org.apache.kerby.kerberos.kerb.KrbException Java Examples
The following examples show how to use
org.apache.kerby.kerberos.kerb.KrbException.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: FakeKDC.java From gcp-token-broker with Apache License 2.0 | 7 votes |
|
/**
* Start the server and create some temporary directories to store keytabs.
*/
public void start() {
try {
rootDir = Files.createTempDirectory("root");
brokerKeytabDir = Files.createDirectory(rootDir.resolve("broker-keytabs"));
userKeytabDir = Files.createDirectory(rootDir.resolve("user-keytabs"));
// Initialize the KDC server
kdcServer = new SimpleKdcServer();
kdcServer.setWorkDir(rootDir.toFile());
kdcServer.setKdcRealm(realm);
kdcServer.setKdcHost("localhost");
kdcServer.setAllowTcp(false);
kdcServer.setAllowUdp(true);
kdcServer.setKdcUdpPort(NetworkUtil.getServerPort());
// Start the KDC server
kdcServer.init();
kdcServer.start();
} catch (KrbException | IOException e) {
throw new RuntimeException(e);
}
}
Example #2
| Source File: KerberosUtils.java From envelope with Apache License 2.0 | 7 votes |
|
static KrbConfig getKrb5config() throws KrbException {
if (krb5Config == null) {
// Use the same logic as the standard Java Kerberos classes to load the krb5.conf
// configuration file (https://docs.oracle.com/javase/8/docs/technotes/guides/security/jgss/tutorials/KerberosReq.html):
//
// 1. If the system property java.security.krb5.conf is set, its value is assumed to
// specify the path and file name.
// 2. <java-home>/lib/security/krb5.conf
// 3. /etc/krb5.conf
if (System.getProperty("java.security.krb5.conf") != null &&
fileExists(System.getProperty("java.security.krb5.conf"))) {
krb5Config = ClientUtil.getConfig(new File(System.getProperty("java.security.krb5.conf")));
} else if (fileExists(System.getProperty("java.home") + File.separator + "lib" +
File.separator + "security" + File.separator + "krb5.conf")) {
krb5Config = ClientUtil.getConfig(new File(System.getProperty("java.home") +
File.separator + "lib" + File.separator + "security" + File.separator + "krb5.conf"));
} else if (fileExists("/etc/krb5.conf")) {
krb5Config = ClientUtil.getConfig(new File("/etc/krb5.conf"));
} else {
throw new RuntimeException("Could not find a valid /etc/krb5.conf file");
}
}
return krb5Config;
}
Example #3
| Source File: EmbeddedKdcResource.java From qpid-broker-j with Apache License 2.0 | 6 votes |
|
@Override
public void after()
{
try
{
_simpleKdcServer.stop();
}
catch (KrbException e)
{
LOGGER.warn("Failure to stop KDC server", e);
}
finally
{
if (CLEAN_UP)
{
cleanUp();
}
}
}
Example #4
| Source File: KerberosUtils.java From envelope with Apache License 2.0 | 6 votes |
|
public static String getKerberosRealm(Config config) {
if (config.hasPath(REALM_CONFIG)) {
return config.getString(REALM_CONFIG);
}
// Infer realm
String realm;
try {
realm = getKrb5config().getDefaultRealm();
}
catch (KrbException e) {
throw new RuntimeException(e);
}
return realm;
}
Example #5
| Source File: AvaticaSpnegoTest.java From calcite-avatica with Apache License 2.0 | 6 votes |
|
private static void setupServerUser(File keytabDir) throws KrbException {
// Create the client user
String clientPrincipal = SpnegoTestUtil.CLIENT_PRINCIPAL.substring(0,
SpnegoTestUtil.CLIENT_PRINCIPAL.indexOf('@'));
clientKeytab = new File(keytabDir, clientPrincipal.replace('/', '_') + ".keytab");
if (clientKeytab.exists()) {
SpnegoTestUtil.deleteRecursively(clientKeytab);
}
