directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kayyag...@apache.org
Subject svn commit: r1443107 [5/6] - in /directory/apacheds/trunk: interceptor-kerberos/src/main/java/org/apache/directory/server/core/kerberos/ kerberos-codec/ kerberos-codec/src/main/java/org/apache/directory/server/kerberos/changepwd/ kerberos-codec/src/mai...
Date Wed, 06 Feb 2013 18:19:39 GMT
Modified: directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/AuthenticationServiceTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/AuthenticationServiceTest.java?rev=1443107&r1=1443106&r2=1443107&view=diff
==============================================================================
--- directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/AuthenticationServiceTest.java (original)
+++ directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/AuthenticationServiceTest.java Wed Feb  6 18:19:36 2013
@@ -24,10 +24,12 @@ import static org.junit.Assert.assertEqu
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertTrue;
 
-import java.util.ArrayList;
-import java.util.List;
+import java.util.HashSet;
+import java.util.Set;
+
 import javax.security.auth.kerberos.KerberosPrincipal;
 
+import org.apache.directory.server.kerberos.KerberosConfig;
 import org.apache.directory.server.kerberos.kdc.KdcServer;
 import org.apache.directory.server.kerberos.shared.crypto.encryption.CipherTextHandler;
 import org.apache.directory.server.kerberos.shared.store.PrincipalStore;
@@ -56,7 +58,8 @@ import org.junit.Test;
  */
 public class AuthenticationServiceTest extends AbstractAuthenticationServiceTest
 {
-    private KdcServer config;
+    private KerberosConfig config;
+    private KdcServer kdcServer;
     private PrincipalStore store;
     private KerberosProtocolHandler handler;
     private KrbDummySession session;
@@ -68,9 +71,10 @@ public class AuthenticationServiceTest e
     @Before
     public void setUp()
     {
-        config = new KdcServer();
+        kdcServer = new KdcServer();
+        config = kdcServer.getConfig();
         store = new MapPrincipalStoreImpl();
-        handler = new KerberosProtocolHandler( config, store );
+        handler = new KerberosProtocolHandler( kdcServer, store );
         session = new KrbDummySession();
         lockBox = new CipherTextHandler();
     }
@@ -82,7 +86,7 @@ public class AuthenticationServiceTest e
     @After
     public void shutDown()
     {
-        config.stop();
+        kdcServer.stop();
     }
 
 
@@ -111,8 +115,7 @@ public class AuthenticationServiceTest e
 
         KrbError error = ( KrbError ) session.getMessage();
 
-        assertEquals( "Additional pre-authentication required", ErrorType.KDC_ERR_PREAUTH_REQUIRED,
-            error.getErrorCode() );
+        assertEquals( "Additional pre-authentication required", ErrorType.KDC_ERR_PREAUTH_REQUIRED, error.getErrorCode() );
     }
 
 
@@ -137,8 +140,7 @@ public class AuthenticationServiceTest e
         Object msg = session.getMessage();
         assertEquals( "session.getMessage() instanceOf", KrbError.class, msg.getClass() );
         KrbError error = ( KrbError ) msg;
-        assertEquals( "Requested protocol version number not supported", ErrorType.KDC_ERR_BAD_PVNO,
-            error.getErrorCode() );
+        assertEquals( "Requested protocol version number not supported", ErrorType.KDC_ERR_BAD_PVNO, error.getErrorCode() );
     }
 
 
@@ -193,8 +195,7 @@ public class AuthenticationServiceTest e
         Object msg = session.getMessage();
         assertEquals( "session.getMessage() instanceOf", KrbError.class, msg.getClass() );
         KrbError error = ( KrbError ) msg;
-        assertEquals( "Client not found in Kerberos database", ErrorType.KDC_ERR_C_PRINCIPAL_UNKNOWN,
-            error.getErrorCode() );
+        assertEquals( "Client not found in Kerberos database", ErrorType.KDC_ERR_C_PRINCIPAL_UNKNOWN, error.getErrorCode() );
     }
 
 
@@ -215,8 +216,8 @@ public class AuthenticationServiceTest e
         kdcReqBody.setSName( getPrincipalName( "krbtgt/EXAMPLE.COM@EXAMPLE.COM" ) );
         kdcReqBody.setRealm( "EXAMPLE.COM" );
 
-        List<EncryptionType> encryptionTypes = new ArrayList<EncryptionType>();
-        encryptionTypes.add( EncryptionType.DES3_CBC_MD5 );
+        Set<EncryptionType> encryptionTypes = new HashSet<EncryptionType>();
+        encryptionTypes.add( EncryptionType.RC4_HMAC );
 
         kdcReqBody.setEType( encryptionTypes );
 
@@ -230,7 +231,7 @@ public class AuthenticationServiceTest e
         KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
 
         String passPhrase = "secret";
-        PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase, config.getEncryptionTypes() );
+        PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase );
 
         KdcReq message = new AsReq();
         message.setKdcReqBody( kdcReqBody );
@@ -266,7 +267,7 @@ public class AuthenticationServiceTest e
         KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
 
         String passPhrase = "secret";
-        PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase, config.getEncryptionTypes() );
+        PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase );
 
         KdcReq message = new AsReq();
         message.setKdcReqBody( kdcReqBody );
@@ -281,8 +282,7 @@ public class AuthenticationServiceTest e
         Object msg = session.getMessage();
         assertEquals( "session.getMessage() instanceOf", KrbError.class, msg.getClass() );
         KrbError error = ( KrbError ) msg;
-        assertEquals( "Server not found in Kerberos database", ErrorType.KDC_ERR_S_PRINCIPAL_UNKNOWN,
-            error.getErrorCode() );
+        assertEquals( "Server not found in Kerberos database", ErrorType.KDC_ERR_S_PRINCIPAL_UNKNOWN, error.getErrorCode() );
     }
 
 
@@ -329,7 +329,7 @@ public class AuthenticationServiceTest e
         KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
 
         String passPhrase = "secret";
-        PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase, config.getEncryptionTypes() );
+        PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase );
 
         KdcReq message = new AsReq();
         message.setKdcReqBody( kdcReqBody );
@@ -379,7 +379,7 @@ public class AuthenticationServiceTest e
         KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
 
         String passPhrase = "secret";
-        PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase, config.getEncryptionTypes() );
+        PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase );
 
         KdcReq message = new AsReq();
         message.setKdcReqBody( kdcReqBody );
@@ -436,7 +436,7 @@ public class AuthenticationServiceTest e
         KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
 
         String passPhrase = "secret";
-        PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase, config.getEncryptionTypes() );
+        PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase );
 
         KdcReq message = new AsReq();
         message.setKdcReqBody( kdcReqBody );
@@ -493,7 +493,7 @@ public class AuthenticationServiceTest e
         KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
 
         String passPhrase = "secret";
-        PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase, config.getEncryptionTypes() );
+        PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase );
 
         KdcReq message = new AsReq();
         message.setKdcReqBody( kdcReqBody );
@@ -549,7 +549,7 @@ public class AuthenticationServiceTest e
 
         KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
         String passPhrase = "secret";
-        PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase, config.getEncryptionTypes() );
+        PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase );
 
         KdcReq message = new AsReq();
         message.setKdcReqBody( kdcReqBody );
@@ -564,8 +564,7 @@ public class AuthenticationServiceTest e
         Object msg = session.getMessage();
         assertEquals( "session.getMessage() instanceOf", KrbError.class, msg.getClass() );
         KrbError error = ( KrbError ) msg;
-        assertEquals( "Requested start time is later than end time", ErrorType.KDC_ERR_NEVER_VALID,
-            error.getErrorCode() );
+        assertEquals( "Requested start time is later than end time", ErrorType.KDC_ERR_NEVER_VALID, error.getErrorCode() );
     }
 
 
@@ -596,12 +595,12 @@ public class AuthenticationServiceTest e
         KerberosTime requestedStartTime = new KerberosTime( now );
         kdcReqBody.setFrom( requestedStartTime );
 
-        KerberosTime requestedEndTime = new KerberosTime( now + 4 * KerberosTime.MINUTE );
+        KerberosTime requestedEndTime = new KerberosTime( now + 3 * KerberosTime.MINUTE );
         kdcReqBody.setTill( requestedEndTime );
 
         KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
         String passPhrase = "secret";
-        PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase, config.getEncryptionTypes() );
+        PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase );
 
         KdcReq message = new AsReq();
         message.setKdcReqBody( kdcReqBody );
@@ -616,8 +615,7 @@ public class AuthenticationServiceTest e
         Object msg = session.getMessage();
         assertEquals( "session.getMessage() instanceOf", KrbError.class, msg.getClass() );
         KrbError error = ( KrbError ) msg;
-        assertEquals( "Requested start time is later than end time", ErrorType.KDC_ERR_NEVER_VALID,
-            error.getErrorCode() );
+        assertEquals( "Requested start time is later than end time", ErrorType.KDC_ERR_NEVER_VALID, error.getErrorCode() );
     }
 
 
@@ -652,7 +650,7 @@ public class AuthenticationServiceTest e
 
         KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
         String passPhrase = "secret";
-        PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase, config.getEncryptionTypes() );
+        PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase );
 
         KdcReq message = new AsReq();
         message.setKdcReqBody( kdcReqBody );
@@ -714,7 +712,7 @@ public class AuthenticationServiceTest e
 
         KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
         String passPhrase = "secret";
-        PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase, config.getEncryptionTypes() );
+        PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase );
 
         KdcReq message = new AsReq();
         message.setKdcReqBody( kdcReqBody );
@@ -735,8 +733,7 @@ public class AuthenticationServiceTest e
         assertTrue( "POSTDATED flag", reply.getFlags().isPostdated() );
         assertTrue( "INVALID flag", reply.getFlags().isInvalid() );
 
