You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by co...@apache.org on 2017/07/05 15:27:48 UTC
[3/3] directory-kerby git commit: Adding signature tests
Adding signature tests
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/0e3234bc
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/0e3234bc
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/0e3234bc
Branch: refs/heads/trunk
Commit: 0e3234bca25e4a607dca507b9d9e0387e475794d
Parents: 7c89f0a
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Jul 5 16:27:38 2017 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Jul 5 16:27:38 2017 +0100
----------------------------------------------------------------------
.../kerb/integration/test/JWTTokenTest.java | 88 +++++++++++++++++---
1 file changed, 75 insertions(+), 13 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0e3234bc/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/JWTTokenTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/JWTTokenTest.java b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/JWTTokenTest.java
index 04ba1d0..aeb0ced 100644
--- a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/JWTTokenTest.java
+++ b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/JWTTokenTest.java
@@ -24,6 +24,8 @@ import static org.junit.Assert.*;
import java.io.File;
import java.io.InputStream;
import java.nio.file.Files;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.interfaces.RSAPrivateKey;
import java.util.Collections;
@@ -89,7 +91,10 @@ public class JWTTokenTest extends TokenLoginTestBase {
authToken.isIdToken(false);
authToken.setAudiences(Collections.singletonList(getServerPrincipal()));
KrbToken krbToken = new KrbToken(authToken, TokenFormat.JWT);
- krbToken.setTokenValue(signToken(authToken, getSignKeyFile()));
+
+ InputStream is = Files.newInputStream(getSignKeyFile().toPath());
+ PrivateKey signKey = PrivateKeyReader.loadPrivateKey(is);
+ krbToken.setTokenValue(signToken(authToken, signKey));
// Now get a SGT using the JWT
SgtTicket tkt = tokenClient.requestSgt(krbToken, getServerPrincipal(), cCacheFile.getPath());
@@ -148,7 +153,10 @@ public class JWTTokenTest extends TokenLoginTestBase {
authToken.isIdToken(false);
authToken.setAudiences(Collections.singletonList(getServerPrincipal() + "_"));
KrbToken krbToken = new KrbToken(authToken, TokenFormat.JWT);
- krbToken.setTokenValue(signToken(authToken, getSignKeyFile()));
+
+ InputStream is = Files.newInputStream(getSignKeyFile().toPath());
+ PrivateKey signKey = PrivateKeyReader.loadPrivateKey(is);
+ krbToken.setTokenValue(signToken(authToken, signKey));
// Now get a SGT using the JWT
try {
@@ -162,7 +170,6 @@ public class JWTTokenTest extends TokenLoginTestBase {
}
@org.junit.Test
- @org.junit.Ignore
public void accessTokenInvalidSignature() throws Exception {
KrbClient client = getKrbClient();
@@ -194,8 +201,9 @@ public class JWTTokenTest extends TokenLoginTestBase {
authToken.isIdToken(false);
authToken.setAudiences(Collections.singletonList(getServerPrincipal()));
KrbToken krbToken = new KrbToken(authToken, TokenFormat.JWT);
- File signKeyFile = new File(this.getClass().getResource("/kdckeytest.pem").getPath());
- krbToken.setTokenValue(signToken(authToken, signKeyFile));
+
+ KeyPair keyPair = KeyPairGenerator.getInstance("RSA").generateKeyPair();
+ krbToken.setTokenValue(signToken(authToken, keyPair.getPrivate()));
// Now get a SGT using the JWT
try {
@@ -241,7 +249,10 @@ public class JWTTokenTest extends TokenLoginTestBase {
authToken.setAudiences(Collections.singletonList(getServerPrincipal()));
authToken.setIssuer("unknown-issuer");
KrbToken krbToken = new KrbToken(authToken, TokenFormat.JWT);
- krbToken.setTokenValue(signToken(authToken, getSignKeyFile()));
+
+ InputStream is = Files.newInputStream(getSignKeyFile().toPath());
+ PrivateKey signKey = PrivateKeyReader.loadPrivateKey(is);
+ krbToken.setTokenValue(signToken(authToken, signKey));
// Now get a SGT using the JWT
try {
