Beispiel #1
0
  /**
   * Constructs a KeyImpl from a password.
   *
   * @param principal the principal from which to derive the salt
   * @param password the password that should be used to compute the key.
   * @param algorithm the name for the algorithm that this key wil be used for. This parameter may
   *     be null in which case "DES" will be assumed.
   */
  public KeyImpl(KerberosPrincipal principal, char[] password, String algorithm) {

    try {
      PrincipalName princ = new PrincipalName(principal.getName());
      EncryptionKey key = new EncryptionKey(password, princ.getSalt(), algorithm);
      this.keyBytes = key.getBytes();
      this.keyType = key.getEType();
    } catch (KrbException e) {
      throw new IllegalArgumentException(e.getMessage());
    }
  }
  private Krb5InitCredential(
      Krb5NameElement name,
      byte[] asn1Encoding,
      KerberosPrincipal client,
      KerberosPrincipal server,
      byte[] sessionKey,
      int keyType,
      boolean[] flags,
      Date authTime,
      Date startTime,
      Date endTime,
      Date renewTill,
      InetAddress[] clientAddresses)
      throws GSSException {
    super(
        asn1Encoding,
        client,
        server,
        sessionKey,
        keyType,
        flags,
        authTime,
        startTime,
        endTime,
        renewTill,
        clientAddresses);

    this.name = name;

    try {
      // Cache this for later use by the sun.security.krb5 package.
      krb5Credentials =
          new Credentials(
              asn1Encoding,
              client.getName(),
              server.getName(),
              sessionKey,
              keyType,
              flags,
              authTime,
              startTime,
              endTime,
              renewTill,
              clientAddresses);
    } catch (KrbException e) {
      throw new GSSException(GSSException.NO_CRED, -1, e.getMessage());
    } catch (IOException e) {
      throw new GSSException(GSSException.NO_CRED, -1, e.getMessage());
    }
  }
  private static KerberosTicket getTgt(int caller, Krb5NameElement name, int initLifetime)
      throws GSSException {

    String realm = null;
    final String clientPrincipal, tgsPrincipal = null;

    /*
     * Find the TGT for the realm that the client is in. If the client
     * name is not available, then use the default realm.
     */
    if (name != null) {
      clientPrincipal = (name.getKrb5PrincipalName()).getName();
      realm = (name.getKrb5PrincipalName()).getRealmAsString();
    } else {
      clientPrincipal = null;
      try {
        Config config = Config.getInstance();
        realm = config.getDefaultRealm();
      } catch (KrbException e) {
        GSSException ge =
            new GSSException(
                GSSException.NO_CRED,
                -1,
                "Attempt to obtain INITIATE credentials failed!" + " (" + e.getMessage() + ")");
        ge.initCause(e);
        throw ge;
      }
    }

    final AccessControlContext acc = AccessController.getContext();

    try {
      final int realCaller = (caller == GSSUtil.CALLER_UNKNOWN) ? GSSUtil.CALLER_INITIATE : caller;
      return AccessController.doPrivileged(
          new PrivilegedExceptionAction<KerberosTicket>() {
            public KerberosTicket run() throws Exception {
              return Krb5Util.getTicket(realCaller, clientPrincipal, tgsPrincipal, acc);
            }
          });
    } catch (PrivilegedActionException e) {
      GSSException ge =
          new GSSException(
              GSSException.NO_CRED,
              -1,
              "Attempt to obtain new INITIATE credentials failed!" + " (" + e.getMessage() + ")");
      ge.initCause(e.getException());
      throw ge;
    }
  }