Mailing-List: contact commits-help@directory.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@directory.apache.org
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r1467804 [2/2] - in
 /directory/apacheds/trunk/kerberos-client2:
 ./ src/ src/main/ src/main/java/ src/main/java/org/
 src/main/java/org/apache/ src/main/java/org/apache/directory/
 src/main/java/org/apache/directory/kerberos/ src/main/java/org...
Date: Sun, 14 Apr 2013 17:47:07 -0000
To: commits@directory.apache.org
From: kayyagari@apache.org
Message-Id: <20130414174708.2B6F32388A36@eris.apache.org>

Added: directory/apacheds/trunk/kerberos-client2/src/test/java/org/apache/directory/kerberos/client/KdcAsRepTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-client2/src/test/java/org/apache/directory/kerberos/client/KdcAsRepTest.java?rev=1467804&view=auto
==============================================================================
--- directory/apacheds/trunk/kerberos-client2/src/test/java/org/apache/directory/kerberos/client/KdcAsRepTest.java (added)
+++ directory/apacheds/trunk/kerberos-client2/src/test/java/org/apache/directory/kerberos/client/KdcAsRepTest.java Sun Apr 14 17:47:06 2013
@@ -0,0 +1,233 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.directory.kerberos.client;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.fail;
+
+import java.nio.ByteBuffer;
+
+import org.apache.directory.api.asn1.ber.Asn1Decoder;
+import org.apache.directory.api.ldap.model.entry.DefaultEntry;
+import org.apache.directory.api.ldap.model.entry.Entry;
+import org.apache.directory.kerberos.client.KdcConnection;
+import org.apache.directory.kerberos.client.TgTicket;
+import org.apache.directory.kerberos.client.TgtRequest;
+import org.apache.directory.server.annotations.CreateKdcServer;
+import org.apache.directory.server.annotations.CreateLdapServer;
+import org.apache.directory.server.annotations.CreateTransport;
+import org.apache.directory.server.core.annotations.ApplyLdifs;
+import org.apache.directory.server.core.annotations.ContextEntry;
+import org.apache.directory.server.core.annotations.CreateDS;
+import org.apache.directory.server.core.annotations.CreatePartition;
+import org.apache.directory.server.core.api.CoreSession;
+import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
+import org.apache.directory.server.core.integ.FrameworkRunner;
+import org.apache.directory.server.core.kerberos.KeyDerivationInterceptor;
+import org.apache.directory.shared.kerberos.codec.methodData.MethodDataContainer;
+import org.apache.directory.shared.kerberos.codec.types.PaDataType;
+import org.apache.directory.shared.kerberos.components.MethodData;
+import org.apache.directory.shared.kerberos.exceptions.ErrorType;
+import org.apache.directory.shared.kerberos.exceptions.KerberosException;
+import org.apache.directory.shared.kerberos.messages.KrbError;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+
+@RunWith(FrameworkRunner.class)
+@CreateDS(name = "KerberosTcpIT-class", enableChangeLog = false,
+    partitions =
+        {
+            @CreatePartition(
+                name = "example",
+                suffix = "dc=example,dc=com",
+                contextEntry=@ContextEntry( entryLdif = 
+                    "dn: dc=example,dc=com\n" +
+                    "objectClass: domain\n" +
+                    "dc: example" ) )
+    },
+    additionalInterceptors =
+        {
+            KeyDerivationInterceptor.class
+    })
+@CreateLdapServer(
+    transports =
+        {
+            @CreateTransport(protocol = "LDAP")
+    })
+@CreateKdcServer(
+    searchBaseDn = "dc=example,dc=com",
+    transports =
+        {
+            @CreateTransport(protocol = "TCP")
+    })
+@ApplyLdifs({
+    // krbtgt
+    "dn: uid=krbtgt,dc=example,dc=com",
+    "objectClass: top",
+    "objectClass: person",
+    "objectClass: inetOrgPerson",
