From c2798a0d0e0476af4d30ded46182486d62f7b5d5 Mon Sep 17 00:00:00 2001 From: Yogesh Gaikwad Date: Wed, 18 Jul 2018 09:24:45 +1000 Subject: [PATCH 1/2] [Kerberos] Refactoring and remove configs with defaults This commit does some refactoring to remove support package and move class KerberosTicketValidator to kerberos package. That was the only class in that package, so no need for it to be in separate package. Changes done to use default values for jaas configuration options for the ones which we can use defaults. Fix couple of random failures in tests. Modified `refreshKrb5Config` to use default value `false` in KerberosTicketValidator. If the krb5.conf file is modified then we will need to restart JVM as the config will not be refreshed. For testing, `refreshKrb5Config` is set to `true` as we keep changing the kdc port. This is set in SpnegoClient and only for tests. --- .../authc/kerberos/KerberosRealm.java | 1 - .../KerberosTicketValidator.java | 6 ++---- .../KerberosRealmAuthenticateFailedTests.java | 15 +++++++-------- .../authc/kerberos/KerberosRealmTestCase.java | 4 +--- .../KerberosTicketValidatorTests.java | 5 ++++- .../SimpleKdcLdapServerTests.java | 5 ++++- .../kerberos/support/KerberosTestCase.java | 1 + .../authc/kerberos/support/SpnegoClient.java | 19 +++++++++---------- ...SpnegoHttpClientConfigCallbackHandler.java | 2 -- 9 files changed, 28 insertions(+), 30 deletions(-) rename x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/kerberos/{support => }/KerberosTicketValidator.java (97%) rename x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/{support => }/KerberosTicketValidatorTests.java (95%) rename x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/{support => }/SimpleKdcLdapServerTests.java (92%) diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/kerberos/KerberosRealm.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/kerberos/KerberosRealm.java index 20c5d21c192ab..b4a8b6aabf076 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/kerberos/KerberosRealm.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/kerberos/KerberosRealm.java @@ -20,7 +20,6 @@ import org.elasticsearch.xpack.core.security.authc.RealmConfig; import org.elasticsearch.xpack.core.security.authc.kerberos.KerberosRealmSettings; import org.elasticsearch.xpack.core.security.user.User; -import org.elasticsearch.xpack.security.authc.kerberos.support.KerberosTicketValidator; import org.elasticsearch.xpack.security.authc.support.CachingRealm; import org.elasticsearch.xpack.security.authc.support.UserRoleMapper; import org.elasticsearch.xpack.security.authc.support.mapper.NativeRoleMappingStore; diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/kerberos/support/KerberosTicketValidator.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/kerberos/KerberosTicketValidator.java similarity index 97% rename from x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/kerberos/support/KerberosTicketValidator.java rename to x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/kerberos/KerberosTicketValidator.java index 3e837bd6377eb..64fe47268c337 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/kerberos/support/KerberosTicketValidator.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/kerberos/KerberosTicketValidator.java @@ -4,7 +4,7 @@ * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.security.authc.kerberos.support; +package org.elasticsearch.xpack.security.authc.kerberos; import org.apache.logging.log4j.Logger; import org.elasticsearch.ExceptionsHelper; @@ -41,7 +41,7 @@ * It may respond with token which needs to be communicated with the peer. */ public class KerberosTicketValidator { - static final Oid SPNEGO_OID = getSpnegoOid(); + public static final Oid SPNEGO_OID = getSpnegoOid(); private static Oid getSpnegoOid() { Oid oid = null; @@ -262,8 +262,6 @@ public AppConfigurationEntry[] getAppConfigurationEntry(final String name) { options.put("useKeyTab", Boolean.TRUE.toString()); options.put("storeKey", Boolean.TRUE.toString()); options.put("doNotPrompt", Boolean.TRUE.toString()); - options.put("renewTGT", Boolean.FALSE.toString()); - options.put("refreshKrb5Config", Boolean.TRUE.toString()); options.put("isInitiator", Boolean.FALSE.toString()); options.put("debug", Boolean.toString(krbDebug)); diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/KerberosRealmAuthenticateFailedTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/KerberosRealmAuthenticateFailedTests.java index 7853e18a01b87..5bc239241cf11 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/KerberosRealmAuthenticateFailedTests.