当前位置: 首页>>代码示例>>Java>>正文

Java KerberosTicket.getSessionKey方法代码示例

本文整理汇总了Java中javax.security.auth.kerberos.KerberosTicket.getSessionKey方法的典型用法代码示例。如果您正苦于以下问题:Java KerberosTicket.getSessionKey方法的具体用法?Java KerberosTicket.getSessionKey怎么用?Java KerberosTicket.getSessionKey使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在javax.security.auth.kerberos.KerberosTicket的用法示例。


在下文中一共展示了KerberosTicket.getSessionKey方法的5个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。

示例1: searchSessionKey

import javax.security.auth.kerberos.KerberosTicket; //导入方法依赖的package包/类
Key searchSessionKey ( Subject subject ) throws GSSException {
    MIEName src = new MIEName(this.gssContext.getSrcName().export());
    MIEName targ = new MIEName(this.gssContext.getTargName().export());

    ASN1ObjectIdentifier mech = ASN1ObjectIdentifier.getInstance(this.gssContext.getMech().getDER());
    for ( KerberosTicket ticket : subject.getPrivateCredentials(KerberosTicket.class) ) {
        MIEName client = new MIEName(mech, ticket.getClient().getName());
        MIEName server = new MIEName(mech, ticket.getServer().getName());
        if ( src.equals(client) && targ.equals(server) ) {
            return ticket.getSessionKey();
        }
    }
    return null;
}
开发者ID:AgNO3,项目名称:jcifs-ng,代码行数:15,代码来源:Kerb5Context.java

示例2: test_getSessionKey

import javax.security.auth.kerberos.KerberosTicket; //导入方法依赖的package包/类
/**
 * @tests javax.security.auth.kerberos.KerberosTicket#getSessionKey() 
 */
public void test_getSessionKey() throws Exception {

    KerberosTicket krbTicket = new KerberosTicket(ticket, pClient, pServer,
            sessionKey, KEY_TYPE, flags, authTime, startTime, endTime,
            renewTill, addesses);

    assertSame(krbTicket.getSessionKey(), krbTicket.getSessionKey());

    // test returned SecretKey object
    SecretKey sKey = krbTicket.getSessionKey();
    byte[] keyBytes = sKey.getEncoded();

    assertTrue(Arrays.equals(sessionKey, keyBytes));
    // initial byte array is copied
    assertNotSame(sessionKey, sKey.getEncoded());
    // key instance is immutable 
    assertNotSame(sKey.getEncoded(), sKey.getEncoded());

    assertEquals("algorithm", "DES", sKey.getAlgorithm());
    assertEquals("format", "RAW", sKey.getFormat());

    // sessionKey: null value is illegal for constructor
    try {
        new KerberosTicket(ticket, pClient, pServer, null, KEY_TYPE, flags,
                authTime, startTime, endTime, renewTill, addesses);
        fail("No expected IllegalArgumentException");
    } catch (IllegalArgumentException e) {
    }
}
开发者ID:shannah,项目名称:cn1,代码行数:33,代码来源:KerberosTicketTest.java

示例3: getSessionKey

import javax.security.auth.kerberos.KerberosTicket; //导入方法依赖的package包/类
/**
 * 
 * @param tgt
 * @return
 * @throws WSSecurityException
 */
private SecretKey getSessionKey(KerberosTicket tgt) throws WSSecurityException {
	for (Iterator creds = subject.getPrivateCredentials().iterator(); creds.hasNext();) {
		Object cred = creds.next();
		if ((cred instanceof KerberosTicket) && !cred.equals(tgt)) {
			KerberosTicket ticket = (KerberosTicket) cred;
			return ticket.getSessionKey();
		}
	}

	throw new WSSecurityException((new StringBuilder())
			.append("Could not find service ticket with server principal name ")
			.append(servicePrincipalName).toString());
}
开发者ID:wso2,项目名称:wso2-wss4j,代码行数:20,代码来源:WSSecKerberosToken.java

示例4: searchSessionKey

import javax.security.auth.kerberos.KerberosTicket; //导入方法依赖的package包/类
/**
 * Extract the context session key from the gssContext. The subject is only
 * used if no support for extraction of the session key is not possible
 * with an API and is used as a fallback method.
 * 
 * @param subject
 * @return context session key
 * @throws GSSException 
 */
Key searchSessionKey(Subject subject) throws GSSException{
    /*
    The kerberos session key is not accessible via the JGSS API IBM and 
    Oracle both implement a similar API to make an ExtendedGSSContext
    available.
    
