Java Code Examples for javax.security.auth.kerberos.KerberosTicket#getServer()

The following examples show how to use javax.security.auth.kerberos.KerberosTicket#getServer() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: KerberosClientKeyExchangeImpl.java    From TencentKona-8 with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Creates an instance of KerberosClientKeyExchange consisting of the
 * Kerberos service ticket, authenticator and encrypted premaster secret.
 * Called by client handshaker.
 *
 * @param serverName name of server with which to do handshake;
 *             this is used to get the Kerberos service ticket
 * @param protocolVersion Maximum version supported by client (i.e,
 *          version it requested in client hello)
 * @param rand random number generator to use for generating pre-master
 *          secret
 */
@Override
public void init(String serverName,
    AccessControlContext acc, ProtocolVersion protocolVersion,
    SecureRandom rand) throws IOException {

     // Get service ticket
     KerberosTicket ticket = getServiceTicket(serverName, acc);
     encodedTicket = ticket.getEncoded();

     // Record the Kerberos principals
     peerPrincipal = ticket.getServer();
     localPrincipal = ticket.getClient();

     // Optional authenticator, encrypted using session key,
     // currently ignored

     // Generate premaster secret and encrypt it using session key
     EncryptionKey sessionKey = new EncryptionKey(
                                    ticket.getSessionKeyType(),
                                    ticket.getSessionKey().getEncoded());

     preMaster = new KerberosPreMasterSecret(protocolVersion,
         rand, sessionKey);
}
 
Example 2
Source File: KerberosClientKeyExchangeImpl.java    From jdk8u-dev-jdk with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Creates an instance of KerberosClientKeyExchange consisting of the
 * Kerberos service ticket, authenticator and encrypted premaster secret.
 * Called by client handshaker.
 *
 * @param serverName name of server with which to do handshake;
 *             this is used to get the Kerberos service ticket
 * @param protocolVersion Maximum version supported by client (i.e,
 *          version it requested in client hello)
 * @param rand random number generator to use for generating pre-master
 *          secret
 */
@Override
public void init(String serverName,
    AccessControlContext acc, ProtocolVersion protocolVersion,
    SecureRandom rand) throws IOException {

     // Get service ticket
     KerberosTicket ticket = getServiceTicket(serverName, acc);
     encodedTicket = ticket.getEncoded();

     // Record the Kerberos principals
     peerPrincipal = ticket.getServer();
     localPrincipal = ticket.getClient();

     // Optional authenticator, encrypted using session key,
     // currently ignored

     // Generate premaster secret and encrypt it using session key
     EncryptionKey sessionKey = new EncryptionKey(
                                    ticket.getSessionKeyType(),
                                    ticket.getSessionKey().getEncoded());

     preMaster = new KerberosPreMasterSecret(protocolVersion,
         rand, sessionKey);
}
 
Example 3
Source File: KerberosClientKeyExchangeImpl.java    From jdk8u-jdk with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Creates an instance of KerberosClientKeyExchange consisting of the
 * Kerberos service ticket, authenticator and encrypted premaster secret.
 * Called by client handshaker.
 *
 * @param serverName name of server with which to do handshake;
 *             this is used to get the Kerberos service ticket
 * @param protocolVersion Maximum version supported by client (i.e,
 *          version it requested in client hello)
 * @param rand random number generator to use for generating pre-master
 *          secret
 */
@Override
public void init(String serverName,
    AccessControlContext acc, ProtocolVersion protocolVersion,
    SecureRandom rand) throws IOException {

     // Get service ticket
     KerberosTicket ticket = getServiceTicket(serverName, acc);
     encodedTicket = ticket.getEncoded();

     // Record the Kerberos principals
     peerPrincipal = ticket.getServer();
     localPrincipal = ticket.getClient();

     // Optional authenticator, encrypted using session key,
     // currently ignored

     // Generate premaster secret and encrypt it using session key
     EncryptionKey sessionKey = new EncryptionKey(
                                    ticket.getSessionKeyType(),
                                    ticket.getSessionKey().getEncoded());

     preMaster = new KerberosPreMasterSecret(protocolVersion,
         rand, sessionKey);
}
 
