Examples of GSSContext

Examples of org.ietf.jgss.GSSContext

102
103
104
105
106
107
108
109
110
111
112
113
            Oid krb5Oid = new Oid(KRB5MechOID.value.substring(4));
            GSSManager gssManager = GSSManager.getInstance();
            GSSName myPeer = gssManager.createName(target, null, krb5Oid);
            if (clientCreds == null) clientCreds = gssManager.createCredential(null, GSSCredential.INDEFINITE_LIFETIME, krb5Oid, GSSCredential.INITIATE_ONLY);
            GSSContext myContext = gssManager.createContext(myPeer, krb5Oid, clientCreds, GSSContext.INDEFINITE_LIFETIME);
            contextToken = myContext.initSecContext(contextToken, 0, contextToken.length);
        } catch (Exception e) {
            logger.error("Error creating Kerberos context: "+e);
        }
        return contextToken;
    }
View Full Code Here

Examples of org.ietf.jgss.GSSContext

86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
        byte[] serviceTicket = getServiceTicket(authPair[1]);
       
        try {
            Subject serviceSubject = loginAndGetSubject();
           
            GSSContext gssContext = createGSSContext();

            Subject.doAs(serviceSubject, new ValidateServiceTicketAction(gssContext, serviceTicket));
           
            GSSName srcName = gssContext.getSrcName();
            if (srcName == null) {
                throw ExceptionUtils.toNotAuthorizedException(null, getFaultResponse());
            }
           
            String complexUserName = srcName.toString();
           
            String simpleUserName = complexUserName;
            int index = simpleUserName.lastIndexOf('@');
            if (index > 0) {
                simpleUserName = simpleUserName.substring(0, index);
            }
            if (!gssContext.getCredDelegState()) {
                gssContext.dispose();
                gssContext = null;
            }
            Message m = JAXRSUtils.getCurrentMessage();
            m.put(SecurityContext.class,
                new KerberosSecurityContext(new KerberosPrincipal(simpleUserName,
View Full Code Here

Examples of org.ietf.jgss.GSSContext

295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
        try
        {
            GSSName acceptorName = manager.createName(service,
                GSSName.NT_HOSTBASED_SERVICE, KRB5_OID);

            GSSContext secCtx = manager.createContext(acceptorName,
                                                      KRB5_OID,
                                                      null,
                                                      GSSContext.INDEFINITE_LIFETIME);

            secCtx.initSecContext(new byte[0], 0, 1);

            if (secCtx.getSrcName() != null)
            {
                return secCtx.getSrcName().toString();
            }

        }
        catch (GSSException e)
        {
View Full Code Here

Examples of org.ietf.jgss.GSSContext

94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
                GSSCredential.ACCEPT_ONLY);

        while (true) {
            logger.debug("Waiting for incoming connection on port {} ...",
                    localPort);
            GSSContext context = manager.createContext(serverCreds);
            Socket socket = ss.accept();

            try {
                DataInputStream inStream = new DataInputStream(socket
                        .getInputStream());
                DataOutputStream outStream = new DataOutputStream(socket
                        .getOutputStream());

                logger.debug("Got connection from client @ {}", socket
                        .getInetAddress());

                // Read SOCKS5 greeting packet
                byte ver = (byte) inStream.read();
                if (ver != 0x05) {
                    throw new IllegalStateException(
                            "Wrong socks version received - " + ver);
                }
                byte nbAuthMethods = (byte) inStream.read();
                byte[] methods = new byte[nbAuthMethods];
                inStream.readFully(methods);

                boolean found = false;
                for (byte b : methods) {
                    if (b == SocksProxyConstants.GSSAPI_AUTH) {
                        found = true;
                        break;
                    }
                }

                if (!found) {
                    throw new IllegalStateException(
                            "Client does not support GSSAPI authentication");
                }

                // Send selected mechanism message
                outStream.write(SELECT_GSSAPI_AUTH_MSG);
                outStream.flush();

                // Do the context establishment loop
                byte[] token = null;

                while (!context.isEstablished()) {
                    byte authVersion = (byte) inStream.read();

                    if (authVersion != 0x01) {
                        throw new IllegalStateException(
                                "Wrong socks GSSAPI auth version received: "
                                        + authVersion);
                    }

                    byte mtyp = (byte) inStream.read();
                    if (mtyp != 0x01) {
                        throw new IllegalArgumentException(
                                "Message type should be equal to 1.");
                    }

                    int len = inStream.readShort();
                    token = new byte[len];
                    inStream.readFully(token);
                    logger.debug("  Received Token[{}] = {}", len,
                            ByteUtilities.asHex(token));

                    token = context.acceptSecContext(token, 0, token.length);

                    // Send a token to the peer if one was generated by acceptSecContext
                    if (token != null) {
                        logger.debug("  Sending Token[{}] = {}", token.length,
                                ByteUtilities.asHex(token));
                        outStream.writeByte(authVersion);
                        outStream.writeByte(mtyp);
                        outStream.writeShort(token.length);
                        outStream.write(token);
                        outStream.flush();
                    }
                }

                logger.debug("Context Established !");
                logger.debug("Client is {}", context.getSrcName());
                logger.debug("Server is {}", context.getTargName());

