org.ietf.jgss.Oid Java Examples
The following examples show how to use
org.ietf.jgss.Oid.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: KerberosUtil.java From zeppelin with Apache License 2.0 | 6 votes |
public static Oid getOidInstance(String oidName) throws ClassNotFoundException, GSSException, NoSuchFieldException, IllegalAccessException { Class<?> oidClass; if (IBM_JAVA) { if ("NT_GSS_KRB5_PRINCIPAL".equals(oidName)) { // IBM JDK GSSUtil class does not have field for krb5 principal oid return new Oid("1.2.840.113554.1.2.2.1"); } oidClass = Class.forName("com.ibm.security.jgss.GSSUtil"); } else { oidClass = Class.forName("sun.security.jgss.GSSUtil"); } Field oidField = oidClass.getDeclaredField(oidName); return (Oid)oidField.get(oidClass); }
Example #2
Source File: SpnegoLifeTime.java From TencentKona-8 with GNU General Public License v2.0 | 6 votes |
public static void main(String[] args) throws Exception { Oid oid = GSSUtil.GSS_SPNEGO_MECH_OID; new OneKDC(null).writeJAASConf(); Context c, s; c = Context.fromJAAS("client"); s = Context.fromJAAS("server"); c.startAsClient(OneKDC.SERVER, oid); c.x().requestCredDeleg(true); s.startAsServer(oid); Context.handshake(c, s); GSSCredential cred = s.delegated().cred(); cred.getRemainingInitLifetime(oid); cred.getUsage(oid); }
Example #3
Source File: KerberosUtil.java From registry with Apache License 2.0 | 6 votes |
public static Oid getOidInstance(String oidName) throws ClassNotFoundException, GSSException, NoSuchFieldException, IllegalAccessException { Class<?> oidClass; if (IBM_JAVA) { if ("NT_GSS_KRB5_PRINCIPAL".equals(oidName)) { // IBM JDK GSSUtil class does not have field for krb5 principal oid return new Oid("1.2.840.113554.1.2.2.1"); } oidClass = Class.forName("com.ibm.security.jgss.GSSUtil"); } else { oidClass = Class.forName("sun.security.jgss.GSSUtil"); } Field oidField = oidClass.getDeclaredField(oidName); return (Oid) oidField.get(oidClass); }
Example #4
Source File: Context.java From openjdk-jdk8u with GNU General Public License v2.0 | 6 votes |
/** * Starts as a client * @param target communication peer * @param mech GSS mech * @throws java.lang.Exception */ public void startAsClient(final String target, final Oid mech) throws Exception { doAs(new Action() { @Override public byte[] run(Context me, byte[] dummy) throws Exception { GSSManager m = GSSManager.getInstance(); me.x = (ExtendedGSSContext)m.createContext( target.indexOf('@') < 0 ? m.createName(target, null) : m.createName(target, GSSName.NT_HOSTBASED_SERVICE), mech, cred, GSSContext.DEFAULT_LIFETIME); return null; } }, null); }
Example #5
Source File: OidFormat.java From openjdk-8 with GNU General Public License v2.0 | 6 votes |
static void testBad(String s) throws Exception { System.err.println("Trying " + s); try { new ObjectIdentifier(s); throw new Exception("should be invalid ObjectIdentifier"); } catch (IOException ioe) { System.err.println(ioe); } try { new Oid(s); throw new Exception("should be invalid Oid"); } catch (GSSException gsse) { ; } try { new EncryptedPrivateKeyInfo(s, new byte[8]); throw new Exception("should be invalid algorithm"); } catch (NoSuchAlgorithmException e) { ; } }
Example #6
Source File: SecurityRealmService.java From wildfly-core with GNU Lesser General Public License v2.1 | 6 votes |
