You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by el...@apache.org on 2007/10/29 19:15:07 UTC
svn commit: r589780 [2/2] - in
/directory/apacheds/branches/bigbang/kerberos-shared/src:
main/java/org/apache/directory/server/kerberos/shared/
main/java/org/apache/directory/server/kerberos/shared/io/decoder/
main/java/org/apache/directory/server/kerb...
Added: directory/apacheds/branches/bigbang/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/value/flags/TicketFlag.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/value/flags/TicketFlag.java?rev=589780&view=auto
==============================================================================
--- directory/apacheds/branches/bigbang/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/value/flags/TicketFlag.java (added)
+++ directory/apacheds/branches/bigbang/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/value/flags/TicketFlag.java Mon Oct 29 11:14:59 2007
@@ -0,0 +1,139 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.server.kerberos.shared.messages.value.flags;
+
+/**
+ * An enum to describe all the TicketFlag possible values.
+ *
+ * TicketFlags ::= KerberosFlags
+ * -- reserved(0),
+ * -- forwardable(1),
+ * -- forwarded(2),
+ * -- proxiable(3),
+ * -- proxy(4),
+ * -- may-postdate(5),
+ * -- postdated(6),
+ * -- invalid(7),
+ * -- renewable(8),
+ * -- initial(9),
+ * -- pre-authent(10),
+ * -- hw-authent(11),
+ * -- the following are new since 1510
+ * -- transited-policy-checked(12),
+ * -- ok-as-delegate(13)
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev: 540371 $, $Date: 2007-05-22 02:00:43 +0200 (Tue, 22 May 2007) $
+ */
+public enum TicketFlag implements KerberosFlag
+{
+ /**
+ * Ticket flag - reserved
+ */
+ RESERVED(0),
+
+ /**
+ * Ticket flag - forwardable
+ */
+ FORWARDABLE(1),
+
+ /**
+ * Ticket flag - forwarded
+ */
+ FORWARDED(2),
+
+ /**
+ * Ticket flag - proxiable
+ */
+ PROXIABLE(3),
+
+ /**
+ * Ticket flag - proxy
+ */
+ PROXY(4),
+
+ /**
+ * Ticket flag - may be postdated
+ */
+ MAY_POSTDATE(5),
+
+ /**
+ * Ticket flag - postdated
+ */
+ POSTDATED(6),
+ /**
+ * Ticket flag - invalid
+ */
+ INVALID(7),
+
+ /**
+ * Ticket flag - renewable
+ */
+ RENEWABLE(8),
+
+ /**
+ * Ticket flag - initial
+ */
+ INITIAL(9),
+
+ /**
+ * Ticket flag - pre-authentication
+ */
+ PRE_AUTHENT(10),
+
+ /**
+ * Ticket flag - hardware authentication
+ */
+ HW_AUTHENT(11),
+
+ /**
+ * Ticket flag - transitedEncoding policy checked
+ */
+ TRANSITED_POLICY_CHECKED(12),
+
+ /**
+ * Ticket flag - OK as delegate
+ */
+ OK_AS_DELEGATE(13),
+
+ /**
+ * Ticket flag - maximum value
+ */
+ MAX_VALUE(32);
+
+ // The interned value.
+ private int value;
+
+ /**
+ * Class constructor
+ */
+ private TicketFlag( int value )
+ {
+ this.value = value;
+ }
+
+ /**
+ * @return The ordinal value associated with this flag
+ */
+ public int getOrdinal()
+ {
+ return value;
+ }
+}
Added: directory/apacheds/branches/bigbang/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/value/flags/TicketFlags.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/value/flags/TicketFlags.java?rev=589780&view=auto
==============================================================================
--- directory/apacheds/branches/bigbang/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/value/flags/TicketFlags.java (added)
+++ directory/apacheds/branches/bigbang/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/value/flags/TicketFlags.java Mon Oct 29 11:14:59 2007
@@ -0,0 +1,329 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.server.kerberos.shared.messages.value.flags;
+
+
+/**
+ * An implementation of a BitString for the TicketFlags. The different values
+ * are stored in an int, as there can't be more than 32 flags (TicketFlag).
