You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by dr...@apache.org on 2015/01/22 01:56:49 UTC
[25/50] [abbrv] directory-kerberos git commit: Many changes with
newname
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/test/TestAsReqCodec.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/test/TestAsReqCodec.java b/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/test/TestAsReqCodec.java
new file mode 100644
index 0000000..f86c3de
--- /dev/null
+++ b/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/test/TestAsReqCodec.java
@@ -0,0 +1,97 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.codec.test;
+
+import org.apache.kerby.kerberos.kerb.spec.common.EncryptionType;
+import org.apache.kerby.kerberos.kerb.spec.common.HostAddrType;
+import org.apache.kerby.kerberos.kerb.spec.common.KrbMessageType;
+import org.apache.kerby.kerberos.kerb.spec.common.NameType;
+import org.apache.kerby.kerberos.kerb.spec.kdc.AsReq;
+import org.apache.kerby.kerberos.kerb.spec.pa.PaDataType;
+import org.junit.Assert;
+import org.junit.Test;
+
+import java.io.IOException;
+import java.nio.ByteBuffer;
+import java.text.ParseException;
+import java.text.SimpleDateFormat;
+import java.util.Arrays;
+import java.util.Date;
+import java.util.List;
+import java.util.SimpleTimeZone;
+
+/**
+ * Test AsReq message using a real 'correct' network packet captured from MS-AD to detective programming errors
+ * and compatibility issues particularly regarding Kerberos crypto.
+ */
+public class TestAsReqCodec {
+
+ @Test
+ public void test() throws IOException, ParseException {
+ byte[] bytes = CodecTestUtil.readBinaryFile("/asreq.token");
+ ByteBuffer asreqToken = ByteBuffer.wrap(bytes);
+
+ AsReq asReq = new AsReq();
+ asReq.decode(asreqToken);
+
+ Assert.assertEquals(asReq.getPvno(), 5);
+ Assert.assertEquals(asReq.getMsgType(), KrbMessageType.AS_REQ);
+
+ Assert.assertEquals(asReq.getPaData().findEntry(PaDataType.ENC_TIMESTAMP).getPaDataType(), PaDataType.ENC_TIMESTAMP);
+ byte[] paDataEncTimestampValue = Arrays.copyOfRange(bytes, 33, 96);
+ byte[] paDataEncTimestampRealValue = asReq.getPaData().findEntry(PaDataType.ENC_TIMESTAMP).getPaDataValue();
+ Assert.assertTrue(Arrays.equals(paDataEncTimestampValue, paDataEncTimestampRealValue));
+ Assert.assertEquals(asReq.getPaData().findEntry(PaDataType.PAC_REQUEST).getPaDataType(), PaDataType.PAC_REQUEST);
+ byte[] paPacRequestValue = Arrays.copyOfRange(bytes, 108, 115);
+ byte[] paPacRequestRealValue = asReq.getPaData().findEntry(PaDataType.PAC_REQUEST).getPaDataValue();
+ Assert.assertTrue(Arrays.equals(paPacRequestValue, paPacRequestRealValue));
+
+ Assert.assertEquals(asReq.getReqBody().getKdcOptions().getPadding(), 0);
+ Assert.assertTrue(Arrays.equals(asReq.getReqBody().getKdcOptions().getValue(), Arrays.copyOfRange(bytes, 126, 130)));
+
+ Assert.assertEquals(asReq.getReqBody().getCname().getNameType(), NameType.NT_PRINCIPAL);
+ Assert.assertEquals(asReq.getReqBody().getCname().getName(), "des");
+ Assert.assertEquals(asReq.getReqBody().getRealm(), "DENYDC");
+ Assert.assertEquals(asReq.getReqBody().getSname().getNameType(), NameType.NT_SRV_INST);
+ Assert.assertEquals(asReq.getReqBody().getSname().getNameStrings().get(0), "krbtgt");
+ Assert.assertEquals(asReq.getReqBody().getSname().getNameStrings().get(1), "DENYDC");
+
+ SimpleDateFormat sdf = new SimpleDateFormat("yyyyMMddHHmmss");
+ sdf.setTimeZone(new SimpleTimeZone(0, "Z"));
+ Date date = sdf.parse("20370913024805");
+ Assert.assertEquals(asReq.getReqBody().getTill().getTime(), date.getTime());
+ Assert.assertEquals(asReq.getReqBody().getRtime().getTime(), date.getTime());
+
+ Assert.assertEquals(asReq.getReqBody().getNonce(), 197451134);
+
+ List<EncryptionType> types = asReq.getReqBody().getEtypes();
+ Assert.assertEquals(types.get(0).getValue(), 0x0017);
+ //Assert.assertEquals(types.get(1).getValue(), 0xff7b);//FIXME
+ //Assert.assertEquals(types.get(2).getValue(), 0x0080);//FIXME
+ Assert.assertEquals(types.get(3).getValue(), 0x0003);
+ Assert.assertEquals(types.get(4).getValue(), 0x0001);
+ Assert.assertEquals(types.get(5).getValue(), 0x0018);
+ //Assert.assertEquals(types.get(6).getValue(), 0xff79);//FIXME
+
+ Assert.assertEquals(asReq.getReqBody().getAddresses().getElements().size(), 1);
+ Assert.assertEquals(asReq.getReqBody().getAddresses().getElements().get(0).getAddrType(), HostAddrType.ADDRTYPE_NETBIOS);
+ //FIXME net bios name
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/test/TestKerberos.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/test/TestKerberos.java b/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/test/TestKerberos.java
new file mode 100644
index 0000000..45fb075
--- /dev/null
+++ b/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/test/TestKerberos.java
@@ -0,0 +1,267 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.codec.test;
+
+import org.apache.kerby.kerberos.kerb.codec.kerberos.AuthzDataUtil;
+import org.apache.kerby.kerberos.kerb.codec.kerberos.KerberosCredentials;
+import org.apache.kerby.kerberos.kerb.codec.kerberos.KerberosTicket;
+import org.apache.kerby.kerberos.kerb.codec.kerberos.KerberosToken;
+import org.apache.kerby.kerberos.kerb.codec.pac.Pac;
+import org.apache.kerby.kerberos.kerb.codec.pac.PacLogonInfo;
+import org.apache.kerby.kerberos.kerb.codec.pac.PacSid;
+import org.apache.kerby.kerberos.kerb.spec.common.AuthorizationData;
+import org.apache.kerby.kerberos.kerb.spec.common.EncryptionKey;
+import org.apache.kerby.kerberos.kerb.spec.common.EncryptionType;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.ArrayList;
+import java.util.List;
+
+public class TestKerberos {
+
+ private byte[] rc4Token;
+ private byte[] desToken;
+ private byte[] aes128Token;
+ private byte[] aes256Token;
+ private byte[] corruptToken;
+ private EncryptionKey rc4Key;
+ private EncryptionKey desKey;
+ private EncryptionKey aes128Key;
+ private EncryptionKey aes256Key;
+ private EncryptionKey corruptKey;
+
+ @Before
+ public void setUp() throws IOException {
+ InputStream file;
+ byte[] keyData;
+
+ file = this.getClass().getClassLoader().getResourceAsStream("rc4-kerberos-data");
+ rc4Token = new byte[file.available()];
+ file.read(rc4Token);
+ file.close();
+
+ file = this.getClass().getClassLoader().getResourceAsStream("des-kerberos-data");
+ desToken = new byte[file.available()];
+ file.read(desToken);
+ file.close();
+
+ file = this.getClass().getClassLoader().getResourceAsStream("aes128-kerberos-data");
