1 /**
2 * Licensed to the Apache Software Foundation (ASF) under one
3 * or more contributor license agreements. See the NOTICE file
4 * distributed with this work for additional information
5 * regarding copyright ownership. The ASF licenses this file
6 * to you under the Apache License, Version 2.0 (the
7 * "License"); you may not use this file except in compliance
8 * with the License. You may obtain a copy of the License at
9 *
10 * http://www.apache.org/licenses/LICENSE-2.0
11 *
12 * Unless required by applicable law or agreed to in writing,
13 * software distributed under the License is distributed on an
14 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15 * KIND, either express or implied. See the License for the
16 * specific language governing permissions and limitations
17 * under the License.
18 */
19
20 package org.apache.wss4j.common.kerberos;
21
22 import java.security.Key;
23
24 import org.ietf.jgss.GSSContext;
25 import org.ietf.jgss.GSSException;
26
27 /**
28 * Encapsulates Kerberos token (service ticket) and secret key returned by
29 * {@link KerberosClientExceptionAction}.
30 *
31 * The secret key might be null, in which case it must be obtained from the current subject's
32 * {@link javax.security.auth.kerberos.KerberosTicket} private credential.
33 *
34 * @author bgde
35 */
36 public class KerberosContext {
37 private static final org.slf4j.Logger LOG =
38 org.slf4j.LoggerFactory.getLogger(KerberosContext.class);
39
40 private boolean disposed;
41 private GSSContext gssContext;
42 private byte[] kerberosToken;
43 private Key secretKey;
44
45 /**
46 * @return The Kerberos service ticket bytes or null they are not available/set.
47 * @throws IllegalStateException If this context was already disposed.
48 */
49 public byte[] getKerberosToken() {
50 if (disposed) {
51 throw new IllegalStateException("Kerberos context is disposed.");
52 }
53
54 return kerberosToken;
55 }
56
57 public void setKerberosToken(byte[] kerberosToken) {
58 this.kerberosToken = kerberosToken;
59 }
60
61 /**
62 * @return The secret session key, or null if it is not available.
63 * In this case it must be obtained from the current subject's {@link javax.security.auth.kerberos.KerberosTicket KerberosTicket} private credential.
64 *
65 * @see {@link javax.security.auth.kerberos.KerberosTicket#getSessionKey()}
66 * @throws IllegalStateException If this context was already disposed.
67 */
68 public Key getSecretKey() {
69 if (disposed) {
70 throw new IllegalStateException("Kerberos context is disposed.");
71 }
72 return secretKey;
73 }
74
75 public void setSecretKey(Key secretKey) {
76 this.secretKey = secretKey;
77 }
78
79 /**
80 * @return The GSSContext as initialized during Kerberos service ticket retrieval.
81 * @throws IllegalStateException If this context was already disposed.
82 */
83 public GSSContext getGssContext() {
84 if (disposed) {
85 throw new IllegalStateException("Kerberos context is disposed.");
86 }
87 return this.gssContext;
88 }
89
90 public void setGssContext(GSSContext gssContext) {
91 this.gssContext = gssContext;
92 }
93
94 /**
95 * Destroys all data held in this context instance. After calling this method,
96 * an attempt to retrieve any field of this context instance will throw an IllegalArgumentException.
97 */
98 public void dispose() {
99 if (!disposed) {
100 if (kerberosToken != null) {
101 for (int i = 0; i < kerberosToken.length; i++) {
102 kerberosToken[i] = 0;
103 }
104 }
105
106 secretKey = null;
107
108 if (gssContext != null) {
109 try {
110 gssContext.dispose();
111 } catch (GSSException e) {
112 LOG.error("Error disposing of the GSSContext", e);
113 }
114 }
115
116 disposed = true;
117 }
118 }
119
120 /**
121 * Checks if this context instance is already destroyed.
122 */
123 public boolean isDisposed() {
124 return disposed;
125 }
126 }