cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject cxf-fediz git commit: Switching to use Apache Kerby 1.0.0 for kerberos integration testing
Date Mon, 15 May 2017 09:08:07 GMT
Repository: cxf-fediz
Updated Branches:
  refs/heads/master cb5612bb1 -> f37b6013c


Switching to use Apache Kerby 1.0.0 for kerberos integration testing


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/f37b6013
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/f37b6013
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/f37b6013

Branch: refs/heads/master
Commit: f37b6013ce273bff07f5ad2846a49e657a76c70f
Parents: cb5612b
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Mon May 15 10:07:48 2017 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Mon May 15 10:07:48 2017 +0100

----------------------------------------------------------------------
 pom.xml                                         |   1 +
 systests/kerberos/pom.xml                       |  82 +--------------
 .../fediz/integrationtests/KerberosTest.java    | 104 ++++++-------------
 .../kerberos/src/test/resources/kerberos.ldif   |  51 ---------
 systests/kerberos/src/test/resources/krb5.conf  |   7 --
 5 files changed, 33 insertions(+), 212 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f37b6013/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index f64619c..edb3c45 100644
--- a/pom.xml
+++ b/pom.xml
@@ -61,6 +61,7 @@
         <jetty8.version>8.1.22.v20160922</jetty8.version>
         <jetty9.version>9.3.9.v20160517</jetty9.version>
         <junit.version>4.12</junit.version>
+        <kerby.version>1.0.0</kerby.version>
         <log4j.version>1.2.17</log4j.version>
         <openjpa.version>2.4.2</openjpa.version>
         <servlet.version>2.5</servlet.version>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f37b6013/systests/kerberos/pom.xml
----------------------------------------------------------------------
diff --git a/systests/kerberos/pom.xml b/systests/kerberos/pom.xml
index 9411c9a..a2f83f6 100644
--- a/systests/kerberos/pom.xml
+++ b/systests/kerberos/pom.xml
@@ -90,85 +90,9 @@
             <scope>test</scope>
         </dependency>
         <dependency>
-            <groupId>org.apache.directory.server</groupId>
-            <artifactId>apacheds-core-annotations</artifactId>
-            <version>${apacheds.version}</version>
-            <scope>test</scope>
-            <exclusions>
-                <exclusion>
-                    <groupId>bouncycastle</groupId>
-                    <artifactId>bcprov-jdk15</artifactId>
-                </exclusion>
-            </exclusions>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.directory.server</groupId>
-            <artifactId>apacheds-core-integ</artifactId>
-            <version>${apacheds.version}</version>
-            <scope>test</scope>
-            <exclusions>
-                <exclusion>
-                    <groupId>bouncycastle</groupId>
-                    <artifactId>bcprov-jdk15</artifactId>
-                </exclusion>
-            </exclusions>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.directory.server</groupId>
-            <artifactId>apacheds-protocol-shared</artifactId>
-            <version>${apacheds.version}</version>
-            <scope>test</scope>
-            <exclusions>
-                <exclusion>
-                    <groupId>bouncycastle</groupId>
-                    <artifactId>bcprov-jdk15</artifactId>
-                </exclusion>
-            </exclusions>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.directory.server</groupId>
-            <artifactId>apacheds-protocol-kerberos</artifactId>
-            <version>${apacheds.version}</version>
-            <scope>test</scope>
-            <exclusions>
-                <exclusion>
-                    <groupId>net.sf.ehcache</groupId>
-                    <artifactId>ehcache-core</artifactId>
-                </exclusion>
-                <exclusion>
-                    <groupId>bouncycastle</groupId>
-                    <artifactId>bcprov-jdk15</artifactId>
-                </exclusion>
-            </exclusions>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.directory.server</groupId>
-            <artifactId>apacheds-interceptor-kerberos</artifactId>
-            <version>${apacheds.version}</version>
-            <scope>test</scope>
-            <exclusions>
-                <exclusion>
-                    <groupId>bouncycastle</groupId>
-                    <artifactId>bcprov-jdk15</artifactId>
-                </exclusion>
-            </exclusions>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.directory.server</groupId>
-            <artifactId>apacheds-kerberos-codec</artifactId>
-            <version>${apacheds.version}</version>
-            <scope>test</scope>
-            <exclusions>
-                <exclusion>
-                    <groupId>bouncycastle</groupId>
-                    <artifactId>bcprov-jdk15</artifactId>
-                </exclusion>
-            </exclusions>
-        </dependency>
-        <dependency>
-            <groupId>commons-io</groupId>
-            <artifactId>commons-io</artifactId>
-            <version>${commons.io.version}</version>
+            <groupId>org.apache.kerby</groupId>
+            <artifactId>kerb-simplekdc</artifactId>
+            <version>${kerby.version}</version>
             <scope>test</scope>
         </dependency>
         <dependency>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f37b6013/systests/kerberos/src/test/java/org/apache/cxf/fediz/integrationtests/KerberosTest.java
----------------------------------------------------------------------
diff --git a/systests/kerberos/src/test/java/org/apache/cxf/fediz/integrationtests/KerberosTest.java
b/systests/kerberos/src/test/java/org/apache/cxf/fediz/integrationtests/KerberosTest.java
index 2d2bfb5..1a20ae7 100644
--- a/systests/kerberos/src/test/java/org/apache/cxf/fediz/integrationtests/KerberosTest.java
+++ b/systests/kerberos/src/test/java/org/apache/cxf/fediz/integrationtests/KerberosTest.java
@@ -21,8 +21,6 @@ package org.apache.cxf.fediz.integrationtests;
 
