You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by pl...@apache.org on 2016/05/13 07:49:28 UTC
directory-kerby git commit: Revert "DIRKRB-569 Add unit test of
multiple KDCs for a given realm in client. Contributed by Wei."
Repository: directory-kerby
Updated Branches:
refs/heads/gssapi 66f6f17da -> eed1dbcaf
Revert "DIRKRB-569 Add unit test of multiple KDCs for a given realm in client. Contributed by Wei."
This reverts commit 66f6f17dacf9c19d56241e97ffdebacb3eed6e6e.
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/eed1dbca
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/eed1dbca
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/eed1dbca
Branch: refs/heads/gssapi
Commit: eed1dbcaf37489b3592954506dcc7c12080dfc05
Parents: 66f6f17
Author: plusplusjiajia <ji...@intel.com>
Authored: Fri May 13 15:54:42 2016 +0800
Committer: plusplusjiajia <ji...@intel.com>
Committed: Fri May 13 15:54:42 2016 +0800
----------------------------------------------------------------------
.../kerby/kerberos/kerb/request/ApRequest.java | 11 +--
.../kerberos/kerb/gssapi/KerbyMechFactory.java | 9 +-
.../kerberos/kerb/gssapi/krb5/KerbyContext.java | 96 ++------------------
3 files changed, 18 insertions(+), 98 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/eed1dbca/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/request/ApRequest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/request/ApRequest.java b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/request/ApRequest.java
index 44f5b47..096b0de 100644
--- a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/request/ApRequest.java
+++ b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/request/ApRequest.java
@@ -89,11 +89,8 @@ public class ApRequest {
authenticator.setAuthenticatorVno(5);
authenticator.setCname(clientPrincipal);
authenticator.setCrealm(sgtTicket.getRealm());
- long millis = System.currentTimeMillis();
- int usec = (int) (millis % 1000) * 1000;
- millis -= millis % 1000;
- authenticator.setCtime(new KerberosTime(millis));
- authenticator.setCusec(usec);
+ authenticator.setCtime(KerberosTime.now());
+ authenticator.setCusec(0);
authenticator.setSubKey(sgtTicket.getSessionKey());
return authenticator;
@@ -141,13 +138,13 @@ public class ApRequest {
}
if (timeSkew != 0) {
- if (!authenticator.getCtime().isInClockSkew(timeSkew)) {
+ if (authenticator.getCtime().isInClockSkew(timeSkew)) {
throw new KrbException(KrbErrorCode.KRB_AP_ERR_SKEW);
}
KerberosTime now = KerberosTime.now();
KerberosTime startTime = tktEncPart.getStartTime();
- if (startTime != null && !startTime.lessThanWithSkew(now, timeSkew)) {
+ if (startTime != null && startTime.greaterThanWithSkew(now, timeSkew)) {
throw new KrbException(KrbErrorCode.KRB_AP_ERR_TKT_NYV);
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/eed1dbca/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gssapi/KerbyMechFactory.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gssapi/KerbyMechFactory.java b/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gssapi/KerbyMechFactory.java
index adacb27..a897c29 100644
--- a/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gssapi/KerbyMechFactory.java
+++ b/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gssapi/KerbyMechFactory.java
@@ -20,7 +20,6 @@
package org.apache.kerby.kerberos.kerb.gssapi;
import org.apache.kerby.kerberos.kerb.gssapi.krb5.KerbyAcceptCred;
-import org.apache.kerby.kerberos.kerb.gssapi.krb5.KerbyContext;
import org.apache.kerby.kerberos.kerb.gssapi.krb5.KerbyCredElement;
import org.apache.kerby.kerberos.kerb.gssapi.krb5.KerbyInitCred;
import org.apache.kerby.kerberos.kerb.gssapi.krb5.KerbyNameElement;
@@ -91,7 +90,9 @@ public class KerbyMechFactory implements MechanismFactory {
if (myInitiatorCred == null) {
myInitiatorCred = getCredentialElement(null, lifetime, 0, GSSCredential.INITIATE_ONLY);
}
- return new KerbyContext(caller, (KerbyNameElement) peer, (KerbyInitCred) myInitiatorCred, lifetime);
+ return null;
+ //For convenience of making patch, return null instead of introduce in KerbyContext
+ //return new KerbyContext(caller, (KerbyNameElement)peer, (KerbyInitCred)myInitiatorCred, lifetime);
}
public GSSContextSpi getMechanismContext(GSSCredentialSpi myAcceptorCred)
@@ -100,13 +101,13 @@ public class KerbyMechFactory implements MechanismFactory {
myAcceptorCred = getCredentialElement(null, 0,
GSSCredential.INDEFINITE_LIFETIME, GSSCredential.ACCEPT_ONLY);
}
- return new KerbyContext(caller, (KerbyAcceptCred) myAcceptorCred);
+ return null; //return new KerbyContext(caller, (KerbyAcceptCred)myAcceptorCred);
}
// Reconstruct from previously exported context
public GSSContextSpi getMechanismContext(byte[] exportedContext)
throws GSSException {
- return new KerbyContext(caller, exportedContext);
+ return null; //return new KerbyContext(caller, exportedContext);
}
public GSSCredentialSpi getCredentialElement(GSSNameSpi name,
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/eed1dbca/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gssapi/krb5/KerbyContext.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gssapi/krb5/KerbyContext.java b/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gssapi/krb5/KerbyContext.java
