/*
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership. The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License. You may obtain a copy of the License at
 * 
 *      http://www.apache.org/licenses/LICENSE-2.0
 * 
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

/* Configuration source file for activatable Kerberos server */

import com.sun.jini.example.hello.ServerPermission;
import java.rmi.activation.ActivationID;
import java.security.Permission;
import java.util.Collections;
import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.login.LoginContext;
import net.jini.activation.ActivationExporter;
import net.jini.constraint.BasicMethodConstraints;
import net.jini.core.constraint.Integrity;
import net.jini.core.constraint.ClientAuthentication;
import net.jini.core.constraint.InvocationConstraint;
import net.jini.core.constraint.InvocationConstraints;
import net.jini.core.constraint.ServerAuthentication;
import net.jini.core.constraint.ServerMinPrincipal;
import net.jini.jeri.kerberos.KerberosServerEndpoint;
import net.jini.jeri.BasicJeriExporter;
import net.jini.jeri.ProxyTrustILFactory;
import net.jini.discovery.LookupDiscovery;
import net.jini.security.AuthenticationPermission;
import net.jini.security.BasicProxyPreparer;

com.sun.jini.example.hello.Server {

    /* JAAS login */
    loginContext = new LoginContext("com.sun.jini.example.hello.Server");

    /* Identify principals */
    static serverUser = Collections.singleton(
	new KerberosPrincipal("${serverPrincipal}"));
    static reggieUser = Collections.singleton(
	new KerberosPrincipal("${reggiePrincipal}"));
    static phoenixUser = Collections.singleton(
	new KerberosPrincipal("${phoenixPrincipal}"));

    /* Exporter for the server proxy */
    exporter =
	/* Use activation exporter */
	new ActivationExporter(
	    (ActivationID) $data,
	    /* Use secure exporter */
	    new BasicJeriExporter(
		/* Use Kerberos transport */
		KerberosServerEndpoint.getInstance(0),
		/* Support ProxyTrust */
		new ProxyTrustILFactory(
		    /* Require integrity for all methods */
		    new BasicMethodConstraints(
			new InvocationConstraints(Integrity.YES, null)),
		    /* Require ServerPermission */
		    ServerPermission.class)));

    /* Constraints for talking to Phoenix */
    private static activationSystemConstraints = 
        new BasicMethodConstraints(
	    new InvocationConstraints(
	        new InvocationConstraint[] {
		    Integrity.YES,
                    ServerAuthentication.YES,
                    new ServerMinPrincipal(phoenixUser) },
                null));

    /* Proxy preparer for the activation ID */
    activationIdPreparer =
        new BasicProxyPreparer(
            false,    /* No need to verify the proxy */
            activationSystemConstraints,
            null);

    private groups = new String[] { "krb.hello.example.jini.sun.com" };
    discoveryManager = new LookupDiscovery(groups, this);

}//end com.sun.jini.example.hello.Server

/* Configuration block for the lookup discovery utility */
net.jini.discovery.LookupDiscovery {

    private serviceLookupConstraints =
        new BasicMethodConstraints(
            new InvocationConstraints(
                new InvocationConstraint[]{
                    Integrity.YES,
                    ClientAuthentication.YES,
                    ServerAuthentication.YES,
                    new ServerMinPrincipal(
                        com.sun.jini.example.hello.Server.reggieUser)
                    },
                null));

    static registrarPreparer = new BasicProxyPreparer(
        true,
        serviceLookupConstraints,
        new Permission[] {
            new AuthenticationPermission(
                com.sun.jini.example.hello.Server.serverUser,
                com.sun.jini.example.hello.Server.reggieUser,
                "connect")
            });

}//end net.jini.discovery.LookupDiscovery

/* Configuration block for the join manager */
net.jini.lookup.JoinManager {

    static registrarPreparer    = 
	net.jini.discovery.LookupDiscovery.registrarPreparer;
    static registrationPreparer = 
	net.jini.discovery.LookupDiscovery.registrarPreparer;
    static serviceLeasePreparer = 
	net.jini.discovery.LookupDiscovery.registrarPreparer;

}//end net.jini.lookup.JoinManager