private void storeBoundServerName() throws SaslException { try { String targetName = gssContext.getTargName().toString(); String[] targetNameParts = targetName.split("[/@]"); boundServerName = targetNameParts.length > 1 ? targetNameParts[1] : targetName; } catch (GSSException e) { throw saslGs2.mechUnableToDetermineBoundServerName(e).toSaslException(); } }
String targetName = gssContext.getTargName().toString(); String[] targetNameParts = targetName.split("[/@]"); boundServerName = targetNameParts.length > 1 ? targetNameParts[1] : targetName;
LOG.debug("Server Principal is: " + gContext.getTargName()); LOG.debug("Client Default Role: " + role);
protected void logAuthDetails(GSSContext gssContext) throws GSSException { if (log.isDebugEnabled()) { String message = new StringBuilder("SPNEGO Security context accepted with token: " + responseToken) .append(", established: ").append(gssContext.isEstablished()) .append(", credDelegState: ").append(gssContext.getCredDelegState()) .append(", mutualAuthState: ").append(gssContext.getMutualAuthState()) .append(", lifetime: ").append(gssContext.getLifetime()) .append(", confState: ").append(gssContext.getConfState()) .append(", integState: ").append(gssContext.getIntegState()) .append(", srcName: ").append(gssContext.getSrcName()) .append(", targName: ").append(gssContext.getTargName()) .toString(); log.debug(message); } }
private void storeBoundServerName() throws SaslException { try { String targetName = gssContext.getTargName().toString(); String[] targetNameParts = targetName.split("[/@]"); boundServerName = targetNameParts.length > 1 ? targetNameParts[1] : targetName; } catch (GSSException e) { throw saslGs2.mechUnableToDetermineBoundServerName(e).toSaslException(); } }
private void storeBoundServerName() throws SaslException { try { String targetName = gssContext.getTargName().toString(); String[] targetNameParts = targetName.split("[/@]"); boundServerName = targetNameParts.length > 1 ? targetNameParts[1] : targetName; } catch (GSSException e) { throw saslGs2.mechUnableToDetermineBoundServerName(e).toSaslException(); } }
/** * {@inheritDoc} * * @see java.lang.Object#toString() */ @Override public String toString () { if ( this.gssContext == null || !this.gssContext.isEstablished() ) { return String.format("KERB5[src=%s,targ=%s]", this.clientName, this.serviceName); } try { return String .format("KERB5[src=%s,targ=%s,mech=%s]", this.gssContext.getSrcName(), this.gssContext.getTargName(), this.gssContext.getMech()); } catch ( GSSException e ) { log.debug("Failed to get info", e); return super.toString(); } }
/** * {@inheritDoc} * * @see java.lang.Object#toString() */ @Override public String toString () { if ( this.gssContext == null || !this.gssContext.isEstablished() ) { return String.format("KERB5[src=%s,targ=%s]", this.clientName, this.serviceName); } try { return String .format("KERB5[src=%s,targ=%s,mech=%s]", this.gssContext.getSrcName(), this.gssContext.getTargName(), this.gssContext.getMech()); } catch ( GSSException e ) { log.debug("Failed to get info", e); return super.toString(); } }
private void storeBoundServerName() throws SaslException { try { String targetName = gssContext.getTargName().toString(); String[] targetNameParts = targetName.split("[/@]"); boundServerName = targetNameParts.length > 1 ? targetNameParts[1] : targetName; } catch (GSSException e) { throw saslGs2.mechUnableToDetermineBoundServerName(e).toSaslException(); } }
/** * Performs self authorization. */ public void authorize(GSSContext context, String host) throws AuthorizationException { logger.debug("Authorization: SELF"); try { if (!context.getSrcName().equals(context.getTargName())) { GSSName expected = null; GSSName target = null; if (context.isInitiator()) { expected = context.getSrcName(); target = context.getTargName(); } else { expected = context.getTargName(); target = context.getSrcName(); } generateAuthorizationException(expected, target); } } catch (GSSException e) { throw new AuthorizationException("Authorization failure", e); } }
/** * Performs self authorization. */ public void authorize(GSSContext context, String host) throws AuthorizationException { logger.debug("Authorization: SELF"); try { if (!context.getSrcName().equals(context.getTargName())) { GSSName expected = null; GSSName target = null; if (context.isInitiator()) { expected = context.getSrcName(); target = context.getTargName(); } else { expected = context.getTargName(); target = context.getSrcName(); } generateAuthorizationException(expected, target); } } catch (GSSException e) { throw new AuthorizationException("Authorization failure", e); } }
/** * Performs host authorization. If that fails, performs self authorization */ public void authorize(GSSContext context, String host) throws AuthorizationException { logger.debug("Authorization: HOST/SELF"); try { GSSName expected = this.hostAuthz.getExpectedName(null, host); GSSName target = null; if (context.isInitiator()) { target = context.getTargName(); } else { target = context.getSrcName(); } if (!expected.equals(target)) { logger.debug("Host authorization failed. Expected " + expected + " target is " + target); if (!context.getSrcName().equals(context.getTargName())) { if (context.isInitiator()) { expected = context.getSrcName(); } else { expected = context.getTargName(); } generateAuthorizationException(expected, target); } } } catch (GSSException e) { throw new AuthorizationException("Authorization failure", e); } }
