Author: erodriguez Date: Fri Dec 17 13:43:19 2004 New Revision: 122684 URL: http://svn.apache.org/viewcvs?view=rev&rev=122684 Log: Example client and service using Kerberos with the JDK jGSS library. Added: incubator/directory/kerberos/trunk/examples/ incubator/directory/kerberos/trunk/examples/src/ incubator/directory/kerberos/trunk/examples/src/java/ incubator/directory/kerberos/trunk/examples/src/java/org/ incubator/directory/kerberos/trunk/examples/src/java/org/apache/ incubator/directory/kerberos/trunk/examples/src/java/org/apache/kerberos/ incubator/directory/kerberos/trunk/examples/src/java/org/apache/kerberos/examples/ incubator/directory/kerberos/trunk/examples/src/java/org/apache/kerberos/examples/gssdemo/ incubator/directory/kerberos/trunk/examples/src/java/org/apache/kerberos/examples/gssdemo/GSSClient.java (contents, props changed) incubator/directory/kerberos/trunk/examples/src/java/org/apache/kerberos/examples/gssdemo/GSSClientApplet.java (contents, props changed) incubator/directory/kerberos/trunk/examples/src/java/org/apache/kerberos/examples/gssdemo/GSSServer.java (contents, props changed) incubator/directory/kerberos/trunk/examples/src/java/org/apache/kerberos/examples/gssdemo/GSSServerThread.java (contents, props changed)
Added: incubator/directory/kerberos/trunk/examples/src/java/org/apache/kerberos/examples/gssdemo/GSSClient.java Url: http://svn.apache.org/viewcvs/incubator/directory/kerberos/trunk/examples/src/java/org/apache/kerberos/examples/gssdemo/GSSClient.java?view=auto&rev=122684 ============================================================================== --- (empty file) +++ incubator/directory/kerberos/trunk/examples/src/java/org/apache/kerberos/examples/gssdemo/GSSClient.java Fri Dec 17 13:43:19 2004 @@ -0,0 +1,201 @@ +/* + * Copyright 2004 The Apache Software Foundation + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ +package org.apache.kerberos.examples.gssdemo; + +import org.apache.kerberos.util.CallbackHandlerBean; +import org.ietf.jgss.*; + +import javax.security.auth.Subject; +import javax.security.auth.login.LoginContext; +import javax.security.auth.login.LoginException; +import java.io.DataInputStream; +import java.io.DataOutputStream; +import java.io.IOException; +import java.net.Socket; +import java.security.PrivilegedAction; +import java.security.Security; + +class GSSClient implements PrivilegedAction +{ + + private CallbackHandlerBean beanCallbackHandler = null; + + private static final int TEN_MINUTES = 10 * 60; + + private GSSContext context = null; + + private LoginContext peerLC = null; + + private Socket socket = null; + private DataInputStream inStream; + private DataOutputStream outStream; + + private String clientName = null; + private String serverName = null; + private String serverAddress = null; + private int serverPort; + + public GSSClient(String clientName, String password, String serverName, String serverAddress, + int serverPort, String kerberosRealm, String kdcAddress) + { + beanCallbackHandler = new CallbackHandlerBean(clientName, password); + this.clientName = clientName; + this.serverName = serverName; + this.serverAddress = serverAddress; + this.serverPort = serverPort; + System.setProperty("java.security.krb5.realm", kerberosRealm); + System.setProperty("java.security.krb5.kdc", kdcAddress); + + System.setProperty("sun.security.krb5.debug", "true"); + Security.setProperty("login.configuration.provider", + "org.apache.kerberos.kdc.jaas.Krb5LoginConfiguration"); + } + + public void login() + { + try + { + peerLC = new LoginContext(clientName, beanCallbackHandler); + peerLC.login(); + + socket = new Socket(serverAddress, serverPort); + inStream = new DataInputStream(socket.getInputStream()); + outStream = new DataOutputStream(socket.getOutputStream()); + + context = (GSSContext) Subject.doAs(peerLC.getSubject(), this); + } + catch (Exception e) + { + System.out.println(">>> GSSClient ... Secure Context not established."); + System.out.println(">>> GSSClient ... ERROR: " + e.getMessage()); + } + } + + public boolean hasConfidentialContext() + { + return context != null && context.getConfState(); + } + + // PrivilegedAction method + public Object run() + { + try + { + GSSManager manager = GSSManager.getInstance(); + + Oid kerberos = new Oid("1.2.840.113554.1.2.2"); + + GSSName clientPeerName = manager.createName(clientName, GSSName.NT_USER_NAME); + + GSSName remotePeerName = manager.createName(serverName, GSSName.NT_USER_NAME); + + System.out.println(">>> GSSClient ... Getting client credentials"); + + GSSCredential peerCredentials = manager.createCredential(clientPeerName, TEN_MINUTES, + kerberos, GSSCredential.INITIATE_ONLY); + + System.out.println(">>> GSSClient ... GSSManager creating security context"); + GSSContext peerContext = manager.createContext(remotePeerName, kerberos, + peerCredentials, GSSContext.DEFAULT_LIFETIME); + + peerContext.requestConf(true); + byte[] byteToken = new byte[0]; + + System.out.println(">>> GSSClient ... Sending token to server over secure context"); + + while (!peerContext.isEstablished()) + { + byteToken = peerContext.initSecContext(byteToken, 0, byteToken.length); + + if (byteToken != null) + { + outStream.writeInt(byteToken.length); + outStream.write(byteToken); + outStream.flush(); + } + + if (!peerContext.isEstablished()) + { + byteToken = new byte[inStream.readInt()]; + inStream.readFully(byteToken); + } + } + + return peerContext; + } + catch (GSSException ge) + { + System.out.println(">>> GSSClient ... GSS Exception " + ge.getMessage()); + } + catch (IOException e) + { + System.out.println(">>> GSSClient ... Exception " + e.getMessage()); + } + return null; + } + + public String sendMessageReturnReply(String message) + { + MessageProp msgProp = new MessageProp(0, true); + + try + { + System.out.println(">>> GSSClient ... Client message is [" + message + "]"); + byte[] clientMessage = context.wrap(message.getBytes(), 0, message.getBytes().length, + msgProp); + outStream.writeInt(clientMessage.length); + outStream.write(clientMessage); + outStream.flush(); + + // Receiving server response and sending back to client. + byte[] serverMessage = new byte[inStream.readInt()]; + inStream.readFully(serverMessage); + serverMessage = context.unwrap(serverMessage, 0, serverMessage.length, msgProp); + System.out.print(">>> GSSClient ... Server message is ["); + System.out.println(new String(serverMessage) + "]"); + return new String(serverMessage); + } + catch (GSSException ge) + { + ge.printStackTrace(); + return null; + } + catch (IOException ioe) + { + ioe.printStackTrace(); + return null; + } + } + + public void logout() + { + try + { + peerLC.logout(); + context.dispose(); + } + catch (LoginException le) + { + le.printStackTrace(); + } + catch (GSSException ge) + { + ge.printStackTrace(); + } + } +} + Added: incubator/directory/kerberos/trunk/examples/src/java/org/apache/kerberos/examples/gssdemo/GSSClientApplet.java Url: http://svn.apache.org/viewcvs/incubator/directory/kerberos/trunk/examples/src/java/org/apache/kerberos/examples/gssdemo/GSSClientApplet.java?view=auto&rev=122684 ============================================================================== --- (empty file) +++ incubator/directory/kerberos/trunk/examples/src/java/org/apache/kerberos/examples/gssdemo/GSSClientApplet.java Fri Dec 17 13:43:19 2004 @@ -0,0 +1,122 @@ +/* + * Copyright 2004 The Apache Software Foundation + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ +package org.apache.kerberos.examples.gssdemo; + +import java.applet.Applet; +import java.awt.