You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by er...@apache.org on 2007/05/22 06:14:42 UTC
svn commit: r540415 - in /directory/apacheds/trunk:
kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/
kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/
kerberos-share...
Author: erodriguez
Date: Mon May 21 21:14:41 2007
New Revision: 540415
URL: http://svn.apache.org/viewvc?view=rev&rev=540415
Log:
Enabled test cases to work with and without unlimited strength policy installed.
Modified:
directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/KerberosKeyFactory.java
directory/apacheds/trunk/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/CipherTextHandlerTest.java
directory/apacheds/trunk/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/KerberosKeyFactoryTest.java
directory/apacheds/trunk/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/KeyTypeTest.java
directory/apacheds/trunk/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/RandomKeyFactoryTest.java
directory/apacheds/trunk/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/keytab/KeytabTest.java
directory/apacheds/trunk/server-unit/src/test/java/org/apache/directory/server/KeyDerivationServiceITest.java
Modified: directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/KerberosKeyFactory.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/KerberosKeyFactory.java?view=diff&rev=540415&r1=540414&r2=540415
==============================================================================
--- directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/KerberosKeyFactory.java (original)
+++ directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/KerberosKeyFactory.java Mon May 21 21:14:41 2007
@@ -95,11 +95,18 @@
EncryptionType encryptionType = it.next();
String algorithm = DEFAULT_CIPHERS.get( encryptionType );
- KerberosKey kerberosKey = new KerberosKey( principal, passPhrase.toCharArray(), algorithm );
- EncryptionKey encryptionKey = new EncryptionKey( encryptionType, kerberosKey.getEncoded(), kerberosKey
- .getVersionNumber() );
+ try
+ {
+ KerberosKey kerberosKey = new KerberosKey( principal, passPhrase.toCharArray(), algorithm );
+ EncryptionKey encryptionKey = new EncryptionKey( encryptionType, kerberosKey.getEncoded(), kerberosKey
+ .getVersionNumber() );
- kerberosKeys.put( encryptionType, encryptionKey );
+ kerberosKeys.put( encryptionType, encryptionKey );
+ }
+ catch ( IllegalArgumentException iae )
+ {
+ // Algorithm AES256 not enabled
+ }
}
return kerberosKeys;
Modified: directory/apacheds/trunk/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/CipherTextHandlerTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/CipherTextHandlerTest.java?view=diff&rev=540415&r1=540414&r2=540415
==============================================================================
--- directory/apacheds/trunk/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/CipherTextHandlerTest.java (original)
+++ directory/apacheds/trunk/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/CipherTextHandlerTest.java Mon May 21 21:14:41 2007
@@ -321,13 +321,25 @@
* Tests the unsealing of Kerberos CipherText with a good password. After decryption and
* an integrity check, an attempt is made to decode the bytes as an EncryptedTimestamp. The
* result is timestamp data.
- *
+ */
public void testAes256GoodPasswordDecrypt()
{
CipherTextHandler lockBox = new CipherTextHandler();
Class hint = EncryptedTimeStamp.class;
- KerberosPrincipal principal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
- KerberosKey kerberosKey = new KerberosKey( principal, "secret".toCharArray(), "AES256" );
+
+ KerberosKey kerberosKey;
+
+ try
+ {
+ KerberosPrincipal principal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
+ kerberosKey = new KerberosKey( principal, "secret".toCharArray(), "AES256" );
+ }
+ catch ( IllegalArgumentException iae )
+ {
+ // Algorithm AES256 not enabled
+ return;
+ }
+
EncryptionKey key = new EncryptionKey( EncryptionType.AES256_CTS_HMAC_SHA1_96, kerberosKey.getEncoded() );
EncryptedData data = new EncryptedData( EncryptionType.AES256_CTS_HMAC_SHA1_96, 0, aes256EncryptedTimeStamp );
@@ -342,7 +354,6 @@
fail( "Should not have caught exception." );
}
}
- commented out until test if fixed for stock jvm */
/**
@@ -351,12 +362,24 @@
* as an EncryptedTimestamp. The result is timestamp data.
