You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by pl...@apache.org on 2015/07/30 08:24:31 UTC
[24/50] [abbrv] directory-kerby git commit: DIRKRB-379 Fix findbugs
problems for kerby-kerb module. Contributed by Yaning
DIRKRB-379 Fix findbugs problems for kerby-kerb module. Contributed by Yaning
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/fcc6ab34
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/fcc6ab34
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/fcc6ab34
Branch: refs/heads/pkinit-support
Commit: fcc6ab3474af2355022110b0cba1732b522c3714
Parents: b2bf00d
Author: Lin <li...@foxmail.com>
Authored: Sun Jul 19 00:34:59 2015 +0800
Committer: Lin <li...@foxmail.com>
Committed: Sun Jul 19 00:34:59 2015 +0800
----------------------------------------------------------------------
.../kerb/integration/test/AppClient.java | 24 +++---
.../kerb/integration/test/AppServer.java | 14 ++--
.../kerb/integration/test/Transport.java | 3 +-
.../kerb/integration/test/gss/GssAppClient.java | 31 ++++----
.../kerb/integration/test/gss/GssAppServer.java | 14 ++--
.../integration/test/sasl/SaslAppClient.java | 34 ++++----
.../integration/test/sasl/SaslAppServer.java | 30 ++++----
.../kerby/kerberos/kerb/admin/Kadmin.java | 2 +-
.../client/preauth/pkinit/PkinitPreauth.java | 2 +-
.../kerb/client/request/KdcRequest.java | 69 ++++++++---------
.../kerberos/kerb/common/EncryptionUtil.java | 9 ++-
.../kerb/preauth/builtin/EncTsPreauthMeta.java | 2 +-
.../kerb/preauth/builtin/TgtPreauthMeta.java | 2 +-
.../kerb/preauth/pkinit/PkinitIdenity.java | 4 +
.../kerb/preauth/pkinit/PkinitPreauthMeta.java | 2 +-
.../kerb/preauth/token/TokenPreauthMeta.java | 2 +-
.../kerberos/kerb/spec/base/CheckSumType.java | 44 +++++------
.../kerberos/kerb/spec/base/HostAddress.java | 2 +-
.../kerberos/kerb/spec/base/PrincipalName.java | 81 +++++++++-----------
.../kerb/crypto/cksum/HmacMd5Rc4CheckSum.java | 4 +-
.../crypto/cksum/provider/Crc32Provider.java | 2 +-
.../kerberos/kerb/crypto/enc/KeKiCmacEnc.java | 4 +-
.../kerb/crypto/enc/KeKiHmacSha1Enc.java | 4 +-
.../kerberos/kerb/crypto/fast/FastUtil.java | 4 +-
.../kerb/crypto/key/AbstractKeyMaker.java | 21 ++---
.../kerb/crypto/random/NativeRandom.java | 16 +++-
.../kerberos/kerb/crypto/util/Camellia.java | 2 -
.../kerberos/kerb/crypto/util/CamelliaKey.java | 37 ++++-----
.../kerby/kerberos/kerb/crypto/util/Rc4.java | 4 +-
.../kerberos/kerb/identity/KrbIdentity.java | 17 ++--
.../backend/AbstractIdentityBackend.java | 6 --
.../kerby/kerberos/kerb/server/KdcHandler.java | 7 +-
.../kerb/server/request/TickertIssuer.java | 4 +-
.../kerby/kerberos/kerb/client/JaasKrbUtil.java | 4 +-
.../kerby/kerberos/kerb/KrbInputStream.java | 7 +-
.../kerby/kerberos/kerb/KrbOutputStream.java | 3 +-
.../kerby/kerberos/kerb/ccache/Credential.java | 2 +
.../kerberos/kerb/ccache/CredentialCache.java | 67 ++++++++--------
.../apache/kerby/kerberos/kerb/ccache/Tag.java | 2 +-
.../kerby/kerberos/kerb/keytab/Keytab.java | 33 ++++----
40 files changed, 328 insertions(+), 293 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/fcc6ab34/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/AppClient.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/AppClient.java b/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/AppClient.java
index 68b2b09..264fab6 100644
--- a/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/AppClient.java
+++ b/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/AppClient.java
@@ -25,14 +25,6 @@ public abstract class AppClient {
private Transport.Connection conn;
private boolean isTestOK = false;
- protected void usage(String[] args) {
- if (args.length < 2) {
- System.err.println("Usage: java <options> AppClient "
- + "<server-host> <server-port>");
- System.exit(-1);
- }
- }
-
public AppClient(String[] args) throws Exception {
usage(args);
@@ -42,6 +34,14 @@ public abstract class AppClient {
this.conn = Transport.Connector.connect(hostName, port);
}
+ protected void usage(String[] args) {
+ if (args.length < 2) {
+ System.err.println("Usage: java <options> AppClient "
+ + "<server-host> <server-port>");
+ throw new RuntimeException("Arguments are invalid.");
+ }
+ }
+
public void run() {
System.out.println("Connected to server");
@@ -60,11 +60,11 @@ public abstract class AppClient {
protected abstract void withConnection(Transport.Connection conn) throws Exception;
- protected synchronized void setTestOK(boolean isOK) {
- this.isTestOK = isOK;
- }
-
public boolean isTestOK() {
return isTestOK;
}
+
+ protected synchronized void setTestOK(boolean isOK) {
+ this.isTestOK = isOK;
+ }
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/fcc6ab34/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/AppServer.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/AppServer.java b/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/AppServer.java
index 14b0cc7..337507c 100644
--- a/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/AppServer.java
+++ b/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/AppServer.java
@@ -29,13 +29,6 @@ public abstract class AppServer implements Runnable {
protected Transport.Acceptor acceptor;
private boolean terminated = false;
- protected void usage(String[] args) {
- if (args.length < 1) {
- System.err.println("Usage: AppServer <ListenPort>");
- System.exit(-1);
- }
- }
-
public AppServer(String[] args) throws IOException {
usage(args);
@@ -43,6 +36,13 @@ public abstract class AppServer implements Runnable {
this.acceptor = new Transport.Acceptor(listenPort);
}
+ protected void usage(String[] args) {
+ if (args.length < 1) {
+ System.err.println("Usage: AppServer <ListenPort>");
+ throw new RuntimeException("Usage: AppServer <ListenPort>");
+ }
+ }
+
public synchronized void start() {
new Thread(this).start();
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/fcc6ab34/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/Transport.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/Transport.java b/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/Transport.java
index 727f111..5aa7151 100644
--- a/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/Transport.java
+++ b/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/Transport.java
@@ -24,6 +24,7 @@ import java.io.DataOutputStream;
import java.io.IOException;
import java.net.ServerSocket;
import java.net.Socket;
+import java.nio.charset.Charset;
public class Transport {
@@ -129,7 +130,7 @@ public class Transport {
}
public Message(String header, byte[] body) {
- this.header = header.getBytes();
+ this.header = header.getBytes(Charset.forName("UTF-8"));
this.body = body;
}
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/fcc6ab34/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/gss/GssAppClient.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/gss/GssAppClient.java b/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/gss/GssAppClient.java
index 12bd424..fd5b4a2 100644
--- a/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/gss/GssAppClient.java
+++ b/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/gss/GssAppClient.java
@@ -29,20 +29,13 @@ import org.ietf.jgss.GSSName;
import org.ietf.jgss.MessageProp;
import org.ietf.jgss.Oid;
+import java.nio.charset.Charset;
+
public class GssAppClient extends AppClient {
private String clientPrincipal;
private String serverPrincipal;
private GSSManager manager;
- @Override
