You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by pl...@apache.org on 2015/11/04 09:25:27 UTC
[01/48] directory-kerby git commit: disable benchmark profile by
default
Repository: directory-kerby
Updated Branches:
refs/heads/pkinit-support 432729880 -> 7500d4d6f
disable benchmark profile by default
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/81e8c0ab
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/81e8c0ab
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/81e8c0ab
Branch: refs/heads/pkinit-support
Commit: 81e8c0ab1315f992258fc1335b2f4a93cef1c5e7
Parents: 735fdf7
Author: Kiran Ayyagari <ka...@apache.org>
Authored: Wed Sep 9 22:15:36 2015 +0800
Committer: Kiran Ayyagari <ka...@apache.org>
Committed: Wed Sep 9 22:15:36 2015 +0800
----------------------------------------------------------------------
benchmark/pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/81e8c0ab/benchmark/pom.xml
----------------------------------------------------------------------
diff --git a/benchmark/pom.xml b/benchmark/pom.xml
index 1c43ba4..ec7561a 100644
--- a/benchmark/pom.xml
+++ b/benchmark/pom.xml
@@ -168,7 +168,7 @@
<profile>
<id>benchmark</id>
<activation>
- <activeByDefault>true</activeByDefault>
+ <activeByDefault>false</activeByDefault>
</activation>
<build>
<plugins>
[19/48] directory-kerby git commit: Merge branch 'master' of
https://git-wip-us.apache.org/repos/asf/directory-kerby
Posted by pl...@apache.org.
Merge branch 'master' of https://git-wip-us.apache.org/repos/asf/directory-kerby
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/59a6b65b
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/59a6b65b
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/59a6b65b
Branch: refs/heads/pkinit-support
Commit: 59a6b65bb753851ebd92f0e62967825972c6bd49
Parents: 3b5a446 f9d9974
Author: Kai Zheng <ka...@intel.com>
Authored: Wed Sep 30 06:59:21 2015 +0800
Committer: Kai Zheng <ka...@intel.com>
Committed: Wed Sep 30 06:59:21 2015 +0800
----------------------------------------------------------------------
----------------------------------------------------------------------
[22/48] directory-kerby git commit: DIRKRB-424 Need to initialize the
log4j system properly.
Posted by pl...@apache.org.
DIRKRB-424 Need to initialize the log4j system properly.
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/eff5d0ca
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/eff5d0ca
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/eff5d0ca
Branch: refs/heads/pkinit-support
Commit: eff5d0ca70f6c1d21b68409615dab12ceec4cf1b
Parents: bbed4ef
Author: plusplusjiajia <ji...@intel.com>
Authored: Wed Sep 30 14:48:32 2015 +0800
Committer: plusplusjiajia <ji...@intel.com>
Committed: Wed Sep 30 14:48:32 2015 +0800
----------------------------------------------------------------------
.../src/main/resources/log4j.properties | 23 ++++++++++++++++++++
1 file changed, 23 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/eff5d0ca/kerby-kerb/kerb-identity/src/main/resources/log4j.properties
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-identity/src/main/resources/log4j.properties b/kerby-kerb/kerb-identity/src/main/resources/log4j.properties
new file mode 100644
index 0000000..3c91c57
--- /dev/null
+++ b/kerby-kerb/kerb-identity/src/main/resources/log4j.properties
@@ -0,0 +1,23 @@
+#############################################################################
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#############################################################################
+log4j.rootLogger=ERROR, console
+
+
+log4j.appender.console=org.apache.log4j.ConsoleAppender
+log4j.appender.console.layout=org.apache.log4j.PatternLayout
+log4j.appender.console.layout.ConversionPattern=%d{ISO8601} %-5p [%t] %c{2}: %m%n
+
[13/48] directory-kerby git commit: Merge branch 'master' of
https://git-wip-us.apache.org/repos/asf/directory-kerby
Posted by pl...@apache.org.
Merge branch 'master' of https://git-wip-us.apache.org/repos/asf/directory-kerby
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/705775a1
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/705775a1
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/705775a1
Branch: refs/heads/pkinit-support
Commit: 705775a1583457fe17e405fa0730bfb419d0ac2c
Parents: 217ac5e 675e792
Author: Kai Zheng <ka...@intel.com>
Authored: Fri Sep 25 10:39:09 2015 +0800
Committer: Kai Zheng <ka...@intel.com>
Committed: Fri Sep 25 10:39:09 2015 +0800
----------------------------------------------------------------------
.../org/apache/kerby/kerberos/kdc/KerbyKdcServer.java | 9 ++++++---
.../kerb/identity/backend/MemoryIdentityBackend.java | 5 ++++-
.../kerby/kerberos/kerb/server/request/KdcRequest.java | 5 -----
.../org/apache/kerby/kerberos/tool/kinit/KinitTool.java | 4 ++--
.../org/apache/kerby/kerberos/tool/klist/KlistTool.java | 4 ++--
.../apache/kerby/kerberos/tool/kadmin/KadminTool.java | 9 ++++++---
.../apache/kerby/kerberos/tool/kdcinit/KdcInitTool.java | 12 ++++++++----
7 files changed, 28 insertions(+), 20 deletions(-)
----------------------------------------------------------------------
[32/48] directory-kerby git commit: DIRKRB-431 Check NotBeforeTime
when processing JWT.
Posted by pl...@apache.org.
DIRKRB-431 Check NotBeforeTime when processing JWT.
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/49482c42
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/49482c42
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/49482c42
Branch: refs/heads/pkinit-support
Commit: 49482c42e2b8585778ca6bc212f422c65c67fe87
Parents: d61b6ee
Author: plusplus_jiajia <ji...@intel.com>
Authored: Tue Oct 20 10:58:31 2015 +0800
Committer: plusplus_jiajia <ji...@intel.com>
Committed: Tue Oct 20 10:58:31 2015 +0800
----------------------------------------------------------------------
.../kerberos/provider/token/JwtTokenDecoder.java | 3 ++-
.../kerby/kerberos/provider/token/TokenTest.java | 18 ++++++++++++++++++
2 files changed, 20 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/49482c42/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtTokenDecoder.java
----------------------------------------------------------------------
diff --git a/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtTokenDecoder.java b/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtTokenDecoder.java
index 4da2b93..50a2ece 100644
--- a/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtTokenDecoder.java
+++ b/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtTokenDecoder.java
@@ -265,7 +265,8 @@ public class JwtTokenDecoder implements TokenDecoder {
boolean valid = false;
try {
Date expire = jwtToken.getJWTClaimsSet().getExpirationTime();
- if (expire != null && new Date().before(expire)) {
+ Date notBefore = jwtToken.getJWTClaimsSet().getNotBeforeTime();
+ if (expire != null && new Date().before(expire) && new Date().after(notBefore)) {
valid = true;
}
} catch (ParseException e) {
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/49482c42/kerby-provider/token-provider/src/test/java/org/apache/kerby/kerberos/provider/token/TokenTest.java
----------------------------------------------------------------------
diff --git a/kerby-provider/token-provider/src/test/java/org/apache/kerby/kerberos/provider/token/TokenTest.java b/kerby-provider/token-provider/src/test/java/org/apache/kerby/kerberos/provider/token/TokenTest.java
index 0f15a50..6ca118e 100644
--- a/kerby-provider/token-provider/src/test/java/org/apache/kerby/kerberos/provider/token/TokenTest.java
+++ b/kerby-provider/token-provider/src/test/java/org/apache/kerby/kerberos/provider/token/TokenTest.java
@@ -283,6 +283,24 @@ public class TokenTest {
Assertions.assertThat(token2).isNull();
}
+ @Test
+ public void testNotBeforeTime() throws Exception {
+ authToken.setNotBeforeTime(new Date(new Date().getTime() + 1000 * 60));
+
+ TokenEncoder tokenEncoder = KrbRuntime.getTokenProvider().createTokenEncoder();
+ TokenDecoder tokenDecoder = KrbRuntime.getTokenProvider().createTokenDecoder();
+
+ setSignKey((JwtTokenEncoder) tokenEncoder, (JwtTokenDecoder) tokenDecoder);
+ setEncryptKey((JwtTokenEncoder) tokenEncoder, (JwtTokenDecoder) tokenDecoder);
+ setAudience((JwtTokenDecoder) tokenDecoder, auds);
+
+ String tokenStr = tokenEncoder.encodeAsString(authToken);
+ Assertions.assertThat(tokenStr).isNotNull();
+
+ AuthToken token2 = tokenDecoder.decodeFromString(tokenStr);
+ Assertions.assertThat(token2).isNull();
+ }
+
private void setEncryptKey(JwtTokenEncoder encoder, JwtTokenDecoder decoder) {
KeyPair encryptionKeyPair = getKeyPair();
encoder.setEncryptionKey((RSAPublicKey) encryptionKeyPair.getPublic());
[30/48] directory-kerby git commit: DIRKRB-428 Signed token in
TokenLoginTestBase and WithTokenKdcTestBase.
Posted by pl...@apache.org.
DIRKRB-428 Signed token in TokenLoginTestBase and WithTokenKdcTestBase.
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/0500943b
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/0500943b
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/0500943b
Branch: refs/heads/pkinit-support
Commit: 0500943bf7656cedd9e94a5658760669a4afc4a0
Parents: 0df9588
Author: plusplusjiajia <ji...@intel.com>
Authored: Wed Oct 14 13:46:50 2015 +0800
Committer: plusplusjiajia <ji...@intel.com>
Committed: Wed Oct 14 13:46:50 2015 +0800
----------------------------------------------------------------------
.../kerberos/kdc/WithTokenKdcTestBase.java | 44 +++++++++++++++++++-
.../test/resources/oauth2.com_public_key.pem | 6 +++
.../src/test/resources/private_key.pem | 16 +++++++
.../test/jaas/TokenAuthLoginModule.java | 36 ++++++++++++++++
.../integration/test/jaas/TokenJaasKrbUtil.java | 26 +++++++-----
.../integration/test/TokenLoginTestBase.java | 22 ++++++----
.../src/test/resources/private_key.pem | 16 +++++++
.../test/resources/token-service-public_key.pem | 6 +++
.../kerby/kerberos/kerb/spec/base/KrbToken.java | 6 ++-
9 files changed, 158 insertions(+), 20 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0500943b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithTokenKdcTestBase.java
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithTokenKdcTestBase.java b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithTokenKdcTestBase.java
index ac20938..7dc24d3 100644
--- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithTokenKdcTestBase.java
+++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithTokenKdcTestBase.java
@@ -19,20 +19,28 @@
*/
package org.apache.kerby.kerberos.kdc;
+import org.apache.kerby.kerberos.kerb.KrbException;
import org.apache.kerby.kerberos.kerb.KrbRuntime;
import org.apache.kerby.kerberos.kerb.ccache.Credential;
import org.apache.kerby.kerberos.kerb.ccache.CredentialCache;
+import org.apache.kerby.kerberos.kerb.common.PrivateKeyReader;
+import org.apache.kerby.kerberos.kerb.provider.TokenEncoder;
+import org.apache.kerby.kerberos.kerb.server.KdcConfigKey;
import org.apache.kerby.kerberos.kerb.server.KdcTestBase;
import org.apache.kerby.kerberos.kerb.spec.base.AuthToken;
import org.apache.kerby.kerberos.kerb.spec.base.KrbToken;
import org.apache.kerby.kerberos.kerb.spec.base.TokenFormat;
import org.apache.kerby.kerberos.kerb.spec.ticket.KrbTicket;
import org.apache.kerby.kerberos.kerb.spec.ticket.TgtTicket;
+import org.apache.kerby.kerberos.provider.token.JwtTokenEncoder;
import org.apache.kerby.kerberos.provider.token.JwtTokenProvider;
import org.junit.Before;
import java.io.File;
import java.io.IOException;
+import java.io.InputStream;
+import java.security.PrivateKey;
+import java.security.interfaces.RSAPrivateKey;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
@@ -46,7 +54,7 @@ public class WithTokenKdcTestBase extends KdcTestBase {
static final String GROUP = "sales-group";
static final String ROLE = "ADMIN";
private File cCacheFile;
- private AuthToken krbToken;
+ private KrbToken krbToken;
@Before
public void setUp() throws Exception {
@@ -54,6 +62,13 @@ public class WithTokenKdcTestBase extends KdcTestBase {
super.setUp();
}
+ @Override
+ protected void configKdcSeverAndClient() {
+ super.configKdcSeverAndClient();
+ String verifyKeyPath = this.getClass().getResource("/").getPath();
+ getKdcServer().getKdcConfig().setString(KdcConfigKey.VERIFY_KEY, verifyKeyPath);
+ }
+
protected AuthToken getKrbToken() {
return krbToken;
}
@@ -87,10 +102,35 @@ public class WithTokenKdcTestBase extends KdcTestBase {
Date iat = now;
authToken.setIssueTime(iat);
- krbToken = new KrbToken(authToken, TokenFormat.JWT);
+
+ TokenEncoder tokenEncoder = KrbRuntime.getTokenProvider().createTokenEncoder();
+
+ if (tokenEncoder instanceof JwtTokenEncoder) {
+ InputStream is = WithTokenKdcTestBase.class.getResourceAsStream("/private_key.pem");
+ PrivateKey privateKey = null;
+ try {
+ privateKey = PrivateKeyReader.loadPrivateKey(is);
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+
+ ((JwtTokenEncoder) tokenEncoder).setSignKey((RSAPrivateKey) privateKey);
+ }
+
+ krbToken = new KrbToken();
+ krbToken.setInnerToken(authToken);
+ krbToken.setTokenType();
+ krbToken.setTokenFormat(TokenFormat.JWT);
+ try {
+ krbToken.setTokenValue(tokenEncoder.encodeAsBytes(authToken));
+ } catch (KrbException e) {
+ throw new RuntimeException("Failed to encode AuthToken", e);
+ }
+
return krbToken;
}
+
protected File createCredentialCache(String principal,
String password) throws Exception {
TgtTicket tgt = getKrbClient().requestTgtWithPassword(principal, password);
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0500943b/kerby-kdc-test/src/test/resources/oauth2.com_public_key.pem
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/resources/oauth2.com_public_key.pem b/kerby-kdc-test/src/test/resources/oauth2.com_public_key.pem
new file mode 100644
index 0000000..471a517
--- /dev/null
+++ b/kerby-kdc-test/src/test/resources/oauth2.com_public_key.pem
@@ -0,0 +1,6 @@
+-----BEGIN PUBLIC KEY-----
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4BaCukPmveaHtV7OxXP8/mCCV
+Y2oHXqd+6iIliPRVCxirgp2XHg2nrAkBJTt/y13IHCeVl6Avm7UMzXxxv60NND1H
+e6+zDMgh3IVZM/Xe8uNHNF2C6jR6Z4KQ/GfccTvLuEQwWOt47CjZNDMFFzr2niOZ
+Us6V/0QzqDbHdDc3bQIDAQAB
+-----END PUBLIC KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0500943b/kerby-kdc-test/src/test/resources/private_key.pem
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/resources/private_key.pem b/kerby-kdc-test/src/test/resources/private_key.pem
new file mode 100644
index 0000000..1c2ee59
--- /dev/null
+++ b/kerby-kdc-test/src/test/resources/private_key.pem
@@ -0,0 +1,16 @@
+-----BEGIN PRIVATE KEY-----
+MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBALgFoK6Q+a95oe1X
+s7Fc/z+YIJVjagdep37qIiWI9FULGKuCnZceDaesCQElO3/LXcgcJ5WXoC+btQzN
+fHG/rQ00PUd7r7MMyCHchVkz9d7y40c0XYLqNHpngpD8Z9xxO8u4RDBY63jsKNk0
+MwUXOvaeI5lSzpX/RDOoNsd0NzdtAgMBAAECgYBkEutnA4BFZSgiImeeNKy6sMhH
+dWDb0SXVZw5ayzfUZ8xquQVqgPV8EZpz/QN2Y+oEQQtl1qdOPKcg5z6dvVclwm8d
+aWeflrGcH45QI5mjxsuN/1D/xY5A7adO+/KWBwoUElmJ/OAIPXeaPyQh+FL2Y6Kd
+snrq+6LXYWZzZn+vIQJBAOkWN3SWEimgW5hLPZRtVw5Y+tXfDp6q8YRXK8RREtmi
+HKJySYjyMz01kda3IVVq4siFvTQt0mP9St8RjNrERSsCQQDKHKmudIdUAU+nRs89
+i5S0N9x3jiX7j+yO+9b5Nm+JAPsimA/pA2gQhkXD5UURerIoEc/JLODdqbmT5G7b
+DNnHAkEA3uL0wpKi6ZVDIT2JtD5eSgUCT7ON2mIis2dcHc1dFimz8g8RjFf2cWih
+fc3+nRypohBpXdUXY7AZgXfZ1nRqowJBAMh1f1JZn3ORTViC4b+QNnA8y30EzuVg
+TWdPn1tUQ3GmOG+KVJVu3IMvOfje6A87G4Kkj+tfiLQxx69IrS6z4zcCQCkeIynb
+RSoEti3Dxtstxn8HMWGpz1SyAtI9/lmmxec+HNOIvgwX8z28VtAbRMo+lt/Fp0rn
+bfFmyZ0PPmTHrLE=
+-----END PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0500943b/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java b/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java
index 65ad133..a8888a8 100644
--- a/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java
+++ b/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java
@@ -24,11 +24,14 @@ import org.apache.kerby.kerberos.kerb.KrbRuntime;
import org.apache.kerby.kerberos.kerb.client.Krb5Conf;
import org.apache.kerby.kerberos.kerb.client.KrbClient;
import org.apache.kerby.kerberos.kerb.client.KrbConfig;
+import org.apache.kerby.kerberos.kerb.common.PrivateKeyReader;
import org.apache.kerby.kerberos.kerb.provider.TokenDecoder;
+import org.apache.kerby.kerberos.kerb.provider.TokenEncoder;
import org.apache.kerby.kerberos.kerb.spec.base.AuthToken;
import org.apache.kerby.kerberos.kerb.spec.base.KrbToken;
import org.apache.kerby.kerberos.kerb.spec.base.TokenFormat;
import org.apache.kerby.kerberos.kerb.spec.ticket.TgtTicket;
+import org.apache.kerby.kerberos.provider.token.JwtTokenEncoder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -37,7 +40,11 @@ import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
import java.io.IOException;
+import java.security.PrivateKey;
+import java.security.interfaces.RSAPrivateKey;
import java.util.Iterator;
import java.util.Map;
@@ -66,11 +73,13 @@ public class TokenAuthLoginModule implements LoginModule {
KrbToken krbToken = null;
private File armorCache;
private File cCache;
+ private File signKeyFile;
public static final String PRINCIPAL = "principal";
public static final String TOKEN = "token";
public static final String TOKEN_CACHE = "tokenCache";
public static final String ARMOR_CACHE = "armorCache";
public static final String CREDENTIAL_CACHE = "credentialCache";
+ public static final String SIGN_KEY_FILE = "signKeyFile";
/**
* {@inheritDoc}
@@ -86,6 +95,7 @@ public class TokenAuthLoginModule implements LoginModule {
tokenCacheName = (String) options.get(TOKEN_CACHE);
armorCache = new File((String) options.get(ARMOR_CACHE));
cCache = new File((String) options.get(CREDENTIAL_CACHE));
+ signKeyFile = new File((String) options.get(SIGN_KEY_FILE));
}
/**
@@ -191,6 +201,32 @@ public class TokenAuthLoginModule implements LoginModule {
e.printStackTrace();
}
krbToken = new KrbToken(authToken, TokenFormat.JWT);
+ TokenEncoder tokenEncoder = KrbRuntime.getTokenProvider().createTokenEncoder();
+
+ if (tokenEncoder instanceof JwtTokenEncoder) {
+ PrivateKey signKey = null;
+ try {
+ FileInputStream fis = new FileInputStream(signKeyFile);
+ signKey = PrivateKeyReader.loadPrivateKey(fis);
+ } catch (FileNotFoundException e) {
+ e.printStackTrace();
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+
+ ((JwtTokenEncoder) tokenEncoder).setSignKey((RSAPrivateKey) signKey);
+ }
+
+ krbToken = new KrbToken();
+ krbToken.setInnerToken(authToken);
+ krbToken.setTokenType();
+ krbToken.setTokenFormat(TokenFormat.JWT);
+ try {
+ krbToken.setTokenValue(tokenEncoder.encodeAsBytes(authToken));
+ } catch (KrbException e) {
+ throw new RuntimeException("Failed to encode AuthToken", e);
+ }
+
KrbClient krbClient = null;
try {
File confFile = new File(System.getProperty(Krb5Conf.KRB5_CONF));
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0500943b/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenJaasKrbUtil.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenJaasKrbUtil.java b/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenJaasKrbUtil.java
index d7a91ab..46b1fa0 100644
--- a/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenJaasKrbUtil.java
+++ b/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenJaasKrbUtil.java
@@ -48,14 +48,14 @@ public class TokenJaasKrbUtil {
* @throws LoginException e
*/
public static Subject loginUsingToken(
- String principal, File tokenCache, File armorCache, File ccache)
+ String principal, File tokenCache, File armorCache, File ccache, File signKeyFile)
throws LoginException {
Set<Principal> principals = new HashSet<Principal>();
principals.add(new KerberosPrincipal(principal));
Subject subject = new Subject(false, principals,
new HashSet<Object>(), new HashSet<Object>());
- Configuration conf = useTokenCache(principal, tokenCache, armorCache, ccache);
+ Configuration conf = useTokenCache(principal, tokenCache, armorCache, ccache, signKeyFile);
String confName = "TokenCacheConf";
LoginContext loginContext = new LoginContext(confName, subject, null, conf);
loginContext.login();
@@ -73,14 +73,14 @@ public class TokenJaasKrbUtil {
* @throws LoginException e
*/
public static Subject loginUsingToken(
- String principal, String tokenStr, File armorCache, File ccache)
+ String principal, String tokenStr, File armorCache, File ccache, File signKeyFile)
throws LoginException {
Set<Principal> principals = new HashSet<Principal>();
principals.add(new KerberosPrincipal(principal));
Subject subject = new Subject(false, principals,
new HashSet<Object>(), new HashSet<Object>());
- Configuration conf = useTokenStr(principal, tokenStr, armorCache, ccache);
+ Configuration conf = useTokenStr(principal, tokenStr, armorCache, ccache, signKeyFile);
String confName = "TokenStrConf";
LoginContext loginContext = new LoginContext(confName, subject, null, conf);
loginContext.login();
@@ -88,13 +88,13 @@ public class TokenJaasKrbUtil {
}
private static Configuration useTokenCache(String principal, File tokenCache,
- File armorCache, File tgtCache) {
- return new TokenJaasConf(principal, tokenCache, armorCache, tgtCache);
+ File armorCache, File tgtCache, File signKeyFile) {
+ return new TokenJaasConf(principal, tokenCache, armorCache, tgtCache, signKeyFile);
}
private static Configuration useTokenStr(String principal, String tokenStr,
- File armorCache, File tgtCache) {
- return new TokenJaasConf(principal, tokenStr, armorCache, tgtCache);
+ File armorCache, File tgtCache, File signKeyFile) {
+ return new TokenJaasConf(principal, tokenStr, armorCache, tgtCache, signKeyFile);
}
/**
@@ -106,19 +106,24 @@ public class TokenJaasKrbUtil {
private String tokenStr;
private File armorCache;
private File ccache;
+ private File signKeyFile;
- public TokenJaasConf(String principal, File tokenCache, File armorCache, File ccache) {
+ public TokenJaasConf(String principal, File tokenCache, File armorCache, File ccache,
+ File signKeyFile) {
this.principal = principal;
this.tokenCache = tokenCache;
this.armorCache = armorCache;
this.ccache = ccache;
+ this.signKeyFile = signKeyFile;
}
- public TokenJaasConf(String principal, String tokenStr, File armorCache, File ccache) {
+ public TokenJaasConf(String principal, String tokenStr, File armorCache, File ccache,
+ File signKeyFile) {
this.principal = principal;
this.tokenStr = tokenStr;
this.armorCache = armorCache;
this.ccache = ccache;
+ this.signKeyFile = signKeyFile;
}
@Override
@@ -132,6 +137,7 @@ public class TokenJaasKrbUtil {
}
options.put(TokenAuthLoginModule.ARMOR_CACHE, armorCache.getAbsolutePath());
options.put(TokenAuthLoginModule.CREDENTIAL_CACHE, ccache.getAbsolutePath());
+ options.put(TokenAuthLoginModule.SIGN_KEY_FILE, signKeyFile.getAbsolutePath());
return new AppConfigurationEntry[]{
new AppConfigurationEntry(
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0500943b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginTestBase.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginTestBase.java b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginTestBase.java
index c6f6f89..3943ffe 100644
--- a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginTestBase.java
+++ b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginTestBase.java
@@ -41,6 +41,7 @@ public class TokenLoginTestBase extends LoginTestBase {
private File tokenCache;
private File armorCache;
private File tgtCache;
+ private File signKeyFile;
static final String GROUP = "sales-group";
static final String ROLE = "ADMIN";
@@ -55,13 +56,16 @@ public class TokenLoginTestBase extends LoginTestBase {
super.setUp();
armorCache = new File(getTestDir(), "armorcache.cc");
tgtCache = new File(getTestDir(), "tgtcache.cc");
+ signKeyFile = new File(this.getClass().getResource("/private_key.pem").getPath());
}
@Override
protected void configKdcSeverAndClient() {
super.configKdcSeverAndClient();
getKdcServer().getKdcConfig().setBoolean(KdcConfigKey.ALLOW_TOKEN_PREAUTH,
- isTokenPreauthAllowed());
+ isTokenPreauthAllowed());
+ String verifyKeyFile = this.getClass().getResource("/").getPath();
+ getKdcServer().getKdcConfig().setString(KdcConfigKey.VERIFY_KEY, verifyKeyFile);
}
protected Boolean isTokenPreauthAllowed() {
@@ -120,21 +124,25 @@ public class TokenLoginTestBase extends LoginTestBase {
return authToken;
}
- private Subject loginClientUsingTokenStr(String tokenStr, File armorCache, File tgtCache) throws Exception {
- return TokenJaasKrbUtil.loginUsingToken(getClientPrincipal(), tokenStr, armorCache, tgtCache);
+ private Subject loginClientUsingTokenStr(String tokenStr, File armorCache, File tgtCache,
+ File signKeyFile) throws Exception {
+ return TokenJaasKrbUtil.loginUsingToken(getClientPrincipal(), tokenStr, armorCache,
+ tgtCache, signKeyFile);
}
- private Subject loginClientUsingTokenCache(File tokenCache, File armorCache, File tgtCache) throws Exception {
- return TokenJaasKrbUtil.loginUsingToken(getClientPrincipal(), tokenCache, armorCache, tgtCache);
+ private Subject loginClientUsingTokenCache(File tokenCache, File armorCache, File tgtCache,
+ File signKeyFile) throws Exception {
+ return TokenJaasKrbUtil.loginUsingToken(getClientPrincipal(), tokenCache, armorCache,
+ tgtCache, signKeyFile);
}
protected void testLoginWithTokenStr() throws Exception {
String tokenStr = createTokenAndArmorCache();
- checkSubject(loginClientUsingTokenStr(tokenStr, armorCache, tgtCache));
+ checkSubject(loginClientUsingTokenStr(tokenStr, armorCache, tgtCache, signKeyFile));
}
protected void testLoginWithTokenCache() throws Exception {
createTokenAndArmorCache();
- checkSubject(loginClientUsingTokenCache(tokenCache, armorCache, tgtCache));
+ checkSubject(loginClientUsingTokenCache(tokenCache, armorCache, tgtCache, signKeyFile));
}
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0500943b/kerby-kerb/integration-test/src/test/resources/private_key.pem
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/test/resources/private_key.pem b/kerby-kerb/integration-test/src/test/resources/private_key.pem
new file mode 100644
index 0000000..1c2ee59
--- /dev/null
+++ b/kerby-kerb/integration-test/src/test/resources/private_key.pem
@@ -0,0 +1,16 @@
+-----BEGIN PRIVATE KEY-----
+MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBALgFoK6Q+a95oe1X
+s7Fc/z+YIJVjagdep37qIiWI9FULGKuCnZceDaesCQElO3/LXcgcJ5WXoC+btQzN
+fHG/rQ00PUd7r7MMyCHchVkz9d7y40c0XYLqNHpngpD8Z9xxO8u4RDBY63jsKNk0
+MwUXOvaeI5lSzpX/RDOoNsd0NzdtAgMBAAECgYBkEutnA4BFZSgiImeeNKy6sMhH
+dWDb0SXVZw5ayzfUZ8xquQVqgPV8EZpz/QN2Y+oEQQtl1qdOPKcg5z6dvVclwm8d
+aWeflrGcH45QI5mjxsuN/1D/xY5A7adO+/KWBwoUElmJ/OAIPXeaPyQh+FL2Y6Kd
+snrq+6LXYWZzZn+vIQJBAOkWN3SWEimgW5hLPZRtVw5Y+tXfDp6q8YRXK8RREtmi
+HKJySYjyMz01kda3IVVq4siFvTQt0mP9St8RjNrERSsCQQDKHKmudIdUAU+nRs89
+i5S0N9x3jiX7j+yO+9b5Nm+JAPsimA/pA2gQhkXD5UURerIoEc/JLODdqbmT5G7b
+DNnHAkEA3uL0wpKi6ZVDIT2JtD5eSgUCT7ON2mIis2dcHc1dFimz8g8RjFf2cWih
+fc3+nRypohBpXdUXY7AZgXfZ1nRqowJBAMh1f1JZn3ORTViC4b+QNnA8y30EzuVg
+TWdPn1tUQ3GmOG+KVJVu3IMvOfje6A87G4Kkj+tfiLQxx69IrS6z4zcCQCkeIynb
+RSoEti3Dxtstxn8HMWGpz1SyAtI9/lmmxec+HNOIvgwX8z28VtAbRMo+lt/Fp0rn
+bfFmyZ0PPmTHrLE=
+-----END PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0500943b/kerby-kerb/integration-test/src/test/resources/token-service-public_key.pem
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/test/resources/token-service-public_key.pem b/kerby-kerb/integration-test/src/test/resources/token-service-public_key.pem
new file mode 100644
index 0000000..471a517
--- /dev/null
+++ b/kerby-kerb/integration-test/src/test/resources/token-service-public_key.pem
@@ -0,0 +1,6 @@
+-----BEGIN PUBLIC KEY-----
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4BaCukPmveaHtV7OxXP8/mCCV
+Y2oHXqd+6iIliPRVCxirgp2XHg2nrAkBJTt/y13IHCeVl6Avm7UMzXxxv60NND1H
+e6+zDMgh3IVZM/Xe8uNHNF2C6jR6Z4KQ/GfccTvLuEQwWOt47CjZNDMFFzr2niOZ
+Us6V/0QzqDbHdDc3bQIDAQAB
+-----END PUBLIC KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0500943b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/base/KrbToken.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/base/KrbToken.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/base/KrbToken.java
index 5e3ce13..c40b7bb 100644
--- a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/base/KrbToken.java
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/base/KrbToken.java
@@ -104,7 +104,7 @@ public class KrbToken extends KrbSequenceType implements AuthToken {
/**
* Set token type.
*/
- private void setTokenType() {
+ public void setTokenType() {
List<String> audiences = this.innerToken.getAudiences();
if (audiences.size() == 1 && audiences.get(0).startsWith(KrbConstant.TGS_PRINCIPAL)) {
isIdToken(true);
@@ -327,4 +327,8 @@ public class KrbToken extends KrbSequenceType implements AuthToken {
public void addAttribute(String name, Object value) {
innerToken.addAttribute(name, value);
}
+
+ public void setInnerToken(AuthToken authToken) {
+ this.innerToken = authToken;
+ }
}
[04/48] directory-kerby git commit: Revert to compile version 3.1,
as I get a failure while runing mvn deplay with 3.3
Posted by pl...@apache.org.
Revert to compile version 3.1, as I get a failure while runing mvn deplay with 3.3
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/bf752eff
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/bf752eff
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/bf752eff
Branch: refs/heads/pkinit-support
Commit: bf752eff0a2982b03f17866d859bbc69b49d1dfb
Parents: 8a38279
Author: Emmanuel Lécharny <el...@symas.com>
Authored: Thu Sep 10 14:33:51 2015 +0200
Committer: Emmanuel Lécharny <el...@symas.com>
Committed: Thu Sep 10 14:33:51 2015 +0200
----------------------------------------------------------------------
pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/bf752eff/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index e0c3a8a..45b6bb4 100644
--- a/pom.xml
+++ b/pom.xml
@@ -108,7 +108,7 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
- <version>3.3</version>
+ <version>3.1</version>
<configuration>
<source>1.7</source>
<target>1.7</target>
[41/48] directory-kerby git commit: Merge remote-tracking branch
'asf/master'
Posted by pl...@apache.org.
Merge remote-tracking branch 'asf/master'
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/103de43f
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/103de43f
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/103de43f
Branch: refs/heads/pkinit-support
Commit: 103de43fab2fd4c1f1bc39c5215cd706ace14e85
Parents: 0365e57 8ad5f32
Author: plusplus_jiajia <ji...@intel.com>
Authored: Tue Oct 27 13:34:33 2015 +0800
Committer: plusplus_jiajia <ji...@intel.com>
Committed: Tue Oct 27 13:34:33 2015 +0800
----------------------------------------------------------------------
benchmark/pom.xml | 6 +++---
kerby-backend/json-backend/pom.xml | 2 +-
kerby-dist/kdc-dist/pom.xml | 2 +-
kerby-provider/token-provider/pom.xml | 2 +-
pom.xml | 4 +++-
5 files changed, 9 insertions(+), 7 deletions(-)
----------------------------------------------------------------------
[38/48] directory-kerby git commit: DIRKRB-436 KDC accepts an
unsigned JWT token.
Posted by pl...@apache.org.
DIRKRB-436 KDC accepts an unsigned JWT token.
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/23eee00f
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/23eee00f
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/23eee00f
Branch: refs/heads/pkinit-support
Commit: 23eee00f8e320559d45a9285a9983610aaad146f
Parents: e567dfd
Author: plusplus_jiajia <ji...@intel.com>
Authored: Fri Oct 23 15:41:23 2015 +0800
Committer: plusplus_jiajia <ji...@intel.com>
Committed: Fri Oct 23 15:41:23 2015 +0800
----------------------------------------------------------------------
.../org/apache/kerby/kerberos/kdc/WithAccessTokenKdcTest.java | 4 +---
.../apache/kerby/kerberos/kdc/WithIdentityTokenKdcTest.java | 4 +---
.../kerberos/kerb/server/preauth/token/TokenPreauth.java | 3 +++
.../apache/kerby/kerberos/provider/token/JwtTokenDecoder.java | 7 +++++++
4 files changed, 12 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/23eee00f/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithAccessTokenKdcTest.java
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithAccessTokenKdcTest.java b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithAccessTokenKdcTest.java
index 6c8020e..3a2d4ff 100644
--- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithAccessTokenKdcTest.java
+++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithAccessTokenKdcTest.java
@@ -71,10 +71,8 @@ public class WithAccessTokenKdcTest extends WithTokenKdcTestBase {
Assert.assertTrue(ex instanceof KrbException);
}
}
-
- // TODO - not failing yet.
+
@Test
- @org.junit.Ignore
public void testUnsignedToken() throws Exception {
prepareToken(getServerPrincipal(), ISSUER, AUDIENCE, null, null);
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/23eee00f/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithIdentityTokenKdcTest.java
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithIdentityTokenKdcTest.java b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithIdentityTokenKdcTest.java
index b0dd04d..3c0895f 100644
--- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithIdentityTokenKdcTest.java
+++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithIdentityTokenKdcTest.java
@@ -73,10 +73,8 @@ public class WithIdentityTokenKdcTest extends WithTokenKdcTestBase {
Assert.assertTrue(ex instanceof KrbException);
}
}
-
- // TODO - not failing yet.
+
@Test
- @org.junit.Ignore
public void testUnsignedToken() throws Exception {
prepareToken(null, ISSUER, "krbtgt2@EXAMPLE.COM", null, null);
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/23eee00f/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java
index f3c8741..a2c57d6 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java
@@ -88,6 +88,9 @@ public class TokenPreauth extends AbstractPreauthPlugin {
AuthToken authToken = null;
try {
authToken = tokenDecoder.decodeFromBytes(token.getTokenValue());
+ if (!((JwtTokenDecoder) tokenDecoder).isSigned()) {
+ throw new KrbException("Token should be signed.");
+ }
} catch (IOException e) {
throw new KrbException("Decoding failed", e);
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/23eee00f/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtTokenDecoder.java
----------------------------------------------------------------------
diff --git a/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtTokenDecoder.java b/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtTokenDecoder.java
index 50a2ece..b42dd86 100644
--- a/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtTokenDecoder.java
+++ b/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtTokenDecoder.java
@@ -55,6 +55,7 @@ public class JwtTokenDecoder implements TokenDecoder {
private Object decryptionKey;
private Object verifyKey;
private List<String> audiences = null;
+ private boolean signed = false;
/**
* {@inheritDoc}
@@ -100,6 +101,7 @@ public class JwtTokenDecoder implements TokenDecoder {
boolean success = verifySignedJWT(signedJWT) && verifyToken(signedJWT);
if (success) {
try {
+ signed = true;
return new JwtAuthToken(signedJWT.getJWTClaimsSet());
} catch (ParseException e) {
throw new IOException("Failed to get JWT claims set", e);
@@ -123,6 +125,7 @@ public class JwtTokenDecoder implements TokenDecoder {
boolean success = verifySignedJWT(signedJWT) && verifyToken(signedJWT);
if (success) {
try {
+ signed = true;
return new JwtAuthToken(signedJWT.getJWTClaimsSet());
} catch (ParseException e) {
throw new IOException("Failed to get JWT claims set", e);
@@ -274,4 +277,8 @@ public class JwtTokenDecoder implements TokenDecoder {
}
return valid;
}
+
+ public boolean isSigned() {
+ return signed;
+ }
}
[06/48] directory-kerby git commit: [maven-release-plugin] prepare
for next development iteration
Posted by pl...@apache.org.
