001    /* ServicePermission.java -- kerberos service permission
002       Copyright (C) 2006 Free Software Foundation, Inc.
003    
004    This file is part of GNU Classpath.
005    
006    GNU Classpath is free software; you can redistribute it and/or modify
007    it under the terms of the GNU General Public License as published by
008    the Free Software Foundation; either version 2, or (at your option)
009    any later version.
010    
011    GNU Classpath is distributed in the hope that it will be useful, but
012    WITHOUT ANY WARRANTY; without even the implied warranty of
013    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
014    General Public License for more details.
015    
016    You should have received a copy of the GNU General Public License
017    along with GNU Classpath; see the file COPYING.  If not, write to the
018    Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
019    02110-1301 USA.
020    
021    Linking this library statically or dynamically with other modules is
022    making a combined work based on this library.  Thus, the terms and
023    conditions of the GNU General Public License cover the whole
024    combination.
025    
026    As a special exception, the copyright holders of this library give you
027    permission to link this library with independent modules to produce an
028    executable, regardless of the license terms of these independent
029    modules, and to copy and distribute the resulting executable under
030    terms of your choice, provided that you also meet, for each linked
031    independent module, the terms and conditions of the license of that
032    module.  An independent module is a module which is not derived from
033    or based on this library.  If you modify this library, you may extend
034    this exception to your version of the library, but you are not
035    obligated to do so.  If you do not wish to do so, delete this
036    exception statement from your version. */
037    
038    
039    package javax.security.auth.kerberos;
040    
041    import java.security.Permission;
042    import java.security.PermissionCollection;
043    import java.util.Enumeration;
044    import java.util.StringTokenizer;
045    import java.util.Vector;
046    
047    /**
048     * This represents permission to access to a Kerberos service principal.
049     * See the Kerberos authentication RFC for more information:
050     * <a href="http://www.ietf.org/rfc/rfc1510.txt">RFC 1510</a>.
051     *
052     * @since 1.4
053     */
054    public final class ServicePermission
055        extends Permission
056    {
057      // FIXME: Enable this when serialization works.
058      // private static final long serialVersionUID = -1227585031618624935L;
059    
060      private static final int INITIATE = 1;
061      private static final int ACCEPT = 2;
062    
063      private int flags;
064    
065      /**
066       * Create a new service permission with the indicated name and actions.
067       *
068       * The name is the name of the kerberos principal for the service.
069       *
070       * The actions are a comma-separated list of strings.  The recognized
071       * actions are "initiate" and "accept".  The "initiate" action means
072       * that the holder of the permission can access the service.  The
073       * "accept" action means that the holder of the permission can operate
074       * as this service.
075       *
076       * @param name the prinicpal's name
077       * @param action the allowed actions
078       */
079      public ServicePermission(String name, String action)
080      {
081        super(name);
082        parseActions(action);
083      }
084    
085      public boolean implies(Permission perm)
086      {
087        if (! (perm instanceof ServicePermission))
088          return false;
089        ServicePermission sp = (ServicePermission) perm;
090        if ((flags & sp.flags) != sp.flags)
091          return false;
092        return getName().equals(sp.getName());
093      }
094    
095      public boolean equals(Object obj)
096      {
097        if (! (obj instanceof ServicePermission))
098          return false;
099        ServicePermission sp = (ServicePermission) obj;
100        return flags == sp.flags && getName().equals(sp.getName());
101      }
102    
103      public int hashCode()
104      {
105        return getName().hashCode() + flags;
106      }
107    
108      /**
109       * Return a string representing the actions.
110       */
111      public String getActions()
112      {
113        if (flags == (INITIATE | ACCEPT))
114          return "initiate,accept";
115        if (flags == INITIATE)
116          return "initiate";
117        if (flags == ACCEPT)
118          return "accept";
119        return "";
120      }
121    
122      public PermissionCollection newPermissionCollection()
123      {
124        return new PermissionCollection()
125        {
126          private Vector permissions = new Vector();
127    
128          public void add(Permission perm)
129          {
130            if (isReadOnly())
131              throw new SecurityException("readonly");
132            if (! (perm instanceof ServicePermission))
133              throw new IllegalArgumentException("can only add DelegationPermissions");
134            permissions.add(perm);
135          }
136    
137          public boolean implies(Permission perm)
138          {
139            if (! (perm instanceof ServicePermission))
140              return false;
141            Enumeration e = elements();
142            while (e.hasMoreElements())
143              {
144                ServicePermission sp = (ServicePermission) e.nextElement();
145                if (sp.implies(perm))
146                  return true;
147              }
148            return false;
149          }
150    
151          public Enumeration elements()
152          {
153            return permissions.elements();
154          }
155        };
156      }
157    
158      private void parseActions(String actions)
159      {
160        StringTokenizer tok = new StringTokenizer(actions, ",");
161        while (tok.hasMoreTokens())
162          {
163            String token = tok.nextToken();
164            if ("accept".equals(token))
165              flags |= ACCEPT;
166            else if ("initiate".equals(token))
167              flags |= INITIATE;
168            else
169              throw new IllegalArgumentException("unrecognized token: " + token);
170          }
171      }
172    }