1. 包列表
  2. 类列表
  3. org.ietf.jgss.GSSCredential

Java 类org.ietf.jgss.GSSCredential 实例源码

项目:openjdk-jdk10    文件:MechTokenMissing.java    
public static void main(String[] args) throws Exception {
    GSSCredential cred = null;
    GSSContext ctx = GSSManager.getInstance().createContext(cred);

    String var =
        /*0000*/ "60 1C 06 06 2B 06 01 05 05 02 A0 12 30 10 A0 0E " +
        /*0010*/ "30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A ";
    byte[] token = new byte[var.length()/3];
    for (int i=0; i<token.length; i++) {
        token[i] = Integer.valueOf(var.substring(3*i,3*i+2), 16).byteValue();
    }
    try {
        ctx.acceptSecContext(token, 0, token.length);
    } catch (GSSException gsse) {
        System.out.println("Expected exception: " + gsse);
    }
}
项目:openjdk-jdk10    文件:KrbCredSubKey.java    
public static void main(String[] args) throws Exception {

        // We don't care about clock difference
        new FileOutputStream("krb5.conf").write(
                "[libdefaults]\nclockskew=999999999".getBytes());
        System.setProperty("java.security.krb5.conf", "krb5.conf");
        Config.refresh();

        Subject subj = new Subject();
        KerberosPrincipal kp = new KerberosPrincipal(princ);
        KerberosKey kk = new KerberosKey(
                kp, key, EncryptedData.ETYPE_AES128_CTS_HMAC_SHA1_96, 0);
        subj.getPrincipals().add(kp);
        subj.getPrivateCredentials().add(kk);

        Subject.doAs(subj, new PrivilegedExceptionAction() {
            public Object run() throws Exception {
                GSSManager man = GSSManager.getInstance();
                GSSContext ctxt = man.createContext(man.createCredential(
                        null, GSSCredential.INDEFINITE_LIFETIME,
                        GSSUtil.GSS_KRB5_MECH_OID, GSSCredential.ACCEPT_ONLY));
                return ctxt.acceptSecContext(token, 0, token.length);
            }
        });
    }
项目:lookaside_java-1.8.0-openjdk    文件:Context.java    
/**
 * Starts as a server with the specified service name
 * @param name the service name
 * @param mech GSS mech
 * @throws java.lang.Exception
 */
public void startAsServer(final String name, final Oid mech, final boolean asInitiator) throws Exception {
    doAs(new Action() {
        @Override
        public byte[] run(Context me, byte[] dummy) throws Exception {
            GSSManager m = GSSManager.getInstance();
            me.cred = m.createCredential(
                    name == null ? null :
                      (name.indexOf('@') < 0 ?
                        m.createName(name, null) :
                        m.createName(name, GSSName.NT_HOSTBASED_SERVICE)),
                    GSSCredential.INDEFINITE_LIFETIME,
                    mech,
                    asInitiator?
                            GSSCredential.INITIATE_AND_ACCEPT:
                            GSSCredential.ACCEPT_ONLY);
            me.x = (ExtendedGSSContext)m.createContext(me.cred);
            return null;
        }
    }, null);
}
项目:tomcat7    文件:GenericPrincipal.java    
/**
 * Construct a new Principal, associated with the specified Realm, for the
 * specified username and password, with the specified role names
 * (as Strings).
 *
 * @param name The username of the user represented by this Principal
 * @param password Credentials used to authenticate this user
 * @param roles List of roles (must be Strings) possessed by this user
 * @param userPrincipal - the principal to be returned from the request 
 *        getUserPrincipal call if not null; if null, this will be returned
 * @param loginContext  - If provided, this will be used to log out the user
 *        at the appropriate time
 * @param gssCredential - If provided, the user&apos;s delegated credentials
 */
public GenericPrincipal(String name, String password, List<String> roles,
        Principal userPrincipal, LoginContext loginContext,
        GSSCredential gssCredential) {
    super();
    this.name = name;
    this.password = password;
    this.userPrincipal = userPrincipal;
    if (roles != null) {
        this.roles = new String[roles.size()];
        this.roles = roles.toArray(this.roles);
        if (this.roles.length > 1)
            Arrays.sort(this.roles);
    }
    this.loginContext = loginContext;
    this.gssCredential = gssCredential;
}
项目:monarch    文件:KerberosTicketOperations.java    
public static String validateServiceTicket(Subject subject, final byte[] serviceTicket)
    throws GSSException, IllegalAccessException, NoSuchFieldException, ClassNotFoundException,
    PrivilegedActionException {
  // Kerberos version 5 OID
  Oid krb5Oid = KerberosUtils.getOidInstance("GSS_KRB5_MECH_OID");


