directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dran...@apache.org
Subject directory-kerby git commit: DIRKRB-309 Added a new API to KrbClient to store ticket in cache
Date Wed, 01 Jul 2015 07:11:59 GMT
Repository: directory-kerby
Updated Branches:
  refs/heads/master 5842f1be0 -> eeb3c5935


DIRKRB-309 Added a new API to KrbClient to store ticket in cache


Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/eeb3c593
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/eeb3c593
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/eeb3c593

Branch: refs/heads/master
Commit: eeb3c59353f1bb19b565339fd46f59f2f861fe5b
Parents: 5842f1b
Author: drankye <kai.zheng@intel.com>
Authored: Wed Jul 1 15:11:22 2015 +0800
Committer: Drankye <drankye@gmail.com>
Committed: Wed Jul 1 15:11:22 2015 +0800

----------------------------------------------------------------------
 .../kerberos/kdc/WithTokenKdcTestBase.java      |  4 +-
 .../kerby/kerberos/kerb/client/KrbClient.java   | 26 ++++++++++++-
 .../kerb/spec/ticket/ServiceTicket.java         |  2 +-
 .../kerberos/kerb/spec/ticket/TgtTicket.java    |  2 +-
 .../kerby/kerberos/kerb/ccache/Credential.java  |  6 +--
 .../kerberos/kerb/ccache/CredentialCache.java   | 33 ++++++++++++----
 .../kerby/kerberos/tool/kinit/KinitTool.java    | 41 +++++++-------------
 7 files changed, 72 insertions(+), 42 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/eeb3c593/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithTokenKdcTestBase.java
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithTokenKdcTestBase.java
b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithTokenKdcTestBase.java
index 01f490c..a326637 100644
--- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithTokenKdcTestBase.java
+++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithTokenKdcTestBase.java
@@ -27,7 +27,7 @@ import org.apache.kerby.kerberos.kerb.server.KdcTestBase;
 import org.apache.kerby.kerberos.kerb.spec.base.AuthToken;
 import org.apache.kerby.kerberos.kerb.spec.base.KrbToken;
 import org.apache.kerby.kerberos.kerb.spec.base.TokenFormat;
-import org.apache.kerby.kerberos.kerb.spec.ticket.AbstractServiceTicket;
+import org.apache.kerby.kerberos.kerb.spec.ticket.KrbTicket;
 import org.apache.kerby.kerberos.kerb.spec.ticket.TgtTicket;
 import org.apache.kerby.kerberos.provider.token.JwtTokenProvider;
 import org.junit.Before;
@@ -130,7 +130,7 @@ public class WithTokenKdcTestBase extends KdcTestBase {
         cCacheFile.delete();
     }
 
-    protected void verifyTicket(AbstractServiceTicket ticket) {
+    protected void verifyTicket(KrbTicket ticket) {
         assertThat(ticket).isNotNull();
         assertThat(ticket.getRealm()).isEqualTo(getKdcServer().getKdcSetting().getKdcRealm());
         assertThat(ticket.getTicket()).isNotNull();

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/eeb3c593/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbClient.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbClient.java
b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbClient.java
index f045dd5..bcd55d2 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbClient.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbClient.java
@@ -21,6 +21,7 @@ package org.apache.kerby.kerberos.kerb.client;
 
 import org.apache.kerby.KOptions;
 import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.ccache.CredentialCache;
 import org.apache.kerby.kerberos.kerb.client.impl.DefaultInternalKrbClient;
 import org.apache.kerby.kerberos.kerb.client.impl.InternalKrbClient;
 import org.apache.kerby.kerberos.kerb.spec.base.AuthToken;
@@ -28,6 +29,7 @@ import org.apache.kerby.kerberos.kerb.spec.ticket.ServiceTicket;
 import org.apache.kerby.kerberos.kerb.spec.ticket.TgtTicket;
 
 import java.io.File;
+import java.io.IOException;
 import java.security.PrivateKey;
 import java.security.cert.Certificate;
 
@@ -256,7 +258,8 @@ public class KrbClient {
      * @throws KrbException
      */
     public ServiceTicket requestServiceTicketWithAccessToken(
-            AuthToken token, String serverPrincipal, String armorCache) throws KrbException
{
+            AuthToken token, String serverPrincipal,
+            String armorCache) throws KrbException {
         if (! token.isAcToken()) {
             throw new IllegalArgumentException("Access token is expected");
         }
@@ -266,4 +269,25 @@ public class KrbClient {
         requestOptions.add(KrbOption.SERVER_PRINCIPAL, serverPrincipal);
         return innerClient.requestServiceTicket(requestOptions);
     }
+
+    /**
+     * Store tgt into the specified credential cache file.
+     * @param tgtTicket
+     * @param ccacheFile
+     * @throws KrbException
+     */
+    public void storeTicket(TgtTicket tgtTicket,
+                            File ccacheFile) throws KrbException {
+        if (ccacheFile.exists() && ccacheFile.canWrite()) {
+            CredentialCache cCache = new CredentialCache(tgtTicket);
+            try {
+                cCache.store(ccacheFile);
+            } catch (IOException e) {
+                throw new KrbException("Failed to store tgt", e);
+            }
+        } else {
+            throw new IllegalArgumentException("Invalid ccache file, " +
+                    "not exist or writable: " + ccacheFile.getAbsolutePath());
+        }
+    }
 }

