* @param request the socks proxy request data
* @return the encoded buffer
* @throws GSSException when something fails while using GSSAPI
*/
private IoBuffer encodeGSSAPIAuthenticationPacket(final SocksProxyRequest request) throws GSSException {
GSSContext ctx = (GSSContext) getSession().getAttribute(GSS_CONTEXT);
if (ctx == null) {
// first step in the authentication process
GSSManager manager = GSSManager.getInstance();
GSSName serverName = manager.createName(request.getServiceKerberosName(), null);
Oid krb5OID = new Oid(SocksProxyConstants.KERBEROS_V5_OID);
if (LOGGER.isDebugEnabled()) {
LOGGER.debug("Available mechs:");
for (Oid o : manager.getMechs()) {
if (o.equals(krb5OID)) {
LOGGER.debug("Found Kerberos V OID available");
}
LOGGER.debug("{} with oid = {}", manager.getNamesForMech(o), o);
}
}
ctx = manager.createContext(serverName, krb5OID, null, GSSContext.DEFAULT_LIFETIME);
ctx.requestMutualAuth(true); // Mutual authentication
ctx.requestConf(false);
ctx.requestInteg(false);
getSession().setAttribute(GSS_CONTEXT, ctx);
}
byte[] token = (byte[]) getSession().getAttribute(GSS_TOKEN);
if (token != null) {
LOGGER.debug(" Received Token[{}] = {}", token.length, ByteUtilities.asHex(token));
}
IoBuffer buf = null;
if (!ctx.isEstablished()) {
// token is ignored on the first call
if (token == null) {
token = new byte[32];
}
token = ctx.initSecContext(token, 0, token.length);
// Send a token to the server if one was generated by
// initSecContext
if (token != null) {
LOGGER.debug(" Sending Token[{}] = {}", token.length, ByteUtilities.asHex(token));