You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by co...@apache.org on 2017/07/03 11:00:34 UTC
[1/2] directory-kerby git commit: Reusing some code and some minor
fixes
Repository: directory-kerby
Updated Branches:
refs/heads/trunk 70fbd4b64 -> 7af3526f7
Reusing some code and some minor fixes
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/c39020d1
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/c39020d1
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/c39020d1
Branch: refs/heads/trunk
Commit: c39020d13a6e63e8169e07229ea0388de15387f2
Parents: 70fbd4b
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Mon Jul 3 11:42:04 2017 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Mon Jul 3 11:42:04 2017 +0100
----------------------------------------------------------------------
kerby-kerb/integration-test/pom.xml | 5 --
.../TokenLoginWithTokenPreauthEnabledTest.java | 57 +--------------
.../kerb/client/jaas/TokenAuthLoginModule.java | 14 ++--
.../kerb/client/jaas/TokenJaasKrbUtil.java | 4 +-
.../kerberos/kerb/server/GssInteropTest.java | 50 +------------
.../server/KerberosClientExceptionAction.java | 75 ++++++++++++++++++++
.../kerberos/kerb/server/LoginTestBase.java | 2 +-
7 files changed, 92 insertions(+), 115 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/c39020d1/kerby-kerb/integration-test/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/pom.xml b/kerby-kerb/integration-test/pom.xml
index 46fd801..07b571a 100644
--- a/kerby-kerb/integration-test/pom.xml
+++ b/kerby-kerb/integration-test/pom.xml
@@ -36,11 +36,6 @@
<groupId>org.apache.kerby</groupId>
<artifactId>kerb-kdc-test</artifactId>
<version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.apache.kerby</groupId>
- <artifactId>kerb-kdc-test</artifactId>
- <version>${project.version}</version>
<type>test-jar</type>
<scope>test</scope>
</dependency>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/c39020d1/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginWithTokenPreauthEnabledTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginWithTokenPreauthEnabledTest.java b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginWithTokenPreauthEnabledTest.java
index f8e7ee4..1b7bfb7 100644
--- a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginWithTokenPreauthEnabledTest.java
+++ b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginWithTokenPreauthEnabledTest.java
@@ -19,18 +19,12 @@
*/
package org.apache.kerby.kerberos.kerb.integration.test;
-import org.ietf.jgss.GSSContext;
-import org.ietf.jgss.GSSCredential;
-import org.ietf.jgss.GSSException;
-import org.ietf.jgss.GSSManager;
-import org.ietf.jgss.GSSName;
-import org.ietf.jgss.Oid;
+import org.apache.kerby.kerberos.kerb.server.KerberosClientExceptionAction;
import org.junit.Assert;
import org.junit.Test;
import javax.security.auth.Subject;
import java.security.Principal;
-import java.security.PrivilegedExceptionAction;
import java.util.Set;
/**
@@ -52,12 +46,12 @@ public class TokenLoginWithTokenPreauthEnabledTest extends TokenLoginTestBase {
public void testLoginWithTokenCache() throws Exception {
super.testLoginWithTokenCache();
}
-
+
@Test
public void testLoginWithTokenCacheGSS() throws Exception {
Subject subject = super.testLoginWithTokenCacheAndRetSubject();
Set<Principal> clientPrincipals = subject.getPrincipals();
-
+
// Get the service ticket
KerberosClientExceptionAction action =
new KerberosClientExceptionAction(clientPrincipals.iterator().next(),
@@ -66,50 +60,5 @@ public class TokenLoginWithTokenPreauthEnabledTest extends TokenLoginTestBase {
byte[] kerberosToken = (byte[]) Subject.doAs(subject, action);
Assert.assertNotNull(kerberosToken);
}
-
- /**
- * This class represents a PrivilegedExceptionAction implementation to
- * a service ticket from a Kerberos Key Distribution Center.
