Search in sources :

Example 56 with KerberosPrincipal

use of javax.security.auth.kerberos.KerberosPrincipal in project mssql-jdbc by Microsoft.

the class SQLServerADAL4JUtils method getSqlFedAuthTokenIntegrated.

static SqlFedAuthToken getSqlFedAuthTokenIntegrated(SqlFedAuthInfo fedAuthInfo, String authenticationString) throws SQLServerException {
    ExecutorService executorService = Executors.newFixedThreadPool(1);
    try {
        // principal name does not matter, what matters is the realm name
        // it gets the username in principal_name@realm_name format
        KerberosPrincipal kerberosPrincipal = new KerberosPrincipal("username");
        String username = kerberosPrincipal.getName();
        if (adal4jLogger.isLoggable(Level.FINE)) {
            adal4jLogger.fine(adal4jLogger.toString() + " realm name is:" + kerberosPrincipal.getRealm());
        }
        AuthenticationContext context = new AuthenticationContext(fedAuthInfo.stsurl, false, executorService);
        Future<AuthenticationResult> future = context.acquireToken(fedAuthInfo.spn, ActiveDirectoryAuthentication.JDBC_FEDAUTH_CLIENT_ID, username, null, null);
        AuthenticationResult authenticationResult = future.get();
        SqlFedAuthToken fedAuthToken = new SqlFedAuthToken(authenticationResult.getAccessToken(), authenticationResult.getExpiresOnDate());
        return fedAuthToken;
    } catch (InterruptedException | IOException e) {
        throw new SQLServerException(e.getMessage(), e);
    } catch (ExecutionException e) {
        MessageFormat form = new MessageFormat(SQLServerException.getErrString("R_ADALExecution"));
        Object[] msgArgs = { "", authenticationString };
        if (null == e.getCause() || null == e.getCause().getMessage()) {
            // the case when Future's outcome has no AuthenticationResult but exception
            throw new SQLServerException(form.format(msgArgs), null);
        } else {
            // the cause error message uses \\n\\r which does not give correct format
            // change it to \r\n to provide correct format
            String correctedErrorMessage = e.getCause().getMessage().replaceAll("\\\\r\\\\n", "\r\n");
            AuthenticationException correctedAuthenticationException = new AuthenticationException(correctedErrorMessage);
            // SQLServerException is caused by ExecutionException, which is caused by
            // AuthenticationException
            // to match the exception tree before error message correction
            ExecutionException correctedExecutionException = new ExecutionException(correctedAuthenticationException);
            throw new SQLServerException(form.format(msgArgs), null, 0, correctedExecutionException);
        }
    } finally {
        executorService.shutdown();
    }
}
Also used : KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal) AuthenticationContext(com.microsoft.aad.adal4j.AuthenticationContext) MessageFormat(java.text.MessageFormat) AuthenticationException(com.microsoft.aad.adal4j.AuthenticationException) IOException(java.io.IOException) AuthenticationResult(com.microsoft.aad.adal4j.AuthenticationResult) ExecutorService(java.util.concurrent.ExecutorService) ExecutionException(java.util.concurrent.ExecutionException)

Example 57 with KerberosPrincipal

use of javax.security.auth.kerberos.KerberosPrincipal in project jstorm by alibaba.

the class AutoTGT method getTGT.

private static KerberosTicket getTGT(Subject subject) {
    Set<KerberosTicket> tickets = subject.getPrivateCredentials(KerberosTicket.class);
    for (KerberosTicket ticket : tickets) {
        KerberosPrincipal server = ticket.getServer();
        if (server.getName().equals("krbtgt/" + server.getRealm() + "@" + server.getRealm())) {
            tickets = null;
            return ticket;
        }
    }
    tickets = null;
    return null;
}
Also used : KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal) KerberosTicket(javax.security.auth.kerberos.KerberosTicket)

Example 58 with KerberosPrincipal

use of javax.security.auth.kerberos.KerberosPrincipal in project Smack by igniterealtime.

the class XmppHostnameVerifier method verify.

@Override
public boolean verify(String hostname, SSLSession session) {
    boolean validCertificate = false, validPrincipal = false;
    try {
        Certificate[] peerCertificates = session.getPeerCertificates();
        if (peerCertificates.length == 0) {
            return false;
        }
        if (!(peerCertificates[0] instanceof X509Certificate)) {
            return false;
        }
        X509Certificate peerCertificate = (X509Certificate) peerCertificates[0];
        try {
            match(hostname, peerCertificate);
            // Certificate matches hostname
            validCertificate = true;
        } catch (CertificateException e) {
            LOGGER.log(Level.INFO, "Certificate does not match hostname", e);
        }
    } catch (SSLPeerUnverifiedException e) {
        // Not using certificates for peers, try verifying the principal
        Principal peerPrincipal = null;
        try {
            peerPrincipal = session.getPeerPrincipal();
        } catch (SSLPeerUnverifiedException e2) {
            LOGGER.log(Level.INFO, "Can't verify principal for " + hostname + ". Not kerberos", e2);
        }
        if (peerPrincipal instanceof KerberosPrincipal) {
            validPrincipal = match(hostname, (KerberosPrincipal) peerPrincipal);
        } else {
            LOGGER.info("Can't verify principal for " + hostname + ". Not kerberos");
        }
    }
    return validCertificate || validPrincipal;
}
Also used : KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal) SSLPeerUnverifiedException(javax.net.ssl.SSLPeerUnverifiedException) CertificateException(java.security.cert.CertificateException) X509Certificate(java.security.cert.X509Certificate) KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal) Principal(java.security.Principal) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate)

