sun.security.jgss.GSSUtil Java Examples

public static void main(String[] args) throws Exception {

        new OneKDC(null).writeJAASConf();

        Context c, s;
        c = Context.fromJAAS("client");
        s = Context.fromJAAS("server");

        c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
        s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);

        Context.handshake(c, s);

        String expected = OneKDC.SERVER + "@" + OneKDC.REALM;
        if (!c.s().getPrivateCredentials(KerberosTicket.class)
                .stream()
                .anyMatch(t -> t.getServer().toString().equals(expected))) {
            c.status();
            throw new Exception("no " + expected);
        }
    }
 

static void xRealmAuth() throws Exception {
    Security.setProperty("auth.login.defaultCallbackHandler", "CrossRealm");
    System.setProperty("java.security.auth.login.config", "jaas-localkdc.conf");
    System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
    FileOutputStream fos = new FileOutputStream("jaas-localkdc.conf");
    fos.write(("com.sun.security.jgss.krb5.initiate {\n" +
            "    com.sun.security.auth.module.Krb5LoginModule\n" +
            "    required\n" +
            "    principal=dummy\n" +
            "    doNotPrompt=false\n" +
            "    useTicketCache=false\n" +
            "    ;\n" +
            "};").getBytes());
    fos.close();

    GSSManager m = GSSManager.getInstance();
    m.createContext(
            m.createName("[email protected]", GSSName.NT_HOSTBASED_SERVICE),
            GSSUtil.GSS_KRB5_MECH_OID,
            null,
            GSSContext.DEFAULT_LIFETIME).initSecContext(new byte[0], 0, 0);
}
 

NativeGSSContext(GSSNameElement peer, GSSCredElement myCred,
                 int time, GSSLibStub stub) throws GSSException {
    if (peer == null) {
        throw new GSSException(GSSException.FAILURE, 1, "null peer");
    }
    cStub = stub;
    cred = myCred;
    targetName = peer;
    isInitiator = true;
    lifetime = time;

    if (GSSUtil.isKerberosMech(cStub.getMech())) {
        doServicePermCheck();
        if (cred == null) {
            cred = new GSSCredElement(null, lifetime,
                                      GSSCredential.INITIATE_ONLY, cStub);
        }
        srcName = cred.getName();
    }
}
 

NativeGSSContext(GSSNameElement peer, GSSCredElement myCred,
                 int time, GSSLibStub stub) throws GSSException {
    if (peer == null) {
        throw new GSSException(GSSException.FAILURE, 1, "null peer");
    }
    cStub = stub;
    cred = myCred;
    targetName = peer;
    isInitiator = true;
    lifetime = time;

    if (GSSUtil.isKerberosMech(cStub.getMech())) {
        doServicePermCheck();
        if (cred == null) {
            cred = new GSSCredElement(null, lifetime,
                                      GSSCredential.INITIATE_ONLY, cStub);
        }
        srcName = cred.getName();
    }
}
 

/**
 * Retrieves the ServiceCreds for the specified server principal from
 * the Subject in the specified AccessControlContext. If not found, and if
 * useSubjectCredsOnly is false, then obtain from a LoginContext.
 *
 * NOTE: This method is also used by JSSE Kerberos Cipher Suites
 */
public static ServiceCreds getServiceCreds(GSSCaller caller,
    String serverPrincipal, AccessControlContext acc)
            throws LoginException {

    Subject accSubj = Subject.getSubject(acc);
    ServiceCreds sc = null;
    if (accSubj != null) {
        sc = ServiceCreds.getInstance(accSubj, serverPrincipal);
    }
    if (sc == null && !GSSUtil.useSubjectCredsOnly(caller)) {
        Subject subject = GSSUtil.login(caller, GSSUtil.GSS_KRB5_MECH_OID);
        sc = ServiceCreds.getInstance(subject, serverPrincipal);
    }
    return sc;
}
 

public static void main(String[] args) throws Exception {

        OneKDC kdc = new OneKDC(null);
        kdc.writeJAASConf();
        kdc.setOption(KDC.Option.RESP_NT, PrincipalName.KRB_NT_PRINCIPAL);

        Context c, s;
        c = Context.fromJAAS("client");
        s = Context.fromJAAS("server");

        c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
        s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);

