harmony-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From le...@apache.org
Subject svn commit: r587796 - in /harmony/enhanced/classlib/trunk/modules/auth/src: main/java/common/org/apache/harmony/auth/jgss/kerberos/KerberosUtils.java test/java/common/org/apache/harmony/auth/tests/jgss/kerberos/KerberosUtilsTest.java
Date Wed, 24 Oct 2007 05:49:07 GMT
Author: leoli
Date: Tue Oct 23 22:49:07 2007
New Revision: 587796

URL: http://svn.apache.org/viewvc?rev=587796&view=rev
Log:
Apply patch for HARMONY-4721([classlib][auth]Harmony lacks default JGSS provider)(3) Add support
to abtain TGT kerberos ticket in org.apache.harmony.auth.jgss.kerberos.KerberosUtils.

Modified:
    harmony/enhanced/classlib/trunk/modules/auth/src/main/java/common/org/apache/harmony/auth/jgss/kerberos/KerberosUtils.java
    harmony/enhanced/classlib/trunk/modules/auth/src/test/java/common/org/apache/harmony/auth/tests/jgss/kerberos/KerberosUtilsTest.java

Modified: harmony/enhanced/classlib/trunk/modules/auth/src/main/java/common/org/apache/harmony/auth/jgss/kerberos/KerberosUtils.java
URL: http://svn.apache.org/viewvc/harmony/enhanced/classlib/trunk/modules/auth/src/main/java/common/org/apache/harmony/auth/jgss/kerberos/KerberosUtils.java?rev=587796&r1=587795&r2=587796&view=diff
==============================================================================
--- harmony/enhanced/classlib/trunk/modules/auth/src/main/java/common/org/apache/harmony/auth/jgss/kerberos/KerberosUtils.java
(original)
+++ harmony/enhanced/classlib/trunk/modules/auth/src/main/java/common/org/apache/harmony/auth/jgss/kerberos/KerberosUtils.java
Tue Oct 23 22:49:07 2007
@@ -18,6 +18,18 @@
 package org.apache.harmony.auth.jgss.kerberos;
 
 import java.lang.reflect.Constructor;
+import java.security.AccessControlContext;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.util.Set;
+
+import javax.security.auth.DestroyFailedException;
+import javax.security.auth.RefreshFailedException;
+import javax.security.auth.Subject;
+import javax.security.auth.kerberos.KerberosPrincipal;
+import javax.security.auth.kerberos.KerberosTicket;
+import javax.security.auth.login.LoginContext;
+import javax.security.auth.login.LoginException;
 
 import org.apache.harmony.auth.jgss.kerberos.toolbox.KerberosToolboxSpi;
 import org.ietf.jgss.GSSException;
@@ -25,37 +37,131 @@
 import org.ietf.jgss.Oid;
 
 public class KerberosUtils {
-	public static final String DEFAULT_CHARSET_NAME = "UTF-8";
+    public static final String DEFAULT_CHARSET_NAME = "UTF-8";
 
-	public static final int DEFAULT_GSSEXCEPTION_MAJOR_CODE = 3;
+    public static final int DEFAULT_GSSEXCEPTION_MAJOR_CODE = 3;
 
-	public static final int DEFAULT_GSSEXCEPTION_MINOR_CODE = 0;
-	
-	public static final Oid KRB5_MECH;
-	
-	public static final Oid KRB5_PRINCIPAL_NAMETYPE;
+    public static final int DEFAULT_GSSEXCEPTION_MINOR_CODE = 0;
+
+    public static final Oid KRB5_MECH;
+
+    public static final Oid KRB5_PRINCIPAL_NAMETYPE;
+
+    public static final Oid[] SUPPORTED_NAME_MECHS;
 
-	public static final Oid[] SUPPORTED_NAME_MECHS;
-    
     public static final String KERBEROS_TOOLBOX_PROVIDER = "org.apache.harmony.auth.jgss.kerberos.toolbox.KerberosToolboxImpl";
 
