Examples with GSSName org.ietf.jgss.GSSName used on opensource projects

Example 26 with GSSName

use of org.ietf.jgss.GSSName in project jdk8u_jdk by JetBrains.

the class GssMemoryIssues method main.

public static void main(String[] argv) throws Exception {
    GSSManager man = GSSManager.getInstance();
    String s = "me@REALM";
    GSSName name = man.createName(s, GSSName.NT_USER_NAME);
    byte[] exported = name.export();
    // Offset of the length of the mech name. Length in big endian
    int lenOffset = exported.length - s.length() - 4;
    // Make it huge
    exported[lenOffset] = 0x7f;
    try {
        man.createName(exported, GSSName.NT_EXPORT_NAME);
    } catch (GSSException gsse) {
        System.out.println(gsse);
    }
}

Example 27 with GSSName

use of org.ietf.jgss.GSSName in project jdk8u_jdk by JetBrains.

the class BasicKrb5Test method go.

void go(final String server, final String backend) throws Exception {
    Context c, s, s2, b;
    c = Context.fromJAAS("client");
    s = Context.fromJAAS("server");
    b = Context.fromJAAS("backend");
    c.startAsClient(server, GSSUtil.GSS_KRB5_MECH_OID);
    c.x().requestCredDeleg(true);
    c.x().requestConf(conf);
    s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);
    c.status();
    s.status();
    Context.handshake(c, s);
    GSSName client = c.x().getSrcName();
    c.status();
    s.status();
    Context.transmit("i say high --", c, s);
    Context.transmit("   you say low", s, c);
    s2 = s.delegated();
    s.dispose();
    s = null;
    s2.startAsClient(backend, GSSUtil.GSS_KRB5_MECH_OID);
    s2.x().requestConf(conf);
    b.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);
    s2.status();
    b.status();
    Context.handshake(s2, b);
    GSSName client2 = b.x().getSrcName();
    if (!client.equals(client2)) {
        throw new Exception("Delegation failed");
    }
    s2.status();
    b.status();
    Context.transmit("you say hello --", s2, b);
    Context.transmit("   i say goodbye", b, s2);
    s2.dispose();
    b.dispose();
}

Example 28 with GSSName

use of org.ietf.jgss.GSSName in project jdk8u_jdk by JetBrains.

the class Test5653 method main.

public static void main(String[] args) throws Exception {
    Oid oldOid = new Oid("1.3.6.1.5.6.2");
    new OneKDC(null).writeJAASConf();
    System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
    GSSManager m = GSSManager.getInstance();
    boolean found = false;
    // Test 1: the getMechsForName() method accepts it.
    for (Oid tmp : m.getMechsForName(oldOid)) {
        if (tmp.equals(GSSUtil.GSS_KRB5_MECH_OID)) {
            found = true;
            break;
        }
    }
    if (!found) {
        throw new Exception("Cannot found krb5 mech for old name type");
    }
    // Test 2: the createName() method accepts it.
    GSSName name = m.createName("server@host.rabbit.hole", oldOid);
    // Test 3: its getStringNameType() output is correct
    if (!name.getStringNameType().equals(GSSName.NT_HOSTBASED_SERVICE)) {
        throw new Exception("GSSName not correct name type");
    }
    // Test 4: everything still works.
    GSSContext c1 = m.createContext(name, GSSUtil.GSS_KRB5_MECH_OID, null, GSSContext.DEFAULT_LIFETIME);
    byte[] token = c1.initSecContext(new byte[0], 0, 0);
    Context s;
    s = Context.fromJAAS("server");
    s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);
    s.x().acceptSecContext(token, 0, token.length);
}

Example 29 with GSSName

use of org.ietf.jgss.GSSName in project tdi-studio-se by Talend.

the class XRMSpnegoClientAction method run.

/**
	 * Obtain a service ticket
	 */
public byte[] run() {
    try {
        GSSManager gssManager = GSSManager.getInstance();
        Oid oid = new Oid("1.3.6.1.5.5.2");
        GSSName gssService = gssManager.createName(serviceName, GSSName.NT_USER_NAME);
        secContext = gssManager.createContext(gssService, oid, null, GSSContext.DEFAULT_LIFETIME);
        secContext.requestMutualAuth(mutualAuth);
        secContext.requestCredDeleg(Boolean.FALSE);
        byte[] token = new byte[0];
        return secContext.initSecContext(token, 0, token.length);
    } catch (GSSException e) {
        if (log.isDebugEnabled()) {
            log.debug("Error in obtaining a Kerberos token", e);
        }
    }
    return null;
}

Example 30 with GSSName

use of org.ietf.jgss.GSSName in project voltdb by VoltDB.

the class ConnectionUtil method performAuthenticationHandShake.

private static final ByteBuffer performAuthenticationHandShake(final SocketChannel channel, final Subject subject, final String serviceName) throws IOException {
    try {
        String subjectPrincipal = subject.getPrincipals().iterator().next().getName();
        final Optional<DelegatePrincipal> delegate = getDelegate(subject);
        if (delegate.isPresent() && !subjectPrincipal.equals(serviceName)) {
            throw new IOException("Delegate authentication is not allowed for user " + delegate.get().getName());
        }
        Subject.doAs(subject, new PrivilegedAction<GSSContext>() {

            @Override
            public GSSContext run() {
                GSSContext context = null;
                try {
                    /*
                         * The standard type designation for kerberos v5 secure service context
                         */
                    final Oid krb5Oid = new Oid("1.2.840.113554.1.2.2");
                    /*
                         * The standard type designation for principal
                         */
                    final Oid krb5PrincipalNameType = new Oid("1.2.840.113554.1.2.2.1");
                    final GSSName serverName = m_gssManager.createName(serviceName, krb5PrincipalNameType);
                    context = m_gssManager.createContext(serverName, krb5Oid, null, GSSContext.INDEFINITE_LIFETIME);
                    context.requestMutualAuth(true);
                    context.requestConf(true);
                    context.requestInteg(true);
                    establishSecurityContext(channel, context, delegate);
                    context.dispose();
                    context = null;
                } catch (GSSException ex) {
                    throw new RuntimeException(ex);
                } catch (IOException ex) {
                    throw new RuntimeException(ex);
                } finally {
                    if (context != null)
                        try {
                            context.dispose();
                        } catch (Exception ignoreIt) {
                        }
                }
                return null;
            }
        });
    } catch (SecurityException ex) {
        // if we get here the authentication handshake failed.
        try {
            channel.close();
        } catch (Exception ignoreIt) {
        }
        // PriviledgedActionException is the first wrapper. The runtime from Throwables would be
        // the second wrapper
        Throwable cause = ex.getCause();
        if (cause != null && (cause instanceof RuntimeException) && cause.getCause() != null) {
            cause = cause.getCause();
        } else if (cause == null) {
            cause = ex;
        }
        if (cause instanceof IOException) {
            throw IOException.class.cast(cause);
        } else {
            throw new IOException("Authentication Handshake Failed", cause);
        }
    }
    ByteBuffer lengthBuffer = ByteBuffer.allocate(4);
    while (lengthBuffer.hasRemaining()) {
        if (channel.read(lengthBuffer) == -1) {
            channel.close();
            throw new EOFException();
        }
    }
    lengthBuffer.flip();
    int responseSize = lengthBuffer.getInt();
    ByteBuffer loginResponse = ByteBuffer.allocate(responseSize);
    while (loginResponse.hasRemaining()) {
        if (channel.read(loginResponse) == -1) {
            channel.close();
            throw new EOFException();
        }
    }
    loginResponse.flip();
    byte version = loginResponse.get();
    if (version != (byte) 0) {
        channel.close();
        throw new IOException("Encountered unexpected version for the login response message: " + version);
    }
    return loginResponse;
}