directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From erodrig...@apache.org
Subject svn commit: r562624 - in /directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol: AuthenticationServiceTest.java PreAuthenticationTest.java
Date Sat, 04 Aug 2007 00:10:32 GMT
Author: erodriguez
Date: Fri Aug  3 17:10:31 2007
New Revision: 562624

URL: http://svn.apache.org/viewvc?view=rev&rev=562624
Log:
Moved 3 pre-authentication tests from the AS test class to a new test class specifically for
pre-authentication tests, in preparation for increasing pre-authentication test coverage.

Added:
    directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/PreAuthenticationTest.java
  (with props)
Modified:
    directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/AuthenticationServiceTest.java

Modified: directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/AuthenticationServiceTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/AuthenticationServiceTest.java?view=diff&rev=562624&r1=562623&r2=562624
==============================================================================
--- directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/AuthenticationServiceTest.java
(original)
+++ directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/AuthenticationServiceTest.java
Fri Aug  3 17:10:31 2007
@@ -158,111 +158,6 @@
 
 
     /**
-     * Tests when the KDC configuration requires pre-authentication by encrypted
-     * timestamp that an AS_REQ without pre-authentication is rejected with the
-     * correct error message.
-     * 
-     * "If pre-authentication is required, but was not present in the request, an
-     * error message with the code KDC_ERR_PREAUTH_REQUIRED is returned, and a
-     * METHOD-DATA object will be stored in the e-data field of the KRB-ERROR
-     * message to specify which pre-authentication mechanisms are acceptable."
-     */
-    public void testPreAuthenticationRequired()
-    {
-        RequestBodyModifier modifier = new RequestBodyModifier();
-        modifier.setClientName( getPrincipalName( "hnelson" ) );
-        modifier.setServerName( getPrincipalName( "hnelson" ) );
-        modifier.setRealm( "EXAMPLE.COM" );
-        modifier.setEType( config.getEncryptionTypes() );
-
-        KdcRequest message = new KdcRequest( 5, MessageType.KRB_AS_REQ, null, modifier.getRequestBody()
);
-
-        handler.messageReceived( session, message );
-
-        ErrorMessage error = ( ErrorMessage ) session.getMessage();
-        assertEquals( "Additional pre-authentication required", 25, error.getErrorCode()
);
-    }
-
-
-    /**
-     * Tests when the KDC configuration requires pre-authentication by encrypted
-     * timestamp that an AS_REQ with pre-authentication using an incorrect key is
-     * rejected with the correct error message.
-     * 
-     * "If required to do so, the server pre-authenticates the request, and
-     * if the pre-authentication check fails, an error message with the code
-     * KDC_ERR_PREAUTH_FAILED is returned."
-     * 
-     * @throws Exception 
-     */
-    public void testPreAuthenticationIntegrityFailed() throws Exception
-    {
-        RequestBodyModifier modifier = new RequestBodyModifier();
-        modifier.setClientName( getPrincipalName( "hnelson" ) );
-        modifier.setServerName( getPrincipalName( "krbtgt/EXAMPLE.COM@EXAMPLE.COM" ) );
-        modifier.setRealm( "EXAMPLE.COM" );
-        modifier.setEType( config.getEncryptionTypes() );
-
-        modifier.setKdcOptions( new KdcOptions() );
-
-        long now = System.currentTimeMillis();
-
-        KerberosTime requestedEndTime = new KerberosTime( now + KerberosTime.DAY );
-        modifier.setTill( requestedEndTime );
-
-        KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM"
);
-
-        String passPhrase = "badpassword";
-        PreAuthenticationData[] paData = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase
);
-
-        KdcRequest message = new KdcRequest( 5, MessageType.KRB_AS_REQ, paData, modifier.getRequestBody()
);
-
-        handler.messageReceived( session, message );
-
-        ErrorMessage error = ( ErrorMessage ) session.getMessage();
-        assertEquals( "Integrity check on decrypted field failed", 31, error.getErrorCode()
);
-    }
-
-
-    /**
-     * "If required to do so, the server pre-authenticates the request, and
-     * if the pre-authentication check fails, an error message with the code
-     * KDC_ERR_PREAUTH_FAILED is returned."
-     * 
-     * @throws Exception 
-     */
-    public void testPreAuthenticationFailed() throws Exception
-    {
-        RequestBodyModifier modifier = new RequestBodyModifier();
-        modifier.setClientName( getPrincipalName( "hnelson" ) );
-        modifier.setServerName( getPrincipalName( "krbtgt/EXAMPLE.COM@EXAMPLE.COM" ) );
-        modifier.setRealm( "EXAMPLE.COM" );
-        modifier.setEType( config.getEncryptionTypes() );
-
-        modifier.setKdcOptions( new KdcOptions() );
-
-        long now = System.currentTimeMillis();
-
-        KerberosTime requestedEndTime = new KerberosTime( now + KerberosTime.DAY );
-        modifier.setTill( requestedEndTime );
-
-        KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM"
);
-
-        KerberosTime timeStamp = new KerberosTime( 0 );
-        String passPhrase = "secret";
-        PreAuthenticationData[] paData = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase,
timeStamp );
-
-        KdcRequest message = new KdcRequest( 5, MessageType.KRB_AS_REQ, paData, modifier.getRequestBody()
);
-
-        handler.messageReceived( session, message );
-
-        ErrorMessage error = ( ErrorMessage ) session.getMessage();
-
-        assertEquals( "Pre-authentication information was invalid", 24, error.getErrorCode()
);
-    }
-
-
-    /**
      * Test when an unsupported encryption type is requested, that the request is
      * rejected with the correct error message.
      * 