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/KerberosRealmAuthenticateFailedTests.java @@ -67,18 +67,17 @@ public void testAuthenticateDifferentFailureScenarios() throws LoginException, G final boolean nullKerberosAuthnToken = rarely(); final KerberosAuthenticationToken kerberosAuthenticationToken = nullKerberosAuthnToken ? null : new KerberosAuthenticationToken(decodedTicket); - - final PlainActionFuture future = new PlainActionFuture<>(); - kerberosRealm.authenticate(kerberosAuthenticationToken, future); - AuthenticationResult result = future.actionGet(); - assertThat(result, is(notNullValue())); if (nullKerberosAuthnToken) { - assertThat(result.getStatus(), is(equalTo(AuthenticationResult.Status.CONTINUE))); + expectThrows(AssertionError.class, + () -> kerberosRealm.authenticate(kerberosAuthenticationToken, PlainActionFuture.newFuture())); } else { + final PlainActionFuture future = new PlainActionFuture<>(); + kerberosRealm.authenticate(kerberosAuthenticationToken, future); + AuthenticationResult result = future.actionGet(); + assertThat(result, is(notNullValue())); if (validTicket) { final String expectedUsername = maybeRemoveRealmName(username); - final User expectedUser = new User(expectedUsername, roles.toArray(new String[roles.size()]), null, null, null, - true); + final User expectedUser = new User(expectedUsername, roles.toArray(new String[roles.size()]), null, null, null, true); assertSuccessAuthenticationResult(expectedUser, outToken, result); } else { assertThat(result.getStatus(), is(equalTo(AuthenticationResult.Status.TERMINATE))); diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/KerberosRealmTestCase.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/KerberosRealmTestCase.java index 1a0ab149035c6..ba91a1a334f95 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/KerberosRealmTestCase.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/KerberosRealmTestCase.java @@ -6,13 +6,12 @@ package org.elasticsearch.xpack.security.authc.kerberos; -import com.google.common.collect.Sets; - import org.elasticsearch.action.ActionListener; import org.elasticsearch.client.Client; import org.elasticsearch.common.collect.Tuple; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.util.concurrent.ThreadContext; +import org.elasticsearch.common.util.set.Sets; import org.elasticsearch.env.TestEnvironment; import org.elasticsearch.test.ESTestCase; import org.elasticsearch.threadpool.TestThreadPool; @@ -24,7 +23,6 @@ import org.elasticsearch.xpack.core.security.support.Exceptions; import org.elasticsearch.xpack.core.security.user.User; import org.elasticsearch.xpack.security.authc.kerberos.support.KerberosTestCase; -import org.elasticsearch.xpack.security.authc.kerberos.support.KerberosTicketValidator; import org.elasticsearch.xpack.security.authc.support.UserRoleMapper; import org.elasticsearch.xpack.security.authc.support.mapper.NativeRoleMappingStore; import org.elasticsearch.xpack.security.support.SecurityIndexManager; diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/support/KerberosTicketValidatorTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/KerberosTicketValidatorTests.java similarity index 95% rename from x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/support/KerberosTicketValidatorTests.java rename to x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/KerberosTicketValidatorTests.java index 16690ec3cc304..1593d98d03c40 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/support/KerberosTicketValidatorTests.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/KerberosTicketValidatorTests.java @@ -4,7 +4,7 @@ * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.security.authc.kerberos.support; +package org.elasticsearch.xpack.security.authc.kerberos; import org.elasticsearch.action.support.PlainActionFuture; import org.elasticsearch.common.collect.Tuple; @@ -13,6 +13,9 @@ import org.elasticsearch.env.Environment; import org.elasticsearch.env.TestEnvironment; import org.elasticsearch.xpack.core.security.authc.kerberos.KerberosRealmSettings; +import org.elasticsearch.xpack.security.authc.kerberos.KerberosTicketValidator; +import org.elasticsearch.xpack.security.authc.kerberos.support.KerberosTestCase; +import org.elasticsearch.xpack.security.authc.kerberos.support.SpnegoClient; import org.ietf.jgss.GSSException; import java.io.IOException; diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/support/SimpleKdcLdapServerTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/SimpleKdcLdapServerTests.java similarity index 92% rename from x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/support/SimpleKdcLdapServerTests.java rename to x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/SimpleKdcLdapServerTests.java index 4fce1d1debb48..4255a520e23b4 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/support/SimpleKdcLdapServerTests.