Search in sources :

Example 11 with GSSException

use of org.ietf.jgss.GSSException in project jdk8u_jdk by JetBrains.

the class MechTokenMissing method main.

public static void main(String[] args) throws Exception {
    GSSCredential cred = null;
    GSSContext ctx = GSSManager.getInstance().createContext(cred);
    String var = /*0000*/
    "60 1C 06 06 2B 06 01 05 05 02 A0 12 30 10 A0 0E " + /*0010*/
    "30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A ";
    byte[] token = new byte[var.length() / 3];
    for (int i = 0; i < token.length; i++) {
        token[i] = Integer.valueOf(var.substring(3 * i, 3 * i + 2), 16).byteValue();
    }
    try {
        ctx.acceptSecContext(token, 0, token.length);
    } catch (GSSException gsse) {
        System.out.println("Expected exception: " + gsse);
    }
}
Also used : GSSException(org.ietf.jgss.GSSException) GSSCredential(org.ietf.jgss.GSSCredential) GSSContext(org.ietf.jgss.GSSContext)

Example 12 with GSSException

use of org.ietf.jgss.GSSException in project jdk8u_jdk by JetBrains.

the class PassSysProps method main.

public static void main(String[] args) throws Exception {
    String authorizationId = null;
    String protocol = "ldap";
    String serverName = "server1";
    CallbackHandler callbackHandler = new CallbackHandler() {

        public void handle(Callback[] callbacks) {
        }
    };
    // pass in system properties
    Properties sysprops = System.getProperties();
    SaslClient client1 = Sasl.createSaslClient(new String[] { DIGEST, PLAIN }, authorizationId, protocol, serverName, (Map) sysprops, callbackHandler);
    System.out.println(client1);
    SaslServer server1 = Sasl.createSaslServer(DIGEST, protocol, serverName, (Map) sysprops, callbackHandler);
    System.out.println(server1);
    // pass in string-valued props
    Map<String, String> stringProps = new Hashtable<String, String>();
    stringProps.put(Sasl.POLICY_NOPLAINTEXT, "true");
    try {
        SaslClient client2 = Sasl.createSaslClient(new String[] { GSSAPI, PLAIN }, authorizationId, protocol, serverName, stringProps, callbackHandler);
        System.out.println(client2);
        SaslServer server2 = Sasl.createSaslServer(GSSAPI, protocol, serverName, stringProps, callbackHandler);
        System.out.println(server2);
    } catch (SaslException se) {
        Throwable t = se.getCause();
        if (t instanceof GSSException) {
        // allow GSSException because kerberos has not been initialized
        } else {
            throw se;
        }
    }
    // pass in object-valued props
    Map<String, Object> objProps = new Hashtable<String, Object>();
    objProps.put("some.object.valued.property", System.err);
    SaslClient client3 = Sasl.createSaslClient(new String[] { EXTERNAL, CRAM }, authorizationId, protocol, serverName, objProps, callbackHandler);
    System.out.println(client3);
    SaslServer server3 = Sasl.createSaslServer(CRAM, protocol, serverName, objProps, callbackHandler);
    System.out.println(server3);
    // pass in raw-type props
    Map rawProps = new Hashtable();
    rawProps.put(Sasl.POLICY_NOPLAINTEXT, "true");
    rawProps.put("some.object.valued.property", System.err);
    SaslClient client4 = Sasl.createSaslClient(new String[] { EXTERNAL, CRAM }, authorizationId, protocol, serverName, rawProps, callbackHandler);
    System.out.println(client4);
    SaslServer server4 = Sasl.createSaslServer(CRAM, protocol, serverName, rawProps, callbackHandler);
    System.out.println(server4);
}
Also used : Hashtable(java.util.Hashtable) Properties(java.util.Properties) GSSException(org.ietf.jgss.GSSException) Map(java.util.Map)

Example 13 with GSSException

use of org.ietf.jgss.GSSException in project jdk8u_jdk by JetBrains.

the class OkAsDelegateXRealm method main.

