Subversion Repositories Programming Utils

Rev

Details | Last modification | View Log | RSS feed

Rev Author Line No. Line
86 rm5248 1
/*
2
 * Licensed to the Apache Software Foundation (ASF) under one
3
 * or more contributor license agreements.  See the NOTICE file
4
 * distributed with this work for additional information
5
 * regarding copyright ownership.  The ASF licenses this file
6
 * to you under the Apache License, Version 2.0 (the
7
 * "License"); you may not use this file except in compliance
8
 * with the License.  You may obtain a copy of the License at
9
 *
10
 *   http://www.apache.org/licenses/LICENSE-2.0
11
 *
12
 * Unless required by applicable law or agreed to in writing,
13
 * software distributed under the License is distributed on an
14
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15
 * KIND, either express or implied.  See the License for the
16
 * specific language governing permissions and limitations
17
 * under the License.
18
 */
19
package org.apache.sshd.server.auth.gss;
20
 
21
import java.security.PrivilegedActionException;
22
import java.security.PrivilegedExceptionAction;
23
import java.util.HashMap;
24
import java.util.Map;
25
 
26
import javax.security.auth.Subject;
27
import javax.security.auth.login.AppConfigurationEntry;
28
import javax.security.auth.login.Configuration;
29
import javax.security.auth.login.LoginContext;
30
import javax.security.auth.login.LoginException;
31
 
32
import org.ietf.jgss.GSSCredential;
33
import org.ietf.jgss.GSSException;
34
import org.ietf.jgss.GSSManager;
35
 
36
/**
37
 * Simple helper class which gets GSS credential using a fixed Krb5 login configuration.  May need generalizing to deal
38
 * with non-Sun JREs.
39
 */
40
 
41
public class CredentialHelper {
42
 
43
    public static GSSCredential creds(GSSManager mgr, String spn, String keytab) throws LoginException, GSSException {
44
        LoginContext lc = new LoginContext("x", null, null, new FixedLoginConfiguration(spn, keytab));
45
 
46
        lc.login();
47
 
48
        try {
49
            return (GSSCredential) Subject.doAs(lc.getSubject(), new G(mgr));
50
        } catch (PrivilegedActionException e) {
51
            throw (GSSException) e.getCause();
52
        }
53
    }
54
 
55
    /**
56
     * A login configuration which is defined from code.
57
     *
58
     * @author Richard Evans
59
     */
60
 
61
    private static class FixedLoginConfiguration extends Configuration {
62
 
63
        private AppConfigurationEntry entry;
64
 
65
        /**
66
         * Constructor.
67
         */
68
 
69
        private FixedLoginConfiguration(String spn, String keytab) {
70
            Map<String, String> parms = new HashMap<String, String>();
71
 
72
            parms.put("isInitiator", "false");
73
            parms.put("principal", spn);
74
            parms.put("useKeyTab", "true");
75
            parms.put("storeKey", "true");
76
 
77
            if (keytab != null) {
78
                parms.put("keyTab", keytab);
79
            }
80
 
81
            entry = new AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, parms);
82
        }
83
 
84
        /**
85
         * Get the configuration entries for a name.
86
         *
87
         * @param name The name
88
         * @return The entries, or <code>null</code> if the name is not known
89
         */
90
 
91
        public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
92
            return new AppConfigurationEntry[]{entry};
93
        }
94
 
95
        /**
96
         * Refresh the configuration.  Nothing to do here.
97
         */
98
 
99
        public void refresh() {
100
        }
101
    }
102
 
103
    /**
104
     * Privileged action which runs as the subject to get the credentials.
105
     */
106
 
107
    private static final class G implements PrivilegedExceptionAction<GSSCredential> {
108
 
109
        private GSSManager mgr;
110
 
111
        /**
112
         * @param mgr The existing GSS manager
113
         */
114
 
115
        private G(GSSManager mgr) {
116
            this.mgr = mgr;
117
        }
118
 
119
        /**
120
         * Do the action.
121
         *
122
         * @return The new credentials
123
         * @throws GSSException If an error occurred
124
         */
125
 
126
        public GSSCredential run() throws GSSException {
127
            return mgr.createCredential(null, GSSCredential.INDEFINITE_LIFETIME, UserAuthGSS.KRB5_MECH, GSSCredential.ACCEPT_ONLY);
128
        }
129
    }
130
}