directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From plusplusjia...@apache.org
Subject directory-kerby git commit: DIRKRB-715 Store the TGT in credential cache.
Date Fri, 18 May 2018 05:12:17 GMT
Repository: directory-kerby
Updated Branches:
  refs/heads/trunk 6cb25114d -> ff6f17e13


DIRKRB-715 Store the TGT in credential cache.


Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/ff6f17e1
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/ff6f17e1
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/ff6f17e1

Branch: refs/heads/trunk
Commit: ff6f17e13738b053165673fd09e3c51121d50aff
Parents: 6cb2511
Author: plusplusjiajia <jiajia.li@intel.com>
Authored: Fri May 18 13:11:55 2018 +0800
Committer: plusplusjiajia <jiajia.li@intel.com>
Committed: Fri May 18 13:11:55 2018 +0800

----------------------------------------------------------------------
 .../org/apache/kerby/has/client/HasClient.java  | 76 ++++++++++++++++++++
 kerby-dist/has-dist/pom.xml                     |  5 ++
 2 files changed, 81 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ff6f17e1/has-project/has-client/src/main/java/org/apache/kerby/has/client/HasClient.java
----------------------------------------------------------------------
diff --git a/has-project/has-client/src/main/java/org/apache/kerby/has/client/HasClient.java
b/has-project/has-client/src/main/java/org/apache/kerby/has/client/HasClient.java
index bfef56a..5338fb3 100755
--- a/has-project/has-client/src/main/java/org/apache/kerby/has/client/HasClient.java
+++ b/has-project/has-client/src/main/java/org/apache/kerby/has/client/HasClient.java
@@ -29,6 +29,7 @@ import org.apache.kerby.has.common.util.URLConnectionFactory;
 import org.apache.kerby.kerberos.kerb.KrbCodec;
 import org.apache.kerby.kerberos.kerb.KrbException;
 import org.apache.kerby.kerberos.kerb.KrbRuntime;
+import org.apache.kerby.kerberos.kerb.ccache.CredentialCache;
 import org.apache.kerby.kerberos.kerb.crypto.EncryptionHandler;
 import org.apache.kerby.kerberos.kerb.provider.TokenEncoder;
 import org.apache.kerby.kerberos.kerb.type.base.AuthToken;
@@ -44,6 +45,7 @@ import org.apache.kerby.kerberos.kerb.type.kdc.EncKdcRepPart;
 import org.apache.kerby.kerberos.kerb.type.kdc.KdcRep;
 import org.apache.kerby.kerberos.kerb.type.ticket.TgtTicket;
 import org.apache.kerby.util.IOUtil;
+import org.apache.kerby.util.SysUtil;
 import org.codehaus.jettison.json.JSONException;
 import org.codehaus.jettison.json.JSONObject;
 import org.slf4j.Logger;
@@ -440,10 +442,84 @@ public class HasClient {
 
         TgtTicket tgtTicket = getTicket(kdcRep);
         LOG.debug("Ticket expire time: " + tgtTicket.getEncKdcRepPart().getEndTime());
+
+        storeTgtTicket(tgtTicket);
+
         return tgtTicket;
 
     }
 
+    private void storeTgtTicket(TgtTicket tgtTicket) throws HasException {
+        String ccacheName = getCcacheName();
+        File ccacheFile = new File(ccacheName);
+        LOG.info("Storing the tgt to the credential cache file.");
+        if (!ccacheFile.exists()) {
+            createCacheFile(ccacheFile);
+        }
+        if (ccacheFile.exists() && ccacheFile.canWrite()) {
+            CredentialCache cCache = new CredentialCache(tgtTicket);
+            try {
+                cCache.store(ccacheFile);
+            } catch (IOException e) {
+                throw new HasException("Failed to store tgt", e);
+            }
+        } else {
+            throw new IllegalArgumentException("Invalid ccache file, "
+                    + "not exist or writable: " + ccacheFile.getAbsolutePath());
+        }
+    }
+
+    /**
+     * Create the specified credential cache file.
+     */
+    private void createCacheFile(File ccacheFile) throws HasException {
+        try {
+            if (!ccacheFile.createNewFile()) {
+                throw new HasException("Failed to create ccache file "
+                        + ccacheFile.getAbsolutePath());
+            }
+            // sets read-write permissions to owner only
+            ccacheFile.setReadable(true, true);
+            if (!ccacheFile.setWritable(true, true)) {
+                throw new HasException("Cache file is not readable.");
+            }
+        } catch (IOException e) {
+            throw new HasException("Failed to create ccache file "
+                    + ccacheFile.getAbsolutePath(), e);
+        }
+    }
+
+    /**
+     * Get credential cache file name.
+     */
+    private String getCcacheName() {
+        final String ccacheNameEnv = System.getenv("KRB5CCNAME");
+        String ccacheName;
+        if (ccacheNameEnv != null) {
+            ccacheName = ccacheNameEnv;
+        } else {
+            StringBuilder uid = new StringBuilder();
+            try {
+                //Get UID through "id -u" command
+                String command = "id -u";
+                Process child = Runtime.getRuntime().exec(command);
+                InputStream in = child.getInputStream();
+                int c;
+                while ((c = in.read()) != -1) {
+                    uid.append((char) c);
+                }
+                in.close();
+            } catch (IOException e) {
+                System.err.println("Failed to get UID.");
+                System.exit(1);
+            }
+            ccacheName = "krb5cc_" + uid.toString().trim();
+            ccacheName = SysUtil.getTempDir().toString() + "/" + ccacheName;
+        }
+
+        return ccacheName;
+    }
+
     protected byte[] decryptWithClientKey(EncryptedData data,
                                           KeyUsage usage,
                                           EncryptionKey clientKey) throws HasException {

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ff6f17e1/kerby-dist/has-dist/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-dist/has-dist/pom.xml b/kerby-dist/has-dist/pom.xml
index 45adae6..f51b31d 100644
--- a/kerby-dist/has-dist/pom.xml
+++ b/kerby-dist/has-dist/pom.xml
@@ -21,6 +21,11 @@
     </dependency>
     <dependency>
       <groupId>org.apache.kerby</groupId>
+      <artifactId>has-plugins</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.kerby</groupId>
       <artifactId>has-tool</artifactId>
       <version>${project.version}</version>
     </dependency>


Mime
View raw message