联系人列表为空,请先登录

  1. 查询
  2. 包列表
  3. 类列表
  4. 类:org.ietf.jgss.Oid

类org.ietf.jgss.Oid源码实例Demo

下面列出了怎么用org.ietf.jgss.Oid的API类实例代码及写法,或者点击链接到github查看源代码。

源代码1 项目: openjdk-8   文件: OidFormat.java 
static void testBad(String s) throws Exception {
    System.err.println("Trying " + s);
    try {
        new ObjectIdentifier(s);
        throw new Exception("should be invalid ObjectIdentifier");
    } catch (IOException ioe) {
        System.err.println(ioe);
    }

    try {
        new Oid(s);
        throw new Exception("should be invalid Oid");
    } catch (GSSException gsse) {
        ;
    }

    try {
        new EncryptedPrivateKeyInfo(s, new byte[8]);
        throw new Exception("should be invalid algorithm");
    } catch (NoSuchAlgorithmException e) {
        ;
    }
}
源代码2 项目: registry   文件: KerberosUtil.java 
public static Oid getOidInstance(String oidName)
        throws ClassNotFoundException, GSSException, NoSuchFieldException,
        IllegalAccessException {
    Class<?> oidClass;
    if (IBM_JAVA) {
        if ("NT_GSS_KRB5_PRINCIPAL".equals(oidName)) {
            // IBM JDK GSSUtil class does not have field for krb5 principal oid
            return new Oid("1.2.840.113554.1.2.2.1");
        }
        oidClass = Class.forName("com.ibm.security.jgss.GSSUtil");
    } else {
        oidClass = Class.forName("sun.security.jgss.GSSUtil");
    }
    Field oidField = oidClass.getDeclaredField(oidName);
    return (Oid) oidField.get(oidClass);
}
源代码3 项目: TencentKona-8   文件: SpnegoLifeTime.java 
public static void main(String[] args) throws Exception {

        Oid oid = GSSUtil.GSS_SPNEGO_MECH_OID;
        new OneKDC(null).writeJAASConf();

        Context c, s;
        c = Context.fromJAAS("client");
        s = Context.fromJAAS("server");

        c.startAsClient(OneKDC.SERVER, oid);
        c.x().requestCredDeleg(true);
        s.startAsServer(oid);

        Context.handshake(c, s);

        GSSCredential cred = s.delegated().cred();
        cred.getRemainingInitLifetime(oid);
        cred.getUsage(oid);
    }
源代码4 项目: zeppelin   文件: KerberosUtil.java 
public static Oid getOidInstance(String oidName)
  throws ClassNotFoundException, GSSException, NoSuchFieldException,
  IllegalAccessException {
  Class<?> oidClass;
  if (IBM_JAVA) {
    if ("NT_GSS_KRB5_PRINCIPAL".equals(oidName)) {
      // IBM JDK GSSUtil class does not have field for krb5 principal oid
      return new Oid("1.2.840.113554.1.2.2.1");
    }
    oidClass = Class.forName("com.ibm.security.jgss.GSSUtil");
  } else {
    oidClass = Class.forName("sun.security.jgss.GSSUtil");
  }
  Field oidField = oidClass.getDeclaredField(oidName);
  return (Oid)oidField.get(oidClass);
}
源代码5 项目: openjdk-jdk8u   文件: Context.java 
/**
 * Starts as a client
 * @param target communication peer
 * @param mech GSS mech
 * @throws java.lang.Exception
 */
public void startAsClient(final String target, final Oid mech) throws Exception {
    doAs(new Action() {
        @Override
        public byte[] run(Context me, byte[] dummy) throws Exception {
            GSSManager m = GSSManager.getInstance();
            me.x = (ExtendedGSSContext)m.createContext(
                      target.indexOf('@') < 0 ?
                        m.createName(target, null) :
                        m.createName(target, GSSName.NT_HOSTBASED_SERVICE),
                    mech,
                    cred,
                    GSSContext.DEFAULT_LIFETIME);
            return null;
        }
    }, null);
}
源代码6 项目: wildfly-core   文件: SecurityRealmService.java 
private GSSKerberosCredential getGSSKerberosCredential(final String protocol, final String forHost)
        throws GeneralSecurityException {
    SubjectIdentity subjectIdentity = getSubjectIdentity(protocol, forHost);
    if (subjectIdentity == null) {
        throw ROOT_LOGGER.noSubjectIdentityForProtocolAndHost(protocol, forHost);
    }

