You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by pl...@apache.org on 2016/07/05 07:16:49 UTC
[01/26] directory-kerby git commit: Removing unnecessary warning
Repository: directory-kerby
Updated Branches:
refs/heads/kadmin-remote cb8eb4b5d -> 38282872b
Removing unnecessary warning
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/32410c41
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/32410c41
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/32410c41
Branch: refs/heads/kadmin-remote
Commit: 32410c411559185d40751482de85717a31899dd6
Parents: 9d0f9d2
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Thu Jun 9 15:34:37 2016 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Thu Jun 9 15:34:37 2016 +0100
----------------------------------------------------------------------
.../java/org/apache/kerby/kerberos/provider/token/TokenTest.java | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/32410c41/kerby-provider/token-provider/src/test/java/org/apache/kerby/kerberos/provider/token/TokenTest.java
----------------------------------------------------------------------
diff --git a/kerby-provider/token-provider/src/test/java/org/apache/kerby/kerberos/provider/token/TokenTest.java b/kerby-provider/token-provider/src/test/java/org/apache/kerby/kerberos/provider/token/TokenTest.java
index d733fde..b74b373 100644
--- a/kerby-provider/token-provider/src/test/java/org/apache/kerby/kerberos/provider/token/TokenTest.java
+++ b/kerby-provider/token-provider/src/test/java/org/apache/kerby/kerberos/provider/token/TokenTest.java
@@ -208,8 +208,8 @@ public class TokenTest {
Assertions.assertThat(token2).isNull();
}
- @SuppressWarnings("PMD")
- //@Test
+ @Test
+ @org.junit.Ignore
// TODO: building error with openjdk8: NoSuchAlgorithm EC KeyPairGenerato..
public void testTokenWithECDSASignedJWT() throws Exception {
TokenEncoder tokenEncoder = KrbRuntime.getTokenProvider().createTokenEncoder();
[25/26] directory-kerby git commit: Merge remote-tracking branch
'asf/trunk' into kadmin-remote
Posted by pl...@apache.org.
Merge remote-tracking branch 'asf/trunk' into kadmin-remote
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/9cbbc5b1
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/9cbbc5b1
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/9cbbc5b1
Branch: refs/heads/kadmin-remote
Commit: 9cbbc5b1e354b664e7bcdf8a02287439b995647b
Parents: cb8eb4b 358340d
Author: plusplusjiajia <ji...@intel.com>
Authored: Tue Jul 5 15:21:21 2016 +0800
Committer: plusplusjiajia <ji...@intel.com>
Committed: Tue Jul 5 15:21:21 2016 +0800
----------------------------------------------------------------------
.../identitybackend/LdapIdentityBackend.java | 2 +
.../test/jaas/TokenAuthLoginModule.java | 37 +++++++-
.../integration/test/TokenLoginTestBase.java | 10 +-
.../TokenLoginWithTokenPreauthEnabledTest.java | 72 +++++++++++++++
.../kerb/client/preauth/token/TokenPreauth.java | 4 +-
kerby-kerb/kerb-common/pom.xml | 6 ++
.../kerby/kerberos/kerb/common/Krb5Conf.java | 6 +-
.../kerberos/kerb/common/PublicKeyReader.java | 60 ++++++------
.../kerby/kerberos/kerb/KrbErrorCode.java | 2 +-
.../apache/kerby/kerberos/kerb/KrbRuntime.java | 2 +-
.../kerb/type/ad/AuthorizationType.java | 17 +---
.../kerberos/kerb/type/base/EncryptionType.java | 2 +-
.../kerberos/kerb/type/base/HostAddrType.java | 4 +-
.../kerby/kerberos/kerb/type/base/KrbToken.java | 64 +------------
.../kerberos/kerb/type/base/KrbTokenBase.java | 97 ++++++++++++++++++++
.../kerb/type/pa/token/PaTokenRequest.java | 10 +-
.../kerberos/kerb/server/GssInteropTest.java | 52 +++++++++--
.../kerby/kerberos/kerb/server/KdcHandler.java | 2 +-
.../server/preauth/pkinit/PkinitPreauth.java | 10 +-
.../kerb/server/preauth/token/TokenPreauth.java | 64 ++++++-------
.../kerb/server/request/KdcRequest.java | 2 +-
.../kerby/kerberos/kerb/KrbInputStream.java | 24 +++--
.../kerb/ccache/CredCacheInputStream.java | 17 +++-
.../kerby/kerberos/kerb/ccache/Credential.java | 1 -
.../kerberos/kerb/keytab/KeytabInputStream.java | 18 ----
.../provider/token/JwtTokenDecoder.java | 10 +-
.../kerberos/provider/token/TokenTest.java | 4 +-
pom.xml | 5 +-
28 files changed, 391 insertions(+), 213 deletions(-)
----------------------------------------------------------------------
[08/26] directory-kerby git commit: DIRKRB-586 - NPE in KdcHandler on
an Exception
Posted by pl...@apache.org.
DIRKRB-586 - NPE in KdcHandler on an Exception
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/952938a6
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/952938a6
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/952938a6
Branch: refs/heads/kadmin-remote
Commit: 952938a698abce30ca8fc859750a832332e672c9
Parents: fc0328b
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Jun 15 17:19:59 2016 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Jun 15 17:19:59 2016 +0100
----------------------------------------------------------------------
.../java/org/apache/kerby/kerberos/kerb/server/KdcHandler.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/952938a6/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcHandler.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcHandler.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcHandler.java
index 8a1a21a..d04a306 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcHandler.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcHandler.java
@@ -140,7 +140,7 @@ public class KdcHandler {
serverPrincipal.setRealm(kdcRequest.getKdcReq().getReqBody().getRealm());
krbError.setSname(serverPrincipal);
}
- if (e.getKrbErrorCode().equals(KrbErrorCode.KRB_AP_ERR_BAD_INTEGRITY)) {
+ if (KrbErrorCode.KRB_AP_ERR_BAD_INTEGRITY.equals(e.getKrbErrorCode())) {
krbError.setEtext("PREAUTH_FAILED");
} else {
krbError.setEtext(e.getMessage());
[21/26] directory-kerby git commit: NPE fixes
Posted by pl...@apache.org.
NPE fixes
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/5e75bf59
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/5e75bf59
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/5e75bf59
Branch: refs/heads/kadmin-remote
Commit: 5e75bf59e378fc7c5c5c37e587c54fb4eb4b916e
Parents: 8518838
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Mon Jul 4 11:18:59 2016 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Mon Jul 4 11:18:59 2016 +0100
----------------------------------------------------------------------
.../test/jaas/TokenAuthLoginModule.java | 18 ++++++++++++++----
1 file changed, 14 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/5e75bf59/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java b/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java
index cbeb01c..7eee5ba 100644
--- a/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java
+++ b/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java
@@ -102,9 +102,15 @@ public class TokenAuthLoginModule implements LoginModule {
princName = (String) options.get(PRINCIPAL);
tokenStr = (String) options.get(TOKEN);
tokenCacheName = (String) options.get(TOKEN_CACHE);
- armorCache = new File((String) options.get(ARMOR_CACHE));
- cCache = new File((String) options.get(CREDENTIAL_CACHE));
- signKeyFile = new File((String) options.get(SIGN_KEY_FILE));
+ if ((String) options.get(ARMOR_CACHE) != null) {
+ armorCache = new File((String) options.get(ARMOR_CACHE));
+ }
+ if ((String) options.get(CREDENTIAL_CACHE) != null) {
+ cCache = new File((String) options.get(CREDENTIAL_CACHE));
+ }
+ if ((String) options.get(SIGN_KEY_FILE) != null) {
+ signKeyFile = new File((String) options.get(SIGN_KEY_FILE));
+ }
}
/**
@@ -215,6 +221,10 @@ public class TokenAuthLoginModule implements LoginModule {
}
private void validateConfiguration() throws LoginException {
+
+ if (armorCache == null) {
+ throw new LoginException("An armor cache must be specified via the armorCache configuration option");
+ }
String error = "";
if (tokenStr == null && tokenCacheName == null) {
@@ -244,7 +254,7 @@ public class TokenAuthLoginModule implements LoginModule {
krbToken = new KrbToken(authToken, TokenFormat.JWT);
TokenEncoder tokenEncoder = KrbRuntime.getTokenProvider().createTokenEncoder();
- if (tokenEncoder instanceof JwtTokenEncoder) {
+ if (tokenEncoder instanceof JwtTokenEncoder && signKeyFile != null) {
PrivateKey signKey = null;
try {
FileInputStream fis = new FileInputStream(signKeyFile);
[18/26] directory-kerby git commit: DIRKRB-591 Add the KerberosTicket
to subject's private credentials in TokenAuthLoginModule.
Posted by pl...@apache.org.
DIRKRB-591 Add the KerberosTicket to subject's private credentials in TokenAuthLoginModule.
