Search in sources :

Example 31 with GSSManager

use of org.ietf.jgss.GSSManager in project voltdb by VoltDB.

the class HTTPClientInterface method spnegoLogin.

private String spnegoLogin(String encodedToken) {
    byte[] token = B64Code.decode(encodedToken);
    try {
        if (encodedToken == null || encodedToken.isEmpty()) {
            return null;
        }
        final Oid spnegoOid = new Oid("1.3.6.1.5.5.2");
        GSSManager manager = GSSManager.getInstance();
        GSSName name = manager.createName(m_servicePrincipal, null);
        GSSContext ctx = manager.createContext(name.canonicalize(spnegoOid), spnegoOid, null, GSSContext.INDEFINITE_LIFETIME);
        if (ctx == null) {
            m_rate_limited_log.log(EstTime.currentTimeMillis(), Level.ERROR, null, "Failed to establish security context for SPNEGO authentication");
            return null;
        }
        while (!ctx.isEstablished()) {
            token = ctx.acceptSecContext(token, 0, token.length);
        }
        if (ctx.isEstablished()) {
            if (ctx.getSrcName() == null) {
                m_rate_limited_log.log(EstTime.currentTimeMillis(), Level.ERROR, null, "Failed to read source name from established SPNEGO security context");
                return null;
            }
            String user = ctx.getSrcName().toString();
            if (m_log.isDebugEnabled()) {
                m_log.debug("established SPNEGO security context for " + user);
            }
            return user;
        }
        return null;
    } catch (GSSException e) {
        m_rate_limited_log.log(EstTime.currentTimeMillis(), Level.ERROR, e, "failed SPNEGO authentication");
        return null;
    }
}
Also used : GSSName(org.ietf.jgss.GSSName) GSSException(org.ietf.jgss.GSSException) GSSManager(org.ietf.jgss.GSSManager) GSSContext(org.ietf.jgss.GSSContext) Oid(org.ietf.jgss.Oid)

Aggregations

GSSManager (org.ietf.jgss.GSSManager)31 GSSName (org.ietf.jgss.GSSName)24 Oid (org.ietf.jgss.Oid)21 GSSContext (org.ietf.jgss.GSSContext)18 GSSException (org.ietf.jgss.GSSException)17 GSSCredential (org.ietf.jgss.GSSCredential)14 Subject (javax.security.auth.Subject)12 PrivilegedActionException (java.security.PrivilegedActionException)8 Principal (java.security.Principal)7 IOException (java.io.IOException)6 LoginException (javax.security.auth.login.LoginException)5 LoginContext (javax.security.auth.login.LoginContext)4 PrivilegedExceptionAction (java.security.PrivilegedExceptionAction)3 KerberosTicket (javax.security.auth.kerberos.KerberosTicket)3 SaslException (javax.security.sasl.SaslException)3 Test (org.junit.Test)3 FileOutputStream (java.io.FileOutputStream)2 URISyntaxException (java.net.URISyntaxException)2 KerberosKey (javax.security.auth.kerberos.KerberosKey)2 KerberosPrincipal (javax.security.auth.kerberos.KerberosPrincipal)2