Example 6 with TgtTicket
use of org.apache.kerby.kerberos.kerb.type.ticket.TgtTicket in project testcases by coheigea.
the class TokenPreAuthTest method jwtUnitTestIdentity.
@org.junit.Test
public void jwtUnitTestIdentity() throws Exception {
// Get a TGT
KrbClient client = new KrbClient();
client.setKdcHost("localhost");
client.setKdcTcpPort(kerbyServer.getKdcPort());
client.setAllowUdp(false);
client.setKdcRealm(kerbyServer.getKdcSetting().getKdcRealm());
client.init();
TgtTicket tgt = client.requestTgt("alice@service.ws.apache.org", "alice");
assertNotNull(tgt);
// Write to cache
Credential credential = new Credential(tgt);
CredentialCache cCache = new CredentialCache();
cCache.addCredential(credential);
cCache.setPrimaryPrincipal(tgt.getClientPrincipal());
File cCacheFile = File.createTempFile("krb5_alice@service.ws.apache.org", "cc");
cCache.store(cCacheFile);
KrbTokenClient tokenClient = new KrbTokenClient(client);
tokenClient.setKdcHost("localhost");
tokenClient.setKdcTcpPort(kerbyServer.getKdcPort());
tokenClient.setAllowUdp(false);
tokenClient.setKdcRealm(kerbyServer.getKdcSetting().getKdcRealm());
tokenClient.init();
// Create a JWT token using CXF
JwtClaims claims = new JwtClaims();
claims.setSubject("alice");
claims.setIssuer("DoubleItSTSIssuer");
claims.setIssuedAt(new Date().getTime() / 1000L);
claims.setExpiryTime(new Date().getTime() + (60L + 1000L));
String address = "krbtgt/service.ws.apache.org@service.ws.apache.org";
claims.setAudiences(Collections.singletonList(address));
// Wrap it in a KrbToken + sign it
CXFKrbToken krbToken = new CXFKrbToken(claims, true);
krbToken.sign();
// Now get a TGT using the JWT token
tgt = tokenClient.requestTgt(krbToken, cCacheFile.getPath());
// Now get a SGT using the TGT
SgtTicket tkt;
try {
tkt = tokenClient.requestSgt(tgt, "bob/service.ws.apache.org@service.ws.apache.org");
assertTrue(tkt != null);
} catch (Exception e) {
e.printStackTrace();
Assert.fail();
}
cCacheFile.delete();
}
Also used :
TgtTicket(org.apache.kerby.kerberos.kerb.type.ticket.TgtTicket)
GSSCredential(org.ietf.jgss.GSSCredential)
Credential(org.apache.kerby.kerberos.kerb.ccache.Credential)
KrbTokenClient(org.apache.kerby.kerberos.kerb.client.KrbTokenClient)
JwtClaims(org.apache.cxf.rs.security.jose.jwt.JwtClaims)
SgtTicket(org.apache.kerby.kerberos.kerb.type.ticket.SgtTicket)
CredentialCache(org.apache.kerby.kerberos.kerb.ccache.CredentialCache)
KrbClient(org.apache.kerby.kerberos.kerb.client.KrbClient)
File(java.io.File)
Date(java.util.Date)
GSSException(org.ietf.jgss.GSSException)
KrbException(org.apache.kerby.kerberos.kerb.KrbException)
Aggregations
TgtTicket (org.apache.kerby.kerberos.kerb.type.ticket.TgtTicket)6
KrbException (org.apache.kerby.kerberos.kerb.KrbException)5
KrbClient (org.apache.kerby.kerberos.kerb.client.KrbClient)5
SgtTicket (org.apache.kerby.kerberos.kerb.type.ticket.SgtTicket)5
File (java.io.File)4
GSSException (org.ietf.jgss.GSSException)4
Date (java.util.Date)3
JwtClaims (org.apache.cxf.rs.security.jose.jwt.JwtClaims)3
Credential (org.apache.kerby.kerberos.kerb.ccache.Credential)3
CredentialCache (org.apache.kerby.kerberos.kerb.ccache.CredentialCache)3
GSSCredential (org.ietf.jgss.GSSCredential)3
KerberosTicket (javax.security.auth.kerberos.KerberosTicket)2
KrbTokenClient (org.apache.kerby.kerberos.kerb.client.KrbTokenClient)2
FileInputStream (java.io.FileInputStream)1
FileOutputStream (java.io.FileOutputStream)1
KeyStore (java.security.KeyStore)1
Properties (java.util.Properties)1
Subject (javax.security.auth.Subject)1
KerberosPrincipal (javax.security.auth.kerberos.KerberosPrincipal)1
LoginContext (javax.security.auth.login.LoginContext)1