Example 4
Source File: KerberosClientKeyExchangeImpl.java    From openjdk-8 with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Creates an instance of KerberosClientKeyExchange consisting of the
 * Kerberos service ticket, authenticator and encrypted premaster secret.
 * Called by client handshaker.
 *
 * @param serverName name of server with which to do handshake;
 *             this is used to get the Kerberos service ticket
 * @param protocolVersion Maximum version supported by client (i.e,
 *          version it requested in client hello)
 * @param rand random number generator to use for generating pre-master
 *          secret
 */
@Override
public void init(String serverName,
    AccessControlContext acc, ProtocolVersion protocolVersion,
    SecureRandom rand) throws IOException {

     // Get service ticket
     KerberosTicket ticket = getServiceTicket(serverName, acc);
     encodedTicket = ticket.getEncoded();

     // Record the Kerberos principals
     peerPrincipal = ticket.getServer();
     localPrincipal = ticket.getClient();

     // Optional authenticator, encrypted using session key,
     // currently ignored

     // Generate premaster secret and encrypt it using session key
     EncryptionKey sessionKey = new EncryptionKey(
                                    ticket.getSessionKeyType(),
                                    ticket.getSessionKey().getEncoded());

     preMaster = new KerberosPreMasterSecret(protocolVersion,
         rand, sessionKey);
}
 
Example 5
Source File: KerberosClientKeyExchangeImpl.java    From openjdk-8-source with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Creates an instance of KerberosClientKeyExchange consisting of the
 * Kerberos service ticket, authenticator and encrypted premaster secret.
 * Called by client handshaker.
 *
 * @param serverName name of server with which to do handshake;
 *             this is used to get the Kerberos service ticket
 * @param protocolVersion Maximum version supported by client (i.e,
 *          version it requested in client hello)
 * @param rand random number generator to use for generating pre-master
 *          secret
 */
@Override
public void init(String serverName,
    AccessControlContext acc, ProtocolVersion protocolVersion,
    SecureRandom rand) throws IOException {

     // Get service ticket
     KerberosTicket ticket = getServiceTicket(serverName, acc);
     encodedTicket = ticket.getEncoded();

     // Record the Kerberos principals
     peerPrincipal = ticket.getServer();
     localPrincipal = ticket.getClient();

     // Optional authenticator, encrypted using session key,
     // currently ignored

     // Generate premaster secret and encrypt it using session key
     EncryptionKey sessionKey = new EncryptionKey(
                                    ticket.getSessionKeyType(),
                                    ticket.getSessionKey().getEncoded());

     preMaster = new KerberosPreMasterSecret(protocolVersion,
         rand, sessionKey);
}
 
Example 6
Source File: KerberosClientKeyExchangeImpl.java    From hottub with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Creates an instance of KerberosClientKeyExchange consisting of the
 * Kerberos service ticket, authenticator and encrypted premaster secret.
 * Called by client handshaker.
 *
 * @param serverName name of server with which to do handshake;
 *             this is used to get the Kerberos service ticket
 * @param protocolVersion Maximum version supported by client (i.e,
 *          version it requested in client hello)
 * @param rand random number generator to use for generating pre-master
 *          secret
 */
@Override
public void init(String serverName,
    AccessControlContext acc, ProtocolVersion protocolVersion,
    SecureRandom rand) throws IOException {

     // Get service ticket
     KerberosTicket ticket = getServiceTicket(serverName, acc);
     encodedTicket = ticket.getEncoded();

     // Record the Kerberos principals
     peerPrincipal = ticket.getServer();
     localPrincipal = ticket.getClient();

     // Optional authenticator, encrypted using session key,
     // currently ignored

     // Generate premaster secret and encrypt it using session key
     EncryptionKey sessionKey = new EncryptionKey(
                                    ticket.getSessionKeyType(),
                                    ticket.getSessionKey().getEncoded());

     preMaster = new KerberosPreMasterSecret(protocolVersion,
         rand, sessionKey);
}
 
