Java Code Examples for org.ietf.jgss.GSSManager#createName()
The following examples show how to use
org.ietf.jgss.GSSManager#createName() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: TestInfoServersACL.java From hbase with Apache License 2.0 | 6 votes |
private CloseableHttpClient createHttpClient(String clientPrincipal) throws Exception { // Logs in with Kerberos via GSS GSSManager gssManager = GSSManager.getInstance(); // jGSS Kerberos login constant Oid oid = new Oid("1.2.840.113554.1.2.2"); GSSName gssClient = gssManager.createName(clientPrincipal, GSSName.NT_USER_NAME); GSSCredential credential = gssManager.createCredential( gssClient, GSSCredential.DEFAULT_LIFETIME, oid, GSSCredential.INITIATE_ONLY); Lookup<AuthSchemeProvider> authRegistry = RegistryBuilder.<AuthSchemeProvider>create() .register(AuthSchemes.SPNEGO, new SPNegoSchemeFactory(true, true)).build(); BasicCredentialsProvider credentialsProvider = new BasicCredentialsProvider(); credentialsProvider.setCredentials(AuthScope.ANY, new KerberosCredentials(credential)); return HttpClients.custom().setDefaultAuthSchemeRegistry(authRegistry) .setDefaultCredentialsProvider(credentialsProvider).build(); }
Example 2
Source File: JgssIntegrationTest.java From tutorials with MIT License | 5 votes |
@Before public void setUp() throws SaslException, GSSException { GSSManager manager = GSSManager.getInstance(); serverContext = manager.createContext((GSSCredential) null); String serverPrinciple = SERVER_PRINCIPAL; GSSName serverName = manager.createName(serverPrinciple, null); Oid krb5Oid = new Oid(MECHANISM); clientContext = manager.createContext(serverName, krb5Oid, (GSSCredential) null, GSSContext.DEFAULT_LIFETIME); clientContext.requestMutualAuth(true); clientContext.requestConf(true); clientContext.requestInteg(true); }
Example 3
Source File: CtorTests2.java From dragonwell8_jdk with GNU General Public License v2.0 | 5 votes |
public static void main(String[] argv) throws Exception { try { GSSManager manager = GSSManager.getInstance(); GSSName name = manager.createName("anonymous", GSSName.NT_ANONYMOUS); boolean anonymous = name.isAnonymous(); if (anonymous == false) { throw new RuntimeException("GSSName.isAnonymous() returns false for GSSName.NT_ANONYMOUS"); } } catch (GSSException e) { System.out.println("Not supported, ignored!"); } }
Example 4
Source File: GssMemoryIssues.java From TencentKona-8 with GNU General Public License v2.0 | 5 votes |
public static void main(String[] argv) throws Exception { GSSManager man = GSSManager.getInstance(); String s = "me@REALM"; GSSName name = man.createName(s, GSSName.NT_USER_NAME); byte[] exported = name.export(); // Offset of the length of the mech name. Length in big endian int lenOffset = exported.length - s.length() - 4; // Make it huge exported[lenOffset] = 0x7f; try { man.createName(exported, GSSName.NT_EXPORT_NAME); } catch (GSSException gsse) { System.out.println(gsse); } }
Example 5
Source File: GssMemoryIssues.java From jdk8u60 with GNU General Public License v2.0 | 5 votes |
public static void main(String[] argv) throws Exception { GSSManager man = GSSManager.getInstance(); String s = "me@REALM"; GSSName name = man.createName(s, GSSName.NT_USER_NAME); byte[] exported = name.export(); // Offset of the length of the mech name. Length in big endian int lenOffset = exported.length - s.length() - 4; // Make it huge exported[lenOffset] = 0x7f; try { man.createName(exported, GSSName.NT_EXPORT_NAME); } catch (GSSException gsse) { System.out.println(gsse); } }
Example 6
Source File: CtorTests2.java From jdk8u60 with GNU General Public License v2.0 | 5 votes |
