You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by pl...@apache.org on 2015/11/30 04:09:45 UTC
[04/19] directory-kerby git commit: DIRKRB-479 Separate token client
out of KrbClient
DIRKRB-479 Separate token client out of KrbClient
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/759f26f9
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/759f26f9
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/759f26f9
Branch: refs/heads/pkinit-support
Commit: 759f26f92cbb7d9bbbc2deebc33003434f36e416
Parents: 105dc25
Author: Kai Zheng <ka...@intel.com>
Authored: Sun Nov 29 07:06:08 2015 +0800
Committer: Kai Zheng <ka...@intel.com>
Committed: Sun Nov 29 07:06:08 2015 +0800
----------------------------------------------------------------------
.../kerberos/kdc/WithAccessTokenKdcTest.java | 4 +-
.../kerberos/kdc/WithIdentityTokenKdcTest.java | 8 +-
.../test/jaas/TokenAuthLoginModule.java | 7 +-
.../kerby/kerberos/kerb/client/KrbClient.java | 36 +-------
.../kerberos/kerb/client/KrbTokenClient.java | 89 ++++++++++++++++++++
.../kerb/client/impl/InternalKrbClient.java | 2 +-
6 files changed, 106 insertions(+), 40 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/759f26f9/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithAccessTokenKdcTest.java
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithAccessTokenKdcTest.java b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithAccessTokenKdcTest.java
index 8686190..2643de6 100644
--- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithAccessTokenKdcTest.java
+++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithAccessTokenKdcTest.java
@@ -26,6 +26,7 @@ import java.security.PrivateKey;
import java.security.PublicKey;
import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.client.KrbTokenClient;
import org.apache.kerby.kerberos.kerb.common.PrivateKeyReader;
import org.apache.kerby.kerberos.kerb.common.PublicKeyReader;
import org.apache.kerby.kerberos.kerb.server.TestKdcServer;
@@ -135,8 +136,9 @@ public class WithAccessTokenKdcTest extends WithTokenKdcTestBase {
private void performTest() throws Exception {
createCredentialCache(getClientPrincipal(), getClientPassword());
+ KrbTokenClient tokenClient = new KrbTokenClient(getKrbClient());
try {
- ServiceTicket serviceTicket = getKrbClient().requestServiceTicketWithAccessToken(
+ ServiceTicket serviceTicket = tokenClient.requestServiceTicket(
getKrbToken(), getServerPrincipal(), getcCacheFile().getPath());
verifyTicket(serviceTicket);
} finally {
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/759f26f9/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithIdentityTokenKdcTest.java
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithIdentityTokenKdcTest.java b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithIdentityTokenKdcTest.java
index 052cb0d..0e4722c 100644
--- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithIdentityTokenKdcTest.java
+++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithIdentityTokenKdcTest.java
@@ -20,6 +20,7 @@
package org.apache.kerby.kerberos.kdc;
import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.client.KrbTokenClient;
import org.apache.kerby.kerberos.kerb.common.PrivateKeyReader;
import org.apache.kerby.kerberos.kerb.common.PublicKeyReader;
import org.apache.kerby.kerberos.kerb.server.TestKdcServer;
@@ -135,10 +136,11 @@ public class WithIdentityTokenKdcTest extends WithTokenKdcTestBase {
createCredentialCache(getClientPrincipal(), getClientPassword());
- TgtTicket tgt = null;
+ TgtTicket tgt;
+ KrbTokenClient tokenClient = new KrbTokenClient(getKrbClient());
try {
- tgt = getKrbClient().requestTgtWithToken(getKrbToken(),
- getcCacheFile().getPath());
+ tgt = tokenClient.requestTgt(getKrbToken(),
+ getcCacheFile().getPath());
} catch (KrbException e) {
if (e.getMessage().contains("timeout")) {
return;
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/759f26f9/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java b/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java
index a8888a8..195158a 100644
--- a/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java
+++ b/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java
@@ -24,6 +24,7 @@ import org.apache.kerby.kerberos.kerb.KrbRuntime;
import org.apache.kerby.kerberos.kerb.client.Krb5Conf;
import org.apache.kerby.kerberos.kerb.client.KrbClient;
import org.apache.kerby.kerberos.kerb.client.KrbConfig;
+import org.apache.kerby.kerberos.kerb.client.KrbTokenClient;
import org.apache.kerby.kerberos.kerb.common.PrivateKeyReader;
import org.apache.kerby.kerberos.kerb.provider.TokenDecoder;
import org.apache.kerby.kerberos.kerb.provider.TokenEncoder;
@@ -239,9 +240,11 @@ public class TokenAuthLoginModule implements LoginModule {
} catch (IOException e) {
e.printStackTrace();
}
- TgtTicket tgtTicket = null;
+ TgtTicket tgtTicket;
+ KrbTokenClient tokenClient = new KrbTokenClient(krbClient);
try {
- tgtTicket = krbClient.requestTgtWithToken(krbToken, armorCache.getAbsolutePath());
+ tgtTicket = tokenClient.requestTgt(krbToken,
+ armorCache.getAbsolutePath());
} catch (KrbException e) {
throwWith("Failed to do login with token: " + tokenStr, e);
return false;
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/759f26f9/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbClient.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbClient.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbClient.java
index b5ec953..80bfa67 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbClient.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbClient.java
@@ -24,7 +24,6 @@ import org.apache.kerby.kerberos.kerb.KrbException;
import org.apache.kerby.kerberos.kerb.ccache.CredentialCache;
import org.apache.kerby.kerberos.kerb.client.impl.DefaultInternalKrbClient;
import org.apache.kerby.kerberos.kerb.client.impl.InternalKrbClient;
-import org.apache.kerby.kerberos.kerb.spec.base.AuthToken;
import org.apache.kerby.kerberos.kerb.spec.ticket.ServiceTicket;
import org.apache.kerby.kerberos.kerb.spec.ticket.TgtTicket;
import org.slf4j.Logger;
@@ -221,24 +220,6 @@ public class KrbClient {
}
/**
- * Request a TGT with user token credential
- * @param token The auth token
- * @param armorCache The armor cache
- * @return TGT
- * @throws KrbException e
- */
- public TgtTicket requestTgtWithToken(AuthToken token, String armorCache) throws KrbException {
- if (!token.isIdToken()) {
- throw new IllegalArgumentException("Identity token is expected");
- }
-
- KOptions requestOptions = new KOptions();
- requestOptions.add(KrbOption.TOKEN_USER_ID_TOKEN, token);
- requestOptions.add(KrbOption.ARMOR_CACHE, armorCache);
- return requestTgtWithOptions(requestOptions);
- }
-
- /**
* Request a TGT with using well prepared requestOptions.
