API tools faq
paste
Guest User

Untitled

a guest
May 24th, 2016
311
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 11.03 KB | None | 0 0
raw download clone embed print report
  1. CLIENT:
  2. private void test() throws IOException, GSSException {
  3. String server = args[0];
  4. String hostName = args[1];
  5. int port = Integer.parseInt(args[2]);
  6.  
  7. Socket socket = new Socket(hostName, port);
  8. DataInputStream inStream =
  9. new DataInputStream(socket.getInputStream());
  10. DataOutputStream outStream =
  11. new DataOutputStream(socket.getOutputStream());
  12.  
  13. System.out.println("Connected to server "
  14. + socket.getInetAddress());
  15.  
  16. /*
  17. * This Oid is used to represent the Kerberos version 5 GSS-API
  18. * mechanism. It is defined in RFC 1964. We will use this Oid
  19. * whenever we need to indicate to the GSS-API that it must
  20. * use Kerberos for some purpose.
  21. */
  22. Oid krb5Oid = new Oid("1.2.840.113554.1.2.2");
  23.  
  24. GSSManager manager = GSSManager.getInstance();
  25.  
  26. /*
  27. * Create a GSSName out of the server's name. The null
  28. * indicates that this application does not wish to make
  29. * any claims about the syntax of this name and that the
  30. * underlying mechanism should try to parse it as per whatever
  31. * default syntax it chooses.
  32. */
  33. GSSName serverName = manager.createName(server, null);
  34.  
  35. /*
  36. * Create a GSSContext for mutual authentication with the
  37. * server.
  38. * - serverName is the GSSName that represents the server.
  39. * - krb5Oid is the Oid that represents the mechanism to
  40. * use. The client chooses the mechanism to use.
  41. * - null is passed in for client credentials
  42. * - DEFAULT_LIFETIME lets the mechanism decide how long the
  43. * context can remain valid.
  44. * Note: Passing in null for the credentials asks GSS-API to
  45. * use the default credentials. This means that the mechanism
  46. * will look among the credentials stored in the current Subject
  47. * to find the right kind of credentials that it needs.
  48. */
  49. GSSContext context = manager.createContext(serverName,
  50. krb5Oid,
  51. null,
  52. GSSContext.DEFAULT_LIFETIME);
  53.  
  54. // Set the desired optional features on the context. The client
  55. // chooses these options.
  56.  
  57. context.requestMutualAuth(true); // Mutual authentication
  58. context.requestConf(true); // Will use confidentiality later
  59. context.requestInteg(true); // Will use integrity later
  60.  
  61. // Do the context eastablishment loop
  62.  
  63. byte[] token = new byte[0];
  64.  
  65. while (!context.isEstablished()) {
  66.  
  67. // token is ignored on the first call
  68. token = context.initSecContext(token, 0, token.length);
  69.  
  70. // Send a token to the server if one was generated by
  71. // initSecContext
  72. if (token != null) {
  73. System.out.println("Will send token of size "
  74. + token.length
  75. + " from initSecContext.");
  76. outStream.writeInt(token.length);
  77. outStream.write(token);
  78. outStream.flush();
  79. }
  80.  
  81. // If the client is done with context establishment
  82. // then there will be no more tokens to read in this loop
  83. if (!context.isEstablished()) {
  84. token = new byte[inStream.readInt()];
  85. System.out.println("Will read input token of size "
  86. + token.length
  87. + " for processing by initSecContext");
  88. inStream.readFully(token);
  89. }
  90. }
  91.  
  92. System.out.println("Context Established! ");
  93. System.out.println("Client is " + context.getSrcName());
  94. System.out.println("Server is " + context.getTargName());
  95.  
  96. /*
  97. * If mutual authentication did not take place, then only the
  98. * client was authenticated to the server. Otherwise, both
  99. * client and server were authenticated to each other.
  100. */
  101. if (context.getMutualAuthState())
  102. System.out.println("Mutual authentication took place!");
  103.  
  104. byte[] messageBytes = "Hello There!\0".getBytes();
  105.  
  106. /*
  107. * The first MessageProp argument is 0 to request
  108. * the default Quality-of-Protection.
  109. * The second argument is true to request
  110. * privacy (encryption of the message).
  111. */
  112. MessageProp prop = new MessageProp(0, true);
  113.  
  114. /*
  115. * Encrypt the data and send it across. Integrity protection
  116. * is always applied, irrespective of confidentiality
  117. * (i.e., encryption).
  118. * You can use the same token (byte array) as that used when
  119. * establishing the context.
  120. */
  121.  
  122. token = context.wrap(messageBytes, 0, messageBytes.length, prop);
  123. System.out.println("Will send wrap token of size " + token.length);
  124. outStream.writeInt(token.length);
  125. outStream.write(token);
  126. outStream.flush();
  127.  
