Return-Path: X-Original-To: apmail-directory-commits-archive@www.apache.org Delivered-To: apmail-directory-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id E461410514 for ; Wed, 24 Apr 2013 10:42:52 +0000 (UTC) Received: (qmail 75373 invoked by uid 500); 24 Apr 2013 10:42:52 -0000 Delivered-To: apmail-directory-commits-archive@directory.apache.org Received: (qmail 75333 invoked by uid 500); 24 Apr 2013 10:42:52 -0000 Mailing-List: contact commits-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@directory.apache.org Delivered-To: mailing list commits@directory.apache.org Received: (qmail 75326 invoked by uid 99); 24 Apr 2013 10:42:52 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 24 Apr 2013 10:42:52 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 24 Apr 2013 10:42:47 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id 441892388A3D; Wed, 24 Apr 2013 10:42:26 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1471363 - in /directory/apacheds/trunk/kerberos-client2/src: main/java/org/apache/directory/kerberos/client/ test/java/org/apache/directory/kerberos/client/ Date: Wed, 24 Apr 2013 10:42:26 -0000 To: commits@directory.apache.org From: kayyagari@apache.org X-Mailer: svnmailer-1.0.8-patched Message-Id: <20130424104226.441892388A3D@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: kayyagari Date: Wed Apr 24 10:42:25 2013 New Revision: 1471363 URL: http://svn.apache.org/r1471363 Log: o moved the KDC configuration to a dedicated class and updated KdcConnection to use it and fixed tests o enabled the changepassword test Added: directory/apacheds/trunk/kerberos-client2/src/main/java/org/apache/directory/kerberos/client/KdcConfig.java Modified: directory/apacheds/trunk/kerberos-client2/src/main/java/org/apache/directory/kerberos/client/KdcConnection.java directory/apacheds/trunk/kerberos-client2/src/main/java/org/apache/directory/kerberos/client/TgtRequest.java directory/apacheds/trunk/kerberos-client2/src/test/java/org/apache/directory/kerberos/client/KdcAsRepTest.java directory/apacheds/trunk/kerberos-client2/src/test/java/org/apache/directory/kerberos/client/KdcConnectionTest.java Added: directory/apacheds/trunk/kerberos-client2/src/main/java/org/apache/directory/kerberos/client/KdcConfig.java URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-client2/src/main/java/org/apache/directory/kerberos/client/KdcConfig.java?rev=1471363&view=auto ============================================================================== --- directory/apacheds/trunk/kerberos-client2/src/main/java/org/apache/directory/kerberos/client/KdcConfig.java (added) +++ directory/apacheds/trunk/kerberos-client2/src/main/java/org/apache/directory/kerberos/client/KdcConfig.java Wed Apr 24 10:42:25 2013 @@ -0,0 +1,185 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.apache.directory.kerberos.client; + + +import static org.apache.directory.shared.kerberos.codec.types.EncryptionType.AES128_CTS_HMAC_SHA1_96; +import static org.apache.directory.shared.kerberos.codec.types.EncryptionType.AES256_CTS_HMAC_SHA1_96; +import static org.apache.directory.shared.kerberos.codec.types.EncryptionType.DES3_CBC_SHA1_KD; +import static org.apache.directory.shared.kerberos.codec.types.EncryptionType.DES_CBC_MD5; +import static org.apache.directory.shared.kerberos.codec.types.EncryptionType.RC4_HMAC; + +import java.util.HashSet; +import java.util.Set; + +import org.apache.directory.shared.kerberos.KerberosUtils; +import org.apache.directory.shared.kerberos.codec.types.EncryptionType; + + +/** + * Configuration class for KDC and changepassword servers. + * + * @author