    The older implementation to find the session key is still available as 
    a fallback, but it is not expected, that it works.
    
    From "JCIFS with Kerberos doesn't work on JDK 7":
    
    https://bugs.openjdk.java.net/browse/JDK-8031973:
    
    This is a bug in JCIFS. It seems the SMB packet it generates that 
    includes the AP-REQ token also includes something else that should be 
    encrypted with the *context* session key. The standard GSS-API does not
    provide such a method so it looks up the service ticket in the subject 
    and use its *ticket* session key instead. The context session key is not 
    the ticket session key if sub key is used.
     
    Possible patch: Fix jcifs.smb.Kerb5Context's searchSessionKey() method 
    to call Oracle JDK's 
    ExtendedGSSContext::inquireSecContext(InquireType.KRB5_GET_SESSION_KEY) 
    to get the real session key. The classes are defined in 
    com.sun.security.jgss. 
    */
    
    if (extendedGSSContextClass == null || inquireTypeSessionKey == null
            || inquireSecContext == null || gssContext == null) {
        
        if(log.level > 0 && (! deprecationWarningPrinted)) {
            log.print("WARNING: Kerberos Session Key is extracted from Kerberos Ticket. This is known to be problematic (See: https://bugs.openjdk.java.net/browse/JDK-8031973).");
            deprecationWarningPrinted = true;
        }
        
        MIEName src = new MIEName(gssContext.getSrcName().export());
        MIEName targ = new MIEName(gssContext.getTargName().export());
        for(KerberosTicket ticket: subject.getPrivateCredentials(KerberosTicket.class)) {
            MIEName client = new MIEName(gssContext.getMech(), ticket.getClient().getName());
            MIEName server = new MIEName(gssContext.getMech(), ticket.getServer().getName());
            if (src.equals(client) && targ.equals(server)) {
                return ticket.getSessionKey();
            }
        }
        return null;
    } else {
        if (extendedGSSContextClass.isAssignableFrom(gssContext.getClass())) {
            try {
                return (Key) inquireSecContext.invoke(gssContext, new Object[]{inquireTypeSessionKey});
            } catch (IllegalAccessException | IllegalArgumentException | InvocationTargetException ex) {
                log.print("Reflective access to ExtendedGSSContext failed");
                ex.printStackTrace(log);
            }
        }
        return null;
    }
}
开发者ID:jaeksoft,项目名称:jcifs-krb5,代码行数:67,代码来源:Kerb5Context.java

示例5: retrieveServiceTicket

import javax.security.auth.kerberos.KerberosTicket; //导入方法依赖的package包/类
public void retrieveServiceTicket(String jaasName, String serviceName, GSSCredential delegatedCredential)
        throws WSSecurityException {
    // Get a TGT from the KDC using JAAS
    LoginContext loginContext = null;
    try {
        loginContext = new LoginContext(jaasName);
        loginContext.login();
    } catch (LoginException ex) {
        throw new WSSecurityException(WSSecurityException.FAILURE, "kerberosLoginError",//$NON-NLS-1$
                new Object[] { ex.getMessage() }, ex);
    }

    Subject clientSubject = loginContext.getSubject();
    Set<Principal> clientPrincipals = clientSubject.getPrincipals();
    if (clientPrincipals.isEmpty()) {
        throw new WSSecurityException(WSSecurityException.FAILURE, "kerberosLoginError",//$NON-NLS-1$
                new Object[] { "No Client principals found after login" });//$NON-NLS-1$
    }
    
    // Store the TGT
    KerberosTicket tgt = getKerberosTicket(clientSubject, null);

    // Get the service ticket
    KerberosClientAction action = new KerberosClientAction(serviceName, delegatedCredential);
    byte[] ticket = Subject.doAs(clientSubject, action);
    if (ticket == null) {
        throw new WSSecurityException(WSSecurityException.FAILURE, "kerberosServiceTicketError");//$NON-NLS-1$
    }

    // Get the Service Ticket (private credential)
    KerberosTicket serviceTicket = getKerberosTicket(clientSubject, tgt);
    if (serviceTicket != null) {
        secretKey = serviceTicket.getSessionKey();
    }

    setToken(ticket);

    if ("".equals(getValueType())) { //$NON-NLS-1$
        setValueType(WSConstants.WSS_GSS_KRB_V5_AP_REQ);
    }
}
开发者ID:kenweezy,项目名称:teiid,代码行数:42,代码来源:DelegateKerberosClient.java


注:本文中的javax.security.auth.kerberos.KerberosTicket.getSessionKey方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。