Source Code of org.apache.geronimo.corba.security.config.css.CSSSASITTPrincipalNameDynamic

/**
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.apache.geronimo.corba.security.config.css;

import java.security.Principal;
import java.util.Iterator;
import java.util.Set;
import javax.security.auth.Subject;

import org.apache.geronimo.security.ContextManager;
import org.apache.geronimo.security.DomainPrincipal;
import org.apache.geronimo.security.PrimaryDomainPrincipal;
import org.apache.geronimo.security.PrimaryRealmPrincipal;
import org.apache.geronimo.security.RealmPrincipal;
import org.omg.CORBA.Any;
import org.omg.CSI.GSS_NT_ExportedNameHelper;
import org.omg.CSI.IdentityToken;
import org.omg.GSSUP.GSSUPMechOID;
import org.omg.IOP.CodecPackage.InvalidTypeForEncoding;
import org.apache.geronimo.corba.util.Util;


/**
 * @version $Revision: 503493 $ $Date: 2007-02-04 13:47:55 -0800 (Sun, 04 Feb 2007) $
 */
public class CSSSASITTPrincipalNameDynamic implements CSSSASIdentityToken {

    private final String oid;
    private final Class principalClass;
    private final String domain;
    private final String realm;

//    public CSSSASITTPrincipalNameDynamic(String domain) {
//        this(GSSUPMechOID.value.substring(4), domain);
//    }

    public CSSSASITTPrincipalNameDynamic(String oid, Class principalClass, String domain, String realm) {
        this.oid = (oid == null ? GSSUPMechOID.value.substring(4) : oid);
        this.principalClass = principalClass;
        this.domain = domain;
        this.realm = realm;
    }

    /**
     * TODO should also use login domains?
     * @return IdentityToken
     */
    public IdentityToken encodeIdentityToken() {

        IdentityToken token = null;
        Subject subject = ContextManager.getNextCaller();
        String principalName = null;
        if (subject == null) {
//            Set principals = Collections.EMPTY_SET;
        } else if (realm != null) {
            Set principals = subject.getPrincipals(RealmPrincipal.class);
            for (Iterator iter = principals.iterator(); iter.hasNext();) {
                RealmPrincipal p = (RealmPrincipal) iter.next();
                if (p.getRealm().equals(realm) && p.getLoginDomain().equals(domain) && p.getPrincipal().getClass().equals(principalClass)) {
                    principalName = p.getPrincipal().getName();
                    if (p instanceof PrimaryRealmPrincipal) break;
                }
            }
        } else if (domain != null) {
            Set principals = subject.getPrincipals(DomainPrincipal.class);
            for (Iterator iter = principals.iterator(); iter.hasNext();) {
                DomainPrincipal p = (DomainPrincipal) iter.next();
                if (p.getDomain().equals(domain) && p.getPrincipal().getClass().equals(principalClass)) {
                    principalName = p.getPrincipal().getName();
                    if (p instanceof PrimaryDomainPrincipal) break;
                }
            }
        } else {
            Set principals = subject.getPrincipals(principalClass);
            if (!principals.isEmpty()) {
                Principal principal = (Principal) principals.iterator().next();
                principalName = principal.getName();

            }
        }

        if (principalName != null) {

            Any any = Util.getORB().create_any();

            //TODO consider including a domain in this scoped-username
            GSS_NT_ExportedNameHelper.insert(any, Util.encodeGSSExportName(oid, principalName));

            byte[] encoding = null;
            try {
                encoding = Util.getCodec().encode_value(any);
            } catch (InvalidTypeForEncoding itfe) {
                throw new IllegalStateException("Unable to encode principal name '" + principalName + "' " + itfe, itfe);
            }

            token = new IdentityToken();
            token.principal_name(encoding);
        } else {
            token = new IdentityToken();
            token.anonymous(true);
        }

        return token;
    }

    public String toString() {
        StringBuffer buf = new StringBuffer();
        toString("", buf);
        return buf.toString();
    }

    public void toString(String spaces, StringBuffer buf) {
        String moreSpaces = spaces + "  ";
        buf.append(spaces).append("CSSSASITTPrincipalNameDynamic: [\n");
        buf.append(moreSpaces).append("oid: ").append(oid).append("\n");
        buf.append(moreSpaces).append("principalClass: ").append(principalClass).append("\n");
        buf.append(moreSpaces).append("domain: ").append(domain).append("\n");
        buf.append(moreSpaces).append("realm: ").append(realm).append("\n");
        buf.append(spaces).append("]\n");
    }

}