You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by er...@apache.org on 2007/05/25 08:10:40 UTC
svn commit: r541561 - in /directory/apacheds/trunk/kerberos-shared/src:
main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/
test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/
Author: erodriguez
Date: Thu May 24 23:10:37 2007
New Revision: 541561
URL: http://svn.apache.org/viewvc?view=rev&rev=541561
Log:
Added checks based on installed JRE to selectively skip various kerberos-shared encryption type-related tests.
Added:
directory/apacheds/trunk/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/VendorHelper.java (with props)
Modified:
directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/KerberosKeyFactory.java
directory/apacheds/trunk/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/AesEncryptionTest.java
directory/apacheds/trunk/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/CipherTextHandlerTest.java
directory/apacheds/trunk/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/Des3CbcSha1KdEncryptionTest.java
directory/apacheds/trunk/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/KerberosKeyFactoryTest.java
directory/apacheds/trunk/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/KeyTypeTest.java
directory/apacheds/trunk/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/RandomKeyFactoryTest.java
Modified: directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/KerberosKeyFactory.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/KerberosKeyFactory.java?view=diff&rev=541561&r1=541560&r2=541561
==============================================================================
--- directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/KerberosKeyFactory.java (original)
+++ directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/KerberosKeyFactory.java Thu May 24 23:10:37 2007
@@ -105,7 +105,9 @@
}
catch ( IllegalArgumentException iae )
{
- // Algorithm AES256 not enabled
+ // Algorithm AES256 not enabled by policy.
+ // Algorithm ArcFourHmac not supported by IBM JREs.
+ // Algorithm DESede not supported by IBM JREs.
}
}
Modified: directory/apacheds/trunk/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/AesEncryptionTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/AesEncryptionTest.java?view=diff&rev=541561&r1=541560&r2=541561
==============================================================================
--- directory/apacheds/trunk/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/AesEncryptionTest.java (original)
+++ directory/apacheds/trunk/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/AesEncryptionTest.java Thu May 24 23:10:37 2007
@@ -62,6 +62,11 @@
*/
public void testFirstAesVector()
{
+ if ( !VendorHelper.isCtsSupported() )
+ {
+ return;
+ }
+
byte[] input =
{ ( byte ) 0x49, ( byte ) 0x20, ( byte ) 0x77, ( byte ) 0x6f, ( byte ) 0x75, ( byte ) 0x6c, ( byte ) 0x64,
( byte ) 0x20, ( byte ) 0x6c, ( byte ) 0x69, ( byte ) 0x6b, ( byte ) 0x65, ( byte ) 0x20,
@@ -85,6 +90,11 @@
*/
public void testLastAesVector()
{
+ if ( !VendorHelper.isCtsSupported() )
+ {
+ return;
+ }
+
byte[] input =
{ ( byte ) 0x49, ( byte ) 0x20, ( byte ) 0x77, ( byte ) 0x6f, ( byte ) 0x75, ( byte ) 0x6c, ( byte ) 0x64,
( byte ) 0x20, ( byte ) 0x6c, ( byte ) 0x69, ( byte ) 0x6b, ( byte ) 0x65, ( byte ) 0x20,
Modified: directory/apacheds/trunk/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/CipherTextHandlerTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/CipherTextHandlerTest.java?view=diff&rev=541561&r1=541560&r2=541561
==============================================================================
--- directory/apacheds/trunk/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/CipherTextHandlerTest.java (original)
+++ directory/apacheds/trunk/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/CipherTextHandlerTest.java Thu May 24 23:10:37 2007
