You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by el...@apache.org on 2007/09/24 12:18:45 UTC
svn commit: r578743 [8/12] - in
/directory/apacheds/branches/apacheds-kerberos: kerberos-shared/
kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/
kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto...
Added: directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/value/types/PrincipalNameType.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/value/types/PrincipalNameType.java?rev=578743&view=auto
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/value/types/PrincipalNameType.java (added)
+++ directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/value/types/PrincipalNameType.java Mon Sep 24 03:18:05 2007
@@ -0,0 +1,178 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.server.kerberos.shared.messages.value.types;
+
+
+/**
+ * An enum describing the differnet types of Principal.
+ *
+ * Here is the list, taken from RFC 4120 :
+ * NT-UNKNOWN 0 Name type not known
+ * NT-PRINCIPAL 1 Just the name of the principal as in DCE,
+ * or for users
+ * NT-SRV-INST 2 Service and other unique instance (krbtgt)
+ * NT-SRV-HST 3 Service with host name as instance
+ * (telnet, rcommands)
+ * NT-SRV-XHST 4 Service with host as remaining components
+ * NT-UID 5 Unique ID
+ * NT-X500-PRINCIPAL 6 Encoded X.509 Distinguished name [RFC2253]
+ * NT-SMTP-NAME 7 Name in form of SMTP email name
+ * (e.g., user@example.com)
+ * NT-ENTERPRISE 10 Enterprise name - may be mapped to principal
+ * name
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev: 540371 $, $Date: 2007-05-22 02:00:43 +0200 (Tue, 22 May 2007) $
+ */
+public enum PrincipalNameType
+{
+ /**
+ * Constant for the "Name type not known" principal name type.
+ */
+ KRB_NT_UNKNOWN( 0 ),
+
+ /**
+ * Constant for the "Just the name of the principal as in DCE, or for users" principal name type.
+ */
+ KRB_NT_PRINCIPAL( 1 ),
+
+ /**
+ * Constant for the "Service and other unique instance (krbtgt)" principal name type.
+ */
+ KRB_NT_SRV_INST( 2 ),
+
+ /**
+ * Constant for the "Service with host name as instance (telnet, rcommands)" principal name type.
+ */
+ KRB_NT_SRV_HST( 3 ),
+
+ /**
+ * Constant for the "Service with host as remaining components" principal name type.
+ */
+ KRB_NT_SRV_XHST( 4 ),
+
+ /**
+ * Constant for the "Unique ID" principal name type.
+ */
+ KRB_NT_UID( 5 ),
+
+ /**
+ * Constant for the "Encoded X.509 Distinguished name [RFC2253]" principal name type.
+ */
+ KRB_NT_X500_PRINCIPAL( 6 ),
+
+ /**
+ * Constant for the "Name in form of SMTP email name (e.g., user@example.com)" principal name type.
+ */
+ KRB_NT_SMTP_NAME( 7 ),
+
+ /**
+ * Constant for the "Enterprise name; may be mapped to principal name" principal name type.
+ */
+ KRB_NT_ENTERPRISE( 10 );
+
+ /**
+ * The value/code for the principal name type.
+ */
+ private final int ordinal;
+
+
+ /**
+ * Private constructor prevents construction outside of this class.
+ */
+ private PrincipalNameType( int ordinal )
+ {
+ this.ordinal = ordinal;
+ }
+
+
+ /**
+ * Returns the principal name type when specified by its ordinal.
+ *
+ * @param type
+ * @return The principal name type.
+ */
+ public static PrincipalNameType getTypeByOrdinal( int type )
+ {
+ switch ( type )
+ {
+ case 0 : return KRB_NT_UNKNOWN;
+ case 1 : return KRB_NT_PRINCIPAL;
+ case 2 : return KRB_NT_SRV_INST;
+ case 3 : return KRB_NT_SRV_HST;
+ case 4 : return KRB_NT_SRV_XHST;
+ case 5 : return KRB_NT_UID;
+ case 6 : return KRB_NT_X500_PRINCIPAL;
+ case 7 : return KRB_NT_SMTP_NAME;
+ case 10 : return KRB_NT_ENTERPRISE;
+ default : return KRB_NT_UNKNOWN;
+ }
+ }
+
+
+ /**
+ * Returns the number associated with this principal name type.
+ *
+ * @return The principal name type ordinal.
+ */
+ public int getOrdinal()
+ {
+ return ordinal;
+ }
+
+ /**
+ * @see Object#toString()
+ */
+ public String toString()
+ {
+ switch ( this )
+ {
+ case KRB_NT_UNKNOWN :
+ return "Name type not known" + "(" + ordinal + ")";
+
+ case KRB_NT_PRINCIPAL :
+ return "Just the name of the principal as in DCE, or for users" + "(" + ordinal + ")";
+
+ case KRB_NT_SRV_INST :
+ return "Service and other unique instance (krbtgt)" + "(" + ordinal + ")";
+
+ case KRB_NT_SRV_HST :
+ return "Service with host name as instance (telnet, rcommands)" + "(" + ordinal + ")";
+
+ case KRB_NT_SRV_XHST :
+ return "Service with host as remaining components" + "(" + ordinal + ")";
+
+ case KRB_NT_UID :
+ return "Unique ID" + "(" + ordinal + ")";
+
+ case KRB_NT_X500_PRINCIPAL :
+ return "Encoded X.509 Distinguished name [RFC2253]" + "(" + ordinal + ")";
+
+ case KRB_NT_SMTP_NAME :
+ return "Name in form of SMTP email name (e.g., user@example.com)" + "(" + ordinal + ")";
+
+ case KRB_NT_ENTERPRISE :
+ return "Enterprise name; may be mapped to principal name" + "(" + ordinal + ")";
+
+ default :
+ return "unknown name type" + "(" + ordinal + ")";
+ }
+ }
+}
Added: directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/value/types/SamType.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/value/types/SamType.java?rev=578743&view=auto
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/value/types/SamType.java (added)
+++ directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/value/types/SamType.java Mon Sep 24 03:18:05 2007
@@ -0,0 +1,140 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.server.kerberos.shared.messages.value.types;
+
+
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+
+
+/**
+ * Type safe enumeration of Single-use Authentication Mechanism types
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev: 437041 $
+ */
+public final class SamType implements Comparable
+{
+ /*
+ * Enumeration elements are constructed once upon class loading.
+ * Order of appearance here determines the order of compareTo.
+ */
+
+ /** safe SAM type enum for Enigma Logic */
+ public static final SamType PA_SAM_TYPE_ENIGMA = new SamType( 1, "Enigma Logic" );
+
+ /** safe SAM type enum for Digital Pathways */
+ public static final SamType PA_SAM_TYPE_DIGI_PATH = new SamType( 2, "Digital Pathways" );
+
+ /** safe SAM type enum for S/key where KDC has key 0 */
+ public static final SamType PA_SAM_TYPE_SKEY_K0 = new SamType( 3, "S/key where KDC has key 0" );
+
+ /** safe SAM type enum for Traditional S/Key */
+ public static final SamType PA_SAM_TYPE_SKEY = new SamType( 4, "Traditional S/Key" );
+
+ /** safe SAM type enum for Security Dynamics */
+ public static final SamType PA_SAM_TYPE_SECURID = new SamType( 5, "Security Dynamics" );
+
+ /** safe SAM type enum for CRYPTOCard */
+ public static final SamType PA_SAM_TYPE_CRYPTOCARD = new SamType( 6, "CRYPTOCard" );
+
+ /** safe SAM type enum for Apache Software Foundation */
+ public static final SamType PA_SAM_TYPE_APACHE = new SamType( 7, "Apache Software Foundation" );
+
+ /** Array for building a List of VALUES. */
+ private static final SamType[] values =
+ { PA_SAM_TYPE_ENIGMA, PA_SAM_TYPE_DIGI_PATH, PA_SAM_TYPE_SKEY_K0, PA_SAM_TYPE_SKEY, PA_SAM_TYPE_SECURID,
+ PA_SAM_TYPE_CRYPTOCARD, PA_SAM_TYPE_APACHE };
+
+ /** a list of all the sam type constants */
+ public static final List VALUES = Collections.unmodifiableList( Arrays.asList( values ) );
+
+ /** the name of the sam type */
+ private final String name;
+
+ /** the value/code for the sam type */
+ private final int ordinal;
+
+
+ /**
+ * Private constructor prevents construction outside of this class.
+ */
+ private SamType(int ordinal, String name)
+ {
+ this.ordinal = ordinal;
+ this.name = name;
+ }
+
+
+ /**
+ * Returns the name of the SamType.
+ *
+ * @return the name of the SAM type
+ */
+ public String toString()
+ {
+ return name;
+ }
+
+
+ /**
+ * Compares this type to another object hopefully one that is of the same
+ * type.
