directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From erodrig...@apache.org
Subject svn commit: r122684 - in incubator/directory/kerberos/trunk/examples: . src src/java src/java/org src/java/org/apache src/java/org/apache/kerberos src/java/org/apache/kerberos/examples src/java/org/apache/kerberos/examples/gssdemo
Date Fri, 17 Dec 2004 21:43:23 GMT
Author: erodriguez
Date: Fri Dec 17 13:43:19 2004
New Revision: 122684

URL: http://svn.apache.org/viewcvs?view=rev&rev=122684
Log:
Example client and service using Kerberos with the JDK jGSS library.
Added:
   incubator/directory/kerberos/trunk/examples/
   incubator/directory/kerberos/trunk/examples/src/
   incubator/directory/kerberos/trunk/examples/src/java/
   incubator/directory/kerberos/trunk/examples/src/java/org/
   incubator/directory/kerberos/trunk/examples/src/java/org/apache/
   incubator/directory/kerberos/trunk/examples/src/java/org/apache/kerberos/
   incubator/directory/kerberos/trunk/examples/src/java/org/apache/kerberos/examples/
   incubator/directory/kerberos/trunk/examples/src/java/org/apache/kerberos/examples/gssdemo/
   incubator/directory/kerberos/trunk/examples/src/java/org/apache/kerberos/examples/gssdemo/GSSClient.java
  (contents, props changed)
   incubator/directory/kerberos/trunk/examples/src/java/org/apache/kerberos/examples/gssdemo/GSSClientApplet.java
  (contents, props changed)
   incubator/directory/kerberos/trunk/examples/src/java/org/apache/kerberos/examples/gssdemo/GSSServer.java
  (contents, props changed)
   incubator/directory/kerberos/trunk/examples/src/java/org/apache/kerberos/examples/gssdemo/GSSServerThread.java
  (contents, props changed)

Added: incubator/directory/kerberos/trunk/examples/src/java/org/apache/kerberos/examples/gssdemo/GSSClient.java
Url: http://svn.apache.org/viewcvs/incubator/directory/kerberos/trunk/examples/src/java/org/apache/kerberos/examples/gssdemo/GSSClient.java?view=auto&rev=122684
==============================================================================
--- (empty file)
+++ incubator/directory/kerberos/trunk/examples/src/java/org/apache/kerberos/examples/gssdemo/GSSClient.java
Fri Dec 17 13:43:19 2004
@@ -0,0 +1,201 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.kerberos.examples.gssdemo;
+
+import org.apache.kerberos.util.CallbackHandlerBean;
+import org.ietf.jgss.*;
+
+import javax.security.auth.Subject;
+import javax.security.auth.login.LoginContext;
+import javax.security.auth.login.LoginException;
+import java.io.DataInputStream;
+import java.io.DataOutputStream;
+import java.io.IOException;
+import java.net.Socket;
+import java.security.PrivilegedAction;
+import java.security.Security;
+
+class GSSClient implements PrivilegedAction
+{
+
+	private CallbackHandlerBean beanCallbackHandler = null;
+
+	private static final int TEN_MINUTES = 10 * 60;
+
+	private GSSContext context = null;
+
+	private LoginContext peerLC = null;
+
+	private Socket socket = null;
+	private DataInputStream inStream;
+	private DataOutputStream outStream;
+
+	private String clientName = null;
+	private String serverName = null;
+	private String serverAddress = null;
+	private int serverPort;
+
+	public GSSClient(String clientName, String password, String serverName, String serverAddress,
+			int serverPort, String kerberosRealm, String kdcAddress)
+    {
+		beanCallbackHandler = new CallbackHandlerBean(clientName, password);
+		this.clientName = clientName;
+		this.serverName = serverName;
+		this.serverAddress = serverAddress;
+		this.serverPort = serverPort;
+		System.setProperty("java.security.krb5.realm", kerberosRealm);
+		System.setProperty("java.security.krb5.kdc", kdcAddress);
+
+		System.setProperty("sun.security.krb5.debug", "true");
+		Security.setProperty("login.configuration.provider",
+				"org.apache.kerberos.kdc.jaas.Krb5LoginConfiguration");
+	}
+
+	public void login()
+    {
+		try
+        {
+			peerLC = new LoginContext(clientName, beanCallbackHandler);
+			peerLC.login();
+
+			socket = new Socket(serverAddress, serverPort);
+			inStream = new DataInputStream(socket.getInputStream());
+			outStream = new DataOutputStream(socket.getOutputStream());
+
+			context = (GSSContext) Subject.doAs(peerLC.getSubject(), this);
+		}
+        catch (Exception e)
+        {
+			System.out.println(">>> GSSClient ... Secure Context not established.");
