001 /**
002 * Licensed to the Apache Software Foundation (ASF) under one or more
003 * contributor license agreements. See the NOTICE file distributed with
004 * this work for additional information regarding copyright ownership.
005 * The ASF licenses this file to You under the Apache License, Version 2.0
006 * (the "License"); you may not use this file except in compliance with
007 * the License. You may obtain a copy of the License at
008 *
009 * http://www.apache.org/licenses/LICENSE-2.0
010 *
011 * Unless required by applicable law or agreed to in writing, software
012 * distributed under the License is distributed on an "AS IS" BASIS,
013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014 * See the License for the specific language governing permissions and
015 * limitations under the License.
016 */
017 package org.apache.geronimo.corba.security.config.css;
018
019 import java.security.Principal;
020 import java.util.Iterator;
021 import java.util.Set;
022 import javax.security.auth.Subject;
023
024 import org.apache.geronimo.security.ContextManager;
025 import org.apache.geronimo.security.DomainPrincipal;
026 import org.apache.geronimo.security.PrimaryDomainPrincipal;
027 import org.apache.geronimo.security.PrimaryRealmPrincipal;
028 import org.apache.geronimo.security.RealmPrincipal;
029 import org.omg.CORBA.Any;
030 import org.omg.CSI.GSS_NT_ExportedNameHelper;
031 import org.omg.CSI.IdentityToken;
032 import org.omg.GSSUP.GSSUPMechOID;
033 import org.omg.IOP.CodecPackage.InvalidTypeForEncoding;
034 import org.apache.geronimo.corba.util.Util;
035
036
037 /**
038 * @version $Revision: 503493 $ $Date: 2007-02-04 13:47:55 -0800 (Sun, 04 Feb 2007) $
039 */
040 public class CSSSASITTPrincipalNameDynamic implements CSSSASIdentityToken {
041
042 private final String oid;
043 private final Class principalClass;
044 private final String domain;
045 private final String realm;
046
047 // public CSSSASITTPrincipalNameDynamic(String domain) {
048 // this(GSSUPMechOID.value.substring(4), domain);
049 // }
050
051 public CSSSASITTPrincipalNameDynamic(String oid, Class principalClass, String domain, String realm) {
052 this.oid = (oid == null ? GSSUPMechOID.value.substring(4) : oid);
053 this.principalClass = principalClass;
054 this.domain = domain;
055 this.realm = realm;
056 }
057
058 /**
059 * TODO should also use login domains?
060 * @return IdentityToken
061 */
062 public IdentityToken encodeIdentityToken() {
063
064 IdentityToken token = null;
065 Subject subject = ContextManager.getNextCaller();
066 String principalName = null;
067 if (subject == null) {
068 // Set principals = Collections.EMPTY_SET;
069 } else if (realm != null) {
070 Set principals = subject.getPrincipals(RealmPrincipal.class);
071 for (Iterator iter = principals.iterator(); iter.hasNext();) {
072 RealmPrincipal p = (RealmPrincipal) iter.next();
073 if (p.getRealm().equals(realm) && p.getLoginDomain().equals(domain) && p.getPrincipal().getClass().equals(principalClass)) {
074 principalName = p.getPrincipal().getName();
075 if (p instanceof PrimaryRealmPrincipal) break;
076 }
077 }
078 } else if (domain != null) {
079 Set principals = subject.getPrincipals(DomainPrincipal.class);
080 for (Iterator iter = principals.iterator(); iter.hasNext();) {
081 DomainPrincipal p = (DomainPrincipal) iter.next();
082 if (p.getDomain().equals(domain) && p.getPrincipal().getClass().equals(principalClass)) {
083 principalName = p.getPrincipal().getName();
084 if (p instanceof PrimaryDomainPrincipal) break;
085 }
086 }
087 } else {
088 Set principals = subject.getPrincipals(principalClass);
089 if (!principals.isEmpty()) {
090 Principal principal = (Principal) principals.iterator().next();
091 principalName = principal.getName();
092
093 }
094 }
095
096 if (principalName != null) {
097
098 Any any = Util.getORB().create_any();
099
100 //TODO consider including a domain in this scoped-username
101 GSS_NT_ExportedNameHelper.insert(any, Util.encodeGSSExportName(oid, principalName));
102
103 byte[] encoding = null;
104 try {
105 encoding = Util.getCodec().encode_value(any);
106 } catch (InvalidTypeForEncoding itfe) {
107 throw new IllegalStateException("Unable to encode principal name '" + principalName + "' " + itfe, itfe);
108 }
109
110 token = new IdentityToken();
111 token.principal_name(encoding);
112 } else {
113 token = new IdentityToken();
114 token.anonymous(true);
115 }
116
117 return token;
118 }
119
120 public String toString() {
121 StringBuffer buf = new StringBuffer();
122 toString("", buf);
123 return buf.toString();
124 }
125
126 public void toString(String spaces, StringBuffer buf) {
127 String moreSpaces = spaces + " ";
128 buf.append(spaces).append("CSSSASITTPrincipalNameDynamic: [\n");
129 buf.append(moreSpaces).append("oid: ").append(oid).append("\n");
130 buf.append(moreSpaces).append("principalClass: ").append(principalClass).append("\n");
131 buf.append(moreSpaces).append("domain: ").append(domain).append("\n");
132 buf.append(moreSpaces).append("realm: ").append(realm).append("\n");
133 buf.append(spaces).append("]\n");
134 }
135
136 }