GssApiAuthentication.java

  1. /*
  2.  * Copyright (C) 2018, Thomas Wolf <thomas.wolf@paranor.ch> and others
  3.  *
  4.  * This program and the accompanying materials are made available under the
  5.  * terms of the Eclipse Distribution License v. 1.0 which is available at
  6.  * https://www.eclipse.org/org/documents/edl-v10.php.
  7.  *
  8.  * SPDX-License-Identifier: BSD-3-Clause
  9.  */
  10. package org.eclipse.jgit.internal.transport.sshd.auth;

  12. import static java.text.MessageFormat.format;

  14. import java.io.IOException;
  15. import java.net.InetSocketAddress;

  17. import org.eclipse.jgit.internal.transport.sshd.GssApiMechanisms;
  18. import org.eclipse.jgit.internal.transport.sshd.SshdText;
  19. import org.ietf.jgss.GSSContext;

  21. /**
  22.  * An abstract implementation of a GSS-API multi-round authentication.
  23.  *
  24.  * @param <ParameterType>
  25.  *            defining the parameter type for the authentication
  26.  * @param <TokenType>
  27.  *            defining the token type for the authentication
  28.  */
  29. public abstract class GssApiAuthentication<ParameterType, TokenType>
  30.         extends AbstractAuthenticationHandler<ParameterType, TokenType> {

  32.     private GSSContext context;

  34.     /** The last token generated. */
  35.     protected byte[] token;

  37.     /**
  38.      * Creates a new {@link GssApiAuthentication} to authenticate with the given
  39.      * {@code proxy}.
  40.      *
  41.      * @param proxy
  42.      *            the {@link InetSocketAddress} of the proxy to connect to
  43.      */
  44.     public GssApiAuthentication(InetSocketAddress proxy) {
  45.         super(proxy);
  46.     }

  48.     @Override
  49.     public void close() {
  50.         GssApiMechanisms.closeContextSilently(context);
  51.         context = null;
  52.         done = true;
  53.     }

  55.     @Override
  56.     public final void start() throws Exception {
  57.         try {
  58.             context = createContext();
  59.             context.requestMutualAuth(true);
  60.             context.requestConf(false);
  61.             context.requestInteg(false);
  62.             byte[] empty = new byte[0];
  63.             token = context.initSecContext(empty, 0, 0);
  64.         } catch (Exception e) {
  65.             close();
  66.             throw e;
  67.         }
  68.     }

  70.     @Override
  71.     public final void process() throws Exception {
  72.         if (context == null) {
  73.             throw new IOException(
  74.                     format(SshdText.get().proxyCannotAuthenticate, proxy));
  75.         }
  76.         try {
  77.             byte[] received = extractToken(params);
  78.             token = context.initSecContext(received, 0, received.length);
  79.             checkDone();
  80.         } catch (Exception e) {
  81.             close();
  82.             throw e;
  83.         }
  84.     }

  86.     private void checkDone() throws Exception {
  87.         done = context.isEstablished();
  88.         if (done) {
  89.             context.dispose();
  90.             context = null;
  91.         }
  92.     }

  94.     /**
  95.      * Creates the {@link GSSContext} to use.
  96.      *
  97.      * @return a fresh {@link GSSContext} to use
  98.      * @throws Exception
  99.      *             if the context cannot be created
  100.      */
  101.     protected abstract GSSContext createContext() throws Exception;

  103.     /**
  104.      * Extracts the token from the last set parameters.
  105.      *
  106.      * @param input
  107.      *            to extract the token from
  108.      * @return the extracted token, or {@code null} if none
  109.      * @throws Exception
  110.      *             if an error occurs
  111.      */
  112.     protected abstract byte[] extractToken(ParameterType input)
  113.             throws Exception;
  114. }
Created with JaCoCo 0.8.6.202009150832