    final GSSManager manager = GSSManager.getInstance();
    try {
        GSSCredential gssCredential = Subject.doAs(subjectIdentity.getSubject(),
                (PrivilegedExceptionAction<GSSCredential>) () -> manager.createCredential(null,
                        GSSCredential.DEFAULT_LIFETIME, new Oid[] { KERBEROS_V5, SPNEGO }, GSSCredential.ACCEPT_ONLY));

        return new GSSKerberosCredential(gssCredential);
    } catch (PrivilegedActionException e) {
        throw new GeneralSecurityException(e.getCause());
    }
}
源代码7 项目: big-c   文件: KerberosUtil.java 
public static Oid getOidInstance(String oidName) 
    throws ClassNotFoundException, GSSException, NoSuchFieldException,
    IllegalAccessException {
  Class<?> oidClass;
  if (IBM_JAVA) {
    if ("NT_GSS_KRB5_PRINCIPAL".equals(oidName)) {
      // IBM JDK GSSUtil class does not have field for krb5 principal oid
      return new Oid("1.2.840.113554.1.2.2.1");
    }
    oidClass = Class.forName("com.ibm.security.jgss.GSSUtil");
  } else {
    oidClass = Class.forName("sun.security.jgss.GSSUtil");
  }
  Field oidField = oidClass.getDeclaredField(oidName);
  return (Oid)oidField.get(oidClass);
}
源代码8 项目: jdk8u60   文件: Context.java 
/**
 * Starts as a client
 * @param target communication peer
 * @param mech GSS mech
 * @throws java.lang.Exception
 */
public void startAsClient(final String target, final Oid mech) throws Exception {
    doAs(new Action() {
        @Override
        public byte[] run(Context me, byte[] dummy) throws Exception {
            GSSManager m = GSSManager.getInstance();
            me.x = (ExtendedGSSContext)m.createContext(
                      target.indexOf('@') < 0 ?
                        m.createName(target, null) :
                        m.createName(target, GSSName.NT_HOSTBASED_SERVICE),
                    mech,
                    cred,
                    GSSContext.DEFAULT_LIFETIME);
            return null;
        }
    }, null);
}
源代码9 项目: jdk8u60   文件: Context.java 
/**
 * Starts as a server with the specified service name
 * @param name the service name
 * @param mech GSS mech
 * @throws java.lang.Exception
 */
public void startAsServer(final String name, final Oid mech, final boolean asInitiator) throws Exception {
    doAs(new Action() {
        @Override
        public byte[] run(Context me, byte[] dummy) throws Exception {
            GSSManager m = GSSManager.getInstance();
            me.cred = m.createCredential(
                    name == null ? null :
                      (name.indexOf('@') < 0 ?
                        m.createName(name, null) :
                        m.createName(name, GSSName.NT_HOSTBASED_SERVICE)),
                    GSSCredential.INDEFINITE_LIFETIME,
                    mech,
                    asInitiator?
                            GSSCredential.INITIATE_AND_ACCEPT:
                            GSSCredential.ACCEPT_ONLY);
            me.x = (ExtendedGSSContext)m.createContext(me.cred);
            return null;
        }
    }, null);
}
源代码10 项目: jdk8u60   文件: OidFormat.java 
static void testBad(String s) throws Exception {
    System.err.println("Trying " + s);
    try {
        new ObjectIdentifier(s);
        throw new Exception("should be invalid ObjectIdentifier");
    } catch (IOException ioe) {
        System.err.println(ioe);
    }

    try {
        new Oid(s);
        throw new Exception("should be invalid Oid");
    } catch (GSSException gsse) {
        ;
    }

    try {
        new EncryptedPrivateKeyInfo(s, new byte[8]);
        throw new Exception("should be invalid algorithm");
    } catch (NoSuchAlgorithmException e) {
        ;
    }
}
源代码11 项目: jdk8u-jdk   文件: SpnegoLifeTime.java 
public static void main(String[] args) throws Exception {