- protected void usage(String[] args) {
- if (args.length < 3) {
- System.err.println("Usage: GssAppClient <server-host> <server-port> "
- + "<client-principal> <server-principal> ");
- System.exit(-1);
- }
- }
-
public GssAppClient(String[] args) throws Exception {
super(args);
@@ -51,6 +44,20 @@ public class GssAppClient extends AppClient {
this.manager = GSSManager.getInstance();
}
+ public static void main(String[] args) throws Exception {
+ new GssAppClient(args).run();
+ }
+
+ @Override
+ protected void usage(String[] args) {
+ if (args.length < 3) {
+ System.err.println("Usage: GssAppClient <server-host> <server-port> "
+ + "<client-principal> <server-principal> ");
+ throw new RuntimeException("Usage: GssAppClient <server-host> <server-port> \"\n"
+ + " + \"<client-principal> <server-principal> ");
+ }
+ }
+
@Override
protected void withConnection(Transport.Connection conn) throws Exception {
Oid krb5Oid = new Oid("1.2.840.113554.1.2.2");
@@ -87,7 +94,7 @@ public class GssAppClient extends AppClient {
System.out.println("Mutual authentication took place!");
}
- byte[] messageBytes = "Hello There!\0".getBytes();
+ byte[] messageBytes = "Hello There!\0".getBytes(Charset.forName("UTF-8"));
MessageProp prop = new MessageProp(0, true);
token = context.wrap(messageBytes, 0, messageBytes.length, prop);
System.out.println("Will send wrap token of size " + token.length);
@@ -101,8 +108,4 @@ public class GssAppClient extends AppClient {
System.out.println("Verified received MIC for message.");
context.dispose();
}
-
- public static void main(String[] args) throws Exception {
- new GssAppClient(args).run();
- }
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/fcc6ab34/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/gss/GssAppServer.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/gss/GssAppServer.java b/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/gss/GssAppServer.java
index 8d9c6f4..5130a1a 100644
--- a/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/gss/GssAppServer.java
+++ b/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/gss/GssAppServer.java
@@ -29,6 +29,8 @@ import org.ietf.jgss.GSSName;
import org.ietf.jgss.MessageProp;
import org.ietf.jgss.Oid;
+import java.nio.charset.Charset;
+
public class GssAppServer extends AppServer {
private String serverPrincipal;
private GSSManager manager;
@@ -50,10 +52,14 @@ public class GssAppServer extends AppServer {
this.context = manager.createContext(credentials);
}
+ public static void main(String[] args) throws Exception {
+ new GssAppServer(args).run();
+ }
+
protected void usage(String[] args) {
if (args.length < 1) {
System.err.println("Usage: AppServer <ListenPort> <server-principal>");
- System.exit(-1);
+ throw new RuntimeException("Usage: AppServer <ListenPort> <server-principal>");
}
}
@@ -88,7 +94,7 @@ public class GssAppServer extends AppServer {
MessageProp prop = new MessageProp(0, false);
byte[] token = conn.recvToken();
byte[] bytes = context.unwrap(token, 0, token.length, prop);
- String str = new String(bytes);
+ String str = new String(bytes, Charset.forName("UTF-8"));
System.out.println("Received data \""
+ str + "\" of length " + str.length());
@@ -101,8 +107,4 @@ public class GssAppServer extends AppServer {
+ token.length);
conn.sendToken(token);
}
-
- public static void main(String[] args) throws Exception {
- new GssAppServer(args).run();
- }
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/fcc6ab34/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/sasl/SaslAppClient.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/sasl/SaslAppClient.java b/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/sasl/SaslAppClient.java
index 07ec6ab..6a3e195 100644
--- a/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/sasl/SaslAppClient.java
+++ b/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/sasl/SaslAppClient.java
@@ -6,21 +6,13 @@ import org.apache.kerby.kerberos.kerb.integration.test.Transport;
import javax.security.sasl.Sasl;
import javax.security.sasl.SaslClient;
import java.io.IOException;
+import java.nio.charset.Charset;
import java.util.HashMap;
import java.util.Map;
public class SaslAppClient extends AppClient {
private SaslClient saslClient;
- @Override
- protected void usage(String[] args) {
- if (args.length < 4) {
- System.err.println("Usage: SaslAppClient "
- + "<server-host> <server-port> <service-protocol> <server-fqdn>");
- System.exit(-1);
- }
- }
-
public SaslAppClient(String[] args) throws Exception {
super(args);
@@ -33,6 +25,20 @@ public class SaslAppClient extends AppClient {
protocol, serverFqdn, props, null);
}
+ public static void main(String[] args) throws Exception {
+ new SaslAppClient(args).run();
+ }
+
+ @Override
+ protected void usage(String[] args) {
+ if (args.length < 4) {
+ System.err.println("Usage: SaslAppClient "
+ + "<server-host> <server-port> <service-protocol> <server-fqdn>");
+ throw new RuntimeException("Usage: SaslAppClient "
+ + "<server-host> <server-port> <service-protocol> <server-fqdn>");
+ }
+ }
+
@Override
protected void withConnection(Transport.Connection conn) throws Exception {
byte[] token = saslClient.hasInitialResponse() ? new byte[0] : null;
@@ -56,7 +62,7 @@ public class SaslAppClient extends AppClient {
System.out.println("Context Established! ");
- token = "Hello There!\0".getBytes();
+ token = "Hello There!\0".getBytes(Charset.forName("UTF-8"));
System.out.println("Will send wrap token of size " + token.length);
conn.sendToken(token);
@@ -67,19 +73,15 @@ public class SaslAppClient extends AppClient {
private boolean isOK(Transport.Message msg) {
if (msg.header != null) {
- return new String(msg.header).equals("OK");
+ return new String(msg.header, Charset.forName("UTF-8")).equals("OK");
}
return false;
}
private boolean isContinue(Transport.Message msg) {
if (msg.header != null) {
- return new String(msg.header).equals("CONT");
+ return new String(msg.header, Charset.forName("UTF-8")).equals("CONT");
}
return false;
}
-
- public static void main(String[] args) throws Exception {
- new SaslAppClient(args).run();
- }
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/fcc6ab34/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/sasl/SaslAppServer.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/sasl/SaslAppServer.java b/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/sasl/SaslAppServer.java
index d54ad1f..4a7d897 100644
--- a/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/sasl/SaslAppServer.java
+++ b/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/sasl/SaslAppServer.java
@@ -11,6 +11,7 @@ import javax.security.sasl.Sasl;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
import java.io.IOException;
+import java.nio.charset.Charset;
import java.util.HashMap;
import java.util.Map;
@@ -19,15 +20,6 @@ public class SaslAppServer extends AppServer {
private String serviceProtocol;
private String serverFqdn;
- @Override
- protected void usage(String[] args) {
- if (args.length < 3) {
- System.err.println("Usage: SaslAppServer "
- + "<ListenPort> <service-protocol> <server-fqdn>");
- System.exit(-1);
- }
- }
-
public SaslAppServer(String[] args) throws Exception {
super(args);
@@ -36,6 +28,20 @@ public class SaslAppServer extends AppServer {
this.serverFqdn = args[2];
}
+ public static void main(String[] args) throws Exception {
+ new SaslAppServer(args).run();
+ }
+
+ @Override
+ protected void usage(String[] args) {
