001 /* GSSName.java -- a name interface for GSS. 002 Copyright (C) 2004 Free Software Foundation, Inc. 003 004 This file is part of GNU Classpath. 005 006 GNU Classpath is free software; you can redistribute it and/or modify 007 it under the terms of the GNU General Public License as published by 008 the Free Software Foundation; either version 2, or (at your option) 009 any later version. 010 011 GNU Classpath is distributed in the hope that it will be useful, but 012 WITHOUT ANY WARRANTY; without even the implied warranty of 013 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 014 General Public License for more details. 015 016 You should have received a copy of the GNU General Public License 017 along with GNU Classpath; see the file COPYING. If not, write to the 018 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 019 02110-1301 USA. 020 021 Linking this library statically or dynamically with other modules is 022 making a combined work based on this library. Thus, the terms and 023 conditions of the GNU General Public License cover the whole 024 combination. 025 026 As a special exception, the copyright holders of this library give you 027 permission to link this library with independent modules to produce an 028 executable, regardless of the license terms of these independent 029 modules, and to copy and distribute the resulting executable under 030 terms of your choice, provided that you also meet, for each linked 031 independent module, the terms and conditions of the license of that 032 module. An independent module is a module which is not derived from 033 or based on this library. If you modify this library, you may extend 034 this exception to your version of the library, but you are not 035 obligated to do so. If you do not wish to do so, delete this 036 exception statement from your version. 037 038 The documentation comments of this class are derived from the text 039 of RFC 2853: Generic Security Service API Version 2: Java Bindings. 040 That document is covered under the following license notice: 041 042 Copyright (C) The Internet Society (2000). All Rights Reserved. 043 044 This document and translations of it may be copied and furnished to 045 others, and derivative works that comment on or otherwise explain it 046 or assist in its implementation may be prepared, copied, published and 047 distributed, in whole or in part, without restriction of any kind, 048 provided that the above copyright notice and this paragraph are 049 included on all such copies and derivative works. However, this 050 document itself may not be modified in any way, such as by removing 051 the copyright notice or references to the Internet Society or other 052 Internet organizations, except as needed for the purpose of developing 053 Internet standards in which case the procedures for copyrights defined 054 in the Internet Standards process must be followed, or as required to 055 translate it into languages other than English. 056 057 The limited permissions granted above are perpetual and will not be 058 revoked by the Internet Society or its successors or assigns. 059 060 This document and the information contained herein is provided on an 061 "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING 062 TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT 063 NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN 064 WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF 065 MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. */ 066 067 068 package org.ietf.jgss; 069 070 /** 071 * <p>This interface encapsulates a single GSS-API principal entity. 072 * Different name formats and their definitions are identified with 073 * universal Object Identifiers (Oids). The format of the names can be 074 * derived based on the unique oid of its namespace type.</p> 075 * 076 * <h3>Example Code</h3> 077 * 078 * <pre> 079 GSSManager mgr = GSSManager.getInstance(); 080 081 // create a host based service name 082 GSSName name = mgr.createName("service@host", 083 GSSName.NT_HOSTBASED_SERVICE); 084 085 Oid krb5 = new Oid("1.2.840.113554.1.2.2"); 086 087 GSSName mechName = name.canonicalize(krb5); 088 089 // the above two steps are equivalent to the following 090 GSSName mechName = mgr.createName("service@host", 091 GSSName.NT_HOSTBASED_SERVICE, krb5); 092 093 // perform name comparison 094 if (name.equals(mechName)) 095 print("Names are equal."); 096 097 // obtain textual representation of name and its printable 098 // name type 099 print(mechName.toString() + 100 mechName.getStringNameType().toString()); 101 102 // export and re-import the name 103 byte [] exportName = mechName.export(); 104 105 // create a new name object from the exported buffer 106 GSSName newName = mgr.createName(exportName, 107 GSSName.NT_EXPORT_NAME); 108 </pre> 109 */ 110 public interface GSSName 111 { 112 113 // Constants. 114 // ------------------------------------------------------------------------- 115 116 /** 117 * <p>Name type for representing an anonymous entity. It represents the 118 * following value: <code>{ 1(iso), 3(org), 6(dod), 1(internet), 5(security), 119 * 6(nametypes), 3(gss-anonymous-name) }</code>.</p> 120 */ 121 Oid NT_ANONYMOUS = new Oid(new int[] { 1, 3, 6, 1, 5, 6, 3 }); 122 123 /** 124 * <p>Name type used to indicate an exported name produced by the export 125 * method. It represents the following value: <code>{ 1(iso), 3(org), 6(dod), 126 * 1(internet), 5(security), 6(nametypes), 4(gss-api-exported-name) 127 * }</code>.</p> 128 */ 129 Oid NT_EXPORT_NAME = new Oid(new int[] { 1, 3, 6, 1, 5, 6, 4 }); 130 131 /** 132 * <p>Oid indicating a host-based service name form. It is used to 133 * represent services associated with host computers. This name form is 134 * constructed using two elements, "service" and "hostname", as follows:</p> 135 * 136 * <blockquote><code>service@hostname</code></blockquote> 137 * 138 * <p>Values for the "service" element are registered with the IANA. It 139 * represents the following value: <code>{ 1(iso), 3(org), 6(dod), 140 * 1(internet), 5(security), 6(nametypes), 2(gss-host-based-services) 141 * }</code>.