/**
     * @param args boolean if the program should succeed
     */
public static void main(String[] args) throws Exception {
    // Create and start the KDCs. Here we have 3 realms: R1, R2 and R3.
    // R1 is trusted by R2, and R2 trusted by R3.
    KDC kdc1 = KDC.create("R1");
    kdc1.setOption(KDC.Option.OK_AS_DELEGATE, System.getProperty("test.kdc.policy.ok-as-delegate"));
    kdc1.addPrincipal("dummy", "bogus".toCharArray());
    kdc1.addPrincipalRandKey("krbtgt/R1");
    kdc1.addPrincipal("krbtgt/R2@R1", "r1->r2".toCharArray());
    KDC kdc2 = KDC.create("R2");
    kdc2.setOption(KDC.Option.OK_AS_DELEGATE, System.getProperty("test.kdc.policy.ok-as-delegate"));
    kdc2.addPrincipalRandKey("krbtgt/R2");
    kdc2.addPrincipal("krbtgt/R2@R1", "r1->r2".toCharArray());
    kdc2.addPrincipal("krbtgt/R3@R2", "r2->r3".toCharArray());
    KDC kdc3 = KDC.create("R3");
    kdc3.setOption(KDC.Option.OK_AS_DELEGATE, System.getProperty("test.kdc.policy.ok-as-delegate"));
    kdc3.addPrincipalRandKey("krbtgt/R3");
    kdc3.addPrincipal("krbtgt/R3@R2", "r2->r3".toCharArray());
    kdc3.addPrincipalRandKey("host/host.r3.local");
    KDC.saveConfig("krb5-localkdc.conf", kdc1, kdc2, kdc3, "forwardable=true", "[capaths]", "R1 = {", "    R2 = .", "    R3 = R2", "}", "[domain_realm]", ".r3.local=R3");
    System.setProperty("java.security.krb5.conf", "krb5-localkdc.conf");
    kdc3.writeKtab("localkdc.ktab");
    FileOutputStream fos = new FileOutputStream("jaas-localkdc.conf");
    // Defines the client and server on R1 and R3 respectively.
    fos.write(("com.sun.security.jgss.krb5.initiate {\n" + "    com.sun.security.auth.module.Krb5LoginModule\n" + "    required\n" + "    principal=dummy\n" + "    doNotPrompt=false\n" + "    useTicketCache=false\n" + "    ;\n};\n" + "com.sun.security.jgss.krb5.accept {\n" + "    com.sun.security.auth.module.Krb5LoginModule required\n" + "    principal=\"host/host.r3.local@R3\"\n" + "    useKeyTab=true\n" + "    keyTab=localkdc.ktab\n" + "    isInitiator=false\n" + "    storeKey=true;\n};\n" + "\n").getBytes());
    fos.close();
    Security.setProperty("auth.login.defaultCallbackHandler", "OkAsDelegateXRealm");
    System.setProperty("java.security.auth.login.config", "jaas-localkdc.conf");
    Config.refresh();
    Context c = Context.fromJAAS("com.sun.security.jgss.krb5.initiate");
    Context s = Context.fromJAAS("com.sun.security.jgss.krb5.accept");
    for (int i = 0; i < 2; i++) {
        c.startAsClient("host@host.r3.local", GSSUtil.GSS_KRB5_MECH_OID);
        s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);
        c.x().requestDelegPolicy(true);
        Context.handshake(c, s);
        boolean succeed = true;
        try {
            s.x().getDelegCred();
        } catch (GSSException gsse) {
            succeed = false;
        }
        if (succeed != Boolean.parseBoolean(args[0])) {
            throw new Exception("Test fail at round #" + i);
        }
    }
}
Also used : GSSException(org.ietf.jgss.GSSException) FileOutputStream(java.io.FileOutputStream) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) IOException(java.io.IOException) GSSException(org.ietf.jgss.GSSException)

Example 14 with GSSException

use of org.ietf.jgss.GSSException in project OpenAM by OpenRock.

the class WindowsDesktopSSO method authenticateToken.

private void authenticateToken(final byte[] kerberosToken, final Set<String> trustedRealms) throws AuthLoginException, GSSException, Exception {
    debug.message("In authenticationToken ...");
    Subject.doAs(serviceSubject, new PrivilegedExceptionAction() {