+ if (args.length < 3) {
+ System.err.println("Usage: SaslAppServer "
+ + "<ListenPort> <service-protocol> <server-fqdn>");
+ throw new RuntimeException("Usage: SaslAppServer "
+ + "<ListenPort> <service-protocol> <server-fqdn>");
+ }
+ }
+
@Override
protected void onConnection(Transport.Connection conn) throws Exception {
System.out.print("Starting negotiating security context");
@@ -75,7 +81,7 @@ public class SaslAppServer extends AppServer {
protected void doWith(SaslServer ss, Map<String, Object> props,
Transport.Connection conn) throws IOException, Exception {
byte[] token = conn.recvToken();
- String str = new String(token);
+ String str = new String(token, Charset.forName("UTF-8"));
System.out.println("Received data \""
+ str + "\" of length " + str.length());
}
@@ -110,8 +116,4 @@ public class SaslAppServer extends AppServer {
}
}
}
-
- public static void main(String[] args) throws Exception {
- new SaslAppServer(args).run();
- }
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/fcc6ab34/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/Kadmin.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/Kadmin.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/Kadmin.java
index 662e5c6..12a4ea8 100644
--- a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/Kadmin.java
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/Kadmin.java
@@ -212,7 +212,7 @@ public class Kadmin {
KrbIdentity identity = backend.getIdentity(principal);
if (identity == null) {
throw new KrbException("Principal \""
- + identity.getPrincipalName() + "\" does not exist.");
+ + principal + "\" does not exist.");
}
AdminHelper.updateIdentity(identity, kOptions);
backend.updateIdentity(identity);
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/fcc6ab34/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java
index e185a2f..76436b8 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java
@@ -154,7 +154,7 @@ public class PkinitPreauth extends AbstractPreauthPlugin {
PkAuthenticator pkAuthen = new PkAuthenticator();
boolean usingRsa = reqCtx.requestOpts.usingRsa;
- PaDataType paType = reqCtx.paType = PaDataType.PK_AS_REQ;
+ reqCtx.paType = PaDataType.PK_AS_REQ;
pkAuthen.setCtime(ctime);
pkAuthen.setCusec(cusec);
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/fcc6ab34/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/request/KdcRequest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/request/KdcRequest.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/request/KdcRequest.java
index 7ebc64d..8a3784e 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/request/KdcRequest.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/request/KdcRequest.java
@@ -53,9 +53,9 @@ import java.util.Map;
* A wrapper for KdcReq request
*/
public abstract class KdcRequest {
+ protected Map<String, Object> credCache;
private KrbContext context;
private Object sessionData;
-
private KOptions krbOptions;
private PrincipalName serverPrincipal;
private List<HostAddress> hostAddresses = new ArrayList<HostAddress>();
@@ -65,7 +65,6 @@ public abstract class KdcRequest {
private int chosenNonce;
private KdcReq kdcReq;
private KdcRep kdcRep;
- protected Map<String, Object> credCache;
private PreauthContext preauthContext;
private KrbFastRequestState fastRequestState;
private EncryptionKey asKey;
@@ -82,6 +81,17 @@ public abstract class KdcRequest {
this.fastRequestState = new KrbFastRequestState();
}
+ protected static Authenticator makeAuthenticator(PrincipalName clientName, String clientRealm, EncryptionKey subKey)
+ throws KrbException {
+ Authenticator authenticator = new Authenticator();
+ authenticator.setCname(clientName);
+ authenticator.setCrealm(clientRealm);
+ authenticator.setCtime(KerberosTime.now());
+ authenticator.setCusec(0);
+ authenticator.setSubKey(subKey);
+ return authenticator;
+ }
+
public KrbFastRequestState getFastRequestState() {
return fastRequestState;
}
@@ -91,41 +101,41 @@ public abstract class KdcRequest {
}
public byte[] getOuterRequestBody() {
- return outerRequestBody;
+ return outerRequestBody.clone();
}
public void setOuterRequestBody(byte[] outerRequestBody) {
- this.outerRequestBody = outerRequestBody;
- }
-
- public void setSessionData(Object sessionData) {
- this.sessionData = sessionData;
+ this.outerRequestBody = outerRequestBody.clone();
}
public Object getSessionData() {
return this.sessionData;
}
- public void setKrbOptions(KOptions options) {
- this.krbOptions = options;
+ public void setSessionData(Object sessionData) {
+ this.sessionData = sessionData;
}
public KOptions getKrbOptions() {
return krbOptions;
}
- public boolean isRetrying() {
- return isRetrying;
+ public void setKrbOptions(KOptions options) {
+ this.krbOptions = options;
}
- public void setAsKey(EncryptionKey asKey) {
- this.asKey = asKey;
+ public boolean isRetrying() {
+ return isRetrying;
}
public EncryptionKey getAsKey() throws KrbException {
return asKey;
}
+ public void setAsKey(EncryptionKey asKey) {
+ this.asKey = asKey;
+ }
+
public void setAllowedPreauth(PaDataType paType) {
preauthContext.setAllowedPaType(paType);
}
@@ -194,6 +204,10 @@ public abstract class KdcRequest {
return kdcOptions;
}
+ public void setKdcOptions(KdcOptions kdcOptions) {
+ this.kdcOptions = kdcOptions;
+ }
+
public HostAddresses getHostAddresses() {
HostAddresses addresses = null;
if (!hostAddresses.isEmpty()) {
@@ -205,24 +219,20 @@ public abstract class KdcRequest {
return addresses;
}
- public KrbContext getContext() {
- return context;
+ public void setHostAddresses(List<HostAddress> hostAddresses) {
+ this.hostAddresses = hostAddresses;
}
- protected byte[] decryptWithClientKey(EncryptedData data, KeyUsage usage) throws KrbException {
- return EncryptionHandler.decrypt(data, getClientKey(), usage);
+ public KrbContext getContext() {
+ return context;
}
public void setContext(KrbContext context) {
this.context = context;
}
- public void setHostAddresses(List<HostAddress> hostAddresses) {
- this.hostAddresses = hostAddresses;
- }
-
- public void setKdcOptions(KdcOptions kdcOptions) {
- this.kdcOptions = kdcOptions;
+ protected byte[] decryptWithClientKey(EncryptedData data, KeyUsage usage) throws KrbException {
+ return EncryptionHandler.decrypt(data, getClientKey(), usage);
}
public abstract PrincipalName getClientPrincipal();
@@ -371,15 +381,4 @@ public abstract class KdcRequest {
public void cacheValue(String key, Object value) {
credCache.put(key, value);
}
-
- protected static Authenticator makeAuthenticator(PrincipalName clientName, String clientRealm, EncryptionKey subKey)
- throws KrbException {
- Authenticator authenticator = new Authenticator();
- authenticator.setCname(clientName);
- authenticator.setCrealm(clientRealm);
- authenticator.setCtime(KerberosTime.now());
- authenticator.setCusec(0);
- authenticator.setSubKey(subKey);
- return authenticator;
- }
}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/fcc6ab34/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/EncryptionUtil.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/EncryptionUtil.java b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/EncryptionUtil.java
index bb81227..332c96f 100644
--- a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/EncryptionUtil.java
+++ b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/EncryptionUtil.java
@@ -54,13 +54,14 @@ public class EncryptionUtil {
public static String getAlgoNameFromEncType(EncryptionType encType) {
