當前位置: 首頁>>代碼示例>>Java>>正文

Java KerberosTicket.getSessionKey方法代碼示例

本文整理匯總了Java中javax.security.auth.kerberos.KerberosTicket.getSessionKey方法的典型用法代碼示例。如果您正苦於以下問題:Java KerberosTicket.getSessionKey方法的具體用法?Java KerberosTicket.getSessionKey怎麽用?Java KerberosTicket.getSessionKey使用的例子?那麽, 這裏精選的方法代碼示例或許可以為您提供幫助。您也可以進一步了解該方法所在javax.security.auth.kerberos.KerberosTicket的用法示例。


在下文中一共展示了KerberosTicket.getSessionKey方法的5個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Java代碼示例。

示例1: searchSessionKey

import javax.security.auth.kerberos.KerberosTicket; //導入方法依賴的package包/類
Key searchSessionKey ( Subject subject ) throws GSSException {
    MIEName src = new MIEName(this.gssContext.getSrcName().export());
    MIEName targ = new MIEName(this.gssContext.getTargName().export());

    ASN1ObjectIdentifier mech = ASN1ObjectIdentifier.getInstance(this.gssContext.getMech().getDER());
    for ( KerberosTicket ticket : subject.getPrivateCredentials(KerberosTicket.class) ) {
        MIEName client = new MIEName(mech, ticket.getClient().getName());
        MIEName server = new MIEName(mech, ticket.getServer().getName());
        if ( src.equals(client) && targ.equals(server) ) {
            return ticket.getSessionKey();
        }
    }
    return null;
}
開發者ID:AgNO3,項目名稱:jcifs-ng,代碼行數:15,代碼來源:Kerb5Context.java

示例2: test_getSessionKey

import javax.security.auth.kerberos.KerberosTicket; //導入方法依賴的package包/類
/**
 * @tests javax.security.auth.kerberos.KerberosTicket#getSessionKey() 
 */
public void test_getSessionKey() throws Exception {

    KerberosTicket krbTicket = new KerberosTicket(ticket, pClient, pServer,
            sessionKey, KEY_TYPE, flags, authTime, startTime, endTime,
            renewTill, addesses);

    assertSame(krbTicket.getSessionKey(), krbTicket.getSessionKey());

    // test returned SecretKey object
    SecretKey sKey = krbTicket.getSessionKey();
    byte[] keyBytes = sKey.getEncoded();

    assertTrue(Arrays.equals(sessionKey, keyBytes));
    // initial byte array is copied
    assertNotSame(sessionKey, sKey.getEncoded());
    // key instance is immutable 
    assertNotSame(sKey.getEncoded(), sKey.getEncoded());

    assertEquals("algorithm", "DES", sKey.getAlgorithm());
    assertEquals("format", "RAW", sKey.getFormat());

    // sessionKey: null value is illegal for constructor
    try {
        new KerberosTicket(ticket, pClient, pServer, null, KEY_TYPE, flags,
                authTime, startTime, endTime, renewTill, addesses);
        fail("No expected IllegalArgumentException");
    } catch (IllegalArgumentException e) {
    }
}
開發者ID:shannah,項目名稱:cn1,代碼行數:33,代碼來源:KerberosTicketTest.java

示例3: getSessionKey

import javax.security.auth.kerberos.KerberosTicket; //導入方法依賴的package包/類
/**
 * 
 * @param tgt
 * @return
 * @throws WSSecurityException
 */
private SecretKey getSessionKey(KerberosTicket tgt) throws WSSecurityException {
	for (Iterator creds = subject.getPrivateCredentials().iterator(); creds.hasNext();) {
		Object cred = creds.next();
		if ((cred instanceof KerberosTicket) && !cred.equals(tgt)) {
			KerberosTicket ticket = (KerberosTicket) cred;
			return ticket.getSessionKey();
		}
	}

	throw new WSSecurityException((new StringBuilder())
			.append("Could not find service ticket with server principal name ")
			.append(servicePrincipalName).toString());
}
開發者ID:wso2,項目名稱:wso2-wss4j,代碼行數:20,代碼來源:WSSecKerberosToken.java

示例4: searchSessionKey

import javax.security.auth.kerberos.KerberosTicket; //導入方法依賴的package包/類
/**
 * Extract the context session key from the gssContext. The subject is only
 * used if no support for extraction of the session key is not possible
 * with an API and is used as a fallback method.
 * 
 * @param subject
 * @return context session key
 * @throws GSSException 
 */
Key searchSessionKey(Subject subject) throws GSSException{
    /*
    The kerberos session key is not accessible via the JGSS API IBM and 
    Oracle both implement a similar API to make an ExtendedGSSContext
    available.
    
    The older implementation to find the session key is still available as 
    a fallback, but it is not expected, that it works.
    