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev: 540371 $, $Date: 2007-05-22 02:00:43 +0200 (Tue, 22 May 2007) $
+ */
+public class TicketFlags extends AbstractKerberosFlags
+{
+ public static final long serialVersionUID = 1L;
+
+ /**
+ * Basic constructor of a TicketFlags BitString
+ */
+ public TicketFlags()
+ {
+ super();
+ }
+
+ /**
+ * Constructor of a TicketFlags BitString with an int value
+ */
+ public TicketFlags( int flags )
+ {
+ super( getBytes( flags ) );
+ }
+
+ /**
+ * Basic constructor of a TicketFlags BitString with a byte array
+ */
+ public TicketFlags( byte[] flags )
+ {
+ super( flags );
+ }
+
+ /**
+ * Ticket flag - reserved
+ */
+ public boolean isReserved()
+ {
+ return isFlagSet( TicketFlag.RESERVED );
+ }
+
+ /**
+ * Ticket flag - forwardable
+ */
+ public boolean isForwardable()
+ {
+ return isFlagSet( TicketFlag.FORWARDABLE );
+ }
+
+ /**
+ * Ticket flag - forwarded
+ */
+ public boolean isForwarded()
+ {
+ return isFlagSet( TicketFlag.FORWARDED );
+ }
+
+ /**
+ * Ticket flag - proxiable
+ */
+ public boolean isProxiable()
+ {
+ return isFlagSet( TicketFlag.PROXIABLE );
+ }
+
+ /**
+ * Ticket flag - proxy
+ */
+ public boolean isProxy()
+ {
+ return isFlagSet( TicketFlag.PROXY );
+ }
+
+ /**
+ * Ticket flag - may be postdated
+ */
+ public boolean isMayPosdate()
+ {
+ return isFlagSet( TicketFlag.MAY_POSTDATE );
+ }
+
+ /**
+ * Ticket flag - postdated
+ */
+ public boolean isPostdated()
+ {
+ return isFlagSet( TicketFlag.POSTDATED );
+ }
+
+ /**
+ * Ticket flag - invalid
+ */
+ public boolean isInvalid()
+ {
+ return isFlagSet( TicketFlag.INVALID );
+ }
+
+ /**
+ * Ticket flag - renewable
+ */
+ public boolean isRenewable()
+ {
+ return isFlagSet( TicketFlag.RENEWABLE );
+ }
+
+ /**
+ * Ticket flag - initial
+ */
+ public boolean isInitial()
+ {
+ return isFlagSet( TicketFlag.INITIAL );
+ }
+
+ /**
+ * Ticket flag - pre-authentication
+ */
+ public boolean isPreAuth()
+ {
+ return isFlagSet( TicketFlag.PRE_AUTHENT );
+ }
+
+ /**
+ * Ticket flag - hardware authentication
+ */
+ public boolean isHwAuthent()
+ {
+ return isFlagSet( TicketFlag.HW_AUTHENT );
+ }
+
+ /**
+ * Ticket flag - transitedEncoding policy checked
+ */
+ public boolean isTransitedPolicyChecked()
+ {
+ return isFlagSet( TicketFlag.TRANSITED_POLICY_CHECKED );
+ }
+
+ /**
+ * Ticket flag - OK as delegate
+ */
+ public boolean isOkAsDelegate()
+ {
+ return isFlagSet( TicketFlag.OK_AS_DELEGATE );
+ }
+
+ /**
+ * Converts the object to a printable string.