-        assertTrue( "Requested start time",
-            requestedStartTime.equals( reply.getTicket().getEncTicketPart().getStartTime() ) );
+        assertTrue( "Requested start time", requestedStartTime.equals( reply.getTicket().getEncTicketPart().getStartTime() ) );
         assertTrue( "Requested end time", requestedEndTime.equals( reply.getEndTime() ) );
         assertTrue( "POSTDATED flag", reply.getTicket().getEncTicketPart().getFlags().isPostdated() );
         assertTrue( "INVALID flag", reply.getTicket().getEncTicketPart().getFlags().isInvalid() );
@@ -774,7 +771,7 @@ public class AuthenticationServiceTest e
         KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
 
         String passPhrase = "secret";
-        PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase, config.getEncryptionTypes() );
+        PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase );
 
         KdcReq message = new AsReq();
         message.setKdcReqBody( kdcReqBody );
@@ -826,7 +823,7 @@ public class AuthenticationServiceTest e
         KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
 
         String passPhrase = "secret";
-        PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase, config.getEncryptionTypes() );
+        PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase );
 
         KdcReq message = new AsReq();
         message.setKdcReqBody( kdcReqBody );
@@ -873,7 +870,7 @@ public class AuthenticationServiceTest e
         KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
 
         String passPhrase = "secret";
-        PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase, config.getEncryptionTypes() );
+        PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase );
 
         KdcReq message = new AsReq();
         message.setKdcReqBody( kdcReqBody );
@@ -921,7 +918,7 @@ public class AuthenticationServiceTest e
 
         KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
         String passPhrase = "secret";
-        PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase, config.getEncryptionTypes() );
+        PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase );
 
         KdcReq message = new AsReq();
         message.setKdcReqBody( kdcReqBody );
@@ -982,7 +979,7 @@ public class AuthenticationServiceTest e
         KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
 
         String passPhrase = "secret";
-        PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase, config.getEncryptionTypes() );
+        PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase );
 
         KdcReq message = new AsReq();
         message.setKdcReqBody( kdcReqBody );
@@ -1040,7 +1037,7 @@ public class AuthenticationServiceTest e
 
         KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
         String passPhrase = "secret";
-        PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase, config.getEncryptionTypes() );
+        PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase );
 
         KdcReq message = new AsReq();
         message.setKdcReqBody( kdcReqBody );
@@ -1093,7 +1090,7 @@ public class AuthenticationServiceTest e
 
         KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
         String passPhrase = "secret";
-        PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase, config.getEncryptionTypes() );
+        PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase );
 
         KdcReq message = new AsReq();
         message.setKdcReqBody( kdcReqBody );
@@ -1146,7 +1143,7 @@ public class AuthenticationServiceTest e
 
         KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
         String passPhrase = "secret";
-        PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase, config.getEncryptionTypes() );
+        PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase );
 
         KdcReq message = new AsReq();
         message.setKdcReqBody( kdcReqBody );
@@ -1205,7 +1202,7 @@ public class AuthenticationServiceTest e
 
         KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
         String passPhrase = "secret";
-        PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase, config.getEncryptionTypes() );
+        PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase );
 
         KdcReq message = new AsReq();
         message.setKdcReqBody( kdcReqBody );
@@ -1267,7 +1264,7 @@ public class AuthenticationServiceTest e
 
         KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
         String passPhrase = "secret";
-        PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase, config.getEncryptionTypes() );
+        PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase );
 
         KdcReq message = new AsReq();
         message.setKdcReqBody( kdcReqBody );
@@ -1321,7 +1318,7 @@ public class AuthenticationServiceTest e
 
         KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
         String passPhrase = "secret";
-        PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase, config.getEncryptionTypes() );
+        PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase );
 
         KdcReq message = new AsReq();
         message.setKdcReqBody( kdcReqBody );
@@ -1366,7 +1363,7 @@ public class AuthenticationServiceTest e
 
         KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
         String passPhrase = "secret";
-        PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase, config.getEncryptionTypes() );
+        PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase );
 
         KdcReq message = new AsReq();
         message.setKdcReqBody( kdcReqBody );
@@ -1411,7 +1408,7 @@ public class AuthenticationServiceTest e
 
         KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
         String passPhrase = "secret";
-        PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase, config.getEncryptionTypes() );
+        PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase );
 
         KdcReq message = new AsReq();
         message.setKdcReqBody( kdcReqBody );
@@ -1456,7 +1453,7 @@ public class AuthenticationServiceTest e
 
         KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
         String passPhrase = "secret";
-        PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase, config.getEncryptionTypes() );
+        PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase );
 
         KdcReq message = new AsReq();
         message.setKdcReqBody( kdcReqBody );
@@ -1501,7 +1498,7 @@ public class AuthenticationServiceTest e
 
         KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
         String passPhrase = "secret";
-        PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase, config.getEncryptionTypes() );
+        PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase );
 
         KdcReq message = new AsReq();
         message.setKdcReqBody( kdcReqBody );

Modified: directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/EncTktInSkeyTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/EncTktInSkeyTest.java?rev=1443107&r1=1443106&r2=1443107&view=diff
==============================================================================
--- directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/EncTktInSkeyTest.java (original)
+++ directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/EncTktInSkeyTest.java Wed Feb  6 18:19:36 2013
@@ -24,6 +24,7 @@ import static org.junit.Assert.assertEqu
 
 import javax.security.auth.kerberos.KerberosPrincipal;
 
+import org.apache.directory.server.kerberos.KerberosConfig;
 import org.apache.directory.server.kerberos.kdc.KdcServer;
 import org.apache.directory.server.kerberos.protocol.AbstractAuthenticationServiceTest.KrbDummySession;
 import org.apache.directory.server.kerberos.shared.crypto.encryption.CipherTextHandler;
@@ -50,7 +51,8 @@ import org.junit.Test;
  */
 public class EncTktInSkeyTest extends AbstractTicketGrantingServiceTest
 {
-    private KdcServer config;
+    private KerberosConfig config;
+    private KdcServer kdcServer;
     private PrincipalStore store;
     private KerberosProtocolHandler handler;
     private KrbDummySession session;
@@ -62,7 +64,8 @@ public class EncTktInSkeyTest extends Ab
     @Before
     public void setUp()
     {
-        config = new KdcServer();
+        kdcServer = new KdcServer();
+        config = kdcServer.getConfig();
 
         /*
          * Body checksum verification must be disabled because we are bypassing
@@ -71,7 +74,7 @@ public class EncTktInSkeyTest extends Ab
         config.setBodyChecksumVerified( false );
 
         store = new MapPrincipalStoreImpl();
-        handler = new KerberosProtocolHandler( config, store );
+        handler = new KerberosProtocolHandler( kdcServer, store );
         session = new KrbDummySession();
         lockBox = new CipherTextHandler();
     }
@@ -83,7 +86,7 @@ public class EncTktInSkeyTest extends Ab
     @After
     public void shutDown()
     {
-        config.stop();
+        kdcServer.stop();
     }
 
 

Modified: directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/MapPrincipalStoreImpl.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/MapPrincipalStoreImpl.java?rev=1443107&r1=1443106&r2=1443107&view=diff
==============================================================================
--- directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/MapPrincipalStoreImpl.java (original)
+++ directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/MapPrincipalStoreImpl.java Wed Feb  6 18:19:36 2013
@@ -25,6 +25,7 @@ import java.util.Map;
 
 import javax.security.auth.kerberos.KerberosPrincipal;
 
+import org.apache.directory.server.kerberos.changepwd.exceptions.ChangePasswordException;
 import org.apache.directory.server.kerberos.shared.crypto.encryption.KerberosKeyFactory;
 import org.apache.directory.server.kerberos.shared.store.PrincipalStore;
 import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntry;
@@ -79,9 +80,8 @@ public class MapPrincipalStoreImpl imple
     }
 
 
-    public String changePassword( KerberosPrincipal principal, String newPassword ) throws Exception
+    public void changePassword( KerberosPrincipal byPrincipal, KerberosPrincipal forPrincipal, String newPassword, boolean isInitialTicket ) throws ChangePasswordException
     {
-        return null;
     }
 
 

Modified: directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/PreAuthenticationTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/PreAuthenticationTest.java?rev=1443107&r1=1443106&r2=1443107&view=diff
==============================================================================
--- directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/PreAuthenticationTest.java (original)
+++ directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/PreAuthenticationTest.java Wed Feb  6 18:19:36 2013
@@ -23,10 +23,10 @@ package org.apache.directory.server.kerb
 import static org.junit.Assert.assertEquals;
 
 import java.nio.ByteBuffer;
-import java.util.ArrayList;
-import java.util.List;
+
 import javax.security.auth.kerberos.KerberosPrincipal;
 
+import org.apache.directory.server.kerberos.KerberosConfig;
 import org.apache.directory.server.kerberos.kdc.KdcServer;
 import org.apache.directory.server.kerberos.shared.crypto.encryption.CipherTextHandler;
 import org.apache.directory.server.kerberos.shared.crypto.encryption.KeyUsage;
@@ -57,7 +57,8 @@ import org.junit.Test;
  */
 public class PreAuthenticationTest extends AbstractAuthenticationServiceTest
 {
-    private KdcServer config;
+    private KerberosConfig config;
+    private KdcServer kdcServer;
     private PrincipalStore store;
     private KerberosProtocolHandler handler;
     private KrbDummySession session;
@@ -69,15 +70,10 @@ public class PreAuthenticationTest exten
     @Before
     public void setUp()
     {
-        List<EncryptionType> encryptionTypes = new ArrayList<EncryptionType>();
-        encryptionTypes.add( EncryptionType.AES128_CTS_HMAC_SHA1_96 );
-
-        config = new KdcServer();
-
-        config.setEncryptionTypes( encryptionTypes );
-
-        store = new MapPrincipalStoreImpl();
-        handler = new KerberosProtocolHandler( config, store );
+        kdcServer = new KdcServer();
+        config = kdcServer.getConfig();
+        store  = new MapPrincipalStoreImpl();
+        handler = new KerberosProtocolHandler( kdcServer, store );
         session = new KrbDummySession();
         lockBox = new CipherTextHandler();
     }
@@ -89,7 +85,7 @@ public class PreAuthenticationTest exten
     @After
     public void shutDown()
     {
-        config.stop();
+        kdcServer.stop();
     }
 