- */
- private class KerberosClientExceptionAction implements PrivilegedExceptionAction<byte[]> {
-
- private static final String JGSS_KERBEROS_TICKET_OID = "1.2.840.113554.1.2.2";
-
- private Principal clientPrincipal;
- private String serviceName;
-
- KerberosClientExceptionAction(Principal clientPrincipal, String serviceName) {
- this.clientPrincipal = clientPrincipal;
- this.serviceName = serviceName;
- }
- public byte[] run() throws GSSException {
- GSSManager gssManager = GSSManager.getInstance();
-
- GSSName gssService = gssManager.createName(serviceName,
- GSSName.NT_USER_NAME);
- Oid oid = new Oid(JGSS_KERBEROS_TICKET_OID);
- GSSName gssClient = gssManager.createName(clientPrincipal.getName(),
- GSSName.NT_USER_NAME);
- GSSCredential credentials = gssManager.createCredential(
- gssClient, GSSCredential.DEFAULT_LIFETIME, oid,
- GSSCredential.INITIATE_ONLY);
-
- GSSContext secContext = gssManager.createContext(
- gssService, oid, credentials, GSSContext.DEFAULT_LIFETIME
- );
-
- secContext.requestMutualAuth(false);
- secContext.requestCredDeleg(false);
-
- try {
- byte[] token = new byte[0];
- byte[] returnedToken = secContext.initSecContext(token,
- 0, token.length);
- return returnedToken;
- } finally {
- secContext.dispose();
- }
- }
- }
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/c39020d1/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/jaas/TokenAuthLoginModule.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/jaas/TokenAuthLoginModule.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/jaas/TokenAuthLoginModule.java
index fef1ee5..d883334 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/jaas/TokenAuthLoginModule.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/jaas/TokenAuthLoginModule.java
@@ -295,12 +295,14 @@ public class TokenAuthLoginModule implements LoginModule {
// Otherwise just write out the token (which could be already signed)
krbToken.setTokenValue(tokenStr.getBytes());
- try {
- JWT jwt = JWTParser.parse(tokenStr);
- authToken = new JwtAuthToken(jwt.getJWTClaimsSet());
- } catch (ParseException e) {
- // Invalid JWT encoding
- throw new RuntimeException("Failed to parse JWT token string", e);
+ if (authToken == null) {
+ try {
+ JWT jwt = JWTParser.parse(tokenStr);
+ authToken = new JwtAuthToken(jwt.getJWTClaimsSet());
+ } catch (ParseException e) {
+ // Invalid JWT encoding
+ throw new RuntimeException("Failed to parse JWT token string", e);
+ }
}
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/c39020d1/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/jaas/TokenJaasKrbUtil.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/jaas/TokenJaasKrbUtil.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/jaas/TokenJaasKrbUtil.java
index e9c91f1..0c69295 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/jaas/TokenJaasKrbUtil.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/jaas/TokenJaasKrbUtil.java
@@ -133,7 +133,9 @@ public class TokenJaasKrbUtil {
options.put(TokenAuthLoginModule.TOKEN, tokenStr);
}
options.put(TokenAuthLoginModule.ARMOR_CACHE, armorCache.getAbsolutePath());
- options.put(TokenAuthLoginModule.CREDENTIAL_CACHE, ccache.getAbsolutePath());
+ if (ccache != null) {
+ options.put(TokenAuthLoginModule.CREDENTIAL_CACHE, ccache.getAbsolutePath());
+ }
options.put(TokenAuthLoginModule.SIGN_KEY_FILE, signKeyFile.getAbsolutePath());
return new AppConfigurationEntry[]{
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/c39020d1/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/GssInteropTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/GssInteropTest.java b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/GssInteropTest.java
index cb74b3f..4787dac 100644
--- a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/GssInteropTest.java
+++ b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/GssInteropTest.java
@@ -14,7 +14,7 @@
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
- * under the License.
+ * under the License.
*
*/
package org.apache.kerby.kerberos.kerb.server;
@@ -63,7 +63,7 @@ public class GssInteropTest extends LoginTestBase {
validateServiceTicket(kerberosToken);
}
-
+
private void validateServiceTicket(byte[] ticket) throws Exception {
Subject serviceSubject = loginServiceUsingKeytab();
Set<Principal> servicePrincipals = serviceSubject.getPrincipals();
@@ -76,52 +76,6 @@ public class GssInteropTest extends LoginTestBase {
Subject.doAs(serviceSubject, serviceAction);
}
- /**
- * This class represents a PrivilegedExceptionAction implementation to
- * a service ticket from a Kerberos Key Distribution Center.
