javax.security.auth.kerberos.KeyTab Java Examples
The following examples show how to use
javax.security.auth.kerberos.KeyTab.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: Krb5ProxyImpl.java From dragonwell8_jdk with GNU General Public License v2.0 | 7 votes |
|
@Override
public boolean isRelated(Subject subject, Principal princ) {
if (princ == null) return false;
Set<Principal> principals =
subject.getPrincipals(Principal.class);
if (principals.contains(princ)) {
// bound to this principal
return true;
}
for (KeyTab pc: subject.getPrivateCredentials(KeyTab.class)) {
if (!pc.isBound()) {
return true;
}
}
return false;
}
Example #2
| Source File: Krb5ProxyImpl.java From jdk8u_jdk with GNU General Public License v2.0 | 6 votes |
|
@Override
public boolean isRelated(Subject subject, Principal princ) {
if (princ == null) return false;
Set<Principal> principals =
subject.getPrincipals(Principal.class);
if (principals.contains(princ)) {
// bound to this principal
return true;
}
for (KeyTab pc: subject.getPrivateCredentials(KeyTab.class)) {
if (!pc.isBound()) {
return true;
}
}
return false;
}
Example #3
| Source File: KrbAsRep.java From hottub with GNU General Public License v2.0 | 6 votes |
|
/**
* Called by KrbAsReqBuilder to resolve a AS-REP message using a keytab.
* @param ktab the keytab, not null
* @param asReq the original AS-REQ sent, used to validate AS-REP
* @param cname the user principal name, used to locate keys in ktab
*/
void decryptUsingKeyTab(KeyTab ktab, KrbAsReq asReq, PrincipalName cname)
throws KrbException, Asn1Exception, IOException {
EncryptionKey dkey = null;
int encPartKeyType = rep.encPart.getEType();
Integer encPartKvno = rep.encPart.kvno;
try {
dkey = EncryptionKey.findKey(encPartKeyType, encPartKvno,
Krb5Util.keysFromJavaxKeyTab(ktab, cname));
} catch (KrbException ke) {
if (ke.returnCode() == Krb5.KRB_AP_ERR_BADKEYVER) {
// Fallback to no kvno. In some cases, keytab is generated
// not by sysadmin but Java's ktab command
dkey = EncryptionKey.findKey(encPartKeyType,
Krb5Util.keysFromJavaxKeyTab(ktab, cname));
}
}
if (dkey == null) {
throw new KrbException(Krb5.API_INVALID_ARG,
"Cannot find key for type/kvno to decrypt AS REP - " +
EType.toString(encPartKeyType) + "/" + encPartKvno);
}
decrypt(dkey, asReq);
}
Example #4
| Source File: UnsupportedKeyType.java From dragonwell8_jdk with GNU General Public License v2.0 | 6 votes |
|
public static void main(String[] args) throws Exception {
byte[] data = new byte[aes.length()/2];
KerberosPrincipal kp = new KerberosPrincipal("u1@K1");
// aes128
for (int i=0; i<data.length; i++) {
data[i] = Integer.valueOf(
aes.substring(2*i,2*i+2), 16).byteValue();
}
Files.write(Paths.get("aes"), data);
if(KeyTab.getInstance(kp, new File("aes")).getKeys(kp).length == 0) {
throw new Exception("AES key not read");
}
// camellia128
for (int i=0; i<data.length; i++) {
data[i] = Integer.valueOf(
camellia.substring(2*i,2*i+2), 16).byteValue();
}
Files.write(Paths.get("camellia"), data);
if(KeyTab.getInstance(kp, new File("camellia")).getKeys(kp).length != 0) {
throw new Exception("Unknown key read");
}
}
Example #5
| Source File: Krb5ProxyImpl.java From openjdk-8 with GNU General Public License v2.0 | 6 votes |
|
@Override
public boolean isRelated(Subject subject, Principal princ) {
if (princ == null) return false;
Set<Principal> principals =
subject.getPrincipals(Principal.class);
if (principals.contains(princ)) {
// bound to this principal
return true;
}
for (KeyTab pc: subject.getPrivateCredentials(KeyTab.class)) {
if (!pc.isBound()) {
return true;
}
}
return false;
}
Example #6
| Source File: UnsupportedKeyType.java From openjdk-jdk9 with GNU General Public License v2.0 | 6 votes |
|
public static void main(String[] args) throws Exception {
byte[] data = new byte[aes.length()/2];
KerberosPrincipal kp = new KerberosPrincipal("u1@K1");
// aes128
for (int i=0; i<data.length; i++) {
data[i] = Integer.valueOf(
aes.substring(2*i,2*i+2), 16).byteValue();
}
Files.write(Paths.get("aes"), data);
if(KeyTab.getInstance(kp, new File("aes")).getKeys(kp).length == 0) {
throw new Exception("AES key not read");
}
// camellia128
for (int i=0; i<data.length; i++) {
data[i] = Integer.valueOf(
camellia.substring(2*i,2*i+2), 16).byteValue();
}
Files.write(Paths.get("camellia"), data);
if(KeyTab.getInstance(kp, new File("camellia")).getKeys(kp).length != 0) {
throw new Exception("Unknown key read");
}
}
Example #7
| Source File: KrbAsRep.java From dragonwell8_jdk with GNU General Public License v2.0 | 6 votes |
|
/**
* Called by KrbAsReqBuilder to resolve a AS-REP message using a keytab.
