Search in sources :

Example 46 with GSSManager

use of org.ietf.jgss.GSSManager in project jdk8u_jdk by JetBrains.

the class KrbCredSubKey method main.

public static void main(String[] args) throws Exception {
    // We don't care about clock difference
    new FileOutputStream("krb5.conf").write("[libdefaults]\nclockskew=999999999".getBytes());
    System.setProperty("java.security.krb5.conf", "krb5.conf");
    Config.refresh();
    Subject subj = new Subject();
    KerberosPrincipal kp = new KerberosPrincipal(princ);
    KerberosKey kk = new KerberosKey(kp, key, EncryptedData.ETYPE_AES128_CTS_HMAC_SHA1_96, 0);
    subj.getPrincipals().add(kp);
    subj.getPrivateCredentials().add(kk);
    Subject.doAs(subj, new PrivilegedExceptionAction() {

        public Object run() throws Exception {
            GSSManager man = GSSManager.getInstance();
            GSSContext ctxt = man.createContext(man.createCredential(null, GSSCredential.INDEFINITE_LIFETIME, GSSUtil.GSS_KRB5_MECH_OID, GSSCredential.ACCEPT_ONLY));
            return ctxt.acceptSecContext(token, 0, token.length);
        }
    });
}
Also used : KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal) KerberosKey(javax.security.auth.kerberos.KerberosKey) FileOutputStream(java.io.FileOutputStream) GSSManager(org.ietf.jgss.GSSManager) GSSContext(org.ietf.jgss.GSSContext) PrivilegedExceptionAction(java.security.PrivilegedExceptionAction) Subject(javax.security.auth.Subject)

Example 47 with GSSManager

use of org.ietf.jgss.GSSManager in project jdk8u_jdk by JetBrains.

the class Test5653 method main.

public static void main(String[] args) throws Exception {
    Oid oldOid = new Oid("1.3.6.1.5.6.2");
    new OneKDC(null).writeJAASConf();
    System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
    GSSManager m = GSSManager.getInstance();
    boolean found = false;
    // Test 1: the getMechsForName() method accepts it.
    for (Oid tmp : m.getMechsForName(oldOid)) {
        if (tmp.equals(GSSUtil.GSS_KRB5_MECH_OID)) {
            found = true;
            break;
        }
    }
    if (!found) {
        throw new Exception("Cannot found krb5 mech for old name type");
    }
    // Test 2: the createName() method accepts it.
    GSSName name = m.createName("server@host.rabbit.hole", oldOid);
    // Test 3: its getStringNameType() output is correct
    if (!name.getStringNameType().equals(GSSName.NT_HOSTBASED_SERVICE)) {
        throw new Exception("GSSName not correct name type");
    }
    // Test 4: everything still works.
    GSSContext c1 = m.createContext(name, GSSUtil.GSS_KRB5_MECH_OID, null, GSSContext.DEFAULT_LIFETIME);
    byte[] token = c1.initSecContext(new byte[0], 0, 0);
    Context s;
    s = Context.fromJAAS("server");
    s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);
    s.x().acceptSecContext(token, 0, token.length);
}
Also used : GSSContext(org.ietf.jgss.GSSContext) GSSName(org.ietf.jgss.GSSName) GSSManager(org.ietf.jgss.GSSManager) GSSContext(org.ietf.jgss.GSSContext) Oid(org.ietf.jgss.Oid)

Example 48 with GSSManager

use of org.ietf.jgss.GSSManager in project jdk8u_jdk by JetBrains.

the class LifeTimeInSeconds method main.

public static void main(String[] args) throws Exception {
    new OneKDC(null).writeJAASConf();
    System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
    GSSManager gm = GSSManager.getInstance();
    GSSCredential cred = gm.createCredential(GSSCredential.INITIATE_AND_ACCEPT);
    int time = cred.getRemainingLifetime();
    int time2 = cred.getRemainingInitLifetime(null);
    // The test KDC issues a TGT with a default lifetime of 11 hours
    int elevenhrs = 11 * 3600;
    if (time > elevenhrs + 60 || time < elevenhrs - 60) {
        throw new Exception("getRemainingLifetime returns wrong value.");
    }
    if (time2 > elevenhrs + 60 || time2 < elevenhrs - 60) {
        throw new Exception("getRemainingInitLifetime returns wrong value.");
    }
}
Also used : GSSCredential(org.ietf.jgss.GSSCredential) GSSManager(org.ietf.jgss.GSSManager)

Example 49 with GSSManager

use of org.ietf.jgss.GSSManager in project tdi-studio-se by Talend.

the class XRMSpnegoClientAction method run.

