Пример #1
0
 /** Called to invalidate this credential element. */
 public void dispose() throws GSSException {
   try {
     destroy();
   } catch (javax.security.auth.DestroyFailedException e) {
     GSSException gssException =
         new GSSException(
             GSSException.FAILURE, -1, "Could not destroy credentials - " + e.getMessage());
     gssException.initCause(e);
   }
 }
Пример #2
0
  private static KerberosTicket getTgt(int caller, Krb5NameElement name, int initLifetime)
      throws GSSException {

    String realm = null;
    final String clientPrincipal, tgsPrincipal = null;

    /*
     * Find the TGT for the realm that the client is in. If the client
     * name is not available, then use the default realm.
     */
    if (name != null) {
      clientPrincipal = (name.getKrb5PrincipalName()).getName();
      realm = (name.getKrb5PrincipalName()).getRealmAsString();
    } else {
      clientPrincipal = null;
      try {
        Config config = Config.getInstance();
        realm = config.getDefaultRealm();
      } catch (KrbException e) {
        GSSException ge =
            new GSSException(
                GSSException.NO_CRED,
                -1,
                "Attempt to obtain INITIATE credentials failed!" + " (" + e.getMessage() + ")");
        ge.initCause(e);
        throw ge;
      }
    }

    final AccessControlContext acc = AccessController.getContext();

    try {
      final int realCaller = (caller == GSSUtil.CALLER_UNKNOWN) ? GSSUtil.CALLER_INITIATE : caller;
      return AccessController.doPrivileged(
          new PrivilegedExceptionAction<KerberosTicket>() {
            public KerberosTicket run() throws Exception {
              return Krb5Util.getTicket(realCaller, clientPrincipal, tgsPrincipal, acc);
            }
          });
    } catch (PrivilegedActionException e) {
      GSSException ge =
          new GSSException(
              GSSException.NO_CRED,
              -1,
              "Attempt to obtain new INITIATE credentials failed!" + " (" + e.getMessage() + ")");
      ge.initCause(e.getException());
      throw ge;
    }
  }
Пример #3
0
  public int initSecContext(InputStream inStream, OutputStream outStream) throws GSSException {

    if (mechCtxt != null && currentState != IN_PROGRESS) {
      throw new GSSExceptionImpl(GSSException.FAILURE, "Illegal call to initSecContext");
    }

    GSSHeader gssHeader = null;
    int inTokenLen = -1;
    GSSCredentialSpi credElement = null;
    boolean firstToken = false;

    try {
      if (mechCtxt == null) {
        if (myCred != null) {
          try {
            credElement = myCred.getElement(mechOid, true);
          } catch (GSSException ge) {
            if (GSSUtil.isSpNegoMech(mechOid) && ge.getMajor() == GSSException.NO_CRED) {
              credElement = myCred.getElement(myCred.getMechs()[0], true);
            } else {
              throw ge;
            }
          }
        }
        GSSNameSpi nameElement = targName.getElement(mechOid);
        mechCtxt = gssManager.getMechanismContext(nameElement, credElement, reqLifetime, mechOid);
        mechCtxt.requestConf(reqConfState);
        mechCtxt.requestInteg(reqIntegState);
        mechCtxt.requestCredDeleg(reqCredDelegState);
        mechCtxt.requestMutualAuth(reqMutualAuthState);
        mechCtxt.requestReplayDet(reqReplayDetState);
        mechCtxt.requestSequenceDet(reqSequenceDetState);
        mechCtxt.requestAnonymity(reqAnonState);
        mechCtxt.setChannelBinding(channelBindings);
        mechCtxt.requestDelegPolicy(reqDelegPolicyState);

        objId = new ObjectIdentifier(mechOid.toString());

        currentState = IN_PROGRESS;
        firstToken = true;
      } else {
        if (mechCtxt.getProvider().getName().equals("SunNativeGSS")
            || GSSUtil.isSpNegoMech(mechOid)) {
          // do not parse GSS header for native provider or SPNEGO
          // mech
        } else {
          // parse GSS header
          gssHeader = new GSSHeader(inStream);
          if (!gssHeader.getOid().equals((Object) objId))
            throw new GSSExceptionImpl(
                GSSException.DEFECTIVE_TOKEN,
                "Mechanism not equal to " + mechOid.toString() + " in initSecContext token");
          inTokenLen = gssHeader.getMechTokenLength();
        }
      }

      byte[] obuf = mechCtxt.initSecContext(inStream, inTokenLen);

      int retVal = 0;

      if (obuf != null) {
        retVal = obuf.length;
        if (mechCtxt.getProvider().getName().equals("SunNativeGSS")
            || (!firstToken && GSSUtil.isSpNegoMech(mechOid))) {
          // do not add GSS header for native provider or SPNEGO
          // except for the first SPNEGO token
        } else {
          // add GSS header
          gssHeader = new GSSHeader(objId, obuf.length);
          retVal += gssHeader.encode(outStream);
        }
        outStream.write(obuf);
      }

      if (mechCtxt.isEstablished()) currentState = READY;

      return retVal;

    } catch (IOException e) {
      throw new GSSExceptionImpl(GSSException.DEFECTIVE_TOKEN, e.getMessage());
    }
  }