  // Accept the context and return the client principal name.
  return Subject.doAs(subject, new PrivilegedExceptionAction<String>() {

    @Override
    public String run() throws Exception {
      String clientName = null;
      // Identify the server that communications are being made to.
      GSSManager manager = GSSManager.getInstance();
      GSSContext context = manager.createContext((GSSCredential) null);
      context.acceptSecContext(serviceTicket, 0, serviceTicket.length);
      clientName = context.getSrcName().toString();
      return clientName;
    }
  });
}
项目:apache-tomcat-7.0.73-with-comment    文件:GenericPrincipal.java    
/**
 * Construct a new Principal, associated with the specified Realm, for the
 * specified username and password, with the specified role names
 * (as Strings).
 *
 * @param name The username of the user represented by this Principal
 * @param password Credentials used to authenticate this user
 * @param roles List of roles (must be Strings) possessed by this user
 * @param userPrincipal - the principal to be returned from the request 
 *        getUserPrincipal call if not null; if null, this will be returned
 * @param loginContext  - If provided, this will be used to log out the user
 *        at the appropriate time
 * @param gssCredential - If provided, the user&apos;s delegated credentials
 */
public GenericPrincipal(String name, String password, List<String> roles,
        Principal userPrincipal, LoginContext loginContext,
        GSSCredential gssCredential) {
    super();
    this.name = name;
    this.password = password;
    this.userPrincipal = userPrincipal;
    if (roles != null) {
        this.roles = new String[roles.size()];
        this.roles = roles.toArray(this.roles);
        if (this.roles.length > 1)
            Arrays.sort(this.roles);
    }
    this.loginContext = loginContext;
    this.gssCredential = gssCredential;
}
项目:jdk8u-jdk    文件:MechTokenMissing.java    
public static void main(String[] args) throws Exception {
    GSSCredential cred = null;
    GSSContext ctx = GSSManager.getInstance().createContext(cred);

    String var =
        /*0000*/ "60 1C 06 06 2B 06 01 05 05 02 A0 12 30 10 A0 0E " +
        /*0010*/ "30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A ";
    byte[] token = new byte[var.length()/3];
    for (int i=0; i<token.length; i++) {
        token[i] = Integer.valueOf(var.substring(3*i,3*i+2), 16).byteValue();
    }
    try {
        ctx.acceptSecContext(token, 0, token.length);
    } catch (GSSException gsse) {
        System.out.println("Expected exception: " + gsse);
    }
}
项目:jdk8u-jdk    文件:KrbCredSubKey.java    
public static void main(String[] args) throws Exception {

        // We don't care about clock difference
        new FileOutputStream("krb5.conf").write(
                "[libdefaults]\nclockskew=999999999".getBytes());
        System.setProperty("java.security.krb5.conf", "krb5.conf");
        Config.refresh();

        Subject subj = new Subject();
        KerberosPrincipal kp = new KerberosPrincipal(princ);
        KerberosKey kk = new KerberosKey(
                kp, key, EncryptedData.ETYPE_AES128_CTS_HMAC_SHA1_96, 0);
        subj.getPrincipals().add(kp);
        subj.getPrivateCredentials().add(kk);

        Subject.doAs(subj, new PrivilegedExceptionAction() {
            public Object run() throws Exception {
                GSSManager man = GSSManager.getInstance();
                GSSContext ctxt = man.createContext(man.createCredential(
                        null, GSSCredential.INDEFINITE_LIFETIME,
                        GSSUtil.GSS_KRB5_MECH_OID, GSSCredential.ACCEPT_ONLY));
                return ctxt.acceptSecContext(token, 0, token.length);
            }
        });
    }
项目:jdk8u-jdk    文件:SpnegoLifeTime.java    
public static void main(String[] args) throws Exception {

        Oid oid = GSSUtil.GSS_SPNEGO_MECH_OID;
        new OneKDC(null).writeJAASConf();

        Context c, s;
        c = Context.fromJAAS("client");
        s = Context.fromJAAS("server");

        c.startAsClient(OneKDC.SERVER, oid);
        c.x().requestCredDeleg(true);
        s.startAsServer(oid);

        Context.handshake(c, s);

        GSSCredential cred = s.delegated().cred();
        cred.getRemainingInitLifetime(oid);
        cred.getUsage(oid);
    }
项目:jdk8u-jdk    文件:LifeTimeInSeconds.java    
public static void main(String[] args) throws Exception {
    new OneKDC(null).writeJAASConf();
    System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");