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/358340dd
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/358340dd
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/358340dd
Branch: refs/heads/kadmin-remote
Commit: 358340dd2a60a36a69988f1dd7c509cf585acdc8
Parents: 68933ae
Author: plusplusjiajia <ji...@intel.com>
Authored: Mon Jul 4 14:41:39 2016 +0800
Committer: plusplusjiajia <ji...@intel.com>
Committed: Mon Jul 4 14:41:39 2016 +0800
----------------------------------------------------------------------
.../test/jaas/TokenAuthLoginModule.java | 37 ++++++++++++++++++--
.../TokenLoginWithTokenPreauthEnabledTest.java | 12 +++----
2 files changed, 40 insertions(+), 9 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/358340dd/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java b/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java
index bee4938..0d812c9 100644
--- a/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java
+++ b/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java
@@ -31,6 +31,7 @@ import org.apache.kerby.kerberos.kerb.provider.TokenEncoder;
import org.apache.kerby.kerberos.kerb.type.base.AuthToken;
import org.apache.kerby.kerberos.kerb.type.base.KrbToken;
import org.apache.kerby.kerberos.kerb.type.base.TokenFormat;
+import org.apache.kerby.kerberos.kerb.type.kdc.EncKdcRepPart;
import org.apache.kerby.kerberos.kerb.type.ticket.TgtTicket;
import org.apache.kerby.kerberos.provider.token.JwtTokenEncoder;
import org.slf4j.Logger;
@@ -38,6 +39,8 @@ import org.slf4j.LoggerFactory;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.kerberos.KerberosPrincipal;
+import javax.security.auth.kerberos.KerberosTicket;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import java.io.File;
@@ -47,6 +50,7 @@ import java.io.IOException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.interfaces.RSAPrivateKey;
+import java.util.Date;
import java.util.Iterator;
import java.util.Map;
@@ -83,6 +87,8 @@ public class TokenAuthLoginModule implements LoginModule {
public static final String CREDENTIAL_CACHE = "credentialCache";
public static final String SIGN_KEY_FILE = "signKeyFile";
+ private TgtTicket tgtTicket;
+
/**
* {@inheritDoc}
*/
@@ -120,7 +126,35 @@ public class TokenAuthLoginModule implements LoginModule {
if (succeeded == false) {
return false;
} else {
- subject.getPublicCredentials().add(krbToken);
+ KerberosTicket ticket = null;
+ try {
+ EncKdcRepPart encKdcRepPart = tgtTicket.getEncKdcRepPart();
+ boolean[] flags = new boolean[7];
+ int flag = encKdcRepPart.getFlags().getFlags();
+ for (int i = 6; i >= 0; i--) {
+ flags[i] = (flag & (1 << i)) != 0;
+ }
+ Date startTime = null;
+ if (encKdcRepPart.getStartTime() != null) {
+ startTime = encKdcRepPart.getStartTime().getValue();
+ }
+
+ ticket = new KerberosTicket(tgtTicket.getTicket().encode(),
+ new KerberosPrincipal(tgtTicket.getClientPrincipal().getName()),
+ new KerberosPrincipal(tgtTicket.getEncKdcRepPart().getSname().getName()),
+ encKdcRepPart.getKey().getKeyData(),
+ encKdcRepPart.getKey().getKeyType().getValue(),
+ flags,
+ encKdcRepPart.getAuthTime().getValue(),
+ startTime,
+ encKdcRepPart.getEndTime().getValue(),
+ encKdcRepPart.getRenewTill().getValue(),
+ null
+ );
+ } catch (IOException e) {
+ e.printStackTrace();
+ }
+ subject.getPrivateCredentials().add(ticket);
}
commitSucceeded = true;
LOG.info("Commit Succeeded \n");
@@ -245,7 +279,6 @@ public class TokenAuthLoginModule implements LoginModule {
} catch (IOException e) {
e.printStackTrace();
}
- TgtTicket tgtTicket;
KrbTokenClient tokenClient = new KrbTokenClient(krbClient);
try {
tgtTicket = tokenClient.requestTgt(krbToken,
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/358340dd/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginWithTokenPreauthEnabledTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginWithTokenPreauthEnabledTest.java b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginWithTokenPreauthEnabledTest.java
index ed4ec8a..f8e7ee4 100644
--- a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginWithTokenPreauthEnabledTest.java
+++ b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginWithTokenPreauthEnabledTest.java
@@ -19,12 +19,6 @@
*/
package org.apache.kerby.kerberos.kerb.integration.test;
-import java.security.Principal;
-import java.security.PrivilegedExceptionAction;
-import java.util.Set;
-
-import javax.security.auth.Subject;
-
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
@@ -34,6 +28,11 @@ import org.ietf.jgss.Oid;
import org.junit.Assert;
import org.junit.Test;
+import javax.security.auth.Subject;
+import java.security.Principal;
+import java.security.PrivilegedExceptionAction;
+import java.util.Set;
+
/**
* Test login with token when token preauth is allowed by kdc.
*/
@@ -55,7 +54,6 @@ public class TokenLoginWithTokenPreauthEnabledTest extends TokenLoginTestBase {
}
@Test
- @org.junit.Ignore
public void testLoginWithTokenCacheGSS() throws Exception {
Subject subject = super.testLoginWithTokenCacheAndRetSubject();
Set<Principal> clientPrincipals = subject.getPrincipals();
[13/26] directory-kerby git commit: Fixing warnings
Posted by pl...@apache.org.
Fixing warnings
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/f39f0058
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/f39f0058
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/f39f0058
Branch: refs/heads/kadmin-remote
Commit: f39f0058f7f9a8b3c4c10279d4ac1abb3af9800a
Parents: c4865eb
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Fri Jun 17 11:42:51 2016 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Fri Jun 17 11:42:51 2016 +0100
----------------------------------------------------------------------
.../kerb/server/preauth/pkinit/PkinitPreauth.java | 10 ++++------
1 file changed, 4 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f39f0058/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
index fa93780..f0080c9 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
@@ -252,7 +252,7 @@ public class PkinitPreauth extends AbstractPreauthPlugin {
String identity = pkinitContext.identityOpts.identity;
- PaPkAsRep paPkAsRep = makePaPkAsRep(pkinitContext.cryptoctx, serverPubKey, identity);
+ PaPkAsRep paPkAsRep = makePaPkAsRep(serverPubKey, identity);
PaDataEntry paDataEntry = makeEntry(paPkAsRep);
kdcRequest.getPreauthContext().getOutputPaData().add(paDataEntry);
@@ -300,16 +300,14 @@ public class PkinitPreauth extends AbstractPreauthPlugin {
return paDataEntry;
}
- private PaPkAsRep makePaPkAsRep(PkinitPlgCryptoContext cryptoContext,
- DHPublicKey severPubKey, String identityString) throws KrbException {
+ private PaPkAsRep makePaPkAsRep(DHPublicKey severPubKey, String identityString) throws KrbException {
List<String> identityList = Arrays.asList(identityString.split(","));
List<X509Certificate> certificates = new ArrayList<>();
for (String identity : identityList) {
File file = new File(identity);
- try {
- Scanner scanner = new Scanner(file, "UTF-8");
+ try (Scanner scanner = new Scanner(file, "UTF-8")) {
String found = scanner.findInLine("CERTIFICATE");
if (found != null) {
@@ -353,7 +351,7 @@ public class PkinitPreauth extends AbstractPreauthPlugin {
certificateSet.addElement(certificateChoices);
}
- String oid = cryptoContext.getIdPkinitDHKeyDataOID();
+ String oid = PkinitPlgCryptoContext.getIdPkinitDHKeyDataOID();
signedDataBytes = PkinitCrypto.cmsSignedDataCreate(KrbCodec.encode(kdcDhKeyInfo), oid, 3, null,
null, null, null);
[12/26] directory-kerby git commit: Make it easier to pass custom
tokens through via KrbToken. Currently, the code is tied to "KrbToken",
which enforces the use of encoders/decoders.
Posted by pl...@apache.org.
Make it easier to pass custom tokens through via KrbToken.
Currently, the code is tied to "KrbToken", which enforces the use of encoders/decoders.
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/c4865eb3
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/c4865eb3
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/c4865eb3
Branch: refs/heads/kadmin-remote
Commit: c4865eb3e3e436cc4f0dd44ab05309a06548311f
Parents: 641a3cc
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Thu Jun 16 12:12:55 2016 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Thu Jun 16 12:12:55 2016 +0100
----------------------------------------------------------------------
.../kerb/client/preauth/token/TokenPreauth.java | 4 +-
.../kerby/kerberos/kerb/type/base/KrbToken.java | 64 +------------
.../kerberos/kerb/type/base/KrbTokenBase.java | 97 ++++++++++++++++++++
.../kerb/type/pa/token/PaTokenRequest.java | 10 +-
.../kerb/server/preauth/token/TokenPreauth.java | 4 +-
5 files changed, 108 insertions(+), 71 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/c4865eb3/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/token/TokenPreauth.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/token/TokenPreauth.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/token/TokenPreauth.java
index 15f9874..0830f20 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/token/TokenPreauth.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/token/TokenPreauth.java
@@ -36,7 +36,7 @@ import org.apache.kerby.kerberos.kerb.type.base.AuthToken;
import org.apache.kerby.kerberos.kerb.type.base.EncryptedData;
import org.apache.kerby.kerberos.kerb.type.base.EncryptionType;
import org.apache.kerby.kerberos.kerb.type.base.KeyUsage;
-import org.apache.kerby.kerberos.kerb.type.base.KrbToken;
+import org.apache.kerby.kerberos.kerb.type.base.KrbTokenBase;
import org.apache.kerby.kerberos.kerb.type.pa.PaData;
import org.apache.kerby.kerberos.kerb.type.pa.PaDataEntry;
import org.apache.kerby.kerberos.kerb.type.pa.PaDataType;
@@ -187,7 +187,7 @@ public class TokenPreauth extends AbstractPreauthPlugin {
}
PaTokenRequest tokenPa = new PaTokenRequest();
- tokenPa.setToken((KrbToken) authToken);
+ tokenPa.setToken((KrbTokenBase) authToken);
TokenInfo info = new TokenInfo();
info.setTokenVendor(authToken.getIssuer());
tokenPa.setTokenInfo(info);
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/c4865eb3/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/base/KrbToken.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/base/KrbToken.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/base/KrbToken.java
index 597d531..68d3a3b 100644
--- a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/base/KrbToken.java
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/base/KrbToken.java
@@ -23,17 +23,11 @@ import java.util.Date;
import java.util.List;
import java.util.Map;
-import org.apache.kerby.asn1.Asn1FieldInfo;
-import org.apache.kerby.asn1.EnumType;
-import org.apache.kerby.asn1.ExplicitField;
-import org.apache.kerby.asn1.type.Asn1Integer;
-import org.apache.kerby.asn1.type.Asn1OctetString;
import org.apache.kerby.kerberos.kerb.KrbConstant;
import org.apache.kerby.kerberos.kerb.KrbException;
import org.apache.kerby.kerberos.kerb.KrbRuntime;
import org.apache.kerby.kerberos.kerb.provider.TokenDecoder;
import org.apache.kerby.kerberos.kerb.provider.TokenEncoder;
-import org.apache.kerby.kerberos.kerb.type.KrbSequenceType;
/**
* KRB-TOKEN_VALUE ::= SEQUENCE {
@@ -41,38 +35,17 @@ import org.apache.kerby.kerberos.kerb.type.KrbSequenceType;
* token-value [1] OCTET STRING,
* }
*/
-public class KrbToken extends KrbSequenceType implements AuthToken {
+public class KrbToken extends KrbTokenBase implements AuthToken {
private static TokenEncoder tokenEncoder;
private static TokenDecoder tokenDecoder;
- protected enum KrbTokenField implements EnumType {
- TOKEN_FORMAT,
- TOKEN_VALUE;
-
- @Override
- public int getValue() {
- return ordinal();
- }
-
- @Override
- public String getName() {
- return name();
- }
- }
-
private AuthToken innerToken = null;
- static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[]{
- new ExplicitField(KrbTokenField.TOKEN_FORMAT, Asn1Integer.class),
- new ExplicitField(KrbTokenField.TOKEN_VALUE, Asn1OctetString.class)
- };
-
-
/**
* Default constructor.