        Context.handshake(c, s);

        Context.transmit("i say high --", c, s);
        Context.transmit("   you say low", s, c);

        s.dispose();
        c.dispose();
    }
 

public static void main(String[] args) throws Exception {

        new OneKDC(null).writeJAASConf();

        Context c, s;
        c = Context.fromThinAir();
        s = Context.fromThinAir();

        // This is the only setting needed for JGSS without JAAS. The default
        // JAAS config entries are already created by OneKDC.
        System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");

        c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
        s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);

        Context.handshake(c, s);

        Context.transmit("i say high --", c, s);
        Context.transmit("   you say low", s, c);

        s.dispose();
        c.dispose();
    }
 

static void xRealmAuth() throws Exception {
    Security.setProperty("auth.login.defaultCallbackHandler", "CrossRealm");
    System.setProperty("java.security.auth.login.config", "jaas-localkdc.conf");
    System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
    FileOutputStream fos = new FileOutputStream("jaas-localkdc.conf");
    fos.write(("com.sun.security.jgss.krb5.initiate {\n" +
            "    com.sun.security.auth.module.Krb5LoginModule\n" +
            "    required\n" +
            "    principal=dummy\n" +
            "    doNotPrompt=false\n" +
            "    useTicketCache=false\n" +
            "    ;\n" +
            "};").getBytes());
    fos.close();

    GSSManager m = GSSManager.getInstance();
    m.createContext(
            m.createName("[email protected]", GSSName.NT_HOSTBASED_SERVICE),
            GSSUtil.GSS_KRB5_MECH_OID,
            null,
            GSSContext.DEFAULT_LIFETIME).initSecContext(new byte[0], 0, 0);
}
 

public static void main(String[] args) throws Exception {

        new OneKDC(null) {
            protected byte[] processAsReq(byte[] in) throws Exception {
                kdcTouched = true;
                return super.processAsReq(in);
            }
        }.writeJAASConf();
        Security.setProperty("auth.login.defaultCallbackHandler",
                "LoginNoPass$CallbackForClient");
        System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");

        try {
            Context c;
            c = Context.fromJAAS("client");
            c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
            c.take(new byte[0]);
        } catch (Exception e) {
            e.printStackTrace(System.out);
            // OK
        }
        if (kdcTouched) {
            throw new Exception("Failed");
        }
    }
 

private GSSCredElement getCredFromSubject(GSSNameElement name,
                                          boolean initiate)
    throws GSSException {
    Oid mech = cStub.getMech();
    Vector<GSSCredElement> creds = GSSUtil.searchSubject
        (name, mech, initiate, GSSCredElement.class);

    // If Subject is present but no native creds available
    if (creds != null && creds.isEmpty()) {
        if (GSSUtil.useSubjectCredsOnly(caller)) {
            throw new GSSException(GSSException.NO_CRED);
        }
    }

    GSSCredElement result = ((creds == null || creds.isEmpty()) ?
                             null : creds.firstElement());
    // Force permission check before returning the cred to caller
    if (result != null) {
        result.doServicePermCheck();
    }
    return result;
}
 

public static void main(String[] args) throws Exception {

        new OneKDC(null).writeJAASConf();

        Context c, s;
        c = Context.fromThinAir();
        s = Context.fromThinAir();

        // This is the only setting needed for JGSS without JAAS. The default
        // JAAS config entries are already created by OneKDC.
        System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");

        c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
        s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);

        Context.handshake(c, s);

        Context.transmit("i say high --", c, s);
        Context.transmit("   you say low", s, c);

        s.dispose();
        c.dispose();
    }
 

NativeGSSContext(GSSCredElement myCred, GSSLibStub stub)
    throws GSSException {
    cStub = stub;
    cred = myCred;

    if (cred != null) targetName = cred.getName();

    isInitiator = false;
    // Defer Service permission check for default acceptor cred
    // to acceptSecContext()
    if (GSSUtil.isKerberosMech(cStub.getMech()) && targetName != null) {
        doServicePermCheck();
    }

    // srcName and potentially targetName (when myCred is null)
    // will be set in GSSLibStub.acceptContext(...)
}
 

public static void main(String[] args) throws Exception {

        OneKDC kdc = new OneKDC(null);
        kdc.writeJAASConf();
        kdc.setOption(KDC.Option.RESP_NT, PrincipalName.KRB_NT_PRINCIPAL);

