You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by el...@apache.org on 2013/02/07 09:57:04 UTC
svn commit: r1443360 - in /directory/apacheds/trunk/kerberos-client: ./
.settings/ src/ src/main/ src/main/java/ src/main/java/org/
src/main/java/org/apache/ src/main/java/org/apache/directory/
src/main/java/org/apache/directory/kerberos/ src/main/java...
Author: elecharny
Date: Thu Feb 7 08:57:03 2013
New Revision: 1443360
URL: http://svn.apache.org/viewvc?rev=1443360&view=rev
Log:
Added the kerberos client to the apacheds code base
Added:
directory/apacheds/trunk/kerberos-client/ (with props)
directory/apacheds/trunk/kerberos-client/.classpath
directory/apacheds/trunk/kerberos-client/.project
directory/apacheds/trunk/kerberos-client/.settings/
directory/apacheds/trunk/kerberos-client/.settings/org.eclipse.jdt.core.prefs
directory/apacheds/trunk/kerberos-client/pom.xml
directory/apacheds/trunk/kerberos-client/src/
directory/apacheds/trunk/kerberos-client/src/main/
directory/apacheds/trunk/kerberos-client/src/main/java/
directory/apacheds/trunk/kerberos-client/src/main/java/org/
directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/
directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/
directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/
directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/client/
directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/client/ClientRequestOptions.java
directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/client/KerberosConnection.java
directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/client/ReplyFuture.java
directory/apacheds/trunk/kerberos-client/src/test/
directory/apacheds/trunk/kerberos-client/src/test/java/
directory/apacheds/trunk/kerberos-client/src/test/java/org/
directory/apacheds/trunk/kerberos-client/src/test/java/org/apache/
directory/apacheds/trunk/kerberos-client/src/test/java/org/apache/directory/
directory/apacheds/trunk/kerberos-client/src/test/java/org/apache/directory/kerberos/
directory/apacheds/trunk/kerberos-client/src/test/java/org/apache/directory/kerberos/client/
directory/apacheds/trunk/kerberos-client/src/test/java/org/apache/directory/kerberos/client/KerberosConnectionTest.java
directory/apacheds/trunk/kerberos-client/src/test/resources/
directory/apacheds/trunk/kerberos-client/src/test/resources/log4j.properties
Propchange: directory/apacheds/trunk/kerberos-client/
------------------------------------------------------------------------------
--- svn:ignore (added)
+++ svn:ignore Thu Feb 7 08:57:03 2013
@@ -0,0 +1,9 @@
+.classpath
+.project
+.settings
+target
+bin
+META-INF
+*.log
+*.ipr
+*.iml
Added: directory/apacheds/trunk/kerberos-client/.classpath
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-client/.classpath?rev=1443360&view=auto
==============================================================================
--- directory/apacheds/trunk/kerberos-client/.classpath (added)
+++ directory/apacheds/trunk/kerberos-client/.classpath Thu Feb 7 08:57:03 2013
@@ -0,0 +1,124 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<classpath>
+ <classpathentry kind="src" path="src/test/java" output="target/test-classes" including="**/*.java"/>
+ <classpathentry kind="src" path="src/test/resources" output="target/test-classes" excluding="**/*.java"/>
+ <classpathentry kind="src" path="src/main/java" including="**/*.java"/>
+ <classpathentry kind="src" path="target/maven-shared-archive-resources" excluding="**/*.java"/>
+ <classpathentry kind="output" path="target/classes"/>
+ <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.6"/>
+ <classpathentry kind="var" path="M2_REPO/org/apache/directory/junit/junit-addons/0.1/junit-addons-0.1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/junit/junit/4.11/junit-4.11.jar" sourcepath="M2_REPO/junit/junit/4.11/junit-4.11-sources.jar">
+ <attributes>
+ <attribute value="jar:file:/Users/elecharny/.m2/repository/junit/junit/4.11/junit-4.11-javadoc.jar!/" name="javadoc_location"/>
+ </attributes>
+ </classpathentry>
+ <classpathentry kind="var" path="M2_REPO/org/hamcrest/hamcrest-core/1.3/hamcrest-core-1.3.jar" sourcepath="M2_REPO/org/hamcrest/hamcrest-core/1.3/hamcrest-core-1.3-sources.jar">
+ <attributes>
+ <attribute value="jar:file:/Users/elecharny/.m2/repository/org/hamcrest/hamcrest-core/1.3/hamcrest-core-1.3-javadoc.jar!/" name="javadoc_location"/>
+ </attributes>
+ </classpathentry>
+ <classpathentry kind="src" path="/apacheds-kerberos-codec"/>
+ <classpathentry kind="src" path="/apacheds-core-api"/>
+ <classpathentry kind="var" path="M2_REPO/commons-lang/commons-lang/2.6/commons-lang-2.6.jar" sourcepath="M2_REPO/commons-lang/commons-lang/2.6/commons-lang-2.6-sources.jar">
+ <attributes>
+ <attribute value="jar:file:/Users/elecharny/.m2/repository/commons-lang/commons-lang/2.6/commons-lang-2.6-javadoc.jar!/" name="javadoc_location"/>
+ </attributes>
+ </classpathentry>
+ <classpathentry kind="src" path="/apacheds-core-constants"/>
+ <classpathentry kind="var" path="M2_REPO/org/slf4j/slf4j-api/1.7.2/slf4j-api-1.7.2.jar" sourcepath="M2_REPO/org/slf4j/slf4j-api/1.7.2/slf4j-api-1.7.2-sources.jar">
+ <attributes>
+ <attribute value="jar:file:/Users/elecharny/.m2/repository/org/slf4j/slf4j-api/1.7.2/slf4j-api-1.7.2-javadoc.jar!/" name="javadoc_location"/>
+ </attributes>
+ </classpathentry>
+ <classpathentry kind="src" path="/apacheds-i18n"/>
+ <classpathentry kind="src" path="/api-i18n"/>
+ <classpathentry kind="src" path="/api-asn1-api"/>
+ <classpathentry kind="src" path="/api-ldap-client-api"/>