*/
public KrbToken() {
- super(fieldInfos);
+ super();
}
/**
@@ -149,39 +122,6 @@ public class KrbToken extends KrbSequenceType implements AuthToken {
}
/**
- * Get token format.
- * @return The token format
- */
- public TokenFormat getTokenFormat() {
- Integer value = getFieldAsInteger(KrbTokenField.TOKEN_FORMAT);
- return TokenFormat.fromValue(value);
- }
-
- /**
- * Set token format.
- * @param tokenFormat The token format
- */
- public void setTokenFormat(TokenFormat tokenFormat) {
- setFieldAsInt(KrbTokenField.TOKEN_FORMAT, tokenFormat.getValue());
- }
-
- /**
- * Get token value.
- * @return The token value
- */
- public byte[] getTokenValue() {
- return getFieldAsOctets(KrbTokenField.TOKEN_VALUE);
- }
-
- /**
- * Set token value.
- * @param tokenValue The token value
- */
- public void setTokenValue(byte[] tokenValue) {
- setFieldAsOctets(KrbTokenField.TOKEN_VALUE, tokenValue);
- }
-
- /**
* {@inheritDoc}
*/
@Override
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/c4865eb3/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/base/KrbTokenBase.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/base/KrbTokenBase.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/base/KrbTokenBase.java
new file mode 100644
index 0000000..ddca54e
--- /dev/null
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/base/KrbTokenBase.java
@@ -0,0 +1,97 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.type.base;
+
+import org.apache.kerby.asn1.Asn1FieldInfo;
+import org.apache.kerby.asn1.EnumType;
+import org.apache.kerby.asn1.ExplicitField;
+import org.apache.kerby.asn1.type.Asn1Integer;
+import org.apache.kerby.asn1.type.Asn1OctetString;
+import org.apache.kerby.kerberos.kerb.type.KrbSequenceType;
+
+/**
+ * KRB-TOKEN_VALUE ::= SEQUENCE {
+ * token-format [0] INTEGER,
+ * token-value [1] OCTET STRING,
+ * }
+ */
+public class KrbTokenBase extends KrbSequenceType {
+
+ protected enum KrbTokenField implements EnumType {
+ TOKEN_FORMAT,
+ TOKEN_VALUE;
+
+ @Override
+ public int getValue() {
+ return ordinal();
+ }
+
+ @Override
+ public String getName() {
+ return name();
+ }
+ }
+
+ static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[]{
+ new ExplicitField(KrbTokenField.TOKEN_FORMAT, Asn1Integer.class),
+ new ExplicitField(KrbTokenField.TOKEN_VALUE, Asn1OctetString.class)
+ };
+
+ /**
+ * Default constructor.
+ */
+ public KrbTokenBase() {
+ super(fieldInfos);
+ }
+
+ /**
+ * Get token format.
+ * @return The token format
+ */
+ public TokenFormat getTokenFormat() {
+ Integer value = getFieldAsInteger(KrbTokenField.TOKEN_FORMAT);
+ return TokenFormat.fromValue(value);
+ }
+
+ /**
+ * Set token format.
+ * @param tokenFormat The token format
+ */
+ public void setTokenFormat(TokenFormat tokenFormat) {
+ setFieldAsInt(KrbTokenField.TOKEN_FORMAT, tokenFormat.getValue());
+ }
+
+ /**
+ * Get token value.
+ * @return The token value
+ */
+ public byte[] getTokenValue() {
+ return getFieldAsOctets(KrbTokenField.TOKEN_VALUE);
+ }
+
+ /**
+ * Set token value.
+ * @param tokenValue The token value
+ */
+ public void setTokenValue(byte[] tokenValue) {
+ setFieldAsOctets(KrbTokenField.TOKEN_VALUE, tokenValue);
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/c4865eb3/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/pa/token/PaTokenRequest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/pa/token/PaTokenRequest.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/pa/token/PaTokenRequest.java
index 7819f16..b0dab16 100644
--- a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/pa/token/PaTokenRequest.java
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/pa/token/PaTokenRequest.java
@@ -23,7 +23,7 @@ import org.apache.kerby.asn1.Asn1FieldInfo;
import org.apache.kerby.asn1.EnumType;
import org.apache.kerby.asn1.ExplicitField;
import org.apache.kerby.kerberos.kerb.type.KrbSequenceType;
-import org.apache.kerby.kerberos.kerb.type.base.KrbToken;
+import org.apache.kerby.kerberos.kerb.type.base.KrbTokenBase;
/**
PA-TOKEN-REQUEST ::= SEQUENCE {
@@ -49,18 +49,18 @@ public class PaTokenRequest extends KrbSequenceType {
static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
new ExplicitField(PaTokenRequestField.TOKEN_INFO, TokenInfo.class),
- new ExplicitField(PaTokenRequestField.TOKEN, KrbToken.class)
+ new ExplicitField(PaTokenRequestField.TOKEN, KrbTokenBase.class)
};
public PaTokenRequest() {
super(fieldInfos);
}
- public KrbToken getToken() {
- return getFieldAs(PaTokenRequestField.TOKEN, KrbToken.class);
+ public KrbTokenBase getToken() {
+ return getFieldAs(PaTokenRequestField.TOKEN, KrbTokenBase.class);
}
- public void setToken(KrbToken token) {
+ public void setToken(KrbTokenBase token) {
setFieldAs(PaTokenRequestField.TOKEN, token);
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/c4865eb3/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java
index 34fec85..5abca91 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java
@@ -37,7 +37,7 @@ import org.apache.kerby.kerberos.kerb.type.base.AuthToken;
import org.apache.kerby.kerberos.kerb.type.base.EncryptedData;
import org.apache.kerby.kerberos.kerb.type.base.EncryptionKey;
import org.apache.kerby.kerberos.kerb.type.base.KeyUsage;
-import org.apache.kerby.kerberos.kerb.type.base.KrbToken;
+import org.apache.kerby.kerberos.kerb.type.base.KrbTokenBase;
import org.apache.kerby.kerberos.kerb.type.base.PrincipalName;
import org.apache.kerby.kerberos.kerb.type.pa.PaDataEntry;
import org.apache.kerby.kerberos.kerb.type.pa.PaDataType;
@@ -75,7 +75,7 @@ public class TokenPreauth extends AbstractPreauthPlugin {
PaTokenRequest paTokenRequest = EncryptionUtil.unseal(encData, clientKey,
KeyUsage.PA_TOKEN, PaTokenRequest.class);
- KrbToken token = paTokenRequest.getToken();
+ KrbTokenBase token = paTokenRequest.getToken();
List<String> issuers = kdcRequest.getKdcContext().getConfig().getIssuers();
TokenInfo tokenInfo = paTokenRequest.getTokenInfo();
String issuer = tokenInfo.getTokenVendor();
[14/26] directory-kerby git commit: No need to check the request type
to set the token
Posted by pl...@apache.org.
No need to check the request type to set the token
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/79d4a584
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/79d4a584
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/79d4a584
Branch: refs/heads/kadmin-remote
Commit: 79d4a584129026bcf920dd1ae5c28c27c6971412
Parents: f39f005
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Fri Jun 17 12:44:05 2016 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Fri Jun 17 12:44:05 2016 +0100
----------------------------------------------------------------------
.../kerberos/kerb/server/preauth/token/TokenPreauth.java | 10 +---------
1 file changed, 1 insertion(+), 9 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/79d4a584/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java
index 5abca91..81ce5dd 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java
@@ -30,9 +30,7 @@ import org.apache.kerby.kerberos.kerb.preauth.PluginRequestContext;
import org.apache.kerby.kerberos.kerb.preauth.token.TokenPreauthMeta;
import org.apache.kerby.kerberos.kerb.provider.TokenDecoder;
import org.apache.kerby.kerberos.kerb.server.preauth.AbstractPreauthPlugin;
-import org.apache.kerby.kerberos.kerb.server.request.AsRequest;
import org.apache.kerby.kerberos.kerb.server.request.KdcRequest;
-import org.apache.kerby.kerberos.kerb.server.request.TgsRequest;
import org.apache.kerby.kerberos.kerb.type.base.AuthToken;
import org.apache.kerby.kerberos.kerb.type.base.EncryptedData;
import org.apache.kerby.kerberos.kerb.type.base.EncryptionKey;
@@ -108,13 +106,7 @@ public class TokenPreauth extends AbstractPreauthPlugin {
if (!audiences.contains(serverPrincipal.getName())) {
throw new KrbException("The token audience does not match with the target server principal!");
}
- if (kdcRequest instanceof AsRequest) {
- AsRequest asRequest = (AsRequest) kdcRequest;
- asRequest.setToken(authToken);
- } else if (kdcRequest instanceof TgsRequest) {
- TgsRequest tgsRequest = (TgsRequest) kdcRequest;
- tgsRequest.setToken(authToken);
- }
+ kdcRequest.setToken(authToken);
return true;
} else {
return false;
[03/26] directory-kerby git commit: Added some checks and did some
clean up
Posted by pl...@apache.org.
