You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by pl...@apache.org on 2015/11/04 09:26:01 UTC
[35/48] directory-kerby git commit: Fixed a NPE on a bad JWT signature validation + added tests.

Fixed a NPE on a bad JWT signature validation + added tests.


Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/c3ada0cd
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/c3ada0cd
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/c3ada0cd

Branch: refs/heads/pkinit-support
Commit: c3ada0cd7b1535a7d3f5f43230a63b964dc2c4a9
Parents: 3cec9dc
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Thu Oct 22 10:45:37 2015 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Thu Oct 22 10:45:37 2015 +0100

----------------------------------------------------------------------
 .../kerby/kerberos/kdc/WithAccessTokenKdcTest.java | 17 +++++++++++++++++
 .../kerberos/kdc/WithIdentityTokenKdcTest.java     | 17 +++++++++++++++++
 .../kerb/server/preauth/token/TokenPreauth.java    |  4 ++++
 3 files changed, 38 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/c3ada0cd/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithAccessTokenKdcTest.java
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithAccessTokenKdcTest.java b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithAccessTokenKdcTest.java
index a119282..544923d 100644
--- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithAccessTokenKdcTest.java
+++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithAccessTokenKdcTest.java
@@ -20,6 +20,8 @@
 package org.apache.kerby.kerberos.kdc;
 
 import java.io.InputStream;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
 import java.security.PrivateKey;
 
 import org.apache.kerby.kerberos.kerb.KrbException;
@@ -83,6 +85,21 @@ public class WithAccessTokenKdcTest extends WithTokenKdcTestBase {
         }
     }
     
+    @Test
+    public void testSignedTokenWithABadKey() throws Exception {
+        KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
+        KeyPair keyPair = keyGen.generateKeyPair();
+        prepareToken(getServerPrincipal(), ISSUER, AUDIENCE, keyPair.getPrivate());
+        
+        try {
+            performTest();
+            Assert.fail("Failure expected on a bad key");
+        } catch (Exception ex) {
+            // expected
+            Assert.assertTrue(ex instanceof KrbException);
+        }
+    }
+    
     private void performTest() throws Exception {
         createCredentialCache(getClientPrincipal(), getClientPassword());
 

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/c3ada0cd/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithIdentityTokenKdcTest.java
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithIdentityTokenKdcTest.java b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithIdentityTokenKdcTest.java
index 73e7820..71f9da7 100644
--- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithIdentityTokenKdcTest.java
+++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithIdentityTokenKdcTest.java
@@ -27,6 +27,8 @@ import org.junit.Assert;
 import org.junit.Test;
 
 import java.io.InputStream;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
 import java.security.PrivateKey;
 
 public class WithIdentityTokenKdcTest extends WithTokenKdcTestBase {
@@ -85,6 +87,21 @@ public class WithIdentityTokenKdcTest extends WithTokenKdcTestBase {
         }
     }
     
+    @Test
+    public void testSignedTokenWithABadKey() throws Exception {
+        KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
+        KeyPair keyPair = keyGen.generateKeyPair();
+        prepareToken(null, ISSUER, AUDIENCE, keyPair.getPrivate());
+        
+        try {
+            performTest();
+            Assert.fail("Failure expected on a bad key");
+        } catch (Exception ex) {
+            // expected
+            Assert.assertTrue(ex instanceof KrbException);
+        }
+    }
+    
     private void performTest() throws Exception {
 
         createCredentialCache(getClientPrincipal(), getClientPassword());

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/c3ada0cd/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java
index 2e8e860..2de66b5 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java
@@ -103,6 +103,10 @@ public class TokenPreauth extends AbstractPreauthPlugin {
             } catch (IOException e) {
                 throw new KrbException("Decoding failed", e);
             }
+            
+            if (authToken == null) {
+                throw new KrbException("Token Decoding failed");
+            }
 
             if (kdcRequest instanceof AsRequest) {
                 AsRequest asRequest = (AsRequest) kdcRequest;