Java Code Examples for javax.security.auth.kerberos.KerberosTicket

The following are top voted examples for showing how to use javax.security.auth.kerberos.KerberosTicket. These examples are extracted from open source projects. You can vote up the examples you like and your votes will be used in our system to generate more good examples.
Example 1
Project: ats-framework   File: GssClient.java   View source code 6 votes vote down vote up
public void traceServiceTickets() {

            if (subject == null)
                return;
            Set<Object> creds = subject.getPrivateCredentials();
            if (creds.size() == 0) {
                log.debug("[" + getName() + "] No service tickets");
            }

            synchronized (creds) {
                // The Subject's private credentials is a synchronizedSet
                // We must manually synchronize when iterating through the set.
                for (Object cred : creds) {
                    if (cred instanceof KerberosTicket) {
                        KerberosTicket ticket = (KerberosTicket) cred;
                        log.debug("[" + getName() + "] Service ticket " + "belonging to client principal ["
                                  + ticket.getClient().getName() + "] for server principal ["
                                  + ticket.getServer().getName() + "] End time=[" + ticket.getEndTime()
                                  + "] isCurrent=" + ticket.isCurrent());
                    }
                }
            }
        }
 
Example 2
Project: OpenJSharp   File: Krb5Util.java   View source code 6 votes vote down vote up
/**
 * Retrieves the ticket corresponding to the client/server principal
 * pair from the Subject in the specified AccessControlContext.
 * If the ticket can not be found in the Subject, and if
 * useSubjectCredsOnly is false, then obtain ticket from
 * a LoginContext.
 */
static KerberosTicket getTicket(GSSCaller caller,
    String clientPrincipal, String serverPrincipal,
    AccessControlContext acc) throws LoginException {

    // Try to get ticket from acc's Subject
    Subject accSubj = Subject.getSubject(acc);
    KerberosTicket ticket =
        SubjectComber.find(accSubj, serverPrincipal, clientPrincipal,
              KerberosTicket.class);

    // Try to get ticket from Subject obtained from GSSUtil
    if (ticket == null && !GSSUtil.useSubjectCredsOnly(caller)) {
        Subject subject = GSSUtil.login(caller, GSSUtil.GSS_KRB5_MECH_OID);
        ticket = SubjectComber.find(subject,
            serverPrincipal, clientPrincipal, KerberosTicket.class);
    }
    return ticket;
}
 
Example 3
Project: OpenJSharp   File: Krb5Util.java   View source code 6 votes vote down vote up
public static KerberosTicket credsToTicket(Credentials serviceCreds) {
    EncryptionKey sessionKey =  serviceCreds.getSessionKey();
    return new KerberosTicket(
        serviceCreds.getEncoded(),
        new KerberosPrincipal(serviceCreds.getClient().getName()),
        new KerberosPrincipal(serviceCreds.getServer().getName(),
                            KerberosPrincipal.KRB_NT_SRV_INST),
        sessionKey.getBytes(),
        sessionKey.getEType(),
        serviceCreds.getFlags(),
        serviceCreds.getAuthTime(),
        serviceCreds.getStartTime(),
        serviceCreds.getEndTime(),
        serviceCreds.getRenewTill(),
        serviceCreds.getClientAddresses());
}
 
Example 4
Project: OpenJSharp   File: KerberosClientKeyExchangeImpl.java   View source code 6 votes vote down vote up
/**
 * Creates an instance of KerberosClientKeyExchange consisting of the
 * Kerberos service ticket, authenticator and encrypted premaster secret.
 * Called by client handshaker.
 *
 * @param serverName name of server with which to do handshake;
 *             this is used to get the Kerberos service ticket
 * @param protocolVersion Maximum version supported by client (i.e,
 *          version it requested in client hello)
 * @param rand random number generator to use for generating pre-master
 *          secret
 */
@Override
public void init(String serverName,
    AccessControlContext acc, ProtocolVersion protocolVersion,
    SecureRandom rand) throws IOException {

     // Get service ticket
     KerberosTicket ticket = getServiceTicket(serverName, acc);
     encodedTicket = ticket.getEncoded();

     // Record the Kerberos principals
     peerPrincipal = ticket.getServer();
     localPrincipal = ticket.getClient();

     // Optional authenticator, encrypted using session key,
     // currently ignored

     // Generate premaster secret and encrypt it using session key
     EncryptionKey sessionKey = new EncryptionKey(
                                    ticket.getSessionKeyType(),
                                    ticket.getSessionKey().getEncoded());

     preMaster = new KerberosPreMasterSecret(protocolVersion,
         rand, sessionKey);
}
 
