You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by dr...@apache.org on 2015/01/12 14:06:52 UTC
[44/50] [abbrv] directory-kerberos git commit: Adding missed files
and some clean up
Adding missed files and some clean up
Project: http://git-wip-us.apache.org/repos/asf/directory-kerberos/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerberos/commit/286fabef
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerberos/tree/286fabef
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerberos/diff/286fabef
Branch: refs/heads/master
Commit: 286fabef8525131f992784938eaa974bfcfeef8e
Parents: 3ba4a47
Author: Drankye <dr...@gmail.com>
Authored: Mon Dec 29 06:47:08 2014 +0800
Committer: Drankye <dr...@gmail.com>
Committed: Mon Dec 29 06:47:08 2014 +0800
----------------------------------------------------------------------
haox-kerb/kerb-core-test/pom.xml | 33 +++
.../src/main/resources/aes128-kerberos-data | Bin 0 -> 1712 bytes
.../src/main/resources/aes128-key-data | 1 +
.../src/main/resources/aes128-spnego-data | Bin 0 -> 1778 bytes
.../src/main/resources/aes256-kerberos-data | Bin 0 -> 1744 bytes
.../src/main/resources/aes256-key-data | Bin 0 -> 32 bytes
.../src/main/resources/aes256-spnego-data | Bin 0 -> 1810 bytes
.../src/main/resources/des-kerberos-data | Bin 0 -> 1773 bytes
.../src/main/resources/des-key-data | 1 +
.../src/main/resources/des-pac-data | Bin 0 -> 1072 bytes
.../src/main/resources/des-spnego-data | Bin 0 -> 1839 bytes
.../src/main/resources/exceptions.properties | 39 +++
.../src/main/resources/rc4-kerberos-data | Bin 0 -> 1735 bytes
.../src/main/resources/rc4-key-data | 1 +
.../src/main/resources/rc4-pac-data | Bin 0 -> 1048 bytes
.../src/main/resources/rc4-spnego-data | Bin 0 -> 1801 bytes
.../src/main/resources/server.keytab | Bin 0 -> 387 bytes
.../kerb/codec/kerberos/AuthzDataUtil.java | 48 ++++
.../kerb/codec/kerberos/KerberosApRequest.java | 32 +++
.../kerb/codec/kerberos/KerberosConstants.java | 25 ++
.../codec/kerberos/KerberosCredentials.java | 36 +++
.../kerb/codec/kerberos/KerberosTicket.java | 67 +++++
.../kerb/codec/kerberos/KerberosToken.java | 39 +++
.../kerb/codec/spnego/SpnegoConstants.java | 12 +
.../kerb/codec/spnego/SpnegoInitToken.java | 34 +++
.../kerb/codec/spnego/SpnegoTargToken.java | 22 ++
.../kerberos/kerb/codec/spnego/SpnegoToken.java | 48 ++++
.../kerberos/kerb/codec/test/CodecTest.java | 27 ++
.../kerberos/kerb/codec/test/TestKerberos.java | 248 +++++++++++++++++++
.../kerberos/kerb/codec/test/TestPac.java | 135 ++++++++++
.../kerberos/kerb/codec/test/TestSpnego.java | 153 ++++++++++++
.../kerberos/kerb/crypto/key/DesKeyMaker.java | 121 +--------
32 files changed, 1006 insertions(+), 116 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/286fabef/haox-kerb/kerb-core-test/pom.xml
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core-test/pom.xml b/haox-kerb/kerb-core-test/pom.xml
new file mode 100644
index 0000000..bb7b730
--- /dev/null
+++ b/haox-kerb/kerb-core-test/pom.xml
@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+
+ <parent>
+ <groupId>org.haox</groupId>
+ <artifactId>haox-kerb</artifactId>
+ <version>1.0-SNAPSHOT</version>
+ </parent>
+
+ <artifactId>kerb-core-test</artifactId>
+
+ <name>haox-kerb-coreTest</name>
+ <description>Kerb core tests</description>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.haox</groupId>
+ <artifactId>haox-asn1</artifactId>
+ <version>1.0-SNAPSHOT</version>
+ </dependency>
+ <dependency>
+ <groupId>org.haox</groupId>
+ <artifactId>kerb-core</artifactId>
+ <version>1.0-SNAPSHOT</version>
+ </dependency>
+ <dependency>
+ <groupId>org.haox</groupId>
+ <artifactId>kerb-util</artifactId>
+ <version>1.0-SNAPSHOT</version>
+ </dependency>
+ </dependencies>
+</project>
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/286fabef/haox-kerb/kerb-core-test/src/main/resources/aes128-kerberos-data
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core-test/src/main/resources/aes128-kerberos-data b/haox-kerb/kerb-core-test/src/main/resources/aes128-kerberos-data
new file mode 100644
index 0000000..7f3b582
Binary files /dev/null and b/haox-kerb/kerb-core-test/src/main/resources/aes128-kerberos-data differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/286fabef/haox-kerb/kerb-core-test/src/main/resources/aes128-key-data
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core-test/src/main/resources/aes128-key-data b/haox-kerb/kerb-core-test/src/main/resources/aes128-key-data
new file mode 100644
index 0000000..4ba2540
--- /dev/null
+++ b/haox-kerb/kerb-core-test/src/main/resources/aes128-key-data
@@ -0,0 +1 @@
+�����\���U�s�7�"
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/286fabef/haox-kerb/kerb-core-test/src/main/resources/aes128-spnego-data
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core-test/src/main/resources/aes128-spnego-data b/haox-kerb/kerb-core-test/src/main/resources/aes128-spnego-data
new file mode 100644
index 0000000..13c89e6
Binary files /dev/null and b/haox-kerb/kerb-core-test/src/main/resources/aes128-spnego-data differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/286fabef/haox-kerb/kerb-core-test/src/main/resources/aes256-kerberos-data
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core-test/src/main/resources/aes256-kerberos-data b/haox-kerb/kerb-core-test/src/main/resources/aes256-kerberos-data
new file mode 100644
index 0000000..b7d539f
Binary files /dev/null and b/haox-kerb/kerb-core-test/src/main/resources/aes256-kerberos-data differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/286fabef/haox-kerb/kerb-core-test/src/main/resources/aes256-key-data
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core-test/src/main/resources/aes256-key-data b/haox-kerb/kerb-core-test/src/main/resources/aes256-key-data
new file mode 100644
index 0000000..24792c1
Binary files /dev/null and b/haox-kerb/kerb-core-test/src/main/resources/aes256-key-data differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/286fabef/haox-kerb/kerb-core-test/src/main/resources/aes256-spnego-data
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core-test/src/main/resources/aes256-spnego-data b/haox-kerb/kerb-core-test/src/main/resources/aes256-spnego-data
new file mode 100644
index 0000000..6a7e55c
Binary files /dev/null and b/haox-kerb/kerb-core-test/src/main/resources/aes256-spnego-data differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/286fabef/haox-kerb/kerb-core-test/src/main/resources/des-kerberos-data
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core-test/src/main/resources/des-kerberos-data b/haox-kerb/kerb-core-test/src/main/resources/des-kerberos-data
new file mode 100644
index 0000000..3db6963
Binary files /dev/null and b/haox-kerb/kerb-core-test/src/main/resources/des-kerberos-data differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/286fabef/haox-kerb/kerb-core-test/src/main/resources/des-key-data
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core-test/src/main/resources/des-key-data b/haox-kerb/kerb-core-test/src/main/resources/des-key-data
new file mode 100644
index 0000000..84a0c50
--- /dev/null
+++ b/haox-kerb/kerb-core-test/src/main/resources/des-key-data
@@ -0,0 +1 @@
+��2�^�L�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/286fabef/haox-kerb/kerb-core-test/src/main/resources/des-pac-data
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core-test/src/main/resources/des-pac-data b/haox-kerb/kerb-core-test/src/main/resources/des-pac-data
new file mode 100644
index 0000000..7408111
Binary files /dev/null and b/haox-kerb/kerb-core-test/src/main/resources/des-pac-data differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/286fabef/haox-kerb/kerb-core-test/src/main/resources/des-spnego-data
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core-test/src/main/resources/des-spnego-data b/haox-kerb/kerb-core-test/src/main/resources/des-spnego-data
new file mode 100644
index 0000000..04a56e8
Binary files /dev/null and b/haox-kerb/kerb-core-test/src/main/resources/des-spnego-data differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/286fabef/haox-kerb/kerb-core-test/src/main/resources/exceptions.properties
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core-test/src/main/resources/exceptions.properties b/haox-kerb/kerb-core-test/src/main/resources/exceptions.properties
new file mode 100644
index 0000000..1695c63
--- /dev/null
+++ b/haox-kerb/kerb-core-test/src/main/resources/exceptions.properties
@@ -0,0 +1,39 @@
+object.cast.fail=Unable to cast object from {0} to {1}.
