mirrors
/
jgit
镜像来自 https://github.com/eclipse/jgit.git
關註 1
收藏 0
複製 0
程式碼 問題管理 0 版本發佈 204 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6501 Commit
49 分支
目錄樹: 6c14d273fa
分支列表 標籤列表
${ item.name }
Create branch ${ searchTerm }
from '6c14d273fa'
${ noResults }
jgit/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/GssApiMechanisms.java

GssApiMechanisms.java 6.8KB
原始文件 Blame 文件歷史

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231 
  1. /*

  2.  * Copyright (C) 2018, Thomas Wolf <thomas.wolf@paranor.ch>

  3.  * and other copyright owners as documented in the project's IP log.

  4.  *

  5.  * This program and the accompanying materials are made available

  6.  * under the terms of the Eclipse Distribution License v1.0 which

  7.  * accompanies this distribution, is reproduced below, and is

  8.  * available at http://www.eclipse.org/org/documents/edl-v10.php

  9.  *

  10.  * All rights reserved.

  11.  *

  12.  * Redistribution and use in source and binary forms, with or

  13.  * without modification, are permitted provided that the following

  14.  * conditions are met:

  15.  *

  16.  * - Redistributions of source code must retain the above copyright

  17.  *   notice, this list of conditions and the following disclaimer.

  18.  *

  19.  * - Redistributions in binary form must reproduce the above

  20.  *   copyright notice, this list of conditions and the following

  21.  *   disclaimer in the documentation and/or other materials provided

  22.  *   with the distribution.

  23.  *

  24.  * - Neither the name of the Eclipse Foundation, Inc. nor the

  25.  *   names of its contributors may be used to endorse or promote

  26.  *   products derived from this software without specific prior

  27.  *   written permission.

  28.  *

  29.  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND

  30.  * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,

  31.  * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES

  32.  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

  33.  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR

  34.  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

  35.  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

  36.  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

  37.  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER

  38.  * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

  39.  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

  40.  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF

  41.  * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

  42.  */

  43. package org.eclipse.jgit.internal.transport.sshd;

  44. 

  45. import java.net.InetAddress;

  46. import java.net.InetSocketAddress;

  47. import java.net.UnknownHostException;

  48. import java.util.Collection;

  49. import java.util.Collections;

  50. import java.util.LinkedHashMap;

  51. import java.util.Map;

  52. import java.util.concurrent.atomic.AtomicBoolean;

  53. 

  54. import org.eclipse.jgit.annotations.NonNull;

  55. import org.ietf.jgss.GSSContext;

  56. import org.ietf.jgss.GSSException;

  57. import org.ietf.jgss.GSSManager;

  58. import org.ietf.jgss.GSSName;

  59. import org.ietf.jgss.Oid;

  60. 

  61. /**

  62.  * Global repository of GSS-API mechanisms that we can use.

  63.  */

  64. public class GssApiMechanisms {

  65. 

  66. 	private GssApiMechanisms() {

  67. 		// No instantiation

  68. 	}

  69. 

  70. 	/** Prefix to use with {@link GSSName#NT_HOSTBASED_SERVICE}. */

  71. 	public static final String GSSAPI_HOST_PREFIX = "host@"; //$NON-NLS-1$

  72. 

  73. 	/** The {@link Oid} of Kerberos 5. */

  74. 	public static final Oid KERBEROS_5 = createOid("1.2.840.113554.1.2.2"); //$NON-NLS-1$

  75. 

  76. 	/** SGNEGO is not to be used with ssh. */

  77. 	public static final Oid SPNEGO = createOid("1.3.6.1.5.5.2"); //$NON-NLS-1$

  78. 

  79. 	/** Protects {@link #supportedMechanisms}. */

  80. 	private static final Object LOCK = new Object();

  81. 

  82. 	/**

  83. 	 * The {@link AtomicBoolean} is set to {@code true} when the mechanism could

  84. 	 * be initialized successfully at least once.

  85. 	 */

  86. 	private static Map<Oid, Boolean> supportedMechanisms;

  87. 

  88. 	/**

  89. 	 * Retrieves an immutable collection of the supported mechanisms.

  90. 	 *

  91. 	 * @return the supported mechanisms

  92. 	 */

  93. 	@NonNull

  94. 	public static Collection<Oid> getSupportedMechanisms() {

  95. 		synchronized (LOCK) {

  96. 			if (supportedMechanisms == null) {

  97. 				GSSManager manager = GSSManager.getInstance();

  98. 				Oid[] mechs = manager.getMechs();

  99. 				Map<Oid, Boolean> mechanisms = new LinkedHashMap<>();

  100. 				if (mechs != null) {

  101. 					for (Oid oid : mechs) {

  102. 						mechanisms.put(oid, Boolean.FALSE);

  103. 					}

  104. 				}

  105. 				supportedMechanisms = mechanisms;

  106. 			}

  107. 			return Collections.unmodifiableSet(supportedMechanisms.keySet());

  108. 		}

  109. 	}

  110. 