Example 5
Project: monarch   File: KerberosAuthInit.java   View source code 6 votes vote down vote up
private void validateSubject(Subject subject) {
  Set<Object> set = subject.getPrivateCredentials();
  boolean foundTGT = false;
  if (set != null && set.size() > 0) {
    for (Object obj : set) {
      if (obj instanceof KerberosTicket) {
        KerberosTicket kt = (KerberosTicket) obj;
        String serverName = kt.getServer().getName();
        if (serverName.startsWith(TGT_SERVER_NAME_PREFIX)) {
          foundTGT = true;
        }
      }
    }
  }
  if (!foundTGT) {
    String errorMsg = null;
    if (loadFromTicketCache) {
      errorMsg = "Unable to load Kerberos TGT. Consider kinit.";
    } else {
      errorMsg = "Login failed for principal '" + userPrincipal + "' using keytab '" + keytabPath
          + "'. Specify correct keytab file path";
    }
    logger.error(errorMsg);
    throw new AuthenticationFailedException(errorMsg);
  }
}
 
Example 6
Project: jdk8u-jdk   File: Krb5Util.java   View source code 6 votes vote down vote up
/**
 * Retrieves the ticket corresponding to the client/server principal
 * pair from the Subject in the specified AccessControlContext.
 * If the ticket can not be found in the Subject, and if
 * useSubjectCredsOnly is false, then obtain ticket from
 * a LoginContext.
 */
static KerberosTicket getTicket(GSSCaller caller,
    String clientPrincipal, String serverPrincipal,
    AccessControlContext acc) throws LoginException {

    // Try to get ticket from acc's Subject
    Subject accSubj = Subject.getSubject(acc);
    KerberosTicket ticket =
        SubjectComber.find(accSubj, serverPrincipal, clientPrincipal,
              KerberosTicket.class);

    // Try to get ticket from Subject obtained from GSSUtil
    if (ticket == null && !GSSUtil.useSubjectCredsOnly(caller)) {
        Subject subject = GSSUtil.login(caller, GSSUtil.GSS_KRB5_MECH_OID);
        ticket = SubjectComber.find(subject,
            serverPrincipal, clientPrincipal, KerberosTicket.class);
    }
    return ticket;
}
 
Example 7
Project: jdk8u-jdk   File: Krb5Util.java   View source code 6 votes vote down vote up
public static KerberosTicket credsToTicket(Credentials serviceCreds) {
    EncryptionKey sessionKey =  serviceCreds.getSessionKey();
    return new KerberosTicket(
        serviceCreds.getEncoded(),
        new KerberosPrincipal(serviceCreds.getClient().getName()),
        new KerberosPrincipal(serviceCreds.getServer().getName(),
                            KerberosPrincipal.KRB_NT_SRV_INST),
        sessionKey.getBytes(),
        sessionKey.getEType(),
        serviceCreds.getFlags(),
        serviceCreds.getAuthTime(),
        serviceCreds.getStartTime(),
        serviceCreds.getEndTime(),
        serviceCreds.getRenewTill(),
        serviceCreds.getClientAddresses());
}
 
Example 8
Project: jdk8u-jdk   File: KerberosClientKeyExchangeImpl.java   View source code 6 votes vote down vote up
/**
 * Creates an instance of KerberosClientKeyExchange consisting of the
 * Kerberos service ticket, authenticator and encrypted premaster secret.
 * Called by client handshaker.
 *
 * @param serverName name of server with which to do handshake;
 *             this is used to get the Kerberos service ticket
 * @param protocolVersion Maximum version supported by client (i.e,
 *          version it requested in client hello)
 * @param rand random number generator to use for generating pre-master
 *          secret
 */
@Override
public void init(String serverName,
    AccessControlContext acc, ProtocolVersion protocolVersion,
    SecureRandom rand) throws IOException {

     // Get service ticket
     KerberosTicket ticket = getServiceTicket(serverName, acc);
     encodedTicket = ticket.getEncoded();

     // Record the Kerberos principals
     peerPrincipal = ticket.getServer();
     localPrincipal = ticket.getClient();

     // Optional authenticator, encrypted using session key,
     // currently ignored

     // Generate premaster secret and encrypt it using session key
     EncryptionKey sessionKey = new EncryptionKey(
                                    ticket.getSessionKeyType(),
                                    ticket.getSessionKey().getEncoded());

     preMaster = new KerberosPreMasterSecret(protocolVersion,
         rand, sessionKey);
}
 
Example 9
Project: jdk8u-jdk   File: KerberosTixDateTest.java   View source code 6 votes vote down vote up
public static void main(String[] args) throws Exception {
    byte[] asn1Bytes = "asn1".getBytes();
    KerberosPrincipal client = new KerberosPrincipal("client");
    KerberosPrincipal server = new KerberosPrincipal("server");
    byte[] keyBytes = "sessionKey".getBytes();
    long originalTime = 12345678L;
    Date inDate = new Date(originalTime);
    boolean[] flags = new boolean[9];
    flags[8] = true; // renewable
    KerberosTicket t = new KerberosTicket(asn1Bytes, client, server,
            keyBytes, 1 /*keyType*/, flags, inDate /*authTime*/,
            inDate /*startTime*/, inDate /*endTime*/,
            inDate /*renewTill*/, null /*clientAddresses*/);
    inDate.setTime(0); // for testing the constructor

    testDateImmutability(t, originalTime);
    testS11nCompatibility(t); // S11n: Serialization
    testDestroy(t);
}
 
Example 10
Project: jdk8u-jdk   File: KerberosTixDateTest.java   View source code 6 votes vote down vote up
private static void testDateImmutability(KerberosTicket t, long origTime)
    throws Exception {
    // test the constructor
    System.out.println("Testing constructor...");
    checkTime(t, origTime);

    // test the getAuth/Start/EndTime() & getRenewTill() methods
    System.out.println("Testing getAuth/Start/EndTime() & getRenewTill()...");
    t.getAuthTime().setTime(0);
    t.getStartTime().setTime(0);
    t.getEndTime().setTime(0);
    t.getRenewTill().setTime(0);
    checkTime(t, origTime);

    System.out.println("DateImmutability Test Passed");
}
 
Example 11
Project: jdk8u-jdk   File: KerberosTixDateTest.java   View source code 6 votes vote down vote up
private static void testDestroy(KerberosTicket t) throws Exception {
    t.destroy();
    if (!t.isDestroyed()) {
        throw new RuntimeException("ticket should have been destroyed");
    }
    // Although these methods are meaningless, they can be called
    for (Method m: KerberosTicket.class.getDeclaredMethods()) {
        if (Modifier.isPublic(m.getModifiers())
                && m.getParameterCount() == 0) {
            System.out.println("Testing " + m.getName() + "...");
            try {
                m.invoke(t);
            } catch (InvocationTargetException e) {
                Throwable cause = e.getCause();
                if (cause instanceof RefreshFailedException ||
                        cause instanceof IllegalStateException) {
                    // this is OK
                } else {
                    throw e;
                }
            }
        }
    }
    System.out.println("Destroy Test Passed");
}
 
Example 12
Project: openjdk-jdk10   File: Krb5Util.java   View source code 6 votes vote down vote up
/**
 * Retrieves the ticket corresponding to the client/server principal
 * pair from the Subject in the specified AccessControlContext.
 * If the ticket can not be found in the Subject, and if
 * useSubjectCredsOnly is false, then obtain ticket from
 * a LoginContext.
 */
static KerberosTicket getTicket(GSSCaller caller,
    String clientPrincipal, String serverPrincipal,
    AccessControlContext acc) throws LoginException {

    // Try to get ticket from acc's Subject
    Subject accSubj = Subject.getSubject(acc);
    KerberosTicket ticket =
        SubjectComber.find(accSubj, serverPrincipal, clientPrincipal,
              KerberosTicket.class);

    // Try to get ticket from Subject obtained from GSSUtil
    if (ticket == null && !GSSUtil.useSubjectCredsOnly(caller)) {
        Subject subject = GSSUtil.login(caller, GSSUtil.GSS_KRB5_MECH_OID);
        ticket = SubjectComber.find(subject,
            serverPrincipal, clientPrincipal, KerberosTicket.class);
    }
    return ticket;
}
 
Example 13
Project: openjdk-jdk10   File: Krb5Util.java   View source code 6 votes vote down vote up
public static KerberosTicket credsToTicket(Credentials serviceCreds) {
    EncryptionKey sessionKey =  serviceCreds.getSessionKey();
    return new KerberosTicket(
        serviceCreds.getEncoded(),
        new KerberosPrincipal(serviceCreds.getClient().getName()),
        new KerberosPrincipal(serviceCreds.getServer().getName(),
                            KerberosPrincipal.KRB_NT_SRV_INST),
        sessionKey.getBytes(),
        sessionKey.getEType(),
        serviceCreds.getFlags(),
        serviceCreds.getAuthTime(),
        serviceCreds.getStartTime(),
        serviceCreds.getEndTime(),
        serviceCreds.getRenewTill(),
        serviceCreds.getClientAddresses());
}
 
Example 14
Project: openjdk-jdk10   File: Krb5KeyExchangeService.java   View source code 6 votes vote down vote up
ExchangerImpl(String serverName, AccessControlContext acc,
        ProtocolVersion protocolVersion, SecureRandom rand) throws IOException {

    // Get service ticket
    KerberosTicket ticket = getServiceTicket(serverName, acc);
    encodedTicket = ticket.getEncoded();

    // Record the Kerberos principals
    peerPrincipal = ticket.getServer();
    localPrincipal = ticket.getClient();

    // Optional authenticator, encrypted using session key,
    // currently ignored

    // Generate premaster secret and encrypt it using session key
    EncryptionKey sessionKey = new EncryptionKey(
            ticket.getSessionKeyType(),
            ticket.getSessionKey().getEncoded());

    preMaster = new KerberosPreMasterSecret(protocolVersion,
            rand, sessionKey);
}
 
