Examples with RefreshFailedException - javax.security.auth.RefreshFailedException

Example 1 with RefreshFailedException

use of javax.security.auth.RefreshFailedException in project storm by apache.

the class AutoTGT method renew.

@Override
public void renew(Map<String, String> credentials, Map topologyConf) {
    KerberosTicket tgt = getTGT(credentials);
    if (tgt != null) {
        long refreshTime = getRefreshTime(tgt);
        long now = System.currentTimeMillis();
        if (now >= refreshTime) {
            try {
                LOG.info("Renewing TGT for " + tgt.getClient());
                tgt.refresh();
                saveTGT(tgt, credentials);
            } catch (RefreshFailedException e) {
                LOG.warn("Failed to refresh TGT", e);
            }
        }
    }
}

Also used : KerberosTicket(javax.security.auth.kerberos.KerberosTicket) RefreshFailedException(javax.security.auth.RefreshFailedException)

Example 2 with RefreshFailedException

use of javax.security.auth.RefreshFailedException in project jdk8u_jdk by JetBrains.

the class KerberosTicket method refresh.

/**
     * Extends the validity period of this ticket. The ticket will contain
     * a new session key if the refresh operation succeeds. The refresh
     * operation will fail if the ticket is not renewable or the latest
     * allowable renew time has passed. Any other error returned by the
     * KDC will also cause this method to fail.
     *
     * Note: This method is not synchronized with the the accessor
     * methods of this object. Hence callers need to be aware of multiple
     * threads that might access this and try to renew it at the same
     * time.
     *
     * @throws RefreshFailedException if the ticket is not renewable, or
     * the latest allowable renew time has passed, or the KDC returns some
     * error.
     *
     * @see #isRenewable()
     * @see #getRenewTill()
     */
public void refresh() throws RefreshFailedException {
    if (destroyed)
        throw new RefreshFailedException("A destroyed ticket " + "cannot be renewd.");
    if (!isRenewable())
        throw new RefreshFailedException("This ticket is not renewable");
    if (System.currentTimeMillis() > getRenewTill().getTime())
        throw new RefreshFailedException("This ticket is past " + "its last renewal time.");
    Throwable e = null;
    sun.security.krb5.Credentials krb5Creds = null;
    try {
        krb5Creds = new sun.security.krb5.Credentials(asn1Encoding, client.toString(), server.toString(), sessionKey.getEncoded(), sessionKey.getKeyType(), flags, authTime, startTime, endTime, renewTill, clientAddresses);
        krb5Creds = krb5Creds.renew();
    } catch (sun.security.krb5.KrbException krbException) {
        e = krbException;
    } catch (java.io.IOException ioException) {
        e = ioException;
    }
    if (e != null) {
        RefreshFailedException rfException = new RefreshFailedException("Failed to renew Kerberos Ticket " + "for client " + client + " and server " + server + " - " + e.getMessage());
        rfException.initCause(e);
        throw rfException;
    }
    /*
         * In case multiple threads try to refresh it at the same time.
         */
    synchronized (this) {
        try {
            this.destroy();
        } catch (DestroyFailedException dfException) {
        // Squelch it since we don't care about the old ticket.
        }
        init(krb5Creds.getEncoded(), new KerberosPrincipal(krb5Creds.getClient().getName()), new KerberosPrincipal(krb5Creds.getServer().getName(), KerberosPrincipal.KRB_NT_SRV_INST), krb5Creds.getSessionKey().getBytes(), krb5Creds.getSessionKey().getEType(), krb5Creds.getFlags(), krb5Creds.getAuthTime(), krb5Creds.getStartTime(), krb5Creds.getEndTime(), krb5Creds.getRenewTill(), krb5Creds.getClientAddresses());
        destroyed = false;
    }
}

Also used : DestroyFailedException(javax.security.auth.DestroyFailedException) java.io(java.io) RefreshFailedException(javax.security.auth.RefreshFailedException)

Example 3 with RefreshFailedException

use of javax.security.auth.RefreshFailedException in project jstorm by alibaba.

the class AutoTGT method renew.

@Override
public void renew(Map<String, String> credentials, Map topologyConf) {
    KerberosTicket tgt = getTGT(credentials);
    if (tgt != null) {
        long refreshTime = getRefreshTime(tgt);
        long now = System.currentTimeMillis();
        if (now >= refreshTime) {
            try {
                LOG.info("Renewing TGT for " + tgt.getClient());
                tgt.refresh();
                saveTGT(tgt, credentials);
            } catch (RefreshFailedException e) {
                LOG.warn("Failed to refresh TGT", e);
            }
        }
    }
}

Also used : KerberosTicket(javax.security.auth.kerberos.KerberosTicket) RefreshFailedException(javax.security.auth.RefreshFailedException)

