directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kayyag...@apache.org
Subject svn commit: r1043355 - in /directory/sandbox/kayyagari/kerberos-client: ./ src/ src/main/ src/main/java/ src/main/java/org/ src/main/java/org/apache/ src/main/java/org/apache/directory/ src/main/java/org/apache/directory/kerberos/ src/main/java/org/apa...
Date Wed, 08 Dec 2010 11:08:23 GMT
Author: kayyagari
Date: Wed Dec  8 11:08:22 2010
New Revision: 1043355

URL: http://svn.apache.org/viewvc?rev=1043355&view=rev
Log:
o first commit of the brand new kerberos client using the kerberos-codec

Added:
    directory/sandbox/kayyagari/kerberos-client/
    directory/sandbox/kayyagari/kerberos-client/pom.xml
    directory/sandbox/kayyagari/kerberos-client/src/
    directory/sandbox/kayyagari/kerberos-client/src/main/
    directory/sandbox/kayyagari/kerberos-client/src/main/java/
    directory/sandbox/kayyagari/kerberos-client/src/main/java/org/
    directory/sandbox/kayyagari/kerberos-client/src/main/java/org/apache/
    directory/sandbox/kayyagari/kerberos-client/src/main/java/org/apache/directory/
    directory/sandbox/kayyagari/kerberos-client/src/main/java/org/apache/directory/kerberos/
    directory/sandbox/kayyagari/kerberos-client/src/main/java/org/apache/directory/kerberos/client/
    directory/sandbox/kayyagari/kerberos-client/src/main/java/org/apache/directory/kerberos/client/ClientRequestOptions.java
    directory/sandbox/kayyagari/kerberos-client/src/main/java/org/apache/directory/kerberos/client/KerberosConnection.java
    directory/sandbox/kayyagari/kerberos-client/src/main/java/org/apache/directory/kerberos/client/ReplyFuture.java
    directory/sandbox/kayyagari/kerberos-client/src/test/
    directory/sandbox/kayyagari/kerberos-client/src/test/java/
    directory/sandbox/kayyagari/kerberos-client/src/test/java/org/
    directory/sandbox/kayyagari/kerberos-client/src/test/java/org/apache/
    directory/sandbox/kayyagari/kerberos-client/src/test/java/org/apache/directory/
    directory/sandbox/kayyagari/kerberos-client/src/test/java/org/apache/directory/kerberos/
    directory/sandbox/kayyagari/kerberos-client/src/test/java/org/apache/directory/kerberos/client/
    directory/sandbox/kayyagari/kerberos-client/src/test/java/org/apache/directory/kerberos/client/KerberosConnectionTest.java
    directory/sandbox/kayyagari/kerberos-client/src/test/resources/
    directory/sandbox/kayyagari/kerberos-client/src/test/resources/log4j.properties

Added: directory/sandbox/kayyagari/kerberos-client/pom.xml
URL: http://svn.apache.org/viewvc/directory/sandbox/kayyagari/kerberos-client/pom.xml?rev=1043355&view=auto
==============================================================================
--- directory/sandbox/kayyagari/kerberos-client/pom.xml (added)
+++ directory/sandbox/kayyagari/kerberos-client/pom.xml Wed Dec  8 11:08:22 2010
@@ -0,0 +1,60 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+  <parent>
+    <groupId>org.apache.directory.server</groupId>
+    <artifactId>apacheds-parent</artifactId>
+    <version>1.5.8-SNAPSHOT</version>
+  </parent>
+  
+  <groupId>org.apache.directory.kerberos.client</groupId>
+  <artifactId>kerberos-client</artifactId>
+  <version>1.5.8-SNAPSHOT</version>
+  <name>kerberos-client</name>
+  <description>A kerberos client implementation using new codec</description>
+  
+  <properties>
+     <server.version>1.5.8-SNAPSHOT</server.version>
+  </properties>
+  <dependencies>
+    <dependency>
+      <groupId>org.apache.directory.junit</groupId>
+      <artifactId>junit-addons</artifactId>
+      <scope>test</scope>
+    </dependency>
+  
+    <dependency>
+      <groupId>org.apache.directory.server</groupId>
+      <artifactId>apacheds-kerberos-codec</artifactId>
+      <version>${server.version}</version>
+    </dependency>
+  
+    <dependency>
+      <groupId>org.apache.directory.server</groupId>
+      <artifactId>apacheds-core-annotations</artifactId>
+      <version>${server.version}</version>
+      <scope>test</scope>
+    </dependency>
+    
+    <dependency>
+      <groupId>org.apache.directory.server</groupId>
+      <artifactId>apacheds-server-annotations</artifactId>
+      <version>${server.version}</version>
+      <scope>test</scope>
+    </dependency>
+    
+    <dependency>
+      <groupId>org.apache.directory.server</groupId>
+      <artifactId>apacheds-test-framework</artifactId>
+      <version>${server.version}</version>
+      <scope>test</scope>
+    </dependency>
+    
+    <dependency>
+      <groupId>org.apache.directory.server</groupId>
+      <artifactId>apacheds-interceptor-kerberos</artifactId>
+      <version>${server.version}</version>
+      <scope>test</scope>
+    </dependency>
+  
+  </dependencies>
+</project>

Added: directory/sandbox/kayyagari/kerberos-client/src/main/java/org/apache/directory/kerberos/client/ClientRequestOptions.java
URL: http://svn.apache.org/viewvc/directory/sandbox/kayyagari/kerberos-client/src/main/java/org/apache/directory/kerberos/client/ClientRequestOptions.java?rev=1043355&view=auto
==============================================================================
--- directory/sandbox/kayyagari/kerberos-client/src/main/java/org/apache/directory/kerberos/client/ClientRequestOptions.java
(added)
+++ directory/sandbox/kayyagari/kerberos-client/src/main/java/org/apache/directory/kerberos/client/ClientRequestOptions.java
Wed Dec  8 11:08:22 2010
@@ -0,0 +1,407 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.directory.kerberos.client;
+
+
+import java.net.InetAddress;
+import java.util.Date;
+import java.util.HashSet;
+import java.util.LinkedHashSet;
+import java.util.Set;
+
+import org.apache.directory.shared.kerberos.codec.types.EncryptionType;
+
+
+/**
+ * Parameters for controlling a connection to a Kerberos server (KDC).