Example 7
Source File: KerberosClientKeyExchangeImpl.java    From jdk8u-jdk with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Creates an instance of KerberosClientKeyExchange consisting of the
 * Kerberos service ticket, authenticator and encrypted premaster secret.
 * Called by client handshaker.
 *
 * @param serverName name of server with which to do handshake;
 *             this is used to get the Kerberos service ticket
 * @param protocolVersion Maximum version supported by client (i.e,
 *          version it requested in client hello)
 * @param rand random number generator to use for generating pre-master
 *          secret
 */
@Override
public void init(String serverName,
    AccessControlContext acc, ProtocolVersion protocolVersion,
    SecureRandom rand) throws IOException {

     // Get service ticket
     KerberosTicket ticket = getServiceTicket(serverName, acc);
     encodedTicket = ticket.getEncoded();

     // Record the Kerberos principals
     peerPrincipal = ticket.getServer();
     localPrincipal = ticket.getClient();

     // Optional authenticator, encrypted using session key,
     // currently ignored

     // Generate premaster secret and encrypt it using session key
     EncryptionKey sessionKey = new EncryptionKey(
                                    ticket.getSessionKeyType(),
                                    ticket.getSessionKey().getEncoded());

     preMaster = new KerberosPreMasterSecret(protocolVersion,
         rand, sessionKey);
}
 
Example 8
Source File: Krb5KeyExchangeService.java    From openjdk-jdk9 with GNU General Public License v2.0 6 votes vote down vote up
ExchangerImpl(String serverName, AccessControlContext acc,
        ProtocolVersion protocolVersion, SecureRandom rand) throws IOException {

    // Get service ticket
    KerberosTicket ticket = getServiceTicket(serverName, acc);
    encodedTicket = ticket.getEncoded();

    // Record the Kerberos principals
    peerPrincipal = ticket.getServer();
    localPrincipal = ticket.getClient();

    // Optional authenticator, encrypted using session key,
    // currently ignored

    // Generate premaster secret and encrypt it using session key
    EncryptionKey sessionKey = new EncryptionKey(
            ticket.getSessionKeyType(),
            ticket.getSessionKey().getEncoded());

    preMaster = new KerberosPreMasterSecret(protocolVersion,
            rand, sessionKey);
}
 
Example 9
Source File: KerberosClientKeyExchangeImpl.java    From openjdk-jdk8u-backup with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Creates an instance of KerberosClientKeyExchange consisting of the
 * Kerberos service ticket, authenticator and encrypted premaster secret.
 * Called by client handshaker.
 *
 * @param serverName name of server with which to do handshake;
 *             this is used to get the Kerberos service ticket
 * @param protocolVersion Maximum version supported by client (i.e,
 *          version it requested in client hello)
 * @param rand random number generator to use for generating pre-master
 *          secret
 */
@Override
public void init(String serverName,
    AccessControlContext acc, ProtocolVersion protocolVersion,
    SecureRandom rand) throws IOException {

     // Get service ticket
     KerberosTicket ticket = getServiceTicket(serverName, acc);
     encodedTicket = ticket.getEncoded();

     // Record the Kerberos principals
     peerPrincipal = ticket.getServer();
     localPrincipal = ticket.getClient();

     // Optional authenticator, encrypted using session key,
     // currently ignored

     // Generate premaster secret and encrypt it using session key
     EncryptionKey sessionKey = new EncryptionKey(
                                    ticket.getSessionKeyType(),
                                    ticket.getSessionKey().getEncoded());

     preMaster = new KerberosPreMasterSecret(protocolVersion,
         rand, sessionKey);
}
 
Example 10
Source File: KerberosClientKeyExchangeImpl.java    From openjdk-jdk8u with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Creates an instance of KerberosClientKeyExchange consisting of the
 * Kerberos service ticket, authenticator and encrypted premaster secret.
 * Called by client handshaker.
 *
 * @param serverName name of server with which to do handshake;
 *             this is used to get the Kerberos service ticket
 * @param protocolVersion Maximum version supported by client (i.e,
 *          version it requested in client hello)
 * @param rand random number generator to use for generating pre-master
 *          secret
 */
@Override
public void init(String serverName,
    AccessControlContext acc, ProtocolVersion protocolVersion,
    SecureRandom rand) throws IOException {

     // Get service ticket
     KerberosTicket ticket = getServiceTicket(serverName, acc);
     encodedTicket = ticket.getEncoded();

     // Record the Kerberos principals
     peerPrincipal = ticket.getServer();
     localPrincipal = ticket.getClient();

