本文整理汇总了Java中javax.security.auth.kerberos.KerberosTicket类的典型用法代码示例。如果您正苦于以下问题:Java KerberosTicket类的具体用法?Java KerberosTicket怎么用?Java KerberosTicket使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
KerberosTicket类属于javax.security.auth.kerberos包,在下文中一共展示了KerberosTicket类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: traceServiceTickets
import javax.security.auth.kerberos.KerberosTicket; //导入依赖的package包/类
public void traceServiceTickets() {
if (subject == null)
return;
Set<Object> creds = subject.getPrivateCredentials();
if (creds.size() == 0) {
log.debug("[" + getName() + "] No service tickets");
}
synchronized (creds) {
// The Subject's private credentials is a synchronizedSet
// We must manually synchronize when iterating through the set.
for (Object cred : creds) {
if (cred instanceof KerberosTicket) {
KerberosTicket ticket = (KerberosTicket) cred;
log.debug("[" + getName() + "] Service ticket " + "belonging to client principal ["
+ ticket.getClient().getName() + "] for server principal ["
+ ticket.getServer().getName() + "] End time=[" + ticket.getEndTime()
+ "] isCurrent=" + ticket.isCurrent());
}
}
}
}
示例2: getTicket
import javax.security.auth.kerberos.KerberosTicket; //导入依赖的package包/类
/**
* Retrieves the ticket corresponding to the client/server principal
* pair from the Subject in the specified AccessControlContext.
* If the ticket can not be found in the Subject, and if
* useSubjectCredsOnly is false, then obtain ticket from
* a LoginContext.
*/
static KerberosTicket getTicket(GSSCaller caller,
String clientPrincipal, String serverPrincipal,
AccessControlContext acc) throws LoginException {
// Try to get ticket from acc's Subject
Subject accSubj = Subject.getSubject(acc);
KerberosTicket ticket =
SubjectComber.find(accSubj, serverPrincipal, clientPrincipal,
KerberosTicket.class);
// Try to get ticket from Subject obtained from GSSUtil
if (ticket == null && !GSSUtil.useSubjectCredsOnly(caller)) {
Subject subject = GSSUtil.login(caller, GSSUtil.GSS_KRB5_MECH_OID);
ticket = SubjectComber.find(subject,
serverPrincipal, clientPrincipal, KerberosTicket.class);
}
return ticket;
}
示例3: credsToTicket
import javax.security.auth.kerberos.KerberosTicket; //导入依赖的package包/类
public static KerberosTicket credsToTicket(Credentials serviceCreds) {
EncryptionKey sessionKey = serviceCreds.getSessionKey();
return new KerberosTicket(
serviceCreds.getEncoded(),
new KerberosPrincipal(serviceCreds.getClient().getName()),
new KerberosPrincipal(serviceCreds.getServer().getName(),
KerberosPrincipal.KRB_NT_SRV_INST),
sessionKey.getBytes(),
sessionKey.getEType(),
serviceCreds.getFlags(),
serviceCreds.getAuthTime(),
serviceCreds.getStartTime(),
serviceCreds.getEndTime(),
serviceCreds.getRenewTill(),
serviceCreds.getClientAddresses());
}
示例4: init
import javax.security.auth.kerberos.KerberosTicket; //导入依赖的package包/类
/**
* Creates an instance of KerberosClientKeyExchange consisting of the
* Kerberos service ticket, authenticator and encrypted premaster secret.
* Called by client handshaker.
