You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by pl...@apache.org on 2015/11/04 09:25:56 UTC
[30/48] directory-kerby git commit: DIRKRB-428 Signed token in
TokenLoginTestBase and WithTokenKdcTestBase.
DIRKRB-428 Signed token in TokenLoginTestBase and WithTokenKdcTestBase.
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/0500943b
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/0500943b
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/0500943b
Branch: refs/heads/pkinit-support
Commit: 0500943bf7656cedd9e94a5658760669a4afc4a0
Parents: 0df9588
Author: plusplusjiajia <ji...@intel.com>
Authored: Wed Oct 14 13:46:50 2015 +0800
Committer: plusplusjiajia <ji...@intel.com>
Committed: Wed Oct 14 13:46:50 2015 +0800
----------------------------------------------------------------------
.../kerberos/kdc/WithTokenKdcTestBase.java | 44 +++++++++++++++++++-
.../test/resources/oauth2.com_public_key.pem | 6 +++
.../src/test/resources/private_key.pem | 16 +++++++
.../test/jaas/TokenAuthLoginModule.java | 36 ++++++++++++++++
.../integration/test/jaas/TokenJaasKrbUtil.java | 26 +++++++-----
.../integration/test/TokenLoginTestBase.java | 22 ++++++----
.../src/test/resources/private_key.pem | 16 +++++++
.../test/resources/token-service-public_key.pem | 6 +++
.../kerby/kerberos/kerb/spec/base/KrbToken.java | 6 ++-
9 files changed, 158 insertions(+), 20 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0500943b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithTokenKdcTestBase.java
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithTokenKdcTestBase.java b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithTokenKdcTestBase.java
index ac20938..7dc24d3 100644
--- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithTokenKdcTestBase.java
+++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithTokenKdcTestBase.java
@@ -19,20 +19,28 @@
*/
package org.apache.kerby.kerberos.kdc;
+import org.apache.kerby.kerberos.kerb.KrbException;
import org.apache.kerby.kerberos.kerb.KrbRuntime;
import org.apache.kerby.kerberos.kerb.ccache.Credential;
import org.apache.kerby.kerberos.kerb.ccache.CredentialCache;
+import org.apache.kerby.kerberos.kerb.common.PrivateKeyReader;
+import org.apache.kerby.kerberos.kerb.provider.TokenEncoder;
+import org.apache.kerby.kerberos.kerb.server.KdcConfigKey;
import org.apache.kerby.kerberos.kerb.server.KdcTestBase;
import org.apache.kerby.kerberos.kerb.spec.base.AuthToken;
import org.apache.kerby.kerberos.kerb.spec.base.KrbToken;
import org.apache.kerby.kerberos.kerb.spec.base.TokenFormat;
import org.apache.kerby.kerberos.kerb.spec.ticket.KrbTicket;
import org.apache.kerby.kerberos.kerb.spec.ticket.TgtTicket;
+import org.apache.kerby.kerberos.provider.token.JwtTokenEncoder;
import org.apache.kerby.kerberos.provider.token.JwtTokenProvider;
import org.junit.Before;
import java.io.File;
import java.io.IOException;
+import java.io.InputStream;
+import java.security.PrivateKey;
+import java.security.interfaces.RSAPrivateKey;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
@@ -46,7 +54,7 @@ public class WithTokenKdcTestBase extends KdcTestBase {
static final String GROUP = "sales-group";
static final String ROLE = "ADMIN";
private File cCacheFile;
- private AuthToken krbToken;
+ private KrbToken krbToken;
@Before
public void setUp() throws Exception {