@@ -183,7 +183,8 @@
CipherTextHandler lockBox = new CipherTextHandler();
Class hint = EncryptedTimeStamp.class;
KerberosPrincipal principal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
- KerberosKey kerberosKey = new KerberosKey( principal, "secret".toCharArray(), "DESede" );
+ String algorithm = VendorHelper.getTripleDesAlgorithm();
+ KerberosKey kerberosKey = new KerberosKey( principal, "secret".toCharArray(), algorithm );
EncryptionKey key = new EncryptionKey( EncryptionType.DES3_CBC_SHA1_KD, kerberosKey.getEncoded() );
EncryptedData data = new EncryptedData( EncryptionType.DES3_CBC_SHA1_KD, 0, tripleDesEncryptedTimeStamp );
@@ -211,7 +212,8 @@
{
CipherTextHandler lockBox = new CipherTextHandler();
KerberosPrincipal principal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
- KerberosKey kerberosKey = new KerberosKey( principal, "secret".toCharArray(), "DESede" );
+ String algorithm = VendorHelper.getTripleDesAlgorithm();
+ KerberosKey kerberosKey = new KerberosKey( principal, "secret".toCharArray(), algorithm );
EncryptionKey key = new EncryptionKey( EncryptionType.DES3_CBC_SHA1_KD, kerberosKey.getEncoded() );
String zuluTime = "20070410190400Z";
@@ -252,6 +254,11 @@
*/
public void testAes128GoodPasswordDecrypt()
{
+ if ( !VendorHelper.isCtsSupported() )
+ {
+ return;
+ }
+
CipherTextHandler lockBox = new CipherTextHandler();
Class hint = EncryptedTimeStamp.class;
KerberosPrincipal principal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
@@ -281,6 +288,11 @@
*/
public void testAes128GoodPasswordEncrypt() throws ParseException
{
+ if ( !VendorHelper.isCtsSupported() )
+ {
+ return;
+ }
+
CipherTextHandler lockBox = new CipherTextHandler();
KerberosPrincipal principal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
KerberosKey kerberosKey = new KerberosKey( principal, "secret".toCharArray(), "AES128" );
@@ -324,6 +336,11 @@
*/
public void testAes256GoodPasswordDecrypt()
{
+ if ( !VendorHelper.isCtsSupported() )
+ {
+ return;
+ }
+
CipherTextHandler lockBox = new CipherTextHandler();
Class hint = EncryptedTimeStamp.class;
@@ -365,6 +382,11 @@
*/
public void testAes256GoodPasswordEncrypt() throws ParseException
{
+ if ( !VendorHelper.isCtsSupported() )
+ {
+ return;
+ }
+
CipherTextHandler lockBox = new CipherTextHandler();
KerberosKey kerberosKey;
Modified: directory/apacheds/trunk/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/Des3CbcSha1KdEncryptionTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/Des3CbcSha1KdEncryptionTest.java?view=diff&rev=541561&r1=541560&r2=541561
==============================================================================
--- directory/apacheds/trunk/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/Des3CbcSha1KdEncryptionTest.java (original)
+++ directory/apacheds/trunk/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/Des3CbcSha1KdEncryptionTest.java Thu May 24 23:10:37 2007
@@ -137,7 +137,8 @@
( byte ) 0x37, ( byte ) 0xDC, ( byte ) 0xF7, ( byte ) 0x2C, ( byte ) 0x3E };
KerberosPrincipal principal = new KerberosPrincipal( "raeburn@ATHENA.MIT.EDU" );
- KerberosKey key = new KerberosKey( principal, "password".toCharArray(), "DESede" );
+ String algorithm = VendorHelper.getTripleDesAlgorithm();
+ KerberosKey key = new KerberosKey( principal, "password".toCharArray(), algorithm );
assertEquals( "DESede key length", 24, key.getEncoded().length );
assertTrue( "Key match", Arrays.equals( expectedKey, key.getEncoded() ) );
@@ -156,7 +157,8 @@
( byte ) 0xC1, ( byte ) 0xF7, ( byte ) 0x4F, ( byte ) 0x37, ( byte ) 0x7A };
KerberosPrincipal principal = new KerberosPrincipal( "danny@WHITEHOUSE.GOV" );
- KerberosKey key = new KerberosKey( principal, "potatoe".toCharArray(), "DESede" );
+ String algorithm = VendorHelper.getTripleDesAlgorithm();
+ KerberosKey key = new KerberosKey( principal, "potatoe".toCharArray(), algorithm );