private GSSKerberosCredential getGSSKerberosCredential(final String protocol, final String forHost) throws GeneralSecurityException { SubjectIdentity subjectIdentity = getSubjectIdentity(protocol, forHost); if (subjectIdentity == null) { throw ROOT_LOGGER.noSubjectIdentityForProtocolAndHost(protocol, forHost); } final GSSManager manager = GSSManager.getInstance(); try { GSSCredential gssCredential = Subject.doAs(subjectIdentity.getSubject(), (PrivilegedExceptionAction<GSSCredential>) () -> manager.createCredential(null, GSSCredential.DEFAULT_LIFETIME, new Oid[] { KERBEROS_V5, SPNEGO }, GSSCredential.ACCEPT_ONLY)); return new GSSKerberosCredential(gssCredential); } catch (PrivilegedActionException e) { throw new GeneralSecurityException(e.getCause()); } }
Example #7
Source File: Context.java From jdk8u60 with GNU General Public License v2.0 | 6 votes |
/** * Starts as a client * @param target communication peer * @param mech GSS mech * @throws java.lang.Exception */ public void startAsClient(final String target, final Oid mech) throws Exception { doAs(new Action() { @Override public byte[] run(Context me, byte[] dummy) throws Exception { GSSManager m = GSSManager.getInstance(); me.x = (ExtendedGSSContext)m.createContext( target.indexOf('@') < 0 ? m.createName(target, null) : m.createName(target, GSSName.NT_HOSTBASED_SERVICE), mech, cred, GSSContext.DEFAULT_LIFETIME); return null; } }, null); }
Example #8
Source File: Context.java From jdk8u60 with GNU General Public License v2.0 | 6 votes |
/** * Starts as a server with the specified service name * @param name the service name * @param mech GSS mech * @throws java.lang.Exception */ public void startAsServer(final String name, final Oid mech, final boolean asInitiator) throws Exception { doAs(new Action() { @Override public byte[] run(Context me, byte[] dummy) throws Exception { GSSManager m = GSSManager.getInstance(); me.cred = m.createCredential( name == null ? null : (name.indexOf('@') < 0 ? m.createName(name, null) : m.createName(name, GSSName.NT_HOSTBASED_SERVICE)), GSSCredential.INDEFINITE_LIFETIME, mech, asInitiator? GSSCredential.INITIATE_AND_ACCEPT: GSSCredential.ACCEPT_ONLY); me.x = (ExtendedGSSContext)m.createContext(me.cred); return null; } }, null); }
Example #9
Source File: SpnegoLifeTime.java From jdk8u-jdk with GNU General Public License v2.0 | 6 votes |
public static void main(String[] args) throws Exception { Oid oid = GSSUtil.GSS_SPNEGO_MECH_OID; new OneKDC(null).writeJAASConf(); Context c, s; c = Context.fromJAAS("client"); s = Context.fromJAAS("server"); c.startAsClient(OneKDC.SERVER, oid); c.x().requestCredDeleg(true); s.startAsServer(oid); Context.handshake(c, s); GSSCredential cred = s.delegated().cred(); cred.getRemainingInitLifetime(oid); cred.getUsage(oid); }
Example #10
Source File: KerberosUtil.java From big-c with Apache License 2.0 | 6 votes |
public static Oid getOidInstance(String oidName) throws ClassNotFoundException, GSSException, NoSuchFieldException, IllegalAccessException { Class<?> oidClass; if (IBM_JAVA) { if ("NT_GSS_KRB5_PRINCIPAL".equals(oidName)) { // IBM JDK GSSUtil class does not have field for krb5 principal oid return new Oid("1.2.840.113554.1.2.2.1"); } oidClass = Class.forName("com.ibm.security.jgss.GSSUtil"); } else { oidClass = Class.forName("sun.security.jgss.GSSUtil"); } Field oidField = oidClass.getDeclaredField(oidName); return (Oid)oidField.get(oidClass); }
Example #11
Source File: OidFormat.java From jdk8u60 with GNU General Public License v2.0 | 6 votes |
