Java Code Examples for org.ietf.jgss.GSSException#printStackTrace()

The following examples show how to use org.ietf.jgss.GSSException#printStackTrace() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: NoneReplayCacheTest.java    From openjdk-jdk8u-backup with GNU General Public License v2.0 5 votes vote down vote up
public static void main(String[] args)
        throws Exception {

    new OneKDC(null);

    System.setProperty("sun.security.krb5.rcache", "none");
    System.setProperty("sun.security.krb5.acceptor.subkey", "true");

    Context c, s;
    c = Context.fromUserPass(OneKDC.USER, OneKDC.PASS, false);
    s = Context.fromUserKtab(OneKDC.SERVER, OneKDC.KTAB, true);

    c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
    s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);

    byte[] first = c.take(new byte[0]);

    c.take(s.take(first));

    byte[] msg = c.wrap("hello".getBytes(), true);
    s.unwrap(msg, true);

    s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);
    s.take(first);  // apreq replay not detectable
    try {
        s.unwrap(msg, true);    // msg replay detectable
        throw new Exception("This method should fail");
    } catch (GSSException gsse) {
        gsse.printStackTrace();
    }
}
 
Example 2
Source File: NoneReplayCacheTest.java    From openjdk-jdk9 with GNU General Public License v2.0 5 votes vote down vote up
public static void main(String[] args)
        throws Exception {

    new OneKDC(null);

    System.setProperty("sun.security.krb5.rcache", "none");
    System.setProperty("sun.security.krb5.acceptor.subkey", "true");

    Context c, s;
    c = Context.fromUserPass(OneKDC.USER, OneKDC.PASS, false);
    s = Context.fromUserKtab(OneKDC.SERVER, OneKDC.KTAB, true);

    c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
    s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);

    byte[] first = c.take(new byte[0]);

    c.take(s.take(first));

    byte[] msg = c.wrap("hello".getBytes(), true);
    s.unwrap(msg, true);

    s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);
    s.take(first);  // apreq replay not detectable
    try {
        s.unwrap(msg, true);    // msg replay detectable
        throw new Exception("This method should fail");
    } catch (GSSException gsse) {
        gsse.printStackTrace();
    }
}
 
Example 3
Source File: MSOID.java    From jdk8u_jdk with GNU General Public License v2.0 5 votes vote down vote up
public static void main(String[] args) throws Exception {

        // msoid.txt is a NegTokenInit packet sent from Internet Explorer to
        // IIS server on a test machine. No sensitive info included.
        byte[] header = Files.readAllBytes(
                Paths.get(System.getProperty("test.src"), "msoid.txt"));
        byte[] token = Base64.getMimeDecoder().decode(
                Arrays.copyOfRange(header, 10, header.length));

        GSSCredential cred = null;
        GSSContext ctx = GSSManager.getInstance().createContext(cred);

        try {
            ctx.acceptSecContext(token, 0, token.length);
            // Before the fix, GSS_KRB5_MECH_OID_MS is not recognized
            // and acceptor chooses another mech and goes on
            throw new Exception("Should fail");
        } catch (GSSException gsse) {
            // After the fix, GSS_KRB5_MECH_OID_MS is recognized but the token
            // cannot be accepted because we don't have any krb5 credential.
            gsse.printStackTrace();
            if (gsse.getMajor() != GSSException.NO_CRED) {
                throw gsse;
            }
            for (StackTraceElement st: gsse.getStackTrace()) {
                if (st.getClassName().startsWith("sun.security.jgss.krb5.")) {
                    // Good, it is already in krb5 mech's hand.
                    return;
                }
            }
            throw gsse;
        }
    }
 
Example 4
Source File: NoneReplayCacheTest.java    From jdk8u_jdk with GNU General Public License v2.0 5 votes vote down vote up
public static void main(String[] args)
        throws Exception {

    new OneKDC(null);

    System.setProperty("sun.security.krb5.rcache", "none");
    System.setProperty("sun.security.krb5.acceptor.subkey", "true");

    Context c, s;
    c = Context.fromUserPass(OneKDC.USER, OneKDC.PASS, false);
    s = Context.fromUserKtab(OneKDC.SERVER, OneKDC.KTAB, true);

    c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
    s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);

    byte[] first = c.take(new byte[0]);

    c.take(s.take(first));

    byte[] msg = c.wrap("hello".getBytes(), true);
    s.unwrap(msg, true);

    s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);
    s.take(first);  // apreq replay not detectable
    try {
        s.unwrap(msg, true);    // msg replay detectable
        throw new Exception("This method should fail");
    } catch (GSSException gsse) {
        gsse.printStackTrace();
    }
}
 
