Search in sources :

Example 6 with KerberosAuthority

use of com.yahoo.athenz.auth.impl.KerberosAuthority in project athenz by yahoo.

the class KerberosAuthorityTest method testKerberosAuthorityBadCreds.

@Test(groups = "kerberos-tests")
public void testKerberosAuthorityBadCreds() {
    KerberosAuthority authority = new KerberosAuthority("myserver@athenz.com", "src/test/resources/example.keytab", null);
    authority.initialize();
    assertNull(authority.getDomain());
    assertEquals(authority.getHeader(), KerberosAuthority.KRB_AUTH_HEADER);
    KerberosToken token = null;
    String creds = "invalid_creds";
    String remoteAddr = "some.address";
    try {
        token = new KerberosToken(creds, remoteAddr);
        fail("new KerberosToken with bad creds");
    } catch (Exception exc) {
        String msg = exc.getMessage();
        assertTrue(msg.contains("creds do not contain required Negotiate component"));
    }
    creds = KerberosToken.KRB_AUTH_VAL_FLD + " YIGeBgYrBgEFBQKggZMwgZCgGjAYBgorBgEEAYI3AgIeBgorBgEEAYI3AgIKonIEcE5FR09FWFRTAAfakecreds";
    token = new KerberosToken(creds, remoteAddr);
    StringBuilder errMsg = new StringBuilder();
    Principal principal = authority.authenticate(token.getSignedToken(), null, "GET", errMsg);
    assertNull(principal);
}
Also used : KerberosToken(com.yahoo.athenz.auth.token.KerberosToken) Principal(com.yahoo.athenz.auth.Principal) KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal) KerberosAuthority(com.yahoo.athenz.auth.impl.KerberosAuthority) BeforeTest(org.testng.annotations.BeforeTest) Test(org.testng.annotations.Test)

Example 7 with KerberosAuthority

use of com.yahoo.athenz.auth.impl.KerberosAuthority in project athenz by yahoo.

the class KerberosAuthorityTest method testKerberosAuthorityLogin.

@Test(groups = "kerberos-tests")
public void testKerberosAuthorityLogin() {
    System.setProperty(KerberosAuthority.KRB_PROP_LOGIN_WINDOW, "1000");
    System.setProperty(KerberosAuthority.KRB_PROP_KEYTAB, "src/test/resources/example.keytab");
    System.setProperty(KerberosAuthority.KRB_PROP_SVCPRPL, "myserver@EXAMPLE.COM");
    System.setProperty(KerberosAuthority.KRB_PROP_LOGIN_CB_CLASS, KRB_LOGIN_CB_CLASS);
    System.setProperty("sun.security.krb5.debug", "true");
    KerberosAuthority kauth = new KerberosAuthority();
    kauth.initialize();
    Exception initState = kauth.getInitState();
    assertNull(initState);
    kauth.login(false);
    initState = kauth.getInitState();
    assertNull(initState);
    try {
        Thread.sleep(2000);
    } catch (Exception exc) {
        System.out.println("testKerberosAuthorityLogin: sleep failed: continuing...");
    }
    kauth.login(true);
    initState = kauth.getInitState();
    assertNull(initState);
    System.clearProperty(KerberosAuthority.KRB_PROP_LOGIN_WINDOW);
    System.clearProperty(KerberosAuthority.KRB_PROP_SVCPRPL);
    System.clearProperty(KerberosAuthority.KRB_PROP_KEYTAB);
    System.clearProperty(KerberosAuthority.KRB_PROP_LOGIN_CB_CLASS);
}
Also used : KerberosAuthority(com.yahoo.athenz.auth.impl.KerberosAuthority) BeforeTest(org.testng.annotations.BeforeTest) Test(org.testng.annotations.Test)

Example 8 with KerberosAuthority

use of com.yahoo.athenz.auth.impl.KerberosAuthority in project athenz by yahoo.

the class KerberosAuthorityTest method testKerberosAuthorityJaas.