Example 15
Project: openjdk-jdk10   File: Renewal.java   View source code 6 votes vote down vote up
static void checkLogin(
        String s1,      // ticket_lifetime in krb5.conf, null if none
        String s2,      // renew_lifetime in krb5.conf, null if none
        int t1, int t2  // expected lifetimes, -1 of unexpected
            ) throws Exception {
    KDC.saveConfig(OneKDC.KRB5_CONF, kdc,
            s1 != null ? ("ticket_lifetime = " + s1) : "",
            s2 != null ? ("renew_lifetime = " + s2) : "");
    Config.refresh();

    Context c;
    c = Context.fromJAAS("client");

    Set<KerberosTicket> tickets =
            c.s().getPrivateCredentials(KerberosTicket.class);
    if (tickets.size() != 1) {
        throw new Exception();
    }
    KerberosTicket ticket = tickets.iterator().next();

    checkRough(ticket.getEndTime(), t1);
    checkRough(ticket.getRenewTill(), t2);
}
 
Example 16
Project: openjdk-jdk10   File: NullRenewUntil.java   View source code 6 votes vote down vote up
public static void main(String[] args) throws Exception {

        OneKDC kdc = new OneKDC(null);

        KDC.saveConfig(OneKDC.KRB5_CONF, kdc,
                "ticket_lifetime = 10s",
                "renew_lifetime = 11s");
        Config.refresh();

        KerberosTicket ticket = Context
                .fromUserPass(OneKDC.USER, OneKDC.PASS, false).s()
                .getPrivateCredentials(KerberosTicket.class).iterator().next();

        System.out.println(ticket);
        Asserts.assertTrue(ticket.getRenewTill() != null, ticket.toString());

        Thread.sleep(2000);

        ticket.refresh();
        System.out.println(ticket);
        Asserts.assertTrue(ticket.getRenewTill() == null, ticket.toString());

        Thread.sleep(2000);
        ticket.refresh();
        System.out.println(ticket);
    }
 
Example 17
Project: openjdk-jdk10   File: TicketSName.java   View source code 6 votes vote down vote up
public static void main(String[] args) throws Exception {

        new OneKDC(null).writeJAASConf();

        Context c, s;
        c = Context.fromJAAS("client");
        s = Context.fromJAAS("server");

        c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
        s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);

        Context.handshake(c, s);

        String expected = OneKDC.SERVER + "@" + OneKDC.REALM;
        if (!c.s().getPrivateCredentials(KerberosTicket.class)
                .stream()
                .anyMatch(t -> t.getServer().toString().equals(expected))) {
            c.status();
            throw new Exception("no " + expected);
        }
    }
 
Example 18
Project: openjdk-jdk10   File: KerberosTixDateTest.java   View source code 6 votes vote down vote up
public static void main(String[] args) throws Exception {
    byte[] asn1Bytes = "asn1".getBytes();
    KerberosPrincipal client = new KerberosPrincipal("[email protected]");
    KerberosPrincipal server = new KerberosPrincipal("[email protected]");
    byte[] keyBytes = "sessionKey".getBytes();
    long originalTime = 12345678L;
    Date inDate = new Date(originalTime);
    boolean[] flags = new boolean[9];
    flags[8] = true; // renewable
    KerberosTicket t = new KerberosTicket(asn1Bytes, client, server,
            keyBytes, 1 /*keyType*/, flags, inDate /*authTime*/,
            inDate /*startTime*/, inDate /*endTime*/,
            inDate /*renewTill*/, null /*clientAddresses*/);
    inDate.setTime(0); // for testing the constructor

    testDateImmutability(t, originalTime);
    testS11nCompatibility(t); // S11n: Serialization
    testDestroy(t);
}
 
Example 19
Project: openjdk-jdk10   File: KerberosTixDateTest.java   View source code 6 votes vote down vote up
private static void testDateImmutability(KerberosTicket t, long origTime)
    throws Exception {
    // test the constructor
    System.out.println("Testing constructor...");
    checkTime(t, origTime);

    // test the getAuth/Start/EndTime() & getRenewTill() methods
    System.out.println("Testing getAuth/Start/EndTime() & getRenewTill()...");
    t.getAuthTime().setTime(0);
    t.getStartTime().setTime(0);
    t.getEndTime().setTime(0);
    t.getRenewTill().setTime(0);
    checkTime(t, origTime);

    System.out.println("DateImmutability Test Passed");
}
 
Example 20
Project: openjdk-jdk10   File: KerberosTixDateTest.java   View source code 6 votes vote down vote up
private static void testDestroy(KerberosTicket t) throws Exception {
    t.destroy();
    if (!t.isDestroyed()) {
        throw new RuntimeException("ticket should have been destroyed");
    }
    // Although these methods are meaningless, they can be called
    for (Method m: KerberosTicket.class.getDeclaredMethods()) {
        if (Modifier.isPublic(m.getModifiers())
                && m.getParameterCount() == 0) {
            System.out.println("Testing " + m.getName() + "...");
            try {
                m.invoke(t);
            } catch (InvocationTargetException e) {
                Throwable cause = e.getCause();
                if (cause instanceof RefreshFailedException ||
                        cause instanceof IllegalStateException) {
                    // this is OK
                } else {
                    throw e;
                }
            }
        }
    }
    System.out.println("Destroy Test Passed");
}
 