/** * Performs host authorization. If that fails, performs self authorization */ public void authorize(GSSContext context, String host) throws AuthorizationException { logger.debug("Authorization: HOST/SELF"); try { GSSName expected = this.hostAuthz.getExpectedName(null, host); GSSName target = null; if (context.isInitiator()) { target = context.getTargName(); } else { target = context.getSrcName(); } if (!expected.equals(target)) { logger.debug("Host authorization failed. Expected " + expected + " target is " + target); if (!context.getSrcName().equals(context.getTargName())) { if (context.isInitiator()) { expected = context.getSrcName(); } else { expected = context.getTargName(); } generateAuthorizationException(expected, target); } } } catch (GSSException e) { throw new AuthorizationException("Authorization failure", e); } }
/** * Performs identity authorization. The given identity is compared * with the peer's identity. * * @param context the security context * @param host host address of the peer. * @exception AuthorizationException if the peer's * identity does not match the expected identity. */ public void authorize(GSSContext context, String host) throws AuthorizationException { logger.debug("Authorization: IDENTITY"); try { GSSName expected = getExpectedName(null, host); GSSName target = null; if (context.isInitiator()) { target = context.getTargName(); } else { target = context.getSrcName(); } if (!expected.equals(target)) { generateAuthorizationException(expected, target); } } catch (GSSException e) { throw new AuthorizationException("Authorization failure", e); } }
/** * Performs identity authorization. The given identity is compared * with the peer's identity. * * @param context the security context * @param host host address of the peer. * @exception AuthorizationException if the peer's * identity does not match the expected identity. */ public void authorize(GSSContext context, String host) throws AuthorizationException { logger.debug("Authorization: IDENTITY"); try { GSSName expected = getExpectedName(null, host); GSSName target = null; if (context.isInitiator()) { target = context.getTargName(); } else { target = context.getSrcName(); } if (!expected.equals(target)) { generateAuthorizationException(expected, target); } } catch (GSSException e) { throw new AuthorizationException("Authorization failure", e); } }
/** * Performs host authentication. The hostname of the peer is * compared with the hostname specified in the peer's (topmost) * certificate in the certificate chain. The hostnames must * match exactly (in case-insensitive way) * * @param context the security context * @param host host address of the peer. * @exception AuthorizationException if the hostnames * do not match. */ public void authorize(GSSContext context, String host) throws AuthorizationException { logger.debug("Authorization: HOST"); try { GSSName expected = getExpectedName(null, host); GSSName target = null; if (context.isInitiator()) { target = context.getTargName(); } else { target = context.getSrcName(); } if (!expected.equals(target)) { generateAuthorizationException(expected, target); } } catch (GSSException e) { throw new AuthorizationException("Authorization failure", e); } }
/** * Performs host authentication. The hostname of the peer is * compared with the hostname specified in the peer's (topmost) * certificate in the certificate chain. The hostnames must * match exactly (in case-insensitive way) * * @param context the security context * @param host host address of the peer. * @exception AuthorizationException if the hostnames * do not match. */ public void authorize(GSSContext context, String host) throws AuthorizationException { logger.debug("Authorization: HOST"); try { GSSName expected = getExpectedName(null, host); GSSName target = null; if (context.isInitiator()) { target = context.getTargName(); } else { target = context.getSrcName(); } if (!expected.equals(target)) { generateAuthorizationException(expected, target); } } catch (GSSException e) { throw new AuthorizationException("Authorization failure", e); } }
Key searchSessionKey(Subject subject) throws GSSException{ MIEName src = new MIEName(gssContext.getSrcName().export()); MIEName targ = new MIEName(gssContext.getTargName().export()); Iterator iter = subject.getPrivateCredentials(KerberosTicket.class).iterator(); while (iter.hasNext()) { KerberosTicket ticket = (KerberosTicket) iter.next(); MIEName client = new MIEName(gssContext.getMech(), ticket.getClient().getName()); MIEName server = new MIEName(gssContext.getMech(), ticket.getServer().getName()); if(src.equals(client)&&targ.equals(server)){ return ticket.getSessionKey(); } } return null; } public void dispose() throws GSSException {
Key searchSessionKey ( Subject subject ) throws GSSException { MIEName src = new MIEName(this.gssContext.getSrcName().export()); MIEName targ = new MIEName(this.gssContext.getTargName().export()); ASN1ObjectIdentifier mech = ASN1ObjectIdentifier.getInstance(this.gssContext.getMech().getDER()); for ( KerberosTicket ticket : subject.getPrivateCredentials(KerberosTicket.class) ) { MIEName client = new MIEName(mech, ticket.getClient().getName()); MIEName server = new MIEName(mech, ticket.getServer().getName()); if ( src.equals(client) && targ.equals(server) ) { return ticket.getSessionKey(); } } return null; }
Key searchSessionKey ( Subject subject ) throws GSSException { MIEName src = new MIEName(this.gssContext.getSrcName().export()); MIEName targ = new MIEName(this.gssContext.getTargName().export()); ASN1ObjectIdentifier mech = ASN1ObjectIdentifier.getInstance(this.gssContext.getMech().getDER()); for ( KerberosTicket ticket : subject.getPrivateCredentials(KerberosTicket.class) ) { MIEName client = new MIEName(mech, ticket.getClient().getName()); MIEName server = new MIEName(mech, ticket.getServer().getName()); if ( src.equals(client) && targ.equals(server) ) { return ticket.getSessionKey(); } } return null; }