        Oid oid = GSSUtil.GSS_SPNEGO_MECH_OID;
        new OneKDC(null).writeJAASConf();

        Context c, s;
        c = Context.fromJAAS("client");
        s = Context.fromJAAS("server");

        c.startAsClient(OneKDC.SERVER, oid);
        c.x().requestCredDeleg(true);
        s.startAsServer(oid);

        Context.handshake(c, s);

        GSSCredential cred = s.delegated().cred();
        cred.getRemainingInitLifetime(oid);
        cred.getUsage(oid);
    }
源代码12 项目: jdk8u-dev-jdk   文件: GSSLibStub.java 
static GSSLibStub getInstance(Oid mech) throws GSSException {
    GSSLibStub s = table.get(mech);
    if (s == null) {
        s = new GSSLibStub(mech);
        table.put(mech, s);
    }
    return s;
}
源代码13 项目: jdk8u_jdk   文件: GSSLibStub.java 
static GSSLibStub getInstance(Oid mech) throws GSSException {
    GSSLibStub s = table.get(mech);
    if (s == null) {
        s = new GSSLibStub(mech);
        table.put(mech, s);
    }
    return s;
}
源代码14 项目: jcifs-ng   文件: Kerb5Context.java 
Kerb5Context ( String host, String service, String name, int userLifetime, int contextLifetime, String realm ) throws GSSException {
    GSSManager manager = GSSManager.getInstance();
    GSSCredential clientCreds = null;
    Oid mechOid = JGSS_KRB5_MECH_OID;
    if ( realm != null ) {
        this.serviceName = manager.createName(service + "/" + host + "@" + realm, JGSS_KRB5_NAME_OID, mechOid);
    }
    else {
        this.serviceName = manager.createName(service + "@" + host, GSSName.NT_HOSTBASED_SERVICE, mechOid);
    }

    if ( log.isDebugEnabled() ) {
        log.debug("Service name is " + this.serviceName);
    }

    if ( name != null ) {
        this.clientName = manager.createName(name, GSSName.NT_USER_NAME, mechOid);
        clientCreds = manager.createCredential(this.clientName, userLifetime, mechOid, GSSCredential.INITIATE_ONLY);
    }
    else {
        this.clientName = null;
    }

    this.gssContext = manager.createContext(this.serviceName, mechOid, clientCreds, contextLifetime);

    this.gssContext.requestAnonymity(false);
    this.gssContext.requestSequenceDet(false);
    this.gssContext.requestConf(false);
    this.gssContext.requestInteg(false);
    this.gssContext.requestReplayDet(false);

    // per spec these should be set
    this.gssContext.requestMutualAuth(true);
    this.gssContext.requestCredDeleg(true);
}
源代码15 项目: dragonwell8_jdk   文件: GSSLibStub.java 
static GSSLibStub getInstance(Oid mech) throws GSSException {
    GSSLibStub s = table.get(mech);
    if (s == null) {
        s = new GSSLibStub(mech);
        table.put(mech, s);
    }
    return s;
}
源代码16 项目: openjdk-jdk8u   文件: S4U2selfAsServer.java 
public static void main(String[] args) throws Exception {
    Oid mech;
    if (args[0].equals("spnego")) {
        mech = GSSUtil.GSS_SPNEGO_MECH_OID;
    } else if (args[0].contains("krb5")) {
        mech = GSSUtil.GSS_KRB5_MECH_OID;
    } else {
        throw new Exception("Unknown mech");
    }