+    "objectClass: krb5principal",
+    "objectClass: krb5kdcentry",
+    "cn: KDC Service",
+    "sn: Service",
+    "uid: krbtgt",
+    "userPassword: secret",
+    "krb5PrincipalName: krbtgt/EXAMPLE.COM@EXAMPLE.COM",
+    "krb5KeyVersionNumber: 0",
+    
+    //app service
+    "dn: uid=ldap,dc=example,dc=com",
+    "objectClass: top",
+    "objectClass: person",
+    "objectClass: inetOrgPerson",
+    "objectClass: krb5principal",
+    "objectClass: krb5kdcentry",
+    "cn: LDAP",
+    "sn: Service",
+    "uid: ldap",
+    "userPassword: randall",
+    "krb5PrincipalName: ldap/localhost@EXAMPLE.COM",
+    "krb5KeyVersionNumber: 0"
+})
+public class KdcAsRepTest extends AbstractLdapTestUnit
+{
+    public static final String USERS_DN = "dc=example,dc=com";
+    
+    private static CoreSession session;
+
+    private static KdcConnection conn;
+    
+    private String userPassword = "secret";
+    
+    private String principalName = "will@EXAMPLE.COM";
+    
+    @Before
+    public void setup() throws Exception
+    {
+        if ( session == null )
+        {
+            kdcServer.setSearchBaseDn( USERS_DN );
+            session = kdcServer.getDirectoryService().getAdminSession();
+            createPrincipal( "will", userPassword, principalName );
+        }
+        
+        if ( conn == null )
+        {
+            conn = KdcConnection.createTcpConnection( "localhost", kdcServer.getTcpPort() );
+            conn.setTimeout( Integer.MAX_VALUE );
+        }
+    }
+    
+    
+    @Test
+    public void testKrbErrUnknwonClientPrincipal() throws Exception
+    {
+        try
+        {
+            conn.getTgt( "unknown@EXAMPLE.COM", userPassword );
+        }
+        catch( KerberosException e )
+        {
+            KrbError err = e.getError();
+            assertNotNull( err );
+            assertEquals( ErrorType.KDC_ERR_C_PRINCIPAL_UNKNOWN, err.getErrorCode() );
+        }
+    }
+    
+    
+    @Test
+    public void testKrbErrPreAuthRequired() throws Exception
+    {
+        TgtRequest tgtReq = new TgtRequest();
+        tgtReq.setClientPrincipal( principalName );
+        tgtReq.setPassword( userPassword );
+        tgtReq.setPreAuthEnabled( false );
+
+        try
+        {
+            conn.getTgt( tgtReq );
+        }
+        catch( KerberosException e )
+        {
+            KrbError err = e.getError();
+            assertNotNull( err );
+            assertEquals( ErrorType.KDC_ERR_PREAUTH_REQUIRED, err.getErrorCode() );
+            byte[] eData = err.getEData();
+            ByteBuffer stream = ByteBuffer.allocate( eData.length );
+            stream.put( eData );
+            stream.flip();
+            
+            Asn1Decoder decoder = new Asn1Decoder();
+            MethodDataContainer container = new MethodDataContainer();
+            container.setStream( stream );
+            decoder.decode( stream, container );
+            MethodData padata = container.getMethodData();
+            assertEquals( 2, padata.getPaDatas().length );
+            assertEquals( PaDataType.PA_ENCTYPE_INFO2, padata.getPaDatas()[1].getPaDataType() );
+            assertEquals( PaDataType.PA_ENC_TIMESTAMP, padata.getPaDatas()[0].getPaDataType() );
+        }
+    }
+
+    
+    @Test
+    public void testKrbErrCantPostdate() throws Exception
+    {
+        TgtRequest tgtReq = new TgtRequest();
+        tgtReq.setClientPrincipal( principalName );
+        tgtReq.setPassword( userPassword );
+        tgtReq.setStartTime( System.currentTimeMillis() + 600000 ); // now + 10 min
+        
+        try
+        {
+            conn.getTgt( tgtReq );
+            fail("should fail with KDC_ERR_CANNOT_POSTDATE");
+        }
+        catch( KerberosException e )
+        {
+            KrbError err = e.getError();
+            assertNotNull( err );
+            assertEquals( ErrorType.KDC_ERR_CANNOT_POSTDATE, err.getErrorCode() );