    GSSManager gm = GSSManager.getInstance();
    GSSCredential cred = gm.createCredential(GSSCredential.INITIATE_AND_ACCEPT);
    int time = cred.getRemainingLifetime();
    int time2 = cred.getRemainingInitLifetime(null);
    // The test KDC issues a TGT with a default lifetime of 11 hours
    int elevenhrs = 11*3600;
    if (time > elevenhrs+60 || time < elevenhrs-60) {
        throw new Exception("getRemainingLifetime returns wrong value.");
    }
    if (time2 > elevenhrs+60 || time2 < elevenhrs-60) {
        throw new Exception("getRemainingInitLifetime returns wrong value.");
    }
}
项目:jdk8u-jdk    文件:Context.java    
/**
 * Starts as a server with the specified service name
 * @param name the service name
 * @param mech GSS mech
 * @throws java.lang.Exception
 */
public void startAsServer(final String name, final Oid mech, final boolean asInitiator) throws Exception {
    doAs(new Action() {
        @Override
        public byte[] run(Context me, byte[] dummy) throws Exception {
            GSSManager m = GSSManager.getInstance();
            me.cred = m.createCredential(
                    name == null ? null :
                      (name.indexOf('@') < 0 ?
                        m.createName(name, null) :
                        m.createName(name, GSSName.NT_HOSTBASED_SERVICE)),
                    GSSCredential.INDEFINITE_LIFETIME,
                    mech,
                    asInitiator?
                            GSSCredential.INITIATE_AND_ACCEPT:
                            GSSCredential.ACCEPT_ONLY);
            me.x = (ExtendedGSSContext)m.createContext(me.cred);
            return null;
        }
    }, null);
}
项目:openjdk-jdk10    文件:SpnegoLifeTime.java    
public static void main(String[] args) throws Exception {

        Oid oid = GSSUtil.GSS_SPNEGO_MECH_OID;
        new OneKDC(null).writeJAASConf();

        Context c, s;
        c = Context.fromJAAS("client");
        s = Context.fromJAAS("server");

        c.startAsClient(OneKDC.SERVER, oid);
        c.x().requestCredDeleg(true);
        s.startAsServer(oid);

        Context.handshake(c, s);

        GSSCredential cred = s.delegated().cred();
        cred.getRemainingInitLifetime(oid);
        cred.getUsage(oid);
    }
项目:openjdk-jdk10    文件:LifeTimeInSeconds.java    
public static void main(String[] args) throws Exception {
    new OneKDC(null).writeJAASConf();
    System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");

    GSSManager gm = GSSManager.getInstance();
    GSSCredential cred = gm.createCredential(GSSCredential.INITIATE_AND_ACCEPT);
    int time = cred.getRemainingLifetime();
    int time2 = cred.getRemainingInitLifetime(null);
    // The test KDC issues a TGT with a default lifetime of 11 hours
    int elevenhrs = KDC.DEFAULT_LIFETIME;
    if (time > elevenhrs+60 || time < elevenhrs-60) {
        throw new Exception("getRemainingLifetime returns wrong value.");
    }
    if (time2 > elevenhrs+60 || time2 < elevenhrs-60) {
        throw new Exception("getRemainingInitLifetime returns wrong value.");
    }
}
项目:openjdk-jdk10    文件:Context.java    
/**
 * Starts as a server with the specified service name
 * @param name the service name
 * @param mech GSS mech
 * @throws java.lang.Exception
 */
public void startAsServer(final String name, final Oid mech, final boolean asInitiator) throws Exception {
    doAs(new Action() {
        @Override
        public byte[] run(Context me, byte[] dummy) throws Exception {
            GSSManager m = GSSManager.getInstance();
            me.cred = m.createCredential(
                    name == null ? null :
                      (name.indexOf('@') < 0 ?
                        m.createName(name, null) :
                        m.createName(name, GSSName.NT_HOSTBASED_SERVICE)),
                    GSSCredential.INDEFINITE_LIFETIME,
                    mech,
                    asInitiator?
                            GSSCredential.INITIATE_AND_ACCEPT:
                            GSSCredential.ACCEPT_ONLY);
            me.x = m.createContext(me.cred);
            return null;
        }
    }, null);
}
项目:openjdk9    文件:MechTokenMissing.java    
public static void main(String[] args) throws Exception {
    GSSCredential cred = null;
    GSSContext ctx = GSSManager.getInstance().createContext(cred);

    String var =
        /*0000*/ "60 1C 06 06 2B 06 01 05 05 02 A0 12 30 10 A0 0E " +
        /*0010*/ "30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A ";
    byte[] token = new byte[var.length()/3];
    for (int i=0; i<token.length; i++) {
        token[i] = Integer.valueOf(var.substring(3*i,3*i+2), 16).byteValue();
    }
    try {
        ctx.acceptSecContext(token, 0, token.length);
    } catch (GSSException gsse) {
        System.out.println("Expected exception: " + gsse);
    }
}
项目:openjdk9    文件:KrbCredSubKey.java    
public static void main(String[] args) throws Exception {

