Java Code Examples for sun.security.krb5.Config#refresh()
The following examples show how to use
sun.security.krb5.Config#refresh() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: NullRenewUntil.java From openjdk-jdk8u with GNU General Public License v2.0 | 6 votes |
public static void main(String[] args) throws Exception { OneKDC kdc = new OneKDC(null); KDC.saveConfig(OneKDC.KRB5_CONF, kdc, "ticket_lifetime = 10s", "renew_lifetime = 11s"); Config.refresh(); KerberosTicket ticket = Context .fromUserPass(OneKDC.USER, OneKDC.PASS, false).s() .getPrivateCredentials(KerberosTicket.class).iterator().next(); System.out.println(ticket); Asserts.assertTrue(ticket.getRenewTill() != null, ticket.toString()); Thread.sleep(2000); ticket.refresh(); System.out.println(ticket); Asserts.assertTrue(ticket.getRenewTill() == null, ticket.toString()); Thread.sleep(2000); ticket.refresh(); System.out.println(ticket); }
Example 2
Source File: OnlyDesLogin.java From jdk8u_jdk with GNU General Public License v2.0 | 6 votes |
public static void main(String[] args) throws Exception { OneKDC kdc = new OneKDC(null); kdc.writeJAASConf(); KDC.saveConfig(OneKDC.KRB5_CONF, kdc, "default_tkt_enctypes=des-cbc-md5", "default_tgs_enctypes=des-cbc-md5", "permitted_enctypes=des-cbc-md5"); Config.refresh(); try { Context.fromJAAS("client"); throw new Exception("What?"); } catch (LoginException le) { // This is OK } }
Example 3
Source File: ExtraLines.java From jdk8u_jdk with GNU General Public License v2.0 | 6 votes |
public static void main(String[] args) throws Exception { Path base = Paths.get("krb5.conf"); Path include = Paths.get("included.conf"); String baseConf = "include " + include.toAbsolutePath().toString() + "\n[x]\na = b\n"; String includeConf = "[y]\nc = d\n"; Files.write(include, includeConf.getBytes()); Files.write(base, baseConf.getBytes()); System.setProperty("java.security.krb5.conf", base.toString()); Config.refresh(); if (!Objects.equals(Config.getInstance().get("x", "a"), "b")) { throw new Exception("Failed"); } }
Example 4
Source File: Renewal.java From dragonwell8_jdk with GNU General Public License v2.0 | 6 votes |
static void checkLogin( String s1, // ticket_lifetime in krb5.conf, null if none String s2, // renew_lifetime in krb5.conf, null if none int t1, int t2 // expected lifetimes, -1 of unexpected ) throws Exception { KDC.saveConfig(OneKDC.KRB5_CONF, kdc, s1 != null ? ("ticket_lifetime = " + s1) : "", s2 != null ? ("renew_lifetime = " + s2) : ""); Config.refresh(); Context c; c = Context.fromJAAS("client"); Set<KerberosTicket> tickets = c.s().getPrivateCredentials(KerberosTicket.class); if (tickets.size() != 1) { throw new Exception(); } KerberosTicket ticket = tickets.iterator().next(); checkRough(ticket.getEndTime(), t1); checkRough(ticket.getRenewTill(), t2); }
Example 5
Source File: UdpTcp.java From jdk8u-jdk with GNU General Public License v2.0 | 5 votes |
public static void main(String[] args) throws Exception { System.setProperty("sun.security.krb5.debug", "true"); OneKDC kdc = new OneKDC(null); kdc.writeJAASConf(); // Two styles of kdc_timeout setting. One global, one realm-specific. if (args[0].equals("UDP")) { KDC.saveConfig(OneKDC.KRB5_CONF, kdc, "kdc_timeout = 10s"); } else { kdc.addConf("kdc_timeout = 10s"); KDC.saveConfig(OneKDC.KRB5_CONF, kdc, "udp_preference_limit = 1"); } Config.refresh(); ByteArrayOutputStream bo = new ByteArrayOutputStream(); PrintStream oldout = System.out; System.setOut(new PrintStream(bo)); Context.fromUserPass(OneKDC.USER, OneKDC.PASS, false); System.setOut(oldout); for (String line: new String(bo.toByteArray()).split("\n")) { if (line.contains(">>> KDCCommunication")) { if (!line.contains(args[0]) || !line.contains("timeout=10000")) { throw new Exception("No " + args[0] + " in: " + line); } } } }
