use of javax.security.auth.kerberos.KerberosPrincipal in project jdk8u_jdk by JetBrains.
the class KPEquals method main.
public static void main(String[] args) throws Exception {
new OneKDC(null).writeJAASConf();
Context c = Context.fromJAAS("client");
Context s = Context.fromThinAir();
KerberosPrincipal kp = new KerberosPrincipal(OneKDC.SERVER + "@" + OneKDC.REALM, KerberosPrincipal.KRB_NT_SRV_INST);
s.s().getPrincipals().add(kp);
for (KerberosKey k : KeyTab.getInstance(kp).getKeys(kp)) {
s.s().getPrivateCredentials().add(k);
}
c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
s.startAsServer(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
Context.handshake(c, s);
}
use of javax.security.auth.kerberos.KerberosPrincipal in project jdk8u_jdk by JetBrains.
the class KerberosHashEqualsTest method check.
void check() throws Exception {
// The key part:
// new KerberosKey(principal, bytes, keyType, version)
KerberosKey k1, k2;
KerberosPrincipal CLIENT = new KerberosPrincipal("client");
KerberosPrincipal SERVER = new KerberosPrincipal("server");
byte[] PASS = "pass".getBytes();
k1 = new KerberosKey(CLIENT, PASS, 1, 1);
k2 = new KerberosKey(CLIENT, PASS, 1, 1);
// me is me
checkSame(k1, k1);
// same
checkSame(k1, k2);
// A destroyed key doesn't equal to any key
k2.destroy();
checkNotSame(k1, k2);
checkNotSame(k2, k1);
k1.destroy();
// even if they are both destroyed
checkNotSame(k1, k2);
checkNotSame(k2, k1);
checkSame(k2, k2);
// a little difference means not equal
k1 = new KerberosKey(CLIENT, PASS, 1, 1);
k2 = new KerberosKey(SERVER, PASS, 1, 1);
// Different principal name
checkNotSame(k1, k2);
k2 = new KerberosKey(CLIENT, "ssap".getBytes(), 1, 1);
// Different password
checkNotSame(k1, k2);
k2 = new KerberosKey(CLIENT, PASS, 2, 1);
// Different keytype
checkNotSame(k1, k2);
k2 = new KerberosKey(CLIENT, PASS, 1, 2);
// Different version
checkNotSame(k1, k2);
k2 = new KerberosKey(null, PASS, 1, 2);
// null is not non-null
checkNotSame(k1, k2);
k1 = new KerberosKey(null, PASS, 1, 2);
// null is null
checkSame(k1, k2);
checkNotSame(k1, "Another Object");
// The ticket part:
// new KerberosTicket(asn1 bytes, client, server, session key, type, flags,
// auth, start, end, renewUntil times, address)
KerberosTicket t1, t2;
byte[] ASN1 = "asn1".getBytes();
boolean[] FORWARDABLE = new boolean[] { true, true };
boolean[] ALLTRUE = new boolean[] { true, true, true, true, true, true, true, true, true, true };
Date D0 = new Date(0);
t1 = new KerberosTicket(ASN1, CLIENT, SERVER, PASS, 1, FORWARDABLE, D0, D0, D0, D0, null);
t2 = new KerberosTicket(ASN1, CLIENT, SERVER, PASS, 1, FORWARDABLE, D0, D0, D0, D0, null);
checkSame(t1, t1);
checkSame(t1, t2);
// destroyed tickets doesn't equal to each other
t1.destroy();
checkNotSame(t1, t2);
checkNotSame(t2, t1);
t2.destroy();
// even if they are both destroyed
checkNotSame(t1, t2);
checkNotSame(t2, t1);
// unless they are the same object
checkSame(t2, t2);
// a little difference means not equal
t1 = new KerberosTicket(ASN1, CLIENT, SERVER, PASS, 1, FORWARDABLE, D0, D0, D0, D0, null);
t2 = new KerberosTicket("asn11".getBytes(), CLIENT, SERVER, PASS, 1, FORWARDABLE, D0, D0, D0, D0, null);
// Different ASN1 encoding
checkNotSame(t1, t2);
t2 = new KerberosTicket(ASN1, new KerberosPrincipal("client1"), SERVER, PASS, 1, FORWARDABLE, D0, D0, D0, D0, null);
// Different client
checkNotSame(t1, t2);
t2 = new KerberosTicket(ASN1, CLIENT, new KerberosPrincipal("server1"), PASS, 1, FORWARDABLE, D0, D0, D0, D0, null);
// Different server
checkNotSame(t1, t2);
t2 = new KerberosTicket(ASN1, CLIENT, SERVER, "pass1".getBytes(), 1, FORWARDABLE, D0, D0, D0, D0, null);
// Different session key
checkNotSame(t1, t2);
t2 = new KerberosTicket(ASN1, CLIENT, SERVER, PASS, 2, FORWARDABLE, D0, D0, D0, D0, null);
// Different key type
checkNotSame(t1, t2);
t2 = new KerberosTicket(ASN1, CLIENT, SERVER, PASS, 1, new boolean[] { true, false }, D0, D0, D0, D0, null);
// Different flags, not FORWARDABLE
checkNotSame(t1, t2);
t2 = new KerberosTicket(ASN1, CLIENT, SERVER, PASS, 1, FORWARDABLE, new Date(1), D0, D0, D0, null);
// Different authtime
checkNotSame(t1, t2);
t2 = new KerberosTicket(ASN1, CLIENT, SERVER, PASS, 1, FORWARDABLE, D0, new Date(1), D0, D0, null);
// Different starttime
checkNotSame(t1, t2);
t2 = new KerberosTicket(ASN1, CLIENT, SERVER, PASS, 1, FORWARDABLE, D0, D0, new Date(1), D0, null);
// Different endtime
checkNotSame(t1, t2);
t2 = new KerberosTicket(ASN1, CLIENT, SERVER, PASS, 1, FORWARDABLE, D0, D0, D0, D0, new InetAddress[2]);
// Different client addresses
checkNotSame(t1, t2);
t2 = new KerberosTicket(ASN1, CLIENT, SERVER, PASS, 1, FORWARDABLE, D0, D0, D0, new Date(1), null);
t1 = new KerberosTicket(ASN1, CLIENT, SERVER, PASS, 1, FORWARDABLE, D0, D0, D0, new Date(2), null);
// renewtill is ignored when RENEWABLE ticket flag is not set.