Example 21
Project: openjdk9   File: Krb5Util.java   View source code 6 votes vote down vote up
/**
 * Retrieves the ticket corresponding to the client/server principal
 * pair from the Subject in the specified AccessControlContext.
 * If the ticket can not be found in the Subject, and if
 * useSubjectCredsOnly is false, then obtain ticket from
 * a LoginContext.
 */
static KerberosTicket getTicket(GSSCaller caller,
    String clientPrincipal, String serverPrincipal,
    AccessControlContext acc) throws LoginException {

    // Try to get ticket from acc's Subject
    Subject accSubj = Subject.getSubject(acc);
    KerberosTicket ticket =
        SubjectComber.find(accSubj, serverPrincipal, clientPrincipal,
              KerberosTicket.class);

    // Try to get ticket from Subject obtained from GSSUtil
    if (ticket == null && !GSSUtil.useSubjectCredsOnly(caller)) {
        Subject subject = GSSUtil.login(caller, GSSUtil.GSS_KRB5_MECH_OID);
        ticket = SubjectComber.find(subject,
            serverPrincipal, clientPrincipal, KerberosTicket.class);
    }
    return ticket;
}
 
Example 22
Project: openjdk9   File: Krb5Util.java   View source code 6 votes vote down vote up
public static KerberosTicket credsToTicket(Credentials serviceCreds) {
    EncryptionKey sessionKey =  serviceCreds.getSessionKey();
    return new KerberosTicket(
        serviceCreds.getEncoded(),
        new KerberosPrincipal(serviceCreds.getClient().getName()),
        new KerberosPrincipal(serviceCreds.getServer().getName(),
                            KerberosPrincipal.KRB_NT_SRV_INST),
        sessionKey.getBytes(),
        sessionKey.getEType(),
        serviceCreds.getFlags(),
        serviceCreds.getAuthTime(),
        serviceCreds.getStartTime(),
        serviceCreds.getEndTime(),
        serviceCreds.getRenewTill(),
        serviceCreds.getClientAddresses());
}
 
Example 23
Project: openjdk9   File: Krb5KeyExchangeService.java   View source code 6 votes vote down vote up
ExchangerImpl(String serverName, AccessControlContext acc,
        ProtocolVersion protocolVersion, SecureRandom rand) throws IOException {

    // Get service ticket
    KerberosTicket ticket = getServiceTicket(serverName, acc);
    encodedTicket = ticket.getEncoded();

    // Record the Kerberos principals
    peerPrincipal = ticket.getServer();
    localPrincipal = ticket.getClient();

    // Optional authenticator, encrypted using session key,
    // currently ignored

    // Generate premaster secret and encrypt it using session key
    EncryptionKey sessionKey = new EncryptionKey(
            ticket.getSessionKeyType(),
            ticket.getSessionKey().getEncoded());

    preMaster = new KerberosPreMasterSecret(protocolVersion,
            rand, sessionKey);
}
 
Example 24
Project: openjdk9   File: Renewal.java   View source code 6 votes vote down vote up
static void checkLogin(
        String s1,      // ticket_lifetime in krb5.conf, null if none
        String s2,      // renew_lifetime in krb5.conf, null if none
        int t1, int t2  // expected lifetimes, -1 of unexpected
            ) throws Exception {
    KDC.saveConfig(OneKDC.KRB5_CONF, kdc,
            s1 != null ? ("ticket_lifetime = " + s1) : "",
            s2 != null ? ("renew_lifetime = " + s2) : "");
    Config.refresh();

    Context c;
    c = Context.fromJAAS("client");

    Set<KerberosTicket> tickets =
            c.s().getPrivateCredentials(KerberosTicket.class);
    if (tickets.size() != 1) {
        throw new Exception();
    }
    KerberosTicket ticket = tickets.iterator().next();

    checkRough(ticket.getEndTime(), t1);
    checkRough(ticket.getRenewTill(), t2);
}
 
Example 25
Project: openjdk9   File: KerberosTixDateTest.java   View source code 6 votes vote down vote up
public static void main(String[] args) throws Exception {
    byte[] asn1Bytes = "asn1".getBytes();
    KerberosPrincipal client = new KerberosPrincipal("[email protected]");
    KerberosPrincipal server = new KerberosPrincipal("[email protected]");
    byte[] keyBytes = "sessionKey".getBytes();
    long originalTime = 12345678L;
    Date inDate = new Date(originalTime);
    boolean[] flags = new boolean[9];
    flags[8] = true; // renewable
    KerberosTicket t = new KerberosTicket(asn1Bytes, client, server,
            keyBytes, 1 /*keyType*/, flags, inDate /*authTime*/,
            inDate /*startTime*/, inDate /*endTime*/,
            inDate /*renewTill*/, null /*clientAddresses*/);
    inDate.setTime(0); // for testing the constructor

    testDateImmutability(t, originalTime);
    testS11nCompatibility(t); // S11n: Serialization
    testDestroy(t);
}
 