+ *
+ * @param that the object to compare this SamType to
+ * @return ordinal - ( ( SamType ) that ).ordinal;
+ */
+ public int compareTo( Object that )
+ {
+ return ordinal - ( ( SamType ) that ).ordinal;
+ }
+
+
+ /**
+ * Gets the ordinal by its ordinal value.
+ *
+ * @param ordinal the ordinal value of the ordinal
+ * @return the type corresponding to the ordinal value
+ */
+ public static SamType getTypeByOrdinal( int ordinal )
+ {
+ for ( int ii = 0; ii < values.length; ii++ )
+ {
+ if ( values[ii].ordinal == ordinal )
+ {
+ return values[ii];
+ }
+ }
+
+ return PA_SAM_TYPE_APACHE;
+ }
+
+
+ /**
+ * Gets the ordinal value associated with this SAM type.
+ *
+ * @return the ordinal value associated with this SAM type
+ */
+ public int getOrdinal()
+ {
+ return ordinal;
+ }
+}
Added: directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/value/types/TransitedEncodingType.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/value/types/TransitedEncodingType.java?rev=578743&view=auto
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/value/types/TransitedEncodingType.java (added)
+++ directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/value/types/TransitedEncodingType.java Mon Sep 24 03:18:05 2007
@@ -0,0 +1,107 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.server.kerberos.shared.messages.value.types;
+
+
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+
+
+/**
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev: 540371 $, $Date: 2007-05-22 02:00:43 +0200 (Tue, 22 May 2007) $
+ */
+public enum TransitedEncodingType
+{
+ /**
+ * Constant for the "null" transited encoding type.
+ */
+ NULL( 0 ),
+
+ /**
+ * Constant for the "Domain X500 compress" transited encoding type.
+ */
+ DOMAIN_X500_COMPRESS( 1 );
+
+ /**
+ * Array for building a List of VALUES.
+ */
+ private static final TransitedEncodingType[] values =
+ { NULL, DOMAIN_X500_COMPRESS };
+
+ /**
+ * A List of all the transited encoding type constants.
+ */
+ public static final List VALUES = Collections.unmodifiableList( Arrays.asList( values ) );
+
+ /**
+ * The value/code for the transited encoding type.
+ */
+ private final int ordinal;
+
+
+ /**
+ * Private constructor prevents construction outside of this class.
+ */
+ private TransitedEncodingType( int ordinal )
+ {
+ this.ordinal = ordinal;
+ }
+
+
+ /**
+ * Returns the transited encoding type when specified by its ordinal.
+ *
+ * @param type
+ * @return The transited encoding type.
+ */
+ public static TransitedEncodingType getTypeByOrdinal( int type )
+ {
+ switch ( type )
+ {
+ case 1 : return DOMAIN_X500_COMPRESS;
+ default : return NULL;
+ }
+ }
+
+
+ /**
+ * Returns the number associated with this transited encoding type.
+ *
+ * @return The transited encoding type ordinal.
+ */
+ public int getOrdinal()
+ {
+ return ordinal;
+ }
+
+ /**
+ * @see Object#toString()
+ */
+ public String toString()
+ {
+ switch ( this )
+ {
+ case DOMAIN_X500_COMPRESS : return "Domain X500 compress (1)";
+ default : return "null (0)";
+ }
+ }
+}
Modified: directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/GetPrincipalStoreEntry.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/GetPrincipalStoreEntry.java?rev=578743&r1=578742&r2=578743&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/GetPrincipalStoreEntry.java (original)
+++ directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/GetPrincipalStoreEntry.java Mon Sep 24 03:18:05 2007
@@ -22,8 +22,8 @@
import javax.security.auth.kerberos.KerberosPrincipal;
-import org.apache.directory.server.kerberos.shared.exceptions.ErrorType;
import org.apache.directory.server.kerberos.shared.exceptions.KerberosException;
+import org.apache.directory.server.kerberos.shared.messages.value.types.KerberosErrorType;
import org.apache.directory.server.kerberos.shared.store.PrincipalStore;
import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntry;
import org.apache.mina.handler.chain.IoHandlerCommand;
@@ -48,7 +48,7 @@
* @return The PrincipalStoreEntry
* @throws Exception
*/
- public PrincipalStoreEntry getEntry( KerberosPrincipal principal, PrincipalStore store, ErrorType errorType )
+ public PrincipalStoreEntry getEntry( KerberosPrincipal principal, PrincipalStore store, KerberosErrorType errorType )
throws Exception
{
PrincipalStoreEntry entry = null;
@@ -62,14 +62,9 @@
throw new KerberosException( errorType, e );
}
- if ( entry == null )
+ if ( entry == null || entry.getKeyMap().isEmpty() )
{
throw new KerberosException( errorType );
- }
-
- if ( entry.getKeyMap() == null || entry.getKeyMap().isEmpty() )
- {
- throw new KerberosException( ErrorType.KDC_ERR_NULL_KEY );
}
return entry;
Modified: directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/VerifyAuthHeader.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/VerifyAuthHeader.java?rev=578743&r1=578742&r2=578743&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/VerifyAuthHeader.java (original)
+++ directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/VerifyAuthHeader.java Mon Sep 24 03:18:05 2007
@@ -22,22 +22,19 @@
import java.net.InetAddress;
-import javax.security.auth.kerberos.KerberosPrincipal;
-
import org.apache.directory.server.kerberos.shared.crypto.encryption.CipherTextHandler;
import org.apache.directory.server.kerberos.shared.crypto.encryption.KeyUsage;
-import org.apache.directory.server.kerberos.shared.exceptions.ErrorType;
import org.apache.directory.server.kerberos.shared.exceptions.KerberosException;
-import org.apache.directory.server.kerberos.shared.messages.ApplicationRequest;
import org.apache.directory.server.kerberos.shared.messages.MessageType;
+import org.apache.directory.server.kerberos.shared.messages.application.ApplicationRequest;
import org.apache.directory.server.kerberos.shared.messages.components.Authenticator;
import org.apache.directory.server.kerberos.shared.messages.components.EncTicketPart;
import org.apache.directory.server.kerberos.shared.messages.components.Ticket;
-import org.apache.directory.server.kerberos.shared.messages.value.ApOptions;
import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
import org.apache.directory.server.kerberos.shared.messages.value.HostAddress;
import org.apache.directory.server.kerberos.shared.messages.value.KerberosTime;
-import org.apache.directory.server.kerberos.shared.messages.value.TicketFlags;
+import org.apache.directory.server.kerberos.shared.messages.value.flags.ApOption;
+import org.apache.directory.server.kerberos.shared.messages.value.types.KerberosErrorType;
import org.apache.directory.server.kerberos.shared.replay.ReplayCache;
import org.apache.mina.handler.chain.IoHandlerCommand;
@@ -65,32 +62,31 @@
* @param clientAddress
* @param lockBox
* @param authenticatorKeyUsage
- * @param isValidate
* @return The authenticator.