Apache Directory Project + */ +public class KdcConfig +{ + /** host name of the Kerberos server */ + private String hostName = "localhost"; + + /** port on which the Kerberos server is listening */ + private int kdcPort = 88; + + /** port on which the change password server is listening */ + private int passwdPort = 464; + + /** flag to indicate if the client should use UDP while connecting to Kerberos server */ + private boolean useUdp = true; + + /** flag to indicate if legacy protocol version 1 should be used while sending the change password request. Default is false, we send version 0xFF80 of rfc3244 */ + private boolean useLegacyChngPwdProtocol = false; + + /** the timeout of the connection to the Kerberos server */ + private int timeout = 60000; // default 1 min + + /** the set of encryption types that the client can support */ + private Set encryptionTypes; + + /** the default encryption types, this includes many encryption types */ + private static Set DEFAULT_ENCRYPTION_TYPES; + + static + { + DEFAULT_ENCRYPTION_TYPES = new HashSet(); + + DEFAULT_ENCRYPTION_TYPES.add( AES128_CTS_HMAC_SHA1_96 ); + DEFAULT_ENCRYPTION_TYPES.add( AES256_CTS_HMAC_SHA1_96 ); + DEFAULT_ENCRYPTION_TYPES.add( DES_CBC_MD5 ); + DEFAULT_ENCRYPTION_TYPES.add( DES3_CBC_SHA1_KD ); + DEFAULT_ENCRYPTION_TYPES.add( RC4_HMAC ); + //DEFAULT_ENCRYPTION_TYPES.add( RC4_HMAC_EXP ); + + DEFAULT_ENCRYPTION_TYPES = KerberosUtils.orderEtypesByStrength( DEFAULT_ENCRYPTION_TYPES ); + } + + + public KdcConfig() + { + } + + + public static KdcConfig getDefaultConfig() + { + return new KdcConfig(); + } + + + public String getHostName() + { + return hostName; + } + + + public void setHostName( String hostName ) + { + this.hostName = hostName; + } + + + public int getKdcPort() + { + return kdcPort; + } + + + public void setKdcPort( int kdcPort ) + { + this.kdcPort = kdcPort; + } + + + public int getPasswdPort() + { + return passwdPort; + } + + + public void setPasswdPort( int passwdPort ) + { + this.passwdPort = passwdPort; + } + + + public boolean isUseUdp() + { + return useUdp; + } + + + public void setUseUdp( boolean useUdp ) + { + this.useUdp = useUdp; + } + + + public boolean isUseLegacyChngPwdProtocol() + { + return useLegacyChngPwdProtocol; + } + + + public void setUseLegacyChngPwdProtocol( boolean useLegacyChngPwdProtocol ) + { + this.useLegacyChngPwdProtocol = useLegacyChngPwdProtocol; + } + + + public int getTimeout() + { + return timeout; + } + + + public void setTimeout( int timeout ) + { + this.timeout = timeout; + } + + + public Set getEncryptionTypes() + { + return encryptionTypes; + } + + + public void setEncryptionTypes( Set encryptionTypes ) + { + this.encryptionTypes = encryptionTypes; + } + + + @Override + public String toString() + { + return "KdcConfig [hostName=" + hostName + ", kdcPort=" + kdcPort + ", passwdPort=" + passwdPort + ", useUdp=" + + useUdp + ", useLegacyChngPwdProtocol=" + useLegacyChngPwdProtocol + ", timeout=" + timeout + + ", encryptionTypes=" + encryptionTypes + "]"; + } + +} Modified: directory/apacheds/trunk/kerberos-client2/src/main/java/org/apache/directory/kerberos/client/KdcConnection.java URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-client2/src/main/java/org/apache/directory/kerberos/client/KdcConnection.java?rev=1471363&r1=1471362&r2=1471363&view=diff ============================================================================== --- directory/apacheds/trunk/kerberos-client2/src/main/java/org/apache/directory/kerberos/client/KdcConnection.java (original) +++ directory/apacheds/trunk/kerberos-client2/src/main/java/org/apache/directory/kerberos/client/KdcConnection.java