Example 5
Source File: NegotiatorImpl.java    From jdk8u-dev-jdk with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Return the rest tokens of GSS, in SPNEGO, it's called NegTokenTarg
 * @param token the token received from server
 * @return the next token
 * @throws java.io.IOException if the token cannot be created successfully
 */
@Override
public byte[] nextToken(byte[] token) throws IOException {
    try {
        return context.initSecContext(token, 0, token.length);
    } catch (GSSException e) {
        if (DEBUG) {
            System.out.println("Negotiate support cannot continue. Reason:");
            e.printStackTrace();
        }
        IOException ioe = new IOException("Negotiate support cannot continue");
        ioe.initCause(e);
        throw ioe;
    }
}
 
Example 6
Source File: NoneReplayCacheTest.java    From jdk8u60 with GNU General Public License v2.0 5 votes vote down vote up
public static void main(String[] args)
        throws Exception {

    new OneKDC(null);

    System.setProperty("sun.security.krb5.rcache", "none");
    System.setProperty("sun.security.krb5.acceptor.subkey", "true");

    Context c, s;
    c = Context.fromUserPass(OneKDC.USER, OneKDC.PASS, false);
    s = Context.fromUserKtab(OneKDC.SERVER, OneKDC.KTAB, true);

    c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
    s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);

    byte[] first = c.take(new byte[0]);

    c.take(s.take(first));

    byte[] msg = c.wrap("hello".getBytes(), true);
    s.unwrap(msg, true);

    s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);
    s.take(first);  // apreq replay not detectable
    try {
        s.unwrap(msg, true);    // msg replay detectable
        throw new Exception("This method should fail");
    } catch (GSSException gsse) {
        gsse.printStackTrace();
    }
}
 
Example 7
Source File: MSOID.java    From jdk8u60 with GNU General Public License v2.0 5 votes vote down vote up
public static void main(String[] args) throws Exception {

        // msoid.txt is a NegTokenInit packet sent from Internet Explorer to
        // IIS server on a test machine. No sensitive info included.
        byte[] header = Files.readAllBytes(
                Paths.get(System.getProperty("test.src"), "msoid.txt"));
        byte[] token = Base64.getMimeDecoder().decode(
                Arrays.copyOfRange(header, 10, header.length));

        GSSCredential cred = null;
        GSSContext ctx = GSSManager.getInstance().createContext(cred);

        try {
            ctx.acceptSecContext(token, 0, token.length);
            // Before the fix, GSS_KRB5_MECH_OID_MS is not recognized
            // and acceptor chooses another mech and goes on
            throw new Exception("Should fail");
        } catch (GSSException gsse) {
            // After the fix, GSS_KRB5_MECH_OID_MS is recognized but the token
            // cannot be accepted because we don't have any krb5 credential.
            gsse.printStackTrace();
            if (gsse.getMajor() != GSSException.NO_CRED) {
                throw gsse;
            }
            for (StackTraceElement st: gsse.getStackTrace()) {
                if (st.getClassName().startsWith("sun.security.jgss.krb5.")) {
                    // Good, it is already in krb5 mech's hand.
                    return;
                }
            }
            throw gsse;
        }
    }
 
Example 8
Source File: NegotiatorImpl.java    From openjdk-jdk8u-backup with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Return the rest tokens of GSS, in SPNEGO, it's called NegTokenTarg
 * @param token the token received from server
 * @return the next token
 * @throws java.io.IOException if the token cannot be created successfully
 */
@Override
public byte[] nextToken(byte[] token) throws IOException {
    try {
        return context.initSecContext(token, 0, token.length);
    } catch (GSSException e) {
        if (DEBUG) {
            System.out.println("Negotiate support cannot continue. Reason:");
            e.printStackTrace();
        }
        IOException ioe = new IOException("Negotiate support cannot continue");
        ioe.initCause(e);
        throw ioe;
    }
}
 
Example 9
Source File: JAXRSIntermediaryPortTypeImpl.java    From cxf with Apache License 2.0 5 votes vote down vote up
public int doubleIt(int numberToDouble) {
    URL wsdl = JAXRSIntermediaryPortTypeImpl.class.getResource("DoubleIt.wsdl");
    Service service = Service.create(wsdl, SERVICE_QNAME);
    QName portQName = new QName(NAMESPACE, "DoubleItTransportSAML2Port");
    DoubleItPortType transportPort =
        service.getPort(portQName, DoubleItPortType.class);
    try {
        updateAddressPort(transportPort, KerberosDelegationTokenTest.PORT);
    } catch (Exception ex) {
        ex.printStackTrace();
    }

