@Override public boolean equals(GSSName another) throws GSSException { if (!(another instanceof BogusGSSName)) { throw new GSSException(GSSException.BAD_NAMETYPE); } BogusGSSName otherName = (BogusGSSName) another; return name.equals(otherName.name) && oid.equals(otherName.oid); }
public static String serializeCredential(GSSCredential gssCredential) throws KerberosSerializationException { try { if (gssCredential == null) { throw new KerberosSerializationException("Null credential given as input"); } if (!(gssCredential instanceof GSSCredentialImpl)) { throw new KerberosSerializationException( "Unknown credential type: " + gssCredential.getClass()); } GSSCredentialImpl gssCredImpl = (GSSCredentialImpl) gssCredential; Oid[] mechs = gssCredImpl.getMechs(); for (Oid oid : mechs) { if (oid.equals(KRB5_OID)) { int usage = gssCredImpl.getUsage(oid); boolean initiate = (usage == GSSCredential.INITIATE_ONLY || usage == GSSCredential.INITIATE_AND_ACCEPT); GSSCredentialSpi credentialSpi = gssCredImpl.getElement(oid, initiate); if (credentialSpi instanceof Krb5InitCredential) { Krb5InitCredential credential = (Krb5InitCredential) credentialSpi; KerberosTicket kerberosTicket = new KerberosTicket( credential.getEncoded(), credential.getClient(), credential.getServer(), credential.getSessionKey().getEncoded(), credential.getSessionKeyType(), credential.getFlags(), credential.getAuthTime(), credential.getStartTime(), credential.getEndTime(), credential.getRenewTill(), credential.getClientAddresses()); return serialize(kerberosTicket); } else { throw new KerberosSerializationException( "Unsupported type of credentialSpi: " + credentialSpi.getClass()); } } } throw new KerberosSerializationException( "Kerberos credential not found. Available mechanisms: " + mechs); } catch (IOException e) { throw new KerberosSerializationException("Exception occured", e); } catch (GSSException e) { throw new KerberosSerializationException("Exception occured", e); } }
/** * Encodes the authentication packet for supported authentication methods. * * @param request the socks proxy request data * @return the encoded buffer * @throws GSSException when something fails while using GSSAPI */ private IoBuffer encodeGSSAPIAuthenticationPacket(final SocksProxyRequest request) throws GSSException { GSSContext ctx = (GSSContext) getSession().getAttribute(GSS_CONTEXT); if (ctx == null) { // first step in the authentication process GSSManager manager = GSSManager.getInstance(); GSSName serverName = manager.createName(request.getServiceKerberosName(), null); Oid krb5OID = new Oid(SocksProxyConstants.KERBEROS_V5_OID); if (LOGGER.isDebugEnabled()) { LOGGER.debug("Available mechs:"); for (Oid o : manager.getMechs()) { if (o.equals(krb5OID)) { LOGGER.debug("Found Kerberos V OID available"); } LOGGER.debug("{} with oid = {}", manager.getNamesForMech(o), o); } } ctx = manager.createContext(serverName, krb5OID, null, GSSContext.DEFAULT_LIFETIME); ctx.requestMutualAuth(true); // Mutual authentication ctx.requestConf(false); ctx.requestInteg(false); getSession().setAttribute(GSS_CONTEXT, ctx); } byte[] token = (byte[]) getSession().getAttribute(GSS_TOKEN); if (token != null) { LOGGER.debug(" Received Token[{}] = {}", token.length, ByteUtilities.asHex(token)); } IoBuffer buf = null; if (!ctx.isEstablished()) { // token is ignored on the first call if (token == null) { token = new byte[32]; } token = ctx.initSecContext(token, 0, token.length); // Send a token to the server if one was generated by // initSecContext if (token != null) { LOGGER.debug(" Sending Token[{}] = {}", token.length, ByteUtilities.asHex(token)); getSession().setAttribute(GSS_TOKEN, token); buf = IoBuffer.allocate(4 + token.length); buf.put( new byte[] { SocksProxyConstants.GSSAPI_AUTH_SUBNEGOTIATION_VERSION, SocksProxyConstants.GSSAPI_MSG_TYPE }); buf.put(ByteUtilities.intToNetworkByteOrder(token.length, 2)); buf.put(token); } } return buf; }