Java Code Examples for org.ietf.jgss.GSSContext#acceptSecContext()
The following examples show how to use
org.ietf.jgss.GSSContext#acceptSecContext() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: MechTokenMissing.java From openjdk-8 with GNU General Public License v2.0 | 6 votes |
|
public static void main(String[] args) throws Exception {
GSSCredential cred = null;
GSSContext ctx = GSSManager.getInstance().createContext(cred);
String var =
/*0000*/ "60 1C 06 06 2B 06 01 05 05 02 A0 12 30 10 A0 0E " +
/*0010*/ "30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A ";
byte[] token = new byte[var.length()/3];
for (int i=0; i<token.length; i++) {
token[i] = Integer.valueOf(var.substring(3*i,3*i+2), 16).byteValue();
}
try {
ctx.acceptSecContext(token, 0, token.length);
} catch (GSSException gsse) {
System.out.println("Expected exception: " + gsse);
}
}
Example 2
| Source File: MechTokenMissing.java From dragonwell8_jdk with GNU General Public License v2.0 | 6 votes |
|
public static void main(String[] args) throws Exception {
GSSCredential cred = null;
GSSContext ctx = GSSManager.getInstance().createContext(cred);
String var =
/*0000*/ "60 1C 06 06 2B 06 01 05 05 02 A0 12 30 10 A0 0E " +
/*0010*/ "30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A ";
byte[] token = new byte[var.length()/3];
for (int i=0; i<token.length; i++) {
token[i] = Integer.valueOf(var.substring(3*i,3*i+2), 16).byteValue();
}
try {
ctx.acceptSecContext(token, 0, token.length);
} catch (GSSException gsse) {
System.out.println("Expected exception: " + gsse);
}
}
Example 3
| Source File: MechTokenMissing.java From openjdk-8-source with GNU General Public License v2.0 | 6 votes |
|
public static void main(String[] args) throws Exception {
GSSCredential cred = null;
GSSContext ctx = GSSManager.getInstance().createContext(cred);
String var =
/*0000*/ "60 1C 06 06 2B 06 01 05 05 02 A0 12 30 10 A0 0E " +
/*0010*/ "30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A ";
byte[] token = new byte[var.length()/3];
for (int i=0; i<token.length; i++) {
token[i] = Integer.valueOf(var.substring(3*i,3*i+2), 16).byteValue();
}
try {
ctx.acceptSecContext(token, 0, token.length);
} catch (GSSException gsse) {
System.out.println("Expected exception: " + gsse);
}
}
Example 4
| Source File: MechTokenMissing.java From jdk8u-jdk with GNU General Public License v2.0 | 6 votes |
|
public static void main(String[] args) throws Exception {
GSSCredential cred = null;
GSSContext ctx = GSSManager.getInstance().createContext(cred);
String var =
/*0000*/ "60 1C 06 06 2B 06 01 05 05 02 A0 12 30 10 A0 0E " +
/*0010*/ "30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A ";
byte[] token = new byte[var.length()/3];
for (int i=0; i<token.length; i++) {
token[i] = Integer.valueOf(var.substring(3*i,3*i+2), 16).byteValue();
}
try {
ctx.acceptSecContext(token, 0, token.length);
} catch (GSSException gsse) {
System.out.println("Expected exception: " + gsse);
}
}
Example 5
| Source File: MechTokenMissing.java From hottub with GNU General Public License v2.0 | 6 votes |
|
public static void main(String[] args) throws Exception {
GSSCredential cred = null;
GSSContext ctx = GSSManager.getInstance().createContext(cred);
String var =
/*0000*/ "60 1C 06 06 2B 06 01 05 05 02 A0 12 30 10 A0 0E " +
/*0010*/ "30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A ";
byte[] token = new byte[var.length()/3];
for (int i=0; i<token.length; i++) {
token[i] = Integer.valueOf(var.substring(3*i,3*i+2), 16).byteValue();
}
try {
ctx.acceptSecContext(token, 0, token.length);
} catch (GSSException gsse) {
System.out.println("Expected exception: " + gsse);
}
}
Example 6
| Source File: MechTokenMissing.java From jdk8u60 with GNU General Public License v2.0 | 6 votes |
|
public static void main(String[] args) throws Exception {
GSSCredential cred = null;
GSSContext ctx = GSSManager.getInstance().createContext(cred);
String var =
/*0000*/ "60 1C 06 06 2B 06 01 05 05 02 A0 12 30 10 A0 0E " +
/*0010*/ "30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A ";