[maven-release-plugin] prepare for next development iteration
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/03e65e76
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/03e65e76
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/03e65e76
Branch: refs/heads/pkinit-support
Commit: 03e65e76c0f6b7bde90f352e5ec08396102865b7
Parents: 69d6369
Author: Emmanuel Lécharny <el...@symas.com>
Authored: Thu Sep 10 14:43:39 2015 +0200
Committer: Emmanuel Lécharny <el...@symas.com>
Committed: Thu Sep 10 14:43:39 2015 +0200
----------------------------------------------------------------------
benchmark/pom.xml | 2 +-
kerby-asn1/pom.xml | 2 +-
kerby-backend/json-backend/pom.xml | 2 +-
kerby-backend/ldap-backend/pom.xml | 2 +-
kerby-backend/mavibot-backend/pom.xml | 2 +-
kerby-backend/pom.xml | 2 +-
kerby-backend/zookeeper-backend/pom.xml | 2 +-
kerby-config/pom.xml | 2 +-
kerby-dist/kdc-dist/pom.xml | 2 +-
kerby-dist/pom.xml | 2 +-
kerby-dist/tool-dist/pom.xml | 2 +-
kerby-kdc-test/pom.xml | 2 +-
kerby-kdc/pom.xml | 2 +-
kerby-kerb/integration-test/pom.xml | 2 +-
kerby-kerb/kerb-admin/pom.xml | 2 +-
kerby-kerb/kerb-client-api-all/pom.xml | 2 +-
kerby-kerb/kerb-client/pom.xml | 2 +-
kerby-kerb/kerb-common/pom.xml | 2 +-
kerby-kerb/kerb-core-test/pom.xml | 2 +-
kerby-kerb/kerb-core/pom.xml | 2 +-
kerby-kerb/kerb-crypto/pom.xml | 2 +-
kerby-kerb/kerb-identity-test/pom.xml | 2 +-
kerby-kerb/kerb-identity/pom.xml | 2 +-
kerby-kerb/kerb-kdc-test/pom.xml | 2 +-
kerby-kerb/kerb-server-api-all/pom.xml | 2 +-
kerby-kerb/kerb-server/pom.xml | 2 +-
kerby-kerb/kerb-simplekdc/pom.xml | 2 +-
kerby-kerb/kerb-util/pom.xml | 2 +-
kerby-kerb/pom.xml | 2 +-
kerby-provider/pom.xml | 2 +-
kerby-provider/token-provider/pom.xml | 2 +-
kerby-tool/client-tool/pom.xml | 2 +-
kerby-tool/kdc-tool/pom.xml | 2 +-
kerby-tool/pom.xml | 2 +-
kerby-util/pom.xml | 2 +-
pom.xml | 4 ++--
36 files changed, 37 insertions(+), 37 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/03e65e76/benchmark/pom.xml
----------------------------------------------------------------------
diff --git a/benchmark/pom.xml b/benchmark/pom.xml
index 7426de0..ec7561a 100644
--- a/benchmark/pom.xml
+++ b/benchmark/pom.xml
@@ -17,7 +17,7 @@
<parent>
<artifactId>kerby-all</artifactId>
<groupId>org.apache.kerby</groupId>
- <version>1.0.0-RC1</version>
+ <version>1.0.0-RC2-SNAPSHOT</version>
</parent>
<artifactId>benchmark</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/03e65e76/kerby-asn1/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-asn1/pom.xml b/kerby-asn1/pom.xml
index 718b0d0..b89e06a 100644
--- a/kerby-asn1/pom.xml
+++ b/kerby-asn1/pom.xml
@@ -17,7 +17,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-all</artifactId>
- <version>1.0.0-RC1</version>
+ <version>1.0.0-RC2-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/03e65e76/kerby-backend/json-backend/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-backend/json-backend/pom.xml b/kerby-backend/json-backend/pom.xml
index f9bf4f3..f1f6e1f 100644
--- a/kerby-backend/json-backend/pom.xml
+++ b/kerby-backend/json-backend/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-backend</artifactId>
- <version>1.0.0-RC1</version>
+ <version>1.0.0-RC2-SNAPSHOT</version>
</parent>
<artifactId>json-backend</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/03e65e76/kerby-backend/ldap-backend/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-backend/ldap-backend/pom.xml b/kerby-backend/ldap-backend/pom.xml
index 2e0c5aa..7c3ae0f 100644
--- a/kerby-backend/ldap-backend/pom.xml
+++ b/kerby-backend/ldap-backend/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-backend</artifactId>
- <version>1.0.0-RC1</version>
+ <version>1.0.0-RC2-SNAPSHOT</version>
</parent>
<artifactId>ldap-backend</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/03e65e76/kerby-backend/mavibot-backend/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-backend/mavibot-backend/pom.xml b/kerby-backend/mavibot-backend/pom.xml
index e0fd72f..71a7454 100644
--- a/kerby-backend/mavibot-backend/pom.xml
+++ b/kerby-backend/mavibot-backend/pom.xml
@@ -22,7 +22,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-backend</artifactId>
- <version>1.0.0-RC1</version>
+ <version>1.0.0-RC2-SNAPSHOT</version>
</parent>
<artifactId>mavibot-backend</artifactId>
<name>Mavibot based backend</name>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/03e65e76/kerby-backend/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-backend/pom.xml b/kerby-backend/pom.xml
index 15f8fdb..1305721 100644
--- a/kerby-backend/pom.xml
+++ b/kerby-backend/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-all</artifactId>
- <version>1.0.0-RC1</version>
+ <version>1.0.0-RC2-SNAPSHOT</version>
</parent>
<artifactId>kerby-backend</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/03e65e76/kerby-backend/zookeeper-backend/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-backend/zookeeper-backend/pom.xml b/kerby-backend/zookeeper-backend/pom.xml
index d0a701c..03b7cac 100644
--- a/kerby-backend/zookeeper-backend/pom.xml
+++ b/kerby-backend/zookeeper-backend/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-backend</artifactId>
- <version>1.0.0-RC1</version>
+ <version>1.0.0-RC2-SNAPSHOT</version>
</parent>
<artifactId>zookeeper-backend</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/03e65e76/kerby-config/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-config/pom.xml b/kerby-config/pom.xml
index bca15e1..41b7dc1 100644
--- a/kerby-config/pom.xml
+++ b/kerby-config/pom.xml
@@ -17,7 +17,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-all</artifactId>
- <version>1.0.0-RC1</version>
+ <version>1.0.0-RC2-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/03e65e76/kerby-dist/kdc-dist/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-dist/kdc-dist/pom.xml b/kerby-dist/kdc-dist/pom.xml
index 2617960..b464e43 100644
--- a/kerby-dist/kdc-dist/pom.xml
+++ b/kerby-dist/kdc-dist/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-dist</artifactId>
- <version>1.0.0-RC1</version>
+ <version>1.0.0-RC2-SNAPSHOT</version>
</parent>
<artifactId>kdc-dist</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/03e65e76/kerby-dist/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-dist/pom.xml b/kerby-dist/pom.xml
index f6dcb1e..6fc0948 100644
--- a/kerby-dist/pom.xml
+++ b/kerby-dist/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-all</artifactId>
- <version>1.0.0-RC1</version>
+ <version>1.0.0-RC2-SNAPSHOT</version>
</parent>
<artifactId>kerby-dist</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/03e65e76/kerby-dist/tool-dist/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-dist/tool-dist/pom.xml b/kerby-dist/tool-dist/pom.xml
index 8a4144b..7bf67ce 100644
--- a/kerby-dist/tool-dist/pom.xml
+++ b/kerby-dist/tool-dist/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-dist</artifactId>
- <version>1.0.0-RC1</version>
+ <version>1.0.0-RC2-SNAPSHOT</version>
</parent>
<artifactId>tool-dist</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/03e65e76/kerby-kdc-test/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/pom.xml b/kerby-kdc-test/pom.xml
index 2acd191..a5d983c 100644
--- a/kerby-kdc-test/pom.xml
+++ b/kerby-kdc-test/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-all</artifactId>
- <version>1.0.0-RC1</version>
+ <version>1.0.0-RC2-SNAPSHOT</version>
</parent>
<artifactId>kerby-kdc-test</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/03e65e76/kerby-kdc/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kdc/pom.xml b/kerby-kdc/pom.xml
index b0417db..ed222ec 100644
--- a/kerby-kdc/pom.xml
+++ b/kerby-kdc/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-all</artifactId>
- <version>1.0.0-RC1</version>
+ <version>1.0.0-RC2-SNAPSHOT</version>
</parent>
<artifactId>kerby-kdc</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/03e65e76/kerby-kerb/integration-test/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/pom.xml b/kerby-kerb/integration-test/pom.xml
index 0af11d9..d73c192 100644
--- a/kerby-kerb/integration-test/pom.xml
+++ b/kerby-kerb/integration-test/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-kerb</artifactId>
- <version>1.0.0-RC1</version>
+ <version>1.0.0-RC2-SNAPSHOT</version>
</parent>
<artifactId>integration-test</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/03e65e76/kerby-kerb/kerb-admin/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/pom.xml b/kerby-kerb/kerb-admin/pom.xml
index da16b90..effc642 100644
--- a/kerby-kerb/kerb-admin/pom.xml
+++ b/kerby-kerb/kerb-admin/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-kerb</artifactId>
- <version>1.0.0-RC1</version>
+ <version>1.0.0-RC2-SNAPSHOT</version>
</parent>
<artifactId>kerb-admin</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/03e65e76/kerby-kerb/kerb-client-api-all/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client-api-all/pom.xml b/kerby-kerb/kerb-client-api-all/pom.xml
index aa3a48e..41fb292 100644
--- a/kerby-kerb/kerb-client-api-all/pom.xml
+++ b/kerby-kerb/kerb-client-api-all/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-kerb</artifactId>
- <version>1.0.0-RC1</version>
+ <version>1.0.0-RC2-SNAPSHOT</version>
</parent>
<artifactId>kerb-client-api-all</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/03e65e76/kerby-kerb/kerb-client/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/pom.xml b/kerby-kerb/kerb-client/pom.xml
index 3208405..d75eaea 100644
--- a/kerby-kerb/kerb-client/pom.xml
+++ b/kerby-kerb/kerb-client/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-kerb</artifactId>
- <version>1.0.0-RC1</version>
+ <version>1.0.0-RC2-SNAPSHOT</version>
</parent>
<artifactId>kerb-client</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/03e65e76/kerby-kerb/kerb-common/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-common/pom.xml b/kerby-kerb/kerb-common/pom.xml
index 45d2894..e896aed 100644
--- a/kerby-kerb/kerb-common/pom.xml
+++ b/kerby-kerb/kerb-common/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-kerb</artifactId>
- <version>1.0.0-RC1</version>
+ <version>1.0.0-RC2-SNAPSHOT</version>
</parent>
<artifactId>kerb-common</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/03e65e76/kerby-kerb/kerb-core-test/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core-test/pom.xml b/kerby-kerb/kerb-core-test/pom.xml
index 8940d99..d796f98 100644
--- a/kerby-kerb/kerb-core-test/pom.xml
+++ b/kerby-kerb/kerb-core-test/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-kerb</artifactId>
- <version>1.0.0-RC1</version>
+ <version>1.0.0-RC2-SNAPSHOT</version>
</parent>
<artifactId>kerb-core-test</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/03e65e76/kerby-kerb/kerb-core/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/pom.xml b/kerby-kerb/kerb-core/pom.xml
index 07c819f..1eb5140 100644
--- a/kerby-kerb/kerb-core/pom.xml
+++ b/kerby-kerb/kerb-core/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-kerb</artifactId>
- <version>1.0.0-RC1</version>
+ <version>1.0.0-RC2-SNAPSHOT</version>
</parent>
<artifactId>kerb-core</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/03e65e76/kerby-kerb/kerb-crypto/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/pom.xml b/kerby-kerb/kerb-crypto/pom.xml
index 539de46..94c3a80 100644
--- a/kerby-kerb/kerb-crypto/pom.xml
+++ b/kerby-kerb/kerb-crypto/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-kerb</artifactId>
- <version>1.0.0-RC1</version>
+ <version>1.0.0-RC2-SNAPSHOT</version>
</parent>
<artifactId>kerb-crypto</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/03e65e76/kerby-kerb/kerb-identity-test/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-identity-test/pom.xml b/kerby-kerb/kerb-identity-test/pom.xml
index 871c3aa..abb4138 100644
--- a/kerby-kerb/kerb-identity-test/pom.xml
+++ b/kerby-kerb/kerb-identity-test/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-kerb</artifactId>
- <version>1.0.0-RC1</version>
+ <version>1.0.0-RC2-SNAPSHOT</version>
</parent>
<artifactId>kerb-identity-test</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/03e65e76/kerby-kerb/kerb-identity/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-identity/pom.xml b/kerby-kerb/kerb-identity/pom.xml
index 6905cc3..f1dd25a 100644
--- a/kerby-kerb/kerb-identity/pom.xml
+++ b/kerby-kerb/kerb-identity/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-kerb</artifactId>
- <version>1.0.0-RC1</version>
+ <version>1.0.0-RC2-SNAPSHOT</version>
</parent>
<artifactId>kerb-identity</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/03e65e76/kerby-kerb/kerb-kdc-test/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/pom.xml b/kerby-kerb/kerb-kdc-test/pom.xml
index 8a8cbbe..fae0ea9 100644
--- a/kerby-kerb/kerb-kdc-test/pom.xml
+++ b/kerby-kerb/kerb-kdc-test/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-kerb</artifactId>
- <version>1.0.0-RC1</version>
+ <version>1.0.0-RC2-SNAPSHOT</version>
</parent>
<artifactId>kerb-kdc-test</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/03e65e76/kerby-kerb/kerb-server-api-all/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server-api-all/pom.xml b/kerby-kerb/kerb-server-api-all/pom.xml
index d5e3c66..fccc515 100644
--- a/kerby-kerb/kerb-server-api-all/pom.xml
+++ b/kerby-kerb/kerb-server-api-all/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-kerb</artifactId>
- <version>1.0.0-RC1</version>
+ <version>1.0.0-RC2-SNAPSHOT</version>
</parent>
<artifactId>kerb-server-api-all</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/03e65e76/kerby-kerb/kerb-server/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/pom.xml b/kerby-kerb/kerb-server/pom.xml
index 139d215..edb355c 100644
--- a/kerby-kerb/kerb-server/pom.xml
+++ b/kerby-kerb/kerb-server/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-kerb</artifactId>
- <version>1.0.0-RC1</version>
+ <version>1.0.0-RC2-SNAPSHOT</version>
</parent>
<artifactId>kerb-server</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/03e65e76/kerby-kerb/kerb-simplekdc/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-simplekdc/pom.xml b/kerby-kerb/kerb-simplekdc/pom.xml
index 1e9ce65..9e23c69 100644
--- a/kerby-kerb/kerb-simplekdc/pom.xml
+++ b/kerby-kerb/kerb-simplekdc/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-kerb</artifactId>
- <version>1.0.0-RC1</version>
+ <version>1.0.0-RC2-SNAPSHOT</version>
</parent>
<artifactId>kerb-simplekdc</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/03e65e76/kerby-kerb/kerb-util/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-util/pom.xml b/kerby-kerb/kerb-util/pom.xml
index 4bd4f15..9c2afc7 100644
--- a/kerby-kerb/kerb-util/pom.xml
+++ b/kerby-kerb/kerb-util/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-kerb</artifactId>
- <version>1.0.0-RC1</version>
+ <version>1.0.0-RC2-SNAPSHOT</version>
</parent>
<artifactId>kerb-util</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/03e65e76/kerby-kerb/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/pom.xml b/kerby-kerb/pom.xml
index 32bc10a..768d899 100644
--- a/kerby-kerb/pom.xml
+++ b/kerby-kerb/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-all</artifactId>
- <version>1.0.0-RC1</version>
+ <version>1.0.0-RC2-SNAPSHOT</version>
</parent>
<artifactId>kerby-kerb</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/03e65e76/kerby-provider/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-provider/pom.xml b/kerby-provider/pom.xml
index 7b2bfa7..1519bd3 100644
--- a/kerby-provider/pom.xml
+++ b/kerby-provider/pom.xml
@@ -16,7 +16,7 @@
<parent>
<artifactId>kerby-all</artifactId>
<groupId>org.apache.kerby</groupId>
- <version>1.0.0-RC1</version>
+ <version>1.0.0-RC2-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/03e65e76/kerby-provider/token-provider/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-provider/token-provider/pom.xml b/kerby-provider/token-provider/pom.xml
index d51992a..74729c6 100644
--- a/kerby-provider/token-provider/pom.xml
+++ b/kerby-provider/token-provider/pom.xml
@@ -16,7 +16,7 @@
<parent>
<artifactId>kerby-provider</artifactId>
<groupId>org.apache.kerby</groupId>
- <version>1.0.0-RC1</version>
+ <version>1.0.0-RC2-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/03e65e76/kerby-tool/client-tool/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-tool/client-tool/pom.xml b/kerby-tool/client-tool/pom.xml
index adef01f..b6fb6d1 100644
--- a/kerby-tool/client-tool/pom.xml
+++ b/kerby-tool/client-tool/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-tool</artifactId>
- <version>1.0.0-RC1</version>
+ <version>1.0.0-RC2-SNAPSHOT</version>
</parent>
<artifactId>client-tool</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/03e65e76/kerby-tool/kdc-tool/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-tool/kdc-tool/pom.xml b/kerby-tool/kdc-tool/pom.xml
index 7afb9ea..33f8eff 100644
--- a/kerby-tool/kdc-tool/pom.xml
+++ b/kerby-tool/kdc-tool/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-tool</artifactId>
- <version>1.0.0-RC1</version>
+ <version>1.0.0-RC2-SNAPSHOT</version>
</parent>
<artifactId>kdc-tool</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/03e65e76/kerby-tool/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-tool/pom.xml b/kerby-tool/pom.xml
index 3721fb9..b834f66 100644
--- a/kerby-tool/pom.xml
+++ b/kerby-tool/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-all</artifactId>
- <version>1.0.0-RC1</version>
+ <version>1.0.0-RC2-SNAPSHOT</version>
</parent>
<artifactId>kerby-tool</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/03e65e76/kerby-util/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-util/pom.xml b/kerby-util/pom.xml
index 4f156d1..8756dc1 100644
--- a/kerby-util/pom.xml
+++ b/kerby-util/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-all</artifactId>
- <version>1.0.0-RC1</version>
+ <version>1.0.0-RC2-SNAPSHOT</version>
</parent>
<artifactId>kerby-util</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/03e65e76/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index 3f15371..67ec4fd 100644
--- a/pom.xml
+++ b/pom.xml
@@ -24,7 +24,7 @@
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-all</artifactId>
- <version>1.0.0-RC1</version>
+ <version>1.0.0-RC2-SNAPSHOT</version>
<packaging>pom</packaging>
<name>Apache Kerby Project</name>
@@ -36,7 +36,7 @@
<connection>scm:git:https://git-wip-us.apache.org/repos/asf/directory-kerby.git</connection>
<url>https://github.com/apache/directory-kerby</url>
<developerConnection>scm:git:https://git-wip-us.apache.org/repos/asf/directory-kerby.git</developerConnection>
- <tag>kerby-all-1.0.0-RC1</tag>
+ <tag>HEAD</tag>
</scm>
<distributionManagement>
[34/48] directory-kerby git commit: DIRKRB-435 JWT Audience
restriction validation is not working.
Posted by pl...@apache.org.
DIRKRB-435 JWT Audience restriction validation is not working.
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/3cec9dc0
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/3cec9dc0
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/3cec9dc0
Branch: refs/heads/pkinit-support
Commit: 3cec9dc02ff630d3ad4eea563c384afc84ff6cb7
Parents: b4c2b2d
Author: plusplus_jiajia <ji...@intel.com>
Authored: Thu Oct 22 14:56:16 2015 +0800
Committer: plusplus_jiajia <ji...@intel.com>
Committed: Thu Oct 22 14:56:16 2015 +0800
----------------------------------------------------------------------
.../apache/kerby/kerberos/kdc/WithAccessTokenKdcTest.java | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/3cec9dc0/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithAccessTokenKdcTest.java
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithAccessTokenKdcTest.java b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithAccessTokenKdcTest.java
index d623098..a119282 100644
--- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithAccessTokenKdcTest.java
+++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithAccessTokenKdcTest.java
@@ -24,6 +24,7 @@ import java.security.PrivateKey;
import org.apache.kerby.kerberos.kerb.KrbException;
import org.apache.kerby.kerberos.kerb.common.PrivateKeyReader;
+import org.apache.kerby.kerberos.kerb.server.TestKdcServer;
import org.apache.kerby.kerberos.kerb.spec.ticket.ServiceTicket;
import org.junit.Assert;
import org.junit.Test;
@@ -50,14 +51,13 @@ public class WithAccessTokenKdcTest extends WithTokenKdcTestBase {
Assert.assertTrue(ex instanceof KrbException);
}
}
-
- // TODO - not failing yet.
+
@Test
- @org.junit.Ignore
public void testBadAudienceRestriction() throws Exception {
InputStream is = WithTokenKdcTestBase.class.getResourceAsStream("/private_key.pem");
PrivateKey privateKey = PrivateKeyReader.loadPrivateKey(is);
- prepareToken(getServerPrincipal(), ISSUER, "krbtgt2@EXAMPLE.COM", privateKey);
+ prepareToken("bad-service" + "/" + getHostname() + "@" + TestKdcServer.KDC_REALM,
+ ISSUER, AUDIENCE, privateKey);
try {
performTest();
[36/48] directory-kerby git commit: Add support for decrypting JWT
tokens in the KDC
Posted by pl...@apache.org.
Add support for decrypting JWT tokens in the KDC
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/b58fb7f6
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/b58fb7f6
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/b58fb7f6
Branch: refs/heads/pkinit-support
Commit: b58fb7f69935f404e78f195892a193c8e89760e3
Parents: c3ada0c
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Thu Oct 22 11:26:57 2015 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Thu Oct 22 11:26:57 2015 +0100
----------------------------------------------------------------------
.../kerberos/kdc/WithAccessTokenKdcTest.java | 23 +++++-
.../kerberos/kdc/WithIdentityTokenKdcTest.java | 23 +++++-
.../kerberos/kdc/WithTokenKdcTestBase.java | 12 ++-
.../kerby/kerberos/kerb/server/KdcConfig.java | 4 +
.../kerberos/kerb/server/KdcConfigKey.java | 1 +
.../kerb/server/preauth/token/TokenPreauth.java | 87 +++++++++++++-------
6 files changed, 112 insertions(+), 38 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/b58fb7f6/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithAccessTokenKdcTest.java
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithAccessTokenKdcTest.java b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithAccessTokenKdcTest.java
index 544923d..0664529 100644
--- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithAccessTokenKdcTest.java
+++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithAccessTokenKdcTest.java
@@ -23,9 +23,11 @@ import java.io.InputStream;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
+import java.security.PublicKey;
import org.apache.kerby.kerberos.kerb.KrbException;
import org.apache.kerby.kerberos.kerb.common.PrivateKeyReader;
+import org.apache.kerby.kerberos.kerb.common.PublicKeyReader;
import org.apache.kerby.kerberos.kerb.server.TestKdcServer;
import org.apache.kerby.kerberos.kerb.spec.ticket.ServiceTicket;
import org.junit.Assert;
@@ -43,7 +45,7 @@ public class WithAccessTokenKdcTest extends WithTokenKdcTestBase {
public void testBadIssuer() throws Exception {
InputStream is = WithTokenKdcTestBase.class.getResourceAsStream("/private_key.pem");
PrivateKey privateKey = PrivateKeyReader.loadPrivateKey(is);
- prepareToken(getServerPrincipal(), "oauth1.com", AUDIENCE, privateKey);
+ prepareToken(getServerPrincipal(), "oauth1.com", AUDIENCE, privateKey, null);
try {
performTest();
@@ -59,7 +61,7 @@ public class WithAccessTokenKdcTest extends WithTokenKdcTestBase {
InputStream is = WithTokenKdcTestBase.class.getResourceAsStream("/private_key.pem");
PrivateKey privateKey = PrivateKeyReader.loadPrivateKey(is);
prepareToken("bad-service" + "/" + getHostname() + "@" + TestKdcServer.KDC_REALM,
- ISSUER, AUDIENCE, privateKey);
+ ISSUER, AUDIENCE, privateKey, null);
try {
performTest();
@@ -74,7 +76,7 @@ public class WithAccessTokenKdcTest extends WithTokenKdcTestBase {
@Test
@org.junit.Ignore
public void testUnsignedToken() throws Exception {
- prepareToken(getServerPrincipal(), ISSUER, AUDIENCE, null);
+ prepareToken(getServerPrincipal(), ISSUER, AUDIENCE, null, null);
try {
performTest();
@@ -89,7 +91,7 @@ public class WithAccessTokenKdcTest extends WithTokenKdcTestBase {
public void testSignedTokenWithABadKey() throws Exception {
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
KeyPair keyPair = keyGen.generateKeyPair();
- prepareToken(getServerPrincipal(), ISSUER, AUDIENCE, keyPair.getPrivate());
+ prepareToken(getServerPrincipal(), ISSUER, AUDIENCE, keyPair.getPrivate(), null);
try {
performTest();
@@ -100,6 +102,19 @@ public class WithAccessTokenKdcTest extends WithTokenKdcTestBase {
}
}
+ @Test
+ public void testSignedEncryptedToken() throws Exception {
+ InputStream is = WithTokenKdcTestBase.class.getResourceAsStream("/private_key.pem");
+ PrivateKey privateKey = PrivateKeyReader.loadPrivateKey(is);
+
+ is = WithTokenKdcTestBase.class.getResourceAsStream("/oauth2.com_public_key.pem");
+ PublicKey publicKey = PublicKeyReader.loadPublicKey(is);
+
+ prepareToken(getServerPrincipal(), ISSUER, AUDIENCE, privateKey, publicKey);
+
+ performTest();
+ }
+
private void performTest() throws Exception {
createCredentialCache(getClientPrincipal(), getClientPassword());
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/b58fb7f6/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithIdentityTokenKdcTest.java
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithIdentityTokenKdcTest.java b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithIdentityTokenKdcTest.java
index 71f9da7..eb89df6 100644
--- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithIdentityTokenKdcTest.java
+++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithIdentityTokenKdcTest.java
@@ -21,6 +21,7 @@ package org.apache.kerby.kerberos.kdc;
import org.apache.kerby.kerberos.kerb.KrbException;
import org.apache.kerby.kerberos.kerb.common.PrivateKeyReader;
+import org.apache.kerby.kerberos.kerb.common.PublicKeyReader;
import org.apache.kerby.kerberos.kerb.spec.ticket.ServiceTicket;
import org.apache.kerby.kerberos.kerb.spec.ticket.TgtTicket;
import org.junit.Assert;
@@ -30,6 +31,7 @@ import java.io.InputStream;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
+import java.security.PublicKey;
public class WithIdentityTokenKdcTest extends WithTokenKdcTestBase {
@@ -44,7 +46,7 @@ public class WithIdentityTokenKdcTest extends WithTokenKdcTestBase {
public void testBadIssuer() throws Exception {
InputStream is = WithTokenKdcTestBase.class.getResourceAsStream("/private_key.pem");
PrivateKey privateKey = PrivateKeyReader.loadPrivateKey(is);
- prepareToken(null, "oauth1.com", AUDIENCE, privateKey);
+ prepareToken(null, "oauth1.com", AUDIENCE, privateKey, null);
try {
performTest();
@@ -61,7 +63,7 @@ public class WithIdentityTokenKdcTest extends WithTokenKdcTestBase {
public void testBadAudienceRestriction() throws Exception {
InputStream is = WithTokenKdcTestBase.class.getResourceAsStream("/private_key.pem");
PrivateKey privateKey = PrivateKeyReader.loadPrivateKey(is);
- prepareToken(null, ISSUER, "krbtgt2@EXAMPLE.COM", privateKey);
+ prepareToken(null, ISSUER, "krbtgt2@EXAMPLE.COM", privateKey, null);
try {
performTest();
@@ -76,7 +78,7 @@ public class WithIdentityTokenKdcTest extends WithTokenKdcTestBase {
@Test
@org.junit.Ignore
public void testUnsignedToken() throws Exception {
- prepareToken(null, ISSUER, "krbtgt2@EXAMPLE.COM", null);
+ prepareToken(null, ISSUER, "krbtgt2@EXAMPLE.COM", null, null);
try {
performTest();
@@ -91,7 +93,7 @@ public class WithIdentityTokenKdcTest extends WithTokenKdcTestBase {
public void testSignedTokenWithABadKey() throws Exception {
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
KeyPair keyPair = keyGen.generateKeyPair();
- prepareToken(null, ISSUER, AUDIENCE, keyPair.getPrivate());
+ prepareToken(null, ISSUER, AUDIENCE, keyPair.getPrivate(), null);
try {
performTest();
@@ -102,6 +104,19 @@ public class WithIdentityTokenKdcTest extends WithTokenKdcTestBase {
}
}
+ @Test
+ public void testSignedEncryptedToken() throws Exception {
+ InputStream is = WithTokenKdcTestBase.class.getResourceAsStream("/private_key.pem");
+ PrivateKey privateKey = PrivateKeyReader.loadPrivateKey(is);
+
+ is = WithTokenKdcTestBase.class.getResourceAsStream("/oauth2.com_public_key.pem");
+ PublicKey publicKey = PublicKeyReader.loadPublicKey(is);
+
+ prepareToken(null, ISSUER, AUDIENCE, privateKey, publicKey);
+
+ performTest();
+ }
+
private void performTest() throws Exception {
createCredentialCache(getClientPrincipal(), getClientPassword());
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/b58fb7f6/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithTokenKdcTestBase.java
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithTokenKdcTestBase.java b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithTokenKdcTestBase.java
index 8db50f9..0b94be5 100644
--- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithTokenKdcTestBase.java
+++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithTokenKdcTestBase.java
@@ -39,7 +39,9 @@ import org.junit.Before;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
+import java.net.URL;
import java.security.PrivateKey;
+import java.security.PublicKey;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
@@ -66,6 +68,9 @@ public class WithTokenKdcTestBase extends KdcTestBase {
super.configKdcSeverAndClient();
String verifyKeyPath = this.getClass().getResource("/").getPath();
getKdcServer().getKdcConfig().setString(KdcConfigKey.VERIFY_KEY, verifyKeyPath);
+
+ URL privateKeyPath = WithTokenKdcTestBase.class.getResource("/private_key.pem");
+ getKdcServer().getKdcConfig().setString(KdcConfigKey.DECRYPTION_KEY, privateKeyPath.getPath());
getKdcServer().getKdcConfig().setString(KdcConfigKey.ISSUERS, ISSUER);
}
@@ -86,11 +91,11 @@ public class WithTokenKdcTestBase extends KdcTestBase {
e.printStackTrace();
}
- return prepareToken(servicePrincipal, ISSUER, AUDIENCE, privateKey);
+ return prepareToken(servicePrincipal, ISSUER, AUDIENCE, privateKey, null);
}
protected AuthToken prepareToken(String servicePrincipal, String issuer, String audience,
- PrivateKey signingKey) {
+ PrivateKey signingKey, PublicKey encryptionKey) {
AuthToken authToken = KrbRuntime.getTokenProvider().createTokenFactory().createToken();
authToken.setIssuer(issuer);
authToken.setSubject(SUBJECT);
@@ -121,6 +126,9 @@ public class WithTokenKdcTestBase extends KdcTestBase {
if (tokenEncoder instanceof JwtTokenEncoder && signingKey != null) {
((JwtTokenEncoder) tokenEncoder).setSignKey(signingKey);
}
+ if (tokenEncoder instanceof JwtTokenEncoder && encryptionKey != null) {
+ ((JwtTokenEncoder) tokenEncoder).setEncryptionKey(encryptionKey);
+ }
krbToken = new KrbToken();
krbToken.setInnerToken(authToken);
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/b58fb7f6/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfig.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfig.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfig.java
index dc2fc78..82b8dfd 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfig.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfig.java
@@ -167,6 +167,10 @@ public class KdcConfig extends Conf {
return KrbConfHelper.getStringUnderSection(this, KdcConfigKey.VERIFY_KEY);
}
+ public String getDecryptionKeyConfig() {
+ return KrbConfHelper.getStringUnderSection(this, KdcConfigKey.DECRYPTION_KEY);
+ }
+
public List<String> getIssuers() {
return Arrays.asList(KrbConfHelper.getStringArrayUnderSection(this, KdcConfigKey.ISSUERS));
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/b58fb7f6/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfigKey.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfigKey.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfigKey.java
index 771c781..178d19d 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfigKey.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfigKey.java
@@ -50,6 +50,7 @@ public enum KdcConfigKey implements SectionConfigKey {
RESTRICT_ANONYMOUS_TO_TGT(false, "kdcdefaults"),
KDC_MAX_DGRAM_REPLY_SIZE(4096, "kdcdefaults"),
VERIFY_KEY(null, "kdcdefaults"),
+ DECRYPTION_KEY(null, "kdcdefaults"),
ISSUERS(null, "kdcdefaults");
private Object defaultValue;
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/b58fb7f6/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java
index 2de66b5..f3c8741 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java
@@ -23,6 +23,7 @@ import org.apache.kerby.kerberos.kerb.KrbCodec;
import org.apache.kerby.kerberos.kerb.KrbException;
import org.apache.kerby.kerberos.kerb.KrbRuntime;
import org.apache.kerby.kerberos.kerb.common.EncryptionUtil;
+import org.apache.kerby.kerberos.kerb.common.PrivateKeyReader;
import org.apache.kerby.kerberos.kerb.common.PublicKeyReader;
import org.apache.kerby.kerberos.kerb.preauth.PluginRequestContext;
import org.apache.kerby.kerberos.kerb.preauth.token.TokenPreauthMeta;
@@ -47,6 +48,7 @@ import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
+import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.List;
@@ -78,25 +80,11 @@ public class TokenPreauth extends AbstractPreauthPlugin {
if (!(issuers.contains(issuer))) {
throw new KrbException("Unconfigured issuer: " + issuer);
}
+
+ // Configure keys
TokenDecoder tokenDecoder = KrbRuntime.getTokenProvider().createTokenDecoder();
- if (tokenDecoder instanceof JwtTokenDecoder) {
- String verifyKeyPath = kdcRequest.getKdcContext().getConfig().getVerifyKeyConfig();
- if (verifyKeyPath != null) {
- File verifyKeyFile = getVerifyKeyFile(verifyKeyPath, issuer);
- if (verifyKeyFile != null) {
- PublicKey verifyKey = null;
- try {
- FileInputStream fis = new FileInputStream(verifyKeyFile);
- verifyKey = PublicKeyReader.loadPublicKey(fis);
- } catch (FileNotFoundException e) {
- e.printStackTrace();
- } catch (Exception e) {
- e.printStackTrace();
- }
- ((JwtTokenDecoder) tokenDecoder).setVerifyKey(verifyKey);
- }
- }
- }
+ configureKeys(tokenDecoder, kdcRequest, issuer);
+
AuthToken authToken = null;
try {
authToken = tokenDecoder.decodeFromBytes(token.getTokenValue());
@@ -127,18 +115,61 @@ public class TokenPreauth extends AbstractPreauthPlugin {
return false;
}
}
+
+ private void configureKeys(TokenDecoder tokenDecoder, KdcRequest kdcRequest, String issuer) {
+ if (tokenDecoder instanceof JwtTokenDecoder) {
+ String verifyKeyPath = kdcRequest.getKdcContext().getConfig().getVerifyKeyConfig();
+ if (verifyKeyPath != null) {
+ File verifyKeyFile = getKeyFile(verifyKeyPath, issuer);
+ if (verifyKeyFile != null) {
+ PublicKey verifyKey = null;
+ try {
+ FileInputStream fis = new FileInputStream(verifyKeyFile);
+ verifyKey = PublicKeyReader.loadPublicKey(fis);
+ } catch (FileNotFoundException e) {
+ e.printStackTrace();
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ ((JwtTokenDecoder) tokenDecoder).setVerifyKey(verifyKey);
+ }
+ }
+ String decryptionKeyPath = kdcRequest.getKdcContext().getConfig().getDecryptionKeyConfig();
+ if (decryptionKeyPath != null) {
+ File decryptionKeyFile = getKeyFile(decryptionKeyPath, issuer);
+ if (decryptionKeyFile != null) {
+ PrivateKey decryptionKey = null;
+ try {
+ FileInputStream fis = new FileInputStream(decryptionKeyFile);
+ decryptionKey = PrivateKeyReader.loadPrivateKey(fis);
+ } catch (FileNotFoundException e) {
+ e.printStackTrace();
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ ((JwtTokenDecoder) tokenDecoder).setDecryptionKey(decryptionKey);
+ }
+ }
+ }
+ }
- private File getVerifyKeyFile(String path, String issuer) {
- File folder = new File(path);
- File[] listOfFiles = folder.listFiles();
- File verifyKeyFile = null;
-
- for (int i = 0; i < listOfFiles.length; i++) {
- if (listOfFiles[i].isFile() && listOfFiles[i].getName().contains(issuer)) {
- verifyKeyFile = listOfFiles[i];
- break;
+ private File getKeyFile(String path, String issuer) {
+ File file = new File(path);
+ if (file.isDirectory()) {
+ File[] listOfFiles = file.listFiles();
+ File verifyKeyFile = null;
+
+ for (int i = 0; i < listOfFiles.length; i++) {
+ if (listOfFiles[i].isFile() && listOfFiles[i].getName().contains(issuer)) {
+ verifyKeyFile = listOfFiles[i];
+ break;
+ }
}
+ return verifyKeyFile;
+ } else if (file.isFile()) {
+ return file;
}
- return verifyKeyFile;
+
+ return null;
}
}
[46/48] directory-kerby git commit: wip
Posted by pl...@apache.org.
wip
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/81232465
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/81232465
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/81232465
Branch: refs/heads/pkinit-support
Commit: 812324651da8759b9d2959ce5679ff9b2dc887b3
Parents: 6006704
Author: yaningxu <ya...@gmail.com>
Authored: Tue Nov 3 16:50:42 2015 +0800
Committer: yaningxu <ya...@gmail.com>
Committed: Tue Nov 3 16:50:42 2015 +0800
----------------------------------------------------------------------
.../org/apache/kerby/kerberos/tool/kinit/KinitTool.java | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/81232465/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/kinit/KinitTool.java
----------------------------------------------------------------------
diff --git a/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/kinit/KinitTool.java b/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/kinit/KinitTool.java
index 0a4ed6d..7760f34 100644
--- a/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/kinit/KinitTool.java
+++ b/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/kinit/KinitTool.java
@@ -24,6 +24,7 @@ import org.apache.kerby.KOptions;
import org.apache.kerby.kerberos.kerb.KrbException;
import org.apache.kerby.kerberos.kerb.client.KrbClient;
import org.apache.kerby.kerberos.kerb.client.KrbOption;
+import org.apache.kerby.kerberos.kerb.spec.ticket.ServiceTicket;
import org.apache.kerby.kerberos.kerb.spec.ticket.TgtTicket;
import org.apache.kerby.kerberos.tool.ToolUtil;
import org.apache.kerby.util.OSUtil;
@@ -103,7 +104,7 @@ public class KinitTool {
}
private static void requestTicket(String principal,
- KOptions ktOptions) {
+ KOptions ktOptions) throws KrbException {
ktOptions.add(KinitOption.CLIENT_PRINCIPAL, principal);
File confDir = null;
@@ -153,6 +154,13 @@ public class KinitTool {
System.err.println("Store ticket failed: " + e.getMessage());
System.exit(1);
}
+
+ if (ktOptions.contains(KinitOption.SERVICE)) {
+ String servicePrincipal = ktOptions.getStringOption(KinitOption.SERVICE);
+ ServiceTicket serviceTicket =
+ krbClient.requestServiceTicketWithTgt(tgt, servicePrincipal);
+ System.out.println(serviceTicket.toString());
+ }
System.out.println("Successfully requested and stored ticket in "
+ ccacheFile.getAbsolutePath());
}
[16/48] directory-kerby git commit: DIRKRB-422. Enhance json backend
to support transaction for reasonable efficiency,
allowing flush only when commit
Posted by pl...@apache.org.