        Context c, s;
        c = Context.fromJAAS("client");
        s = Context.fromJAAS("server");

        c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
        s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);

        Context.handshake(c, s);

        Context.transmit("i say high --", c, s);
        Context.transmit("   you say low", s, c);

        s.dispose();
        c.dispose();
    }
 

NativeGSSContext(long pCtxt, GSSLibStub stub) throws GSSException {
    assert(pContext != 0);
    pContext = pCtxt;
    cStub = stub;

    // Set everything except cred, cb, delegatedCred
    long[] info = cStub.inquireContext(pContext);
    if (info.length != NUM_OF_INQUIRE_VALUES) {
        throw new RuntimeException("Bug w/ GSSLibStub.inquireContext()");
    }
    srcName = new GSSNameElement(info[0], cStub);
    targetName = new GSSNameElement(info[1], cStub);
    isInitiator = (info[2] != 0);
    isEstablished = (info[3] != 0);
    flags = (int) info[4];
    lifetime = (int) info[5];

    // Do Service Permission check when importing SPNEGO context
    // just to be safe
    Oid mech = cStub.getMech();
    if (GSSUtil.isSpNegoMech(mech) || GSSUtil.isKerberosMech(mech)) {
        doServicePermCheck();
    }
}
 

/**
 * Retrieves the ServiceCreds for the specified server principal from
 * the Subject in the specified AccessControlContext. If not found, and if
 * useSubjectCredsOnly is false, then obtain from a LoginContext.
 *
 * NOTE: This method is also used by JSSE Kerberos Cipher Suites
 */
public static ServiceCreds getServiceCreds(GSSCaller caller,
    String serverPrincipal, AccessControlContext acc)
            throws LoginException {

    Subject accSubj = Subject.getSubject(acc);
    ServiceCreds sc = null;
    if (accSubj != null) {
        sc = ServiceCreds.getInstance(accSubj, serverPrincipal);
    }
    if (sc == null && !GSSUtil.useSubjectCredsOnly(caller)) {
        Subject subject = GSSUtil.login(caller, GSSUtil.GSS_KRB5_MECH_OID);
        sc = ServiceCreds.getInstance(subject, serverPrincipal);
    }
    return sc;
}
 

/**
 * Retrieves the ServiceCreds for the specified server principal from
 * the Subject in the specified AccessControlContext. If not found, and if
 * useSubjectCredsOnly is false, then obtain from a LoginContext.
 *
 * NOTE: This method is also used by JSSE Kerberos Cipher Suites
 */
public static ServiceCreds getServiceCreds(GSSCaller caller,
    String serverPrincipal, AccessControlContext acc)
            throws LoginException {

    Subject accSubj = Subject.getSubject(acc);
    ServiceCreds sc = null;
    if (accSubj != null) {
        sc = ServiceCreds.getInstance(accSubj, serverPrincipal);
    }
    if (sc == null && !GSSUtil.useSubjectCredsOnly(caller)) {
        Subject subject = GSSUtil.login(caller, GSSUtil.GSS_KRB5_MECH_OID);
        sc = ServiceCreds.getInstance(subject, serverPrincipal);
    }
    return sc;
}
 

public static void main(String[] args)
        throws Exception {

    // Create and start the KDC
    KDC kdc = new OneKDC(null);
    if (System.getProperty("onlyonepreauth") != null) {
        KDC.saveConfig(OneKDC.KRB5_CONF, kdc,
                "default_tgs_enctypes=des3-cbc-sha1");
        Config.refresh();
        kdc.setOption(KDC.Option.ONLY_ONE_PREAUTH, true);
    }
    if (System.getProperty("nopreauth") != null) {
        kdc.setOption(KDC.Option.PREAUTH_REQUIRED, false);
    }

    // Use a different case of name. KDC will return correct salt
    Context c1 = Context.fromUserPass(OneKDC.USER.toUpperCase(Locale.US),
            OneKDC.PASS, true);
    Context c2 = Context.fromUserPass(OneKDC.USER2.toUpperCase(Locale.US),
            OneKDC.PASS2, true);

    c1.startAsClient(OneKDC.USER2, GSSUtil.GSS_KRB5_MECH_OID);
    c2.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);

