001/* ServicePermission.java -- kerberos service permission
002   Copyright (C) 2006 Free Software Foundation, Inc.
003
004This file is part of GNU Classpath.
005
006GNU Classpath is free software; you can redistribute it and/or modify
007it under the terms of the GNU General Public License as published by
008the Free Software Foundation; either version 2, or (at your option)
009any later version.
010
011GNU Classpath is distributed in the hope that it will be useful, but
012WITHOUT ANY WARRANTY; without even the implied warranty of
013MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
014General Public License for more details.
015
016You should have received a copy of the GNU General Public License
017along with GNU Classpath; see the file COPYING.  If not, write to the
018Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
01902110-1301 USA.
020
021Linking this library statically or dynamically with other modules is
022making a combined work based on this library.  Thus, the terms and
023conditions of the GNU General Public License cover the whole
024combination.
025
026As a special exception, the copyright holders of this library give you
027permission to link this library with independent modules to produce an
028executable, regardless of the license terms of these independent
029modules, and to copy and distribute the resulting executable under
030terms of your choice, provided that you also meet, for each linked
031independent module, the terms and conditions of the license of that
032module.  An independent module is a module which is not derived from
033or based on this library.  If you modify this library, you may extend
034this exception to your version of the library, but you are not
035obligated to do so.  If you do not wish to do so, delete this
036exception statement from your version. */
037
038
039package javax.security.auth.kerberos;
040
041import java.security.Permission;
042import java.security.PermissionCollection;
043import java.util.Enumeration;
044import java.util.StringTokenizer;
045import java.util.Vector;
046
047/**
048 * This represents permission to access to a Kerberos service principal.
049 * See the Kerberos authentication RFC for more information:
050 * <a href="http://www.ietf.org/rfc/rfc1510.txt">RFC 1510</a>.
051 *
052 * @since 1.4
053 */
054public final class ServicePermission
055    extends Permission
056{
057  // FIXME: Enable this when serialization works.
058  // private static final long serialVersionUID = -1227585031618624935L;
059
060  private static final int INITIATE = 1;
061  private static final int ACCEPT = 2;
062
063  private int flags;
064
065  /**
066   * Create a new service permission with the indicated name and actions.
067   *
068   * The name is the name of the kerberos principal for the service.
069   *
070   * The actions are a comma-separated list of strings.  The recognized
071   * actions are "initiate" and "accept".  The "initiate" action means
072   * that the holder of the permission can access the service.  The
073   * "accept" action means that the holder of the permission can operate
074   * as this service.
075   *
076   * @param name the prinicpal's name
077   * @param action the allowed actions
078   */
079  public ServicePermission(String name, String action)
080  {
081    super(name);
082    parseActions(action);
083  }
084
085  public boolean implies(Permission perm)
086  {
087    if (! (perm instanceof ServicePermission))
088      return false;
089    ServicePermission sp = (ServicePermission) perm;
090    if ((flags & sp.flags) != sp.flags)
091      return false;
092    return getName().equals(sp.getName());
093  }
094
095  public boolean equals(Object obj)
096  {
097    if (! (obj instanceof ServicePermission))
098      return false;
099    ServicePermission sp = (ServicePermission) obj;
100    return flags == sp.flags && getName().equals(sp.getName());
101  }
102
103  public int hashCode()
104  {
105    return getName().hashCode() + flags;
106  }
107
108  /**
109   * Return a string representing the actions.
110   */
111  public String getActions()
112  {
113    if (flags == (INITIATE | ACCEPT))
114      return "initiate,accept";
115    if (flags == INITIATE)
116      return "initiate";
117    if (flags == ACCEPT)
118      return "accept";
119    return "";
120  }
121
122  public PermissionCollection newPermissionCollection()
123  {
124    return new PermissionCollection()
125    {
126      private Vector permissions = new Vector();
127
128      public void add(Permission perm)
129      {
130        if (isReadOnly())
131          throw new SecurityException("readonly");
132        if (! (perm instanceof ServicePermission))
133          throw new IllegalArgumentException("can only add DelegationPermissions");
134        permissions.add(perm);
135      }
136
137      public boolean implies(Permission perm)
138      {
139        if (! (perm instanceof ServicePermission))
140          return false;
141        Enumeration e = elements();
142        while (e.hasMoreElements())
143          {
144            ServicePermission sp = (ServicePermission) e.nextElement();
145            if (sp.implies(perm))
146              return true;
147          }
148        return false;
149      }
150
151      public Enumeration elements()
152      {
153        return permissions.elements();
154      }
155    };
156  }
157
158  private void parseActions(String actions)
159  {
160    StringTokenizer tok = new StringTokenizer(actions, ",");
161    while (tok.hasMoreTokens())
162      {
163        String token = tok.nextToken();
164        if ("accept".equals(token))
165          flags |= ACCEPT;
166        else if ("initiate".equals(token))
167          flags |= INITIATE;
168        else
169          throw new IllegalArgumentException("unrecognized token: " + token);
170      }
171  }
172}