        // We don't care about clock difference
        new FileOutputStream("krb5.conf").write(
                "[libdefaults]\nclockskew=999999999".getBytes());
        System.setProperty("java.security.krb5.conf", "krb5.conf");
        Config.refresh();

        Subject subj = new Subject();
        KerberosPrincipal kp = new KerberosPrincipal(princ);
        KerberosKey kk = new KerberosKey(
                kp, key, EncryptedData.ETYPE_AES128_CTS_HMAC_SHA1_96, 0);
        subj.getPrincipals().add(kp);
        subj.getPrivateCredentials().add(kk);

        Subject.doAs(subj, new PrivilegedExceptionAction() {
            public Object run() throws Exception {
                GSSManager man = GSSManager.getInstance();
                GSSContext ctxt = man.createContext(man.createCredential(
                        null, GSSCredential.INDEFINITE_LIFETIME,
                        GSSUtil.GSS_KRB5_MECH_OID, GSSCredential.ACCEPT_ONLY));
                return ctxt.acceptSecContext(token, 0, token.length);
            }
        });
    }
项目:openjdk9    文件:SpnegoLifeTime.java    
public static void main(String[] args) throws Exception {

        Oid oid = GSSUtil.GSS_SPNEGO_MECH_OID;
        new OneKDC(null).writeJAASConf();

        Context c, s;
        c = Context.fromJAAS("client");
        s = Context.fromJAAS("server");

        c.startAsClient(OneKDC.SERVER, oid);
        c.x().requestCredDeleg(true);
        s.startAsServer(oid);

        Context.handshake(c, s);

        GSSCredential cred = s.delegated().cred();
        cred.getRemainingInitLifetime(oid);
        cred.getUsage(oid);
    }
项目:openjdk9    文件:LifeTimeInSeconds.java    
public static void main(String[] args) throws Exception {
    new OneKDC(null).writeJAASConf();
    System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");

    GSSManager gm = GSSManager.getInstance();
    GSSCredential cred = gm.createCredential(GSSCredential.INITIATE_AND_ACCEPT);
    int time = cred.getRemainingLifetime();
    int time2 = cred.getRemainingInitLifetime(null);
    // The test KDC issues a TGT with a default lifetime of 11 hours
    int elevenhrs = KDC.DEFAULT_LIFETIME;
    if (time > elevenhrs+60 || time < elevenhrs-60) {
        throw new Exception("getRemainingLifetime returns wrong value.");
    }
    if (time2 > elevenhrs+60 || time2 < elevenhrs-60) {
        throw new Exception("getRemainingInitLifetime returns wrong value.");
    }
}
项目:openjdk9    文件:Context.java    
/**
 * Starts as a server with the specified service name
 * @param name the service name
 * @param mech GSS mech
 * @throws java.lang.Exception
 */
public void startAsServer(final String name, final Oid mech, final boolean asInitiator) throws Exception {
    doAs(new Action() {
        @Override
        public byte[] run(Context me, byte[] dummy) throws Exception {
            GSSManager m = GSSManager.getInstance();
            me.cred = m.createCredential(
                    name == null ? null :
                      (name.indexOf('@') < 0 ?
                        m.createName(name, null) :
                        m.createName(name, GSSName.NT_HOSTBASED_SERVICE)),
                    GSSCredential.INDEFINITE_LIFETIME,
                    mech,
                    asInitiator?
                            GSSCredential.INITIATE_AND_ACCEPT:
                            GSSCredential.ACCEPT_ONLY);
            me.x = m.createContext(me.cred);
            return null;
        }
    }, null);
}
项目:jdk8u_jdk    文件:MechTokenMissing.java    
public static void main(String[] args) throws Exception {
    GSSCredential cred = null;
    GSSContext ctx = GSSManager.getInstance().createContext(cred);

    String var =
        /*0000*/ "60 1C 06 06 2B 06 01 05 05 02 A0 12 30 10 A0 0E " +
        /*0010*/ "30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A ";
    byte[] token = new byte[var.length()/3];
    for (int i=0; i<token.length; i++) {
        token[i] = Integer.valueOf(var.substring(3*i,3*i+2), 16).byteValue();
    }
    try {
        ctx.acceptSecContext(token, 0, token.length);
    } catch (GSSException gsse) {
        System.out.println("Expected exception: " + gsse);
    }
}
项目:jdk8u_jdk    文件:KrbCredSubKey.java    
public static void main(String[] args) throws Exception {

