Examples of org.ietf.jgss.GSSContext.initSecContext()

org.ietf.jgss.GSSContext.initSecContext()
Called by the context initiator to start the context creation phase and process any tokens generated by the peer's acceptSecContext method. This method may return an output token which the application will need to send to the peer for processing by its acceptSecContext method. The application can call {@link #isEstablished() isEstablished} to determine if the context establishment phase iscomplete on this side of the context. A return value of false from isEstablished indicates that more tokens are expected to be supplied to initSecContext. Upon completion of the context establishment, the available context options may be queried through the get methods.
Note that it is possible that the initSecContext method return a token for the peer, and isEstablished return true also. This indicates that the token needs to be sent to the peer, but the local end of the context is now fully established.
Some mechanism providers might require that the caller be granted permission to initiate a security context. A failed permission check might cause a {@link java.lang.SecurityException SecurityException}to be thrown from this method.
@return a byte[] containing the token to be sent to thepeer. null indicates that no token is generated. @param inputBuf token generated by the peer. This parameter is ignoredon the first call since no token has been received from the peer. @param offset the offset within the inputBuf where the token begins. @param len the length of the token. @throws GSSException containing the following major error codes: {@link GSSException#DEFECTIVE_TOKEN GSSException.DEFECTIVE_TOKEN}, {@link GSSException#BAD_MIC GSSException.BAD_MIC}, {@link GSSException#NO_CRED GSSException.NO_CRED}, {@link GSSException#CREDENTIALS_EXPIRED GSSException.CREDENTIALS_EXPIRED}, {@link GSSException#BAD_BINDINGS GSSException.BAD_BINDINGS}, {@link GSSException#OLD_TOKEN GSSException.OLD_TOKEN}, {@link GSSException#DUPLICATE_TOKEN GSSException.DUPLICATE_TOKEN}, {@link GSSException#BAD_NAMETYPE GSSException.BAD_NAMETYPE}, {@link GSSException#BAD_MECH GSSException.BAD_MECH}, {@link GSSException#FAILURE GSSException.FAILURE}

                                                  GSSContext.DEFAULT_LIFETIME);
          gssContext.requestCredDeleg(true);
          gssContext.requestMutualAuth(true);


          byte[] inToken = new byte[0];
          byte[] outToken = gssContext.initSecContext(inToken, 0, inToken.length);
          Base64 base64 = new Base64(0);
          return base64.encodeToString(outToken);


        } finally {
          if (gssContext != null) {

View Full Code Here

        GSSName serverName = manager.createName("HTTP@" + authServer, GSSName.NT_HOSTBASED_SERVICE);
        GSSContext gssContext = manager.createContext(
                serverName.canonicalize(oid), oid, null, GSSContext.DEFAULT_LIFETIME);
        gssContext.requestMutualAuth(true);
        gssContext.requestCredDeleg(true);
        return gssContext.initSecContext(token, 0, token.length);
    }


    protected abstract byte[] generateToken(
            byte[] input, final String authServer) throws GSSException;

View Full Code Here

                    GSSContext.DEFAULT_LIFETIME );
                context.requestMutualAuth( true );
                context.requestConf( true );
                context.requestInteg( true );


                context.initSecContext( Strings.EMPTY_BYTES, 0, 0 );


                // byte[] outToken = context.initSecContext( Strings.EMPTY_BYTES, 0, 0 );
                // System.out.println(new BASE64Encoder().encode(outToken));
                context.dispose();

View Full Code Here

                         * Establishing a kerberos secure context, requires a handshake conversation
                         * where client, and server exchange and use tokens generated via calls to initSecContext
                         */
                        bb.limit(msgSize);
                        while (!context.isEstablished()) {
                            token = context.initSecContext(bb.array(), bb.arrayOffset() + bb.position(), bb.remaining());
                            if (token != null) {
                                msgSize = 4 + 1 + 1 + token.length;
                                bb.clear().limit(msgSize);
                                bb.putInt(msgSize-4).put(Constants.AUTH_HANDSHAKE_VERSION).put(Constants.AUTH_HANDSHAKE);
                                bb.put(token).flip();

View Full Code Here

        GSSContext gssContext = credentials.getGSSContext();
        try {
            // hack because HttpClient preemtive auth is broken wrt spnego as at 3.0.1
            if (getParams().isAuthenticationPreemptive()) {
                LOGGER.log(Level.INFO, "Using preemptive SPNego authentication");
                byte[] token = new Base64().encode(gssContext.initSecContext(new byte[0], 0, 0));
                LOGGER.log(Level.INFO, "Sending \"{0}\" {1} header", new String[]{TOKEN_PREFIX, AUTHORIZATION_HEADER});
                method.setRequestHeader(AUTHORIZATION_HEADER, MessageFormat.format("{0} {1}", TOKEN_PREFIX, new String(token)));
                getParams().setAuthenticationPreemptive(false);
            }
            gssContext.requestMutualAuth(mutualAuth);

View Full Code Here

            } catch (ClassCastException e) {
                throw new InvalidCredentialsException(
                        "Credentials cannot be used for SPNego authentication: " + credentials.getClass().getName());
            }
            GSSContext gssContext = spnegoCredentials.getGSSContext();
            byte[] clientToken = gssContext.initSecContext(serverToken, 0, serverToken.length);
            if (gssContext.isEstablished()) {
                complete = true;
                LOGGER.log(Level.INFO, "GSS Context established");
                LOGGER.log(Level.INFO, "Caller is " + gssContext.getSrcName());
                LOGGER.log(Level.INFO, "Server is " + gssContext.getTargName());

View Full Code Here

        final GSSName serverName = manager.createName("HTTP@" + authServer, GSSName.NT_HOSTBASED_SERVICE);
        final GSSContext gssContext = manager.createContext(
                serverName.canonicalize(oid), oid, null, GSSContext.DEFAULT_LIFETIME);
        gssContext.requestMutualAuth(true);
        gssContext.requestCredDeleg(true);
        return gssContext.initSecContext(inputBuff, 0, inputBuff.length);
    }


    protected abstract byte[] generateToken(
            byte[] input, final String authServer) throws GSSException;

View Full Code Here


                byte[] token = new byte[0];


                boolean gotOur200 = false;
                while (!context.isEstablished()) {
                    token = context.initSecContext(token, 0, token.length);


                    if (token != null && token.length > 0) {
                        HttpGet get = new HttpGet(DefaultServer.getDefaultServerURL());
                        get.addHeader(AUTHORIZATION.toString(), NEGOTIATE + " " + FlexBase64.encodeString(token, false));
                        HttpResponse result = client.execute(get);

View Full Code Here

            GSSManager manager = getManager();
            GSSName serverName = manager.createName("HTTP@" + authServer, GSSName.NT_HOSTBASED_SERVICE);
            GSSContext gssContext = manager.createContext(serverName.canonicalize(oid), oid, null, GSSContext.DEFAULT_LIFETIME);
            gssContext.requestMutualAuth(true);
            gssContext.requestCredDeleg(true);
            return gssContext.initSecContext(token, 0, token.length);
        }


        public static String generateToken(String authServer) {
            String returnVal = "";
            Oid oid;

View Full Code Here

            // TODO suspicious: this will always be null because no value has been assigned before. Assign directly?
            if (token == null) {
                token = new byte[0];
            }


            token = gssContext.initSecContext(token, 0, token.length);
            if (token == null) {
                throw new Exception("GSS security context initialization failed");
            }


            /*

View Full Code Here

0 1 2 3 4 5 6 7

TOP

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.