I've attached my most recent version of KerberosPrincipal. I have
addressed most of the comments by Casey and Mark as well as comments
from others online.
There are still several FIXMEs in the code, but I don't think any of
them are barriers to adding the class to CVS. Most of them are details
that will be sorted out as the rest of the implementation is done and
it's possible to actually test the code.
Tks,
Jeff Bailey
/* KerberosPrincipal.java -- a single entity in the system.
Copyright (C) 2005 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301 USA.
Linking this library statically or dynamically with other modules is
making a combined work based on this library. Thus, the terms and
conditions of the GNU General Public License cover the whole
combination.
As a special exception, the copyright holders of this library give you
permission to link this library with independent modules to produce an
executable, regardless of the license terms of these independent
modules, and to copy and distribute the resulting executable under
terms of your choice, provided that you also meet, for each linked
independent module, the terms and conditions of the license of that
module. An independent module is a module which is not derived from
or based on this library. If you modify this library, you may extend
this exception to your version of the library, but you are not
obligated to do so. If you do not wish to do so, delete this
exception statement from your version. */
package javax.security.auth.kerberos;
import java.io.Serializable;
import java.security.Principal;
import java.util.StringTokenizer;
/**
* A Kerberos Principal is the name to which priviledges are associated.
* It consists of an assigned per-user or per-service name, followed
* by a realm. The realm is usually the same as the DNS domain name
* of the organisation. Principals have types, which provides more
* information about how they can be used.
* @author Jeff Bailey ([EMAIL PROTECTED])
* @since 1.4
*/
public final class KerberosPrincipal implements Principal, Serializable
{
private static final long serialVersionUID = -8308522755600156056L;
/**
* @serial The name of the principal.
*/
private final String principal;
/**
* @serial The name of the realm.
*/
private final String realm;
/**
* @serial The name type variable.
*/
private int nameType;
// Constants and Definitions from RFC 1510 Section 8.3
/**
* Name type not known.
*/
public static final int KRB_NT_UNKNOWN = 0;
/**
* Just the name of the principal as in DCE, or for users.
*/
public static final int KRB_NT_PRINCIPAL = 1;
/**
* Service and other unique instance (krbtgt).
*/
public static final int KRB_NT_SRV_INST = 2;
/**
* Service with host name as instance (telnet, rcommands).
*/
public static final int KRB_NT_SRV_HST = 3;
/**
* Service with host as remaining components.
*/
public static final int KRB_NT_SRV_XHST = 4;
/**
* Unique ID
*/
public static final int KRB_NT_UID = 5;
/**
* Default Constructor for KerberosPrincipal
*
* In this constructor we default to KRB_NT_PRINCIPAL based on
* section 7.2 of rfc1510
*
* @param name Principal
*/
public KerberosPrincipal(String name)
{
this(name, KRB_NT_PRINCIPAL);
}
/**
* Constructor with specified name type.
*
* The name needs to be broken down into principal and realm.
* Right now we're just tokenizing. The first token is the principal
* and the second one is the realm. There are FIXMEs through here
* to figure out whether or not the conforms to existing implementations.
*
* @param name Principal
* @param nameType Type.
*/
public KerberosPrincipal(String name, int nameType)
{
StringTokenizer st = new StringTokenizer(name, "@", false);
// FIXME: What do we do if multiple @'s are present?
// Does this function cope if it's handed an empty string?
// Maybe try using String.indexof('@') and String.substring()
// Also need to write Mauve tests to test crazy cases. This is
// good enough for now, though.
principal = st.nextToken();
if (st.hasMoreTokens())
realm = st.nextToken();
else
realm = "";
this.nameType = nameType;
}
/**
* Return the default realm
* The default realm is either set through the system property
* java.security.krb5.realm, located in the /etc/krb5.conf file
* or is blank.
*
* @return The default realm.
*/
private String getDefaultRealm()
{
// NOTE: It doesn't appears that there are any restrictions
// to randomly fetching this information. The Java single signon
// notes only mention SecurityManager checks for the GSSAPI
// and checks on ServicePermission.
String a = gnu.classpath.SystemProperties.getProperty("java.security.krb5.realm");
if (a != null)
return a;
// FIXME: Handle looking in krb5.conf
// Implement this when it's obvious how the rest is going to
// get implemented.
return new "";
}
/**
* Returns the value of the name type
*
* @return The Name Type.
*/
public int getNameType()
{
return nameType;
}
/**
* Returns the realm
*
* @return The assigned Kerberos Realm.
*/
public String getRealm()
{
return realm;
}
// Methods from Interface Principal
/**
* From Section 7.2 of rfc1510: When comparing names, a name of type
* UNKNOWN will match principals authenticated with names of any type.
* A principal authenticated with a name of type UNKNOWN, however, will
* only match other names of type UNKNOWN.
*/
public boolean equals(Object that)
{
if (that == this)
return true;
if (! (that instanceof KerberosPrincipal))
return false;
// The other type must be the same or UNKNOWN.
if (((KerberosPrincipal)that).getNameType() != nameType)
if (((KerberosPrincipal)that).getNameType() != KRB_NT_UNKNOWN)
return false;
// The toString output must match.
if (! toString().equals(((KerberosPrincipal)that).toString()))
return false;
// Fallthrough case, we must be the same.
return true;
}
/**
* Provide a human readable version of the principal.
*
* @return Human readable version of the principal.
*/
public String getName()
{
// Add a realm if one is present.
if (! realm.equals("") )
return new String(principal + "@" + realm);
// Otherwise return a barename.
return principal;
}
/**
* The hashcode returned is simply the hashcode of the string.
* Because the hashcode is not guaranteed to be unique for dissimilar
* strings, this works. There is an unfortunate collision in the
* unlikely event of an identical principal name with a different
* type, but equals catches that.
*/
public int hashCode()
{
return getName().hashCode();
}
/**
* This is implmented the same as getName for now.
*
* @return Human readable version of the Kerberos Principal.
*/
// FIXME - Do comparison against real Sun JDK for this.
// The O'Reilly docs don't cover the output format of this function.
public String toString()
{
return getName();
}
}
_______________________________________________
Classpath-patches mailing list
Classpath-patches@gnu.org
http://lists.gnu.org/mailman/listinfo/classpath-patches
