use of com.yahoo.athenz.auth.impl.KerberosAuthority in project athenz by yahoo.
the class KerberosAuthorityTest method testKerberosAuthorityBadCreds.
@Test(groups = "kerberos-tests")
public void testKerberosAuthorityBadCreds() {
KerberosAuthority authority = new KerberosAuthority("myserver@athenz.com", "src/test/resources/example.keytab", null);
authority.initialize();
assertNull(authority.getDomain());
assertEquals(authority.getHeader(), KerberosAuthority.KRB_AUTH_HEADER);
KerberosToken token = null;
String creds = "invalid_creds";
String remoteAddr = "some.address";
try {
token = new KerberosToken(creds, remoteAddr);
fail("new KerberosToken with bad creds");
} catch (Exception exc) {
String msg = exc.getMessage();
assertTrue(msg.contains("creds do not contain required Negotiate component"));
}
creds = KerberosToken.KRB_AUTH_VAL_FLD + " YIGeBgYrBgEFBQKggZMwgZCgGjAYBgorBgEEAYI3AgIeBgorBgEEAYI3AgIKonIEcE5FR09FWFRTAAfakecreds";
token = new KerberosToken(creds, remoteAddr);
StringBuilder errMsg = new StringBuilder();
Principal principal = authority.authenticate(token.getSignedToken(), null, "GET", errMsg);
assertNull(principal);
}
use of com.yahoo.athenz.auth.impl.KerberosAuthority in project athenz by yahoo.
the class KerberosAuthorityTest method testKerberosAuthorityLogin.
@Test(groups = "kerberos-tests")
public void testKerberosAuthorityLogin() {
System.setProperty(KerberosAuthority.KRB_PROP_LOGIN_WINDOW, "1000");
System.setProperty(KerberosAuthority.KRB_PROP_KEYTAB, "src/test/resources/example.keytab");
System.setProperty(KerberosAuthority.KRB_PROP_SVCPRPL, "myserver@EXAMPLE.COM");
System.setProperty(KerberosAuthority.KRB_PROP_LOGIN_CB_CLASS, KRB_LOGIN_CB_CLASS);
System.setProperty("sun.security.krb5.debug", "true");
KerberosAuthority kauth = new KerberosAuthority();
kauth.initialize();
Exception initState = kauth.getInitState();
assertNull(initState);
kauth.login(false);
initState = kauth.getInitState();
assertNull(initState);
try {
Thread.sleep(2000);
} catch (Exception exc) {
System.out.println("testKerberosAuthorityLogin: sleep failed: continuing...");
}
kauth.login(true);
initState = kauth.getInitState();
assertNull(initState);
System.clearProperty(KerberosAuthority.KRB_PROP_LOGIN_WINDOW);
System.clearProperty(KerberosAuthority.KRB_PROP_SVCPRPL);
System.clearProperty(KerberosAuthority.KRB_PROP_KEYTAB);
System.clearProperty(KerberosAuthority.KRB_PROP_LOGIN_CB_CLASS);
}
use of com.yahoo.athenz.auth.impl.KerberosAuthority in project athenz by yahoo.
the class KerberosAuthorityTest method testKerberosAuthorityJaas.
@Test(groups = "kerberos-tests")
public void testKerberosAuthorityJaas() {
System.setProperty("java.security.auth.login.config", "src/test/resources/jaas.conf");
System.setProperty("java.security.krb5.kdc", "localhost");
System.setProperty("sun.security.krb5.debug", "true");
System.setProperty("javax.security.auth.useSubjectCredsOnly", "true");
System.setProperty(KerberosAuthority.KRB_PROP_JAASCFG, "Server");
System.setProperty(KerberosAuthority.KRB_PROP_LOGIN_CB_CLASS, KRB_LOGIN_CB_CLASS);
KerberosAuthority kauth = new KerberosAuthority();
kauth.initialize();
Exception initState = kauth.getInitState();
assertNotNull(initState);
assertTrue(initState instanceof javax.security.auth.login.LoginException);
System.clearProperty("java.security.auth.login.config");
System.clearProperty("java.security.krb5.kdc");
System.clearProperty("sun.security.krb5.debug");
System.clearProperty("javax.security.auth.useSubjectCredsOnly");
System.clearProperty(KerberosAuthority.KRB_PROP_JAASCFG);
System.clearProperty(KerberosAuthority.KRB_PROP_LOGIN_CB_CLASS);
}
use of com.yahoo.athenz.auth.impl.KerberosAuthority in project athenz by yahoo.
the class KerberosAuthorityTest method testKerberosAuthorityKeytab.