assertEquals( "DESede key length", 24, key.getEncoded().length );
assertTrue( "Key match", Arrays.equals( expectedKey, key.getEncoded() ) );
@@ -175,7 +177,8 @@
( byte ) 0xB6, ( byte ) 0x9D, ( byte ) 0x5D, ( byte ) 0x9D, ( byte ) 0x4A };
KerberosPrincipal principal = new KerberosPrincipal( "buckaroo@EXAMPLE.COM" );
- KerberosKey key = new KerberosKey( principal, "penny".toCharArray(), "DESede" );
+ String algorithm = VendorHelper.getTripleDesAlgorithm();
+ KerberosKey key = new KerberosKey( principal, "penny".toCharArray(), algorithm );
assertEquals( "DESede key length", 24, key.getEncoded().length );
assertTrue( "Key match", Arrays.equals( expectedKey, key.getEncoded() ) );
@@ -187,6 +190,11 @@
*/
public void testTestVectorsTripleDesKerberosKey4()
{
+ if ( VendorHelper.isIbm() )
+ {
+ return;
+ }
+
byte[] expectedKey =
{ ( byte ) 0x16, ( byte ) 0xD5, ( byte ) 0xA4, ( byte ) 0x0E, ( byte ) 0x1C, ( byte ) 0xE3, ( byte ) 0xBA,
( byte ) 0xCB, ( byte ) 0x61, ( byte ) 0xB9, ( byte ) 0xDC, ( byte ) 0xE0, ( byte ) 0x04,
@@ -194,7 +202,8 @@
( byte ) 0xA7, ( byte ) 0xB9, ( byte ) 0x52, ( byte ) 0xFE, ( byte ) 0xB0 };
KerberosPrincipal principal = new KerberosPrincipal( "Juri\u0161i\u0107@ATHENA.MIT.EDU" );
- KerberosKey key = new KerberosKey( principal, "\u00DF".toCharArray(), "DESede" );
+ String algorithm = VendorHelper.getTripleDesAlgorithm();
+ KerberosKey key = new KerberosKey( principal, "\u00DF".toCharArray(), algorithm );
assertEquals( "DESede key length", 24, key.getEncoded().length );
assertTrue( "Key match", Arrays.equals( expectedKey, key.getEncoded() ) );
@@ -206,6 +215,11 @@
*/
public void testTestVectorsTripleDesKerberosKey5()
{
+ if ( VendorHelper.isIbm() )
+ {
+ return;
+ }
+
byte[] expectedKey =
{ ( byte ) 0x85, ( byte ) 0x76, ( byte ) 0x37, ( byte ) 0x26, ( byte ) 0x58, ( byte ) 0x5D, ( byte ) 0xBC,
( byte ) 0x1C, ( byte ) 0xCE, ( byte ) 0x6E, ( byte ) 0xC4, ( byte ) 0x3E, ( byte ) 0x1F,
@@ -213,7 +227,8 @@
( byte ) 0xB0, ( byte ) 0x98, ( byte ) 0xF4, ( byte ) 0x0B, ( byte ) 0x19 };
KerberosPrincipal principal = new KerberosPrincipal( "pianist@EXAMPLE.COM" );
- KerberosKey key = new KerberosKey( principal, "\uD834\uDD1E".toCharArray(), "DESede" );
+ String algorithm = VendorHelper.getTripleDesAlgorithm();
+ KerberosKey key = new KerberosKey( principal, "\uD834\uDD1E".toCharArray(), algorithm );
assertEquals( "DESede key length", 24, key.getEncoded().length );
assertTrue( "Key match", Arrays.equals( expectedKey, key.getEncoded() ) );
Modified: directory/apacheds/trunk/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/KerberosKeyFactoryTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/KerberosKeyFactoryTest.java?view=diff&rev=541561&r1=541560&r2=541561
==============================================================================
--- directory/apacheds/trunk/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/KerberosKeyFactoryTest.java (original)
+++ directory/apacheds/trunk/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/KerberosKeyFactoryTest.java Thu May 24 23:10:37 2007
@@ -60,7 +60,8 @@
public void testTripleDesKerberosKey()
{
KerberosPrincipal principal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
- KerberosKey key = new KerberosKey( principal, "secret".toCharArray(), "DESede" );
+ String algorithm = VendorHelper.getTripleDesAlgorithm();
+ KerberosKey key = new KerberosKey( principal, "secret".toCharArray(), algorithm );
assertEquals( "DESede key length", 24, key.getEncoded().length );
}
@@ -71,6 +72,11 @@
*/
public void testArcFourHmacKerberosKey()
{
+ if ( !VendorHelper.isArcFourHmacSupported() )
+ {
+ return;
+ }
+
KerberosPrincipal principal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
KerberosKey key = new KerberosKey( principal, "secret".toCharArray(), "ArcFourHmac" );
@@ -111,10 +117,198 @@
/**
- * Tests that key derivation can be performed by the factory for multiple cipher types.
