Examples of org.ietf.jgss.Oid

• org.ietf.jgss.Oid
  This class represents Universal Object Identifiers (Oids) and their associated operations.

  Oids are hierarchically globally-interpretable identifiers used within the GSS-API framework to identify mechanisms and name formats.

  The structure and encoding of Oids is defined in ISOIEC-8824 and ISOIEC-8825. For example the Oid representation of Kerberos V5 mechanism is "1.2.840.113554.1.2.2"

  The GSSName name class contains public static Oid objects representing the standard name types defined in GSS-API. @author Mayank Upadhyay @version 1.10, 06/22/06 @since 1.4

         *
         * Unfortunately SPNEGO is JRE >=1.6.
         */

        /** Try SPNEGO by default, fall back to Kerberos later if error */
        Oid negotiationOid  = new Oid(SPNEGO_OID);

        byte[] token = input;
        boolean tryKerberos = false;
        try {
            token = generateGSSToken(token, negotiationOid, authServer);
        } catch (GSSException ex){
            // BAD MECH means we are likely to be using 1.5, fall back to Kerberos MECH.
            // Rethrow any other exception.
            if (ex.getMajor() == GSSException.BAD_MECH ){
                log.debug("GSSException BAD_MECH, retry with Kerberos MECH");
                tryKerberos = true;
            } else {
                throw ex;
            }

        }
        if (tryKerberos){
            /* Kerberos v5 GSS-API mechanism defined in RFC 1964.*/
            log.debug("Using Kerberos MECH " + KERBEROS_OID);
            negotiationOid  = new Oid(KERBEROS_OID);
            token = generateGSSToken(token, negotiationOid, authServer);

            /*
             * IIS accepts Kerberos and SPNEGO tokens. Some other servers Jboss, Glassfish?
             * seem to only accept SPNEGO. Below wraps Kerberos into SPNEGO token.

     * @param server servername only (e.g: radar.it.su.se)
     */
    protected void init(String server) throws GSSException {
         LOG.debug("init " + server);
         /* Kerberos v5 GSS-API mechanism defined in RFC 1964. */
         Oid krb5Oid = new Oid("1.2.840.113554.1.2.2");
         GSSManager manager = GSSManager.getInstance();
         GSSName serverName = manager.createName("HTTP/"+server, null);
         context = manager.createContext(serverName, krb5Oid, null,
                                    GSSContext.DEFAULT_LIFETIME);
         context.requestMutualAuth(true);

        try {
            String spn = getCompleteServicePrincipalName(currentURL);

            boolean useKerberosOid = MessageUtils.isTrue(
                message.getContextualProperty(PROPERTY_USE_KERBEROS_OID));
            Oid oid = new Oid(useKerberosOid ? KERBEROS_OID : SPNEGO_OID);

            byte[] token = getToken(authPolicy, spn, oid, message);
            return HttpAuthHeader.AUTH_TYPE_NEGOTIATE + " " + Base64Utility.encode(token);
        } catch (LoginException e) {
            throw new RuntimeException(e.getMessage(), e);

        GSSContext ctx = (GSSContext) getSession().getAttribute(GSS_CONTEXT);
        if (ctx == null) {
            // first step in the authentication process
            GSSManager manager = GSSManager.getInstance();
            GSSName serverName = manager.createName(request.getServiceKerberosName(), null);
            Oid krb5OID = new Oid(SocksProxyConstants.KERBEROS_V5_OID);

            if (LOGGER.isDebugEnabled()) {
                LOGGER.debug("Available mechs:");
                for (Oid o : manager.getMechs()) {
                    if (o.equals(krb5OID)) {

     * @param server servername only (e.g: radar.it.su.se)
     */
    protected void init(String server) throws GSSException {
         LOG.debug("init " + server);
         /* Kerberos v5 GSS-API mechanism defined in RFC 1964. */
         Oid krb5Oid = new Oid("1.2.840.113554.1.2.2");
         GSSManager manager = GSSManager.getInstance();
         GSSName serverName = manager.createName("HTTP/"+server, null);
         context = manager.createContext(serverName, krb5Oid, null,
                                    GSSContext.DEFAULT_LIFETIME);
         context.requestMutualAuth(true);

            throw new FailedLoginException();
        }
        byte[] token = Base64.decode(username);
        try {
            GSSManager manager = GSSManager.getInstance();
            Oid krb5Oid = new Oid("1.3.6.1.5.5.2");
            GSSName gssName = manager.createName(targetName, GSSName.NT_USER_NAME);
            GSSCredential serverCreds = manager.createCredential(gssName, GSSCredential.INDEFINITE_LIFETIME, krb5Oid, GSSCredential.ACCEPT_ONLY);
            GSSContext gContext = manager.createContext(serverCreds);
            if (gContext == null) {
                log.debug("Failed to create a GSSContext");

    public byte[] run() {
        try {
            if (secContext == null) {
                GSSManager gssManager = GSSManager.getInstance();
                Oid oid = new Oid("1.3.6.1.5.5.2");

                GSSName gssService = gssManager.createName(serviceName, GSSName.NT_HOSTBASED_SERVICE);
                secContext = gssManager.createContext(gssService, oid, null, GSSContext.DEFAULT_LIFETIME);

                secContext.requestMutualAuth(mutualAuth);

    public byte[] run() {
        try {
            if (secContext == null) {
                GSSManager gssManager = GSSManager.getInstance();
                Oid oid = new Oid("1.3.6.1.5.5.2");

                GSSName gssService = gssManager.createName(serviceName, GSSName.NT_HOSTBASED_SERVICE);
                secContext = gssManager.createContext(gssService, oid, null, GSSContext.DEFAULT_LIFETIME);
            }

        return super.authenticate(credentials, request, context);
    }

    @Override
    protected byte[] generateToken(final byte[] input, final String authServer) throws GSSException {
        return generateGSSToken(input, new Oid(SPNEGO_OID), authServer);
    }

        return super.authenticate(credentials, request, context);
    }

    @Override
    protected byte[] generateToken(final byte[] input, final String authServer) throws GSSException {
        return generateGSSToken(input, new Oid(KERBEROS_OID), authServer);
    }