+ aes128Token = new byte[file.available()];
+ file.read(aes128Token);
+ file.close();
+
+ file = this.getClass().getClassLoader().getResourceAsStream("aes256-kerberos-data");
+ aes256Token = new byte[file.available()];
+ file.read(aes256Token);
+ file.close();
+
+ corruptToken = new byte[]{1, 2, 3, 4, 5, 6};
+
+ file = this.getClass().getClassLoader().getResourceAsStream("rc4-key-data");
+ keyData = new byte[file.available()];
+ file.read(keyData);
+ rc4Key = new EncryptionKey(23, keyData, 2);
+ file.close();
+
+ file = this.getClass().getClassLoader().getResourceAsStream("des-key-data");
+ keyData = new byte[file.available()];
+ file.read(keyData);
+ desKey = new EncryptionKey(3, keyData, 2);
+ file.close();
+
+ file = this.getClass().getClassLoader().getResourceAsStream("aes128-key-data");
+ keyData = new byte[file.available()];
+ file.read(keyData);
+ aes128Key = new EncryptionKey(17, keyData, 2);
+ file.close();
+
+ file = this.getClass().getClassLoader().getResourceAsStream("aes256-key-data");
+ keyData = new byte[file.available()];
+ file.read(keyData);
+ aes256Key = new EncryptionKey(18, keyData, 2);
+ file.close();
+
+ corruptKey = new EncryptionKey(23, new byte[]{5, 4, 2, 1, 5, 4, 2, 1, 3}, 2);
+ }
+
+ @Test
+ public void testRc4Ticket() throws Exception {
+ KerberosToken token = new KerberosToken(rc4Token, rc4Key);
+
+ Assert.assertNotNull(token);
+ Assert.assertNotNull(token.getApRequest());
+
+ KerberosTicket ticket = token.getApRequest().getTicket();
+ Assert.assertNotNull(ticket);
+ Assert.assertEquals("HTTP/server.test.domain.com", ticket.getServerPrincipalName());
+ Assert.assertEquals("DOMAIN.COM", ticket.getServerRealm());
+ Assert.assertEquals("user.test", ticket.getUserPrincipalName());
+ Assert.assertEquals("DOMAIN.COM", ticket.getUserRealm());
+ }
+
+ //@Test
+ public void testDesTicket() throws Exception {
+ KerberosToken token = new KerberosToken(desToken, desKey);
+
+ Assert.assertNotNull(token);
+ Assert.assertNotNull(token.getApRequest());
+
+ KerberosTicket ticket = token.getApRequest().getTicket();
+ Assert.assertNotNull(ticket);
+ Assert.assertEquals("HTTP/server.test.domain.com", ticket.getServerPrincipalName());
+ Assert.assertEquals("DOMAIN.COM", ticket.getServerRealm());
+ Assert.assertEquals("user.test@domain.com", ticket.getUserPrincipalName());
+ Assert.assertEquals("DOMAIN.COM", ticket.getUserRealm());
+ }
+
+ @Test
+ public void testAes128Ticket() throws Exception {
+ KerberosToken token = null;
+ token = new KerberosToken(aes128Token, aes128Key);
+
+ Assert.assertNotNull(token);
+ Assert.assertNotNull(token.getApRequest());
+
+ KerberosTicket ticket = token.getApRequest().getTicket();
+ Assert.assertNotNull(ticket);
+ Assert.assertEquals("HTTP/server.test.domain.com", ticket.getServerPrincipalName());
+ Assert.assertEquals("DOMAIN.COM", ticket.getServerRealm());
+ Assert.assertEquals("user.test", ticket.getUserPrincipalName());
+ Assert.assertEquals("DOMAIN.COM", ticket.getUserRealm());
+ }
+
+ @Test
+ public void testAes256Ticket() throws Exception {
+ KerberosToken token = null;
+ token = new KerberosToken(aes256Token, aes256Key);
+
+ Assert.assertNotNull(token);
+ Assert.assertNotNull(token.getApRequest());
+
+ KerberosTicket ticket = token.getApRequest().getTicket();
+ Assert.assertNotNull(ticket);
+ Assert.assertEquals("HTTP/server.test.domain.com", ticket.getServerPrincipalName());
+ Assert.assertEquals("DOMAIN.COM", ticket.getServerRealm());
+ Assert.assertEquals("user.test", ticket.getUserPrincipalName());
+ Assert.assertEquals("DOMAIN.COM", ticket.getUserRealm());
+ }
+
+ @Test
+ public void testCorruptTicket() {
+ KerberosToken token = null;
+ try {
+ token = new KerberosToken(corruptToken, rc4Key);
+ Assert.fail("Should have thrown Exception.");
+ } catch(Exception e) {
+ Assert.assertNotNull(e);
+ Assert.assertNull(token);
+ }
+ }
+
+ @Test
+ public void testEmptyTicket() {
+ KerberosToken token = null;
+ try {
+ token = new KerberosToken(new byte[0], rc4Key);
+ Assert.fail("Should have thrown Exception.");
+ } catch(Exception e) {
+ Assert.assertNotNull(e);
+ Assert.assertNull(token);
+ }
+ }
+
+ @Test
+ public void testNullTicket() throws Exception {
+ KerberosToken token = null;
+ try {
+ token = new KerberosToken(null, rc4Key);
+ Assert.fail("Should have thrown NullPointerException.");
+ } catch(IOException e) {
+ e.printStackTrace();
+ Assert.fail(e.getMessage());
+ } catch(NullPointerException e) {
+ Assert.assertNotNull(e);
+ Assert.assertNull(token);
+ }
+ }
+
+ @Test
+ public void testCorruptKey() {
+ KerberosToken token = null;
+ try {
+ token = new KerberosToken(rc4Token, corruptKey);
+ Assert.fail("Should have thrown Exception.");
+ } catch(Exception e) {
+ Assert.assertNotNull(e);
+ Assert.assertNull(token);
+ }
+ }
+
+ @Test
+ public void testNoMatchingKey() {
+ KerberosToken token = null;
+ try {
+ token = new KerberosToken(rc4Token, desKey);
+ Assert.fail("Should have thrown Exception.");
+ } catch(Exception e) {
+ Assert.assertNotNull(e);
+ Assert.assertNull(token);
+ }
+ }
+
+ @Test
+ public void testKerberosPac() throws Exception {
+ KerberosToken token = new KerberosToken(rc4Token, rc4Key);
+
+ Assert.assertNotNull(token);
+ Assert.assertNotNull(token.getApRequest());
+
+ KerberosTicket ticket = token.getApRequest().getTicket();
+ Assert.assertNotNull(ticket);
+
+ AuthorizationData authzData = ticket.getAuthorizationData();
+ Assert.assertNotNull(authzData);
+ Assert.assertTrue(authzData.getElements().size() > 0);
+
+ EncryptionType eType = ticket.getTicket().getEncPart().getKey().getKeyType();
+ Pac pac = AuthzDataUtil.getPac(authzData,
+ KerberosCredentials.getServerKey(eType).getKeyData());
+ Assert.assertNotNull(pac);
+
+ PacLogonInfo logonInfo = pac.getLogonInfo();
+ Assert.assertNotNull(logonInfo);
+
+ List<String> sids = new ArrayList<String>();
+ if(logonInfo.getGroupSid() != null)
+ sids.add(logonInfo.getGroupSid().toString());
+ for(PacSid pacSid : logonInfo.getGroupSids())
+ sids.add(pacSid.toString());
+ for(PacSid pacSid : logonInfo.getExtraSids())
+ sids.add(pacSid.toString());
+ for(PacSid pacSid : logonInfo.getResourceGroupSids())
+ sids.add(pacSid.toString());
+
+ Assert.assertEquals(ticket.getUserPrincipalName(), logonInfo.getUserName());
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/test/TestPac.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/test/TestPac.java b/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/test/TestPac.java