Example 6
Source File: KdcDefaultOptions.java From hottub with GNU General Public License v2.0 | 5 votes |
public static void main(String[] args) throws Exception { System.setProperty("java.security.krb5.conf", System.getProperty("test.src", ".") + "/kdc_default_options.conf"); Config.refresh(); KDCOptions options = new KDCOptions(); if (!options.get(KDCOptions.FORWARDABLE) || !options.get(KDCOptions.PROXIABLE) || !options.get(KDCOptions.RENEWABLE_OK)) { throw new Exception(options.toString()); } }
Example 7
Source File: Unreachable.java From TencentKona-8 with GNU General Public License v2.0 | 5 votes |
public static void main(String[] args) throws Exception { File f = new File( System.getProperty("test.src", "."), "unreachable.krb5.conf"); System.setProperty("java.security.krb5.conf", f.getPath()); Config.refresh(); // If PortUnreachableException is not received, the login will consume // about 3*3*30 seconds and the test will timeout. try { Context.fromUserPass("name", "pass".toCharArray(), true); } catch (LoginException le) { // This is OK } }
Example 8
Source File: W83.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 5 votes |
public static void main(String[] args) throws Exception { W83 x = new W83(); // Cannot use OneKDC. kinit command cannot resolve // hostname kdc.rabbit.hole KDC kdc = new KDC(OneKDC.REALM, "127.0.0.1", 0, true); kdc.addPrincipal(OneKDC.USER, OneKDC.PASS); kdc.addPrincipalRandKey("krbtgt/" + OneKDC.REALM); KDC.saveConfig(OneKDC.KRB5_CONF, kdc); System.setProperty("java.security.krb5.conf", OneKDC.KRB5_CONF); Config.refresh(); kdc.writeKtab(OneKDC.KTAB); KeyTab ktab = KeyTab.getInstance(OneKDC.KTAB); for (int etype: EType.getBuiltInDefaults()) { if (etype != EncryptedData.ETYPE_ARCFOUR_HMAC) { ktab.deleteEntries(new PrincipalName(OneKDC.USER), etype, -1); } } ktab.save(); if (System.getProperty("6932525") != null) { // For 6932525 and 6951366, make sure the etypes sent in 2nd AS-REQ // is not restricted to that of preauth kdc.setOption(KDC.Option.ONLY_RC4_TGT, true); } if (System.getProperty("6959292") != null) { // For 6959292, make sure that when etype for enc-part in 2nd AS-REQ // is different from that of preauth, client can still decrypt it kdc.setOption(KDC.Option.RC4_FIRST_PREAUTH, true); } x.go(); }
Example 9
Source File: DnsFallback.java From openjdk-jdk9 with GNU General Public License v2.0 | 5 votes |
/** * Sets and checks. * * @param u dns_lookup_XXX value set, none if null * @param f dns_fallback value set, none if null * @param r expected useDNS_Realm * @param k expected useDNS_KDC */ static void check(String u, String f, boolean r, boolean k) throws Exception { try (PrintStream ps = new PrintStream(new FileOutputStream("dnsfallback.conf"))) { ps.println("[libdefaults]\n"); if (u != null) { ps.println("dns_lookup_realm=" + u); ps.println("dns_lookup_kdc=" + u); } if (f != null) { ps.println("dns_fallback=" + f); } } System.setProperty("java.security.krb5.conf", "dnsfallback.conf"); Config.refresh(); System.out.println("Testing " + u + ", " + f + ", " + r + ", " + k); if (!useDNS_Realm.invoke(Config.getInstance()).equals(r)) { throw new Exception("useDNS_Realm Fail"); } if (!useDNS_KDC.invoke(Config.getInstance()).equals(k)) { throw new Exception("useDNS_KDC Fail"); } }
Example 10
Source File: Unreachable.java From jdk8u-jdk with GNU General Public License v2.0 | 5 votes |
public static void main(String[] args) throws Exception { File f = new File( System.getProperty("test.src", "."), "unreachable.krb5.conf"); System.setProperty("java.security.krb5.conf", f.getPath()); Config.refresh(); // If PortUnreachableException is not received, the login will consume // about 3*3*30 seconds and the test will timeout. try { Context.fromUserPass("name", "pass".toCharArray(), true); } catch (LoginException le) { // This is OK } }
