You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by dr...@apache.org on 2015/03/22 12:52:06 UTC
directory-kerby git commit: Refined token-init tool and added token
test
Repository: directory-kerby
Updated Branches:
refs/heads/master acacc0a63 -> f3f0245f5
Refined token-init tool and added token test
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/f3f0245f
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/f3f0245f
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/f3f0245f
Branch: refs/heads/master
Commit: f3f0245f52703de7248a61aa6e892148e1ae9218
Parents: acacc0a
Author: Drankye <dr...@gmail.com>
Authored: Sun Mar 22 19:51:44 2015 +0800
Committer: Drankye <dr...@gmail.com>
Committed: Sun Mar 22 19:51:44 2015 +0800
----------------------------------------------------------------------
.../kerberos/kerb/provider/TokenEncoder.java | 2 +-
.../kerberos/kerb/spec/base/AuthToken.java | 2 +-
.../kerby/kerberos/kerb/spec/base/KrbToken.java | 4 +-
kerby-provider/token-provider/pom.xml | 10 ++
.../kerberos/provider/token/JwtAuthToken.java | 2 +-
.../provider/token/JwtTokenEncoder.java | 8 +-
.../kerby/kerberos/provider/token/JwtUtil.java | 3 +-
.../kerberos/provider/token/TokenTest.java | 85 +++++++++++++
kerby-tool/client-tool/pom.xml | 11 +-
.../kerberos/tool/token/AuthzDataEntry.java | 52 --------
.../kerberos/tool/token/TokenExtractor.java | 102 ---------------
.../kerby/kerberos/tool/token/TokenInit.java | 97 ++++++++++++++
.../kerby/kerberos/tool/token/TokenTool.java | 125 -------------------
13 files changed, 211 insertions(+), 292 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f3f0245f/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/provider/TokenEncoder.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/provider/TokenEncoder.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/provider/TokenEncoder.java
index 1b9dd55..7441fb5 100644
--- a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/provider/TokenEncoder.java
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/provider/TokenEncoder.java
@@ -55,6 +55,6 @@ public interface TokenEncoder {
* @param content
* @return token
*/
- public AuthToken decodeFromString(String content) throws IOException, KrbException;
+ public AuthToken decodeFromString(String content) throws IOException;
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f3f0245f/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/base/AuthToken.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/base/AuthToken.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/base/AuthToken.java
index 472d1de..c30c1b4 100644
--- a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/base/AuthToken.java
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/base/AuthToken.java
@@ -98,7 +98,7 @@ public interface AuthToken {
* Set token expired time
* @param exp
*/
- public void setExpiredTime(Date exp);
+ public void setExpirationTime(Date exp);
/**
* Get token not before time.
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f3f0245f/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/base/KrbToken.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/base/KrbToken.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/base/KrbToken.java
index 8fc28f5..29e1271 100644
--- a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/base/KrbToken.java
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/base/KrbToken.java
@@ -152,8 +152,8 @@ public class KrbToken extends KrbSequenceType implements AuthToken {
}
@Override
- public void setExpiredTime(Date exp) {
- innerToken.setExpiredTime(exp);
+ public void setExpirationTime(Date exp) {
+ innerToken.setExpirationTime(exp);
}
@Override
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f3f0245f/kerby-provider/token-provider/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-provider/token-provider/pom.xml b/kerby-provider/token-provider/pom.xml
index 140cdc2..78dab17 100644
--- a/kerby-provider/token-provider/pom.xml
+++ b/kerby-provider/token-provider/pom.xml
@@ -24,6 +24,16 @@
<artifactId>nimbus-jose-jwt</artifactId>
<version>3.9</version>
</dependency>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.assertj</groupId>
+ <artifactId>assertj-core</artifactId>
