Java Code Examples for javax.security.sasl.SaslServer#wrap()

The following examples show how to use javax.security.sasl.SaslServer#wrap() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: SaslGSS.java    From jdk8u60 with GNU General Public License v2.0 4 votes vote down vote up
public static void main(String[] args) throws Exception {

        String name = "host." + OneKDC.REALM.toLowerCase(Locale.US);

        new OneKDC(null).writeJAASConf();
        System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");

        // Client in JGSS so that it can control wrap privacy mode
        GSSManager m = GSSManager.getInstance();
        GSSContext sc = m.createContext(
                        m.createName(OneKDC.SERVER, GSSUtil.NT_GSS_KRB5_PRINCIPAL),
                        GSSUtil.GSS_KRB5_MECH_OID,
                        null,
                        GSSContext.DEFAULT_LIFETIME);
        sc.requestMutualAuth(false);

        // Server in SASL
        final HashMap props = new HashMap();
        props.put(Sasl.QOP, "auth-conf");
        SaslServer ss = Sasl.createSaslServer("GSSAPI", "server",
                name, props,
                new CallbackHandler() {
                    public void handle(Callback[] callbacks)
                            throws IOException, UnsupportedCallbackException {
                        for (Callback cb : callbacks) {
                            if (cb instanceof RealmCallback) {
                                ((RealmCallback) cb).setText(OneKDC.REALM);
                            } else if (cb instanceof AuthorizeCallback) {
                                ((AuthorizeCallback) cb).setAuthorized(true);
                            }
                        }
                    }
                });

        ByteArrayOutputStream bout = new ByteArrayOutputStream();
        PrintStream oldErr = System.err;
        System.setErr(new PrintStream(bout));

        Logger.getLogger("javax.security.sasl").setLevel(Level.ALL);
        Handler h = new ConsoleHandler();
        h.setLevel(Level.ALL);
        Logger.getLogger("javax.security.sasl").addHandler(h);

        byte[] token = new byte[0];

        try {
            // Handshake
            token = sc.initSecContext(token, 0, token.length);
            token = ss.evaluateResponse(token);
            token = sc.unwrap(token, 0, token.length, new MessageProp(0, false));
            token[0] = (byte)(((token[0] & 4) != 0) ? 4 : 2);
            token = sc.wrap(token, 0, token.length, new MessageProp(0, false));
            ss.evaluateResponse(token);
        } finally {
            System.setErr(oldErr);
        }

        // Talk
        // 1. Client sends a auth-int message
        byte[] hello = "hello".getBytes();
        MessageProp qop = new MessageProp(0, false);
        token = sc.wrap(hello, 0, hello.length, qop);
        // 2. Server accepts it anyway
        ss.unwrap(token, 0, token.length);
        // 3. Server sends a message
        token = ss.wrap(hello, 0, hello.length);
        // 4. Client accepts, should be auth-conf
        sc.unwrap(token, 0, token.length, qop);
        if (!qop.getPrivacy()) {
            throw new Exception();
        }

        for (String s: bout.toString().split("\\n")) {
            if (s.contains("KRB5SRV04") && s.contains("NULL")) {
                return;
            }
        }
        System.out.println("=======================");
        System.out.println(bout.toString());
        System.out.println("=======================");
        throw new Exception("Haven't seen KRB5SRV04 with NULL");
    }
 
Example 2
Source File: SaslGSS.java    From openjdk-jdk8u-backup with GNU General Public License v2.0 4 votes vote down vote up
public static void main(String[] args) throws Exception {

        String name = "host." + OneKDC.REALM.toLowerCase(Locale.US);

        new OneKDC(null).writeJAASConf();
        System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");

        // Client in JGSS so that it can control wrap privacy mode
        GSSManager m = GSSManager.getInstance();
        GSSContext sc = m.createContext(
                        m.createName(OneKDC.SERVER, GSSUtil.NT_GSS_KRB5_PRINCIPAL),
                        GSSUtil.GSS_KRB5_MECH_OID,
                        null,
                        GSSContext.DEFAULT_LIFETIME);
        sc.requestMutualAuth(false);