@Test(groups = "kerberos-tests")
public void testKerberosAuthorityJaas() {
    System.setProperty("java.security.auth.login.config", "src/test/resources/jaas.conf");
    System.setProperty("java.security.krb5.kdc", "localhost");
    System.setProperty("sun.security.krb5.debug", "true");
    System.setProperty("javax.security.auth.useSubjectCredsOnly", "true");
    System.setProperty(KerberosAuthority.KRB_PROP_JAASCFG, "Server");
    System.setProperty(KerberosAuthority.KRB_PROP_LOGIN_CB_CLASS, KRB_LOGIN_CB_CLASS);
    KerberosAuthority kauth = new KerberosAuthority();
    kauth.initialize();
    Exception initState = kauth.getInitState();
    assertNotNull(initState);
    assertTrue(initState instanceof javax.security.auth.login.LoginException);
    System.clearProperty("java.security.auth.login.config");
    System.clearProperty("java.security.krb5.kdc");
    System.clearProperty("sun.security.krb5.debug");
    System.clearProperty("javax.security.auth.useSubjectCredsOnly");
    System.clearProperty(KerberosAuthority.KRB_PROP_JAASCFG);
    System.clearProperty(KerberosAuthority.KRB_PROP_LOGIN_CB_CLASS);
}
Also used : KerberosAuthority(com.yahoo.athenz.auth.impl.KerberosAuthority) BeforeTest(org.testng.annotations.BeforeTest) Test(org.testng.annotations.Test)

Example 9 with KerberosAuthority

use of com.yahoo.athenz.auth.impl.KerberosAuthority in project athenz by yahoo.

the class KerberosAuthorityTest method testKerberosAuthorityKeytab.

@Test(groups = "kerberos-tests")
public void testKerberosAuthorityKeytab() {
    System.setProperty(KerberosAuthority.KRB_PROP_KEYTAB, "src/test/resources/example.keytab");
    System.setProperty(KerberosAuthority.KRB_PROP_SVCPRPL, "myserver@EXAMPLE.COM");
    System.setProperty(KerberosAuthority.KRB_PROP_LOGIN_CB_CLASS, KRB_LOGIN_CB_CLASS);
    System.setProperty("sun.security.krb5.debug", "true");
    System.setProperty("java.security.krb5.realm", "EXAMPLE.COM");
    System.setProperty("java.security.krb5.kdc", "localhost");
    KerberosAuthority kauth = new KerberosAuthority();
    kauth.initialize();
    Exception initState = kauth.getInitState();
    assertNull(initState);
    System.clearProperty(KerberosAuthority.KRB_PROP_KEYTAB);
    System.clearProperty(KerberosAuthority.KRB_PROP_SVCPRPL);
    System.clearProperty(KerberosAuthority.KRB_PROP_LOGIN_CB_CLASS);
    System.clearProperty("java.security.krb5.realm");
    System.clearProperty("java.security.krb5.kdc");
}
Also used : KerberosAuthority(com.yahoo.athenz.auth.impl.KerberosAuthority) BeforeTest(org.testng.annotations.BeforeTest) Test(org.testng.annotations.Test)

Example 10 with KerberosAuthority

use of com.yahoo.athenz.auth.impl.KerberosAuthority in project athenz by yahoo.

the class KerberosAuthorityTest method testKerberosAuthorityIsOurPrincipal.

