package kerberos;
 
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
 
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.TextOutputCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
 
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.Oid;
 
public class KerberosLogin {
    public GSSCredential getGSSCredentials(GSSManager mgr, String spn, String keytab, int GSSCredentialType ) throws LoginException, GSSException {
		LoginContext lc = new LoginContext("Sample", null, null, new LoginConfiguration(spn, keytab, GSSCredentialType));
 
		lc.login();
 
		try {
			return (GSSCredential) Subject.doAs(lc.getSubject(), new SubjectAction(mgr, GSSCredentialType ));
		} catch (PrivilegedActionException e) {
			throw (GSSException) e.getCause();
		}
	}
 
	public GSSCredential getGSSCredentials(GSSManager mgr, String spn, int GSSCredentialType  ) throws LoginException, GSSException {
		LoginContext lc = new LoginContext("Sample", null, new KerberosCallBackHandler(), new LoginConfiguration(spn, GSSCredentialType));
 
		lc.login();
 
		try {
			return (GSSCredential) Subject.doAs(lc.getSubject(), new SubjectAction(mgr, GSSCredentialType));
		} catch (PrivilegedActionException e) {
			throw (GSSException) e.getCause();
		}
	}
 
	// Privileged action which runs as the subject to get the credentials and throws the exception thrown by the run() method
	private static final class SubjectAction implements PrivilegedExceptionAction<GSSCredential> {    
	    private GSSManager mgr;
	    private int GSSCredentialType = GSSCredential.INITIATE_AND_ACCEPT;
 
	    private static final Oid KRB5_MECH = createOid("1.2.840.113554.1.2.2");
 
	    private static Oid createOid(String rep) {
			try {
				return new Oid(rep);
			} catch (GSSException e) {
				return null;
			}
		}
 
	    private SubjectAction(GSSManager mgr, int GSSCredentialType) {
	      this.mgr  = mgr;
	      this.GSSCredentialType = GSSCredentialType;
	    }
 
	    public GSSCredential run() throws GSSException {
	      return mgr.createCredential(null, GSSCredential.INDEFINITE_LIFETIME, KRB5_MECH, GSSCredentialType );      
	    }
	  }
}
 
class KerberosCallBackHandler implements CallbackHandler {
	public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
		for (int i = 0; i < callbacks.length; i++) {
			// display the message
			if (callbacks[i] instanceof TextOutputCallback) {
				TextOutputCallback toc = (TextOutputCallback) callbacks[i];
 
				switch (toc.getMessageType()) {
				case TextOutputCallback.INFORMATION:
					System.out.println(toc.getMessage());
					break;
				case TextOutputCallback.ERROR:
					System.out.println("ERROR: " + toc.getMessage());
					break;
				case TextOutputCallback.WARNING:
					System.out.println("WARNING: " + toc.getMessage());
					break;
				default:
					throw new IOException("Unsupported message type: " + toc.getMessageType());
				}
			} else if (callbacks[i] instanceof PasswordCallback) {
				// prompt the user for password
				PasswordCallback pc = (PasswordCallback) callbacks[i];
				System.err.print(pc.getPrompt());
				System.err.flush();
				pc.setPassword(readPassword());
			} else {
				throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
			}
		}
	}
 
	private char[] readPassword() throws IOException {
		BufferedReader br = new BufferedReader( new InputStreamReader( System.in ) );
		return br.readLine().trim().toCharArray();
	}
}
 

