Mailing-List: contact commits-help@directory.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@directory.apache.org
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r561687 -
 /directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/AuthenticationServiceTest.java
Date: Wed, 01 Aug 2007 07:46:27 -0000
To: commits@directory.apache.org
From: erodriguez@apache.org
Message-Id: <20070801074628.06C5A1A981A@eris.apache.org>

Author: erodriguez
Date: Wed Aug  1 00:46:27 2007
New Revision: 561687

URL: http://svn.apache.org/viewvc?view=rev&rev=561687
Log:
Added new Authentication Service (AS) test case verifying ability to acquire non-TGS INITIAL service ticket.

Modified:
    directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/AuthenticationServiceTest.java

Modified: directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/AuthenticationServiceTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/AuthenticationServiceTest.java?view=diff&rev=561687&r1=561686&r2=561687
==============================================================================
--- directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/AuthenticationServiceTest.java (original)
+++ directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/AuthenticationServiceTest.java Wed Aug  1 00:46:27 2007
@@ -836,6 +836,49 @@
 
 
     /**
+     * Tests that a service ticket can be requested without the use of a TGT.  The
+     * returned service ticket will have the INITIAL flag set.
+     * 
+     * @throws Exception
+     */
+    public void testInitialServiceTicket() throws Exception
+    {
+        String servicePrincipalName = "ldap/ldap.example.com@EXAMPLE.COM";
+
+        RequestBodyModifier modifier = new RequestBodyModifier();
+        modifier.setClientName( getPrincipalName( "hnelson" ) );
+        modifier.setServerName( getPrincipalName( servicePrincipalName ) );
+        modifier.setRealm( "EXAMPLE.COM" );
+        modifier.setEType( config.getEncryptionTypes() );
+
+        modifier.setKdcOptions( new KdcOptions() );
+
+        long now = System.currentTimeMillis();
+        KerberosTime requestedEndTime = new KerberosTime( now + 1 * KerberosTime.DAY );
+        modifier.setTill( requestedEndTime );
+
+        KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
+        String passPhrase = "secret";
+        PreAuthenticationData[] paData = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase );
+
+        KdcRequest message = new KdcRequest( 5, MessageType.KRB_AS_REQ, paData, modifier.getRequestBody() );
+
+        handler.messageReceived( session, message );
+
+        AuthenticationReply reply = ( AuthenticationReply ) session.getMessage();
+
+        assertTrue( "INITIAL flag", reply.getFlags().get( TicketFlags.INITIAL ) );
+        assertFalse( "INVALID flag", reply.getFlags().get( TicketFlags.INVALID ) );
+
+        assertTrue( "INITIAL flag", reply.getTicket().getFlags().get( TicketFlags.INITIAL ) );
+        assertFalse( "INVALID flag", reply.getTicket().getFlags().get( TicketFlags.INVALID ) );
+
+        assertEquals( "Service principal name", reply.getServerPrincipal().getName(), servicePrincipalName );
+        assertEquals( "Service principal name", reply.getTicket().getServerPrincipal().getName(), servicePrincipalName );
+    }
+
+
+    /**
      * Tests whether a renewable ticket will be accepted in lieu of a non-renewable
      * ticket if the requested ticket expiration date cannot be satisfied by a
      * non-renewable ticket (due to configuration constraints).