You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by pl...@apache.org on 2016/07/05 07:17:06 UTC
[18/26] directory-kerby git commit: DIRKRB-591 Add the KerberosTicket
to subject's private credentials in TokenAuthLoginModule.
DIRKRB-591 Add the KerberosTicket to subject's private credentials in TokenAuthLoginModule.
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/358340dd
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/358340dd
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/358340dd
Branch: refs/heads/kadmin-remote
Commit: 358340dd2a60a36a69988f1dd7c509cf585acdc8
Parents: 68933ae
Author: plusplusjiajia <ji...@intel.com>
Authored: Mon Jul 4 14:41:39 2016 +0800
Committer: plusplusjiajia <ji...@intel.com>
Committed: Mon Jul 4 14:41:39 2016 +0800
----------------------------------------------------------------------
.../test/jaas/TokenAuthLoginModule.java | 37 ++++++++++++++++++--
.../TokenLoginWithTokenPreauthEnabledTest.java | 12 +++----
2 files changed, 40 insertions(+), 9 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/358340dd/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java b/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java
index bee4938..0d812c9 100644
--- a/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java
+++ b/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java
@@ -31,6 +31,7 @@ import org.apache.kerby.kerberos.kerb.provider.TokenEncoder;
import org.apache.kerby.kerberos.kerb.type.base.AuthToken;
import org.apache.kerby.kerberos.kerb.type.base.KrbToken;
import org.apache.kerby.kerberos.kerb.type.base.TokenFormat;
+import org.apache.kerby.kerberos.kerb.type.kdc.EncKdcRepPart;
import org.apache.kerby.kerberos.kerb.type.ticket.TgtTicket;
import org.apache.kerby.kerberos.provider.token.JwtTokenEncoder;
import org.slf4j.Logger;
@@ -38,6 +39,8 @@ import org.slf4j.LoggerFactory;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.kerberos.KerberosPrincipal;
+import javax.security.auth.kerberos.KerberosTicket;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import java.io.File;
@@ -47,6 +50,7 @@ import java.io.IOException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.interfaces.RSAPrivateKey;
+import java.util.Date;
import java.util.Iterator;
import java.util.Map;
@@ -83,6 +87,8 @@ public class TokenAuthLoginModule implements LoginModule {
public static final String CREDENTIAL_CACHE = "credentialCache";
public static final String SIGN_KEY_FILE = "signKeyFile";
+ private TgtTicket tgtTicket;
+
/**
* {@inheritDoc}
*/
@@ -120,7 +126,35 @@ public class TokenAuthLoginModule implements LoginModule {
if (succeeded == false) {
return false;
} else {
- subject.getPublicCredentials().add(krbToken);
+ KerberosTicket ticket = null;
+ try {
+ EncKdcRepPart encKdcRepPart = tgtTicket.getEncKdcRepPart();
+ boolean[] flags = new boolean[7];
+ int flag = encKdcRepPart.getFlags().getFlags();
+ for (int i = 6; i >= 0; i--) {
+ flags[i] = (flag & (1 << i)) != 0;
+ }
+ Date startTime = null;
+ if (encKdcRepPart.getStartTime() != null) {
+ startTime = encKdcRepPart.getStartTime().getValue();
+ }
+
+ ticket = new KerberosTicket(tgtTicket.getTicket().encode(),
+ new KerberosPrincipal(tgtTicket.getClientPrincipal().getName()),
+ new KerberosPrincipal(tgtTicket.getEncKdcRepPart().getSname().getName()),
+ encKdcRepPart.getKey().getKeyData(),
+ encKdcRepPart.getKey().getKeyType().getValue(),
+ flags,
+ encKdcRepPart.getAuthTime().getValue(),
+ startTime,
+ encKdcRepPart.getEndTime().getValue(),
+ encKdcRepPart.getRenewTill().getValue(),
+ null
+ );
+ } catch (IOException e) {
+ e.printStackTrace();
+ }
+ subject.getPrivateCredentials().add(ticket);
}
commitSucceeded = true;
LOG.info("Commit Succeeded \n");
@@ -245,7 +279,6 @@ public class TokenAuthLoginModule implements LoginModule {
} catch (IOException e) {
e.printStackTrace();
}
- TgtTicket tgtTicket;
KrbTokenClient tokenClient = new KrbTokenClient(krbClient);
try {
tgtTicket = tokenClient.requestTgt(krbToken,
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/358340dd/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginWithTokenPreauthEnabledTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginWithTokenPreauthEnabledTest.java b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginWithTokenPreauthEnabledTest.java
index ed4ec8a..f8e7ee4 100644
--- a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginWithTokenPreauthEnabledTest.java
+++ b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginWithTokenPreauthEnabledTest.java
@@ -19,12 +19,6 @@
*/
package org.apache.kerby.kerberos.kerb.integration.test;
-import java.security.Principal;
-import java.security.PrivilegedExceptionAction;
-import java.util.Set;
-
-import javax.security.auth.Subject;
-
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
@@ -34,6 +28,11 @@ import org.ietf.jgss.Oid;
import org.junit.Assert;
import org.junit.Test;
+import javax.security.auth.Subject;
+import java.security.Principal;
+import java.security.PrivilegedExceptionAction;
+import java.util.Set;
+
/**
* Test login with token when token preauth is allowed by kdc.
*/
@@ -55,7 +54,6 @@ public class TokenLoginWithTokenPreauthEnabledTest extends TokenLoginTestBase {
}
@Test
- @org.junit.Ignore
public void testLoginWithTokenCacheGSS() throws Exception {
Subject subject = super.testLoginWithTokenCacheAndRetSubject();
Set<Principal> clientPrincipals = subject.getPrincipals();