* @throws KerberosException
*/
public Authenticator verifyAuthHeader( ApplicationRequest authHeader, Ticket ticket, EncryptionKey serverKey,
long clockSkew, ReplayCache replayCache, boolean emptyAddressesAllowed, InetAddress clientAddress,
- CipherTextHandler lockBox, KeyUsage authenticatorKeyUsage, boolean isValidate ) throws KerberosException
+ CipherTextHandler lockBox, KeyUsage authenticatorKeyUsage ) throws KerberosException
{
if ( authHeader.getProtocolVersionNumber() != 5 )
{
- throw new KerberosException( ErrorType.KRB_AP_ERR_BADVERSION );
+ throw new KerberosException( KerberosErrorType.KRB_AP_ERR_BADVERSION );
}
if ( authHeader.getMessageType() != MessageType.KRB_AP_REQ )
{
- throw new KerberosException( ErrorType.KRB_AP_ERR_MSG_TYPE );
+ throw new KerberosException( KerberosErrorType.KRB_AP_ERR_MSG_TYPE );
}
if ( authHeader.getTicket().getVersionNumber() != 5 )
{
- throw new KerberosException( ErrorType.KRB_AP_ERR_BADVERSION );
+ throw new KerberosException( KerberosErrorType.KRB_AP_ERR_BADVERSION );
}
EncryptionKey ticketKey = null;
- if ( authHeader.getOption( ApOptions.USE_SESSION_KEY ) )
+ if ( authHeader.getOption( ApOption.USE_SESSION_KEY ) )
{
ticketKey = authHeader.getTicket().getSessionKey();
}
@@ -104,10 +100,10 @@
// TODO - check server key version number, skvno; requires store
if ( false )
{
- throw new KerberosException( ErrorType.KRB_AP_ERR_BADKEYVER );
+ throw new KerberosException( KerberosErrorType.KRB_AP_ERR_BADKEYVER );
}
- throw new KerberosException( ErrorType.KRB_AP_ERR_NOKEY );
+ throw new KerberosException( KerberosErrorType.KRB_AP_ERR_NOKEY );
}
EncTicketPart encPart = ( EncTicketPart ) lockBox.unseal( EncTicketPart.class, ticketKey, ticket.getEncPart(),
@@ -119,65 +115,50 @@
if ( !authenticator.getClientPrincipal().getName().equals( ticket.getClientPrincipal().getName() ) )
{
- throw new KerberosException( ErrorType.KRB_AP_ERR_BADMATCH );
+ throw new KerberosException( KerberosErrorType.KRB_AP_ERR_BADMATCH );
}
if ( ticket.getClientAddresses() != null )
{
if ( !ticket.getClientAddresses().contains( new HostAddress( clientAddress ) ) )
{
- throw new KerberosException( ErrorType.KRB_AP_ERR_BADADDR );
+ throw new KerberosException( KerberosErrorType.KRB_AP_ERR_BADADDR );
}
}
else
{
if ( !emptyAddressesAllowed )
{
- throw new KerberosException( ErrorType.KRB_AP_ERR_BADADDR );
+ throw new KerberosException( KerberosErrorType.KRB_AP_ERR_BADADDR );
}
}
- KerberosPrincipal serverPrincipal = ticket.getServerPrincipal();
- KerberosPrincipal clientPrincipal = authenticator.getClientPrincipal();
- KerberosTime clientTime = authenticator.getClientTime();
- int clientMicroSeconds = authenticator.getClientMicroSecond();
-
- if ( replayCache.isReplay( serverPrincipal, clientPrincipal, clientTime, clientMicroSeconds ) )
+ if ( replayCache.isReplay( authenticator.getClientTime(), authenticator.getClientPrincipal() ) )
{
- throw new KerberosException( ErrorType.KRB_AP_ERR_REPEAT );
+ throw new KerberosException( KerberosErrorType.KRB_AP_ERR_REPEAT );
}
- replayCache.save( serverPrincipal, clientPrincipal, clientTime, clientMicroSeconds );
+ replayCache.save( authenticator.getClientTime(), authenticator.getClientPrincipal() );
if ( !authenticator.getClientTime().isInClockSkew( clockSkew ) )
{
- throw new KerberosException( ErrorType.KRB_AP_ERR_SKEW );
+ throw new KerberosException( KerberosErrorType.KRB_AP_ERR_SKEW );
}
- /*
- * "The server computes the age of the ticket: local (server) time minus
- * the starttime inside the Ticket. If the starttime is later than the
- * current time by more than the allowable clock skew, or if the INVALID
- * flag is set in the ticket, the KRB_AP_ERR_TKT_NYV error is returned."
- */
- KerberosTime startTime = ( ticket.getStartTime() != null ) ? ticket.getStartTime() : ticket.getAuthTime();
-
- KerberosTime now = new KerberosTime();
- boolean isValidStartTime = startTime.lessThan( now );
-
- if ( !isValidStartTime || ( ticket.getFlag( TicketFlags.INVALID ) && !isValidate ) )
+ if ( ticket.getStartTime() != null && !ticket.getStartTime().isInClockSkew( clockSkew )
+ || ticket.getFlags().isInvalid() )
{
// it hasn't yet become valid
- throw new KerberosException( ErrorType.KRB_AP_ERR_TKT_NYV );
+ throw new KerberosException( KerberosErrorType.KRB_AP_ERR_TKT_NYV );
}
// TODO - doesn't take into account skew
- if ( !ticket.getEndTime().greaterThan( now ) )
+ if ( !ticket.getEndTime().greaterThan( new KerberosTime() ) )
{
- throw new KerberosException( ErrorType.KRB_AP_ERR_TKT_EXPIRED );
+ throw new KerberosException( KerberosErrorType.KRB_AP_ERR_TKT_EXPIRED );
}
- authHeader.setOption( ApOptions.MUTUAL_REQUIRED );
+ authHeader.setOption( ApOption.MUTUAL_REQUIRED );
return authenticator;
}
Added: directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/VerifyTicket.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/VerifyTicket.java?rev=578743&view=auto
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/VerifyTicket.java (added)
+++ directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/VerifyTicket.java Mon Sep 24 03:18:05 2007
@@ -0,0 +1,63 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.server.kerberos.shared.service;
+
+
+import javax.security.auth.kerberos.KerberosPrincipal;
+
+import org.apache.directory.server.kerberos.shared.exceptions.KerberosException;
+import org.apache.directory.server.kerberos.shared.messages.components.Ticket;
+import org.apache.directory.server.kerberos.shared.messages.value.types.KerberosErrorType;
+import org.apache.mina.handler.chain.IoHandlerCommand;
+
+
+/**
+ * Shared by TGS and Changepw.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev: 540371 $, $Date: 2007-05-22 02:00:43 +0200 (Tue, 22 May 2007) $
+ */
+public abstract class VerifyTicket implements IoHandlerCommand
+{
+ private String contextKey = "context";
+
+
+ /**
+ * Verifies a Ticket given a realm and the server principal.
+ *
+ * @param ticket
+ * @param primaryRealm
+ * @param serverPrincipal
+ * @throws Exception
+ */
+ public void verifyTicket( Ticket ticket, String primaryRealm, KerberosPrincipal serverPrincipal ) throws Exception
+ {
+ if ( !ticket.getRealm().equals( primaryRealm ) && !ticket.getServerPrincipal().equals( serverPrincipal ) )
+ {
+ throw new KerberosException( KerberosErrorType.KRB_AP_ERR_NOT_US );
+ }
+ }
+
+
+ protected String getContextKey()
+ {
+ return ( this.contextKey );
+ }
+}
Modified: directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/PrincipalStore.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/PrincipalStore.java?rev=578743&r1=578742&r2=578743&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/PrincipalStore.java (original)
+++ directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/PrincipalStore.java Mon Sep 24 03:18:05 2007
@@ -23,6 +23,7 @@
import javax.security.auth.kerberos.KerberosPrincipal;
+
/**
* The store interface used by Kerberos services.
