directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [3/3] directory-kerby git commit: Adding signature tests
Date Wed, 05 Jul 2017 15:27:48 GMT
Adding signature tests


Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/0e3234bc
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/0e3234bc
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/0e3234bc

Branch: refs/heads/trunk
Commit: 0e3234bca25e4a607dca507b9d9e0387e475794d
Parents: 7c89f0a
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Wed Jul 5 16:27:38 2017 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Wed Jul 5 16:27:38 2017 +0100

----------------------------------------------------------------------
 .../kerb/integration/test/JWTTokenTest.java     | 88 +++++++++++++++++---
 1 file changed, 75 insertions(+), 13 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/0e3234bc/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/JWTTokenTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/JWTTokenTest.java
b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/JWTTokenTest.java
index 04ba1d0..aeb0ced 100644
--- a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/JWTTokenTest.java
+++ b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/JWTTokenTest.java
@@ -24,6 +24,8 @@ import static org.junit.Assert.*;
 import java.io.File;
 import java.io.InputStream;
 import java.nio.file.Files;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
 import java.security.PrivateKey;
 import java.security.interfaces.RSAPrivateKey;
 import java.util.Collections;
@@ -89,7 +91,10 @@ public class JWTTokenTest extends TokenLoginTestBase {
         authToken.isIdToken(false);
         authToken.setAudiences(Collections.singletonList(getServerPrincipal()));
         KrbToken krbToken = new KrbToken(authToken, TokenFormat.JWT);
-        krbToken.setTokenValue(signToken(authToken, getSignKeyFile()));
+
+        InputStream is = Files.newInputStream(getSignKeyFile().toPath());
+        PrivateKey signKey = PrivateKeyReader.loadPrivateKey(is);
+        krbToken.setTokenValue(signToken(authToken, signKey));
 
         // Now get a SGT using the JWT
         SgtTicket tkt = tokenClient.requestSgt(krbToken, getServerPrincipal(), cCacheFile.getPath());
@@ -148,7 +153,10 @@ public class JWTTokenTest extends TokenLoginTestBase {
         authToken.isIdToken(false);
         authToken.setAudiences(Collections.singletonList(getServerPrincipal() + "_"));
         KrbToken krbToken = new KrbToken(authToken, TokenFormat.JWT);
-        krbToken.setTokenValue(signToken(authToken, getSignKeyFile()));
+
+        InputStream is = Files.newInputStream(getSignKeyFile().toPath());
+        PrivateKey signKey = PrivateKeyReader.loadPrivateKey(is);
+        krbToken.setTokenValue(signToken(authToken, signKey));
 
         // Now get a SGT using the JWT
         try {
@@ -162,7 +170,6 @@ public class JWTTokenTest extends TokenLoginTestBase {
     }
 
     @org.junit.Test
-    @org.junit.Ignore
     public void accessTokenInvalidSignature() throws Exception {
 
         KrbClient client = getKrbClient();
@@ -194,8 +201,9 @@ public class JWTTokenTest extends TokenLoginTestBase {
         authToken.isIdToken(false);
         authToken.setAudiences(Collections.singletonList(getServerPrincipal()));
         KrbToken krbToken = new KrbToken(authToken, TokenFormat.JWT);
-        File signKeyFile = new File(this.getClass().getResource("/kdckeytest.pem").getPath());
-        krbToken.setTokenValue(signToken(authToken, signKeyFile));
+
+        KeyPair keyPair = KeyPairGenerator.getInstance("RSA").generateKeyPair();
+        krbToken.setTokenValue(signToken(authToken, keyPair.getPrivate()));
 
         // Now get a SGT using the JWT
         try {
@@ -241,7 +249,10 @@ public class JWTTokenTest extends TokenLoginTestBase {
         authToken.setAudiences(Collections.singletonList(getServerPrincipal()));
         authToken.setIssuer("unknown-issuer");
         KrbToken krbToken = new KrbToken(authToken, TokenFormat.JWT);
-        krbToken.setTokenValue(signToken(authToken, getSignKeyFile()));
+
+        InputStream is = Files.newInputStream(getSignKeyFile().toPath());
+        PrivateKey signKey = PrivateKeyReader.loadPrivateKey(is);
+        krbToken.setTokenValue(signToken(authToken, signKey));
 
         // Now get a SGT using the JWT
         try {
@@ -283,7 +294,10 @@ public class JWTTokenTest extends TokenLoginTestBase {
         // Create a JWT token
         AuthToken authToken = issueToken(getClientPrincipal());
         KrbToken krbToken = new KrbToken(authToken, TokenFormat.JWT);
-        krbToken.setTokenValue(signToken(authToken, getSignKeyFile()));
+
+        InputStream is = Files.newInputStream(getSignKeyFile().toPath());
+        PrivateKey signKey = PrivateKeyReader.loadPrivateKey(is);
+        krbToken.setTokenValue(signToken(authToken, signKey));
 
