You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by co...@apache.org on 2017/07/24 11:50:50 UTC
[09/18] directory-kerby git commit: Revert "DIRKRB-581 - Imcompatible
token header in init context against JDK GssApi. Thanks to Wei Zhou."
Revert "DIRKRB-581 - Imcompatible token header in init context against JDK GssApi. Thanks to Wei Zhou."
This reverts commit 2bc1ac75c435f1ae09dfea492f6a655329763bd5.
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/d72f5a9d
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/d72f5a9d
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/d72f5a9d
Branch: refs/heads/1.0.x-fixes
Commit: d72f5a9d9666271d71fbd4d25943a575d74aa172
Parents: 96494e9
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Mon Jul 24 12:45:20 2017 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Mon Jul 24 12:45:20 2017 +0100
----------------------------------------------------------------------
.../kerberos/kerb/gssapi/krb5/KerbyContext.java | 31 ++++----------------
1 file changed, 5 insertions(+), 26 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/d72f5a9d/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gssapi/krb5/KerbyContext.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gssapi/krb5/KerbyContext.java b/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gssapi/krb5/KerbyContext.java
index 5395afd..eba2a26 100644
--- a/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gssapi/krb5/KerbyContext.java
+++ b/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gssapi/krb5/KerbyContext.java
@@ -48,7 +48,6 @@ import javax.security.auth.kerberos.KerberosTicket;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
-import java.nio.ByteBuffer;
import java.security.Provider;
@SuppressWarnings("PMD")
@@ -59,9 +58,6 @@ public class KerbyContext implements GSSContextSpi {
private static final int STATE_ESTABLISHED = 2;
private static final int STATE_DESTROYED = 3;
- private static final byte[] MSG_AP_REQ = {(byte) 0x1, (byte) 0};
- private static final byte[] MSG_AP_REP = {(byte) 0x2, (byte) 0};
-
private int ctxState = STATE_NONE;
private final GSSCaller caller;
@@ -293,11 +289,7 @@ public class KerbyContext implements GSSContextSpi {
}
setupInitiatorContext(sgtTicket, apRequest);
try {
- ByteBuffer outBuffer = ByteBuffer.allocate(outApReq.encodingLength() + 2);
- outBuffer.put(MSG_AP_REQ);
- outApReq.encode(outBuffer);
- outBuffer.flip();
- ret = outBuffer.array();
+ ret = outApReq.encode();
} catch (IOException e) {
throw new GSSException(GSSException.FAILURE, -1, "Generate ApReq bytes failed: " + e.getMessage());
}
@@ -354,13 +346,9 @@ public class KerbyContext implements GSSContextSpi {
*/
private void verifyServerToken(InputStream is, int mechTokenSize)
throws GSSException {
- byte[] token;
+ byte[] token = new byte[mechTokenSize];
ApRep apRep;
try {
- if (!(is.read() == MSG_AP_REP[0] && is.read() == MSG_AP_REP[1])) {
- throw new GSSException(GSSException.FAILURE, -1, "Invalid ApRep message ID");
- }
- token = new byte[mechTokenSize - MSG_AP_REP.length];
is.read(token);
apRep = new ApRep();
apRep.decode(token);
@@ -416,19 +404,14 @@ public class KerbyContext implements GSSContextSpi {
private byte[] verifyClientToken(KerbyAcceptCred acceptCred, InputStream is, int mechTokenSize)
throws GSSException {
- byte[] token;
+ byte[] token = new byte[mechTokenSize];
ApReq apReq;
try {
- if (!(is.read() == MSG_AP_REQ[0] && is.read() == MSG_AP_REQ[1])) {
- throw new GSSException(GSSException.FAILURE, -1, "Invalid ApReq message ID");
- }
-
- token = new byte[mechTokenSize - MSG_AP_REQ.length];
is.read(token);
apReq = new ApReq();
apReq.decode(token);
} catch (IOException e) {
- throw new GSSException(GSSException.UNAUTHORIZED, -1, "ApReq invalid:" + e.getMessage());
+ throw new GSSException(GSSException.UNAUTHORIZED, -1, "ApReq invalid" + e.getMessage());
}
int kvno = apReq.getTicket().getEncryptedEncPart().getKvno();
@@ -476,11 +459,7 @@ public class KerbyContext implements GSSContextSpi {
byte[] ret = null;
try {
- ByteBuffer outBuffer = ByteBuffer.allocate(apRep.encodingLength() + 2);
- outBuffer.put(MSG_AP_REP);
- apRep.encode(outBuffer);
- outBuffer.flip();
- ret = outBuffer.array();
+ ret = apRep.encode();
} catch (IOException e) {
throw new GSSException(GSSException.FAILURE, -1, "Generate ApRep bytes failed:" + e.getMessage());
}