* @param ktab the keytab, not null
* @param asReq the original AS-REQ sent, used to validate AS-REP
* @param cname the user principal name, used to locate keys in ktab
*/
void decryptUsingKeyTab(KeyTab ktab, KrbAsReq asReq, PrincipalName cname)
throws KrbException, Asn1Exception, IOException {
EncryptionKey dkey = null;
int encPartKeyType = rep.encPart.getEType();
Integer encPartKvno = rep.encPart.kvno;
try {
dkey = EncryptionKey.findKey(encPartKeyType, encPartKvno,
Krb5Util.keysFromJavaxKeyTab(ktab, cname));
} catch (KrbException ke) {
if (ke.returnCode() == Krb5.KRB_AP_ERR_BADKEYVER) {
// Fallback to no kvno. In some cases, keytab is generated
// not by sysadmin but Java's ktab command
dkey = EncryptionKey.findKey(encPartKeyType,
Krb5Util.keysFromJavaxKeyTab(ktab, cname));
}
}
if (dkey == null) {
throw new KrbException(Krb5.API_INVALID_ARG,
"Cannot find key for type/kvno to decrypt AS REP - " +
EType.toString(encPartKeyType) + "/" + encPartKvno);
}
decrypt(dkey, asReq, cname);
}
Example #8
| Source File: Krb5ProxyImpl.java From TencentKona-8 with GNU General Public License v2.0 | 6 votes |
|
@Override
public boolean isRelated(Subject subject, Principal princ) {
if (princ == null) return false;
Set<Principal> principals =
subject.getPrincipals(Principal.class);
if (principals.contains(princ)) {
// bound to this principal
return true;
}
for (KeyTab pc: subject.getPrivateCredentials(KeyTab.class)) {
if (!pc.isBound()) {
return true;
}
}
return false;
}
Example #9
| Source File: KrbAsRep.java From openjdk-8 with GNU General Public License v2.0 | 6 votes |
|
/**
* Called by KrbAsReqBuilder to resolve a AS-REP message using a keytab.
