J. Duke | 319a3b9 | 2007-12-01 00:00:00 +0000 | [diff] [blame^] | 1 | /* |
| 2 | * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
| 3 | * |
| 4 | * This code is free software; you can redistribute it and/or modify it |
| 5 | * under the terms of the GNU General Public License version 2 only, as |
| 6 | * published by the Free Software Foundation. Sun designates this |
| 7 | * particular file as subject to the "Classpath" exception as provided |
| 8 | * by Sun in the LICENSE file that accompanied this code. |
| 9 | * |
| 10 | * This code is distributed in the hope that it will be useful, but WITHOUT |
| 11 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
| 12 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
| 13 | * version 2 for more details (a copy is included in the LICENSE file that |
| 14 | * accompanied this code). |
| 15 | * |
| 16 | * You should have received a copy of the GNU General Public License version |
| 17 | * 2 along with this work; if not, write to the Free Software Foundation, |
| 18 | * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
| 19 | * |
| 20 | * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, |
| 21 | * CA 95054 USA or visit www.sun.com if you need additional information or |
| 22 | * have any questions. |
| 23 | */ |
| 24 | |
| 25 | /* |
| 26 | * (C) Copyright IBM Corp. 1999 All Rights Reserved. |
| 27 | * Copyright 1997 The Open Group Research Institute. All rights reserved. |
| 28 | */ |
| 29 | |
| 30 | package sun.security.krb5.internal.tools; |
| 31 | |
| 32 | import sun.security.krb5.*; |
| 33 | import sun.security.krb5.internal.*; |
| 34 | import sun.security.krb5.internal.ccache.*; |
| 35 | import sun.security.krb5.internal.ktab.*; |
| 36 | import sun.security.krb5.internal.crypto.EType; |
| 37 | import sun.security.krb5.KrbCryptoException; |
| 38 | import java.lang.RuntimeException; |
| 39 | import java.io.IOException; |
| 40 | import java.io.BufferedReader; |
| 41 | import java.io.InputStreamReader; |
| 42 | import java.io.File; |
| 43 | |
| 44 | /** |
| 45 | * This class can execute as a command-line tool to list entries in |
| 46 | * credential cache and key tab. |
| 47 | * |
| 48 | * @author Yanni Zhang |
| 49 | * @author Ram Marti |
| 50 | */ |
| 51 | public class Klist { |
| 52 | Object target; |
| 53 | // for credentials cache, options are 'f' and 'e'; |
| 54 | // for keytab, optionsare 't' and 'K' and 'e' |
| 55 | char[] options = new char[3]; |
| 56 | String name; // the name of credentials cache and keytable. |
| 57 | char action; // actions would be 'c' for credentials cache |
| 58 | // and 'k' for keytable. |
| 59 | private static boolean DEBUG = Krb5.DEBUG; |
| 60 | |
| 61 | /** |
| 62 | * The main program that can be invoked at command line. |
| 63 | * <br>Usage: klist |
| 64 | * [[-c] [-f] [-e]] [-k [-t] [-K]] [name] |
| 65 | * -c specifes that credential cache is to be listed |
| 66 | * -k specifies that key tab is to be listed |
| 67 | * name name of the credentials cache or keytab |
| 68 | * <br>available options for credential caches: |
| 69 | * <ul> |
| 70 | * <li><b>-f</b> shows credentials flags |
| 71 | * <li><b>-e</b> shows the encryption type |
| 72 | * </ul> |
| 73 | * available options for keytabs: |
| 74 | * <li><b>-t</b> shows keytab entry timestamps |
| 75 | * <li><b>-K</b> shows keytab entry DES keys |
| 76 | */ |
| 77 | public static void main(String[] args) { |
| 78 | Klist klist = new Klist(); |
| 79 | if ((args == null) || (args.length == 0)) { |
| 80 | klist.action = 'c'; // default will list default credentials cache. |
| 81 | } else { |
| 82 | klist.processArgs(args); |
| 83 | } |
| 84 | switch (klist.action) { |
| 85 | case 'c': |
| 86 | if (klist.name == null) { |
| 87 | klist.target = CredentialsCache.getInstance(); |
| 88 | klist.name = CredentialsCache.cacheName(); |
| 89 | } else |
| 90 | klist.target = CredentialsCache.getInstance(klist.name); |