LOG.info("Creating {} with keytab {}", clientPrincipal, clientKeytab);
SpnegoTestUtil.setupUser(kdc, clientKeytab, clientPrincipal);
// Create the server user
String serverPrincipal = SpnegoTestUtil.SERVER_PRINCIPAL.substring(0,
SpnegoTestUtil.SERVER_PRINCIPAL.indexOf('@'));
serverKeytab = new File(keytabDir, serverPrincipal.replace('/', '_') + ".keytab");
if (serverKeytab.exists()) {
SpnegoTestUtil.deleteRecursively(serverKeytab);
}
LOG.info("Creating {} with keytab {}", SpnegoTestUtil.SERVER_PRINCIPAL, serverKeytab);
SpnegoTestUtil.setupUser(kdc, serverKeytab, SpnegoTestUtil.SERVER_PRINCIPAL);
}
Example #6
| Source File: HttpServerSpnegoWithJaasTest.java From calcite-avatica with Apache License 2.0 | 6 votes |
|
private static void setupUsers(File keytabDir) throws KrbException {
String clientPrincipal = SpnegoTestUtil.CLIENT_PRINCIPAL.substring(0,
SpnegoTestUtil.CLIENT_PRINCIPAL.indexOf('@'));
clientKeytab = new File(keytabDir, clientPrincipal.replace('/', '_') + ".keytab");
if (clientKeytab.exists()) {
SpnegoTestUtil.deleteRecursively(clientKeytab);
}
LOG.info("Creating {} with keytab {}", clientPrincipal, clientKeytab);
SpnegoTestUtil.setupUser(kdc, clientKeytab, clientPrincipal);
String serverPrincipal = SpnegoTestUtil.SERVER_PRINCIPAL.substring(0,
SpnegoTestUtil.SERVER_PRINCIPAL.indexOf('@'));
serverKeytab = new File(keytabDir, serverPrincipal.replace('/', '_') + ".keytab");
if (serverKeytab.exists()) {
SpnegoTestUtil.deleteRecursively(serverKeytab);
}
LOG.info("Creating {} with keytab {}", SpnegoTestUtil.SERVER_PRINCIPAL, serverKeytab);
SpnegoTestUtil.setupUser(kdc, serverKeytab, SpnegoTestUtil.SERVER_PRINCIPAL);
}
Example #7
| Source File: HttpServerSpnegoWithoutJaasTest.java From calcite-avatica with Apache License 2.0 | 6 votes |
|
private static void setupUsers(File keytabDir) throws KrbException {
String clientPrincipal = SpnegoTestUtil.CLIENT_PRINCIPAL.substring(0,
SpnegoTestUtil.CLIENT_PRINCIPAL.indexOf('@'));
clientKeytab = new File(keytabDir, clientPrincipal.replace('/', '_') + ".keytab");
if (clientKeytab.exists()) {
SpnegoTestUtil.deleteRecursively(clientKeytab);
}
LOG.info("Creating {} with keytab {}", clientPrincipal, clientKeytab);
SpnegoTestUtil.setupUser(kdc, clientKeytab, clientPrincipal);
String serverPrincipal = SpnegoTestUtil.SERVER_PRINCIPAL.substring(0,
SpnegoTestUtil.SERVER_PRINCIPAL.indexOf('@'));
serverKeytab = new File(keytabDir, serverPrincipal.replace('/', '_') + ".keytab");
if (serverKeytab.exists()) {
SpnegoTestUtil.deleteRecursively(serverKeytab);
}
LOG.info("Creating {} with keytab {}", SpnegoTestUtil.SERVER_PRINCIPAL, serverKeytab);
SpnegoTestUtil.setupUser(kdc, serverKeytab, SpnegoTestUtil.SERVER_PRINCIPAL);
}
Example #8
| Source File: MiniKdc.java From cruise-control with BSD 2-Clause "Simplified" License | 5 votes |
|
/**
* Initializes and starts the KDC.
* @throws KrbException
* @throws IOException
*/
public void start() throws KrbException, IOException {
_kerbyServer.setWorkDir(Files.createTempDirectory(KERBY_SERVER_TEST_HARNESS_DIR_PREFIX).toFile());
_kerbyServer.setKdcRealm(_realm);
_kerbyServer.setAllowUdp(false);
_kerbyServer.init();
_kerbyServer.start();
_kerbyServer.createAndExportPrincipals(_keytab, _principals.toArray(new String[]{}));
}
Example #9
| Source File: TestSimpleKdcServerUtil.java From hbase with Apache License 2.0 | 5 votes |
|
/**
* Test we are able to ride over clashing port... BindException.. when starting up a
* kdc server.