*
Modified: directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/PrincipalStoreEntry.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/PrincipalStoreEntry.java?rev=578743&r1=578742&r2=578743&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/PrincipalStoreEntry.java (original)
+++ directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/PrincipalStoreEntry.java Mon Sep 24 03:18:05 2007
@@ -27,7 +27,7 @@
import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
import org.apache.directory.server.kerberos.shared.messages.value.KerberosTime;
-import org.apache.directory.server.kerberos.shared.messages.value.SamType;
+import org.apache.directory.server.kerberos.shared.messages.value.types.SamType;
/**
Modified: directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/PrincipalStoreEntryModifier.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/PrincipalStoreEntryModifier.java?rev=578743&r1=578742&r2=578743&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/PrincipalStoreEntryModifier.java (original)
+++ directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/PrincipalStoreEntryModifier.java Mon Sep 24 03:18:05 2007
@@ -32,7 +32,7 @@
import org.apache.directory.server.kerberos.shared.io.decoder.EncryptionKeyDecoder;
import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
import org.apache.directory.server.kerberos.shared.messages.value.KerberosTime;
-import org.apache.directory.server.kerberos.shared.messages.value.SamType;
+import org.apache.directory.server.kerberos.shared.messages.value.types.SamType;
/**
Modified: directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/TicketFactory.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/TicketFactory.java?rev=578743&r1=578742&r2=578743&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/TicketFactory.java (original)
+++ directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/TicketFactory.java Mon Sep 24 03:18:05 2007
@@ -22,6 +22,7 @@
import java.io.IOException;
import java.net.InetAddress;
+import java.text.ParseException;
import java.util.Date;
import javax.security.auth.kerberos.KerberosKey;
@@ -35,14 +36,15 @@
import org.apache.directory.server.kerberos.shared.exceptions.KerberosException;
import org.apache.directory.server.kerberos.shared.io.encoder.TicketEncoder;
import org.apache.directory.server.kerberos.shared.messages.components.EncTicketPart;
-import org.apache.directory.server.kerberos.shared.messages.components.EncTicketPartModifier;
import org.apache.directory.server.kerberos.shared.messages.components.Ticket;
import org.apache.directory.server.kerberos.shared.messages.components.TicketModifier;
import org.apache.directory.server.kerberos.shared.messages.value.EncryptedData;
import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
import org.apache.directory.server.kerberos.shared.messages.value.KerberosTime;
-import org.apache.directory.server.kerberos.shared.messages.value.TicketFlags;
import org.apache.directory.server.kerberos.shared.messages.value.TransitedEncoding;
+import org.apache.directory.server.kerberos.shared.messages.value.flags.TicketFlag;
+import org.apache.directory.server.kerberos.shared.messages.value.flags.TicketFlags;
+import org.apache.directory.server.kerberos.shared.messages.value.types.KerberosErrorType;
/**
@@ -70,9 +72,10 @@
public EncryptionKey getServerKey( KerberosPrincipal serverPrincipal, String serverPassword )
{
KerberosKey serverKerberosKey = new KerberosKey( serverPrincipal, serverPassword.toCharArray(), "DES" );
+
byte[] serverKeyBytes = serverKerberosKey.getEncoded();
EncryptionKey serverKey = new EncryptionKey( EncryptionType.DES_CBC_MD5, serverKeyBytes );
-
+
return serverKey;
}
@@ -94,29 +97,37 @@
public Ticket getTicket( KerberosPrincipal clientPrincipal, KerberosPrincipal serverPrincipal,
EncryptionKey serverKey ) throws KerberosException
{
- EncTicketPartModifier encTicketModifier = new EncTicketPartModifier();
+ EncTicketPart ticketPart = new EncTicketPart();
TicketFlags ticketFlags = new TicketFlags();
- ticketFlags.set( TicketFlags.RENEWABLE );
- encTicketModifier.setFlags( ticketFlags );
+ ticketFlags.setFlag( TicketFlag.RENEWABLE );
+
+ ticketPart.setFlags( ticketFlags );
EncryptionKey sessionKey = RandomKeyFactory.getRandomKey( EncryptionType.DES_CBC_MD5 );
- encTicketModifier.setSessionKey( sessionKey );
- encTicketModifier.setClientPrincipal( clientPrincipal );
- encTicketModifier.setTransitedEncoding( new TransitedEncoding() );
- encTicketModifier.setAuthTime( new KerberosTime() );
+ ticketPart.setSessionKey( sessionKey );
+
+ try
+ {
+ ticketPart.setClientPrincipal( clientPrincipal );
+ }
+ catch ( ParseException pe )
+ {
+ throw new KerberosException( KerberosErrorType.KRB_ERR_GENERIC, "Bad principal name : " + clientPrincipal );
+ }
+
+ ticketPart.setTransitedEncoding( new TransitedEncoding() );
+ ticketPart.setAuthTime( new KerberosTime() );
long now = System.currentTimeMillis();
KerberosTime endTime = new KerberosTime( now + ONE_DAY );
- encTicketModifier.setEndTime( endTime );
+ ticketPart.setEndTime( endTime );
KerberosTime renewTill = new KerberosTime( now + ONE_WEEK );
- encTicketModifier.setRenewTill( renewTill );
-
- EncTicketPart encTicketPart = encTicketModifier.getEncTicketPart();
+ ticketPart.setRenewTill( renewTill );
- EncryptedData encryptedTicketPart = cipherTextHandler.seal( serverKey, encTicketPart, KeyUsage.NUMBER2 );
+ EncryptedData encryptedTicketPart = cipherTextHandler.seal( serverKey, ticketPart, KeyUsage.NUMBER2 );
TicketModifier ticketModifier = new TicketModifier();
ticketModifier.setTicketVersionNumber( 5 );
@@ -125,7 +136,7 @@
Ticket ticket = ticketModifier.getTicket();
- ticket.setEncTicketPart( encTicketPart );
+ ticket.setEncTicketPart( ticketPart );
return ticket;
}
@@ -142,7 +153,8 @@
{
byte[] asn1Encoding = TicketEncoder.encodeTicket( ticket );
- KerberosPrincipal client = ticket.getClientPrincipal();
+ KerberosPrincipal clientPrincipal =
+ new KerberosPrincipal( ticket.getClientPrincipalName().getNameComponent() + '@' + ticket.getClientRealm() );
KerberosPrincipal server = ticket.getServerPrincipal();
byte[] sessionKey = ticket.getSessionKey().getKeyValue();
int keyType = ticket.getSessionKey().getKeyType().getOrdinal();
@@ -161,14 +173,14 @@
Date renewTill = null;
- if ( ticket.getFlag( TicketFlags.RENEWABLE ) )
+ if ( ticket.getFlags().isRenewable() )
{
renewTill = ( ticket.getRenewTill() != null ? ticket.getRenewTill().toDate() : null );
}
InetAddress[] clientAddresses = new InetAddress[0];
- return new KerberosTicket( asn1Encoding, client, server, sessionKey, keyType, flags, authTime, startTime,
+ return new KerberosTicket( asn1Encoding, clientPrincipal, server, sessionKey, keyType, flags, authTime, startTime,
endTime, renewTill, clientAddresses );
}
}
Modified: directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/operations/GetAllPrincipals.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/operations/GetAllPrincipals.java?rev=578743&r1=578742&r2=578743&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/operations/GetAllPrincipals.java (original)
+++ directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/operations/GetAllPrincipals.java Mon Sep 24 03:18:05 2007
@@ -39,7 +39,7 @@
import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
-import org.apache.directory.server.kerberos.shared.messages.value.SamType;
+import org.apache.directory.server.kerberos.shared.messages.value.types.SamType;
