Examples with KerberosTicket javax.security.auth.kerberos.KerberosTicket used on opensource projects
Example 31 with KerberosTicket
use of javax.security.auth.kerberos.KerberosTicket in project jdk8u_jdk by JetBrains.
the class KrbTicket method main.
public static void main(String[] args) throws Exception {
// define principals
Map<String, String> principals = new HashMap<>();
principals.put(USER_PRINCIPAL, PASSWORD);
principals.put(KRBTGT_PRINCIPAL, null);
System.setProperty("java.security.krb5.conf", KRB5_CONF_FILENAME);
// start a local KDC instance
KDC kdc = KDC.startKDC(HOST, null, REALM, principals, null, null);
KDC.saveConfig(KRB5_CONF_FILENAME, kdc, "forwardable = true", "proxiable = true");
// create JAAS config
Files.write(Paths.get(JAAS_CONF), Arrays.asList("Client {", " com.sun.security.auth.module.Krb5LoginModule required;", "};"));
System.setProperty("java.security.auth.login.config", JAAS_CONF);
System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
long startTime = Instant.now().getEpochSecond() * 1000;
LoginContext lc = new LoginContext("Client", new Helper.UserPasswordHandler(USER, PASSWORD));
lc.login();
Subject subject = lc.getSubject();
System.out.println("subject: " + subject);
Set creds = subject.getPrivateCredentials(KerberosTicket.class);
if (creds.size() > 1) {
throw new RuntimeException("Multiple credintials found");
}
Object o = creds.iterator().next();
if (!(o instanceof KerberosTicket)) {
throw new RuntimeException("Instance of KerberosTicket expected");
}
KerberosTicket krbTkt = (KerberosTicket) o;
System.out.println("forwardable = " + krbTkt.isForwardable());
System.out.println("proxiable = " + krbTkt.isProxiable());
System.out.println("renewable = " + krbTkt.isRenewable());
System.out.println("current = " + krbTkt.isCurrent());
if (!krbTkt.isForwardable()) {
throw new RuntimeException("Forwardable ticket expected");
}
if (!krbTkt.isProxiable()) {
throw new RuntimeException("Proxiable ticket expected");
}
if (!krbTkt.isCurrent()) {
throw new RuntimeException("Ticket is not current");
}
if (krbTkt.isRenewable()) {
throw new RuntimeException("Not renewable ticket expected");
}
try {
krbTkt.refresh();
throw new RuntimeException("Expected RefreshFailedException not thrown");
} catch (RefreshFailedException e) {
System.out.println("Expected exception: " + e);
}
if (!checkTime(krbTkt, startTime)) {
throw new RuntimeException("Wrong ticket life time");
}
krbTkt.destroy();
if (!krbTkt.isDestroyed()) {
throw new RuntimeException("Ticket not destroyed");
}
System.out.println("Test passed");
}
Also used :
Set(java.util.Set)
KerberosTicket(javax.security.auth.kerberos.KerberosTicket)
HashMap(java.util.HashMap)
Subject(javax.security.auth.Subject)
LoginContext(javax.security.auth.login.LoginContext)
RefreshFailedException(javax.security.auth.RefreshFailedException)
Example 32 with KerberosTicket
use of javax.security.auth.kerberos.KerberosTicket in project jdk8u_jdk by JetBrains.
the class KerberosTixDateTest method main.
public static void main(String[] args) throws Exception {
byte[] asn1Bytes = "asn1".getBytes();
KerberosPrincipal client = new KerberosPrincipal("client");
KerberosPrincipal server = new KerberosPrincipal("server");
byte[] keyBytes = "sessionKey".getBytes();
long originalTime = 12345678L;
Date inDate = new Date(originalTime);
boolean[] flags = new boolean[9];
// renewable
flags[8] = true;
KerberosTicket t = new KerberosTicket(asn1Bytes, client, server, keyBytes, 1, /*keyType*/
flags, inDate, /*authTime*/
inDate, /*startTime*/
inDate, /*endTime*/
inDate, /*renewTill*/
null);
// for testing the constructor
inDate.setTime(0);
testDateImmutability(t, originalTime);
// S11n: Serialization
testS11nCompatibility(t);
testDestroy(t);
}
Also used :
KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal)
KerberosTicket(javax.security.auth.kerberos.KerberosTicket)
Date(java.util.Date)
Example 33 with KerberosTicket
use of javax.security.auth.kerberos.KerberosTicket in project jdk8u_jdk by JetBrains.
the class Context method status.