    OneKDC kdc = new OneKDC(null);
    kdc.writeJAASConf();
    kdc.setOption(KDC.Option.PREAUTH_REQUIRED, false);
    Map<String,List<String>> map = new HashMap<>();
    map.put(OneKDC.SERVER + "@" + OneKDC.REALM, Arrays.asList(
            new String[]{OneKDC.BACKEND + "@" + OneKDC.REALM}));
    kdc.setOption(KDC.Option.ALLOW_S4U2PROXY, map);
    kdc.setOption(KDC.Option.ALLOW_S4U2SELF, Arrays.asList(
            new String[]{OneKDC.SERVER + "@" + OneKDC.REALM}));

    Context s, b;
    s = Context.fromJAAS("server");
    b = Context.fromJAAS("backend");

    s.startAsServer(null, mech, false);

    Context p = s.impersonate(OneKDC.USER);

    p.startAsClient(OneKDC.BACKEND, mech);
    b.startAsServer(mech);
    Context.handshake(p, b);

    p.startAsClient(OneKDC.BACKEND, mech);
    b.startAsServer(mech);
    Context.handshake(p, b);
}
源代码17 项目: hottub   文件: GSSLibStub.java 
static GSSLibStub getInstance(Oid mech) throws GSSException {
    GSSLibStub s = table.get(mech);
    if (s == null) {
        s = new GSSLibStub(mech);
        table.put(mech, s);
    }
    return s;
}
源代码18 项目: openjdk-jdk9   文件: S4U2selfAsServer.java 
public static void main(String[] args) throws Exception {
    Oid mech;
    if (args[0].equals("spnego")) {
        mech = GSSUtil.GSS_SPNEGO_MECH_OID;
    } else if (args[0].contains("krb5")) {
        mech = GSSUtil.GSS_KRB5_MECH_OID;
    } else {
        throw new Exception("Unknown mech");
    }

    OneKDC kdc = new OneKDC(null);
    kdc.writeJAASConf();
    kdc.setOption(KDC.Option.PREAUTH_REQUIRED, false);
    Map<String,List<String>> map = new HashMap<>();
    map.put(OneKDC.SERVER + "@" + OneKDC.REALM, Arrays.asList(
            new String[]{OneKDC.BACKEND + "@" + OneKDC.REALM}));
    kdc.setOption(KDC.Option.ALLOW_S4U2PROXY, map);
    kdc.setOption(KDC.Option.ALLOW_S4U2SELF, Arrays.asList(
            new String[]{OneKDC.SERVER + "@" + OneKDC.REALM}));

    Context s, b;
    s = Context.fromJAAS("server");
    b = Context.fromJAAS("backend");

    s.startAsServer(null, mech, false);

    Context p = s.impersonate(OneKDC.USER);

    p.startAsClient(OneKDC.BACKEND, mech);
    b.startAsServer(mech);
    Context.handshake(p, b);

    p.startAsClient(OneKDC.BACKEND, mech);
    b.startAsServer(mech);
    Context.handshake(p, b);
}
源代码19 项目: openjdk-8   文件: S4U2selfAsServer.java 
public static void main(String[] args) throws Exception {
    Oid mech;
    if (args[0].equals("spnego")) {
        mech = GSSUtil.GSS_SPNEGO_MECH_OID;
    } else if (args[0].contains("krb5")) {
        mech = GSSUtil.GSS_KRB5_MECH_OID;
    } else {
        throw new Exception("Unknown mech");
    }

    OneKDC kdc = new OneKDC(null);
    kdc.writeJAASConf();
    kdc.setOption(KDC.Option.PREAUTH_REQUIRED, false);
    Map<String,List<String>> map = new HashMap<>();
    map.put(OneKDC.SERVER + "@" + OneKDC.REALM, Arrays.asList(
            new String[]{OneKDC.BACKEND + "@" + OneKDC.REALM}));
    kdc.setOption(KDC.Option.ALLOW_S4U2PROXY, map);
    kdc.setOption(KDC.Option.ALLOW_S4U2SELF, Arrays.asList(
            new String[]{OneKDC.SERVER + "@" + OneKDC.REALM}));