static void testBad(String s) throws Exception { System.err.println("Trying " + s); try { new ObjectIdentifier(s); throw new Exception("should be invalid ObjectIdentifier"); } catch (IOException ioe) { System.err.println(ioe); } try { new Oid(s); throw new Exception("should be invalid Oid"); } catch (GSSException gsse) { ; } try { new EncryptedPrivateKeyInfo(s, new byte[8]); throw new Exception("should be invalid algorithm"); } catch (NoSuchAlgorithmException e) { ; } }
Example #12
Source File: Kerb5Context.java From jcifs-ng with GNU Lesser General Public License v2.1 | 5 votes |
Kerb5Context ( String host, String service, String name, int userLifetime, int contextLifetime, String realm ) throws GSSException { GSSManager manager = GSSManager.getInstance(); GSSCredential clientCreds = null; Oid mechOid = JGSS_KRB5_MECH_OID; if ( realm != null ) { this.serviceName = manager.createName(service + "/" + host + "@" + realm, JGSS_KRB5_NAME_OID, mechOid); } else { this.serviceName = manager.createName(service + "@" + host, GSSName.NT_HOSTBASED_SERVICE, mechOid); } if ( log.isDebugEnabled() ) { log.debug("Service name is " + this.serviceName); } if ( name != null ) { this.clientName = manager.createName(name, GSSName.NT_USER_NAME, mechOid); clientCreds = manager.createCredential(this.clientName, userLifetime, mechOid, GSSCredential.INITIATE_ONLY); } else { this.clientName = null; } this.gssContext = manager.createContext(this.serviceName, mechOid, clientCreds, contextLifetime); this.gssContext.requestAnonymity(false); this.gssContext.requestSequenceDet(false); this.gssContext.requestConf(false); this.gssContext.requestInteg(false); this.gssContext.requestReplayDet(false); // per spec these should be set this.gssContext.requestMutualAuth(true); this.gssContext.requestCredDeleg(true); }
Example #13
Source File: S4U2selfGSS.java From openjdk-jdk8u with GNU General Public License v2.0 | 5 votes |
public static void main(String[] args) throws Exception { Oid mech; if (args[0].equals("spnego")) { mech = GSSUtil.GSS_SPNEGO_MECH_OID; } else if (args[0].contains("krb5")) { mech = GSSUtil.GSS_KRB5_MECH_OID; } else { throw new Exception("Unknown mech"); } OneKDC kdc = new OneKDC(null); kdc.writeJAASConf(); kdc.setOption(KDC.Option.ALLOW_S4U2SELF, Arrays.asList( new String[]{OneKDC.USER + "@" + OneKDC.REALM})); Map<String,List<String>> map = new HashMap<>(); map.put(OneKDC.USER + "@" + OneKDC.REALM, Arrays.asList( new String[]{OneKDC.SERVER + "@" + OneKDC.REALM})); kdc.setOption(KDC.Option.ALLOW_S4U2PROXY, map); Context c, s; System.setProperty("javax.security.auth.useSubjectCredsOnly", "false"); c = Context.fromThinAir(); s = Context.fromThinAir(); c = c.impersonate(OneKDC.USER2); c.startAsClient(OneKDC.SERVER, mech); s.startAsServer(mech); Context.handshake(c, s); String n1 = c.x().getSrcName().toString().split("@")[0]; String n2 = s.x().getSrcName().toString().split("@")[0]; if (!n1.equals(OneKDC.USER2) || !n2.equals(OneKDC.USER2)) { throw new Exception("Impersonate failed"); } s.dispose(); c.dispose(); }
Example #14
Source File: GSSLibStub.java From hottub with GNU General Public License v2.0 | 5 votes |
static GSSLibStub getInstance(Oid mech) throws GSSException { GSSLibStub s = table.get(mech); if (s == null) { s = new GSSLibStub(mech); table.put(mech, s); } return s; }
Example #15
Source File: S4U2selfAsServer.java From openjdk-jdk8u with GNU General Public License v2.0 | 5 votes |
