sun.security.krb5.KrbException Java Examples
The following examples show how to use
sun.security.krb5.KrbException.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: DNS.java From jdk8u60 with GNU General Public License v2.0 | 6 votes |
|
public static void main(String[] args) throws Exception {
System.setProperty("java.security.krb5.conf",
System.getProperty("test.src", ".") +"/no-such-file.conf");
Config config = Config.getInstance();
try {
String r = config.getDefaultRealm();
throw new Exception("What? There is a default realm " + r + "?");
} catch (KrbException ke) {
ke.printStackTrace();
if (ke.getCause() != null) {
throw new Exception("There should be no cause. Won't try DNS");
}
}
String kdcs = config.getKDCList("X");
if (!kdcs.equals("a.com.:88 b.com.:99") &&
!kdcs.equals("a.com. b.com.:99")) {
throw new Exception("Strange KDC: [" + kdcs + "]");
};
}
Example #2
| Source File: Krb5Util.java From jdk8u_jdk with GNU General Public License v2.0 | 6 votes |
|
public static Credentials ticketToCreds(KerberosTicket kerbTicket)
throws KrbException, IOException {
KerberosPrincipal clientAlias = KerberosSecrets
.getJavaxSecurityAuthKerberosAccess()
.kerberosTicketGetClientAlias(kerbTicket);
KerberosPrincipal serverAlias = KerberosSecrets
.getJavaxSecurityAuthKerberosAccess()
.kerberosTicketGetServerAlias(kerbTicket);
return new Credentials(
kerbTicket.getEncoded(),
kerbTicket.getClient().getName(),
(clientAlias != null ? clientAlias.getName() : null),
kerbTicket.getServer().getName(),
(serverAlias != null ? serverAlias.getName() : null),
kerbTicket.getSessionKey().getEncoded(),
kerbTicket.getSessionKeyType(),
kerbTicket.getFlags(),
kerbTicket.getAuthTime(),
kerbTicket.getStartTime(),
kerbTicket.getEndTime(),
kerbTicket.getRenewTill(),
kerbTicket.getClientAddresses());
}
Example #3
| Source File: KerberosPreMasterSecret.java From jdk8u-jdk with GNU General Public License v2.0 | 6 votes |
|
/**
* Constructor used by client to generate premaster secret.
*
* Client randomly creates a pre-master secret and encrypts it
* using the Kerberos session key; only the server can decrypt
* it, using the session key available in the service ticket.
*
* @param protocolVersion used to set preMaster[0,1]
* @param generator random number generator for generating premaster secret
* @param sessionKey Kerberos session key for encrypting premaster secret
*/
KerberosPreMasterSecret(ProtocolVersion protocolVersion,
SecureRandom generator, EncryptionKey sessionKey) throws IOException {
if (sessionKey.getEType() ==
EncryptedData.ETYPE_DES3_CBC_HMAC_SHA1_KD) {
throw new IOException(
"session keys with des3-cbc-hmac-sha1-kd encryption type " +
"are not supported for TLS Kerberos cipher suites");
}
this.protocolVersion = protocolVersion;
preMaster = generatePreMaster(generator, protocolVersion);
// Encrypt premaster secret
try {
EncryptedData eData = new EncryptedData(sessionKey, preMaster,
KeyUsage.KU_UNKNOWN);
encrypted = eData.getBytes(); // not ASN.1 encoded.
} catch (KrbException e) {
throw (SSLKeyException)new SSLKeyException
("Kerberos premaster secret error").initCause(e);
}
}
Example #4
| Source File: EType.java From dragonwell8_jdk with GNU General Public License v2.0 | 6 votes |
|
/**
* Retrieves the default etypes from the configuration file, or
* if that's not available, return the built-in list of default etypes.
* This result is always non-empty. If no etypes are found,
* an exception is thrown.
