You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by dr...@apache.org on 2015/07/02 07:40:48 UTC
directory-kerby git commit: DIRKRB-316 Added 3 JAAS login tests first
Repository: directory-kerby
Updated Branches:
refs/heads/master a466155c7 -> dca5fdb56
DIRKRB-316 Added 3 JAAS login tests first
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/dca5fdb5
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/dca5fdb5
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/dca5fdb5
Branch: refs/heads/master
Commit: dca5fdb56a78c87b775491ba7c28a41c918b1799
Parents: a466155
Author: drankye <ka...@intel.com>
Authored: Thu Jul 2 21:38:43 2015 +0800
Committer: Drankye <dr...@gmail.com>
Committed: Thu Jul 2 21:38:43 2015 +0800
----------------------------------------------------------------------
kerby-kerb/integration-test/pom.xml | 7 ++
.../kerb/integration/test/KeytabLoginTest.java | 30 +++++++
.../kerb/integration/test/LoginTestBase.java | 86 ++++++++++++++++++++
.../integration/test/PasswordLoginTest.java | 31 +++++++
.../integration/test/TicketCacheLoginTest.java | 30 +++++++
.../kerby/kerberos/kerb/client/KrbClient.java | 13 ++-
.../kerberos/kerb/server/GssInteropTest.java | 3 -
.../kerby/kerberos/kerb/client/JaasKrbUtil.java | 14 ++--
8 files changed, 204 insertions(+), 10 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/dca5fdb5/kerby-kerb/integration-test/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/pom.xml b/kerby-kerb/integration-test/pom.xml
index 8994896..7483c28 100644
--- a/kerby-kerb/integration-test/pom.xml
+++ b/kerby-kerb/integration-test/pom.xml
@@ -37,5 +37,12 @@
<artifactId>kerb-kdc-test</artifactId>
<version>${project.version}</version>
</dependency>
+ <dependency>
+ <groupId>org.apache.kerby</groupId>
+ <artifactId>kerb-kdc-test</artifactId>
+ <version>${project.version}</version>
+ <type>test-jar</type>
+ <scope>test</scope>
+ </dependency>
</dependencies>
</project>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/dca5fdb5/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/KeytabLoginTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/KeytabLoginTest.java b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/KeytabLoginTest.java
new file mode 100644
index 0000000..8d26035
--- /dev/null
+++ b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/KeytabLoginTest.java
@@ -0,0 +1,30 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.integration.test;
+
+import org.junit.Test;
+
+public class KeytabLoginTest extends LoginTestBase {
+
+ @Test
+ public void testLogin() throws Exception {
+ checkSubject(super.loginServiceUsingKeytab());
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/dca5fdb5/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/LoginTestBase.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/LoginTestBase.java b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/LoginTestBase.java
new file mode 100644
index 0000000..b9499e7
--- /dev/null
+++ b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/LoginTestBase.java
@@ -0,0 +1,86 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.integration.test;
+
+import org.apache.kerby.kerberos.kerb.client.JaasKrbUtil;
+import org.apache.kerby.kerberos.kerb.server.KdcTestBase;
+import org.apache.kerby.kerberos.kerb.spec.ticket.TgtTicket;
+import org.junit.After;
+import org.junit.Assert;
+import org.junit.Before;
+
+import javax.security.auth.Subject;
+import javax.security.auth.login.LoginException;
+import java.io.File;
+import java.security.Principal;
+import java.util.Set;
+import static org.assertj.core.api.Assertions.assertThat;
+
+
+public class LoginTestBase extends KdcTestBase {
+
+ protected File ticketCacheFile;
+ protected File serviceKeytabFile;
+
+ @Before
+ @Override
+ public void setUp() throws Exception {
+ super.setUp();
+
+ ticketCacheFile = new File(getTestDir(), "test-tkt.cc");
+ serviceKeytabFile = new File(getTestDir(), "test-service.keytab");
+ }
+
+ protected Subject loginClientUsingPassword() throws LoginException {
+ return JaasKrbUtil.loginUsingPassword(getClientPrincipal(),
+ getClientPassword());
+ }
+
+ protected Subject loginClientUsingTicketCache() throws Exception {
+ TgtTicket tgt = getKrbClient().requestTgtWithPassword(getClientPrincipal(),
+ getClientPassword());
+ getKrbClient().storeTicket(tgt, ticketCacheFile);
+
+ return JaasKrbUtil.loginUsingTicketCache(getClientPrincipal(),
+ ticketCacheFile);
+ }
+
+ protected Subject loginServiceUsingKeytab() throws Exception {
+ getKdcServer().exportPrincipals(serviceKeytabFile);
+
+ return JaasKrbUtil.loginUsingKeytab(getClientPrincipal(),
+ serviceKeytabFile);
+ }
+
+ protected void checkSubject(Subject subject) {
+
+ Set<Principal> clientPrincipals = subject.getPrincipals();
+ assertThat(clientPrincipals);
+ }
+
+ @After
+ @Override
+ public void tearDown() throws Exception {
+ ticketCacheFile.delete();
+ serviceKeytabFile.delete();
+
+ super.tearDown();
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/dca5fdb5/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/PasswordLoginTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/PasswordLoginTest.java b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/PasswordLoginTest.java
new file mode 100644
index 0000000..6c2e4f3
--- /dev/null
+++ b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/PasswordLoginTest.java
@@ -0,0 +1,31 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.integration.test;
+
+import org.junit.Test;
+
+public class PasswordLoginTest extends LoginTestBase {
+
+ @Test
+ public void testLogin() throws Exception {