index 1496cac..b450cc9 100644
--- a/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gssapi/krb5/KerbyContext.java
+++ b/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gssapi/krb5/KerbyContext.java
@@ -424,8 +424,7 @@ public class KerbyContext implements GSSContextSpi {
}
try {
- ApRequest.validate(serverKey, apReq,
- channelBinding == null ? null : channelBinding.getInitiatorAddress(), 5 * 60 * 1000);
+ ApRequest.validate(serverKey, apReq, channelBinding.getInitiatorAddress(), 5 * 60 * 1000);
} catch (KrbException e) {
throw new GSSException(GSSException.UNAUTHORIZED, -1, "ApReq verification failed: " + e.getMessage());
}
@@ -477,20 +476,7 @@ public class KerbyContext implements GSSContextSpi {
if (ctxState != STATE_ESTABLISHED) {
throw new GSSException(GSSException.NO_CONTEXT, -1, "Context invalid for wrap");
}
-
- int len;
- byte[] inBuf;
- try {
- len = is.available();
- inBuf = new byte[len];
- is.read(inBuf);
- } catch (IOException e) {
- throw new GSSException(GSSException.FAILURE, -1, "Error when get user data:" + e.getMessage());
- }
- if (gssEncryptor.isV2()) {
- WrapTokenV2 token = new WrapTokenV2(this, inBuf, 0, len, msgProp);
- token.wrap(os);
- }
+ throw new GSSException(GSSException.UNAVAILABLE, -1, "Unsupported method"); // TODO: to be implemented
}
public byte[] wrap(byte[] inBuf, int offset, int len,
@@ -498,24 +484,12 @@ public class KerbyContext implements GSSContextSpi {
if (ctxState != STATE_ESTABLISHED) {
throw new GSSException(GSSException.NO_CONTEXT, -1, "Context invalid for wrap");
}
- byte[] ret = null;
- if (gssEncryptor.isV2()) {
- WrapTokenV2 token = new WrapTokenV2(this, inBuf, offset, len, msgProp);
- ret = token.wrap();
- }
- return ret;
+ return null; // TODO: to be implemented
}
public void unwrap(InputStream is, OutputStream os,
MessageProp msgProp) throws GSSException {
- if (ctxState != STATE_ESTABLISHED) {
- throw new GSSException(GSSException.NO_CONTEXT, -1, "Context invalid for unwrap");
- }
-
- if (gssEncryptor.isV2()) {
- WrapTokenV2 token = new WrapTokenV2(this, msgProp, is);
- token.unwrap(os);
- }
+ throw new GSSException(GSSException.UNAVAILABLE, -1, "Unsupported method"); // TODO: to be implemented
}
public byte[] unwrap(byte[] inBuf, int offset, int len,
@@ -523,82 +497,30 @@ public class KerbyContext implements GSSContextSpi {
if (ctxState != STATE_ESTABLISHED) {
throw new GSSException(GSSException.NO_CONTEXT, -1, "Context invalid for unwrap");
}
-
- byte[] ret = null;
- if (gssEncryptor.isV2()) {
- WrapTokenV2 token = new WrapTokenV2(this, msgProp, inBuf, offset, len);
- ret = token.unwrap();
- }
- return ret;
+ return null; // TODO: to be implemented
}
public void getMIC(InputStream is, OutputStream os,
- MessageProp msgProp) throws GSSException {
- if (ctxState != STATE_ESTABLISHED) {
- throw new GSSException(GSSException.NO_CONTEXT, -1, "Context invalid for getMIC");
- }
-
- try {
- int len = is.available();
- byte[] inMsg = new byte[len];
- is.read(inMsg);
- if (gssEncryptor.isV2()) {
- MicTokenV2 token = new MicTokenV2(this, inMsg, 0, len, msgProp);
- token.getMic(os);
- }
- } catch (IOException e) {
- throw new GSSException(GSSException.FAILURE, -1, "Error when get user data in getMIC:" + e.getMessage());
- }
+ MessageProp msgProp)
+ throws GSSException {
}
public byte[] getMIC(byte[] inMsg, int offset, int len,
MessageProp msgProp) throws GSSException {
- if (ctxState != STATE_ESTABLISHED) {
- throw new GSSException(GSSException.NO_CONTEXT, -1, "Context invalid for getMIC");
- }
-
- byte[] ret = null;
- if (gssEncryptor.isV2()) {
- MicTokenV2 token = new MicTokenV2(this, inMsg, offset, len, msgProp);
- ret = token.getMic();
- }
- return ret;
+ return null; // TODO: to be implemented
}
public void verifyMIC(InputStream is, InputStream msgStr,
MessageProp msgProp) throws GSSException {
- if (ctxState != STATE_ESTABLISHED) {
- throw new GSSException(GSSException.NO_CONTEXT, -1, "Context invalid for verifyMIC");
- }
-
- try {
- int tokLen = is.available();
- byte[] inTok = new byte[tokLen];
- int msgLen = msgStr.available();
- byte[] inMsg = new byte[msgLen];
-
- verifyMIC(inTok, 0, tokLen, inMsg, 0, msgLen, msgProp);
- } catch (IOException e) {
- throw new GSSException(GSSException.FAILURE, -1,
- "Error when get user data in verifyMIC:" + e.getMessage());
- }
}
public void verifyMIC(byte[]inTok, int tokOffset, int tokLen,
byte[] inMsg, int msgOffset, int msgLen,
MessageProp msgProp) throws GSSException {
- if (ctxState != STATE_ESTABLISHED) {
- throw new GSSException(GSSException.NO_CONTEXT, -1, "Context invalid for verifyMIC");
- }
-
- if (gssEncryptor.isV2()) {
- MicTokenV2 token = new MicTokenV2(this, msgProp, inTok, tokOffset, tokLen);
- token.verify(inMsg, msgOffset, msgLen);
- }
}
public byte[] export() throws GSSException {
- throw new GSSException(GSSException.UNAVAILABLE, -1, "Unsupported export() method");
+ throw new GSSException(GSSException.UNAVAILABLE, -1, "Unsupported export method");
}
public void dispose() throws GSSException {