String cipherName = encType.getName().toLowerCase();
- for (String c : CIPHER_ALGO_MAP.keySet()) {
- if (cipherName.startsWith(c)) {
- return CIPHER_ALGO_MAP.get(c);
+ for (Map.Entry<String, String> entry : CIPHER_ALGO_MAP.entrySet()) {
+ if (cipherName.startsWith(entry.getKey())) {
+ return entry.getValue();
}
}
- throw new IllegalArgumentException("Unknown algorithm name for the encryption type " + encType);
+ throw new IllegalArgumentException("Unknown algorithm name for the encryption type "
+ + encType);
}
/**
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/fcc6ab34/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/builtin/EncTsPreauthMeta.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/builtin/EncTsPreauthMeta.java b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/builtin/EncTsPreauthMeta.java
index 3f19553..3106683 100644
--- a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/builtin/EncTsPreauthMeta.java
+++ b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/builtin/EncTsPreauthMeta.java
@@ -40,6 +40,6 @@ public class EncTsPreauthMeta implements PreauthPluginMeta {
}
public PaDataType[] getPaTypes() {
- return PA_TYPES;
+ return PA_TYPES.clone();
}
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/fcc6ab34/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/builtin/TgtPreauthMeta.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/builtin/TgtPreauthMeta.java b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/builtin/TgtPreauthMeta.java
index fb26842..d7d8aea 100644
--- a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/builtin/TgtPreauthMeta.java
+++ b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/builtin/TgtPreauthMeta.java
@@ -43,6 +43,6 @@ public class TgtPreauthMeta implements PreauthPluginMeta {
}
public PaDataType[] getPaTypes() {
- return PA_TYPES;
+ return PA_TYPES.clone();
}
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/fcc6ab34/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/pkinit/PkinitIdenity.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/pkinit/PkinitIdenity.java b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/pkinit/PkinitIdenity.java
index cebba78..a21bd5d 100644
--- a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/pkinit/PkinitIdenity.java
+++ b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/pkinit/PkinitIdenity.java
@@ -63,6 +63,8 @@ public class PkinitIdenity {
case DIR:
identityOpts.certFile = residual;
break;
+ default:
+ break;
}
}
@@ -102,6 +104,8 @@ public class PkinitIdenity {
case PKCS12:
loadCertsAsPkcs12(identityOpts, principal);
break;
+ default:
+ break;
}
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/fcc6ab34/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/pkinit/PkinitPreauthMeta.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/pkinit/PkinitPreauthMeta.java b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/pkinit/PkinitPreauthMeta.java
index 221ba4e..36adf7a 100644
--- a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/pkinit/PkinitPreauthMeta.java
+++ b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/pkinit/PkinitPreauthMeta.java
@@ -41,6 +41,6 @@ public class PkinitPreauthMeta implements PreauthPluginMeta {
}
public PaDataType[] getPaTypes() {
- return PA_TYPES;
+ return PA_TYPES.clone();
}
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/fcc6ab34/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/token/TokenPreauthMeta.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/token/TokenPreauthMeta.java b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/token/TokenPreauthMeta.java
index 8b648f6..ea897eb 100644
--- a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/token/TokenPreauthMeta.java
+++ b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/token/TokenPreauthMeta.java
@@ -41,6 +41,6 @@ public class TokenPreauthMeta implements PreauthPluginMeta {
}
public PaDataType[] getPaTypes() {
- return PA_TYPES;
+ return PA_TYPES.clone();
}
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/fcc6ab34/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/base/CheckSumType.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/base/CheckSumType.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/base/CheckSumType.java
index c6386fa..9ca0a65 100644
--- a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/base/CheckSumType.java
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/base/CheckSumType.java
@@ -78,6 +78,28 @@ public enum CheckSumType implements KrbEnum {
this.displayName = displayName;
}
+ public static CheckSumType fromValue(Integer value) {
+ if (value != null) {
+ for (KrbEnum e : values()) {
+ if (e.getValue() == value) {
+ return (CheckSumType) e;
+ }
+ }
+ }
+ return NONE;
+ }
+
+ public static CheckSumType fromName(String name) {
+ if (name != null) {
+ for (CheckSumType cs : values()) {
+ if (cs.getName().equals(name)) {
+ return cs;
+ }
+ }
+ }
+ return NONE;
+ }
+
@Override
public int getValue() {
return value;
@@ -98,26 +120,4 @@ public enum CheckSumType implements KrbEnum {
public boolean usesAES256() {
return name.contains("aes256");
}
-
- public static CheckSumType fromValue(Integer value) {
- if (value != null) {
- for (KrbEnum e : values()) {
- if (e.getValue() == value) {
- return (CheckSumType) e;
- }
- }
- }
- return NONE;
- }
-
- public static CheckSumType fromName(String name) {
- if (name != null) {
- for (CheckSumType cs : values()) {
- if (cs.getName() == name) {
- return (CheckSumType) cs;
- }
- }
- }
- return NONE;
- }
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/fcc6ab34/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/base/HostAddress.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/base/HostAddress.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/base/HostAddress.java
index 0936a8e..2c2a1b8 100644
--- a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/base/HostAddress.java
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/base/HostAddress.java
@@ -101,7 +101,7 @@ public class HostAddress extends KrbSequenceType {
public int hashCode() {
int result = getAddrType().getValue();
if (getAddress() != null) {
- result = 31 * result + getAddress().hashCode();
+ result = 31 * result + Arrays.hashCode(getAddress());
}
return result;
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/fcc6ab34/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/base/PrincipalName.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/base/PrincipalName.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/base/PrincipalName.java
index a69c6b5..65cbe36 100644
--- a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/base/PrincipalName.java
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/base/PrincipalName.java
@@ -35,15 +35,13 @@ import java.util.List;
}
*/
public class PrincipalName extends KrbSequenceType {
- private String realm;
-
private static final int NAME_TYPE = 0;
private static final int NAME_STRING = 1;
-
static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
new Asn1FieldInfo(NAME_TYPE, Asn1Integer.class),
new Asn1FieldInfo(NAME_STRING, KerberosStrings.class)
};
+ private String realm;
public PrincipalName() {
super(fieldInfos);
@@ -67,6 +65,38 @@ public class PrincipalName extends KrbSequenceType {
setNameType(type);
}
+ public static String extractRealm(String principal) {
+ int pos = principal.indexOf('@');
+
+ if (pos > 0) {