+ <scope>test</scope>
+ </dependency>
</dependencies>
</project>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f3f0245f/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtAuthToken.java
----------------------------------------------------------------------
diff --git a/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtAuthToken.java b/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtAuthToken.java
index fe9e7ad..0ece636 100644
--- a/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtAuthToken.java
+++ b/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtAuthToken.java
@@ -118,7 +118,7 @@ public class JwtAuthToken implements AuthToken {
}
@Override
- public void setExpiredTime(Date exp) {
+ public void setExpirationTime(Date exp) {
jwtClaims.setExpirationTime(exp);
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f3f0245f/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtTokenEncoder.java
----------------------------------------------------------------------
diff --git a/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtTokenEncoder.java b/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtTokenEncoder.java
index c8f1442..474b869 100644
--- a/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtTokenEncoder.java
+++ b/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtTokenEncoder.java
@@ -41,7 +41,9 @@ public class JwtTokenEncoder implements TokenEncoder {
@Override
public AuthToken decodeFromBytes(byte[] content) throws IOException {
- return null;
+ String tokenStr = String.valueOf(content);
+
+ return decodeFromString(tokenStr);
}
@Override
@@ -58,12 +60,12 @@ public class JwtTokenEncoder implements TokenEncoder {
}
@Override
- public AuthToken decodeFromString(String content) throws KrbException {
+ public AuthToken decodeFromString(String content) throws IOException {
try {
PlainJWT jwt = PlainJWT.parse(content);
return new JwtAuthToken(jwt.getJWTClaimsSet());
} catch (ParseException e) {
- throw new KrbException("Failed to parse JWT token string", e);
+ throw new IOException("Failed to parse JWT token string", e);
}
}
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f3f0245f/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtUtil.java
----------------------------------------------------------------------
diff --git a/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtUtil.java b/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtUtil.java
index d7f8e07..f79d217 100644
--- a/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtUtil.java
+++ b/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtUtil.java
@@ -9,8 +9,7 @@ import com.nimbusds.jwt.ReadOnlyJWTClaimsSet;
public class JwtUtil {
public static JWTClaimsSet from(ReadOnlyJWTClaimsSet readOnlyClaims) {
- JWTClaimsSet result = new JWTClaimsSet();
- //readOnlyClaims.getAudience()
+ JWTClaimsSet result = new JWTClaimsSet(readOnlyClaims);
return result;
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f3f0245f/kerby-provider/token-provider/src/test/java/org/apache/kerby/kerberos/provider/token/TokenTest.java
----------------------------------------------------------------------
diff --git a/kerby-provider/token-provider/src/test/java/org/apache/kerby/kerberos/provider/token/TokenTest.java b/kerby-provider/token-provider/src/test/java/org/apache/kerby/kerberos/provider/token/TokenTest.java
new file mode 100644
index 0000000..19ec379
--- /dev/null
+++ b/kerby-provider/token-provider/src/test/java/org/apache/kerby/kerberos/provider/token/TokenTest.java
@@ -0,0 +1,85 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.provider.token;
+
+import org.apache.kerby.kerberos.kerb.KrbRuntime;
+import org.apache.kerby.kerberos.kerb.provider.TokenEncoder;
+import org.apache.kerby.kerberos.kerb.spec.base.AuthToken;
+import org.assertj.core.api.Assertions;
+import org.junit.Before;
+import org.junit.Test;
+
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.List;
+
+public class TokenTest {
+
+ static {
+ KrbRuntime.setTokenProvider(new JwtTokenProvider());
+ }
+
+ static final String SUBJECT = "test-sub";
+ static final String AUDIENCE = "krbtgt@EXAMPLE.COM";
+ static final String ISSUER = "oauth2.com";
+ static final String GROUP = "sales-group";
