You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by co...@apache.org on 2021/04/22 10:37:22 UTC
[directory-server] branch remove_kerberos created (now 40715dd)
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a change to branch remove_kerberos
in repository https://gitbox.apache.org/repos/asf/directory-server.git.
at 40715dd Remove Kerberos functionality from the Directory Server
This branch includes the following new commits:
new 40715dd Remove Kerberos functionality from the Directory Server
The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
[directory-server] 01/01: Remove Kerberos functionality from the
Directory Server
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch remove_kerberos
in repository https://gitbox.apache.org/repos/asf/directory-server.git
commit 40715ddf5791849b641259df3255693862b3fbca
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Thu Apr 22 11:36:45 2021 +0100
Remove Kerberos functionality from the Directory Server
---
all/pom.xml | 7 +-
.../apache/directory/server/installers/config.ldif | 51 -
kerberos-client/pom.xml | 82 -
kerberos-client/src/checkstyle/suppressions.xml | 28 -
.../directory/kerberos/client/AbstractTicket.java | 80 -
.../kerberos/client/ChangePasswordResult.java | 68 -
.../kerberos/client/ChangePasswordResultCode.java | 121 --
.../kerberos/client/HeimdalKpasswdDecode.java | 1706 -----------------
.../directory/kerberos/client/KdcClientUtil.java | 152 --
.../directory/kerberos/client/KdcConfig.java | 178 --
.../directory/kerberos/client/KdcConnection.java | 691 -------
.../directory/kerberos/client/KerberosChannel.java | 148 --
.../apache/directory/kerberos/client/Kinit.java | 90 -
.../directory/kerberos/client/KpasswdDecode.java | 113 --
.../directory/kerberos/client/ServiceTicket.java | 34 -
.../kerberos/client/ServiceTicketRequest.java | 88 -
.../apache/directory/kerberos/client/TgTicket.java | 55 -
.../directory/kerberos/client/TgtRequest.java | 245 ---
.../credentials/cache/CacheInputStream.java | 415 ----
.../credentials/cache/CacheOutputStream.java | 266 ---
.../kerberos/credentials/cache/Credentials.java | 260 ---
.../credentials/cache/CredentialsCache.java | 175 --
.../cache/CredentialsCacheConstants.java | 36 -
.../cache/SampleCredentialsCacheResource.java | 120 --
.../directory/kerberos/credentials/cache/Tag.java | 42 -
.../kerberos/client/CredentialsCacheTest.java | 74 -
.../directory/kerberos/client/KdcAsRepTest.java | 235 ---
.../kerberos/client/KdcConnectionTest.java | 299 ---
.../src/test/resources/log4j.properties | 45 -
.../shared/crypto/checksum/ChecksumHandler.java | 6 -
.../crypto/encryption/Aes128CtsSha1Encryption.java | 48 -
.../crypto/encryption/Aes256CtsSha1Encryption.java | 48 -
.../crypto/encryption/AesCtsSha1Encryption.java | 197 --
.../crypto/encryption/CipherTextHandler.java | 4 -
.../crypto/encryption/Des3CbcSha1KdEncryption.java | 311 ---
.../crypto/encryption/DesCbcCrcEncryption.java | 180 --
.../crypto/encryption/DesCbcMd5Encryption.java | 179 --
.../crypto/encryption/CipherTextHandlerTest.java | 128 --
.../encryption/Des3CbcSha1KdEncryptionTest.java | 246 ---
.../crypto/encryption/DesCbcCrcEncryptionTest.java | 128 --
.../crypto/encryption/DesCbcMd5EncryptionTest.java | 128 --
.../shared/messages/components/TicketTest.java | 131 --
kerberos-test/pom.xml | 147 --
kerberos-test/src/site/site.xml | 26 -
.../server/kerberos/kdc/AS-REQ-PA-ENC-TS.pdu | Bin 240 -> 0 bytes
.../directory/server/kerberos/kdc/AS-REQ-TCP.pdu | Bin 161 -> 0 bytes
.../directory/server/kerberos/kdc/AS-REQ-UDP.pdu | Bin 157 -> 0 bytes
.../server/kerberos/kdc/AbstractKerberosITest.java | 247 ---
.../kerberos/kdc/KerberosKRBProtocolTest.java | 88 -
.../server/kerberos/kdc/KerberosTcpITest.java | 123 --
.../server/kerberos/kdc/KerberosTestUtils.java | 437 -----
.../server/kerberos/kdc/KerberosUdpITest.java | 123 --
.../server/kerberos/kdc/SaslGssapiBindITest.java | 266 ---
.../directory/server/kerberos/kdc/ms_krb5.pcap | Bin 2688 -> 0 bytes
.../directory/server/kerberos/kdc/oracle_krb5.pcap | Bin 964 -> 0 bytes
.../directory/server/kerberos/kdc/pam_krb5.pcap | Bin 2800 -> 0 bytes
kerberos-test/src/test/resources/krb5.conf | 31 -
kerberos-test/src/test/resources/log4j.properties | 25 -
.../directory/server/kerberos/kdc/KerberosIT.ldif | 33 -
ldap-client-test/pom.xml | 7 -
osgi-integ/pom.xml | 5 -
.../osgi/integ/ServerProtocolKerberosOsgiTest.java | 55 -
osgi/pom.xml | 5 -
pom.xml | 32 +-
protocol-kerberos/pom.xml | 186 --
.../server/kerberos/ChangePasswordConfig.java | 53 -
.../directory/server/kerberos/KerberosConfig.java | 476 -----
.../kerberos/changepwd/ChangePasswordServer.java | 198 --
.../server/kerberos/changepwd/package-info.java | 28 -
.../ChangePasswordProtocolCodecFactory.java | 67 -
.../protocol/ChangePasswordProtocolHandler.java | 239 ---
.../protocol/MinaChangePasswordDecoder.java | 79 -
.../protocol/MinaChangePasswordEncoder.java | 51 -
.../kerberos/changepwd/protocol/package-info.java | 29 -
.../changepwd/service/ChangePasswordContext.java | 260 ---
.../changepwd/service/ChangePasswordService.java | 432 -----
.../kerberos/changepwd/service/package-info.java | 27 -
.../kerberos/kdc/DirectoryPrincipalStore.java | 158 --
.../directory/server/kerberos/kdc/KdcContext.java | 232 ---
.../directory/server/kerberos/kdc/KdcServer.java | 287 ---
.../kdc/authentication/AuthenticationContext.java | 177 --
.../kdc/authentication/AuthenticationService.java | 907 ---------
.../kerberos/kdc/authentication/package-info.java | 29 -
.../server/kerberos/kdc/package-info.java | 35 -
.../kdc/ticketgrant/TicketGrantingContext.java | 152 --
.../kdc/ticketgrant/TicketGrantingService.java | 1051 -----------
.../kerberos/kdc/ticketgrant/package-info.java | 29 -
.../kerberos/protocol/KerberosProtocolHandler.java | 354 ----
.../codec/KerberosProtocolCodecFactory.java | 66 -
.../protocol/codec/MinaKerberosDecoder.java | 192 --
.../protocol/codec/MinaKerberosEncoder.java | 51 -
.../server/kerberos/protocol/package-info.java | 31 -
.../server/kerberos/sam/KeyIntegrityChecker.java | 45 -
.../server/kerberos/sam/SamException.java | 108 --
.../server/kerberos/sam/SamSubsystem.java | 203 --
.../directory/server/kerberos/sam/SamVerifier.java | 102 -
.../server/kerberos/sam/TimestampChecker.java | 85 -
.../server/kerberos/sam/package-info.java | 32 -
protocol-kerberos/src/site/site.xml | 26 -
.../AbstractAuthenticationServiceTest.java | 208 --
.../AbstractTicketGrantingServiceTest.java | 325 ----
.../protocol/AuthenticationEncryptionTypeTest.java | 334 ----
.../protocol/AuthenticationPolicyTest.java | 354 ----
.../protocol/AuthenticationServiceTest.java | 1518 ---------------
.../server/kerberos/protocol/EncTktInSkeyTest.java | 154 --
.../kerberos/protocol/FragmentDecoderTest.java | 139 --
.../kerberos/protocol/MapPrincipalStoreImpl.java | 112 --
.../kerberos/protocol/PreAuthenticationTest.java | 322 ----
.../kerberos/protocol/TGSReplayCacheTest.java | 193 --
.../protocol/TicketGrantingEncryptionTypeTest.java | 469 -----
.../protocol/TicketGrantingPolicyTest.java | 720 -------
.../protocol/TicketGrantingServiceTest.java | 1993 --------------------
.../src/test/resources/log4j.properties | 33 -
.../apache/directory/server/kerberos/kdc/krb5.conf | 31 -
server-annotations/pom.xml | 7 -
.../server/annotations/CreateKdcServer.java | 91 -
.../server/factory/ServerAnnotationProcessor.java | 110 --
.../factory/CreateKdcServerAnnotationTest.java | 144 --
.../server/config/ConfigSchemaConstants.java | 2 +-
.../server/config/beans/DirectoryServiceBean.java | 17 -
.../server/config/beans/KdcServerBean.java | 404 ----
server-config/src/main/resources/config.ldif | 51 -
.../config/KerberosServerConfigReaderTest.java | 122 --
.../src/test/resources/kerberosServer.ldif | 49 -
server-integ/pom.xml | 7 -
.../server/operations/bind/SaslBindIT.java | 34 -
service-builder/pom.xml | 7 -
.../server/config/builder/ServiceBuilder.java | 103 -
.../apache/directory/server/ApacheDsService.java | 54 -
test-framework/pom.xml | 6 -
.../server/core/integ/AbstractLdapTestUnit.java | 19 +-
.../server/core/integ/FrameworkRunner.java | 76 -
132 files changed, 5 insertions(+), 23968 deletions(-)
diff --git a/all/pom.xml b/all/pom.xml
index 533c931..0cef062 100644
--- a/all/pom.xml
+++ b/all/pom.xml
@@ -101,12 +101,7 @@
<groupId>${project.groupId}</groupId>
<artifactId>apacheds-protocol-dns</artifactId>
</dependency>
-
- <dependency>
- <groupId>${project.groupId}</groupId>
- <artifactId>apacheds-protocol-kerberos</artifactId>
- </dependency>
-
+
<dependency>
<groupId>${project.groupId}</groupId>
<artifactId>apacheds-protocol-ldap</artifactId>
diff --git a/installers-maven-plugin/src/main/resources/org/apache/directory/server/installers/config.ldif b/installers-maven-plugin/src/main/resources/org/apache/directory/server/installers/config.ldif
index f683290..1e722d7 100644
--- a/installers-maven-plugin/src/main/resources/org/apache/directory/server/installers/config.ldif
+++ b/installers-maven-plugin/src/main/resources/org/apache/directory/server/installers/config.ldif
@@ -624,57 +624,6 @@ objectclass: ads-base
objectclass: top
ads-enabled: FALSE
-dn: ads-serverId=kerberosServer,ou=servers,ads-directoryServiceId=default,ou=config
-objectclass: ads-server
-objectclass: ads-kdcServer
-objectclass: ads-dsBasedServer
-objectclass: ads-base
-objectclass: top
-ads-serverid: kerberosServer
-ads-enabled: FALSE
-ads-krbAllowableClockSkew: 300000
-ads-krbBodyChecksumVerified: TRUE
-ads-krbEmptyAddressesAllowed: TRUE
-ads-krbEncryptionTypes: aes128-cts-hmac-sha1-96
-ads-krbEncryptionTypes: des3-cbc-sha1-kd
-ads-krbEncryptionTypes: des-cbc-md5
-ads-krbForwardableAllowed: TRUE
-ads-krbmaximumrenewablelifetime: 604800000
-ads-krbMaximumTicketLifetime: 86400000
-ads-krbPaEncTimestampRequired: TRUE
-ads-krbPostdatedAllowed: TRUE
-ads-krbPrimaryRealm: EXAMPLE.COM
-ads-krbProxiableAllowed: TRUE
-ads-krbRenewableAllowed: TRUE
-ads-searchBaseDN: ou=users,dc=example,dc=com
-
-dn: ou=transports,ads-serverId=kerberosServer,ou=servers,ads-directoryServiceId=default,ou=config
-ou: transports
-objectclass: organizationalUnit
-objectclass: top
-
-dn: ads-transportid=tcp,ou=transports,ads-serverId=kerberosServer,ou=servers,ads-directoryServiceId=default,ou=config
-ads-systemport: 60088
-ads-transportnbthreads: 4
-ads-transportaddress: 0.0.0.0
-ads-transportid: tcp
-objectclass: ads-transport
-objectClass: ads-base
-objectclass: ads-tcpTransport
-objectclass: top
-ads-enabled: TRUE
-
-dn: ads-transportid=udp,ou=transports,ads-serverId=kerberosServer,ou=servers,ads-directoryServiceId=default,ou=config
-ads-systemport: 60088
-ads-transportnbthreads: 4
-ads-transportaddress: 0.0.0.0
-ads-transportid: udp
-objectclass: ads-transport
-objectclass: ads-udpTransport
-objectClass: ads-base
-objectclass: top
-ads-enabled: TRUE
-
dn: ads-serverId=ldapServer,ou=servers,ads-directoryServiceId=default,ou=config
objectclass: ads-server
objectclass: ads-ldapServer
diff --git a/kerberos-client/pom.xml b/kerberos-client/pom.xml
deleted file mode 100644
index f82657e..0000000
--- a/kerberos-client/pom.xml
+++ /dev/null
@@ -1,82 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
- <modelVersion>4.0.0</modelVersion>
- <parent>
- <groupId>org.apache.directory.server</groupId>
- <artifactId>apacheds-parent</artifactId>
- <version>2.0.0.AM27-SNAPSHOT</version>
- </parent>
- <artifactId>kerberos-client</artifactId>
- <name>kerberos-client</name>
- <description>ApacheDS Kerberos Client</description>
-
- <dependencies>
-
- <dependency>
- <groupId>${project.groupId}</groupId>
- <artifactId>apacheds-kerberos-codec</artifactId>
- </dependency>
-
- <dependency>
- <groupId>${project.groupId}</groupId>
- <artifactId>apacheds-server-annotations</artifactId>
- <scope>test</scope>
- </dependency>
-
- <dependency>
- <groupId>${project.groupId}</groupId>
- <artifactId>apacheds-test-framework</artifactId>
- <scope>test</scope>
- </dependency>
-
- <dependency>
- <groupId>${project.groupId}</groupId>
- <artifactId>apacheds-interceptor-kerberos</artifactId>
- <scope>test</scope>
- </dependency>
-
- <dependency>
- <groupId>${project.groupId}</groupId>
- <artifactId>apacheds-kerberos-test</artifactId>
- <type>test-jar</type>
- <scope>test</scope>
- </dependency>
- </dependencies>
-
- <build>
- <plugins>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-source-plugin</artifactId>
- <executions>
- <execution>
- <id>attach-sources</id>
- <phase>verify</phase>
- <goals>
- <goal>jar-no-fork</goal>
- </goals>
- </execution>
- </executions>
- </plugin>
- </plugins>
- </build>
-</project>
diff --git a/kerberos-client/src/checkstyle/suppressions.xml b/kerberos-client/src/checkstyle/suppressions.xml
deleted file mode 100644
index 4b16d06..0000000
--- a/kerberos-client/src/checkstyle/suppressions.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<?xml version="1.0"?>
-
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-
-<!DOCTYPE suppressions PUBLIC
- "-//Puppy Crawl//DTD Suppressions 1.1//EN"
- "http://www.puppycrawl.com/dtds/suppressions_1_1.dtd">
-
-<suppressions>
- <suppress files=".*" checks=".*" />
-</suppressions>
diff --git a/kerberos-client/src/main/java/org/apache/directory/kerberos/client/AbstractTicket.java b/kerberos-client/src/main/java/org/apache/directory/kerberos/client/AbstractTicket.java
deleted file mode 100644
index 8720938..0000000
--- a/kerberos-client/src/main/java/org/apache/directory/kerberos/client/AbstractTicket.java
+++ /dev/null
@@ -1,80 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.directory.kerberos.client;
-
-
-import org.apache.directory.shared.kerberos.components.EncKdcRepPart;
-import org.apache.directory.shared.kerberos.components.EncryptionKey;
-import org.apache.directory.shared.kerberos.messages.Ticket;
-
-
-/**
- *
- * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
- */
-public abstract class AbstractTicket
-{
- protected Ticket ticket;
-
- protected EncKdcRepPart encKdcRepPart;
-
-
- public AbstractTicket( Ticket ticket, EncKdcRepPart encKdcRepPart )
- {
- this.ticket = ticket;
- this.encKdcRepPart = encKdcRepPart;
- }
-
-
- public EncKdcRepPart getEncKdcRepPart()
- {
- return this.encKdcRepPart;
- }
-
-
- public Ticket getTicket()
- {
- return ticket;
- }
-
-
- public EncryptionKey getSessionKey()
- {
- return encKdcRepPart.getKey();
- }
-
-
- public long getStartTime()
- {
- return encKdcRepPart.getStartTime().getTime();
- }
-
-
- public long getExpiryTime()
- {
- return encKdcRepPart.getEndTime().getTime();
- }
-
-
- public boolean isForwardable()
- {
- return encKdcRepPart.getFlags().isForwardable();
- }
-}
diff --git a/kerberos-client/src/main/java/org/apache/directory/kerberos/client/ChangePasswordResult.java b/kerberos-client/src/main/java/org/apache/directory/kerberos/client/ChangePasswordResult.java
deleted file mode 100644
index 87a4d35..0000000
--- a/kerberos-client/src/main/java/org/apache/directory/kerberos/client/ChangePasswordResult.java
+++ /dev/null
@@ -1,68 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-
-package org.apache.directory.kerberos.client;
-
-import java.nio.charset.StandardCharsets;
-
-/**
- * The class to hold the result of change password operation.
- *
- * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
- */
-public class ChangePasswordResult
-{
- /** the result code */
- private ChangePasswordResultCode code;
-
- /** result message */
- private String message;
-
-
- public ChangePasswordResult( byte[] userData )
- {
- // first 2 bytes contain the result code ( from 0-7 )
- int r = ( userData[0] & 0xFFFF << 8 ) + ( userData[1] & 0xFFFF );
-
- code = ChangePasswordResultCode.getByValue( r );
-
- message = new String( userData, 2, userData.length - 2, StandardCharsets.UTF_8 );
- }
-
-
- public ChangePasswordResultCode getCode()
- {
- return code;
- }
-
-
- public String getMessage()
- {
- return message;
- }
-
-
- @Override
- public String toString()
- {
- return "ChangePasswordResult [result=" + code + ", message=" + message + "]";
- }
-
-}
diff --git a/kerberos-client/src/main/java/org/apache/directory/kerberos/client/ChangePasswordResultCode.java b/kerberos-client/src/main/java/org/apache/directory/kerberos/client/ChangePasswordResultCode.java
deleted file mode 100644
index 827830a..0000000
--- a/kerberos-client/src/main/java/org/apache/directory/kerberos/client/ChangePasswordResultCode.java
+++ /dev/null
@@ -1,121 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-
-package org.apache.directory.kerberos.client;
-
-
-/**
- * The result codes returned by the change password server as defined in the <a href="http://www.ietf.org/rfc/rfc3244.txt">rfc3244</a>
- *
- * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
- */
-public enum ChangePasswordResultCode
-{
-
- /** request succeeds (This value is not allowed in a KRB-ERROR message) */
- KRB5_KPASSWD_SUCCESS(0),
-
- /** request fails due to being malformed */
- KRB5_KPASSWD_MALFORMED(1),
-
- /**
- * request fails due to "hard" error in processing the request
- * (for example, there is a resource or other problem causing
- * the request to fail)
- */
- KRB5_KPASSWD_HARDERROR(2),
-
- /** request fails due to an error in authentication processing */
- KRB5_KPASSWD_AUTHERROR(3),
-
- /** request fails due to a "soft" error in processing the request */
- KRB5_KPASSWD_SOFTERROR(4),
-
- /** requestor not authorized */
- KRB5_KPASSWD_ACCESSDENIED(5),
-
- /** protocol version unsupported */
- KRB5_KPASSWD_BAD_VERSION(6),
-
- /** initial flag required */
- KRB5_KPASSWD_INITIAL_FLAG_NEEDED(7),
-
- /** 0xFFFF(65535) is returned if the request fails for some other reason */
- OTHER(0xFFFF);
-
- private int val;
-
-
- private ChangePasswordResultCode( int val )
- {
- this.val = val;
- }
-
-
- public int getVal()
- {
- return val;
- }
-
-
- public static ChangePasswordResultCode getByValue( int code )
- {
- switch ( code )
- {
- case 0:
- return KRB5_KPASSWD_SUCCESS;
-
- case 1:
- return KRB5_KPASSWD_MALFORMED;
-
- case 2:
- return KRB5_KPASSWD_HARDERROR;
-
- case 3:
- return KRB5_KPASSWD_AUTHERROR;
-
- case 4:
- return KRB5_KPASSWD_SOFTERROR;
-
- case 5:
- return KRB5_KPASSWD_ACCESSDENIED;
-
- case 6:
- return KRB5_KPASSWD_BAD_VERSION;
-
- case 7:
- return KRB5_KPASSWD_INITIAL_FLAG_NEEDED;
-
- case 0xFFFF:
- return OTHER;
-
- default:
- throw new IllegalArgumentException( "Unknown result code " + code );
- }
- }
-
-
- @Override
- public String toString()
- {
- return super.toString() + "(" + getVal() + ")";
- }
-
-}
diff --git a/kerberos-client/src/main/java/org/apache/directory/kerberos/client/HeimdalKpasswdDecode.java b/kerberos-client/src/main/java/org/apache/directory/kerberos/client/HeimdalKpasswdDecode.java
deleted file mode 100644
index 286c984..0000000
--- a/kerberos-client/src/main/java/org/apache/directory/kerberos/client/HeimdalKpasswdDecode.java
+++ /dev/null
@@ -1,1706 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.directory.kerberos.client;
-
-
-import org.apache.directory.shared.kerberos.codec.types.EncryptionType;
-
-
-public class HeimdalKpasswdDecode extends KpasswdDecode
-{
- public HeimdalKpasswdDecode( String principal, String password, EncryptionType eType )
- {
- super( principal, password, eType );
- }
-
-
- public static void main( String[] args ) throws Exception
- {
- KpasswdDecode k = new HeimdalKpasswdDecode( "hnelson@EXAMPLE.COM", "secret00",
- EncryptionType.AES256_CTS_HMAC_SHA1_96 );
- k.decodeAsRep( asReppkt10 );
- k.decodeApReq( kpasswdApReqpkt12 );
- k.decodeApRep( kpasswdReplypkt13 );
- }
-
- //pkt10
- private static byte[] asReppkt10 =
- {
- // (byte)0x00, (byte)0x00, (byte)0x03, (byte)0x04, (byte)0x00, (byte)0x06, (byte)0x00, (byte)0x00,
- // (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x86, (byte)0xdd,
- // (byte)0x60, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x02, (byte)0xc2, (byte)0x11, (byte)0x40,
- // (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00,
- // (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x01,
- // (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00,
- // (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x01,
- // (byte)0x00, (byte)0x58, (byte)0xd1, (byte)0x0c, (byte)0x02, (byte)0xc2, (byte)0xc1, (byte)0x28,
- ( byte ) 0x6b,
- ( byte ) 0x82,
- ( byte ) 0x02,
- ( byte ) 0xb6,
- ( byte ) 0x30,
- ( byte ) 0x82,
- ( byte ) 0x02,
- ( byte ) 0xb2,
- ( byte ) 0xa0,
- ( byte ) 0x03,
- ( byte ) 0x02,
- ( byte ) 0x01,
- ( byte ) 0x05,
- ( byte ) 0xa1,
- ( byte ) 0x03,
- ( byte ) 0x02,
- ( byte ) 0x01,
- ( byte ) 0x0b,
- ( byte ) 0xa2,
- ( byte ) 0x1f,
- ( byte ) 0x30,
- ( byte ) 0x1d,
- ( byte ) 0x30,
- ( byte ) 0x1b,
- ( byte ) 0xa1,
- ( byte ) 0x03,
- ( byte ) 0x02,
- ( byte ) 0x01,
- ( byte ) 0x03,
- ( byte ) 0xa2,
- ( byte ) 0x14,
- ( byte ) 0x04,
- ( byte ) 0x12,
- ( byte ) 0x45,
- ( byte ) 0x58,
- ( byte ) 0x41,
- ( byte ) 0x4d,
- ( byte ) 0x50,
- ( byte ) 0x4c,
- ( byte ) 0x45,
- ( byte ) 0x2e,
- ( byte ) 0x43,
- ( byte ) 0x4f,
- ( byte ) 0x4d,
- ( byte ) 0x68,
- ( byte ) 0x6e,
- ( byte ) 0x65,
- ( byte ) 0x6c,
- ( byte ) 0x73,
- ( byte ) 0x6f,
- ( byte ) 0x6e,
- ( byte ) 0xa3,
- ( byte ) 0x0d,
- ( byte ) 0x1b,
- ( byte ) 0x0b,
- ( byte ) 0x45,
- ( byte ) 0x58,
- ( byte ) 0x41,
- ( byte ) 0x4d,
- ( byte ) 0x50,
- ( byte ) 0x4c,
- ( byte ) 0x45,
- ( byte ) 0x2e,
- ( byte ) 0x43,
- ( byte ) 0x4f,
- ( byte ) 0x4d,
- ( byte ) 0xa4,
- ( byte ) 0x14,
- ( byte ) 0x30,
- ( byte ) 0x12,
- ( byte ) 0xa0,
- ( byte ) 0x03,
- ( byte ) 0x02,
- ( byte ) 0x01,
- ( byte ) 0x01,
- ( byte ) 0xa1,
- ( byte ) 0x0b,
- ( byte ) 0x30,
- ( byte ) 0x09,
- ( byte ) 0x1b,
- ( byte ) 0x07,
- ( byte ) 0x68,
- ( byte ) 0x6e,
- ( byte ) 0x65,
- ( byte ) 0x6c,
- ( byte ) 0x73,
- ( byte ) 0x6f,
- ( byte ) 0x6e,
- ( byte ) 0xa5,
- ( byte ) 0x82,
- ( byte ) 0x01,
- ( byte ) 0x3f,
- ( byte ) 0x61,
- ( byte ) 0x82,
- ( byte ) 0x01,
- ( byte ) 0x3b,
- ( byte ) 0x30,
- ( byte ) 0x82,
- ( byte ) 0x01,
- ( byte ) 0x37,
- ( byte ) 0xa0,
- ( byte ) 0x03,
- ( byte ) 0x02,
- ( byte ) 0x01,
- ( byte ) 0x05,
- ( byte ) 0xa1,
- ( byte ) 0x0d,
- ( byte ) 0x1b,
- ( byte ) 0x0b,
- ( byte ) 0x45,
- ( byte ) 0x58,
- ( byte ) 0x41,
- ( byte ) 0x4d,
- ( byte ) 0x50,
- ( byte ) 0x4c,
- ( byte ) 0x45,
- ( byte ) 0x2e,
- ( byte ) 0x43,
- ( byte ) 0x4f,
- ( byte ) 0x4d,
- ( byte ) 0xa2,
- ( byte ) 0x1d,
- ( byte ) 0x30,
- ( byte ) 0x1b,
- ( byte ) 0xa0,
- ( byte ) 0x03,
- ( byte ) 0x02,
- ( byte ) 0x01,
- ( byte ) 0x01,
- ( byte ) 0xa1,
- ( byte ) 0x14,
- ( byte ) 0x30,
- ( byte ) 0x12,
- ( byte ) 0x1b,
- ( byte ) 0x06,
- ( byte ) 0x6b,
- ( byte ) 0x61,
- ( byte ) 0x64,
- ( byte ) 0x6d,
- ( byte ) 0x69,
- ( byte ) 0x6e,
- ( byte ) 0x1b,
- ( byte ) 0x08,
- ( byte ) 0x63,
- ( byte ) 0x68,
- ( byte ) 0x61,
- ( byte ) 0x6e,
- ( byte ) 0x67,
- ( byte ) 0x65,
- ( byte ) 0x70,
- ( byte ) 0x77,
- ( byte ) 0xa3, //
- ( byte ) 0x82,
- ( byte ) 0x01,
- ( byte ) 0x00,
- ( byte ) 0x30,
- ( byte ) 0x81,
- ( byte ) 0xfd,
- ( byte ) 0xa0,
- ( byte ) 0x03,
- ( byte ) 0x02,
- ( byte ) 0x01,
- ( byte ) 0x12,
- ( byte ) 0xa1,
- ( byte ) 0x03,
- ( byte ) 0x02,
- ( byte ) 0x01,
- ( byte ) 0x01,
- ( byte ) 0xa2,
- ( byte ) 0x81,
- ( byte ) 0xf0,
- ( byte ) 0x04,
- ( byte ) 0x81,
- ( byte ) 0xed,
- ( byte ) 0x18,
- ( byte ) 0xe6,
- ( byte ) 0xde,
- ( byte ) 0xba,
- ( byte ) 0xd7,
- ( byte ) 0xf5,
- ( byte ) 0xac,
- ( byte ) 0xd8,
- ( byte ) 0xe2,
- ( byte ) 0xe9,
- ( byte ) 0xe4,
- ( byte ) 0x9f,
- ( byte ) 0x7d,
- ( byte ) 0x41,
- ( byte ) 0x9b,
- ( byte ) 0xe0,
- ( byte ) 0x48,
- ( byte ) 0xc2,
- ( byte ) 0x0c,
- ( byte ) 0xca,
- ( byte ) 0x20,
- ( byte ) 0x23,
- ( byte ) 0xdf,
- ( byte ) 0xdb,
- ( byte ) 0xc5,
- ( byte ) 0x9b,
- ( byte ) 0x92,
- ( byte ) 0xd9,
- ( byte ) 0x72,
- ( byte ) 0xce,
- ( byte ) 0x17,
- ( byte ) 0xc2,
- ( byte ) 0xc3,
- ( byte ) 0xe9,
- ( byte ) 0xfc,
- ( byte ) 0xfa,
- ( byte ) 0x5a,
- ( byte ) 0xf3,
- ( byte ) 0xa6,
- ( byte ) 0xb9,
- ( byte ) 0x7f,
- ( byte ) 0x05,
- ( byte ) 0x54,
- ( byte ) 0x90,
- ( byte ) 0xff,
- ( byte ) 0xa0,
- ( byte ) 0x5d,
- ( byte ) 0x61,
- ( byte ) 0x05,
- ( byte ) 0x61,
- ( byte ) 0x54,
- ( byte ) 0xde,
- ( byte ) 0xf7,
- ( byte ) 0x87,
- ( byte ) 0x0e,
- ( byte ) 0x38,
- ( byte ) 0xfa,
- ( byte ) 0xbd,
- ( byte ) 0x6b,
- ( byte ) 0xbe,
- ( byte ) 0x6b,
- ( byte ) 0x14,
- ( byte ) 0x12,
- ( byte ) 0x53,
- ( byte ) 0x64,
- ( byte ) 0x9c,
- ( byte ) 0x23,
- ( byte ) 0xfe,
- ( byte ) 0x47,
- ( byte ) 0xd0,
- ( byte ) 0x39,
- ( byte ) 0x07,
- ( byte ) 0xdb,
- ( byte ) 0xb6,
- ( byte ) 0x18,
- ( byte ) 0xaa,
- ( byte ) 0x04,
- ( byte ) 0x44,
- ( byte ) 0xfd,
- ( byte ) 0x28,
- ( byte ) 0xa0,
- ( byte ) 0x64,
- ( byte ) 0xc5,
- ( byte ) 0x31,
- ( byte ) 0x3d,
- ( byte ) 0xc2,
- ( byte ) 0x2e,
- ( byte ) 0xe9,
- ( byte ) 0xb2,
- ( byte ) 0x5e,
- ( byte ) 0xdb,
- ( byte ) 0x2c,
- ( byte ) 0xd2,
- ( byte ) 0x7c,
- ( byte ) 0x53,
- ( byte ) 0x45,
- ( byte ) 0xf5,
- ( byte ) 0x1a,
- ( byte ) 0x9b,
- ( byte ) 0x62,
- ( byte ) 0xbe,
- ( byte ) 0x1a,
- ( byte ) 0xdc,
- ( byte ) 0xd4,
- ( byte ) 0x1a,
- ( byte ) 0xf9,
- ( byte ) 0x0c,
- ( byte ) 0x70,
- ( byte ) 0x29,
- ( byte ) 0xc4,
- ( byte ) 0x46,
- ( byte ) 0x51,
- ( byte ) 0x4d,
- ( byte ) 0x69,
- ( byte ) 0xf8,
- ( byte ) 0x20,
- ( byte ) 0x8e,
- ( byte ) 0x0e,
- ( byte ) 0x11,
- ( byte ) 0x89,
- ( byte ) 0x06,
- ( byte ) 0x28,
- ( byte ) 0xfa,
- ( byte ) 0x48,
- ( byte ) 0x43,
- ( byte ) 0x81,
- ( byte ) 0x1e,
- ( byte ) 0xbc,
- ( byte ) 0x48,
- ( byte ) 0x09,
- ( byte ) 0x6e,
- ( byte ) 0x0f,
- ( byte ) 0x5f,
- ( byte ) 0x0f,
- ( byte ) 0x79,
