directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From elecha...@apache.org
Subject svn commit: r578743 [8/12] - in /directory/apacheds/branches/apacheds-kerberos: kerberos-shared/ kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/ kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto...
Date Mon, 24 Sep 2007 10:18:45 GMT
Added: directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/value/types/PrincipalNameType.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/value/types/PrincipalNameType.java?rev=578743&view=auto
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/value/types/PrincipalNameType.java (added)
+++ directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/value/types/PrincipalNameType.java Mon Sep 24 03:18:05 2007
@@ -0,0 +1,178 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.directory.server.kerberos.shared.messages.value.types;
+
+
+/**
+ * An enum describing the differnet types of Principal.
+ * 
+ * Here is the list, taken from RFC 4120 :
+ *  NT-UNKNOWN        0    Name type not known
+ *  NT-PRINCIPAL      1    Just the name of the principal as in DCE,
+ *                           or for users
+ *  NT-SRV-INST       2    Service and other unique instance (krbtgt)
+ *  NT-SRV-HST        3    Service with host name as instance
+ *                           (telnet, rcommands)
+ *  NT-SRV-XHST       4    Service with host as remaining components
+ *  NT-UID            5    Unique ID
+ *  NT-X500-PRINCIPAL 6    Encoded X.509 Distinguished name [RFC2253]
+ *  NT-SMTP-NAME      7    Name in form of SMTP email name
+ *                           (e.g., user@example.com)
+ *  NT-ENTERPRISE    10    Enterprise name - may be mapped to principal
+ *                           name
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev: 540371 $, $Date: 2007-05-22 02:00:43 +0200 (Tue, 22 May 2007) $
+ */
+public enum PrincipalNameType
+{
+    /**
+     * Constant for the "Name type not known" principal name type.
+     */
+    KRB_NT_UNKNOWN( 0 ),
+
+    /**
+     * Constant for the "Just the name of the principal as in DCE, or for users" principal name type.
+     */
+    KRB_NT_PRINCIPAL( 1 ),
+
+    /**
+     * Constant for the "Service and other unique instance (krbtgt)" principal name type.
+     */
+    KRB_NT_SRV_INST( 2 ),
+
+    /**
+     * Constant for the "Service with host name as instance (telnet, rcommands)" principal name type.
+     */
+    KRB_NT_SRV_HST( 3 ),
+
+    /**
+     * Constant for the "Service with host as remaining components" principal name type.
+     */
+    KRB_NT_SRV_XHST( 4 ),
+
+    /**
+     * Constant for the "Unique ID" principal name type.
+     */
+    KRB_NT_UID( 5 ),
+
+    /**
+     * Constant for the "Encoded X.509 Distinguished name [RFC2253]" principal name type.
+     */
+    KRB_NT_X500_PRINCIPAL( 6 ),
+
+    /**
+     * Constant for the "Name in form of SMTP email name (e.g., user@example.com)" principal name type.
+     */
+    KRB_NT_SMTP_NAME( 7 ),
+
+    /**
+     * Constant for the "Enterprise name; may be mapped to principal name" principal name type.
+     */
+    KRB_NT_ENTERPRISE( 10 );
+
+    /**
+     * The value/code for the principal name type.
+     */
+    private final int ordinal;
+
+
+    /**
+     * Private constructor prevents construction outside of this class.
+     */
+    private PrincipalNameType( int ordinal )
+    {
+        this.ordinal = ordinal;
+    }
+
+
+    /**
+     * Returns the principal name type when specified by its ordinal.
+     *
+     * @param type
+     * @return The principal name type.
+     */
+    public static PrincipalNameType getTypeByOrdinal( int type )
+    {
+    	switch ( type )
+    	{
+	    	case 0 : return KRB_NT_UNKNOWN;
+	    	case 1 : return KRB_NT_PRINCIPAL;
+	    	case 2 : return KRB_NT_SRV_INST;
+	    	case 3 : return KRB_NT_SRV_HST;
+	    	case 4 : return KRB_NT_SRV_XHST;
+	    	case 5 : return KRB_NT_UID;
+	    	case 6 : return KRB_NT_X500_PRINCIPAL;
+	    	case 7 : return KRB_NT_SMTP_NAME;
+	    	case 10 : return KRB_NT_ENTERPRISE;
+    		default : return KRB_NT_UNKNOWN;
+    	}
+    }
+
+
+    /**
+     * Returns the number associated with this principal name type.
+     *
+     * @return The principal name type ordinal.
+     */
+    public int getOrdinal()
+    {
+        return ordinal;
+    }
+
+    /**
+     * @see Object#toString()
+     */
+    public String toString()
+    {
+    	switch ( this )
+    	{
+	    	case KRB_NT_UNKNOWN			: 
+	    		return "Name type not known" + "(" + ordinal + ")";
+	    		
+	    	case KRB_NT_PRINCIPAL		: 
+	    		return "Just the name of the principal as in DCE, or for users" + "(" + ordinal + ")";
+	    		
+	    	case KRB_NT_SRV_INST		: 
+	    		return "Service and other unique instance (krbtgt)" + "(" + ordinal + ")";
+	    	
+	    	case KRB_NT_SRV_HST			: 
+	    		return "Service with host name as instance (telnet, rcommands)" + "(" + ordinal + ")";
+	    	
+	    	case KRB_NT_SRV_XHST		: 
+	    		return "Service with host as remaining components" + "(" + ordinal + ")";
+	    	
+	    	case KRB_NT_UID				: 
+	    		return "Unique ID" + "(" + ordinal + ")";
+	    	
+	    	case KRB_NT_X500_PRINCIPAL	: 
+	    		return "Encoded X.509 Distinguished name [RFC2253]" + "(" + ordinal + ")";
+	    	
+	    	case KRB_NT_SMTP_NAME		: 
+	    		return "Name in form of SMTP email name (e.g., user@example.com)" + "(" + ordinal + ")";
+	    	
+	    	case KRB_NT_ENTERPRISE		: 
+	    		return "Enterprise name; may be mapped to principal name" + "(" + ordinal + ")";
+    		
+	    	default 					: 
+	    		return "unknown name type" + "(" + ordinal + ")";
+    	}
+    }
+}

Added: directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/value/types/SamType.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/value/types/SamType.java?rev=578743&view=auto
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/value/types/SamType.java (added)
+++ directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/value/types/SamType.java Mon Sep 24 03:18:05 2007
@@ -0,0 +1,140 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.directory.server.kerberos.shared.messages.value.types;
+
+
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+
+
+/**
+ * Type safe enumeration of Single-use Authentication Mechanism types
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev: 437041 $
+ */
+public final class SamType implements Comparable
+{
+    /*
+     * Enumeration elements are constructed once upon class loading.
+     * Order of appearance here determines the order of compareTo.
+     */
+
+    /** safe SAM type enum for Enigma Logic */
+    public static final SamType PA_SAM_TYPE_ENIGMA = new SamType( 1, "Enigma Logic" );
+
+    /** safe SAM type enum for Digital Pathways */
+    public static final SamType PA_SAM_TYPE_DIGI_PATH = new SamType( 2, "Digital Pathways" );
+
+    /** safe SAM type enum for S/key where KDC has key 0 */
+    public static final SamType PA_SAM_TYPE_SKEY_K0 = new SamType( 3, "S/key where KDC has key 0" );
+
+    /** safe SAM type enum for Traditional S/Key */
+    public static final SamType PA_SAM_TYPE_SKEY = new SamType( 4, "Traditional S/Key" );
+
+    /** safe SAM type enum for Security Dynamics */
+    public static final SamType PA_SAM_TYPE_SECURID = new SamType( 5, "Security Dynamics" );
+
+    /** safe SAM type enum for CRYPTOCard */
+    public static final SamType PA_SAM_TYPE_CRYPTOCARD = new SamType( 6, "CRYPTOCard" );
+
+    /** safe SAM type enum for Apache Software Foundation */
+    public static final SamType PA_SAM_TYPE_APACHE = new SamType( 7, "Apache Software Foundation" );
+
+    /** Array for building a List of VALUES. */
+    private static final SamType[] values =
+        { PA_SAM_TYPE_ENIGMA, PA_SAM_TYPE_DIGI_PATH, PA_SAM_TYPE_SKEY_K0, PA_SAM_TYPE_SKEY, PA_SAM_TYPE_SECURID,
+            PA_SAM_TYPE_CRYPTOCARD, PA_SAM_TYPE_APACHE };
+
+    /** a list of all the sam type constants */
+    public static final List VALUES = Collections.unmodifiableList( Arrays.asList( values ) );
+
+    /** the name of the sam type */
+    private final String name;
+
+    /** the value/code for the sam type */
+    private final int ordinal;
+
+
+    /**
+     * Private constructor prevents construction outside of this class.
+     */
+    private SamType(int ordinal, String name)
+    {
+        this.ordinal = ordinal;
+        this.name = name;
+    }
+
+
+    /**
+     * Returns the name of the SamType.
+     *
+     * @return the name of the SAM type
+     */
+    public String toString()
+    {
+        return name;
+    }
+
+
+    /**
+     * Compares this type to another object hopefully one that is of the same
+     * type.
+     *
+     * @param that the object to compare this SamType to
+     * @return ordinal - ( ( SamType ) that ).ordinal;
+     */
+    public int compareTo( Object that )
+    {
+        return ordinal - ( ( SamType ) that ).ordinal;
+    }
+
+
+    /**
+     * Gets the ordinal by its ordinal value.
+     *
+     * @param ordinal the ordinal value of the ordinal
+     * @return the type corresponding to the ordinal value
+     */
+    public static SamType getTypeByOrdinal( int ordinal )
+    {
+        for ( int ii = 0; ii < values.length; ii++ )
+        {
+            if ( values[ii].ordinal == ordinal )
+            {
+                return values[ii];
+            }
+        }
+
+        return PA_SAM_TYPE_APACHE;
+    }
+
+
+    /**
+     * Gets the ordinal value associated with this SAM type.
+     *
+     * @return the ordinal value associated with this SAM type
+     */
+    public int getOrdinal()
+    {
+        return ordinal;
+    }
+}

