/*
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership. The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License. You may obtain a copy of the License at
 * 
 *      http://www.apache.org/licenses/LICENSE-2.0
 * 
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

/* Configuration source file for Kerberos client */

import com.sun.security.auth.callback.DialogCallbackHandler;
import java.security.Permission;
import java.util.Collections;
import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.login.LoginContext;
import net.jini.core.constraint.ClientAuthentication;
import net.jini.core.constraint.Confidentiality;
import net.jini.core.constraint.Integrity;
import net.jini.core.constraint.InvocationConstraint;
import net.jini.core.constraint.InvocationConstraints;
import net.jini.core.constraint.ServerAuthentication;
import net.jini.core.constraint.ServerMinPrincipal;
import net.jini.jeri.BasicJeriExporter;
import net.jini.jeri.ProxyTrustILFactory;
import net.jini.jeri.kerberos.KerberosServerEndpoint;
import net.jini.discovery.LookupDiscovery;
import net.jini.lookup.ServiceDiscoveryManager;
import net.jini.security.AccessPermission;
import net.jini.security.AuthenticationPermission;
import net.jini.constraint.BasicMethodConstraints;
import net.jini.security.BasicProxyPreparer;

com.sun.jini.example.hello.Client {

    /* JAAS login */
    loginContext = new LoginContext("com.sun.jini.example.hello.Client",
	/* Use this for command line version */
	/* new TextCallbackHandler() */

	/* Use a dialog box */
	new DialogCallbackHandler()
	);

    /* Principals */
    private static clientUser = Collections.singleton(
	new KerberosPrincipal("${clientPrincipal}"));
    private static reggieUser = Collections.singleton(
	new KerberosPrincipal("${reggiePrincipal}"));
    private static serverUser = Collections.singleton(
	new KerberosPrincipal("${serverPrincipal}"));

    /* Preparer for server proxy */
    static preparer =
        new BasicProxyPreparer(
	    /* Verify the proxy. */
	    true,
	    /*
	     * Require integrity, client authentication, and server
             * authenticate with the correct principal for all methods.
	     */
	    new BasicMethodConstraints(
	        new InvocationConstraints(
		    new InvocationConstraint[] {
                        Integrity.YES,
		        ClientAuthentication.YES,
		        ServerAuthentication.YES,
		        new ServerMinPrincipal(serverUser),
		        Confidentiality.YES },
		    null)),
	    new Permission[] {
	        /* Authenticate as client when connecting to server */
	        new AuthenticationPermission(clientUser,
					     serverUser,
					     "connect") });

    private groups = new String[] { "krb.hello.example.jini.sun.com" };
    serviceDiscovery = new ServiceDiscoveryManager(
        new LookupDiscovery(groups, this), null, this);

}//end com.sun.jini.example.hello.Client

/* Configuration block for the SDM */
net.jini.lookup.ServiceDiscoveryManager {

    /* Exporter for the SDM */
    eventListenerExporter =
        /* Use secure exporter */
        new BasicJeriExporter(
 	    /* Use Kerberos transport */
            KerberosServerEndpoint.getInstance(0),
            /* Support ProxyTrust */
            new ProxyTrustILFactory(
                /* Require integrity for all methods */
                new BasicMethodConstraints(
                    new InvocationConstraints(Integrity.YES, null)),
                AccessPermission.class),
		false,
		false);

    /* Used by several facilities below */
    registrarPreparer =
        new BasicProxyPreparer(
            /* Verify the proxy. */
            true,
            /*
             * Require integrity, client authentication, and server
             * authenticate with the correct principal for all methods.
             */
            new BasicMethodConstraints(
                new InvocationConstraints(
                    new InvocationConstraint[] {
                        Integrity.YES,
                        ClientAuthentication.YES,
                        ServerAuthentication.YES,
                        new ServerMinPrincipal(
			    com.sun.jini.example.hello.Client.reggieUser) },
                    null)),
            new Permission[] {
                /* Authenticate as client when connecting to reggie */
                new AuthenticationPermission(
		    com.sun.jini.example.hello.Client.clientUser,
                    com.sun.jini.example.hello.Client.reggieUser,
                    "connect") });

    eventLeasePreparer    = registrarPreparer;

}//end net.jini.lookup.ServiceDiscoveryManager

/* Configuration block for the lookup discovery utility */
net.jini.discovery.LookupDiscovery {

    static registrarPreparer = 
	net.jini.lookup.ServiceDiscoveryManager.registrarPreparer;

}//end net.jini.discovery.LookupDiscovery