Search in sources :

Example 61 with KerberosPrincipal

use of javax.security.auth.kerberos.KerberosPrincipal in project calcite-avatica by apache.

the class KerberosConnection method performKerberosLogin.

/**
 * Performs a Kerberos login given the {@code principal} and {@code keytab}.
 *
 * @return The {@code Subject} and {@code LoginContext} from the successful login.
 * @throws RuntimeException if the login failed
 */
Entry<LoginContext, Subject> performKerberosLogin() {
    // Loosely based on Apache Kerby's JaasKrbUtil class
    // Synchronized by the caller
    // Create a KerberosPrincipal given the principal.
    final Set<Principal> principals = new HashSet<Principal>();
    principals.add(new KerberosPrincipal(principal));
    final Subject subject = new Subject(false, principals, new HashSet<Object>(), new HashSet<Object>());
    try {
        return login(null, jaasConf, subject);
    } catch (Exception e) {
        throw new RuntimeException("Failed to perform Kerberos login");
    }
}
Also used : KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal) KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal) Principal(java.security.Principal) Subject(javax.security.auth.Subject) LoginException(javax.security.auth.login.LoginException) HashSet(java.util.HashSet)

Example 62 with KerberosPrincipal

use of javax.security.auth.kerberos.KerberosPrincipal in project zm-mailbox by Zimbra.

the class Krb5Keytab method readEntry.

private void readEntry(FileChannel fc) throws IOException {
    int size = readInt(fc);
    if (size < 0) {
        // Skip deleted entry
        long newPos = fc.position() + -size;
        if (newPos >= fc.size()) {
            throw new EOFException();
        }
        fc.position(newPos);
        return;
    }
    ByteBuffer bb = readBytes(fc, size);
    try {
        KerberosPrincipal kp = getPrincipal(bb);
        KerberosKey key = getKey(bb, kp);
        addKey(kp, key);
    } catch (ArrayIndexOutOfBoundsException e) {
        throw formatError("Invalid entry size " + size);
    }
}
Also used : KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal) KerberosKey(javax.security.auth.kerberos.KerberosKey) EOFException(java.io.EOFException) ByteBuffer(java.nio.ByteBuffer)

Example 63 with KerberosPrincipal

use of javax.security.auth.kerberos.KerberosPrincipal in project zm-mailbox by Zimbra.

the class Krb5Keytab method dump.

/**
 * Prints contents of keytab to specified stream.
 *
 * @param ps The PrintStream to which the keytab contents are written
 */
public void dump(PrintStream ps) {
    ps.printf("Keytab name: %s\n", file);
    ps.printf("Keytab version: 0x%x\n", version);
    ps.printf("KVNO Principal\n");
    ps.print("---- ");
    for (int i = 0; i < 75; i++) ps.print('-');
    ps.println();
    for (KerberosPrincipal kp : keyMap.keySet()) {
        for (KerberosKey key : keyMap.get(kp)) {
            ps.printf("%4d %s (%s) (0x%x)\n", key.getVersionNumber(), kp.getName(), getKeyTypeName(key.getKeyType()), new BigInteger(1, key.getEncoded()));
        }
    }
}
Also used : KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal) KerberosKey(javax.security.auth.kerberos.KerberosKey) BigInteger(java.math.BigInteger)

Example 64 with KerberosPrincipal

use of javax.security.auth.kerberos.KerberosPrincipal in project ddf by codice.

the class PropertyFileClaimsHandler method getUser.

/**
 * Obtains the user name from the principal.
 *
 * @param principal Describing the current user that should be used for retrieving claims.
 * @return the user name if the principal has one, null if no name is specified or if principal is
 *     null.
 */
public String getUser(Principal principal) {
    String user = null;
    if (principal instanceof KerberosPrincipal) {
        KerberosPrincipal kp = (KerberosPrincipal) principal;
        StringTokenizer st = new StringTokenizer(kp.getName(), "@");
        user = st.nextToken();
    } else if (principal instanceof X500Principal) {
        X500Principal x500p = (X500Principal) principal;
        StringTokenizer st = new StringTokenizer(x500p.getName(), ",");
        while (st.hasMoreElements()) {
            // token is in the format:
            // syntaxAndUniqueId
            // cn
            // ou
            // o
            // loc
            // state
            // country
            String[] strArr = st.nextToken().split("=");
            if (strArr.length > 1 && strArr[0].equalsIgnoreCase("cn")) {
                user = strArr[1];
                break;
            }
        }
    } else if (principal != null) {
        user = principal.getName();
    }
    return user;
}
Also used : KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal) StringTokenizer(java.util.StringTokenizer) X500Principal(javax.security.auth.x500.X500Principal)

Example 65 with KerberosPrincipal

use of javax.security.auth.kerberos.KerberosPrincipal in project ddf by codice.

the class AttributeMapLoader method getUser.

/**
 * Obtains the user name from the principal.
 *
 * @param principal Describing the current user that should be used for retrieving claims.
 * @return the user name if the principal has one, null if no name is specified or if principal is
 *     null.
 */
public String getUser(Principal principal) {
    String user = null;
    if (principal instanceof KerberosPrincipal) {
        KerberosPrincipal kp = (KerberosPrincipal) principal;
        StringTokenizer st = new StringTokenizer(kp.getName(), "@");
        st = new StringTokenizer(st.nextToken(), "/");
        user = st.nextToken();
    } else if (principal instanceof X500Principal) {
        X500Principal x500p = (X500Principal) principal;
        StringTokenizer st = new StringTokenizer(x500p.getName(), ",");
        while (st.hasMoreElements()) {
            // token is in the format:
            // syntaxAndUniqueId
            // cn
            // ou
            // o
            // loc
            // state
            // country
            String[] strArr = st.nextToken().split("=");
            if (strArr.length > 1 && strArr[0].equalsIgnoreCase("cn")) {
                user = strArr[1];
                break;
            }
        }
    } else if (principal != null) {
        user = principal.getName();
    }
    return user;
}
Also used : KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal) StringTokenizer(java.util.StringTokenizer) X500Principal(javax.security.auth.x500.X500Principal)

Aggregations

KerberosPrincipal (javax.security.auth.kerberos.KerberosPrincipal)71 Principal (java.security.Principal)36 Subject (javax.security.auth.Subject)31 HashSet (java.util.HashSet)21 LoginContext (javax.security.auth.login.LoginContext)20 Test (org.junit.Test)14 X500Principal (javax.security.auth.x500.X500Principal)13 KerberosTicket (javax.security.auth.kerberos.KerberosTicket)11 IOException (java.io.IOException)10 File (java.io.File)9 KerberosKey (javax.security.auth.kerberos.KerberosKey)9 PrivilegedActionException (java.security.PrivilegedActionException)8 StringTokenizer (java.util.StringTokenizer)6 PrivilegedExceptionAction (java.security.PrivilegedExceptionAction)3 ArrayList (java.util.ArrayList)3 Date (java.util.Date)3 HashMap (java.util.HashMap)3 Properties (java.util.Properties)3 CallbackHandler (javax.security.auth.callback.CallbackHandler)3 KeyTab (javax.security.auth.kerberos.KeyTab)3