Exemple #1
0
 @Override
 public boolean equals(GSSName another) throws GSSException {
   if (!(another instanceof BogusGSSName)) {
     throw new GSSException(GSSException.BAD_NAMETYPE);
   }
   BogusGSSName otherName = (BogusGSSName) another;
   return name.equals(otherName.name) && oid.equals(otherName.oid);
 }
  public static String serializeCredential(GSSCredential gssCredential)
      throws KerberosSerializationException {
    try {
      if (gssCredential == null) {
        throw new KerberosSerializationException("Null credential given as input");
      }

      if (!(gssCredential instanceof GSSCredentialImpl)) {
        throw new KerberosSerializationException(
            "Unknown credential type: " + gssCredential.getClass());
      }

      GSSCredentialImpl gssCredImpl = (GSSCredentialImpl) gssCredential;
      Oid[] mechs = gssCredImpl.getMechs();

      for (Oid oid : mechs) {
        if (oid.equals(KRB5_OID)) {
          int usage = gssCredImpl.getUsage(oid);
          boolean initiate =
              (usage == GSSCredential.INITIATE_ONLY || usage == GSSCredential.INITIATE_AND_ACCEPT);

          GSSCredentialSpi credentialSpi = gssCredImpl.getElement(oid, initiate);
          if (credentialSpi instanceof Krb5InitCredential) {
            Krb5InitCredential credential = (Krb5InitCredential) credentialSpi;
            KerberosTicket kerberosTicket =
                new KerberosTicket(
                    credential.getEncoded(),
                    credential.getClient(),
                    credential.getServer(),
                    credential.getSessionKey().getEncoded(),
                    credential.getSessionKeyType(),
                    credential.getFlags(),
                    credential.getAuthTime(),
                    credential.getStartTime(),
                    credential.getEndTime(),
                    credential.getRenewTill(),
                    credential.getClientAddresses());
            return serialize(kerberosTicket);
          } else {
            throw new KerberosSerializationException(
                "Unsupported type of credentialSpi: " + credentialSpi.getClass());
          }
        }
      }

      throw new KerberosSerializationException(
          "Kerberos credential not found. Available mechanisms: " + mechs);
    } catch (IOException e) {
      throw new KerberosSerializationException("Exception occured", e);
    } catch (GSSException e) {
      throw new KerberosSerializationException("Exception occured", e);
    }
  }
  /**
   * Encodes the authentication packet for supported authentication methods.
   *
   * @param request the socks proxy request data
   * @return the encoded buffer
   * @throws GSSException when something fails while using GSSAPI
   */
  private IoBuffer encodeGSSAPIAuthenticationPacket(final SocksProxyRequest request)
      throws GSSException {
    GSSContext ctx = (GSSContext) getSession().getAttribute(GSS_CONTEXT);
    if (ctx == null) {
      // first step in the authentication process
      GSSManager manager = GSSManager.getInstance();
      GSSName serverName = manager.createName(request.getServiceKerberosName(), null);
      Oid krb5OID = new Oid(SocksProxyConstants.KERBEROS_V5_OID);

      if (LOGGER.isDebugEnabled()) {
        LOGGER.debug("Available mechs:");
        for (Oid o : manager.getMechs()) {
          if (o.equals(krb5OID)) {
            LOGGER.debug("Found Kerberos V OID available");
          }
          LOGGER.debug("{} with oid = {}", manager.getNamesForMech(o), o);
        }
      }

      ctx = manager.createContext(serverName, krb5OID, null, GSSContext.DEFAULT_LIFETIME);

      ctx.requestMutualAuth(true); // Mutual authentication
      ctx.requestConf(false);
      ctx.requestInteg(false);

      getSession().setAttribute(GSS_CONTEXT, ctx);
    }

    byte[] token = (byte[]) getSession().getAttribute(GSS_TOKEN);
    if (token != null) {
      LOGGER.debug("  Received Token[{}] = {}", token.length, ByteUtilities.asHex(token));
    }
    IoBuffer buf = null;

    if (!ctx.isEstablished()) {
      // token is ignored on the first call
      if (token == null) {
        token = new byte[32];
      }

      token = ctx.initSecContext(token, 0, token.length);

      // Send a token to the server if one was generated by
      // initSecContext
      if (token != null) {
        LOGGER.debug("  Sending Token[{}] = {}", token.length, ByteUtilities.asHex(token));

        getSession().setAttribute(GSS_TOKEN, token);
        buf = IoBuffer.allocate(4 + token.length);
        buf.put(
            new byte[] {
              SocksProxyConstants.GSSAPI_AUTH_SUBNEGOTIATION_VERSION,
              SocksProxyConstants.GSSAPI_MSG_TYPE
            });

        buf.put(ByteUtilities.intToNetworkByteOrder(token.length, 2));
        buf.put(token);
      }
    }

    return buf;
  }