You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by co...@apache.org on 2017/07/05 11:34:44 UTC
directory-kerby git commit: Adding a new class KdcClientRequest to
encapsulate information to pass through to the IdentityService to create
authorization data
Repository: directory-kerby
Updated Branches:
refs/heads/trunk 7af3526f7 -> 8b990ad26
Adding a new class KdcClientRequest to encapsulate information to pass through to the IdentityService to create authorization data
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/8b990ad2
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/8b990ad2
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/8b990ad2
Branch: refs/heads/trunk
Commit: 8b990ad268caafcec57f503237e414fb7e403dbd
Parents: 7af3526
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Jul 5 12:34:18 2017 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Jul 5 12:34:18 2017 +0100
----------------------------------------------------------------------
.../kerb/type/kdc/KdcClientRequest.java | 117 +++++++++++++++++++
.../kerb/identity/CacheableIdentityService.java | 7 +-
.../kerberos/kerb/identity/IdentityService.java | 13 ++-
.../backend/AbstractIdentityBackend.java | 15 +--
.../kerb/server/request/KdcRequest.java | 2 +-
.../kerb/server/request/TicketIssuer.java | 15 ++-
6 files changed, 151 insertions(+), 18 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/8b990ad2/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/kdc/KdcClientRequest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/kdc/KdcClientRequest.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/kdc/KdcClientRequest.java
new file mode 100644
index 0000000..d845630
--- /dev/null
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/kdc/KdcClientRequest.java
@@ -0,0 +1,117 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.type.kdc;
+
+import java.net.InetAddress;
+
+import org.apache.kerby.kerberos.kerb.type.base.AuthToken;
+import org.apache.kerby.kerberos.kerb.type.base.EncryptionKey;
+import org.apache.kerby.kerberos.kerb.type.base.EncryptionType;
+import org.apache.kerby.kerberos.kerb.type.base.PrincipalName;
+
+/**
+ * This class holds details of the client request which is passed through to the IdentityService
+ * to create the AuthorizationData
+ */
+public class KdcClientRequest {
+
+ private boolean isPreAuthenticated;
+ private InetAddress clientAddress;
+ private EncryptionType encryptionType;
+ private EncryptionKey clientKey;
+ private PrincipalName clientPrincipal;
+ private AuthToken token;
+ private boolean isToken;
+ private boolean isPkinit;
+ private boolean isAnonymous;
+
+ public boolean isPreAuthenticated() {
+ return isPreAuthenticated;
+ }
+
+ public void setPreAuthenticated(boolean isPreAuthenticated) {
+ this.isPreAuthenticated = isPreAuthenticated;
+ }
+
+ public InetAddress getClientAddress() {
+ return clientAddress;
+ }
+
+ public void setClientAddress(InetAddress clientAddress) {
+ this.clientAddress = clientAddress;
+ }
+
+ public EncryptionType getEncryptionType() {
+ return encryptionType;
+ }
+
+ public void setEncryptionType(EncryptionType encryptionType) {
+ this.encryptionType = encryptionType;
+ }
+
+ public EncryptionKey getClientKey() {
+ return clientKey;
+ }
+
+ public void setClientKey(EncryptionKey clientKey) {
+ this.clientKey = clientKey;
+ }
+
+ public PrincipalName getClientPrincipal() {
+ return clientPrincipal;
+ }
+
+ public void setClientPrincipal(PrincipalName clientPrincipal) {
+ this.clientPrincipal = clientPrincipal;
+ }
+
+ public AuthToken getToken() {
+ return token;
+ }
+
+ public void setToken(AuthToken token) {
+ this.token = token;
+ }
+
+ public boolean isToken() {
+ return isToken;
+ }
+
+ public void setToken(boolean isToken) {
+ this.isToken = isToken;
+ }
+
+ public boolean isPkinit() {
+ return isPkinit;
+ }
+
+ public void setPkinit(boolean isPkinit) {
+ this.isPkinit = isPkinit;
+ }
+
+ public boolean isAnonymous() {
+ return isAnonymous;
+ }
+
+ public void setAnonymous(boolean isAnonymous) {
+ this.isAnonymous = isAnonymous;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/8b990ad2/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/CacheableIdentityService.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/CacheableIdentityService.java b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/CacheableIdentityService.java
index 41dc555..d415661 100644
--- a/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/CacheableIdentityService.java
+++ b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/CacheableIdentityService.java
@@ -14,7 +14,7 @@
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
- * under the License.