 
 import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileOutputStream;
 import java.io.IOException;
 import java.security.PrivilegedExceptionAction;
 
@@ -40,18 +38,9 @@ import org.apache.catalina.LifecycleException;
 import org.apache.catalina.LifecycleState;
 import org.apache.catalina.connector.Connector;
 import org.apache.catalina.startup.Tomcat;
-import org.apache.commons.io.IOUtils;
 import org.apache.cxf.fediz.core.ClaimTypes;
 import org.apache.cxf.fediz.tomcat7.FederationAuthenticator;
-import org.apache.directory.server.annotations.CreateKdcServer;
-import org.apache.directory.server.annotations.CreateTransport;
-import org.apache.directory.server.core.annotations.ApplyLdifFiles;
-import org.apache.directory.server.core.annotations.CreateDS;
-import org.apache.directory.server.core.annotations.CreateIndex;
-import org.apache.directory.server.core.annotations.CreatePartition;
-import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
-import org.apache.directory.server.core.integ.FrameworkRunner;
-import org.apache.directory.server.core.kerberos.KeyDerivationInterceptor;
+import org.apache.kerby.kerberos.kerb.server.SimpleKdcServer;
 import org.apache.wss4j.dom.engine.WSSConfig;
 import org.apache.xml.security.utils.Base64;
 import org.ietf.jgss.GSSContext;
@@ -61,59 +50,24 @@ import org.ietf.jgss.GSSName;
 import org.ietf.jgss.Oid;
 import org.junit.AfterClass;
 import org.junit.Assert;
-import org.junit.Before;
 import org.junit.BeforeClass;
-import org.junit.runner.RunWith;
 
 /**
  * A test that sends a Kerberos ticket to the IdP for authentication. The IdP must be configured
  * to validate the Kerberos ticket, and in turn get a delegation token to authenticate to
the
  * STS + retrieve claims etc.
  *
- * This test uses an Apache DS instance as the KDC
+ * This test uses an Apache Kerby instance as the KDC
  */
-
-@RunWith(FrameworkRunner.class)
-
-//Define the DirectoryService
-@CreateDS(name = "KerberosTest-class",
-    enableAccessControl = false,
-    allowAnonAccess = false,
-    enableChangeLog = true,
-    partitions = {
-        @CreatePartition(
-            name = "example",
-            suffix = "dc=example,dc=com",
-            indexes = {
-                @CreateIndex(attribute = "objectClass"),
-                @CreateIndex(attribute = "dc"),
-                @CreateIndex(attribute = "ou")
-            }
-        ) },
-    additionalInterceptors = {
-        KeyDerivationInterceptor.class
-        }
-)
-
-@CreateKdcServer(
-    transports = {
-        @CreateTransport(protocol = "KRB", address = "127.0.0.1")
-        },
-    primaryRealm = "service.ws.apache.org",
-    kdcPrincipal = "krbtgt/service.ws.apache.org@service.ws.apache.org"
-)
-
-//Inject an file containing entries
-@ApplyLdifFiles("kerberos.ldif")
-
-public class KerberosTest extends AbstractLdapTestUnit {
+public class KerberosTest extends org.junit.Assert {
 
     static String idpHttpsPort;
     static String rpHttpsPort;
 
     private static Tomcat idpServer;
     private static Tomcat rpServer;
-    private static boolean portUpdated;
+    
+    private static SimpleKdcServer kerbyServer;
 
     @BeforeClass
     public static void init() throws Exception {
@@ -132,37 +86,37 @@ public class KerberosTest extends AbstractLdapTestUnit {
         Assert.assertNotNull("Property 'rp.https.port' null", rpHttpsPort);
 
         WSSConfig.init();
+        
+        String basedir = System.getProperty("basedir");
+        if (basedir == null) {
+            basedir = new File(".").getCanonicalPath();
+        }
 
-        idpServer = startServer(true, idpHttpsPort);
-        rpServer = startServer(false, rpHttpsPort);
-    }
+        // System.setProperty("sun.security.krb5.debug", "true");
+        System.setProperty("java.security.auth.login.config", basedir + "/target/test-classes/kerberos.jaas");
+        System.setProperty("java.security.krb5.conf", basedir + "/target/krb5.conf");
 