Example 26
Project: openjdk9   File: KerberosTixDateTest.java   View source code 6 votes vote down vote up
private static void testDateImmutability(KerberosTicket t, long origTime)
    throws Exception {
    // test the constructor
    System.out.println("Testing constructor...");
    checkTime(t, origTime);

    // test the getAuth/Start/EndTime() & getRenewTill() methods
    System.out.println("Testing getAuth/Start/EndTime() & getRenewTill()...");
    t.getAuthTime().setTime(0);
    t.getStartTime().setTime(0);
    t.getEndTime().setTime(0);
    t.getRenewTill().setTime(0);
    checkTime(t, origTime);

    System.out.println("DateImmutability Test Passed");
}
 
Example 27
Project: openjdk9   File: KerberosTixDateTest.java   View source code 6 votes vote down vote up
private static void testDestroy(KerberosTicket t) throws Exception {
    t.destroy();
    if (!t.isDestroyed()) {
        throw new RuntimeException("ticket should have been destroyed");
    }
    // Although these methods are meaningless, they can be called
    for (Method m: KerberosTicket.class.getDeclaredMethods()) {
        if (Modifier.isPublic(m.getModifiers())
                && m.getParameterCount() == 0) {
            System.out.println("Testing " + m.getName() + "...");
            try {
                m.invoke(t);
            } catch (InvocationTargetException e) {
                Throwable cause = e.getCause();
                if (cause instanceof RefreshFailedException ||
                        cause instanceof IllegalStateException) {
                    // this is OK
                } else {
                    throw e;
                }
            }
        }
    }
    System.out.println("Destroy Test Passed");
}
 
Example 28
Project: jdk8u_jdk   File: Krb5Util.java   View source code 6 votes vote down vote up
/**
 * Retrieves the ticket corresponding to the client/server principal
 * pair from the Subject in the specified AccessControlContext.
 * If the ticket can not be found in the Subject, and if
 * useSubjectCredsOnly is false, then obtain ticket from
 * a LoginContext.
 */
static KerberosTicket getTicket(GSSCaller caller,
    String clientPrincipal, String serverPrincipal,
    AccessControlContext acc) throws LoginException {

    // Try to get ticket from acc's Subject
    Subject accSubj = Subject.getSubject(acc);
    KerberosTicket ticket =
        SubjectComber.find(accSubj, serverPrincipal, clientPrincipal,
              KerberosTicket.class);

    // Try to get ticket from Subject obtained from GSSUtil
    if (ticket == null && !GSSUtil.useSubjectCredsOnly(caller)) {
        Subject subject = GSSUtil.login(caller, GSSUtil.GSS_KRB5_MECH_OID);
        ticket = SubjectComber.find(subject,
            serverPrincipal, clientPrincipal, KerberosTicket.class);
    }
    return ticket;
}
 
Example 29
Project: jdk8u_jdk   File: Krb5Util.java   View source code 6 votes vote down vote up
public static KerberosTicket credsToTicket(Credentials serviceCreds) {
    EncryptionKey sessionKey =  serviceCreds.getSessionKey();
    return new KerberosTicket(
        serviceCreds.getEncoded(),
        new KerberosPrincipal(serviceCreds.getClient().getName()),
        new KerberosPrincipal(serviceCreds.getServer().getName(),
                            KerberosPrincipal.KRB_NT_SRV_INST),
        sessionKey.getBytes(),
        sessionKey.getEType(),
        serviceCreds.getFlags(),
        serviceCreds.getAuthTime(),
        serviceCreds.getStartTime(),
        serviceCreds.getEndTime(),
        serviceCreds.getRenewTill(),
        serviceCreds.getClientAddresses());
}
 
Example 30
Project: jdk8u_jdk   File: KerberosClientKeyExchangeImpl.java   View source code 6 votes vote down vote up
/**
 * Creates an instance of KerberosClientKeyExchange consisting of the
 * Kerberos service ticket, authenticator and encrypted premaster secret.
 * Called by client handshaker.
 *
 * @param serverName name of server with which to do handshake;
 *             this is used to get the Kerberos service ticket
 * @param protocolVersion Maximum version supported by client (i.e,
 *          version it requested in client hello)
 * @param rand random number generator to use for generating pre-master
 *          secret
 */
@Override
public void init(String serverName,
    AccessControlContext acc, ProtocolVersion protocolVersion,
    SecureRandom rand) throws IOException {

     // Get service ticket
     KerberosTicket ticket = getServiceTicket(serverName, acc);
     encodedTicket = ticket.getEncoded();

     // Record the Kerberos principals
     peerPrincipal = ticket.getServer();
     localPrincipal = ticket.getClient();

     // Optional authenticator, encrypted using session key,
     // currently ignored

     // Generate premaster secret and encrypt it using session key
     EncryptionKey sessionKey = new EncryptionKey(
                                    ticket.getSessionKeyType(),
                                    ticket.getSessionKey().getEncoded());

     preMaster = new KerberosPreMasterSecret(protocolVersion,
         rand, sessionKey);
}
 