/**
* Prints status of GSSContext and Subject
* @throws java.lang.Exception
*/
public void status() throws Exception {
System.out.println("STATUS OF " + name.toUpperCase());
try {
StringBuffer sb = new StringBuffer();
if (x.getAnonymityState()) {
sb.append("anon, ");
}
if (x.getConfState()) {
sb.append("conf, ");
}
if (x.getCredDelegState()) {
sb.append("deleg, ");
}
if (x.getIntegState()) {
sb.append("integ, ");
}
if (x.getMutualAuthState()) {
sb.append("mutual, ");
}
if (x.getReplayDetState()) {
sb.append("rep det, ");
}
if (x.getSequenceDetState()) {
sb.append("seq det, ");
}
if (x instanceof ExtendedGSSContext) {
if (((ExtendedGSSContext) x).getDelegPolicyState()) {
sb.append("deleg policy, ");
}
}
System.out.println("Context status of " + name + ": " + sb.toString());
System.out.println(x.getSrcName() + " -> " + x.getTargName());
} catch (Exception e) {
// Don't care
;
}
if (s != null) {
System.out.println("====== START SUBJECT CONTENT =====");
for (Principal p : s.getPrincipals()) {
System.out.println(" Principal: " + p);
}
for (Object o : s.getPublicCredentials()) {
System.out.println(" " + o.getClass());
System.out.println(" " + o);
}
System.out.println("====== Private Credentials Set ======");
for (Object o : s.getPrivateCredentials()) {
System.out.println(" " + o.getClass());
if (o instanceof KerberosTicket) {
KerberosTicket kt = (KerberosTicket) o;
System.out.println(" " + kt.getServer() + " for " + kt.getClient());
} else if (o instanceof KerberosKey) {
KerberosKey kk = (KerberosKey) o;
System.out.print(" " + kk.getKeyType() + " " + kk.getVersionNumber() + " " + kk.getAlgorithm() + " ");
for (byte b : kk.getEncoded()) {
System.out.printf("%02X", b & 0xff);
}
System.out.println();
} else if (o instanceof Map) {
Map map = (Map) o;
for (Object k : map.keySet()) {
System.out.println(" " + k + ": " + map.get(k));
}
} else {
System.out.println(" " + o);
}
}
System.out.println("====== END SUBJECT CONTENT =====");
}
if (x != null && x instanceof ExtendedGSSContext) {
if (x.isEstablished()) {
ExtendedGSSContext ex = (ExtendedGSSContext) x;
Key k = (Key) ex.inquireSecContext(InquireType.KRB5_GET_SESSION_KEY);
if (k == null) {
throw new Exception("Session key cannot be null");
}
System.out.println("Session key is: " + k);
boolean[] flags = (boolean[]) ex.inquireSecContext(InquireType.KRB5_GET_TKT_FLAGS);
if (flags == null) {
throw new Exception("Ticket flags cannot be null");
}
System.out.println("Ticket flags is: " + Arrays.toString(flags));
String authTime = (String) ex.inquireSecContext(InquireType.KRB5_GET_AUTHTIME);
if (authTime == null) {
throw new Exception("Auth time cannot be null");
}
System.out.println("AuthTime is: " + authTime);
if (!x.isInitiator()) {
AuthorizationDataEntry[] ad = (AuthorizationDataEntry[]) ex.inquireSecContext(InquireType.KRB5_GET_AUTHZ_DATA);
System.out.println("AuthzData is: " + Arrays.toString(ad));
}
}
}
}
Also used :
ExtendedGSSContext(com.sun.security.jgss.ExtendedGSSContext)
KerberosTicket(javax.security.auth.kerberos.KerberosTicket)
AuthorizationDataEntry(com.sun.security.jgss.AuthorizationDataEntry)
PrivilegedActionException(java.security.PrivilegedActionException)
GSSException(org.ietf.jgss.GSSException)
InvocationTargetException(java.lang.reflect.InvocationTargetException)
KerberosKey(javax.security.auth.kerberos.KerberosKey)
HashMap(java.util.HashMap)
Map(java.util.Map)
Principal(java.security.Principal)
KerberosKey(javax.security.auth.kerberos.KerberosKey)
Key(java.security.Key)
Example 34 with KerberosTicket
use of javax.security.auth.kerberos.KerberosTicket in project jdk8u_jdk by JetBrains.
the class AddressesAndNameType method main.
