@Override public KerberosTicket gssCredentialToKerberosTicket(KerberosTicket kerberosTicket, GSSCredential gssCredential) { try { Class<?> gssUtil = Class.forName("com.sun.security.jgss.GSSUtil"); Method createSubject = gssUtil.getMethod("createSubject", GSSName.class, GSSCredential.class); Subject subject = (Subject) createSubject.invoke(null, null, gssCredential); Set<KerberosTicket> kerberosTickets = subject.getPrivateCredentials(KerberosTicket.class); Iterator<KerberosTicket> iterator = kerberosTickets.iterator(); if (iterator.hasNext()) { return iterator.next(); } else { throw new KerberosSerializationUtils.KerberosSerializationException("Not available kerberosTicket in subject credentials. Subject was: " + subject.toString()); } } catch (KerberosSerializationUtils.KerberosSerializationException ke) { throw ke; } catch (Exception e) { throw new KerberosSerializationUtils.KerberosSerializationException("Unexpected error during convert GSSCredential to KerberosTicket", e); } }
public GSSCredential kerberosTicketToGSSCredential(KerberosTicket kerberosTicket, final int lifetime, final int usage) { try { final GSSManager gssManager = GSSManager.getInstance(); KerberosPrincipal kerberosPrincipal = kerberosTicket.getClient(); String krbPrincipalName = kerberosTicket.getClient().getName(); final GSSName gssName = gssManager.createName(krbPrincipalName, KerberosConstants.KRB5_NAME_OID); Set<KerberosPrincipal> principals = Collections.singleton(kerberosPrincipal); Set<GSSName> publicCreds = Collections.singleton(gssName); Set<KerberosTicket> privateCreds = Collections.singleton(kerberosTicket); Subject subject = new Subject(false, principals, publicCreds, privateCreds); return Subject.doAs(subject, new PrivilegedExceptionAction<GSSCredential>() { @Override public GSSCredential run() throws Exception { return gssManager.createCredential(gssName, lifetime, KerberosConstants.KRB5_OID, usage); } }); } catch (Exception e) { throw new KerberosSerializationUtils.KerberosSerializationException("Unexpected exception during convert KerberosTicket to GSSCredential", e); } }
public static GSSCredential deserializeCredential(String serializedCred) throws KerberosSerializationException { if (serializedCred == null) { throw new KerberosSerializationException("Null credential given as input. Did you enable kerberos credential delegation for your web browser and mapping of gss credential to access token?"); } try { Object deserializedCred = deserialize(serializedCred); if (!(deserializedCred instanceof KerberosTicket)) { throw new KerberosSerializationException("Deserialized object is not KerberosTicket! Type is: " + deserializedCred); } KerberosTicket ticket = (KerberosTicket) deserializedCred; return KerberosJdkProvider.getProvider().kerberosTicketToGSSCredential(ticket); } catch (KerberosSerializationException ke) { throw ke; } catch (Exception ioe) { throw new KerberosSerializationException("Unexpected exception when deserialize GSSCredential", ioe); } }
public static String serializeCredential(KerberosTicket kerberosTicket, GSSCredential gssCredential) throws KerberosSerializationException { try { if (gssCredential == null) { throw new KerberosSerializationException("Null credential given as input"); } kerberosTicket = KerberosJdkProvider.getProvider().gssCredentialToKerberosTicket(kerberosTicket, gssCredential); return serialize(kerberosTicket); } catch (IOException e) { throw new KerberosSerializationException("Unexpected exception when serialize GSSCredential", e); } }
@Override public KerberosTicket gssCredentialToKerberosTicket(KerberosTicket kerberosTicket, GSSCredential gssCredential) { if (kerberosTicket == null) { throw new KerberosSerializationUtils.KerberosSerializationException("Not available kerberosTicket in subject credentials in IBM JDK"); } else { return kerberosTicket; } } }