public KerberosKeytabCredentials(String principalName, String keytab) { this.userPrincipal = new KerberosPrincipal(principalName); this.keytab = keytab; }
private static KerberosPrincipal createKerberosPrincipal(String principal) { try { return new KerberosPrincipal(getServerPrincipal(principal, InetAddress.getLocalHost().getCanonicalHostName())); } catch (IOException e) { throw new UncheckedIOException(e); } }
private Subject getServiceSubject( ClientLoginConfig loginConfig ) throws Exception { Set<Principal> princ = new HashSet<>( 1 ); princ.add( new KerberosPrincipal( this.principal ) ); Subject sub = new Subject( false, princ, new HashSet(), new HashSet() ); loginContext = new LoginContext( "", sub, null, loginConfig ); loginContext.login(); return loginContext.getSubject(); }
private void initializeKerberosLogin() throws ServletException { String keytab; try { if (serverPrincipal == null || serverPrincipal.trim().length() == 0) { throw new ServletException("Principal not defined in configuration"); } keytab = serverKeytab; if (keytab == null || keytab.trim().length() == 0) { throw new ServletException("Keytab not defined in configuration"); } if (!new File(keytab).exists()) { throw new ServletException("Keytab does not exist: " + keytab); } Set<Principal> principals = new HashSet<Principal>(); principals.add(new KerberosPrincipal(serverPrincipal)); Subject subject = new Subject(false, principals, new HashSet<Object>(), new HashSet<Object>()); DruidKerberosConfiguration kerberosConfiguration = new DruidKerberosConfiguration(keytab, serverPrincipal); log.info("Login using keytab " + keytab + ", for principal " + serverPrincipal); loginContext = new LoginContext("", subject, null, kerberosConfiguration); loginContext.login(); log.info("Initialized, principal %s from keytab %s", serverPrincipal, keytab); } catch (Exception ex) { throw new ServletException(ex); } }
Principal getPrincipal() { if (!isEstablished()) { throw new IllegalStateException("No established GSSContext to use for the Principal."); } if (principal == null) { try { principal = new KerberosPrincipal(gssContext.getSrcName().toString()); } catch (GSSException e) { throw new IllegalStateException("Unable to create Principal", e); } } return principal; }
private void checkKeyTab() throws IOException { KeyTab kt = KeyTab.getInstance(keyTab); if (!kt.exists()) { throw log.keyTabDoesNotExists(keyTab.getAbsolutePath()); } if (kt.getKeys(new KerberosPrincipal(principal)).length == 0) { throw log.noKeysForPrincipalInKeyTab(principal, keyTab.getAbsolutePath()); } }
private Optional<Principal> authenticate(String token) { GSSContext context = doAs(loginContext.getSubject(), () -> gssManager.createContext(serverCredential)); try { byte[] inputToken = Base64.getDecoder().decode(token); context.acceptSecContext(inputToken, 0, inputToken.length); // We can't hold on to the GSS context because HTTP is stateless, so fail // if it can't be set up in a single challenge-response cycle if (context.isEstablished()) { return Optional.of(new KerberosPrincipal(context.getSrcName().toString())); } LOG.debug("Failed to establish GSS context for token %s", token); } catch (GSSException e) { // ignore and fail the authentication LOG.debug(e, "Authentication failed for token %s", token); } finally { try { context.dispose(); } catch (GSSException e) { // ignore } } return Optional.empty(); }
@Override public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { for (Callback callback : callbacks) { LOG.info("Kerberos Callback Handler got callback: {}", callback.getClass()); if (callback instanceof AuthorizeCallback) { AuthorizeCallback ac = (AuthorizeCallback) callback; if (!ac.getAuthenticationID().equals(ac.getAuthorizationID())) { LOG.debug("{} != {}", ac.getAuthenticationID(), ac.getAuthorizationID()); continue; } LOG.debug("Authorized Users: {}", authorizedUsers); LOG.debug("Checking authorization for: {}", ac.getAuthorizationID()); for (String user : authorizedUsers) { String requester = ac.getAuthorizationID(); KerberosPrincipal principal = new KerberosPrincipal(requester); requester = new KerberosPrincipalToLocal().toLocal(principal); if (requester.equals(user)) { ac.setAuthorized(true); break; } } } } } }
subject.getPrincipals().add(new KerberosPrincipal(gssName.toString()));
String serverPrincipal = new KerberosPrincipal( authType.getProtocol() + "/" + authType.getServerId(), KerberosPrincipal.KRB_NT_SRV_HST).getName();