+ <classpathentry kind="src" path="/api-ldap-schema-data"/>
+ <classpathentry kind="src" path="/api-ldap-model"/>
+ <classpathentry kind="src" path="/api-util"/>
+ <classpathentry kind="src" path="/api-asn1-ber"/>
+ <classpathentry kind="var" path="M2_REPO/org/apache/mina/mina-core/2.0.7/mina-core-2.0.7.jar" sourcepath="M2_REPO/org/apache/mina/mina-core/2.0.7/mina-core-2.0.7-sources.jar">
+ <attributes>
+ <attribute value="jar:file:/Users/elecharny/.m2/repository/org/apache/mina/mina-core/2.0.7/mina-core-2.0.7-javadoc.jar!/" name="javadoc_location"/>
+ </attributes>
+ </classpathentry>
+ <classpathentry kind="var" path="M2_REPO/antlr/antlr/2.7.7/antlr-2.7.7.jar"/>
+ <classpathentry kind="var" path="M2_REPO/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar" sourcepath="M2_REPO/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1-sources.jar">
+ <attributes>
+ <attribute value="jar:file:/Users/elecharny/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1-javadoc.jar!/" name="javadoc_location"/>
+ </attributes>
+ </classpathentry>
+ <classpathentry kind="src" path="/api-ldap-codec-core"/>
+ <classpathentry kind="var" path="M2_REPO/commons-pool/commons-pool/1.6/commons-pool-1.6.jar" sourcepath="M2_REPO/commons-pool/commons-pool/1.6/commons-pool-1.6-sources.jar">
+ <attributes>
+ <attribute value="jar:file:/Users/elecharny/.m2/repository/commons-pool/commons-pool/1.6/commons-pool-1.6-javadoc.jar!/" name="javadoc_location"/>
+ </attributes>
+ </classpathentry>
+ <classpathentry kind="src" path="/api-ldap-extras-aci"/>
+ <classpathentry kind="src" path="/api-ldap-extras-util"/>
+ <classpathentry kind="var" path="M2_REPO/net/sf/ehcache/ehcache-core/2.4.4/ehcache-core-2.4.4.jar" sourcepath="M2_REPO/net/sf/ehcache/ehcache-core/2.4.4/ehcache-core-2.4.4-sources.jar">
+ <attributes>
+ <attribute value="jar:file:/Users/elecharny/.m2/repository/net/sf/ehcache/ehcache-core/2.4.4/ehcache-core-2.4.4-javadoc.jar!/" name="javadoc_location"/>
+ </attributes>
+ </classpathentry>
+ <classpathentry kind="src" path="/apacheds-protocol-shared"/>
+ <classpathentry kind="src" path="/apacheds-core-annotations"/>
+ <classpathentry kind="src" path="/apacheds-core"/>
+ <classpathentry kind="src" path="/apacheds-core-shared"/>
+ <classpathentry kind="src" path="/api-ldap-extras-codec-api"/>
+ <classpathentry kind="src" path="/apacheds-interceptors-admin"/>
+ <classpathentry kind="src" path="/apacheds-interceptors-authn"/>
+ <classpathentry kind="src" path="/api-ldap-extras-codec"/>
+ <classpathentry kind="src" path="/apacheds-interceptors-authz"/>
+ <classpathentry kind="src" path="/apacheds-interceptors-changelog"/>
+ <classpathentry kind="src" path="/apacheds-interceptors-collective"/>
+ <classpathentry kind="src" path="/apacheds-interceptors-event"/>
+ <classpathentry kind="src" path="/apacheds-interceptors-exception"/>
+ <classpathentry kind="src" path="/apacheds-interceptors-journal"/>
+ <classpathentry kind="src" path="/apacheds-interceptors-normalization"/>
+ <classpathentry kind="src" path="/apacheds-interceptors-operational"/>
+ <classpathentry kind="src" path="/apacheds-interceptors-referral"/>
+ <classpathentry kind="src" path="/apacheds-interceptors-schema"/>
+ <classpathentry kind="src" path="/apacheds-interceptors-subtree"/>
+ <classpathentry kind="src" path="/apacheds-interceptors-trigger"/>
+ <classpathentry kind="src" path="/api-ldap-extras-trigger"/>
+ <classpathentry kind="var" path="M2_REPO/bouncycastle/bcprov-jdk15/140/bcprov-jdk15-140.jar" sourcepath="M2_REPO/bouncycastle/bcprov-jdk15/140/bcprov-jdk15-140-sources.jar">
+ <attributes>
+ <attribute value="jar:file:/Users/elecharny/.m2/repository/bouncycastle/bcprov-jdk15/140/bcprov-jdk15-140-javadoc.jar!/" name="javadoc_location"/>
+ </attributes>
+ </classpathentry>
+ <classpathentry kind="src" path="/apacheds-ldif-partition"/>
+ <classpathentry kind="src" path="/apacheds-xdbm-partition"/>
+ <classpathentry kind="src" path="/apacheds-core-avl"/>
+ <classpathentry kind="var" path="M2_REPO/commons-io/commons-io/2.4/commons-io-2.4.jar" sourcepath="M2_REPO/commons-io/commons-io/2.4/commons-io-2.4-sources.jar">
+ <attributes>
+ <attribute value="jar:file:/Users/elecharny/.m2/repository/commons-io/commons-io/2.4/commons-io-2.4-javadoc.jar!/" name="javadoc_location"/>
+ </attributes>
+ </classpathentry>
+ <classpathentry kind="src" path="/apacheds-jdbm-partition"/>
+ <classpathentry kind="var" path="M2_REPO/org/apache/directory/jdbm/apacheds-jdbm1/2.0.0-M2/apacheds-jdbm1-2.0.0-M2.jar" sourcepath="M2_REPO/org/apache/directory/jdbm/apacheds-jdbm1/2.0.0-M2/apacheds-jdbm1-2.0.0-M2-sources.jar">
+ <attributes>
+ <attribute value="jar:file:/Users/elecharny/.m2/repository/org/apache/directory/jdbm/apacheds-jdbm1/2.0.0-M2/apacheds-jdbm1-2.0.0-M2-javadoc.jar!/" name="javadoc_location"/>
+ </attributes>
+ </classpathentry>
+ <classpathentry kind="src" path="/apacheds-server-annotations"/>
+ <classpathentry kind="src" path="/apacheds-protocol-kerberos"/>
+ <classpathentry kind="src" path="/apacheds-protocol-ldap"/>
+ <classpathentry kind="src" path="/api-ldap-extras-sp"/>
+ <classpathentry kind="src" path="/apacheds-test-framework"/>
+ <classpathentry kind="src" path="/api-ldap-codec-standalone"/>
+ <classpathentry kind="src" path="/api-ldap-net-mina"/>
+ <classpathentry kind="src" path="/apacheds-interceptor-kerberos"/>
+ <classpathentry kind="var" path="M2_REPO/findbugs/annotations/1.0.0/annotations-1.0.0.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/slf4j/slf4j-log4j12/1.7.2/slf4j-log4j12-1.7.2.jar" sourcepath="M2_REPO/org/slf4j/slf4j-log4j12/1.7.2/slf4j-log4j12-1.7.2-sources.jar">