*
* @param serverName name of server with which to do handshake;
* this is used to get the Kerberos service ticket
* @param protocolVersion Maximum version supported by client (i.e,
* version it requested in client hello)
* @param rand random number generator to use for generating pre-master
* secret
*/
@Override
public void init(String serverName,
AccessControlContext acc, ProtocolVersion protocolVersion,
SecureRandom rand) throws IOException {
// Get service ticket
KerberosTicket ticket = getServiceTicket(serverName, acc);
encodedTicket = ticket.getEncoded();
// Record the Kerberos principals
peerPrincipal = ticket.getServer();
localPrincipal = ticket.getClient();
// Optional authenticator, encrypted using session key,
// currently ignored
// Generate premaster secret and encrypt it using session key
EncryptionKey sessionKey = new EncryptionKey(
ticket.getSessionKeyType(),
ticket.getSessionKey().getEncoded());
preMaster = new KerberosPreMasterSecret(protocolVersion,
rand, sessionKey);
}
示例5: validateSubject
import javax.security.auth.kerberos.KerberosTicket; //导入依赖的package包/类
private void validateSubject(Subject subject) {
Set<Object> set = subject.getPrivateCredentials();
boolean foundTGT = false;
if (set != null && set.size() > 0) {
for (Object obj : set) {
if (obj instanceof KerberosTicket) {
KerberosTicket kt = (KerberosTicket) obj;
String serverName = kt.getServer().getName();
if (serverName.startsWith(TGT_SERVER_NAME_PREFIX)) {
foundTGT = true;
}
}
}
}
if (!foundTGT) {
String errorMsg = null;
if (loadFromTicketCache) {
errorMsg = "Unable to load Kerberos TGT. Consider kinit.";
} else {
errorMsg = "Login failed for principal '" + userPrincipal + "' using keytab '" + keytabPath
+ "'. Specify correct keytab file path";
}
logger.error(errorMsg);
throw new AuthenticationFailedException(errorMsg);
}
}
示例6: main
import javax.security.auth.kerberos.KerberosTicket; //导入依赖的package包/类
public static void main(String[] args) throws Exception {
byte[] asn1Bytes = "asn1".getBytes();
KerberosPrincipal client = new KerberosPrincipal("client");
KerberosPrincipal server = new KerberosPrincipal("server");
byte[] keyBytes = "sessionKey".getBytes();
long originalTime = 12345678L;
Date inDate = new Date(originalTime);
boolean[] flags = new boolean[9];
flags[8] = true; // renewable
KerberosTicket t = new KerberosTicket(asn1Bytes, client, server,
keyBytes, 1 /*keyType*/, flags, inDate /*authTime*/,
inDate /*startTime*/, inDate /*endTime*/,
inDate /*renewTill*/, null /*clientAddresses*/);
inDate.setTime(0); // for testing the constructor
testDateImmutability(t, originalTime);
testS11nCompatibility(t); // S11n: Serialization
testDestroy(t);
}
示例7: testDateImmutability
import javax.security.auth.kerberos.KerberosTicket; //导入依赖的package包/类
private static void testDateImmutability(KerberosTicket t, long origTime)
throws Exception {
// test the constructor
System.out.println("Testing constructor...");
checkTime(t, origTime);
// test the getAuth/Start/EndTime() & getRenewTill() methods
System.out.println("Testing getAuth/Start/EndTime() & getRenewTill()...");
t.getAuthTime().setTime(0);
t.getStartTime().setTime(0);
t.getEndTime().setTime(0);
t.getRenewTill().setTime(0);
checkTime(t, origTime);
System.out.println("DateImmutability Test Passed");
}
示例8: testDestroy
import javax.security.auth.kerberos.KerberosTicket; //导入依赖的package包/类
private static void testDestroy(KerberosTicket t) throws Exception {
t.destroy();
if (!t.isDestroyed()) {
throw new RuntimeException("ticket should have been destroyed");
}
// Although these methods are meaningless, they can be called
for (Method m: KerberosTicket.class.getDeclaredMethods()) {
if (Modifier.isPublic(m.getModifiers())
&& m.getParameterCount() == 0) {
System.out.println("Testing " + m.getName() + "...");
try {
m.invoke(t);
} catch (InvocationTargetException e) {
Throwable cause = e.getCause();
if (cause instanceof RefreshFailedException ||
cause instanceof IllegalStateException) {
// this is OK
} else {
throw e;
}
}
}
}
System.out.println("Destroy Test Passed");
}
示例9: ExchangerImpl
import javax.security.auth.kerberos.KerberosTicket; //导入依赖的package包/类
ExchangerImpl(String serverName, AccessControlContext acc,
ProtocolVersion protocolVersion, SecureRandom rand) throws IOException {
// Get service ticket
KerberosTicket ticket = getServiceTicket(serverName, acc);
encodedTicket = ticket.getEncoded();
// Record the Kerberos principals
peerPrincipal = ticket.getServer();
localPrincipal = ticket.getClient();
// Optional authenticator, encrypted using session key,
// currently ignored
// Generate premaster secret and encrypt it using session key
EncryptionKey sessionKey = new EncryptionKey(
ticket.getSessionKeyType(),
ticket.getSessionKey().getEncoded());
