directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From erodrig...@apache.org
Subject svn commit: r558318 [1/2] - in /directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol: AbstractTicketGrantingServiceTest.java EncTktInSkeyTest.java TicketGrantingServiceTest.java
Date Sat, 21 Jul 2007 11:51:24 GMT
Author: erodriguez
Date: Sat Jul 21 04:51:23 2007
New Revision: 558318

URL: http://svn.apache.org/viewvc?view=rev&rev=558318
Log:
Added test coverage for the Ticket-Granting Service (TGS).

Added:
    directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/AbstractTicketGrantingServiceTest.java
  (with props)
    directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/EncTktInSkeyTest.java
  (with props)
    directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/TicketGrantingServiceTest.java
  (with props)

Added: directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/AbstractTicketGrantingServiceTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/AbstractTicketGrantingServiceTest.java?view=auto&rev=558318
==============================================================================
--- directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/AbstractTicketGrantingServiceTest.java
(added)
+++ directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/AbstractTicketGrantingServiceTest.java
Sat Jul 21 04:51:23 2007
@@ -0,0 +1,425 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.directory.server.kerberos.protocol;
+
+
+import java.io.IOException;
+import java.net.InetSocketAddress;
+import java.net.SocketAddress;
+import java.security.SecureRandom;
+
+import javax.security.auth.kerberos.KerberosKey;
+import javax.security.auth.kerberos.KerberosPrincipal;
+
+import junit.framework.TestCase;
+
+import org.apache.directory.server.kerberos.shared.crypto.checksum.ChecksumHandler;
+import org.apache.directory.server.kerberos.shared.crypto.checksum.ChecksumType;
+import org.apache.directory.server.kerberos.shared.crypto.encryption.CipherTextHandler;
+import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
+import org.apache.directory.server.kerberos.shared.crypto.encryption.KeyUsage;
+import org.apache.directory.server.kerberos.shared.crypto.encryption.RandomKeyFactory;
+import org.apache.directory.server.kerberos.shared.exceptions.KerberosException;
+import org.apache.directory.server.kerberos.shared.io.encoder.ApplicationRequestEncoder;
+import org.apache.directory.server.kerberos.shared.io.encoder.KdcRequestEncoder;
+import org.apache.directory.server.kerberos.shared.messages.ApplicationRequest;
+import org.apache.directory.server.kerberos.shared.messages.KdcRequest;
+import org.apache.directory.server.kerberos.shared.messages.MessageType;
+import org.apache.directory.server.kerberos.shared.messages.components.Authenticator;
+import org.apache.directory.server.kerberos.shared.messages.components.AuthenticatorModifier;
+import org.apache.directory.server.kerberos.shared.messages.components.EncTicketPart;
+import org.apache.directory.server.kerberos.shared.messages.components.EncTicketPartModifier;
+import org.apache.directory.server.kerberos.shared.messages.components.Ticket;
+import org.apache.directory.server.kerberos.shared.messages.components.TicketModifier;
+import org.apache.directory.server.kerberos.shared.messages.value.ApOptions;
+import org.apache.directory.server.kerberos.shared.messages.value.Checksum;
+import org.apache.directory.server.kerberos.shared.messages.value.EncryptedData;
+import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
+import org.apache.directory.server.kerberos.shared.messages.value.KerberosTime;
+import org.apache.directory.server.kerberos.shared.messages.value.PreAuthenticationData;
+import org.apache.directory.server.kerberos.shared.messages.value.PreAuthenticationDataModifier;
+import org.apache.directory.server.kerberos.shared.messages.value.PreAuthenticationDataType;
+import org.apache.directory.server.kerberos.shared.messages.value.PrincipalName;
+import org.apache.directory.server.kerberos.shared.messages.value.PrincipalNameModifier;
+import org.apache.directory.server.kerberos.shared.messages.value.PrincipalNameType;
+import org.apache.directory.server.kerberos.shared.messages.value.RequestBody;
+import org.apache.directory.server.kerberos.shared.messages.value.TicketFlags;
+import org.apache.directory.server.kerberos.shared.messages.value.TransitedEncoding;
+import org.apache.mina.common.IoFilterChain;
+import org.apache.mina.common.IoHandler;
+import org.apache.mina.common.IoService;
+import org.apache.mina.common.IoServiceConfig;
+import org.apache.mina.common.IoSessionConfig;
+import org.apache.mina.common.TransportType;
+import org.apache.mina.common.WriteFuture;
+import org.apache.mina.common.support.BaseIoSession;
+
+
+/**
+ * Abstract base class for Ticket-Granting Service (TGS) tests, with utility methods
+ * for generating message components.