* @param ktab the keytab, not null
* @param asReq the original AS-REQ sent, used to validate AS-REP
* @param cname the user principal name, used to locate keys in ktab
*/
void decryptUsingKeyTab(KeyTab ktab, KrbAsReq asReq, PrincipalName cname)
throws KrbException, Asn1Exception, IOException {
EncryptionKey dkey = null;
int encPartKeyType = rep.encPart.getEType();
Integer encPartKvno = rep.encPart.kvno;
try {
dkey = EncryptionKey.findKey(encPartKeyType, encPartKvno,
Krb5Util.keysFromJavaxKeyTab(ktab, cname));
} catch (KrbException ke) {
if (ke.returnCode() == Krb5.KRB_AP_ERR_BADKEYVER) {
// Fallback to no kvno. In some cases, keytab is generated
// not by sysadmin but Java's ktab command
dkey = EncryptionKey.findKey(encPartKeyType,
Krb5Util.keysFromJavaxKeyTab(ktab, cname));
}
}
if (dkey == null) {
throw new KrbException(Krb5.API_INVALID_ARG,
"Cannot find key for type/kvno to decrypt AS REP - " +
EType.toString(encPartKeyType) + "/" + encPartKvno);
}
decrypt(dkey, asReq);
}
Example #10
| Source File: Krb5ProxyImpl.java From jdk8u-jdk with GNU General Public License v2.0 | 6 votes |
|
@Override
public boolean isRelated(Subject subject, Principal princ) {
if (princ == null) return false;
Set<Principal> principals =
subject.getPrincipals(Principal.class);
if (principals.contains(princ)) {
// bound to this principal
return true;
}
for (KeyTab pc: subject.getPrivateCredentials(KeyTab.class)) {
if (!pc.isBound()) {
return true;
}
}
return false;
}
Example #11
| Source File: KrbAsRep.java From jdk8u-dev-jdk with GNU General Public License v2.0 | 6 votes |
|
/**
* Called by KrbAsReqBuilder to resolve a AS-REP message using a keytab.
* @param ktab the keytab, not null
* @param asReq the original AS-REQ sent, used to validate AS-REP
* @param cname the user principal name, used to locate keys in ktab
*/
void decryptUsingKeyTab(KeyTab ktab, KrbAsReq asReq, PrincipalName cname)
throws KrbException, Asn1Exception, IOException {
EncryptionKey dkey = null;
int encPartKeyType = rep.encPart.getEType();
Integer encPartKvno = rep.encPart.kvno;
try {
dkey = EncryptionKey.findKey(encPartKeyType, encPartKvno,
Krb5Util.keysFromJavaxKeyTab(ktab, cname));
} catch (KrbException ke) {
if (ke.returnCode() == Krb5.KRB_AP_ERR_BADKEYVER) {
// Fallback to no kvno. In some cases, keytab is generated
// not by sysadmin but Java's ktab command
dkey = EncryptionKey.findKey(encPartKeyType,
Krb5Util.keysFromJavaxKeyTab(ktab, cname));
}
}
if (dkey == null) {
throw new KrbException(Krb5.API_INVALID_ARG,
"Cannot find key for type/kvno to decrypt AS REP - " +
EType.toString(encPartKeyType) + "/" + encPartKvno);
}
decrypt(dkey, asReq);
}
Example #12
| Source File: KrbAsRep.java From openjdk-jdk9 with GNU General Public License v2.0 | 6 votes |
|
/**
* Called by KrbAsReqBuilder to resolve a AS-REP message using a keytab.
* @param ktab the keytab, not null
* @param asReq the original AS-REQ sent, used to validate AS-REP
* @param cname the user principal name, used to locate keys in ktab
*/
void decryptUsingKeyTab(KeyTab ktab, KrbAsReq asReq, PrincipalName cname)
throws KrbException, Asn1Exception, IOException {
EncryptionKey dkey = null;
int encPartKeyType = rep.encPart.getEType();
Integer encPartKvno = rep.encPart.kvno;
try {
dkey = EncryptionKey.findKey(encPartKeyType, encPartKvno,
Krb5Util.keysFromJavaxKeyTab(ktab, cname));
} catch (KrbException ke) {
if (ke.returnCode() == Krb5.KRB_AP_ERR_BADKEYVER) {
// Fallback to no kvno. In some cases, keytab is generated
// not by sysadmin but Java's ktab command
dkey = EncryptionKey.findKey(encPartKeyType,
Krb5Util.keysFromJavaxKeyTab(ktab, cname));
}
}
if (dkey == null) {
throw new KrbException(Krb5.API_INVALID_ARG,
"Cannot find key for type/kvno to decrypt AS REP - " +
EType.toString(encPartKeyType) + "/" + encPartKvno);
}
decrypt(dkey, asReq);
}
Example #13
| Source File: Krb5ProxyImpl.java From jdk8u-dev-jdk with GNU General Public License v2.0 | 6 votes |
|
@Override
public boolean isRelated(Subject subject, Principal princ) {
if (princ == null) return false;
Set<Principal> principals =
subject.getPrincipals(Principal.class);
if (principals.contains(princ)) {
// bound to this principal
return true;
}
for (KeyTab pc: subject.getPrivateCredentials(KeyTab.class)) {
if (!pc.isBound()) {
return true;
}
}
return false;
}
Example #14
| Source File: Krb5ProxyImpl.java From jdk8u60 with GNU General Public License v2.0 | 6 votes |