import org.apache.directory.server.kerberos.shared.store.KerberosAttribute;
import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntry;
import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntryModifier;
Modified: directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/operations/GetPrincipal.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/operations/GetPrincipal.java?rev=578743&r1=578742&r2=578743&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/operations/GetPrincipal.java (original)
+++ directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/operations/GetPrincipal.java Mon Sep 24 03:18:05 2007
@@ -37,7 +37,7 @@
import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
import org.apache.directory.server.kerberos.shared.messages.value.KerberosTime;
-import org.apache.directory.server.kerberos.shared.messages.value.SamType;
+import org.apache.directory.server.kerberos.shared.messages.value.types.SamType;
import org.apache.directory.server.kerberos.shared.store.KerberosAttribute;
import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntry;
import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntryModifier;
Added: directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/checksum/KerberosUtilsTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/checksum/KerberosUtilsTest.java?rev=578743&view=auto
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/checksum/KerberosUtilsTest.java (added)
+++ directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/checksum/KerberosUtilsTest.java Mon Sep 24 03:18:05 2007
@@ -0,0 +1,131 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.server.kerberos.shared.crypto.checksum;
+
+import java.text.ParseException;
+import java.util.List;
+
+import javax.security.auth.kerberos.KerberosPrincipal;
+
+import org.apache.directory.server.kerberos.shared.KerberosUtils;
+
+import junit.framework.TestCase;
+
+/**
+ * Test the KerberosUtils class
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public class KerberosUtilsTest extends TestCase
+{
+ public void setUp()
+ {
+ // First setup a default realm
+ System.setProperty( "java.security.krb5.realm", "APACHE.ORG" );
+ System.setProperty( "java.security.krb5.kdc", "localhost" );
+ }
+
+ public void testKerberosNameSimple() throws Exception
+ {
+ KerberosPrincipal kp = new KerberosPrincipal( "abc" );
+ List<String> names = KerberosUtils.getNames( kp );
+
+ assertEquals( 1, names.size() );
+ assertEquals( "abc", names.get( 0 ) );
+ }
+
+ /**
+ public void testKerberosNameEscaped() throws Exception
+ {
+ KerberosPrincipal kp = new KerberosPrincipal( "abc\\//d\\@f/g\\\\hi" );
+ List<String> names = KerberosUtils.getNames( kp );
+
+ assertEquals( 3, names.size() );
+ assertEquals( "abc\\/", names.get( 0 ) );
+ assertEquals( "d\\@g", names.get( 1 ) );
+ assertEquals( "g\\\\hi", names.get( 2 ) );
+ }
+ */
+
+ public void testKerberosNameSimpleWithRealm() throws Exception
+ {
+ KerberosPrincipal kp = new KerberosPrincipal( "abc@APACHE.ORG" );
+ List<String> names = KerberosUtils.getNames( kp );
+
+ assertEquals( 1, names.size() );
+ assertEquals( "abc", names.get( 0 ) );
+ }
+
+ public void testKerberosNameThree() throws Exception
+ {
+ KerberosPrincipal kp = new KerberosPrincipal( "abc/def/ghi" );
+ List<String> names = KerberosUtils.getNames( kp );
+
+ assertEquals( 3, names.size() );
+ assertEquals( "abc", names.get( 0 ) );
+ assertEquals( "def", names.get( 1 ) );
+ assertEquals( "ghi", names.get( 2 ) );
+ }
+
+ public void testKerberosNameThreeWithRealm() throws Exception
+ {
+ KerberosPrincipal kp = new KerberosPrincipal( "abc/def/ghi@APACHE.ORG" );
+ List<String> names = KerberosUtils.getNames( kp );
+
+ assertEquals( 3, names.size() );
+ assertEquals( "abc", names.get( 0 ) );
+ assertEquals( "def", names.get( 1 ) );
+ assertEquals( "ghi", names.get( 2 ) );
+ }
+
+ /**
+ public void testKerberosEndingSlash()
+ {
+ try
+ {
+ KerberosPrincipal kp = new KerberosPrincipal( "abc/def/ghi/" );
+ KerberosUtils.getNames( kp );
+
+ // Should not reaxh this point
+ fail();
+ }
+ catch ( ParseException pe )
+ {
+ assertTrue( true );
+ }
+ }
+
+ public void testKerberosEndingSlashWithRealm()
+ {
+ try
+ {
+ KerberosPrincipal kp = new KerberosPrincipal( "abc/def/ghi/@APACHE.ORG" );
+ KerberosUtils.getNames( kp );
+
+ // Should not reaxh this point
+ fail();
+ }
+ catch ( ParseException pe )
+ {
+ assertTrue( true );
+ }
+ }
+ */
+}
Modified: directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/CipherTextHandlerTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/CipherTextHandlerTest.java?rev=578743&r1=578742&r2=578743&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/CipherTextHandlerTest.java (original)
+++ directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/CipherTextHandlerTest.java Mon Sep 24 03:18:05 2007
@@ -32,7 +32,7 @@
import org.apache.directory.server.kerberos.shared.exceptions.KerberosException;
import org.apache.directory.server.kerberos.shared.messages.value.EncryptedData;
-import org.apache.directory.server.kerberos.shared.messages.value.EncryptedTimeStamp;
+import org.apache.directory.server.kerberos.shared.messages.value.PreAuthEncryptedTimestamp;
import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
import org.apache.directory.server.kerberos.shared.messages.value.KerberosTime;
@@ -129,7 +129,7 @@
public void testDesGoodPasswordDecrypt()
{
CipherTextHandler lockBox = new CipherTextHandler();
- Class hint = EncryptedTimeStamp.class;
+ Class hint = PreAuthEncryptedTimestamp.class;
KerberosPrincipal principal = new KerberosPrincipal( "erodriguez@EXAMPLE.COM" );
KerberosKey kerberosKey = new KerberosKey( principal, "kerby".toCharArray(), "DES" );
EncryptionKey key = new EncryptionKey( EncryptionType.DES_CBC_MD5, kerberosKey.getEncoded() );
@@ -137,7 +137,7 @@
try
{
- EncryptedTimeStamp object = ( EncryptedTimeStamp ) lockBox.unseal( hint, key, data, KeyUsage.NUMBER1 );
+ PreAuthEncryptedTimestamp object = ( PreAuthEncryptedTimestamp ) lockBox.unseal( hint, key, data, KeyUsage.NUMBER1 );
assertEquals( "TimeStamp", "20070322233107Z", object.getTimeStamp().toString() );
assertEquals( "MicroSeconds", 291067, object.getMicroSeconds() );
}
@@ -155,7 +155,7 @@
public void testDesBadPasswordDecrypt()
{
CipherTextHandler lockBox = new CipherTextHandler();
- Class hint = EncryptedTimeStamp.class;
+ Class hint = PreAuthEncryptedTimestamp.class;
KerberosPrincipal principal = new KerberosPrincipal( "erodriguez@EXAMPLE.COM" );
KerberosKey kerberosKey = new KerberosKey( principal, "badpassword".toCharArray(), "DES" );
EncryptionKey key = new EncryptionKey( EncryptionType.DES_CBC_MD5, kerberosKey.getEncoded() );
@@ -181,7 +181,7 @@
public void testTripleDesGoodPasswordDecrypt()
{
CipherTextHandler lockBox = new CipherTextHandler();
- Class hint = EncryptedTimeStamp.class;
+ Class hint = PreAuthEncryptedTimestamp.class;
KerberosPrincipal principal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
String algorithm = VendorHelper.getTripleDesAlgorithm();
KerberosKey kerberosKey = new KerberosKey( principal, "secret".toCharArray(), algorithm );
@@ -190,7 +190,7 @@
try
{
- EncryptedTimeStamp object = ( EncryptedTimeStamp ) lockBox.unseal( hint, key, data, KeyUsage.NUMBER1 );
+ PreAuthEncryptedTimestamp object = ( PreAuthEncryptedTimestamp ) lockBox.unseal( hint, key, data, KeyUsage.NUMBER1 );
assertEquals( "TimeStamp", "20070410190400Z", object.getTimeStamp().toString() );