Example 11
Source File: OneKDC.java From TencentKona-8 with GNU General Public License v2.0 | 5 votes |
/** * Creates the KDC and starts it. * @param etype Encryption type, null if not specified * @throws java.lang.Exception if there's anything wrong */ public OneKDC(String etype) throws Exception { super(REALM, KDCHOST, 0, true); addPrincipal(USER, PASS); addPrincipal(USER2, PASS2); addPrincipalRandKey("krbtgt/" + REALM); addPrincipalRandKey(SERVER); addPrincipalRandKey(BACKEND); String extraConfig = ""; if (etype != null) { extraConfig += "default_tkt_enctypes=" + etype + "\ndefault_tgs_enctypes=" + etype; if (etype.startsWith("des")) { extraConfig += "\nallow_weak_crypto = true"; } } KDC.saveConfig(KRB5_CONF, this, "forwardable = true", "default_keytab_name = " + KTAB, extraConfig); System.setProperty("java.security.krb5.conf", KRB5_CONF); // Whatever krb5.conf had been loaded before, we reload ours now. Config.refresh(); writeKtab(KTAB); Security.setProperty("auth.login.defaultCallbackHandler", "OneKDC$CallbackForClient"); }
Example 12
Source File: Unreachable.java From hottub with GNU General Public License v2.0 | 5 votes |
public static void main(String[] args) throws Exception { File f = new File( System.getProperty("test.src", "."), "unreachable.krb5.conf"); System.setProperty("java.security.krb5.conf", f.getPath()); Config.refresh(); // If PortUnreachableException is not received, the login will consume // about 3*3*30 seconds and the test will timeout. try { Context.fromUserPass("name", "pass".toCharArray(), true); } catch (LoginException le) { // This is OK } }
Example 13
Source File: UdpTcp.java From jdk8u-dev-jdk with GNU General Public License v2.0 | 5 votes |
public static void main(String[] args) throws Exception { System.setProperty("sun.security.krb5.debug", "true"); OneKDC kdc = new OneKDC(null); kdc.writeJAASConf(); // Two styles of kdc_timeout setting. One global, one realm-specific. if (args[0].equals("UDP")) { KDC.saveConfig(OneKDC.KRB5_CONF, kdc, "kdc_timeout = 10s"); } else { kdc.addConf("kdc_timeout = 10s"); KDC.saveConfig(OneKDC.KRB5_CONF, kdc, "udp_preference_limit = 1"); } Config.refresh(); ByteArrayOutputStream bo = new ByteArrayOutputStream(); PrintStream oldout = System.out; System.setOut(new PrintStream(bo)); Context.fromUserPass(OneKDC.USER, OneKDC.PASS, false); System.setOut(oldout); for (String line: new String(bo.toByteArray()).split("\n")) { if (line.contains(">>> KDCCommunication")) { if (!line.contains(args[0]) || !line.contains("timeout=10000")) { throw new Exception("No " + args[0] + " in: " + line); } } } }
Example 14
Source File: AddressesAndNameType.java From jdk8u60 with GNU General Public License v2.0 | 4 votes |
public static void main(String[] args) throws Exception { OneKDC kdc = new OneKDC(null); kdc.writeJAASConf(); String extraLine; switch (args[0]) { case "1": extraLine = "noaddresses = false"; break; case "2": extraLine = "noaddresses = true"; break; default: extraLine = ""; break; } KDC.saveConfig(OneKDC.KRB5_CONF, kdc, extraLine); Config.refresh(); Context c = Context.fromUserPass(OneKDC.USER, OneKDC.PASS, false); Set<KerberosTicket> tickets = c.s().getPrivateCredentials(KerberosTicket.class); if (tickets.isEmpty()) throw new Exception(); KerberosTicket ticket = tickets.iterator().next(); InetAddress[] addresses = ticket.getClientAddresses(); switch (args[0]) { case "1": if (addresses == null || addresses.length == 0) { throw new Exception("No addresses"); } if (ticket.getServer().getNameType() != KerberosPrincipal.KRB_NT_SRV_INST) { throw new Exception( "Wrong type: " + ticket.getServer().getNameType()); } break; default: if (addresses != null && addresses.length != 0) { throw new Exception("See addresses"); } break; } }