+ static final String ROLE = "ADMIN";
+
+ private AuthToken authToken;
+
+ @Before
+ public void setUp() {
+ authToken = KrbRuntime.getTokenProvider().createTokenFactory().createToken();
+
+ authToken.setIssuer(ISSUER);
+ authToken.setSubject(SUBJECT);
+
+ authToken.addAttribute("group", GROUP);
+ authToken.addAttribute("role", ROLE);
+
+ List<String> aud = new ArrayList<String>();
+ aud.add(AUDIENCE);
+ authToken.setAudiences(aud);
+
+ // Set expiration in 60 minutes
+ final Date NOW = new Date(new Date().getTime() / 1000 * 1000);
+ Date exp = new Date(NOW.getTime() + 1000 * 60 * 60);
+ authToken.setExpirationTime(exp);
+
+ Date nbf = NOW;
+ authToken.setNotBeforeTime(nbf);
+
+ Date iat = NOW;
+ authToken.setIssueTime(iat);
+ }
+
+ @Test
+ public void testToken() throws Exception {
+ TokenEncoder tokenEncoder = KrbRuntime.getTokenProvider().createTokenEncoder();
+ String tokenStr = tokenEncoder.encodeAsString(authToken);
+ System.out.println("Auth token: " + tokenStr);
+ Assertions.assertThat(tokenStr).isNotNull();
+
+ AuthToken token2 = tokenEncoder.decodeFromString(tokenStr);
+ System.out.println("Decoded token's subject: " + token2.getSubject());
+ Assertions.assertThat(token2.getSubject()).isEqualTo(SUBJECT);
+ Assertions.assertThat(token2.getIssuer()).isEqualTo(ISSUER);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f3f0245f/kerby-tool/client-tool/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-tool/client-tool/pom.xml b/kerby-tool/client-tool/pom.xml
index c87174c..5f17dff 100644
--- a/kerby-tool/client-tool/pom.xml
+++ b/kerby-tool/client-tool/pom.xml
@@ -46,9 +46,14 @@
</dependency>
<dependency>
- <groupId>com.nimbusds</groupId>
- <artifactId>nimbus-jose-jwt</artifactId>
- <version>3.8.2</version>
+ <groupId>org.apache.kerby</groupId>
+ <artifactId>token-provider</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.kerby</groupId>
+ <artifactId>pki-provider</artifactId>
+ <version>${project.version}</version>
</dependency>
</dependencies>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f3f0245f/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/token/AuthzDataEntry.java
----------------------------------------------------------------------
diff --git a/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/token/AuthzDataEntry.java b/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/token/AuthzDataEntry.java
deleted file mode 100644
index 2d57fbf..0000000
--- a/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/token/AuthzDataEntry.java
+++ /dev/null
@@ -1,52 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerby.kerberos.tool.token;
-
-import org.apache.kerby.asn1.type.Asn1FieldInfo;
-import org.apache.kerby.asn1.type.Asn1Integer;
-import org.apache.kerby.asn1.type.Asn1OctetString;
-import org.apache.kerby.asn1.type.Asn1SequenceType;
-
-/**
- AuthorizationData ::= SEQUENCE OF SEQUENCE {
- ad-type [0] Int32,
- ad-data [1] OCTET STRING
- }
- */
-public class AuthzDataEntry extends Asn1SequenceType {
- static int AD_TYPE = 0;
- static int AD_DATA = 1;
-
- public AuthzDataEntry() {
- super(new Asn1FieldInfo[] {
- new Asn1FieldInfo(AD_TYPE, Asn1Integer.class),
- new Asn1FieldInfo(AD_DATA, Asn1OctetString.class)
- });
- }
-
- public int getAuthzType() {
- Integer value = getFieldAsInteger(AD_TYPE);
- return value;
- }
-
- public byte[] getAuthzData() {
- return getFieldAsOctets(AD_DATA);
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f3f0245f/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/token/TokenExtractor.java
----------------------------------------------------------------------
diff --git a/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/token/TokenExtractor.java b/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/token/TokenExtractor.java
deleted file mode 100644
index 3b570b7..0000000
--- a/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/token/TokenExtractor.java
+++ /dev/null
@@ -1,102 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerby.kerberos.tool.token;
-
-import com.sun.security.jgss.AuthorizationDataEntry;
-import com.sun.security.jgss.ExtendedGSSContext;
-import com.sun.security.jgss.InquireType;
-import org.apache.kerby.asn1.type.Asn1SequenceOf;
-import org.apache.kerby.kerberos.kerb.spec.base.AuthToken;