assertEquals( "MicroSeconds", 460450, object.getMicroSeconds() );
}
@@ -218,7 +218,7 @@
String zuluTime = "20070410190400Z";
int microSeconds = 460450;
- EncryptedTimeStamp encryptedTimeStamp = getEncryptedTimeStamp( zuluTime, microSeconds );
+ PreAuthEncryptedTimestamp encryptedTimeStamp = getEncryptedTimeStamp( zuluTime, microSeconds );
EncryptedData encryptedData = null;
@@ -231,11 +231,11 @@
fail( "Should not have caught exception." );
}
- Class hint = EncryptedTimeStamp.class;
+ Class hint = PreAuthEncryptedTimestamp.class;
try
{
- EncryptedTimeStamp object = ( EncryptedTimeStamp ) lockBox.unseal( hint, key, encryptedData,
+ PreAuthEncryptedTimestamp object = ( PreAuthEncryptedTimestamp ) lockBox.unseal( hint, key, encryptedData,
KeyUsage.NUMBER1 );
assertEquals( "TimeStamp", zuluTime, object.getTimeStamp().toString() );
assertEquals( "MicroSeconds", microSeconds, object.getMicroSeconds() );
@@ -260,7 +260,7 @@
}
CipherTextHandler lockBox = new CipherTextHandler();
- Class hint = EncryptedTimeStamp.class;
+ Class hint = PreAuthEncryptedTimestamp.class;
KerberosPrincipal principal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
KerberosKey kerberosKey = new KerberosKey( principal, "secret".toCharArray(), "AES128" );
EncryptionKey key = new EncryptionKey( EncryptionType.AES128_CTS_HMAC_SHA1_96, kerberosKey.getEncoded() );
@@ -268,7 +268,7 @@
try
{
- EncryptedTimeStamp object = ( EncryptedTimeStamp ) lockBox.unseal( hint, key, data, KeyUsage.NUMBER1 );
+ PreAuthEncryptedTimestamp object = ( PreAuthEncryptedTimestamp ) lockBox.unseal( hint, key, data, KeyUsage.NUMBER1 );
assertEquals( "TimeStamp", "20070410212557Z", object.getTimeStamp().toString() );
assertEquals( "MicroSeconds", 379386, object.getMicroSeconds() );
}
@@ -300,7 +300,7 @@
String zuluTime = "20070410190400Z";
int microSeconds = 460450;
- EncryptedTimeStamp encryptedTimeStamp = getEncryptedTimeStamp( zuluTime, microSeconds );
+ PreAuthEncryptedTimestamp encryptedTimeStamp = getEncryptedTimeStamp( zuluTime, microSeconds );
EncryptedData encryptedData = null;
@@ -313,11 +313,11 @@
fail( "Should not have caught exception." );
}
- Class hint = EncryptedTimeStamp.class;
+ Class hint = PreAuthEncryptedTimestamp.class;
try
{
- EncryptedTimeStamp object = ( EncryptedTimeStamp ) lockBox.unseal( hint, key, encryptedData,
+ PreAuthEncryptedTimestamp object = ( PreAuthEncryptedTimestamp ) lockBox.unseal( hint, key, encryptedData,
KeyUsage.NUMBER1 );
assertEquals( "TimeStamp", "20070410190400Z", object.getTimeStamp().toString() );
assertEquals( "MicroSeconds", 460450, object.getMicroSeconds() );
@@ -342,7 +342,7 @@
}
CipherTextHandler lockBox = new CipherTextHandler();
- Class hint = EncryptedTimeStamp.class;
+ Class hint = PreAuthEncryptedTimestamp.class;
KerberosKey kerberosKey;
@@ -362,7 +362,7 @@
try
{
- EncryptedTimeStamp object = ( EncryptedTimeStamp ) lockBox.unseal( hint, key, data, KeyUsage.NUMBER1 );
+ PreAuthEncryptedTimestamp object = ( PreAuthEncryptedTimestamp ) lockBox.unseal( hint, key, data, KeyUsage.NUMBER1 );
assertEquals( "TimeStamp", "20070410212809Z", object.getTimeStamp().toString() );
assertEquals( "MicroSeconds", 298294, object.getMicroSeconds() );
}
@@ -406,7 +406,7 @@
String zuluTime = "20070410190400Z";
int microSeconds = 460450;
- EncryptedTimeStamp encryptedTimeStamp = getEncryptedTimeStamp( zuluTime, microSeconds );
+ PreAuthEncryptedTimestamp encryptedTimeStamp = getEncryptedTimeStamp( zuluTime, microSeconds );
EncryptedData encryptedData = null;
@@ -419,11 +419,11 @@
fail( "Should not have caught exception." );
}
- Class hint = EncryptedTimeStamp.class;
+ Class hint = PreAuthEncryptedTimestamp.class;
try
{
- EncryptedTimeStamp object = ( EncryptedTimeStamp ) lockBox.unseal( hint, key, encryptedData,
+ PreAuthEncryptedTimestamp object = ( PreAuthEncryptedTimestamp ) lockBox.unseal( hint, key, encryptedData,
KeyUsage.NUMBER1 );
assertEquals( "TimeStamp", "20070410190400Z", object.getTimeStamp().toString() );
assertEquals( "MicroSeconds", 460450, object.getMicroSeconds() );
@@ -435,7 +435,7 @@
}
- protected EncryptedTimeStamp getEncryptedTimeStamp( String zuluTime, int microSeconds ) throws ParseException
+ protected PreAuthEncryptedTimestamp getEncryptedTimeStamp( String zuluTime, int microSeconds ) throws ParseException
{
Date date = null;
synchronized ( dateFormat )
@@ -445,7 +445,7 @@
KerberosTime timeStamp = new KerberosTime( date );
- return new EncryptedTimeStamp( timeStamp, microSeconds );
+ return new PreAuthEncryptedTimestamp( timeStamp, microSeconds );
}
/*
Added: directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/messages/AuthServerRequestTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/messages/AuthServerRequestTest.java?rev=578743&view=auto
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/messages/AuthServerRequestTest.java (added)
+++ directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/messages/AuthServerRequestTest.java Mon Sep 24 03:18:05 2007
@@ -0,0 +1,258 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.server.kerberos.shared.messages;
+
+import java.nio.ByteBuffer;
+import java.text.ParseException;
+import java.text.SimpleDateFormat;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.List;
+
+import javax.security.auth.kerberos.KerberosPrincipal;
+
+import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
+import org.apache.directory.server.kerberos.shared.exceptions.KerberosException;
+import org.apache.directory.server.kerberos.shared.messages.components.Ticket;
+import org.apache.directory.server.kerberos.shared.messages.value.EncryptedData;
+import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
+import org.apache.directory.server.kerberos.shared.messages.value.HostAddress;
+import org.apache.directory.server.kerberos.shared.messages.value.HostAddresses;
+import org.apache.directory.server.kerberos.shared.messages.value.KerberosRequestBody;
+import org.apache.directory.server.kerberos.shared.messages.value.KerberosTime;
+import org.apache.directory.server.kerberos.shared.messages.value.PreAuthenticationData;
+import org.apache.directory.server.kerberos.shared.messages.value.PrincipalName;
+import org.apache.directory.server.kerberos.shared.messages.value.flags.KdcOption;
+import org.apache.directory.server.kerberos.shared.messages.value.flags.KdcOptions;
+import org.apache.directory.server.kerberos.shared.messages.value.types.HostAddressType;
+import org.apache.directory.server.kerberos.shared.messages.value.types.PreAuthenticationDataType;
+import org.apache.directory.server.kerberos.shared.messages.value.types.PrincipalNameType;
+import org.apache.directory.server.kerberos.shared.store.TicketFactory;
+import org.apache.directory.shared.ldap.util.StringTools;
+
+import junit.framework.TestCase;
+
+/**
+ * Test the AS-REQ encoding and decoding
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public class AuthServerRequestTest extends TestCase
+{
+ private static Date date = null;
+
+ static
+ {
+ try
+ {
+ date = new SimpleDateFormat( "yyyyMMddHHmmss'Z'" ).parse( "20070717114503Z" );
+ }
+ catch ( ParseException pe )
+ {
+ // Do nothing
+ }
+ }
+
+ private KerberosRequestBody getReqBody() throws ParseException, KerberosException
+ {
+ KerberosRequestBody krb = new KerberosRequestBody();
+
+ // KdcOptions
+ KdcOptions kdcOptions = new KdcOptions();
+ kdcOptions.setFlag( KdcOption.FORWARDABLE );