+			System.out.println(">>> GSSClient ... ERROR:  " + e.getMessage());
+		}
+	}
+
+	public boolean hasConfidentialContext()
+    {
+		return context != null && context.getConfState();
+	}
+
+	// PrivilegedAction method
+	public Object run()
+    {
+		try
+        {
+			GSSManager manager = GSSManager.getInstance();
+			
+			Oid kerberos = new Oid("1.2.840.113554.1.2.2");
+
+			GSSName clientPeerName = manager.createName(clientName, GSSName.NT_USER_NAME);
+
+			GSSName remotePeerName = manager.createName(serverName, GSSName.NT_USER_NAME);
+
+			System.out.println(">>> GSSClient ... Getting client credentials");
+
+			GSSCredential peerCredentials = manager.createCredential(clientPeerName, TEN_MINUTES,
+					kerberos, GSSCredential.INITIATE_ONLY);
+
+			System.out.println(">>> GSSClient ... GSSManager creating security context");
+			GSSContext peerContext = manager.createContext(remotePeerName, kerberos,
+					peerCredentials, GSSContext.DEFAULT_LIFETIME);
+
+			peerContext.requestConf(true);
+			byte[] byteToken = new byte[0];
+
+			System.out.println(">>> GSSClient ... Sending token to server over secure context");
+
+			while (!peerContext.isEstablished())
+            {
+				byteToken = peerContext.initSecContext(byteToken, 0, byteToken.length);
+
+				if (byteToken != null)
+                {
+					outStream.writeInt(byteToken.length);
+					outStream.write(byteToken);
+					outStream.flush();
+				}
+
+				if (!peerContext.isEstablished())
+                {
+					byteToken = new byte[inStream.readInt()];
+					inStream.readFully(byteToken);
+				}
+			}
+
+			return peerContext;
+		}
+        catch (GSSException ge)
+        {
+			System.out.println(">>> GSSClient ... GSS Exception " + ge.getMessage());
+		}
+        catch (IOException e)
+        {
+			System.out.println(">>> GSSClient ... Exception " + e.getMessage());
+		}
+		return null;
+	}
+
+	public String sendMessageReturnReply(String message)
+    {
+		MessageProp msgProp = new MessageProp(0, true);
+
+		try
+        {
+			System.out.println(">>> GSSClient ... Client message is [" + message + "]");
+			byte[] clientMessage = context.wrap(message.getBytes(), 0, message.getBytes().length,
+					msgProp);
+			outStream.writeInt(clientMessage.length);
+			outStream.write(clientMessage);
+			outStream.flush();
+
+			// Receiving server response and sending back to client.
+			byte[] serverMessage = new byte[inStream.readInt()];
+			inStream.readFully(serverMessage);
+			serverMessage = context.unwrap(serverMessage, 0, serverMessage.length, msgProp);
+			System.out.print(">>> GSSClient ... Server message is [");
+			System.out.println(new String(serverMessage) + "]");
+			return new String(serverMessage);
+		}
+        catch (GSSException ge)
+        {
+			ge.printStackTrace();
+			return null;
+		}
+        catch (IOException ioe)
+        {
+			ioe.printStackTrace();
+			return null;
+		}
+	}
+
+	public void logout()
+    {
+		try
+        {
+			peerLC.logout();
+			context.dispose();
+		}
+        catch (LoginException le)
+        {
+			le.printStackTrace();
+		}
+        catch (GSSException ge)
+        {
+			ge.printStackTrace();
+		}
+	}
+}
+

Added: incubator/directory/kerberos/trunk/examples/src/java/org/apache/kerberos/examples/gssdemo/GSSClientApplet.java
Url: http://svn.apache.org/viewcvs/incubator/directory/kerberos/trunk/examples/src/java/org/apache/kerberos/examples/gssdemo/GSSClientApplet.java?view=auto&rev=122684
==============================================================================
--- (empty file)
+++ incubator/directory/kerberos/trunk/examples/src/java/org/apache/kerberos/examples/gssdemo/GSSClientApplet.java
Fri Dec 17 13:43:19 2004
@@ -0,0 +1,122 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.kerberos.examples.gssdemo;
+
+import java.applet.Applet;
+import java.awt.*;
+import java.awt.event.ActionEvent;
+import java.awt.event.ActionListener;
+
+public class GSSClientApplet extends Applet
+{
+
+	private GSSClient gssClient = null;
+
+	// UI parameters
+	private Label lblUserName = new Label("Username:");
+	private Label lblPassword = new Label("Password:");
+
+	private TextField tfUserName = new TextField(12);
+	private TextField tfPassword = new TextField(12);
+
+	private Button buttonPartner1 = new Button("  Login to ldap  ");
+
+	private Color bgColor = new Color(204, 204, 255);
+
+	private TextArea taResponse = null;
+
+	// GSS parameters.