Added some checks and did some clean up
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/9989694c
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/9989694c
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/9989694c
Branch: refs/heads/kadmin-remote
Commit: 9989694c2978b06971e5a9b1ddf9ea552720d3c1
Parents: a798aa8
Author: Kai Zheng <ka...@intel.com>
Authored: Sun Jun 12 23:34:15 2016 +0800
Committer: Kai Zheng <ka...@intel.com>
Committed: Sun Jun 12 23:34:15 2016 +0800
----------------------------------------------------------------------
.../kerb/type/ad/AuthorizationType.java | 17 +++++----------
.../kerberos/kerb/type/base/EncryptionType.java | 2 +-
.../kerberos/kerb/type/base/HostAddrType.java | 4 ++--
.../kerby/kerberos/kerb/KrbInputStream.java | 22 +++++++++++++-------
.../kerb/ccache/CredCacheInputStream.java | 17 ++++++++++++---
.../kerby/kerberos/kerb/ccache/Credential.java | 1 -
.../kerberos/kerb/keytab/KeytabInputStream.java | 12 -----------
7 files changed, 37 insertions(+), 38 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9989694c/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ad/AuthorizationType.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ad/AuthorizationType.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ad/AuthorizationType.java
index 0135215..e6c40c4 100644
--- a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ad/AuthorizationType.java
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ad/AuthorizationType.java
@@ -21,9 +21,6 @@ package org.apache.kerby.kerberos.kerb.type.ad;
import org.apache.kerby.asn1.EnumType;
-import java.util.HashMap;
-import java.util.Map;
-
/**
* The various AuthorizationType values, as defined in RFC 4120 and RFC 1510.
*
@@ -33,7 +30,7 @@ public enum AuthorizationType implements EnumType {
/**
* Constant for the "null" authorization type.
*/
- NULL(0),
+ NONE(0),
/**
* Constant for the "if relevant" authorization type.
@@ -315,8 +312,6 @@ public enum AuthorizationType implements EnumType {
/** The internal value */
private final int value;
- private static Map<Integer, AuthorizationType> valueMap;
-
/**
* Create a new enum
*/
@@ -348,15 +343,13 @@ public enum AuthorizationType implements EnumType {
*/
public static AuthorizationType fromValue(Integer value) {
if (value != null) {
- if (valueMap == null) {
- valueMap = new HashMap<Integer, AuthorizationType>(32);
- for (EnumType e : values()) {
- valueMap.put(e.getValue(), (AuthorizationType) e);
+ for (EnumType e : values()) {
+ if (e.getValue() == value) {
+ return (AuthorizationType) e;
}
}
- return valueMap.get(value);
}
- return NULL;
+ return NONE;
}
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9989694c/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/base/EncryptionType.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/base/EncryptionType.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/base/EncryptionType.java
index 86962de..24a4119 100644
--- a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/base/EncryptionType.java
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/base/EncryptionType.java
@@ -131,7 +131,7 @@ public enum EncryptionType implements EnumType {
if (name != null) {
for (EncryptionType e : values()) {
if (e.getName().equals(name)) {
- return (EncryptionType) e;
+ return e;
}
}
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9989694c/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/base/HostAddrType.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/base/HostAddrType.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/base/HostAddrType.java
index 21ae885..30501c5 100644
--- a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/base/HostAddrType.java
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/base/HostAddrType.java
@@ -30,7 +30,7 @@ public enum HostAddrType implements EnumType {
/**
* Constant for the "null" host address type.
*/
- NULL(0),
+ NONE(0),
/**
* Constant for the "Internet" host address type.
@@ -120,6 +120,6 @@ public enum HostAddrType implements EnumType {
}
}
- return NULL;
+ return HostAddrType.NONE;
}
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9989694c/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/KrbInputStream.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/KrbInputStream.java b/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/KrbInputStream.java
index 3dac9bf..9611fe0 100644
--- a/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/KrbInputStream.java
+++ b/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/KrbInputStream.java
@@ -42,20 +42,25 @@ public abstract class KrbInputStream extends DataInputStream {
public abstract PrincipalName readPrincipal(int version) throws IOException;
- public EncryptionKey readKey(int version) throws IOException {
+ public EncryptionKey readKey() throws IOException {
int eType = readShort();
- EncryptionType encryptionType = EncryptionType.fromValue(eType);
-
+ EncryptionType encType = EncryptionType.fromValue(eType);
byte[] keyData = readCountedOctets();
- EncryptionKey key = new EncryptionKey(encryptionType, keyData);
+ if (encType == EncryptionType.NONE || keyData == null) {
+ return null;
+ }
+ EncryptionKey key = new EncryptionKey(encType, keyData);
return key;
}
public String readCountedString() throws IOException {
byte[] countedOctets = readCountedOctets();
- // ASCII
- return new String(countedOctets, StandardCharsets.UTF_8);
+ if (countedOctets != null) {
+ // ASCII
+ return new String(countedOctets, StandardCharsets.UTF_8);
+ }
+ return null;
}
public byte[] readCountedOctets() throws IOException {
@@ -63,10 +68,13 @@ public abstract class KrbInputStream extends DataInputStream {
if (len == 0) {
return null;
}
+ if (len < 0 || len > available()) {
+ throw new IOException("Unexpected octets len: " + len);
+ }
byte[] data = new byte[len];
if (read(data) == -1) {
- throw new IOException();
+ throw new IOException("Unexpected end of stream");
}
return data;
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9989694c/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/ccache/CredCacheInputStream.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/ccache/CredCacheInputStream.java b/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/ccache/CredCacheInputStream.java
index ea52156..dded504 100644
--- a/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/ccache/CredCacheInputStream.java
+++ b/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/ccache/CredCacheInputStream.java
@@ -73,10 +73,10 @@ public class CredCacheInputStream extends KrbInputStream {
public EncryptionKey readKey(int version) throws IOException {
if (version == CredentialCache.FCC_FVNO_3) {
- readShort(); // ignore keytype
+ readShort(); // ignore keytype
}
- return super.readKey(version);
+ return super.readKey();
}
public KerberosTime[] readTimes() throws IOException {
@@ -113,8 +113,13 @@ public class CredCacheInputStream extends KrbInputStream {
public HostAddress readAddress() throws IOException {
int typeValue = readShort();
HostAddrType addrType = HostAddrType.fromValue(typeValue);
+ if (addrType == HostAddrType.NONE) {
+ throw new IOException("Invalid host address type");
+ }
byte[] addrData = readCountedOctets();
-
+ if (addrData == null) {
+ throw new IOException("Invalid host address data");
+ }
HostAddress addr = new HostAddress();
addr.setAddrType(addrType);
addr.setAddress(addrData);
@@ -141,7 +146,13 @@ public class CredCacheInputStream extends KrbInputStream {
public AuthorizationDataEntry readAuthzDataEntry() throws IOException {
int typeValue = readShort();
AuthorizationType authzType = AuthorizationType.fromValue(typeValue);
+ if (authzType == AuthorizationType.NONE) {
+ throw new IOException("Invalid authorization data type");
+ }
byte[] authzData = readCountedOctets();
+ if (authzData == null) {
+ throw new IOException("Invalid authorization data");
+ }
AuthorizationDataEntry authzEntry = new AuthorizationDataEntry();
authzEntry.setAuthzType(authzType);
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9989694c/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/ccache/Credential.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/ccache/Credential.java b/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/ccache/Credential.java
index c29c8bd..03484dc 100644
--- a/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/ccache/Credential.java
+++ b/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/ccache/Credential.java
@@ -175,7 +175,6 @@ public class Credential {
if (serverName.getRealm().equals(CONF_REALM)) {
isConfEntry = true;
}
-
this.key = ccis.readKey(version);
KerberosTime[] times = ccis.readTimes();
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9989694c/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/keytab/KeytabInputStream.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/keytab/KeytabInputStream.java b/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/keytab/KeytabInputStream.java
index 2e52b9c..111ad14 100644
--- a/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/keytab/KeytabInputStream.java
+++ b/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/keytab/KeytabInputStream.java
@@ -21,8 +21,6 @@ package org.apache.kerby.kerberos.kerb.keytab;
import org.apache.kerby.kerberos.kerb.KrbInputStream;
import org.apache.kerby.kerberos.kerb.type.KerberosTime;
-import org.apache.kerby.kerberos.kerb.type.base.EncryptionKey;
-import org.apache.kerby.kerberos.kerb.type.base.EncryptionType;
import org.apache.kerby.kerberos.kerb.type.base.NameType;
import org.apache.kerby.kerberos.kerb.type.base.PrincipalName;
@@ -64,16 +62,6 @@ public class KeytabInputStream extends KrbInputStream {
return principal;
}
- public EncryptionKey readKey() throws IOException {
- int eType = readShort();
- EncryptionType encryptionType = EncryptionType.fromValue(eType);
-
- byte[] keyData = readCountedOctets();
- EncryptionKey key = new EncryptionKey(encryptionType, keyData);
-
- return key;
- }
-
@Override
public int readOctetsCount() throws IOException {
return readShort();
[11/26] directory-kerby git commit: DIRKRB-588 - Support validation
keys in different formats Note: Introducing a Commons IO dependency as part
of this patch
Posted by pl...@apache.org.
DIRKRB-588 - Support validation keys in different formats
Note: Introducing a Commons IO dependency as part of this patch
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/641a3cca
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/641a3cca
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/641a3cca
Branch: refs/heads/kadmin-remote
Commit: 641a3cca8284c7a892942bd6a5ce09b78bc4265d
Parents: 8aae076
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Thu Jun 16 10:35:04 2016 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Thu Jun 16 10:35:04 2016 +0100
----------------------------------------------------------------------
kerby-kerb/kerb-common/pom.xml | 6 ++
.../kerberos/kerb/common/PublicKeyReader.java | 60 +++++++++-----------
pom.xml | 1 +
3 files changed, 35 insertions(+), 32 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/641a3cca/kerby-kerb/kerb-common/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-common/pom.xml b/kerby-kerb/kerb-common/pom.xml
index 2272c96..779c391 100644
--- a/kerby-kerb/kerb-common/pom.xml
+++ b/kerby-kerb/kerb-common/pom.xml
@@ -36,5 +36,11 @@
<artifactId>kerb-crypto</artifactId>
<version>${project.version}</version>
</dependency>
+ <dependency>
+ <groupId>commons-io</groupId>
+ <artifactId>commons-io</artifactId>
+ <version>${commons-io.version}</version>
+ <scope>compile</scope>
+ </dependency>
</dependencies>
</project>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/641a3cca/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/PublicKeyReader.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/PublicKeyReader.java b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/PublicKeyReader.java
index 49b2012..988d259 100644
--- a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/PublicKeyReader.java
+++ b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/PublicKeyReader.java
@@ -19,56 +19,52 @@
*/
package org.apache.kerby.kerberos.kerb.common;
-import org.apache.kerby.util.Base64;
-
-import java.io.BufferedReader;
-import java.io.IOException;
+import java.io.ByteArrayInputStream;
import java.io.InputStream;
-import java.io.InputStreamReader;
-import java.nio.charset.StandardCharsets;
import java.security.KeyFactory;
-import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateFactory;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
+import org.apache.commons.io.IOUtils;
+import org.apache.kerby.util.Base64;
+
public class PublicKeyReader {
public static PublicKey loadPublicKey(InputStream in) throws Exception {
+ byte[] keyBytes = IOUtils.toByteArray(in);
+
try {
- BufferedReader br = new BufferedReader(new InputStreamReader(in, StandardCharsets.UTF_8));
- String readLine = null;
- StringBuilder sb = new StringBuilder();
- while ((readLine = br.readLine()) != null) {
- if (readLine.charAt(0) == '-') {
- continue;
- } else {
- sb.append(readLine);
- sb.append('\r');
- }
- }
- return loadPublicKey(sb.toString());
- } catch (IOException e) {
- throw e;
- } catch (NullPointerException e) {
- throw e;
+ return loadPublicKey(keyBytes);
+ } catch (InvalidKeySpecException ex) {
+ // It might be a Certificate and not a PublicKey...