new file mode 100644
index 0000000..c8ec0c9
--- /dev/null
+++ b/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/test/TestPac.java
@@ -0,0 +1,154 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.codec.test;
+
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.codec.pac.Pac;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+
+import java.io.IOException;
+import java.io.InputStream;
+
+public class TestPac {
+
+ private byte[] rc4Data;
+ private byte[] desData;
+ private byte[] corruptData;
+ private byte[] rc4Key;
+ private byte[] desKey;
+ private byte[] corruptKey;
+
+ @Before
+ public void setUp() throws IOException {
+ InputStream file;
+ byte[] keyData;
+
+ file = this.getClass().getClassLoader().getResourceAsStream("rc4-pac-data");
+ rc4Data = new byte[file.available()];
+ file.read(rc4Data);
+ file.close();
+
+ file = this.getClass().getClassLoader().getResourceAsStream("des-pac-data");
+ desData = new byte[file.available()];
+ file.read(desData);
+ file.close();
+
+ corruptData = new byte[]{5, 4, 2, 1, 5, 4, 2, 1, 3};
+
+ file = this.getClass().getClassLoader().getResourceAsStream("rc4-key-data");
+ keyData = new byte[file.available()];
+ file.read(keyData);
+ rc4Key = keyData;
+ file.close();
+
+ file = this.getClass().getClassLoader().getResourceAsStream("des-key-data");
+ keyData = new byte[file.available()];
+ file.read(keyData);
+ desKey = keyData;
+ file.close();
+
+ corruptKey = new byte[]{5, 4, 2, 1, 5, 4, 2, 1, 3};
+ }
+
+ @Test
+ public void testRc4Pac() throws KrbException {
+ Pac pac = new Pac(rc4Data, rc4Key);
+
+ Assert.assertNotNull(pac);
+ Assert.assertNotNull(pac.getLogonInfo());
+
+ Assert.assertEquals("user.test", pac.getLogonInfo().getUserName());
+ Assert.assertEquals("User Test", pac.getLogonInfo().getUserDisplayName());
+ Assert.assertEquals(0, pac.getLogonInfo().getBadPasswordCount());
+ Assert.assertEquals(32, pac.getLogonInfo().getUserFlags());
+ Assert.assertEquals(46, pac.getLogonInfo().getLogonCount());
+ Assert.assertEquals("DOMAIN", pac.getLogonInfo().getDomainName());
+ Assert.assertEquals("WS2008", pac.getLogonInfo().getServerName());
+ }
+
+ @Test
+ public void testDesPac() throws KrbException {
+ Pac pac = new Pac(desData, desKey);
+
+ Assert.assertNotNull(pac);
+ Assert.assertNotNull(pac.getLogonInfo());
+
+ Assert.assertEquals("user.test", pac.getLogonInfo().getUserName());
+ Assert.assertEquals("User Test", pac.getLogonInfo().getUserDisplayName());
+ Assert.assertEquals(0, pac.getLogonInfo().getBadPasswordCount());
+ Assert.assertEquals(32, pac.getLogonInfo().getUserFlags());
+ Assert.assertEquals(48, pac.getLogonInfo().getLogonCount());
+ Assert.assertEquals("DOMAIN", pac.getLogonInfo().getDomainName());
+ Assert.assertEquals("WS2008", pac.getLogonInfo().getServerName());
+ }
+
+ @Test
+ public void testCorruptPac() {
+ Pac pac = null;
+ try {
+ pac = new Pac(corruptData, rc4Key);
+ Assert.fail("Should have thrown KrbException.");
+ } catch(KrbException e) {
+ Assert.assertNotNull(e);
+ Assert.assertNull(pac);
+ }
+ }
+
+ @Test
+ public void testEmptyPac() {
+ Pac pac = null;
+ try {
+ pac = new Pac(new byte[0], rc4Key);
+ Assert.fail("Should have thrown KrbException.");
+ } catch(KrbException e) {
+ Assert.assertNotNull(e);
+ Assert.assertNull(pac);
+ }
+ }
+
+ @Test
+ public void testNullPac() {
+ Pac pac = null;
+ try {
+ pac = new Pac(null, rc4Key);
+ Assert.fail("Should have thrown NullPointerException.");
+ } catch(KrbException e) {
+ e.printStackTrace();
+ Assert.fail(e.getMessage());
+ } catch(NullPointerException e) {
+ Assert.assertNotNull(e);
+ Assert.assertNull(pac);
+ }
+ }
+
+ @Test
+ public void testCorruptKey() {
+ Pac pac = null;
+ try {
+ pac = new Pac(rc4Data, corruptKey);
+ Assert.fail("Should have thrown KrbException.");
+ } catch(KrbException e) {
+ Assert.assertNotNull(e);
+ Assert.assertNull(pac);
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/test/TestSpnego.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/test/TestSpnego.java b/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/test/TestSpnego.java
new file mode 100644
index 0000000..b3c0019
--- /dev/null
+++ b/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/test/TestSpnego.java
@@ -0,0 +1,172 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.codec.test;
+
+import org.apache.kerby.kerberos.kerb.codec.spnego.SpnegoConstants;
+import org.apache.kerby.kerberos.kerb.codec.spnego.SpnegoInitToken;
+import org.apache.kerby.kerberos.kerb.codec.spnego.SpnegoToken;
+import org.junit.Assert;
+
+import java.io.IOException;
+import java.io.InputStream;
+
+public class TestSpnego {
+
+ private byte[] rc4Token;
+ private byte[] desToken;
+ private byte[] aes128Token;
+ private byte[] aes256Token;
+ private byte[] corruptToken;
+
+ //@Before
+ public void setUp() throws IOException {
+ InputStream file;
+
+ file = this.getClass().getClassLoader().getResourceAsStream("rc4-spnego-data");
+ rc4Token = new byte[file.available()];
+ file.read(rc4Token);
+ file.close();
+
+ file = this.getClass().getClassLoader().getResourceAsStream("des-spnego-data");
+ desToken = new byte[file.available()];
+ file.read(desToken);
+ file.close();
+
+ file = this.getClass().getClassLoader().getResourceAsStream("aes128-spnego-data");
+ aes128Token = new byte[file.available()];
+ file.read(aes128Token);
+ file.close();
+
+ file = this.getClass().getClassLoader().getResourceAsStream("aes256-spnego-data");
+ aes256Token = new byte[file.available()];
+ file.read(aes256Token);
+ file.close();
+
+ corruptToken = new byte[]{5, 4, 2, 1};
+ }
+
+ //@Test
+ public void testRc4Token() {
+ try {
+ SpnegoToken spnegoToken = SpnegoToken.parse(rc4Token);
+
+ Assert.assertNotNull(spnegoToken);
+ Assert.assertTrue(spnegoToken instanceof SpnegoInitToken);
+ Assert.assertNotNull(spnegoToken.getMechanismToken());
+ Assert.assertTrue(spnegoToken.getMechanismToken().length < rc4Token.length);
+ Assert.assertNotNull(spnegoToken.getMechanism());
+ Assert.assertEquals(SpnegoConstants.LEGACY_KERBEROS_MECHANISM, spnegoToken.getMechanism());
+ } catch(IOException e) {
+ e.printStackTrace();
+ Assert.fail(e.getMessage());
+ }
+ }
+
+ //@Test
+ public void testDesToken() {
+ try {
+ SpnegoToken spnegoToken = SpnegoToken.parse(desToken);
+
+ Assert.assertNotNull(spnegoToken);
+ Assert.assertTrue(spnegoToken instanceof SpnegoInitToken);
+ Assert.assertNotNull(spnegoToken.getMechanismToken());