    Context s, b;
    s = Context.fromJAAS("server");
    b = Context.fromJAAS("backend");

    s.startAsServer(null, mech, false);

    Context p = s.impersonate(OneKDC.USER);

    p.startAsClient(OneKDC.BACKEND, mech);
    b.startAsServer(mech);
    Context.handshake(p, b);

    p.startAsClient(OneKDC.BACKEND, mech);
    b.startAsServer(mech);
    Context.handshake(p, b);
}
源代码20 项目: jdk8u_jdk   文件: S4U2selfAsServer.java 
public static void main(String[] args) throws Exception {
    Oid mech;
    if (args[0].equals("spnego")) {
        mech = GSSUtil.GSS_SPNEGO_MECH_OID;
    } else if (args[0].contains("krb5")) {
        mech = GSSUtil.GSS_KRB5_MECH_OID;
    } else {
        throw new Exception("Unknown mech");
    }

    OneKDC kdc = new OneKDC(null);
    kdc.writeJAASConf();
    kdc.setOption(KDC.Option.PREAUTH_REQUIRED, false);
    Map<String,List<String>> map = new HashMap<>();
    map.put(OneKDC.SERVER + "@" + OneKDC.REALM, Arrays.asList(
            new String[]{OneKDC.BACKEND + "@" + OneKDC.REALM}));
    kdc.setOption(KDC.Option.ALLOW_S4U2PROXY, map);
    kdc.setOption(KDC.Option.ALLOW_S4U2SELF, Arrays.asList(
            new String[]{OneKDC.SERVER + "@" + OneKDC.REALM}));

    Context s, b;
    s = Context.fromJAAS("server");
    b = Context.fromJAAS("backend");

    s.startAsServer(null, mech, false);

    Context p = s.impersonate(OneKDC.USER);

    p.startAsClient(OneKDC.BACKEND, mech);
    b.startAsServer(mech);
    Context.handshake(p, b);

    p.startAsClient(OneKDC.BACKEND, mech);
    b.startAsServer(mech);
    Context.handshake(p, b);
}
源代码21 项目: openjdk-8   文件: S4U2proxy.java 
public static void main(String[] args) throws Exception {
    Oid mech;
    if (args[0].equals("spnego")) {
        mech = GSSUtil.GSS_SPNEGO_MECH_OID;
    } else if (args[0].contains("krb5")) {
        mech = GSSUtil.GSS_KRB5_MECH_OID;
    } else {
        throw new Exception("Unknown mech");
    }

    OneKDC kdc = new OneKDC(null);
    kdc.writeJAASConf();
    kdc.setOption(KDC.Option.PREAUTH_REQUIRED, false);
    Map<String,List<String>> map = new HashMap<>();
    map.put(OneKDC.SERVER + "@" + OneKDC.REALM, Arrays.asList(
            new String[]{OneKDC.BACKEND + "@" + OneKDC.REALM}));
    kdc.setOption(KDC.Option.ALLOW_S4U2PROXY, map);

    Context c, s, b;
    c = Context.fromJAAS("client");
    s = Context.fromJAAS("server");
    b = Context.fromJAAS("backend");

    c.startAsClient(OneKDC.SERVER, mech);
    s.startAsServer(null, mech, false);

    Context.handshake(c, s);
    Context p = s.delegated();

    p.startAsClient(OneKDC.BACKEND, mech);
    b.startAsServer(mech);
    Context.handshake(p, b);

    p.startAsClient(OneKDC.BACKEND, mech);
    b.startAsServer(mech);
    Context.handshake(p, b);
}
源代码22 项目: openjdk-jdk8u   文件: S4U2selfGSS.java 
public static void main(String[] args) throws Exception {
    Oid mech;
    if (args[0].equals("spnego")) {
        mech = GSSUtil.GSS_SPNEGO_MECH_OID;
    } else if (args[0].contains("krb5")) {
        mech = GSSUtil.GSS_KRB5_MECH_OID;
    } else {
        throw new Exception("Unknown mech");
    }

