Example 1 with CredentialsCache
use of sun.security.krb5.internal.ccache.CredentialsCache in project jdk8u_jdk by JetBrains.
the class UnknownCCEntry method main.
public static void main(String[] args) throws Exception {
// This is a ccache file generated on a test machine:
// Default principal: dummy@MAX.LOCAL
// Valid starting Expires Service principal
// 08/24/10 10:37:28 08/25/10 10:37:28 krbtgt/MAX.LOCAL@MAX.LOCAL
// Flags: FI, Etype (skey, tkt): AES-128 CTS mode with 96-bit SHA-1
// HMAC, AES-256 CTS mode with 96-bit SHA-1 HMAC
byte[] krb5cc = { (byte) 0x05, (byte) 0x04, (byte) 0x00, (byte) 0x0C, (byte) 0x00, (byte) 0x01, (byte) 0x00, (byte) 0x08, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFA, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x01, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x01, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x09, (byte) 0x4D, (byte) 0x41, (byte) 0x58, (byte) 0x2E, (byte) 0x4C, (byte) 0x4F, (byte) 0x43, (byte) 0x41, (byte) 0x4C, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x05, (byte) 0x64, (byte) 0x75, (byte) 0x6D, (byte) 0x6D, (byte) 0x79, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x01, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x01, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x09, (byte) 0x4D, (byte) 0x41, (byte) 0x58, (byte) 0x2E, (byte) 0x4C, (byte) 0x4F, (byte) 0x43, (byte) 0x41, (byte) 0x4C, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x05, (byte) 0x64, (byte) 0x75, (byte) 0x6D, (byte) 0x6D, (byte) 0x79, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x02, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x09, (byte) 0x4D, (byte) 0x41, (byte) 0x58, (byte) 0x2E, (byte) 0x4C, (byte) 0x4F, (byte) 0x43, (byte) 0x41, (byte) 0x4C, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x06, (byte) 0x6B, (byte) 0x72, (byte) 0x62, (byte) 0x74, (byte) 0x67, (byte) 0x74, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x09, (byte) 0x4D, (byte) 0x41, (byte) 0x58, (byte) 0x2E, (byte) 0x4C, (byte) 0x4F, (byte) 0x43, (byte) 0x41, (byte) 0x4C, (byte) 0x00, (byte) 0x11, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x10, (byte) 0x92, (byte) 0x1D, (byte) 0x1A, (byte) 0x0C, (byte) 0x7F, (byte) 0xB8, (byte) 0x01, (byte) 0x2E, (byte) 0xC9, (byte) 0xF5, (byte) 0x7B, (byte) 0x92, (byte) 0x81, (byte) 0xCA, (byte) 0x49, (byte) 0xC5, (byte) 0x4C, (byte) 0x73, (byte) 0x30, (byte) 0x68, (byte) 0x4C, (byte) 0x73, (byte) 0x30, (byte) 0x68, (byte) 0x4C, (byte) 0x74, (byte) 0x81, (byte) 0xE8, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x40, (byte) 0x41, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x01, (byte) 0x29, (byte) 0x61, (byte) 0x82, (byte) 0x01, (byte) 0x25, (byte) 0x30, (byte) 0x82, (byte) 0x01, (byte) 0x21, (byte) 0xA0, (byte) 0x03, (byte) 0x02, (byte) 0x01, (byte) 0x05, (byte) 0xA1, (byte) 0x0B, (byte) 0x1B, (byte) 0x09, (byte) 0x4D, (byte) 0x41, (byte) 0x58, (byte) 0x2E, (byte) 0x4C, (byte) 