+ * 
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev$, $Date$
+ */
+public abstract class AbstractTicketGrantingServiceTest extends TestCase
+{
+    protected CipherTextHandler lockBox;
+    protected static final SecureRandom random = new SecureRandom();
+
+    /** Session attributes that must be verified. */
+    protected EncryptionKey sessionKey;
+    protected EncryptionKey subSessionKey;
+    protected int sequenceNumber;
+    protected KerberosTime now;
+    protected int clientMicroSeconds = 0;
+
+
+    protected Ticket getTgt( KerberosPrincipal clientPrincipal, KerberosPrincipal serverPrincipal,
String serverPassword )
+        throws Exception
+    {
+        EncryptionKey serverKey = getEncryptionKey( serverPrincipal, serverPassword );
+        return getTicket( clientPrincipal, serverPrincipal, serverKey );
+    }
+
+
+    /**
+     * Returns an encryption key derived from a principal name and passphrase.
+     *
+     * @param principal
+     * @param passPhrase
+     * @return The server's {@link EncryptionKey}.
+     */
+    protected EncryptionKey getEncryptionKey( KerberosPrincipal principal, String passPhrase
)
+    {
+        KerberosKey kerberosKey = new KerberosKey( principal, passPhrase.toCharArray(), "DES"
);
+        byte[] keyBytes = kerberosKey.getEncoded();
+        return new EncryptionKey( EncryptionType.DES_CBC_MD5, keyBytes );
+    }
+
+
+    /**
+     * Build the service ticket.  The service ticket contains the session key generated
+     * by the KDC for the client and service to use.  The service will unlock the
+     * authenticator with the session key from the ticket.  The principal in the ticket
+     * must equal the authenticator client principal.
+     * 
+     * If set in the AP Options, the Ticket can also be sealed with the session key.
+     * 
+     * @param clientPrincipal
+     * @param serverPrincipal
+     * @param serverKey 
+     * @return The {@link Ticket}.
+     * @throws KerberosException
+     */
+    protected Ticket getTicket( KerberosPrincipal clientPrincipal, KerberosPrincipal serverPrincipal,
+        EncryptionKey serverKey ) throws KerberosException
+    {
+        EncTicketPartModifier encTicketModifier = new EncTicketPartModifier();
+
+        TicketFlags ticketFlags = new TicketFlags();
+        ticketFlags.set( TicketFlags.RENEWABLE );
+        encTicketModifier.setFlags( ticketFlags );
+
+        EncryptionKey sessionKey = RandomKeyFactory.getRandomKey( EncryptionType.DES_CBC_MD5
);
+
+        encTicketModifier.setSessionKey( sessionKey );
+        encTicketModifier.setClientPrincipal( clientPrincipal );
+        encTicketModifier.setTransitedEncoding( new TransitedEncoding() );
+        encTicketModifier.setAuthTime( new KerberosTime() );
+
+        long now = System.currentTimeMillis();
+        KerberosTime endTime = new KerberosTime( now + KerberosTime.DAY );
+        encTicketModifier.setEndTime( endTime );
+
+        KerberosTime renewTill = new KerberosTime( now + KerberosTime.WEEK );
+        encTicketModifier.setRenewTill( renewTill );
+
+        EncTicketPart encTicketPart = encTicketModifier.getEncTicketPart();
+
+        EncryptedData encryptedTicketPart = lockBox.seal( serverKey, encTicketPart, KeyUsage.NUMBER2
);
+
+        TicketModifier ticketModifier = new TicketModifier();
+        ticketModifier.setTicketVersionNumber( 5 );
+        ticketModifier.setServerPrincipal( serverPrincipal );
+        ticketModifier.setEncPart( encryptedTicketPart );
+
+        Ticket ticket = ticketModifier.getTicket();
+
+        ticket.setEncTicketPart( encTicketPart );
+
+        return ticket;
+    }
+
+
+    protected EncTicketPartModifier getTicketArchetype( KerberosPrincipal clientPrincipal
) throws KerberosException
+    {
+        EncTicketPartModifier encTicketModifier = new EncTicketPartModifier();
+
+        TicketFlags ticketFlags = new TicketFlags();
+        ticketFlags.set( TicketFlags.RENEWABLE );
+        encTicketModifier.setFlags( ticketFlags );
+
+        EncryptionKey sessionKey = RandomKeyFactory.getRandomKey( EncryptionType.DES_CBC_MD5
);
+
+        encTicketModifier.setSessionKey( sessionKey );
+        encTicketModifier.setClientPrincipal( clientPrincipal );
+        encTicketModifier.setTransitedEncoding( new TransitedEncoding() );