    OneKDC kdc = new OneKDC(null);
    kdc.writeJAASConf();
    kdc.setOption(KDC.Option.ALLOW_S4U2SELF, Arrays.asList(
            new String[]{OneKDC.USER + "@" + OneKDC.REALM}));
    Map<String,List<String>> map = new HashMap<>();
    map.put(OneKDC.USER + "@" + OneKDC.REALM, Arrays.asList(
            new String[]{OneKDC.SERVER + "@" + OneKDC.REALM}));
    kdc.setOption(KDC.Option.ALLOW_S4U2PROXY, map);

    Context c, s;
    System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
    c = Context.fromThinAir();
    s = Context.fromThinAir();

    c = c.impersonate(OneKDC.USER2);

    c.startAsClient(OneKDC.SERVER, mech);
    s.startAsServer(mech);

    Context.handshake(c, s);

    String n1 = c.x().getSrcName().toString().split("@")[0];
    String n2 = s.x().getSrcName().toString().split("@")[0];
    if (!n1.equals(OneKDC.USER2) || !n2.equals(OneKDC.USER2)) {
        throw new Exception("Impersonate failed");
    }

    s.dispose();
    c.dispose();
}
源代码23 项目: TencentKona-8   文件: S4U2selfGSS.java 
public static void main(String[] args) throws Exception {
    Oid mech;
    if (args[0].equals("spnego")) {
        mech = GSSUtil.GSS_SPNEGO_MECH_OID;
    } else if (args[0].contains("krb5")) {
        mech = GSSUtil.GSS_KRB5_MECH_OID;
    } else {
        throw new Exception("Unknown mech");
    }

    OneKDC kdc = new OneKDC(null);
    kdc.writeJAASConf();
    kdc.setOption(KDC.Option.ALLOW_S4U2SELF, Arrays.asList(
            new String[]{OneKDC.USER + "@" + OneKDC.REALM}));
    Map<String,List<String>> map = new HashMap<>();
    map.put(OneKDC.USER + "@" + OneKDC.REALM, Arrays.asList(
            new String[]{OneKDC.SERVER + "@" + OneKDC.REALM}));
    kdc.setOption(KDC.Option.ALLOW_S4U2PROXY, map);

    Context c, s;
    System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
    c = Context.fromThinAir();
    s = Context.fromThinAir();

    c = c.impersonate(OneKDC.USER2);

    c.startAsClient(OneKDC.SERVER, mech);
    s.startAsServer(mech);

    Context.handshake(c, s);

    String n1 = c.x().getSrcName().toString().split("@")[0];
    String n2 = s.x().getSrcName().toString().split("@")[0];
    if (!n1.equals(OneKDC.USER2) || !n2.equals(OneKDC.USER2)) {
        throw new Exception("Impersonate failed");
    }

    s.dispose();
    c.dispose();
}
源代码24 项目: jdk8u_jdk   文件: S4U2selfGSS.java 
public static void main(String[] args) throws Exception {
    Oid mech;
    if (args[0].equals("spnego")) {
        mech = GSSUtil.GSS_SPNEGO_MECH_OID;
    } else if (args[0].contains("krb5")) {
        mech = GSSUtil.GSS_KRB5_MECH_OID;
    } else {
        throw new Exception("Unknown mech");
    }

    OneKDC kdc = new OneKDC(null);
    kdc.writeJAASConf();
    kdc.setOption(KDC.Option.ALLOW_S4U2SELF, Arrays.asList(
            new String[]{OneKDC.USER + "@" + OneKDC.REALM}));
    Map<String,List<String>> map = new HashMap<>();
    map.put(OneKDC.USER + "@" + OneKDC.REALM, Arrays.asList(
            new String[]{OneKDC.SERVER + "@" + OneKDC.REALM}));
    kdc.setOption(KDC.Option.ALLOW_S4U2PROXY, map);