Added: directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/value/types/TransitedEncodingType.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/value/types/TransitedEncodingType.java?rev=578743&view=auto
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/value/types/TransitedEncodingType.java (added)
+++ directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/value/types/TransitedEncodingType.java Mon Sep 24 03:18:05 2007
@@ -0,0 +1,107 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.directory.server.kerberos.shared.messages.value.types;
+
+
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+
+
+/**
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev: 540371 $, $Date: 2007-05-22 02:00:43 +0200 (Tue, 22 May 2007) $
+ */
+public enum TransitedEncodingType
+{
+    /**
+     * Constant for the "null" transited encoding type.
+     */
+    NULL( 0 ),
+
+    /**
+     * Constant for the "Domain X500 compress" transited encoding type.
+     */
+    DOMAIN_X500_COMPRESS( 1 );
+
+    /**
+     * Array for building a List of VALUES.
+     */
+    private static final TransitedEncodingType[] values =
+        { NULL, DOMAIN_X500_COMPRESS };
+
+    /**
+     * A List of all the transited encoding type constants.
+     */
+    public static final List VALUES = Collections.unmodifiableList( Arrays.asList( values ) );
+
+    /**
+     * The value/code for the transited encoding type.
+     */
+    private final int ordinal;
+
+
+    /**
+     * Private constructor prevents construction outside of this class.
+     */
+    private TransitedEncodingType( int ordinal )
+    {
+        this.ordinal = ordinal;
+    }
+
+
+    /**
+     * Returns the transited encoding type when specified by its ordinal.
+     *
+     * @param type
+     * @return The transited encoding type.
+     */
+    public static TransitedEncodingType getTypeByOrdinal( int type )
+    {
+    	switch ( type )
+    	{
+    		case 1 	: return DOMAIN_X500_COMPRESS;
+    		default : return NULL;
+    	}
+    }
+
+
+    /**
+     * Returns the number associated with this transited encoding type.
+     *
+     * @return The transited encoding type ordinal.
+     */
+    public int getOrdinal()
+    {
+        return ordinal;
+    }
+
+    /**
+     * @see Object#toString()
+     */
+    public String toString()
+    {
+    	switch ( this )
+    	{
+    		case DOMAIN_X500_COMPRESS :	return "Domain X500 compress (1)";
+    		default : 					return "null (0)";
+    	}
+    }
+}

Modified: directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/GetPrincipalStoreEntry.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/GetPrincipalStoreEntry.java?rev=578743&r1=578742&r2=578743&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/GetPrincipalStoreEntry.java (original)
+++ directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/GetPrincipalStoreEntry.java Mon Sep 24 03:18:05 2007
@@ -22,8 +22,8 @@
 
 import javax.security.auth.kerberos.KerberosPrincipal;
 
-import org.apache.directory.server.kerberos.shared.exceptions.ErrorType;
 import org.apache.directory.server.kerberos.shared.exceptions.KerberosException;
+import org.apache.directory.server.kerberos.shared.messages.value.types.KerberosErrorType;
 import org.apache.directory.server.kerberos.shared.store.PrincipalStore;
 import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntry;
 import org.apache.mina.handler.chain.IoHandlerCommand;
@@ -48,7 +48,7 @@
      * @return The PrincipalStoreEntry
      * @throws Exception
      */
-    public PrincipalStoreEntry getEntry( KerberosPrincipal principal, PrincipalStore store, ErrorType errorType )
+    public PrincipalStoreEntry getEntry( KerberosPrincipal principal, PrincipalStore store, KerberosErrorType errorType )
         throws Exception
     {
         PrincipalStoreEntry entry = null;
@@ -62,14 +62,9 @@
             throw new KerberosException( errorType, e );
         }
 
-        if ( entry == null )
+        if ( entry == null || entry.getKeyMap().isEmpty() )
         {
             throw new KerberosException( errorType );
-        }
-
-        if ( entry.getKeyMap() == null || entry.getKeyMap().isEmpty() )
-        {
-            throw new KerberosException( ErrorType.KDC_ERR_NULL_KEY );
         }
 
         return entry;

Modified: directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/VerifyAuthHeader.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/VerifyAuthHeader.java?rev=578743&r1=578742&r2=578743&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/VerifyAuthHeader.java (original)
+++ directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/VerifyAuthHeader.java Mon Sep 24 03:18:05 2007
@@ -22,22 +22,19 @@
 
 import java.net.InetAddress;
 
-import javax.security.auth.kerberos.KerberosPrincipal;
-
 import org.apache.directory.server.kerberos.shared.crypto.encryption.CipherTextHandler;
 import org.apache.directory.server.kerberos.shared.crypto.encryption.KeyUsage;
-import org.apache.directory.server.kerberos.shared.exceptions.ErrorType;
 import org.apache.directory.server.kerberos.shared.exceptions.KerberosException;
-import org.apache.directory.server.kerberos.shared.messages.ApplicationRequest;
 import org.apache.directory.server.kerberos.shared.messages.MessageType;
+import org.apache.directory.server.kerberos.shared.messages.application.ApplicationRequest;
 import org.apache.directory.server.kerberos.shared.messages.components.Authenticator;
 import org.apache.directory.server.kerberos.shared.messages.components.EncTicketPart;
 import org.apache.directory.server.kerberos.shared.messages.components.Ticket;
-import org.apache.directory.server.kerberos.shared.messages.value.ApOptions;
 import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
 import org.apache.directory.server.kerberos.shared.messages.value.HostAddress;
 import org.apache.directory.server.kerberos.shared.messages.value.KerberosTime;
-import org.apache.directory.server.kerberos.shared.messages.value.TicketFlags;
+import org.apache.directory.server.kerberos.shared.messages.value.flags.ApOption;
+import org.apache.directory.server.kerberos.shared.messages.value.types.KerberosErrorType;
 import org.apache.directory.server.kerberos.shared.replay.ReplayCache;
 import org.apache.mina.handler.chain.IoHandlerCommand;
 
@@ -65,32 +62,31 @@
      * @param clientAddress
      * @param lockBox
      * @param authenticatorKeyUsage
-     * @param isValidate
      * @return The authenticator.
      * @throws KerberosException
      */
     public Authenticator verifyAuthHeader( ApplicationRequest authHeader, Ticket ticket, EncryptionKey serverKey,
         long clockSkew, ReplayCache replayCache, boolean emptyAddressesAllowed, InetAddress clientAddress,
-        CipherTextHandler lockBox, KeyUsage authenticatorKeyUsage, boolean isValidate ) throws KerberosException
+        CipherTextHandler lockBox, KeyUsage authenticatorKeyUsage ) throws KerberosException
     {
         if ( authHeader.getProtocolVersionNumber() != 5 )
         {
-            throw new KerberosException( ErrorType.KRB_AP_ERR_BADVERSION );
+            throw new KerberosException( KerberosErrorType.KRB_AP_ERR_BADVERSION );
         }
 
         if ( authHeader.getMessageType() != MessageType.KRB_AP_REQ )
         {
-            throw new KerberosException( ErrorType.KRB_AP_ERR_MSG_TYPE );
+            throw new KerberosException( KerberosErrorType.KRB_AP_ERR_MSG_TYPE );
         }
 
         if ( authHeader.getTicket().getVersionNumber() != 5 )
         {
-            throw new KerberosException( ErrorType.KRB_AP_ERR_BADVERSION );
+            throw new KerberosException( KerberosErrorType.KRB_AP_ERR_BADVERSION );
         }
 
         EncryptionKey ticketKey = null;
 
-        if ( authHeader.getOption( ApOptions.USE_SESSION_KEY ) )
+        if ( authHeader.getOption( ApOption.USE_SESSION_KEY ) )
         {
             ticketKey = authHeader.getTicket().getSessionKey();
         }
@@ -104,10 +100,10 @@
             // TODO - check server key version number, skvno; requires store
             if ( false )
             {
-                throw new KerberosException( ErrorType.KRB_AP_ERR_BADKEYVER );
+                throw new KerberosException( KerberosErrorType.KRB_AP_ERR_BADKEYVER );
             }
 
