javax.security.auth.RefreshFailedException Java Examples
The following examples show how to use
javax.security.auth.RefreshFailedException.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: KerberosTixDateTest.java From openjdk-jdk8u with GNU General Public License v2.0 | 6 votes |
|
private static void testDestroy(KerberosTicket t) throws Exception {
t.destroy();
if (!t.isDestroyed()) {
throw new RuntimeException("ticket should have been destroyed");
}
// Although these methods are meaningless, they can be called
for (Method m: KerberosTicket.class.getDeclaredMethods()) {
if (Modifier.isPublic(m.getModifiers())
&& m.getParameterCount() == 0) {
System.out.println("Testing " + m.getName() + "...");
try {
m.invoke(t);
} catch (InvocationTargetException e) {
Throwable cause = e.getCause();
if (cause instanceof RefreshFailedException ||
cause instanceof IllegalStateException) {
// this is OK
} else {
throw e;
}
}
}
}
System.out.println("Destroy Test Passed");
}
Example #2
| Source File: KerberosTixDateTest.java From openjdk-jdk9 with GNU General Public License v2.0 | 6 votes |
|
private static void testDestroy(KerberosTicket t) throws Exception {
t.destroy();
if (!t.isDestroyed()) {
throw new RuntimeException("ticket should have been destroyed");
}
// Although these methods are meaningless, they can be called
for (Method m: KerberosTicket.class.getDeclaredMethods()) {
if (Modifier.isPublic(m.getModifiers())
&& m.getParameterCount() == 0) {
System.out.println("Testing " + m.getName() + "...");
try {
m.invoke(t);
} catch (InvocationTargetException e) {
Throwable cause = e.getCause();
if (cause instanceof RefreshFailedException ||
cause instanceof IllegalStateException) {
// this is OK
} else {
throw e;
}
}
}
}
System.out.println("Destroy Test Passed");
}
Example #3
| Source File: KrbTicket.java From jdk8u-jdk with GNU General Public License v2.0 | 6 votes |
|
public static void main(String[] args) throws Exception {
// define principals
Map<String, String> principals = new HashMap<>();
principals.put(USER_PRINCIPAL, PASSWORD);
principals.put(KRBTGT_PRINCIPAL, null);
System.setProperty("java.security.krb5.conf", KRB5_CONF_FILENAME);
// start a local KDC instance
KDC kdc = KDC.startKDC(HOST, null, REALM, principals, null, null);
KDC.saveConfig(KRB5_CONF_FILENAME, kdc,
"forwardable = true", "proxiable = true");
// create JAAS config
Files.write(Paths.get(JAAS_CONF), Arrays.asList(
"Client {",
" com.sun.security.auth.module.Krb5LoginModule required;",
"};"
));
System.setProperty("java.security.auth.login.config", JAAS_CONF);
System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
long startTime = Instant.now().getEpochSecond() * 1000;
LoginContext lc = new LoginContext("Client",
new Helper.UserPasswordHandler(USER, PASSWORD));
lc.login();
Subject subject = lc.getSubject();
System.out.println("subject: " + subject);
Set creds = subject.getPrivateCredentials(
KerberosTicket.class);
if (creds.size() > 1) {
throw new RuntimeException("Multiple credintials found");
}
Object o = creds.iterator().next();
if (!(o instanceof KerberosTicket)) {
throw new RuntimeException("Instance of KerberosTicket expected");
}
KerberosTicket krbTkt = (KerberosTicket) o;
System.out.println("forwardable = " + krbTkt.isForwardable());
System.out.println("proxiable = " + krbTkt.isProxiable());
System.out.println("renewable = " + krbTkt.isRenewable());
System.out.println("current = " + krbTkt.isCurrent());
if (!krbTkt.isForwardable()) {
throw new RuntimeException("Forwardable ticket expected");
}
if (!krbTkt.isProxiable()) {
throw new RuntimeException("Proxiable ticket expected");
}
if (!krbTkt.isCurrent()) {
throw new RuntimeException("Ticket is not current");
}
if (krbTkt.isRenewable()) {
throw new RuntimeException("Not renewable ticket expected");
}
try {
krbTkt.refresh();
throw new RuntimeException(
"Expected RefreshFailedException not thrown");
} catch(RefreshFailedException e) {
System.out.println("Expected exception: " + e);
}
if (!checkTime(krbTkt, startTime)) {
throw new RuntimeException("Wrong ticket life time");
}
krbTkt.destroy();
if (!krbTkt.isDestroyed()) {
throw new RuntimeException("Ticket not destroyed");
}
System.out.println("Test passed");
}
Example #4
| Source File: KerberosTixDateTest.java From jdk8u-jdk with GNU General Public License v2.0 | 6 votes |
|
private static void testDestroy(KerberosTicket t) throws Exception {
t.destroy();
if (!t.isDestroyed()) {
throw new RuntimeException("ticket should have been destroyed");
}
// Although these methods are meaningless, they can be called
for (Method m: KerberosTicket.class.getDeclaredMethods()) {
if (Modifier.isPublic(m.getModifiers())
&& m.getParameterCount() == 0) {
System.out.println("Testing " + m.getName() + "...");
try {
m.invoke(t);
} catch (InvocationTargetException e) {
Throwable cause = e.getCause();
if (cause instanceof RefreshFailedException ||
cause instanceof IllegalStateException) {
// this is OK
} else {
throw e;
}
}
}
}
System.out.println("Destroy Test Passed");
}
Example #5
| Source File: KerberosTixDateTest.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 6 votes |
|
private static void testDestroy(KerberosTicket t) throws Exception {
t.destroy();
if (!t.isDestroyed()) {
throw new RuntimeException("ticket should have been destroyed");
}
// Although these methods are meaningless, they can be called
for (Method m: KerberosTicket.class.getDeclaredMethods()) {
if (Modifier.isPublic(m.getModifiers())
&& m.getParameterCount() == 0) {
System.out.println("Testing " + m.getName() + "...");
try {
m.invoke(t);
} catch (InvocationTargetException e) {
Throwable cause = e.getCause();
if (cause instanceof RefreshFailedException ||
cause instanceof IllegalStateException) {
// this is OK
} else {
throw e;
}
}
}
}
System.out.println("Destroy Test Passed");
}
Example #6
| Source File: KrbTicket.java From jdk8u_jdk with GNU General Public License v2.0 | 6 votes |
|
public static void main(String[] args) throws Exception {
// define principals
Map<String, String> principals = new HashMap<>();
principals.put(USER_PRINCIPAL, PASSWORD);
principals.put(KRBTGT_PRINCIPAL, null);
System.setProperty("java.security.krb5.conf", KRB5_CONF_FILENAME);
// start a local KDC instance
KDC kdc = KDC.startKDC(HOST, null, REALM, principals, null, null);
KDC.saveConfig(KRB5_CONF_FILENAME, kdc,
"forwardable = true", "proxiable = true");
// create JAAS config
Files.write(Paths.get(JAAS_CONF), Arrays.asList(
"Client {",
" com.sun.security.auth.module.Krb5LoginModule required;",
"};"
));
System.setProperty("java.security.auth.login.config", JAAS_CONF);
System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
long startTime = Instant.now().getEpochSecond() * 1000;
LoginContext lc = new LoginContext("Client",
new Helper.UserPasswordHandler(USER, PASSWORD));
lc.login();
Subject subject = lc.getSubject();
System.out.println("subject: " + subject);
Set creds = subject.getPrivateCredentials(
KerberosTicket.class);
if (creds.size() > 1) {
throw new RuntimeException("Multiple credintials found");
}
Object o = creds.iterator().next();
if (!(o instanceof KerberosTicket)) {