if (cred instanceof KeyTab) { KeyTab serverKeyTab = (KeyTab) cred; KerberosPrincipal kerberosPrincipal = new KerberosPrincipal(serverPrincipal); KerberosKey[] serverKeys = serverKeyTab.getKeys(kerberosPrincipal); for (KerberosKey key : serverKeys) {
principals.add(new KerberosPrincipal(principal));
public static Subject loginUsingTicketCache(String principal, File cacheFile) throws LoginException { Set<Principal> principals = new HashSet<Principal>(); principals.add(new KerberosPrincipal(principal)); Subject subject = new Subject(false, principals, new HashSet<Object>(), new HashSet<Object>()); Configuration conf = useTicketCache(principal, cacheFile); String confName = "TicketCacheConf"; LoginContext loginContext = new LoginContext(confName, subject, null, conf); loginContext.login(); return loginContext.getSubject(); }
public static Subject loginUsingKeytab(String principal, File keytabFile) throws LoginException { Set<Principal> principals = new HashSet<Principal>(); principals.add(new KerberosPrincipal(principal)); Subject subject = new Subject(false, principals, new HashSet<Object>(), new HashSet<Object>()); Configuration conf = useKeytab(principal, keytabFile); String confName = "KeytabConf"; LoginContext loginContext = new LoginContext(confName, subject, null, conf); loginContext.login(); return loginContext.getSubject(); }
public static Subject loginUsingPassword(String principal, String password) throws LoginException { Set<Principal> principals = new HashSet<Principal>(); principals.add(new KerberosPrincipal(principal)); Subject subject = new Subject(false, principals, new HashSet<Object>(), new HashSet<Object>()); Configuration conf = usePassword(principal); String confName = "PasswordConf"; CallbackHandler callback = new KrbCallbackHandler(principal, password); LoginContext loginContext = new LoginContext(confName, subject, callback, conf); loginContext.login(); return loginContext.getSubject(); }
public static Subject loginUsingTicketCache( String principal, File cacheFile) throws LoginException { Set<Principal> principals = new HashSet<>(); principals.add(new KerberosPrincipal(principal)); Subject subject = new Subject(false, principals, new HashSet<Object>(), new HashSet<Object>()); Configuration conf = useTicketCache(principal, cacheFile); String confName = "TicketCacheConf"; LoginContext loginContext = new LoginContext(confName, subject, null, conf); loginContext.login(); return loginContext.getSubject(); }
public static Subject loginUsingTicketCache(String principal, File cacheFile) throws LoginException { Set<Principal> principals = new HashSet<Principal>(); principals.add(new KerberosPrincipal(principal)); Subject subject = new Subject(false, principals, new HashSet<Object>(), new HashSet<Object>()); Configuration conf = useTicketCache(principal, cacheFile); String confName = "TicketCacheConf"; LoginContext loginContext = new LoginContext(confName, subject, null, conf); loginContext.login(); return loginContext.getSubject(); }
public static Subject loginUsingPassword(String principal, String password) throws LoginException { Set<Principal> principals = new HashSet<Principal>(); principals.add(new KerberosPrincipal(principal)); Subject subject = new Subject(false, principals, new HashSet<Object>(), new HashSet<Object>()); Configuration conf = usePassword(principal); String confName = "PasswordConf"; CallbackHandler callback = new KrbCallbackHandler(principal, password); LoginContext loginContext = new LoginContext(confName, subject, callback, conf); loginContext.login(); return loginContext.getSubject(); }
private void checkKeyTab() throws IOException { KeyTab kt = KeyTab.getInstance(keyTab); if (!kt.exists()) { throw log.keyTabDoesNotExists(keyTab.getAbsolutePath()); } if (kt.getKeys(new KerberosPrincipal(principal)).length == 0) { throw log.noKeysForPrincipalInKeyTab(principal, keyTab.getAbsolutePath()); } }
public LoginContext createLoginContextZookeeperLocalhost() throws LoginException { String principalAndRealm = getPrincipalAndRealm(ZOOKEEPER_LOCALHOST); Set<Principal> principals = new HashSet<Principal>(); principals.add(new KerberosPrincipal(ZOOKEEPER_LOCALHOST)); Subject subject = new Subject(false, principals, new HashSet<Object>(), new HashSet<Object>()); return new LoginContext("", subject, null, KerberosConfiguration.createServerConfig(ZOOKEEPER_LOCALHOST, keytab_zk)); }