0x4F, (byte) 0x43, (byte) 0x41, (byte) 0x4C, (byte) 0xA2, (byte) 0x1E, (byte) 0x30, (byte) 0x1C, (byte) 0xA0, (byte) 0x03, (byte) 0x02, (byte) 0x01, (byte) 0x00, (byte) 0xA1, (byte) 0x15, (byte) 0x30, (byte) 0x13, (byte) 0x1B, (byte) 0x06, (byte) 0x6B, (byte) 0x72, (byte) 0x62, (byte) 0x74, (byte) 0x67, (byte) 0x74, (byte) 0x1B, (byte) 0x09, (byte) 0x4D, (byte) 0x41, (byte) 0x58, (byte) 0x2E, (byte) 0x4C, (byte) 0x4F, (byte) 0x43, (byte) 0x41, (byte) 0x4C, (byte) 0xA3, (byte) 0x81, (byte) 0xEC, (byte) 0x30, (byte) 0x81, (byte) 0xE9, (byte) 0xA0, (byte) 0x03, (byte) 0x02, (byte) 0x01, (byte) 0x12, (byte) 0xA1, (byte) 0x03, (byte) 0x02, (byte) 0x01, (byte) 0x01, (byte) 0xA2, (byte) 0x81, (byte) 0xDC, (byte) 0x04, (byte) 0x81, (byte) 0xD9, (byte) 0xFB, (byte) 0x4B, (byte) 0xD2, (byte) 0x55, (byte) 0x33, (byte) 0xA8, (byte) 0x1A, (byte) 0xE6, (byte) 0xB5, (byte) 0x3D, (byte) 0x67, (byte) 0x46, (byte) 0x69, (byte) 0x6F, (byte) 0x0A, (byte) 0x64, (byte) 0xE7, (byte) 0x3D, (byte) 0xEF, (byte) 0x22, (byte) 0xBE, (byte) 0x81, (byte) 0x32, (byte) 0xF3, (byte) 0x72, (byte) 0xB4, (byte) 0x50, (byte) 0xE3, (byte) 0xC3, (byte) 0xDB, (byte) 0xE5, (byte) 0x38, (byte) 0x3C, (byte) 0x60, (byte) 0xC8, (byte) 0x08, (byte) 0x53, (byte) 0x44, (byte) 0x6F, (byte) 0xDF, (byte) 0x55, (byte) 0x67, (byte) 0x32, (byte) 0x02, (byte) 0xDD, (byte) 0x6B, (byte) 0xFB, (byte) 0x23, (byte) 0x1A, (byte) 0x88, (byte) 0x71, (byte) 0xE0, (byte) 0xF8, (byte) 0xBB, (byte) 0x51, (byte) 0x1E, (byte) 0x76, (byte) 0xC9, (byte) 0x1F, (byte) 0x45, (byte) 0x9B, (byte) 0xA0, (byte) 0xA5, (byte) 0x61, (byte) 0x45, (byte) 0x9E, (byte) 0x65, (byte) 0xB8, (byte) 0xD6, (byte) 0x0E, (byte) 0x3C, (byte) 0xD9, (byte) 0x56, (byte) 0xD6, (byte) 0xA6, (byte) 0xDD, (byte) 0x36, (byte) 0x21, (byte) 0x25, (byte) 0x0E, (byte) 0xE6, (byte) 0xAD, (byte) 0xA0, (byte) 0x3A, (byte) 0x9B, (byte) 0x21, (byte) 0x87, (byte) 0xE2, (byte) 0xAF, (byte) 0x3A, (byte) 0xEF, (byte) 0x75, (byte) 0x85, (byte) 0xA8, (byte) 0xD7, (byte) 0xE5, (byte) 0x46, (byte) 0xD8, (byte) 0x5C, (byte) 0x17, (byte) 0x4E, (byte) 0x64, (byte) 0x51, (byte) 0xDB, (byte) 0x38, (byte) 0x8E, (byte) 0x6B, (byte) 0x02, (byte) 0x05, (byte) 0x46, (byte) 0x77, (byte) 0xD0, (byte) 0x75, (byte) 0x8A, (byte) 0xE0, (byte) 0x42, (byte) 0x5E, (byte) 0x8D, (byte) 0x49, (byte) 0x86, (byte) 0xDE, (byte) 0x6C, (byte) 0xBC, (byte) 0xAF, (byte) 0x10, (byte) 0x9A, (byte) 0x97, (byte) 0x64, (byte) 0xA6, (byte) 0xBD, (byte) 0xDB, (byte) 0x01, (byte) 0x40, (byte) 0xA9, (byte) 0x3D, (byte) 0x74, (byte) 0x99, (byte) 0xDC, (byte) 0x63, (byte) 0x34, (byte) 0x40, (byte) 0x31, (byte) 0x57, (byte) 0xC7, (byte) 0x70, (byte) 0x9F, (byte) 0xCE, (byte) 0xC6, (byte) 0x7B, (byte) 0x00, (byte) 0x5B, (byte) 0x02, (byte) 0x5C, (byte) 0xC7, (byte) 0x81, (byte) 0x40, (byte) 0x4D, (byte) 0xA7, (byte) 0xB1, (byte) 0xD2, (byte) 0xEA, (byte) 0x8E, (byte) 0xEC, (byte) 0xA0, (byte) 0xB3, (byte) 0x03, (byte) 0x29, (byte) 0xB8, (byte) 0x44, (byte) 0xD7, (byte) 