public static void main(String[] args) throws Exception { Oid mech; if (args[0].equals("spnego")) { mech = GSSUtil.GSS_SPNEGO_MECH_OID; } else if (args[0].contains("krb5")) { mech = GSSUtil.GSS_KRB5_MECH_OID; } else { throw new Exception("Unknown mech"); } OneKDC kdc = new OneKDC(null); kdc.writeJAASConf(); kdc.setOption(KDC.Option.PREAUTH_REQUIRED, false); Map<String,List<String>> map = new HashMap<>(); map.put(OneKDC.SERVER + "@" + OneKDC.REALM, Arrays.asList( new String[]{OneKDC.BACKEND + "@" + OneKDC.REALM})); kdc.setOption(KDC.Option.ALLOW_S4U2PROXY, map); kdc.setOption(KDC.Option.ALLOW_S4U2SELF, Arrays.asList( new String[]{OneKDC.SERVER + "@" + OneKDC.REALM})); Context s, b; s = Context.fromJAAS("server"); b = Context.fromJAAS("backend"); s.startAsServer(null, mech, false); Context p = s.impersonate(OneKDC.USER); p.startAsClient(OneKDC.BACKEND, mech); b.startAsServer(mech); Context.handshake(p, b); p.startAsClient(OneKDC.BACKEND, mech); b.startAsServer(mech); Context.handshake(p, b); }
Example #16
Source File: JgssIntegrationTest.java From tutorials with MIT License | 5 votes |
@Before public void setUp() throws SaslException, GSSException { GSSManager manager = GSSManager.getInstance(); serverContext = manager.createContext((GSSCredential) null); String serverPrinciple = SERVER_PRINCIPAL; GSSName serverName = manager.createName(serverPrinciple, null); Oid krb5Oid = new Oid(MECHANISM); clientContext = manager.createContext(serverName, krb5Oid, (GSSCredential) null, GSSContext.DEFAULT_LIFETIME); clientContext.requestMutualAuth(true); clientContext.requestConf(true); clientContext.requestInteg(true); }
Example #17
Source File: S4U2selfAsServer.java From jdk8u-jdk with GNU General Public License v2.0 | 5 votes |
public static void main(String[] args) throws Exception { Oid mech; if (args[0].equals("spnego")) { mech = GSSUtil.GSS_SPNEGO_MECH_OID; } else if (args[0].contains("krb5")) { mech = GSSUtil.GSS_KRB5_MECH_OID; } else { throw new Exception("Unknown mech"); } OneKDC kdc = new OneKDC(null); kdc.writeJAASConf(); kdc.setOption(KDC.Option.PREAUTH_REQUIRED, false); Map<String,List<String>> map = new HashMap<>(); map.put(OneKDC.SERVER + "@" + OneKDC.REALM, Arrays.asList( new String[]{OneKDC.BACKEND + "@" + OneKDC.REALM})); kdc.setOption(KDC.Option.ALLOW_S4U2PROXY, map); kdc.setOption(KDC.Option.ALLOW_S4U2SELF, Arrays.asList( new String[]{OneKDC.SERVER + "@" + OneKDC.REALM})); Context s, b; s = Context.fromJAAS("server"); b = Context.fromJAAS("backend"); s.startAsServer(null, mech, false); Context p = s.impersonate(OneKDC.USER); p.startAsClient(OneKDC.BACKEND, mech); b.startAsServer(mech); Context.handshake(p, b); p.startAsClient(OneKDC.BACKEND, mech); b.startAsServer(mech); Context.handshake(p, b); }
Example #18
Source File: GSSLibStub.java From jdk8u_jdk with GNU General Public License v2.0 | 5 votes |
static GSSLibStub getInstance(Oid mech) throws GSSException { GSSLibStub s = table.get(mech); if (s == null) { s = new GSSLibStub(mech); table.put(mech, s); } return s; }
Example #19
Source File: GSSLibStub.java From dragonwell8_jdk with GNU General Public License v2.0 | 5 votes |
static GSSLibStub getInstance(Oid mech) throws GSSException { GSSLibStub s = table.get(mech); if (s == null) { s = new GSSLibStub(mech); table.put(mech, s); } return s; }
Example #20
Source File: S4U2selfAsServer.java From openjdk-8 with GNU General Public License v2.0 | 5 votes |