+ * under the License.
*
*/
package org.apache.kerby.kerberos.kerb.identity;
@@ -23,6 +23,7 @@ import org.apache.kerby.config.Config;
import org.apache.kerby.config.Configured;
import org.apache.kerby.kerberos.kerb.KrbException;
import org.apache.kerby.kerberos.kerb.type.ad.AuthorizationData;
+import org.apache.kerby.kerberos.kerb.type.kdc.KdcClientRequest;
import org.apache.kerby.kerberos.kerb.type.ticket.EncTicketPart;
import java.util.LinkedHashMap;
@@ -149,10 +150,10 @@ public class CacheableIdentityService
* {@inheritDoc}
*/
@Override
- public AuthorizationData getIdentityAuthorizationData(Object kdcRequest,
+ public AuthorizationData getIdentityAuthorizationData(KdcClientRequest kdcClientRequest,
EncTicketPart encTicketPart) throws KrbException {
- return underlying.getIdentityAuthorizationData(kdcRequest,
+ return underlying.getIdentityAuthorizationData(kdcClientRequest,
encTicketPart);
}
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/8b990ad2/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/IdentityService.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/IdentityService.java b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/IdentityService.java
index 3b10072..54b2bc3 100644
--- a/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/IdentityService.java
+++ b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/IdentityService.java
@@ -6,21 +6,22 @@
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
- * under the License.
- *
+ * under the License.
+ *
*/
package org.apache.kerby.kerberos.kerb.identity;
import org.apache.kerby.kerberos.kerb.KrbException;
import org.apache.kerby.kerberos.kerb.type.ad.AuthorizationData;
+import org.apache.kerby.kerberos.kerb.type.kdc.KdcClientRequest;
import org.apache.kerby.kerberos.kerb.type.ticket.EncTicketPart;
/**
@@ -59,12 +60,12 @@ public interface IdentityService {
/**
* Get an identity's Authorization Data.
- * @param kdcRequest The KdcRequest
+ * @param kdcClientRequest The KdcClientRequest
* @param encTicketPart The EncTicketPart being built for the KrbIdentity
* @return The Authorization Data
* @throws KrbException e
*/
- AuthorizationData getIdentityAuthorizationData(Object kdcRequest,
+ AuthorizationData getIdentityAuthorizationData(KdcClientRequest kdcClientRequest,
EncTicketPart encTicketPart) throws KrbException;
/**
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/8b990ad2/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/AbstractIdentityBackend.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/AbstractIdentityBackend.java b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/AbstractIdentityBackend.java
index d5edc12..7db2a48 100644
--- a/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/AbstractIdentityBackend.java
+++ b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/AbstractIdentityBackend.java
@@ -14,7 +14,7 @@
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
- * under the License.
+ * under the License.
