KerberosContext


1   package org.jacorb.security.sas;
2   
3   /*
4    *        JacORB - a free Java ORB
5    *
6    *   Copyright (C) 2002-2004 Gerald Brose
7    *
8    *   This library is free software; you can redistribute it and/or
9    *   modify it under the terms of the GNU Library General Public
10   *   License as published by the Free Software Foundation; either
11   *   version 2 of the License, or (at your option) any later version.
12   *
13   *   This library is distributed in the hope that it will be useful,
14   *   but WITHOUT ANY WARRANTY; without even the implied warranty of
15   *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
16   *   Library General Public License for more details.
17   *
18   *   You should have received a copy of the GNU Library General Public
19   *   License along with this library; if not, write to the Free
20   *   Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
21   */
22  
23  import org.apache.avalon.framework.configuration.Configuration;
24  import org.apache.avalon.framework.configuration.ConfigurationException;
25  import org.apache.avalon.framework.logger.Logger;
26  import org.ietf.jgss.GSSContext  ;
27  import org.ietf.jgss.GSSCredential  ;
28  import org.ietf.jgss.GSSException  ;
29  import org.ietf.jgss.GSSManager  ;
30  import org.ietf.jgss.GSSName  ;
31  import org.ietf.jgss.Oid  ;
32  import org.omg.CORBA.ORB  ;
33  import org.omg.CSI.KRB5MechOID;
34  import org.omg.CSIIOP.CompoundSecMechList;
35  import org.omg.IOP.Codec  ;
36  
37  public class KerberosContext 
38      implements ISASContext
39  {
40      /** the logger used by the naming service implementation */
41      private Logger logger;
42  
43      //private GSSManager gssManager = GSSManager.getInstance();
44      private GSSContext   validatedContext = null;
45      private GSSCredential   targetCreds = null;
46      private GSSCredential   clientCreds = null;
47  
48      public void configure(Configuration configuration)
49          throws ConfigurationException
50      {
51          logger = 
52              ((org.jacorb.config.Configuration)configuration).getNamedLogger("jacorb.security.sas.Kerberos");
53      }
54  
55      public void initClient() 
56      {
57          String   principal = "";
58          try 
59          {
60              Oid   krb5Oid = new Oid  (KRB5MechOID.value.substring(4));
61              GSSManager   gssManager = GSSManager.getInstance();
62              clientCreds = 
63                  gssManager.createCredential(null, 
64                                              GSSCredential.INDEFINITE_LIFETIME, 
65                                              krb5Oid, 
66                                              GSSCredential.INITIATE_ONLY);
67          } 
68          catch (Exception   e) 
69          {
70              logger.warn("Error getting created principal: "+e);
71          }
72      }
73  
74      public String   getMechOID() 
75      {
76          return KRB5MechOID.value.substring(4);
77      }
78  
79      public byte[] createClientContext(ORB   orb, Codec   codec, CompoundSecMechList csmList) {
80          // see if context supported
81          //if ((csmList.mechanism_list[0].as_context_mech.target_supports & EstablishTrustInClient.value) == 0) {
82          //  // SAS context not supported
83          //  return new byte[0];
84          //}
85  
86          // check for acceptable security mech
87          //try {
88          //  byte[] mechOid = csmList.mechanism_list[0].as_context_mech.client_authentication_mech;
89          //  Oid krb5Oid = new Oid(KRB5MechOID.value.substring(4));
90          //  if (!mechOid.equals(krb5Oid.getDER())) {
91          //  logger.warn("Kerberos mechanism not supported");
92          //  return new byte[0];
93          //  }
94          //} catch (GSSException e) {
95          //  logger.warn("Error getting Client Context: "+e);
96          //  return new byte[0];
97          //}
98  
99          // generate context
100         byte[] contextToken = new byte[0];
101         try {
102             byte[] target = csmList.mechanism_list[0].as_context_mech.target_name;
103 
104             Oid   krb5Oid = new Oid  (KRB5MechOID.value.substring(4));
105             GSSManager   gssManager = GSSManager.getInstance();
106             GSSName   myPeer = gssManager.createName(target, null, krb5Oid);
107             if (clientCreds == null) clientCreds = gssManager.createCredential(null, GSSCredential.INDEFINITE_LIFETIME, krb5Oid, GSSCredential.INITIATE_ONLY);
108             GSSContext   myContext = gssManager.createContext(myPeer, krb5Oid, clientCreds, GSSContext.INDEFINITE_LIFETIME);
109             contextToken = myContext.initSecContext(contextToken, 0, contextToken.length);
110         } catch (Exception   e) {
111             logger.error("Error creating Kerberos context: "+e);
112         }
113         return contextToken;
114     }
115 
116     public String   getClientPrincipal() {
117         String   principal = "";
118         try {
119             Oid   krb5Oid = new Oid  (KRB5MechOID.value.substring(4));
120             GSSManager   gssManager = GSSManager.getInstance();
121             if (clientCreds == null) clientCreds = gssManager.createCredential(null, GSSCredential.INDEFINITE_LIFETIME, krb5Oid, GSSCredential.INITIATE_ONLY);
122             principal = clientCreds.getName().toString();
123         } catch (Exception   e) {
124             logger.error("Error getting created principal: "+e);
125         }
126         return principal;
127     }
128 
129     public void initTarget() {
130         try {
131             Oid   krb5Oid = new Oid  (KRB5MechOID.value.substring(4));
132             GSSManager   gssManager = GSSManager.getInstance();
133             if (targetCreds == null) targetCreds = gssManager.createCredential(null, GSSCredential.INDEFINITE_LIFETIME, krb5Oid, GSSCredential.ACCEPT_ONLY);
134         } catch (GSSException   e) {
135             logger.warn("Error accepting Kerberos context: "+e);
136         }
137     }
138 
139     public boolean validateContext(ORB   orb, Codec   codec, byte[] contextToken) {
140         byte[] token = null;
141 
142         try {
143             Oid   krb5Oid = new Oid  (KRB5MechOID.value.substring(4));
144             GSSManager   gssManager = GSSManager.getInstance();
145             if (targetCreds == null) targetCreds = gssManager.createCredential(null, GSSCredential.INDEFINITE_LIFETIME, krb5Oid, GSSCredential.ACCEPT_ONLY);
146             validatedContext = gssManager.createContext(targetCreds);
147             token = validatedContext.acceptSecContext(contextToken, 0, contextToken.length);
148         } catch (GSSException   e) {
149             logger.error("Error accepting Kerberos context: "+e);
150         }
151         if (token == null) {
152             logger.warn("Could not accept token");
153             return false;
154         }
155 
156         return true;
157     }
158 
159     public String   getValidatedPrincipal() {
160         if (validatedContext == null) return null;
161         try {
162             return validatedContext.getSrcName().toString();
163         } catch (GSSException   e) {
164             logger.error("Error getting name: "+e);
165         }
166         return null;
167     }
168 }
169
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags