Search in sources :

Example 1 with PrincipalName

use of sun.security.krb5.PrincipalName in project jdk8u_jdk by JetBrains.

the class KvnoNA method main.

public static void main(String[] args) throws Exception {
    OneKDC kdc = new OneKDC(null);
    kdc.writeJAASConf();
    // In KDC, it's 2
    char[] pass = "pass2".toCharArray();
    kdc.addPrincipal(OneKDC.SERVER, pass);
    // In ktab, kvno is 1 or 3, 3 has the same password
    KeyTab ktab = KeyTab.create(OneKDC.KTAB);
    PrincipalName p = new PrincipalName(OneKDC.SERVER + "@" + OneKDC.REALM, PrincipalName.KRB_NT_SRV_HST);
    ktab.addEntry(p, "pass1".toCharArray(), 1, true);
    ktab.addEntry(p, "pass2".toCharArray(), 3, true);
    ktab.save();
    Context c, s;
    c = Context.fromUserPass("dummy", "bogus".toCharArray(), false);
    s = Context.fromJAAS("server");
    c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
    s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);
    Context.handshake(c, s);
    s.dispose();
    c.dispose();
}
Also used : KeyTab(sun.security.krb5.internal.ktab.KeyTab) PrincipalName(sun.security.krb5.PrincipalName)

Example 2 with PrincipalName

use of sun.security.krb5.PrincipalName in project jdk8u_jdk by JetBrains.

the class FileKeyTab method main.

public static void main(String[] args) throws Exception {
    String name = "ktab";
    KeyTab kt = KeyTab.create(name);
    kt.addEntry(new PrincipalName("a@A"), "x".toCharArray(), 1, true);
    kt.save();
    check(name);
    check("FILE:" + name);
    name = new File(name).getAbsolutePath().toString();
    check(name);
    check("FILE:" + name);
    // The bug reporter uses this style, should only work for
    // absolute path
    check("FILE:/" + name);
}
Also used : KeyTab(sun.security.krb5.internal.ktab.KeyTab) PrincipalName(sun.security.krb5.PrincipalName) File(java.io.File)

Example 3 with PrincipalName

use of sun.security.krb5.PrincipalName in project jdk8u_jdk by JetBrains.

the class KeyTabIndex method main.

public static void main(String[] args) throws Exception {
    KeyTab kt = KeyTab.create("ktab");
    // Two entries with very different length, so that it's easy to
    // observice the abnormal change of "index" field.
    kt.addEntry(new PrincipalName("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa@A"), "x".toCharArray(), 1, true);
    kt.addEntry(new PrincipalName("a@A"), "x".toCharArray(), 1, true);
    kt.save();
    Runnable t = new Runnable() {

        @Override
        public void run() {
            KeyTab.getInstance("ktab").getClass();
        }
    };
    for (int i = 0; i < 10; i++) {
        new Thread(t).start();
    }
}
Also used : KeyTab(sun.security.krb5.internal.ktab.KeyTab) PrincipalName(sun.security.krb5.PrincipalName)

Example 4 with PrincipalName

use of sun.security.krb5.PrincipalName in project jdk8u_jdk by JetBrains.

the class KeyTab method getKeys.

/**
     * Returns fresh keys for the given Kerberos principal.
     * <p>
     * Implementation of this method should make sure the returned keys match
     * the latest content of the keytab file. The result is a newly created
     * copy that can be modified by the caller without modifying the keytab
     * object. The caller should {@link KerberosKey#destroy() destroy} the
     * result keys after they are used.
     * <p>
     * Please note that the keytab file can be created after the
     * {@code KeyTab} object is instantiated and its content may change over
     * time. Therefore, an application should call this method only when it
     * needs to use the keys. Any previous result from an earlier invocation
     * could potentially be expired.
     * <p>
     * If there is any error (say, I/O error or format error)
     * during the reading process of the KeyTab file, a saved result should be
     * returned. If there is no saved result (say, this is the first time this
     * method is called, or, all previous read attempts failed), an empty array
     * should be returned. This can make sure the result is not drastically
     * changed during the (probably slow) update of the keytab file.
     * <p>
     * Each time this method is called and the reading of the file succeeds
     * with no exception (say, I/O error or file format error),
     * the result should be saved for {@code principal}. The implementation can
     * also save keys for other principals having keys in the same keytab object
     * if convenient.
     * <p>
     * Any unsupported key read from the keytab is ignored and not included
     * in the result.
     * <p>
     * If this keytab is bound to a specific principal, calling this method on
     * another principal will return an empty array.
     *
     * @param principal the Kerberos principal, must not be null.
     * @return the keys (never null, may be empty)
     * @throws NullPointerException if the {@code principal}
     * argument is null
     * @throws SecurityException if a security manager exists and the read
     * access to the keytab file is not permitted
     */
public KerberosKey[] getKeys(KerberosPrincipal principal) {
    try {
        if (princ != null && !principal.equals(princ)) {
            return new KerberosKey[0];
        }
        PrincipalName pn = new PrincipalName(principal.getName());
        EncryptionKey[] keys = takeSnapshot().readServiceKeys(pn);
        KerberosKey[] kks = new KerberosKey[keys.length];
        for (int i = 0; i < kks.length; i++) {
            Integer tmp = keys[i].getKeyVersionNumber();
            kks[i] = new KerberosKey(principal, keys[i].getBytes(), keys[i].getEType(), tmp == null ? 0 : tmp.intValue());
            keys[i].destroy();
        }
        return kks;
    } catch (RealmException re) {
        return new KerberosKey[0];
    }
}
Also used : EncryptionKey(sun.security.krb5.EncryptionKey) PrincipalName(sun.security.krb5.PrincipalName) RealmException(sun.security.krb5.RealmException)