+ return principal.substring(pos + 1);
+ }
+
+ throw new IllegalArgumentException("Not a valid principal, missing realm name");
+ }
+
+ public static String extractName(String principal) {
+ int pos = principal.indexOf('@');
+
+ if (pos < 0) {
+ return principal;
+ }
+
+ return principal.substring(0, pos);
+ }
+
+ public static String makeSalt(PrincipalName principalName) {
+ StringBuilder salt = new StringBuilder();
+ if (principalName.getRealm() != null) {
+ salt.append(principalName.getRealm().toString());
+ }
+ List<String> nameStrings = principalName.getNameStrings();
+ for (String ns : nameStrings) {
+ salt.append(ns);
+ }
+ return salt.toString();
+ }
+
public NameType getNameType() {
Integer value = getFieldAsInteger(NAME_TYPE);
return NameType.fromValue(value);
@@ -88,14 +118,14 @@ public class PrincipalName extends KrbSequenceType {
setFieldAs(NAME_STRING, new KerberosStrings(nameStrings));
}
- public void setRealm(String realm) {
- this.realm = realm;
- }
-
public String getRealm() {
return this.realm;
}
+ public void setRealm(String realm) {
+ this.realm = realm;
+ }
+
public String getName() {
return makeSingleName();
}
@@ -137,10 +167,6 @@ public class PrincipalName extends KrbSequenceType {
return false;
} else if (this == other) {
return true;
- } else if (other instanceof String) {
- String otherPrincipal = (String) other;
- String thisPrincipal = getName();
- return thisPrincipal.equals(otherPrincipal);
} else if (!(other instanceof PrincipalName)) {
return false;
}
@@ -169,37 +195,4 @@ public class PrincipalName extends KrbSequenceType {
setRealm(tmpRealm);
}
- public static String extractRealm(String principal) {
- int pos = principal.indexOf('@');
-
- if (pos > 0) {
- return principal.substring(pos + 1);
- }
-
- throw new IllegalArgumentException("Not a valid principal, missing realm name");
- }
-
-
- public static String extractName(String principal) {
- int pos = principal.indexOf('@');
-
- if (pos < 0) {
- return principal;
- }
-
- return principal.substring(0, pos);
- }
-
- public static String makeSalt(PrincipalName principalName) {
- StringBuilder salt = new StringBuilder();
- if (principalName.getRealm() != null) {
- salt.append(principalName.getRealm().toString());
- }
- List<String> nameStrings = principalName.getNameStrings();
- for (String ns : nameStrings) {
- salt.append(ns);
- }
- return salt.toString();
- }
-
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/fcc6ab34/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacMd5Rc4CheckSum.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacMd5Rc4CheckSum.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacMd5Rc4CheckSum.java
index 529487a..787ec26 100644
--- a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacMd5Rc4CheckSum.java
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacMd5Rc4CheckSum.java
@@ -25,6 +25,8 @@ import org.apache.kerby.kerberos.kerb.crypto.cksum.provider.Md5Provider;
import org.apache.kerby.kerberos.kerb.KrbException;
import org.apache.kerby.kerberos.kerb.spec.base.CheckSumType;
+import java.nio.charset.Charset;
+
public class HmacMd5Rc4CheckSum extends AbstractKeyedCheckSumTypeHandler {
public HmacMd5Rc4CheckSum() {
@@ -55,7 +57,7 @@ public class HmacMd5Rc4CheckSum extends AbstractKeyedCheckSumTypeHandler {
protected byte[] doChecksumWithKey(byte[] data, int start, int len,
byte[] key, int usage) throws KrbException {
- byte[] signKey = "signaturekey".getBytes();
+ byte[] signKey = "signaturekey".getBytes(Charset.forName("UTF-8"));
byte[] newSignKey = new byte[signKey.length + 1];
System.arraycopy(signKey, 0, newSignKey, 0, signKey.length);
byte[] ksign = Hmac.hmac(hashProvider(), key, newSignKey);
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/fcc6ab34/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/provider/Crc32Provider.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/provider/Crc32Provider.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/provider/Crc32Provider.java
index 40e4fa8..1bace37 100644
--- a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/provider/Crc32Provider.java
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/provider/Crc32Provider.java
@@ -35,6 +35,6 @@ public class Crc32Provider extends AbstractHashProvider {
@Override
public byte[] output() {
- return output;
+ return output.clone();
}
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/fcc6ab34/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/KeKiCmacEnc.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/KeKiCmacEnc.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/KeKiCmacEnc.java
index 03c5339..2ee020a 100644
--- a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/KeKiCmacEnc.java
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/KeKiCmacEnc.java
@@ -25,6 +25,8 @@ import org.apache.kerby.kerberos.kerb.crypto.util.Cmac;
import org.apache.kerby.kerberos.kerb.KrbException;
import org.apache.kerby.kerberos.kerb.spec.base.EncryptionType;
+import java.nio.charset.Charset;
+
public abstract class KeKiCmacEnc extends KeKiEnc {
private DkKeyMaker km;
@@ -46,7 +48,7 @@ public abstract class KeKiCmacEnc extends KeKiEnc {
@Override
public byte[] prf(byte[] key, byte[] seed) throws KrbException {
- byte[] prfConst = "prf".getBytes();
+ byte[] prfConst = "prf".getBytes(Charset.forName("UTF-8"));
byte[] kp;
if (EncryptionHandler.getEncHandler(this.eType()).prfSize() != encProvider().blockSize()) {
return null;
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/fcc6ab34/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/KeKiHmacSha1Enc.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/KeKiHmacSha1Enc.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/KeKiHmacSha1Enc.java
index c7c31da..a2823a2 100644
--- a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/KeKiHmacSha1Enc.java
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/KeKiHmacSha1Enc.java
@@ -24,6 +24,8 @@ import org.apache.kerby.kerberos.kerb.crypto.util.Hmac;
import org.apache.kerby.kerberos.kerb.crypto.cksum.HashProvider;
import org.apache.kerby.kerberos.kerb.KrbException;
+import java.nio.charset.Charset;
+
public abstract class KeKiHmacSha1Enc extends KeKiEnc {
private DkKeyMaker km;
@@ -36,7 +38,7 @@ public abstract class KeKiHmacSha1Enc extends KeKiEnc {
@Override
public byte[] prf(byte[] key, byte[] seed) throws KrbException {
- byte[] prfConst = "prf".getBytes();
+ byte[] prfConst = "prf".getBytes(Charset.forName("UTF-8"));
int cksumSize = (hashProvider().hashSize() / encProvider().blockSize()) * encProvider().blockSize();
byte[] cksum = new byte[cksumSize];
byte[] kp;
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/fcc6ab34/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/fast/FastUtil.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/fast/FastUtil.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/fast/FastUtil.java
index 48a0823..8d1ee31 100644
--- a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/fast/FastUtil.java
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/fast/FastUtil.java
@@ -23,6 +23,8 @@ import org.apache.kerby.kerberos.kerb.KrbException;
import org.apache.kerby.kerberos.kerb.crypto.EncryptionHandler;
import org.apache.kerby.kerberos.kerb.spec.base.EncryptionKey;
+import java.nio.charset.Charset;
+
/**
* Implementing FAST (RFC6113) armor key related algorithms.
* Take two keys and two pepper strings as input and return a combined key.