 
@@ -155,7 +151,7 @@ public class PreAuthenticationTest exten
         KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
 
         String passPhrase = "badpassword";
-        PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase, config.getEncryptionTypes() );
+        PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase );
 
         KdcReq message = new AsReq();
         message.setKdcReqBody( kdcReqBody );
@@ -202,7 +198,7 @@ public class PreAuthenticationTest exten
 
         KerberosTime timeStamp = new KerberosTime( 0 );
         String passPhrase = "secret";
-        PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase, timeStamp, config.getEncryptionTypes() );
+        PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase, timeStamp );
 
         KdcReq message = new AsReq();
         message.setKdcReqBody( kdcReqBody );
@@ -224,8 +220,9 @@ public class PreAuthenticationTest exten
 
 
     /**
-     * Tests when pre-authentication is included that is not supported by the KDC, that
-     * the correct error message is returned.
+     * Tests when pre-authentication is included that is not supported by the KDC.
+     * The server will ignore the unsupported pre-authentication type and returns the
+     * error related pre-auth requirement
      * 
      * @throws Exception
      */
@@ -263,7 +260,7 @@ public class PreAuthenticationTest exten
         assertEquals( "session.getMessage() instanceOf", KrbError.class, msg.getClass() );
         KrbError error = ( KrbError ) msg;
 
-        assertEquals( "KDC has no support for padata type", ErrorType.KDC_ERR_PADATA_TYPE_NOSUPP, error.getErrorCode() );
+        assertEquals( "ignores unknown pre-auth type and expects PA_ENC_TMSTMP pre-auth", ErrorType.KDC_ERR_PREAUTH_REQUIRED, error.getErrorCode() );
     }
 
 
@@ -306,10 +303,9 @@ public class PreAuthenticationTest exten
 
         PaEncTsEnc encryptedTimeStamp = new PaEncTsEnc( timeStamp, 0 );
 
-        EncryptionKey clientKey = getEncryptionKey( clientPrincipal, passPhrase, config.getEncryptionTypes() );
+        EncryptionKey clientKey = getEncryptionKey( clientPrincipal, passPhrase );
 
-        EncryptedData encryptedData = lockBox.seal( clientKey, encryptedTimeStamp,
-            KeyUsage.AS_REQ_PA_ENC_TIMESTAMP_WITH_CKEY );
+        EncryptedData encryptedData = lockBox.seal( clientKey, encryptedTimeStamp, KeyUsage.AS_REQ_PA_ENC_TIMESTAMP_WITH_CKEY );
 
         ByteBuffer buffer = ByteBuffer.allocate( encryptedData.computeLength() );
         byte[] encodedEncryptedData = encryptedData.encode( buffer ).array();

Modified: directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/TicketGrantingEncryptionTypeTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/TicketGrantingEncryptionTypeTest.java?rev=1443107&r1=1443106&r2=1443107&view=diff
==============================================================================
--- directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/TicketGrantingEncryptionTypeTest.java (original)
+++ directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/TicketGrantingEncryptionTypeTest.java Wed Feb  6 18:19:36 2013
@@ -22,14 +22,13 @@ package org.apache.directory.server.kerb
 
 import static org.junit.Assert.assertEquals;
 
-import java.util.ArrayList;
 import java.util.HashSet;
-import java.util.List;
 import java.util.Map;
 import java.util.Set;
 
 import javax.security.auth.kerberos.KerberosPrincipal;
 
+import org.apache.directory.server.kerberos.KerberosConfig;
 import org.apache.directory.server.kerberos.kdc.KdcServer;
 import org.apache.directory.server.kerberos.protocol.AbstractAuthenticationServiceTest.KrbDummySession;
 import org.apache.directory.server.kerberos.shared.crypto.encryption.CipherTextHandler;
@@ -48,6 +47,7 @@ import org.apache.directory.shared.kerbe
 import org.apache.directory.shared.kerberos.messages.Ticket;
 import org.junit.After;
 import org.junit.Before;
+import org.junit.Ignore;
 import org.junit.Test;
 
 
@@ -58,7 +58,8 @@ import org.junit.Test;
  */
 public class TicketGrantingEncryptionTypeTest extends AbstractTicketGrantingServiceTest
 {
-    private KdcServer config;
+    private KerberosConfig config;
+    private KdcServer kdcServer;
     private PrincipalStore store;
     private KerberosProtocolHandler handler;
     private KrbDummySession session;
@@ -70,7 +71,8 @@ public class TicketGrantingEncryptionTyp
     @Before
     public void setUp()
     {
-        config = new KdcServer();
+        kdcServer = new KdcServer();
+        config = kdcServer.getConfig();
 
         /*
          * Body checksum verification must be disabled because we are bypassing
@@ -79,7 +81,7 @@ public class TicketGrantingEncryptionTyp
         config.setBodyChecksumVerified( false );
 
         store = new MapPrincipalStoreImpl();
-        handler = new KerberosProtocolHandler( config, store );
+        handler = new KerberosProtocolHandler( kdcServer, store );
         session = new KrbDummySession();
         lockBox = new CipherTextHandler();
     }
@@ -91,7 +93,7 @@ public class TicketGrantingEncryptionTyp
     @After
     public void shutDown()
     {
-        config.stop();
+        kdcServer.stop();
     }
 
 
@@ -101,6 +103,7 @@ public class TicketGrantingEncryptionTyp
      * @throws Exception
      */
     @Test
+    @Ignore( "uses DES but the encryption key is generated in AbstractAuthenticationServiceTest always uses AES" )
     public void testRequestDesCbcMd5() throws Exception
     {
         // Get the mutable ticket part.
@@ -117,7 +120,7 @@ public class TicketGrantingEncryptionTyp
         kdcReqBody.setSName( new PrincipalName( new KerberosPrincipal( "ldap/ldap.example.com@EXAMPLE.COM" ) ) );
         kdcReqBody.setRealm( "EXAMPLE.COM" );
 
-        List<EncryptionType> encryptionTypes = new ArrayList<EncryptionType>();
+        Set<EncryptionType> encryptionTypes = new HashSet<EncryptionType>();
         encryptionTypes.add( EncryptionType.DES_CBC_MD5 );
 
         kdcReqBody.setEType( encryptionTypes );
@@ -153,7 +156,7 @@ public class TicketGrantingEncryptionTyp
     public void testRequestAes128() throws Exception
     {
         EncryptionType[] configuredEncryptionTypes =
-            { EncryptionType.AES128_CTS_HMAC_SHA1_96 };
+                {EncryptionType.AES128_CTS_HMAC_SHA1_96};
         config.setEncryptionTypes( configuredEncryptionTypes );
 
         // Get the mutable ticket part.
@@ -170,7 +173,7 @@ public class TicketGrantingEncryptionTyp
         kdcReqBody.setSName( getPrincipalName( "ldap/ldap.example.com@EXAMPLE.COM" ) );
         kdcReqBody.setRealm( "EXAMPLE.COM" );
 
-        List<EncryptionType> encryptionTypes = new ArrayList<EncryptionType>();
+        Set<EncryptionType> encryptionTypes = new HashSet<EncryptionType>();
         encryptionTypes.add( EncryptionType.AES128_CTS_HMAC_SHA1_96 );
 
         kdcReqBody.setEType( encryptionTypes );
@@ -192,9 +195,9 @@ public class TicketGrantingEncryptionTyp
         assertEquals( "session.getMessage() instanceOf", TgsRep.class, msg.getClass() );
         TgsRep reply = ( TgsRep ) msg;
 
-        assertEquals( "Encryption type", EncryptionType.DES_CBC_MD5, reply.getEncPart().getEType() );
+        assertEquals( "Encryption type", EncryptionType.AES128_CTS_HMAC_SHA1_96, reply.getEncPart().getEType() );
         assertEquals( "Encryption type", EncryptionType.AES128_CTS_HMAC_SHA1_96, reply.getTicket().getEncPart()
-            .getEType() );
+                .getEType() );
     }
 
 
@@ -236,7 +239,7 @@ public class TicketGrantingEncryptionTyp
         kdcReqBody.setSName( getPrincipalName( "ldap/ldap.example.com@EXAMPLE.COM" ) );
         kdcReqBody.setRealm( "EXAMPLE.COM" );
 
-        List<EncryptionType> encryptionTypes = new ArrayList<EncryptionType>();
+        Set<EncryptionType> encryptionTypes = new HashSet<EncryptionType>();
         encryptionTypes.add( EncryptionType.AES128_CTS_HMAC_SHA1_96 );
 
         kdcReqBody.setEType( encryptionTypes );
@@ -301,7 +304,7 @@ public class TicketGrantingEncryptionTyp
         kdcReqBody.setSName( getPrincipalName( "ldap/ldap.example.com@EXAMPLE.COM" ) );
         kdcReqBody.setRealm( "EXAMPLE.COM" );
 
-        List<EncryptionType> encryptionTypes = new ArrayList<EncryptionType>();
+        Set<EncryptionType> encryptionTypes = new HashSet<EncryptionType>();
         encryptionTypes.add( EncryptionType.AES128_CTS_HMAC_SHA1_96 );
 
         kdcReqBody.setEType( encryptionTypes );
@@ -369,7 +372,7 @@ public class TicketGrantingEncryptionTyp
         kdcReqBody.setSName( getPrincipalName( "ldap/ldap.example.com@EXAMPLE.COM" ) );
         kdcReqBody.setRealm( "EXAMPLE.COM" );
 