@@ -54,6 +62,13 @@ public class WithTokenKdcTestBase extends KdcTestBase {
super.setUp();
}
+ @Override
+ protected void configKdcSeverAndClient() {
+ super.configKdcSeverAndClient();
+ String verifyKeyPath = this.getClass().getResource("/").getPath();
+ getKdcServer().getKdcConfig().setString(KdcConfigKey.VERIFY_KEY, verifyKeyPath);
+ }
+
protected AuthToken getKrbToken() {
return krbToken;
}
@@ -87,10 +102,35 @@ public class WithTokenKdcTestBase extends KdcTestBase {
Date iat = now;
authToken.setIssueTime(iat);
- krbToken = new KrbToken(authToken, TokenFormat.JWT);
+
+ TokenEncoder tokenEncoder = KrbRuntime.getTokenProvider().createTokenEncoder();
+
+ if (tokenEncoder instanceof JwtTokenEncoder) {
+ InputStream is = WithTokenKdcTestBase.class.getResourceAsStream("/private_key.pem");
+ PrivateKey privateKey = null;
+ try {
+ privateKey = PrivateKeyReader.loadPrivateKey(is);
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+
+ ((JwtTokenEncoder) tokenEncoder).setSignKey((RSAPrivateKey) privateKey);
+ }
+
+ krbToken = new KrbToken();
+ krbToken.setInnerToken(authToken);
+ krbToken.setTokenType();
+ krbToken.setTokenFormat(TokenFormat.JWT);
+ try {
+ krbToken.setTokenValue(tokenEncoder.encodeAsBytes(authToken));
+ } catch (KrbException e) {
+ throw new RuntimeException("Failed to encode AuthToken", e);
+ }
+
return krbToken;
}
+
protected File createCredentialCache(String principal,
String password) throws Exception {
TgtTicket tgt = getKrbClient().requestTgtWithPassword(principal, password);
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0500943b/kerby-kdc-test/src/test/resources/oauth2.com_public_key.pem
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/resources/oauth2.com_public_key.pem b/kerby-kdc-test/src/test/resources/oauth2.com_public_key.pem
new file mode 100644
index 0000000..471a517
--- /dev/null
+++ b/kerby-kdc-test/src/test/resources/oauth2.com_public_key.pem
@@ -0,0 +1,6 @@
+-----BEGIN PUBLIC KEY-----
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4BaCukPmveaHtV7OxXP8/mCCV
+Y2oHXqd+6iIliPRVCxirgp2XHg2nrAkBJTt/y13IHCeVl6Avm7UMzXxxv60NND1H
+e6+zDMgh3IVZM/Xe8uNHNF2C6jR6Z4KQ/GfccTvLuEQwWOt47CjZNDMFFzr2niOZ
+Us6V/0QzqDbHdDc3bQIDAQAB
+-----END PUBLIC KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0500943b/kerby-kdc-test/src/test/resources/private_key.pem
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/resources/private_key.pem b/kerby-kdc-test/src/test/resources/private_key.pem
new file mode 100644
index 0000000..1c2ee59
--- /dev/null
+++ b/kerby-kdc-test/src/test/resources/private_key.pem
@@ -0,0 +1,16 @@
+-----BEGIN PRIVATE KEY-----
+MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBALgFoK6Q+a95oe1X
+s7Fc/z+YIJVjagdep37qIiWI9FULGKuCnZceDaesCQElO3/LXcgcJ5WXoC+btQzN
+fHG/rQ00PUd7r7MMyCHchVkz9d7y40c0XYLqNHpngpD8Z9xxO8u4RDBY63jsKNk0
+MwUXOvaeI5lSzpX/RDOoNsd0NzdtAgMBAAECgYBkEutnA4BFZSgiImeeNKy6sMhH
+dWDb0SXVZw5ayzfUZ8xquQVqgPV8EZpz/QN2Y+oEQQtl1qdOPKcg5z6dvVclwm8d
+aWeflrGcH45QI5mjxsuN/1D/xY5A7adO+/KWBwoUElmJ/OAIPXeaPyQh+FL2Y6Kd
+snrq+6LXYWZzZn+vIQJBAOkWN3SWEimgW5hLPZRtVw5Y+tXfDp6q8YRXK8RREtmi
+HKJySYjyMz01kda3IVVq4siFvTQt0mP9St8RjNrERSsCQQDKHKmudIdUAU+nRs89
+i5S0N9x3jiX7j+yO+9b5Nm+JAPsimA/pA2gQhkXD5UURerIoEc/JLODdqbmT5G7b
+DNnHAkEA3uL0wpKi6ZVDIT2JtD5eSgUCT7ON2mIis2dcHc1dFimz8g8RjFf2cWih
+fc3+nRypohBpXdUXY7AZgXfZ1nRqowJBAMh1f1JZn3ORTViC4b+QNnA8y30EzuVg