+ */
+ /*public static String toString( int flags )
+ {
+ StringBuilder result = new StringBuilder();
+
+ if ( ( flags & ( 1 << TicketFlag.RESERVED.getOrdinal() ) ) != 0 )
+ {
+ result.append( "RESERVED " );
+ }
+
+ if ( ( flags & ( 1 << TicketFlag.FORWARDABLE.getOrdinal() ) ) != 0 )
+ {
+ result.append( "FORWARDABLE " );
+ }
+
+ if ( ( flags & ( 1 << TicketFlag.FORWARDED.getOrdinal() ) ) != 0 )
+ {
+ result.append( "FORWARDED " );
+ }
+
+ if ( ( flags & ( 1 << TicketFlag.PROXIABLE.getOrdinal() ) ) != 0 )
+ {
+ result.append( "PROXIABLE " );
+ }
+
+ if ( ( flags & ( 1 << TicketFlag.PROXY.getOrdinal() ) ) != 0 )
+ {
+ result.append( "PROXY " );
+ }
+
+ if ( ( flags & ( 1 << TicketFlag.MAY_POSTDATE.getOrdinal() ) ) != 0 )
+ {
+ result.append( "MAY_POSTDATE " );
+ }
+
+ if ( ( flags & ( 1 << TicketFlag.POSTDATED.getOrdinal() ) ) != 0 )
+ {
+ result.append( "POSTDATED " );
+ }
+
+ if ( ( flags & ( 1 << TicketFlag.INVALID.getOrdinal() ) ) != 0 )
+ {
+ result.append( "INVALID " );
+ }
+
+ if ( ( flags & ( 1 << TicketFlag.RENEWABLE.getOrdinal() ) ) != 0 )
+ {
+ result.append( "RENEWABLE " );
+ }
+
+ if ( ( flags & ( 1 << TicketFlag.INITIAL.getOrdinal() ) ) != 0 )
+ {
+ result.append( "INITIAL " );
+ }
+
+ if ( ( flags & ( 1 << TicketFlag.PRE_AUTHENT.getOrdinal() ) ) != 0 )
+ {
+ result.append( "PRE_AUTHENT " );
+ }
+
+ if ( ( flags & ( 1 << TicketFlag.HW_AUTHENT.getOrdinal() ) ) != 0 )
+ {
+ result.append( "HW_AUTHENT " );
+ }
+
+ if ( ( flags & ( 1 << TicketFlag.TRANSITED_POLICY_CHECKED.getOrdinal() ) ) != 0 )
+ {
+ result.append( "TRANSITED_POLICY_CHECKED " );
+ }
+
+ if ( ( flags & ( 1 << TicketFlag.OK_AS_DELEGATE.getOrdinal() ) ) != 0 )
+ {
+ result.append( "OPTS_OK_AS_DELEGATE " );
+ }
+
+ return result.toString().trim();
+ }*/
+
+ /**
+ * Converts the object to a printable string.
+ */
+ public String toString()
+ {
+ StringBuilder result = new StringBuilder();
+
+ if ( isFlagSet( TicketFlag.RESERVED ) )
+ {
+ result.append( "RESERVED(0) " );
+ }
+
+ if ( isFlagSet( TicketFlag.FORWARDABLE ) )
+ {
+ result.append( "FORWARDABLE(1) " );
+ }
+
+ if ( isFlagSet( TicketFlag.FORWARDED ) )
+ {
+ result.append( "FORWARDED(2) " );
+ }
+
+ if ( isFlagSet( TicketFlag.PROXIABLE ) )
+ {
+ result.append( "PROXIABLE(3) " );
+ }
+
+ if ( isFlagSet( TicketFlag.PROXY ) )
+ {
+ result.append( "PROXY(4) " );
+ }
+
+ if ( isFlagSet( TicketFlag.MAY_POSTDATE ) )
+ {
+ result.append( "MAY_POSTDATE(5) " );
+ }
+
+ if ( isFlagSet( TicketFlag.POSTDATED ) )
+ {
+ result.append( "POSTDATED(6) " );
+ }
+
+ if ( isFlagSet( TicketFlag.INVALID ) )
+ {
+ result.append( "INVALID(7) " );
+ }
+
+ if ( isFlagSet( TicketFlag.RENEWABLE ) )
+ {
+ result.append( "RENEWABLE(8) " );
+ }
+
+ if ( isFlagSet( TicketFlag.INITIAL ) )
+ {
+ result.append( "INITIAL(9) " );
+ }
+
+ if ( isFlagSet( TicketFlag.PRE_AUTHENT ) )
+ {
+ result.append( "PRE_AUTHENT(10) " );
+ }
+
+ if ( isFlagSet( TicketFlag.HW_AUTHENT ) )
+ {
+ result.append( "HW_AUTHENT(11) " );
+ }
+
+ if ( isFlagSet( TicketFlag.TRANSITED_POLICY_CHECKED ) )
+ {
+ result.append( "TRANSITED_POLICY_CHECKED(12) " );
+ }
+
+ if ( isFlagSet( TicketFlag.OK_AS_DELEGATE ) )
+ {
+ result.append( "OK_AS_DELEGATE(13) " );
+ }
+
+ return result.toString().trim();
