use of javax.security.auth.kerberos.KerberosPrincipal in project mssql-jdbc by Microsoft.
the class SQLServerADAL4JUtils method getSqlFedAuthTokenIntegrated.
static SqlFedAuthToken getSqlFedAuthTokenIntegrated(SqlFedAuthInfo fedAuthInfo, String authenticationString) throws SQLServerException {
ExecutorService executorService = Executors.newFixedThreadPool(1);
try {
// principal name does not matter, what matters is the realm name
// it gets the username in principal_name@realm_name format
KerberosPrincipal kerberosPrincipal = new KerberosPrincipal("username");
String username = kerberosPrincipal.getName();
if (adal4jLogger.isLoggable(Level.FINE)) {
adal4jLogger.fine(adal4jLogger.toString() + " realm name is:" + kerberosPrincipal.getRealm());
}
AuthenticationContext context = new AuthenticationContext(fedAuthInfo.stsurl, false, executorService);
Future<AuthenticationResult> future = context.acquireToken(fedAuthInfo.spn, ActiveDirectoryAuthentication.JDBC_FEDAUTH_CLIENT_ID, username, null, null);
AuthenticationResult authenticationResult = future.get();
SqlFedAuthToken fedAuthToken = new SqlFedAuthToken(authenticationResult.getAccessToken(), authenticationResult.getExpiresOnDate());
return fedAuthToken;
} catch (InterruptedException | IOException e) {
throw new SQLServerException(e.getMessage(), e);
} catch (ExecutionException e) {
MessageFormat form = new MessageFormat(SQLServerException.getErrString("R_ADALExecution"));
Object[] msgArgs = { "", authenticationString };
if (null == e.getCause() || null == e.getCause().getMessage()) {
// the case when Future's outcome has no AuthenticationResult but exception
throw new SQLServerException(form.format(msgArgs), null);
} else {
// the cause error message uses \\n\\r which does not give correct format
// change it to \r\n to provide correct format
String correctedErrorMessage = e.getCause().getMessage().replaceAll("\\\\r\\\\n", "\r\n");
AuthenticationException correctedAuthenticationException = new AuthenticationException(correctedErrorMessage);
// SQLServerException is caused by ExecutionException, which is caused by
// AuthenticationException
// to match the exception tree before error message correction
ExecutionException correctedExecutionException = new ExecutionException(correctedAuthenticationException);
throw new SQLServerException(form.format(msgArgs), null, 0, correctedExecutionException);
}
} finally {
executorService.shutdown();
}
}
use of javax.security.auth.kerberos.KerberosPrincipal in project jstorm by alibaba.
the class AutoTGT method getTGT.
private static KerberosTicket getTGT(Subject subject) {
Set<KerberosTicket> tickets = subject.getPrivateCredentials(KerberosTicket.class);
for (KerberosTicket ticket : tickets) {
KerberosPrincipal server = ticket.getServer();
if (server.getName().equals("krbtgt/" + server.getRealm() + "@" + server.getRealm())) {
tickets = null;
return ticket;
}
}
tickets = null;
return null;
}
use of javax.security.auth.kerberos.KerberosPrincipal in project Smack by igniterealtime.
the class XmppHostnameVerifier method verify.
@Override
public boolean verify(String hostname, SSLSession session) {
boolean validCertificate = false, validPrincipal = false;
try {
Certificate[] peerCertificates = session.getPeerCertificates();
if (peerCertificates.length == 0) {
return false;
}
if (!(peerCertificates[0] instanceof X509Certificate)) {
return false;
}
X509Certificate peerCertificate = (X509Certificate) peerCertificates[0];
try {
match(hostname, peerCertificate);
// Certificate matches hostname
validCertificate = true;
} catch (CertificateException e) {
LOGGER.log(Level.INFO, "Certificate does not match hostname", e);
}
} catch (SSLPeerUnverifiedException e) {
// Not using certificates for peers, try verifying the principal
Principal peerPrincipal = null;
try {
peerPrincipal = session.getPeerPrincipal();
} catch (SSLPeerUnverifiedException e2) {
LOGGER.log(Level.INFO, "Can't verify principal for " + hostname + ". Not kerberos", e2);
}
if (peerPrincipal instanceof KerberosPrincipal) {
validPrincipal = match(hostname, (KerberosPrincipal) peerPrincipal);
} else {
LOGGER.info("Can't verify principal for " + hostname + ". Not kerberos");
}
}
return validCertificate || validPrincipal;
}
use of javax.security.auth.kerberos.KerberosPrincipal in project druid by druid-io.
the class KerberosAuthenticator method initializeKerberosLogin.
private void initializeKerberosLogin() throws ServletException {
String keytab;
try {
if (serverPrincipal == null || serverPrincipal.trim().length() == 0) {
throw new ServletException("Principal not defined in configuration");
}
keytab = serverKeytab;
if (keytab == null || keytab.trim().length() == 0) {
throw new ServletException("Keytab not defined in configuration");
}
if (!new File(keytab).exists()) {
throw new ServletException("Keytab does not exist: " + keytab);
}
Set<Principal> principals = new HashSet<Principal>();
principals.add(new KerberosPrincipal(serverPrincipal));
Subject subject = new Subject(false, principals, new HashSet<Object>(), new HashSet<Object>());
DruidKerberosConfiguration kerberosConfiguration = new DruidKerberosConfiguration(keytab, serverPrincipal);
log.info("Login using keytab " + keytab + ", for principal " + serverPrincipal);
loginContext = new LoginContext("", subject, null, kerberosConfiguration);
loginContext.login();
log.info("Initialized, principal %s from keytab %s", serverPrincipal, keytab);
} catch (Exception ex) {
throw new ServletException(ex);
}
}
use of javax.security.auth.kerberos.KerberosPrincipal in project SSM by Intel-bigdata.
the class SecurityUtil method loginUsingTicketCache.
@VisibleForTesting
static Subject loginUsingTicketCache(String principal, String ticketCacheFileName) throws IOException {
Set<Principal> principals = new HashSet<Principal>();
principals.add(new KerberosPrincipal(principal));
Subject subject = new Subject(false, principals, new HashSet<Object>(), new HashSet<Object>());
Configuration conf = useTicketCache(principal, ticketCacheFileName);
String confName = "TicketCacheConf";
LoginContext loginContext = null;
try {
loginContext = new LoginContext(confName, subject, null, conf);
} catch (LoginException e) {
throw new IOException("Fail to create LoginContext for " + e);
}
try {
loginContext.login();
LOG.info("Login successful for user " + subject.getPrincipals().iterator().next().getName());
} catch (LoginException e) {
throw new IOException("Login failure for " + e);
}
return loginContext.getSubject();
}
Aggregations