*/
public static int[] getDefaults(String configName)
throws KrbException {
Config config = null;
try {
config = Config.getInstance();
} catch (KrbException exc) {
if (DEBUG) {
System.out.println("Exception while getting " +
configName + exc.getMessage());
System.out.println("Using default builtin etypes");
}
return getBuiltInDefaults();
}
return config.defaultEtype(configName);
}
Example #5
| Source File: DNS.java From dragonwell8_jdk with GNU General Public License v2.0 | 6 votes |
|
public static void main(String[] args) throws Exception {
System.setProperty("java.security.krb5.conf",
System.getProperty("test.src", ".") +"/no-such-file.conf");
Config config = Config.getInstance();
try {
String r = config.getDefaultRealm();
throw new Exception("What? There is a default realm " + r + "?");
} catch (KrbException ke) {
ke.printStackTrace();
if (ke.getCause() != null) {
throw new Exception("There should be no cause. Won't try DNS");
}
}
String kdcs = config.getKDCList("X");
if (!kdcs.equals("a.com.:88 b.com.:99") &&
!kdcs.equals("a.com. b.com.:99")) {
throw new Exception("Strange KDC: [" + kdcs + "]");
};
}
Example #6
| Source File: Krb5ProxyCredential.java From TencentKona-8 with GNU General Public License v2.0 | 6 votes |
|
static Krb5CredElement tryImpersonation(GSSCaller caller,
Krb5InitCredential initiator) throws GSSException {
try {
KerberosTicket proxy = initiator.proxyTicket;
if (proxy != null) {
Credentials proxyCreds = Krb5Util.ticketToCreds(proxy);
return new Krb5ProxyCredential(initiator,
Krb5NameElement.getInstance(proxyCreds.getClient()),
proxyCreds.getTicket());
} else {
return initiator;
}
} catch (KrbException | IOException e) {
throw new GSSException(GSSException.DEFECTIVE_CREDENTIAL, -1,
"Cannot create proxy credential");
}
}
Example #7
| Source File: KerberosTime.java From hottub with GNU General Public License v2.0 | 6 votes |
|
public static int getDefaultSkew() {
int tdiff = Krb5.DEFAULT_ALLOWABLE_CLOCKSKEW;
try {
if ((tdiff = Config.getInstance().getIntValue(
"libdefaults", "clockskew"))
== Integer.MIN_VALUE) { //value is not defined
tdiff = Krb5.DEFAULT_ALLOWABLE_CLOCKSKEW;
}
} catch (KrbException e) {
if (DEBUG) {
System.out.println("Exception in getting clockskew from " +
"Configuration " +
"using default value " +
e.getMessage());
}
}
return tdiff;
}
Example #8
| Source File: KerberosTime.java From openjdk-8 with GNU General Public License v2.0 | 6 votes |
|
public static int getDefaultSkew() {
int tdiff = Krb5.DEFAULT_ALLOWABLE_CLOCKSKEW;
try {
if ((tdiff = Config.getInstance().getIntValue(
"libdefaults", "clockskew"))
== Integer.MIN_VALUE) { //value is not defined
tdiff = Krb5.DEFAULT_ALLOWABLE_CLOCKSKEW;
}
} catch (KrbException e) {
if (DEBUG) {
System.out.println("Exception in getting clockskew from " +
"Configuration " +
"using default value " +
e.getMessage());
}
}
return tdiff;
}
Example #9
| Source File: EType.java From jdk8u-jdk with GNU General Public License v2.0 | 6 votes |
|
/**
* Retrieves the default etypes from the configuration file, or
* if that's not available, return the built-in list of default etypes.
* This result is always non-empty. If no etypes are found,
* an exception is thrown.