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/eeb3c593/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/ticket/ServiceTicket.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/ticket/ServiceTicket.java
b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/ticket/ServiceTicket.java
index f081b41..0c119fa 100644
--- a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/ticket/ServiceTicket.java
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/ticket/ServiceTicket.java
@@ -21,7 +21,7 @@ package org.apache.kerby.kerberos.kerb.spec.ticket;
 
 import org.apache.kerby.kerberos.kerb.spec.kdc.EncTgsRepPart;
 
-public class ServiceTicket extends AbstractServiceTicket {
+public class ServiceTicket extends KrbTicket {
     public ServiceTicket(Ticket ticket, EncTgsRepPart encKdcRepPart) {
         super(ticket, encKdcRepPart);
     }

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/eeb3c593/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/ticket/TgtTicket.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/ticket/TgtTicket.java
b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/ticket/TgtTicket.java
index ab06b19..0a119aa 100644
--- a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/ticket/TgtTicket.java
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/ticket/TgtTicket.java
@@ -22,7 +22,7 @@ package org.apache.kerby.kerberos.kerb.spec.ticket;
 import org.apache.kerby.kerberos.kerb.spec.base.PrincipalName;
 import org.apache.kerby.kerberos.kerb.spec.kdc.EncAsRepPart;
 
-public class TgtTicket extends AbstractServiceTicket {
+public class TgtTicket extends KrbTicket {
     private PrincipalName clientPrincipal;
 
     public TgtTicket(Ticket ticket, EncAsRepPart encKdcRepPart, String clientPrincipal) {

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/eeb3c593/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/ccache/Credential.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/ccache/Credential.java
b/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/ccache/Credential.java
index ed1c033..bcc46f6 100644
--- a/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/ccache/Credential.java
+++ b/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/ccache/Credential.java
@@ -25,7 +25,7 @@ import org.apache.kerby.kerberos.kerb.spec.base.EncryptionKey;
 import org.apache.kerby.kerberos.kerb.spec.base.HostAddresses;
 import org.apache.kerby.kerberos.kerb.spec.base.PrincipalName;
 import org.apache.kerby.kerberos.kerb.spec.kdc.EncKdcRepPart;
-import org.apache.kerby.kerberos.kerb.spec.ticket.AbstractServiceTicket;
+import org.apache.kerby.kerberos.kerb.spec.ticket.KrbTicket;
 import org.apache.kerby.kerberos.kerb.spec.ticket.TgtTicket;
 import org.apache.kerby.kerberos.kerb.spec.ticket.Ticket;
 import org.apache.kerby.kerberos.kerb.spec.ticket.TicketFlags;
@@ -63,11 +63,11 @@ public class Credential {
         init(tgt, clientPrincipal);
     }
 
-    public Credential(AbstractServiceTicket tkt, PrincipalName clientPrincipal) {
+    public Credential(KrbTicket tkt, PrincipalName clientPrincipal) {
         init(tkt, clientPrincipal);
     }
 
-    private void init(AbstractServiceTicket tkt, PrincipalName clientPrincipal) {
+    private void init(KrbTicket tkt, PrincipalName clientPrincipal) {
         EncKdcRepPart kdcRepPart = tkt.getEncKdcRepPart();
 
         this.serverName = kdcRepPart.getSname();

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/eeb3c593/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/ccache/CredentialCache.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/ccache/CredentialCache.java
b/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/ccache/CredentialCache.java
index 75b2bab..fb59eef 100644
--- a/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/ccache/CredentialCache.java
+++ b/kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/ccache/CredentialCache.java
@@ -20,27 +20,42 @@
 package org.apache.kerby.kerberos.kerb.ccache;
 
 import org.apache.kerby.kerberos.kerb.spec.base.PrincipalName;
+import org.apache.kerby.kerberos.kerb.spec.ticket.TgtTicket;
 import org.apache.kerby.kerberos.kerb.spec.ticket.Ticket;
 
 import java.io.*;
 import java.util.ArrayList;
 import java.util.List;
 
-public class CredentialCache implements KrbCredentialCache
-{
+public class CredentialCache implements KrbCredentialCache {
     public static final int FCC_FVNO_1 = 0x501;
     public static final int FCC_FVNO_2 = 0x502;
     public static final int FCC_FVNO_3 = 0x503;
     public static final int FCC_FVNO_4 = 0x504;
 
     public static final int FCC_TAG_DELTATIME = 1;
-    public static final int NT_UNKNOWN = 0;
-    public static final int MAXNAMELENGTH = 1024;
 
     private int version = FCC_FVNO_4;
     private List<Tag> tags;
     private PrincipalName primaryPrincipal;
-    private List<Credential> credentials = new ArrayList<Credential> ();
+
+    private final List<Credential> credentials;
+
+    public CredentialCache() {
+        credentials = new ArrayList<>();
+    }
+
+    public CredentialCache(TgtTicket tgt) {
+        this();
+        addCredential(new Credential(tgt));
+        setPrimaryPrincipal(tgt.getClientPrincipal());
+    }
+
+    public CredentialCache(Credential credential) {
+        this();
+        addCredential(credential);
+        setPrimaryPrincipal(credential.getClientName());
+    }
 