+ * 
+ * 3.1.1.  Generation of KRB_AS_REQ Message
+ * 
+ * The client may specify a number of options in the initial request.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev$, $Date$
+ */
+public class ClientRequestOptions
+{
+    /** The number of milliseconds in a minute. */
+    public static final int MINUTE = 60000;
+
+    /** The number of milliseconds in a day. */
+    public static final int DAY = MINUTE * 1440;
+
+    /** The number of milliseconds in a week. */
+    public static final int WEEK = MINUTE * 10080;
+
+    /** The allowed clock skew. */
+    private long allowedClockSkew = 5 * MINUTE;
+
+    /** Whether pre-authentication by encrypted timestamp is used. */
+    private boolean usePaEncTimestamp = true;
+
+    /** Whether forwardable addresses are allowed. */
+    private boolean isForwardable = false;
+
+    /** Whether proxiable addresses are allowed. */
+    private boolean isProxiable = false;
+
+    /** Whether the request is for a proxy ticket. */
+    private boolean isProxy = false;
+
+    /** Whether the request is for a forwarded ticket. */
+    private boolean isForwarded = false;
+
+    /** The encryption types. */
+    private Set<EncryptionType> encryptionTypes = new LinkedHashSet<EncryptionType>();
+
+    /** The client addresses. */
+    private Set<InetAddress> clientAddresses;
+
+    /** The UDP preference limit. */
+    private int udpPreferenceLimit = 1500;
+
+    /** The ticket lifetime. */
+    private long lifeTime = DAY;
+
+    /** The ticket start time. */
+    private Date startTime;
+
+    /** The renewable lifetime. */
+    private long renewableLifetime;
+
+    /** Whether to allow postdating of derivative tickets. */
+    private boolean isAllowPostdate;
+
+    /**
+     * Whether a renewable ticket will be accepted in lieu of a non-renewable ticket if the
+     * requested ticket expiration date cannot be satisfied by a non-renewable ticket (due
to
+     * configuration constraints).
+     */
+    private boolean isRenewableOk;
+
+
+    /**
+     * Creates a new instance of KdcControls.
+     */
+    public ClientRequestOptions()
+    {
+        encryptionTypes.add( EncryptionType.DES_CBC_MD5 );
+    }
+
+
+    /**
+     * Returns the allowed clock skew.
+     *
+     * @return The allowed clock skew.
+     */
+    public long getAllowedClockSkew()
+    {
+        return allowedClockSkew;
+    }
+
+
+    /**
+     * @param allowedClockSkew The allowedClockSkew to set.
+     */
+    public void setAllowedClockSkew( long allowedClockSkew )
+    {
+        this.allowedClockSkew = allowedClockSkew;
+    }
+
+
+    /**
+     * Returns whether pre-authentication by encrypted timestamp is to be performed.
+     *
+     * @return Whether pre-authentication by encrypted timestamp is to be performed.
+     */
+    public boolean isUsePaEncTimestamp()
+    {
+        return usePaEncTimestamp;
+    }
+
+
+    /**
+     * @param usePaEncTimestamp Whether to use encrypted timestamp pre-authentication.
+     */
+    public void setUsePaEncTimestamp( boolean usePaEncTimestamp )
+    {
+        this.usePaEncTimestamp = usePaEncTimestamp;
+    }
+
+
+    /**
+     * @return The udpPreferenceLimit.
+     */
+    public int getUdpPreferenceLimit()
+    {
+        return udpPreferenceLimit;
+    }
+
+
+    /**
+     * Default is UDP.  Set to 1 to use TCP.
