directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From plusplusjia...@apache.org
Subject [30/48] directory-kerby git commit: DIRKRB-428 Signed token in TokenLoginTestBase and WithTokenKdcTestBase.
Date Wed, 04 Nov 2015 08:25:56 GMT
DIRKRB-428 Signed token in TokenLoginTestBase and WithTokenKdcTestBase.


Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/0500943b
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/0500943b
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/0500943b

Branch: refs/heads/pkinit-support
Commit: 0500943bf7656cedd9e94a5658760669a4afc4a0
Parents: 0df9588
Author: plusplusjiajia <jiajia.li@intel.com>
Authored: Wed Oct 14 13:46:50 2015 +0800
Committer: plusplusjiajia <jiajia.li@intel.com>
Committed: Wed Oct 14 13:46:50 2015 +0800

----------------------------------------------------------------------
 .../kerberos/kdc/WithTokenKdcTestBase.java      | 44 +++++++++++++++++++-
 .../test/resources/oauth2.com_public_key.pem    |  6 +++
 .../src/test/resources/private_key.pem          | 16 +++++++
 .../test/jaas/TokenAuthLoginModule.java         | 36 ++++++++++++++++
 .../integration/test/jaas/TokenJaasKrbUtil.java | 26 +++++++-----
 .../integration/test/TokenLoginTestBase.java    | 22 ++++++----
 .../src/test/resources/private_key.pem          | 16 +++++++
 .../test/resources/token-service-public_key.pem |  6 +++
 .../kerby/kerberos/kerb/spec/base/KrbToken.java |  6 ++-
 9 files changed, 158 insertions(+), 20 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0500943b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithTokenKdcTestBase.java
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithTokenKdcTestBase.java
b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithTokenKdcTestBase.java
index ac20938..7dc24d3 100644
--- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithTokenKdcTestBase.java
+++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithTokenKdcTestBase.java
@@ -19,20 +19,28 @@
  */
 package org.apache.kerby.kerberos.kdc;
 
+import org.apache.kerby.kerberos.kerb.KrbException;
 import org.apache.kerby.kerberos.kerb.KrbRuntime;
 import org.apache.kerby.kerberos.kerb.ccache.Credential;
 import org.apache.kerby.kerberos.kerb.ccache.CredentialCache;
+import org.apache.kerby.kerberos.kerb.common.PrivateKeyReader;
+import org.apache.kerby.kerberos.kerb.provider.TokenEncoder;
+import org.apache.kerby.kerberos.kerb.server.KdcConfigKey;
 import org.apache.kerby.kerberos.kerb.server.KdcTestBase;
 import org.apache.kerby.kerberos.kerb.spec.base.AuthToken;
 import org.apache.kerby.kerberos.kerb.spec.base.KrbToken;
 import org.apache.kerby.kerberos.kerb.spec.base.TokenFormat;
 import org.apache.kerby.kerberos.kerb.spec.ticket.KrbTicket;
 import org.apache.kerby.kerberos.kerb.spec.ticket.TgtTicket;
+import org.apache.kerby.kerberos.provider.token.JwtTokenEncoder;
 import org.apache.kerby.kerberos.provider.token.JwtTokenProvider;
 import org.junit.Before;
 
 import java.io.File;
 import java.io.IOException;
+import java.io.InputStream;
+import java.security.PrivateKey;
+import java.security.interfaces.RSAPrivateKey;
 import java.util.ArrayList;
 import java.util.Date;
 import java.util.List;
@@ -46,7 +54,7 @@ public class WithTokenKdcTestBase extends KdcTestBase {
     static final String GROUP = "sales-group";
     static final String ROLE = "ADMIN";
     private File cCacheFile;
-    private AuthToken krbToken;
+    private KrbToken krbToken;
 
     @Before
     public void setUp() throws Exception {
@@ -54,6 +62,13 @@ public class WithTokenKdcTestBase extends KdcTestBase {
         super.setUp();
     }
 
+    @Override
+    protected void configKdcSeverAndClient() {
+        super.configKdcSeverAndClient();
+        String verifyKeyPath = this.getClass().getResource("/").getPath();
+        getKdcServer().getKdcConfig().setString(KdcConfigKey.VERIFY_KEY, verifyKeyPath);
+    }
+
     protected AuthToken getKrbToken() {
         return krbToken;
     }
@@ -87,10 +102,35 @@ public class WithTokenKdcTestBase extends KdcTestBase {
 