     @Override
     public void store(File ccacheFile) throws IOException {
@@ -149,7 +164,8 @@ public class CredentialCache implements KrbCredentialCache
     @Override
     public void load(File ccacheFile) throws IOException {
         if (! ccacheFile.exists() || ! ccacheFile.canRead()) {
-            throw new IllegalArgumentException("Invalid ccache file: " + ccacheFile.getAbsolutePath());
+            throw new IllegalArgumentException("Invalid ccache file: "
+                    + ccacheFile.getAbsolutePath());
         }
 
         InputStream inputStream = new FileInputStream(ccacheFile);
@@ -178,10 +194,11 @@ public class CredentialCache implements KrbCredentialCache
 
         this.primaryPrincipal = ccis.readPrincipal(version);
 
-        this.credentials = readCredentials(ccis);
+        this.credentials.addAll(readCredentials(ccis));
     }
 
-    private List<Credential> readCredentials(CredCacheInputStream ccis) throws IOException
{
+    private List<Credential> readCredentials(CredCacheInputStream ccis)
+            throws IOException {
         List<Credential> results = new ArrayList<Credential>(2);
 
         Credential cred;

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/eeb3c593/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/kinit/KinitTool.java
----------------------------------------------------------------------
diff --git a/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/kinit/KinitTool.java
b/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/kinit/KinitTool.java
index eef3211..114193a 100644
--- a/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/kinit/KinitTool.java
+++ b/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/kinit/KinitTool.java
@@ -22,16 +22,14 @@ package org.apache.kerby.kerberos.tool.kinit;
 import org.apache.kerby.KOptionType;
 import org.apache.kerby.KOptions;
 import org.apache.kerby.kerberos.kerb.KrbException;
-import org.apache.kerby.kerberos.kerb.ccache.Credential;
-import org.apache.kerby.kerberos.kerb.ccache.CredentialCache;
 import org.apache.kerby.kerberos.kerb.client.KrbClient;
 import org.apache.kerby.kerberos.kerb.client.KrbOption;
 import org.apache.kerby.kerberos.kerb.spec.ticket.TgtTicket;
 import org.apache.kerby.kerberos.tool.ToolUtil;
+import org.apache.kerby.util.SysUtil;
 
 import java.io.Console;
 import java.io.File;
-import java.io.IOException;
 import java.util.Arrays;
 import java.util.Scanner;
 
@@ -118,11 +116,23 @@ public class KinitTool {
                 ToolUtil.convertOptions(ktOptions));
 
         if(tgt == null) {
-            System.out.println("Get TGT failed ...");
+            System.err.println("Requesting TGT failed");
             return;
         }
 
-        writeTgtToCache(tgt, principal, ktOptions);
+        File ccacheFile;
+        if (ktOptions.contains(KrbOption.KRB5_CACHE)) {
+            String ccacheName = ktOptions.getStringOption(KrbOption.KRB5_CACHE);
+            ccacheFile = new File(ccacheName);
+        } else {
+            String ccacheName = principal.replaceAll("/", "_");
+            ccacheName = "krb5_" + ccacheName + ".cc";
+            ccacheFile = new File(SysUtil.getTempDir(), ccacheName);
+        }
+
+        krbClient.storeTicket(tgt, ccacheFile);
+        System.out.println("Successfully requested and stored ticket in " +
+                                    ccacheFile.getAbsolutePath());
     }
 
     /**
@@ -134,27 +144,6 @@ public class KinitTool {
         return krbClient;
     }
 
-    /**
-     * Write tgt into credentials cache.
-     */
-    private static void writeTgtToCache(
-            TgtTicket tgt, String principal, KOptions kinitOptions) throws IOException {
-        Credential credential = new Credential(tgt);
-        CredentialCache cCache = new CredentialCache();
-        cCache.addCredential(credential);
-        cCache.setPrimaryPrincipal(tgt.getClientPrincipal());
-
-        String fileName;
-        if (kinitOptions.contains(KrbOption.KRB5_CACHE)) {
-            fileName = kinitOptions.getStringOption(KrbOption.KRB5_CACHE);
-        } else {
-            String princName = principal.replaceAll("/", "_");
-            fileName = "krb5_" + princName + ".cc";
-        }
-        File cCacheFile = new File("/tmp/", fileName);
-        cCache.store(cCacheFile);
-    }
-
     public static void main(String[] args) throws Exception {
         KOptions ktOptions = new KOptions();
         KinitOption kto;


Mime
View raw message