Added: directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/PreAuthenticationTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/PreAuthenticationTest.java?view=auto&rev=562624
==============================================================================
--- directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/PreAuthenticationTest.java
(added)
+++ directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/PreAuthenticationTest.java
Fri Aug  3 17:10:31 2007
@@ -0,0 +1,168 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.directory.server.kerberos.protocol;
+
+
+import javax.security.auth.kerberos.KerberosPrincipal;
+
+import org.apache.directory.server.kerberos.kdc.KdcConfiguration;
+import org.apache.directory.server.kerberos.shared.crypto.encryption.CipherTextHandler;
+import org.apache.directory.server.kerberos.shared.messages.ErrorMessage;
+import org.apache.directory.server.kerberos.shared.messages.KdcRequest;
+import org.apache.directory.server.kerberos.shared.messages.MessageType;
+import org.apache.directory.server.kerberos.shared.messages.value.KdcOptions;
+import org.apache.directory.server.kerberos.shared.messages.value.KerberosTime;
+import org.apache.directory.server.kerberos.shared.messages.value.PreAuthenticationData;
+import org.apache.directory.server.kerberos.shared.messages.value.RequestBodyModifier;
+import org.apache.directory.server.kerberos.shared.store.PrincipalStore;
+
+
+/**
+ * Tests pre-authentication processing in the Authentication Service (AS) via the
+ * {@link KerberosProtocolHandler}.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev$, $Date$
+ */
+public class PreAuthenticationTest extends AbstractAuthenticationServiceTest
+{
+    private KdcConfiguration config;
+    private PrincipalStore store;
+    private KerberosProtocolHandler handler;
+    private DummySession session;
+
+
+    /**
+     * Creates a new instance of {@link PreAuthenticationTest}.
+     */
+    public PreAuthenticationTest()
+    {
+        config = new KdcConfiguration();
+        store = new MapPrincipalStoreImpl();
+        handler = new KerberosProtocolHandler( config, store );
+        session = new DummySession();
+        lockBox = new CipherTextHandler();
+    }
+
+
+    /**
+     * Tests when the KDC configuration requires pre-authentication by encrypted
+     * timestamp that an AS_REQ without pre-authentication is rejected with the
+     * correct error message.
+     * 
+     * "If pre-authentication is required, but was not present in the request, an
+     * error message with the code KDC_ERR_PREAUTH_REQUIRED is returned, and a
+     * METHOD-DATA object will be stored in the e-data field of the KRB-ERROR
+     * message to specify which pre-authentication mechanisms are acceptable."
+     */
+    public void testPreAuthenticationRequired()
+    {
+        RequestBodyModifier modifier = new RequestBodyModifier();
+        modifier.setClientName( getPrincipalName( "hnelson" ) );
+        modifier.setServerName( getPrincipalName( "hnelson" ) );
+        modifier.setRealm( "EXAMPLE.COM" );
+        modifier.setEType( config.getEncryptionTypes() );
+
+        KdcRequest message = new KdcRequest( 5, MessageType.KRB_AS_REQ, null, modifier.getRequestBody()
);
+
+        handler.messageReceived( session, message );
+
+        ErrorMessage error = ( ErrorMessage ) session.getMessage();
+        assertEquals( "Additional pre-authentication required", 25, error.getErrorCode()
