You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by pl...@apache.org on 2016/07/05 07:17:10 UTC
[22/26] directory-kerby git commit: Just write out the JWT token "as
is" if there is no signature key
Just write out the JWT token "as is" if there is no signature key
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/55e90d92
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/55e90d92
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/55e90d92
Branch: refs/heads/kadmin-remote
Commit: 55e90d922e85f969de084fc3e2322a7925547080
Parents: 5e75bf5
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Mon Jul 4 12:18:02 2016 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Mon Jul 4 12:18:32 2016 +0100
----------------------------------------------------------------------
.../test/jaas/TokenAuthLoginModule.java | 73 +++++++++++++-------
.../kerberos/provider/token/JwtAuthToken.java | 6 +-
2 files changed, 51 insertions(+), 28 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/55e90d92/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java b/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java
index 7eee5ba..d0e8549 100644
--- a/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java
+++ b/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java
@@ -33,10 +33,14 @@ import org.apache.kerby.kerberos.kerb.type.base.KrbToken;
import org.apache.kerby.kerberos.kerb.type.base.TokenFormat;
import org.apache.kerby.kerberos.kerb.type.kdc.EncKdcRepPart;
import org.apache.kerby.kerberos.kerb.type.ticket.TgtTicket;
+import org.apache.kerby.kerberos.provider.token.JwtAuthToken;
import org.apache.kerby.kerberos.provider.token.JwtTokenEncoder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import com.nimbusds.jwt.JWT;
+import com.nimbusds.jwt.JWTParser;
+
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.kerberos.KerberosPrincipal;
@@ -50,6 +54,7 @@ import java.io.IOException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.interfaces.RSAPrivateKey;
+import java.text.ParseException;
import java.util.Date;
import java.util.Iterator;
import java.util.Map;
@@ -245,38 +250,55 @@ public class TokenAuthLoginModule implements LoginModule {
throw new LoginException("No valid token was found in token cache: " + tokenCacheName);
}
}
- TokenDecoder tokenDecoder = KrbRuntime.getTokenProvider().createTokenDecoder();
- try {
- authToken = tokenDecoder.decodeFromString(tokenStr);
- } catch (IOException e) {
- e.printStackTrace();
- }
- krbToken = new KrbToken(authToken, TokenFormat.JWT);
- TokenEncoder tokenEncoder = KrbRuntime.getTokenProvider().createTokenEncoder();
- if (tokenEncoder instanceof JwtTokenEncoder && signKeyFile != null) {
- PrivateKey signKey = null;
+ krbToken = new KrbToken();
+
+ // Sign the token.
+ if (signKeyFile != null) {
try {
- FileInputStream fis = new FileInputStream(signKeyFile);
- signKey = PrivateKeyReader.loadPrivateKey(fis);
- } catch (FileNotFoundException e) {
- e.printStackTrace();
- } catch (Exception e) {
- e.printStackTrace();
+ TokenDecoder tokenDecoder = KrbRuntime.getTokenProvider().createTokenDecoder();
+ try {
+ authToken = tokenDecoder.decodeFromString(tokenStr);
+ } catch (IOException e) {
+ e.printStackTrace();
+ }
+ krbToken = new KrbToken(authToken, TokenFormat.JWT);
+ TokenEncoder tokenEncoder = KrbRuntime.getTokenProvider().createTokenEncoder();
+
+ if (tokenEncoder instanceof JwtTokenEncoder) {
+ PrivateKey signKey = null;
+ try {
+ FileInputStream fis = new FileInputStream(signKeyFile);
+ signKey = PrivateKeyReader.loadPrivateKey(fis);
+ } catch (FileNotFoundException e) {
+ e.printStackTrace();
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+
+ ((JwtTokenEncoder) tokenEncoder).setSignKey((RSAPrivateKey) signKey);
+ }
+
+ krbToken.setTokenValue(tokenEncoder.encodeAsBytes(authToken));
+ } catch (KrbException e) {
+ throw new RuntimeException("Failed to encode AuthToken", e);
+ }
+ } else {
+ // Otherwise just write out the token (which could be already signed)
+ krbToken.setTokenValue(tokenStr.getBytes());
+
+ try {
+ JWT jwt = JWTParser.parse(tokenStr);
+ authToken = new JwtAuthToken(jwt.getJWTClaimsSet());
+ } catch (ParseException e) {
+ // Invalid JWT encoding
+ throw new RuntimeException("Failed to parse JWT token string", e);
}
-
- ((JwtTokenEncoder) tokenEncoder).setSignKey((RSAPrivateKey) signKey);
}
-
- krbToken = new KrbToken();
+
krbToken.setInnerToken(authToken);
krbToken.setTokenType();
krbToken.setTokenFormat(TokenFormat.JWT);
- try {
- krbToken.setTokenValue(tokenEncoder.encodeAsBytes(authToken));
- } catch (KrbException e) {
- throw new RuntimeException("Failed to encode AuthToken", e);
- }
KrbClient krbClient = null;
try {
@@ -290,6 +312,7 @@ public class TokenAuthLoginModule implements LoginModule {
} catch (IOException e) {
e.printStackTrace();
}
+
KrbTokenClient tokenClient = new KrbTokenClient(krbClient);
try {
tgtTicket = tokenClient.requestTgt(krbToken,
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/55e90d92/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtAuthToken.java
----------------------------------------------------------------------
diff --git a/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtAuthToken.java b/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtAuthToken.java
index e5d92c8..b6e60c4 100644
--- a/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtAuthToken.java
+++ b/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtAuthToken.java
@@ -40,15 +40,15 @@ public class JwtAuthToken implements AuthToken {
private Boolean isIdToken = true;
private Boolean isAcToken = false;
- protected JwtAuthToken() {
+ public JwtAuthToken() {
this(new JWTClaimsSet());
}
- protected JwtAuthToken(JWTClaimsSet jwtClaims) {
+ public JwtAuthToken(JWTClaimsSet jwtClaims) {
this.jwtClaims = jwtClaims;
}
- protected JwtAuthToken(ReadOnlyJWTClaimsSet jwtClaims) {
+ public JwtAuthToken(ReadOnlyJWTClaimsSet jwtClaims) {
this.jwtClaims = JwtUtil.from(jwtClaims);
}