directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From erodrig...@apache.org
Subject svn commit: r557186 - in /directory/apacheds/trunk/protocol-changepw/src/test/java/org/apache/directory/server/changepw/protocol: ./ ChangepwProtocolHandlerTest.java MapPrincipalStoreImpl.java
Date Wed, 18 Jul 2007 07:43:27 GMT
Author: erodriguez
Date: Wed Jul 18 00:43:24 2007
New Revision: 557186

URL: http://svn.apache.org/viewvc?view=rev&rev=557186
Log:
Test cases for the Change Password protocol.

Added:
    directory/apacheds/trunk/protocol-changepw/src/test/java/org/apache/directory/server/changepw/protocol/
    directory/apacheds/trunk/protocol-changepw/src/test/java/org/apache/directory/server/changepw/protocol/ChangepwProtocolHandlerTest.java
  (with props)
    directory/apacheds/trunk/protocol-changepw/src/test/java/org/apache/directory/server/changepw/protocol/MapPrincipalStoreImpl.java
  (with props)

Added: directory/apacheds/trunk/protocol-changepw/src/test/java/org/apache/directory/server/changepw/protocol/ChangepwProtocolHandlerTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-changepw/src/test/java/org/apache/directory/server/changepw/protocol/ChangepwProtocolHandlerTest.java?view=auto&rev=557186
==============================================================================
--- directory/apacheds/trunk/protocol-changepw/src/test/java/org/apache/directory/server/changepw/protocol/ChangepwProtocolHandlerTest.java
(added)
+++ directory/apacheds/trunk/protocol-changepw/src/test/java/org/apache/directory/server/changepw/protocol/ChangepwProtocolHandlerTest.java
Wed Jul 18 00:43:24 2007
@@ -0,0 +1,403 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.directory.server.changepw.protocol;
+
+
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.net.InetAddress;
+import java.net.InetSocketAddress;
+import java.net.SocketAddress;
+import java.net.UnknownHostException;
+import java.util.Arrays;
+
+import javax.security.auth.kerberos.KerberosPrincipal;
+
+import junit.framework.TestCase;
+
+import org.apache.directory.server.changepw.ChangePasswordConfiguration;
+import org.apache.directory.server.changepw.io.ChangePasswordDataEncoder;
+import org.apache.directory.server.changepw.messages.ChangePasswordError;
+import org.apache.directory.server.changepw.messages.ChangePasswordReply;
+import org.apache.directory.server.changepw.messages.ChangePasswordRequest;
+import org.apache.directory.server.changepw.value.ChangePasswordData;
+import org.apache.directory.server.changepw.value.ChangePasswordDataModifier;
+import org.apache.directory.server.kerberos.shared.crypto.encryption.CipherTextHandler;
+import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
+import org.apache.directory.server.kerberos.shared.crypto.encryption.KeyUsage;
+import org.apache.directory.server.kerberos.shared.crypto.encryption.RandomKeyFactory;
+import org.apache.directory.server.kerberos.shared.exceptions.KerberosException;
+import org.apache.directory.server.kerberos.shared.messages.ApplicationRequest;
+import org.apache.directory.server.kerberos.shared.messages.ErrorMessage;
+import org.apache.directory.server.kerberos.shared.messages.MessageType;
+import org.apache.directory.server.kerberos.shared.messages.application.PrivateMessage;
+import org.apache.directory.server.kerberos.shared.messages.components.AuthenticatorModifier;
+import org.apache.directory.server.kerberos.shared.messages.components.EncKrbPrivPart;
+import org.apache.directory.server.kerberos.shared.messages.components.EncKrbPrivPartModifier;
+import org.apache.directory.server.kerberos.shared.messages.components.Ticket;
+import org.apache.directory.server.kerberos.shared.messages.value.ApOptions;
+import org.apache.directory.server.kerberos.shared.messages.value.EncryptedData;
+import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
+import org.apache.directory.server.kerberos.shared.messages.value.HostAddress;