-        List<EncryptionType> encryptionTypes = new ArrayList<EncryptionType>();
+        Set<EncryptionType> encryptionTypes = new HashSet<EncryptionType>();
         encryptionTypes.add( EncryptionType.AES128_CTS_HMAC_SHA1_96 );
 
         kdcReqBody.setEType( encryptionTypes );
@@ -435,7 +438,7 @@ public class TicketGrantingEncryptionTyp
         kdcReqBody.setSName( getPrincipalName( "ldap/ldap.example.com@EXAMPLE.COM" ) );
         kdcReqBody.setRealm( "EXAMPLE.COM" );
 
-        List<EncryptionType> encryptionTypes = new ArrayList<EncryptionType>();
+        Set<EncryptionType> encryptionTypes = new HashSet<EncryptionType>();
         encryptionTypes.add( EncryptionType.AES128_CTS_HMAC_SHA1_96 );
 
         kdcReqBody.setEType( encryptionTypes );

Modified: directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/TicketGrantingPolicyTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/TicketGrantingPolicyTest.java?rev=1443107&r1=1443106&r2=1443107&view=diff
==============================================================================
--- directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/TicketGrantingPolicyTest.java (original)
+++ directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/TicketGrantingPolicyTest.java Wed Feb  6 18:19:36 2013
@@ -27,6 +27,7 @@ import java.net.InetAddress;
 
 import javax.security.auth.kerberos.KerberosPrincipal;
 
+import org.apache.directory.server.kerberos.KerberosConfig;
 import org.apache.directory.server.kerberos.kdc.KdcServer;
 import org.apache.directory.server.kerberos.protocol.AbstractAuthenticationServiceTest.KrbDummySession;
 import org.apache.directory.server.kerberos.shared.crypto.encryption.CipherTextHandler;
@@ -55,7 +56,8 @@ import org.junit.Test;
  */
 public class TicketGrantingPolicyTest extends AbstractTicketGrantingServiceTest
 {
-    private KdcServer config;
+    private KerberosConfig config;
+    private KdcServer kdcServer;
     private PrincipalStore store;
     private KerberosProtocolHandler handler;
     private KrbDummySession session;
@@ -67,7 +69,8 @@ public class TicketGrantingPolicyTest ex
     @Before
     public void setUp() throws IOException
     {
-        config = new KdcServer();
+        kdcServer = new KdcServer();
+        config = kdcServer.getConfig();
 
         /*
          * Body checksum verification must be disabled because we are bypassing
@@ -76,7 +79,7 @@ public class TicketGrantingPolicyTest ex
         config.setBodyChecksumVerified( false );
 
         store = new MapPrincipalStoreImpl();
-        handler = new KerberosProtocolHandler( config, store );
+        handler = new KerberosProtocolHandler( kdcServer, store );
         session = new KrbDummySession();
         lockBox = new CipherTextHandler();
     }
@@ -88,7 +91,7 @@ public class TicketGrantingPolicyTest ex
     @After
     public void shutDown()
     {
-        config.stop();
+        kdcServer.stop();
     }
 
 

Modified: directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/TicketGrantingServiceTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/TicketGrantingServiceTest.java?rev=1443107&r1=1443106&r2=1443107&view=diff
==============================================================================
--- directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/TicketGrantingServiceTest.java (original)
+++ directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/TicketGrantingServiceTest.java Wed Feb  6 18:19:36 2013
@@ -26,10 +26,12 @@ import static org.junit.Assert.assertNot
 import static org.junit.Assert.assertTrue;
 
 import java.net.InetAddress;
-import java.util.ArrayList;
-import java.util.List;
+import java.util.HashSet;
+import java.util.Set;
+
 import javax.security.auth.kerberos.KerberosPrincipal;
 
+import org.apache.directory.server.kerberos.KerberosConfig;
 import org.apache.directory.server.kerberos.kdc.KdcServer;
 import org.apache.directory.server.kerberos.protocol.AbstractAuthenticationServiceTest.KrbDummySession;
 import org.apache.directory.server.kerberos.shared.crypto.encryption.CipherTextHandler;
@@ -60,7 +62,8 @@ import org.junit.Test;
 
 public class TicketGrantingServiceTest extends AbstractTicketGrantingServiceTest
 {
-    private KdcServer config;
+    private KerberosConfig config;
+    private KdcServer kdcServer;
     private PrincipalStore store;
     private KerberosProtocolHandler handler;
     private KrbDummySession session;
@@ -72,7 +75,8 @@ public class TicketGrantingServiceTest e
     @Before
     public void setUp()
     {
-        config = new KdcServer();
+        kdcServer = new KdcServer();
+        config = kdcServer.getConfig();
 
         /*
          * Body checksum verification must be disabled because we are bypassing
@@ -81,7 +85,7 @@ public class TicketGrantingServiceTest e
         config.setBodyChecksumVerified( false );
 
         store = new MapPrincipalStoreImpl();
-        handler = new KerberosProtocolHandler( config, store );
+        handler = new KerberosProtocolHandler( kdcServer, store );
         session = new KrbDummySession();
         lockBox = new CipherTextHandler();
     }
@@ -93,7 +97,7 @@ public class TicketGrantingServiceTest e
     @After
     public void shutDown()
     {
-        config.stop();
+        kdcServer.stop();
     }
 
 
@@ -163,8 +167,7 @@ public class TicketGrantingServiceTest e
         Object msg = session.getMessage();
         assertEquals( "session.getMessage() instanceOf", KrbError.class, msg.getClass() );
         KrbError error = ( KrbError ) msg;
-        assertEquals( "Requested protocol version number not supported", ErrorType.KDC_ERR_BAD_PVNO,
-            error.getErrorCode() );
+        assertEquals( "Requested protocol version number not supported", ErrorType.KDC_ERR_BAD_PVNO, error.getErrorCode() );
     }
 
 
@@ -203,8 +206,7 @@ public class TicketGrantingServiceTest e
         Object msg = session.getMessage();
         assertEquals( "session.getMessage() instanceOf", KrbError.class, msg.getClass() );
         KrbError error = ( KrbError ) msg;
-        assertEquals( "Server not found in Kerberos database", ErrorType.KDC_ERR_S_PRINCIPAL_UNKNOWN,
-            error.getErrorCode() );
+        assertEquals( "Server not found in Kerberos database", ErrorType.KDC_ERR_S_PRINCIPAL_UNKNOWN, error.getErrorCode() );
     }
 
 
@@ -297,8 +299,7 @@ public class TicketGrantingServiceTest e
         Object msg = session.getMessage();
         assertEquals( "session.getMessage() instanceOf", KrbError.class, msg.getClass() );
         KrbError error = ( KrbError ) msg;
-        assertEquals( "Inappropriate type of checksum in message", ErrorType.KRB_AP_ERR_INAPP_CKSUM,
-            error.getErrorCode() );
+        assertEquals( "Inappropriate type of checksum in message", ErrorType.KRB_AP_ERR_INAPP_CKSUM, error.getErrorCode() );
     }
 
 
@@ -389,6 +390,7 @@ public class TicketGrantingServiceTest e
      * 
      * @throws Exception
      */
+    @Ignore( "with the introduction of cross-realm auth this test is invalid" )
     @Test
     public void testNotUs() throws Exception
     {
@@ -858,7 +860,7 @@ public class TicketGrantingServiceTest e
         kdcReqBody.setSName( getPrincipalName( "krbtgt/EXAMPLE.COM@EXAMPLE.COM" ) );
         kdcReqBody.setRealm( "EXAMPLE.COM" );
 
-        List<EncryptionType> encryptionTypes = new ArrayList<EncryptionType>();
+        Set<EncryptionType> encryptionTypes = new HashSet<EncryptionType>();
         encryptionTypes.add( EncryptionType.DES3_CBC_MD5 );
 
         kdcReqBody.setEType( encryptionTypes );
@@ -1144,8 +1146,7 @@ public class TicketGrantingServiceTest e
         Object msg = session.getMessage();
         assertEquals( "session.getMessage() instanceOf", KrbError.class, msg.getClass() );
         KrbError error = ( KrbError ) session.getMessage();
-        assertEquals( "Requested start time is later than end time", ErrorType.KDC_ERR_NEVER_VALID,
-            error.getErrorCode() );
+        assertEquals( "Requested start time is later than end time", ErrorType.KDC_ERR_NEVER_VALID, error.getErrorCode() );
     }
 
 
@@ -1200,8 +1201,7 @@ public class TicketGrantingServiceTest e
         Object msg = session.getMessage();
         assertEquals( "session.getMessage() instanceOf", KrbError.class, msg.getClass() );
         KrbError error = ( KrbError ) session.getMessage();
-        assertEquals( "Requested start time is later than end time", ErrorType.KDC_ERR_NEVER_VALID,
-            error.getErrorCode() );
+        assertEquals( "Requested start time is later than end time", ErrorType.KDC_ERR_NEVER_VALID, error.getErrorCode() );
     }
 
 
@@ -1327,8 +1327,7 @@ public class TicketGrantingServiceTest e
         assertTrue( "POSTDATED flag", reply.getFlags().isPostdated() );
         assertTrue( "INVALID flag", reply.getFlags().isInvalid() );
 
-        assertTrue( "Requested start time",
-            requestedStartTime.equals( reply.getTicket().getEncTicketPart().getStartTime() ) );
+        assertTrue( "Requested start time", requestedStartTime.equals( reply.getTicket().getEncTicketPart().getStartTime() ) );
         assertTrue( "Requested end time", requestedEndTime.equals( reply.getEndTime() ) );
         assertTrue( "POSTDATED flag", reply.getTicket().getEncTicketPart().getFlags().isPostdated() );
         assertTrue( "INVALID flag", reply.getTicket().getEncTicketPart().getFlags().isInvalid() );