-            throw new KerberosException( ErrorType.KRB_AP_ERR_NOKEY );
+            throw new KerberosException( KerberosErrorType.KRB_AP_ERR_NOKEY );
         }
 
         EncTicketPart encPart = ( EncTicketPart ) lockBox.unseal( EncTicketPart.class, ticketKey, ticket.getEncPart(),
@@ -119,65 +115,50 @@
 
         if ( !authenticator.getClientPrincipal().getName().equals( ticket.getClientPrincipal().getName() ) )
         {
-            throw new KerberosException( ErrorType.KRB_AP_ERR_BADMATCH );
+            throw new KerberosException( KerberosErrorType.KRB_AP_ERR_BADMATCH );
         }
 
         if ( ticket.getClientAddresses() != null )
         {
             if ( !ticket.getClientAddresses().contains( new HostAddress( clientAddress ) ) )
             {
-                throw new KerberosException( ErrorType.KRB_AP_ERR_BADADDR );
+                throw new KerberosException( KerberosErrorType.KRB_AP_ERR_BADADDR );
             }
         }
         else
         {
             if ( !emptyAddressesAllowed )
             {
-                throw new KerberosException( ErrorType.KRB_AP_ERR_BADADDR );
+                throw new KerberosException( KerberosErrorType.KRB_AP_ERR_BADADDR );
             }
         }
 
-        KerberosPrincipal serverPrincipal = ticket.getServerPrincipal();
-        KerberosPrincipal clientPrincipal = authenticator.getClientPrincipal();
-        KerberosTime clientTime = authenticator.getClientTime();
-        int clientMicroSeconds = authenticator.getClientMicroSecond();
-
-        if ( replayCache.isReplay( serverPrincipal, clientPrincipal, clientTime, clientMicroSeconds ) )
+        if ( replayCache.isReplay( authenticator.getClientTime(), authenticator.getClientPrincipal() ) )
         {
-            throw new KerberosException( ErrorType.KRB_AP_ERR_REPEAT );
+            throw new KerberosException( KerberosErrorType.KRB_AP_ERR_REPEAT );
         }
 
-        replayCache.save( serverPrincipal, clientPrincipal, clientTime, clientMicroSeconds );
+        replayCache.save( authenticator.getClientTime(), authenticator.getClientPrincipal() );
 
         if ( !authenticator.getClientTime().isInClockSkew( clockSkew ) )
         {
-            throw new KerberosException( ErrorType.KRB_AP_ERR_SKEW );
+            throw new KerberosException( KerberosErrorType.KRB_AP_ERR_SKEW );
         }
 
-        /*
-         * "The server computes the age of the ticket: local (server) time minus
-         * the starttime inside the Ticket.  If the starttime is later than the
-         * current time by more than the allowable clock skew, or if the INVALID
-         * flag is set in the ticket, the KRB_AP_ERR_TKT_NYV error is returned."
-         */
-        KerberosTime startTime = ( ticket.getStartTime() != null ) ? ticket.getStartTime() : ticket.getAuthTime();
-
-        KerberosTime now = new KerberosTime();
-        boolean isValidStartTime = startTime.lessThan( now );
-
-        if ( !isValidStartTime || ( ticket.getFlag( TicketFlags.INVALID ) && !isValidate ) )
+        if ( ticket.getStartTime() != null && !ticket.getStartTime().isInClockSkew( clockSkew )
+            || ticket.getFlags().isInvalid() )
         {
             // it hasn't yet become valid
-            throw new KerberosException( ErrorType.KRB_AP_ERR_TKT_NYV );
+            throw new KerberosException( KerberosErrorType.KRB_AP_ERR_TKT_NYV );
         }
 
         // TODO - doesn't take into account skew
-        if ( !ticket.getEndTime().greaterThan( now ) )
+        if ( !ticket.getEndTime().greaterThan( new KerberosTime() ) )
         {
-            throw new KerberosException( ErrorType.KRB_AP_ERR_TKT_EXPIRED );
+            throw new KerberosException( KerberosErrorType.KRB_AP_ERR_TKT_EXPIRED );
         }
 
-        authHeader.setOption( ApOptions.MUTUAL_REQUIRED );
+        authHeader.setOption( ApOption.MUTUAL_REQUIRED );
 
         return authenticator;
     }

Added: directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/VerifyTicket.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/VerifyTicket.java?rev=578743&view=auto
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/VerifyTicket.java (added)
+++ directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/VerifyTicket.java Mon Sep 24 03:18:05 2007
@@ -0,0 +1,63 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.directory.server.kerberos.shared.service;
+
+
+import javax.security.auth.kerberos.KerberosPrincipal;
+
+import org.apache.directory.server.kerberos.shared.exceptions.KerberosException;
+import org.apache.directory.server.kerberos.shared.messages.components.Ticket;
+import org.apache.directory.server.kerberos.shared.messages.value.types.KerberosErrorType;
+import org.apache.mina.handler.chain.IoHandlerCommand;
+
+
+/**
+ * Shared by TGS and Changepw.
+ * 
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev: 540371 $, $Date: 2007-05-22 02:00:43 +0200 (Tue, 22 May 2007) $
+ */
+public abstract class VerifyTicket implements IoHandlerCommand
+{
+    private String contextKey = "context";
+
+
+    /**
+     * Verifies a Ticket given a realm and the server principal.
+     *
+     * @param ticket
+     * @param primaryRealm
+     * @param serverPrincipal
+     * @throws Exception
+     */
+    public void verifyTicket( Ticket ticket, String primaryRealm, KerberosPrincipal serverPrincipal ) throws Exception
+    {
+        if ( !ticket.getRealm().equals( primaryRealm ) && !ticket.getServerPrincipal().equals( serverPrincipal ) )
+        {
+            throw new KerberosException( KerberosErrorType.KRB_AP_ERR_NOT_US );
+        }
+    }
+
+
+    protected String getContextKey()
+    {
+        return ( this.contextKey );
+    }
+}

Modified: directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/PrincipalStore.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/PrincipalStore.java?rev=578743&r1=578742&r2=578743&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/PrincipalStore.java (original)
+++ directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/PrincipalStore.java Mon Sep 24 03:18:05 2007
@@ -23,6 +23,7 @@
 import javax.security.auth.kerberos.KerberosPrincipal;
 
 
+
 /**
  * The store interface used by Kerberos services.
  * 

Modified: directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/PrincipalStoreEntry.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/PrincipalStoreEntry.java?rev=578743&r1=578742&r2=578743&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/PrincipalStoreEntry.java (original)
+++ directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/PrincipalStoreEntry.java Mon Sep 24 03:18:05 2007
@@ -27,7 +27,7 @@
 import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
 import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
 import org.apache.directory.server.kerberos.shared.messages.value.KerberosTime;
-import org.apache.directory.server.kerberos.shared.messages.value.SamType;
+import org.apache.directory.server.kerberos.shared.messages.value.types.SamType;
 
 
 /**

Modified: directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/PrincipalStoreEntryModifier.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/PrincipalStoreEntryModifier.java?rev=578743&r1=578742&r2=578743&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/PrincipalStoreEntryModifier.java (original)
+++ directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/PrincipalStoreEntryModifier.java Mon Sep 24 03:18:05 2007
@@ -32,7 +32,7 @@
 import org.apache.directory.server.kerberos.shared.io.decoder.EncryptionKeyDecoder;
 import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
 import org.apache.directory.server.kerberos.shared.messages.value.KerberosTime;
-import org.apache.directory.server.kerberos.shared.messages.value.SamType;
+import org.apache.directory.server.kerberos.shared.messages.value.types.SamType;
 
 
 /**

Modified: directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/TicketFactory.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/TicketFactory.java?rev=578743&r1=578742&r2=578743&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/TicketFactory.java (original)
+++ directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/TicketFactory.java Mon Sep 24 03:18:05 2007
@@ -22,6 +22,7 @@
 
 import java.io.IOException;
 import java.net.InetAddress;
+import java.text.ParseException;
 import java.util.Date;
 
 import javax.security.auth.kerberos.KerberosKey;
@@ -35,14 +36,15 @@
 import org.apache.directory.server.kerberos.shared.exceptions.KerberosException;
 import org.apache.directory.server.kerberos.shared.io.encoder.TicketEncoder;
 import org.apache.directory.server.kerberos.shared.messages.components.EncTicketPart;
-import org.apache.directory.server.kerberos.shared.messages.components.EncTicketPartModifier;
 import org.apache.directory.server.kerberos.shared.messages.components.Ticket;
 import org.apache.directory.server.kerberos.shared.messages.components.TicketModifier;
 import org.apache.directory.server.kerberos.shared.messages.value.EncryptedData;
 import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
 import org.apache.directory.server.kerberos.shared.messages.value.KerberosTime;
-import org.apache.directory.server.kerberos.shared.messages.value.TicketFlags;
 import org.apache.directory.server.kerberos.shared.messages.value.TransitedEncoding;
+import org.apache.directory.server.kerberos.shared.messages.value.flags.TicketFlag;
+import org.apache.directory.server.kerberos.shared.messages.value.flags.TicketFlags;
+import org.apache.directory.server.kerberos.shared.messages.value.types.KerberosErrorType;
 