    // Retrieve delegated credential + set it on the outbound message
    SecurityContext securityContext =
        PhaseInterceptorChain.getCurrentMessage().get(SecurityContext.class);
    if (securityContext instanceof KerberosSecurityContext) {
        KerberosSecurityContext ksc = (KerberosSecurityContext)securityContext;
        try {
            GSSCredential delegatedCredential = ksc.getGSSContext().getDelegCred();
            Map<String, Object> context = ((BindingProvider)transportPort).getRequestContext();
            context.put(SecurityConstants.DELEGATED_CREDENTIAL, delegatedCredential);
        } catch (GSSException e) {
            e.printStackTrace();
        }
    }

    return transportPort.doubleIt(numberToDouble);
}
 
Example 10
Source File: NegotiatorImpl.java    From openjdk-8 with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Constructor
 * @throws java.io.IOException If negotiator cannot be constructed
 */
public NegotiatorImpl(HttpCallerInfo hci) throws IOException {
    try {
        init(hci);
    } catch (GSSException e) {
        if (DEBUG) {
            System.out.println("Negotiate support not initiated, will " +
                    "fallback to other scheme if allowed. Reason:");
            e.printStackTrace();
        }
        IOException ioe = new IOException("Negotiate support not initiated");
        ioe.initCause(e);
        throw ioe;
    }
}
 
Example 11
Source File: NoneReplayCacheTest.java    From TencentKona-8 with GNU General Public License v2.0 5 votes vote down vote up
public static void main(String[] args)
        throws Exception {

    new OneKDC(null);

    System.setProperty("sun.security.krb5.rcache", "none");
    System.setProperty("sun.security.krb5.acceptor.subkey", "true");

    Context c, s;
    c = Context.fromUserPass(OneKDC.USER, OneKDC.PASS, false);
    s = Context.fromUserKtab(OneKDC.SERVER, OneKDC.KTAB, true);

    c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
    s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);

    byte[] first = c.take(new byte[0]);

    c.take(s.take(first));

    byte[] msg = c.wrap("hello".getBytes(), true);
    s.unwrap(msg, true);

    s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);
    s.take(first);  // apreq replay not detectable
    try {
        s.unwrap(msg, true);    // msg replay detectable
        throw new Exception("This method should fail");
    } catch (GSSException gsse) {
        gsse.printStackTrace();
    }
}
 
Example 12
Source File: NegotiatorImpl.java    From openjdk-jdk9 with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Constructor
 * @throws java.io.IOException If negotiator cannot be constructed
 */
public NegotiatorImpl(HttpCallerInfo hci) throws IOException {
    try {
        init(hci);
    } catch (GSSException e) {
        if (DEBUG) {
            System.out.println("Negotiate support not initiated, will " +
                    "fallback to other scheme if allowed. Reason:");
            e.printStackTrace();
        }
        IOException ioe = new IOException("Negotiate support not initiated");
        ioe.initCause(e);
        throw ioe;
    }
}
 
Example 13
Source File: NegotiatorImpl.java    From jdk8u_jdk with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Constructor
 * @throws java.io.IOException If negotiator cannot be constructed
 */
public NegotiatorImpl(HttpCallerInfo hci) throws IOException {
    try {
        init(hci);
    } catch (GSSException e) {
        if (DEBUG) {
            System.out.println("Negotiate support not initiated, will " +
                    "fallback to other scheme if allowed. Reason:");
            e.printStackTrace();
        }
        IOException ioe = new IOException("Negotiate support not initiated");
        ioe.initCause(e);
        throw ioe;
    }
}
 
Example 14
Source File: NoneReplayCacheTest.java    From dragonwell8_jdk with GNU General Public License v2.0 5 votes vote down vote up
public static void main(String[] args)
        throws Exception {

    new OneKDC(null);

    System.setProperty("sun.security.krb5.rcache", "none");
    System.setProperty("sun.security.krb5.acceptor.subkey", "true");

    Context c, s;
    c = Context.fromUserPass(OneKDC.USER, OneKDC.PASS, false);
    s = Context.fromUserKtab(OneKDC.SERVER, OneKDC.KTAB, true);

    c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
    s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);

    byte[] first = c.take(new byte[0]);

    c.take(s.take(first));

    byte[] msg = c.wrap("hello".getBytes(), true);
    s.unwrap(msg, true);

    s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);
    s.take(first);  // apreq replay not detectable
    try {
        s.unwrap(msg, true);    // msg replay detectable
        throw new Exception("This method should fail");
    } catch (GSSException gsse) {
        gsse.printStackTrace();
    }
}
 