DIRKRB-422. Enhance json backend to support transaction for reasonable efficiency, allowing flush only when commit
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/3dd63f3b
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/3dd63f3b
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/3dd63f3b
Branch: refs/heads/pkinit-support
Commit: 3dd63f3b8a931e6a9ca44c6e70ff95ff48202c8b
Parents: cd135c0
Author: Kai Zheng <ka...@intel.com>
Authored: Mon Sep 28 22:27:09 2015 +0800
Committer: Kai Zheng <ka...@intel.com>
Committed: Mon Sep 28 22:27:09 2015 +0800
----------------------------------------------------------------------
.../identitybackend/JsonIdentityBackend.java | 202 ++++++++++++++-----
1 file changed, 150 insertions(+), 52 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/3dd63f3b/kerby-backend/json-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/JsonIdentityBackend.java
----------------------------------------------------------------------
diff --git a/kerby-backend/json-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/JsonIdentityBackend.java b/kerby-backend/json-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/JsonIdentityBackend.java
index 37e210d..7aadf43 100644
--- a/kerby-backend/json-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/JsonIdentityBackend.java
+++ b/kerby-backend/json-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/JsonIdentityBackend.java
@@ -27,6 +27,7 @@ import org.apache.kerby.kerberos.kdc.identitybackend.typeAdapter.EncryptionKeyAd
import org.apache.kerby.kerberos.kdc.identitybackend.typeAdapter.KerberosTimeAdapter;
import org.apache.kerby.kerberos.kdc.identitybackend.typeAdapter.PrincipalNameAdapter;
import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.identity.BatchTrans;
import org.apache.kerby.kerberos.kerb.identity.KrbIdentity;
import org.apache.kerby.kerberos.kerb.identity.backend.AbstractIdentityBackend;
import org.apache.kerby.kerberos.kerb.spec.KerberosTime;
@@ -45,13 +46,16 @@ import java.util.List;
import java.util.Map;
import java.util.TreeMap;
import java.util.concurrent.ConcurrentHashMap;
+import java.util.concurrent.locks.Lock;
+import java.util.concurrent.locks.ReentrantLock;
/**
* A Json file based backend implementation.
- *
*/
public class JsonIdentityBackend extends AbstractIdentityBackend {
- private static final Logger LOG = LoggerFactory.getLogger(JsonIdentityBackend.class);
+ private static final Logger LOG =
+ LoggerFactory.getLogger(JsonIdentityBackend.class);
+
public static final String JSON_IDENTITY_BACKEND_DIR = "backend.json.dir";
private File jsonKdbFile;
private Gson gson;
@@ -61,6 +65,8 @@ public class JsonIdentityBackend extends AbstractIdentityBackend {
new ConcurrentHashMap<>(new TreeMap<String, KrbIdentity>());
private long kdbFileUpdateTime = -1;
+ private Lock lock = new ReentrantLock();
+
public JsonIdentityBackend() {
}
@@ -78,69 +84,90 @@ public class JsonIdentityBackend extends AbstractIdentityBackend {
* {@inheritDoc}
*/
@Override
- protected void doInitialize() throws KrbException {
- LOG.info("Initializing the Json identity backend.");
- createGson();
- load();
+ public boolean supportBatchTrans() {
+ return true;
}
/**
- * Load identities from file
+ * {@inheritDoc}
*/
- private void load() throws KrbException {
- LOG.info("Loading the identities from json file.");
- String jsonFile = getConfig().getString(JSON_IDENTITY_BACKEND_DIR);
+ @Override
+ public BatchTrans startBatchTrans() throws KrbException {
+ if (lock.tryLock()) {
+ checkAndReload();
+ return new JsonBatchTrans();
+ }
+ return null;
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ protected void doInitialize() throws KrbException {
+ LOG.info("Initializing the Json identity backend.");
+
+ initGsonBuilder();
+
+ String dirPath = getConfig().getString(JSON_IDENTITY_BACKEND_DIR);
File jsonFileDir;
- if (jsonFile == null || jsonFile.isEmpty()) {
+ if (dirPath == null || dirPath.isEmpty()) {
jsonFileDir = getBackendConfig().getConfDir();
} else {
- jsonFileDir = new File(jsonFile);
+ jsonFileDir = new File(dirPath);
if (!jsonFileDir.exists() && !jsonFileDir.mkdirs()) {
- throw new KrbException("could not create json file dir " + jsonFileDir);
+ throw new KrbException("Failed to create json file dir " + jsonFileDir);
}
}
jsonKdbFile = new File(jsonFileDir, "json-backend.json");
-
if (!jsonKdbFile.exists()) {
try {
jsonKdbFile.createNewFile();
} catch (IOException e) {
- e.printStackTrace();
+ throw new KrbException("Failed to create " + jsonKdbFile.getAbsolutePath());
}
}
-
- checkAndReload();
}
- /**
- * Check kdb file timestamp to see if it's changed or not. If
- * necessary load the kdb again.
- */
- private synchronized void checkAndReload() throws KrbException {
- long nowTimeStamp = jsonKdbFile.lastModified();
+ private void load() throws KrbException {
+ LOG.info("Loading the identities from json file.");
- if (kdbFileUpdateTime < 0 ||
- nowTimeStamp != kdbFileUpdateTime) {
- //load identities
- String reloadedJsonContent;
+ long nowTimeStamp = jsonKdbFile.lastModified();
+ String reloadedJsonContent;
+ if (lock.tryLock()) {
try {
- reloadedJsonContent = IOUtil.readFile(jsonKdbFile);
- } catch (IOException e) {
- throw new KrbException("Failed to read file", e);
- }
+ try {
+ reloadedJsonContent = IOUtil.readFile(jsonKdbFile);
+ } catch (IOException e) {
+ throw new KrbException("Failed to read file", e);
+ }
- Map<String, KrbIdentity> reloadedEntries =
- gson.fromJson(reloadedJsonContent,
- new TypeToken<HashMap<String, KrbIdentity>>() {
- }.getType());
+ Map<String, KrbIdentity> reloadedEntries =
+ gson.fromJson(reloadedJsonContent,
+ new TypeToken<HashMap<String, KrbIdentity>>() {
+ }.getType());
- if (reloadedEntries != null) {
- identities.clear();
- identities.putAll(reloadedEntries);
+ if (reloadedEntries != null) {
+ identities.clear();
+ identities.putAll(reloadedEntries);
+ }
+
+ kdbFileUpdateTime = nowTimeStamp;
+ } finally {
+ lock.unlock();
}
+ }
+ }
- kdbFileUpdateTime = nowTimeStamp;
+ /**
+ * Check kdb file timestamp to see if it's changed or not. If
+ * necessary load the kdb again.
+ */
+ private void checkAndReload() throws KrbException {
+ long nowTimeStamp = jsonKdbFile.lastModified();
+ if (nowTimeStamp != kdbFileUpdateTime) {
+ load();
}
}
@@ -160,8 +187,14 @@ public class JsonIdentityBackend extends AbstractIdentityBackend {
protected KrbIdentity doAddIdentity(KrbIdentity identity) throws KrbException {
checkAndReload();
- identities.put(identity.getPrincipalName(), identity);
- persistToFile();
+ if (lock.tryLock()) {
+ try {
+ identities.put(identity.getPrincipalName(), identity);
+ persistToFile();
+ } finally {
+ lock.unlock();
+ }
+ }
return doGetIdentity(identity.getPrincipalName());
}
@@ -172,8 +205,15 @@ public class JsonIdentityBackend extends AbstractIdentityBackend {
@Override
protected KrbIdentity doUpdateIdentity(KrbIdentity identity) throws KrbException {
checkAndReload();
- identities.put(identity.getPrincipalName(), identity);
- persistToFile();
+
+ if (lock.tryLock()) {
+ try {
+ identities.put(identity.getPrincipalName(), identity);
+ persistToFile();
+ } finally {
+ lock.unlock();
+ }
+ }
return doGetIdentity(identity.getPrincipalName());
}
@@ -184,10 +224,19 @@ public class JsonIdentityBackend extends AbstractIdentityBackend {
@Override
protected void doDeleteIdentity(String principalName) throws KrbException {
checkAndReload();
- if (identities.containsKey(principalName)) {
- identities.remove(principalName);
+
+ if (!identities.containsKey(principalName)) {
+ return;
+ }
+
+ if (lock.tryLock()) {
+ try {
+ identities.remove(principalName);
+ persistToFile();
+ } finally {
+ lock.unlock();
+ }
}
- persistToFile();
}
/**
@@ -201,10 +250,7 @@ public class JsonIdentityBackend extends AbstractIdentityBackend {
return principals;
}
- /**
- *Create a gson
- */
- private void createGson() {
+ private void initGsonBuilder() {
GsonBuilder gsonBuilder = new GsonBuilder();
gsonBuilder.registerTypeAdapter(EncryptionKey.class, new EncryptionKeyAdapter());
gsonBuilder.registerTypeAdapter(PrincipalName.class, new PrincipalNameAdapter());
@@ -214,14 +260,66 @@ public class JsonIdentityBackend extends AbstractIdentityBackend {
gson = gsonBuilder.create();
}
- private synchronized void persistToFile() throws KrbException {
+ private void persistToFile() throws KrbException {
String newJsonContent = gson.toJson(identities);
try {
- IOUtil.writeFile(newJsonContent, jsonKdbFile);
+ File newJsonKdbFile = File.createTempFile("kerby-kdb",
+ ".json", jsonKdbFile.getParentFile());
+ IOUtil.writeFile(newJsonContent, newJsonKdbFile);
+ newJsonKdbFile.renameTo(jsonKdbFile);
kdbFileUpdateTime = jsonKdbFile.lastModified();
} catch (IOException e) {
LOG.error("Error occurred while writing identities to file: " + jsonKdbFile);
throw new KrbException("Failed to write file", e);
}
}
+
+ class JsonBatchTrans implements BatchTrans {
+
+ @Override
+ public void commit() throws KrbException {
+ try {
+ // Force to persist memory states to disk file.
+ persistToFile();
+ } finally {
+ lock.unlock();
+ }
+ }
+
+ @Override
+ public void rollback() throws KrbException {
+ // Force to reload from disk file and disgard the memory states.
+ try {
+ load();
+ } finally {
+ lock.unlock();
+ }
+ }
+
+ @Override
+ public BatchTrans addIdentity(KrbIdentity identity) throws KrbException {
+ if (identity != null &&
+ identities.containsKey(identity.getPrincipalName())) {
+ identities.put(identity.getPrincipalName(), identity);
+ }
+ return this;
+ }
+
+ @Override
+ public BatchTrans updateIdentity(KrbIdentity identity) throws KrbException {
+ if (identity != null &&
+ identities.containsKey(identity.getPrincipalName())) {
+ identities.put(identity.getPrincipalName(), identity);
+ }
+ return this;
+ }
+
+ @Override
+ public BatchTrans deleteIdentity(String principalName) throws KrbException {
+ if (principalName != null && identities.containsKey(principalName)) {
+ identities.remove(principalName);
+ }
+ return this;
+ }
+ }
}
[18/48] directory-kerby git commit: DIRKRB Default KDC network
repeatedly reports socket timeout exception unnecessarily
Posted by pl...@apache.org.
DIRKRB Default KDC network repeatedly reports socket timeout exception unnecessarily
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/3b5a4463
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/3b5a4463
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/3b5a4463
Branch: refs/heads/pkinit-support
Commit: 3b5a44638c2cfbc4ba968f82e52ace09dd6edd32
Parents: 3dd63f3
Author: Kai Zheng <ka...@intel.com>
Authored: Wed Sep 30 06:57:42 2015 +0800
Committer: Kai Zheng <ka...@intel.com>
Committed: Wed Sep 30 06:57:42 2015 +0800
----------------------------------------------------------------------
docs/kerby-checkstyle.xml | 3 +++
.../kerberos/kdc/identitybackend/JsonIdentityBackend.java | 8 ++++----
.../org/apache/kerby/kerberos/kerb/transport/KdcNetwork.java | 8 +++++---
3 files changed, 12 insertions(+), 7 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/3b5a4463/docs/kerby-checkstyle.xml
----------------------------------------------------------------------
diff --git a/docs/kerby-checkstyle.xml b/docs/kerby-checkstyle.xml
index 239edbd..3538cd6 100644
--- a/docs/kerby-checkstyle.xml
+++ b/docs/kerby-checkstyle.xml
@@ -133,6 +133,7 @@
<module name="ArrayTypeStyle"/>
<module name="UpperEll"/>
+ <module name="FileContentsHolder"/>
</module>
@@ -144,4 +145,6 @@
<!-- See http://checkstyle.sourceforge.net/config_misc.html#UniqueProperties -->
<module name="UniqueProperties"/>
+ <module name="SuppressionCommentFilter"/>
+
</module>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/3b5a4463/kerby-backend/json-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/JsonIdentityBackend.java
----------------------------------------------------------------------
diff --git a/kerby-backend/json-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/JsonIdentityBackend.java b/kerby-backend/json-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/JsonIdentityBackend.java
index 7aadf43..6139ef3 100644
--- a/kerby-backend/json-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/JsonIdentityBackend.java
+++ b/kerby-backend/json-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/JsonIdentityBackend.java
@@ -298,8 +298,8 @@ public class JsonIdentityBackend extends AbstractIdentityBackend {
@Override
public BatchTrans addIdentity(KrbIdentity identity) throws KrbException {
- if (identity != null &&
- identities.containsKey(identity.getPrincipalName())) {
+ if (identity != null
+ && identities.containsKey(identity.getPrincipalName())) {
identities.put(identity.getPrincipalName(), identity);
}
return this;
@@ -307,8 +307,8 @@ public class JsonIdentityBackend extends AbstractIdentityBackend {
@Override
public BatchTrans updateIdentity(KrbIdentity identity) throws KrbException {
- if (identity != null &&
- identities.containsKey(identity.getPrincipalName())) {
+ if (identity != null
+ && identities.containsKey(identity.getPrincipalName())) {
identities.put(identity.getPrincipalName(), identity);
}
return this;
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/3b5a4463/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/transport/KdcNetwork.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/transport/KdcNetwork.java b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/transport/KdcNetwork.java
index 7174edd..e3d7570 100644
--- a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/transport/KdcNetwork.java
+++ b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/transport/KdcNetwork.java
@@ -73,6 +73,7 @@ public abstract class KdcNetwork {
}).start();
}
+ //CHECKSTYLE:OFF
private void run() {
while (true) {
synchronized (this) {
@@ -85,7 +86,7 @@ public abstract class KdcNetwork {
try {
checkAndAccept();
} catch (SocketTimeoutException e) { //NOPMD
- System.err.println(e); //NOOP as normal
+ //NOOP as normal
} catch (IOException e) {
throw new RuntimeException("Error occured while checking tcp connections", e);
}
@@ -94,14 +95,15 @@ public abstract class KdcNetwork {
if (tpair.udpAddress != null) {
try {
checkUdpMessage();
- } catch (SocketTimeoutException e) {
- System.err.println(e); //NOOP as normal
+ } catch (SocketTimeoutException e) { //NOPMD
+ //NOOP as normal
} catch (IOException e) {
throw new RuntimeException("Error occured while checking udp connections", e);
}
}
}
}
+ //CHECKSTYLE:ON
public synchronized void stop() {
isStopped = true;
[35/48] directory-kerby git commit: Fixed a NPE on a bad JWT
signature validation + added tests.
Posted by pl...@apache.org.
Fixed a NPE on a bad JWT signature validation + added tests.
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/c3ada0cd
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/c3ada0cd
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/c3ada0cd
Branch: refs/heads/pkinit-support
Commit: c3ada0cd7b1535a7d3f5f43230a63b964dc2c4a9
Parents: 3cec9dc
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Thu Oct 22 10:45:37 2015 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Thu Oct 22 10:45:37 2015 +0100
----------------------------------------------------------------------
.../kerby/kerberos/kdc/WithAccessTokenKdcTest.java | 17 +++++++++++++++++
.../kerberos/kdc/WithIdentityTokenKdcTest.java | 17 +++++++++++++++++
.../kerb/server/preauth/token/TokenPreauth.java | 4 ++++
3 files changed, 38 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/c3ada0cd/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithAccessTokenKdcTest.java
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithAccessTokenKdcTest.java b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithAccessTokenKdcTest.java
index a119282..544923d 100644
--- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithAccessTokenKdcTest.java
+++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithAccessTokenKdcTest.java
@@ -20,6 +20,8 @@
package org.apache.kerby.kerberos.kdc;
import java.io.InputStream;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import org.apache.kerby.kerberos.kerb.KrbException;
@@ -83,6 +85,21 @@ public class WithAccessTokenKdcTest extends WithTokenKdcTestBase {
}
}
+ @Test
+ public void testSignedTokenWithABadKey() throws Exception {
+ KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
+ KeyPair keyPair = keyGen.generateKeyPair();
+ prepareToken(getServerPrincipal(), ISSUER, AUDIENCE, keyPair.getPrivate());
+
+ try {
+ performTest();
+ Assert.fail("Failure expected on a bad key");
+ } catch (Exception ex) {
+ // expected
+ Assert.assertTrue(ex instanceof KrbException);
+ }
+ }
+
private void performTest() throws Exception {
createCredentialCache(getClientPrincipal(), getClientPassword());
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/c3ada0cd/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithIdentityTokenKdcTest.java
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithIdentityTokenKdcTest.java b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithIdentityTokenKdcTest.java
index 73e7820..71f9da7 100644
--- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithIdentityTokenKdcTest.java
+++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithIdentityTokenKdcTest.java
@@ -27,6 +27,8 @@ import org.junit.Assert;
import org.junit.Test;
import java.io.InputStream;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
import java.security.PrivateKey;
public class WithIdentityTokenKdcTest extends WithTokenKdcTestBase {
@@ -85,6 +87,21 @@ public class WithIdentityTokenKdcTest extends WithTokenKdcTestBase {
}
}
+ @Test
+ public void testSignedTokenWithABadKey() throws Exception {
+ KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
+ KeyPair keyPair = keyGen.generateKeyPair();
+ prepareToken(null, ISSUER, AUDIENCE, keyPair.getPrivate());
+
+ try {
+ performTest();
+ Assert.fail("Failure expected on a bad key");
+ } catch (Exception ex) {
+ // expected
+ Assert.assertTrue(ex instanceof KrbException);
+ }
+ }
+
private void performTest() throws Exception {
createCredentialCache(getClientPrincipal(), getClientPassword());
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/c3ada0cd/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java
index 2e8e860..2de66b5 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java
@@ -103,6 +103,10 @@ public class TokenPreauth extends AbstractPreauthPlugin {
} catch (IOException e) {
throw new KrbException("Decoding failed", e);
}
+
+ if (authToken == null) {
+ throw new KrbException("Token Decoding failed");
+ }
if (kdcRequest instanceof AsRequest) {
AsRequest asRequest = (AsRequest) kdcRequest;
[14/48] directory-kerby git commit: XTrans changed to be BatchTrans
to better reflect its purpose
Posted by pl...@apache.org.
XTrans changed to be BatchTrans to better reflect its purpose
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/f49e9f79
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/f49e9f79
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/f49e9f79
Branch: refs/heads/pkinit-support
Commit: f49e9f79e14223567d5b8938b326f3eea7d6edf2
Parents: 705775a
Author: Kai Zheng <ka...@intel.com>
Authored: Sat Sep 26 06:40:50 2015 +0800
Committer: Kai Zheng <ka...@intel.com>
Committed: Sat Sep 26 06:40:50 2015 +0800
----------------------------------------------------------------------
.../kerberos/kerb/identity/BatchTrans.java | 65 ++++++++++++++++++++
.../kerb/identity/CacheableIdentityService.java | 4 +-
.../kerberos/kerb/identity/IdentityService.java | 4 +-
.../kerby/kerberos/kerb/identity/XTrans.java | 65 --------------------
.../backend/AbstractIdentityBackend.java | 6 +-
5 files changed, 72 insertions(+), 72 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f49e9f79/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/BatchTrans.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/BatchTrans.java b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/BatchTrans.java
new file mode 100644
index 0000000..b85cc2e
--- /dev/null
+++ b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/BatchTrans.java
@@ -0,0 +1,65 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.identity;
+
+import org.apache.kerby.kerberos.kerb.KrbException;
+
+/**
+ * Batch operations support to create/update/delete principal accounts
+ * in a transaction.
+ */
+public interface BatchTrans {
+
+ /**
+ * Commit this transaction, releasing any associated resources.
+ * @throws KrbException
+ */
+ void commit() throws KrbException;
+
+ /**
+ * Give up this transaction, releasing any associated resources.
+ * @throws KrbException
+ */
+ void rollback() throws KrbException;
+
+ /**
+ * Add an identity, and return the newly created result.
+ * @param identity The identity
+ * @return BatchTrans
+ * @throws KrbException e
+ */
+ BatchTrans addIdentity(KrbIdentity identity) throws KrbException;
+
+ /**
+ * Update an identity, and return the updated result.
+ * @param identity The identity
+ * @return BatchTrans
+ * @throws KrbException e
+ */
+ BatchTrans updateIdentity(KrbIdentity identity) throws KrbException;
+
+ /**
+ * Delete the identity specified by principal name
+ * @param principalName The principal name
+ * @return BatchTrans
+ * @throws KrbException e
+ */
+ BatchTrans deleteIdentity(String principalName) throws KrbException;
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f49e9f79/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/CacheableIdentityService.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/CacheableIdentityService.java b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/CacheableIdentityService.java
index ac00ebf..0e8fe4b 100644
--- a/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/CacheableIdentityService.java
+++ b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/CacheableIdentityService.java
@@ -54,7 +54,7 @@ public class CacheableIdentityService
* {@inheritDoc}
*/
@Override
- public boolean supportXtrans() {
+ public boolean supportBatchTrans() {
return false;
}
@@ -62,7 +62,7 @@ public class CacheableIdentityService
* {@inheritDoc}
*/
@Override
- public XTrans startXtrans() throws KrbException {
+ public BatchTrans startBatchTrans() throws KrbException {
throw new KrbException("Transaction isn't supported");
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f49e9f79/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/IdentityService.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/IdentityService.java b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/IdentityService.java
index ee6b3f6..2f0ca2e 100644
--- a/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/IdentityService.java
+++ b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/IdentityService.java
@@ -30,13 +30,13 @@ public interface IdentityService {
* Query to know if xtrans is supported or not.
* @return true if supported, false otherwise
*/
- boolean supportXtrans();
+ boolean supportBatchTrans();
/**
* Start a transaction.
* @return xtrans
*/
- XTrans startXtrans() throws KrbException;
+ BatchTrans startBatchTrans() throws KrbException;
/**
* Get all of the identity principal names.
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f49e9f79/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/XTrans.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/XTrans.java b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/XTrans.java
deleted file mode 100644
index b5dcb6b..0000000
--- a/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/XTrans.java
+++ /dev/null
@@ -1,65 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerby.kerberos.kerb.identity;
-
-import org.apache.kerby.kerberos.kerb.KrbException;
-
-/**
- * Batch operations support to create/update/delete principal accounts
- * in a transaction.
- */
-public interface XTrans {
-
- /**
- * Commit this transaction, releasing any associated resources.
- * @throws KrbException
- */
- void commit() throws KrbException;
-
- /**
- * Give up this transaction, releasing any associated resources.
- * @throws KrbException
- */
- void rollback() throws KrbException;
-
- /**
- * Add an identity, and return the newly created result.
- * @param identity The identity
- * @return XTrans
- * @throws KrbException e
- */
- XTrans addIdentity(KrbIdentity identity) throws KrbException;
-
- /**
- * Update an identity, and return the updated result.
- * @param identity The identity
- * @return XTrans
- * @throws KrbException e
- */
- XTrans updateIdentity(KrbIdentity identity) throws KrbException;
-
- /**
- * Delete the identity specified by principal name
- * @param principalName The principal name
- * @return XTrans
- * @throws KrbException e
- */
- XTrans deleteIdentity(String principalName) throws KrbException;
-}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f49e9f79/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/AbstractIdentityBackend.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/AbstractIdentityBackend.java b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/AbstractIdentityBackend.java
index 991fce0..7c0e6b3 100644
--- a/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/AbstractIdentityBackend.java
+++ b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/AbstractIdentityBackend.java
@@ -21,7 +21,7 @@ package org.apache.kerby.kerberos.kerb.identity.backend;
import org.apache.kerby.config.Configured;
import org.apache.kerby.kerberos.kerb.KrbException;
-import org.apache.kerby.kerberos.kerb.identity.XTrans;
+import org.apache.kerby.kerberos.kerb.identity.BatchTrans;
import org.apache.kerby.kerberos.kerb.identity.KrbIdentity;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -60,7 +60,7 @@ public abstract class AbstractIdentityBackend
* {@inheritDoc}
*/
@Override
- public boolean supportXtrans() {
+ public boolean supportBatchTrans() {
return false;
}
@@ -68,7 +68,7 @@ public abstract class AbstractIdentityBackend
* {@inheritDoc}
*/
@Override
- public XTrans startXtrans() throws KrbException {
+ public BatchTrans startBatchTrans() throws KrbException {
throw new KrbException("Transaction isn't supported");
}
[17/48] directory-kerby git commit: Checkstyle fix
Posted by pl...@apache.org.
Checkstyle fix
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/f9d9974b
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/f9d9974b
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/f9d9974b
Branch: refs/heads/pkinit-support
Commit: f9d9974b92bf16e3a3cf65a73245ee73d2aed5cc
Parents: 3dd63f3
Author: Stefan Seelmann <ma...@stefan-seelmann.de>
Authored: Mon Sep 28 19:55:42 2015 +0200
Committer: Stefan Seelmann <ma...@stefan-seelmann.de>
Committed: Mon Sep 28 19:55:42 2015 +0200
----------------------------------------------------------------------
.../kerberos/kdc/identitybackend/JsonIdentityBackend.java | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f9d9974b/kerby-backend/json-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/JsonIdentityBackend.java
----------------------------------------------------------------------
diff --git a/kerby-backend/json-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/JsonIdentityBackend.java b/kerby-backend/json-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/JsonIdentityBackend.java
index 7aadf43..6139ef3 100644
--- a/kerby-backend/json-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/JsonIdentityBackend.java
+++ b/kerby-backend/json-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/JsonIdentityBackend.java
@@ -298,8 +298,8 @@ public class JsonIdentityBackend extends AbstractIdentityBackend {
@Override
public BatchTrans addIdentity(KrbIdentity identity) throws KrbException {
- if (identity != null &&
- identities.containsKey(identity.getPrincipalName())) {
+ if (identity != null
+ && identities.containsKey(identity.getPrincipalName())) {
identities.put(identity.getPrincipalName(), identity);
}
return this;
@@ -307,8 +307,8 @@ public class JsonIdentityBackend extends AbstractIdentityBackend {
@Override
public BatchTrans updateIdentity(KrbIdentity identity) throws KrbException {
- if (identity != null &&
- identities.containsKey(identity.getPrincipalName())) {
+ if (identity != null
+ && identities.containsKey(identity.getPrincipalName())) {
identities.put(identity.getPrincipalName(), identity);
}
return this;
[12/48] directory-kerby git commit: Refined the new transaction API
Posted by pl...@apache.org.
Refined the new transaction API
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/217ac5e1
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/217ac5e1
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/217ac5e1
Branch: refs/heads/pkinit-support
Commit: 217ac5e1b8a396be8c97c114c32d5cae8fa79839
Parents: 0aa0802
Author: Kai Zheng <ka...@intel.com>
Authored: Fri Sep 25 10:28:18 2015 +0800
Committer: Kai Zheng <ka...@intel.com>
Committed: Fri Sep 25 10:28:18 2015 +0800
----------------------------------------------------------------------
.../kerb/identity/CacheableIdentityService.java | 4 +-
.../kerberos/kerb/identity/IdentityService.java | 8 +--
.../kerb/identity/IdentityTransaction.java | 64 -------------------
.../kerby/kerberos/kerb/identity/XTrans.java | 65 ++++++++++++++++++++
.../backend/AbstractIdentityBackend.java | 6 +-
5 files changed, 74 insertions(+), 73 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/217ac5e1/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/CacheableIdentityService.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/CacheableIdentityService.java b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/CacheableIdentityService.java
index 5b9ec29..ac00ebf 100644
--- a/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/CacheableIdentityService.java
+++ b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/CacheableIdentityService.java
@@ -54,7 +54,7 @@ public class CacheableIdentityService
* {@inheritDoc}
*/
@Override
- public boolean supportTransaction() {
+ public boolean supportXtrans() {
return false;
}
@@ -62,7 +62,7 @@ public class CacheableIdentityService
* {@inheritDoc}
*/
@Override
- public IdentityTransaction startTransaction() throws KrbException {
+ public XTrans startXtrans() throws KrbException {
throw new KrbException("Transaction isn't supported");
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/217ac5e1/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/IdentityService.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/IdentityService.java b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/IdentityService.java
index 73ff44b..ee6b3f6 100644
--- a/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/IdentityService.java
+++ b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/IdentityService.java
@@ -27,16 +27,16 @@ import org.apache.kerby.kerberos.kerb.KrbException;
public interface IdentityService {
/**
- * Query to know if transaction is supported or not.
+ * Query to know if xtrans is supported or not.
* @return true if supported, false otherwise
*/
- boolean supportTransaction();
+ boolean supportXtrans();
/**
* Start a transaction.
- * @return transaction
+ * @return xtrans
*/
- IdentityTransaction startTransaction() throws KrbException;
+ XTrans startXtrans() throws KrbException;
/**
* Get all of the identity principal names.
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/217ac5e1/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/IdentityTransaction.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/IdentityTransaction.java b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/IdentityTransaction.java
deleted file mode 100644
index d86876b..0000000
--- a/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/IdentityTransaction.java
+++ /dev/null
@@ -1,64 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerby.kerberos.kerb.identity;
-
-import org.apache.kerby.kerberos.kerb.KrbException;
-
-/**
- * Identity transaction for KDC backend to create/update/delete principal accounts.
- */
-public interface IdentityTransaction {
-
- /**
- * Commit this transaction, releasing any associated resources.
- * @throws KrbException
- */
- void commit() throws KrbException;
-
- /**
- * Give up this transaction, releasing any associated resources.
- * @throws KrbException
- */
- void rollback() throws KrbException;
-
- /**
- * Add an identity, and return the newly created result.
- * @param identity The identity
- * @return IdentityTransaction
- * @throws KrbException e
- */
- IdentityTransaction addIdentity(KrbIdentity identity) throws KrbException;
-
- /**
- * Update an identity, and return the updated result.
- * @param identity The identity
- * @return IdentityTransaction
- * @throws KrbException e
- */
- IdentityTransaction updateIdentity(KrbIdentity identity) throws KrbException;
-
- /**
- * Delete the identity specified by principal name
- * @param principalName The principal name
- * @return IdentityTransaction
- * @throws KrbException e
- */
- IdentityTransaction deleteIdentity(String principalName) throws KrbException;
-}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/217ac5e1/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/XTrans.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/XTrans.java b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/XTrans.java
new file mode 100644
index 0000000..b5dcb6b
--- /dev/null
+++ b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/XTrans.java
@@ -0,0 +1,65 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.identity;
+
+import org.apache.kerby.kerberos.kerb.KrbException;
+
+/**
+ * Batch operations support to create/update/delete principal accounts
+ * in a transaction.
+ */
+public interface XTrans {
+
+ /**
+ * Commit this transaction, releasing any associated resources.
+ * @throws KrbException
+ */
+ void commit() throws KrbException;
+
+ /**
+ * Give up this transaction, releasing any associated resources.
+ * @throws KrbException
+ */
+ void rollback() throws KrbException;
+
+ /**
+ * Add an identity, and return the newly created result.
+ * @param identity The identity
+ * @return XTrans
+ * @throws KrbException e
+ */
+ XTrans addIdentity(KrbIdentity identity) throws KrbException;
+
+ /**
+ * Update an identity, and return the updated result.
+ * @param identity The identity
+ * @return XTrans
+ * @throws KrbException e
+ */
+ XTrans updateIdentity(KrbIdentity identity) throws KrbException;
+
+ /**
+ * Delete the identity specified by principal name
+ * @param principalName The principal name
+ * @return XTrans
+ * @throws KrbException e
+ */
+ XTrans deleteIdentity(String principalName) throws KrbException;
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/217ac5e1/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/AbstractIdentityBackend.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/AbstractIdentityBackend.java b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/AbstractIdentityBackend.java
index a63e054..991fce0 100644
--- a/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/AbstractIdentityBackend.java
+++ b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/AbstractIdentityBackend.java
@@ -21,7 +21,7 @@ package org.apache.kerby.kerberos.kerb.identity.backend;
import org.apache.kerby.config.Configured;
import org.apache.kerby.kerberos.kerb.KrbException;
-import org.apache.kerby.kerberos.kerb.identity.IdentityTransaction;
+import org.apache.kerby.kerberos.kerb.identity.XTrans;
import org.apache.kerby.kerberos.kerb.identity.KrbIdentity;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -60,7 +60,7 @@ public abstract class AbstractIdentityBackend
* {@inheritDoc}
*/
@Override
- public boolean supportTransaction() {
+ public boolean supportXtrans() {
return false;
}
@@ -68,7 +68,7 @@ public abstract class AbstractIdentityBackend
* {@inheritDoc}
*/
@Override
- public IdentityTransaction startTransaction() throws KrbException {
+ public XTrans startXtrans() throws KrbException {
throw new KrbException("Transaction isn't supported");
}
[48/48] directory-kerby git commit: Merge remote-tracking branch
'asf/master' into pkinit-support
Posted by pl...@apache.org.