+ * Tests that key derivation can be performed by the factory for the des-cbc-md5 encryption type.
+ */
+ public void testKerberosKeyFactoryOnlyDes()
+ {
+ String principalName = "hnelson@EXAMPLE.COM";
+ String passPhrase = "secret";
+
+ Set<EncryptionType> encryptionTypes = new HashSet<EncryptionType>();
+ encryptionTypes.add( EncryptionType.DES_CBC_MD5 );
+
+ Map<EncryptionType, EncryptionKey> map = KerberosKeyFactory.getKerberosKeys( principalName, passPhrase,
+ encryptionTypes );
+
+ assertEquals( "List length", 1, map.values().size() );
+
+ EncryptionKey kerberosKey = map.get( EncryptionType.DES_CBC_MD5 );
+
+ EncryptionType keyType = kerberosKey.getKeyType();
+ int keyLength = kerberosKey.getKeyValue().length;
+ byte[] keyBytes = kerberosKey.getKeyValue();
+
+ assertEquals( keyType, EncryptionType.DES_CBC_MD5 );
+ assertEquals( keyLength, 8 );
+ byte[] expectedBytes = new byte[]
+ { ( byte ) 0xF4, ( byte ) 0xA7, ( byte ) 0x13, ( byte ) 0x64, ( byte ) 0x8A, ( byte ) 0x61, ( byte ) 0xCE,
+ ( byte ) 0x5B };
+ assertTrue( Arrays.equals( expectedBytes, keyBytes ) );
+ }
+
+
+ /**
+ * Tests that key derivation can be performed by the factory for the des3-cbc-sha1-kd encryption type.
+ */
+ public void testKerberosKeyFactoryOnlyTripleDes()
+ {
+ if ( !VendorHelper.isTripleDesSupported() )
+ {
+ return;
+ }
+
+ String principalName = "hnelson@EXAMPLE.COM";
+ String passPhrase = "secret";
+
+ Set<EncryptionType> encryptionTypes = new HashSet<EncryptionType>();
+ encryptionTypes.add( EncryptionType.DES3_CBC_SHA1_KD );
+
+ Map<EncryptionType, EncryptionKey> map = KerberosKeyFactory.getKerberosKeys( principalName, passPhrase,
+ encryptionTypes );
+
+ assertEquals( "List length", 1, map.values().size() );
+
+ EncryptionKey kerberosKey = map.get( EncryptionType.DES3_CBC_SHA1_KD );
+
+ EncryptionType keyType = kerberosKey.getKeyType();
+ int keyLength = kerberosKey.getKeyValue().length;
+ byte[] keyBytes = kerberosKey.getKeyValue();
+
+ assertEquals( keyType, EncryptionType.DES3_CBC_SHA1_KD );
+ assertEquals( keyLength, 24 );
+ byte[] expectedBytes = new byte[]
+ { ( byte ) 0x57, ( byte ) 0x07, ( byte ) 0xCE, ( byte ) 0x29, ( byte ) 0x52, ( byte ) 0x92, ( byte ) 0x2C,
+ ( byte ) 0x1C, ( byte ) 0x8C, ( byte ) 0xBF, ( byte ) 0x43, ( byte ) 0xC2, ( byte ) 0x3D,
+ ( byte ) 0x8F, ( byte ) 0x8C, ( byte ) 0x5E, ( byte ) 0x9E, ( byte ) 0x8C, ( byte ) 0xF7,
+ ( byte ) 0x5D, ( byte ) 0x3E, ( byte ) 0x4A, ( byte ) 0x5E, ( byte ) 0x25 };
+ assertTrue( Arrays.equals( expectedBytes, keyBytes ) );
+ }
+
+
+ /**
+ * Tests that key derivation can be performed by the factory for the rc4-hmac encryption type.