|
@Override
public boolean isRelated(Subject subject, Principal princ) {
if (princ == null) return false;
Set<Principal> principals =
subject.getPrincipals(Principal.class);
if (principals.contains(princ)) {
// bound to this principal
return true;
}
for (KeyTab pc: subject.getPrivateCredentials(KeyTab.class)) {
if (!pc.isBound()) {
return true;
}
}
return false;
}
Example #15
| Source File: UnsupportedKeyType.java From jdk8u-dev-jdk with GNU General Public License v2.0 | 6 votes |
|
public static void main(String[] args) throws Exception {
byte[] data = new byte[aes.length()/2];
KerberosPrincipal kp = new KerberosPrincipal("u1@K1");
// aes128
for (int i=0; i<data.length; i++) {
data[i] = Integer.valueOf(
aes.substring(2*i,2*i+2), 16).byteValue();
}
Files.write(Paths.get("aes"), data);
if(KeyTab.getInstance(kp, new File("aes")).getKeys(kp).length == 0) {
throw new Exception("AES key not read");
}
// camellia128
for (int i=0; i<data.length; i++) {
data[i] = Integer.valueOf(
camellia.substring(2*i,2*i+2), 16).byteValue();
}
Files.write(Paths.get("camellia"), data);
if(KeyTab.getInstance(kp, new File("camellia")).getKeys(kp).length != 0) {
throw new Exception("Unknown key read");
}
}
Example #16
| Source File: KrbAsRep.java From jdk8u60 with GNU General Public License v2.0 | 6 votes |
|
/**
* Called by KrbAsReqBuilder to resolve a AS-REP message using a keytab.
* @param ktab the keytab, not null
* @param asReq the original AS-REQ sent, used to validate AS-REP
* @param cname the user principal name, used to locate keys in ktab
*/
void decryptUsingKeyTab(KeyTab ktab, KrbAsReq asReq, PrincipalName cname)
throws KrbException, Asn1Exception, IOException {
EncryptionKey dkey = null;
int encPartKeyType = rep.encPart.getEType();
Integer encPartKvno = rep.encPart.kvno;
try {
dkey = EncryptionKey.findKey(encPartKeyType, encPartKvno,
Krb5Util.keysFromJavaxKeyTab(ktab, cname));
} catch (KrbException ke) {
if (ke.returnCode() == Krb5.KRB_AP_ERR_BADKEYVER) {
// Fallback to no kvno. In some cases, keytab is generated
// not by sysadmin but Java's ktab command
dkey = EncryptionKey.findKey(encPartKeyType,
Krb5Util.keysFromJavaxKeyTab(ktab, cname));
}
}
if (dkey == null) {
throw new KrbException(Krb5.API_INVALID_ARG,
"Cannot find key for type/kvno to decrypt AS REP - " +
EType.toString(encPartKeyType) + "/" + encPartKvno);
}
decrypt(dkey, asReq);
}
Example #17
| Source File: Krb5ProxyImpl.java From hottub with GNU General Public License v2.0 | 6 votes |
|
@Override
public boolean isRelated(Subject subject, Principal princ) {
if (princ == null) return false;
Set<Principal> principals =
subject.getPrincipals(Principal.class);
if (principals.contains(princ)) {
// bound to this principal
return true;
}
for (KeyTab pc: subject.getPrivateCredentials(KeyTab.class)) {
if (!pc.isBound()) {
return true;
}
}
return false;
}
Example #18
| Source File: UnsupportedKeyType.java From hottub with GNU General Public License v2.0 | 6 votes |
|
public static void main(String[] args) throws Exception {
byte[] data = new byte[aes.length()/2];
KerberosPrincipal kp = new KerberosPrincipal("u1@K1");
// aes128
for (int i=0; i<data.length; i++) {
data[i] = Integer.valueOf(
aes.substring(2*i,2*i+2), 16).byteValue();
}
Files.write(Paths.get("aes"), data);
if(KeyTab.getInstance(kp, new File("aes")).getKeys(kp).length == 0) {
throw new Exception("AES key not read");
}
// camellia128
for (int i=0; i<data.length; i++) {
data[i] = Integer.valueOf(
camellia.substring(2*i,2*i+2), 16).byteValue();
}
Files.write(Paths.get("camellia"), data);
if(KeyTab.getInstance(kp, new File("camellia")).getKeys(kp).length != 0) {
throw new Exception("Unknown key read");
}
}
Example #19
| Source File: Krb5ProxyImpl.java From openjdk-jdk8u with GNU General Public License v2.0 | 6 votes |
|
@Override
public boolean isRelated(Subject subject, Principal princ) {
if (princ == null) return false;
Set<Principal> principals =
subject.getPrincipals(Principal.class);
if (principals.contains(princ)) {
// bound to this principal
return true;
}
for (KeyTab pc: subject.getPrivateCredentials(KeyTab.class)) {
if (!pc.isBound()) {
return true;
}
}
return false;
}
Example #20
| Source File: KrbAsRep.java From jdk8u-jdk with GNU General Public License v2.0 | 6 votes |
|
/**
* Called by KrbAsReqBuilder to resolve a AS-REP message using a keytab.