@@ -283,7 +294,10 @@ public class JWTTokenTest extends TokenLoginTestBase {
// Create a JWT token
AuthToken authToken = issueToken(getClientPrincipal());
KrbToken krbToken = new KrbToken(authToken, TokenFormat.JWT);
- krbToken.setTokenValue(signToken(authToken, getSignKeyFile()));
+
+ InputStream is = Files.newInputStream(getSignKeyFile().toPath());
+ PrivateKey signKey = PrivateKeyReader.loadPrivateKey(is);
+ krbToken.setTokenValue(signToken(authToken, signKey));
// Now get a TGT using the JWT token
tgt = tokenClient.requestTgt(krbToken, cCacheFile.getPath());
@@ -338,7 +352,10 @@ public class JWTTokenTest extends TokenLoginTestBase {
AuthToken authToken = issueToken(getClientPrincipal());
authToken.setAudiences(Collections.singletonList(authToken.getAudiences().get(0) + "_"));
KrbToken krbToken = new KrbToken(authToken, TokenFormat.JWT);
- krbToken.setTokenValue(signToken(authToken, getSignKeyFile()));
+
+ InputStream is = Files.newInputStream(getSignKeyFile().toPath());
+ PrivateKey signKey = PrivateKeyReader.loadPrivateKey(is);
+ krbToken.setTokenValue(signToken(authToken, signKey));
// Now get a TGT using the JWT token
try {
@@ -352,6 +369,51 @@ public class JWTTokenTest extends TokenLoginTestBase {
}
@org.junit.Test
+ public void identityTokenInvalidSignature() throws Exception {
+
+ KrbClient client = getKrbClient();
+
+ // Get a TGT
+ TgtTicket tgt = client.requestTgt(getClientPrincipal(), getClientPassword());
+ assertNotNull(tgt);
+
+ // Write to cache
+ Credential credential = new Credential(tgt);
+ CredentialCache cCache = new CredentialCache();
+ cCache.addCredential(credential);
+ cCache.setPrimaryPrincipal(tgt.getClientPrincipal());
+
+ File cCacheFile = File.createTempFile("krb5_" + getClientPrincipal(), "cc");
+ cCache.store(cCacheFile);
+
+ KrbTokenClient tokenClient = new KrbTokenClient(client);
+
+ tokenClient.setKdcHost(client.getSetting().getKdcHost());
+ tokenClient.setKdcTcpPort(client.getSetting().getKdcTcpPort());
+
+ tokenClient.setKdcRealm(client.getSetting().getKdcRealm());
+ tokenClient.init();
+
+ // Create a JWT token
+ AuthToken authToken = issueToken(getClientPrincipal());
+ authToken.setAudiences(Collections.singletonList(authToken.getAudiences().get(0) + "_"));
+ KrbToken krbToken = new KrbToken(authToken, TokenFormat.JWT);
+
+ KeyPair keyPair = KeyPairGenerator.getInstance("RSA").generateKeyPair();
+ krbToken.setTokenValue(signToken(authToken, keyPair.getPrivate()));
+
+ // Now get a TGT using the JWT token
+ try {
+ tokenClient.requestTgt(krbToken, cCacheFile.getPath());
+ fail("Failure expected on an invalid signature");
+ } catch (KrbException ex) { //NOPMD
+ // expected
+ }
+
+ cCacheFile.delete();
+ }
+
+ @org.junit.Test
public void identityTokenUnknownIssuer() throws Exception {
KrbClient client = getKrbClient();
@@ -381,7 +443,10 @@ public class JWTTokenTest extends TokenLoginTestBase {
AuthToken authToken = issueToken(getClientPrincipal());
authToken.setIssuer("unknown-issuer");
KrbToken krbToken = new KrbToken(authToken, TokenFormat.JWT);
- krbToken.setTokenValue(signToken(authToken, getSignKeyFile()));
+
+ InputStream is = Files.newInputStream(getSignKeyFile().toPath());
+ PrivateKey signKey = PrivateKeyReader.loadPrivateKey(is);
+ krbToken.setTokenValue(signToken(authToken, signKey));
// Now get a TGT using the JWT token
try {
@@ -394,13 +459,10 @@ public class JWTTokenTest extends TokenLoginTestBase {
cCacheFile.delete();
}
- private byte[] signToken(AuthToken authToken, File signKeyFile) throws Exception {
+ private byte[] signToken(AuthToken authToken, PrivateKey signKey) throws Exception {
TokenEncoder tokenEncoder = KrbRuntime.getTokenProvider().createTokenEncoder();
assertTrue(tokenEncoder instanceof JwtTokenEncoder);
- InputStream is = Files.newInputStream(signKeyFile.toPath());
- PrivateKey signKey = PrivateKeyReader.loadPrivateKey(is);
-
((JwtTokenEncoder) tokenEncoder).setSignKey((RSAPrivateKey) signKey);
return tokenEncoder.encodeAsBytes(authToken);
}