use of org.ietf.jgss.GSSException in project jdk8u_jdk by JetBrains.
the class MechTokenMissing method main.
public static void main(String[] args) throws Exception {
GSSCredential cred = null;
GSSContext ctx = GSSManager.getInstance().createContext(cred);
String var = /*0000*/
"60 1C 06 06 2B 06 01 05 05 02 A0 12 30 10 A0 0E " + /*0010*/
"30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A ";
byte[] token = new byte[var.length() / 3];
for (int i = 0; i < token.length; i++) {
token[i] = Integer.valueOf(var.substring(3 * i, 3 * i + 2), 16).byteValue();
}
try {
ctx.acceptSecContext(token, 0, token.length);
} catch (GSSException gsse) {
System.out.println("Expected exception: " + gsse);
}
}
use of org.ietf.jgss.GSSException in project jdk8u_jdk by JetBrains.
the class PassSysProps method main.
public static void main(String[] args) throws Exception {
String authorizationId = null;
String protocol = "ldap";
String serverName = "server1";
CallbackHandler callbackHandler = new CallbackHandler() {
public void handle(Callback[] callbacks) {
}
};
// pass in system properties
Properties sysprops = System.getProperties();
SaslClient client1 = Sasl.createSaslClient(new String[] { DIGEST, PLAIN }, authorizationId, protocol, serverName, (Map) sysprops, callbackHandler);
System.out.println(client1);
SaslServer server1 = Sasl.createSaslServer(DIGEST, protocol, serverName, (Map) sysprops, callbackHandler);
System.out.println(server1);
// pass in string-valued props
Map<String, String> stringProps = new Hashtable<String, String>();
stringProps.put(Sasl.POLICY_NOPLAINTEXT, "true");
try {
SaslClient client2 = Sasl.createSaslClient(new String[] { GSSAPI, PLAIN }, authorizationId, protocol, serverName, stringProps, callbackHandler);
System.out.println(client2);
SaslServer server2 = Sasl.createSaslServer(GSSAPI, protocol, serverName, stringProps, callbackHandler);
System.out.println(server2);
} catch (SaslException se) {
Throwable t = se.getCause();
if (t instanceof GSSException) {
// allow GSSException because kerberos has not been initialized
} else {
throw se;
}
}
// pass in object-valued props
Map<String, Object> objProps = new Hashtable<String, Object>();
objProps.put("some.object.valued.property", System.err);
SaslClient client3 = Sasl.createSaslClient(new String[] { EXTERNAL, CRAM }, authorizationId, protocol, serverName, objProps, callbackHandler);
System.out.println(client3);
SaslServer server3 = Sasl.createSaslServer(CRAM, protocol, serverName, objProps, callbackHandler);
System.out.println(server3);
// pass in raw-type props
Map rawProps = new Hashtable();
rawProps.put(Sasl.POLICY_NOPLAINTEXT, "true");
rawProps.put("some.object.valued.property", System.err);
SaslClient client4 = Sasl.createSaslClient(new String[] { EXTERNAL, CRAM }, authorizationId, protocol, serverName, rawProps, callbackHandler);
System.out.println(client4);
SaslServer server4 = Sasl.createSaslServer(CRAM, protocol, serverName, rawProps, callbackHandler);
System.out.println(server4);
}
use of org.ietf.jgss.GSSException in project jdk8u_jdk by JetBrains.
the class OkAsDelegateXRealm method main.
/**
* @param args boolean if the program should succeed
*/
public static void main(String[] args) throws Exception {
// Create and start the KDCs. Here we have 3 realms: R1, R2 and R3.
// R1 is trusted by R2, and R2 trusted by R3.
KDC kdc1 = KDC.create("R1");
kdc1.setOption(KDC.Option.OK_AS_DELEGATE, System.getProperty("test.kdc.policy.ok-as-delegate"));
kdc1.addPrincipal("dummy", "bogus".toCharArray());
kdc1.addPrincipalRandKey("krbtgt/R1");
kdc1.addPrincipal("krbtgt/R2@R1", "r1->r2".toCharArray());
KDC kdc2 = KDC.create("R2");
kdc2.setOption(KDC.Option.OK_AS_DELEGATE, System.getProperty("test.kdc.policy.ok-as-delegate"));
kdc2.addPrincipalRandKey("krbtgt/R2");
kdc2.addPrincipal("krbtgt/R2@R1", "r1->r2".toCharArray());
kdc2.addPrincipal("krbtgt/R3@R2", "r2->r3".toCharArray());
KDC kdc3 = KDC.create("R3");
kdc3.setOption(KDC.Option.OK_AS_DELEGATE, System.getProperty("test.kdc.policy.ok-as-delegate"));
kdc3.addPrincipalRandKey("krbtgt/R3");
kdc3.addPrincipal("krbtgt/R3@R2", "r2->r3".toCharArray());
kdc3.addPrincipalRandKey("host/host.r3.local");
KDC.saveConfig("krb5-localkdc.conf", kdc1, kdc2, kdc3, "forwardable=true", "[capaths]", "R1 = {", " R2 = .", " R3 = R2", "}", "[domain_realm]", ".r3.local=R3");
System.setProperty("java.security.krb5.conf", "krb5-localkdc.conf");
kdc3.writeKtab("localkdc.ktab");
FileOutputStream fos = new FileOutputStream("jaas-localkdc.conf");
// Defines the client and server on R1 and R3 respectively.