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/SimpleKdcLdapServerTests.java @@ -4,7 +4,7 @@ * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.security.authc.kerberos.support; +package org.elasticsearch.xpack.security.authc.kerberos; import com.unboundid.ldap.sdk.LDAPConnection; import com.unboundid.ldap.sdk.SearchResult; @@ -17,6 +17,9 @@ import org.elasticsearch.env.TestEnvironment; import org.elasticsearch.xpack.core.security.authc.kerberos.KerberosRealmSettings; import org.elasticsearch.xpack.security.authc.kerberos.KerberosAuthenticationToken; +import org.elasticsearch.xpack.security.authc.kerberos.KerberosTicketValidator; +import org.elasticsearch.xpack.security.authc.kerberos.support.KerberosTestCase; +import org.elasticsearch.xpack.security.authc.kerberos.support.SpnegoClient; import org.elasticsearch.xpack.security.authc.ldap.support.LdapUtils; import org.ietf.jgss.GSSException; diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/support/KerberosTestCase.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/support/KerberosTestCase.java index 4e7b34a9e8b3e..a59f2463a7ca5 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/support/KerberosTestCase.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/support/KerberosTestCase.java @@ -69,6 +69,7 @@ public abstract class KerberosTestCase extends ESTestCase { unsupportedLocaleLanguages.add("hi"); unsupportedLocaleLanguages.add("uz"); unsupportedLocaleLanguages.add("fa"); + unsupportedLocaleLanguages.add("ks"); } @BeforeClass diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/support/SpnegoClient.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/support/SpnegoClient.java index 527953f8b2d46..8e8c490a77bd3 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/support/SpnegoClient.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/support/SpnegoClient.java @@ -12,6 +12,7 @@ import org.elasticsearch.common.logging.ESLoggerFactory; import org.elasticsearch.common.settings.SecureString; import org.elasticsearch.common.settings.Settings; +import org.elasticsearch.xpack.security.authc.kerberos.KerberosTicketValidator; import org.ietf.jgss.GSSContext; import org.ietf.jgss.GSSCredential; import org.ietf.jgss.GSSException; @@ -49,7 +50,7 @@ * Use {@link #close()} to release and dispose {@link LoginContext} and * {@link GSSContext} after usage. */ -class SpnegoClient implements AutoCloseable { +public class SpnegoClient implements AutoCloseable { private static final Logger LOGGER = ESLoggerFactory.getLogger(SpnegoClient.class); public static final String CRED_CONF_NAME = "PasswordConf"; @@ -69,7 +70,7 @@ class SpnegoClient implements AutoCloseable { * @throws PrivilegedActionException * @throws GSSException */ - SpnegoClient(final String userPrincipalName, final SecureString password, final String servicePrincipalName) + public SpnegoClient(final String userPrincipalName, final SecureString password, final String servicePrincipalName) throws PrivilegedActionException, GSSException { String oldUseSubjectCredsOnlyFlag = null; try { @@ -100,7 +101,7 @@ class SpnegoClient implements AutoCloseable { * @return Base64 encoded token * @throws PrivilegedActionException */ - String getBase64EncodedTokenForSpnegoHeader() throws PrivilegedActionException { + public String getBase64EncodedTokenForSpnegoHeader() throws PrivilegedActionException { final byte[] outToken = KerberosTestCase.doAsWrapper(loginContext.getSubject(), (PrivilegedExceptionAction) () -> gssContext.initSecContext(new byte[0], 0, 0)); return Base64.getEncoder().encodeToString(outToken); @@ -115,7 +116,7 @@ String getBase64EncodedTokenForSpnegoHeader() throws PrivilegedActionException { * nothing to be sent. * @throws PrivilegedActionException */ - String handleResponse(final String base64Token) throws PrivilegedActionException { + public String handleResponse(final String base64Token) throws PrivilegedActionException { if (gssContext.isEstablished()) { throw new IllegalStateException("GSS Context has already been established"); } @@ -148,9 +149,9 @@ public void