+     * 
+     * @param udpPreferenceLimit 
+     */
+    public void setUdpPreferenceLimit( int udpPreferenceLimit )
+    {
+        this.udpPreferenceLimit = udpPreferenceLimit;
+    }
+
+
+    /**
+     * Returns the start time.
+     *
+     * @return The start time.
+     */
+    public Date getStartTime()
+    {
+        return startTime;
+    }
+
+
+    /**
+     * Request a postdated ticket, valid starting at the specified start time.  Postdated
+     * tickets are issued in an invalid state and must be validated by the KDC before use.
+     * 
+     * @param startTime 
+     */
+    public void setStartTime( Date startTime )
+    {
+        this.startTime = startTime;
+    }
+
+
+    /**
+     * Returns whether to request a forwardable ticket.
+     *
+     * @return true if the request is for a forwardable ticket.
+     */
+    public boolean isForwardable()
+    {
+        return isForwardable;
+    }
+
+
+    /**
+     * Sets whether to request a forwardable ticket.
+     *
+     * @param isForwardable
+     */
+    public void setForwardable( boolean isForwardable )
+    {
+        this.isForwardable = isForwardable;
+    }
+
+
+    /**
+     * Returns whether to request a forwarded ticket.
+     *
+     * @return true if the request is for a forwarded ticket.
+     */
+    public boolean isForwarded()
+    {
+        return isForwarded;
+    }
+
+
+    /**
+     * Sets whether to request a forwarded ticket.
+     *
+     * @param isForwarded
+     */
+    public void setForwarded( boolean isForwarded )
+    {
+        this.isForwarded = isForwarded;
+    }
+
+
+    /**
+     * Returns whether to request a proxiable ticket.
+     * 
+     * @return true if the request is for a proxiable ticket.
+     */
+    public boolean isProxiable()
+    {
+        return isProxiable;
+    }
+
+
+    /**
+     * Sets whether to request a proxiable ticket.
+     *
+     * @param isProxiable
+     */
+    public void setProxiable( boolean isProxiable )
+    {
+        this.isProxiable = isProxiable;
+    }
+
+
+    /**
+     * Returns whether to request a proxy ticket.
+     * 
+     * @return true if the request is for a proxy ticket.
+     */
+    public boolean isProxy()
+    {
+        return isProxy;
+    }
+
+
+    /**
+     * Sets whether to request a proxy ticket.
+     *
+     * @param isProxy
+     */
+    public void setProxy( boolean isProxy )
+    {
+        this.isProxy = isProxy;
+    }
+
+
+    /**
+     * @return The lifetime in milliseconds.
+     */
+    public long getLifeTime()
+    {
+        return lifeTime;
+    }
+
+
+    /**
+     * Requests a ticket with the specified lifetime.  The value for lifetime is
+     * in milliseconds.  Constants are provided for MINUTE, DAY, and WEEK.
+     * 
+     * @param lifeTime The lifetime to set.
+     */
+    public void setLifeTime( long lifeTime )
+    {
+        this.lifeTime = lifeTime;
+    }
+
+
+    /**
+     * @return The renewable lifetime.
+     */
+    public long getRenewableLifetime()
+    {
+        return renewableLifetime;
+    }
+
+
+    /**
+     * Requests a ticket with the specified total lifetime.  The value for
+     * lifetime is in milliseconds.  Constants are provided for MINUTE, DAY,
+     * and WEEK.
+     * 
+     * @param renewableLifetime The renewable lifetime to set.
+     */
+    public void setRenewableLifetime( long renewableLifetime )
+    {
+        this.renewableLifetime = renewableLifetime;
+    }
+
+
+    /**
+     * Returns the encryption types.
+     *
+     * @return The encryption types.
+     */
+    public Set<EncryptionType> getEncryptionTypes()
+    {
+        return encryptionTypes;
+    }
+
+
+    /**
+     * @param encryptionTypes The encryption types to set.
+     */
+    public void setEncryptionTypes( Set<EncryptionType> encryptionTypes )
+    {
+        this.encryptionTypes = encryptionTypes;
+    }
+
+
+    /**
+     * Returns the client addresses.
+     *
+     * @return The client addresses.
+     */
+    public Set<InetAddress> getClientAddresses()
+    {
+        return clientAddresses;
+    }
+
+
+    /**
+     * Sets the client addresses.
+     *
+     * @param clientAddresses
+     */
+    public void setClientAddresses( Set<InetAddress> clientAddresses )
+    {
+        this.clientAddresses = clientAddresses;
+    }
+
+
+    /**
+     * Returns whether postdating is allowed.
+     * 
+     * @return true if postdating is allowed.
+     */
+    public boolean isAllowPostdate()
+    {
+        return isAllowPostdate;
+    }
+
+
+    /**
+     * Sets whether postdating is allowed.
+     * 
+     * @param isAllowPostdate Whether postdating is allowed.
+     */
+    public void setAllowPostdate( boolean isAllowPostdate )
+    {
+        this.isAllowPostdate = isAllowPostdate;
+    }
+
+
+    /**
+     * Returns whether renewable tickets are OK.