Modified: directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/gssapi/GssapiCallbackHandler.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/gssapi/GssapiCallbackHandler.java?rev=1443107&r1=1443106&r2=1443107&view=diff
==============================================================================
--- directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/gssapi/GssapiCallbackHandler.java (original)
+++ directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/gssapi/GssapiCallbackHandler.java Wed Feb  6 18:19:36 2013
@@ -32,7 +32,7 @@ import org.apache.directory.api.util.Str
 import org.apache.directory.server.core.api.CoreSession;
 import org.apache.directory.server.core.api.LdapPrincipal;
 import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntry;
-import org.apache.directory.server.kerberos.shared.store.operations.GetPrincipal;
+import org.apache.directory.server.protocol.shared.kerberos.GetPrincipal;
 import org.apache.directory.server.ldap.LdapSession;
 import org.apache.directory.server.ldap.handlers.bind.AbstractSaslCallbackHandler;
 import org.apache.directory.server.ldap.handlers.bind.SaslConstants;

Modified: directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/gssapi/GssapiMechanismHandler.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/gssapi/GssapiMechanismHandler.java?rev=1443107&r1=1443106&r2=1443107&view=diff
==============================================================================
--- directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/gssapi/GssapiMechanismHandler.java (original)
+++ directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/gssapi/GssapiMechanismHandler.java Wed Feb  6 18:19:36 2013
@@ -37,7 +37,7 @@ import org.apache.directory.api.ldap.mod
 import org.apache.directory.server.core.api.CoreSession;
 import org.apache.directory.server.i18n.I18n;
 import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntry;
-import org.apache.directory.server.kerberos.shared.store.operations.GetPrincipal;
+import org.apache.directory.server.protocol.shared.kerberos.GetPrincipal;
 import org.apache.directory.server.ldap.LdapServer;
 import org.apache.directory.server.ldap.LdapSession;
 import org.apache.directory.server.ldap.handlers.bind.AbstractMechanismHandler;

Modified: directory/apacheds/trunk/protocol-shared/pom.xml
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-shared/pom.xml?rev=1443107&r1=1443106&r2=1443107&view=diff
==============================================================================
--- directory/apacheds/trunk/protocol-shared/pom.xml (original)
+++ directory/apacheds/trunk/protocol-shared/pom.xml Wed Feb  6 18:19:36 2013
@@ -53,6 +53,11 @@
       <groupId>org.apache.directory.api</groupId>
       <artifactId>api-ldap-model</artifactId>
     </dependency>
+    
+    <dependency>
+      <groupId>${project.groupId}</groupId>
+      <artifactId>apacheds-kerberos-codec</artifactId>
+    </dependency>    
   </dependencies>
 
   <build>

Added: directory/apacheds/trunk/protocol-shared/src/main/java/org/apache/directory/server/protocol/shared/kerberos/GetPrincipal.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-shared/src/main/java/org/apache/directory/server/protocol/shared/kerberos/GetPrincipal.java?rev=1443107&view=auto
==============================================================================
--- directory/apacheds/trunk/protocol-shared/src/main/java/org/apache/directory/server/protocol/shared/kerberos/GetPrincipal.java (added)
+++ directory/apacheds/trunk/protocol-shared/src/main/java/org/apache/directory/server/protocol/shared/kerberos/GetPrincipal.java Wed Feb  6 18:19:36 2013
@@ -0,0 +1,151 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.directory.server.protocol.shared.kerberos;
+
+
+import java.text.ParseException;
+import java.util.Map;
+
+import javax.security.auth.kerberos.KerberosPrincipal;
+
+import org.apache.directory.server.core.api.CoreSession;
+import org.apache.directory.server.i18n.I18n;
+import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntry;
+import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntryModifier;
+import org.apache.directory.shared.kerberos.KerberosAttribute;
+import org.apache.directory.shared.kerberos.KerberosTime;
+import org.apache.directory.shared.kerberos.codec.types.EncryptionType;
+import org.apache.directory.shared.kerberos.codec.types.PrincipalNameType;
+import org.apache.directory.shared.kerberos.codec.types.SamType;
+import org.apache.directory.shared.kerberos.components.EncryptionKey;
+import org.apache.directory.shared.kerberos.exceptions.KerberosException;
+import org.apache.directory.api.ldap.model.entry.Attribute;
+import org.apache.directory.api.ldap.model.entry.Entry;
+import org.apache.directory.api.ldap.model.name.Dn;
+
+
+/**
+ * Encapsulates the action of looking up a principal in an embedded ApacheDS DIT.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public class GetPrincipal
+{
+    /** The name of the principal to get. */
+    private final KerberosPrincipal principal;
+
+
+    /**
+     * Creates the action to be used against the embedded ApacheDS DIT.
+     * 
+     * @param principal The principal to search for in the directory.
+     */
+    public GetPrincipal( KerberosPrincipal principal )
+    {
+        this.principal = principal;
+    }
+
+
+    /**
+     * Note that the base is a relative path from the existing context.
+     * It is not a Dn.
+     */
+    public Object execute( CoreSession session, Dn base ) throws Exception
+    {
+        if ( principal == null )
+        {
+            return null;
+        }
+
+        return getEntry( StoreUtils.findPrincipalEntry( session, base, principal.getName() ) );
+    }
+
+
+    /**
+     * Marshals an a PrincipalStoreEntry from an Attributes object.
+     *
+     * @param dn the distinguished name of the Kerberos principal
+     * @param attrs the attributes of the Kerberos principal
+     * @return the entry for the principal
+     * @throws Exception if there are any access problems
+     */
+    private PrincipalStoreEntry getEntry( Entry entry ) throws Exception
+    {
+        PrincipalStoreEntryModifier modifier = new PrincipalStoreEntryModifier();
+
+        modifier.setDistinguishedName( entry.getDn().getName() );
+
+        String principal = entry.get( KerberosAttribute.KRB5_PRINCIPAL_NAME_AT ).getString();
+        modifier.setPrincipal( new KerberosPrincipal( principal, PrincipalNameType.KRB_NT_PRINCIPAL.getValue() ) );
+
+        String keyVersionNumber = entry.get( KerberosAttribute.KRB5_KEY_VERSION_NUMBER_AT ).getString();
+        modifier.setKeyVersionNumber( Integer.parseInt( keyVersionNumber ) );
+
+        if ( entry.get( KerberosAttribute.KRB5_ACCOUNT_DISABLED_AT ) != null )
+        {
+            String val = entry.get( KerberosAttribute.KRB5_ACCOUNT_DISABLED_AT ).getString();
+            modifier.setDisabled( "true".equalsIgnoreCase( val ) );
+        }
+
+        if ( entry.get( KerberosAttribute.KRB5_ACCOUNT_LOCKEDOUT_AT ) != null )
+        {
+            String val = entry.get( KerberosAttribute.KRB5_ACCOUNT_LOCKEDOUT_AT ).getString();
+            modifier.setLockedOut( "true".equalsIgnoreCase( val ) );
+        }
+
+        if ( entry.get( KerberosAttribute.KRB5_ACCOUNT_EXPIRATION_TIME_AT ) != null )
+        {
+            String val = entry.get( KerberosAttribute.KRB5_ACCOUNT_EXPIRATION_TIME_AT ).getString();
+            try
+            {
+                modifier.setExpiration( KerberosTime.getTime( val ) );
+            }
+            catch ( ParseException e )
+            {
+                throw new Exception( "Account expiration attribute "
+                    + KerberosAttribute.KRB5_ACCOUNT_EXPIRATION_TIME_AT + " contained an invalid value for generalizedTime: "
+                    + val );
+            }
+        }
+
+        if ( entry.get( KerberosAttribute.APACHE_SAM_TYPE_AT ) != null )
+        {
+            String samType = entry.get( KerberosAttribute.APACHE_SAM_TYPE_AT ).getString();
+            modifier.setSamType( SamType.getTypeByOrdinal( Integer.parseInt( samType ) ) );
+        }
+
+        if ( entry.get( KerberosAttribute.KRB5_KEY_AT ) != null )
+        {
+            Attribute krb5key = entry.get( KerberosAttribute.KRB5_KEY_AT );
+            
+            try
+            {
+                Map<EncryptionType, EncryptionKey> keyMap = modifier.reconstituteKeyMap( krb5key );
+                modifier.setKeyMap( keyMap );
+            }
+            catch ( KerberosException ioe )
+            {
+                throw new Exception( I18n.err( I18n.ERR_623, KerberosAttribute.KRB5_KEY_AT ) );
+            }
+        }
+
+        return modifier.getEntry();
+    }
+}