 
 /**
@@ -70,9 +72,10 @@
     public EncryptionKey getServerKey( KerberosPrincipal serverPrincipal, String serverPassword )
     {
         KerberosKey serverKerberosKey = new KerberosKey( serverPrincipal, serverPassword.toCharArray(), "DES" );
+        
         byte[] serverKeyBytes = serverKerberosKey.getEncoded();
         EncryptionKey serverKey = new EncryptionKey( EncryptionType.DES_CBC_MD5, serverKeyBytes );
-
+        
         return serverKey;
     }
 
@@ -94,29 +97,37 @@
     public Ticket getTicket( KerberosPrincipal clientPrincipal, KerberosPrincipal serverPrincipal,
         EncryptionKey serverKey ) throws KerberosException
     {
-        EncTicketPartModifier encTicketModifier = new EncTicketPartModifier();
+        EncTicketPart ticketPart = new EncTicketPart();
 
         TicketFlags ticketFlags = new TicketFlags();
-        ticketFlags.set( TicketFlags.RENEWABLE );
-        encTicketModifier.setFlags( ticketFlags );
+        ticketFlags.setFlag( TicketFlag.RENEWABLE );
+        
+        ticketPart.setFlags( ticketFlags );
 
         EncryptionKey sessionKey = RandomKeyFactory.getRandomKey( EncryptionType.DES_CBC_MD5 );
 
-        encTicketModifier.setSessionKey( sessionKey );
-        encTicketModifier.setClientPrincipal( clientPrincipal );
-        encTicketModifier.setTransitedEncoding( new TransitedEncoding() );
-        encTicketModifier.setAuthTime( new KerberosTime() );
+        ticketPart.setSessionKey( sessionKey );
+        
+        try
+        {
+            ticketPart.setClientPrincipal( clientPrincipal );
+        }
+        catch ( ParseException pe )
+        {
+            throw new KerberosException( KerberosErrorType.KRB_ERR_GENERIC, "Bad principal name : " + clientPrincipal );
+        }
+        
+        ticketPart.setTransitedEncoding( new TransitedEncoding() );
+        ticketPart.setAuthTime( new KerberosTime() );
 
         long now = System.currentTimeMillis();
         KerberosTime endTime = new KerberosTime( now + ONE_DAY );
-        encTicketModifier.setEndTime( endTime );
+        ticketPart.setEndTime( endTime );
 
         KerberosTime renewTill = new KerberosTime( now + ONE_WEEK );
-        encTicketModifier.setRenewTill( renewTill );
-
-        EncTicketPart encTicketPart = encTicketModifier.getEncTicketPart();
+        ticketPart.setRenewTill( renewTill );
 
-        EncryptedData encryptedTicketPart = cipherTextHandler.seal( serverKey, encTicketPart, KeyUsage.NUMBER2 );
+        EncryptedData encryptedTicketPart = cipherTextHandler.seal( serverKey, ticketPart, KeyUsage.NUMBER2 );
 
         TicketModifier ticketModifier = new TicketModifier();
         ticketModifier.setTicketVersionNumber( 5 );
@@ -125,7 +136,7 @@
 
         Ticket ticket = ticketModifier.getTicket();
 
-        ticket.setEncTicketPart( encTicketPart );
+        ticket.setEncTicketPart( ticketPart );
 
         return ticket;
     }
@@ -142,7 +153,8 @@
     {
         byte[] asn1Encoding = TicketEncoder.encodeTicket( ticket );
 
-        KerberosPrincipal client = ticket.getClientPrincipal();
+        KerberosPrincipal clientPrincipal = 
+            new KerberosPrincipal( ticket.getClientPrincipalName().getNameComponent() + '@' + ticket.getClientRealm() );
         KerberosPrincipal server = ticket.getServerPrincipal();
         byte[] sessionKey = ticket.getSessionKey().getKeyValue();
         int keyType = ticket.getSessionKey().getKeyType().getOrdinal();
@@ -161,14 +173,14 @@
 
         Date renewTill = null;
 
-        if ( ticket.getFlag( TicketFlags.RENEWABLE ) )
+        if ( ticket.getFlags().isRenewable() )
         {
             renewTill = ( ticket.getRenewTill() != null ? ticket.getRenewTill().toDate() : null );
         }
 
         InetAddress[] clientAddresses = new InetAddress[0];
 
-        return new KerberosTicket( asn1Encoding, client, server, sessionKey, keyType, flags, authTime, startTime,
+        return new KerberosTicket( asn1Encoding, clientPrincipal, server, sessionKey, keyType, flags, authTime, startTime,
             endTime, renewTill, clientAddresses );
     }
 }

Modified: directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/operations/GetAllPrincipals.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/operations/GetAllPrincipals.java?rev=578743&r1=578742&r2=578743&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/operations/GetAllPrincipals.java (original)
+++ directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/operations/GetAllPrincipals.java Mon Sep 24 03:18:05 2007
@@ -39,7 +39,7 @@
 
 import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
 import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
-import org.apache.directory.server.kerberos.shared.messages.value.SamType;
+import org.apache.directory.server.kerberos.shared.messages.value.types.SamType;
 import org.apache.directory.server.kerberos.shared.store.KerberosAttribute;
 import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntry;
 import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntryModifier;

Modified: directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/operations/GetPrincipal.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/operations/GetPrincipal.java?rev=578743&r1=578742&r2=578743&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/operations/GetPrincipal.java (original)
+++ directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/operations/GetPrincipal.java Mon Sep 24 03:18:05 2007
@@ -37,7 +37,7 @@
 import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
 import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
 import org.apache.directory.server.kerberos.shared.messages.value.KerberosTime;
-import org.apache.directory.server.kerberos.shared.messages.value.SamType;
+import org.apache.directory.server.kerberos.shared.messages.value.types.SamType;
 import org.apache.directory.server.kerberos.shared.store.KerberosAttribute;
 import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntry;
 import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntryModifier;

Added: directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/checksum/KerberosUtilsTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/checksum/KerberosUtilsTest.java?rev=578743&view=auto
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/checksum/KerberosUtilsTest.java (added)
+++ directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/checksum/KerberosUtilsTest.java Mon Sep 24 03:18:05 2007
@@ -0,0 +1,131 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.directory.server.kerberos.shared.crypto.checksum;
+
+import java.text.ParseException;
+import java.util.List;
+
+import javax.security.auth.kerberos.KerberosPrincipal;
+
+import org.apache.directory.server.kerberos.shared.KerberosUtils;
+
+import junit.framework.TestCase;
+
+/**
+ * Test the KerberosUtils class
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public class KerberosUtilsTest extends TestCase
+{
+    public void setUp()
+    {
+        // First setup a default realm
+        System.setProperty( "java.security.krb5.realm", "APACHE.ORG" );
+        System.setProperty( "java.security.krb5.kdc", "localhost" );
+    }
+
+    public void testKerberosNameSimple() throws Exception
+    {
+        KerberosPrincipal kp = new KerberosPrincipal( "abc" );
+        List<String> names = KerberosUtils.getNames( kp );
+     
+        assertEquals( 1, names.size() );
+        assertEquals( "abc", names.get( 0 ) );
+    }
+
+    /**
+    public void testKerberosNameEscaped() throws Exception
+    {
+        KerberosPrincipal kp = new KerberosPrincipal( "abc\\//d\\@f/g\\\\hi" );
+        List<String> names = KerberosUtils.getNames( kp );
+     
+        assertEquals( 3, names.size() );
+        assertEquals( "abc\\/", names.get( 0 ) );
+        assertEquals( "d\\@g", names.get( 1 ) );
+        assertEquals( "g\\\\hi", names.get( 2 ) );
+    }
+    */
+
+    public void testKerberosNameSimpleWithRealm() throws Exception
+    {
+        KerberosPrincipal kp = new KerberosPrincipal( "abc@APACHE.ORG" );
+        List<String> names = KerberosUtils.getNames( kp );
+     
+        assertEquals( 1, names.size() );
+        assertEquals( "abc", names.get( 0 ) );
+    }
+    
+    public void testKerberosNameThree() throws Exception
+    {
+        KerberosPrincipal kp = new KerberosPrincipal( "abc/def/ghi" );
+        List<String> names = KerberosUtils.getNames( kp );
+     
+        assertEquals( 3, names.size() );
+        assertEquals( "abc", names.get( 0 ) );
+        assertEquals( "def", names.get( 1 ) );
+        assertEquals( "ghi", names.get( 2 ) );
+    }
+
+    public void testKerberosNameThreeWithRealm() throws Exception
+    {
+        KerberosPrincipal kp = new KerberosPrincipal( "abc/def/ghi@APACHE.ORG" );
+        List<String> names = KerberosUtils.getNames( kp );
+     
+        assertEquals( 3, names.size() );
+        assertEquals( "abc", names.get( 0 ) );
+        assertEquals( "def", names.get( 1 ) );
+        assertEquals( "ghi", names.get( 2 ) );
+    }
+
+    /**
+    public void testKerberosEndingSlash()
+    {
+        try
+        {
+            KerberosPrincipal kp = new KerberosPrincipal( "abc/def/ghi/" );
+            KerberosUtils.getNames( kp );
+            
+            // Should not reaxh this point
+            fail();
+        }
+        catch ( ParseException pe )
+        {
+            assertTrue( true );
+        }
+    }
+    
+    public void testKerberosEndingSlashWithRealm()
+    {
+        try
+        {
+            KerberosPrincipal kp = new KerberosPrincipal( "abc/def/ghi/@APACHE.ORG" );
+            KerberosUtils.getNames( kp );
+            
+            // Should not reaxh this point
+            fail();
+        }
+        catch ( ParseException pe )
+        {
+            assertTrue( true );
+        }
+    }
+    */
+}