+
+spnego.token.empty=Empty SPNego token.
+spnego.token.invalid=Not a valid SPNego token: {0}.
+spnego.token.malformed=Malformed SPNego token.
+spnego.field.invalid=Not a valid SPNego token field: {0}.
+
+
+kerberos.object.cast=Unable to cast Kerberos object from {0} to {1}.
+kerberos.token.empty=Empty Kerberos token.
+kerberos.token.invalid=Not a Kerberos token.
+kerberos.token.malformed=Malformed Kerberos token.
+kerberos.kdcReq.empty=Empty message.
+kerberos.kdcReq.invalid=Not a KRB_AP_REQ message.
+kerberos.ticket.empty=Empty Kerberos ticket.
+kerberos.ticket.invalid=Not a Kerberos v5 ticket.
+kerberos.ticket.malformed=Malformed Kerberos ticket.
+kerberos.field.invalid=Not a valid Kerberos ticket field: {0}.
+kerberos.field.malformed=Malformed Kerberos ticket field.
+kerberos.key.notfound=Unable to find appropriate key of type {0}.
+kerberos.version.invalid=Invalid version of Kerberos ticket: {0}.
+kerberos.login.fail=Unable to get server keys.
+kerberos.decrypt.fail=Unable to decrypt encrypted data using key of type {0}.
+
+pac.token.empty=Empty PAC token.
+pac.token.malformed=Malformed PAC token.
+pac.logoninfo.malformed=Malformed PAC logon info.
+pac.signature.malformed=Malformed PAC signature.
+pac.signature.invalid=Invalid PAC signature.
+pac.string.notempty=String not empty while expected null.
+pac.string.malformed.size=Inconsistent string lengths.
+pac.string.invalid.size=Inconsistent string size: {1}, expecting {0}.
+pac.groups.invalid.size=Group count ({0}) doesn't match the real number of groups ({1}) in the PAC.
+pac.extrasids.invalid.size=Extra SID count ({0}) doesn't match the real number of extra SID ({1}) in the PAC.
+pac.resourcegroups.invalid.size=Resource group count ({0}) doesn't match the real number of resource groups ({1}) in the PAC.
+pac.sid.malformed.size=Inconsistent SID length.
+pac.subauthority.malformed.size=Incorrect byte array length: {0}; must be multiple of 4.
+pac.version.invalid=Invalid version of PAC token: {0}.
+pac.check.fail=Unable to check PAC signature.
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/286fabef/haox-kerb/kerb-core-test/src/main/resources/rc4-kerberos-data
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core-test/src/main/resources/rc4-kerberos-data b/haox-kerb/kerb-core-test/src/main/resources/rc4-kerberos-data
new file mode 100644
index 0000000..6be7086
Binary files /dev/null and b/haox-kerb/kerb-core-test/src/main/resources/rc4-kerberos-data differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/286fabef/haox-kerb/kerb-core-test/src/main/resources/rc4-key-data
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core-test/src/main/resources/rc4-key-data b/haox-kerb/kerb-core-test/src/main/resources/rc4-key-data
new file mode 100644
index 0000000..64f9d9c
--- /dev/null
+++ b/haox-kerb/kerb-core-test/src/main/resources/rc4-key-data
@@ -0,0 +1 @@
+l�܇y#�l�mv��k�
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/286fabef/haox-kerb/kerb-core-test/src/main/resources/rc4-pac-data
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core-test/src/main/resources/rc4-pac-data b/haox-kerb/kerb-core-test/src/main/resources/rc4-pac-data
new file mode 100644
index 0000000..df45f91
Binary files /dev/null and b/haox-kerb/kerb-core-test/src/main/resources/rc4-pac-data differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/286fabef/haox-kerb/kerb-core-test/src/main/resources/rc4-spnego-data
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core-test/src/main/resources/rc4-spnego-data b/haox-kerb/kerb-core-test/src/main/resources/rc4-spnego-data
new file mode 100644
index 0000000..91cbe26
Binary files /dev/null and b/haox-kerb/kerb-core-test/src/main/resources/rc4-spnego-data differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/286fabef/haox-kerb/kerb-core-test/src/main/resources/server.keytab
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core-test/src/main/resources/server.keytab b/haox-kerb/kerb-core-test/src/main/resources/server.keytab
new file mode 100644
index 0000000..b44347c
Binary files /dev/null and b/haox-kerb/kerb-core-test/src/main/resources/server.keytab differ
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/286fabef/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/kerberos/AuthzDataUtil.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/kerberos/AuthzDataUtil.java b/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/kerberos/AuthzDataUtil.java
new file mode 100644
index 0000000..da2a610
--- /dev/null
+++ b/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/kerberos/AuthzDataUtil.java
@@ -0,0 +1,48 @@
+package org.apache.kerberos.kerb.codec.kerberos;
+
+import org.apache.kerberos.kerb.KrbException;
+import org.apache.kerberos.kerb.codec.pac.Pac;
+import org.apache.kerberos.kerb.spec.common.AuthorizationData;
+import org.apache.kerberos.kerb.spec.common.AuthorizationDataEntry;
+import org.apache.kerberos.kerb.spec.common.AuthorizationType;
+
+import java.io.IOException;
+import java.util.List;
+
+public class AuthzDataUtil {
+
+ public static Pac getPac(AuthorizationData authzData, byte[] serverKey) throws IOException, KrbException {
+ AuthorizationDataEntry ifRelevantAd = null;
+ for (AuthorizationDataEntry entry : authzData.getElements()) {
+ if (entry.getAuthzType() == AuthorizationType.AD_IF_RELEVANT) {
+ ifRelevantAd = entry;
+ break;
+ }
+ }
+
+ if (ifRelevantAd != null) {
+ List<AuthorizationDataEntry> entries = decode(ifRelevantAd);
+ for (AuthorizationDataEntry entry : entries) {
+ if (entry.getAuthzType() == AuthorizationType.AD_WIN2K_PAC) {
+ return decodeAsPac(entry, serverKey);
+ }
+ }
+ }
+
+ return null;
+ }
+
+ public static List<AuthorizationDataEntry> decode(AuthorizationDataEntry entry) throws IOException {
+ AuthorizationData authzData = new AuthorizationData();
+ authzData.decode(entry.getAuthzData());
+ return authzData.getElements();
+ }
+
+ public static Pac decodeAsPac(AuthorizationDataEntry entry, byte[] key) throws IOException, KrbException {
+ if (entry.getAuthzType() != AuthorizationType.AD_WIN2K_PAC) {
