GssDssContext.java example

Explorer
dcache-master
- archetypes
  - dcache-nearline-plugin-archetype
    - src
      - main
        resources
        archetype-resources
        src
        main
        java
        PluginNearlineStorage.java
        PluginNearlineStorageProvider.java
- modules
/* dCache - http://www.dcache.org/
 *
 * Copyright (C) 2015 Deutsches Elektronen-Synchrotron
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
package org.dcache.dss;

import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.MessageProp;

import javax.security.auth.Subject;

import java.io.IOException;
import java.util.Objects;

import static com.google.common.base.Preconditions.checkState;

/**
 * DssContext that wraps a GssContext.
 */
public abstract class GssDssContext implements DssContext
{
    protected final GSSContext context;
    protected final MessageProp prop =  new MessageProp(true);

    private Subject subject;
    private GSSName principal;
    private boolean isUninitialized = true;

    public GssDssContext(GSSContext context) throws GSSException
    {
        this.context = context;
    }

    @Override
    public byte[] init(byte[] token) throws IOException
    {
        checkState(!isEstablished());
        try {
            if (isUninitialized) {
                context.requestMutualAuth(true);
                isUninitialized = false;
            }
            byte[] outToken = context.initSecContext(token, 0, token.length);
            if (isEstablished()) {
                principal = context.getSrcName();
                subject = createSubject();
            }
            return outToken;
        } catch (GSSException e) {
            throw new IOException(e.getMessage(), e);
        }
    }

    @Override
    public byte[] accept(byte[] token) throws IOException
    {
        checkState(!isEstablished());
        try {
            isUninitialized = false;
            byte[] outToken = context.acceptSecContext(token, 0, token.length);
            if (isEstablished()) {
                principal = context.getSrcName();
                subject = createSubject();
            }
            return outToken;
        } catch (GSSException e) {
            throw new IOException(e.getMessage(), e);
        }
    }

    @Override
    public byte[] wrap(byte[] data, int offset, int len) throws IOException
    {
        checkState(isEstablished());
        try {
            return context.wrap(data, offset, len, prop);
        } catch (GSSException e) {
            throw new IOException("Failed to wrap message: " + e.getMessage(), e);
        }
    }

    @Override
    public byte[] unwrap(byte[] token) throws IOException
    {
        checkState(isEstablished());
        try {
            return context.unwrap(token, 0, token.length, prop);
        } catch (GSSException e) {
            throw new IOException("Failed to unwrap message: " + e.getMessage(), e);
        }
    }

    @Override
    public Subject getSubject()
    {
        return subject;
    }

    @Override
    public String getPeerName()
    {
        return Objects.toString(principal, null);
    }

    @Override
    public boolean isEstablished()
    {
        return context.isEstablished();
    }

    protected abstract Subject createSubject() throws GSSException;
}