        // We don't care about clock difference
        new FileOutputStream("krb5.conf").write(
                "[libdefaults]\nclockskew=999999999".getBytes());
        System.setProperty("java.security.krb5.conf", "krb5.conf");
        Config.refresh();

        Subject subj = new Subject();
        KerberosPrincipal kp = new KerberosPrincipal(princ);
        KerberosKey kk = new KerberosKey(
                kp, key, EncryptedData.ETYPE_AES128_CTS_HMAC_SHA1_96, 0);
        subj.getPrincipals().add(kp);
        subj.getPrivateCredentials().add(kk);

        Subject.doAs(subj, new PrivilegedExceptionAction() {
            public Object run() throws Exception {
                GSSManager man = GSSManager.getInstance();
                GSSContext ctxt = man.createContext(man.createCredential(
                        null, GSSCredential.INDEFINITE_LIFETIME,
                        GSSUtil.GSS_KRB5_MECH_OID, GSSCredential.ACCEPT_ONLY));
                return ctxt.acceptSecContext(token, 0, token.length);
            }
        });
    }
项目:jdk8u_jdk    文件:SpnegoLifeTime.java    
public static void main(String[] args) throws Exception {

        Oid oid = GSSUtil.GSS_SPNEGO_MECH_OID;
        new OneKDC(null).writeJAASConf();

        Context c, s;
        c = Context.fromJAAS("client");
        s = Context.fromJAAS("server");

        c.startAsClient(OneKDC.SERVER, oid);
        c.x().requestCredDeleg(true);
        s.startAsServer(oid);

        Context.handshake(c, s);

        GSSCredential cred = s.delegated().cred();
        cred.getRemainingInitLifetime(oid);
        cred.getUsage(oid);
    }
项目:jdk8u_jdk    文件:LifeTimeInSeconds.java    
public static void main(String[] args) throws Exception {
    new OneKDC(null).writeJAASConf();
    System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");

    GSSManager gm = GSSManager.getInstance();
    GSSCredential cred = gm.createCredential(GSSCredential.INITIATE_AND_ACCEPT);
    int time = cred.getRemainingLifetime();
    int time2 = cred.getRemainingInitLifetime(null);
    // The test KDC issues a TGT with a default lifetime of 11 hours
    int elevenhrs = 11*3600;
    if (time > elevenhrs+60 || time < elevenhrs-60) {
        throw new Exception("getRemainingLifetime returns wrong value.");
    }
    if (time2 > elevenhrs+60 || time2 < elevenhrs-60) {
        throw new Exception("getRemainingInitLifetime returns wrong value.");
    }
}
项目:jdk8u_jdk    文件:Context.java    
/**
 * Starts as a server with the specified service name
 * @param name the service name
 * @param mech GSS mech
 * @throws java.lang.Exception
 */
public void startAsServer(final String name, final Oid mech, final boolean asInitiator) throws Exception {
    doAs(new Action() {
        @Override
        public byte[] run(Context me, byte[] dummy) throws Exception {
            GSSManager m = GSSManager.getInstance();
            me.cred = m.createCredential(
                    name == null ? null :
                      (name.indexOf('@') < 0 ?
                        m.createName(name, null) :
                        m.createName(name, GSSName.NT_HOSTBASED_SERVICE)),
                    GSSCredential.INDEFINITE_LIFETIME,
                    mech,
                    asInitiator?
                            GSSCredential.INITIATE_AND_ACCEPT:
                            GSSCredential.ACCEPT_ONLY);
            me.x = (ExtendedGSSContext)m.createContext(me.cred);
            return null;
        }
    }, null);
}
项目:identity-local-auth-iwa-kerberos    文件:IWAAuthenticationUtil.java    
/**
 * Process Kerberos token and get user name.
 *
 * @param gssToken GSS token
 * @return username Username of the logged in user if GSSToken can be decrypted correctly else return null
 * @throws GSSException
 */
public static String processToken(byte[] gssToken, GSSCredential gssCredentials) throws GSSException {
    GSSContext context = gssManager.createContext(gssCredentials);
    // Decrypt the kerberos ticket (GSS token)
    context.acceptSecContext(gssToken, 0, gssToken.length);

    // If we cannot decrypt the GSS Token properly we return the username as null.
    if (!context.isEstablished()) {
        log.error("Unable to decrypt the kerberos ticket as context was not established.");
        return null;
    }

