Examples of org.ietf.jgss.GSSManager

• org.ietf.jgss.GSSManager
  tify who the client wishes to be GSSName userName = manager.createName("duke", GSSName.NT_USER_NAME); // Identify the name of the server. This uses a Kerberos specific // name format. GSSName serverName = manager.createName("nfs/foo.sun.com", krb5PrincipalNameType); // Acquire credentials for the user GSSCredential userCreds = manager.createCredential(userName, GSSCredential.DEFAULT_LIFETIME, krb5Mechanism, GSSCredential.INITIATE_ONLY); // Instantiate and initialize a security context that will be // established with the server GSSContext context = manager.createContext(serverName, krb5Mechanism, userCreds, GSSContext.DEFAULT_LIFETIME);

  The server side might use the following variation of this source:

   // Acquire credentials for the server GSSCredential serverCreds = manager.createCredential(serverName,  GSSCredential.DEFAULT_LIFETIME,  krb5Mechanism,  GSSCredential.ACCEPT_ONLY);  // Instantiate and initialize a security context that will // wait for an establishment request token from the client GSSContext context = manager.createContext(serverCreds); 

  @author Mayank Upadhyay @version 1.10, 11/17/05 @see GSSName @see GSSCredential @see GSSContext @since 1.4

     * @throws GSSException
     * @throws LoginException
     */
    private byte[] getToken(AuthorizationPolicy authPolicy, String spn, Oid oid) throws GSSException,
        LoginException {
        GSSManager manager = GSSManager.getInstance();
        GSSName serverName = manager.createName(spn, null);

        GSSContext context = manager
                .createContext(serverName.canonicalize(oid), oid, null, GSSContext.DEFAULT_LIFETIME);
        // TODO Do we need mutual auth. Will the code we have really work with
        // mutual auth?
        context.requestMutualAuth(true);
        // TODO Credential delegation could be a security hole if it was not

        @Override
        public Void run() throws Exception {
          GSSContext gssContext = null;
          try {
            GSSManager gssManager = GSSManager.getInstance();
            String servicePrincipal = KerberosUtil.getServicePrincipal("HTTP",
                KerberosAuthenticator.this.url.getHost());
            Oid oid = KerberosUtil.getOidInstance("NT_GSS_KRB5_PRINCIPAL");
            GSSName serviceName = gssManager.createName(servicePrincipal,
                                                        oid);
            oid = KerberosUtil.getOidInstance("GSS_KRB5_MECH_OID");
            gssContext = gssManager.createContext(serviceName, oid, null,
                                                  GSSContext.DEFAULT_LIFETIME);
            gssContext.requestCredDeleg(true);
            gssContext.requestMutualAuth(true);

            byte[] inToken = new byte[0];

    private String getKerberosUser()
    {
        log.debug("Obtaining userID from kerberos");
        String service = conSettings.getSaslProtocol() + "@" + conSettings.getSaslServerName();
        GSSManager manager = GSSManager.getInstance();

        try
        {
            GSSName acceptorName = manager.createName(service,
                GSSName.NT_HOSTBASED_SERVICE, KRB5_OID);

            GSSContext secCtx = manager.createContext(acceptorName,
                                                      KRB5_OID,
                                                      null,
                                                      GSSContext.INDEFINITE_LIFETIME);

            secCtx.initSecContext(new byte[0], 0, 1);

    public void setup() throws ProtocolException {
        log.trace("Starting");
        try {
            Oid krb5Oid = new Oid("1.2.840.113554.1.2.2");
            GSSManager manager = GSSManager.getInstance();
            GSSName serverName = manager.createName(serverNameString, null);
            context = manager.createContext(serverName,
                                            krb5Oid,
                                            null,
                                            GSSContext.DEFAULT_LIFETIME);
            context.requestMutualAuth(mutualAuth);
            context.requestConf(confidential);

    public Protocol cloneProtocol() throws CloneNotSupportedException {
        GSSAPIServerProtocol result = (GSSAPIServerProtocol) super.clone();

        result.startupLatch = new Latch();
        try {
            GSSManager manager = GSSManager.getInstance();
            result.context = manager.createContext((GSSCredential) null);
            result.context.requestMutualAuth(mutualAuth);
            result.context.requestConf(confidential);
            result.context.requestInteg(integrity);
            result.context.requestCredDeleg(true);
        } catch (GSSException e) {

    {
        String principal = "";
        try
        {
            Oid krb5Oid = new Oid(KRB5MechOID.value.substring(4));
            GSSManager gssManager = GSSManager.getInstance();
            clientCreds =
                gssManager.createCredential(null,
                                            GSSCredential.INDEFINITE_LIFETIME,
                                            krb5Oid,
                                            GSSCredential.INITIATE_ONLY);
        }
        catch (Exception e)

        byte[] contextToken = new byte[0];
        try {
            byte[] target = csmList.mechanism_list[0].as_context_mech.target_name;

            Oid krb5Oid = new Oid(KRB5MechOID.value.substring(4));
            GSSManager gssManager = GSSManager.getInstance();
            GSSName myPeer = gssManager.createName(target, null, krb5Oid);
            if (clientCreds == null) clientCreds = gssManager.createCredential(null, GSSCredential.INDEFINITE_LIFETIME, krb5Oid, GSSCredential.INITIATE_ONLY);
            GSSContext myContext = gssManager.createContext(myPeer, krb5Oid, clientCreds, GSSContext.INDEFINITE_LIFETIME);
            contextToken = myContext.initSecContext(contextToken, 0, contextToken.length);
        } catch (Exception e) {
            logger.error("Error creating Kerberos context: "+e);
        }
        return contextToken;

    public String getClientPrincipal() {
        String principal = "";
        try {
            Oid krb5Oid = new Oid(KRB5MechOID.value.substring(4));
            GSSManager gssManager = GSSManager.getInstance();
            if (clientCreds == null) clientCreds = gssManager.createCredential(null, GSSCredential.INDEFINITE_LIFETIME, krb5Oid, GSSCredential.INITIATE_ONLY);
            principal = clientCreds.getName().toString();
        } catch (Exception e) {
            logger.error("Error getting created principal: "+e);
        }
        return principal;

    }

    public void initTarget() {
        try {
            Oid krb5Oid = new Oid(KRB5MechOID.value.substring(4));
            GSSManager gssManager = GSSManager.getInstance();
            if (targetCreds == null) targetCreds = gssManager.createCredential(null, GSSCredential.INDEFINITE_LIFETIME, krb5Oid, GSSCredential.ACCEPT_ONLY);
        } catch (GSSException e) {
            logger.warn("Error accepting Kerberos context: "+e);
        }
    }

    public boolean validateContext(ORB orb, Codec codec, byte[] contextToken) {
        byte[] token = null;

        try {
            Oid krb5Oid = new Oid(KRB5MechOID.value.substring(4));
            GSSManager gssManager = GSSManager.getInstance();
            if (targetCreds == null) targetCreds = gssManager.createCredential(null, GSSCredential.INDEFINITE_LIFETIME, krb5Oid, GSSCredential.ACCEPT_ONLY);
            validatedContext = gssManager.createContext(targetCreds);
            token = validatedContext.acceptSecContext(contextToken, 0, contextToken.length);
        } catch (GSSException e) {
            logger.error("Error accepting Kerberos context: "+e);
        }
        if (token == null) {