throw new RuntimeException("Instance of KerberosTicket expected");
}
KerberosTicket krbTkt = (KerberosTicket) o;
System.out.println("forwardable = " + krbTkt.isForwardable());
System.out.println("proxiable = " + krbTkt.isProxiable());
System.out.println("renewable = " + krbTkt.isRenewable());
System.out.println("current = " + krbTkt.isCurrent());
if (!krbTkt.isForwardable()) {
throw new RuntimeException("Forwardable ticket expected");
}
if (!krbTkt.isProxiable()) {
throw new RuntimeException("Proxiable ticket expected");
}
if (!krbTkt.isCurrent()) {
throw new RuntimeException("Ticket is not current");
}
if (krbTkt.isRenewable()) {
throw new RuntimeException("Not renewable ticket expected");
}
try {
krbTkt.refresh();
throw new RuntimeException(
"Expected RefreshFailedException not thrown");
} catch(RefreshFailedException e) {
System.out.println("Expected exception: " + e);
}
if (!checkTime(krbTkt, startTime)) {
throw new RuntimeException("Wrong ticket life time");
}
krbTkt.destroy();
if (!krbTkt.isDestroyed()) {
throw new RuntimeException("Ticket not destroyed");
}
System.out.println("Test passed");
}
Example #7
| Source File: KerberosTixDateTest.java From jdk8u_jdk with GNU General Public License v2.0 | 6 votes |
|
private static void testDestroy(KerberosTicket t) throws Exception {
t.destroy();
if (!t.isDestroyed()) {
throw new RuntimeException("ticket should have been destroyed");
}
// Although these methods are meaningless, they can be called
for (Method m: KerberosTicket.class.getDeclaredMethods()) {
if (Modifier.isPublic(m.getModifiers())
&& m.getParameterCount() == 0) {
System.out.println("Testing " + m.getName() + "...");
try {
m.invoke(t);
} catch (InvocationTargetException e) {
Throwable cause = e.getCause();
if (cause instanceof RefreshFailedException ||
cause instanceof IllegalStateException) {
// this is OK
} else {
throw e;
}
}
}
}
System.out.println("Destroy Test Passed");
}
Example #8
| Source File: AutoTGT.java From jstorm with Apache License 2.0 | 6 votes |
|
@Override
public void renew(Map<String, String> credentials, Map topologyConf) {
KerberosTicket tgt = getTGT(credentials);
if (tgt != null) {
long refreshTime = getRefreshTime(tgt);
long now = System.currentTimeMillis();
if (now >= refreshTime) {
try {
LOG.info("Renewing TGT for " + tgt.getClient());
tgt.refresh();
saveTGT(tgt, credentials);
} catch (RefreshFailedException e) {
LOG.warn("Failed to refresh TGT", e);
}
}
}
}
Example #9
| Source File: KerberosTixDateTest.java From dragonwell8_jdk with GNU General Public License v2.0 | 6 votes |
|
private static void testDestroy(KerberosTicket t) throws Exception {
t.destroy();
if (!t.isDestroyed()) {
throw new RuntimeException("ticket should have been destroyed");
}
// Although these methods are meaningless, they can be called
for (Method m: KerberosTicket.class.getDeclaredMethods()) {
if (Modifier.isPublic(m.getModifiers())
&& m.getParameterCount() == 0) {
System.out.println("Testing " + m.getName() + "...");
try {
m.invoke(t);
} catch (InvocationTargetException e) {
Throwable cause = e.getCause();
if (cause instanceof RefreshFailedException ||
cause instanceof IllegalStateException) {
// this is OK
} else {
throw e;
}
}
}
}
System.out.println("Destroy Test Passed");
}
Example #10
| Source File: KerberosTixDateTest.java From TencentKona-8 with GNU General Public License v2.0 | 6 votes |
|
private static void testDestroy(KerberosTicket t) throws Exception {
t.destroy();
if (!t.isDestroyed()) {
throw new RuntimeException("ticket should have been destroyed");
}
// Although these methods are meaningless, they can be called
for (Method m: KerberosTicket.class.getDeclaredMethods()) {
if (Modifier.isPublic(m.getModifiers())
&& m.getParameterCount() == 0) {
System.out.println("Testing " + m.getName() + "...");
try {
m.invoke(t);
} catch (InvocationTargetException e) {
Throwable cause = e.getCause();
if (cause instanceof RefreshFailedException ||
cause instanceof IllegalStateException) {
// this is OK
} else {
throw e;
}
}
}
}
System.out.println("Destroy Test Passed");
}
Example #11
| Source File: WatchesModel.java From netbeans with Apache License 2.0 | 5 votes |
|
/** Does wait for the value to be evaluated. */
public void refresh() throws RefreshFailedException {
synchronized (evaluating) {
if (evaluating[0]) {
try {
evaluating.wait();
} catch (InterruptedException iex) {
throw new RefreshFailedException(iex.getLocalizedMessage());
}
}
}
}
Example #12
| Source File: VariablesTreeModelFilter.java From netbeans with Apache License 2.0 | 5 votes |
|
private static void waitToEvaluate(Object o) {
if (o instanceof Refreshable) {
// waits for the evaluation, the retrieval must already be initiated
try {
((Refreshable) o).refresh();
} catch (RefreshFailedException exc) {
// Thrown when interrupted
Thread.currentThread().interrupt();
}
}
loadAllTypes(o); // Initialize all types, implemented interfaces and super classes
}
Example #13
| Source File: LocalsTreeModel.java From netbeans with Apache License 2.0 | 5 votes |
|
public boolean isLeaf (final Object o) throws UnknownTypeException {
if (o.equals (ROOT))
return false;
if (o instanceof AbstractVariable) {
if (o instanceof FieldVariable) {
return true;
}
if (o instanceof Refreshable && !((Refreshable) o).isCurrent()) {
debugger.getRequestProcessor().post(new Runnable() {
public void run() {
try {
((Refreshable) o).refresh();
} catch (RefreshFailedException ex) {
return ;
}
if (!(((AbstractVariable) o).getInnerValue () instanceof ObjectReference)) {
fireNodeChildrenChanged(o);
}
}
});
return false;
}
return !(((AbstractVariable) o).getInnerValue () instanceof ObjectReference);
}
if (o.toString().startsWith("SubArray")) {
return false;
}
if (o.equals ("NoInfo")) // NOI18N
return true;
if (o instanceof JPDAClassType) return false;
if (o instanceof Operation) return false;
if (o == "lastOperations") return false;
if (o == NO_DEBUG_INFO) return true;
if (o instanceof String && ((String) o).startsWith("operationArguments")) { // NOI18N
return false;
}
throw new UnknownTypeException (o);
}
Example #14
| Source File: ObjectFieldVariable.java From netbeans with Apache License 2.0 | 5 votes |
|
/** Does wait for the value to be evaluated. */
@Override
public void refresh() throws RefreshFailedException {
if (valueSet) return ;
synchronized (valueLock) {
if (!valueRetrieved) {
getInnerValue();
}
}
}
Example #15
| Source File: FieldVariable.java From netbeans with Apache License 2.0 | 5 votes |
|
/** Does wait for the value to be evaluated. */
@Override
public void refresh() throws RefreshFailedException {
if (valueSet) return ;
synchronized (valueLock) {
if (!valueRetrieved) {
getInnerValue();
}
}
}
Example #16
| Source File: KerberosTicket.java From openjdk-8 with GNU General Public License v2.0 | 4 votes |
|
/**
* Extends the validity period of this ticket. The ticket will contain
* a new session key if the refresh operation succeeds. The refresh
* operation will fail if the ticket is not renewable or the latest
* allowable renew time has passed. Any other error returned by the
* KDC will also cause this method to fail.
