KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > com > jcraft > jsch > jgss > GSSContextKrb5


1 /* -*-mode:java; c-basic-offset:2; indent-tabs-mode:nil -*- */
2 /*
3 Copyright (c) 2004,2005,2006 ymnk, JCraft,Inc. All rights reserved.
4
5 Redistribution and use in source and binary forms, with or without
6 modification, are permitted provided that the following conditions are met:
7
8   1. Redistributions of source code must retain the above copyright notice,
9      this list of conditions and the following disclaimer.
10
11   2. Redistributions in binary form must reproduce the above copyright
12      notice, this list of conditions and the following disclaimer in
13      the documentation and/or other materials provided with the distribution.
14
15   3. The names of the authors may not be used to endorse or promote products
16      derived from this software without specific prior written permission.
17
18 THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES,
19 INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
20 FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL JCRAFT,
21 INC. OR ANY CONTRIBUTORS TO THIS SOFTWARE BE LIABLE FOR ANY DIRECT, INDIRECT,
22 INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
23 LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
24 OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
25 LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
26 NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
27 EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 */
29
30 package com.jcraft.jsch.jgss;
31
32 import com.jcraft.jsch.JSchException;
33
34 import java.net.InetAddress JavaDoc;
35 import java.net.UnknownHostException JavaDoc;
36 import org.ietf.jgss.GSSContext JavaDoc;
37 import org.ietf.jgss.GSSCredential JavaDoc;
38 import org.ietf.jgss.GSSException JavaDoc;
39 import org.ietf.jgss.GSSManager JavaDoc;
40 import org.ietf.jgss.GSSName JavaDoc;
41 import org.ietf.jgss.MessageProp JavaDoc;
42 import org.ietf.jgss.Oid JavaDoc;
43
44 public class GSSContextKrb5 implements com.jcraft.jsch.GSSContext{
45   private GSSContext JavaDoc context=null;
46   public void create(String JavaDoc user, String JavaDoc host) throws JSchException{
47     try{
48       // RFC 1964
49 Oid JavaDoc krb5=new Oid JavaDoc("1.2.840.113554.1.2.2");
50       // Kerberos Principal Name Form
51 Oid JavaDoc principalName=new Oid JavaDoc("1.2.840.113554.1.2.2.1");
52
53       GSSManager JavaDoc mgr=GSSManager.getInstance();
54
55       GSSCredential JavaDoc crd=null;
56       /*
57       try{
58         GSSName _user=mgr.createName(user, principalName);
59         crd=mgr.createCredential(_user,
60                                  GSSCredential.DEFAULT_LIFETIME,
61                                  krb5,
62                                  GSSCredential.INITIATE_ONLY);
63       }
64       catch(GSSException crdex){
65       }
66       */
67
68       String JavaDoc cname=host;
69       try{
70         cname=InetAddress.getByName(cname).getCanonicalHostName();
71       }
72       catch(UnknownHostException JavaDoc e){
73       }
74       GSSName JavaDoc _host=mgr.createName("host/"+cname, principalName);
75
76       context=mgr.createContext(_host,
77                                 krb5,
78                                 crd,
79                                 GSSContext.DEFAULT_LIFETIME);
80
81       // RFC4462 3.4. GSS-API Session
82 //
83 // When calling GSS_Init_sec_context(), the client MUST set
84 // integ_req_flag to "true" to request that per-message integrity
85 // protection be supported for this context. In addition,
86 // deleg_req_flag MAY be set to "true" to request access delegation, if
87 // requested by the user.
88 //
89 // Since the user authentication process by its nature authenticates
90 // only the client, the setting of mutual_req_flag is not needed for
91 // this process. This flag SHOULD be set to "false".
92
93       // TODO: OpenSSH's sshd does accepts 'false' for mutual_req_flag
94 //context.requestMutualAuth(false);
95 context.requestMutualAuth(true);
96       context.requestConf(true);
97       context.requestInteg(true); // for MIC
98 context.requestCredDeleg(true);
99       context.requestAnonymity(false);
100
101       return;
102     }
103     catch(GSSException JavaDoc ex){
104       throw new JSchException(ex.toString());
105     }
106   }
107
108   public boolean isEstablished(){
109     return context.isEstablished();
110   }
111
112   public byte[] init(byte[] token, int s, int l) throws JSchException {
113     try{
114       return context.initSecContext(token, 0, l);
115     }
116     catch(GSSException JavaDoc ex){
117       throw new JSchException(ex.toString());
118     }
119   }
120
121   public byte[] getMIC(byte[] message, int s, int l){
122     try{
123       MessageProp JavaDoc prop = new MessageProp JavaDoc(0, true);
124       return context.getMIC(message, s, l, prop);
125     }
126     catch(GSSException JavaDoc ex){
127       return null;
128     }
129   }
130
131   public void dispose(){
132     try{
133       context.dispose();
134     }
135     catch(GSSException JavaDoc ex){
136     }
137   }
138 }
139
Popular Tags