sun.security.jgss.GSSUtil Java Examples

The following examples show how to use sun.security.jgss.GSSUtil. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source Project: TencentKona-8   Author: Tencent   File: TicketSName.java    License: GNU General Public License v2.0 6 votes vote down vote up
public static void main(String[] args) throws Exception {

        new OneKDC(null).writeJAASConf();

        Context c, s;
        c = Context.fromJAAS("client");
        s = Context.fromJAAS("server");

        c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
        s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);

        Context.handshake(c, s);

        String expected = OneKDC.SERVER + "@" + OneKDC.REALM;
        if (!c.s().getPrivateCredentials(KerberosTicket.class)
                .stream()
                .anyMatch(t -> t.getServer().toString().equals(expected))) {
            c.status();
            throw new Exception("no " + expected);
        }
    }
 
Example #2
Source Project: openjdk-8-source   Author: keerath   File: CrossRealm.java    License: GNU General Public License v2.0 6 votes vote down vote up
static void xRealmAuth() throws Exception {
    Security.setProperty("auth.login.defaultCallbackHandler", "CrossRealm");
    System.setProperty("java.security.auth.login.config", "jaas-localkdc.conf");
    System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
    FileOutputStream fos = new FileOutputStream("jaas-localkdc.conf");
    fos.write(("com.sun.security.jgss.krb5.initiate {\n" +
            "    com.sun.security.auth.module.Krb5LoginModule\n" +
            "    required\n" +
            "    principal=dummy\n" +
            "    doNotPrompt=false\n" +
            "    useTicketCache=false\n" +
            "    ;\n" +
            "};").getBytes());
    fos.close();

    GSSManager m = GSSManager.getInstance();
    m.createContext(
            m.createName("[email protected]", GSSName.NT_HOSTBASED_SERVICE),
            GSSUtil.GSS_KRB5_MECH_OID,
            null,
            GSSContext.DEFAULT_LIFETIME).initSecContext(new byte[0], 0, 0);
}
 
Example #3
Source Project: hottub   Author: dsrg-uoft   File: NativeGSSContext.java    License: GNU General Public License v2.0 6 votes vote down vote up
NativeGSSContext(GSSNameElement peer, GSSCredElement myCred,
                 int time, GSSLibStub stub) throws GSSException {
    if (peer == null) {
        throw new GSSException(GSSException.FAILURE, 1, "null peer");
    }
    cStub = stub;
    cred = myCred;
    targetName = peer;
    isInitiator = true;
    lifetime = time;

    if (GSSUtil.isKerberosMech(cStub.getMech())) {
        doServicePermCheck();
        if (cred == null) {
            cred = new GSSCredElement(null, lifetime,
                                      GSSCredential.INITIATE_ONLY, cStub);
        }
        srcName = cred.getName();
    }
}
 
Example #4
Source Project: dragonwell8_jdk   Author: alibaba   File: NativeGSSContext.java    License: GNU General Public License v2.0 6 votes vote down vote up
NativeGSSContext(GSSNameElement peer, GSSCredElement myCred,
                 int time, GSSLibStub stub) throws GSSException {
    if (peer == null) {
        throw new GSSException(GSSException.FAILURE, 1, "null peer");
    }
    cStub = stub;
    cred = myCred;
    targetName = peer;
    isInitiator = true;
    lifetime = time;

    if (GSSUtil.isKerberosMech(cStub.getMech())) {
        doServicePermCheck();
        if (cred == null) {
            cred = new GSSCredElement(null, lifetime,
                                      GSSCredential.INITIATE_ONLY, cStub);
        }
        srcName = cred.getName();
    }
}
 
Example #5
Source Project: hottub   Author: dsrg-uoft   File: Krb5Util.java    License: GNU General Public License v2.0 6 votes vote down vote up
/**
 * Retrieves the ServiceCreds for the specified server principal from
 * the Subject in the specified AccessControlContext. If not found, and if
 * useSubjectCredsOnly is false, then obtain from a LoginContext.
 *
 * NOTE: This method is also used by JSSE Kerberos Cipher Suites
 */
public static ServiceCreds getServiceCreds(GSSCaller caller,
    String serverPrincipal, AccessControlContext acc)
            throws LoginException {