*/
public static int[] getDefaults(String configName)
throws KrbException {
Config config = null;
try {
config = Config.getInstance();
} catch (KrbException exc) {
if (DEBUG) {
System.out.println("Exception while getting " +
configName + exc.getMessage());
System.out.println("Using default builtin etypes");
}
return getBuiltInDefaults();
}
return config.defaultEtype(configName);
}
Example #10
| Source File: BasicKrb5Test.java From TencentKona-8 with GNU General Public License v2.0 | 6 votes |
|
/**
* @param args empty or etype
*/
public static void main(String[] args)
throws Exception {
String etype = null;
for (String arg: args) {
if (arg.equals("-s")) Context.usingStream = true;
else if (arg.equals("-C")) conf = false;
else etype = arg;
}
// Creates and starts the KDC. This line must be put ahead of etype check
// since the check needs a krb5.conf.
try {
new OneKDC(etype).writeJAASConf();
} catch (KrbException ke) {
System.out.println("Testing etype " + etype + "Not supported.");
return;
}
new BasicKrb5Test().go(OneKDC.SERVER, OneKDC.BACKEND);
}
Example #11
| Source File: KerberosPreMasterSecret.java From openjdk-8-source with GNU General Public License v2.0 | 6 votes |
|
/**
* Constructor used by client to generate premaster secret.
*
* Client randomly creates a pre-master secret and encrypts it
* using the Kerberos session key; only the server can decrypt
* it, using the session key available in the service ticket.
*
* @param protocolVersion used to set preMaster[0,1]
* @param generator random number generator for generating premaster secret
* @param sessionKey Kerberos session key for encrypting premaster secret
*/
KerberosPreMasterSecret(ProtocolVersion protocolVersion,
SecureRandom generator, EncryptionKey sessionKey) throws IOException {
if (sessionKey.getEType() ==
EncryptedData.ETYPE_DES3_CBC_HMAC_SHA1_KD) {
throw new IOException(
"session keys with des3-cbc-hmac-sha1-kd encryption type " +
"are not supported for TLS Kerberos cipher suites");
}
this.protocolVersion = protocolVersion;
preMaster = generatePreMaster(generator, protocolVersion);
// Encrypt premaster secret
try {
EncryptedData eData = new EncryptedData(sessionKey, preMaster,
KeyUsage.KU_UNKNOWN);
encrypted = eData.getBytes(); // not ASN.1 encoded.
} catch (KrbException e) {
throw (SSLKeyException)new SSLKeyException
("Kerberos premaster secret error").initCause(e);
}
}
Example #12
| Source File: Krb5ProxyCredential.java From jdk8u_jdk with GNU General Public License v2.0 | 6 votes |
|
static Krb5CredElement tryImpersonation(GSSCaller caller,
Krb5InitCredential initiator) throws GSSException {
try {
KerberosTicket proxy = initiator.proxyTicket;
if (proxy != null) {
Credentials proxyCreds = Krb5Util.ticketToCreds(proxy);
return new Krb5ProxyCredential(initiator,
Krb5NameElement.getInstance(proxyCreds.getClient()),
proxyCreds.getTicket());
} else {
return initiator;
}
} catch (KrbException | IOException e) {
throw new GSSException(GSSException.DEFECTIVE_CREDENTIAL, -1,
"Cannot create proxy credential");
}
}
Example #13
| Source File: KerberosPreMasterSecret.java From jdk8u60 with GNU General Public License v2.0 | 6 votes |
|
/**
* Constructor used by client to generate premaster secret.
*
* Client randomly creates a pre-master secret and encrypts it
* using the Kerberos session key; only the server can decrypt
* it, using the session key available in the service ticket.
*
* @param protocolVersion used to set preMaster[0,1]
* @param generator random number generator for generating premaster secret
* @param sessionKey Kerberos session key for encrypting premaster secret
*/
KerberosPreMasterSecret(ProtocolVersion protocolVersion,
SecureRandom generator, EncryptionKey sessionKey) throws IOException {
if (sessionKey.getEType() ==
EncryptedData.ETYPE_DES3_CBC_HMAC_SHA1_KD) {
throw new IOException(
"session keys with des3-cbc-hmac-sha1-kd encryption type " +
"are not supported for TLS Kerberos cipher suites");
}
this.protocolVersion = protocolVersion;
preMaster = generatePreMaster(generator, protocolVersion);
// Encrypt premaster secret
try {
EncryptedData eData = new EncryptedData(sessionKey, preMaster,
KeyUsage.KU_UNKNOWN);
encrypted = eData.getBytes(); // not ASN.1 encoded.
