@Test(timeout = 60000) public void testKeytabGen() throws Exception { MiniKdc kdc = getKdc(); File workDir = getWorkDir(); kdc.createPrincipal(new File(workDir, "keytab"), "foo/bar", "bar/foo"); List<PrincipalName> principalNameList = Keytab.loadKeytab(new File(workDir, "keytab")).getPrincipals(); Set<String> principals = new HashSet<String>(); for (PrincipalName principalName : principalNameList) { principals.add(principalName.getName()); } Assert.assertEquals(new HashSet<String>(Arrays.asList( "foo/bar@" + kdc.getRealm(), "bar/foo@" + kdc.getRealm())), principals); }
/** * Construct TGS principal name. * @param realm The realm * @return principal */ public static PrincipalName makeTgsPrincipal(String realm) { String nameString = KrbConstant.TGS_PRINCIPAL + "/" + realm + "@" + realm; return new PrincipalName(nameString, NameType.NT_SRV_INST); }
public static boolean pricipalCompareIgnoreRealm(PrincipalName princ1, PrincipalName princ2) throws KrbException { if (princ1 != null && princ2 != null) { princ1.setRealm(null); princ2.setRealm(null); if (princ1.getName().equals(princ2.getName())) { return true; } else { return false; } } else { throw new KrbException("principal can't be null."); } }
/** * Creates a PrincipalName instance, using a given type and * a list of components * * @param nameStrings The components to use * @param nameType The nameType to use */ public PrincipalName(List<String> nameStrings, NameType nameType) { super(fieldInfos); setNameStrings(nameStrings); setNameType(nameType); }
/** * Creates a PrincipalName instance, using a NT_PRINCIPAL name * * @param nameString The PrincipalName as a String */ public PrincipalName(String nameString) { super(fieldInfos); setNameType(NameType.NT_PRINCIPAL); fromNameString(nameString); }
public static PrincipalName makeAnonymousPrincipal() { PrincipalName principalName = new PrincipalName(KRB5_WELLKNOWN_NAMESTR + "/" + KRB5_ANONYMOUS_PRINCSTR); principalName.setRealm(KRB5_ANONYMOUS_REALMSTR); principalName.setNameType(NameType.NT_WELLKNOWN); return principalName; } }
@Override protected PrincipalName getclientPrincipal() { PrincipalName clientPrincipal; if (token != null) { clientPrincipal = new PrincipalName(token.getSubject()); } else { clientPrincipal = tgtTicket.getEncPart().getCname(); clientPrincipal.setRealm(tgtTicket.getEncPart().getCrealm()); } return clientPrincipal; }
encKey, KeyUsage.TGS_REQ_AUTH, Authenticator.class); if (!authenticator.getCname().equals(tgtTicket.getEncPart().getCname())) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_BADMATCH); serverPrincipal.setRealm(tgtTicket.getRealm()); && authenticator.getCrealm().equals(getKdcContext().getKdcRealm())) { PrincipalName clientPrincipal = authenticator.getCname(); clientPrincipal.setRealm(authenticator.getCrealm()); KrbIdentity clientEntry = getEntry(clientPrincipal.getName()); setClientEntry(clientEntry);
String clientPrincipalString = requestOptions.getStringOption(KrbOption.CLIENT_PRINCIPAL); clientPrincipalString = fixPrincipal(clientPrincipalString); clientPrincipalName = new PrincipalName(clientPrincipalString); if (requestOptions.contains(PkinitOption.USE_ANONYMOUS)) { clientPrincipalName.setNameType(NameType.NT_WELLKNOWN); String serverPrincipalString = requestOptions.getStringOption(KrbOption.SERVER_PRINCIPAL); serverPrincipalString = fixPrincipal(serverPrincipalString); PrincipalName serverPrincipalName = new PrincipalName(serverPrincipalString, NameType.NT_PRINCIPAL); asRequest.setServerPrincipal(serverPrincipalName); } else if (clientPrincipalName != null) { String realm = clientPrincipalName.getRealm(); PrincipalName serverPrincipalName = KrbUtil.makeTgsPrincipal(realm); asRequest.setServerPrincipal(serverPrincipalName);