+ throw new IllegalArgumentException("Not AD_WIN2K_PAC type: " + entry.getAuthzType().name());
+ }
+
+ return new Pac(entry.getAuthzData(), key);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/286fabef/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/kerberos/KerberosApRequest.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/kerberos/KerberosApRequest.java b/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/kerberos/KerberosApRequest.java
new file mode 100644
index 0000000..61eb109
--- /dev/null
+++ b/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/kerberos/KerberosApRequest.java
@@ -0,0 +1,32 @@
+package org.apache.kerberos.kerb.codec.kerberos;
+
+
+import org.apache.kerberos.kerb.KrbException;
+import org.apache.kerberos.kerb.codec.KrbCodec;
+import org.apache.kerberos.kerb.spec.ap.ApOptions;
+import org.apache.kerberos.kerb.spec.ap.ApReq;
+import org.apache.kerberos.kerb.spec.common.EncryptionKey;
+
+import java.io.IOException;
+
+public class KerberosApRequest {
+ private ApReq apReq;
+ private KerberosTicket ticket;
+
+ public KerberosApRequest(byte[] token, EncryptionKey key) throws Exception {
+ if(token.length <= 0) {
+ throw new IOException("kerberos request empty");
+ }
+
+ apReq = KrbCodec.decode(token, ApReq.class);
+ ticket = new KerberosTicket(apReq.getTicket(), apReq.getApOptions(), key);
+ }
+
+ public ApOptions getApOptions() throws KrbException {
+ return apReq.getApOptions();
+ }
+
+ public KerberosTicket getTicket() {
+ return ticket;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/286fabef/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/kerberos/KerberosConstants.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/kerberos/KerberosConstants.java b/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/kerberos/KerberosConstants.java
new file mode 100644
index 0000000..52d4a8e
--- /dev/null
+++ b/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/kerberos/KerberosConstants.java
@@ -0,0 +1,25 @@
+package org.apache.kerberos.kerb.codec.kerberos;
+
+public interface KerberosConstants {
+
+ static final String KERBEROS_OID = "1.2.840.113554.1.2.2";
+ static final String KERBEROS_VERSION = "5";
+
+ static final String KERBEROS_AP_REQ = "14";
+
+ static final int AF_INTERNET = 2;
+ static final int AF_CHANET = 5;
+ static final int AF_XNS = 6;
+ static final int AF_ISO = 7;
+
+ static final int AUTH_DATA_RELEVANT = 1;
+ static final int AUTH_DATA_PAC = 128;
+
+ static final int DES_ENC_TYPE = 3;
+ static final int RC4_ENC_TYPE = 23;
+ static final String RC4_ALGORITHM = "ARCFOUR";
+ static final String HMAC_ALGORITHM = "HmacMD5";
+ static final int CONFOUNDER_SIZE = 8;
+ static final int CHECKSUM_SIZE = 16;
+
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/286fabef/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/kerberos/KerberosCredentials.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/kerberos/KerberosCredentials.java b/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/kerberos/KerberosCredentials.java
new file mode 100644
index 0000000..1d0acdb
--- /dev/null
+++ b/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/kerberos/KerberosCredentials.java
@@ -0,0 +1,36 @@
+package org.apache.kerberos.kerb.codec.kerberos;
+
+import org.apache.kerberos.kerb.keytab.Keytab;
+import org.apache.kerberos.kerb.keytab.KeytabEntry;
+import org.apache.kerberos.kerb.spec.common.EncryptionKey;
+import org.apache.kerberos.kerb.spec.common.EncryptionType;
+import org.apache.kerberos.kerb.spec.common.PrincipalName;
+
+import java.io.IOException;
+import java.io.InputStream;
+
+public class KerberosCredentials {
+
+ private static Keytab keytab;
+
+ private static void init() throws IOException {
+ InputStream kis = KerberosCredentials.class.getResourceAsStream("/server.keytab");
+ keytab = new Keytab();
+ keytab.load(kis);
+ }
+
+ public static EncryptionKey getServerKey(EncryptionType etype) throws IOException {
+ if (keytab == null) {
+ init();
+ }
+
+ for (PrincipalName principal : keytab.getPrincipals()) {
+ for (KeytabEntry entry : keytab.getKeytabEntries(principal)) {
+ if (entry.getKey().getKeyType() == etype) {
+ return entry.getKey();
+ }
+ }
+ }
+ return null;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/286fabef/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/kerberos/KerberosTicket.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/kerberos/KerberosTicket.java b/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/kerberos/KerberosTicket.java
new file mode 100644
index 0000000..66ed831
--- /dev/null
+++ b/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/kerberos/KerberosTicket.java
@@ -0,0 +1,67 @@
+package org.apache.kerberos.kerb.codec.kerberos;
+
+import org.apache.kerberos.kerb.KrbException;
+import org.apache.kerberos.kerb.codec.KrbCodec;
+import org.apache.kerberos.kerb.crypto.EncryptionHandler;
+import org.apache.kerberos.kerb.spec.ap.ApOptions;
+import org.apache.kerberos.kerb.spec.common.AuthorizationData;
+import org.apache.kerberos.kerb.spec.common.EncryptedData;
+import org.apache.kerberos.kerb.spec.common.EncryptionKey;
+import org.apache.kerberos.kerb.spec.common.KeyUsage;
+import org.apache.kerberos.kerb.spec.ticket.EncTicketPart;
+import org.apache.kerberos.kerb.spec.ticket.Ticket;
+
+import java.util.Arrays;
+
+public class KerberosTicket {
+ private String serverPrincipalName;
+ private String serverRealm;
+ private Ticket ticket;
+
+ public KerberosTicket(Ticket ticket, ApOptions apOptions, EncryptionKey key)
+ throws Exception {
+ this.ticket = ticket;
+
+ byte[] decrypted = EncryptionHandler.decrypt(
+ ticket.getEncryptedEncPart(), key, KeyUsage.KDC_REP_TICKET);
+
+ EncTicketPart encPart = KrbCodec.decode(decrypted, EncTicketPart.class);
+ ticket.setEncPart(encPart);
+
+ /**
+ * Also test encryption by the way
+ */
+ EncryptedData encrypted = EncryptionHandler.encrypt(
+ decrypted, key, KeyUsage.KDC_REP_TICKET);
+
+ byte[] decrypted2 = EncryptionHandler.decrypt(
+ encrypted, key, KeyUsage.KDC_REP_TICKET);
+ if (!Arrays.equals(decrypted, decrypted2)) {
