Example 1 with EncryptionKey
use of org.apache.kerby.kerberos.kerb.type.base.EncryptionKey in project hadoop by apache.
the class KDiag method dumpKeytab.
/**
* Dump a keytab: list all principals.
*
* @param keytabFile the keytab file
* @throws IOException IO problems
*/
private void dumpKeytab(File keytabFile) throws IOException {
title("Examining keytab %s", keytabFile);
File kt = keytabFile.getCanonicalFile();
verifyFileIsValid(kt, CAT_KERBEROS, "keytab");
Keytab loadKeytab = Keytab.loadKeytab(kt);
List<PrincipalName> principals = loadKeytab.getPrincipals();
println("keytab principal count: %d", principals.size());
int entrySize = 0;
for (PrincipalName princ : principals) {
List<KeytabEntry> entries = loadKeytab.getKeytabEntries(princ);
entrySize = entrySize + entries.size();
for (KeytabEntry entry : entries) {
EncryptionKey key = entry.getKey();
println(" %s: version=%d expires=%s encryption=%s", entry.getPrincipal(), entry.getKvno(), entry.getTimestamp(), key.getKeyType());
}
}
println("keytab entry count: %d", entrySize);
endln();
}
Also used :
Keytab(org.apache.kerby.kerberos.kerb.keytab.Keytab)
EncryptionKey(org.apache.kerby.kerberos.kerb.type.base.EncryptionKey)
PrincipalName(org.apache.kerby.kerberos.kerb.type.base.PrincipalName)
File(java.io.File)
KeytabEntry(org.apache.kerby.kerberos.kerb.keytab.KeytabEntry)
Example 2 with EncryptionKey
use of org.apache.kerby.kerberos.kerb.type.base.EncryptionKey in project testcases by coheigea.
the class TokenPreAuthTest method jwtUnitTestAccess.
@org.junit.Test
public void jwtUnitTestAccess() throws Exception {
// Get a TGT
KrbClient client = new KrbClient();
client.setKdcHost("localhost");
client.setKdcTcpPort(kerbyServer.getKdcPort());
client.setAllowUdp(false);
client.setKdcRealm(kerbyServer.getKdcSetting().getKdcRealm());
client.init();
TgtTicket tgt = client.requestTgt("alice@service.ws.apache.org", "alice");
assertNotNull(tgt);
// Write to cache
Credential credential = new Credential(tgt);
CredentialCache cCache = new CredentialCache();
cCache.addCredential(credential);
cCache.setPrimaryPrincipal(tgt.getClientPrincipal());
File cCacheFile = File.createTempFile("krb5_alice@service.ws.apache.org", "cc");
cCache.store(cCacheFile);
KrbTokenClient tokenClient = new KrbTokenClient(client);
tokenClient.setKdcHost("localhost");
tokenClient.setKdcTcpPort(kerbyServer.getKdcPort());
tokenClient.setAllowUdp(false);
tokenClient.setKdcRealm(kerbyServer.getKdcSetting().getKdcRealm());
tokenClient.init();
// Create a JWT token using CXF
JwtClaims claims = new JwtClaims();
claims.setSubject("alice");
claims.setIssuer("DoubleItSTSIssuer");
claims.setIssuedAt(new Date().getTime() / 1000L);
claims.setExpiryTime(new Date().getTime() + (60L + 1000L));
String address = "bob/service.ws.apache.org@service.ws.apache.org";
claims.setAudiences(Collections.singletonList(address));
// Wrap it in a KrbToken + sign it
CXFKrbToken krbToken = new CXFKrbToken(claims, false);
krbToken.sign();
// Now get a SGT using the JWT
SgtTicket tkt;
try {
tkt = tokenClient.requestSgt(krbToken, "bob/service.ws.apache.org@service.ws.apache.org", cCacheFile.getPath());
assertTrue(tkt != null);
// Decrypt the ticket
Ticket ticket = tkt.getTicket();
String bob = "bob/service.ws.apache.org@service.ws.apache.org";
EncryptionKey key = EncryptionHandler.string2Key(bob, "bob", ticket.getEncryptedEncPart().getEType());
EncTicketPart encPart = EncryptionUtil.unseal(ticket.getEncryptedEncPart(), key, KeyUsage.KDC_REP_TICKET, EncTicketPart.class);
// Examine the authorization data
AuthorizationData authzData = encPart.getAuthorizationData();
assertEquals(1, authzData.getElements().size());
AuthorizationDataEntry dataEntry = authzData.getElements().iterator().next();
AdToken token = dataEntry.getAuthzDataAs(AdToken.class);
KrbToken decodedKrbToken = token.getToken();
assertEquals("alice", decodedKrbToken.getSubject());