+ */
+ public void testKerberosKeyFactoryOnlyArcFourHmac()
+ {
+ if ( !VendorHelper.isArcFourHmacSupported() )
+ {
+ return;
+ }
+
+ String principalName = "hnelson@EXAMPLE.COM";
+ String passPhrase = "secret";
+
+ Set<EncryptionType> encryptionTypes = new HashSet<EncryptionType>();
+ encryptionTypes.add( EncryptionType.RC4_HMAC );
+
+ Map<EncryptionType, EncryptionKey> map = KerberosKeyFactory.getKerberosKeys( principalName, passPhrase,
+ encryptionTypes );
+
+ assertEquals( "List length", 1, map.values().size() );
+
+ EncryptionKey kerberosKey = map.get( EncryptionType.RC4_HMAC );
+
+ EncryptionType keyType = kerberosKey.getKeyType();
+ int keyLength = kerberosKey.getKeyValue().length;
+ byte[] keyBytes = kerberosKey.getKeyValue();
+
+ assertEquals( keyType, EncryptionType.RC4_HMAC );
+ assertEquals( keyLength, 16 );
+ byte[] expectedBytes = new byte[]
+ { ( byte ) 0x87, ( byte ) 0x8D, ( byte ) 0x80, ( byte ) 0x14, ( byte ) 0x60, ( byte ) 0x6C, ( byte ) 0xDA,
+ ( byte ) 0x29, ( byte ) 0x67, ( byte ) 0x7A, ( byte ) 0x44, ( byte ) 0xEF, ( byte ) 0xA1,
+ ( byte ) 0x35, ( byte ) 0x3F, ( byte ) 0xC7 };
+ assertTrue( Arrays.equals( expectedBytes, keyBytes ) );
+ }
+
+
+ /**
+ * Tests that key derivation can be performed by the factory for the aes128-cts-hmac-sha1-96 encryption type.
+ */
+ public void testKerberosKeyFactoryOnlyAes128()
+ {
+ if ( VendorHelper.isIbm() )
+ {
+ return;
+ }
+
+ String principalName = "hnelson@EXAMPLE.COM";
+ String passPhrase = "secret";
+
+ Set<EncryptionType> encryptionTypes = new HashSet<EncryptionType>();
+ encryptionTypes.add( EncryptionType.AES128_CTS_HMAC_SHA1_96 );
+
+ Map<EncryptionType, EncryptionKey> map = KerberosKeyFactory.getKerberosKeys( principalName, passPhrase,
+ encryptionTypes );
+
+ assertEquals( "List length", 1, map.values().size() );
+
+ EncryptionKey kerberosKey = map.get( EncryptionType.AES128_CTS_HMAC_SHA1_96 );
+
+ EncryptionType keyType = kerberosKey.getKeyType();
+ int keyLength = kerberosKey.getKeyValue().length;
+ byte[] keyBytes = kerberosKey.getKeyValue();
+
+ assertEquals( keyType, EncryptionType.AES128_CTS_HMAC_SHA1_96 );
+ assertEquals( keyLength, 16 );
+ byte[] expectedBytes = new byte[]
+ { ( byte ) 0xAD, ( byte ) 0x21, ( byte ) 0x4B, ( byte ) 0x38, ( byte ) 0xB6, ( byte ) 0x9D, ( byte ) 0xFC,
+ ( byte ) 0xCA, ( byte ) 0xAC, ( byte ) 0xF1, ( byte ) 0x5F, ( byte ) 0x34, ( byte ) 0x6D,
+ ( byte ) 0x41, ( byte ) 0x7B, ( byte ) 0x90 };
+
+ assertTrue( Arrays.equals( expectedBytes, keyBytes ) );
+ }
+
+
+ /**
+ * Tests that key derivation can be performed by the factory for the aes256-cts-hmac-sha1-96 encryption type.