public static void main(String[] args) throws Exception { Oid mech; if (args[0].equals("spnego")) { mech = GSSUtil.GSS_SPNEGO_MECH_OID; } else if (args[0].contains("krb5")) { mech = GSSUtil.GSS_KRB5_MECH_OID; } else { throw new Exception("Unknown mech"); } OneKDC kdc = new OneKDC(null); kdc.writeJAASConf(); kdc.setOption(KDC.Option.PREAUTH_REQUIRED, false); Map<String,List<String>> map = new HashMap<>(); map.put(OneKDC.SERVER + "@" + OneKDC.REALM, Arrays.asList( new String[]{OneKDC.BACKEND + "@" + OneKDC.REALM})); kdc.setOption(KDC.Option.ALLOW_S4U2PROXY, map); kdc.setOption(KDC.Option.ALLOW_S4U2SELF, Arrays.asList( new String[]{OneKDC.SERVER + "@" + OneKDC.REALM})); Context s, b; s = Context.fromJAAS("server"); b = Context.fromJAAS("backend"); s.startAsServer(null, mech, false); Context p = s.impersonate(OneKDC.USER); p.startAsClient(OneKDC.BACKEND, mech); b.startAsServer(mech); Context.handshake(p, b); p.startAsClient(OneKDC.BACKEND, mech); b.startAsServer(mech); Context.handshake(p, b); }
Example #21
Source File: S4U2selfAsServer.java From jdk8u_jdk with GNU General Public License v2.0 | 5 votes |
public static void main(String[] args) throws Exception { Oid mech; if (args[0].equals("spnego")) { mech = GSSUtil.GSS_SPNEGO_MECH_OID; } else if (args[0].contains("krb5")) { mech = GSSUtil.GSS_KRB5_MECH_OID; } else { throw new Exception("Unknown mech"); } OneKDC kdc = new OneKDC(null); kdc.writeJAASConf(); kdc.setOption(KDC.Option.PREAUTH_REQUIRED, false); Map<String,List<String>> map = new HashMap<>(); map.put(OneKDC.SERVER + "@" + OneKDC.REALM, Arrays.asList( new String[]{OneKDC.BACKEND + "@" + OneKDC.REALM})); kdc.setOption(KDC.Option.ALLOW_S4U2PROXY, map); kdc.setOption(KDC.Option.ALLOW_S4U2SELF, Arrays.asList( new String[]{OneKDC.SERVER + "@" + OneKDC.REALM})); Context s, b; s = Context.fromJAAS("server"); b = Context.fromJAAS("backend"); s.startAsServer(null, mech, false); Context p = s.impersonate(OneKDC.USER); p.startAsClient(OneKDC.BACKEND, mech); b.startAsServer(mech); Context.handshake(p, b); p.startAsClient(OneKDC.BACKEND, mech); b.startAsServer(mech); Context.handshake(p, b); }
Example #22
Source File: S4U2proxy.java From openjdk-8 with GNU General Public License v2.0 | 5 votes |
public static void main(String[] args) throws Exception { Oid mech; if (args[0].equals("spnego")) { mech = GSSUtil.GSS_SPNEGO_MECH_OID; } else if (args[0].contains("krb5")) { mech = GSSUtil.GSS_KRB5_MECH_OID; } else { throw new Exception("Unknown mech"); } OneKDC kdc = new OneKDC(null); kdc.writeJAASConf(); kdc.setOption(KDC.Option.PREAUTH_REQUIRED, false); Map<String,List<String>> map = new HashMap<>(); map.put(OneKDC.SERVER + "@" + OneKDC.REALM, Arrays.asList( new String[]{OneKDC.BACKEND + "@" + OneKDC.REALM})); kdc.setOption(KDC.Option.ALLOW_S4U2PROXY, map); Context c, s, b; c = Context.fromJAAS("client"); s = Context.fromJAAS("server"); b = Context.fromJAAS("backend"); c.startAsClient(OneKDC.SERVER, mech); s.startAsServer(null, mech, false); Context.handshake(c, s); Context p = s.delegated(); p.startAsClient(OneKDC.BACKEND, mech); b.startAsServer(mech); Context.handshake(p, b); p.startAsClient(OneKDC.BACKEND, mech); b.startAsServer(mech); Context.handshake(p, b); }
Example #23
Source File: S4U2selfGSS.java From jdk8u-jdk with GNU General Public License v2.0 | 5 votes |
public static void main(String[] args) throws Exception { Oid mech; if (args[0].equals("spnego")) { mech = GSSUtil.GSS_SPNEGO_MECH_OID; } else if (args[0].contains("krb5")) { mech = GSSUtil.GSS_KRB5_MECH_OID; } else { throw new Exception("Unknown mech"); } OneKDC kdc = new OneKDC(null); kdc.writeJAASConf(); kdc.setOption(KDC.Option.ALLOW_S4U2SELF, Arrays.asList( new String[]{OneKDC.USER + "@" + OneKDC.REALM})); Map<String,List<String>> map = new HashMap<>(); map.put(OneKDC.USER + "@" + OneKDC.REALM, Arrays.asList( new String[]{OneKDC.SERVER + "@" + OneKDC.REALM})); kdc.setOption(KDC.Option.ALLOW_S4U2PROXY, map); Context c, s; System.setProperty("javax.security.auth.useSubjectCredsOnly", "false"); c = Context.fromThinAir(); s = Context.fromThinAir(); c = c.impersonate(OneKDC.USER2); c.startAsClient(OneKDC.SERVER, mech); s.startAsServer(mech); Context.handshake(c, s); String n1 = c.x().getSrcName().toString().split("@")[0]; String n2 = s.x().getSrcName().toString().split("@")[0]; if (!n1.equals(OneKDC.USER2) || !n2.equals(OneKDC.USER2)) { throw new Exception("Impersonate failed"); } s.dispose(); c.dispose(); }