checkSame(t1, t2);
t2 = new KerberosTicket(ASN1, CLIENT, SERVER, PASS, 1, ALLTRUE, D0, D0, D0, new Date(1), null);
t1 = new KerberosTicket(ASN1, CLIENT, SERVER, PASS, 1, ALLTRUE, D0, D0, D0, new Date(2), null);
// renewtill is used when RENEWABLE is set.
checkNotSame(t1, t2);
checkNotSame(t1, "Another Object");
System.out.println("Good!");
}
use of javax.security.auth.kerberos.KerberosPrincipal in project jdk8u_jdk by JetBrains.
the class UnsupportedKeyType method main.
public static void main(String[] args) throws Exception {
byte[] data = new byte[aes.length() / 2];
KerberosPrincipal kp = new KerberosPrincipal("u1@K1");
// aes128
for (int i = 0; i < data.length; i++) {
data[i] = Integer.valueOf(aes.substring(2 * i, 2 * i + 2), 16).byteValue();
}
Files.write(Paths.get("aes"), data);
if (KeyTab.getInstance(kp, new File("aes")).getKeys(kp).length == 0) {
throw new Exception("AES key not read");
}
// camellia128
for (int i = 0; i < data.length; i++) {
data[i] = Integer.valueOf(camellia.substring(2 * i, 2 * i + 2), 16).byteValue();
}
Files.write(Paths.get("camellia"), data);
if (KeyTab.getInstance(kp, new File("camellia")).getKeys(kp).length != 0) {
throw new Exception("Unknown key read");
}
}
use of javax.security.auth.kerberos.KerberosPrincipal in project jdk8u_jdk by JetBrains.
the class KerberosTixDateTest method main.
public static void main(String[] args) throws Exception {
byte[] asn1Bytes = "asn1".getBytes();
KerberosPrincipal client = new KerberosPrincipal("client");
KerberosPrincipal server = new KerberosPrincipal("server");
byte[] keyBytes = "sessionKey".getBytes();
long originalTime = 12345678L;
Date inDate = new Date(originalTime);
boolean[] flags = new boolean[9];
// renewable
flags[8] = true;
KerberosTicket t = new KerberosTicket(asn1Bytes, client, server, keyBytes, 1, /*keyType*/
flags, inDate, /*authTime*/
inDate, /*startTime*/
inDate, /*endTime*/
inDate, /*renewTill*/
null);
// for testing the constructor
inDate.setTime(0);
testDateImmutability(t, originalTime);
// S11n: Serialization
testS11nCompatibility(t);
testDestroy(t);
}
use of javax.security.auth.kerberos.KerberosPrincipal in project ddf by codice.
the class SubjectUtils method getName.
/**
* Retrieves the user name from a given subject.
*
* @param subject Subject to get the user name from.
* @param defaultName Name to send back if no user name was found.
* @param returnDisplayName return formatted user name for displaying
* @return String representation of the user name if available or
* defaultName if no user name could be found or incoming subject
* was null.
*/
public static String getName(Subject subject, String defaultName, boolean returnDisplayName) {
String name = defaultName;
if (subject != null) {
PrincipalCollection principals = subject.getPrincipals();
if (principals != null) {
SecurityAssertion assertion = principals.oneByType(SecurityAssertion.class);
if (assertion != null) {
Principal principal = assertion.getPrincipal();
if (principal instanceof KerberosPrincipal) {
StringTokenizer st = new StringTokenizer(principal.getName(), "@");
st = new StringTokenizer(st.nextToken(), "/");
name = st.nextToken();
} else {
name = principal.getName();
}
if (returnDisplayName) {
name = getDisplayName(principal, name);
}
} else {
// send back the primary principal as a string
name = principals.getPrimaryPrincipal().toString();
}
} else {
LOGGER.debug("No principals located in the incoming subject, cannot look up user name. Using default name of {}.", defaultName);
}
} else {
LOGGER.debug("Incoming subject was null, cannot look up user name. Using default name of {}.", defaultName);
}
LOGGER.debug("Sending back name {}.", name);
return name;
}
Aggregations