    Context.handshake(c1, c2);
}
 

public static void main(String[] args) throws Exception {

        OneKDC kdc = new OneKDC(null);
        kdc.writeJAASConf();
        kdc.setOption(KDC.Option.RESP_NT, PrincipalName.KRB_NT_PRINCIPAL);

        Context c, s;
        c = Context.fromJAAS("client");
        s = Context.fromJAAS("server");

        c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
        s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);

        Context.handshake(c, s);

        Context.transmit("i say high --", c, s);
        Context.transmit("   you say low", s, c);

        s.dispose();
        c.dispose();
    }
 

public static void main(String[] args) throws Exception {

        new OneKDC(null);

        Context c, s;
        c = Context.fromUserPass(OneKDC.USER, OneKDC.PASS, false);
        s = Context.fromThinAir();

        // This is the only setting needed for JGSS without JAAS. The default
        // JAAS config entries are already created by OneKDC.
        System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");

        c.startAsClient(OneKDC.BACKEND, GSSUtil.GSS_KRB5_MECH_OID);
        s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);

        Context.handshake(c, s);

        Context.transmit("i say high --", c, s);
        Context.transmit("   you say low", s, c);

        s.dispose();
        c.dispose();
    }
 

private void doServicePermCheck() throws GSSException {
    if (System.getSecurityManager() != null) {
        String action = (isInitiator? "initiate" : "accept");
        // Need to check Service permission for accessing
        // initiator cred for SPNEGO during context establishment
        if (GSSUtil.isSpNegoMech(cStub.getMech()) && isInitiator
            && !isEstablished) {
            if (srcName == null) {
                // Check by creating default initiator KRB5 cred
                GSSCredElement tempCred =
                    new GSSCredElement(null, lifetime,
                                       GSSCredential.INITIATE_ONLY,
                                       GSSLibStub.getInstance(GSSUtil.GSS_KRB5_MECH_OID));
                tempCred.dispose();
            } else {
                String tgsName = Krb5Util.getTGSName(srcName);
                Krb5Util.checkServicePermission(tgsName, action);
            }
        }
        String targetStr = targetName.getKrbName();
        Krb5Util.checkServicePermission(targetStr, action);
        skipServicePermCheck = true;
    }
}
 

NativeGSSContext(long pCtxt, GSSLibStub stub) throws GSSException {
    assert(pContext != 0);
    pContext = pCtxt;
    cStub = stub;

    // Set everything except cred, cb, delegatedCred
    long[] info = cStub.inquireContext(pContext);
    if (info.length != NUM_OF_INQUIRE_VALUES) {
        throw new RuntimeException("Bug w/ GSSLibStub.inquireContext()");
    }
    srcName = new GSSNameElement(info[0], cStub);
    targetName = new GSSNameElement(info[1], cStub);
    isInitiator = (info[2] != 0);
    isEstablished = (info[3] != 0);
    flags = (int) info[4];
    lifetime = (int) info[5];

    // Do Service Permission check when importing SPNEGO context
    // just to be safe
    Oid mech = cStub.getMech();
    if (GSSUtil.isSpNegoMech(mech) || GSSUtil.isKerberosMech(mech)) {
        doServicePermCheck();
    }
}
 

public static void main(String[] args)
        throws Exception {

    // Create and start the KDC
    KDC kdc = new OneKDC(null);
    if (System.getProperty("onlyonepreauth") != null) {
        KDC.saveConfig(OneKDC.KRB5_CONF, kdc,
                "default_tgs_enctypes=des3-cbc-sha1");
        Config.refresh();
        kdc.setOption(KDC.Option.ONLY_ONE_PREAUTH, true);
    }
    if (System.getProperty("nopreauth") != null) {
        kdc.setOption(KDC.Option.PREAUTH_REQUIRED, false);
    }

    // Use a different case of name. KDC will return correct salt
    Context c1 = Context.fromUserPass(OneKDC.USER.toUpperCase(),
            OneKDC.PASS, true);
    Context c2 = Context.fromUserPass(OneKDC.USER2.toUpperCase(),
            OneKDC.PASS2, true);

    c1.startAsClient(OneKDC.USER2, GSSUtil.GSS_KRB5_MECH_OID);
    c2.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);