+ */
+ public void testKerberosKeyFactoryOnlyAes256()
+ {
+ if ( VendorHelper.isIbm() )
+ {
+ return;
+ }
+
+ String principalName = "hnelson@EXAMPLE.COM";
+ String passPhrase = "secret";
+
+ Set<EncryptionType> encryptionTypes = new HashSet<EncryptionType>();
+ encryptionTypes.add( EncryptionType.AES256_CTS_HMAC_SHA1_96 );
+
+ Map<EncryptionType, EncryptionKey> map = KerberosKeyFactory.getKerberosKeys( principalName, passPhrase,
+ encryptionTypes );
+
+ assertEquals( "List length", 1, map.values().size() );
+
+ EncryptionKey kerberosKey = map.get( EncryptionType.AES256_CTS_HMAC_SHA1_96 );
+
+ EncryptionType keyType = kerberosKey.getKeyType();
+ int keyLength = kerberosKey.getKeyValue().length;
+ byte[] keyBytes = kerberosKey.getKeyValue();
+
+ assertEquals( keyType, EncryptionType.AES256_CTS_HMAC_SHA1_96 );
+ assertEquals( keyLength, 32 );
+ byte[] expectedBytes = new byte[]
+ { ( byte ) 0x3D, ( byte ) 0x33, ( byte ) 0x31, ( byte ) 0x8F, ( byte ) 0xBE, ( byte ) 0x47, ( byte ) 0xE5,
+ ( byte ) 0x2A, ( byte ) 0x21, ( byte ) 0x50, ( byte ) 0x77, ( byte ) 0xA4, ( byte ) 0x15,
+ ( byte ) 0x58, ( byte ) 0xCA, ( byte ) 0xE7, ( byte ) 0x36, ( byte ) 0x50, ( byte ) 0x1F,
+ ( byte ) 0xA7, ( byte ) 0xA4, ( byte ) 0x85, ( byte ) 0x82, ( byte ) 0x05, ( byte ) 0xF6,
+ ( byte ) 0x8F, ( byte ) 0x67, ( byte ) 0xA2, ( byte ) 0xB5, ( byte ) 0xEA, ( byte ) 0x0E, ( byte ) 0xBF };
+ assertTrue( Arrays.equals( expectedBytes, keyBytes ) );
+ }
+
+
+ /**
+ * Tests that key derivation can be performed by the factory for multiple encryption types.
*/
public void testKerberosKeyFactory()
{
+ if ( VendorHelper.isIbm() )
+ {
+ return;
+ }
+
String principalName = "hnelson@EXAMPLE.COM";
String passPhrase = "secret";
@@ -192,36 +386,5 @@
( byte ) 0x0E, ( byte ) 0xBF };
assertTrue( Arrays.equals( expectedBytes, keyBytes ) );
}
- }
-
-
- /**
- * Tests that key derivation can be performed by the factory for a specified cipher type.
- */
- public void testKerberosKeyFactoryOnlyDes()
- {
- String principalName = "hnelson@EXAMPLE.COM";
- String passPhrase = "secret";
-
- Set<EncryptionType> encryptionTypes = new HashSet<EncryptionType>();
- encryptionTypes.add( EncryptionType.DES_CBC_MD5 );
-
- Map<EncryptionType, EncryptionKey> map = KerberosKeyFactory.getKerberosKeys( principalName, passPhrase,
- encryptionTypes );
-
- assertEquals( "List length", 1, map.values().size() );
-
- EncryptionKey kerberosKey = map.get( EncryptionType.DES_CBC_MD5 );
-
- EncryptionType keyType = kerberosKey.getKeyType();
- int keyLength = kerberosKey.getKeyValue().length;
- byte[] keyBytes = kerberosKey.getKeyValue();
-
- assertEquals( keyType, EncryptionType.DES_CBC_MD5 );
- assertEquals( keyLength, 8 );
- byte[] expectedBytes = new byte[]
- { ( byte ) 0xF4, ( byte ) 0xA7, ( byte ) 0x13, ( byte ) 0x64, ( byte ) 0x8A, ( byte ) 0x61, ( byte ) 0xCE,
- ( byte ) 0x5B };
- assertTrue( Arrays.equals( expectedBytes, keyBytes ) );
}
}
Modified: directory/apacheds/trunk/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/KeyTypeTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/KeyTypeTest.java?view=diff&rev=541561&r1=541560&r2=541561
==============================================================================
--- directory/apacheds/trunk/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/KeyTypeTest.java (original)
+++ directory/apacheds/trunk/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/KeyTypeTest.java Thu May 24 23:10:37 2007
@@ -21,6 +21,7 @@
import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.Security;
import java.util.Arrays;
@@ -184,9 +185,16 @@
SecretKey key = keyGenerator.generateKey();
- Cipher ecipher = Cipher.getInstance( "AES/CTS/NoPadding" );
- ecipher.init( Cipher.ENCRYPT_MODE, key );
- assertEquals( "Block size", 16, ecipher.getBlockSize() );
+ try
+ {
+ Cipher ecipher = Cipher.getInstance( "AES/CTS/NoPadding" );
+ ecipher.init( Cipher.ENCRYPT_MODE, key );
+ assertEquals( "Block size", 16, ecipher.getBlockSize() );
+ }
+ catch ( NoSuchAlgorithmException nsae )
+ {
+ // Without CTS mode this will throw an Exception.