+ <attributes>
+ <attribute value="jar:file:/Users/elecharny/.m2/repository/org/slf4j/slf4j-log4j12/1.7.2/slf4j-log4j12-1.7.2-javadoc.jar!/" name="javadoc_location"/>
+ </attributes>
+ </classpathentry>
+ <classpathentry kind="var" path="M2_REPO/log4j/log4j/1.2.17/log4j-1.2.17.jar" sourcepath="M2_REPO/log4j/log4j/1.2.17/log4j-1.2.17-sources.jar">
+ <attributes>
+ <attribute value="jar:file:/Users/elecharny/.m2/repository/log4j/log4j/1.2.17/log4j-1.2.17-javadoc.jar!/" name="javadoc_location"/>
+ </attributes>
+ </classpathentry>
+</classpath>
\ No newline at end of file
Added: directory/apacheds/trunk/kerberos-client/.project
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-client/.project?rev=1443360&view=auto
==============================================================================
--- directory/apacheds/trunk/kerberos-client/.project (added)
+++ directory/apacheds/trunk/kerberos-client/.project Thu Feb 7 08:57:03 2013
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+ <name>kerberos-client</name>
+ <comment>A kerberos client implementation using new codec. NO_M2ECLIPSE_SUPPORT: Project files created with the maven-eclipse-plugin are not supported in M2Eclipse.</comment>
+ <projects>
+ <project>apacheds-kerberos-codec</project>
+ <project>apacheds-core-api</project>
+ <project>apacheds-core-constants</project>
+ <project>apacheds-i18n</project>
+ <project>api-i18n</project>
+ <project>api-asn1-api</project>
+ <project>api-ldap-client-api</project>
+ <project>api-ldap-schema-data</project>
+ <project>api-ldap-model</project>
+ <project>api-util</project>
+ <project>api-asn1-ber</project>
+ <project>api-ldap-codec-core</project>
+ <project>api-ldap-extras-aci</project>
+ <project>api-ldap-extras-util</project>
+ <project>apacheds-protocol-shared</project>
+ <project>apacheds-core-annotations</project>
+ <project>apacheds-core</project>
+ <project>apacheds-core-shared</project>
+ <project>api-ldap-extras-codec-api</project>
+ <project>apacheds-interceptors-admin</project>
+ <project>apacheds-interceptors-authn</project>
+ <project>api-ldap-extras-codec</project>
+ <project>apacheds-interceptors-authz</project>
+ <project>apacheds-interceptors-changelog</project>
+ <project>apacheds-interceptors-collective</project>
+ <project>apacheds-interceptors-event</project>
+ <project>apacheds-interceptors-exception</project>
+ <project>apacheds-interceptors-journal</project>
+ <project>apacheds-interceptors-normalization</project>
+ <project>apacheds-interceptors-operational</project>
+ <project>apacheds-interceptors-referral</project>
+ <project>apacheds-interceptors-schema</project>
+ <project>apacheds-interceptors-subtree</project>
+ <project>apacheds-interceptors-trigger</project>
+ <project>api-ldap-extras-trigger</project>
+ <project>apacheds-ldif-partition</project>
+ <project>apacheds-xdbm-partition</project>
+ <project>apacheds-core-avl</project>
+ <project>apacheds-jdbm-partition</project>
+ <project>apacheds-server-annotations</project>
+ <project>apacheds-protocol-kerberos</project>
+ <project>apacheds-protocol-ldap</project>
+ <project>api-ldap-extras-sp</project>
+ <project>apacheds-test-framework</project>
+ <project>api-ldap-codec-standalone</project>
+ <project>api-ldap-net-mina</project>
+ <project>apacheds-interceptor-kerberos</project>
+ </projects>
+ <buildSpec>
+ <buildCommand>
+ <name>org.eclipse.jdt.core.javabuilder</name>
+ </buildCommand>
+ </buildSpec>
+ <natures>
+ <nature>org.eclipse.jdt.core.javanature</nature>
+ </natures>
+</projectDescription>
\ No newline at end of file
Added: directory/apacheds/trunk/kerberos-client/.settings/org.eclipse.jdt.core.prefs
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-client/.settings/org.eclipse.jdt.core.prefs?rev=1443360&view=auto
==============================================================================
--- directory/apacheds/trunk/kerberos-client/.settings/org.eclipse.jdt.core.prefs (added)
+++ directory/apacheds/trunk/kerberos-client/.settings/org.eclipse.jdt.core.prefs Thu Feb 7 08:57:03 2013
@@ -0,0 +1,9 @@
+#Wed Feb 06 10:00:30 CET 2013
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.6
+eclipse.preferences.version=1
+encoding/src/main/java=ISO-8859-1
+org.eclipse.jdt.core.compiler.source=1.6
+encoding/src/test/resources=ISO-8859-1
+encoding/src/main/resources=ISO-8859-1
+encoding/src/test/java=ISO-8859-1
+org.eclipse.jdt.core.compiler.compliance=1.6
Added: directory/apacheds/trunk/kerberos-client/pom.xml
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-client/pom.xml?rev=1443360&view=auto
==============================================================================
--- directory/apacheds/trunk/kerberos-client/pom.xml (added)
+++ directory/apacheds/trunk/kerberos-client/pom.xml Thu Feb 7 08:57:03 2013
@@ -0,0 +1,60 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>org.apache.directory.server</groupId>
+ <artifactId>apacheds-parent</artifactId>
+ <version>2.0.0-M11-SNAPSHOT</version>
+ </parent>
+
+ <groupId>org.apache.directory.kerberos.client</groupId>
+ <artifactId>kerberos-client</artifactId>
+ <version>2.0.0-M11-SNAPSHOT</version>
+ <name>kerberos-client</name>
+ <description>A kerberos client implementation using new codec</description>
+
+ <properties>
+ <server.version>2.0.0-M11-SNAPSHOT</server.version>
+ </properties>
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.directory.junit</groupId>
+ <artifactId>junit-addons</artifactId>
+ <scope>test</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>org.apache.directory.server</groupId>
