Example 1 with KeyTab
use of sun.security.krb5.internal.ktab.KeyTab in project jdk8u_jdk by JetBrains.
the class DynamicKeytab method go.
void go() throws Exception {
OneKDC k = new OneKDC(null);
k.writeJAASConf();
Files.delete(Paths.get(OneKDC.KTAB));
// Starts with no keytab
c = Context.fromJAAS("client");
s = Context.fromJAAS("com.sun.security.jgss.krb5.accept");
// Test 1: read new key 1 from keytab
k.addPrincipal(OneKDC.SERVER, "pass1".toCharArray());
k.writeKtab(OneKDC.KTAB);
connect();
// Test 2: service key cached, find 1 in keytab (now contains 1 and 2)
k.addPrincipal(OneKDC.SERVER, "pass2".toCharArray());
k.appendKtab(OneKDC.KTAB);
connect();
// Test 3: re-login. Now find 2 in keytab
c = Context.fromJAAS("client");
connect();
// Test 4: re-login, KDC use 3 this time.
c = Context.fromJAAS("client");
// Put 3 and 4 into keytab but keep the real key back to 3.
k.addPrincipal(OneKDC.SERVER, "pass3".toCharArray());
k.appendKtab(OneKDC.KTAB);
k.addPrincipal(OneKDC.SERVER, "pass4".toCharArray());
k.appendKtab(OneKDC.KTAB);
k.addPrincipal(OneKDC.SERVER, "pass3".toCharArray());
connect();
// Test 5: invalid keytab file, should ignore
try (FileOutputStream fos = new FileOutputStream(OneKDC.KTAB)) {
fos.write("BADBADBAD".getBytes());
}
connect();
// Test 6: delete keytab file, identical to revoke all
Files.delete(Paths.get(OneKDC.KTAB));
try {
connect();
throw new Exception("Should not success");
} catch (GSSException gsse) {
System.out.println(gsse);
KrbException ke = (KrbException) gsse.getCause();
// This should have been Krb5.KRB_AP_ERR_NOKEY
if (ke.returnCode() != Krb5.API_INVALID_ARG) {
throw new Exception("Not expected failure code: " + ke.returnCode());
}
}
// Test 7: 3 revoked, should fail (now contains only 5)
k.addPrincipal(OneKDC.SERVER, "pass5".toCharArray());
// overwrite keytab, which means
k.writeKtab(OneKDC.KTAB);
// old key is revoked
try {
connect();
throw new Exception("Should not success");
} catch (GSSException gsse) {
System.out.println(gsse);
// Since 7197159, different kvno is accepted, this return code
// will never be thrown out again.
//KrbException ke = (KrbException)gsse.getCause();
//if (ke.returnCode() != Krb5.KRB_AP_ERR_BADKEYVER) {
// throw new Exception("Not expected failure code: " +
// ke.returnCode());
//}
}
// Test 8: an empty KDC means revoke all
KDC.create("EMPTY.REALM").writeKtab(OneKDC.KTAB);
try {
connect();
throw new Exception("Should not success");
} catch (GSSException gsse) {
System.out.println(gsse);
KrbException ke = (KrbException) gsse.getCause();
// This should have been Krb5.KRB_AP_ERR_NOKEY
if (ke.returnCode() != Krb5.API_INVALID_ARG) {
throw new Exception("Not expected failure code: " + ke.returnCode());
}
}
}
Also used :
GSSException(org.ietf.jgss.GSSException)
KrbException(sun.security.krb5.KrbException)
FileOutputStream(java.io.FileOutputStream)
GSSException(org.ietf.jgss.GSSException)
KrbException(sun.security.krb5.KrbException)
Example 2 with KeyTab
use of sun.security.krb5.internal.ktab.KeyTab in project jdk8u_jdk by JetBrains.
the class KvnoNA method main.