    Subject accSubj = Subject.getSubject(acc);
    ServiceCreds sc = null;
    if (accSubj != null) {
        sc = ServiceCreds.getInstance(accSubj, serverPrincipal);
    }
    if (sc == null && !GSSUtil.useSubjectCredsOnly(caller)) {
        Subject subject = GSSUtil.login(caller, GSSUtil.GSS_KRB5_MECH_OID);
        sc = ServiceCreds.getInstance(subject, serverPrincipal);
    }
    return sc;
}
 
Example #6
Source Project: jdk8u60   Author: chenghanpeng   File: PrincipalNameEquals.java    License: GNU General Public License v2.0 6 votes vote down vote up
public static void main(String[] args) throws Exception {

        OneKDC kdc = new OneKDC(null);
        kdc.writeJAASConf();
        kdc.setOption(KDC.Option.RESP_NT, PrincipalName.KRB_NT_PRINCIPAL);

        Context c, s;
        c = Context.fromJAAS("client");
        s = Context.fromJAAS("server");

        c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
        s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);

        Context.handshake(c, s);

        Context.transmit("i say high --", c, s);
        Context.transmit("   you say low", s, c);

        s.dispose();
        c.dispose();
    }
 
Example #7
Source Project: jdk8u-jdk   Author: lambdalab-mirror   File: GSS.java    License: GNU General Public License v2.0 6 votes vote down vote up
public static void main(String[] args) throws Exception {

        new OneKDC(null).writeJAASConf();

        Context c, s;
        c = Context.fromThinAir();
        s = Context.fromThinAir();

        // This is the only setting needed for JGSS without JAAS. The default
        // JAAS config entries are already created by OneKDC.
        System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");

        c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
        s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);

        Context.handshake(c, s);

        Context.transmit("i say high --", c, s);
        Context.transmit("   you say low", s, c);

        s.dispose();
        c.dispose();
    }
 
Example #8
Source Project: jdk8u_jdk   Author: JetBrains   File: CrossRealm.java    License: GNU General Public License v2.0 6 votes vote down vote up
static void xRealmAuth() throws Exception {
    Security.setProperty("auth.login.defaultCallbackHandler", "CrossRealm");
    System.setProperty("java.security.auth.login.config", "jaas-localkdc.conf");
    System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
    FileOutputStream fos = new FileOutputStream("jaas-localkdc.conf");
    fos.write(("com.sun.security.jgss.krb5.initiate {\n" +
            "    com.sun.security.auth.module.Krb5LoginModule\n" +
            "    required\n" +
            "    principal=dummy\n" +
            "    doNotPrompt=false\n" +
            "    useTicketCache=false\n" +
            "    ;\n" +
            "};").getBytes());
    fos.close();

    GSSManager m = GSSManager.getInstance();
    m.createContext(
            m.createName("[email protected]", GSSName.NT_HOSTBASED_SERVICE),
            GSSUtil.GSS_KRB5_MECH_OID,
            null,
            GSSContext.DEFAULT_LIFETIME).initSecContext(new byte[0], 0, 0);
}
 
Example #9
Source Project: dragonwell8_jdk   Author: alibaba   File: LoginNoPass.java    License: GNU General Public License v2.0 6 votes vote down vote up
public static void main(String[] args) throws Exception {

        new OneKDC(null) {
            protected byte[] processAsReq(byte[] in) throws Exception {
                kdcTouched = true;
                return super.processAsReq(in);
            }
        }.writeJAASConf();
        Security.setProperty("auth.login.defaultCallbackHandler",
                "LoginNoPass$CallbackForClient");
        System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");

        try {
            Context c;
            c = Context.fromJAAS("client");
            c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
            c.take(new byte[0]);
        } catch (Exception e) {
            e.printStackTrace(System.out);
            // OK
        }
        if (kdcTouched) {
            throw new Exception("Failed");
        }
    }
 
Example #10
Source Project: openjdk-8-source   Author: keerath   File: NativeGSSFactory.java    License: GNU General Public License v2.0 6 votes vote down vote up
private GSSCredElement getCredFromSubject(GSSNameElement name,
                                          boolean initiate)
    throws GSSException {
    Oid mech = cStub.getMech();
    Vector<GSSCredElement> creds = GSSUtil.searchSubject
        (name, mech, initiate, GSSCredElement.class);

    // If Subject is present but no native creds available
    if (creds != null && creds.isEmpty()) {
        if (GSSUtil.useSubjectCredsOnly(caller)) {
            throw new GSSException(GSSException.NO_CRED);
        }
    }

