You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by co...@apache.org on 2017/07/03 11:00:35 UTC
[2/2] directory-kerby git commit: Adding some negative tests for the
token login module
Adding some negative tests for the token login module
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/7af3526f
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/7af3526f
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/7af3526f
Branch: refs/heads/trunk
Commit: 7af3526f71869ec4f73f8619a062633a22d66048
Parents: c39020d
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Mon Jul 3 11:55:27 2017 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Mon Jul 3 11:55:27 2017 +0100
----------------------------------------------------------------------
.../integration/test/TokenLoginTestBase.java | 12 +++++++--
.../TokenLoginWithTokenPreauthEnabledTest.java | 25 ++++++++++++++++++
.../src/test/resources/kdckeytest.pem | 27 ++++++++++++++++++++
.../kerb/client/jaas/TokenJaasKrbUtil.java | 4 ++-
4 files changed, 65 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/7af3526f/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginTestBase.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginTestBase.java b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginTestBase.java
index 0599bf4..140a81d 100644
--- a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginTestBase.java
+++ b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginTestBase.java
@@ -85,7 +85,7 @@ public class TokenLoginTestBase extends LoginTestBase {
return true;
}
- private String createTokenAndArmorCache() throws Exception {
+ protected String createTokenAndArmorCache() throws Exception {
TokenEncoder tokenEncoder = null;
try {
@@ -137,7 +137,7 @@ public class TokenLoginTestBase extends LoginTestBase {
return authToken;
}
- private Subject loginClientUsingTokenStr(String tokenStr, File armorCache, File tgtCache,
+ protected Subject loginClientUsingTokenStr(String tokenStr, File armorCache, File tgtCache,
File signKeyFile) throws Exception {
return TokenJaasKrbUtil.loginUsingToken(getClientPrincipal(), tokenStr, armorCache,
tgtCache, signKeyFile);
@@ -166,4 +166,12 @@ public class TokenLoginTestBase extends LoginTestBase {
checkSubject(subj);
return subj;
}
+
+ protected File getArmorCache() {
+ return armorCache;
+ }
+
+ protected File getTGTCache() {
+ return tgtCache;
+ }
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/7af3526f/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginWithTokenPreauthEnabledTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginWithTokenPreauthEnabledTest.java b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginWithTokenPreauthEnabledTest.java
index 1b7bfb7..9ca9aa7 100644
--- a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginWithTokenPreauthEnabledTest.java
+++ b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginWithTokenPreauthEnabledTest.java
@@ -24,6 +24,9 @@ import org.junit.Assert;
import org.junit.Test;
import javax.security.auth.Subject;
+import javax.security.auth.login.LoginException;
+
+import java.io.File;
import java.security.Principal;
import java.util.Set;
@@ -61,4 +64,26 @@ public class TokenLoginWithTokenPreauthEnabledTest extends TokenLoginTestBase {
Assert.assertNotNull(kerberosToken);
}
+ @Test
+ public void testUntrustedSignature() throws Exception {
+ String tokenStr = createTokenAndArmorCache();
+ File signKeyFile = new File(this.getClass().getResource("/kdckeytest.pem").getPath());
+ try {
