View Javadoc
1   /**
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements. See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership. The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License. You may obtain a copy of the License at
9    *
10   * http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied. See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  
20  package org.apache.wss4j.common.spnego;
21  
22  import org.ietf.jgss.GSSContext;
23  import org.ietf.jgss.GSSException;
24  import org.ietf.jgss.GSSManager;
25  import org.ietf.jgss.GSSName;
26  import org.ietf.jgss.Oid;
27  
28  /**
29   * This class represents a PrivilegedAction implementation to validate a received (SPNEGO) ticket
30   * to a KDC.
31   */
32  public class DefaultSpnegoServiceAction implements SpnegoServiceAction {
33      private static final org.slf4j.Logger LOG =
34          org.slf4j.LoggerFactory.getLogger(DefaultSpnegoServiceAction.class);
35  
36      private byte[] ticket;
37      private String serviceName;
38      private boolean isUsernameServiceNameForm;
39      private GSSContext secContext;
40  
41      /**
42       * Set the ticket to validate
43       */
44      public void setTicket(byte[] ticket) {
45          this.ticket = ticket;
46      }
47  
48      /**
49       * The Service Name
50       */
51      public void setServiceName(String serviceName) {
52          this.serviceName = serviceName;
53      }
54  
55      /**
56       * Validate a service ticket
57       */
58      public byte[] run() {
59          try {
60              GSSManager gssManager = GSSManager.getInstance();
61              Oid oid = new Oid("1.3.6.1.5.5.2");
62  
63              GSSName gssService =
64                  gssManager.createName(serviceName, isUsernameServiceNameForm ? GSSName.NT_USER_NAME
65                      : GSSName.NT_HOSTBASED_SERVICE);
66              secContext = gssManager.createContext(gssService, oid, null, GSSContext.DEFAULT_LIFETIME);
67  
68              return secContext.acceptSecContext(ticket, 0, ticket.length);
69          } catch (GSSException e) {
70              LOG.debug("Error in obtaining a Kerberos token", e);
71          }
72  
73          return new byte[0];
74      }
75  
76      /**
77       * Get the GSSContext that was created after a service ticket was obtained
78       */
79      public GSSContext getContext() {
80          return secContext;
81      }
82  
83      @Override
84      public void setUsernameServiceNameForm(boolean isUsernameServiceNameForm) {
85          this.isUsernameServiceNameForm = isUsernameServiceNameForm;
86      }
87  
88  }