You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by el...@apache.org on 2013/02/13 09:36:24 UTC

svn commit: r1445498 - /directory/apacheds/trunk/kerberos-client/src/test/java/org/apache/directory/kerberos/client/KerberosConnectionTest.java

Author: elecharny
Date: Wed Feb 13 08:36:23 2013
New Revision: 1445498

URL: http://svn.apache.org/r1445498
Log:
Added a test to check that the ticket can be granted after a password change

Modified:
    directory/apacheds/trunk/kerberos-client/src/test/java/org/apache/directory/kerberos/client/KerberosConnectionTest.java

Modified: directory/apacheds/trunk/kerberos-client/src/test/java/org/apache/directory/kerberos/client/KerberosConnectionTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-client/src/test/java/org/apache/directory/kerberos/client/KerberosConnectionTest.java?rev=1445498&r1=1445497&r2=1445498&view=diff
==============================================================================
--- directory/apacheds/trunk/kerberos-client/src/test/java/org/apache/directory/kerberos/client/KerberosConnectionTest.java (original)
+++ directory/apacheds/trunk/kerberos-client/src/test/java/org/apache/directory/kerberos/client/KerberosConnectionTest.java Wed Feb 13 08:36:23 2013
@@ -23,7 +23,12 @@ package org.apache.directory.kerberos.cl
 
 import javax.security.auth.kerberos.KerberosPrincipal;
 
+import org.apache.directory.api.ldap.model.entry.DefaultModification;
+import org.apache.directory.api.ldap.model.entry.ModificationOperation;
+import org.apache.directory.ldap.client.api.LdapConnection;
+import org.apache.directory.ldap.client.api.LdapNetworkConnection;
 import org.apache.directory.server.annotations.CreateKdcServer;
+import org.apache.directory.server.annotations.CreateLdapServer;
 import org.apache.directory.server.annotations.CreateTransport;
 import org.apache.directory.server.core.annotations.ApplyLdifs;
 import org.apache.directory.server.core.annotations.ContextEntry;
@@ -52,89 +57,113 @@ import org.junit.runner.RunWith;
                 suffix = "dc=example,dc=com",
                 contextEntry = @ContextEntry(
                     entryLdif =
-                        "dn: dc=example,dc=com\n" +
-                            "dc: example\n" +
-                            "objectClass: top\n" +
-                            "objectClass: domain\n\n"),
+                    "dn: dc=example,dc=com\n" +
+                        "dc: example\n" +
+                        "objectClass: top\n" +
+                        "objectClass: domain\n\n"),
                 indexes =
-                {
-                    @CreateIndex(attribute = "ou")
+                    {
+                        @CreateIndex(attribute = "ou")
                 })
-        },
-        additionalInterceptors =
+    },
+    additionalInterceptors =
         {
-                KeyDerivationInterceptor.class
-        })
+            KeyDerivationInterceptor.class
+    })
 @CreateKdcServer(
     transports =
-    {
-        @CreateTransport(protocol = "UDP", port = 6088),
-        @CreateTransport(protocol = "TCP", port = 6088)
+        {
+            @CreateTransport(protocol = "UDP", port = 6088),
+            @CreateTransport(protocol = "TCP", port = 6088)
+    })
+@CreateLdapServer(
+    transports =
+        {
+            @CreateTransport(protocol = "LDAP", port = 10389),
+            @CreateTransport(protocol = "LDAPS", port = 10636)
     })
 @ApplyLdifs(
- {
-    "dn: ou=Users,dc=example,dc=com",
-    "objectClass: organizationalUnit",
-    "objectClass: top",
-    "ou: Users",
-
-    "dn: uid=hnelson,ou=Users,dc=example,dc=com",
-    "objectClass: top",
-    "objectClass: person",
-    "objectClass: inetOrgPerson",
-    "objectClass: krb5principal",
-    "objectClass: krb5kdcentry",
-    "cn: Horatio Nelson",
-    "sn: Nelson",
-    "uid: hnelson",
-    "userPassword: secret",
-    "krb5PrincipalName: hnelson@EXAMPLE.COM",
-    "krb5KeyVersionNumber: 0",
-    
-    "dn: uid=krbtgt,ou=Users,dc=example,dc=com",
-    "objectClass: top",
-    "objectClass: person",
-    "objectClass: inetOrgPerson",
-    "objectClass: krb5principal",
-    "objectClass: krb5kdcentry",
-    "cn: KDC Service",
-    "sn: Service",
-    "uid: krbtgt",
-    "userPassword: secret",
-    "krb5PrincipalName: krbtgt/EXAMPLE.COM@EXAMPLE.COM",
-    "krb5KeyVersionNumber: 0",
-    
-    "dn: uid=ldap,ou=Users,dc=example,dc=com",
-    "objectClass: top",
-    "objectClass: person",
-    "objectClass: inetOrgPerson",
-    "objectClass: krb5principal",
-    "objectClass: krb5kdcentry",
-    "cn: LDAP",
-    "sn: Service",
-    "uid: ldap",
-    "userPassword: randall",
-    "krb5PrincipalName: ldap/localhost@EXAMPLE.COM",
-    "krb5KeyVersionNumber: 0"
- })
+    {
+        "dn: ou=Users,dc=example,dc=com",
+        "objectClass: organizationalUnit",
+        "objectClass: top",
+        "ou: Users",
+
+        "dn: uid=hnelson,ou=Users,dc=example,dc=com",
+        "objectClass: top",
+        "objectClass: person",
+        "objectClass: inetOrgPerson",
+        "objectClass: krb5principal",
+        "objectClass: krb5kdcentry",
+        "cn: Horatio Nelson",
+        "sn: Nelson",
+        "uid: hnelson",
+        "userPassword: secret",
+        "krb5PrincipalName: hnelson@EXAMPLE.COM",
+        "krb5KeyVersionNumber: 0",
+
+        "dn: uid=krbtgt,ou=Users,dc=example,dc=com",
+        "objectClass: top",
+        "objectClass: person",
+        "objectClass: inetOrgPerson",
+        "objectClass: krb5principal",
+        "objectClass: krb5kdcentry",
+        "cn: KDC Service",
+        "sn: Service",
+        "uid: krbtgt",
+        "userPassword: secret",
+        "krb5PrincipalName: krbtgt/EXAMPLE.COM@EXAMPLE.COM",
+        "krb5KeyVersionNumber: 0",
+
+        "dn: uid=ldap,ou=Users,dc=example,dc=com",
+        "objectClass: top",
+        "objectClass: person",
+        "objectClass: inetOrgPerson",
+        "objectClass: krb5principal",
+        "objectClass: krb5kdcentry",
+        "cn: LDAP",
+        "sn: Service",
+        "uid: ldap",
+        "userPassword: randall",
+        "krb5PrincipalName: ldap/localhost@EXAMPLE.COM",
+        "krb5KeyVersionNumber: 0"
+})
 public class KerberosConnectionTest extends AbstractLdapTestUnit
 {
-    private KerberosConnection connection;
+    private KerberosConnection kerberosConnection;
+    private LdapConnection ldapConnection;
     