+ }
+}
Modified: directory/apacheds/branches/bigbang/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/VerifyAuthHeader.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/VerifyAuthHeader.java?rev=589780&r1=589779&r2=589780&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/VerifyAuthHeader.java (original)
+++ directory/apacheds/branches/bigbang/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/VerifyAuthHeader.java Mon Oct 29 11:14:59 2007
@@ -24,12 +24,12 @@
import javax.security.auth.kerberos.KerberosPrincipal;
+import org.apache.directory.server.kerberos.shared.KerberosMessageType;
import org.apache.directory.server.kerberos.shared.crypto.encryption.CipherTextHandler;
import org.apache.directory.server.kerberos.shared.crypto.encryption.KeyUsage;
import org.apache.directory.server.kerberos.shared.exceptions.ErrorType;
import org.apache.directory.server.kerberos.shared.exceptions.KerberosException;
import org.apache.directory.server.kerberos.shared.messages.ApplicationRequest;
-import org.apache.directory.server.kerberos.shared.messages.MessageType;
import org.apache.directory.server.kerberos.shared.messages.components.Authenticator;
import org.apache.directory.server.kerberos.shared.messages.components.EncTicketPart;
import org.apache.directory.server.kerberos.shared.messages.components.Ticket;
@@ -78,12 +78,12 @@
throw new KerberosException( ErrorType.KRB_AP_ERR_BADVERSION );
}
- if ( authHeader.getMessageType() != MessageType.KRB_AP_REQ )
+ if ( authHeader.getMessageType() != KerberosMessageType.AP_REQ )
{
throw new KerberosException( ErrorType.KRB_AP_ERR_MSG_TYPE );
}
- if ( authHeader.getTicket().getVersionNumber() != 5 )
+ if ( authHeader.getTicket().getTktVno() != 5 )
{
throw new KerberosException( ErrorType.KRB_AP_ERR_BADVERSION );
}
@@ -92,7 +92,7 @@
if ( authHeader.getOption( ApOptions.USE_SESSION_KEY ) )
{
- ticketKey = authHeader.getTicket().getSessionKey();
+ ticketKey = authHeader.getTicket().getEncTicketPart().getSessionKey();
}
else
{
@@ -114,17 +114,17 @@
KeyUsage.NUMBER2 );
ticket.setEncTicketPart( encPart );
- Authenticator authenticator = ( Authenticator ) lockBox.unseal( Authenticator.class, ticket.getSessionKey(),
+ Authenticator authenticator = ( Authenticator ) lockBox.unseal( Authenticator.class, ticket.getEncTicketPart().getSessionKey(),
authHeader.getEncPart(), authenticatorKeyUsage );
- if ( !authenticator.getClientPrincipal().getName().equals( ticket.getClientPrincipal().getName() ) )
+ if ( !authenticator.getClientPrincipal().getName().equals( ticket.getEncTicketPart().getClientPrincipal().getName() ) )
{
throw new KerberosException( ErrorType.KRB_AP_ERR_BADMATCH );
}
- if ( ticket.getClientAddresses() != null )
+ if ( ticket.getEncTicketPart().getClientAddresses() != null )
{
- if ( !ticket.getClientAddresses().contains( new HostAddress( clientAddress ) ) )
+ if ( !ticket.getEncTicketPart().getClientAddresses().contains( new HostAddress( clientAddress ) ) )
{
throw new KerberosException( ErrorType.KRB_AP_ERR_BADADDR );
}
@@ -160,19 +160,19 @@
* current time by more than the allowable clock skew, or if the INVALID
* flag is set in the ticket, the KRB_AP_ERR_TKT_NYV error is returned."
