FileDocCategorySizeDatePackage
KerberosPrincipal.javaAPI DocJava SE 5 API9171Fri Aug 26 14:57:48 BST 2005javax.security.auth.kerberos

KerberosPrincipal.java

/*
 * @(#)KerberosPrincipal.java	1.18 04/02/03
 *
 * Copyright 2004 Sun Microsystems, Inc. All rights reserved.
 * SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
 */
  
package javax.security.auth.kerberos;

import java.io.*;
import sun.security.krb5.Asn1Exception;
import sun.security.krb5.KrbException;
import sun.security.krb5.PrincipalName;
import sun.security.krb5.Realm;
import sun.security.util.*;

/**
 * This class encapsulates a Kerberos principal.
 *
 * @author Mayank Upadhyay
 * @version 1.18, 02/03/04
 * @since 1.4
 */

public final class KerberosPrincipal 
    implements java.security.Principal, java.io.Serializable {

    private static final long serialVersionUID = -7374788026156829911L;

    //name types
    
    /**
     * unknown name type.
     */

    public static final int KRB_NT_UNKNOWN =   0;
    
    /**
     * user principal name type.
     */

    public static final int KRB_NT_PRINCIPAL = 1;
    
    /**
     * service and other unique instance (krbtgt) name type.
     */
    public static final int KRB_NT_SRV_INST =  2;
    
    /**
     * service with host name as instance (telnet, rcommands) name type.
     */

    public static final int KRB_NT_SRV_HST =   3;
    
    /**
     * service with host as remaining components name type.
     */

    public static final int KRB_NT_SRV_XHST =  4;
    
    /**
     * unique ID name type.
     */

    public static final int KRB_NT_UID = 5;


    private transient String fullName;

    private transient String realm;

    private transient int nameType;

    private static final char NAME_REALM_SEPARATOR = '@';

    /** 
     * Constructs a KerberosPrincipal from the provided string input. The 
     * name type for this  principal defaults to 
     * {@link #KRB_NT_PRINCIPAL KRB_NT_PRINCIPAL}
     * This string is assumed to contain a name in the format
     * that is specified in Section 2.1.1. (Kerberos Principal Name Form) of 
     * <a href=http://www.ietf.org/rfc/rfc1964.txt> RFC 1964 </a>
     * (for example, <i>duke@FOO.COM</i>, where <i>duke</i>
     * represents a principal, and <i>FOO.COM</i> represents a realm).
     * 
     * <p>If the input name does not contain a realm, the default realm
     * is used. The default realm can be specified either in a Kerberos 
     * configuration file or via the java.security.krb5.realm
     * system property. For more information, 
     * <a href="../../../../../guide/security/jgss/tutorials/index.html">
     * Kerberos Requirements </a>
     * 
     * @param name the principal name
     * @throws IllegalArgumentException if name is improperly
     * formatted, if name is null, or if name does not contain 
     * the realm to use and the default realm is not specified
     * in either a Kerberos configuration file or via the 
     * java.security.krb5.realm system property.
     */
    /*
     * TBD:  Research what encoding would be most appropriate to use
     *       when converting the String to bytes. And document that.
     */
    public KerberosPrincipal(String name) {

	PrincipalName krb5Principal = null;

	try {
	    // Appends the default realm if it is missing
	    krb5Principal = new PrincipalName(name, KRB_NT_PRINCIPAL);
	} catch (KrbException e) {
	    throw new IllegalArgumentException(e.getMessage());
	}
	nameType = KRB_NT_PRINCIPAL;  // default name type
	fullName = krb5Principal.toString();
	realm = krb5Principal.getRealmString();
    }

    /** 
     * Constructs a KerberosPrincipal from the provided string and
     * name type input.  The string is assumed to contain a name in the
     * format that is specified in Section 2.1 (Mandatory Name Forms) of
     * <a href=http://www.ietf.org/rfc/rfc1964.txt>RFC 1964</a>.
     * Valid name types are specified in Section 7.2 (Principal Names) of
     * <a href=http://www.ietf.org/rfc/rfc1510.txt>RFC 1510</a>.
     * The input name must be consistent with the provided name type.
     * (for example, <i>duke@FOO.COM</i>, is a valid input string for the
     * name type, KRB_NT_PRINCIPAL where <i>duke</i>
     * represents a principal, and <i>FOO.COM</i> represents a realm).