Example 15
Source File: KdcPolicy.java From openjdk-jdk8u with GNU General Public License v2.0 | 4 votes |
/** * Writes a krb5.conf file. * @param max max_retries, -1 if not set * @param to kdc_timeout, -1 if not set * @param ports where KDCs listen on */ static void writeConf(int max, int to, int... ports) throws Exception { // content of krb5.conf String conf = ""; // Extra settings in [libdefaults] String inDefaults = ""; // Extra settings in [realms] String inRealm = ""; // We will randomly put extra settings only in [libdefaults], // or in [realms] but with different values in [libdefaults], // to prove that settings in [realms] override those in [libdefaults]. Random r = new Random(); if (max > 0) { if (r.nextBoolean()) { inDefaults += "max_retries = " + max + "\n"; } else { inRealm += " max_retries = " + max + "\n"; inDefaults += "max_retries = " + (max + 1) + "\n"; } } if (to > 0) { if (r.nextBoolean()) { inDefaults += "kdc_timeout = " + to + "\n"; } else { inRealm += " kdc_timeout = " + to + "\n"; inDefaults += "kdc_timeout = " + (to + 1) + "\n"; } } if (udp) { if (r.nextBoolean()) { inDefaults += "udp_preference_limit = 10000\n"; } else if (r.nextBoolean()) { inRealm += " udp_preference_limit = 10000\n"; inDefaults += "udp_preference_limit = 1\n"; } // else no settings means UDP } else { if (r.nextBoolean()) { inDefaults += "udp_preference_limit = 1\n"; } else { inRealm += " udp_preference_limit = 1\n"; inDefaults += "udp_preference_limit = 10000\n"; } } conf = "[libdefaults]\n" + "default_realm = " + OneKDC.REALM + "\n" + inDefaults + "\n" + "[realms]\n" + OneKDC.REALM + " = {\n"; for (int port : ports) { conf += " kdc = " + OneKDC.KDCHOST + ":" + port + "\n" + inRealm; } conf += "}\n"; Files.write(Paths.get("alternative-krb5.conf"), conf.getBytes()); Config.refresh(); }
Example 16
Source File: OkAsDelegateXRealm.java From TencentKona-8 with GNU General Public License v2.0 | 4 votes |
/** * @param args boolean if the program should succeed */ public static void main(String[] args) throws Exception { // Create and start the KDCs. Here we have 3 realms: R1, R2 and R3. // R1 is trusted by R2, and R2 trusted by R3. KDC kdc1 = KDC.create("R1"); kdc1.setOption(KDC.Option.OK_AS_DELEGATE, System.getProperty("test.kdc.policy.ok-as-delegate")); kdc1.addPrincipal("dummy", "bogus".toCharArray()); kdc1.addPrincipalRandKey("krbtgt/R1"); kdc1.addPrincipal("krbtgt/R2@R1", "r1->r2".toCharArray()); KDC kdc2 = KDC.create("R2"); kdc2.setOption(KDC.Option.OK_AS_DELEGATE, System.getProperty("test.kdc.policy.ok-as-delegate")); kdc2.addPrincipalRandKey("krbtgt/R2"); kdc2.addPrincipal("krbtgt/R2@R1", "r1->r2".toCharArray()); kdc2.addPrincipal("krbtgt/R3@R2", "r2->r3".toCharArray()); KDC kdc3 = KDC.create("R3"); kdc3.setOption(KDC.Option.OK_AS_DELEGATE, System.getProperty("test.kdc.policy.ok-as-delegate")); kdc3.addPrincipalRandKey("krbtgt/R3"); kdc3.addPrincipal("krbtgt/R3@R2", "r2->r3".toCharArray()); kdc3.addPrincipalRandKey("host/host.r3.local"); KDC.saveConfig("krb5-localkdc.conf", kdc1, kdc2, kdc3, "forwardable=true", "[capaths]", "R1 = {", " R2 = .", " R3 = R2", "}", "[domain_realm]", ".r3.local=R3" ); System.setProperty("java.security.krb5.conf", "krb5-localkdc.conf"); kdc3.writeKtab("localkdc.ktab"); FileOutputStream fos = new FileOutputStream("jaas-localkdc.conf"); // Defines the client and server on R1 and R3 respectively. fos.write(("com.sun.security.jgss.krb5.initiate {\n" + " com.sun.security.auth.module.Krb5LoginModule\n" + " required\n" + " principal=dummy\n" + " doNotPrompt=false\n" + " useTicketCache=false\n" + " ;\n};\n" + "com.sun.security.jgss.krb5.accept {\n" + " com.sun.security.auth.module.Krb5LoginModule