Example 15
Source File: MSOID.java    From hottub with GNU General Public License v2.0 5 votes vote down vote up
public static void main(String[] args) throws Exception {

        // msoid.txt is a NegTokenInit packet sent from Internet Explorer to
        // IIS server on a test machine. No sensitive info included.
        byte[] header = Files.readAllBytes(
                Paths.get(System.getProperty("test.src"), "msoid.txt"));
        byte[] token = Base64.getMimeDecoder().decode(
                Arrays.copyOfRange(header, 10, header.length));

        GSSCredential cred = null;
        GSSContext ctx = GSSManager.getInstance().createContext(cred);

        try {
            ctx.acceptSecContext(token, 0, token.length);
            // Before the fix, GSS_KRB5_MECH_OID_MS is not recognized
            // and acceptor chooses another mech and goes on
            throw new Exception("Should fail");
        } catch (GSSException gsse) {
            // After the fix, GSS_KRB5_MECH_OID_MS is recognized but the token
            // cannot be accepted because we don't have any krb5 credential.
            gsse.printStackTrace();
            if (gsse.getMajor() != GSSException.NO_CRED) {
                throw gsse;
            }
            for (StackTraceElement st: gsse.getStackTrace()) {
                if (st.getClassName().startsWith("sun.security.jgss.krb5.")) {
                    // Good, it is already in krb5 mech's hand.
                    return;
                }
            }
            throw gsse;
        }
    }
 
Example 16
Source File: NegotiatorImpl.java    From jdk8u-jdk with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Return the rest tokens of GSS, in SPNEGO, it's called NegTokenTarg
 * @param token the token received from server
 * @return the next token
 * @throws java.io.IOException if the token cannot be created successfully
 */
@Override
public byte[] nextToken(byte[] token) throws IOException {
    try {
        return context.initSecContext(token, 0, token.length);
    } catch (GSSException e) {
        if (DEBUG) {
            System.out.println("Negotiate support cannot continue. Reason:");
            e.printStackTrace();
        }
        IOException ioe = new IOException("Negotiate support cannot continue");
        ioe.initCause(e);
        throw ioe;
    }
}
 
Example 17
Source File: ForwardableCheck.java    From openjdk-jdk8u with GNU General Public License v2.0 4 votes vote down vote up
public static void main(String[] args) throws Exception {
    OneKDC kdc = new OneKDC(null);
    kdc.writeJAASConf();

    // USER can impersonate someone else
    kdc.setOption(KDC.Option.ALLOW_S4U2SELF,
            Arrays.asList(OneKDC.USER + "@" + OneKDC.REALM));
    // USER2 is sensitive
    kdc.setOption(KDC.Option.SENSITIVE_ACCOUNTS,
            Arrays.asList(OneKDC.USER2 + "@" + OneKDC.REALM));

    Context c;

    // USER2 is sensitive but it's still able to get a normal ticket
    c = Context.fromUserPass(OneKDC.USER2, OneKDC.PASS2, false);

    // ... and connect to another account
    c.startAsClient(OneKDC.USER, GSSUtil.GSS_KRB5_MECH_OID);
    c.x().requestCredDeleg(true);
    c.x().requestMutualAuth(false);

    c.take(new byte[0]);

    if (!c.x().isEstablished()) {
        throw new Exception("Context should have been established");
    }

    // ... but will not be able to delegate itself
    if (c.x().getCredDelegState()) {
        throw new Exception("Impossible");
    }

    // Although USER is allowed to impersonate other people,
    // it cannot impersonate USER2 coz it's sensitive.
    c = Context.fromUserPass(OneKDC.USER, OneKDC.PASS, false);
    try {
        c.impersonate(OneKDC.USER2);
        throw new Exception("Should fail");
    } catch (GSSException e) {
        e.printStackTrace();
    }
}
 
Example 18
Source File: ForwardableCheck.java    From jdk8u-jdk with GNU General Public License v2.0 4 votes vote down vote up
public static void main(String[] args) throws Exception {
    OneKDC kdc = new OneKDC(null);
    kdc.writeJAASConf();

    // USER can impersonate someone else
    kdc.setOption(KDC.Option.ALLOW_S4U2SELF,
            Arrays.asList(OneKDC.USER + "@" + OneKDC.REALM));
    // USER2 is sensitive
    kdc.setOption(KDC.Option.SENSITIVE_ACCOUNTS,
            Arrays.asList(OneKDC.USER2 + "@" + OneKDC.REALM));