0xA1, (byte) 0x2B, (byte) 0x37, (byte) 0x9D, (byte) 0x19, (byte) 0x11, (byte) 0x1D, (byte) 0x58, (byte) 0xE8, (byte) 0x06, (byte) 0xE7, (byte) 0x06, (byte) 0xE3, (byte) 0xF7, (byte) 0xEF, (byte) 0x05, (byte) 0xA9, (byte) 0x05, (byte) 0x93, (byte) 0x42, (byte) 0x94, (byte) 0x5A, (byte) 0xD6, (byte) 0xA0, (byte) 0x24, (byte) 0x3A, (byte) 0x52, (byte) 0x92, (byte) 0xA3, (byte) 0x79, (byte) 0x98, (byte) 0x3C, (byte) 0x68, (byte) 0x55, (byte) 0x1B, (byte) 0x6A, (byte) 0xC5, (byte) 0x83, (byte) 0x89, (byte) 0x5A, (byte) 0x79, (byte) 0x5C, (byte) 0x52, (byte) 0xBA, (byte) 0xB8, (byte) 0xF7, (byte) 0x72, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x01, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x01, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x09, (byte) 0x4D, (byte) 0x41, (byte) 0x58, (byte) 0x2E, (byte) 0x4C, (byte) 0x4F, (byte) 0x43, (byte) 0x41, (byte) 0x4C, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x05, (byte) 0x64, (byte) 0x75, (byte) 0x6D, (byte) 0x6D, (byte) 0x79, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x03, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x0C, (byte) 0x58, (byte) 0x2D, (byte) 0x43, (byte) 0x41, (byte) 0x43, (byte) 0x48, (byte) 0x45, (byte) 0x43, (byte) 0x4F, (byte) 0x4E, (byte) 0x46, (byte) 0x3A, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x15, (byte) 0x6B, (byte) 0x72, (byte) 0x62, (byte) 0x35, (byte) 0x5F, (byte) 0x63, (byte) 0x63, (byte) 0x61, (byte) 0x63, (byte) 0x68, (byte) 0x65, (byte) 0x5F, (byte) 0x63, (byte) 0x6F, (byte) 0x6E, (byte) 0x66, (byte) 0x5F, (byte) 0x64, (byte) 0x61, (byte) 0x74, (byte) 0x61, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x0A, (byte) 0x66, (byte) 0x61, (byte) 0x73, (byte) 0x74, (byte) 0x5F, (byte) 0x61, (byte) 0x76, (byte) 0x61, (byte) 0x69, (byte) 0x6C, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x1A, (byte) 0x6B, (byte) 0x72, (byte) 0x62, (byte) 0x74, (byte) 0x67, (byte) 0x74, (byte) 0x2F, (byte) 0x4D, (byte) 0x41, (byte) 0x58, (byte) 0x2E, (byte) 0x4C, (byte) 0x4F, (byte) 0x43, (byte) 0x41, (byte) 0x4C, (byte) 0x40, (byte) 0x4D, (byte) 0x41, (byte) 0x58, (byte) 0x2E, (byte) 0x4C, (byte) 0x4F, (byte) 0x43, (byte) 0x41, (byte) 0x4C, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x03, (byte) 0x79, (byte) 0x65, (byte) 0x73, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00 };
File f = File.createTempFile("ccache", "cc", new File("."));
FileOutputStream fout = new FileOutputStream(f);
fout.write(krb5cc);
fout.close();
CredentialsCache cc = CredentialsCache.getInstance(f.getPath());
if (!cc.getDefaultCreds().getServicePrincipal().getNameStrings()[0].equals("krbtgt")) {
throw new Exception("No TGT found");
}
}
Also used :
CredentialsCache(sun.security.krb5.internal.ccache.CredentialsCache)
FileOutputStream(java.io.FileOutputStream)
File(java.io.File)
Example 2 with CredentialsCache
use of sun.security.krb5.internal.ccache.CredentialsCache in project jdk8u_jdk by JetBrains.