        // Server in SASL
        final HashMap props = new HashMap();
        props.put(Sasl.QOP, "auth-conf");
        SaslServer ss = Sasl.createSaslServer("GSSAPI", "server",
                name, props,
                new CallbackHandler() {
                    public void handle(Callback[] callbacks)
                            throws IOException, UnsupportedCallbackException {
                        for (Callback cb : callbacks) {
                            if (cb instanceof RealmCallback) {
                                ((RealmCallback) cb).setText(OneKDC.REALM);
                            } else if (cb instanceof AuthorizeCallback) {
                                ((AuthorizeCallback) cb).setAuthorized(true);
                            }
                        }
                    }
                });

        ByteArrayOutputStream bout = new ByteArrayOutputStream();
        PrintStream oldErr = System.err;
        System.setErr(new PrintStream(bout));

        Logger.getLogger("javax.security.sasl").setLevel(Level.ALL);
        Handler h = new ConsoleHandler();
        h.setLevel(Level.ALL);
        Logger.getLogger("javax.security.sasl").addHandler(h);

        byte[] token = new byte[0];

        try {
            // Handshake
            token = sc.initSecContext(token, 0, token.length);
            token = ss.evaluateResponse(token);
            token = sc.unwrap(token, 0, token.length, new MessageProp(0, false));
            token[0] = (byte)(((token[0] & 4) != 0) ? 4 : 2);
            token = sc.wrap(token, 0, token.length, new MessageProp(0, false));
            ss.evaluateResponse(token);
        } finally {
            System.setErr(oldErr);
        }

        // Talk
        // 1. Client sends a auth-int message
        byte[] hello = "hello".getBytes();
        MessageProp qop = new MessageProp(0, false);
        token = sc.wrap(hello, 0, hello.length, qop);
        // 2. Server accepts it anyway
        ss.unwrap(token, 0, token.length);
        // 3. Server sends a message
        token = ss.wrap(hello, 0, hello.length);
        // 4. Client accepts, should be auth-conf
        sc.unwrap(token, 0, token.length, qop);
        if (!qop.getPrivacy()) {
            throw new Exception();
        }

        for (String s: bout.toString().split("\\n")) {
            if (s.contains("KRB5SRV04") && s.contains("NULL")) {
                return;
            }
        }
        System.out.println("=======================");
        System.out.println(bout.toString());
        System.out.println("=======================");
        throw new Exception("Haven't seen KRB5SRV04 with NULL");
    }
 
Example 3
Source File: SaslGSS.java    From openjdk-jdk9 with GNU General Public License v2.0 4 votes vote down vote up
public static void main(String[] args) throws Exception {

        String name = "host." + OneKDC.REALM_LOWER_CASE;

        new OneKDC(null).writeJAASConf();
        System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");

        // Client in JGSS so that it can control wrap privacy mode
        GSSManager m = GSSManager.getInstance();
        GSSContext sc = m.createContext(
                        m.createName(OneKDC.SERVER, GSSUtil.NT_GSS_KRB5_PRINCIPAL),
                        GSSUtil.GSS_KRB5_MECH_OID,
                        null,
                        GSSContext.DEFAULT_LIFETIME);
        sc.requestMutualAuth(false);

        // Server in SASL
        final HashMap props = new HashMap();
        props.put(Sasl.QOP, "auth-conf");
        SaslServer ss = Sasl.createSaslServer("GSSAPI", "server",
                name, props,
                new CallbackHandler() {
                    public void handle(Callback[] callbacks)
                            throws IOException, UnsupportedCallbackException {
                        for (Callback cb : callbacks) {
                            if (cb instanceof RealmCallback) {
                                ((RealmCallback) cb).setText(OneKDC.REALM);
                            } else if (cb instanceof AuthorizeCallback) {
                                ((AuthorizeCallback) cb).setAuthorized(true);
                            }
                        }
                    }
                });

        ByteArrayOutputStream bout = new ByteArrayOutputStream();
        PrintStream oldErr = System.err;
        System.setErr(new PrintStream(bout));