* @param ktab the keytab, not null
* @param asReq the original AS-REQ sent, used to validate AS-REP
* @param cname the user principal name, used to locate keys in ktab
*/
void decryptUsingKeyTab(KeyTab ktab, KrbAsReq asReq, PrincipalName cname)
throws KrbException, Asn1Exception, IOException {
EncryptionKey dkey = null;
int encPartKeyType = rep.encPart.getEType();
Integer encPartKvno = rep.encPart.kvno;
try {
dkey = EncryptionKey.findKey(encPartKeyType, encPartKvno,
Krb5Util.keysFromJavaxKeyTab(ktab, cname));
} catch (KrbException ke) {
if (ke.returnCode() == Krb5.KRB_AP_ERR_BADKEYVER) {
// Fallback to no kvno. In some cases, keytab is generated
// not by sysadmin but Java's ktab command
dkey = EncryptionKey.findKey(encPartKeyType,
Krb5Util.keysFromJavaxKeyTab(ktab, cname));
}
}
if (dkey == null) {
throw new KrbException(Krb5.API_INVALID_ARG,
"Cannot find key for type/kvno to decrypt AS REP - " +
EType.toString(encPartKeyType) + "/" + encPartKvno);
}
decrypt(dkey, asReq);
}
Example #21
| Source File: UnsupportedKeyType.java From TencentKona-8 with GNU General Public License v2.0 | 6 votes |
|
public static void main(String[] args) throws Exception {
byte[] data = new byte[aes.length()/2];
KerberosPrincipal kp = new KerberosPrincipal("u1@K1");
// aes128
for (int i=0; i<data.length; i++) {
data[i] = Integer.valueOf(
aes.substring(2*i,2*i+2), 16).byteValue();
}
Files.write(Paths.get("aes"), data);
if(KeyTab.getInstance(kp, new File("aes")).getKeys(kp).length == 0) {
throw new Exception("AES key not read");
}
// camellia128
for (int i=0; i<data.length; i++) {
data[i] = Integer.valueOf(
camellia.substring(2*i,2*i+2), 16).byteValue();
}
Files.write(Paths.get("camellia"), data);
if(KeyTab.getInstance(kp, new File("camellia")).getKeys(kp).length != 0) {
throw new Exception("Unknown key read");
}
}
Example #22
| Source File: Krb5ProxyImpl.java From jdk8u-jdk with GNU General Public License v2.0 | 6 votes |
|
@Override
public boolean isRelated(Subject subject, Principal princ) {
if (princ == null) return false;
Set<Principal> principals =
subject.getPrincipals(Principal.class);
if (principals.contains(princ)) {
// bound to this principal
return true;
}
for (KeyTab pc: subject.getPrivateCredentials(KeyTab.class)) {
if (!pc.isBound()) {
return true;
}
}
return false;
}
Example #23
| Source File: ServiceCredsCombination.java From jdk8u-jdk with GNU General Public License v2.0 | 5 votes |
|
/**
* Checks the correct bound
* @param a get a creds for this principal, null for default one
* @param b expected name, null for still unbound, "NOCRED" for no creds
* @param objs princs, keys and keytabs in the subject
*/
private static void check(final String a, String b, Object... objs)
throws Exception {
Subject subj = new Subject();
for (Object obj: objs) {
if (obj instanceof KerberosPrincipal) {
subj.getPrincipals().add((KerberosPrincipal)obj);
} else if (obj instanceof KerberosKey || obj instanceof KeyTab) {
subj.getPrivateCredentials().add(obj);
}
}
final GSSManager man = GSSManager.getInstance();
try {
String result = Subject.doAs(
subj, new PrivilegedExceptionAction<String>() {
@Override
public String run() throws GSSException {
GSSCredential cred = man.createCredential(
a == null ? null : man.createName(r(a), null),
GSSCredential.INDEFINITE_LIFETIME,
GSSUtil.GSS_KRB5_MECH_OID,
GSSCredential.ACCEPT_ONLY);
GSSName name = cred.getName();