+ loginClientUsingTokenStr(tokenStr, getArmorCache(), getTGTCache(), signKeyFile);
+ Assert.fail("Failure expected on a signature that is not trusted");
+ } catch (LoginException ex) { //NOPMD
+ // expected
+ }
+ }
+
+ @Test
+ public void testUnsignedToken() throws Exception {
+ String tokenStr = createTokenAndArmorCache();
+ try {
+ loginClientUsingTokenStr(tokenStr, getArmorCache(), getTGTCache(), null);
+ Assert.fail("Failure expected on an unsigned token");
+ } catch (LoginException ex) { //NOPMD
+ // expected
+ }
+ }
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/7af3526f/kerby-kerb/integration-test/src/test/resources/kdckeytest.pem
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/test/resources/kdckeytest.pem b/kerby-kerb/integration-test/src/test/resources/kdckeytest.pem
new file mode 100644
index 0000000..9fe020a
--- /dev/null
+++ b/kerby-kerb/integration-test/src/test/resources/kdckeytest.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEA1MLC7Ybdx2jskHc+IJYlEoGuH6yQYu/1D/5OShQcc3OGBqmb
+vLBoCizs2FqBb3FouACPlewePVPDEwytWxAc5oePwpCwoN+oC3oaJEg1Pei01EeO
+oMj/Smvsyce3TsYxYAyL7jPvetjYklfw6wt4fYAvHsThEMiZpFzD6hbQ4PNPYtsQ
+RrH4iVz7FsQ0UfLtFRmNODJj8NXYH9kedEHuKJWbqdUl5yfH9Uf8PkfuCxM+naog
+0+5YnGzo/sJgI6Si0Yn3oNDX3D/++7UC6t29bwo67zrzGZ4b/fCirZuCYg+c5mjG
+2yrYtQSVL3oLiyMrQ3SHNsI5CnkcmmKgSOMW2wIDAQABAoIBACotcfckhVLCuiLp
+gKd1HGRO0PX2f6kdaLeC8oI8+mbov+kSNo1xay6ZOVqqln5BPUE82zodVOFTeZiN
+KtCioRgSR62KgXli3S1pR0VqCyP6vd5XUS8OqY1XV9mofe5f2+nuks7l/NOdqVFZ
+naj63SgEAVNYNEXffpXWzf/aBg6R0KJj8AUotc+eN1y80RJSG+tR8Kzxuvwsb20H
+8m0sVWC/yXdM69Y+vW4YWObK0PpP6JznaECx/w2ihil3xAsf44YjvfOl1p+eP2uL
+G8m8nE3blVd+Fs2Vj9E28/Zt1NQAACavbi2x0vl4zPtup7g5tGrubgdgIM/uHPrs
+lDA2ngECgYEA+z6NpKgOQ8fomGztUylEkA7tlVqky/K/5j2a7f3f5yXCRCXOzsD7
++5awaKNKWNOLe4ynxXSVYxKWqDT4KkfZ/HSTUI4ozfymKSnpkLAirFNgIBCtAQuQ
+latU+1xVKo57Ev16oXsODZe1L5JYMTwiC4QGhljxtPy2kNT9MXEbctcCgYEA2Mm6
+xZuhSHQiRwTezfHC5AK+9qBX12c9cMBdGLdaaR4nAK0zDA1fHXTczF8EDOs3oCJZ
+RSTSBzNr7pTdfa7yFdmq6DA3mYeLWgpWBV2PcL6BDoNfomBpASUTWsIbPpGX7MXx
+hKTXa64aTeKT6zKaGLhwCKJDvmCyhy3guK3zf50CgYEAkJq4O4TecPSmUtSe47Zk
+1+U/qS66mwfkm0fp3AC61fdNkJuSJD2+ylc4wYD6UZWwOjQCfAtVz+fq/nU+QFeK
+h1sxTrQDmEtJ93dADx7RVg3Gza3LZUaauQobp3DFM/E9tPhflIGW3QvsJK0+RVgu
+4CHk/35B38Fz8ngkIkjPW5ECgYBB1wKigWG6X4sJhrEkWwiVtz/IJ2qGQRSn6cRc
+fVM4GbA+xFt8jZMVnyhv6WuRgN6kA8qY9VXUWgmtrAiY40ki2bjOS9aXClOIRRtb
+Bc9KrpEDl2K0LhO2BUybg9hCaHV7s6JmZqoGShozDV1fUT77wwhDlwR8DWIrLAPU
+EwChAQKBgHFSuzEBFu3VI4DtHObyV87E04MUC4RQxBp+K48HdO/zEy4M4/KtgFvr
+8LP8XhmDwwOSh34FI3qVqerePLEpqfEr89iDZ0zCmVR2O4vnhV8oXTVIinqXHWI0
+Qv//YHOKDRJ+jjU2dKm4KzACvwvuESEg/24siix9XZ3nZ8LvaGoC
+-----END RSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/7af3526f/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/jaas/TokenJaasKrbUtil.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/jaas/TokenJaasKrbUtil.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/jaas/TokenJaasKrbUtil.java
index 0c69295..0ec8df3 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/jaas/TokenJaasKrbUtil.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/jaas/TokenJaasKrbUtil.java
@@ -136,7 +136,9 @@ public class TokenJaasKrbUtil {
if (ccache != null) {
options.put(TokenAuthLoginModule.CREDENTIAL_CACHE, ccache.getAbsolutePath());
}
- options.put(TokenAuthLoginModule.SIGN_KEY_FILE, signKeyFile.getAbsolutePath());
+ if (signKeyFile != null) {
+ options.put(TokenAuthLoginModule.SIGN_KEY_FILE, signKeyFile.getAbsolutePath());
+ }
return new AppConfigurationEntry[]{
new AppConfigurationEntry(