Added: directory/apacheds/trunk/protocol-shared/src/main/java/org/apache/directory/server/protocol/shared/kerberos/StoreUtils.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-shared/src/main/java/org/apache/directory/server/protocol/shared/kerberos/StoreUtils.java?rev=1443107&view=auto
==============================================================================
--- directory/apacheds/trunk/protocol-shared/src/main/java/org/apache/directory/server/protocol/shared/kerberos/StoreUtils.java (added)
+++ directory/apacheds/trunk/protocol-shared/src/main/java/org/apache/directory/server/protocol/shared/kerberos/StoreUtils.java Wed Feb  6 18:19:36 2013
@@ -0,0 +1,162 @@
+/*
+ *   Licensed to the Apache Software Foundation (ASF) under one
+ *   or more contributor license agreements.  See the NOTICE file
+ *   distributed with this work for additional information
+ *   regarding copyright ownership.  The ASF licenses this file
+ *   to you under the Apache License, Version 2.0 (the
+ *   "License"); you may not use this file except in compliance
+ *   with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing,
+ *   software distributed under the License is distributed on an
+ *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *   KIND, either express or implied.  See the License for the
+ *   specific language governing permissions and limitations
+ *   under the License.
+ *
+ */
+package org.apache.directory.server.protocol.shared.kerberos;
+
+import java.nio.ByteBuffer;
+
+import org.apache.directory.api.ldap.model.entry.StringValue;
+import org.apache.directory.api.ldap.model.constants.SchemaConstants;
+import org.apache.directory.api.ldap.model.entry.Entry;
+import org.apache.directory.api.ldap.model.entry.Value;
+import org.apache.directory.api.ldap.model.filter.EqualityNode;
+import org.apache.directory.api.ldap.model.filter.ExprNode;
+import org.apache.directory.api.ldap.model.message.AliasDerefMode;
+import org.apache.directory.api.ldap.model.message.SearchScope;
+import org.apache.directory.api.ldap.model.name.Dn;
+import org.apache.directory.api.ldap.model.schema.AttributeType;
+import org.apache.directory.api.ldap.model.schema.SchemaManager;
+import org.apache.directory.server.core.api.CoreSession;
+import org.apache.directory.server.core.api.filtering.EntryFilteringCursor;
+import org.apache.directory.server.i18n.I18n;
+import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntry;
+import org.apache.directory.shared.kerberos.KerberosAttribute;
+import org.apache.directory.shared.kerberos.codec.types.EncryptionType;
+import org.apache.directory.shared.kerberos.components.EncryptionKey;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+
+/**
+ * Commonly used store utility operations.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public class StoreUtils
+{
+    private static final Logger LOG = LoggerFactory.getLogger( StoreUtils.class );
+    
+    
+    /**
+     * Creates a Entry for a PrincipalStoreEntry, doing what a state 
+     * factory does but for Entry instead of Attributes.
+     *
+     * @param session the session to use to access the directory's registries
+     * @param dn the distinguished name of the principal to be 
+     * @param principalEntry the principal entry to convert into a Entry
+     * @return the resultant server entry for the PrincipalStoreEntry argument
+     * @throws Exception if there are problems accessing registries
+     */
+    public static Entry toServerEntry( CoreSession session, Dn dn, PrincipalStoreEntry principalEntry )
+        throws Exception
+    {
+        Entry outAttrs = session.getDirectoryService().newEntry( dn );
+        
+        // process the objectClass attribute
+        outAttrs.add( SchemaConstants.OBJECT_CLASS_AT, 
+            SchemaConstants.TOP_OC, SchemaConstants.UID_OBJECT_AT, 
+            "uidObject", SchemaConstants.EXTENSIBLE_OBJECT_OC, 
+            SchemaConstants.PERSON_OC, SchemaConstants.ORGANIZATIONAL_PERSON_OC,
+            SchemaConstants.INET_ORG_PERSON_OC, SchemaConstants.KRB5_PRINCIPAL_OC,
+            "krb5KDCEntry" );
+
+        outAttrs.add( SchemaConstants.UID_AT, principalEntry.getUserId() );
+        outAttrs.add( KerberosAttribute.APACHE_SAM_TYPE_AT, "7" );
+        outAttrs.add( SchemaConstants.SN_AT, principalEntry.getUserId() );
+        outAttrs.add( SchemaConstants.CN_AT, principalEntry.getCommonName() );
+        
+        EncryptionKey encryptionKey = principalEntry.getKeyMap().get( EncryptionType.DES_CBC_MD5 );
+        
+        ByteBuffer buffer = ByteBuffer.allocate( encryptionKey.computeLength() );
+        outAttrs.add( KerberosAttribute.KRB5_KEY_AT, encryptionKey.encode( buffer ).array() );
+
+        int keyVersion = encryptionKey.getKeyVersion();
+
+        outAttrs.add( KerberosAttribute.KRB5_PRINCIPAL_NAME_AT, principalEntry.getPrincipal().toString() );
+        outAttrs.add( KerberosAttribute.KRB5_KEY_VERSION_NUMBER_AT, Integer.toString( keyVersion ) );
+
+        return outAttrs;
+    }
+    
+    
+    /**
+     * Constructs a filter expression tree for the filter used to search the 
+     * directory.
+     * 
+     * @param schemaManager The server schemaManager to use for attribute lookups
+     * @param principal the principal to use for building the filter
+     * @return the filter expression tree
+     * @throws Exception if there are problems while looking up attributes
+     */
+    private static ExprNode getFilter( SchemaManager schemaManager, String principal ) throws Exception
+    {
+        AttributeType type = schemaManager.lookupAttributeTypeRegistry( KerberosAttribute.KRB5_PRINCIPAL_NAME_AT );
+        Value<String> value = new StringValue( type, principal );
+        return new EqualityNode<String>( KerberosAttribute.KRB5_PRINCIPAL_NAME_AT, value );
+    }
+    
+
+    /**
+     * Finds the Entry associated with the Kerberos principal name.
+     *
+     * @param session the session to use for the search
+     * @param searchBaseDn the base to use while searching
+     * @param principal the name of the principal to search for
+     * @return the server entry for the principal or null if non-existent
+     * @throws Exception if there are problems while searching the directory
+     */
+    public static Entry findPrincipalEntry( CoreSession session, Dn searchBaseDn, String principal )
+        throws Exception
+    {
+        EntryFilteringCursor cursor = null;
+        
+        try
+        {
+            SchemaManager schemaManager = session.getDirectoryService().getSchemaManager();
+            cursor = session.search( searchBaseDn, SearchScope.SUBTREE, 
+                getFilter( schemaManager, principal ), AliasDerefMode.DEREF_ALWAYS, null );
+    
+            cursor.beforeFirst();
+            if ( cursor.next() )
+            {
+                Entry entry = cursor.get();
+                LOG.debug( "Found entry {} for kerberos principal name {}", entry, principal );
+                
+                while ( cursor.next() )
+                {
+                    LOG.error( I18n.err( I18n.ERR_149, principal, cursor.next() ) );
+                }
+                
+                return entry;
+            }
+            else
+            {
+                LOG.warn( "No server entry found for kerberos principal name {}", principal );
+                return null;
+            }
+        }
+        finally
+        {
+            if ( cursor != null )
+            {
+                cursor.close();
+            }
+        }
+    }
+}

Added: directory/apacheds/trunk/server-annotations/src/main/java/org/apache/directory/server/annotations/CreateChngPwdServer.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/server-annotations/src/main/java/org/apache/directory/server/annotations/CreateChngPwdServer.java?rev=1443107&view=auto
==============================================================================
--- directory/apacheds/trunk/server-annotations/src/main/java/org/apache/directory/server/annotations/CreateChngPwdServer.java (added)
+++ directory/apacheds/trunk/server-annotations/src/main/java/org/apache/directory/server/annotations/CreateChngPwdServer.java Wed Feb  6 18:19:36 2013
@@ -0,0 +1,11 @@
+
+package org.apache.directory.server.annotations;
+
+public @interface CreateChngPwdServer
+{
+    /** The default kdc service principal */
+    String srvPrincipal() default "kadmin/changepw@EXAMPLE.COM";
+
+    /** The transports to use, default none */
+    CreateTransport[] transports() default {};
+}

Modified: directory/apacheds/trunk/server-annotations/src/main/java/org/apache/directory/server/annotations/CreateKdcServer.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/server-annotations/src/main/java/org/apache/directory/server/annotations/CreateKdcServer.java?rev=1443107&r1=1443106&r2=1443107&view=diff
==============================================================================
--- directory/apacheds/trunk/server-annotations/src/main/java/org/apache/directory/server/annotations/CreateKdcServer.java (original)
+++ directory/apacheds/trunk/server-annotations/src/main/java/org/apache/directory/server/annotations/CreateKdcServer.java Wed Feb  6 18:19:36 2013
@@ -69,4 +69,13 @@ public @interface CreateKdcServer
 
     /** The maximum renewable lifetime. */
     long maxRenewableLifetime() default 60000 * 10080;
+    
+    /** the change password server.
+     * NOTE: this annotation is declared as an array cause there is no
+     * way to define the default value as null for a value in annotation
+     * 
+     * Only the one declaration of changepassword server is enough and 
+     * the first element alone is taken into consideration, rest of the
+     * array elements will be ignored*/
+    CreateChngPwdServer[] chngPwdServer() default {};
 }
\ No newline at end of file

Modified: directory/apacheds/trunk/server-annotations/src/main/java/org/apache/directory/server/annotations/CreateLdapServer.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/server-annotations/src/main/java/org/apache/directory/server/annotations/CreateLdapServer.java?rev=1443107&r1=1443106&r2=1443107&view=diff
==============================================================================
--- directory/apacheds/trunk/server-annotations/src/main/java/org/apache/directory/server/annotations/CreateLdapServer.java (original)
+++ directory/apacheds/trunk/server-annotations/src/main/java/org/apache/directory/server/annotations/CreateLdapServer.java Wed Feb  6 18:19:36 2013
@@ -98,8 +98,10 @@ public @interface CreateLdapServer
 
     /** The name of this host, validated during SASL negotiation. */
     String saslHost() default "ldap.example.com";
-
-
+    
+    /** The name of this host, validated during SASL negotiation. */
+    String[] saslRealms() default {"example.com"};
+    
     /** The service principal, used by GSSAPI. */
     String saslPrincipal() default "ldap/ldap.example.com@EXAMPLE.COM";
 }
\ No newline at end of file

Modified: directory/apacheds/trunk/server-annotations/src/main/java/org/apache/directory/server/factory/ServerAnnotationProcessor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/server-annotations/src/main/java/org/apache/directory/server/factory/ServerAnnotationProcessor.java?rev=1443107&r1=1443106&r2=1443107&view=diff
==============================================================================
--- directory/apacheds/trunk/server-annotations/src/main/java/org/apache/directory/server/factory/ServerAnnotationProcessor.java (original)
+++ directory/apacheds/trunk/server-annotations/src/main/java/org/apache/directory/server/factory/ServerAnnotationProcessor.java Wed Feb  6 18:19:36 2013
@@ -23,7 +23,10 @@ import java.io.IOException;
 import java.lang.annotation.Annotation;
 import java.lang.reflect.Method;
 import java.net.ServerSocket;
+import java.util.ArrayList;
+import java.util.List;
 