- */
- private class KerberosClientExceptionAction implements PrivilegedExceptionAction<byte[]> {
-
- private static final String JGSS_KERBEROS_TICKET_OID = "1.2.840.113554.1.2.2";
-
- private Principal clientPrincipal;
- private String serviceName;
-
- KerberosClientExceptionAction(Principal clientPrincipal, String serviceName) {
- this.clientPrincipal = clientPrincipal;
- this.serviceName = serviceName;
- }
-
- public byte[] run() throws GSSException {
- GSSManager gssManager = GSSManager.getInstance();
-
- GSSName gssService = gssManager.createName(serviceName,
- GSSName.NT_USER_NAME);
- Oid oid = new Oid(JGSS_KERBEROS_TICKET_OID);
- GSSName gssClient = gssManager.createName(clientPrincipal.getName(),
- GSSName.NT_USER_NAME);
- GSSCredential credentials = gssManager.createCredential(
- gssClient, GSSCredential.DEFAULT_LIFETIME, oid,
- GSSCredential.INITIATE_ONLY);
-
- GSSContext secContext = gssManager.createContext(
- gssService, oid, credentials, GSSContext.DEFAULT_LIFETIME
- );
-
- secContext.requestMutualAuth(false);
- secContext.requestCredDeleg(false);
-
- try {
- byte[] token = new byte[0];
- byte[] returnedToken = secContext.initSecContext(token,
- 0, token.length);
- return returnedToken;
- } finally {
- secContext.dispose();
- }
- }
- }
-
private static class KerberosServiceExceptionAction
implements PrivilegedExceptionAction<byte[]> {
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/c39020d1/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KerberosClientExceptionAction.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KerberosClientExceptionAction.java b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KerberosClientExceptionAction.java
new file mode 100644
index 0000000..645358b
--- /dev/null
+++ b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KerberosClientExceptionAction.java
@@ -0,0 +1,75 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.server;
+
+import java.security.Principal;
+import java.security.PrivilegedExceptionAction;
+
+import org.ietf.jgss.GSSContext;
+import org.ietf.jgss.GSSCredential;
+import org.ietf.jgss.GSSException;
+import org.ietf.jgss.GSSManager;
+import org.ietf.jgss.GSSName;
+import org.ietf.jgss.Oid;
+
+/**
+ * This class represents a PrivilegedExceptionAction implementation to
+ * a service ticket from a Kerberos Key Distribution Center.
+ */
+public class KerberosClientExceptionAction implements PrivilegedExceptionAction<byte[]> {
+
+ private static final String JGSS_KERBEROS_TICKET_OID = "1.2.840.113554.1.2.2";
+
+ private Principal clientPrincipal;
+ private String serviceName;
+
+ public KerberosClientExceptionAction(Principal clientPrincipal, String serviceName) {
+ this.clientPrincipal = clientPrincipal;
+ this.serviceName = serviceName;
+ }
+
+ public byte[] run() throws GSSException {
+ GSSManager gssManager = GSSManager.getInstance();
+
+ GSSName gssService = gssManager.createName(serviceName,
+ GSSName.NT_USER_NAME);
+ Oid oid = new Oid(JGSS_KERBEROS_TICKET_OID);
+ GSSName gssClient = gssManager.createName(clientPrincipal.getName(),
+ GSSName.NT_USER_NAME);
+ GSSCredential credentials =
+ gssManager.createCredential(gssClient, GSSCredential.DEFAULT_LIFETIME, oid,
+ GSSCredential.INITIATE_ONLY);
+
+ GSSContext secContext =
+ gssManager.createContext(gssService, oid, credentials, GSSContext.DEFAULT_LIFETIME);
+
+ secContext.requestMutualAuth(false);
+ secContext.requestCredDeleg(false);
+
+ try {
+ byte[] token = new byte[0];
+ byte[] returnedToken = secContext.initSecContext(token,
+ 0, token.length);
+ return returnedToken;
+ } finally {
+ secContext.dispose();
+ }
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/c39020d1/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/LoginTestBase.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/LoginTestBase.java b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/LoginTestBase.java
index a3e6e88..401d5bb 100644
--- a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/LoginTestBase.java
+++ b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/LoginTestBase.java
@@ -14,7 +14,7 @@
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
- * under the License.
+ * under the License.
*
*/
package org.apache.kerby.kerberos.kerb.server;
[2/2] directory-kerby git commit: Adding some negative tests for the
token login module
Posted by co...@apache.org.
