Examples with ExtendedGSSContext com.sun.security.jgss.ExtendedGSSContext used on opensource projects

Example 1 with ExtendedGSSContext

use of com.sun.security.jgss.ExtendedGSSContext in project jdk8u_jdk by JetBrains.

the class NegotiatorImpl method init.

/**
     * Initialize the object, which includes:<ul>
     * <li>Find out what GSS mechanism to use from the system property
     * <code>http.negotiate.mechanism.oid</code>, defaults SPNEGO
     * <li>Creating the GSSName for the target host, "HTTP/"+hostname
     * <li>Creating GSSContext
     * <li>A first call to initSecContext</ul>
     */
private void init(HttpCallerInfo hci) throws GSSException {
    final Oid oid;
    if (hci.scheme.equalsIgnoreCase("Kerberos")) {
        // we can only use Kerberos mech when the scheme is kerberos
        oid = GSSUtil.GSS_KRB5_MECH_OID;
    } else {
        String pref = java.security.AccessController.doPrivileged(new java.security.PrivilegedAction<String>() {

            public String run() {
                return System.getProperty("http.auth.preference", "spnego");
            }
        });
        if (pref.equalsIgnoreCase("kerberos")) {
            oid = GSSUtil.GSS_KRB5_MECH_OID;
        } else {
            // currently there is no 3rd mech we can use
            oid = GSSUtil.GSS_SPNEGO_MECH_OID;
        }
    }
    GSSManagerImpl manager = new GSSManagerImpl(new HttpCaller(hci));
    // RFC 4559 4.1 uses uppercase service name "HTTP".
    // RFC 4120 6.2.1 demands the host be lowercase
    String peerName = "HTTP@" + hci.host.toLowerCase();
    GSSName serverName = manager.createName(peerName, GSSName.NT_HOSTBASED_SERVICE);
    context = manager.createContext(serverName, oid, null, GSSContext.DEFAULT_LIFETIME);
    // Always respect delegation policy in HTTP/SPNEGO.
    if (context instanceof ExtendedGSSContext) {
        ((ExtendedGSSContext) context).requestDelegPolicy(true);
    }
    oneToken = context.initSecContext(new byte[0], 0, 0);
}

Example 2 with ExtendedGSSContext

use of com.sun.security.jgss.ExtendedGSSContext in project jdk8u_jdk by JetBrains.

the class Context method status.

