You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by er...@apache.org on 2007/07/18 09:43:27 UTC
svn commit: r557186 - in
/directory/apacheds/trunk/protocol-changepw/src/test/java/org/apache/directory/server/changepw/protocol:
./ ChangepwProtocolHandlerTest.java MapPrincipalStoreImpl.java
Author: erodriguez
Date: Wed Jul 18 00:43:24 2007
New Revision: 557186
URL: http://svn.apache.org/viewvc?view=rev&rev=557186
Log:
Test cases for the Change Password protocol.
Added:
directory/apacheds/trunk/protocol-changepw/src/test/java/org/apache/directory/server/changepw/protocol/
directory/apacheds/trunk/protocol-changepw/src/test/java/org/apache/directory/server/changepw/protocol/ChangepwProtocolHandlerTest.java (with props)
directory/apacheds/trunk/protocol-changepw/src/test/java/org/apache/directory/server/changepw/protocol/MapPrincipalStoreImpl.java (with props)
Added: directory/apacheds/trunk/protocol-changepw/src/test/java/org/apache/directory/server/changepw/protocol/ChangepwProtocolHandlerTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-changepw/src/test/java/org/apache/directory/server/changepw/protocol/ChangepwProtocolHandlerTest.java?view=auto&rev=557186
==============================================================================
--- directory/apacheds/trunk/protocol-changepw/src/test/java/org/apache/directory/server/changepw/protocol/ChangepwProtocolHandlerTest.java (added)
+++ directory/apacheds/trunk/protocol-changepw/src/test/java/org/apache/directory/server/changepw/protocol/ChangepwProtocolHandlerTest.java Wed Jul 18 00:43:24 2007
@@ -0,0 +1,403 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.server.changepw.protocol;
+
+
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.net.InetAddress;
+import java.net.InetSocketAddress;
+import java.net.SocketAddress;
+import java.net.UnknownHostException;
+import java.util.Arrays;
+
+import javax.security.auth.kerberos.KerberosPrincipal;
+
+import junit.framework.TestCase;
+
+import org.apache.directory.server.changepw.ChangePasswordConfiguration;
+import org.apache.directory.server.changepw.io.ChangePasswordDataEncoder;
+import org.apache.directory.server.changepw.messages.ChangePasswordError;
+import org.apache.directory.server.changepw.messages.ChangePasswordReply;
+import org.apache.directory.server.changepw.messages.ChangePasswordRequest;
+import org.apache.directory.server.changepw.value.ChangePasswordData;
+import org.apache.directory.server.changepw.value.ChangePasswordDataModifier;
+import org.apache.directory.server.kerberos.shared.crypto.encryption.CipherTextHandler;
+import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
+import org.apache.directory.server.kerberos.shared.crypto.encryption.KeyUsage;
+import org.apache.directory.server.kerberos.shared.crypto.encryption.RandomKeyFactory;
+import org.apache.directory.server.kerberos.shared.exceptions.KerberosException;
+import org.apache.directory.server.kerberos.shared.messages.ApplicationRequest;
+import org.apache.directory.server.kerberos.shared.messages.ErrorMessage;
+import org.apache.directory.server.kerberos.shared.messages.MessageType;
+import org.apache.directory.server.kerberos.shared.messages.application.PrivateMessage;
+import org.apache.directory.server.kerberos.shared.messages.components.AuthenticatorModifier;
+import org.apache.directory.server.kerberos.shared.messages.components.EncKrbPrivPart;
+import org.apache.directory.server.kerberos.shared.messages.components.EncKrbPrivPartModifier;
+import org.apache.directory.server.kerberos.shared.messages.components.Ticket;
+import org.apache.directory.server.kerberos.shared.messages.value.ApOptions;