-	static {
-		try {
-			KRB5_MECH = new Oid("1.2.840.113554.1.2.2");
-			KRB5_PRINCIPAL_NAMETYPE = new Oid("1.2.840.113554.1.2.2.1");
-
-		} catch (GSSException e) {
-			throw new Error();
-		}
-		SUPPORTED_NAME_MECHS = new Oid[] { GSSName.NT_USER_NAME,
-				GSSName.NT_HOSTBASED_SERVICE, GSSName.NT_EXPORT_NAME,
-				KRB5_PRINCIPAL_NAMETYPE };
-	}
-    
-    public static KerberosToolboxSpi getKerberosToolbox(String kdcName) throws Exception{
+    public static final String KERBEROS_CONTEXT_INIT = "org.apache.harmony.auth.jgss.initiate";
+
+    public static final String KERBEROS_CONTEXT_ACCEPT = "org.apache.harmony.auth.jgss.accept";
+
+    static {
+        try {
+            KRB5_MECH = new Oid("1.2.840.113554.1.2.2");
+            KRB5_PRINCIPAL_NAMETYPE = new Oid("1.2.840.113554.1.2.2.1");
+
+        } catch (GSSException e) {
+            throw new Error();
+        }
+        SUPPORTED_NAME_MECHS = new Oid[] { GSSName.NT_USER_NAME,
+                GSSName.NT_HOSTBASED_SERVICE, GSSName.NT_EXPORT_NAME,
+                KRB5_PRINCIPAL_NAMETYPE };
+    }
+
+    public static KerberosToolboxSpi getKerberosToolbox(String kdcName)
+            throws Exception {
         Class cls = Class.forName(KERBEROS_TOOLBOX_PROVIDER);
         Constructor constructor = cls.getConstructor(String.class);
-        return (KerberosToolboxSpi) constructor.newInstance(kdcName);        
+        return (KerberosToolboxSpi) constructor.newInstance(kdcName);
+    }
+
+    private static KerberosTicket getKerberosTicketFromContext(
+            final KerberosPrincipal clientPrincipal,
+            final KerberosPrincipal serverPrincipal) {
+        AccessControlContext acc = AccessController.getContext();
+        return AccessController.doPrivileged(
+                new PrivilegedAction<KerberosTicket>() {
+
+                    public KerberosTicket run() {
+                        AccessControlContext acc = AccessController
+                                .getContext();
+                        Subject subject = Subject.getSubject(acc);
+                        return getTicketFromSubject(subject, clientPrincipal, serverPrincipal);
+                    }
+                }, acc);
+
     }
 
+    private static KerberosTicket getTicketFromSubject(Subject subject,
+            final KerberosPrincipal clientPrincipal, final KerberosPrincipal serverPrincipal)
{        
+        if (null == subject) {
+            return null;
+        }
+        Set<KerberosTicket> kerberosTickets = subject
+                .getPrivateCredentials(KerberosTicket.class);
+        for (KerberosTicket tgt : kerberosTickets) {
+            if (clientPrincipal.equals(tgt.getClient())
+                    && serverPrincipal.equals(tgt.getServer())) {
+                if (isCurrent(tgt)) {
+                    return tgt;
+                }
+
+                // the kerberosTicket cannot be renewed. Just
+                // discard it
+                // from the subject's private credentials.
+                kerberosTickets.remove(tgt);
+                return null;
+            }
+        }        
+        return null;
+    }
+
+    private static boolean isCurrent(KerberosTicket ticket) {
+        if (!ticket.isCurrent()) {
+            try {
+                ticket.refresh();
+            } catch (RefreshFailedException e) {
+                try {
+                    ticket.destroy();
+                } catch (DestroyFailedException e1) {
+                    e1.printStackTrace();
+                }
+                return false;
+            }
+        }
+        return true;
+    }
+
+    private static KerberosTicket getTGTFromLoginModule(
+            KerberosPrincipal clientPrincipal) {
+        LoginContext loginContext = null;
+        try {
+            loginContext = new LoginContext(KERBEROS_CONTEXT_INIT);
+            loginContext.login();
+
+        } catch (LoginException e) {
+            e.printStackTrace();
+            return null;
+        }
+        Subject subject = loginContext.getSubject();
+        return getTicketFromSubject(subject, clientPrincipal, getTGTServerPrincipal(clientPrincipal));
      