Modified: directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/CipherTextHandlerTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/CipherTextHandlerTest.java?rev=578743&r1=578742&r2=578743&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/CipherTextHandlerTest.java (original)
+++ directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/crypto/encryption/CipherTextHandlerTest.java Mon Sep 24 03:18:05 2007
@@ -32,7 +32,7 @@
 
 import org.apache.directory.server.kerberos.shared.exceptions.KerberosException;
 import org.apache.directory.server.kerberos.shared.messages.value.EncryptedData;
-import org.apache.directory.server.kerberos.shared.messages.value.EncryptedTimeStamp;
+import org.apache.directory.server.kerberos.shared.messages.value.PreAuthEncryptedTimestamp;
 import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
 import org.apache.directory.server.kerberos.shared.messages.value.KerberosTime;
 
@@ -129,7 +129,7 @@
     public void testDesGoodPasswordDecrypt()
     {
         CipherTextHandler lockBox = new CipherTextHandler();
-        Class hint = EncryptedTimeStamp.class;
+        Class hint = PreAuthEncryptedTimestamp.class;
         KerberosPrincipal principal = new KerberosPrincipal( "erodriguez@EXAMPLE.COM" );
         KerberosKey kerberosKey = new KerberosKey( principal, "kerby".toCharArray(), "DES" );
         EncryptionKey key = new EncryptionKey( EncryptionType.DES_CBC_MD5, kerberosKey.getEncoded() );
@@ -137,7 +137,7 @@
 
         try
         {
-            EncryptedTimeStamp object = ( EncryptedTimeStamp ) lockBox.unseal( hint, key, data, KeyUsage.NUMBER1 );
+            PreAuthEncryptedTimestamp object = ( PreAuthEncryptedTimestamp ) lockBox.unseal( hint, key, data, KeyUsage.NUMBER1 );
             assertEquals( "TimeStamp", "20070322233107Z", object.getTimeStamp().toString() );
             assertEquals( "MicroSeconds", 291067, object.getMicroSeconds() );
         }
@@ -155,7 +155,7 @@
     public void testDesBadPasswordDecrypt()
     {
         CipherTextHandler lockBox = new CipherTextHandler();
-        Class hint = EncryptedTimeStamp.class;
+        Class hint = PreAuthEncryptedTimestamp.class;
         KerberosPrincipal principal = new KerberosPrincipal( "erodriguez@EXAMPLE.COM" );
         KerberosKey kerberosKey = new KerberosKey( principal, "badpassword".toCharArray(), "DES" );
         EncryptionKey key = new EncryptionKey( EncryptionType.DES_CBC_MD5, kerberosKey.getEncoded() );
@@ -181,7 +181,7 @@
     public void testTripleDesGoodPasswordDecrypt()
     {
         CipherTextHandler lockBox = new CipherTextHandler();
-        Class hint = EncryptedTimeStamp.class;
+        Class hint = PreAuthEncryptedTimestamp.class;
         KerberosPrincipal principal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
         String algorithm = VendorHelper.getTripleDesAlgorithm();
         KerberosKey kerberosKey = new KerberosKey( principal, "secret".toCharArray(), algorithm );
@@ -190,7 +190,7 @@
 
         try
         {
-            EncryptedTimeStamp object = ( EncryptedTimeStamp ) lockBox.unseal( hint, key, data, KeyUsage.NUMBER1 );
+            PreAuthEncryptedTimestamp object = ( PreAuthEncryptedTimestamp ) lockBox.unseal( hint, key, data, KeyUsage.NUMBER1 );
             assertEquals( "TimeStamp", "20070410190400Z", object.getTimeStamp().toString() );
             assertEquals( "MicroSeconds", 460450, object.getMicroSeconds() );
         }
@@ -218,7 +218,7 @@
 
         String zuluTime = "20070410190400Z";
         int microSeconds = 460450;
-        EncryptedTimeStamp encryptedTimeStamp = getEncryptedTimeStamp( zuluTime, microSeconds );
+        PreAuthEncryptedTimestamp encryptedTimeStamp = getEncryptedTimeStamp( zuluTime, microSeconds );
 
         EncryptedData encryptedData = null;
 
@@ -231,11 +231,11 @@
             fail( "Should not have caught exception." );
         }
 
-        Class hint = EncryptedTimeStamp.class;
+        Class hint = PreAuthEncryptedTimestamp.class;
 
         try
         {
-            EncryptedTimeStamp object = ( EncryptedTimeStamp ) lockBox.unseal( hint, key, encryptedData,
+            PreAuthEncryptedTimestamp object = ( PreAuthEncryptedTimestamp ) lockBox.unseal( hint, key, encryptedData,
                 KeyUsage.NUMBER1 );
             assertEquals( "TimeStamp", zuluTime, object.getTimeStamp().toString() );
             assertEquals( "MicroSeconds", microSeconds, object.getMicroSeconds() );
@@ -260,7 +260,7 @@
         }
 
         CipherTextHandler lockBox = new CipherTextHandler();
-        Class hint = EncryptedTimeStamp.class;
+        Class hint = PreAuthEncryptedTimestamp.class;
         KerberosPrincipal principal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
         KerberosKey kerberosKey = new KerberosKey( principal, "secret".toCharArray(), "AES128" );
         EncryptionKey key = new EncryptionKey( EncryptionType.AES128_CTS_HMAC_SHA1_96, kerberosKey.getEncoded() );
@@ -268,7 +268,7 @@
 
         try
         {
-            EncryptedTimeStamp object = ( EncryptedTimeStamp ) lockBox.unseal( hint, key, data, KeyUsage.NUMBER1 );
+            PreAuthEncryptedTimestamp object = ( PreAuthEncryptedTimestamp ) lockBox.unseal( hint, key, data, KeyUsage.NUMBER1 );
             assertEquals( "TimeStamp", "20070410212557Z", object.getTimeStamp().toString() );
             assertEquals( "MicroSeconds", 379386, object.getMicroSeconds() );
         }
@@ -300,7 +300,7 @@
 
         String zuluTime = "20070410190400Z";
         int microSeconds = 460450;
-        EncryptedTimeStamp encryptedTimeStamp = getEncryptedTimeStamp( zuluTime, microSeconds );
+        PreAuthEncryptedTimestamp encryptedTimeStamp = getEncryptedTimeStamp( zuluTime, microSeconds );
 
         EncryptedData encryptedData = null;
 
@@ -313,11 +313,11 @@
             fail( "Should not have caught exception." );
         }
 
-        Class hint = EncryptedTimeStamp.class;
+        Class hint = PreAuthEncryptedTimestamp.class;
 
         try
         {
-            EncryptedTimeStamp object = ( EncryptedTimeStamp ) lockBox.unseal( hint, key, encryptedData,
+            PreAuthEncryptedTimestamp object = ( PreAuthEncryptedTimestamp ) lockBox.unseal( hint, key, encryptedData,
                 KeyUsage.NUMBER1 );
             assertEquals( "TimeStamp", "20070410190400Z", object.getTimeStamp().toString() );
             assertEquals( "MicroSeconds", 460450, object.getMicroSeconds() );
@@ -342,7 +342,7 @@
         }
 
         CipherTextHandler lockBox = new CipherTextHandler();
-        Class hint = EncryptedTimeStamp.class;
+        Class hint = PreAuthEncryptedTimestamp.class;
 
         KerberosKey kerberosKey;
 
@@ -362,7 +362,7 @@
 
         try
         {
-            EncryptedTimeStamp object = ( EncryptedTimeStamp ) lockBox.unseal( hint, key, data, KeyUsage.NUMBER1 );
+            PreAuthEncryptedTimestamp object = ( PreAuthEncryptedTimestamp ) lockBox.unseal( hint, key, data, KeyUsage.NUMBER1 );
             assertEquals( "TimeStamp", "20070410212809Z", object.getTimeStamp().toString() );
             assertEquals( "MicroSeconds", 298294, object.getMicroSeconds() );
         }
@@ -406,7 +406,7 @@
 