Merge remote-tracking branch 'asf/master' into pkinit-support
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/7500d4d6
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/7500d4d6
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/7500d4d6
Branch: refs/heads/pkinit-support
Commit: 7500d4d6f308e60772ff80850f0898be158990b1
Parents: 4327298 ed68699
Author: plusplusjiajia <ji...@intel.com>
Authored: Wed Nov 4 16:29:17 2015 +0800
Committer: plusplusjiajia <ji...@intel.com>
Committed: Wed Nov 4 16:29:17 2015 +0800
----------------------------------------------------------------------
benchmark/pom.xml | 8 +-
docs/kerby-checkstyle.xml | 3 +
kerby-backend/json-backend/pom.xml | 2 +-
.../identitybackend/JsonIdentityBackend.java | 214 +++++++++++-----
kerby-config/pom.xml | 6 +
kerby-dist/kdc-dist/pom.xml | 2 +-
.../kerberos/kdc/WithAccessTokenKdcTest.java | 118 ++++++++-
.../kerberos/kdc/WithIdentityTokenKdcTest.java | 115 ++++++++-
.../kerberos/kdc/WithTokenKdcTestBase.java | 69 ++++-
.../test/resources/oauth2.com_public_key.pem | 6 +
.../src/test/resources/private_key.pem | 16 ++
.../kerby/kerberos/kdc/KerbyKdcServer.java | 9 +-
.../test/jaas/TokenAuthLoginModule.java | 36 +++
.../integration/test/jaas/TokenJaasKrbUtil.java | 26 +-
.../integration/test/TokenLoginTestBase.java | 29 ++-
.../TokenLoginTestWithTokenPreauthDisabled.java | 48 ----
.../TokenLoginTestWithTokenPreauthEnabled.java | 43 ----
.../TokenLoginWithTokenPreauthDisabledTest.java | 48 ++++
.../TokenLoginWithTokenPreauthEnabledTest.java | 43 ++++
.../src/test/resources/private_key.pem | 16 ++
.../test/resources/token-service-public_key.pem | 6 +
.../kerby/kerberos/kerb/admin/Kadmin.java | 5 +-
.../kerby/kerberos/kerb/client/KrbClient.java | 2 +-
.../client/impl/AbstractInternalKrbClient.java | 19 +-
.../kerb/client/preauth/token/TokenPreauth.java | 2 +-
.../kerberos/kerb/common/PrivateKeyReader.java | 73 ++++++
.../kerberos/kerb/common/PublicKeyReader.java | 74 ++++++
.../kerberos/kerb/transport/KdcNetwork.java | 8 +-
.../kerberos/kerb/provider/TokenDecoder.java | 37 +++
.../kerberos/kerb/provider/TokenEncoder.java | 30 +++
.../kerby/kerberos/kerb/spec/base/KrbToken.java | 6 +-
.../kerberos/kerb/spec/base/PrincipalName.java | 3 +
.../kerb/spec/pa/token/PaTokenRequest.java | 4 +-
.../kerberos/kerb/identity/BatchTrans.java | 65 +++++
.../kerb/identity/CacheableIdentityService.java | 16 ++
.../kerberos/kerb/identity/IdentityService.java | 12 +
.../backend/AbstractIdentityBackend.java | 17 ++
.../identity/backend/MemoryIdentityBackend.java | 5 +-
.../src/main/resources/log4j.properties | 23 ++
.../kerby/kerberos/kerb/server/KdcConfig.java | 13 +
.../kerberos/kerb/server/KdcConfigKey.java | 5 +-
.../kerb/server/preauth/token/TokenPreauth.java | 96 ++++++-
.../kerberos/kerb/server/request/AsRequest.java | 2 +-
.../kerb/server/request/KdcRequest.java | 5 -
.../server/request/ServiceTickertIssuer.java | 59 -----
.../server/request/ServiceTicketIssuer.java | 59 +++++
.../kerb/server/request/TgsRequest.java | 2 +-
.../kerb/server/request/TgtTickertIssuer.java | 43 ----
.../kerb/server/request/TgtTicketIssuer.java | 43 ++++
.../kerb/server/request/TickertIssuer.java | 249 -------------------
.../kerb/server/request/TicketIssuer.java | 249 +++++++++++++++++++
kerby-provider/token-provider/pom.xml | 2 +-
.../provider/token/JwtTokenDecoder.java | 91 +++++--
.../provider/token/JwtTokenEncoder.java | 116 +++++++--
.../kerberos/provider/token/TokenTest.java | 113 ++++++++-
.../kerby/kerberos/tool/kinit/KinitTool.java | 15 +-
.../kerby/kerberos/tool/klist/KlistTool.java | 4 +-
.../kerby/kerberos/tool/kadmin/KadminTool.java | 9 +-
.../kerberos/tool/kdcinit/KdcInitTool.java | 12 +-
pom.xml | 27 +-
60 files changed, 1852 insertions(+), 626 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/7500d4d6/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/kinit/KinitTool.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/7500d4d6/pom.xml
----------------------------------------------------------------------
[11/48] directory-kerby git commit: DIRKRB-421. Define transaction
API for identity backend
Posted by pl...@apache.org.
DIRKRB-421. Define transaction API for identity backend
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/0aa0802b
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/0aa0802b
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/0aa0802b
Branch: refs/heads/pkinit-support
Commit: 0aa0802bd36f1359d3eef1317221201697bec821
Parents: 6e15b50
Author: Kai Zheng <ka...@intel.com>
Authored: Thu Sep 24 22:10:44 2015 +0800
Committer: Kai Zheng <ka...@intel.com>
Committed: Thu Sep 24 22:10:44 2015 +0800
----------------------------------------------------------------------
.../kerb/identity/CacheableIdentityService.java | 16 +++++
.../kerberos/kerb/identity/IdentityService.java | 12 ++++
.../kerb/identity/IdentityTransaction.java | 64 ++++++++++++++++++++
.../backend/AbstractIdentityBackend.java | 17 ++++++
4 files changed, 109 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0aa0802b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/CacheableIdentityService.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/CacheableIdentityService.java b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/CacheableIdentityService.java
index f53220c..5b9ec29 100644
--- a/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/CacheableIdentityService.java
+++ b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/CacheableIdentityService.java
@@ -50,6 +50,22 @@ public class CacheableIdentityService
init();
}
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public boolean supportTransaction() {
+ return false;
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public IdentityTransaction startTransaction() throws KrbException {
+ throw new KrbException("Transaction isn't supported");
+ }
+
private void init() {
Map<String, KrbIdentity> tmpMap =
new LinkedHashMap<String, KrbIdentity>(cacheSize) {
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0aa0802b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/IdentityService.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/IdentityService.java b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/IdentityService.java
index 3d2e7dd..73ff44b 100644
--- a/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/IdentityService.java
+++ b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/IdentityService.java
@@ -27,6 +27,18 @@ import org.apache.kerby.kerberos.kerb.KrbException;
public interface IdentityService {
/**
+ * Query to know if transaction is supported or not.
+ * @return true if supported, false otherwise
+ */
+ boolean supportTransaction();
+
+ /**
+ * Start a transaction.
+ * @return transaction
+ */
+ IdentityTransaction startTransaction() throws KrbException;
+
+ /**
* Get all of the identity principal names.
* Note it's ordered by principal name.
* @return principal names
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0aa0802b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/IdentityTransaction.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/IdentityTransaction.java b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/IdentityTransaction.java
new file mode 100644
index 0000000..d86876b
--- /dev/null
+++ b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/IdentityTransaction.java
@@ -0,0 +1,64 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.identity;
+
+import org.apache.kerby.kerberos.kerb.KrbException;
+
+/**
+ * Identity transaction for KDC backend to create/update/delete principal accounts.
+ */
+public interface IdentityTransaction {
+
+ /**
+ * Commit this transaction, releasing any associated resources.
+ * @throws KrbException
+ */
+ void commit() throws KrbException;
+
+ /**
+ * Give up this transaction, releasing any associated resources.
+ * @throws KrbException
+ */
+ void rollback() throws KrbException;
+
+ /**
+ * Add an identity, and return the newly created result.
+ * @param identity The identity
+ * @return IdentityTransaction
+ * @throws KrbException e
+ */
+ IdentityTransaction addIdentity(KrbIdentity identity) throws KrbException;
+
+ /**
+ * Update an identity, and return the updated result.
+ * @param identity The identity
+ * @return IdentityTransaction
+ * @throws KrbException e
+ */
+ IdentityTransaction updateIdentity(KrbIdentity identity) throws KrbException;
+
+ /**
+ * Delete the identity specified by principal name
+ * @param principalName The principal name
+ * @return IdentityTransaction
+ * @throws KrbException e
+ */
+ IdentityTransaction deleteIdentity(String principalName) throws KrbException;
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0aa0802b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/AbstractIdentityBackend.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/AbstractIdentityBackend.java b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/AbstractIdentityBackend.java
index 774ee6d..a63e054 100644
--- a/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/AbstractIdentityBackend.java
+++ b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/AbstractIdentityBackend.java
@@ -21,6 +21,7 @@ package org.apache.kerby.kerberos.kerb.identity.backend;
import org.apache.kerby.config.Configured;
import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.identity.IdentityTransaction;
import org.apache.kerby.kerberos.kerb.identity.KrbIdentity;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -56,6 +57,22 @@ public abstract class AbstractIdentityBackend
}
/**
+ * {@inheritDoc}
+ */
+ @Override
+ public boolean supportTransaction() {
+ return false;
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public IdentityTransaction startTransaction() throws KrbException {
+ throw new KrbException("Transaction isn't supported");
+ }
+
+ /**
* Perform the real initialization work for the backend.
* @throws KrbException e
*/
[40/48] directory-kerby git commit: DIRKRB-435 JWT Audience
restriction validation is not working. Add check Access Token Audience.
Posted by pl...@apache.org.
DIRKRB-435 JWT Audience restriction validation is not working. Add check Access Token Audience.
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/0365e57c
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/0365e57c
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/0365e57c
Branch: refs/heads/pkinit-support
Commit: 0365e57cdacc7d2439504ec5e4af22575568485a
Parents: 23eee00
Author: plusplus_jiajia <ji...@intel.com>
Authored: Tue Oct 27 13:32:34 2015 +0800
Committer: plusplus_jiajia <ji...@intel.com>
Committed: Tue Oct 27 13:32:34 2015 +0800
----------------------------------------------------------------------
.../kerberos/kdc/WithAccessTokenKdcTest.java | 14 +++---
.../kerberos/kdc/WithIdentityTokenKdcTest.java | 53 ++++++++++----------
.../kerberos/kdc/WithTokenKdcTestBase.java | 10 ++--
.../integration/test/TokenLoginTestBase.java | 4 +-
.../kerb/server/preauth/token/TokenPreauth.java | 14 +++---
5 files changed, 47 insertions(+), 48 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0365e57c/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithAccessTokenKdcTest.java
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithAccessTokenKdcTest.java b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithAccessTokenKdcTest.java
index 3a2d4ff..8686190 100644
--- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithAccessTokenKdcTest.java
+++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithAccessTokenKdcTest.java
@@ -40,12 +40,12 @@ public class WithAccessTokenKdcTest extends WithTokenKdcTestBase {
prepareToken(getServerPrincipal());
performTest();
}
-
+
@Test
public void testBadIssuer() throws Exception {
InputStream is = WithTokenKdcTestBase.class.getResourceAsStream("/private_key.pem");
PrivateKey privateKey = PrivateKeyReader.loadPrivateKey(is);
- prepareToken(getServerPrincipal(), "oauth1.com", AUDIENCE, privateKey, null);
+ prepareToken(getServerPrincipal(), "oauth1.com", privateKey, null);
try {
performTest();
@@ -61,7 +61,7 @@ public class WithAccessTokenKdcTest extends WithTokenKdcTestBase {
InputStream is = WithTokenKdcTestBase.class.getResourceAsStream("/private_key.pem");
PrivateKey privateKey = PrivateKeyReader.loadPrivateKey(is);
prepareToken("bad-service" + "/" + getHostname() + "@" + TestKdcServer.KDC_REALM,
- ISSUER, AUDIENCE, privateKey, null);
+ ISSUER, privateKey, null);
try {
performTest();
@@ -74,7 +74,7 @@ public class WithAccessTokenKdcTest extends WithTokenKdcTestBase {
@Test
public void testUnsignedToken() throws Exception {
- prepareToken(getServerPrincipal(), ISSUER, AUDIENCE, null, null);
+ prepareToken(getServerPrincipal(), ISSUER, null, null);
try {
performTest();
@@ -89,7 +89,7 @@ public class WithAccessTokenKdcTest extends WithTokenKdcTestBase {
public void testSignedTokenWithABadKey() throws Exception {
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
KeyPair keyPair = keyGen.generateKeyPair();
- prepareToken(getServerPrincipal(), ISSUER, AUDIENCE, keyPair.getPrivate(), null);
+ prepareToken(getServerPrincipal(), ISSUER, keyPair.getPrivate(), null);
try {
performTest();
@@ -108,7 +108,7 @@ public class WithAccessTokenKdcTest extends WithTokenKdcTestBase {
is = WithTokenKdcTestBase.class.getResourceAsStream("/oauth2.com_public_key.pem");
PublicKey publicKey = PublicKeyReader.loadPublicKey(is);
- prepareToken(getServerPrincipal(), ISSUER, AUDIENCE, privateKey, publicKey);
+ prepareToken(getServerPrincipal(), ISSUER, privateKey, publicKey);
performTest();
}
@@ -121,7 +121,7 @@ public class WithAccessTokenKdcTest extends WithTokenKdcTestBase {
InputStream is = WithTokenKdcTestBase.class.getResourceAsStream("/oauth2.com_public_key.pem");
PublicKey publicKey = PublicKeyReader.loadPublicKey(is);
- prepareToken(getServerPrincipal(), ISSUER, AUDIENCE, keyPair.getPrivate(), publicKey);
+ prepareToken(getServerPrincipal(), ISSUER, keyPair.getPrivate(), publicKey);
try {
performTest();
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0365e57c/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithIdentityTokenKdcTest.java
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithIdentityTokenKdcTest.java b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithIdentityTokenKdcTest.java
index 3c0895f..052cb0d 100644
--- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithIdentityTokenKdcTest.java
+++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithIdentityTokenKdcTest.java
@@ -22,6 +22,7 @@ package org.apache.kerby.kerberos.kdc;
import org.apache.kerby.kerberos.kerb.KrbException;
import org.apache.kerby.kerberos.kerb.common.PrivateKeyReader;
import org.apache.kerby.kerberos.kerb.common.PublicKeyReader;
+import org.apache.kerby.kerberos.kerb.server.TestKdcServer;
import org.apache.kerby.kerberos.kerb.spec.ticket.ServiceTicket;
import org.apache.kerby.kerberos.kerb.spec.ticket.TgtTicket;
import org.junit.Assert;
@@ -37,17 +38,16 @@ public class WithIdentityTokenKdcTest extends WithTokenKdcTestBase {
@Test
public void testKdc() throws Exception {
-
- prepareToken(null);
+ prepareToken(getAudience("krbtgt"));
performTest();
}
-
+
@Test
public void testBadIssuer() throws Exception {
InputStream is = WithTokenKdcTestBase.class.getResourceAsStream("/private_key.pem");
PrivateKey privateKey = PrivateKeyReader.loadPrivateKey(is);
- prepareToken(null, "oauth1.com", AUDIENCE, privateKey, null);
-
+ prepareToken(getAudience("krbtgt"), "oauth1.com", privateKey, null);
+
try {
performTest();
Assert.fail("Failure expected on a bad issuer value");
@@ -56,15 +56,13 @@ public class WithIdentityTokenKdcTest extends WithTokenKdcTestBase {
Assert.assertTrue(ex instanceof KrbException);
}
}
-
- // TODO - not failing yet.
+
@Test
- @org.junit.Ignore
public void testBadAudienceRestriction() throws Exception {
InputStream is = WithTokenKdcTestBase.class.getResourceAsStream("/private_key.pem");
PrivateKey privateKey = PrivateKeyReader.loadPrivateKey(is);
- prepareToken(null, ISSUER, "krbtgt2@EXAMPLE.COM", privateKey, null);
-
+ prepareToken("krbtgt2@EXAMPLE.COM", ISSUER, privateKey, null);
+
try {
performTest();
Assert.fail("Failure expected on a bad audience restriction value");
@@ -76,8 +74,7 @@ public class WithIdentityTokenKdcTest extends WithTokenKdcTestBase {
@Test
public void testUnsignedToken() throws Exception {
- prepareToken(null, ISSUER, "krbtgt2@EXAMPLE.COM", null, null);
-
+ prepareToken(getAudience("krbtgt2"), ISSUER, null, null);
try {
performTest();
Assert.fail("Failure expected on an unsigned token");
@@ -86,13 +83,13 @@ public class WithIdentityTokenKdcTest extends WithTokenKdcTestBase {
Assert.assertTrue(ex instanceof KrbException);
}
}
-
+
@Test
public void testSignedTokenWithABadKey() throws Exception {
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
KeyPair keyPair = keyGen.generateKeyPair();
- prepareToken(null, ISSUER, AUDIENCE, keyPair.getPrivate(), null);
-
+ prepareToken(getAudience("krbtgt"), ISSUER, keyPair.getPrivate(), null);
+
try {
performTest();
Assert.fail("Failure expected on a bad key");
@@ -101,30 +98,30 @@ public class WithIdentityTokenKdcTest extends WithTokenKdcTestBase {
Assert.assertTrue(ex instanceof KrbException);
}
}
-
+
@Test
public void testSignedEncryptedToken() throws Exception {
InputStream is = WithTokenKdcTestBase.class.getResourceAsStream("/private_key.pem");
PrivateKey privateKey = PrivateKeyReader.loadPrivateKey(is);
-
+
is = WithTokenKdcTestBase.class.getResourceAsStream("/oauth2.com_public_key.pem");
PublicKey publicKey = PublicKeyReader.loadPublicKey(is);
-
- prepareToken(null, ISSUER, AUDIENCE, privateKey, publicKey);
-
+
+ prepareToken(getAudience("krbtgt"), ISSUER, privateKey, publicKey);
+
performTest();
}
-
+
@Test
public void testSignedEncryptedTokenBadSigningKey() throws Exception {
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
KeyPair keyPair = keyGen.generateKeyPair();
-
+
InputStream is = WithTokenKdcTestBase.class.getResourceAsStream("/oauth2.com_public_key.pem");
PublicKey publicKey = PublicKeyReader.loadPublicKey(is);
-
- prepareToken(null, ISSUER, AUDIENCE, keyPair.getPrivate(), publicKey);
-
+
+ prepareToken(getAudience("krbtgt"), ISSUER, keyPair.getPrivate(), publicKey);
+
try {
performTest();
Assert.fail("Failure expected on a bad key");
@@ -133,7 +130,7 @@ public class WithIdentityTokenKdcTest extends WithTokenKdcTestBase {
Assert.assertTrue(ex instanceof KrbException);
}
}
-
+
private void performTest() throws Exception {
createCredentialCache(getClientPrincipal(), getClientPassword());
@@ -154,4 +151,8 @@ public class WithIdentityTokenKdcTest extends WithTokenKdcTestBase {
getServerPrincipal());
verifyTicket(tkt);
}
+
+ private String getAudience(String name) {
+ return name + "/" + TestKdcServer.KDC_REALM + "@" + TestKdcServer.KDC_REALM;
+ }
}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0365e57c/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithTokenKdcTestBase.java
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithTokenKdcTestBase.java b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithTokenKdcTestBase.java
index 0b94be5..e90e8c5 100644
--- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithTokenKdcTestBase.java
+++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithTokenKdcTestBase.java
@@ -50,7 +50,6 @@ import static org.assertj.core.api.Assertions.assertThat;
public class WithTokenKdcTestBase extends KdcTestBase {
static final String SUBJECT = "test-sub";
- static final String AUDIENCE = "krbtgt@EXAMPLE.COM";
static final String ISSUER = "oauth2.com";
static final String GROUP = "sales-group";
static final String ROLE = "ADMIN";
@@ -82,7 +81,7 @@ public class WithTokenKdcTestBase extends KdcTestBase {
return cCacheFile;
}
- protected AuthToken prepareToken(String servicePrincipal) {
+ protected AuthToken prepareToken(String audience) {
InputStream is = WithTokenKdcTestBase.class.getResourceAsStream("/private_key.pem");
PrivateKey privateKey = null;
try {
@@ -91,10 +90,10 @@ public class WithTokenKdcTestBase extends KdcTestBase {
e.printStackTrace();
}
- return prepareToken(servicePrincipal, ISSUER, AUDIENCE, privateKey, null);
+ return prepareToken(audience, ISSUER, privateKey, null);
}
- protected AuthToken prepareToken(String servicePrincipal, String issuer, String audience,
+ protected AuthToken prepareToken(String audience, String issuer,
PrivateKey signingKey, PublicKey encryptionKey) {
AuthToken authToken = KrbRuntime.getTokenProvider().createTokenFactory().createToken();
authToken.setIssuer(issuer);
@@ -104,9 +103,6 @@ public class WithTokenKdcTestBase extends KdcTestBase {
authToken.addAttribute("role", ROLE);
List<String> aud = new ArrayList<String>();
- if (servicePrincipal != null) {
- aud.add(servicePrincipal);
- }
aud.add(audience);
authToken.setAudiences(aud);
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0365e57c/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginTestBase.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginTestBase.java b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginTestBase.java
index 16ff65f..4fcc54d 100644
--- a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginTestBase.java
+++ b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginTestBase.java
@@ -20,11 +20,13 @@
package org.apache.kerby.kerberos.kerb.integration.test;
import org.apache.kerby.kerberos.kerb.KrbRuntime;
+import org.apache.kerby.kerberos.kerb.common.KrbUtil;
import org.apache.kerby.kerberos.kerb.integration.test.jaas.TokenCache;
import org.apache.kerby.kerberos.kerb.integration.test.jaas.TokenJaasKrbUtil;
import org.apache.kerby.kerberos.kerb.provider.TokenEncoder;
import org.apache.kerby.kerberos.kerb.server.KdcConfigKey;
import org.apache.kerby.kerberos.kerb.server.LoginTestBase;
+import org.apache.kerby.kerberos.kerb.server.TestKdcServer;
import org.apache.kerby.kerberos.kerb.spec.base.AuthToken;
import org.apache.kerby.kerberos.kerb.spec.ticket.TgtTicket;
import org.apache.kerby.kerberos.provider.token.JwtTokenProvider;
@@ -108,7 +110,7 @@ public class TokenLoginTestBase extends LoginTestBase {
authToken.addAttribute("role", ROLE);
List<String> aud = new ArrayList<String>();
- aud.add("krb5kdc-with-token-extension");
+ aud.add(KrbUtil.makeTgsPrincipal(TestKdcServer.KDC_REALM).getName());
authToken.setAudiences(aud);
// Set expiration in 60 minutes
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0365e57c/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java
index a2c57d6..7316070 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java
@@ -99,19 +99,19 @@ public class TokenPreauth extends AbstractPreauthPlugin {
throw new KrbException("Token Decoding failed");
}
+ List<String> audiences = authToken.getAudiences();
+ PrincipalName serverPrincipal = kdcRequest.getKdcReq().getReqBody().getSname();
+ serverPrincipal.setRealm(kdcRequest.getKdcReq().getReqBody().getRealm());
+ kdcRequest.setServerPrincipal(serverPrincipal);
+ if (!audiences.contains(serverPrincipal.getName())) {
+ throw new KrbException("Token audience not match with the target server principal!");
+ }
if (kdcRequest instanceof AsRequest) {
AsRequest asRequest = (AsRequest) kdcRequest;
asRequest.setToken(authToken);
} else if (kdcRequest instanceof TgsRequest) {
TgsRequest tgsRequest = (TgsRequest) kdcRequest;
tgsRequest.setToken(authToken);
- List<String> audiences = authToken.getAudiences();
- PrincipalName serverPrincipal = kdcRequest.getKdcReq().getReqBody().getSname();
- serverPrincipal.setRealm(kdcRequest.getKdcReq().getReqBody().getRealm());
- kdcRequest.setServerPrincipal(serverPrincipal);
- if (!audiences.contains(serverPrincipal.getName())) {
- throw new KrbException("Token audience not match with the target server principal!");
- }
}
return true;
} else {
[43/48] directory-kerby git commit: Revert "DIRKRB-437 Update the
assertj version to 3.2.0."
Posted by pl...@apache.org.
Revert "DIRKRB-437 Update the assertj version to 3.2.0."
This reverts commit 9ce2a555ead13d336ee2d719bc0bedd8557089c7.
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/487043ce
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/487043ce
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/487043ce
Branch: refs/heads/pkinit-support
Commit: 487043cec2020946fa151e6361509954f3cf3ce2
Parents: 9ce2a55
Author: plusplusjiajia <ji...@intel.com>
Authored: Wed Oct 28 13:41:21 2015 +0800
Committer: plusplusjiajia <ji...@intel.com>
Committed: Wed Oct 28 13:41:21 2015 +0800
----------------------------------------------------------------------
pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/487043ce/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index 4118be2..96ea773 100644
--- a/pom.xml
+++ b/pom.xml
@@ -54,7 +54,7 @@
<junit.version>4.12</junit.version>
<nimbus.jose.version>3.10</nimbus.jose.version>
<slf4j.version>1.7.12</slf4j.version>
- <assertj.version>3.2.0</assertj.version>
+ <assertj.version>2.2.0</assertj.version>
<findbugs.version>3.0.1</findbugs.version>
<checkstyle.dir>${basedir}/docs</checkstyle.dir>
<skipTests>false</skipTests>
[39/48] directory-kerby git commit: Updating some dependencies
Posted by pl...@apache.org.
Updating some dependencies
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/8ad5f32e
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/8ad5f32e
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/8ad5f32e
Branch: refs/heads/pkinit-support
Commit: 8ad5f32e0c74a74a64efb668aa17100c26c776b2
Parents: 23eee00
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Mon Oct 26 10:41:42 2015 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Mon Oct 26 10:41:42 2015 +0000
----------------------------------------------------------------------
benchmark/pom.xml | 6 +++---
kerby-backend/json-backend/pom.xml | 2 +-
kerby-dist/kdc-dist/pom.xml | 2 +-
kerby-provider/token-provider/pom.xml | 2 +-
pom.xml | 4 +++-
5 files changed, 9 insertions(+), 7 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/8ad5f32e/benchmark/pom.xml
----------------------------------------------------------------------
diff --git a/benchmark/pom.xml b/benchmark/pom.xml
index ec7561a..3d5dbf9 100644
--- a/benchmark/pom.xml
+++ b/benchmark/pom.xml
@@ -31,11 +31,11 @@
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
- <jmh.version>1.10.3</jmh.version>
+ <jmh.version>1.11.1</jmh.version>
<javac.target>1.6</javac.target>
<uberjar.name>benchmarks</uberjar.name>
<apache.ds.version>2.0.0-M20</apache.ds.version>
- <apache.ds.api.version>1.0.0-M28</apache.ds.api.version>
+ <apache.ds.api.version>1.0.0-M32</apache.ds.api.version>
</properties>
<dependencies>
@@ -186,7 +186,7 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-shade-plugin</artifactId>
- <version>2.2</version>
+ <version>2.4</version>
<executions>
<execution>
<phase>package</phase>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/8ad5f32e/kerby-backend/json-backend/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-backend/json-backend/pom.xml b/kerby-backend/json-backend/pom.xml
index f1f6e1f..d7bde70 100644
--- a/kerby-backend/json-backend/pom.xml
+++ b/kerby-backend/json-backend/pom.xml
@@ -46,7 +46,7 @@
<dependency>
<groupId>com.google.code.gson</groupId>
<artifactId>gson</artifactId>
- <version>2.3.1</version>
+ <version>${gson.version}</version>
</dependency>
</dependencies>
</project>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/8ad5f32e/kerby-dist/kdc-dist/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-dist/kdc-dist/pom.xml b/kerby-dist/kdc-dist/pom.xml
index b464e43..375e605 100644
--- a/kerby-dist/kdc-dist/pom.xml
+++ b/kerby-dist/kdc-dist/pom.xml
@@ -112,7 +112,7 @@
<dependency>
<groupId>com.google.code.gson</groupId>
<artifactId>gson</artifactId>
- <version>2.3.1</version>
+ <version>${gson.version}</version>
</dependency>
<!-- For common and misc -->
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/8ad5f32e/kerby-provider/token-provider/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-provider/token-provider/pom.xml b/kerby-provider/token-provider/pom.xml
index 74729c6..1603985 100644
--- a/kerby-provider/token-provider/pom.xml
+++ b/kerby-provider/token-provider/pom.xml
@@ -33,7 +33,7 @@
<dependency>
<groupId>com.nimbusds</groupId>
<artifactId>nimbus-jose-jwt</artifactId>
- <version>3.10</version>
+ <version>${nimbus.jose.version}</version>
</dependency>
</dependencies>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/8ad5f32e/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index 43b35ff..96ea773 100644
--- a/pom.xml
+++ b/pom.xml
@@ -48,11 +48,13 @@
<properties>
<apacheds.version>2.0.0-M20</apacheds.version>
+ <gson.version>2.4</gson.version>
<ldap.api.version>1.0.0-M31</ldap.api.version>
<log4j.version>1.2.17</log4j.version>
<junit.version>4.12</junit.version>
+ <nimbus.jose.version>3.10</nimbus.jose.version>
<slf4j.version>1.7.12</slf4j.version>
- <assertj.version>1.7.1</assertj.version>
+ <assertj.version>2.2.0</assertj.version>
<findbugs.version>3.0.1</findbugs.version>
<checkstyle.dir>${basedir}/docs</checkstyle.dir>
<skipTests>false</skipTests>
[28/48] directory-kerby git commit: DIRKRB-433 Load the private key
and public key from file.
Posted by pl...@apache.org.
DIRKRB-433 Load the private key and public key from file.
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/91f6e716
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/91f6e716
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/91f6e716
Branch: refs/heads/pkinit-support
Commit: 91f6e716c43f4df1c8cafe637ae5340ace47bb8c
Parents: a180614
Author: plusplusjiajia <ji...@intel.com>
Authored: Tue Oct 13 16:23:40 2015 +0800
Committer: plusplusjiajia <ji...@intel.com>
Committed: Tue Oct 13 16:23:40 2015 +0800
----------------------------------------------------------------------
.../kerberos/kerb/common/PrivateKeyReader.java | 73 +++++++++++++++++++
.../kerberos/kerb/common/PublicKeyReader.java | 74 ++++++++++++++++++++
2 files changed, 147 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/91f6e716/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/PrivateKeyReader.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/PrivateKeyReader.java b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/PrivateKeyReader.java
new file mode 100644
index 0000000..98d1f9d
--- /dev/null
+++ b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/PrivateKeyReader.java
@@ -0,0 +1,73 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.common;
+
+import org.apache.kerby.util.Base64;
+
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.security.KeyFactory;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.PKCS8EncodedKeySpec;
+
+public class PrivateKeyReader {
+
+ public static PrivateKey loadPrivateKey(InputStream in) throws Exception {
+ try {
+ BufferedReader br = new BufferedReader(new InputStreamReader(in));
+ String readLine = null;
+ StringBuilder sb = new StringBuilder();
+ while ((readLine = br.readLine()) != null) {
+ if (readLine.charAt(0) == '-') {
+ continue;
+ } else {
+ sb.append(readLine);
+ sb.append('\r');
+ }
+ }
+ return loadPrivateKey(sb.toString());
+ } catch (IOException e) {
+ throw e;
+ } catch (NullPointerException e) {
+ throw e;
+ }
+ }
+
+ public static PrivateKey loadPrivateKey(String privateKeyStr) throws Exception {
+ try {
+ Base64 base64 = new Base64();
+ byte[] buffer = base64.decode(privateKeyStr);
+ PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(buffer);
+ KeyFactory keyFactory = KeyFactory.getInstance("RSA");
+ return keyFactory.generatePrivate(keySpec);
+ } catch (NoSuchAlgorithmException e) {
+ throw e;
+ } catch (InvalidKeySpecException e) {
+ throw e;
+ } catch (NullPointerException e) {
+ throw e;
+ }
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/91f6e716/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/PublicKeyReader.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/PublicKeyReader.java b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/PublicKeyReader.java
new file mode 100644
index 0000000..ed54746
--- /dev/null
+++ b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/PublicKeyReader.java
@@ -0,0 +1,74 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.common;
+
+import org.apache.kerby.util.Base64;
+
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.security.KeyFactory;
+import java.security.NoSuchAlgorithmException;
+import java.security.PublicKey;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.X509EncodedKeySpec;
+
+public class PublicKeyReader {
+
+ public static PublicKey loadPublicKey(InputStream in) throws Exception {
+ try {
+ BufferedReader br = new BufferedReader(new InputStreamReader(in));
+ String readLine = null;
+ StringBuilder sb = new StringBuilder();
+ while ((readLine = br.readLine()) != null) {
+ if (readLine.charAt(0) == '-') {
+ continue;
+ } else {
+ sb.append(readLine);
+ sb.append('\r');
+ }
+ }
+ return loadPublicKey(sb.toString());
+ } catch (IOException e) {
+ throw e;
+ } catch (NullPointerException e) {
+ throw e;
+ }
+ }
+
+
+ public static PublicKey loadPublicKey(String publicKeyStr) throws Exception {
+ try {
+ Base64 base64 = new Base64();
+ byte[] buffer = base64.decode(publicKeyStr);
+ KeyFactory keyFactory = KeyFactory.getInstance("RSA");
+ X509EncodedKeySpec keySpec = new X509EncodedKeySpec(buffer);
+ return keyFactory.generatePublic(keySpec);
+ } catch (NoSuchAlgorithmException e) {
+ throw e;
+ } catch (InvalidKeySpecException e) {
+ throw e;
+ } catch (NullPointerException e) {
+ throw e;
+ }
+ }
+
+}
[08/48] directory-kerby git commit: Merge branch 'master'
Posted by pl...@apache.org.
Merge branch 'master'
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/6e15b50b
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/6e15b50b
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/6e15b50b
Branch: refs/heads/pkinit-support
Commit: 6e15b50b43f97db8fec1a48fb99db75ebc6c5bed
Parents: 49a8529 03e65e7
Author: Kiran Ayyagari <ka...@apache.org>
Authored: Wed Sep 16 20:04:05 2015 +0800
Committer: Kiran Ayyagari <ka...@apache.org>
Committed: Wed Sep 16 20:04:05 2015 +0800
----------------------------------------------------------------------
pom.xml | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/6e15b50b/pom.xml
----------------------------------------------------------------------
[23/48] directory-kerby git commit: Renaming
Posted by pl...@apache.org.
Renaming
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/93485f4c
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/93485f4c
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/93485f4c
Branch: refs/heads/pkinit-support
Commit: 93485f4c14e930958de8838cb92a7e10d989db03
Parents: 657a5b5
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Sep 30 12:33:05 2015 +0200
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Sep 30 14:54:31 2015 +0200
----------------------------------------------------------------------
.../kerberos/kerb/server/request/AsRequest.java | 2 +-
.../server/request/ServiceTickertIssuer.java | 59 -----
.../server/request/ServiceTicketIssuer.java | 59 +++++
.../kerb/server/request/TgsRequest.java | 2 +-
.../kerb/server/request/TgtTickertIssuer.java | 43 ----
.../kerb/server/request/TgtTicketIssuer.java | 43 ++++
.../kerb/server/request/TickertIssuer.java | 249 -------------------
.../kerb/server/request/TicketIssuer.java | 249 +++++++++++++++++++
8 files changed, 353 insertions(+), 353 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/93485f4c/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/AsRequest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/AsRequest.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/AsRequest.java
index 688fed5..2765673 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/AsRequest.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/AsRequest.java
@@ -102,7 +102,7 @@ public class AsRequest extends KdcRequest {
*/
@Override
protected void issueTicket() throws KrbException {
- TickertIssuer issuer = new TgtTickertIssuer(this);
+ TicketIssuer issuer = new TgtTicketIssuer(this);
Ticket newTicket = issuer.issueTicket();
setTicket(newTicket);
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/93485f4c/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/ServiceTickertIssuer.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/ServiceTickertIssuer.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/ServiceTickertIssuer.java
deleted file mode 100644
index 8510b40..0000000
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/ServiceTickertIssuer.java
+++ /dev/null
@@ -1,59 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerby.kerberos.kerb.server.request;
-
-import org.apache.kerby.kerberos.kerb.spec.base.AuthToken;
-import org.apache.kerby.kerberos.kerb.spec.base.PrincipalName;
-import org.apache.kerby.kerberos.kerb.spec.base.TransitedEncoding;
-import org.apache.kerby.kerberos.kerb.spec.ticket.Ticket;
-
-/**
- * Issuing service ticket.
- */
-public class ServiceTickertIssuer extends TickertIssuer {
- private final Ticket tgtTicket;
- private final AuthToken token;
-
- public ServiceTickertIssuer(TgsRequest kdcRequest) {
- super(kdcRequest);
- tgtTicket = kdcRequest.getTgtTicket();
- token = kdcRequest.getToken();
- }
-
- protected KdcRequest getTgsRequest() {
- return getKdcRequest();
- }
-
- @Override
- protected PrincipalName getclientPrincipal() {
- if (token != null) {
- return new PrincipalName(token.getSubject());
- }
- return tgtTicket.getEncPart().getCname();
- }
-
- @Override
- protected TransitedEncoding getTransitedEncoding() {
- if (token != null) {
- return super.getTransitedEncoding();
- }
- return tgtTicket.getEncPart().getTransited();
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/93485f4c/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/ServiceTicketIssuer.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/ServiceTicketIssuer.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/ServiceTicketIssuer.java
new file mode 100644
index 0000000..9ab7c65
--- /dev/null
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/ServiceTicketIssuer.java
@@ -0,0 +1,59 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.server.request;
+
+import org.apache.kerby.kerberos.kerb.spec.base.AuthToken;
+import org.apache.kerby.kerberos.kerb.spec.base.PrincipalName;
+import org.apache.kerby.kerberos.kerb.spec.base.TransitedEncoding;
+import org.apache.kerby.kerberos.kerb.spec.ticket.Ticket;
+
+/**
+ * Issuing service ticket.
+ */
+public class ServiceTicketIssuer extends TicketIssuer {
+ private final Ticket tgtTicket;
+ private final AuthToken token;
+
+ public ServiceTicketIssuer(TgsRequest kdcRequest) {
+ super(kdcRequest);
+ tgtTicket = kdcRequest.getTgtTicket();
+ token = kdcRequest.getToken();
+ }
+
+ protected KdcRequest getTgsRequest() {
+ return getKdcRequest();
+ }
+
+ @Override
+ protected PrincipalName getclientPrincipal() {
+ if (token != null) {
+ return new PrincipalName(token.getSubject());
+ }
+ return tgtTicket.getEncPart().getCname();
+ }
+
+ @Override
+ protected TransitedEncoding getTransitedEncoding() {
+ if (token != null) {
+ return super.getTransitedEncoding();
+ }
+ return tgtTicket.getEncPart().getTransited();
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/93485f4c/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/TgsRequest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/TgsRequest.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/TgsRequest.java
index 4d6d50c..5d80c03 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/TgsRequest.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/TgsRequest.java
@@ -107,7 +107,7 @@ public class TgsRequest extends KdcRequest {
*/
@Override
protected void issueTicket() throws KrbException {
- TickertIssuer issuer = new ServiceTickertIssuer(this);
+ TicketIssuer issuer = new ServiceTicketIssuer(this);
Ticket newTicket = issuer.issueTicket();
setTicket(newTicket);
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/93485f4c/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/TgtTickertIssuer.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/TgtTickertIssuer.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/TgtTickertIssuer.java
deleted file mode 100644
index 4003f95..0000000
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/TgtTickertIssuer.java
+++ /dev/null
@@ -1,43 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerby.kerberos.kerb.server.request;
-
-import org.apache.kerby.kerberos.kerb.spec.base.TransitedEncoding;
-import org.apache.kerby.kerberos.kerb.spec.base.TransitedEncodingType;
-
-/**
- * Issuing TGT ticket.