Example #24
Source File: S4U2selfGSS.java From TencentKona-8 with GNU General Public License v2.0 | 5 votes |
public static void main(String[] args) throws Exception { Oid mech; if (args[0].equals("spnego")) { mech = GSSUtil.GSS_SPNEGO_MECH_OID; } else if (args[0].contains("krb5")) { mech = GSSUtil.GSS_KRB5_MECH_OID; } else { throw new Exception("Unknown mech"); } OneKDC kdc = new OneKDC(null); kdc.writeJAASConf(); kdc.setOption(KDC.Option.ALLOW_S4U2SELF, Arrays.asList( new String[]{OneKDC.USER + "@" + OneKDC.REALM})); Map<String,List<String>> map = new HashMap<>(); map.put(OneKDC.USER + "@" + OneKDC.REALM, Arrays.asList( new String[]{OneKDC.SERVER + "@" + OneKDC.REALM})); kdc.setOption(KDC.Option.ALLOW_S4U2PROXY, map); Context c, s; System.setProperty("javax.security.auth.useSubjectCredsOnly", "false"); c = Context.fromThinAir(); s = Context.fromThinAir(); c = c.impersonate(OneKDC.USER2); c.startAsClient(OneKDC.SERVER, mech); s.startAsServer(mech); Context.handshake(c, s); String n1 = c.x().getSrcName().toString().split("@")[0]; String n2 = s.x().getSrcName().toString().split("@")[0]; if (!n1.equals(OneKDC.USER2) || !n2.equals(OneKDC.USER2)) { throw new Exception("Impersonate failed"); } s.dispose(); c.dispose(); }
Example #25
Source File: GSSLibStub.java From jdk8u-dev-jdk with GNU General Public License v2.0 | 5 votes |
static GSSLibStub getInstance(Oid mech) throws GSSException { GSSLibStub s = table.get(mech); if (s == null) { s = new GSSLibStub(mech); table.put(mech, s); } return s; }
Example #26
Source File: S4U2selfGSS.java From jdk8u_jdk with GNU General Public License v2.0 | 5 votes |
public static void main(String[] args) throws Exception { Oid mech; if (args[0].equals("spnego")) { mech = GSSUtil.GSS_SPNEGO_MECH_OID; } else if (args[0].contains("krb5")) { mech = GSSUtil.GSS_KRB5_MECH_OID; } else { throw new Exception("Unknown mech"); } OneKDC kdc = new OneKDC(null); kdc.writeJAASConf(); kdc.setOption(KDC.Option.ALLOW_S4U2SELF, Arrays.asList( new String[]{OneKDC.USER + "@" + OneKDC.REALM})); Map<String,List<String>> map = new HashMap<>(); map.put(OneKDC.USER + "@" + OneKDC.REALM, Arrays.asList( new String[]{OneKDC.SERVER + "@" + OneKDC.REALM})); kdc.setOption(KDC.Option.ALLOW_S4U2PROXY, map); Context c, s; System.setProperty("javax.security.auth.useSubjectCredsOnly", "false"); c = Context.fromThinAir(); s = Context.fromThinAir(); c = c.impersonate(OneKDC.USER2); c.startAsClient(OneKDC.SERVER, mech); s.startAsServer(mech); Context.handshake(c, s); String n1 = c.x().getSrcName().toString().split("@")[0]; String n2 = s.x().getSrcName().toString().split("@")[0]; if (!n1.equals(OneKDC.USER2) || !n2.equals(OneKDC.USER2)) { throw new Exception("Impersonate failed"); } s.dispose(); c.dispose(); }
Example #27
Source File: S4U2selfAsServer.java From openjdk-jdk9 with GNU General Public License v2.0 | 5 votes |
