You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by se...@apache.org on 2015/09/25 22:24:10 UTC
svn commit: r1705348 -
/directory/apacheds/trunk/kerberos-test/src/test/java/org/apache/directory/server/kerberos/kdc/SaslGssapiBindITest.java
Author: seelmann
Date: Fri Sep 25 20:24:10 2015
New Revision: 1705348
URL: http://svn.apache.org/viewvc?rev=1705348&view=rev
Log:
Replace localhost with InetAddress.getLocalHost(), simplyfy test setup.
Modified:
directory/apacheds/trunk/kerberos-test/src/test/java/org/apache/directory/server/kerberos/kdc/SaslGssapiBindITest.java
Modified: directory/apacheds/trunk/kerberos-test/src/test/java/org/apache/directory/server/kerberos/kdc/SaslGssapiBindITest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-test/src/test/java/org/apache/directory/server/kerberos/kdc/SaslGssapiBindITest.java?rev=1705348&r1=1705347&r2=1705348&view=diff
==============================================================================
--- directory/apacheds/trunk/kerberos-test/src/test/java/org/apache/directory/server/kerberos/kdc/SaslGssapiBindITest.java (original)
+++ directory/apacheds/trunk/kerberos-test/src/test/java/org/apache/directory/server/kerberos/kdc/SaslGssapiBindITest.java Fri Sep 25 20:24:10 2015
@@ -29,15 +29,9 @@ import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.NamingException;
-import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
-import javax.naming.directory.BasicAttribute;
-import javax.naming.directory.BasicAttributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
-import javax.naming.directory.ModificationItem;
-import javax.naming.ldap.InitialLdapContext;
-import javax.naming.ldap.LdapContext;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
@@ -48,23 +42,18 @@ import javax.security.auth.login.Configu
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
-import org.apache.directory.api.ldap.model.constants.SchemaConstants;
import org.apache.directory.api.ldap.model.constants.SupportedSaslMechanisms;
import org.apache.directory.ldap.client.api.Krb5LoginConfiguration;
import org.apache.directory.server.annotations.CreateKdcServer;
import org.apache.directory.server.annotations.CreateLdapServer;
import org.apache.directory.server.annotations.CreateTransport;
import org.apache.directory.server.annotations.SaslMechanism;
-import org.apache.directory.server.constants.ServerDNConstants;
+import org.apache.directory.server.core.annotations.ApplyLdifs;
import org.apache.directory.server.core.annotations.ContextEntry;
import org.apache.directory.server.core.annotations.CreateDS;
import org.apache.directory.server.core.annotations.CreateIndex;
import org.apache.directory.server.core.annotations.CreatePartition;
-import org.apache.directory.server.core.api.CoreSession;
-import org.apache.directory.server.core.api.DirectoryService;
-import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
import org.apache.directory.server.core.integ.FrameworkRunner;
-import org.apache.directory.server.core.jndi.CoreContextFactory;
import org.apache.directory.server.core.kerberos.KeyDerivationInterceptor;
import org.apache.directory.server.i18n.I18n;
import org.apache.directory.server.ldap.handlers.sasl.cramMD5.CramMd5MechanismHandler;
@@ -72,8 +61,9 @@ import org.apache.directory.server.ldap.
import org.apache.directory.server.ldap.handlers.sasl.gssapi.GssapiMechanismHandler;
import org.apache.directory.server.ldap.handlers.sasl.ntlm.NtlmMechanismHandler;
import org.apache.directory.server.ldap.handlers.sasl.plain.PlainMechanismHandler;
-import org.junit.After;
-import org.junit.Before;
+import org.apache.directory.server.protocol.shared.transport.TcpTransport;
+import org.apache.directory.shared.kerberos.codec.types.EncryptionType;
+import org.apache.directory.shared.kerberos.crypto.checksum.ChecksumType;
import org.junit.Test;
import org.junit.runner.RunWith;
@@ -133,147 +123,28 @@ import org.junit.runner.RunWith;
@CreateTransport(protocol = "UDP", port = 6088),
@CreateTransport(protocol = "TCP", port = 6088)
})
-public class SaslGssapiBindITest extends AbstractLdapTestUnit
+@ApplyLdifs({
+ "dn: ou=users,dc=example,dc=com",
+ "objectClass: top",
+ "objectClass: organizationalUnit",
+ "ou: users"
+})
+public class SaslGssapiBindITest extends AbstractKerberosITest
{
- private DirContext ctx;
-
- /** the context root for the schema */
- protected LdapContext schemaRoot;
-
- /** the context root for the system partition */
- protected LdapContext sysRoot;
-
- /** the context root for the rootDSE */
- protected CoreSession rootDse;
-
-
- /**
- * Creates a new instance of SaslGssapiBindTest and sets JAAS system properties.
