Search in sources :

Example 46 with KerberosPrincipal

use of javax.security.auth.kerberos.KerberosPrincipal in project jdk8u_jdk by JetBrains.

the class KPEquals method main.

public static void main(String[] args) throws Exception {
    new OneKDC(null).writeJAASConf();
    Context c = Context.fromJAAS("client");
    Context s = Context.fromThinAir();
    KerberosPrincipal kp = new KerberosPrincipal(OneKDC.SERVER + "@" + OneKDC.REALM, KerberosPrincipal.KRB_NT_SRV_INST);
    s.s().getPrincipals().add(kp);
    for (KerberosKey k : KeyTab.getInstance(kp).getKeys(kp)) {
        s.s().getPrivateCredentials().add(k);
    }
    c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
    s.startAsServer(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
    Context.handshake(c, s);
}
Also used : KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal) KerberosKey(javax.security.auth.kerberos.KerberosKey)

Example 47 with KerberosPrincipal

use of javax.security.auth.kerberos.KerberosPrincipal in project jdk8u_jdk by JetBrains.

the class KerberosHashEqualsTest method check.

void check() throws Exception {
    // The key part:
    // new KerberosKey(principal, bytes, keyType, version)
    KerberosKey k1, k2;
    KerberosPrincipal CLIENT = new KerberosPrincipal("client");
    KerberosPrincipal SERVER = new KerberosPrincipal("server");
    byte[] PASS = "pass".getBytes();
    k1 = new KerberosKey(CLIENT, PASS, 1, 1);
    k2 = new KerberosKey(CLIENT, PASS, 1, 1);
    // me is me
    checkSame(k1, k1);
    // same
    checkSame(k1, k2);
    // A destroyed key doesn't equal to any key
    k2.destroy();
    checkNotSame(k1, k2);
    checkNotSame(k2, k1);
    k1.destroy();
    // even if they are both destroyed
    checkNotSame(k1, k2);
    checkNotSame(k2, k1);
    checkSame(k2, k2);
    // a little difference means not equal
    k1 = new KerberosKey(CLIENT, PASS, 1, 1);
    k2 = new KerberosKey(SERVER, PASS, 1, 1);
    // Different principal name
    checkNotSame(k1, k2);
    k2 = new KerberosKey(CLIENT, "ssap".getBytes(), 1, 1);
    // Different password
    checkNotSame(k1, k2);
    k2 = new KerberosKey(CLIENT, PASS, 2, 1);
    // Different keytype
    checkNotSame(k1, k2);
    k2 = new KerberosKey(CLIENT, PASS, 1, 2);
    // Different version
    checkNotSame(k1, k2);
    k2 = new KerberosKey(null, PASS, 1, 2);
    // null is not non-null
    checkNotSame(k1, k2);
    k1 = new KerberosKey(null, PASS, 1, 2);
    // null is null
    checkSame(k1, k2);
    checkNotSame(k1, "Another Object");
    // The ticket part:
    // new KerberosTicket(asn1 bytes, client, server, session key, type, flags,
    //      auth, start, end, renewUntil times, address)
    KerberosTicket t1, t2;
    byte[] ASN1 = "asn1".getBytes();
    boolean[] FORWARDABLE = new boolean[] { true, true };
    boolean[] ALLTRUE = new boolean[] { true, true, true, true, true, true, true, true, true, true };
    Date D0 = new Date(0);
    t1 = new KerberosTicket(ASN1, CLIENT, SERVER, PASS, 1, FORWARDABLE, D0, D0, D0, D0, null);
