sun.security.krb5.KrbException Java Examples

The following examples show how to use sun.security.krb5.KrbException. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source Project: jdk8u_jdk   Author: JetBrains   File: Krb5Util.java    License: GNU General Public License v2.0 6 votes vote down vote up
public static Credentials ticketToCreds(KerberosTicket kerbTicket)
        throws KrbException, IOException {
    KerberosPrincipal clientAlias = KerberosSecrets
            .getJavaxSecurityAuthKerberosAccess()
            .kerberosTicketGetClientAlias(kerbTicket);
    KerberosPrincipal serverAlias = KerberosSecrets
            .getJavaxSecurityAuthKerberosAccess()
            .kerberosTicketGetServerAlias(kerbTicket);
    return new Credentials(
        kerbTicket.getEncoded(),
        kerbTicket.getClient().getName(),
        (clientAlias != null ? clientAlias.getName() : null),
        kerbTicket.getServer().getName(),
        (serverAlias != null ? serverAlias.getName() : null),
        kerbTicket.getSessionKey().getEncoded(),
        kerbTicket.getSessionKeyType(),
        kerbTicket.getFlags(),
        kerbTicket.getAuthTime(),
        kerbTicket.getStartTime(),
        kerbTicket.getEndTime(),
        kerbTicket.getRenewTill(),
        kerbTicket.getClientAddresses());
}
 
Example #2
Source Project: jdk8u-jdk   Author: lambdalab-mirror   File: KerberosPreMasterSecret.java    License: GNU General Public License v2.0 6 votes vote down vote up
/**
 * Constructor used by client to generate premaster secret.
 *
 * Client randomly creates a pre-master secret and encrypts it
 * using the Kerberos session key; only the server can decrypt
 * it, using the session key available in the service ticket.
 *
 * @param protocolVersion used to set preMaster[0,1]
 * @param generator random number generator for generating premaster secret
 * @param sessionKey Kerberos session key for encrypting premaster secret
 */
KerberosPreMasterSecret(ProtocolVersion protocolVersion,
    SecureRandom generator, EncryptionKey sessionKey) throws IOException {

    if (sessionKey.getEType() ==
        EncryptedData.ETYPE_DES3_CBC_HMAC_SHA1_KD) {
        throw new IOException(
           "session keys with des3-cbc-hmac-sha1-kd encryption type " +
           "are not supported for TLS Kerberos cipher suites");
    }

    this.protocolVersion = protocolVersion;
    preMaster = generatePreMaster(generator, protocolVersion);

    // Encrypt premaster secret
    try {
        EncryptedData eData = new EncryptedData(sessionKey, preMaster,
            KeyUsage.KU_UNKNOWN);
        encrypted = eData.getBytes();  // not ASN.1 encoded.

    } catch (KrbException e) {
        throw (SSLKeyException)new SSLKeyException
            ("Kerberos premaster secret error").initCause(e);
    }
}
 
Example #3
Source Project: hottub   Author: dsrg-uoft   File: EType.java    License: GNU General Public License v2.0 6 votes vote down vote up
/**
 * Retrieves the default etypes from the configuration file, or
 * if that's not available, return the built-in list of default etypes.
 * This result is always non-empty. If no etypes are found,
 * an exception is thrown.
 */
public static int[] getDefaults(String configName)
        throws KrbException {
    Config config = null;
    try {
        config = Config.getInstance();
    } catch (KrbException exc) {
        if (DEBUG) {
            System.out.println("Exception while getting " +
                configName + exc.getMessage());
            System.out.println("Using default builtin etypes");
        }
        return getBuiltInDefaults();
    }
    return config.defaultEtype(configName);
}
 
Example #4
Source Project: hottub   Author: dsrg-uoft   File: KerberosTime.java    License: GNU General Public License v2.0 6 votes vote down vote up
public static int getDefaultSkew() {
    int tdiff = Krb5.DEFAULT_ALLOWABLE_CLOCKSKEW;
    try {
        if ((tdiff = Config.getInstance().getIntValue(
                "libdefaults", "clockskew"))
                    == Integer.MIN_VALUE) {   //value is not defined
            tdiff = Krb5.DEFAULT_ALLOWABLE_CLOCKSKEW;
        }
    } catch (KrbException e) {
        if (DEBUG) {
            System.out.println("Exception in getting clockskew from " +
                               "Configuration " +
                               "using default value " +
                               e.getMessage());
        }
    }
    return tdiff;
}
 