*
* @throws ParseException
- *
+ */
public void testAes256GoodPasswordEncrypt() throws ParseException
{
CipherTextHandler lockBox = new CipherTextHandler();
- KerberosPrincipal principal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
- KerberosKey kerberosKey = new KerberosKey( principal, "secret".toCharArray(), "AES256" );
+
+ KerberosKey kerberosKey;
+
+ try
+ {
+ KerberosPrincipal principal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
+ kerberosKey = new KerberosKey( principal, "secret".toCharArray(), "AES256" );
+ }
+ catch ( IllegalArgumentException iae )
+ {
+ // Algorithm AES256 not enabled
+ return;
+ }
+
EncryptionKey key = new EncryptionKey( EncryptionType.AES256_CTS_HMAC_SHA1_96, kerberosKey.getEncoded() );
String zuluTime = "20070410190400Z";
@@ -388,7 +411,6 @@
fail( "Should not have caught exception." );
}
}
- commented out until test is fixed */
protected EncryptedTimeStamp getEncryptedTimeStamp( String zuluTime, int microSeconds ) throws ParseException
Modified: directory/apacheds/trunk/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/KerberosKeyFactoryTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/KerberosKeyFactoryTest.java?view=diff&rev=540415&r1=540414&r2=540415
==============================================================================
--- directory/apacheds/trunk/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/KerberosKeyFactoryTest.java (original)
+++ directory/apacheds/trunk/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/KerberosKeyFactoryTest.java Mon May 21 21:14:41 2007
@@ -93,27 +93,26 @@
/**
- * Tests that key derivation can be performed for an AES-256 key. This test
- * will fail if "unlimited strength" policy is not installed.
- *
- * @throws Exception
+ * Tests that key derivation can be performed for an AES-256 key.
*/
- public void testAes256KerberosKey() throws Exception
+ public void testAes256KerberosKey()
{
- // KerberosPrincipal principal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
- // KerberosKey key = new KerberosKey( principal, "secret".toCharArray(), "AES256" );
- //
- // assertEquals( "AES256 key length", 32, key.getEncoded().length );
- //
- // SecretKey skey = new SecretKeySpec( key.getEncoded(), "AES" );
- //
- // aesCipher( skey );
+ try
+ {
+ KerberosPrincipal principal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
+ KerberosKey kerberosKey = new KerberosKey( principal, "secret".toCharArray(), "AES256" );
+ assertEquals( "AES256 key length", 32, kerberosKey.getEncoded().length );
+ }
+ catch ( IllegalArgumentException iae )
+ {
+ // Algorithm AES256 not enabled
+ }
}
/**
* Tests that key derivation can be performed by the factory for multiple cipher types.
- *
+ */
public void testKerberosKeyFactory()
{
String principalName = "hnelson@EXAMPLE.COM";
@@ -174,22 +173,27 @@
( byte ) 0x41, ( byte ) 0x7B, ( byte ) 0x90 };
assertTrue( Arrays.equals( expectedBytes, keyBytes ) );
- // kerberosKey = map.get( EncryptionType.AES256_CTS_HMAC_SHA1_96 );
- // keyType = kerberosKey.getKeyType();
- // keyLength = kerberosKey.getKeyValue().length;
- // keyBytes = kerberosKey.getKeyValue();
- //
- // assertEquals( keyType, EncryptionType.AES256_CTS_HMAC_SHA1_96 );
- // assertEquals( keyLength, 32 );
- // expectedBytes = new byte[]
- // { ( byte ) 0x3D, ( byte ) 0x33, ( byte ) 0x31, ( byte ) 0x8F, ( byte ) 0xBE, ( byte ) 0x47, ( byte ) 0xE5,
- // ( byte ) 0x2A, ( byte ) 0x21, ( byte ) 0x50, ( byte ) 0x77, ( byte ) 0xA4, ( byte ) 0x15,
