Esempio n. 1
0
  protected Socket wrapSocket(Socket socket) throws GSSException {

    GSSManager manager = ExtendedGSSManager.getInstance();

    ExtendedGSSContext context = (ExtendedGSSContext) manager.createContext(credentials);

    context.setOption(GSSConstants.GSS_MODE, gssMode);

    GssSocketFactory factory = GssSocketFactory.getDefault();

    GssSocket gsiSocket = (GssSocket) factory.createSocket(socket, null, 0, context);

    // server socket
    gsiSocket.setUseClientMode(false);
    gsiSocket.setAuthorization(this.authorization);

    return gsiSocket;
  }
  public void authenticate(AuthenticationProtocolClient authenticationprotocolclient, String s)
      throws IOException, TerminatedStateException {
    try {
      logger.finest("Registering gss-ssh return messages.");
      authenticationprotocolclient.registerMessage(
          com.sshtools.j2ssh.authentication.SshMsgUserauthGssapiResponse.class, 60);
      authenticationprotocolclient.registerMessage(
          com.sshtools.j2ssh.authentication.SshMsgUserauthGssapiToken.class, 61);
      authenticationprotocolclient.registerMessage(
          com.sshtools.j2ssh.authentication.SshMsgUserauthGssapiError.class, 64);
      authenticationprotocolclient.registerMessage(
          com.sshtools.j2ssh.authentication.SshMsgUserauthGssapiErrtok.class, 65);
      logger.finest("Sending gssapi user auth request.");
      ByteArrayWriter bytearraywriter = new ByteArrayWriter();
      bytearraywriter.writeUINT32(new UnsignedInteger32(1L));
      byte abyte0[] = GSSConstants.MECH_OID.getDER();
      bytearraywriter.writeBinaryString(abyte0);
      logger.finest("Username:"******"gssapi", bytearraywriter.toByteArray());
      authenticationprotocolclient.sendMessage(sshmsguserauthrequest);
      logger.finest("Receiving user auth response:");
      SshMsgUserauthGssapiResponse sshmsguserauthgssapiresponse =
          (SshMsgUserauthGssapiResponse) authenticationprotocolclient.readMessage(60);
      ByteArrayReader bytearrayreader =
          new ByteArrayReader(sshmsguserauthgssapiresponse.getRequestData());
      byte abyte1[] = bytearrayreader.readBinaryString();
      if (logger.isLoggable(Level.FINEST)) {
        logger.log(Level.FINEST, "Mechanism requested: " + GSSConstants.MECH_OID);
        logger.log(Level.FINEST, "Mechanism selected: " + new Oid(abyte1));
        logger.log(Level.FINEST, "Verify that selected mechanism is GSSAPI.");
      }
      if (!GSSConstants.MECH_OID.equals(new Oid(abyte1))) {
        logger.warning("Mechanism do not match!");
        throw new IOException("Mechanism do not match!");
      }
      logger.finest("Creating GSS context base on grid credentials.");
      GlobusGSSManagerImpl globusgssmanagerimpl = new GlobusGSSManagerImpl();

      HostAuthorization gssAuth = new HostAuthorization(null);
      GSSName targetName = gssAuth.getExpectedName(null, hostname);

      GSSContext gsscontext =
          globusgssmanagerimpl.createContext(
              targetName, new Oid(abyte1), gsscredential, GSSCredential.INDEFINITE_LIFETIME - 1);
      gsscontext.requestCredDeleg(true);
      gsscontext.requestMutualAuth(true);
      gsscontext.requestReplayDet(true);
      gsscontext.requestSequenceDet(true);
      // MOD
      // gsscontext.requestConf(false);
      gsscontext.requestConf(true);

      Object type = GSIConstants.DELEGATION_TYPE_LIMITED;
      gsscontext.requestCredDeleg(false);
      ((ExtendedGSSContext) gsscontext).setOption(GSSConstants.DELEGATION_TYPE, type);

      logger.finest("Starting GSS token exchange.");
      byte abyte2[] = new byte[0];
      do {
        if (gsscontext.isEstablished()) break;
        byte abyte3[] = gsscontext.initSecContext(abyte2, 0, abyte2.length);
        if (abyte3 != null) {
          ByteArrayWriter bytearraywriter1 = new ByteArrayWriter();
          bytearraywriter1.writeBinaryString(abyte3);
          SshMsgUserauthGssapiToken sshmsguserauthgssapitoken =
              new SshMsgUserauthGssapiToken(bytearraywriter1.toByteArray());
          authenticationprotocolclient.sendMessage(sshmsguserauthgssapitoken);
        }
        if (!gsscontext.isEstablished()) {
          SshMsgUserauthGssapiToken sshmsguserauthgssapitoken1 =
              (SshMsgUserauthGssapiToken) authenticationprotocolclient.readMessage(61);
          ByteArrayReader bytearrayreader1 =
              new ByteArrayReader(sshmsguserauthgssapitoken1.getRequestData());
          abyte2 = bytearrayreader1.readBinaryString();
        }
      } while (true);
      logger.log(Level.FINEST, "Sending gssapi exchange complete.");
      SshMsgUserauthGssapiExchangeComplete sshmsguserauthgssapiexchangecomplete =
          new SshMsgUserauthGssapiExchangeComplete();
      authenticationprotocolclient.sendMessage(sshmsguserauthgssapiexchangecomplete);
      if (logger.isLoggable(Level.FINEST)) {
        logger.log(
            Level.FINEST,
            "Context established.\nInitiator : "
                + gsscontext.getSrcName()
                + "\nAcceptor  : "
                + gsscontext.getTargName()
                + "\nLifetime  : "
                + gsscontext.getLifetime()
                + "\nIntegrity   : "
                + gsscontext.getIntegState()
                + "\nConfidentiality   : "
                + gsscontext.getConfState()
                + "\nAnonymity : "
                + gsscontext.getAnonymityState());
      }
    } catch (Throwable t) {
      logger.log(Level.WARNING, "Got Exception: ", t);
      throw new TerminatedStateException(AuthenticationProtocolState.FAILED);
    }
  }