You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by pl...@apache.org on 2015/11/11 02:56:47 UTC

directory-kerby git commit: DIRKRB-404 Get the client profile from krb5.conf for PKINIT.

Repository: directory-kerby
Updated Branches:
  refs/heads/pkinit-support 1d2d1fd7d -> f6d5088bc


DIRKRB-404 Get the client profile from krb5.conf for PKINIT.


Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/f6d5088b
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/f6d5088b
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/f6d5088b

Branch: refs/heads/pkinit-support
Commit: f6d5088bcb639c48a3db24e032c7b7791a705dc4
Parents: 1d2d1fd
Author: plusplusjiajia <ji...@intel.com>
Authored: Wed Nov 11 10:02:42 2015 +0800
Committer: plusplusjiajia <ji...@intel.com>
Committed: Wed Nov 11 10:02:42 2015 +0800

----------------------------------------------------------------------
 .../org/apache/kerby/kerberos/kerb/client/KrbConfig.java | 11 +++++++++++
 .../apache/kerby/kerberos/kerb/client/KrbConfigKey.java  |  4 +++-
 .../kerby/kerberos/kerb/client/TestKrbConfigLoad.java    |  2 ++
 kerby-kerb/kerb-client/src/test/resources/krb5.conf      |  2 ++
 4 files changed, 18 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f6d5088b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfig.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfig.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfig.java
index 2f88a91..a900b96 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfig.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfig.java
@@ -23,6 +23,7 @@ import org.apache.kerby.config.Conf;
 import org.apache.kerby.kerberos.kerb.common.KrbConfHelper;
 import org.apache.kerby.kerberos.kerb.spec.base.EncryptionType;
 
+import java.util.Arrays;
 import java.util.List;
 
 /**
@@ -288,4 +289,14 @@ public class KrbConfig extends Conf {
     public List<EncryptionType> getDefaultTktEnctypes() {
         return KrbConfHelper.getEncTypesUnderSection(this, KrbConfigKey.DEFAULT_TKT_ENCTYPES);
     }
+
+    public List<String> getPkinitAnchors() {
+        return Arrays.asList(KrbConfHelper.getStringArrayUnderSection(this,
+                KrbConfigKey.PKINIT_ANCHORS));
+    }
+
+    public List<String> getPkinitIdentities() {
+        return Arrays.asList(KrbConfHelper.getStringArrayUnderSection(this,
+                KrbConfigKey.PKINIT_IDENTITIES));
+    }
 }

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f6d5088b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfigKey.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfigKey.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfigKey.java
index 75f0f14..cdd0568 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfigKey.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfigKey.java
@@ -63,7 +63,9 @@ public enum KrbConfigKey implements SectionConfigKey {
     //key for logging location
     DEFAULT(null, "logging"),
     KDC(null, "logging"),
-    ADMIN_SERVER(null, "logging");
+    ADMIN_SERVER(null, "logging"),
+    PKINIT_ANCHORS(null, "libdefaults"),
+    PKINIT_IDENTITIES(null, "libdefaults");
 
 
     private Object defaultValue;

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f6d5088b/kerby-kerb/kerb-client/src/test/java/org/apache/kerby/kerberos/kerb/client/TestKrbConfigLoad.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/test/java/org/apache/kerby/kerberos/kerb/client/TestKrbConfigLoad.java b/kerby-kerb/kerb-client/src/test/java/org/apache/kerby/kerberos/kerb/client/TestKrbConfigLoad.java
index 46c28ad..7aa464c 100644
--- a/kerby-kerb/kerb-client/src/test/java/org/apache/kerby/kerberos/kerb/client/TestKrbConfigLoad.java
+++ b/kerby-kerb/kerb-client/src/test/java/org/apache/kerby/kerberos/kerb/client/TestKrbConfigLoad.java
@@ -58,5 +58,7 @@ public class TestKrbConfigLoad {
                 .contains(EncryptionType.DES_CBC_CRC);
         assertThat(krbConfig.getDefaultTktEnctypes()).hasSize(1)
                 .contains(EncryptionType.DES_CBC_CRC);
+        assertThat(krbConfig.getPkinitAnchors()).hasSize(1);
+        assertThat(krbConfig.getPkinitIdentities()).hasSize(2);
     }
 }

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f6d5088b/kerby-kerb/kerb-client/src/test/resources/krb5.conf
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/test/resources/krb5.conf b/kerby-kerb/kerb-client/src/test/resources/krb5.conf
index 3c582f6..13432e5 100644
--- a/kerby-kerb/kerb-client/src/test/resources/krb5.conf
+++ b/kerby-kerb/kerb-client/src/test/resources/krb5.conf
@@ -29,6 +29,8 @@
   proxiable = true
   default_tgs_enctypes = des-cbc-crc
   default_tkt_enctypes = des-cbc-crc
+  pkinit_anchors = FILE:/etc/krb5/cacert.pem
+  pkinit_identities = FILE:/etc/krb5/client.pem,/etc/krb5/clientkey.pem
 [realms]
 #  ATHENA.MIT.EDU = {
 #		admin_server = KERBEROS.MIT.EDU