directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From plusplusjia...@apache.org
Subject directory-kerby git commit: Get the pkinit anchors from config file.
Date Tue, 22 Dec 2015 08:18:42 GMT
Repository: directory-kerby
Updated Branches:
  refs/heads/master 803b3d052 -> 5b6cf76f8


Get the pkinit anchors from config file.


Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/5b6cf76f
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/5b6cf76f
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/5b6cf76f

Branch: refs/heads/master
Commit: 5b6cf76f867d7adf0305fd4d030fc0db16301ff1
Parents: 803b3d0
Author: plusplusjiajia <jiajia.li@intel.com>
Authored: Tue Dec 22 16:24:39 2015 +0800
Committer: plusplusjiajia <jiajia.li@intel.com>
Committed: Tue Dec 22 16:24:39 2015 +0800

----------------------------------------------------------------------
 .../kerby/kerberos/kdc/AnonymousPkinitKdcTest.java       | 10 ++++++----
 .../kerby/kerberos/kerb/client/KrbPkinitClient.java      |  3 +--
 .../kerb/client/preauth/pkinit/PkinitPreauth.java        |  3 +++
 .../kerberos/kerb/client/request/AsRequestWithCert.java  | 11 +++++------
 .../kerb/codec/TestPkinitAnonymousAsReqCodec.java        |  8 ++++++--
 .../kerb/server/preauth/pkinit/PkinitPreauth.java        |  8 +++++---
 6 files changed, 26 insertions(+), 17 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/5b6cf76f/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/AnonymousPkinitKdcTest.java
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/AnonymousPkinitKdcTest.java
b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/AnonymousPkinitKdcTest.java
index fa26413..9e64fe8 100644
--- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/AnonymousPkinitKdcTest.java
+++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/AnonymousPkinitKdcTest.java
@@ -20,6 +20,7 @@
 package org.apache.kerby.kerberos.kdc;
 
 import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.client.KrbConfigKey;
 import org.apache.kerby.kerberos.kerb.client.KrbPkinitClient;
 import org.apache.kerby.kerberos.kerb.server.KdcConfigKey;
 import org.apache.kerby.kerberos.kerb.server.KdcTestBase;
@@ -28,8 +29,6 @@ import org.apache.kerby.kerberos.kerb.type.ticket.TgtTicket;
 import org.junit.Before;
 import org.junit.Test;
 
-import java.net.URL;
-
 import static org.assertj.core.api.Assertions.assertThat;
 
 public class AnonymousPkinitKdcTest extends KdcTestBase {
@@ -48,6 +47,9 @@ public class AnonymousPkinitKdcTest extends KdcTestBase {
         String pkinitIdentity = getClass().getResource("/kdccerttest.pem").getPath() + ","
                 + getClass().getResource("/kdckey.pem").getPath();
         getKdcServer().getKdcConfig().setString(KdcConfigKey.PKINIT_IDENTITY, pkinitIdentity);
+
+        String pkinitAnchors = getClass().getResource("/cacerttest.pem").getPath();
+        getKrbClient().getKrbConfig().setString(KrbConfigKey.PKINIT_ANCHORS, pkinitAnchors);
     }
 
     @Override
@@ -63,11 +65,11 @@ public class AnonymousPkinitKdcTest extends KdcTestBase {
 
         getKrbClient().init();
 
-        URL url = getClass().getResource("/cacerttest.pem");
+
         TgtTicket tgt;
         KrbPkinitClient pkinitClient = new KrbPkinitClient(getKrbClient());
         try {
-            tgt = pkinitClient.requestTgt(url.getPath());
+            tgt = pkinitClient.requestTgt();
         } catch (KrbException te) {
             te.printStackTrace();
             assertThat(te.getMessage().contains("timeout")).isTrue();

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/5b6cf76f/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbPkinitClient.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbPkinitClient.java
b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbPkinitClient.java
index 0f8b8b6..4668583 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbPkinitClient.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbPkinitClient.java
@@ -86,11 +86,10 @@ public class KrbPkinitClient extends KrbClientBase {
      * @return TGT
      * @throws KrbException e
      */
-    public TgtTicket requestTgt(String anchors) throws KrbException {
+    public TgtTicket requestTgt() throws KrbException {
         KOptions requestOptions = new KOptions();
         requestOptions.add(PkinitOption.USE_ANONYMOUS);
         requestOptions.add(KrbOption.CLIENT_PRINCIPAL, "WELLKNOWN/ANONYMOUS");
-        requestOptions.add(PkinitOption.X509_ANCHORS, anchors);
         return requestTgt(requestOptions);
     }
 }

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/5b6cf76f/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java
b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java
index 640f718..0ad5219 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java
@@ -20,8 +20,10 @@
 package org.apache.kerby.kerberos.kerb.client.preauth.pkinit;
 
 import org.apache.kerby.KOptions;
+import org.apache.kerby.asn1.Asn1;
 import org.apache.kerby.asn1.type.Asn1Integer;
 import org.apache.kerby.asn1.type.Asn1ObjectIdentifier;
+import org.apache.kerby.cms.type.SignedContentInfo;
 import org.apache.kerby.kerberos.kerb.KrbCodec;
 import org.apache.kerby.kerberos.kerb.KrbException;
 import org.apache.kerby.kerberos.kerb.client.KrbContext;
@@ -57,6 +59,7 @@ import org.slf4j.LoggerFactory;
 
 import javax.crypto.interfaces.DHPublicKey;
 import javax.crypto.spec.DHParameterSpec;
+import java.io.IOException;
 import java.math.BigInteger;
 import java.util.Arrays;
 import java.util.Calendar;

