use of com.sun.security.auth.module.Krb5LoginModule in project jdk8u_jdk by JetBrains.
the class Context method fromUserKtab.
/**
* Logins with username/keytab as a new subject,
*/
public static Context fromUserKtab(Subject s, String user, String ktab, boolean storeKey) throws Exception {
Context out = new Context();
out.name = user;
out.s = s;
Krb5LoginModule krb5 = new Krb5LoginModule();
Map<String, String> map = new HashMap<>();
map.put("isInitiator", "false");
map.put("doNotPrompt", "true");
map.put("useTicketCache", "false");
map.put("useKeyTab", "true");
map.put("keyTab", ktab);
map.put("principal", user);
if (storeKey) {
map.put("storeKey", "true");
}
krb5.initialize(out.s, null, null, map);
krb5.login();
krb5.commit();
return out;
}
use of com.sun.security.auth.module.Krb5LoginModule in project jdk8u_jdk by JetBrains.
the class LoginModuleOptions method login.
static void login(CallbackHandler callback, Object... options) throws Exception {
Krb5LoginModule krb5 = new Krb5LoginModule();
Subject subject = new Subject();
Map<String, String> map = new HashMap<>();
Map<String, Object> shared = new HashMap<>();
int count = options.length / 2;
for (int i = 0; i < count; i++) {
String key = (String) options[2 * i];
Object value = options[2 * i + 1];
if (key.startsWith("javax")) {
shared.put(key, value);
} else {
map.put(key, (String) value);
}
}
krb5.initialize(subject, callback, shared, map);
krb5.login();
krb5.commit();
if (!subject.getPrincipals().iterator().next().getName().startsWith(OneKDC.USER)) {
throw new Exception("The authenticated is not " + OneKDC.USER);
}
}
use of com.sun.security.auth.module.Krb5LoginModule in project jdk8u_jdk by JetBrains.
the class IPv6 method main.
public static void main(String[] args) throws Exception {
String[][] kdcs = { // These are legal settings
{ "simple.host", null }, { "simple.host", "" }, { "simple.host", "8080" }, { "0.0.0.1", null }, { "0.0.0.1", "" }, { "0.0.0.1", "8080" }, { "1::1", null }, { "[1::1]", null }, { "[1::1]", "" }, { "[1::1]", "8080" }, // Two illegal settings
{ "[1::1", null }, { "[1::1]abc", null } };
// Prepares a krb5.conf with every kind of KDC settings
PrintStream out = new PrintStream(new FileOutputStream("ipv6.conf"));
out.println("[libdefaults]");
out.println("default_realm = V6");
out.println("kdc_timeout = 1");
out.println("[realms]");
out.println("V6 = {");
for (String[] hp : kdcs) {
if (hp[1] != null)
out.println(" kdc = " + hp[0] + ":" + hp[1]);
else
out.println(" kdc = " + hp[0]);
}
out.println("}");
out.close();
System.setProperty("sun.security.krb5.debug", "true");
System.setProperty("java.security.krb5.conf", "ipv6.conf");
ByteArrayOutputStream bo = new ByteArrayOutputStream();
PrintStream po = new PrintStream(bo);
PrintStream oldout = System.out;
System.setOut(po);
try {
Subject subject = new Subject();
Krb5LoginModule krb5 = new Krb5LoginModule();
Map<String, String> map = new HashMap<>();
Map<String, Object> shared = new HashMap<>();
map.put("debug", "true");
map.put("doNotPrompt", "true");
map.put("useTicketCache", "false");
map.put("useFirstPass", "true");
shared.put("javax.security.auth.login.name", "any");
shared.put("javax.security.auth.login.password", "any".toCharArray());
krb5.initialize(subject, null, shared, map);
krb5.login();
} catch (Exception e) {
// Ignore
}
po.flush();
System.setOut(oldout);
BufferedReader br = new BufferedReader(new StringReader(new String(bo.toByteArray())));
int cc = 0;
Pattern r = Pattern.compile(".*KrbKdcReq send: kdc=(.*) UDP:(\\d+),.*");
String line;
while ((line = br.readLine()) != null) {
Matcher m = r.matcher(line.subSequence(0, line.length()));
if (m.matches()) {
System.out.println("------------------");
System.out.println(line);
String h = m.group(1), p = m.group(2);
String eh = kdcs[cc][0], ep = kdcs[cc][1];
if (eh.charAt(0) == '[') {
eh = eh.substring(1, eh.length() - 1);
}
System.out.println("Expected: " + eh + " : " + ep);
System.out.println("Actual: " + h + " : " + p);
if (!eh.equals(h) || (ep == null || ep.length() == 0) && !p.equals("88") || (ep != null && ep.length() > 0) && !p.equals(ep)) {
throw new Exception("Mismatch");
}
cc++;
}
}
if (cc != kdcs.length - 2) {
// 2 illegal settings at the end
throw new Exception("Not traversed");
}
}
use of com.sun.security.auth.module.Krb5LoginModule in project jdk8u_jdk by JetBrains.
the class CleanState method go.
void go() throws Exception {
Krb5LoginModule krb5 = new Krb5LoginModule();
final String name = OneKDC.USER;
final char[] password = OneKDC.PASS;
char[] badpassword = "hellokitty".toCharArray();
Map<String, String> map = new HashMap<>();
map.put("useTicketCache", "false");
map.put("doNotPrompt", "false");
map.put("tryFirstPass", "true");
Map<String, Object> shared = new HashMap<>();
shared.put("javax.security.auth.login.name", name);
shared.put("javax.security.auth.login.password", badpassword);
krb5.initialize(new Subject(), new CallbackHandler() {
@Override
public void handle(Callback[] callbacks) {
for (Callback callback : callbacks) {
if (callback instanceof NameCallback) {
((NameCallback) callback).setName(name);
}
if (callback instanceof PasswordCallback) {
((PasswordCallback) callback).setPassword(password);
}
}
}
}, shared, map);
krb5.login();
}
use of com.sun.security.auth.module.Krb5LoginModule in project jdk8u_jdk by JetBrains.
the class W83 method go.
void go() throws Exception {
Krb5LoginModule krb5 = new Krb5LoginModule();
StringBuffer error = new StringBuffer();
try {
Context.fromUserPass(OneKDC.USER, OneKDC.PASS, false);
} catch (Exception e) {
e.printStackTrace();
error.append("Krb5LoginModule password login error\n");
}
try {
Context.fromUserKtab(OneKDC.USER, OneKDC.KTAB, false);
} catch (Exception e) {
e.printStackTrace();
error.append("Krb5LoginModule keytab login error\n");
}
try {
Class.forName("sun.security.krb5.internal.tools.Kinit");
String cmd = System.getProperty("java.home") + System.getProperty("file.separator") + "bin" + System.getProperty("file.separator") + "kinit";
int p = execute(cmd, "-J-Djava.security.krb5.conf=" + OneKDC.KRB5_CONF, "-c", "cache1", OneKDC.USER, new String(OneKDC.PASS));
if (p != 0) {
error.append("kinit password login error\n");
}
p = execute(cmd, "-J-Djava.security.krb5.conf=" + OneKDC.KRB5_CONF, "-c", "cache2", "-k", "-t", OneKDC.KTAB, OneKDC.USER);
if (p != 0) {
error.append("kinit keytab login error\n");
}
} catch (ClassNotFoundException cnfe) {
System.out.println("No kinit, test ignored.");
// Ignore, not on windows
}
if (error.length() != 0) {
throw new Exception(error.toString());
}
}
Aggregations