*/
- KerberosTime startTime = ( ticket.getStartTime() != null ) ? ticket.getStartTime() : ticket.getAuthTime();
+ KerberosTime startTime = ( ticket.getEncTicketPart().getStartTime() != null ) ? ticket.getEncTicketPart().getStartTime() : ticket.getEncTicketPart().getAuthTime();
KerberosTime now = new KerberosTime();
boolean isValidStartTime = startTime.lessThan( now );
- if ( !isValidStartTime || ( ticket.getFlag( TicketFlags.INVALID ) && !isValidate ) )
+ if ( !isValidStartTime || ( ticket.getEncTicketPart().getFlags().get( TicketFlags.INVALID ) && !isValidate ) )
{
// it hasn't yet become valid
throw new KerberosException( ErrorType.KRB_AP_ERR_TKT_NYV );
}
// TODO - doesn't take into account skew
- if ( !ticket.getEndTime().greaterThan( now ) )
+ if ( !ticket.getEncTicketPart().getEndTime().greaterThan( now ) )
{
throw new KerberosException( ErrorType.KRB_AP_ERR_TKT_EXPIRED );
}
Modified: directory/apacheds/branches/bigbang/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/TicketFactory.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/TicketFactory.java?rev=589780&r1=589779&r2=589780&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/TicketFactory.java (original)
+++ directory/apacheds/branches/bigbang/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/TicketFactory.java Mon Oct 29 11:14:59 2007
@@ -37,7 +37,6 @@
import org.apache.directory.server.kerberos.shared.messages.components.EncTicketPart;
import org.apache.directory.server.kerberos.shared.messages.components.EncTicketPartModifier;
import org.apache.directory.server.kerberos.shared.messages.components.Ticket;
-import org.apache.directory.server.kerberos.shared.messages.components.TicketModifier;
import org.apache.directory.server.kerberos.shared.messages.value.EncryptedData;
import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
import org.apache.directory.server.kerberos.shared.messages.value.KerberosTime;
@@ -118,12 +117,10 @@
EncryptedData encryptedTicketPart = cipherTextHandler.seal( serverKey, encTicketPart, KeyUsage.NUMBER2 );
- TicketModifier ticketModifier = new TicketModifier();
- ticketModifier.setTicketVersionNumber( 5 );
- ticketModifier.setServerPrincipal( serverPrincipal );
- ticketModifier.setEncPart( encryptedTicketPart );
-
- Ticket ticket = ticketModifier.getTicket();
+ Ticket ticket = new Ticket();
+ ticket.setTktVno( 5 );
+ ticket.setServerPrincipal( serverPrincipal );
+ ticket.setEncPart( encryptedTicketPart );
ticket.setEncTicketPart( encTicketPart );
@@ -142,28 +139,28 @@
{
byte[] asn1Encoding = TicketEncoder.encodeTicket( ticket );
- KerberosPrincipal client = ticket.getClientPrincipal();
+ KerberosPrincipal client = ticket.getEncTicketPart().getClientPrincipal();
KerberosPrincipal server = ticket.getServerPrincipal();
- byte[] sessionKey = ticket.getSessionKey().getKeyValue();
- int keyType = ticket.getSessionKey().getKeyType().getOrdinal();
+ byte[] sessionKey = ticket.getEncTicketPart().getSessionKey().getKeyValue();
+ int keyType = ticket.getEncTicketPart().getSessionKey().getKeyType().getOrdinal();
boolean[] flags = new boolean[32];
for ( int ii = 0; ii < flags.length; ii++ )
{
- flags[ii] = ticket.getFlag( ii );
+ flags[ii] = ticket.getEncTicketPart().getFlags().get( ii );
}
- Date authTime = ticket.getAuthTime().toDate();
- Date endTime = ticket.getEndTime().toDate();
+ Date authTime = ticket.getEncTicketPart().getAuthTime().toDate();
+ Date endTime = ticket.getEncTicketPart().getEndTime().toDate();
- Date startTime = ( ticket.getStartTime() != null ? ticket.getStartTime().toDate() : null );
+ Date startTime = ( ticket.getEncTicketPart().getStartTime() != null ? ticket.getEncTicketPart().getStartTime().toDate() : null );
Date renewTill = null;
- if ( ticket.getFlag( TicketFlags.RENEWABLE ) )
+ if ( ticket.getEncTicketPart().getFlags().get( TicketFlags.RENEWABLE ) )
{
- renewTill = ( ticket.getRenewTill() != null ? ticket.getRenewTill().toDate() : null );
+ renewTill = ( ticket.getEncTicketPart().getRenewTill() != null ? ticket.getEncTicketPart().getRenewTill().toDate() : null );
}
InetAddress[] clientAddresses = new InetAddress[0];