+TWdPn1tUQ3GmOG+KVJVu3IMvOfje6A87G4Kkj+tfiLQxx69IrS6z4zcCQCkeIynb
+RSoEti3Dxtstxn8HMWGpz1SyAtI9/lmmxec+HNOIvgwX8z28VtAbRMo+lt/Fp0rn
+bfFmyZ0PPmTHrLE=
+-----END PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0500943b/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java b/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java
index 65ad133..a8888a8 100644
--- a/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java
+++ b/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java
@@ -24,11 +24,14 @@ import org.apache.kerby.kerberos.kerb.KrbRuntime;
import org.apache.kerby.kerberos.kerb.client.Krb5Conf;
import org.apache.kerby.kerberos.kerb.client.KrbClient;
import org.apache.kerby.kerberos.kerb.client.KrbConfig;
+import org.apache.kerby.kerberos.kerb.common.PrivateKeyReader;
import org.apache.kerby.kerberos.kerb.provider.TokenDecoder;
+import org.apache.kerby.kerberos.kerb.provider.TokenEncoder;
import org.apache.kerby.kerberos.kerb.spec.base.AuthToken;
import org.apache.kerby.kerberos.kerb.spec.base.KrbToken;
import org.apache.kerby.kerberos.kerb.spec.base.TokenFormat;
import org.apache.kerby.kerberos.kerb.spec.ticket.TgtTicket;
+import org.apache.kerby.kerberos.provider.token.JwtTokenEncoder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -37,7 +40,11 @@ import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
import java.io.IOException;
+import java.security.PrivateKey;
+import java.security.interfaces.RSAPrivateKey;
import java.util.Iterator;
import java.util.Map;
@@ -66,11 +73,13 @@ public class TokenAuthLoginModule implements LoginModule {
KrbToken krbToken = null;
private File armorCache;
private File cCache;
+ private File signKeyFile;
public static final String PRINCIPAL = "principal";
public static final String TOKEN = "token";
public static final String TOKEN_CACHE = "tokenCache";
public static final String ARMOR_CACHE = "armorCache";
public static final String CREDENTIAL_CACHE = "credentialCache";
+ public static final String SIGN_KEY_FILE = "signKeyFile";
/**
* {@inheritDoc}
@@ -86,6 +95,7 @@ public class TokenAuthLoginModule implements LoginModule {
tokenCacheName = (String) options.get(TOKEN_CACHE);
armorCache = new File((String) options.get(ARMOR_CACHE));
cCache = new File((String) options.get(CREDENTIAL_CACHE));
+ signKeyFile = new File((String) options.get(SIGN_KEY_FILE));
}
/**
@@ -191,6 +201,32 @@ public class TokenAuthLoginModule implements LoginModule {
e.printStackTrace();
}
krbToken = new KrbToken(authToken, TokenFormat.JWT);
+ TokenEncoder tokenEncoder = KrbRuntime.getTokenProvider().createTokenEncoder();
+
+ if (tokenEncoder instanceof JwtTokenEncoder) {
+ PrivateKey signKey = null;
+ try {
+ FileInputStream fis = new FileInputStream(signKeyFile);
+ signKey = PrivateKeyReader.loadPrivateKey(fis);
+ } catch (FileNotFoundException e) {
+ e.printStackTrace();
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+
+ ((JwtTokenEncoder) tokenEncoder).setSignKey((RSAPrivateKey) signKey);
+ }
+
+ krbToken = new KrbToken();
+ krbToken.setInnerToken(authToken);
+ krbToken.setTokenType();
+ krbToken.setTokenFormat(TokenFormat.JWT);
+ try {
+ krbToken.setTokenValue(tokenEncoder.encodeAsBytes(authToken));
+ } catch (KrbException e) {
+ throw new RuntimeException("Failed to encode AuthToken", e);
+ }
+
KrbClient krbClient = null;
try {
File confFile = new File(System.getProperty(Krb5Conf.KRB5_CONF));