- */
-public class TgtTickertIssuer extends TickertIssuer {
-
- public TgtTickertIssuer(AsRequest kdcRequest) {
- super(kdcRequest);
- }
-
- @Override
- protected TransitedEncoding getTransitedEncoding() {
- TransitedEncoding transEnc = new TransitedEncoding();
- transEnc.setTrType(TransitedEncodingType.DOMAIN_X500_COMPRESS);
- byte[] empty = new byte[0];
- transEnc.setContents(empty);
-
- return transEnc;
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/93485f4c/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/TgtTicketIssuer.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/TgtTicketIssuer.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/TgtTicketIssuer.java
new file mode 100644
index 0000000..91d2e46
--- /dev/null
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/TgtTicketIssuer.java
@@ -0,0 +1,43 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.server.request;
+
+import org.apache.kerby.kerberos.kerb.spec.base.TransitedEncoding;
+import org.apache.kerby.kerberos.kerb.spec.base.TransitedEncodingType;
+
+/**
+ * Issuing TGT ticket.
+ */
+public class TgtTicketIssuer extends TicketIssuer {
+
+ public TgtTicketIssuer(AsRequest kdcRequest) {
+ super(kdcRequest);
+ }
+
+ @Override
+ protected TransitedEncoding getTransitedEncoding() {
+ TransitedEncoding transEnc = new TransitedEncoding();
+ transEnc.setTrType(TransitedEncodingType.DOMAIN_X500_COMPRESS);
+ byte[] empty = new byte[0];
+ transEnc.setContents(empty);
+
+ return transEnc;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/93485f4c/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/TickertIssuer.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/TickertIssuer.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/TickertIssuer.java
deleted file mode 100644
index 37403d7..0000000
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/TickertIssuer.java
+++ /dev/null
@@ -1,249 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerby.kerberos.kerb.server.request;
-
-import org.apache.kerby.kerberos.kerb.KrbErrorCode;
-import org.apache.kerby.kerberos.kerb.KrbException;
-import org.apache.kerby.kerberos.kerb.common.EncryptionUtil;
-import org.apache.kerby.kerberos.kerb.crypto.EncryptionHandler;
-import org.apache.kerby.kerberos.kerb.server.KdcConfig;
-import org.apache.kerby.kerberos.kerb.server.KdcContext;
-import org.apache.kerby.kerberos.kerb.spec.KerberosTime;
-import org.apache.kerby.kerberos.kerb.spec.base.EncryptedData;
-import org.apache.kerby.kerberos.kerb.spec.base.EncryptionKey;
-import org.apache.kerby.kerberos.kerb.spec.base.EncryptionType;
-import org.apache.kerby.kerberos.kerb.spec.base.HostAddresses;
-import org.apache.kerby.kerberos.kerb.spec.base.KeyUsage;
-import org.apache.kerby.kerberos.kerb.spec.base.PrincipalName;
-import org.apache.kerby.kerberos.kerb.spec.base.TransitedEncoding;
-import org.apache.kerby.kerberos.kerb.spec.base.TransitedEncodingType;
-import org.apache.kerby.kerberos.kerb.spec.kdc.KdcOption;
-import org.apache.kerby.kerberos.kerb.spec.kdc.KdcOptions;
-import org.apache.kerby.kerberos.kerb.spec.kdc.KdcReq;
-import org.apache.kerby.kerberos.kerb.spec.ticket.EncTicketPart;
-import org.apache.kerby.kerberos.kerb.spec.ticket.Ticket;
-import org.apache.kerby.kerberos.kerb.spec.ticket.TicketFlag;
-import org.apache.kerby.kerberos.kerb.spec.ticket.TicketFlags;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- * Handling ticket constructing, filling, and issuing.
- */
-public abstract class TickertIssuer {
- private static final Logger LOG = LoggerFactory.getLogger(TickertIssuer.class);
- private final KdcRequest kdcRequest;
-
- public TickertIssuer(KdcRequest kdcRequest) {
- this.kdcRequest = kdcRequest;
- }
-
- protected KdcRequest getKdcRequest() {
- return kdcRequest;
- }
-
- public Ticket issueTicket() throws KrbException {
- KdcReq request = kdcRequest.getKdcReq();
-
- Ticket issuedTicket = new Ticket();
-
- PrincipalName serverPrincipal = getServerPrincipal();
- issuedTicket.setSname(serverPrincipal);
-
- String serverRealm = request.getReqBody().getRealm();
- issuedTicket.setRealm(serverRealm);
-
- EncTicketPart encTicketPart = makeEncTicketPart();
-
- EncryptionKey encryptionKey = getTicketEncryptionKey();
-
- EncryptedData encryptedData = EncryptionUtil.seal(encTicketPart,
- encryptionKey, KeyUsage.KDC_REP_TICKET);
- issuedTicket.setEncryptedEncPart(encryptedData);
- issuedTicket.setEncPart(encTicketPart);
-
- return issuedTicket;
- }
-
- public EncTicketPart makeEncTicketPart() throws KrbException {
- KdcReq request = kdcRequest.getKdcReq();
-
- EncTicketPart encTicketPart = new EncTicketPart();
- KdcConfig config = kdcRequest.getKdcContext().getConfig();
-
- TicketFlags ticketFlags = new TicketFlags();
- encTicketPart.setFlags(ticketFlags);
- ticketFlags.setFlag(TicketFlag.INITIAL);
-
- if (kdcRequest.isPreAuthenticated()) {
- ticketFlags.setFlag(TicketFlag.PRE_AUTH);
- }
-
- if (request.getReqBody().getKdcOptions().isFlagSet(KdcOption.FORWARDABLE)) {
- if (!config.isForwardableAllowed()) {
- LOG.warn("Forward is not allowed.");
- throw new KrbException(KrbErrorCode.KDC_ERR_POLICY);
- }
-
- ticketFlags.setFlag(TicketFlag.FORWARDABLE);
- }
-
- if (request.getReqBody().getKdcOptions().isFlagSet(KdcOption.PROXIABLE)) {
- if (!config.isProxiableAllowed()) {
- LOG.warn("Proxy is not allowed.");
- throw new KrbException(KrbErrorCode.KDC_ERR_POLICY);
- }
-
- ticketFlags.setFlag(TicketFlag.PROXIABLE);
- }
-
- if (request.getReqBody().getKdcOptions().isFlagSet(KdcOption.ALLOW_POSTDATE)) {
- if (!config.isPostdatedAllowed()) {
- LOG.warn("Post date is not allowed.");
- throw new KrbException(KrbErrorCode.KDC_ERR_POLICY);
- }
-
- ticketFlags.setFlag(TicketFlag.MAY_POSTDATE);
- }
-
- EncryptionKey sessionKey = EncryptionHandler.random2Key(
- kdcRequest.getEncryptionType());
- encTicketPart.setKey(sessionKey);
-
- encTicketPart.setCname(getclientPrincipal());
- encTicketPart.setCrealm(request.getReqBody().getRealm());
-
- TransitedEncoding transEnc = getTransitedEncoding();
- encTicketPart.setTransited(transEnc);
-
- KdcOptions kdcOptions = request.getReqBody().getKdcOptions();
-
- KerberosTime now = KerberosTime.now();
- encTicketPart.setAuthTime(now);
-
- KerberosTime krbStartTime = request.getReqBody().getFrom();
- if (krbStartTime == null || krbStartTime.lessThan(now)
- || krbStartTime.isInClockSkew(config.getAllowableClockSkew())) {
- krbStartTime = now;
- }
- if (krbStartTime.greaterThan(now)
- && !krbStartTime.isInClockSkew(config.getAllowableClockSkew())
- && !kdcOptions.isFlagSet(KdcOption.POSTDATED)) {
- throw new KrbException(KrbErrorCode.KDC_ERR_CANNOT_POSTDATE);
- }
-
- if (kdcOptions.isFlagSet(KdcOption.POSTDATED)) {
- if (!config.isPostdatedAllowed()) {
- throw new KrbException(KrbErrorCode.KDC_ERR_POLICY);
- }
-
- ticketFlags.setFlag(TicketFlag.POSTDATED);
- encTicketPart.setStartTime(krbStartTime);
- }
-
- KerberosTime krbEndTime = request.getReqBody().getTill();
- if (krbEndTime == null || krbEndTime.getTime() == 0) {
- krbEndTime = krbStartTime.extend(config.getMaximumTicketLifetime() * 1000);
- } else if (krbStartTime.greaterThan(krbEndTime)) {
- throw new KrbException(KrbErrorCode.KDC_ERR_NEVER_VALID);
- }
- encTicketPart.setEndTime(krbEndTime);
-
- long ticketLifeTime = Math.abs(krbEndTime.diff(krbStartTime));
- if (ticketLifeTime < config.getMinimumTicketLifetime()) {
- throw new KrbException(KrbErrorCode.KDC_ERR_NEVER_VALID);
- }
-
- KerberosTime krbRtime = request.getReqBody().getRtime();
- if (kdcOptions.isFlagSet(KdcOption.RENEWABLE_OK)) {
- kdcOptions.setFlag(KdcOption.RENEWABLE);
- }
- if (kdcOptions.isFlagSet(KdcOption.RENEWABLE)) {
- if (!config.isRenewableAllowed()) {
- throw new KrbException(KrbErrorCode.KDC_ERR_POLICY);
- }
-
- ticketFlags.setFlag(TicketFlag.RENEWABLE);
-
- if (krbRtime == null || krbRtime.getTime() == 0) {
- krbRtime = KerberosTime.NEVER;
- }
- KerberosTime allowedMaximumRenewableTime = krbStartTime;
- allowedMaximumRenewableTime = allowedMaximumRenewableTime
- .extend(config.getMaximumRenewableLifetime() * 1000);
- if (krbRtime.greaterThan(allowedMaximumRenewableTime)) {
- krbRtime = allowedMaximumRenewableTime;
- }
- encTicketPart.setRenewtill(krbRtime);
- }
-
- HostAddresses hostAddresses = request.getReqBody().getAddresses();
- if (hostAddresses == null || hostAddresses.isEmpty()) {
- if (!config.isEmptyAddressesAllowed()) {
- throw new KrbException(KrbErrorCode.KDC_ERR_POLICY);
- }
- } else {
- encTicketPart.setClientAddresses(hostAddresses);
- }
-
- return encTicketPart;
- }
-
- protected KdcContext getKdcContext() {
- return kdcRequest.getKdcContext();
- }
-
- protected KdcReq getKdcReq() {
- return kdcRequest.getKdcReq();
- }
-
- protected PrincipalName getclientPrincipal() {
- if (kdcRequest.isToken()) {
- return new PrincipalName(kdcRequest.getToken().getSubject());
- } else {
- return getKdcReq().getReqBody().getCname();
- }
- }
-
- protected PrincipalName getServerPrincipal() {
- return getKdcReq().getReqBody().getSname();
- }
-
- protected EncryptionType getTicketEncryptionType() throws KrbException {
- EncryptionType encryptionType = kdcRequest.getEncryptionType();
- return encryptionType;
- }
-
- protected EncryptionKey getTicketEncryptionKey() throws KrbException {
- EncryptionType encryptionType = getTicketEncryptionType();
- EncryptionKey serverKey =
- kdcRequest.getServerEntry().getKeys().get(encryptionType);
- return serverKey;
- }
-
- protected TransitedEncoding getTransitedEncoding() {
- TransitedEncoding transEnc = new TransitedEncoding();
- transEnc.setTrType(TransitedEncodingType.DOMAIN_X500_COMPRESS);
- byte[] empty = new byte[0];
- transEnc.setContents(empty);
-
- return transEnc;
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/93485f4c/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/TicketIssuer.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/TicketIssuer.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/TicketIssuer.java
new file mode 100644
index 0000000..7021c27
--- /dev/null
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/TicketIssuer.java
@@ -0,0 +1,249 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.server.request;
+
+import org.apache.kerby.kerberos.kerb.KrbErrorCode;
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.common.EncryptionUtil;
+import org.apache.kerby.kerberos.kerb.crypto.EncryptionHandler;
+import org.apache.kerby.kerberos.kerb.server.KdcConfig;
+import org.apache.kerby.kerberos.kerb.server.KdcContext;
+import org.apache.kerby.kerberos.kerb.spec.KerberosTime;
+import org.apache.kerby.kerberos.kerb.spec.base.EncryptedData;
+import org.apache.kerby.kerberos.kerb.spec.base.EncryptionKey;
+import org.apache.kerby.kerberos.kerb.spec.base.EncryptionType;
+import org.apache.kerby.kerberos.kerb.spec.base.HostAddresses;
+import org.apache.kerby.kerberos.kerb.spec.base.KeyUsage;
+import org.apache.kerby.kerberos.kerb.spec.base.PrincipalName;
+import org.apache.kerby.kerberos.kerb.spec.base.TransitedEncoding;
+import org.apache.kerby.kerberos.kerb.spec.base.TransitedEncodingType;
+import org.apache.kerby.kerberos.kerb.spec.kdc.KdcOption;
+import org.apache.kerby.kerberos.kerb.spec.kdc.KdcOptions;
+import org.apache.kerby.kerberos.kerb.spec.kdc.KdcReq;
+import org.apache.kerby.kerberos.kerb.spec.ticket.EncTicketPart;
+import org.apache.kerby.kerberos.kerb.spec.ticket.Ticket;
+import org.apache.kerby.kerberos.kerb.spec.ticket.TicketFlag;
+import org.apache.kerby.kerberos.kerb.spec.ticket.TicketFlags;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Handling ticket constructing, filling, and issuing.
+ */
+public abstract class TicketIssuer {
+ private static final Logger LOG = LoggerFactory.getLogger(TicketIssuer.class);
+ private final KdcRequest kdcRequest;
+
+ public TicketIssuer(KdcRequest kdcRequest) {
+ this.kdcRequest = kdcRequest;
+ }
+
+ protected KdcRequest getKdcRequest() {
+ return kdcRequest;
+ }
+
+ public Ticket issueTicket() throws KrbException {
+ KdcReq request = kdcRequest.getKdcReq();
+
+ Ticket issuedTicket = new Ticket();
+
+ PrincipalName serverPrincipal = getServerPrincipal();
+ issuedTicket.setSname(serverPrincipal);
+
+ String serverRealm = request.getReqBody().getRealm();
+ issuedTicket.setRealm(serverRealm);
+
+ EncTicketPart encTicketPart = makeEncTicketPart();
+
+ EncryptionKey encryptionKey = getTicketEncryptionKey();
+
+ EncryptedData encryptedData = EncryptionUtil.seal(encTicketPart,
+ encryptionKey, KeyUsage.KDC_REP_TICKET);
+ issuedTicket.setEncryptedEncPart(encryptedData);
+ issuedTicket.setEncPart(encTicketPart);
+
+ return issuedTicket;
+ }
+
+ public EncTicketPart makeEncTicketPart() throws KrbException {
+ KdcReq request = kdcRequest.getKdcReq();
+
+ EncTicketPart encTicketPart = new EncTicketPart();
+ KdcConfig config = kdcRequest.getKdcContext().getConfig();
+
+ TicketFlags ticketFlags = new TicketFlags();
+ encTicketPart.setFlags(ticketFlags);
+ ticketFlags.setFlag(TicketFlag.INITIAL);
+
+ if (kdcRequest.isPreAuthenticated()) {
+ ticketFlags.setFlag(TicketFlag.PRE_AUTH);
+ }
+
+ if (request.getReqBody().getKdcOptions().isFlagSet(KdcOption.FORWARDABLE)) {
+ if (!config.isForwardableAllowed()) {
+ LOG.warn("Forward is not allowed.");
+ throw new KrbException(KrbErrorCode.KDC_ERR_POLICY);
+ }
+
+ ticketFlags.setFlag(TicketFlag.FORWARDABLE);
+ }
+
+ if (request.getReqBody().getKdcOptions().isFlagSet(KdcOption.PROXIABLE)) {
+ if (!config.isProxiableAllowed()) {
+ LOG.warn("Proxy is not allowed.");
+ throw new KrbException(KrbErrorCode.KDC_ERR_POLICY);
+ }
+
+ ticketFlags.setFlag(TicketFlag.PROXIABLE);
+ }
+
+ if (request.getReqBody().getKdcOptions().isFlagSet(KdcOption.ALLOW_POSTDATE)) {
+ if (!config.isPostdatedAllowed()) {
+ LOG.warn("Post date is not allowed.");
+ throw new KrbException(KrbErrorCode.KDC_ERR_POLICY);
+ }
+
+ ticketFlags.setFlag(TicketFlag.MAY_POSTDATE);
+ }
+
+ EncryptionKey sessionKey = EncryptionHandler.random2Key(
+ kdcRequest.getEncryptionType());
+ encTicketPart.setKey(sessionKey);
+
+ encTicketPart.setCname(getclientPrincipal());
+ encTicketPart.setCrealm(request.getReqBody().getRealm());
+
+ TransitedEncoding transEnc = getTransitedEncoding();
+ encTicketPart.setTransited(transEnc);
+
+ KdcOptions kdcOptions = request.getReqBody().getKdcOptions();
+
+ KerberosTime now = KerberosTime.now();
+ encTicketPart.setAuthTime(now);
+
+ KerberosTime krbStartTime = request.getReqBody().getFrom();
+ if (krbStartTime == null || krbStartTime.lessThan(now)
+ || krbStartTime.isInClockSkew(config.getAllowableClockSkew())) {
+ krbStartTime = now;
+ }
+ if (krbStartTime.greaterThan(now)
+ && !krbStartTime.isInClockSkew(config.getAllowableClockSkew())
+ && !kdcOptions.isFlagSet(KdcOption.POSTDATED)) {
+ throw new KrbException(KrbErrorCode.KDC_ERR_CANNOT_POSTDATE);
+ }
+
+ if (kdcOptions.isFlagSet(KdcOption.POSTDATED)) {
+ if (!config.isPostdatedAllowed()) {
+ throw new KrbException(KrbErrorCode.KDC_ERR_POLICY);
+ }
+
+ ticketFlags.setFlag(TicketFlag.POSTDATED);
+ encTicketPart.setStartTime(krbStartTime);
+ }
+
+ KerberosTime krbEndTime = request.getReqBody().getTill();
+ if (krbEndTime == null || krbEndTime.getTime() == 0) {
+ krbEndTime = krbStartTime.extend(config.getMaximumTicketLifetime() * 1000);
+ } else if (krbStartTime.greaterThan(krbEndTime)) {
+ throw new KrbException(KrbErrorCode.KDC_ERR_NEVER_VALID);
+ }
+ encTicketPart.setEndTime(krbEndTime);
+
+ long ticketLifeTime = Math.abs(krbEndTime.diff(krbStartTime));
+ if (ticketLifeTime < config.getMinimumTicketLifetime()) {
+ throw new KrbException(KrbErrorCode.KDC_ERR_NEVER_VALID);
+ }
+
+ KerberosTime krbRtime = request.getReqBody().getRtime();
+ if (kdcOptions.isFlagSet(KdcOption.RENEWABLE_OK)) {
+ kdcOptions.setFlag(KdcOption.RENEWABLE);
+ }
+ if (kdcOptions.isFlagSet(KdcOption.RENEWABLE)) {
+ if (!config.isRenewableAllowed()) {
+ throw new KrbException(KrbErrorCode.KDC_ERR_POLICY);
+ }
+
+ ticketFlags.setFlag(TicketFlag.RENEWABLE);
+
+ if (krbRtime == null || krbRtime.getTime() == 0) {
+ krbRtime = KerberosTime.NEVER;
+ }
+ KerberosTime allowedMaximumRenewableTime = krbStartTime;
+ allowedMaximumRenewableTime = allowedMaximumRenewableTime
+ .extend(config.getMaximumRenewableLifetime() * 1000);
+ if (krbRtime.greaterThan(allowedMaximumRenewableTime)) {
+ krbRtime = allowedMaximumRenewableTime;
+ }
+ encTicketPart.setRenewtill(krbRtime);
+ }
+
+ HostAddresses hostAddresses = request.getReqBody().getAddresses();
+ if (hostAddresses == null || hostAddresses.isEmpty()) {
+ if (!config.isEmptyAddressesAllowed()) {
+ throw new KrbException(KrbErrorCode.KDC_ERR_POLICY);
+ }
+ } else {
+ encTicketPart.setClientAddresses(hostAddresses);
+ }
+
+ return encTicketPart;
+ }
+
+ protected KdcContext getKdcContext() {
+ return kdcRequest.getKdcContext();
+ }
+
+ protected KdcReq getKdcReq() {
+ return kdcRequest.getKdcReq();
+ }
+
+ protected PrincipalName getclientPrincipal() {
+ if (kdcRequest.isToken()) {
+ return new PrincipalName(kdcRequest.getToken().getSubject());
+ } else {
+ return getKdcReq().getReqBody().getCname();
+ }
+ }
+
+ protected PrincipalName getServerPrincipal() {
+ return getKdcReq().getReqBody().getSname();
+ }
+
+ protected EncryptionType getTicketEncryptionType() throws KrbException {
+ EncryptionType encryptionType = kdcRequest.getEncryptionType();
+ return encryptionType;
+ }
+
+ protected EncryptionKey getTicketEncryptionKey() throws KrbException {
+ EncryptionType encryptionType = getTicketEncryptionType();
+ EncryptionKey serverKey =
+ kdcRequest.getServerEntry().getKeys().get(encryptionType);
+ return serverKey;
+ }
+
+ protected TransitedEncoding getTransitedEncoding() {
+ TransitedEncoding transEnc = new TransitedEncoding();
+ transEnc.setTrType(TransitedEncodingType.DOMAIN_X500_COMPRESS);
+ byte[] empty = new byte[0];
+ transEnc.setContents(empty);
+
+ return transEnc;
+ }
+}
[44/48] directory-kerby git commit: DIRKRB-439 Refactor the
TokenEncoder and TokenDecoder.
Posted by pl...@apache.org.
DIRKRB-439 Refactor the TokenEncoder and TokenDecoder.
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/8ee7c599
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/8ee7c599
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/8ee7c599
Branch: refs/heads/pkinit-support
Commit: 8ee7c599fd970dce4622873e76d8001b8d77ed32
Parents: 487043c
Author: plusplusjiajia <ji...@intel.com>
Authored: Thu Oct 29 11:36:50 2015 +0800
Committer: plusplusjiajia <ji...@intel.com>
Committed: Thu Oct 29 11:36:50 2015 +0800
----------------------------------------------------------------------
.../kerberos/kerb/provider/TokenDecoder.java | 37 +++++++++++++++
.../kerberos/kerb/provider/TokenEncoder.java | 30 +++++++++++++
.../provider/token/JwtTokenDecoder.java | 28 ++++++------
.../provider/token/JwtTokenEncoder.java | 47 +++++++++-----------
4 files changed, 102 insertions(+), 40 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/8ee7c599/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/provider/TokenDecoder.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/provider/TokenDecoder.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/provider/TokenDecoder.java
index e52a9b3..88bcd0c 100644
--- a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/provider/TokenDecoder.java
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/provider/TokenDecoder.java
@@ -22,6 +22,8 @@ package org.apache.kerby.kerberos.kerb.provider;
import org.apache.kerby.kerberos.kerb.spec.base.AuthToken;
import java.io.IOException;
+import java.security.PrivateKey;
+import java.security.PublicKey;
/**
* An AuthToken decoder.
@@ -43,4 +45,39 @@ public interface TokenDecoder {
* @throws IOException e
*/
AuthToken decodeFromString(String content) throws IOException;
+
+ /**
+ * set the verify key
+ *
+ * @param key a public key
+ */
+ void setVerifyKey(PublicKey key);
+
+ /**
+ * set the verify key
+ *
+ * @param key a byte[] key
+ */
+ void setVerifyKey(byte[] key);
+
+ /**
+ * Set the decryption key
+ *
+ * @param key a private key
+ */
+ void setDecryptionKey(PrivateKey key);
+
+ /**
+ * Set the decryption key
+ *
+ * @param key a secret key
+ */
+ void setDecryptionKey(byte[] key);
+
+ /**
+ * The token signed or not
+ *
+ * @return signed or not signed
+ */
+ boolean isSigned();
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/8ee7c599/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/provider/TokenEncoder.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/provider/TokenEncoder.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/provider/TokenEncoder.java
index 90d06be..0f6cc6b 100644
--- a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/provider/TokenEncoder.java
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/provider/TokenEncoder.java
@@ -22,6 +22,9 @@ package org.apache.kerby.kerberos.kerb.provider;
import org.apache.kerby.kerberos.kerb.KrbException;
import org.apache.kerby.kerberos.kerb.spec.base.AuthToken;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+
/**
* An AuthToken encoder.
*/
@@ -43,5 +46,32 @@ public interface TokenEncoder {
*/
String encodeAsString(AuthToken token) throws KrbException;
+ /**
+ * set the encryption key
+ *
+ * @param key a public key
+ */
+ void setEncryptionKey(PublicKey key);
+
+ /**
+ * set the encryption key
+ *
+ * @param key a secret key
+ */
+ void setEncryptionKey(byte[] key);
+
+ /**
+ * set the sign key
+ *
+ * @param key a private key
+ */
+ void setSignKey(PrivateKey key);
+
+ /**
+ * set the sign key
+ *
+ * @param key a secret key
+ */
+ void setSignKey(byte[] key);
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/8ee7c599/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtTokenDecoder.java
----------------------------------------------------------------------
diff --git a/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtTokenDecoder.java b/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtTokenDecoder.java
index b42dd86..7c34bf1 100644
--- a/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtTokenDecoder.java
+++ b/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtTokenDecoder.java
@@ -164,19 +164,17 @@ public class JwtTokenDecoder implements TokenDecoder {
}
/**
- * Set the decryption key
- *
- * @param key a private key
+ * {@inheritDoc}
*/
+ @Override
public void setDecryptionKey(PrivateKey key) {
decryptionKey = key;
}
-
+
/**
- * Set the decryption key
- *
- * @param key a secret key
+ * {@inheritDoc}
*/
+ @Override
public void setDecryptionKey(byte[] key) {
decryptionKey = key;
}
@@ -212,19 +210,17 @@ public class JwtTokenDecoder implements TokenDecoder {
}
/**
- * set the verify key
- *
- * @param key a public key
+ * {@inheritDoc}
*/
+ @Override
public void setVerifyKey(PublicKey key) {
verifyKey = key;
}
-
+
/**
- * set the verify key
- *
- * @param key a byte[] key
+ * {@inheritDoc}
*/
+ @Override
public void setVerifyKey(byte[] key) {
verifyKey = key;
}
@@ -278,6 +274,10 @@ public class JwtTokenDecoder implements TokenDecoder {
return valid;
}
+ /**
+ * {@inheritDoc}
+ */
+ @Override
public boolean isSigned() {
return signed;
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/8ee7c599/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtTokenEncoder.java
----------------------------------------------------------------------
diff --git a/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtTokenEncoder.java b/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtTokenEncoder.java
index 44ef6e5..0d129f4 100644
--- a/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtTokenEncoder.java
+++ b/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtTokenEncoder.java
@@ -19,18 +19,6 @@
*/
package org.apache.kerby.kerberos.provider.token;
-import java.nio.charset.Charset;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.interfaces.ECPrivateKey;
-import java.security.interfaces.RSAPrivateKey;
-import java.security.interfaces.RSAPublicKey;
-import java.text.ParseException;
-
-import org.apache.kerby.kerberos.kerb.KrbException;
-import org.apache.kerby.kerberos.kerb.provider.TokenEncoder;
-import org.apache.kerby.kerberos.kerb.spec.base.AuthToken;
-
import com.nimbusds.jose.EncryptionMethod;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWEAlgorithm;
@@ -49,6 +37,17 @@ import com.nimbusds.jose.crypto.RSASSASigner;
import com.nimbusds.jwt.EncryptedJWT;
import com.nimbusds.jwt.JWT;
import com.nimbusds.jwt.SignedJWT;
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.provider.TokenEncoder;
+import org.apache.kerby.kerberos.kerb.spec.base.AuthToken;
+
+import java.nio.charset.Charset;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.interfaces.ECPrivateKey;
+import java.security.interfaces.RSAPrivateKey;
+import java.security.interfaces.RSAPublicKey;
+import java.text.ParseException;
/**
* JWT token encoder, implemented using Nimbus JWT library.
@@ -172,37 +171,33 @@ public class JwtTokenEncoder implements TokenEncoder {
}
/**
- * set the encryption key
- *
- * @param key a public key
+ * {@inheritDoc}
*/
+ @Override
public void setEncryptionKey(PublicKey key) {
encryptionKey = key;
}
-
+
/**
- * set the encryption key
- *
- * @param key a secret key
+ * {@inheritDoc}
*/
+ @Override
public void setEncryptionKey(byte[] key) {
encryptionKey = key;
}
/**
- * set the sign key
- *
- * @param key a private key
+ * {@inheritDoc}
*/
+ @Override
public void setSignKey(PrivateKey key) {
signKey = key;
}
-
+
/**
- * set the sign key
- *
- * @param key a secret key
+ * {@inheritDoc}
*/
+ @Override
public void setSignKey(byte[] key) {
signKey = key;
}
[37/48] directory-kerby git commit: More tests
Posted by pl...@apache.org.
More tests
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/e567dfdc
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/e567dfdc
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/e567dfdc
Branch: refs/heads/pkinit-support
Commit: e567dfdceddcfa5c9cde9cd0191d128d40e769fd
Parents: b58fb7f
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Thu Oct 22 11:40:44 2015 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Thu Oct 22 11:40:44 2015 +0100
----------------------------------------------------------------------
.../kerberos/kdc/WithAccessTokenKdcTest.java | 19 +++++++++++++++++++
.../kerberos/kdc/WithIdentityTokenKdcTest.java | 19 +++++++++++++++++++
2 files changed, 38 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/e567dfdc/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithAccessTokenKdcTest.java
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithAccessTokenKdcTest.java b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithAccessTokenKdcTest.java
index 0664529..6c8020e 100644
--- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithAccessTokenKdcTest.java
+++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithAccessTokenKdcTest.java
@@ -115,6 +115,25 @@ public class WithAccessTokenKdcTest extends WithTokenKdcTestBase {
performTest();
}
+ @Test
+ public void testSignedEncryptedTokenBadSigningKey() throws Exception {
+ KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
+ KeyPair keyPair = keyGen.generateKeyPair();
+
+ InputStream is = WithTokenKdcTestBase.class.getResourceAsStream("/oauth2.com_public_key.pem");
+ PublicKey publicKey = PublicKeyReader.loadPublicKey(is);
+
+ prepareToken(getServerPrincipal(), ISSUER, AUDIENCE, keyPair.getPrivate(), publicKey);
+
+ try {
+ performTest();
+ Assert.fail("Failure expected on a bad key");
+ } catch (Exception ex) {
+ // expected
+ Assert.assertTrue(ex instanceof KrbException);
+ }
+ }
+
private void performTest() throws Exception {
createCredentialCache(getClientPrincipal(), getClientPassword());
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/e567dfdc/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithIdentityTokenKdcTest.java
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithIdentityTokenKdcTest.java b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithIdentityTokenKdcTest.java
index eb89df6..b0dd04d 100644
--- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithIdentityTokenKdcTest.java
+++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithIdentityTokenKdcTest.java
@@ -117,6 +117,25 @@ public class WithIdentityTokenKdcTest extends WithTokenKdcTestBase {
performTest();
}
+ @Test
+ public void testSignedEncryptedTokenBadSigningKey() throws Exception {
+ KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
+ KeyPair keyPair = keyGen.generateKeyPair();
+
+ InputStream is = WithTokenKdcTestBase.class.getResourceAsStream("/oauth2.com_public_key.pem");
+ PublicKey publicKey = PublicKeyReader.loadPublicKey(is);
+
+ prepareToken(null, ISSUER, AUDIENCE, keyPair.getPrivate(), publicKey);
+
+ try {
+ performTest();
+ Assert.fail("Failure expected on a bad key");
+ } catch (Exception ex) {
+ // expected
+ Assert.assertTrue(ex instanceof KrbException);
+ }
+ }
+
private void performTest() throws Exception {
createCredentialCache(getClientPrincipal(), getClientPassword());
[21/48] directory-kerby git commit: DIRKRB-427 Add appropriate SLF4J
binding in kerby-config module.
Posted by pl...@apache.org.
DIRKRB-427 Add appropriate SLF4J binding in kerby-config module.
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/bbed4ef5
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/bbed4ef5
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/bbed4ef5
Branch: refs/heads/pkinit-support
Commit: bbed4ef533dea4376ecbe015683a40e404f1e4e4
Parents: b301875
Author: plusplusjiajia <ji...@intel.com>
Authored: Wed Sep 30 13:50:51 2015 +0800
Committer: plusplusjiajia <ji...@intel.com>
Committed: Wed Sep 30 13:50:51 2015 +0800
----------------------------------------------------------------------
kerby-config/pom.xml | 6 ++++++
1 file changed, 6 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/bbed4ef5/kerby-config/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-config/pom.xml b/kerby-config/pom.xml
index 41b7dc1..46b90b5 100644
--- a/kerby-config/pom.xml
+++ b/kerby-config/pom.xml
@@ -30,6 +30,12 @@
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
+ <version>${slf4j.version}</version>
</dependency>
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-log4j12</artifactId>
+ <version>${slf4j.version}</version>
+ </dependency>
</dependencies>
</project>
[47/48] directory-kerby git commit: kinit is enhanced to request a
service ticket
Posted by pl...@apache.org.
kinit is enhanced to request a service ticket
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/ed686993
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/ed686993
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/ed686993
Branch: refs/heads/pkinit-support
Commit: ed68699363ac6608af0a956ff95702aa88dd68ed
Parents: 8123246
Author: yaningxu <ya...@gmail.com>
Authored: Tue Nov 3 20:32:23 2015 +0800
Committer: yaningxu <ya...@gmail.com>
Committed: Tue Nov 3 20:32:23 2015 +0800
----------------------------------------------------------------------
.../java/org/apache/kerby/kerberos/tool/kinit/KinitTool.java | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ed686993/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/kinit/KinitTool.java
----------------------------------------------------------------------
diff --git a/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/kinit/KinitTool.java b/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/kinit/KinitTool.java
index 7760f34..8c06b9e 100644
--- a/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/kinit/KinitTool.java
+++ b/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/kinit/KinitTool.java
@@ -155,14 +155,15 @@ public class KinitTool {
System.exit(1);
}
+ System.out.println("Successfully requested and stored ticket in "
+ + ccacheFile.getAbsolutePath());
if (ktOptions.contains(KinitOption.SERVICE)) {
String servicePrincipal = ktOptions.getStringOption(KinitOption.SERVICE);
ServiceTicket serviceTicket =
krbClient.requestServiceTicketWithTgt(tgt, servicePrincipal);
- System.out.println(serviceTicket.toString());
+ System.out.println("Successfully requested the service ticket for " + servicePrincipal
+ + "\nKey version: " + serviceTicket.getTicket().getTktvno());
}
- System.out.println("Successfully requested and stored ticket in "
- + ccacheFile.getAbsolutePath());
}
/**
[42/48] directory-kerby git commit: DIRKRB-437 Update the assertj
version to 3.2.0.
Posted by pl...@apache.org.
DIRKRB-437 Update the assertj version to 3.2.0.
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/9ce2a555
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/9ce2a555
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/9ce2a555
Branch: refs/heads/pkinit-support
Commit: 9ce2a555ead13d336ee2d719bc0bedd8557089c7
Parents: 103de43
Author: plusplus_jiajia <ji...@intel.com>
Authored: Tue Oct 27 15:44:21 2015 +0800
Committer: plusplus_jiajia <ji...@intel.com>
Committed: Tue Oct 27 15:44:21 2015 +0800
----------------------------------------------------------------------
pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9ce2a555/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index 96ea773..4118be2 100644
--- a/pom.xml
+++ b/pom.xml
@@ -54,7 +54,7 @@
<junit.version>4.12</junit.version>
<nimbus.jose.version>3.10</nimbus.jose.version>
<slf4j.version>1.7.12</slf4j.version>
- <assertj.version>2.2.0</assertj.version>
+ <assertj.version>3.2.0</assertj.version>
<findbugs.version>3.0.1</findbugs.version>
<checkstyle.dir>${basedir}/docs</checkstyle.dir>
<skipTests>false</skipTests>
[26/48] directory-kerby git commit: Minor fix
Posted by pl...@apache.org.
Minor fix
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/657a5b56
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/657a5b56
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/657a5b56
Branch: refs/heads/pkinit-support
Commit: 657a5b56ff14793e3524925da20359a0ead44c2c
Parents: 6ad6984
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Sep 30 12:23:33 2015 +0200
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Sep 30 14:54:31 2015 +0200
----------------------------------------------------------------------
.../java/org/apache/kerby/kerberos/kdc/WithTokenKdcTestBase.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/657a5b56/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithTokenKdcTestBase.java
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithTokenKdcTestBase.java b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithTokenKdcTestBase.java
index d84d11b..ac20938 100644
--- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithTokenKdcTestBase.java
+++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithTokenKdcTestBase.java
@@ -78,7 +78,7 @@ public class WithTokenKdcTestBase extends KdcTestBase {
authToken.setAudiences(aud);
// Set expiration in 60 minutes
- final Date now = new Date(new Date().getTime() / 1000 * 1000);
+ final Date now = new Date();
Date exp = new Date(now.getTime() + 1000 * 60 * 60);
authToken.setExpirationTime(exp);
[15/48] directory-kerby git commit: DIRKRB-423. Ensure json backend
file to be re-loaded only when its updated by others
Posted by pl...@apache.org.
DIRKRB-423. Ensure json backend file to be re-loaded only when its updated by others
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/cd135c0a
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/cd135c0a
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/cd135c0a
Branch: refs/heads/pkinit-support
Commit: cd135c0a05a6783dd84c5f9e6204dfb9949d622b
Parents: f49e9f7
Author: Kai Zheng <ka...@intel.com>
Authored: Sat Sep 26 07:12:49 2015 +0800
Committer: Kai Zheng <ka...@intel.com>
Committed: Sat Sep 26 07:12:49 2015 +0800
----------------------------------------------------------------------
.../identitybackend/JsonIdentityBackend.java | 52 ++++++++++----------
1 file changed, 27 insertions(+), 25 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/cd135c0a/kerby-backend/json-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/JsonIdentityBackend.java
----------------------------------------------------------------------
diff --git a/kerby-backend/json-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/JsonIdentityBackend.java b/kerby-backend/json-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/JsonIdentityBackend.java
index e4eaf22..37e210d 100644
--- a/kerby-backend/json-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/JsonIdentityBackend.java
+++ b/kerby-backend/json-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/JsonIdentityBackend.java
@@ -59,7 +59,7 @@ public class JsonIdentityBackend extends AbstractIdentityBackend {
// Identities loaded from file
private final Map<String, KrbIdentity> identities =
new ConcurrentHashMap<>(new TreeMap<String, KrbIdentity>());
- private long kdbFileTimeStamp;
+ private long kdbFileUpdateTime = -1;
public JsonIdentityBackend() {
@@ -110,32 +110,37 @@ public class JsonIdentityBackend extends AbstractIdentityBackend {
}
}
- checkAndLoad();
+ checkAndReload();
}
/**
* Check kdb file timestamp to see if it's changed or not. If
* necessary load the kdb again.