+ <artifactId>apacheds-kerberos-codec</artifactId>
+ <version>${server.version}</version>
+ </dependency>
+
+ <dependency>
+ <groupId>org.apache.directory.server</groupId>
+ <artifactId>apacheds-core-annotations</artifactId>
+ <version>${server.version}</version>
+ <scope>test</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>org.apache.directory.server</groupId>
+ <artifactId>apacheds-server-annotations</artifactId>
+ <version>${server.version}</version>
+ <scope>test</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>org.apache.directory.server</groupId>
+ <artifactId>apacheds-test-framework</artifactId>
+ <version>${server.version}</version>
+ <scope>test</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>org.apache.directory.server</groupId>
+ <artifactId>apacheds-interceptor-kerberos</artifactId>
+ <version>${server.version}</version>
+ <scope>test</scope>
+ </dependency>
+
+ </dependencies>
+</project>
Added: directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/client/ClientRequestOptions.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/client/ClientRequestOptions.java?rev=1443360&view=auto
==============================================================================
--- directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/client/ClientRequestOptions.java (added)
+++ directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/client/ClientRequestOptions.java Thu Feb 7 08:57:03 2013
@@ -0,0 +1,407 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.kerberos.client;
+
+
+import java.net.InetAddress;
+import java.util.Date;
+import java.util.HashSet;
+import java.util.LinkedHashSet;
+import java.util.Set;
+
+import org.apache.directory.shared.kerberos.codec.types.EncryptionType;
+
+
+/**
+ * Parameters for controlling a connection to a Kerberos server (KDC).
+ *
+ * 3.1.1. Generation of KRB_AS_REQ Message
+ *
+ * The client may specify a number of options in the initial request.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev$, $Date$
+ */
+public class ClientRequestOptions
+{
+ /** The number of milliseconds in a minute. */
+ public static final int MINUTE = 60000;
+
+ /** The number of milliseconds in a day. */
+ public static final int DAY = MINUTE * 1440;
+
+ /** The number of milliseconds in a week. */
+ public static final int WEEK = MINUTE * 10080;
+
+ /** The allowed clock skew. */
+ private long allowedClockSkew = 5 * MINUTE;
+
+ /** Whether pre-authentication by encrypted timestamp is used. */
+ private boolean usePaEncTimestamp = true;
+
+ /** Whether forwardable addresses are allowed. */
+ private boolean isForwardable = false;
+
+ /** Whether proxiable addresses are allowed. */
+ private boolean isProxiable = false;
+
+ /** Whether the request is for a proxy ticket. */
+ private boolean isProxy = false;
+
+ /** Whether the request is for a forwarded ticket. */
+ private boolean isForwarded = false;
+
+ /** The encryption types. */
+ private Set<EncryptionType> encryptionTypes = new LinkedHashSet<EncryptionType>();
+
+ /** The client addresses. */
+ private Set<InetAddress> clientAddresses;
+
+ /** The UDP preference limit. */
+ private int udpPreferenceLimit = 1500;
+
+ /** The ticket lifetime. */
+ private long lifeTime = DAY;
+
+ /** The ticket start time. */
+ private Date startTime;
+
+ /** The renewable lifetime. */
+ private long renewableLifetime;
+
+ /** Whether to allow postdating of derivative tickets. */
+ private boolean isAllowPostdate;
+
+ /**
+ * Whether a renewable ticket will be accepted in lieu of a non-renewable ticket if the
+ * requested ticket expiration date cannot be satisfied by a non-renewable ticket (due to
+ * configuration constraints).
+ */
+ private boolean isRenewableOk;
+
+
+ /**
+ * Creates a new instance of KdcControls.
+ */
+ public ClientRequestOptions()
+ {
+ encryptionTypes.add( EncryptionType.DES_CBC_MD5 );
+ }
+
+
+ /**
+ * Returns the allowed clock skew.
+ *
+ * @return The allowed clock skew.
+ */
+ public long getAllowedClockSkew()
+ {
+ return allowedClockSkew;
+ }
+
+
+ /**
+ * @param allowedClockSkew The allowedClockSkew to set.
+ */
+ public void setAllowedClockSkew( long allowedClockSkew )
+ {
+ this.allowedClockSkew = allowedClockSkew;
+ }
+
+
+ /**
+ * Returns whether pre-authentication by encrypted timestamp is to be performed.
+ *
+ * @return Whether pre-authentication by encrypted timestamp is to be performed.
+ */
+ public boolean isUsePaEncTimestamp()
+ {
+ return usePaEncTimestamp;
+ }
+
+
+ /**
+ * @param usePaEncTimestamp Whether to use encrypted timestamp pre-authentication.
+ */
+ public void setUsePaEncTimestamp( boolean usePaEncTimestamp )
+ {
+ this.usePaEncTimestamp = usePaEncTimestamp;
+ }
+
+
+ /**
+ * @return The udpPreferenceLimit.
+ */
+ public int getUdpPreferenceLimit()
+ {
+ return udpPreferenceLimit;
+ }
+
+
+ /**
+ * Default is UDP. Set to 1 to use TCP.
+ *
+ * @param udpPreferenceLimit
+ */
+ public void setUdpPreferenceLimit( int udpPreferenceLimit )
+ {
+ this.udpPreferenceLimit = udpPreferenceLimit;
+ }
+
+
+ /**
+ * Returns the start time.
+ *
+ * @return The start time.
+ */
+ public Date getStartTime()
+ {
+ return startTime;
+ }
+
+
+ /**
+ * Request a postdated ticket, valid starting at the specified start time. Postdated
+ * tickets are issued in an invalid state and must be validated by the KDC before use.
+ *
+ * @param startTime
+ */
+ public void setStartTime( Date startTime )
+ {
+ this.startTime = startTime;
+ }
+
+
+ /**
+ * Returns whether to request a forwardable ticket.