        Logger.getLogger("javax.security.sasl").setLevel(Level.ALL);
        Handler h = new ConsoleHandler();
        h.setLevel(Level.ALL);
        Logger.getLogger("javax.security.sasl").addHandler(h);

        byte[] token = new byte[0];

        try {
            // Handshake
            token = sc.initSecContext(token, 0, token.length);
            token = ss.evaluateResponse(token);
            token = sc.unwrap(token, 0, token.length, new MessageProp(0, false));
            token[0] = (byte)(((token[0] & 4) != 0) ? 4 : 2);
            token = sc.wrap(token, 0, token.length, new MessageProp(0, false));
            ss.evaluateResponse(token);
        } finally {
            System.setErr(oldErr);
        }

        // Talk
        // 1. Client sends a auth-int message
        byte[] hello = "hello".getBytes();
        MessageProp qop = new MessageProp(0, false);
        token = sc.wrap(hello, 0, hello.length, qop);
        // 2. Server accepts it anyway
        ss.unwrap(token, 0, token.length);
        // 3. Server sends a message
        token = ss.wrap(hello, 0, hello.length);
        // 4. Client accepts, should be auth-conf
        sc.unwrap(token, 0, token.length, qop);
        if (!qop.getPrivacy()) {
            throw new Exception();
        }

        for (String s: bout.toString().split("\\n")) {
            if (s.contains("KRB5SRV04") && s.contains("NULL")) {
                return;
            }
        }
        System.out.println("=======================");
        System.out.println(bout.toString());
        System.out.println("=======================");
        throw new Exception("Haven't seen KRB5SRV04 with NULL");
    }
 
Example 4
Source File: SaslGSS.java    From jdk8u-jdk with GNU General Public License v2.0 4 votes vote down vote up
public static void main(String[] args) throws Exception {

        String name = "host." + OneKDC.REALM.toLowerCase(Locale.US);

        new OneKDC(null).writeJAASConf();
        System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");

        // Client in JGSS so that it can control wrap privacy mode
        GSSManager m = GSSManager.getInstance();
        GSSContext sc = m.createContext(
                        m.createName(OneKDC.SERVER, GSSUtil.NT_GSS_KRB5_PRINCIPAL),
                        GSSUtil.GSS_KRB5_MECH_OID,
                        null,
                        GSSContext.DEFAULT_LIFETIME);
        sc.requestMutualAuth(false);

        // Server in SASL
        final HashMap props = new HashMap();
        props.put(Sasl.QOP, "auth-conf");
        SaslServer ss = Sasl.createSaslServer("GSSAPI", "server",
                name, props,
                new CallbackHandler() {
                    public void handle(Callback[] callbacks)
                            throws IOException, UnsupportedCallbackException {
                        for (Callback cb : callbacks) {
                            if (cb instanceof RealmCallback) {
                                ((RealmCallback) cb).setText(OneKDC.REALM);
                            } else if (cb instanceof AuthorizeCallback) {
                                ((AuthorizeCallback) cb).setAuthorized(true);
                            }
                        }
                    }
                });

        ByteArrayOutputStream bout = new ByteArrayOutputStream();
        PrintStream oldErr = System.err;
        System.setErr(new PrintStream(bout));

        Logger.getLogger("javax.security.sasl").setLevel(Level.ALL);
        Handler h = new ConsoleHandler();
        h.setLevel(Level.ALL);
        Logger.getLogger("javax.security.sasl").addHandler(h);

        byte[] token = new byte[0];

        try {
            // Handshake
            token = sc.initSecContext(token, 0, token.length);
            token = ss.evaluateResponse(token);
            token = sc.unwrap(token, 0, token.length, new MessageProp(0, false));
            token[0] = (byte)(((token[0] & 4) != 0) ? 4 : 2);
            token = sc.wrap(token, 0, token.length, new MessageProp(0, false));
            ss.evaluateResponse(token);
        } finally {
            System.setErr(oldErr);
        }

