1 /* |
|
2 * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved. |
|
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
|
4 * |
|
5 * This code is free software; you can redistribute it and/or modify it |
|
6 * under the terms of the GNU General Public License version 2 only, as |
|
7 * published by the Free Software Foundation. Oracle designates this |
|
8 * particular file as subject to the "Classpath" exception as provided |
|
9 * by Oracle in the LICENSE file that accompanied this code. |
|
10 * |
|
11 * This code is distributed in the hope that it will be useful, but WITHOUT |
|
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
14 * version 2 for more details (a copy is included in the LICENSE file that |
|
15 * accompanied this code). |
|
16 * |
|
17 * You should have received a copy of the GNU General Public License version |
|
18 * 2 along with this work; if not, write to the Free Software Foundation, |
|
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
20 * |
|
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
|
22 * or visit www.oracle.com if you need additional information or have any |
|
23 * questions. |
|
24 */ |
|
25 |
|
26 |
|
27 package com.sun.security.sasl.gsskerb; |
|
28 |
|
29 import java.util.Locale; |
|
30 import java.util.Map; |
|
31 import java.util.logging.Level; |
|
32 import javax.security.sasl.*; |
|
33 import com.sun.security.sasl.util.AbstractSaslImpl; |
|
34 import org.ietf.jgss.*; |
|
35 import com.sun.security.jgss.ExtendedGSSContext; |
|
36 import com.sun.security.jgss.InquireType; |
|
37 |
|
38 abstract class GssKrb5Base extends AbstractSaslImpl { |
|
39 |
|
40 private static final String KRB5_OID_STR = "1.2.840.113554.1.2.2"; |
|
41 protected static Oid KRB5_OID; |
|
42 protected static final byte[] EMPTY = new byte[0]; |
|
43 |
|
44 static { |
|
45 try { |
|
46 KRB5_OID = new Oid(KRB5_OID_STR); |
|
47 } catch (GSSException ignore) {} |
|
48 } |
|
49 |
|
50 protected GSSContext secCtx = null; |
|
51 protected static final int JGSS_QOP = 0; // unrelated to SASL QOP mask |
|
52 |
|
53 protected GssKrb5Base(Map<String, ?> props, String className) |
|
54 throws SaslException { |
|
55 super(props, className); |
|
56 } |
|
57 |
|
58 /** |
|
59 * Retrieves this mechanism's name. |
|
60 * |
|
61 * @return The string "GSSAPI". |
|
62 */ |
|
63 public String getMechanismName() { |
|
64 return "GSSAPI"; |
|
65 } |
|
66 |
|
67 @Override |
|
68 public Object getNegotiatedProperty(String propName) { |
|
69 if (!completed) { |
|
70 throw new IllegalStateException("Authentication incomplete"); |
|
71 } |
|
72 String xprefix = "com.sun.security.jgss.inquiretype."; |
|
73 if (propName.startsWith(xprefix)) { |
|
74 String type = propName.substring(xprefix.length()); |
|
75 if (logger.isLoggable(Level.FINEST)) { |
|
76 logger.logp(Level.FINE, "GssKrb5Base", |
|
77 "getNegotiatedProperty", propName); |
|
78 } |
|
79 for (InquireType t: InquireType.values()) { |
|
80 if (t.name().toLowerCase(Locale.US).equals(type)) { |
|
81 try { |
|
82 return ((ExtendedGSSContext)secCtx).inquireSecContext(t); |
|
83 } catch (GSSException e) { |
|
84 if (logger.isLoggable(Level.FINEST)) { |
|
85 logger.log(Level.WARNING, "inquireSecContext error", e); |
|
86 } |
|
87 return null; |
|
88 } |
|
89 } |
|
90 } |
|
91 // No such InquireType. Although not likely to be defined |
|
92 // as a property in a parent class, still try it. |
|
93 } |
|
94 return super.getNegotiatedProperty(propName); |
|
95 } |
|
96 |
|
97 public byte[] unwrap(byte[] incoming, int start, int len) |
|
98 throws SaslException { |
|
99 if (!completed) { |
|
100 throw new IllegalStateException("GSSAPI authentication not completed"); |
|
101 } |
|
102 |
|
103 // integrity will be true if either privacy or integrity negotiated |
|
104 if (!integrity) { |
|
105 throw new IllegalStateException("No security layer negotiated"); |
|
106 } |
|
107 |
|
108 try { |
|
109 MessageProp msgProp = new MessageProp(JGSS_QOP, privacy); |
|
110 byte[] answer = secCtx.unwrap(incoming, start, len, msgProp); |
|
111 if (logger.isLoggable(Level.FINEST)) { |
|
112 traceOutput(myClassName, "KRB501:Unwrap", "incoming: ", |
|
113 incoming, start, len); |
|
114 traceOutput(myClassName, "KRB502:Unwrap", "unwrapped: ", |
|
115 answer, 0, answer.length); |
|
116 } |
|
117 return answer; |
|
118 } catch (GSSException e) { |
|
119 throw new SaslException("Problems unwrapping SASL buffer", e); |
|
120 } |
|
121 } |
|
122 |
|
123 public byte[] wrap(byte[] outgoing, int start, int len) throws SaslException { |
|
124 if (!completed) { |
|
125 throw new IllegalStateException("GSSAPI authentication not completed"); |
|
126 } |
|
127 |
|
128 // integrity will be true if either privacy or integrity negotiated |
|
129 if (!integrity) { |
|
130 throw new IllegalStateException("No security layer negotiated"); |
|
131 } |
|
132 |
|
133 // Generate GSS token |
|
134 try { |
|
135 MessageProp msgProp = new MessageProp(JGSS_QOP, privacy); |
|
136 byte[] answer = secCtx.wrap(outgoing, start, len, msgProp); |
|
137 if (logger.isLoggable(Level.FINEST)) { |
|
138 traceOutput(myClassName, "KRB503:Wrap", "outgoing: ", |
|
139 outgoing, start, len); |
|
140 traceOutput(myClassName, "KRB504:Wrap", "wrapped: ", |
|
141 answer, 0, answer.length); |
|
142 } |
|
143 return answer; |
|
144 |
|
145 } catch (GSSException e) { |
|
146 throw new SaslException("Problem performing GSS wrap", e); |
|
147 } |
|
148 } |
|
149 |
|
150 public void dispose() throws SaslException { |
|
151 if (secCtx != null) { |
|
152 try { |
|
153 secCtx.dispose(); |
|
154 } catch (GSSException e) { |
|
155 throw new SaslException("Problem disposing GSS context", e); |
|
156 } |
|
157 secCtx = null; |
|
158 } |
|
159 } |
|
160 |
|
161 protected void finalize() throws Throwable { |
|
162 dispose(); |
|
163 } |
|
164 } |
|