001 /** 002 * Licensed to the Apache Software Foundation (ASF) under one or more 003 * contributor license agreements. See the NOTICE file distributed with 004 * this work for additional information regarding copyright ownership. 005 * The ASF licenses this file to You under the Apache License, Version 2.0 006 * (the "License"); you may not use this file except in compliance with 007 * the License. You may obtain a copy of the License at 008 * 009 * http://www.apache.org/licenses/LICENSE-2.0 010 * 011 * Unless required by applicable law or agreed to in writing, software 012 * distributed under the License is distributed on an "AS IS" BASIS, 013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 014 * See the License for the specific language governing permissions and 015 * limitations under the License. 016 */ 017 package org.apache.geronimo.corba.security.config.css; 018 019 import java.security.Principal; 020 import java.util.Iterator; 021 import java.util.Set; 022 import javax.security.auth.Subject; 023 024 import org.apache.geronimo.security.ContextManager; 025 import org.apache.geronimo.security.DomainPrincipal; 026 import org.apache.geronimo.security.PrimaryDomainPrincipal; 027 import org.apache.geronimo.security.PrimaryRealmPrincipal; 028 import org.apache.geronimo.security.RealmPrincipal; 029 import org.omg.CORBA.Any; 030 import org.omg.CSI.GSS_NT_ExportedNameHelper; 031 import org.omg.CSI.IdentityToken; 032 import org.omg.GSSUP.GSSUPMechOID; 033 import org.omg.IOP.CodecPackage.InvalidTypeForEncoding; 034 import org.apache.geronimo.corba.util.Util; 035 036 037 /** 038 * @version $Revision: 503493 $ $Date: 2007-02-04 13:47:55 -0800 (Sun, 04 Feb 2007) $ 039 */ 040 public class CSSSASITTPrincipalNameDynamic implements CSSSASIdentityToken { 041 042 private final String oid; 043 private final Class principalClass; 044 private final String domain; 045 private final String realm; 046 047 // public CSSSASITTPrincipalNameDynamic(String domain) { 048 // this(GSSUPMechOID.value.substring(4), domain); 049 // } 050 051 public CSSSASITTPrincipalNameDynamic(String oid, Class principalClass, String domain, String realm) { 052 this.oid = (oid == null ? GSSUPMechOID.value.substring(4) : oid); 053 this.principalClass = principalClass; 054 this.domain = domain; 055 this.realm = realm; 056 } 057 058 /** 059 * TODO should also use login domains? 060 * @return IdentityToken 061 */ 062 public IdentityToken encodeIdentityToken() { 063 064 IdentityToken token = null; 065 Subject subject = ContextManager.getNextCaller(); 066 String principalName = null; 067 if (subject == null) { 068 // Set principals = Collections.EMPTY_SET; 069 } else if (realm != null) { 070 Set principals = subject.getPrincipals(RealmPrincipal.class); 071 for (Iterator iter = principals.iterator(); iter.hasNext();) { 072 RealmPrincipal p = (RealmPrincipal) iter.next(); 073 if (p.getRealm().equals(realm) && p.getLoginDomain().equals(domain) && p.getPrincipal().getClass().equals(principalClass)) { 074 principalName = p.getPrincipal().getName(); 075 if (p instanceof PrimaryRealmPrincipal) break; 076 } 077 } 078 } else if (domain != null) { 079 Set principals = subject.getPrincipals(DomainPrincipal.class); 080 for (Iterator iter = principals.iterator(); iter.hasNext();) { 081 DomainPrincipal p = (DomainPrincipal) iter.next(); 082 if (p.getDomain().equals(domain) && p.getPrincipal().getClass().equals(principalClass)) { 083 principalName = p.getPrincipal().getName(); 084 if (p instanceof PrimaryDomainPrincipal) break; 085 } 086 } 087 } else { 088 Set principals = subject.getPrincipals(principalClass); 089 if (!principals.isEmpty()) { 090 Principal principal = (Principal) principals.iterator().next(); 091 principalName = principal.getName(); 092 093 } 094 } 095 096 if (principalName != null) { 097 098 Any any = Util.getORB().create_any(); 099 100 //TODO consider including a domain in this scoped-username 101 GSS_NT_ExportedNameHelper.insert(any, Util.encodeGSSExportName(oid, principalName)); 102 103 byte[] encoding = null; 104 try { 105 encoding = Util.getCodec().encode_value(any); 106 } catch (InvalidTypeForEncoding itfe) { 107 throw new IllegalStateException("Unable to encode principal name '" + principalName + "' " + itfe, itfe); 108 } 109 110 token = new IdentityToken(); 111 token.principal_name(encoding); 112 } else { 113 token = new IdentityToken(); 114 token.anonymous(true); 115 } 116 117 return token; 118 } 119 120 public String toString() { 121 StringBuffer buf = new StringBuffer(); 122 toString("", buf); 123 return buf.toString(); 124 } 125 126 public void toString(String spaces, StringBuffer buf) { 127 String moreSpaces = spaces + " "; 128 buf.append(spaces).append("CSSSASITTPrincipalNameDynamic: [\n"); 129 buf.append(moreSpaces).append("oid: ").append(oid).append("\n"); 130 buf.append(moreSpaces).append("principalClass: ").append(principalClass).append("\n"); 131 buf.append(moreSpaces).append("domain: ").append(domain).append("\n"); 132 buf.append(moreSpaces).append("realm: ").append(realm).append("\n"); 133 buf.append(spaces).append("]\n"); 134 } 135 136 }