@@ -42,7 +44,7 @@ public class FastUtil {
int prfSize = EncryptionHandler.getEncHandler(key.getKeyType()).prfSize();
int iterations = keyBytesLen / prfSize;
prfInbuf[0] = 1;
- System.arraycopy(pepper.getBytes(), 0, prfInbuf, 1, pepper.length());
+ System.arraycopy(pepper.getBytes(Charset.forName("UTF-8")), 0, prfInbuf, 1, pepper.length());
if (keyBytesLen % prfSize != 0) {
iterations++;
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/fcc6ab34/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/key/AbstractKeyMaker.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/key/AbstractKeyMaker.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/key/AbstractKeyMaker.java
index 69ba1f8..f57f21b 100644
--- a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/key/AbstractKeyMaker.java
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/key/AbstractKeyMaker.java
@@ -24,10 +24,11 @@ import org.apache.kerby.kerberos.kerb.crypto.enc.EncryptProvider;
import org.apache.kerby.kerberos.kerb.KrbException;
import java.io.UnsupportedEncodingException;
+import java.nio.charset.Charset;
public abstract class AbstractKeyMaker implements KeyMaker {
- protected static final byte[] KERBEROS_CONSTANT = "kerberos".getBytes();
+ static final byte[] KERBEROS_CONSTANT = "kerberos".getBytes(Charset.forName("UTF-8"));
private EncryptProvider encProvider;
@@ -35,15 +36,6 @@ public abstract class AbstractKeyMaker implements KeyMaker {
this.encProvider = encProvider;
}
- protected EncryptProvider encProvider() {
- return encProvider;
- }
-
- @Override
- public byte[] random2Key(byte[] randomBits) throws KrbException {
- return new byte[0];
- }
-
/**
* Visible for test
*/
@@ -90,4 +82,13 @@ public abstract class AbstractKeyMaker implements KeyMaker {
return saltBytes;
}
}
+
+ protected EncryptProvider encProvider() {
+ return encProvider;
+ }
+
+ @Override
+ public byte[] random2Key(byte[] randomBits) throws KrbException {
+ return new byte[0];
+ }
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/fcc6ab34/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/random/NativeRandom.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/random/NativeRandom.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/random/NativeRandom.java
index 872874d..4c58a1e 100644
--- a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/random/NativeRandom.java
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/random/NativeRandom.java
@@ -45,18 +45,30 @@ public class NativeRandom implements RandomProvider {
@Override
public void setSeed(byte[] seed) {
+ OutputStream output = null;
try {
- OutputStream output = new FileOutputStream(randFile);
+ output = new FileOutputStream(randFile);
output.write(seed);
+ output.flush();
} catch (IOException e) {
e.printStackTrace();
+ } finally {
+ if (output != null) {
+ try {
+ output.close();
+ } catch (IOException e) {
+ e.printStackTrace();
+ }
+ }
}
}
@Override
public void nextBytes(byte[] bytes) {
try {
- input.read(bytes);
+ if (input.read(bytes) == -1) {
+ throw new IOException();
+ }
} catch (IOException e) {
e.printStackTrace();
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/fcc6ab34/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/util/Camellia.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/util/Camellia.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/util/Camellia.java
index 82f0677..e2b2950 100644
--- a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/util/Camellia.java
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/util/Camellia.java
@@ -112,7 +112,6 @@ public class Camellia {
}
public void encrypt(byte[] data, byte[] iv) {
- byte[] cipher = new byte[BLOCK_SIZE];
byte[] cipherState = new byte[BLOCK_SIZE];
int blocksNum = (data.length + BLOCK_SIZE - 1) / BLOCK_SIZE;
@@ -161,7 +160,6 @@ public class Camellia {
}
public void decrypt(byte[] data, byte[] iv) {
- byte[] cipher = new byte[BLOCK_SIZE];
byte[] cipherState = new byte[BLOCK_SIZE];
int blocksNum = (data.length + BLOCK_SIZE - 1) / BLOCK_SIZE;
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/fcc6ab34/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/util/CamelliaKey.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/util/CamelliaKey.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/util/CamelliaKey.java
index d641f9e..30423b3 100644
--- a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/util/CamelliaKey.java
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/util/CamelliaKey.java
@@ -27,23 +27,8 @@ package org.apache.kerby.kerberos.kerb.crypto.util;
@SuppressWarnings("PMD")
public class CamelliaKey {
- private int keySize;
-
- protected int[] subkey = new int[24 * 4];
- protected int[] kw = new int[4 * 2]; // for whitening
- protected int[] ke = new int[6 * 2]; // for FL and FL^(-1)
-
- private static final int[] SIGMA = {
- 0xa09e667f, 0x3bcc908b,
- 0xb67ae858, 0x4caa73b2,
- 0xc6ef372f, 0xe94f82be,
- 0x54ff53a5, 0xf1d36f1c,
- 0x10e527fa, 0xde682d1d,
- 0xb05688c2, 0xb3e6c1fd
- };
-
// S-box data
- protected static final byte[] SBOX1 = {
+ static final byte[] SBOX1 = {
(byte) 112, (byte) 130, (byte) 44, (byte) 236,
(byte) 179, (byte) 39, (byte) 192, (byte) 229,
(byte) 228, (byte) 133, (byte) 87, (byte) 53,
@@ -109,15 +94,23 @@ public class CamelliaKey {
(byte) 21, (byte) 227, (byte) 173, (byte) 244,
(byte) 119, (byte) 199, (byte) 128, (byte) 158
};
+ private static final int[] SIGMA = {
+ 0xa09e667f, 0x3bcc908b,
+ 0xb67ae858, 0x4caa73b2,
+ 0xc6ef372f, 0xe94f82be,
+ 0x54ff53a5, 0xf1d36f1c,
+ 0x10e527fa, 0xde682d1d,
+ 0xb05688c2, 0xb3e6c1fd
+ };
+ protected int[] subkey = new int[24 * 4];
+ protected int[] kw = new int[4 * 2]; // for whitening
+ protected int[] ke = new int[6 * 2]; // for FL and FL^(-1)
+ private int keySize;
public CamelliaKey(byte[] key, boolean isEncrypt) {
init(key, isEncrypt);
}
- protected boolean is128() {
- return keySize == 16;
- }
-
private static int rightRotate(int x, int s) {
return (((x) >>> (s)) + ((x) << (32 - s)));
}
@@ -174,6 +167,10 @@ public class CamelliaKey {
ki[3 + ioff] = ko[1 + ooff];
}
+ protected boolean is128() {
+ return keySize == 16;
+ }
+
private byte lRot8(byte v, int rot) {
return (byte) ((v << rot) | ((v & 0xff) >>> (8 - rot)));
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/fcc6ab34/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/util/Rc4.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/util/Rc4.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/util/Rc4.java
index 072fd43..5a800c6 100644
--- a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/util/Rc4.java
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/util/Rc4.java
@@ -19,12 +19,14 @@
*/
package org.apache.kerby.kerberos.kerb.crypto.util;
+import java.nio.charset.Charset;
+
/**
* Ref. MIT krb5 enc_rc4.c
*/
public class Rc4 {
- private static final byte[] L40 = "fortybits".getBytes();
+ private static final byte[] L40 = "fortybits".getBytes(Charset.forName("UTF-8"));
public static byte[] getSalt(int usage, boolean exportable) {
int newUsage = convertUsage(usage);
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/fcc6ab34/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/KrbIdentity.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/KrbIdentity.java b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/KrbIdentity.java
index c3a7d97..420772b 100644
--- a/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/KrbIdentity.java
+++ b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/KrbIdentity.java
@@ -156,17 +156,18 @@ public class KrbIdentity {
return false;
}
- KrbIdentity other = (KrbIdentity) obj;
-
- if (principal == null) {
- if (other.principal != null) {
+ if (obj instanceof KrbIdentity) {
+ KrbIdentity other = (KrbIdentity) obj;
+ if (principal == null) {
+ if (other.principal != null) {
+ return false;
+ }
+ } else if (!principal.equals(other.principal)) {
return false;
}
- } else if (!principal.equals(other.principal)) {
- return false;
+ return true;
}
-
- return true;
+ return false;
}
@Override
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/fcc6ab34/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/AbstractIdentityBackend.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/AbstractIdentityBackend.java b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/AbstractIdentityBackend.java
index 05aa448..a4f56c6 100644
--- a/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/AbstractIdentityBackend.java
+++ b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/AbstractIdentityBackend.java
@@ -144,9 +144,6 @@ public abstract class AbstractIdentityBackend
*/
@Override
public KrbIdentity addIdentity(KrbIdentity identity) throws KrbException {
- logger.debug("addIdentity called, principalName = {}",
- identity.getPrincipalName());
-
if (identity == null) {
throw new IllegalArgumentException("null identity to add");
}
@@ -169,9 +166,6 @@ public abstract class AbstractIdentityBackend
*/
@Override
public KrbIdentity updateIdentity(KrbIdentity identity) throws KrbException {
- logger.debug("updateIdentity called, principalName = {}",
- identity.getPrincipalName());
-
if (identity == null) {
throw new IllegalArgumentException("null identity to update");
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/fcc6ab34/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcHandler.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcHandler.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcHandler.java
index 9de9b8a..0e51c94 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcHandler.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcHandler.java
@@ -44,8 +44,8 @@ import java.nio.ByteBuffer;
* KDC handler to process client requests. Currently only one realm is supported.
