public static KrbClientBase getKrbClient() { try { String systemProperty = getSystemProperty("java.security.krb5.conf"); if (systemProperty != null) { File confSpecified = new File(systemProperty); if (confSpecified.exists()) { return new KrbClientBase(confSpecified); } } // get configuration file from environment variable or default path return new KrbClientBase(); } catch (KrbException e) { return null; } }
public static SgtTicket applySgtCredential(TgtTicket tgt, String server) throws GSSException { KrbClientBase client = getKrbClient(); try { client.init(); return client.requestSgt(tgt, server); } catch (KrbException e) { throw new GSSException(GSSException.FAILURE, -1, e.getMessage()); } }
public Credential getCredentialFromFile(File ccFile) throws KrbException { CredentialCache cc; try { cc = resolveCredCache(ccFile); } catch (IOException e) { throw new KrbException("Failed to load armor cache file"); } return cc.getCredentials().iterator().next(); }
/** * Request a service ticket * @param ccFile The credential cache file * @param servicePrincipal The service principal * @return service ticket * @throws KrbException e */ public SgtTicket requestSgt(File ccFile, String servicePrincipal) throws KrbException { Credential credential = getCredentialFromFile(ccFile); TgtTicket tgt = getTgtTicketFromCredential(credential); KOptions requestOptions = new KOptions(); // Renew ticket if argument named servicePrincipal is null if (servicePrincipal == null) { requestOptions.add(KrbKdcOption.RENEW); servicePrincipal = credential.getServicePrincipal().getName(); } requestOptions.add(KrbOption.USE_TGT, tgt); requestOptions.add(KrbOption.SERVER_PRINCIPAL, servicePrincipal); SgtTicket sgtTicket = innerClient.requestSgt(requestOptions); sgtTicket.setClientPrincipal(tgt.getClientPrincipal()); return sgtTicket; }
/** * Store sgt into the specified credential cache file. * @param sgtTicket The sgt ticket * @param ccacheFile The credential cache file * @throws KrbException e */ public void renewTicket(SgtTicket sgtTicket, File ccacheFile) throws KrbException { LOG.info("Renewing the ticket to the credential cache file."); if (!ccacheFile.exists()) { createCacheFile(ccacheFile); } if (ccacheFile.exists() && ccacheFile.canWrite()) { CredentialCache cCache = new CredentialCache(sgtTicket); try { cCache.store(ccacheFile); } catch (IOException e) { throw new KrbException("Failed to renew ticket", e); } } else { throw new IllegalArgumentException("Invalid ccache file, " + "not exist or writable: " + ccacheFile.getAbsolutePath()); } }
/** * Set KDC udp port. Only makes sense when allowUdp is set. * @param kdcUdpPort The kdc udp port */ public void setKdcUdpPort(int kdcUdpPort) { if (kdcUdpPort < 1) { throw new IllegalArgumentException("Invalid port"); } commonOptions.add(KrbOption.KDC_UDP_PORT, kdcUdpPort); setAllowUdp(true); }
/** * Set KDC tcp port. * @param kdcTcpPort The kdc tcp port */ public void setKdcTcpPort(int kdcTcpPort) { if (kdcTcpPort < 1) { throw new IllegalArgumentException("Invalid port"); } commonOptions.add(KrbOption.KDC_TCP_PORT, kdcTcpPort); setAllowTcp(true); }
/** * Request a service ticket * @param ccFile The credential cache file * @param servicePrincipal The service principal * @return service ticket * @throws KrbException e */ public SgtTicket requestSgt(File ccFile, String servicePrincipal) throws KrbException { Credential credential = getCredentialFromFile(ccFile); TgtTicket tgt = getTgtTicketFromCredential(credential); KOptions requestOptions = new KOptions(); // Renew ticket if argument named servicePrincipal is null if (servicePrincipal == null) { requestOptions.add(KrbKdcOption.RENEW); servicePrincipal = credential.getServicePrincipal().getName(); } requestOptions.add(KrbOption.USE_TGT, tgt); requestOptions.add(KrbOption.SERVER_PRINCIPAL, servicePrincipal); SgtTicket sgtTicket = innerClient.requestSgt(requestOptions); sgtTicket.setClientPrincipal(tgt.getClientPrincipal()); return sgtTicket; }
/** * Store tgt into the specified credential cache file. * @param tgtTicket The tgt ticket * @param ccacheFile The credential cache file * @throws KrbException e */ public void storeTicket(TgtTicket tgtTicket, File ccacheFile) throws KrbException { LOG.info("Storing the tgt to the credential cache file."); if (!ccacheFile.exists()) { createCacheFile(ccacheFile); } if (ccacheFile.exists() && ccacheFile.canWrite()) { CredentialCache cCache = new CredentialCache(tgtTicket); try { cCache.store(ccacheFile); } catch (IOException e) { throw new KrbException("Failed to store tgt", e); } } else { throw new IllegalArgumentException("Invalid ccache file, " + "not exist or writable: " + ccacheFile.getAbsolutePath()); } }
/** * Set KDC udp port. Only makes sense when allowUdp is set. * @param kdcUdpPort The kdc udp port */ public void setKdcUdpPort(int kdcUdpPort) { if (kdcUdpPort < 1) { throw new IllegalArgumentException("Invalid port"); } commonOptions.add(KrbOption.KDC_UDP_PORT, kdcUdpPort); setAllowUdp(true); }
/** * Set KDC tcp port. * @param kdcTcpPort The kdc tcp port */ public void setKdcTcpPort(int kdcTcpPort) { if (kdcTcpPort < 1) { throw new IllegalArgumentException("Invalid port"); } commonOptions.add(KrbOption.KDC_TCP_PORT, kdcTcpPort); setAllowTcp(true); }
/** * Store tgt into the specified credential cache file. * @param tgtTicket The tgt ticket * @param ccacheFile The credential cache file * @throws KrbException e */ public void storeTicket(TgtTicket tgtTicket, File ccacheFile) throws KrbException { LOG.info("Storing the tgt to the credential cache file."); if (!ccacheFile.exists()) { createCacheFile(ccacheFile); } if (ccacheFile.exists() && ccacheFile.canWrite()) { CredentialCache cCache = new CredentialCache(tgtTicket); try { cCache.store(ccacheFile); } catch (IOException e) { throw new KrbException("Failed to store tgt", e); } } else { throw new IllegalArgumentException("Invalid ccache file, " + "not exist or writable: " + ccacheFile.getAbsolutePath()); } }
public Credential getCredentialFromFile(File ccFile) throws KrbException { CredentialCache cc; try { cc = resolveCredCache(ccFile); } catch (IOException e) { throw new KrbException("Failed to load armor cache file"); } return cc.getCredentials().iterator().next(); }
/** * Store sgt into the specified credential cache file. * @param sgtTicket The sgt ticket * @param ccacheFile The credential cache file * @throws KrbException e */ public void renewTicket(SgtTicket sgtTicket, File ccacheFile) throws KrbException { LOG.info("Renewing the ticket to the credential cache file."); if (!ccacheFile.exists()) { createCacheFile(ccacheFile); } if (ccacheFile.exists() && ccacheFile.canWrite()) { CredentialCache cCache = new CredentialCache(sgtTicket); try { cCache.store(ccacheFile); } catch (IOException e) { throw new KrbException("Failed to renew ticket", e); } } else { throw new IllegalArgumentException("Invalid ccache file, " + "not exist or writable: " + ccacheFile.getAbsolutePath()); } }
createCacheFile(ccacheFile);
createCacheFile(ccacheFile);