*; +import java.awt.event.ActionEvent; +import java.awt.event.ActionListener; + +public class GSSClientApplet extends Applet +{ + + private GSSClient gssClient = null; + + // UI parameters + private Label lblUserName = new Label("Username:"); + private Label lblPassword = new Label("Password:"); + + private TextField tfUserName = new TextField(12); + private TextField tfPassword = new TextField(12); + + private Button buttonPartner1 = new Button(" Login to ldap "); + + private Color bgColor = new Color(204, 204, 255); + + private TextArea taResponse = null; + + // GSS parameters. + private String remotePeer = null; + private String kerberosRealm = null; + private String kdcAddress = null; + private String addressOfRemotePeer = null; + private int portOfRemotePeer; + + public void init() + { + setLayout(new FlowLayout(FlowLayout.CENTER)); + add(lblUserName); + add(tfUserName); + add(lblPassword); + add(tfPassword); + + buttonPartner1.setBackground(bgColor); + + kerberosRealm = "25OZ.COM"; + kdcAddress = "localhost"; + addressOfRemotePeer = "localhost"; + + add(buttonPartner1); + buttonPartner1.addActionListener(new ActionListener() { + public void actionPerformed(ActionEvent evt) { + remotePeer = "ldap"; + portOfRemotePeer = 1082; + login(); + } + }); + + taResponse = new TextArea("[Output Window] ...\n\r", 12, 58); + taResponse.setBackground(Color.white); + add(taResponse); + } + + private void login() + { + try + { + if (tfUserName.getText().equals("") && tfPassword.getText().equals("")) + taResponse.append("Please use your username to login ...\n\r"); + else + { + gssClient = new GSSClient(tfUserName.getText() + "@" + kerberosRealm, + tfPassword.getText(), remotePeer, addressOfRemotePeer, + portOfRemotePeer, kerberosRealm, kdcAddress); + + taResponse.append(tfUserName.getText() + " being logged in ...\n\r"); + + gssClient.login(); + + if (gssClient.hasConfidentialContext()) + { + String message = new String("Sample secret message from client"); + taResponse.append("You are successfully logged in ... \n\r"); + taResponse.append("Sending [" + message + "] to server \n\r"); + String response = gssClient.sendMessageReturnReply(message); + taResponse.append("Server response ... " + response + "\n\r"); + } + else + { + taResponse.append("Confidential context failed. \n\r"); + } + + try + { + gssClient.logout(); + } + catch (Exception e) + { + e.printStackTrace(); + } + } + } + catch (Exception e) + { + taResponse.append("Exception ..." + e.getMessage() + "\n\r"); + } + } +} + Added: incubator/directory/kerberos/trunk/examples/src/java/org/apache/kerberos/examples/gssdemo/GSSServer.java Url: http://svn.apache.org/viewcvs/incubator/directory/kerberos/trunk/examples/src/java/org/apache/kerberos/examples/gssdemo/GSSServer.java?view=auto&rev=122684 ============================================================================== --- (empty file) +++ incubator/directory/kerberos/trunk/examples/src/java/org/apache/kerberos/examples/gssdemo/GSSServer.java Fri Dec 17 13:43:19 2004 @@ -0,0 +1,26 @@ +/* + * Copyright 2004 The Apache Software Foundation + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ +package org.apache.kerberos.examples.gssdemo; + +public class GSSServer +{ + public static void main(String[] args) + { + new GSSServerThread().startServer(); + } +} + Added: incubator/directory/kerberos/trunk/examples/src/java/org/apache/kerberos/examples/gssdemo/GSSServerThread.java Url: http://svn.apache.org/viewcvs/incubator/directory/kerberos/trunk/examples/src/java/org/apache/kerberos/examples/gssdemo/GSSServerThread.java?view=auto&rev=122684 ============================================================================== --- (empty file) +++ incubator/directory/kerberos/trunk/examples/src/java/org/apache/kerberos/examples/gssdemo/GSSServerThread.java Fri Dec 17 13:43:19 2004 @@ -0,0 +1,169 @@ +/* + * Copyright 2004 The Apache Software Foundation + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ +package org.apache.kerberos.examples.gssdemo; + +import org.apache.kerberos.util.CallbackHandlerBean; +import org.ietf.jgss.