cGFja2FnZSBrZXJiZXJvczsKCmltcG9ydCBqYXZhLmlvLkJ1ZmZlcmVkUmVhZGVyOwppbXBvcnQgamF2YS5pby5JT0V4Y2VwdGlvbjsKaW1wb3J0IGphdmEuaW8uSW5wdXRTdHJlYW1SZWFkZXI7CmltcG9ydCBqYXZhLnNlY3VyaXR5LlByaXZpbGVnZWRBY3Rpb25FeGNlcHRpb247CmltcG9ydCBqYXZhLnNlY3VyaXR5LlByaXZpbGVnZWRFeGNlcHRpb25BY3Rpb247CgppbXBvcnQgamF2YXguc2VjdXJpdHkuYXV0aC5TdWJqZWN0OwppbXBvcnQgamF2YXguc2VjdXJpdHkuYXV0aC5jYWxsYmFjay5DYWxsYmFjazsKaW1wb3J0IGphdmF4LnNlY3VyaXR5LmF1dGguY2FsbGJhY2suQ2FsbGJhY2tIYW5kbGVyOwppbXBvcnQgamF2YXguc2VjdXJpdHkuYXV0aC5jYWxsYmFjay5QYXNzd29yZENhbGxiYWNrOwppbXBvcnQgamF2YXguc2VjdXJpdHkuYXV0aC5jYWxsYmFjay5UZXh0T3V0cHV0Q2FsbGJhY2s7CmltcG9ydCBqYXZheC5zZWN1cml0eS5hdXRoLmNhbGxiYWNrLlVuc3VwcG9ydGVkQ2FsbGJhY2tFeGNlcHRpb247CmltcG9ydCBqYXZheC5zZWN1cml0eS5hdXRoLmxvZ2luLkxvZ2luQ29udGV4dDsKaW1wb3J0IGphdmF4LnNlY3VyaXR5LmF1dGgubG9naW4uTG9naW5FeGNlcHRpb247CgppbXBvcnQgb3JnLmlldGYuamdzcy5HU1NDcmVkZW50aWFsOwppbXBvcnQgb3JnLmlldGYuamdzcy5HU1NFeGNlcHRpb247CmltcG9ydCBvcmcuaWV0Zi5qZ3NzLkdTU01hbmFnZXI7CmltcG9ydCBvcmcuaWV0Zi5qZ3NzLk9pZDsKCnB1YmxpYyBjbGFzcyBLZXJiZXJvc0xvZ2luIHsKICAgIHB1YmxpYyBHU1NDcmVkZW50aWFsIGdldEdTU0NyZWRlbnRpYWxzKEdTU01hbmFnZXIgbWdyLCBTdHJpbmcgc3BuLCBTdHJpbmcga2V5dGFiLCBpbnQgR1NTQ3JlZGVudGlhbFR5cGUgKSB0aHJvd3MgTG9naW5FeGNlcHRpb24sIEdTU0V4Y2VwdGlvbiB7CgkJTG9naW5Db250ZXh0IGxjID0gbmV3IExvZ2luQ29udGV4dCgiU2FtcGxlIiwgbnVsbCwgbnVsbCwgbmV3IExvZ2luQ29uZmlndXJhdGlvbihzcG4sIGtleXRhYiwgR1NTQ3JlZGVudGlhbFR5cGUpKTsKCgkJbGMubG9naW4oKTsKCgkJdHJ5IHsKCQkJcmV0dXJuIChHU1NDcmVkZW50aWFsKSBTdWJqZWN0LmRvQXMobGMuZ2V0U3ViamVjdCgpLCBuZXcgU3ViamVjdEFjdGlvbihtZ3IsIEdTU0NyZWRlbnRpYWxUeXBlICkpOwoJCX0gY2F0Y2ggKFByaXZpbGVnZWRBY3Rpb25FeGNlcHRpb24gZSkgewoJCQl0aHJvdyAoR1NTRXhjZXB0aW9uKSBlLmdldENhdXNlKCk7CgkJfQoJfQoJCglwdWJsaWMgR1NTQ3JlZGVudGlhbCBnZXRHU1NDcmVkZW50aWFscyhHU1NNYW5hZ2VyIG1nciwgU3RyaW5nIHNwbiwgaW50IEdTU0NyZWRlbnRpYWxUeXBlICApIHRocm93cyBMb2dpbkV4Y2VwdGlvbiwgR1NTRXhjZXB0aW9uIHsKCQlMb2dpbkNvbnRleHQgbGMgPSBuZXcgTG9naW5Db250ZXh0KCJTYW1wbGUiLCBudWxsLCBuZXcgS2VyYmVyb3NDYWxsQmFja0hhbmRsZXIoKSwgbmV3IExvZ2luQ29uZmlndXJhdGlvbihzcG4sIEdTU0NyZWRlbnRpYWxUeXBlKSk7CgoJCWxjLmxvZ2luKCk7CgoJCXRyeSB7CgkJCXJldHVybiAoR1NTQ3JlZGVudGlhbCkgU3ViamVjdC5kb0FzKGxjLmdldFN1YmplY3QoKSwgbmV3IFN1YmplY3RBY3Rpb24obWdyLCBHU1NDcmVkZW50aWFsVHlwZSkpOwoJCX0gY2F0Y2ggKFByaXZpbGVnZWRBY3Rpb25FeGNlcHRpb24gZSkgewoJCQl0aHJvdyAoR1NTRXhjZXB0aW9uKSBlLmdldENhdXNlKCk7CgkJfQoJfQoJCgkvLyBQcml2aWxlZ2VkIGFjdGlvbiB3aGljaCBydW5zIGFzIHRoZSBzdWJqZWN0IHRvIGdldCB0aGUgY3JlZGVudGlhbHMgYW5kIHRocm93cyB0aGUgZXhjZXB0aW9uIHRocm93biBieSB0aGUgcnVuKCkgbWV0aG9kCglwcml2YXRlIHN0YXRpYyBmaW5hbCBjbGFzcyBTdWJqZWN0QWN0aW9uIGltcGxlbWVudHMgUHJpdmlsZWdlZEV4Y2VwdGlvbkFjdGlvbjxHU1NDcmVkZW50aWFsPiB7ICAgIAoJICAgIHByaXZhdGUgR1NTTWFuYWdlciBtZ3I7CgkgICAgcHJpdmF0ZSBpbnQgR1NTQ3JlZGVudGlhbFR5cGUgPSBHU1NDcmVkZW50aWFsLklOSVRJQVRFX0FORF9BQ0NFUFQ7CgkgICAgCgkgICAgcHJpdmF0ZSBzdGF0aWMgZmluYWwgT2lkIEtSQjVfTUVDSCA9IGNyZWF0ZU9pZCgiMS4yLjg0MC4xMTM1NTQuMS4yLjIiKTsKCSAgICAKCSAgICBwcml2YXRlIHN0YXRpYyBPaWQgY3JlYXRlT2lkKFN0cmluZyByZXApIHsKCQkJdHJ5IHsKCQkJCXJldHVybiBuZXcgT2lkKHJlcCk7CgkJCX0gY2F0Y2ggKEdTU0V4Y2VwdGlvbiBlKSB7CgkJCQlyZXR1cm4gbnVsbDsKCQkJfQoJCX0KCSAgICAKCSAgICBwcml2YXRlIFN1YmplY3RBY3Rpb24oR1NTTWFuYWdlciBtZ3IsIGludCBHU1NDcmVkZW50aWFsVHlwZSkgewoJICAgICAgdGhpcy5tZ3IgID0gbWdyOwoJICAgICAgdGhpcy5HU1NDcmVkZW50aWFsVHlwZSA9IEdTU0NyZWRlbnRpYWxUeXBlOwoJICAgIH0KCSAgICAKCSAgICBwdWJsaWMgR1NTQ3JlZGVudGlhbCBydW4oKSB0aHJvd3MgR1NTRXhjZXB0aW9uIHsKCSAgICAgIHJldHVybiBtZ3IuY3JlYXRlQ3JlZGVudGlhbChudWxsLCBHU1NDcmVkZW50aWFsLklOREVGSU5JVEVfTElGRVRJTUUsIEtSQjVfTUVDSCwgR1NTQ3JlZGVudGlhbFR5cGUgKTsgICAgICAKCSAgICB9CgkgIH0KfQoKY2xhc3MgS2VyYmVyb3NDYWxsQmFja0hhbmRsZXIgaW1wbGVtZW50cyBDYWxsYmFja0hhbmRsZXIgewoJcHVibGljIHZvaWQgaGFuZGxlKENhbGxiYWNrW10gY2FsbGJhY2tzKSB0aHJvd3MgSU9FeGNlcHRpb24sIFVuc3VwcG9ydGVkQ2FsbGJhY2tFeGNlcHRpb24gewoJCWZvciAoaW50IGkgPSAwOyBpIDwgY2FsbGJhY2tzLmxlbmd0aDsgaSsrKSB7CgkJCS8vIGRpc3BsYXkgdGhlIG1lc3NhZ2UKCQkJaWYgKGNhbGxiYWNrc1tpXSBpbnN0YW5jZW9mIFRleHRPdXRwdXRDYWxsYmFjaykgewoJCQkJVGV4dE91dHB1dENhbGxiYWNrIHRvYyA9IChUZXh0T3V0cHV0Q2FsbGJhY2spIGNhbGxiYWNrc1tpXTsKCgkJCQlzd2l0Y2ggKHRvYy5nZXRNZXNzYWdlVHlwZSgpKSB7CgkJCQljYXNlIFRleHRPdXRwdXRDYWxsYmFjay5JTkZPUk1BVElPTjoKCQkJCQlTeXN0ZW0ub3V0LnByaW50bG4odG9jLmdldE1lc3NhZ2UoKSk7CgkJCQkJYnJlYWs7CgkJCQljYXNlIFRleHRPdXRwdXRDYWxsYmFjay5FUlJPUjoKCQkJCQlTeXN0ZW0ub3V0LnByaW50bG4oIkVSUk9SOiAiICsgdG9jLmdldE1lc3NhZ2UoKSk7CgkJCQkJYnJlYWs7CgkJCQljYXNlIFRleHRPdXRwdXRDYWxsYmFjay5XQVJOSU5HOgoJCQkJCVN5c3RlbS5vdXQucHJpbnRsbigiV0FSTklORzogIiArIHRvYy5nZXRNZXNzYWdlKCkpOwoJCQkJCWJyZWFrOwoJCQkJZGVmYXVsdDoKCQkJCQl0aHJvdyBuZXcgSU9FeGNlcHRpb24oIlVuc3VwcG9ydGVkIG1lc3NhZ2UgdHlwZTogIiArIHRvYy5nZXRNZXNzYWdlVHlwZSgpKTsKCQkJCX0KCQkJfSBlbHNlIGlmIChjYWxsYmFja3NbaV0gaW5zdGFuY2VvZiBQYXNzd29yZENhbGxiYWNrKSB7CgkJCQkvLyBwcm9tcHQgdGhlIHVzZXIgZm9yIHBhc3N3b3JkCgkJCQlQYXNzd29yZENhbGxiYWNrIHBjID0gKFBhc3N3b3JkQ2FsbGJhY2spIGNhbGxiYWNrc1tpXTsKCQkJCVN5c3RlbS5lcnIucHJpbnQocGMuZ2V0UHJvbXB0KCkpOwoJCQkJU3lzdGVtLmVyci5mbHVzaCgpOwoJCQkJcGMuc2V0UGFzc3dvcmQocmVhZFBhc3N3b3JkKCkpOwoJCQl9IGVsc2UgewoJCQkJdGhyb3cgbmV3IFVuc3VwcG9ydGVkQ2FsbGJhY2tFeGNlcHRpb24oY2FsbGJhY2tzW2ldLCAiVW5yZWNvZ25pemVkIENhbGxiYWNrIik7CgkJCX0KCQl9Cgl9CgkKCXByaXZhdGUgY2hhcltdIHJlYWRQYXNzd29yZCgpIHRocm93cyBJT0V4Y2VwdGlvbiB7CgkJQnVmZmVyZWRSZWFkZXIgYnIgPSBuZXcgQnVmZmVyZWRSZWFkZXIoIG5ldyBJbnB1dFN0cmVhbVJlYWRlciggU3lzdGVtLmluICkgKTsKCQlyZXR1cm4gYnIucmVhZExpbmUoKS50cmltKCkudG9DaGFyQXJyYXkoKTsKCX0KfQo=