    Context c;

    // USER2 is sensitive but it's still able to get a normal ticket
    c = Context.fromUserPass(OneKDC.USER2, OneKDC.PASS2, false);

    // ... and connect to another account
    c.startAsClient(OneKDC.USER, GSSUtil.GSS_KRB5_MECH_OID);
    c.x().requestCredDeleg(true);
    c.x().requestMutualAuth(false);

    c.take(new byte[0]);

    if (!c.x().isEstablished()) {
        throw new Exception("Context should have been established");
    }

    // ... but will not be able to delegate itself
    if (c.x().getCredDelegState()) {
        throw new Exception("Impossible");
    }

    // Although USER is allowed to impersonate other people,
    // it cannot impersonate USER2 coz it's sensitive.
    c = Context.fromUserPass(OneKDC.USER, OneKDC.PASS, false);
    try {
        c.impersonate(OneKDC.USER2);
        throw new Exception("Should fail");
    } catch (GSSException e) {
        e.printStackTrace();
    }
}
 
Example 19
Source File: ForwardableCheck.java    From jdk8u_jdk with GNU General Public License v2.0 4 votes vote down vote up
public static void main(String[] args) throws Exception {
    OneKDC kdc = new OneKDC(null);
    kdc.writeJAASConf();

    // USER can impersonate someone else
    kdc.setOption(KDC.Option.ALLOW_S4U2SELF,
            Arrays.asList(OneKDC.USER + "@" + OneKDC.REALM));
    // USER2 is sensitive
    kdc.setOption(KDC.Option.SENSITIVE_ACCOUNTS,
            Arrays.asList(OneKDC.USER2 + "@" + OneKDC.REALM));

    Context c;

    // USER2 is sensitive but it's still able to get a normal ticket
    c = Context.fromUserPass(OneKDC.USER2, OneKDC.PASS2, false);

    // ... and connect to another account
    c.startAsClient(OneKDC.USER, GSSUtil.GSS_KRB5_MECH_OID);
    c.x().requestCredDeleg(true);
    c.x().requestMutualAuth(false);

    c.take(new byte[0]);

    if (!c.x().isEstablished()) {
        throw new Exception("Context should have been established");
    }

    // ... but will not be able to delegate itself
    if (c.x().getCredDelegState()) {
        throw new Exception("Impossible");
    }

    // Although USER is allowed to impersonate other people,
    // it cannot impersonate USER2 coz it's sensitive.
    c = Context.fromUserPass(OneKDC.USER, OneKDC.PASS, false);
    try {
        c.impersonate(OneKDC.USER2);
        throw new Exception("Should fail");
    } catch (GSSException e) {
        e.printStackTrace();
    }
}
 
Example 20
Source File: ForwardableCheck.java    From dragonwell8_jdk with GNU General Public License v2.0 4 votes vote down vote up
public static void main(String[] args) throws Exception {
    OneKDC kdc = new OneKDC(null);
    kdc.writeJAASConf();

    // USER can impersonate someone else
    kdc.setOption(KDC.Option.ALLOW_S4U2SELF,
            Arrays.asList(OneKDC.USER + "@" + OneKDC.REALM));
    // USER2 is sensitive
    kdc.setOption(KDC.Option.SENSITIVE_ACCOUNTS,
            Arrays.asList(OneKDC.USER2 + "@" + OneKDC.REALM));

    Context c;

    // USER2 is sensitive but it's still able to get a normal ticket
    c = Context.fromUserPass(OneKDC.USER2, OneKDC.PASS2, false);

    // ... and connect to another account
    c.startAsClient(OneKDC.USER, GSSUtil.GSS_KRB5_MECH_OID);
    c.x().requestCredDeleg(true);
    c.x().requestMutualAuth(false);

    c.take(new byte[0]);

    if (!c.x().isEstablished()) {
        throw new Exception("Context should have been established");
    }

    // ... but will not be able to delegate itself
    if (c.x().getCredDelegState()) {
        throw new Exception("Impossible");
    }

    // Although USER is allowed to impersonate other people,
    // it cannot impersonate USER2 coz it's sensitive.
    c = Context.fromUserPass(OneKDC.USER, OneKDC.PASS, false);
    try {
        c.impersonate(OneKDC.USER2);
        throw new Exception("Should fail");
    } catch (GSSException e) {
        e.printStackTrace();
    }
}