    t2 = new KerberosTicket(ASN1, CLIENT, SERVER, PASS, 1, FORWARDABLE, D0, D0, D0, D0, null);
    checkSame(t1, t1);
    checkSame(t1, t2);
    // destroyed tickets doesn't equal to each other
    t1.destroy();
    checkNotSame(t1, t2);
    checkNotSame(t2, t1);
    t2.destroy();
    // even if they are both destroyed
    checkNotSame(t1, t2);
    checkNotSame(t2, t1);
    // unless they are the same object
    checkSame(t2, t2);
    // a little difference means not equal
    t1 = new KerberosTicket(ASN1, CLIENT, SERVER, PASS, 1, FORWARDABLE, D0, D0, D0, D0, null);
    t2 = new KerberosTicket("asn11".getBytes(), CLIENT, SERVER, PASS, 1, FORWARDABLE, D0, D0, D0, D0, null);
    // Different ASN1 encoding
    checkNotSame(t1, t2);
    t2 = new KerberosTicket(ASN1, new KerberosPrincipal("client1"), SERVER, PASS, 1, FORWARDABLE, D0, D0, D0, D0, null);
    // Different client
    checkNotSame(t1, t2);
    t2 = new KerberosTicket(ASN1, CLIENT, new KerberosPrincipal("server1"), PASS, 1, FORWARDABLE, D0, D0, D0, D0, null);
    // Different server
    checkNotSame(t1, t2);
    t2 = new KerberosTicket(ASN1, CLIENT, SERVER, "pass1".getBytes(), 1, FORWARDABLE, D0, D0, D0, D0, null);
    // Different session key
    checkNotSame(t1, t2);
    t2 = new KerberosTicket(ASN1, CLIENT, SERVER, PASS, 2, FORWARDABLE, D0, D0, D0, D0, null);
    // Different key type
    checkNotSame(t1, t2);
    t2 = new KerberosTicket(ASN1, CLIENT, SERVER, PASS, 1, new boolean[] { true, false }, D0, D0, D0, D0, null);
    // Different flags, not FORWARDABLE
    checkNotSame(t1, t2);
    t2 = new KerberosTicket(ASN1, CLIENT, SERVER, PASS, 1, FORWARDABLE, new Date(1), D0, D0, D0, null);
    // Different authtime
    checkNotSame(t1, t2);
    t2 = new KerberosTicket(ASN1, CLIENT, SERVER, PASS, 1, FORWARDABLE, D0, new Date(1), D0, D0, null);
    // Different starttime
    checkNotSame(t1, t2);
    t2 = new KerberosTicket(ASN1, CLIENT, SERVER, PASS, 1, FORWARDABLE, D0, D0, new Date(1), D0, null);
    // Different endtime
    checkNotSame(t1, t2);
    t2 = new KerberosTicket(ASN1, CLIENT, SERVER, PASS, 1, FORWARDABLE, D0, D0, D0, D0, new InetAddress[2]);
    // Different client addresses
    checkNotSame(t1, t2);
    t2 = new KerberosTicket(ASN1, CLIENT, SERVER, PASS, 1, FORWARDABLE, D0, D0, D0, new Date(1), null);
    t1 = new KerberosTicket(ASN1, CLIENT, SERVER, PASS, 1, FORWARDABLE, D0, D0, D0, new Date(2), null);
    // renewtill is ignored when RENEWABLE ticket flag is not set.
    checkSame(t1, t2);
    t2 = new KerberosTicket(ASN1, CLIENT, SERVER, PASS, 1, ALLTRUE, D0, D0, D0, new Date(1), null);
    t1 = new KerberosTicket(ASN1, CLIENT, SERVER, PASS, 1, ALLTRUE, D0, D0, D0, new Date(2), null);
    // renewtill is used when RENEWABLE is set.
    checkNotSame(t1, t2);
    checkNotSame(t1, "Another Object");
    System.out.println("Good!");
}
Also used : KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal) KerberosKey(javax.security.auth.kerberos.KerberosKey) KerberosTicket(javax.security.auth.kerberos.KerberosTicket) InetAddress(java.net.InetAddress) Date(java.util.Date)

