Examples with SgtTicket org.apache.kerby.kerberos.kerb.type.ticket.SgtTicket used on opensource projects

Search in sources :

Example 1 with SgtTicket

use of org.apache.kerby.kerberos.kerb.type.ticket.SgtTicket in project testcases by coheigea.

the class AnonymousPKInitTest method unitTest.

@org.junit.Test
public void unitTest() throws Exception {
    KrbPkinitClient client = new KrbPkinitClient();
    client.setKdcHost("localhost");
    client.setKdcTcpPort(kerbyServer.getKdcPort());
    client.setAllowUdp(false);
    // client.setKdcUdpPort(Integer.parseInt(KDC_UDP_PORT));
    client.setKdcRealm(kerbyServer.getKdcSetting().getKdcRealm());
    // client.getKrbConfig().setString(KrbConfigKey.PKINIT_ANCHORS, "myclient.cer");
    String pkinitAnchors = AnonymousPKInitTest.class.getResource("/cacerttest.pem").getPath();
    client.getKrbConfig().setString(KrbConfigKey.PKINIT_ANCHORS, pkinitAnchors);
    client.init();
    try {
        TgtTicket tgt = client.requestTgt();
        assertTrue(tgt != null);
        SgtTicket tkt = client.requestSgt(tgt, "bob/service.ws.apache.org@service.ws.apache.org");
        assertTrue(tkt != null);
    } catch (Exception e) {
        e.printStackTrace();
        Assert.fail();
    }
}
Also used : TgtTicket(org.apache.kerby.kerberos.kerb.type.ticket.TgtTicket) SgtTicket(org.apache.kerby.kerberos.kerb.type.ticket.SgtTicket) KrbPkinitClient(org.apache.kerby.kerberos.kerb.client.KrbPkinitClient) KrbException(org.apache.kerby.kerberos.kerb.KrbException)

Example 2 with SgtTicket

use of org.apache.kerby.kerberos.kerb.type.ticket.SgtTicket in project testcases by coheigea.

the class AuthenticationTest method unitTestUsingKrb5Conf.

@org.junit.Test
public void unitTestUsingKrb5Conf() throws Exception {
    File confFile = new File(System.getProperty(Krb5Conf.KRB5_CONF));
    KrbConfig krbConfig = new KrbConfig();
    krbConfig.addKrb5Config(confFile);
    KrbClient client = new KrbClient(krbConfig);
    client.init();
    TgtTicket tgt;
    SgtTicket tkt;
    try {
        tgt = client.requestTgt("alice@service.ws.apache.org", "alice");
        assertTrue(tgt != null);
        tkt = client.requestSgt(tgt, "bob/service.ws.apache.org@service.ws.apache.org");
        assertTrue(tkt != null);
    } catch (Exception e) {
        e.printStackTrace();
        Assert.fail();
    }
}
Also used : TgtTicket(org.apache.kerby.kerberos.kerb.type.ticket.TgtTicket) KrbConfig(org.apache.kerby.kerberos.kerb.client.KrbConfig) SgtTicket(org.apache.kerby.kerberos.kerb.type.ticket.SgtTicket) KrbClient(org.apache.kerby.kerberos.kerb.client.KrbClient) File(java.io.File) KrbException(org.apache.kerby.kerberos.kerb.KrbException) GSSException(org.ietf.jgss.GSSException)

Example 3 with SgtTicket

use of org.apache.kerby.kerberos.kerb.type.ticket.SgtTicket in project testcases by coheigea.

the class TokenPreAuthTest method jwtUnitTestAccess.