+import org.apache.directory.server.kerberos.shared.messages.value.KerberosTime;
+import org.apache.directory.server.kerberos.shared.messages.value.PrincipalName;
+import org.apache.directory.server.kerberos.shared.messages.value.PrincipalNameModifier;
+import org.apache.directory.server.kerberos.shared.messages.value.PrincipalNameType;
+import org.apache.directory.server.kerberos.shared.store.PrincipalStore;
+import org.apache.directory.server.kerberos.shared.store.TicketFactory;
+import org.apache.mina.common.IoFilterChain;
+import org.apache.mina.common.IoHandler;
+import org.apache.mina.common.IoService;
+import org.apache.mina.common.IoServiceConfig;
+import org.apache.mina.common.IoSessionConfig;
+import org.apache.mina.common.TransportType;
+import org.apache.mina.common.WriteFuture;
+import org.apache.mina.common.support.BaseIoSession;
+
+
+/**
+ * Tests the ChangePasswordProtocolHandler.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev$, $Date$
+ */
+public class ChangepwProtocolHandlerTest extends TestCase
+{
+    /** The Change Password SUCCESS result code. */
+    private static final byte[] SUCCESS = new byte[]
+        { ( byte ) 0x00, ( byte ) 0x00 };
+
+    private ChangePasswordConfiguration config;
+    private PrincipalStore store;
+    private ChangePasswordProtocolHandler handler;
+    private DummySession session;
+
+    private CipherTextHandler cipherTextHandler = new CipherTextHandler();
+
+
+    public ChangepwProtocolHandlerTest()
+    {
+        config = new ChangePasswordConfiguration();
+        store = new MapPrincipalStoreImpl();
+        handler = new ChangePasswordProtocolHandler( config, store );
+        session = new DummySession();
+    }
+
+
+    public void testProtocolVersionNumber()
+    {
+        ChangePasswordRequest message = new ChangePasswordRequest( ( short ) 2, null, null
);
+
+        handler.messageReceived( session, message );
+
+        ChangePasswordError reply = ( ChangePasswordError ) session.getMessage();
+        ErrorMessage error = reply.getErrorMessage();
+        assertEquals( "Protocol version unsupported", 6, error.getErrorCode() );
+    }
+
+
+    public void testMissingTicket()
+    {
+        ChangePasswordRequest message = new ChangePasswordRequest( ( short ) 1, null, null
);
+
+        handler.messageReceived( session, message );
+
+        ChangePasswordError reply = ( ChangePasswordError ) session.getMessage();
+        ErrorMessage error = reply.getErrorMessage();
+        assertEquals( "Request failed due to an error in authentication processing", 3, error.getErrorCode()
);
+    }
+
+
+    public void testInitialFlagRequired() throws Exception
+    {
+        KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM"
);
+
+        KerberosPrincipal serverPrincipal = new KerberosPrincipal( "kadmin/changepw@EXAMPLE.COM"
);
+        String serverPassword = "secret";
+
+        TicketFactory ticketFactory = new TicketFactory();
+        EncryptionKey serverKey = ticketFactory.getServerKey( serverPrincipal, serverPassword
);
+        Ticket serviceTicket = ticketFactory.getTicket( clientPrincipal, serverPrincipal,
serverKey );
+
+        EncryptionKey subSessionKey = RandomKeyFactory.getRandomKey( EncryptionType.DES_CBC_MD5
);
+
+        ApOptions apOptions = new ApOptions();
+
+        AuthenticatorModifier modifier = new AuthenticatorModifier();
+        modifier.setVersionNumber( 5 );
+        modifier.setClientRealm( "EXAMPLE.COM" );
+
+        PrincipalNameModifier clientModifier = new PrincipalNameModifier();
+        clientModifier.addName( "hnelson" );
+
+        modifier.setClientName( clientModifier.getPrincipalName() );
+        modifier.setClientTime( new KerberosTime() );
+        modifier.setClientMicroSecond( 0 );
+
+        modifier.setSubSessionKey( subSessionKey );
+
+        EncryptedData encryptedAuthenticator = cipherTextHandler.seal( serviceTicket.getSessionKey(),
