GSSContextKrb5.java

Go to the documentation of this file.
00001 /* -*-mode:java; c-basic-offset:2; indent-tabs-mode:nil -*- */
00002 /*
00003 Copyright (c) 2006-2011 ymnk, JCraft,Inc. All rights reserved.
00004 
00005 Redistribution and use in source and binary forms, with or without
00006 modification, are permitted provided that the following conditions are met:
00007 
00008   1. Redistributions of source code must retain the above copyright notice,
00009      this list of conditions and the following disclaimer.
00010 
00011   2. Redistributions in binary form must reproduce the above copyright 
00012      notice, this list of conditions and the following disclaimer in 
00013      the documentation and/or other materials provided with the distribution.
00014 
00015   3. The names of the authors may not be used to endorse or promote products
00016      derived from this software without specific prior written permission.
00017 
00018 THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES,
00019 INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
00020 FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL JCRAFT,
00021 INC. OR ANY CONTRIBUTORS TO THIS SOFTWARE BE LIABLE FOR ANY DIRECT, INDIRECT,
00022 INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
00023 LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
00024 OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
00025 LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
00026 NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
00027 EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
00028 */
00029 
00030 package com.jcraft.jsch.jgss;
00031 
00032 import com.jcraft.jsch.JSchException;
00033 
00034 import java.net.InetAddress;
00035 import java.net.UnknownHostException;
00036 import org.ietf.jgss.GSSContext;
00037 import org.ietf.jgss.GSSCredential;
00038 import org.ietf.jgss.GSSException;
00039 import org.ietf.jgss.GSSManager;
00040 import org.ietf.jgss.GSSName;
00041 import org.ietf.jgss.MessageProp;
00042 import org.ietf.jgss.Oid;
00043 
00044 public class GSSContextKrb5 implements com.jcraft.jsch.GSSContext{
00045 
00046   private static final String pUseSubjectCredsOnly = 
00047     "javax.security.auth.useSubjectCredsOnly";
00048   private static String useSubjectCredsOnly = 
00049     getSystemProperty(pUseSubjectCredsOnly);
00050 
00051   private GSSContext context=null;
00052   public void create(String user, String host) throws JSchException{
00053     try{
00054       // RFC 1964
00055       Oid krb5=new Oid("1.2.840.113554.1.2.2");
00056       // Kerberos Principal Name Form
00057       Oid principalName=new Oid("1.2.840.113554.1.2.2.1");
00058 
00059       GSSManager mgr=GSSManager.getInstance();
00060 
00061       GSSCredential crd=null;
00062       /*
00063       try{
00064         GSSName _user=mgr.createName(user, principalName);
00065         crd=mgr.createCredential(_user,
00066                                  GSSCredential.DEFAULT_LIFETIME,
00067                                  krb5,
00068                                  GSSCredential.INITIATE_ONLY);
00069       }
00070       catch(GSSException crdex){
00071       }
00072       */
00073 
00074       String cname=host;
00075       try{
00076         cname=InetAddress.getByName(cname).getCanonicalHostName();
00077       }
00078       catch(UnknownHostException e){
00079       }
00080       GSSName _host=mgr.createName("host/"+cname, principalName);
00081 
00082       context=mgr.createContext(_host,
00083                                 krb5,
00084                                 crd,
00085                                 GSSContext.DEFAULT_LIFETIME);
00086 
00087       // RFC4462  3.4.  GSS-API Session
00088       //
00089       // When calling GSS_Init_sec_context(), the client MUST set
00090       // integ_req_flag to "true" to request that per-message integrity
00091       // protection be supported for this context.  In addition,
00092       // deleg_req_flag MAY be set to "true" to request access delegation, if
00093       // requested by the user.
00094       //
00095       // Since the user authentication process by its nature authenticates
00096       // only the client, the setting of mutual_req_flag is not needed for
00097       // this process.  This flag SHOULD be set to "false".
00098 
00099       // TODO: OpenSSH's sshd does accepts 'false' for mutual_req_flag
00100       //context.requestMutualAuth(false);
00101       context.requestMutualAuth(true);
00102       context.requestConf(true);
00103       context.requestInteg(true);             // for MIC
00104       context.requestCredDeleg(true);
00105       context.requestAnonymity(false);
00106 
00107       return;
00108     }
00109     catch(GSSException ex){
00110       throw new JSchException(ex.toString());
00111     }
00112   }
00113 
00114   public boolean isEstablished(){
00115     return context.isEstablished();
00116   }
00117 
00118   public byte[] init(byte[] token, int s, int l) throws JSchException {
00119     try{
00120       // Without setting "javax.security.auth.useSubjectCredsOnly" to "false",
00121       // Sun's JVM for Un*x will show messages to stderr in
00122       // processing context.initSecContext().
00123       // This hack is not thread safe ;-<.
00124       // If that property is explicitly given as "true" or "false",
00125       // this hack must not be invoked.
00126       if(useSubjectCredsOnly==null){
00127         setSystemProperty(pUseSubjectCredsOnly, "false");
00128       }
00129       return context.initSecContext(token, 0, l);
00130     }
00131     catch(GSSException ex){
00132       throw new JSchException(ex.toString());
00133     }
00134     catch(java.lang.SecurityException ex){
00135       throw new JSchException(ex.toString());
00136     }
00137     finally{
00138       if(useSubjectCredsOnly==null){
00139         // By the default, it must be "true".
00140         setSystemProperty(pUseSubjectCredsOnly, "true");
00141       }
00142     }
00143   }
00144 
00145   public byte[] getMIC(byte[] message, int s, int l){
00146     try{
00147       MessageProp prop =  new MessageProp(0, true);
00148       return context.getMIC(message, s, l, prop);
00149     }
00150     catch(GSSException ex){
00151       return null;
00152     }
00153   }
00154 
00155   public void dispose(){
00156     try{
00157       context.dispose();
00158     }
00159     catch(GSSException ex){
00160     }
00161   }
00162 
00163   private static String getSystemProperty(String key){
00164     try{ return System.getProperty(key); }
00165     catch(Exception e){ 
00166       // We are not allowed to get the System properties.
00167       return null; 
00168     } 
00169   }
00170 
00171   private static void setSystemProperty(String key, String value){
00172     try{ System.setProperty(key, value); }
00173     catch(Exception e){ 
00174       // We are not allowed to set the System properties.
00175     }
00176   }
00177 }

Generated on 5 May 2015 for HPCVIEWER by  doxygen 1.6.1