Example 48 with KerberosPrincipal

use of javax.security.auth.kerberos.KerberosPrincipal in project jdk8u_jdk by JetBrains.

the class UnsupportedKeyType method main.

public static void main(String[] args) throws Exception {
    byte[] data = new byte[aes.length() / 2];
    KerberosPrincipal kp = new KerberosPrincipal("u1@K1");
    // aes128
    for (int i = 0; i < data.length; i++) {
        data[i] = Integer.valueOf(aes.substring(2 * i, 2 * i + 2), 16).byteValue();
    }
    Files.write(Paths.get("aes"), data);
    if (KeyTab.getInstance(kp, new File("aes")).getKeys(kp).length == 0) {
        throw new Exception("AES key not read");
    }
    // camellia128
    for (int i = 0; i < data.length; i++) {
        data[i] = Integer.valueOf(camellia.substring(2 * i, 2 * i + 2), 16).byteValue();
    }
    Files.write(Paths.get("camellia"), data);
    if (KeyTab.getInstance(kp, new File("camellia")).getKeys(kp).length != 0) {
        throw new Exception("Unknown key read");
    }
}
Also used : KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal) File(java.io.File)

Example 49 with KerberosPrincipal

use of javax.security.auth.kerberos.KerberosPrincipal in project jdk8u_jdk by JetBrains.

the class KerberosTixDateTest method main.

public static void main(String[] args) throws Exception {
    byte[] asn1Bytes = "asn1".getBytes();
    KerberosPrincipal client = new KerberosPrincipal("client");
    KerberosPrincipal server = new KerberosPrincipal("server");
    byte[] keyBytes = "sessionKey".getBytes();
    long originalTime = 12345678L;
    Date inDate = new Date(originalTime);
    boolean[] flags = new boolean[9];
    // renewable
    flags[8] = true;
    KerberosTicket t = new KerberosTicket(asn1Bytes, client, server, keyBytes, 1, /*keyType*/
    flags, inDate, /*authTime*/
    inDate, /*startTime*/
    inDate, /*endTime*/
    inDate, /*renewTill*/
    null);
    // for testing the constructor
    inDate.setTime(0);
    testDateImmutability(t, originalTime);
    // S11n: Serialization
    testS11nCompatibility(t);
    testDestroy(t);
}
Also used : KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal) KerberosTicket(javax.security.auth.kerberos.KerberosTicket) Date(java.util.Date)

Example 50 with KerberosPrincipal

use of javax.security.auth.kerberos.KerberosPrincipal in project ddf by codice.

the class SubjectUtils method getName.

/**
     * Retrieves the user name from a given subject.
     *
     * @param subject           Subject to get the user name from.
     * @param defaultName       Name to send back if no user name was found.
     * @param returnDisplayName return formatted user name for displaying
     * @return String representation of the user name if available or
     * defaultName if no user name could be found or incoming subject
     * was null.
     */
public static String getName(Subject subject, String defaultName, boolean returnDisplayName) {
    String name = defaultName;
    if (subject != null) {
        PrincipalCollection principals = subject.getPrincipals();
        if (principals != null) {
            SecurityAssertion assertion = principals.oneByType(SecurityAssertion.class);
            if (assertion != null) {
                Principal principal = assertion.getPrincipal();
                if (principal instanceof KerberosPrincipal) {
                    StringTokenizer st = new StringTokenizer(principal.getName(), "@");
                    st = new StringTokenizer(st.nextToken(), "/");
                    name = st.nextToken();
                } else {
                    name = principal.getName();
                }
                if (returnDisplayName) {
                    name = getDisplayName(principal, name);
                }
            } else {
                // send back the primary principal as a string
                name = principals.getPrimaryPrincipal().toString();
            }
        } else {
            LOGGER.debug("No principals located in the incoming subject, cannot look up user name. Using default name of {}.", defaultName);
        }
    } else {
        LOGGER.debug("Incoming subject was null, cannot look up user name. Using default name of {}.", defaultName);
    }
    LOGGER.debug("Sending back name {}.", name);
    return name;
}
Also used : KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal) StringTokenizer(java.util.StringTokenizer) PrincipalCollection(org.apache.shiro.subject.PrincipalCollection) XSString(org.opensaml.core.xml.schema.XSString) SecurityAssertion(ddf.security.assertion.SecurityAssertion) X500Principal(javax.security.auth.x500.X500Principal) KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal) GuestPrincipal(ddf.security.principal.GuestPrincipal) Principal(java.security.Principal)

Aggregations

KerberosPrincipal (javax.security.auth.kerberos.KerberosPrincipal)71 Principal (java.security.Principal)36 Subject (javax.security.auth.Subject)31 HashSet (java.util.HashSet)21 LoginContext (javax.security.auth.login.LoginContext)20 Test (org.junit.Test)14 X500Principal (javax.security.auth.x500.X500Principal)13 KerberosTicket (javax.security.auth.kerberos.KerberosTicket)11 IOException (java.io.IOException)10 File (java.io.File)9 KerberosKey (javax.security.auth.kerberos.KerberosKey)9 PrivilegedActionException (java.security.PrivilegedActionException)8 StringTokenizer (java.util.StringTokenizer)6 PrivilegedExceptionAction (java.security.PrivilegedExceptionAction)3 ArrayList (java.util.ArrayList)3 Date (java.util.Date)3 HashMap (java.util.HashMap)3 Properties (java.util.Properties)3 CallbackHandler (javax.security.auth.callback.CallbackHandler)3 KeyTab (javax.security.auth.kerberos.KeyTab)3