You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by pl...@apache.org on 2016/07/07 06:41:48 UTC
[03/27] directory-kerby git commit: Adding Token Auth testcase
Adding Token Auth testcase
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/68933ae0
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/68933ae0
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/68933ae0
Branch: refs/heads/kpasswd
Commit: 68933ae0cf397cf1f0e9af9a1934243de62cb9ab
Parents: b0d7554
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Fri Jul 1 12:07:01 2016 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Fri Jul 1 12:07:01 2016 +0100
----------------------------------------------------------------------
.../integration/test/TokenLoginTestBase.java | 10 ++-
.../TokenLoginWithTokenPreauthEnabledTest.java | 74 ++++++++++++++++++++
2 files changed, 83 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/68933ae0/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginTestBase.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginTestBase.java b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginTestBase.java
index 4741372..7258907 100644
--- a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginTestBase.java
+++ b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginTestBase.java
@@ -141,11 +141,19 @@ public class TokenLoginTestBase extends LoginTestBase {
protected void testLoginWithTokenStr() throws Exception {
String tokenStr = createTokenAndArmorCache();
- checkSubject(loginClientUsingTokenStr(tokenStr, armorCache, tgtCache, signKeyFile));
+ Subject subj = loginClientUsingTokenStr(tokenStr, armorCache, tgtCache, signKeyFile);
+ checkSubject(subj);
}
protected void testLoginWithTokenCache() throws Exception {
createTokenAndArmorCache();
checkSubject(loginClientUsingTokenCache(tokenCache, armorCache, tgtCache, signKeyFile));
}
+
+ protected Subject testLoginWithTokenCacheAndRetSubject() throws Exception {
+ createTokenAndArmorCache();
+ Subject subj = loginClientUsingTokenCache(tokenCache, armorCache, tgtCache, signKeyFile);
+ checkSubject(subj);
+ return subj;
+ }
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/68933ae0/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginWithTokenPreauthEnabledTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginWithTokenPreauthEnabledTest.java b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginWithTokenPreauthEnabledTest.java
index 86faf11..ed4ec8a 100644
--- a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginWithTokenPreauthEnabledTest.java
+++ b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginWithTokenPreauthEnabledTest.java
@@ -19,6 +19,19 @@
*/
package org.apache.kerby.kerberos.kerb.integration.test;
+import java.security.Principal;
+import java.security.PrivilegedExceptionAction;
+import java.util.Set;
+
+import javax.security.auth.Subject;
+
+import org.ietf.jgss.GSSContext;
+import org.ietf.jgss.GSSCredential;
+import org.ietf.jgss.GSSException;
+import org.ietf.jgss.GSSManager;
+import org.ietf.jgss.GSSName;
+import org.ietf.jgss.Oid;
+import org.junit.Assert;
import org.junit.Test;
/**
@@ -40,4 +53,65 @@ public class TokenLoginWithTokenPreauthEnabledTest extends TokenLoginTestBase {
public void testLoginWithTokenCache() throws Exception {
super.testLoginWithTokenCache();
}
+
+ @Test
+ @org.junit.Ignore
+ public void testLoginWithTokenCacheGSS() throws Exception {
+ Subject subject = super.testLoginWithTokenCacheAndRetSubject();
+ Set<Principal> clientPrincipals = subject.getPrincipals();
+
+ // Get the service ticket
+ KerberosClientExceptionAction action =
+ new KerberosClientExceptionAction(clientPrincipals.iterator().next(),
+ getServerPrincipal());
+
+ byte[] kerberosToken = (byte[]) Subject.doAs(subject, action);
+ Assert.assertNotNull(kerberosToken);
+ }
+
+ /**
+ * This class represents a PrivilegedExceptionAction implementation to
+ * a service ticket from a Kerberos Key Distribution Center.
+ */
+ private class KerberosClientExceptionAction implements PrivilegedExceptionAction<byte[]> {
+
+ private static final String JGSS_KERBEROS_TICKET_OID = "1.2.840.113554.1.2.2";
+
+ private Principal clientPrincipal;
+ private String serviceName;
+
+ KerberosClientExceptionAction(Principal clientPrincipal, String serviceName) {
+ this.clientPrincipal = clientPrincipal;
+ this.serviceName = serviceName;
+ }
+
+ public byte[] run() throws GSSException {
+ GSSManager gssManager = GSSManager.getInstance();
+
+ GSSName gssService = gssManager.createName(serviceName,
+ GSSName.NT_USER_NAME);
+ Oid oid = new Oid(JGSS_KERBEROS_TICKET_OID);
+ GSSName gssClient = gssManager.createName(clientPrincipal.getName(),
+ GSSName.NT_USER_NAME);
+ GSSCredential credentials = gssManager.createCredential(
+ gssClient, GSSCredential.DEFAULT_LIFETIME, oid,
+ GSSCredential.INITIATE_ONLY);
+
+ GSSContext secContext = gssManager.createContext(
+ gssService, oid, credentials, GSSContext.DEFAULT_LIFETIME
+ );
+
+ secContext.requestMutualAuth(false);
+ secContext.requestCredDeleg(false);
+
+ try {
+ byte[] token = new byte[0];
+ byte[] returnedToken = secContext.initSecContext(token,
+ 0, token.length);
+ return returnedToken;
+ } finally {
+ secContext.dispose();
+ }
+ }
+ }
}