Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 343CA200B41 for ; Thu, 7 Jul 2016 08:41:49 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 32CEA160A89; Thu, 7 Jul 2016 06:41:49 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 5604E160A59 for ; Thu, 7 Jul 2016 08:41:48 +0200 (CEST) Received: (qmail 69609 invoked by uid 500); 7 Jul 2016 06:41:47 -0000 Mailing-List: contact commits-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@directory.apache.org Delivered-To: mailing list commits@directory.apache.org Received: (qmail 69353 invoked by uid 99); 7 Jul 2016 06:41:46 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 07 Jul 2016 06:41:46 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 348B8E07FE; Thu, 7 Jul 2016 06:41:46 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: plusplusjiajia@apache.org To: commits@directory.apache.org Date: Thu, 07 Jul 2016 06:41:48 -0000 Message-Id: <033f62f2c6914c6b90e6d33ca92e3871@git.apache.org> In-Reply-To: References: X-Mailer: ASF-Git Admin Mailer Subject: [03/27] directory-kerby git commit: Adding Token Auth testcase archived-at: Thu, 07 Jul 2016 06:41:49 -0000 Adding Token Auth testcase Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/68933ae0 Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/68933ae0 Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/68933ae0 Branch: refs/heads/kpasswd Commit: 68933ae0cf397cf1f0e9af9a1934243de62cb9ab Parents: b0d7554 Author: Colm O hEigeartaigh Authored: Fri Jul 1 12:07:01 2016 +0100 Committer: Colm O hEigeartaigh Committed: Fri Jul 1 12:07:01 2016 +0100 ---------------------------------------------------------------------- .../integration/test/TokenLoginTestBase.java | 10 ++- .../TokenLoginWithTokenPreauthEnabledTest.java | 74 ++++++++++++++++++++ 2 files changed, 83 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/68933ae0/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginTestBase.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginTestBase.java b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginTestBase.java index 4741372..7258907 100644 --- a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginTestBase.java +++ b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginTestBase.java @@ -141,11 +141,19 @@ public class TokenLoginTestBase extends LoginTestBase { protected void testLoginWithTokenStr() throws Exception { String tokenStr = createTokenAndArmorCache(); - checkSubject(loginClientUsingTokenStr(tokenStr, armorCache, tgtCache, signKeyFile)); + Subject subj = loginClientUsingTokenStr(tokenStr, armorCache, tgtCache, signKeyFile); + checkSubject(subj); } protected void testLoginWithTokenCache() throws Exception { createTokenAndArmorCache(); checkSubject(loginClientUsingTokenCache(tokenCache, armorCache, tgtCache, signKeyFile)); } + + protected Subject testLoginWithTokenCacheAndRetSubject() throws Exception { + createTokenAndArmorCache(); + Subject subj = loginClientUsingTokenCache(tokenCache, armorCache, tgtCache, signKeyFile); + checkSubject(subj); + return subj; + } } http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/68933ae0/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginWithTokenPreauthEnabledTest.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginWithTokenPreauthEnabledTest.java b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginWithTokenPreauthEnabledTest.java index 86faf11..ed4ec8a 100644 --- a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginWithTokenPreauthEnabledTest.java +++ b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginWithTokenPreauthEnabledTest.java @@ -19,6 +19,19 @@ */ package org.apache.kerby.kerberos.kerb.integration.test; +import java.security.Principal; +import java.security.PrivilegedExceptionAction; +import java.util.Set; + +import javax.security.auth.Subject; + +import org.ietf.jgss.GSSContext; +import org.ietf.jgss.GSSCredential; +import org.ietf.jgss.GSSException; +import org.ietf.jgss.GSSManager; +import org.ietf.jgss.GSSName; +import org.ietf.jgss.Oid; +import org.junit.Assert; import org.junit.Test; /** @@ -40,4 +53,65 @@ public class TokenLoginWithTokenPreauthEnabledTest extends TokenLoginTestBase { public void testLoginWithTokenCache() throws Exception { super.testLoginWithTokenCache(); } + + @Test + @org.junit.Ignore + public void testLoginWithTokenCacheGSS() throws Exception { + Subject subject = super.testLoginWithTokenCacheAndRetSubject(); + Set clientPrincipals = subject.getPrincipals(); + + // Get the service ticket + KerberosClientExceptionAction action = + new KerberosClientExceptionAction(clientPrincipals.iterator().next(), + getServerPrincipal()); + + byte[] kerberosToken = (byte[]) Subject.doAs(subject, action); + Assert.assertNotNull(kerberosToken); + } + + /** + * This class represents a PrivilegedExceptionAction implementation to + * a service ticket from a Kerberos Key Distribution Center. + */ + private class KerberosClientExceptionAction implements PrivilegedExceptionAction { + + private static final String JGSS_KERBEROS_TICKET_OID = "1.2.840.113554.1.2.2"; + + private Principal clientPrincipal; + private String serviceName; + + KerberosClientExceptionAction(Principal clientPrincipal, String serviceName) { + this.clientPrincipal = clientPrincipal; + this.serviceName = serviceName; + } + + public byte[] run() throws GSSException { + GSSManager gssManager = GSSManager.getInstance(); + + GSSName gssService = gssManager.createName(serviceName, + GSSName.NT_USER_NAME); + Oid oid = new Oid(JGSS_KERBEROS_TICKET_OID); + GSSName gssClient = gssManager.createName(clientPrincipal.getName(), + GSSName.NT_USER_NAME); + GSSCredential credentials = gssManager.createCredential( + gssClient, GSSCredential.DEFAULT_LIFETIME, oid, + GSSCredential.INITIATE_ONLY); + + GSSContext secContext = gssManager.createContext( + gssService, oid, credentials, GSSContext.DEFAULT_LIFETIME + ); + + secContext.requestMutualAuth(false); + secContext.requestCredDeleg(false); + + try { + byte[] token = new byte[0]; + byte[] returnedToken = secContext.initSecContext(token, + 0, token.length); + return returnedToken; + } finally { + secContext.dispose(); + } + } + } }