    String loggedInUserName = context.getSrcName().toString();
    String target = context.getTargName().toString();

    if (log.isDebugEnabled()) {
        String msg = "Extracted details from GSS Token, LoggedIn User : " + loggedInUserName
                + " , Intended target : " + target;
        log.debug(msg);
    }

    return loggedInUserName;
}
项目:identity-local-auth-iwa-kerberos    文件:IWAAuthenticationUtil.java    
/**
 * Create GSSCredential as Subject
 *
 * @param subject login context subject
 * @return GSSCredential
 * @throws PrivilegedActionException
 */
private static GSSCredential createCredentialsForSubject(final Subject subject) throws PrivilegedActionException {
    final PrivilegedExceptionAction<GSSCredential> action = new PrivilegedExceptionAction<GSSCredential>() {
        public GSSCredential run() throws GSSException {
            return gssManager.createCredential(null, GSSCredential.INDEFINITE_LIFETIME,
                    GSSUtil.GSS_SPNEGO_MECH_OID, GSSCredential.ACCEPT_ONLY);
        }
    };

    if (log.isDebugEnabled()) {
        Set<Principal> principals = subject.getPrincipals();
        String principalName = null;
        if (principals != null) {
            principalName = principals.toString();
        }
        log.debug("Creating gss credentials as principal : " + principalName);
    }
    return Subject.doAs(subject, action);
}
项目:lookaside_java-1.8.0-openjdk    文件:MechTokenMissing.java    
public static void main(String[] args) throws Exception {
    GSSCredential cred = null;
    GSSContext ctx = GSSManager.getInstance().createContext(cred);

    String var =
        /*0000*/ "60 1C 06 06 2B 06 01 05 05 02 A0 12 30 10 A0 0E " +
        /*0010*/ "30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A ";
    byte[] token = new byte[var.length()/3];
    for (int i=0; i<token.length; i++) {
        token[i] = Integer.valueOf(var.substring(3*i,3*i+2), 16).byteValue();
    }
    try {
        ctx.acceptSecContext(token, 0, token.length);
    } catch (GSSException gsse) {
        System.out.println("Expected exception: " + gsse);
    }
}
项目:lookaside_java-1.8.0-openjdk    文件:KrbCredSubKey.java    
public static void main(String[] args) throws Exception {

        // We don't care about clock difference
        new FileOutputStream("krb5.conf").write(
                "[libdefaults]\nclockskew=999999999".getBytes());
        System.setProperty("java.security.krb5.conf", "krb5.conf");
        Config.refresh();

        Subject subj = new Subject();
        KerberosPrincipal kp = new KerberosPrincipal(princ);
        KerberosKey kk = new KerberosKey(
                kp, key, EncryptedData.ETYPE_AES128_CTS_HMAC_SHA1_96, 0);
        subj.getPrincipals().add(kp);
        subj.getPrivateCredentials().add(kk);

        Subject.doAs(subj, new PrivilegedExceptionAction() {
            public Object run() throws Exception {
                GSSManager man = GSSManager.getInstance();
                GSSContext ctxt = man.createContext(man.createCredential(
                        null, GSSCredential.INDEFINITE_LIFETIME,
                        GSSUtil.GSS_KRB5_MECH_OID, GSSCredential.ACCEPT_ONLY));
                return ctxt.acceptSecContext(token, 0, token.length);
            }
        });
    }
项目:lookaside_java-1.8.0-openjdk    文件:SpnegoLifeTime.java    
public static void main(String[] args) throws Exception {

        Oid oid = GSSUtil.GSS_SPNEGO_MECH_OID;
        new OneKDC(null).writeJAASConf();

        Context c, s;
        c = Context.fromJAAS("client");
        s = Context.fromJAAS("server");

        c.startAsClient(OneKDC.SERVER, oid);
        c.x().requestCredDeleg(true);
        s.startAsServer(oid);

        Context.handshake(c, s);

        GSSCredential cred = s.delegated().cred();
        cred.getRemainingInitLifetime(oid);
        cred.getUsage(oid);
    }
项目:lookaside_java-1.8.0-openjdk    文件:LifeTimeInSeconds.java    
public static void main(String[] args) throws Exception {
    new OneKDC(null).writeJAASConf();
    System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");