Wed Apr 24 10:42:25 2013 @@ -20,19 +20,12 @@ package org.apache.directory.kerberos.client; -import static org.apache.directory.shared.kerberos.codec.types.EncryptionType.AES128_CTS_HMAC_SHA1_96; -import static org.apache.directory.shared.kerberos.codec.types.EncryptionType.AES256_CTS_HMAC_SHA1_96; -import static org.apache.directory.shared.kerberos.codec.types.EncryptionType.DES3_CBC_SHA1_KD; -import static org.apache.directory.shared.kerberos.codec.types.EncryptionType.DES_CBC_MD5; - import java.io.IOException; import java.net.InetAddress; import java.nio.ByteBuffer; import java.security.SecureRandom; import java.text.ParseException; -import java.util.HashSet; import java.util.List; -import java.util.Set; import javax.security.auth.kerberos.KerberosPrincipal; @@ -54,7 +47,6 @@ import org.apache.directory.server.kerbe import org.apache.directory.server.kerberos.shared.crypto.encryption.KeyUsage; import org.apache.directory.server.kerberos.shared.crypto.encryption.RandomKeyFactory; import org.apache.directory.shared.kerberos.KerberosTime; -import org.apache.directory.shared.kerberos.KerberosUtils; import org.apache.directory.shared.kerberos.codec.KerberosMessageContainer; import org.apache.directory.shared.kerberos.codec.options.ApOptions; import org.apache.directory.shared.kerberos.codec.types.EncryptionType; @@ -99,25 +91,10 @@ public class KdcConnection { private static final Logger LOG = LoggerFactory.getLogger( KdcConnection.class ); - - /** host name of the Kerberos server */ - private String host; - - /** port on which the Kerberos server is listening */ - private int port; - - /** flag to indicate if the client should use UDP while connecting to Kerberos server */ - private boolean useUdp; - - /** the timeout of the connection to the Kerberos server */ - private int timeout = 60000; // default 1 min /** a secure random number generator used for creating nonces */ private SecureRandom nonceGenerator; - /** the set of encryption types that the client can support */ - private Set encryptionTypes; - static final String TIME_OUT_ERROR = "TimeOut occured"; /** the cipher text handler */ @@ -126,81 +103,27 @@ public class KdcConnection /** underlying network channel handler */ private KerberosChannel channel; - /** the default encryption types, this includes many encryption types */ - private static Set DEFAULT_ENCRYPTION_TYPES; - - - static - { - DEFAULT_ENCRYPTION_TYPES = new HashSet(); - - DEFAULT_ENCRYPTION_TYPES.add( AES128_CTS_HMAC_SHA1_96 ); - DEFAULT_ENCRYPTION_TYPES.add( AES256_CTS_HMAC_SHA1_96 ); - DEFAULT_ENCRYPTION_TYPES.add( DES_CBC_MD5 ); - DEFAULT_ENCRYPTION_TYPES.add( DES3_CBC_SHA1_KD ); -// DEFAULT_ENCRYPTION_TYPES.add( RC4_HMAC ); -// DEFAULT_ENCRYPTION_TYPES.add( RC4_HMAC_EXP ); - - DEFAULT_ENCRYPTION_TYPES = KerberosUtils.orderEtypesByStrength( DEFAULT_ENCRYPTION_TYPES ); - } - + private KdcConfig config; /** * * Creates a new instance of KdcConnection. * - * @param host the host name of Kerberos server - * @param port the port on which Kerberos server is listening - * @param isUdp flag to indicate if UDP should be used instead of TCP + * @param config the configuration of KDC */ - private KdcConnection( String host, int port, boolean isUdp ) + public KdcConnection( KdcConfig config ) { - this.host = host; - this.port = port; - this.useUdp = isUdp; + this.config = config; nonceGenerator = new SecureRandom( String.valueOf( System.currentTimeMillis() ).getBytes() ); cipherTextHandler = new CipherTextHandler(); channel = new KerberosChannel(); - encryptionTypes = DEFAULT_ENCRYPTION_TYPES; } - /** - * created