         Date iat = now;
         authToken.setIssueTime(iat);
-        krbToken = new KrbToken(authToken, TokenFormat.JWT);
+
+        TokenEncoder tokenEncoder = KrbRuntime.getTokenProvider().createTokenEncoder();
+
+        if (tokenEncoder instanceof JwtTokenEncoder) {
+            InputStream is = WithTokenKdcTestBase.class.getResourceAsStream("/private_key.pem");
+            PrivateKey privateKey = null;
+            try {
+                privateKey = PrivateKeyReader.loadPrivateKey(is);
+            } catch (Exception e) {
+                e.printStackTrace();
+            }
+
+            ((JwtTokenEncoder) tokenEncoder).setSignKey((RSAPrivateKey) privateKey);
+        }
+
+        krbToken = new KrbToken();
+        krbToken.setInnerToken(authToken);
+        krbToken.setTokenType();
+        krbToken.setTokenFormat(TokenFormat.JWT);
+        try {
+            krbToken.setTokenValue(tokenEncoder.encodeAsBytes(authToken));
+        } catch (KrbException e) {
+            throw new RuntimeException("Failed to encode AuthToken", e);
+        }
+
         return krbToken;
     }
 
+
     protected File createCredentialCache(String principal,
                                        String password) throws Exception {
         TgtTicket tgt = getKrbClient().requestTgtWithPassword(principal, password);

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0500943b/kerby-kdc-test/src/test/resources/oauth2.com_public_key.pem
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/resources/oauth2.com_public_key.pem b/kerby-kdc-test/src/test/resources/oauth2.com_public_key.pem
new file mode 100644
index 0000000..471a517
--- /dev/null
+++ b/kerby-kdc-test/src/test/resources/oauth2.com_public_key.pem
@@ -0,0 +1,6 @@
+-----BEGIN PUBLIC KEY-----
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4BaCukPmveaHtV7OxXP8/mCCV
+Y2oHXqd+6iIliPRVCxirgp2XHg2nrAkBJTt/y13IHCeVl6Avm7UMzXxxv60NND1H
+e6+zDMgh3IVZM/Xe8uNHNF2C6jR6Z4KQ/GfccTvLuEQwWOt47CjZNDMFFzr2niOZ
+Us6V/0QzqDbHdDc3bQIDAQAB
+-----END PUBLIC KEY-----

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0500943b/kerby-kdc-test/src/test/resources/private_key.pem
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/resources/private_key.pem b/kerby-kdc-test/src/test/resources/private_key.pem
new file mode 100644
index 0000000..1c2ee59
--- /dev/null
+++ b/kerby-kdc-test/src/test/resources/private_key.pem
@@ -0,0 +1,16 @@
+-----BEGIN PRIVATE KEY-----
+MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBALgFoK6Q+a95oe1X
+s7Fc/z+YIJVjagdep37qIiWI9FULGKuCnZceDaesCQElO3/LXcgcJ5WXoC+btQzN
+fHG/rQ00PUd7r7MMyCHchVkz9d7y40c0XYLqNHpngpD8Z9xxO8u4RDBY63jsKNk0
+MwUXOvaeI5lSzpX/RDOoNsd0NzdtAgMBAAECgYBkEutnA4BFZSgiImeeNKy6sMhH
+dWDb0SXVZw5ayzfUZ8xquQVqgPV8EZpz/QN2Y+oEQQtl1qdOPKcg5z6dvVclwm8d
+aWeflrGcH45QI5mjxsuN/1D/xY5A7adO+/KWBwoUElmJ/OAIPXeaPyQh+FL2Y6Kd
+snrq+6LXYWZzZn+vIQJBAOkWN3SWEimgW5hLPZRtVw5Y+tXfDp6q8YRXK8RREtmi
+HKJySYjyMz01kda3IVVq4siFvTQt0mP9St8RjNrERSsCQQDKHKmudIdUAU+nRs89
+i5S0N9x3jiX7j+yO+9b5Nm+JAPsimA/pA2gQhkXD5UURerIoEc/JLODdqbmT5G7b
+DNnHAkEA3uL0wpKi6ZVDIT2JtD5eSgUCT7ON2mIis2dcHc1dFimz8g8RjFf2cWih
+fc3+nRypohBpXdUXY7AZgXfZ1nRqowJBAMh1f1JZn3ORTViC4b+QNnA8y30EzuVg
+TWdPn1tUQ3GmOG+KVJVu3IMvOfje6A87G4Kkj+tfiLQxx69IrS6z4zcCQCkeIynb
+RSoEti3Dxtstxn8HMWGpz1SyAtI9/lmmxec+HNOIvgwX8z28VtAbRMo+lt/Fp0rn
+bfFmyZ0PPmTHrLE=
+-----END PRIVATE KEY-----