+        }
+        
+        tgtReq.setPostdated( true );
+        TgTicket tgt = conn.getTgt( tgtReq );
+        assertNotNull( tgt );
+    }
+
+    
+    private String createPrincipal( String uid, String userPassword, String principalName ) throws Exception
+    {
+        Entry entry = new DefaultEntry( session.getDirectoryService().getSchemaManager() );
+        entry.setDn( "uid=" + uid + "," + USERS_DN );
+        entry.add( "objectClass", "top", "person", "inetOrgPerson", "krb5principal", "krb5kdcentry" );
+        entry.add( "cn", uid );
+        entry.add( "sn", uid );
+        entry.add( "uid", uid );
+        entry.add( "userPassword", userPassword );
+        entry.add( "krb5PrincipalName", principalName );
+        entry.add( "krb5KeyVersionNumber", "0" );
+        session.add( entry );
+        
+        return entry.getDn().getName();
+    }
+}

Added: directory/apacheds/trunk/kerberos-client2/src/test/java/org/apache/directory/kerberos/client/KdcConnectionTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-client2/src/test/java/org/apache/directory/kerberos/client/KdcConnectionTest.java?rev=1467804&view=auto
==============================================================================
--- directory/apacheds/trunk/kerberos-client2/src/test/java/org/apache/directory/kerberos/client/KdcConnectionTest.java (added)
+++ directory/apacheds/trunk/kerberos-client2/src/test/java/org/apache/directory/kerberos/client/KdcConnectionTest.java Sun Apr 14 17:47:06 2013
@@ -0,0 +1,233 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.directory.kerberos.client;
+
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+
+import org.apache.directory.api.ldap.model.entry.DefaultEntry;
+import org.apache.directory.api.ldap.model.entry.Entry;
+import org.apache.directory.kerberos.client.KdcConnection;
+import org.apache.directory.kerberos.client.ServiceTicket;
+import org.apache.directory.kerberos.client.TgTicket;
+import org.apache.directory.kerberos.client.TgtRequest;
+import org.apache.directory.server.annotations.CreateChngPwdServer;
+import org.apache.directory.server.annotations.CreateKdcServer;
+import org.apache.directory.server.annotations.CreateLdapServer;
+import org.apache.directory.server.annotations.CreateTransport;
+import org.apache.directory.server.core.annotations.ApplyLdifs;
+import org.apache.directory.server.core.annotations.ContextEntry;
+import org.apache.directory.server.core.annotations.CreateDS;
+import org.apache.directory.server.core.annotations.CreatePartition;
+import org.apache.directory.server.core.api.CoreSession;
+import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
+import org.apache.directory.server.core.integ.FrameworkRunner;
+import org.apache.directory.server.core.kerberos.KeyDerivationInterceptor;
+import org.apache.directory.server.kerberos.changepwd.exceptions.ChangePasswdErrorType;
+import org.apache.directory.shared.kerberos.exceptions.KerberosException;
+import org.junit.Before;
+import org.junit.Ignore;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+
+@RunWith(FrameworkRunner.class)
+@CreateDS(name = "KerberosTcpIT-class", enableChangeLog = false,
+    partitions =
+        {
+            @CreatePartition(
+                name = "example",
+                suffix = "dc=example,dc=com",
+                contextEntry=@ContextEntry( entryLdif = 
+                    "dn: dc=example,dc=com\n" +
+                    "objectClass: domain\n" +
+                    "dc: example" ) )
+    },
+    additionalInterceptors =
+        {
+            KeyDerivationInterceptor.class
+    })
+@CreateLdapServer(
+    transports =
+        {
+            @CreateTransport(protocol = "LDAP")
+    })
+@CreateKdcServer(
+    searchBaseDn = "dc=example,dc=com",
+    transports =
+        {
+            @CreateTransport(protocol = "TCP")