a UDP based Kerberos client connection - * - * @param host the host name of Kerberos server - * @param port the port on which Kerberos server is listening - * @return - * @throws Exception - */ - public static KdcConnection createUdpConnection( String host, int port ) throws Exception - { - KdcConnection connection = new KdcConnection( host, port, true ); - - return connection; - } - - - /** - * created a TCP based Kerberos client connection - * - * @param host the host name of Kerberos server - * @param port the port on which Kerberos server is listening - * @return - * @throws Exception - */ - public static KdcConnection createTcpConnection( String host, int port ) throws Exception - { - KdcConnection connection = new KdcConnection( host, port, false ); - - return connection; - } - - private void connect() throws IOException { - channel.openConnection( host, port, timeout, useUdp ); + channel.openConnection( config.getHostName(), config.getKdcPort(), config.getTimeout(), config.isUseUdp() ); } @@ -237,7 +160,7 @@ public class KdcConnection TgtRequest clientTgtReq = new TgtRequest(); clientTgtReq.setClientPrincipal( clientPrincipal ); clientTgtReq.setPassword( password ); - + TgTicket tgt = getTgt( clientTgtReq ); return getServiceTicket( new ServiceTicketRequest( tgt, serverPrincipal ) ); @@ -269,7 +192,7 @@ public class KdcConnection { if ( ke.getErrorCode() == ErrorType.KDC_ERR_PREAUTH_REQUIRED.getValue() ) { - encryptionTypes = KdcClientUtil.getEtypesFromError( ke.getError() ); + clientTgtReq.setETypes( KdcClientUtil.getEtypesFromError( ke.getError() ) ); clientTgtReq.setPreAuthEnabled( true ); } } @@ -295,6 +218,11 @@ public class KdcConnection clientTgtReq.setServerPrincipal( serverPrincipal ); } + if( clientTgtReq.getETypes() == null ) + { + clientTgtReq.setETypes( config.getEncryptionTypes() ); + } + KdcReqBody body = new KdcReqBody(); body.setFrom( new KerberosTime( clientTgtReq.getStartTime() ) ); @@ -316,7 +244,7 @@ public class KdcConnection body.setTill( new KerberosTime( clientTgtReq.getExpiryTime() ) ); int currentNonce = nonceGenerator.nextInt(); body.setNonce( currentNonce ); - body.setEType( encryptionTypes ); + body.setEType( clientTgtReq.getETypes() ); body.setKdcOptions( clientTgtReq.getOptions() ); List lstAddresses = clientTgtReq.getHostAddresses(); @@ -331,7 +259,7 @@ public class KdcConnection body.setAddresses( addresses ); } - EncryptionType encryptionType = encryptionTypes.iterator().next(); + EncryptionType encryptionType = clientTgtReq.getETypes().iterator().next(); usedEType = encryptionType; EncryptionKey clientKey = KerberosKeyFactory.string2Key( clientTgtReq.getClientPrincipal(), clientTgtReq.getPassword(), encryptionType ); @@ -508,7 +436,7 @@ public class KdcConnection tgsReqBody.setTill( getDefaultTill() ); int currentNonce = nonceGenerator.nextInt(); tgsReqBody.setNonce( currentNonce ); - tgsReqBody.setEType( encryptionTypes ); + tgsReqBody.setEType( config.getEncryptionTypes() ); PrincipalName principalName = new PrincipalName( KdcClientUtil.extractName( serverPrincipal ), KerberosPrincipal.KRB_NT_SRV_HST ); tgsReqBody.setSName( principalName ); @@ -589,7 +517,7 @@ public class KdcConnection } - public ChangePasswordResult changePassword( String clientPrincipal, String oldPassword, String newPassword, String host, int port, boolean isUdp, boolean useRfc3244Structure ) throws ChangePasswordException + public ChangePasswordResult changePassword( String clientPrincipal, String oldPassword, String newPassword ) throws ChangePasswordException { KerberosChannel channel = null; @@ -630,20 +558,21 @@ public class KdcConnection