close() throws LoginException, GSSException, PrivilegedActionExcepti } /** - * @return {@code true} If the context was established + * @return {@code true} If the gss security context was established */ - boolean isEstablished() { + public boolean isEstablished() { return gssContext.isEstablished(); } @@ -196,12 +197,10 @@ public AppConfigurationEntry[] getAppConfigurationEntry(final String name) { final Map options = new HashMap<>(); options.put("principal", principal); options.put("storeKey", Boolean.TRUE.toString()); - options.put("useTicketCache", Boolean.FALSE.toString()); - options.put("useKeyTab", Boolean.FALSE.toString()); - options.put("renewTGT", Boolean.FALSE.toString()); - options.put("refreshKrb5Config", Boolean.TRUE.toString()); options.put("isInitiator", Boolean.TRUE.toString()); options.put("debug", Boolean.TRUE.toString()); + // Refresh Krb5 config during tests as the port keeps changing for kdc server + options.put("refreshKrb5Config", Boolean.TRUE.toString()); return new AppConfigurationEntry[] { new AppConfigurationEntry(SUN_KRB5_LOGIN_MODULE, AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, Collections.unmodifiableMap(options)) }; diff --git a/x-pack/qa/kerberos-tests/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/SpnegoHttpClientConfigCallbackHandler.java b/x-pack/qa/kerberos-tests/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/SpnegoHttpClientConfigCallbackHandler.java index a9a76b71c8535..e5768d8f2e944 100644 --- a/x-pack/qa/kerberos-tests/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/SpnegoHttpClientConfigCallbackHandler.java +++ b/x-pack/qa/kerberos-tests/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/SpnegoHttpClientConfigCallbackHandler.java @@ -304,10 +304,8 @@ private abstract static class AbstractJaasConf extends Configuration { public AppConfigurationEntry[] getAppConfigurationEntry(final String name) { final Map options = new HashMap<>(); options.put("principal", userPrincipalName); - options.put("refreshKrb5Config", Boolean.TRUE.toString()); options.put("isInitiator", Boolean.TRUE.toString()); options.put("storeKey", Boolean.TRUE.toString()); - options.put("renewTGT", Boolean.FALSE.toString()); options.put("debug", Boolean.toString(enableDebugLogs)); addOptions(options); return new AppConfigurationEntry[] { new AppConfigurationEntry(SUN_KRB5_LOGIN_MODULE, From 6cacbe8afbd93d6b510f8e682f5f3bb45164ac06 Mon Sep 17 00:00:00 2001 From: Yogesh Gaikwad Date: Thu, 19 Jul 2018 07:40:44 +1000 Subject: [PATCH 2/2] [Kerberos] Move classes from test support package. --- .../authc/kerberos/KerberosTicketValidator.java | 2 +- .../kerberos/KerberosRealmBootstrapCheckTests.java | 1 - .../authc/kerberos/KerberosRealmCacheTests.java | 1 - .../authc/kerberos/KerberosRealmSettingsTests.java | 1 - .../authc/kerberos/KerberosRealmTestCase.java | 1 - .../kerberos/{support => }/KerberosTestCase.java | 2 +- .../authc/kerberos/KerberosTicketValidatorTests.java | 2 -- .../kerberos/{support => }/SimpleKdcLdapServer.java | 2 +- .../authc/kerberos/SimpleKdcLdapServerTests.java | 2 -- .../authc/kerberos/{support => }/SpnegoClient.java | 12 ++++++------ 10 files changed, 9 insertions(+), 17 deletions(-) rename x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/{support => }/KerberosTestCase.java (99%) rename x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/{support => }/SimpleKdcLdapServer.java (99%) rename x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/{support => }/SpnegoClient.java (96%) diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/kerberos/KerberosTicketValidator.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/kerberos/KerberosTicketValidator.java index 64fe47268c337..689ba69f78254 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/kerberos/KerberosTicketValidator.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/kerberos/KerberosTicketValidator.java @@ -41,7 +41,7 @@ * It may respond with token which needs to be communicated with the peer. */ public class KerberosTicketValidator { - public static final Oid SPNEGO_OID = getSpnegoOid(); + static final Oid SPNEGO_OID = getSpnegoOid(); private static Oid getSpnegoOid() { Oid oid = null; diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/KerberosRealmBootstrapCheckTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/KerberosRealmBootstrapCheckTests.java index d2a40f0f6162f..b6e1df9ddbb79 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/KerberosRealmBootstrapCheckTests.