Examples of GSSContext

org.ietf.jgss.GSSContext
te a context using default credentials // and the implementation specific default mechanism GSSManager manager ... GSSName targetName ... GSSContext context = manager.createContext(targetName, null, null, GSSContext.INDEFINITE_LIFETIME); // set desired context options prior to context establishment context.requestConf(true); context.requestMutualAuth(true); context.requestReplayDet(true); context.requestSequenceDet(true); // establish a context between peers byte []inToken = new byte[0]; // Loop while there still is a token to be processed while (!context.isEstablished()) { byte[] outToken = context.initSecContext(inToken, 0, inToken.length); // send the output token if generated if (outToken != null) sendToken(outToken); if (!context.isEstablished()) { inToken = readToken(); } // display context information System.out.println("Remaining lifetime in seconds = " + context.getLifetime()); System.out.println("Context mechanism = " + context.getMech()); System.out.println("Initiator = " + context.getSrcName()); System.out.println("Acceptor = " + context.getTargName()); if (context.getConfState()) System.out.println("Confidentiality (i.e., privacy) is available"); if (context.getIntegState()) System.out.println("Integrity is available"); // perform wrap on an application supplied message, appMsg, // using QOP = 0, and requesting privacy service byte [] appMsg ... MessageProp mProp = new MessageProp(0, true); byte []tok = context.wrap(appMsg, 0, appMsg.length, mProp); sendToken(tok); // release the local-end of the context context.dispose(); @author Mayank Upadhyay @version 1.10, 11/17/05 @since 1.4
org.timepedia.chronoscope.client.gss.GssContext
A GssContext is responsible for mapping GssElement/pseudoElt pairs into GssProperties objects.

Examples of org.ietf.jgss.GSSContext

        try
        {
            GSSName acceptorName = manager.createName(service,
                GSSName.NT_HOSTBASED_SERVICE, KRB5_OID);


            GSSContext secCtx = manager.createContext(acceptorName,
                                                      KRB5_OID,
                                                      null,
                                                      GSSContext.INDEFINITE_LIFETIME);


            secCtx.initSecContext(new byte[0], 0, 1);


            if (secCtx.getSrcName() != null)
            {
                return secCtx.getSrcName().toString();
            }


        }
        catch (GSSException e)
        {

View Full Code Here

Examples of org.ietf.jgss.GSSContext

     * @return the encoded buffer
     * @throws GSSException when something fails while using GSSAPI
     */
    private IoBuffer encodeGSSAPIAuthenticationPacket(
            final SocksProxyRequest request) throws GSSException {
        GSSContext ctx = (GSSContext) getSession().getAttribute(GSS_CONTEXT);
        if (ctx == null) {
            GSSManager manager = GSSManager.getInstance();
            GSSName serverName = manager.createName(request
                    .getServiceKerberosName(), null);
            Oid krb5OID = new Oid(SocksProxyConstants.KERBEROS_V5_OID);


            if (logger.isDebugEnabled()) {
                logger.debug("Available mechs:");
                for (Oid o : manager.getMechs()) {
                    if (o.equals(krb5OID)) {
                        logger.debug("Found Kerberos V OID available");
                    }
                    logger.debug("{} with oid = {}",
                            manager.getNamesForMech(o), o);
                }
            }


            ctx = manager.createContext(serverName, krb5OID, null,
                    GSSContext.DEFAULT_LIFETIME);


            ctx.requestMutualAuth(true); // Mutual authentication
            ctx.requestConf(false);
            ctx.requestInteg(false);


            getSession().setAttribute(GSS_CONTEXT, ctx);
        }


        byte[] token = (byte[]) getSession().getAttribute(GSS_TOKEN);
        if (token != null) {
            logger.debug("  Received Token[{}] = {}", token.length,
                    ByteUtilities.asHex(token));
        }
        IoBuffer buf = null;


        if (!ctx.isEstablished()) {
            // token is ignored on the first call
            if (token == null) {
                token = new byte[32];
            }


            token = ctx.initSecContext(token, 0, token.length);


            // Send a token to the server if one was generated by
            // initSecContext
            if (token != null) {
                logger.debug("  Sending Token[{}] = {}", token.length,

View Full Code Here

Examples of org.ietf.jgss.GSSContext

        boolean isAuthenticating = false;
        if (step == SocksProxyConstants.SOCKS5_AUTH_STEP) {
            byte method = ((Byte) getSession().getAttribute(
                    Socks5LogicHandler.SELECTED_AUTH_METHOD)).byteValue();
            if (method == SocksProxyConstants.GSSAPI_AUTH) {
                GSSContext ctx = (GSSContext) getSession().getAttribute(
                        GSS_CONTEXT);
                if (ctx == null || !ctx.isEstablished()) {
                    isAuthenticating = true;
                }
            }
        }