     * <p> If the input name does not contain a realm, the default realm
     * is used. The default realm can be specified either in a Kerberos
     * configuration file or via the java.security.krb5.realm
     * system property. For more information, see
     * <a href="../../../../../guide/security/jgss/tutorials/index.html">
     * Kerberos Requirements</a>.
     * 
     * @param name the principal name
     * @param nameType the name type of the principal 
     * @throws IllegalArgumentException if name is improperly
     * formatted, if name is null, if the nameType is not supported,  
     * or if name does not contain the realm to use and the default 
     * realm is not specified in either a Kerberos configuration 
     * file or via the java.security.krb5.realm system property.
     */

    public KerberosPrincipal(String name, int nameType) {

	PrincipalName krb5Principal = null;

	try {
	    // Appends the default realm if it is missing
	    krb5Principal  = new PrincipalName(name,nameType);
	} catch (KrbException e) {
	    throw new IllegalArgumentException(e.getMessage());
	}
	 
	this.nameType = nameType;
	fullName = krb5Principal.toString();
	realm = krb5Principal.getRealmString();
    }
    /**
     * Returns the realm component of this Kerberos principal.
     *
     * @return the realm component of this Kerberos principal.
     */
    public String getRealm() {
	return realm;
    }

    /**
     * Returns a hashcode for this principal. The hash code is defined to 
     * be the result of the following  calculation:
     * <pre><code>
     *  hashCode = getName().hashCode();
     * </code></pre>
     * 
     * @return a hashCode() for the <code>KerberosPrincipal</code>
     */
    public int hashCode() {
	return getName().hashCode();
    }

    /**
     * Compares the specified Object with this Principal for equality.
     * Returns true if the given object is also a 
     * <code>KerberosPrincipal</code> and the two
     * <code>KerberosPrincipal</code> instances are equivalent. 
     * More formally two <code>KerberosPrincipal</code> instances are equal 
     * if the values returned by <code>getName()</code> are equal and the 
     * values returned by <code>getNameType()</code> are equal.
     *
     * @param other the Object to compare to
     * @return true if the Object passed in represents the same principal
     * as this one, false otherwise.
     */
    public boolean equals(Object other) {

	if (other == this)
	    return true;

	if (! (other instanceof KerberosPrincipal)) {
	    return false;
	} else {
	    String myFullName = getName();
	    String otherFullName = ((KerberosPrincipal) other).getName();
	    if (nameType == ((KerberosPrincipal)other).nameType && 
		myFullName.equals(otherFullName)) {
		 return true;
	    }
	} 
	return false;
    }

    /**
     * Save the KerberosPrincipal object to a stream
     *
     * @serialData this <code>KerberosPrincipal</code> is serialized
     *		by writing out the PrincipalName and the
     *		realm in their DER-encoded form as specified in Section 5.2 of
     *		<a href=http://www.ietf.org/rfc/rfc1510.txt> RFC1510</a>. 
     */ 

    private synchronized void writeObject(ObjectOutputStream oos) 
	throws IOException {

	PrincipalName krb5Principal = null;
	try {
	    krb5Principal  = new PrincipalName(fullName,nameType);
	    oos.writeObject(krb5Principal.asn1Encode());
	    oos.writeObject(krb5Principal.getRealm().asn1Encode());
	} catch (Exception e) {
	    IOException ioe = new IOException(e.getMessage());
	    ioe.initCause(e);
	    throw ioe; 
	}
    }

    /**
     * Reads this object from a stream (i.e., deserializes it)
     */

    private synchronized void readObject(ObjectInputStream ois)
	 throws IOException, ClassNotFoundException {
	byte[] asn1EncPrincipal = (byte [])ois.readObject();
	byte[] encRealm = (byte [])ois.readObject();
	try {
	   PrincipalName krb5Principal = new PrincipalName(new 
						DerValue(asn1EncPrincipal));
	   realm = (new Realm(new DerValue(encRealm))).toString();
	   fullName = krb5Principal.toString() + NAME_REALM_SEPARATOR +
			 realm.toString(); 
	   nameType = krb5Principal.getNameType();
	} catch (Exception e) {
	    IOException ioe = new IOException(e.getMessage());
	    ioe.initCause(e);
	    throw ioe; 
	}
    }	
	
    /**
     * The returned string corresponds to the single-string
     * representation of a Kerberos Principal name as specified in
     * Section 2.1 of <a href=http://www.ietf.org/rfc/rfc1964.txt>RFC 1964</a>.
     *
     * @return the principal name.
     */
    public String getName() {
	return fullName;
    }

    /**
     * Returns the name type of the KerberosPrincipal. Valid name types
     * are specified in Section 7.2 of
     * <a href=http://www.ietf.org/rfc/rfc1510.txt> RFC1510</a>. 
     *
     * @return the name type.
     *
     */

    public int getNameType() {
	return nameType;
    }
    
    // Inherits javadocs from Object
    public String toString() {
	return getName();
    }
}