+        encTicketModifier.setAuthTime( new KerberosTime() );
+
+        long now = System.currentTimeMillis();
+        KerberosTime endTime = new KerberosTime( now + KerberosTime.DAY );
+        encTicketModifier.setEndTime( endTime );
+
+        KerberosTime renewTill = new KerberosTime( now + KerberosTime.WEEK );
+        encTicketModifier.setRenewTill( renewTill );
+
+        return encTicketModifier;
+    }
+
+
+    protected Ticket getTicket( EncTicketPartModifier encTicketModifier, KerberosPrincipal
serverPrincipal,
+        EncryptionKey serverKey ) throws KerberosException
+    {
+        EncTicketPart encTicketPart = encTicketModifier.getEncTicketPart();
+
+        EncryptedData encryptedTicketPart = lockBox.seal( serverKey, encTicketPart, KeyUsage.NUMBER2
);
+
+        TicketModifier ticketModifier = new TicketModifier();
+        ticketModifier.setTicketVersionNumber( 5 );
+        ticketModifier.setServerPrincipal( serverPrincipal );
+        ticketModifier.setEncPart( encryptedTicketPart );
+
+        Ticket ticket = ticketModifier.getTicket();
+
+        ticket.setEncTicketPart( encTicketPart );
+
+        return ticket;
+    }
+
+
+    protected KdcRequest getKdcRequest( Ticket tgt, RequestBody requestBody ) throws Exception
+    {
+        return getKdcRequest( tgt, requestBody, ChecksumType.RSA_MD5 );
+    }
+
+
+    /**
+     * Create a KdcRequest, suitable for requesting a service Ticket.
+     */
+    protected KdcRequest getKdcRequest( Ticket tgt, RequestBody requestBody, ChecksumType
checksumType )
+        throws Exception
+    {
+        // Get the session key from the service ticket.
+        sessionKey = tgt.getSessionKey();
+
+        // Generate a new sequence number.
+        sequenceNumber = random.nextInt();
+        now = new KerberosTime();
+
+        EncryptedData authenticator = getAuthenticator( tgt.getClientPrincipal(), requestBody,
checksumType );
+
+        PreAuthenticationData[] paData = getPreAuthenticationData( tgt, authenticator );
+
+        return new KdcRequest( 5, MessageType.KRB_TGS_REQ, paData, requestBody );
+    }
+
+
+    /**
+     * Build the authenticator.  The authenticator communicates the sub-session key the
+     * service will use to unlock the private message.  The service will unlock the
+     * authenticator with the session key from the ticket.  The authenticator client
+     * principal must equal the principal in the ticket.  
+     *
+     * @param clientPrincipal
+     * @return The {@link EncryptedData} containing the {@link Authenticator}.
+     * @throws KerberosException
+     */
+    protected EncryptedData getAuthenticator( KerberosPrincipal clientPrincipal, RequestBody
requestBody,
+        ChecksumType checksumType ) throws IOException, KerberosException
+    {
+        AuthenticatorModifier authenticatorModifier = new AuthenticatorModifier();
+
+        clientMicroSeconds = random.nextInt();
+
+        authenticatorModifier.setVersionNumber( 5 );
+        authenticatorModifier.setClientPrincipal( clientPrincipal );
+        authenticatorModifier.setClientTime( now );
+        authenticatorModifier.setClientMicroSecond( clientMicroSeconds );
+        authenticatorModifier.setSubSessionKey( subSessionKey );
+        authenticatorModifier.setSequenceNumber( sequenceNumber );
+
+        Checksum checksum = getBodyChecksum( requestBody, checksumType );
+        authenticatorModifier.setChecksum( checksum );
+
+        Authenticator authenticator = authenticatorModifier.getAuthenticator();
+
+        EncryptedData encryptedAuthenticator = lockBox.seal( sessionKey, authenticator, KeyUsage.NUMBER11
);
+
+        return encryptedAuthenticator;
+    }
+
+
+    protected Checksum getBodyChecksum( RequestBody requestBody, ChecksumType checksumType
) throws IOException,
+        KerberosException
+    {
+        KdcRequestEncoder bodyEncoder = new KdcRequestEncoder();
+        byte[] bodyBytes = bodyEncoder.encodeRequestBody( requestBody );
+
+        ChecksumHandler checksumHandler = new ChecksumHandler();
+        return checksumHandler.calculateChecksum( checksumType, bodyBytes, null, KeyUsage.NUMBER8
);
+    }
+
+
+    /**
+     * Make new AP_REQ, aka the "auth header," and package it into pre-authentication data.
+     *
+     * @param ticket
+     * @param authenticator
+     * @return
+     * @throws IOException
+     */
+    protected PreAuthenticationData[] getPreAuthenticationData( Ticket ticket, EncryptedData
authenticator )
+        throws IOException
+    {
+        ApplicationRequest applicationRequest = new ApplicationRequest();
+        applicationRequest.setMessageType( MessageType.KRB_AP_REQ );
+        applicationRequest.setProtocolVersionNumber( 5 );
+        applicationRequest.setApOptions( new ApOptions() );
+        applicationRequest.setTicket( ticket );
+        applicationRequest.setEncPart( authenticator );
+
+        ApplicationRequestEncoder encoder = new ApplicationRequestEncoder();
+        byte[] encodedApReq = encoder.encode( applicationRequest );
+
+        PreAuthenticationData[] paData = new PreAuthenticationData[1];
+
+        PreAuthenticationDataModifier preAuth = new PreAuthenticationDataModifier();
+        preAuth.setDataType( PreAuthenticationDataType.PA_TGS_REQ );
+
+        preAuth.setDataValue( encodedApReq );
+
+        paData[0] = preAuth.getPreAuthenticationData();
+
+        return paData;
+    }
+
+
+    protected PrincipalName getPrincipalName( String principalName )
+    {
+        PrincipalNameModifier principalNameModifier = new PrincipalNameModifier();
+        principalNameModifier.addName( principalName );
+        principalNameModifier.setType( PrincipalNameType.KRB_NT_PRINCIPAL.getOrdinal() );
+
+        return principalNameModifier.getPrincipalName();
+    }
+
+    protected static class DummySession extends BaseIoSession
+    {
+        Object message;
+
+
+        @Override
+        public WriteFuture write( Object message )
+        {
+            this.message = message;
+
+            return super.write( message );
+        }
+
+
+        protected Object getMessage()
+        {
+            return message;
+        }
+
+
+        protected void updateTrafficMask()
+        {
+            // Do nothing.
+        }
+
+
+        public IoService getService()
+        {
+            return null;
+        }
+
+
+        public IoHandler getHandler()
+        {
+            return null;
+        }
+
+
+        public IoFilterChain getFilterChain()
+        {
+            return null;
+        }
+
+
+        public TransportType getTransportType()
+        {
+            return null;
+        }
+
+
+        public SocketAddress getRemoteAddress()
+        {
+            return new InetSocketAddress( 10088 );
+        }
+
+
+        public SocketAddress getLocalAddress()
+        {
+            return null;
+        }
+
+
+        public IoSessionConfig getConfig()
+        {
+            return null;
+        }
+
+
+        public int getScheduledWriteRequests()
+        {
+            return 0;
+        }
+
+
+        public SocketAddress getServiceAddress()
+        {
+            return null;
+        }
+
+
+        public IoServiceConfig getServiceConfig()
+        {
+            return null;
+        }
+
+
+        public int getScheduledWriteBytes()
+        {
+            return 0;
+        }
+    }
+}

Propchange: directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/AbstractTicketGrantingServiceTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/EncTktInSkeyTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/EncTktInSkeyTest.java?view=auto&rev=558318
==============================================================================
--- directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/EncTktInSkeyTest.java
(added)
+++ directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/EncTktInSkeyTest.java
Sat Jul 21 04:51:23 2007
@@ -0,0 +1,133 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.directory.server.kerberos.protocol;
+
+
+import javax.security.auth.kerberos.KerberosPrincipal;
+
+import org.apache.directory.server.kerberos.kdc.KdcConfiguration;
+import org.apache.directory.server.kerberos.shared.crypto.encryption.CipherTextHandler;
+import org.apache.directory.server.kerberos.shared.messages.ErrorMessage;
+import org.apache.directory.server.kerberos.shared.messages.KdcRequest;
+import org.apache.directory.server.kerberos.shared.messages.components.EncTicketPartModifier;
+import org.apache.directory.server.kerberos.shared.messages.components.Ticket;
+import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
+import org.apache.directory.server.kerberos.shared.messages.value.KdcOptions;
+import org.apache.directory.server.kerberos.shared.messages.value.KerberosTime;
+import org.apache.directory.server.kerberos.shared.messages.value.RequestBody;
+import org.apache.directory.server.kerberos.shared.messages.value.RequestBodyModifier;
+import org.apache.directory.server.kerberos.shared.store.PrincipalStore;
+
+
+/**
+ * Test case for RFC 4120 Section 3.7. "User-to-User Authentication Exchanges."  This
+ * is option "ENC-TKT-IN-SKEY."
+ * 
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev$, $Date$
+ */
+public class EncTktInSkeyTest extends AbstractTicketGrantingServiceTest
+{
+    private KdcConfiguration config;
+    private PrincipalStore store;
+    private KerberosProtocolHandler handler;
+    private DummySession session;
+
+
+    /**
+     * Creates a new instance of {@link EncTktInSkeyTest}.
+     */
+    public EncTktInSkeyTest()
+    {
+        config = new KdcConfiguration();
+
+        /*
+         * Body checksum verification must be disabled because we are bypassing
+         * the codecs, where the body bytes are set on the KdcRequest message.
+         */
+        config.setBodyChecksumVerified( false );
+
+        store = new MapPrincipalStoreImpl();
+        handler = new KerberosProtocolHandler( config, store );
+        session = new DummySession();
+        lockBox = new CipherTextHandler();
+    }
+
+
+    /**
+     * If the ENC-TKT-IN-SKEY option has been specified and an additional ticket
+     * has been included in the request, it indicates that the client is using
+     * user-to-user authentication to prove its identity to a server that does
+     * not have access to a persistent key.  Section 3.7 describes the effect
+     * of this option on the entire Kerberos protocol.  When generating the
+     * KRB_TGS_REP message, this option in the KRB_TGS_REQ message tells the KDC
+     * to decrypt the additional ticket using the key for the server to which the
+     * additional ticket was issued and to verify that it is a TGT.  If the name
+     * of the requested server is missing from the request, the name of the client
+     * in the additional ticket will be used.  Otherwise, the name of the requested
+     * server will be compared to the name of the client in the additional ticket.
+     * If it is different, the request will be rejected.  If the request succeeds,
+     * the session key from the additional ticket will be used to encrypt the new
+     * ticket that is issued instead of using the key of the server for which the
+     * new ticket will be used.
+     * 
+     * @throws Exception 
+     */
+    public void testEncTktInSkey() throws Exception
+    {
+        // Get the mutable ticket part.
+        KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM"
);
+        EncTicketPartModifier encTicketPartModifier = getTicketArchetype( clientPrincipal
);
+
+        // Make changes to test.
+
+        // Seal the ticket for the server.
+        KerberosPrincipal serverPrincipal = new KerberosPrincipal( "krbtgt/EXAMPLE.COM@EXAMPLE.COM"
);
+        String passPhrase = "randomKey";
+        EncryptionKey serverKey = getEncryptionKey( serverPrincipal, passPhrase );
+        Ticket tgt = getTicket( encTicketPartModifier, serverPrincipal, serverKey );
+
+        RequestBodyModifier modifier = new RequestBodyModifier();
+        modifier.setServerName( getPrincipalName( "ldap/ldap.example.com@EXAMPLE.COM" ) );
+        modifier.setRealm( "EXAMPLE.COM" );
+        modifier.setEType( config.getEncryptionTypes() );
+        modifier.setNonce( random.nextInt() );
+
+        KdcOptions kdcOptions = new KdcOptions();
+        kdcOptions.set( KdcOptions.ENC_TKT_IN_SKEY );
+        modifier.setKdcOptions( kdcOptions );
+
+        long now = System.currentTimeMillis();
+
+        KerberosTime requestedEndTime = new KerberosTime( now + 1 * KerberosTime.DAY );
+        modifier.setTill( requestedEndTime );
+
+        KerberosTime requestedRenewTillTime = new KerberosTime( now + KerberosTime.WEEK /
2 );
+        modifier.setRtime( requestedRenewTillTime );
+
+        RequestBody requestBody = modifier.getRequestBody();
+        KdcRequest message = getKdcRequest( tgt, requestBody );
+
+        handler.messageReceived( session, message );
+
+        ErrorMessage error = ( ErrorMessage ) session.getMessage();
+        assertEquals( "KDC cannot accommodate requested option", 13, error.getErrorCode()
);
+    }
+}

Propchange: directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/EncTktInSkeyTest.java
------------------------------------------------------------------------------
    svn:eol-style = native



Mime
View raw message