                /*
                 * If mutual authentication did not take place, then
                 * only the client was authenticated to the
                 * server. Otherwise, both client and server were
                 * authenticated to each other.  
                 */
                if (context.getMutualAuthState()) {
                    logger.debug("Mutual authentication took place !");
                }

                // We can now abort the process after a short time as auth is OK
                // and finally block will close session          
                Thread.sleep(500);
            } catch (Exception ex) {
                //ex.printStackTrace();
            } finally {
                context.dispose();
                socket.close();
            }
        }
    }
View Full Code Here

Examples of org.ietf.jgss.GSSContext

329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
        token = Subject.doAs(serverSubject, new PrivilegedExceptionAction<AuthenticationToken>() {

          @Override
          public AuthenticationToken run() throws Exception {
            AuthenticationToken token = null;
            GSSContext gssContext = null;
            GSSCredential gssCreds = null;
            try {
              gssCreds = gssManager.createCredential(
                  gssManager.createName(
                      KerberosUtil.getServicePrincipal("HTTP", serverName),
                      KerberosUtil.getOidInstance("NT_GSS_KRB5_PRINCIPAL")),
                  GSSCredential.INDEFINITE_LIFETIME,
                  new Oid[]{
                    KerberosUtil.getOidInstance("GSS_SPNEGO_MECH_OID"),
                    KerberosUtil.getOidInstance("GSS_KRB5_MECH_OID")},
                  GSSCredential.ACCEPT_ONLY);
              gssContext = gssManager.createContext(gssCreds);
              byte[] serverToken = gssContext.acceptSecContext(clientToken, 0, clientToken.length);
              if (serverToken != null && serverToken.length > 0) {
                String authenticate = base64.encodeToString(serverToken);
                response.setHeader(KerberosAuthenticator.WWW_AUTHENTICATE,
                                   KerberosAuthenticator.NEGOTIATE + " " + authenticate);
              }
              if (!gssContext.isEstablished()) {
                response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
                LOG.trace("SPNEGO in progress");
              } else {
                String clientPrincipal = gssContext.getSrcName().toString();
                KerberosName kerberosName = new KerberosName(clientPrincipal);
                String userName = kerberosName.getShortName();
                token = new AuthenticationToken(userName, clientPrincipal, getType());
                response.setStatus(HttpServletResponse.SC_OK);
                LOG.trace("SPNEGO completed for principal [{}]", clientPrincipal);
              }
            } finally {
              if (gssContext != null) {
                gssContext.dispose();
              }
              if (gssCreds != null) {
                gssCreds.dispose();
              }
            }
View Full Code Here

Examples of org.ietf.jgss.GSSContext

224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
  public void testRequestWithAuthorization() throws Exception {
    String token = KerberosTestUtils.doAsClient(new Callable<String>() {
      @Override
      public String call() throws Exception {
        GSSManager gssManager = GSSManager.getInstance();
        GSSContext gssContext = null;
        try {
          String servicePrincipal = KerberosTestUtils.getServerPrincipal();
          Oid oid = KerberosUtil.getOidInstance("NT_GSS_KRB5_PRINCIPAL");
          GSSName serviceName = gssManager.createName(servicePrincipal,
              oid);
          oid = KerberosUtil.getOidInstance("GSS_KRB5_MECH_OID");
          gssContext = gssManager.createContext(serviceName, oid, null,
                                                  GSSContext.DEFAULT_LIFETIME);
          gssContext.requestCredDeleg(true);
          gssContext.requestMutualAuth(true);

          byte[] inToken = new byte[0];
          byte[] outToken = gssContext.initSecContext(inToken, 0, inToken.length);
          Base64 base64 = new Base64(0);
          return base64.encodeToString(outToken);

        } finally {
          if (gssContext != null) {
            gssContext.dispose();
          }
        }
      }
    });
View Full Code Here

Examples of org.ietf.jgss.GSSContext

111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
  public void testRequestWithAuthorization() throws Exception {
    String token = KerberosTestUtils.doAsClient(new Callable<String>() {
      @Override
      public String call() throws Exception {
        GSSManager gssManager = GSSManager.getInstance();
        GSSContext gssContext = null;
        try {
          String servicePrincipal = KerberosTestUtils.getServerPrincipal();
          GSSName serviceName = gssManager.createName(servicePrincipal, GSSUtil.NT_GSS_KRB5_PRINCIPAL);
          gssContext = gssManager.createContext(serviceName, GSSUtil.GSS_KRB5_MECH_OID, null,
                                                GSSContext.DEFAULT_LIFETIME);
          gssContext.requestCredDeleg(true);
          gssContext.requestMutualAuth(true);

          byte[] inToken = new byte[0];
          byte[] outToken = gssContext.initSecContext(inToken, 0, inToken.length);
          Base64 base64 = new Base64(0);
          return base64.encodeToString(outToken);