+import org.apache.directory.server.kerberos.shared.messages.value.EncryptedData;
+import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
+import org.apache.directory.server.kerberos.shared.messages.value.HostAddress;
+import org.apache.directory.server.kerberos.shared.messages.value.KerberosTime;
+import org.apache.directory.server.kerberos.shared.messages.value.PrincipalName;
+import org.apache.directory.server.kerberos.shared.messages.value.PrincipalNameModifier;
+import org.apache.directory.server.kerberos.shared.messages.value.PrincipalNameType;
+import org.apache.directory.server.kerberos.shared.store.PrincipalStore;
+import org.apache.directory.server.kerberos.shared.store.TicketFactory;
+import org.apache.mina.common.IoFilterChain;
+import org.apache.mina.common.IoHandler;
+import org.apache.mina.common.IoService;
+import org.apache.mina.common.IoServiceConfig;
+import org.apache.mina.common.IoSessionConfig;
+import org.apache.mina.common.TransportType;
+import org.apache.mina.common.WriteFuture;
+import org.apache.mina.common.support.BaseIoSession;
+
+
+/**
+ * Tests the ChangePasswordProtocolHandler.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev$, $Date$
+ */
+public class ChangepwProtocolHandlerTest extends TestCase
+{
+ /** The Change Password SUCCESS result code. */
+ private static final byte[] SUCCESS = new byte[]
+ { ( byte ) 0x00, ( byte ) 0x00 };
+
+ private ChangePasswordConfiguration config;
+ private PrincipalStore store;
+ private ChangePasswordProtocolHandler handler;
+ private DummySession session;
+
+ private CipherTextHandler cipherTextHandler = new CipherTextHandler();
+
+
+ public ChangepwProtocolHandlerTest()
+ {
+ config = new ChangePasswordConfiguration();
+ store = new MapPrincipalStoreImpl();
+ handler = new ChangePasswordProtocolHandler( config, store );
+ session = new DummySession();
+ }
+
+
+ public void testProtocolVersionNumber()
+ {
+ ChangePasswordRequest message = new ChangePasswordRequest( ( short ) 2, null, null );
+
+ handler.messageReceived( session, message );
+
+ ChangePasswordError reply = ( ChangePasswordError ) session.getMessage();
+ ErrorMessage error = reply.getErrorMessage();
+ assertEquals( "Protocol version unsupported", 6, error.getErrorCode() );
+ }
+
+
+ public void testMissingTicket()
+ {
+ ChangePasswordRequest message = new ChangePasswordRequest( ( short ) 1, null, null );
+
+ handler.messageReceived( session, message );
+
+ ChangePasswordError reply = ( ChangePasswordError ) session.getMessage();
+ ErrorMessage error = reply.getErrorMessage();
+ assertEquals( "Request failed due to an error in authentication processing", 3, error.getErrorCode() );
+ }
+
+
+ public void testInitialFlagRequired() throws Exception
+ {
+ KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
+
+ KerberosPrincipal serverPrincipal = new KerberosPrincipal( "kadmin/changepw@EXAMPLE.COM" );
+ String serverPassword = "secret";
+
+ TicketFactory ticketFactory = new TicketFactory();
+ EncryptionKey serverKey = ticketFactory.getServerKey( serverPrincipal, serverPassword );
+ Ticket serviceTicket = ticketFactory.getTicket( clientPrincipal, serverPrincipal, serverKey );
+
+ EncryptionKey subSessionKey = RandomKeyFactory.getRandomKey( EncryptionType.DES_CBC_MD5 );
+
+ ApOptions apOptions = new ApOptions();
+
+ AuthenticatorModifier modifier = new AuthenticatorModifier();
+ modifier.setVersionNumber( 5 );
+ modifier.setClientRealm( "EXAMPLE.COM" );
+
+ PrincipalNameModifier clientModifier = new PrincipalNameModifier();
+ clientModifier.addName( "hnelson" );
+
+ modifier.setClientName( clientModifier.getPrincipalName() );