         String zuluTime = "20070410190400Z";
         int microSeconds = 460450;
-        EncryptedTimeStamp encryptedTimeStamp = getEncryptedTimeStamp( zuluTime, microSeconds );
+        PreAuthEncryptedTimestamp encryptedTimeStamp = getEncryptedTimeStamp( zuluTime, microSeconds );
 
         EncryptedData encryptedData = null;
 
@@ -419,11 +419,11 @@
             fail( "Should not have caught exception." );
         }
 
-        Class hint = EncryptedTimeStamp.class;
+        Class hint = PreAuthEncryptedTimestamp.class;
 
         try
         {
-            EncryptedTimeStamp object = ( EncryptedTimeStamp ) lockBox.unseal( hint, key, encryptedData,
+            PreAuthEncryptedTimestamp object = ( PreAuthEncryptedTimestamp ) lockBox.unseal( hint, key, encryptedData,
                 KeyUsage.NUMBER1 );
             assertEquals( "TimeStamp", "20070410190400Z", object.getTimeStamp().toString() );
             assertEquals( "MicroSeconds", 460450, object.getMicroSeconds() );
@@ -435,7 +435,7 @@
     }
 
 
-    protected EncryptedTimeStamp getEncryptedTimeStamp( String zuluTime, int microSeconds ) throws ParseException
+    protected PreAuthEncryptedTimestamp getEncryptedTimeStamp( String zuluTime, int microSeconds ) throws ParseException
     {
         Date date = null;
         synchronized ( dateFormat )
@@ -445,7 +445,7 @@
 
         KerberosTime timeStamp = new KerberosTime( date );
 
-        return new EncryptedTimeStamp( timeStamp, microSeconds );
+        return new PreAuthEncryptedTimestamp( timeStamp, microSeconds );
     }
 
     /*

Added: directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/messages/AuthServerRequestTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/messages/AuthServerRequestTest.java?rev=578743&view=auto
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/messages/AuthServerRequestTest.java (added)
+++ directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/messages/AuthServerRequestTest.java Mon Sep 24 03:18:05 2007
@@ -0,0 +1,258 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.directory.server.kerberos.shared.messages;
+
+import java.nio.ByteBuffer;
+import java.text.ParseException;
+import java.text.SimpleDateFormat;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.List;
+
+import javax.security.auth.kerberos.KerberosPrincipal;
+
+import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
+import org.apache.directory.server.kerberos.shared.exceptions.KerberosException;
+import org.apache.directory.server.kerberos.shared.messages.components.Ticket;
+import org.apache.directory.server.kerberos.shared.messages.value.EncryptedData;
+import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
+import org.apache.directory.server.kerberos.shared.messages.value.HostAddress;
+import org.apache.directory.server.kerberos.shared.messages.value.HostAddresses;
+import org.apache.directory.server.kerberos.shared.messages.value.KerberosRequestBody;
+import org.apache.directory.server.kerberos.shared.messages.value.KerberosTime;
+import org.apache.directory.server.kerberos.shared.messages.value.PreAuthenticationData;
+import org.apache.directory.server.kerberos.shared.messages.value.PrincipalName;
+import org.apache.directory.server.kerberos.shared.messages.value.flags.KdcOption;
+import org.apache.directory.server.kerberos.shared.messages.value.flags.KdcOptions;
+import org.apache.directory.server.kerberos.shared.messages.value.types.HostAddressType;
+import org.apache.directory.server.kerberos.shared.messages.value.types.PreAuthenticationDataType;
+import org.apache.directory.server.kerberos.shared.messages.value.types.PrincipalNameType;
+import org.apache.directory.server.kerberos.shared.store.TicketFactory;
+import org.apache.directory.shared.ldap.util.StringTools;
+
+import junit.framework.TestCase;
+
+/**
+ * Test the AS-REQ encoding and decoding
+ * 
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public class AuthServerRequestTest extends TestCase
+{
+    private static Date date = null;
+    
+    static
+    {
+        try
+        {
+            date = new SimpleDateFormat( "yyyyMMddHHmmss'Z'" ).parse( "20070717114503Z" );
+        }
+        catch ( ParseException pe )
+        {
+            // Do nothing
+        }
+    }
+
+    private KerberosRequestBody getReqBody() throws ParseException, KerberosException
+    {
+        KerberosRequestBody krb = new KerberosRequestBody();
+        
+        // KdcOptions
+        KdcOptions kdcOptions = new KdcOptions();
+        kdcOptions.setFlag( KdcOption.FORWARDABLE );
+        kdcOptions.setFlag( KdcOption.PROXIABLE );
+        kdcOptions.setFlag( KdcOption.POSTDATED );
+        kdcOptions.setFlag( KdcOption.VALIDATE );
+        
+        krb.setKdcOptions( kdcOptions );
+        
+        // cName
+        PrincipalName cname = new PrincipalName( "test@APACHE.ORG", PrincipalNameType.KRB_NT_PRINCIPAL );
+        krb.setClientPrincipalName( cname );
+
+        // Realm
+        krb.setRealm( "APACHE.ORG" );
+        
+        // sName
+        PrincipalName sname = new PrincipalName( "server@APACHE.ORG", PrincipalNameType.KRB_NT_PRINCIPAL );
+        krb.setServerPrincipalName( sname );
+        
+        // from, till and renew
+        KerberosTime kerberosTime = new KerberosTime( date );
+        krb.setFrom( kerberosTime );
+        krb.setTill( kerberosTime );
+        krb.setRenewtime( kerberosTime );
+        
+        // nonce
+        krb.setNonce( 1000 );
+        
+        // EncryptionTypes
+        krb.addEncryptionType( EncryptionType.AES128_CTS_HMAC_SHA1_96 );
+        krb.addEncryptionType( EncryptionType.DES3_CBC_MD5 );
+        
+        // addresses
+        HostAddress[] ha = new HostAddress[]
+            { 
+                new HostAddress( HostAddressType.ADDRTYPE_INET, new byte[] { 0x01, 0x02, 0x03, 0x04 } ) 
+            };
+
+        HostAddresses addresses = new HostAddresses( ha );
+        krb.setAddresses( addresses );
+        
+        // encAuthorizationData
+        EncryptedData ed = new EncryptedData( EncryptionType.AES128_CTS_HMAC_SHA1_96, 1, new byte[]
+            { 0x01, 0x02, 0x03, 0x04 } );
+        krb.setEncAuthorizationData( ed );
+        
+        // additionalTickets
+        TicketFactory ticketFactory = new TicketFactory();
+
+        KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
+        KerberosPrincipal serverPrincipal = new KerberosPrincipal( "kadmin/changepw@EXAMPLE.COM" );
+        String serverPassword = "s3crEt";
+
+        EncryptionKey serverKey = ticketFactory.getServerKey( serverPrincipal, serverPassword );
+
+        Ticket serviceTicket = ticketFactory.getTicket( clientPrincipal, serverPrincipal, serverKey );
+        
+        krb.addAdditionalTicket( serviceTicket );
+        
+        return krb;
+    }
+    
+    public void testAuthServerRequestBase() throws Exception
+    {
+        PreAuthenticationData pad = new PreAuthenticationData( 
+            PreAuthenticationDataType.PA_ASF3_SALT, 
+            new byte[] { 0x01, 0x02, 0x03 } );
+        
+        List<PreAuthenticationData> paData = new ArrayList<PreAuthenticationData>();
+        paData.add(  pad  );
+        
+        AuthServerRequest asr = new AuthServerRequest( paData, getReqBody() );
+        
+        ByteBuffer encoded = asr.encode( null );
+        
+        byte[] expectedResult = new byte[]
+            {
+              0x6A, (byte)0x82, 0x01, (byte)0xD1,
+                0x30, (byte)0x82, 0x01, (byte)0xCD,
+                  (byte)0xA1, 0x03,
+                    0x02, 0x01, 0x05,
+                  (byte)0xA2, 0x03,
+                    0x02, 0x01, 0x0A,
+                  (byte)0xA3, 0x10,
+                    0x30, 0x0E,
+                      0x30, 0x0C, 
+                        (byte)0xA1, 0x03, 
+                          0x02, 0x01, 0x0A, 
+                        (byte)0xA2, 0x05, 
+                          0x04, 0x03, 
+                            0x01, 0x02, 0x03, 
+                  (byte)0xA4, (byte)0x82, 0x01, (byte)0xAD,
+                    0x30, (byte)0x82, 0x01, (byte)0xA9, 
+                      (byte)0xA0, 0x07, 
+                        0x03, 0x05, 
+                          0x00, (byte)0x52, 0x00, 0x00, 0x01,
+                      (byte)0xA1, 0x11,
+                        0x30, 0x0F, 
+                          (byte) 0xA0, 0x03, 
+                            0x02, 0x01, 0x01, 
+                          (byte) 0xA1, 0x08, 
+                            0x30, 0x06, 
+                              0x1B, 0x04, 
+                                't', 'e', 's', 't',
+                      (byte)0xA2,0x0C,
+                        0x1B, 0x0A,
+                          'A', 'P', 'A', 'C', 'H', 'E', '.', 'O', 'R', 'G',
+                      (byte)0xA3, 0x13,
+                        0x30, 0x11, 
+                          (byte) 0xA0, 0x03, 
+                            0x02, 0x01, 0x01, 
+                          (byte) 0xA1, 0x0A, 
+                            0x30, 0x08, 
+                              0x1B, 0x06, 
+                                's', 'e', 'r', 'v', 'e', 'r',
+                      (byte)0xA4, 0x11,
+                        0x18, 0x0F,
+                          '2', '0', '0', '7', '0', '7', '1', '7', '0', '9', '4', '5', '0', '3', 'Z',
+                      (byte)0xA5, 0x11,
+                        0x18, 0x0F,
+                          '2', '0', '0', '7', '0', '7', '1', '7', '0', '9', '4', '5', '0', '3', 'Z',
+                      (byte)0xA6, 0x11,
+                        0x18, 0x0F,
+                          '2', '0', '0', '7', '0', '7', '1', '7', '0', '9', '4', '5', '0', '3', 'Z',
+                      (byte)0xA7, 0x04,
+                        0x02, (byte)0x02, 0x03, (byte)0xE8,
+                      (byte)0xA8, 0x08,
+                        0x30, 0x06,
+                          0x02, 0x01, 0x11,
+                          0x02, 0x01, 0x05,
+                      (byte)0xA9, 0x11,
+                        0x30, 0x0F, 
+                          0x30, 0x0d, 
+                            (byte)0xA0, 0x03, 
+                              0x02, 0x01, 0x02, 
+                            (byte)0xA1, 0x06, 
+                              0x04, 0x04, 
+                                0x01, 0x02, 0x03, 0x04,
+                      (byte)0xAA, 0x14,
+                        0x30, 0x12, 
+                          (byte)0xA0, 0x03, 
+                            0x02, 0x01, 0x11, 
+                          (byte)0xA1, 0x03, 
+                            0x02, 0x01, 0x01, 
+                          (byte)0xA2, 0x06, 
+                            0x04, 0x04, 0x01, 0x02, 0x03, 0x04,
+                      (byte)0xAB, (byte)0x81, (byte)0xF5,
+                        0x30, (byte)0x81, (byte)0xF2,
+                          0x61, (byte)0x81, (byte)0xEF,
+                            0x30,  (byte)0x81, (byte)0xEC, 
+                              (byte)0xA0, 0x03,
+                                0x02, 0x01, 0x05,
+                              (byte)0xA1, 0x0D,
+                                0x1B, 0x0B, 
+                                  'E', 'X', 'A', 'M', 'P', 'L', 'E', '.', 'C', 'O', 'M',
+                              (byte)0xA2, 0x1D,
+                                0x30, 0x1B,
+                                  (byte)0xA0, 0x03, 
+                                    0x02, 0x01, 0x01, 
+                                  (byte)0xA1, 0x14, 
+                                    0x30, 0x12, 
+                                      0x1B, 0x06, 
+                                        'k', 'a', 'd', 'm', 'i', 'n',
+                                      0x1B, 0x08,
+                                        'c', 'h', 'a', 'n', 'g', 'e', 'p', 'w',
+                              (byte)0xA3, (byte)0x81, (byte)0xB6, 
+                                0x30, (byte)0x81, (byte)0xB3,
+                                  (byte)0xA0, 0x03,
+                                    0x02, 0x01, 0x03,
+                                  (byte)0xA2, (byte)0x81, (byte)0xAB,
+                                    0x04, (byte)0x81, (byte)0xA8
+                      
+            };
+
+        // We will just compared the first bytes (everyting before the encrypted data)
+        String expectedResultString = StringTools.dumpBytes( expectedResult );
+        String resultString = StringTools.dumpBytes( encoded.array() ).substring( 0,  expectedResultString.length() );
+        
+        assertEquals( expectedResultString, resultString );
+    }
+}