+    },
+    chngPwdServer = @CreateChngPwdServer
+    (
+        transports =
+        {
+            @CreateTransport(protocol = "TCP")
+        }    
+    ))
+@ApplyLdifs({
+    // krbtgt
+    "dn: uid=krbtgt,dc=example,dc=com",
+    "objectClass: top",
+    "objectClass: person",
+    "objectClass: inetOrgPerson",
+    "objectClass: krb5principal",
+    "objectClass: krb5kdcentry",
+    "cn: KDC Service",
+    "sn: Service",
+    "uid: krbtgt",
+    "userPassword: secret",
+    "krb5PrincipalName: krbtgt/EXAMPLE.COM@EXAMPLE.COM",
+    "krb5KeyVersionNumber: 0",
+    
+    // changepwd
+    "dn: uid=kadmin,dc=example,dc=com",
+    "objectClass: top",
+    "objectClass: person",
+    "objectClass: inetOrgPerson",
+    "objectClass: krb5principal",
+    "objectClass: krb5kdcentry",
+    "cn: changepw Service",
+    "sn: Service",
+    "uid: kadmin",
+    "userPassword: secret",
+    "krb5PrincipalName: kadmin/changepw@EXAMPLE.COM",
+    "krb5KeyVersionNumber: 0",
+
+    // app service
+    "dn: uid=ldap,dc=example,dc=com",
+    "objectClass: top",
+    "objectClass: person",
+    "objectClass: inetOrgPerson",
+    "objectClass: krb5principal",
+    "objectClass: krb5kdcentry",
+    "cn: LDAP",
+    "sn: Service",
+    "uid: ldap",
+    "userPassword: randall",
+    "krb5PrincipalName: ldap/localhost@EXAMPLE.COM",
+    "krb5KeyVersionNumber: 0"
+})
+public class KdcConnectionTest extends AbstractLdapTestUnit
+{
+    public static final String USERS_DN = "dc=example,dc=com";
+    
+    private static CoreSession session;
+
+    private static KdcConnection conn;
+    
+    private String userPassword = "secret";
+    
+    private String principalName = "will@EXAMPLE.COM";
+    
+    private String serverPrincipal = "ldap/localhost@EXAMPLE.COM";
+
+    @Before
+    public void setup() throws Exception
+    {
+        if ( session == null )
+        {
+            kdcServer.setSearchBaseDn( USERS_DN );
+            session = kdcServer.getDirectoryService().getAdminSession();
+            createPrincipal( "will", userPassword, principalName );
+        }
+        
+        if ( conn == null )
+        {
+            conn = KdcConnection.createTcpConnection( "localhost", kdcServer.getTcpPort() );
+            conn.setEncryptionTypes( kdcServer.getConfig().getEncryptionTypes() );
+            conn.setTimeout( Integer.MAX_VALUE );
+        }
+    }
+    
+    
+    @Test
+    public void testGettingInitialTicket() throws Exception
+    {
+        TgTicket tgt = conn.getTgt( principalName, userPassword );
+        assertNotNull( tgt );
+        assertFalse( tgt.isForwardable() );
+    }
+
+    
+    @Test
+    public void testTgtFlags() throws Exception
+    {
+        TgtRequest tgtReq = new TgtRequest();
+        tgtReq.setClientPrincipal( principalName );
+        tgtReq.setPassword( userPassword );
+        tgtReq.setForwardable( true );
+        
+        TgTicket tgt = conn.getTgt( tgtReq );
+        assertNotNull( tgt );
+        assertTrue( tgt.isForwardable() );
+    }
+    
+    @Test
+    public void testGetServiceTicket() throws Exception
+    {
+        ServiceTicket rep = conn.getServiceTicket( principalName, userPassword, serverPrincipal );
+        System.out.println( rep );
+        assertNotNull( rep );
+    }
+    
+    
+    @Test
+    @Ignore("Failing with NPE in public ChangePasswdErrorType getResultCode()")
+    public void testChangePassword() throws Exception
+    {
+        String newPassword = "newPassword";
+        int port = kdcServer.getChangePwdServer().getTcpPort();
+        
+        conn.changePassword( principalName, userPassword, newPassword, "localhost", port, false );
+        
+        try
+        {
+            conn.getTgt( principalName, userPassword );
+            fail( "should fail with kerberos exception cause of invalid password" );
+        }