public static void main(String[] args) throws Exception {
OneKDC kdc = new OneKDC(null);
kdc.writeJAASConf();
// In KDC, it's 2
char[] pass = "pass2".toCharArray();
kdc.addPrincipal(OneKDC.SERVER, pass);
// In ktab, kvno is 1 or 3, 3 has the same password
KeyTab ktab = KeyTab.create(OneKDC.KTAB);
PrincipalName p = new PrincipalName(OneKDC.SERVER + "@" + OneKDC.REALM, PrincipalName.KRB_NT_SRV_HST);
ktab.addEntry(p, "pass1".toCharArray(), 1, true);
ktab.addEntry(p, "pass2".toCharArray(), 3, true);
ktab.save();
Context c, s;
c = Context.fromUserPass("dummy", "bogus".toCharArray(), false);
s = Context.fromJAAS("server");
c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);
Context.handshake(c, s);
s.dispose();
c.dispose();
}
Also used :
KeyTab(sun.security.krb5.internal.ktab.KeyTab)
PrincipalName(sun.security.krb5.PrincipalName)
Example 3 with KeyTab
use of sun.security.krb5.internal.ktab.KeyTab in project jdk8u_jdk by JetBrains.
the class FileKeyTab method main.
public static void main(String[] args) throws Exception {
String name = "ktab";
KeyTab kt = KeyTab.create(name);
kt.addEntry(new PrincipalName("a@A"), "x".toCharArray(), 1, true);
kt.save();
check(name);
check("FILE:" + name);
name = new File(name).getAbsolutePath().toString();
check(name);
check("FILE:" + name);
// The bug reporter uses this style, should only work for
// absolute path
check("FILE:/" + name);
}
Also used :
KeyTab(sun.security.krb5.internal.ktab.KeyTab)
PrincipalName(sun.security.krb5.PrincipalName)
File(java.io.File)
Example 4 with KeyTab
use of sun.security.krb5.internal.ktab.KeyTab in project jdk8u_jdk by JetBrains.
the class KeyTabIndex method main.
public static void main(String[] args) throws Exception {
KeyTab kt = KeyTab.create("ktab");
// Two entries with very different length, so that it's easy to
// observice the abnormal change of "index" field.
kt.addEntry(new PrincipalName("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa@A"), "x".toCharArray(), 1, true);
kt.addEntry(new PrincipalName("a@A"), "x".toCharArray(), 1, true);
kt.save();
Runnable t = new Runnable() {
@Override
public void run() {
KeyTab.getInstance("ktab").getClass();
}
};
for (int i = 0; i < 10; i++) {
new Thread(t).start();
}
}
Also used :
KeyTab(sun.security.krb5.internal.ktab.KeyTab)
PrincipalName(sun.security.krb5.PrincipalName)
Example 5 with KeyTab
use of sun.security.krb5.internal.ktab.KeyTab in project jdk8u_jdk by JetBrains.
the class KtabZero method check.
// Checks existence as well as kt-vno
static void check(boolean showBeMissing) throws Exception {
KeyTab kt = KeyTab.getInstance(NAME);
if (kt.isMissing() != showBeMissing) {
throw new Exception("isMissing is not " + showBeMissing);
}
Field f = KeyTab.class.getDeclaredField("kt_vno");
f.setAccessible(true);
if (f.getInt(kt) != KeyTabConstants.KRB5_KT_VNO) {
throw new Exception("kt_vno is " + f.getInt(kt));
}
}Aggregations
KeyTab (sun.security.krb5.internal.ktab.KeyTab)10
PrincipalName (sun.security.krb5.PrincipalName)9
KrbException (sun.security.krb5.KrbException)3
GSSException (org.ietf.jgss.GSSException)2
EncryptionKey (sun.security.krb5.EncryptionKey)2
RealmException (sun.security.krb5.RealmException)2
File (java.io.File)1
FileOutputStream (java.io.FileOutputStream)1
IOException (java.io.IOException)1
Field (java.lang.reflect.Field)1
PrivilegedActionException (java.security.PrivilegedActionException)1
HashSet (java.util.HashSet)1
KerberosKey (javax.security.auth.kerberos.KerberosKey)1
KerberosPrincipal (javax.security.auth.kerberos.KerberosPrincipal)1
KerberosTicket (javax.security.auth.kerberos.KerberosTicket)1
ServiceCreds (sun.security.jgss.krb5.ServiceCreds)1
EncryptedData (sun.security.krb5.EncryptedData)1
Realm (sun.security.krb5.Realm)1
EncTicketPart (sun.security.krb5.internal.EncTicketPart)1
Ticket (sun.security.krb5.internal.Ticket)1