+ Assert.assertTrue(spnegoToken.getMechanismToken().length < desToken.length);
+ Assert.assertNotNull(spnegoToken.getMechanism());
+ Assert.assertEquals(SpnegoConstants.LEGACY_KERBEROS_MECHANISM, spnegoToken.getMechanism());
+ } catch(IOException e) {
+ e.printStackTrace();
+ Assert.fail(e.getMessage());
+ }
+ }
+
+ //@Test
+ public void testAes128Token() {
+ try {
+ SpnegoToken spnegoToken = SpnegoToken.parse(aes128Token);
+
+ Assert.assertNotNull(spnegoToken);
+ Assert.assertTrue(spnegoToken instanceof SpnegoInitToken);
+ Assert.assertNotNull(spnegoToken.getMechanismToken());
+ Assert.assertTrue(spnegoToken.getMechanismToken().length < aes128Token.length);
+ Assert.assertNotNull(spnegoToken.getMechanism());
+ Assert.assertEquals(SpnegoConstants.LEGACY_KERBEROS_MECHANISM, spnegoToken.getMechanism());
+ } catch(IOException e) {
+ e.printStackTrace();
+ Assert.fail(e.getMessage());
+ }
+ }
+
+ //@Test
+ public void testAes256Token() {
+ try {
+ SpnegoToken spnegoToken = SpnegoToken.parse(aes256Token);
+
+ Assert.assertNotNull(spnegoToken);
+ Assert.assertTrue(spnegoToken instanceof SpnegoInitToken);
+ Assert.assertNotNull(spnegoToken.getMechanismToken());
+ Assert.assertTrue(spnegoToken.getMechanismToken().length < aes256Token.length);
+ Assert.assertNotNull(spnegoToken.getMechanism());
+ Assert.assertEquals(SpnegoConstants.LEGACY_KERBEROS_MECHANISM, spnegoToken.getMechanism());
+ } catch(IOException e) {
+ e.printStackTrace();
+ Assert.fail(e.getMessage());
+ }
+ }
+
+ //@Test
+ public void testEmptyToken() {
+ SpnegoToken spnegoToken = null;
+ try {
+ spnegoToken = SpnegoToken.parse(new byte[0]);
+ Assert.fail("Should have thrown DecodingException.");
+ } catch(IOException e) {
+ Assert.assertNotNull(e);
+ Assert.assertNull(spnegoToken);
+ }
+ }
+
+ //@Test
+ public void testCorruptToken() {
+ SpnegoToken spnegoToken = null;
+ try {
+ spnegoToken = SpnegoToken.parse(corruptToken);
+ Assert.fail("Should have thrown DecodingException.");
+ } catch(IOException e) {
+ Assert.assertNotNull(e);
+ Assert.assertNull(spnegoToken);
+ }
+ }
+
+ //@Test
+ public void testNullToken() {
+ SpnegoToken spnegoToken = null;
+ try {
+ spnegoToken = SpnegoToken.parse(null);
+ Assert.fail("Should have thrown NullPointerException.");
+ } catch(IOException e) {
+ e.printStackTrace();
+ Assert.fail(e.getMessage());
+ } catch(NullPointerException e) {
+ Assert.assertNotNull(e);
+ Assert.assertNull(spnegoToken);
+ }
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/test/TestTgsRepCodec.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/test/TestTgsRepCodec.java b/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/test/TestTgsRepCodec.java
new file mode 100644
index 0000000..0510e6d
--- /dev/null
+++ b/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/test/TestTgsRepCodec.java
@@ -0,0 +1,70 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.codec.test;
+
+import org.apache.kerby.kerberos.kerb.spec.common.KrbMessageType;
+import org.apache.kerby.kerberos.kerb.spec.common.NameType;
+import org.apache.kerby.kerberos.kerb.spec.common.PrincipalName;
+import org.apache.kerby.kerberos.kerb.spec.kdc.TgsRep;
+import org.apache.kerby.kerberos.kerb.spec.ticket.Ticket;
+import org.junit.Assert;
+import org.junit.Test;
+
+import java.io.IOException;
+
+/**
+ * Test TgsRep message using a real 'correct' network packet captured from MS-AD to detective programming errors
+ * and compatibility issues particularly regarding Kerberos crypto.
+ */
+public class TestTgsRepCodec {
+
+ @Test
+ public void test() throws IOException {
+ byte[] bytes = CodecTestUtil.readBinaryFile("/tgsrep.token");
+ TgsRep tgsRep = new TgsRep();
+ tgsRep.decode(bytes);
+
+ Assert.assertEquals(tgsRep.getPvno(), 5);
+ Assert.assertEquals(tgsRep.getMsgType(), KrbMessageType.TGS_REP);
+ Assert.assertEquals(tgsRep.getCrealm(), "DENYDC.COM");
+
+ PrincipalName cname = tgsRep.getCname();
+ Assert.assertEquals(cname.getNameType(), NameType.NT_PRINCIPAL);
+ Assert.assertEquals(cname.getNameStrings().size(), 1);
+ Assert.assertEquals(cname.getNameStrings().iterator().next(), "des");
+
+ Ticket ticket = tgsRep.getTicket();
+ Assert.assertEquals(ticket.getTktvno(), 5);
+ Assert.assertEquals(ticket.getRealm(), "DENYDC.COM");
+ PrincipalName sname = ticket.getSname();
+ Assert.assertEquals(sname.getNameType(), NameType.NT_SRV_HST);
+ Assert.assertEquals(sname.getNameStrings().size(), 2);
+ Assert.assertEquals(sname.getNameStrings().get(0), "host");
+ Assert.assertEquals(sname.getNameStrings().get(1), "xp1.denydc.com");
+ //EncTicketPart encTicketPart = ticket.getEncPart();//FIXME null pointer!!
+ //Assert.assertEquals(encTicketPart.getKey().getKeyType().getValue(), 23);
+ //Assert.assertEquals(encTicketPart.getKey().getKvno(), 2);
+ //TODO decode cipher
+
+ //EncKdcRepPart encKdcRepPart = tgsRep.getEncPart();//FIXME null pointer!!
+ //Assert.assertEquals(encKdcRepPart.getKey().getKeyType().getValue(), 3);
+ //TODO decode cinpher
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/test/TestTgsReqCodec.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/test/TestTgsReqCodec.java b/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/test/TestTgsReqCodec.java
new file mode 100644
index 0000000..1c06024
--- /dev/null
+++ b/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/test/TestTgsReqCodec.java
@@ -0,0 +1,94 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.codec.test;
+
+import org.apache.kerby.kerberos.kerb.spec.common.EncryptionType;
+import org.apache.kerby.kerberos.kerb.spec.common.KrbMessageType;
+import org.apache.kerby.kerberos.kerb.spec.common.NameType;
+import org.apache.kerby.kerberos.kerb.spec.common.PrincipalName;
+import org.apache.kerby.kerberos.kerb.spec.kdc.KdcReqBody;
+import org.apache.kerby.kerberos.kerb.spec.kdc.TgsReq;
+import org.apache.kerby.kerberos.kerb.spec.pa.PaData;
+import org.apache.kerby.kerberos.kerb.spec.pa.PaDataEntry;
+import org.apache.kerby.kerberos.kerb.spec.pa.PaDataType;
+import org.junit.Assert;
+import org.junit.Test;
+
+import java.io.IOException;
+import java.text.ParseException;
+import java.text.SimpleDateFormat;
+import java.util.Arrays;
+import java.util.Date;
+import java.util.List;
+import java.util.SimpleTimeZone;
+
+/**
+ * Test TgsReq message using a real 'correct' network packet captured from MS-AD to detective programming errors
+ * and compatibility issues particularly regarding Kerberos crypto.
