TokenExtractor.java

package org.haox.token;

import com.sun.security.jgss.AuthorizationDataEntry;
import com.sun.security.jgss.ExtendedGSSContext;
import com.sun.security.jgss.InquireType;
import org.apache.haox.asn1.type.Asn1SequenceOf;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSException;

import java.io.IOException;
import java.util.List;

public class TokenExtractor {
    static final int JWT_AUTHZ_DATA_TYPE = 81;
    public static final int AD_IF_RELEVANT_TYPE = 1;

    /**
     AuthorizationData       ::= SEQUENCE OF SEQUENCE {
         ad-type         [0] Int32,
         ad-data         [1] OCTET STRING
     }
     */
    public static class AuthorizationData extends Asn1SequenceOf<AuthzDataEntry> {

    }

    public static KerbToken checkAuthzData(GSSContext context) throws GSSException, IOException {
        System.out.println("Looking for token from authorization data in GSSContext");

        Object authzData = null;
        if (context instanceof ExtendedGSSContext) {
            ExtendedGSSContext ex = (ExtendedGSSContext)context;
            authzData = ex.inquireSecContext(
                    InquireType.KRB5_GET_AUTHZ_DATA);
        }

        if (authzData != null) {
            AuthorizationDataEntry[] authzEntries = (AuthorizationDataEntry[]) authzData;
            KerbToken resultToken = null;
            for (int i = 0; i < authzEntries.length; ++i) {
                resultToken = getAuthzToken(authzEntries[i]);
                if (resultToken != null) {
                    return resultToken;
                }
            }
        }
        return null;
    }

    public static KerbToken getAuthzToken(AuthorizationDataEntry authzDataEntry) throws IOException {
        if (authzDataEntry.getType() == AD_IF_RELEVANT_TYPE) {
            String token = getToken(authzDataEntry);
            if (token == null) {
                return null;
            }

            try {
                return TokenTool.fromJwtToken(token);
            } catch (Exception e) {
                // noop when not jwt token
            }
        }

        return null;
    }

    public static String getToken(AuthorizationDataEntry authzDataEntry) throws IOException {
        List<AuthzDataEntry> entries = decode(authzDataEntry);
        for (AuthzDataEntry entry : entries) {
            if (entry.getAuthzType() == JWT_AUTHZ_DATA_TYPE) {
                return new String(entry.getAuthzData());
            }
        }
        return null;
    }

    public static List<AuthzDataEntry> decode(AuthorizationDataEntry authzDataEntry) throws IOException {
        AuthorizationData authzData = new AuthorizationData();
        authzData.decode(authzDataEntry.getData());
        return authzData.getElements();
    }
}