- // ( byte ) 0x58, ( byte ) 0xCA, ( byte ) 0xE7, ( byte ) 0x36, ( byte ) 0x50, ( byte ) 0x1F,
- // ( byte ) 0xA7, ( byte ) 0xA4, ( byte ) 0x85, ( byte ) 0x82, ( byte ) 0x05, ( byte ) 0xF6,
- // ( byte ) 0x8F, ( byte ) 0x67, ( byte ) 0xA2, ( byte ) 0xB5, ( byte ) 0xEA, ( byte ) 0x0E, ( byte ) 0xBF };
- // assertTrue( Arrays.equals( expectedBytes, keyBytes ) );
+ kerberosKey = map.get( EncryptionType.AES256_CTS_HMAC_SHA1_96 );
+
+ if ( kerberosKey != null )
+ {
+ keyType = kerberosKey.getKeyType();
+ keyLength = kerberosKey.getKeyValue().length;
+ keyBytes = kerberosKey.getKeyValue();
+
+ assertEquals( keyType, EncryptionType.AES256_CTS_HMAC_SHA1_96 );
+ assertEquals( keyLength, 32 );
+ expectedBytes = new byte[]
+ { ( byte ) 0x3D, ( byte ) 0x33, ( byte ) 0x31, ( byte ) 0x8F, ( byte ) 0xBE, ( byte ) 0x47,
+ ( byte ) 0xE5, ( byte ) 0x2A, ( byte ) 0x21, ( byte ) 0x50, ( byte ) 0x77, ( byte ) 0xA4,
+ ( byte ) 0x15, ( byte ) 0x58, ( byte ) 0xCA, ( byte ) 0xE7, ( byte ) 0x36, ( byte ) 0x50,
+ ( byte ) 0x1F, ( byte ) 0xA7, ( byte ) 0xA4, ( byte ) 0x85, ( byte ) 0x82, ( byte ) 0x05,
+ ( byte ) 0xF6, ( byte ) 0x8F, ( byte ) 0x67, ( byte ) 0xA2, ( byte ) 0xB5, ( byte ) 0xEA,
+ ( byte ) 0x0E, ( byte ) 0xBF };
+ assertTrue( Arrays.equals( expectedBytes, keyBytes ) );
+ }
}
- commented out until test case is fixed */
+
/**
* Tests that key derivation can be performed by the factory for a specified cipher type.
Modified: directory/apacheds/trunk/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/KeyTypeTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/KeyTypeTest.java?view=diff&rev=540415&r1=540414&r2=540415
==============================================================================
--- directory/apacheds/trunk/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/KeyTypeTest.java (original)
+++ directory/apacheds/trunk/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/KeyTypeTest.java Mon May 21 21:14:41 2007
@@ -20,6 +20,7 @@
package org.apache.directory.server.kerberos.shared.crypto.encryption;
+import java.security.InvalidKeyException;
import java.security.Provider;
import java.security.Security;
import java.util.Arrays;
@@ -171,18 +172,47 @@
/**
- * Tests that a CTS-mode AES cipher can be initialized.
+ * Tests that a CTS-mode AES cipher can be initialized
+ * with an AES-128 key.
*
* @throws Exception
*/
- public void testAesCipher() throws Exception
+ public void testAes128Cipher() throws Exception
{
- KeyGenerator keygen = KeyGenerator.getInstance( "AES" );
- SecretKey desKey = keygen.generateKey();
+ KeyGenerator keyGenerator = KeyGenerator.getInstance( "AES" );
+ keyGenerator.init( 128 );
+
+ SecretKey key = keyGenerator.generateKey();
Cipher ecipher = Cipher.getInstance( "AES/CTS/NoPadding" );
- ecipher.init( Cipher.ENCRYPT_MODE, desKey );
+ ecipher.init( Cipher.ENCRYPT_MODE, key );
assertEquals( "Block size", 16, ecipher.getBlockSize() );
+ }
+
+
+ /**
+ * Tests that a CTS-mode AES cipher can be initialized
+ * with an AES-256 key.
+ *
+ * @throws Exception
+ */
+ public void testAes256Cipher() throws Exception
+ {
+ KeyGenerator keyGenerator = KeyGenerator.getInstance( "AES" );
+ keyGenerator.init( 256 );
+
+ SecretKey key = keyGenerator.generateKey();
+
+ try
+ {
+ Cipher ecipher = Cipher.getInstance( "AES/CTS/NoPadding" );
+ ecipher.init( Cipher.ENCRYPT_MODE, key );
+ assertEquals( "Block size", 16, ecipher.getBlockSize() );
+ }
+ catch ( InvalidKeyException ike )
+ {
+ // Without unlimited-strength crypto this will throw an exception.