public static void main(String[] args) throws Exception { Oid mech; if (args[0].equals("spnego")) { mech = GSSUtil.GSS_SPNEGO_MECH_OID; } else if (args[0].contains("krb5")) { mech = GSSUtil.GSS_KRB5_MECH_OID; } else { throw new Exception("Unknown mech"); } OneKDC kdc = new OneKDC(null); kdc.writeJAASConf(); kdc.setOption(KDC.Option.PREAUTH_REQUIRED, false); Map<String,List<String>> map = new HashMap<>(); map.put(OneKDC.SERVER + "@" + OneKDC.REALM, Arrays.asList( new String[]{OneKDC.BACKEND + "@" + OneKDC.REALM})); kdc.setOption(KDC.Option.ALLOW_S4U2PROXY, map); kdc.setOption(KDC.Option.ALLOW_S4U2SELF, Arrays.asList( new String[]{OneKDC.SERVER + "@" + OneKDC.REALM})); Context s, b; s = Context.fromJAAS("server"); b = Context.fromJAAS("backend"); s.startAsServer(null, mech, false); Context p = s.impersonate(OneKDC.USER); p.startAsClient(OneKDC.BACKEND, mech); b.startAsServer(mech); Context.handshake(p, b); p.startAsClient(OneKDC.BACKEND, mech); b.startAsServer(mech); Context.handshake(p, b); }
Example #28
Source File: AbstractSpnegoNegotiatorTest.java From elasticsearch-hadoop with Apache License 2.0 | 4 votes |
@Test public void testSuccessfulNegotiate() throws IOException, GSSException, InterruptedException { // Mechanisms final GSSManager gssManager = GSSManager.getInstance(); final Oid spnegoOid = new Oid("1.3.6.1.5.5.2"); // Configure logins Configuration configuration = new Configuration(); SecurityUtil.setAuthenticationMethod(UserGroupInformation.AuthenticationMethod.KERBEROS, configuration); UserGroupInformation.setConfiguration(configuration); // Login as Server UserGroupInformation server = UserGroupInformation.loginUserFromKeytabAndReturnUGI(KerberosSuite.PRINCIPAL_SERVER, KEYTAB_FILE.getAbsolutePath()); final GSSName gssServicePrincipalName = gssManager.createName(KerberosSuite.PRINCIPAL_SERVER, GSSName.NT_USER_NAME); final GSSCredential gssServiceCredential = server.doAs(new PrivilegedExceptionAction<GSSCredential>() { @Override public GSSCredential run() throws Exception { return gssManager.createCredential( gssServicePrincipalName, GSSCredential.DEFAULT_LIFETIME, spnegoOid, GSSCredential.ACCEPT_ONLY ); } }); final GSSContext serverCtx = gssManager.createContext(gssServiceCredential); // Login as Client and Create negotiator UserGroupInformation client = UserGroupInformation.loginUserFromKeytabAndReturnUGI(KerberosSuite.PRINCIPAL_CLIENT, KEYTAB_FILE.getAbsolutePath()); final SpnegoNegotiator spnegoNegotiator = client.doAs(new PrivilegedExceptionAction<SpnegoNegotiator>() { @Override public SpnegoNegotiator run() throws Exception { return new SpnegoNegotiator(KerberosSuite.PRINCIPAL_CLIENT, KerberosSuite.PRINCIPAL_SERVER); } }); byte[] token = new byte[0]; boolean authenticated = false; for (int idx = 0; idx < 100; idx++) { if (!spnegoNegotiator.established()) { if (token.length > 0) { spnegoNegotiator.setTokenData(Base64.encodeBase64String(token)); } String baseToken = client.doAs(new PrivilegedExceptionAction<String>() { @Override public String run() throws Exception { return spnegoNegotiator.send(); } }); token = Base64.decodeBase64(baseToken); } if (!spnegoNegotiator.established() && serverCtx.isEstablished()) { fail("Server is established, but client is not."); } if (!serverCtx.isEstablished()) { final byte[] currentToken = token; token = server.doAs(new PrivilegedExceptionAction<byte[]>() { @Override public byte[] run() throws Exception { return serverCtx.acceptSecContext(currentToken, 0, currentToken.length); } }); } if (serverCtx.isEstablished() && spnegoNegotiator.established()) { authenticated = true; break; } } assertThat(authenticated, is(true)); assertThat(serverCtx.isEstablished(), is(true)); assertThat(spnegoNegotiator.established(), is(true)); spnegoNegotiator.close(); assertThat(spnegoNegotiator.established(), is(false)); }