return name == null ? null : name.toString();
}
});
if (!Objects.equals(result, r(b))) {
throw new Exception("Check failed: getInstance(" + a
+ ") has name " + result + ", not " + b);
}
} catch (PrivilegedActionException e) {
if (!"NOCRED".equals(b)) {
throw new Exception("Check failed: getInstance(" + a
+ ") is null " + ", but not one with name " + b);
}
}
}
Example #24
| Source File: ServiceCredsCombination.java From jdk8u-dev-jdk with GNU General Public License v2.0 | 5 votes |
|
/**
* Checks the correct bound
* @param a get a creds for this principal, null for default one
* @param b expected name, null for still unbound, "NOCRED" for no creds
* @param objs princs, keys and keytabs in the subject
*/
private static void check(final String a, String b, Object... objs)
throws Exception {
Subject subj = new Subject();
for (Object obj: objs) {
if (obj instanceof KerberosPrincipal) {
subj.getPrincipals().add((KerberosPrincipal)obj);
} else if (obj instanceof KerberosKey || obj instanceof KeyTab) {
subj.getPrivateCredentials().add(obj);
}
}
final GSSManager man = GSSManager.getInstance();
try {
String result = Subject.doAs(
subj, new PrivilegedExceptionAction<String>() {
@Override
public String run() throws GSSException {
GSSCredential cred = man.createCredential(
a == null ? null : man.createName(r(a), null),
GSSCredential.INDEFINITE_LIFETIME,
GSSUtil.GSS_KRB5_MECH_OID,
GSSCredential.ACCEPT_ONLY);
GSSName name = cred.getName();
return name == null ? null : name.toString();
}
});
if (!Objects.equals(result, r(b))) {
throw new Exception("Check failed: getInstance(" + a
+ ") has name " + result + ", not " + b);
}
} catch (PrivilegedActionException e) {
if (!"NOCRED".equals(b)) {
throw new Exception("Check failed: getInstance(" + a
+ ") is null " + ", but not one with name " + b);
}
}
}
Example #25
| Source File: KerberosUtilities.java From qpid-broker-j with Apache License 2.0 | 5 votes |
|
private KeyTab getKeyTab(final KerberosPrincipal principal, final File keyTabFile)
{
if (!keyTabFile.exists() || !keyTabFile.canRead())
{
throw new IllegalArgumentException("Specified file does not exist or is not readable.");
}
final KeyTab keytab = KeyTab.getInstance(principal, keyTabFile);
if (!keytab.exists())
{
throw new IllegalArgumentException("Specified file is not a keyTab file.");
}
final KerberosKey[] keys = keytab.getKeys(principal);
if (keys.length == 0)
{
throw new IllegalArgumentException("Specified file does not contain at least one key for this principal.");
}
for (final KerberosKey key : keys)
{
try
{
key.destroy();
}
catch (DestroyFailedException e)
{
LOGGER.debug("Unable to destroy key", e);
}
}
return keytab;
}
Example #26
| Source File: DeprivilegedModuleLoaderTest.java From openjdk-jdk9 with GNU General Public License v2.0 | 5 votes |
|
private static List<Class<?>> getDeprivilegedClasses() {
List<Class<?>> classes = new ArrayList<Class<?>>();
// Test from java.xml.crypto/javax/xml/crypto/dsig package
classes.add(XMLSignatureFactory.class);
// Test from java.xml.crypto/javax/xml/crypto package
classes.add(KeySelectorException.class);
// Test From java.security.jgss/javax/security/auth/kerberos package
classes.add(KeyTab.class);
// Test from jdk.security.jgss/com/sun/security/jgss package
classes.add(AuthorizationDataEntry.class);
// Test from jdk.security.auth/com/sun/security/auth/callback package