Adding some negative tests for the token login module
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/7af3526f
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/7af3526f
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/7af3526f
Branch: refs/heads/trunk
Commit: 7af3526f71869ec4f73f8619a062633a22d66048
Parents: c39020d
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Mon Jul 3 11:55:27 2017 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Mon Jul 3 11:55:27 2017 +0100
----------------------------------------------------------------------
.../integration/test/TokenLoginTestBase.java | 12 +++++++--
.../TokenLoginWithTokenPreauthEnabledTest.java | 25 ++++++++++++++++++
.../src/test/resources/kdckeytest.pem | 27 ++++++++++++++++++++
.../kerb/client/jaas/TokenJaasKrbUtil.java | 4 ++-
4 files changed, 65 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/7af3526f/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginTestBase.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginTestBase.java b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginTestBase.java
index 0599bf4..140a81d 100644
--- a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginTestBase.java
+++ b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginTestBase.java
@@ -85,7 +85,7 @@ public class TokenLoginTestBase extends LoginTestBase {
return true;
}
- private String createTokenAndArmorCache() throws Exception {
+ protected String createTokenAndArmorCache() throws Exception {
TokenEncoder tokenEncoder = null;
try {
@@ -137,7 +137,7 @@ public class TokenLoginTestBase extends LoginTestBase {
return authToken;
}
- private Subject loginClientUsingTokenStr(String tokenStr, File armorCache, File tgtCache,
+ protected Subject loginClientUsingTokenStr(String tokenStr, File armorCache, File tgtCache,
File signKeyFile) throws Exception {
return TokenJaasKrbUtil.loginUsingToken(getClientPrincipal(), tokenStr, armorCache,
tgtCache, signKeyFile);
@@ -166,4 +166,12 @@ public class TokenLoginTestBase extends LoginTestBase {
checkSubject(subj);
return subj;
}
+
+ protected File getArmorCache() {
+ return armorCache;
+ }
+
+ protected File getTGTCache() {
+ return tgtCache;
+ }
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/7af3526f/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginWithTokenPreauthEnabledTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginWithTokenPreauthEnabledTest.java b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginWithTokenPreauthEnabledTest.java
index 1b7bfb7..9ca9aa7 100644
--- a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginWithTokenPreauthEnabledTest.java
+++ b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginWithTokenPreauthEnabledTest.java
@@ -24,6 +24,9 @@ import org.junit.Assert;
import org.junit.Test;
import javax.security.auth.Subject;
+import javax.security.auth.login.LoginException;
+
+import java.io.File;
import java.security.Principal;
import java.util.Set;
@@ -61,4 +64,26 @@ public class TokenLoginWithTokenPreauthEnabledTest extends TokenLoginTestBase {
Assert.assertNotNull(kerberosToken);
}
+ @Test
+ public void testUntrustedSignature() throws Exception {
+ String tokenStr = createTokenAndArmorCache();
+ File signKeyFile = new File(this.getClass().getResource("/kdckeytest.pem").getPath());
+ try {
+ loginClientUsingTokenStr(tokenStr, getArmorCache(), getTGTCache(), signKeyFile);