+ }
}
@@ -213,6 +221,10 @@
{
// Without unlimited-strength crypto this will throw an exception.
}
+ catch ( NoSuchAlgorithmException nsae )
+ {
+ // Without CTS mode this will throw an Exception.
+ }
}
@@ -283,6 +295,7 @@
}
}
}
+
return ( String[] ) result.toArray( new String[result.size()] );
}
}
Modified: directory/apacheds/trunk/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/RandomKeyFactoryTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/RandomKeyFactoryTest.java?view=diff&rev=541561&r1=541560&r2=541561
==============================================================================
--- directory/apacheds/trunk/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/RandomKeyFactoryTest.java (original)
+++ directory/apacheds/trunk/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/RandomKeyFactoryTest.java Thu May 24 23:10:37 2007
@@ -104,6 +104,11 @@
*/
public void testGenerateArcFourKey() throws Exception
{
+ if ( !VendorHelper.isArcFourHmacSupported() )
+ {
+ return;
+ }
+
KeyGenerator keygen = KeyGenerator.getInstance( "ARCFOUR" );
SecretKey key = keygen.generateKey();
assertEquals( "ARCFOUR key size", 16, key.getEncoded().length );
@@ -117,6 +122,11 @@
*/
public void testGenerateRc4Key() throws Exception
{
+ if ( !VendorHelper.isArcFourHmacSupported() )
+ {
+ return;
+ }
+
KeyGenerator keygen = KeyGenerator.getInstance( "RC4" );
SecretKey key = keygen.generateKey();
assertEquals( "RC4 key size", 16, key.getEncoded().length );
@@ -151,8 +161,11 @@
keyType = kerberosKey.getKeyType();
keyLength = kerberosKey.getKeyValue().length;
- assertEquals( keyType, EncryptionType.RC4_HMAC );
- assertEquals( keyLength, 16 );
+ if ( VendorHelper.isArcFourHmacSupported() )
+ {
+ assertEquals( keyType, EncryptionType.RC4_HMAC );
+ assertEquals( keyLength, 16 );
+ }
kerberosKey = map.get( EncryptionType.AES128_CTS_HMAC_SHA1_96 );
keyType = kerberosKey.getKeyType();
Added: directory/apacheds/trunk/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/VendorHelper.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/VendorHelper.java?view=auto&rev=541561
==============================================================================
--- directory/apacheds/trunk/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/VendorHelper.java (added)
+++ directory/apacheds/trunk/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/VendorHelper.java Thu May 24 23:10:37 2007
@@ -0,0 +1,70 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.server.kerberos.shared.crypto.encryption;
+
+
+/**
+ * Helper for determining whether various ciphers are supported by the JRE. For now
+ * determinations are based solely on JRE vendor.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev$, $Date$
+ */
+public class VendorHelper
+{
+ private static final String vendor = System.getProperty( "java.vendor" ).toLowerCase();
+
+
+ static String getTripleDesAlgorithm()
+ {
+ if ( isIbm() )
+ {
+ return "3DES";
+ }
+ else
+ {
+ return "DESede";
+ }
+ }
+
+
+ static boolean isCtsSupported()
+ {
+ return vendor.contains( "sun" );
+ }
+
+
+ static boolean isArcFourHmacSupported()
+ {
+ return vendor.contains( "sun" );
+ }
+
+
+ static boolean isTripleDesSupported()
+ {
+ return vendor.contains( "sun" );
+ }
+
+
+ static boolean isIbm()
+ {
+ return vendor.contains( "ibm" );
+ }
+}
Propchange: directory/apacheds/trunk/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/VendorHelper.java
------------------------------------------------------------------------------
svn:eol-style = native