- */
- public SaslGssapiBindITest()
- {
- String krbConfPath = getClass().getClassLoader().getResource( "krb5.conf" ).getFile();
- System.setProperty( "java.security.krb5.conf", krbConfPath );
- System.setProperty( "sun.security.krb5.debug", "false" );
- }
-
-
- /**
- * Set up a partition for EXAMPLE.COM and add user and service principals to
- * test authentication with.
- */
- @Before
- public void setUp() throws Exception
- {
- String servicePrincipalName = KerberosTestUtils.fixServicePrincipalName( "ldap/localhost@EXAMPLE.COM", null, getLdapServer() );
-
- Attributes attrs;
-
- setContexts( "uid=admin,ou=system", "secret" );
-
- // -------------------------------------------------------------------
- // Enable the krb5kdc schema
- // -------------------------------------------------------------------
-
- // check if krb5kdc is disabled
- Attributes krb5kdcAttrs = schemaRoot.getAttributes( "cn=Krb5kdc" );
- boolean isKrb5KdcDisabled = false;
-
- if ( krb5kdcAttrs.get( "m-disabled" ) != null )
- {
- isKrb5KdcDisabled = ( ( String ) krb5kdcAttrs.get( "m-disabled" ).get() ).equalsIgnoreCase( "TRUE" );
- }
-
- // if krb5kdc is disabled then enable it
- if ( isKrb5KdcDisabled )
- {
- Attribute disabled = new BasicAttribute( "m-disabled" );
- ModificationItem[] mods = new ModificationItem[]
- { new ModificationItem( DirContext.REMOVE_ATTRIBUTE, disabled ) };
- schemaRoot.modifyAttributes( "cn=Krb5kdc", mods );
- }
-
- // Get a context, create the ou=users subcontext, then create the 3 principals.
- Hashtable<String, Object> env = new Hashtable<String, Object>();
- env.put( DirectoryService.JNDI_KEY, getService() );
- env.put( Context.INITIAL_CONTEXT_FACTORY, "org.apache.directory.server.core.jndi.CoreContextFactory" );
- env.put( Context.PROVIDER_URL, "dc=example,dc=com" );
- env.put( Context.SECURITY_PRINCIPAL, "uid=admin,ou=system" );
- env.put( Context.SECURITY_CREDENTIALS, "secret" );
- env.put( Context.SECURITY_AUTHENTICATION, "simple" );
-
- ctx = new InitialDirContext( env );
-
- attrs = getOrgUnitAttributes( "users" );
- DirContext users = ctx.createSubcontext( "ou=users", attrs );
-
- attrs = getPrincipalAttributes( "Nelson", "Horatio Nelson", "hnelson", "secret", "hnelson@EXAMPLE.COM" );
- users.createSubcontext( "uid=hnelson", attrs );
-
- attrs = getPrincipalAttributes( "Service", "KDC Service", "krbtgt", "secret", "krbtgt/EXAMPLE.COM@EXAMPLE.COM" );
- users.createSubcontext( "uid=krbtgt", attrs );
-
- attrs = getPrincipalAttributes( "Service", "LDAP Service", "ldap", "randall", servicePrincipalName );
- users.createSubcontext( "uid=ldap", attrs );
- }
-
-
- /**
- * Convenience method for creating principals.
- *
- * @param cn the commonName of the person
- * @param principal the kerberos principal name for the person
- * @param sn the surName of the person
- * @param uid the unique identifier for the person
- * @param userPassword the credentials of the person
- * @return the attributes of the person principal
- */
- protected Attributes getPrincipalAttributes( String sn, String cn, String uid, String userPassword, String principal )
- {
- Attributes attrs = new BasicAttributes( true );
- Attribute ocls = new BasicAttribute( "objectClass" );
- ocls.add( "top" );
- ocls.add( "person" ); // sn $ cn
- ocls.add( "inetOrgPerson" ); // uid
- ocls.add( "krb5principal" );
- ocls.add( "krb5kdcentry" );
- attrs.put( ocls );
- attrs.put( "cn", cn );
- attrs.put( "sn", sn );
- attrs.put( "uid", uid );
- attrs.put( "userPassword", userPassword );
- attrs.put( "krb5PrincipalName", principal );
- attrs.put( "krb5KeyVersionNumber", "0" );
-
- return attrs;
- }
-
-
- /**
- * Convenience method for creating an organizational unit.