*
* Note: This method is not synchronized with the the accessor
* methods of this object. Hence callers need to be aware of multiple
* threads that might access this and try to renew it at the same
* time.
*
* @throws RefreshFailedException if the ticket is not renewable, or
* the latest allowable renew time has passed, or the KDC returns some
* error.
*
* @see #isRenewable()
* @see #getRenewTill()
*/
public void refresh() throws RefreshFailedException {
if (destroyed)
throw new RefreshFailedException("A destroyed ticket "
+ "cannot be renewd.");
if (!isRenewable())
throw new RefreshFailedException("This ticket is not renewable");
if (System.currentTimeMillis() > getRenewTill().getTime())
throw new RefreshFailedException("This ticket is past "
+ "its last renewal time.");
Throwable e = null;
sun.security.krb5.Credentials krb5Creds = null;
try {
krb5Creds = new sun.security.krb5.Credentials(asn1Encoding,
client.toString(),
server.toString(),
sessionKey.getEncoded(),
sessionKey.getKeyType(),
flags,
authTime,
startTime,
endTime,
renewTill,
clientAddresses);
krb5Creds = krb5Creds.renew();
} catch (sun.security.krb5.KrbException krbException) {
e = krbException;
} catch (java.io.IOException ioException) {
e = ioException;
}
if (e != null) {
RefreshFailedException rfException
= new RefreshFailedException("Failed to renew Kerberos Ticket "
+ "for client " + client
+ " and server " + server
+ " - " + e.getMessage());
rfException.initCause(e);
throw rfException;
}
/*
* In case multiple threads try to refresh it at the same time.
*/
synchronized (this) {
try {
this.destroy();
} catch (DestroyFailedException dfException) {
// Squelch it since we don't care about the old ticket.
}
init(krb5Creds.getEncoded(),
new KerberosPrincipal(krb5Creds.getClient().getName()),
new KerberosPrincipal(krb5Creds.getServer().getName(),
KerberosPrincipal.KRB_NT_SRV_INST),
krb5Creds.getSessionKey().getBytes(),
krb5Creds.getSessionKey().getEType(),
krb5Creds.getFlags(),
krb5Creds.getAuthTime(),
krb5Creds.getStartTime(),
krb5Creds.getEndTime(),
krb5Creds.getRenewTill(),
krb5Creds.getClientAddresses());
destroyed = false;
}
}
Example #17
| Source File: KerberosTicket.java From openjdk-8-source with GNU General Public License v2.0 | 4 votes |
|
/**
* Extends the validity period of this ticket. The ticket will contain
* a new session key if the refresh operation succeeds. The refresh
* operation will fail if the ticket is not renewable or the latest
* allowable renew time has passed. Any other error returned by the
* KDC will also cause this method to fail.
*
* Note: This method is not synchronized with the the accessor
* methods of this object. Hence callers need to be aware of multiple
* threads that might access this and try to renew it at the same
* time.
*
* @throws RefreshFailedException if the ticket is not renewable, or
* the latest allowable renew time has passed, or the KDC returns some
* error.
*
* @see #isRenewable()
* @see #getRenewTill()
*/
public void refresh() throws RefreshFailedException {
if (destroyed)
throw new RefreshFailedException("A destroyed ticket "
+ "cannot be renewd.");
if (!isRenewable())
throw new RefreshFailedException("This ticket is not renewable");
if (System.currentTimeMillis() > getRenewTill().getTime())
throw new RefreshFailedException("This ticket is past "
+ "its last renewal time.");
Throwable e = null;
sun.security.krb5.Credentials krb5Creds = null;
try {
krb5Creds = new sun.security.krb5.Credentials(asn1Encoding,
client.toString(),
server.toString(),
sessionKey.getEncoded(),
sessionKey.getKeyType(),
flags,
authTime,
startTime,
endTime,
renewTill,
clientAddresses);
krb5Creds = krb5Creds.renew();
} catch (sun.security.krb5.KrbException krbException) {
e = krbException;
} catch (java.io.IOException ioException) {
e = ioException;
}
if (e != null) {
RefreshFailedException rfException
= new RefreshFailedException("Failed to renew Kerberos Ticket "
+ "for client " + client
+ " and server " + server
+ " - " + e.getMessage());
rfException.initCause(e);
throw rfException;
}
/*
* In case multiple threads try to refresh it at the same time.
*/
synchronized (this) {
try {
this.destroy();
} catch (DestroyFailedException dfException) {
// Squelch it since we don't care about the old ticket.
