Return-Path: <commits-return-48446-archive-asf-public=cust-asf.ponee.io@directory.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id E4962200CCF
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Mon, 24 Jul 2017 13:50:45 +0200 (CEST)
Received: by cust-asf.ponee.io (Postfix)
	id E0E25164F5F; Mon, 24 Jul 2017 11:50:45 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id 39DA0164F4E
	for <archive-asf-public@cust-asf.ponee.io>; Mon, 24 Jul 2017 13:50:45 +0200 (CEST)
Received: (qmail 21310 invoked by uid 500); 24 Jul 2017 11:50:44 -0000
Mailing-List: contact commits-help@directory.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@directory.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@directory.apache.org>
List-Post: <mailto:commits@directory.apache.org>
List-Id: <commits.directory.apache.org>
Reply-To: dev@directory.apache.org
Delivered-To: mailing list commits@directory.apache.org
Received: (qmail 20993 invoked by uid 99); 24 Jul 2017 11:50:44 -0000
Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 24 Jul 2017 11:50:44 +0000
Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33)
	id 10F3BDFC33; Mon, 24 Jul 2017 11:50:43 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: coheigea@apache.org
To: commits@directory.apache.org
Date: Mon, 24 Jul 2017 11:50:50 -0000
Message-Id: <0f55582fd0b44a35b72fc112ea1d71f2@git.apache.org>
In-Reply-To: <a0b472dba95c45128bec6e88f89f2fa0@git.apache.org>
References: <a0b472dba95c45128bec6e88f89f2fa0@git.apache.org>
X-Mailer: ASF-Git Admin Mailer
Subject: [09/18] directory-kerby git commit: Revert "DIRKRB-581 - Imcompatible
 token header in init context against JDK GssApi. Thanks to Wei Zhou."
archived-at: Mon, 24 Jul 2017 11:50:46 -0000

Revert "DIRKRB-581 - Imcompatible token header in init context against JDK GssApi. Thanks to Wei Zhou."

This reverts commit 2bc1ac75c435f1ae09dfea492f6a655329763bd5.


Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/d72f5a9d
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/d72f5a9d
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/d72f5a9d

Branch: refs/heads/1.0.x-fixes
Commit: d72f5a9d9666271d71fbd4d25943a575d74aa172
Parents: 96494e9
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Mon Jul 24 12:45:20 2017 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Mon Jul 24 12:45:20 2017 +0100

----------------------------------------------------------------------
 .../kerberos/kerb/gssapi/krb5/KerbyContext.java | 31 ++++----------------
 1 file changed, 5 insertions(+), 26 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/d72f5a9d/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gssapi/krb5/KerbyContext.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gssapi/krb5/KerbyContext.java b/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gssapi/krb5/KerbyContext.java
index 5395afd..eba2a26 100644
--- a/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gssapi/krb5/KerbyContext.java
+++ b/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gssapi/krb5/KerbyContext.java
@@ -48,7 +48,6 @@ import javax.security.auth.kerberos.KerberosTicket;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
-import java.nio.ByteBuffer;
 import java.security.Provider;
 
 @SuppressWarnings("PMD")
@@ -59,9 +58,6 @@ public class KerbyContext implements GSSContextSpi {
     private static final int STATE_ESTABLISHED = 2;
     private static final int STATE_DESTROYED = 3;
 
-    private static final byte[] MSG_AP_REQ = {(byte) 0x1, (byte) 0};
-    private static final byte[] MSG_AP_REP = {(byte) 0x2, (byte) 0};
-
     private int ctxState = STATE_NONE;
 
     private final GSSCaller caller;
@@ -293,11 +289,7 @@ public class KerbyContext implements GSSContextSpi {
             }
             setupInitiatorContext(sgtTicket, apRequest);
             try {
-                ByteBuffer outBuffer = ByteBuffer.allocate(outApReq.encodingLength() + 2);
-                outBuffer.put(MSG_AP_REQ);
-                outApReq.encode(outBuffer);
-                outBuffer.flip();
-                ret = outBuffer.array();
+                ret = outApReq.encode();
             } catch (IOException e) {
                 throw new GSSException(GSSException.FAILURE, -1, "Generate ApReq bytes failed: " + e.getMessage());
             }
@@ -354,13 +346,9 @@ public class KerbyContext implements GSSContextSpi {
      */
     private void verifyServerToken(InputStream is, int mechTokenSize)
             throws GSSException {
-        byte[] token;
+        byte[] token = new byte[mechTokenSize];
         ApRep apRep;
         try {
-            if (!(is.read() == MSG_AP_REP[0] && is.read() == MSG_AP_REP[1])) {
-                throw new GSSException(GSSException.FAILURE, -1, "Invalid ApRep message ID");
-            }
-            token = new byte[mechTokenSize - MSG_AP_REP.length];
             is.read(token);
             apRep = new ApRep();
             apRep.decode(token);
@@ -416,19 +404,14 @@ public class KerbyContext implements GSSContextSpi {
 
     private byte[] verifyClientToken(KerbyAcceptCred acceptCred, InputStream is, int mechTokenSize)
             throws GSSException {
-        byte[] token;
+        byte[] token = new byte[mechTokenSize];
         ApReq apReq;
         try {
-            if (!(is.read() == MSG_AP_REQ[0] && is.read() == MSG_AP_REQ[1])) {
-                throw new GSSException(GSSException.FAILURE, -1, "Invalid ApReq message ID");
-            }
-
-            token = new byte[mechTokenSize - MSG_AP_REQ.length];
             is.read(token);
             apReq = new ApReq();
             apReq.decode(token);
         } catch (IOException e) {
-            throw new GSSException(GSSException.UNAUTHORIZED, -1, "ApReq invalid:" + e.getMessage());
+            throw new GSSException(GSSException.UNAUTHORIZED, -1, "ApReq invalid" + e.getMessage());
         }
 
         int kvno = apReq.getTicket().getEncryptedEncPart().getKvno();
@@ -476,11 +459,7 @@ public class KerbyContext implements GSSContextSpi {
 
         byte[] ret = null;
         try {
-            ByteBuffer outBuffer = ByteBuffer.allocate(apRep.encodingLength() + 2);
-            outBuffer.put(MSG_AP_REP);
-            apRep.encode(outBuffer);
-            outBuffer.flip();
-            ret = outBuffer.array();
+            ret = apRep.encode();
         } catch (IOException e) {
             throw new GSSException(GSSException.FAILURE, -1, "Generate ApRep bytes failed:" + e.getMessage());
         }