+    }
+
+    private static KerberosPrincipal getTGTServerPrincipal(
+            KerberosPrincipal clientPrincipal) {
+        String realm = clientPrincipal.getRealm();
+        return new KerberosPrincipal("krbtgt/" + realm + "@" + realm);
+    }
+
+    public static KerberosTicket getTGT(KerberosPrincipal clientPrincipal) {
+        KerberosTicket tgt = null;
+        if (clientPrincipal != null) {
+            tgt = getKerberosTicketFromContext(clientPrincipal,
+                    getTGTServerPrincipal(clientPrincipal));
+        }
+        if (null != tgt) {
+            return tgt;
+        }
+        return getTGTFromLoginModule(clientPrincipal);
+    }
 }

Modified: harmony/enhanced/classlib/trunk/modules/auth/src/test/java/common/org/apache/harmony/auth/tests/jgss/kerberos/KerberosUtilsTest.java
URL: http://svn.apache.org/viewvc/harmony/enhanced/classlib/trunk/modules/auth/src/test/java/common/org/apache/harmony/auth/tests/jgss/kerberos/KerberosUtilsTest.java?rev=587796&r1=587795&r2=587796&view=diff
==============================================================================
--- harmony/enhanced/classlib/trunk/modules/auth/src/test/java/common/org/apache/harmony/auth/tests/jgss/kerberos/KerberosUtilsTest.java
(original)
+++ harmony/enhanced/classlib/trunk/modules/auth/src/test/java/common/org/apache/harmony/auth/tests/jgss/kerberos/KerberosUtilsTest.java
Tue Oct 23 22:49:07 2007
@@ -17,6 +17,15 @@
 
 package org.apache.harmony.auth.tests.jgss.kerberos;
 
+import java.util.Date;
+import java.security.AccessControlContext;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+
+import javax.security.auth.Subject;
+import javax.security.auth.kerberos.KerberosPrincipal;
+import javax.security.auth.kerberos.KerberosTicket;
+
 import org.apache.harmony.auth.jgss.kerberos.KerberosUtils;
 import org.apache.harmony.auth.jgss.kerberos.toolbox.KerberosToolboxImpl;
 import org.apache.harmony.auth.jgss.kerberos.toolbox.KerberosToolboxSpi;
@@ -29,5 +38,24 @@
         KerberosToolboxSpi kerberosToolBoxSpi = KerberosUtils
                 .getKerberosToolbox("TESTKDCNAME");
         assertTrue(kerberosToolBoxSpi instanceof KerberosToolboxImpl);
+    }
+
+    public void testGetTGT_fromContext() throws Exception {
+        final KerberosPrincipal clientPrincipal = new KerberosPrincipal(
+                "leo@EXAMPLE.COM");
+        final KerberosPrincipal serverPrincipal = new KerberosPrincipal(
+                "krbtgt/EXAMPLE.COM@EXAMPLE.COM");
+        KerberosTicket tgt = new KerberosTicket(new byte[0], clientPrincipal,
+                serverPrincipal, new byte[0], 1, new boolean[0],
+                new Date(1000), null, new Date(new Date().getTime() + 1000), null, null);
       
+        Subject subject = new Subject();
+        subject.getPrivateCredentials().add(tgt);
+        KerberosTicket tgtFromContext = (KerberosTicket) Subject.doAs(subject, new PrivilegedAction<KerberosTicket>(){
+            public KerberosTicket run(){
+                return KerberosUtils.getTGT(clientPrincipal);
+            }
+        });
+        assertNotNull(tgtFromContext);
+        assertEquals(tgt, tgtFromContext);
     }
 }



Mime
View raw message