/**
     * Prints status of GSSContext and Subject
     * @throws java.lang.Exception
     */
public void status() throws Exception {
    System.out.println("STATUS OF " + name.toUpperCase());
    try {
        StringBuffer sb = new StringBuffer();
        if (x.getAnonymityState()) {
            sb.append("anon, ");
        }
        if (x.getConfState()) {
            sb.append("conf, ");
        }
        if (x.getCredDelegState()) {
            sb.append("deleg, ");
        }
        if (x.getIntegState()) {
            sb.append("integ, ");
        }
        if (x.getMutualAuthState()) {
            sb.append("mutual, ");
        }
        if (x.getReplayDetState()) {
            sb.append("rep det, ");
        }
        if (x.getSequenceDetState()) {
            sb.append("seq det, ");
        }
        if (x instanceof ExtendedGSSContext) {
            if (((ExtendedGSSContext) x).getDelegPolicyState()) {
                sb.append("deleg policy, ");
            }
        }
        System.out.println("Context status of " + name + ": " + sb.toString());
        System.out.println(x.getSrcName() + " -> " + x.getTargName());
    } catch (Exception e) {
        // Don't care
        ;
    }
    if (s != null) {
        System.out.println("====== START SUBJECT CONTENT =====");
        for (Principal p : s.getPrincipals()) {
            System.out.println("    Principal: " + p);
        }
        for (Object o : s.getPublicCredentials()) {
            System.out.println("    " + o.getClass());
            System.out.println("        " + o);
        }
        System.out.println("====== Private Credentials Set ======");
        for (Object o : s.getPrivateCredentials()) {
            System.out.println("    " + o.getClass());
            if (o instanceof KerberosTicket) {
                KerberosTicket kt = (KerberosTicket) o;
                System.out.println("        " + kt.getServer() + " for " + kt.getClient());
            } else if (o instanceof KerberosKey) {
                KerberosKey kk = (KerberosKey) o;
                System.out.print("        " + kk.getKeyType() + " " + kk.getVersionNumber() + " " + kk.getAlgorithm() + " ");
                for (byte b : kk.getEncoded()) {
                    System.out.printf("%02X", b & 0xff);
                }
                System.out.println();
            } else if (o instanceof Map) {
                Map map = (Map) o;
                for (Object k : map.keySet()) {
                    System.out.println("        " + k + ": " + map.get(k));
                }
            } else {
                System.out.println("        " + o);
            }
        }
        System.out.println("====== END SUBJECT CONTENT =====");
    }
    if (x != null && x instanceof ExtendedGSSContext) {
        if (x.isEstablished()) {
            ExtendedGSSContext ex = (ExtendedGSSContext) x;
            Key k = (Key) ex.inquireSecContext(InquireType.KRB5_GET_SESSION_KEY);
            if (k == null) {
                throw new Exception("Session key cannot be null");
            }
            System.out.println("Session key is: " + k);
            boolean[] flags = (boolean[]) ex.inquireSecContext(InquireType.KRB5_GET_TKT_FLAGS);
            if (flags == null) {
                throw new Exception("Ticket flags cannot be null");
            }
            System.out.println("Ticket flags is: " + Arrays.toString(flags));
            String authTime = (String) ex.inquireSecContext(InquireType.KRB5_GET_AUTHTIME);
            if (authTime == null) {
                throw new Exception("Auth time cannot be null");
            }
            System.out.println("AuthTime is: " + authTime);
            if (!x.isInitiator()) {
                AuthorizationDataEntry[] ad = (AuthorizationDataEntry[]) ex.inquireSecContext(InquireType.KRB5_GET_AUTHZ_DATA);
                System.out.println("AuthzData is: " + Arrays.toString(ad));
            }
        }
    }
}

Example 3 with ExtendedGSSContext

use of com.sun.security.jgss.ExtendedGSSContext in project jdk8u_jdk by JetBrains.

the class OkAsDelegate method go.

void go(boolean forwardable, boolean requestDelegState, boolean requestDelegPolicyState, boolean delegState, boolean delegPolicyState, boolean delegated) throws Exception {
    OneKDC kdc = new OneKDC(null);
    kdc.setOption(KDC.Option.OK_AS_DELEGATE, System.getProperty("test.kdc.policy.ok-as-delegate"));
    kdc.writeJAASConf();
    if (!forwardable) {
        // The default OneKDC always includes "forwardable = true"
        // in krb5.conf, override it.
        KDC.saveConfig(OneKDC.KRB5_CONF, kdc, "default_keytab_name = " + OneKDC.KTAB);
        Config.refresh();
    }
    Context c, s;
    c = Context.fromJAAS("client");
    s = Context.fromJAAS("com.sun.security.jgss.krb5.accept");
    Oid mech = GSSUtil.GSS_KRB5_MECH_OID;
    if (System.getProperty("test.spnego") != null) {
        mech = GSSUtil.GSS_SPNEGO_MECH_OID;
    }
    c.startAsClient(OneKDC.SERVER, mech);
    ExtendedGSSContext cx = (ExtendedGSSContext) c.x();
    cx.requestCredDeleg(requestDelegState);
    cx.requestDelegPolicy(requestDelegPolicyState);
    s.startAsServer(mech);
    ExtendedGSSContext sx = (ExtendedGSSContext) s.x();
    Context.handshake(c, s);
    if (cx.getCredDelegState() != delegState) {
        throw new Exception("Initiator cred state error");
    }
    if (sx.getCredDelegState() != delegState) {
        throw new Exception("Acceptor cred state error");
    }
    if (cx.getDelegPolicyState() != delegPolicyState) {
        throw new Exception("Initiator cred policy state error");
    }
    GSSCredential cred = null;
    try {
        cred = s.x().getDelegCred();
    } catch (GSSException e) {
    // leave cred as null
    }
    if (delegated != (cred != null)) {
        throw new Exception("get cred error");
    }
}