*/
@Test
public void testBindException() throws KrbException, IOException {
SimpleKdcServer kdc = null;
try {
File dir = new File(UTIL.getDataTestDir().toString());
kdc = SimpleKdcServerUtil.
getRunningSimpleKdcServer(dir, HBaseCommonTestingUtility::randomFreePort, true);
kdc.createPrincipal("wah");
} finally {
kdc.stop();
}
}
Example #10
| Source File: KdcFixture.java From tinkerpop with Apache License 2.0 | 5 votes |
|
private void setUpPrincipals() throws KrbException {
kdcServer.createPrincipals(serverPrincipal);
kdcServer.exportPrincipal(serverPrincipal, serviceKeytabFile);
kdcServer.createPrincipal(clientPrincipal, clientPassword);
final TgtTicket tgt = kdcServer.getKrbClient().requestTgt(clientPrincipal, clientPassword);
kdcServer.getKrbClient().storeTicket(tgt, ticketCacheFile);
kdcServer.createPrincipal(clientPrincipal2, clientPassword2);
final TgtTicket tgt2 = kdcServer.getKrbClient().requestTgt(clientPrincipal2, clientPassword2);
kdcServer.getKrbClient().storeTicket(tgt2, ticketCacheFile2);
}
Example #11
| Source File: KdcFixture.java From tinkerpop with Apache License 2.0 | 5 votes |
|
TestKdcServer() throws KrbException {
setKdcRealm(KDC_REALM);
setKdcHost(HOSTNAME);
setAllowTcp(true);
setAllowUdp(false); // There are still udp issues in Apache Directory-Kerby 1.0.0-RC2
setKdcTcpPort(NetworkUtil.getServerPort());
final KrbClient krbClnt = getKrbClient();
final KrbConfig krbConfig = krbClnt.getKrbConfig();
krbConfig.setString(KrbConfigKey.PERMITTED_ENCTYPES,
"aes128-cts-hmac-sha1-96 des-cbc-crc des-cbc-md5 des3-cbc-sha1");
krbClnt.setTimeout(10 * 1000);
}
Example #12
| Source File: TestKerberosUtils.java From envelope with Apache License 2.0 | 5 votes |
|
@Test
public void testGetRenewInterval() throws KrbException {
Config config = ConfigFactory.empty();
System.setProperty("java.security.krb5.conf",
testFolder.getRoot().getAbsolutePath() + File.separator + "krb5.conf");
long renewInterval = KerberosUtils.getRenewInterval(config);
assertEquals(10 * 3600, renewInterval);
}
Example #13
| Source File: TestKerberosUtils.java From envelope with Apache License 2.0 | 5 votes |
|
@Test
public void testGetKerberosRealm() throws KrbException {
Config config = ConfigFactory.parseString(String.format("%s = foo.kt", KEYTAB_CONFIG));
System.setProperty("java.security.krb5.conf",
testFolder.getRoot().getAbsolutePath() + File.separator + "krb5.conf");
String realm = KerberosUtils.getKerberosRealm(config);
assertEquals("ENVELOPE.LOCAL", realm);
config = ConfigFactory.parseString(String.format("%s = foo.kt\n%s = CORP.GLOBAL", KEYTAB_CONFIG, REALM_CONFIG));
realm = KerberosUtils.getKerberosRealm(config);
assertEquals("CORP.GLOBAL", realm);
}
Example #14
| Source File: TestKerberosUtils.java From envelope with Apache License 2.0 | 5 votes |
|
@Test
public void testGetKrb5Config() throws KrbException {
System.setProperty("java.security.krb5.conf",
testFolder.getRoot().getAbsolutePath() + File.separator + "krb5.conf");
KrbConfig config = KerberosUtils.getKrb5config();
assertNotNull(config);
assertEquals("ENVELOPE.LOCAL", config.getDefaultRealm());
}
Example #15
| Source File: TestKerberosUtils.java From envelope with Apache License 2.0 | 5 votes |
|
@AfterClass
public static void cleanup() throws KrbException {
if (oldKrb5 != null) {
System.setProperty("java.security.krb5.conf", oldKrb5);
} else {
System.clearProperty("java.security.krb5.conf");
}
if (kdcServer != null) {
