You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by pl...@apache.org on 2015/11/30 04:09:46 UTC
[05/19] directory-kerby git commit: DIRKRB-480 Separate PKINIT client
out of KrbClient
DIRKRB-480 Separate PKINIT client out of KrbClient
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/d10bf630
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/d10bf630
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/d10bf630
Branch: refs/heads/pkinit-support
Commit: d10bf630b516e597b96c23d70614ea982efaa9c8
Parents: 759f26f
Author: Kai Zheng <ka...@intel.com>
Authored: Sun Nov 29 07:15:10 2015 +0800
Committer: Kai Zheng <ka...@intel.com>
Committed: Sun Nov 29 07:15:10 2015 +0800
----------------------------------------------------------------------
.../kerby/kerberos/kerb/client/KrbClient.java | 26 -------
.../kerberos/kerb/client/KrbPkinitClient.java | 76 ++++++++++++++++++++
2 files changed, 76 insertions(+), 26 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/d10bf630/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbClient.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbClient.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbClient.java
index 80bfa67..7053286 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbClient.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbClient.java
@@ -194,32 +194,6 @@ public class KrbClient {
}
/**
- * Request a TGT with user x509 certificate credential
- * @param certificate The certificate
- * @param privateKey The private key
- * @return TGT
- * @throws KrbException e
- */
- public TgtTicket requestTgtWithCert(Certificate certificate,
- PrivateKey privateKey) throws KrbException {
- KOptions requestOptions = new KOptions();
- requestOptions.add(KrbOption.PKINIT_X509_CERTIFICATE, certificate);
- requestOptions.add(KrbOption.PKINIT_X509_PRIVATE_KEY, privateKey);
- return requestTgtWithOptions(requestOptions);
- }
-
- /**
- * Request a TGT with using Anonymous PKINIT
- * @return TGT
- * @throws KrbException e
- */
- public TgtTicket requestTgtWithPkintAnonymous() throws KrbException {
- KOptions requestOptions = new KOptions();
- requestOptions.add(KrbOption.USE_PKINIT_ANONYMOUS);
- return requestTgtWithOptions(requestOptions);
- }
-
- /**
* Request a TGT with using well prepared requestOptions.
* @param requestOptions The request options
* @return TGT
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/d10bf630/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbPkinitClient.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbPkinitClient.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbPkinitClient.java
new file mode 100644
index 0000000..09ac113
--- /dev/null
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbPkinitClient.java
@@ -0,0 +1,76 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.client;
+
+import org.apache.kerby.KOptions;
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.spec.ticket.TgtTicket;
+
+import java.security.PrivateKey;
+import java.security.cert.Certificate;
+
+/**
+ * A krb PKINIT client API for applications to interact with KDC using PKINIT.
+ */
+public class KrbPkinitClient {
+ private final KrbClient krbClient;
+
+ /**
+ * Constructor with prepared KrbClient.
+ * @param krbClient The krb client
+ */
+ public KrbPkinitClient(KrbClient krbClient) {
+ this.krbClient = krbClient;
+ }
+
+ /**
+ * Get krb client.
+ * @return KrbClient
+ */
+ public KrbClient getKrbClient() {
+ return krbClient;
+ }
+
+ /**
+ * Request a TGT with user x509 certificate credential
+ * @param certificate The certificate
+ * @param privateKey The private key
+ * @return TGT
+ * @throws KrbException e
+ */
+ public TgtTicket requestTgt(Certificate certificate,
+ PrivateKey privateKey) throws KrbException {
+ KOptions requestOptions = new KOptions();
+ requestOptions.add(KrbOption.PKINIT_X509_CERTIFICATE, certificate);
+ requestOptions.add(KrbOption.PKINIT_X509_PRIVATE_KEY, privateKey);
+ return krbClient.requestTgtWithOptions(requestOptions);
+ }
+
+ /**
+ * Request a TGT with using Anonymous PKINIT
+ * @return TGT
+ * @throws KrbException e
+ */
+ public TgtTicket requestTgt() throws KrbException {
+ KOptions requestOptions = new KOptions();
+ requestOptions.add(KrbOption.USE_PKINIT_ANONYMOUS);
+ return krbClient.requestTgtWithOptions(requestOptions);
+ }
+}