+     * 
+     * @return true if renewable tickets are OK.
+     */
+    public boolean isRenewableOk()
+    {
+        return isRenewableOk;
+    }
+
+
+    /**
+     * Sets whether renewable tickets are OK.
+     * 
+     * @param isRenewableOk Whether renewable tickets are OK.
+     */
+    public void setRenewableOk( boolean isRenewableOk )
+    {
+        this.isRenewableOk = isRenewableOk;
+    }
+}

Added: directory/sandbox/kayyagari/kerberos-client/src/main/java/org/apache/directory/kerberos/client/KerberosConnection.java
URL: http://svn.apache.org/viewvc/directory/sandbox/kayyagari/kerberos-client/src/main/java/org/apache/directory/kerberos/client/KerberosConnection.java?rev=1043355&view=auto
==============================================================================
--- directory/sandbox/kayyagari/kerberos-client/src/main/java/org/apache/directory/kerberos/client/KerberosConnection.java
(added)
+++ directory/sandbox/kayyagari/kerberos-client/src/main/java/org/apache/directory/kerberos/client/KerberosConnection.java
Wed Dec  8 11:08:22 2010
@@ -0,0 +1,353 @@
+/*
+ *   Licensed to the Apache Software Foundation (ASF) under one
+ *   or more contributor license agreements.  See the NOTICE file
+ *   distributed with this work for additional information
+ *   regarding copyright ownership.  The ASF licenses this file
+ *   to you under the Apache License, Version 2.0 (the
+ *   "License"); you may not use this file except in compliance
+ *   with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing,
+ *   software distributed under the License is distributed on an
+ *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *   KIND, either express or implied.  See the License for the
+ *   specific language governing permissions and limitations
+ *   under the License.
+ *
+ */
+
+package org.apache.directory.kerberos.client;
+
+
+import java.net.InetAddress;
+import java.net.InetSocketAddress;
+import java.net.SocketAddress;
+import java.nio.ByteBuffer;
+import java.security.SecureRandom;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Set;
+import java.util.concurrent.TimeUnit;
+
+import javax.security.auth.kerberos.KerberosPrincipal;
+
+import org.apache.directory.server.kerberos.protocol.KerberosProtocolCodecFactory;
+import org.apache.directory.server.kerberos.shared.crypto.encryption.CipherTextHandler;
+import org.apache.directory.server.kerberos.shared.crypto.encryption.KerberosKeyFactory;
+import org.apache.directory.server.kerberos.shared.crypto.encryption.KeyUsage;
+import org.apache.directory.shared.kerberos.KerberosMessageType;
+import org.apache.directory.shared.kerberos.KerberosTime;
+import org.apache.directory.shared.kerberos.codec.options.KdcOptions;
+import org.apache.directory.shared.kerberos.codec.types.EncryptionType;
+import org.apache.directory.shared.kerberos.codec.types.PaDataType;
+import org.apache.directory.shared.kerberos.components.EncryptedData;
+import org.apache.directory.shared.kerberos.components.EncryptionKey;
+import org.apache.directory.shared.kerberos.components.HostAddress;
+import org.apache.directory.shared.kerberos.components.HostAddresses;
+import org.apache.directory.shared.kerberos.components.KdcReqBody;
+import org.apache.directory.shared.kerberos.components.PaData;
+import org.apache.directory.shared.kerberos.components.PaEncTsEnc;
+import org.apache.directory.shared.kerberos.components.PrincipalName;
+import org.apache.directory.shared.kerberos.exceptions.ErrorType;
+import org.apache.directory.shared.kerberos.exceptions.KerberosException;
+import org.apache.directory.shared.kerberos.messages.AsRep;
+import org.apache.directory.shared.kerberos.messages.AsReq;
+import org.apache.directory.shared.kerberos.messages.KerberosMessage;
+import org.apache.mina.core.filterchain.IoFilter;
+import org.apache.mina.core.future.ConnectFuture;
+import org.apache.mina.core.future.WriteFuture;
+import org.apache.mina.core.service.IoConnector;
+import org.apache.mina.core.service.IoHandlerAdapter;
+import org.apache.mina.core.session.IoSession;
+import org.apache.mina.filter.codec.ProtocolCodecFilter;
+import org.apache.mina.transport.socket.nio.NioSocketConnector;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+
+/**
+ * A client to connect to Kerberos server and retrieve TGTs
+ * 
+ * WARN: still experimental, no doco and code is still convoluted a bit
+ * 
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public class KerberosConnection extends IoHandlerAdapter
+{
+    /** logger for reporting errors that might not be handled properly upstream */
+    private static final Logger LOG = LoggerFactory.getLogger( KerberosConnection.class );
+
+    private static final boolean IS_DEBUG = LOG.isDebugEnabled();
+    
+    private IoConnector connector;