+ */
+public class TestTgsReqCodec {
+
+ @Test
+ public void test() throws IOException, ParseException {
+ byte[] bytes = CodecTestUtil.readBinaryFile("/tgsreq.token");
+ TgsReq tgsReq = new TgsReq();
+ tgsReq.decode(bytes);
+
+ Assert.assertEquals(tgsReq.getPvno(), 5);
+ Assert.assertEquals(tgsReq.getMsgType(), KrbMessageType.TGS_REQ);
+
+ PaData paData = tgsReq.getPaData();
+ Assert.assertEquals(paData.getElements().size(), 1);
+ PaDataEntry entry = paData.getElements().iterator().next();
+ Assert.assertEquals(entry.getPaDataType(), PaDataType.TGS_REQ);
+ //TODO Decode:padata-value
+
+ //request body
+ KdcReqBody body = tgsReq.getReqBody();
+ Assert.assertEquals(body.getKdcOptions().getPadding(), 0);
+ byte[] kdcOptionsValue = {64, (byte) 128, 0, 0};
+ Assert.assertTrue(Arrays.equals(body.getKdcOptions().getValue(), kdcOptionsValue));
+
+ Assert.assertEquals(body.getRealm(), "DENYDC.COM");
+
+ PrincipalName sname = body.getSname();
+ Assert.assertEquals(sname.getNameType(), NameType.NT_SRV_HST);
+ Assert.assertEquals(sname.getNameStrings().size(), 2);
+ Assert.assertEquals(sname.getNameStrings().get(0), "host");
+ Assert.assertEquals(sname.getNameStrings().get(1), "xp1.denydc.com");
+
+ SimpleDateFormat sdf = new SimpleDateFormat("yyyyMMddHHmmss");
+ sdf.setTimeZone(new SimpleTimeZone(0, "Z"));
+ Date date = sdf.parse("20370913024805");
+ Assert.assertEquals(tgsReq.getReqBody().getTill().getTime(), date.getTime());
+
+ Assert.assertEquals(body.getNonce(), 197296424);
+
+ List<EncryptionType> eTypes = body.getEtypes();
+ Assert.assertEquals(eTypes.size(), 7);
+ Assert.assertEquals(eTypes.get(0).getValue(), 23);
+ //Assert.assertEquals(eTypes.get(1).getValue(), -133);//FIXME
+ //Assert.assertEquals(eTypes.get(2).getValue(), -128);//FIXME
+ Assert.assertEquals(eTypes.get(3).getValue(), 3);
+ Assert.assertEquals(eTypes.get(4).getValue(), 1);
+ Assert.assertEquals(eTypes.get(5).getValue(), 24);
+ //Assert.assertEquals(eTypes.get(6).getValue(), -135);//FIXME
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-core/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/pom.xml b/kerby-kerb/kerb-core/pom.xml
new file mode 100644
index 0000000..9bd0963
--- /dev/null
+++ b/kerby-kerb/kerb-core/pom.xml
@@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License. See accompanying LICENSE file.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+
+ <parent>
+ <groupId>org.apache.kerby</groupId>
+ <artifactId>kerby-kerb</artifactId>
+ <version>1.0-SNAPSHOT</version>
+ </parent>
+
+ <artifactId>kerb-core</artifactId>
+
+ <name>Kerby-kerb core</name>
+ <description>Kerby-kerb core facilities</description>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.kerby</groupId>
+ <artifactId>kerby-asn1</artifactId>
+ <version>1.0-SNAPSHOT</version>
+ </dependency>
+
+ </dependencies>
+</project>
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/KrbConstant.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/KrbConstant.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/KrbConstant.java
new file mode 100644
index 0000000..e6eabcb
--- /dev/null
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/KrbConstant.java
@@ -0,0 +1,26 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb;
+
+public interface KrbConstant {
+ public final static int KRB_V5 = 5;
+
+ public final static String TGS_PRINCIPAL = "krbtgt";
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/KrbErrorCode.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/KrbErrorCode.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/KrbErrorCode.java
new file mode 100644
index 0000000..43a0b07
--- /dev/null
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/KrbErrorCode.java
@@ -0,0 +1,128 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb;
+
+import org.apache.kerby.kerberos.kerb.spec.KrbEnum;
+
+public enum KrbErrorCode implements KrbEnum {
+ KDC_ERR_NONE(0, "No error"),
+ KDC_ERR_NAME_EXP(1, "Client's entry in database has expired"),
+ KDC_ERR_SERVICE_EXP(2, "Server's entry in database has expired"),
+ KDC_ERR_BAD_PVNO(3, "Requested protocol version number not supported"),
+ KDC_ERR_C_OLD_MAST_KVNO(4, "Client's key encrypted in old master key"),
+ KDC_ERR_S_OLD_MAST_KVNO(5, "Server's key encrypted in old master key"),
+ KDC_ERR_C_PRINCIPAL_UNKNOWN(6, "Client not found in Kerberos database"),
+ KDC_ERR_S_PRINCIPAL_UNKNOWN(7, "Server not found in Kerberos database"),
+ KDC_ERR_PRINCIPAL_NOT_UNIQUE(8, "Multiple principal entries in database"),
+ KDC_ERR_NULL_KEY(9, "The client or server has a null key"),
+ KDC_ERR_CANNOT_POSTDATE(10, "Ticket not eligible for postdating"),
+ KDC_ERR_NEVER_VALID(11, "Requested start time is later than end time"),
+ KDC_ERR_POLICY(12, "KDC policy rejects request"),
+ KDC_ERR_BADOPTION(13, "KDC cannot accommodate requested option"),
+ KDC_ERR_ETYPE_NOSUPP(14, "KDC has no support for encryption type"),
+ KDC_ERR_SUMTYPE_NOSUPP(15, "KDC has no support for checksum type"),
+ KDC_ERR_PADATA_TYPE_NOSUPP(16, "KDC has no support for padata type"),
+ KDC_ERR_TRTYPE_NOSUPP(17, "KDC has no support for transited type"),
+ KDC_ERR_CLIENT_REVOKED(18, "Clients credentials have been revoked"),
+ KDC_ERR_SERVICE_REVOKED(19, "Credentials for server have been revoked"),
+ KDC_ERR_TGT_REVOKED(20, "TGT has been revoked"),
+ KDC_ERR_CLIENT_NOTYET(21, "Client not yet valid; try again later"),
+ KDC_ERR_SERVICE_NOTYET(22, "Server not yet valid; try again later"),
+ KDC_ERR_KEY_EXPIRED(23, "Password has expired; change password to reset"),
+ KDC_ERR_PREAUTH_FAILED(24, "Pre-authentication information was invalid"),
+ KDC_ERR_PREAUTH_REQUIRED(25, "Additional pre-authentication required"),
+ KDC_ERR_SERVER_NOMATCH(26, "Requested server and ticket don't match"),
+ KDC_ERR_MUST_USE_USER2USER(27, "Server valid for user2user only"),
+ KDC_ERR_PATH_NOT_ACCEPTED(28, "KDC Policy rejects transited path"),
+ KDC_ERR_SVC_UNAVAILABLE(29, "A service is not available"),
+ KRB_AP_ERR_BAD_INTEGRITY(31, "Integrity check on decrypted field failed"),
+ KRB_AP_ERR_TKT_EXPIRED(32, "Ticket expired"),
+ KRB_AP_ERR_TKT_NYV(33, "Ticket not yet valid"),
+ KRB_AP_ERR_REPEAT(34, "Request is a replay"),
+ KRB_AP_ERR_NOT_US(35, "The ticket isn't for us"),
+ KRB_AP_ERR_BADMATCH(36, "Ticket and authenticator don't match"),
+ KRB_AP_ERR_SKEW(37, "Clock skew too great"),
+ KRB_AP_ERR_BADADDR(38, "Incorrect net address"),
+ KRB_AP_ERR_BADVERSION(39, "Protocol version mismatch"),
+ KRB_AP_ERR_MSG_TYPE(40, "Invalid msg type"),
+ KRB_AP_ERR_MODIFIED(41, "Message stream modified"),
+ KRB_AP_ERR_BADORDER(42, "Message out of order"),
+ KRB_AP_ERR_BADKEYVER(44, "Specified version of key is not available"),
+ KRB_AP_ERR_NOKEY(45, "Service key not available"),
+ KRB_AP_ERR_MUT_FAIL(46, "Mutual authentication failed"),
+ KRB_AP_ERR_BADDIRECTION(47, "Incorrect message direction"),
+ KRB_AP_ERR_METHOD(48, "Alternative authentication method required"),
+ KRB_AP_ERR_BADSEQ(49, "Incorrect sequence number in message"),
+ KRB_AP_ERR_INAPP_CKSUM(50, "Inappropriate type of checksum in message"),
+ KRB_AP_PATH_NOT_ACCEPTED(51, "Policy rejects transited path"),