        // Talk
        // 1. Client sends a auth-int message
        byte[] hello = "hello".getBytes();
        MessageProp qop = new MessageProp(0, false);
        token = sc.wrap(hello, 0, hello.length, qop);
        // 2. Server accepts it anyway
        ss.unwrap(token, 0, token.length);
        // 3. Server sends a message
        token = ss.wrap(hello, 0, hello.length);
        // 4. Client accepts, should be auth-conf
        sc.unwrap(token, 0, token.length, qop);
        if (!qop.getPrivacy()) {
            throw new Exception();
        }

        for (String s: bout.toString().split("\\n")) {
            if (s.contains("KRB5SRV04") && s.contains("NULL")) {
                return;
            }
        }
        System.out.println("=======================");
        System.out.println(bout.toString());
        System.out.println("=======================");
        throw new Exception("Haven't seen KRB5SRV04 with NULL");
    }
 
Example 5
Source File: SaslGSS.java    From hottub with GNU General Public License v2.0 4 votes vote down vote up
public static void main(String[] args) throws Exception {

        String name = "host." + OneKDC.REALM.toLowerCase(Locale.US);

        new OneKDC(null).writeJAASConf();
        System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");

        // Client in JGSS so that it can control wrap privacy mode
        GSSManager m = GSSManager.getInstance();
        GSSContext sc = m.createContext(
                        m.createName(OneKDC.SERVER, GSSUtil.NT_GSS_KRB5_PRINCIPAL),
                        GSSUtil.GSS_KRB5_MECH_OID,
                        null,
                        GSSContext.DEFAULT_LIFETIME);
        sc.requestMutualAuth(false);

        // Server in SASL
        final HashMap props = new HashMap();
        props.put(Sasl.QOP, "auth-conf");
        SaslServer ss = Sasl.createSaslServer("GSSAPI", "server",
                name, props,
                new CallbackHandler() {
                    public void handle(Callback[] callbacks)
                            throws IOException, UnsupportedCallbackException {
                        for (Callback cb : callbacks) {
                            if (cb instanceof RealmCallback) {
                                ((RealmCallback) cb).setText(OneKDC.REALM);
                            } else if (cb instanceof AuthorizeCallback) {
                                ((AuthorizeCallback) cb).setAuthorized(true);
                            }
                        }
                    }
                });

        ByteArrayOutputStream bout = new ByteArrayOutputStream();
        PrintStream oldErr = System.err;
        System.setErr(new PrintStream(bout));

        Logger.getLogger("javax.security.sasl").setLevel(Level.ALL);
        Handler h = new ConsoleHandler();
        h.setLevel(Level.ALL);
        Logger.getLogger("javax.security.sasl").addHandler(h);

        byte[] token = new byte[0];

        try {
            // Handshake
            token = sc.initSecContext(token, 0, token.length);
            token = ss.evaluateResponse(token);
            token = sc.unwrap(token, 0, token.length, new MessageProp(0, false));
            token[0] = (byte)(((token[0] & 4) != 0) ? 4 : 2);
            token = sc.wrap(token, 0, token.length, new MessageProp(0, false));
            ss.evaluateResponse(token);
        } finally {
            System.setErr(oldErr);
        }

        // Talk
        // 1. Client sends a auth-int message
        byte[] hello = "hello".getBytes();
        MessageProp qop = new MessageProp(0, false);
        token = sc.wrap(hello, 0, hello.length, qop);
        // 2. Server accepts it anyway
        ss.unwrap(token, 0, token.length);
        // 3. Server sends a message
        token = ss.wrap(hello, 0, hello.length);
        // 4. Client accepts, should be auth-conf
        sc.unwrap(token, 0, token.length, qop);
        if (!qop.getPrivacy()) {
            throw new Exception();
        }

        for (String s: bout.toString().split("\\n")) {
            if (s.contains("KRB5SRV04") && s.contains("NULL")) {
                return;
            }
        }
        System.out.println("=======================");
        System.out.println(bout.toString());
        System.out.println("=======================");
        throw new Exception("Haven't seen KRB5SRV04 with NULL");
    }
 
Example 6
Source File: SaslGSS.java    From openjdk-8-source with GNU General Public License v2.0 4 votes vote down vote up
public static void main(String[] args) throws Exception {

        String name = "host." + OneKDC.REALM.toLowerCase(Locale.US);

        new OneKDC(null).writeJAASConf();
        System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");