Example 4 with RefreshFailedException

use of javax.security.auth.RefreshFailedException in project jdk8u_jdk by JetBrains.

the class KrbTicket method main.

public static void main(String[] args) throws Exception {
    // define principals
    Map<String, String> principals = new HashMap<>();
    principals.put(USER_PRINCIPAL, PASSWORD);
    principals.put(KRBTGT_PRINCIPAL, null);
    System.setProperty("java.security.krb5.conf", KRB5_CONF_FILENAME);
    // start a local KDC instance
    KDC kdc = KDC.startKDC(HOST, null, REALM, principals, null, null);
    KDC.saveConfig(KRB5_CONF_FILENAME, kdc, "forwardable = true", "proxiable = true");
    // create JAAS config
    Files.write(Paths.get(JAAS_CONF), Arrays.asList("Client {", "    com.sun.security.auth.module.Krb5LoginModule required;", "};"));
    System.setProperty("java.security.auth.login.config", JAAS_CONF);
    System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
    long startTime = Instant.now().getEpochSecond() * 1000;
    LoginContext lc = new LoginContext("Client", new Helper.UserPasswordHandler(USER, PASSWORD));
    lc.login();
    Subject subject = lc.getSubject();
    System.out.println("subject: " + subject);
    Set creds = subject.getPrivateCredentials(KerberosTicket.class);
    if (creds.size() > 1) {
        throw new RuntimeException("Multiple credintials found");
    }
    Object o = creds.iterator().next();
    if (!(o instanceof KerberosTicket)) {
        throw new RuntimeException("Instance of KerberosTicket expected");
    }
    KerberosTicket krbTkt = (KerberosTicket) o;
    System.out.println("forwardable = " + krbTkt.isForwardable());
    System.out.println("proxiable   = " + krbTkt.isProxiable());
    System.out.println("renewable   = " + krbTkt.isRenewable());
    System.out.println("current     = " + krbTkt.isCurrent());
    if (!krbTkt.isForwardable()) {
        throw new RuntimeException("Forwardable ticket expected");
    }
    if (!krbTkt.isProxiable()) {
        throw new RuntimeException("Proxiable ticket expected");
    }
    if (!krbTkt.isCurrent()) {
        throw new RuntimeException("Ticket is not current");
    }
    if (krbTkt.isRenewable()) {
        throw new RuntimeException("Not renewable ticket expected");
    }
    try {
        krbTkt.refresh();
        throw new RuntimeException("Expected RefreshFailedException not thrown");
    } catch (RefreshFailedException e) {
        System.out.println("Expected exception: " + e);
    }
    if (!checkTime(krbTkt, startTime)) {
        throw new RuntimeException("Wrong ticket life time");
    }
    krbTkt.destroy();
    if (!krbTkt.isDestroyed()) {
        throw new RuntimeException("Ticket not destroyed");
    }
    System.out.println("Test passed");
}

Also used : Set(java.util.Set) KerberosTicket(javax.security.auth.kerberos.KerberosTicket) HashMap(java.util.HashMap) Subject(javax.security.auth.Subject) LoginContext(javax.security.auth.login.LoginContext) RefreshFailedException(javax.security.auth.RefreshFailedException)

Example 5 with RefreshFailedException

use of javax.security.auth.RefreshFailedException in project jdk8u_jdk by JetBrains.

the class KerberosTixDateTest method testDestroy.

private static void testDestroy(KerberosTicket t) throws Exception {
    t.destroy();
    if (!t.isDestroyed()) {
        throw new RuntimeException("ticket should have been destroyed");
    }
    // Although these methods are meaningless, they can be called
    for (Method m : KerberosTicket.class.getDeclaredMethods()) {
        if (Modifier.isPublic(m.getModifiers()) && m.getParameterCount() == 0) {
            System.out.println("Testing " + m.getName() + "...");
            try {
                m.invoke(t);
            } catch (InvocationTargetException e) {
                Throwable cause = e.getCause();
                if (cause instanceof RefreshFailedException || cause instanceof IllegalStateException) {
                // this is OK
                } else {
                    throw e;
                }
            }
        }
    }
    System.out.println("Destroy Test Passed");
}

Also used : RefreshFailedException(javax.security.auth.RefreshFailedException) Method(java.lang.reflect.Method) InvocationTargetException(java.lang.reflect.InvocationTargetException)

Aggregations

RefreshFailedException (javax.security.auth.RefreshFailedException)5 KerberosTicket (javax.security.auth.kerberos.KerberosTicket)3 java.io (java.io)1 InvocationTargetException (java.lang.reflect.InvocationTargetException)1 Method (java.lang.reflect.Method)1 HashMap (java.util.HashMap)1 Set (java.util.Set)1 DestroyFailedException (javax.security.auth.DestroyFailedException)1 Subject (javax.security.auth.Subject)1 LoginContext (javax.security.auth.login.LoginContext)1