You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by pl...@apache.org on 2015/11/04 09:26:01 UTC
[35/48] directory-kerby git commit: Fixed a NPE on a bad JWT
signature validation + added tests.
Fixed a NPE on a bad JWT signature validation + added tests.
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/c3ada0cd
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/c3ada0cd
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/c3ada0cd
Branch: refs/heads/pkinit-support
Commit: c3ada0cd7b1535a7d3f5f43230a63b964dc2c4a9
Parents: 3cec9dc
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Thu Oct 22 10:45:37 2015 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Thu Oct 22 10:45:37 2015 +0100
----------------------------------------------------------------------
.../kerby/kerberos/kdc/WithAccessTokenKdcTest.java | 17 +++++++++++++++++
.../kerberos/kdc/WithIdentityTokenKdcTest.java | 17 +++++++++++++++++
.../kerb/server/preauth/token/TokenPreauth.java | 4 ++++
3 files changed, 38 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/c3ada0cd/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithAccessTokenKdcTest.java
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithAccessTokenKdcTest.java b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithAccessTokenKdcTest.java
index a119282..544923d 100644
--- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithAccessTokenKdcTest.java
+++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithAccessTokenKdcTest.java
@@ -20,6 +20,8 @@
package org.apache.kerby.kerberos.kdc;
import java.io.InputStream;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import org.apache.kerby.kerberos.kerb.KrbException;
@@ -83,6 +85,21 @@ public class WithAccessTokenKdcTest extends WithTokenKdcTestBase {
}
}
+ @Test
+ public void testSignedTokenWithABadKey() throws Exception {
+ KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
+ KeyPair keyPair = keyGen.generateKeyPair();
+ prepareToken(getServerPrincipal(), ISSUER, AUDIENCE, keyPair.getPrivate());
+
+ try {
+ performTest();
+ Assert.fail("Failure expected on a bad key");
+ } catch (Exception ex) {
+ // expected
+ Assert.assertTrue(ex instanceof KrbException);
+ }
+ }
+
private void performTest() throws Exception {
createCredentialCache(getClientPrincipal(), getClientPassword());
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/c3ada0cd/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithIdentityTokenKdcTest.java
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithIdentityTokenKdcTest.java b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithIdentityTokenKdcTest.java
index 73e7820..71f9da7 100644
--- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithIdentityTokenKdcTest.java
+++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithIdentityTokenKdcTest.java
@@ -27,6 +27,8 @@ import org.junit.Assert;
import org.junit.Test;
import java.io.InputStream;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
import java.security.PrivateKey;
public class WithIdentityTokenKdcTest extends WithTokenKdcTestBase {
@@ -85,6 +87,21 @@ public class WithIdentityTokenKdcTest extends WithTokenKdcTestBase {
}
}
+ @Test
+ public void testSignedTokenWithABadKey() throws Exception {
+ KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
+ KeyPair keyPair = keyGen.generateKeyPair();
+ prepareToken(null, ISSUER, AUDIENCE, keyPair.getPrivate());
+
+ try {
+ performTest();
+ Assert.fail("Failure expected on a bad key");
+ } catch (Exception ex) {
+ // expected
+ Assert.assertTrue(ex instanceof KrbException);
+ }
+ }
+
private void performTest() throws Exception {
createCredentialCache(getClientPrincipal(), getClientPassword());
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/c3ada0cd/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java
index 2e8e860..2de66b5 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java
@@ -103,6 +103,10 @@ public class TokenPreauth extends AbstractPreauthPlugin {
} catch (IOException e) {
throw new KrbException("Decoding failed", e);
}
+
+ if (authToken == null) {
+ throw new KrbException("Token Decoding failed");
+ }
if (kdcRequest instanceof AsRequest) {
AsRequest asRequest = (AsRequest) kdcRequest;