View Full Code Here

Examples of org.ietf.jgss.GSSContext

    /**
     * {@inheritDoc}
     */
    @Override
    protected void closeSession(String message) {
        GSSContext ctx = (GSSContext) getSession().getAttribute(GSS_CONTEXT);
        if (ctx != null) {
            try {
                ctx.dispose();
            } catch (GSSException e) {
                e.printStackTrace();
                super.closeSession(message, e);
                return;
            }

View Full Code Here

Examples of org.ietf.jgss.GSSContext

        try {
            GSSManager manager = GSSManager.getInstance();
            Oid krb5Oid = new Oid("1.3.6.1.5.5.2");
            GSSName gssName = manager.createName(targetName, GSSName.NT_USER_NAME);
            GSSCredential serverCreds = manager.createCredential(gssName, GSSCredential.INDEFINITE_LIFETIME, krb5Oid, GSSCredential.ACCEPT_ONLY);
            GSSContext gContext = manager.createContext(serverCreds);
            if (gContext == null) {
                log.debug("Failed to create a GSSContext");
            } else {
                while (!gContext.isEstablished()) {
                    token = gContext.acceptSecContext(token, 0, token.length);
                }
                if (gContext.isEstablished()) {
                    loginSucceeded = true;
                    srcName = gContext.getSrcName();
                    log.debug("A security context is successfully established" + gContext);
                    return loginSucceeded;
                } else {
                    log.error("Failed to establish a security context");
                    throw new LoginException("Failed to establish a security context");

View Full Code Here

Examples of org.ietf.jgss.GSSContext

            response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
            return false;
        }


        LoginContext lc = null;
        GSSContext gssContext = null;
        byte[] outToken = null;
        try {
            try {
                lc = new LoginContext(getLoginConfigName());
                lc.login();
            } catch (LoginException e) {
                log.error(sm.getString("spnegoAuthenticator.serviceLoginFail"),
                        e);
                response.sendError(
                        HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
                return false;
            }
            // Assume the GSSContext is stateless
            // TODO: Confirm this assumption
            final GSSManager manager = GSSManager.getInstance();
            // IBM JDK only understands indefinite lifetime
            final int credentialLifetime;
            if (Globals.IS_IBM_JVM) {
                credentialLifetime = GSSCredential.INDEFINITE_LIFETIME;
            } else {
                credentialLifetime = GSSCredential.DEFAULT_LIFETIME;
            }
            final PrivilegedExceptionAction<GSSCredential> action =
                new PrivilegedExceptionAction<GSSCredential>() {
                    @Override
                    public GSSCredential run() throws GSSException {
                        return manager.createCredential(null,
                                credentialLifetime,
                                new Oid("1.3.6.1.5.5.2"),
                                GSSCredential.ACCEPT_ONLY);
                    }
                };
            gssContext = manager.createContext(Subject.doAs(lc.getSubject(), action));


            outToken = Subject.doAs(lc.getSubject(), new AcceptAction(gssContext, decoded));


            if (outToken == null) {
                if (log.isDebugEnabled()) {
                    log.debug(sm.getString(
                            "spnegoAuthenticator.ticketValidateFail"));
                }
                // Start again
                response.setHeader("WWW-Authenticate", "Negotiate");
                response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
                return false;
            }


            principal = context.getRealm().authenticate(gssContext,
                    isStoreDelegatedCredential());
        } catch (GSSException e) {
            if (log.isDebugEnabled()) {
                log.debug(sm.getString("spnegoAuthenticator.ticketValidateFail"), e);
            }
            response.setHeader("WWW-Authenticate", "Negotiate");
            response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
            return false;
        } catch (PrivilegedActionException e) {
            Throwable cause = e.getCause();
            if (cause instanceof GSSException) {
                if (log.isDebugEnabled()) {
                    log.debug(sm.getString("spnegoAuthenticator.serviceLoginFail"), e);
                }
            } else {
                log.error(sm.getString("spnegoAuthenticator.serviceLoginFail"), e);
            }
            response.setHeader("WWW-Authenticate", "Negotiate");
            response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
            return false;
        } finally {
            if (gssContext != null) {
                try {
                    gssContext.dispose();
                } catch (GSSException e) {
                    // Ignore
                }
            }
            if (lc != null) {

View Full Code Here

Examples of org.ietf.jgss.GSSContext

            response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
            return false;
        }