public static void main(String[] argv) throws Exception { try { GSSManager manager = GSSManager.getInstance(); GSSName name = manager.createName("anonymous", GSSName.NT_ANONYMOUS); boolean anonymous = name.isAnonymous(); if (anonymous == false) { throw new RuntimeException("GSSName.isAnonymous() returns false for GSSName.NT_ANONYMOUS"); } } catch (GSSException e) { System.out.println("Not supported, ignored!"); } }
Example 7
Source File: CtorTests2.java From openjdk-jdk8u with GNU General Public License v2.0 | 5 votes |
public static void main(String[] argv) throws Exception { try { GSSManager manager = GSSManager.getInstance(); GSSName name = manager.createName("anonymous", GSSName.NT_ANONYMOUS); boolean anonymous = name.isAnonymous(); if (anonymous == false) { throw new RuntimeException("GSSName.isAnonymous() returns false for GSSName.NT_ANONYMOUS"); } } catch (GSSException e) { System.out.println("Not supported, ignored!"); } }
Example 8
Source File: Kerb5Context.java From jcifs with GNU Lesser General Public License v2.1 | 5 votes |
Kerb5Context ( String host, String service, String name, int userLifetime, int contextLifetime, String realm ) throws GSSException { GSSManager manager = GSSManager.getInstance(); GSSCredential clientCreds = null; Oid mechOid = JGSS_KRB5_MECH_OID; if ( realm != null ) { this.serviceName = manager.createName(service + "/" + host + "@" + realm, JGSS_KRB5_NAME_OID, mechOid); } else { this.serviceName = manager.createName(service + "@" + host, GSSName.NT_HOSTBASED_SERVICE, mechOid); } if ( log.isDebugEnabled() ) { log.debug("Service name is " + this.serviceName); } if ( name != null ) { this.clientName = manager.createName(name, GSSName.NT_USER_NAME, mechOid); clientCreds = manager.createCredential(this.clientName, userLifetime, mechOid, GSSCredential.INITIATE_ONLY); } else { this.clientName = null; } this.gssContext = manager.createContext(this.serviceName, mechOid, clientCreds, contextLifetime); this.gssContext.requestAnonymity(false); this.gssContext.requestSequenceDet(false); this.gssContext.requestConf(false); this.gssContext.requestInteg(false); this.gssContext.requestReplayDet(false); // per spec these should be set this.gssContext.requestMutualAuth(true); this.gssContext.requestCredDeleg(true); }
Example 9
Source File: AbstractSpnegoNegotiatorTest.java From elasticsearch-hadoop with Apache License 2.0 | 4 votes |
@Test public void testSuccessfulNegotiateWithRealmName() throws IOException, GSSException, InterruptedException { // Mechanisms final GSSManager gssManager = GSSManager.getInstance(); final Oid spnegoOid = new Oid("1.3.6.1.5.5.2"); // Configure logins Configuration configuration = new Configuration(); SecurityUtil.setAuthenticationMethod(UserGroupInformation.AuthenticationMethod.KERBEROS, configuration); UserGroupInformation.setConfiguration(configuration); // Login as Server UserGroupInformation server = UserGroupInformation.loginUserFromKeytabAndReturnUGI(withRealm(KerberosSuite.PRINCIPAL_SERVER), KEYTAB_FILE.getAbsolutePath()); final GSSName gssServicePrincipalName = gssManager.createName(withRealm(KerberosSuite.PRINCIPAL_SERVER), GSSName.NT_USER_NAME); final GSSCredential gssServiceCredential = server.doAs(new PrivilegedExceptionAction<GSSCredential>() { @Override public GSSCredential run() throws Exception { return gssManager.createCredential( gssServicePrincipalName, GSSCredential.DEFAULT_LIFETIME, spnegoOid, GSSCredential.ACCEPT_ONLY ); } }); final GSSContext serverCtx = gssManager.createContext(gssServiceCredential); // Login as Client and Create negotiator UserGroupInformation client = UserGroupInformation.loginUserFromKeytabAndReturnUGI(withRealm(KerberosSuite.PRINCIPAL_CLIENT), KEYTAB_FILE.getAbsolutePath()); final