the class Credentials method acquireTGTFromCache.
/**
* Returns a TGT for the given client principal from a ticket cache.
*
* @param princ the client principal. A value of null means that the
* default principal name in the credentials cache will be used.
* @param ticketCache the path to the tickets file. A value
* of null will be accepted to indicate that the default
* path should be searched
* @returns the TGT credentials or null if none were found. If the tgt
* expired, it is the responsibility of the caller to determine this.
*/
public static Credentials acquireTGTFromCache(PrincipalName princ, String ticketCache) throws KrbException, IOException {
if (ticketCache == null) {
// The default ticket cache on Windows and Mac is not a file.
String os = java.security.AccessController.doPrivileged(new sun.security.action.GetPropertyAction("os.name"));
if (os.toUpperCase(Locale.ENGLISH).startsWith("WINDOWS") || os.toUpperCase(Locale.ENGLISH).contains("OS X")) {
Credentials creds = acquireDefaultCreds();
if (creds == null) {
if (DEBUG) {
System.out.println(">>> Found no TGT's in LSA");
}
return null;
}
if (princ != null) {
if (creds.getClient().equals(princ)) {
if (DEBUG) {
System.out.println(">>> Obtained TGT from LSA: " + creds);
}
return creds;
} else {
if (DEBUG) {
System.out.println(">>> LSA contains TGT for " + creds.getClient() + " not " + princ);
}
return null;
}
} else {
if (DEBUG) {
System.out.println(">>> Obtained TGT from LSA: " + creds);
}
return creds;
}
}
}
/*
* Returns the appropriate cache. If ticketCache is null, it is the
* default cache otherwise it is the cache filename contained in it.
*/
CredentialsCache ccache = CredentialsCache.getInstance(princ, ticketCache);
if (ccache == null) {
return null;
}
sun.security.krb5.internal.ccache.Credentials tgtCred = ccache.getDefaultCreds();
if (tgtCred == null) {
return null;
}
if (EType.isSupported(tgtCred.getEType())) {
return tgtCred.setKrbCreds();
} else {
if (DEBUG) {
System.out.println(">>> unsupported key type found the default TGT: " + tgtCred.getEType());
}
return null;
}
}
Also used :
CredentialsCache(sun.security.krb5.internal.ccache.CredentialsCache)
Example 3 with CredentialsCache
use of sun.security.krb5.internal.ccache.CredentialsCache in project jdk8u_jdk by JetBrains.
the class Klist method displayCache.