} catch (KrbException e) {
throw (SSLKeyException)new SSLKeyException
("Kerberos premaster secret error").initCause(e);
}
}
Example #14
| Source File: KerberosTime.java From jdk8u60 with GNU General Public License v2.0 | 6 votes |
|
public static int getDefaultSkew() {
int tdiff = Krb5.DEFAULT_ALLOWABLE_CLOCKSKEW;
try {
if ((tdiff = Config.getInstance().getIntValue(
"libdefaults", "clockskew"))
== Integer.MIN_VALUE) { //value is not defined
tdiff = Krb5.DEFAULT_ALLOWABLE_CLOCKSKEW;
}
} catch (KrbException e) {
if (DEBUG) {
System.out.println("Exception in getting clockskew from " +
"Configuration " +
"using default value " +
e.getMessage());
}
}
return tdiff;
}
Example #15
| Source File: KerberosTime.java From jdk8u_jdk with GNU General Public License v2.0 | 6 votes |
|
public static int getDefaultSkew() {
int tdiff = Krb5.DEFAULT_ALLOWABLE_CLOCKSKEW;
try {
if ((tdiff = Config.getInstance().getIntValue(
"libdefaults", "clockskew"))
== Integer.MIN_VALUE) { //value is not defined
tdiff = Krb5.DEFAULT_ALLOWABLE_CLOCKSKEW;
}
} catch (KrbException e) {
if (DEBUG) {
System.out.println("Exception in getting clockskew from " +
"Configuration " +
"using default value " +
e.getMessage());
}
}
return tdiff;
}
Example #16
| Source File: EType.java From openjdk-8 with GNU General Public License v2.0 | 6 votes |
|
/**
* Retrieves the default etypes from the configuration file, or
* if that's not available, return the built-in list of default etypes.
* This result is always non-empty. If no etypes are found,
* an exception is thrown.
*/
public static int[] getDefaults(String configName)
throws KrbException {
Config config = null;
try {
config = Config.getInstance();
} catch (KrbException exc) {
if (DEBUG) {
System.out.println("Exception while getting " +
configName + exc.getMessage());
System.out.println("Using default builtin etypes");
}
return getBuiltInDefaults();
}
return config.defaultEtype(configName);
}
Example #17
| Source File: DNS.java From jdk8u-jdk with GNU General Public License v2.0 | 6 votes |
|
public static void main(String[] args) throws Exception {
System.setProperty("java.security.krb5.conf",
System.getProperty("test.src", ".") +"/no-such-file.conf");
Config config = Config.getInstance();
try {
String r = config.getDefaultRealm();
throw new Exception("What? There is a default realm " + r + "?");
} catch (KrbException ke) {
ke.printStackTrace();
if (ke.getCause() != null) {
throw new Exception("There should be no cause. Won't try DNS");
}
}
String kdcs = config.getKDCList("X");
if (!kdcs.equals("a.com.:88 b.com.:99") &&
!kdcs.equals("a.com. b.com.:99")) {
throw new Exception("Strange KDC: [" + kdcs + "]");
};
}
Example #18
| Source File: Krb5ProxyCredential.java From openjdk-jdk8u with GNU General Public License v2.0 | 6 votes |
|
static Krb5CredElement tryImpersonation(GSSCaller caller,
Krb5InitCredential initiator) throws GSSException {
try {
KerberosTicket proxy = initiator.proxyTicket;
if (proxy != null) {
Credentials proxyCreds = Krb5Util.ticketToCreds(proxy);
return new Krb5ProxyCredential(initiator,
Krb5NameElement.getInstance(proxyCreds.getClient()),
proxyCreds.getTicket());
} else {
return initiator;
}
} catch (KrbException | IOException e) {
throw new GSSException(GSSException.DEFECTIVE_CREDENTIAL, -1,
"Cannot create proxy credential");