Added: directory/apacheds/branches/bigbang/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/messages/components/TicketTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/messages/components/TicketTest.java?rev=589780&view=auto
==============================================================================
--- directory/apacheds/branches/bigbang/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/messages/components/TicketTest.java (added)
+++ directory/apacheds/branches/bigbang/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/messages/components/TicketTest.java Mon Oct 29 11:14:59 2007
@@ -0,0 +1,133 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.server.kerberos.shared.messages.components;
+
+import java.nio.ByteBuffer;
+import java.util.Arrays;
+
+import javax.security.auth.kerberos.KerberosPrincipal;
+
+import org.apache.directory.server.kerberos.shared.io.encoder.TicketEncoder;
+import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
+import org.apache.directory.server.kerberos.shared.store.TicketFactory;
+import org.apache.directory.shared.ldap.util.StringTools;
+
+import junit.framework.TestCase;
+
+/**
+ * Test the Ticket encoding and decoding
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev: 542147 $, $Date: 2007-05-28 10:14:21 +0200 (Mon, 28 May 2007) $
+ */
+public class TicketTest extends TestCase
+{
+ public void testTicket() throws Exception
+ {
+ TicketFactory ticketFactory = new TicketFactory();
+
+ KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
+ KerberosPrincipal serverPrincipal = new KerberosPrincipal( "kadmin/changepw@EXAMPLE.COM" );
+ String serverPassword = "s3crEt";
+
+ EncryptionKey serverKey = ticketFactory.getServerKey( serverPrincipal, serverPassword );
+
+ Ticket serviceTicket = ticketFactory.getTicket( clientPrincipal, serverPrincipal, serverKey );
+
+ byte[] encodedTicket = TicketEncoder.encodeTicket( serviceTicket );
+
+ ByteBuffer encoded = serviceTicket.encode( null );
+
+ byte[] expectedResult = new byte[]
+ {
+ 0x61, (byte)0x81, (byte)0xEF,
+ 0x30, (byte)0x81, (byte)0xEC,
+ (byte)0xA0, 0x03,
+ 0x02, 0x01, 0x05,
+ (byte)0xA1, 0x0D,
+ 0x1B, 0x0B,
+ 'E', 'X', 'A', 'M', 'P', 'L', 'E', '.', 'C', 'O', 'M',
+ (byte)0xA2, 0x1D,
+ 0x30, 0x1B,
+ (byte)0xA0, 0x03,
+ 0x02, 0x01, 0x01,
+ (byte)0xA1, 0x14,
+ 0x30, 0x12,
+ 0x1B, 0x06,
+ 'k', 'a', 'd', 'm', 'i', 'n',
+ 0x1B, 0x08,
+ 'c', 'h', 'a', 'n', 'g', 'e', 'p', 'w',
+ (byte)0xA3, (byte)0x81, (byte)0xB6,
+ 0x30, (byte)0x81, (byte)0xB3,
+ (byte)0xA0, 0x03,
+ 0x02, 0x01, 0x03,
+ (byte)0xA2, (byte)0x81, (byte)0xAB,
+ 0x04, (byte)0x81, (byte)0xA8
+ };
+
+ // We will just compared the first bytes (everyting before the encrypted data)
+ String expectedResultString = StringTools.dumpBytes( expectedResult );
+ String resultString = StringTools.dumpBytes( encoded.array() ).substring( 0, expectedResultString.length() );
+
+ assertEquals( expectedResultString, resultString );
+ assertTrue( Arrays.equals( encodedTicket, encodedTicket ) );
+ }
+
+ /*
+ public void testTicketPerf() throws Exception
+ {
+ TicketFactory ticketFactory = new TicketFactory();
+
+ KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
+ KerberosPrincipal serverPrincipal = new KerberosPrincipal( "kadmin/changepw@EXAMPLE.COM" );
+ String serverPassword = "s3crEt";
+
+ EncryptionKey serverKey = ticketFactory.getServerKey( serverPrincipal, serverPassword );
+
+ Ticket serviceTicket = ticketFactory.getTicket( clientPrincipal, serverPrincipal, serverKey );
+
+ byte[] encodedTicket = TicketEncoder.encodeTicket( serviceTicket );
+
+ long t0 = System.currentTimeMillis();
+
+ for ( int i=0; i < 1000000; i++ )
+ {
+ TicketEncoder.encodeTicket( serviceTicket );
+ }
+
+ long t1 = System.currentTimeMillis();
+
+ System.out.println( "Delta slow = " + ( t1 - t0 ) );
+
+ long t2 = System.currentTimeMillis();
+
+ for ( int i=0; i < 1000000; i++ )
+ {
+ serviceTicket.encode( null );
+ }
+
+ long t3 = System.currentTimeMillis();
+
+ System.out.println( "Delta slow = " + ( t3 - t2 ) );
+
+ assertTrue( Arrays.equals( encodedTicket, encodedTicket ) );
+ }
+ */
+}