+
+    private IoSession kerberosSession;
+
+    private IoFilter filter = new ProtocolCodecFilter( KerberosProtocolCodecFactory.getInstance()
);
+
+    private String hostName;
+
+    private int port = 88; // default value
+
+    private CipherTextHandler lockBox = new CipherTextHandler();
+
+    private SecureRandom random;
+
+    private Map<Integer, ReplyFuture> futureMap;
+
+    private Map<Integer, EncryptionKey> clientKeyMap;
+    
+    /** The timeout used for response we are waiting for */
+    private long timeout = 30000L;
+
+
+    public KerberosConnection( String hostName )
+    {
+        this.hostName = hostName;
+    }
+
+
+    public KerberosConnection( String hostName, int port )
+    {
+        this.hostName = hostName;
+        this.port = port;
+    }
+
+
+    public boolean connect()
+    {
+        if ( connector != null )
+        {
+            return true;
+        }
+
+        random = new SecureRandom();
+        futureMap = new HashMap<Integer, ReplyFuture>();
+        clientKeyMap = new HashMap<Integer, EncryptionKey>();
+        
+        connector = new NioSocketConnector();
+        connector.getFilterChain().addLast( "kerberoscodec", filter );
+        connector.setHandler( this );
+
+        SocketAddress address = new InetSocketAddress( hostName, port );
+
+        LOG.debug( "trying to establish connection to the kerberso server {} running at port
{}", hostName, port );
+        ConnectFuture connectFuture = connector.connect( address );
+
+        connectFuture.awaitUninterruptibly();
+
+        if ( !connectFuture.isConnected() )
+        {
+            close();
+            return false;
+        }
+
+        kerberosSession = connectFuture.getSession();
+
+        return true;
+    }
+
+
+    public void close()
+    {
+        if ( connector == null )
+        {
+            return;
+        }
+
+        connector.dispose();
+        connector = null;
+    }
+
+
+    public void getTicketGrantingTicket( KerberosPrincipal principal, KerberosPrincipal targetPrincipal,
+        String password, ClientRequestOptions clientOptions ) throws KerberosException
+    {
+        ReplyFuture future = getTicketGrantingTicketAsync( principal, targetPrincipal, password,
clientOptions );
+        
+        try
+        {
+            KerberosMessage msg = future.get( timeout, TimeUnit.MILLISECONDS );
+            
+            if ( IS_DEBUG )
+            {
+                LOG.debug( "received TGT {}", msg );
+            }
+        }
+        catch( Exception e )
+        {
+            
+        }
+    }
+
+
+    public ReplyFuture getTicketGrantingTicketAsync( KerberosPrincipal principal, KerberosPrincipal
targetPrincipal,
+        String password, ClientRequestOptions clientOptions ) throws KerberosException
+    {
+        try
+        {
+
+            KdcReqBody reqBody = new KdcReqBody();
+
+            KdcOptions kdcOptions = new KdcOptions();
+            reqBody.setKdcOptions( kdcOptions );
+
+            reqBody.setCName( new PrincipalName( principal ) );
+            reqBody.setRealm( principal.getRealm() );
+            reqBody.setSName( new PrincipalName( targetPrincipal ) );
+
+            Date prefStartTime = clientOptions.getStartTime();
+            if ( prefStartTime != null )
+            {
+                reqBody.setFrom( new KerberosTime( prefStartTime ) );
+            }
+
+            long currentTime = System.currentTimeMillis();
+            KerberosTime lifeTime = new KerberosTime( clientOptions.getLifeTime() + currentTime
);
+            reqBody.setTill( lifeTime );
+
+            if ( clientOptions.getRenewableLifetime() > 0 )
+            {
+                reqBody.setRtime( new KerberosTime( clientOptions.getRenewableLifetime()
+ currentTime ) );
+                kdcOptions.setFlag( KdcOptions.RENEWABLE );
+            }
+
+            int nonce = random.nextInt();
+            reqBody.setNonce( nonce );
+
+            Set<EncryptionType> ciphers = clientOptions.getEncryptionTypes();
+            reqBody.setEType( ciphers );
+
+            if ( clientOptions.getClientAddresses() != null )
+            {
+                HostAddresses addresses = new HostAddresses();
+                for ( InetAddress ia : clientOptions.getClientAddresses() )
+                {
+                    addresses.addHostAddress( new HostAddress( ia ) );
+                }
+
+                reqBody.setAddresses( addresses );
+            }
+
+            if ( clientOptions.isAllowPostdate() )
+            {
+                kdcOptions.setFlag( KdcOptions.ALLOW_POSTDATE );
+            }
+
+            if ( clientOptions.isProxiable() )
+            {
+                kdcOptions.setFlag( KdcOptions.PROXIABLE );
+            }
+
