0

Is it possible to generate a kerberos token using java GSS API which is equivalent to token created while singing in to Windows. i.e. Is it possible to create a self sign kerberos token using GSS APIs. Using below code when Server name is provided, it generates the token but when serverName is passed as null in manager.createContext , i am getting exception

Trying to confirm whether GSS APIs can only be used when both client and Server addresses provided

    try {
        KERB_V5_OID = new Oid("1.2.840.113554.1.2.2");
        KRB5_PRINCIPAL_NAME_OID = new Oid("1.2.840.113554.1.2.2.1");

        GSSManager manager = GSSManager.getInstance();
        GSSName clientName = manager.createName("CLIENT@ABC.ORG", KRB5_PRINCIPAL_NAME_OID);
        GSSCredential clientCred = manager.createCredential(clientName, 1 * 3600, KERB_V5_OID,GSSCredential.INITIATE_ONLY);

        GSSName serverName = manager.createName("SERVER@ABC.ORG", KRB5_PRINCIPAL_NAME_OID);

        GSSContext context = manager.createContext(serverName, KERB_V5_OID, clientCred,GSSContext.DEFAULT_LIFETIME);
        context.requestMutualAuth(true);
        context.requestConf(false);
        context.requestInteg(true);
        
        boolean established = false;

        byte[] outToken = null;
        byte[] inToken = new byte[0];
        // Loop while the context is still not established
        while (!established) {
            outToken = context.initSecContext(inToken, 0, 0);
            if (!context.isEstablished()) {
                //System.out.println(Base64.getEncoder().encode(outToken));
                System.out.println(Base64.getEncoder().encodeToString(outToken));
                established = true;
            }
         }
        context.dispose();
    } catch (final GSSException ex) {
        throw new Error(ex);
    }
Siva Ganisetti
  • 1

0 Answers0