- ( byte ) 0x16,
- ( byte ) 0x1a,
- ( byte ) 0xeb,
- ( byte ) 0xd1,
- ( byte ) 0x8b,
- ( byte ) 0xdf,
- ( byte ) 0x5e,
- ( byte ) 0x3f,
- ( byte ) 0xc5,
- ( byte ) 0x5f,
- ( byte ) 0xee,
- ( byte ) 0xdd,
- ( byte ) 0x1f,
- ( byte ) 0xc4,
- ( byte ) 0x52,
- ( byte ) 0x8d,
- ( byte ) 0xa0,
- ( byte ) 0xcd,
- ( byte ) 0x68,
- ( byte ) 0xea,
- ( byte ) 0x87,
- ( byte ) 0xc9,
- ( byte ) 0x16,
- ( byte ) 0xe7,
- ( byte ) 0x51,
- ( byte ) 0x85,
- ( byte ) 0xfb,
- ( byte ) 0x8a,
- ( byte ) 0x71,
- ( byte ) 0x9f,
- ( byte ) 0x1f,
- ( byte ) 0x67,
- ( byte ) 0x33,
- ( byte ) 0x7c,
- ( byte ) 0x9b,
- ( byte ) 0x00,
- ( byte ) 0x86,
- ( byte ) 0x9c,
- ( byte ) 0x07,
- ( byte ) 0x0e,
- ( byte ) 0xbd,
- ( byte ) 0xb6,
- ( byte ) 0x6e,
- ( byte ) 0x91,
- ( byte ) 0x57,
- ( byte ) 0xc2,
- ( byte ) 0x7f,
- ( byte ) 0xc7,
- ( byte ) 0xae,
- ( byte ) 0x0e,
- ( byte ) 0x94,
- ( byte ) 0x27,
- ( byte ) 0xf4,
- ( byte ) 0xb3,
- ( byte ) 0x25,
- ( byte ) 0xe3,
- ( byte ) 0xa0,
- ( byte ) 0x5b,
- ( byte ) 0xd5,
- ( byte ) 0x1d,
- ( byte ) 0x4c,
- ( byte ) 0x40,
- ( byte ) 0x90,
- ( byte ) 0x57,
- ( byte ) 0xad,
- ( byte ) 0x09,
- ( byte ) 0xa7,
- ( byte ) 0xbe,
- ( byte ) 0xd8,
- ( byte ) 0x56,
- ( byte ) 0x37,
- ( byte ) 0xe8,
- ( byte ) 0xeb,
- ( byte ) 0xae,
- ( byte ) 0xd9,
- ( byte ) 0x0b,
- ( byte ) 0x9e,
- ( byte ) 0x17,
- ( byte ) 0x67,
- ( byte ) 0x14,
- ( byte ) 0x39,
- ( byte ) 0x72,
- ( byte ) 0x37,
- ( byte ) 0xd5,
- ( byte ) 0xa4,
- ( byte ) 0xd8,
- ( byte ) 0xa1,
- ( byte ) 0x27,
- ( byte ) 0xe8,
- ( byte ) 0x71,
- ( byte ) 0xad,
- ( byte ) 0xb5,
- ( byte ) 0x35,
- ( byte ) 0x7f,
- ( byte ) 0x80,
- ( byte ) 0x80,
- ( byte ) 0x1a,
- ( byte ) 0xdf,
- ( byte ) 0x1f,
- ( byte ) 0x6f,
- ( byte ) 0x38,
- ( byte ) 0xae,
- ( byte ) 0xa6,
- ( byte ) 0x82,
- ( byte ) 0x01,
- ( byte ) 0x1b,
- ( byte ) 0x30,
- ( byte ) 0x82,
- ( byte ) 0x01,
- ( byte ) 0x17,
- ( byte ) 0xa0,
- ( byte ) 0x03,
- ( byte ) 0x02,
- ( byte ) 0x01,
- ( byte ) 0x12,
- ( byte ) 0xa1,
- ( byte ) 0x03,
- ( byte ) 0x02,
- ( byte ) 0x01,
- ( byte ) 0x02,
- ( byte ) 0xa2,
- ( byte ) 0x82,
- ( byte ) 0x01,
- ( byte ) 0x09,
- ( byte ) 0x04,
- ( byte ) 0x82,
- ( byte ) 0x01,
- ( byte ) 0x05,
- ( byte ) 0x5b,
- ( byte ) 0x1c,
- ( byte ) 0xee,
- ( byte ) 0x66,
- ( byte ) 0x13,
- ( byte ) 0x42,
- ( byte ) 0x1b,
- ( byte ) 0x1c,
- ( byte ) 0x7e,
- ( byte ) 0xba,
- ( byte ) 0x0b,
- ( byte ) 0xa6,
- ( byte ) 0xc0,
- ( byte ) 0x30,
- ( byte ) 0xa5,
- ( byte ) 0xba,
- ( byte ) 0x8e,
- ( byte ) 0xce,
- ( byte ) 0x9a,
- ( byte ) 0xe7,
- ( byte ) 0xb1,
- ( byte ) 0x21,
- ( byte ) 0x95,
- ( byte ) 0x6e,
- ( byte ) 0xc9,
- ( byte ) 0xb3,
- ( byte ) 0x7f,
- ( byte ) 0xe4,
- ( byte ) 0x92,
- ( byte ) 0x0d,
- ( byte ) 0x78,
- ( byte ) 0x72,
- ( byte ) 0x02,
- ( byte ) 0x36,
- ( byte ) 0x46,
- ( byte ) 0x33,
- ( byte ) 0x2b,
- ( byte ) 0x73,
- ( byte ) 0xb4,
- ( byte ) 0x68,
- ( byte ) 0xdf,
- ( byte ) 0x32,
- ( byte ) 0x6f,
- ( byte ) 0x6c,
- ( byte ) 0x85,
- ( byte ) 0xb3,
- ( byte ) 0x82,
- ( byte ) 0x09,
- ( byte ) 0x49,
- ( byte ) 0xa7,
- ( byte ) 0x3b,
- ( byte ) 0x3d,
- ( byte ) 0xb9,
- ( byte ) 0x51,
- ( byte ) 0xdd,
- ( byte ) 0x48,
- ( byte ) 0x3e,
- ( byte ) 0xda,
- ( byte ) 0x17,
- ( byte ) 0x63,
- ( byte ) 0xaf,
- ( byte ) 0xef,
- ( byte ) 0xb4,
- ( byte ) 0x1c,
- ( byte ) 0xcb,
- ( byte ) 0x3f,
- ( byte ) 0x82,
- ( byte ) 0xba,
- ( byte ) 0x42,
- ( byte ) 0xda,
- ( byte ) 0x9b,
- ( byte ) 0xf0,
- ( byte ) 0x67,
- ( byte ) 0xf5,
- ( byte ) 0x00,
- ( byte ) 0xfd,
- ( byte ) 0xdc,
- ( byte ) 0x31,
- ( byte ) 0xf6,
- ( byte ) 0xde,
- ( byte ) 0xd9,
- ( byte ) 0x6b,
- ( byte ) 0x25,
- ( byte ) 0x0d,
- ( byte ) 0x5d,
- ( byte ) 0x2d,
- ( byte ) 0x48,
- ( byte ) 0xba,
- ( byte ) 0xb4,
- ( byte ) 0x59,
- ( byte ) 0x94,
- ( byte ) 0x68,
- ( byte ) 0xa1,
- ( byte ) 0xcf,
- ( byte ) 0x39,
- ( byte ) 0x64,
- ( byte ) 0x6f,
- ( byte ) 0xf5,
- ( byte ) 0xf5,
- ( byte ) 0x05,
- ( byte ) 0x08,
- ( byte ) 0xdc,
- ( byte ) 0xe3,
- ( byte ) 0xec,
- ( byte ) 0x0e,
- ( byte ) 0x94,
- ( byte ) 0xa9,
- ( byte ) 0x0b,
- ( byte ) 0x83,
- ( byte ) 0xa7,
- ( byte ) 0xca,
- ( byte ) 0x21,
- ( byte ) 0x26,
- ( byte ) 0xe9,
- ( byte ) 0x5f,
- ( byte ) 0xed,
- ( byte ) 0x69,
- ( byte ) 0x64,
- ( byte ) 0x77,
- ( byte ) 0x18,
- ( byte ) 0x5e,
- ( byte ) 0x5c,
- ( byte ) 0x5e,
- ( byte ) 0x01,
- ( byte ) 0xa4,
- ( byte ) 0x2e,
- ( byte ) 0x71,
- ( byte ) 0xf5,
- ( byte ) 0x8f,
- ( byte ) 0xc5,
- ( byte ) 0x49,
- ( byte ) 0x77,
- ( byte ) 0xb3,
- ( byte ) 0x71,
- ( byte ) 0xb6,
- ( byte ) 0x8f,
- ( byte ) 0xf5,
- ( byte ) 0x02,
- ( byte ) 0xe8,
- ( byte ) 0x1b,
- ( byte ) 0xaa,
- ( byte ) 0x06,
- ( byte ) 0x09,
- ( byte ) 0x09,
- ( byte ) 0x29,
- ( byte ) 0xa5,
- ( byte ) 0x13,
- ( byte ) 0xfd,
- ( byte ) 0x32,
- ( byte ) 0x23,
- ( byte ) 0x61,
- ( byte ) 0xde,
- ( byte ) 0x98,
- ( byte ) 0x4b,
- ( byte ) 0x70,
- ( byte ) 0xea,
- ( byte ) 0x2d,
- ( byte ) 0x55,
- ( byte ) 0x1a,
- ( byte ) 0xcf,
- ( byte ) 0x89,
- ( byte ) 0xd9,
- ( byte ) 0x46,
- ( byte ) 0xb2,
- ( byte ) 0x44,
- ( byte ) 0xa9,
- ( byte ) 0x1d,
- ( byte ) 0xc8,
- ( byte ) 0x79,
- ( byte ) 0x42,
- ( byte ) 0x1e,
- ( byte ) 0x0e,
- ( byte ) 0xb1,
- ( byte ) 0xd1,
- ( byte ) 0x21,
- ( byte ) 0x80,
- ( byte ) 0x9a,
- ( byte ) 0x21,
- ( byte ) 0x15,
- ( byte ) 0x35,
- ( byte ) 0x5e,
- ( byte ) 0x32,
- ( byte ) 0x21,
- ( byte ) 0x89,
- ( byte ) 0x71,
- ( byte ) 0x61,
- ( byte ) 0x31,
- ( byte ) 0xa9,
- ( byte ) 0x91,
- ( byte ) 0xc0,
- ( byte ) 0x22,
- ( byte ) 0x19,
- ( byte ) 0x22,
- ( byte ) 0x37,
- ( byte ) 0xaf,
- ( byte ) 0xb8,
- ( byte ) 0x6c,
- ( byte ) 0x90,
- ( byte ) 0x7c,
- ( byte ) 0xbb,
- ( byte ) 0xb4,
- ( byte ) 0xbd,
- ( byte ) 0x46,
- ( byte ) 0x9e,
- ( byte ) 0x90,
- ( byte ) 0x36,
- ( byte ) 0x78,
- ( byte ) 0x77,
- ( byte ) 0x58,
- ( byte ) 0xcb,
- ( byte ) 0x18,
- ( byte ) 0xbd,
- ( byte ) 0xaa,
- ( byte ) 0xba,
- ( byte ) 0x35,
- ( byte ) 0x6f,
- ( byte ) 0x01,
- ( byte ) 0xc1,
- ( byte ) 0x58,
- ( byte ) 0x07,
- ( byte ) 0x8e,
- ( byte ) 0xb6,
- ( byte ) 0xe5,
- ( byte ) 0x7e,
- ( byte ) 0xa1,
- ( byte ) 0x8c,
- ( byte ) 0xbb,
- ( byte ) 0xb5,
- ( byte ) 0xf4,
- ( byte ) 0xab,
- ( byte ) 0xbf,
- ( byte ) 0xe6,
- ( byte ) 0xcd,
- ( byte ) 0x48,
- ( byte ) 0xea,
- ( byte ) 0xb7,
- ( byte ) 0x37,
- ( byte ) 0x81,
- ( byte ) 0x26,
- ( byte ) 0x1e,
- ( byte ) 0x32,
- ( byte ) 0x2b,
- ( byte ) 0xd4,
- ( byte ) 0x90,
- ( byte ) 0x0d,
- ( byte ) 0x29,
- ( byte ) 0xa9,
- ( byte ) 0x60,
- ( byte ) 0x90,
- ( byte ) 0x3c,
- ( byte ) 0xb6,
- ( byte ) 0x4b,
- ( byte ) 0xdd,
- ( byte ) 0x37,
- ( byte ) 0x81,
- ( byte ) 0xa4,
- ( byte ) 0x76,
- ( byte ) 0x73,
- ( byte ) 0x6c,
- ( byte ) 0x23,
- ( byte ) 0x43 };
-
- private static byte[] kpasswdApReqpkt12 =
- {
- // (byte)0x00, (byte)0x00, (byte)0x03, (byte)0x04, (byte)0x00, (byte)0x06, (byte)0x00, (byte)0x00,
- // (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x86, (byte)0xdd,
- // (byte)0x60, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x02, (byte)0xb1, (byte)0x11, (byte)0x40,
- // (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00,
- // (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x01,
- // (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00,
- // (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x01,
- // (byte)0x9c, (byte)0x20, (byte)0x01, (byte)0xd0, (byte)0x02, (byte)0xb1, (byte)0x1a, (byte)0xf1,
- ( byte ) 0x02,
- ( byte ) 0xa9,
- ( byte ) 0xff,
- ( byte ) 0x80,
- ( byte ) 0x02,
- ( byte ) 0x08,
- ( byte ) 0x6e,
- ( byte ) 0x82,
- ( byte ) 0x02,
- ( byte ) 0x04,
- ( byte ) 0x30,
- ( byte ) 0x82,
- ( byte ) 0x02,
- ( byte ) 0x00,
- ( byte ) 0xa0,
- ( byte ) 0x03,
- ( byte ) 0x02,
- ( byte ) 0x01,
- ( byte ) 0x05,
- ( byte ) 0xa1,
- ( byte ) 0x03,
- ( byte ) 0x02,
- ( byte ) 0x01,
- ( byte ) 0x0e,
- ( byte ) 0xa2,
- ( byte ) 0x07,
- ( byte ) 0x03,
- ( byte ) 0x05,
- ( byte ) 0x00,
- ( byte ) 0x20,
- ( byte ) 0x00,
- ( byte ) 0x00,
- ( byte ) 0x00,
- ( byte ) 0xa3,
- ( byte ) 0x82,
- ( byte ) 0x01,
- ( byte ) 0x3f,
- ( byte ) 0x61,
- ( byte ) 0x82,
- ( byte ) 0x01,
- ( byte ) 0x3b,
- ( byte ) 0x30,
- ( byte ) 0x82,
- ( byte ) 0x01,
- ( byte ) 0x37,
- ( byte ) 0xa0,
- ( byte ) 0x03,
- ( byte ) 0x02,
- ( byte ) 0x01,
- ( byte ) 0x05,
- ( byte ) 0xa1,
- ( byte ) 0x0d,
- ( byte ) 0x1b,
- ( byte ) 0x0b,
- ( byte ) 0x45,
- ( byte ) 0x58,
- ( byte ) 0x41,
- ( byte ) 0x4d,
- ( byte ) 0x50,
- ( byte ) 0x4c,
- ( byte ) 0x45,
- ( byte ) 0x2e,
- ( byte ) 0x43,
- ( byte ) 0x4f,
- ( byte ) 0x4d,
- ( byte ) 0xa2,
- ( byte ) 0x1d,
- ( byte ) 0x30,
- ( byte ) 0x1b,
- ( byte ) 0xa0,
- ( byte ) 0x03,
- ( byte ) 0x02,
- ( byte ) 0x01,
- ( byte ) 0x01,
- ( byte ) 0xa1,
- ( byte ) 0x14,
- ( byte ) 0x30,
- ( byte ) 0x12,
- ( byte ) 0x1b,
- ( byte ) 0x06,
- ( byte ) 0x6b,
- ( byte ) 0x61,
- ( byte ) 0x64,
- ( byte ) 0x6d,
- ( byte ) 0x69,
- ( byte ) 0x6e,
- ( byte ) 0x1b,
- ( byte ) 0x08,
- ( byte ) 0x63,
- ( byte ) 0x68,
- ( byte ) 0x61,
- ( byte ) 0x6e,
- ( byte ) 0x67,
- ( byte ) 0x65,
- ( byte ) 0x70,
- ( byte ) 0x77,
- ( byte ) 0xa3,
- ( byte ) 0x82,
- ( byte ) 0x01,
- ( byte ) 0x00,
- ( byte ) 0x30,
- ( byte ) 0x81,
- ( byte ) 0xfd,
- ( byte ) 0xa0,
- ( byte ) 0x03,
- ( byte ) 0x02,
- ( byte ) 0x01,
- ( byte ) 0x12,
- ( byte ) 0xa1,
- ( byte ) 0x03,
- ( byte ) 0x02,
- ( byte ) 0x01,
- ( byte ) 0x01,
- ( byte ) 0xa2,
- ( byte ) 0x81,
- ( byte ) 0xf0,
- ( byte ) 0x04,
- ( byte ) 0x81,
- ( byte ) 0xed,
- ( byte ) 0x18,
- ( byte ) 0xe6,
- ( byte ) 0xde,
- ( byte ) 0xba,
- ( byte ) 0xd7,
- ( byte ) 0xf5,
- ( byte ) 0xac,
- ( byte ) 0xd8,
- ( byte ) 0xe2,
- ( byte ) 0xe9,
- ( byte ) 0xe4,
- ( byte ) 0x9f,
- ( byte ) 0x7d,
- ( byte ) 0x41,
- ( byte ) 0x9b,
- ( byte ) 0xe0,
- ( byte ) 0x48,
- ( byte ) 0xc2,
- ( byte ) 0x0c,
- ( byte ) 0xca,
- ( byte ) 0x20,
- ( byte ) 0x23,
- ( byte ) 0xdf,
- ( byte ) 0xdb,
- ( byte ) 0xc5,
- ( byte ) 0x9b,
- ( byte ) 0x92,
- ( byte ) 0xd9,
- ( byte ) 0x72,
- ( byte ) 0xce,
- ( byte ) 0x17,
- ( byte ) 0xc2,
- ( byte ) 0xc3,
- ( byte ) 0xe9,
- ( byte ) 0xfc,
- ( byte ) 0xfa,
- ( byte ) 0x5a,
- ( byte ) 0xf3,
- ( byte ) 0xa6,
- ( byte ) 0xb9,
- ( byte ) 0x7f,
- ( byte ) 0x05,
- ( byte ) 0x54,
- ( byte ) 0x90,
- ( byte ) 0xff,
- ( byte ) 0xa0,
- ( byte ) 0x5d,
- ( byte ) 0x61,
- ( byte ) 0x05,
- ( byte ) 0x61,
- ( byte ) 0x54,
- ( byte ) 0xde,
- ( byte ) 0xf7,
- ( byte ) 0x87,
- ( byte ) 0x0e,
- ( byte ) 0x38,
- ( byte ) 0xfa,
- ( byte ) 0xbd,
- ( byte ) 0x6b,
- ( byte ) 0xbe,
- ( byte ) 0x6b,
- ( byte ) 0x14,
- ( byte ) 0x12,
- ( byte ) 0x53,
- ( byte ) 0x64,
- ( byte ) 0x9c,
- ( byte ) 0x23,
- ( byte ) 0xfe,
- ( byte ) 0x47,
- ( byte ) 0xd0,
- ( byte ) 0x39,
- ( byte ) 0x07,
- ( byte ) 0xdb,
- ( byte ) 0xb6,
- ( byte ) 0x18,
- ( byte ) 0xaa,
- ( byte ) 0x04,
- ( byte ) 0x44,
- ( byte ) 0xfd,
- ( byte ) 0x28,
- ( byte ) 0xa0,
- ( byte ) 0x64,
- ( byte ) 0xc5,
- ( byte ) 0x31,
- ( byte ) 0x3d,
- ( byte ) 0xc2,
- ( byte ) 0x2e,
- ( byte ) 0xe9,
- ( byte ) 0xb2,
- ( byte ) 0x5e,
- ( byte ) 0xdb,
- ( byte ) 0x2c,
- ( byte ) 0xd2,
- ( byte ) 0x7c,
- ( byte ) 0x53,
- ( byte ) 0x45,
- ( byte ) 0xf5,
- ( byte ) 0x1a,
- ( byte ) 0x9b,
- ( byte ) 0x62,
- ( byte ) 0xbe,
- ( byte ) 0x1a,
- ( byte ) 0xdc,
- ( byte ) 0xd4,
- ( byte ) 0x1a,
- ( byte ) 0xf9,
- ( byte ) 0x0c,
- ( byte ) 0x70,
- ( byte ) 0x29,
- ( byte ) 0xc4,
- ( byte ) 0x46,
- ( byte ) 0x51,
- ( byte ) 0x4d,
- ( byte ) 0x69,
- ( byte ) 0xf8,
- ( byte ) 0x20,
- ( byte ) 0x8e,
- ( byte ) 0x0e,
- ( byte ) 0x11,
- ( byte ) 0x89,
- ( byte ) 0x06,
- ( byte ) 0x28,
- ( byte ) 0xfa,
- ( byte ) 0x48,
- ( byte ) 0x43,
- ( byte ) 0x81,
- ( byte ) 0x1e,
- ( byte ) 0xbc,
- ( byte ) 0x48,
- ( byte ) 0x09,
- ( byte ) 0x6e,
- ( byte ) 0x0f,
- ( byte ) 0x5f,
- ( byte ) 0x0f,
- ( byte ) 0x79,
- ( byte ) 0x16,
- ( byte ) 0x1a,
- ( byte ) 0xeb,
- ( byte ) 0xd1,
- ( byte ) 0x8b,
- ( byte ) 0xdf,
- ( byte ) 0x5e,
- ( byte ) 0x3f,
- ( byte ) 0xc5,
- ( byte ) 0x5f,
- ( byte ) 0xee,
- ( byte ) 0xdd,
- ( byte ) 0x1f,
- ( byte ) 0xc4,
- ( byte ) 0x52,
- ( byte ) 0x8d,
- ( byte ) 0xa0,
- ( byte ) 0xcd,
- ( byte ) 0x68,
- ( byte ) 0xea,
- ( byte ) 0x87,
- ( byte ) 0xc9,
- ( byte ) 0x16,
- ( byte ) 0xe7,
- ( byte ) 0x51,
- ( byte ) 0x85,
- ( byte ) 0xfb,
- ( byte ) 0x8a,
- ( byte ) 0x71,
- ( byte ) 0x9f,
- ( byte ) 0x1f,
- ( byte ) 0x67,
- ( byte ) 0x33,
- ( byte ) 0x7c,
- ( byte ) 0x9b,
- ( byte ) 0x00,
- ( byte ) 0x86,
- ( byte ) 0x9c,
- ( byte ) 0x07,
- ( byte ) 0x0e,
- ( byte ) 0xbd,
- ( byte ) 0xb6,
- ( byte ) 0x6e,
- ( byte ) 0x91,
- ( byte ) 0x57,
- ( byte ) 0xc2,
- ( byte ) 0x7f,
- ( byte ) 0xc7,
- ( byte ) 0xae,
- ( byte ) 0x0e,
- ( byte ) 0x94,
- ( byte ) 0x27,
- ( byte ) 0xf4,
- ( byte ) 0xb3,
- ( byte ) 0x25,
- ( byte ) 0xe3,
- ( byte ) 0xa0,
- ( byte ) 0x5b,
- ( byte ) 0xd5,
- ( byte ) 0x1d,
- ( byte ) 0x4c,
- ( byte ) 0x40,
- ( byte ) 0x90,
- ( byte ) 0x57,
- ( byte ) 0xad,
- ( byte ) 0x09,
- ( byte ) 0xa7,
- ( byte ) 0xbe,
- ( byte ) 0xd8,
- ( byte ) 0x56,
- ( byte ) 0x37,
- ( byte ) 0xe8,
- ( byte ) 0xeb,
- ( byte ) 0xae,
- ( byte ) 0xd9,
- ( byte ) 0x0b,
- ( byte ) 0x9e,
- ( byte ) 0x17,
- ( byte ) 0x67,
- ( byte ) 0x14,
- ( byte ) 0x39,
- ( byte ) 0x72,
- ( byte ) 0x37,
- ( byte ) 0xd5,
- ( byte ) 0xa4,
- ( byte ) 0xd8,
- ( byte ) 0xa1,
- ( byte ) 0x27,
- ( byte ) 0xe8,
- ( byte ) 0x71,
- ( byte ) 0xad,
- ( byte ) 0xb5,
- ( byte ) 0x35,
- ( byte ) 0x7f,
- ( byte ) 0x80,
- ( byte ) 0x80,
- ( byte ) 0x1a,
- ( byte ) 0xdf,
- ( byte ) 0x1f,
- ( byte ) 0x6f,
- ( byte ) 0x38,
- ( byte ) 0xae,
- ( byte ) 0xa4,
- ( byte ) 0x81,
- ( byte ) 0xa7,
- ( byte ) 0x30,
- ( byte ) 0x81,
- ( byte ) 0xa4,
- ( byte ) 0xa0,
- ( byte ) 0x03,
- ( byte ) 0x02,
- ( byte ) 0x01,
- ( byte ) 0x12,
- ( byte ) 0xa2,
- ( byte ) 0x81,
- ( byte ) 0x9c,
- ( byte ) 0x04,
- ( byte ) 0x81,
- ( byte ) 0x99,
- ( byte ) 0xb5,
- ( byte ) 0x17,
- ( byte ) 0x08,
- ( byte ) 0xff,
- ( byte ) 0xea,
- ( byte ) 0xf3,
- ( byte ) 0x84,
- ( byte ) 0xde,
- ( byte ) 0x79,
- ( byte ) 0x93,
- ( byte ) 0xe7,
- ( byte ) 0x9a,
- ( byte ) 0xa3,
- ( byte ) 0x80,
- ( byte ) 0xdc,
- ( byte ) 0x62,
- ( byte ) 0x25,
- ( byte ) 0x55,
- ( byte ) 0x52,
- ( byte ) 0xc6,
- ( byte ) 0x00,
- ( byte ) 0x0e,
- ( byte ) 0x67,
- ( byte ) 0xa3,
- ( byte ) 0x3a,
- ( byte ) 0xb7,
- ( byte ) 0x39,
- ( byte ) 0x24,
- ( byte ) 0x48,
- ( byte ) 0x3c,
- ( byte ) 0x7d,
- ( byte ) 0x74,
- ( byte ) 0xcf,
- ( byte ) 0xd1,
- ( byte ) 0xcf,
- ( byte ) 0x8a,
- ( byte ) 0xf6,
- ( byte ) 0x1f,
- ( byte ) 0xfe,
- ( byte ) 0xc8,
- ( byte ) 0x1c,
- ( byte ) 0xea,
- ( byte ) 0x1f,
- ( byte ) 0xdd,
- ( byte ) 0xb2,
- ( byte ) 0x7d,
- ( byte ) 0x26,
- ( byte ) 0x60,
- ( byte ) 0x8e,
- ( byte ) 0x26,
- ( byte ) 0x23,
- ( byte ) 0x6b,
- ( byte ) 0x38,
- ( byte ) 0x0b,
- ( byte ) 0x2a,
- ( byte ) 0x3d,
- ( byte ) 0x3d,
- ( byte ) 0x56,
- ( byte ) 0xd3,
- ( byte ) 0xe9,
- ( byte ) 0x8b,
- ( byte ) 0xc8,
- ( byte ) 0xe8,
- ( byte ) 0x27,
- ( byte ) 0xa0,
- ( byte ) 0x51,
- ( byte ) 0x6c,
- ( byte ) 0xa6,
- ( byte ) 0xf2,
- ( byte ) 0xf3,
- ( byte ) 0x37,
- ( byte ) 0xc9,
- ( byte ) 0x74,
- ( byte ) 0xff,
- ( byte ) 0xa4,
- ( byte ) 0xdc,
- ( byte ) 0x0e,
- ( byte ) 0x93,
- ( byte ) 0x18,
- ( byte ) 0x73,
- ( byte ) 0x97,
- ( byte ) 0x3d,
- ( byte ) 0x60,
- ( byte ) 0xa4,
- ( byte ) 0x19,
- ( byte ) 0xa2,
- ( byte ) 0xac,
- ( byte ) 0x2a,
- ( byte ) 0xef,
- ( byte ) 0x79,
- ( byte ) 0x5c,
- ( byte ) 0x05,
- ( byte ) 0x7d,
- ( byte ) 0xf6,
- ( byte ) 0xc4,
- ( byte ) 0x34,
- ( byte ) 0x41,
- ( byte ) 0x36,
- ( byte ) 0xe5,
- ( byte ) 0xdc,
- ( byte ) 0x91,
- ( byte ) 0x46,
- ( byte ) 0x2e,
- ( byte ) 0x6f,
- ( byte ) 0xfb,
- ( byte ) 0x4f,
- ( byte ) 0x40,
- ( byte ) 0xe7,
- ( byte ) 0x34,
- ( byte ) 0x38,
- ( byte ) 0x6e,
- ( byte ) 0x2c,
- ( byte ) 0x6e,
- ( byte ) 0x95,
- ( byte ) 0x87,
- ( byte ) 0x32,
- ( byte ) 0x22,
- ( byte ) 0x10,
- ( byte ) 0xec,
- ( byte ) 0xa0,
- ( byte ) 0x6e,
- ( byte ) 0xaa,
- ( byte ) 0xdb,
- ( byte ) 0x93,
- ( byte ) 0x76,
- ( byte ) 0x79,
- ( byte ) 0x81,
- ( byte ) 0x6a,
- ( byte ) 0xc0,
- ( byte ) 0x0b,
- ( byte ) 0xd2,
- ( byte ) 0xac,
- ( byte ) 0xbb,
- ( byte ) 0xc3,
- ( byte ) 0x21,
- ( byte ) 0x97,
- ( byte ) 0xc4,
- ( byte ) 0x85,
- ( byte ) 0x8a,
- ( byte ) 0x8e,
- ( byte ) 0x00,
- ( byte ) 0xdf,
- ( byte ) 0x61,
- ( byte ) 0x6e,
- ( byte ) 0xb5,
- ( byte ) 0x7c,
- ( byte ) 0xf6,
- ( byte ) 0x51,
- ( byte ) 0x0c,
- ( byte ) 0xf3,
- ( byte ) 0x72,
- ( byte ) 0xf7,
- ( byte ) 0xaf,
- ( byte ) 0x75,
- ( byte ) 0x81,
- ( byte ) 0x98,
- ( byte ) 0x30,
- ( byte ) 0x81,
- ( byte ) 0x95,
- ( byte ) 0xa0,
- ( byte ) 0x03,
- ( byte ) 0x02,
- ( byte ) 0x01,
- ( byte ) 0x05,
- ( byte ) 0xa1,
- ( byte ) 0x03,
- ( byte ) 0x02,
- ( byte ) 0x01,
- ( byte ) 0x15,
- ( byte ) 0xa3,
- ( byte ) 0x81,
- ( byte ) 0x88,
- ( byte ) 0x30,
- ( byte ) 0x81,
- ( byte ) 0x85,
- ( byte ) 0xa0,
- ( byte ) 0x03,
- ( byte ) 0x02,
- ( byte ) 0x01,
- ( byte ) 0x12,
- ( byte ) 0xa2,
- ( byte ) 0x7e,
- ( byte ) 0x04,
- ( byte ) 0x7c,
- ( byte ) 0x9c,
- ( byte ) 0x67,
- ( byte ) 0xf7,
- ( byte ) 0x1c,
- ( byte ) 0x77,
- ( byte ) 0xe8,
- ( byte ) 0x65,
- ( byte ) 0x40,
- ( byte ) 0x2a,
- ( byte ) 0xc5,
- ( byte ) 0xcc,
- ( byte ) 0x7e,
- ( byte ) 0x48,
- ( byte ) 0xd4,
- ( byte ) 0x02,
- ( byte ) 0xf6,
- ( byte ) 0x97,
- ( byte ) 0x02,
- ( byte ) 0xee,
- ( byte ) 0x9e,
- ( byte ) 0x1f,
- ( byte ) 0xe4,
- ( byte ) 0xab,
- ( byte ) 0xe7,
- ( byte ) 0x99,
- ( byte ) 0x9c,
- ( byte ) 0x50,
- ( byte ) 0x17,
- ( byte ) 0x99,
- ( byte ) 0xf6,
- ( byte ) 0xa5,
- ( byte ) 0x56,
- ( byte ) 0x40,
- ( byte ) 0x2e,
- ( byte ) 0xcd,
- ( byte ) 0x3c,
- ( byte ) 0x26,
- ( byte ) 0xa2,
- ( byte ) 0x41,
- ( byte ) 0x9a,
- ( byte ) 0x62,
- ( byte ) 0xfc,
- ( byte ) 0x42,
- ( byte ) 0x01,
- ( byte ) 0x02,
- ( byte ) 0x69,
- ( byte ) 0x80,
- ( byte ) 0x8a,
- ( byte ) 0x3a,
- ( byte ) 0x64,
- ( byte ) 0xfa,
- ( byte ) 0xe7,
- ( byte ) 0x36,
- ( byte ) 0xfe,
- ( byte ) 0x51,
- ( byte ) 0xbe,
- ( byte ) 0x34,
- ( byte ) 0x3a,
- ( byte ) 0x2c,
- ( byte ) 0x3e,
- ( byte ) 0xa8,
- ( byte ) 0x7d,
- ( byte ) 0xaf,
- ( byte ) 0x01,
- ( byte ) 0xba,
- ( byte ) 0x5f,
- ( byte ) 0xc0,
- ( byte ) 0xc3,
- ( byte ) 0x6c,
- ( byte ) 0x43,
- ( byte ) 0x13,
- ( byte ) 0x77,
- ( byte ) 0x5d,
- ( byte ) 0x77,
- ( byte ) 0x4d,
- ( byte ) 0xe9,
- ( byte ) 0x6c,
- ( byte ) 0x95,
- ( byte ) 0xb1,
- ( byte ) 0x93,
- ( byte ) 0x0f,
- ( byte ) 0xeb,
- ( byte ) 0xf3,
- ( byte ) 0x18,
- ( byte ) 0x5e,
- ( byte ) 0x31,
- ( byte ) 0xde,
- ( byte ) 0xc8,
- ( byte ) 0xce,
- ( byte ) 0x78,
- ( byte ) 0xd1,
- ( byte ) 0x7a,
- ( byte ) 0xdb,
- ( byte ) 0x0f,
- ( byte ) 0x7e,
- ( byte ) 0x45,
- ( byte ) 0x51,
- ( byte ) 0x30,
- ( byte ) 0x6f,
- ( byte ) 0x05,
- ( byte ) 0xc4,
- ( byte ) 0x64,
- ( byte ) 0x32,
- ( byte ) 0xcf,
- ( byte ) 0xd9,
- ( byte ) 0xf6,
- ( byte ) 0xc2,
- ( byte ) 0xe7,
- ( byte ) 0x40,
- ( byte ) 0x43,
- ( byte ) 0x05,
- ( byte ) 0xdf,
- ( byte ) 0x32,
- ( byte ) 0x0c,
- ( byte ) 0xef,
- ( byte ) 0xc8,
- ( byte ) 0xb0,
- ( byte ) 0xd5,
- ( byte ) 0x7c,
- ( byte ) 0xec,
- ( byte ) 0xe4,
- ( byte ) 0x9b,
- ( byte ) 0x38,
- ( byte ) 0x2e };
-
- private static byte[] kpasswdReplypkt13 =
- {
- // (byte)0x00, (byte)0x00, (byte)0x03, (byte)0x04, (byte)0x00, (byte)0x06, (byte)0x00, (byte)0x00,
- // (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x86, (byte)0xdd,
- // (byte)0x60, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x01, (byte)0x03, (byte)0x11, (byte)0x40,
- // (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00,
- // (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x01,
- // (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00,
- // (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x01,
- // (byte)0x01, (byte)0xd0, (byte)0x9c, (byte)0x20, (byte)0x01, (byte)0x03, (byte)0xdb, (byte)0x7e,
- ( byte ) 0x00,
- ( byte ) 0xfb,
- ( byte ) 0x00,
- ( byte ) 0x01,
- ( byte ) 0x00,
- ( byte ) 0x5d,
- ( byte ) 0x6f,
- ( byte ) 0x5b,
- ( byte ) 0x30,
- ( byte ) 0x59,
- ( byte ) 0xa0,
- ( byte ) 0x03,
- ( byte ) 0x02,
- ( byte ) 0x01,
- ( byte ) 0x05,
- ( byte ) 0xa1,
- ( byte ) 0x03,
- ( byte ) 0x02,
- ( byte ) 0x01,
- ( byte ) 0x0f,
- ( byte ) 0xa2,
- ( byte ) 0x4d,
- ( byte ) 0x30,
- ( byte ) 0x4b,
- ( byte ) 0xa0,
- ( byte ) 0x03,
- ( byte ) 0x02,
- ( byte ) 0x01,
- ( byte ) 0x12,
- ( byte ) 0xa2,
- ( byte ) 0x44,
- ( byte ) 0x04,
- ( byte ) 0x42,
- ( byte ) 0x99,
- ( byte ) 0xa8,
- ( byte ) 0x34,
- ( byte ) 0x6f,
- ( byte ) 0x64,
- ( byte ) 0x64,
- ( byte ) 0xb0,
- ( byte ) 0x8f,
- ( byte ) 0x5b,
- ( byte ) 0x90,
- ( byte ) 0x98,
- ( byte ) 0xb4,
- ( byte ) 0x0f,
- ( byte ) 0xfc,
- ( byte ) 0x01,
- ( byte ) 0x4a,
- ( byte ) 0x8c,
- ( byte ) 0x2c,
- ( byte ) 0x0d,
- ( byte ) 0x01,
- ( byte ) 0xf2,
- ( byte ) 0x99,
- ( byte ) 0x65,
- ( byte ) 0x15,
- ( byte ) 0xde,
- ( byte ) 0x74,
- ( byte ) 0x39,
- ( byte ) 0x97,
- ( byte ) 0x46,
- ( byte ) 0x7a,
- ( byte ) 0x27,
- ( byte ) 0x6a,
- ( byte ) 0xb2,
- ( byte ) 0x42,
- ( byte ) 0xae,
- ( byte ) 0x8a,
- ( byte ) 0x8f,
- ( byte ) 0xe8,
- ( byte ) 0xad,
- ( byte ) 0xc5,
- ( byte ) 0xd7,
- ( byte ) 0x82,
- ( byte ) 0x0a,
- ( byte ) 0x24,
- ( byte ) 0x2d,
- ( byte ) 0x86,
- ( byte ) 0xc7,
- ( byte ) 0x29,
- ( byte ) 0x45,
- ( byte ) 0x78,
- ( byte ) 0x0c,
- ( byte ) 0x4c,
- ( byte ) 0x48,
- ( byte ) 0xce,
- ( byte ) 0x1b,
- ( byte ) 0x9e,
- ( byte ) 0xd4,
- ( byte ) 0x94,
- ( byte ) 0xb9,
- ( byte ) 0x5b,
- ( byte ) 0xe9,
- ( byte ) 0xbb,
- ( byte ) 0x66,
- ( byte ) 0x0c,
- ( byte ) 0x56,
- ( byte ) 0x31,
- ( byte ) 0x75,
- ( byte ) 0x81,
- ( byte ) 0x95,
- ( byte ) 0x30,
- ( byte ) 0x81,
- ( byte ) 0x92,
- ( byte ) 0xa0,
- ( byte ) 0x03,
- ( byte ) 0x02,
- ( byte ) 0x01,
- ( byte ) 0x05,
- ( byte ) 0xa1,
- ( byte ) 0x03,
- ( byte ) 0x02,
- ( byte ) 0x01,
- ( byte ) 0x15,
- ( byte ) 0xa3,
- ( byte ) 0x81,
- ( byte ) 0x85,
- ( byte ) 0x30,
- ( byte ) 0x81,
- ( byte ) 0x82,
- ( byte ) 0xa0,
- ( byte ) 0x03,
- ( byte ) 0x02,
- ( byte ) 0x01,
- ( byte ) 0x12,
- ( byte ) 0xa2,
- ( byte ) 0x7b,
- ( byte ) 0x04,
- ( byte ) 0x79,
- ( byte ) 0xb1,
- ( byte ) 0x60,
- ( byte ) 0x9c,
- ( byte ) 0x45,
- ( byte ) 0x7e,
- ( byte ) 0xf3,
- ( byte ) 0xb4,
- ( byte ) 0xaa,
- ( byte ) 0xd0,
- ( byte ) 0xba,
- ( byte ) 0x04,
- ( byte ) 0x13,
- ( byte ) 0x06,
- ( byte ) 0x6d,
- ( byte ) 0x76,
- ( byte ) 0x6b,
- ( byte ) 0xcc,
- ( byte ) 0x7c,
- ( byte ) 0x37,
- ( byte ) 0x1d,
- ( byte ) 0x4c,
- ( byte ) 0x14,
- ( byte ) 0xea,
- ( byte ) 0x30,
- ( byte ) 0xde,
- ( byte ) 0xd5,
- ( byte ) 0x64,
- ( byte ) 0x34,
- ( byte ) 0xf8,
- ( byte ) 0x96,
- ( byte ) 0xe8,
- ( byte ) 0xce,
- ( byte ) 0x4c,
- ( byte ) 0xa7,
- ( byte ) 0xc5,
- ( byte ) 0xc3,
- ( byte ) 0x77,
- ( byte ) 0x08,
- ( byte ) 0xe6,
- ( byte ) 0x70,
- ( byte ) 0x39,
- ( byte ) 0x32,
- ( byte ) 0x23,
- ( byte ) 0x9c,
- ( byte ) 0x7a,
- ( byte ) 0xa6,
- ( byte ) 0x66,
- ( byte ) 0x83,
- ( byte ) 0xc6,
- ( byte ) 0x32,
- ( byte ) 0xf9,
- ( byte ) 0x05,
- ( byte ) 0x9c,
- ( byte ) 0xd3,
- ( byte ) 0x48,
- ( byte ) 0x11,
- ( byte ) 0x29,
- ( byte ) 0x88,
- ( byte ) 0x79,
- ( byte ) 0x34,
- ( byte ) 0x2b,
- ( byte ) 0x5d,
- ( byte ) 0xe4,
- ( byte ) 0x55,
- ( byte ) 0xaf,
- ( byte ) 0x7e,
- ( byte ) 0x34,
- ( byte ) 0x3f,
- ( byte ) 0x2b,
- ( byte ) 0x0c,
- ( byte ) 0x0b,
- ( byte ) 0x13,
- ( byte ) 0xa6,
- ( byte ) 0x40,
- ( byte ) 0x61,
- ( byte ) 0x52,
- ( byte ) 0x8c,
- ( byte ) 0xa8,
- ( byte ) 0x50,
- ( byte ) 0x67,
- ( byte ) 0xae,
- ( byte ) 0x49,
- ( byte ) 0xeb,
- ( byte ) 0x49,
- ( byte ) 0x82,
- ( byte ) 0x9f,
- ( byte ) 0x66,
- ( byte ) 0x28,
- ( byte ) 0x7c,
- ( byte ) 0x1b,
- ( byte ) 0x92,
- ( byte ) 0x25,
- ( byte ) 0xa3,
- ( byte ) 0x5e,
- ( byte ) 0xe3,
- ( byte ) 0xe3,
- ( byte ) 0x5c,
- ( byte ) 0x21,
- ( byte ) 0x83,
- ( byte ) 0x87,
- ( byte ) 0xd9,
- ( byte ) 0x84,
- ( byte ) 0xa9,
- ( byte ) 0xc8,
- ( byte ) 0x85,
- ( byte ) 0x7b,
- ( byte ) 0x5f,
- ( byte ) 0x77,
- ( byte ) 0x70,
- ( byte ) 0x8b,
- ( byte ) 0xd4,
- ( byte ) 0x77,
- ( byte ) 0x7d,
- ( byte ) 0x29,
- ( byte ) 0xc1,
- ( byte ) 0x54,
- ( byte ) 0x11,
- ( byte ) 0x07,
- ( byte ) 0xaf,
- ( byte ) 0xb0,
- ( byte ) 0x1f };
-}
diff --git a/kerberos-client/src/main/java/org/apache/directory/kerberos/client/KdcClientUtil.java b/kerberos-client/src/main/java/org/apache/directory/kerberos/client/KdcClientUtil.java
deleted file mode 100644
index c9ea7a7..0000000
--- a/kerberos-client/src/main/java/org/apache/directory/kerberos/client/KdcClientUtil.java
+++ /dev/null
@@ -1,152 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.directory.kerberos.client;
-
-
-import java.nio.ByteBuffer;
-import java.util.Collections;
-import java.util.LinkedHashSet;
-import java.util.Set;
-
-import org.apache.directory.api.asn1.DecoderException;
-import org.apache.directory.api.asn1.ber.Asn1Decoder;
-import org.apache.directory.shared.kerberos.codec.etypeInfo.ETypeInfoContainer;
-import org.apache.directory.shared.kerberos.codec.etypeInfo2.ETypeInfo2Container;
-import org.apache.directory.shared.kerberos.codec.methodData.MethodDataContainer;
-import org.apache.directory.shared.kerberos.codec.types.EncryptionType;
-import org.apache.directory.shared.kerberos.codec.types.PaDataType;
-import org.apache.directory.shared.kerberos.components.ETypeInfo;
-import org.apache.directory.shared.kerberos.components.ETypeInfo2;
-import org.apache.directory.shared.kerberos.components.ETypeInfo2Entry;
-import org.apache.directory.shared.kerberos.components.ETypeInfoEntry;
-import org.apache.directory.shared.kerberos.components.MethodData;
-import org.apache.directory.shared.kerberos.components.PaData;
-import org.apache.directory.shared.kerberos.messages.KrbError;
-
-
-/**
- * A class with utility methods.