    GSSCredElement result = ((creds == null || creds.isEmpty()) ?
                             null : creds.firstElement());
    // Force permission check before returning the cred to caller
    if (result != null) {
        result.doServicePermCheck();
    }
    return result;
}
 
Example #11
Source Project: openjdk-jdk8u   Author: AdoptOpenJDK   File: GSS.java    License: GNU General Public License v2.0 6 votes vote down vote up
public static void main(String[] args) throws Exception {

        new OneKDC(null).writeJAASConf();

        Context c, s;
        c = Context.fromThinAir();
        s = Context.fromThinAir();

        // This is the only setting needed for JGSS without JAAS. The default
        // JAAS config entries are already created by OneKDC.
        System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");

        c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
        s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);

        Context.handshake(c, s);

        Context.transmit("i say high --", c, s);
        Context.transmit("   you say low", s, c);

        s.dispose();
        c.dispose();
    }
 
Example #12
Source Project: openjdk-8   Author: bpupadhyaya   File: NativeGSSContext.java    License: GNU General Public License v2.0 6 votes vote down vote up
NativeGSSContext(GSSCredElement myCred, GSSLibStub stub)
    throws GSSException {
    cStub = stub;
    cred = myCred;

    if (cred != null) targetName = cred.getName();

    isInitiator = false;
    // Defer Service permission check for default acceptor cred
    // to acceptSecContext()
    if (GSSUtil.isKerberosMech(cStub.getMech()) && targetName != null) {
        doServicePermCheck();
    }

    // srcName and potentially targetName (when myCred is null)
    // will be set in GSSLibStub.acceptContext(...)
}
 
Example #13
Source Project: hottub   Author: dsrg-uoft   File: PrincipalNameEquals.java    License: GNU General Public License v2.0 6 votes vote down vote up
public static void main(String[] args) throws Exception {

        OneKDC kdc = new OneKDC(null);
        kdc.writeJAASConf();
        kdc.setOption(KDC.Option.RESP_NT, PrincipalName.KRB_NT_PRINCIPAL);

        Context c, s;
        c = Context.fromJAAS("client");
        s = Context.fromJAAS("server");

        c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
        s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);

        Context.handshake(c, s);

        Context.transmit("i say high --", c, s);
        Context.transmit("   you say low", s, c);

        s.dispose();
        c.dispose();
    }
 
Example #14
Source Project: openjdk-8-source   Author: keerath   File: NativeGSSContext.java    License: GNU General Public License v2.0 6 votes vote down vote up
NativeGSSContext(long pCtxt, GSSLibStub stub) throws GSSException {
    assert(pContext != 0);
    pContext = pCtxt;
    cStub = stub;

    // Set everything except cred, cb, delegatedCred
    long[] info = cStub.inquireContext(pContext);
    if (info.length != NUM_OF_INQUIRE_VALUES) {
        throw new RuntimeException("Bug w/ GSSLibStub.inquireContext()");
    }
    srcName = new GSSNameElement(info[0], cStub);
    targetName = new GSSNameElement(info[1], cStub);
    isInitiator = (info[2] != 0);
    isEstablished = (info[3] != 0);
    flags = (int) info[4];
    lifetime = (int) info[5];

    // Do Service Permission check when importing SPNEGO context
    // just to be safe
    Oid mech = cStub.getMech();
    if (GSSUtil.isSpNegoMech(mech) || GSSUtil.isKerberosMech(mech)) {
        doServicePermCheck();
    }
}
 
Example #15
Source Project: jdk8u60   Author: chenghanpeng   File: Krb5Util.java    License: GNU General Public License v2.0 6 votes vote down vote up
/**
 * Retrieves the ServiceCreds for the specified server principal from
 * the Subject in the specified AccessControlContext. If not found, and if
 * useSubjectCredsOnly is false, then obtain from a LoginContext.
 *
 * NOTE: This method is also used by JSSE Kerberos Cipher Suites
 */
public static ServiceCreds getServiceCreds(GSSCaller caller,
    String serverPrincipal, AccessControlContext acc)
            throws LoginException {

    Subject accSubj = Subject.getSubject(acc);
    ServiceCreds sc = null;
    if (accSubj != null) {
        sc = ServiceCreds.getInstance(accSubj, serverPrincipal);
    }
    if (sc == null && !GSSUtil.useSubjectCredsOnly(caller)) {
        Subject subject = GSSUtil.login(caller, GSSUtil.GSS_KRB5_MECH_OID);
        sc = ServiceCreds.getInstance(subject, serverPrincipal);
    }
    return sc;
}
 