     private KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
     
     private KerberosPrincipal serverPrincipal = new KerberosPrincipal( "krbtgt/EXAMPLE.COM@EXAMPLE.COM" );
     
+    
     @Before
-    public void createConnection()
+    public void createConnection() throws Exception
     {
-        connection = new KerberosConnection( "localhost", 6088 );
-        connection.connect();
+        kerberosConnection = new KerberosConnection( "localhost", 6088 );
+        kerberosConnection.connect();
+        ldapConnection = new LdapNetworkConnection( "localhost", 10389 );
+        ldapConnection.setTimeOut( 0L );
+        ldapConnection.connect();
     }
     
+    
     @Test
     public void testGetTgt() throws Exception
     {
-        connection.getTicketGrantingTicket( clientPrincipal, serverPrincipal, "secret", new ClientRequestOptions() );
+        kerberosConnection.getTicketGrantingTicket( clientPrincipal, serverPrincipal, "secret", new ClientRequestOptions() );
+    }
+    
+    
+    @Test
+    public void testGetTgtAfterPasswordChange() throws Exception
+    {
+        ldapConnection.bind( "uid=admin,ou=system", "secret" );
+        ldapConnection.modify( "uid=hnelson,ou=Users,dc=example,dc=com",
+            new DefaultModification( ModificationOperation.REPLACE_ATTRIBUTE, "userPassword", "otherSecret" ) );
+    
+        kerberosConnection.getTicketGrantingTicket( clientPrincipal, serverPrincipal, "otherSecret",
+            new ClientRequestOptions() );
     }
 }