}
init(krb5Creds.getEncoded(),
new KerberosPrincipal(krb5Creds.getClient().getName()),
new KerberosPrincipal(krb5Creds.getServer().getName(),
KerberosPrincipal.KRB_NT_SRV_INST),
krb5Creds.getSessionKey().getBytes(),
krb5Creds.getSessionKey().getEType(),
krb5Creds.getFlags(),
krb5Creds.getAuthTime(),
krb5Creds.getStartTime(),
krb5Creds.getEndTime(),
krb5Creds.getRenewTill(),
krb5Creds.getClientAddresses());
destroyed = false;
}
}
Example #18
| Source File: KrbTicket.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 4 votes |
|
public static void main(String[] args) throws Exception {
// define principals
Map<String, String> principals = new HashMap<>();
principals.put(USER_PRINCIPAL, PASSWORD);
principals.put(KRBTGT_PRINCIPAL, null);
System.setProperty("java.security.krb5.conf", KRB5_CONF_FILENAME);
// start a local KDC instance
KDC kdc = KDC.startKDC(HOST, null, REALM, principals, null, null);
KDC.saveConfig(KRB5_CONF_FILENAME, kdc,
"forwardable = true", "proxiable = true");
// create JAAS config
Files.write(Paths.get(JAAS_CONF), Arrays.asList(
"Client {",
" com.sun.security.auth.module.Krb5LoginModule required;",
"};"
));
System.setProperty("java.security.auth.login.config", JAAS_CONF);
System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
long startTime = Instant.now().getEpochSecond() * 1000;
LoginContext lc = new LoginContext("Client",
new Helper.UserPasswordHandler(USER, PASSWORD));
lc.login();
Subject subject = lc.getSubject();
System.out.println("subject: " + subject);
Set creds = subject.getPrivateCredentials(
KerberosTicket.class);
if (creds.size() > 1) {
throw new RuntimeException("Multiple credintials found");
}
Object o = creds.iterator().next();
if (!(o instanceof KerberosTicket)) {
throw new RuntimeException("Instance of KerberosTicket expected");
}
KerberosTicket krbTkt = (KerberosTicket) o;
System.out.println("forwardable = " + krbTkt.isForwardable());
System.out.println("proxiable = " + krbTkt.isProxiable());
System.out.println("renewable = " + krbTkt.isRenewable());
System.out.println("current = " + krbTkt.isCurrent());
if (!krbTkt.isForwardable()) {
throw new RuntimeException("Forwardable ticket expected");
}
if (!krbTkt.isProxiable()) {
throw new RuntimeException("Proxiable ticket expected");
}
if (!krbTkt.isCurrent()) {
throw new RuntimeException("Ticket is not current");
}
if (krbTkt.isRenewable()) {
throw new RuntimeException("Not renewable ticket expected");
}
try {
krbTkt.refresh();
throw new RuntimeException(
"Expected RefreshFailedException not thrown");
} catch(RefreshFailedException e) {
System.out.println("Expected exception: " + e);
}
if (!checkTime(krbTkt, startTime)) {
throw new RuntimeException("Wrong ticket life time");
}
krbTkt.destroy();
if (!krbTkt.isDestroyed()) {
throw new RuntimeException("Ticket not destroyed");
}
System.out.println("Test passed");
}
Example #19
| Source File: KerberosTicket.java From hottub with GNU General Public License v2.0 | 4 votes |
|
/**
* Extends the validity period of this ticket. The ticket will contain
* a new session key if the refresh operation succeeds. The refresh
* operation will fail if the ticket is not renewable or the latest
* allowable renew time has passed. Any other error returned by the
* KDC will also cause this method to fail.
*
* Note: This method is not synchronized with the the accessor
* methods of this object. Hence callers need to be aware of multiple
* threads that might access this and try to renew it at the same
* time.
*
* @throws RefreshFailedException if the ticket is not renewable, or
* the latest allowable renew time has passed, or the KDC returns some
* error.
*
* @see #isRenewable()
* @see #getRenewTill()
*/
public void refresh() throws RefreshFailedException {
if (destroyed)
throw new RefreshFailedException("A destroyed ticket "
+ "cannot be renewd.");
if (!isRenewable())
throw new RefreshFailedException("This ticket is not renewable");
if (System.currentTimeMillis() > getRenewTill().getTime())
throw new RefreshFailedException("This ticket is past "
+ "its last renewal time.");
Throwable e = null;
sun.security.krb5.Credentials krb5Creds = null;
try {
krb5Creds = new sun.security.krb5.Credentials(asn1Encoding,
client.toString(),
server.toString(),
sessionKey.getEncoded(),
sessionKey.getKeyType(),
flags,
authTime,
startTime,
endTime,
renewTill,
clientAddresses);
krb5Creds = krb5Creds.renew();
} catch (sun.security.krb5.KrbException krbException) {
e = krbException;
} catch (java.io.IOException ioException) {
e = ioException;
}
if (e != null) {
RefreshFailedException rfException
= new RefreshFailedException("Failed to renew Kerberos Ticket "
+ "for client " + client
+ " and server " + server
+ " - " + e.getMessage());
rfException.initCause(e);
throw rfException;
}
/*
* In case multiple threads try to refresh it at the same time.
*/
synchronized (this) {
try {
this.destroy();
} catch (DestroyFailedException dfException) {
// Squelch it since we don't care about the old ticket.
}
init(krb5Creds.getEncoded(),
new KerberosPrincipal(krb5Creds.getClient().getName()),
new KerberosPrincipal(krb5Creds.getServer().getName(),
KerberosPrincipal.KRB_NT_SRV_INST),
krb5Creds.getSessionKey().getBytes(),
krb5Creds.getSessionKey().getEType(),
krb5Creds.getFlags(),
krb5Creds.getAuthTime(),
krb5Creds.getStartTime(),
krb5Creds.getEndTime(),
krb5Creds.getRenewTill(),
krb5Creds.getClientAddresses());
destroyed = false;
}
}
Example #20
| Source File: KerberosTicket.java From Java8CN with Apache License 2.0 | 4 votes |
|
/**
* Extends the validity period of this ticket. The ticket will contain
* a new session key if the refresh operation succeeds. The refresh
* operation will fail if the ticket is not renewable or the latest
* allowable renew time has passed. Any other error returned by the
* KDC will also cause this method to fail.
*
* Note: This method is not synchronized with the the accessor
* methods of this object. Hence callers need to be aware of multiple
* threads that might access this and try to renew it at the same
* time.
*
* @throws RefreshFailedException if the ticket is not renewable, or
* the latest allowable renew time has passed, or the KDC returns some
* error.
*
* @see #isRenewable()
* @see #getRenewTill()
*/
public void refresh() throws RefreshFailedException {
if (destroyed)
throw new RefreshFailedException("A destroyed ticket "
+ "cannot be renewd.");
if (!isRenewable())
throw new RefreshFailedException("This ticket is not renewable");
if (System.currentTimeMillis() > getRenewTill().getTime())
throw new RefreshFailedException("This ticket is past "
+ "its last renewal time.");
Throwable e = null;
sun.security.krb5.Credentials krb5Creds = null;
try {
krb5Creds = new sun.security.krb5.Credentials(asn1Encoding,
client.toString(),
server.toString(),
sessionKey.getEncoded(),
sessionKey.getKeyType(),
flags,
authTime,
startTime,
endTime,
renewTill,
clientAddresses);
krb5Creds = krb5Creds.renew();
} catch (sun.security.krb5.KrbException krbException) {
e = krbException;
} catch (java.io.IOException ioException) {
e = ioException;
}
if (e != null) {
RefreshFailedException rfException
= new RefreshFailedException("Failed to renew Kerberos Ticket "
+ "for client " + client
+ " and server " + server
+ " - " + e.getMessage());
rfException.initCause(e);
throw rfException;
}
/*
* In case multiple threads try to refresh it at the same time.
*/
synchronized (this) {
try {
this.destroy();
} catch (DestroyFailedException dfException) {
// Squelch it since we don't care about the old ticket.