Example #5
Source Project: dragonwell8_jdk   Author: alibaba   File: EType.java    License: GNU General Public License v2.0 6 votes vote down vote up
/**
 * Retrieves the default etypes from the configuration file, or
 * if that's not available, return the built-in list of default etypes.
 * This result is always non-empty. If no etypes are found,
 * an exception is thrown.
 */
public static int[] getDefaults(String configName)
        throws KrbException {
    Config config = null;
    try {
        config = Config.getInstance();
    } catch (KrbException exc) {
        if (DEBUG) {
            System.out.println("Exception while getting " +
                configName + exc.getMessage());
            System.out.println("Using default builtin etypes");
        }
        return getBuiltInDefaults();
    }
    return config.defaultEtype(configName);
}
 
Example #6
Source Project: dragonwell8_jdk   Author: alibaba   File: DNS.java    License: GNU General Public License v2.0 6 votes vote down vote up
public static void main(String[] args) throws Exception {
    System.setProperty("java.security.krb5.conf",
            System.getProperty("test.src", ".") +"/no-such-file.conf");
    Config config = Config.getInstance();
    try {
        String r = config.getDefaultRealm();
        throw new Exception("What? There is a default realm " + r + "?");
    } catch (KrbException ke) {
        ke.printStackTrace();
        if (ke.getCause() != null) {
            throw new Exception("There should be no cause. Won't try DNS");
        }
    }
    String kdcs = config.getKDCList("X");
    if (!kdcs.equals("a.com.:88 b.com.:99") &&
            !kdcs.equals("a.com. b.com.:99")) {
        throw new Exception("Strange KDC: [" + kdcs + "]");
    };
}
 
Example #7
Source Project: TencentKona-8   Author: Tencent   File: Krb5ProxyCredential.java    License: GNU General Public License v2.0 6 votes vote down vote up
static Krb5CredElement tryImpersonation(GSSCaller caller,
        Krb5InitCredential initiator) throws GSSException {

    try {
        KerberosTicket proxy = initiator.proxyTicket;
        if (proxy != null) {
            Credentials proxyCreds = Krb5Util.ticketToCreds(proxy);
            return new Krb5ProxyCredential(initiator,
                    Krb5NameElement.getInstance(proxyCreds.getClient()),
                    proxyCreds.getTicket());
        } else {
            return initiator;
        }
    } catch (KrbException | IOException e) {
        throw new GSSException(GSSException.DEFECTIVE_CREDENTIAL, -1,
                "Cannot create proxy credential");
    }
}
 
Example #8
Source Project: TencentKona-8   Author: Tencent   File: KerberosPreMasterSecret.java    License: GNU General Public License v2.0 6 votes vote down vote up
/**
 * Constructor used by client to generate premaster secret.
 *
 * Client randomly creates a pre-master secret and encrypts it
 * using the Kerberos session key; only the server can decrypt
 * it, using the session key available in the service ticket.
 *
 * @param protocolVersion used to set preMaster[0,1]
 * @param generator random number generator for generating premaster secret
 * @param sessionKey Kerberos session key for encrypting premaster secret
 */
KerberosPreMasterSecret(ProtocolVersion protocolVersion,
    SecureRandom generator, EncryptionKey sessionKey) throws IOException {

    if (sessionKey.getEType() ==
        EncryptedData.ETYPE_DES3_CBC_HMAC_SHA1_KD) {
        throw new IOException(
           "session keys with des3-cbc-hmac-sha1-kd encryption type " +
           "are not supported for TLS Kerberos cipher suites");
    }

    this.protocolVersion = protocolVersion;
    preMaster = generatePreMaster(generator, protocolVersion);

    // Encrypt premaster secret
    try {
        EncryptedData eData = new EncryptedData(sessionKey, preMaster,
            KeyUsage.KU_UNKNOWN);
        encrypted = eData.getBytes();  // not ASN.1 encoded.