*
*/
package org.apache.kerby.kerberos.kerb.identity.backend;
@@ -24,6 +24,7 @@ import org.apache.kerby.kerberos.kerb.KrbException;
import org.apache.kerby.kerberos.kerb.identity.BatchTrans;
import org.apache.kerby.kerberos.kerb.identity.KrbIdentity;
import org.apache.kerby.kerberos.kerb.type.ad.AuthorizationData;
+import org.apache.kerby.kerberos.kerb.type.kdc.KdcClientRequest;
import org.apache.kerby.kerberos.kerb.type.ticket.EncTicketPart;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -169,16 +170,16 @@ public abstract class AbstractIdentityBackend
* {@inheritDoc}
*/
@Override
- public AuthorizationData getIdentityAuthorizationData(Object kdcRequest,
+ public AuthorizationData getIdentityAuthorizationData(KdcClientRequest kdcClientRequest,
EncTicketPart encTicketPart) throws KrbException {
- if (kdcRequest == null) {
+ if (kdcClientRequest == null) {
throw new IllegalArgumentException("Invalid identity");
}
logger.debug("getIdentityAuthorizationData called, krbIdentity = {}",
- kdcRequest);
+ kdcClientRequest.getClientPrincipal());
- AuthorizationData authData = doGetIdentityAuthorizationData(kdcRequest,
+ AuthorizationData authData = doGetIdentityAuthorizationData(kdcClientRequest,
encTicketPart);
logger.debug("getIdentityAuthorizationData {}, authData = {}",
(authData != null ? "successful" : "failed"), authData);
@@ -188,13 +189,13 @@ public abstract class AbstractIdentityBackend
/**
* Get an identity's Authorization Data, invoked by getIdentityAuthorizationData.
- * @param kdcRequest The kdc request
+ * @param kdcClientRequest The KdcClientRequest
* @param encTicketPart The EncTicketPart being built for the KrbIdentity
* @return The Authorization Data
* @throws KrbException e
*/
protected AuthorizationData doGetIdentityAuthorizationData(
- Object kdcRequest, EncTicketPart encTicketPart)
+ KdcClientRequest kdcClientRequest, EncTicketPart encTicketPart)
throws KrbException {
return null;
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/8b990ad2/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java
index d795541..ba77fe9 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java
@@ -189,7 +189,7 @@ public abstract class KdcRequest {
checkServer();
if (isPreauthRequired()) {
preauth();
- }
+ }
}
checkPolicy();
issueTicket();
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/8b990ad2/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/TicketIssuer.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/TicketIssuer.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/TicketIssuer.java
index e955e28..2685632 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/TicketIssuer.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/TicketIssuer.java
@@ -36,6 +36,7 @@ import org.apache.kerby.kerberos.kerb.type.base.NameType;
import org.apache.kerby.kerberos.kerb.type.base.PrincipalName;
import org.apache.kerby.kerberos.kerb.type.base.TransitedEncoding;
import org.apache.kerby.kerberos.kerb.type.base.TransitedEncodingType;
+import org.apache.kerby.kerberos.kerb.type.kdc.KdcClientRequest;
import org.apache.kerby.kerberos.kerb.type.kdc.KdcOption;
import org.apache.kerby.kerberos.kerb.type.kdc.KdcOptions;
import org.apache.kerby.kerberos.kerb.type.kdc.KdcReq;
@@ -216,8 +217,20 @@ public abstract class TicketIssuer {
protected AuthorizationData makeAuthorizationData(KdcRequest kdcRequest,
EncTicketPart encTicketPart) throws KrbException {
+ // Convert KdcRequest into KdcClientRequest
+ KdcClientRequest clientRequest = new KdcClientRequest();
+ clientRequest.setAnonymous(kdcRequest.isAnonymous());
+ clientRequest.setClientAddress(kdcRequest.getClientAddress());
+ clientRequest.setClientKey(kdcRequest.getClientKey());
+ clientRequest.setClientPrincipal(kdcRequest.getClientPrincipal());
+ clientRequest.setEncryptionType(kdcRequest.getEncryptionType());
+ clientRequest.setPkinit(kdcRequest.isPkinit());
+ clientRequest.setPreAuthenticated(kdcRequest.isPreAuthenticated());
+ clientRequest.setToken(kdcRequest.getToken());
+ clientRequest.setToken(kdcRequest.isToken());
+
return getKdcContext().getIdentityService()
- .getIdentityAuthorizationData(kdcRequest, encTicketPart);
+ .getIdentityAuthorizationData(clientRequest, encTicketPart);
}
protected KdcContext getKdcContext() {