public static void main(String[] args) throws Exception {
OneKDC kdc = new OneKDC(null);
kdc.writeJAASConf();
String extraLine;
switch(args[0]) {
case "1":
extraLine = "noaddresses = false";
break;
case "2":
extraLine = "noaddresses = true";
break;
default:
extraLine = "";
break;
}
KDC.saveConfig(OneKDC.KRB5_CONF, kdc, extraLine);
Config.refresh();
Context c = Context.fromUserPass(OneKDC.USER, OneKDC.PASS, false);
Set<KerberosTicket> tickets = c.s().getPrivateCredentials(KerberosTicket.class);
if (tickets.isEmpty())
throw new Exception();
KerberosTicket ticket = tickets.iterator().next();
InetAddress[] addresses = ticket.getClientAddresses();
switch(args[0]) {
case "1":
if (addresses == null || addresses.length == 0) {
throw new Exception("No addresses");
}
if (ticket.getServer().getNameType() != KerberosPrincipal.KRB_NT_SRV_INST) {
throw new Exception("Wrong type: " + ticket.getServer().getNameType());
}
break;
default:
if (addresses != null && addresses.length != 0) {
throw new Exception("See addresses");
}
break;
}
}
Also used :
KerberosTicket(javax.security.auth.kerberos.KerberosTicket)
InetAddress(java.net.InetAddress)
Example 35 with KerberosTicket
use of javax.security.auth.kerberos.KerberosTicket in project karaf by apache.
the class Krb5LoginModuleTest method testKeytabSuccess.
@Test
public void testKeytabSuccess() throws Exception {
Map<String, Object> props = new HashMap<>();
props.put("debug", "true");
props.put("useKeyTab", "true");
props.put("keyTab", createKeytab());
props.put("principal", "hnelson@EXAMPLE.COM");
props.put("doNotPrompt", "true");
props.put("storeKey", "true");
props.put("detailed.login.exception", "true");
Subject subject = new Subject();
Krb5LoginModule module = new Krb5LoginModule();
module.initialize(subject, null, null, props);
assertEquals("Precondition", 0, subject.getPrincipals().size());
Assert.assertTrue(module.login());
Assert.assertTrue(module.commit());
assertEquals(1, subject.getPrincipals().size());
boolean foundUser = false;
for (Principal pr : subject.getPrincipals()) {
if (pr instanceof KerberosPrincipal) {
assertEquals("hnelson@EXAMPLE.COM", pr.getName());
foundUser = true;
break;
}
}
assertTrue(foundUser);
boolean foundToken = false;
for (Object crd : subject.getPrivateCredentials()) {
if (crd instanceof KerberosTicket) {
assertEquals("hnelson@EXAMPLE.COM", ((KerberosTicket) crd).getClient().getName());
assertEquals("krbtgt/EXAMPLE.COM@EXAMPLE.COM", ((KerberosTicket) crd).getServer().getName());
foundToken = true;
break;
}
}
assertTrue(foundToken);
Assert.assertTrue(module.logout());
}
Also used :
KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal)
KerberosTicket(javax.security.auth.kerberos.KerberosTicket)
HashMap(java.util.HashMap)
Subject(javax.security.auth.Subject)
KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal)
Principal(java.security.Principal)
AbstractKerberosITest(org.apache.directory.server.kerberos.kdc.AbstractKerberosITest)
Test(org.junit.Test)
Aggregations
KerberosTicket (javax.security.auth.kerberos.KerberosTicket)35
Subject (javax.security.auth.Subject)13
Principal (java.security.Principal)7
KerberosPrincipal (javax.security.auth.kerberos.KerberosPrincipal)7
Test (org.junit.Test)7
DestroyFailedException (javax.security.auth.DestroyFailedException)6
RefreshFailedException (javax.security.auth.RefreshFailedException)6
LoginException (javax.security.auth.login.LoginException)6
HashMap (java.util.HashMap)4
LoginContext (javax.security.auth.login.LoginContext)4
IOException (java.io.IOException)3
Date (java.util.Date)3
KerberosKey (javax.security.auth.kerberos.KerberosKey)3
AbstractKerberosITest (org.apache.directory.server.kerberos.kdc.AbstractKerberosITest)3
ByteArrayInputStream (java.io.ByteArrayInputStream)2
ObjectInputStream (java.io.ObjectInputStream)2
InetAddress (java.net.InetAddress)2
PrivilegedActionException (java.security.PrivilegedActionException)2
Map (java.util.Map)2
Configuration (javax.security.auth.login.Configuration)2
