use of org.ietf.jgss.GSSCredential in project jdk8u_jdk by JetBrains.
the class MSOID method main.
public static void main(String[] args) throws Exception {
// msoid.txt is a NegTokenInit packet sent from Internet Explorer to
// IIS server on a test machine. No sensitive info included.
byte[] header = Files.readAllBytes(Paths.get(System.getProperty("test.src"), "msoid.txt"));
byte[] token = Base64.getMimeDecoder().decode(Arrays.copyOfRange(header, 10, header.length));
GSSCredential cred = null;
GSSContext ctx = GSSManager.getInstance().createContext(cred);
try {
ctx.acceptSecContext(token, 0, token.length);
// and acceptor chooses another mech and goes on
throw new Exception("Should fail");
} catch (GSSException gsse) {
// After the fix, GSS_KRB5_MECH_OID_MS is recognized but the token
// cannot be accepted because we don't have any krb5 credential.
gsse.printStackTrace();
if (gsse.getMajor() != GSSException.NO_CRED) {
throw gsse;
}
for (StackTraceElement st : gsse.getStackTrace()) {
if (st.getClassName().startsWith("sun.security.jgss.krb5.")) {
// Good, it is already in krb5 mech's hand.
return;
}
}
throw gsse;
}
}
use of org.ietf.jgss.GSSCredential in project jdk8u_jdk by JetBrains.
the class Context method delegated.
/**
* Using the delegated credentials from a previous acceptor
* @param c
*/
public Context delegated() throws Exception {
Context out = new Context();
out.s = s;
try {
out.cred = Subject.doAs(s, new PrivilegedExceptionAction<GSSCredential>() {
@Override
public GSSCredential run() throws Exception {
GSSCredential cred = x.getDelegCred();
if (cred == null && x.getCredDelegState() || cred != null && !x.getCredDelegState()) {
throw new Exception("getCredDelegState not match");
}
return cred;
}
});
} catch (PrivilegedActionException pae) {
throw pae.getException();
}
out.name = name + " as " + out.cred.getName().toString();
return out;
}
use of org.ietf.jgss.GSSCredential in project jdk8u_jdk by JetBrains.
the class SpnegoLifeTime method main.
public static void main(String[] args) throws Exception {
Oid oid = GSSUtil.GSS_SPNEGO_MECH_OID;
new OneKDC(null).writeJAASConf();
Context c, s;
c = Context.fromJAAS("client");
s = Context.fromJAAS("server");
c.startAsClient(OneKDC.SERVER, oid);
c.x().requestCredDeleg(true);
s.startAsServer(oid);
Context.handshake(c, s);
GSSCredential cred = s.delegated().cred();
cred.getRemainingInitLifetime(oid);
cred.getUsage(oid);
}
use of org.ietf.jgss.GSSCredential in project jdk8u_jdk by JetBrains.
the class OkAsDelegate method go.
void go(boolean forwardable, boolean requestDelegState, boolean requestDelegPolicyState, boolean delegState, boolean delegPolicyState, boolean delegated) throws Exception {
OneKDC kdc = new OneKDC(null);
kdc.setOption(KDC.Option.OK_AS_DELEGATE, System.getProperty("test.kdc.policy.ok-as-delegate"));
kdc.writeJAASConf();
if (!forwardable) {
// The default OneKDC always includes "forwardable = true"
// in krb5.conf, override it.
KDC.saveConfig(OneKDC.KRB5_CONF, kdc, "default_keytab_name = " + OneKDC.KTAB);
Config.refresh();
}
Context c, s;
c = Context.fromJAAS("client");
s = Context.fromJAAS("com.sun.security.jgss.krb5.accept");
Oid mech = GSSUtil.GSS_KRB5_MECH_OID;
if (System.getProperty("test.spnego") != null) {
mech = GSSUtil.GSS_SPNEGO_MECH_OID;
}
c.startAsClient(OneKDC.SERVER, mech);
ExtendedGSSContext cx = (ExtendedGSSContext) c.x();
cx.requestCredDeleg(requestDelegState);
cx.requestDelegPolicy(requestDelegPolicyState);
s.startAsServer(mech);
ExtendedGSSContext sx = (ExtendedGSSContext) s.x();
Context.handshake(c, s);
if (cx.getCredDelegState() != delegState) {
throw new Exception("Initiator cred state error");
}
if (sx.getCredDelegState() != delegState) {
throw new Exception("Acceptor cred state error");
}
if (cx.getDelegPolicyState() != delegPolicyState) {
throw new Exception("Initiator cred policy state error");
}
GSSCredential cred = null;
try {
cred = s.x().getDelegCred();
} catch (GSSException e) {
// leave cred as null
}
if (delegated != (cred != null)) {
throw new Exception("get cred error");
}
}
use of org.ietf.jgss.GSSCredential in project jdk8u_jdk by JetBrains.
the class LifeTimeInSeconds method main.
public static void main(String[] args) throws Exception {
new OneKDC(null).writeJAASConf();
System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
GSSManager gm = GSSManager.getInstance();
GSSCredential cred = gm.createCredential(GSSCredential.INITIATE_AND_ACCEPT);
int time = cred.getRemainingLifetime();
int time2 = cred.getRemainingInitLifetime(null);
// The test KDC issues a TGT with a default lifetime of 11 hours
int elevenhrs = 11 * 3600;
if (time > elevenhrs + 60 || time < elevenhrs - 60) {
throw new Exception("getRemainingLifetime returns wrong value.");
}
if (time2 > elevenhrs + 60 || time2 < elevenhrs - 60) {
throw new Exception("getRemainingInitLifetime returns wrong value.");
}
}
Aggregations