@org.junit.Test
public void jwtUnitTestAccess() throws Exception {
    // Get a TGT
    KrbClient client = new KrbClient();
    client.setKdcHost("localhost");
    client.setKdcTcpPort(kerbyServer.getKdcPort());
    client.setAllowUdp(false);
    client.setKdcRealm(kerbyServer.getKdcSetting().getKdcRealm());
    client.init();
    TgtTicket tgt = client.requestTgt("alice@service.ws.apache.org", "alice");
    assertNotNull(tgt);
    // Write to cache
    Credential credential = new Credential(tgt);
    CredentialCache cCache = new CredentialCache();
    cCache.addCredential(credential);
    cCache.setPrimaryPrincipal(tgt.getClientPrincipal());
    File cCacheFile = File.createTempFile("krb5_alice@service.ws.apache.org", "cc");
    cCache.store(cCacheFile);
    KrbTokenClient tokenClient = new KrbTokenClient(client);
    tokenClient.setKdcHost("localhost");
    tokenClient.setKdcTcpPort(kerbyServer.getKdcPort());
    tokenClient.setAllowUdp(false);
    tokenClient.setKdcRealm(kerbyServer.getKdcSetting().getKdcRealm());
    tokenClient.init();
    // Create a JWT token using CXF
    JwtClaims claims = new JwtClaims();
    claims.setSubject("alice");
    claims.setIssuer("DoubleItSTSIssuer");
    claims.setIssuedAt(new Date().getTime() / 1000L);
    claims.setExpiryTime(new Date().getTime() + (60L + 1000L));
    String address = "bob/service.ws.apache.org@service.ws.apache.org";
    claims.setAudiences(Collections.singletonList(address));
    // Wrap it in a KrbToken + sign it
    CXFKrbToken krbToken = new CXFKrbToken(claims, false);
    krbToken.sign();
    // Now get a SGT using the JWT
    SgtTicket tkt;
    try {
        tkt = tokenClient.requestSgt(krbToken, "bob/service.ws.apache.org@service.ws.apache.org", cCacheFile.getPath());
        assertTrue(tkt != null);
        // Decrypt the ticket
        Ticket ticket = tkt.getTicket();
        String bob = "bob/service.ws.apache.org@service.ws.apache.org";
        EncryptionKey key = EncryptionHandler.string2Key(bob, "bob", ticket.getEncryptedEncPart().getEType());
        EncTicketPart encPart = EncryptionUtil.unseal(ticket.getEncryptedEncPart(), key, KeyUsage.KDC_REP_TICKET, EncTicketPart.class);
        // Examine the authorization data
        AuthorizationData authzData = encPart.getAuthorizationData();
        assertEquals(1, authzData.getElements().size());
        AuthorizationDataEntry dataEntry = authzData.getElements().iterator().next();
        AdToken token = dataEntry.getAuthzDataAs(AdToken.class);
        KrbToken decodedKrbToken = token.getToken();
        assertEquals("alice", decodedKrbToken.getSubject());
        assertEquals(address, decodedKrbToken.getAudiences().get(0));
    } catch (Exception e) {
        e.printStackTrace();
        Assert.fail();
    }
    cCacheFile.delete();
}
Also used : TgtTicket(org.apache.kerby.kerberos.kerb.type.ticket.TgtTicket) KerberosTicket(javax.security.auth.kerberos.KerberosTicket) TgtTicket(org.apache.kerby.kerberos.kerb.type.ticket.TgtTicket) Ticket(org.apache.kerby.kerberos.kerb.type.ticket.Ticket) SgtTicket(org.apache.kerby.kerberos.kerb.type.ticket.SgtTicket) GSSCredential(org.ietf.jgss.GSSCredential) Credential(org.apache.kerby.kerberos.kerb.ccache.Credential) KrbTokenClient(org.apache.kerby.kerberos.kerb.client.KrbTokenClient) AuthorizationData(org.apache.kerby.kerberos.kerb.type.ad.AuthorizationData) JwtClaims(org.apache.cxf.rs.security.jose.jwt.JwtClaims) SgtTicket(org.apache.kerby.kerberos.kerb.type.ticket.SgtTicket) AuthorizationDataEntry(org.apache.kerby.kerberos.kerb.type.ad.AuthorizationDataEntry) EncryptionKey(org.apache.kerby.kerberos.kerb.type.base.EncryptionKey) KrbClient(org.apache.kerby.kerberos.kerb.client.KrbClient) EncTicketPart(org.apache.kerby.kerberos.kerb.type.ticket.EncTicketPart) Date(java.util.Date) GSSException(org.ietf.jgss.GSSException) KrbException(org.apache.kerby.kerberos.kerb.KrbException) KrbToken(org.apache.kerby.kerberos.kerb.type.base.KrbToken) CredentialCache(org.apache.kerby.kerberos.kerb.ccache.CredentialCache) AdToken(org.apache.kerby.kerberos.kerb.type.ad.AdToken) File(java.io.File)

Example 4 with SgtTicket

use of org.apache.kerby.kerberos.kerb.type.ticket.SgtTicket in project testcases by coheigea.

the class AuthenticationTest method unitTest.

@org.junit.Test
public void unitTest() throws Exception {
    KrbClient client = new KrbClient();
    client.setKdcHost("localhost");
    client.setKdcTcpPort(kerbyServer.getKdcPort());
    client.setAllowUdp(false);
    // client.setKdcUdpPort(Integer.parseInt(KDC_UDP_PORT));
    client.setKdcRealm(kerbyServer.getKdcSetting().getKdcRealm());
    client.init();
    TgtTicket tgt;
    SgtTicket tkt;
    try {
        tgt = client.requestTgt("alice@service.ws.apache.org", "alice");
        assertTrue(tgt != null);
        tkt = client.requestSgt(tgt, "bob/service.ws.apache.org@service.ws.apache.org");
        assertTrue(tkt != null);
    } catch (Exception e) {
        e.printStackTrace();
        Assert.fail();
    }
}
Also used : TgtTicket(org.apache.kerby.kerberos.kerb.type.ticket.TgtTicket) SgtTicket(org.apache.kerby.kerberos.kerb.type.ticket.SgtTicket) KrbClient(org.apache.kerby.kerberos.kerb.client.KrbClient) KrbException(org.apache.kerby.kerberos.kerb.KrbException) GSSException(org.ietf.jgss.GSSException)

Example 5 with SgtTicket

use of org.apache.kerby.kerberos.kerb.type.ticket.SgtTicket in project testcases by coheigea.

the class TokenPreAuthTest method jwtUnitTestIdentity.