+ throw new KrbException("Encryption checking failed after decryption");
+ }
+ }
+
+ public String getUserPrincipalName() throws KrbException {
+ return ticket.getEncPart().getCname().getName();
+ }
+
+ public String getUserRealm() throws KrbException {
+ return ticket.getEncPart().getCrealm();
+ }
+
+ public String getServerPrincipalName() throws KrbException {
+ return ticket.getSname().getName();
+ }
+
+ public String getServerRealm() throws KrbException {
+ return ticket.getRealm();
+ }
+
+ public AuthorizationData getAuthorizationData() throws KrbException {
+ return ticket.getEncPart().getAuthorizationData();
+ }
+
+ public Ticket getTicket() {
+ return ticket;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/286fabef/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/kerberos/KerberosToken.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/kerberos/KerberosToken.java b/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/kerberos/KerberosToken.java
new file mode 100644
index 0000000..8398f74
--- /dev/null
+++ b/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/kerberos/KerberosToken.java
@@ -0,0 +1,39 @@
+package org.apache.kerberos.kerb.codec.kerberos;
+
+import org.apache.haox.asn1.Asn1InputBuffer;
+import org.apache.haox.asn1.type.Asn1Item;
+import org.apache.kerberos.kerb.spec.common.EncryptionKey;
+
+import java.io.IOException;
+
+public class KerberosToken {
+
+ private KerberosApRequest apRequest;
+
+ public KerberosToken(byte[] token) throws Exception {
+ this(token, null);
+ }
+
+ public KerberosToken(byte[] token, EncryptionKey key) throws Exception {
+
+ if(token.length <= 0)
+ throw new IOException("kerberos.token.empty");
+
+ Asn1InputBuffer buffer = new Asn1InputBuffer(token);
+
+ Asn1Item value = (Asn1Item) buffer.read();
+ if(! value.isAppSpecific() && ! value.isConstructed())
+ throw new IOException("kerberos.token.malformed");
+
+ buffer = new Asn1InputBuffer(value.getBodyContent());
+ buffer.skipNext();
+
+ buffer.skipBytes(2);
+
+ apRequest = new KerberosApRequest(buffer.readAllLeftBytes(), key);
+ }
+
+ public KerberosApRequest getApRequest() {
+ return apRequest;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/286fabef/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/spnego/SpnegoConstants.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/spnego/SpnegoConstants.java b/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/spnego/SpnegoConstants.java
new file mode 100644
index 0000000..2bf0116
--- /dev/null
+++ b/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/spnego/SpnegoConstants.java
@@ -0,0 +1,12 @@
+package org.apache.kerberos.kerb.codec.spnego;
+
+public interface SpnegoConstants {
+
+ static final String SPNEGO_MECHANISM = "1.3.6.1.5.5.2";
+ static final String KERBEROS_MECHANISM = "1.2.840.113554.1.2.2";
+ static final String LEGACY_KERBEROS_MECHANISM = "1.2.840.48018.1.2.2";
+ static final String NTLMSSP_MECHANISM = "1.3.6.1.4.1.311.2.2.10";
+
+ static final String SPNEGO_OID = SPNEGO_MECHANISM;
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/286fabef/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/spnego/SpnegoInitToken.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/spnego/SpnegoInitToken.java b/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/spnego/SpnegoInitToken.java
new file mode 100644
index 0000000..7faf764
--- /dev/null
+++ b/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/spnego/SpnegoInitToken.java
@@ -0,0 +1,34 @@
+package org.apache.kerberos.kerb.codec.spnego;
+
+import java.io.IOException;
+
+public class SpnegoInitToken extends SpnegoToken {
+
+ public static final int DELEGATION = 0x40;
+ public static final int MUTUAL_AUTHENTICATION = 0x20;
+ public static final int REPLAY_DETECTION = 0x10;
+ public static final int SEQUENCE_CHECKING = 0x08;
+ public static final int ANONYMITY = 0x04;
+ public static final int CONFIDENTIALITY = 0x02;
+ public static final int INTEGRITY = 0x01;
+
+ private String[] mechanisms;
+ private int contextFlags;
+
+ public SpnegoInitToken(byte[] token) throws IOException {
+
+ }
+
+ public int getContextFlags() {
+ return contextFlags;
+ }
+
+ public boolean getContextFlag(int flag) {
+ return (getContextFlags() & flag) == flag;
+ }
+
+ public String[] getMechanisms() {
+ return mechanisms;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/286fabef/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/spnego/SpnegoTargToken.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/spnego/SpnegoTargToken.java b/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/spnego/SpnegoTargToken.java
new file mode 100644
index 0000000..5255649
--- /dev/null
+++ b/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/spnego/SpnegoTargToken.java
@@ -0,0 +1,22 @@
+package org.apache.kerberos.kerb.codec.spnego;
+
+import java.io.IOException;
+
+public class SpnegoTargToken extends SpnegoToken {
+
+ public static final int UNSPECIFIED_RESULT = -1;
+ public static final int ACCEPT_COMPLETED = 0;
+ public static final int ACCEPT_INCOMPLETE = 1;
+ public static final int REJECTED = 2;
+
+ private int result = UNSPECIFIED_RESULT;
+
+ public SpnegoTargToken(byte[] token) throws IOException {
+
+ }
+
+ public int getResult() {
+ return result;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/286fabef/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/spnego/SpnegoToken.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/spnego/SpnegoToken.java b/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/spnego/SpnegoToken.java
new file mode 100644
index 0000000..65ed48e
--- /dev/null
+++ b/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/spnego/SpnegoToken.java
@@ -0,0 +1,48 @@
+package org.apache.kerberos.kerb.codec.spnego;
+
+import java.io.IOException;
+
+public abstract class SpnegoToken {
+
+ // Default max size as 65K
+ public static int TOKEN_MAX_SIZE = 66560;
+
+ protected byte[] mechanismToken;
+ protected byte[] mechanismList;
+ protected String mechanism;
+
+ public static SpnegoToken parse(byte[] token) throws IOException {