    Context.handshake(c1, c2);
}
 

private static Oid getNativeNameType(Oid nameType, GSSLibStub stub) {
    if (GSSUtil.NT_GSS_KRB5_PRINCIPAL.equals(nameType)) {
        Oid[] supportedNTs = null;
        try {
            supportedNTs = stub.inquireNamesForMech();
        } catch (GSSException ge) {
            if (ge.getMajor() == GSSException.BAD_MECH &&
                GSSUtil.isSpNegoMech(stub.getMech())) {
                // Workaround known Heimdal issue and retry with KRB5
                try {
                    stub = GSSLibStub.getInstance
                        (GSSUtil.GSS_KRB5_MECH_OID);
                    supportedNTs = stub.inquireNamesForMech();
                } catch (GSSException ge2) {
                    // Should never happen
                    SunNativeProvider.debug("Name type list unavailable: " +
                        ge2.getMajorString());
                }
            } else {
                SunNativeProvider.debug("Name type list unavailable: " +
                    ge.getMajorString());
            }
        }
        if (supportedNTs != null) {
            for (int i = 0; i < supportedNTs.length; i++) {
                if (supportedNTs[i].equals(nameType)) return nameType;
            }
            // Special handling the specified name type
            SunNativeProvider.debug("Override " + nameType +
                " with mechanism default(null)");
            return null; // Use mechanism specific default
        }
    }
    return nameType;
}
 

public static void main(String[] args) throws Exception {

        new OneKDC(null).writeJAASConf();
        try (FileOutputStream fos =
                new FileOutputStream(OneKDC.JAAS_CONF, true)) {
            fos.write((
                "noinit {\n" +
                "    com.sun.security.auth.module.Krb5LoginModule required\n" +
                "    principal=\"" + OneKDC.USER + "\"\n" +
                "    useKeyTab=false\n" +
                "    isInitiator=false\n" +
                "    storeKey=true;\n};\n").getBytes());
        }
        Context c, s;
        c = Context.fromJAAS("client");
        s = Context.fromJAAS("noinit");

        c.startAsClient(OneKDC.USER, GSSUtil.GSS_SPNEGO_MECH_OID);
        s.startAsServer(GSSUtil.GSS_SPNEGO_MECH_OID);

        Context.handshake(c, s);

        Context.transmit("i say high --", c, s);
        Context.transmit("   you say low", s, c);

        s.dispose();
        c.dispose();
    }
 

public static void main(String[] args) throws Exception {

        new OneKDC(null).writeJAASConf();

        Context c, s;
        c = Context.fromJAAS("client");
        s = Context.fromJAAS("server");

        c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_SPNEGO_MECH_OID);
        s.startAsServer(GSSUtil.GSS_SPNEGO_MECH_OID);

        Context.handshake(c, s);

        byte[] msg = "i say high --".getBytes();
        byte[] wrapped = c.wrap(msg, false);

        // Simulate RRC equals to EC
        int rrc = wrapped[5];
        byte[] rotated = new byte[wrapped.length];
        System.arraycopy(wrapped, 0, rotated, 0, 16);
        System.arraycopy(wrapped, wrapped.length-rrc, rotated, 16, rrc);
        System.arraycopy(wrapped, 16, rotated, 16+rrc, wrapped.length-16-rrc);
        rotated[7] = (byte)rrc;

        byte[] unwrapped = s.unwrap(rotated, false);
        if (!Arrays.equals(msg, unwrapped)) {
            throw new Exception("Failure");
        }

        s.dispose();
        c.dispose();
    }
 

public static void main(String[] args)
        throws Exception {

    OneKDC kdc = new OneKDC(null);
    kdc.writeJAASConf();

    // In KDC, it's 2
    char[] pass = "pass2".toCharArray();
    kdc.addPrincipal(OneKDC.SERVER, pass);

    // In ktab, kvno is 1 or 3, 3 has the same password
    KeyTab ktab = KeyTab.create(OneKDC.KTAB);
    PrincipalName p = new PrincipalName(
        OneKDC.SERVER+"@"+OneKDC.REALM, PrincipalName.KRB_NT_SRV_HST);
    ktab.addEntry(p, "pass1".toCharArray(), 1, true);
    ktab.addEntry(p, "pass2".toCharArray(), 3, true);
    ktab.save();