Example #16
Source Project: openjdk-jdk8u   Author: AdoptOpenJDK   File: Krb5Util.java    License: GNU General Public License v2.0 6 votes vote down vote up
/**
 * Retrieves the ServiceCreds for the specified server principal from
 * the Subject in the specified AccessControlContext. If not found, and if
 * useSubjectCredsOnly is false, then obtain from a LoginContext.
 *
 * NOTE: This method is also used by JSSE Kerberos Cipher Suites
 */
public static ServiceCreds getServiceCreds(GSSCaller caller,
    String serverPrincipal, AccessControlContext acc)
            throws LoginException {

    Subject accSubj = Subject.getSubject(acc);
    ServiceCreds sc = null;
    if (accSubj != null) {
        sc = ServiceCreds.getInstance(accSubj, serverPrincipal);
    }
    if (sc == null && !GSSUtil.useSubjectCredsOnly(caller)) {
        Subject subject = GSSUtil.login(caller, GSSUtil.GSS_KRB5_MECH_OID);
        sc = ServiceCreds.getInstance(subject, serverPrincipal);
    }
    return sc;
}
 
Example #17
Source Project: openjdk-jdk9   Author: AdoptOpenJDK   File: NewSalt.java    License: GNU General Public License v2.0 6 votes vote down vote up
public static void main(String[] args)
        throws Exception {

    // Create and start the KDC
    KDC kdc = new OneKDC(null);
    if (System.getProperty("onlyonepreauth") != null) {
        KDC.saveConfig(OneKDC.KRB5_CONF, kdc,
                "default_tgs_enctypes=des3-cbc-sha1");
        Config.refresh();
        kdc.setOption(KDC.Option.ONLY_ONE_PREAUTH, true);
    }
    if (System.getProperty("nopreauth") != null) {
        kdc.setOption(KDC.Option.PREAUTH_REQUIRED, false);
    }

    // Use a different case of name. KDC will return correct salt
    Context c1 = Context.fromUserPass(OneKDC.USER.toUpperCase(Locale.US),
            OneKDC.PASS, true);
    Context c2 = Context.fromUserPass(OneKDC.USER2.toUpperCase(Locale.US),
            OneKDC.PASS2, true);

    c1.startAsClient(OneKDC.USER2, GSSUtil.GSS_KRB5_MECH_OID);
    c2.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);

    Context.handshake(c1, c2);
}
 
Example #18
Source Project: openjdk-jdk8u-backup   Author: AdoptOpenJDK   File: PrincipalNameEquals.java    License: GNU General Public License v2.0 6 votes vote down vote up
public static void main(String[] args) throws Exception {

        OneKDC kdc = new OneKDC(null);
        kdc.writeJAASConf();
        kdc.setOption(KDC.Option.RESP_NT, PrincipalName.KRB_NT_PRINCIPAL);

        Context c, s;
        c = Context.fromJAAS("client");
        s = Context.fromJAAS("server");

        c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
        s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);

        Context.handshake(c, s);

        Context.transmit("i say high --", c, s);
        Context.transmit("   you say low", s, c);

        s.dispose();
        c.dispose();
    }
 
Example #19
Source Project: openjdk-8-source   Author: keerath   File: GSSUnbound.java    License: GNU General Public License v2.0 6 votes vote down vote up
public static void main(String[] args) throws Exception {

        new OneKDC(null);

        Context c, s;
        c = Context.fromUserPass(OneKDC.USER, OneKDC.PASS, false);
        s = Context.fromThinAir();

        // This is the only setting needed for JGSS without JAAS. The default
        // JAAS config entries are already created by OneKDC.
        System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");

        c.startAsClient(OneKDC.BACKEND, GSSUtil.GSS_KRB5_MECH_OID);
        s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);

        Context.handshake(c, s);