+ modifier.setClientTime( new KerberosTime() );
+ modifier.setClientMicroSecond( 0 );
+
+ modifier.setSubSessionKey( subSessionKey );
+
+ EncryptedData encryptedAuthenticator = cipherTextHandler.seal( serviceTicket.getSessionKey(), modifier
+ .getAuthenticator(), KeyUsage.NUMBER11 );
+
+ ApplicationRequest apReq = new ApplicationRequest( apOptions, serviceTicket, encryptedAuthenticator );
+
+ String newPassword = "secretsecret";
+
+ PrivateMessage priv = getChangePasswordPrivateMessage( newPassword, subSessionKey );
+
+ ChangePasswordRequest message = new ChangePasswordRequest( ( short ) 1, apReq, priv );
+
+ handler.messageReceived( session, message );
+
+ ChangePasswordError reply = ( ChangePasswordError ) session.getMessage();
+ ErrorMessage error = reply.getErrorMessage();
+ assertEquals( "Initial flag required", 7, error.getErrorCode() );
+
+ //ChangePasswordReply reply = ( ChangePasswordReply ) session.getMessage();
+
+ //processChangePasswordReply( reply, serviceTicket.getSessionKey(), subSessionKey );
+ }
+
+
+ private void processChangePasswordReply( ChangePasswordReply reply, EncryptionKey sessionKey,
+ EncryptionKey subSessionKey ) throws Exception
+ {
+ PrivateMessage privateMessage = reply.getPrivateMessage();
+
+ EncryptedData encPrivPart = privateMessage.getEncryptedPart();
+
+ EncKrbPrivPart privPart;
+
+ try
+ {
+ privPart = ( EncKrbPrivPart ) cipherTextHandler.unseal( EncKrbPrivPart.class, subSessionKey, encPrivPart,
+ KeyUsage.NUMBER13 );
+ }
+ catch ( KerberosException ke )
+ {
+ return;
+ }
+
+ // Verify result code.
+ byte[] resultCode = privPart.getUserData();
+
+ assertTrue( "Password change returned SUCCESS (0x00 0x00).", Arrays.equals( SUCCESS, resultCode ) );
+ }
+
+
+ public void testSetPassword() throws Exception
+ {
+ KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
+
+ KerberosPrincipal serverPrincipal = new KerberosPrincipal( "kadmin/changepw@EXAMPLE.COM" );
+ String serverPassword = "secret";
+
+ TicketFactory ticketFactory = new TicketFactory();
+ EncryptionKey serverKey = ticketFactory.getServerKey( serverPrincipal, serverPassword );
+ Ticket serviceTicket = ticketFactory.getTicket( clientPrincipal, serverPrincipal, serverKey );
+
+ EncryptionKey subSessionKey = RandomKeyFactory.getRandomKey( EncryptionType.DES_CBC_MD5 );
+
+ ApOptions apOptions = new ApOptions();
+
+ AuthenticatorModifier modifier = new AuthenticatorModifier();
+ modifier.setVersionNumber( 5 );
+ modifier.setClientRealm( "EXAMPLE.COM" );
+
+ PrincipalNameModifier clientModifier = new PrincipalNameModifier();
+ clientModifier.addName( "hnelson" );
+ clientModifier.setType( PrincipalNameType.KRB_NT_PRINCIPAL.getOrdinal() );
+
+ modifier.setClientName( clientModifier.getPrincipalName() );
+ modifier.setClientTime( new KerberosTime() );
+ modifier.setClientMicroSecond( 0 );
+
+ EncryptedData encryptedAuthenticator = cipherTextHandler.seal( serverKey, modifier.getAuthenticator(),
+ KeyUsage.NUMBER11 );
+
+ ApplicationRequest apReq = new ApplicationRequest( apOptions, serviceTicket, encryptedAuthenticator );
+
+ String newPassword = "secretsecret";
+
+ PrivateMessage priv = getSetPasswordPrivateMessage( newPassword, subSessionKey, clientModifier
+ .getPrincipalName() );
+
+ ChangePasswordRequest message = new ChangePasswordRequest( ( short ) 0xFF80, apReq, priv );
+
+ handler.messageReceived( session, message );
+
+ ChangePasswordError reply = ( ChangePasswordError ) session.getMessage();
+ ErrorMessage error = reply.getErrorMessage();
+ assertEquals( "Protocol version unsupported", 6, error.getErrorCode() );
+ }
+
+
+ /*
+ * Legacy kpasswd (Change Password) version. User data is the password bytes.
