Java InquireType类代码示例

import com.sun.security.jgss.InquireType; //导入依赖的package包/类
/**
 * Return the mechanism-specific attribute associated with {@code type}.
 */
public Object inquireSecContext(InquireType type)
        throws GSSException {
    if (!isEstablished()) {
         throw new GSSException(GSSException.NO_CONTEXT, -1,
                 "Security context not established.");
    }
    switch (type) {
        case KRB5_GET_SESSION_KEY:
            return new KerberosSessionKey(key);
        case KRB5_GET_TKT_FLAGS:
            return tktFlags.clone();
        case KRB5_GET_AUTHZ_DATA:
            if (isInitiator()) {
                throw new GSSException(GSSException.UNAVAILABLE, -1,
                        "AuthzData not available on initiator side.");
            } else {
                return (authzData==null)?null:authzData.clone();
            }
        case KRB5_GET_AUTHTIME:
            return authTime;
    }
    throw new GSSException(GSSException.UNAVAILABLE, -1,
            "Inquire type not supported.");
}
 

import com.sun.security.jgss.InquireType; //导入依赖的package包/类
public static void main(String[] args) throws Exception {

        new OneKDC(null).writeJAASConf();

        Context c, s;
        c = Context.fromJAAS("client");
        s = Context.fromJAAS("server");

        c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
        s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);

        Context.handshake(c, s);

        ExtendedGSSContext ctxt = (ExtendedGSSContext)c.x();
        EncryptionKey key = (EncryptionKey)
                ctxt.inquireSecContext(InquireType.KRB5_GET_SESSION_KEY_EX);
        KerberosCredMessage cred = (KerberosCredMessage)
                ctxt.inquireSecContext(InquireType.KRB5_GET_KRB_CRED);
        c.status();

        // Confirm the KRB_CRED message is encrypted with the session key.
        new KRBCred(cred.getEncoded()).encPart.decrypt(
                new sun.security.krb5.EncryptionKey(key.getKeyType(), key.getEncoded()),
                KeyUsage.KU_ENC_KRB_CRED_PART);
    }
 

import com.sun.security.jgss.InquireType; //导入依赖的package包/类
public static KerbToken checkAuthzData(GSSContext context) throws GSSException, IOException {
    System.out.println("Looking for token from authorization data in GSSContext");

    Object authzData = null;
    if (context instanceof ExtendedGSSContext) {
        ExtendedGSSContext ex = (ExtendedGSSContext)context;
        authzData = ex.inquireSecContext(
                InquireType.KRB5_GET_AUTHZ_DATA);
    }

    if (authzData != null) {
        AuthorizationDataEntry[] authzEntries = (AuthorizationDataEntry[]) authzData;
        KerbToken resultToken = null;
        for (int i = 0; i < authzEntries.length; ++i) {
            resultToken = getAuthzToken(authzEntries[i]);
            if (resultToken != null) {
                return resultToken;
            }
        }
    }
    return null;
}
 

import com.sun.security.jgss.InquireType; //导入依赖的package包/类
/**
 * Retrieve attribute of the context for {@code type}.
 */
public Object inquireSecContext(InquireType type)
        throws GSSException {
    if (mechContext == null) {
        throw new GSSException(GSSException.NO_CONTEXT, -1,
                "Underlying mech not established.");
    }
    if (mechContext instanceof ExtendedGSSContext) {
        return ((ExtendedGSSContext)mechContext).inquireSecContext(type);
    } else {
        throw new GSSException(GSSException.BAD_MECH, -1,
                "inquireSecContext not supported by underlying mech.");
    }
}
 