SpnegoNegotiator spnegoNegotiator = client.doAs(new PrivilegedExceptionAction<SpnegoNegotiator>() { @Override public SpnegoNegotiator run() throws Exception { return new SpnegoNegotiator(withRealm(KerberosSuite.PRINCIPAL_CLIENT), withRealm(KerberosSuite.PRINCIPAL_SERVER)); } }); byte[] token = new byte[0]; boolean authenticated = false; for (int idx = 0; idx < 100; idx++) { if (!spnegoNegotiator.established()) { final byte[] sendToken = token; String baseToken = client.doAs(new PrivilegedExceptionAction<String>() { @Override public String run() throws Exception { if (sendToken.length > 0) { return spnegoNegotiator.send(Base64.encodeBase64String(sendToken)); } else { return spnegoNegotiator.send(); } } }); token = Base64.decodeBase64(baseToken); } if (!spnegoNegotiator.established() && serverCtx.isEstablished()) { fail("Server is established, but client is not."); } if (!serverCtx.isEstablished()) { final byte[] currentToken = token; token = server.doAs(new PrivilegedExceptionAction<byte[]>() { @Override public byte[] run() throws Exception { return serverCtx.acceptSecContext(currentToken, 0, currentToken.length); } }); } if (serverCtx.isEstablished() && spnegoNegotiator.established()) { authenticated = true; break; } } assertThat(authenticated, is(true)); assertThat(serverCtx.isEstablished(), is(true)); assertThat(spnegoNegotiator.established(), is(true)); spnegoNegotiator.close(); assertThat(spnegoNegotiator.established(), is(false)); }
Example 10
Source File: Samba2FileSystem.java From iaf with Apache License 2.0 | 4 votes |
private AuthenticationContext authenticate() throws FileSystemException { CredentialFactory credentialFactory = new CredentialFactory(getAuthAlias(), getUsername(), getPassword()); if (StringUtils.isNotEmpty(credentialFactory.getUsername())) { if(StringUtils.equalsIgnoreCase(authType, "NTLM")) { return new AuthenticationContext(getUsername(), password.toCharArray(), getDomain()); }else if(StringUtils.equalsIgnoreCase(authType, "SPNEGO")) { if(!StringUtils.isEmpty(getKdc()) && !StringUtils.isEmpty(getRealm())) { System.setProperty("java.security.krb5.kdc", getKdc()); System.setProperty("java.security.krb5.realm", getRealm()); } HashMap<String, String> loginParams = new HashMap<String, String>(); loginParams.put("principal", getUsername()); LoginContext lc; try { lc = new LoginContext(getUsername(), null, new UsernameAndPasswordCallbackHandler(getUsername(), getPassword()), new KerberosLoginConfiguration(loginParams)); lc.login(); Subject subject = lc.getSubject(); KerberosPrincipal krbPrincipal = subject.getPrincipals(KerberosPrincipal.class).iterator().next(); Oid spnego = new Oid(SPNEGO_OID); Oid kerberos5 = new Oid(KERBEROS5_OID); final GSSManager manager = GSSManager.getInstance(); final GSSName name = manager.createName(krbPrincipal.toString(), GSSName.NT_USER_NAME); Set<Oid> mechs = new HashSet<Oid>(Arrays.asList(manager.getMechsForName(name.getStringNameType()))); final Oid mech; if (mechs.contains(kerberos5)) { mech = kerberos5; } else if (mechs.contains(spnego)) { mech = spnego; } else { throw new IllegalArgumentException("No mechanism found"); } GSSCredential creds = Subject.doAs(subject, new PrivilegedExceptionAction<GSSCredential>() { @Override public GSSCredential run() throws GSSException { return manager.createCredential(name, GSSCredential.DEFAULT_LIFETIME, mech, GSSCredential.INITIATE_ONLY); } }); GSSAuthenticationContext auth = new GSSAuthenticationContext(krbPrincipal.getName(), krbPrincipal.getRealm(), subject, creds); return auth; } catch (Exception e) { if(e.getMessage().contains("Cannot locate default realm")) { throw new FileSystemException("Please fill the kdc and realm field or provide krb5.conf file including realm",e); } throw new FileSystemException(e); } } } return null; }