Added: directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/messages/KdcRequestTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/messages/KdcRequestTest.java?rev=578743&view=auto
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/messages/KdcRequestTest.java (added)
+++ directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/messages/KdcRequestTest.java Mon Sep 24 03:18:05 2007
@@ -0,0 +1,259 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.directory.server.kerberos.shared.messages;
+
+import java.nio.ByteBuffer;
+import java.text.ParseException;
+import java.text.SimpleDateFormat;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.List;
+
+import javax.security.auth.kerberos.KerberosPrincipal;
+
+import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
+import org.apache.directory.server.kerberos.shared.exceptions.KerberosException;
+import org.apache.directory.server.kerberos.shared.messages.components.Ticket;
+import org.apache.directory.server.kerberos.shared.messages.value.EncryptedData;
+import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
+import org.apache.directory.server.kerberos.shared.messages.value.HostAddress;
+import org.apache.directory.server.kerberos.shared.messages.value.HostAddresses;
+import org.apache.directory.server.kerberos.shared.messages.value.KerberosRequestBody;
+import org.apache.directory.server.kerberos.shared.messages.value.KerberosTime;
+import org.apache.directory.server.kerberos.shared.messages.value.PreAuthenticationData;
+import org.apache.directory.server.kerberos.shared.messages.value.PrincipalName;
+import org.apache.directory.server.kerberos.shared.messages.value.flags.KdcOption;
+import org.apache.directory.server.kerberos.shared.messages.value.flags.KdcOptions;
+import org.apache.directory.server.kerberos.shared.messages.value.types.HostAddressType;
+import org.apache.directory.server.kerberos.shared.messages.value.types.PreAuthenticationDataType;
+import org.apache.directory.server.kerberos.shared.messages.value.types.PrincipalNameType;
+import org.apache.directory.server.kerberos.shared.store.TicketFactory;
+import org.apache.directory.shared.ldap.util.StringTools;
+
+import junit.framework.TestCase;
+
+/**
+ * Test the KdcRequest encoding and decoding
+ * 
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public class KdcRequestTest extends TestCase
+{
+    private static Date date = null;
+    
+    static
+    {
+        try
+        {
+            date = new SimpleDateFormat( "yyyyMMddHHmmss'Z'" ).parse( "20070717114503Z" );
+        }
+        catch ( ParseException pe )
+        {
+            // Do nothing
+        }
+    }
+
+    private KerberosRequestBody getReqBody() throws ParseException, KerberosException
+    {
+        KerberosRequestBody krb = new KerberosRequestBody();
+        
+        // KdcOptions
+        KdcOptions kdcOptions = new KdcOptions();
+        kdcOptions.setFlag( KdcOption.FORWARDABLE );
+        kdcOptions.setFlag( KdcOption.PROXIABLE );
+        kdcOptions.setFlag( KdcOption.POSTDATED );
+        kdcOptions.setFlag( KdcOption.VALIDATE );
+        
+        krb.setKdcOptions( kdcOptions );
+        
+        // cName
+        PrincipalName cname = new PrincipalName( "test@APACHE.ORG", PrincipalNameType.KRB_NT_PRINCIPAL );
+        krb.setClientPrincipalName( cname );
+
+        // Realm
+        krb.setRealm( "APACHE.ORG" );
+        
+        // sName
+        PrincipalName sname = new PrincipalName( "server@APACHE.ORG", PrincipalNameType.KRB_NT_PRINCIPAL );
+        krb.setServerPrincipalName( sname );
+        
+        // from, till and renew
+        KerberosTime kerberosTime = new KerberosTime( date );
+        krb.setFrom( kerberosTime );
+        krb.setTill( kerberosTime );
+        krb.setRenewtime( kerberosTime );
+        
+        // nonce
+        krb.setNonce( 1000 );
+        
+        // EncryptionTypes
+        krb.addEncryptionType( EncryptionType.AES128_CTS_HMAC_SHA1_96 );
+        krb.addEncryptionType( EncryptionType.DES3_CBC_MD5 );
+        
+        // addresses
+        HostAddress[] ha = new HostAddress[]
+            { 
+                new HostAddress( HostAddressType.ADDRTYPE_INET, new byte[] { 0x01, 0x02, 0x03, 0x04 } ) 
+            };
+
+        HostAddresses addresses = new HostAddresses( ha );
+        krb.setAddresses( addresses );
+        
+        // encAuthorizationData
+        EncryptedData ed = new EncryptedData( EncryptionType.AES128_CTS_HMAC_SHA1_96, 1, new byte[]
+            { 0x01, 0x02, 0x03, 0x04 } );
+        krb.setEncAuthorizationData( ed );
+        
+        // additionalTickets
+        TicketFactory ticketFactory = new TicketFactory();
+
+        KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
+        KerberosPrincipal serverPrincipal = new KerberosPrincipal( "kadmin/changepw@EXAMPLE.COM" );
+        String serverPassword = "s3crEt";
+
+        EncryptionKey serverKey = ticketFactory.getServerKey( serverPrincipal, serverPassword );
+
+        Ticket serviceTicket = ticketFactory.getTicket( clientPrincipal, serverPrincipal, serverKey );
+        
+        krb.addAdditionalTicket( serviceTicket );
+        
+        return krb;
+    }
+    
+    public void testKdcRequestBase() throws Exception
+    {
+        PreAuthenticationData pad = new PreAuthenticationData( 
+            PreAuthenticationDataType.PA_ASF3_SALT, 
+            new byte[] { 0x01, 0x02, 0x03 } );
+        
+        List<PreAuthenticationData> paData = new ArrayList<PreAuthenticationData>();
+        paData.add(  pad  );
+        
+        KdcRequest kr = new KdcRequest( MessageType.KRB_AS_REQ, paData, getReqBody() );
+        
+        ByteBuffer encoded = ByteBuffer.allocate( kr.computeLength() );
+        
+        kr.encode( encoded );
+        
+        byte[] expectedResult = new byte[]
+            {
+                0x30, (byte)0x82, 0x01, (byte)0xCD,
+                  (byte)0xA1, 0x03,
+                    0x02, 0x01, 0x05,
+                  (byte)0xA2, 0x03,
+                    0x02, 0x01, 0x0A,
+                  (byte)0xA3, 0x10,
+                    0x30, 0x0E,
+                      0x30, 0x0C, 
+                        (byte)0xA1, 0x03, 
+                          0x02, 0x01, 0x0A, 
+                        (byte)0xA2, 0x05, 
+                          0x04, 0x03, 
+                            0x01, 0x02, 0x03, 
+                  (byte)0xA4, (byte)0x82, 0x01, (byte)0xAD,
+                    0x30, (byte)0x82, 0x01, (byte)0xA9, 
+                      (byte)0xA0, 0x07, 
+                        0x03, 0x05, 
+                          0x00, (byte)0x52, 0x00, 0x00, 0x01,
+                      (byte)0xA1, 0x11,
+                        0x30, 0x0F, 
+                          (byte) 0xA0, 0x03, 
+                            0x02, 0x01, 0x01, 
+                          (byte) 0xA1, 0x08, 
+                            0x30, 0x06, 
+                              0x1B, 0x04, 
+                                't', 'e', 's', 't',
+                      (byte)0xA2,0x0C,
+                        0x1B, 0x0A,
+                          'A', 'P', 'A', 'C', 'H', 'E', '.', 'O', 'R', 'G',
+                      (byte)0xA3, 0x13,
+                        0x30, 0x11, 
+                          (byte) 0xA0, 0x03, 
+                            0x02, 0x01, 0x01, 
+                          (byte) 0xA1, 0x0A, 
+                            0x30, 0x08, 
+                              0x1B, 0x06, 
+                                's', 'e', 'r', 'v', 'e', 'r',
+                      (byte)0xA4, 0x11,
+                        0x18, 0x0F,
+                          '2', '0', '0', '7', '0', '7', '1', '7', '0', '9', '4', '5', '0', '3', 'Z',
+                      (byte)0xA5, 0x11,
+                        0x18, 0x0F,
+                          '2', '0', '0', '7', '0', '7', '1', '7', '0', '9', '4', '5', '0', '3', 'Z',
+                      (byte)0xA6, 0x11,
+                        0x18, 0x0F,
+                          '2', '0', '0', '7', '0', '7', '1', '7', '0', '9', '4', '5', '0', '3', 'Z',
+                      (byte)0xA7, 0x04,
+                        0x02, (byte)0x02, 0x03, (byte)0xE8,
+                      (byte)0xA8, 0x08,
+                        0x30, 0x06,
+                          0x02, 0x01, 0x11,
+                          0x02, 0x01, 0x05,
+                      (byte)0xA9, 0x11,
+                        0x30, 0x0F, 
+                          0x30, 0x0d, 
+                            (byte)0xA0, 0x03, 
+                              0x02, 0x01, 0x02, 
+                            (byte)0xA1, 0x06, 
+                              0x04, 0x04, 
+                                0x01, 0x02, 0x03, 0x04,
+                      (byte)0xAA, 0x14,
+                        0x30, 0x12, 
+                          (byte)0xA0, 0x03, 
+                            0x02, 0x01, 0x11, 
+                          (byte)0xA1, 0x03, 
+                            0x02, 0x01, 0x01, 
+                          (byte)0xA2, 0x06, 
+                            0x04, 0x04, 0x01, 0x02, 0x03, 0x04,
+                      (byte)0xAB, (byte)0x81, (byte)0xF5,
+                        0x30, (byte)0x81, (byte)0xF2,
+                          0x61, (byte)0x81, (byte)0xEF,
+                            0x30,  (byte)0x81, (byte)0xEC, 
+                              (byte)0xA0, 0x03,
+                                0x02, 0x01, 0x05,
+                              (byte)0xA1, 0x0D,
+                                0x1B, 0x0B, 
+                                  'E', 'X', 'A', 'M', 'P', 'L', 'E', '.', 'C', 'O', 'M',
+                              (byte)0xA2, 0x1D,
+                                0x30, 0x1B,
+                                  (byte)0xA0, 0x03, 
+                                    0x02, 0x01, 0x01, 
+                                  (byte)0xA1, 0x14, 
+                                    0x30, 0x12, 
+                                      0x1B, 0x06, 
+                                        'k', 'a', 'd', 'm', 'i', 'n',
+                                      0x1B, 0x08,
+                                        'c', 'h', 'a', 'n', 'g', 'e', 'p', 'w',
+                              (byte)0xA3, (byte)0x81, (byte)0xB6, 
+                                0x30, (byte)0x81, (byte)0xB3,
+                                  (byte)0xA0, 0x03,
+                                    0x02, 0x01, 0x03,
+                                  (byte)0xA2, (byte)0x81, (byte)0xAB,
+                                    0x04, (byte)0x81, (byte)0xA8
+                      
+            };
+
+        // We will just compared the first bytes (everyting before the encrypted data)
+        String expectedResultString = StringTools.dumpBytes( expectedResult );
+        String resultString = StringTools.dumpBytes( encoded.array() ).substring( 0,  expectedResultString.length() );
+        
+        assertEquals( expectedResultString, resultString );
+    }
+}

