1 /** 2 * Licensed to the Apache Software Foundation (ASF) under one 3 * or more contributor license agreements. See the NOTICE file 4 * distributed with this work for additional information 5 * regarding copyright ownership. The ASF licenses this file 6 * to you under the Apache License, Version 2.0 (the 7 * "License"); you may not use this file except in compliance 8 * with the License. You may obtain a copy of the License at 9 * 10 * http://www.apache.org/licenses/LICENSE-2.0 11 * 12 * Unless required by applicable law or agreed to in writing, 13 * software distributed under the License is distributed on an 14 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 * KIND, either express or implied. See the License for the 16 * specific language governing permissions and limitations 17 * under the License. 18 */ 19 20 package org.apache.wss4j.common.kerberos; 21 22 import java.security.Key; 23 24 import org.ietf.jgss.GSSContext; 25 import org.ietf.jgss.GSSException; 26 27 /** 28 * Encapsulates Kerberos token (service ticket) and secret key returned by 29 * {@link KerberosClientExceptionAction}. 30 * 31 * The secret key might be null, in which case it must be obtained from the current subject's 32 * {@link javax.security.auth.kerberos.KerberosTicket} private credential. 33 * 34 * @author bgde 35 */ 36 public class KerberosContext { 37 private static final org.slf4j.Logger LOG = 38 org.slf4j.LoggerFactory.getLogger(KerberosContext.class); 39 40 private boolean disposed; 41 private GSSContext gssContext; 42 private byte[] kerberosToken; 43 private Key secretKey; 44 45 /** 46 * @return The Kerberos service ticket bytes or null they are not available/set. 47 * @throws IllegalStateException If this context was already disposed. 48 */ 49 public byte[] getKerberosToken() { 50 if (disposed) { 51 throw new IllegalStateException("Kerberos context is disposed."); 52 } 53 54 return kerberosToken; 55 } 56 57 public void setKerberosToken(byte[] kerberosToken) { 58 this.kerberosToken = kerberosToken; 59 } 60 61 /** 62 * @return The secret session key, or null if it is not available. 63 * In this case it must be obtained from the current subject's {@link javax.security.auth.kerberos.KerberosTicket KerberosTicket} private credential. 64 * 65 * @see {@link javax.security.auth.kerberos.KerberosTicket#getSessionKey()} 66 * @throws IllegalStateException If this context was already disposed. 67 */ 68 public Key getSecretKey() { 69 if (disposed) { 70 throw new IllegalStateException("Kerberos context is disposed."); 71 } 72 return secretKey; 73 } 74 75 public void setSecretKey(Key secretKey) { 76 this.secretKey = secretKey; 77 } 78 79 /** 80 * @return The GSSContext as initialized during Kerberos service ticket retrieval. 81 * @throws IllegalStateException If this context was already disposed. 82 */ 83 public GSSContext getGssContext() { 84 if (disposed) { 85 throw new IllegalStateException("Kerberos context is disposed."); 86 } 87 return this.gssContext; 88 } 89 90 public void setGssContext(GSSContext gssContext) { 91 this.gssContext = gssContext; 92 } 93 94 /** 95 * Destroys all data held in this context instance. After calling this method, 96 * an attempt to retrieve any field of this context instance will throw an IllegalArgumentException. 97 */ 98 public void dispose() { 99 if (!disposed) { 100 if (kerberosToken != null) { 101 for (int i = 0; i < kerberosToken.length; i++) { 102 kerberosToken[i] = 0; 103 } 104 } 105 106 secretKey = null; 107 108 if (gssContext != null) { 109 try { 110 gssContext.dispose(); 111 } catch (GSSException e) { 112 LOG.error("Error disposing of the GSSContext", e); 113 } 114 } 115 116 disposed = true; 117 } 118 } 119 120 /** 121 * Checks if this context instance is already destroyed. 122 */ 123 public boolean isDisposed() { 124 return disposed; 125 } 126 }