Example 11
Source File: Test5653.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 4 votes |
public static void main(String[] args) throws Exception { Oid oldOid = new Oid("1.3.6.1.5.6.2"); new OneKDC(null).writeJAASConf(); System.setProperty("javax.security.auth.useSubjectCredsOnly", "false"); GSSManager m = GSSManager.getInstance(); boolean found = false; // Test 1: the getMechsForName() method accepts it. for (Oid tmp: m.getMechsForName(oldOid)) { if (tmp.equals(GSSUtil.GSS_KRB5_MECH_OID)) { found = true; break; } } if (!found) { throw new Exception("Cannot found krb5 mech for old name type"); } // Test 2: the createName() method accepts it. GSSName name = m.createName("server@host.rabbit.hole", oldOid); // Test 3: its getStringNameType() output is correct if (!name.getStringNameType().equals(GSSName.NT_HOSTBASED_SERVICE)) { throw new Exception("GSSName not correct name type"); } // Test 4: everything still works. GSSContext c1 = m.createContext( name, GSSUtil.GSS_KRB5_MECH_OID, null, GSSContext.DEFAULT_LIFETIME); byte[] token = c1.initSecContext(new byte[0], 0, 0); Context s; s = Context.fromJAAS("server"); s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID); s.x().acceptSecContext(token, 0, token.length); }
Example 12
Source File: Test5653.java From openjdk-8 with GNU General Public License v2.0 | 4 votes |
public static void main(String[] args) throws Exception { Oid oldOid = new Oid("1.3.6.1.5.6.2"); new OneKDC(null).writeJAASConf(); System.setProperty("javax.security.auth.useSubjectCredsOnly", "false"); GSSManager m = GSSManager.getInstance(); boolean found = false; // Test 1: the getMechsForName() method accepts it. for (Oid tmp: m.getMechsForName(oldOid)) { if (tmp.equals(GSSUtil.GSS_KRB5_MECH_OID)) { found = true; break; } } if (!found) { throw new Exception("Cannot found krb5 mech for old name type"); } // Test 2: the createName() method accepts it. GSSName name = m.createName("server@host.rabbit.hole", oldOid); // Test 3: its getStringNameType() output is correct if (!name.getStringNameType().equals(GSSName.NT_HOSTBASED_SERVICE)) { throw new Exception("GSSName not correct name type"); } // Test 4: everything still works. GSSContext c1 = m.createContext( name, GSSUtil.GSS_KRB5_MECH_OID, null, GSSContext.DEFAULT_LIFETIME); byte[] token = c1.initSecContext(new byte[0], 0, 0); Context s; s = Context.fromJAAS("server"); s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID); s.x().acceptSecContext(token, 0, token.length); }
Example 13
Source File: PropertyBasedSpnegoLoginService.java From calcite-avatica with Apache License 2.0 | 4 votes |
@Override public UserIdentity login(String username, Object credentials, ServletRequest request) { String encodedAuthToken = (String) credentials; byte[] authToken = B64Code.decode(encodedAuthToken); GSSManager manager = GSSManager.getInstance(); try { // http://java.sun.com/javase/6/docs/technotes/guides/security/jgss/jgss-features.html Oid spnegoOid = new Oid("1.3.6.1.5.5.2"); Oid krb5Oid = new Oid("1.2.840.113554.1.2.2"); GSSName gssName = manager.createName(serverPrincipal, null); // CALCITE-1922 Providing both OIDs is the bug in Jetty we're working around. By specifying // only one, we're requiring that clients *must* provide us the SPNEGO OID to authenticate // via Kerberos which is wrong. Best as I can tell, the SPNEGO OID is meant as another // layer of indirection (essentially is equivalent to setting the Kerberos OID). GSSCredential serverCreds = manager.createCredential(gssName, GSSCredential.INDEFINITE_LIFETIME, new Oid[] {krb5Oid, spnegoOid}, GSSCredential.ACCEPT_ONLY); GSSContext gContext = manager.createContext(serverCreds); if (gContext == null) { LOG.debug("SpnegoUserRealm: failed to establish GSSContext"); } else { while (!gContext.isEstablished()) { authToken = gContext.acceptSecContext(authToken, 0, authToken.length); } if (gContext.isEstablished()) { String clientName = gContext.getSrcName().toString(); String role = clientName.substring(clientName.indexOf('@') + 1); LOG.debug("SpnegoUserRealm: established a security context"); LOG.debug("Client Principal is: {}", gContext.getSrcName()); LOG.debug("Server Principal is: {}", gContext.getTargName()); LOG.debug("Client Default Role: {}", role); SpnegoUserPrincipal user = new SpnegoUserPrincipal(clientName, authToken); Subject subject = new Subject(); subject.getPrincipals().add(user); return _identityService.newUserIdentity(subject, user, new String[]{role}); } } } catch (GSSException gsse) { LOG.warn("Caught GSSException trying to authenticate the client", gsse); } return null; }
Example 14
Source File: Test5653.java From openjdk-8-source with GNU General Public License v2.0 | 4 votes |
public static void main(String[] args) throws Exception { Oid oldOid = new Oid("1.3.6.1.5.6.2"); new OneKDC(null).writeJAASConf(); System.setProperty("javax.security.auth.useSubjectCredsOnly", "false"); GSSManager m = GSSManager.getInstance(); boolean found = false; // Test 1: the getMechsForName() method accepts it. for (Oid tmp: m.getMechsForName(oldOid)) { if (tmp.equals(GSSUtil.GSS_KRB5_MECH_OID)) { found = true; break; } } if (!found) { throw new Exception("Cannot found krb5 mech for old name type"); } // Test 2: the createName() method accepts it. GSSName name = m.createName("server@host.rabbit.hole", oldOid); // Test 3: its getStringNameType() output is correct if (!name.getStringNameType().equals(GSSName.NT_HOSTBASED_SERVICE)) { throw new Exception("GSSName not correct name type"); } // Test 4: everything still works. GSSContext c1 = m.createContext( name, GSSUtil.GSS_KRB5_MECH_OID, null, GSSContext.DEFAULT_LIFETIME); byte[] token = c1.initSecContext(new byte[0], 0, 0); Context s; s = Context.fromJAAS("server"); s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID); s.x().acceptSecContext(token, 0, token.length); }
Example 15
Source File: Socks5LogicHandler.java From neoscada with Eclipse Public License 1.0 | 4 votes |
/** * Encodes the authentication packet for supported authentication methods. * * @param request the socks proxy request data * @return the encoded buffer * @throws GSSException when something fails while using GSSAPI */ private IoBuffer encodeGSSAPIAuthenticationPacket(final SocksProxyRequest request) throws GSSException { GSSContext ctx = (GSSContext) getSession().getAttribute(GSS_CONTEXT); if (ctx == null) { // first step in the authentication process GSSManager manager = GSSManager.getInstance(); GSSName serverName = manager.createName(request.getServiceKerberosName(), null); Oid krb5OID = new Oid(SocksProxyConstants.KERBEROS_V5_OID); if (LOGGER.isDebugEnabled()) { LOGGER.debug("Available mechs:"); for (Oid o : manager.getMechs()) { if (o.equals(krb5OID)) { LOGGER.debug("Found Kerberos V OID available"); } LOGGER.debug("{} with oid = {}", manager.getNamesForMech(o), o); } } ctx = manager.createContext(serverName, krb5OID, null, GSSContext.DEFAULT_LIFETIME); ctx.requestMutualAuth(true); // Mutual authentication ctx.requestConf(false); ctx.requestInteg(false); getSession().setAttribute(GSS_CONTEXT, ctx); } byte[] token = (byte[]) getSession().getAttribute(GSS_TOKEN); if (token != null) { LOGGER.debug(" Received Token[{}] = {}", token.length, ByteUtilities.asHex(token)); } IoBuffer buf = null; if (!ctx.isEstablished()) { // token is ignored on the first call if (token == null) { token = new byte[32]; } token = ctx.initSecContext(token, 0, token.length); // Send a token to the server if one was generated by // initSecContext if (token != null) { LOGGER.debug(" Sending Token[{}] = {}", token.length, ByteUtilities.asHex(token)); getSession().setAttribute(GSS_TOKEN, token); buf = IoBuffer.allocate(4 + token.length); buf.put(new byte[] { SocksProxyConstants.GSSAPI_AUTH_SUBNEGOTIATION_VERSION, SocksProxyConstants.GSSAPI_MSG_TYPE }); buf.put(ByteUtilities.intToNetworkByteOrder(token.length, 2)); buf.put(token); } } return buf; }
Example 16
Source File: DrillSpnegoLoginService.java From Bats with Apache License 2.0 | 4 votes |
private UserIdentity spnegoLogin(Object credentials) { String encodedAuthToken = (String) credentials; byte[] authToken = B64Code.decode(encodedAuthToken); GSSManager manager = GSSManager.getInstance(); try { // Providing both OID's is required here. If we provide only one, // we're requiring that clients provide us the SPNEGO OID to authenticate via Kerberos. Oid[] knownOids = new Oid[2]; knownOids[0] = new Oid("1.3.6.1.5.5.2"); // spnego knownOids[1] = new Oid("1.2.840.113554.1.2.2"); // kerberos GSSName gssName = manager.createName(spnegoConfig.getSpnegoPrincipal(), null); GSSCredential serverCreds = manager.createCredential(gssName, GSSCredential.INDEFINITE_LIFETIME, knownOids, GSSCredential.ACCEPT_ONLY); GSSContext gContext = manager.createContext(serverCreds); if (gContext == null) { logger.debug("SPNEGOUserRealm: failed to establish GSSContext"); } else { while (!gContext.isEstablished()) { authToken = gContext.acceptSecContext(authToken, 0, authToken.length); } if (gContext.isEstablished()) { final String clientName = gContext.getSrcName().toString(); final String realm = clientName.substring(clientName.indexOf(64) + 1); // Get the client user short name final String userShortName = new HadoopKerberosName(clientName).getShortName(); logger.debug("Client Name: {}, realm: {} and shortName: {}", clientName, realm, userShortName); final SystemOptionManager sysOptions = drillContext.getOptionManager(); final boolean isAdmin = ImpersonationUtil.hasAdminPrivileges(userShortName, ExecConstants.ADMIN_USERS_VALIDATOR.getAdminUsers(sysOptions), ExecConstants.ADMIN_USER_GROUPS_VALIDATOR.getAdminUserGroups(sysOptions)); final Principal user = new DrillUserPrincipal(userShortName, isAdmin); final Subject subject = new Subject(); subject.getPrincipals().add(user); if (isAdmin) { return this._identityService.newUserIdentity(subject, user, DrillUserPrincipal.ADMIN_USER_ROLES); } else { return this._identityService.newUserIdentity(subject, user, DrillUserPrincipal.NON_ADMIN_USER_ROLES); } } } } catch (GSSException gsse) { logger.warn("Caught GSSException trying to authenticate the client", gsse); } catch (IOException ex) { logger.warn("Caught IOException trying to get shortName of client user", ex); } return null; }
Example 17
Source File: Test5653.java From jdk8u60 with GNU General Public License v2.0 | 4 votes |
