You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by pl...@apache.org on 2015/11/11 02:56:47 UTC
directory-kerby git commit: DIRKRB-404 Get the client profile from
krb5.conf for PKINIT.
Repository: directory-kerby
Updated Branches:
refs/heads/pkinit-support 1d2d1fd7d -> f6d5088bc
DIRKRB-404 Get the client profile from krb5.conf for PKINIT.
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/f6d5088b
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/f6d5088b
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/f6d5088b
Branch: refs/heads/pkinit-support
Commit: f6d5088bcb639c48a3db24e032c7b7791a705dc4
Parents: 1d2d1fd
Author: plusplusjiajia <ji...@intel.com>
Authored: Wed Nov 11 10:02:42 2015 +0800
Committer: plusplusjiajia <ji...@intel.com>
Committed: Wed Nov 11 10:02:42 2015 +0800
----------------------------------------------------------------------
.../org/apache/kerby/kerberos/kerb/client/KrbConfig.java | 11 +++++++++++
.../apache/kerby/kerberos/kerb/client/KrbConfigKey.java | 4 +++-
.../kerby/kerberos/kerb/client/TestKrbConfigLoad.java | 2 ++
kerby-kerb/kerb-client/src/test/resources/krb5.conf | 2 ++
4 files changed, 18 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f6d5088b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfig.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfig.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfig.java
index 2f88a91..a900b96 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfig.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfig.java
@@ -23,6 +23,7 @@ import org.apache.kerby.config.Conf;
import org.apache.kerby.kerberos.kerb.common.KrbConfHelper;
import org.apache.kerby.kerberos.kerb.spec.base.EncryptionType;
+import java.util.Arrays;
import java.util.List;
/**
@@ -288,4 +289,14 @@ public class KrbConfig extends Conf {
public List<EncryptionType> getDefaultTktEnctypes() {
return KrbConfHelper.getEncTypesUnderSection(this, KrbConfigKey.DEFAULT_TKT_ENCTYPES);
}
+
+ public List<String> getPkinitAnchors() {
+ return Arrays.asList(KrbConfHelper.getStringArrayUnderSection(this,
+ KrbConfigKey.PKINIT_ANCHORS));
+ }
+
+ public List<String> getPkinitIdentities() {
+ return Arrays.asList(KrbConfHelper.getStringArrayUnderSection(this,
+ KrbConfigKey.PKINIT_IDENTITIES));
+ }
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f6d5088b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfigKey.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfigKey.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfigKey.java
index 75f0f14..cdd0568 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfigKey.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfigKey.java
@@ -63,7 +63,9 @@ public enum KrbConfigKey implements SectionConfigKey {
//key for logging location
DEFAULT(null, "logging"),
KDC(null, "logging"),
- ADMIN_SERVER(null, "logging");
+ ADMIN_SERVER(null, "logging"),
+ PKINIT_ANCHORS(null, "libdefaults"),
+ PKINIT_IDENTITIES(null, "libdefaults");
private Object defaultValue;
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f6d5088b/kerby-kerb/kerb-client/src/test/java/org/apache/kerby/kerberos/kerb/client/TestKrbConfigLoad.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/test/java/org/apache/kerby/kerberos/kerb/client/TestKrbConfigLoad.java b/kerby-kerb/kerb-client/src/test/java/org/apache/kerby/kerberos/kerb/client/TestKrbConfigLoad.java
index 46c28ad..7aa464c 100644
--- a/kerby-kerb/kerb-client/src/test/java/org/apache/kerby/kerberos/kerb/client/TestKrbConfigLoad.java
+++ b/kerby-kerb/kerb-client/src/test/java/org/apache/kerby/kerberos/kerb/client/TestKrbConfigLoad.java
@@ -58,5 +58,7 @@ public class TestKrbConfigLoad {
.contains(EncryptionType.DES_CBC_CRC);
assertThat(krbConfig.getDefaultTktEnctypes()).hasSize(1)
.contains(EncryptionType.DES_CBC_CRC);
+ assertThat(krbConfig.getPkinitAnchors()).hasSize(1);
+ assertThat(krbConfig.getPkinitIdentities()).hasSize(2);
}
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f6d5088b/kerby-kerb/kerb-client/src/test/resources/krb5.conf
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/test/resources/krb5.conf b/kerby-kerb/kerb-client/src/test/resources/krb5.conf
index 3c582f6..13432e5 100644
--- a/kerby-kerb/kerb-client/src/test/resources/krb5.conf
+++ b/kerby-kerb/kerb-client/src/test/resources/krb5.conf
@@ -29,6 +29,8 @@
proxiable = true
default_tgs_enctypes = des-cbc-crc
default_tkt_enctypes = des-cbc-crc
+ pkinit_anchors = FILE:/etc/krb5/cacert.pem
+ pkinit_identities = FILE:/etc/krb5/client.pem,/etc/krb5/clientkey.pem
[realms]
# ATHENA.MIT.EDU = {
# admin_server = KERBEROS.MIT.EDU