+ RESPONSE_TOO_BIG(52, "Response too big for UDP; retry with TCP"),
+ KRB_ERR_GENERIC(60, "Generic error (description in e-text)"),
+ FIELD_TOOLONG(61, "Field is too long for this implementation"),
+ KDC_ERR_CLIENT_NOT_TRUSTED(62, "Client is not trusted"),
+ KDC_NOT_TRUSTED(63, "KDC is not trusted"),
+ KDC_ERR_INVALID_SIG(64, "Signature is invalid"),
+ KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED(65, "Diffie-Hellman (DH) key parameters not accepted."),
+ CERTIFICATE_MISMATCH(66, "Certificates do not match"),
+ KRB_AP_ERR_NO_TGT(67, "No TGT available to validate USER-TO-USER"),
+ WRONG_REALM(68, "Wrong realm"),
+ KRB_AP_ERR_USER_TO_USER_REQUIRED(69, "Ticket must be for USER-TO-USER"),
+ KDC_ERR_CANT_VERIFY_CERTIFICATE(70, "Can't verify certificate"),
+ KDC_ERR_INVALID_CERTIFICATE(71, "Invalid certificate"),
+ KDC_ERR_REVOKED_CERTIFICATE(72, "Revoked certificate"),
+ KDC_ERR_REVOCATION_STATUS_UNKNOWN(73, "Revocation status unknown"),
+ REVOCATION_STATUS_UNAVAILABLE(74, "Revocation status unavailable"),
+ KDC_ERR_CLIENT_NAME_MISMATCH(75, "Client names do not match"),
+ KDC_NAME_MISMATCH(76, "KDC names do not match"),
+ KDC_ERR_INCONSISTENT_KEY_PURPOSE(77, "Inconsistent key purpose"),
+ KDC_ERR_DIGEST_IN_CERT_NOT_ACCEPTED(78, "Digest in certificate not accepted"),
+ KDC_ERR_PA_CHECKSUM_MUST_BE_INCLUDED(79, "PA checksum must be included"),
+ KDC_ERR_DIGEST_IN_SIGNED_DATA_NOT_ACCEPTED(80, "Digest in signed data not accepted"),
+ KDC_ERR_PUBLIC_KEY_ENCRYPTION_NOT_SUPPORTED(81, "Public key encryption not supported"),
+
+ KRB_TIMEOUT(5000, "Network timeout");
+
+ private final int value;
+ private final String message;
+
+ private KrbErrorCode(int value, String message) {
+ this.value = value;
+ this.message = message;
+ }
+
+ public static KrbErrorCode fromValue(Integer value) {
+ if (value != null) {
+ for (KrbEnum e : values()) {
+ if (e.getValue() == value.intValue()) {
+ return (KrbErrorCode) e;
+ }
+ }
+ }
+
+ return KRB_ERR_GENERIC;
+ }
+
+ public int getValue() {
+ return value;
+ }
+
+ public String getMessage() {
+ return message;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/KrbErrorException.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/KrbErrorException.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/KrbErrorException.java
new file mode 100644
index 0000000..e2c2658
--- /dev/null
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/KrbErrorException.java
@@ -0,0 +1,35 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb;
+
+import org.apache.kerby.kerberos.kerb.spec.common.KrbError;
+
+public class KrbErrorException extends KrbException {
+ private KrbError krbError;
+
+ public KrbErrorException(KrbError krbError) {
+ super(krbError.getErrorCode().getMessage());
+ this.krbError = krbError;
+ }
+
+ public KrbError getKrbError() {
+ return krbError;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/KrbException.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/KrbException.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/KrbException.java
new file mode 100644
index 0000000..878e264
--- /dev/null
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/KrbException.java
@@ -0,0 +1,43 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb;
+
+public class KrbException extends Exception {
+
+ public KrbException(String message) {
+ super(message);
+ }
+
+ public KrbException(String message, Throwable cause) {
+ super(message, cause);
+ }
+
+ public KrbException(KrbErrorCode errorCode) {
+ super(errorCode.getMessage());
+ }
+
+ public KrbException(KrbErrorCode errorCode, Throwable cause) {
+ super(errorCode.getMessage(), cause);
+ }
+
+ public KrbException(KrbErrorCode errorCode, String message) {
+ super(message + " with error code: " + errorCode.name());
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/codec/KrbCodec.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/codec/KrbCodec.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/codec/KrbCodec.java
new file mode 100644
index 0000000..8204267
--- /dev/null
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/codec/KrbCodec.java
@@ -0,0 +1,93 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.codec;
+
+import org.apache.kerby.asn1.LimitedByteBuffer;
+import org.apache.kerby.asn1.type.AbstractAsn1Type;
+import org.apache.kerby.asn1.type.Asn1Type;
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.spec.ap.ApReq;
+import org.apache.kerby.kerberos.kerb.spec.common.KrbMessage;
+import org.apache.kerby.kerberos.kerb.spec.common.KrbMessageType;
+import org.apache.kerby.kerberos.kerb.spec.kdc.AsRep;
+import org.apache.kerby.kerberos.kerb.spec.kdc.AsReq;
+import org.apache.kerby.kerberos.kerb.spec.kdc.TgsRep;
+import org.apache.kerby.kerberos.kerb.spec.kdc.TgsReq;
+
+import java.io.IOException;
+import java.nio.ByteBuffer;
+
+public class KrbCodec {
+
+ public static byte[] encode(Asn1Type krbObj) throws KrbException {
+ return krbObj.encode();
+ }
+
+ public static <T extends Asn1Type> T decode(byte[] content, Class<T> krbType) throws KrbException {
+ return decode(ByteBuffer.wrap(content), krbType);
+ }
+
+ public static <T extends Asn1Type> T decode(ByteBuffer content, Class<T> krbType) throws KrbException {
+ Asn1Type implObj = null;
+ try {
+ implObj = krbType.newInstance();
+ } catch (Exception e) {
+ throw new KrbException("Decoding failed", e);
+ }
+
+ try {
+ implObj.decode(content);
+ } catch (IOException e) {
+ throw new KrbException("Decoding failed", e);
+ }
+
+ return (T) implObj;
+ }
+
+ public static KrbMessage decodeMessage(ByteBuffer byteBuffer) throws IOException {
+ LimitedByteBuffer limitedBuffer = new LimitedByteBuffer(byteBuffer);
+ int tag = AbstractAsn1Type.readTag(limitedBuffer);
+ int tagNo = AbstractAsn1Type.readTagNo(limitedBuffer, tag);
+ int length = AbstractAsn1Type.readLength(limitedBuffer);
+ LimitedByteBuffer valueBuffer = new LimitedByteBuffer(limitedBuffer, length);
+
+ KrbMessage msg = null;
+ KrbMessageType msgType = KrbMessageType.fromValue(tagNo);
+ if (msgType == KrbMessageType.TGS_REQ) {
+ msg = new TgsReq();
+ } else if (msgType == KrbMessageType.AS_REP) {
+ msg = new AsRep();
+ } else if (msgType == KrbMessageType.AS_REQ) {
+ msg = new AsReq();
+ } else if (msgType == KrbMessageType.TGS_REP) {
+ msg = new TgsRep();
+ } else if (msgType == KrbMessageType.AP_REQ) {
+ msg = new ApReq();
+ } else if (msgType == KrbMessageType.AP_REP) {
+ msg = new ApReq();
+ } else {
+ throw new IOException("To be supported krb message type with tag: " + tag);
+ }
+ msg.decode(tag, tagNo, valueBuffer);
+
+ return msg;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/KerberosString.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/KerberosString.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/KerberosString.java
new file mode 100644
index 0000000..3078b72
--- /dev/null
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/KerberosString.java
@@ -0,0 +1,34 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.spec;
+
+import org.apache.kerby.asn1.type.Asn1GeneralString;
+
+/**
+ KerberosString ::= GeneralString -- (IA5String)
+ */
+public class KerberosString extends Asn1GeneralString {