Example #29
Source File: S4U2proxy.java From TencentKona-8 with GNU General Public License v2.0 | 4 votes |
public static void main(String[] args) throws Exception { Oid mech; if (args[0].equals("spnego")) { mech = GSSUtil.GSS_SPNEGO_MECH_OID; } else if (args[0].contains("krb5")) { mech = GSSUtil.GSS_KRB5_MECH_OID; } else { throw new Exception("Unknown mech"); } OneKDC kdc = new OneKDC(null); kdc.writeJAASConf(); kdc.setOption(KDC.Option.PREAUTH_REQUIRED, false); Map<String,List<String>> map = new HashMap<>(); map.put(OneKDC.SERVER + "@" + OneKDC.REALM, Arrays.asList( new String[]{OneKDC.BACKEND + "@" + OneKDC.REALM})); kdc.setOption(KDC.Option.ALLOW_S4U2PROXY, map); Context c, s, b; c = Context.fromJAAS("client"); s = Context.fromJAAS("server"); b = Context.fromJAAS("backend"); c.startAsClient(OneKDC.SERVER, mech); s.startAsServer(null, mech, false); Context.handshake(c, s); Context p = s.delegated(); p.startAsClient(OneKDC.BACKEND, mech); // 8044215: requestCredDeleg is useless and harmless p.x().requestCredDeleg(true); b.startAsServer(mech); Context.handshake(p, b); p.startAsClient(OneKDC.BACKEND, mech); b.startAsServer(mech); Context.handshake(p, b); }
Example #30
Source File: S4U2self.java From TencentKona-8 with GNU General Public License v2.0 | 4 votes |
public static void main(String[] args) throws Exception { // Test case, different policy settings in KDC: // | ALLOW_S4U2SELF on // | USER USER2 none // ALLOW_S4U2PORXY |------------------------- // USER to BACKEND | 0 1 2 // USER2 to BACKEND | 3 // USER to SERVER | 4 // none | 5 // // 0 should succeed, all other fail int test = 0; Oid mech; if (args[0].equals("spnego")) { mech = GSSUtil.GSS_SPNEGO_MECH_OID; } else if (args[0].contains("krb5")) { mech = GSSUtil.GSS_KRB5_MECH_OID; test = Integer.parseInt(args[1]); } else { throw new Exception("Unknown mech"); } OneKDC kdc = new OneKDC(null); kdc.writeJAASConf(); switch (test) { case 1: kdc.setOption(KDC.Option.ALLOW_S4U2SELF, Arrays.asList( new String[]{OneKDC.USER2 + "@" + OneKDC.REALM})); break; case 2: // No S4U2self break; default: kdc.setOption(KDC.Option.ALLOW_S4U2SELF, Arrays.asList( new String[]{OneKDC.USER + "@" + OneKDC.REALM})); break; } Map<String,List<String>> map = new HashMap<>(); switch (test) { case 3: map.put(OneKDC.USER2 + "@" + OneKDC.REALM, Arrays.asList( new String[]{OneKDC.BACKEND + "@" + OneKDC.REALM})); kdc.setOption(KDC.Option.ALLOW_S4U2PROXY, map); break; case 4: map.put(OneKDC.USER + "@" + OneKDC.REALM, Arrays.asList( new String[]{OneKDC.SERVER + "@" + OneKDC.REALM})); kdc.setOption(KDC.Option.ALLOW_S4U2PROXY, map); break; case 5: // No S4U2proxy set break; default: map.put(OneKDC.USER + "@" + OneKDC.REALM, Arrays.asList( new String[]{OneKDC.BACKEND + "@" + OneKDC.REALM})); kdc.setOption(KDC.Option.ALLOW_S4U2PROXY, map); break; } Context c, s; c = Context.fromJAAS("client"); c = c.impersonate(OneKDC.USER2); c.status(); c.startAsClient(OneKDC.BACKEND, mech); s = Context.fromJAAS("backend"); s.startAsServer(mech); Context.handshake(c, s); Context.transmit("i say high --", c, s); Context.transmit(" you say low", s, c); c.status(); s.status(); String n1 = c.x().getSrcName().toString().split("@")[0]; String n2 = s.x().getSrcName().toString().split("@")[0]; if (!n1.equals(OneKDC.USER2) || !n2.equals(OneKDC.USER2)) { throw new Exception("Impersonate failed"); } s.dispose(); c.dispose(); }