+ SpnegoToken spnegoToken = null;
+
+ if(token.length <= 0)
+ throw new IOException("spnego.token.empty");
+
+ switch (token[0]) {
+ case (byte)0x60:
+ spnegoToken = new SpnegoInitToken(token);
+ break;
+ case (byte)0xa1:
+ spnegoToken = new SpnegoTargToken(token);
+ break;
+ default:
+ spnegoToken = null;
+ Object[] args = new Object[]{token[0]};
+ throw new IOException("spnego.token.invalid");
+ }
+
+ return spnegoToken;
+ }
+
+ public byte[] getMechanismToken() {
+ return mechanismToken;
+ }
+
+ public byte[] getMechanismList() {
+ return mechanismList;
+ }
+
+ public String getMechanism() {
+ return mechanism;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/286fabef/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/test/CodecTest.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/test/CodecTest.java b/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/test/CodecTest.java
new file mode 100644
index 0000000..9c1d1ca
--- /dev/null
+++ b/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/test/CodecTest.java
@@ -0,0 +1,27 @@
+package org.apache.kerberos.kerb.codec.test;
+
+import junit.framework.Assert;
+import org.apache.kerberos.kerb.KrbException;
+import org.apache.kerberos.kerb.codec.KrbCodec;
+import org.apache.kerberos.kerb.spec.common.CheckSum;
+import org.apache.kerberos.kerb.spec.common.CheckSumType;
+import org.junit.Test;
+
+import java.util.Arrays;
+
+public class CodecTest {
+
+ @Test
+ public void testCodec() throws KrbException {
+ CheckSum mcs = new CheckSum();
+ mcs.setCksumtype(CheckSumType.CRC32);
+ mcs.setChecksum(new byte[] {0x10});
+ byte[] bytes = KrbCodec.encode(mcs);
+ Assert.assertNotNull(bytes);
+
+ CheckSum restored = KrbCodec.decode(bytes, CheckSum.class);
+ Assert.assertNotNull(restored);
+ Assert.assertEquals(mcs.getCksumtype(), restored.getCksumtype());
+ Assert.assertTrue(Arrays.equals(mcs.getChecksum(), restored.getChecksum()));
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/286fabef/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/test/TestKerberos.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/test/TestKerberos.java b/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/test/TestKerberos.java
new file mode 100644
index 0000000..ef1643c
--- /dev/null
+++ b/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/test/TestKerberos.java
@@ -0,0 +1,248 @@
+package org.apache.kerberos.kerb.codec.test;
+
+import org.apache.kerberos.kerb.codec.kerberos.AuthzDataUtil;
+import org.apache.kerberos.kerb.codec.kerberos.KerberosCredentials;
+import org.apache.kerberos.kerb.codec.kerberos.KerberosTicket;
+import org.apache.kerberos.kerb.codec.kerberos.KerberosToken;
+import org.apache.kerberos.kerb.codec.pac.Pac;
+import org.apache.kerberos.kerb.codec.pac.PacLogonInfo;
+import org.apache.kerberos.kerb.codec.pac.PacSid;
+import org.apache.kerberos.kerb.spec.common.AuthorizationData;
+import org.apache.kerberos.kerb.spec.common.EncryptionKey;
+import org.apache.kerberos.kerb.spec.common.EncryptionType;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.ArrayList;
+import java.util.List;
+
+public class TestKerberos {
+
+ private byte[] rc4Token;
+ private byte[] desToken;
+ private byte[] aes128Token;
+ private byte[] aes256Token;
+ private byte[] corruptToken;
+ private EncryptionKey rc4Key;
+ private EncryptionKey desKey;
+ private EncryptionKey aes128Key;
+ private EncryptionKey aes256Key;
+ private EncryptionKey corruptKey;
+
+ @Before
+ public void setUp() throws IOException {
+ InputStream file;
+ byte[] keyData;
+
+ file = this.getClass().getClassLoader().getResourceAsStream("rc4-kerberos-data");
+ rc4Token = new byte[file.available()];
+ file.read(rc4Token);
+ file.close();
+
+ file = this.getClass().getClassLoader().getResourceAsStream("des-kerberos-data");
+ desToken = new byte[file.available()];
+ file.read(desToken);
+ file.close();
+
+ file = this.getClass().getClassLoader().getResourceAsStream("aes128-kerberos-data");
+ aes128Token = new byte[file.available()];
+ file.read(aes128Token);
+ file.close();
+
+ file = this.getClass().getClassLoader().getResourceAsStream("aes256-kerberos-data");
+ aes256Token = new byte[file.available()];
+ file.read(aes256Token);
+ file.close();
+
+ corruptToken = new byte[]{1, 2, 3, 4, 5, 6};
+
+ file = this.getClass().getClassLoader().getResourceAsStream("rc4-key-data");
+ keyData = new byte[file.available()];
+ file.read(keyData);
+ rc4Key = new EncryptionKey(23, keyData, 2);
+ file.close();
+
+ file = this.getClass().getClassLoader().getResourceAsStream("des-key-data");
+ keyData = new byte[file.available()];
+ file.read(keyData);
+ desKey = new EncryptionKey(3, keyData, 2);
+ file.close();
+
+ file = this.getClass().getClassLoader().getResourceAsStream("aes128-key-data");
+ keyData = new byte[file.available()];
+ file.read(keyData);
+ aes128Key = new EncryptionKey(17, keyData, 2);
+ file.close();
+
+ file = this.getClass().getClassLoader().getResourceAsStream("aes256-key-data");
+ keyData = new byte[file.available()];
+ file.read(keyData);
+ aes256Key = new EncryptionKey(18, keyData, 2);
+ file.close();
+
+ corruptKey = new EncryptionKey(23, new byte[]{5, 4, 2, 1, 5, 4, 2, 1, 3}, 2);
+ }
+
+ @Test
+ public void testRc4Ticket() throws Exception {
+ KerberosToken token = new KerberosToken(rc4Token, rc4Key);
+
+ Assert.assertNotNull(token);
+ Assert.assertNotNull(token.getApRequest());
+
+ KerberosTicket ticket = token.getApRequest().getTicket();
+ Assert.assertNotNull(ticket);
+ Assert.assertEquals("HTTP/server.test.domain.com", ticket.getServerPrincipalName());
+ Assert.assertEquals("DOMAIN.COM", ticket.getServerRealm());
+ Assert.assertEquals("user.test", ticket.getUserPrincipalName());
+ Assert.assertEquals("DOMAIN.COM", ticket.getUserRealm());
+ }
+
+ @Test
+ public void testDesTicket() throws Exception {
+ KerberosToken token = new KerberosToken(desToken, desKey);
+
+ Assert.assertNotNull(token);
+ Assert.assertNotNull(token.getApRequest());
+
+ KerberosTicket ticket = token.getApRequest().getTicket();
+ Assert.assertNotNull(ticket);
