You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by co...@apache.org on 2016/07/21 11:28:47 UTC
directory-kerby git commit: Including the PKINIT certs in the client
response
Repository: directory-kerby
Updated Branches:
refs/heads/trunk 624d65348 -> b4a16e15c
Including the PKINIT certs in the client response
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/b4a16e15
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/b4a16e15
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/b4a16e15
Branch: refs/heads/trunk
Commit: b4a16e15c0473abf95b284ed5bcbdb359a099f13
Parents: 624d653
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Thu Jul 21 12:24:33 2016 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Thu Jul 21 12:24:33 2016 +0100
----------------------------------------------------------------------
.../kerb/client/preauth/pkinit/PkinitPreauth.java | 12 +++++++-----
.../kerb/server/preauth/pkinit/PkinitPreauth.java | 2 +-
2 files changed, 8 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/b4a16e15/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java
index df4af89..1d539aa 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java
@@ -373,13 +373,15 @@ public class PkinitPreauth extends AbstractPreauthPlugin {
}
CertificateSet certificateSet = signedData.getCertificates();
+ if (certificateSet == null || certificateSet.getElements().isEmpty()) {
+ throw new KrbException("No PKINIT Certs");
+ }
List<Certificate> certificates = new ArrayList<>();
- if (certificateSet != null) {
- List<CertificateChoices> certificateChoicesList = certificateSet.getElements();
- for (CertificateChoices certificateChoices : certificateChoicesList) {
- certificates.add(certificateChoices.getCertificate());
- }
+ List<CertificateChoices> certificateChoicesList = certificateSet.getElements();
+ for (CertificateChoices certificateChoices : certificateChoicesList) {
+ certificates.add(certificateChoices.getCertificate());
}
+
try {
PkinitCrypto.validateChain(certificates, x509Certificate);
} catch (Exception e) {
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/b4a16e15/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
index f332e62..d5c53f0 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
@@ -338,7 +338,7 @@ public class PkinitPreauth extends AbstractPreauthPlugin {
String oid = PkinitPlgCryptoContext.getIdPkinitDHKeyDataOID();
signedDataBytes = PkinitCrypto.cmsSignedDataCreate(KrbCodec.encode(kdcDhKeyInfo), oid, 3, null,
- null, null, null);
+ certificateSet, null, null);
dhRepInfo.setDHSignedData(signedDataBytes);