View Javadoc
1   /*
2    * Copyright (C) 2018, Thomas Wolf <thomas.wolf@paranor.ch> and others
3    *
4    * This program and the accompanying materials are made available under the
5    * terms of the Eclipse Distribution License v. 1.0 which is available at
6    * https://www.eclipse.org/org/documents/edl-v10.php.
7    *
8    * SPDX-License-Identifier: BSD-3-Clause
9    */
10  package org.eclipse.jgit.internal.transport.sshd.auth;
11  
12  import static java.text.MessageFormat.format;
13  
14  import java.io.IOException;
15  import java.net.InetSocketAddress;
16  
17  import org.eclipse.jgit.internal.transport.sshd.GssApiMechanisms;
18  import org.eclipse.jgit.internal.transport.sshd.SshdText;
19  import org.ietf.jgss.GSSContext;
20  
21  /**
22   * An abstract implementation of a GSS-API multi-round authentication.
23   *
24   * @param <ParameterType>
25   *            defining the parameter type for the authentication
26   * @param <TokenType>
27   *            defining the token type for the authentication
28   */
29  public abstract class GssApiAuthentication<ParameterType, TokenType>
30  		extends AbstractAuthenticationHandler<ParameterType, TokenType> {
31  
32  	private GSSContext context;
33  
34  	/** The last token generated. */
35  	protected byte[] token;
36  
37  	/**
38  	 * Creates a new {@link GssApiAuthentication} to authenticate with the given
39  	 * {@code proxy}.
40  	 *
41  	 * @param proxy
42  	 *            the {@link InetSocketAddress} of the proxy to connect to
43  	 */
44  	public GssApiAuthentication(InetSocketAddress proxy) {
45  		super(proxy);
46  	}
47  
48  	@Override
49  	public void close() {
50  		GssApiMechanisms.closeContextSilently(context);
51  		context = null;
52  		done = true;
53  	}
54  
55  	@Override
56  	public final void start() throws Exception {
57  		try {
58  			context = createContext();
59  			context.requestMutualAuth(true);
60  			context.requestConf(false);
61  			context.requestInteg(false);
62  			byte[] empty = new byte[0];
63  			token = context.initSecContext(empty, 0, 0);
64  		} catch (Exception e) {
65  			close();
66  			throw e;
67  		}
68  	}
69  
70  	@Override
71  	public final void process() throws Exception {
72  		if (context == null) {
73  			throw new IOException(
74  					format(SshdText.get().proxyCannotAuthenticate, proxy));
75  		}
76  		try {
77  			byte[] received = extractToken(params);
78  			token = context.initSecContext(received, 0, received.length);
79  			checkDone();
80  		} catch (Exception e) {
81  			close();
82  			throw e;
83  		}
84  	}
85  
86  	private void checkDone() throws Exception {
87  		done = context.isEstablished();
88  		if (done) {
89  			context.dispose();
90  			context = null;
91  		}
92  	}
93  
94  	/**
95  	 * Creates the {@link GSSContext} to use.
96  	 *
97  	 * @return a fresh {@link GSSContext} to use
98  	 * @throws Exception
99  	 *             if the context cannot be created
100 	 */
101 	protected abstract GSSContext createContext() throws Exception;
102 
103 	/**
104 	 * Extracts the token from the last set parameters.
105 	 *
106 	 * @param input
107 	 *            to extract the token from
108 	 * @return the extracted token, or {@code null} if none
109 	 * @throws Exception
110 	 *             if an error occurs
111 	 */
112 	protected abstract byte[] extractToken(ParameterType input)
113 			throws Exception;
114 }