}
}
Example #19
| Source File: Krb5Util.java From openjdk-jdk8u with GNU General Public License v2.0 | 6 votes |
|
public static Credentials ticketToCreds(KerberosTicket kerbTicket)
throws KrbException, IOException {
KerberosPrincipal clientAlias = KerberosSecrets
.getJavaxSecurityAuthKerberosAccess()
.kerberosTicketGetClientAlias(kerbTicket);
KerberosPrincipal serverAlias = KerberosSecrets
.getJavaxSecurityAuthKerberosAccess()
.kerberosTicketGetServerAlias(kerbTicket);
return new Credentials(
kerbTicket.getEncoded(),
kerbTicket.getClient().getName(),
(clientAlias != null ? clientAlias.getName() : null),
kerbTicket.getServer().getName(),
(serverAlias != null ? serverAlias.getName() : null),
kerbTicket.getSessionKey().getEncoded(),
kerbTicket.getSessionKeyType(),
kerbTicket.getFlags(),
kerbTicket.getAuthTime(),
kerbTicket.getStartTime(),
kerbTicket.getEndTime(),
kerbTicket.getRenewTill(),
kerbTicket.getClientAddresses());
}
Example #20
| Source File: KerberosPreMasterSecret.java From openjdk-jdk8u with GNU General Public License v2.0 | 6 votes |
|
/**
* Constructor used by client to generate premaster secret.
*
* Client randomly creates a pre-master secret and encrypts it
* using the Kerberos session key; only the server can decrypt
* it, using the session key available in the service ticket.
*
* @param protocolVersion used to set preMaster[0,1]
* @param generator random number generator for generating premaster secret
* @param sessionKey Kerberos session key for encrypting premaster secret
*/
KerberosPreMasterSecret(ProtocolVersion protocolVersion,
SecureRandom generator, EncryptionKey sessionKey) throws IOException {
if (sessionKey.getEType() ==
EncryptedData.ETYPE_DES3_CBC_HMAC_SHA1_KD) {
throw new IOException(
"session keys with des3-cbc-hmac-sha1-kd encryption type " +
"are not supported for TLS Kerberos cipher suites");
}
this.protocolVersion = protocolVersion;
preMaster = generatePreMaster(generator, protocolVersion);
// Encrypt premaster secret
try {
EncryptedData eData = new EncryptedData(sessionKey, preMaster,
KeyUsage.KU_UNKNOWN);
encrypted = eData.getBytes(); // not ASN.1 encoded.
} catch (KrbException e) {
throw (SSLKeyException)new SSLKeyException
("Kerberos premaster secret error").initCause(e);
}
}
Example #21
| Source File: BasicKrb5Test.java From jdk8u_jdk with GNU General Public License v2.0 | 6 votes |
|
/**
* @param args empty or etype
*/
public static void main(String[] args)
throws Exception {
String etype = null;
for (String arg: args) {
if (arg.equals("-s")) Context.usingStream = true;
else if (arg.equals("-C")) conf = false;
else etype = arg;
}
// Creates and starts the KDC. This line must be put ahead of etype check
// since the check needs a krb5.conf.
try {
new OneKDC(etype).writeJAASConf();
} catch (KrbException ke) {
System.out.println("Testing etype " + etype + "Not supported.");
return;
}
new BasicKrb5Test().go(OneKDC.SERVER, OneKDC.BACKEND);
}
Example #22
| Source File: KerberosPreMasterSecret.java From openjdk-8 with GNU General Public License v2.0 | 6 votes |
|
/**
* Constructor used by client to generate premaster secret.
*
* Client randomly creates a pre-master secret and encrypts it
* using the Kerberos session key; only the server can decrypt
* it, using the session key available in the service ticket.