byte[] token = new byte[var.length()/3];
for (int i=0; i<token.length; i++) {
token[i] = Integer.valueOf(var.substring(3*i,3*i+2), 16).byteValue();
}
try {
ctx.acceptSecContext(token, 0, token.length);
} catch (GSSException gsse) {
System.out.println("Expected exception: " + gsse);
}
}
Example 7
| Source File: MechTokenMissing.java From jdk8u-dev-jdk with GNU General Public License v2.0 | 6 votes |
|
public static void main(String[] args) throws Exception {
GSSCredential cred = null;
GSSContext ctx = GSSManager.getInstance().createContext(cred);
String var =
/*0000*/ "60 1C 06 06 2B 06 01 05 05 02 A0 12 30 10 A0 0E " +
/*0010*/ "30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A ";
byte[] token = new byte[var.length()/3];
for (int i=0; i<token.length; i++) {
token[i] = Integer.valueOf(var.substring(3*i,3*i+2), 16).byteValue();
}
try {
ctx.acceptSecContext(token, 0, token.length);
} catch (GSSException gsse) {
System.out.println("Expected exception: " + gsse);
}
}
Example 8
| Source File: MechTokenMissing.java From openjdk-jdk8u with GNU General Public License v2.0 | 6 votes |
|
public static void main(String[] args) throws Exception {
GSSCredential cred = null;
GSSContext ctx = GSSManager.getInstance().createContext(cred);
String var =
/*0000*/ "60 1C 06 06 2B 06 01 05 05 02 A0 12 30 10 A0 0E " +
/*0010*/ "30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A ";
byte[] token = new byte[var.length()/3];
for (int i=0; i<token.length; i++) {
token[i] = Integer.valueOf(var.substring(3*i,3*i+2), 16).byteValue();
}
try {
ctx.acceptSecContext(token, 0, token.length);
} catch (GSSException gsse) {
System.out.println("Expected exception: " + gsse);
}
}
Example 9
| Source File: MechTokenMissing.java From jdk8u-jdk with GNU General Public License v2.0 | 6 votes |
|
public static void main(String[] args) throws Exception {
GSSCredential cred = null;
GSSContext ctx = GSSManager.getInstance().createContext(cred);
String var =
/*0000*/ "60 1C 06 06 2B 06 01 05 05 02 A0 12 30 10 A0 0E " +
/*0010*/ "30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A ";
byte[] token = new byte[var.length()/3];
for (int i=0; i<token.length; i++) {
token[i] = Integer.valueOf(var.substring(3*i,3*i+2), 16).byteValue();
}
try {
ctx.acceptSecContext(token, 0, token.length);
} catch (GSSException gsse) {
System.out.println("Expected exception: " + gsse);
}
}
Example 10
| Source File: MechTokenMissing.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 6 votes |
|
public static void main(String[] args) throws Exception {
GSSCredential cred = null;
GSSContext ctx = GSSManager.getInstance().createContext(cred);
String var =
/*0000*/ "60 1C 06 06 2B 06 01 05 05 02 A0 12 30 10 A0 0E " +
/*0010*/ "30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A ";
byte[] token = new byte[var.length()/3];
for (int i=0; i<token.length; i++) {
token[i] = Integer.valueOf(var.substring(3*i,3*i+2), 16).byteValue();
}
try {
ctx.acceptSecContext(token, 0, token.length);
} catch (GSSException gsse) {
System.out.println("Expected exception: " + gsse);
}
}
Example 11
| Source File: MechTokenMissing.java From openjdk-jdk9 with GNU General Public License v2.0 | 6 votes |
|
public static void main(String[] args) throws Exception {
GSSCredential cred = null;
GSSContext ctx = GSSManager.getInstance().createContext(cred);
String var =
/*0000*/ "60 1C 06 06 2B 06 01 05 05 02 A0 12 30 10 A0 0E " +
/*0010*/ "30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A ";
byte[] token = new byte[var.length()/3];
for (int i=0; i<token.length; i++) {
token[i] = Integer.valueOf(var.substring(3*i,3*i+2), 16).byteValue();
}
try {
ctx.acceptSecContext(token, 0, token.length);
} catch (GSSException gsse) {
System.out.println("Expected exception: " + gsse);
}
}
Example 12
| Source File: MSOID.java From hottub with GNU General Public License v2.0 | 5 votes |
|
public static void main(String[] args) throws Exception {
// msoid.txt is a NegTokenInit packet sent from Internet Explorer to
// IIS server on a test machine. No sensitive info included.