Example 59 with KerberosPrincipal

use of javax.security.auth.kerberos.KerberosPrincipal in project druid by druid-io.

the class KerberosAuthenticator method initializeKerberosLogin.

private void initializeKerberosLogin() throws ServletException {
    String keytab;
    try {
        if (serverPrincipal == null || serverPrincipal.trim().length() == 0) {
            throw new ServletException("Principal not defined in configuration");
        }
        keytab = serverKeytab;
        if (keytab == null || keytab.trim().length() == 0) {
            throw new ServletException("Keytab not defined in configuration");
        }
        if (!new File(keytab).exists()) {
            throw new ServletException("Keytab does not exist: " + keytab);
        }
        Set<Principal> principals = new HashSet<Principal>();
        principals.add(new KerberosPrincipal(serverPrincipal));
        Subject subject = new Subject(false, principals, new HashSet<Object>(), new HashSet<Object>());
        DruidKerberosConfiguration kerberosConfiguration = new DruidKerberosConfiguration(keytab, serverPrincipal);
        log.info("Login using keytab " + keytab + ", for principal " + serverPrincipal);
        loginContext = new LoginContext("", subject, null, kerberosConfiguration);
        loginContext.login();
        log.info("Initialized, principal %s from keytab %s", serverPrincipal, keytab);
    } catch (Exception ex) {
        throw new ServletException(ex);
    }
}
Also used : KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal) Subject(javax.security.auth.Subject) AuthenticationException(org.apache.hadoop.security.authentication.client.AuthenticationException) ServletException(javax.servlet.ServletException) SignerException(org.apache.hadoop.security.authentication.util.SignerException) IOException(java.io.IOException) ServletException(javax.servlet.ServletException) LoginContext(javax.security.auth.login.LoginContext) File(java.io.File) KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal) Principal(java.security.Principal) HashSet(java.util.HashSet)

Example 60 with KerberosPrincipal

use of javax.security.auth.kerberos.KerberosPrincipal in project SSM by Intel-bigdata.

the class SecurityUtil method loginUsingTicketCache.

@VisibleForTesting
static Subject loginUsingTicketCache(String principal, String ticketCacheFileName) throws IOException {
    Set<Principal> principals = new HashSet<Principal>();
    principals.add(new KerberosPrincipal(principal));
    Subject subject = new Subject(false, principals, new HashSet<Object>(), new HashSet<Object>());
    Configuration conf = useTicketCache(principal, ticketCacheFileName);
    String confName = "TicketCacheConf";
    LoginContext loginContext = null;
    try {
        loginContext = new LoginContext(confName, subject, null, conf);
    } catch (LoginException e) {
        throw new IOException("Fail to create LoginContext for " + e);
    }
    try {
        loginContext.login();
        LOG.info("Login successful for user " + subject.getPrincipals().iterator().next().getName());
    } catch (LoginException e) {
        throw new IOException("Login failure for " + e);
    }
    return loginContext.getSubject();
}
Also used : KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal) LoginContext(javax.security.auth.login.LoginContext) Configuration(javax.security.auth.login.Configuration) LoginException(javax.security.auth.login.LoginException) IOException(java.io.IOException) KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal) Principal(java.security.Principal) Subject(javax.security.auth.Subject) HashSet(java.util.HashSet) VisibleForTesting(com.google.common.annotations.VisibleForTesting)

Aggregations

KerberosPrincipal (javax.security.auth.kerberos.KerberosPrincipal)71 Principal (java.security.Principal)36 Subject (javax.security.auth.Subject)31 HashSet (java.util.HashSet)21 LoginContext (javax.security.auth.login.LoginContext)20 Test (org.junit.Test)14 X500Principal (javax.security.auth.x500.X500Principal)13 KerberosTicket (javax.security.auth.kerberos.KerberosTicket)11 IOException (java.io.IOException)10 File (java.io.File)9 KerberosKey (javax.security.auth.kerberos.KerberosKey)9 PrivilegedActionException (java.security.PrivilegedActionException)8 StringTokenizer (java.util.StringTokenizer)6 PrivilegedExceptionAction (java.security.PrivilegedExceptionAction)3 ArrayList (java.util.ArrayList)3 Date (java.util.Date)3 HashMap (java.util.HashMap)3 Properties (java.util.Properties)3 CallbackHandler (javax.security.auth.callback.CallbackHandler)3 KeyTab (javax.security.auth.kerberos.KeyTab)3