fos.write(("com.sun.security.jgss.krb5.initiate {\n" + " com.sun.security.auth.module.Krb5LoginModule\n" + " required\n" + " principal=dummy\n" + " doNotPrompt=false\n" + " useTicketCache=false\n" + " ;\n};\n" + "com.sun.security.jgss.krb5.accept {\n" + " com.sun.security.auth.module.Krb5LoginModule required\n" + " principal=\"host/host.r3.local@R3\"\n" + " useKeyTab=true\n" + " keyTab=localkdc.ktab\n" + " isInitiator=false\n" + " storeKey=true;\n};\n" + "\n").getBytes());
fos.close();
Security.setProperty("auth.login.defaultCallbackHandler", "OkAsDelegateXRealm");
System.setProperty("java.security.auth.login.config", "jaas-localkdc.conf");
Config.refresh();
Context c = Context.fromJAAS("com.sun.security.jgss.krb5.initiate");
Context s = Context.fromJAAS("com.sun.security.jgss.krb5.accept");
for (int i = 0; i < 2; i++) {
c.startAsClient("host@host.r3.local", GSSUtil.GSS_KRB5_MECH_OID);
s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);
c.x().requestDelegPolicy(true);
Context.handshake(c, s);
boolean succeed = true;
try {
s.x().getDelegCred();
} catch (GSSException gsse) {
succeed = false;
}
if (succeed != Boolean.parseBoolean(args[0])) {
throw new Exception("Test fail at round #" + i);
}
}
}
use of org.ietf.jgss.GSSException in project OpenAM by OpenRock.
the class WindowsDesktopSSO method authenticateToken.
private void authenticateToken(final byte[] kerberosToken, final Set<String> trustedRealms) throws AuthLoginException, GSSException, Exception {
debug.message("In authenticationToken ...");
Subject.doAs(serviceSubject, new PrivilegedExceptionAction() {
public Object run() throws Exception {
GSSContext context = GSSManager.getInstance().createContext((GSSCredential) null);
if (debug.messageEnabled()) {
debug.message("Context created.");
}
byte[] outToken = context.acceptSecContext(kerberosToken, 0, kerberosToken.length);
if (outToken != null) {
if (debug.messageEnabled()) {
debug.message("Token returned from acceptSecContext: \n" + DerValue.printByteArray(outToken, 0, outToken.length));
}
}
if (!context.isEstablished()) {
debug.error("Cannot establish context !");
throw new AuthLoginException(amAuthWindowsDesktopSSO, "context", null);
} else {
if (debug.messageEnabled()) {
debug.message("Context established !");
}
GSSName user = context.getSrcName();
final String userPrincipalName = user.toString();
// expected default behaviour.
if (!trustedRealms.isEmpty()) {
boolean foundTrustedRealm = false;
for (final String trustedRealm : trustedRealms) {
if (isTokenTrusted(userPrincipalName, trustedRealm)) {
foundTrustedRealm = true;
break;
}
}
if (!foundTrustedRealm) {
debug.error("Kerberos token for " + userPrincipalName + " not trusted");
final String[] data = { userPrincipalName };
throw new AuthLoginException(amAuthWindowsDesktopSSO, "untrustedToken", data);
}
}
// perform the search.
if (lookupUserInRealm) {
String org = getRequestOrg();
String userValue = getUserName(userPrincipalName);
String userName = searchUserAccount(userValue, org);
if (userName != null && !userName.isEmpty()) {
storeUsernamePasswd(userValue, null);
} else {
String[] data = { userValue, org };
debug.error("WindowsDesktopSSO.authenticateToken: " + ": Unable to find the user " + userValue);
throw new AuthLoginException(amAuthWindowsDesktopSSO, "notfound", data);
}
}
if (debug.messageEnabled()) {
debug.message("WindowsDesktopSSO.authenticateToken:" + "User authenticated: " + user.toString());
}
if (user != null) {
setPrincipal(userPrincipalName);
}
}
context.dispose();
return null;
}
});
}
use of org.ietf.jgss.GSSException in project ats-framework by Axway.
the class GGSSchemeBase method authenticate.
@Override
public Header authenticate(final Credentials credentials, final HttpRequest request, final HttpContext context) throws AuthenticationException {
if (request == null) {
throw new IllegalArgumentException("HTTP request may not be null");
}
switch(state) {
case UNINITIATED:
throw new AuthenticationException(getSchemeName() + " authentication has not been initiated");
case FAILED:
throw new AuthenticationException(getSchemeName() + " authentication has failed");
case CHALLENGE_RECEIVED:
try {
token = generateToken(token);
state = State.TOKEN_GENERATED;
} catch (GSSException gsse) {
state = State.FAILED;
if (gsse.getMajor() == GSSException.DEFECTIVE_CREDENTIAL || gsse.getMajor() == GSSException.CREDENTIALS_EXPIRED)
throw new InvalidCredentialsException(gsse.getMessage(), gsse);
if (gsse.getMajor() == GSSException.NO_CRED)
throw new InvalidCredentialsException(gsse.getMessage(), gsse);
if (gsse.getMajor() == GSSException.DEFECTIVE_TOKEN || gsse.getMajor() == GSSException.DUPLICATE_TOKEN || gsse.getMajor() == GSSException.OLD_TOKEN)
throw new AuthenticationException(gsse.getMessage(), gsse);
// other error
throw new AuthenticationException(gsse.getMessage());
}
// continue to next case block
case TOKEN_GENERATED:
String tokenstr = new String(base64codec.encode(token));
if (log.isDebugEnabled()) {
log.debug("Sending response '" + tokenstr + "' back to the auth server");
}
return new BasicHeader("Authorization", "Negotiate " + tokenstr);
default:
throw new IllegalStateException("Illegal state: " + state);
}
}
Aggregations