@Test(groups = "kerberos-tests")
public void testKerberosAuthorityIsOurPrincipal() {
    System.setProperty(KerberosAuthority.KRB_PROP_KEYTAB, "src/test/resources/example.keytab");
    System.setProperty(KerberosAuthority.KRB_PROP_SVCPRPL, "myserver@EXAMPLE.COM");
    System.setProperty(KerberosAuthority.KRB_PROP_LOGIN_CB_CLASS, KRB_LOGIN_CB_CLASS);
    System.setProperty("sun.security.krb5.debug", "true");
    KerberosAuthority kauth = new KerberosAuthority();
    kauth.initialize();
    Exception initState = kauth.getInitState();
    assertNull(initState);
    KerberosPrincipal princ = new KerberosPrincipal("myserver@EXAMPLE.COM");
    String token = "YIIB6wYJKoZIhvcSAQICAQBuggHaMIIB1qADAgEFoQMCAQ6iBwMFAAAAAACjggEGYYIBAjCB/6ADAgEFoQ0bC0VYQU1QTEUuQ09NojAwLqADAgEAoScwJRsHZGF0YWh1YhsTZGF0YWh1Yi5leGFtcGxlLmNvbRsFYnVsbHmjgbYwgbOgAwIBA6KBqwSBqMJGf4H5nrRIdDyNxHp5fwxW6lsiFi+qUjryPvgiOAl/XldfwmKd9wXbQn00VBNhK+oVxmKv0V0J80e4oTdUnc+NlU/BJNCfsLPFTdYntc4A/ffdnsY7/U5HktTaWMfhvWxYocvhqISFTIFUT1+pH5742IWYNTgvFd5vkudibB3ijCanbMYv9CQXEjV+380rnf3gdLD2JGuxmaU78aJjDDKETL6Ck/qz8KSBtjCBs6ADAgEDooGrBIGoMrzLCTUi59wEoWX02+42K5m1MzW6HMNSuvfQeVGJdzPBsiFmZweNfJF6L9LdmLjQR4jSVUhVo3neFZmUN8G532wvZeKbHOtkXTnLRRdif+DoKyI8GOkbHu1CZlevcQZ0sgzyiH0wfQ/0nguE4kH7a2bM7HlV7N6MRGkC4DDkJZDNHxQr27FbZqrqEyw498HXPTtF93JGsKjXB8Z/wDaPs4PpdfoThTol";
    byte[] asn1Encoding = token.getBytes();
    byte[] sessionKey = "xyz".getBytes();
    long endMillis = System.currentTimeMillis() + 2000;
    java.util.Date endDate = new java.util.Date();
    endDate.setTime(endMillis);
    KerberosTicket ticket = new KerberosTicket(asn1Encoding, princ, princ, sessionKey, 0, null, null, null, endDate, null, null);
    boolean ours = kauth.isTargetPrincipal(ticket, "myserver@EXAMPLE.COM");
    assertTrue(ours);
    KerberosPrincipal clientPrinc = new KerberosPrincipal("myclient@EXAMPLE.COM");
    ticket = new KerberosTicket(asn1Encoding, princ, clientPrinc, sessionKey, 0, null, null, null, endDate, null, null);
    ours = kauth.isTargetPrincipal(ticket, "myservice@EXAPLE.COM");
    assertFalse(ours);
    System.clearProperty(KerberosAuthority.KRB_PROP_SVCPRPL);
    System.clearProperty(KerberosAuthority.KRB_PROP_KEYTAB);
    System.clearProperty(KerberosAuthority.KRB_PROP_LOGIN_CB_CLASS);
}
Also used : KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal) KerberosTicket(javax.security.auth.kerberos.KerberosTicket) KerberosAuthority(com.yahoo.athenz.auth.impl.KerberosAuthority) BeforeTest(org.testng.annotations.BeforeTest) Test(org.testng.annotations.Test)

Aggregations

KerberosAuthority (com.yahoo.athenz.auth.impl.KerberosAuthority)10 BeforeTest (org.testng.annotations.BeforeTest)10 Test (org.testng.annotations.Test)10 KerberosPrincipal (javax.security.auth.kerberos.KerberosPrincipal)3 Principal (com.yahoo.athenz.auth.Principal)2 KerberosToken (com.yahoo.athenz.auth.token.KerberosToken)2 Field (java.lang.reflect.Field)2 KerberosTicket (javax.security.auth.kerberos.KerberosTicket)1