+ checkSubject(super.loginClientUsingPassword());
+ }
+
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/dca5fdb5/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TicketCacheLoginTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TicketCacheLoginTest.java b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TicketCacheLoginTest.java
new file mode 100644
index 0000000..a7c198c
--- /dev/null
+++ b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TicketCacheLoginTest.java
@@ -0,0 +1,30 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.integration.test;
+
+import org.junit.Test;
+
+public class TicketCacheLoginTest extends LoginTestBase {
+
+ @Test
+ public void testLogin() throws Exception {
+ checkSubject(super.loginClientUsingTicketCache());
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/dca5fdb5/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbClient.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbClient.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbClient.java
index 9905a50..7e587ef 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbClient.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbClient.java
@@ -181,7 +181,7 @@ public class KrbClient {
* @throws KrbException
*/
public TgtTicket requestTgtWithKeytab(String principal,
- String keytabFile) throws KrbException {
+ File keytabFile) throws KrbException {
KOptions requestOptions = new KOptions();
requestOptions.add(KrbOption.CLIENT_PRINCIPAL, principal);
requestOptions.add(KrbOption.USE_KEYTAB, true);
@@ -287,6 +287,17 @@ public class KrbClient {
*/
public void storeTicket(TgtTicket tgtTicket,
File ccacheFile) throws KrbException {
+ if (!ccacheFile.exists()) {
+ try {
+ if (!ccacheFile.createNewFile()) {
+ throw new KrbException("Failed to create ccache file "
+ + ccacheFile.getAbsolutePath());
+ }
+ } catch (IOException e) {
+ throw new KrbException("Failed to create ccache file "
+ + ccacheFile.getAbsolutePath(), e);
+ }
+ }
if (ccacheFile.exists() && ccacheFile.canWrite()) {
CredentialCache cCache = new CredentialCache(tgtTicket);
try {
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/dca5fdb5/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/GssInteropTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/GssInteropTest.java b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/GssInteropTest.java
index 32b8ca8..a3a0fe3 100644
--- a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/GssInteropTest.java
+++ b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/GssInteropTest.java
@@ -23,7 +23,6 @@ import org.apache.kerby.kerberos.kerb.KrbException;
import org.apache.kerby.kerberos.kerb.client.JaasKrbUtil;
import org.ietf.jgss.*;
import org.junit.Assert;
-import org.junit.Before;
import org.junit.Test;
import javax.security.auth.Subject;
@@ -32,8 +31,6 @@ import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.kerberos.KerberosTicket;
-import javax.security.auth.login.LoginContext;
-import java.io.File;
import java.io.IOException;
import java.security.Principal;
import java.security.PrivilegedExceptionAction;
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/dca5fdb5/kerby-kerb/kerb-simplekdc/src/main/java/org/apache/kerby/kerberos/kerb/client/JaasKrbUtil.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-simplekdc/src/main/java/org/apache/kerby/kerberos/kerb/client/JaasKrbUtil.java b/kerby-kerb/kerb-simplekdc/src/main/java/org/apache/kerby/kerberos/kerb/client/JaasKrbUtil.java
index 2573103..937200d 100644
--- a/kerby-kerb/kerb-simplekdc/src/main/java/org/apache/kerby/kerberos/kerb/client/JaasKrbUtil.java
+++ b/kerby-kerb/kerb-simplekdc/src/main/java/org/apache/kerby/kerberos/kerb/client/JaasKrbUtil.java
@@ -44,6 +44,8 @@ public final class JaasKrbUtil {
private JaasKrbUtil() {}
+ public static boolean enableDebug = true;
+
public static Subject loginUsingPassword(
String principal, String password) throws LoginException {
Set<Principal> principals = new HashSet<Principal>();
@@ -126,10 +128,10 @@ public final class JaasKrbUtil {
options.put("useKeyTab", "true");
options.put("storeKey", "true");
options.put("doNotPrompt", "true");
- options.put("renewTGT", "true");
+ options.put("renewTGT", "false");
options.put("refreshKrb5Config", "true");
options.put("isInitiator", "false");
- options.put("debug", "false");
+ options.put("debug", String.valueOf(enableDebug));
return new AppConfigurationEntry[]{
new AppConfigurationEntry(getKrb5LoginModuleName(),
@@ -151,14 +153,14 @@ public final class JaasKrbUtil {
public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
Map<String, String> options = new HashMap<String, String>();
options.put("principal", principal);
- options.put("storeKey", "true");
- options.put("doNotPrompt", "true");
+ options.put("storeKey", "false");
+ options.put("doNotPrompt", "false");
options.put("useTicketCache", "true");
options.put("renewTGT", "true");
options.put("refreshKrb5Config", "true");
options.put("isInitiator", "true");
options.put("ticketCache", clientCredentialFile.getAbsolutePath());
- options.put("debug", "false");
+ options.put("debug", String.valueOf(enableDebug));
return new AppConfigurationEntry[]{
new AppConfigurationEntry(getKrb5LoginModuleName(),
@@ -184,7 +186,7 @@ public final class JaasKrbUtil {
options.put("renewTGT", "true");
options.put("refreshKrb5Config", "true");
options.put("isInitiator", "true");
- options.put("debug", "false");
+ options.put("debug", String.valueOf(enableDebug));
return new AppConfigurationEntry[]{
new AppConfigurationEntry(getKrb5LoginModuleName(),