protected Socket wrapSocket(Socket socket) throws GSSException { GSSManager manager = ExtendedGSSManager.getInstance(); ExtendedGSSContext context = (ExtendedGSSContext) manager.createContext(credentials); context.setOption(GSSConstants.GSS_MODE, gssMode); GssSocketFactory factory = GssSocketFactory.getDefault(); GssSocket gsiSocket = (GssSocket) factory.createSocket(socket, null, 0, context); // server socket gsiSocket.setUseClientMode(false); gsiSocket.setAuthorization(this.authorization); return gsiSocket; }
public void authenticate(AuthenticationProtocolClient authenticationprotocolclient, String s) throws IOException, TerminatedStateException { try { logger.finest("Registering gss-ssh return messages."); authenticationprotocolclient.registerMessage( com.sshtools.j2ssh.authentication.SshMsgUserauthGssapiResponse.class, 60); authenticationprotocolclient.registerMessage( com.sshtools.j2ssh.authentication.SshMsgUserauthGssapiToken.class, 61); authenticationprotocolclient.registerMessage( com.sshtools.j2ssh.authentication.SshMsgUserauthGssapiError.class, 64); authenticationprotocolclient.registerMessage( com.sshtools.j2ssh.authentication.SshMsgUserauthGssapiErrtok.class, 65); logger.finest("Sending gssapi user auth request."); ByteArrayWriter bytearraywriter = new ByteArrayWriter(); bytearraywriter.writeUINT32(new UnsignedInteger32(1L)); byte abyte0[] = GSSConstants.MECH_OID.getDER(); bytearraywriter.writeBinaryString(abyte0); logger.finest("Username:"******"gssapi", bytearraywriter.toByteArray()); authenticationprotocolclient.sendMessage(sshmsguserauthrequest); logger.finest("Receiving user auth response:"); SshMsgUserauthGssapiResponse sshmsguserauthgssapiresponse = (SshMsgUserauthGssapiResponse) authenticationprotocolclient.readMessage(60); ByteArrayReader bytearrayreader = new ByteArrayReader(sshmsguserauthgssapiresponse.getRequestData()); byte abyte1[] = bytearrayreader.readBinaryString(); if (logger.isLoggable(Level.FINEST)) { logger.log(Level.FINEST, "Mechanism requested: " + GSSConstants.MECH_OID); logger.log(Level.FINEST, "Mechanism selected: " + new Oid(abyte1)); logger.log(Level.FINEST, "Verify that selected mechanism is GSSAPI."); } if (!GSSConstants.MECH_OID.equals(new Oid(abyte1))) { logger.warning("Mechanism do not match!"); throw new IOException("Mechanism do not match!"); } logger.finest("Creating GSS context base on grid credentials."); GlobusGSSManagerImpl globusgssmanagerimpl = new GlobusGSSManagerImpl(); HostAuthorization gssAuth = new HostAuthorization(null); GSSName targetName = gssAuth.getExpectedName(null, hostname); GSSContext gsscontext = globusgssmanagerimpl.createContext( targetName, new Oid(abyte1), gsscredential, GSSCredential.INDEFINITE_LIFETIME - 1); gsscontext.requestCredDeleg(true); gsscontext.requestMutualAuth(true); gsscontext.requestReplayDet(true); gsscontext.requestSequenceDet(true); // MOD // gsscontext.requestConf(false); gsscontext.requestConf(true); Object type = GSIConstants.DELEGATION_TYPE_LIMITED; gsscontext.requestCredDeleg(false); ((ExtendedGSSContext) gsscontext).setOption(GSSConstants.DELEGATION_TYPE, type); logger.finest("Starting GSS token exchange."); byte abyte2[] = new byte[0]; do { if (gsscontext.isEstablished()) break; byte abyte3[] = gsscontext.initSecContext(abyte2, 0, abyte2.length); if (abyte3 != null) { ByteArrayWriter bytearraywriter1 = new ByteArrayWriter(); bytearraywriter1.writeBinaryString(abyte3); SshMsgUserauthGssapiToken sshmsguserauthgssapitoken = new SshMsgUserauthGssapiToken(bytearraywriter1.toByteArray()); authenticationprotocolclient.sendMessage(sshmsguserauthgssapitoken); } if (!gsscontext.isEstablished()) { SshMsgUserauthGssapiToken sshmsguserauthgssapitoken1 = (SshMsgUserauthGssapiToken) authenticationprotocolclient.readMessage(61); ByteArrayReader bytearrayreader1 = new ByteArrayReader(sshmsguserauthgssapitoken1.getRequestData()); abyte2 = bytearrayreader1.readBinaryString(); } } while (true); logger.log(Level.FINEST, "Sending gssapi exchange complete."); SshMsgUserauthGssapiExchangeComplete sshmsguserauthgssapiexchangecomplete = new SshMsgUserauthGssapiExchangeComplete(); authenticationprotocolclient.sendMessage(sshmsguserauthgssapiexchangecomplete); if (logger.isLoggable(Level.FINEST)) { logger.log( Level.FINEST, "Context established.\nInitiator : " + gsscontext.getSrcName() + "\nAcceptor : " + gsscontext.getTargName() + "\nLifetime : " + gsscontext.getLifetime() + "\nIntegrity : " + gsscontext.getIntegState() + "\nConfidentiality : " + gsscontext.getConfState() + "\nAnonymity : " + gsscontext.getAnonymityState()); } } catch (Throwable t) { logger.log(Level.WARNING, "Got Exception: ", t); throw new TerminatedStateException(AuthenticationProtocolState.FAILED); } }