private static KeyTab getKeyTab(GssNameElement name) throws GSSException { if (name == null) { return CredUtils.getKeyTabFromContext(null); } else { KerberosPrincipal princ = new KerberosPrincipal(name.getPrincipalName().getName(), name.getPrincipalName().getNameType().getValue()); return CredUtils.getKeyTabFromContext(princ); } }
protected PrincipalName getclientPrincipal() { if (kdcRequest.isToken()) { return new PrincipalName(kdcRequest.getToken().getSubject()); } else { PrincipalName principalName = getKdcReq().getReqBody().getCname(); if (getKdcRequest().isAnonymous()) { principalName.setNameType(NameType.NT_WELLKNOWN); } return principalName; } }
clientPrincipal.setRealm(clientRealm); && !clientPrincipal.equals(getClientPrincipal())) { throw new KrbException(KrbErrorCode.KDC_ERR_CLIENT_NAME_MISMATCH); returnedServerPrincipal.setRealm(encKdcRepPart.getSrealm()); PrincipalName requestedServerPrincipal = getServerPrincipal(); if (requestedServerPrincipal.getRealm() == null) { requestedServerPrincipal.setRealm(getContext().getKrbSetting().getKdcRealm()); if (!returnedServerPrincipal.equals(requestedServerPrincipal)) { throw new KrbException(KrbErrorCode.KDC_ERR_SERVER_NOMATCH);
public void writePrincipal(PrincipalName principal, int version) throws IOException { List<String> nameStrings = principal.getNameStrings(); int numComponents = principal.getNameStrings().size(); String realm = principal.getRealm(); writeShort(numComponents); writeCountedString(realm); for (String nameCom : nameStrings) { writeCountedString(nameCom); } writeInt(principal.getNameType().getValue()); // todo: consider the version }
private PkinitKdcContext findContext(PrincipalName principal) { String realm = principal.getRealm(); if (pkinitContexts.containsKey(realm)) { return pkinitContexts.get(realm); } return null; }
@Override public boolean equals(Object obj) { if (this == obj) { return true; } if (obj == null) { return false; } if (obj instanceof KrbIdentity) { final KrbIdentity other = (KrbIdentity) obj; if (principal == null) { if (other.principal != null) { return false; } } else if (!principal.equals(other.principal)) { return false; } return true; } return false; }
public Credential(TgtTicket tgt) { PrincipalName clientPrincipal = tgt.getClientPrincipal(); clientPrincipal.setRealm(tgt.getRealm()); init(tgt, clientPrincipal); }
/** * Create a SALT based on the PrincipalName, accordingly to RFC 4120 : * "The default salt string, if none is provided via pre-authentication * data, is the concatenation of the principal's realm and name components, * in order, with no separators." * * @param principalName The PrincipalName for which we want to create a salt * @return The created salt */ public static String makeSalt(PrincipalName principalName) { StringBuilder salt = new StringBuilder(); if (principalName.getRealm() != null) { salt.append(principalName.getRealm()); } List<String> nameStrings = principalName.getNameStrings(); for (String ns : nameStrings) { salt.append(ns); } return salt.toString(); }
@Override protected PrincipalName getclientPrincipal() { PrincipalName clientPrincipal; if (token != null) { clientPrincipal = new PrincipalName(token.getSubject()); } else { clientPrincipal = tgtTicket.getEncPart().getCname(); clientPrincipal.setRealm(tgtTicket.getEncPart().getCrealm()); } return clientPrincipal; }
encKey, KeyUsage.TGS_REQ_AUTH, Authenticator.class); if (!authenticator.getCname().equals(tgtTicket.getEncPart().getCname())) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_BADMATCH); serverPrincipal.setRealm(tgtTicket.getRealm()); && authenticator.getCrealm().equals(getKdcContext().getKdcRealm())) { PrincipalName clientPrincipal = authenticator.getCname(); clientPrincipal.setRealm(authenticator.getCrealm()); KrbIdentity clientEntry = getEntry(clientPrincipal.getName()); setClientEntry(clientEntry);