modifier
+            .getAuthenticator(), KeyUsage.NUMBER11 );
+
+        ApplicationRequest apReq = new ApplicationRequest( apOptions, serviceTicket, encryptedAuthenticator
);
+
+        String newPassword = "secretsecret";
+
+        PrivateMessage priv = getChangePasswordPrivateMessage( newPassword, subSessionKey
);
+
+        ChangePasswordRequest message = new ChangePasswordRequest( ( short ) 1, apReq, priv
);
+
+        handler.messageReceived( session, message );
+
+        ChangePasswordError reply = ( ChangePasswordError ) session.getMessage();
+        ErrorMessage error = reply.getErrorMessage();
+        assertEquals( "Initial flag required", 7, error.getErrorCode() );
+
+        //ChangePasswordReply reply = ( ChangePasswordReply ) session.getMessage();
+
+        //processChangePasswordReply( reply, serviceTicket.getSessionKey(), subSessionKey
);
+    }
+
+
+    private void processChangePasswordReply( ChangePasswordReply reply, EncryptionKey sessionKey,
+        EncryptionKey subSessionKey ) throws Exception
+    {
+        PrivateMessage privateMessage = reply.getPrivateMessage();
+
+        EncryptedData encPrivPart = privateMessage.getEncryptedPart();
+
+        EncKrbPrivPart privPart;
+
+        try
+        {
+            privPart = ( EncKrbPrivPart ) cipherTextHandler.unseal( EncKrbPrivPart.class,
subSessionKey, encPrivPart,
+                KeyUsage.NUMBER13 );
+        }
+        catch ( KerberosException ke )
+        {
+            return;
+        }
+
+        // Verify result code.
+        byte[] resultCode = privPart.getUserData();
+
+        assertTrue( "Password change returned SUCCESS (0x00 0x00).", Arrays.equals( SUCCESS,
resultCode ) );
+    }
+
+
+    public void testSetPassword() throws Exception
+    {
+        KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM"
);
+
+        KerberosPrincipal serverPrincipal = new KerberosPrincipal( "kadmin/changepw@EXAMPLE.COM"
);
+        String serverPassword = "secret";
+
+        TicketFactory ticketFactory = new TicketFactory();
+        EncryptionKey serverKey = ticketFactory.getServerKey( serverPrincipal, serverPassword
);
+        Ticket serviceTicket = ticketFactory.getTicket( clientPrincipal, serverPrincipal,
serverKey );
+
+        EncryptionKey subSessionKey = RandomKeyFactory.getRandomKey( EncryptionType.DES_CBC_MD5
);
+
+        ApOptions apOptions = new ApOptions();
+
+        AuthenticatorModifier modifier = new AuthenticatorModifier();
+        modifier.setVersionNumber( 5 );
+        modifier.setClientRealm( "EXAMPLE.COM" );
+
+        PrincipalNameModifier clientModifier = new PrincipalNameModifier();
+        clientModifier.addName( "hnelson" );
+        clientModifier.setType( PrincipalNameType.KRB_NT_PRINCIPAL.getOrdinal() );
+
+        modifier.setClientName( clientModifier.getPrincipalName() );
+        modifier.setClientTime( new KerberosTime() );
+        modifier.setClientMicroSecond( 0 );
+
+        EncryptedData encryptedAuthenticator = cipherTextHandler.seal( serverKey, modifier.getAuthenticator(),
+            KeyUsage.NUMBER11 );
+
+        ApplicationRequest apReq = new ApplicationRequest( apOptions, serviceTicket, encryptedAuthenticator
);
+
+        String newPassword = "secretsecret";
+
+        PrivateMessage priv = getSetPasswordPrivateMessage( newPassword, subSessionKey, clientModifier
+            .getPrincipalName() );
+
+        ChangePasswordRequest message = new ChangePasswordRequest( ( short ) 0xFF80, apReq,
priv );
+
+        handler.messageReceived( session, message );
+
+        ChangePasswordError reply = ( ChangePasswordError ) session.getMessage();
+        ErrorMessage error = reply.getErrorMessage();
+        assertEquals( "Protocol version unsupported", 6, error.getErrorCode() );
+    }
+
+
+    /*
+     * Legacy kpasswd (Change Password) version.  User data is the password bytes.
+     */
+    private PrivateMessage getChangePasswordPrivateMessage( String newPassword, EncryptionKey
subSessionKey )
+        throws UnsupportedEncodingException, KerberosException, UnknownHostException
+    {
+        // Make private message part.
+        EncKrbPrivPartModifier privPartModifier = new EncKrbPrivPartModifier();
+        privPartModifier.setUserData( newPassword.getBytes( "UTF-8" ) );
+        privPartModifier.setSenderAddress( new HostAddress( InetAddress.getLocalHost() )
);
+        EncKrbPrivPart encReqPrivPart = privPartModifier.getEncKrbPrivPart();
+
+        // Seal private message part.
+        EncryptedData encryptedPrivPart = cipherTextHandler.seal( subSessionKey, encReqPrivPart,
KeyUsage.NUMBER13 );
+
+        // Make private message with private message part.
+        PrivateMessage privateMessage = new PrivateMessage();
+        privateMessage.setProtocolVersionNumber( 5 );
+        privateMessage.setMessageType( MessageType.ENC_PRIV_PART );
+        privateMessage.setEncryptedPart( encryptedPrivPart );
+
+        return privateMessage;
+    }
+
+
+    /*
+     * Set/Change Password version.  User data is an encoding of the new password and the
target principal.
+     */
+    private PrivateMessage getSetPasswordPrivateMessage( String newPassword, EncryptionKey
subSessionKey,
+        PrincipalName targetPrincipalName ) throws UnsupportedEncodingException, KerberosException,
+        UnknownHostException, IOException
+    {
+        // Make private message part.
+        EncKrbPrivPartModifier privPartModifier = new EncKrbPrivPartModifier();
+
+        ChangePasswordDataModifier dataModifier = new ChangePasswordDataModifier();
+        dataModifier.setNewPassword( "secretsecret".getBytes() );
+        dataModifier.setTargetName( targetPrincipalName );
+        dataModifier.setTargetRealm( "EXAMPLE.COM" );
+        ChangePasswordData data = dataModifier.getChangePasswdData();
+
+        ChangePasswordDataEncoder encoder = new ChangePasswordDataEncoder();
+        byte[] dataBytes = encoder.encode( data );
+
+        privPartModifier.setUserData( dataBytes );
+
+        privPartModifier.setSenderAddress( new HostAddress( InetAddress.getLocalHost() )
);
+        EncKrbPrivPart encReqPrivPart = privPartModifier.getEncKrbPrivPart();
+
+        // Seal private message part.
+        EncryptedData encryptedPrivPart = cipherTextHandler.seal( subSessionKey, encReqPrivPart,
KeyUsage.NUMBER13 );
+
+        // Make private message with private message part.
+        PrivateMessage privateMessage = new PrivateMessage();
+        privateMessage.setProtocolVersionNumber( 5 );
+        privateMessage.setMessageType( MessageType.ENC_PRIV_PART );
+        privateMessage.setEncryptedPart( encryptedPrivPart );
+
+        return privateMessage;
+    }
+
+    private static class DummySession extends BaseIoSession
+    {
+        Object message;
+
+
+        @Override
+        public WriteFuture write( Object message )
+        {
+            this.message = message;
+
+            return super.write( message );
+        }
+
+
+        public Object getMessage()
+        {
+            return message;
+        }
+
+
+        protected void updateTrafficMask()
+        {
+        }
+
+
+        public IoService getService()
+        {
+            return null;
+        }
+
+
+        public IoHandler getHandler()
+        {
+            return null;
+        }
+
+
+        public IoFilterChain getFilterChain()
+        {
+            return null;
+        }
+
+
+        public TransportType getTransportType()
+        {
+            return null;
+        }
+
+
+        public SocketAddress getRemoteAddress()
+        {
+            return new InetSocketAddress( 10464 );
+        }
+
+
+        public SocketAddress getLocalAddress()
+        {
+            return null;
+        }
+
+
+        public IoSessionConfig getConfig()
+        {
+            return null;
+        }
+
+
+        public int getScheduledWriteRequests()
+        {
+            return 0;
+        }
+
+
+        public SocketAddress getServiceAddress()
+        {
+            return null;
+        }
+