@org.junit.Test
public void jwtUnitTestIdentity() throws Exception {
    // Get a TGT
    KrbClient client = new KrbClient();
    client.setKdcHost("localhost");
    client.setKdcTcpPort(kerbyServer.getKdcPort());
    client.setAllowUdp(false);
    client.setKdcRealm(kerbyServer.getKdcSetting().getKdcRealm());
    client.init();
    TgtTicket tgt = client.requestTgt("alice@service.ws.apache.org", "alice");
    assertNotNull(tgt);
    // Write to cache
    Credential credential = new Credential(tgt);
    CredentialCache cCache = new CredentialCache();
    cCache.addCredential(credential);
    cCache.setPrimaryPrincipal(tgt.getClientPrincipal());
    File cCacheFile = File.createTempFile("krb5_alice@service.ws.apache.org", "cc");
    cCache.store(cCacheFile);
    KrbTokenClient tokenClient = new KrbTokenClient(client);
    tokenClient.setKdcHost("localhost");
    tokenClient.setKdcTcpPort(kerbyServer.getKdcPort());
    tokenClient.setAllowUdp(false);
    tokenClient.setKdcRealm(kerbyServer.getKdcSetting().getKdcRealm());
    tokenClient.init();
    // Create a JWT token using CXF
    JwtClaims claims = new JwtClaims();
    claims.setSubject("alice");
    claims.setIssuer("DoubleItSTSIssuer");
    claims.setIssuedAt(new Date().getTime() / 1000L);
    claims.setExpiryTime(new Date().getTime() + (60L + 1000L));
    String address = "krbtgt/service.ws.apache.org@service.ws.apache.org";
    claims.setAudiences(Collections.singletonList(address));
    // Wrap it in a KrbToken + sign it
    CXFKrbToken krbToken = new CXFKrbToken(claims, true);
    krbToken.sign();
    // Now get a TGT using the JWT token
    tgt = tokenClient.requestTgt(krbToken, cCacheFile.getPath());
    // Now get a SGT using the TGT
    SgtTicket tkt;
    try {
        tkt = tokenClient.requestSgt(tgt, "bob/service.ws.apache.org@service.ws.apache.org");
        assertTrue(tkt != null);
    } catch (Exception e) {
        e.printStackTrace();
        Assert.fail();
    }
    cCacheFile.delete();
}
Also used : TgtTicket(org.apache.kerby.kerberos.kerb.type.ticket.TgtTicket) GSSCredential(org.ietf.jgss.GSSCredential) Credential(org.apache.kerby.kerberos.kerb.ccache.Credential) KrbTokenClient(org.apache.kerby.kerberos.kerb.client.KrbTokenClient) JwtClaims(org.apache.cxf.rs.security.jose.jwt.JwtClaims) SgtTicket(org.apache.kerby.kerberos.kerb.type.ticket.SgtTicket) CredentialCache(org.apache.kerby.kerberos.kerb.ccache.CredentialCache) KrbClient(org.apache.kerby.kerberos.kerb.client.KrbClient) File(java.io.File) Date(java.util.Date) GSSException(org.ietf.jgss.GSSException) KrbException(org.apache.kerby.kerberos.kerb.KrbException)

Aggregations

KrbException (org.apache.kerby.kerberos.kerb.KrbException)5 SgtTicket (org.apache.kerby.kerberos.kerb.type.ticket.SgtTicket)5 TgtTicket (org.apache.kerby.kerberos.kerb.type.ticket.TgtTicket)5 KrbClient (org.apache.kerby.kerberos.kerb.client.KrbClient)4 GSSException (org.ietf.jgss.GSSException)4 File (java.io.File)3 Date (java.util.Date)2 JwtClaims (org.apache.cxf.rs.security.jose.jwt.JwtClaims)2 Credential (org.apache.kerby.kerberos.kerb.ccache.Credential)2 CredentialCache (org.apache.kerby.kerberos.kerb.ccache.CredentialCache)2 KrbTokenClient (org.apache.kerby.kerberos.kerb.client.KrbTokenClient)2 GSSCredential (org.ietf.jgss.GSSCredential)2 KerberosTicket (javax.security.auth.kerberos.KerberosTicket)1 KrbConfig (org.apache.kerby.kerberos.kerb.client.KrbConfig)1 KrbPkinitClient (org.apache.kerby.kerberos.kerb.client.KrbPkinitClient)1 AdToken (org.apache.kerby.kerberos.kerb.type.ad.AdToken)1 AuthorizationData (org.apache.kerby.kerberos.kerb.type.ad.AuthorizationData)1 AuthorizationDataEntry (org.apache.kerby.kerberos.kerb.type.ad.AuthorizationDataEntry)1 EncryptionKey (org.apache.kerby.kerberos.kerb.type.base.EncryptionKey)1 KrbToken (org.apache.kerby.kerberos.kerb.type.base.KrbToken)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial