Line 0
Link Here
|
|
|
1 |
/* |
2 |
* Licensed to the Apache Software Foundation (ASF) under one or more |
3 |
* contributor license agreements. See the NOTICE file distributed with |
4 |
* this work for additional information regarding copyright ownership. |
5 |
* The ASF licenses this file to You under the Apache License, Version 2.0 |
6 |
* (the "License"); you may not use this file except in compliance with |
7 |
* the License. You may obtain a copy of the License at |
8 |
* |
9 |
* http://www.apache.org/licenses/LICENSE-2.0 |
10 |
* |
11 |
* Unless required by applicable law or agreed to in writing, software |
12 |
* distributed under the License is distributed on an "AS IS" BASIS, |
13 |
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
14 |
* See the License for the specific language governing permissions and |
15 |
* limitations under the License. |
16 |
* |
17 |
*/ |
18 |
|
19 |
package org.apache.jmeter.protocol.http.control; |
20 |
|
21 |
import org.apache.http.auth.Credentials; |
22 |
import org.apache.http.auth.KerberosCredentials; |
23 |
import org.apache.http.impl.auth.KerberosScheme; |
24 |
import org.ietf.jgss.GSSContext; |
25 |
import org.ietf.jgss.GSSCredential; |
26 |
import org.ietf.jgss.GSSException; |
27 |
import org.ietf.jgss.GSSManager; |
28 |
import org.ietf.jgss.GSSName; |
29 |
import org.ietf.jgss.Oid; |
30 |
|
31 |
public class DelegatingKerberosScheme extends KerberosScheme { |
32 |
public DelegatingKerberosScheme(final boolean stripPort, final boolean useCanonicalHostName) { |
33 |
super(stripPort, useCanonicalHostName); |
34 |
} |
35 |
|
36 |
@Override |
37 |
protected byte[] generateGSSToken( |
38 |
final byte[] input, final Oid oid, final String authServer, |
39 |
final Credentials credentials) throws GSSException { |
40 |
final GSSManager manager = getManager(); |
41 |
final GSSName serverName = manager.createName("HTTP@" + authServer, GSSName.NT_HOSTBASED_SERVICE); |
42 |
|
43 |
final GSSCredential gssCredential; |
44 |
if (credentials instanceof KerberosCredentials) { |
45 |
gssCredential = ((KerberosCredentials) credentials).getGSSCredential(); |
46 |
} else { |
47 |
gssCredential = null; |
48 |
} |
49 |
|
50 |
final GSSContext gssContext = createDelegatingGSSContext(manager, oid, serverName, gssCredential); |
51 |
if (input != null) { |
52 |
return gssContext.initSecContext(input, 0, input.length); |
53 |
} else { |
54 |
return gssContext.initSecContext(new byte[] {}, 0, 0); |
55 |
} |
56 |
} |
57 |
|
58 |
GSSContext createDelegatingGSSContext(final GSSManager manager, final Oid oid, final GSSName serverName, |
59 |
final GSSCredential gssCredential) throws GSSException { |
60 |
final GSSContext gssContext = manager.createContext(serverName.canonicalize(oid), oid, gssCredential, |
61 |
GSSContext.DEFAULT_LIFETIME); |
62 |
gssContext.requestMutualAuth(true); |
63 |
gssContext.requestCredDeleg(true); |
64 |
return gssContext; |
65 |
} |
66 |
} |