Example 31
Project: jdk8u_jdk   File: KerberosTixDateTest.java   View source code 6 votes vote down vote up
public static void main(String[] args) throws Exception {
    byte[] asn1Bytes = "asn1".getBytes();
    KerberosPrincipal client = new KerberosPrincipal("client");
    KerberosPrincipal server = new KerberosPrincipal("server");
    byte[] keyBytes = "sessionKey".getBytes();
    long originalTime = 12345678L;
    Date inDate = new Date(originalTime);
    boolean[] flags = new boolean[9];
    flags[8] = true; // renewable
    KerberosTicket t = new KerberosTicket(asn1Bytes, client, server,
            keyBytes, 1 /*keyType*/, flags, inDate /*authTime*/,
            inDate /*startTime*/, inDate /*endTime*/,
            inDate /*renewTill*/, null /*clientAddresses*/);
    inDate.setTime(0); // for testing the constructor

    testDateImmutability(t, originalTime);
    testS11nCompatibility(t); // S11n: Serialization
    testDestroy(t);
}
 
Example 32
Project: jdk8u_jdk   File: KerberosTixDateTest.java   View source code 6 votes vote down vote up
private static void testDateImmutability(KerberosTicket t, long origTime)
    throws Exception {
    // test the constructor
    System.out.println("Testing constructor...");
    checkTime(t, origTime);

    // test the getAuth/Start/EndTime() & getRenewTill() methods
    System.out.println("Testing getAuth/Start/EndTime() & getRenewTill()...");
    t.getAuthTime().setTime(0);
    t.getStartTime().setTime(0);
    t.getEndTime().setTime(0);
    t.getRenewTill().setTime(0);
    checkTime(t, origTime);

    System.out.println("DateImmutability Test Passed");
}
 
Example 33
Project: jdk8u_jdk   File: KerberosTixDateTest.java   View source code 6 votes vote down vote up
private static void testDestroy(KerberosTicket t) throws Exception {
    t.destroy();
    if (!t.isDestroyed()) {
        throw new RuntimeException("ticket should have been destroyed");
    }
    // Although these methods are meaningless, they can be called
    for (Method m: KerberosTicket.class.getDeclaredMethods()) {
        if (Modifier.isPublic(m.getModifiers())
                && m.getParameterCount() == 0) {
            System.out.println("Testing " + m.getName() + "...");
            try {
                m.invoke(t);
            } catch (InvocationTargetException e) {
                Throwable cause = e.getCause();
                if (cause instanceof RefreshFailedException ||
                        cause instanceof IllegalStateException) {
                    // this is OK
                } else {
                    throw e;
                }
            }
        }
    }
    System.out.println("Destroy Test Passed");
}
 
Example 34
Project: lookaside_java-1.8.0-openjdk   File: Krb5Util.java   View source code 6 votes vote down vote up
/**
 * Retrieves the ticket corresponding to the client/server principal
 * pair from the Subject in the specified AccessControlContext.
 * If the ticket can not be found in the Subject, and if
 * useSubjectCredsOnly is false, then obtain ticket from
 * a LoginContext.
 */
static KerberosTicket getTicket(GSSCaller caller,
    String clientPrincipal, String serverPrincipal,
    AccessControlContext acc) throws LoginException {

    // Try to get ticket from acc's Subject
    Subject accSubj = Subject.getSubject(acc);
    KerberosTicket ticket =
        SubjectComber.find(accSubj, serverPrincipal, clientPrincipal,
              KerberosTicket.class);

    // Try to get ticket from Subject obtained from GSSUtil
    if (ticket == null && !GSSUtil.useSubjectCredsOnly(caller)) {
        Subject subject = GSSUtil.login(caller, GSSUtil.GSS_KRB5_MECH_OID);
        ticket = SubjectComber.find(subject,
            serverPrincipal, clientPrincipal, KerberosTicket.class);
    }
    return ticket;
}
 
Example 35
Project: lookaside_java-1.8.0-openjdk   File: Krb5Util.java   View source code 6 votes vote down vote up
public static KerberosTicket credsToTicket(Credentials serviceCreds) {
    EncryptionKey sessionKey =  serviceCreds.getSessionKey();
    return new KerberosTicket(
        serviceCreds.getEncoded(),
        new KerberosPrincipal(serviceCreds.getClient().getName()),
        new KerberosPrincipal(serviceCreds.getServer().getName(),
                            KerberosPrincipal.KRB_NT_SRV_INST),
        sessionKey.getBytes(),
        sessionKey.getEType(),
        serviceCreds.getFlags(),
        serviceCreds.getAuthTime(),
        serviceCreds.getStartTime(),
        serviceCreds.getEndTime(),
        serviceCreds.getRenewTill(),
        serviceCreds.getClientAddresses());
}
 