+ Certificate cert =
+ CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(keyBytes));
+ return cert.getPublicKey();
}
}
- public static PublicKey loadPublicKey(String publicKeyStr) throws Exception {
- try {
+ public static PublicKey loadPublicKey(byte[] publicKeyBytes) throws Exception {
+ String pubKey = new String(publicKeyBytes, "UTF-8");
+ if (pubKey.startsWith("-----BEGIN PUBLIC KEY-----")) {
+ // PEM format
+ pubKey = pubKey.replace("-----BEGIN PUBLIC KEY-----", "");
+ pubKey = pubKey.replace("-----END PUBLIC KEY-----", "");
+
Base64 base64 = new Base64();
- byte[] buffer = base64.decode(publicKeyStr);
+ byte[] buffer = base64.decode(pubKey.trim());
+
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(buffer);
return keyFactory.generatePublic(keySpec);
- } catch (NoSuchAlgorithmException e) {
- throw e;
- } catch (InvalidKeySpecException e) {
- throw e;
- } catch (NullPointerException e) {
- throw e;
+ } else {
+ // DER format
+ KeyFactory keyFactory = KeyFactory.getInstance("RSA");
+ X509EncodedKeySpec keySpec = new X509EncodedKeySpec(publicKeyBytes);
+ return keyFactory.generatePublic(keySpec);
}
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/641a3cca/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index 7e6967f..3aeef2a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -49,6 +49,7 @@
<properties>
<apacheds.version>2.0.0-M21</apacheds.version>
<bouncycastle.version>1.54</bouncycastle.version>
+ <commons-io.version>2.5</commons-io.version>
<gson.version>2.6.2</gson.version>
<ldap.api.version>1.0.0-M33</ldap.api.version>
<log4j.version>1.2.17</log4j.version>
[06/26] directory-kerby git commit: DIRKRB-585 - Allow for optional
expiry + NotBefore claims when processing a JWT token
Posted by pl...@apache.org.
DIRKRB-585 - Allow for optional expiry + NotBefore claims when processing a JWT token
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/ca326b83
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/ca326b83
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/ca326b83
Branch: refs/heads/kadmin-remote
Commit: ca326b8369102823e863aa24d68eb3dbe1f357f2
Parents: 4b3e704
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Jun 15 17:09:28 2016 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Jun 15 17:09:28 2016 +0100
----------------------------------------------------------------------
.../kerby/kerberos/provider/token/JwtTokenDecoder.java | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ca326b83/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtTokenDecoder.java
----------------------------------------------------------------------
diff --git a/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtTokenDecoder.java b/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtTokenDecoder.java
index f4961e9..6d6e49e 100644
--- a/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtTokenDecoder.java
+++ b/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtTokenDecoder.java
@@ -269,17 +269,19 @@ public class JwtTokenDecoder implements TokenDecoder {
}
private boolean verifyExpiration(JWT jwtToken) throws IOException {
- boolean valid = false;
try {
Date expire = jwtToken.getJWTClaimsSet().getExpirationTime();
+ if (expire != null && new Date().after(expire)) {
+ return false;
+ }
Date notBefore = jwtToken.getJWTClaimsSet().getNotBeforeTime();
- if (expire != null && new Date().before(expire) && new Date().after(notBefore)) {
- valid = true;
+ if (notBefore != null && new Date().before(notBefore)) {
+ return false;
}
} catch (ParseException e) {
throw new IOException("Failed to get JWT claims set", e);
}
- return valid;
+ return true;
}
/**
[09/26] directory-kerby git commit: Spelling typo
Posted by pl...@apache.org.
Spelling typo
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/83ebd608
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/83ebd608
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/83ebd608
Branch: refs/heads/kadmin-remote
Commit: 83ebd6083b6568facf5596ae0230051ba493a6be
Parents: 952938a
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Jun 15 17:22:54 2016 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Jun 15 17:22:54 2016 +0100
----------------------------------------------------------------------
.../src/main/java/org/apache/kerby/kerberos/kerb/KrbErrorCode.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/83ebd608/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/KrbErrorCode.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/KrbErrorCode.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/KrbErrorCode.java
index b7f3df3..30ddc0b 100644
--- a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/KrbErrorCode.java
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/KrbErrorCode.java
@@ -98,7 +98,7 @@ public enum KrbErrorCode implements EnumType {
TOKEN_PREAUTH_NOT_ALLOWED(82, "Token preauth is not allowed"),
KRB_TIMEOUT(5000, "Network timeout"),
- UNKNOWN_ERR(5001, "Unknow error");
+ UNKNOWN_ERR(5001, "Unknown error");
private final int value;
private final String message;
[26/26] directory-kerby git commit: Merge remote-tracking branch
'asf/trunk' into kadmin-remote
Posted by pl...@apache.org.
Merge remote-tracking branch 'asf/trunk' into kadmin-remote
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/38282872
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/38282872
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/38282872
Branch: refs/heads/kadmin-remote
Commit: 38282872b7da5e353a0bf47619e7302d5d0c9fa7
Parents: 9cbbc5b 054db32
Author: plusplusjiajia <ji...@intel.com>
Authored: Tue Jul 5 15:21:57 2016 +0800
Committer: plusplusjiajia <ji...@intel.com>
Committed: Tue Jul 5 15:21:57 2016 +0800
----------------------------------------------------------------------
.../test/jaas/TokenAuthLoginModule.java | 109 +++++++++++++------
.../kerberos/kerb/server/GssInteropTest.java | 39 -------
.../kerberos/provider/token/JwtAuthToken.java | 6 +-
3 files changed, 77 insertions(+), 77 deletions(-)
----------------------------------------------------------------------
[15/26] directory-kerby git commit: Adding @Ignore'd GSS interop
testcase
Posted by pl...@apache.org.
Adding @Ignore'd GSS interop testcase
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/1bce738d
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/1bce738d
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/1bce738d
Branch: refs/heads/kadmin-remote
Commit: 1bce738d298cd706bc7d62d25287cc04163cbfcf
Parents: 79d4a58
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Tue Jun 28 14:57:23 2016 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Tue Jun 28 14:57:23 2016 +0100
----------------------------------------------------------------------
.../kerberos/kerb/server/GssInteropTest.java | 52 +++++++++++++++++---
1 file changed, 46 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/1bce738d/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/GssInteropTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/GssInteropTest.java b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/GssInteropTest.java
index 832d59d..7e0d269 100644
--- a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/GssInteropTest.java
+++ b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/GssInteropTest.java
@@ -19,6 +19,20 @@
*/
package org.apache.kerby.kerberos.kerb.server;
+import java.io.ByteArrayOutputStream;
+import java.security.Principal;
+import java.security.PrivilegedExceptionAction;
+import java.util.Set;
+
+import javax.security.auth.Subject;
+import javax.security.auth.kerberos.KerberosTicket;
+
+import org.apache.kerby.kerberos.kerb.ccache.CredCacheOutputStream;
+import org.apache.kerby.kerberos.kerb.ccache.Credential;
+import org.apache.kerby.kerberos.kerb.ccache.CredentialCache;
+import org.apache.kerby.kerberos.kerb.client.KrbClient;
+import org.apache.kerby.kerberos.kerb.type.ticket.SgtTicket;
+import org.apache.kerby.kerberos.kerb.type.ticket.TgtTicket;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
@@ -28,12 +42,6 @@ import org.ietf.jgss.Oid;
import org.junit.Assert;
import org.junit.Test;
-import javax.security.auth.Subject;
-import javax.security.auth.kerberos.KerberosTicket;
-import java.security.Principal;
-import java.security.PrivilegedExceptionAction;
-import java.util.Set;
-
/**
* This is an interop test using the Java GSS APIs against the Kerby KDC
*/
@@ -62,6 +70,38 @@ public class GssInteropTest extends LoginTestBase {
validateServiceTicket(kerberosToken);
}
+
+ @Test
+ @org.junit.Ignore
+ public void testKerbyClientAndGssService() throws Exception {
+ KrbClient client = getKrbClient();
+ client.init();
+
+ try {
+ // Get a service ticket using Kerby APIs
+ TgtTicket tgt = client.requestTgt(getClientPrincipal(), getClientPassword());
+ Assert.assertTrue(tgt != null);
+
+ SgtTicket tkt = client.requestSgt(tgt, getServerPrincipal());
+ Assert.assertTrue(tkt != null);
+
+ Credential credential = new Credential(tkt, tgt.getClientPrincipal());
+ CredentialCache cCache = new CredentialCache();
+ cCache.addCredential(credential);
+ cCache.setPrimaryPrincipal(tgt.getClientPrincipal());
+
+ ByteArrayOutputStream bout = new ByteArrayOutputStream();
+ CredCacheOutputStream os = new CredCacheOutputStream(bout);
+ cCache.store(bout);
+ os.close();
+
+ // Now validate the ticket using GSS
+ validateServiceTicket(bout.toByteArray());
+ } catch (Exception e) {
+ e.printStackTrace();
+ Assert.fail();
+ }
+ }
private void validateServiceTicket(byte[] ticket) throws Exception {
Subject serviceSubject = loginServiceUsingKeytab();
[10/26] directory-kerby git commit: DIRKRB-587 - Load JWT
verification key from classpath as well
Posted by pl...@apache.org.
