Search in sources :

Example 41 with GSSCredential

use of org.ietf.jgss.GSSCredential in project jdk8u_jdk by JetBrains.

the class MSOID method main.

public static void main(String[] args) throws Exception {
    // msoid.txt is a NegTokenInit packet sent from Internet Explorer to
    // IIS server on a test machine. No sensitive info included.
    byte[] header = Files.readAllBytes(Paths.get(System.getProperty("test.src"), "msoid.txt"));
    byte[] token = Base64.getMimeDecoder().decode(Arrays.copyOfRange(header, 10, header.length));
    GSSCredential cred = null;
    GSSContext ctx = GSSManager.getInstance().createContext(cred);
    try {
        ctx.acceptSecContext(token, 0, token.length);
        // and acceptor chooses another mech and goes on
        throw new Exception("Should fail");
    } catch (GSSException gsse) {
        // After the fix, GSS_KRB5_MECH_OID_MS is recognized but the token
        // cannot be accepted because we don't have any krb5 credential.
        gsse.printStackTrace();
        if (gsse.getMajor() != GSSException.NO_CRED) {
            throw gsse;
        }
        for (StackTraceElement st : gsse.getStackTrace()) {
            if (st.getClassName().startsWith("sun.security.jgss.krb5.")) {
                // Good, it is already in krb5 mech's hand.
                return;
            }
        }
        throw gsse;
    }
}
Also used : GSSException(org.ietf.jgss.GSSException) GSSCredential(org.ietf.jgss.GSSCredential) GSSContext(org.ietf.jgss.GSSContext) GSSException(org.ietf.jgss.GSSException) Exception(java.lang.Exception)

Example 42 with GSSCredential

use of org.ietf.jgss.GSSCredential in project jdk8u_jdk by JetBrains.

the class Context method delegated.

/**
     * Using the delegated credentials from a previous acceptor
     * @param c
     */
public Context delegated() throws Exception {
    Context out = new Context();
    out.s = s;
    try {
        out.cred = Subject.doAs(s, new PrivilegedExceptionAction<GSSCredential>() {

            @Override
            public GSSCredential run() throws Exception {
                GSSCredential cred = x.getDelegCred();
                if (cred == null && x.getCredDelegState() || cred != null && !x.getCredDelegState()) {
                    throw new Exception("getCredDelegState not match");
                }
                return cred;
            }
        });
    } catch (PrivilegedActionException pae) {
        throw pae.getException();
    }
    out.name = name + " as " + out.cred.getName().toString();
    return out;
}
Also used : LoginContext(javax.security.auth.login.LoginContext) ExtendedGSSContext(com.sun.security.jgss.ExtendedGSSContext) GSSContext(org.ietf.jgss.GSSContext) ExtendedGSSCredential(com.sun.security.jgss.ExtendedGSSCredential) GSSCredential(org.ietf.jgss.GSSCredential) PrivilegedActionException(java.security.PrivilegedActionException) PrivilegedExceptionAction(java.security.PrivilegedExceptionAction) PrivilegedActionException(java.security.PrivilegedActionException) GSSException(org.ietf.jgss.GSSException) InvocationTargetException(java.lang.reflect.InvocationTargetException)

Example 43 with GSSCredential

use of org.ietf.jgss.GSSCredential in project jdk8u_jdk by JetBrains.

the class SpnegoLifeTime method main.

public static void main(String[] args) throws Exception {
    Oid oid = GSSUtil.GSS_SPNEGO_MECH_OID;
    new OneKDC(null).writeJAASConf();
    Context c, s;
    c = Context.fromJAAS("client");
    s = Context.fromJAAS("server");
    c.startAsClient(OneKDC.SERVER, oid);
    c.x().requestCredDeleg(true);
    s.startAsServer(oid);
    Context.handshake(c, s);
    GSSCredential cred = s.delegated().cred();
    cred.getRemainingInitLifetime(oid);
    cred.getUsage(oid);
}
Also used : GSSCredential(org.ietf.jgss.GSSCredential) Oid(org.ietf.jgss.Oid)

Example 44 with GSSCredential

use of org.ietf.jgss.GSSCredential in project jdk8u_jdk by JetBrains.

the class OkAsDelegate method go.