+ kdcOptions.setFlag( KdcOption.PROXIABLE );
+ kdcOptions.setFlag( KdcOption.POSTDATED );
+ kdcOptions.setFlag( KdcOption.VALIDATE );
+
+ krb.setKdcOptions( kdcOptions );
+
+ // cName
+ PrincipalName cname = new PrincipalName( "test@APACHE.ORG", PrincipalNameType.KRB_NT_PRINCIPAL );
+ krb.setClientPrincipalName( cname );
+
+ // Realm
+ krb.setRealm( "APACHE.ORG" );
+
+ // sName
+ PrincipalName sname = new PrincipalName( "server@APACHE.ORG", PrincipalNameType.KRB_NT_PRINCIPAL );
+ krb.setServerPrincipalName( sname );
+
+ // from, till and renew
+ KerberosTime kerberosTime = new KerberosTime( date );
+ krb.setFrom( kerberosTime );
+ krb.setTill( kerberosTime );
+ krb.setRenewtime( kerberosTime );
+
+ // nonce
+ krb.setNonce( 1000 );
+
+ // EncryptionTypes
+ krb.addEncryptionType( EncryptionType.AES128_CTS_HMAC_SHA1_96 );
+ krb.addEncryptionType( EncryptionType.DES3_CBC_MD5 );
+
+ // addresses
+ HostAddress[] ha = new HostAddress[]
+ {
+ new HostAddress( HostAddressType.ADDRTYPE_INET, new byte[] { 0x01, 0x02, 0x03, 0x04 } )
+ };
+
+ HostAddresses addresses = new HostAddresses( ha );
+ krb.setAddresses( addresses );
+
+ // encAuthorizationData
+ EncryptedData ed = new EncryptedData( EncryptionType.AES128_CTS_HMAC_SHA1_96, 1, new byte[]
+ { 0x01, 0x02, 0x03, 0x04 } );
+ krb.setEncAuthorizationData( ed );
+
+ // additionalTickets
+ TicketFactory ticketFactory = new TicketFactory();
+
+ KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
+ KerberosPrincipal serverPrincipal = new KerberosPrincipal( "kadmin/changepw@EXAMPLE.COM" );
+ String serverPassword = "s3crEt";
+
+ EncryptionKey serverKey = ticketFactory.getServerKey( serverPrincipal, serverPassword );
+
+ Ticket serviceTicket = ticketFactory.getTicket( clientPrincipal, serverPrincipal, serverKey );
+
+ krb.addAdditionalTicket( serviceTicket );
+
+ return krb;
+ }
+
+ public void testAuthServerRequestBase() throws Exception
+ {
+ PreAuthenticationData pad = new PreAuthenticationData(
+ PreAuthenticationDataType.PA_ASF3_SALT,
+ new byte[] { 0x01, 0x02, 0x03 } );
+
+ List<PreAuthenticationData> paData = new ArrayList<PreAuthenticationData>();
+ paData.add( pad );
+
+ AuthServerRequest asr = new AuthServerRequest( paData, getReqBody() );
+
+ ByteBuffer encoded = asr.encode( null );
+
+ byte[] expectedResult = new byte[]
+ {
+ 0x6A, (byte)0x82, 0x01, (byte)0xD1,
+ 0x30, (byte)0x82, 0x01, (byte)0xCD,
+ (byte)0xA1, 0x03,
+ 0x02, 0x01, 0x05,
+ (byte)0xA2, 0x03,
+ 0x02, 0x01, 0x0A,
+ (byte)0xA3, 0x10,
+ 0x30, 0x0E,
+ 0x30, 0x0C,
+ (byte)0xA1, 0x03,
+ 0x02, 0x01, 0x0A,
+ (byte)0xA2, 0x05,
+ 0x04, 0x03,
+ 0x01, 0x02, 0x03,
+ (byte)0xA4, (byte)0x82, 0x01, (byte)0xAD,
+ 0x30, (byte)0x82, 0x01, (byte)0xA9,
+ (byte)0xA0, 0x07,
+ 0x03, 0x05,
+ 0x00, (byte)0x52, 0x00, 0x00, 0x01,
+ (byte)0xA1, 0x11,
+ 0x30, 0x0F,
+ (byte) 0xA0, 0x03,
+ 0x02, 0x01, 0x01,
+ (byte) 0xA1, 0x08,
+ 0x30, 0x06,
+ 0x1B, 0x04,
+ 't', 'e', 's', 't',
+ (byte)0xA2,0x0C,
+ 0x1B, 0x0A,
+ 'A', 'P', 'A', 'C', 'H', 'E', '.', 'O', 'R', 'G',
+ (byte)0xA3, 0x13,
+ 0x30, 0x11,
+ (byte) 0xA0, 0x03,
+ 0x02, 0x01, 0x01,
+ (byte) 0xA1, 0x0A,
+ 0x30, 0x08,
+ 0x1B, 0x06,
+ 's', 'e', 'r', 'v', 'e', 'r',
+ (byte)0xA4, 0x11,
+ 0x18, 0x0F,
+ '2', '0', '0', '7', '0', '7', '1', '7', '0', '9', '4', '5', '0', '3', 'Z',
+ (byte)0xA5, 0x11,
+ 0x18, 0x0F,
+ '2', '0', '0', '7', '0', '7', '1', '7', '0', '9', '4', '5', '0', '3', 'Z',
+ (byte)0xA6, 0x11,
+ 0x18, 0x0F,
+ '2', '0', '0', '7', '0', '7', '1', '7', '0', '9', '4', '5', '0', '3', 'Z',
+ (byte)0xA7, 0x04,
+ 0x02, (byte)0x02, 0x03, (byte)0xE8,
+ (byte)0xA8, 0x08,
+ 0x30, 0x06,
+ 0x02, 0x01, 0x11,
+ 0x02, 0x01, 0x05,
+ (byte)0xA9, 0x11,
+ 0x30, 0x0F,
+ 0x30, 0x0d,
+ (byte)0xA0, 0x03,
+ 0x02, 0x01, 0x02,
+ (byte)0xA1, 0x06,
+ 0x04, 0x04,
+ 0x01, 0x02, 0x03, 0x04,
+ (byte)0xAA, 0x14,
+ 0x30, 0x12,
+ (byte)0xA0, 0x03,
+ 0x02, 0x01, 0x11,
+ (byte)0xA1, 0x03,
+ 0x02, 0x01, 0x01,
+ (byte)0xA2, 0x06,
+ 0x04, 0x04, 0x01, 0x02, 0x03, 0x04,
+ (byte)0xAB, (byte)0x81, (byte)0xF5,
+ 0x30, (byte)0x81, (byte)0xF2,
+ 0x61, (byte)0x81, (byte)0xEF,
+ 0x30, (byte)0x81, (byte)0xEC,
+ (byte)0xA0, 0x03,
+ 0x02, 0x01, 0x05,
+ (byte)0xA1, 0x0D,
+ 0x1B, 0x0B,
+ 'E', 'X', 'A', 'M', 'P', 'L', 'E', '.', 'C', 'O', 'M',
+ (byte)0xA2, 0x1D,
+ 0x30, 0x1B,
+ (byte)0xA0, 0x03,
+ 0x02, 0x01, 0x01,
+ (byte)0xA1, 0x14,
+ 0x30, 0x12,
+ 0x1B, 0x06,
+ 'k', 'a', 'd', 'm', 'i', 'n',
+ 0x1B, 0x08,
+ 'c', 'h', 'a', 'n', 'g', 'e', 'p', 'w',
+ (byte)0xA3, (byte)0x81, (byte)0xB6,
+ 0x30, (byte)0x81, (byte)0xB3,
+ (byte)0xA0, 0x03,
+ 0x02, 0x01, 0x03,
+ (byte)0xA2, (byte)0x81, (byte)0xAB,
+ 0x04, (byte)0x81, (byte)0xA8
+
+ };
+
+ // We will just compared the first bytes (everyting before the encrypted data)
+ String expectedResultString = StringTools.dumpBytes( expectedResult );
+ String resultString = StringTools.dumpBytes( encoded.array() ).substring( 0, expectedResultString.length() );
+
+ assertEquals( expectedResultString, resultString );
+ }
+}
Added: directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/messages/KdcRequestTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/messages/KdcRequestTest.java?rev=578743&view=auto
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/messages/KdcRequestTest.java (added)
+++ directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/messages/KdcRequestTest.java Mon Sep 24 03:18:05 2007
@@ -0,0 +1,259 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.server.kerberos.shared.messages;
+
+import java.nio.ByteBuffer;
+import java.text.ParseException;
+import java.text.SimpleDateFormat;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.List;
+
+import javax.security.auth.kerberos.KerberosPrincipal;
+
+import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
+import org.apache.directory.server.kerberos.shared.exceptions.KerberosException;
+import org.apache.directory.server.kerberos.shared.messages.components.Ticket;
+import org.apache.directory.server.kerberos.shared.messages.value.EncryptedData;
+import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
+import org.apache.directory.server.kerberos.shared.messages.value.HostAddress;
+import org.apache.directory.server.kerberos.shared.messages.value.HostAddresses;
+import org.apache.directory.server.kerberos.shared.messages.value.KerberosRequestBody;
+import org.apache.directory.server.kerberos.shared.messages.value.KerberosTime;
+import org.apache.directory.server.kerberos.shared.messages.value.PreAuthenticationData;
+import org.apache.directory.server.kerberos.shared.messages.value.PrincipalName;
+import org.apache.directory.server.kerberos.shared.messages.value.flags.KdcOption;
+import org.apache.directory.server.kerberos.shared.messages.value.flags.KdcOptions;
+import org.apache.directory.server.kerberos.shared.messages.value.types.HostAddressType;
+import org.apache.directory.server.kerberos.shared.messages.value.types.PreAuthenticationDataType;
+import org.apache.directory.server.kerberos.shared.messages.value.types.PrincipalNameType;
+import org.apache.directory.server.kerberos.shared.store.TicketFactory;
+import org.apache.directory.shared.ldap.util.StringTools;
+
+import junit.framework.TestCase;
+
+/**
+ * Test the KdcRequest encoding and decoding
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public class KdcRequestTest extends TestCase
+{
+ private static Date date = null;
+
+ static
+ {
+ try
+ {
+ date = new SimpleDateFormat( "yyyyMMddHHmmss'Z'" ).parse( "20070717114503Z" );
+ }