     // Optional authenticator, encrypted using session key,
     // currently ignored

     // Generate premaster secret and encrypt it using session key
     EncryptionKey sessionKey = new EncryptionKey(
                                    ticket.getSessionKeyType(),
                                    ticket.getSessionKey().getEncoded());

     preMaster = new KerberosPreMasterSecret(protocolVersion,
         rand, sessionKey);
}
 
Example 11
Source File: SecurityContext.java    From datacollector with Apache License 2.0 6 votes vote down vote up
@VisibleForTesting
KerberosTicket getNewestTGT() {
  KerberosTicket tgt = null;
  for (KerberosTicket ticket : getSubject().getPrivateCredentials(KerberosTicket.class)) {
    KerberosPrincipal principal = ticket.getServer();
    String principalName = Utils.format("krbtgt/{}@{}", principal.getRealm(), principal.getRealm());
    if (principalName.equals(principal.getName())) {
      if (LOG.isTraceEnabled()) {
        String ticketString =
            "Found ticket: \n" +
                "Ticket Server: " + ticket.getServer().getName() + "\n" +
                "Auth Time: " + ticket.getAuthTime() + "\n" +
                "Expiry Time: " + ticket.getEndTime();
        LOG.trace(ticketString);
      } else {
        LOG.debug("Found Kerberos ticket '{}'", ticket.getServer().getName());
      }
      if (tgt == null || ticket.getEndTime().after(tgt.getEndTime())) {
        tgt = ticket;
      }
    }
  }
  return tgt;
}
 
Example 12
Source File: KerberosClientKeyExchangeImpl.java    From dragonwell8_jdk with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Creates an instance of KerberosClientKeyExchange consisting of the
 * Kerberos service ticket, authenticator and encrypted premaster secret.
 * Called by client handshaker.
 *
 * @param serverName name of server with which to do handshake;
 *             this is used to get the Kerberos service ticket
 * @param protocolVersion Maximum version supported by client (i.e,
 *          version it requested in client hello)
 * @param rand random number generator to use for generating pre-master
 *          secret
 */
@Override
public void init(String serverName,
    AccessControlContext acc, ProtocolVersion protocolVersion,
    SecureRandom rand) throws IOException {

     // Get service ticket
     KerberosTicket ticket = getServiceTicket(serverName, acc);
     encodedTicket = ticket.getEncoded();

     // Record the Kerberos principals
     peerPrincipal = ticket.getServer();
     localPrincipal = ticket.getClient();

     // Optional authenticator, encrypted using session key,
     // currently ignored

     // Generate premaster secret and encrypt it using session key
     EncryptionKey sessionKey = new EncryptionKey(
                                    ticket.getSessionKeyType(),
                                    ticket.getSessionKey().getEncoded());

     preMaster = new KerberosPreMasterSecret(protocolVersion,
         rand, sessionKey);
}
 
Example 13
Source File: Krb5InitCredential.java    From openjdk-jdk9 with GNU General Public License v2.0 5 votes vote down vote up
static Krb5InitCredential getInstance(GSSCaller caller, Krb5NameElement name,
                               int initLifetime)
    throws GSSException {

    KerberosTicket tgt = getTgt(caller, name, initLifetime);
    if (tgt == null)
        throw new GSSException(GSSException.NO_CRED, -1,
                               "Failed to find any Kerberos tgt");

    if (name == null) {
        String fullName = tgt.getClient().getName();
        name = Krb5NameElement.getInstance(fullName,
                                   Krb5MechFactory.NT_GSS_KRB5_PRINCIPAL);
    }

    return new Krb5InitCredential(name,
                                  tgt.getEncoded(),
                                  tgt.getClient(),
                                  tgt.getServer(),
                                  tgt.getSessionKey().getEncoded(),
                                  tgt.getSessionKeyType(),
                                  tgt.getFlags(),
                                  tgt.getAuthTime(),
                                  tgt.getStartTime(),
                                  tgt.getEndTime(),
                                  tgt.getRenewTill(),
                                  tgt.getClientAddresses());
}
 