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0500943b/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenJaasKrbUtil.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenJaasKrbUtil.java b/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenJaasKrbUtil.java
index d7a91ab..46b1fa0 100644
--- a/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenJaasKrbUtil.java
+++ b/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenJaasKrbUtil.java
@@ -48,14 +48,14 @@ public class TokenJaasKrbUtil {
* @throws LoginException e
*/
public static Subject loginUsingToken(
- String principal, File tokenCache, File armorCache, File ccache)
+ String principal, File tokenCache, File armorCache, File ccache, File signKeyFile)
throws LoginException {
Set<Principal> principals = new HashSet<Principal>();
principals.add(new KerberosPrincipal(principal));
Subject subject = new Subject(false, principals,
new HashSet<Object>(), new HashSet<Object>());
- Configuration conf = useTokenCache(principal, tokenCache, armorCache, ccache);
+ Configuration conf = useTokenCache(principal, tokenCache, armorCache, ccache, signKeyFile);
String confName = "TokenCacheConf";
LoginContext loginContext = new LoginContext(confName, subject, null, conf);
loginContext.login();
@@ -73,14 +73,14 @@ public class TokenJaasKrbUtil {
* @throws LoginException e
*/
public static Subject loginUsingToken(
- String principal, String tokenStr, File armorCache, File ccache)
+ String principal, String tokenStr, File armorCache, File ccache, File signKeyFile)
throws LoginException {
Set<Principal> principals = new HashSet<Principal>();
principals.add(new KerberosPrincipal(principal));
Subject subject = new Subject(false, principals,
new HashSet<Object>(), new HashSet<Object>());
- Configuration conf = useTokenStr(principal, tokenStr, armorCache, ccache);
+ Configuration conf = useTokenStr(principal, tokenStr, armorCache, ccache, signKeyFile);
String confName = "TokenStrConf";
LoginContext loginContext = new LoginContext(confName, subject, null, conf);
loginContext.login();
@@ -88,13 +88,13 @@ public class TokenJaasKrbUtil {
}
private static Configuration useTokenCache(String principal, File tokenCache,
- File armorCache, File tgtCache) {
- return new TokenJaasConf(principal, tokenCache, armorCache, tgtCache);
+ File armorCache, File tgtCache, File signKeyFile) {
+ return new TokenJaasConf(principal, tokenCache, armorCache, tgtCache, signKeyFile);
}
private static Configuration useTokenStr(String principal, String tokenStr,
- File armorCache, File tgtCache) {
- return new TokenJaasConf(principal, tokenStr, armorCache, tgtCache);
+ File armorCache, File tgtCache, File signKeyFile) {
+ return new TokenJaasConf(principal, tokenStr, armorCache, tgtCache, signKeyFile);
}
/**
@@ -106,19 +106,24 @@ public class TokenJaasKrbUtil {
private String tokenStr;
private File armorCache;
private File ccache;
+ private File signKeyFile;
- public TokenJaasConf(String principal, File tokenCache, File armorCache, File ccache) {
+ public TokenJaasConf(String principal, File tokenCache, File armorCache, File ccache,
+ File signKeyFile) {
this.principal = principal;
this.tokenCache = tokenCache;
this.armorCache = armorCache;
this.ccache = ccache;
+ this.signKeyFile = signKeyFile;
}
- public TokenJaasConf(String principal, String tokenStr, File armorCache, File ccache) {