        Context.transmit("i say high --", c, s);
        Context.transmit("   you say low", s, c);

        s.dispose();
        c.dispose();
    }
 
Example #20
Source Project: openjdk-8-source   Author: keerath   File: NativeGSSContext.java    License: GNU General Public License v2.0 6 votes vote down vote up
private void doServicePermCheck() throws GSSException {
    if (System.getSecurityManager() != null) {
        String action = (isInitiator? "initiate" : "accept");
        // Need to check Service permission for accessing
        // initiator cred for SPNEGO during context establishment
        if (GSSUtil.isSpNegoMech(cStub.getMech()) && isInitiator
            && !isEstablished) {
            if (srcName == null) {
                // Check by creating default initiator KRB5 cred
                GSSCredElement tempCred =
                    new GSSCredElement(null, lifetime,
                                       GSSCredential.INITIATE_ONLY,
                                       GSSLibStub.getInstance(GSSUtil.GSS_KRB5_MECH_OID));
                tempCred.dispose();
            } else {
                String tgsName = Krb5Util.getTGSName(srcName);
                Krb5Util.checkServicePermission(tgsName, action);
            }
        }
        String targetStr = targetName.getKrbName();
        Krb5Util.checkServicePermission(targetStr, action);
        skipServicePermCheck = true;
    }
}
 
Example #21
Source Project: TencentKona-8   Author: Tencent   File: NativeGSSContext.java    License: GNU General Public License v2.0 6 votes vote down vote up
NativeGSSContext(long pCtxt, GSSLibStub stub) throws GSSException {
    assert(pContext != 0);
    pContext = pCtxt;
    cStub = stub;

    // Set everything except cred, cb, delegatedCred
    long[] info = cStub.inquireContext(pContext);
    if (info.length != NUM_OF_INQUIRE_VALUES) {
        throw new RuntimeException("Bug w/ GSSLibStub.inquireContext()");
    }
    srcName = new GSSNameElement(info[0], cStub);
    targetName = new GSSNameElement(info[1], cStub);
    isInitiator = (info[2] != 0);
    isEstablished = (info[3] != 0);
    flags = (int) info[4];
    lifetime = (int) info[5];

    // Do Service Permission check when importing SPNEGO context
    // just to be safe
    Oid mech = cStub.getMech();
    if (GSSUtil.isSpNegoMech(mech) || GSSUtil.isKerberosMech(mech)) {
        doServicePermCheck();
    }
}
 
Example #22
Source Project: openjdk-8   Author: bpupadhyaya   File: NewSalt.java    License: GNU General Public License v2.0 6 votes vote down vote up
public static void main(String[] args)
        throws Exception {

    // Create and start the KDC
    KDC kdc = new OneKDC(null);
    if (System.getProperty("onlyonepreauth") != null) {
        KDC.saveConfig(OneKDC.KRB5_CONF, kdc,
                "default_tgs_enctypes=des3-cbc-sha1");
        Config.refresh();
        kdc.setOption(KDC.Option.ONLY_ONE_PREAUTH, true);
    }
    if (System.getProperty("nopreauth") != null) {
        kdc.setOption(KDC.Option.PREAUTH_REQUIRED, false);
    }

    // Use a different case of name. KDC will return correct salt
    Context c1 = Context.fromUserPass(OneKDC.USER.toUpperCase(),
            OneKDC.PASS, true);
    Context c2 = Context.fromUserPass(OneKDC.USER2.toUpperCase(),
            OneKDC.PASS2, true);

    c1.startAsClient(OneKDC.USER2, GSSUtil.GSS_KRB5_MECH_OID);
    c2.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);

    Context.handshake(c1, c2);
}
 
Example #23
Source Project: dragonwell8_jdk   Author: alibaba   File: GSSNameElement.java    License: GNU General Public License v2.0 5 votes vote down vote up
private static Oid getNativeNameType(Oid nameType, GSSLibStub stub) {
    if (GSSUtil.NT_GSS_KRB5_PRINCIPAL.equals(nameType)) {
        Oid[] supportedNTs = null;
        try {
            supportedNTs = stub.inquireNamesForMech();
        } catch (GSSException ge) {
            if (ge.getMajor() == GSSException.BAD_MECH &&
                GSSUtil.isSpNegoMech(stub.getMech())) {
                // Workaround known Heimdal issue and retry with KRB5
                try {
                    stub = GSSLibStub.getInstance
                        (GSSUtil.GSS_KRB5_MECH_OID);
                    supportedNTs = stub.inquireNamesForMech();
                } catch (GSSException ge2) {
                    // Should never happen
                    SunNativeProvider.debug("Name type list unavailable: " +
                        ge2.getMajorString());
                }
            } else {
                SunNativeProvider.debug("Name type list unavailable: " +
                    ge.getMajorString());
            }
        }
        if (supportedNTs != null) {
            for (int i = 0; i < supportedNTs.length; i++) {
                if (supportedNTs[i].equals(nameType)) return nameType;
            }
            // Special handling the specified name type
            SunNativeProvider.debug("Override " + nameType +
                " with mechanism default(null)");
            return null; // Use mechanism specific default
        }
    }
    return nameType;
}
 