*
* @param protocolVersion used to set preMaster[0,1]
* @param generator random number generator for generating premaster secret
* @param sessionKey Kerberos session key for encrypting premaster secret
*/
KerberosPreMasterSecret(ProtocolVersion protocolVersion,
SecureRandom generator, EncryptionKey sessionKey) throws IOException {
if (sessionKey.getEType() ==
EncryptedData.ETYPE_DES3_CBC_HMAC_SHA1_KD) {
throw new IOException(
"session keys with des3-cbc-hmac-sha1-kd encryption type " +
"are not supported for TLS Kerberos cipher suites");
}
this.protocolVersion = protocolVersion;
preMaster = generatePreMaster(generator, protocolVersion);
// Encrypt premaster secret
try {
EncryptedData eData = new EncryptedData(sessionKey, preMaster,
KeyUsage.KU_UNKNOWN);
encrypted = eData.getBytes(); // not ASN.1 encoded.
} catch (KrbException e) {
throw (SSLKeyException)new SSLKeyException
("Kerberos premaster secret error").initCause(e);
}
}
Example #23
| Source File: HostAddresses.java From jdk8u_jdk with GNU General Public License v2.0 | 6 votes |
|
public HostAddresses(PrincipalName serverPrincipal)
throws UnknownHostException, KrbException {
String[] components = serverPrincipal.getNameStrings();
if (serverPrincipal.getNameType() != PrincipalName.KRB_NT_SRV_HST ||
components.length < 2)
throw new KrbException(Krb5.KRB_ERR_GENERIC, "Bad name");
String host = components[1];
InetAddress addr[] = InetAddress.getAllByName(host);
HostAddress hAddrs[] = new HostAddress[addr.length];
for (int i = 0; i < addr.length; i++) {
hAddrs[i] = new HostAddress(addr[i]);
}
addresses = hAddrs;
}
Example #24
| Source File: KerberosPreMasterSecret.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 6 votes |
|
/**
* Constructor used by client to generate premaster secret.
*
* Client randomly creates a pre-master secret and encrypts it
* using the Kerberos session key; only the server can decrypt
* it, using the session key available in the service ticket.
*
* @param protocolVersion used to set preMaster[0,1]
* @param generator random number generator for generating premaster secret
* @param sessionKey Kerberos session key for encrypting premaster secret
*/
KerberosPreMasterSecret(ProtocolVersion protocolVersion,
SecureRandom generator, EncryptionKey sessionKey) throws IOException {
if (sessionKey.getEType() ==
EncryptedData.ETYPE_DES3_CBC_HMAC_SHA1_KD) {
throw new IOException(
"session keys with des3-cbc-hmac-sha1-kd encryption type " +
"are not supported for TLS Kerberos cipher suites");
}
this.protocolVersion = protocolVersion;
preMaster = generatePreMaster(generator, protocolVersion);
// Encrypt premaster secret
try {
EncryptedData eData = new EncryptedData(sessionKey, preMaster,
KeyUsage.KU_UNKNOWN);
encrypted = eData.getBytes(); // not ASN.1 encoded.
} catch (KrbException e) {
throw (SSLKeyException)new SSLKeyException
("Kerberos premaster secret error").initCause(e);
}
}
Example #25
| Source File: KerberosTime.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 6 votes |
|
public static int getDefaultSkew() {
int tdiff = Krb5.DEFAULT_ALLOWABLE_CLOCKSKEW;
try {
if ((tdiff = Config.getInstance().getIntValue(
"libdefaults", "clockskew"))
== Integer.MIN_VALUE) { //value is not defined
tdiff = Krb5.DEFAULT_ALLOWABLE_CLOCKSKEW;
}
} catch (KrbException e) {
if (DEBUG) {
System.out.println("Exception in getting clockskew from " +
"Configuration " +
"using default value " +
e.getMessage());
}
}
return tdiff;
}
Example #26
| Source File: CksumType.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 6 votes |
|
/**
* Returns default checksum type.