*/
public class KdcHandler {
- private final KdcContext kdcContext;
private static final Logger LOG = LoggerFactory.getLogger(KdcHandler.class);
+ private final KdcContext kdcContext;
public KdcHandler(KdcContext kdcContext) {
this.kdcContext = kdcContext;
@@ -55,7 +55,7 @@ public class KdcHandler {
InetAddress remoteAddress) throws KrbException {
KrbMessage krbRequest;
KdcRequest kdcRequest = null;
- KrbMessage krbResponse = null;
+ KrbMessage krbResponse;
try {
krbRequest = KrbCodec.decodeMessage(receivedMessage);
@@ -84,6 +84,9 @@ public class KdcHandler {
}
}
+ if (remoteAddress == null) {
+ throw new KrbException("Remote address is null, not available.");
+ }
kdcRequest.setClientAddress(remoteAddress);
kdcRequest.isTcp(isTcp);
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/fcc6ab34/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/TickertIssuer.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/TickertIssuer.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/TickertIssuer.java
index 8da140c..bc7616e 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/TickertIssuer.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/TickertIssuer.java
@@ -48,8 +48,8 @@ import org.slf4j.LoggerFactory;
* Handling ticket constructing, filling, and issuing.
*/
public abstract class TickertIssuer {
- private final KdcRequest kdcRequest;
private static final Logger LOG = LoggerFactory.getLogger(TickertIssuer.class);
+ private final KdcRequest kdcRequest;
public TickertIssuer(KdcRequest kdcRequest) {
this.kdcRequest = kdcRequest;
@@ -186,7 +186,7 @@ public abstract class TickertIssuer {
krbRtime = KerberosTime.NEVER;
}
KerberosTime allowedMaximumRenewableTime = krbStartTime;
- allowedMaximumRenewableTime.extend(config.getMaximumRenewableLifetime() * 1000);
+ allowedMaximumRenewableTime = allowedMaximumRenewableTime.extend(config.getMaximumRenewableLifetime() * 1000);
if (krbRtime.greaterThan(allowedMaximumRenewableTime)) {
krbRtime = allowedMaximumRenewableTime;
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/fcc6ab34/kerby-kerb/kerb-simplekdc/src/main/java/org/apache/kerby/kerberos/kerb/client/JaasKrbUtil.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-simplekdc/src/main/java/org/apache/kerby/kerberos/kerb/client/JaasKrbUtil.java b/kerby-kerb/kerb-simplekdc/src/main/java/org/apache/kerby/kerberos/kerb/client/JaasKrbUtil.java
index 9584a00..36dd40c 100644
--- a/kerby-kerb/kerb-simplekdc/src/main/java/org/apache/kerby/kerberos/kerb/client/JaasKrbUtil.java
+++ b/kerby-kerb/kerb-simplekdc/src/main/java/org/apache/kerby/kerberos/kerb/client/JaasKrbUtil.java
@@ -42,9 +42,9 @@ import java.util.Set;
*/
public final class JaasKrbUtil {
- private JaasKrbUtil() { }
+ public final static boolean enableDebug = true;
- public static boolean enableDebug = true;
+ private JaasKrbUtil() { }
public static Subject loginUsingPassword(
String principal, String password) throws LoginException {
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/fcc6ab34/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/KrbInputStream.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/KrbInputStream.java b/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/KrbInputStream.java
index ca54db3..40f5324 100644
--- a/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/KrbInputStream.java
+++ b/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/KrbInputStream.java
@@ -27,6 +27,7 @@ import org.apache.kerby.kerberos.kerb.spec.base.PrincipalName;
import java.io.DataInputStream;
import java.io.IOException;
import java.io.InputStream;
+import java.nio.charset.Charset;
public abstract class KrbInputStream extends DataInputStream {
public KrbInputStream(InputStream in) {
@@ -54,7 +55,7 @@ public abstract class KrbInputStream extends DataInputStream {
public String readCountedString() throws IOException {
byte[] countedOctets = readCountedOctets();
// ASCII
- return new String(countedOctets);
+ return new String(countedOctets, Charset.forName("UTF-8"));
}
public byte[] readCountedOctets() throws IOException {
@@ -64,7 +65,9 @@ public abstract class KrbInputStream extends DataInputStream {
}
byte[] data = new byte[len];
- read(data);
+ if (read(data) == -1) {
+ throw new IOException();
+ }
return data;
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/fcc6ab34/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/KrbOutputStream.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/KrbOutputStream.java b/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/KrbOutputStream.java
index 69686dc..bf67ba4 100644
--- a/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/KrbOutputStream.java
+++ b/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/KrbOutputStream.java
@@ -26,6 +26,7 @@ import org.apache.kerby.kerberos.kerb.spec.base.PrincipalName;
import java.io.DataOutputStream;
import java.io.IOException;
import java.io.OutputStream;
+import java.nio.charset.Charset;
public abstract class KrbOutputStream extends DataOutputStream {
public KrbOutputStream(OutputStream out) {
@@ -49,7 +50,7 @@ public abstract class KrbOutputStream extends DataOutputStream {
}
public void writeCountedString(String string) throws IOException {
- byte[] data = string != null ? string.getBytes() : null; // ASCII
+ byte[] data = string != null ? string.getBytes(Charset.forName("UTF-8")) : null; // ASCII
writeCountedOctets(data);
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/fcc6ab34/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/ccache/Credential.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/ccache/Credential.java b/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/ccache/Credential.java
index 6c6f938..a391089 100644
--- a/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/ccache/Credential.java
+++ b/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/ccache/Credential.java
@@ -88,6 +88,8 @@ public class Credential {
this.ticket = tkt.getTicket();
+ this.clientRealm = kdcRepPart.getSrealm();
+
this.isEncInSKey = false;
this.secondTicket = null;
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/fcc6ab34/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/ccache/CredentialCache.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/ccache/CredentialCache.java b/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/ccache/CredentialCache.java
index bf8f4cb..2a312d6 100644
--- a/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/ccache/CredentialCache.java