+ public TokenJaasConf(String principal, String tokenStr, File armorCache, File ccache,
+ File signKeyFile) {
this.principal = principal;
this.tokenStr = tokenStr;
this.armorCache = armorCache;
this.ccache = ccache;
+ this.signKeyFile = signKeyFile;
}
@Override
@@ -132,6 +137,7 @@ public class TokenJaasKrbUtil {
}
options.put(TokenAuthLoginModule.ARMOR_CACHE, armorCache.getAbsolutePath());
options.put(TokenAuthLoginModule.CREDENTIAL_CACHE, ccache.getAbsolutePath());
+ options.put(TokenAuthLoginModule.SIGN_KEY_FILE, signKeyFile.getAbsolutePath());
return new AppConfigurationEntry[]{
new AppConfigurationEntry(
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0500943b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginTestBase.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginTestBase.java b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginTestBase.java
index c6f6f89..3943ffe 100644
--- a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginTestBase.java
+++ b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginTestBase.java
@@ -41,6 +41,7 @@ public class TokenLoginTestBase extends LoginTestBase {
private File tokenCache;
private File armorCache;
private File tgtCache;
+ private File signKeyFile;
static final String GROUP = "sales-group";
static final String ROLE = "ADMIN";
@@ -55,13 +56,16 @@ public class TokenLoginTestBase extends LoginTestBase {
super.setUp();
armorCache = new File(getTestDir(), "armorcache.cc");
tgtCache = new File(getTestDir(), "tgtcache.cc");
+ signKeyFile = new File(this.getClass().getResource("/private_key.pem").getPath());
}
@Override
protected void configKdcSeverAndClient() {
super.configKdcSeverAndClient();
getKdcServer().getKdcConfig().setBoolean(KdcConfigKey.ALLOW_TOKEN_PREAUTH,
- isTokenPreauthAllowed());
+ isTokenPreauthAllowed());
+ String verifyKeyFile = this.getClass().getResource("/").getPath();
+ getKdcServer().getKdcConfig().setString(KdcConfigKey.VERIFY_KEY, verifyKeyFile);
}
protected Boolean isTokenPreauthAllowed() {
@@ -120,21 +124,25 @@ public class TokenLoginTestBase extends LoginTestBase {
return authToken;
}
- private Subject loginClientUsingTokenStr(String tokenStr, File armorCache, File tgtCache) throws Exception {
- return TokenJaasKrbUtil.loginUsingToken(getClientPrincipal(), tokenStr, armorCache, tgtCache);
+ private Subject loginClientUsingTokenStr(String tokenStr, File armorCache, File tgtCache,
+ File signKeyFile) throws Exception {
+ return TokenJaasKrbUtil.loginUsingToken(getClientPrincipal(), tokenStr, armorCache,
+ tgtCache, signKeyFile);
}
- private Subject loginClientUsingTokenCache(File tokenCache, File armorCache, File tgtCache) throws Exception {
- return TokenJaasKrbUtil.loginUsingToken(getClientPrincipal(), tokenCache, armorCache, tgtCache);
+ private Subject loginClientUsingTokenCache(File tokenCache, File armorCache, File tgtCache,
+ File signKeyFile) throws Exception {
+ return TokenJaasKrbUtil.loginUsingToken(getClientPrincipal(), tokenCache, armorCache,
+ tgtCache, signKeyFile);
}
protected void testLoginWithTokenStr() throws Exception {
String tokenStr = createTokenAndArmorCache();
- checkSubject(loginClientUsingTokenStr(tokenStr, armorCache, tgtCache));
+ checkSubject(loginClientUsingTokenStr(tokenStr, armorCache, tgtCache, signKeyFile));
}
protected void testLoginWithTokenCache() throws Exception {