void displayCache() {
CredentialsCache cache = (CredentialsCache) target;
sun.security.krb5.internal.ccache.Credentials[] creds = cache.getCredsList();
if (creds == null) {
System.out.println("No credentials available in the cache " + name);
System.exit(-1);
}
System.out.println("\nCredentials cache: " + name);
String defaultPrincipal = cache.getPrimaryPrincipal().toString();
int num = creds.length;
if (num == 1)
System.out.println("\nDefault principal: " + defaultPrincipal + ", " + creds.length + " entry found.\n");
else
System.out.println("\nDefault principal: " + defaultPrincipal + ", " + creds.length + " entries found.\n");
if (creds != null) {
for (int i = 0; i < creds.length; i++) {
try {
String starttime;
String endtime;
String renewTill;
String servicePrincipal;
if (creds[i].getStartTime() != null) {
starttime = format(creds[i].getStartTime());
} else {
starttime = format(creds[i].getAuthTime());
}
endtime = format(creds[i].getEndTime());
servicePrincipal = creds[i].getServicePrincipal().toString();
System.out.println("[" + (i + 1) + "] " + " Service Principal: " + servicePrincipal);
System.out.println(" Valid starting: " + starttime);
System.out.println(" Expires: " + endtime);
if (creds[i].getRenewTill() != null) {
renewTill = format(creds[i].getRenewTill());
System.out.println(" Renew until: " + renewTill);
}
if (options[0] == 'e') {
String eskey = EType.toString(creds[i].getEType());
String etkt = EType.toString(creds[i].getTktEType());
System.out.println(" EType (skey, tkt): " + eskey + ", " + etkt);
}
if (options[1] == 'f') {
System.out.println(" Flags: " + creds[i].getTicketFlags().toString());
}
if (options[2] == 'a') {
boolean first = true;
InetAddress[] caddr = creds[i].setKrbCreds().getClientAddresses();
if (caddr != null) {
for (InetAddress ia : caddr) {
String out;
if (options[3] == 'n') {
out = ia.getHostAddress();
} else {
out = ia.getCanonicalHostName();
}
System.out.println(" " + (first ? "Addresses:" : " ") + " " + out);
first = false;
}
} else {
System.out.println(" [No host addresses info]");
}
}
} catch (RealmException e) {
System.out.println("Error reading principal from " + "the entry.");
if (DEBUG) {
e.printStackTrace();
}
System.exit(-1);
}
}
} else {
System.out.println("\nNo entries found.");
}
}
Also used :
sun.security.krb5.internal(sun.security.krb5.internal)
InetAddress(java.net.InetAddress)
Example 4 with CredentialsCache
use of sun.security.krb5.internal.ccache.CredentialsCache in project jdk8u_jdk by JetBrains.
the class KDC method processAsReq.
/**
* Processes a AS_REQ and generates a AS_REP (or KRB_ERROR)
* @param in the request
* @return the response
* @throws java.lang.Exception for various errors
*/
protected byte[] processAsReq(byte[] in) throws Exception {
ASReq asReq = new ASReq(in);
int[] eTypes = null;
List<PAData> outPAs = new ArrayList<>();
PrincipalName service = asReq.reqBody.sname;
if (options.containsKey(KDC.Option.RESP_NT)) {
service = new PrincipalName((int) options.get(KDC.Option.RESP_NT), service.getNameStrings(), Realm.getDefault());
}
try {
System.out.println(realm + "> " + asReq.reqBody.cname + " sends AS-REQ for " + service + ", " + asReq.reqBody.kdcOptions);
KDCReqBody body = asReq.reqBody;
eTypes = KDCReqBodyDotEType(body);
int eType = eTypes[0];