| 91 | |
| 92 | if (klist.target != null) { |
| 93 | klist.displayCache(); |
| 94 | } else { |
| 95 | klist.displayMessage("Credentials cache"); |
| 96 | System.exit(-1); |
| 97 | } |
| 98 | break; |
| 99 | case 'k': |
| 100 | if (klist.name == null) { |
| 101 | klist.target = KeyTab.getInstance(); |
| 102 | klist.name = KeyTab.tabName(); |
| 103 | } else klist.target = KeyTab.getInstance(klist.name); |
| 104 | if (klist.target != null) { |
| 105 | klist.displayTab(); |
| 106 | } else { |
| 107 | klist.displayMessage("KeyTab"); |
| 108 | System.exit(-1); |
| 109 | } |
| 110 | break; |
| 111 | default: |
| 112 | if (klist.name != null) { |
| 113 | klist.printHelp(); |
| 114 | System.exit(-1); |
| 115 | } else { |
| 116 | klist.target = CredentialsCache.getInstance(); |
| 117 | klist.name = CredentialsCache.cacheName(); |
| 118 | if (klist.target != null) { |
| 119 | klist.displayCache(); |
| 120 | } else { |
| 121 | klist.displayMessage("Credentials cache"); |
| 122 | System.exit(-1); |
| 123 | } |
| 124 | } |
| 125 | } |
| 126 | } |
| 127 | |
| 128 | /** |
| 129 | * Parses the command line arguments. |
| 130 | */ |
| 131 | void processArgs(String[] args) { |
| 132 | Character arg; |
| 133 | for (int i = 0; i < args.length; i++) { |
| 134 | if ((args[i].length() >= 2) && (args[i].startsWith("-"))) { |
| 135 | arg = new Character(args[i].charAt(1)); |
| 136 | switch (arg.charValue()) { |
| 137 | case 'c': |
| 138 | action = 'c'; |
| 139 | break; |
| 140 | case 'k': |
| 141 | action = 'k'; |
| 142 | break; |
| 143 | case 'f': |
| 144 | options[1] = 'f'; |
| 145 | break; |
| 146 | case 'e': |
| 147 | options[0] = 'e'; |
| 148 | break; |
| 149 | case 'K': |
| 150 | options[1] = 'K'; |
| 151 | break; |
| 152 | case 't': |
| 153 | options[2] = 't'; |
| 154 | break; |
| 155 | default: |
| 156 | printHelp(); |
| 157 | System.exit(-1); |
| 158 | } |
| 159 | |
| 160 | } else { |
| 161 | if (!args[i].startsWith("-") && (i == args.length - 1)) { |
| 162 | // the argument is the last one. |
| 163 | name = args[i]; |
| 164 | arg = null; |
| 165 | } else { |
| 166 | printHelp(); // incorrect input format. |
| 167 | System.exit(-1); |
| 168 | } |
| 169 | } |
| 170 | } |
| 171 | } |
| 172 | |
| 173 | void displayTab() { |
| 174 | KeyTab table = (KeyTab)target; |
| 175 | KeyTabEntry[] entries = table.getEntries(); |
| 176 | if (entries.length == 0) { |
| 177 | System.out.println("\nKey tab: " + name + |
| 178 | ", " + " 0 entries found.\n"); |
| 179 | } else { |
| 180 | if (entries.length == 1) |
| 181 | System.out.println("\nKey tab: " + name + |
| 182 | ", " + entries.length + " entry found.\n"); |
| 183 | else |
| 184 | System.out.println("\nKey tab: " + name + ", " + |
| 185 | entries.length + " entries found.\n"); |
| 186 | for (int i = 0; i < entries.length; i++) { |
| 187 | System.out.println("[" + (i + 1) + "] " + |
| 188 | "Service principal: " + |
| 189 | entries[i].getService().toString()); |
| 190 | System.out.println("\t KVNO: " + |
| 191 | entries[i].getKey().getKeyVersionNumber()); |
| 192 | if (options[0] == 'e') { |
| 193 | EncryptionKey key = entries[i].getKey(); |
| 194 | System.out.println("\t Key type: " + |
| 195 | key.getEType()); |
| 196 | } |
| 197 | if (options[1] == 'K') { |
| 198 | EncryptionKey key = entries[i].getKey(); |
| 199 | System.out.println("\t Key: " + |
| 200 | entries[i].getKeyString()); |
| 201 | } |
| 202 | if (options[2] == 't') { |
| 203 | System.out.println("\t Time stamp: " + |
| 204 | reformat(entries[i].getTimeStamp().toDate().toString())); |
| 205 | } |
| 206 | } |
| 207 | } |
| 208 | } |
| 209 | |
| 210 | void displayCache() { |
| 211 | CredentialsCache cache = (CredentialsCache)target; |
| 212 | sun.security.krb5.internal.ccache.Credentials[] creds = |
| 213 | cache.getCredsList(); |
| 214 | if (creds == null) { |
| 215 | System.out.println ("No credentials available in the cache " + |
| 216 | name); |