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/KerberosRealmBootstrapCheckTests.java @@ -14,7 +14,6 @@ import org.elasticsearch.xpack.core.security.authc.RealmSettings; import org.elasticsearch.xpack.core.security.authc.kerberos.KerberosRealmSettings; import org.elasticsearch.xpack.core.security.authc.pki.PkiRealmSettings; -import org.elasticsearch.xpack.security.authc.kerberos.support.KerberosTestCase; import java.io.IOException; import java.nio.file.Path; diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/KerberosRealmCacheTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/KerberosRealmCacheTests.java index c6d114de93b24..69ebe15c5d74b 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/KerberosRealmCacheTests.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/KerberosRealmCacheTests.java @@ -12,7 +12,6 @@ import org.elasticsearch.xpack.core.security.authc.AuthenticationResult; import org.elasticsearch.xpack.core.security.authc.kerberos.KerberosRealmSettings; import org.elasticsearch.xpack.core.security.user.User; -import org.elasticsearch.xpack.security.authc.kerberos.support.KerberosTestCase; import org.elasticsearch.xpack.security.authc.support.UserRoleMapper.UserData; import org.ietf.jgss.GSSException; diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/KerberosRealmSettingsTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/KerberosRealmSettingsTests.java index c536566a73f60..2e47d03d49d06 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/KerberosRealmSettingsTests.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/KerberosRealmSettingsTests.java @@ -10,7 +10,6 @@ import org.elasticsearch.common.unit.TimeValue; import org.elasticsearch.test.ESTestCase; import org.elasticsearch.xpack.core.security.authc.kerberos.KerberosRealmSettings; -import org.elasticsearch.xpack.security.authc.kerberos.support.KerberosTestCase; import java.io.IOException; import java.nio.file.Files; diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/KerberosRealmTestCase.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/KerberosRealmTestCase.java index ba91a1a334f95..9c2c6484c82ab 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/KerberosRealmTestCase.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/KerberosRealmTestCase.java @@ -22,7 +22,6 @@ import org.elasticsearch.xpack.core.security.authc.kerberos.KerberosRealmSettings; import org.elasticsearch.xpack.core.security.support.Exceptions; import org.elasticsearch.xpack.core.security.user.User; -import org.elasticsearch.xpack.security.authc.kerberos.support.KerberosTestCase; import org.elasticsearch.xpack.security.authc.support.UserRoleMapper; import org.elasticsearch.xpack.security.authc.support.mapper.NativeRoleMappingStore; import org.elasticsearch.xpack.security.support.SecurityIndexManager; diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/support/KerberosTestCase.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/KerberosTestCase.java similarity index 99% rename from x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/support/KerberosTestCase.java rename to x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/KerberosTestCase.java index a59f2463a7ca5..891f400c7be60 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/support/KerberosTestCase.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/KerberosTestCase.java @@ -4,7 +4,7 @@ * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.security.authc.kerberos.support; +package org.elasticsearch.xpack.security.authc.kerberos; import org.apache.logging.log4j.Logger; import org.elasticsearch.ExceptionsHelper; diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/KerberosTicketValidatorTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/KerberosTicketValidatorTests.java index 1593d98d03c40..e12b9c5a692c6 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/KerberosTicketValidatorTests.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/KerberosTicketValidatorTests.java @@ -14,8 +14,6 @@ import org.elasticsearch.env.TestEnvironment; import org.elasticsearch.xpack.core.security.authc.kerberos.KerberosRealmSettings; import org.elasticsearch.xpack.security.authc.kerberos.KerberosTicketValidator; -import org.elasticsearch.xpack.security.authc.kerberos.support.KerberosTestCase; -import org.elasticsearch.xpack.security.authc.kerberos.support.SpnegoClient; import org.ietf.jgss.GSSException; import java.io.IOException; diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/support/SimpleKdcLdapServer.