Examples of org.ietf.jgss.GSSCredential

• org.ietf.jgss.GSSCredential
  t by creating a name object for the entity GSSName name = manager.createName("myusername", GSSName.NT_USER_NAME); // now acquire credentials for the entity GSSCredential cred = manager.createCredential(name, GSSCredential.ACCEPT_ONLY); // display credential information - name, remaining lifetime, // and the mechanisms it has been acquired over System.out.println(cred.getName().toString()); System.out.println(cred.getRemainingLifetime()); Oid [] mechs = cred.getMechs(); if (mechs != null) { for (int i = 0; i < mechs.length; i++) System.out.println(mechs[i].toString()); } // release system resources held by the credential cred.dispose(); @see GSSManager#createCredential(int) @see GSSManager#createCredential(GSSName,int,Oid,int) @see GSSManager#createCredential(GSSName,int,Oid[],int) @see #dispose() @author Mayank Upadhyay @version 1.10, 06/29/06 @since 1.4

                    if (i > 0) {
                        // Zero so we don;t leave a zero length name
                        name = name.substring(0, i);
                    }
                }
                GSSCredential gssCredential = null;
                if (storeCred && gssContext.getCredDelegState()) {
                    try {
                        gssCredential = gssContext.getDelegCred();
                    } catch (GSSException e) {
                        if (log.isDebugEnabled()) {

         * Create a GSSContext to receive the incoming request from the client.
         * Use null for the server credentials passed in to tell the underlying
         * mechanism to use whatever credentials it has available that can be
         * used to accept this connection.
         */
        GSSCredential serverCreds = manager.createCredential(manager
                .createName(SERVICE_NAME, null),
                GSSCredential.DEFAULT_LIFETIME, new Oid(
                        SocksProxyConstants.KERBEROS_V5_OID),
                GSSCredential.ACCEPT_ONLY);

          @Override
          public AuthenticationToken run() throws Exception {
            AuthenticationToken token = null;
            GSSContext gssContext = null;
            GSSCredential gssCreds = null;
            try {
              gssCreds = gssManager.createCredential(
                  gssManager.createName(
                      KerberosUtil.getServicePrincipal("HTTP", serverName),
                      KerberosUtil.getOidInstance("NT_GSS_KRB5_PRINCIPAL")),
                  GSSCredential.INDEFINITE_LIFETIME,
                  new Oid[]{
                    KerberosUtil.getOidInstance("GSS_SPNEGO_MECH_OID"),
                    KerberosUtil.getOidInstance("GSS_KRB5_MECH_OID")},
                  GSSCredential.ACCEPT_ONLY);
              gssContext = gssManager.createContext(gssCreds);
              byte[] serverToken = gssContext.acceptSecContext(clientToken, 0, clientToken.length);
              if (serverToken != null && serverToken.length > 0) {
                String authenticate = base64.encodeToString(serverToken);
                response.setHeader(KerberosAuthenticator.WWW_AUTHENTICATE,
                                   KerberosAuthenticator.NEGOTIATE + " " + authenticate);
              }
              if (!gssContext.isEstablished()) {
                response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
                LOG.trace("SPNEGO in progress");
              } else {
                String clientPrincipal = gssContext.getSrcName().toString();
                KerberosName kerberosName = new KerberosName(clientPrincipal);
                String userName = kerberosName.getShortName();
                token = new AuthenticationToken(userName, clientPrincipal, getType());
                response.setStatus(HttpServletResponse.SC_OK);
                LOG.trace("SPNEGO completed for principal [{}]", clientPrincipal);
              }
            } finally {
              if (gssContext != null) {
                gssContext.dispose();
              }
              if (gssCreds != null) {
                gssCreds.dispose();
              }
            }
            return token;
          }
        });

      }

      GSSName clientName = gssManager.createName(
    clientPrincipal.getName(), KerberosUtil.krb5NameType);

      GSSCredential clientCred = gssManager.createCredential(
    clientName, GSSCredential.INDEFINITE_LIFETIME,
    KerberosUtil.krb5MechOid, GSSCredential.INITIATE_ONLY);

      GSSName serverName = gssManager.createName(
    serverPrincipal.getName(), KerberosUtil.krb5NameType);

  {
      if (requestDispatcher == null)
    throw new NullPointerException("null dispatcher is passed in");

      KerberosKey serverKey;
      GSSCredential serverCred;
      try {
    // make sure that serverPrincipal is in serverSubject
    if (serverSubject != null &&
        !serverSubject.getPrincipals().contains(serverPrincipal))
    {
        throw new UnsupportedConstraintException(
      "Failed to find serverPrincipal " + serverPrincipal +
      "in serverSubject's principal set, cannot listen.");
    }