+import org.apache.directory.server.annotations.CreateChngPwdServer;
 import org.apache.directory.api.ldap.model.constants.SupportedSaslMechanisms;
 import org.apache.directory.api.util.Strings;
 import org.apache.directory.server.annotations.CreateConsumer;
@@ -34,6 +37,9 @@ import org.apache.directory.server.annot
 import org.apache.directory.server.core.annotations.AnnotationUtils;
 import org.apache.directory.server.core.api.DirectoryService;
 import org.apache.directory.server.i18n.I18n;
+import org.apache.directory.server.kerberos.ChangePasswordConfig;
+import org.apache.directory.server.kerberos.KerberosConfig;
+import org.apache.directory.server.kerberos.changepwd.ChangePasswordServer;
 import org.apache.directory.server.kerberos.kdc.KdcServer;
 import org.apache.directory.server.ldap.ExtendedOperationHandler;
 import org.apache.directory.server.ldap.LdapServer;
@@ -106,11 +112,11 @@ public class ServerAnnotationProcessor
         else
         {
             // Create default LDAP and LDAPS transports
-            int port = AvailablePortFinder.getNextAvailable();
+            int port = AvailablePortFinder.getNextAvailable( 1024 );
             Transport ldap = new TcpTransport( port );
             ldapServer.addTransports( ldap );
-
-            port = AvailablePortFinder.getNextAvailable();
+            
+            port = AvailablePortFinder.getNextAvailable( port );
             Transport ldaps = new TcpTransport( port );
             ldaps.setEnableSSL( true );
             ldapServer.addTransports( ldaps );
@@ -193,7 +199,15 @@ public class ServerAnnotationProcessor
                     }
                 }
             }
-
+            
+            List<String> realms = new ArrayList<String>();
+            for( String s : createLdapServer.saslRealms() )
+            {
+                realms.add( s );
+            }
+            
+            ldapServer.setSaslRealms( realms );
+            
             return ldapServer;
         }
         else
@@ -361,63 +375,64 @@ public class ServerAnnotationProcessor
         return createKdcServer( createKdcServer, directoryService, startPort );
     }
 
-
-    private static KdcServer createKdcServer( CreateKdcServer createKdcServer, DirectoryService directoryService,
-        int startPort )
+    
+    private static KdcServer createKdcServer( CreateKdcServer createKdcServer, DirectoryService directoryService, int startPort )
     {
-        if ( createKdcServer == null )
+        if( createKdcServer == null )
         {
             return null;
         }
 
-        KdcServer kdcServer = new KdcServer();
-        kdcServer.setServiceName( createKdcServer.name() );
-        kdcServer.setKdcPrincipal( createKdcServer.kdcPrincipal() );
-        kdcServer.setPrimaryRealm( createKdcServer.primaryRealm() );
-        kdcServer.setMaximumTicketLifetime( createKdcServer.maxTicketLifetime() );
-        kdcServer.setMaximumRenewableLifetime( createKdcServer.maxRenewableLifetime() );
-
+        KerberosConfig kdcConfig = new KerberosConfig();
+        kdcConfig.setServicePrincipal( createKdcServer.kdcPrincipal() );
+        kdcConfig.setPrimaryRealm( createKdcServer.primaryRealm() );
+        kdcConfig.setMaximumTicketLifetime( createKdcServer.maxTicketLifetime() );
+        kdcConfig.setMaximumRenewableLifetime( createKdcServer.maxRenewableLifetime() );
+        
+        KdcServer kdcServer = new KdcServer( kdcConfig );
+        
         CreateTransport[] transportBuilders = createKdcServer.transports();
-
-        if ( transportBuilders == null )
+        
+        if( transportBuilders == null )
         {
             // create only UDP transport if none specified
-            UdpTransport defaultTransport = new UdpTransport( AvailablePortFinder.getNextAvailable() );
+            UdpTransport defaultTransport = new UdpTransport( AvailablePortFinder.getNextAvailable( startPort ) );
             kdcServer.addTransports( defaultTransport );
         }
-        else if ( transportBuilders.length > 0 )
+        else if( transportBuilders.length > 0 )
         {
-            for ( CreateTransport transportBuilder : transportBuilders )
+            for( CreateTransport transportBuilder : transportBuilders )
             {
-                String protocol = transportBuilder.protocol();
-                int port = transportBuilder.port();
-                int nbThreads = transportBuilder.nbThreads();
-                int backlog = transportBuilder.backlog();
-                String address = transportBuilder.address();
-
-                if ( port == -1 )
-                {
-                    port = AvailablePortFinder.getNextAvailable();
-                    startPort = port + 1;
-                }
-
-                if ( protocol.equalsIgnoreCase( "TCP" ) )
-                {
-                    Transport tcp = new TcpTransport( address, port, nbThreads, backlog );
-                    kdcServer.addTransports( tcp );
-                }
-                else if ( protocol.equalsIgnoreCase( "UDP" ) )
-                {
-                    UdpTransport udp = new UdpTransport( address, port );
-                    kdcServer.addTransports( udp );
-                }
-                else
-                {
-                    throw new IllegalArgumentException( I18n.err( I18n.ERR_689, protocol ) );
-                }
+                Transport t = createTransport( transportBuilder, startPort );
+                startPort = t.getPort() + 1;
+                kdcServer.addTransports( t );
             }
         }
 
+        CreateChngPwdServer[] createChngPwdServers = createKdcServer.chngPwdServer();
+        
+        
+        if( createChngPwdServers.length > 0 )
+        {
+            
+            CreateChngPwdServer createChngPwdServer = createChngPwdServers[0];
+            ChangePasswordConfig config = new ChangePasswordConfig( kdcConfig );
+            config.setServicePrincipal( createChngPwdServer.srvPrincipal() );
+            
+            ChangePasswordServer chngPwdServer = new ChangePasswordServer( config );
+            
+            for( CreateTransport transportBuilder : createChngPwdServer.transports() )
+            {
+                Transport t = createTransport( transportBuilder, startPort );
+                startPort = t.getPort() + 1;
+                chngPwdServer.addTransports( t );
+            }
+            
+            chngPwdServer.setDirectoryService( directoryService );
+            
+            kdcServer.setChangePwdServer( chngPwdServer );
+        }
+        
         kdcServer.setDirectoryService( directoryService );
 
         // Launch the server
@@ -432,10 +447,40 @@ public class ServerAnnotationProcessor
 
         return kdcServer;
     }
+    
+    
+    public static Transport createTransport( CreateTransport transportBuilder, int startPort )
+    {
+        String protocol = transportBuilder.protocol();
+        int port = transportBuilder.port();
+        int nbThreads = transportBuilder.nbThreads();
+        int backlog = transportBuilder.backlog();
+        String address = transportBuilder.address();
 
-
-    public static KdcServer getKdcServer( Description description, DirectoryService directoryService, int startPort )
-        throws Exception
+        if ( port == -1 )
+        {
+            port = AvailablePortFinder.getNextAvailable( startPort );
+            startPort = port + 1;
+        }
+        
+        if ( protocol.equalsIgnoreCase( "TCP" ) )
+        {
+            Transport tcp = new TcpTransport( address, port, nbThreads, backlog );
+            return tcp;
+        }
+        else if ( protocol.equalsIgnoreCase( "UDP" ) )
+        {
+            UdpTransport udp = new UdpTransport( address, port );
+            return udp;
+        }
+        else
+        {
+            throw new IllegalArgumentException( I18n.err( I18n.ERR_689, protocol ) );
+        }
+    }
+    
+    
+    public static KdcServer getKdcServer( Description description, DirectoryService directoryService, int startPort ) throws Exception
     {
         CreateKdcServer createLdapServer = description.getAnnotation( CreateKdcServer.class );
 

Modified: directory/apacheds/trunk/server-annotations/src/test/java/org/apache/directory/server/factory/CreateKdcServerAnnotationTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/server-annotations/src/test/java/org/apache/directory/server/factory/CreateKdcServerAnnotationTest.java?rev=1443107&r1=1443106&r2=1443107&view=diff
==============================================================================
--- directory/apacheds/trunk/server-annotations/src/test/java/org/apache/directory/server/factory/CreateKdcServerAnnotationTest.java (original)
+++ directory/apacheds/trunk/server-annotations/src/test/java/org/apache/directory/server/factory/CreateKdcServerAnnotationTest.java Wed Feb  6 18:19:36 2013
@@ -29,6 +29,7 @@ import org.apache.directory.server.annot
 import org.apache.directory.server.core.annotations.CreateDS;
 import org.apache.directory.server.core.api.DirectoryService;
 import org.apache.directory.server.core.factory.DSAnnotationProcessor;
+import org.apache.directory.server.kerberos.KerberosConfig;
 import org.apache.directory.server.kerberos.kdc.KdcServer;
 import org.apache.mina.util.AvailablePortFinder;
 import org.junit.Test;
@@ -55,20 +56,20 @@ public class CreateKdcServerAnnotationTe
     public void testCreateKdcServer() throws Exception
     {
         DirectoryService directoryService = DSAnnotationProcessor.getDirectoryService();
-
+        
         assertEquals( "CreateKdcServerAnnotationTest-class", directoryService.getInstanceId() );
-
-        KdcServer server = ServerAnnotationProcessor.getKdcServer( directoryService,
-            AvailablePortFinder.getNextAvailable() );
+        
+        KdcServer server = ServerAnnotationProcessor.getKdcServer( directoryService, AvailablePortFinder.getNextAvailable( 1024 ) );
 
         assertEquals( 2, server.getTransports().length );
-
+        
+        KerberosConfig config = server.getConfig();
         assertEquals( directoryService, server.getDirectoryService() );
-        assertEquals( "apache.org", server.getPrimaryRealm() );
-        assertEquals( "krbtgt/apache.org@apache.org", server.getServicePrincipal().getName() );
-        assertEquals( 1000, server.getMaximumTicketLifetime() );
-        assertEquals( 2000, server.getMaximumRenewableLifetime() );
-
+        assertEquals( "apache.org", config.getPrimaryRealm() );
+        assertEquals( "krbtgt/apache.org@apache.org", config.getServicePrincipal().getName() );
+        assertEquals( 1000, config.getMaximumTicketLifetime() );
+        assertEquals( 2000, config.getMaximumRenewableLifetime() );
+        
         server.stop();
         directoryService.shutdown();
 