import com.sun.security.jgss.InquireType; //导入依赖的package包/类
@Override
public Object getNegotiatedProperty(String propName) {
    if (!completed) {
        throw new IllegalStateException("Authentication incomplete");
    }
    String xprefix = "com.sun.security.jgss.inquiretype.";
    if (propName.startsWith(xprefix)) {
        String type = propName.substring(xprefix.length());
        if (logger.isLoggable(Level.FINEST)) {
            logger.logp(Level.FINE, "GssKrb5Base",
                    "getNegotiatedProperty", propName);
        }
        for (InquireType t: InquireType.values()) {
            if (t.name().toLowerCase(Locale.US).equals(type)) {
                try {
                    return ((ExtendedGSSContext)secCtx).inquireSecContext(t);
                } catch (GSSException e) {
                    if (logger.isLoggable(Level.FINEST)) {
                        logger.log(Level.WARNING, "inquireSecContext error", e);
                    }
                    return null;
                }
            }
        }
        // No such InquireType. Although not likely to be defined
        // as a property in a parent class, still try it.
    }
    return super.getNegotiatedProperty(propName);
}
 

import com.sun.security.jgss.InquireType; //导入依赖的package包/类
/**
 * 
 * @param servicePrincipalName
 * @return
 * @throws GSSException
 */
private byte[] getServiceTicketData(final String servicePrincipalName) throws GSSException {
	byte serviceTicket[] = null;
	serviceTicket = (byte[]) (byte[]) Subject.doAs(subject, new PrivilegedAction<byte[]>() {
		public byte[] run() {
			try {
				GSSManager manager = GSSManager.getInstance();
				Oid krb5Oid = new Oid("1.2.840.113554.1.2.2");
				Oid krb5PrincipalNameType = new Oid("1.2.840.113554.1.2.2.1");
				GSSName serverName = manager.createName(servicePrincipalName,
						krb5PrincipalNameType);
				final GSSContext context = manager.createContext(serverName, krb5Oid, null, 0);
				byte[] token = new byte[0];
				context.requestMutualAuth(false);
				context.requestCredDeleg(false);
				byte[] srvTckt = context.initSecContext(token, 0, token.length);
				
				if (context instanceof ExtendedGSSContext) {
					ExtendedGSSContext exgssContext = (ExtendedGSSContext) context;
					// return the mechanism-specific attribute associated with type
					Key encKey = (Key) exgssContext.inquireSecContext(InquireType.KRB5_GET_SESSION_KEY);
					// algorithm name here does not really matter.
					SecretKeySpec keySpec = new SecretKeySpec(encKey.getEncoded(), "DES");
					sessionKey = (SecretKey) keySpec;
				}
				
				return srvTckt;
				
			} catch (GSSException e) {
				log.error("Error occurred while accepting securing context", e);
				return null;
			}
		}
	});

	return serviceTicket;
}
 

import com.sun.security.jgss.InquireType; //导入依赖的package包/类
/**
 * 
 * @param ks
 * @return
 * @throws GSSException
 */
private GSSContext acceptSecurityContext(final KerberosSecurity ks)
		throws GSSException {

	Subject.doAs(subject, new PrivilegedAction<GSSContext>() {
		public GSSContext run() {
			try {
				GSSManager gssManager = null;
				gssManager = GSSManager.getInstance();
				gssContext = gssManager.createContext((GSSCredential) null);
				byte[] token = ks.getToken();
				gssContext.acceptSecContext(token, 0, token.length);
				
				if (gssContext instanceof ExtendedGSSContext) {
					ExtendedGSSContext exgssContext = (ExtendedGSSContext) gssContext;
					// return the mechanism-specific attribute associated with type
					Key encKey = (Key) exgssContext.inquireSecContext(InquireType.KRB5_GET_SESSION_KEY);
					// the algorithm name does not matter here
					SecretKeySpec keySpec = new SecretKeySpec(encKey.getEncoded(), "DES");
					key = (SecretKey) keySpec;
				}
				
				return gssContext;
			} catch (GSSException e) {
				log.error("Error occurred while accepting securing context", e);
				return null;
			}
		}
	});
	return gssContext;
}
 

import com.sun.security.jgss.InquireType; //导入依赖的package包/类
public Object inquireSecContext(InquireType type)
        throws GSSException {
    throw new GSSException(GSSException.UNAVAILABLE, -1,
            "Inquire type not supported.");
}