- *
- * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
- */
-public class KdcClientUtil
-{
- public static String extractRealm( String principal )
- {
- int pos = principal.indexOf( '@' );
-
- if ( pos > 0 )
- {
- return principal.substring( pos + 1 );
- }
-
- throw new IllegalArgumentException( "Not a valid principal, missing realm name" );
- }
-
-
- public static String extractName( String principal )
- {
- int pos = principal.indexOf( '@' );
-
- if ( pos < 0 )
- {
- return principal;
- }
-
- return principal.substring( 0, pos );
- }
-
-
- public static Set<EncryptionType> getEtypesFromError( KrbError error )
- {
- try
- {
- ByteBuffer stream = ByteBuffer.wrap( error.getEData() );
-
- MethodDataContainer container = new MethodDataContainer();
- container.setStream( stream );
- Asn1Decoder.decode( stream, container );
-
- MethodData methodData = container.getMethodData();
-
- for ( PaData pd : methodData.getPaDatas() )
- {
- if ( pd.getPaDataType() == PaDataType.PA_ENCTYPE_INFO2 )
- {
- return parseEtpeInfo2( pd.getPaDataValue() );
- }
- else if ( pd.getPaDataType() == PaDataType.PA_ENCTYPE_INFO )
- {
- return parseEtpeInfo( pd.getPaDataValue() );
- }
- }
- }
- catch ( Exception e )
- {
- // shouldn't happen, but iff happens blast off
- throw new RuntimeException( e );
- }
-
- return Collections.emptySet();
- }
-
-
- private static Set<EncryptionType> parseEtpeInfo2( byte[] data ) throws DecoderException
- {
- ByteBuffer stream = ByteBuffer.wrap( data );
-
- ETypeInfo2Container container = new ETypeInfo2Container();
- container.setStream( stream );
- Asn1Decoder.decode( stream, container );
-
- ETypeInfo2 info2 = container.getETypeInfo2();
-
- Set<EncryptionType> lstEtypes = new LinkedHashSet<>();
-
- for ( ETypeInfo2Entry e2e : info2.getETypeInfo2Entries() )
- {
- lstEtypes.add( e2e.getEType() );
- }
-
- return lstEtypes;
- }
-
-
- private static Set<EncryptionType> parseEtpeInfo( byte[] data ) throws DecoderException
- {
- ByteBuffer stream = ByteBuffer.wrap( data );
-
- ETypeInfoContainer container = new ETypeInfoContainer();
- container.setStream( stream );
- Asn1Decoder.decode( stream, container );
-
- ETypeInfo einfo = container.getETypeInfo();
-
- Set<EncryptionType> lstEtypes = new LinkedHashSet<>();
-
- for ( ETypeInfoEntry eie : einfo.getETypeInfoEntries() )
- {
- lstEtypes.add( eie.getEType() );
- }
-
- return lstEtypes;
- }
-
-}
diff --git a/kerberos-client/src/main/java/org/apache/directory/kerberos/client/KdcConfig.java b/kerberos-client/src/main/java/org/apache/directory/kerberos/client/KdcConfig.java
deleted file mode 100644
index 0295255..0000000
--- a/kerberos-client/src/main/java/org/apache/directory/kerberos/client/KdcConfig.java
+++ /dev/null
@@ -1,178 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.directory.kerberos.client;
-
-
-import static org.apache.directory.shared.kerberos.codec.types.EncryptionType.AES128_CTS_HMAC_SHA1_96;
-import static org.apache.directory.shared.kerberos.codec.types.EncryptionType.AES256_CTS_HMAC_SHA1_96;
-import static org.apache.directory.shared.kerberos.codec.types.EncryptionType.DES3_CBC_SHA1_KD;
-import static org.apache.directory.shared.kerberos.codec.types.EncryptionType.DES_CBC_MD5;
-
-import java.util.HashSet;
-import java.util.Set;
-
-import org.apache.directory.api.util.Network;
-import org.apache.directory.shared.kerberos.KerberosUtils;
-import org.apache.directory.shared.kerberos.codec.types.EncryptionType;
-
-
-/**
- * Configuration class for KDC and changepassword servers.
- *
- * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
- */
-public class KdcConfig
-{
- /** host name of the Kerberos server */
- private String hostName;
-
- /** port on which the Kerberos server is listening */
- private int kdcPort = 88;
-
- /** port on which the change password server is listening */
- private int passwdPort = 464;
-
- /** flag to indicate if the client should use UDP while connecting to Kerberos server */
- private boolean useUdp = true;
-
- /** flag to indicate if legacy protocol version 1 should be used while sending the change password request. Default is false, we send version 0xFF80 of rfc3244 */
- private boolean useLegacyChngPwdProtocol = false;
-
- /** the timeout of the connection to the Kerberos server */
- private int timeout = 60000; // default 1 min
-
- /** the set of encryption types that the client can support, by default this includes all the encryption types supported by ApacheDS */
- private Set<EncryptionType> encryptionTypes;
-
-
- public KdcConfig()
- {
- encryptionTypes = new HashSet<>();
-
- encryptionTypes.add( AES128_CTS_HMAC_SHA1_96 );
- encryptionTypes.add( AES256_CTS_HMAC_SHA1_96 );
- encryptionTypes.add( DES_CBC_MD5 );
- encryptionTypes.add( DES3_CBC_SHA1_KD );
-
- encryptionTypes = KerberosUtils.orderEtypesByStrength( encryptionTypes );
-
- hostName = Network.LOOPBACK_HOSTNAME;
- }
-
-
- public static KdcConfig getDefaultConfig()
- {
- return new KdcConfig();
- }
-
-
- public String getHostName()
- {
- return hostName;
- }
-
-
- public void setHostName( String hostName )
- {
- this.hostName = hostName;
- }
-
-
- public int getKdcPort()
- {
- return kdcPort;
- }
-
-
- public void setKdcPort( int kdcPort )
- {
- this.kdcPort = kdcPort;
- }
-
-
- public int getPasswdPort()
- {
- return passwdPort;
- }
-
-
- public void setPasswdPort( int passwdPort )
- {
- this.passwdPort = passwdPort;
- }
-
-
- public boolean isUseUdp()
- {
- return useUdp;
- }
-
-
- public void setUseUdp( boolean useUdp )
- {
- this.useUdp = useUdp;
- }
-
-
- public boolean isUseLegacyChngPwdProtocol()
- {
- return useLegacyChngPwdProtocol;
- }
-
-
- public void setUseLegacyChngPwdProtocol( boolean useLegacyChngPwdProtocol )
- {
- this.useLegacyChngPwdProtocol = useLegacyChngPwdProtocol;
- }
-
-
- public int getTimeout()
- {
- return timeout;
- }
-
-
- public void setTimeout( int timeout )
- {
- this.timeout = timeout;
- }
-
-
- public Set<EncryptionType> getEncryptionTypes()
- {
- return encryptionTypes;
- }
-
-
- public void setEncryptionTypes( Set<EncryptionType> encryptionTypes )
- {
- this.encryptionTypes = encryptionTypes;
- }
-
-
- @Override
- public String toString()
- {
- return "KdcConfig [hostName=" + hostName + ", kdcPort=" + kdcPort + ", passwdPort=" + passwdPort + ", useUdp="
- + useUdp + ", useLegacyChngPwdProtocol=" + useLegacyChngPwdProtocol + ", timeout=" + timeout
- + ", encryptionTypes=" + encryptionTypes + "]";
- }
-
-}
diff --git a/kerberos-client/src/main/java/org/apache/directory/kerberos/client/KdcConnection.java b/kerberos-client/src/main/java/org/apache/directory/kerberos/client/KdcConnection.java
deleted file mode 100644
index d5febf6..0000000
--- a/kerberos-client/src/main/java/org/apache/directory/kerberos/client/KdcConnection.java
+++ /dev/null
@@ -1,691 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.directory.kerberos.client;
-
-
-import java.io.IOException;
-import java.nio.ByteBuffer;
-import java.security.SecureRandom;
-import java.text.ParseException;
-import java.util.List;
-
-import javax.security.auth.kerberos.KerberosPrincipal;
-
-import org.apache.directory.api.asn1.Asn1Object;
-import org.apache.directory.api.util.Network;
-import org.apache.directory.api.util.Strings;
-import org.apache.directory.server.kerberos.changepwd.exceptions.ChangePasswdErrorType;
-import org.apache.directory.server.kerberos.changepwd.exceptions.ChangePasswordException;
-import org.apache.directory.server.kerberos.changepwd.io.ChangePasswordDecoder;
-import org.apache.directory.server.kerberos.changepwd.io.ChangePasswordEncoder;
-import org.apache.directory.server.kerberos.changepwd.messages.AbstractPasswordMessage;
-import org.apache.directory.server.kerberos.changepwd.messages.ChangePasswordError;
-import org.apache.directory.server.kerberos.changepwd.messages.ChangePasswordReply;
-import org.apache.directory.server.kerberos.changepwd.messages.ChangePasswordRequest;
-import org.apache.directory.server.kerberos.shared.crypto.encryption.CipherTextHandler;
-import org.apache.directory.server.kerberos.shared.crypto.encryption.KerberosKeyFactory;
-import org.apache.directory.server.kerberos.shared.crypto.encryption.KeyUsage;
-import org.apache.directory.server.kerberos.shared.crypto.encryption.RandomKeyFactory;
-import org.apache.directory.shared.kerberos.KerberosTime;
-import org.apache.directory.shared.kerberos.codec.KerberosDecoder;
-import org.apache.directory.shared.kerberos.codec.KerberosEncoder;
-import org.apache.directory.shared.kerberos.codec.KerberosMessageContainer;
-import org.apache.directory.shared.kerberos.codec.options.ApOptions;
-import org.apache.directory.shared.kerberos.codec.types.EncryptionType;
-import org.apache.directory.shared.kerberos.codec.types.PaDataType;
-import org.apache.directory.shared.kerberos.codec.types.PrincipalNameType;
-import org.apache.directory.shared.kerberos.components.EncKdcRepPart;
-import org.apache.directory.shared.kerberos.components.EncKrbPrivPart;
-import org.apache.directory.shared.kerberos.components.EncryptedData;
-import org.apache.directory.shared.kerberos.components.EncryptionKey;
-import org.apache.directory.shared.kerberos.components.HostAddress;
-import org.apache.directory.shared.kerberos.components.HostAddresses;
-import org.apache.directory.shared.kerberos.components.KdcReqBody;
-import org.apache.directory.shared.kerberos.components.PaData;
-import org.apache.directory.shared.kerberos.components.PaEncTsEnc;
-import org.apache.directory.shared.kerberos.components.PrincipalName;
-import org.apache.directory.shared.kerberos.exceptions.ErrorType;
-import org.apache.directory.shared.kerberos.exceptions.KerberosException;
-import org.apache.directory.shared.kerberos.messages.ApReq;
-import org.apache.directory.shared.kerberos.messages.AsRep;
-import org.apache.directory.shared.kerberos.messages.AsReq;
-import org.apache.directory.shared.kerberos.messages.Authenticator;
-import org.apache.directory.shared.kerberos.messages.ChangePasswdData;
-import org.apache.directory.shared.kerberos.messages.EncAsRepPart;
-import org.apache.directory.shared.kerberos.messages.EncTgsRepPart;
-import org.apache.directory.shared.kerberos.messages.KerberosMessage;
-import org.apache.directory.shared.kerberos.messages.KrbError;
-import org.apache.directory.shared.kerberos.messages.KrbPriv;
-import org.apache.directory.shared.kerberos.messages.TgsRep;
-import org.apache.directory.shared.kerberos.messages.TgsReq;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-
-/**
- *
- * A client to connect to kerberos servers using TCP or UDP transports.
- *
- * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
- */
-public class KdcConnection
-{
-
- private static final Logger LOG = LoggerFactory.getLogger( KdcConnection.class );
-
- /** a secure random number generator used for creating nonces */
- private SecureRandom nonceGenerator;
-
- static final String TIME_OUT_ERROR = "TimeOut occured";
-
- /** the cipher text handler */
- private CipherTextHandler cipherTextHandler;
-
- /** underlying network channel handler */
- private KerberosChannel channel;
-
- private KdcConfig config;
-
-
- /**
- *
- * Creates a new instance of KdcConnection.
- *
- * @param config the configuration of KDC
- */
- public KdcConnection( KdcConfig config )
- {
- this.config = config;
-
- nonceGenerator = new SecureRandom(
- Strings.getBytesUtf8( String.valueOf( System.currentTimeMillis() ) ) );
- cipherTextHandler = new CipherTextHandler();
- channel = new KerberosChannel();
- }
-
-
- private void connect() throws IOException
- {
- channel.openConnection( config.getHostName(), config.getKdcPort(), config.getTimeout(), config.isUseUdp() );
- }
-
-
- /**
- * Authenticates to the Kerberos server and gets the initial Ticket Granting Ticket
- *
- * @param principal the client's principal
- * @param password password of the client
- * @return A Ticket Granting Ticket instance
- * @throws KerberosException If a Ticket Granting Ticket cannot be fetch
- */
- public TgTicket getTgt( String principal, String password ) throws KerberosException
- {
- TgtRequest clientTgtReq = new TgtRequest();
-
- clientTgtReq.setClientPrincipal( principal );
- clientTgtReq.setPassword( password );
-
- return getTgt( clientTgtReq );
- }
-
-
- /**
- * Authenticates to the Kerberos server and gets a service ticket for the given server principal
- *
- * @param clientPrincipal the client's principal
- * @param password password of the client
- * @param serverPrincipal the application server's principal
- * @return A ServiceTicket instance
- * @throws KerberosException If the ServiceTicket cannot be fetch
- */
- public ServiceTicket getServiceTicket( String clientPrincipal, String password, String serverPrincipal )
- throws KerberosException
- {
- TgtRequest clientTgtReq = new TgtRequest();
- clientTgtReq.setClientPrincipal( clientPrincipal );
- clientTgtReq.setPassword( password );
-
- TgTicket tgt = getTgt( clientTgtReq );
-
- return getServiceTicket( new ServiceTicketRequest( tgt, serverPrincipal ) );
- }
-
-
- public TgTicket getTgt( TgtRequest clientTgtReq ) throws KerberosException
- {
- TgTicket tgt = null;
-
- KerberosException ke = null;
-
- for ( int i = 0; i < 2; i++ )
- {
- ke = null;
-
- try
- {
- tgt = _getTgt( clientTgtReq );
- }
- catch ( KerberosException e )
- {
- // using exception for control flow, b.a.d, but here it is better than
- // defining a new Result class to hold ticket and exception and validating
- // the Result instance from _getTgt()
- ke = e;
- }
-
- if ( ( ke != null ) && ( ke.getErrorCode() == ErrorType.KDC_ERR_PREAUTH_REQUIRED.getValue() ) )
- {
- clientTgtReq.setETypes( KdcClientUtil.getEtypesFromError( ke.getError() ) );
- clientTgtReq.setPreAuthEnabled( true );
- }
- }
-
- if ( ke != null )
- {
- throw ke;
- }
-
- return tgt;
- }
-
-
- /* default protected */ TgTicket _getTgt( TgtRequest clientTgtReq ) throws KerberosException
- {
- String realm = clientTgtReq.getRealm();
-
- if ( clientTgtReq.getServerPrincipal() == null )
- {
- String serverPrincipal = "krbtgt/" + realm + "@" + realm;
- clientTgtReq.setServerPrincipal( serverPrincipal );
- }
-
- if ( clientTgtReq.getETypes() == null )
- {
- clientTgtReq.setETypes( config.getEncryptionTypes() );
- }
-
- KdcReqBody body = new KdcReqBody();
-
- body.setFrom( new KerberosTime( clientTgtReq.getStartTime() ) );
-
- PrincipalName cName = null;
- try
- {
- cName = new PrincipalName( clientTgtReq.getCName(), PrincipalNameType.KRB_NT_PRINCIPAL );
- body.setCName( cName );
- body.setRealm( realm );
- PrincipalName sName = new PrincipalName( clientTgtReq.getSName(), PrincipalNameType.KRB_NT_SRV_INST );
- body.setSName( sName );
- }
- catch ( ParseException e )
- {
- throw new IllegalArgumentException( "Couldn't parse the given principals", e );
- }
-
- body.setTill( new KerberosTime( clientTgtReq.getExpiryTime() ) );
- int currentNonce = nonceGenerator.nextInt();
- body.setNonce( currentNonce );
- body.setEType( clientTgtReq.getETypes() );
- body.setKdcOptions( clientTgtReq.getOptions() );
-
- List<HostAddress> lstAddresses = clientTgtReq.getHostAddresses();
- if ( !lstAddresses.isEmpty() )
- {
- HostAddresses addresses = new HostAddresses();
- for ( HostAddress h : lstAddresses )
- {
- addresses.addHostAddress( h );
- }
-
- body.setAddresses( addresses );
- }
-
- EncryptionType encryptionType = clientTgtReq.getETypes().iterator().next();
- EncryptionKey clientKey = KerberosKeyFactory.string2Key( clientTgtReq.getClientPrincipal(),
- clientTgtReq.getPassword(), encryptionType );
-
- AsReq req = new AsReq();
- req.setKdcReqBody( body );
-
- if ( clientTgtReq.isPreAuthEnabled() )
- {
- PaEncTsEnc tmstmp = new PaEncTsEnc();
- tmstmp.setPaTimestamp( new KerberosTime() );
-
- EncryptedData paDataValue = cipherTextHandler.encrypt( clientKey, getEncoded( tmstmp ),
- KeyUsage.AS_REQ_PA_ENC_TIMESTAMP_WITH_CKEY );
-
- PaData paEncTstmp = new PaData();
- paEncTstmp.setPaDataType( PaDataType.PA_ENC_TIMESTAMP );
- paEncTstmp.setPaDataValue( getEncoded( paDataValue ) );
-
- req.addPaData( paEncTstmp );
- }
-
- // Get the result from the future
- try
- {
- connect();
-
- // Read the response, waiting for it if not available immediately
- // Get the response, blocking
- KerberosMessage kdcRep = sendAndReceiveKrbMsg( req );
-
- if ( kdcRep == null )
- {
- // We didn't received anything : this is an error
- LOG.error( "Authentication failed : timeout occured" );
- throw new KerberosException( ErrorType.KRB_ERR_GENERIC, TIME_OUT_ERROR );
- }
-
- if ( kdcRep instanceof KrbError )
- {
- // We have an error
- LOG.debug( "Authentication failed : {}", kdcRep );
- throw new KerberosException( ( KrbError ) kdcRep );
- }
-
- AsRep rep = ( AsRep ) kdcRep;
-
- if ( !cName.getNameString().equals( rep.getCName().getNameString() ) )
- {
- throw new KerberosException( ErrorType.KDC_ERR_CLIENT_NAME_MISMATCH );
- }
-
- if ( !realm.equals( rep.getCRealm() ) )
- {
- throw new KerberosException( ErrorType.KRB_ERR_WRONG_REALM );
- }
-
- if ( encryptionType != rep.getEncPart().getEType() )
- {
- encryptionType = rep.getEncPart().getEType();
- clientKey = KerberosKeyFactory.string2Key( clientTgtReq.getClientPrincipal(),
- clientTgtReq.getPassword(), encryptionType );
- }
-
- byte[] decryptedEncAsRepPart = cipherTextHandler.decrypt( clientKey, rep.getEncPart(),
- KeyUsage.AS_REP_ENC_PART_WITH_CKEY );
-
- EncKdcRepPart encKdcRepPart = null;
- try
- {
- EncAsRepPart encAsRepPart = KerberosDecoder.decodeEncAsRepPart( decryptedEncAsRepPart );
- encKdcRepPart = encAsRepPart.getEncKdcRepPart();
- }
- catch ( KerberosException e )
- {
- LOG.info( "Trying an encTgsRepPart instead" );
- EncTgsRepPart encTgsRepPart = KerberosDecoder.decodeEncTgsRepPart( decryptedEncAsRepPart );
- encKdcRepPart = encTgsRepPart.getEncKdcRepPart();
- }
-
- if ( currentNonce != encKdcRepPart.getNonce() )
- {
- throw new KerberosException( ErrorType.KRB_ERR_GENERIC,
- "received nonce didn't match with the nonce sent in the request" );
- }
-
- if ( !encKdcRepPart.getSName().getNameString().equals( clientTgtReq.getSName() ) )
- {
- throw new KerberosException( ErrorType.KDC_ERR_SERVER_NOMATCH );
- }
-
- if ( !encKdcRepPart.getSRealm().equals( clientTgtReq.getRealm() ) )
- {
- throw new KerberosException( ErrorType.KRB_ERR_GENERIC,
- "received server realm does not match with requested server realm" );
- }
-
- List<HostAddress> hosts = clientTgtReq.getHostAddresses();
-
- if ( !hosts.isEmpty() )
- {
- HostAddresses addresses = encKdcRepPart.getClientAddresses();
- for ( HostAddress h : hosts )
- {
- if ( !addresses.contains( h ) )
- {
- throw new KerberosException( ErrorType.KRB_ERR_GENERIC,
- "requested client address" + h + " is not found in the ticket" );
- }
- }
- }
-
- // Everything is fine, return the response
- LOG.debug( "Authentication successful : {}", kdcRep );
-
- return new TgTicket( rep.getTicket(), encKdcRepPart, rep.getCName().getNameString() );
- }
- catch ( KerberosException ke )
- {
- throw ke;
- }
- catch ( Exception e )
- {
- // We didn't received anything : this is an error
- LOG.error( "Authentication failed" );
- throw new KerberosException( ErrorType.KRB_ERR_GENERIC, TIME_OUT_ERROR );
- }
- finally
- {
- if ( channel != null )
- {
- try
- {
- channel.close();
- }
- catch ( IOException e )
- {
- LOG.warn( "Failed to close the channel", e );
- }
- }
- }
- }
-
-
- private ServiceTicket getServiceTicket( ServiceTicketRequest srvTktReq ) throws KerberosException
- {
- String serverPrincipal = srvTktReq.getServerPrincipal();
-
- // session key
- EncryptionKey sessionKey = srvTktReq.getTgt().getSessionKey();
-
- Authenticator authenticator = new Authenticator();
-
- try
- {
- authenticator.setCName(
- new PrincipalName( srvTktReq.getTgt().getClientName(), PrincipalNameType.KRB_NT_PRINCIPAL ) );
- }
- catch ( ParseException e )
- {
- throw new IllegalArgumentException( "Couldn't parse the given principal", e );
- }
-
- authenticator.setCRealm( srvTktReq.getTgt().getRealm() );
- authenticator.setCTime( new KerberosTime() );
- authenticator.setCusec( 0 );
-
- if ( srvTktReq.getSubSessionKey() != null )
- {
- sessionKey = srvTktReq.getSubSessionKey();
- authenticator.setSubKey( sessionKey );
- }
-
- EncryptedData authnData = cipherTextHandler.encrypt( sessionKey, getEncoded( authenticator ),
- KeyUsage.TGS_REQ_PA_TGS_REQ_PADATA_AP_REQ_TGS_SESS_KEY );
-
- ApReq apReq = new ApReq();
-
- apReq.setAuthenticator( authnData );
- apReq.setTicket( srvTktReq.getTgt().getTicket() );
-
- apReq.setApOptions( srvTktReq.getApOptions() );
-
- KdcReqBody tgsReqBody = new KdcReqBody();
- tgsReqBody.setKdcOptions( srvTktReq.getKdcOptions() );
- tgsReqBody.setRealm( KdcClientUtil.extractRealm( serverPrincipal ) );
- tgsReqBody.setTill( getDefaultTill() );
- int currentNonce = nonceGenerator.nextInt();
- tgsReqBody.setNonce( currentNonce );
- tgsReqBody.setEType( config.getEncryptionTypes() );
-
- PrincipalName principalName = new PrincipalName( KdcClientUtil.extractName( serverPrincipal ),
- KerberosPrincipal.KRB_NT_SRV_HST );
- tgsReqBody.setSName( principalName );
-
- TgsReq tgsReq = new TgsReq();
- tgsReq.setKdcReqBody( tgsReqBody );
-
- PaData authnHeader = new PaData();
- authnHeader.setPaDataType( PaDataType.PA_TGS_REQ );
- authnHeader.setPaDataValue( getEncoded( apReq ) );
-
- tgsReq.addPaData( authnHeader );
-
- // Get the result from the future
- try
- {
- connect();
-
- // Read the response, waiting for it if not available immediately
- // Get the response, blocking
- KerberosMessage kdcRep = sendAndReceiveKrbMsg( tgsReq );
-
- if ( kdcRep == null )
- {
- // We didn't received anything : this is an error
- LOG.error( "TGT request failed : timeout occured" );
- throw new KerberosException( ErrorType.KRB_ERR_GENERIC, TIME_OUT_ERROR );
- }
-
- if ( kdcRep instanceof KrbError )
- {
- // We have an error
- LOG.debug( "TGT request failed : {}", kdcRep );
- throw new KerberosException( ( KrbError ) kdcRep );
- }
-
- TgsRep rep = ( TgsRep ) kdcRep;
- byte[] decryptedData = cipherTextHandler.decrypt( sessionKey, rep.getEncPart(),
- KeyUsage.TGS_REP_ENC_PART_TGS_SESS_KEY );
- EncTgsRepPart encTgsRepPart = KerberosDecoder.decodeEncTgsRepPart( decryptedData );
-
- if ( currentNonce != encTgsRepPart.getEncKdcRepPart().getNonce() )
- {
- throw new KerberosException( ErrorType.KRB_ERR_GENERIC,
- "received nonce didn't match with the nonce sent in the request" );
- }
-
- // Everything is fine, return the response
- LOG.debug( "TGT request successful : {}", rep );
-
- return new ServiceTicket( rep.getTicket(), encTgsRepPart.getEncKdcRepPart() );
- }
- catch ( KerberosException e )
- {
- throw e;
- }
- catch ( Exception te )
- {
- // We didn't receive anything : this is an error
- LOG.error( "TGT request failed : timeout occured" );
- throw new KerberosException( ErrorType.KRB_ERR_GENERIC, TIME_OUT_ERROR );
- }
- finally
- {
- if ( channel != null )
- {
- try
- {
- channel.close();
- }
- catch ( IOException e )
- {
- LOG.warn( "Failed to close the channel", e );
- }
- }
- }
- }
-
-
- public ChangePasswordResult changePassword( String clientPrincipal, String oldPassword, String newPassword )
- throws ChangePasswordException
- {
- KerberosChannel channel = null;
-
- try
- {
- TgtRequest clientTgtReq = new TgtRequest();
- clientTgtReq.setClientPrincipal( clientPrincipal );
- clientTgtReq.setPassword( oldPassword );
- clientTgtReq.setServerPrincipal( "kadmin/changepw@" + KdcClientUtil.extractRealm( clientPrincipal ) );
-
- TgTicket tgt = getTgt( clientTgtReq );
-
- ApReq apReq = new ApReq();
- ApOptions options = new ApOptions();
- apReq.setApOptions( options );
- apReq.setTicket( tgt.getTicket() );
-
- Authenticator authenticator = new Authenticator();
- authenticator.setCName( new PrincipalName( tgt.getClientName(), PrincipalNameType.KRB_NT_PRINCIPAL ) );
- authenticator.setCRealm( tgt.getRealm() );
- KerberosTime ctime = new KerberosTime();
- authenticator.setCTime( ctime );
- authenticator.setCusec( 0 );
- authenticator.setSeqNumber( nonceGenerator.nextInt() );
-
- EncryptionKey subKey = RandomKeyFactory.getRandomKey( tgt.getEncKdcRepPart().getKey().getKeyType() );
-
- authenticator.setSubKey( subKey );
-
- EncryptedData authData = cipherTextHandler.encrypt( tgt.getSessionKey(), getEncoded( authenticator ),
- KeyUsage.AP_REQ_AUTHNT_SESS_KEY );
- apReq.setAuthenticator( authData );
-
- KrbPriv privateMessage = new KrbPriv();
-
- EncKrbPrivPart part = new EncKrbPrivPart();
- part.setSenderAddress( new HostAddress( Network.LOOPBACK ) );
- part.setSeqNumber( authenticator.getSeqNumber() );
- part.setTimestamp( authenticator.getCtime() );
-
- short changePwdPVNO = ChangePasswordRequest.PVNO;
-
- if ( config.isUseLegacyChngPwdProtocol() )
- {
- part.setUserData( Strings.getBytesUtf8( newPassword ) );
- changePwdPVNO = ChangePasswordRequest.OLD_PVNO;
- }
- else
- {
- ChangePasswdData chngPwdData = new ChangePasswdData();
- chngPwdData.setNewPasswd( Strings.getBytesUtf8( newPassword ) );
- byte[] data = getEncoded( chngPwdData );
- part.setUserData( data );
- }
-
- EncryptedData encKrbPrivPartData = cipherTextHandler.encrypt( subKey, getEncoded( part ),
- KeyUsage.KRB_PRIV_ENC_PART_CHOSEN_KEY );
- privateMessage.setEncPart( encKrbPrivPartData );
-
- ChangePasswordRequest req = new ChangePasswordRequest( changePwdPVNO, apReq, privateMessage );
-
- channel = new KerberosChannel();
- channel.openConnection( config.getHostName(), config.getPasswdPort(), config.getTimeout(),
- config.isUseUdp() );
-
- AbstractPasswordMessage reply = sendAndReceiveChngPwdMsg( req, channel );
-
- if ( reply instanceof ChangePasswordError )
- {
- ChangePasswordError err = ( ChangePasswordError ) reply;
-
- return new ChangePasswordResult( err.getKrbError().getEData() );
- }
-
- ChangePasswordReply chngPwdReply = ( ChangePasswordReply ) reply;
-
- KrbPriv replyPriv = chngPwdReply.getPrivateMessage();
- // the same subKey present in ApReq is used for encrypting the KrbPriv present in reply
- byte[] data = cipherTextHandler.decrypt( subKey, replyPriv.getEncPart(),
- KeyUsage.KRB_PRIV_ENC_PART_CHOSEN_KEY );
- part = KerberosDecoder.decodeEncKrbPrivPart( data );
-
- return new ChangePasswordResult( part.getUserData() );
- }
- catch ( ChangePasswordException e )
- {
- throw e;
- }
- catch ( Exception e )
- {
- LOG.warn( "failed to change the password", e );
- throw new ChangePasswordException( ChangePasswdErrorType.KRB5_KPASSWD_HARDERROR, e );
- }
- finally
- {
- if ( channel != null )
- {
- try
- {
- channel.close();
- }
- catch ( IOException e )
- {
- LOG.warn( "Failed to close the channel", e );
- }
- }
- }
- }
-
-
- private byte[] getEncoded( Asn1Object obj )
- {
- try
- {
- ByteBuffer buf = ByteBuffer.allocate( obj.computeLength() );
- obj.encode( buf );
-
- return buf.array();
- }
- catch ( Exception e )
- {
- // shouldn't happen, but if it does then log it and give up
- LOG.error( "Failed to encode the ASN.1 object {}", obj );
- throw new RuntimeException( e );
- }
- }
-
-
- private KerberosTime getDefaultTill()
- {
- return new KerberosTime( System.currentTimeMillis() + ( KerberosTime.MINUTE * 60 ) );
- }
-
-
- private KerberosMessage sendAndReceiveKrbMsg( KerberosMessage req ) throws Exception
- {
- ByteBuffer encodedBuf = KerberosEncoder.encode( req, channel.isUseTcp() );
- encodedBuf.flip();
-
- ByteBuffer repData = channel.sendAndReceive( encodedBuf );
-
- KerberosMessageContainer kerberosMessageContainer = new KerberosMessageContainer();
- kerberosMessageContainer.setStream( repData );
- kerberosMessageContainer.setGathering( true );
- kerberosMessageContainer.setTCP( channel.isUseTcp() );
-
- return ( KerberosMessage ) KerberosDecoder.decode( kerberosMessageContainer );
- }
-
-
- private AbstractPasswordMessage sendAndReceiveChngPwdMsg( AbstractPasswordMessage req,
- KerberosChannel chngPwdChannel ) throws Exception
- {
- ByteBuffer encodedBuf = ChangePasswordEncoder.encode( req, chngPwdChannel.isUseTcp() );
- encodedBuf.flip();
- ByteBuffer repData = chngPwdChannel.sendAndReceive( encodedBuf );
-
- return ChangePasswordDecoder.decode( repData, chngPwdChannel.isUseTcp() );
- }
-}
diff --git a/kerberos-client/src/main/java/org/apache/directory/kerberos/client/KerberosChannel.java b/kerberos-client/src/main/java/org/apache/directory/kerberos/client/KerberosChannel.java
deleted file mode 100644
index d9b8a4b..0000000
--- a/kerberos-client/src/main/java/org/apache/directory/kerberos/client/KerberosChannel.java
+++ /dev/null
@@ -1,148 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.directory.kerberos.client;
-
-
-import java.io.DataInputStream;
-import java.io.IOException;
-import java.io.OutputStream;
-import java.net.DatagramPacket;
-import java.net.DatagramSocket;
-import java.net.InetSocketAddress;
-import java.net.Socket;
-import java.net.SocketAddress;
-import java.nio.ByteBuffer;
-
-
-/**
- * A class for sending and receiving kerberos request and response data
- *
- * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
- */
-public class KerberosChannel
-{
- /** the TCP socket */
- private Socket tcpSocket;
-
- /** the UDP socket */
- private DatagramSocket udpSocket;
-
- /** data input stream to read from */
- private DataInputStream in;
-
- /** data output stream to write to */
- private OutputStream out;
-
- /** flag to detect if this is a UDP channel */
- private boolean useUdp;
-
- private int timeOut = 60000;
-
- /** the UDP socket address of the server */
- private SocketAddress udpServerAddr = null;
-
-
- protected void openConnection( String hostName, int portNo, int timeOut, boolean isUdp ) throws IOException
- {
- this.useUdp = isUdp;
- this.timeOut = timeOut;
-
- if ( isUdp )
- {
- udpServerAddr = new InetSocketAddress( hostName, portNo );
- udpSocket = new DatagramSocket();
- }
- else
- {
- tcpSocket = new Socket( hostName, portNo );
- tcpSocket.setSoTimeout( ( int ) timeOut );
- in = new DataInputStream( tcpSocket.getInputStream() );
- out = tcpSocket.getOutputStream();
- }
- }
-
-
- protected ByteBuffer sendAndReceive( ByteBuffer encodedBuf ) throws IOException
- {
- byte[] reqData = encodedBuf.array();
-
- ByteBuffer repData;
-
- if ( useUdp )
- {
- DatagramPacket reqPacket = new DatagramPacket( reqData, reqData.length, udpServerAddr );
- udpSocket.send( reqPacket );
-
- byte[] buffer = new byte[2048];
- DatagramPacket repPacket = new DatagramPacket( buffer, buffer.length );
- udpSocket.receive( repPacket );
-
- byte[] receivedData = repPacket.getData();
- repData = ByteBuffer.allocate( receivedData.length );
- repData.put( receivedData );
- }
- else
- {
- out.write( reqData );
- out.flush();
-
- int len = in.readInt();
-
- repData = ByteBuffer.allocate( len + 4 );
- repData.putInt( len );
-
- byte[] tmp = new byte[1024 * 8];
- while ( in.available() > 0 )
- {
- int read = in.read( tmp );
- repData.put( tmp, 0, read );
- }
- }
-
- repData.flip();
-
- return repData;
- }
-
-
- protected boolean isUseTcp()
- {
- return !useUdp;
- }
-
-
- protected void close() throws IOException
- {
- if ( useUdp )
- {
- if ( udpSocket != null )
- {
- udpSocket.close();
- }
- }
- else
- {
- if ( tcpSocket != null )
- {
- tcpSocket.close();
- }
- }
- }
-}
diff --git a/kerberos-client/src/main/java/org/apache/directory/kerberos/client/Kinit.java b/kerberos-client/src/main/java/org/apache/directory/kerberos/client/Kinit.java
deleted file mode 100644
index 98915f8..0000000
--- a/kerberos-client/src/main/java/org/apache/directory/kerberos/client/Kinit.java
+++ /dev/null
@@ -1,90 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.directory.kerberos.client;
-
-
-import java.io.File;
-
-import org.apache.directory.kerberos.credentials.cache.Credentials;
-import org.apache.directory.kerberos.credentials.cache.CredentialsCache;
-import org.apache.directory.shared.kerberos.codec.types.PrincipalNameType;
-import org.apache.directory.shared.kerberos.components.PrincipalName;
-
-
-/**
- * Authenticates to the Kerberos server and gets the initial Ticket Granting Ticket,
- * then cache the tgt in credentials cache, as MIT kinit does.
- *
- * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
- */
-public class Kinit
-{
- private KdcConnection kdc;
- private File credCacheFile;
-
-
- public Kinit( KdcConnection kdc )
- {
- this.kdc = kdc;
- }
-
-
- public void setCredCacheFile( File credCacheFile )
- {
- this.credCacheFile = credCacheFile;
- }
-
-
- public File getCredCacheFile()
- {
- return this.credCacheFile;
- }
-
-
- /**
- * Authenticates to the Kerberos server and gets the initial Ticket Granting Ticket,
- * then cache the tgt in credentials cache, as MIT kinit does.
- *
- * @param principal the client's principal
- * @param password password of the client
- * @throws Exception If we had an issue while getting the TGT, or creating the PrincipalName, or
- * storing the credentials
- */
- public void kinit( String principal, String password ) throws Exception
- {
- if ( principal == null || password == null || credCacheFile == null )
- {
- throw new IllegalArgumentException( "Invalid principal, password, or credentials cache file" );
- }
-
- TgTicket tgt = kdc.getTgt( principal, password );
-
- CredentialsCache credCache = new CredentialsCache();
-
- PrincipalName princ = new PrincipalName( principal, PrincipalNameType.KRB_NT_PRINCIPAL );
- princ.setRealm( tgt.getRealm() );
- credCache.setPrimaryPrincipalName( princ );
-
- Credentials cred = new Credentials( tgt );
- credCache.addCredentials( cred );
-
- CredentialsCache.store( credCacheFile, credCache );
- }
-}
diff --git a/kerberos-client/src/main/java/org/apache/directory/kerberos/client/KpasswdDecode.java b/kerberos-client/src/main/java/org/apache/directory/kerberos/client/KpasswdDecode.java
deleted file mode 100644
index b7dd117..0000000
--- a/kerberos-client/src/main/java/org/apache/directory/kerberos/client/KpasswdDecode.java
+++ /dev/null
@@ -1,113 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.directory.kerberos.client;
-
-
-import java.nio.ByteBuffer;
-
-import org.apache.directory.server.kerberos.changepwd.io.ChangePasswordDecoder;
-import org.apache.directory.server.kerberos.changepwd.messages.ChangePasswordReply;
-import org.apache.directory.server.kerberos.changepwd.messages.ChangePasswordRequest;
-import org.apache.directory.server.kerberos.shared.crypto.encryption.CipherTextHandler;
-import org.apache.directory.server.kerberos.shared.crypto.encryption.KerberosKeyFactory;
-import org.apache.directory.server.kerberos.shared.crypto.encryption.KeyUsage;
-import org.apache.directory.shared.kerberos.codec.KerberosDecoder;
-import org.apache.directory.shared.kerberos.codec.KerberosMessageContainer;
-import org.apache.directory.shared.kerberos.codec.types.EncryptionType;
-import org.apache.directory.shared.kerberos.components.EncKrbPrivPart;
-import org.apache.directory.shared.kerberos.components.EncryptionKey;
-import org.apache.directory.shared.kerberos.messages.ApRep;
-import org.apache.directory.shared.kerberos.messages.ApReq;
-import org.apache.directory.shared.kerberos.messages.AsRep;
-import org.apache.directory.shared.kerberos.messages.Authenticator;
-import org.apache.directory.shared.kerberos.messages.EncAsRepPart;
-import org.apache.directory.shared.kerberos.messages.KrbPriv;
-
-
-public abstract class KpasswdDecode
-{
- private CipherTextHandler cipherTextHandler = new CipherTextHandler();
-
- private EncryptionKey clientKey;
-
- private EncryptionKey sessionKey;
-
- private EncryptionKey subSessionKey;
-
-
- public KpasswdDecode( String principal, String password, EncryptionType eType )
- {
- clientKey = KerberosKeyFactory.string2Key( principal, password, eType );
- }
-
-
- public void decodeAsRep( byte[] asReppkt ) throws Exception
- {
- ByteBuffer repData = ByteBuffer.wrap( asReppkt );
-
- KerberosMessageContainer kerberosMessageContainer = new KerberosMessageContainer();
- kerberosMessageContainer.setStream( repData );
- kerberosMessageContainer.setGathering( true );
- kerberosMessageContainer.setTCP( false );
-
- AsRep asReply = ( AsRep ) KerberosDecoder.decode( kerberosMessageContainer );
-
- System.out.println( asReply );
- byte[] decryptedEncAsRepPart = cipherTextHandler.decrypt( clientKey, asReply.getEncPart(),
- KeyUsage.AS_REP_ENC_PART_WITH_CKEY );
- byte[] tmp = new byte[182];
- System.arraycopy( decryptedEncAsRepPart, 0, tmp, 0, 182 );
- EncAsRepPart encAsRepPart = KerberosDecoder.decodeEncAsRepPart( tmp );
- sessionKey = encAsRepPart.getEncKdcRepPart().getKey();
- }
-
-
- public void decodeApReq( byte[] kpasswdApReqpkt ) throws Exception
- {
- ByteBuffer chngpwdReqData = ByteBuffer.wrap( kpasswdApReqpkt );
-
- ChangePasswordRequest chngPwdReq = ( ChangePasswordRequest ) ChangePasswordDecoder.decode( chngpwdReqData,
- false );
-
- ApReq apReq = chngPwdReq.getAuthHeader();
- byte[] decryptedAuthenticator = cipherTextHandler.decrypt( sessionKey, apReq.getAuthenticator(),
- KeyUsage.AP_REQ_AUTHNT_SESS_KEY );
- Authenticator authenticator = KerberosDecoder.decodeAuthenticator( decryptedAuthenticator );
- subSessionKey = authenticator.getSubKey();
- }
-
-
- public void decodeApRep( byte[] kpasswdReplypkt ) throws Exception
- {
- ByteBuffer chngpwdReplyData = ByteBuffer.wrap( kpasswdReplypkt );
-
- ChangePasswordReply chngPwdReply = ( ChangePasswordReply ) ChangePasswordDecoder.decode( chngpwdReplyData,
- false );
-
- ApRep apRep = chngPwdReply.getApplicationReply();
-
- KrbPriv krbPriv = chngPwdReply.getPrivateMessage();
- byte[] decryptedKrbPrivPart = cipherTextHandler.decrypt( subSessionKey, krbPriv.getEncPart(),
- KeyUsage.KRB_PRIV_ENC_PART_CHOSEN_KEY );
- EncKrbPrivPart krbPrivPart = KerberosDecoder.decodeEncKrbPrivPart( decryptedKrbPrivPart );
- System.out.println( krbPrivPart );
- }
-
-}
diff --git a/kerberos-client/src/main/java/org/apache/directory/kerberos/client/ServiceTicket.java b/kerberos-client/src/main/java/org/apache/directory/kerberos/client/ServiceTicket.java
deleted file mode 100644
index 0842b1b..0000000
--- a/kerberos-client/src/main/java/org/apache/directory/kerberos/client/ServiceTicket.java
+++ /dev/null
@@ -1,34 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.directory.kerberos.client;
-
-
-import org.apache.directory.shared.kerberos.components.EncKdcRepPart;
-import org.apache.directory.shared.kerberos.messages.Ticket;
-
-
-public class ServiceTicket extends AbstractTicket
-{
- public ServiceTicket( Ticket ticket, EncKdcRepPart encKdcRepPart )
- {
- super( ticket, encKdcRepPart );
- }
-
-}
diff --git a/kerberos-client/src/main/java/org/apache/directory/kerberos/client/ServiceTicketRequest.java b/kerberos-client/src/main/java/org/apache/directory/kerberos/client/ServiceTicketRequest.java
deleted file mode 100644
index ea04182..0000000
--- a/kerberos-client/src/main/java/org/apache/directory/kerberos/client/ServiceTicketRequest.java
+++ /dev/null
@@ -1,88 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.directory.kerberos.client;
-
-
-import org.apache.directory.shared.kerberos.codec.options.ApOptions;
-import org.apache.directory.shared.kerberos.codec.options.KdcOptions;
-import org.apache.directory.shared.kerberos.components.EncryptionKey;
-
-
-public class ServiceTicketRequest
-{
- private TgTicket tgt;
-
- private String serverPrincipal;
-
- private ApOptions apOptions = new ApOptions();
-
- private EncryptionKey subSessionKey;
-
- private KdcOptions kdcOptions = new KdcOptions();
-
-
- public ServiceTicketRequest( TgTicket tgt, String serverPrincipal )
- {
- this.tgt = tgt;
- this.serverPrincipal = serverPrincipal;
- }
-
-
- public TgTicket getTgt()
- {
- return tgt;
- }
-
-
- public String getServerPrincipal()
- {
- return serverPrincipal;
- }
-
-
- public ApOptions getApOptions()
- {
- return apOptions;
- }
-
-
- public EncryptionKey getSubSessionKey()
- {
- return subSessionKey;
- }
-
-
- public void setSubSessionKey( EncryptionKey subSessionKey )
- {
- this.subSessionKey = subSessionKey;
- }
-
-
- public KdcOptions getKdcOptions()
- {
- return kdcOptions;
- }
-
-
- public void setKdcOptions( KdcOptions kdcOptions )
- {
- this.kdcOptions = kdcOptions;
- }
-}
diff --git a/kerberos-client/src/main/java/org/apache/directory/kerberos/client/TgTicket.java b/kerberos-client/src/main/java/org/apache/directory/kerberos/client/TgTicket.java
deleted file mode 100644
index ee146ae..0000000
--- a/kerberos-client/src/main/java/org/apache/directory/kerberos/client/TgTicket.java
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.directory.kerberos.client;
-
-
-import org.apache.directory.shared.kerberos.components.EncKdcRepPart;
-import org.apache.directory.shared.kerberos.messages.Ticket;
-
-
-public class TgTicket extends AbstractTicket
-{
- private String clientPrincipal;
-
-
- public TgTicket( Ticket ticket, EncKdcRepPart kdcRep, String clientPrincipal )
- {
- super( ticket, kdcRep );
- this.clientPrincipal = clientPrincipal;
- }
-
-
- public String getRealm()
- {
- return ticket.getRealm();
- }
-
-
- public String getServerName()
- {
- return ticket.getSName().getNameString();
- }
-
-
- public String getClientName()
- {
- return clientPrincipal;
- }
-}
diff --git a/kerberos-client/src/main/java/org/apache/directory/kerberos/client/TgtRequest.java b/kerberos-client/src/main/java/org/apache/directory/kerberos/client/TgtRequest.java
deleted file mode 100644
index 84b94a3..0000000
--- a/kerberos-client/src/main/java/org/apache/directory/kerberos/client/TgtRequest.java
+++ /dev/null
@@ -1,245 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.directory.kerberos.client;
-
-
-import java.net.InetAddress;
-import java.net.UnknownHostException;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Set;
-
-import org.apache.directory.shared.kerberos.codec.options.KdcOptions;
-import org.apache.directory.shared.kerberos.codec.types.EncryptionType;
-import org.apache.directory.shared.kerberos.components.HostAddress;
-
-
-public class TgtRequest
-{
- private String clientPrincipal;// cname
- private String password;
- private String realm; // realm
- private String serverPrincipal;// sname, optional
-
- private long startTime;// from
-
- private long expiryTime;// till
-
- private long renewTill;// rtime
-
- private List<HostAddress> hostAddresses = new ArrayList<>();
-
- private KdcOptions options = new KdcOptions();
-
- private boolean preAuthEnabled = false;
-
- /** the set of encryption types that the server replied */
- private Set<EncryptionType> eTypes;
-
-
- public TgtRequest()
- {
- startTime = System.currentTimeMillis();
- expiryTime = startTime + ( 8 * 60 * 60 * 1000 );
- }
-
-
- public void addHost( String hostNameOrIpAddress ) throws UnknownHostException
- {
- InetAddress address = InetAddress.getByName( hostNameOrIpAddress );
- hostAddresses.add( new HostAddress( address ) );
- }
-
-
- public String getPassword()
- {
- return password;
- }
-
-
- public void setPassword( String password )
- {
- this.password = password;
- }
-
-
- public String getClientPrincipal()
- {
- return clientPrincipal;
- }
-
-
- public void setClientPrincipal( String clientPrincipal )
- {
- this.clientPrincipal = clientPrincipal;
- realm = KdcClientUtil.extractRealm( clientPrincipal );
- }
-
-
- public String getRealm()
- {
- return realm;
- }
-
-
- public String getServerPrincipal()
- {
- return serverPrincipal;
- }
-
-
- public void setServerPrincipal( String serverPrincipal )
- {
- this.serverPrincipal = serverPrincipal;
- }
-
-
- public long getStartTime()
- {
- return startTime;
- }
-
-
- public void setStartTime( long startTime )
- {
- this.startTime = startTime;
- }
-
-
- public long getExpiryTime()
- {
- return expiryTime;
- }
-
-
- public void setExpiryTime( long expiryTime )
- {
- this.expiryTime = expiryTime;
- }
-
-
- public long getRenewTill()
- {
- return renewTill;
- }
-
-
- public void setRenewTill( long renewTill )
- {
- this.renewTill = renewTill;
- }
-
-
- public List<HostAddress> getHostAddresses()
- {
- return hostAddresses;
- }
-
-
- public void setForwardable( boolean forwardable )
- {
- setOrClear( KdcOptions.FORWARDABLE, forwardable );
- }
-
-
- public void setProxiable( boolean proxiable )
- {
- setOrClear( KdcOptions.PROXIABLE, proxiable );
- }
-
-
- public void setAllowPostdate( boolean allowPostdate )
- {
- setOrClear( KdcOptions.ALLOW_POSTDATE, allowPostdate );
- }
-
-
- public void setPostdated( boolean postdated )
- {
- setOrClear( KdcOptions.POSTDATED, postdated );
- }
-
-
- public void setRenewableOk( boolean renewableOk )
- {
- setOrClear( KdcOptions.RENEWABLE_OK, renewableOk );
- }
-
-
- public void setRenewable( boolean renewable )
- {
- setOrClear( KdcOptions.RENEWABLE, renewable );
- }
-
-
- public KdcOptions getOptions()
- {
- return options;
- }
-
-
- public boolean isPreAuthEnabled()
- {
- return preAuthEnabled;
- }
-
-
- public void setPreAuthEnabled( boolean preAuthEnabled )
- {
- this.preAuthEnabled = preAuthEnabled;
- }
-
-
- public String getSName()
- {
- return KdcClientUtil.extractName( serverPrincipal );
- }
-
-
- public String getCName()
- {
- return KdcClientUtil.extractName( clientPrincipal );
- }
-
-
- public Set<EncryptionType> getETypes()
- {
- return eTypes;
- }
-
-
- public void setETypes( Set<EncryptionType> eTypes )
- {
- this.eTypes = eTypes;
- }
-
-
- private void setOrClear( int pos, boolean set )
- {
- if ( set )
- {
- options.setBit( pos );
- }
- else
- {
- options.clearBit( pos );
- }
- }
-}
diff --git a/kerberos-client/src/main/java/org/apache/directory/kerberos/credentials/cache/CacheInputStream.java b/kerberos-client/src/main/java/org/apache/directory/kerberos/credentials/cache/CacheInputStream.java
deleted file mode 100644
index 055fa7b..0000000
--- a/kerberos-client/src/main/java/org/apache/directory/kerberos/credentials/cache/CacheInputStream.java
+++ /dev/null
@@ -1,415 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.directory.kerberos.credentials.cache;
-
-
-import java.io.DataInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.nio.charset.StandardCharsets;
-import java.util.ArrayList;
-import java.util.List;
-
-import org.apache.directory.shared.kerberos.KerberosTime;
-import org.apache.directory.shared.kerberos.codec.KerberosDecoder;
-import org.apache.directory.shared.kerberos.codec.types.AuthorizationType;
-import org.apache.directory.shared.kerberos.codec.types.EncryptionType;
-import org.apache.directory.shared.kerberos.codec.types.HostAddrType;
-import org.apache.directory.shared.kerberos.components.AuthorizationData;
-import org.apache.directory.shared.kerberos.components.AuthorizationDataEntry;
-import org.apache.directory.shared.kerberos.components.EncryptionKey;
-import org.apache.directory.shared.kerberos.components.HostAddress;
-import org.apache.directory.shared.kerberos.components.HostAddresses;
-import org.apache.directory.shared.kerberos.components.PrincipalName;
-import org.apache.directory.shared.kerberos.flags.TicketFlags;
-
-
-/**
- * Reading credentials cache according to FCC format by reference the following
- * https://www.gnu.org/software/shishi/manual/html_node/The-Credential-Cache-Binary-File-Format.html
- *
- * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
- */
-public class CacheInputStream extends DataInputStream
-{
- public CacheInputStream( InputStream in )
- {
- super( in );
- }
-
-
- public void read( CredentialsCache cache ) throws IOException
- {
- int version;
- List<Tag> tags;
- PrincipalName principal;
- Credentials cred;
-
- version = readVersion();
- cache.setVersion( version );
-
- if ( version == CredentialsCacheConstants.FCC_FVNO_4 )
- {
- tags = readTag();
- }
- else
- {
- tags = null;
- }
- cache.setTags( tags );
-
- principal = readPrincipal( version );
- cache.setPrimaryPrincipalName( principal );
-
- while ( available() > 0 )
- {
- cred = readCredentials( version );
- if ( cred != null )
- {
- cache.addCredentials( cred );
- }
- }
- }
-
-
- private int readVersion() throws IOException
- {
- return readShort();
- }
-
-
- private List<Tag> readTag() throws IOException
- {
- int len;
- int tag;
- int taglen;
- int time;
- int usec;
-
- len = readShort();
- List<Tag> tags = new ArrayList<>();
-
- while ( len > 0 )
- {
- tag = readShort();
- taglen = readShort();
-
- if ( tag == CredentialsCacheConstants.FCC_TAG_DELTATIME )
- {
- time = readInt();
- usec = readInt();
- tags.add( new Tag( tag, time, usec ) );
- }
- else
- {
- read( new byte[taglen], 0, taglen ); // ignore unknown tag
- }
-
- len = len - ( 4 + taglen );
- }
-
- return tags;
- }
-
-
- private PrincipalName readPrincipal( int version ) throws IOException
- {
- int type;
- int length;
- PrincipalName pname;
-
- if ( version == CredentialsCacheConstants.FCC_FVNO_1 )
- {
- type = CredentialsCacheConstants.NT_UNKNOWN;
- }
- else
- {
- type = readInt();
- }
-
- length = readInt();
-
- if ( version == CredentialsCacheConstants.FCC_FVNO_1 )
- {
- length--;
- }
-
- String realm = readCountedString();
-
- String[] result = new String[length];
-
- for ( int i = 0; i < length; i++ )
- {
- result[i] = readCountedString();
- }
-
- pname = new PrincipalName( result, type );
-
- if ( isRealm( realm ) )
- {
- pname.setRealm( realm );
- }
-
- return pname;
- }
-
-
- private String readCountedString() throws IOException
- {
- int namelength = readInt();
- if ( namelength > CredentialsCacheConstants.MAXNAMELENGTH )
- {
- throw new IOException( "Invalid name length in principal name." );
- }
- byte[] bytes = new byte[namelength];
- read( bytes, 0, bytes.length );
-
- return new String( bytes, StandardCharsets.UTF_8 );
- }
-
-
- /*
- * Domain style realm names MUST look like domain names: they consist of
- * components separated by periods (.) and they contain neither colons
- * (:) nor slashes (/). When establishing a new realm name based on an
- * internet domain name it is recommended by convention that the characters
- * be converted to uppercase.
- */
- private static boolean isRealm( String str )
- {
- char chr;
- for ( int i = 0; i < str.length(); i++ )
- {
- chr = str.charAt( i );
- if ( chr != '.' && chr >= 'a' )
- {
- return false;
- }
- }
-
- return true;
- }
-
-
- private EncryptionKey readKey( int version ) throws IOException
- {
- int keyType;
- int keyLen;
- keyType = readShort();
-
- if ( version == CredentialsCacheConstants.FCC_FVNO_3 )
- {
- readShort();
- }
-
- // It's not correct with "uint16_t keylen", instead "uint32_t keylen" in keyblock
- keyLen = readInt();
- byte[] bytes = new byte[keyLen];
- read( bytes, 0, bytes.length );
-
- return new EncryptionKey( EncryptionType.getTypeByValue( keyType ), bytes );
- }
-
-
- private KerberosTime[] readKerberosTimes() throws IOException
- {
- long[] times = readTimes();
- KerberosTime[] results = new KerberosTime[times.length];
- KerberosTime ktime;
-
- for ( int i = 0; i < times.length; ++i )
- {
- ktime = times[i] == 0 ? null : new KerberosTime( times[i] );
- results[i] = ktime;
- }
-
- return results;
- }
-
-
- private long[] readTimes() throws IOException
- {
- long[] times = new long[4];
- times[0] = ( long ) readInt() * 1000;
- times[1] = ( long ) readInt() * 1000;
- times[2] = ( long ) readInt() * 1000;
- times[3] = ( long ) readInt() * 1000;
-
- return times;
- }
-
-
- private boolean readskey() throws IOException
- {
- return read() != 0;
- }
-
-
- private HostAddress[] readAddr() throws IOException
- {
- int numAddrs;
- int addrType;
- int addrLength;
- numAddrs = readInt();
-
- if ( numAddrs > 0 )
- {
- HostAddress[] addrs = new HostAddress[numAddrs];
-
- for ( int i = 0; i < numAddrs; i++ )
- {
- addrType = readShort();
- addrLength = readInt();
-
- if ( !( addrLength == 4 || addrLength == 16 ) )
- {
- return null;
- }
-
- byte[] result = new byte[addrLength];
-
- for ( int j = 0; j < addrLength; j++ )
- {
- result[j] = readByte();
- }
-
- addrs[i] = new HostAddress( HostAddrType.getTypeByOrdinal( addrType ), result );
- }
- return addrs;
- }
-
- return null;
- }
-
-
- private AuthorizationDataEntry[] readAuth() throws IOException
- {
- int num;
- int adtype;
- int adlength;
- num = readInt();
-
- if ( num > 0 )
- {
- AuthorizationDataEntry[] auData = new AuthorizationDataEntry[num];
- byte[] data = null;
-
- for ( int i = 0; i < num; i++ )
- {
- adtype = readShort();
- adlength = readInt();
- data = new byte[adlength];
- read( data, 0, data.length );
- auData[i] = new AuthorizationDataEntry( AuthorizationType.getTypeByValue( adtype ), data );
- }
-
- return auData;
- }
-
- return null;
- }
-
-
- private byte[] readData() throws IOException
- {
- int length;
- length = readInt();
- if ( length == 0 )
- {
- return null;
- }
- else
- {
- byte[] bytes = new byte[length];
- read( bytes, 0, length );
- return bytes;
- }
- }
-
-
- private int readFlags() throws IOException
- {
- int ticketFlags;
- ticketFlags = readInt();
- return ticketFlags;
- }
-
-
- private Credentials readCredentials( int version ) throws IOException
- {
- PrincipalName cpname = readPrincipal( version );
- PrincipalName spname = readPrincipal( version );
-
- EncryptionKey key = readKey( version );
-
- KerberosTime[] times = readKerberosTimes();
- KerberosTime authtime = times[0];
- KerberosTime starttime = times[1];
- KerberosTime endtime = times[2];
- KerberosTime renewTill = times[3];
-
- boolean skey = readskey();
-
- int flags = readFlags();
- TicketFlags tFlags = new TicketFlags( flags );
- HostAddress addr[] = readAddr();
- HostAddresses addrs = null;
-
- if ( addr != null )
- {
- addrs = new HostAddresses( addr );
- }
-
- AuthorizationDataEntry[] auDataEntries = readAuth();
- AuthorizationData auData = null;
-
- if ( auDataEntries != null )
- {
- auData = new AuthorizationData();
-
- for ( AuthorizationDataEntry ade : auDataEntries )
- {
- auData.addEntry( ade );
- }
- }
-
- byte[] ticketData = readData();
- byte[] ticketData2 = readData();
-
- if ( version != CredentialsCacheConstants.FCC_FVNO_1 &&
- spname.getNameType().getValue() == CredentialsCacheConstants.NT_UNKNOWN )
- {
- // skip krb5_ccache_conf_data/fast_avail/krbtgt/REALM@REALM in MIT KRB5
- return null;
- }
-
- try
- {
- return new Credentials( cpname, spname, key, authtime, starttime,
- endtime, renewTill, skey, tFlags, addrs, auData,
- ticketData != null ? KerberosDecoder.decodeTicket( ticketData ) : null,
- ticketData2 != null ? KerberosDecoder.decodeTicket( ticketData2 ) : null );
- }
- catch ( Exception e )
- {
- return null;
- }
- }
-}
diff --git a/kerberos-client/src/main/java/org/apache/directory/kerberos/credentials/cache/CacheOutputStream.java b/kerberos-client/src/main/java/org/apache/directory/kerberos/credentials/cache/CacheOutputStream.java
deleted file mode 100644
index 40d5a7e..0000000
--- a/kerberos-client/src/main/java/org/apache/directory/kerberos/credentials/cache/CacheOutputStream.java
+++ /dev/null
@@ -1,266 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.directory.kerberos.credentials.cache;
-
-
-import java.io.DataOutputStream;
-import java.io.IOException;
-import java.io.OutputStream;
-import java.util.List;
-
-import org.apache.directory.api.util.Strings;
-import org.apache.directory.shared.kerberos.KerberosTime;
-import org.apache.directory.shared.kerberos.codec.KerberosEncoder;
-import org.apache.directory.shared.kerberos.components.AuthorizationData;
-import org.apache.directory.shared.kerberos.components.AuthorizationDataEntry;
-import org.apache.directory.shared.kerberos.components.EncryptionKey;
-import org.apache.directory.shared.kerberos.components.HostAddress;
-import org.apache.directory.shared.kerberos.components.HostAddresses;
-import org.apache.directory.shared.kerberos.components.PrincipalName;
-import org.apache.directory.shared.kerberos.messages.Ticket;
-
-
-/**
- * Writing credentials cache according to FCC format by reference the following
- * https://www.gnu.org/software/shishi/manual/html_node/The-Credential-Cache-Binary-File-Format.html
- *
- * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
- */
-public class CacheOutputStream extends DataOutputStream
-{
-
- public CacheOutputStream( OutputStream out )
- {
- super( out );
- }
-
-
- public void write( CredentialsCache credCache ) throws IOException
- {
- /**
- * Currently we always write using this version to limit the test effort.
- * This version seems to be the easiest to be compatible with MIT tools.
- * In future we might allow to specify the format version to write if necessary.
- */
- int writeVersion = CredentialsCacheConstants.FCC_FVNO_3;
-
- writeVersion( writeVersion );
-
- if ( writeVersion == CredentialsCacheConstants.FCC_FVNO_4 )
- {
- writeTags( credCache.getTags() );
- }
-
- writePrincipal( credCache.getPrimaryPrincipalName(), writeVersion );
-
- List<Credentials> credentialsList = credCache.getCredsList();
- if ( credentialsList != null )
- {
- for ( Credentials cred : credentialsList )
- {
- writeCredentials( cred, writeVersion );
- }
- }
- }
-
-
- private void writeVersion( int version ) throws IOException
- {
- writeShort( version );
- }
-
-
- private void writeTags( List<Tag> tags ) throws IOException
- {
- int length = 0;
- if ( tags != null )
- {
- for ( Tag tag : tags )
- {
- if ( tag.tag != CredentialsCacheConstants.FCC_TAG_DELTATIME )
- {
- continue;
- }
- length += tag.length;
- }
- }
-
- writeShort( length );
-
- if ( tags != null )
- {
- for ( Tag tag : tags )
- {
- if ( tag.tag != CredentialsCacheConstants.FCC_TAG_DELTATIME )
- {
- continue;
- }
- writeTag( tag );
- }
- }
- }
-
-
- private void writeTag( Tag tag ) throws IOException
- {
- writeShort( tag.tag );
- writeShort( tag.length );
- writeInt( tag.time );
- writeInt( tag.usec );
- }
-
-
- private void writePrincipal( PrincipalName pname, int version ) throws IOException
- {
- int num = pname.getNames().size();
-
- if ( version != CredentialsCacheConstants.FCC_FVNO_1 )
- {
- writeInt( pname.getNameType().getValue() );
- }
- else
- {
- num++;
- }
-
- writeInt( num );
-
- if ( pname.getRealm() != null )
- {
- byte[] realmBytes = null;
- realmBytes = Strings.getBytesUtf8( pname.getRealm() );
- writeInt( realmBytes.length );
- write( realmBytes );
- }
- else
- {
- writeInt( 0 );
- }
-
- byte[] bytes = null;
- for ( int i = 0; i < pname.getNames().size(); i++ )
- {
- bytes = Strings.getBytesUtf8( pname.getNames().get( i ) );
- writeInt( bytes.length );
- write( bytes );
- }
- }
-
-
- private void writeCredentials( Credentials creds, int version ) throws IOException
- {
- writePrincipal( creds.getClientName(), version );
- writePrincipal( creds.getServerName(), version );
- writeKey( creds.getKey(), version );
-
- writeKerberosTime( creds.getAuthTime() );
- writeKerberosTime( creds.getStartTime() );
- writeKerberosTime( creds.getEndTime() );
- writeKerberosTime( creds.getRenewTill() );
-
- writeByte( creds.isEncInSKey() ? 1 : 0 );
-
- writeInt( creds.getFlags().getIntValue() );
-
- writeAddrs( creds.getClientAddresses() );
- writeAuth( creds.getAuthzData() );
-
- writeTicket( creds.getTicket() );
- writeTicket( creds.getSecondTicket() );
- }
-
-
- private void writeKerberosTime( KerberosTime ktime ) throws IOException
- {
- int time = 0;
- if ( ktime != null )
- {
- time = ( int ) ( ktime.getTime() / 1000 );
- }
- writeInt( time );
- }
-
-
- private void writeKey( EncryptionKey key, int version ) throws IOException
- {
- writeShort( key.getKeyType().getValue() );
- if ( version == CredentialsCacheConstants.FCC_FVNO_3 )
- {
- writeShort( key.getKeyType().getValue() );
- }
- // It's not correct with "uint16_t keylen", instead "uint32_t keylen" in keyblock
- writeInt( key.getKeyValue().length );
- write( key.getKeyValue() );
- }
-
-
- private void writeAddrs( HostAddresses addresses ) throws IOException
- {
- if ( addresses == null )
- {
- writeInt( 0 );
- }
- else
- {
- HostAddress[] addrs = addresses.getAddresses();
- write( addrs.length );
- for ( int i = 0; i < addrs.length; i++ )
- {
- write( addrs[i].getAddrType().getValue() );
- write( addrs[i].getAddress().length );
- write( addrs[i].getAddress(), 0,
- addrs[i].getAddress().length );
- }
- }
- }
-
-
- private void writeAuth( AuthorizationData authData ) throws IOException
- {
- if ( authData == null )
- {
- writeInt( 0 );
- }
- else
- {
- for ( AuthorizationDataEntry ade : authData.getAuthorizationData() )
- {
- write( ade.getAdType().getValue() );
- write( ade.getAdData().length );
- write( ade.getAdData() );
- }
- }
- }
-
-
- private void writeTicket( Ticket t ) throws IOException
- {
- if ( t == null )
- {
- writeInt( 0 );
- }
- else
- {
- byte[] bytes = KerberosEncoder.encode( t, false ).array();
- writeInt( bytes.length );
- write( bytes );
- }
- }
-}
diff --git a/kerberos-client/src/main/java/org/apache/directory/kerberos/credentials/cache/Credentials.java b/kerberos-client/src/main/java/org/apache/directory/kerberos/credentials/cache/Credentials.java
deleted file mode 100644
index 834a59a..0000000
--- a/kerberos-client/src/main/java/org/apache/directory/kerberos/credentials/cache/Credentials.java
+++ /dev/null
@@ -1,260 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.directory.kerberos.credentials.cache;
-
-
-import java.text.ParseException;
-
-import org.apache.directory.kerberos.client.AbstractTicket;
-import org.apache.directory.kerberos.client.TgTicket;
-import org.apache.directory.shared.kerberos.KerberosTime;
-import org.apache.directory.shared.kerberos.codec.types.PrincipalNameType;
-import org.apache.directory.shared.kerberos.components.AuthorizationData;
-import org.apache.directory.shared.kerberos.components.EncKdcRepPart;
-import org.apache.directory.shared.kerberos.components.EncryptionKey;
-import org.apache.directory.shared.kerberos.components.HostAddresses;
-import org.apache.directory.shared.kerberos.components.PrincipalName;
-import org.apache.directory.shared.kerberos.flags.TicketFlags;
-import org.apache.directory.shared.kerberos.messages.Ticket;
-
-
-/**
- * Looks like KrbCredInfo can be used here, however it's not enough for this
- *
- * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
- */
-public class Credentials
-{
-
- private PrincipalName clientName;
- private String clientRealm;
- private PrincipalName serverName;
- private String serverRealm;
- private EncryptionKey key;
- private KerberosTime authTime;
- private KerberosTime startTime;
- private KerberosTime endTime;
- private KerberosTime renewTill;
- private HostAddresses clientAddresses;
- private AuthorizationData authzData;
- private boolean isEncInSKey;
- private TicketFlags flags;
- private Ticket ticket;
- private Ticket secondTicket;
-
-
- public Credentials(
- PrincipalName cname,
- PrincipalName sname,
- EncryptionKey ekey,
- KerberosTime authtime,
- KerberosTime starttime,
- KerberosTime endtime,
- KerberosTime renewTill,
- boolean isEncInSKey,
- TicketFlags flags,
- HostAddresses caddr,
- AuthorizationData authData,
- Ticket ticket,
- Ticket secondTicket )
- {
- this.clientName = ( PrincipalName ) cname;
-
- if ( cname.getRealm() != null )
- {
- clientRealm = cname.getRealm();
- }
-
- this.serverName = ( PrincipalName ) sname;
-
- if ( sname.getRealm() != null )
- {
- serverRealm = sname.getRealm();
- }
-
- this.key = ekey;
-
- this.authTime = authtime;
- this.startTime = starttime;
- this.endTime = endtime;
- this.renewTill = renewTill;
- this.clientAddresses = caddr;
- this.authzData = authData;
- this.isEncInSKey = isEncInSKey;
- this.flags = flags;
- this.ticket = ticket;
- this.secondTicket = secondTicket;
- }
-
-
- public Credentials( TgTicket tgt )
- {
- PrincipalName clientPrincipal = null;
- try
- {
- clientPrincipal = new PrincipalName( tgt.getClientName(),
- PrincipalNameType.KRB_NT_PRINCIPAL );
- }
- catch ( ParseException e )
- {
- throw new RuntimeException( "Invalid tgt with bad client name" );
- }
-
- clientPrincipal.setRealm( tgt.getRealm() );
-
- init( tgt, clientPrincipal );
- }
-
-
- public Credentials( AbstractTicket tkt, PrincipalName clientPrincipal )
- {
- init( tkt, clientPrincipal );
- }
-
-
- private void init( AbstractTicket tkt, PrincipalName clientPrincipal )
- {
- EncKdcRepPart kdcRepPart = tkt.getEncKdcRepPart();
-
- this.serverName = kdcRepPart.getSName();
- this.serverRealm = kdcRepPart.getSRealm();
- this.serverName.setRealm( serverRealm );
-
- this.clientName = clientPrincipal;
-
- this.key = kdcRepPart.getKey();
- this.authTime = kdcRepPart.getAuthTime();
- this.startTime = kdcRepPart.getStartTime();
- this.endTime = kdcRepPart.getEndTime();
-
- this.renewTill = kdcRepPart.getRenewTill();
-
- this.flags = kdcRepPart.getFlags();
- this.clientAddresses = kdcRepPart.getClientAddresses();
-
- this.ticket = tkt.getTicket();
-
- this.isEncInSKey = false;
-
- this.secondTicket = null;
- }
-
-
- public PrincipalName getServicePrincipal()
- {
- return serverName;
- }
-
-
- public KerberosTime getAuthTime()
- {
- return authTime;
- }
-
-
- public KerberosTime getEndTime()
- {
- return endTime;
- }
-
-
- public TicketFlags getTicketFlags()
- {
- return flags;
- }
-
-
- public int getEType()
- {
- return key.getKeyType().getValue();
- }
-
-
- public PrincipalName getClientName()
- {
- return clientName;
- }
-
-
- public PrincipalName getServerName()
- {
- return serverName;
- }
-
-
- public String getClientRealm()
- {
- return clientRealm;
- }
-
-
- public EncryptionKey getKey()
- {
- return key;
- }
-
-
- public KerberosTime getStartTime()
- {
- return startTime;
- }
-
-
- public KerberosTime getRenewTill()
- {
- return renewTill;
- }
-
-
- public HostAddresses getClientAddresses()
- {
- return clientAddresses;
- }
-
-
- public AuthorizationData getAuthzData()
- {
- return authzData;
- }
-
-
- public boolean isEncInSKey()
- {
- return isEncInSKey;
- }
-
-
- public TicketFlags getFlags()
- {
- return flags;
- }
-
-
- public Ticket getTicket()
- {
- return ticket;
- }
-
-
- public Ticket getSecondTicket()
- {
- return secondTicket;
- }
-}
diff --git a/kerberos-client/src/main/java/org/apache/directory/kerberos/credentials/cache/CredentialsCache.java b/kerberos-client/src/main/java/org/apache/directory/kerberos/credentials/cache/CredentialsCache.java
deleted file mode 100644
index 1fb0d50..0000000
--- a/kerberos-client/src/main/java/org/apache/directory/kerberos/credentials/cache/CredentialsCache.java
+++ /dev/null
@@ -1,175 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.directory.kerberos.credentials.cache;
-
-
-import java.io.ByteArrayInputStream;
-import java.io.File;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-import java.nio.file.Files;
-import java.util.ArrayList;
-import java.util.List;
-
-import org.apache.directory.shared.kerberos.components.PrincipalName;
-
-
-/**
- * Kerberos credentials cache in FCC format
- *
- * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
- */
-public class CredentialsCache
-{
- private int version = CredentialsCacheConstants.FCC_FVNO_4;
- private List<Tag> tags;
- private PrincipalName primaryPrincipal;
- private List<Credentials> credentialsList = new ArrayList<>();
-
-
- public static CredentialsCache load( File cacheFile ) throws IOException
- {
- return load( Files.newInputStream( cacheFile.toPath() ) );
- }
-
-
- public static CredentialsCache load( InputStream is ) throws IOException
- {
- try (CacheInputStream cis = new CacheInputStream( is ))
- {
- CredentialsCache credCache = new CredentialsCache();
- cis.read( credCache );
- return credCache;
- }
- }
-
-
- public static void store( File fileName, CredentialsCache credCache ) throws IOException
- {
- store( Files.newOutputStream( fileName.toPath() ), credCache );
- }
-
-
- public static void store( OutputStream os, CredentialsCache credCache ) throws IOException
- {
- CacheOutputStream cos = new CacheOutputStream( os );
-
- cos.write( credCache );
-
- cos.close();
- }
-
-
- public void addCredentials( Credentials cred )
- {
- this.credentialsList.add( cred );
- }
-
-
- public int getVersion()
- {
- return this.version;
- }
-
-
- public void setVersion( int version )
- {
- this.version = version;
- }
-
-
- /**
- * @return the primary principal
- */
- public PrincipalName getPrimaryPrincipalName()
- {
- return this.primaryPrincipal;
- }
-
-
- /**
- * Set the primary principal
- *
- * @param principal The PrincipalName to set
- */
- public void setPrimaryPrincipalName( PrincipalName principal )
- {
- this.primaryPrincipal = principal;
- }
-
-
- public void setTags( List<Tag> tags )
- {
- this.tags = tags;
- }
-
-
- public List<Tag> getTags()
- {
- return this.tags;
- }
-
-
- /**
- * @return the credentials entries
- */
- public List<Credentials> getCredsList()
- {
- return this.credentialsList;
- }
-
-
- public static void main( String[] args ) throws IOException
- {
- String dumpFile = Files.createTempFile( "credCache-", ".cc" ).toFile().getAbsolutePath();
- System.out.println( "This tool tests CredentialsCache reading and writing, " +
- "and will load the built-in sample credentials cache by default, and dump to " + dumpFile );
-
- System.out
- .println( "To specify your own credentials cache file, run this as: CredentialsCache [cred-cache-file] " );
-
- System.out.println( "When dumped successfully, run 'klist -e -c' from MIT to check the dumped file" );
-
- CredentialsCache cc;
- String cacheFile = args.length > 0 ? args[0] : null;
- if ( cacheFile == null )
- {
- byte[] sampleCache = SampleCredentialsCacheResource.getCacheContent();
- ByteArrayInputStream bais = new ByteArrayInputStream( sampleCache );
- cc = CredentialsCache.load( bais );
- }
- else
- {
- cc = CredentialsCache.load( new File( cacheFile ) );
- }
-
- if ( cc != null )
- {
- System.out.println( "Reading credentials cache is successful" );
-
- File tmpCacheFile = new File( dumpFile );
- tmpCacheFile.delete();
- CredentialsCache.store( tmpCacheFile, cc );
-
- System.out.println( "Writing credentials cache successfully to: " + dumpFile );
- }
- }
-}
diff --git a/kerberos-client/src/main/java/org/apache/directory/kerberos/credentials/cache/CredentialsCacheConstants.java b/kerberos-client/src/main/java/org/apache/directory/kerberos/credentials/cache/CredentialsCacheConstants.java
deleted file mode 100644
index 8cbde9b..0000000
--- a/kerberos-client/src/main/java/org/apache/directory/kerberos/credentials/cache/CredentialsCacheConstants.java
+++ /dev/null
@@ -1,36 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.directory.kerberos.credentials.cache;
-
-
-/**
- *
- * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
- */
-public interface CredentialsCacheConstants
-{
- public static final int FCC_FVNO_1 = 0x501;
- public static final int FCC_FVNO_2 = 0x502;
- public static final int FCC_FVNO_3 = 0x503;
- public static final int FCC_FVNO_4 = 0x504;
- public static final int FCC_TAG_DELTATIME = 1;
- public static final int NT_UNKNOWN = 0;
- public static final int MAXNAMELENGTH = 1024;
-}
diff --git a/kerberos-client/src/main/java/org/apache/directory/kerberos/credentials/cache/SampleCredentialsCacheResource.java b/kerberos-client/src/main/java/org/apache/directory/kerberos/credentials/cache/SampleCredentialsCacheResource.java
deleted file mode 100644
index a8b3257..0000000
--- a/kerberos-client/src/main/java/org/apache/directory/kerberos/credentials/cache/SampleCredentialsCacheResource.java
+++ /dev/null
@@ -1,120 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.directory.kerberos.credentials.cache;
-
-
-import org.apache.directory.api.util.Base64;
-
-
-/**
- * This is a sample credentials cache generated using MIT KRB5 kinit command.
- * SAMPLE_CACHE_CONTENT is the content of the sample cache encoded in base64.
- * It's not just for unit test, but also for development, so better to maintain it here,
- * instead of just as resource file.
- *
- * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
- */
-public class SampleCredentialsCacheResource
-{
- /**
- * klist
- * Ticket cache: FILE:/tmp/krb5cc_0
- * Default principal: apacheds@SH.INTEL.COM
- *
- * Valid starting Expires Service principal
- * 09/06/13 01:54:10 09/06/13 11:54:10 krbtgt/SH.INTEL.COM@SH.INTEL.COM
- * renew until 09/07/13 01:54:07
- * 09/06/13 01:54:11 09/06/13 11:54:10 host/hadoop-nn.sh.intel.com@SH.INTEL.COM
- * renew until 09/07/13 01:54:07
- */
- private static final String SAMPLE_CACHE_CONTENT = "BQQADAABAAgAAAAAAAAAAAAAAAEAAAABAAAADFNILklOVEVMLkNPTQAAAAhhcGFjaGVkcwAAAAEA"
- +
- "AAABAAAADFNILklOVEVMLkNPTQAAAAhhcGFjaGVkcwAAAAIAAAACAAAADFNILklOVEVMLkNPTQAA" +
- "AAZrcmJ0Z3QAAAAMU0guSU5URUwuQ09NAAEAAAAI3H/4OE/NpCpSKGeiUihnolIo9EJSKbkfAEDh" +
- "AAAAAAAAAAAAAAAAAUFhggE9MIIBOaADAgEFoQ4bDFNILklOVEVMLkNPTaIhMB+gAwIBAqEYMBYb" +
- "BmtyYnRndBsMU0guSU5URUwuQ09No4H+MIH7oAMCARehAwIBAaKB7gSB6/v51fFhnp/E2uto2e9I" +
- "9+RUk2grlKW9pYQUc4lAV602hdP6I80s1KU1rNtezbmf8plmxdZ48yogt0KwzAoGoFWCiZk4S1dR" +
- "zzvl/TmNtk9q1gFuVycoP1EvScPYWhdTPAR4/t1Si1DKrYY19eegYmv6PfKoisdAADatLOjqJsVc" +
- "Ntl/cUU4qUJfm181X1b+mguIdAX4jKzWbEc52pYQr8UIDl3TNT8OIzmQC0Wjn93ocOpKwOGsclbN" +
- "OoxSfqpxvARjg+uE5HSm5tX7nUsccjhKMJ76Uy78CEULXkg6ySPYiim5wKVvgwxI7/AAAAAAAAAA" +
- "AQAAAAEAAAAMU0guSU5URUwuQ09NAAAACGFwYWNoZWRzAAAAAAAAAAMAAAAMWC1DQUNIRUNPTkY6" +
- "AAAAFWtyYjVfY2NhY2hlX2NvbmZfZGF0YQAAAApmYXN0X2F2YWlsAAAAIGtyYnRndC9TSC5JTlRF" +
- "TC5DT01AU0guSU5URUwuQ09NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD" +
- "eWVzAAAAAAAAAAEAAAABAAAADFNILklOVEVMLkNPTQAAAAhhcGFjaGVkcwAAAAMAAAACAAAADFNI" +
- "LklOVEVMLkNPTQAAAARob3N0AAAAFmhhZG9vcC1ubi5zaC5pbnRlbC5jb20AAQAAAAgsx5ub9wI0" +
- "01IoZ6JSKGemUij0QlIpuR8AQKkAAAAAAAAAAAAAAAABX2GCAVswggFXoAMCAQWhDhsMU0guSU5U" +
- "RUwuQ09NoikwJ6ADAgEDoSAwHhsEaG9zdBsWaGFkb29wLW5uLnNoLmludGVsLmNvbaOCARMwggEP" +
- "oAMCARehAwIBB6KCAQEEgf7Z6Xz1bYJ9uE4e2Buyrp2aflcqgVoh9YUVAZyIiqpsrMa71wMuZFUl" +
- "FD+S58Q3T39pZ9vIfXENNoKje1Y5kyImPHC1D/eHIeUN9v5kmDPJP9U31di8dOi3TbHUQWWLbB6k" +
- "+uQE25GAP2hQg0vm5WtU3Fjo0ysXQTMpe+FSwe9ca9V3soPSbDhmlEt8WjAY05iXD8Fe6o/aY/PJ" +
- "nElmCwQayRT87vENJI9LeMVEzhIjxBmg124G4nGnjUCaf++G03kJ04mLFZDB9kS8sA7V8AT1IF00" +
- "ehpt7c9KbUM1Iz/S3Ni5hq8IfdOTSWMjGdNIsUMhJmivYFzQ0PRBzSBxbAAAAAA=";
-
- private static final String SAMPLE_PRINCIPAL = "apacheds";
- private static final String SAMPLE_REALM = "SH.INTEL.COM";
- private static final String[] SAMPLE_SERVERS = new String[]
- { "krbtgt/SH.INTEL.COM", "host/hadoop-nn.sh.intel.com" };
-
-
- public static byte[] getCacheContent()
- {
- return Base64.decode( SampleCredentialsCacheResource.SAMPLE_CACHE_CONTENT.toCharArray() );
- }
-
-
- /**
- * @return the primary principal name contained in the sample cache
- */
- public static String getSamplePrincipal()
- {
- return SAMPLE_PRINCIPAL;
- }
-
-
- /**
- * @return the realm contained in the sample cache
- */
- public static String getSampleRealm()
- {
- return SAMPLE_REALM;
- }
-
-
- /**
- * Get the servers in the tickets contained in the sample cache
- *
- * @return The sample servers
- */
- public static String[] getSampleServers()
- {
- return SAMPLE_SERVERS;
- }
-
-
- /**
- * Get the tickets count in the sample cache
- *
- * @return Always 2
- */
- public static int getSampleTicketsCount()
- {
- return 2;
- }
-}
diff --git a/kerberos-client/src/main/java/org/apache/directory/kerberos/credentials/cache/Tag.java b/kerberos-client/src/main/java/org/apache/directory/kerberos/credentials/cache/Tag.java
deleted file mode 100644
index 2c44505..0000000
--- a/kerberos-client/src/main/java/org/apache/directory/kerberos/credentials/cache/Tag.java
+++ /dev/null
@@ -1,42 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.directory.kerberos.credentials.cache;
-
-
-/**
- *
- * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
- */
-public class Tag
-{
- int tag = 0;
- int tagLen = 8;
- int time = 0;
- int usec = 0;
- int length = 2 + 2 + 8; // len(tag) + len(tagLen) + len(tagData);
-
-
- public Tag( int tag, int time, int usec )
- {
- this.tag = tag;
- this.time = time;
- this.usec = usec;
- }
-}
diff --git a/kerberos-client/src/test/java/org/apache/directory/kerberos/client/CredentialsCacheTest.java b/kerberos-client/src/test/java/org/apache/directory/kerberos/client/CredentialsCacheTest.java
deleted file mode 100644
index 75e19d5..0000000
--- a/kerberos-client/src/test/java/org/apache/directory/kerberos/client/CredentialsCacheTest.java
+++ /dev/null
@@ -1,74 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.directory.kerberos.client;
-
-
-import static org.junit.Assert.assertTrue;
-import static org.junit.Assert.fail;
-
-import java.io.ByteArrayInputStream;
-import java.util.HashSet;
-import java.util.Set;
-
-import org.apache.directory.kerberos.credentials.cache.Credentials;
-import org.apache.directory.kerberos.credentials.cache.CredentialsCache;
-import org.apache.directory.kerberos.credentials.cache.SampleCredentialsCacheResource;
-import org.apache.directory.shared.kerberos.components.PrincipalName;
-import org.junit.jupiter.api.Test;
-
-/**
- *
- * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
- */
-public class CredentialsCacheTest
-{
- @Test
- public void testReadMITCredCache()
- {
- byte[] sampleCache = SampleCredentialsCacheResource.getCacheContent();
-
- try ( ByteArrayInputStream bais = new ByteArrayInputStream(sampleCache) )
- {
- CredentialsCache cc = CredentialsCache.load(bais);
-
- PrincipalName principal = cc.getPrimaryPrincipalName();
- assertTrue( principal.getNameString().equals( SampleCredentialsCacheResource.getSamplePrincipal() ) );
- assertTrue( principal.getRealm().equals( SampleCredentialsCacheResource.getSampleRealm() ) );
-
- assertTrue( cc.getCredsList().size() == SampleCredentialsCacheResource.getSampleTicketsCount() );
-
- Set<String> servers = new HashSet<String>();
- for (String server : SampleCredentialsCacheResource.getSampleServers())
- {
- servers.add( server );
- }
-
- String tktServer;
- for (Credentials cred : cc.getCredsList()) {
- tktServer = cred.getTicket().getSName().getNameString();
- assertTrue( servers.contains( tktServer ) );
- }
- }
- catch ( Exception ike )
- {
- fail( "Testing failed due to " + ike.getMessage() );
- }
- }
-}
diff --git a/kerberos-client/src/test/java/org/apache/directory/kerberos/client/KdcAsRepTest.java b/kerberos-client/src/test/java/org/apache/directory/kerberos/client/KdcAsRepTest.java
deleted file mode 100644
index e8848ff..0000000
--- a/kerberos-client/src/test/java/org/apache/directory/kerberos/client/KdcAsRepTest.java
+++ /dev/null
@@ -1,235 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.directory.kerberos.client;
-
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertNotNull;
-import static org.junit.Assert.fail;
-
-import java.nio.ByteBuffer;
-
-import org.apache.directory.api.asn1.ber.Asn1Decoder;
-import org.apache.directory.api.ldap.model.entry.DefaultEntry;
-import org.apache.directory.api.ldap.model.entry.Entry;
-import org.apache.directory.kerberos.client.KdcConnection;
-import org.apache.directory.kerberos.client.TgTicket;
-import org.apache.directory.kerberos.client.TgtRequest;
-import org.apache.directory.server.annotations.CreateKdcServer;
-import org.apache.directory.server.annotations.CreateLdapServer;
-import org.apache.directory.server.annotations.CreateTransport;
-import org.apache.directory.server.core.annotations.ApplyLdifs;
-import org.apache.directory.server.core.annotations.ContextEntry;
-import org.apache.directory.server.core.annotations.CreateDS;
-import org.apache.directory.server.core.annotations.CreatePartition;
-import org.apache.directory.server.core.api.CoreSession;
-import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
-import org.apache.directory.server.core.integ.FrameworkRunner;
-import org.apache.directory.server.core.kerberos.KeyDerivationInterceptor;
-import org.apache.directory.shared.kerberos.codec.methodData.MethodDataContainer;
-import org.apache.directory.shared.kerberos.codec.types.PaDataType;
-import org.apache.directory.shared.kerberos.components.MethodData;
-import org.apache.directory.shared.kerberos.exceptions.ErrorType;
-import org.apache.directory.shared.kerberos.exceptions.KerberosException;
-import org.apache.directory.shared.kerberos.messages.KrbError;
-import org.junit.Before;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-
-
-@RunWith(FrameworkRunner.class)
-@CreateDS(name = "KdcAsRepTest-class", enableChangeLog = false,
- partitions =
- {
- @CreatePartition(
- name = "example",
- suffix = "dc=example,dc=com",
- contextEntry=@ContextEntry( entryLdif =
- "dn: dc=example,dc=com\n" +
- "objectClass: domain\n" +
- "dc: example" ) )
- },
- additionalInterceptors =
- {
- KeyDerivationInterceptor.class
- })
-@CreateLdapServer(
- transports =
- {
- @CreateTransport(protocol = "LDAP")
- })
-@CreateKdcServer(
- searchBaseDn = "dc=example,dc=com",
- transports =
- {
- @CreateTransport(protocol = "TCP")
- })
-@ApplyLdifs({
- // krbtgt
- "dn: uid=krbtgt,dc=example,dc=com",
- "objectClass: top",
- "objectClass: person",
- "objectClass: inetOrgPerson",
- "objectClass: krb5principal",
- "objectClass: krb5kdcentry",
- "cn: KDC Service",
- "sn: Service",
- "uid: krbtgt",
- "userPassword: secret",
- "krb5PrincipalName: krbtgt/EXAMPLE.COM@EXAMPLE.COM",
- "krb5KeyVersionNumber: 0",
-
- //app service
- "dn: uid=ldap,dc=example,dc=com",
- "objectClass: top",
- "objectClass: person",
- "objectClass: inetOrgPerson",
- "objectClass: krb5principal",
- "objectClass: krb5kdcentry",
- "cn: LDAP",
- "sn: Service",
- "uid: ldap",
- "userPassword: randall",
- "krb5PrincipalName: ldap/localhost@EXAMPLE.COM",
- "krb5KeyVersionNumber: 0"
-})
-public class KdcAsRepTest extends AbstractLdapTestUnit
-{
- public static final String USERS_DN = "dc=example,dc=com";
-
- private static CoreSession session;
-
- private static KdcConnection conn;
-
- private String userPassword = "secret";
-
- private String principalName = "will@EXAMPLE.COM";
-
- @Before
- public void setup() throws Exception
- {
- if ( session == null )
- {
- kdcServer.setSearchBaseDn( USERS_DN );
- session = kdcServer.getDirectoryService().getAdminSession();
- createPrincipal( "will", userPassword, principalName );
- }
-
- if ( conn == null )
- {
- KdcConfig config = KdcConfig.getDefaultConfig();
- config.setUseUdp( false );
- config.setKdcPort( kdcServer.getTcpPort() );
- config.setEncryptionTypes( kdcServer.getConfig().getEncryptionTypes() );
- config.setTimeout( Integer.MAX_VALUE );
- conn = new KdcConnection( config );
- }
- }
-
-
- @Test
- public void testKrbErrUnknwonClientPrincipal() throws Exception
- {
- try
- {
- conn.getTgt( "unknown@EXAMPLE.COM", userPassword );
- }
- catch( KerberosException e )
- {
- KrbError err = e.getError();
- assertNotNull( err );
- assertEquals( ErrorType.KDC_ERR_C_PRINCIPAL_UNKNOWN, err.getErrorCode() );
- }
- }
-
-
- @Test
- public void testKrbErrPreAuthRequired() throws Exception
- {
- TgtRequest tgtReq = new TgtRequest();
- tgtReq.setClientPrincipal( principalName );
- tgtReq.setPassword( userPassword );
-
- try
- {
- conn._getTgt( tgtReq );
- }
- catch( KerberosException e )
- {
- KrbError err = e.getError();
- assertNotNull( err );
- assertEquals( ErrorType.KDC_ERR_PREAUTH_REQUIRED, err.getErrorCode() );
- byte[] eData = err.getEData();
- ByteBuffer stream = ByteBuffer.allocate( eData.length );
- stream.put( eData );
- stream.flip();
-
- MethodDataContainer container = new MethodDataContainer();
- container.setStream( stream );
- Asn1Decoder.decode( stream, container );
- MethodData padata = container.getMethodData();
- assertEquals( 2, padata.getPaDatas().length );
- assertEquals( PaDataType.PA_ENCTYPE_INFO2, padata.getPaDatas()[1].getPaDataType() );
- assertEquals( PaDataType.PA_ENC_TIMESTAMP, padata.getPaDatas()[0].getPaDataType() );
- }
- }
-
-
- @Test
- public void testKrbErrCantPostdate() throws Exception
- {
- TgtRequest tgtReq = new TgtRequest();
- tgtReq.setClientPrincipal( principalName );
- tgtReq.setPassword( userPassword );
- tgtReq.setStartTime( System.currentTimeMillis() + 600000 ); // now + 10 min
-
- try
- {
- conn.getTgt( tgtReq );
- fail("should fail with KDC_ERR_CANNOT_POSTDATE");
- }
- catch( KerberosException e )
- {
- KrbError err = e.getError();
- assertNotNull( err );
- assertEquals( ErrorType.KDC_ERR_CANNOT_POSTDATE, err.getErrorCode() );
- }
-
- tgtReq.setPostdated( true );
- TgTicket tgt = conn.getTgt( tgtReq );
- assertNotNull( tgt );
- }
-
-
- private String createPrincipal( String uid, String userPassword, String principalName ) throws Exception
- {
- Entry entry = new DefaultEntry( session.getDirectoryService().getSchemaManager() );
- entry.setDn( "uid=" + uid + "," + USERS_DN );
- entry.add( "objectClass", "top", "person", "inetOrgPerson", "krb5principal", "krb5kdcentry" );
- entry.add( "cn", uid );
- entry.add( "sn", uid );
- entry.add( "uid", uid );
- entry.add( "userPassword", userPassword );
- entry.add( "krb5PrincipalName", principalName );
- entry.add( "krb5KeyVersionNumber", "0" );
- session.add( entry );
-
- return entry.getDn().getName();
- }
-}
diff --git a/kerberos-client/src/test/java/org/apache/directory/kerberos/client/KdcConnectionTest.java b/kerberos-client/src/test/java/org/apache/directory/kerberos/client/KdcConnectionTest.java
deleted file mode 100644
index 896a640..0000000
--- a/kerberos-client/src/test/java/org/apache/directory/kerberos/client/KdcConnectionTest.java
+++ /dev/null
@@ -1,299 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.directory.kerberos.client;
-
-
-import static org.apache.directory.kerberos.client.ChangePasswordResultCode.KRB5_KPASSWD_SUCCESS;
-import static org.junit.Assert.assertFalse;
-import static org.junit.Assert.assertNotNull;
-import static org.junit.Assert.assertTrue;
-import static org.junit.Assert.fail;
-
-import java.io.File;
-
-import org.apache.directory.api.ldap.model.entry.DefaultEntry;
-import org.apache.directory.api.ldap.model.entry.Entry;
-import org.apache.directory.api.ldap.model.name.Dn;
-import org.apache.directory.kerberos.client.Kinit;
-import org.apache.directory.kerberos.credentials.cache.CredentialsCache;
-import org.apache.directory.server.annotations.CreateChngPwdServer;
-import org.apache.directory.server.annotations.CreateKdcServer;
-import org.apache.directory.server.annotations.CreateLdapServer;
-import org.apache.directory.server.annotations.CreateTransport;
-import org.apache.directory.server.core.annotations.ApplyLdifs;
-import org.apache.directory.server.core.annotations.ContextEntry;
-import org.apache.directory.server.core.annotations.CreateDS;
-import org.apache.directory.server.core.annotations.CreatePartition;
-import org.apache.directory.server.core.api.CoreSession;
-import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
-import org.apache.directory.server.core.integ.FrameworkRunner;
-import org.apache.directory.server.core.kerberos.KeyDerivationInterceptor;
-import org.apache.directory.server.kerberos.kdc.KerberosTestUtils;
-import org.apache.directory.server.protocol.shared.transport.Transport;
-import org.apache.directory.server.protocol.shared.transport.UdpTransport;
-import org.apache.directory.shared.kerberos.exceptions.KerberosException;
-import org.junit.Before;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-
-@RunWith(FrameworkRunner.class)
-@CreateDS(name = "KdcConnectionTest-class", enableChangeLog = false,
- partitions =
- {
- @CreatePartition(
- name = "example",
- suffix = "dc=example,dc=com",
- contextEntry=@ContextEntry( entryLdif =
- "dn: dc=example,dc=com\n" +
- "objectClass: domain\n" +
- "dc: example" ) )
- },
- additionalInterceptors =
- {
- KeyDerivationInterceptor.class
- })
-@CreateLdapServer(
- transports =
- {
- @CreateTransport(protocol = "LDAP")
- })
-@CreateKdcServer(
- searchBaseDn = "dc=example,dc=com",
- transports =
- {
- @CreateTransport(protocol = "TCP"),
- @CreateTransport(protocol = "UDP")
- },
- chngPwdServer = @CreateChngPwdServer
- (
- transports =
- {
- @CreateTransport(protocol = "TCP"),
- @CreateTransport(protocol = "UDP")
- }
- ))
-@ApplyLdifs({
- // krbtgt
- "dn: uid=krbtgt,dc=example,dc=com",
- "objectClass: top",
- "objectClass: person",
- "objectClass: inetOrgPerson",
- "objectClass: krb5principal",
- "objectClass: krb5kdcentry",
- "cn: KDC Service",
- "sn: Service",
- "uid: krbtgt",
- "userPassword: secret",
- "krb5PrincipalName: krbtgt/EXAMPLE.COM@EXAMPLE.COM",
- "krb5KeyVersionNumber: 0",
-
- // changepwd
- "dn: uid=kadmin,dc=example,dc=com",
- "objectClass: top",
- "objectClass: person",
- "objectClass: inetOrgPerson",
- "objectClass: krb5principal",
- "objectClass: krb5kdcentry",
- "cn: changepw Service",
- "sn: Service",
- "uid: kadmin",
- "userPassword: secret",
- "krb5PrincipalName: kadmin/changepw@EXAMPLE.COM",
- "krb5KeyVersionNumber: 0",
-
- // app service
- "dn: uid=ldap,dc=example,dc=com",
- "objectClass: top",
- "objectClass: person",
- "objectClass: inetOrgPerson",
- "objectClass: krb5principal",
- "objectClass: krb5kdcentry",
- "cn: LDAP",
- "sn: Service",
- "uid: ldap",
- "userPassword: randall",
- "krb5PrincipalName: ldap/localhost@EXAMPLE.COM",
- "krb5KeyVersionNumber: 0"
-})
-/**
- * KDC connection tests
- *
- * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
- */
-public class KdcConnectionTest extends AbstractLdapTestUnit
-{
- public static final String USERS_DN = "dc=example,dc=com";
-
- private static CoreSession session;
-
- private static KdcConnection conn;
-
- private static String userPassword = "secret";
-
- private static String principalName = "will@EXAMPLE.COM";
-
- private static String serverPrincipal;
-
-
- @Before
- public void setup() throws Exception
- {
- kdcServer.setSearchBaseDn( USERS_DN );
- if ( session == null )
- {
- session = kdcServer.getDirectoryService().getAdminSession();
- createPrincipal( "will", userPassword, principalName );
- }
-
- if ( conn == null )
- {
- KdcConfig config = KdcConfig.getDefaultConfig();
- config.setUseUdp( false );
- config.setKdcPort( kdcServer.getTcpPort() );
- config.setPasswdPort( kdcServer.getChangePwdServer().getTcpPort() );
- config.setEncryptionTypes( kdcServer.getConfig().getEncryptionTypes() );
- config.setTimeout( Integer.MAX_VALUE );
- conn = new KdcConnection( config );
- }
- if ( serverPrincipal == null )
- {
- serverPrincipal = KerberosTestUtils.fixServicePrincipalName( "ldap/localhost@EXAMPLE.COM", new Dn(
- "uid=ldap,dc=example,dc=com" ), getLdapServer() );
- }
- }
-
-
- @Test
- public void testGettingInitialTicketTcp() throws Exception
- {
- TgTicket tgt = conn.getTgt( principalName, userPassword );
- assertNotNull( tgt );
- assertFalse( tgt.isForwardable() );
- }
-
-
- @Test
- public void testGettingInitialTicketUdp() throws Exception
- {
- KdcConfig config = new KdcConfig();
- config.setKdcPort( getUdpPort() );
- config.setEncryptionTypes( kdcServer.getConfig().getEncryptionTypes() );
- config.setTimeout( Integer.MAX_VALUE );
- KdcConnection udpConn = new KdcConnection( config );
-
- TgTicket tgt = udpConn.getTgt( principalName, userPassword );
- assertNotNull( tgt );
- assertFalse( tgt.isForwardable() );
- }
-
-
- @Test
- public void testTgtFlags() throws Exception
- {
- TgtRequest tgtReq = new TgtRequest();
- tgtReq.setClientPrincipal( principalName );
- tgtReq.setPassword( userPassword );
- tgtReq.setForwardable( true );
-
- TgTicket tgt = conn.getTgt( tgtReq );
- assertNotNull( tgt );
- assertTrue( tgt.isForwardable() );
- }
-
- @Test
- public void testGetServiceTicket() throws Exception
- {
- ServiceTicket rep = conn.getServiceTicket( principalName, userPassword, serverPrincipal );
- //System.out.println( rep );
- assertNotNull( rep );
- }
-
- @Test
- public void testKinit() throws Exception
- {
- File ccFile = File.createTempFile( "credCache-", ".cc" );
- Kinit kinit = new Kinit( conn );
- kinit.setCredCacheFile( ccFile );
-
- kinit.kinit(principalName, userPassword);
- //System.out.println( "Kinit generated file " + ccFile.getAbsolutePath() );
-
- CredentialsCache credCache = CredentialsCache.load( ccFile );
- assertNotNull( credCache );
- }
-
- @Test
- public void testChangePassword() throws Exception
- {
- String uid = "kayyagari";
- String principal = uid + "@EXAMPLE.COM";
- createPrincipal( uid, userPassword, principal );
-
- String newPassword = "newPassword";
-
- ChangePasswordResult result = conn.changePassword( principal, userPassword, newPassword );
- assertNotNull( result );
- assertTrue( KRB5_KPASSWD_SUCCESS.getVal() == result.getCode().getVal() );
-
- try
- {
- conn.getTgt( principal, userPassword );
- fail( "should fail with kerberos exception cause of invalid password" );
- }
- catch( KerberosException e )
- {
- //e.printStackTrace();
- }
-
- TgTicket tgt = conn.getTgt( principal, newPassword );
- assertNotNull( tgt );
- }
-
-
- private String createPrincipal( String uid, String userPassword, String principalName ) throws Exception
- {
- Entry entry = new DefaultEntry( session.getDirectoryService().getSchemaManager() );
- entry.setDn( "uid=" + uid + "," + USERS_DN );
- entry.add( "objectClass", "top", "person", "inetOrgPerson", "krb5principal", "krb5kdcentry" );
- entry.add( "cn", uid );
- entry.add( "sn", uid );
- entry.add( "uid", uid );
- entry.add( "userPassword", userPassword );
- entry.add( "krb5PrincipalName", principalName );
- entry.add( "krb5KeyVersionNumber", "0" );
- session.add( entry );
-
- return entry.getDn().getName();
- }
-
- private int getUdpPort()
- {
- for ( Transport t : kdcServer.getTransports() )
- {
- if ( t instanceof UdpTransport )
- {
- return t.getPort();
- }
- }
-
- return -1;
- }
-
-}
diff --git a/kerberos-client/src/test/resources/log4j.properties b/kerberos-client/src/test/resources/log4j.properties
deleted file mode 100644
index d14597b..0000000
--- a/kerberos-client/src/test/resources/log4j.properties
+++ /dev/null
@@ -1,45 +0,0 @@
-#############################################################################
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements. See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#############################################################################
-log4j.rootCategory=FATAL, stdout
-
-log4j.appender.stdout=org.apache.log4j.ConsoleAppender
-log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
-log4j.appender.stdout.layout.ConversionPattern=[%d{HH:mm:ss}] %p [%c] - %m%n
-
-#log4j.logger.org.apache.directory.shared.client.api=DEBUG
-log4j.logger.org.apache.directory.server.schema.registries=FATAL
-log4j.logger.org.apache.directory.api.ldap=FATAL
-log4j.logger.org.apache.directory.api.asn1=WARN
-log4j.logger.org.apache.directory.ldap.client.api=WARN
-log4j.logger.org.apache.directory.api.util.Strings=FATAL
-log4j.logger.org.apache.directory.server.core.partition.impl.btree.JdbmTable=WARN
-log4j.logger.org.apache.directory.server.core.partition.impl.btree.JdbmIndex=WARN
-log4j.logger.org.apache.directory.server.core=WARN
-log4j.logger.org.apache.directory.ACI_LOG=WARN
-log4j.logger.org.apache.directory.server.xdbm=WARN
-log4j.logger.org.apache.directory.kerberos.client=WARN
-log4j.logger.org.apache.directory.kerberos.codec=WARN
-log4j.logger.org.apache.directory.shared.kerberos.components=WARN
-
-
-log4j.logger.jdbm.recman.BaseRecordManager=FATAL
-log4j.logger.org.apache.directory.LOG_CHANGES=FATAL
-log4j.logger.org.apache.directory.server.core.partition.impl.btree.jdbm.DupsCursor=FATAL
-log4j.logger.org.apache.directory.PROVIDER_LOG=FATAL
-log4j.logger.org.apache.directory.CONSUMER_LOG=FATAL
-log4j.logger.org.apache.directory.CURSOR_LOG=FATAL
-log4j.logger.org.apache.directory.KERBEROS_LOG=DEBUG
diff --git a/kerberos-codec/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/ChecksumHandler.java b/kerberos-codec/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/ChecksumHandler.java
index 4e83d9c..38e7328 100644
--- a/kerberos-codec/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/ChecksumHandler.java
+++ b/kerberos-codec/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/ChecksumHandler.java
@@ -24,9 +24,6 @@ import java.util.Collections;
import java.util.EnumMap;
import java.util.Map;
-import org.apache.directory.server.kerberos.shared.crypto.encryption.Aes128CtsSha1Encryption;
-import org.apache.directory.server.kerberos.shared.crypto.encryption.Aes256CtsSha1Encryption;
-import org.apache.directory.server.kerberos.shared.crypto.encryption.Des3CbcSha1KdEncryption;
import org.apache.directory.server.kerberos.shared.crypto.encryption.KeyUsage;
import org.apache.directory.shared.kerberos.components.Checksum;
import org.apache.directory.shared.kerberos.crypto.checksum.ChecksumType;
@@ -49,9 +46,6 @@ public class ChecksumHandler
EnumMap<ChecksumType, Class<?>> map = new EnumMap<>( ChecksumType.class );
map.put( ChecksumType.HMAC_MD5, HmacMd5Checksum.class );
- map.put( ChecksumType.HMAC_SHA1_96_AES128, Aes128CtsSha1Encryption.class );
- map.put( ChecksumType.HMAC_SHA1_96_AES256, Aes256CtsSha1Encryption.class );
- map.put( ChecksumType.HMAC_SHA1_DES3_KD, Des3CbcSha1KdEncryption.class );
map.put( ChecksumType.RSA_MD5, RsaMd5Checksum.class );
DEFAULT_CHECKSUMS = Collections.unmodifiableMap( map );
diff --git a/kerberos-codec/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/Aes128CtsSha1Encryption.java b/kerberos-codec/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/Aes128CtsSha1Encryption.java
deleted file mode 100644
index 1b57490..0000000
--- a/kerberos-codec/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/Aes128CtsSha1Encryption.java
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.directory.server.kerberos.shared.crypto.encryption;
-
-
-import org.apache.directory.shared.kerberos.codec.types.EncryptionType;
-import org.apache.directory.shared.kerberos.crypto.checksum.ChecksumType;
-
-
-/**
- * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
- */
-public class Aes128CtsSha1Encryption extends AesCtsSha1Encryption
-{
- public EncryptionType getEncryptionType()
- {
- return EncryptionType.AES128_CTS_HMAC_SHA1_96;
- }
-
-
- public ChecksumType checksumType()
- {
- return ChecksumType.HMAC_SHA1_96_AES128;
- }
-
-
- public int getKeyLength()
- {
- return 128;
- }
-}
diff --git a/kerberos-codec/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/Aes256CtsSha1Encryption.java b/kerberos-codec/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/Aes256CtsSha1Encryption.java
deleted file mode 100644
index 22c0c43..0000000
--- a/kerberos-codec/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/Aes256CtsSha1Encryption.java
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.directory.server.kerberos.shared.crypto.encryption;
-
-
-import org.apache.directory.shared.kerberos.codec.types.EncryptionType;
-import org.apache.directory.shared.kerberos.crypto.checksum.ChecksumType;
-
-
-/**
- * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
- */
-public class Aes256CtsSha1Encryption extends AesCtsSha1Encryption
-{
- public EncryptionType getEncryptionType()
- {
- return EncryptionType.AES256_CTS_HMAC_SHA1_96;
- }
-
-
- public ChecksumType checksumType()
- {
- return ChecksumType.HMAC_SHA1_96_AES256;
- }
-
-
- public int getKeyLength()
- {
- return 256;
- }
-}
diff --git a/kerberos-codec/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/AesCtsSha1Encryption.java b/kerberos-codec/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/AesCtsSha1Encryption.java
deleted file mode 100644
index 938e302..0000000
--- a/kerberos-codec/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/AesCtsSha1Encryption.java
+++ /dev/null
@@ -1,197 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.directory.server.kerberos.shared.crypto.encryption;
-
-
-import java.security.GeneralSecurityException;
-import java.security.MessageDigest;
-import java.security.spec.AlgorithmParameterSpec;
-
-import javax.crypto.Cipher;
-import javax.crypto.Mac;
-import javax.crypto.SecretKey;
-import javax.crypto.spec.IvParameterSpec;
-import javax.crypto.spec.SecretKeySpec;
-
-import org.apache.directory.server.kerberos.shared.crypto.checksum.ChecksumEngine;
-import org.apache.directory.shared.kerberos.components.EncryptedData;
-import org.apache.directory.shared.kerberos.components.EncryptionKey;
-import org.apache.directory.shared.kerberos.exceptions.ErrorType;
-import org.apache.directory.shared.kerberos.exceptions.KerberosException;
-
-
-/**
- * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
- */
-abstract class AesCtsSha1Encryption extends EncryptionEngine implements ChecksumEngine
-{
- private static final byte[] iv = new byte[]
- { ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00,
- ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00,
- ( byte ) 0x00, ( byte ) 0x00 };
-
-
- public int getConfounderLength()
- {
- return 16;
- }
-
-
- public int getChecksumLength()
- {
- return 12;
- }
-
-
- protected abstract int getKeyLength();
-
-
- public byte[] calculateChecksum( byte[] data, byte[] key, KeyUsage usage )
- {
- byte[] kc = deriveKey( key, getUsageKc( usage ), 128, getKeyLength() );
- byte[] checksum = processChecksum( data, kc );
-
- return removeTrailingBytes( checksum, 0, checksum.length - getChecksumLength() );
- }
-
-
- public byte[] calculateIntegrity( byte[] data, byte[] key, KeyUsage usage )
- {
- byte[] ki = deriveKey( key, getUsageKi( usage ), 128, getKeyLength() );
- byte[] checksum = processChecksum( data, ki );
-
- return removeTrailingBytes( checksum, 0, checksum.length - getChecksumLength() );
- }
-
-
- public byte[] getDecryptedData( EncryptionKey key, EncryptedData data, KeyUsage usage ) throws KerberosException
- {
- byte[] ke = deriveKey( key.getKeyValue(), getUsageKe( usage ), 128, getKeyLength() );
-
- byte[] encryptedData = data.getCipher();
-
- // extract the old checksum
- byte[] oldChecksum = new byte[getChecksumLength()];
- System
- .arraycopy( encryptedData, encryptedData.length - getChecksumLength(), oldChecksum, 0, oldChecksum.length );
-
- // remove trailing checksum
- encryptedData = removeTrailingBytes( encryptedData, 0, getChecksumLength() );
-
- // decrypt the data
- byte[] decryptedData = decrypt( encryptedData, ke );
-
- // remove leading confounder
- byte[] withoutConfounder = removeLeadingBytes( decryptedData, getConfounderLength(), 0 );
-
- // calculate a new checksum
- byte[] newChecksum = calculateIntegrity( decryptedData, key.getKeyValue(), usage );
-
- // compare checksums
- if ( !MessageDigest.isEqual( oldChecksum, newChecksum ) )
- {
- throw new KerberosException( ErrorType.KRB_AP_ERR_BAD_INTEGRITY );
- }
-
- return withoutConfounder;
- }
-
-
- public EncryptedData getEncryptedData( EncryptionKey key, byte[] plainText, KeyUsage usage )
- {
- byte[] ke = deriveKey( key.getKeyValue(), getUsageKe( usage ), 128, getKeyLength() );
-
- // build the ciphertext structure
- byte[] conFounder = getRandomBytes( getConfounderLength() );
- byte[] dataBytes = concatenateBytes( conFounder, plainText );
-
- byte[] checksumBytes = calculateIntegrity( dataBytes, key.getKeyValue(), usage );
-
- byte[] encryptedData = encrypt( dataBytes, ke );
- byte[] cipherText = concatenateBytes( encryptedData, checksumBytes );
-
- return new EncryptedData( getEncryptionType(), key.getKeyVersion(), cipherText );
- }
-
-
- public byte[] encrypt( byte[] plainText, byte[] keyBytes )
- {
- return processCipher( true, plainText, keyBytes );
- }
-
-
- public byte[] decrypt( byte[] cipherText, byte[] keyBytes )
- {
- return processCipher( false, cipherText, keyBytes );
- }
-
-
- protected byte[] deriveKey( byte[] baseKey, byte[] usage, int n, int k )
- {
- return deriveRandom( baseKey, usage, n, k );
- }
-
-
- private byte[] processChecksum( byte[] data, byte[] key )
- {
- try
- {
- SecretKey sk = new SecretKeySpec( key, "AES" );
-
- Mac mac = Mac.getInstance( "HmacSHA1" );
- mac.init( sk );
-
- return mac.doFinal( data );
- }
- catch ( GeneralSecurityException nsae )
- {
- nsae.printStackTrace();
- return null;
- }
- }
-
-
- private byte[] processCipher( boolean isEncrypt, byte[] data, byte[] keyBytes )
- {
- try
- {
- Cipher cipher = Cipher.getInstance( "AES/CTS/NoPadding" );
- SecretKey key = new SecretKeySpec( keyBytes, "AES" );
-
- AlgorithmParameterSpec paramSpec = new IvParameterSpec( iv );
-
- if ( isEncrypt )
- {
- cipher.init( Cipher.ENCRYPT_MODE, key, paramSpec );
- }
- else
- {
- cipher.init( Cipher.DECRYPT_MODE, key, paramSpec );
- }
-
- return cipher.doFinal( data );
- }
- catch ( GeneralSecurityException nsae )
- {
- nsae.printStackTrace();
- return null;
- }
- }
-}
diff --git a/kerberos-codec/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/CipherTextHandler.java b/kerberos-codec/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/CipherTextHandler.java
index 0002fc9..1fad067 100644
--- a/kerberos-codec/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/CipherTextHandler.java
+++ b/kerberos-codec/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/CipherTextHandler.java
@@ -57,10 +57,6 @@ public class CipherTextHandler
{
EnumMap<EncryptionType, Class<? extends EncryptionEngine>> map = new EnumMap<>( EncryptionType.class );
- map.put( EncryptionType.DES_CBC_MD5, DesCbcMd5Encryption.class );
- map.put( EncryptionType.DES3_CBC_SHA1_KD, Des3CbcSha1KdEncryption.class );
- map.put( EncryptionType.AES128_CTS_HMAC_SHA1_96, Aes128CtsSha1Encryption.class );
- map.put( EncryptionType.AES256_CTS_HMAC_SHA1_96, Aes256CtsSha1Encryption.class );
map.put( EncryptionType.RC4_HMAC, ArcFourHmacMd5Encryption.class );
DEFAULT_CIPHERS = Collections.unmodifiableMap( map );
diff --git a/kerberos-codec/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/Des3CbcSha1KdEncryption.java b/kerberos-codec/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/Des3CbcSha1KdEncryption.java
deleted file mode 100644
index 52ad725..0000000
--- a/kerberos-codec/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/Des3CbcSha1KdEncryption.java
+++ /dev/null
@@ -1,311 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.directory.server.kerberos.shared.crypto.encryption;
-
-
-import java.security.GeneralSecurityException;
-import java.security.MessageDigest;
-import java.security.spec.AlgorithmParameterSpec;
-
-import javax.crypto.Cipher;
-import javax.crypto.Mac;
-import javax.crypto.SecretKey;
-import javax.crypto.spec.IvParameterSpec;
-import javax.crypto.spec.SecretKeySpec;
-
-import org.apache.directory.api.util.Strings;
-import org.apache.directory.server.kerberos.shared.crypto.checksum.ChecksumEngine;
-import org.apache.directory.shared.kerberos.codec.types.EncryptionType;
-import org.apache.directory.shared.kerberos.components.EncryptedData;
-import org.apache.directory.shared.kerberos.components.EncryptionKey;
-import org.apache.directory.shared.kerberos.crypto.checksum.ChecksumType;
-import org.apache.directory.shared.kerberos.exceptions.ErrorType;
-import org.apache.directory.shared.kerberos.exceptions.KerberosException;
-
-
-/**
- * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
- */
-public class Des3CbcSha1KdEncryption extends EncryptionEngine implements ChecksumEngine
-{
- private static final byte[] iv = new byte[]
- { ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00,
- ( byte ) 0x00 };
-
-
- public EncryptionType getEncryptionType()
- {
- return EncryptionType.DES3_CBC_SHA1_KD;
- }
-
-
- public int getConfounderLength()
- {
- return 8;
- }
-
-
- public int getChecksumLength()
- {
- return 20;
- }
-
-
- public ChecksumType checksumType()
- {
- return ChecksumType.HMAC_SHA1_DES3_KD;
- }
-
-
- public byte[] calculateChecksum( byte[] data, byte[] key, KeyUsage usage )
- {
- byte[] kc = deriveKey( key, getUsageKc( usage ), 64, 168 );
-
- return processChecksum( data, kc );
- }
-
-
- public byte[] calculateIntegrity( byte[] data, byte[] key, KeyUsage usage )
- {
- byte[] ki = deriveKey( key, getUsageKi( usage ), 64, 168 );
-
- return processChecksum( data, ki );
- }
-
-
- public byte[] getDecryptedData( EncryptionKey key, EncryptedData data, KeyUsage usage ) throws KerberosException
- {
- byte[] ke = deriveKey( key.getKeyValue(), getUsageKe( usage ), 64, 168 );
-
- byte[] encryptedData = data.getCipher();
-
- // extract the old checksum
- byte[] oldChecksum = new byte[getChecksumLength()];
- System
- .arraycopy( encryptedData, encryptedData.length - getChecksumLength(), oldChecksum, 0, oldChecksum.length );
-
- // remove trailing checksum
- encryptedData = removeTrailingBytes( encryptedData, 0, getChecksumLength() );
-
- // decrypt the data
- byte[] decryptedData = decrypt( encryptedData, ke );
-
- // remove leading confounder
- byte[] withoutConfounder = removeLeadingBytes( decryptedData, getConfounderLength(), 0 );
-
- // calculate a new checksum
- byte[] newChecksum = calculateIntegrity( decryptedData, key.getKeyValue(), usage );
-
- // compare checksums
- if ( !MessageDigest.isEqual( oldChecksum, newChecksum ) )
- {
- throw new KerberosException( ErrorType.KRB_AP_ERR_BAD_INTEGRITY );
- }
-
- return withoutConfounder;
- }
-
-
- public EncryptedData getEncryptedData( EncryptionKey key, byte[] plainText, KeyUsage usage )
- {
- byte[] ke = deriveKey( key.getKeyValue(), getUsageKe( usage ), 64, 168 );
-
- // build the ciphertext structure
- byte[] conFounder = getRandomBytes( getConfounderLength() );
- byte[] paddedPlainText = padString( plainText );
- byte[] dataBytes = concatenateBytes( conFounder, paddedPlainText );
- byte[] checksumBytes = calculateIntegrity( dataBytes, key.getKeyValue(), usage );
- byte[] encryptedData = encrypt( dataBytes, ke );
- byte[] cipherText = concatenateBytes( encryptedData, checksumBytes );
-
- return new EncryptedData( getEncryptionType(), key.getKeyVersion(), cipherText );
- }
-
-
- public byte[] encrypt( byte[] plainText, byte[] keyBytes )
- {
- return processCipher( true, plainText, keyBytes );
- }
-
-
- public byte[] decrypt( byte[] cipherText, byte[] keyBytes )
- {
- return processCipher( false, cipherText, keyBytes );
- }
-
-
- /**
- * Derived Key = DK(Base Key, Well-Known Constant)
- * DK(Key, Constant) = random-to-key(DR(Key, Constant))
- * DR(Key, Constant) = k-truncate(E(Key, Constant, initial-cipher-state))
- *
- * @param baseKey The base key to derive
- * @param usage The key usage
- * @param n The number of resulting bytes
- * @param k The number of bytes
- * @return The derived key
- */
- protected byte[] deriveKey( byte[] baseKey, byte[] usage, int n, int k )
- {
- byte[] result = deriveRandom( baseKey, usage, n, k );
- result = randomToKey( result );
-
- return result;
- }
-
-
- protected byte[] randomToKey( byte[] seed )
- {
- int kBytes = 24;
- byte[] result = new byte[kBytes];
-
- byte[] fillingKey = Strings.EMPTY_BYTES;
-
- int pos = 0;
-
- for ( int i = 0; i < kBytes; i++ )
- {
- if ( pos < fillingKey.length )
- {
- result[i] = fillingKey[pos];
- pos++;
- }
- else
- {
- fillingKey = getBitGroup( seed, i / 8 );
- fillingKey = setParity( fillingKey );
- pos = 0;
- result[i] = fillingKey[pos];
- pos++;
- }
- }
-
- return result;
- }
-
-
- protected byte[] getBitGroup( byte[] seed, int group )
- {
- int srcPos = group * 7;
-
- byte[] result = new byte[7];
-
- System.arraycopy( seed, srcPos, result, 0, 7 );
-
- return result;
- }
-
-
- protected byte[] setParity( byte[] in )
- {
- byte[] expandedIn = new byte[8];
-
- System.arraycopy( in, 0, expandedIn, 0, in.length );
-
- setBit( expandedIn, 62, getBit( in, 7 ) );
- setBit( expandedIn, 61, getBit( in, 15 ) );
- setBit( expandedIn, 60, getBit( in, 23 ) );
- setBit( expandedIn, 59, getBit( in, 31 ) );
- setBit( expandedIn, 58, getBit( in, 39 ) );
- setBit( expandedIn, 57, getBit( in, 47 ) );
- setBit( expandedIn, 56, getBit( in, 55 ) );
-
- byte[] out = new byte[8];
-
- int bitCount = 0;
- int index = 0;
-
- for ( int i = 0; i < 64; i++ )
- {
- if ( ( i + 1 ) % 8 == 0 )
- {
- if ( bitCount % 2 == 0 )
- {
- setBit( out, i, 1 );
- }
-
- index++;
- bitCount = 0;
- }
- else
- {
- int val = getBit( expandedIn, index );
- boolean bit = val > 0;
-
- if ( bit )
- {
- setBit( out, i, val );
- bitCount++;
- }
-
- index++;
- }
- }
-
- return out;
- }
-
-
- private byte[] processCipher( boolean isEncrypt, byte[] data, byte[] keyBytes )
- {
- try
- {
- Cipher cipher = Cipher.getInstance( "DESede/CBC/NoPadding" );
- SecretKey key = new SecretKeySpec( keyBytes, "DESede" );
-
- AlgorithmParameterSpec paramSpec = new IvParameterSpec( iv );
-
- if ( isEncrypt )
- {
- cipher.init( Cipher.ENCRYPT_MODE, key, paramSpec );
- }
- else
- {
- cipher.init( Cipher.DECRYPT_MODE, key, paramSpec );
- }
-
- return cipher.doFinal( data );
- }
- catch ( GeneralSecurityException nsae )
- {
- nsae.printStackTrace();
- return null;
- }
- }
-
-
- private byte[] processChecksum( byte[] data, byte[] key )
- {
- try
- {
- SecretKey sk = new SecretKeySpec( key, "DESede" );
-
- Mac mac = Mac.getInstance( "HmacSHA1" );
- mac.init( sk );
-
- return mac.doFinal( data );
- }
- catch ( GeneralSecurityException nsae )
- {
- nsae.printStackTrace();
- return null;
- }
- }
-}
diff --git a/kerberos-codec/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/DesCbcCrcEncryption.java b/kerberos-codec/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/DesCbcCrcEncryption.java
deleted file mode 100644
index e1e8ce6..0000000
--- a/kerberos-codec/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/DesCbcCrcEncryption.java
+++ /dev/null
@@ -1,180 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-
-package org.apache.directory.server.kerberos.shared.crypto.encryption;
-
-
-import java.security.GeneralSecurityException;
-import java.security.MessageDigest;
-import java.security.spec.AlgorithmParameterSpec;
-import java.util.zip.CRC32;
-
-import javax.crypto.Cipher;
-import javax.crypto.SecretKey;
-import javax.crypto.spec.IvParameterSpec;
-import javax.crypto.spec.SecretKeySpec;
-
-import org.apache.directory.shared.kerberos.exceptions.KerberosException;
-import org.apache.directory.shared.kerberos.codec.types.EncryptionType;
-import org.apache.directory.shared.kerberos.components.EncryptedData;
-import org.apache.directory.shared.kerberos.components.EncryptionKey;
-import org.apache.directory.shared.kerberos.exceptions.ErrorType;
-
-
-/**
- * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
- */
-public class DesCbcCrcEncryption extends EncryptionEngine
-{
- private static final byte[] iv = new byte[]
- { ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00,
- ( byte ) 0x00 };
-
-
- public EncryptionType getEncryptionType()
- {
- return EncryptionType.DES_CBC_CRC;
- }
-
-
- public int getConfounderLength()
- {
- return 8;
- }
-
-
- public int getChecksumLength()
- {
- return 4;
- }
-
-
- public byte[] calculateIntegrity( byte[] data, byte[] key, KeyUsage usage )
- {
- CRC32 crc32 = new CRC32();
- crc32.update( data );
-
- return int2octet( ( int ) crc32.getValue() );
- }
-
-
- private byte[] int2octet( int value )
- {
- byte[] bytes = new byte[4];
- int i, shift;
-
- for ( i = 0, shift = 24; i < 4; i++, shift -= 8 )
- {
- bytes[i] = ( byte ) ( 0xFF & ( value >> shift ) );
- }
-
- return bytes;
- }
-
-
- public byte[] getDecryptedData( EncryptionKey key, EncryptedData data, KeyUsage usage ) throws KerberosException
- {
- // decrypt the data
- byte[] decryptedData = decrypt( data.getCipher(), key.getKeyValue() );
-
- // extract the old checksum
- byte[] oldChecksum = new byte[getChecksumLength()];
- System.arraycopy( decryptedData, getConfounderLength(), oldChecksum, 0, oldChecksum.length );
-
- // zero out the old checksum in the cipher text
- for ( int i = getConfounderLength(); i < getConfounderLength() + getChecksumLength(); i++ )
- {
- decryptedData[i] = 0;
- }
-
- // calculate a new checksum
- byte[] newChecksum = calculateIntegrity( decryptedData, key.getKeyValue(), usage );
-
- // compare checksums
- if ( !MessageDigest.isEqual( oldChecksum, newChecksum ) )
- {
- throw new KerberosException( ErrorType.KRB_AP_ERR_BAD_INTEGRITY );
- }
-
- // remove leading confounder and checksum
- return removeLeadingBytes( decryptedData, getConfounderLength(), getChecksumLength() );
- }
-
-
- public EncryptedData getEncryptedData( EncryptionKey key, byte[] plainText, KeyUsage usage )
- {
- // build the ciphertext structure
- byte[] conFounder = getRandomBytes( getConfounderLength() );
- byte[] zeroedChecksum = new byte[getChecksumLength()];
- byte[] dataBytes = concatenateBytes( conFounder, concatenateBytes( zeroedChecksum, plainText ) );
- byte[] paddedDataBytes = padString( dataBytes );
- byte[] checksumBytes = calculateIntegrity( paddedDataBytes, null, usage );
-
- // lay the checksum into the ciphertext
- for ( int i = getConfounderLength(); i < getConfounderLength() + getChecksumLength(); i++ )
- {
- paddedDataBytes[i] = checksumBytes[i - getConfounderLength()];
- }
-
- byte[] encryptedData = encrypt( paddedDataBytes, key.getKeyValue() );
-
- return new EncryptedData( getEncryptionType(), key.getKeyVersion(), encryptedData );
- }
-
-
- public byte[] encrypt( byte[] plainText, byte[] keyBytes )
- {
- return processCipher( true, plainText, keyBytes );
- }
-
-
- public byte[] decrypt( byte[] cipherText, byte[] keyBytes )
- {
- return processCipher( false, cipherText, keyBytes );
- }
-
-
- private byte[] processCipher( boolean isEncrypt, byte[] data, byte[] keyBytes )
- {
- try
- {
- Cipher cipher = Cipher.getInstance( "DES/CBC/NoPadding" );
- SecretKey key = new SecretKeySpec( keyBytes, "DES" );
-
- AlgorithmParameterSpec paramSpec = new IvParameterSpec( iv );
-
- if ( isEncrypt )
- {
- cipher.init( Cipher.ENCRYPT_MODE, key, paramSpec );
- }
- else
- {
- cipher.init( Cipher.DECRYPT_MODE, key, paramSpec );
- }
-
- return cipher.doFinal( data );
- }
- catch ( GeneralSecurityException nsae )
- {
- nsae.printStackTrace();
- return null;
- }
- }
-}
diff --git a/kerberos-codec/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/DesCbcMd5Encryption.java b/kerberos-codec/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/DesCbcMd5Encryption.java
deleted file mode 100644
index a6f85db..0000000
--- a/kerberos-codec/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/DesCbcMd5Encryption.java
+++ /dev/null
@@ -1,179 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.directory.server.kerberos.shared.crypto.encryption;
-
-
-import java.security.GeneralSecurityException;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.security.spec.AlgorithmParameterSpec;
-
-import javax.crypto.Cipher;
-import javax.crypto.SecretKey;
-import javax.crypto.spec.IvParameterSpec;
-import javax.crypto.spec.SecretKeySpec;
-
-import org.apache.directory.api.ldap.model.constants.LdapSecurityConstants;
-import org.apache.directory.api.ldap.model.constants.Loggers;
-import org.apache.directory.shared.kerberos.codec.types.EncryptionType;
-import org.apache.directory.shared.kerberos.components.EncryptedData;
-import org.apache.directory.shared.kerberos.components.EncryptionKey;
-import org.apache.directory.shared.kerberos.exceptions.ErrorType;
-import org.apache.directory.shared.kerberos.exceptions.KerberosException;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-
-/**
- * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
- */
-class DesCbcMd5Encryption extends EncryptionEngine
-{
- /** The loggers for this class */
- private static final Logger LOG_KRB = LoggerFactory.getLogger( Loggers.KERBEROS_LOG.getName() );
-
- private static final byte[] iv = new byte[]
- { ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00,
- ( byte ) 0x00 };
-
-
- public EncryptionType getEncryptionType()
- {
- return EncryptionType.DES_CBC_MD5;
- }
-
-
- public int getConfounderLength()
- {
- return 8;
- }
-
-
- public int getChecksumLength()
- {
- return 16;
- }
-
-
- public byte[] calculateIntegrity( byte[] data, byte[] key, KeyUsage usage )
- {
- try
- {
- MessageDigest digester = MessageDigest.getInstance( LdapSecurityConstants.HASH_METHOD_MD5.getAlgorithm() );
- return digester.digest( data );
- }
- catch ( NoSuchAlgorithmException nsae )
- {
- return null;
- }
- }
-
-
- public byte[] getDecryptedData( EncryptionKey key, EncryptedData data, KeyUsage usage ) throws KerberosException
- {
- LOG_KRB.debug( "Decrypting data using {}", key );
-
- // decrypt the data
- byte[] decryptedData = decrypt( data.getCipher(), key.getKeyValue() );
-
- // extract the old checksum
- byte[] oldChecksum = new byte[getChecksumLength()];
- System.arraycopy( decryptedData, getConfounderLength(), oldChecksum, 0, oldChecksum.length );
-
- // zero out the old checksum in the cipher text
- for ( int i = getConfounderLength(); i < getConfounderLength() + getChecksumLength(); i++ )
- {
- decryptedData[i] = 0;
- }
-
- // calculate a new checksum
- byte[] newChecksum = calculateIntegrity( decryptedData, key.getKeyValue(), usage );
-
- // compare checksums
- if ( !MessageDigest.isEqual( oldChecksum, newChecksum ) )
- {
- throw new KerberosException( ErrorType.KRB_AP_ERR_BAD_INTEGRITY );
- }
-
- // remove leading confounder and checksum
- return removeLeadingBytes( decryptedData, getConfounderLength(), getChecksumLength() );
- }
-
-
- public EncryptedData getEncryptedData( EncryptionKey key, byte[] plainText, KeyUsage usage )
- {
- // build the ciphertext structure
- byte[] conFounder = getRandomBytes( getConfounderLength() );
- byte[] zeroedChecksum = new byte[getChecksumLength()];
- byte[] dataBytes = concatenateBytes( conFounder, concatenateBytes( zeroedChecksum, plainText ) );
- byte[] paddedDataBytes = padString( dataBytes );
- byte[] checksumBytes = calculateIntegrity( paddedDataBytes, null, usage );
-
- // lay the checksum into the ciphertext
- for ( int i = getConfounderLength(); i < getConfounderLength() + getChecksumLength(); i++ )
- {
- paddedDataBytes[i] = checksumBytes[i - getConfounderLength()];
- }
-
- byte[] encryptedData = encrypt( paddedDataBytes, key.getKeyValue() );
-
- return new EncryptedData( getEncryptionType(), key.getKeyVersion(), encryptedData );
- }
-
-
- public byte[] encrypt( byte[] plainText, byte[] keyBytes )
- {
- return processCipher( true, plainText, keyBytes );
- }
-
-
- public byte[] decrypt( byte[] cipherText, byte[] keyBytes )
- {
- return processCipher( false, cipherText, keyBytes );
- }
-
-
- private byte[] processCipher( boolean isEncrypt, byte[] data, byte[] keyBytes )
- {
- try
- {
- Cipher cipher = Cipher.getInstance( "DES/CBC/NoPadding" );
- SecretKey key = new SecretKeySpec( keyBytes, "DES" );
-
- AlgorithmParameterSpec paramSpec = new IvParameterSpec( iv );
-
- if ( isEncrypt )
- {
- cipher.init( Cipher.ENCRYPT_MODE, key, paramSpec );
- }
- else
- {
- cipher.init( Cipher.DECRYPT_MODE, key, paramSpec );
- }
-
- return cipher.doFinal( data );
- }
- catch ( GeneralSecurityException nsae )
- {
- nsae.printStackTrace();
- return null;
- }
- }
-}
diff --git a/kerberos-codec/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/CipherTextHandlerTest.java b/kerberos-codec/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/CipherTextHandlerTest.java
index 89e6b89..e201a70 100644
--- a/kerberos-codec/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/CipherTextHandlerTest.java
+++ b/kerberos-codec/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/CipherTextHandlerTest.java
@@ -115,134 +115,6 @@ public class CipherTextHandlerTest
assertEquals( "RC4-HMAC length", 52, ARCFOUR_ENCRYPTED_TIME_STAMP.length );
}
-
- /**
- * Tests the unsealing of Kerberos CipherText with a good password. After decryption and
- * an integrity check, an attempt is made to decode the bytes as an EncryptedTimestamp. The
- * result is timestamp data.
- */
- @Test
- public void testDesGoodPasswordDecrypt()
- {
- CipherTextHandler lockBox = new CipherTextHandler();
- KerberosPrincipal principal = new KerberosPrincipal( "erodriguez@EXAMPLE.COM" );
- KerberosKey kerberosKey = new KerberosKey( principal, "kerby".toCharArray(), "DES" );
- EncryptionKey key = new EncryptionKey( EncryptionType.DES_CBC_MD5, kerberosKey.getEncoded() );
- EncryptedData data = new EncryptedData( EncryptionType.DES_CBC_MD5, 0, DES_ENCRYPTED_TIME_STAMP );
-
- try
- {
- byte[] paEncTsEncData = lockBox.decrypt( key, data, KeyUsage.AS_REQ_PA_ENC_TIMESTAMP_WITH_CKEY );
- PaEncTsEnc object = KerberosDecoder.decodePaEncTsEnc( paEncTsEncData );
- assertEquals( "TimeStamp", "20070322233107Z", object.getPaTimestamp().toString() );
- assertEquals( "MicroSeconds", 291067, object.getPausec() );
- }
- catch ( KerberosException ke )
- {
- fail( "Should not have caught exception." );
- }
- }
-
-
- /**
- * Tests the unsealing of Kerberos CipherText with a bad password. After decryption, the
- * checksum is tested and should fail on comparison, resulting in an integrity check error.
- */
- @Test
- public void testDesBadPasswordDecrypt()
- {
- CipherTextHandler lockBox = new CipherTextHandler();
- KerberosPrincipal principal = new KerberosPrincipal( "erodriguez@EXAMPLE.COM" );
- KerberosKey kerberosKey = new KerberosKey( principal, "badpassword".toCharArray(), "DES" );
- EncryptionKey key = new EncryptionKey( EncryptionType.DES_CBC_MD5, kerberosKey.getEncoded() );
- EncryptedData data = new EncryptedData( EncryptionType.DES_CBC_MD5, 0, DES_ENCRYPTED_TIME_STAMP );
-
- try
- {
- lockBox.decrypt( key, data, KeyUsage.AS_REQ_PA_ENC_TIMESTAMP_WITH_CKEY );
- fail( "Should have thrown exception." );
- }
- catch ( KerberosException ke )
- {
- assertEquals( "ErrorCode", 31, ke.getErrorCode() );
- }
- }
-
-
- /**
- * Tests the unsealing of Kerberos CipherText with a good password. After decryption and
- * an integrity check, an attempt is made to decode the bytes as an EncryptedTimestamp. The
- * result is timestamp data.
- */
- @Test
- public void testTripleDesGoodPasswordDecrypt()
- {
- CipherTextHandler lockBox = new CipherTextHandler();
- KerberosPrincipal principal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
- String algorithm = VendorHelper.getTripleDesAlgorithm();
- KerberosKey kerberosKey = new KerberosKey( principal, "secret".toCharArray(), algorithm );
- EncryptionKey key = new EncryptionKey( EncryptionType.DES3_CBC_SHA1_KD, kerberosKey.getEncoded() );
- EncryptedData data = new EncryptedData( EncryptionType.DES3_CBC_SHA1_KD, 0, TRIPLE_DES_ENCRYPTED_TIME_STAMP );
-
- try
- {
- byte[] paEncTsEncData = lockBox.decrypt( key, data, KeyUsage.AS_REQ_PA_ENC_TIMESTAMP_WITH_CKEY );
- PaEncTsEnc object = KerberosDecoder.decodePaEncTsEnc( paEncTsEncData );
- assertEquals( "TimeStamp", "20070410190400Z", object.getPaTimestamp().toString() );
- assertEquals( "MicroSeconds", 460450, object.getPausec() );
- }
- catch ( KerberosException ke )
- {
- fail( "Should not have caught exception." );
- }
- }
-
-
- /**
- * Tests the encryption and subsequent unsealing of an ASN.1 encoded timestamp with a
- * good password. After encryption, an attempt is made to unseal the encrypted bytes
- * as an EncryptedTimestamp. The result is timestamp data.
- *
- * @throws ParseException
- */
- @Test
- public void testTripleDesGoodPasswordEncrypt() throws ParseException
- {
- CipherTextHandler lockBox = new CipherTextHandler();
- KerberosPrincipal principal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
- String algorithm = VendorHelper.getTripleDesAlgorithm();
- KerberosKey kerberosKey = new KerberosKey( principal, "secret".toCharArray(), algorithm );
- EncryptionKey key = new EncryptionKey( EncryptionType.DES3_CBC_SHA1_KD, kerberosKey.getEncoded() );
-
- String zuluTime = "20070410190400Z";
- int microSeconds = 460450;
- PaEncTsEnc encryptedTimeStamp = getEncryptedTimeStamp( zuluTime, microSeconds );
-
- EncryptedData encryptedData = null;
-
- try
- {
- encryptedData = lockBox.seal( key, encryptedTimeStamp, KeyUsage.AS_REQ_PA_ENC_TIMESTAMP_WITH_CKEY );
- }
- catch ( KerberosException ke )
- {
- fail( "Should not have caught exception." );
- }
-
- try
- {
- byte[] paEncTsEncData = lockBox.decrypt( key, encryptedData, KeyUsage.AS_REQ_PA_ENC_TIMESTAMP_WITH_CKEY );
- PaEncTsEnc object = KerberosDecoder.decodePaEncTsEnc( paEncTsEncData );
- assertEquals( "TimeStamp", zuluTime, object.getPaTimestamp().toString() );
- assertEquals( "MicroSeconds", microSeconds, object.getPausec() );
- }
- catch ( KerberosException ke )
- {
- fail( "Should not have caught exception." );
- }
- }
-
-
/**
* Tests the unsealing of Kerberos CipherText with a good password. After decryption and
* an integrity check, an attempt is made to decode the bytes as an EncryptedTimestamp. The
diff --git a/kerberos-codec/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/Des3CbcSha1KdEncryptionTest.java b/kerberos-codec/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/Des3CbcSha1KdEncryptionTest.java
deleted file mode 100644
index 79baf85..0000000
--- a/kerberos-codec/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/Des3CbcSha1KdEncryptionTest.java
+++ /dev/null
@@ -1,246 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.directory.server.kerberos.shared.crypto.encryption;
-
-
-import java.util.Arrays;
-
-import javax.security.auth.kerberos.KerberosKey;
-import javax.security.auth.kerberos.KerberosPrincipal;
-
-import org.junit.jupiter.api.Test;
-
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertTrue;
-
-
-/**
- * Tests the use of Triple DES for Kerberos, using test vectors from RFC 3961,
- * "Encryption and Checksum Specifications for Kerberos 5."
- *
- * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
- */
-public class Des3CbcSha1KdEncryptionTest
-{
- private static final Des3CbcSha1KdEncryption keyDerivationFunction = new Des3CbcSha1KdEncryption();
-
-
- /**
- * Tests setting parity as defined in RFC 3961.
- */
- @Test
- public void testParity()
- {
- byte[] test =
- { ( byte ) 0x93, ( byte ) 0x50, ( byte ) 0x79, ( byte ) 0xd1, ( byte ) 0x44, ( byte ) 0x90, ( byte ) 0xa7 };
- byte[] expected =
- { ( byte ) 0x92, ( byte ) 0x51, ( byte ) 0x79, ( byte ) 0xd0, ( byte ) 0x45, ( byte ) 0x91, ( byte ) 0xa7,
- ( byte ) 0x9b };
-
- byte[] result = keyDerivationFunction.setParity( test );
-
- assertTrue( Arrays.equals( expected, result ) );
- }
-
-
- /**
- * Tests 'deriveRandom' and 'randomToKey' functions.
- */
- @Test
- public void testDerivedKey()
- {
- byte[] key =
- { ( byte ) 0xdc, ( byte ) 0xe0, ( byte ) 0x6b, ( byte ) 0x1f, ( byte ) 0x64, ( byte ) 0xc8, ( byte ) 0x57,
- ( byte ) 0xa1, ( byte ) 0x1c, ( byte ) 0x3d, ( byte ) 0xb5, ( byte ) 0x7c, ( byte ) 0x51,
- ( byte ) 0x89, ( byte ) 0x9b, ( byte ) 0x2c, ( byte ) 0xc1, ( byte ) 0x79, ( byte ) 0x10,
- ( byte ) 0x08, ( byte ) 0xce, ( byte ) 0x97, ( byte ) 0x3b, ( byte ) 0x92 };
-
- byte[] usage =
- { ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x01, ( byte ) 0x55 };
-
- byte[] DR =
- { ( byte ) 0x93, ( byte ) 0x50, ( byte ) 0x79, ( byte ) 0xd1, ( byte ) 0x44, ( byte ) 0x90, ( byte ) 0xa7,
- ( byte ) 0x5c, ( byte ) 0x30, ( byte ) 0x93, ( byte ) 0xc4, ( byte ) 0xa6, ( byte ) 0xe8,
- ( byte ) 0xc3, ( byte ) 0xb0, ( byte ) 0x49, ( byte ) 0xc7, ( byte ) 0x1e, ( byte ) 0x6e,
- ( byte ) 0xe7, ( byte ) 0x05 };
-
- byte[] DK =
- { ( byte ) 0x92, ( byte ) 0x51, ( byte ) 0x79, ( byte ) 0xd0, ( byte ) 0x45, ( byte ) 0x91, ( byte ) 0xa7,
- ( byte ) 0x9b, ( byte ) 0x5d, ( byte ) 0x31, ( byte ) 0x92, ( byte ) 0xc4, ( byte ) 0xa7,
- ( byte ) 0xe9, ( byte ) 0xc2, ( byte ) 0x89, ( byte ) 0xb0, ( byte ) 0x49, ( byte ) 0xc7,
- ( byte ) 0x1f, ( byte ) 0x6e, ( byte ) 0xe6, ( byte ) 0x04, ( byte ) 0xcd };
-
- byte[] result = keyDerivationFunction.deriveRandom( key, usage, 64, 168 );
- assertTrue( Arrays.equals( DR, result ) );
-
- result = keyDerivationFunction.randomToKey( result );
- assertTrue( Arrays.equals( DK, result ) );
- }
-
-
- /**
- * Tests 'deriveRandom' and 'randomToKey' functions.
- */
- @Test
- public void testDerivedKey2()
- {
- byte[] key =
- { ( byte ) 0x5e, ( byte ) 0x13, ( byte ) 0xd3, ( byte ) 0x1c, ( byte ) 0x70, ( byte ) 0xef, ( byte ) 0x76,
- ( byte ) 0x57, ( byte ) 0x46, ( byte ) 0x57, ( byte ) 0x85, ( byte ) 0x31, ( byte ) 0xcb,
- ( byte ) 0x51, ( byte ) 0xc1, ( byte ) 0x5b, ( byte ) 0xf1, ( byte ) 0x1c, ( byte ) 0xa8,
- ( byte ) 0x2c, ( byte ) 0x97, ( byte ) 0xce, ( byte ) 0xe9, ( byte ) 0xf2 };
-
- byte[] usage =
- { ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x01, ( byte ) 0xaa };
-
- byte[] DR =
- { ( byte ) 0x9f, ( byte ) 0x58, ( byte ) 0xe5, ( byte ) 0xa0, ( byte ) 0x47, ( byte ) 0xd8, ( byte ) 0x94,
- ( byte ) 0x10, ( byte ) 0x1c, ( byte ) 0x46, ( byte ) 0x98, ( byte ) 0x45, ( byte ) 0xd6,
- ( byte ) 0x7a, ( byte ) 0xe3, ( byte ) 0xc5, ( byte ) 0x24, ( byte ) 0x9e, ( byte ) 0xd8,
- ( byte ) 0x12, ( byte ) 0xf2 };
-
- byte[] DK =
- { ( byte ) 0x9e, ( byte ) 0x58, ( byte ) 0xe5, ( byte ) 0xa1, ( byte ) 0x46, ( byte ) 0xd9, ( byte ) 0x94,
- ( byte ) 0x2a, ( byte ) 0x10, ( byte ) 0x1c, ( byte ) 0x46, ( byte ) 0x98, ( byte ) 0x45,
- ( byte ) 0xd6, ( byte ) 0x7a, ( byte ) 0x20, ( byte ) 0xe3, ( byte ) 0xc4, ( byte ) 0x25,
- ( byte ) 0x9e, ( byte ) 0xd9, ( byte ) 0x13, ( byte ) 0xf2, ( byte ) 0x07 };
-
- byte[] result = keyDerivationFunction.deriveRandom( key, usage, 64, 168 );
- assertTrue( Arrays.equals( DR, result ) );
-
- result = keyDerivationFunction.randomToKey( result );
- assertTrue( Arrays.equals( DK, result ) );
- }
-
-
- /**
- * Tests that key derivation can be performed for a Triple-DES key.
- */
- @Test
- public void testTestVectorsTripleDesKerberosKey1()
- {
- byte[] expectedKey =
- { ( byte ) 0x85, ( byte ) 0x0B, ( byte ) 0xB5, ( byte ) 0x13, ( byte ) 0x58, ( byte ) 0x54, ( byte ) 0x8C,
- ( byte ) 0xD0, ( byte ) 0x5E, ( byte ) 0x86, ( byte ) 0x76, ( byte ) 0x8C, ( byte ) 0x31,
- ( byte ) 0x3E, ( byte ) 0x3B, ( byte ) 0xFE, ( byte ) 0xF7, ( byte ) 0x51, ( byte ) 0x19,
- ( byte ) 0x37, ( byte ) 0xDC, ( byte ) 0xF7, ( byte ) 0x2C, ( byte ) 0x3E };
-
- KerberosPrincipal principal = new KerberosPrincipal( "raeburn@ATHENA.MIT.EDU" );
- String algorithm = VendorHelper.getTripleDesAlgorithm();
- KerberosKey key = new KerberosKey( principal, "password".toCharArray(), algorithm );
-
- assertEquals( "DESede key length", 24, key.getEncoded().length );
- assertTrue( "Key match", Arrays.equals( expectedKey, key.getEncoded() ) );
- }
-
-
- /**
- * Tests that key derivation can be performed for a Triple-DES key.
- */
- @Test
- public void testTestVectorsTripleDesKerberosKey2()
- {
- byte[] expectedKey =
- { ( byte ) 0xDF, ( byte ) 0xCD, ( byte ) 0x23, ( byte ) 0x3D, ( byte ) 0xD0, ( byte ) 0xA4, ( byte ) 0x32,
- ( byte ) 0x04, ( byte ) 0xEA, ( byte ) 0x6D, ( byte ) 0xC4, ( byte ) 0x37, ( byte ) 0xFB,
- ( byte ) 0x15, ( byte ) 0xE0, ( byte ) 0x61, ( byte ) 0xB0, ( byte ) 0x29, ( byte ) 0x79,
- ( byte ) 0xC1, ( byte ) 0xF7, ( byte ) 0x4F, ( byte ) 0x37, ( byte ) 0x7A };
-
- KerberosPrincipal principal = new KerberosPrincipal( "danny@WHITEHOUSE.GOV" );
- String algorithm = VendorHelper.getTripleDesAlgorithm();
- KerberosKey key = new KerberosKey( principal, "potatoe".toCharArray(), algorithm );
-
- assertEquals( "DESede key length", 24, key.getEncoded().length );
- assertTrue( "Key match", Arrays.equals( expectedKey, key.getEncoded() ) );
- }
-
-
- /**
- * Tests that key derivation can be performed for a Triple-DES key.
- */
- @Test
- public void testTestVectorsTripleDesKerberosKey3()
- {
- byte[] expectedKey =
- { ( byte ) 0x6D, ( byte ) 0x2F, ( byte ) 0xCD, ( byte ) 0xF2, ( byte ) 0xD6, ( byte ) 0xFB, ( byte ) 0xBC,
- ( byte ) 0x3D, ( byte ) 0xDC, ( byte ) 0xAD, ( byte ) 0xB5, ( byte ) 0xDA, ( byte ) 0x57,
- ( byte ) 0x10, ( byte ) 0xA2, ( byte ) 0x34, ( byte ) 0x89, ( byte ) 0xB0, ( byte ) 0xD3,
- ( byte ) 0xB6, ( byte ) 0x9D, ( byte ) 0x5D, ( byte ) 0x9D, ( byte ) 0x4A };
-
- KerberosPrincipal principal = new KerberosPrincipal( "buckaroo@EXAMPLE.COM" );
- String algorithm = VendorHelper.getTripleDesAlgorithm();
- KerberosKey key = new KerberosKey( principal, "penny".toCharArray(), algorithm );
-
- assertEquals( "DESede key length", 24, key.getEncoded().length );
- assertTrue( "Key match", Arrays.equals( expectedKey, key.getEncoded() ) );
- }
-
-
- /**
- * Tests that key derivation can be performed for a Triple-DES key.
- */
- @Test
- public void testTestVectorsTripleDesKerberosKey4()
- {
- if ( VendorHelper.isIbm() )
- {
- return;
- }
-
- byte[] expectedKey =
- { ( byte ) 0x16, ( byte ) 0xD5, ( byte ) 0xA4, ( byte ) 0x0E, ( byte ) 0x1C, ( byte ) 0xE3, ( byte ) 0xBA,
- ( byte ) 0xCB, ( byte ) 0x61, ( byte ) 0xB9, ( byte ) 0xDC, ( byte ) 0xE0, ( byte ) 0x04,
- ( byte ) 0x70, ( byte ) 0x32, ( byte ) 0x4C, ( byte ) 0x83, ( byte ) 0x19, ( byte ) 0x73,
- ( byte ) 0xA7, ( byte ) 0xB9, ( byte ) 0x52, ( byte ) 0xFE, ( byte ) 0xB0 };
-
- KerberosPrincipal principal = new KerberosPrincipal( "Juri\u0161i\u0107@ATHENA.MIT.EDU" );
- String algorithm = VendorHelper.getTripleDesAlgorithm();
- KerberosKey key = new KerberosKey( principal, "\u00DF".toCharArray(), algorithm );
-
- assertEquals( "DESede key length", 24, key.getEncoded().length );
- assertTrue( "Key match", Arrays.equals( expectedKey, key.getEncoded() ) );
- }
-
-
- /**
- * Tests that key derivation can be performed for a Triple-DES key.
- */
- @Test
- public void testTestVectorsTripleDesKerberosKey5()
- {
- if ( VendorHelper.isIbm() )
- {
- return;
- }
-
- byte[] expectedKey =
- { ( byte ) 0x85, ( byte ) 0x76, ( byte ) 0x37, ( byte ) 0x26, ( byte ) 0x58, ( byte ) 0x5D, ( byte ) 0xBC,
- ( byte ) 0x1C, ( byte ) 0xCE, ( byte ) 0x6E, ( byte ) 0xC4, ( byte ) 0x3E, ( byte ) 0x1F,
- ( byte ) 0x75, ( byte ) 0x1F, ( byte ) 0x07, ( byte ) 0xF1, ( byte ) 0xC4, ( byte ) 0xCB,
- ( byte ) 0xB0, ( byte ) 0x98, ( byte ) 0xF4, ( byte ) 0x0B, ( byte ) 0x19 };
-
- KerberosPrincipal principal = new KerberosPrincipal( "pianist@EXAMPLE.COM" );
- String algorithm = VendorHelper.getTripleDesAlgorithm();
- KerberosKey key = new KerberosKey( principal, "\uD834\uDD1E".toCharArray(), algorithm );
-
- assertEquals( "DESede key length", 24, key.getEncoded().length );
- assertTrue( "Key match", Arrays.equals( expectedKey, key.getEncoded() ) );
- }
-}
diff --git a/kerberos-codec/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/DesCbcCrcEncryptionTest.java b/kerberos-codec/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/DesCbcCrcEncryptionTest.java
deleted file mode 100644
index 24fc19d..0000000
--- a/kerberos-codec/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/DesCbcCrcEncryptionTest.java
+++ /dev/null
@@ -1,128 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.directory.server.kerberos.shared.crypto.encryption;
-
-
-import static org.junit.Assert.assertTrue;
-
-import javax.security.auth.kerberos.KerberosKey;
-import javax.security.auth.kerberos.KerberosPrincipal;
-
-import org.apache.directory.shared.kerberos.components.EncryptedData;
-import org.apache.directory.shared.kerberos.codec.types.EncryptionType;
-import org.apache.directory.shared.kerberos.components.EncryptionKey;
-import org.junit.jupiter.api.Test;
-
-
-/**
- * Test case for the DES-CBC-CRC encryption type.
- *
- * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
- */
-public class DesCbcCrcEncryptionTest
-{
- private static final char[] PASSWORD = "password".toCharArray();
-
-
- /**
- * Test successful encryption and decryption when the plaintext size is less than the block size.
- *
- * @throws Exception
- */
- @Test
- public void testPlainTextSizeLessThanBlockSize() throws Exception
- {
- KerberosKey key = new KerberosKey( new KerberosPrincipal( "hnelson@EXAMPLE.COM" ), PASSWORD, "DES" );
- byte[] keyBytes = key.getEncoded();
- EncryptionKey encryptionKey = new EncryptionKey( EncryptionType.DES_CBC_CRC, keyBytes );
-
- byte[] plainText =
- { 1, 2, 3, 4, 5, 6, 7 };
-
- DesCbcCrcEncryption encryption = new DesCbcCrcEncryption();
- EncryptedData encryptedData = encryption.getEncryptedData( encryptionKey, plainText, null );
-
- byte[] recoveredText = encryption.getDecryptedData( encryptionKey, encryptedData, null );
-
- assertTrue( beginsWith( plainText, recoveredText ) );
- }
-
-
- /**
- * Test successful encryption and decryption when the plaintext size equals the block size.
- *
- * @throws Exception
- */
- @Test
- public void testPlainTextSizeEqualsBlockSize() throws Exception
- {
- KerberosKey key = new KerberosKey( new KerberosPrincipal( "hnelson@EXAMPLE.COM" ), PASSWORD, "DES" );
- byte[] keyBytes = key.getEncoded();
- EncryptionKey encryptionKey = new EncryptionKey( EncryptionType.DES_CBC_CRC, keyBytes );
-
- byte[] plainText =
- { 1, 2, 3, 4, 5, 6, 7, 8 };
-
- DesCbcCrcEncryption encryption = new DesCbcCrcEncryption();
- EncryptedData encryptedData = encryption.getEncryptedData( encryptionKey, plainText, null );
-
- byte[] recoveredText = encryption.getDecryptedData( encryptionKey, encryptedData, null );
-
- assertTrue( beginsWith( plainText, recoveredText ) );
- }
-
-
- /**
- * Test successful encryption and decryption when the plaintext size is greater than the block size.
- *
- * @throws Exception
- */
- @Test
- public void testPlainTextSizeGreaterThanBlockSize() throws Exception
- {
- KerberosKey key = new KerberosKey( new KerberosPrincipal( "hnelson@EXAMPLE.COM" ), PASSWORD, "DES" );
- byte[] keyBytes = key.getEncoded();
- EncryptionKey encryptionKey = new EncryptionKey( EncryptionType.DES_CBC_CRC, keyBytes );
-
- byte[] plainText =
- { 1, 2, 3, 4, 5, 6, 7, 8, 9 };
-
- DesCbcCrcEncryption encryption = new DesCbcCrcEncryption();
- EncryptedData encryptedData = encryption.getEncryptedData( encryptionKey, plainText, null );
-
- byte[] recoveredText = encryption.getDecryptedData( encryptionKey, encryptedData, null );
-
- assertTrue( beginsWith( plainText, recoveredText ) );
- }
-
-
- private boolean beginsWith( byte[] plainText, byte[] recoveredText )
- {
- for ( int i = 0; i < plainText.length; i++ )
- {
- if ( plainText[i] != recoveredText[i] )
- {
- return false;
- }
- }
-
- return true;
- }
-}
diff --git a/kerberos-codec/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/DesCbcMd5EncryptionTest.java b/kerberos-codec/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/DesCbcMd5EncryptionTest.java
deleted file mode 100644
index 2dcfa74..0000000
--- a/kerberos-codec/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/DesCbcMd5EncryptionTest.java
+++ /dev/null
@@ -1,128 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.directory.server.kerberos.shared.crypto.encryption;
-
-
-import static org.junit.Assert.assertTrue;
-
-import javax.security.auth.kerberos.KerberosKey;
-import javax.security.auth.kerberos.KerberosPrincipal;
-
-import org.apache.directory.shared.kerberos.components.EncryptedData;
-import org.apache.directory.shared.kerberos.codec.types.EncryptionType;
-import org.apache.directory.shared.kerberos.components.EncryptionKey;
-import org.junit.jupiter.api.Test;
-
-
-/**
- * Test case for the DES-CBC-MD5 encryption type.
- *
- * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
- */
-public class DesCbcMd5EncryptionTest
-{
- private static final char[] PASSWORD = "password".toCharArray();
-
-
- /**
- * Test successful encryption and decryption when the plaintext size is less than the block size.
- *
- * @throws Exception
- */
- @Test
- public void testPlainTextSizeLessThanBlockSize() throws Exception
- {
- KerberosKey key = new KerberosKey( new KerberosPrincipal( "hnelson@EXAMPLE.COM" ), PASSWORD, "DES" );
- byte[] keyBytes = key.getEncoded();
- EncryptionKey encryptionKey = new EncryptionKey( EncryptionType.DES_CBC_MD5, keyBytes );
-
- byte[] plainText =
- { 1, 2, 3, 4, 5, 6, 7 };
-
- DesCbcMd5Encryption encryption = new DesCbcMd5Encryption();
- EncryptedData encryptedData = encryption.getEncryptedData( encryptionKey, plainText, null );
-
- byte[] recoveredText = encryption.getDecryptedData( encryptionKey, encryptedData, null );
-
- assertTrue( beginsWith( plainText, recoveredText ) );
- }
-
-
- /**
- * Test successful encryption and decryption when the plaintext size equals the block size.
- *
- * @throws Exception
- */
- @Test
- public void testPlainTextSizeEqualsBlockSize() throws Exception
- {
- KerberosKey key = new KerberosKey( new KerberosPrincipal( "hnelson@EXAMPLE.COM" ), PASSWORD, "DES" );
- byte[] keyBytes = key.getEncoded();
- EncryptionKey encryptionKey = new EncryptionKey( EncryptionType.DES_CBC_MD5, keyBytes );
-
- byte[] plainText =
- { 1, 2, 3, 4, 5, 6, 7, 8 };
-
- DesCbcMd5Encryption encryption = new DesCbcMd5Encryption();
- EncryptedData encryptedData = encryption.getEncryptedData( encryptionKey, plainText, null );
-
- byte[] recoveredText = encryption.getDecryptedData( encryptionKey, encryptedData, null );
-
- assertTrue( beginsWith( plainText, recoveredText ) );
- }
-
-
- /**
- * Test successful encryption and decryption when the plaintext size is greater than the block size.
- *
- * @throws Exception
- */
- @Test
- public void testPlainTextSizeGreaterThanBlockSize() throws Exception
- {
- KerberosKey key = new KerberosKey( new KerberosPrincipal( "hnelson@EXAMPLE.COM" ), PASSWORD, "DES" );
- byte[] keyBytes = key.getEncoded();
- EncryptionKey encryptionKey = new EncryptionKey( EncryptionType.DES_CBC_MD5, keyBytes );
-
- byte[] plainText =
- { 1, 2, 3, 4, 5, 6, 7, 8, 9 };
-
- DesCbcMd5Encryption encryption = new DesCbcMd5Encryption();
- EncryptedData encryptedData = encryption.getEncryptedData( encryptionKey, plainText, null );
-
- byte[] recoveredText = encryption.getDecryptedData( encryptionKey, encryptedData, null );
-
- assertTrue( beginsWith( plainText, recoveredText ) );
- }
-
-
- private boolean beginsWith( byte[] plainText, byte[] recoveredText )
- {
- for ( int i = 0; i < plainText.length; i++ )
- {
- if ( plainText[i] != recoveredText[i] )
- {
- return false;
- }
- }
-
- return true;
- }
-}
diff --git a/kerberos-codec/src/test/java/org/apache/directory/server/kerberos/shared/messages/components/TicketTest.java b/kerberos-codec/src/test/java/org/apache/directory/server/kerberos/shared/messages/components/TicketTest.java
deleted file mode 100644
index 4237597..0000000
--- a/kerberos-codec/src/test/java/org/apache/directory/server/kerberos/shared/messages/components/TicketTest.java
+++ /dev/null
@@ -1,131 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.directory.server.kerberos.shared.messages.components;
-
-
-import static org.junit.Assert.assertEquals;
-
-import javax.security.auth.kerberos.KerberosPrincipal;
-
-import org.apache.directory.api.util.Strings;
-import org.apache.directory.server.kerberos.shared.store.TicketFactory;
-import org.apache.directory.shared.kerberos.components.EncryptionKey;
-import org.apache.directory.shared.kerberos.messages.Ticket;
-import org.junit.jupiter.api.Test;
-
-
-
-/**
- * Test the Ticket encoding and decoding
- *
- * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
- */
-public class TicketTest
-{
- @Test
- public void testTicket() throws Exception
- {
- TicketFactory ticketFactory = new TicketFactory();
-
- KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
- KerberosPrincipal serverPrincipal = new KerberosPrincipal( "kadmin/changepw@EXAMPLE.COM" );
- String serverPassword = "s3crEt";
-
- EncryptionKey serverKey = ticketFactory.getServerKey( serverPrincipal, serverPassword );
-
- Ticket serviceTicket = ticketFactory.getTicket( clientPrincipal, serverPrincipal, serverKey );
-
- byte[] encodedTicket = serviceTicket.encode( null ).array();
-
- byte[] expectedResult = new byte[]
- {
- 0x61, ( byte ) 0x81, ( byte ) 0xE7,
- 0x30, ( byte ) 0x81, ( byte ) 0xE4,
- ( byte ) 0xA0, 0x03,
- 0x02, 0x01, 0x05,
- ( byte ) 0xA1, 0x0D,
- 0x1B, 0x0B,
- 'E', 'X', 'A', 'M', 'P', 'L', 'E', '.', 'C', 'O', 'M',
- ( byte ) 0xA2, 0x1D,
- 0x30, 0x1B,
- ( byte ) 0xA0, 0x03,
- 0x02, 0x01, 0x01,
- ( byte ) 0xA1, 0x14,
- 0x30, 0x12,
- 0x1B, 0x06,
- 'k', 'a', 'd', 'm', 'i', 'n',
- 0x1B, 0x08,
- 'c', 'h', 'a', 'n', 'g', 'e', 'p', 'w',
- ( byte ) 0xA3, ( byte ) 0x81, ( byte ) 0xAE,
- 0x30, ( byte ) 0x81, ( byte ) 0xAB,
- ( byte ) 0xA0, 0x03,
- 0x02, 0x01, 0x03,
- ( byte ) 0xA2, ( byte ) 0x81, ( byte ) 0xA3,
- 0x04, ( byte ) 0x81, ( byte ) 0xA0
- };
-
- // We will just compared the first bytes (everything before the encrypted data)
- String expectedResultString = Strings.dumpBytes( expectedResult );
- String resultString = Strings.dumpBytes( encodedTicket ).substring( 0, expectedResultString.length() );
-
- assertEquals( expectedResultString, resultString );
- }
-
- /*
- public void testTicketPerf() throws Exception
- {
- TicketFactory ticketFactory = new TicketFactory();
-
- KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
- KerberosPrincipal serverPrincipal = new KerberosPrincipal( "kadmin/changepw@EXAMPLE.COM" );
- String serverPassword = "s3crEt";
-
- EncryptionKey serverKey = ticketFactory.getServerKey( serverPrincipal, serverPassword );
-
- Ticket serviceTicket = ticketFactory.getTicket( clientPrincipal, serverPrincipal, serverKey );
-
- byte[] encodedTicket = TicketEncoder.encodeTicket( serviceTicket );
-
- long t0 = System.currentTimeMillis();
-
- for ( int i=0; i < 1000000; i++ )
- {
- TicketEncoder.encodeTicket( serviceTicket );
- }
-
- long t1 = System.currentTimeMillis();
-
- System.out.println( "Delta slow = " + ( t1 - t0 ) );
-
- long t2 = System.currentTimeMillis();
-
- for ( int i=0; i < 1000000; i++ )
- {
- serviceTicket.encode();
- }
-
- long t3 = System.currentTimeMillis();
-
- System.out.println( "Delta slow = " + ( t3 - t2 ) );
-
- assertTrue( Arrays.equals( encodedTicket, encodedTicket ) );
- }
- */
-}
diff --git a/kerberos-test/pom.xml b/kerberos-test/pom.xml
deleted file mode 100644
index 20c1a21..0000000
--- a/kerberos-test/pom.xml
+++ /dev/null
@@ -1,147 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
- <modelVersion>4.0.0</modelVersion>
- <parent>
- <groupId>org.apache.directory.server</groupId>
- <artifactId>apacheds-parent</artifactId>
- <version>2.0.0.AM27-SNAPSHOT</version>
- </parent>
-
- <artifactId>apacheds-kerberos-test</artifactId>
- <name>ApacheDS Protocol Kerberos Test</name>
-
- <description>The Kerberos Protocol tests</description>
-
- <dependencies>
- <dependency>
- <groupId>${project.groupId}</groupId>
- <artifactId>apacheds-core-annotations</artifactId>
- </dependency>
-
- <dependency>
- <groupId>${project.groupId}</groupId>
- <artifactId>apacheds-core-api</artifactId>
- </dependency>
-
- <dependency>
- <groupId>${project.groupId}</groupId>
- <artifactId>apacheds-core-jndi</artifactId>
- </dependency>
-
- <dependency>
- <groupId>${project.groupId}</groupId>
- <artifactId>apacheds-i18n</artifactId>
- </dependency>
-
- <dependency>
- <groupId>${project.groupId}</groupId>
- <artifactId>apacheds-interceptor-kerberos</artifactId>
- </dependency>
-
- <dependency>
- <groupId>${project.groupId}</groupId>
- <artifactId>apacheds-kerberos-codec</artifactId>
- </dependency>
-
- <dependency>
- <groupId>${project.groupId}</groupId>
- <artifactId>apacheds-protocol-ldap</artifactId>
- </dependency>
-
- <dependency>
- <groupId>${project.groupId}</groupId>
- <artifactId>apacheds-server-annotations</artifactId>
- </dependency>
-
- <dependency>
- <groupId>${project.groupId}</groupId>
- <artifactId>apacheds-test-framework</artifactId>
- </dependency>
-
- <dependency>
- <groupId>org.apache.directory.api</groupId>
- <artifactId>api-ldap-client-api</artifactId>
- </dependency>
-
- <dependency>
- <groupId>org.apache.commons</groupId>
- <artifactId>commons-lang3</artifactId>
- </dependency>
- </dependencies>
-
- <build>
- <plugins>
- <plugin>
- <artifactId>maven-surefire-plugin</artifactId>
- <configuration>
- <excludes>
- <exclude>**/TestUtils.java</exclude>
- </excludes>
- <systemPropertyVariables>
- <felix.cache.rootdir>
- ${project.build.directory}
- </felix.cache.rootdir>
- <felix.cache.locking>
- false
- </felix.cache.locking>
- <org.osgi.framework.storage.clean>
- onFirstInit
- </org.osgi.framework.storage.clean>
- <org.osgi.framework.storage>
- ${project.build.directory}/osgi-cache
- </org.osgi.framework.storage>
- </systemPropertyVariables>
- </configuration>
- </plugin>
-
- <plugin>
- <artifactId>maven-jar-plugin</artifactId>
- <configuration>
- <archive>
- <addMavenDescriptor>false</addMavenDescriptor>
- </archive>
- </configuration>
- <executions>
- <execution>
- <id>attach-tests</id>
- <goals>
- <goal>test-jar</goal>
- </goals>
- </execution>
- </executions>
- </plugin>
-
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-source-plugin</artifactId>
- <executions>
- <execution>
- <id>attach-sources</id>
- <phase>verify</phase>
- <goals>
- <goal>jar-no-fork</goal>
- </goals>
- </execution>
- </executions>
- </plugin>
- </plugins>
- </build>
-</project>
diff --git a/kerberos-test/src/site/site.xml b/kerberos-test/src/site/site.xml
deleted file mode 100644
index ac4dc51..0000000
--- a/kerberos-test/src/site/site.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-<!--
- @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
--->
-<project name="${project.name}">
- <body>
- <menu ref="parent" />
- <menu ref="reports" />
- </body>
-</project>
\ No newline at end of file
diff --git a/kerberos-test/src/test/java/org/apache/directory/server/kerberos/kdc/AS-REQ-PA-ENC-TS.pdu b/kerberos-test/src/test/java/org/apache/directory/server/kerberos/kdc/AS-REQ-PA-ENC-TS.pdu
deleted file mode 100644
index 3971db6..0000000
Binary files a/kerberos-test/src/test/java/org/apache/directory/server/kerberos/kdc/AS-REQ-PA-ENC-TS.pdu and /dev/null differ
diff --git a/kerberos-test/src/test/java/org/apache/directory/server/kerberos/kdc/AS-REQ-TCP.pdu b/kerberos-test/src/test/java/org/apache/directory/server/kerberos/kdc/AS-REQ-TCP.pdu
deleted file mode 100644
index 781eff2..0000000
Binary files a/kerberos-test/src/test/java/org/apache/directory/server/kerberos/kdc/AS-REQ-TCP.pdu and /dev/null differ
diff --git a/kerberos-test/src/test/java/org/apache/directory/server/kerberos/kdc/AS-REQ-UDP.pdu b/kerberos-test/src/test/java/org/apache/directory/server/kerberos/kdc/AS-REQ-UDP.pdu
deleted file mode 100644
index 85e9037..0000000
Binary files a/kerberos-test/src/test/java/org/apache/directory/server/kerberos/kdc/AS-REQ-UDP.pdu and /dev/null differ
diff --git a/kerberos-test/src/test/java/org/apache/directory/server/kerberos/kdc/AbstractKerberosITest.java b/kerberos-test/src/test/java/org/apache/directory/server/kerberos/kdc/AbstractKerberosITest.java
deleted file mode 100644
index e90a659..0000000
--- a/kerberos-test/src/test/java/org/apache/directory/server/kerberos/kdc/AbstractKerberosITest.java
+++ /dev/null
@@ -1,247 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.directory.server.kerberos.kdc;
-
-
-import static org.junit.Assert.assertEquals;
-
-import java.io.File;
-import java.io.IOException;
-import java.util.Collections;
-
-import javax.security.auth.Subject;
-import javax.security.auth.kerberos.KerberosTicket;
-
-import org.apache.commons.lang3.SystemUtils;
-import org.apache.directory.api.ldap.model.entry.DefaultEntry;
-import org.apache.directory.api.ldap.model.entry.DefaultModification;
-import org.apache.directory.api.ldap.model.entry.Entry;
-import org.apache.directory.api.ldap.model.entry.Modification;
-import org.apache.directory.api.ldap.model.entry.ModificationOperation;
-import org.apache.directory.api.ldap.model.exception.LdapException;
-import org.apache.directory.api.util.FileUtils;
-import org.apache.directory.api.util.Strings;
-import org.apache.directory.server.core.api.LdapCoreSessionConnection;
-import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
-import org.apache.directory.server.protocol.shared.transport.TcpTransport;
-import org.apache.directory.server.protocol.shared.transport.Transport;
-import org.apache.directory.shared.kerberos.codec.types.EncryptionType;
-import org.apache.directory.shared.kerberos.crypto.checksum.ChecksumType;
-import org.junit.After;
-import org.junit.Before;
-import org.junit.Rule;
-import org.junit.rules.TemporaryFolder;
-
-
-/**
- *
- * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
- */
-public class AbstractKerberosITest extends AbstractLdapTestUnit
-{
- public static final String USERS_DN = "ou=users,dc=example,dc=com";
- public static final String REALM = "EXAMPLE.COM";
- public static final String USER_UID = "hnelson";
- public static final String USER_PASSWORD = "secret";
- public static final String LDAP_SERVICE_NAME = "ldap";
- public static final String HOSTNAME = KerberosTestUtils.getHostName();
-
- @Rule
- public TemporaryFolder folder = new TemporaryFolder();
-
- protected LdapCoreSessionConnection conn;
-
-
- @Before
- public void setUp() throws Exception
- {
- conn = new LdapCoreSessionConnection( service );
-
- enableKerberosSchema();
- }
-
-
- @After
- public void tearDown() throws Exception
- {
- conn.close();
- }
-
- class ObtainTicketParameters
- {
- Class<? extends Transport> transport;
- EncryptionType encryptionType;
- ChecksumType checksumType;
- Integer oldUdpPrefLimit;
- Integer oldCksumtypeDefault;
-
-
- public ObtainTicketParameters( Class<? extends Transport> transport, EncryptionType encryptionType,
- ChecksumType checksumType )
- {
- this.transport = transport;
- this.encryptionType = encryptionType;
- this.checksumType = checksumType;
- }
- }
-
-
- /**
- * Obtains a TGT and service tickets for the user.
- * Also makes some assertions on the received tickets.
- *
- * @param encryptionType the encryption type to use
- * @throws Exception
- */
- protected void testObtainTickets( ObtainTicketParameters parameters ) throws Exception
- {
- setupEnv( parameters );
- Subject subject = new Subject();
-
- KerberosTestUtils.obtainTGT( subject, USER_UID, USER_PASSWORD );
-
- assertEquals( 1, subject.getPrivateCredentials().size() );
- assertEquals( 0, subject.getPublicCredentials().size() );
-
- KerberosTestUtils.obtainServiceTickets( subject, USER_UID, LDAP_SERVICE_NAME, HOSTNAME );
-
- assertEquals( 2, subject.getPrivateCredentials().size() );
- assertEquals( 0, subject.getPublicCredentials().size() );
-
- for ( KerberosTicket kt : subject.getPrivateCredentials( KerberosTicket.class ) )
- {
- // System.out.println( kt.getClient() );
- // System.out.println( kt.getServer() );
- // System.out.println( kt.getSessionKeyType() );
- assertEquals( parameters.encryptionType.getValue(), kt.getSessionKeyType() );
- }
- }
-
-
- private void enableKerberosSchema() throws LdapException
- {
- Modification mod = new DefaultModification( ModificationOperation.REPLACE_ATTRIBUTE,
- "m-disabled", "FALSE" );
- conn.modify( "cn=Krb5kdc,ou=schema", mod );
- }
-
-
- protected void setupEnv( ObtainTicketParameters parameters )
- throws Exception
- {
- // create krb5.conf with proper encryption type
- String krb5confPath = createKrb5Conf( parameters.checksumType, parameters.encryptionType, parameters.transport == TcpTransport.class );
- System.setProperty( "java.security.krb5.conf", krb5confPath );
-
- // change encryption type in KDC
- kdcServer.getConfig().setEncryptionTypes( Collections.singleton( parameters.encryptionType ) );
-
- // create principals
- createPrincipal( "uid=" + USER_UID, "Last", "First Last",
- USER_UID, USER_PASSWORD, USER_UID + "@" + REALM );
-
- createPrincipal( "uid=krbtgt", "KDC Service", "KDC Service",
- "krbtgt", "secret", "krbtgt/" + REALM + "@" + REALM );
-
- String servicePrincipal = LDAP_SERVICE_NAME + "/" + HOSTNAME + "@" + REALM;
- createPrincipal( "uid=ldap", "Service", "LDAP Service",
- "ldap", "randall", servicePrincipal );
- }
-
-
- /**
- * Creates the krb5.conf file for the test.
- *
- * It looks similar to this:
- *
- * <pre>
- * [libdefaults]
- * default_realm = EXAMPLE.COM
- * default_tkt_enctypes = aes256-cts-hmac-sha1-96
- * default_tgs_enctypes = aes256-cts-hmac-sha1-96
- * permitted_enctypes = aes256-cts-hmac-sha1-96
- *
- * [realms]
- * EXAMPLE.COM = {
- * kdc = localhost:6088
- * }
- *
- * [domain_realm]
- * .example.com = EXAMPLE.COM
- * example.com = EXAMPLE.COM
- * </pre>
- *
- * @param encryptionType
- * @param checksumType
- * @return the path to the krb5.conf file
- * @throws IOException
- */
- private String createKrb5Conf( ChecksumType checksumType, EncryptionType encryptionType, boolean isTcp ) throws IOException
- {
- File file = folder.newFile( "krb5.conf" );
-
- String data = "";
-
- data += "[libdefaults]" + SystemUtils.LINE_SEPARATOR;
- data += "default_realm = " + REALM + SystemUtils.LINE_SEPARATOR;
- data += "default_tkt_enctypes = " + encryptionType.getName() + SystemUtils.LINE_SEPARATOR;
- data += "default_tgs_enctypes = " + encryptionType.getName() + SystemUtils.LINE_SEPARATOR;
- data += "permitted_enctypes = " + encryptionType.getName() + SystemUtils.LINE_SEPARATOR;
- // data += "default_checksum = " + checksumType.getName() + SystemUtils.LINE_SEPARATOR;
- // data += "ap_req_checksum_type = " + checksumType.getName() + SystemUtils.LINE_SEPARATOR;
- data += "default-checksum_type = " + checksumType.getName() + SystemUtils.LINE_SEPARATOR;
-
- if ( isTcp )
- {
- data += "udp_preference_limit = 1" + SystemUtils.LINE_SEPARATOR;
- }
-
-
- data += "[realms]" + SystemUtils.LINE_SEPARATOR;
- data += REALM + " = {" + SystemUtils.LINE_SEPARATOR;
- data += "kdc = " + HOSTNAME + ":" + kdcServer.getTransports()[0].getPort() + SystemUtils.LINE_SEPARATOR;
- data += "}" + SystemUtils.LINE_SEPARATOR;
-
- data += "[domain_realm]" + SystemUtils.LINE_SEPARATOR;
- data += "." + Strings.toLowerCaseAscii( REALM ) + " = " + REALM + SystemUtils.LINE_SEPARATOR;
- data += Strings.toLowerCaseAscii( REALM ) + " = " + REALM + SystemUtils.LINE_SEPARATOR;
-
- FileUtils.writeStringToFile( file, data );
-
- return file.getAbsolutePath();
- }
-
-
- private void createPrincipal( String rdn, String sn, String cn,
- String uid, String userPassword, String principalName ) throws LdapException
- {
- Entry entry = new DefaultEntry();
- entry.setDn( rdn + "," + USERS_DN );
- entry.add( "objectClass", "top", "person", "inetOrgPerson", "krb5principal", "krb5kdcentry" );
- entry.add( "cn", cn );
- entry.add( "sn", sn );
- entry.add( "uid", uid );
- entry.add( "userPassword", userPassword );
- entry.add( "krb5PrincipalName", principalName );
- entry.add( "krb5KeyVersionNumber", "0" );
- conn.add( entry );
- }
-
-}
diff --git a/kerberos-test/src/test/java/org/apache/directory/server/kerberos/kdc/KerberosKRBProtocolTest.java b/kerberos-test/src/test/java/org/apache/directory/server/kerberos/kdc/KerberosKRBProtocolTest.java
deleted file mode 100644
index 3a2334f..0000000
--- a/kerberos-test/src/test/java/org/apache/directory/server/kerberos/kdc/KerberosKRBProtocolTest.java
+++ /dev/null
@@ -1,88 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.directory.server.kerberos.kdc;
-
-
-import org.apache.directory.server.annotations.CreateKdcServer;
-import org.apache.directory.server.annotations.CreateLdapServer;
-import org.apache.directory.server.annotations.CreateTransport;
-import org.apache.directory.server.core.annotations.ApplyLdifFiles;
-import org.apache.directory.server.core.annotations.CreateDS;
-import org.apache.directory.server.core.annotations.CreatePartition;
-import org.apache.directory.server.core.integ.FrameworkRunner;
-import org.apache.directory.server.core.kerberos.KeyDerivationInterceptor;
-import org.apache.directory.server.protocol.shared.transport.TcpTransport;
-import org.apache.directory.server.protocol.shared.transport.UdpTransport;
-import org.apache.directory.shared.kerberos.codec.types.EncryptionType;
-import org.apache.directory.shared.kerberos.crypto.checksum.ChecksumType;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-
-
-/**
- * Some tests for the new "KRB" protocol introduced as part of DIRSERVER-2031:
- *
- * https://issues.apache.org/jira/browse/DIRSERVER-2031
- */
-@RunWith(FrameworkRunner.class)
-@CreateDS(name = "KerberosKRBProtocolTest-class",
- partitions =
- {
- @CreatePartition(
- name = "example",
- suffix = "dc=example,dc=com")
- },
- additionalInterceptors =
- {
- KeyDerivationInterceptor.class
- })
-@CreateLdapServer(
- transports =
- {
- @CreateTransport(protocol = "LDAP")
- })
-@CreateKdcServer(
- transports =
- {
- @CreateTransport(protocol = "KRB")
- })
-@ApplyLdifFiles("org/apache/directory/server/kerberos/kdc/KerberosIT.ldif")
-public class KerberosKRBProtocolTest extends AbstractKerberosITest
-{
-
- @Test
- public void testObtainTickets_AES128_TCP() throws Exception
- {
- // RFC3962, Section 7: aes128-cts-hmac-sha1-96 + hmac-sha1-96-aes128
- ObtainTicketParameters parameters = new ObtainTicketParameters( TcpTransport.class,
- EncryptionType.AES128_CTS_HMAC_SHA1_96, ChecksumType.HMAC_SHA1_96_AES128 );
- testObtainTickets( parameters );
- }
-
- @Test
- public void testObtainTickets_AES128_UDP() throws Exception
- {
- // RFC3962, Section 7: aes128-cts-hmac-sha1-96 + hmac-sha1-96-aes128
- ObtainTicketParameters parameters = new ObtainTicketParameters( UdpTransport.class,
- EncryptionType.AES128_CTS_HMAC_SHA1_96, ChecksumType.HMAC_SHA1_96_AES128 );
- testObtainTickets( parameters );
- }
-
-}
diff --git a/kerberos-test/src/test/java/org/apache/directory/server/kerberos/kdc/KerberosTcpITest.java b/kerberos-test/src/test/java/org/apache/directory/server/kerberos/kdc/KerberosTcpITest.java
deleted file mode 100644
index 3e0ae47..0000000
--- a/kerberos-test/src/test/java/org/apache/directory/server/kerberos/kdc/KerberosTcpITest.java
+++ /dev/null
@@ -1,123 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.directory.server.kerberos.kdc;
-
-
-import org.apache.directory.server.annotations.CreateKdcServer;
-import org.apache.directory.server.annotations.CreateLdapServer;
-import org.apache.directory.server.annotations.CreateTransport;
-import org.apache.directory.server.core.annotations.ApplyLdifFiles;
-import org.apache.directory.server.core.annotations.CreateDS;
-import org.apache.directory.server.core.annotations.CreatePartition;
-import org.apache.directory.server.core.integ.FrameworkRunner;
-import org.apache.directory.server.core.kerberos.KeyDerivationInterceptor;
-import org.apache.directory.server.protocol.shared.transport.TcpTransport;
-import org.apache.directory.shared.kerberos.codec.types.EncryptionType;
-import org.apache.directory.shared.kerberos.crypto.checksum.ChecksumType;
-import org.junit.Ignore;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-
-
-/**
- * Tests to obtain TGTs and Service Tickets from KDCs via TCP.
- *
- * We use some internal knowledge of the Sun/Oracle implementation here to force
- * the usage of TCP and checksum:
- * <li>In sun.security.krb5.KrbKdcReq the static field udpPrefLimit is set to 1
- * which means that TCP is always used.
- * <li>In sun.security.krb5.Checksum the static field CKSUMTYPE_DEFAULT is set
- * to the appropriate checksum value.