+ *
+ * @return true if the request is for a forwardable ticket.
+ */
+ public boolean isForwardable()
+ {
+ return isForwardable;
+ }
+
+
+ /**
+ * Sets whether to request a forwardable ticket.
+ *
+ * @param isForwardable
+ */
+ public void setForwardable( boolean isForwardable )
+ {
+ this.isForwardable = isForwardable;
+ }
+
+
+ /**
+ * Returns whether to request a forwarded ticket.
+ *
+ * @return true if the request is for a forwarded ticket.
+ */
+ public boolean isForwarded()
+ {
+ return isForwarded;
+ }
+
+
+ /**
+ * Sets whether to request a forwarded ticket.
+ *
+ * @param isForwarded
+ */
+ public void setForwarded( boolean isForwarded )
+ {
+ this.isForwarded = isForwarded;
+ }
+
+
+ /**
+ * Returns whether to request a proxiable ticket.
+ *
+ * @return true if the request is for a proxiable ticket.
+ */
+ public boolean isProxiable()
+ {
+ return isProxiable;
+ }
+
+
+ /**
+ * Sets whether to request a proxiable ticket.
+ *
+ * @param isProxiable
+ */
+ public void setProxiable( boolean isProxiable )
+ {
+ this.isProxiable = isProxiable;
+ }
+
+
+ /**
+ * Returns whether to request a proxy ticket.
+ *
+ * @return true if the request is for a proxy ticket.
+ */
+ public boolean isProxy()
+ {
+ return isProxy;
+ }
+
+
+ /**
+ * Sets whether to request a proxy ticket.
+ *
+ * @param isProxy
+ */
+ public void setProxy( boolean isProxy )
+ {
+ this.isProxy = isProxy;
+ }
+
+
+ /**
+ * @return The lifetime in milliseconds.
+ */
+ public long getLifeTime()
+ {
+ return lifeTime;
+ }
+
+
+ /**
+ * Requests a ticket with the specified lifetime. The value for lifetime is
+ * in milliseconds. Constants are provided for MINUTE, DAY, and WEEK.
+ *
+ * @param lifeTime The lifetime to set.
+ */
+ public void setLifeTime( long lifeTime )
+ {
+ this.lifeTime = lifeTime;
+ }
+
+
+ /**
+ * @return The renewable lifetime.
+ */
+ public long getRenewableLifetime()
+ {
+ return renewableLifetime;
+ }
+
+
+ /**
+ * Requests a ticket with the specified total lifetime. The value for
+ * lifetime is in milliseconds. Constants are provided for MINUTE, DAY,
+ * and WEEK.
+ *
+ * @param renewableLifetime The renewable lifetime to set.
+ */
+ public void setRenewableLifetime( long renewableLifetime )
+ {
+ this.renewableLifetime = renewableLifetime;
+ }
+
+
+ /**
+ * Returns the encryption types.
+ *
+ * @return The encryption types.
+ */
+ public Set<EncryptionType> getEncryptionTypes()
+ {
+ return encryptionTypes;
+ }
+
+
+ /**
+ * @param encryptionTypes The encryption types to set.
+ */
+ public void setEncryptionTypes( Set<EncryptionType> encryptionTypes )
+ {
+ this.encryptionTypes = encryptionTypes;
+ }
+
+
+ /**
+ * Returns the client addresses.
+ *
+ * @return The client addresses.
+ */
+ public Set<InetAddress> getClientAddresses()
+ {
+ return clientAddresses;
+ }
+
+
+ /**
+ * Sets the client addresses.
+ *
+ * @param clientAddresses
+ */
+ public void setClientAddresses( Set<InetAddress> clientAddresses )
+ {
+ this.clientAddresses = clientAddresses;
+ }
+
+
+ /**
+ * Returns whether postdating is allowed.
+ *
+ * @return true if postdating is allowed.
+ */
+ public boolean isAllowPostdate()
+ {
+ return isAllowPostdate;
+ }
+
+
+ /**
+ * Sets whether postdating is allowed.
+ *
+ * @param isAllowPostdate Whether postdating is allowed.
+ */
+ public void setAllowPostdate( boolean isAllowPostdate )
+ {
+ this.isAllowPostdate = isAllowPostdate;
+ }
+
+
+ /**
+ * Returns whether renewable tickets are OK.
+ *
+ * @return true if renewable tickets are OK.
+ */
+ public boolean isRenewableOk()
+ {
+ return isRenewableOk;
+ }
+
+
+ /**
+ * Sets whether renewable tickets are OK.
+ *
+ * @param isRenewableOk Whether renewable tickets are OK.