+ Assert.fail("Failure expected on a signature that is not trusted");
+ } catch (LoginException ex) { //NOPMD
+ // expected
+ }
+ }
+
+ @Test
+ public void testUnsignedToken() throws Exception {
+ String tokenStr = createTokenAndArmorCache();
+ try {
+ loginClientUsingTokenStr(tokenStr, getArmorCache(), getTGTCache(), null);
+ Assert.fail("Failure expected on an unsigned token");
+ } catch (LoginException ex) { //NOPMD
+ // expected
+ }
+ }
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/7af3526f/kerby-kerb/integration-test/src/test/resources/kdckeytest.pem
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/test/resources/kdckeytest.pem b/kerby-kerb/integration-test/src/test/resources/kdckeytest.pem
new file mode 100644
index 0000000..9fe020a
--- /dev/null
+++ b/kerby-kerb/integration-test/src/test/resources/kdckeytest.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEA1MLC7Ybdx2jskHc+IJYlEoGuH6yQYu/1D/5OShQcc3OGBqmb
+vLBoCizs2FqBb3FouACPlewePVPDEwytWxAc5oePwpCwoN+oC3oaJEg1Pei01EeO
+oMj/Smvsyce3TsYxYAyL7jPvetjYklfw6wt4fYAvHsThEMiZpFzD6hbQ4PNPYtsQ
+RrH4iVz7FsQ0UfLtFRmNODJj8NXYH9kedEHuKJWbqdUl5yfH9Uf8PkfuCxM+naog
+0+5YnGzo/sJgI6Si0Yn3oNDX3D/++7UC6t29bwo67zrzGZ4b/fCirZuCYg+c5mjG
+2yrYtQSVL3oLiyMrQ3SHNsI5CnkcmmKgSOMW2wIDAQABAoIBACotcfckhVLCuiLp
+gKd1HGRO0PX2f6kdaLeC8oI8+mbov+kSNo1xay6ZOVqqln5BPUE82zodVOFTeZiN
+KtCioRgSR62KgXli3S1pR0VqCyP6vd5XUS8OqY1XV9mofe5f2+nuks7l/NOdqVFZ
+naj63SgEAVNYNEXffpXWzf/aBg6R0KJj8AUotc+eN1y80RJSG+tR8Kzxuvwsb20H
+8m0sVWC/yXdM69Y+vW4YWObK0PpP6JznaECx/w2ihil3xAsf44YjvfOl1p+eP2uL
+G8m8nE3blVd+Fs2Vj9E28/Zt1NQAACavbi2x0vl4zPtup7g5tGrubgdgIM/uHPrs
+lDA2ngECgYEA+z6NpKgOQ8fomGztUylEkA7tlVqky/K/5j2a7f3f5yXCRCXOzsD7
++5awaKNKWNOLe4ynxXSVYxKWqDT4KkfZ/HSTUI4ozfymKSnpkLAirFNgIBCtAQuQ
+latU+1xVKo57Ev16oXsODZe1L5JYMTwiC4QGhljxtPy2kNT9MXEbctcCgYEA2Mm6
+xZuhSHQiRwTezfHC5AK+9qBX12c9cMBdGLdaaR4nAK0zDA1fHXTczF8EDOs3oCJZ
+RSTSBzNr7pTdfa7yFdmq6DA3mYeLWgpWBV2PcL6BDoNfomBpASUTWsIbPpGX7MXx
+hKTXa64aTeKT6zKaGLhwCKJDvmCyhy3guK3zf50CgYEAkJq4O4TecPSmUtSe47Zk
+1+U/qS66mwfkm0fp3AC61fdNkJuSJD2+ylc4wYD6UZWwOjQCfAtVz+fq/nU+QFeK
+h1sxTrQDmEtJ93dADx7RVg3Gza3LZUaauQobp3DFM/E9tPhflIGW3QvsJK0+RVgu
+4CHk/35B38Fz8ngkIkjPW5ECgYBB1wKigWG6X4sJhrEkWwiVtz/IJ2qGQRSn6cRc
+fVM4GbA+xFt8jZMVnyhv6WuRgN6kA8qY9VXUWgmtrAiY40ki2bjOS9aXClOIRRtb
+Bc9KrpEDl2K0LhO2BUybg9hCaHV7s6JmZqoGShozDV1fUT77wwhDlwR8DWIrLAPU
+EwChAQKBgHFSuzEBFu3VI4DtHObyV87E04MUC4RQxBp+K48HdO/zEy4M4/KtgFvr
+8LP8XhmDwwOSh34FI3qVqerePLEpqfEr89iDZ0zCmVR2O4vnhV8oXTVIinqXHWI0
+Qv//YHOKDRJ+jjU2dKm4KzACvwvuESEg/24siix9XZ3nZ8LvaGoC
+-----END RSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/7af3526f/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/jaas/TokenJaasKrbUtil.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/jaas/TokenJaasKrbUtil.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/jaas/TokenJaasKrbUtil.java
index 0c69295..0ec8df3 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/jaas/TokenJaasKrbUtil.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/jaas/TokenJaasKrbUtil.java
@@ -136,7 +136,9 @@ public class TokenJaasKrbUtil {
if (ccache != null) {
options.put(TokenAuthLoginModule.CREDENTIAL_CACHE, ccache.getAbsolutePath());
}
- options.put(TokenAuthLoginModule.SIGN_KEY_FILE, signKeyFile.getAbsolutePath());
+ if (signKeyFile != null) {
+ options.put(TokenAuthLoginModule.SIGN_KEY_FILE, signKeyFile.getAbsolutePath());
+ }
return new AppConfigurationEntry[]{
new AppConfigurationEntry(