org.globus.gsi.gssapi.GlobusGSSManagerImpl Maven / Gradle / Ivy
The newest version!
/*
* Copyright 1999-2010 University of Chicago
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in
* compliance with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software distributed under the License is
* distributed on an "AS IS" BASIS,WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
* express or implied.
*
* See the License for the specific language governing permissions and limitations under the License.
*/
package org.globus.gsi.gssapi;
import org.globus.gsi.gssapi.jaas.JaasSubject;
import java.io.InputStream;
import java.io.FileInputStream;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.Provider;
import java.util.Set;
import java.util.Iterator;
import javax.security.auth.Subject;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.Oid;
import org.gridforum.jgss.ExtendedGSSManager;
import org.gridforum.jgss.ExtendedGSSCredential;
import org.globus.gsi.X509Credential;
import org.globus.gsi.CredentialException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
/**
* An implementation of GlobusGSSManager.
*/
public class GlobusGSSManagerImpl extends ExtendedGSSManager {
private static Log logger =
LogFactory.getLog(GlobusGSSManagerImpl.class.getName());
static final Oid[] MECHS;
static {
try {
MECHS = new Oid[] {GSSConstants.MECH_OID};
} catch(Exception e) {
throw new RuntimeException(e.getMessage());
}
}
private GlobusGSSCredentialImpl defaultCred;
/**
* Acquires GSI GSS credentials.
*
* @see #createCredential(GSSName, int, Oid, int)
*/
public GSSCredential createCredential (int usage)
throws GSSException {
return createCredential(null,
GSSCredential.DEFAULT_LIFETIME,
(Oid)null,
usage);
}
/** Acquires GSI GSS credentials. First, it tries to find the credentials
* in the private credential set of the current JAAS Subject. If the
* Subject is not set or credentials are not found in the Subject, it
* tries to get a default user credential (usually an user proxy file)
*
* @param lifetime Only lifetime set to
* {@link GSSCredential#DEFAULT_LIFETIME
* GSSCredential.DEFAULT_LIFETIME} is allowed.
* @see org.globus.gsi.X509Credential#getDefaultCredential()
*/
public GSSCredential createCredential (GSSName name,
int lifetime,
Oid mech,
int usage)
throws GSSException {
checkMechanism(mech);
if (name != null) {
if (name.isAnonymous()) {
return new GlobusGSSCredentialImpl();
} else {
throw new GSSException(GSSException.UNAVAILABLE);
}
}
X509Credential cred = null;
Subject subject = JaasSubject.getCurrentSubject();
if (subject != null) {
logger.debug("Getting credential from context");
Set gssCreds =
subject.getPrivateCredentials(GlobusGSSCredentialImpl.class);
if (gssCreds != null) {
Iterator iter = gssCreds.iterator();
if (iter.hasNext()) {
GlobusGSSCredentialImpl credImpl =
(GlobusGSSCredentialImpl)iter.next();
cred = credImpl.getX509Credential();
}
}
}
if (lifetime == GSSCredential.INDEFINITE_LIFETIME ||
lifetime > 0) {
// lifetime not supported
throw new GlobusGSSException(GSSException.FAILURE,
GlobusGSSException.BAD_ARGUMENT,
"badLifetime01");
}
if (cred == null) {
logger.debug("Getting default credential");
try {
cred = X509Credential.getDefaultCredential();
} catch(CredentialException e) {
throw new GlobusGSSException(GSSException.DEFECTIVE_CREDENTIAL,
e);
} catch(Exception e) {
throw new GlobusGSSException(GSSException.DEFECTIVE_CREDENTIAL,
e);
}
return getDefaultCredential(cred, usage);
} else {
return new GlobusGSSCredentialImpl(cred, usage);
}
}
private synchronized GSSCredential getDefaultCredential(
X509Credential cred,
int usage)
throws GSSException {
if (this.defaultCred != null &&
this.defaultCred.getUsage() == usage &&
this.defaultCred.getX509Credential() == cred) {
return this.defaultCred;
} else {
this.defaultCred = new GlobusGSSCredentialImpl(cred, usage);
return this.defaultCred;
}
}
/**
* Acquires GSI GSS credentials.
*
* @see #createCredential(GSSName, int, Oid, int)
*/
public GSSCredential createCredential(GSSName name,
int lifetime,
Oid mechs[],
int usage)
throws GSSException {
if (mechs == null || mechs.length == 0) {
return createCredential(name, lifetime, (Oid)null, usage);
} else {
// XXX: not sure this is correct
GSSCredential cred =
createCredential(name, lifetime, mechs[0], usage);
for (int i = 1; i < mechs.length; i++) {
cred.add(name, lifetime, lifetime, mechs[i], usage);
}
return cred;
}
}
/**
* Imports a credential.
*
* @param lifetime Only lifetime set to
* {@link GSSCredential#DEFAULT_LIFETIME
* GSSCredential.DEFAULT_LIFETIME} is allowed.
