idok-commit AT lists.psi.ch
Subject: Commit emails of the iDok project
List archive
[idok-commit] idok commit r376 - in trunk/java/ch/idok: common/util service/common/common/corba
Chronological Thread
- From: "AFS account Florian Huebner" <huebner AT savannah.psi.ch>
- To: idok-commit AT lists.psi.ch
- Subject: [idok-commit] idok commit r376 - in trunk/java/ch/idok: common/util service/common/common/corba
- Date: Wed, 29 Jul 2009 11:22:25 +0200
- List-archive: <https://lists.web.psi.ch/pipermail/idok-commit/>
- List-id: Commit emails of the iDok project <idok-commit.lists.psi.ch>
Author: huebner
Date: Wed Jul 29 11:22:24 2009
New Revision: 376
Log:
Workaround for a problem concerning the re-sending of the wrong tickets in
rare cases
Modified:
trunk/java/ch/idok/common/util/ServiceTokenAction.java
trunk/java/ch/idok/service/common/common/corba/CredentialsConverter.java
Modified: trunk/java/ch/idok/common/util/ServiceTokenAction.java
==============================================================================
--- trunk/java/ch/idok/common/util/ServiceTokenAction.java (original)
+++ trunk/java/ch/idok/common/util/ServiceTokenAction.java Wed Jul 29
11:22:24 2009
@@ -20,6 +20,9 @@
package ch.idok.common.util;
import java.security.PrivilegedExceptionAction;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.logging.Logger;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSException;
@@ -27,6 +30,7 @@
import org.ietf.jgss.GSSName;
import org.ietf.jgss.Oid;
+import ch.idok.common.config.Setup;
import ch.idok.common.errorhandling.DmsException;
import ch.idok.common.errorhandling.ErrorType;
@@ -47,7 +51,14 @@
* OID for SPNEGO authentication
*/
static final String GSS_SPNEGO_MECH_OID = "1.3.6.1.5.5.2";
-
+
+
+ static Map<String,byte[]> ticketMap = new HashMap<String, byte[]>();
+ int hashSize=0;
+ static Logger logger_ = Setup.getInstance().getLogger("service.common");
+ static long mem0 = 0;
+ static long mem1 = 0;
+ static long use = 0;
/**
* Kerberos service principal.
*
@@ -82,9 +93,17 @@
// Request ticket lifetime of 60 minutes
final int ticketLifetime = 60 * 60;
+
+
+ if (getToken() != null) {
+// if (SyncMap.getInstance().ServicetoTicket(serviceName_) != null) {
+ return null;
+ }
+
try {
GSSManager manager = GSSManager.getInstance();
+
/*
* Get GSS-API token
*/
@@ -101,8 +120,17 @@
// Create token
byte[] inToken = new byte[0];
- ticket_ = secContext.initSecContext(inToken, 0, inToken.length);
+// ticket_ = secContext.initSecContext(inToken, 0,
inToken.length);
+ mem0 =
Runtime.getRuntime().totalMemory()-Runtime.getRuntime().freeMemory();
+ ticketMap.put(serviceName_, secContext.initSecContext(inToken,
0, inToken.length)) ;
+ mem1 =
Runtime.getRuntime().totalMemory()-Runtime.getRuntime().freeMemory();
+ use = (mem1 - mem0);
+
+ hashSize++;
+ logger_.fine("Added a new ticket. Hash size increased to :
"+hashSize+
+ "\n and memory use increased by roughly :" + use +"
B");
+// SyncMap.getInstance().newServTicket(serviceName_,
secContext.initSecContext(inToken, 0, inToken.length));
// Cleanup
secContext.dispose();
@@ -126,7 +154,9 @@
* Return GSS-API token as a byte array
*/
public byte[] getToken() {
- return ticket_;
+// return ticket_;
+ return ticketMap.get(serviceName_);
+// return SyncMap.getInstance().ServicetoTicket(serviceName_);
}
/**
Modified:
trunk/java/ch/idok/service/common/common/corba/CredentialsConverter.java
==============================================================================
--- trunk/java/ch/idok/service/common/common/corba/CredentialsConverter.java
(original)
+++ trunk/java/ch/idok/service/common/common/corba/CredentialsConverter.java
Wed Jul 29 11:22:24 2009
@@ -19,6 +19,11 @@
package ch.idok.service.common.common.corba;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.util.HashMap;
+import java.util.LinkedList;
+import java.util.Map;
import java.util.logging.Logger;
import javax.crypto.SecretKey;
@@ -36,6 +41,7 @@
import ch.idok.common.util.DmsCredentials;
import ch.idok.common.util.Krb5DmsCredentials;
import ch.idok.common.util.ServiceTokenAction;
+import ch.idok.common.util.SyncMap;
import ch.idok.service.common.Cryptography;
import ch.idok.service.common.common.corba.obj.CredentialsType;
@@ -47,7 +53,14 @@
public class CredentialsConverter {
static Logger logger_ = Setup.getInstance().getLogger("service.common");
-
+ static Map<String,Subject> subjectMap = new HashMap<String, Subject>();
+ static int hashSize =0;
+ static long mem0 = 0;
+ static long mem1 = 0;
+ static long use = 0;
+// static LinkedList<String> subjectList = new LinkedList<String>();
+// static LinkedList<String> hashList = new LinkedList<String>();
+
/**
* Convert a CORBA CredentialsType object to a Krb5DmsCredentials object.
*
@@ -182,6 +195,22 @@
}
+ static String getHash(byte[] array) {
+
+ MessageDigest md5;
+// byte[] digest = new byte[] {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
+ byte[] digest = null;
+ try {
+ md5 = MessageDigest.getInstance("SHA");
+ md5.update(array);
+ digest = md5.digest();
+ } catch (NoSuchAlgorithmException e) {
+ System.err.println("Couldn't find MD5 algorithm");
+ }
+ return new String(digest);
+
+ }
+
/**
* Authenticate the client to the DMS server using a GSS-API token.
*
@@ -193,6 +222,14 @@
*/
static private Subject authenticateToken(byte[] token) throws
DmsException {
+ String hash = getHash(token);
+ Subject subject = subjectMap.get(hash);
+
+// Subject subject = SyncMap.getInstance().TokentoSubject(token);
+ if (subject != null) {
+ return subject;
+ }
+
try {
GSSManager manager = GSSManager.getInstance();
@@ -226,8 +263,21 @@
+ context.getTargName());
// Create Subject from GSS-API token (including TGT)
- Subject subject = GSSUtil.createSubject(context.getSrcName(),
+ subject = GSSUtil.createSubject(context.getSrcName(),
context.getDelegCred());
+
+
+ mem0 =
Runtime.getRuntime().totalMemory()-Runtime.getRuntime().freeMemory();
+ subjectMap.put(hash, subject);
+ mem1 =
Runtime.getRuntime().totalMemory()-Runtime.getRuntime().freeMemory();
+
+ use = (mem1 - mem0);
+ hashSize++;
+ logger_.fine("Added a new subject. Hash size increased to :
"+hashSize +
+ "\n and memory use increased by roughly :" +
use +" B");
+
+
+// SyncMap.getInstance().newSubToken(subject, token);
// logger_.finer("Subject generated from GSSAPI token is " +
// subject.toString());
- [idok-commit] idok commit r376 - in trunk/java/ch/idok: common/util service/common/common/corba, AFS account Florian Huebner, 07/29/2009
Archive powered by MHonArc 2.6.19.