}
init(krb5Creds.getEncoded(),
new KerberosPrincipal(krb5Creds.getClient().getName()),
new KerberosPrincipal(krb5Creds.getServer().getName(),
KerberosPrincipal.KRB_NT_SRV_INST),
krb5Creds.getSessionKey().getBytes(),
krb5Creds.getSessionKey().getEType(),
krb5Creds.getFlags(),
krb5Creds.getAuthTime(),
krb5Creds.getStartTime(),
krb5Creds.getEndTime(),
krb5Creds.getRenewTill(),
krb5Creds.getClientAddresses());
destroyed = false;
}
}
Example #21
| Source File: KerberosTicket.java From jdk8u-jdk with GNU General Public License v2.0 | 4 votes |
|
/**
* Extends the validity period of this ticket. The ticket will contain
* a new session key if the refresh operation succeeds. The refresh
* operation will fail if the ticket is not renewable or the latest
* allowable renew time has passed. Any other error returned by the
* KDC will also cause this method to fail.
*
* Note: This method is not synchronized with the the accessor
* methods of this object. Hence callers need to be aware of multiple
* threads that might access this and try to renew it at the same
* time.
*
* @throws RefreshFailedException if the ticket is not renewable, or
* the latest allowable renew time has passed, or the KDC returns some
* error.
*
* @see #isRenewable()
* @see #getRenewTill()
*/
public void refresh() throws RefreshFailedException {
if (destroyed)
throw new RefreshFailedException("A destroyed ticket "
+ "cannot be renewd.");
if (!isRenewable())
throw new RefreshFailedException("This ticket is not renewable");
if (System.currentTimeMillis() > getRenewTill().getTime())
throw new RefreshFailedException("This ticket is past "
+ "its last renewal time.");
Throwable e = null;
sun.security.krb5.Credentials krb5Creds = null;
try {
krb5Creds = new sun.security.krb5.Credentials(asn1Encoding,
client.toString(),
server.toString(),
sessionKey.getEncoded(),
sessionKey.getKeyType(),
flags,
authTime,
startTime,
endTime,
renewTill,
clientAddresses);
krb5Creds = krb5Creds.renew();
} catch (sun.security.krb5.KrbException krbException) {
e = krbException;
} catch (java.io.IOException ioException) {
e = ioException;
}
if (e != null) {
RefreshFailedException rfException
= new RefreshFailedException("Failed to renew Kerberos Ticket "
+ "for client " + client
+ " and server " + server
+ " - " + e.getMessage());
rfException.initCause(e);
throw rfException;
}
/*
* In case multiple threads try to refresh it at the same time.
*/
synchronized (this) {
try {
this.destroy();
} catch (DestroyFailedException dfException) {
// Squelch it since we don't care about the old ticket.
}
init(krb5Creds.getEncoded(),
new KerberosPrincipal(krb5Creds.getClient().getName()),
new KerberosPrincipal(krb5Creds.getServer().getName(),
KerberosPrincipal.KRB_NT_SRV_INST),
krb5Creds.getSessionKey().getBytes(),
krb5Creds.getSessionKey().getEType(),
krb5Creds.getFlags(),
krb5Creds.getAuthTime(),
krb5Creds.getStartTime(),
krb5Creds.getEndTime(),
krb5Creds.getRenewTill(),
krb5Creds.getClientAddresses());
destroyed = false;
}
}
Example #22
| Source File: KerberosTicket.java From jdk8u_jdk with GNU General Public License v2.0 | 4 votes |
|
/**
* Extends the validity period of this ticket. The ticket will contain
* a new session key if the refresh operation succeeds. The refresh
* operation will fail if the ticket is not renewable or the latest
* allowable renew time has passed. Any other error returned by the
* KDC will also cause this method to fail.
*
* Note: This method is not synchronized with the the accessor
* methods of this object. Hence callers need to be aware of multiple
* threads that might access this and try to renew it at the same
* time.
*
* @throws RefreshFailedException if the ticket is not renewable, or
* the latest allowable renew time has passed, or the KDC returns some
* error.
*
* @see #isRenewable()
* @see #getRenewTill()
*/
public void refresh() throws RefreshFailedException {
if (destroyed)
throw new RefreshFailedException("A destroyed ticket "
+ "cannot be renewd.");
if (!isRenewable())
throw new RefreshFailedException("This ticket is not renewable");
if (getRenewTill() == null) {
// Renewable ticket without renew-till. Illegal and ignored.
return;
}
if (System.currentTimeMillis() > getRenewTill().getTime())
throw new RefreshFailedException("This ticket is past "
+ "its last renewal time.");
Throwable e = null;
sun.security.krb5.Credentials krb5Creds = null;
try {
krb5Creds = new sun.security.krb5.Credentials(asn1Encoding,
client.toString(),
(clientAlias != null ?
clientAlias.getName() : null),
server.toString(),
(serverAlias != null ?
serverAlias.getName() : null),
sessionKey.getEncoded(),
sessionKey.getKeyType(),
flags,
authTime,
startTime,
endTime,
renewTill,
clientAddresses);
krb5Creds = krb5Creds.renew();
} catch (sun.security.krb5.KrbException krbException) {
e = krbException;
} catch (java.io.IOException ioException) {
e = ioException;
}
if (e != null) {
RefreshFailedException rfException
= new RefreshFailedException("Failed to renew Kerberos Ticket "
+ "for client " + client
+ " and server " + server
+ " - " + e.getMessage());
rfException.initCause(e);
throw rfException;
}
/*
* In case multiple threads try to refresh it at the same time.
*/
synchronized (this) {
try {
this.destroy();
} catch (DestroyFailedException dfException) {
// Squelch it since we don't care about the old ticket.
}
init(krb5Creds.getEncoded(),
new KerberosPrincipal(krb5Creds.getClient().getName()),
new KerberosPrincipal(krb5Creds.getServer().getName(),
KerberosPrincipal.KRB_NT_SRV_INST),
krb5Creds.getSessionKey().getBytes(),
krb5Creds.getSessionKey().getEType(),
krb5Creds.getFlags(),
krb5Creds.getAuthTime(),
krb5Creds.getStartTime(),
krb5Creds.getEndTime(),
krb5Creds.getRenewTill(),
krb5Creds.getClientAddresses());
destroyed = false;
}
}
Example #23
| Source File: KerberosTicket.java From jdk8u-dev-jdk with GNU General Public License v2.0 | 4 votes |
|
/**
* Extends the validity period of this ticket. The ticket will contain
* a new session key if the refresh operation succeeds. The refresh
* operation will fail if the ticket is not renewable or the latest
* allowable renew time has passed. Any other error returned by the
* KDC will also cause this method to fail.
*
* Note: This method is not synchronized with the the accessor
* methods of this object. Hence callers need to be aware of multiple
* threads that might access this and try to renew it at the same
* time.
*
* @throws RefreshFailedException if the ticket is not renewable, or
* the latest allowable renew time has passed, or the KDC returns some
* error.