    } catch (KrbException e) {
        throw (SSLKeyException)new SSLKeyException
            ("Kerberos premaster secret error").initCause(e);
    }
}
 
Example #9
Source Project: TencentKona-8   Author: Tencent   File: KerberosTime.java    License: GNU General Public License v2.0 6 votes vote down vote up
public static int getDefaultSkew() {
    int tdiff = Krb5.DEFAULT_ALLOWABLE_CLOCKSKEW;
    try {
        if ((tdiff = Config.getInstance().getIntValue(
                "libdefaults", "clockskew"))
                    == Integer.MIN_VALUE) {   //value is not defined
            tdiff = Krb5.DEFAULT_ALLOWABLE_CLOCKSKEW;
        }
    } catch (KrbException e) {
        if (DEBUG) {
            System.out.println("Exception in getting clockskew from " +
                               "Configuration " +
                               "using default value " +
                               e.getMessage());
        }
    }
    return tdiff;
}
 
Example #10
Source Project: TencentKona-8   Author: Tencent   File: HostAddresses.java    License: GNU General Public License v2.0 6 votes vote down vote up
public HostAddresses(PrincipalName serverPrincipal)
    throws UnknownHostException, KrbException {

    String[] components = serverPrincipal.getNameStrings();

    if (serverPrincipal.getNameType() != PrincipalName.KRB_NT_SRV_HST ||
        components.length < 2)
        throw new KrbException(Krb5.KRB_ERR_GENERIC, "Bad name");

    String host = components[1];
    InetAddress addr[] = InetAddress.getAllByName(host);
    HostAddress hAddrs[] = new HostAddress[addr.length];

    for (int i = 0; i < addr.length; i++) {
        hAddrs[i] = new HostAddress(addr[i]);
    }

    addresses = hAddrs;
}
 
Example #11
Source Project: openjdk-8   Author: bpupadhyaya   File: KerberosTime.java    License: GNU General Public License v2.0 6 votes vote down vote up
public static int getDefaultSkew() {
    int tdiff = Krb5.DEFAULT_ALLOWABLE_CLOCKSKEW;
    try {
        if ((tdiff = Config.getInstance().getIntValue(
                "libdefaults", "clockskew"))
                    == Integer.MIN_VALUE) {   //value is not defined
            tdiff = Krb5.DEFAULT_ALLOWABLE_CLOCKSKEW;
        }
    } catch (KrbException e) {
        if (DEBUG) {
            System.out.println("Exception in getting clockskew from " +
                               "Configuration " +
                               "using default value " +
                               e.getMessage());
        }
    }
    return tdiff;
}
 
Example #12
Source Project: jdk8u-jdk   Author: lambdalab-mirror   File: EType.java    License: GNU General Public License v2.0 6 votes vote down vote up
/**
 * Retrieves the default etypes from the configuration file, or
 * if that's not available, return the built-in list of default etypes.
 * This result is always non-empty. If no etypes are found,
 * an exception is thrown.
 */
public static int[] getDefaults(String configName)
        throws KrbException {
    Config config = null;
    try {
        config = Config.getInstance();
    } catch (KrbException exc) {
        if (DEBUG) {
            System.out.println("Exception while getting " +
                configName + exc.getMessage());
            System.out.println("Using default builtin etypes");
        }
        return getBuiltInDefaults();
    }
    return config.defaultEtype(configName);
}
 
Example #13
Source Project: TencentKona-8   Author: Tencent   File: BasicKrb5Test.java    License: GNU General Public License v2.0 6 votes vote down vote up
/**
 * @param args empty or etype
 */
public static void main(String[] args)
        throws Exception {

    String etype = null;
    for (String arg: args) {
        if (arg.equals("-s")) Context.usingStream = true;
        else if (arg.equals("-C")) conf = false;
        else etype = arg;
    }

    // Creates and starts the KDC. This line must be put ahead of etype check
    // since the check needs a krb5.conf.
    try {
        new OneKDC(etype).writeJAASConf();
    } catch (KrbException ke) {
        System.out.println("Testing etype " + etype + "Not supported.");
        return;
    }

    new BasicKrb5Test().go(OneKDC.SERVER, OneKDC.BACKEND);
}
 
Example #14
Source Project: openjdk-8-source   Author: keerath   File: KerberosPreMasterSecret.java    License: GNU General Public License v2.0 6 votes vote down vote up
/**
 * Constructor used by client to generate premaster secret.
 *
 * Client randomly creates a pre-master secret and encrypts it
 * using the Kerberos session key; only the server can decrypt
 * it, using the session key available in the service ticket.
 *
 * @param protocolVersion used to set preMaster[0,1]
 * @param generator random number generator for generating premaster secret
 * @param sessionKey Kerberos session key for encrypting premaster secret
 */
KerberosPreMasterSecret(ProtocolVersion protocolVersion,
    SecureRandom generator, EncryptionKey sessionKey) throws IOException {

    if (sessionKey.getEType() ==
        EncryptedData.ETYPE_DES3_CBC_HMAC_SHA1_KD) {
        throw new IOException(
           "session keys with des3-cbc-hmac-sha1-kd encryption type " +
           "are not supported for TLS Kerberos cipher suites");
    }

    this.protocolVersion = protocolVersion;
    preMaster = generatePreMaster(generator, protocolVersion);