+ */
+ public void setRenewableOk( boolean isRenewableOk )
+ {
+ this.isRenewableOk = isRenewableOk;
+ }
+}
Added: directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/client/KerberosConnection.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/client/KerberosConnection.java?rev=1443360&view=auto
==============================================================================
--- directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/client/KerberosConnection.java (added)
+++ directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/client/KerberosConnection.java Thu Feb 7 08:57:03 2013
@@ -0,0 +1,372 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+
+package org.apache.directory.kerberos.client;
+
+
+import java.net.InetAddress;
+import java.net.InetSocketAddress;
+import java.net.SocketAddress;
+import java.nio.ByteBuffer;
+import java.security.SecureRandom;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Set;
+import java.util.concurrent.TimeUnit;
+
+import javax.security.auth.kerberos.KerberosPrincipal;
+
+import org.apache.directory.api.util.Strings;
+import org.apache.directory.server.kerberos.protocol.codec.KerberosDecoder;
+import org.apache.directory.server.kerberos.protocol.codec.KerberosProtocolCodecFactory;
+import org.apache.directory.server.kerberos.shared.crypto.encryption.CipherTextHandler;
+import org.apache.directory.server.kerberos.shared.crypto.encryption.KerberosKeyFactory;
+import org.apache.directory.server.kerberos.shared.crypto.encryption.KeyUsage;
+import org.apache.directory.shared.kerberos.KerberosMessageType;
+import org.apache.directory.shared.kerberos.KerberosTime;
+import org.apache.directory.shared.kerberos.codec.options.KdcOptions;
+import org.apache.directory.shared.kerberos.codec.types.EncryptionType;
+import org.apache.directory.shared.kerberos.codec.types.PaDataType;
+import org.apache.directory.shared.kerberos.codec.types.PrincipalNameType;
+import org.apache.directory.shared.kerberos.components.EncryptedData;
+import org.apache.directory.shared.kerberos.components.EncryptionKey;
+import org.apache.directory.shared.kerberos.components.HostAddress;
+import org.apache.directory.shared.kerberos.components.HostAddresses;
+import org.apache.directory.shared.kerberos.components.KdcReqBody;
+import org.apache.directory.shared.kerberos.components.PaData;
+import org.apache.directory.shared.kerberos.components.PaEncTsEnc;
+import org.apache.directory.shared.kerberos.components.PrincipalName;
+import org.apache.directory.shared.kerberos.exceptions.ErrorType;
+import org.apache.directory.shared.kerberos.exceptions.KerberosException;
+import org.apache.directory.shared.kerberos.messages.AsRep;
+import org.apache.directory.shared.kerberos.messages.AsReq;
+import org.apache.directory.shared.kerberos.messages.EncAsRepPart;
+import org.apache.directory.shared.kerberos.messages.KerberosMessage;
+import org.apache.mina.core.filterchain.IoFilter;
+import org.apache.mina.core.future.ConnectFuture;
+import org.apache.mina.core.future.WriteFuture;
+import org.apache.mina.core.service.IoConnector;
+import org.apache.mina.core.service.IoHandlerAdapter;
+import org.apache.mina.core.session.IoSession;
+import org.apache.mina.filter.codec.ProtocolCodecFilter;
+import org.apache.mina.transport.socket.nio.NioSocketConnector;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+
+/**
+ * A client to connect to Kerberos server and retrieve TGTs
+ *
+ * WARN: still experimental, no doco and code is still convoluted a bit
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public class KerberosConnection extends IoHandlerAdapter
+{
+ /** logger for reporting errors that might not be handled properly upstream */
+ private static final Logger LOG = LoggerFactory.getLogger( KerberosConnection.class );
+
+ private static final boolean IS_DEBUG = LOG.isDebugEnabled();
+
+ private IoConnector connector;
+
+ private IoSession kerberosSession;
+
+ private IoFilter filter = new ProtocolCodecFilter( KerberosProtocolCodecFactory.getInstance() );
+
+ private String hostName;
+
+ private int port = 88; // default value
+
+ private CipherTextHandler lockBox = new CipherTextHandler();
+
+ private SecureRandom random;
+
+ private Map<Integer, ReplyFuture> futureMap;
+
+ private EncryptionKey key;
+
+ /** The timeout used for response we are waiting for */
+ private long timeout = 30000L;
+
+
+ public KerberosConnection( String hostName )
+ {
+ this.hostName = hostName;
+ }
+
+
+ public KerberosConnection( String hostName, int port )
+ {
+ this.hostName = hostName;
+ this.port = port;
+ }
+
+
+ public boolean connect()
+ {
+ if ( connector != null )
+ {
+ return true;
+ }
+
+ random = new SecureRandom();
+ futureMap = new HashMap<Integer, ReplyFuture>();
+
+ connector = new NioSocketConnector();
+ connector.getFilterChain().addLast( "kerberoscodec", filter );
+ connector.setHandler( this );
+
+ SocketAddress address = new InetSocketAddress( hostName, port );
+
+ LOG.debug( "trying to establish connection to the kerberso server {} running at port {}", hostName, port );
+ ConnectFuture connectFuture = connector.connect( address );
+
+ connectFuture.awaitUninterruptibly();
+
+ if ( !connectFuture.isConnected() )
+ {
+ close();
+ return false;
+ }
+
+ kerberosSession = connectFuture.getSession();
+
+ return true;
+ }
+
+
+ public void close()
+ {
+ if ( connector == null )
+ {
+ return;
+ }
+
+ connector.dispose();
+ connector = null;
+ }
+
+
+ public void getTicketGrantingTicket( KerberosPrincipal principal, KerberosPrincipal targetPrincipal,
+ String password, ClientRequestOptions clientOptions ) throws KerberosException
+ {
+ ReplyFuture future = getTicketGrantingTicketAsync( principal, targetPrincipal, password, clientOptions );
+
+ try
+ {
+ KerberosMessage msg = future.get( timeout, TimeUnit.MILLISECONDS );
+
+ if ( IS_DEBUG )
+ {
+ LOG.debug( "received TGT {}", msg );
+ }
+ }
+ catch ( Exception e )
+ {
+ e.printStackTrace();
+ }
+ }
+
+
+ public ReplyFuture getTicketGrantingTicketAsync( KerberosPrincipal principal, KerberosPrincipal targetPrincipal,