-    @Before
-    public void updatePort() throws Exception {
-        if (!portUpdated) {
-            String basedir = System.getProperty("basedir");
-            if (basedir == null) {
-                basedir = new File(".").getCanonicalPath();
-            }
+        kerbyServer = new SimpleKdcServer();
 
-            // Read in krb5.conf and substitute in the correct port
-            File f = new File(basedir + "/src/test/resources/krb5.conf");
+        kerbyServer.setKdcRealm("service.ws.apache.org");
+        kerbyServer.setAllowUdp(false);
+        kerbyServer.setWorkDir(new File(basedir + "/target"));
 
-            FileInputStream inputStream = new FileInputStream(f);
-            String content = IOUtils.toString(inputStream, "UTF-8");
-            inputStream.close();
-            content = content.replaceAll("port", "" + super.getKdcServer().getTransports()[0].getPort());
+        //kerbyServer.setInnerKdcImpl(new NettyKdcServerImpl(kerbyServer.getKdcSetting()));
 
-            File f2 = new File(basedir + "/target/test-classes/fediz.kerberos.krb5.conf");
-            try (FileOutputStream outputStream = new FileOutputStream(f2)) {
-                IOUtils.write(content, outputStream, "UTF-8");
-            }
+        kerbyServer.init();
 
-            System.setProperty("java.security.krb5.conf", f2.getPath());
-            portUpdated = true;
-        }
+        // Create principals
+        String alice = "alice@service.ws.apache.org";
+        String bob = "bob/service.ws.apache.org@service.ws.apache.org";
 
-        System.setProperty("java.security.auth.login.config", "src/test/resources/kerberos.jaas");
+        kerbyServer.createPrincipal(alice, "alice");
+        kerbyServer.createPrincipal(bob, "bob");
+
+        kerbyServer.start();
+
+        idpServer = startServer(true, idpHttpsPort);
+        rpServer = startServer(false, rpHttpsPort);
     }
 
     private static Tomcat startServer(boolean idp, String port)

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f37b6013/systests/kerberos/src/test/resources/kerberos.ldif
----------------------------------------------------------------------
diff --git a/systests/kerberos/src/test/resources/kerberos.ldif b/systests/kerberos/src/test/resources/kerberos.ldif
deleted file mode 100644
index 40f07fd..0000000
--- a/systests/kerberos/src/test/resources/kerberos.ldif
+++ /dev/null
@@ -1,51 +0,0 @@
-dn: dc=example,dc=com
-dc: example
-objectClass: top
-objectClass: domain
-
-dn: ou=users,dc=example,dc=com
-objectClass: organizationalUnit
-objectClass: top
-ou: users
-
-# Web server identity/service principal.
-dn: uid=bob,ou=users,dc=example,dc=com
-objectclass: top
-objectclass: person
-objectclass: inetOrgPerson
-objectclass: krb5Principal
-objectclass: krb5KDCEntry
-cn: bob
-sn: bob
-uid: bob
-userpassword: bob
-krb5PrincipalName: bob/service.ws.apache.org@service.ws.apache.org
-krb5KeyVersionNumber: 0
-
-# User / client principal.
-dn: uid=alice,ou=users,dc=example,dc=com
-objectclass: top
-objectclass: person
-objectclass: inetOrgPerson
-objectclass: krb5Principal
-objectclass: krb5KDCEntry
-cn: alice
-sn: alice
-uid: alice
-userpassword: alice
-krb5PrincipalName: alice@service.ws.apache.org
-krb5KeyVersionNumber: 0
-
-# Ticket Granting Service.
-dn: uid=krbtgt,ou=users,dc=example,dc=com
-objectclass: top
-objectclass: person
-objectclass: inetOrgPerson
-objectclass: krb5Principal
-objectclass: krb5KDCEntry
-cn: KDC Service
-sn: KDC Service
-uid: krbtgt
-userpassword: randomKey
-krb5PrincipalName: krbtgt/service.ws.apache.org@service.ws.apache.org
-krb5KeyVersionNumber: 0
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f37b6013/systests/kerberos/src/test/resources/krb5.conf
----------------------------------------------------------------------
diff --git a/systests/kerberos/src/test/resources/krb5.conf b/systests/kerberos/src/test/resources/krb5.conf
deleted file mode 100644
index a1a6dc9..0000000
--- a/systests/kerberos/src/test/resources/krb5.conf
+++ /dev/null
@@ -1,7 +0,0 @@
-[libdefaults]
-	default_realm = service.ws.apache.org
-
-[realms]
-	service.ws.apache.org = {
-		kdc = localhost:port
-	}
\ No newline at end of file


Mime
View raw message