@Test(groups = "kerberos-tests")
public void testKerberosAuthorityKeytab() {
System.setProperty(KerberosAuthority.KRB_PROP_KEYTAB, "src/test/resources/example.keytab");
System.setProperty(KerberosAuthority.KRB_PROP_SVCPRPL, "myserver@EXAMPLE.COM");
System.setProperty(KerberosAuthority.KRB_PROP_LOGIN_CB_CLASS, KRB_LOGIN_CB_CLASS);
System.setProperty("sun.security.krb5.debug", "true");
System.setProperty("java.security.krb5.realm", "EXAMPLE.COM");
System.setProperty("java.security.krb5.kdc", "localhost");
KerberosAuthority kauth = new KerberosAuthority();
kauth.initialize();
Exception initState = kauth.getInitState();
assertNull(initState);
System.clearProperty(KerberosAuthority.KRB_PROP_KEYTAB);
System.clearProperty(KerberosAuthority.KRB_PROP_SVCPRPL);
System.clearProperty(KerberosAuthority.KRB_PROP_LOGIN_CB_CLASS);
System.clearProperty("java.security.krb5.realm");
System.clearProperty("java.security.krb5.kdc");
}
use of com.yahoo.athenz.auth.impl.KerberosAuthority in project athenz by yahoo.
the class KerberosAuthorityTest method testKerberosAuthorityIsOurPrincipal.
@Test(groups = "kerberos-tests")
public void testKerberosAuthorityIsOurPrincipal() {
System.setProperty(KerberosAuthority.KRB_PROP_KEYTAB, "src/test/resources/example.keytab");
System.setProperty(KerberosAuthority.KRB_PROP_SVCPRPL, "myserver@EXAMPLE.COM");
System.setProperty(KerberosAuthority.KRB_PROP_LOGIN_CB_CLASS, KRB_LOGIN_CB_CLASS);
System.setProperty("sun.security.krb5.debug", "true");
KerberosAuthority kauth = new KerberosAuthority();
kauth.initialize();
Exception initState = kauth.getInitState();
assertNull(initState);
KerberosPrincipal princ = new KerberosPrincipal("myserver@EXAMPLE.COM");
String token = "YIIB6wYJKoZIhvcSAQICAQBuggHaMIIB1qADAgEFoQMCAQ6iBwMFAAAAAACjggEGYYIBAjCB/6ADAgEFoQ0bC0VYQU1QTEUuQ09NojAwLqADAgEAoScwJRsHZGF0YWh1YhsTZGF0YWh1Yi5leGFtcGxlLmNvbRsFYnVsbHmjgbYwgbOgAwIBA6KBqwSBqMJGf4H5nrRIdDyNxHp5fwxW6lsiFi+qUjryPvgiOAl/XldfwmKd9wXbQn00VBNhK+oVxmKv0V0J80e4oTdUnc+NlU/BJNCfsLPFTdYntc4A/ffdnsY7/U5HktTaWMfhvWxYocvhqISFTIFUT1+pH5742IWYNTgvFd5vkudibB3ijCanbMYv9CQXEjV+380rnf3gdLD2JGuxmaU78aJjDDKETL6Ck/qz8KSBtjCBs6ADAgEDooGrBIGoMrzLCTUi59wEoWX02+42K5m1MzW6HMNSuvfQeVGJdzPBsiFmZweNfJF6L9LdmLjQR4jSVUhVo3neFZmUN8G532wvZeKbHOtkXTnLRRdif+DoKyI8GOkbHu1CZlevcQZ0sgzyiH0wfQ/0nguE4kH7a2bM7HlV7N6MRGkC4DDkJZDNHxQr27FbZqrqEyw498HXPTtF93JGsKjXB8Z/wDaPs4PpdfoThTol";
byte[] asn1Encoding = token.getBytes();
byte[] sessionKey = "xyz".getBytes();
long endMillis = System.currentTimeMillis() + 2000;
java.util.Date endDate = new java.util.Date();
endDate.setTime(endMillis);
KerberosTicket ticket = new KerberosTicket(asn1Encoding, princ, princ, sessionKey, 0, null, null, null, endDate, null, null);
boolean ours = kauth.isTargetPrincipal(ticket, "myserver@EXAMPLE.COM");
assertTrue(ours);
KerberosPrincipal clientPrinc = new KerberosPrincipal("myclient@EXAMPLE.COM");
ticket = new KerberosTicket(asn1Encoding, princ, clientPrinc, sessionKey, 0, null, null, null, endDate, null, null);
ours = kauth.isTargetPrincipal(ticket, "myservice@EXAPLE.COM");
assertFalse(ours);
System.clearProperty(KerberosAuthority.KRB_PROP_SVCPRPL);
System.clearProperty(KerberosAuthority.KRB_PROP_KEYTAB);
System.clearProperty(KerberosAuthority.KRB_PROP_LOGIN_CB_CLASS);
}
Aggregations