mcs/class/Novell.Directory.Ldap/Novell.Directory.Ldap.Security.jvm/CreateContextPrivilegedAction.cs

   1 //
   2 // Novell.Directory.Ldap.Security.CreateContextPrivilegedAction.cs
   3 //
   4 // Authors:
   5 //  Boris Kirzner <borsk@mainsoft.com>
   6 //      Konstantin Triger <kostat@mainsoft.com>
   7 //
   8 // (C) 2005 Mainsoft Corporation (http://www.mainsoft.com)
   9 //
  10
  11 //
  12 // Permission is hereby granted, free of charge, to any person obtaining
  13 // a copy of this software and associated documentation files (the
  14 // "Software"), to deal in the Software without restriction, including
  15 // without limitation the rights to use, copy, modify, merge, publish,
  16 // distribute, sublicense, and/or sell copies of the Software, and to
  17 // permit persons to whom the Software is furnished to do so, subject to
  18 // the following conditions:
  19 //
  20 // The above copyright notice and this permission notice shall be
  21 // included in all copies or substantial portions of the Software.
  22 //
  23 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
  24 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
  25 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
  26 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
  27 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
  28 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
  29 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
  30 //\r
  31 \r
  32 using System;\r
  33 \r
  34 using java.security;\r
  35 using org.ietf.jgss;\r
  36 \r
  37 namespace Novell.Directory.Ldap.Security\r
  38 {\r
  39         internal class CreateContextPrivilegedAction : PrivilegedAction\r
  40         {\r
  41                 #region Fields\r
  42 \r
  43                 private readonly bool _encryption;\r
  44                 private readonly bool _signing;\r
  45                 private readonly bool _delegation;\r
  46                 private readonly string _name;\r
  47                 private readonly string _clientName;\r
  48                 private readonly string _mech;\r
  49 \r
  50                 #endregion //Fields\r
  51 \r
  52                 #region Constructors\r
  53 \r
  54                 public CreateContextPrivilegedAction(string name, string clientName, string mech, bool encryption, bool signing, bool delegation)\r
  55                 {\r
  56                         _name = name;\r
  57                         _clientName = clientName;\r
  58                         _mech = mech;\r
  59                         _encryption = encryption;\r
  60                         _signing = signing;\r
  61                         _delegation = delegation;\r
  62                 }\r
  63 \r
  64                 #endregion // Constructors\r
  65 \r
  66                 #region Methods\r
  67 \r
  68                 public object run()\r
  69                 {\r
  70                         try {                           \r
  71                                 Oid krb5Oid = new Oid (_mech);\r
  72                                 GSSManager manager = GSSManager.getInstance ();\r
  73                                 GSSName clientName = \r
  74                                         manager.createName(_clientName, GSSName__Finals.NT_USER_NAME);\r
  75                                 GSSCredential clientCreds =\r
  76                                         manager.createCredential(clientName,\r
  77                                         GSSContext__Finals.INDEFINITE_LIFETIME,\r
  78                                         krb5Oid,\r
  79                                         GSSCredential__Finals.INITIATE_ONLY);\r
  80 \r
  81 //                              try {\r
  82                                         GSSName serverName = manager.createName (_name, GSSName__Finals.NT_HOSTBASED_SERVICE, krb5Oid);\r
  83                                         GSSContext context = manager.createContext (serverName, krb5Oid, clientCreds, GSSContext__Finals.INDEFINITE_LIFETIME);\r
  84 \r
  85                                         context.requestMutualAuth(true);  \r
  86                                         context.requestConf (_encryption);\r
  87                                         if (!_encryption || _signing)\r
  88                                                 context.requestInteg (!_encryption || _signing); \r
  89                                         context.requestCredDeleg (_delegation);\r
  90 \r
  91                                         return context;\r
  92 //                              }\r
  93 //                              finally {\r
  94 //                                      // Calling this throws GSSException: Operation unavailable...\r
  95 //                                      clientCreds.dispose();\r
  96 //                              }\r
  97                         }\r
  98                         catch (GSSException e) {\r
  99                                 throw new PrivilegedActionException (e);\r
 100                         }\r
 101                 }\r
 102 \r
 103                 #endregion // Methods\r
 104         }\r
 105 }\r