Example 36
Project: lookaside_java-1.8.0-openjdk   File: KerberosClientKeyExchangeImpl.java   View source code 6 votes vote down vote up
/**
 * Creates an instance of KerberosClientKeyExchange consisting of the
 * Kerberos service ticket, authenticator and encrypted premaster secret.
 * Called by client handshaker.
 *
 * @param serverName name of server with which to do handshake;
 *             this is used to get the Kerberos service ticket
 * @param protocolVersion Maximum version supported by client (i.e,
 *          version it requested in client hello)
 * @param rand random number generator to use for generating pre-master
 *          secret
 */
@Override
public void init(String serverName,
    AccessControlContext acc, ProtocolVersion protocolVersion,
    SecureRandom rand) throws IOException {

     // Get service ticket
     KerberosTicket ticket = getServiceTicket(serverName, acc);
     encodedTicket = ticket.getEncoded();

     // Record the Kerberos principals
     peerPrincipal = ticket.getServer();
     localPrincipal = ticket.getClient();

     // Optional authenticator, encrypted using session key,
     // currently ignored

     // Generate premaster secret and encrypt it using session key
     EncryptionKey sessionKey = new EncryptionKey(
                                    ticket.getSessionKeyType(),
                                    ticket.getSessionKey().getEncoded());

     preMaster = new KerberosPreMasterSecret(protocolVersion,
         rand, sessionKey);
}
 
Example 37
Project: lookaside_java-1.8.0-openjdk   File: KerberosTixDateTest.java   View source code 6 votes vote down vote up
public static void main(String[] args) throws Exception {
    byte[] asn1Bytes = "asn1".getBytes();
    KerberosPrincipal client = new KerberosPrincipal("client");
    KerberosPrincipal server = new KerberosPrincipal("server");
    byte[] keyBytes = "sessionKey".getBytes();
    long originalTime = 12345678L;
    Date inDate = new Date(originalTime);
    boolean[] flags = new boolean[9];
    flags[8] = true; // renewable
    KerberosTicket t = new KerberosTicket(asn1Bytes, client, server,
            keyBytes, 1 /*keyType*/, flags, inDate /*authTime*/,
            inDate /*startTime*/, inDate /*endTime*/,
            inDate /*renewTill*/, null /*clientAddresses*/);
    inDate.setTime(0); // for testing the constructor

    testDateImmutability(t, originalTime);
    testS11nCompatibility(t); // S11n: Serialization
}
 
Example 38
Project: lookaside_java-1.8.0-openjdk   File: KerberosTixDateTest.java   View source code 6 votes vote down vote up
private static void testDateImmutability(KerberosTicket t, long origTime)
    throws Exception {
    // test the constructor
    System.out.println("Testing constructor...");
    checkTime(t, origTime);

    // test the getAuth/Start/EndTime() & getRenewTill() methods
    System.out.println("Testing getAuth/Start/EndTime() & getRenewTill()...");
    t.getAuthTime().setTime(0);
    t.getStartTime().setTime(0);
    t.getEndTime().setTime(0);
    t.getRenewTill().setTime(0);
    checkTime(t, origTime);

    System.out.println("DateImmutability Test Passed");
}
 
Example 39
Project: jcifs-ng   File: KerberosTest.java   View source code 6 votes vote down vote up
private static KerberosTicket getKerberosTicket ( KerberosPrincipal principal, String password, Long expire ) throws Exception {
    PrincipalName principalName = new PrincipalName(principal.getName(), PrincipalName.KRB_NT_PRINCIPAL, principal.getRealm());
    KrbAsReqBuilder builder = new KrbAsReqBuilder(principalName, password != null ? password.toCharArray() : new char[0]);

    if ( expire != null ) {
        System.out.println("Request expires " + expire);
        KerberosTime till = new KerberosTime(expire);
        Field tillF = builder.getClass().getDeclaredField("till");
        tillF.setAccessible(true);
        tillF.set(builder, till);
    }

    Credentials creds = builder.action().getCreds();
    builder.destroy();

    KerberosTicket ticket = Krb5Util.credsToTicket(creds);
    System.out.println("Ends " + ticket.getEndTime().getTime());
    return ticket;
}
 
Example 40
Project: jstrom   File: AutoTGT.java   View source code 6 votes vote down vote up
private void populateSubjectWithTGT(Subject subject, Map<String, String> credentials) {
    KerberosTicket tgt = getTGT(credentials);
    if (tgt != null) {
        Set<Object> creds = subject.getPrivateCredentials();
        synchronized (creds) {
            Iterator<Object> iterator = creds.iterator();
            while (iterator.hasNext()) {
                Object o = iterator.next();
                if (o instanceof KerberosTicket) {
                    KerberosTicket t = (KerberosTicket) o;
                    iterator.remove();
                    try {
                        t.destroy();
                    } catch (DestroyFailedException e) {
                        LOG.warn("Failed to destory ticket ", e);
                    }
                }
            }
            creds.add(tgt);
        }
        subject.getPrincipals().add(tgt.getClient());
        kerbTicket.set(tgt);
    } else {
        LOG.info("No TGT found in credentials");
    }
}