    // getKey checks AuthenticationPermission "listen"
    serverKey = getKey(serverSubject, serverPrincipal);

    if (serverKey == null) {
        throw new UnsupportedConstraintException(
      "No valid Kerberos key in the server subject for " +
      serverPrincipal + ", cannot listen.");
    }

    synchronized (classLock) {
        if (gssManager == null) {
      gssManager = GSSManager.getInstance();
        }
    }

    try {
        serverCred = (GSSCredential) Security.doPrivileged(
      new PrivilegedExceptionAction() {
        public Object run() throws GSSException {
            return KerberosUtil.getGSSCredential(
          serverSubject, serverPrincipal,
          gssManager, GSSCredential.ACCEPT_ONLY);
        }
          });
    } catch (PrivilegedActionException pe) {
        GSSException ge = (GSSException) pe.getException();
        throw new UnsupportedConstraintException(
      "Failed to get GSSCredential for server principal: " +
      serverPrincipal, ge);
    }
      } catch (UnsupportedConstraintException uce) {
    if (logger.isLoggable(Levels.FAILED)) {
        KerberosUtil.logThrow(
      logger, Levels.FAILED, this.getClass(),
      "listen", "listen for {0}\nthrows",
      new Object[] {this}, uce);
    }
    throw uce;
      } catch (SecurityException se) {
    if (logger.isLoggable(Levels.FAILED)) {
        KerberosUtil.logThrow(
      logger, Levels.FAILED, this.getClass(),
      "listen", "listen for {0}\nthrows",
      new Object[] {this}, se);
    }
    throw se;
      }

      ServerSocket serverSocket;
      boolean done = false;
      try {
    if (ssf != null) {
        serverSocket = ssf.createServerSocket(port);
        if (logger.isLoggable(Level.FINE)) {
      logger.log(Level.FINE, "created {0} using factory " +
           "{1}", new Object[]{serverSocket, ssf});
        }
    } else {
        serverSocket = new ServerSocket(port);
        logger.log(Level.FINE, "created {0}", serverSocket);
    }
    done = true;
      } finally {
    if (!done) {
        try {
      serverCred.dispose();
        } catch (GSSException e) {}
    }
      }

      ListenHandleImpl listenHandle = new ListenHandleImpl(

    public KerberosContext run() throws GSSException, WSSecurityException {
        GSSManager gssManager = GSSManager.getInstance();

        Oid kerberos5Oid = new Oid("1.2.840.113554.1.2.2");
        GSSName gssClient = gssManager.createName(clientPrincipal.getName(), GSSName.NT_USER_NAME);
        GSSCredential credentials =
            gssManager.createCredential(
                gssClient, GSSCredential.DEFAULT_LIFETIME, kerberos5Oid, GSSCredential.INITIATE_ONLY
            );

        GSSName gssService = gssManager.createName(serviceName, isUsernameServiceNameForm ? GSSName.NT_USER_NAME : GSSName.NT_HOSTBASED_SERVICE);

        GSSManager gssManager = GSSManager.getInstance();

        Oid kerberos5Oid = new Oid(JGSS_KERBEROS_TICKET_OID);
        GSSName gssService = gssManager.createName(serviceName, isUsernameServiceNameForm ? GSSName.NT_USER_NAME : GSSName.NT_HOSTBASED_SERVICE);
        GSSCredential credentials =
            gssManager.createCredential(
                gssService, GSSCredential.DEFAULT_LIFETIME, kerberos5Oid, GSSCredential.ACCEPT_ONLY
            );

        KerberosServiceContext krbServiceCtx = null;

            if (!loaded) {
                return;
            }
            // Creates a secure channel in gpel.
            MyProxyClient myProxyClient = this.engine.getMyProxyClient();
            GSSCredential proxy = myProxyClient.getProxy();
            UserX509Credential credential = new UserX509Credential(
                    proxy, XBayaSecurity.getTrustedCertificates());
            try {
                workflowClient.setUserX509Credential(credential);
            } catch (WorkflowEngineException e) {

                .getMyProxyServer(), this.configuration.getMyProxyPort(),
                this.configuration.getMyProxyUsername(), this.configuration
                .getMyProxyPassphrase(), this.configuration
                .getMyProxyLifetime());
        client.load();
        GSSCredential proxy = client.getProxy();
        UserX509Credential credential = new UserX509Credential(proxy,
                trustedCertificates);
        this.workflowClient = WorkflowEngineManager.getWorkflowClient(XBayaConstants.DEFAULT_GPEL_ENGINE_URL,
                credential);

    public void XtestSecurity() throws WorkflowEngineException, IOException,
            GeneralSecurityException {
        boolean userCred = true;

        URI engineURL = XBayaConstants.DEFAULT_GPEL_ENGINE_URL;
        GSSCredential proxy = null;

        String trustedcerts = System.getProperty("trustedcerts");
        String certskey = System.getProperty("certskey");

        UserX509Credential credential;