    Context c, s;

    c = Context.fromUserPass("dummy", "bogus".toCharArray(), false);
    s = Context.fromJAAS("server");

    c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
    s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);

    Context.handshake(c, s);

    s.dispose();
    c.dispose();
}
 

/**
 * @param args JAAS config pricipal and GSSCredential creation name
 */
public static void main(String[] args) throws Exception {

    String principal = args[0];
    if (principal.equals("null")) principal = null;

    String server = args[1];
    if (server.equals("null")) server = null;

    new OneKDC(null).writeJAASConf();
    File f = new File(OneKDC.JAAS_CONF);
    try (FileOutputStream fos = new FileOutputStream(f)) {
        fos.write((
            "client {\n" +
            "    com.sun.security.auth.module.Krb5LoginModule required;\n};\n" +
            "unbound {\n" +
            "    com.sun.security.auth.module.Krb5LoginModule required\n" +
            "    useKeyTab=true\n" +
            "    principal=" +
                (principal==null? "*" :("\"" + principal + "\"")) + "\n" +
            "    doNotPrompt=true\n" +
            "    isInitiator=false\n" +
            "    storeKey=true;\n};\n"
            ).getBytes());
    }

    Context c, s;
    c = Context.fromJAAS("client");
    s = Context.fromJAAS("unbound");

    c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
    s.startAsServer(server, GSSUtil.GSS_KRB5_MECH_OID);

    Context.handshake(c, s);

    s.dispose();
    c.dispose();
}
 

public static void main(String[] args)
        throws Exception {

    new OneKDC(null);

    System.setProperty("sun.security.krb5.rcache", "none");
    System.setProperty("sun.security.krb5.acceptor.subkey", "true");

    Context c, s;
    c = Context.fromUserPass(OneKDC.USER, OneKDC.PASS, false);
    s = Context.fromUserKtab(OneKDC.SERVER, OneKDC.KTAB, true);

    c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
    s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);

    byte[] first = c.take(new byte[0]);

    c.take(s.take(first));

    byte[] msg = c.wrap("hello".getBytes(), true);
    s.unwrap(msg, true);

    s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);
    s.take(first);  // apreq replay not detectable
    try {
        s.unwrap(msg, true);    // msg replay detectable
        throw new Exception("This method should fail");
    } catch (GSSException gsse) {
        gsse.printStackTrace();
    }
}
 

public String getKrbName() throws GSSException {
    long mName = 0;
    GSSLibStub stub = cStub;
    if (!GSSUtil.isKerberosMech(cStub.getMech())) {
        stub = GSSLibStub.getInstance(GSSUtil.GSS_KRB5_MECH_OID);
    }
    mName = stub.canonicalizeName(pName);
    Object[] printables2 = stub.displayName(mName);
    stub.releaseName(mName);
    SunNativeProvider.debug("Got kerberized name: " + printables2[0]);
    return (String) printables2[0];
}
 

/**
 * @param args JAAS config pricipal and GSSCredential creation name
 */
public static void main(String[] args) throws Exception {

    String principal = args[0];
    if (principal.equals("null")) principal = null;

    String server = args[1];
    if (server.equals("null")) server = null;

    new OneKDC(null).writeJAASConf();
    File f = new File(OneKDC.JAAS_CONF);
    try (FileOutputStream fos = new FileOutputStream(f)) {
        fos.write((
            "client {\n" +
            "    com.sun.security.auth.module.Krb5LoginModule required;\n};\n" +
            "unbound {\n" +
            "    com.sun.security.auth.module.Krb5LoginModule required\n" +
            "    useKeyTab=true\n" +
            "    principal=" +
                (principal==null? "*" :("\"" + principal + "\"")) + "\n" +
            "    doNotPrompt=true\n" +
            "    isInitiator=false\n" +
            "    storeKey=true;\n};\n"
            ).getBytes());
    }

    Context c, s;
    c = Context.fromJAAS("client");
    s = Context.fromJAAS("unbound");

    c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
    s.startAsServer(server, GSSUtil.GSS_KRB5_MECH_OID);

    Context.handshake(c, s);

    s.dispose();
    c.dispose();
}