+++ b/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/ccache/CredentialCache.java
@@ -39,13 +39,11 @@ public class CredentialCache implements KrbCredentialCache {
public static final int FCC_FVNO_4 = 0x504;
public static final int FCC_TAG_DELTATIME = 1;
-
+ private final List<Credential> credentials;
private int version = FCC_FVNO_4;
private List<Tag> tags;
private PrincipalName primaryPrincipal;
- private final List<Credential> credentials;
-
public CredentialCache() {
credentials = new ArrayList<>();
}
@@ -62,11 +60,30 @@ public class CredentialCache implements KrbCredentialCache {
setPrimaryPrincipal(credential.getClientName());
}
+ public static void main(String[] args) throws IOException {
+ if (args.length != 2) {
+ System.err.println("Dump credential cache file");
+ System.err.println("Usage: CredentialCache <ccache-file>");
+ System.exit(1);
+ }
+
+ String cacheFile = args[1];
+ CredentialCache cc = new CredentialCache();
+ cc.load(new File(cacheFile));
+
+ for (Credential cred : cc.getCredentials()) {
+ Ticket tkt = cred.getTicket();
+ System.out.println("Tkt server name: " + tkt.getSname().getName());
+ System.out.println("Tkt client name: " + cred.getClientName().getName());
+ System.out.println("Tkt encrypt type: " + tkt.getEncryptedEncPart().getEType().getName());
+ }
+ }
+
@Override
public void store(File ccacheFile) throws IOException {
OutputStream outputStream = new FileOutputStream(ccacheFile);
-
store(outputStream);
+ outputStream.close();
}
@Override
@@ -99,11 +116,6 @@ public class CredentialCache implements KrbCredentialCache {
}
@Override
- public void setVersion(int version) {
- this.version = version;
- }
-
- @Override
public PrincipalName getPrimaryPrincipal() {
return primaryPrincipal;
}
@@ -118,14 +130,19 @@ public class CredentialCache implements KrbCredentialCache {
return version;
}
- public void setTags(List<Tag> tags) {
- this.tags = tags;
+ @Override
+ public void setVersion(int version) {
+ this.version = version;
}
public List<Tag> getTags() {
return this.tags;
}
+ public void setTags(List<Tag> tags) {
+ this.tags = tags;
+ }
+
@Override
public List<Credential> getCredentials() {
return credentials;
@@ -174,8 +191,8 @@ public class CredentialCache implements KrbCredentialCache {
}
InputStream inputStream = new FileInputStream(ccacheFile);
-
load(inputStream);
+ inputStream.close();
}
@Override
@@ -236,8 +253,11 @@ public class CredentialCache implements KrbCredentialCache {
usec = ccis.readInt();
tags.add(new Tag(tag, time, usec));
break;
- default:
- ccis.read(new byte[tagLen], 0, tagLen); // ignore unknown tag
+ default: {
+ if (ccis.read(new byte[tagLen], 0, tagLen) == -1) { // ignore unknown tag
+ throw new IOException();
+ }
+ }
}
len = len - (4 + tagLen);
}
@@ -278,23 +298,4 @@ public class CredentialCache implements KrbCredentialCache {
ccos.writeInt(tag.time);
ccos.writeInt(tag.usec);
}
-
- public static void main(String[] args) throws IOException {
- if (args.length != 2) {
- System.err.println("Dump credential cache file");
- System.err.println("Usage: CredentialCache <ccache-file>");
- System.exit(1);
- }
-
- String cacheFile = args[1];
- CredentialCache cc = new CredentialCache();
- cc.load(new File(cacheFile));
-
- for (Credential cred : cc.getCredentials()) {
- Ticket tkt = cred.getTicket();
- System.out.println("Tkt server name: " + tkt.getSname().getName());
- System.out.println("Tkt client name: " + cred.getClientName().getName());
- System.out.println("Tkt encrypt type: " + tkt.getEncryptedEncPart().getEType().getName());
- }
- }
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/fcc6ab34/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/ccache/Tag.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/ccache/Tag.java b/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/ccache/Tag.java
index 21b8dd7..715e344 100644
--- a/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/ccache/Tag.java
+++ b/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/ccache/Tag.java
@@ -24,7 +24,7 @@ public class Tag {
int tagLen = 8;
int time = 0;
int usec = 0;
- int length = 2 + 2 + 8; // len(tag) + len(tagLen) + len(tagData);
+ int length = 2 + 2 + tagLen; // len(tag) + len(tagLen) + len(tagData);
public Tag(int tag, int time, int usec) {
this.tag = tag;
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/fcc6ab34/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/keytab/Keytab.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/keytab/Keytab.java b/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/keytab/Keytab.java
index 2a50413..bd1a4ce 100644
--- a/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/keytab/Keytab.java
+++ b/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/keytab/Keytab.java
@@ -51,6 +51,18 @@ public final class Keytab implements KrbKeytab {
this.principalEntries = new HashMap<PrincipalName, List<KeytabEntry>>();
}
+ public static Keytab loadKeytab(File keytabFile) throws IOException {
+ Keytab keytab = new Keytab();
+ keytab.load(keytabFile);
+ return keytab;
+ }
+
+ public static Keytab loadKeytab(InputStream inputStream) throws IOException {
+ Keytab keytab = new Keytab();
+ keytab.load(inputStream);
+ return keytab;
+ }
+
@Override
public List<PrincipalName> getPrincipals() {
return new ArrayList<PrincipalName>(principalEntries.keySet());
@@ -122,18 +134,6 @@ public final class Keytab implements KrbKeytab {
return null;
}
- public static Keytab loadKeytab(File keytabFile) throws IOException {
- Keytab keytab = new Keytab();
- keytab.load(keytabFile);
- return keytab;
- }
-
- public static Keytab loadKeytab(InputStream inputStream) throws IOException {
- Keytab keytab = new Keytab();
- keytab.load(inputStream);
- return keytab;
- }
-
@Override
public void load(File keytabFile) throws IOException {
if (!keytabFile.exists() || !keytabFile.canRead()) {
@@ -141,8 +141,8 @@ public final class Keytab implements KrbKeytab {
}
InputStream is = new FileInputStream(keytabFile);
-
load(is);
+ is.close();
}
@Override
@@ -202,8 +202,8 @@ public final class Keytab implements KrbKeytab {
@Override
public void store(File keytabFile) throws IOException {
OutputStream outputStream = new FileOutputStream(keytabFile);
-
store(outputStream);
+ outputStream.close();
}
@Override
@@ -232,6 +232,11 @@ public final class Keytab implements KrbKeytab {
entry.store(kos);
}
}
+ for (Map.Entry<PrincipalName, List<KeytabEntry>> entryList : principalEntries.entrySet()) {
+ for (KeytabEntry entry : entryList.getValue()) {
+ entry.store(kos);
+ }
+ }
}
}