+ Assert.assertEquals("HTTP/server.test.domain.com", ticket.getServerPrincipalName());
+ Assert.assertEquals("DOMAIN.COM", ticket.getServerRealm());
+ Assert.assertEquals("user.test@domain.com", ticket.getUserPrincipalName());
+ Assert.assertEquals("DOMAIN.COM", ticket.getUserRealm());
+ }
+
+ @Test
+ public void testAes128Ticket() throws Exception {
+ KerberosToken token = null;
+ token = new KerberosToken(aes128Token, aes128Key);
+
+ Assert.assertNotNull(token);
+ Assert.assertNotNull(token.getApRequest());
+
+ KerberosTicket ticket = token.getApRequest().getTicket();
+ Assert.assertNotNull(ticket);
+ Assert.assertEquals("HTTP/server.test.domain.com", ticket.getServerPrincipalName());
+ Assert.assertEquals("DOMAIN.COM", ticket.getServerRealm());
+ Assert.assertEquals("user.test", ticket.getUserPrincipalName());
+ Assert.assertEquals("DOMAIN.COM", ticket.getUserRealm());
+ }
+
+ @Test
+ public void testAes256Ticket() throws Exception {
+ KerberosToken token = null;
+ token = new KerberosToken(aes256Token, aes256Key);
+
+ Assert.assertNotNull(token);
+ Assert.assertNotNull(token.getApRequest());
+
+ KerberosTicket ticket = token.getApRequest().getTicket();
+ Assert.assertNotNull(ticket);
+ Assert.assertEquals("HTTP/server.test.domain.com", ticket.getServerPrincipalName());
+ Assert.assertEquals("DOMAIN.COM", ticket.getServerRealm());
+ Assert.assertEquals("user.test", ticket.getUserPrincipalName());
+ Assert.assertEquals("DOMAIN.COM", ticket.getUserRealm());
+ }
+
+ @Test
+ public void testCorruptTicket() {
+ KerberosToken token = null;
+ try {
+ token = new KerberosToken(corruptToken, rc4Key);
+ Assert.fail("Should have thrown Exception.");
+ } catch(Exception e) {
+ Assert.assertNotNull(e);
+ Assert.assertNull(token);
+ }
+ }
+
+ @Test
+ public void testEmptyTicket() {
+ KerberosToken token = null;
+ try {
+ token = new KerberosToken(new byte[0], rc4Key);
+ Assert.fail("Should have thrown Exception.");
+ } catch(Exception e) {
+ Assert.assertNotNull(e);
+ Assert.assertNull(token);
+ }
+ }
+
+ @Test
+ public void testNullTicket() throws Exception {
+ KerberosToken token = null;
+ try {
+ token = new KerberosToken(null, rc4Key);
+ Assert.fail("Should have thrown NullPointerException.");
+ } catch(IOException e) {
+ e.printStackTrace();
+ Assert.fail(e.getMessage());
+ } catch(NullPointerException e) {
+ Assert.assertNotNull(e);
+ Assert.assertNull(token);
+ }
+ }
+
+ @Test
+ public void testCorruptKey() {
+ KerberosToken token = null;
+ try {
+ token = new KerberosToken(rc4Token, corruptKey);
+ Assert.fail("Should have thrown Exception.");
+ } catch(Exception e) {
+ Assert.assertNotNull(e);
+ Assert.assertNull(token);
+ }
+ }
+
+ @Test
+ public void testNoMatchingKey() {
+ KerberosToken token = null;
+ try {
+ token = new KerberosToken(rc4Token, desKey);
+ Assert.fail("Should have thrown Exception.");
+ } catch(Exception e) {
+ Assert.assertNotNull(e);
+ Assert.assertNull(token);
+ }
+ }
+
+ @Test
+ public void testKerberosPac() throws Exception {
+ KerberosToken token = new KerberosToken(rc4Token, rc4Key);
+
+ Assert.assertNotNull(token);
+ Assert.assertNotNull(token.getApRequest());
+
+ KerberosTicket ticket = token.getApRequest().getTicket();
+ Assert.assertNotNull(ticket);
+
+ AuthorizationData authzData = ticket.getAuthorizationData();
+ Assert.assertNotNull(authzData);
+ Assert.assertTrue(authzData.getElements().size() > 0);
+
+ EncryptionType eType = ticket.getTicket().getEncPart().getKey().getKeyType();
+ Pac pac = AuthzDataUtil.getPac(authzData,
+ KerberosCredentials.getServerKey(eType).getKeyData());
+ Assert.assertNotNull(pac);
+
+ PacLogonInfo logonInfo = pac.getLogonInfo();
+ Assert.assertNotNull(logonInfo);
+
+ List<String> sids = new ArrayList<String>();
+ if(logonInfo.getGroupSid() != null)
+ sids.add(logonInfo.getGroupSid().toString());
+ for(PacSid pacSid : logonInfo.getGroupSids())
+ sids.add(pacSid.toString());
+ for(PacSid pacSid : logonInfo.getExtraSids())
+ sids.add(pacSid.toString());
+ for(PacSid pacSid : logonInfo.getResourceGroupSids())
+ sids.add(pacSid.toString());
+
+ Assert.assertEquals(ticket.getUserPrincipalName(), logonInfo.getUserName());
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/286fabef/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/test/TestPac.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/test/TestPac.java b/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/test/TestPac.java
new file mode 100644
index 0000000..37cbeca
--- /dev/null
+++ b/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/test/TestPac.java
@@ -0,0 +1,135 @@
+package org.apache.kerberos.kerb.codec.test;
+
+import org.apache.kerberos.kerb.KrbException;
+import org.apache.kerberos.kerb.codec.pac.Pac;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+
+import java.io.IOException;
+import java.io.InputStream;
+
+public class TestPac {
+
+ private byte[] rc4Data;
+ private byte[] desData;
+ private byte[] corruptData;
+ private byte[] rc4Key;
+ private byte[] desKey;
+ private byte[] corruptKey;
+
+ @Before
+ public void setUp() throws IOException {
+ InputStream file;
+ byte[] keyData;
+
+ file = this.getClass().getClassLoader().getResourceAsStream("rc4-pac-data");
+ rc4Data = new byte[file.available()];
+ file.read(rc4Data);
+ file.close();
+
+ file = this.getClass().getClassLoader().getResourceAsStream("des-pac-data");
+ desData = new byte[file.available()];
+ file.read(desData);
+ file.close();
+
+ corruptData = new byte[]{5, 4, 2, 1, 5, 4, 2, 1, 3};
+
+ file = this.getClass().getClassLoader().getResourceAsStream("rc4-key-data");
+ keyData = new byte[file.available()];
+ file.read(keyData);
+ rc4Key = keyData;
+ file.close();
+
+ file = this.getClass().getClassLoader().getResourceAsStream("des-key-data");
+ keyData = new byte[file.available()];
+ file.read(keyData);
+ desKey = keyData;
+ file.close();
+
+ corruptKey = new byte[]{5, 4, 2, 1, 5, 4, 2, 1, 3};
+ }
+
+ @Test
+ public void testRc4Pac() throws KrbException {
+ Pac pac = new Pac(rc4Data, rc4Key);
+
+ Assert.assertNotNull(pac);
+ Assert.assertNotNull(pac.getLogonInfo());
+