+        catch( KerberosException e )
+        {
+        }
+        
+        TgTicket tgt = conn.getTgt( principalName, newPassword );
+        assertNotNull( tgt );
+    }
+    
+    
+    private String createPrincipal( String uid, String userPassword, String principalName ) throws Exception
+    {
+        Entry entry = new DefaultEntry( session.getDirectoryService().getSchemaManager() );
+        entry.setDn( "uid=" + uid + "," + USERS_DN );
+        entry.add( "objectClass", "top", "person", "inetOrgPerson", "krb5principal", "krb5kdcentry" );
+        entry.add( "cn", uid );
+        entry.add( "sn", uid );
+        entry.add( "uid", uid );
+        entry.add( "userPassword", userPassword );
+        entry.add( "krb5PrincipalName", principalName );
+        entry.add( "krb5KeyVersionNumber", "0" );
+        session.add( entry );
+        
+        return entry.getDn().getName();
+    }
+}

Added: directory/apacheds/trunk/kerberos-client2/src/test/resources/log4j.xml
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-client2/src/test/resources/log4j.xml?rev=1467804&view=auto
==============================================================================
--- directory/apacheds/trunk/kerberos-client2/src/test/resources/log4j.xml (added)
+++ directory/apacheds/trunk/kerberos-client2/src/test/resources/log4j.xml Sun Apr 14 17:47:06 2013
@@ -0,0 +1,95 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements.  See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+-->
+<log4j:configuration>
+
+    <appender name="stdout" class="org.apache.log4j.ConsoleAppender">
+           <layout class="org.apache.log4j.PatternLayout">
+             <param name="ConversionPattern"
+            value="[%d{HH:mm:ss}] %p [%c] - %m%n"/>
+           </layout>        
+    </appender>
+
+    <appender name="file" class="org.apache.log4j.FileAppender">
+           <param name="Append" value="false"/>
+           <param name="File" value="/tmp/krbconn.log" /> 
+           <layout class="org.apache.log4j.PatternLayout">
+             <param name="ConversionPattern"
+            value="[%d{HH:mm:ss}] %p [%c] - %m%n"/>
+           </layout>       
+    </appender>
+
+    <logger name="LOG_CHANGES" additivity="false">
+      <level value="warn"/> 
+    </logger>
+    
+     <logger name="org.apache.directory.shared.ldap.model.schema" additivity="false">
+       <level value="warn"/> 
+     </logger>
+     
+      <logger name="net.sf.ehcache" additivity="false">
+       <level value="warn"/> 
+     </logger>    
+     
+     <logger name="org.apache.directory.server.xdbm" additivity="false">
+       <level value="warn"/> 
+     </logger>
+     
+     <logger name="org.apache.directory.server.core.partition" additivity="false">
+       <level value="warn"/> 
+     </logger>
+
+     <logger name="JdbmTable" additivity="false">
+       <level value="warn"/> 
+     </logger>
+     
+     <logger name="JdbmIndex" additivity="false">
+       <level value="warn"/> 
+     </logger>     
+          
+    <logger name="org.apache.directory.server.replication" additivity="false">
+       <level value="debug"/> 
+    </logger>
+  
+    <logger name="org.apache.directory.ldap.client.api" additivity="false">
+       <level value="warn"/> 
+    </logger>
+    
+    <logger name="org.apache.directory.server.core">
+       <level value="warn"/> 
+    </logger>
+
+    <logger name="org.apache.directory.shared.kerberos">
+      <level value="debug"/> 
+    </logger>
+          
+    <logger name="org.apache.directory.shared.ldap">
+      <level value="warn"/> 
+    </logger>
+
+    <logger name="org.apache.directory.shared.util">
+      <level value="warn"/> 
+    </logger>
+
+    <root>
+       <level value="off"/>
+       <appender-ref ref="stdout" />
+       <appender-ref ref="file" />
+    </root>
+</log4j:configuration>
\ No newline at end of file