byte[] header = Files.readAllBytes(
Paths.get(System.getProperty("test.src"), "msoid.txt"));
byte[] token = Base64.getMimeDecoder().decode(
Arrays.copyOfRange(header, 10, header.length));
GSSCredential cred = null;
GSSContext ctx = GSSManager.getInstance().createContext(cred);
try {
ctx.acceptSecContext(token, 0, token.length);
// Before the fix, GSS_KRB5_MECH_OID_MS is not recognized
// and acceptor chooses another mech and goes on
throw new Exception("Should fail");
} catch (GSSException gsse) {
// After the fix, GSS_KRB5_MECH_OID_MS is recognized but the token
// cannot be accepted because we don't have any krb5 credential.
gsse.printStackTrace();
if (gsse.getMajor() != GSSException.NO_CRED) {
throw gsse;
}
for (StackTraceElement st: gsse.getStackTrace()) {
if (st.getClassName().startsWith("sun.security.jgss.krb5.")) {
// Good, it is already in krb5 mech's hand.
return;
}
}
throw gsse;
}
}
Example 13
| Source File: MSOID.java From openjdk-jdk9 with GNU General Public License v2.0 | 5 votes |
|
public static void main(String[] args) throws Exception {
// msoid.txt is a NegTokenInit packet sent from Internet Explorer to
// IIS server on a test machine. No sensitive info included.
byte[] header = Files.readAllBytes(
Paths.get(System.getProperty("test.src"), "msoid.txt"));
byte[] token = Base64.getMimeDecoder().decode(
Arrays.copyOfRange(header, 10, header.length));
GSSCredential cred = null;
GSSContext ctx = GSSManager.getInstance().createContext(cred);
try {
ctx.acceptSecContext(token, 0, token.length);
// Before the fix, GSS_KRB5_MECH_OID_MS is not recognized
// and acceptor chooses another mech and goes on
throw new Exception("Should fail");
} catch (GSSException gsse) {
// After the fix, GSS_KRB5_MECH_OID_MS is recognized but the token
// cannot be accepted because we don't have any krb5 credential.
gsse.printStackTrace();
if (gsse.getMajor() != GSSException.NO_CRED) {
throw gsse;
}
for (StackTraceElement st: gsse.getStackTrace()) {
if (st.getClassName().startsWith("sun.security.jgss.krb5.")) {
// Good, it is already in krb5 mech's hand.
return;
}
}
throw gsse;
}
}
Example 14
| Source File: MSOID.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 5 votes |
|
public static void main(String[] args) throws Exception {
// msoid.txt is a NegTokenInit packet sent from Internet Explorer to
// IIS server on a test machine. No sensitive info included.
