You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by co...@apache.org on 2017/09/08 10:36:21 UTC
directory-kerby git commit: DIRKRB-654 - Adding tests for the JWT Access Token case using GSS

Repository: directory-kerby
Updated Branches:
  refs/heads/trunk d37de32e4 -> f56fc9681


DIRKRB-654 - Adding tests for the JWT Access Token case using GSS


Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/f56fc968
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/f56fc968
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/f56fc968

Branch: refs/heads/trunk
Commit: f56fc9681c5068db2de0b25d199ca47d63457369
Parents: d37de32
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Fri Sep 8 11:36:06 2017 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Fri Sep 8 11:36:06 2017 +0100

----------------------------------------------------------------------
 .../kerb/integration/test/gss/GssAppServer.java | 22 ++++++++++++++++++++
 .../integration/test/KerbyTokenAppTest.java     |  7 +++++++
 2 files changed, 29 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f56fc968/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/gss/GssAppServer.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/gss/GssAppServer.java b/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/gss/GssAppServer.java
index c7b5ae4..0eb2aae 100644
--- a/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/gss/GssAppServer.java
+++ b/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/gss/GssAppServer.java
@@ -22,6 +22,8 @@ package org.apache.kerby.kerberos.kerb.integration.test.gss;
 import org.apache.kerby.kerberos.kerb.integration.test.AppServer;
 import org.apache.kerby.kerberos.kerb.integration.test.AppUtil;
 import org.apache.kerby.kerberos.kerb.integration.test.Transport;
+import org.apache.kerby.kerberos.kerb.type.ad.AdToken;
+import org.apache.kerby.kerberos.kerb.type.base.KrbToken;
 import org.ietf.jgss.GSSContext;
 import org.ietf.jgss.GSSCredential;
 import org.ietf.jgss.GSSManager;
@@ -29,11 +31,16 @@ import org.ietf.jgss.GSSName;
 import org.ietf.jgss.MessageProp;
 import org.ietf.jgss.Oid;
 
+import com.sun.security.jgss.AuthorizationDataEntry;
+import com.sun.security.jgss.ExtendedGSSContext;
+import com.sun.security.jgss.InquireType;
+
 public class GssAppServer extends AppServer {
     private String serverPrincipal;
     private GSSManager manager;
     private GSSContext context;
     private boolean createContextWithCred = true;
+    private KrbToken receivedAccessToken;
 
     public GssAppServer(String[] args) throws Exception {
         super(args);
@@ -87,6 +94,17 @@ public class GssAppServer extends AppServer {
 
         doWith(context, conn);
 
+        // Store any received access token for later retrieval
+        ExtendedGSSContext extendedContext = (ExtendedGSSContext) context;
+        AuthorizationDataEntry[] authzDataEntries =
+            (AuthorizationDataEntry[]) extendedContext.inquireSecContext(InquireType.KRB5_GET_AUTHZ_DATA);
+        if (authzDataEntries != null && authzDataEntries.length > 0) {
+            byte[] data = authzDataEntries[0].getData();
+            AdToken adToken = new AdToken();
+            adToken.decode(data);
+            receivedAccessToken = adToken.getToken();
+        }
+
         context.dispose();
     }
 
@@ -116,4 +134,8 @@ public class GssAppServer extends AppServer {
     public void setCreateContextWithCred(boolean createContextWithCred) {
         this.createContextWithCred = createContextWithCred;
     }
+
+    public KrbToken getReceivedAccessToken() {
+        return receivedAccessToken;
+    }
 }

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f56fc968/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/KerbyTokenAppTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/KerbyTokenAppTest.java b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/KerbyTokenAppTest.java
index 897e084..5696b89 100644
--- a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/KerbyTokenAppTest.java
+++ b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/KerbyTokenAppTest.java
@@ -43,6 +43,8 @@ import org.junit.Test;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertTrue;
 
 public class KerbyTokenAppTest extends TokenAppTest {
@@ -62,6 +64,11 @@ public class KerbyTokenAppTest extends TokenAppTest {
     @Test
     public void testJwtAccessToken() throws Exception {
         runAppClientWithToken(createAppClient());
+
+        KrbToken receivedToken = ((GssAppServer) appServer).getReceivedAccessToken();
+        assertNotNull(receivedToken);
+        assertEquals(getClientPrincipal(), receivedToken.getSubject());
+        assertEquals(getServerPrincipal(), receivedToken.getAudiences().get(0));
     }
 
     private void runAppClientWithToken(final AppClient appClient) throws Exception {