    GSSManager gm = GSSManager.getInstance();
    GSSCredential cred = gm.createCredential(GSSCredential.INITIATE_AND_ACCEPT);
    int time = cred.getRemainingLifetime();
    int time2 = cred.getRemainingInitLifetime(null);
    // The test KDC issues a TGT with a default lifetime of 11 hours
    int elevenhrs = 11*3600;
    if (time > elevenhrs+60 || time < elevenhrs-60) {
        throw new Exception("getRemainingLifetime returns wrong value.");
    }
    if (time2 > elevenhrs+60 || time2 < elevenhrs-60) {
        throw new Exception("getRemainingInitLifetime returns wrong value.");
    }
}
项目:spnego    文件:SpnegoProvider.java    
/**
 * Returns the GSS-API interface for creating a security context.
 * 
 * @param subject the person to be authenticated
 * @return GSSCredential to be used for creating a security context.
 * @throws PrivilegedActionException
 */
public static GSSCredential getClientCredential(final Subject subject)
    throws PrivilegedActionException {

    final PrivilegedExceptionAction<GSSCredential> action = 
        new PrivilegedExceptionAction<GSSCredential>() {
            public GSSCredential run() throws GSSException {
                return MANAGER.createCredential(
                    null
                    , GSSCredential.DEFAULT_LIFETIME
                    , SpnegoProvider.SPNEGO_OID
                    , GSSCredential.INITIATE_ONLY);
            } 
        };

    return Subject.doAs(subject, action);
}
项目:spnego    文件:SpnegoProvider.java    
/**
 * Returns the {@link GSSCredential} the server uses for pre-authentication.
 * 
 * @param subject account server uses for pre-authentication
 * @return credential that allows server to authenticate clients
 * @throws PrivilegedActionException
 */
static GSSCredential getServerCredential(final Subject subject)
    throws PrivilegedActionException {

    final PrivilegedExceptionAction<GSSCredential> action = 
        new PrivilegedExceptionAction<GSSCredential>() {
            public GSSCredential run() throws GSSException {
                return MANAGER.createCredential(
                    null
                    , GSSCredential.INDEFINITE_LIFETIME
                    , SpnegoProvider.SPNEGO_OID
                    , GSSCredential.ACCEPT_ONLY);
            } 
        };
    return Subject.doAs(subject, action);
}
项目:purecloud-iot    文件:GGSSchemeBase.java    
/**
 * @since 4.4
 */
protected byte[] generateGSSToken(
        final byte[] input, final Oid oid, final String authServer,
        final Credentials credentials) throws GSSException {
    byte[] inputBuff = input;
    if (inputBuff == null) {
        inputBuff = new byte[0];
    }
    final GSSManager manager = getManager();
    final GSSName serverName = manager.createName(service + "@" + authServer, GSSName.NT_HOSTBASED_SERVICE);

    final GSSCredential gssCredential;
    if (credentials instanceof KerberosCredentials) {
        gssCredential = ((KerberosCredentials) credentials).getGSSCredential();
    } else {
        gssCredential = null;
    }

    final GSSContext gssContext = manager.createContext(
            serverName.canonicalize(oid), oid, gssCredential, GSSContext.DEFAULT_LIFETIME);
    gssContext.requestMutualAuth(true);
    gssContext.requestCredDeleg(true);
    return gssContext.initSecContext(inputBuff, 0, inputBuff.length);
}
项目:TGS-REP    文件:Server.java    
private String acceptSecurityContext( final byte[] serviceTicket)
    throws GSSException {
  krb5Oid = new Oid( "1.2.840.113554.1.2.2");

  // Accept the context and return the client principal name.
  return Subject.doAs( subject, new PrivilegedAction<String>() {
    public String run() {
      try {
        // Identify the server that communications are being made to.
        GSSManager manager = GSSManager.getInstance();
        GSSContext context = manager.createContext( (GSSCredential) null);
        context.acceptSecContext( serviceTicket, 0, serviceTicket.length);
        return context.getSrcName().toString();
      }
      catch ( Exception e) {
        e.printStackTrace();
        return null;
      }
    }
  });
}
项目:elasticsearch-shield-kerberos-realm    文件:KerberizedClient.java    
GSSContext initGSS() throws Exception {
    final GSSManager MANAGER = GSSManager.getInstance();

    final PrivilegedExceptionAction<GSSCredential> action = new PrivilegedExceptionAction<GSSCredential>() {
        @Override
        public GSSCredential run() throws GSSException {
            return MANAGER.createCredential(null, GSSCredential.DEFAULT_LIFETIME, KrbConstants.SPNEGO, GSSCredential.INITIATE_ONLY);
        }
    };

    final GSSCredential clientcreds = Subject.doAs(initiatorSubject, action);

    final GSSContext context = MANAGER.createContext(MANAGER.createName(acceptorPrincipal, GSSName.NT_USER_NAME, KrbConstants.SPNEGO),
            KrbConstants.SPNEGO, clientcreds, GSSContext.DEFAULT_LIFETIME);

