Examples with Krb5LoginModule com.sun.security.auth.module.Krb5LoginModule used on opensource projects

Example 1 with Krb5LoginModule

use of com.sun.security.auth.module.Krb5LoginModule in project jdk8u_jdk by JetBrains.

the class Context method fromUserKtab.

/**
     * Logins with username/keytab as a new subject,
     */
public static Context fromUserKtab(Subject s, String user, String ktab, boolean storeKey) throws Exception {
    Context out = new Context();
    out.name = user;
    out.s = s;
    Krb5LoginModule krb5 = new Krb5LoginModule();
    Map<String, String> map = new HashMap<>();
    map.put("isInitiator", "false");
    map.put("doNotPrompt", "true");
    map.put("useTicketCache", "false");
    map.put("useKeyTab", "true");
    map.put("keyTab", ktab);
    map.put("principal", user);
    if (storeKey) {
        map.put("storeKey", "true");
    }
    krb5.initialize(out.s, null, null, map);
    krb5.login();
    krb5.commit();
    return out;
}

Example 2 with Krb5LoginModule

use of com.sun.security.auth.module.Krb5LoginModule in project jdk8u_jdk by JetBrains.

the class LoginModuleOptions method login.

static void login(CallbackHandler callback, Object... options) throws Exception {
    Krb5LoginModule krb5 = new Krb5LoginModule();
    Subject subject = new Subject();
    Map<String, String> map = new HashMap<>();
    Map<String, Object> shared = new HashMap<>();
    int count = options.length / 2;
    for (int i = 0; i < count; i++) {
        String key = (String) options[2 * i];
        Object value = options[2 * i + 1];
        if (key.startsWith("javax")) {
            shared.put(key, value);
        } else {
            map.put(key, (String) value);
        }
    }
    krb5.initialize(subject, callback, shared, map);
    krb5.login();
    krb5.commit();
    if (!subject.getPrincipals().iterator().next().getName().startsWith(OneKDC.USER)) {
        throw new Exception("The authenticated is not " + OneKDC.USER);
    }
}

Example 3 with Krb5LoginModule

use of com.sun.security.auth.module.Krb5LoginModule in project jdk8u_jdk by JetBrains.

the class IPv6 method main.

public static void main(String[] args) throws Exception {
    String[][] kdcs = { // These are legal settings
    { "simple.host", null }, { "simple.host", "" }, { "simple.host", "8080" }, { "0.0.0.1", null }, { "0.0.0.1", "" }, { "0.0.0.1", "8080" }, { "1::1", null }, { "[1::1]", null }, { "[1::1]", "" }, { "[1::1]", "8080" }, // Two illegal settings
    { "[1::1", null }, { "[1::1]abc", null } };
    // Prepares a krb5.conf with every kind of KDC settings
    PrintStream out = new PrintStream(new FileOutputStream("ipv6.conf"));
    out.println("[libdefaults]");
    out.println("default_realm = V6");
    out.println("kdc_timeout = 1");
    out.println("[realms]");
    out.println("V6 = {");
    for (String[] hp : kdcs) {
        if (hp[1] != null)
            out.println("    kdc = " + hp[0] + ":" + hp[1]);
        else
            out.println("    kdc = " + hp[0]);
    }
    out.println("}");
    out.close();
    System.setProperty("sun.security.krb5.debug", "true");
    System.setProperty("java.security.krb5.conf", "ipv6.conf");
    ByteArrayOutputStream bo = new ByteArrayOutputStream();
    PrintStream po = new PrintStream(bo);
    PrintStream oldout = System.out;
    System.setOut(po);
    try {
        Subject subject = new Subject();
        Krb5LoginModule krb5 = new Krb5LoginModule();
        Map<String, String> map = new HashMap<>();
        Map<String, Object> shared = new HashMap<>();
        map.put("debug", "true");
        map.put("doNotPrompt", "true");
        map.put("useTicketCache", "false");
        map.put("useFirstPass", "true");
        shared.put("javax.security.auth.login.name", "any");
        shared.put("javax.security.auth.login.password", "any".toCharArray());
        krb5.initialize(subject, null, shared, map);
        krb5.login();
    } catch (Exception e) {
    // Ignore
    }
    po.flush();
    System.setOut(oldout);
    BufferedReader br = new BufferedReader(new StringReader(new String(bo.toByteArray())));
    int cc = 0;
    Pattern r = Pattern.compile(".*KrbKdcReq send: kdc=(.*) UDP:(\\d+),.*");
    String line;
    while ((line = br.readLine()) != null) {
        Matcher m = r.matcher(line.subSequence(0, line.length()));
        if (m.matches()) {
            System.out.println("------------------");
            System.out.println(line);
            String h = m.group(1), p = m.group(2);
            String eh = kdcs[cc][0], ep = kdcs[cc][1];
            if (eh.charAt(0) == '[') {
                eh = eh.substring(1, eh.length() - 1);
            }
            System.out.println("Expected: " + eh + " : " + ep);
            System.out.println("Actual: " + h + " : " + p);
            if (!eh.equals(h) || (ep == null || ep.length() == 0) && !p.equals("88") || (ep != null && ep.length() > 0) && !p.equals(ep)) {
                throw new Exception("Mismatch");
            }
            cc++;
        }
    }
    if (cc != kdcs.length - 2) {
        // 2 illegal settings at the end
        throw new Exception("Not traversed");
    }
}