  111. 	/**

  112. 	 * Report that this mechanism was used successfully.

  113. 	 *

  114. 	 * @param mechanism

  115. 	 *            that worked

  116. 	 */

  117. 	public static void worked(@NonNull Oid mechanism) {

  118. 		synchronized (LOCK) {

  119. 			supportedMechanisms.put(mechanism, Boolean.TRUE);

  120. 		}

  121. 	}

  122. 

  123. 	/**

  124. 	 * Mark the mechanisms as failed.

  125. 	 *

  126. 	 * @param mechanism

  127. 	 *            to mark

  128. 	 */

  129. 	public static void failed(@NonNull Oid mechanism) {

  130. 		synchronized (LOCK) {

  131. 			Boolean worked = supportedMechanisms.get(mechanism);

  132. 			if (worked != null && !worked.booleanValue()) {

  133. 				// If it never worked, remove it

  134. 				supportedMechanisms.remove(mechanism);

  135. 			}

  136. 		}

  137. 	}

  138. 

  139. 	/**

  140. 	 * Resolves an {@link InetSocketAddress}.

  141. 	 *

  142. 	 * @param remote

  143. 	 *            to resolve

  144. 	 * @return the resolved {@link InetAddress}, or {@code null} if unresolved.

  145. 	 */

  146. 	public static InetAddress resolve(@NonNull InetSocketAddress remote) {

  147. 		InetAddress address = remote.getAddress();

  148. 		if (address == null) {

  149. 			try {

  150. 				address = InetAddress.getByName(remote.getHostString());

  151. 			} catch (UnknownHostException e) {

  152. 				return null;

  153. 			}

  154. 		}

  155. 		return address;

  156. 	}

  157. 

  158. 	/**

  159. 	 * Determines a canonical host name for use use with GSS-API.

  160. 	 *

  161. 	 * @param remote

  162. 	 *            to get the host name from

  163. 	 * @return the canonical host name, if it can be determined, otherwise the

  164. 	 *         {@link InetSocketAddress#getHostString() unprocessed host name}.

  165. 	 */

  166. 	@NonNull

  167. 	public static String getCanonicalName(@NonNull InetSocketAddress remote) {

  168. 		InetAddress address = resolve(remote);

  169. 		if (address == null) {

  170. 			return remote.getHostString();

  171. 		}

  172. 		return address.getCanonicalHostName();

  173. 	}

  174. 

  175. 	/**

  176. 	 * Creates a {@link GSSContext} for the given mechanism to authenticate with

  177. 	 * the host given by {@code fqdn}.

  178. 	 *

  179. 	 * @param mechanism

  180. 	 *            {@link Oid} of the mechanism to use

  181. 	 * @param fqdn

  182. 	 *            fully qualified domain name of the host to authenticate with

  183. 	 * @return the context, if the mechanism is available and the context could

  184. 	 *         be created, or {@code null} otherwise

  185. 	 */

  186. 	public static GSSContext createContext(@NonNull Oid mechanism,

  187. 			@NonNull String fqdn) {

  188. 		GSSContext context = null;

  189. 		try {

  190. 			GSSManager manager = GSSManager.getInstance();

  191. 			context = manager.createContext(

  192. 					manager.createName(

  193. 							GssApiMechanisms.GSSAPI_HOST_PREFIX + fqdn,

  194. 							GSSName.NT_HOSTBASED_SERVICE),

  195. 					mechanism, null, GSSContext.DEFAULT_LIFETIME);

  196. 		} catch (GSSException e) {

  197. 			closeContextSilently(context);

  198. 			failed(mechanism);

  199. 			return null;

  200. 		}

  201. 		worked(mechanism);

  202. 		return context;

  203. 	}

  204. 

  205. 	/**

  206. 	 * Closes (disposes of) a {@link GSSContext} ignoring any

  207. 	 * {@link GSSException}s.

  208. 	 *

  209. 	 * @param context

  210. 	 *            to dispose

  211. 	 */

  212. 	public static void closeContextSilently(GSSContext context) {

  213. 		if (context != null) {

  214. 			try {

  215. 				context.dispose();

  216. 			} catch (GSSException e) {

  217. 				// Ignore

  218. 			}

  219. 		}

  220. 	}

  221. 

  222. 	private static Oid createOid(String rep) {

  223. 		try {

  224. 			return new Oid(rep);

  225. 		} catch (GSSException e) {

  226. 			// Does not occur

  227. 			return null;

  228. 		}

  229. 	}

  230. 

  231. }