*/
- private synchronized void checkAndLoad() throws KrbException {
+ private synchronized void checkAndReload() throws KrbException {
long nowTimeStamp = jsonKdbFile.lastModified();
- if (kdbFileTimeStamp == 0 || nowTimeStamp != kdbFileTimeStamp) {
+ if (kdbFileUpdateTime < 0 ||
+ nowTimeStamp != kdbFileUpdateTime) {
//load identities
- String existsFileJson = null;
+ String reloadedJsonContent;
try {
- existsFileJson = IOUtil.readFile(jsonKdbFile);
+ reloadedJsonContent = IOUtil.readFile(jsonKdbFile);
} catch (IOException e) {
throw new KrbException("Failed to read file", e);
}
- Map<String, KrbIdentity> loaded = gson.fromJson(existsFileJson,
- new TypeToken<HashMap<String, KrbIdentity>>() {
- }.getType());
+ Map<String, KrbIdentity> reloadedEntries =
+ gson.fromJson(reloadedJsonContent,
+ new TypeToken<HashMap<String, KrbIdentity>>() {
+ }.getType());
- if (loaded != null) {
- identities.putAll(loaded);
+ if (reloadedEntries != null) {
+ identities.clear();
+ identities.putAll(reloadedEntries);
}
+
+ kdbFileUpdateTime = nowTimeStamp;
}
}
@@ -144,7 +149,7 @@ public class JsonIdentityBackend extends AbstractIdentityBackend {
*/
@Override
protected KrbIdentity doGetIdentity(String principalName) throws KrbException {
- checkAndLoad();
+ checkAndReload();
return identities.get(principalName);
}
@@ -153,10 +158,10 @@ public class JsonIdentityBackend extends AbstractIdentityBackend {
*/
@Override
protected KrbIdentity doAddIdentity(KrbIdentity identity) throws KrbException {
- checkAndLoad();
+ checkAndReload();
identities.put(identity.getPrincipalName(), identity);
- idsToFile(identities);
+ persistToFile();
return doGetIdentity(identity.getPrincipalName());
}
@@ -166,9 +171,9 @@ public class JsonIdentityBackend extends AbstractIdentityBackend {
*/
@Override
protected KrbIdentity doUpdateIdentity(KrbIdentity identity) throws KrbException {
- checkAndLoad();
+ checkAndReload();
identities.put(identity.getPrincipalName(), identity);
- idsToFile(identities);
+ persistToFile();
return doGetIdentity(identity.getPrincipalName());
}
@@ -178,11 +183,11 @@ public class JsonIdentityBackend extends AbstractIdentityBackend {
*/
@Override
protected void doDeleteIdentity(String principalName) throws KrbException {
- checkAndLoad();
+ checkAndReload();
if (identities.containsKey(principalName)) {
identities.remove(principalName);
}
- idsToFile(identities);
+ persistToFile();
}
/**
@@ -209,14 +214,11 @@ public class JsonIdentityBackend extends AbstractIdentityBackend {
gson = gsonBuilder.create();
}
- /**
- * Write identities into a file
- * @param ids the identities to write into the json file
- */
- private synchronized void idsToFile(Map<String, KrbIdentity> ids) throws KrbException {
- String newFileJson = gson.toJson(ids);
+ private synchronized void persistToFile() throws KrbException {
+ String newJsonContent = gson.toJson(identities);
try {
- IOUtil.writeFile(newFileJson, jsonKdbFile);
+ IOUtil.writeFile(newJsonContent, jsonKdbFile);
+ kdbFileUpdateTime = jsonKdbFile.lastModified();
} catch (IOException e) {
LOG.error("Error occurred while writing identities to file: " + jsonKdbFile);
throw new KrbException("Failed to write file", e);
[24/48] directory-kerby git commit: Avoid NPE
Posted by pl...@apache.org.
Avoid NPE
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/6ad69847
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/6ad69847
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/6ad69847
Branch: refs/heads/pkinit-support
Commit: 6ad6984761eb3c40f40e03eb6475a8fbeb58f6bd
Parents: b283dec
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Sep 30 12:21:53 2015 +0200
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Sep 30 14:54:31 2015 +0200
----------------------------------------------------------------------
.../org/apache/kerby/kerberos/kerb/spec/base/PrincipalName.java | 3 +++
1 file changed, 3 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/6ad69847/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/base/PrincipalName.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/base/PrincipalName.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/base/PrincipalName.java
index 65cbe36..4bf6e0f 100644
--- a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/base/PrincipalName.java
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/base/PrincipalName.java
@@ -180,6 +180,9 @@ public class PrincipalName extends KrbSequenceType {
}
private void fromNameString(String nameString) {
+ if (nameString == null) {
+ return;
+ }
String tmpRealm = null;
List<String> nameStrings;
int pos = nameString.indexOf('@');
[09/48] directory-kerby git commit: o updated doAddIdentity() of
memory backend to return the inserted identity instead of null o removed a
spurious check on null in KdcRequest
Posted by pl...@apache.org.
o updated doAddIdentity() of memory backend to return the inserted identity instead of null
o removed a spurious check on null in KdcRequest
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/2167d16c
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/2167d16c
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/2167d16c
Branch: refs/heads/pkinit-support
Commit: 2167d16ce16aa5c643de4b2197f5c713c547c4b5
Parents: 6e15b50
Author: Kiran Ayyagari <ka...@apache.org>
Authored: Fri Sep 18 15:19:44 2015 +0800
Committer: Kiran Ayyagari <ka...@apache.org>
Committed: Fri Sep 18 15:19:44 2015 +0800
----------------------------------------------------------------------
.../kerberos/kerb/identity/backend/MemoryIdentityBackend.java | 5 ++++-
.../apache/kerby/kerberos/kerb/server/request/KdcRequest.java | 5 -----
2 files changed, 4 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/2167d16c/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/MemoryIdentityBackend.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/MemoryIdentityBackend.java b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/MemoryIdentityBackend.java
index 5b4ee1e..88616ca 100644
--- a/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/MemoryIdentityBackend.java
+++ b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/MemoryIdentityBackend.java
@@ -66,7 +66,10 @@ public class MemoryIdentityBackend extends AbstractIdentityBackend {
*/
@Override
protected KrbIdentity doAddIdentity(KrbIdentity identity) {
- return storage.put(identity.getPrincipalName(), identity);
+ storage.put(identity.getPrincipalName(), identity);
+ // return the same identity, cause Map.put() will return null
+ // when a new element was added
+ return identity;
}
/**
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/2167d16c/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java
index 47025aa..521ab51 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java
@@ -703,11 +703,6 @@ public abstract class KdcRequest {
protected KrbIdentity getEntry(String principal) throws KrbException {
KrbIdentity entry;
entry = kdcContext.getIdentityService().getIdentity(principal);
-
- if (entry == null) {
- // Maybe it is the token preauth, now we ignore check client entry.
- return null;
- }
return entry;
}
[33/48] directory-kerby git commit: Adding some JWT tests
Posted by pl...@apache.org.
Adding some JWT tests
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/b4c2b2dd
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/b4c2b2dd
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/b4c2b2dd
Branch: refs/heads/pkinit-support
Commit: b4c2b2ddd00aa972c192f1f8097344442d237e49
Parents: 49482c4
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Oct 21 17:49:52 2015 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Oct 21 17:49:52 2015 +0100
----------------------------------------------------------------------
.../kerberos/kdc/WithAccessTokenKdcTest.java | 69 ++++++++++++++++++--
.../kerberos/kdc/WithIdentityTokenKdcTest.java | 63 +++++++++++++++++-
.../kerberos/kdc/WithTokenKdcTestBase.java | 32 +++++----
.../kerb/server/preauth/token/TokenPreauth.java | 2 +-
4 files changed, 143 insertions(+), 23 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/b4c2b2dd/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithAccessTokenKdcTest.java
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithAccessTokenKdcTest.java b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithAccessTokenKdcTest.java
index d815e37..d623098 100644
--- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithAccessTokenKdcTest.java
+++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithAccessTokenKdcTest.java
@@ -19,7 +19,13 @@
*/
package org.apache.kerby.kerberos.kdc;
+import java.io.InputStream;
+import java.security.PrivateKey;
+
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.common.PrivateKeyReader;
import org.apache.kerby.kerberos.kerb.spec.ticket.ServiceTicket;
+import org.junit.Assert;
import org.junit.Test;
public class WithAccessTokenKdcTest extends WithTokenKdcTestBase {
@@ -27,12 +33,65 @@ public class WithAccessTokenKdcTest extends WithTokenKdcTestBase {
@Test
public void testRequestServiceTicketWithAccessToken() throws Exception {
prepareToken(getServerPrincipal());
+ performTest();
+ }
+
+ @Test
+ public void testBadIssuer() throws Exception {
+ InputStream is = WithTokenKdcTestBase.class.getResourceAsStream("/private_key.pem");
+ PrivateKey privateKey = PrivateKeyReader.loadPrivateKey(is);
+ prepareToken(getServerPrincipal(), "oauth1.com", AUDIENCE, privateKey);
+
+ try {
+ performTest();
+ Assert.fail("Failure expected on a bad issuer value");
+ } catch (Exception ex) {
+ // expected
+ Assert.assertTrue(ex instanceof KrbException);
+ }
+ }
+
+ // TODO - not failing yet.
+ @Test
+ @org.junit.Ignore
+ public void testBadAudienceRestriction() throws Exception {
+ InputStream is = WithTokenKdcTestBase.class.getResourceAsStream("/private_key.pem");
+ PrivateKey privateKey = PrivateKeyReader.loadPrivateKey(is);
+ prepareToken(getServerPrincipal(), ISSUER, "krbtgt2@EXAMPLE.COM", privateKey);
+
+ try {
+ performTest();
+ Assert.fail("Failure expected on a bad audience restriction value");
+ } catch (Exception ex) {
+ // expected
+ Assert.assertTrue(ex instanceof KrbException);
+ }
+ }
+
+ // TODO - not failing yet.
+ @Test
+ @org.junit.Ignore
+ public void testUnsignedToken() throws Exception {
+ prepareToken(getServerPrincipal(), ISSUER, AUDIENCE, null);
+
+ try {
+ performTest();
+ Assert.fail("Failure expected on an unsigned token");
+ } catch (Exception ex) {
+ // expected
+ Assert.assertTrue(ex instanceof KrbException);
+ }
+ }
+
+ private void performTest() throws Exception {
createCredentialCache(getClientPrincipal(), getClientPassword());
- ServiceTicket serviceTicket = getKrbClient().requestServiceTicketWithAccessToken(
- getKrbToken(), getServerPrincipal(), getcCacheFile().getPath());
- verifyTicket(serviceTicket);
-
- deleteCcacheFile();
+ try {
+ ServiceTicket serviceTicket = getKrbClient().requestServiceTicketWithAccessToken(
+ getKrbToken(), getServerPrincipal(), getcCacheFile().getPath());
+ verifyTicket(serviceTicket);
+ } finally {
+ deleteCcacheFile();
+ }
}
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/b4c2b2dd/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithIdentityTokenKdcTest.java
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithIdentityTokenKdcTest.java b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithIdentityTokenKdcTest.java
index 045da51..73e7820 100644
--- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithIdentityTokenKdcTest.java
+++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithIdentityTokenKdcTest.java
@@ -20,11 +20,14 @@
package org.apache.kerby.kerberos.kdc;
import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.common.PrivateKeyReader;
import org.apache.kerby.kerberos.kerb.spec.ticket.ServiceTicket;
import org.apache.kerby.kerberos.kerb.spec.ticket.TgtTicket;
+import org.junit.Assert;
import org.junit.Test;
-import static org.assertj.core.api.Assertions.assertThat;
+import java.io.InputStream;
+import java.security.PrivateKey;
public class WithIdentityTokenKdcTest extends WithTokenKdcTestBase {
@@ -32,6 +35,58 @@ public class WithIdentityTokenKdcTest extends WithTokenKdcTestBase {
public void testKdc() throws Exception {
prepareToken(null);
+ performTest();
+ }
+
+ @Test
+ public void testBadIssuer() throws Exception {
+ InputStream is = WithTokenKdcTestBase.class.getResourceAsStream("/private_key.pem");
+ PrivateKey privateKey = PrivateKeyReader.loadPrivateKey(is);
+ prepareToken(null, "oauth1.com", AUDIENCE, privateKey);
+
+ try {
+ performTest();
+ Assert.fail("Failure expected on a bad issuer value");
+ } catch (Exception ex) {
+ // expected
+ Assert.assertTrue(ex instanceof KrbException);
+ }
+ }
+
+ // TODO - not failing yet.
+ @Test
+ @org.junit.Ignore
+ public void testBadAudienceRestriction() throws Exception {
+ InputStream is = WithTokenKdcTestBase.class.getResourceAsStream("/private_key.pem");
+ PrivateKey privateKey = PrivateKeyReader.loadPrivateKey(is);
+ prepareToken(null, ISSUER, "krbtgt2@EXAMPLE.COM", privateKey);
+
+ try {
+ performTest();
+ Assert.fail("Failure expected on a bad audience restriction value");
+ } catch (Exception ex) {
+ // expected
+ Assert.assertTrue(ex instanceof KrbException);
+ }
+ }
+
+ // TODO - not failing yet.
+ @Test
+ @org.junit.Ignore
+ public void testUnsignedToken() throws Exception {
+ prepareToken(null, ISSUER, "krbtgt2@EXAMPLE.COM", null);
+
+ try {
+ performTest();
+ Assert.fail("Failure expected on an unsigned token");
+ } catch (Exception ex) {
+ // expected
+ Assert.assertTrue(ex instanceof KrbException);
+ }
+ }
+
+ private void performTest() throws Exception {
+
createCredentialCache(getClientPrincipal(), getClientPassword());
TgtTicket tgt = null;
@@ -39,8 +94,10 @@ public class WithIdentityTokenKdcTest extends WithTokenKdcTestBase {
tgt = getKrbClient().requestTgtWithToken(getKrbToken(),
getcCacheFile().getPath());
} catch (KrbException e) {
- assertThat(e.getMessage().contains("timeout")).isTrue();
- return;
+ if (e.getMessage().contains("timeout")) {
+ return;
+ }
+ throw e;
}
verifyTicket(tgt);
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/b4c2b2dd/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithTokenKdcTestBase.java
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithTokenKdcTestBase.java b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithTokenKdcTestBase.java
index 9c0a8a2..8db50f9 100644
--- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithTokenKdcTestBase.java
+++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithTokenKdcTestBase.java
@@ -40,7 +40,6 @@ import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.security.PrivateKey;
-import java.security.interfaces.RSAPrivateKey;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
@@ -77,10 +76,23 @@ public class WithTokenKdcTestBase extends KdcTestBase {
protected File getcCacheFile() {
return cCacheFile;
}
-
+
protected AuthToken prepareToken(String servicePrincipal) {
+ InputStream is = WithTokenKdcTestBase.class.getResourceAsStream("/private_key.pem");
+ PrivateKey privateKey = null;
+ try {
+ privateKey = PrivateKeyReader.loadPrivateKey(is);
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+
+ return prepareToken(servicePrincipal, ISSUER, AUDIENCE, privateKey);
+ }
+
+ protected AuthToken prepareToken(String servicePrincipal, String issuer, String audience,
+ PrivateKey signingKey) {
AuthToken authToken = KrbRuntime.getTokenProvider().createTokenFactory().createToken();
- authToken.setIssuer(ISSUER);
+ authToken.setIssuer(issuer);
authToken.setSubject(SUBJECT);
authToken.addAttribute("group", GROUP);
@@ -90,7 +102,7 @@ public class WithTokenKdcTestBase extends KdcTestBase {
if (servicePrincipal != null) {
aud.add(servicePrincipal);
}
- aud.add(AUDIENCE);
+ aud.add(audience);
authToken.setAudiences(aud);
// Set expiration in 60 minutes
@@ -106,16 +118,8 @@ public class WithTokenKdcTestBase extends KdcTestBase {
TokenEncoder tokenEncoder = KrbRuntime.getTokenProvider().createTokenEncoder();
- if (tokenEncoder instanceof JwtTokenEncoder) {
- InputStream is = WithTokenKdcTestBase.class.getResourceAsStream("/private_key.pem");
- PrivateKey privateKey = null;
- try {
- privateKey = PrivateKeyReader.loadPrivateKey(is);
- } catch (Exception e) {
- e.printStackTrace();
- }
-
- ((JwtTokenEncoder) tokenEncoder).setSignKey((RSAPrivateKey) privateKey);
+ if (tokenEncoder instanceof JwtTokenEncoder && signingKey != null) {
+ ((JwtTokenEncoder) tokenEncoder).setSignKey(signingKey);
}
krbToken = new KrbToken();
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/b4c2b2dd/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java
index e5154ad..2e8e860 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java
@@ -76,7 +76,7 @@ public class TokenPreauth extends AbstractPreauthPlugin {
TokenInfo tokenInfo = paTokenRequest.getTokenInfo();
String issuer = tokenInfo.getTokenVendor();
if (!(issuers.contains(issuer))) {
- throw new KrbException("Unconfigured issuer:" + issuer);
+ throw new KrbException("Unconfigured issuer: " + issuer);
}
TokenDecoder tokenDecoder = KrbRuntime.getTokenProvider().createTokenDecoder();
if (tokenDecoder instanceof JwtTokenDecoder) {
[07/48] directory-kerby git commit: added maven source plugin
Posted by pl...@apache.org.
added maven source plugin
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/49a85292
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/49a85292
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/49a85292
Branch: refs/heads/pkinit-support
Commit: 49a852922a54a8f2ce1f4192b26e0c19746e29bc
Parents: 81e8c0a
Author: Kiran Ayyagari <ka...@apache.org>
Authored: Wed Sep 16 19:53:43 2015 +0800
Committer: Kiran Ayyagari <ka...@apache.org>
Committed: Wed Sep 16 19:53:43 2015 +0800
----------------------------------------------------------------------
pom.xml | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/49a85292/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index 075e876..a6f0848 100644
--- a/pom.xml
+++ b/pom.xml
@@ -288,6 +288,20 @@
</configuration>
</plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-source-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>attach-sources</id>
+ <phase>verify</phase>
+ <goals>
+ <goal>jar</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+
</plugins>
</pluginManagement>
@@ -303,6 +317,11 @@
<artifactId>maven-checkstyle-plugin</artifactId>
</plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-source-plugin</artifactId>
+ </plugin>
+
</plugins>
</build>
[05/48] directory-kerby git commit: [maven-release-plugin] prepare
release kerby-all-1.0.0-RC1
Posted by pl...@apache.org.
[maven-release-plugin] prepare release kerby-all-1.0.0-RC1
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/69d63691
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/69d63691
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/69d63691
Branch: refs/heads/pkinit-support
Commit: 69d6369131b929f0978bac9d70fc07da16e74589
Parents: bf752ef
Author: Emmanuel Lécharny <el...@symas.com>
Authored: Thu Sep 10 14:38:06 2015 +0200
Committer: Emmanuel Lécharny <el...@symas.com>
Committed: Thu Sep 10 14:38:06 2015 +0200
----------------------------------------------------------------------
benchmark/pom.xml | 2 +-
kerby-asn1/pom.xml | 2 +-
kerby-backend/json-backend/pom.xml | 2 +-
kerby-backend/ldap-backend/pom.xml | 2 +-
kerby-backend/mavibot-backend/pom.xml | 2 +-
kerby-backend/pom.xml | 2 +-
kerby-backend/zookeeper-backend/pom.xml | 2 +-
kerby-config/pom.xml | 2 +-
kerby-dist/kdc-dist/pom.xml | 2 +-
kerby-dist/pom.xml | 2 +-
kerby-dist/tool-dist/pom.xml | 2 +-
kerby-kdc-test/pom.xml | 2 +-
kerby-kdc/pom.xml | 2 +-
kerby-kerb/integration-test/pom.xml | 2 +-
kerby-kerb/kerb-admin/pom.xml | 2 +-
kerby-kerb/kerb-client-api-all/pom.xml | 2 +-
kerby-kerb/kerb-client/pom.xml | 2 +-
kerby-kerb/kerb-common/pom.xml | 2 +-
kerby-kerb/kerb-core-test/pom.xml | 2 +-
kerby-kerb/kerb-core/pom.xml | 2 +-
kerby-kerb/kerb-crypto/pom.xml | 2 +-
kerby-kerb/kerb-identity-test/pom.xml | 2 +-
kerby-kerb/kerb-identity/pom.xml | 2 +-
kerby-kerb/kerb-kdc-test/pom.xml | 2 +-
kerby-kerb/kerb-server-api-all/pom.xml | 2 +-
kerby-kerb/kerb-server/pom.xml | 2 +-
kerby-kerb/kerb-simplekdc/pom.xml | 2 +-
kerby-kerb/kerb-util/pom.xml | 2 +-
kerby-kerb/pom.xml | 2 +-
kerby-provider/pom.xml | 2 +-
kerby-provider/token-provider/pom.xml | 2 +-
kerby-tool/client-tool/pom.xml | 2 +-
kerby-tool/kdc-tool/pom.xml | 2 +-
kerby-tool/pom.xml | 2 +-
kerby-util/pom.xml | 2 +-
pom.xml | 4 ++--
36 files changed, 37 insertions(+), 37 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/69d63691/benchmark/pom.xml
----------------------------------------------------------------------
diff --git a/benchmark/pom.xml b/benchmark/pom.xml
index 3b10fdb..7426de0 100644
--- a/benchmark/pom.xml
+++ b/benchmark/pom.xml
@@ -17,7 +17,7 @@
<parent>
<artifactId>kerby-all</artifactId>
<groupId>org.apache.kerby</groupId>
- <version>1.0.0-RC1-SNAPSHOT</version>
+ <version>1.0.0-RC1</version>
</parent>
<artifactId>benchmark</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/69d63691/kerby-asn1/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-asn1/pom.xml b/kerby-asn1/pom.xml
index 2b135a4..718b0d0 100644
--- a/kerby-asn1/pom.xml
+++ b/kerby-asn1/pom.xml
@@ -17,7 +17,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-all</artifactId>
- <version>1.0.0-RC1-SNAPSHOT</version>
+ <version>1.0.0-RC1</version>
</parent>
<modelVersion>4.0.0</modelVersion>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/69d63691/kerby-backend/json-backend/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-backend/json-backend/pom.xml b/kerby-backend/json-backend/pom.xml
index 3b34f17..f9bf4f3 100644
--- a/kerby-backend/json-backend/pom.xml
+++ b/kerby-backend/json-backend/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-backend</artifactId>
- <version>1.0.0-RC1-SNAPSHOT</version>
+ <version>1.0.0-RC1</version>
</parent>
<artifactId>json-backend</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/69d63691/kerby-backend/ldap-backend/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-backend/ldap-backend/pom.xml b/kerby-backend/ldap-backend/pom.xml
index 315230e..2e0c5aa 100644
--- a/kerby-backend/ldap-backend/pom.xml
+++ b/kerby-backend/ldap-backend/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-backend</artifactId>
- <version>1.0.0-RC1-SNAPSHOT</version>
+ <version>1.0.0-RC1</version>
</parent>
<artifactId>ldap-backend</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/69d63691/kerby-backend/mavibot-backend/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-backend/mavibot-backend/pom.xml b/kerby-backend/mavibot-backend/pom.xml
index f281a2c..e0fd72f 100644
--- a/kerby-backend/mavibot-backend/pom.xml
+++ b/kerby-backend/mavibot-backend/pom.xml
@@ -22,7 +22,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-backend</artifactId>
- <version>1.0.0-RC1-SNAPSHOT</version>
+ <version>1.0.0-RC1</version>
</parent>
<artifactId>mavibot-backend</artifactId>
<name>Mavibot based backend</name>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/69d63691/kerby-backend/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-backend/pom.xml b/kerby-backend/pom.xml
index 23aed47..15f8fdb 100644
--- a/kerby-backend/pom.xml
+++ b/kerby-backend/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-all</artifactId>
- <version>1.0.0-RC1-SNAPSHOT</version>
+ <version>1.0.0-RC1</version>
</parent>
<artifactId>kerby-backend</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/69d63691/kerby-backend/zookeeper-backend/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-backend/zookeeper-backend/pom.xml b/kerby-backend/zookeeper-backend/pom.xml
index 6b78437..d0a701c 100644
--- a/kerby-backend/zookeeper-backend/pom.xml
+++ b/kerby-backend/zookeeper-backend/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-backend</artifactId>
- <version>1.0.0-RC1-SNAPSHOT</version>
+ <version>1.0.0-RC1</version>
</parent>
<artifactId>zookeeper-backend</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/69d63691/kerby-config/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-config/pom.xml b/kerby-config/pom.xml
index 23203df..bca15e1 100644
--- a/kerby-config/pom.xml
+++ b/kerby-config/pom.xml
@@ -17,7 +17,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-all</artifactId>
- <version>1.0.0-RC1-SNAPSHOT</version>
+ <version>1.0.0-RC1</version>
</parent>
<modelVersion>4.0.0</modelVersion>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/69d63691/kerby-dist/kdc-dist/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-dist/kdc-dist/pom.xml b/kerby-dist/kdc-dist/pom.xml
index ad24caa..2617960 100644
--- a/kerby-dist/kdc-dist/pom.xml
+++ b/kerby-dist/kdc-dist/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-dist</artifactId>
- <version>1.0.0-RC1-SNAPSHOT</version>
+ <version>1.0.0-RC1</version>
</parent>
<artifactId>kdc-dist</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/69d63691/kerby-dist/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-dist/pom.xml b/kerby-dist/pom.xml
index 775abb1..f6dcb1e 100644
--- a/kerby-dist/pom.xml
+++ b/kerby-dist/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-all</artifactId>
- <version>1.0.0-RC1-SNAPSHOT</version>
+ <version>1.0.0-RC1</version>
</parent>
<artifactId>kerby-dist</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/69d63691/kerby-dist/tool-dist/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-dist/tool-dist/pom.xml b/kerby-dist/tool-dist/pom.xml
index 2a7bfe7..8a4144b 100644
--- a/kerby-dist/tool-dist/pom.xml
+++ b/kerby-dist/tool-dist/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-dist</artifactId>
- <version>1.0.0-RC1-SNAPSHOT</version>
+ <version>1.0.0-RC1</version>
</parent>
<artifactId>tool-dist</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/69d63691/kerby-kdc-test/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/pom.xml b/kerby-kdc-test/pom.xml
index 6ed31e7..2acd191 100644
--- a/kerby-kdc-test/pom.xml
+++ b/kerby-kdc-test/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-all</artifactId>
- <version>1.0.0-RC1-SNAPSHOT</version>
+ <version>1.0.0-RC1</version>
</parent>
<artifactId>kerby-kdc-test</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/69d63691/kerby-kdc/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kdc/pom.xml b/kerby-kdc/pom.xml
index 8223cf9..b0417db 100644
--- a/kerby-kdc/pom.xml
+++ b/kerby-kdc/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-all</artifactId>
- <version>1.0.0-RC1-SNAPSHOT</version>
+ <version>1.0.0-RC1</version>
</parent>
<artifactId>kerby-kdc</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/69d63691/kerby-kerb/integration-test/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/pom.xml b/kerby-kerb/integration-test/pom.xml
index 769bfc4..0af11d9 100644
--- a/kerby-kerb/integration-test/pom.xml
+++ b/kerby-kerb/integration-test/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-kerb</artifactId>
- <version>1.0.0-RC1-SNAPSHOT</version>
+ <version>1.0.0-RC1</version>
</parent>
<artifactId>integration-test</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/69d63691/kerby-kerb/kerb-admin/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/pom.xml b/kerby-kerb/kerb-admin/pom.xml
index e44c4a2..da16b90 100644
--- a/kerby-kerb/kerb-admin/pom.xml
+++ b/kerby-kerb/kerb-admin/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-kerb</artifactId>
- <version>1.0.0-RC1-SNAPSHOT</version>
+ <version>1.0.0-RC1</version>
</parent>
<artifactId>kerb-admin</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/69d63691/kerby-kerb/kerb-client-api-all/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client-api-all/pom.xml b/kerby-kerb/kerb-client-api-all/pom.xml
index 9e4f2c6..aa3a48e 100644
--- a/kerby-kerb/kerb-client-api-all/pom.xml
+++ b/kerby-kerb/kerb-client-api-all/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-kerb</artifactId>
- <version>1.0.0-RC1-SNAPSHOT</version>
+ <version>1.0.0-RC1</version>
</parent>
<artifactId>kerb-client-api-all</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/69d63691/kerby-kerb/kerb-client/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/pom.xml b/kerby-kerb/kerb-client/pom.xml
index a6cd0df..3208405 100644
--- a/kerby-kerb/kerb-client/pom.xml
+++ b/kerby-kerb/kerb-client/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-kerb</artifactId>
- <version>1.0.0-RC1-SNAPSHOT</version>
+ <version>1.0.0-RC1</version>
</parent>
<artifactId>kerb-client</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/69d63691/kerby-kerb/kerb-common/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-common/pom.xml b/kerby-kerb/kerb-common/pom.xml
index f47fba6..45d2894 100644
--- a/kerby-kerb/kerb-common/pom.xml
+++ b/kerby-kerb/kerb-common/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-kerb</artifactId>
- <version>1.0.0-RC1-SNAPSHOT</version>
+ <version>1.0.0-RC1</version>
</parent>
<artifactId>kerb-common</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/69d63691/kerby-kerb/kerb-core-test/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core-test/pom.xml b/kerby-kerb/kerb-core-test/pom.xml
index 9224218..8940d99 100644
--- a/kerby-kerb/kerb-core-test/pom.xml
+++ b/kerby-kerb/kerb-core-test/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-kerb</artifactId>
- <version>1.0.0-RC1-SNAPSHOT</version>
+ <version>1.0.0-RC1</version>
</parent>
<artifactId>kerb-core-test</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/69d63691/kerby-kerb/kerb-core/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/pom.xml b/kerby-kerb/kerb-core/pom.xml
index d5e85c7..07c819f 100644
--- a/kerby-kerb/kerb-core/pom.xml
+++ b/kerby-kerb/kerb-core/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-kerb</artifactId>
- <version>1.0.0-RC1-SNAPSHOT</version>
+ <version>1.0.0-RC1</version>
</parent>
<artifactId>kerb-core</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/69d63691/kerby-kerb/kerb-crypto/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/pom.xml b/kerby-kerb/kerb-crypto/pom.xml
index 4975afd..539de46 100644
--- a/kerby-kerb/kerb-crypto/pom.xml
+++ b/kerby-kerb/kerb-crypto/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-kerb</artifactId>
- <version>1.0.0-RC1-SNAPSHOT</version>
+ <version>1.0.0-RC1</version>
</parent>
<artifactId>kerb-crypto</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/69d63691/kerby-kerb/kerb-identity-test/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-identity-test/pom.xml b/kerby-kerb/kerb-identity-test/pom.xml
index ee0f02e..871c3aa 100644
--- a/kerby-kerb/kerb-identity-test/pom.xml
+++ b/kerby-kerb/kerb-identity-test/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-kerb</artifactId>
- <version>1.0.0-RC1-SNAPSHOT</version>
+ <version>1.0.0-RC1</version>
</parent>
<artifactId>kerb-identity-test</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/69d63691/kerby-kerb/kerb-identity/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-identity/pom.xml b/kerby-kerb/kerb-identity/pom.xml
index 890defd..6905cc3 100644
--- a/kerby-kerb/kerb-identity/pom.xml
+++ b/kerby-kerb/kerb-identity/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-kerb</artifactId>
- <version>1.0.0-RC1-SNAPSHOT</version>
+ <version>1.0.0-RC1</version>
</parent>
<artifactId>kerb-identity</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/69d63691/kerby-kerb/kerb-kdc-test/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/pom.xml b/kerby-kerb/kerb-kdc-test/pom.xml
index c592a01..8a8cbbe 100644
--- a/kerby-kerb/kerb-kdc-test/pom.xml
+++ b/kerby-kerb/kerb-kdc-test/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-kerb</artifactId>
- <version>1.0.0-RC1-SNAPSHOT</version>
+ <version>1.0.0-RC1</version>
</parent>
<artifactId>kerb-kdc-test</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/69d63691/kerby-kerb/kerb-server-api-all/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server-api-all/pom.xml b/kerby-kerb/kerb-server-api-all/pom.xml
index 5d77d8c..d5e3c66 100644
--- a/kerby-kerb/kerb-server-api-all/pom.xml
+++ b/kerby-kerb/kerb-server-api-all/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-kerb</artifactId>
- <version>1.0.0-RC1-SNAPSHOT</version>
+ <version>1.0.0-RC1</version>
</parent>
<artifactId>kerb-server-api-all</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/69d63691/kerby-kerb/kerb-server/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/pom.xml b/kerby-kerb/kerb-server/pom.xml
index a56e1cf..139d215 100644
--- a/kerby-kerb/kerb-server/pom.xml
+++ b/kerby-kerb/kerb-server/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-kerb</artifactId>
- <version>1.0.0-RC1-SNAPSHOT</version>
+ <version>1.0.0-RC1</version>
</parent>
<artifactId>kerb-server</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/69d63691/kerby-kerb/kerb-simplekdc/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-simplekdc/pom.xml b/kerby-kerb/kerb-simplekdc/pom.xml
index ee7a5d7..1e9ce65 100644
--- a/kerby-kerb/kerb-simplekdc/pom.xml
+++ b/kerby-kerb/kerb-simplekdc/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-kerb</artifactId>
- <version>1.0.0-RC1-SNAPSHOT</version>
+ <version>1.0.0-RC1</version>
</parent>
<artifactId>kerb-simplekdc</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/69d63691/kerby-kerb/kerb-util/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-util/pom.xml b/kerby-kerb/kerb-util/pom.xml
index a1d4380..4bd4f15 100644
--- a/kerby-kerb/kerb-util/pom.xml
+++ b/kerby-kerb/kerb-util/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-kerb</artifactId>
- <version>1.0.0-RC1-SNAPSHOT</version>
+ <version>1.0.0-RC1</version>
</parent>
<artifactId>kerb-util</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/69d63691/kerby-kerb/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/pom.xml b/kerby-kerb/pom.xml
index b5e4211..32bc10a 100644
--- a/kerby-kerb/pom.xml
+++ b/kerby-kerb/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-all</artifactId>
- <version>1.0.0-RC1-SNAPSHOT</version>
+ <version>1.0.0-RC1</version>
</parent>
<artifactId>kerby-kerb</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/69d63691/kerby-provider/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-provider/pom.xml b/kerby-provider/pom.xml
index 5c2516d..7b2bfa7 100644
--- a/kerby-provider/pom.xml
+++ b/kerby-provider/pom.xml
@@ -16,7 +16,7 @@
<parent>
<artifactId>kerby-all</artifactId>
<groupId>org.apache.kerby</groupId>
- <version>1.0.0-RC1-SNAPSHOT</version>
+ <version>1.0.0-RC1</version>
</parent>
<modelVersion>4.0.0</modelVersion>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/69d63691/kerby-provider/token-provider/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-provider/token-provider/pom.xml b/kerby-provider/token-provider/pom.xml
index 72405be..d51992a 100644
--- a/kerby-provider/token-provider/pom.xml
+++ b/kerby-provider/token-provider/pom.xml
@@ -16,7 +16,7 @@
<parent>
<artifactId>kerby-provider</artifactId>
<groupId>org.apache.kerby</groupId>
- <version>1.0.0-RC1-SNAPSHOT</version>
+ <version>1.0.0-RC1</version>
</parent>
<modelVersion>4.0.0</modelVersion>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/69d63691/kerby-tool/client-tool/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-tool/client-tool/pom.xml b/kerby-tool/client-tool/pom.xml
index 7af6cc9..adef01f 100644
--- a/kerby-tool/client-tool/pom.xml
+++ b/kerby-tool/client-tool/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-tool</artifactId>
- <version>1.0.0-RC1-SNAPSHOT</version>
+ <version>1.0.0-RC1</version>
</parent>
<artifactId>client-tool</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/69d63691/kerby-tool/kdc-tool/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-tool/kdc-tool/pom.xml b/kerby-tool/kdc-tool/pom.xml
index ab13016..7afb9ea 100644
--- a/kerby-tool/kdc-tool/pom.xml
+++ b/kerby-tool/kdc-tool/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-tool</artifactId>
- <version>1.0.0-RC1-SNAPSHOT</version>
+ <version>1.0.0-RC1</version>
</parent>
<artifactId>kdc-tool</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/69d63691/kerby-tool/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-tool/pom.xml b/kerby-tool/pom.xml
index 00d4489..3721fb9 100644
--- a/kerby-tool/pom.xml
+++ b/kerby-tool/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-all</artifactId>
- <version>1.0.0-RC1-SNAPSHOT</version>
+ <version>1.0.0-RC1</version>
</parent>
<artifactId>kerby-tool</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/69d63691/kerby-util/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-util/pom.xml b/kerby-util/pom.xml
index 42683e5..4f156d1 100644
--- a/kerby-util/pom.xml
+++ b/kerby-util/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-all</artifactId>
- <version>1.0.0-RC1-SNAPSHOT</version>
+ <version>1.0.0-RC1</version>
</parent>
<artifactId>kerby-util</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/69d63691/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index 45b6bb4..3f15371 100644
--- a/pom.xml
+++ b/pom.xml
@@ -24,7 +24,7 @@
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-all</artifactId>
- <version>1.0.0-RC1-SNAPSHOT</version>
+ <version>1.0.0-RC1</version>
<packaging>pom</packaging>
<name>Apache Kerby Project</name>
@@ -36,7 +36,7 @@
<connection>scm:git:https://git-wip-us.apache.org/repos/asf/directory-kerby.git</connection>
<url>https://github.com/apache/directory-kerby</url>
<developerConnection>scm:git:https://git-wip-us.apache.org/repos/asf/directory-kerby.git</developerConnection>
- <tag>HEAD</tag>
+ <tag>kerby-all-1.0.0-RC1</tag>
</scm>
<distributionManagement>
[29/48] directory-kerby git commit: DIRKRB-434 Get the verify key for
signed JWT token from kdc config.