        LoginContext lc = null;
        GSSContext gssContext = null;
        byte[] outToken = null;
        try {
            try {
                lc = new LoginContext(getLoginConfigName());
                lc.login();
            } catch (LoginException e) {
                log.error(sm.getString("spnegoAuthenticator.serviceLoginFail"),
                        e);
                response.sendError(
                        HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
                return false;
            }
            // Assume the GSSContext is stateless
            // TODO: Confirm this assumption
            final GSSManager manager = GSSManager.getInstance();
            final PrivilegedExceptionAction<GSSCredential> action =
                new PrivilegedExceptionAction<GSSCredential>() {
                    @Override
                    public GSSCredential run() throws GSSException {
                        return manager.createCredential(null,
                                GSSCredential.DEFAULT_LIFETIME,
                                new Oid("1.3.6.1.5.5.2"),
                                GSSCredential.ACCEPT_ONLY);
                    }
                };
            gssContext = manager.createContext(Subject.doAs(lc.getSubject(), action));


            outToken = gssContext.acceptSecContext(decoded, 0, decoded.length);


            if (outToken == null) {
                if (log.isDebugEnabled()) {
                    log.debug(sm.getString(
                            "spnegoAuthenticator.ticketValidateFail"));
                }
                // Start again
                response.setHeader("WWW-Authenticate", "Negotiate");
                response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
                return false;
            }


            principal = context.getRealm().authenticate(gssContext,
                    isStoreDelegatedCredential());
        } catch (GSSException e) {
            if (log.isDebugEnabled()) {
                log.debug(sm.getString("spnegoAuthenticator.ticketValidateFail"), e);
            }
            response.setHeader("WWW-Authenticate", "Negotiate");
            response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
            return false;
        } catch (PrivilegedActionException e) {
            log.error(sm.getString("spnegoAuthenticator.serviceLoginFail"), e);
            response.setHeader("WWW-Authenticate", "Negotiate");
            response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
            return false;
        } finally {
            if (gssContext != null) {
                try {
                    gssContext.dispose();
                } catch (GSSException e) {
                    // Ignore
                }
            }
            if (lc != null) {

View Full Code Here

Examples of org.ietf.jgss.GSSContext

            GSSCredential credentials = 
                gssManager.createCredential(
                    gssService, GSSCredential.DEFAULT_LIFETIME, kerberos5Oid, GSSCredential.ACCEPT_ONLY
                );
            
            GSSContext secContext =
                gssManager.createContext(credentials);
            secContext.acceptSecContext(ticket, 0, ticket.length);
 
            GSSName clientName = secContext.getSrcName();
            secContext.dispose();
            return new KerberosPrincipal(clientName.toString());
        } catch (GSSException e) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Error in validating a Kerberos token", e);
            }

View Full Code Here

Examples of org.ietf.jgss.GSSContext

                gssManager.createCredential(
                    gssClient, GSSCredential.DEFAULT_LIFETIME, kerberos5Oid, GSSCredential.INITIATE_ONLY
                );
            
            GSSName gssService = gssManager.createName(serviceName, GSSName.NT_HOSTBASED_SERVICE);
            GSSContext secContext =
                gssManager.createContext(
                    gssService, kerberos5Oid, credentials, GSSContext.DEFAULT_LIFETIME
                );
 
            secContext.requestMutualAuth(false);
            byte[] token = new byte[0];
            byte[] returnedToken = secContext.initSecContext(token, 0, token.length);
            secContext.dispose();
            return returnedToken;
        } catch (GSSException e) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Error in obtaining a Kerberos token", e);
            }

View Full Code Here

Examples of org.ietf.jgss.GSSContext

        try {
            GSSManager manager = GSSManager.getInstance();
            Oid krb5Oid = new Oid("1.3.6.1.5.5.2");
            GSSName gssName = manager.createName(targetName, GSSName.NT_USER_NAME);
            GSSCredential serverCreds = manager.createCredential(gssName, GSSCredential.INDEFINITE_LIFETIME, krb5Oid, GSSCredential.ACCEPT_ONLY);
            GSSContext gContext = manager.createContext(serverCreds);
            if (gContext == null) {
                log.debug("Failed to create a GSSContext");
            } else {
                while (!gContext.isEstablished()) {
                    token = gContext.acceptSecContext(token, 0, token.length);
                }
                if (gContext.isEstablished()) {
                    loginSucceeded = true;
                    srcName = gContext.getSrcName();
                    log.debug("A security context is successfully established" + gContext);
                    return loginSucceeded;
                } else {
                    log.error("Failed to establish a security context");
                    throw new LoginException("Failed to establish a security context");

View Full Code Here

0 1 2 3 4 5

TOP

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.