Example 5 with PrincipalName

use of sun.security.krb5.PrincipalName in project jdk8u_jdk by JetBrains.

the class Krb5NameElement method getInstance.

/**
     * Instantiates a new Krb5NameElement object. Internally it stores the
     * information provided by the input parameters so that they may later
     * be used for output when a printable representaion of this name is
     * needed in GSS-API format rather than in Kerberos format.
     *
     */
static Krb5NameElement getInstance(String gssNameStr, Oid gssNameType) throws GSSException {
    /*
         * A null gssNameType implies that the mechanism default
         * Krb5MechFactory.NT_GSS_KRB5_PRINCIPAL be used.
         */
    if (gssNameType == null)
        gssNameType = Krb5MechFactory.NT_GSS_KRB5_PRINCIPAL;
    else if (!gssNameType.equals(GSSName.NT_USER_NAME) && !gssNameType.equals(GSSName.NT_HOSTBASED_SERVICE) && !gssNameType.equals(Krb5MechFactory.NT_GSS_KRB5_PRINCIPAL) && !gssNameType.equals(GSSName.NT_EXPORT_NAME))
        throw new GSSException(GSSException.BAD_NAMETYPE, -1, gssNameType.toString() + " is an unsupported nametype");
    PrincipalName principalName;
    try {
        if (gssNameType.equals(GSSName.NT_EXPORT_NAME) || gssNameType.equals(Krb5MechFactory.NT_GSS_KRB5_PRINCIPAL)) {
            principalName = new PrincipalName(gssNameStr, PrincipalName.KRB_NT_PRINCIPAL);
        } else {
            String[] components = getComponents(gssNameStr);
            if (gssNameType.equals(GSSName.NT_USER_NAME))
                principalName = new PrincipalName(gssNameStr, PrincipalName.KRB_NT_PRINCIPAL);
            else {
                String hostName = null;
                String service = components[0];
                if (components.length >= 2)
                    hostName = components[1];
                String principal = getHostBasedInstance(service, hostName);
                principalName = new PrincipalName(principal, PrincipalName.KRB_NT_SRV_HST);
            }
        }
    } catch (KrbException e) {
        throw new GSSException(GSSException.BAD_NAME, -1, e.getMessage());
    }
    if (principalName.isRealmDeduced() && !Realm.AUTODEDUCEREALM) {
        SecurityManager sm = System.getSecurityManager();
        if (sm != null) {
            try {
                sm.checkPermission(new ServicePermission("@" + principalName.getRealmAsString(), "-"));
            } catch (SecurityException se) {
                // Do not chain the actual exception to hide info
                throw new GSSException(GSSException.FAILURE);
            }
        }
    }
    return new Krb5NameElement(principalName, gssNameStr, gssNameType);
}
Also used : KrbException(sun.security.krb5.KrbException) ServicePermission(javax.security.auth.kerberos.ServicePermission) PrincipalName(sun.security.krb5.PrincipalName)

Aggregations

PrincipalName (sun.security.krb5.PrincipalName)17 KeyTab (sun.security.krb5.internal.ktab.KeyTab)7 KrbException (sun.security.krb5.KrbException)6 EncryptionKey (sun.security.krb5.EncryptionKey)3 CredentialsCache (sun.security.krb5.internal.ccache.CredentialsCache)3 File (java.io.File)2 IOException (java.io.IOException)2 PrivilegedActionException (java.security.PrivilegedActionException)2 KerberosKey (javax.security.auth.kerberos.KerberosKey)2 KerberosPrincipal (javax.security.auth.kerberos.KerberosPrincipal)2 KerberosTicket (javax.security.auth.kerberos.KerberosTicket)2 ServicePermission (javax.security.auth.kerberos.ServicePermission)2 Realm (sun.security.krb5.Realm)2 RealmException (sun.security.krb5.RealmException)2 InvocationTargetException (java.lang.reflect.InvocationTargetException)1 BigInteger (java.math.BigInteger)1 UnknownHostException (java.net.UnknownHostException)1 LoginException (javax.security.auth.login.LoginException)1 GSSException (org.ietf.jgss.GSSException)1 ServiceCreds (sun.security.jgss.krb5.ServiceCreds)1