preMaster = new KerberosPreMasterSecret(protocolVersion,
rand, sessionKey);
}
示例10: checkLogin
import javax.security.auth.kerberos.KerberosTicket; //导入依赖的package包/类
static void checkLogin(
String s1, // ticket_lifetime in krb5.conf, null if none
String s2, // renew_lifetime in krb5.conf, null if none
int t1, int t2 // expected lifetimes, -1 of unexpected
) throws Exception {
KDC.saveConfig(OneKDC.KRB5_CONF, kdc,
s1 != null ? ("ticket_lifetime = " + s1) : "",
s2 != null ? ("renew_lifetime = " + s2) : "");
Config.refresh();
Context c;
c = Context.fromJAAS("client");
Set<KerberosTicket> tickets =
c.s().getPrivateCredentials(KerberosTicket.class);
if (tickets.size() != 1) {
throw new Exception();
}
KerberosTicket ticket = tickets.iterator().next();
checkRough(ticket.getEndTime(), t1);
checkRough(ticket.getRenewTill(), t2);
}
示例11: main
import javax.security.auth.kerberos.KerberosTicket; //导入依赖的package包/类
public static void main(String[] args) throws Exception {
OneKDC kdc = new OneKDC(null);
KDC.saveConfig(OneKDC.KRB5_CONF, kdc,
"ticket_lifetime = 10s",
"renew_lifetime = 11s");
Config.refresh();
KerberosTicket ticket = Context
.fromUserPass(OneKDC.USER, OneKDC.PASS, false).s()
.getPrivateCredentials(KerberosTicket.class).iterator().next();
System.out.println(ticket);
Asserts.assertTrue(ticket.getRenewTill() != null, ticket.toString());
Thread.sleep(2000);
ticket.refresh();
System.out.println(ticket);
Asserts.assertTrue(ticket.getRenewTill() == null, ticket.toString());
Thread.sleep(2000);
ticket.refresh();
System.out.println(ticket);
}
示例12: main
import javax.security.auth.kerberos.KerberosTicket; //导入依赖的package包/类
public static void main(String[] args) throws Exception {
new OneKDC(null).writeJAASConf();
Context c, s;
c = Context.fromJAAS("client");
s = Context.fromJAAS("server");
c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_KRB5_MECH_OID);
s.startAsServer(GSSUtil.GSS_KRB5_MECH_OID);
Context.handshake(c, s);
String expected = OneKDC.SERVER + "@" + OneKDC.REALM;
if (!c.s().getPrivateCredentials(KerberosTicket.class)
.stream()
.anyMatch(t -> t.getServer().toString().equals(expected))) {
c.status();
throw new Exception("no " + expected);
}
}
示例13: main
import javax.security.auth.kerberos.KerberosTicket; //导入依赖的package包/类
public static void main(String[] args) throws Exception {
byte[] asn1Bytes = "asn1".getBytes();
KerberosPrincipal client = new KerberosPrincipal("[email protected]");
KerberosPrincipal server = new KerberosPrincipal("[email protected]");
byte[] keyBytes = "sessionKey".getBytes();
long originalTime = 12345678L;
Date inDate = new Date(originalTime);
boolean[] flags = new boolean[9];
flags[8] = true; // renewable
KerberosTicket t = new KerberosTicket(asn1Bytes, client, server,
keyBytes, 1 /*keyType*/, flags, inDate /*authTime*/,
inDate /*startTime*/, inDate /*endTime*/,
inDate /*renewTill*/, null /*clientAddresses*/);
inDate.setTime(0); // for testing the constructor
testDateImmutability(t, originalTime);
testS11nCompatibility(t); // S11n: Serialization
testDestroy(t);
}
示例14: main
import javax.security.auth.kerberos.KerberosTicket; //导入依赖的package包/类
public static void main(String[] args) throws Exception {
byte[] asn1Bytes = "asn1".getBytes();
KerberosPrincipal client = new KerberosPrincipal("client");
KerberosPrincipal server = new KerberosPrincipal("server");
byte[] keyBytes = "sessionKey".getBytes();
long originalTime = 12345678L;
Date inDate = new Date(originalTime);
boolean[] flags = new boolean[9];
flags[8] = true; // renewable
KerberosTicket t = new KerberosTicket(asn1Bytes, client, server,
keyBytes, 1 /*keyType*/, flags, inDate /*authTime*/,
inDate /*startTime*/, inDate /*endTime*/,
inDate /*renewTill*/, null /*clientAddresses*/);
inDate.setTime(0); // for testing the constructor
testDateImmutability(t, originalTime);
testS11nCompatibility(t); // S11n: Serialization
}
示例15: getKerberosTicket
import javax.security.auth.kerberos.KerberosTicket; //导入依赖的package包/类
private static KerberosTicket getKerberosTicket ( KerberosPrincipal principal, String password, Long expire ) throws Exception {
PrincipalName principalName = new PrincipalName(principal.getName(), PrincipalName.KRB_NT_PRINCIPAL, principal.getRealm());
KrbAsReqBuilder builder = new KrbAsReqBuilder(principalName, password != null ? password.toCharArray() : new char[0]);
if ( expire != null ) {
System.out.println("Request expires " + expire);
KerberosTime till = new KerberosTime(expire);
Field tillF = builder.getClass().getDeclaredField("till");
tillF.setAccessible(true);
tillF.set(builder, till);
}
Credentials creds = builder.action().getCreds();
builder.destroy();
KerberosTicket ticket = Krb5Util.credsToTicket(creds);
System.out.println("Ends " + ticket.getEndTime().getTime());
return ticket;
}