DIRKRB-587 - Load JWT verification key from classpath as well
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/8aae0761
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/8aae0761
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/8aae0761
Branch: refs/heads/kadmin-remote
Commit: 8aae07614df706a85490c3f303ea8cf075b29dba
Parents: 83ebd60
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Jun 15 17:29:55 2016 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Jun 15 17:29:55 2016 +0100
----------------------------------------------------------------------
.../kerb/server/preauth/token/TokenPreauth.java | 50 ++++++++++----------
1 file changed, 24 insertions(+), 26 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/8aae0761/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java
index f4580fc..34fec85 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java
@@ -48,6 +48,7 @@ import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
+import java.io.InputStream;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.List;
@@ -123,39 +124,35 @@ public class TokenPreauth extends AbstractPreauthPlugin {
private void configureKeys(TokenDecoder tokenDecoder, KdcRequest kdcRequest, String issuer) {
String verifyKeyPath = kdcRequest.getKdcContext().getConfig().getVerifyKeyConfig();
if (verifyKeyPath != null) {
- File verifyKeyFile = getKeyFile(verifyKeyPath, issuer);
- if (verifyKeyFile != null) {
- PublicKey verifyKey = null;
- try {
- FileInputStream fis = new FileInputStream(verifyKeyFile);
- verifyKey = PublicKeyReader.loadPublicKey(fis);
- } catch (FileNotFoundException e) {
- e.printStackTrace();
- } catch (Exception e) {
- e.printStackTrace();
+ try {
+ InputStream verifyKeyFile = getKeyFileStream(verifyKeyPath, issuer);
+ if (verifyKeyFile != null) {
+ PublicKey verifyKey = PublicKeyReader.loadPublicKey(verifyKeyFile);
+ tokenDecoder.setVerifyKey(verifyKey);
}
- tokenDecoder.setVerifyKey(verifyKey);
+ } catch (FileNotFoundException e) {
+ e.printStackTrace();
+ } catch (Exception e) {
+ e.printStackTrace();
}
}
String decryptionKeyPath = kdcRequest.getKdcContext().getConfig().getDecryptionKeyConfig();
if (decryptionKeyPath != null) {
- File decryptionKeyFile = getKeyFile(decryptionKeyPath, issuer);
- if (decryptionKeyFile != null) {
- PrivateKey decryptionKey = null;
- try {
- FileInputStream fis = new FileInputStream(decryptionKeyFile);
- decryptionKey = PrivateKeyReader.loadPrivateKey(fis);
- } catch (FileNotFoundException e) {
- e.printStackTrace();
- } catch (Exception e) {
- e.printStackTrace();
+ try {
+ InputStream decryptionKeyFile = getKeyFileStream(decryptionKeyPath, issuer);
+ if (decryptionKeyFile != null) {
+ PrivateKey decryptionKey = PrivateKeyReader.loadPrivateKey(decryptionKeyFile);
+ tokenDecoder.setDecryptionKey(decryptionKey);
}
- tokenDecoder.setDecryptionKey(decryptionKey);
+ } catch (FileNotFoundException e) {
+ e.printStackTrace();
+ } catch (Exception e) {
+ e.printStackTrace();
}
}
}
- private File getKeyFile(String path, String issuer) {
+ private InputStream getKeyFileStream(String path, String issuer) throws FileNotFoundException {
File file = new File(path);
if (file.isDirectory()) {
File[] listOfFiles = file.listFiles();
@@ -170,11 +167,12 @@ public class TokenPreauth extends AbstractPreauthPlugin {
break;
}
}
- return verifyKeyFile;
+ return new FileInputStream(verifyKeyFile);
} else if (file.isFile()) {
- return file;
+ return new FileInputStream(file);
}
- return null;
+ // Not a directory or a file...maybe it's a resource on the classpath
+ return this.getClass().getClassLoader().getResourceAsStream(path);
}
}
[04/26] directory-kerby git commit: Use readFully instead of read for
being more robust, according to Steve review
Posted by pl...@apache.org.
Use readFully instead of read for being more robust, according to Steve review
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/8da8d90a
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/8da8d90a
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/8da8d90a
Branch: refs/heads/kadmin-remote
Commit: 8da8d90a3bcb1a29a5cc40af196efd04b5cb6e73
Parents: 9989694
Author: Kai Zheng <ka...@intel.com>
Authored: Mon Jun 13 20:22:26 2016 +0800
Committer: Kai Zheng <ka...@intel.com>
Committed: Mon Jun 13 20:22:26 2016 +0800
----------------------------------------------------------------------
.../main/java/org/apache/kerby/kerberos/kerb/KrbInputStream.java | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/8da8d90a/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/KrbInputStream.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/KrbInputStream.java b/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/KrbInputStream.java
index 9611fe0..1e0729d 100644
--- a/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/KrbInputStream.java
+++ b/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/KrbInputStream.java
@@ -73,9 +73,7 @@ public abstract class KrbInputStream extends DataInputStream {
}
byte[] data = new byte[len];
- if (read(data) == -1) {
- throw new IOException("Unexpected end of stream");
- }
+ readFully(data);
return data;
}
[23/26] directory-kerby git commit: NPE fix
Posted by pl...@apache.org.
NPE fix
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/8b9b2f98
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/8b9b2f98
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/8b9b2f98
Branch: refs/heads/kadmin-remote
Commit: 8b9b2f98397660a91fed5d5300ff5822edfa7809
Parents: 55e90d9
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Mon Jul 4 12:33:11 2016 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Mon Jul 4 12:33:11 2016 +0100
----------------------------------------------------------------------
.../kerb/integration/test/jaas/TokenAuthLoginModule.java | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/8b9b2f98/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java b/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java
index d0e8549..15788b2 100644
--- a/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java
+++ b/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java
@@ -112,7 +112,7 @@ public class TokenAuthLoginModule implements LoginModule {
}
if ((String) options.get(CREDENTIAL_CACHE) != null) {
cCache = new File((String) options.get(CREDENTIAL_CACHE));
- }
+ }
if ((String) options.get(SIGN_KEY_FILE) != null) {
signKeyFile = new File((String) options.get(SIGN_KEY_FILE));
}
@@ -230,6 +230,10 @@ public class TokenAuthLoginModule implements LoginModule {
if (armorCache == null) {
throw new LoginException("An armor cache must be specified via the armorCache configuration option");
}
+
+ if (cCache == null) {
+ throw new LoginException("A credential cache must be specified via the credentialCache configuration option");
+ }
String error = "";
if (tokenStr == null && tokenCacheName == null) {
[22/26] directory-kerby git commit: Just write out the JWT token "as
is" if there is no signature key
Posted by pl...@apache.org.
Just write out the JWT token "as is" if there is no signature key
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/55e90d92
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/55e90d92
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/55e90d92
Branch: refs/heads/kadmin-remote
Commit: 55e90d922e85f969de084fc3e2322a7925547080
Parents: 5e75bf5
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Mon Jul 4 12:18:02 2016 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Mon Jul 4 12:18:32 2016 +0100
----------------------------------------------------------------------
.../test/jaas/TokenAuthLoginModule.java | 73 +++++++++++++-------
.../kerberos/provider/token/JwtAuthToken.java | 6 +-
2 files changed, 51 insertions(+), 28 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/55e90d92/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java b/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java
index 7eee5ba..d0e8549 100644
--- a/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java
+++ b/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java
@@ -33,10 +33,14 @@ import org.apache.kerby.kerberos.kerb.type.base.KrbToken;
import org.apache.kerby.kerberos.kerb.type.base.TokenFormat;
import org.apache.kerby.kerberos.kerb.type.kdc.EncKdcRepPart;
import org.apache.kerby.kerberos.kerb.type.ticket.TgtTicket;
+import org.apache.kerby.kerberos.provider.token.JwtAuthToken;
import org.apache.kerby.kerberos.provider.token.JwtTokenEncoder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import com.nimbusds.jwt.JWT;
+import com.nimbusds.jwt.JWTParser;
+
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.kerberos.KerberosPrincipal;
@@ -50,6 +54,7 @@ import java.io.IOException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.interfaces.RSAPrivateKey;
+import java.text.ParseException;
import java.util.Date;
import java.util.Iterator;
import java.util.Map;
@@ -245,38 +250,55 @@ public class TokenAuthLoginModule implements LoginModule {
throw new LoginException("No valid token was found in token cache: " + tokenCacheName);
}
}
- TokenDecoder tokenDecoder = KrbRuntime.getTokenProvider().createTokenDecoder();
- try {
- authToken = tokenDecoder.decodeFromString(tokenStr);
- } catch (IOException e) {
- e.printStackTrace();
- }
- krbToken = new KrbToken(authToken, TokenFormat.JWT);
- TokenEncoder tokenEncoder = KrbRuntime.getTokenProvider().createTokenEncoder();
- if (tokenEncoder instanceof JwtTokenEncoder && signKeyFile != null) {
- PrivateKey signKey = null;
+ krbToken = new KrbToken();
+
+ // Sign the token.
