Search in sources :

Example 21 with PrincipalName

use of sun.security.krb5.PrincipalName in project jdk8u_jdk by JetBrains.

the class Immutable method main.

public static void main(String[] args) throws Exception {
    PrincipalName pn1 = new PrincipalName("host/service@REALM");
    PrincipalName pn2 = (PrincipalName) pn1.clone();
    pn1.getNameStrings()[0] = "http";
    if (!pn1.equals(pn2)) {
        throw new Exception();
    }
}
Also used : PrincipalName(sun.security.krb5.PrincipalName)

Example 22 with PrincipalName

use of sun.security.krb5.PrincipalName in project jdk8u_jdk by JetBrains.

the class SSL method main.

public static void main(String[] args) throws Exception {
    // reset the security property to make sure that the algorithms
    // and keys used in this test are not disabled.
    Security.setProperty("jdk.tls.disabledAlgorithms", "");
    krb5Cipher = args[0];
    boolean unbound = args.length > 1;
    System.setSecurityManager(new SSL());
    KDC kdc = KDC.create(OneKDC.REALM);
    server = "host." + OneKDC.REALM.toLowerCase(Locale.US);
    if (args.length > 2) {
        sniHostname = "test." + server;
        sniMatcherPattern = ".*";
    }
    kdc.addPrincipal(OneKDC.USER, OneKDC.PASS);
    kdc.addPrincipalRandKey("krbtgt/" + OneKDC.REALM);
    KDC.saveConfig(OneKDC.KRB5_CONF, kdc);
    System.setProperty("java.security.krb5.conf", OneKDC.KRB5_CONF);
    // Add 3 versions of keys into keytab
    KeyTab ktab = KeyTab.create(OneKDC.KTAB);
    String serviceName = null;
    if (sniHostname != null) {
        serviceName = "host/" + sniHostname;
    } else {
        serviceName = "host/" + server;
    }
    PrincipalName service = new PrincipalName(serviceName, PrincipalName.KRB_NT_SRV_HST);
    ktab.addEntry(service, "pass1".toCharArray(), 1, true);
    ktab.addEntry(service, "pass2".toCharArray(), 2, true);
    ktab.addEntry(service, "pass3".toCharArray(), 3, true);
    ktab.save();
    // and use the middle one as the real key
    kdc.addPrincipal(serviceName, "pass2".toCharArray());
    // JAAS config entry name ssl
    System.setProperty("java.security.auth.login.config", OneKDC.JAAS_CONF);
    File f = new File(OneKDC.JAAS_CONF);
    FileOutputStream fos = new FileOutputStream(f);
    fos.write(("ssl {\n" + "    com.sun.security.auth.module.Krb5LoginModule required\n" + (unbound ? "    principal=*\n" : "    principal=\"" + serviceName + "\"\n") + "    useKeyTab=true\n" + "    keyTab=" + OneKDC.KTAB + "\n" + "    isInitiator=false\n" + "    storeKey=true;\n};\n").getBytes());
    fos.close();
    Context c;
    final Context s = Context.fromJAAS("ssl");
    s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);
    Thread server = new Thread(new Runnable() {

        public void run() {
            try {
                s.doAs(new JsseServerAction(), null);
            } catch (Exception e) {
                e.printStackTrace();
                serverState = 2;
            }
        }
    });
    server.setDaemon(true);
    server.start();
    while (serverState == 0) {
        Thread.sleep(50);
    }
    if (serverState == 2) {
        throw new Exception("Server already failed");
    }
    c = Context.fromUserPass(OneKDC.USER, OneKDC.PASS, false);
    c.startAsClient(serviceName, GSSUtil.GSS_KRB5_MECH_OID);
    c.doAs(new JsseClientAction(), null);
    // Add another version of key, make sure it can be loaded
    Thread.sleep(2000);
    ktab = KeyTab.getInstance(OneKDC.KTAB);
    ktab.addEntry(service, "pass4".toCharArray(), 4, true);
    ktab.save();
    kdc.addPrincipal(serviceName, "pass4".toCharArray());
    c = Context.fromUserPass(OneKDC.USER, OneKDC.PASS, false);
    c.startAsClient(serviceName, GSSUtil.GSS_KRB5_MECH_OID);
    c.doAs(new JsseClientAction(), null);
    // implementation related.
    if (unbound) {
        // and checks "accept". Second connection resume.
        if (!permChecks.equals("IA")) {
            throw new Exception();
        }
    } else {
        // client then checks "initiate". Second connection resume.
        if (!permChecks.equals("AAI")) {
            throw new Exception();
        }
    }
}
Also used : PrincipalName(sun.security.krb5.PrincipalName) KeyTab(sun.security.krb5.internal.ktab.KeyTab)

Aggregations

PrincipalName (sun.security.krb5.PrincipalName)17 KeyTab (sun.security.krb5.internal.ktab.KeyTab)7 KrbException (sun.security.krb5.KrbException)6 EncryptionKey (sun.security.krb5.EncryptionKey)3 CredentialsCache (sun.security.krb5.internal.ccache.CredentialsCache)3 File (java.io.File)2 IOException (java.io.IOException)2 PrivilegedActionException (java.security.PrivilegedActionException)2 KerberosKey (javax.security.auth.kerberos.KerberosKey)2 KerberosPrincipal (javax.security.auth.kerberos.KerberosPrincipal)2 KerberosTicket (javax.security.auth.kerberos.KerberosTicket)2 ServicePermission (javax.security.auth.kerberos.ServicePermission)2 Realm (sun.security.krb5.Realm)2 RealmException (sun.security.krb5.RealmException)2 InvocationTargetException (java.lang.reflect.InvocationTargetException)1 BigInteger (java.math.BigInteger)1 UnknownHostException (java.net.UnknownHostException)1 LoginException (javax.security.auth.login.LoginException)1 GSSException (org.ietf.jgss.GSSException)1 ServiceCreds (sun.security.jgss.krb5.ServiceCreds)1