- *
- * @author <a href="mailto:dev@directory.apache.org">Apache Directory
-Project</a>
- */
-@RunWith(FrameworkRunner.class)
-@CreateDS(name = "KerberosTcpIT-class",
- partitions =
- {
- @CreatePartition(
- name = "example",
- suffix = "dc=example,dc=com")
- },
- additionalInterceptors =
- {
- KeyDerivationInterceptor.class
- })
-@CreateLdapServer(
- transports =
- {
- @CreateTransport(protocol = "LDAP")
- })
-@CreateKdcServer(
- transports =
- {
- @CreateTransport(protocol = "TCP", port = 6086)
- })
-@ApplyLdifFiles("org/apache/directory/server/kerberos/kdc/KerberosIT.ldif")
-public class KerberosTcpITest extends AbstractKerberosITest
-{
-
- // TODO: fix failing tests
- // TODO: add tests for other encryption types
- // TODO: add tests for different options
-
- @Test
- public void testObtainTickets_DES3_CBC_SHA1_KD() throws Exception
- {
- // RFC3961, Section 6.3: des3-cbc-hmac-sha1-kd + hmac-sha1-des3-kd
- ObtainTicketParameters parameters = new ObtainTicketParameters( TcpTransport.class,
- EncryptionType.DES3_CBC_SHA1_KD, ChecksumType.HMAC_SHA1_DES3_KD );
- testObtainTickets( parameters );
- }
-
-
- @Test
- @Ignore("Fails with KrbException: Integrity check on decrypted field failed (31) - Integrity check on decrypted field failed")
- public void testObtainTickets_RC4_HMAC() throws Exception
- {
- // TODO: RFC4757: rc4-hmac + hmac-md5
- ObtainTicketParameters parameters = new ObtainTicketParameters( TcpTransport.class,
- EncryptionType.RC4_HMAC, ChecksumType.HMAC_MD5 );
- testObtainTickets( parameters );
- }
-
-
- @Test
- public void testObtainTickets_AES128() throws Exception
- {
- // RFC3962, Section 7: aes128-cts-hmac-sha1-96 + hmac-sha1-96-aes128
- ObtainTicketParameters parameters = new ObtainTicketParameters( TcpTransport.class,
- EncryptionType.AES128_CTS_HMAC_SHA1_96, ChecksumType.HMAC_SHA1_96_AES128 );
- testObtainTickets( parameters );
- }
-
-
- @Test
- @Ignore("Fails with javax.security.auth.login.LoginException: No supported encryption types listed in default_tkt_enctypes")
- public void testObtainTickets_AES256() throws Exception
- {
- // RFC3962, Section 7: aes256-cts-hmac-sha1-96 + hmac-sha1-96-aes256
- ObtainTicketParameters parameters = new ObtainTicketParameters( TcpTransport.class,
- EncryptionType.AES256_CTS_HMAC_SHA1_96, ChecksumType.HMAC_SHA1_96_AES256 );
- testObtainTickets( parameters );
- }
-
-}
diff --git a/kerberos-test/src/test/java/org/apache/directory/server/kerberos/kdc/KerberosTestUtils.java b/kerberos-test/src/test/java/org/apache/directory/server/kerberos/kdc/KerberosTestUtils.java
deleted file mode 100644
index da616ca..0000000
--- a/kerberos-test/src/test/java/org/apache/directory/server/kerberos/kdc/KerberosTestUtils.java
+++ /dev/null
@@ -1,437 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.directory.server.kerberos.kdc;
-
-
-import java.io.BufferedInputStream;
-import java.io.CharArrayWriter;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.InputStreamReader;
-import java.io.Reader;
-import java.nio.charset.StandardCharsets;
-import java.security.PrivilegedAction;
-
-import javax.security.auth.Subject;
-import javax.security.auth.callback.Callback;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.callback.NameCallback;
-import javax.security.auth.callback.PasswordCallback;
-import javax.security.auth.callback.UnsupportedCallbackException;
-import javax.security.auth.kerberos.KerberosPrincipal;
-import javax.security.auth.login.Configuration;
-import javax.security.auth.login.LoginContext;
-import javax.security.auth.login.LoginException;
-
-import org.apache.directory.api.ldap.model.exception.LdapException;
-import org.apache.directory.api.ldap.model.message.ModifyRequest;
-import org.apache.directory.api.ldap.model.message.ModifyRequestImpl;
-import org.apache.directory.api.ldap.model.name.Dn;
-import org.apache.directory.api.util.Network;
-import org.apache.directory.api.util.Strings;
-import org.apache.directory.ldap.client.api.Krb5LoginConfiguration;
-import org.apache.directory.server.i18n.I18n;
-import org.apache.directory.server.ldap.LdapServer;
-import org.ietf.jgss.GSSContext;
-import org.ietf.jgss.GSSCredential;
-import org.ietf.jgss.GSSException;
-import org.ietf.jgss.GSSManager;
-import org.ietf.jgss.GSSName;
-import org.ietf.jgss.Oid;
-
-
-/**
- * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
- */
-public class KerberosTestUtils
-{
- public static char[] getControlDocument( String resource ) throws IOException
- {
- InputStream is = ClassLoader.getSystemClassLoader().getResourceAsStream( resource );
-
- CharArrayWriter writer = new CharArrayWriter();
-
- try ( Reader reader = new InputStreamReader( new BufferedInputStream( is ), StandardCharsets.UTF_8 ) )
- {
- char[] buf = new char[2048];
- int len = 0;
- while ( len >= 0 )
- {
- len = reader.read( buf );
- if ( len > 0 )
- {
- writer.write( buf, 0, len );
- }
- }
- }
-
- char[] isca = writer.toCharArray();
- return isca;
- }
-
-
- public static byte[] getBytesFromResource( String resource ) throws IOException
- {
- InputStream is = ClassLoader.getSystemClassLoader().getResourceAsStream( resource );
-
- try ( BufferedInputStream stream = new BufferedInputStream( is ) )
- {
- int len = stream.available();
- byte[] bytes = new byte[len];
- stream.read( bytes, 0, len );
- return bytes;
- }
- }
-
-
- public static void hexdump( byte[] data )
- {
- hexdump( data, true );
- }
-
-
- public static void hexdump( byte[] data, boolean delimit )
- {
- String delimiter = new String( "-------------------------------------------------" );
-
- if ( delimit )
- {
- System.out.println( delimiter );
- }
-
- int lineLength = 0;
- for ( int ii = 0; ii < data.length; ii++ )
- {
- System.out.print( byte2hexString( data[ii] ) + " " );
- lineLength++;
-
- if ( lineLength == 8 )
- {
- System.out.print( " " );
- }
-
- if ( lineLength == 16 )
- {
- System.out.println();
- lineLength = 0;
- }
- }
-
- if ( delimit )
- {
- System.out.println();
- System.out.println( delimiter );
- }
- }
-
- public static final String[] hex_digit =
- { "0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "a", "b", "c", "d", "e", "f" };
-
-
- public static String byte2hexString( byte x )
- {
- String s = "";
- for ( int ii = 0; ii < 2; ii++ )
- {
- s = hex_digit[( ( ( x ) & 0xff ) & ( 15 << ( ii * 4 ) ) ) >>> ( ii * 4 )] + s;
- }
-
- return s;
- }
-
-
- public static String int2hexString( int x )
- {
- String s = "";
- for ( int ii = 0; ii < 8; ii++ )
- {
- s = hex_digit[( x & ( 15 << ( ii * 4 ) ) ) >>> ( ii * 4 )] + s;
- }
-
- return s;
- }
-
-
- public static String int2binString( int x )
- {
- String s = "";
- for ( int ii = 0; ii < 32; ii++ )
- {
- if ( ( ii > 0 ) && ( ii % 4 == 0 ) )
- {
- s = " " + s;
- }
-
- s = hex_digit[( x & ( 1 << ii ) ) >>> ii] + s;
- }
-
- return s;
- }
-
-
- public static String long2hexString( long x )
- {
- String s = "";
- for ( int ii = 0; ii < 16; ii++ )
- {
- s = hex_digit[( int ) ( ( x & ( 15L << ( ii * 4 ) ) ) >>> ( ii * 4 ) )] + s;
- }
-
- return s;
- }
-
-
- public static String long2binString( long x )
- {
- String s = "";
- for ( int ii = 0; ii < 64; ii++ )
- {
- if ( ( ii > 0 ) && ( ii % 4 == 0 ) )
- {
- s = " " + s;
- }
-
- s = hex_digit[( int ) ( ( x & ( 1L << ii ) ) >>> ii )] + s;
- }
-
- return s;
- }
-
-
- public static String byte2hexString( byte[] input )
- {
- return byte2hexString( input, 0, input.length );
- }
-
-
- public static String byte2hexString( byte[] input, int offset )
- {
- return byte2hexString( input, offset, input.length );
- }
-
-
- public static String byte2hexString( byte[] input, int offset, int length )
- {
- String result = "";
- for ( int ii = 0; ii < length; ii++ )
- {
- if ( ii + offset < input.length )
- {
- result += byte2hexString( input[ii + offset] );
- }
- }
-
- return result;
- }
-
-
- /**
- * Gets the host name for 'localhost' used for Kerberos tests.
- * On Windows 7 and Server 2008 the loopback address 127.0.0.1
- * isn't resolved to localhost by default. In that case we need
- * to use the IP address for the service principal.
- *
- * @return the hostname
- */
- public static String getHostName()
- {
- return Network.LOOPBACK_HOSTNAME;
- }
-
-
- /**
- * Obtains a new TGT from KDC.
- *
- * Possible errors:
- * Bad username: Client not found in Kerberos database
- * Bad password: Integrity check on decrypted field failed
- *
- * @param subject the empty subject
- * @param userName the user name
- * @param password the password
- * @throws LoginException
- *
- */
- public static void obtainTGT( Subject subject, String userName, String password ) throws LoginException
- {
- // Use our custom configuration to avoid reliance on external config
- Configuration.setConfiguration( new Krb5LoginConfiguration() );
-
- // Obtain TGT
- LoginContext lc = new LoginContext( KerberosUdpITest.class.getName(), subject, new
- CallbackHandlerBean( userName, password ) );
- lc.login();
- }
-
- private static class CallbackHandlerBean implements CallbackHandler
- {
- private String name;
- private String password;
-
-
- /**
- * Creates a new instance of CallbackHandlerBean.
- *
- * @param name
- * @param password
- */
- public CallbackHandlerBean( String name, String password )
- {
- this.name = name;
- this.password = password;
- }
-
-
- public void handle( Callback[] callbacks ) throws UnsupportedCallbackException, IOException
- {
- for ( Callback callback : callbacks )
- {
- if ( callback instanceof NameCallback )
- {
- NameCallback nameCallback = ( NameCallback ) callback;
- nameCallback.setName( name );
- }
- else if ( callback instanceof PasswordCallback )
- {
- PasswordCallback passwordCallback = ( PasswordCallback ) callback;
- passwordCallback.setPassword( password.toCharArray() );
- }
- else
- {
- throw new UnsupportedCallbackException( callback, I18n.err( I18n.ERR_617 ) );
- }
- }
- }
- }
-
-
- /**
- * Obtains a Service Ticket from KDC.
- *
- * @param subject the subject, must contain a valid TGT
- * @param userName the user name
- * @param serviceName the service name
- * @param hostName the host name of the service
- * @throws GSSException
- */
- public static void obtainServiceTickets( Subject subject, String userName, String serviceName, String hostName )
- throws GSSException
- {
- ObtainServiceTicketAction action = new ObtainServiceTicketAction( userName, serviceName, hostName );
- GSSException exception = Subject.doAs( subject, action );
- if ( exception != null )
- {
- throw exception;
- }
- }
-
- private static class ObtainServiceTicketAction implements PrivilegedAction<GSSException>
- {
- private String userName;
- private String serviceName;
- private String hostName;
-
-
- public ObtainServiceTicketAction( String userName, String serviceName, String hostName )
- {
- this.userName = userName;
- this.serviceName = serviceName;
- this.hostName = hostName;
- }
-
-
- public GSSException run()
- {
- try
- {
- GSSManager manager = GSSManager.getInstance();
- GSSName clientName = manager.createName( userName, GSSName.NT_USER_NAME );
- GSSCredential clientCred = manager.createCredential( clientName,
- 8 * 3600,
- createKerberosOid(),
- GSSCredential.INITIATE_ONLY );
-
- GSSName serverName = manager.createName( serviceName + "@" + hostName, GSSName.NT_HOSTBASED_SERVICE );
- GSSContext context = manager.createContext( serverName,
- createKerberosOid(),
- clientCred,
- GSSContext.DEFAULT_LIFETIME );
- context.requestMutualAuth( true );
- context.requestConf( true );
- context.requestInteg( true );
-
- context.initSecContext( Strings.EMPTY_BYTES, 0, 0 );
-
- // byte[] outToken = context.initSecContext( Strings.EMPTY_BYTES, 0, 0 );
- // System.out.println(new BASE64Encoder().encode(outToken));
- context.dispose();
-
- return null;
- }
- catch ( GSSException gsse )
- {
- return gsse;
- }
- }
-
-
- private Oid createKerberosOid() throws GSSException
- {
- return new Oid( "1.2.840.113554.1.2.2" );
- }
- }
-
-
- /**
- * Within the KerberosPrincipal/PrincipalName class a DNS lookup is done
- * to get the canonical name of the host. So the principal name
- * may be extended to the form "ldap/localhost.example.com@EXAMPLE.COM".
- * This method fixes the SASL principal name of the service entry
- * within the LDAP server.
- *
- * @param servicePrincipalName the "original" service principal name
- * @param serviceEntryDn the service entry in LDAP
- * @param ldapServer the LDAP server instance
- * @return the fixed service principal name
- * @throws LdapException
- */
- public static String fixServicePrincipalName( String servicePrincipalName, Dn serviceEntryDn, LdapServer ldapServer )
- throws LdapException
- {
- KerberosPrincipal servicePrincipal = new KerberosPrincipal( servicePrincipalName,
- KerberosPrincipal.KRB_NT_SRV_HST );
- servicePrincipalName = servicePrincipal.getName();
-
- ldapServer.setSaslHost( servicePrincipalName.substring( servicePrincipalName.indexOf( "/" ) + 1,
- servicePrincipalName.indexOf( "@" ) ) );
- ldapServer.setSaslPrincipal( servicePrincipalName );
-
- if ( serviceEntryDn != null )
- {
- ModifyRequest modifyRequest = new ModifyRequestImpl();
- modifyRequest.setName( serviceEntryDn );
- modifyRequest.replace( "userPassword", "randall" );
- modifyRequest.replace( "krb5PrincipalName", servicePrincipalName );
- ldapServer.getDirectoryService().getAdminSession().modify( modifyRequest );
- }
-
- return servicePrincipalName;
- }
-}
diff --git a/kerberos-test/src/test/java/org/apache/directory/server/kerberos/kdc/KerberosUdpITest.java b/kerberos-test/src/test/java/org/apache/directory/server/kerberos/kdc/KerberosUdpITest.java
deleted file mode 100644
index a48f4ae..0000000
--- a/kerberos-test/src/test/java/org/apache/directory/server/kerberos/kdc/KerberosUdpITest.java
+++ /dev/null
@@ -1,123 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.directory.server.kerberos.kdc;
-
-
-import org.apache.directory.server.annotations.CreateKdcServer;
-import org.apache.directory.server.annotations.CreateLdapServer;
-import org.apache.directory.server.annotations.CreateTransport;
-import org.apache.directory.server.core.annotations.ApplyLdifFiles;
-import org.apache.directory.server.core.annotations.CreateDS;
-import org.apache.directory.server.core.annotations.CreatePartition;
-import org.apache.directory.server.core.integ.FrameworkRunner;
-import org.apache.directory.server.core.kerberos.KeyDerivationInterceptor;
-import org.apache.directory.server.protocol.shared.transport.UdpTransport;
-import org.apache.directory.shared.kerberos.codec.types.EncryptionType;
-import org.apache.directory.shared.kerberos.crypto.checksum.ChecksumType;
-import org.junit.Ignore;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-
-
-/**
- * Tests to obtain TGTs and Service Tickets from KDCs via UDP.
- *
- * We use some internal knowledge of the Sun/Oracle implementation here:
- * <li>In sun.security.krb5.KrbKdcReq the field udpPrefLimit is set to -1 which means
- * that UDP is always used first. Only if the KDC replies with RB_ERR_RESPONSE_TOO_BIG
- * TCP is used.
- * <li>In sun.security.krb5.Checksum the static field CKSUMTYPE_DEFAULT is set
- * to the appropriate checksum value.
- *
- * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
- */
-@RunWith(FrameworkRunner.class)
-@CreateDS(name = "KerberosUdpIT-class",
- partitions =
- {
- @CreatePartition(
- name = "example",
- suffix = "dc=example,dc=com")
- },
- additionalInterceptors =
- {
- KeyDerivationInterceptor.class
- })
-@CreateLdapServer(
- transports =
- {
- @CreateTransport(protocol = "LDAP")
- })
-@CreateKdcServer(
- transports =
- {
- @CreateTransport(protocol = "TCP", port = 6087),
- @CreateTransport(protocol = "UDP", port = 6087)
- })
-@ApplyLdifFiles("org/apache/directory/server/kerberos/kdc/KerberosIT.ldif")
-public class KerberosUdpITest extends AbstractKerberosITest
-{
-
- // TODO: fix failing tests
- // TODO: add tests for other encryption types
- // TODO: add tests for different options
-
- @Test
- public void testObtainTickets_DES3_CBC_SHA1_KD() throws Exception
- {
- // RFC3961, Section 6.3: des3-cbc-hmac-sha1-kd + hmac-sha1-des3-kd
- ObtainTicketParameters parameters = new ObtainTicketParameters( UdpTransport.class,
- EncryptionType.DES3_CBC_SHA1_KD, ChecksumType.HMAC_SHA1_DES3_KD );
- testObtainTickets( parameters );
- }
-
-
- @Test
- @Ignore("Fails with KrbException: Integrity check on decrypted field failed (31) - Integrity check on decrypted field failed")
- public void testObtainTickets_RC4_HMAC() throws Exception
- {
- // TODO: RFC4757: rc4-hmac + hmac-md5
- ObtainTicketParameters parameters = new ObtainTicketParameters( UdpTransport.class,
- EncryptionType.RC4_HMAC, ChecksumType.HMAC_MD5 );
- testObtainTickets( parameters );
- }
-
-
- @Test
- public void testObtainTickets_AES128() throws Exception
- {
- // RFC3962, Section 7: aes128-cts-hmac-sha1-96 + hmac-sha1-96-aes128
- ObtainTicketParameters parameters = new ObtainTicketParameters( UdpTransport.class,
- EncryptionType.AES128_CTS_HMAC_SHA1_96, ChecksumType.HMAC_SHA1_96_AES128 );
- testObtainTickets( parameters );
- }
-
-
- @Test
- @Ignore("Fails with javax.security.auth.login.LoginException: No supported encryption types listed in default_tkt_enctypes")
- public void testObtainTickets_AES256() throws Exception
- {
- // RFC3962, Section 7: aes256-cts-hmac-sha1-96 + hmac-sha1-96-aes256
- ObtainTicketParameters parameters = new ObtainTicketParameters( UdpTransport.class,
- EncryptionType.AES256_CTS_HMAC_SHA1_96, ChecksumType.HMAC_SHA1_96_AES256 );
- testObtainTickets( parameters );
- }
-
-}
diff --git a/kerberos-test/src/test/java/org/apache/directory/server/kerberos/kdc/SaslGssapiBindITest.java b/kerberos-test/src/test/java/org/apache/directory/server/kerberos/kdc/SaslGssapiBindITest.java
deleted file mode 100644
index e793589..0000000
--- a/kerberos-test/src/test/java/org/apache/directory/server/kerberos/kdc/SaslGssapiBindITest.java
+++ /dev/null
@@ -1,266 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.directory.server.kerberos.kdc;
-
-
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.fail;
-
-import java.io.IOException;
-import java.security.PrivilegedAction;
-import java.util.Hashtable;
-
-import javax.naming.Context;
-import javax.naming.NamingException;
-import javax.naming.directory.Attributes;
-import javax.naming.directory.DirContext;
-import javax.naming.directory.InitialDirContext;
-import javax.security.auth.Subject;
-import javax.security.auth.callback.Callback;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.callback.NameCallback;
-import javax.security.auth.callback.PasswordCallback;
-import javax.security.auth.callback.UnsupportedCallbackException;
-import javax.security.auth.login.Configuration;
-import javax.security.auth.login.LoginContext;
-import javax.security.auth.login.LoginException;
-
-import org.apache.directory.api.ldap.model.constants.SupportedSaslMechanisms;
-import org.apache.directory.ldap.client.api.Krb5LoginConfiguration;
-import org.apache.directory.server.annotations.CreateKdcServer;
-import org.apache.directory.server.annotations.CreateLdapServer;
-import org.apache.directory.server.annotations.CreateTransport;
-import org.apache.directory.server.annotations.SaslMechanism;
-import org.apache.directory.server.core.annotations.ApplyLdifs;
-import org.apache.directory.server.core.annotations.ContextEntry;
-import org.apache.directory.server.core.annotations.CreateDS;
-import org.apache.directory.server.core.annotations.CreateIndex;
-import org.apache.directory.server.core.annotations.CreatePartition;
-import org.apache.directory.server.core.integ.FrameworkRunner;
-import org.apache.directory.server.core.kerberos.KeyDerivationInterceptor;
-import org.apache.directory.server.i18n.I18n;
-import org.apache.directory.server.ldap.handlers.sasl.cramMD5.CramMd5MechanismHandler;
-import org.apache.directory.server.ldap.handlers.sasl.digestMD5.DigestMd5MechanismHandler;
-import org.apache.directory.server.ldap.handlers.sasl.gssapi.GssapiMechanismHandler;
-import org.apache.directory.server.ldap.handlers.sasl.ntlm.NtlmMechanismHandler;
-import org.apache.directory.server.ldap.handlers.sasl.plain.PlainMechanismHandler;
-import org.apache.directory.server.protocol.shared.transport.TcpTransport;
-import org.apache.directory.shared.kerberos.codec.types.EncryptionType;
-import org.apache.directory.shared.kerberos.crypto.checksum.ChecksumType;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-
-
-/**
- * An {@link AbstractServerTest} testing SASL GSSAPI authentication
- * and security layer negotiation. These tests require both the LDAP
- * and the Kerberos protocol. As with any "three-headed" Kerberos
- * scenario, there are 3 principals: 1 for the test user, 1 for the
- * Kerberos ticket-granting service (TGS), and 1 for the LDAP service.
- *
- * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
- */
-@RunWith(FrameworkRunner.class)
-@CreateDS(name = "SaslGssapiBindITest-class",
- partitions =
- {
- @CreatePartition(
- name = "example",
- suffix = "dc=example,dc=com",
- contextEntry = @ContextEntry(
- entryLdif =
- "dn: dc=example,dc=com\n" +
- "dc: example\n" +
- "objectClass: top\n" +
- "objectClass: domain\n\n"),
- indexes =
- {
- @CreateIndex(attribute = "objectClass"),
- @CreateIndex(attribute = "dc"),
- @CreateIndex(attribute = "ou")
- })
- },
- additionalInterceptors =
- {
- KeyDerivationInterceptor.class
- })
-@CreateLdapServer(
- transports =
- {
- @CreateTransport(protocol = "LDAP")
- },
- saslHost = "localhost",
- saslPrincipal = "ldap/localhost@EXAMPLE.COM",
- saslMechanisms =
- {
- @SaslMechanism(name = SupportedSaslMechanisms.PLAIN, implClass = PlainMechanismHandler.class),
- @SaslMechanism(name = SupportedSaslMechanisms.CRAM_MD5, implClass = CramMd5MechanismHandler.class),
- @SaslMechanism(name = SupportedSaslMechanisms.DIGEST_MD5, implClass = DigestMd5MechanismHandler.class),
- @SaslMechanism(name = SupportedSaslMechanisms.GSSAPI, implClass = GssapiMechanismHandler.class),
- @SaslMechanism(name = SupportedSaslMechanisms.NTLM, implClass = NtlmMechanismHandler.class),
- @SaslMechanism(name = SupportedSaslMechanisms.GSS_SPNEGO, implClass = NtlmMechanismHandler.class)
- })
-@CreateKdcServer(
- transports =
- {
- @CreateTransport(protocol = "UDP", port = 6088),
- @CreateTransport(protocol = "TCP", port = 6088)
- })
-@ApplyLdifs({
- "dn: ou=users,dc=example,dc=com",
- "objectClass: top",
- "objectClass: organizationalUnit",
- "ou: users"
-})
-public class SaslGssapiBindITest extends AbstractKerberosITest
-{
-
- /**
- * Tests to make sure GSSAPI binds below the RootDSE work.
- */
- @Test
- public void testSaslGssapiBind() throws Exception
- {
- // Set up a partition for EXAMPLE.COM and add user and service principals to test authentication with.
- KerberosTestUtils.fixServicePrincipalName(
- "ldap/" + KerberosTestUtils.getHostName() + "@EXAMPLE.COM", null, getLdapServer() );
- ObtainTicketParameters parameters = new ObtainTicketParameters( TcpTransport.class,
- EncryptionType.AES128_CTS_HMAC_SHA1_96, ChecksumType.HMAC_SHA1_96_AES128 );
- setupEnv( parameters );
-
- kdcServer.getConfig().setPaEncTimestampRequired( false );
- // Use our custom configuration to avoid reliance on external config
- Configuration.setConfiguration( new Krb5LoginConfiguration() );
- // 1. Authenticate to Kerberos.
- LoginContext lc = null;
- try
- {
- lc = new LoginContext( SaslGssapiBindITest.class.getName(), new CallbackHandlerBean( "hnelson", "secret" ) );
- lc.login();
- }
- catch ( LoginException le )
- {
- // Bad username: Client not found in Kerberos database
- // Bad password: Integrity check on decrypted field failed
- fail( "Authentication failed: " + le.getMessage() );
- }
-
- // 2. Perform JNDI work as authenticated Subject.
- Subject.doAs( lc.getSubject(), new PrivilegedAction<Void>()
- {
- public Void run()
- {
- //FIXME activate this code as soon as the GSSAPIMechanismHandler is fixed.
- //Currently GSSAPI authentication for the ldap server is broken
- try
- {
- // Create the initial context
- Hashtable<String, String> env = new Hashtable<String, String>();
- env.put( Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory" );
- env.put( Context.PROVIDER_URL, "ldap://" + KerberosTestUtils.getHostName() + ":"
- + getLdapServer().getPort() );
-
- // Request the use of the "GSSAPI" SASL mechanism
- // Authenticate by using already established Kerberos credentials
- env.put( Context.SECURITY_AUTHENTICATION, "GSSAPI" );
-
- // Request privacy protection
- env.put( "javax.security.sasl.qop", "auth-conf" );
-
- // Request mutual authentication
- env.put( "javax.security.sasl.server.authentication", "true" );
-
- // Request high-strength cryptographic protection
- env.put( "javax.security.sasl.strength", "high" );
-
- DirContext ctx = new InitialDirContext( env );
-
- String[] attrIDs =
- { "uid" };
-
- Attributes attrs = ctx.getAttributes( "uid=hnelson,ou=users,dc=example,dc=com", attrIDs );
-
- String uid = null;
-
- if ( attrs.get( "uid" ) != null )
- {
- uid = ( String ) attrs.get( "uid" ).get();
- }
-
- assertEquals( "hnelson", uid );
- }
- catch ( NamingException e )
- {
- fail( "Should not have caught exception: " + e.getMessage() + e.getRootCause() );
- }
-
- return null;
- }
- } );
-
- }
-
-
- private class CallbackHandlerBean implements CallbackHandler
- {
- private String name;
- private String password;
-
-
- /**
- * Creates a new instance of CallbackHandlerBean.
- *
- * @param name
- * @param password
- */
- public CallbackHandlerBean( String name, String password )
- {
- this.name = name;
- this.password = password;
- }
-
-
- public void handle( Callback[] callbacks ) throws UnsupportedCallbackException, IOException
- {
- for ( int ii = 0; ii < callbacks.length; ii++ )
- {
- Callback callBack = callbacks[ii];
-
- // Handles username callback.
- if ( callBack instanceof NameCallback )
- {
- NameCallback nameCallback = ( NameCallback ) callBack;
- nameCallback.setName( name );
- // Handles password callback.
- }
- else if ( callBack instanceof PasswordCallback )
- {
- PasswordCallback passwordCallback = ( PasswordCallback ) callBack;
- passwordCallback.setPassword( password.toCharArray() );
- }
- else
- {
- throw new UnsupportedCallbackException( callBack, I18n.err( I18n.ERR_617 ) );
- }
- }
- }
- }
-
-}
diff --git a/kerberos-test/src/test/java/org/apache/directory/server/kerberos/kdc/ms_krb5.pcap b/kerberos-test/src/test/java/org/apache/directory/server/kerberos/kdc/ms_krb5.pcap
deleted file mode 100644
index 1e769d9..0000000
Binary files a/kerberos-test/src/test/java/org/apache/directory/server/kerberos/kdc/ms_krb5.pcap and /dev/null differ
diff --git a/kerberos-test/src/test/java/org/apache/directory/server/kerberos/kdc/oracle_krb5.pcap b/kerberos-test/src/test/java/org/apache/directory/server/kerberos/kdc/oracle_krb5.pcap
deleted file mode 100644
index 5251f2a..0000000
Binary files a/kerberos-test/src/test/java/org/apache/directory/server/kerberos/kdc/oracle_krb5.pcap and /dev/null differ
diff --git a/kerberos-test/src/test/java/org/apache/directory/server/kerberos/kdc/pam_krb5.pcap b/kerberos-test/src/test/java/org/apache/directory/server/kerberos/kdc/pam_krb5.pcap
deleted file mode 100644
index dbbe7e8..0000000
Binary files a/kerberos-test/src/test/java/org/apache/directory/server/kerberos/kdc/pam_krb5.pcap and /dev/null differ
diff --git a/kerberos-test/src/test/resources/krb5.conf b/kerberos-test/src/test/resources/krb5.conf
deleted file mode 100644
index f8dbeab..0000000
--- a/kerberos-test/src/test/resources/krb5.conf
+++ /dev/null
@@ -1,31 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-[libdefaults]
- default_realm = EXAMPLE.COM
-
-[realms]
- EXAMPLE.COM = {
- kdc = localhost:6088
- }
-
-[domain_realm]
- .example.com = EXAMPLE.COM
- example.com = EXAMPLE.COM
-
-[login]
- krb4_convert = true
- krb4_get_tickets = false
\ No newline at end of file
diff --git a/kerberos-test/src/test/resources/log4j.properties b/kerberos-test/src/test/resources/log4j.properties
deleted file mode 100644
index 7028bf8..0000000
--- a/kerberos-test/src/test/resources/log4j.properties
+++ /dev/null
@@ -1,25 +0,0 @@
-#############################################################################
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements. See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#############################################################################
-log4j.rootCategory=OFF, stdout
-
-log4j.appender.stdout=org.apache.log4j.ConsoleAppender
-log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
-log4j.appender.stdout.layout.ConversionPattern=[%d{HH:mm:ss}] %p [%c] - %m%n
-
-#log4j.logger.org.apache.directory.server.kerberos=DEBUG
-#log4j.logger.org.apache.directory.shared.kerberos=DEBUG
-log4j.logger.org.apache.directory.KERBEROS_LOG=DEBUG
\ No newline at end of file
diff --git a/kerberos-test/src/test/resources/org/apache/directory/server/kerberos/kdc/KerberosIT.ldif b/kerberos-test/src/test/resources/org/apache/directory/server/kerberos/kdc/KerberosIT.ldif
deleted file mode 100644
index 744834e..0000000
--- a/kerberos-test/src/test/resources/org/apache/directory/server/kerberos/kdc/KerberosIT.ldif
+++ /dev/null
@@ -1,33 +0,0 @@
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-# EXAMPLE.COM is reserved for testing according to this RFC:
-#
-# http://www.rfc-editor.org/rfc/rfc2606.txt
-#
-
-dn: dc=example,dc=com
-objectClass: top
-objectClass: domain
-dc: example
-
-dn: ou=users,dc=example,dc=com
-objectClass: top
-objectClass: organizationalUnit
-ou: users
-
diff --git a/ldap-client-test/pom.xml b/ldap-client-test/pom.xml
index 682bccd..99c8d1b 100644
--- a/ldap-client-test/pom.xml
+++ b/ldap-client-test/pom.xml
@@ -70,13 +70,6 @@
<artifactId>apacheds-interceptor-kerberos</artifactId>
</dependency>
- <dependency>
- <groupId>${project.groupId}</groupId>
- <artifactId>apacheds-kerberos-test</artifactId>
- <type>test-jar</type>
- <scope>test</scope>
- </dependency>
-
<!-- Shared dependencies -->
<dependency>
<groupId>org.apache.directory.api</groupId>
diff --git a/osgi-integ/pom.xml b/osgi-integ/pom.xml
index 3f364db..f993450 100644
--- a/osgi-integ/pom.xml
+++ b/osgi-integ/pom.xml
@@ -172,11 +172,6 @@
<dependency>
<groupId>org.apache.directory.server</groupId>
- <artifactId>apacheds-protocol-kerberos</artifactId>
- </dependency>
-
- <dependency>
- <groupId>org.apache.directory.server</groupId>
<artifactId>apacheds-protocol-dhcp</artifactId>
</dependency>
diff --git a/osgi-integ/src/test/java/org/apache/directory/server/osgi/integ/ServerProtocolKerberosOsgiTest.java b/osgi-integ/src/test/java/org/apache/directory/server/osgi/integ/ServerProtocolKerberosOsgiTest.java
deleted file mode 100644
index 0e58930..0000000
--- a/osgi-integ/src/test/java/org/apache/directory/server/osgi/integ/ServerProtocolKerberosOsgiTest.java
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.directory.server.osgi.integ;
-
-
-import org.apache.directory.server.kerberos.ChangePasswordConfig;
-import org.apache.directory.server.kerberos.KerberosConfig;
-import org.apache.directory.server.kerberos.changepwd.ChangePasswordServer;
-import org.apache.directory.server.kerberos.kdc.KdcServer;
-import org.apache.directory.server.kerberos.protocol.codec.KerberosProtocolCodecFactory;
-import org.apache.directory.server.kerberos.sam.SamSubsystem;
-import org.apache.directory.server.kerberos.sam.TimestampChecker;
-
-
-public class ServerProtocolKerberosOsgiTest extends ServerOsgiTestBase
-{
-
- @Override
- protected String getBundleName()
- {
- return "org.apache.directory.server.protocol.kerberos";
- }
-
-
- @Override
- protected void useBundleClasses() throws Exception
- {
- new KerberosConfig();
- new ChangePasswordConfig();
- new KdcServer();
- KerberosProtocolCodecFactory.getInstance().getDecoder( null );
- KerberosProtocolCodecFactory.getInstance().getEncoder( null );
- new ChangePasswordServer();
- new TimestampChecker();
- SamSubsystem.getInstance();
- }
-
-}
diff --git a/osgi/pom.xml b/osgi/pom.xml
index c1cef30..80a64e9 100644
--- a/osgi/pom.xml
+++ b/osgi/pom.xml
@@ -58,11 +58,6 @@
</dependency>
<dependency>
<groupId>org.apache.directory.server</groupId>
- <artifactId>apacheds-protocol-kerberos</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.apache.directory.server</groupId>
<artifactId>apacheds-interceptor-kerberos</artifactId>
<version>${project.version}</version>
</dependency>
diff --git a/pom.xml b/pom.xml
index 690410e..280b502 100644
--- a/pom.xml
+++ b/pom.xml
@@ -36,8 +36,8 @@
<name>ApacheDS</name>
<description>ApacheDS is an embbedable directory server entirely written in Java, which has been certified LDAPv3 compatible
- by the Open Group. Besides LDAP it supports Kerberos 5 and the Change Password Protocol. It has been designed to introduce
- triggers, stored procedures, queues and views to the world of LDAP which has lacked these rich constructs.
+ by the Open Group. It has been designed to introduce triggers, stored procedures, queues and views to the world of LDAP
+ which has lacked these rich constructs.
</description>
<properties>
@@ -128,7 +128,6 @@
<module>kerberos-codec</module>
<module>protocol-ntp</module>
<module>protocol-ldap</module>
- <module>protocol-kerberos</module>
<module>protocol-dhcp</module>
<module>protocol-dns</module>
<module>server-integ</module>
@@ -138,12 +137,10 @@
<!--<module>osgi</module>-->
<module>server-jndi</module>
<module>interceptor-kerberos</module>
- <module>kerberos-test</module>
<module>http-directory-bridge</module>
<module>http-integration</module>
<module>test-framework</module>
<module>ldap-client-test</module>
- <module>kerberos-client</module>
<module>service</module>
<module>wrapper</module>
<module>installers-maven-plugin</module>
@@ -781,31 +778,12 @@
<dependency>
<groupId>${project.groupId}</groupId>
- <artifactId>apacheds-kerberos-shared</artifactId>
- <version>${project.version}</version>
- </dependency>
-
- <dependency>
- <groupId>${project.groupId}</groupId>
<artifactId>apacheds-kerberos-codec</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>${project.groupId}</groupId>
- <artifactId>apacheds-kerberos-test</artifactId>
- <version>${project.version}</version>
- </dependency>
-
- <dependency>
- <groupId>${project.groupId}</groupId>
- <artifactId>apacheds-kerberos-test</artifactId>
- <version>${project.version}</version>
- <type>test-jar</type>
- </dependency>
-
- <dependency>
- <groupId>${project.groupId}</groupId>
<artifactId>apacheds-ldap-client-test</artifactId>
<version>${project.version}</version>
</dependency>
@@ -836,12 +814,6 @@
<dependency>
<groupId>${project.groupId}</groupId>
- <artifactId>apacheds-protocol-kerberos</artifactId>
- <version>${project.version}</version>
- </dependency>
-
- <dependency>
- <groupId>${project.groupId}</groupId>
<artifactId>apacheds-protocol-ldap</artifactId>
<version>${project.version}</version>
</dependency>
diff --git a/protocol-kerberos/pom.xml b/protocol-kerberos/pom.xml
deleted file mode 100644
index 13ce48e..0000000
--- a/protocol-kerberos/pom.xml
+++ /dev/null
@@ -1,186 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
- <modelVersion>4.0.0</modelVersion>
- <parent>
- <groupId>org.apache.directory.server</groupId>
- <artifactId>apacheds-parent</artifactId>
- <version>2.0.0.AM27-SNAPSHOT</version>
- </parent>
-
- <artifactId>apacheds-protocol-kerberos</artifactId>
- <name>ApacheDS Protocol Kerberos</name>
- <packaging>bundle</packaging>
-
- <description>The Kerberos Protocol Provider for ApacheDS</description>
-
- <dependencies>
- <dependency>
- <groupId>${project.groupId}</groupId>
- <artifactId>apacheds-core-api</artifactId>
- </dependency>
-
- <dependency>
- <groupId>${project.groupId}</groupId>
- <artifactId>apacheds-i18n</artifactId>
- </dependency>
-
- <dependency>
- <groupId>${project.groupId}</groupId>
- <artifactId>apacheds-kerberos-codec</artifactId>
- </dependency>
-
- <dependency>
- <groupId>${project.groupId}</groupId>
- <artifactId>apacheds-protocol-shared</artifactId>
- </dependency>
-
- <dependency>
- <groupId>${project.groupId}</groupId>
- <artifactId>apacheds-core-shared</artifactId>
- </dependency>
-
- <dependency>
- <groupId>org.apache.directory.api</groupId>
- <artifactId>api-asn1-api</artifactId>
- </dependency>
-
- <dependency>
- <groupId>org.apache.directory.api</groupId>
- <artifactId>api-ldap-model</artifactId>
- </dependency>
-
- <dependency>
- <groupId>org.apache.mina</groupId>
- <artifactId>mina-core</artifactId>
- </dependency>
-
- </dependencies>
-
- <build>
- <plugins>
- <plugin>
- <artifactId>maven-surefire-plugin</artifactId>
- <configuration>
- <excludes>
- <exclude>**/TestUtils.java</exclude>
- </excludes>
- </configuration>
- </plugin>
-
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-source-plugin</artifactId>
- <executions>
- <execution>
- <id>attach-sources</id>
- <phase>verify</phase>
- <goals>
- <goal>jar-no-fork</goal>
- </goals>
- </execution>
- </executions>
- </plugin>
-
... 15278 lines suppressed ...