+ String password, ClientRequestOptions clientOptions ) throws KerberosException
+ {
+ try
+ {
+
+ KdcReqBody reqBody = new KdcReqBody();
+
+ KdcOptions kdcOptions = new KdcOptions();
+ reqBody.setKdcOptions( kdcOptions );
+
+ reqBody.setCName( new PrincipalName( principal ) );
+ reqBody.setRealm( principal.getRealm() );
+ PrincipalName srvPrincipal = new PrincipalName( targetPrincipal );
+ srvPrincipal.setNameType( PrincipalNameType.KRB_NT_SRV_INST );
+ reqBody.setSName( srvPrincipal );
+
+ Date prefStartTime = clientOptions.getStartTime();
+ if ( prefStartTime != null )
+ {
+ reqBody.setFrom( new KerberosTime( prefStartTime ) );
+ }
+
+ long currentTime = System.currentTimeMillis();
+ KerberosTime lifeTime = new KerberosTime( clientOptions.getLifeTime() + currentTime );
+ reqBody.setTill( lifeTime );
+
+ if ( clientOptions.getRenewableLifetime() > 0 )
+ {
+ reqBody.setRtime( new KerberosTime( clientOptions.getRenewableLifetime() + currentTime ) );
+ kdcOptions.setFlag( KdcOptions.RENEWABLE );
+ }
+
+ int nonce = random.nextInt();
+ reqBody.setNonce( nonce );
+
+ Set<EncryptionType> ciphers = clientOptions.getEncryptionTypes();
+
+ reqBody.setEType( ciphers );
+
+ if ( clientOptions.getClientAddresses() != null )
+ {
+ HostAddresses addresses = new HostAddresses();
+ for ( InetAddress ia : clientOptions.getClientAddresses() )
+ {
+ addresses.addHostAddress( new HostAddress( ia ) );
+ }
+
+ reqBody.setAddresses( addresses );
+ }
+
+ if ( clientOptions.isAllowPostdate() )
+ {
+ kdcOptions.setFlag( KdcOptions.ALLOW_POSTDATE );
+ }
+
+ if ( clientOptions.isProxiable() )
+ {
+ kdcOptions.setFlag( KdcOptions.PROXIABLE );
+ }
+
+ if ( clientOptions.isForwardable() )
+ {
+ kdcOptions.setFlag( KdcOptions.FORWARDABLE );
+ }
+
+ Map<EncryptionType, EncryptionKey> keys = KerberosKeyFactory.getKerberosKeys( principal.getName(),
+ password, ciphers );
+
+ /** The client's encryption key. */
+ key = keys.get( ciphers.iterator().next() ); // FIXME this is always taking first cipher, not good
+
+ PaData paData = new PaData();
+
+ if ( clientOptions.isUsePaEncTimestamp() )
+ {
+
+ PaEncTsEnc paEncTimeStamp = new PaEncTsEnc( new KerberosTime(), 0 );
+
+ EncryptedData encryptedData = null;
+
+ try
+ {
+ encryptedData = lockBox.seal( key, paEncTimeStamp, KeyUsage.AS_REQ_PA_ENC_TIMESTAMP_WITH_CKEY );
+ }
+ catch ( KerberosException ke )
+ {
+ LOG.error( "Unexpected exception encrypting timestamp.", ke );
+ }
+
+ ByteBuffer buf = ByteBuffer.allocate( encryptedData.computeLength() );
+ byte[] encodedEncryptedData = encryptedData.encode( buf ).array();
+ paData.setPaDataType( PaDataType.PA_ENC_TIMESTAMP );
+
+ paData.setPaDataValue( encodedEncryptedData );
+ }
+
+ AsReq request = new AsReq();
+ request.setKdcReqBody( reqBody );
+ request.addPaData( paData );
+
+ ReplyFuture repFuture = new ReplyFuture();
+
+ futureMap.put( nonce, repFuture );
+
+ // Send the request to the server
+ WriteFuture writeFuture = kerberosSession.write( request );
+
+ // Wait for the message to be sent to the server
+ if ( !writeFuture.awaitUninterruptibly( timeout ) )
+ {
+ // We didn't received anything : this is an error
+ LOG.error( "Search failed : timeout occured" );
+
+ throw new KerberosException( ErrorType.KRB_ERR_GENERIC, "operation timed out" );
+ }
+
+ return repFuture;
+ }
+ catch ( Exception e )
+ {
+ e.printStackTrace();
+ throw new KerberosException( ErrorType.KRB_ERR_GENERIC, e );
+ }
+ }
+
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public void exceptionCaught( IoSession session, Throwable cause ) throws Exception
+ {
+ LOG.warn( "", cause );
+ }
+
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public void messageReceived( IoSession session, Object message ) throws Exception
+ {
+ if ( IS_DEBUG )
+ {
+ LOG.debug( "Received reply: {}", message );
+ }
+
+ KerberosMessage krbMessage = ( KerberosMessage ) message;
+
+ KerberosMessageType messageType = krbMessage.getMessageType();
+
+ try
+ {
+ switch ( messageType )
+ {
+ case AS_REP:
+
+ AsRep asrep = ( AsRep ) krbMessage;
+
+ byte[] encAsRepPartData = lockBox.decrypt( key, asrep.getEncPart(),
+ KeyUsage.AS_REP_ENC_PART_WITH_CKEY );
+ System.out.println( Strings.dumpBytes( encAsRepPartData ) );
+ EncAsRepPart encAsRepPart = KerberosDecoder.decodeEncAsRepPart( encAsRepPartData );
+ asrep.setEncKdcRepPart( encAsRepPart.getEncKdcRepPart() );
+
+ ReplyFuture future = futureMap.remove( asrep.getNonce() );
+ future.set( krbMessage );
+ break;
+
+ case TGS_REP:
+ break;
+
+ case KRB_ERROR:
+ break;
+ }
+ }
+ catch ( Exception e )
+ {
+ e.printStackTrace();
+ }
+ }
+}
Added: directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/client/ReplyFuture.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/client/ReplyFuture.java?rev=1443360&view=auto
==============================================================================
--- directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/client/ReplyFuture.java (added)
+++ directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/client/ReplyFuture.java Thu Feb 7 08:57:03 2013
@@ -0,0 +1,58 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+
+package org.apache.directory.kerberos.client;
+
+
+import java.util.concurrent.ArrayBlockingQueue;
+import java.util.concurrent.BlockingQueue;
+import java.util.concurrent.TimeUnit;
+
+import org.apache.directory.shared.kerberos.messages.KerberosMessage;
+
+
+/**
+ * TODO ReplyFuture.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public class ReplyFuture
+{
+ /** the queue for holding the KerberosMessage sent from server */
+ private BlockingQueue<KerberosMessage> queue = new ArrayBlockingQueue<KerberosMessage>( 1 );
+
+
+ public KerberosMessage get() throws InterruptedException
+ {
+ return queue.take();
+ }
+
+
+ public KerberosMessage get( long timeout, TimeUnit unit ) throws InterruptedException
+ {
+ return queue.poll( timeout, unit );
+ }
+
+
+ public void set( KerberosMessage mesg ) throws InterruptedException
+ {
+ queue.put( mesg );
+ }