assertEquals(address, decodedKrbToken.getAudiences().get(0));
} catch (Exception e) {
e.printStackTrace();
Assert.fail();
}
cCacheFile.delete();
}
Also used :
TgtTicket(org.apache.kerby.kerberos.kerb.type.ticket.TgtTicket)
KerberosTicket(javax.security.auth.kerberos.KerberosTicket)
TgtTicket(org.apache.kerby.kerberos.kerb.type.ticket.TgtTicket)
Ticket(org.apache.kerby.kerberos.kerb.type.ticket.Ticket)
SgtTicket(org.apache.kerby.kerberos.kerb.type.ticket.SgtTicket)
GSSCredential(org.ietf.jgss.GSSCredential)
Credential(org.apache.kerby.kerberos.kerb.ccache.Credential)
KrbTokenClient(org.apache.kerby.kerberos.kerb.client.KrbTokenClient)
AuthorizationData(org.apache.kerby.kerberos.kerb.type.ad.AuthorizationData)
JwtClaims(org.apache.cxf.rs.security.jose.jwt.JwtClaims)
SgtTicket(org.apache.kerby.kerberos.kerb.type.ticket.SgtTicket)
AuthorizationDataEntry(org.apache.kerby.kerberos.kerb.type.ad.AuthorizationDataEntry)
EncryptionKey(org.apache.kerby.kerberos.kerb.type.base.EncryptionKey)
KrbClient(org.apache.kerby.kerberos.kerb.client.KrbClient)
EncTicketPart(org.apache.kerby.kerberos.kerb.type.ticket.EncTicketPart)
Date(java.util.Date)
GSSException(org.ietf.jgss.GSSException)
KrbException(org.apache.kerby.kerberos.kerb.KrbException)
KrbToken(org.apache.kerby.kerberos.kerb.type.base.KrbToken)
CredentialCache(org.apache.kerby.kerberos.kerb.ccache.CredentialCache)
AdToken(org.apache.kerby.kerberos.kerb.type.ad.AdToken)
File(java.io.File)
Example 3 with EncryptionKey
use of org.apache.kerby.kerberos.kerb.type.base.EncryptionKey in project hadoop by apache.
the class TestKerberosUtil method createKeyTab.
private void createKeyTab(String fileName, String[] principalNames) throws IOException {
//create a test keytab file
List<KeytabEntry> lstEntries = new ArrayList<KeytabEntry>();
for (String principal : principalNames) {
// duplicate principals
for (int kvno = 1; kvno <= 3; kvno++) {
EncryptionKey key = new EncryptionKey(EncryptionType.NONE, "samplekey1".getBytes(), kvno);
KeytabEntry keytabEntry = new KeytabEntry(new PrincipalName(principal), new KerberosTime(), (byte) 1, key);
lstEntries.add(keytabEntry);
}
}
Keytab keytab = new Keytab();
keytab.addKeytabEntries(lstEntries);
keytab.store(new File(testKeytab));
}
Also used :
Keytab(org.apache.kerby.kerberos.kerb.keytab.Keytab)
ArrayList(java.util.ArrayList)
KerberosTime(org.apache.kerby.kerberos.kerb.type.KerberosTime)
EncryptionKey(org.apache.kerby.kerberos.kerb.type.base.EncryptionKey)
PrincipalName(org.apache.kerby.kerberos.kerb.type.base.PrincipalName)
File(java.io.File)
KeytabEntry(org.apache.kerby.kerberos.kerb.keytab.KeytabEntry)
Aggregations
File (java.io.File)3
EncryptionKey (org.apache.kerby.kerberos.kerb.type.base.EncryptionKey)3
Keytab (org.apache.kerby.kerberos.kerb.keytab.Keytab)2
KeytabEntry (org.apache.kerby.kerberos.kerb.keytab.KeytabEntry)2
PrincipalName (org.apache.kerby.kerberos.kerb.type.base.PrincipalName)2
ArrayList (java.util.ArrayList)1
Date (java.util.Date)1
KerberosTicket (javax.security.auth.kerberos.KerberosTicket)1
JwtClaims (org.apache.cxf.rs.security.jose.jwt.JwtClaims)1
KrbException (org.apache.kerby.kerberos.kerb.KrbException)1
Credential (org.apache.kerby.kerberos.kerb.ccache.Credential)1
CredentialCache (org.apache.kerby.kerberos.kerb.ccache.CredentialCache)1
KrbClient (org.apache.kerby.kerberos.kerb.client.KrbClient)1
KrbTokenClient (org.apache.kerby.kerberos.kerb.client.KrbTokenClient)1
KerberosTime (org.apache.kerby.kerberos.kerb.type.KerberosTime)1
AdToken (org.apache.kerby.kerberos.kerb.type.ad.AdToken)1
AuthorizationData (org.apache.kerby.kerberos.kerb.type.ad.AuthorizationData)1
AuthorizationDataEntry (org.apache.kerby.kerberos.kerb.type.ad.AuthorizationDataEntry)1
KrbToken (org.apache.kerby.kerberos.kerb.type.base.KrbToken)1
EncTicketPart (org.apache.kerby.kerberos.kerb.type.ticket.EncTicketPart)1