        // Client in JGSS so that it can control wrap privacy mode
        GSSManager m = GSSManager.getInstance();
        GSSContext sc = m.createContext(
                        m.createName(OneKDC.SERVER, GSSUtil.NT_GSS_KRB5_PRINCIPAL),
                        GSSUtil.GSS_KRB5_MECH_OID,
                        null,
                        GSSContext.DEFAULT_LIFETIME);
        sc.requestMutualAuth(false);

        // Server in SASL
        final HashMap props = new HashMap();
        props.put(Sasl.QOP, "auth-conf");
        SaslServer ss = Sasl.createSaslServer("GSSAPI", "server",
                name, props,
                new CallbackHandler() {
                    public void handle(Callback[] callbacks)
                            throws IOException, UnsupportedCallbackException {
                        for (Callback cb : callbacks) {
                            if (cb instanceof RealmCallback) {
                                ((RealmCallback) cb).setText(OneKDC.REALM);
                            } else if (cb instanceof AuthorizeCallback) {
                                ((AuthorizeCallback) cb).setAuthorized(true);
                            }
                        }
                    }
                });

        ByteArrayOutputStream bout = new ByteArrayOutputStream();
        PrintStream oldErr = System.err;
        System.setErr(new PrintStream(bout));

        Logger.getLogger("javax.security.sasl").setLevel(Level.ALL);
        Handler h = new ConsoleHandler();
        h.setLevel(Level.ALL);
        Logger.getLogger("javax.security.sasl").addHandler(h);

        byte[] token = new byte[0];

        try {
            // Handshake
            token = sc.initSecContext(token, 0, token.length);
            token = ss.evaluateResponse(token);
            token = sc.unwrap(token, 0, token.length, new MessageProp(0, false));
            token[0] = (byte)(((token[0] & 4) != 0) ? 4 : 2);
            token = sc.wrap(token, 0, token.length, new MessageProp(0, false));
            ss.evaluateResponse(token);
        } finally {
            System.setErr(oldErr);
        }

        // Talk
        // 1. Client sends a auth-int message
        byte[] hello = "hello".getBytes();
        MessageProp qop = new MessageProp(0, false);
        token = sc.wrap(hello, 0, hello.length, qop);
        // 2. Server accepts it anyway
        ss.unwrap(token, 0, token.length);
        // 3. Server sends a message
        token = ss.wrap(hello, 0, hello.length);
        // 4. Client accepts, should be auth-conf
        sc.unwrap(token, 0, token.length, qop);
        if (!qop.getPrivacy()) {
            throw new Exception();
        }

        for (String s: bout.toString().split("\\n")) {
            if (s.contains("KRB5SRV04") && s.contains("NULL")) {
                return;
            }
        }
        System.out.println("=======================");
        System.out.println(bout.toString());
        System.out.println("=======================");
        throw new Exception("Haven't seen KRB5SRV04 with NULL");
    }
 
Example 7
Source File: SaslGSS.java    From openjdk-8 with GNU General Public License v2.0 4 votes vote down vote up
public static void main(String[] args) throws Exception {

        String name = "host." + OneKDC.REALM.toLowerCase(Locale.US);

        new OneKDC(null).writeJAASConf();
        System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");

        // Client in JGSS so that it can control wrap privacy mode
        GSSManager m = GSSManager.getInstance();
        GSSContext sc = m.createContext(
                        m.createName(OneKDC.SERVER, GSSUtil.NT_GSS_KRB5_PRINCIPAL),
                        GSSUtil.GSS_KRB5_MECH_OID,
                        null,
                        GSSContext.DEFAULT_LIFETIME);
        sc.requestMutualAuth(false);

        // Server in SASL
        final HashMap props = new HashMap();
        props.put(Sasl.QOP, "auth-conf");
        SaslServer ss = Sasl.createSaslServer("GSSAPI", "server",
                name, props,
                new CallbackHandler() {
                    public void handle(Callback[] callbacks)
                            throws IOException, UnsupportedCallbackException {
                        for (Callback cb : callbacks) {
                            if (cb instanceof RealmCallback) {
                                ((RealmCallback) cb).setText(OneKDC.REALM);
                            } else if (cb instanceof AuthorizeCallback) {
                                ((AuthorizeCallback) cb).setAuthorized(true);
                            }
                        }
                    }
                });