</p> 142 */ 143 Oid NT_HOSTBASED_SERVICE = new Oid(new int[] { 1, 3, 6, 1, 5, 6, 2 }); 144 145 /** 146 * <p>Name type to indicate a numeric user identifier corresponding to a 147 * user on a local system. (e.g. Uid). It represents the following 148 * value: <code>{ iso(1) member-body(2) United States(840) mit(113554) 149 * infosys(1) gssapi(2) generic(1) machine_uid_name(2) }</code>.</p> 150 */ 151 Oid NT_MACHINE_UID_NAME = new Oid(new int[] { 1, 2, 840, 113554, 1, 2, 1, 2 }); 152 153 /** 154 * <p>Name type to indicate a string of digits representing the numeric 155 * user identifier of a user on a local system. It represents the 156 * following value: <code>{ iso(1) member-body(2) United States(840) 157 * mit(113554) infosys(1) gssapi(2) generic(1) string_uid_name(3) 158 * }</code>.</p> 159 */ 160 Oid NT_STRING_UID_NAME = new Oid(new int[] { 1, 2, 840, 113554, 1, 2, 1, 3 }); 161 162 /** 163 * <p>Name type to indicate a named user on a local system. It represents 164 * the following value: <code>{ iso(1) member-body(2) United States(840) 165 * mit(113554) infosys(1) gssapi(2) generic(1) user_name(1) }</code>.</p> 166 */ 167 Oid NT_USER_NAME = new Oid(new int[] { 1, 2, 840, 113554, 1, 2, 1, 1 }); 168 169 // Instance methods. 170 // ------------------------------------------------------------------------- 171 172 /** 173 * Compares two GSSName objects to determine whether they refer to the 174 * same entity. This method may throw a {@link GSSException} when the 175 * names cannot be compared. If either of the names represents an 176 * anonymous entity, the method will return <code>false</code>. 177 * 178 * @param another GSSName object to compare with. 179 * @return True if this name equals the other, and if neither name 180 * represents an anonymous entity. 181 * @throws GSSException If the names cannot be compared. 182 */ 183 boolean equals(GSSName another) throws GSSException; 184 185 /** 186 * A variation of the {@link #equals(org.ietf.jgss.GSSName)} method that 187 * is provided to override the {@link Object#equals(java.lang.Object)} 188 * method that the implementing class will inherit. The behavior is 189 * exactly the same as that in the other equals method except that no 190 * {@link GSSException} is thrown; instead, <code>false</code> will be 191 * returned in the situation where an error occurs. (Note that the Java 192 * language specification requires that two objects that are equal 193 * according to the {@link Object#equals(java.lang.Object)} method must 194 * return the same integer when the {@link hashCode()} method is called 195 * on them. 196 * 197 * @param another GSSName object to compare with. 198 * @return True if this name equals the other, if neither name 199 * represents an anonymous entity, or if an error occurs. 200 */ 201 boolean equals(Object another); 202 203 /** 204 * Return the hashcode of this GSSName. When overriding {@link #equals}, 205 * it is normally necessary to override hashCode() as well. 206 * 207 * @return the hash code that must be the same for two names if {@link #equals} 208 * returns true. 209 */ 210 int hashCode(); 211 212 /** 213 * Creates a mechanism name (MN) from an arbitrary internal name. This 214 * is equivalent to using the factory methods {@link 215 * GSSManager#createName(java.lang.String,org.ietf.jgss.Oid,org.ietf.jgss.Oid)} 216 * or {@link 217 * GSSManager#createName(byte[],org.ietf.jgss.Oid,org.ietf.jgss.Oid)}. 218 * 219 * @param mech The oid for the mechanism for which the canonical form 220 * of the name is requested. 221 * @return The mechanism name. 222 * @throws GSSException If this operation fails. 223 */ 224 GSSName canonicalize(Oid mech) throws GSSException; 225 226 /** 227 * Returns a canonical contiguous byte representation of a mechanism 228 * name (MN), suitable for direct, byte by byte comparison by 229 * authorization functions. If the name is not an MN, implementations 230 * may throw a {@link GSSException} with the {@link GSSException#NAME_NOT_MN} 231 * status code. If an implementation chooses not to throw an exception, 232 * it should use some system specific default mechanism to canonicalize 233 * the name and then export it. The format of the header of the output 234 * buffer is specified in <a 235 * href="http://www.ietf.org/rfc/rfc2743.txt">RFC 2743</a>. 236 * 237 * @return The exported name. 238 * @throws GSSException If the name is not an MN and the implementation 239 * throws an exception for this case. 240 */ 241 byte[] export() throws GSSException; 242 243 /** 244 * Returns a textual representation of the GSSName object. To retrieve 245 * the printed name format, which determines the syntax of the returned 246 * string, the {@link #getStringNameType()} method can be used. 247 * 248 * @return The textual representation of the GSSName object. 249 */ 250 String toString(); 251 252 /** 253 * Returns the oid representing the type of name returned through the 254 * {@link #toString()} method. Using this oid, the syntax of the printable 255 * name can be determined. 256 * 257 * @return The name type. 258 * @throws GSSException If this operation fails. 259 */ 260 Oid getStringNameType() throws GSSException; 261 262 /** 263 * Tests if this name object represents an anonymous entity. Returns 264 * <code>true</code> if this is an anonymous name. 265 * 266 * @return True if this name represents an anonymous entity. 267 */ 268 boolean isAnonymous(); 269 270 /** 271 * Tests if this name object contains only one mechanism element and is 272 * thus a mechanism name as defined by <a 273 * href="http://www.ietf.org/rfc/rfc2743.txt">RFC 2743</a>. 274 * 275 * @return True if this name is a mechanism name. 276 */ 277 boolean isMN(); 278 }