*
* @see #isRenewable()
* @see #getRenewTill()
*/
public void refresh() throws RefreshFailedException {
if (destroyed)
throw new RefreshFailedException("A destroyed ticket "
+ "cannot be renewd.");
if (!isRenewable())
throw new RefreshFailedException("This ticket is not renewable");
if (System.currentTimeMillis() > getRenewTill().getTime())
throw new RefreshFailedException("This ticket is past "
+ "its last renewal time.");
Throwable e = null;
sun.security.krb5.Credentials krb5Creds = null;
try {
krb5Creds = new sun.security.krb5.Credentials(asn1Encoding,
client.toString(),
server.toString(),
sessionKey.getEncoded(),
sessionKey.getKeyType(),
flags,
authTime,
startTime,
endTime,
renewTill,
clientAddresses);
krb5Creds = krb5Creds.renew();
} catch (sun.security.krb5.KrbException krbException) {
e = krbException;
} catch (java.io.IOException ioException) {
e = ioException;
}
if (e != null) {
RefreshFailedException rfException
= new RefreshFailedException("Failed to renew Kerberos Ticket "
+ "for client " + client
+ " and server " + server
+ " - " + e.getMessage());
rfException.initCause(e);
throw rfException;
}
/*
* In case multiple threads try to refresh it at the same time.
*/
synchronized (this) {
try {
this.destroy();
} catch (DestroyFailedException dfException) {
// Squelch it since we don't care about the old ticket.
}
init(krb5Creds.getEncoded(),
new KerberosPrincipal(krb5Creds.getClient().getName()),
new KerberosPrincipal(krb5Creds.getServer().getName(),
KerberosPrincipal.KRB_NT_SRV_INST),
krb5Creds.getSessionKey().getBytes(),
krb5Creds.getSessionKey().getEType(),
krb5Creds.getFlags(),
krb5Creds.getAuthTime(),
krb5Creds.getStartTime(),
krb5Creds.getEndTime(),
krb5Creds.getRenewTill(),
krb5Creds.getClientAddresses());
destroyed = false;
}
}
Example #24
| Source File: KerberosTicket.java From jdk8u-jdk with GNU General Public License v2.0 | 4 votes |
|
/**
* Extends the validity period of this ticket. The ticket will contain
* a new session key if the refresh operation succeeds. The refresh
* operation will fail if the ticket is not renewable or the latest
* allowable renew time has passed. Any other error returned by the
* KDC will also cause this method to fail.
*
* Note: This method is not synchronized with the the accessor
* methods of this object. Hence callers need to be aware of multiple
* threads that might access this and try to renew it at the same
* time.
*
* @throws RefreshFailedException if the ticket is not renewable, or
* the latest allowable renew time has passed, or the KDC returns some
* error.
*
* @see #isRenewable()
* @see #getRenewTill()
*/
public void refresh() throws RefreshFailedException {
if (destroyed)
throw new RefreshFailedException("A destroyed ticket "
+ "cannot be renewd.");
if (!isRenewable())
throw new RefreshFailedException("This ticket is not renewable");
if (System.currentTimeMillis() > getRenewTill().getTime())
throw new RefreshFailedException("This ticket is past "
+ "its last renewal time.");
Throwable e = null;
sun.security.krb5.Credentials krb5Creds = null;
try {
krb5Creds = new sun.security.krb5.Credentials(asn1Encoding,
client.toString(),
server.toString(),
sessionKey.getEncoded(),
sessionKey.getKeyType(),
flags,
authTime,
startTime,
endTime,
renewTill,
clientAddresses);
krb5Creds = krb5Creds.renew();
} catch (sun.security.krb5.KrbException krbException) {
e = krbException;
} catch (java.io.IOException ioException) {
e = ioException;
}
if (e != null) {
RefreshFailedException rfException
= new RefreshFailedException("Failed to renew Kerberos Ticket "
+ "for client " + client
+ " and server " + server
+ " - " + e.getMessage());
rfException.initCause(e);
throw rfException;
}
/*
* In case multiple threads try to refresh it at the same time.
*/
synchronized (this) {
try {
this.destroy();
} catch (DestroyFailedException dfException) {
// Squelch it since we don't care about the old ticket.
}
init(krb5Creds.getEncoded(),
new KerberosPrincipal(krb5Creds.getClient().getName()),
new KerberosPrincipal(krb5Creds.getServer().getName(),
KerberosPrincipal.KRB_NT_SRV_INST),
krb5Creds.getSessionKey().getBytes(),
krb5Creds.getSessionKey().getEType(),
krb5Creds.getFlags(),
krb5Creds.getAuthTime(),
krb5Creds.getStartTime(),
krb5Creds.getEndTime(),
krb5Creds.getRenewTill(),
krb5Creds.getClientAddresses());
destroyed = false;
}
}
Example #25
| Source File: KrbTicket.java From openjdk-jdk9 with GNU General Public License v2.0 | 4 votes |
|
public static void main(String[] args) throws Exception {
// define principals
Map<String, String> principals = new HashMap<>();
principals.put(USER_PRINCIPAL, PASSWORD);
principals.put(KRBTGT_PRINCIPAL, null);
System.setProperty("java.security.krb5.conf", KRB5_CONF_FILENAME);
// start a local KDC instance
KDC kdc = KDC.startKDC(HOST, null, REALM, principals, null, null);
KDC.saveConfig(KRB5_CONF_FILENAME, kdc,
"forwardable = true", "proxiable = true");
// create JAAS config
Files.write(Paths.get(JAAS_CONF), Arrays.asList(
"Client {",
" com.sun.security.auth.module.Krb5LoginModule required;",
"};"
));
System.setProperty("java.security.auth.login.config", JAAS_CONF);
System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
long startTime = Instant.now().getEpochSecond() * 1000;
LoginContext lc = new LoginContext("Client",
new Helper.UserPasswordHandler(USER, PASSWORD));
lc.login();
Subject subject = lc.getSubject();
System.out.println("subject: " + subject);
Set creds = subject.getPrivateCredentials(
KerberosTicket.class);
if (creds.size() > 1) {
throw new RuntimeException("Multiple credintials found");
}
Object o = creds.iterator().next();
if (!(o instanceof KerberosTicket)) {
throw new RuntimeException("Instance of KerberosTicket expected");
}
KerberosTicket krbTkt = (KerberosTicket) o;
System.out.println("forwardable = " + krbTkt.isForwardable());
System.out.println("proxiable = " + krbTkt.isProxiable());
System.out.println("renewable = " + krbTkt.isRenewable());
System.out.println("current = " + krbTkt.isCurrent());
if (!krbTkt.isForwardable()) {
throw new RuntimeException("Forwardable ticket expected");
}
if (!krbTkt.isProxiable()) {
throw new RuntimeException("Proxiable ticket expected");
}
if (!krbTkt.isCurrent()) {
throw new RuntimeException("Ticket is not current");
}
if (krbTkt.isRenewable()) {
throw new RuntimeException("Not renewable ticket expected");
}
try {
krbTkt.refresh();
throw new RuntimeException(
"Expected RefreshFailedException not thrown");
} catch(RefreshFailedException e) {
System.out.println("Expected exception: " + e);
}
if (!checkTime(krbTkt, startTime)) {
throw new RuntimeException("Wrong ticket life time");
}
krbTkt.destroy();
if (!krbTkt.isDestroyed()) {
throw new RuntimeException("Ticket not destroyed");
}
System.out.println("Test passed");
}
Example #26
| Source File: KerberosTicket.java From openjdk-jdk9 with GNU General Public License v2.0 | 4 votes |
|
/**
* Extends the validity period of this ticket. The ticket will contain
* a new session key if the refresh operation succeeds. The refresh
* operation will fail if the ticket is not renewable or the latest
* allowable renew time has passed. Any other error returned by the
* KDC will also cause this method to fail.