Example #24
Source Project: openjdk-jdk9   Author: AdoptOpenJDK   File: NoInitNoKeytab.java    License: GNU General Public License v2.0 5 votes vote down vote up
public static void main(String[] args) throws Exception {

        new OneKDC(null).writeJAASConf();
        try (FileOutputStream fos =
                new FileOutputStream(OneKDC.JAAS_CONF, true)) {
            fos.write((
                "noinit {\n" +
                "    com.sun.security.auth.module.Krb5LoginModule required\n" +
                "    principal=\"" + OneKDC.USER + "\"\n" +
                "    useKeyTab=false\n" +
                "    isInitiator=false\n" +
                "    storeKey=true;\n};\n").getBytes());
        }
        Context c, s;
        c = Context.fromJAAS("client");
        s = Context.fromJAAS("noinit");

        c.startAsClient(OneKDC.USER, GSSUtil.GSS_SPNEGO_MECH_OID);
        s.startAsServer(GSSUtil.GSS_SPNEGO_MECH_OID);

        Context.handshake(c, s);

        Context.transmit("i say high --", c, s);
        Context.transmit("   you say low", s, c);

        s.dispose();
        c.dispose();
    }
 
Example #25
Source Project: jdk8u_jdk   Author: JetBrains   File: RRC.java    License: GNU General Public License v2.0 5 votes vote down vote up
public static void main(String[] args) throws Exception {

        new OneKDC(null).writeJAASConf();

        Context c, s;
        c = Context.fromJAAS("client");
        s = Context.fromJAAS("server");

        c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_SPNEGO_MECH_OID);
        s.startAsServer(GSSUtil.GSS_SPNEGO_MECH_OID);

        Context.handshake(c, s);

        byte[] msg = "i say high --".getBytes();
        byte[] wrapped = c.wrap(msg, false);

        // Simulate RRC equals to EC
        int rrc = wrapped[5];
        byte[] rotated = new byte[wrapped.length];
        System.arraycopy(wrapped, 0, rotated, 0, 16);
        System.arraycopy(wrapped, wrapped.length-rrc, rotated, 16, rrc);
        System.arraycopy(wrapped, 16, rotated, 16+rrc, wrapped.length-16-rrc);
        rotated[7] = (byte)rrc;

        byte[] unwrapped = s.unwrap(rotated, false);
        if (!Arrays.equals(msg, unwrapped)) {
            throw new Exception("Failure");
        }

        s.dispose();
        c.dispose();
    }
 
Example #26
Source Project: openjdk-8   Author: bpupadhyaya   File: KvnoNA.java    License: GNU General Public License v2.0 5 votes vote down vote up
public static void main(String[] args)
        throws Exception {

    OneKDC kdc = new OneKDC(null);
    kdc.writeJAASConf();

    // In KDC, it's 2
    char[] pass = "pass2".toCharArray();
    kdc.addPrincipal(OneKDC.SERVER, pass);

    // In ktab, kvno is 1 or 3, 3 has the same password
    KeyTab ktab = KeyTab.create(OneKDC.KTAB);
    PrincipalName p = new PrincipalName(
        OneKDC.SERVER+"@"+OneKDC.REALM, PrincipalName.KRB_NT_SRV_HST);
    ktab.addEntry(p, "pass1".toCharArray(), 1, true);
    ktab.addEntry(p, "pass2".toCharArray(), 3, true);
    ktab.save();

    Context c, s;

    c = Context.fromUserPass("dummy", "bogus".toCharArray(), false);
    s = Context.fromJAAS("server");

    c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
    s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);

    Context.handshake(c, s);

    s.dispose();
    c.dispose();
}
 
Example #27
Source Project: openjdk-jdk9   Author: AdoptOpenJDK   File: UnboundService.java    License: GNU General Public License v2.0 5 votes vote down vote up
/**
 * @param args JAAS config pricipal and GSSCredential creation name
 */
public static void main(String[] args) throws Exception {