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0500943b/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java
b/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java
index 65ad133..a8888a8 100644
--- a/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java
+++ b/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java
@@ -24,11 +24,14 @@ import org.apache.kerby.kerberos.kerb.KrbRuntime;
 import org.apache.kerby.kerberos.kerb.client.Krb5Conf;
 import org.apache.kerby.kerberos.kerb.client.KrbClient;
 import org.apache.kerby.kerberos.kerb.client.KrbConfig;
+import org.apache.kerby.kerberos.kerb.common.PrivateKeyReader;
 import org.apache.kerby.kerberos.kerb.provider.TokenDecoder;
+import org.apache.kerby.kerberos.kerb.provider.TokenEncoder;
 import org.apache.kerby.kerberos.kerb.spec.base.AuthToken;
 import org.apache.kerby.kerberos.kerb.spec.base.KrbToken;
 import org.apache.kerby.kerberos.kerb.spec.base.TokenFormat;
 import org.apache.kerby.kerberos.kerb.spec.ticket.TgtTicket;
+import org.apache.kerby.kerberos.provider.token.JwtTokenEncoder;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -37,7 +40,11 @@ import javax.security.auth.callback.CallbackHandler;
 import javax.security.auth.login.LoginException;
 import javax.security.auth.spi.LoginModule;
 import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
 import java.io.IOException;
+import java.security.PrivateKey;
+import java.security.interfaces.RSAPrivateKey;
 import java.util.Iterator;
 import java.util.Map;
 
@@ -66,11 +73,13 @@ public class TokenAuthLoginModule implements LoginModule {
     KrbToken krbToken = null;
     private File armorCache;
     private File cCache;
+    private File signKeyFile;
     public static final String PRINCIPAL = "principal";
     public static final String TOKEN = "token";
     public static final String TOKEN_CACHE = "tokenCache";
     public static final String ARMOR_CACHE = "armorCache";
     public static final String CREDENTIAL_CACHE = "credentialCache";
+    public static final String SIGN_KEY_FILE = "signKeyFile";
 
     /**
      * {@inheritDoc}
@@ -86,6 +95,7 @@ public class TokenAuthLoginModule implements LoginModule {
         tokenCacheName = (String) options.get(TOKEN_CACHE);
         armorCache = new File((String) options.get(ARMOR_CACHE));
         cCache = new File((String) options.get(CREDENTIAL_CACHE));
+        signKeyFile = new File((String) options.get(SIGN_KEY_FILE));
     }
 
     /**
@@ -191,6 +201,32 @@ public class TokenAuthLoginModule implements LoginModule {
             e.printStackTrace();
         }
         krbToken = new KrbToken(authToken, TokenFormat.JWT);
+        TokenEncoder tokenEncoder = KrbRuntime.getTokenProvider().createTokenEncoder();
+
+        if (tokenEncoder instanceof JwtTokenEncoder) {
+            PrivateKey signKey = null;
+            try {
+                FileInputStream fis = new FileInputStream(signKeyFile);
+                signKey = PrivateKeyReader.loadPrivateKey(fis);
+            } catch (FileNotFoundException e) {
+                e.printStackTrace();
+            } catch (Exception e) {
+                e.printStackTrace();
+            }
+
+            ((JwtTokenEncoder) tokenEncoder).setSignKey((RSAPrivateKey) signKey);
+        }
+
+        krbToken = new KrbToken();
+        krbToken.setInnerToken(authToken);
+        krbToken.setTokenType();
+        krbToken.setTokenFormat(TokenFormat.JWT);
+        try {
+            krbToken.setTokenValue(tokenEncoder.encodeAsBytes(authToken));
+        } catch (KrbException e) {
+            throw new RuntimeException("Failed to encode AuthToken", e);
+        }
+
         KrbClient krbClient = null;
         try {
             File confFile = new File(System.getProperty(Krb5Conf.KRB5_CONF));

