Hi,
I am using Java to develop a server-client application with GSI
authentication.
The jGlobus version is 1.7.0.
The client code is:
GSSName expectedName = null;
expectedName = manager.createName( "host@" + host,
GSSName.NT_HOSTBASED_SERVICE);
context = manager.createContext(expectedName,
null, //GSSConstants.MECH_OID,
null,
GSSContext.DEFAULT_LIFETIME);
context.requestCredDeleg(true);
context.requestConf(true);
context.requestMutualAuth(true);
context.requestReplayDet(true);
context.requestSequenceDet(true);
byte [] inToken = new byte[0];
byte [] outToken = null;
while( !context.isEstablished() ) {
outToken = context.initSecContext(inToken, 0,
inToken.length);
if (outToken != null) {
sendMessage(socket,Base64.byteArrayToBase64(outToken)+"\t
\n");
}
if (!context.isEstablished()) {
// inToken = gssin.readHandshakeToken();
}
}
I then send the token to the server in Base64 format.
On the server side, the code is like:
byte[] token = Base64.base64ToByteArray(prot);
GSSName GSSIdentity=null;
log.debug("token length:"+token.length);
try {
GSSContext context=getCtx().getServiceContext();
log.debug("context:"+context.getLifetime());
log.debug("context:"+context.getSrcName());
log.debug("context:"+context.getTargName());
token = context.acceptSecContext(token, 0, token.length);
GSSIdentity = context.getSrcName();
log.debug("GSSIdentity:"+GSSIdentity);
} catch( Exception e ) {
e.printStackTrace();
log.error("adat: got service context exception: " +
e.getMessage());
return;
}
The context is initiated as:
GlobusCredential serviceCredential;
try {
serviceCredential = new
GlobusCredential(getProperty(SERVICE_CERT), getProperty(SERVICE_KEY));
}
catch (GlobusCredentialException gce) {
String errmsg = "couldn't load " +
"host globus credentials: " +
gce.toString();
log.error(errmsg);
return;
}
log.debug("service cert:"+serviceCredential.getSubject());
try {
GSSCredential cred = new
GlobusGSSCredentialImpl(serviceCredential,
GSSCredential.ACCEPT_ONLY);
TrustedCertificates trusted_certs =
TrustedCertificates.load(getProperty(SERVICE_TRUSTED_CERTS));
GSSManager manager = ExtendedGSSManager.getInstance();
ExtendedGSSContext context =
(ExtendedGSSContext)manager.createContext(cred);
context.setOption(GSSConstants.GSS_MODE,
GSIConstants.MODE_GSI);
context.setOption(GSSConstants.TRUSTED_CERTIFICATES,
trusted_certs);
// gssContext = context;
return context;
However, it always fails at context.acceptSecContext() method.
Failure unspecified at GSS-API level. Caused by
COM.claymoresystems.ptls.SSLPrematureCloseException: Short read
at COM.claymoresystems.ptls.SSLuintX.decode(SSLuintX.java:125)
at COM.claymoresystems.ptls.SSLvector.decode(SSLvector.java:129)
at
COM.claymoresystems.ptls.SSLv2ClientHello.decode(SSLv2ClientHello.java:
75)
at
COM
.claymoresystems
.ptls.SSLHandshakeServer.recvSSLv2ClientHello(SSLHandshakeServer.java:
427)
at
COM
.claymoresystems
.ptls.SSLHandshakeServer.processTokens(SSLHandshakeServer.java:190)
at
COM
.claymoresystems.ptls.SSLHandshake.processHandshake(SSLHandshake.java:
135)
at
org
.globus
.gsi
.gssapi
.GlobusGSSContextImpl.acceptSecContext(GlobusGSSContextImpl.java:306)
I've checked and I am sure the root certs are all in place.
Can someone help me? Any hint is highly appreciated. Thanks in advance.
Regards,
Shunde Zhang
Australian Research Collaboration Services (ARCS), "Providing
collaboration services and tools for the Australian research community"
Email: shunde.zh...@arcs.org.au
eResearch SA (eRSA), "Enabling Discovery, Innovation and Collaboration
through eResearch"
Email: shunde.zh...@eresearchsa.edu.au
School of Computer Science, The University of Adelaide, "Life Impact"
Email: shunde.zh...@adelaide.edu.au
Phone: +61 8 83038265
