Package org.ietf.jgss

Examples of org.ietf.jgss.GSSManager


      // RFC 1964
      Oid krb5=new Oid("1.2.840.113554.1.2.2");
      // Kerberos Principal Name Form
      Oid principalName=new Oid("1.2.840.113554.1.2.2.1");

      GSSManager mgr=GSSManager.getInstance();

      GSSCredential crd=null;
      /*
      try{
        GSSName _user=mgr.createName(user, principalName);
        crd=mgr.createCredential(_user,
                                 GSSCredential.DEFAULT_LIFETIME,
                                 krb5,
                                 GSSCredential.INITIATE_ONLY);
      }
      catch(GSSException crdex){
      }
      */

      String cname=host;
      try{
        cname=InetAddress.getByName(cname).getCanonicalHostName();
      }
      catch(UnknownHostException e){
      }
      GSSName _host=mgr.createName("host/"+cname, principalName);

      context=mgr.createContext(_host,
                                krb5,
                                crd,
                                GSSContext.DEFAULT_LIFETIME);

      // RFC4462  3.4.  GSS-API Session
View Full Code Here


            String service,
            String name,
            int userLifetime,
            int contextLifetime
            ) throws GSSException{
        GSSManager manager = GSSManager.getInstance();
        Oid oid = null;
        GSSName serviceName = null;
        GSSName clientName = null;
        GSSCredential clientCreds = null;
       
        oid = new Oid(OID);

        serviceName = manager.createName(
                service + "@" + host, GSSName.NT_HOSTBASED_SERVICE, oid);
        if(name!=null){
            clientName = manager.createName(name, GSSName.NT_USER_NAME, oid);
            clientCreds = manager.createCredential(
                        clientName, userLifetime, oid, GSSCredential.INITIATE_ONLY);
        }
        gssContext = manager.createContext(
                serviceName,
                oid,
                clientCreds,
                contextLifetime);
    }
View Full Code Here

                        HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
                return false;
            }
            // Assume the GSSContext is stateless
            // TODO: Confirm this assumption
            final GSSManager manager = GSSManager.getInstance();
            final PrivilegedExceptionAction<GSSCredential> action =
                new PrivilegedExceptionAction<GSSCredential>() {
                    @Override
                    public GSSCredential run() throws GSSException {
                        return manager.createCredential(null,
                                GSSCredential.DEFAULT_LIFETIME,
                                new Oid("1.3.6.1.5.5.2"),
                                GSSCredential.ACCEPT_ONLY);
                    }
                };
            gssContext = manager.createContext(Subject.doAs(lc.getSubject(), action));

            outToken = Subject.doAs(lc.getSubject(), new AcceptAction(gssContext, decoded));

            if (outToken == null) {
                if (log.isDebugEnabled()) {
View Full Code Here

                    if (!auth.validateInitialUser(session, username)) {
                        return Boolean.FALSE;
                    }

                    GSSManager mgr = auth.getGSSManager();
                    GSSCredential creds = auth.getGSSCredential(mgr);

                    if (creds == null) {
                        return Boolean.FALSE;
                    }

                    context = mgr.createContext(creds);

                    // Send the matching mechanism back to the client

                    Buffer b = session.createBuffer(SshConstants.Message.SSH_MSG_USERAUTH_INFO_REQUEST, 0);
                    byte[] out = oid.getDER();
View Full Code Here

            /** Try SPNEGO by default, fall back to Kerberos later if error */
            negotiationOid  = new Oid(SPNEGO_OID);

            boolean tryKerberos = false;
            try {
                GSSManager manager = getManager();
                GSSName serverName = manager.createName("HTTP@" + authServer, GSSName.NT_HOSTBASED_SERVICE);
                gssContext = manager.createContext(
                        serverName.canonicalize(negotiationOid), negotiationOid, null,
                        GSSContext.DEFAULT_LIFETIME);
                gssContext.requestMutualAuth(true);
                gssContext.requestCredDeleg(true);
            } catch (GSSException ex){
                // BAD MECH means we are likely to be using 1.5, fall back to Kerberos MECH.
                // Rethrow any other exception.
                if (ex.getMajor() == GSSException.BAD_MECH ){
                    log.debug("GSSException BAD_MECH, retry with Kerberos MECH");
                    tryKerberos = true;
                } else {
                    throw ex;
                }