    // Encrypt premaster secret
    try {
        EncryptedData eData = new EncryptedData(sessionKey, preMaster,
            KeyUsage.KU_UNKNOWN);
        encrypted = eData.getBytes();  // not ASN.1 encoded.

    } catch (KrbException e) {
        throw (SSLKeyException)new SSLKeyException
            ("Kerberos premaster secret error").initCause(e);
    }
}
 
Example #15
Source Project: jdk8u_jdk   Author: JetBrains   File: Krb5ProxyCredential.java    License: GNU General Public License v2.0 6 votes vote down vote up
static Krb5CredElement tryImpersonation(GSSCaller caller,
        Krb5InitCredential initiator) throws GSSException {

    try {
        KerberosTicket proxy = initiator.proxyTicket;
        if (proxy != null) {
            Credentials proxyCreds = Krb5Util.ticketToCreds(proxy);
            return new Krb5ProxyCredential(initiator,
                    Krb5NameElement.getInstance(proxyCreds.getClient()),
                    proxyCreds.getTicket());
        } else {
            return initiator;
        }
    } catch (KrbException | IOException e) {
        throw new GSSException(GSSException.DEFECTIVE_CREDENTIAL, -1,
                "Cannot create proxy credential");
    }
}
 
Example #16
Source Project: jdk8u60   Author: chenghanpeng   File: KerberosPreMasterSecret.java    License: GNU General Public License v2.0 6 votes vote down vote up
/**
 * Constructor used by client to generate premaster secret.
 *
 * Client randomly creates a pre-master secret and encrypts it
 * using the Kerberos session key; only the server can decrypt
 * it, using the session key available in the service ticket.
 *
 * @param protocolVersion used to set preMaster[0,1]
 * @param generator random number generator for generating premaster secret
 * @param sessionKey Kerberos session key for encrypting premaster secret
 */
KerberosPreMasterSecret(ProtocolVersion protocolVersion,
    SecureRandom generator, EncryptionKey sessionKey) throws IOException {

    if (sessionKey.getEType() ==
        EncryptedData.ETYPE_DES3_CBC_HMAC_SHA1_KD) {
        throw new IOException(
           "session keys with des3-cbc-hmac-sha1-kd encryption type " +
           "are not supported for TLS Kerberos cipher suites");
    }

    this.protocolVersion = protocolVersion;
    preMaster = generatePreMaster(generator, protocolVersion);

    // Encrypt premaster secret
    try {
        EncryptedData eData = new EncryptedData(sessionKey, preMaster,
            KeyUsage.KU_UNKNOWN);
        encrypted = eData.getBytes();  // not ASN.1 encoded.

    } catch (KrbException e) {
        throw (SSLKeyException)new SSLKeyException
            ("Kerberos premaster secret error").initCause(e);
    }
}
 
Example #17
Source Project: jdk8u60   Author: chenghanpeng   File: KerberosTime.java    License: GNU General Public License v2.0 6 votes vote down vote up
public static int getDefaultSkew() {
    int tdiff = Krb5.DEFAULT_ALLOWABLE_CLOCKSKEW;
    try {
        if ((tdiff = Config.getInstance().getIntValue(
                "libdefaults", "clockskew"))
                    == Integer.MIN_VALUE) {   //value is not defined
            tdiff = Krb5.DEFAULT_ALLOWABLE_CLOCKSKEW;
        }
    } catch (KrbException e) {
        if (DEBUG) {
            System.out.println("Exception in getting clockskew from " +
                               "Configuration " +
                               "using default value " +
                               e.getMessage());
        }
    }
    return tdiff;
}
 