*
* Note: This method is not synchronized with the accessor
* methods of this object. Hence callers need to be aware of multiple
* threads that might access this and try to renew it at the same
* time.
*
* @throws IllegalStateException if this ticket is destroyed
* @throws RefreshFailedException if the ticket is not renewable, or
* the latest allowable renew time has passed, or the KDC returns some
* error.
*
* @see #isRenewable()
* @see #getRenewTill()
*/
public void refresh() throws RefreshFailedException {
if (destroyed) {
throw new RefreshFailedException("A destroyed ticket "
+ "cannot be renewd.");
}
if (!isRenewable()) {
throw new RefreshFailedException("This ticket is not renewable");
}
if (System.currentTimeMillis() > getRenewTill().getTime()) {
throw new RefreshFailedException("This ticket is past "
+ "its last renewal time.");
}
Throwable e = null;
sun.security.krb5.Credentials krb5Creds = null;
try {
krb5Creds = new sun.security.krb5.Credentials(asn1Encoding,
client.getName(),
server.getName(),
sessionKey.getEncoded(),
sessionKey.getKeyType(),
flags,
authTime,
startTime,
endTime,
renewTill,
clientAddresses);
krb5Creds = krb5Creds.renew();
} catch (sun.security.krb5.KrbException krbException) {
e = krbException;
} catch (java.io.IOException ioException) {
e = ioException;
}
if (e != null) {
RefreshFailedException rfException
= new RefreshFailedException("Failed to renew Kerberos Ticket "
+ "for client " + client
+ " and server " + server
+ " - " + e.getMessage());
rfException.initCause(e);
throw rfException;
}
/*
* In case multiple threads try to refresh it at the same time.
*/
synchronized (this) {
try {
this.destroy();
} catch (DestroyFailedException dfException) {
// Squelch it since we don't care about the old ticket.
}
init(krb5Creds.getEncoded(),
new KerberosPrincipal(krb5Creds.getClient().getName()),
new KerberosPrincipal(krb5Creds.getServer().getName(),
KerberosPrincipal.KRB_NT_SRV_INST),
krb5Creds.getSessionKey().getBytes(),
krb5Creds.getSessionKey().getEType(),
krb5Creds.getFlags(),
krb5Creds.getAuthTime(),
krb5Creds.getStartTime(),
krb5Creds.getEndTime(),
krb5Creds.getRenewTill(),
krb5Creds.getClientAddresses());
destroyed = false;
}
}
Example #27
| Source File: KerberosTicket.java From jdk1.8-source-analysis with Apache License 2.0 | 4 votes |
|
/**
* Extends the validity period of this ticket. The ticket will contain
* a new session key if the refresh operation succeeds. The refresh
* operation will fail if the ticket is not renewable or the latest
* allowable renew time has passed. Any other error returned by the
* KDC will also cause this method to fail.
*
* Note: This method is not synchronized with the the accessor
* methods of this object. Hence callers need to be aware of multiple
* threads that might access this and try to renew it at the same
* time.
*
* @throws RefreshFailedException if the ticket is not renewable, or
* the latest allowable renew time has passed, or the KDC returns some
* error.
*
* @see #isRenewable()
* @see #getRenewTill()
*/
public void refresh() throws RefreshFailedException {
if (destroyed)
throw new RefreshFailedException("A destroyed ticket "
+ "cannot be renewd.");
if (!isRenewable())
throw new RefreshFailedException("This ticket is not renewable");
if (System.currentTimeMillis() > getRenewTill().getTime())
throw new RefreshFailedException("This ticket is past "
+ "its last renewal time.");
Throwable e = null;
sun.security.krb5.Credentials krb5Creds = null;
try {
krb5Creds = new sun.security.krb5.Credentials(asn1Encoding,
client.toString(),
server.toString(),
sessionKey.getEncoded(),
sessionKey.getKeyType(),
flags,
authTime,
startTime,
endTime,
renewTill,
clientAddresses);
krb5Creds = krb5Creds.renew();
} catch (sun.security.krb5.KrbException krbException) {
e = krbException;
} catch (java.io.IOException ioException) {
e = ioException;
}
if (e != null) {
RefreshFailedException rfException
= new RefreshFailedException("Failed to renew Kerberos Ticket "
+ "for client " + client
+ " and server " + server
+ " - " + e.getMessage());
rfException.initCause(e);
throw rfException;
}
/*
* In case multiple threads try to refresh it at the same time.
*/
synchronized (this) {
try {
this.destroy();
} catch (DestroyFailedException dfException) {
// Squelch it since we don't care about the old ticket.
}
init(krb5Creds.getEncoded(),
new KerberosPrincipal(krb5Creds.getClient().getName()),
new KerberosPrincipal(krb5Creds.getServer().getName(),
KerberosPrincipal.KRB_NT_SRV_INST),
krb5Creds.getSessionKey().getBytes(),
krb5Creds.getSessionKey().getEType(),
krb5Creds.getFlags(),
krb5Creds.getAuthTime(),
krb5Creds.getStartTime(),
krb5Creds.getEndTime(),
krb5Creds.getRenewTill(),
krb5Creds.getClientAddresses());
destroyed = false;
}
}
Example #28
| Source File: KerberosTicket.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 4 votes |
|
/**
* Extends the validity period of this ticket. The ticket will contain
* a new session key if the refresh operation succeeds. The refresh
* operation will fail if the ticket is not renewable or the latest
* allowable renew time has passed. Any other error returned by the
* KDC will also cause this method to fail.
*
* Note: This method is not synchronized with the the accessor
* methods of this object. Hence callers need to be aware of multiple
* threads that might access this and try to renew it at the same
* time.
*
* @throws RefreshFailedException if the ticket is not renewable, or
* the latest allowable renew time has passed, or the KDC returns some
* error.
*
* @see #isRenewable()
* @see #getRenewTill()
*/
public void refresh() throws RefreshFailedException {
if (destroyed)
throw new RefreshFailedException("A destroyed ticket "
+ "cannot be renewd.");
if (!isRenewable())
throw new RefreshFailedException("This ticket is not renewable");
if (System.currentTimeMillis() > getRenewTill().getTime())
throw new RefreshFailedException("This ticket is past "
+ "its last renewal time.");
Throwable e = null;
sun.security.krb5.Credentials krb5Creds = null;
try {
krb5Creds = new sun.security.krb5.Credentials(asn1Encoding,
client.toString(),
server.toString(),
sessionKey.getEncoded(),
sessionKey.getKeyType(),
flags,
authTime,
startTime,
endTime,
renewTill,
clientAddresses);
krb5Creds = krb5Creds.renew();
} catch (sun.security.krb5.KrbException krbException) {
e = krbException;
} catch (java.io.IOException ioException) {
e = ioException;
}
if (e != null) {
RefreshFailedException rfException
= new RefreshFailedException("Failed to renew Kerberos Ticket "
+ "for client " + client
+ " and server " + server
+ " - " + e.getMessage());
rfException.initCause(e);
throw rfException;
}
/*
* In case multiple threads try to refresh it at the same time.
