You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by pl...@apache.org on 2017/09/21 02:53:17 UTC
directory-kerby git commit: DIRKRB-650 Getting capaths section from
krb5.conf. Contributed by Frank.
Repository: directory-kerby
Updated Branches:
refs/heads/cross-realm 9c7935070 -> 7b1949371
DIRKRB-650 Getting capaths section from krb5.conf. Contributed by Frank.
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/7b194937
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/7b194937
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/7b194937
Branch: refs/heads/cross-realm
Commit: 7b1949371fa9aa2363f41879e1a1710324342230
Parents: 9c79350
Author: plusplusjiajia <ji...@intel.com>
Authored: Thu Sep 21 10:53:00 2017 +0800
Committer: plusplusjiajia <ji...@intel.com>
Committed: Thu Sep 21 10:53:00 2017 +0800
----------------------------------------------------------------------
.../kerby/kerberos/kerb/client/KrbConfig.java | 56 ++++++++++++++++++++
.../kerberos/kerb/client/KrbConfigLoadTest.java | 1 +
.../kerb-client/src/test/resources/krb5.conf | 13 ++++-
.../kerby/kerberos/kerb/common/Krb5Parser.java | 2 +-
4 files changed, 70 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/7b194937/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfig.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfig.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfig.java
index dffea68..9ffd6bd 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfig.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfig.java
@@ -19,10 +19,12 @@
*/
package org.apache.kerby.kerberos.kerb.client;
+import org.apache.kerby.kerberos.kerb.KrbException;
import org.apache.kerby.kerberos.kerb.common.Krb5Conf;
import org.apache.kerby.kerberos.kerb.type.base.EncryptionType;
import java.util.ArrayList;
+import java.util.LinkedList;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
@@ -34,6 +36,7 @@ import java.util.Map;
public class KrbConfig extends Krb5Conf {
private static final String LIBDEFAULT = "libdefaults";
private static final String REALMS = "realms";
+ private static final String CAPATHS = "capaths";
public boolean enableDebug() {
return getBoolean(KrbConfigKey.KRB_DEBUG, true, LIBDEFAULT);
@@ -344,4 +347,57 @@ public class KrbConfig extends Krb5Conf {
}
return Collections.emptyMap();
}
+
+ /**
+ * Get capath of specified realms.
+ * @param sourceRealm source realm
+ * @param destRealm dest realm
+ * @return The capath from sourceRealm to destRealm
+ */
+ public LinkedList<String> getCapath(String sourceRealm, String destRealm) throws KrbException {
+ Map<String, Object> capathsMap = getCapaths(sourceRealm);
+ if (capathsMap.isEmpty()) {
+ throw new KrbException("Capaths of " + sourceRealm + " is not given in conf file.");
+ }
+
+ LinkedList<String> items = new LinkedList<>();
+ boolean valid = false;
+
+ items.addFirst(destRealm);
+ for (Map.Entry<String, Object> entry : capathsMap.entrySet()) {
+ if (entry.getKey().equals(destRealm)) {
+ valid = true;
+ String value = (String) entry.getValue();
+ if (value.equals(".")) {
+ break;
+ } else if (!value.equals(sourceRealm) && !value.equals(destRealm) && !items.contains(value)
+ && !value.isEmpty()) {
+ items.addFirst(value);
+ }
+ }
+ }
+
+ if (!valid) {
+ throw new KrbException("Capaths from " + sourceRealm + " to " + destRealm + " is not given in conf file.");
+ }
+
+ items.addFirst(sourceRealm);
+ return items;
+ }
+
+ /**
+ * Get capaths of specified realm.
+ */
+ private Map<String, Object> getCapaths(String realm) {
+ Map<String, Object> caPaths = (Map) getSection(CAPATHS);
+ if (caPaths != null) {
+ for (Map.Entry<String, Object> entry : caPaths.entrySet()) {
+ if (entry.getKey().equals(realm)) {
+ return (Map) entry.getValue();
+ }
+ }
+ }
+
+ return Collections.emptyMap();
+ }
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/7b194937/kerby-kerb/kerb-client/src/test/java/org/apache/kerby/kerberos/kerb/client/KrbConfigLoadTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/test/java/org/apache/kerby/kerberos/kerb/client/KrbConfigLoadTest.java b/kerby-kerb/kerb-client/src/test/java/org/apache/kerby/kerberos/kerb/client/KrbConfigLoadTest.java
index 50ee72b..ac9b3da 100644
--- a/kerby-kerb/kerb-client/src/test/java/org/apache/kerby/kerberos/kerb/client/KrbConfigLoadTest.java
+++ b/kerby-kerb/kerb-client/src/test/java/org/apache/kerby/kerberos/kerb/client/KrbConfigLoadTest.java
@@ -63,5 +63,6 @@ public class KrbConfigLoadTest {
assertThat(krbConfig.getPkinitKdcHostName()).isEqualTo("kdc-server.example.com");
assertThat(krbConfig.getRealmSection("ATHENA.MIT.EDU")).hasSize(3);
assertThat(krbConfig.getRealmSectionItems("ATHENA.MIT.EDU", "admin_server")).hasSize(1);
+ assertThat(krbConfig.getCapath("ATHENA.MIT.EDU", "ANDREW.CMU.EDU")).hasSize(3);
}
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/7b194937/kerby-kerb/kerb-client/src/test/resources/krb5.conf
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/test/resources/krb5.conf b/kerby-kerb/kerb-client/src/test/resources/krb5.conf
index 42dde30..32a9696 100644
--- a/kerby-kerb/kerb-client/src/test/resources/krb5.conf
+++ b/kerby-kerb/kerb-client/src/test/resources/krb5.conf
@@ -59,4 +59,15 @@
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
- admin_server = FILE:/var/log/kadmind.log
\ No newline at end of file
+ admin_server = FILE:/var/log/kadmind.log
+[capaths]
+ ATHENA.MIT.EDU = {
+ ANDREW.CMU.EDU = GNU.ORG
+ GNU.ORG = .
+ }
+ ANDREW.CMU.EDU = {
+ ATHENA.MIT.EDU = GNU.ORG
+ }
+ GNU.ORG = {
+ ATHENA.MIT.EDU = .
+ }
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/7b194937/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/Krb5Parser.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/Krb5Parser.java b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/Krb5Parser.java
index 0f2d4cd..504932a 100644
--- a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/Krb5Parser.java
+++ b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/Krb5Parser.java
@@ -65,7 +65,7 @@ public class Krb5Parser {
/*parse through comments*/
if (line.startsWith("#") || line.length() == 0) {
originLine = br.readLine();
- } else if (line.startsWith("[")) {
+ } else if (line.startsWith("[")) {
insertSections(line, br, items);
originLine = br.readLine();
} else if (line.startsWith("include")) {