        ByteArrayOutputStream bout = new ByteArrayOutputStream();
        PrintStream oldErr = System.err;
        System.setErr(new PrintStream(bout));

        Logger.getLogger("javax.security.sasl").setLevel(Level.ALL);
        Handler h = new ConsoleHandler();
        h.setLevel(Level.ALL);
        Logger.getLogger("javax.security.sasl").addHandler(h);

        byte[] token = new byte[0];

        try {
            // Handshake
            token = sc.initSecContext(token, 0, token.length);
            token = ss.evaluateResponse(token);
            token = sc.unwrap(token, 0, token.length, new MessageProp(0, false));
            token[0] = (byte)(((token[0] & 4) != 0) ? 4 : 2);
            token = sc.wrap(token, 0, token.length, new MessageProp(0, false));
            ss.evaluateResponse(token);
        } finally {
            System.setErr(oldErr);
        }

        // Talk
        // 1. Client sends a auth-int message
        byte[] hello = "hello".getBytes();
        MessageProp qop = new MessageProp(0, false);
        token = sc.wrap(hello, 0, hello.length, qop);
        // 2. Server accepts it anyway
        ss.unwrap(token, 0, token.length);
        // 3. Server sends a message
        token = ss.wrap(hello, 0, hello.length);
        // 4. Client accepts, should be auth-conf
        sc.unwrap(token, 0, token.length, qop);
        if (!qop.getPrivacy()) {
            throw new Exception();
        }

        for (String s: bout.toString().split("\\n")) {
            if (s.contains("KRB5SRV04") && s.contains("NULL")) {
                return;
            }
        }
        System.out.println("=======================");
        System.out.println(bout.toString());
        System.out.println("=======================");
        throw new Exception("Haven't seen KRB5SRV04 with NULL");
    }
 
Example 8
Source File: SaslGSS.java    From jdk8u-jdk with GNU General Public License v2.0 4 votes vote down vote up
public static void main(String[] args) throws Exception {

        String name = "host." + OneKDC.REALM.toLowerCase(Locale.US);

        new OneKDC(null).writeJAASConf();
        System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");

        // Client in JGSS so that it can control wrap privacy mode
        GSSManager m = GSSManager.getInstance();
        GSSContext sc = m.createContext(
                        m.createName(OneKDC.SERVER, GSSUtil.NT_GSS_KRB5_PRINCIPAL),
                        GSSUtil.GSS_KRB5_MECH_OID,
                        null,
                        GSSContext.DEFAULT_LIFETIME);
        sc.requestMutualAuth(false);

        // Server in SASL
        final HashMap props = new HashMap();
        props.put(Sasl.QOP, "auth-conf");
        SaslServer ss = Sasl.createSaslServer("GSSAPI", "server",
                name, props,
                new CallbackHandler() {
                    public void handle(Callback[] callbacks)
                            throws IOException, UnsupportedCallbackException {
                        for (Callback cb : callbacks) {
                            if (cb instanceof RealmCallback) {
                                ((RealmCallback) cb).setText(OneKDC.REALM);
                            } else if (cb instanceof AuthorizeCallback) {
                                ((AuthorizeCallback) cb).setAuthorized(true);
                            }
                        }
                    }
                });

        ByteArrayOutputStream bout = new ByteArrayOutputStream();
        PrintStream oldErr = System.err;
        System.setErr(new PrintStream(bout));

        Logger.getLogger("javax.security.sasl").setLevel(Level.ALL);
        Handler h = new ConsoleHandler();
        h.setLevel(Level.ALL);
        Logger.getLogger("javax.security.sasl").addHandler(h);

        byte[] token = new byte[0];

        try {
            // Handshake
            token = sc.initSecContext(token, 0, token.length);
            token = ss.evaluateResponse(token);
            token = sc.unwrap(token, 0, token.length, new MessageProp(0, false));
            token[0] = (byte)(((token[0] & 4) != 0) ? 4 : 2);
            token = sc.wrap(token, 0, token.length, new MessageProp(0, false));
            ss.evaluateResponse(token);
        } finally {
            System.setErr(oldErr);
        }