Example #18
Source Project: openjdk-8   Author: bpupadhyaya   File: EType.java    License: GNU General Public License v2.0 6 votes vote down vote up
/**
 * Retrieves the default etypes from the configuration file, or
 * if that's not available, return the built-in list of default etypes.
 * This result is always non-empty. If no etypes are found,
 * an exception is thrown.
 */
public static int[] getDefaults(String configName)
        throws KrbException {
    Config config = null;
    try {
        config = Config.getInstance();
    } catch (KrbException exc) {
        if (DEBUG) {
            System.out.println("Exception while getting " +
                configName + exc.getMessage());
            System.out.println("Using default builtin etypes");
        }
        return getBuiltInDefaults();
    }
    return config.defaultEtype(configName);
}
 
Example #19
Source Project: jdk8u_jdk   Author: JetBrains   File: KerberosTime.java    License: GNU General Public License v2.0 6 votes vote down vote up
public static int getDefaultSkew() {
    int tdiff = Krb5.DEFAULT_ALLOWABLE_CLOCKSKEW;
    try {
        if ((tdiff = Config.getInstance().getIntValue(
                "libdefaults", "clockskew"))
                    == Integer.MIN_VALUE) {   //value is not defined
            tdiff = Krb5.DEFAULT_ALLOWABLE_CLOCKSKEW;
        }
    } catch (KrbException e) {
        if (DEBUG) {
            System.out.println("Exception in getting clockskew from " +
                               "Configuration " +
                               "using default value " +
                               e.getMessage());
        }
    }
    return tdiff;
}
 
Example #20
Source Project: jdk8u60   Author: chenghanpeng   File: DNS.java    License: GNU General Public License v2.0 6 votes vote down vote up
public static void main(String[] args) throws Exception {
    System.setProperty("java.security.krb5.conf",
            System.getProperty("test.src", ".") +"/no-such-file.conf");
    Config config = Config.getInstance();
    try {
        String r = config.getDefaultRealm();
        throw new Exception("What? There is a default realm " + r + "?");
    } catch (KrbException ke) {
        ke.printStackTrace();
        if (ke.getCause() != null) {
            throw new Exception("There should be no cause. Won't try DNS");
        }
    }
    String kdcs = config.getKDCList("X");
    if (!kdcs.equals("a.com.:88 b.com.:99") &&
            !kdcs.equals("a.com. b.com.:99")) {
        throw new Exception("Strange KDC: [" + kdcs + "]");
    };
}
 
Example #21
Source Project: jdk8u-jdk   Author: lambdalab-mirror   File: DNS.java    License: GNU General Public License v2.0 6 votes vote down vote up
public static void main(String[] args) throws Exception {
    System.setProperty("java.security.krb5.conf",
            System.getProperty("test.src", ".") +"/no-such-file.conf");
    Config config = Config.getInstance();
    try {
        String r = config.getDefaultRealm();
        throw new Exception("What? There is a default realm " + r + "?");
    } catch (KrbException ke) {
        ke.printStackTrace();
        if (ke.getCause() != null) {
            throw new Exception("There should be no cause. Won't try DNS");
        }
    }
    String kdcs = config.getKDCList("X");
    if (!kdcs.equals("a.com.:88 b.com.:99") &&
            !kdcs.equals("a.com. b.com.:99")) {
        throw new Exception("Strange KDC: [" + kdcs + "]");
    };
}
 
Example #22
Source Project: openjdk-jdk8u   Author: AdoptOpenJDK   File: Krb5ProxyCredential.java    License: GNU General Public License v2.0 6 votes vote down vote up
static Krb5CredElement tryImpersonation(GSSCaller caller,
        Krb5InitCredential initiator) throws GSSException {

    try {
        KerberosTicket proxy = initiator.proxyTicket;
        if (proxy != null) {
            Credentials proxyCreds = Krb5Util.ticketToCreds(proxy);
            return new Krb5ProxyCredential(initiator,
                    Krb5NameElement.getInstance(proxyCreds.getClient()),
                    proxyCreds.getTicket());
        } else {
            return initiator;
        }
    } catch (KrbException | IOException e) {
        throw new GSSException(GSSException.DEFECTIVE_CREDENTIAL, -1,
                "Cannot create proxy credential");
    }
}
 