+ public KerberosString() {
+ }
+
+ public KerberosString(String value) {
+ super(value);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/KerberosStrings.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/KerberosStrings.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/KerberosStrings.java
new file mode 100644
index 0000000..ce1e79a
--- /dev/null
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/KerberosStrings.java
@@ -0,0 +1,43 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.spec;
+
+import java.util.List;
+
+public class KerberosStrings extends KrbSequenceOfType<KerberosString> {
+
+ public KerberosStrings() {
+ super();
+ }
+
+ public KerberosStrings(List<String> strings) {
+ super();
+ setValues(strings);
+ }
+
+ public void setValues(List<String> values) {
+ clear();
+ if (values != null) {
+ for (String value : values) {
+ addElement(new KerberosString(value));
+ }
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/KerberosTime.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/KerberosTime.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/KerberosTime.java
new file mode 100644
index 0000000..3614253
--- /dev/null
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/KerberosTime.java
@@ -0,0 +1,118 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.spec;
+
+import org.apache.kerby.asn1.type.Asn1GeneralizedTime;
+
+import java.util.Date;
+import java.util.TimeZone;
+
+/**
+ KerberosTime ::= GeneralizedTime -- with no fractional seconds
+ */
+public class KerberosTime extends Asn1GeneralizedTime {
+ private static final TimeZone UTC = TimeZone.getTimeZone("UTC");
+
+ public static final KerberosTime NEVER = new KerberosTime(Long.MAX_VALUE);
+
+ public static final int MINUTE = 60000;
+
+ public static final int DAY = MINUTE * 1440;
+
+ public static final int WEEK = MINUTE * 10080;
+
+ public KerberosTime() {
+ super(0L);
+ }
+
+ /**
+ * time in milliseconds
+ */
+ public KerberosTime(long time) {
+ super(time);
+ }
+
+ /**
+ * Return time in milliseconds
+ */
+ public long getTime() {
+ if (getValue() != null) {
+ return getValue().getTime();
+ }
+ return 0L;
+ }
+
+ /**
+ * time in milliseconds
+ */
+ public void setTime(long time) {
+ setValue(new Date(time));
+ }
+
+ public long getTimeInSeconds() {
+ return getTime() / 1000;
+ }
+
+ public boolean lessThan(KerberosTime ktime) {
+ return getValue().compareTo(ktime.getValue()) < 0;
+ }
+
+ public boolean lessThan(long time) {
+ return getValue().getTime() <= time * 1000;
+ }
+
+ public boolean greaterThan(KerberosTime ktime) {
+ return getValue().compareTo(ktime.getValue()) > 0;
+ }
+
+ /**
+ * time in milliseconds
+ */
+ public boolean isInClockSkew(long clockSkew) {
+ long delta = Math.abs(getTime() - System.currentTimeMillis());
+
+ return delta < clockSkew;
+ }
+
+ public KerberosTime copy() {
+ long time = getTime();
+ KerberosTime result = new KerberosTime(time);
+ return result;
+ }
+
+ /**
+ * time in milliseconds
+ */
+ public KerberosTime extend(long duration) {
+ long result = getTime() + duration;
+ return new KerberosTime(result);
+ }
+
+ /**
+ * Return diff time in milliseconds
+ */
+ public long diff(KerberosTime other) {
+ return getTime() - other.getTime();
+ }
+
+ public static KerberosTime now() {
+ return new KerberosTime(new Date().getTime());
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/KrbAppSequenceType.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/KrbAppSequenceType.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/KrbAppSequenceType.java
new file mode 100644
index 0000000..bee83da
--- /dev/null
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/KrbAppSequenceType.java
@@ -0,0 +1,57 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.spec;
+
+import org.apache.kerby.asn1.type.Asn1FieldInfo;
+import org.apache.kerby.asn1.type.TaggingSequence;
+
+/**
+ * This is for application specific sequence tagged with a number.
+ */
+public abstract class KrbAppSequenceType extends TaggingSequence {
+ public KrbAppSequenceType(int tagNo, Asn1FieldInfo[] fieldInfos) {
+ super(tagNo, fieldInfos, true);
+ }
+
+ protected int getFieldAsInt(int index) {
+ Integer value = getFieldAsInteger(index);
+ if (value != null) {
+ return value.intValue();
+ }
+ return -1;
+ }
+
+ protected void setFieldAsString(int index, String value) {
+ setFieldAs(index, new KerberosString(value));
+ }
+
+ protected KerberosTime getFieldAsTime(int index) {
+ KerberosTime value = getFieldAs(index, KerberosTime.class);
+ return value;
+ }
+
+ protected void setFieldAsTime(int index, long value) {
+ setFieldAs(index, new KerberosTime(value));
+ }
+
+ protected void setField(int index, KrbEnum krbEnum) {
+ setFieldAsInt(index, krbEnum.getValue());
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/KrbEnum.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/KrbEnum.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/KrbEnum.java
new file mode 100644
index 0000000..5eb184c
--- /dev/null
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/KrbEnum.java
@@ -0,0 +1,24 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.spec;
+
+public interface KrbEnum {
+ public int getValue();
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/KrbIntegers.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/KrbIntegers.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/KrbIntegers.java
new file mode 100644
index 0000000..36fa3f2
--- /dev/null
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/KrbIntegers.java
@@ -0,0 +1,54 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.spec;
+
+import org.apache.kerby.asn1.type.Asn1Integer;
+
+import java.util.ArrayList;
+import java.util.List;
+
+public class KrbIntegers extends KrbSequenceOfType<Asn1Integer> {
+
+ public KrbIntegers() {
+ super();
+ }
+
+ public KrbIntegers(List<Integer> values) {
+ super();
+ setValues(values);
+ }
+
+ public void setValues(List<Integer> values) {
+ clear();
+ if (values != null) {
+ for (Integer value : values) {
+ addElement(new Asn1Integer(value));
+ }
+ }
+ }
+
+ public List<Integer> getValues() {
+ List<Integer> results = new ArrayList<Integer>();
+ for (Asn1Integer value : getElements()) {
+ results.add(value.getValue());
+ }
+ return results;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/KrbSequenceOfType.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/KrbSequenceOfType.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/KrbSequenceOfType.java
new file mode 100644
index 0000000..c4ea121
--- /dev/null
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/KrbSequenceOfType.java
@@ -0,0 +1,43 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.spec;
+
+import org.apache.kerby.asn1.type.Asn1SequenceOf;
+import org.apache.kerby.asn1.type.Asn1String;
+import org.apache.kerby.asn1.type.Asn1Type;
+
+import java.util.ArrayList;
+import java.util.List;
+
+public class KrbSequenceOfType<T extends Asn1Type> extends Asn1SequenceOf<T> {
+
+ public List<String> getAsStrings() {
+ List<T> elements = getElements();
+ List<String> results = new ArrayList<String>();
+ for (T ele : elements) {