    Context c, s;
    System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
    c = Context.fromThinAir();
    s = Context.fromThinAir();

    c = c.impersonate(OneKDC.USER2);

    c.startAsClient(OneKDC.SERVER, mech);
    s.startAsServer(mech);

    Context.handshake(c, s);

    String n1 = c.x().getSrcName().toString().split("@")[0];
    String n2 = s.x().getSrcName().toString().split("@")[0];
    if (!n1.equals(OneKDC.USER2) || !n2.equals(OneKDC.USER2)) {
        throw new Exception("Impersonate failed");
    }

    s.dispose();
    c.dispose();
}
源代码25 项目: tutorials   文件: JgssIntegrationTest.java 
@Before
public void setUp() throws SaslException, GSSException {
    GSSManager manager = GSSManager.getInstance();
    serverContext = manager.createContext((GSSCredential) null);
    String serverPrinciple = SERVER_PRINCIPAL;
    GSSName serverName = manager.createName(serverPrinciple, null);
    Oid krb5Oid = new Oid(MECHANISM);
    clientContext = manager.createContext(serverName, krb5Oid, (GSSCredential) null, GSSContext.DEFAULT_LIFETIME);
    clientContext.requestMutualAuth(true);
    clientContext.requestConf(true);
    clientContext.requestInteg(true);
}
源代码26 项目: jdk8u-jdk   文件: S4U2selfAsServer.java 
public static void main(String[] args) throws Exception {
    Oid mech;
    if (args[0].equals("spnego")) {
        mech = GSSUtil.GSS_SPNEGO_MECH_OID;
    } else if (args[0].contains("krb5")) {
        mech = GSSUtil.GSS_KRB5_MECH_OID;
    } else {
        throw new Exception("Unknown mech");
    }

    OneKDC kdc = new OneKDC(null);
    kdc.writeJAASConf();
    kdc.setOption(KDC.Option.PREAUTH_REQUIRED, false);
    Map<String,List<String>> map = new HashMap<>();
    map.put(OneKDC.SERVER + "@" + OneKDC.REALM, Arrays.asList(
            new String[]{OneKDC.BACKEND + "@" + OneKDC.REALM}));
    kdc.setOption(KDC.Option.ALLOW_S4U2PROXY, map);
    kdc.setOption(KDC.Option.ALLOW_S4U2SELF, Arrays.asList(
            new String[]{OneKDC.SERVER + "@" + OneKDC.REALM}));

    Context s, b;
    s = Context.fromJAAS("server");
    b = Context.fromJAAS("backend");

    s.startAsServer(null, mech, false);

    Context p = s.impersonate(OneKDC.USER);

    p.startAsClient(OneKDC.BACKEND, mech);
    b.startAsServer(mech);
    Context.handshake(p, b);

    p.startAsClient(OneKDC.BACKEND, mech);
    b.startAsServer(mech);
    Context.handshake(p, b);
}
源代码27 项目: jdk8u-jdk   文件: S4U2selfGSS.java 
public static void main(String[] args) throws Exception {
    Oid mech;
    if (args[0].equals("spnego")) {
        mech = GSSUtil.GSS_SPNEGO_MECH_OID;
    } else if (args[0].contains("krb5")) {
        mech = GSSUtil.GSS_KRB5_MECH_OID;
    } else {
        throw new Exception("Unknown mech");
    }

    OneKDC kdc = new OneKDC(null);
    kdc.writeJAASConf();
    kdc.setOption(KDC.Option.ALLOW_S4U2SELF, Arrays.asList(
            new String[]{OneKDC.USER + "@" + OneKDC.REALM}));
    Map<String,List<String>> map = new HashMap<>();
    map.put(OneKDC.USER + "@" + OneKDC.REALM, Arrays.asList(
            new String[]{OneKDC.SERVER + "@" + OneKDC.REALM}));
    kdc.setOption(KDC.Option.ALLOW_S4U2PROXY, map);