*/
public static CksumType getInstance() throws KdcErrException {
// this method provided for Kerberos applications.
int cksumType = Checksum.CKSUMTYPE_RSA_MD5; // default
try {
Config c = Config.getInstance();
if ((cksumType = (Config.getType(c.get("libdefaults",
"ap_req_checksum_type")))) == - 1) {
if ((cksumType = Config.getType(c.get("libdefaults",
"checksum_type"))) == -1) {
cksumType = Checksum.CKSUMTYPE_RSA_MD5; // default
}
}
} catch (KrbException e) {
}
return getInstance(cksumType);
}
Example #27
| Source File: EType.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 6 votes |
|
/**
* Retrieves the default etypes from the configuration file, or
* if that's not available, return the built-in list of default etypes.
* This result is always non-empty. If no etypes are found,
* an exception is thrown.
*/
public static int[] getDefaults(String configName)
throws KrbException {
Config config = null;
try {
config = Config.getInstance();
} catch (KrbException exc) {
if (DEBUG) {
System.out.println("Exception while getting " +
configName + exc.getMessage());
System.out.println("Using default builtin etypes");
}
return getBuiltInDefaults();
}
return config.defaultEtype(configName);
}
Example #28
| Source File: KerberosTime.java From jdk8u-dev-jdk with GNU General Public License v2.0 | 6 votes |
|
public static int getDefaultSkew() {
int tdiff = Krb5.DEFAULT_ALLOWABLE_CLOCKSKEW;
try {
if ((tdiff = Config.getInstance().getIntValue(
"libdefaults", "clockskew"))
== Integer.MIN_VALUE) { //value is not defined
tdiff = Krb5.DEFAULT_ALLOWABLE_CLOCKSKEW;
}
} catch (KrbException e) {
if (DEBUG) {
System.out.println("Exception in getting clockskew from " +
"Configuration " +
"using default value " +
e.getMessage());
}
}
return tdiff;
}
Example #29
| Source File: KerberosTime.java From openjdk-8-source with GNU General Public License v2.0 | 6 votes |
|
public static int getDefaultSkew() {
int tdiff = Krb5.DEFAULT_ALLOWABLE_CLOCKSKEW;
try {
if ((tdiff = Config.getInstance().getIntValue(
"libdefaults", "clockskew"))
== Integer.MIN_VALUE) { //value is not defined
tdiff = Krb5.DEFAULT_ALLOWABLE_CLOCKSKEW;
}
} catch (KrbException e) {
if (DEBUG) {
System.out.println("Exception in getting clockskew from " +
"Configuration " +
"using default value " +
e.getMessage());
}
}
return tdiff;
}
Example #30
| Source File: KerberosPreMasterSecret.java From jdk8u-dev-jdk with GNU General Public License v2.0 | 6 votes |
|
/**
* Constructor used by client to generate premaster secret.
*
* Client randomly creates a pre-master secret and encrypts it
* using the Kerberos session key; only the server can decrypt
* it, using the session key available in the service ticket.
*
* @param protocolVersion used to set preMaster[0,1]
* @param generator random number generator for generating premaster secret
* @param sessionKey Kerberos session key for encrypting premaster secret
*/
KerberosPreMasterSecret(ProtocolVersion protocolVersion,
SecureRandom generator, EncryptionKey sessionKey) throws IOException {
if (sessionKey.getEType() ==
EncryptedData.ETYPE_DES3_CBC_HMAC_SHA1_KD) {
throw new IOException(
"session keys with des3-cbc-hmac-sha1-kd encryption type " +
"are not supported for TLS Kerberos cipher suites");
}
this.protocolVersion = protocolVersion;
preMaster = generatePreMaster(generator, protocolVersion);
// Encrypt premaster secret
try {
EncryptedData eData = new EncryptedData(sessionKey, preMaster,
KeyUsage.KU_UNKNOWN);
encrypted = eData.getBytes(); // not ASN.1 encoded.
} catch (KrbException e) {
throw (SSLKeyException)new SSLKeyException
("Kerberos premaster secret error").initCause(e);
}
}