+            if ( clientOptions.isForwardable() )
+            {
+                kdcOptions.setFlag( KdcOptions.FORWARDABLE );
+            }
+
+            Map<EncryptionType, EncryptionKey> keys = KerberosKeyFactory.getKerberosKeys(
principal.getName(),
+                password, ciphers );
+
+            /** The client's encryption key. */
+            EncryptionKey clientKey = keys.get( ciphers.iterator().next() ); // FIXME this
is always taking first cipher, not good
+
+            PaData paData = new PaData();
+
+            if ( clientOptions.isUsePaEncTimestamp() )
+            {
+
+                PaEncTsEnc paEncTimeStamp = new PaEncTsEnc( new KerberosTime(), 0 );
+                
+                EncryptedData encryptedData = null;
+
+                try
+                {
+                    encryptedData = lockBox.seal( clientKey, paEncTimeStamp, KeyUsage.NUMBER1
);
+                }
+                catch ( KerberosException ke )
+                {
+                    LOG.error( "Unexpected exception encrypting timestamp.", ke );
+                }
+
+                ByteBuffer buf = ByteBuffer.allocate( encryptedData.computeLength() );
+                byte[] encodedEncryptedData = encryptedData.encode( buf ).array();
+                paData.setPaDataType( PaDataType.PA_ENC_TIMESTAMP );
+
+                paData.setPaDataValue( encodedEncryptedData );
+            }
+
+            AsReq request = new AsReq();
+            request.setKdcReqBody( reqBody );
+            request.addPaData( paData );
+
+            ReplyFuture repFuture = new ReplyFuture();
+
+            futureMap.put( nonce, repFuture );
+            clientKeyMap.put( nonce, clientKey );
+
+            // Send the request to the server
+            WriteFuture writeFuture = kerberosSession.write( request );
+
+            // Wait for the message to be sent to the server
+            if ( !writeFuture.awaitUninterruptibly( timeout ) )
+            {
+                // We didn't received anything : this is an error
+                LOG.error( "Search failed : timeout occured" );
+
+                throw new KerberosException( ErrorType.KRB_ERR_GENERIC, "operation timed
out" );
+            }
+
+            return repFuture;
+        }
+        catch ( Exception e )
+        {
+            e.printStackTrace();
+            throw new KerberosException( ErrorType.KRB_ERR_GENERIC, e );
+        }
+    }
+
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public void exceptionCaught( IoSession session, Throwable cause ) throws Exception
+    {
+        LOG.warn( "", cause );
+    }
+
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public void messageReceived( IoSession session, Object message ) throws Exception
+    {
+        if ( IS_DEBUG )
+        {
+            LOG.debug( "Received reply:  {}", message );
+        }
+
+        KerberosMessage krbMessage = ( KerberosMessage ) message;
+
+        KerberosMessageType messageType = krbMessage.getMessageType();
+
+        switch ( messageType )
+        {
+            case AS_REP:
+                
+                AsRep asrep = ( AsRep ) krbMessage;
+                ReplyFuture future = futureMap.remove( asrep.getNonce() );
+                future.set( krbMessage );
+                break;
+
+            case TGS_REP:
+                break;
+
+            case KRB_ERROR:
+                break;
+        }
+    }
+}

Added: directory/sandbox/kayyagari/kerberos-client/src/main/java/org/apache/directory/kerberos/client/ReplyFuture.java
URL: http://svn.apache.org/viewvc/directory/sandbox/kayyagari/kerberos-client/src/main/java/org/apache/directory/kerberos/client/ReplyFuture.java?rev=1043355&view=auto
==============================================================================
--- directory/sandbox/kayyagari/kerberos-client/src/main/java/org/apache/directory/kerberos/client/ReplyFuture.java
(added)
+++ directory/sandbox/kayyagari/kerberos-client/src/main/java/org/apache/directory/kerberos/client/ReplyFuture.java
Wed Dec  8 11:08:22 2010
@@ -0,0 +1,57 @@
+/*
+ *   Licensed to the Apache Software Foundation (ASF) under one
+ *   or more contributor license agreements.  See the NOTICE file
+ *   distributed with this work for additional information
+ *   regarding copyright ownership.  The ASF licenses this file
+ *   to you under the Apache License, Version 2.0 (the
+ *   "License"); you may not use this file except in compliance
+ *   with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing,
+ *   software distributed under the License is distributed on an
+ *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *   KIND, either express or implied.  See the License for the
+ *   specific language governing permissions and limitations
+ *   under the License.
