Example 1 with MessageProp
use of org.ietf.jgss.MessageProp in project wildfly by wildfly.
the class GSSTestClient method getName.
// Public methods --------------------------------------------------------
/**
* Retrieves the name of calling identity (based on given gssCredential) retrieved from {@link GSSTestServer}.
*
* @param gssCredential
* @return
* @throws IOException
* @throws GSSException
*/
public String getName(final GSSCredential gssCredential) throws IOException, GSSException {
LOGGER.trace("getName() called with GSSCredential:\n" + gssCredential);
// Create an unbound socket
final Socket socket = new Socket();
GSSContext gssContext = null;
try {
socket.connect(new InetSocketAddress(host, port), GSSTestConstants.SOCKET_TIMEOUT);
DataOutputStream dos = new DataOutputStream(socket.getOutputStream());
DataInputStream dis = new DataInputStream(socket.getInputStream());
LOGGER.debug("Sending NAME command.");
dos.writeInt(GSSTestConstants.CMD_NAME);
dos.flush();
GSSManager manager = GSSManager.getInstance();
gssContext = manager.createContext(manager.createName(spn, null), Constants.KERBEROS_V5, gssCredential, GSSContext.DEFAULT_LIFETIME);
// gssContext.requestCredDeleg(true);
gssContext.requestMutualAuth(true);
gssContext.requestConf(true);
gssContext.requestInteg(true);
byte[] token = new byte[0];
while (!gssContext.isEstablished()) {
token = gssContext.initSecContext(token, 0, token.length);
if (token != null) {
dos.writeInt(token.length);
dos.write(token);
dos.flush();
}
if (!gssContext.isEstablished()) {
token = new byte[dis.readInt()];
dis.readFully(token);
}
}
token = new byte[dis.readInt()];
dis.readFully(token);
MessageProp msgProp = new MessageProp(false);
final byte[] nameBytes = gssContext.unwrap(token, 0, token.length, msgProp);
return new String(nameBytes, GSSTestConstants.CHAR_ENC);
} catch (IOException e) {
LOGGER.error("IOException occurred.", e);
throw e;
} finally {
try {
socket.close();
} catch (IOException e) {
LOGGER.error("IOException occurred", e);
}
if (gssContext != null) {
try {
gssContext.dispose();
} catch (GSSException e) {
LOGGER.error("GSSException occurred", e);
}
}
}
}
Also used :
GSSException(org.ietf.jgss.GSSException)
InetSocketAddress(java.net.InetSocketAddress)
DataOutputStream(java.io.DataOutputStream)
GSSContext(org.ietf.jgss.GSSContext)
GSSManager(org.ietf.jgss.GSSManager)
MessageProp(org.ietf.jgss.MessageProp)
IOException(java.io.IOException)
DataInputStream(java.io.DataInputStream)
Socket(java.net.Socket)
Example 2 with MessageProp
use of org.ietf.jgss.MessageProp in project voltdb by VoltDB.
the class ConnectionUtil method establishSecurityContext.
private static final void establishSecurityContext(final SocketChannel channel, GSSContext context, Optional<DelegatePrincipal> delegate) throws IOException, GSSException {
ByteBuffer bb = ByteBuffer.allocate(4096);
byte[] token;
int msgSize = 0;
/*
* Establishing a kerberos secure context, requires a handshake conversation
* where client, and server exchange and use tokens generated via calls to initSecContext
*/
bb.limit(msgSize);
while (!context.isEstablished()) {
token = context.initSecContext(bb.array(), bb.arrayOffset() + bb.position(), bb.remaining());
if (token != null) {
msgSize = 4 + 1 + 1 + token.length;
bb.clear().limit(msgSize);
bb.putInt(msgSize - 4).put(Constants.AUTH_HANDSHAKE_VERSION).put(Constants.AUTH_HANDSHAKE);
bb.put(token).flip();
while (bb.hasRemaining()) {
channel.write(bb);
}
}
if (!context.isEstablished()) {
bb.clear().limit(4);
while (bb.hasRemaining()) {
if (channel.read(bb) == -1)
throw new EOFException();
}
bb.flip();
msgSize = bb.getInt();
if (msgSize > bb.capacity()) {
throw new IOException("Authentication packet exceeded alloted size");
}
if (msgSize <= 0) {
throw new IOException("Wire Protocol Format error 0 or negative message length prefix");
}
bb.clear().limit(msgSize);
while (bb.hasRemaining()) {
if (channel.read(bb) == -1)
throw new EOFException();
}
bb.flip();
byte version = bb.get();
if (version != Constants.AUTH_HANDSHAKE_VERSION) {
throw new IOException("Encountered unexpected authentication protocol version " + version);
}
byte tag = bb.get();
if (tag != Constants.AUTH_HANDSHAKE) {
throw new IOException("Encountered unexpected authentication protocol tag " + tag);
}
}
}
if (!context.getMutualAuthState()) {
throw new IOException("Authentication Handshake Failed");
}
if (delegate.isPresent() && !context.getConfState()) {
throw new IOException("Cannot transmit delegate user name securely");
}
// encrypt and transmit the delegate principal if it is present
if (delegate.isPresent()) {
MessageProp mprop = new MessageProp(0, true);
bb.clear().limit(delegate.get().wrappedSize());
delegate.get().wrap(bb);
bb.flip();
token = context.wrap(bb.array(), bb.arrayOffset() + bb.position(), bb.remaining(), mprop);
msgSize = 4 + 1 + 1 + token.length;
bb.clear().limit(msgSize);
bb.putInt(msgSize - 4).put(Constants.AUTH_HANDSHAKE_VERSION).put(Constants.AUTH_HANDSHAKE);
bb.put(token).flip();
while (bb.hasRemaining()) {
channel.write(bb);
}
}
}
Also used :
MessageProp(org.ietf.jgss.MessageProp)
EOFException(java.io.EOFException)
IOException(java.io.IOException)
ByteBuffer(java.nio.ByteBuffer)
Aggregations
IOException (java.io.IOException)2
MessageProp (org.ietf.jgss.MessageProp)2
DataInputStream (java.io.DataInputStream)1
DataOutputStream (java.io.DataOutputStream)1
EOFException (java.io.EOFException)1
InetSocketAddress (java.net.InetSocketAddress)1
Socket (java.net.Socket)1
ByteBuffer (java.nio.ByteBuffer)1
GSSContext (org.ietf.jgss.GSSContext)1
GSSException (org.ietf.jgss.GSSException)1
GSSManager (org.ietf.jgss.GSSManager)1