    //TODO make configurable
    context.requestMutualAuth(true);
    context.requestConf(true);
    context.requestInteg(true);
    context.requestReplayDet(true);
    context.requestSequenceDet(true);
    context.requestCredDeleg(false);

    return context;
}
项目:infobip-open-jdk-8    文件:MechTokenMissing.java    
public static void main(String[] args) throws Exception {
    GSSCredential cred = null;
    GSSContext ctx = GSSManager.getInstance().createContext(cred);

    String var =
        /*0000*/ "60 1C 06 06 2B 06 01 05 05 02 A0 12 30 10 A0 0E " +
        /*0010*/ "30 0C 06 0A 2B 06 01 04 01 82 37 02 02 0A ";
    byte[] token = new byte[var.length()/3];
    for (int i=0; i<token.length; i++) {
        token[i] = Integer.valueOf(var.substring(3*i,3*i+2), 16).byteValue();
    }
    try {
        ctx.acceptSecContext(token, 0, token.length);
    } catch (GSSException gsse) {
        System.out.println("Expected exception: " + gsse);
    }
}
项目:infobip-open-jdk-8    文件:KrbCredSubKey.java    
public static void main(String[] args) throws Exception {

        // We don't care about clock difference
        new FileOutputStream("krb5.conf").write(
                "[libdefaults]\nclockskew=999999999".getBytes());
        System.setProperty("java.security.krb5.conf", "krb5.conf");
        Config.refresh();

        Subject subj = new Subject();
        KerberosPrincipal kp = new KerberosPrincipal(princ);
        KerberosKey kk = new KerberosKey(
                kp, key, EncryptedData.ETYPE_AES128_CTS_HMAC_SHA1_96, 0);
        subj.getPrincipals().add(kp);
        subj.getPrivateCredentials().add(kk);

        Subject.doAs(subj, new PrivilegedExceptionAction() {
            public Object run() throws Exception {
                GSSManager man = GSSManager.getInstance();
                GSSContext ctxt = man.createContext(man.createCredential(
                        null, GSSCredential.INDEFINITE_LIFETIME,
                        GSSUtil.GSS_KRB5_MECH_OID, GSSCredential.ACCEPT_ONLY));
                return ctxt.acceptSecContext(token, 0, token.length);
            }
        });
    }
项目:infobip-open-jdk-8    文件:SpnegoLifeTime.java    
public static void main(String[] args) throws Exception {

        Oid oid = GSSUtil.GSS_SPNEGO_MECH_OID;
        new OneKDC(null).writeJAASConf();

        Context c, s;
        c = Context.fromJAAS("client");
        s = Context.fromJAAS("server");

        c.startAsClient(OneKDC.SERVER, oid);
        c.x().requestCredDeleg(true);
        s.startAsServer(oid);

        Context.handshake(c, s);

        GSSCredential cred = s.delegated().cred();
        cred.getRemainingInitLifetime(oid);
        cred.getUsage(oid);
    }
项目:infobip-open-jdk-8    文件:LifeTimeInSeconds.java    
public static void main(String[] args) throws Exception {
    new OneKDC(null).writeJAASConf();
    System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");

    GSSManager gm = GSSManager.getInstance();
    GSSCredential cred = gm.createCredential(GSSCredential.INITIATE_AND_ACCEPT);
    int time = cred.getRemainingLifetime();
    int time2 = cred.getRemainingInitLifetime(null);
    // The test KDC issues a TGT with a default lifetime of 11 hours
    int elevenhrs = 11*3600;
    if (time > elevenhrs+60 || time < elevenhrs-60) {
        throw new Exception("getRemainingLifetime returns wrong value.");
    }
    if (time2 > elevenhrs+60 || time2 < elevenhrs-60) {
        throw new Exception("getRemainingInitLifetime returns wrong value.");
    }
}
项目:infobip-open-jdk-8    文件:Context.java    
/**
 * Starts as a server with the specified service name
 * @param name the service name
 * @param mech GSS mech
 * @throws java.lang.Exception
 */
public void startAsServer(final String name, final Oid mech, final boolean asInitiator) throws Exception {
    doAs(new Action() {
        @Override
        public byte[] run(Context me, byte[] dummy) throws Exception {
            GSSManager m = GSSManager.getInstance();
            me.cred = m.createCredential(
                    name == null ? null :
                      (name.indexOf('@') < 0 ?
                        m.createName(name, null) :
                        m.createName(name, GSSName.NT_HOSTBASED_SERVICE)),
                    GSSCredential.INDEFINITE_LIFETIME,
                    mech,
                    asInitiator?
                            GSSCredential.INITIATE_AND_ACCEPT:
                            GSSCredential.ACCEPT_ONLY);
            me.x = (ExtendedGSSContext)m.createContext(me.cred);
            return null;
        }
    }, null);
}