Example #23
Source Project: openjdk-jdk8u   Author: AdoptOpenJDK   File: Krb5Util.java    License: GNU General Public License v2.0 6 votes vote down vote up
public static Credentials ticketToCreds(KerberosTicket kerbTicket)
        throws KrbException, IOException {
    KerberosPrincipal clientAlias = KerberosSecrets
            .getJavaxSecurityAuthKerberosAccess()
            .kerberosTicketGetClientAlias(kerbTicket);
    KerberosPrincipal serverAlias = KerberosSecrets
            .getJavaxSecurityAuthKerberosAccess()
            .kerberosTicketGetServerAlias(kerbTicket);
    return new Credentials(
        kerbTicket.getEncoded(),
        kerbTicket.getClient().getName(),
        (clientAlias != null ? clientAlias.getName() : null),
        kerbTicket.getServer().getName(),
        (serverAlias != null ? serverAlias.getName() : null),
        kerbTicket.getSessionKey().getEncoded(),
        kerbTicket.getSessionKeyType(),
        kerbTicket.getFlags(),
        kerbTicket.getAuthTime(),
        kerbTicket.getStartTime(),
        kerbTicket.getEndTime(),
        kerbTicket.getRenewTill(),
        kerbTicket.getClientAddresses());
}
 
Example #24
Source Project: openjdk-jdk8u   Author: AdoptOpenJDK   File: KerberosPreMasterSecret.java    License: GNU General Public License v2.0 6 votes vote down vote up
/**
 * Constructor used by client to generate premaster secret.
 *
 * Client randomly creates a pre-master secret and encrypts it
 * using the Kerberos session key; only the server can decrypt
 * it, using the session key available in the service ticket.
 *
 * @param protocolVersion used to set preMaster[0,1]
 * @param generator random number generator for generating premaster secret
 * @param sessionKey Kerberos session key for encrypting premaster secret
 */
KerberosPreMasterSecret(ProtocolVersion protocolVersion,
    SecureRandom generator, EncryptionKey sessionKey) throws IOException {

    if (sessionKey.getEType() ==
        EncryptedData.ETYPE_DES3_CBC_HMAC_SHA1_KD) {
        throw new IOException(
           "session keys with des3-cbc-hmac-sha1-kd encryption type " +
           "are not supported for TLS Kerberos cipher suites");
    }

    this.protocolVersion = protocolVersion;
    preMaster = generatePreMaster(generator, protocolVersion);

    // Encrypt premaster secret
    try {
        EncryptedData eData = new EncryptedData(sessionKey, preMaster,
            KeyUsage.KU_UNKNOWN);
        encrypted = eData.getBytes();  // not ASN.1 encoded.

    } catch (KrbException e) {
        throw (SSLKeyException)new SSLKeyException
            ("Kerberos premaster secret error").initCause(e);
    }
}
 
Example #25
Source Project: jdk8u_jdk   Author: JetBrains   File: BasicKrb5Test.java    License: GNU General Public License v2.0 6 votes vote down vote up
/**
 * @param args empty or etype
 */
public static void main(String[] args)
        throws Exception {

    String etype = null;
    for (String arg: args) {
        if (arg.equals("-s")) Context.usingStream = true;
        else if (arg.equals("-C")) conf = false;
        else etype = arg;
    }

    // Creates and starts the KDC. This line must be put ahead of etype check
    // since the check needs a krb5.conf.
    try {
        new OneKDC(etype).writeJAASConf();
    } catch (KrbException ke) {
        System.out.println("Testing etype " + etype + "Not supported.");
        return;
    }

    new BasicKrb5Test().go(OneKDC.SERVER, OneKDC.BACKEND);
}
 
Example #26
Source Project: openjdk-8   Author: bpupadhyaya   File: KerberosPreMasterSecret.java    License: GNU General Public License v2.0 6 votes vote down vote up
/**
 * Constructor used by client to generate premaster secret.
 *
 * Client randomly creates a pre-master secret and encrypts it
 * using the Kerberos session key; only the server can decrypt
 * it, using the session key available in the service ticket.
 *
 * @param protocolVersion used to set preMaster[0,1]
 * @param generator random number generator for generating premaster secret
 * @param sessionKey Kerberos session key for encrypting premaster secret
 */
KerberosPreMasterSecret(ProtocolVersion protocolVersion,
    SecureRandom generator, EncryptionKey sessionKey) throws IOException {

    if (sessionKey.getEType() ==
        EncryptedData.ETYPE_DES3_CBC_HMAC_SHA1_KD) {
        throw new IOException(
           "session keys with des3-cbc-hmac-sha1-kd encryption type " +
           "are not supported for TLS Kerberos cipher suites");
    }

    this.protocolVersion = protocolVersion;
    preMaster = generatePreMaster(generator, protocolVersion);

    // Encrypt premaster secret
    try {
        EncryptedData eData = new EncryptedData(sessionKey, preMaster,
            KeyUsage.KU_UNKNOWN);
        encrypted = eData.getBytes();  // not ASN.1 encoded.