*/
public GSSCredential createCredential (byte[] buff,
int option,
int lifetime,
Oid mech,
int usage)
throws GSSException {
checkMechanism(mech);
if (buff == null || buff.length < 1) {
throw new GlobusGSSException(GSSException.FAILURE,
GlobusGSSException.BAD_ARGUMENT,
"invalidBuf");
}
if (lifetime == GSSCredential.INDEFINITE_LIFETIME ||
lifetime > 0) {
// lifetime not supported
throw new GlobusGSSException(GSSException.FAILURE,
GlobusGSSException.BAD_ARGUMENT,
"badLifetime01");
}
InputStream input = null;
switch (option) {
case ExtendedGSSCredential.IMPEXP_OPAQUE:
input = new ByteArrayInputStream(buff);
break;
case ExtendedGSSCredential.IMPEXP_MECH_SPECIFIC:
String s = new String(buff);
int pos = s.indexOf('=');
if (pos == -1) {
throw new GSSException(GSSException.FAILURE);
}
String filename = s.substring(pos+1).trim();
try {
input = new FileInputStream(filename);
} catch (IOException e) {
throw new GlobusGSSException(GSSException.FAILURE, e);
}
break;
default:
throw new GlobusGSSException(GSSException.FAILURE,
GlobusGSSException.BAD_ARGUMENT,
"unknownOption",
new Object[] {new Integer(option)});
}
X509Credential cred = null;
try {
cred = new X509Credential(input);
} catch(CredentialException e) {
throw new GlobusGSSException(GSSException.DEFECTIVE_CREDENTIAL, e);
} catch (Exception e) {
throw new GlobusGSSException(GSSException.DEFECTIVE_CREDENTIAL, e);
}
return new GlobusGSSCredentialImpl(cred, usage);
}
// for initiators
public GSSContext createContext(GSSName peer,
Oid mech,
GSSCredential cred,
int lifetime)
throws GSSException {
checkMechanism(mech);
GlobusGSSCredentialImpl globusCred = null;
if (cred == null) {
globusCred = (GlobusGSSCredentialImpl)createCredential(GSSCredential.INITIATE_ONLY);
} else if (cred instanceof GlobusGSSCredentialImpl) {
globusCred = (GlobusGSSCredentialImpl)cred;
} else {
throw new GSSException(GSSException.NO_CRED);
}
GSSContext ctx = new GlobusGSSContextImpl(peer, globusCred);
ctx.requestLifetime(lifetime);
return ctx;
}
// for acceptors
public GSSContext createContext(GSSCredential cred)
throws GSSException {
GlobusGSSCredentialImpl globusCred = null;
if (cred == null) {
globusCred = (GlobusGSSCredentialImpl)createCredential(GSSCredential.ACCEPT_ONLY);
} else if (cred instanceof GlobusGSSCredentialImpl) {
globusCred = (GlobusGSSCredentialImpl)cred;
} else {
throw new GSSException(GSSException.NO_CRED);
}
// XXX: don't know about the first argument
GSSContext ctx = new GlobusGSSContextImpl(null, globusCred);
return ctx;
}
public Oid[] getMechs() {
return MECHS;
}
public GSSName createName(String nameStr, Oid nameType)
throws GSSException {
return new GlobusGSSName(nameStr, nameType);
}
/**
* Checks if the specified mechanism matches
* the mechanism supported by this implementation.
*
* @param mech mechanism to check
* @exception GSSException if mechanism not supported.
*/
public static void checkMechanism(Oid mech)
throws GSSException {
if (mech != null && !mech.equals(GSSConstants.MECH_OID)) {
throw new GSSException(GSSException.BAD_MECH);
}
}
// ==================================================================
// Not implemented below
// ==================================================================
/**
* Currently not implemented.
*/
public GSSContext createContext(byte [] interProcessToken)
throws GSSException {
throw new GSSException(GSSException.UNAVAILABLE);
}
/**
* Currently not implemented.
*/
public Oid[] getNamesForMech(Oid mech)
throws GSSException {
throw new GSSException(GSSException.UNAVAILABLE);
}
/**
* Currently not implemented.
*/
public Oid[] getMechsForName(Oid nameType) {
// not implemented, not needed by Globus
return null;
}
/**
* Currently not implemented.
*/
public GSSName createName(String nameStr,
Oid nameType,
Oid mech)
throws GSSException {
throw new GSSException(GSSException.UNAVAILABLE);
}
/**
* Currently not implemented.
*/
public GSSName createName(byte name[], Oid nameType)
throws GSSException {
throw new GSSException(GSSException.UNAVAILABLE);
}
/**
* Currently not implemented.
*/
public GSSName createName(byte name[], Oid nameType, Oid mech)
throws GSSException {
throw new GSSException(GSSException.UNAVAILABLE);
}
/**
* Currently not implemented.
*/
public void addProviderAtFront(Provider p, Oid mech)
throws GSSException {
// this GSSManager implementation does not support an SPI
// with a pluggable provider architecture
throw new GSSException(GSSException.UNAVAILABLE);
}
/**
* Currently not implemented.
*/
public void addProviderAtEnd(Provider p, Oid mech)
throws GSSException {
// this GSSManager implementation does not support an SPI
// with a pluggable provider architecture
throw new GSSException(GSSException.UNAVAILABLE);
}
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy