You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by er...@apache.org on 2007/05/01 22:50:13 UTC
svn commit: r534239 - in
/directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src:
main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/
main/java/org/apache/directory/server/kerberos/shared/service/
test/java/org/a...
Author: erodriguez
Date: Tue May 1 13:50:12 2007
New Revision: 534239
URL: http://svn.apache.org/viewvc?view=rev&rev=534239
Log:
Enhancements to LockBox:
o Support for AES and DES3 encryption types.
o Unit tests covering all supported encryption types.
o Moved to encryption package.
Added:
directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/LockBox.java (contents, props changed)
- copied, changed from r530550, directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/LockBox.java
directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/LockBoxTest.java (contents, props changed)
- copied, changed from r530550, directory/apacheds/trunk/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/service/LockBoxTest.java
Removed:
directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/LockBox.java
directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/service/LockBoxTest.java
Copied: directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/LockBox.java (from r530550, directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/LockBox.java)
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/LockBox.java?view=diff&rev=534239&p1=directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/LockBox.java&r1=530550&p2=directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/LockBox.java&r2=534239
==============================================================================
--- directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/LockBox.java (original)
+++ directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/LockBox.java Tue May 1 13:50:12 2007
@@ -18,7 +18,7 @@
*
*/
-package org.apache.directory.server.kerberos.shared.service;
+package org.apache.directory.server.kerberos.shared.crypto.encryption;
import java.io.IOException;
@@ -26,11 +26,6 @@
import java.util.HashMap;
import java.util.Map;
-import org.apache.directory.server.kerberos.shared.crypto.encryption.Des3CbcMd5Encryption;
-import org.apache.directory.server.kerberos.shared.crypto.encryption.Des3CbcSha1Encryption;
-import org.apache.directory.server.kerberos.shared.crypto.encryption.DesCbcMd5Encryption;
-import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionEngine;
-import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
import org.apache.directory.server.kerberos.shared.exceptions.ErrorType;
import org.apache.directory.server.kerberos.shared.exceptions.KerberosException;
import org.apache.directory.server.kerberos.shared.io.decoder.AuthenticatorDecoder;
@@ -108,8 +103,10 @@
Map<EncryptionType, Class> map = new HashMap<EncryptionType, Class>();
map.put( EncryptionType.DES_CBC_MD5, DesCbcMd5Encryption.class );
- map.put( EncryptionType.DES3_CBC_MD5, Des3CbcMd5Encryption.class );
- map.put( EncryptionType.DES3_CBC_SHA1, Des3CbcSha1Encryption.class );
+ map.put( EncryptionType.DES3_CBC_SHA1_KD, Des3CbcSha1KdEncryption.class );
+ map.put( EncryptionType.AES128_CTS_HMAC_SHA1_96, Aes128CtsSha1Encryption.class );
+ map.put( EncryptionType.AES256_CTS_HMAC_SHA1_96, Aes256CtsSha1Encryption.class );
+ map.put( EncryptionType.RC4_HMAC, ArcFourHmacMd5Encryption.class );
DEFAULT_CIPHERS = Collections.unmodifiableMap( map );
}
@@ -131,6 +128,7 @@
}
catch ( IOException ioe )
{
+ ioe.printStackTrace();
throw new KerberosException( ErrorType.KRB_AP_ERR_BAD_INTEGRITY );
}
catch ( ClassCastException cce )
Propchange: directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/LockBox.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/LockBox.java
------------------------------------------------------------------------------
--- svn:keywords (added)
+++ svn:keywords Tue May 1 13:50:12 2007
@@ -0,0 +1,4 @@
+Rev
+Revision
+Date
+Id
Copied: directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/LockBoxTest.java (from r530550, directory/apacheds/trunk/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/service/LockBoxTest.java)
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/LockBoxTest.java?view=diff&rev=534239&p1=directory/apacheds/trunk/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/service/LockBoxTest.java&r1=530550&p2=directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/LockBoxTest.java&r2=534239
==============================================================================
--- directory/apacheds/trunk/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/service/LockBoxTest.java (original)
+++ directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/LockBoxTest.java Tue May 1 13:50:12 2007
@@ -17,7 +17,7 @@
* under the License.
*
*/
-package org.apache.directory.server.kerberos.shared.service;
+package org.apache.directory.server.kerberos.shared.crypto.encryption;
import javax.security.auth.kerberos.KerberosKey;
@@ -25,7 +25,6 @@
import junit.framework.TestCase;
-import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
import org.apache.directory.server.kerberos.shared.exceptions.KerberosException;
import org.apache.directory.server.kerberos.shared.messages.value.EncryptedData;
import org.apache.directory.server.kerberos.shared.messages.value.EncryptedTimeStamp;
@@ -40,7 +39,7 @@
*/
public class LockBoxTest extends TestCase
{
- private byte[] encryptedTimeStamp =
+ private byte[] desEncryptedTimeStamp =
{ ( byte ) 0x97, ( byte ) 0x21, ( byte ) 0x58, ( byte ) 0x5f, ( byte ) 0x81, ( byte ) 0x46, ( byte ) 0x17,
( byte ) 0xa6, ( byte ) 0x4e, ( byte ) 0x8a, ( byte ) 0x5d, ( byte ) 0xe2, ( byte ) 0xf3, ( byte ) 0xd1,
( byte ) 0x40, ( byte ) 0x30, ( byte ) 0x38, ( byte ) 0x5e, ( byte ) 0xb8, ( byte ) 0xf6, ( byte ) 0xad,
@@ -50,20 +49,82 @@
( byte ) 0xb2, ( byte ) 0xb7, ( byte ) 0x95, ( byte ) 0x22, ( byte ) 0x93, ( byte ) 0x12, ( byte ) 0x63,
( byte ) 0xd5, ( byte ) 0xf4, ( byte ) 0x39, ( byte ) 0xfa, ( byte ) 0x27, ( byte ) 0x6e, ( byte ) 0x8e };
+ private byte[] tripleDesEncryptedTimeStamp =
+ { ( byte ) 0x96, ( byte ) 0xcb, ( byte ) 0x38, ( byte ) 0xb3, ( byte ) 0xc9, ( byte ) 0xb5, ( byte ) 0x78,
+ ( byte ) 0x17, ( byte ) 0xba, ( byte ) 0x0a, ( byte ) 0x64, ( byte ) 0x49, ( byte ) 0x18, ( byte ) 0x39,
+ ( byte ) 0x57, ( byte ) 0x1e, ( byte ) 0xcf, ( byte ) 0xfc, ( byte ) 0x6e, ( byte ) 0x0f, ( byte ) 0x53,
+ ( byte ) 0xe2, ( byte ) 0x9c, ( byte ) 0x96, ( byte ) 0xfd, ( byte ) 0xbc, ( byte ) 0xc6, ( byte ) 0x1e,
+ ( byte ) 0x10, ( byte ) 0x35, ( byte ) 0xe0, ( byte ) 0x8f, ( byte ) 0xc1, ( byte ) 0x7f, ( byte ) 0xbd,
+ ( byte ) 0x86, ( byte ) 0x55, ( byte ) 0xf2, ( byte ) 0x22, ( byte ) 0x48, ( byte ) 0x86, ( byte ) 0xfb,
+ ( byte ) 0x92, ( byte ) 0x22, ( byte ) 0xe7, ( byte ) 0xbe, ( byte ) 0xd1, ( byte ) 0xec, ( byte ) 0x2e,
+ ( byte ) 0x37, ( byte ) 0xd8, ( byte ) 0x47, ( byte ) 0x1e, ( byte ) 0xa0, ( byte ) 0x16, ( byte ) 0x70,
+ ( byte ) 0x5f, ( byte ) 0x6b, ( byte ) 0x18, ( byte ) 0xf3 };
+
+ private byte[] aes128EncryptedTimeStamp =
+ { ( byte ) 0x4f, ( byte ) 0x1e, ( byte ) 0x52, ( byte ) 0xf5, ( byte ) 0xe0, ( byte ) 0xee, ( byte ) 0xe5,
+ ( byte ) 0xe2, ( byte ) 0x2c, ( byte ) 0x9b, ( byte ) 0xf4, ( byte ) 0xdc, ( byte ) 0x58, ( byte ) 0x5f,
+ ( byte ) 0x00, ( byte ) 0x96, ( byte ) 0x31, ( byte ) 0xfe, ( byte ) 0xc7, ( byte ) 0xf7, ( byte ) 0x89,
+ ( byte ) 0x38, ( byte ) 0x88, ( byte ) 0xf5, ( byte ) 0x25, ( byte ) 0xaf, ( byte ) 0x09, ( byte ) 0x9f,
+ ( byte ) 0xfd, ( byte ) 0x78, ( byte ) 0x68, ( byte ) 0x3b, ( byte ) 0xb4, ( byte ) 0x1e, ( byte ) 0xc2,
+ ( byte ) 0xfc, ( byte ) 0x2d, ( byte ) 0xf3, ( byte ) 0x41, ( byte ) 0x88, ( byte ) 0x92, ( byte ) 0x7e,
+ ( byte ) 0xd7, ( byte ) 0xed, ( byte ) 0xe1, ( byte ) 0xe0, ( byte ) 0x0c, ( byte ) 0xad, ( byte ) 0xe5,
+ ( byte ) 0x06, ( byte ) 0xbf, ( byte ) 0x30, ( byte ) 0x1e, ( byte ) 0xbf, ( byte ) 0xf2, ( byte ) 0xec };
+
+ private byte[] aes256EncryptedTimeStamp =
+ { ( byte ) 0xa8, ( byte ) 0x40, ( byte ) 0x73, ( byte ) 0xfc, ( byte ) 0xe5, ( byte ) 0x45, ( byte ) 0x66,
+ ( byte ) 0xd6, ( byte ) 0x83, ( byte ) 0xb4, ( byte ) 0xed, ( byte ) 0xb6, ( byte ) 0x18, ( byte ) 0x5a,
+ ( byte ) 0xd2, ( byte ) 0x24, ( byte ) 0xd6, ( byte ) 0xef, ( byte ) 0x38, ( byte ) 0xac, ( byte ) 0xdf,
+ ( byte ) 0xcd, ( byte ) 0xed, ( byte ) 0x6d, ( byte ) 0x32, ( byte ) 0xf6, ( byte ) 0x00, ( byte ) 0xd1,
+ ( byte ) 0xc0, ( byte ) 0xb0, ( byte ) 0x1e, ( byte ) 0x70, ( byte ) 0x13, ( byte ) 0x48, ( byte ) 0x0a,
+ ( byte ) 0x5a, ( byte ) 0xbb, ( byte ) 0xd2, ( byte ) 0x2a, ( byte ) 0x6b, ( byte ) 0x16, ( byte ) 0x29,
+ ( byte ) 0x63, ( byte ) 0xba, ( byte ) 0xea, ( byte ) 0xb7, ( byte ) 0x1a, ( byte ) 0x90, ( byte ) 0x7b,
+ ( byte ) 0xf4, ( byte ) 0x89, ( byte ) 0x94, ( byte ) 0x7a, ( byte ) 0x2d, ( byte ) 0x6a, ( byte ) 0xf1 };
+
+ private byte[] arcfourEncryptedTimeStamp =
+ { ( byte ) 0xa2, ( byte ) 0x4f, ( byte ) 0x04, ( byte ) 0x6d, ( byte ) 0x93, ( byte ) 0x31, ( byte ) 0x19,
+ ( byte ) 0x77, ( byte ) 0x3f, ( byte ) 0x9d, ( byte ) 0xf9, ( byte ) 0x6f, ( byte ) 0x7e, ( byte ) 0x86,
+ ( byte ) 0x2c, ( byte ) 0x99, ( byte ) 0x63, ( byte ) 0xc5, ( byte ) 0xcf, ( byte ) 0xe2, ( byte ) 0xf1,
+ ( byte ) 0x54, ( byte ) 0x05, ( byte ) 0x6a, ( byte ) 0xea, ( byte ) 0x20, ( byte ) 0x37, ( byte ) 0x31,
+ ( byte ) 0xa2, ( byte ) 0xdc, ( byte ) 0xe8, ( byte ) 0x79, ( byte ) 0xaa, ( byte ) 0xae, ( byte ) 0x1c,
+ ( byte ) 0xfa, ( byte ) 0x93, ( byte ) 0x02, ( byte ) 0xbe, ( byte ) 0x11, ( byte ) 0x14, ( byte ) 0x22,
+ ( byte ) 0x65, ( byte ) 0x92, ( byte ) 0xbd, ( byte ) 0xf5, ( byte ) 0x52, ( byte ) 0x9f, ( byte ) 0x94,
+ ( byte ) 0x67, ( byte ) 0x10, ( byte ) 0xd2 };
+
+ private byte[] asn1EncodedTimeStamp =
+ { ( byte ) 0x30, ( byte ) 0x1A, ( byte ) 0xA0, ( byte ) 0x11, ( byte ) 0x18, ( byte ) 0x0F, ( byte ) 0x32,
+ ( byte ) 0x30, ( byte ) 0x30, ( byte ) 0x37, ( byte ) 0x30, ( byte ) 0x34, ( byte ) 0x31, ( byte ) 0x30,
+ ( byte ) 0x31, ( byte ) 0x39, ( byte ) 0x30, ( byte ) 0x34, ( byte ) 0x30, ( byte ) 0x30, ( byte ) 0x5A,
+ ( byte ) 0xA1, ( byte ) 0x05, ( byte ) 0x02, ( byte ) 0x03, ( byte ) 0x07, ( byte ) 0x06, ( byte ) 0xA2 };
+
+
+ /**
+ * Tests the lengths of the test vectors for encrypted timestamps for each
+ * of the supported encryption types. The length of the Kerberos Cipher Text
+ * is relevant to the structure of the underlying plaintext.
+ */
+ public void testTestVectorLengths()
+ {
+ assertEquals( "DES length", 56, desEncryptedTimeStamp.length );
+ assertEquals( "DES3 length", 60, tripleDesEncryptedTimeStamp.length );
+ assertEquals( "AES128 length", 56, aes128EncryptedTimeStamp.length );
+ assertEquals( "AES256 length", 56, aes256EncryptedTimeStamp.length );
+ assertEquals( "RC4-HMAC length", 52, arcfourEncryptedTimeStamp.length );
+ }
+
/**
* Tests the unsealing of Kerberos CipherText with a good password. After decryption and
* an integrity check, an attempt is made to decode the bytes as an EncryptedTimestamp. The
* result is timestamp data.
*/
- public void testGoodPassword()
+ public void testDesGoodPasswordDecrypt()
{
LockBox lockBox = new LockBox();
Class hint = EncryptedTimeStamp.class;
KerberosPrincipal principal = new KerberosPrincipal( "erodriguez@EXAMPLE.COM" );
KerberosKey kerberosKey = new KerberosKey( principal, "kerby".toCharArray(), "DES" );
EncryptionKey key = new EncryptionKey( EncryptionType.DES_CBC_MD5, kerberosKey.getEncoded() );
- EncryptedData data = new EncryptedData( EncryptionType.DES_CBC_MD5, 0, encryptedTimeStamp );
+ EncryptedData data = new EncryptedData( EncryptionType.DES_CBC_MD5, 0, desEncryptedTimeStamp );
try
{
@@ -82,14 +143,14 @@
* Tests the unsealing of Kerberos CipherText with a bad password. After decryption, the
* checksum is tested and should fail on comparison, resulting in an integrity check error.
*/
- public void testBadPassword()
+ public void testDesBadPasswordDecrypt()
{
LockBox lockBox = new LockBox();
Class hint = EncryptedTimeStamp.class;
KerberosPrincipal principal = new KerberosPrincipal( "erodriguez@EXAMPLE.COM" );
KerberosKey kerberosKey = new KerberosKey( principal, "badpassword".toCharArray(), "DES" );
EncryptionKey key = new EncryptionKey( EncryptionType.DES_CBC_MD5, kerberosKey.getEncoded() );
- EncryptedData data = new EncryptedData( EncryptionType.DES_CBC_MD5, 0, encryptedTimeStamp );
+ EncryptedData data = new EncryptedData( EncryptionType.DES_CBC_MD5, 0, desEncryptedTimeStamp );
try
{
@@ -101,4 +162,204 @@
assertEquals( "ErrorCode", 31, ke.getErrorCode() );
}
}
+
+
+ /**
+ * Tests the unsealing of Kerberos CipherText with a good password. After decryption and
+ * an integrity check, an attempt is made to decode the bytes as an EncryptedTimestamp. The
+ * result is timestamp data.
+ */
+ public void testTripleDesGoodPasswordDecrypt()
+ {
+ LockBox lockBox = new LockBox();
+ Class hint = EncryptedTimeStamp.class;
+ KerberosPrincipal principal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
+ KerberosKey kerberosKey = new KerberosKey( principal, "secret".toCharArray(), "DESede" );
+ EncryptionKey key = new EncryptionKey( EncryptionType.DES3_CBC_SHA1_KD, kerberosKey.getEncoded() );
+ EncryptedData data = new EncryptedData( EncryptionType.DES3_CBC_SHA1_KD, 0, tripleDesEncryptedTimeStamp );
+
+ try
+ {
+ EncryptedTimeStamp object = ( EncryptedTimeStamp ) lockBox.unseal( hint, key, data );
+ assertEquals( "TimeStamp", "20070410190400Z", object.getTimeStamp().toString() );
+ assertEquals( "MicroSeconds", 460450, object.getMicroSeconds() );
+ }
+ catch ( KerberosException ke )
+ {
+ ke.printStackTrace();
+ fail( "Should not have caught exception." );
+ }
+ }
+
+
+ /**
+ * Tests the encryption and subsequent unsealing of an ASN.1 encoded timestamp with a
+ * good password. After encryption, an attempt is made to unseal the encrypted bytes
+ * as an EncryptedTimestamp. The result is timestamp data.
+ */
+ public void testTripleDesGoodPasswordEncrypt()
+ {
+ LockBox lockBox = new LockBox();
+ KerberosPrincipal principal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
+ KerberosKey kerberosKey = new KerberosKey( principal, "secret".toCharArray(), "DESede" );
+ EncryptionKey key = new EncryptionKey( EncryptionType.DES3_CBC_SHA1_KD, kerberosKey.getEncoded() );
+
+ Des3CbcSha1KdEncryption enc = new Des3CbcSha1KdEncryption();
+ EncryptedData encryptedData = enc.getEncryptedData( key, asn1EncodedTimeStamp );
+
+ Class hint = EncryptedTimeStamp.class;
+
+ try
+ {
+ EncryptedTimeStamp object = ( EncryptedTimeStamp ) lockBox.unseal( hint, key, encryptedData );
+ assertEquals( "TimeStamp", "20070410190400Z", object.getTimeStamp().toString() );
+ assertEquals( "MicroSeconds", 460450, object.getMicroSeconds() );
+ }
+ catch ( KerberosException ke )
+ {
+ ke.printStackTrace();
+ fail( "Should not have caught exception." );
+ }
+ }
+
+
+ /**
+ * Tests the unsealing of Kerberos CipherText with a good password. After decryption and
+ * an integrity check, an attempt is made to decode the bytes as an EncryptedTimestamp. The
+ * result is timestamp data.
+ */
+ public void testAes128GoodPasswordDecrypt()
+ {
+ LockBox lockBox = new LockBox();
+ Class hint = EncryptedTimeStamp.class;
+ KerberosPrincipal principal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
+ KerberosKey kerberosKey = new KerberosKey( principal, "secret".toCharArray(), "AES128" );
+ EncryptionKey key = new EncryptionKey( EncryptionType.AES128_CTS_HMAC_SHA1_96, kerberosKey.getEncoded() );
+ EncryptedData data = new EncryptedData( EncryptionType.AES128_CTS_HMAC_SHA1_96, 0, aes128EncryptedTimeStamp );
+
+ try
+ {
+ EncryptedTimeStamp object = ( EncryptedTimeStamp ) lockBox.unseal( hint, key, data );
+ assertEquals( "TimeStamp", "20070410212557Z", object.getTimeStamp().toString() );
+ assertEquals( "MicroSeconds", 379386, object.getMicroSeconds() );
+ }
+ catch ( KerberosException ke )
+ {
+ ke.printStackTrace();
+ fail( "Should not have caught exception." );
+ }
+ }
+
+
+ /**
+ * Tests the encryption and subsequent unsealing of an ASN.1 encoded timestamp with a
+ * good password. After encryption, an attempt is made to unseal the encrypted bytes
+ * as an EncryptedTimestamp. The result is timestamp data.
+ */
+ public void testAes128GoodPasswordEncrypt()
+ {
+ LockBox lockBox = new LockBox();
+ KerberosPrincipal principal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
+ KerberosKey kerberosKey = new KerberosKey( principal, "secret".toCharArray(), "AES128" );
+ EncryptionKey key = new EncryptionKey( EncryptionType.AES128_CTS_HMAC_SHA1_96, kerberosKey.getEncoded() );
+
+ Aes128CtsSha1Encryption enc = new Aes128CtsSha1Encryption();
+ EncryptedData encryptedData = enc.getEncryptedData( key, asn1EncodedTimeStamp );
+
+ Class hint = EncryptedTimeStamp.class;
+
+ try
+ {
+ EncryptedTimeStamp object = ( EncryptedTimeStamp ) lockBox.unseal( hint, key, encryptedData );
+ assertEquals( "TimeStamp", "20070410190400Z", object.getTimeStamp().toString() );
+ assertEquals( "MicroSeconds", 460450, object.getMicroSeconds() );
+ }
+ catch ( KerberosException ke )
+ {
+ ke.printStackTrace();
+ fail( "Should not have caught exception." );
+ }
+ }
+
+
+ /**
+ * Tests the unsealing of Kerberos CipherText with a good password. After decryption and
+ * an integrity check, an attempt is made to decode the bytes as an EncryptedTimestamp. The
+ * result is timestamp data.
+ */
+ public void testAes256GoodPasswordDecrypt()
+ {
+ LockBox lockBox = new LockBox();
+ Class hint = EncryptedTimeStamp.class;
+ KerberosPrincipal principal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
+ KerberosKey kerberosKey = new KerberosKey( principal, "secret".toCharArray(), "AES256" );
+ EncryptionKey key = new EncryptionKey( EncryptionType.AES256_CTS_HMAC_SHA1_96, kerberosKey.getEncoded() );
+ EncryptedData data = new EncryptedData( EncryptionType.AES256_CTS_HMAC_SHA1_96, 0, aes256EncryptedTimeStamp );
+
+ try
+ {
+ EncryptedTimeStamp object = ( EncryptedTimeStamp ) lockBox.unseal( hint, key, data );
+ assertEquals( "TimeStamp", "20070410212809Z", object.getTimeStamp().toString() );
+ assertEquals( "MicroSeconds", 298294, object.getMicroSeconds() );
+ }
+ catch ( KerberosException ke )
+ {
+ ke.printStackTrace();
+ fail( "Should not have caught exception." );
+ }
+ }
+
+
+ /**
+ * Tests the encryption and subsequent unsealing of an ASN.1 encoded timestamp with a
+ * good password. After encryption, an attempt is made to unseal the encrypted bytes
+ * as an EncryptedTimestamp. The result is timestamp data.
+ */
+ public void testAes256GoodPasswordEncrypt()
+ {
+ LockBox lockBox = new LockBox();
+ KerberosPrincipal principal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
+ KerberosKey kerberosKey = new KerberosKey( principal, "secret".toCharArray(), "AES256" );
+ EncryptionKey key = new EncryptionKey( EncryptionType.AES256_CTS_HMAC_SHA1_96, kerberosKey.getEncoded() );
+
+ Aes256CtsSha1Encryption enc = new Aes256CtsSha1Encryption();
+ EncryptedData encryptedData = enc.getEncryptedData( key, asn1EncodedTimeStamp );
+
+ Class hint = EncryptedTimeStamp.class;
+
+ try
+ {
+ EncryptedTimeStamp object = ( EncryptedTimeStamp ) lockBox.unseal( hint, key, encryptedData );
+ assertEquals( "TimeStamp", "20070410190400Z", object.getTimeStamp().toString() );
+ assertEquals( "MicroSeconds", 460450, object.getMicroSeconds() );
+ }
+ catch ( KerberosException ke )
+ {
+ ke.printStackTrace();
+ fail( "Should not have caught exception." );
+ }
+ }
+
+ /*
+ public void testArcFourGoodPassword()
+ {
+ LockBox lockBox = new LockBox();
+ Class hint = EncryptedTimeStamp.class;
+ KerberosPrincipal principal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
+ KerberosKey kerberosKey = new KerberosKey( principal, "secret".toCharArray(), "ArcFourHmac" );
+ EncryptionKey key = new EncryptionKey( EncryptionType.RC4_HMAC, kerberosKey.getEncoded() );
+ EncryptedData data = new EncryptedData( EncryptionType.RC4_HMAC, 0, arcfourEncryptedTimeStamp );
+
+ try
+ {
+ EncryptedTimeStamp object = ( EncryptedTimeStamp ) lockBox.unseal( hint, key, data );
+ assertEquals( "TimeStamp", "20070322233107Z", object.getTimeStamp().toString() );
+ assertEquals( "MicroSeconds", 291067, object.getMicroSeconds() );
+ }
+ catch ( KerberosException ke )
+ {
+ ke.printStackTrace();
+ fail( "Should not have caught exception." );
+ }
+ }*/
}
Propchange: directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/LockBoxTest.java
------------------------------------------------------------------------------
svn:eol-style = native