    Context c, s;
    System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
    c = Context.fromThinAir();
    s = Context.fromThinAir();

    c = c.impersonate(OneKDC.USER2);

    c.startAsClient(OneKDC.SERVER, mech);
    s.startAsServer(mech);

    Context.handshake(c, s);

    String n1 = c.x().getSrcName().toString().split("@")[0];
    String n2 = s.x().getSrcName().toString().split("@")[0];
    if (!n1.equals(OneKDC.USER2) || !n2.equals(OneKDC.USER2)) {
        throw new Exception("Impersonate failed");
    }

    s.dispose();
    c.dispose();
}
源代码28 项目: jdk8u-dev-jdk   文件: NegotiatorImpl.java 
/**
 * Initialize the object, which includes:<ul>
 * <li>Find out what GSS mechanism to use from the system property
 * <code>http.negotiate.mechanism.oid</code>, defaults SPNEGO
 * <li>Creating the GSSName for the target host, "HTTP/"+hostname
 * <li>Creating GSSContext
 * <li>A first call to initSecContext</ul>
 */
private void init(HttpCallerInfo hci) throws GSSException {
    final Oid oid;

    if (hci.scheme.equalsIgnoreCase("Kerberos")) {
        // we can only use Kerberos mech when the scheme is kerberos
        oid = GSSUtil.GSS_KRB5_MECH_OID;
    } else {
        String pref = java.security.AccessController.doPrivileged(
                new java.security.PrivilegedAction<String>() {
                    public String run() {
                        return System.getProperty(
                            "http.auth.preference",
                            "spnego");
                    }
                });
        if (pref.equalsIgnoreCase("kerberos")) {
            oid = GSSUtil.GSS_KRB5_MECH_OID;
        } else {
            // currently there is no 3rd mech we can use
            oid = GSSUtil.GSS_SPNEGO_MECH_OID;
        }
    }

    GSSManagerImpl manager = new GSSManagerImpl(
            new HttpCaller(hci));

    // RFC 4559 4.1 uses uppercase service name "HTTP".
    // RFC 4120 6.2.1 demands the host be lowercase
    String peerName = "[email protected]" + hci.host.toLowerCase();

    GSSName serverName = manager.createName(peerName,
            GSSName.NT_HOSTBASED_SERVICE);
    context = manager.createContext(serverName,
                                    oid,
                                    null,
                                    GSSContext.DEFAULT_LIFETIME);

    // Always respect delegation policy in HTTP/SPNEGO.
    if (context instanceof ExtendedGSSContext) {
        ((ExtendedGSSContext)context).requestDelegPolicy(true);
    }
    oneToken = context.initSecContext(new byte[0], 0, 0);
}
源代码29 项目: quarkus-http   文件: GSSAPIAuthenticationMechanism.java 
public GSSAPIAuthenticationMechanism(final GSSAPIServerSubjectFactory subjectFactory, IdentityManager identityManager, Oid ...supportedMechanisms) {
    this.subjectFactory = subjectFactory;
    this.identityManager = identityManager;
    this.mechanisms = supportedMechanisms;
}
源代码30 项目: quarkus-http   文件: SpnegoAuthenticationTestCase.java 
@BeforeClass
public static void startServers() throws Exception {
    KerberosKDCUtil.startServer();
    SPNEGO = new Oid("1.3.6.1.5.5.2");
}
 类所在包
org.ietf.jgss
 类方法
 同包方法
org.ietf.jgss.GSSManager
org.ietf.jgss.GSSException
org.ietf.jgss.Oid
org.ietf.jgss.GSSContext
org.ietf.jgss.GSSCredential
org.ietf.jgss.GSSName
org.ietf.jgss.MessageProp
org.ietf.jgss.ChannelBinding