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/SimpleKdcLdapServer.java similarity index 99% rename from x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/support/SimpleKdcLdapServer.java rename to x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/SimpleKdcLdapServer.java index 02bc236b8ec3d..426cacb1a034c 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/support/SimpleKdcLdapServer.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/SimpleKdcLdapServer.java @@ -4,7 +4,7 @@ * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.security.authc.kerberos.support; +package org.elasticsearch.xpack.security.authc.kerberos; import com.unboundid.ldap.listener.InMemoryDirectoryServer; import com.unboundid.ldap.listener.InMemoryDirectoryServerConfig; diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/SimpleKdcLdapServerTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/SimpleKdcLdapServerTests.java index 4255a520e23b4..b1c75d957a7c8 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/SimpleKdcLdapServerTests.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/SimpleKdcLdapServerTests.java @@ -18,8 +18,6 @@ import org.elasticsearch.xpack.core.security.authc.kerberos.KerberosRealmSettings; import org.elasticsearch.xpack.security.authc.kerberos.KerberosAuthenticationToken; import org.elasticsearch.xpack.security.authc.kerberos.KerberosTicketValidator; -import org.elasticsearch.xpack.security.authc.kerberos.support.KerberosTestCase; -import org.elasticsearch.xpack.security.authc.kerberos.support.SpnegoClient; import org.elasticsearch.xpack.security.authc.ldap.support.LdapUtils; import org.ietf.jgss.GSSException; diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/support/SpnegoClient.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/SpnegoClient.java similarity index 96% rename from x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/support/SpnegoClient.java rename to x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/SpnegoClient.java index 8e8c490a77bd3..1f883b928bd97 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/support/SpnegoClient.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/SpnegoClient.java @@ -4,7 +4,7 @@ * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.security.authc.kerberos.support; +package org.elasticsearch.xpack.security.authc.kerberos; import org.apache.logging.log4j.Logger; import org.elasticsearch.ExceptionsHelper; @@ -50,7 +50,7 @@ * Use {@link #close()} to release and dispose {@link LoginContext} and * {@link GSSContext} after usage. */ -public class SpnegoClient implements AutoCloseable { +class SpnegoClient implements AutoCloseable { private static final Logger LOGGER = ESLoggerFactory.getLogger(SpnegoClient.class); public static final String CRED_CONF_NAME = "PasswordConf"; @@ -70,7 +70,7 @@ public class SpnegoClient implements AutoCloseable { * @throws PrivilegedActionException * @throws GSSException */ - public SpnegoClient(final String userPrincipalName, final SecureString password, final String servicePrincipalName) + SpnegoClient(final String userPrincipalName, final SecureString password, final String servicePrincipalName) throws PrivilegedActionException, GSSException { String oldUseSubjectCredsOnlyFlag = null; try { @@ -101,7 +101,7 @@ public SpnegoClient(final String userPrincipalName, final SecureString password, * @return Base64 encoded token * @throws PrivilegedActionException */ - public String getBase64EncodedTokenForSpnegoHeader() throws PrivilegedActionException { + String getBase64EncodedTokenForSpnegoHeader() throws PrivilegedActionException { final byte[] outToken = KerberosTestCase.doAsWrapper(loginContext.getSubject(), (PrivilegedExceptionAction) () -> gssContext.initSecContext(new byte[0], 0, 0)); return Base64.getEncoder().encodeToString(outToken); @@ -116,7 +116,7 @@ public String getBase64EncodedTokenForSpnegoHeader() throws PrivilegedActionExce * nothing to be sent. * @throws PrivilegedActionException */ - public String handleResponse(final String base64Token) throws PrivilegedActionException { + String handleResponse(final String base64Token) throws PrivilegedActionException { if (gssContext.isEstablished()) { throw new IllegalStateException("GSS Context has already been established"); } @@ -151,7 +151,7 @@ public void close() throws LoginException, GSSException, PrivilegedActionExcepti /** * @return {@code true} If the gss security context was established */ - public boolean isEstablished() { + boolean isEstablished() { return gssContext.isEstablished(); }