byte[] header = Files.readAllBytes(
Paths.get(System.getProperty("test.src"), "msoid.txt"));
byte[] token = Base64.getMimeDecoder().decode(
Arrays.copyOfRange(header, 10, header.length));
GSSCredential cred = null;
GSSContext ctx = GSSManager.getInstance().createContext(cred);
try {
ctx.acceptSecContext(token, 0, token.length);
// Before the fix, GSS_KRB5_MECH_OID_MS is not recognized
// and acceptor chooses another mech and goes on
throw new Exception("Should fail");
} catch (GSSException gsse) {
// After the fix, GSS_KRB5_MECH_OID_MS is recognized but the token
// cannot be accepted because we don't have any krb5 credential.
gsse.printStackTrace();
if (gsse.getMajor() != GSSException.NO_CRED) {
throw gsse;
}
for (StackTraceElement st: gsse.getStackTrace()) {
if (st.getClassName().startsWith("sun.security.jgss.krb5.")) {
// Good, it is already in krb5 mech's hand.
return;
}
}
throw gsse;
}
}
Example 15
| Source File: MSOID.java From openjdk-jdk8u with GNU General Public License v2.0 | 5 votes |
|
public static void main(String[] args) throws Exception {
// msoid.txt is a NegTokenInit packet sent from Internet Explorer to
// IIS server on a test machine. No sensitive info included.
byte[] header = Files.readAllBytes(
Paths.get(System.getProperty("test.src"), "msoid.txt"));
byte[] token = Base64.getMimeDecoder().decode(
Arrays.copyOfRange(header, 10, header.length));
GSSCredential cred = null;
GSSContext ctx = GSSManager.getInstance().createContext(cred);
try {
ctx.acceptSecContext(token, 0, token.length);
// Before the fix, GSS_KRB5_MECH_OID_MS is not recognized
// and acceptor chooses another mech and goes on
throw new Exception("Should fail");
} catch (GSSException gsse) {
// After the fix, GSS_KRB5_MECH_OID_MS is recognized but the token
// cannot be accepted because we don't have any krb5 credential.
gsse.printStackTrace();
if (gsse.getMajor() != GSSException.NO_CRED) {
throw gsse;
}
for (StackTraceElement st: gsse.getStackTrace()) {
if (st.getClassName().startsWith("sun.security.jgss.krb5.")) {
// Good, it is already in krb5 mech's hand.
return;
}
}
throw gsse;
}
}
Example 16
| Source File: MSOID.java From jdk8u60 with GNU General Public License v2.0 | 5 votes |
|
public static void main(String[] args) throws Exception {
// msoid.txt is a NegTokenInit packet sent from Internet Explorer to
// IIS server on a test machine. No sensitive info included.
byte[] header = Files.readAllBytes(
Paths.get(System.getProperty("test.src"), "msoid.txt"));
byte[] token = Base64.getMimeDecoder().decode(
Arrays.copyOfRange(header, 10, header.length));
GSSCredential cred = null;
GSSContext ctx = GSSManager.getInstance().createContext(cred);
try {
ctx.acceptSecContext(token, 0, token.length);
// Before the fix, GSS_KRB5_MECH_OID_MS is not recognized
// and acceptor chooses another mech and goes on
throw new Exception("Should fail");
} catch (GSSException gsse) {
// After the fix, GSS_KRB5_MECH_OID_MS is recognized but the token
// cannot be accepted because we don't have any krb5 credential.
gsse.printStackTrace();
if (gsse.getMajor() != GSSException.NO_CRED) {
throw gsse;
}
for (StackTraceElement st: gsse.getStackTrace()) {
if (st.getClassName().startsWith("sun.security.jgss.krb5.")) {
// Good, it is already in krb5 mech's hand.
return;
}
}
throw gsse;
}
}
Example 17
| Source File: MSOID.java From TencentKona-8 with GNU General Public License v2.0 | 5 votes |
|
public static void main(String[] args) throws Exception {
// msoid.txt is a NegTokenInit packet sent from Internet Explorer to
// IIS server on a test machine. No sensitive info included.