+ */
+ private PrivateMessage getChangePasswordPrivateMessage( String newPassword, EncryptionKey subSessionKey )
+ throws UnsupportedEncodingException, KerberosException, UnknownHostException
+ {
+ // Make private message part.
+ EncKrbPrivPartModifier privPartModifier = new EncKrbPrivPartModifier();
+ privPartModifier.setUserData( newPassword.getBytes( "UTF-8" ) );
+ privPartModifier.setSenderAddress( new HostAddress( InetAddress.getLocalHost() ) );
+ EncKrbPrivPart encReqPrivPart = privPartModifier.getEncKrbPrivPart();
+
+ // Seal private message part.
+ EncryptedData encryptedPrivPart = cipherTextHandler.seal( subSessionKey, encReqPrivPart, KeyUsage.NUMBER13 );
+
+ // Make private message with private message part.
+ PrivateMessage privateMessage = new PrivateMessage();
+ privateMessage.setProtocolVersionNumber( 5 );
+ privateMessage.setMessageType( MessageType.ENC_PRIV_PART );
+ privateMessage.setEncryptedPart( encryptedPrivPart );
+
+ return privateMessage;
+ }
+
+
+ /*
+ * Set/Change Password version. User data is an encoding of the new password and the target principal.
+ */
+ private PrivateMessage getSetPasswordPrivateMessage( String newPassword, EncryptionKey subSessionKey,
+ PrincipalName targetPrincipalName ) throws UnsupportedEncodingException, KerberosException,
+ UnknownHostException, IOException
+ {
+ // Make private message part.
+ EncKrbPrivPartModifier privPartModifier = new EncKrbPrivPartModifier();
+
+ ChangePasswordDataModifier dataModifier = new ChangePasswordDataModifier();
+ dataModifier.setNewPassword( "secretsecret".getBytes() );
+ dataModifier.setTargetName( targetPrincipalName );
+ dataModifier.setTargetRealm( "EXAMPLE.COM" );
+ ChangePasswordData data = dataModifier.getChangePasswdData();
+
+ ChangePasswordDataEncoder encoder = new ChangePasswordDataEncoder();
+ byte[] dataBytes = encoder.encode( data );
+
+ privPartModifier.setUserData( dataBytes );
+
+ privPartModifier.setSenderAddress( new HostAddress( InetAddress.getLocalHost() ) );
+ EncKrbPrivPart encReqPrivPart = privPartModifier.getEncKrbPrivPart();
+
+ // Seal private message part.
+ EncryptedData encryptedPrivPart = cipherTextHandler.seal( subSessionKey, encReqPrivPart, KeyUsage.NUMBER13 );
+
+ // Make private message with private message part.
+ PrivateMessage privateMessage = new PrivateMessage();
+ privateMessage.setProtocolVersionNumber( 5 );
+ privateMessage.setMessageType( MessageType.ENC_PRIV_PART );
+ privateMessage.setEncryptedPart( encryptedPrivPart );
+
+ return privateMessage;
+ }
+
+ private static class DummySession extends BaseIoSession
+ {
+ Object message;
+
+
+ @Override
+ public WriteFuture write( Object message )
+ {
+ this.message = message;
+
+ return super.write( message );
+ }
+
+
+ public Object getMessage()
+ {
+ return message;
+ }
+
+
+ protected void updateTrafficMask()
+ {
+ }
+
+
+ public IoService getService()
+ {
+ return null;
+ }
+
+
+ public IoHandler getHandler()
+ {
+ return null;
+ }
+
+
+ public IoFilterChain getFilterChain()
+ {
+ return null;
+ }
+
+
+ public TransportType getTransportType()
+ {
+ return null;
+ }
+
+
+ public SocketAddress getRemoteAddress()
+ {
+ return new InetSocketAddress( 10464 );
+ }
+
+
+ public SocketAddress getLocalAddress()
+ {
+ return null;
+ }
+
+
+ public IoSessionConfig getConfig()
+ {
+ return null;
+ }
+
+
+ public int getScheduledWriteRequests()
+ {
+ return 0;
+ }
+
+
+ public SocketAddress getServiceAddress()
+ {
+ return null;
+ }
+
+
+ public IoServiceConfig getServiceConfig()
+ {
+ return null;
+ }
+
+
+ public int getScheduledWriteBytes()
+ {
+ return 0;
+ }
+ }
+}