required\n" + " principal=\"host/host.r3.local@R3\"\n" + " useKeyTab=true\n" + " keyTab=localkdc.ktab\n" + " isInitiator=false\n" + " storeKey=true;\n};\n" + "\n").getBytes()); fos.close(); Security.setProperty("auth.login.defaultCallbackHandler", "OkAsDelegateXRealm"); System.setProperty("java.security.auth.login.config", "jaas-localkdc.conf"); Config.refresh(); Context c = Context.fromJAAS("com.sun.security.jgss.krb5.initiate"); Context s = Context.fromJAAS("com.sun.security.jgss.krb5.accept"); // Test twice. The frist time the whole cross realm process is tried, // the second time the cached service ticket is used. This is to make sure // the behaviors are the same, especailly for the case when one of the // cross-realm TGTs does not have OK-AS-DELEGATE on. for (int i=0; i<2; i++) { c.startAsClient("host@host.r3.local", GSSUtil.GSS_KRB5_MECH_OID); s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID); c.x().requestDelegPolicy(true); Context.handshake(c, s); boolean succeed = true; try { s.x().getDelegCred(); } catch (GSSException gsse) { succeed = false; } if (succeed != Boolean.parseBoolean(args[0])) { throw new Exception("Test fail at round #" + i); } } }
Example 17
Source File: OkAsDelegate.java From dragonwell8_jdk with GNU General Public License v2.0 | 4 votes |
void go( boolean forwardable, boolean requestDelegState, boolean requestDelegPolicyState, boolean delegState, boolean delegPolicyState, boolean delegated ) throws Exception { OneKDC kdc = new OneKDC(null); kdc.setOption(KDC.Option.OK_AS_DELEGATE, System.getProperty("test.kdc.policy.ok-as-delegate")); kdc.writeJAASConf(); if (!forwardable) { // The default OneKDC always includes "forwardable = true" // in krb5.conf, override it. KDC.saveConfig(OneKDC.KRB5_CONF, kdc, "default_keytab_name = " + OneKDC.KTAB); Config.refresh(); } Context c, s; c = Context.fromJAAS("client"); s = Context.fromJAAS("com.sun.security.jgss.krb5.accept"); Oid mech = GSSUtil.GSS_KRB5_MECH_OID; if (System.getProperty("test.spnego") != null) { mech = GSSUtil.GSS_SPNEGO_MECH_OID; } c.startAsClient(OneKDC.SERVER, mech); ExtendedGSSContext cx = (ExtendedGSSContext)c.x(); cx.requestCredDeleg(requestDelegState); cx.requestDelegPolicy(requestDelegPolicyState); s.startAsServer(mech); ExtendedGSSContext sx = (ExtendedGSSContext)s.x(); Context.handshake(c, s); if (cx.getCredDelegState() != delegState) { throw new Exception("Initiator cred state error"); } if (sx.getCredDelegState() != delegState) { throw new Exception("Acceptor cred state error"); } if (cx.getDelegPolicyState() != delegPolicyState) { throw new Exception("Initiator cred policy state error"); } GSSCredential cred = null; try { cred = s.x().getDelegCred(); } catch (GSSException e) { // leave cred as null } if (delegated != (cred != null)) { throw new Exception("get cred error"); } }
Example 18
Source File: TwoPrinces.java From jdk8u-dev-jdk with GNU General Public License v2.0 | 4 votes |
public static void main(String[] args) throws Exception { KDC k1 = KDC.create("R1"); k1.addPrincipal("u1", "hello".toCharArray()); k1.addPrincipalRandKey("krbtgt/R1"); k1.addPrincipalRandKey("host/same.host"); KDC k2 = KDC.create("R2"); k2.addPrincipal("u2", "hello".toCharArray()); k2.addPrincipalRandKey("krbtgt/R2"); k2.addPrincipalRandKey("host/same.host"); System.setProperty("java.security.krb5.conf", "krb5.conf"); // R1 is the default realm now KDC.saveConfig("krb5.conf", k1, k2); Config.refresh(); k1.writeKtab("ktab1"); k2.writeKtab("ktab2"); // A JAAS config file with 2 Krb5LoginModules, after commit, the // subject with have principals and keytabs from both sides System.setProperty("java.security.auth.login.config", "jaas.conf"); File f = new File("jaas.conf"); FileOutputStream fos = new