byte[] header = Files.readAllBytes(
Paths.get(System.getProperty("test.src"), "msoid.txt"));
byte[] token = Base64.getMimeDecoder().decode(
Arrays.copyOfRange(header, 10, header.length));
GSSCredential cred = null;
GSSContext ctx = GSSManager.getInstance().createContext(cred);
try {
ctx.acceptSecContext(token, 0, token.length);
// Before the fix, GSS_KRB5_MECH_OID_MS is not recognized
// and acceptor chooses another mech and goes on
throw new Exception("Should fail");
} catch (GSSException gsse) {
// After the fix, GSS_KRB5_MECH_OID_MS is recognized but the token
// cannot be accepted because we don't have any krb5 credential.
gsse.printStackTrace();
if (gsse.getMajor() != GSSException.NO_CRED) {
throw gsse;
}
for (StackTraceElement st: gsse.getStackTrace()) {
if (st.getClassName().startsWith("sun.security.jgss.krb5.")) {
// Good, it is already in krb5 mech's hand.
return;
}
}
throw gsse;
}
}
Example 18
| Source File: GSSAPIAuthenticationMechanism.java From lams with GNU General Public License v2.0 | 4 votes |
|
public AuthenticationMechanismOutcome run() throws GSSException {
NegotiationContext negContext = exchange.getAttachment(NegotiationContext.ATTACHMENT_KEY);
if (negContext == null) {
negContext = new NegotiationContext();
exchange.putAttachment(NegotiationContext.ATTACHMENT_KEY, negContext);
// Also cache it on the connection for future calls.
exchange.getConnection().putAttachment(NegotiationContext.ATTACHMENT_KEY, negContext);
}
GSSContext gssContext = negContext.getGssContext();
if (gssContext == null) {
GSSManager manager = GSSManager.getInstance();
GSSCredential credential = manager.createCredential(null, GSSCredential.INDEFINITE_LIFETIME, mechanisms, GSSCredential.ACCEPT_ONLY);
gssContext = manager.createContext(credential);
negContext.setGssContext(gssContext);
}
byte[] respToken = gssContext.acceptSecContext(challenge.array(), challenge.arrayOffset(), challenge.limit());
negContext.setResponseToken(respToken);
if (negContext.isEstablished()) {
if (respToken != null) {
// There will be no further challenge but we do have a token so set it here.
exchange.getResponseHeaders().add(WWW_AUTHENTICATE,
NEGOTIATE_PREFIX + FlexBase64.encodeString(respToken, false));
}
IdentityManager identityManager = securityContext.getIdentityManager();
final Account account = identityManager.verify(new GSSContextCredential(negContext.getGssContext()));
if (account != null) {
securityContext.authenticationComplete(account, name, false);
return AuthenticationMechanismOutcome.AUTHENTICATED;
} else {
return AuthenticationMechanismOutcome.NOT_AUTHENTICATED;
}
} else {
// This isn't a failure but as the context is not established another round trip with the client is needed.
return AuthenticationMechanismOutcome.NOT_AUTHENTICATED;
}
}
Example 19
| Source File: PropertyBasedSpnegoLoginService.java From calcite-avatica with Apache License 2.0 | 4 votes |
|
@Override public UserIdentity login(String username, Object credentials,
ServletRequest request) {
String encodedAuthToken = (String) credentials;
byte[] authToken = B64Code.decode(encodedAuthToken);
GSSManager manager = GSSManager.getInstance();
try {
// http://java.sun.com/javase/6/docs/technotes/guides/security/jgss/jgss-features.html
Oid spnegoOid = new Oid("1.3.6.1.5.5.2");
Oid krb5Oid = new Oid("1.2.840.113554.1.2.2");
GSSName gssName = manager.createName(serverPrincipal, null);
// CALCITE-1922 Providing both OIDs is the bug in Jetty we're working around. By specifying
// only one, we're requiring that clients *must* provide us the SPNEGO OID to authenticate
// via Kerberos which is wrong. Best as I can tell, the SPNEGO OID is meant as another
// layer of indirection (essentially is equivalent to setting the Kerberos OID).