        public Object run() throws Exception {
            GSSContext context = GSSManager.getInstance().createContext((GSSCredential) null);
            if (debug.messageEnabled()) {
                debug.message("Context created.");
            }
            byte[] outToken = context.acceptSecContext(kerberosToken, 0, kerberosToken.length);
            if (outToken != null) {
                if (debug.messageEnabled()) {
                    debug.message("Token returned from acceptSecContext: \n" + DerValue.printByteArray(outToken, 0, outToken.length));
                }
            }
            if (!context.isEstablished()) {
                debug.error("Cannot establish context !");
                throw new AuthLoginException(amAuthWindowsDesktopSSO, "context", null);
            } else {
                if (debug.messageEnabled()) {
                    debug.message("Context established !");
                }
                GSSName user = context.getSrcName();
                final String userPrincipalName = user.toString();
                // expected default behaviour.
                if (!trustedRealms.isEmpty()) {
                    boolean foundTrustedRealm = false;
                    for (final String trustedRealm : trustedRealms) {
                        if (isTokenTrusted(userPrincipalName, trustedRealm)) {
                            foundTrustedRealm = true;
                            break;
                        }
                    }
                    if (!foundTrustedRealm) {
                        debug.error("Kerberos token for " + userPrincipalName + " not trusted");
                        final String[] data = { userPrincipalName };
                        throw new AuthLoginException(amAuthWindowsDesktopSSO, "untrustedToken", data);
                    }
                }
                // perform the search.
                if (lookupUserInRealm) {
                    String org = getRequestOrg();
                    String userValue = getUserName(userPrincipalName);
                    String userName = searchUserAccount(userValue, org);
                    if (userName != null && !userName.isEmpty()) {
                        storeUsernamePasswd(userValue, null);
                    } else {
                        String[] data = { userValue, org };
                        debug.error("WindowsDesktopSSO.authenticateToken: " + ": Unable to find the user " + userValue);
                        throw new AuthLoginException(amAuthWindowsDesktopSSO, "notfound", data);
                    }
                }
                if (debug.messageEnabled()) {
                    debug.message("WindowsDesktopSSO.authenticateToken:" + "User authenticated: " + user.toString());
                }
                if (user != null) {
                    setPrincipal(userPrincipalName);
                }
            }
            context.dispose();
            return null;
        }
    });
}
Also used : GSSName(org.ietf.jgss.GSSName) GSSCredential(org.ietf.jgss.GSSCredential) GSSContext(org.ietf.jgss.GSSContext) AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException) PrivilegedExceptionAction(java.security.PrivilegedExceptionAction) IdRepoException(com.sun.identity.idm.IdRepoException) PrivilegedActionException(java.security.PrivilegedActionException) GSSException(org.ietf.jgss.GSSException) AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException) SSOException(com.iplanet.sso.SSOException)

Example 15 with GSSException

use of org.ietf.jgss.GSSException in project ats-framework by Axway.

the class GGSSchemeBase method authenticate.

@Override
public Header authenticate(final Credentials credentials, final HttpRequest request, final HttpContext context) throws AuthenticationException {
    if (request == null) {
        throw new IllegalArgumentException("HTTP request may not be null");
    }
    switch(state) {
        case UNINITIATED:
            throw new AuthenticationException(getSchemeName() + " authentication has not been initiated");
        case FAILED:
            throw new AuthenticationException(getSchemeName() + " authentication has failed");
        case CHALLENGE_RECEIVED:
            try {
                token = generateToken(token);
                state = State.TOKEN_GENERATED;
            } catch (GSSException gsse) {
                state = State.FAILED;
                if (gsse.getMajor() == GSSException.DEFECTIVE_CREDENTIAL || gsse.getMajor() == GSSException.CREDENTIALS_EXPIRED)
                    throw new InvalidCredentialsException(gsse.getMessage(), gsse);
                if (gsse.getMajor() == GSSException.NO_CRED)
                    throw new InvalidCredentialsException(gsse.getMessage(), gsse);
                if (gsse.getMajor() == GSSException.DEFECTIVE_TOKEN || gsse.getMajor() == GSSException.DUPLICATE_TOKEN || gsse.getMajor() == GSSException.OLD_TOKEN)
                    throw new AuthenticationException(gsse.getMessage(), gsse);
                // other error
                throw new AuthenticationException(gsse.getMessage());
            }
        // continue to next case block
        case TOKEN_GENERATED:
            String tokenstr = new String(base64codec.encode(token));
            if (log.isDebugEnabled()) {
                log.debug("Sending response '" + tokenstr + "' back to the auth server");
            }
            return new BasicHeader("Authorization", "Negotiate " + tokenstr);
        default:
            throw new IllegalStateException("Illegal state: " + state);
    }
}
Also used : GSSException(org.ietf.jgss.GSSException) AuthenticationException(org.apache.http.auth.AuthenticationException) InvalidCredentialsException(org.apache.http.auth.InvalidCredentialsException) BasicHeader(org.apache.http.message.BasicHeader)

Aggregations

GSSException (org.ietf.jgss.GSSException)37 GSSName (org.ietf.jgss.GSSName)18 GSSManager (org.ietf.jgss.GSSManager)16 Oid (org.ietf.jgss.Oid)15 GSSContext (org.ietf.jgss.GSSContext)14 GSSCredential (org.ietf.jgss.GSSCredential)14 Principal (java.security.Principal)7 PrivilegedActionException (java.security.PrivilegedActionException)7 Subject (javax.security.auth.Subject)6 IOException (java.io.IOException)5 LoginException (javax.security.auth.login.LoginException)4 SaslException (javax.security.sasl.SaslException)4 PrivilegedExceptionAction (java.security.PrivilegedExceptionAction)3 KerberosPrincipal (javax.security.auth.kerberos.KerberosPrincipal)3 SSOException (com.iplanet.sso.SSOException)2 AuthLoginException (com.sun.identity.authentication.spi.AuthLoginException)2 IdRepoException (com.sun.identity.idm.IdRepoException)2 FileOutputStream (java.io.FileOutputStream)2 UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)2 LoginContext (javax.security.auth.login.LoginContext)2