-import org.ietf.jgss.GSSContext;
-import org.ietf.jgss.GSSException;
-
-import java.io.IOException;
-import java.util.List;
-
-public class TokenExtractor {
- static final int JWT_AUTHZ_DATA_TYPE = 81;
- public static final int AD_IF_RELEVANT_TYPE = 1;
-
- /**
- AuthorizationData ::= SEQUENCE OF SEQUENCE {
- ad-type [0] Int32,
- ad-data [1] OCTET STRING
- }
- */
- public static class AuthorizationData extends Asn1SequenceOf<AuthzDataEntry> {
-
- }
-
- public static AuthToken checkAuthzData(GSSContext context) throws GSSException, IOException {
- System.out.println("Looking for token from authorization data in GSSContext");
-
- Object authzData = null;
- if (context instanceof ExtendedGSSContext) {
- ExtendedGSSContext ex = (ExtendedGSSContext)context;
- authzData = ex.inquireSecContext(
- InquireType.KRB5_GET_AUTHZ_DATA);
- }
-
- if (authzData != null) {
- AuthorizationDataEntry[] authzEntries = (AuthorizationDataEntry[]) authzData;
- AuthToken resultToken = null;
- for (int i = 0; i < authzEntries.length; ++i) {
- resultToken = getAuthzToken(authzEntries[i]);
- if (resultToken != null) {
- return resultToken;
- }
- }
- }
- return null;
- }
-
- public static AuthToken getAuthzToken(AuthorizationDataEntry authzDataEntry) throws IOException {
- if (authzDataEntry.getType() == AD_IF_RELEVANT_TYPE) {
- String token = getToken(authzDataEntry);
- if (token == null) {
- return null;
- }
-
- try {
- return TokenTool.fromJwtToken(token);
- } catch (Exception e) {
- // noop when not jwt token
- }
- }
-
- return null;
- }
-
- public static String getToken(AuthorizationDataEntry authzDataEntry) throws IOException {
- List<AuthzDataEntry> entries = decode(authzDataEntry);
- for (AuthzDataEntry entry : entries) {
- if (entry.getAuthzType() == JWT_AUTHZ_DATA_TYPE) {
- return new String(entry.getAuthzData());
- }
- }
- return null;
- }
-
- public static List<AuthzDataEntry> decode(AuthorizationDataEntry authzDataEntry) throws IOException {
- AuthorizationData authzData = new AuthorizationData();
- authzData.decode(authzDataEntry.getData());
- return authzData.getElements();
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f3f0245f/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/token/TokenInit.java
----------------------------------------------------------------------
diff --git a/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/token/TokenInit.java b/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/token/TokenInit.java
new file mode 100644
index 0000000..20a6694
--- /dev/null
+++ b/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/token/TokenInit.java
@@ -0,0 +1,97 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.tool.token;
+
+import org.apache.kerby.kerberos.kerb.KrbRuntime;
+import org.apache.kerby.kerberos.kerb.provider.TokenEncoder;
+import org.apache.kerby.kerberos.kerb.spec.base.AuthToken;
+import org.apache.kerby.kerberos.provider.token.JwtTokenProvider;
+
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.List;
+
+/**
+ * This is token init simulation tool pretending passing the auth then issuing
+ * a result token, and putting the token in a token cache.
+ */
+public class TokenInit {
+
+ static {
+ KrbRuntime.setTokenProvider(new JwtTokenProvider());
+ }
+
+ public static AuthToken issueToken(String principal, String group, String role) {
+ AuthToken authToken = KrbRuntime.getTokenProvider().createTokenFactory().createToken();
+
+ String iss = "token-service";
+ authToken.setIssuer(iss);
+
+ String sub = principal;
+ authToken.setSubject(sub);
+
+ authToken.addAttribute("group", group);
+ if (role != null) {
+ authToken.addAttribute("role", role);
+ }
+
+ List<String> aud = new ArrayList<String>();
+ aud.add("krb5kdc-with-token-extension");
+ authToken.setAudiences(aud);
+
+ // Set expiration in 60 minutes
+ final Date NOW = new Date(new Date().getTime() / 1000 * 1000);
+ Date exp = new Date(NOW.getTime() + 1000 * 60 * 60);
+ authToken.setExpirationTime(exp);
+
+ Date nbf = NOW;
+ authToken.setNotBeforeTime(nbf);
+
+ Date iat = NOW;
+ authToken.setIssueTime(iat);
+
+ return authToken;
+ }
+
+ public static void main(String[] args) throws Exception {
+ String principal, group, role = null;
+
+ if (args.length != 2 && args.length != 3) {
