private static KerberosTicket getTgt(int caller, Krb5NameElement name, int initLifetime)
throws GSSException {
String realm = null;
final String clientPrincipal, tgsPrincipal = null;
/*
* Find the TGT for the realm that the client is in. If the client
* name is not available, then use the default realm.
*/
if (name != null) {
clientPrincipal = (name.getKrb5PrincipalName()).getName();
realm = (name.getKrb5PrincipalName()).getRealmAsString();
} else {
clientPrincipal = null;
try {
Config config = Config.getInstance();
realm = config.getDefaultRealm();
} catch (KrbException e) {
GSSException ge =
new GSSException(
GSSException.NO_CRED,
-1,
"Attempt to obtain INITIATE credentials failed!" + " (" + e.getMessage() + ")");
ge.initCause(e);
throw ge;
}
}
final AccessControlContext acc = AccessController.getContext();
try {
final int realCaller = (caller == GSSUtil.CALLER_UNKNOWN) ? GSSUtil.CALLER_INITIATE : caller;
return AccessController.doPrivileged(
new PrivilegedExceptionAction<KerberosTicket>() {
public KerberosTicket run() throws Exception {
return Krb5Util.getTicket(realCaller, clientPrincipal, tgsPrincipal, acc);
}
});
} catch (PrivilegedActionException e) {
GSSException ge =
new GSSException(
GSSException.NO_CRED,
-1,
"Attempt to obtain new INITIATE credentials failed!" + " (" + e.getMessage() + ")");
ge.initCause(e.getException());
throw ge;
}
}
/** Called to invalidate this credential element. */
public void dispose() throws GSSException {
try {
destroy();
} catch (javax.security.auth.DestroyFailedException e) {
GSSException gssException =
new GSSException(
GSSException.FAILURE, -1, "Could not destroy credentials - " + e.getMessage());
gssException.initCause(e);
}
}