        // Talk
        // 1. Client sends a auth-int message
        byte[] hello = "hello".getBytes();
        MessageProp qop = new MessageProp(0, false);
        token = sc.wrap(hello, 0, hello.length, qop);
        // 2. Server accepts it anyway
        ss.unwrap(token, 0, token.length);
        // 3. Server sends a message
        token = ss.wrap(hello, 0, hello.length);
        // 4. Client accepts, should be auth-conf
        sc.unwrap(token, 0, token.length, qop);
        if (!qop.getPrivacy()) {
            throw new Exception();
        }

        for (String s: bout.toString().split("\\n")) {
            if (s.contains("KRB5SRV04") && s.contains("NULL")) {
                return;
            }
        }
        System.out.println("=======================");
        System.out.println(bout.toString());
        System.out.println("=======================");
        throw new Exception("Haven't seen KRB5SRV04 with NULL");
    }
 
Example 9
Source File: SaslGSS.java    From jdk8u-dev-jdk with GNU General Public License v2.0 4 votes vote down vote up
public static void main(String[] args) throws Exception {

        String name = "host." + OneKDC.REALM.toLowerCase(Locale.US);

        new OneKDC(null).writeJAASConf();
        System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");

        // Client in JGSS so that it can control wrap privacy mode
        GSSManager m = GSSManager.getInstance();
        GSSContext sc = m.createContext(
                        m.createName(OneKDC.SERVER, GSSUtil.NT_GSS_KRB5_PRINCIPAL),
                        GSSUtil.GSS_KRB5_MECH_OID,
                        null,
                        GSSContext.DEFAULT_LIFETIME);
        sc.requestMutualAuth(false);

        // Server in SASL
        final HashMap props = new HashMap();
        props.put(Sasl.QOP, "auth-conf");
        SaslServer ss = Sasl.createSaslServer("GSSAPI", "server",
                name, props,
                new CallbackHandler() {
                    public void handle(Callback[] callbacks)
                            throws IOException, UnsupportedCallbackException {
                        for (Callback cb : callbacks) {
                            if (cb instanceof RealmCallback) {
                                ((RealmCallback) cb).setText(OneKDC.REALM);
                            } else if (cb instanceof AuthorizeCallback) {
                                ((AuthorizeCallback) cb).setAuthorized(true);
                            }
                        }
                    }
                });

        ByteArrayOutputStream bout = new ByteArrayOutputStream();
        PrintStream oldErr = System.err;
        System.setErr(new PrintStream(bout));

        Logger.getLogger("javax.security.sasl").setLevel(Level.ALL);
        Handler h = new ConsoleHandler();
        h.setLevel(Level.ALL);
        Logger.getLogger("javax.security.sasl").addHandler(h);

        byte[] token = new byte[0];

        try {
            // Handshake
            token = sc.initSecContext(token, 0, token.length);
            token = ss.evaluateResponse(token);
            token = sc.unwrap(token, 0, token.length, new MessageProp(0, false));
            token[0] = (byte)(((token[0] & 4) != 0) ? 4 : 2);
            token = sc.wrap(token, 0, token.length, new MessageProp(0, false));
            ss.evaluateResponse(token);
        } finally {
            System.setErr(oldErr);
        }

        // Talk
        // 1. Client sends a auth-int message
        byte[] hello = "hello".getBytes();
        MessageProp qop = new MessageProp(0, false);
        token = sc.wrap(hello, 0, hello.length, qop);
        // 2. Server accepts it anyway
        ss.unwrap(token, 0, token.length);
        // 3. Server sends a message
        token = ss.wrap(hello, 0, hello.length);
        // 4. Client accepts, should be auth-conf
        sc.unwrap(token, 0, token.length, qop);
        if (!qop.getPrivacy()) {
            throw new Exception();
        }

        for (String s: bout.toString().split("\\n")) {
            if (s.contains("KRB5SRV04") && s.contains("NULL")) {
                return;
            }
        }
        System.out.println("=======================");
        System.out.println(bout.toString());
        System.out.println("=======================");
        throw new Exception("Haven't seen KRB5SRV04 with NULL");
    }