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0500943b/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenJaasKrbUtil.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenJaasKrbUtil.java
b/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenJaasKrbUtil.java
index d7a91ab..46b1fa0 100644
--- a/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenJaasKrbUtil.java
+++ b/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenJaasKrbUtil.java
@@ -48,14 +48,14 @@ public class TokenJaasKrbUtil {
      * @throws LoginException e
      */
     public static Subject loginUsingToken(
-            String principal, File tokenCache, File armorCache, File ccache)
+            String principal, File tokenCache, File armorCache, File ccache, File signKeyFile)
             throws LoginException {
         Set<Principal> principals = new HashSet<Principal>();
         principals.add(new KerberosPrincipal(principal));
 
         Subject subject = new Subject(false, principals,
                 new HashSet<Object>(), new HashSet<Object>());
-        Configuration conf = useTokenCache(principal, tokenCache, armorCache, ccache);
+        Configuration conf = useTokenCache(principal, tokenCache, armorCache, ccache, signKeyFile);
         String confName = "TokenCacheConf";
         LoginContext loginContext = new LoginContext(confName, subject, null, conf);
         loginContext.login();
@@ -73,14 +73,14 @@ public class TokenJaasKrbUtil {
      * @throws LoginException e
      */
     public static Subject loginUsingToken(
-            String principal, String tokenStr, File armorCache, File ccache)
+            String principal, String tokenStr, File armorCache, File ccache, File signKeyFile)
             throws LoginException {
         Set<Principal> principals = new HashSet<Principal>();
         principals.add(new KerberosPrincipal(principal));
 
         Subject subject = new Subject(false, principals,
                 new HashSet<Object>(), new HashSet<Object>());
-        Configuration conf = useTokenStr(principal, tokenStr, armorCache, ccache);
+        Configuration conf = useTokenStr(principal, tokenStr, armorCache, ccache, signKeyFile);
         String confName = "TokenStrConf";
         LoginContext loginContext = new LoginContext(confName, subject, null, conf);
         loginContext.login();
@@ -88,13 +88,13 @@ public class TokenJaasKrbUtil {
     }
 
     private static Configuration useTokenCache(String principal, File tokenCache,
-                                              File armorCache, File tgtCache) {
-        return new TokenJaasConf(principal, tokenCache, armorCache, tgtCache);
+                                              File armorCache, File tgtCache, File signKeyFile)
{
+        return new TokenJaasConf(principal, tokenCache, armorCache, tgtCache, signKeyFile);
     }
 
     private static Configuration useTokenStr(String principal, String tokenStr,
-                                            File armorCache, File tgtCache) {
-        return new TokenJaasConf(principal, tokenStr, armorCache, tgtCache);
+                                            File armorCache, File tgtCache, File signKeyFile)
{
+        return new TokenJaasConf(principal, tokenStr, armorCache, tgtCache, signKeyFile);
     }
 
     /**
@@ -106,19 +106,24 @@ public class TokenJaasKrbUtil {
         private String tokenStr;
         private File armorCache;
         private File ccache;
+        private File signKeyFile;
 
-        public TokenJaasConf(String principal, File tokenCache, File armorCache, File ccache)
{
+        public TokenJaasConf(String principal, File tokenCache, File armorCache, File ccache,
+            File signKeyFile) {
             this.principal = principal;
             this.tokenCache = tokenCache;
             this.armorCache = armorCache;
             this.ccache = ccache;
+            this.signKeyFile = signKeyFile;
         }
 
-        public TokenJaasConf(String principal, String tokenStr, File armorCache, File ccache)
{
+        public TokenJaasConf(String principal, String tokenStr, File armorCache, File ccache,
+            File signKeyFile) {
             this.principal = principal;
             this.tokenStr = tokenStr;
             this.armorCache = armorCache;
             this.ccache = ccache;
+            this.signKeyFile = signKeyFile;
         }
 