+ if (signKeyFile != null) {
try {
- FileInputStream fis = new FileInputStream(signKeyFile);
- signKey = PrivateKeyReader.loadPrivateKey(fis);
- } catch (FileNotFoundException e) {
- e.printStackTrace();
- } catch (Exception e) {
- e.printStackTrace();
+ TokenDecoder tokenDecoder = KrbRuntime.getTokenProvider().createTokenDecoder();
+ try {
+ authToken = tokenDecoder.decodeFromString(tokenStr);
+ } catch (IOException e) {
+ e.printStackTrace();
+ }
+ krbToken = new KrbToken(authToken, TokenFormat.JWT);
+ TokenEncoder tokenEncoder = KrbRuntime.getTokenProvider().createTokenEncoder();
+
+ if (tokenEncoder instanceof JwtTokenEncoder) {
+ PrivateKey signKey = null;
+ try {
+ FileInputStream fis = new FileInputStream(signKeyFile);
+ signKey = PrivateKeyReader.loadPrivateKey(fis);
+ } catch (FileNotFoundException e) {
+ e.printStackTrace();
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+
+ ((JwtTokenEncoder) tokenEncoder).setSignKey((RSAPrivateKey) signKey);
+ }
+
+ krbToken.setTokenValue(tokenEncoder.encodeAsBytes(authToken));
+ } catch (KrbException e) {
+ throw new RuntimeException("Failed to encode AuthToken", e);
+ }
+ } else {
+ // Otherwise just write out the token (which could be already signed)
+ krbToken.setTokenValue(tokenStr.getBytes());
+
+ try {
+ JWT jwt = JWTParser.parse(tokenStr);
+ authToken = new JwtAuthToken(jwt.getJWTClaimsSet());
+ } catch (ParseException e) {
+ // Invalid JWT encoding
+ throw new RuntimeException("Failed to parse JWT token string", e);
}
-
- ((JwtTokenEncoder) tokenEncoder).setSignKey((RSAPrivateKey) signKey);
}
-
- krbToken = new KrbToken();
+
krbToken.setInnerToken(authToken);
krbToken.setTokenType();
krbToken.setTokenFormat(TokenFormat.JWT);
- try {
- krbToken.setTokenValue(tokenEncoder.encodeAsBytes(authToken));
- } catch (KrbException e) {
- throw new RuntimeException("Failed to encode AuthToken", e);
- }
KrbClient krbClient = null;
try {
@@ -290,6 +312,7 @@ public class TokenAuthLoginModule implements LoginModule {
} catch (IOException e) {
e.printStackTrace();
}
+
KrbTokenClient tokenClient = new KrbTokenClient(krbClient);
try {
tgtTicket = tokenClient.requestTgt(krbToken,
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/55e90d92/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtAuthToken.java
----------------------------------------------------------------------
diff --git a/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtAuthToken.java b/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtAuthToken.java
index e5d92c8..b6e60c4 100644
--- a/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtAuthToken.java
+++ b/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtAuthToken.java
@@ -40,15 +40,15 @@ public class JwtAuthToken implements AuthToken {
private Boolean isIdToken = true;
private Boolean isAcToken = false;
- protected JwtAuthToken() {
+ public JwtAuthToken() {
this(new JWTClaimsSet());
}
- protected JwtAuthToken(JWTClaimsSet jwtClaims) {
+ public JwtAuthToken(JWTClaimsSet jwtClaims) {
this.jwtClaims = jwtClaims;
}
- protected JwtAuthToken(ReadOnlyJWTClaimsSet jwtClaims) {
+ public JwtAuthToken(ReadOnlyJWTClaimsSet jwtClaims) {
this.jwtClaims = JwtUtil.from(jwtClaims);
}
[19/26] directory-kerby git commit: Removing GSS interop testcase
Posted by pl...@apache.org.
Removing GSS interop testcase
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/a8b48d34
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/a8b48d34
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/a8b48d34
Branch: refs/heads/kadmin-remote
Commit: a8b48d3448feafc61e8ea373459472925ed434bf
Parents: 358340d
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Mon Jul 4 10:28:33 2016 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Mon Jul 4 10:28:33 2016 +0100
----------------------------------------------------------------------
.../kerberos/kerb/server/GssInteropTest.java | 39 --------------------
1 file changed, 39 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/a8b48d34/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/GssInteropTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/GssInteropTest.java b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/GssInteropTest.java
index 7e0d269..cb74b3f 100644
--- a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/GssInteropTest.java
+++ b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/GssInteropTest.java
@@ -19,7 +19,6 @@
*/
package org.apache.kerby.kerberos.kerb.server;
-import java.io.ByteArrayOutputStream;
import java.security.Principal;
import java.security.PrivilegedExceptionAction;
import java.util.Set;
@@ -27,12 +26,6 @@ import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.kerberos.KerberosTicket;
-import org.apache.kerby.kerberos.kerb.ccache.CredCacheOutputStream;
-import org.apache.kerby.kerberos.kerb.ccache.Credential;
-import org.apache.kerby.kerberos.kerb.ccache.CredentialCache;
-import org.apache.kerby.kerberos.kerb.client.KrbClient;
-import org.apache.kerby.kerberos.kerb.type.ticket.SgtTicket;
-import org.apache.kerby.kerberos.kerb.type.ticket.TgtTicket;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
@@ -71,38 +64,6 @@ public class GssInteropTest extends LoginTestBase {
validateServiceTicket(kerberosToken);
}
- @Test
- @org.junit.Ignore
- public void testKerbyClientAndGssService() throws Exception {
- KrbClient client = getKrbClient();
- client.init();
-
- try {
- // Get a service ticket using Kerby APIs
- TgtTicket tgt = client.requestTgt(getClientPrincipal(), getClientPassword());
- Assert.assertTrue(tgt != null);
-
- SgtTicket tkt = client.requestSgt(tgt, getServerPrincipal());
- Assert.assertTrue(tkt != null);
-
- Credential credential = new Credential(tkt, tgt.getClientPrincipal());
- CredentialCache cCache = new CredentialCache();
- cCache.addCredential(credential);
- cCache.setPrimaryPrincipal(tgt.getClientPrincipal());
-
- ByteArrayOutputStream bout = new ByteArrayOutputStream();
- CredCacheOutputStream os = new CredCacheOutputStream(bout);
- cCache.store(bout);
- os.close();
-
- // Now validate the ticket using GSS
- validateServiceTicket(bout.toByteArray());
- } catch (Exception e) {
- e.printStackTrace();
- Assert.fail();
- }
- }
-
private void validateServiceTicket(byte[] ticket) throws Exception {
Subject serviceSubject = loginServiceUsingKeytab();
Set<Principal> servicePrincipals = serviceSubject.getPrincipals();
[17/26] directory-kerby git commit: Adding Token Auth testcase
Posted by pl...@apache.org.
Adding Token Auth testcase
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/68933ae0
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/68933ae0
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/68933ae0
Branch: refs/heads/kadmin-remote
Commit: 68933ae0cf397cf1f0e9af9a1934243de62cb9ab
Parents: b0d7554
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Fri Jul 1 12:07:01 2016 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Fri Jul 1 12:07:01 2016 +0100
----------------------------------------------------------------------
.../integration/test/TokenLoginTestBase.java | 10 ++-
.../TokenLoginWithTokenPreauthEnabledTest.java | 74 ++++++++++++++++++++
2 files changed, 83 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/68933ae0/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginTestBase.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginTestBase.java b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginTestBase.java
index 4741372..7258907 100644
--- a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginTestBase.java
+++ b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginTestBase.java
@@ -141,11 +141,19 @@ public class TokenLoginTestBase extends LoginTestBase {
protected void testLoginWithTokenStr() throws Exception {
String tokenStr = createTokenAndArmorCache();
- checkSubject(loginClientUsingTokenStr(tokenStr, armorCache, tgtCache, signKeyFile));
+ Subject subj = loginClientUsingTokenStr(tokenStr, armorCache, tgtCache, signKeyFile);
+ checkSubject(subj);
}
protected void testLoginWithTokenCache() throws Exception {
createTokenAndArmorCache();
checkSubject(loginClientUsingTokenCache(tokenCache, armorCache, tgtCache, signKeyFile));
}
+
+ protected Subject testLoginWithTokenCacheAndRetSubject() throws Exception {
+ createTokenAndArmorCache();
+ Subject subj = loginClientUsingTokenCache(tokenCache, armorCache, tgtCache, signKeyFile);
+ checkSubject(subj);
+ return subj;
+ }
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/68933ae0/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginWithTokenPreauthEnabledTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginWithTokenPreauthEnabledTest.java b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginWithTokenPreauthEnabledTest.java
index 86faf11..ed4ec8a 100644
--- a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginWithTokenPreauthEnabledTest.java
+++ b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginWithTokenPreauthEnabledTest.java
@@ -19,6 +19,19 @@
*/
package org.apache.kerby.kerberos.kerb.integration.test;
+import java.security.Principal;
+import java.security.PrivilegedExceptionAction;
+import java.util.Set;
+
+import javax.security.auth.Subject;
+
+import org.ietf.jgss.GSSContext;
+import org.ietf.jgss.GSSCredential;
+import org.ietf.jgss.GSSException;
+import org.ietf.jgss.GSSManager;
+import org.ietf.jgss.GSSName;
+import org.ietf.jgss.Oid;
+import org.junit.Assert;
import org.junit.Test;
/**
@@ -40,4 +53,65 @@ public class TokenLoginWithTokenPreauthEnabledTest extends TokenLoginTestBase {
public void testLoginWithTokenCache() throws Exception {
super.testLoginWithTokenCache();
}
+
+ @Test
+ @org.junit.Ignore
+ public void testLoginWithTokenCacheGSS() throws Exception {
+ Subject subject = super.testLoginWithTokenCacheAndRetSubject();
+ Set<Principal> clientPrincipals = subject.getPrincipals();
+
+ // Get the service ticket
+ KerberosClientExceptionAction action =
+ new KerberosClientExceptionAction(clientPrincipals.iterator().next(),
+ getServerPrincipal());
+
+ byte[] kerberosToken = (byte[]) Subject.doAs(subject, action);
+ Assert.assertNotNull(kerberosToken);
+ }
+
+ /**
+ * This class represents a PrivilegedExceptionAction implementation to
+ * a service ticket from a Kerberos Key Distribution Center.