    From "JCIFS with Kerberos doesn't work on JDK 7":
    
    https://bugs.openjdk.java.net/browse/JDK-8031973:
    
    This is a bug in JCIFS. It seems the SMB packet it generates that 
    includes the AP-REQ token also includes something else that should be 
    encrypted with the *context* session key. The standard GSS-API does not
    provide such a method so it looks up the service ticket in the subject 
    and use its *ticket* session key instead. The context session key is not 
    the ticket session key if sub key is used.
     
    Possible patch: Fix jcifs.smb.Kerb5Context's searchSessionKey() method 
    to call Oracle JDK's 
    ExtendedGSSContext::inquireSecContext(InquireType.KRB5_GET_SESSION_KEY) 
    to get the real session key. The classes are defined in 
    com.sun.security.jgss. 
    */
    
    if (extendedGSSContextClass == null || inquireTypeSessionKey == null
            || inquireSecContext == null || gssContext == null) {
        
        if(log.level > 0 && (! deprecationWarningPrinted)) {
            log.print("WARNING: Kerberos Session Key is extracted from Kerberos Ticket. This is known to be problematic (See: https://bugs.openjdk.java.net/browse/JDK-8031973).");
            deprecationWarningPrinted = true;
        }
        
        MIEName src = new MIEName(gssContext.getSrcName().export());
        MIEName targ = new MIEName(gssContext.getTargName().export());
        for(KerberosTicket ticket: subject.getPrivateCredentials(KerberosTicket.class)) {
            MIEName client = new MIEName(gssContext.getMech(), ticket.getClient().getName());
            MIEName server = new MIEName(gssContext.getMech(), ticket.getServer().getName());
            if (src.equals(client) && targ.equals(server)) {
                return ticket.getSessionKey();
            }
        }
        return null;
    } else {
        if (extendedGSSContextClass.isAssignableFrom(gssContext.getClass())) {
            try {
                return (Key) inquireSecContext.invoke(gssContext, new Object[]{inquireTypeSessionKey});
            } catch (IllegalAccessException | IllegalArgumentException | InvocationTargetException ex) {
                log.print("Reflective access to ExtendedGSSContext failed");
                ex.printStackTrace(log);
            }
        }
        return null;
    }
}
開發者ID:jaeksoft,項目名稱:jcifs-krb5,代碼行數:67,代碼來源:Kerb5Context.java

示例5: retrieveServiceTicket

import javax.security.auth.kerberos.KerberosTicket; //導入方法依賴的package包/類
public void retrieveServiceTicket(String jaasName, String serviceName, GSSCredential delegatedCredential)
        throws WSSecurityException {
    // Get a TGT from the KDC using JAAS
    LoginContext loginContext = null;
    try {
        loginContext = new LoginContext(jaasName);
        loginContext.login();
    } catch (LoginException ex) {
        throw new WSSecurityException(WSSecurityException.FAILURE, "kerberosLoginError",//$NON-NLS-1$
                new Object[] { ex.getMessage() }, ex);
    }

    Subject clientSubject = loginContext.getSubject();
    Set<Principal> clientPrincipals = clientSubject.getPrincipals();
    if (clientPrincipals.isEmpty()) {
        throw new WSSecurityException(WSSecurityException.FAILURE, "kerberosLoginError",//$NON-NLS-1$
                new Object[] { "No Client principals found after login" });//$NON-NLS-1$
    }
    
    // Store the TGT
    KerberosTicket tgt = getKerberosTicket(clientSubject, null);

    // Get the service ticket
    KerberosClientAction action = new KerberosClientAction(serviceName, delegatedCredential);
    byte[] ticket = Subject.doAs(clientSubject, action);
    if (ticket == null) {
        throw new WSSecurityException(WSSecurityException.FAILURE, "kerberosServiceTicketError");//$NON-NLS-1$
    }

    // Get the Service Ticket (private credential)
    KerberosTicket serviceTicket = getKerberosTicket(clientSubject, tgt);
    if (serviceTicket != null) {
        secretKey = serviceTicket.getSessionKey();
    }

    setToken(ticket);

    if ("".equals(getValueType())) { //$NON-NLS-1$
        setValueType(WSConstants.WSS_GSS_KRB_V5_AP_REQ);
    }
}
開發者ID:kenweezy,項目名稱:teiid,代碼行數:42,代碼來源:DelegateKerberosClient.java


注:本文中的javax.security.auth.kerberos.KerberosTicket.getSessionKey方法示例由純淨天空整理自Github/MSDocs等開源代碼及文檔管理平台,相關代碼片段篩選自各路編程大神貢獻的開源項目,源碼版權歸原作者所有,傳播和使用請參考對應項目的License;未經允許,請勿轉載。