EncryptionKey ckey = keyForUser(body.cname, eType, false);
EncryptionKey skey = keyForUser(service, eType, true);
if (options.containsKey(KDC.Option.ONLY_RC4_TGT)) {
int tgtEType = EncryptedData.ETYPE_ARCFOUR_HMAC;
boolean found = false;
for (int i = 0; i < eTypes.length; i++) {
if (eTypes[i] == tgtEType) {
found = true;
break;
}
}
if (!found) {
throw new KrbException(Krb5.KDC_ERR_ETYPE_NOSUPP);
}
skey = keyForUser(service, tgtEType, true);
}
if (ckey == null) {
throw new KrbException(Krb5.KDC_ERR_ETYPE_NOSUPP);
}
if (skey == null) {
// TODO
throw new KrbException(Krb5.KDC_ERR_SUMTYPE_NOSUPP);
}
// Session key
EncryptionKey key = generateRandomKey(eType);
// Check time, TODO
KerberosTime till = body.till;
if (till == null) {
// TODO
throw new KrbException(Krb5.KDC_ERR_NEVER_VALID);
} else if (till.isZero()) {
till = new KerberosTime(new Date().getTime() + 1000 * 3600 * 11);
}
//body.from
boolean[] bFlags = new boolean[Krb5.TKT_OPTS_MAX + 1];
if (body.kdcOptions.get(KDCOptions.FORWARDABLE)) {
List<String> sensitives = (List<String>) options.get(Option.SENSITIVE_ACCOUNTS);
if (sensitives != null && sensitives.contains(body.cname.toString())) {
// Cannot make FORWARDABLE
} else {
bFlags[Krb5.TKT_OPTS_FORWARDABLE] = true;
}
}
if (body.kdcOptions.get(KDCOptions.RENEWABLE)) {
bFlags[Krb5.TKT_OPTS_RENEWABLE] = true;
//renew = new KerberosTime(new Date().getTime() + 1000 * 3600 * 24 * 7);
}
if (body.kdcOptions.get(KDCOptions.PROXIABLE)) {
bFlags[Krb5.TKT_OPTS_PROXIABLE] = true;
}
if (body.kdcOptions.get(KDCOptions.POSTDATED)) {
bFlags[Krb5.TKT_OPTS_POSTDATED] = true;
}
if (body.kdcOptions.get(KDCOptions.ALLOW_POSTDATE)) {
bFlags[Krb5.TKT_OPTS_MAY_POSTDATE] = true;
}
bFlags[Krb5.TKT_OPTS_INITIAL] = true;
// Creating PA-DATA
DerValue[] pas2 = null, pas = null;
if (options.containsKey(KDC.Option.DUP_ETYPE)) {
int n = (Integer) options.get(KDC.Option.DUP_ETYPE);
switch(n) {
case // customer's case in 7067974
1:
pas2 = new DerValue[] { new DerValue(new ETypeInfo2(1, null, null).asn1Encode()), new DerValue(new ETypeInfo2(1, "", null).asn1Encode()), new DerValue(new ETypeInfo2(1, realm, new byte[] { 1 }).asn1Encode()) };
pas = new DerValue[] { new DerValue(new ETypeInfo(1, null).asn1Encode()), new DerValue(new ETypeInfo(1, "").asn1Encode()), new DerValue(new ETypeInfo(1, realm).asn1Encode()) };
break;
case // we still reject non-null s2kparams and prefer E2 over E
2:
pas2 = new DerValue[] { new DerValue(new ETypeInfo2(1, realm, new byte[] { 1 }).asn1Encode()), new DerValue(new ETypeInfo2(1, null, null).asn1Encode()), new DerValue(new ETypeInfo2(1, "", null).asn1Encode()) };
pas = new DerValue[] { new DerValue(new ETypeInfo(1, realm).asn1Encode()), new DerValue(new ETypeInfo(1, null).asn1Encode()), new DerValue(new ETypeInfo(1, "").asn1Encode()) };
break;
case // but only E is wrong
3:
pas = new DerValue[] { new DerValue(new ETypeInfo(1, realm).asn1Encode()), new DerValue(new ETypeInfo(1, null).asn1Encode()), new DerValue(new ETypeInfo(1, "").asn1Encode()) };
break;
case // we also ignore rc4-hmac
4:
pas = new DerValue[] { new DerValue(new ETypeInfo(23, "ANYTHING").asn1Encode()), new DerValue(new ETypeInfo(1, null).asn1Encode()), new DerValue(new ETypeInfo(1, "").asn1Encode()) };
break;
case // "" should be wrong, but we accept it now
5:
// See s.s.k.internal.PAData$SaltAndParams
