コード例 #1
0
  private Krb5InitCredential(
      Krb5NameElement name,
      byte[] asn1Encoding,
      KerberosPrincipal client,
      KerberosPrincipal server,
      byte[] sessionKey,
      int keyType,
      boolean[] flags,
      Date authTime,
      Date startTime,
      Date endTime,
      Date renewTill,
      InetAddress[] clientAddresses)
      throws GSSException {
    super(
        asn1Encoding,
        client,
        server,
        sessionKey,
        keyType,
        flags,
        authTime,
        startTime,
        endTime,
        renewTill,
        clientAddresses);

    this.name = name;

    try {
      // Cache this for later use by the sun.security.krb5 package.
      krb5Credentials =
          new Credentials(
              asn1Encoding,
              client.getName(),
              server.getName(),
              sessionKey,
              keyType,
              flags,
              authTime,
              startTime,
              endTime,
              renewTill,
              clientAddresses);
    } catch (KrbException e) {
      throw new GSSException(GSSException.NO_CRED, -1, e.getMessage());
    } catch (IOException e) {
      throw new GSSException(GSSException.NO_CRED, -1, e.getMessage());
    }
  }
コード例 #2
0
  private static KerberosTicket getTgt(int caller, Krb5NameElement name, int initLifetime)
      throws GSSException {

    String realm = null;
    final String clientPrincipal, tgsPrincipal = null;

    /*
     * Find the TGT for the realm that the client is in. If the client
     * name is not available, then use the default realm.
     */
    if (name != null) {
      clientPrincipal = (name.getKrb5PrincipalName()).getName();
      realm = (name.getKrb5PrincipalName()).getRealmAsString();
    } else {
      clientPrincipal = null;
      try {
        Config config = Config.getInstance();
        realm = config.getDefaultRealm();
      } catch (KrbException e) {
        GSSException ge =
            new GSSException(
                GSSException.NO_CRED,
                -1,
                "Attempt to obtain INITIATE credentials failed!" + " (" + e.getMessage() + ")");
        ge.initCause(e);
        throw ge;
      }
    }

    final AccessControlContext acc = AccessController.getContext();

    try {
      final int realCaller = (caller == GSSUtil.CALLER_UNKNOWN) ? GSSUtil.CALLER_INITIATE : caller;
      return AccessController.doPrivileged(
          new PrivilegedExceptionAction<KerberosTicket>() {
            public KerberosTicket run() throws Exception {
              return Krb5Util.getTicket(realCaller, clientPrincipal, tgsPrincipal, acc);
            }
          });
    } catch (PrivilegedActionException e) {
      GSSException ge =
          new GSSException(
              GSSException.NO_CRED,
              -1,
              "Attempt to obtain new INITIATE credentials failed!" + " (" + e.getMessage() + ")");
      ge.initCause(e.getException());
      throw ge;
    }
  }