GSSCredential serverCreds = manager.createCredential(gssName,
GSSCredential.INDEFINITE_LIFETIME, new Oid[] {krb5Oid, spnegoOid},
GSSCredential.ACCEPT_ONLY);
GSSContext gContext = manager.createContext(serverCreds);
if (gContext == null) {
LOG.debug("SpnegoUserRealm: failed to establish GSSContext");
} else {
while (!gContext.isEstablished()) {
authToken = gContext.acceptSecContext(authToken, 0, authToken.length);
}
if (gContext.isEstablished()) {
String clientName = gContext.getSrcName().toString();
String role = clientName.substring(clientName.indexOf('@') + 1);
LOG.debug("SpnegoUserRealm: established a security context");
LOG.debug("Client Principal is: {}", gContext.getSrcName());
LOG.debug("Server Principal is: {}", gContext.getTargName());
LOG.debug("Client Default Role: {}", role);
SpnegoUserPrincipal user = new SpnegoUserPrincipal(clientName, authToken);
Subject subject = new Subject();
subject.getPrincipals().add(user);
return _identityService.newUserIdentity(subject, user, new String[]{role});
}
}
} catch (GSSException gsse) {
LOG.warn("Caught GSSException trying to authenticate the client", gsse);
}
return null;
}
Example 20
| Source File: DrillSpnegoLoginService.java From Bats with Apache License 2.0 | 4 votes |
|
private UserIdentity spnegoLogin(Object credentials) {
String encodedAuthToken = (String) credentials;
byte[] authToken = B64Code.decode(encodedAuthToken);
GSSManager manager = GSSManager.getInstance();
try {
// Providing both OID's is required here. If we provide only one,
// we're requiring that clients provide us the SPNEGO OID to authenticate via Kerberos.
Oid[] knownOids = new Oid[2];
knownOids[0] = new Oid("1.3.6.1.5.5.2"); // spnego
knownOids[1] = new Oid("1.2.840.113554.1.2.2"); // kerberos
GSSName gssName = manager.createName(spnegoConfig.getSpnegoPrincipal(), null);
GSSCredential serverCreds = manager.createCredential(gssName, GSSCredential.INDEFINITE_LIFETIME,
knownOids, GSSCredential.ACCEPT_ONLY);
GSSContext gContext = manager.createContext(serverCreds);
if (gContext == null) {
logger.debug("SPNEGOUserRealm: failed to establish GSSContext");
} else {
while (!gContext.isEstablished()) {
authToken = gContext.acceptSecContext(authToken, 0, authToken.length);
}
if (gContext.isEstablished()) {
final String clientName = gContext.getSrcName().toString();
final String realm = clientName.substring(clientName.indexOf(64) + 1);
// Get the client user short name
final String userShortName = new HadoopKerberosName(clientName).getShortName();
logger.debug("Client Name: {}, realm: {} and shortName: {}", clientName, realm, userShortName);
final SystemOptionManager sysOptions = drillContext.getOptionManager();
final boolean isAdmin = ImpersonationUtil.hasAdminPrivileges(userShortName,
ExecConstants.ADMIN_USERS_VALIDATOR.getAdminUsers(sysOptions),
ExecConstants.ADMIN_USER_GROUPS_VALIDATOR.getAdminUserGroups(sysOptions));
final Principal user = new DrillUserPrincipal(userShortName, isAdmin);
final Subject subject = new Subject();
subject.getPrincipals().add(user);
if (isAdmin) {
return this._identityService.newUserIdentity(subject, user, DrillUserPrincipal.ADMIN_USER_ROLES);
} else {
return this._identityService.newUserIdentity(subject, user, DrillUserPrincipal.NON_ADMIN_USER_ROLES);
}
}
}
} catch (GSSException gsse) {
logger.warn("Caught GSSException trying to authenticate the client", gsse);
} catch (IOException ex) {
logger.warn("Caught IOException trying to get shortName of client user", ex);
}
return null;
}