FileOutputStream(f); fos.write(( "me {\n" + " com.sun.security.auth.module.Krb5LoginModule required" + " isInitiator=true principal=\"host/same.host@R1\"" + " useKeyTab=true keyTab=ktab1 storeKey=true;\n" + " com.sun.security.auth.module.Krb5LoginModule required" + " isInitiator=true principal=\"host/same.host@R2\"" + " useKeyTab=true keyTab=ktab2 storeKey=true;\n" + "};\n" ).getBytes()); fos.close(); /* * This server side context will be able to act as services in both * realms. Please note that we still don't support a single instance * of server to accept connections from two realms at the same time. * Therefore, we must call startAsServer in a given realm to start * working there. The same Subject never changes anyway. */ Context s = Context.fromJAAS("me"); // Default realm still R1 s.startAsServer("host@same.host", GSSUtil.GSS_KRB5_MECH_OID); Context c1 = Context.fromUserPass("u1", "hello".toCharArray(), false); c1.startAsClient("host@same.host", GSSUtil.GSS_KRB5_MECH_OID); Context.handshake(c1, s); KDC.saveConfig("krb5.conf", k2, k1); Config.refresh(); // Default realm now R2 s.startAsServer("host@same.host", GSSUtil.GSS_KRB5_MECH_OID); Context c2 = Context.fromUserPass("u2", "hello".toCharArray(), false); c2.startAsClient("host@same.host", GSSUtil.GSS_KRB5_MECH_OID); Context.handshake(c2, s); }
Example 19
Source File: NoAddresses.java From jdk8u_jdk with GNU General Public License v2.0 | 4 votes |
public static void main(String[] args) throws Exception { OneKDC kdc = new OneKDC(null); kdc.writeJAASConf(); KDC.saveConfig(OneKDC.KRB5_CONF, kdc, "noaddresses = false", "default_keytab_name = " + OneKDC.KTAB); Config.refresh(); Context c = Context.fromJAAS("client"); Context s = Context.fromJAAS("server"); c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID); s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID); InetAddress initiator = InetAddress.getLocalHost(); InetAddress acceptor = InetAddress.getLocalHost(); switch (args[0]) { case "1": // no initiator host address available, should be OK break; case "2": // correct initiator host address, still fine c.x().setChannelBinding( new ChannelBinding(initiator, acceptor, null)); s.x().setChannelBinding( new ChannelBinding(initiator, acceptor, null)); break; case "3": // incorrect initiator host address, fail initiator = InetAddress.getByAddress(new byte[]{1,1,1,1}); c.x().setChannelBinding( new ChannelBinding(initiator, acceptor, null)); s.x().setChannelBinding( new ChannelBinding(initiator, acceptor, null)); break; } Context.handshake(c, s); }
Example 20
Source File: NoAddresses.java From openjdk-8-source with GNU General Public License v2.0 | 4 votes |
public static void main(String[] args) throws Exception { OneKDC kdc = new OneKDC(null); kdc.writeJAASConf(); KDC.saveConfig(OneKDC.KRB5_CONF, kdc, "noaddresses = false", "default_keytab_name = " + OneKDC.KTAB); Config.refresh(); Context c = Context.fromJAAS("client"); Context s = Context.fromJAAS("server"); c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID); s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID); InetAddress initiator = InetAddress.getLocalHost(); InetAddress acceptor = InetAddress.getLocalHost(); switch (args[0]) { case "1": // no initiator host address available, should be OK break; case "2": // correct initiator host address, still fine c.x().setChannelBinding( new ChannelBinding(initiator, acceptor, null)); s.x().setChannelBinding( new ChannelBinding(initiator, acceptor, null)); break; case "3": // incorrect initiator host address, fail initiator = InetAddress.getByAddress(new byte[]{1,1,1,1}); c.x().setChannelBinding( new ChannelBinding(initiator, acceptor, null)); s.x().setChannelBinding( new ChannelBinding(initiator, acceptor, null)); break; } Context.handshake(c, s); }