         @Override
@@ -132,6 +137,7 @@ public class TokenJaasKrbUtil {
             }
             options.put(TokenAuthLoginModule.ARMOR_CACHE, armorCache.getAbsolutePath());
             options.put(TokenAuthLoginModule.CREDENTIAL_CACHE, ccache.getAbsolutePath());
+            options.put(TokenAuthLoginModule.SIGN_KEY_FILE, signKeyFile.getAbsolutePath());
 
             return new AppConfigurationEntry[]{
                     new AppConfigurationEntry(

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0500943b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginTestBase.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginTestBase.java
b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginTestBase.java
index c6f6f89..3943ffe 100644
--- a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginTestBase.java
+++ b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginTestBase.java
@@ -41,6 +41,7 @@ public class TokenLoginTestBase extends LoginTestBase {
     private File tokenCache;
     private File armorCache;
     private File tgtCache;
+    private File signKeyFile;
 
     static final String GROUP = "sales-group";
     static final String ROLE = "ADMIN";
@@ -55,13 +56,16 @@ public class TokenLoginTestBase extends LoginTestBase {
         super.setUp();
         armorCache = new File(getTestDir(), "armorcache.cc");
         tgtCache = new File(getTestDir(), "tgtcache.cc");
+        signKeyFile = new File(this.getClass().getResource("/private_key.pem").getPath());
     }
 
     @Override
     protected void configKdcSeverAndClient() {
         super.configKdcSeverAndClient();
         getKdcServer().getKdcConfig().setBoolean(KdcConfigKey.ALLOW_TOKEN_PREAUTH,
-                isTokenPreauthAllowed());
+            isTokenPreauthAllowed());
+        String verifyKeyFile = this.getClass().getResource("/").getPath();
+        getKdcServer().getKdcConfig().setString(KdcConfigKey.VERIFY_KEY, verifyKeyFile);
     }
 
     protected Boolean isTokenPreauthAllowed() {
@@ -120,21 +124,25 @@ public class TokenLoginTestBase extends LoginTestBase {
         return authToken;
     }
 
-    private Subject loginClientUsingTokenStr(String tokenStr, File armorCache, File tgtCache)
throws Exception {
-        return TokenJaasKrbUtil.loginUsingToken(getClientPrincipal(), tokenStr, armorCache,
tgtCache);
+    private Subject loginClientUsingTokenStr(String tokenStr, File armorCache, File tgtCache,
+                                             File signKeyFile) throws Exception {
+        return TokenJaasKrbUtil.loginUsingToken(getClientPrincipal(), tokenStr, armorCache,
+            tgtCache, signKeyFile);
     }
 
-    private Subject loginClientUsingTokenCache(File tokenCache, File armorCache, File tgtCache)
throws Exception {
-        return TokenJaasKrbUtil.loginUsingToken(getClientPrincipal(), tokenCache, armorCache,
tgtCache);
+    private Subject loginClientUsingTokenCache(File tokenCache, File armorCache, File tgtCache,
+                                               File signKeyFile) throws Exception {
+        return TokenJaasKrbUtil.loginUsingToken(getClientPrincipal(), tokenCache, armorCache,
+            tgtCache, signKeyFile);
     }
 
     protected void testLoginWithTokenStr() throws Exception {
         String tokenStr = createTokenAndArmorCache();
-        checkSubject(loginClientUsingTokenStr(tokenStr, armorCache, tgtCache));
+        checkSubject(loginClientUsingTokenStr(tokenStr, armorCache, tgtCache, signKeyFile));
     }
 
     protected void testLoginWithTokenCache() throws Exception {
         createTokenAndArmorCache();
-        checkSubject(loginClientUsingTokenCache(tokenCache, armorCache, tgtCache));
+        checkSubject(loginClientUsingTokenCache(tokenCache, armorCache, tgtCache, signKeyFile));
     }
 }