* @param requestOptions The request options
* @return TGT
@@ -268,23 +249,12 @@ public class KrbClient {
}
/**
- * Request a service ticket using an Access Token.
- * @param token The auth token
- * @param serverPrincipal The server principal
- * @param armorCache The armor cache
+ * Request a service ticket provided request options
+ * @param requestOptions The request options
* @return service ticket
* @throws KrbException e
*/
- public ServiceTicket requestServiceTicketWithAccessToken(
- AuthToken token, String serverPrincipal,
- String armorCache) throws KrbException {
- if (!token.isAcToken()) {
- throw new IllegalArgumentException("Access token is expected");
- }
- KOptions requestOptions = new KOptions();
- requestOptions.add(KrbOption.TOKEN_USER_AC_TOKEN, token);
- requestOptions.add(KrbOption.ARMOR_CACHE, armorCache);
- requestOptions.add(KrbOption.SERVER_PRINCIPAL, serverPrincipal);
+ public ServiceTicket requestServiceTicket(KOptions requestOptions) throws KrbException {
return innerClient.requestServiceTicket(requestOptions);
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/759f26f9/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbTokenClient.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbTokenClient.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbTokenClient.java
new file mode 100644
index 0000000..55fe727
--- /dev/null
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbTokenClient.java
@@ -0,0 +1,89 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.client;
+
+import org.apache.kerby.KOptions;
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.spec.base.AuthToken;
+import org.apache.kerby.kerberos.kerb.spec.ticket.ServiceTicket;
+import org.apache.kerby.kerberos.kerb.spec.ticket.TgtTicket;
+
+/**
+ * A krb token client API for applications to interact with KDC using token.
+ */
+public class KrbTokenClient {
+ private final KrbClient krbClient;
+
+ /**
+ * Constructor with prepared KrbClient.
+ * @param krbClient The krb client
+ */
+ public KrbTokenClient(KrbClient krbClient) {
+ this.krbClient = krbClient;
+ }
+
+ /**
+ * Get krb client.
+ * @return KrbClient
+ */
+ public KrbClient getKrbClient() {
+ return krbClient;
+ }
+
+ /**
+ * Request a TGT with user token credential
+ * @param token The auth token
+ * @param armorCache The armor cache
+ * @return TGT
+ * @throws KrbException e
+ */
+ public TgtTicket requestTgt(AuthToken token, String armorCache) throws KrbException {
+ if (!token.isIdToken()) {
+ throw new IllegalArgumentException("Identity token is expected");
+ }
+
+ KOptions requestOptions = new KOptions();
+ requestOptions.add(KrbOption.TOKEN_USER_ID_TOKEN, token);
+ requestOptions.add(KrbOption.ARMOR_CACHE, armorCache);
+ return krbClient.requestTgtWithOptions(requestOptions);
+ }
+
+ /**
+ * Request a service ticket using an Access Token.
+ * @param token The auth token
+ * @param serverPrincipal The server principal
+ * @param armorCache The armor cache
+ * @return service ticket
+ * @throws KrbException e
+ */
+ public ServiceTicket requestServiceTicket(
+ AuthToken token, String serverPrincipal, String armorCache) throws KrbException {
+ if (!token.isAcToken()) {
+ throw new IllegalArgumentException("Access token is expected");
+ }
+
+ KOptions requestOptions = new KOptions();
+ requestOptions.add(KrbOption.TOKEN_USER_AC_TOKEN, token);
+ requestOptions.add(KrbOption.ARMOR_CACHE, armorCache);
+ requestOptions.add(KrbOption.SERVER_PRINCIPAL, serverPrincipal);
+
+ return krbClient.requestServiceTicket(requestOptions);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/759f26f9/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/impl/InternalKrbClient.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/impl/InternalKrbClient.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/impl/InternalKrbClient.java
index c30c1fa..9373a1d 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/impl/InternalKrbClient.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/impl/InternalKrbClient.java
@@ -51,7 +51,7 @@ public interface InternalKrbClient {
TgtTicket requestTgtTicket(KOptions requestOptions) throws KrbException;
/**
- * Request a service ticket.
+ * Request a service ticket provided request options
* @param requestOptions The request options
* @return service ticket
* @throws KrbException e