  128. /*
  129. * Now we will allow the server to decrypt the message,
  130. * calculate a MIC on the decrypted message and send it back
  131. * to us for verification. This is unnecessary, but done here
  132. * for illustration.
  133. */
  134.  
  135. token = new byte[inStream.readInt()];
  136. System.out.println("Will read token of size " + token.length);
  137. inStream.readFully(token);
  138. context.verifyMIC(token, 0, token.length,
  139. messageBytes, 0, messageBytes.length,
  140. prop);
  141.  
  142. System.out.println("Verified received MIC for message.");
  143.  
  144. System.out.println("Exiting...");
  145. context.dispose();
  146. socket.close();
  147. }
  148. };
  149. SERVER:
  150. private static void test(int localPort) throws IOException, GSSException {
  151. ServerSocket ss = new ServerSocket(localPort);
  152.  
  153. GSSManager manager = GSSManager.getInstance();
  154.  
  155. while (true) {
  156.  
  157. System.out.println("Waiting for incoming connection...");
  158.  
  159. Socket socket = ss.accept();
  160. DataInputStream inStream =
  161. new DataInputStream(socket.getInputStream());
  162. DataOutputStream outStream =
  163. new DataOutputStream(socket.getOutputStream());
  164.  
  165. System.out.println("Got connection from client "
  166. + socket.getInetAddress());
  167.  
  168. /*
  169. * Create a GSSContext to receive the incoming request
  170. * from the client. Use null for the server credentials
  171. * passed in. This tells the underlying mechanism
  172. * to use whatever credentials it has available that
  173. * can be used to accept this connection.
  174. */
  175. GSSContext context = manager.createContext((GSSCredential)null);
  176.  
  177. // Do the context eastablishment loop
  178.  
  179. byte[] token = null;
  180.  
  181. while (!context.isEstablished()) {
  182.  
  183. token = new byte[inStream.readInt()];
  184. System.out.println("Will read input token of size "
  185. + token.length
  186. + " for processing by acceptSecContext");
  187. inStream.readFully(token);
  188.  
  189. token = context.acceptSecContext(token, 0, token.length);
  190.  
  191. // Send a token to the peer if one was generated by
  192. // acceptSecContext
  193. if (token != null) {
  194. System.out.println("Will send token of size "
  195. + token.length
  196. + " from acceptSecContext.");
  197. outStream.writeInt(token.length);
  198. outStream.write(token);
  199. outStream.flush();
  200. }
  201. }
  202.  
  203. System.out.print("Context Established! ");
  204. System.out.println("Client is " + context.getSrcName());
  205. System.out.println("Server is " + context.getTargName());
  206. /*
  207. * If mutual authentication did not take place, then
  208. * only the client was authenticated to the
  209. * server. Otherwise, both client and server were
  210. * authenticated to each other.
  211. */
  212. if (context.getMutualAuthState())
  213. System.out.println("Mutual authentication took place!");
  214.  
  215. /*
  216. * Create a MessageProp which unwrap will use to return
  217. * information such as the Quality-of-Protection that was
  218. * applied to the wrapped token, whether or not it was
  219. * encrypted, etc. Since the initial MessageProp values
  220. * are ignored, just set them to the defaults of 0 and false.
  221. */
  222. MessageProp prop = new MessageProp(0, false);
  223.  
  224. /*
  225. * Read the token. This uses the same token byte array
  226. * as that used during context establishment.
  227. */
  228. token = new byte[inStream.readInt()];
  229. System.out.println("Will read token of size "
  230. + token.length);
  231. inStream.readFully(token);
  232.  
  233. byte[] bytes = context.unwrap(token, 0, token.length, prop);
  234. String str = new String(bytes);
  235. System.out.println("Received data \""
  236. + str + "\" of length " + str.length());
  237.  
  238. System.out.println("Confidentiality applied: "
  239. + prop.getPrivacy());
  240.  
  241. /*
  242. * Now generate a MIC and send it to the client. This is
  243. * just for illustration purposes. The integrity of the
  244. * incoming wrapped message is guaranteed irrespective of
  245. * the confidentiality (encryption) that was used.
  246. */
  247.  
  248. /*
  249. * First reset the QOP of the MessageProp to 0
  250. * to ensure the default Quality-of-Protection
  251. * is applied.
  252. */
  253. prop.setQOP(0);
  254.  
  255. token = context.getMIC(bytes, 0, bytes.length, prop);
  256.  
  257. System.out.println("Will send MIC token of size "
  258. + token.length);
  259. outStream.writeInt(token.length);
  260. outStream.write(token);
  261. outStream.flush();
  262.  
  263. System.out.println("Closing connection with client "
  264. + socket.getInetAddress());
  265. context.dispose();
  266. socket.close();
  267. }
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!