public static void main(String[] args) throws Exception { Oid oldOid = new Oid("1.3.6.1.5.6.2"); new OneKDC(null).writeJAASConf(); System.setProperty("javax.security.auth.useSubjectCredsOnly", "false"); GSSManager m = GSSManager.getInstance(); boolean found = false; // Test 1: the getMechsForName() method accepts it. for (Oid tmp: m.getMechsForName(oldOid)) { if (tmp.equals(GSSUtil.GSS_KRB5_MECH_OID)) { found = true; break; } } if (!found) { throw new Exception("Cannot found krb5 mech for old name type"); } // Test 2: the createName() method accepts it. GSSName name = m.createName("server@host.rabbit.hole", oldOid); // Test 3: its getStringNameType() output is correct if (!name.getStringNameType().equals(GSSName.NT_HOSTBASED_SERVICE)) { throw new Exception("GSSName not correct name type"); } // Test 4: everything still works. GSSContext c1 = m.createContext( name, GSSUtil.GSS_KRB5_MECH_OID, null, GSSContext.DEFAULT_LIFETIME); byte[] token = c1.initSecContext(new byte[0], 0, 0); Context s; s = Context.fromJAAS("server"); s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID); s.x().acceptSecContext(token, 0, token.length); }
Example 18
Source File: Test5653.java From TencentKona-8 with GNU General Public License v2.0 | 4 votes |
public static void main(String[] args) throws Exception { Oid oldOid = new Oid("1.3.6.1.5.6.2"); new OneKDC(null).writeJAASConf(); System.setProperty("javax.security.auth.useSubjectCredsOnly", "false"); GSSManager m = GSSManager.getInstance(); boolean found = false; // Test 1: the getMechsForName() method accepts it. for (Oid tmp: m.getMechsForName(oldOid)) { if (tmp.equals(GSSUtil.GSS_KRB5_MECH_OID)) { found = true; break; } } if (!found) { throw new Exception("Cannot found krb5 mech for old name type"); } // Test 2: the createName() method accepts it. GSSName name = m.createName("server@host.rabbit.hole", oldOid); // Test 3: its getStringNameType() output is correct if (!name.getStringNameType().equals(GSSName.NT_HOSTBASED_SERVICE)) { throw new Exception("GSSName not correct name type"); } // Test 4: everything still works. GSSContext c1 = m.createContext( name, GSSUtil.GSS_KRB5_MECH_OID, null, GSSContext.DEFAULT_LIFETIME); byte[] token = c1.initSecContext(new byte[0], 0, 0); Context s; s = Context.fromJAAS("server"); s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID); s.x().acceptSecContext(token, 0, token.length); }
Example 19
Source File: Test5653.java From dragonwell8_jdk with GNU General Public License v2.0 | 4 votes |
public static void main(String[] args) throws Exception { Oid oldOid = new Oid("1.3.6.1.5.6.2"); new OneKDC(null).writeJAASConf(); System.setProperty("javax.security.auth.useSubjectCredsOnly", "false"); GSSManager m = GSSManager.getInstance(); boolean found = false; // Test 1: the getMechsForName() method accepts it. for (Oid tmp: m.getMechsForName(oldOid)) { if (tmp.equals(GSSUtil.GSS_KRB5_MECH_OID)) { found = true; break; } } if (!found) { throw new Exception("Cannot found krb5 mech for old name type"); } // Test 2: the createName() method accepts it. GSSName name = m.createName("server@host.rabbit.hole", oldOid); // Test 3: its getStringNameType() output is correct if (!name.getStringNameType().equals(GSSName.NT_HOSTBASED_SERVICE)) { throw new Exception("GSSName not correct name type"); } // Test 4: everything still works. GSSContext c1 = m.createContext( name, GSSUtil.GSS_KRB5_MECH_OID, null, GSSContext.DEFAULT_LIFETIME); byte[] token = c1.initSecContext(new byte[0], 0, 0); Context s; s = Context.fromJAAS("server"); s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID); s.x().acceptSecContext(token, 0, token.length); }
Example 20
Source File: STSKrbAuthenticationProvider.java From cxf-fediz with Apache License 2.0 | 3 votes |
protected GSSContext createGSSContext() throws GSSException { Oid oid = new Oid("1.2.840.113554.1.2.2"); GSSManager gssManager = GSSManager.getInstance(); String spn = "bob@service.ws.apache.org"; GSSName gssService = gssManager.createName(spn, null); return gssManager.createContext(gssService.canonicalize(oid), oid, null, GSSContext.DEFAULT_LIFETIME); }