+ }
}
Modified: directory/apacheds/trunk/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/RandomKeyFactoryTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/RandomKeyFactoryTest.java?view=diff&rev=540415&r1=540414&r2=540415
==============================================================================
--- directory/apacheds/trunk/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/RandomKeyFactoryTest.java (original)
+++ directory/apacheds/trunk/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/RandomKeyFactoryTest.java Mon May 21 21:14:41 2007
@@ -90,10 +90,10 @@
*/
public void testGenerateAes256Key() throws Exception
{
- // KeyGenerator keygen = KeyGenerator.getInstance( "AES" );
- // keygen.init( 256 );
- // SecretKey key = keygen.generateKey();
- // assertEquals( "AES key size", 32, key.getEncoded().length );
+ KeyGenerator keygen = KeyGenerator.getInstance( "AES" );
+ keygen.init( 256 );
+ SecretKey key = keygen.generateKey();
+ assertEquals( "AES key size", 32, key.getEncoded().length );
}
@@ -161,12 +161,12 @@
assertEquals( keyType, EncryptionType.AES128_CTS_HMAC_SHA1_96 );
assertEquals( keyLength, 16 );
- // kerberosKey = map.get( EncryptionType.AES256_CTS_HMAC_SHA1_96 );
- // keyType = kerberosKey.getKeyType();
- // keyLength = kerberosKey.getKeyValue().length;
+ kerberosKey = map.get( EncryptionType.AES256_CTS_HMAC_SHA1_96 );
+ keyType = kerberosKey.getKeyType();
+ keyLength = kerberosKey.getKeyValue().length;
- // assertEquals( keyType, EncryptionType.AES256_CTS_HMAC_SHA1_96 );
- // assertEquals( keyLength, 32 );
+ assertEquals( keyType, EncryptionType.AES256_CTS_HMAC_SHA1_96 );
+ assertEquals( keyLength, 32 );
}
Modified: directory/apacheds/trunk/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/keytab/KeytabTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/keytab/KeytabTest.java?view=diff&rev=540415&r1=540414&r2=540415
==============================================================================
--- directory/apacheds/trunk/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/keytab/KeytabTest.java (original)
+++ directory/apacheds/trunk/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/keytab/KeytabTest.java Mon May 21 21:14:41 2007
@@ -141,7 +141,7 @@
* Test the writing of a keytab file.
*
* @throws Exception
- *
+ */
public void testWriteKeytab() throws Exception
{
List<KeytabEntry> entries = new ArrayList<KeytabEntry>();
@@ -154,7 +154,6 @@
ByteBuffer buffer = writer.write();
assertEquals( "Expected file size.", 130, buffer.limit() );
}
- commented out until testcase is fixed */
private KeytabEntry getEntry1() throws ParseException
Modified: directory/apacheds/trunk/server-unit/src/test/java/org/apache/directory/server/KeyDerivationServiceITest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/server-unit/src/test/java/org/apache/directory/server/KeyDerivationServiceITest.java?view=diff&rev=540415&r1=540414&r2=540415
==============================================================================
--- directory/apacheds/trunk/server-unit/src/test/java/org/apache/directory/server/KeyDerivationServiceITest.java (original)
+++ directory/apacheds/trunk/server-unit/src/test/java/org/apache/directory/server/KeyDerivationServiceITest.java Mon May 21 21:14:41 2007
@@ -197,7 +197,8 @@
userPassword = ( byte[] ) attributes.get( "userPassword" ).get();
}
- assertEquals( "Number of keys", 5, attributes.get( "krb5key" ).size() );
+ // Could be 4 or 5 depending on whether AES-256 is enabled or not.
+ assertTrue( "Number of keys", attributes.get( "krb5key" ).size() > 3 );
byte[] testPasswordBytes =
{ ( byte ) 0x73, ( byte ) 0x65, ( byte ) 0x63, ( byte ) 0x72, ( byte ) 0x65, ( byte ) 0x74 };
@@ -259,7 +260,8 @@
userPassword = ( byte[] ) attributes.get( "userPassword" ).get();
}
- assertEquals( "Number of keys", 5, attributes.get( "krb5key" ).size() );
+ // Could be 4 or 5 depending on whether AES-256 is enabled or not.
+ assertTrue( "Number of keys", attributes.get( "krb5key" ).size() > 3 );
byte[] testBytes =
{ 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74 };