/**
	 * Obtain a service ticket
	 */
public byte[] run() {
    try {
        GSSManager gssManager = GSSManager.getInstance();
        Oid oid = new Oid("1.3.6.1.5.5.2");
        GSSName gssService = gssManager.createName(serviceName, GSSName.NT_USER_NAME);
        secContext = gssManager.createContext(gssService, oid, null, GSSContext.DEFAULT_LIFETIME);
        secContext.requestMutualAuth(mutualAuth);
        secContext.requestCredDeleg(Boolean.FALSE);
        byte[] token = new byte[0];
        return secContext.initSecContext(token, 0, token.length);
    } catch (GSSException e) {
        if (log.isDebugEnabled()) {
            log.debug("Error in obtaining a Kerberos token", e);
        }
    }
    return null;
}
Also used : GSSName(org.ietf.jgss.GSSName) GSSException(org.ietf.jgss.GSSException) GSSManager(org.ietf.jgss.GSSManager) Oid(org.ietf.jgss.Oid)

Example 50 with GSSManager

use of org.ietf.jgss.GSSManager in project voltdb by VoltDB.

the class HTTPClientInterface method spnegoLogin.

private String spnegoLogin(String encodedToken) {
    byte[] token = B64Code.decode(encodedToken);
    try {
        if (encodedToken == null || encodedToken.isEmpty()) {
            return null;
        }
        final Oid spnegoOid = new Oid("1.3.6.1.5.5.2");
        GSSManager manager = GSSManager.getInstance();
        GSSName name = manager.createName(m_servicePrincipal, null);
        GSSContext ctx = manager.createContext(name.canonicalize(spnegoOid), spnegoOid, null, GSSContext.INDEFINITE_LIFETIME);
        if (ctx == null) {
            m_rate_limited_log.log(EstTime.currentTimeMillis(), Level.ERROR, null, "Failed to establish security context for SPNEGO authentication");
            return null;
        }
        while (!ctx.isEstablished()) {
            token = ctx.acceptSecContext(token, 0, token.length);
        }
        if (ctx.isEstablished()) {
            if (ctx.getSrcName() == null) {
                m_rate_limited_log.log(EstTime.currentTimeMillis(), Level.ERROR, null, "Failed to read source name from established SPNEGO security context");
                return null;
            }
            String user = ctx.getSrcName().toString();
            if (m_log.isDebugEnabled()) {
                m_log.debug("established SPNEGO security context for " + user);
            }
            return user;
        }
        return null;
    } catch (GSSException e) {
        m_rate_limited_log.log(EstTime.currentTimeMillis(), Level.ERROR, e, "failed SPNEGO authentication");
        return null;
    }
}
Also used : GSSName(org.ietf.jgss.GSSName) GSSException(org.ietf.jgss.GSSException) GSSManager(org.ietf.jgss.GSSManager) GSSContext(org.ietf.jgss.GSSContext) Oid(org.ietf.jgss.Oid)

Aggregations

GSSManager (org.ietf.jgss.GSSManager)67 GSSName (org.ietf.jgss.GSSName)56 Oid (org.ietf.jgss.Oid)51 GSSContext (org.ietf.jgss.GSSContext)38 GSSCredential (org.ietf.jgss.GSSCredential)38 GSSException (org.ietf.jgss.GSSException)34 Subject (javax.security.auth.Subject)29 PrivilegedActionException (java.security.PrivilegedActionException)19 Principal (java.security.Principal)17 IOException (java.io.IOException)10 LoginContext (javax.security.auth.login.LoginContext)10 LoginException (javax.security.auth.login.LoginException)10 Test (org.junit.Test)9 KerberosTicket (javax.security.auth.kerberos.KerberosTicket)7 KerberosCredentials (org.apache.http.auth.KerberosCredentials)7 SaslException (javax.security.sasl.SaslException)6 PrivilegedExceptionAction (java.security.PrivilegedExceptionAction)5 KerberosPrincipal (javax.security.auth.kerberos.KerberosPrincipal)4 HttpServletRequest (javax.servlet.http.HttpServletRequest)4 HttpServletResponse (javax.servlet.http.HttpServletResponse)4