Return-Path: Delivered-To: apmail-directory-commits-archive@www.apache.org Received: (qmail 10528 invoked from network); 6 Nov 2010 15:10:47 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 6 Nov 2010 15:10:47 -0000 Received: (qmail 96197 invoked by uid 500); 6 Nov 2010 15:11:18 -0000 Delivered-To: apmail-directory-commits-archive@directory.apache.org Received: (qmail 96136 invoked by uid 500); 6 Nov 2010 15:11:17 -0000 Mailing-List: contact commits-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@directory.apache.org Delivered-To: mailing list commits@directory.apache.org Received: (qmail 96129 invoked by uid 99); 6 Nov 2010 15:11:16 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 06 Nov 2010 15:11:16 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 06 Nov 2010 15:11:13 +0000 Received: by eris.apache.org (Postfix, from userid 65534) id 803822388978; Sat, 6 Nov 2010 15:09:57 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1032092 - in /directory/apacheds/trunk/kerberos-codec/src: main/java/org/apache/directory/shared/kerberos/ main/java/org/apache/directory/shared/kerberos/codec/principalName/actions/ test/java/org/apache/directory/shared/kerberos/codec/ Date: Sat, 06 Nov 2010 15:09:57 -0000 To: commits@directory.apache.org From: elecharny@apache.org X-Mailer: svnmailer-1.0.8 Message-Id: <20101106150957.803822388978@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: elecharny Date: Sat Nov 6 15:09:57 2010 New Revision: 1032092 URL: http://svn.apache.org/viewvc?rev=1032092&view=rev Log: o Added tests for wrong PrincipalName o KerberosString should be ASCII only, with no control. Modified: directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/KerberosUtils.java directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/codec/principalName/actions/PrincipalNameNameString.java directory/apacheds/trunk/kerberos-codec/src/test/java/org/apache/directory/shared/kerberos/codec/PrincipalNameDecoderTest.java Modified: directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/KerberosUtils.java URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/KerberosUtils.java?rev=1032092&r1=1032091&r2=1032092&view=diff ============================================================================== --- directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/KerberosUtils.java (original) +++ directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/KerberosUtils.java Sat Nov 6 15:09:57 2010 @@ -274,6 +274,25 @@ public class KerberosUtils return sb.toString(); } + + + public static boolean isKerberosString( byte[] value ) + { + if ( value == null ) + { + return false; + } + + for ( byte b : value ) + { + if ( ( b < 0x20 ) || ( b > 0x7E ) ) + { + return false; + } + } + + return true; + } /** Modified: directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/codec/principalName/actions/PrincipalNameNameString.java URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/codec/principalName/actions/PrincipalNameNameString.java?rev=1032092&r1=1032091&r2=1032092&view=diff ============================================================================== --- directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/codec/principalName/actions/PrincipalNameNameString.java (original) +++ directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/codec/principalName/actions/PrincipalNameNameString.java Sat Nov 6 15:09:57 2010 @@ -26,6 +26,7 @@ import org.apache.directory.shared.asn1. import org.apache.directory.shared.asn1.ber.tlv.Value; import org.apache.directory.shared.asn1.codec.DecoderException; import org.apache.directory.shared.i18n.I18n; +import org.apache.directory.shared.kerberos.KerberosUtils; import org.apache.directory.shared.kerberos.codec.KerberosMessageGrammar; import org.apache.directory.shared.kerberos.codec.principalName.PrincipalNameContainer; import org.apache.directory.shared.kerberos.components.PrincipalName; @@ -79,14 +80,26 @@ public class PrincipalNameNameString ext PrincipalName principalName = principalNameContainer.getPrincipalName(); Value value = tlv.getValue(); - String nameString = StringTools.utf8ToString( value.getData() ); - - principalName.addName( nameString ); - principalNameContainer.setGrammarEndAllowed( true ); - if ( IS_DEBUG ) + // The PrincipalName must be pure ASCII witout any control character + if ( KerberosUtils.isKerberosString( value.getData() ) ) + { + String nameString = StringTools.utf8ToString( value.getData() ); + + principalName.addName( nameString ); + principalNameContainer.setGrammarEndAllowed( true ); + + if ( IS_DEBUG ) + { + LOG.debug( "PrincipalName String : {}", nameString ); + } + } + else { - LOG.debug( "PrincipalName String : {}", nameString ); + LOG.error( I18n.err( I18n.ERR_04066 ) ); + + // This will generate a PROTOCOL_ERROR + throw new DecoderException( I18n.err( I18n.ERR_04067 ) ); } } } Modified: directory/apacheds/trunk/kerberos-codec/src/test/java/org/apache/directory/shared/kerberos/codec/PrincipalNameDecoderTest.java URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-codec/src/test/java/org/apache/directory/shared/kerberos/codec/PrincipalNameDecoderTest.java?rev=1032092&r1=1032091&r2=1032092&view=diff ============================================================================== --- directory/apacheds/trunk/kerberos-codec/src/test/java/org/apache/directory/shared/kerberos/codec/PrincipalNameDecoderTest.java (original) +++ directory/apacheds/trunk/kerberos-codec/src/test/java/org/apache/directory/shared/kerberos/codec/PrincipalNameDecoderTest.java Sat Nov 6 15:09:57 2010 @@ -31,6 +31,7 @@ import org.apache.directory.junit.tools. import org.apache.directory.shared.asn1.ber.Asn1Container; import org.apache.directory.shared.asn1.ber.Asn1Decoder; import org.apache.directory.shared.asn1.codec.DecoderException; +import org.apache.directory.shared.asn1.codec.EncoderException; import org.apache.directory.shared.kerberos.codec.principalName.PrincipalNameContainer; import org.apache.directory.shared.kerberos.components.PrincipalName; import org.apache.directory.shared.kerberos.components.PrincipalNameType; @@ -47,9 +48,6 @@ import org.junit.runner.RunWith; @Concurrent() public class PrincipalNameDecoderTest { - /** The encoder instance */ - //LdapEncoder encoder = new LdapEncoder(); - /** * Test the decoding of a PrincipalName */ @@ -84,7 +82,6 @@ public class PrincipalNameDecoderTest } catch ( DecoderException de ) { - de.printStackTrace(); fail( de.getMessage() ); } @@ -96,24 +93,247 @@ public class PrincipalNameDecoderTest assertTrue( principalName.getNames().contains( "hnelson2" ) ); assertTrue( principalName.getNames().contains( "hnelson3" ) ); - /* // Check the encoding + ByteBuffer bb = ByteBuffer.allocate( principalName.computeLength() ); + try { - ByteBuffer bb = encoder.encodeMessage( bindRequest ); - + bb = principalName.encode( bb ); + // Check the length - assertEquals( 0x35, bb.limit() ); - + assertEquals( 0x29, bb.limit() ); + String encodedPdu = StringTools.dumpBytes( bb.array() ); - + assertEquals( encodedPdu, decodedPdu ); } catch ( EncoderException ee ) { - ee.printStackTrace(); - fail( ee.getMessage() ); + fail(); } - */ + } + + + /** + * Test the decoding of a PrincipalName with nothing in it + */ + @Test( expected = DecoderException.class) + public void testPrincipalNameEmpty() throws DecoderException + { + Asn1Decoder kerberosDecoder = new Asn1Decoder(); + + ByteBuffer stream = ByteBuffer.allocate( 0x02 ); + + stream.put( new byte[] + { 0x30, 0x00 } ); + + stream.flip(); + + // Allocate a PrincipalName Container + Asn1Container principalNameContainer = new PrincipalNameContainer(); + + // Decode the PrincipalName PDU + kerberosDecoder.decode( stream, principalNameContainer ); + fail(); + } + + + /** + * Test the decoding of a PrincipalName with no type + */ + @Test( expected = DecoderException.class) + public void testPrincipalNameNoType() throws DecoderException + { + Asn1Decoder kerberosDecoder = new Asn1Decoder(); + + ByteBuffer stream = ByteBuffer.allocate( 0x04 ); + + stream.put( new byte[] + { 0x30, 0x02, + (byte)0xA0, 0x00 // name-type + } ); + + stream.flip(); + + // Allocate a PrincipalName Container + Asn1Container principalNameContainer = new PrincipalNameContainer(); + + // Decode the PrincipalName PDU + kerberosDecoder.decode( stream, principalNameContainer ); + fail(); + } + + + /** + * Test the decoding of a PrincipalName with an