- *
- * @param ou the ou of the organizationalUnit
- * @return the attributes of the organizationalUnit
- */
- protected Attributes getOrgUnitAttributes( String ou )
- {
- Attributes attrs = new BasicAttributes( true );
- Attribute ocls = new BasicAttribute( "objectClass" );
- ocls.add( "top" );
- ocls.add( "organizationalUnit" );
- attrs.put( ocls );
- attrs.put( "ou", ou );
-
- return attrs;
- }
-
/**
* Tests to make sure GSSAPI binds below the RootDSE work.
*/
@Test
- public void testSaslGssapiBind()
+ public void testSaslGssapiBind() throws Exception
{
+ // Set up a partition for EXAMPLE.COM and add user and service principals to test authentication with.
+ KerberosTestUtils.fixServicePrincipalName(
+ "ldap/" + KerberosTestUtils.getHostName() + "@EXAMPLE.COM", null, getLdapServer() );
+ ObtainTicketParameters parameters = new ObtainTicketParameters( TcpTransport.class,
+ EncryptionType.AES128_CTS_HMAC_SHA1_96, ChecksumType.HMAC_SHA1_96_AES128 );
+ setupEnv( parameters );
+
kdcServer.getConfig().setPaEncTimestampRequired( false );
// Use our custom configuration to avoid reliance on external config
Configuration.setConfiguration( new Krb5LoginConfiguration() );
@@ -292,9 +163,9 @@ public class SaslGssapiBindITest extends
}
// 2. Perform JNDI work as authenticated Subject.
- Subject.doAs( lc.getSubject(), new PrivilegedAction()
+ Subject.doAs( lc.getSubject(), new PrivilegedAction<Void>()
{
- public Object run()
+ public Void run()
{
//FIXME activate this code as soon as the GSSAPIMechanismHandler is fixed.
//Currently GSSAPI authentication for the ldap server is broken
@@ -303,7 +174,8 @@ public class SaslGssapiBindITest extends
// Create the initial context
Hashtable<String, String> env = new Hashtable<String, String>();
env.put( Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory" );
- env.put( Context.PROVIDER_URL, "ldap://localhost:" + getLdapServer().getPort() );
+ env.put( Context.PROVIDER_URL, "ldap://" + KerberosTestUtils.getHostName() + ":"
+ + getLdapServer().getPort() );
// Request the use of the "GSSAPI" SASL mechanism
// Authenticate by using already established Kerberos credentials
@@ -346,59 +218,6 @@ public class SaslGssapiBindITest extends
}
- /**
- * Tear down.
- */
- @After
- public void tearDown() throws Exception
- {
- ctx.close();
- ctx = null;
- }
-
-
- // copied the below two methods from AbstractServerTest
- /**
- * Sets the contexts for this base class. Values of user and password used to
- * set the respective JNDI properties. These values can be overriden by the
- * overrides properties.
- *
- * @param user the username for authenticating as this user
- * @param passwd the password of the user
- * @throws NamingException if there is a failure of any kind
- */
- protected void setContexts( String user, String passwd ) throws Exception
- {
- Hashtable<String, Object> env = new Hashtable<String, Object>();
- env.put( DirectoryService.JNDI_KEY, getService() );
- env.put( Context.SECURITY_PRINCIPAL, user );
- env.put( Context.SECURITY_CREDENTIALS, passwd );
- env.put( Context.SECURITY_AUTHENTICATION, "simple" );
- env.put( Context.INITIAL_CONTEXT_FACTORY, CoreContextFactory.class.getName() );
- setContexts( env );
- }
-
-
- /**
- * Sets the contexts of this class taking into account the extras and overrides
- * properties.
- *
- * @param env an environment to use while setting up the system root.
- * @throws NamingException if there is a failure of any kind
- */
- protected void setContexts( Hashtable<String, Object> env ) throws Exception
- {
- Hashtable<String, Object> envFinal = new Hashtable<String, Object>( env );
- envFinal.put( Context.PROVIDER_URL, ServerDNConstants.SYSTEM_DN );
- sysRoot = new InitialLdapContext( envFinal, null );
-
- envFinal.put( Context.PROVIDER_URL, "" );
- rootDse = getService().getAdminSession();
-
- envFinal.put( Context.PROVIDER_URL, SchemaConstants.OU_SCHEMA );
- schemaRoot = new InitialLdapContext( envFinal, null );
- }
-
private class CallbackHandlerBean implements CallbackHandler
{
private String name;