Added: directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/messages/KerberosCredTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/messages/KerberosCredTest.java?rev=578743&view=auto
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/messages/KerberosCredTest.java (added)
+++ directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/messages/KerberosCredTest.java Mon Sep 24 03:18:05 2007
@@ -0,0 +1,92 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.directory.server.kerberos.shared.messages;
+
+import java.nio.ByteBuffer;
+import java.util.Arrays;
+
+import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
+import org.apache.directory.server.kerberos.shared.messages.value.EncryptedData;
+import org.apache.directory.shared.asn1.codec.EncoderException;
+import org.apache.directory.shared.ldap.util.StringTools;
+
+import junit.framework.TestCase;
+
+/**
+ * Test the KRB-CRED encoding and decoding
+ * 
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public class KerberosCredTest extends TestCase
+{
+    public void testKrbCredBaseNoTicket() throws Exception
+    {
+        KerberosCred kc = new KerberosCred();
+        
+        EncryptedData ed = new EncryptedData( 
+            EncryptionType.AES128_CTS_HMAC_SHA1_96, 1, 
+            new byte[] { 0x01, 0x02, 0x03, 0x04 } );
+        
+        kc.setEncPart( ed );
+        
+        ByteBuffer encoded = ByteBuffer.allocate( kc.computeLength() );
+        
+        kc.encode( encoded );
+        
+        byte[] expectedResult = new byte[]
+            {
+              0x72, 0x26,
+                0x30, 0x24,
+                  (byte)0xA0, 0x03,
+                    0x02, 0x01, 0x05,
+                  (byte)0xA1, 0x03,
+                    0x02, 0x01, 0x16,
+                  (byte)0xA2, 0x02,
+                    0x30, 0x00,
+                  (byte)0xA3, 0x14,
+                    0x30, 0x12, 
+                    (byte)0xA0, 0x03, 
+                      0x02, 0x01, 0x11, 
+                    (byte)0xA1, 0x03, 
+                      0x02, 0x01, 0x01, 
+                    (byte)0xA2, 0x06, 
+                      0x04, 0x04, 0x01, 0x02, 0x03, 0x04 
+            };
+
+        assertEquals( StringTools.dumpBytes( expectedResult ), StringTools.dumpBytes( encoded.array() ) );
+        assertTrue( Arrays.equals( expectedResult, encoded.array() ) );
+    }
+
+
+    public void testKrbNoEncryptedData() throws Exception
+    {
+        KerberosPriv kp = new KerberosPriv();
+        
+        try
+        {
+            kp.encode( null );
+            fail(); // We should not reach this point : null enc-part is not allowed
+        }
+        catch ( EncoderException ee )
+        {
+            assertTrue( true );
+        }
+    }
+}



Mime
View raw message