         // Now get a TGT using the JWT token
         tgt = tokenClient.requestTgt(krbToken, cCacheFile.getPath());
@@ -338,7 +352,10 @@ public class JWTTokenTest extends TokenLoginTestBase {
         AuthToken authToken = issueToken(getClientPrincipal());
         authToken.setAudiences(Collections.singletonList(authToken.getAudiences().get(0)
+ "_"));
         KrbToken krbToken = new KrbToken(authToken, TokenFormat.JWT);
-        krbToken.setTokenValue(signToken(authToken, getSignKeyFile()));
+
+        InputStream is = Files.newInputStream(getSignKeyFile().toPath());
+        PrivateKey signKey = PrivateKeyReader.loadPrivateKey(is);
+        krbToken.setTokenValue(signToken(authToken, signKey));
 
         // Now get a TGT using the JWT token
         try {
@@ -352,6 +369,51 @@ public class JWTTokenTest extends TokenLoginTestBase {
     }
 
     @org.junit.Test
+    public void identityTokenInvalidSignature() throws Exception {
+
+        KrbClient client = getKrbClient();
+
+        // Get a TGT
+        TgtTicket tgt = client.requestTgt(getClientPrincipal(), getClientPassword());
+        assertNotNull(tgt);
+
+        // Write to cache
+        Credential credential = new Credential(tgt);
+        CredentialCache cCache = new CredentialCache();
+        cCache.addCredential(credential);
+        cCache.setPrimaryPrincipal(tgt.getClientPrincipal());
+
+        File cCacheFile = File.createTempFile("krb5_" + getClientPrincipal(), "cc");
+        cCache.store(cCacheFile);
+
+        KrbTokenClient tokenClient = new KrbTokenClient(client);
+
+        tokenClient.setKdcHost(client.getSetting().getKdcHost());
+        tokenClient.setKdcTcpPort(client.getSetting().getKdcTcpPort());
+
+        tokenClient.setKdcRealm(client.getSetting().getKdcRealm());
+        tokenClient.init();
+
+        // Create a JWT token
+        AuthToken authToken = issueToken(getClientPrincipal());
+        authToken.setAudiences(Collections.singletonList(authToken.getAudiences().get(0)
+ "_"));
+        KrbToken krbToken = new KrbToken(authToken, TokenFormat.JWT);
+
+        KeyPair keyPair = KeyPairGenerator.getInstance("RSA").generateKeyPair();
+        krbToken.setTokenValue(signToken(authToken, keyPair.getPrivate()));
+
+        // Now get a TGT using the JWT token
+        try {
+            tokenClient.requestTgt(krbToken, cCacheFile.getPath());
+            fail("Failure expected on an invalid signature");
+        } catch (KrbException ex) { //NOPMD
+            // expected
+        }
+
+        cCacheFile.delete();
+    }
+
+    @org.junit.Test
     public void identityTokenUnknownIssuer() throws Exception {
 
         KrbClient client = getKrbClient();
@@ -381,7 +443,10 @@ public class JWTTokenTest extends TokenLoginTestBase {
         AuthToken authToken = issueToken(getClientPrincipal());
         authToken.setIssuer("unknown-issuer");
         KrbToken krbToken = new KrbToken(authToken, TokenFormat.JWT);
-        krbToken.setTokenValue(signToken(authToken, getSignKeyFile()));
+
+        InputStream is = Files.newInputStream(getSignKeyFile().toPath());
+        PrivateKey signKey = PrivateKeyReader.loadPrivateKey(is);
+        krbToken.setTokenValue(signToken(authToken, signKey));
 
         // Now get a TGT using the JWT token
         try {
@@ -394,13 +459,10 @@ public class JWTTokenTest extends TokenLoginTestBase {
         cCacheFile.delete();
     }
 
-    private byte[] signToken(AuthToken authToken, File signKeyFile) throws Exception {
+    private byte[] signToken(AuthToken authToken, PrivateKey signKey) throws Exception {
         TokenEncoder tokenEncoder = KrbRuntime.getTokenProvider().createTokenEncoder();
         assertTrue(tokenEncoder instanceof JwtTokenEncoder);
 
-        InputStream is = Files.newInputStream(signKeyFile.toPath());
-        PrivateKey signKey = PrivateKeyReader.loadPrivateKey(is);
-
         ((JwtTokenEncoder) tokenEncoder).setSignKey((RSAPrivateKey) signKey);
         return tokenEncoder.encodeAsBytes(authToken);
     }


Mime
View raw message