pas = new DerValue[] { new DerValue(new ETypeInfo(1, "").asn1Encode()), new DerValue(new ETypeInfo(1, null).asn1Encode()) };
break;
}
} else {
int[] epas = eTypes;
if (options.containsKey(KDC.Option.RC4_FIRST_PREAUTH)) {
for (int i = 1; i < epas.length; i++) {
if (epas[i] == EncryptedData.ETYPE_ARCFOUR_HMAC) {
epas[i] = epas[0];
epas[0] = EncryptedData.ETYPE_ARCFOUR_HMAC;
break;
}
}
;
} else if (options.containsKey(KDC.Option.ONLY_ONE_PREAUTH)) {
epas = new int[] { eTypes[0] };
}
pas2 = new DerValue[epas.length];
for (int i = 0; i < epas.length; i++) {
pas2[i] = new DerValue(new ETypeInfo2(epas[i], epas[i] == EncryptedData.ETYPE_ARCFOUR_HMAC ? null : getSalt(body.cname), null).asn1Encode());
}
boolean allOld = true;
for (int i : eTypes) {
if (i == EncryptedData.ETYPE_AES128_CTS_HMAC_SHA1_96 || i == EncryptedData.ETYPE_AES256_CTS_HMAC_SHA1_96) {
allOld = false;
break;
}
}
if (allOld) {
pas = new DerValue[epas.length];
for (int i = 0; i < epas.length; i++) {
pas[i] = new DerValue(new ETypeInfo(epas[i], epas[i] == EncryptedData.ETYPE_ARCFOUR_HMAC ? null : getSalt(body.cname)).asn1Encode());
}
}
}
DerOutputStream eid;
if (pas2 != null) {
eid = new DerOutputStream();
eid.putSequence(pas2);
outPAs.add(new PAData(Krb5.PA_ETYPE_INFO2, eid.toByteArray()));
}
if (pas != null) {
eid = new DerOutputStream();
eid.putSequence(pas);
outPAs.add(new PAData(Krb5.PA_ETYPE_INFO, eid.toByteArray()));
}
PAData[] inPAs = KDCReqDotPAData(asReq);
if (inPAs == null || inPAs.length == 0) {
Object preauth = options.get(Option.PREAUTH_REQUIRED);
if (preauth == null || preauth.equals(Boolean.TRUE)) {
throw new KrbException(Krb5.KDC_ERR_PREAUTH_REQUIRED);
}
} else {
try {
EncryptedData data = newEncryptedData(new DerValue(inPAs[0].getValue()));
EncryptionKey pakey = keyForUser(body.cname, data.getEType(), false);
data.decrypt(pakey, KeyUsage.KU_PA_ENC_TS);
} catch (Exception e) {
throw new KrbException(Krb5.KDC_ERR_PREAUTH_FAILED);
}
bFlags[Krb5.TKT_OPTS_PRE_AUTHENT] = true;
}
TicketFlags tFlags = new TicketFlags(bFlags);
EncTicketPart enc = new EncTicketPart(tFlags, key, body.cname, new TransitedEncoding(1, new byte[0]), new KerberosTime(new Date()), body.from, till, body.rtime, body.addresses, null);
Ticket t = new Ticket(service, new EncryptedData(skey, enc.asn1Encode(), KeyUsage.KU_TICKET));
EncASRepPart enc_part = new EncASRepPart(key, new LastReq(new LastReqEntry[] { new LastReqEntry(0, new KerberosTime(new Date().getTime() - 10000)) }), // TODO: detect replay?
body.getNonce(), new KerberosTime(new Date().getTime() + 1000 * 3600 * 24), // Next 5 and last MUST be same with ticket
tFlags, new KerberosTime(new Date()), body.from, till, body.rtime, service, body.addresses);
EncryptedData edata = new EncryptedData(ckey, enc_part.asn1Encode(), KeyUsage.KU_ENC_AS_REP_PART);
ASRep asRep = new ASRep(outPAs.toArray(new PAData[outPAs.size()]), body.cname, t, edata);
System.out.println(" Return " + asRep.cname + " ticket for " + asRep.ticket.sname + ", flags " + tFlags);
DerOutputStream out = new DerOutputStream();
out.write(DerValue.createTag(DerValue.TAG_APPLICATION, true, (byte) Krb5.KRB_AS_REP), asRep.asn1Encode());
byte[] result = out.toByteArray();
// Added feature:
// Write the current issuing TGT into a ccache file specified
// by the system property below.