+}
Added: directory/apacheds/trunk/kerberos-client/src/test/java/org/apache/directory/kerberos/client/KerberosConnectionTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-client/src/test/java/org/apache/directory/kerberos/client/KerberosConnectionTest.java?rev=1443360&view=auto
==============================================================================
--- directory/apacheds/trunk/kerberos-client/src/test/java/org/apache/directory/kerberos/client/KerberosConnectionTest.java (added)
+++ directory/apacheds/trunk/kerberos-client/src/test/java/org/apache/directory/kerberos/client/KerberosConnectionTest.java Thu Feb 7 08:57:03 2013
@@ -0,0 +1,140 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+
+package org.apache.directory.kerberos.client;
+
+
+import javax.security.auth.kerberos.KerberosPrincipal;
+
+import org.apache.directory.server.annotations.CreateKdcServer;
+import org.apache.directory.server.annotations.CreateTransport;
+import org.apache.directory.server.core.annotations.ApplyLdifs;
+import org.apache.directory.server.core.annotations.ContextEntry;
+import org.apache.directory.server.core.annotations.CreateDS;
+import org.apache.directory.server.core.annotations.CreateIndex;
+import org.apache.directory.server.core.annotations.CreatePartition;
+import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
+import org.apache.directory.server.core.integ.FrameworkRunner;
+import org.apache.directory.server.core.kerberos.KeyDerivationInterceptor;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+
+/**
+ * Test cases for KerberosConnection.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+@RunWith(FrameworkRunner.class)
+@CreateDS(name = "KerberosConnectionTest-class",
+ partitions =
+ {
+ @CreatePartition(
+ name = "example",
+ suffix = "dc=example,dc=com",
+ contextEntry = @ContextEntry(
+ entryLdif =
+ "dn: dc=example,dc=com\n" +
+ "dc: example\n" +
+ "objectClass: top\n" +
+ "objectClass: domain\n\n"),
+ indexes =
+ {
+ @CreateIndex(attribute = "ou")
+ })
+ },
+ additionalInterceptors =
+ {
+ KeyDerivationInterceptor.class
+ })
+@CreateKdcServer(
+ transports =
+ {
+ @CreateTransport(protocol = "UDP", port = 6088),
+ @CreateTransport(protocol = "TCP", port = 6088)
+ })
+@ApplyLdifs(
+ {
+ "dn: ou=Users,dc=example,dc=com",
+ "objectClass: organizationalUnit",
+ "objectClass: top",
+ "ou: Users",
+
+ "dn: uid=hnelson,ou=Users,dc=example,dc=com",
+ "objectClass: top",
+ "objectClass: person",
+ "objectClass: inetOrgPerson",
+ "objectClass: krb5principal",
+ "objectClass: krb5kdcentry",
+ "cn: Horatio Nelson",
+ "sn: Nelson",
+ "uid: hnelson",
+ "userPassword: secret",
+ "krb5PrincipalName: hnelson@EXAMPLE.COM",
+ "krb5KeyVersionNumber: 0",
+
+ "dn: uid=krbtgt,ou=Users,dc=example,dc=com",
+ "objectClass: top",
+ "objectClass: person",
+ "objectClass: inetOrgPerson",
+ "objectClass: krb5principal",
+ "objectClass: krb5kdcentry",
+ "cn: KDC Service",
+ "sn: Service",
+ "uid: krbtgt",
+ "userPassword: secret",
+ "krb5PrincipalName: krbtgt/EXAMPLE.COM@EXAMPLE.COM",
+ "krb5KeyVersionNumber: 0",
+
+ "dn: uid=ldap,ou=Users,dc=example,dc=com",
+ "objectClass: top",
+ "objectClass: person",
+ "objectClass: inetOrgPerson",
+ "objectClass: krb5principal",
+ "objectClass: krb5kdcentry",
+ "cn: LDAP",
+ "sn: Service",
+ "uid: ldap",
+ "userPassword: randall",
+ "krb5PrincipalName: ldap/localhost@EXAMPLE.COM",
+ "krb5KeyVersionNumber: 0"
+ })
+public class KerberosConnectionTest extends AbstractLdapTestUnit
+{
+ private KerberosConnection connection;
+
+ private KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
+
+ private KerberosPrincipal serverPrincipal = new KerberosPrincipal( "krbtgt/EXAMPLE.COM@EXAMPLE.COM" );
+
+ @Before
+ public void createConnection()
+ {
+ connection = new KerberosConnection( "localhost", 6088 );
+ connection.connect();
+ }
+
+ @Test
+ public void testGetTgt() throws Exception
+ {
+ connection.getTicketGrantingTicket( clientPrincipal, serverPrincipal, "secret", new ClientRequestOptions() );
+ }
+}
Added: directory/apacheds/trunk/kerberos-client/src/test/resources/log4j.properties
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-client/src/test/resources/log4j.properties?rev=1443360&view=auto
==============================================================================
--- directory/apacheds/trunk/kerberos-client/src/test/resources/log4j.properties (added)
+++ directory/apacheds/trunk/kerberos-client/src/test/resources/log4j.properties Thu Feb 7 08:57:03 2013
@@ -0,0 +1,49 @@
+#############################################################################
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#############################################################################
+log4j.rootCategory=FATAL, stdout
+
+log4j.appender.stdout=org.apache.log4j.ConsoleAppender
+log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
+log4j.appender.stdout.layout.ConversionPattern=[%d{HH:mm:ss}] %p [%c] - %m%n
+
+#log4j.logger.org.apache.directory.shared.client.api=DEBUG
+log4j.logger.org.apache.directory.server.schema.registries=FATAL
+log4j.logger.org.apache.directory.api.ldap=WARN
+log4j.logger.org.apache.directory.api.asn1=WARN
+log4j.logger.org.apache.directory.ldap.client.api=WARN
+log4j.logger.org.apache.directory.api.util.Strings=FATAL
+log4j.logger.JdbmTable=WARN
+log4j.logger.JdbmIndex=WARN
+log4j.logger.org.apache.directory.server.core=WARN
+log4j.logger.aci-logger=WARN
+log4j.logger.org.apache.directory.server.xdbm=WARN
+log4j.logger.org.apache.directory.kerberos.client=WARN
+log4j.logger.org.apache.directory.kerberos.codec=WARN
+log4j.logger.org.apache.directory.shared.kerberos.components=WARN
+
+log4j.logger.ATTRIBUTE_TYPE=FATAL
+log4j.logger.SYNTAX_CHECKER=FATAL
+log4j.logger.MATCHING_RULE=FATAL
+log4j.logger.LDAP_SYNTAX=FATAL
+log4j.logger.BaseRecordManager=FATAL
+log4j.logger.LOG_CHANGES=FATAL
+log4j.logger.net=FATAL
+log4j.logger.DupsCursor=FATAL
+log4j.logger.PROVIDER_LOG=FATAL
+log4j.logger.CONSUMER_LOG=FATAL
+log4j.logger.CURSOR=FATAL
+log4j.logger.KERBEROS=DEBUG