+ catch ( ParseException pe )
+ {
+ // Do nothing
+ }
+ }
+
+ private KerberosRequestBody getReqBody() throws ParseException, KerberosException
+ {
+ KerberosRequestBody krb = new KerberosRequestBody();
+
+ // KdcOptions
+ KdcOptions kdcOptions = new KdcOptions();
+ kdcOptions.setFlag( KdcOption.FORWARDABLE );
+ kdcOptions.setFlag( KdcOption.PROXIABLE );
+ kdcOptions.setFlag( KdcOption.POSTDATED );
+ kdcOptions.setFlag( KdcOption.VALIDATE );
+
+ krb.setKdcOptions( kdcOptions );
+
+ // cName
+ PrincipalName cname = new PrincipalName( "test@APACHE.ORG", PrincipalNameType.KRB_NT_PRINCIPAL );
+ krb.setClientPrincipalName( cname );
+
+ // Realm
+ krb.setRealm( "APACHE.ORG" );
+
+ // sName
+ PrincipalName sname = new PrincipalName( "server@APACHE.ORG", PrincipalNameType.KRB_NT_PRINCIPAL );
+ krb.setServerPrincipalName( sname );
+
+ // from, till and renew
+ KerberosTime kerberosTime = new KerberosTime( date );
+ krb.setFrom( kerberosTime );
+ krb.setTill( kerberosTime );
+ krb.setRenewtime( kerberosTime );
+
+ // nonce
+ krb.setNonce( 1000 );
+
+ // EncryptionTypes
+ krb.addEncryptionType( EncryptionType.AES128_CTS_HMAC_SHA1_96 );
+ krb.addEncryptionType( EncryptionType.DES3_CBC_MD5 );
+
+ // addresses
+ HostAddress[] ha = new HostAddress[]
+ {
+ new HostAddress( HostAddressType.ADDRTYPE_INET, new byte[] { 0x01, 0x02, 0x03, 0x04 } )
+ };
+
+ HostAddresses addresses = new HostAddresses( ha );
+ krb.setAddresses( addresses );
+
+ // encAuthorizationData
+ EncryptedData ed = new EncryptedData( EncryptionType.AES128_CTS_HMAC_SHA1_96, 1, new byte[]
+ { 0x01, 0x02, 0x03, 0x04 } );
+ krb.setEncAuthorizationData( ed );
+
+ // additionalTickets
+ TicketFactory ticketFactory = new TicketFactory();
+
+ KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
+ KerberosPrincipal serverPrincipal = new KerberosPrincipal( "kadmin/changepw@EXAMPLE.COM" );
+ String serverPassword = "s3crEt";
+
+ EncryptionKey serverKey = ticketFactory.getServerKey( serverPrincipal, serverPassword );
+
+ Ticket serviceTicket = ticketFactory.getTicket( clientPrincipal, serverPrincipal, serverKey );
+
+ krb.addAdditionalTicket( serviceTicket );
+
+ return krb;
+ }
+
+ public void testKdcRequestBase() throws Exception
+ {
+ PreAuthenticationData pad = new PreAuthenticationData(
+ PreAuthenticationDataType.PA_ASF3_SALT,
+ new byte[] { 0x01, 0x02, 0x03 } );
+
+ List<PreAuthenticationData> paData = new ArrayList<PreAuthenticationData>();
+ paData.add( pad );
+
+ KdcRequest kr = new KdcRequest( MessageType.KRB_AS_REQ, paData, getReqBody() );
+
+ ByteBuffer encoded = ByteBuffer.allocate( kr.computeLength() );
+
+ kr.encode( encoded );
+
+ byte[] expectedResult = new byte[]
+ {
+ 0x30, (byte)0x82, 0x01, (byte)0xCD,
+ (byte)0xA1, 0x03,
+ 0x02, 0x01, 0x05,
+ (byte)0xA2, 0x03,
+ 0x02, 0x01, 0x0A,
+ (byte)0xA3, 0x10,
+ 0x30, 0x0E,
+ 0x30, 0x0C,
+ (byte)0xA1, 0x03,
+ 0x02, 0x01, 0x0A,
+ (byte)0xA2, 0x05,
+ 0x04, 0x03,
+ 0x01, 0x02, 0x03,
+ (byte)0xA4, (byte)0x82, 0x01, (byte)0xAD,
+ 0x30, (byte)0x82, 0x01, (byte)0xA9,
+ (byte)0xA0, 0x07,
+ 0x03, 0x05,
+ 0x00, (byte)0x52, 0x00, 0x00, 0x01,
+ (byte)0xA1, 0x11,
+ 0x30, 0x0F,
+ (byte) 0xA0, 0x03,
+ 0x02, 0x01, 0x01,
+ (byte) 0xA1, 0x08,
+ 0x30, 0x06,
+ 0x1B, 0x04,
+ 't', 'e', 's', 't',
+ (byte)0xA2,0x0C,
+ 0x1B, 0x0A,
+ 'A', 'P', 'A', 'C', 'H', 'E', '.', 'O', 'R', 'G',
+ (byte)0xA3, 0x13,
+ 0x30, 0x11,
+ (byte) 0xA0, 0x03,
+ 0x02, 0x01, 0x01,
+ (byte) 0xA1, 0x0A,
+ 0x30, 0x08,
+ 0x1B, 0x06,
+ 's', 'e', 'r', 'v', 'e', 'r',
+ (byte)0xA4, 0x11,
+ 0x18, 0x0F,
+ '2', '0', '0', '7', '0', '7', '1', '7', '0', '9', '4', '5', '0', '3', 'Z',
+ (byte)0xA5, 0x11,
+ 0x18, 0x0F,
+ '2', '0', '0', '7', '0', '7', '1', '7', '0', '9', '4', '5', '0', '3', 'Z',
+ (byte)0xA6, 0x11,
+ 0x18, 0x0F,
+ '2', '0', '0', '7', '0', '7', '1', '7', '0', '9', '4', '5', '0', '3', 'Z',
+ (byte)0xA7, 0x04,
+ 0x02, (byte)0x02, 0x03, (byte)0xE8,
+ (byte)0xA8, 0x08,
+ 0x30, 0x06,
+ 0x02, 0x01, 0x11,
+ 0x02, 0x01, 0x05,
+ (byte)0xA9, 0x11,
+ 0x30, 0x0F,
+ 0x30, 0x0d,
+ (byte)0xA0, 0x03,
+ 0x02, 0x01, 0x02,
+ (byte)0xA1, 0x06,
+ 0x04, 0x04,
+ 0x01, 0x02, 0x03, 0x04,
+ (byte)0xAA, 0x14,
+ 0x30, 0x12,
+ (byte)0xA0, 0x03,
+ 0x02, 0x01, 0x11,
+ (byte)0xA1, 0x03,
+ 0x02, 0x01, 0x01,
+ (byte)0xA2, 0x06,
+ 0x04, 0x04, 0x01, 0x02, 0x03, 0x04,
+ (byte)0xAB, (byte)0x81, (byte)0xF5,
+ 0x30, (byte)0x81, (byte)0xF2,
+ 0x61, (byte)0x81, (byte)0xEF,
+ 0x30, (byte)0x81, (byte)0xEC,
+ (byte)0xA0, 0x03,
+ 0x02, 0x01, 0x05,
+ (byte)0xA1, 0x0D,
+ 0x1B, 0x0B,
+ 'E', 'X', 'A', 'M', 'P', 'L', 'E', '.', 'C', 'O', 'M',
+ (byte)0xA2, 0x1D,
+ 0x30, 0x1B,
+ (byte)0xA0, 0x03,
+ 0x02, 0x01, 0x01,
+ (byte)0xA1, 0x14,
+ 0x30, 0x12,
+ 0x1B, 0x06,
+ 'k', 'a', 'd', 'm', 'i', 'n',
+ 0x1B, 0x08,
+ 'c', 'h', 'a', 'n', 'g', 'e', 'p', 'w',
+ (byte)0xA3, (byte)0x81, (byte)0xB6,
+ 0x30, (byte)0x81, (byte)0xB3,
+ (byte)0xA0, 0x03,
+ 0x02, 0x01, 0x03,
+ (byte)0xA2, (byte)0x81, (byte)0xAB,
+ 0x04, (byte)0x81, (byte)0xA8
+
+ };
+
+ // We will just compared the first bytes (everyting before the encrypted data)
+ String expectedResultString = StringTools.dumpBytes( expectedResult );
+ String resultString = StringTools.dumpBytes( encoded.array() ).substring( 0, expectedResultString.length() );
+
+ assertEquals( expectedResultString, resultString );
+ }
+}
Added: directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/messages/KerberosCredTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/messages/KerberosCredTest.java?rev=578743&view=auto
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/messages/KerberosCredTest.java (added)
+++ directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/messages/KerberosCredTest.java Mon Sep 24 03:18:05 2007
@@ -0,0 +1,92 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.server.kerberos.shared.messages;
+
+import java.nio.ByteBuffer;
+import java.util.Arrays;
+
+import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
+import org.apache.directory.server.kerberos.shared.messages.value.EncryptedData;
+import org.apache.directory.shared.asn1.codec.EncoderException;
+import org.apache.directory.shared.ldap.util.StringTools;
+
+import junit.framework.TestCase;
+
+/**
+ * Test the KRB-CRED encoding and decoding
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public class KerberosCredTest extends TestCase
+{
+ public void testKrbCredBaseNoTicket() throws Exception
+ {
+ KerberosCred kc = new KerberosCred();
+
+ EncryptedData ed = new EncryptedData(
+ EncryptionType.AES128_CTS_HMAC_SHA1_96, 1,
+ new byte[] { 0x01, 0x02, 0x03, 0x04 } );
+
+ kc.setEncPart( ed );
+
+ ByteBuffer encoded = ByteBuffer.allocate( kc.computeLength() );
+
+ kc.encode( encoded );
+
+ byte[] expectedResult = new byte[]
+ {
+ 0x72, 0x26,
+ 0x30, 0x24,
+ (byte)0xA0, 0x03,
+ 0x02, 0x01, 0x05,
+ (byte)0xA1, 0x03,
+ 0x02, 0x01, 0x16,
+ (byte)0xA2, 0x02,
+ 0x30, 0x00,
+ (byte)0xA3, 0x14,
+ 0x30, 0x12,
+ (byte)0xA0, 0x03,
+ 0x02, 0x01, 0x11,
+ (byte)0xA1, 0x03,
+ 0x02, 0x01, 0x01,
+ (byte)0xA2, 0x06,
+ 0x04, 0x04, 0x01, 0x02, 0x03, 0x04
+ };
+
+ assertEquals( StringTools.dumpBytes( expectedResult ), StringTools.dumpBytes( encoded.array() ) );
+ assertTrue( Arrays.equals( expectedResult, encoded.array() ) );
+ }
+
+
+ public void testKrbNoEncryptedData() throws Exception
+ {
+ KerberosPriv kp = new KerberosPriv();
+
+ try
+ {
+ kp.encode( null );
+ fail(); // We should not reach this point : null enc-part is not allowed
+ }
+ catch ( EncoderException ee )
+ {
+ assertTrue( true );
+ }
+ }
+}