Posted by pl...@apache.org.
DIRKRB-434 Get the verify key for signed JWT token from kdc config.
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/0df9588b
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/0df9588b
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/0df9588b
Branch: refs/heads/pkinit-support
Commit: 0df9588b49d354453683bfa0aa6c78535277ddb2
Parents: 91f6e71
Author: plusplusjiajia <ji...@intel.com>
Authored: Wed Oct 14 13:40:38 2015 +0800
Committer: plusplusjiajia <ji...@intel.com>
Committed: Wed Oct 14 13:40:38 2015 +0800
----------------------------------------------------------------------
.../kerb/client/preauth/token/TokenPreauth.java | 2 +-
.../kerb/spec/pa/token/PaTokenRequest.java | 4 +-
kerby-kerb/kerb-server/pom.xml | 5 +++
.../kerby/kerberos/kerb/server/KdcConfig.java | 4 ++
.../kerberos/kerb/server/KdcConfigKey.java | 3 +-
.../kerb/server/preauth/token/TokenPreauth.java | 43 +++++++++++++++++++-
6 files changed, 56 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0df9588b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/token/TokenPreauth.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/token/TokenPreauth.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/token/TokenPreauth.java
index 4ed5ec6..11aa0a2 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/token/TokenPreauth.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/token/TokenPreauth.java
@@ -188,7 +188,7 @@ public class TokenPreauth extends AbstractPreauthPlugin {
PaTokenRequest tokenPa = new PaTokenRequest();
tokenPa.setToken((KrbToken) authToken);
TokenInfo info = new TokenInfo();
- info.setTokenVendor("vendor");
+ info.setTokenVendor(authToken.getIssuer());
tokenPa.setTokenInfo(info);
EncryptedData paDataValue = EncryptionUtil.seal(tokenPa,
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0df9588b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/token/PaTokenRequest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/token/PaTokenRequest.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/token/PaTokenRequest.java
index d90aa89..969f4db 100644
--- a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/token/PaTokenRequest.java
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/token/PaTokenRequest.java
@@ -50,8 +50,8 @@ public class PaTokenRequest extends KrbSequenceType {
setFieldAs(TOKEN, token);
}
- public String getTokenInfo() {
- return getFieldAsString(TOKEN_INFO);
+ public TokenInfo getTokenInfo() {
+ return getFieldAs(TOKEN_INFO, TokenInfo.class);
}
public void setTokenInfo(TokenInfo tokenInfo) {
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0df9588b/kerby-kerb/kerb-server/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/pom.xml b/kerby-kerb/kerb-server/pom.xml
index edb355c..117cfb6 100644
--- a/kerby-kerb/kerb-server/pom.xml
+++ b/kerby-kerb/kerb-server/pom.xml
@@ -47,5 +47,10 @@
<artifactId>kerb-identity</artifactId>
<version>${project.version}</version>
</dependency>
+ <dependency>
+ <groupId>org.apache.kerby</groupId>
+ <artifactId>token-provider</artifactId>
+ <version>${project.version}</version>
+ </dependency>
</dependencies>
</project>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0df9588b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfig.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfig.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfig.java
index 7b041f1..e51b28d 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfig.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfig.java
@@ -161,4 +161,8 @@ public class KdcConfig extends Conf {
return KrbConfHelper.getIntUnderSection(this,
KdcConfigKey.KDC_MAX_DGRAM_REPLY_SIZE);
}
+
+ public String getVerifyKeyConfig() {
+ return KrbConfHelper.getStringUnderSection(this, KdcConfigKey.VERIFY_KEY);
+ }
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0df9588b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfigKey.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfigKey.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfigKey.java
index a03dcbb..1311b02 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfigKey.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfigKey.java
@@ -48,7 +48,8 @@ public enum KdcConfigKey implements SectionConfigKey {
VERIFY_BODY_CHECKSUM(true),
ENCRYPTION_TYPES("aes128-cts-hmac-sha1-96 des3-cbc-sha1-kd"),
RESTRICT_ANONYMOUS_TO_TGT(false, "kdcdefaults"),
- KDC_MAX_DGRAM_REPLY_SIZE(4096, "kdcdefaults");
+ KDC_MAX_DGRAM_REPLY_SIZE(4096, "kdcdefaults"),
+ VERIFY_KEY(null, "kdcdefaults");
private Object defaultValue;
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0df9588b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java
index ba7cbec..ef06006 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java
@@ -23,6 +23,7 @@ import org.apache.kerby.kerberos.kerb.KrbCodec;
import org.apache.kerby.kerberos.kerb.KrbException;
import org.apache.kerby.kerberos.kerb.KrbRuntime;
import org.apache.kerby.kerberos.kerb.common.EncryptionUtil;
+import org.apache.kerby.kerberos.kerb.common.PublicKeyReader;
import org.apache.kerby.kerberos.kerb.preauth.PluginRequestContext;
import org.apache.kerby.kerberos.kerb.preauth.token.TokenPreauthMeta;
import org.apache.kerby.kerberos.kerb.provider.TokenDecoder;
@@ -39,8 +40,14 @@ import org.apache.kerby.kerberos.kerb.spec.base.PrincipalName;
import org.apache.kerby.kerberos.kerb.spec.pa.PaDataEntry;
import org.apache.kerby.kerberos.kerb.spec.pa.PaDataType;
import org.apache.kerby.kerberos.kerb.spec.pa.token.PaTokenRequest;
+import org.apache.kerby.kerberos.kerb.spec.pa.token.TokenInfo;
+import org.apache.kerby.kerberos.provider.token.JwtTokenDecoder;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
import java.io.IOException;
+import java.security.PublicKey;
import java.util.List;
public class TokenPreauth extends AbstractPreauthPlugin {
@@ -67,6 +74,27 @@ public class TokenPreauth extends AbstractPreauthPlugin {
KrbToken token = paTokenRequest.getToken();
TokenDecoder tokenDecoder = KrbRuntime.getTokenProvider().createTokenDecoder();
+ if (tokenDecoder instanceof JwtTokenDecoder) {
+ TokenInfo tokenInfo = paTokenRequest.getTokenInfo();
+ String issuer = tokenInfo.getTokenVendor();
+ String verifyKeyPath = kdcRequest.getKdcContext().getConfig().getVerifyKeyConfig();
+ if (verifyKeyPath != null) {
+ File verifyKeyFile = getVerifyKeyFile(verifyKeyPath, issuer);
+ if (verifyKeyFile != null) {
+ PublicKey verifyKey = null;
+ try {
+ FileInputStream fis = new FileInputStream(verifyKeyFile);
+ verifyKey = PublicKeyReader.loadPublicKey(fis);
+ } catch (FileNotFoundException e) {
+ e.printStackTrace();
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ ((JwtTokenDecoder) tokenDecoder).setVerifyKey(verifyKey);
+ }
+ }
+ }
+
AuthToken authToken = null;
try {
authToken = tokenDecoder.decodeFromBytes(token.getTokenValue());
@@ -88,10 +116,23 @@ public class TokenPreauth extends AbstractPreauthPlugin {
throw new KrbException("Token audience not match with the target server principal!");
}
}
-
return true;
} else {
return false;
}
}
+
+ private File getVerifyKeyFile(String path, String issuer) {
+ File folder = new File(path);
+ File[] listOfFiles = folder.listFiles();
+ File verifyKeyFile = null;
+
+ for (int i = 0; i < listOfFiles.length; i++) {
+ if (listOfFiles[i].isFile() && listOfFiles[i].getName().contains(issuer)) {
+ verifyKeyFile = listOfFiles[i];
+ break;
+ }
+ }
+ return verifyKeyFile;
+ }
}
[27/48] directory-kerby git commit: Run the Token Pre Auth
integration tests as part of the maven build!
Posted by pl...@apache.org.
Run the Token Pre Auth integration tests as part of the maven build!
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/a180614b
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/a180614b
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/a180614b
Branch: refs/heads/pkinit-support
Commit: a180614bc68354cd072f41e0e9dcf906f390c8de
Parents: 93485f4
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Tue Oct 6 14:44:42 2015 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Tue Oct 6 14:44:42 2015 +0100
----------------------------------------------------------------------
.../integration/test/TokenLoginTestBase.java | 2 +-
.../TokenLoginTestWithTokenPreauthDisabled.java | 48 --------------------
.../TokenLoginTestWithTokenPreauthEnabled.java | 43 ------------------
.../TokenLoginWithTokenPreauthDisabledTest.java | 48 ++++++++++++++++++++
.../TokenLoginWithTokenPreauthEnabledTest.java | 43 ++++++++++++++++++
5 files changed, 92 insertions(+), 92 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/a180614b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginTestBase.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginTestBase.java b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginTestBase.java
index ec7205f..c6f6f89 100644
--- a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginTestBase.java
+++ b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginTestBase.java
@@ -107,7 +107,7 @@ public class TokenLoginTestBase extends LoginTestBase {
authToken.setAudiences(aud);
// Set expiration in 60 minutes
- final Date now = new Date(new Date().getTime() / 1000 * 1000);
+ final Date now = new Date();
Date exp = new Date(now.getTime() + 1000 * 60 * 60);
authToken.setExpirationTime(exp);
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/a180614b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginTestWithTokenPreauthDisabled.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginTestWithTokenPreauthDisabled.java b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginTestWithTokenPreauthDisabled.java
deleted file mode 100644
index 1dd8417..0000000
--- a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginTestWithTokenPreauthDisabled.java
+++ /dev/null
@@ -1,48 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerby.kerberos.kerb.integration.test;
-
-import javax.security.auth.login.LoginException;
-
-import org.junit.Assert;
-import org.junit.Test;
-
-/**
- * Test login with token when token preauth is not allowed by kdc.
- */
-public class TokenLoginTestWithTokenPreauthDisabled extends TokenLoginTestBase {
-
- @Override
- protected Boolean isTokenPreauthAllowed() {
- return false;
- }
-
- @Test(expected = LoginException.class)
- public void testLoginWithTokenStr() throws Exception {
- super.testLoginWithTokenStr();
- Assert.fail("Exception should have been thrown");
- }
-
- @Test(expected = LoginException.class)
- public void testLoginWithTokenCache() throws Exception {
- super.testLoginWithTokenCache();
- Assert.fail("Exception should have been thrown");
- }
-}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/a180614b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginTestWithTokenPreauthEnabled.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginTestWithTokenPreauthEnabled.java b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginTestWithTokenPreauthEnabled.java
deleted file mode 100644
index ffa720e..0000000
--- a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginTestWithTokenPreauthEnabled.java
+++ /dev/null
@@ -1,43 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerby.kerberos.kerb.integration.test;
-
-import org.junit.Test;
-
-/**
- * Test login with token when token preauth is allowed by kdc.
- */
-public class TokenLoginTestWithTokenPreauthEnabled extends TokenLoginTestBase {
-
- @Override
- protected Boolean isTokenPreauthAllowed() {
- return true;
- }
-
- @Test
- public void testLoginWithTokenStr() throws Exception {
- super.testLoginWithTokenStr();
- }
-
- @Test
- public void testLoginWithTokenCache() throws Exception {
- super.testLoginWithTokenCache();
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/a180614b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginWithTokenPreauthDisabledTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginWithTokenPreauthDisabledTest.java b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginWithTokenPreauthDisabledTest.java
new file mode 100644
index 0000000..0c98ec7
--- /dev/null
+++ b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginWithTokenPreauthDisabledTest.java
@@ -0,0 +1,48 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.integration.test;
+
+import javax.security.auth.login.LoginException;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+/**
+ * Test login with token when token preauth is not allowed by kdc.
+ */
+public class TokenLoginWithTokenPreauthDisabledTest extends TokenLoginTestBase {
+
+ @Override
+ protected Boolean isTokenPreauthAllowed() {
+ return false;
+ }
+
+ @Test(expected = LoginException.class)
+ public void testLoginWithTokenStr() throws Exception {
+ super.testLoginWithTokenStr();
+ Assert.fail("Exception should have been thrown");
+ }
+
+ @Test(expected = LoginException.class)
+ public void testLoginWithTokenCache() throws Exception {
+ super.testLoginWithTokenCache();
+ Assert.fail("Exception should have been thrown");
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/a180614b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginWithTokenPreauthEnabledTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginWithTokenPreauthEnabledTest.java b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginWithTokenPreauthEnabledTest.java
new file mode 100644
index 0000000..86faf11
--- /dev/null
+++ b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginWithTokenPreauthEnabledTest.java
@@ -0,0 +1,43 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.integration.test;
+
+import org.junit.Test;
+
+/**
+ * Test login with token when token preauth is allowed by kdc.
+ */
+public class TokenLoginWithTokenPreauthEnabledTest extends TokenLoginTestBase {
+
+ @Override
+ protected Boolean isTokenPreauthAllowed() {
+ return true;
+ }
+
+ @Test
+ public void testLoginWithTokenStr() throws Exception {
+ super.testLoginWithTokenStr();
+ }
+
+ @Test
+ public void testLoginWithTokenCache() throws Exception {
+ super.testLoginWithTokenCache();
+ }
+}
[20/48] directory-kerby git commit: DIRKRB-426. KrbClient wont accept
principal name not of realm part
Posted by pl...@apache.org.
DIRKRB-426. KrbClient wont accept principal name not of realm part
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/b3018754
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/b3018754
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/b3018754
Branch: refs/heads/pkinit-support
Commit: b301875499aae1673f6acb11428f2a2cf69c83b6
Parents: 59a6b65
Author: Kai Zheng <ka...@intel.com>
Authored: Wed Sep 30 08:44:01 2015 +0800
Committer: Kai Zheng <ka...@intel.com>
Committed: Wed Sep 30 08:44:01 2015 +0800
----------------------------------------------------------------------
.../apache/kerby/kerberos/kerb/admin/Kadmin.java | 5 ++---
.../kerby/kerberos/kerb/client/KrbClient.java | 2 +-
.../client/impl/AbstractInternalKrbClient.java | 19 +++++++++++++++++--
3 files changed, 20 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/b3018754/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/Kadmin.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/Kadmin.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/Kadmin.java
index 285544f..ea4bacc 100644
--- a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/Kadmin.java
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/Kadmin.java
@@ -541,7 +541,7 @@ public class Kadmin {
/**
* Stop the backend and release any resources associated.
*
- * @throws org.apache.kerby.kerberos.kerb.KrbException e
+ * @throws KrbException e
*/
public void release() throws KrbException {
if (backend != null) {
@@ -550,10 +550,9 @@ public class Kadmin {
}
/**
- * Fix principal name.
+ * Fix principal name, making it complete.
*
* @param principal The principal name
- * @throws KrbException
*/
private String fixPrincipal(String principal) {
if (!principal.contains("@")) {
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/b3018754/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbClient.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbClient.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbClient.java
index db318fb..b5ec953 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbClient.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbClient.java
@@ -246,7 +246,7 @@ public class KrbClient {
*/
public TgtTicket requestTgtWithOptions(KOptions requestOptions) throws KrbException {
if (requestOptions == null) {
- throw new IllegalArgumentException("Null KrbOptions specified");
+ throw new IllegalArgumentException("Null requestOptions specified");
}
return innerClient.requestTgtTicket(requestOptions);
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/b3018754/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/impl/AbstractInternalKrbClient.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/impl/AbstractInternalKrbClient.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/impl/AbstractInternalKrbClient.java
index 0dedc75..2c55ff8 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/impl/AbstractInternalKrbClient.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/impl/AbstractInternalKrbClient.java
@@ -97,6 +97,7 @@ public abstract class AbstractInternalKrbClient implements InternalKrbClient {
if (requestOptions.contains(KrbOption.CLIENT_PRINCIPAL)) {
String principal = requestOptions.getStringOption(
KrbOption.CLIENT_PRINCIPAL);
+ principal = fixPrincipal(principal);
asRequest.setClientPrincipal(new PrincipalName(principal));
}
asRequest.setKrbOptions(requestOptions);
@@ -121,8 +122,10 @@ public abstract class AbstractInternalKrbClient implements InternalKrbClient {
throw new IllegalArgumentException(
"No valid krb client request option found");
}
- tgsRequest.setServerPrincipal(new PrincipalName(requestOptions.
- getStringOption(KrbOption.SERVER_PRINCIPAL)));
+
+ String serverPrincipal = fixPrincipal(requestOptions.
+ getStringOption(KrbOption.SERVER_PRINCIPAL));
+ tgsRequest.setServerPrincipal(new PrincipalName(serverPrincipal));
tgsRequest.setKrbOptions(requestOptions);
return doRequestServiceTicket(tgsRequest);
@@ -133,4 +136,16 @@ public abstract class AbstractInternalKrbClient implements InternalKrbClient {
protected abstract ServiceTicket doRequestServiceTicket(
TgsRequest tgsRequest) throws KrbException;
+
+ /**
+ * Fix principal name.
+ *
+ * @param principal The principal name
+ */
+ protected String fixPrincipal(String principal) {
+ if (!principal.contains("@")) {
+ principal += "@" + krbSetting.getKdcRealm();
+ }
+ return principal;
+ }
}
[31/48] directory-kerby git commit: DIRKRB-429 Token issuer must be
trusted as one of preconfigured issuers.
Posted by pl...@apache.org.
DIRKRB-429 Token issuer must be trusted as one of preconfigured issuers.
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/d61b6ee9
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/d61b6ee9
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/d61b6ee9
Branch: refs/heads/pkinit-support
Commit: d61b6ee93d0f2a6e5ef257dd90d00efc1c9d2500
Parents: 0500943
Author: plusplus_jiajia <ji...@intel.com>
Authored: Mon Oct 19 14:59:32 2015 +0800
Committer: plusplus_jiajia <ji...@intel.com>
Committed: Mon Oct 19 14:59:32 2015 +0800
----------------------------------------------------------------------
.../apache/kerby/kerberos/kdc/WithTokenKdcTestBase.java | 1 +
.../kerb/integration/test/TokenLoginTestBase.java | 1 +
.../org/apache/kerby/kerberos/kerb/server/KdcConfig.java | 5 +++++
.../apache/kerby/kerberos/kerb/server/KdcConfigKey.java | 3 ++-
.../kerberos/kerb/server/preauth/token/TokenPreauth.java | 10 ++++++----
5 files changed, 15 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/d61b6ee9/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithTokenKdcTestBase.java
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithTokenKdcTestBase.java b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithTokenKdcTestBase.java
index 7dc24d3..9c0a8a2 100644
--- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithTokenKdcTestBase.java
+++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithTokenKdcTestBase.java
@@ -67,6 +67,7 @@ public class WithTokenKdcTestBase extends KdcTestBase {
super.configKdcSeverAndClient();
String verifyKeyPath = this.getClass().getResource("/").getPath();
getKdcServer().getKdcConfig().setString(KdcConfigKey.VERIFY_KEY, verifyKeyPath);
+ getKdcServer().getKdcConfig().setString(KdcConfigKey.ISSUERS, ISSUER);
}
protected AuthToken getKrbToken() {
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/d61b6ee9/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginTestBase.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginTestBase.java b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginTestBase.java
index 3943ffe..16ff65f 100644
--- a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginTestBase.java
+++ b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginTestBase.java
@@ -66,6 +66,7 @@ public class TokenLoginTestBase extends LoginTestBase {
isTokenPreauthAllowed());
String verifyKeyFile = this.getClass().getResource("/").getPath();
getKdcServer().getKdcConfig().setString(KdcConfigKey.VERIFY_KEY, verifyKeyFile);
+ getKdcServer().getKdcConfig().setString(KdcConfigKey.ISSUERS, "token-service");
}
protected Boolean isTokenPreauthAllowed() {
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/d61b6ee9/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfig.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfig.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfig.java
index e51b28d..dc2fc78 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfig.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfig.java
@@ -23,6 +23,7 @@ import org.apache.kerby.config.Conf;
import org.apache.kerby.kerberos.kerb.common.KrbConfHelper;
import org.apache.kerby.kerberos.kerb.spec.base.EncryptionType;
+import java.util.Arrays;
import java.util.List;
/**
@@ -165,4 +166,8 @@ public class KdcConfig extends Conf {
public String getVerifyKeyConfig() {
return KrbConfHelper.getStringUnderSection(this, KdcConfigKey.VERIFY_KEY);
}
+
+ public List<String> getIssuers() {
+ return Arrays.asList(KrbConfHelper.getStringArrayUnderSection(this, KdcConfigKey.ISSUERS));
+ }
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/d61b6ee9/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfigKey.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfigKey.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfigKey.java
index 1311b02..771c781 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfigKey.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfigKey.java
@@ -49,7 +49,8 @@ public enum KdcConfigKey implements SectionConfigKey {
ENCRYPTION_TYPES("aes128-cts-hmac-sha1-96 des3-cbc-sha1-kd"),
RESTRICT_ANONYMOUS_TO_TGT(false, "kdcdefaults"),
KDC_MAX_DGRAM_REPLY_SIZE(4096, "kdcdefaults"),
- VERIFY_KEY(null, "kdcdefaults");
+ VERIFY_KEY(null, "kdcdefaults"),
+ ISSUERS(null, "kdcdefaults");
private Object defaultValue;
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/d61b6ee9/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java
index ef06006..e5154ad 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java
@@ -72,11 +72,14 @@ public class TokenPreauth extends AbstractPreauthPlugin {
KeyUsage.PA_TOKEN, PaTokenRequest.class);
KrbToken token = paTokenRequest.getToken();
-
+ List<String> issuers = kdcRequest.getKdcContext().getConfig().getIssuers();
+ TokenInfo tokenInfo = paTokenRequest.getTokenInfo();
+ String issuer = tokenInfo.getTokenVendor();
+ if (!(issuers.contains(issuer))) {
+ throw new KrbException("Unconfigured issuer:" + issuer);
+ }
TokenDecoder tokenDecoder = KrbRuntime.getTokenProvider().createTokenDecoder();
if (tokenDecoder instanceof JwtTokenDecoder) {
- TokenInfo tokenInfo = paTokenRequest.getTokenInfo();
- String issuer = tokenInfo.getTokenVendor();
String verifyKeyPath = kdcRequest.getKdcContext().getConfig().getVerifyKeyConfig();
if (verifyKeyPath != null) {
File verifyKeyFile = getVerifyKeyFile(verifyKeyPath, issuer);
@@ -94,7 +97,6 @@ public class TokenPreauth extends AbstractPreauthPlugin {
}
}
}
-
AuthToken authToken = null;
try {
authToken = tokenDecoder.decodeFromBytes(token.getTokenValue());
[03/48] directory-kerby git commit: Added the kerby-ip-clearance doc
into the rat exclude files
Posted by pl...@apache.org.
Added the kerby-ip-clearance doc into the rat exclude files
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/8a38279f
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/8a38279f
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/8a38279f
Branch: refs/heads/pkinit-support
Commit: 8a38279f5bd9715ac7c0a9c5ffee8cfc0857f72e
Parents: 9206eeb
Author: Emmanuel Lécharny <el...@symas.com>
Authored: Thu Sep 10 11:26:04 2015 +0200
Committer: Emmanuel Lécharny <el...@symas.com>
Committed: Thu Sep 10 11:26:04 2015 +0200
----------------------------------------------------------------------
pom.xml | 2 ++
1 file changed, 2 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/8a38279f/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index 647dd5d..e0c3a8a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -160,6 +160,8 @@
<exclude>**/.checkstyle</exclude>
<!-- BIN files -->
<exclude>**/bin/**/*</exclude>
+ <!-- The IP clearance XML doc -->
+ <exclude>docs/kerby-ip-clearance.xml</exclude>
</excludes>
</configuration>
</plugin>
[10/48] directory-kerby git commit: DIRKRB-407 Fix tool's usage in
windows
Posted by pl...@apache.org.
DIRKRB-407 Fix tool's usage in windows
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/675e792e
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/675e792e
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/675e792e
Branch: refs/heads/pkinit-support
Commit: 675e792e1b65d753a8f5ec4ca92dc78f7d6d0290
Parents: 2167d16
Author: plusplusjiajia <ji...@intel.com>
Authored: Wed Sep 23 09:39:19 2015 +0800
Committer: plusplusjiajia <ji...@intel.com>
Committed: Wed Sep 23 09:39:19 2015 +0800
----------------------------------------------------------------------
.../org/apache/kerby/kerberos/kdc/KerbyKdcServer.java | 9 ++++++---
.../org/apache/kerby/kerberos/tool/kinit/KinitTool.java | 4 ++--
.../org/apache/kerby/kerberos/tool/klist/KlistTool.java | 4 ++--
.../apache/kerby/kerberos/tool/kadmin/KadminTool.java | 9 ++++++---
.../apache/kerby/kerberos/tool/kdcinit/KdcInitTool.java | 12 ++++++++----
5 files changed, 24 insertions(+), 14 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/675e792e/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/KerbyKdcServer.java
----------------------------------------------------------------------
diff --git a/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/KerbyKdcServer.java b/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/KerbyKdcServer.java
index 70c87d9..ac789b5 100644
--- a/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/KerbyKdcServer.java
+++ b/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/KerbyKdcServer.java
@@ -49,11 +49,14 @@ public class KerbyKdcServer extends KdcServer {
kadmin.checkBuiltinPrincipals();
}
- private static final String USAGE = OSUtil.isWindows()
- ? "Usage: bin/start-kdc.cmd" : "Usage: sh bin/start-kdc.sh"
+ private static final String USAGE = (OSUtil.isWindows()
+ ? "Usage: bin\\start-kdc.cmd" : "Usage: sh bin/start-kdc.sh")
+ " [conf-dir] [working-dir] \n"
+ "\tExample:\n"
- + "\t\tsh bin/start-kdc.sh conf runtime\n";
+ + "\t\t"
+ + (OSUtil.isWindows()
+ ? "bin\\start-kdc.cmd" : "sh bin/start-kdc.sh")
+ + " conf runtime\n";
public static void main(String[] args) throws KrbException {
if (args.length != 3) {
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/675e792e/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/kinit/KinitTool.java
----------------------------------------------------------------------
diff --git a/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/kinit/KinitTool.java b/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/kinit/KinitTool.java
index a2c5a7a..0a4ed6d 100644
--- a/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/kinit/KinitTool.java
+++ b/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/kinit/KinitTool.java
@@ -39,8 +39,8 @@ import java.util.Scanner;
*/
public class KinitTool {
- private static final String USAGE = OSUtil.isWindows()
- ? "Usage: bin/kinit.cmd" : "Usage: sh bin/kinit.sh"
+ private static final String USAGE = (OSUtil.isWindows()
+ ? "Usage: bin\\kinit.cmd" : "Usage: sh bin/kinit.sh")
+ " [-conf conf_dir] [-V] [-l lifetime] [-s start_time]\n"
+ "\t\t[-r renewable_life] [-f | -F] [-p | -P] -n [-a | -A] [-C] [-E]\n"
+ "\t\t[-v] [-R] [-k [-i|-t keytab_file]] [-c cachename]\n"
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/675e792e/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/klist/KlistTool.java
----------------------------------------------------------------------
diff --git a/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/klist/KlistTool.java b/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/klist/KlistTool.java
index 6df39c9..9ddb291 100644
--- a/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/klist/KlistTool.java
+++ b/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/klist/KlistTool.java
@@ -43,8 +43,8 @@ import java.util.List;
*/
public class KlistTool {
- private static final String USAGE = OSUtil.isWindows()
- ? "Usage: bin/klist.cmd" : "Usage: sh bin/klist.sh"
+ private static final String USAGE = (OSUtil.isWindows()
+ ? "Usage: bin\\klist.cmd" : "Usage: sh bin/klist.sh")
+ " [-e] [-V] [[-c] [-l] [-A] [-d] [-f] [-s] "
+ "[-a [-n]]] [-k [-t] [-K]] [name]\n"
+ "\t-c specifies credentials cache\n"
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/675e792e/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/KadminTool.java
----------------------------------------------------------------------
diff --git a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/KadminTool.java b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/KadminTool.java
index 6b071ee..34b75b4 100644
--- a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/KadminTool.java
+++ b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/KadminTool.java
@@ -87,11 +87,14 @@ public class KadminTool {
+ "list_requests, lr, ? List available requests.\n"
+ "quit, exit, q Exit program.";
- private static final String USAGE = OSUtil.isWindows()
- ? "Usage: bin/kadmin.cmd" : "Usage: sh bin/kadmin.sh"
+ private static final String USAGE = (OSUtil.isWindows()
+ ? "Usage: bin\\kadmin.cmd" : "Usage: sh bin/kadmin.sh")
+ " [conf-dir] [-c cache_name]|[-k keytab]\n"
+ "\tExample:\n"
- + "\t\tsh bin/kadmin.sh conf -k /home/admin.keytab\n";
+ + "\t\t"
+ + (OSUtil.isWindows()
+ ? "bin\\kadmin.cmd" : "sh bin/kadmin.sh")
+ + " conf -k admin.keytab\n";
private static void printUsage(String error) {
System.err.println(error + "\n");
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/675e792e/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kdcinit/KdcInitTool.java
----------------------------------------------------------------------
diff --git a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kdcinit/KdcInitTool.java b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kdcinit/KdcInitTool.java
index e34c497..13a83eb 100644
--- a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kdcinit/KdcInitTool.java
+++ b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kdcinit/KdcInitTool.java
@@ -32,12 +32,16 @@ public class KdcInitTool {
private Kadmin kadmin;
private static File keytabFile;
- private static final String USAGE = OSUtil.isWindows()
- ? "Usage: bin/kdcinit.cmd" : "Usage: sh bin/kdcinit.sh"
+ private static final String USAGE = (OSUtil.isWindows()
+ ? "Usage: bin\\kdcinit.cmd" : "Usage: sh bin/kdcinit.sh")
+ " [conf-dir] [output-keytab]\n"
+ "\tThis tool initializes KDC backend and should only be performed the first time,\n"
- + "\tand the output keytab should be carefully kept to administrate/kadmin KDC later.\nExample:\n"
- + "\t\tbin/kdcinit.sh conf /home/admin.keytab\n";
+ + "\tand the output keytab should be carefully kept to administrate/kadmin KDC later.\n"
+ + "\tExample:\n"
+ + "\t\t"
+ + (OSUtil.isWindows()
+ ? "bin\\kdcinit.cmd" : "sh bin/kdcinit.sh")
+ + " conf admin.keytab\n";
void initKdc(File confDir) throws KrbException {
kadmin = new Kadmin(confDir);
[25/48] directory-kerby git commit: Adding ability to encrypt and
sign using non-RSA keys
Posted by pl...@apache.org.
Adding ability to encrypt and sign using non-RSA keys
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/b283decc
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/b283decc
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/b283decc
Branch: refs/heads/pkinit-support
Commit: b283deccef2d44b6695e48fafae4192a2a2ad41d
Parents: eff5d0c
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Sep 30 12:21:37 2015 +0200
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Sep 30 14:54:31 2015 +0200
----------------------------------------------------------------------
.../provider/token/JwtTokenDecoder.java | 69 ++++++++--
.../provider/token/JwtTokenEncoder.java | 125 ++++++++++++++++---
.../kerberos/provider/token/TokenTest.java | 95 +++++++++++++-
3 files changed, 260 insertions(+), 29 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/b283decc/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtTokenDecoder.java
----------------------------------------------------------------------
diff --git a/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtTokenDecoder.java b/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtTokenDecoder.java
index ff9469d..4da2b93 100644
--- a/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtTokenDecoder.java
+++ b/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtTokenDecoder.java
@@ -20,7 +20,11 @@
package org.apache.kerby.kerberos.provider.token;
import com.nimbusds.jose.JOSEException;
+import com.nimbusds.jose.JWEDecrypter;
import com.nimbusds.jose.JWSVerifier;
+import com.nimbusds.jose.crypto.DirectDecrypter;
+import com.nimbusds.jose.crypto.ECDSAVerifier;
+import com.nimbusds.jose.crypto.MACVerifier;
import com.nimbusds.jose.crypto.RSADecrypter;
import com.nimbusds.jose.crypto.RSASSAVerifier;
import com.nimbusds.jwt.EncryptedJWT;
@@ -28,11 +32,16 @@ import com.nimbusds.jwt.JWT;
import com.nimbusds.jwt.JWTParser;
import com.nimbusds.jwt.PlainJWT;
import com.nimbusds.jwt.SignedJWT;
+
+import org.apache.kerby.kerberos.kerb.KrbException;
import org.apache.kerby.kerberos.kerb.provider.TokenDecoder;
import org.apache.kerby.kerberos.kerb.spec.base.AuthToken;
import java.io.IOException;
import java.nio.charset.Charset;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.text.ParseException;
@@ -43,8 +52,8 @@ import java.util.List;
* JWT token decoder, implemented using Nimbus JWT library.
*/
public class JwtTokenDecoder implements TokenDecoder {
- private RSAPrivateKey decryptionKey;
- private RSAPublicKey verifyKey;
+ private Object decryptionKey;
+ private Object verifyKey;
private List<String> audiences = null;
/**
@@ -133,20 +142,39 @@ public class JwtTokenDecoder implements TokenDecoder {
* @param encryptedJWT an encrypted JWT
*/
public void decryptEncryptedJWT(EncryptedJWT encryptedJWT) throws IOException {
- RSADecrypter decrypter = new RSADecrypter(decryptionKey);
try {
+ JWEDecrypter decrypter = getDecrypter();
encryptedJWT.decrypt(decrypter);
- } catch (JOSEException e) {
+ } catch (JOSEException | KrbException e) {
throw new IOException("Failed to decrypt the encrypted JWT", e);
}
}
+
+ private JWEDecrypter getDecrypter() throws JOSEException, KrbException {
+ if (decryptionKey instanceof RSAPrivateKey) {
+ return new RSADecrypter((RSAPrivateKey) decryptionKey);
+ } else if (decryptionKey instanceof byte[]) {
+ return new DirectDecrypter((byte[]) decryptionKey);
+ }
+
+ throw new KrbException("An unknown decryption key was specified");
+ }
/**
* Set the decryption key
*
* @param key a private key
*/
- public void setDecryptionKey(RSAPrivateKey key) {
+ public void setDecryptionKey(PrivateKey key) {
+ decryptionKey = key;
+ }
+
+ /**
+ * Set the decryption key
+ *
+ * @param key a secret key
+ */
+ public void setDecryptionKey(byte[] key) {
decryptionKey = key;
}
@@ -158,20 +186,43 @@ public class JwtTokenDecoder implements TokenDecoder {
* @return whether verify success
*/
public boolean verifySignedJWT(SignedJWT signedJWT) throws IOException {
- JWSVerifier verifier = new RSASSAVerifier(verifyKey);
try {
+ JWSVerifier verifier = getVerifier();
return signedJWT.verify(verifier);
- } catch (JOSEException e) {
+ } catch (JOSEException | KrbException e) {
throw new IOException("Failed to verify the signed JWT", e);
}
}
+
+ private JWSVerifier getVerifier() throws JOSEException, KrbException {
+ if (verifyKey instanceof RSAPublicKey) {
+ return new RSASSAVerifier((RSAPublicKey) verifyKey);
+ } else if (verifyKey instanceof ECPublicKey) {
+ ECPublicKey ecPublicKey = (ECPublicKey) verifyKey;
+ return new ECDSAVerifier(ecPublicKey.getW().getAffineX(),
+ ecPublicKey.getW().getAffineY());
+ } else if (verifyKey instanceof byte[]) {
+ return new MACVerifier((byte[]) verifyKey);
+ }
+
+ throw new KrbException("An unknown verify key was specified");
+ }
/**
* set the verify key
*
* @param key a public key
*/
- public void setVerifyKey(RSAPublicKey key) {
+ public void setVerifyKey(PublicKey key) {
+ verifyKey = key;
+ }
+
+ /**
+ * set the verify key
+ *
+ * @param key a byte[] key
+ */
+ public void setVerifyKey(byte[] key) {
verifyKey = key;
}
@@ -187,7 +238,7 @@ public class JwtTokenDecoder implements TokenDecoder {
private boolean verifyToken(JWT jwtToken) throws IOException {
boolean audValid = verifyAudiences(jwtToken);
boolean expValid = verifyExpiration(jwtToken);
- return audValid && expValid;
+ return audValid && expValid;
}
private boolean verifyAudiences(JWT jwtToken) throws IOException {
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/b283decc/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtTokenEncoder.java
----------------------------------------------------------------------
diff --git a/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtTokenEncoder.java b/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtTokenEncoder.java
index 707b231..44ef6e5 100644
--- a/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtTokenEncoder.java
+++ b/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtTokenEncoder.java
@@ -19,38 +19,47 @@
*/
package org.apache.kerby.kerberos.provider.token;
+import java.nio.charset.Charset;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.interfaces.ECPrivateKey;
+import java.security.interfaces.RSAPrivateKey;
+import java.security.interfaces.RSAPublicKey;
+import java.text.ParseException;
+
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.provider.TokenEncoder;
+import org.apache.kerby.kerberos.kerb.spec.base.AuthToken;
+
import com.nimbusds.jose.EncryptionMethod;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWEAlgorithm;
+import com.nimbusds.jose.JWEEncrypter;
import com.nimbusds.jose.JWEHeader;
import com.nimbusds.jose.JWEObject;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.JWSSigner;
import com.nimbusds.jose.Payload;
+import com.nimbusds.jose.crypto.DirectEncrypter;
+import com.nimbusds.jose.crypto.ECDSASigner;
+import com.nimbusds.jose.crypto.MACSigner;
import com.nimbusds.jose.crypto.RSAEncrypter;
import com.nimbusds.jose.crypto.RSASSASigner;
import com.nimbusds.jwt.EncryptedJWT;
import com.nimbusds.jwt.JWT;
import com.nimbusds.jwt.SignedJWT;
-import org.apache.kerby.kerberos.kerb.KrbException;
-import org.apache.kerby.kerberos.kerb.provider.TokenEncoder;
-import org.apache.kerby.kerberos.kerb.spec.base.AuthToken;
-
-import java.nio.charset.Charset;
-import java.security.interfaces.RSAPrivateKey;
-import java.security.interfaces.RSAPublicKey;
-import java.text.ParseException;
/**
* JWT token encoder, implemented using Nimbus JWT library.