kdcServer.stop();
}
}
Example #16
| Source File: KerberosUtils.java From envelope with Apache License 2.0 | 5 votes |
|
static int getRenewInterval(Config config) throws KrbException {
String configuredLifetime = getKrb5config().getTicketLifetime();
if (config.hasPath(TICKET_RENEW_INTERVAL)) {
return new Long(config.getDuration(TICKET_RENEW_INTERVAL, TimeUnit.SECONDS)).intValue();
} else if (configuredLifetime != null) {
return parseLifetime(configuredLifetime);
} else {
return DEFAULT_LIFETIME_SECS;
}
}
Example #17
| Source File: FakeKDC.java From gcp-token-broker with Apache License 2.0 | 5 votes |
|
public void stop() {
try {
kdcServer.getKadmin().deleteBuiltinPrincipals();
for (String principal : principals) {
kdcServer.deletePrincipal(principal);
}
kdcServer.stop();
FileUtils.deleteDirectory(rootDir.toFile());
} catch (KrbException | IOException e) {
throw new RuntimeException(e);
}
}
Example #18
| Source File: TrustedProxySecurityProviderIntegrationTest.java From cruise-control with BSD 2-Clause "Simplified" License | 5 votes |
|
public TrustedProxySecurityProviderIntegrationTest() throws KrbException {
List<String> principals = new ArrayList<>();
principals.add(AUTH_SERVICE_PRINCIPAL);
principals.add(SPNEGO_SERVICE_PRINCIPAL);
principals.add(SOME_OTHER_SERVICE_PRINCIPAL);
_miniKdc = new MiniKdc(REALM, principals);
}
Example #19
| Source File: FakeKDC.java From gcp-token-broker with Apache License 2.0 | 5 votes |
|
/**
* Create given principal in the KDC and generate a keytab.
*/
public void createPrincipal(String principal) {
try {
kdcServer.createPrincipal(principal);
File keytabFile = getKeytabPath(principal).toFile();
kdcServer.exportPrincipal(principal, keytabFile);
principals.add(principal);
} catch (KrbException e) {
throw new RuntimeException(e);
}
}
Example #20
| Source File: EmbeddedKdcResource.java From qpid-broker-j with Apache License 2.0 | 5 votes |
|
public EmbeddedKdcResource(final String host, final int port, final String serviceName, final String realm)
{
_port = port;
_realm = realm;
_kdcDirectory = Paths.get("target", "simple-kdc-" + COUNTER.incrementAndGet());
try
{
createWorkDirectory(_kdcDirectory);
_simpleKdcServer = new SimpleKdcServer();
}
catch (KrbException | IOException e)
{
throw new AssertionError(String.format("Unable to create SimpleKdcServer': %s", e.getMessage()), e);
}
_simpleKdcServer.setKdcHost(host);
// re-use port from previous start-up if any
// IBM JDK caches port somehow causing test failures
int p = port == 0 ? PORT.get() : port;
if (p > 0)
{
_simpleKdcServer.setKdcTcpPort(p);
}
_simpleKdcServer.setAllowUdp(false);
_simpleKdcServer.setKdcRealm(realm);
_simpleKdcServer.getKdcConfig().setString(KdcConfigKey.KDC_SERVICE_NAME, serviceName);
_simpleKdcServer.setWorkDir(_kdcDirectory.toFile());
}
Example #21
| Source File: SpnegoSecurityProviderIntegrationTest.java From cruise-control with BSD 2-Clause "Simplified" License | 5 votes |
|
public SpnegoSecurityProviderIntegrationTest() throws KrbException {
List<String> principals = new ArrayList<>();
principals.add(CLIENT_PRINCIPAL);
principals.add(SPNEGO_SERVICE_PRINCIPAL);
principals.add(SOME_OTHER_SERVICE_PRINCIPAL);
_miniKdc = new MiniKdc(REALM, principals);
}
Example #22
| Source File: SimpleKdcServerUtil.java From hbase with Apache License 2.0 | 4 votes |
|
/**
* Internal method for testing.
* @param portClash True if we want to generate BindException (for testing).