Example 4 with Krb5LoginModule

use of com.sun.security.auth.module.Krb5LoginModule in project jdk8u_jdk by JetBrains.

the class CleanState method go.

void go() throws Exception {
    Krb5LoginModule krb5 = new Krb5LoginModule();
    final String name = OneKDC.USER;
    final char[] password = OneKDC.PASS;
    char[] badpassword = "hellokitty".toCharArray();
    Map<String, String> map = new HashMap<>();
    map.put("useTicketCache", "false");
    map.put("doNotPrompt", "false");
    map.put("tryFirstPass", "true");
    Map<String, Object> shared = new HashMap<>();
    shared.put("javax.security.auth.login.name", name);
    shared.put("javax.security.auth.login.password", badpassword);
    krb5.initialize(new Subject(), new CallbackHandler() {

        @Override
        public void handle(Callback[] callbacks) {
            for (Callback callback : callbacks) {
                if (callback instanceof NameCallback) {
                    ((NameCallback) callback).setName(name);
                }
                if (callback instanceof PasswordCallback) {
                    ((PasswordCallback) callback).setPassword(password);
                }
            }
        }
    }, shared, map);
    krb5.login();
}

Example 5 with Krb5LoginModule

use of com.sun.security.auth.module.Krb5LoginModule in project jdk8u_jdk by JetBrains.

the class W83 method go.

void go() throws Exception {
    Krb5LoginModule krb5 = new Krb5LoginModule();
    StringBuffer error = new StringBuffer();
    try {
        Context.fromUserPass(OneKDC.USER, OneKDC.PASS, false);
    } catch (Exception e) {
        e.printStackTrace();
        error.append("Krb5LoginModule password login error\n");
    }
    try {
        Context.fromUserKtab(OneKDC.USER, OneKDC.KTAB, false);
    } catch (Exception e) {
        e.printStackTrace();
        error.append("Krb5LoginModule keytab login error\n");
    }
    try {
        Class.forName("sun.security.krb5.internal.tools.Kinit");
        String cmd = System.getProperty("java.home") + System.getProperty("file.separator") + "bin" + System.getProperty("file.separator") + "kinit";
        int p = execute(cmd, "-J-Djava.security.krb5.conf=" + OneKDC.KRB5_CONF, "-c", "cache1", OneKDC.USER, new String(OneKDC.PASS));
        if (p != 0) {
            error.append("kinit password login error\n");
        }
        p = execute(cmd, "-J-Djava.security.krb5.conf=" + OneKDC.KRB5_CONF, "-c", "cache2", "-k", "-t", OneKDC.KTAB, OneKDC.USER);
        if (p != 0) {
            error.append("kinit keytab login error\n");
        }
    } catch (ClassNotFoundException cnfe) {
        System.out.println("No kinit, test ignored.");
    // Ignore, not on windows
    }
    if (error.length() != 0) {
        throw new Exception(error.toString());
    }
}