+
+        public IoServiceConfig getServiceConfig()
+        {
+            return null;
+        }
+
+
+        public int getScheduledWriteBytes()
+        {
+            return 0;
+        }
+    }
+}

Propchange: directory/apacheds/trunk/protocol-changepw/src/test/java/org/apache/directory/server/changepw/protocol/ChangepwProtocolHandlerTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: directory/apacheds/trunk/protocol-changepw/src/test/java/org/apache/directory/server/changepw/protocol/MapPrincipalStoreImpl.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-changepw/src/test/java/org/apache/directory/server/changepw/protocol/MapPrincipalStoreImpl.java?view=auto&rev=557186
==============================================================================
--- directory/apacheds/trunk/protocol-changepw/src/test/java/org/apache/directory/server/changepw/protocol/MapPrincipalStoreImpl.java
(added)
+++ directory/apacheds/trunk/protocol-changepw/src/test/java/org/apache/directory/server/changepw/protocol/MapPrincipalStoreImpl.java
Wed Jul 18 00:43:24 2007
@@ -0,0 +1,111 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.directory.server.changepw.protocol;
+
+
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.security.auth.kerberos.KerberosPrincipal;
+
+import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
+import org.apache.directory.server.kerberos.shared.crypto.encryption.KerberosKeyFactory;
+import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
+import org.apache.directory.server.kerberos.shared.store.PrincipalStore;
+import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntry;
+import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntryModifier;
+
+
+/**
+ * An implementation of {@link PrincipalStore} that is backed by a {@link Map}.  This
+ * store implements both getPrincipal and changePassword, as required by the Set/Change Password
+ * service.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev$, $Date$
+ */
+public class MapPrincipalStoreImpl implements PrincipalStore
+{
+    private static Map<KerberosPrincipal, PrincipalStoreEntry> store = new HashMap<KerberosPrincipal,
PrincipalStoreEntry>();
+
+    static
+    {
+        String principalName = "hnelson@EXAMPLE.COM";
+        String passPhrase = "secret";
+
+        PrincipalStoreEntry entry = getEntry( principalName, passPhrase );
+
+        store.put( entry.getPrincipal(), entry );
+
+        principalName = "kadmin/changepw@EXAMPLE.COM";
+        passPhrase = "secret";
+
+        entry = getEntry( principalName, passPhrase );
+
+        store.put( entry.getPrincipal(), entry );
+    }
+
+
+    public PrincipalStoreEntry getPrincipal( KerberosPrincipal principal ) throws Exception
+    {
+        PrincipalStoreEntry entry = store.get( principal );
+
+        return entry;
+    }
+
+
+    public String changePassword( KerberosPrincipal principal, String newPassword ) throws
Exception
+    {
+        return principal.getName();
+    }
+
+
+    public String addPrincipal( PrincipalStoreEntry entry ) throws Exception
+    {
+        return null;
+    }
+
+
+    public String deletePrincipal( KerberosPrincipal principal ) throws Exception
+    {
+        return null;
+    }
+
+
+    public PrincipalStoreEntry[] getAllPrincipals( String realm ) throws Exception
+    {
+        return null;
+    }
+
+
+    private static PrincipalStoreEntry getEntry( String principalName, String passPhrase
)
+    {
+        KerberosPrincipal clientPrincipal = new KerberosPrincipal( principalName );
+
+        PrincipalStoreEntryModifier modifier = new PrincipalStoreEntryModifier();
+        modifier.setPrincipal( clientPrincipal );
+
+        Map<EncryptionType, EncryptionKey> keyMap = KerberosKeyFactory.getKerberosKeys(
principalName, passPhrase );
+
+        modifier.setKeyMap( keyMap );
+
+        return modifier.getEntry();
+    }
+}

Propchange: directory/apacheds/trunk/protocol-changepw/src/test/java/org/apache/directory/server/changepw/protocol/MapPrincipalStoreImpl.java
------------------------------------------------------------------------------
    svn:eol-style = native



Mime
View raw message