createTokenAndArmorCache();
- checkSubject(loginClientUsingTokenCache(tokenCache, armorCache, tgtCache));
+ checkSubject(loginClientUsingTokenCache(tokenCache, armorCache, tgtCache, signKeyFile));
}
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0500943b/kerby-kerb/integration-test/src/test/resources/private_key.pem
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/test/resources/private_key.pem b/kerby-kerb/integration-test/src/test/resources/private_key.pem
new file mode 100644
index 0000000..1c2ee59
--- /dev/null
+++ b/kerby-kerb/integration-test/src/test/resources/private_key.pem
@@ -0,0 +1,16 @@
+-----BEGIN PRIVATE KEY-----
+MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBALgFoK6Q+a95oe1X
+s7Fc/z+YIJVjagdep37qIiWI9FULGKuCnZceDaesCQElO3/LXcgcJ5WXoC+btQzN
+fHG/rQ00PUd7r7MMyCHchVkz9d7y40c0XYLqNHpngpD8Z9xxO8u4RDBY63jsKNk0
+MwUXOvaeI5lSzpX/RDOoNsd0NzdtAgMBAAECgYBkEutnA4BFZSgiImeeNKy6sMhH
+dWDb0SXVZw5ayzfUZ8xquQVqgPV8EZpz/QN2Y+oEQQtl1qdOPKcg5z6dvVclwm8d
+aWeflrGcH45QI5mjxsuN/1D/xY5A7adO+/KWBwoUElmJ/OAIPXeaPyQh+FL2Y6Kd
+snrq+6LXYWZzZn+vIQJBAOkWN3SWEimgW5hLPZRtVw5Y+tXfDp6q8YRXK8RREtmi
+HKJySYjyMz01kda3IVVq4siFvTQt0mP9St8RjNrERSsCQQDKHKmudIdUAU+nRs89
+i5S0N9x3jiX7j+yO+9b5Nm+JAPsimA/pA2gQhkXD5UURerIoEc/JLODdqbmT5G7b
+DNnHAkEA3uL0wpKi6ZVDIT2JtD5eSgUCT7ON2mIis2dcHc1dFimz8g8RjFf2cWih
+fc3+nRypohBpXdUXY7AZgXfZ1nRqowJBAMh1f1JZn3ORTViC4b+QNnA8y30EzuVg
+TWdPn1tUQ3GmOG+KVJVu3IMvOfje6A87G4Kkj+tfiLQxx69IrS6z4zcCQCkeIynb
+RSoEti3Dxtstxn8HMWGpz1SyAtI9/lmmxec+HNOIvgwX8z28VtAbRMo+lt/Fp0rn
+bfFmyZ0PPmTHrLE=
+-----END PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0500943b/kerby-kerb/integration-test/src/test/resources/token-service-public_key.pem
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/test/resources/token-service-public_key.pem b/kerby-kerb/integration-test/src/test/resources/token-service-public_key.pem
new file mode 100644
index 0000000..471a517
--- /dev/null
+++ b/kerby-kerb/integration-test/src/test/resources/token-service-public_key.pem
@@ -0,0 +1,6 @@
+-----BEGIN PUBLIC KEY-----
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4BaCukPmveaHtV7OxXP8/mCCV
+Y2oHXqd+6iIliPRVCxirgp2XHg2nrAkBJTt/y13IHCeVl6Avm7UMzXxxv60NND1H
+e6+zDMgh3IVZM/Xe8uNHNF2C6jR6Z4KQ/GfccTvLuEQwWOt47CjZNDMFFzr2niOZ
+Us6V/0QzqDbHdDc3bQIDAQAB
+-----END PUBLIC KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0500943b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/base/KrbToken.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/base/KrbToken.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/base/KrbToken.java
index 5e3ce13..c40b7bb 100644
--- a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/base/KrbToken.java
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/base/KrbToken.java
@@ -104,7 +104,7 @@ public class KrbToken extends KrbSequenceType implements AuthToken {
/**
* Set token type.
*/
- private void setTokenType() {
+ public void setTokenType() {
List<String> audiences = this.innerToken.getAudiences();
if (audiences.size() == 1 && audiences.get(0).startsWith(KrbConstant.TGS_PRINCIPAL)) {
isIdToken(true);
@@ -327,4 +327,8 @@ public class KrbToken extends KrbSequenceType implements AuthToken {
public void addAttribute(String name, Object value) {
innerToken.addAttribute(name, value);
}
+
+ public void setInnerToken(AuthToken authToken) {
+ this.innerToken = authToken;
+ }
}