+ System.out.println("This is a simple token issuing tool just for " +
+ "kerb-token PoC usage\n");
+ System.out.println("tokeninit <username> <group> [role]\n");
+ System.exit(1);
+ }
+ principal = args[0];
+ group = args[1];
+ if (args.length > 2) {
+ role = args[2];
+ }
+
+ TokenEncoder tokenEncoder = KrbRuntime.getTokenProvider().createTokenEncoder();
+ AuthToken token = issueToken(principal, group, role);
+ String tokenStr = tokenEncoder.encodeAsString(token);
+ TokenCache.writeToken(tokenStr);
+ System.out.println("Issued token: " + tokenStr);
+
+ AuthToken token2 = tokenEncoder.decodeFromString(tokenStr);
+ System.out.println("Decoded token's subject: " + token2.getSubject());
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f3f0245f/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/token/TokenTool.java
----------------------------------------------------------------------
diff --git a/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/token/TokenTool.java b/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/token/TokenTool.java
deleted file mode 100644
index 0aea7e6..0000000
--- a/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/token/TokenTool.java
+++ /dev/null
@@ -1,125 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerby.kerberos.tool.token;
-
-import com.nimbusds.jose.PlainHeader;
-import com.nimbusds.jwt.JWT;
-import com.nimbusds.jwt.JWTClaimsSet;
-import com.nimbusds.jwt.PlainJWT;
-import org.apache.kerby.kerberos.kerb.spec.base.AuthToken;
-
-import java.text.ParseException;
-import java.util.*;
-
-public class TokenTool {
-
- public static JWT issueToken(String principal, String group, String role) {
- // must have for kerb-token
- String krbPrincipal = principal + "@SH.INTEL.COM";
-
- PlainHeader header = new PlainHeader();
- //header.setCustomParameter("krbPrincipal", krbPrincipal);
-
- JWTClaimsSet jwtClaims = new JWTClaimsSet();
-
- String iss = "token-service";
- jwtClaims.setIssuer(iss);
-
- String sub = principal;
- jwtClaims.setSubject(sub);
-
- // must have for kerb-token
- jwtClaims.setSubject(krbPrincipal);
-
- jwtClaims.setClaim("group", group);
- if (role != null) {
- jwtClaims.setClaim("role", role);
- }
-
- List<String> aud = new ArrayList<String>();
- aud.add("krb5kdc-with-token-extension");
- jwtClaims.setAudience(aud);
-
- // Set expiration in 60 minutes
- final Date NOW = new Date(new Date().getTime() / 1000 * 1000);
- Date exp = new Date(NOW.getTime() + 1000 * 60 * 60);
- jwtClaims.setExpirationTime(exp);
-
- Date nbf = NOW;
- jwtClaims.setNotBeforeTime(nbf);
-
- Date iat = NOW;
- jwtClaims.setIssueTime(iat);
-
- String jti = UUID.randomUUID().toString();
- jwtClaims.setJWTID(jti);
-
- PlainJWT jwt = new PlainJWT(header, jwtClaims);
- return jwt;
- }
-
- public static JWT decodeToken(String token) throws ParseException {
- PlainJWT jwt = PlainJWT.parse(token);
-
- return jwt;
- }
-
- public static AuthToken fromJwtToken(String token) throws ParseException {
- Map<String, Object> attrs = decodeAndExtractTokenAttributes(token);
- return null;//new AuthToken(attrs);
- }
-
- public static Map<String, Object> decodeAndExtractTokenAttributes(String token) throws ParseException {
- PlainJWT jwt = PlainJWT.parse(token);
-
- Map<String, Object> attrs = new HashMap<String, Object>();
- attrs.putAll(jwt.getJWTClaimsSet().getAllClaims());
- //attrs.putAll(jwt.getHeader().getCustomParameters());
-
- return attrs;
- }
-
- public static void main(String[] args) throws ParseException {
- String principal, group, role = null;
-
- if (args.length != 2 && args.length != 3) {
- System.out.println("This is a simple token issuing tool just for kerb-token PoC usage\n");
- System.out.println("tokeninit <username> <group> [role]\n");
- System.exit(1);
- }
- principal = args[0];
- group = args[1];
- if (args.length > 2) {
- role = args[2];
- }
-
- JWT jwt = issueToken(principal, group, role);
- String token = jwt.serialize();
-
- TokenCache.writeToken(token);
- System.out.println("Issued token: " + token);
-
- /*
- JWT jwt2 = decodeToken(token);
- String krbPrincipal = (String) jwt2.getHeader().getCustomParameter("krbPrincipal");
- System.out.println("Decoded token with krbprincipal: " + krbPrincipal);
- */
- }
-}