From commits-return-48656-apmail-directory-commits-archive=directory.apache.org@directory.apache.org Tue Sep 5 02:02:09 2017 Return-Path: X-Original-To: apmail-directory-commits-archive@www.apache.org Delivered-To: apmail-directory-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 658CD1ADBB for ; Tue, 5 Sep 2017 02:02:09 +0000 (UTC) Received: (qmail 66296 invoked by uid 500); 5 Sep 2017 02:02:09 -0000 Delivered-To: apmail-directory-commits-archive@directory.apache.org Received: (qmail 66165 invoked by uid 500); 5 Sep 2017 02:02:09 -0000 Mailing-List: contact commits-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@directory.apache.org Delivered-To: mailing list commits@directory.apache.org Received: (qmail 66147 invoked by uid 99); 5 Sep 2017 02:02:08 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 05 Sep 2017 02:02:08 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 9256EE053D; Tue, 5 Sep 2017 02:02:07 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: plusplusjiajia@apache.org To: commits@directory.apache.org Date: Tue, 05 Sep 2017 02:02:07 -0000 Message-Id: <403cc5376d084ae6b87829bb7b461b24@git.apache.org> In-Reply-To: References: X-Mailer: ASF-Git Admin Mailer Subject: [2/2] directory-kerby git commit: DIRKRB-647 - Compilation error with java7 in gss module DIRKRB-647 - Compilation error with java7 in gss module Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/c4c43ced Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/c4c43ced Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/c4c43ced Branch: refs/heads/cross-realm Commit: c4c43ced6e7cad8e3e1f900a3281bf0e65721ff2 Parents: ea9f606 Author: Colm O hEigeartaigh Authored: Wed Aug 30 10:16:47 2017 +0100 Committer: Colm O hEigeartaigh Committed: Wed Aug 30 10:16:47 2017 +0100 ---------------------------------------------------------------------- .../kerb/integration/test/KerbyGssAppTest.java | 10 ++++++++ .../kerby/kerberos/kerb/gss/impl/CredUtils.java | 27 ++++++++++++++++---- .../kerberos/kerb/gss/impl/GssAcceptCred.java | 20 +++++++++++++-- 3 files changed, 50 insertions(+), 7 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/c4c43ced/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/KerbyGssAppTest.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/KerbyGssAppTest.java b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/KerbyGssAppTest.java index b6f4e43..7488d51 100644 --- a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/KerbyGssAppTest.java +++ b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/KerbyGssAppTest.java @@ -21,6 +21,7 @@ package org.apache.kerby.kerberos.kerb.integration.test; import org.apache.kerby.kerberos.kerb.gss.KerbyGssProvider; import org.junit.Before; +import org.junit.Test; import java.security.Provider; @@ -34,4 +35,13 @@ public class KerbyGssAppTest extends GssAppTest { super.setUp(); } + @Test + public void testServerWithoutInitialCredential() throws Exception { + String version = System.getProperty("java.version"); + // See DIRKRB-647 + if (!version.startsWith("1.7")) { + super.testServerWithoutInitialCredential(); + } + } + } http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/c4c43ced/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gss/impl/CredUtils.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gss/impl/CredUtils.java b/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gss/impl/CredUtils.java index eded06d..9433bf5 100644 --- a/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gss/impl/CredUtils.java +++ b/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gss/impl/CredUtils.java @@ -1,10 +1,16 @@ package org.apache.kerby.kerberos.kerb.gss.impl; import org.ietf.jgss.GSSException; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + import sun.security.jgss.GSSCaller; import javax.security.auth.Subject; import javax.security.auth.kerberos.*; + +import java.lang.reflect.InvocationTargetException; +import java.lang.reflect.Method; import java.security.AccessControlContext; import java.security.AccessController; import java.security.PrivilegedActionException; @@ -16,6 +22,8 @@ import java.util.Set; */ public class CredUtils { + private static final Logger LOG = LoggerFactory.getLogger(CredUtils.class); + public static Set getContextPrivateCredentials(Class credentialType, AccessControlContext acc) { Subject subject = Subject.getSubject(acc); Set creds = subject.getPrivateCredentials(credentialType); @@ -58,15 +66,24 @@ public class CredUtils { public static KeyTab getKeyTabFromContext(KerberosPrincipal principal) throws GSSException { Set tabs = getContextCredentials(KeyTab.class); for (KeyTab tab : tabs) { - // Use the supplied principal, fall back to the principal of the KeyTab if none is supplied + // Use the supplied principal KerberosPrincipal princ = principal; if (princ == null) { - princ = tab.getPrincipal(); + // fall back to the principal of the KeyTab (if JDK 1.8) if none is supplied + try { + Method m = tab.getClass().getDeclaredMethod("getPrincipal"); + princ = (KerberosPrincipal) m.invoke(tab); + } catch (NoSuchMethodException | SecurityException | IllegalAccessException + | IllegalArgumentException | InvocationTargetException e) { + LOG.info("Can't get a principal from the keytab", e); + } } - KerberosKey[] keys = tab.getKeys(princ); - if (keys != null && keys.length > 0) { - return tab; + if (princ != null) { + KerberosKey[] keys = tab.getKeys(princ); + if (keys != null && keys.length > 0) { + return tab; + } } } return null; http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/c4c43ced/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gss/impl/GssAcceptCred.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gss/impl/GssAcceptCred.java b/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gss/impl/GssAcceptCred.java index de198d8..5d1b88e 100644 --- a/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gss/impl/GssAcceptCred.java +++ b/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gss/impl/GssAcceptCred.java @@ -23,16 +23,23 @@ package org.apache.kerby.kerberos.kerb.gss.impl; import org.apache.kerby.kerberos.kerb.type.base.EncryptionKey; import org.ietf.jgss.GSSException; import org.ietf.jgss.GSSName; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import sun.security.jgss.GSSCaller; import javax.security.auth.kerberos.KerberosKey; import javax.security.auth.kerberos.KerberosPrincipal; import javax.security.auth.kerberos.KeyTab; + +import java.lang.reflect.InvocationTargetException; +import java.lang.reflect.Method; import java.util.Set; public final class GssAcceptCred extends GssCredElement { + private static final Logger LOG = LoggerFactory.getLogger(GssAcceptCred.class); + private final KeyTab keyTab; private final Set kerberosKeySet; @@ -61,8 +68,17 @@ public final class GssAcceptCred extends GssCredElement { if (name == null) { if (keyTab != null) { - name = GssNameElement.getInstance(keyTab.getPrincipal().getName(), - GSSName.NT_HOSTBASED_SERVICE); + try { + Method m = keyTab.getClass().getDeclaredMethod("getPrincipal"); + KerberosPrincipal princ = (KerberosPrincipal) m.invoke(keyTab); + name = GssNameElement.getInstance(princ.getName(), + GSSName.NT_HOSTBASED_SERVICE); + } catch (NoSuchMethodException | SecurityException | IllegalAccessException + | IllegalArgumentException | InvocationTargetException e) { + String error = "Can't get a principal from the keytab"; + LOG.info(error, e); + throw new GSSException(GSSException.NO_CRED, -1, error); + } } else { name = GssNameElement.getInstance( kerberosKeySet.iterator().next().getPrincipal().getName(),