Search in sources :

Example 1 with Krb5NameElement

use of sun.security.jgss.krb5.Krb5NameElement in project jdk8u_jdk by JetBrains.

the class SpNegoMechFactory method getCredFromSubject.

private static SpNegoCredElement getCredFromSubject(GSSNameSpi name, boolean initiate) throws GSSException {
    Vector<SpNegoCredElement> creds = GSSUtil.searchSubject(name, GSS_SPNEGO_MECH_OID, initiate, SpNegoCredElement.class);
    SpNegoCredElement result = ((creds == null || creds.isEmpty()) ? null : creds.firstElement());
    // Force permission check before returning the cred to caller
    if (result != null) {
        GSSCredentialSpi cred = result.getInternalCred();
        if (GSSUtil.isKerberosMech(cred.getMechanism())) {
            if (initiate) {
                Krb5InitCredential krbCred = (Krb5InitCredential) cred;
                Krb5MechFactory.checkInitCredPermission((Krb5NameElement) krbCred.getName());
            } else {
                Krb5AcceptCredential krbCred = (Krb5AcceptCredential) cred;
                Krb5MechFactory.checkAcceptCredPermission((Krb5NameElement) krbCred.getName(), name);
            }
        }
    }
    return result;
}
Also used : Krb5InitCredential(sun.security.jgss.krb5.Krb5InitCredential) Krb5AcceptCredential(sun.security.jgss.krb5.Krb5AcceptCredential)

Example 2 with Krb5NameElement

use of sun.security.jgss.krb5.Krb5NameElement in project jdk8u_jdk by JetBrains.

the class GSSUtil method getSubject.

/**
     * Note: The current impl only works with Sun's impl of
     * GSSName and GSSCredential since it depends on package
     * private APIs.
     */
public static Subject getSubject(GSSName name, GSSCredential creds) {
    HashSet<Object> privCredentials = null;
    // empty Set
    HashSet<Object> pubCredentials = new HashSet<Object>();
    Set<GSSCredentialSpi> gssCredentials = null;
    Set<KerberosPrincipal> krb5Principals = new HashSet<KerberosPrincipal>();
    if (name instanceof GSSNameImpl) {
        try {
            GSSNameSpi ne = ((GSSNameImpl) name).getElement(GSS_KRB5_MECH_OID);
            String krbName = ne.toString();
            if (ne instanceof Krb5NameElement) {
                krbName = ((Krb5NameElement) ne).getKrb5PrincipalName().getName();
            }
            KerberosPrincipal krbPrinc = new KerberosPrincipal(krbName);
            krb5Principals.add(krbPrinc);
        } catch (GSSException ge) {
            debug("Skipped name " + name + " due to " + ge);
        }
    }
    if (creds instanceof GSSCredentialImpl) {
        gssCredentials = ((GSSCredentialImpl) creds).getElements();
        privCredentials = new HashSet<Object>(gssCredentials.size());
        populateCredentials(privCredentials, gssCredentials);
    } else {
        // empty Set
        privCredentials = new HashSet<Object>();
    }
    debug("Created Subject with the following");
    debug("principals=" + krb5Principals);
    debug("public creds=" + pubCredentials);
    debug("private creds=" + privCredentials);
    return new Subject(false, krb5Principals, pubCredentials, privCredentials);
}
Also used : KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal) Krb5NameElement(sun.security.jgss.krb5.Krb5NameElement) Subject(javax.security.auth.Subject) GSSNameSpi(sun.security.jgss.spi.GSSNameSpi) GSSCredentialSpi(sun.security.jgss.spi.GSSCredentialSpi) HashSet(java.util.HashSet)

Aggregations

HashSet (java.util.HashSet)1 Subject (javax.security.auth.Subject)1 KerberosPrincipal (javax.security.auth.kerberos.KerberosPrincipal)1 Krb5AcceptCredential (sun.security.jgss.krb5.Krb5AcceptCredential)1 Krb5InitCredential (sun.security.jgss.krb5.Krb5InitCredential)1 Krb5NameElement (sun.security.jgss.krb5.Krb5NameElement)1 GSSCredentialSpi (sun.security.jgss.spi.GSSCredentialSpi)1 GSSNameSpi (sun.security.jgss.spi.GSSNameSpi)1