Propchange: directory/apacheds/trunk/protocol-changepw/src/test/java/org/apache/directory/server/changepw/protocol/ChangepwProtocolHandlerTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Added: directory/apacheds/trunk/protocol-changepw/src/test/java/org/apache/directory/server/changepw/protocol/MapPrincipalStoreImpl.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-changepw/src/test/java/org/apache/directory/server/changepw/protocol/MapPrincipalStoreImpl.java?view=auto&rev=557186
==============================================================================
--- directory/apacheds/trunk/protocol-changepw/src/test/java/org/apache/directory/server/changepw/protocol/MapPrincipalStoreImpl.java (added)
+++ directory/apacheds/trunk/protocol-changepw/src/test/java/org/apache/directory/server/changepw/protocol/MapPrincipalStoreImpl.java Wed Jul 18 00:43:24 2007
@@ -0,0 +1,111 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.server.changepw.protocol;
+
+
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.security.auth.kerberos.KerberosPrincipal;
+
+import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
+import org.apache.directory.server.kerberos.shared.crypto.encryption.KerberosKeyFactory;
+import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
+import org.apache.directory.server.kerberos.shared.store.PrincipalStore;
+import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntry;
+import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntryModifier;
+
+
+/**
+ * An implementation of {@link PrincipalStore} that is backed by a {@link Map}. This
+ * store implements both getPrincipal and changePassword, as required by the Set/Change Password
+ * service.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev$, $Date$
+ */
+public class MapPrincipalStoreImpl implements PrincipalStore
+{
+ private static Map<KerberosPrincipal, PrincipalStoreEntry> store = new HashMap<KerberosPrincipal, PrincipalStoreEntry>();
+
+ static
+ {
+ String principalName = "hnelson@EXAMPLE.COM";
+ String passPhrase = "secret";
+
+ PrincipalStoreEntry entry = getEntry( principalName, passPhrase );
+
+ store.put( entry.getPrincipal(), entry );
+
+ principalName = "kadmin/changepw@EXAMPLE.COM";
+ passPhrase = "secret";
+
+ entry = getEntry( principalName, passPhrase );
+
+ store.put( entry.getPrincipal(), entry );
+ }
+
+
+ public PrincipalStoreEntry getPrincipal( KerberosPrincipal principal ) throws Exception
+ {
+ PrincipalStoreEntry entry = store.get( principal );
+
+ return entry;
+ }
+
+
+ public String changePassword( KerberosPrincipal principal, String newPassword ) throws Exception
+ {
+ return principal.getName();
+ }
+
+
+ public String addPrincipal( PrincipalStoreEntry entry ) throws Exception
+ {
+ return null;
+ }
+
+
+ public String deletePrincipal( KerberosPrincipal principal ) throws Exception
+ {
+ return null;
+ }
+
+
+ public PrincipalStoreEntry[] getAllPrincipals( String realm ) throws Exception
+ {
+ return null;
+ }
+
+
+ private static PrincipalStoreEntry getEntry( String principalName, String passPhrase )
+ {
+ KerberosPrincipal clientPrincipal = new KerberosPrincipal( principalName );
+
+ PrincipalStoreEntryModifier modifier = new PrincipalStoreEntryModifier();
+ modifier.setPrincipal( clientPrincipal );
+
+ Map<EncryptionType, EncryptionKey> keyMap = KerberosKeyFactory.getKerberosKeys( principalName, passPhrase );
+
+ modifier.setKeyMap( keyMap );
+
+ return modifier.getEntry();
+ }
+}
Propchange: directory/apacheds/trunk/protocol-changepw/src/test/java/org/apache/directory/server/changepw/protocol/MapPrincipalStoreImpl.java
------------------------------------------------------------------------------
svn:eol-style = native