+	private String remotePeer = null;
+	private String kerberosRealm = null;
+	private String kdcAddress = null;
+	private String addressOfRemotePeer = null;
+	private int portOfRemotePeer;
+
+	public void init()
+    {
+		setLayout(new FlowLayout(FlowLayout.CENTER));
+		add(lblUserName);
+		add(tfUserName);
+		add(lblPassword);
+		add(tfPassword);
+
+		buttonPartner1.setBackground(bgColor);
+
+		kerberosRealm       = "25OZ.COM";
+		kdcAddress          = "localhost";
+		addressOfRemotePeer = "localhost";
+
+		add(buttonPartner1);
+		buttonPartner1.addActionListener(new ActionListener() {
+			public void actionPerformed(ActionEvent evt) {
+				remotePeer = "ldap";
+				portOfRemotePeer = 1082;
+				login();
+			}
+		});
+
+		taResponse = new TextArea("[Output Window] ...\n\r", 12, 58);
+		taResponse.setBackground(Color.white);
+		add(taResponse);
+	}
+
+	private void login()
+    {
+		try
+        {
+			if (tfUserName.getText().equals("") && tfPassword.getText().equals(""))
+				taResponse.append("Please use your username to login ...\n\r");
+			else
+            {
+				gssClient = new GSSClient(tfUserName.getText() + "@" + kerberosRealm,
+						tfPassword.getText(), remotePeer, addressOfRemotePeer,
+						portOfRemotePeer, kerberosRealm, kdcAddress);
+
+				taResponse.append(tfUserName.getText() + " being logged in ...\n\r");
+				
+				gssClient.login();
+				
+				if (gssClient.hasConfidentialContext())
+                {
+					String message = new String("Sample secret message from client");
+					taResponse.append("You are successfully logged in ... \n\r");
+					taResponse.append("Sending [" + message + "] to server \n\r");
+					String response = gssClient.sendMessageReturnReply(message);
+					taResponse.append("Server response ... " + response + "\n\r");
+				}
+                else
+                {
+					taResponse.append("Confidential context failed. \n\r");
+				}
+
+				try
+                {
+					gssClient.logout();
+				}
+                catch (Exception e)
+                {
+					e.printStackTrace();
+				}
+			}
+		}
+        catch (Exception e)
+        {
+			taResponse.append("Exception ..." + e.getMessage() + "\n\r");
+		}
+	}
+}
+

Added: incubator/directory/kerberos/trunk/examples/src/java/org/apache/kerberos/examples/gssdemo/GSSServer.java
Url: http://svn.apache.org/viewcvs/incubator/directory/kerberos/trunk/examples/src/java/org/apache/kerberos/examples/gssdemo/GSSServer.java?view=auto&rev=122684
==============================================================================
--- (empty file)
+++ incubator/directory/kerberos/trunk/examples/src/java/org/apache/kerberos/examples/gssdemo/GSSServer.java
Fri Dec 17 13:43:19 2004
@@ -0,0 +1,26 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.kerberos.examples.gssdemo;
+
+public class GSSServer
+{
+    public static void main(String[] args)
+    {
+        new GSSServerThread().startServer();
+    }
+}
+

Added: incubator/directory/kerberos/trunk/examples/src/java/org/apache/kerberos/examples/gssdemo/GSSServerThread.java
Url: http://svn.apache.org/viewcvs/incubator/directory/kerberos/trunk/examples/src/java/org/apache/kerberos/examples/gssdemo/GSSServerThread.java?view=auto&rev=122684
==============================================================================
--- (empty file)
+++ incubator/directory/kerberos/trunk/examples/src/java/org/apache/kerberos/examples/gssdemo/GSSServerThread.java
Fri Dec 17 13:43:19 2004
@@ -0,0 +1,169 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.kerberos.examples.gssdemo;
+
+import org.apache.kerberos.util.CallbackHandlerBean;
+import org.ietf.jgss.*;
+
+import javax.security.auth.Subject;
+import javax.security.auth.login.LoginContext;
+import java.io.DataInputStream;
+import java.io.DataOutputStream;
+import java.net.ServerSocket;
+import java.net.Socket;
+import java.security.PrivilegedAction;
+import java.security.Security;
+
+public class GSSServerThread implements PrivilegedAction
+{
+
+	//Handles callback from the JAAS framework.