classes.add(TextCallbackHandler.class);
return classes;
}
Example #27
| Source File: KPEquals.java From jdk8u_jdk with GNU General Public License v2.0 | 5 votes |
|
public static void main(String[] args) throws Exception {
new OneKDC(null).writeJAASConf();
Context c = Context.fromJAAS("client");
Context s = Context.fromThinAir();
KerberosPrincipal kp = new KerberosPrincipal(
OneKDC.SERVER + "@" + OneKDC.REALM,
KerberosPrincipal.KRB_NT_SRV_INST);
s.s().getPrincipals().add(kp);
for (KerberosKey k: KeyTab.getInstance(kp).getKeys(kp)) {
s.s().getPrivateCredentials().add(k);
}
c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
s.startAsServer(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
Context.handshake(c, s);
}
Example #28
| Source File: UserGroupInformation.java From hadoop with Apache License 2.0 | 5 votes |
|
/**
* Create a UserGroupInformation for the given subject.
* This does not change the subject or acquire new credentials.
* @param subject the user's subject
*/
UserGroupInformation(Subject subject) {
this.subject = subject;
this.user = subject.getPrincipals(User.class).iterator().next();
this.isKeytab = !subject.getPrivateCredentials(KeyTab.class).isEmpty();
this.isKrbTkt = !subject.getPrivateCredentials(KerberosTicket.class).isEmpty();
}
Example #29
| Source File: KPEquals.java From jdk8u60 with GNU General Public License v2.0 | 5 votes |
|
public static void main(String[] args) throws Exception {
new OneKDC(null).writeJAASConf();
Context c = Context.fromJAAS("client");
Context s = Context.fromThinAir();
KerberosPrincipal kp = new KerberosPrincipal(
OneKDC.SERVER + "@" + OneKDC.REALM,
KerberosPrincipal.KRB_NT_SRV_INST);
s.s().getPrincipals().add(kp);
for (KerberosKey k: KeyTab.getInstance(kp).getKeys(kp)) {
s.s().getPrivateCredentials().add(k);
}
c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
s.startAsServer(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
Context.handshake(c, s);
}
Example #30
| Source File: ServiceCredsCombination.java From openjdk-jdk8u with GNU General Public License v2.0 | 5 votes |
|
/**
* Checks the correct bound
* @param a get a creds for this principal, null for default one
* @param b expected name, null for still unbound, "NOCRED" for no creds
* @param objs princs, keys and keytabs in the subject
*/
private static void check(final String a, String b, Object... objs)
throws Exception {
Subject subj = new Subject();
for (Object obj: objs) {
if (obj instanceof KerberosPrincipal) {
subj.getPrincipals().add((KerberosPrincipal)obj);
} else if (obj instanceof KerberosKey || obj instanceof KeyTab) {
subj.getPrivateCredentials().add(obj);
}
}
final GSSManager man = GSSManager.getInstance();
try {
String result = Subject.doAs(
subj, new PrivilegedExceptionAction<String>() {
@Override
public String run() throws GSSException {
GSSCredential cred = man.createCredential(
a == null ? null : man.createName(r(a), null),
GSSCredential.INDEFINITE_LIFETIME,
GSSUtil.GSS_KRB5_MECH_OID,
GSSCredential.ACCEPT_ONLY);
GSSName name = cred.getName();
return name == null ? null : name.toString();
}
});
if (!Objects.equals(result, r(b))) {
throw new Exception("Check failed: getInstance(" + a
+ ") has name " + result + ", not " + b);
}
} catch (PrivilegedActionException e) {
if (!"NOCRED".equals(b)) {
throw new Exception("Check failed: getInstance(" + a
+ ") is null " + ", but not one with name " + b);
}
}
}