            }
            if (tryKerberos){
                /* Kerberos v5 GSS-API mechanism defined in RFC 1964.*/
                log.debug("Using Kerberos MECH " + KERBEROS_OID);
                negotiationOid  = new Oid(KERBEROS_OID);
                GSSManager manager = getManager();
                GSSName serverName = manager.createName("HTTP@" + authServer, GSSName.NT_HOSTBASED_SERVICE);
                gssContext = manager.createContext(
                        serverName.canonicalize(negotiationOid), negotiationOid, null,
                        GSSContext.DEFAULT_LIFETIME);
                gssContext.requestMutualAuth(true);
                gssContext.requestCredDeleg(true);
            }
View Full Code Here

        public GSSException run()
        {
            try
            {
                GSSManager manager = GSSManager.getInstance();
                GSSName clientName = manager.createName( userName, GSSName.NT_USER_NAME );
                GSSCredential clientCred = manager.createCredential( clientName,
                    8 * 3600,
                    createKerberosOid(),
                    GSSCredential.INITIATE_ONLY );

                GSSName serverName = manager.createName( serviceName + "@" + hostName, GSSName.NT_HOSTBASED_SERVICE );
                GSSContext context = manager.createContext( serverName,
                    createKerberosOid(),
                    clientCred,
                    GSSContext.DEFAULT_LIFETIME );
                context.requestMutualAuth( true );
                context.requestConf( true );
View Full Code Here

    private String getKerberosUser()
    {
        LOGGER.debug("Obtaining userID from kerberos");
        String service = getConnectionSettings().getSaslProtocol() + "@" + getConnectionSettings().getSaslServerName();
        GSSManager manager = GSSManager.getInstance();

        try
        {
            GSSName acceptorName = manager.createName(service,
                GSSName.NT_HOSTBASED_SERVICE, KRB5_OID);

            GSSContext secCtx = manager.createContext(acceptorName,
                                                      KRB5_OID,
                                                      null,
                                                      GSSContext.INDEFINITE_LIFETIME);

            secCtx.initSecContext(new byte[0], 0, 1);
View Full Code Here

            username = null;
            throw new FailedLoginException();
        }
        byte[] token = Base64.decode(username);
        try {
            GSSManager manager = GSSManager.getInstance();
            Oid krb5Oid = new Oid("1.3.6.1.5.5.2");
            GSSName gssName = manager.createName(targetName, GSSName.NT_USER_NAME);
            GSSCredential serverCreds = manager.createCredential(gssName, GSSCredential.INDEFINITE_LIFETIME, krb5Oid, GSSCredential.ACCEPT_ONLY);
            GSSContext gContext = manager.createContext(serverCreds);
            if (gContext == null) {
                log.debug("Failed to create a GSSContext");
            } else {
                while (!gContext.isEstablished()) {
                    token = gContext.acceptSecContext(token, 0, token.length);
View Full Code Here

        }

        String spn = spnServiceClass + "@" + authServer;

        logger.debug("Requesting SPNego ticket for SPN {}", spn);
        GSSManager manager = getManager();
        GSSName serverName = manager.createName(spn, GSSName.NT_HOSTBASED_SERVICE);
        GSSName canonicalizedName = serverName.canonicalize(oid);

        logger.debug("Creating SPNego GSS context for canonicalized SPN {}", canonicalizedName);
        GSSContext gssContext = manager.createContext(canonicalizedName, oid, null, JavaVendor.getSpnegoLifetime());
        gssContext.requestMutualAuth(true);
        gssContext.requestCredDeleg(true);
        return gssContext.initSecContext(token, 0, token.length);
    }
View Full Code Here

        }

        String spn = spnServiceClass + "@" + authServer;

        logger.debug("Requesting Kerberos ticket for SPN {}", spn);
        GSSManager manager = getManager();
        GSSName serverName = manager.createName(spn, GSSName.NT_HOSTBASED_SERVICE);
        GSSName canonicalizedName = serverName.canonicalize(oid);

        logger.debug("Creating Kerberos GSS context for canonicalized SPN {}", canonicalizedName);
        GSSContext gssContext = manager.createContext(canonicalizedName, oid, null, GSSContext.DEFAULT_LIFETIME);
        gssContext.requestMutualAuth(true);
        gssContext.requestCredDeleg(true);
        return gssContext.initSecContext(token, 0, token.length);
    }
View Full Code Here

TOP

Related Classes of org.ietf.jgss.GSSManager

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.