本文整理汇总了Java中sun.security.jgss.krb5.Krb5Util类的典型用法代码示例。如果您正苦于以下问题:Java Krb5Util类的具体用法?Java Krb5Util怎么用?Java Krb5Util使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
Krb5Util类属于sun.security.jgss.krb5包,在下文中一共展示了Krb5Util类的8个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: decryptUsingKeyTab
import sun.security.jgss.krb5.Krb5Util; //导入依赖的package包/类
/**
* Called by KrbAsReqBuilder to resolve a AS-REP message using a keytab.
* @param ktab the keytab, not null
* @param asReq the original AS-REQ sent, used to validate AS-REP
* @param cname the user principal name, used to locate keys in ktab
*/
void decryptUsingKeyTab(KeyTab ktab, KrbAsReq asReq, PrincipalName cname)
throws KrbException, Asn1Exception, IOException {
EncryptionKey dkey = null;
int encPartKeyType = rep.encPart.getEType();
Integer encPartKvno = rep.encPart.kvno;
try {
dkey = EncryptionKey.findKey(encPartKeyType, encPartKvno,
Krb5Util.keysFromJavaxKeyTab(ktab, cname));
} catch (KrbException ke) {
if (ke.returnCode() == Krb5.KRB_AP_ERR_BADKEYVER) {
// Fallback to no kvno. In some cases, keytab is generated
// not by sysadmin but Java's ktab command
dkey = EncryptionKey.findKey(encPartKeyType,
Krb5Util.keysFromJavaxKeyTab(ktab, cname));
}
}
if (dkey == null) {
throw new KrbException(Krb5.API_INVALID_ARG,
"Cannot find key for type/kvno to decrypt AS REP - " +
EType.toString(encPartKeyType) + "/" + encPartKvno);
}
decrypt(dkey, asReq);
}
示例2: build
import sun.security.jgss.krb5.Krb5Util; //导入依赖的package包/类
/**
* Build a KrbAsReq object from all info fed above. Normally this method
* will be called twice: initial AS-REQ and second with pakey
* @param key null (initial AS-REQ) or pakey (with preauth)
* @return the KrbAsReq object
* @throws KrbException
* @throws IOException
*/
private KrbAsReq build(EncryptionKey key) throws KrbException, IOException {
int[] eTypes;
if (password != null) {
eTypes = EType.getDefaults("default_tkt_enctypes");
} else {
EncryptionKey[] ks = Krb5Util.keysFromJavaxKeyTab(ktab, cname);
eTypes = EType.getDefaults("default_tkt_enctypes",
ks);
for (EncryptionKey k: ks) k.destroy();
}
return new KrbAsReq(key,
options,
cname,
sname,
from,
till,
rtime,
eTypes,
addresses);
}
示例3: getKerberosTicket
import sun.security.jgss.krb5.Krb5Util; //导入依赖的package包/类
private static KerberosTicket getKerberosTicket ( KerberosPrincipal principal, String password, Long expire ) throws Exception {
PrincipalName principalName = new PrincipalName(principal.getName(), PrincipalName.KRB_NT_PRINCIPAL, principal.getRealm());
KrbAsReqBuilder builder = new KrbAsReqBuilder(principalName, password != null ? password.toCharArray() : new char[0]);
if ( expire != null ) {
System.out.println("Request expires " + expire);
KerberosTime till = new KerberosTime(expire);
Field tillF = builder.getClass().getDeclaredField("till");
tillF.setAccessible(true);
tillF.set(builder, till);
}
Credentials creds = builder.action().getCreds();
builder.destroy();
KerberosTicket ticket = Krb5Util.credsToTicket(creds);
System.out.println("Ends " + ticket.getEndTime().getTime());
return ticket;
}
示例4: getServiceCreds
import sun.security.jgss.krb5.Krb5Util; //导入依赖的package包/类
@Override
public Object getServiceCreds(AccessControlContext acc)
throws LoginException {
ServiceCreds serviceCreds =
Krb5Util.getServiceCreds(GSSCaller.CALLER_SSL_SERVER, null, acc);
return serviceCreds;
}
示例5: isRelated
import sun.security.jgss.krb5.Krb5Util; //导入依赖的package包/类
@Override
public boolean isRelated(boolean isClient,
AccessControlContext acc, Principal p) {
if (p == null) return false;
try {
Subject subject = AccessController.doPrivileged(
(PrivilegedExceptionAction<Subject>)
() -> Krb5Util.getSubject(
isClient ? GSSCaller.CALLER_SSL_CLIENT
: GSSCaller.CALLER_SSL_SERVER,
acc));
if (subject == null) {
if (debug != null && Debug.isOn("session")) {
System.out.println("Kerberos credentials are" +
" not present in the current Subject;" +
" check if " +
" javax.security.auth.useSubjectAsCreds" +
" system property has been set to false");
}
return false;
}
Set<Principal> principals =
subject.getPrincipals(Principal.class);
if (principals.contains(p)) {
// bound to this principal
return true;
} else {
if (isClient) {
return false;
} else {
for (KeyTab pc : subject.getPrivateCredentials(KeyTab.class)) {
if (!pc.isBound()) {
return true;
}
}
return false;
}
}
} catch (PrivilegedActionException pae) {
if (debug != null && Debug.isOn("session")) {
System.out.println("Attempt to obtain" +
" subject failed! " + pae);
}
return false;
}
}
示例6: getServerKeys
import sun.security.jgss.krb5.Krb5Util; //导入依赖的package包/类
@Override
public SecretKey[] getServerKeys(AccessControlContext acc)
throws LoginException {
Krb5Util.ServiceCreds serviceCreds =
Krb5Util.getServiceCreds(GSSCaller.CALLER_SSL_SERVER, null, acc);
return serviceCreds != null ? serviceCreds.getKKeys() :
new KerberosKey[0];
}
示例7: getClientSubject
import sun.security.jgss.krb5.Krb5Util; //导入依赖的package包/类
@Override
public Subject getClientSubject(AccessControlContext acc)
throws LoginException {
return Krb5Util.getSubject(GSSCaller.CALLER_SSL_CLIENT, acc);
}
示例8: getServerSubject
import sun.security.jgss.krb5.Krb5Util; //导入依赖的package包/类
@Override
public Subject getServerSubject(AccessControlContext acc)
throws LoginException {
return Krb5Util.getSubject(GSSCaller.CALLER_SSL_SERVER, acc);
}