+ */
+ private class KerberosClientExceptionAction implements PrivilegedExceptionAction<byte[]> {
+
+ private static final String JGSS_KERBEROS_TICKET_OID = "1.2.840.113554.1.2.2";
+
+ private Principal clientPrincipal;
+ private String serviceName;
+
+ KerberosClientExceptionAction(Principal clientPrincipal, String serviceName) {
+ this.clientPrincipal = clientPrincipal;
+ this.serviceName = serviceName;
+ }
+
+ public byte[] run() throws GSSException {
+ GSSManager gssManager = GSSManager.getInstance();
+
+ GSSName gssService = gssManager.createName(serviceName,
+ GSSName.NT_USER_NAME);
+ Oid oid = new Oid(JGSS_KERBEROS_TICKET_OID);
+ GSSName gssClient = gssManager.createName(clientPrincipal.getName(),
+ GSSName.NT_USER_NAME);
+ GSSCredential credentials = gssManager.createCredential(
+ gssClient, GSSCredential.DEFAULT_LIFETIME, oid,
+ GSSCredential.INITIATE_ONLY);
+
+ GSSContext secContext = gssManager.createContext(
+ gssService, oid, credentials, GSSContext.DEFAULT_LIFETIME
+ );
+
+ secContext.requestMutualAuth(false);
+ secContext.requestCredDeleg(false);
+
+ try {
+ byte[] token = new byte[0];
+ byte[] returnedToken = secContext.initSecContext(token,
+ 0, token.length);
+ return returnedToken;
+ } finally {
+ secContext.dispose();
+ }
+ }
+ }
}
[02/26] directory-kerby git commit: A clean up for a duplicate method
Posted by pl...@apache.org.
A clean up for a duplicate method
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/a798aa8e
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/a798aa8e
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/a798aa8e
Branch: refs/heads/kadmin-remote
Commit: a798aa8ee11ae2c6b9297f61664f1905da23911a
Parents: 32410c4
Author: Kai Zheng <ka...@intel.com>
Authored: Sun Jun 12 19:12:51 2016 +0800
Committer: Kai Zheng <ka...@intel.com>
Committed: Sun Jun 12 19:12:51 2016 +0800
----------------------------------------------------------------------
.../apache/kerby/kerberos/kerb/keytab/KeytabInputStream.java | 6 ------
1 file changed, 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/a798aa8e/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/keytab/KeytabInputStream.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/keytab/KeytabInputStream.java b/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/keytab/KeytabInputStream.java
index f1ddeba..2e52b9c 100644
--- a/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/keytab/KeytabInputStream.java
+++ b/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/keytab/KeytabInputStream.java
@@ -74,12 +74,6 @@ public class KeytabInputStream extends KrbInputStream {
return key;
}
- public String readCountedString() throws IOException {
- byte[] countedOctets = readCountedOctets();
- // ASCII
- return new String(countedOctets, "ASCII");
- }
-
@Override
public int readOctetsCount() throws IOException {
return readShort();
[24/26] directory-kerby git commit: Checkstyle fix
Posted by pl...@apache.org.
Checkstyle fix
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/054db32c
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/054db32c
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/054db32c
Branch: refs/heads/kadmin-remote
Commit: 054db32c98377d55727049086517146e43f52f60
Parents: 8b9b2f9
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Mon Jul 4 12:53:55 2016 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Mon Jul 4 12:53:55 2016 +0100
----------------------------------------------------------------------
.../kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/054db32c/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java b/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java
index 15788b2..441fd71 100644
--- a/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java
+++ b/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java
@@ -232,7 +232,8 @@ public class TokenAuthLoginModule implements LoginModule {
}
if (cCache == null) {
- throw new LoginException("A credential cache must be specified via the credentialCache configuration option");
+ throw new LoginException("A credential cache must be specified via the credentialCache"
+ + " configuration option");
}
String error = "";
[05/26] directory-kerby git commit: DIRKRB-584 - NPE if the token
issuers value is not specified
Posted by pl...@apache.org.
DIRKRB-584 - NPE if the token issuers value is not specified
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/4b3e7042
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/4b3e7042
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/4b3e7042
Branch: refs/heads/kadmin-remote
Commit: 4b3e7042d9daca1f1bdb9c0536fa14610ca1498d
Parents: 8da8d90
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Jun 15 17:05:57 2016 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Jun 15 17:05:57 2016 +0100
----------------------------------------------------------------------
.../java/org/apache/kerby/kerberos/kerb/common/Krb5Conf.java | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/4b3e7042/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/Krb5Conf.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/Krb5Conf.java b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/Krb5Conf.java
index 1dba876..7c4ae74 100644
--- a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/Krb5Conf.java
+++ b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/Krb5Conf.java
@@ -160,8 +160,10 @@ public class Krb5Conf extends Conf {
protected String[] getStringArray(ConfigKey key, boolean useDefault,
String ... sections) {
String value = getString(key, useDefault, sections);
- String[] values = value.split(LIST_SPLITTER);
- return values;
+ if (value != null) {
+ return value.split(LIST_SPLITTER);
+ }
+ return new String[]{};
}
protected Object getSection(String sectionName) {
[07/26] directory-kerby git commit: Minor grammatical typos
Posted by pl...@apache.org.
Minor grammatical typos
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/fc0328bc
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/fc0328bc
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/fc0328bc
Branch: refs/heads/kadmin-remote
Commit: fc0328bc0bc6c6922464a701eb8b49b7fec74993
Parents: ca326b8
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Jun 15 17:14:16 2016 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Jun 15 17:14:16 2016 +0100
----------------------------------------------------------------------
.../src/main/java/org/apache/kerby/kerberos/kerb/KrbRuntime.java | 2 +-
.../org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/fc0328bc/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/KrbRuntime.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/KrbRuntime.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/KrbRuntime.java
index c31053e..ff36235 100644
--- a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/KrbRuntime.java
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/KrbRuntime.java
@@ -37,7 +37,7 @@ public class KrbRuntime {
*/
public static synchronized TokenProvider getTokenProvider() {
if (tokenProvider == null) {
- throw new RuntimeException("No token provider is hooked into yet");
+ throw new RuntimeException("No token provider is available");
}
return tokenProvider;
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/fc0328bc/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java
index 8d44d9f..7b4c79d 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java
@@ -208,7 +208,7 @@ public abstract class KdcRequest {
if (paData != null) {
for (PaDataEntry paEntry : paData.getElements()) {
if (paEntry.getPaDataType() == PaDataType.FX_FAST) {
- LOG.info("Found fast padata and start to process it.");
+ LOG.info("Found fast padata and starting to process it.");
KrbFastArmoredReq fastArmoredReq = KrbCodec.decode(paEntry.getPaDataValue(),
KrbFastArmoredReq.class);
KrbFastArmor fastArmor = fastArmoredReq.getArmor();
[16/26] directory-kerby git commit: Updating Apache DS
Posted by pl...@apache.org.
Updating Apache DS
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/b0d7554c
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/b0d7554c
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/b0d7554c
Branch: refs/heads/kadmin-remote
Commit: b0d7554c0ac28f435cd7424ef05bf22943a35cf0
Parents: 1bce738
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Tue Jun 28 15:21:54 2016 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Tue Jun 28 15:21:54 2016 +0100
----------------------------------------------------------------------
.../kerby/kerberos/kdc/identitybackend/LdapIdentityBackend.java | 2 ++
pom.xml | 4 ++--
2 files changed, 4 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/b0d7554c/kerby-backend/ldap-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/LdapIdentityBackend.java
----------------------------------------------------------------------
diff --git a/kerby-backend/ldap-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/LdapIdentityBackend.java b/kerby-backend/ldap-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/LdapIdentityBackend.java
index 99ba85d..21fb731 100644
--- a/kerby-backend/ldap-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/LdapIdentityBackend.java
+++ b/kerby-backend/ldap-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/LdapIdentityBackend.java
@@ -343,6 +343,8 @@ public class LdapIdentityBackend extends AbstractIdentityBackend {
e.printStackTrace();
} catch (CursorException e) {
e.printStackTrace();
+ } catch (IOException e) {
+ e.printStackTrace();
}
return identityNames;
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/b0d7554c/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index 3aeef2a..2a96ed5 100644
--- a/pom.xml
+++ b/pom.xml
@@ -47,11 +47,11 @@
</distributionManagement>
<properties>
- <apacheds.version>2.0.0-M21</apacheds.version>
+ <apacheds.version>2.0.0-M22</apacheds.version>
<bouncycastle.version>1.54</bouncycastle.version>
<commons-io.version>2.5</commons-io.version>
<gson.version>2.6.2</gson.version>
- <ldap.api.version>1.0.0-M33</ldap.api.version>
+ <ldap.api.version>1.0.0-RC1</ldap.api.version>
<log4j.version>1.2.17</log4j.version>
<junit.version>4.12</junit.version>
<nimbus.jose.version>3.10</nimbus.jose.version>
[20/26] directory-kerby git commit: Minor reshuffle
Posted by pl...@apache.org.
Minor reshuffle
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/85188383
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/85188383
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/85188383
Branch: refs/heads/kadmin-remote
Commit: 85188383e58b03d12da15d15f7c376e87e2bbdd6
Parents: a8b48d3
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Mon Jul 4 10:31:28 2016 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Mon Jul 4 10:31:28 2016 +0100
----------------------------------------------------------------------
.../integration/test/jaas/TokenAuthLoginModule.java | 15 ++++++++-------
1 file changed, 8 insertions(+), 7 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/85188383/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java b/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java
index 0d812c9..cbeb01c 100644
--- a/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java
+++ b/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java
@@ -61,6 +61,13 @@ import java.util.Map;
* armorCache: armor-cache-file
*/
public class TokenAuthLoginModule implements LoginModule {
+ public static final String PRINCIPAL = "principal";
+ public static final String TOKEN = "token";
+ public static final String TOKEN_CACHE = "tokenCache";
+ public static final String ARMOR_CACHE = "armorCache";
+ public static final String CREDENTIAL_CACHE = "credentialCache";
+ public static final String SIGN_KEY_FILE = "signKeyFile";
+
private static final Logger LOG = LoggerFactory.getLogger(TokenAuthLoginModule.class);
/** initial state*/
@@ -76,16 +83,10 @@ public class TokenAuthLoginModule implements LoginModule {
private String princName = null;
private String tokenStr = null;
private AuthToken authToken = null;
- KrbToken krbToken = null;
+ private KrbToken krbToken = null;
private File armorCache;
private File cCache;
private File signKeyFile;
- public static final String PRINCIPAL = "principal";
- public static final String TOKEN = "token";
- public static final String TOKEN_CACHE = "tokenCache";
- public static final String ARMOR_CACHE = "armorCache";
- public static final String CREDENTIAL_CACHE = "credentialCache";
- public static final String SIGN_KEY_FILE = "signKeyFile";
private TgtTicket tgtTicket;