);
+    }
+
+
+    /**
+     * Tests when the KDC configuration requires pre-authentication by encrypted
+     * timestamp that an AS_REQ with pre-authentication using an incorrect key is
+     * rejected with the correct error message.
+     * 
+     * "If required to do so, the server pre-authenticates the request, and
+     * if the pre-authentication check fails, an error message with the code
+     * KDC_ERR_PREAUTH_FAILED is returned."
+     * 
+     * @throws Exception 
+     */
+    public void testPreAuthenticationIntegrityFailed() throws Exception
+    {
+        RequestBodyModifier modifier = new RequestBodyModifier();
+        modifier.setClientName( getPrincipalName( "hnelson" ) );
+        modifier.setServerName( getPrincipalName( "krbtgt/EXAMPLE.COM@EXAMPLE.COM" ) );
+        modifier.setRealm( "EXAMPLE.COM" );
+        modifier.setEType( config.getEncryptionTypes() );
+
+        modifier.setKdcOptions( new KdcOptions() );
+
+        long now = System.currentTimeMillis();
+
+        KerberosTime requestedEndTime = new KerberosTime( now + KerberosTime.DAY );
+        modifier.setTill( requestedEndTime );
+
+        KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM"
);
+
+        String passPhrase = "badpassword";
+        PreAuthenticationData[] paData = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase
);
+
+        KdcRequest message = new KdcRequest( 5, MessageType.KRB_AS_REQ, paData, modifier.getRequestBody()
);
+
+        handler.messageReceived( session, message );
+
+        ErrorMessage error = ( ErrorMessage ) session.getMessage();
+        assertEquals( "Integrity check on decrypted field failed", 31, error.getErrorCode()
);
+    }
+
+
+    /**
+     * "If required to do so, the server pre-authenticates the request, and
+     * if the pre-authentication check fails, an error message with the code
+     * KDC_ERR_PREAUTH_FAILED is returned."
+     * 
+     * @throws Exception 
+     */
+    public void testPreAuthenticationFailed() throws Exception
+    {
+        RequestBodyModifier modifier = new RequestBodyModifier();
+        modifier.setClientName( getPrincipalName( "hnelson" ) );
+        modifier.setServerName( getPrincipalName( "krbtgt/EXAMPLE.COM@EXAMPLE.COM" ) );
+        modifier.setRealm( "EXAMPLE.COM" );
+        modifier.setEType( config.getEncryptionTypes() );
+
+        modifier.setKdcOptions( new KdcOptions() );
+
+        long now = System.currentTimeMillis();
+
+        KerberosTime requestedEndTime = new KerberosTime( now + KerberosTime.DAY );
+        modifier.setTill( requestedEndTime );
+
+        KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM"
);
+
+        KerberosTime timeStamp = new KerberosTime( 0 );
+        String passPhrase = "secret";
+        PreAuthenticationData[] paData = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase,
timeStamp );
+
+        KdcRequest message = new KdcRequest( 5, MessageType.KRB_AS_REQ, paData, modifier.getRequestBody()
);
+
+        handler.messageReceived( session, message );
+
+        ErrorMessage error = ( ErrorMessage ) session.getMessage();
+
+        assertEquals( "Pre-authentication information was invalid", 24, error.getErrorCode()
);
+    }
+}

Propchange: directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/PreAuthenticationTest.java
------------------------------------------------------------------------------
    svn:eol-style = native



Mime
View raw message