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/5b6cf76f/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/request/AsRequestWithCert.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/request/AsRequestWithCert.java
b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/request/AsRequestWithCert.java
index 88ee075..f6e0e41 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/request/AsRequestWithCert.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/request/AsRequestWithCert.java
@@ -46,6 +46,7 @@ import org.apache.kerby.kerberos.kerb.type.pa.PaDataEntry;
 import org.apache.kerby.kerberos.kerb.type.pa.PaDataType;
 import org.apache.kerby.kerberos.kerb.type.pa.pkinit.DHRepInfo;
 import org.apache.kerby.kerberos.kerb.type.pa.pkinit.KdcDHKeyInfo;
+import org.apache.kerby.kerberos.kerb.type.pa.pkinit.PaPkAsRep;
 import org.apache.kerby.x509.type.Certificate;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -108,10 +109,8 @@ public class AsRequestWithCert extends AsRequest {
             if (paEntry.getPaDataType() == PaDataType.PK_AS_REP) {
                 LOG.info("processing PK_AS_REP");
 
-                //TODO CHOICE
-                //PaPkAsRep paPkAsRep = KrbCodec.decode(paEntry.getPaDataValue(), PaPkAsRep.class);
-                //DHRepInfo dhRepInfo = paPkAsRep.getDHRepInfo();
-                DHRepInfo dhRepInfo = KrbCodec.decode(paEntry.getPaDataValue(), DHRepInfo.class);
+                PaPkAsRep paPkAsRep = KrbCodec.decode(paEntry.getPaDataValue(), PaPkAsRep.class);
+                DHRepInfo dhRepInfo = paPkAsRep.getDHRepInfo();
 
                 byte[] dhSignedData = dhRepInfo.getDHSignedData();
 
@@ -127,8 +126,8 @@ public class AsRequestWithCert extends AsRequest {
                 PkinitCrypto.verifyCMSSignedData(
                         CMSMessageType.CMS_SIGN_SERVER, signedData);
 
-                String anchorFileName =
-                    getPreauthOptions().getStringOption(PkinitOption.X509_ANCHORS);
+
+                String anchorFileName = getContext().getConfig().getPkinitAnchors().get(0);
 
                 X509Certificate x509Certificate = null;
                 try {

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/5b6cf76f/kerby-kerb/kerb-core/src/test/java/org/apache/kerby/kerberos/kerb/codec/TestPkinitAnonymousAsReqCodec.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/test/java/org/apache/kerby/kerberos/kerb/codec/TestPkinitAnonymousAsReqCodec.java
b/kerby-kerb/kerb-core/src/test/java/org/apache/kerby/kerberos/kerb/codec/TestPkinitAnonymousAsReqCodec.java
index 8f8baed..8a59ee1 100644
--- a/kerby-kerb/kerb-core/src/test/java/org/apache/kerby/kerberos/kerb/codec/TestPkinitAnonymousAsReqCodec.java
+++ b/kerby-kerb/kerb-core/src/test/java/org/apache/kerby/kerberos/kerb/codec/TestPkinitAnonymousAsReqCodec.java
@@ -116,8 +116,12 @@ public class TestPkinitAnonymousAsReqCodec {
         assertThat(contentInfo.getContentType().getValue()).isEqualTo("1.2.840.113549.1.7.2");
         Asn1.dump(contentInfo);
 
-        SignedData signedData = contentInfo.getContentAs(SignedData.class);
-        assertThat(signedData.getCertificates().getElements().isEmpty()).isEqualTo(true);
+        SignedData signedData = contentInfo.getSignedData();
+        assertThat(signedData.getVersion()).isEqualTo(3);
+        assertThat(signedData.getDigestAlgorithms().getElements().isEmpty()).isTrue();
+        assertThat(signedData.getCertificates().getElements().isEmpty()).isTrue();
+        assertThat(signedData.getCrls().getElements().isEmpty()).isTrue();
+        assertThat(signedData.getSignerInfos().getElements().isEmpty()).isTrue();
         assertThat(signedData.getEncapContentInfo().getContentType().getValue())
                 .isEqualTo("1.3.6.1.5.2.3.1");
 

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/5b6cf76f/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
index bceef01..86d0a61 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
@@ -279,9 +279,11 @@ public class PkinitPreauth extends AbstractPreauthPlugin {
         PaDataEntry paDataEntry = new PaDataEntry();
         paDataEntry.setPaDataType(PaDataType.PK_AS_REP);
         //TODO CHOICE
-        //paDataEntry.setPaDataValue(paPkAsRep.encode());
-        byte[] paData = KrbCodec.encode(paPkAsRep.getDHRepInfo());
-        paDataEntry.setPaDataValue(paData);
+        try {
+            paDataEntry.setPaDataValue(paPkAsRep.encode());
+        } catch (IOException e) {
+            e.printStackTrace();
+        }
 
         return paDataEntry;
     }


Mime
View raw message