* @return A running SimpleKdcServer on loopback/'localhost' on a random port
* @see #getRunningSimpleKdcServer(File, Supplier)
*/
@VisibleForTesting
static SimpleKdcServer getRunningSimpleKdcServer(File testDir,
Supplier<Integer> randomPortGenerator, final boolean portClash)
throws KrbException, IOException {
File kdcDir = new File(testDir, SimpleKdcServer.class.getSimpleName());
Preconditions.checkArgument(kdcDir.mkdirs(), "Failed create of " + kdcDir);
String hostName = InetAddress.getLoopbackAddress().getHostName();
BoundSocketMaker bsm = portClash? new BoundSocketMaker(randomPortGenerator): null;
final int retries = 10;
for (int i = 0; i < retries; i++) {
SimpleKdcServer kdc = new SimpleKdcServer();
kdc.setWorkDir(kdcDir);
kdc.setKdcHost(hostName);
kdc.setAllowTcp(true);
kdc.setAllowUdp(false);
int kdcPort = bsm != null? bsm.getPort(): randomPortGenerator.get();
try {
kdc.setKdcTcpPort(kdcPort);
LOG.info("Starting KDC server at {}:{}", hostName, kdcPort);
kdc.init();
kdc.start();
return kdc;
} catch (KrbException ke) {
if (kdc != null) {
kdc.stop();
}
if (ke.getCause() != null && ke.getCause() instanceof BindException) {
LOG.info("Clashed using port {}; getting a new random port", kdcPort);
continue;
} else {
throw ke;
}
} finally {
if (bsm != null) {
bsm.close();
bsm = null;
}
}
}
// If we get here, we exhausted our retries. Fail.
throw new KrbException("Failed create of SimpleKdcServer after " + retries + " attempts");
}
Example #23
| Source File: ImpalaMetadataTask.java From envelope with Apache License 2.0 | 4 votes |
|
private void renewIfExpired() throws KrbException {
if (isKerberos(config)) {
KerberosUtils.loginIfRequired(loginContext, config);
}
}
Example #24
| Source File: MiniKdc.java From cruise-control with BSD 2-Clause "Simplified" License | 4 votes |
|
public MiniKdc(String realm, List<String> principals) throws KrbException {
_kerbyServer = new SimpleKdcServer();
_realm = realm;
_principals = principals;
_keytab = Paths.get(System.getProperty(TEMP_DIR_PROPERTY_KEY), UUID.randomUUID().toString() + KEYTAB_FILE_EXTENSION).toFile();
}
Example #25
| Source File: TestProxyUserSpnegoHttpServer.java From hbase with Apache License 2.0 | 4 votes |
|
private static void setupUser(SimpleKdcServer kdc, File keytab, String principal)
throws KrbException {
kdc.createPrincipal(principal);
kdc.exportPrincipal(principal, keytab);
}
Example #26
| Source File: TestSpnegoHttpServer.java From hbase with Apache License 2.0 | 4 votes |
|
private static void setupUser(SimpleKdcServer kdc, File keytab, String principal)
throws KrbException {
kdc.createPrincipal(principal);
kdc.exportPrincipal(principal, keytab);
}
Example #27
| Source File: KdcFixture.java From tinkerpop with Apache License 2.0 | 4 votes |
|
public void createPrincipal(final String principal) throws KrbException {
kdcServer.createPrincipal(principal);
}
Example #28
| Source File: KdcFixture.java From tinkerpop with Apache License 2.0 | 4 votes |
|
private void deletePrincipals() throws KrbException {
kdcServer.getKadmin().deleteBuiltinPrincipals();
kdcServer.deletePrincipals(serverPrincipal);
kdcServer.deletePrincipal(clientPrincipal);
kdcServer.deletePrincipal(clientPrincipal2);
}
Example #29
| Source File: SpnegoSecurityProviderIntegrationTest.java From cruise-control with BSD 2-Clause "Simplified" License | 4 votes |
|
/**
* Stops the test environment.
* @throws KrbException
*/
@After
public void teardown() throws KrbException {
super.stop();
_miniKdc.stop();
}
Example #30
| Source File: AvaticaSpnegoTest.java From calcite-avatica with Apache License 2.0 | 4 votes |
|
@AfterClass public static void stopKdc() throws KrbException {
if (isKdcStarted) {
LOG.info("Stopping KDC on {}", kdcPort);
kdc.stop();
}
}
