You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by pl...@apache.org on 2016/07/07 06:41:49 UTC

[04/27] directory-kerby git commit: DIRKRB-591 Add the KerberosTicket to subject's private credentials in TokenAuthLoginModule.

DIRKRB-591 Add the KerberosTicket to subject's private credentials in TokenAuthLoginModule.


Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/358340dd
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/358340dd
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/358340dd

Branch: refs/heads/kpasswd
Commit: 358340dd2a60a36a69988f1dd7c509cf585acdc8
Parents: 68933ae
Author: plusplusjiajia <ji...@intel.com>
Authored: Mon Jul 4 14:41:39 2016 +0800
Committer: plusplusjiajia <ji...@intel.com>
Committed: Mon Jul 4 14:41:39 2016 +0800

----------------------------------------------------------------------
 .../test/jaas/TokenAuthLoginModule.java         | 37 ++++++++++++++++++--
 .../TokenLoginWithTokenPreauthEnabledTest.java  | 12 +++----
 2 files changed, 40 insertions(+), 9 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/358340dd/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java b/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java
index bee4938..0d812c9 100644
--- a/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java
+++ b/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java
@@ -31,6 +31,7 @@ import org.apache.kerby.kerberos.kerb.provider.TokenEncoder;
 import org.apache.kerby.kerberos.kerb.type.base.AuthToken;
 import org.apache.kerby.kerberos.kerb.type.base.KrbToken;
 import org.apache.kerby.kerberos.kerb.type.base.TokenFormat;
+import org.apache.kerby.kerberos.kerb.type.kdc.EncKdcRepPart;
 import org.apache.kerby.kerberos.kerb.type.ticket.TgtTicket;
 import org.apache.kerby.kerberos.provider.token.JwtTokenEncoder;
 import org.slf4j.Logger;
@@ -38,6 +39,8 @@ import org.slf4j.LoggerFactory;
 
 import javax.security.auth.Subject;
 import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.kerberos.KerberosPrincipal;
+import javax.security.auth.kerberos.KerberosTicket;
 import javax.security.auth.login.LoginException;
 import javax.security.auth.spi.LoginModule;
 import java.io.File;
@@ -47,6 +50,7 @@ import java.io.IOException;
 import java.security.Principal;
 import java.security.PrivateKey;
 import java.security.interfaces.RSAPrivateKey;
+import java.util.Date;
 import java.util.Iterator;
 import java.util.Map;
 
@@ -83,6 +87,8 @@ public class TokenAuthLoginModule implements LoginModule {
     public static final String CREDENTIAL_CACHE = "credentialCache";
     public static final String SIGN_KEY_FILE = "signKeyFile";
 
+    private TgtTicket tgtTicket;
+
     /**
      * {@inheritDoc}
      */
@@ -120,7 +126,35 @@ public class TokenAuthLoginModule implements LoginModule {
         if (succeeded == false) {
             return false;
         } else {
-            subject.getPublicCredentials().add(krbToken);
+            KerberosTicket ticket = null;
+            try {
+                EncKdcRepPart encKdcRepPart = tgtTicket.getEncKdcRepPart();
+                boolean[] flags = new boolean[7];
+                int flag = encKdcRepPart.getFlags().getFlags();
+                for (int i = 6; i >= 0; i--) {
+                    flags[i] = (flag & (1 << i)) != 0;
+                }
+                Date startTime = null;
+                if (encKdcRepPart.getStartTime() != null) {
+                    startTime = encKdcRepPart.getStartTime().getValue();
+                }
+
+                ticket = new KerberosTicket(tgtTicket.getTicket().encode(),
+                    new KerberosPrincipal(tgtTicket.getClientPrincipal().getName()),
+                    new KerberosPrincipal(tgtTicket.getEncKdcRepPart().getSname().getName()),
+                    encKdcRepPart.getKey().getKeyData(),
+                    encKdcRepPart.getKey().getKeyType().getValue(),
+                    flags,
+                    encKdcRepPart.getAuthTime().getValue(),
+                    startTime,
+                    encKdcRepPart.getEndTime().getValue(),
+                    encKdcRepPart.getRenewTill().getValue(),
+                    null
+                );
+            } catch (IOException e) {
+                e.printStackTrace();
+            }
+            subject.getPrivateCredentials().add(ticket);
         }
         commitSucceeded = true;
         LOG.info("Commit Succeeded \n");
@@ -245,7 +279,6 @@ public class TokenAuthLoginModule implements LoginModule {
         } catch (IOException e) {
             e.printStackTrace();
         }
-        TgtTicket tgtTicket;
         KrbTokenClient tokenClient = new KrbTokenClient(krbClient);
         try {
             tgtTicket = tokenClient.requestTgt(krbToken,

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/358340dd/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginWithTokenPreauthEnabledTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginWithTokenPreauthEnabledTest.java b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginWithTokenPreauthEnabledTest.java
index ed4ec8a..f8e7ee4 100644
--- a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginWithTokenPreauthEnabledTest.java
+++ b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginWithTokenPreauthEnabledTest.java
@@ -19,12 +19,6 @@
  */
 package org.apache.kerby.kerberos.kerb.integration.test;
 
-import java.security.Principal;
-import java.security.PrivilegedExceptionAction;
-import java.util.Set;
-
-import javax.security.auth.Subject;
-
 import org.ietf.jgss.GSSContext;
 import org.ietf.jgss.GSSCredential;
 import org.ietf.jgss.GSSException;
@@ -34,6 +28,11 @@ import org.ietf.jgss.Oid;
 import org.junit.Assert;
 import org.junit.Test;
 
+import javax.security.auth.Subject;
+import java.security.Principal;
+import java.security.PrivilegedExceptionAction;
+import java.util.Set;
+
 /**
  * Test login with token when token preauth is allowed by kdc.
  */
@@ -55,7 +54,6 @@ public class TokenLoginWithTokenPreauthEnabledTest extends TokenLoginTestBase {
     }
     
     @Test
-    @org.junit.Ignore
     public void testLoginWithTokenCacheGSS() throws Exception {
         Subject subject = super.testLoginWithTokenCacheAndRetSubject();
         Set<Principal> clientPrincipals = subject.getPrincipals();