empty type + */ + @Test( expected = DecoderException.class) + public void testPrincipalNameEmptyType() throws DecoderException + { + Asn1Decoder kerberosDecoder = new Asn1Decoder(); + + ByteBuffer stream = ByteBuffer.allocate( 0x0B ); + + stream.put( new byte[] + { 0x30, 0x04, + (byte)0xA0, 0x03, // name-type + 0x02, 0x00 // NT-PRINCIPAL + } ); + + stream.flip(); + + // Allocate a PrincipalName Container + Asn1Container principalNameContainer = new PrincipalNameContainer(); + + // Decode the PrincipalName PDU + kerberosDecoder.decode( stream, principalNameContainer ); + fail(); + } + + + /** + * Test the decoding of a PrincipalName with a wrong type + */ + @Test( expected = DecoderException.class) + public void testPrincipalNameBadType() throws DecoderException + { + Asn1Decoder kerberosDecoder = new Asn1Decoder(); + + ByteBuffer stream = ByteBuffer.allocate( 0x0B ); + + stream.put( new byte[] + { 0x30, 0x09, + (byte)0xA0, 0x03, // name-type + 0x02, 0x01, 0x7F, // NT-PRINCIPAL + (byte)0xA1, 0x02, // name-string + 0x30, 0x00 + } ); + + stream.flip(); + + // Allocate a PrincipalName Container + Asn1Container principalNameContainer = new PrincipalNameContainer(); + + // Decode the PrincipalName PDU + kerberosDecoder.decode( stream, principalNameContainer ); + fail(); + } + + + /** + * Test the decoding of a PrincipalName with an empty name + */ + @Test( expected = DecoderException.class) + public void testPrincipalNameEmptyName() throws DecoderException + { + Asn1Decoder kerberosDecoder = new Asn1Decoder(); + + ByteBuffer stream = ByteBuffer.allocate( 0x09 ); + + stream.put( new byte[] + { 0x30, 0x07, + (byte)0xA0, 0x03, // name-type + 0x02, 0x01, 0x01, // NT-PRINCIPAL + (byte)0xA1, 0x00 // name-string + } ); + + stream.flip(); + + // Allocate a PrincipalName Container + Asn1Container principalNameContainer = new PrincipalNameContainer(); + + // Decode the PrincipalName PDU + kerberosDecoder.decode( stream, principalNameContainer ); + fail(); + } + + + /** + * Test the decoding of a PrincipalName with no name + */ + @Test( expected = DecoderException.class) + public void testPrincipalNameNoName() throws DecoderException + { + Asn1Decoder kerberosDecoder = new Asn1Decoder(); + + ByteBuffer stream = ByteBuffer.allocate( 0x0B ); + + stream.put( new byte[] + { 0x30, 0x09, + (byte)0xA0, 0x03, // name-type + 0x02, 0x01, 0x01, // NT-PRINCIPAL + (byte)0xA1, 0x02, // name-string + 0x30, 0x00 + } ); + + stream.flip(); + + // Allocate a PrincipalName Container + Asn1Container principalNameContainer = new PrincipalNameContainer(); + + // Decode the PrincipalName PDU + kerberosDecoder.decode( stream, principalNameContainer ); + fail(); + } + + + /** + * Test the decoding of a PrincipalName + */ + @Test( expected = DecoderException.class ) + public void testPrincipalNameBadName() throws DecoderException + { + Asn1Decoder kerberosDecoder = new Asn1Decoder(); + + ByteBuffer stream = ByteBuffer.allocate( 0x0D ); + + stream.put( new byte[] + { 0x30, 0x0B, + (byte)0xA0, 0x03, // name-type + 0x02, 0x01, 0x01, // NT-PRINCIPAL + (byte)0xA1, 0x04, // name-string + 0x30, 0x02, + 0x1B, 0x00 + } ); + + stream.flip(); + + // Allocate a PrincipalName Container + Asn1Container principalNameContainer = new PrincipalNameContainer(); + + // Decode the PrincipalName PDU + kerberosDecoder.decode( stream, principalNameContainer ); + fail(); + } + + + /** + * Test the decoding of a PrincipalName + */ + @Test( expected = DecoderException.class ) + public void testPrincipalNameBadName2() throws DecoderException + { + Asn1Decoder kerberosDecoder = new Asn1Decoder(); + + ByteBuffer stream = ByteBuffer.allocate( 0x29 ); + + stream.put( new byte[] + { 0x30, 0x27, + (byte)0xA0, 0x03, // name-type + 0x02, 0x01, 0x01, // NT-PRINCIPAL + (byte)0xA1, 0x20, // name-string + 0x30, 0x1E, + 0x1B, 0x08, 'h', 'n', 'e', 'l', 's', 'o', 'n', '1', + 0x1B, 0x08, 'h', 'n', 'e', '\r', 's', 'o', 'n', '2', + 0x1B, 0x08, 'h', 'n', 'e', 'l', 's', 'o', 'n', '3', + } ); + + stream.flip(); + + // Allocate a PrincipalName Container + Asn1Container principalNameContainer = new PrincipalNameContainer(); + + // Decode the PrincipalName PDU + kerberosDecoder.decode( stream, principalNameContainer ); } }