    } catch (KrbException e) {
        throw (SSLKeyException)new SSLKeyException
            ("Kerberos premaster secret error").initCause(e);
    }
}
 
Example #27
Source Project: jdk8u_jdk   Author: JetBrains   File: HostAddresses.java    License: GNU General Public License v2.0 6 votes vote down vote up
public HostAddresses(PrincipalName serverPrincipal)
    throws UnknownHostException, KrbException {

    String[] components = serverPrincipal.getNameStrings();

    if (serverPrincipal.getNameType() != PrincipalName.KRB_NT_SRV_HST ||
        components.length < 2)
        throw new KrbException(Krb5.KRB_ERR_GENERIC, "Bad name");

    String host = components[1];
    InetAddress addr[] = InetAddress.getAllByName(host);
    HostAddress hAddrs[] = new HostAddress[addr.length];

    for (int i = 0; i < addr.length; i++) {
        hAddrs[i] = new HostAddress(addr[i]);
    }

    addresses = hAddrs;
}
 
Example #28
Source Project: openjdk-jdk8u-backup   Author: AdoptOpenJDK   File: KerberosPreMasterSecret.java    License: GNU General Public License v2.0 6 votes vote down vote up
/**
 * Constructor used by client to generate premaster secret.
 *
 * Client randomly creates a pre-master secret and encrypts it
 * using the Kerberos session key; only the server can decrypt
 * it, using the session key available in the service ticket.
 *
 * @param protocolVersion used to set preMaster[0,1]
 * @param generator random number generator for generating premaster secret
 * @param sessionKey Kerberos session key for encrypting premaster secret
 */
KerberosPreMasterSecret(ProtocolVersion protocolVersion,
    SecureRandom generator, EncryptionKey sessionKey) throws IOException {

    if (sessionKey.getEType() ==
        EncryptedData.ETYPE_DES3_CBC_HMAC_SHA1_KD) {
        throw new IOException(
           "session keys with des3-cbc-hmac-sha1-kd encryption type " +
           "are not supported for TLS Kerberos cipher suites");
    }

    this.protocolVersion = protocolVersion;
    preMaster = generatePreMaster(generator, protocolVersion);

    // Encrypt premaster secret
    try {
        EncryptedData eData = new EncryptedData(sessionKey, preMaster,
            KeyUsage.KU_UNKNOWN);
        encrypted = eData.getBytes();  // not ASN.1 encoded.

    } catch (KrbException e) {
        throw (SSLKeyException)new SSLKeyException
            ("Kerberos premaster secret error").initCause(e);
    }
}
 
Example #29
Source Project: openjdk-jdk8u-backup   Author: AdoptOpenJDK   File: KerberosTime.java    License: GNU General Public License v2.0 6 votes vote down vote up
public static int getDefaultSkew() {
    int tdiff = Krb5.DEFAULT_ALLOWABLE_CLOCKSKEW;
    try {
        if ((tdiff = Config.getInstance().getIntValue(
                "libdefaults", "clockskew"))
                    == Integer.MIN_VALUE) {   //value is not defined
            tdiff = Krb5.DEFAULT_ALLOWABLE_CLOCKSKEW;
        }
    } catch (KrbException e) {
        if (DEBUG) {
            System.out.println("Exception in getting clockskew from " +
                               "Configuration " +
                               "using default value " +
                               e.getMessage());
        }
    }
    return tdiff;
}
 
Example #30
Source Project: openjdk-jdk8u-backup   Author: AdoptOpenJDK   File: CksumType.java    License: GNU General Public License v2.0 6 votes vote down vote up
/**
 * Returns default checksum type.
 */
public static CksumType getInstance() throws KdcErrException {
    // this method provided for Kerberos applications.
    int cksumType = Checksum.CKSUMTYPE_RSA_MD5; // default
    try {
        Config c = Config.getInstance();
        if ((cksumType = (Config.getType(c.get("libdefaults",
                "ap_req_checksum_type")))) == - 1) {
            if ((cksumType = Config.getType(c.get("libdefaults",
                    "checksum_type"))) == -1) {
                cksumType = Checksum.CKSUMTYPE_RSA_MD5; // default
            }
        }
    } catch (KrbException e) {
    }
    return getInstance(cksumType);
}