Modified: directory/apacheds/trunk/server-config/src/main/java/org/apache/directory/server/config/beans/ChangePasswordServerBean.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/server-config/src/main/java/org/apache/directory/server/config/beans/ChangePasswordServerBean.java?rev=1443107&r1=1443106&r2=1443107&view=diff
==============================================================================
--- directory/apacheds/trunk/server-config/src/main/java/org/apache/directory/server/config/beans/ChangePasswordServerBean.java (original)
+++ directory/apacheds/trunk/server-config/src/main/java/org/apache/directory/server/config/beans/ChangePasswordServerBean.java Wed Feb  6 18:19:36 2013
@@ -19,11 +19,9 @@
  */
 package org.apache.directory.server.config.beans;
 
+import org.apache.directory.shared.ldap.model.name.Dn;
 
-import java.util.ArrayList;
-import java.util.List;
 
-import org.apache.directory.server.config.ConfigurationElement;
 
 
 /**
@@ -33,38 +31,6 @@ import org.apache.directory.server.confi
  */
 public class ChangePasswordServerBean extends DSBasedServerBean
 {
-    /** The policy for category count. */
-    @ConfigurationElement(attributeType = "ads-chgPwdPolicyCategoryCount", isOptional = true)
-    private int chgPwdPolicyCategoryCount;
-
-    /** The policy for password length. */
-    @ConfigurationElement(attributeType = "ads-chgPwdPolicyPasswordLength", isOptional = true)
-    private int chgPwdPolicyPasswordLength;
-
-    /** The policy for token size. */
-    @ConfigurationElement(attributeType = "ads-chgPwdPolicyTokenSize", isOptional = true)
-    private int chgPwdPolicyTokenSize;
-
-    /** The service principal name. */
-    @ConfigurationElement(attributeType = "ads-chgPwdServicePrincipal", isOptional = true)
-    private String chgPwdServicePrincipal;
-    
-    /** The allowable clock skew. */
-    @ConfigurationElement(attributeType = "ads-krbAllowableClockSkew", isOptional = true)
-    private long krbAllowableClockSkew;
-
-    /** Whether empty addresses are allowed. */
-    @ConfigurationElement(attributeType = "ads-krbEmptyAddressesAllowed", isOptional = true)
-    private boolean krbEmptyAddressesAllowed;
-
-    /** The encryption types. */
-    @ConfigurationElement(attributeType = "ads-krbEncryptionTypes", isOptional = true)
-    private List<String> krbEncryptionTypes = new ArrayList<String>();
-    
-    /** The primary realm. */
-    @ConfigurationElement(attributeType = "ads-krbPrimaryRealm", isOptional = true)
-    private String krbPrimaryRealm;
-
 
     /**
      * Create a new ChangePasswordServer instance
@@ -74,194 +40,11 @@ public class ChangePasswordServerBean ex
         super();
     }
 
-
-    /**
-     * @return the krbAllowableClockSkew
-     */
-    public long getKrbAllowableClockSkew()
-    {
-        return krbAllowableClockSkew;
-    }
-
-
-    /**
-     * @param krbAllowableClockSkew the krbAllowableClockSkew to set
-     */
-    public void setKrbAllowableClockSkew( long krbAllowableClockSkew )
-    {
-        this.krbAllowableClockSkew = krbAllowableClockSkew;
-    }
-
-
-    /**
-     * @return the krbEmptyAddressesAllowed
-     */
-    public boolean isKrbEmptyAddressesAllowed()
-    {
-        return krbEmptyAddressesAllowed;
-    }
-
-
-    /**
-     * @param krbEmptyAddressesAllowed the krbEmptyAddressesAllowed to set
-     */
-    public void setKrbEmptyAddressesAllowed( boolean krbEmptyAddressesAllowed )
-    {
-        this.krbEmptyAddressesAllowed = krbEmptyAddressesAllowed;
-    }
-
-
-    /**
-     * @return the krbEncryptionTypes
-     */
-    public List<String> getKrbEncryptionTypes()
-    {
-        return krbEncryptionTypes;
-    }
-
-
-    /**
-     * @param krbEncryptionTypes the krbEncryptionTypes to set
-     */
-    public void setKrbEncryptionTypes( List<String> krbEncryptionTypes )
-    {
-        this.krbEncryptionTypes = krbEncryptionTypes;
-    }
-
-
-    /**
-     * Initialize the encryptionTypes set
-     * 
-     * @param krbEncryptionTypes the encryptionTypes to set
-     */
-    public void addKrbEncryptionTypes( String... krbEncryptionTypes )
-    {
-        for ( String encryptionType : krbEncryptionTypes )
-        {
-            this.krbEncryptionTypes.add( encryptionType );
-        }
-    }
-
-
-    /**
-     * @return the krbPrimaryRealm
-     */
-    public String getKrbPrimaryRealm()
-    {
-        return krbPrimaryRealm;
-    }
-
-
-    /**
-     * @param krbPrimaryRealm the krbPrimaryRealm to set
-     */
-    public void setKrbPrimaryRealm( String krbPrimaryRealm )
-    {
-        this.krbPrimaryRealm = krbPrimaryRealm;
-    }
-
-
-    /**
-     * @return the chgPwdPolicyCategoryCount
-     */
-    public int getChgPwdPolicyCategoryCount()
-    {
-        return chgPwdPolicyCategoryCount;
-    }
-
-
-    /**
-     * @param chgPwdPolicyCategoryCount the chgPwdPolicyCategoryCount to set
-     */
-    public void setChgPwdPolicyCategoryCount( int chgPwdPolicyCategoryCount )
-    {
-        this.chgPwdPolicyCategoryCount = chgPwdPolicyCategoryCount;
-    }
-
-
-    /**
-     * @return the chgPwdPolicyPasswordLength
-     */
-    public int getChgPwdPolicyPasswordLength()
-    {
-        return chgPwdPolicyPasswordLength;
-    }
-
-
-    /**
-     * @param chgPwdPolicyPasswordLength the chgPwdPolicyPasswordLength to set
-     */
-    public void setChgPwdPolicyPasswordLength( int chgPwdPolicyPasswordLength )
-    {
-        this.chgPwdPolicyPasswordLength = chgPwdPolicyPasswordLength;
-    }
-
-
-    /**
-     * @return the chgPwdPolicyTokenSize
-     */
-    public int getChgPwdPolicyTokenSize()
-    {
-        return chgPwdPolicyTokenSize;
-    }
-
-
-    /**
-     * @param chgPwdPolicyTokenSize the chgPwdPolicyTokenSize to set
-     */
-    public void setChgPwdPolicyTokenSize( int chgPwdPolicyTokenSize )
-    {
-        this.chgPwdPolicyTokenSize = chgPwdPolicyTokenSize;
-    }
-
-
-    /**
-     * @return the chgPwdServicePrincipal
-     */
-    public String getChgPwdServicePrincipal()
-    {
-        return chgPwdServicePrincipal;
-    }
-
-
-    /**
-     * @param chgPwdServicePrincipal the chgPwdServicePrincipal to set
-     */
-    public void setChgPwdServicePrincipal( String chgPwdServicePrincipal )
-    {
-        this.chgPwdServicePrincipal = chgPwdServicePrincipal;
-    }
-
-
-    /**
-     * {@inheritDoc}
-     */
-    public String toString( String tabs )
+    
+    @Override
+    public void setSearchBaseDn( Dn searchBaseDn )
     {
-        StringBuilder sb = new StringBuilder();
-
-        sb.append( tabs ).append( "ChangePasswordServer :\n" );
-        sb.append( super.toString( tabs + "  " ) );
-        sb.append( toString( tabs, "  change password service principal", chgPwdServicePrincipal ) );
-        sb.append( toString( tabs, "  KRB primary realm", krbPrimaryRealm ) );
-
-        if ( ( krbEncryptionTypes != null ) && ( krbEncryptionTypes.size() != 0 ) )
-        {
-            sb.append( tabs ).append( "  encryption types : \n" );
-
-            for ( String encryptionType : krbEncryptionTypes )
-            {
-                sb.append( tabs ).append( "    encryptionType : " ).append( encryptionType ).append( '\n' );
-            }
-        }
-
-        sb.append( toString( tabs, "  change password policy category count", chgPwdPolicyCategoryCount ) );
-        sb.append( toString( tabs, "  change password policy password length", chgPwdPolicyPasswordLength ) );
-        sb.append( toString( tabs, "  change password policy token size", chgPwdPolicyTokenSize ) );
-        sb.append( toString( tabs, "  KRB allowable clock skew", krbAllowableClockSkew ) );
-        sb.append( toString( tabs, "  KRB empty addresses allowed", krbEmptyAddressesAllowed ) );
-
-        return sb.toString();
+        throw new UnsupportedOperationException( "No need to set the search base DN, the kerberos server's search base DN is used internally" );
     }
 
 
@@ -270,6 +53,6 @@ public class ChangePasswordServerBean ex
      */
     public String toString()
     {
-        return toString( "" );
+        return "ChangePasswordServer";
     }
 }



Mime
View raw message