

  230. 	    oos.writeObject(krb5Principal.asn1Encode());

  231. 	    oos.writeObject(krb5Principal.getRealm().asn1Encode());

  232. 	} catch (Exception e) {

  233. 	    IOException ioe = new IOException(e.getMessage());

  234. 	    ioe.initCause(e);

  235. 	    throw ioe; 

  236. 	}

  237.     }

  238. 

  239.     /**

  240.      * Reads this object from a stream (i.e., deserializes it)

  241.      */

  242. 

  243.     private synchronized void readObject(ObjectInputStream ois)

  244. 	 throws IOException, ClassNotFoundException {

  245. 	byte[] asn1EncPrincipal = (byte [])ois.readObject();

  246. 	byte[] encRealm = (byte [])ois.readObject();

  247. 	try {

  248. 	   PrincipalName krb5Principal = new PrincipalName(new 

  249. 						DerValue(asn1EncPrincipal));

  250. 	   realm = (new Realm(new DerValue(encRealm))).toString();

  251. 	   fullName = krb5Principal.toString() + NAME_REALM_SEPARATOR +

  252. 			 realm.toString(); 

  253. 	   nameType = krb5Principal.getNameType();

  254. 	} catch (Exception e) {

  255. 	    IOException ioe = new IOException(e.getMessage());

  256. 	    ioe.initCause(e);

  257. 	    throw ioe; 

  258. 	}

  259.     }	

  260. 	

  261.     /**

  262.      * The returned string corresponds to the single-string

  263.      * representation of a Kerberos Principal name as specified in

  264.      * Section 2.1 of <a href=http://www.ietf.org/rfc/rfc1964.txt>RFC 1964</a>.

  265.      *

  266.      * @return the principal name.

  267.      */

  268.     public String getName() {

  269. 	return fullName;

  270.     }

  271. 

  272.     /**

  273.      * Returns the name type of the KerberosPrincipal. Valid name types

  274.      * are specified in Section 7.2 of

  275.      * <a href=http://www.ietf.org/rfc/rfc1510.txt> RFC1510</a>. 

  276.      *

  277.      * @return the name type.

  278.      *

  279.      */

  280. 

  281.     public int getNameType() {

  282. 	return nameType;

  283.     }

  284.     

  285.     // Inherits javadocs from Object

  286.     public String toString() {

  287. 	return getName();

  288.     }

  289. }