+ *
+ */
+
+package org.apache.directory.kerberos.client;
+
+
+import java.util.concurrent.BlockingQueue;
+import java.util.concurrent.TimeUnit;
+
+import org.apache.directory.shared.kerberos.messages.KerberosMessage;
+
+
+/**
+ * TODO ReplyFuture.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public class ReplyFuture
+{
+    /** the queue for holding the KerberosMessage sent from server */
+    private BlockingQueue<KerberosMessage> queue;
+
+
+    public KerberosMessage get() throws InterruptedException
+    {
+        return queue.take();
+    }
+
+
+    public KerberosMessage get( long timeout, TimeUnit unit ) throws InterruptedException
+    {
+        return queue.poll( timeout, unit );
+    }
+
+
+    public void set( KerberosMessage mesg ) throws InterruptedException
+    {
+        queue.put( mesg );
+    }
+}

Added: directory/sandbox/kayyagari/kerberos-client/src/test/java/org/apache/directory/kerberos/client/KerberosConnectionTest.java
URL: http://svn.apache.org/viewvc/directory/sandbox/kayyagari/kerberos-client/src/test/java/org/apache/directory/kerberos/client/KerberosConnectionTest.java?rev=1043355&view=auto
==============================================================================
--- directory/sandbox/kayyagari/kerberos-client/src/test/java/org/apache/directory/kerberos/client/KerberosConnectionTest.java
(added)
+++ directory/sandbox/kayyagari/kerberos-client/src/test/java/org/apache/directory/kerberos/client/KerberosConnectionTest.java
Wed Dec  8 11:08:22 2010
@@ -0,0 +1,151 @@
+/*
+ *   Licensed to the Apache Software Foundation (ASF) under one
+ *   or more contributor license agreements.  See the NOTICE file
+ *   distributed with this work for additional information
+ *   regarding copyright ownership.  The ASF licenses this file
+ *   to you under the Apache License, Version 2.0 (the
+ *   "License"); you may not use this file except in compliance
+ *   with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing,
+ *   software distributed under the License is distributed on an
+ *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *   KIND, either express or implied.  See the License for the
+ *   specific language governing permissions and limitations
+ *   under the License.
+ *
+ */
+
+package org.apache.directory.kerberos.client;
+
+
+import javax.security.auth.kerberos.KerberosPrincipal;
+
+import org.apache.directory.server.annotations.CreateKdcServer;
+import org.apache.directory.server.annotations.CreateLdapServer;
+import org.apache.directory.server.annotations.CreateTransport;
+import org.apache.directory.server.annotations.SaslMechanism;
+import org.apache.directory.server.core.annotations.ApplyLdifs;
+import org.apache.directory.server.core.annotations.ContextEntry;
+import org.apache.directory.server.core.annotations.CreateDS;
+import org.apache.directory.server.core.annotations.CreateIndex;
+import org.apache.directory.server.core.annotations.CreatePartition;
+import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
+import org.apache.directory.server.core.integ.FrameworkRunner;
+import org.apache.directory.server.core.kerberos.KeyDerivationInterceptor;
+import org.apache.directory.server.ldap.handlers.bind.cramMD5.CramMd5MechanismHandler;
+import org.apache.directory.server.ldap.handlers.bind.digestMD5.DigestMd5MechanismHandler;
+import org.apache.directory.server.ldap.handlers.bind.gssapi.GssapiMechanismHandler;
+import org.apache.directory.server.ldap.handlers.bind.ntlm.NtlmMechanismHandler;
+import org.apache.directory.server.ldap.handlers.bind.plain.PlainMechanismHandler;
+import org.apache.directory.shared.ldap.constants.SupportedSaslMechanisms;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+
+/**
+ * Test cases for KerberosConnection.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+@RunWith(FrameworkRunner.class)
+@CreateDS(name = "KerberosConnectionTest-class",
+    partitions =
+        {
+            @CreatePartition(
+                name = "example",
+                suffix = "dc=example,dc=com",
+                contextEntry = @ContextEntry(
+                    entryLdif =
+                        "dn: dc=example,dc=com\n" +
+                            "dc: example\n" +
+                            "objectClass: top\n" +
+                            "objectClass: domain\n\n"),
+                indexes =
+                {
+                    @CreateIndex(attribute = "ou")
+                })
+        },
+        additionalInterceptors =
+        {
+                KeyDerivationInterceptor.class
+        })
+@CreateLdapServer(
+    transports =
+    {
+        @CreateTransport(protocol = "LDAP")
+    },
+    saslHost = "localhost",
+    saslPrincipal = "ldap/localhost@EXAMPLE.COM",
+        saslMechanisms =
+            {
+                @SaslMechanism(name = SupportedSaslMechanisms.PLAIN, implClass = PlainMechanismHandler.class),
+                @SaslMechanism(name = SupportedSaslMechanisms.CRAM_MD5, implClass = CramMd5MechanismHandler.class),
+                @SaslMechanism(name = SupportedSaslMechanisms.DIGEST_MD5, implClass = DigestMd5MechanismHandler.class),