*; + +import javax.security.auth.Subject; +import javax.security.auth.login.LoginContext; +import java.io.DataInputStream; +import java.io.DataOutputStream; +import java.net.ServerSocket; +import java.net.Socket; +import java.security.PrivilegedAction; +import java.security.Security; + +public class GSSServerThread implements PrivilegedAction +{ + + //Handles callback from the JAAS framework. + CallbackHandlerBean beanCallbackHandler = null; + + //The main object that handles all JAAS login. + LoginContext serverLC = null; + + //The context for secure communication with client. + GSSContext serverGSSContext = null; + + //Socket and streams used for communication. + ServerSocket serverSocket = null; + DataInputStream inStream = null; + DataOutputStream outStream = null; + + //Name and port of server. + private String _serverName; + private int _serverPort; + private String _password; + private String _realm; + private String _kdc; + + //Configuration file and the name of the client configuration. + String _confFile = null; + String _confName = null; + + // GSSServerThread constructor + public GSSServerThread() + { + + _serverName = "ldap"; + _password = "keyrand"; + _serverPort = 1082; + _realm = "25OZ.COM"; + _kdc = "enrique.25oz.com"; + + beanCallbackHandler = new CallbackHandlerBean(_serverName, _password); + System.setProperty("java.security.krb5.realm", _realm); + System.setProperty("java.security.krb5.kdc", _kdc); + System.setProperty("sun.security.krb5.debug", "true"); + Security.setProperty("login.configuration.provider", + "org.apache.kerberos.kdc.jaas.Krb5LoginConfiguration"); + } + + public boolean startServer() + { + + try + { + serverLC = new LoginContext(_serverName, beanCallbackHandler); + serverLC.login(); + Subject.doAs(serverLC.getSubject(), this); + return true; + } + catch (Exception e) + { + System.out.println(">>> GSSServerThread ... Secure Context not established.."); + e.printStackTrace(); + return false; + } + } + + public Object run() + { + while (true) + { + try + { + serverSocket = new ServerSocket(_serverPort); + GSSManager manager = GSSManager.getInstance(); + Oid kerberos = new Oid("1.2.840.113554.1.2.2"); + + System.out.println(">>> GSSServerThread started ... Waiting for incoming connection"); + + GSSName serverGSSName = manager.createName(_serverName, null); + GSSCredential serverGSSCreds = manager.createCredential(serverGSSName, + GSSCredential.INDEFINITE_LIFETIME, kerberos, GSSCredential.ACCEPT_ONLY); + + serverGSSContext = manager.createContext(serverGSSCreds); + + Socket clientSocket = serverSocket.accept(); + inStream = new DataInputStream(clientSocket.getInputStream()); + outStream = new DataOutputStream(clientSocket.getOutputStream()); + + byte[] byteToken = null; + + while (!serverGSSContext.isEstablished()) + { + byteToken = new byte[inStream.readInt()]; + inStream.readFully(byteToken); + byteToken = serverGSSContext.acceptSecContext(byteToken, 0, byteToken.length); + + if (byteToken != null) + { + outStream.writeInt(byteToken.length); + outStream.write(byteToken); + outStream.flush(); + } + } + + String clientName = serverGSSContext.getTargName().toString(); + String serverName = serverGSSContext.getSrcName().toString(); + MessageProp msgProp = new MessageProp(0, false); + + byteToken = new byte[inStream.readInt()]; + inStream.readFully(byteToken); + + // Unwrapping and verifying the received message. + byte[] message = serverGSSContext.unwrap(byteToken, 0, byteToken.length, msgProp); + System.out.print(">>> GSSServerThread Message [ "); + System.out.println(new String(message) + " ] received"); + + // Wrapping the response message. + message = new String(">>> GSSServerThread Secure Context established between " + "[" + + clientName + "] and [" + serverName + "]").getBytes(); + + byte[] secureMessage = serverGSSContext.wrap(message, 0, message.length, msgProp); + + outStream.writeInt(secureMessage.length); + outStream.write(secureMessage); + outStream.flush(); + System.out.println(">>> GSSServerThread Message [" + new String(message) + "] sent"); + + // Disposing and closing client and server sockets. + serverGSSContext.dispose(); + clientSocket.close(); + serverSocket.close(); + System.out.println(">>> GSSServerThread waiting ... "); + } + catch (java.lang.Exception e) + { + e.printStackTrace(); + } + } + } +} +