*/
synchronized (this) {
try {
this.destroy();
} catch (DestroyFailedException dfException) {
// Squelch it since we don't care about the old ticket.
}
init(krb5Creds.getEncoded(),
new KerberosPrincipal(krb5Creds.getClient().getName()),
new KerberosPrincipal(krb5Creds.getServer().getName(),
KerberosPrincipal.KRB_NT_SRV_INST),
krb5Creds.getSessionKey().getBytes(),
krb5Creds.getSessionKey().getEType(),
krb5Creds.getFlags(),
krb5Creds.getAuthTime(),
krb5Creds.getStartTime(),
krb5Creds.getEndTime(),
krb5Creds.getRenewTill(),
krb5Creds.getClientAddresses());
destroyed = false;
}
}
Example #29
| Source File: KrbTicket.java From openjdk-jdk8u with GNU General Public License v2.0 | 4 votes |
|
public static void main(String[] args) throws Exception {
// define principals
Map<String, String> principals = new HashMap<>();
principals.put(USER_PRINCIPAL, PASSWORD);
principals.put(KRBTGT_PRINCIPAL, null);
System.setProperty("java.security.krb5.conf", KRB5_CONF_FILENAME);
// start a local KDC instance
KDC kdc = KDC.startKDC(HOST, null, REALM, principals, null, null);
KDC.saveConfig(KRB5_CONF_FILENAME, kdc,
"forwardable = true", "proxiable = true");
// create JAAS config
Files.write(Paths.get(JAAS_CONF), Arrays.asList(
"Client {",
" com.sun.security.auth.module.Krb5LoginModule required;",
"};"
));
System.setProperty("java.security.auth.login.config", JAAS_CONF);
System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
long startTime = Instant.now().getEpochSecond() * 1000;
LoginContext lc = new LoginContext("Client",
new Helper.UserPasswordHandler(USER, PASSWORD));
lc.login();
Subject subject = lc.getSubject();
System.out.println("subject: " + subject);
Set creds = subject.getPrivateCredentials(
KerberosTicket.class);
if (creds.size() > 1) {
throw new RuntimeException("Multiple credintials found");
}
Object o = creds.iterator().next();
if (!(o instanceof KerberosTicket)) {
throw new RuntimeException("Instance of KerberosTicket expected");
}
KerberosTicket krbTkt = (KerberosTicket) o;
System.out.println("forwardable = " + krbTkt.isForwardable());
System.out.println("proxiable = " + krbTkt.isProxiable());
System.out.println("renewable = " + krbTkt.isRenewable());
System.out.println("current = " + krbTkt.isCurrent());
if (!krbTkt.isForwardable()) {
throw new RuntimeException("Forwardable ticket expected");
}
if (!krbTkt.isProxiable()) {
throw new RuntimeException("Proxiable ticket expected");
}
if (!krbTkt.isCurrent()) {
throw new RuntimeException("Ticket is not current");
}
if (krbTkt.isRenewable()) {
throw new RuntimeException("Not renewable ticket expected");
}
try {
krbTkt.refresh();
throw new RuntimeException(
"Expected RefreshFailedException not thrown");
} catch(RefreshFailedException e) {
System.out.println("Expected exception: " + e);
}
if (!checkTime(krbTkt, startTime)) {
throw new RuntimeException("Wrong ticket life time");
}
krbTkt.destroy();
if (!krbTkt.isDestroyed()) {
throw new RuntimeException("Ticket not destroyed");
}
System.out.println("Test passed");
}
Example #30
| Source File: KerberosTicket.java From openjdk-jdk8u with GNU General Public License v2.0 | 4 votes |
|
/**
* Extends the validity period of this ticket. The ticket will contain
* a new session key if the refresh operation succeeds. The refresh
* operation will fail if the ticket is not renewable or the latest
* allowable renew time has passed. Any other error returned by the
* KDC will also cause this method to fail.
*
* Note: This method is not synchronized with the the accessor
* methods of this object. Hence callers need to be aware of multiple
* threads that might access this and try to renew it at the same
* time.
*
* @throws RefreshFailedException if the ticket is not renewable, or
* the latest allowable renew time has passed, or the KDC returns some
* error.
*
* @see #isRenewable()
* @see #getRenewTill()
*/
public void refresh() throws RefreshFailedException {
if (destroyed)
throw new RefreshFailedException("A destroyed ticket "
+ "cannot be renewd.");
if (!isRenewable())
throw new RefreshFailedException("This ticket is not renewable");
if (getRenewTill() == null) {
// Renewable ticket without renew-till. Illegal and ignored.
return;
}
if (System.currentTimeMillis() > getRenewTill().getTime())
throw new RefreshFailedException("This ticket is past "
+ "its last renewal time.");
Throwable e = null;
sun.security.krb5.Credentials krb5Creds = null;
try {
krb5Creds = new sun.security.krb5.Credentials(asn1Encoding,
client.toString(),
(clientAlias != null ?
clientAlias.getName() : null),
server.toString(),
(serverAlias != null ?
serverAlias.getName() : null),
sessionKey.getEncoded(),
sessionKey.getKeyType(),
flags,
authTime,
startTime,
endTime,
renewTill,
clientAddresses);
krb5Creds = krb5Creds.renew();
} catch (sun.security.krb5.KrbException krbException) {
e = krbException;
} catch (java.io.IOException ioException) {
e = ioException;
}
if (e != null) {
RefreshFailedException rfException
= new RefreshFailedException("Failed to renew Kerberos Ticket "
+ "for client " + client
+ " and server " + server
+ " - " + e.getMessage());
rfException.initCause(e);
throw rfException;
}
/*
* In case multiple threads try to refresh it at the same time.
*/
synchronized (this) {
try {
this.destroy();
} catch (DestroyFailedException dfException) {
// Squelch it since we don't care about the old ticket.
}
init(krb5Creds.getEncoded(),
new KerberosPrincipal(krb5Creds.getClient().getName()),
new KerberosPrincipal(krb5Creds.getServer().getName(),
KerberosPrincipal.KRB_NT_SRV_INST),
krb5Creds.getSessionKey().getBytes(),
krb5Creds.getSessionKey().getEType(),
krb5Creds.getFlags(),
krb5Creds.getAuthTime(),
krb5Creds.getStartTime(),
krb5Creds.getEndTime(),
krb5Creds.getRenewTill(),
krb5Creds.getClientAddresses());
destroyed = false;
}
}