String ccache = System.getProperty("test.kdc.save.ccache");
if (ccache != null) {
asRep.encKDCRepPart = enc_part;
sun.security.krb5.internal.ccache.Credentials credentials = new sun.security.krb5.internal.ccache.Credentials(asRep);
CredentialsCache cache = CredentialsCache.create(asReq.reqBody.cname, ccache);
if (cache == null) {
throw new IOException("Unable to create the cache file " + ccache);
}
cache.update(credentials);
cache.save();
}
return result;
} catch (KrbException ke) {
ke.printStackTrace(System.out);
KRBError kerr = ke.getError();
KDCReqBody body = asReq.reqBody;
System.out.println(" Error " + ke.returnCode() + " " + ke.returnCodeMessage());
byte[] eData = null;
if (kerr == null) {
if (ke.returnCode() == Krb5.KDC_ERR_PREAUTH_REQUIRED || ke.returnCode() == Krb5.KDC_ERR_PREAUTH_FAILED) {
DerOutputStream bytes = new DerOutputStream();
bytes.write(new PAData(Krb5.PA_ENC_TIMESTAMP, new byte[0]).asn1Encode());
for (PAData p : outPAs) {
bytes.write(p.asn1Encode());
}
DerOutputStream temp = new DerOutputStream();
temp.write(DerValue.tag_Sequence, bytes);
eData = temp.toByteArray();
}
kerr = new KRBError(null, null, null, new KerberosTime(new Date()), 0, ke.returnCode(), body.cname, service, KrbException.errorMessage(ke.returnCode()), eData);
}
return kerr.asn1Encode();
}
}
Also used :
sun.security.krb5.internal(sun.security.krb5.internal)
sun.security.krb5(sun.security.krb5)
DerOutputStream(sun.security.util.DerOutputStream)
CredentialsCache(sun.security.krb5.internal.ccache.CredentialsCache)
DerValue(sun.security.util.DerValue)
InvocationTargetException(java.lang.reflect.InvocationTargetException)
Example 5 with CredentialsCache
use of sun.security.krb5.internal.ccache.CredentialsCache in project jdk8u_jdk by JetBrains.
the class EmptyCC method main.
public static void main(String[] args) throws Exception {
final PrincipalName pn = new PrincipalName("dummy@FOO.COM");
final String ccache = args[0];
if (args.length == 1) {
// Main process, write the ccache and launch sub process
CredentialsCache cache = CredentialsCache.create(pn, ccache);
cache.save();
Proc p = Proc.create("EmptyCC").args(ccache, "readcc").env("KRB5CCNAME", ccache).start();
p.waitFor();
} else {
// Sub process, read the ccache
String cc = System.getenv("KRB5CCNAME");
if (!cc.equals(ccache)) {
throw new Exception("env not set correctly");
}
// Make sure the ccache is created with bare file name
if (CredentialsCache.getInstance() == null) {
throw new Exception("Cache not instantiated");
}
if (!new File("tmpcc").exists()) {
throw new Exception("File not found");
}
Credentials.acquireTGTFromCache(pn, null);
}
}
Also used :
CredentialsCache(sun.security.krb5.internal.ccache.CredentialsCache)
PrincipalName(sun.security.krb5.PrincipalName)
File(java.io.File)
Aggregations
CredentialsCache (sun.security.krb5.internal.ccache.CredentialsCache)4
File (java.io.File)2
sun.security.krb5.internal (sun.security.krb5.internal)2
FileOutputStream (java.io.FileOutputStream)1
InvocationTargetException (java.lang.reflect.InvocationTargetException)1
InetAddress (java.net.InetAddress)1
sun.security.krb5 (sun.security.krb5)1
PrincipalName (sun.security.krb5.PrincipalName)1
DerOutputStream (sun.security.util.DerOutputStream)1
DerValue (sun.security.util.DerValue)1