    String principal = args[0];
    if (principal.equals("null")) principal = null;

    String server = args[1];
    if (server.equals("null")) server = null;

    new OneKDC(null).writeJAASConf();
    File f = new File(OneKDC.JAAS_CONF);
    try (FileOutputStream fos = new FileOutputStream(f)) {
        fos.write((
            "client {\n" +
            "    com.sun.security.auth.module.Krb5LoginModule required;\n};\n" +
            "unbound {\n" +
            "    com.sun.security.auth.module.Krb5LoginModule required\n" +
            "    useKeyTab=true\n" +
            "    principal=" +
                (principal==null? "*" :("\"" + principal + "\"")) + "\n" +
            "    doNotPrompt=true\n" +
            "    isInitiator=false\n" +
            "    storeKey=true;\n};\n"
            ).getBytes());
    }

    Context c, s;
    c = Context.fromJAAS("client");
    s = Context.fromJAAS("unbound");

    c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
    s.startAsServer(server, GSSUtil.GSS_KRB5_MECH_OID);

    Context.handshake(c, s);

    s.dispose();
    c.dispose();
}
 
Example #28
Source Project: openjdk-8   Author: bpupadhyaya   File: NoneReplayCacheTest.java    License: GNU General Public License v2.0 5 votes vote down vote up
public static void main(String[] args)
        throws Exception {

    new OneKDC(null);

    System.setProperty("sun.security.krb5.rcache", "none");
    System.setProperty("sun.security.krb5.acceptor.subkey", "true");

    Context c, s;
    c = Context.fromUserPass(OneKDC.USER, OneKDC.PASS, false);
    s = Context.fromUserKtab(OneKDC.SERVER, OneKDC.KTAB, true);

    c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
    s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);

    byte[] first = c.take(new byte[0]);

    c.take(s.take(first));

    byte[] msg = c.wrap("hello".getBytes(), true);
    s.unwrap(msg, true);

    s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);
    s.take(first);  // apreq replay not detectable
    try {
        s.unwrap(msg, true);    // msg replay detectable
        throw new Exception("This method should fail");
    } catch (GSSException gsse) {
        gsse.printStackTrace();
    }
}
 
Example #29
Source Project: openjdk-jdk9   Author: AdoptOpenJDK   File: GSSNameElement.java    License: GNU General Public License v2.0 5 votes vote down vote up
public String getKrbName() throws GSSException {
    long mName = 0;
    GSSLibStub stub = cStub;
    if (!GSSUtil.isKerberosMech(cStub.getMech())) {
        stub = GSSLibStub.getInstance(GSSUtil.GSS_KRB5_MECH_OID);
    }
    mName = stub.canonicalizeName(pName);
    Object[] printables2 = stub.displayName(mName);
    stub.releaseName(mName);
    SunNativeProvider.debug("Got kerberized name: " + printables2[0]);
    return (String) printables2[0];
}
 
Example #30
Source Project: jdk8u-jdk   Author: lambdalab-mirror   File: UnboundService.java    License: GNU General Public License v2.0 5 votes vote down vote up
/**
 * @param args JAAS config pricipal and GSSCredential creation name
 */
public static void main(String[] args) throws Exception {

    String principal = args[0];
    if (principal.equals("null")) principal = null;

    String server = args[1];
    if (server.equals("null")) server = null;

    new OneKDC(null).writeJAASConf();
    File f = new File(OneKDC.JAAS_CONF);
    try (FileOutputStream fos = new FileOutputStream(f)) {
        fos.write((
            "client {\n" +
            "    com.sun.security.auth.module.Krb5LoginModule required;\n};\n" +
            "unbound {\n" +
            "    com.sun.security.auth.module.Krb5LoginModule required\n" +
            "    useKeyTab=true\n" +
            "    principal=" +
                (principal==null? "*" :("\"" + principal + "\"")) + "\n" +
            "    doNotPrompt=true\n" +
            "    isInitiator=false\n" +
            "    storeKey=true;\n};\n"
            ).getBytes());
    }

    Context c, s;
    c = Context.fromJAAS("client");
    s = Context.fromJAAS("unbound");

    c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
    s.startAsServer(server, GSSUtil.GSS_KRB5_MECH_OID);

    Context.handshake(c, s);

    s.dispose();
    c.dispose();
}