*/
public class JwtTokenEncoder implements TokenEncoder {
- private static JWEAlgorithm jweAlgorithm = JWEAlgorithm.RSA_OAEP;
- private static EncryptionMethod encryptionMethod = EncryptionMethod.A128GCM;
- private static JWSAlgorithm jwsAlgorithm = JWSAlgorithm.RS256;
- private RSAPublicKey encryptionKey;
- private RSAPrivateKey signKey;
+ private JWEAlgorithm jweAlgorithm = JWEAlgorithm.RSA_OAEP;
+ private EncryptionMethod encryptionMethod = EncryptionMethod.A128GCM;
+ private JWSAlgorithm jwsAlgorithm = JWSAlgorithm.RS256;
+
+ private Object encryptionKey;
+ private Object signKey;
/**
* {@inheritDoc}
@@ -76,7 +85,7 @@ public class JwtTokenEncoder implements TokenEncoder {
String tokenStr = null;
if (signKey != null) {
// Create signer with the private key
- JWSSigner signer = new RSASSASigner(signKey);
+ JWSSigner signer = createSigner();
SignedJWT signedJWT = null;
try {
signedJWT = new SignedJWT(new JWSHeader(jwsAlgorithm), jwt.getJWTClaimsSet());
@@ -95,7 +104,7 @@ public class JwtTokenEncoder implements TokenEncoder {
new JWEHeader.Builder(jweAlgorithm, encryptionMethod).contentType("JWT").build(),
new Payload(signedJWT));
try {
- jweObject.encrypt(new RSAEncrypter(encryptionKey));
+ jweObject.encrypt(createEncryptor());
} catch (JOSEException e) {
throw new KrbException("Failed to encrypt the JWE object", e);
}
@@ -112,7 +121,7 @@ public class JwtTokenEncoder implements TokenEncoder {
throw new KrbException("Failed to get JWT claims set", e);
}
try {
- encryptedJWT.encrypt(new RSAEncrypter(encryptionKey));
+ encryptedJWT.encrypt(createEncryptor());
} catch (JOSEException e) {
throw new KrbException("Failed to encrypt the encrypted JWT", e);
}
@@ -123,13 +132,60 @@ public class JwtTokenEncoder implements TokenEncoder {
}
return tokenStr;
}
+
+ private JWSSigner createSigner() throws KrbException {
+ // Create signer with the private key
+ if (RSASSASigner.SUPPORTED_ALGORITHMS.contains(jwsAlgorithm)) {
+ if (!(signKey instanceof RSAPrivateKey)) {
+ throw new KrbException("An RSAPrivateKey key must be specified for signature");
+ }
+ return new RSASSASigner((RSAPrivateKey) signKey);
+ } else if (ECDSASigner.SUPPORTED_ALGORITHMS.contains(jwsAlgorithm)) {
+ if (!(signKey instanceof ECPrivateKey)) {
+ throw new KrbException("A ECPrivateKey key must be specified for signature");
+ }
+ return new ECDSASigner(((ECPrivateKey) signKey).getS());
+ } else if (MACSigner.SUPPORTED_ALGORITHMS.contains(jwsAlgorithm)) {
+ if (!(signKey instanceof byte[])) {
+ throw new KrbException("A byte[] key must be specified for signature");
+ }
+ return new MACSigner((byte[]) signKey);
+ }
+
+ throw new KrbException("An unknown signature algorithm was specified");
+ }
+
+ private JWEEncrypter createEncryptor() throws KrbException, JOSEException {
+ if (RSAEncrypter.SUPPORTED_ALGORITHMS.contains(jweAlgorithm)) {
+ if (!(encryptionKey instanceof RSAPublicKey)) {
+ throw new KrbException("An RSAPublicKey key must be specified for encryption");
+ }
+ return new RSAEncrypter((RSAPublicKey) encryptionKey);
+ } else if (DirectEncrypter.SUPPORTED_ALGORITHMS.contains(jweAlgorithm)) {
+ if (!(encryptionKey instanceof byte[])) {
+ throw new KrbException("A byte[] key must be specified for encryption");
+ }
+ return new DirectEncrypter((byte[]) encryptionKey);
+ }
+
+ throw new KrbException("An unknown encryption algorithm was specified");
+ }
/**
* set the encryption key
*
* @param key a public key
*/
- public void setEncryptionKey(RSAPublicKey key) {
+ public void setEncryptionKey(PublicKey key) {
+ encryptionKey = key;
+ }
+
+ /**
+ * set the encryption key
+ *
+ * @param key a secret key
+ */
+ public void setEncryptionKey(byte[] key) {
encryptionKey = key;
}
@@ -138,7 +194,40 @@ public class JwtTokenEncoder implements TokenEncoder {
*
* @param key a private key
*/
- public void setSignKey(RSAPrivateKey key) {
+ public void setSignKey(PrivateKey key) {
signKey = key;
}
+
+ /**
+ * set the sign key
+ *
+ * @param key a secret key
+ */
+ public void setSignKey(byte[] key) {
+ signKey = key;
+ }
+
+ public JWEAlgorithm getJweAlgorithm() {
+ return jweAlgorithm;
+ }
+
+ public void setJweAlgorithm(JWEAlgorithm jweAlgorithm) {
+ this.jweAlgorithm = jweAlgorithm;
+ }
+
+ public JWSAlgorithm getJwsAlgorithm() {
+ return jwsAlgorithm;
+ }
+
+ public void setJwsAlgorithm(JWSAlgorithm jwsAlgorithm) {
+ this.jwsAlgorithm = jwsAlgorithm;
+ }
+
+ public EncryptionMethod getEncryptionMethod() {
+ return encryptionMethod;
+ }
+
+ public void setEncryptionMethod(EncryptionMethod encryptionMethod) {
+ this.encryptionMethod = encryptionMethod;
+ }
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/b283decc/kerby-provider/token-provider/src/test/java/org/apache/kerby/kerberos/provider/token/TokenTest.java
----------------------------------------------------------------------
diff --git a/kerby-provider/token-provider/src/test/java/org/apache/kerby/kerberos/provider/token/TokenTest.java b/kerby-provider/token-provider/src/test/java/org/apache/kerby/kerberos/provider/token/TokenTest.java
index 6cb9a9c..0f15a50 100644
--- a/kerby-provider/token-provider/src/test/java/org/apache/kerby/kerberos/provider/token/TokenTest.java
+++ b/kerby-provider/token-provider/src/test/java/org/apache/kerby/kerberos/provider/token/TokenTest.java
@@ -27,6 +27,10 @@ import org.assertj.core.api.Assertions;
import org.junit.Before;
import org.junit.Test;
+import com.nimbusds.jose.JWEAlgorithm;
+import com.nimbusds.jose.JWSAlgorithm;
+
+import java.io.IOException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
@@ -36,6 +40,8 @@ import java.util.ArrayList;
import java.util.Date;
import java.util.List;
+import javax.crypto.KeyGenerator;
+
public class TokenTest {
static {
@@ -65,7 +71,7 @@ public class TokenTest {
authToken.setAudiences(auds);
// Set expiration in 60 minutes
- final Date now = new Date(new Date().getTime() / 1000 * 1000);
+ final Date now = new Date();
Date exp = new Date(now.getTime() + 1000 * 60 * 60);
authToken.setExpirationTime(exp);
@@ -121,6 +127,41 @@ public class TokenTest {
Assertions.assertThat(token2.getSubject()).isEqualTo(SUBJECT);
Assertions.assertThat(token2.getIssuer()).isEqualTo(ISSUER);
}
+
+ @Test
+ public void testTokenWithDirectEncryptedJWT() throws Exception {
+ TokenEncoder tokenEncoder = KrbRuntime.getTokenProvider().createTokenEncoder();
+ TokenDecoder tokenDecoder = KrbRuntime.getTokenProvider().createTokenDecoder();
+
+ KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
+ keyGenerator.init(128);
+ byte[] secretKey = keyGenerator.generateKey().getEncoded();
+
+ ((JwtTokenEncoder) tokenEncoder).setEncryptionKey(secretKey);
+ ((JwtTokenEncoder) tokenEncoder).setJweAlgorithm(JWEAlgorithm.DIR);
+ ((JwtTokenDecoder) tokenDecoder).setDecryptionKey(secretKey);
+ setAudience((JwtTokenDecoder) tokenDecoder, auds);
+
+ String tokenStr = tokenEncoder.encodeAsString(authToken);
+ Assertions.assertThat(tokenStr).isNotNull();
+
+ AuthToken token2 = tokenDecoder.decodeFromString(tokenStr);
+ Assertions.assertThat(token2.getSubject()).isEqualTo(SUBJECT);
+ Assertions.assertThat(token2.getIssuer()).isEqualTo(ISSUER);
+
+ // Now try with a different secret key
+ secretKey = keyGenerator.generateKey().getEncoded();
+ ((JwtTokenDecoder) tokenDecoder).setDecryptionKey(secretKey);
+
+ try {
+ tokenDecoder.decodeFromString(tokenStr);
+ Assertions.fail("Failure expected on a bad secret key");
+ } catch (IOException ex) {
+ String expectedError = "Failed to decrypt the encrypted JWT";
+ Assertions.assertThat(ex.getMessage().contains(expectedError));
+ // expected
+ }
+ }
@Test
public void testTokenWithSignedJWT() throws Exception {
@@ -137,9 +178,59 @@ public class TokenTest {
Assertions.assertThat(token2.getSubject()).isEqualTo(SUBJECT);
Assertions.assertThat(token2.getIssuer()).isEqualTo(ISSUER);
}
+
+ @Test
+ public void testTokenWithHMACSignedJWT() throws Exception {
+ TokenEncoder tokenEncoder = KrbRuntime.getTokenProvider().createTokenEncoder();
+ TokenDecoder tokenDecoder = KrbRuntime.getTokenProvider().createTokenDecoder();
+
+ KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
+ keyGenerator.init(256);
+ byte[] secretKey = keyGenerator.generateKey().getEncoded();
+
+ ((JwtTokenEncoder) tokenEncoder).setSignKey(secretKey);
+ ((JwtTokenEncoder) tokenEncoder).setJwsAlgorithm(JWSAlgorithm.HS256);
+ ((JwtTokenDecoder) tokenDecoder).setVerifyKey(secretKey);
+ setAudience((JwtTokenDecoder) tokenDecoder, auds);
+ String tokenStr = tokenEncoder.encodeAsString(authToken);
+ Assertions.assertThat(tokenStr).isNotNull();
+
+ AuthToken token2 = tokenDecoder.decodeFromString(tokenStr);
+ Assertions.assertThat(token2.getSubject()).isEqualTo(SUBJECT);
+ Assertions.assertThat(token2.getIssuer()).isEqualTo(ISSUER);
+
+ // Now try with a different secret key
+ secretKey = keyGenerator.generateKey().getEncoded();
+ ((JwtTokenDecoder) tokenDecoder).setVerifyKey(secretKey);
+
+ token2 = tokenDecoder.decodeFromString(tokenStr);
+ Assertions.assertThat(token2).isNull();
+ }
+
+ @Test
+ public void testTokenWithECDSASignedJWT() throws Exception {
+ TokenEncoder tokenEncoder = KrbRuntime.getTokenProvider().createTokenEncoder();
+ TokenDecoder tokenDecoder = KrbRuntime.getTokenProvider().createTokenDecoder();
+
+ KeyPairGenerator kpg = KeyPairGenerator.getInstance("EC");
+ KeyPair keyPair = kpg.generateKeyPair();
+
+ ((JwtTokenEncoder) tokenEncoder).setSignKey(keyPair.getPrivate());
+ ((JwtTokenEncoder) tokenEncoder).setJwsAlgorithm(JWSAlgorithm.ES256);
+ ((JwtTokenDecoder) tokenDecoder).setVerifyKey(keyPair.getPublic());
+ setAudience((JwtTokenDecoder) tokenDecoder, auds);
+
+ String tokenStr = tokenEncoder.encodeAsString(authToken);
+ Assertions.assertThat(tokenStr).isNotNull();
+
+ AuthToken token2 = tokenDecoder.decodeFromString(tokenStr);
+ Assertions.assertThat(token2.getSubject()).isEqualTo(SUBJECT);
+ Assertions.assertThat(token2.getIssuer()).isEqualTo(ISSUER);
+ }
+
@Test
- public void testTokenWithSingedAndEncryptedJWT() throws Exception {
+ public void testTokenWithSignedAndEncryptedJWT() throws Exception {
TokenEncoder tokenEncoder = KrbRuntime.getTokenProvider().createTokenEncoder();
TokenDecoder tokenDecoder = KrbRuntime.getTokenProvider().createTokenDecoder();
[45/48] directory-kerby git commit: DIRKRB-438 Build failure with
maven-surefire-plugin error.
Posted by pl...@apache.org.
DIRKRB-438 Build failure with maven-surefire-plugin error.
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/6006704d
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/6006704d
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/6006704d
Branch: refs/heads/pkinit-support
Commit: 6006704d8d1daf508e2c799b800ccead899a2493
Parents: 8ee7c59
Author: plusplusjiajia <ji...@intel.com>
Authored: Thu Oct 29 11:41:07 2015 +0800
Committer: plusplusjiajia <ji...@intel.com>
Committed: Thu Oct 29 11:41:07 2015 +0800
----------------------------------------------------------------------
kerby-kerb/kerb-server/pom.xml | 5 --
.../kerb/server/preauth/token/TokenPreauth.java | 61 ++++++++++----------
2 files changed, 29 insertions(+), 37 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/6006704d/kerby-kerb/kerb-server/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/pom.xml b/kerby-kerb/kerb-server/pom.xml
index 117cfb6..edb355c 100644
--- a/kerby-kerb/kerb-server/pom.xml
+++ b/kerby-kerb/kerb-server/pom.xml
@@ -47,10 +47,5 @@
<artifactId>kerb-identity</artifactId>
<version>${project.version}</version>
</dependency>
- <dependency>
- <groupId>org.apache.kerby</groupId>
- <artifactId>token-provider</artifactId>
- <version>${project.version}</version>
- </dependency>
</dependencies>
</project>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/6006704d/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java
index 7316070..adabe9f 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java
@@ -42,7 +42,6 @@ import org.apache.kerby.kerberos.kerb.spec.pa.PaDataEntry;
import org.apache.kerby.kerberos.kerb.spec.pa.PaDataType;
import org.apache.kerby.kerberos.kerb.spec.pa.token.PaTokenRequest;
import org.apache.kerby.kerberos.kerb.spec.pa.token.TokenInfo;
-import org.apache.kerby.kerberos.provider.token.JwtTokenDecoder;
import java.io.File;
import java.io.FileInputStream;
@@ -88,7 +87,7 @@ public class TokenPreauth extends AbstractPreauthPlugin {
AuthToken authToken = null;
try {
authToken = tokenDecoder.decodeFromBytes(token.getTokenValue());
- if (!((JwtTokenDecoder) tokenDecoder).isSigned()) {
+ if (!tokenDecoder.isSigned()) {
throw new KrbException("Token should be signed.");
}
} catch (IOException e) {
@@ -118,40 +117,38 @@ public class TokenPreauth extends AbstractPreauthPlugin {
return false;
}
}
-
+
private void configureKeys(TokenDecoder tokenDecoder, KdcRequest kdcRequest, String issuer) {
- if (tokenDecoder instanceof JwtTokenDecoder) {
- String verifyKeyPath = kdcRequest.getKdcContext().getConfig().getVerifyKeyConfig();
- if (verifyKeyPath != null) {
- File verifyKeyFile = getKeyFile(verifyKeyPath, issuer);
- if (verifyKeyFile != null) {
- PublicKey verifyKey = null;
- try {
- FileInputStream fis = new FileInputStream(verifyKeyFile);
- verifyKey = PublicKeyReader.loadPublicKey(fis);
- } catch (FileNotFoundException e) {
- e.printStackTrace();
- } catch (Exception e) {
- e.printStackTrace();
- }
- ((JwtTokenDecoder) tokenDecoder).setVerifyKey(verifyKey);
+ String verifyKeyPath = kdcRequest.getKdcContext().getConfig().getVerifyKeyConfig();
+ if (verifyKeyPath != null) {
+ File verifyKeyFile = getKeyFile(verifyKeyPath, issuer);
+ if (verifyKeyFile != null) {
+ PublicKey verifyKey = null;
+ try {
+ FileInputStream fis = new FileInputStream(verifyKeyFile);
+ verifyKey = PublicKeyReader.loadPublicKey(fis);
+ } catch (FileNotFoundException e) {
+ e.printStackTrace();
+ } catch (Exception e) {
+ e.printStackTrace();
}
+ tokenDecoder.setVerifyKey(verifyKey);
}
- String decryptionKeyPath = kdcRequest.getKdcContext().getConfig().getDecryptionKeyConfig();
- if (decryptionKeyPath != null) {
- File decryptionKeyFile = getKeyFile(decryptionKeyPath, issuer);
- if (decryptionKeyFile != null) {
- PrivateKey decryptionKey = null;
- try {
- FileInputStream fis = new FileInputStream(decryptionKeyFile);
- decryptionKey = PrivateKeyReader.loadPrivateKey(fis);
- } catch (FileNotFoundException e) {
- e.printStackTrace();
- } catch (Exception e) {
- e.printStackTrace();
- }
- ((JwtTokenDecoder) tokenDecoder).setDecryptionKey(decryptionKey);
+ }
+ String decryptionKeyPath = kdcRequest.getKdcContext().getConfig().getDecryptionKeyConfig();
+ if (decryptionKeyPath != null) {
+ File decryptionKeyFile = getKeyFile(decryptionKeyPath, issuer);
+ if (decryptionKeyFile != null) {
+ PrivateKey decryptionKey = null;
+ try {
+ FileInputStream fis = new FileInputStream(decryptionKeyFile);
+ decryptionKey = PrivateKeyReader.loadPrivateKey(fis);
+ } catch (FileNotFoundException e) {
+ e.printStackTrace();
+ } catch (Exception e) {
+ e.printStackTrace();
}
+ tokenDecoder.setDecryptionKey(decryptionKey);
}
}
}
[02/48] directory-kerby git commit: Moving back to RC1
Posted by pl...@apache.org.
Moving back to RC1
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/9206eebc
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/9206eebc
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/9206eebc
Branch: refs/heads/pkinit-support
Commit: 9206eebc494a7417811a30c0582cc52f3b23e667
Parents: 81e8c0a
Author: Emmanuel Lécharny <el...@symas.com>
Authored: Thu Sep 10 10:58:57 2015 +0200
Committer: Emmanuel Lécharny <el...@symas.com>
Committed: Thu Sep 10 10:58:57 2015 +0200
----------------------------------------------------------------------
benchmark/pom.xml | 2 +-
kerby-asn1/pom.xml | 2 +-
kerby-backend/json-backend/pom.xml | 2 +-
kerby-backend/ldap-backend/pom.xml | 2 +-
kerby-backend/mavibot-backend/pom.xml | 2 +-
kerby-backend/pom.xml | 2 +-
kerby-backend/zookeeper-backend/pom.xml | 2 +-
kerby-config/pom.xml | 2 +-
kerby-dist/kdc-dist/pom.xml | 2 +-
kerby-dist/pom.xml | 2 +-
kerby-dist/tool-dist/pom.xml | 2 +-
kerby-kdc-test/pom.xml | 2 +-
kerby-kdc/pom.xml | 2 +-
kerby-kerb/integration-test/pom.xml | 2 +-
kerby-kerb/kerb-admin/pom.xml | 2 +-
kerby-kerb/kerb-client-api-all/pom.xml | 2 +-
kerby-kerb/kerb-client/pom.xml | 2 +-
kerby-kerb/kerb-common/pom.xml | 2 +-
kerby-kerb/kerb-core-test/pom.xml | 2 +-
kerby-kerb/kerb-core/pom.xml | 2 +-
kerby-kerb/kerb-crypto/pom.xml | 2 +-
kerby-kerb/kerb-identity-test/pom.xml | 2 +-
kerby-kerb/kerb-identity/pom.xml | 2 +-
kerby-kerb/kerb-kdc-test/pom.xml | 2 +-
kerby-kerb/kerb-server-api-all/pom.xml | 2 +-
kerby-kerb/kerb-server/pom.xml | 2 +-
kerby-kerb/kerb-simplekdc/pom.xml | 2 +-
kerby-kerb/kerb-util/pom.xml | 2 +-
kerby-kerb/pom.xml | 2 +-
kerby-provider/pom.xml | 2 +-
kerby-provider/token-provider/pom.xml | 2 +-
kerby-tool/client-tool/pom.xml | 2 +-
kerby-tool/kdc-tool/pom.xml | 2 +-
kerby-tool/pom.xml | 2 +-
kerby-util/pom.xml | 2 +-
pom.xml | 2 +-
36 files changed, 36 insertions(+), 36 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9206eebc/benchmark/pom.xml
----------------------------------------------------------------------
diff --git a/benchmark/pom.xml b/benchmark/pom.xml
index ec7561a..3b10fdb 100644
--- a/benchmark/pom.xml
+++ b/benchmark/pom.xml
@@ -17,7 +17,7 @@
<parent>
<artifactId>kerby-all</artifactId>
<groupId>org.apache.kerby</groupId>
- <version>1.0.0-RC2-SNAPSHOT</version>
+ <version>1.0.0-RC1-SNAPSHOT</version>
</parent>
<artifactId>benchmark</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9206eebc/kerby-asn1/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-asn1/pom.xml b/kerby-asn1/pom.xml
index b89e06a..2b135a4 100644
--- a/kerby-asn1/pom.xml
+++ b/kerby-asn1/pom.xml
@@ -17,7 +17,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-all</artifactId>
- <version>1.0.0-RC2-SNAPSHOT</version>
+ <version>1.0.0-RC1-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9206eebc/kerby-backend/json-backend/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-backend/json-backend/pom.xml b/kerby-backend/json-backend/pom.xml
index f1f6e1f..3b34f17 100644
--- a/kerby-backend/json-backend/pom.xml
+++ b/kerby-backend/json-backend/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-backend</artifactId>
- <version>1.0.0-RC2-SNAPSHOT</version>
+ <version>1.0.0-RC1-SNAPSHOT</version>
</parent>
<artifactId>json-backend</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9206eebc/kerby-backend/ldap-backend/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-backend/ldap-backend/pom.xml b/kerby-backend/ldap-backend/pom.xml
index 7c3ae0f..315230e 100644
--- a/kerby-backend/ldap-backend/pom.xml
+++ b/kerby-backend/ldap-backend/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-backend</artifactId>
- <version>1.0.0-RC2-SNAPSHOT</version>
+ <version>1.0.0-RC1-SNAPSHOT</version>
</parent>
<artifactId>ldap-backend</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9206eebc/kerby-backend/mavibot-backend/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-backend/mavibot-backend/pom.xml b/kerby-backend/mavibot-backend/pom.xml
index 71a7454..f281a2c 100644
--- a/kerby-backend/mavibot-backend/pom.xml
+++ b/kerby-backend/mavibot-backend/pom.xml
@@ -22,7 +22,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-backend</artifactId>
- <version>1.0.0-RC2-SNAPSHOT</version>
+ <version>1.0.0-RC1-SNAPSHOT</version>
</parent>
<artifactId>mavibot-backend</artifactId>
<name>Mavibot based backend</name>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9206eebc/kerby-backend/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-backend/pom.xml b/kerby-backend/pom.xml
index 1305721..23aed47 100644
--- a/kerby-backend/pom.xml
+++ b/kerby-backend/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-all</artifactId>
- <version>1.0.0-RC2-SNAPSHOT</version>
+ <version>1.0.0-RC1-SNAPSHOT</version>
</parent>
<artifactId>kerby-backend</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9206eebc/kerby-backend/zookeeper-backend/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-backend/zookeeper-backend/pom.xml b/kerby-backend/zookeeper-backend/pom.xml
index 03b7cac..6b78437 100644
--- a/kerby-backend/zookeeper-backend/pom.xml
+++ b/kerby-backend/zookeeper-backend/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-backend</artifactId>
- <version>1.0.0-RC2-SNAPSHOT</version>
+ <version>1.0.0-RC1-SNAPSHOT</version>
</parent>
<artifactId>zookeeper-backend</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9206eebc/kerby-config/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-config/pom.xml b/kerby-config/pom.xml
index 41b7dc1..23203df 100644
--- a/kerby-config/pom.xml
+++ b/kerby-config/pom.xml
@@ -17,7 +17,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-all</artifactId>
- <version>1.0.0-RC2-SNAPSHOT</version>
+ <version>1.0.0-RC1-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9206eebc/kerby-dist/kdc-dist/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-dist/kdc-dist/pom.xml b/kerby-dist/kdc-dist/pom.xml
index b464e43..ad24caa 100644
--- a/kerby-dist/kdc-dist/pom.xml
+++ b/kerby-dist/kdc-dist/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-dist</artifactId>
- <version>1.0.0-RC2-SNAPSHOT</version>
+ <version>1.0.0-RC1-SNAPSHOT</version>
</parent>
<artifactId>kdc-dist</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9206eebc/kerby-dist/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-dist/pom.xml b/kerby-dist/pom.xml
index 6fc0948..775abb1 100644
--- a/kerby-dist/pom.xml
+++ b/kerby-dist/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-all</artifactId>
- <version>1.0.0-RC2-SNAPSHOT</version>
+ <version>1.0.0-RC1-SNAPSHOT</version>
</parent>
<artifactId>kerby-dist</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9206eebc/kerby-dist/tool-dist/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-dist/tool-dist/pom.xml b/kerby-dist/tool-dist/pom.xml
index 7bf67ce..2a7bfe7 100644
--- a/kerby-dist/tool-dist/pom.xml
+++ b/kerby-dist/tool-dist/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-dist</artifactId>
- <version>1.0.0-RC2-SNAPSHOT</version>
+ <version>1.0.0-RC1-SNAPSHOT</version>
</parent>
<artifactId>tool-dist</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9206eebc/kerby-kdc-test/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/pom.xml b/kerby-kdc-test/pom.xml
index a5d983c..6ed31e7 100644
--- a/kerby-kdc-test/pom.xml
+++ b/kerby-kdc-test/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-all</artifactId>
- <version>1.0.0-RC2-SNAPSHOT</version>
+ <version>1.0.0-RC1-SNAPSHOT</version>
</parent>
<artifactId>kerby-kdc-test</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9206eebc/kerby-kdc/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kdc/pom.xml b/kerby-kdc/pom.xml
index ed222ec..8223cf9 100644
--- a/kerby-kdc/pom.xml
+++ b/kerby-kdc/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-all</artifactId>
- <version>1.0.0-RC2-SNAPSHOT</version>
+ <version>1.0.0-RC1-SNAPSHOT</version>
</parent>
<artifactId>kerby-kdc</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9206eebc/kerby-kerb/integration-test/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/pom.xml b/kerby-kerb/integration-test/pom.xml
index d73c192..769bfc4 100644
--- a/kerby-kerb/integration-test/pom.xml
+++ b/kerby-kerb/integration-test/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-kerb</artifactId>
- <version>1.0.0-RC2-SNAPSHOT</version>
+ <version>1.0.0-RC1-SNAPSHOT</version>
</parent>
<artifactId>integration-test</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9206eebc/kerby-kerb/kerb-admin/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/pom.xml b/kerby-kerb/kerb-admin/pom.xml
index effc642..e44c4a2 100644
--- a/kerby-kerb/kerb-admin/pom.xml
+++ b/kerby-kerb/kerb-admin/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-kerb</artifactId>
- <version>1.0.0-RC2-SNAPSHOT</version>
+ <version>1.0.0-RC1-SNAPSHOT</version>
</parent>
<artifactId>kerb-admin</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9206eebc/kerby-kerb/kerb-client-api-all/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client-api-all/pom.xml b/kerby-kerb/kerb-client-api-all/pom.xml
index 41fb292..9e4f2c6 100644
--- a/kerby-kerb/kerb-client-api-all/pom.xml
+++ b/kerby-kerb/kerb-client-api-all/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-kerb</artifactId>
- <version>1.0.0-RC2-SNAPSHOT</version>
+ <version>1.0.0-RC1-SNAPSHOT</version>
</parent>
<artifactId>kerb-client-api-all</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9206eebc/kerby-kerb/kerb-client/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/pom.xml b/kerby-kerb/kerb-client/pom.xml
index d75eaea..a6cd0df 100644
--- a/kerby-kerb/kerb-client/pom.xml
+++ b/kerby-kerb/kerb-client/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-kerb</artifactId>
- <version>1.0.0-RC2-SNAPSHOT</version>
+ <version>1.0.0-RC1-SNAPSHOT</version>
</parent>
<artifactId>kerb-client</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9206eebc/kerby-kerb/kerb-common/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-common/pom.xml b/kerby-kerb/kerb-common/pom.xml
index e896aed..f47fba6 100644
--- a/kerby-kerb/kerb-common/pom.xml
+++ b/kerby-kerb/kerb-common/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-kerb</artifactId>
- <version>1.0.0-RC2-SNAPSHOT</version>
+ <version>1.0.0-RC1-SNAPSHOT</version>
</parent>
<artifactId>kerb-common</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9206eebc/kerby-kerb/kerb-core-test/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core-test/pom.xml b/kerby-kerb/kerb-core-test/pom.xml
index d796f98..9224218 100644
--- a/kerby-kerb/kerb-core-test/pom.xml
+++ b/kerby-kerb/kerb-core-test/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-kerb</artifactId>
- <version>1.0.0-RC2-SNAPSHOT</version>
+ <version>1.0.0-RC1-SNAPSHOT</version>
</parent>
<artifactId>kerb-core-test</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9206eebc/kerby-kerb/kerb-core/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/pom.xml b/kerby-kerb/kerb-core/pom.xml
index 1eb5140..d5e85c7 100644
--- a/kerby-kerb/kerb-core/pom.xml
+++ b/kerby-kerb/kerb-core/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-kerb</artifactId>
- <version>1.0.0-RC2-SNAPSHOT</version>
+ <version>1.0.0-RC1-SNAPSHOT</version>
</parent>
<artifactId>kerb-core</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9206eebc/kerby-kerb/kerb-crypto/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/pom.xml b/kerby-kerb/kerb-crypto/pom.xml
index 94c3a80..4975afd 100644
--- a/kerby-kerb/kerb-crypto/pom.xml
+++ b/kerby-kerb/kerb-crypto/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-kerb</artifactId>
- <version>1.0.0-RC2-SNAPSHOT</version>
+ <version>1.0.0-RC1-SNAPSHOT</version>
</parent>
<artifactId>kerb-crypto</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9206eebc/kerby-kerb/kerb-identity-test/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-identity-test/pom.xml b/kerby-kerb/kerb-identity-test/pom.xml
index abb4138..ee0f02e 100644
--- a/kerby-kerb/kerb-identity-test/pom.xml
+++ b/kerby-kerb/kerb-identity-test/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-kerb</artifactId>
- <version>1.0.0-RC2-SNAPSHOT</version>
+ <version>1.0.0-RC1-SNAPSHOT</version>
</parent>
<artifactId>kerb-identity-test</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9206eebc/kerby-kerb/kerb-identity/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-identity/pom.xml b/kerby-kerb/kerb-identity/pom.xml
index f1dd25a..890defd 100644
--- a/kerby-kerb/kerb-identity/pom.xml
+++ b/kerby-kerb/kerb-identity/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-kerb</artifactId>
- <version>1.0.0-RC2-SNAPSHOT</version>
+ <version>1.0.0-RC1-SNAPSHOT</version>
</parent>
<artifactId>kerb-identity</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9206eebc/kerby-kerb/kerb-kdc-test/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/pom.xml b/kerby-kerb/kerb-kdc-test/pom.xml
index fae0ea9..c592a01 100644
--- a/kerby-kerb/kerb-kdc-test/pom.xml
+++ b/kerby-kerb/kerb-kdc-test/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-kerb</artifactId>
- <version>1.0.0-RC2-SNAPSHOT</version>
+ <version>1.0.0-RC1-SNAPSHOT</version>
</parent>
<artifactId>kerb-kdc-test</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9206eebc/kerby-kerb/kerb-server-api-all/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server-api-all/pom.xml b/kerby-kerb/kerb-server-api-all/pom.xml
index fccc515..5d77d8c 100644
--- a/kerby-kerb/kerb-server-api-all/pom.xml
+++ b/kerby-kerb/kerb-server-api-all/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-kerb</artifactId>
- <version>1.0.0-RC2-SNAPSHOT</version>
+ <version>1.0.0-RC1-SNAPSHOT</version>
</parent>
<artifactId>kerb-server-api-all</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9206eebc/kerby-kerb/kerb-server/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/pom.xml b/kerby-kerb/kerb-server/pom.xml
index edb355c..a56e1cf 100644
--- a/kerby-kerb/kerb-server/pom.xml
+++ b/kerby-kerb/kerb-server/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-kerb</artifactId>
- <version>1.0.0-RC2-SNAPSHOT</version>
+ <version>1.0.0-RC1-SNAPSHOT</version>
</parent>
<artifactId>kerb-server</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9206eebc/kerby-kerb/kerb-simplekdc/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-simplekdc/pom.xml b/kerby-kerb/kerb-simplekdc/pom.xml
index 9e23c69..ee7a5d7 100644
--- a/kerby-kerb/kerb-simplekdc/pom.xml
+++ b/kerby-kerb/kerb-simplekdc/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-kerb</artifactId>
- <version>1.0.0-RC2-SNAPSHOT</version>
+ <version>1.0.0-RC1-SNAPSHOT</version>
</parent>
<artifactId>kerb-simplekdc</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9206eebc/kerby-kerb/kerb-util/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-util/pom.xml b/kerby-kerb/kerb-util/pom.xml
index 9c2afc7..a1d4380 100644
--- a/kerby-kerb/kerb-util/pom.xml
+++ b/kerby-kerb/kerb-util/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-kerb</artifactId>
- <version>1.0.0-RC2-SNAPSHOT</version>
+ <version>1.0.0-RC1-SNAPSHOT</version>
</parent>
<artifactId>kerb-util</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9206eebc/kerby-kerb/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/pom.xml b/kerby-kerb/pom.xml
index 768d899..b5e4211 100644
--- a/kerby-kerb/pom.xml
+++ b/kerby-kerb/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-all</artifactId>
- <version>1.0.0-RC2-SNAPSHOT</version>
+ <version>1.0.0-RC1-SNAPSHOT</version>
</parent>
<artifactId>kerby-kerb</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9206eebc/kerby-provider/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-provider/pom.xml b/kerby-provider/pom.xml
index 1519bd3..5c2516d 100644
--- a/kerby-provider/pom.xml
+++ b/kerby-provider/pom.xml
@@ -16,7 +16,7 @@
<parent>
<artifactId>kerby-all</artifactId>
<groupId>org.apache.kerby</groupId>
- <version>1.0.0-RC2-SNAPSHOT</version>
+ <version>1.0.0-RC1-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9206eebc/kerby-provider/token-provider/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-provider/token-provider/pom.xml b/kerby-provider/token-provider/pom.xml
index 74729c6..72405be 100644
--- a/kerby-provider/token-provider/pom.xml
+++ b/kerby-provider/token-provider/pom.xml
@@ -16,7 +16,7 @@
<parent>
<artifactId>kerby-provider</artifactId>
<groupId>org.apache.kerby</groupId>
- <version>1.0.0-RC2-SNAPSHOT</version>
+ <version>1.0.0-RC1-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9206eebc/kerby-tool/client-tool/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-tool/client-tool/pom.xml b/kerby-tool/client-tool/pom.xml
index b6fb6d1..7af6cc9 100644
--- a/kerby-tool/client-tool/pom.xml
+++ b/kerby-tool/client-tool/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-tool</artifactId>
- <version>1.0.0-RC2-SNAPSHOT</version>
+ <version>1.0.0-RC1-SNAPSHOT</version>
</parent>
<artifactId>client-tool</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9206eebc/kerby-tool/kdc-tool/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-tool/kdc-tool/pom.xml b/kerby-tool/kdc-tool/pom.xml
index 33f8eff..ab13016 100644
--- a/kerby-tool/kdc-tool/pom.xml
+++ b/kerby-tool/kdc-tool/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-tool</artifactId>
- <version>1.0.0-RC2-SNAPSHOT</version>
+ <version>1.0.0-RC1-SNAPSHOT</version>
</parent>
<artifactId>kdc-tool</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9206eebc/kerby-tool/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-tool/pom.xml b/kerby-tool/pom.xml
index b834f66..00d4489 100644
--- a/kerby-tool/pom.xml
+++ b/kerby-tool/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-all</artifactId>
- <version>1.0.0-RC2-SNAPSHOT</version>
+ <version>1.0.0-RC1-SNAPSHOT</version>
</parent>
<artifactId>kerby-tool</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9206eebc/kerby-util/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-util/pom.xml b/kerby-util/pom.xml
index 8756dc1..42683e5 100644
--- a/kerby-util/pom.xml
+++ b/kerby-util/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-all</artifactId>
- <version>1.0.0-RC2-SNAPSHOT</version>
+ <version>1.0.0-RC1-SNAPSHOT</version>
</parent>
<artifactId>kerby-util</artifactId>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9206eebc/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index 075e876..647dd5d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -24,7 +24,7 @@
<groupId>org.apache.kerby</groupId>
<artifactId>kerby-all</artifactId>
- <version>1.0.0-RC2-SNAPSHOT</version>
+ <version>1.0.0-RC1-SNAPSHOT</version>
<packaging>pom</packaging>
<name>Apache Kerby Project</name>