Example 14
Source File: Login.java    From Krackle with Apache License 2.0 5 votes vote down vote up
private synchronized KerberosTicket getTGT() {
	Set<KerberosTicket> tickets = subject.getPrivateCredentials(KerberosTicket.class);
	for (KerberosTicket ticket : tickets) {
		KerberosPrincipal server = ticket.getServer();
		if (server.getName().equals("krbtgt/" + server.getRealm() + "@" + server.getRealm())) {
			LOG.debug("Found tgt {}.", ticket);
			return ticket;
		}
	}
	return null;
}
 
Example 15
Source File: KerberosLogin.java    From registry with Apache License 2.0 5 votes vote down vote up
private KerberosTicket getTGT() {
    Set<KerberosTicket> tickets = loginContext.getSubject().getPrivateCredentials(KerberosTicket.class);
    for (KerberosTicket ticket : tickets) {
        KerberosPrincipal server = ticket.getServer();
        if (server.getName().equals("krbtgt/" + server.getRealm() + "@" + server.getRealm())) {
            log.debug("Found TGT with client principal '{}' and server principal '{}'.", ticket.getClient().getName(),
                    ticket.getServer().getName());
            return ticket;
        }
    }
    return null;
}
 
Example 16
Source File: SentryKerberosContext.java    From incubator-sentry with Apache License 2.0 5 votes vote down vote up
/**
 * Get the Kerberos TGT
 * @return the user's TGT or null if none was found
 */
private KerberosTicket getTGT() {
  Set<KerberosTicket> tickets = subject.getPrivateCredentials(KerberosTicket.class);
  for(KerberosTicket ticket: tickets) {
    KerberosPrincipal server = ticket.getServer();
    if (server.getName().equals("krbtgt/" + server.getRealm() +
        "@" + server.getRealm())) {
      return ticket;
    }
  }
  return null;
}
 
Example 17
Source File: TGTRefreshThread.java    From pulsar with Apache License 2.0 5 votes vote down vote up
private synchronized KerberosTicket getTGT() {
    Set<KerberosTicket> tickets = container.getSubject().getPrivateCredentials(KerberosTicket.class);
    for (KerberosTicket ticket : tickets) {
        KerberosPrincipal server = ticket.getServer();
        if (server.getName().equals("krbtgt/" + server.getRealm() + "@" + server.getRealm())) {
            log.info("Client principal is \"" + ticket.getClient().getName() + "\".");
            log.info("Server principal is \"" + ticket.getServer().getName() + "\".");
            return ticket;
        }
    }
    return null;
}
 
Example 18
Source File: AutoTGT.java    From jstorm with Apache License 2.0 5 votes vote down vote up
private static KerberosTicket getTGT(Subject subject) {
    Set<KerberosTicket> tickets = subject.getPrivateCredentials(KerberosTicket.class);
    for (KerberosTicket ticket : tickets) {
        KerberosPrincipal server = ticket.getServer();
        if (server.getName().equals("krbtgt/" + server.getRealm() + "@" + server.getRealm())) {
            tickets = null;
            return ticket;
        }
    }
    tickets = null;
    return null;
}
 
Example 19
Source File: Login.java    From datacollector with Apache License 2.0 5 votes vote down vote up
private synchronized KerberosTicket getTGT() {
    Set<KerberosTicket> tickets = subject.getPrivateCredentials(KerberosTicket.class);
    for (KerberosTicket ticket : tickets) {
        KerberosPrincipal server = ticket.getServer();
        if (server.getName().equals("krbtgt/" + server.getRealm() + "@" + server.getRealm())) {
            log.debug("Found TGT {}.", ticket);
            return ticket;
        }
    }
    return null;
}
 
Example 20
Source File: KerberosLogin.java    From datacollector with Apache License 2.0 5 votes vote down vote up
private synchronized KerberosTicket getTGT() {
  Set<KerberosTicket> tickets = subject.getPrivateCredentials(KerberosTicket.class);
  for (KerberosTicket ticket : tickets) {
    KerberosPrincipal server = ticket.getServer();
    if (server.getName().equals("krbtgt/" + server.getRealm() + "@" + server.getRealm())) {
      log.debug("Found TGT with client principal '{}' and server principal '{}'.", ticket.getClient().getName(),
          ticket.getServer().getName());
      return ticket;
    }
  }
  return null;
}