+ Assert.assertEquals("user.test", pac.getLogonInfo().getUserName());
+ Assert.assertEquals("User Test", pac.getLogonInfo().getUserDisplayName());
+ Assert.assertEquals(0, pac.getLogonInfo().getBadPasswordCount());
+ Assert.assertEquals(32, pac.getLogonInfo().getUserFlags());
+ Assert.assertEquals(46, pac.getLogonInfo().getLogonCount());
+ Assert.assertEquals("DOMAIN", pac.getLogonInfo().getDomainName());
+ Assert.assertEquals("WS2008", pac.getLogonInfo().getServerName());
+ }
+
+ @Test
+ public void testDesPac() throws KrbException {
+ Pac pac = new Pac(desData, desKey);
+
+ Assert.assertNotNull(pac);
+ Assert.assertNotNull(pac.getLogonInfo());
+
+ Assert.assertEquals("user.test", pac.getLogonInfo().getUserName());
+ Assert.assertEquals("User Test", pac.getLogonInfo().getUserDisplayName());
+ Assert.assertEquals(0, pac.getLogonInfo().getBadPasswordCount());
+ Assert.assertEquals(32, pac.getLogonInfo().getUserFlags());
+ Assert.assertEquals(48, pac.getLogonInfo().getLogonCount());
+ Assert.assertEquals("DOMAIN", pac.getLogonInfo().getDomainName());
+ Assert.assertEquals("WS2008", pac.getLogonInfo().getServerName());
+ }
+
+ @Test
+ public void testCorruptPac() {
+ Pac pac = null;
+ try {
+ pac = new Pac(corruptData, rc4Key);
+ Assert.fail("Should have thrown KrbException.");
+ } catch(KrbException e) {
+ Assert.assertNotNull(e);
+ Assert.assertNull(pac);
+ }
+ }
+
+ @Test
+ public void testEmptyPac() {
+ Pac pac = null;
+ try {
+ pac = new Pac(new byte[0], rc4Key);
+ Assert.fail("Should have thrown KrbException.");
+ } catch(KrbException e) {
+ Assert.assertNotNull(e);
+ Assert.assertNull(pac);
+ }
+ }
+
+ @Test
+ public void testNullPac() {
+ Pac pac = null;
+ try {
+ pac = new Pac(null, rc4Key);
+ Assert.fail("Should have thrown NullPointerException.");
+ } catch(KrbException e) {
+ e.printStackTrace();
+ Assert.fail(e.getMessage());
+ } catch(NullPointerException e) {
+ Assert.assertNotNull(e);
+ Assert.assertNull(pac);
+ }
+ }
+
+ @Test
+ public void testCorruptKey() {
+ Pac pac = null;
+ try {
+ pac = new Pac(rc4Data, corruptKey);
+ Assert.fail("Should have thrown KrbException.");
+ } catch(KrbException e) {
+ Assert.assertNotNull(e);
+ Assert.assertNull(pac);
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/286fabef/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/test/TestSpnego.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/test/TestSpnego.java b/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/test/TestSpnego.java
new file mode 100644
index 0000000..46e3099
--- /dev/null
+++ b/haox-kerb/kerb-core-test/src/test/java/org/apache/kerberos/kerb/codec/test/TestSpnego.java
@@ -0,0 +1,153 @@
+package org.apache.kerberos.kerb.codec.test;
+
+import org.apache.kerberos.kerb.codec.spnego.SpnegoConstants;
+import org.apache.kerberos.kerb.codec.spnego.SpnegoInitToken;
+import org.apache.kerberos.kerb.codec.spnego.SpnegoToken;
+import org.junit.Assert;
+
+import java.io.IOException;
+import java.io.InputStream;
+
+public class TestSpnego {
+
+ private byte[] rc4Token;
+ private byte[] desToken;
+ private byte[] aes128Token;
+ private byte[] aes256Token;
+ private byte[] corruptToken;
+
+ //@Before
+ public void setUp() throws IOException {
+ InputStream file;
+
+ file = this.getClass().getClassLoader().getResourceAsStream("rc4-spnego-data");
+ rc4Token = new byte[file.available()];
+ file.read(rc4Token);
+ file.close();
+
+ file = this.getClass().getClassLoader().getResourceAsStream("des-spnego-data");
+ desToken = new byte[file.available()];
+ file.read(desToken);
+ file.close();
+
+ file = this.getClass().getClassLoader().getResourceAsStream("aes128-spnego-data");
+ aes128Token = new byte[file.available()];
+ file.read(aes128Token);
+ file.close();
+
+ file = this.getClass().getClassLoader().getResourceAsStream("aes256-spnego-data");
+ aes256Token = new byte[file.available()];
+ file.read(aes256Token);
+ file.close();
+
+ corruptToken = new byte[]{5, 4, 2, 1};
+ }
+
+ //@Test
+ public void testRc4Token() {
+ try {
+ SpnegoToken spnegoToken = SpnegoToken.parse(rc4Token);
+
+ Assert.assertNotNull(spnegoToken);
+ Assert.assertTrue(spnegoToken instanceof SpnegoInitToken);
+ Assert.assertNotNull(spnegoToken.getMechanismToken());
+ Assert.assertTrue(spnegoToken.getMechanismToken().length < rc4Token.length);
+ Assert.assertNotNull(spnegoToken.getMechanism());
+ Assert.assertEquals(SpnegoConstants.LEGACY_KERBEROS_MECHANISM, spnegoToken.getMechanism());
+ } catch(IOException e) {
+ e.printStackTrace();
+ Assert.fail(e.getMessage());
+ }
+ }
+
+ //@Test
+ public void testDesToken() {
+ try {
+ SpnegoToken spnegoToken = SpnegoToken.parse(desToken);
+
+ Assert.assertNotNull(spnegoToken);
+ Assert.assertTrue(spnegoToken instanceof SpnegoInitToken);
+ Assert.assertNotNull(spnegoToken.getMechanismToken());
+ Assert.assertTrue(spnegoToken.getMechanismToken().length < desToken.length);
+ Assert.assertNotNull(spnegoToken.getMechanism());
+ Assert.assertEquals(SpnegoConstants.LEGACY_KERBEROS_MECHANISM, spnegoToken.getMechanism());
+ } catch(IOException e) {
+ e.printStackTrace();
+ Assert.fail(e.getMessage());
+ }
+ }
+
+ //@Test
+ public void testAes128Token() {
+ try {
+ SpnegoToken spnegoToken = SpnegoToken.parse(aes128Token);
+
+ Assert.assertNotNull(spnegoToken);
+ Assert.assertTrue(spnegoToken instanceof SpnegoInitToken);
+ Assert.assertNotNull(spnegoToken.getMechanismToken());
+ Assert.assertTrue(spnegoToken.getMechanismToken().length < aes128Token.length);
+ Assert.assertNotNull(spnegoToken.getMechanism());
+ Assert.assertEquals(SpnegoConstants.LEGACY_KERBEROS_MECHANISM, spnegoToken.getMechanism());
+ } catch(IOException e) {
+ e.printStackTrace();
+ Assert.fail(e.getMessage());
+ }
+ }
+
+ //@Test
+ public void testAes256Token() {
+ try {
+ SpnegoToken spnegoToken = SpnegoToken.parse(aes256Token);
+
+ Assert.assertNotNull(spnegoToken);
+ Assert.assertTrue(spnegoToken instanceof SpnegoInitToken);
+ Assert.assertNotNull(spnegoToken.getMechanismToken());
+ Assert.assertTrue(spnegoToken.getMechanismToken().length < aes256Token.length);
+ Assert.assertNotNull(spnegoToken.getMechanism());