+	CallbackHandlerBean beanCallbackHandler = null;
+
+	//The main object that handles all JAAS login.
+	LoginContext serverLC = null;
+
+	//The context for secure communication with client.
+	GSSContext serverGSSContext = null;
+
+	//Socket and streams used for communication.
+	ServerSocket serverSocket = null;
+	DataInputStream inStream = null;
+	DataOutputStream outStream = null;
+
+	//Name and port of server.
+	private String _serverName;
+	private int    _serverPort;
+	private String _password;
+	private String _realm;
+	private String _kdc;
+
+	//Configuration file and the name of the client configuration.
+	String _confFile = null;
+	String _confName = null;
+
+	// GSSServerThread constructor
+	public GSSServerThread()
+    {
+
+		_serverName = "ldap";
+		_password   = "keyrand";
+		_serverPort = 1082;
+		_realm      = "25OZ.COM";
+		_kdc        = "enrique.25oz.com";
+
+		beanCallbackHandler = new CallbackHandlerBean(_serverName, _password);
+		System.setProperty("java.security.krb5.realm", _realm);
+		System.setProperty("java.security.krb5.kdc", _kdc);
+		System.setProperty("sun.security.krb5.debug", "true");
+		Security.setProperty("login.configuration.provider",
+				"org.apache.kerberos.kdc.jaas.Krb5LoginConfiguration");
+	}
+
+	public boolean startServer()
+    {
+
+		try
+        {
+			serverLC = new LoginContext(_serverName, beanCallbackHandler);
+			serverLC.login();
+			Subject.doAs(serverLC.getSubject(), this);
+			return true;
+		}
+        catch (Exception e)
+        {
+			System.out.println(">>> GSSServerThread ... Secure Context not established..");
+			e.printStackTrace();
+			return false;
+		}
+	}
+
+	public Object run()
+    {
+		while (true)
+        {
+			try
+            {
+				serverSocket = new ServerSocket(_serverPort);
+				GSSManager manager = GSSManager.getInstance();
+				Oid kerberos = new Oid("1.2.840.113554.1.2.2");
+
+				System.out.println(">>> GSSServerThread started ... Waiting for incoming connection");
+
+				GSSName serverGSSName = manager.createName(_serverName, null);
+				GSSCredential serverGSSCreds = manager.createCredential(serverGSSName,
+						GSSCredential.INDEFINITE_LIFETIME, kerberos, GSSCredential.ACCEPT_ONLY);
+
+				serverGSSContext = manager.createContext(serverGSSCreds);
+
+				Socket clientSocket = serverSocket.accept();
+				inStream = new DataInputStream(clientSocket.getInputStream());
+				outStream = new DataOutputStream(clientSocket.getOutputStream());
+
+				byte[] byteToken = null;
+
+				while (!serverGSSContext.isEstablished())
+                {
+					byteToken = new byte[inStream.readInt()];
+					inStream.readFully(byteToken);
+					byteToken = serverGSSContext.acceptSecContext(byteToken, 0, byteToken.length);
+
+					if (byteToken != null)
+                    {
+						outStream.writeInt(byteToken.length);
+						outStream.write(byteToken);
+						outStream.flush();
+					}
+				}
+
+				String clientName = serverGSSContext.getTargName().toString();
+				String serverName = serverGSSContext.getSrcName().toString();
+				MessageProp msgProp = new MessageProp(0, false);
+
+				byteToken = new byte[inStream.readInt()];
+				inStream.readFully(byteToken);
+
+				// Unwrapping and verifying the received message.
+				byte[] message = serverGSSContext.unwrap(byteToken, 0, byteToken.length, msgProp);
+				System.out.print(">>> GSSServerThread Message [ ");
+				System.out.println(new String(message) + " ] received");
+
+				// Wrapping the response message.
+				message = new String(">>> GSSServerThread Secure Context established between
" + "["
+						+ clientName + "] and [" + serverName + "]").getBytes();
+
+				byte[] secureMessage = serverGSSContext.wrap(message, 0, message.length, msgProp);
+
+				outStream.writeInt(secureMessage.length);
+				outStream.write(secureMessage);
+				outStream.flush();
+				System.out.println(">>> GSSServerThread Message [" + new String(message) + "]
sent");
+
+				// Disposing and closing client and server sockets.
+				serverGSSContext.dispose();
+				clientSocket.close();
+				serverSocket.close();
+				System.out.println(">>> GSSServerThread waiting ... ");
+			}
+            catch (java.lang.Exception e)
+            {
+				e.printStackTrace();
+			}
+		}
+	}
+}
+

Mime
View raw message