+ if (ele instanceof Asn1String) {
+ results.add(((Asn1String) ele).getValue());
+ } else {
+ throw new RuntimeException("The targeted field type isn't of string");
+ }
+ }
+ return results;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/KrbSequenceType.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/KrbSequenceType.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/KrbSequenceType.java
new file mode 100644
index 0000000..4cdb181
--- /dev/null
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/KrbSequenceType.java
@@ -0,0 +1,55 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.spec;
+
+import org.apache.kerby.asn1.type.Asn1FieldInfo;
+import org.apache.kerby.asn1.type.Asn1SequenceType;
+
+public abstract class KrbSequenceType extends Asn1SequenceType {
+
+ public KrbSequenceType(Asn1FieldInfo[] fieldInfos) {
+ super(fieldInfos);
+ }
+
+ protected int getFieldAsInt(int index) {
+ Integer value = getFieldAsInteger(index);
+ if (value != null) {
+ return value.intValue();
+ }
+ return -1;
+ }
+
+ protected void setFieldAsString(int index, String value) {
+ setFieldAs(index, new KerberosString(value));
+ }
+
+ protected KerberosTime getFieldAsTime(int index) {
+ KerberosTime value = getFieldAs(index, KerberosTime.class);
+ return value;
+ }
+
+ protected void setFieldAsTime(int index, long value) {
+ setFieldAs(index, new KerberosTime(value));
+ }
+
+ protected void setField(int index, KrbEnum value) {
+ setFieldAsInt(index, value.getValue());
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/ap/ApOption.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/ap/ApOption.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/ap/ApOption.java
new file mode 100644
index 0000000..4cd9e40
--- /dev/null
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/ap/ApOption.java
@@ -0,0 +1,58 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.spec.ap;
+
+import org.apache.kerby.kerberos.kerb.spec.KrbEnum;
+
+/**
+ APOptions ::= KrbFlags
+ -- reserved(0),
+ -- use-session-key(1),
+ -- mutual-required(2)
+ */
+public enum ApOption implements KrbEnum {
+ NONE(-1),
+ RESERVED(0x80000000),
+ USE_SESSION_KEY(0x40000000),
+ MUTUAL_REQUIRED(0x20000000),
+ ETYPE_NEGOTIATION(0x00000002),
+ USE_SUBKEY(0x00000001);
+
+ private final int value;
+
+ private ApOption(int value) {
+ this.value = value;
+ }
+
+ @Override
+ public int getValue() {
+ return value;
+ }
+
+ public static ApOption fromValue(int value) {
+ for (KrbEnum e : values()) {
+ if (e.getValue() == value) {
+ return (ApOption) e;
+ }
+ }
+
+ return NONE;
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/ap/ApOptions.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/ap/ApOptions.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/ap/ApOptions.java
new file mode 100644
index 0000000..17d69e1
--- /dev/null
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/ap/ApOptions.java
@@ -0,0 +1,33 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.spec.ap;
+
+import org.apache.kerby.kerberos.kerb.spec.common.KrbFlags;
+
+public class ApOptions extends KrbFlags {
+
+ public ApOptions() {
+ this(0);
+ }
+
+ public ApOptions(int value) {
+ setFlags(value);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/ap/ApRep.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/ap/ApRep.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/ap/ApRep.java
new file mode 100644
index 0000000..8da7c7b
--- /dev/null
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/ap/ApRep.java
@@ -0,0 +1,65 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.spec.ap;
+
+import org.apache.kerby.asn1.type.Asn1FieldInfo;
+import org.apache.kerby.asn1.type.Asn1Integer;
+import org.apache.kerby.kerberos.kerb.spec.common.KrbMessage;
+import org.apache.kerby.kerberos.kerb.spec.common.EncryptedData;
+import org.apache.kerby.kerberos.kerb.spec.common.KrbMessageType;
+
+/**
+ AP-REP ::= [APPLICATION 15] SEQUENCE {
+ pvno [0] INTEGER (5),
+ msg-type [1] INTEGER (15),
+ enc-part [2] EncryptedData -- EncAPRepPart
+ }
+ */
+public class ApRep extends KrbMessage {
+ private static int ENC_PART = 2;
+
+ static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new Asn1FieldInfo(PVNO, 0, Asn1Integer.class),
+ new Asn1FieldInfo(MSG_TYPE, 1, Asn1Integer.class),
+ new Asn1FieldInfo(ENC_PART, 2, EncryptedData.class)
+ };
+
+ public ApRep() {
+ super(KrbMessageType.AP_REP, fieldInfos);
+ }
+
+ private EncAPRepPart encRepPart;
+
+ public EncAPRepPart getEncRepPart() {
+ return encRepPart;
+ }
+
+ public void setEncRepPart(EncAPRepPart encRepPart) {
+ this.encRepPart = encRepPart;
+ }
+
+ public EncryptedData getEncryptedEncPart() {
+ return getFieldAs(ENC_PART, EncryptedData.class);
+ }
+
+ public void setEncryptedEncPart(EncryptedData encryptedEncPart) {
+ setFieldAs(ENC_PART, encryptedEncPart);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/ap/ApReq.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/ap/ApReq.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/ap/ApReq.java
new file mode 100644
index 0000000..5a78f6c
--- /dev/null
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/ap/ApReq.java
@@ -0,0 +1,89 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.spec.ap;
+
+import org.apache.kerby.asn1.type.Asn1FieldInfo;
+import org.apache.kerby.asn1.type.Asn1Integer;
+import org.apache.kerby.kerberos.kerb.spec.common.KrbMessage;
+import org.apache.kerby.kerberos.kerb.spec.common.EncryptedData;
+import org.apache.kerby.kerberos.kerb.spec.common.KrbMessageType;
+import org.apache.kerby.kerberos.kerb.spec.ticket.Ticket;
+
+/**
+ AP-REQ ::= [APPLICATION 14] SEQUENCE {
+ pvno [0] INTEGER (5),
+ msg-type [1] INTEGER (14),
+ ap-options [2] APOptions,
+ ticket [3] Ticket,
+ authenticator [4] EncryptedData -- Authenticator
+ }
+ */
+public class ApReq extends KrbMessage {
+ private static int AP_OPTIONS = 2;
+ private static int TICKET = 3;
+ private static int AUTHENTICATOR = 4;
+
+ static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new Asn1FieldInfo(PVNO, Asn1Integer.class),
+ new Asn1FieldInfo(MSG_TYPE, Asn1Integer.class),
+ new Asn1FieldInfo(AP_OPTIONS, ApOptions.class),
+ new Asn1FieldInfo(TICKET, Ticket.class),
+ new Asn1FieldInfo(AUTHENTICATOR, EncryptedData.class)
+ };
+
+ private Authenticator authenticator;
+
+ public ApReq() {
+ super(KrbMessageType.AP_REQ, fieldInfos);
+ }
+
+ public ApOptions getApOptions() {
+ return getFieldAs(AP_OPTIONS, ApOptions.class);
+ }
+
+ public void setApOptions(ApOptions apOptions) {
+ setFieldAs(AP_OPTIONS, apOptions);
+ }
+
+ public Ticket getTicket() {
+ return getFieldAs(TICKET, Ticket.class);
+ }
+
+ public void setTicket(Ticket ticket) {
+ setFieldAs(TICKET, ticket);
+ }
+
+ public Authenticator getAuthenticator() {
+ return authenticator;
+ }
+
+ public void setAuthenticator(Authenticator authenticator) {
+ this.authenticator = authenticator;
+ }
+
+ public EncryptedData getEncryptedAuthenticator() {
+ return getFieldAs(AUTHENTICATOR, EncryptedData.class);
+ }
+
+ public void setEncryptedAuthenticator(EncryptedData encryptedAuthenticator) {
+ setFieldAs(AUTHENTICATOR, encryptedAuthenticator);
+ }
+}
+