        } finally {
          if (gssContext != null) {
            gssContext.dispose();
          }
        }
      }
    });
View Full Code Here

Examples of org.ietf.jgss.GSSContext

84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
        byte[] serviceTicket = getServiceTicket(authPair[1]);
       
        try {
            Subject serviceSubject = loginAndGetSubject();
           
            GSSContext gssContext = createGSSContext();

            Subject.doAs(serviceSubject, new ValidateServiceTicketAction(gssContext, serviceTicket));
           
            GSSName srcName = gssContext.getSrcName();
            if (srcName == null) {
                throw new NotAuthorizedException(getFaultResponse());
            }
           
            String complexUserName = srcName.toString();
           
            String simpleUserName = complexUserName;
            int index = simpleUserName.lastIndexOf('@');
            if (index > 0) {
                simpleUserName = simpleUserName.substring(0, index);
            }
            if (!gssContext.getCredDelegState()) {
                gssContext.dispose();
                gssContext = null;
            }

            m.put(SecurityContext.class,
                new KerberosSecurityContext(new KerberosPrincipal(simpleUserName,
View Full Code Here

Examples of org.ietf.jgss.GSSContext

68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
            gssManager.createCredential(
                gssClient, GSSCredential.DEFAULT_LIFETIME, kerberos5Oid, GSSCredential.INITIATE_ONLY
            );

        GSSName gssService = gssManager.createName(serviceName, isUsernameServiceNameForm ? GSSName.NT_USER_NAME : GSSName.NT_HOSTBASED_SERVICE);
        GSSContext secContext =
            gssManager.createContext(
                gssService, kerberos5Oid, credentials, GSSContext.DEFAULT_LIFETIME
            );

        secContext.requestMutualAuth(false);

        byte[] token = new byte[0];
        byte[] returnedToken = secContext.initSecContext(token, 0, token.length);

        KerberosContext krbCtx = new KerberosContext();
        krbCtx.setGssContext(secContext);
        krbCtx.setKerberosToken(returnedToken);
View Full Code Here

Examples of org.ietf.jgss.GSSContext

78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
            gssManager.createCredential(
                gssService, GSSCredential.DEFAULT_LIFETIME, kerberos5Oid, GSSCredential.ACCEPT_ONLY
            );

        KerberosServiceContext krbServiceCtx = null;
        GSSContext secContext = null;

        try{
            secContext = gssManager.createContext(credentials);
            secContext.acceptSecContext(ticket, 0, ticket.length);

            krbServiceCtx = new KerberosServiceContext();           

            GSSName clientName = secContext.getSrcName();
            krbServiceCtx.setPrincipal(new KerberosPrincipal(clientName.toString()));

            if (!isJava5Or6 && (isOracleJavaVendor || isIBMJavaVendor)) {
                try {
                    @SuppressWarnings("rawtypes")
                    Class inquireType = Class.forName(isOracleJavaVendor ? SUN_JGSS_INQUIRE_TYPE_CLASS : IBM_JGSS_INQUIRE_TYPE_CLASS);

                    @SuppressWarnings("rawtypes")
                    Class extendedGSSContext = Class.forName(isOracleJavaVendor ? SUN_JGSS_EXT_GSSCTX_CLASS : IBM_JGSS_EXT_GSSCTX_CLASS);

                    @SuppressWarnings("unchecked")
                    Method inquireSecContext = extendedGSSContext.getMethod(EXTENDED_JGSS_CONTEXT_INQUIRE_SEC_CONTEXT_METHOD_NAME, inquireType);

                    @SuppressWarnings("unchecked")
                    Key key = (Key) inquireSecContext.invoke(secContext, Enum.valueOf(inquireType, EXTENDED_JGSS_CONTEXT_INQUIRE_TYPE_KRB5_GET_SESSION_KEY));

                    krbServiceCtx.setSessionKey(key);
                }
                catch (ClassNotFoundException e) {
                    throw new WSSecurityException(
                        WSSecurityException.FAILURE, KERBEROS_TICKET_VALIDATION_ERROR_MSG_ID, new Object[] {}, e
                    );
                }
                catch (NoSuchMethodException e) {
                    throw new WSSecurityException(
                        WSSecurityException.FAILURE, KERBEROS_TICKET_VALIDATION_ERROR_MSG_ID, new Object[] {}, e
                    );
                }
                catch (InvocationTargetException e) {
                    throw new WSSecurityException(
                        WSSecurityException.FAILURE, KERBEROS_TICKET_VALIDATION_ERROR_MSG_ID, new Object[] {}, e.getCause()
                    );
                }
                catch (IllegalAccessException e) {
                    throw new WSSecurityException(
                        WSSecurityException.FAILURE, KERBEROS_TICKET_VALIDATION_ERROR_MSG_ID, new Object[] {}, e
                    );
                }           
            }           
        } finally {
            if (null != secContext) {
                secContext.dispose();   
           
        }              

        return krbServiceCtx;
    }
View Full Code Here
TOP
Copyright © 2018 www.massapi.com. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.