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0500943b/kerby-kerb/integration-test/src/test/resources/private_key.pem
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/test/resources/private_key.pem b/kerby-kerb/integration-test/src/test/resources/private_key.pem
new file mode 100644
index 0000000..1c2ee59
--- /dev/null
+++ b/kerby-kerb/integration-test/src/test/resources/private_key.pem
@@ -0,0 +1,16 @@
+-----BEGIN PRIVATE KEY-----
+MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBALgFoK6Q+a95oe1X
+s7Fc/z+YIJVjagdep37qIiWI9FULGKuCnZceDaesCQElO3/LXcgcJ5WXoC+btQzN
+fHG/rQ00PUd7r7MMyCHchVkz9d7y40c0XYLqNHpngpD8Z9xxO8u4RDBY63jsKNk0
+MwUXOvaeI5lSzpX/RDOoNsd0NzdtAgMBAAECgYBkEutnA4BFZSgiImeeNKy6sMhH
+dWDb0SXVZw5ayzfUZ8xquQVqgPV8EZpz/QN2Y+oEQQtl1qdOPKcg5z6dvVclwm8d
+aWeflrGcH45QI5mjxsuN/1D/xY5A7adO+/KWBwoUElmJ/OAIPXeaPyQh+FL2Y6Kd
+snrq+6LXYWZzZn+vIQJBAOkWN3SWEimgW5hLPZRtVw5Y+tXfDp6q8YRXK8RREtmi
+HKJySYjyMz01kda3IVVq4siFvTQt0mP9St8RjNrERSsCQQDKHKmudIdUAU+nRs89
+i5S0N9x3jiX7j+yO+9b5Nm+JAPsimA/pA2gQhkXD5UURerIoEc/JLODdqbmT5G7b
+DNnHAkEA3uL0wpKi6ZVDIT2JtD5eSgUCT7ON2mIis2dcHc1dFimz8g8RjFf2cWih
+fc3+nRypohBpXdUXY7AZgXfZ1nRqowJBAMh1f1JZn3ORTViC4b+QNnA8y30EzuVg
+TWdPn1tUQ3GmOG+KVJVu3IMvOfje6A87G4Kkj+tfiLQxx69IrS6z4zcCQCkeIynb
+RSoEti3Dxtstxn8HMWGpz1SyAtI9/lmmxec+HNOIvgwX8z28VtAbRMo+lt/Fp0rn
+bfFmyZ0PPmTHrLE=
+-----END PRIVATE KEY-----

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0500943b/kerby-kerb/integration-test/src/test/resources/token-service-public_key.pem
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/test/resources/token-service-public_key.pem b/kerby-kerb/integration-test/src/test/resources/token-service-public_key.pem
new file mode 100644
index 0000000..471a517
--- /dev/null
+++ b/kerby-kerb/integration-test/src/test/resources/token-service-public_key.pem
@@ -0,0 +1,6 @@
+-----BEGIN PUBLIC KEY-----
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4BaCukPmveaHtV7OxXP8/mCCV
+Y2oHXqd+6iIliPRVCxirgp2XHg2nrAkBJTt/y13IHCeVl6Avm7UMzXxxv60NND1H
+e6+zDMgh3IVZM/Xe8uNHNF2C6jR6Z4KQ/GfccTvLuEQwWOt47CjZNDMFFzr2niOZ
+Us6V/0QzqDbHdDc3bQIDAQAB
+-----END PUBLIC KEY-----

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0500943b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/base/KrbToken.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/base/KrbToken.java
b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/base/KrbToken.java
index 5e3ce13..c40b7bb 100644
--- a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/base/KrbToken.java
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/base/KrbToken.java
@@ -104,7 +104,7 @@ public class KrbToken extends KrbSequenceType implements AuthToken {
     /**
      * Set token type.
      */
-    private void setTokenType() {
+    public void setTokenType() {
         List<String> audiences = this.innerToken.getAudiences();
         if (audiences.size() == 1 && audiences.get(0).startsWith(KrbConstant.TGS_PRINCIPAL))
{
             isIdToken(true);
@@ -327,4 +327,8 @@ public class KrbToken extends KrbSequenceType implements AuthToken {
     public void addAttribute(String name, Object value) {
         innerToken.addAttribute(name, value);
     }
+
+    public void setInnerToken(AuthToken authToken) {
+        this.innerToken = authToken;
+    }
 }


Mime
View raw message