| 217 | System.exit(-1); |
| 218 | } |
| 219 | System.out.println("\nCredentials cache: " + name); |
| 220 | String defaultPrincipal = cache.getPrimaryPrincipal().toString(); |
| 221 | int num = creds.length; |
| 222 | |
| 223 | if (num == 1) |
| 224 | System.out.println("\nDefault principal: " + |
| 225 | defaultPrincipal + ", " + |
| 226 | creds.length + " entry found.\n"); |
| 227 | else |
| 228 | System.out.println("\nDefault principal: " + |
| 229 | defaultPrincipal + ", " + |
| 230 | creds.length + " entries found.\n"); |
| 231 | String starttime = null; |
| 232 | String endtime = null; |
| 233 | String servicePrincipal = null; |
| 234 | String etype = null; |
| 235 | if (creds != null) { |
| 236 | for (int i = 0; i < creds.length; i++) { |
| 237 | try { |
| 238 | starttime = |
| 239 | reformat(creds[i].getAuthTime().toDate().toString()); |
| 240 | endtime = |
| 241 | reformat(creds[i].getEndTime().toDate().toString()); |
| 242 | servicePrincipal = |
| 243 | creds[i].getServicePrincipal().toString(); |
| 244 | System.out.println("[" + (i + 1) + "] " + |
| 245 | " Service Principal: " + |
| 246 | servicePrincipal); |
| 247 | System.out.println(" Valid starting: " + starttime); |
| 248 | System.out.println(" Expires: " + endtime); |
| 249 | if (options[0] == 'e') { |
| 250 | etype = EType.toString(creds[i].getEType()); |
| 251 | System.out.println("\t Encryption type: " + etype); |
| 252 | } |
| 253 | if (options[1] == 'f') { |
| 254 | System.out.println("\t Flags: " + |
| 255 | creds[i].getTicketFlags().toString()); |
| 256 | } |
| 257 | } catch (RealmException e) { |
| 258 | System.out.println("Error reading principal from "+ |
| 259 | "the entry."); |
| 260 | if (DEBUG) { |
| 261 | e.printStackTrace(); |
| 262 | } |
| 263 | System.exit(-1); |
| 264 | } |
| 265 | } |
| 266 | } else { |
| 267 | System.out.println("\nNo entries found."); |
| 268 | } |
| 269 | } |
| 270 | |
| 271 | void displayMessage(String target) { |
| 272 | if (name == null) { |
| 273 | name = ""; |
| 274 | } |
| 275 | System.out.println(target + " " + name + " not found."); |
| 276 | } |
| 277 | /** |
| 278 | * Reformats the date from the form - |
| 279 | * dow mon dd hh:mm:ss zzz yyyy to mon/dd/yyyy hh:mm |
| 280 | * where dow is the day of the week, mon is the month, |
| 281 | * dd is the day of the month, hh is the hour of |
| 282 | * the day, mm is the minute within the hour, |
| 283 | * ss is the second within the minute, zzz is the time zone, |
| 284 | * and yyyy is the year. |
| 285 | * @param date the string form of Date object. |
| 286 | */ |
| 287 | String reformat(String date) { |
| 288 | return (date.substring(4, 7) + " " + date.substring(8, 10) + |
| 289 | ", " + date.substring(24) |
| 290 | + " " + date.substring(11, 16)); |
| 291 | } |
| 292 | /** |
| 293 | * Printes out the help information. |
| 294 | */ |
| 295 | void printHelp() { |
| 296 | System.out.println("\nUsage: klist " + |
| 297 | "[[-c] [-f] [-e]] [-k [-t] [-K]] [name]"); |
| 298 | System.out.println(" name\t name of credentials cache or " + |
| 299 | " keytab with the prefix. File-based cache or " |
| 300 | + "keytab's prefix is FILE:."); |
| 301 | System.out.println(" -c specifes that credential cache is to be " + |
| 302 | "listed"); |
| 303 | System.out.println(" -k specifies that key tab is to be listed"); |
| 304 | System.out.println(" options for credentials caches:"); |
| 305 | System.out.println("\t-f \t shows credentials flags"); |
| 306 | System.out.println("\t-e \t shows the encryption type"); |
| 307 | System.out.println(" options for keytabs:"); |
| 308 | System.out.println("\t-t \t shows keytab entry timestamps"); |
| 309 | System.out.println("\t-K \t shows keytab entry key value"); |
| 310 | System.out.println("\t-e \t shows keytab entry key type"); |
| 311 | System.out.println("\nUsage: java sun.security.krb5.tools.Klist " + |
| 312 | "-help for help."); |
| 313 | } |
| 314 | } |