Search in sources :

Example 6 with TgtTicket

use of org.apache.kerby.kerberos.kerb.type.ticket.TgtTicket in project testcases by coheigea.

the class TokenPreAuthTest method jwtUnitTestIdentity.

@org.junit.Test
public void jwtUnitTestIdentity() throws Exception {
    // Get a TGT
    KrbClient client = new KrbClient();
    client.setKdcHost("localhost");
    client.setKdcTcpPort(kerbyServer.getKdcPort());
    client.setAllowUdp(false);
    client.setKdcRealm(kerbyServer.getKdcSetting().getKdcRealm());
    client.init();
    TgtTicket tgt = client.requestTgt("alice@service.ws.apache.org", "alice");
    assertNotNull(tgt);
    // Write to cache
    Credential credential = new Credential(tgt);
    CredentialCache cCache = new CredentialCache();
    cCache.addCredential(credential);
    cCache.setPrimaryPrincipal(tgt.getClientPrincipal());
    File cCacheFile = File.createTempFile("krb5_alice@service.ws.apache.org", "cc");
    cCache.store(cCacheFile);
    KrbTokenClient tokenClient = new KrbTokenClient(client);
    tokenClient.setKdcHost("localhost");
    tokenClient.setKdcTcpPort(kerbyServer.getKdcPort());
    tokenClient.setAllowUdp(false);
    tokenClient.setKdcRealm(kerbyServer.getKdcSetting().getKdcRealm());
    tokenClient.init();
    // Create a JWT token using CXF
    JwtClaims claims = new JwtClaims();
    claims.setSubject("alice");
    claims.setIssuer("DoubleItSTSIssuer");
    claims.setIssuedAt(new Date().getTime() / 1000L);
    claims.setExpiryTime(new Date().getTime() + (60L + 1000L));
    String address = "krbtgt/service.ws.apache.org@service.ws.apache.org";
    claims.setAudiences(Collections.singletonList(address));
    // Wrap it in a KrbToken + sign it
    CXFKrbToken krbToken = new CXFKrbToken(claims, true);
    krbToken.sign();
    // Now get a TGT using the JWT token
    tgt = tokenClient.requestTgt(krbToken, cCacheFile.getPath());
    // Now get a SGT using the TGT
    SgtTicket tkt;
    try {
        tkt = tokenClient.requestSgt(tgt, "bob/service.ws.apache.org@service.ws.apache.org");
        assertTrue(tkt != null);
    } catch (Exception e) {
        e.printStackTrace();
        Assert.fail();
    }
    cCacheFile.delete();
}
Also used : TgtTicket(org.apache.kerby.kerberos.kerb.type.ticket.TgtTicket) GSSCredential(org.ietf.jgss.GSSCredential) Credential(org.apache.kerby.kerberos.kerb.ccache.Credential) KrbTokenClient(org.apache.kerby.kerberos.kerb.client.KrbTokenClient) JwtClaims(org.apache.cxf.rs.security.jose.jwt.JwtClaims) SgtTicket(org.apache.kerby.kerberos.kerb.type.ticket.SgtTicket) CredentialCache(org.apache.kerby.kerberos.kerb.ccache.CredentialCache) KrbClient(org.apache.kerby.kerberos.kerb.client.KrbClient) File(java.io.File) Date(java.util.Date) GSSException(org.ietf.jgss.GSSException) KrbException(org.apache.kerby.kerberos.kerb.KrbException)

Aggregations

TgtTicket (org.apache.kerby.kerberos.kerb.type.ticket.TgtTicket)6 KrbException (org.apache.kerby.kerberos.kerb.KrbException)5 KrbClient (org.apache.kerby.kerberos.kerb.client.KrbClient)5 SgtTicket (org.apache.kerby.kerberos.kerb.type.ticket.SgtTicket)5 File (java.io.File)4 GSSException (org.ietf.jgss.GSSException)4 Date (java.util.Date)3 JwtClaims (org.apache.cxf.rs.security.jose.jwt.JwtClaims)3 Credential (org.apache.kerby.kerberos.kerb.ccache.Credential)3 CredentialCache (org.apache.kerby.kerberos.kerb.ccache.CredentialCache)3 GSSCredential (org.ietf.jgss.GSSCredential)3 KerberosTicket (javax.security.auth.kerberos.KerberosTicket)2 KrbTokenClient (org.apache.kerby.kerberos.kerb.client.KrbTokenClient)2 FileInputStream (java.io.FileInputStream)1 FileOutputStream (java.io.FileOutputStream)1 KeyStore (java.security.KeyStore)1 Properties (java.util.Properties)1 Subject (javax.security.auth.Subject)1 KerberosPrincipal (javax.security.auth.kerberos.KerberosPrincipal)1 LoginContext (javax.security.auth.login.LoginContext)1