+                @SaslMechanism(name = SupportedSaslMechanisms.GSSAPI, implClass = GssapiMechanismHandler.class),
+                @SaslMechanism(name = SupportedSaslMechanisms.NTLM, implClass = NtlmMechanismHandler.class),
+                @SaslMechanism(name = SupportedSaslMechanisms.GSS_SPNEGO, implClass = NtlmMechanismHandler.class)
+            })
+@CreateKdcServer(
+    transports =
+    {
+        @CreateTransport(protocol = "UDP", port = 6088),
+        @CreateTransport(protocol = "TCP", port = 6088)
+    })
+@ApplyLdifs(
+ {
+    "dn: ou=Users,dc=example,dc=com",
+    "objectClass: organizationalUnit",
+    "objectClass: top",
+    "ou: Users",
+
+    "dn: uid=hnelson,ou=Users,dc=example,dc=com",
+    "objectClass: top",
+    "objectClass: person",
+    "objectClass: inetOrgPerson",
+    "objectClass: krb5principal",
+    "objectClass: krb5kdcentry",
+    "cn: Horatio Nelson",
+    "sn: Nelson",
+    "uid: hnelson",
+    "userPassword: secret",
+    "krb5PrincipalName: hnelson@EXAMPLE.COM",
+    "krb5KeyVersionNumber: 0",
+    
+    "dn: uid=krbtgt,ou=Users,dc=example,dc=com",
+    "objectClass: top",
+    "objectClass: person",
+    "objectClass: inetOrgPerson",
+    "objectClass: krb5principal",
+    "objectClass: krb5kdcentry",
+    "cn: KDC Service",
+    "sn: Service",
+    "uid: krbtgt",
+    "userPassword: secret",
+    "krb5PrincipalName: krbtgt/EXAMPLE.COM@EXAMPLE.COM",
+    "krb5KeyVersionNumber: 0"
+ })
+public class KerberosConnectionTest extends AbstractLdapTestUnit
+{
+    private KerberosConnection connection;
+    
+    private KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM"
);
+    
+    private KerberosPrincipal serverPrincipal = new KerberosPrincipal( "krbtgt/EXAMPLE.COM@EXAMPLE.COM"
);
+    
+    @Before
+    public void createConnection()
+    {
+        connection = new KerberosConnection( "localhost", 6088 );
+        connection.connect();
+    }
+    
+    @Test
+    public void testGetTgt() throws Exception
+    {
+        connection.getTicketGrantingTicket( clientPrincipal, serverPrincipal, "secret", new
ClientRequestOptions() );
+    }
+}

Added: directory/sandbox/kayyagari/kerberos-client/src/test/resources/log4j.properties
URL: http://svn.apache.org/viewvc/directory/sandbox/kayyagari/kerberos-client/src/test/resources/log4j.properties?rev=1043355&view=auto
==============================================================================
--- directory/sandbox/kayyagari/kerberos-client/src/test/resources/log4j.properties (added)
+++ directory/sandbox/kayyagari/kerberos-client/src/test/resources/log4j.properties Wed Dec
 8 11:08:22 2010
@@ -0,0 +1,47 @@
+#############################################################################
+#    Licensed to the Apache Software Foundation (ASF) under one or more
+#    contributor license agreements.  See the NOTICE file distributed with
+#    this work for additional information regarding copyright ownership.
+#    The ASF licenses this file to You under the Apache License, Version 2.0
+#    (the "License"); you may not use this file except in compliance with
+#    the License.  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS,
+#    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#    See the License for the specific language governing permissions and
+#    limitations under the License.
+#############################################################################
+log4j.rootCategory=debug, stdout
+
+log4j.appender.stdout=org.apache.log4j.ConsoleAppender
+log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
+log4j.appender.stdout.layout.ConversionPattern=[%d{HH:mm:ss}] %p [%c] - %m%n
+
+#log4j.logger.org.apache.directory.shared.client.api=DEBUG
+log4j.logger.org.apache.directory.shared.asn1.ber=FATAL
+logger.log4j.org.apache.directory.shared.ldap.codec.controls.ppolicy=DEBUG
+logger.log4j.org.apache.directory.shared.asn1=WARN
+logger.log4j.org.apache.directory.shared.ldap.codec=WARN
+
+log4j.logger.org.apache.directory.shared.ldap.name=FATAL
+log4j.logger.org.apache.directory.shared.codec=FATAL
+log4j.logger.org.apache.directory.server.schema.registries=FATAL
+log4j.logger.org.apache.directory.server.core=DEBUG
+log4j.logger.org.apache.directory.shared.ldap.schema=WARN
+log4j.logger.org.apache.directory.shared.ldap.ldif=WARN
+log4j.logger.org.apache.directory.ldap.client.api=WARN
+log4j.logger.JdbmTable=WARN
+log4j.logger.JdbmIndex=WARN
+log4j.logger.org.apache.directory.server.core.partition.impl.btree.jdbm=WARN
+log4j.logger.org.apache.directory.server.core.DefaultOperationManager=WARN
+log4j.logger.org.apache.directory.server.core.partition.ldif=WARN
+log4j.logger.org.apache.directory.server.core.security.TlsKeyGenerator=WARN
+log4j.logger.org.apache.directory.shared.ldap.entry.StringValue=WARN
+log4j.logger.aci-logger=WARN
+log4j.logger.org.apache.directory.shared.ldap.subtree=WARN
+log4j.logger.org.apache.directory.shared.ldap.aci=WARN
+log4j.logger.org.apache.directory.server.xdbm.impl.avl=WARN
+log4j.logger.org.apache.directory.kerberos.client=DEBUG
\ No newline at end of file



Mime
View raw message