+ Assert.assertEquals(SpnegoConstants.LEGACY_KERBEROS_MECHANISM, spnegoToken.getMechanism());
+ } catch(IOException e) {
+ e.printStackTrace();
+ Assert.fail(e.getMessage());
+ }
+ }
+
+ //@Test
+ public void testEmptyToken() {
+ SpnegoToken spnegoToken = null;
+ try {
+ spnegoToken = SpnegoToken.parse(new byte[0]);
+ Assert.fail("Should have thrown DecodingException.");
+ } catch(IOException e) {
+ Assert.assertNotNull(e);
+ Assert.assertNull(spnegoToken);
+ }
+ }
+
+ //@Test
+ public void testCorruptToken() {
+ SpnegoToken spnegoToken = null;
+ try {
+ spnegoToken = SpnegoToken.parse(corruptToken);
+ Assert.fail("Should have thrown DecodingException.");
+ } catch(IOException e) {
+ Assert.assertNotNull(e);
+ Assert.assertNull(spnegoToken);
+ }
+ }
+
+ //@Test
+ public void testNullToken() {
+ SpnegoToken spnegoToken = null;
+ try {
+ spnegoToken = SpnegoToken.parse(null);
+ Assert.fail("Should have thrown NullPointerException.");
+ } catch(IOException e) {
+ e.printStackTrace();
+ Assert.fail(e.getMessage());
+ } catch(NullPointerException e) {
+ Assert.assertNotNull(e);
+ Assert.assertNull(spnegoToken);
+ }
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/286fabef/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/DesKeyMaker.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/DesKeyMaker.java b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/DesKeyMaker.java
index cce9342..fb5128d 100644
--- a/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/DesKeyMaker.java
+++ b/haox-kerb/kerb-crypto/src/main/java/org/apache/kerberos/kerb/crypto/key/DesKeyMaker.java
@@ -1,74 +1,23 @@
package org.apache.kerberos.kerb.crypto.key;
-import org.apache.kerberos.kerb.crypto.BytesUtil;
+import org.apache.kerberos.kerb.KrbException;
import org.apache.kerberos.kerb.crypto.Des;
import org.apache.kerberos.kerb.crypto.enc.EncryptProvider;
-import org.apache.kerberos.kerb.KrbException;
public class DesKeyMaker extends AbstractKeyMaker {
- private static final byte[] goodParity = {
- 1, 1, 2, 2, 4, 4, 7, 7,
- 8, 8, 11, 11, 13, 13, 14, 14,
- 16, 16, 19, 19, 21, 21, 22, 22,
- 25, 25, 26, 26, 28, 28, 31, 31,
- 32, 32, 35, 35, 37, 37, 38, 38,
- 41, 41, 42, 42, 44, 44, 47, 47,
- 49, 49, 50, 50, 52, 52, 55, 55,
- 56, 56, 59, 59, 61, 61, 62, 62,
- 64, 64, 67, 67, 69, 69, 70, 70,
- 73, 73, 74, 74, 76, 76, 79, 79,
- 81, 81, 82, 82, 84, 84, 87, 87,
- 88, 88, 91, 91, 93, 93, 94, 94,
- 97, 97, 98, 98, 100, 100, 103, 103,
- 104, 104, 107, 107, 109, 109, 110, 110,
- 112, 112, 115, 115, 117, 117, 118, 118,
- 121, 121, 122, 122, 124, 124, 127, 127,
- (byte)128, (byte)128, (byte)131, (byte)131,
- (byte)133, (byte)133, (byte)134, (byte)134,
- (byte)137, (byte)137, (byte)138, (byte)138,
- (byte)140, (byte)140, (byte)143, (byte)143,
- (byte)145, (byte)145, (byte)146, (byte)146,
- (byte)148, (byte)148, (byte)151, (byte)151,
- (byte)152, (byte)152, (byte)155, (byte)155,
- (byte)157, (byte)157, (byte)158, (byte)158,
- (byte)161, (byte)161, (byte)162, (byte)162,
- (byte)164, (byte)164, (byte)167, (byte)167,
- (byte)168, (byte)168, (byte)171, (byte)171,
- (byte)173, (byte)173, (byte)174, (byte)174,
- (byte)176, (byte)176, (byte)179, (byte)179,
- (byte)181, (byte)181, (byte)182, (byte)182,
- (byte)185, (byte)185, (byte)186, (byte)186,
- (byte)188, (byte)188, (byte)191, (byte)191,
- (byte)193, (byte)193, (byte)194, (byte)194,
- (byte)196, (byte)196, (byte)199, (byte)199,
- (byte)200, (byte)200, (byte)203, (byte)203,
- (byte)205, (byte)205, (byte)206, (byte)206,
- (byte)208, (byte)208, (byte)211, (byte)211,
- (byte)213, (byte)213, (byte)214, (byte)214,
- (byte)217, (byte)217, (byte)218, (byte)218,
- (byte)220, (byte)220, (byte)223, (byte)223,
- (byte)224, (byte)224, (byte)227, (byte)227,
- (byte)229, (byte)229, (byte)230, (byte)230,
- (byte)233, (byte)233, (byte)234, (byte)234,
- (byte)236, (byte)236, (byte)239, (byte)239,
- (byte)241, (byte)241, (byte)242, (byte)242,
- (byte)244, (byte)244, (byte)247, (byte)247,
- (byte)248, (byte)248, (byte)251, (byte)251,
- (byte)253, (byte)253, (byte)254, (byte)254
- };
-
public DesKeyMaker(EncryptProvider encProvider) {
super(encProvider);
}
@Override
public byte[] str2key(String string, String salt, byte[] param) throws KrbException {
- char[] passwdSalt = makePasswdSalt(string, salt);
- byte[] key = passwd2key(passwdSalt);
- return key;
+ throw new RuntimeException("It's weak and not recommended. To be supported.");
}
+ /**
+ * Note this isn't hit any test yet, and very probably problematic
+ */
@Override
public byte[] random2Key(byte[] randomBits) throws KrbException {
if (randomBits.length != encProvider().keyInputSize()) {
@@ -103,64 +52,4 @@ public class DesKeyMaker extends AbstractKeyMaker {
return key;
}
- public static final void setParity(byte[] key) {
- for (int i=0; i < 8; i++) {
- key[i] = goodParity[key[i] & 0xff];
- }
- }
-
- private long passwd2long(byte[] passwdBytes) {
- int keySize = 8;
-
- long lKey = 0;
- int n = passwdBytes.length / keySize;
- long l, l1, l2 = 0;
- for (int i = 0; i < n; i++) {
- l = BytesUtil.bytes2long(passwdBytes,
- i * keySize, true) & 0x7f7f7f7f7f7f7f7fL;
- if (i % 2 == 1) {
- l1 = 0;
- for (int j = 0; j < 64; j++) {
- l1 |= ((l & (1L << j)) >>> j) << (63 - j);
- }
- l = l1 >>> 1;
- }
- lKey ^= (l << 1);
- }
-
- return lKey;
- }
-
- private byte[] passwd2key(char[] passwdChars) throws KrbException {
- int keySize = 8;
-
- byte[] bytes = (new String(passwdChars)).getBytes();
- byte[] passwdBytes = BytesUtil.padding(bytes, keySize);
- long lKey = passwd2long(passwdBytes);
-
- byte[] keyBytes = BytesUtil.long2bytes(lKey, true);
- fixKey(keyBytes);
-
- byte[] iv = keyBytes;
- byte[] encKey = keyBytes;
-
- byte[] bKey = null;
- if (encProvider().supportCbcMac()) {
- bKey = encProvider().cbcMac(iv, encKey, passwdBytes);
- } else {
- throw new KrbException("cbcMac should be supported by the provider: "
- + encProvider().getClass());
- }
-
- fixKey(bKey);
-
- return bKey;
- }
-
- private void fixKey(byte[] key) {
- setParity(key);
- if (Des.isWeakKey(key, 0, key.length)) {
- Des.fixKey(key, 0, key.length);
- }
- }
}