void go(boolean forwardable, boolean requestDelegState, boolean requestDelegPolicyState, boolean delegState, boolean delegPolicyState, boolean delegated) throws Exception {
    OneKDC kdc = new OneKDC(null);
    kdc.setOption(KDC.Option.OK_AS_DELEGATE, System.getProperty("test.kdc.policy.ok-as-delegate"));
    kdc.writeJAASConf();
    if (!forwardable) {
        // The default OneKDC always includes "forwardable = true"
        // in krb5.conf, override it.
        KDC.saveConfig(OneKDC.KRB5_CONF, kdc, "default_keytab_name = " + OneKDC.KTAB);
        Config.refresh();
    }
    Context c, s;
    c = Context.fromJAAS("client");
    s = Context.fromJAAS("com.sun.security.jgss.krb5.accept");
    Oid mech = GSSUtil.GSS_KRB5_MECH_OID;
    if (System.getProperty("test.spnego") != null) {
        mech = GSSUtil.GSS_SPNEGO_MECH_OID;
    }
    c.startAsClient(OneKDC.SERVER, mech);
    ExtendedGSSContext cx = (ExtendedGSSContext) c.x();
    cx.requestCredDeleg(requestDelegState);
    cx.requestDelegPolicy(requestDelegPolicyState);
    s.startAsServer(mech);
    ExtendedGSSContext sx = (ExtendedGSSContext) s.x();
    Context.handshake(c, s);
    if (cx.getCredDelegState() != delegState) {
        throw new Exception("Initiator cred state error");
    }
    if (sx.getCredDelegState() != delegState) {
        throw new Exception("Acceptor cred state error");
    }
    if (cx.getDelegPolicyState() != delegPolicyState) {
        throw new Exception("Initiator cred policy state error");
    }
    GSSCredential cred = null;
    try {
        cred = s.x().getDelegCred();
    } catch (GSSException e) {
    // leave cred as null
    }
    if (delegated != (cred != null)) {
        throw new Exception("get cred error");
    }
}
Also used : ExtendedGSSContext(com.sun.security.jgss.ExtendedGSSContext) ExtendedGSSContext(com.sun.security.jgss.ExtendedGSSContext) GSSException(org.ietf.jgss.GSSException) GSSCredential(org.ietf.jgss.GSSCredential) Oid(org.ietf.jgss.Oid) GSSException(org.ietf.jgss.GSSException)

Example 45 with GSSCredential

use of org.ietf.jgss.GSSCredential in project jdk8u_jdk by JetBrains.

the class LifeTimeInSeconds method main.

public static void main(String[] args) throws Exception {
    new OneKDC(null).writeJAASConf();
    System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
    GSSManager gm = GSSManager.getInstance();
    GSSCredential cred = gm.createCredential(GSSCredential.INITIATE_AND_ACCEPT);
    int time = cred.getRemainingLifetime();
    int time2 = cred.getRemainingInitLifetime(null);
    // The test KDC issues a TGT with a default lifetime of 11 hours
    int elevenhrs = 11 * 3600;
    if (time > elevenhrs + 60 || time < elevenhrs - 60) {
        throw new Exception("getRemainingLifetime returns wrong value.");
    }
    if (time2 > elevenhrs + 60 || time2 < elevenhrs - 60) {
        throw new Exception("getRemainingInitLifetime returns wrong value.");
    }
}
Also used : GSSCredential(org.ietf.jgss.GSSCredential) GSSManager(org.ietf.jgss.GSSManager)

Aggregations

GSSCredential (org.ietf.jgss.GSSCredential)66 GSSManager (org.ietf.jgss.GSSManager)38 Oid (org.ietf.jgss.Oid)36 GSSName (org.ietf.jgss.GSSName)34 GSSException (org.ietf.jgss.GSSException)33 GSSContext (org.ietf.jgss.GSSContext)28 Subject (javax.security.auth.Subject)22 Principal (java.security.Principal)19 PrivilegedActionException (java.security.PrivilegedActionException)19 IOException (java.io.IOException)9 LoginContext (javax.security.auth.login.LoginContext)9 LoginException (javax.security.auth.login.LoginException)9 PrivilegedExceptionAction (java.security.PrivilegedExceptionAction)8 KerberosCredentials (org.apache.http.auth.KerberosCredentials)7 KerberosTicket (javax.security.auth.kerberos.KerberosTicket)6 SaslException (javax.security.sasl.SaslException)6 SPNegoSchemeFactory (org.apache.http.impl.auth.SPNegoSchemeFactory)4 BasicCredentialsProvider (org.apache.http.impl.client.BasicCredentialsProvider)4 Test (org.junit.Test)4 ExtendedGSSContext (com.sun.security.jgss.ExtendedGSSContext)3