part.setSeqNumber( authenticator.getSeqNumber() ); part.setTimestamp( authenticator.getCtime() ); - short changePwdPVNO = ChangePasswordRequest.OLD_PVNO; + short changePwdPVNO = ChangePasswordRequest.PVNO; - if( useRfc3244Structure ) + if( config.isUseLegacyChngPwdProtocol() ) + { + part.setUserData( Strings.getBytesUtf8( newPassword ) ); + changePwdPVNO = ChangePasswordRequest.OLD_PVNO; + } + else { ChangePasswdData chngPwdData = new ChangePasswdData(); chngPwdData.setNewPasswd( Strings.getBytesUtf8( newPassword ) ); //chngPwdData.setTargName( new PrincipalName( clientPrincipal, PrincipalNameType.KRB_NT_PRINCIPAL ) ); //chngPwdData.setTargRealm( clientTgtReq.getRealm() ); - part.setUserData( getEncoded( chngPwdData ) ); - changePwdPVNO = ChangePasswordRequest.PVNO; - } - else - { - part.setUserData( Strings.getBytesUtf8( newPassword ) ); + byte[] data = getEncoded( chngPwdData ); + part.setUserData( data ); } EncryptedData encKrbPrivPartData = cipherTextHandler.encrypt( subKey, getEncoded( part ), KeyUsage.KRB_PRIV_ENC_PART_CHOSEN_KEY ); @@ -652,7 +581,7 @@ public class KdcConnection ChangePasswordRequest req = new ChangePasswordRequest( changePwdPVNO, apReq, privateMessage ); channel = new KerberosChannel(); - channel.openConnection( host, port, timeout, isUdp ); + channel.openConnection( config.getHostName(), config.getPasswdPort(), config.getTimeout(), config.isUseUdp() ); AbstractPasswordMessage reply = sendAndReceiveChngPwdMsg( req, channel ); @@ -728,30 +657,7 @@ public class KdcConnection return new KerberosTime( System.currentTimeMillis() + ( KerberosTime.MINUTE * 60 ) ); } - - public Set getEncryptionTypes() - { - return encryptionTypes; - } - - - public void setEncryptionTypes( Set encryptionTypes ) - { - this.encryptionTypes = KerberosUtils.orderEtypesByStrength( encryptionTypes ); - } - - public long getTimeout() - { - return timeout; - } - - - public void setTimeout( int timeout ) - { - this.timeout = timeout; - } - private KerberosMessage sendAndReceiveKrbMsg( KerberosMessage req ) throws Exception { ByteBuffer encodedBuf = KerberosEncoder.encode( req, channel.isUseTcp() ); Modified: directory/apacheds/trunk/kerberos-client2/src/main/java/org/apache/directory/kerberos/client/TgtRequest.java URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-client2/src/main/java/org/apache/directory/kerberos/client/TgtRequest.java?rev=1471363&r1=1471362&r2=1471363&view=diff ============================================================================== --- directory/apacheds/trunk/kerberos-client2/src/main/java/org/apache/directory/kerberos/client/TgtRequest.java (original) +++ directory/apacheds/trunk/kerberos-client2/src/main/java/org/apache/directory/kerberos/client/TgtRequest.java Wed Apr 24 10:42:25 2013 @@ -24,8 +24,10 @@ import java.net.InetAddress; import java.net.UnknownHostException; import java.util.ArrayList; import java.util.List; +import java.util.Set; import org.apache.directory.shared.kerberos.codec.options.KdcOptions; +import org.apache.directory.shared.kerberos.codec.types.EncryptionType; import org.apache.directory.shared.kerberos.components.HostAddress; @@ -48,6 +50,9 @@ public class TgtRequest private boolean preAuthEnabled = false; + /** the set of encryption types that the server replied */ + private Set eTypes; + public TgtRequest() { startTime = System.currentTimeMillis(); @@ -210,6 +215,19 @@ public class TgtRequest return KdcClientUtil.extractName( clientPrincipal ); } + + public Set getETypes() + { + return eTypes; + } + + + public void setETypes( Set eTypes ) + { + this.eTypes = eTypes; + } + + private void setOrClear( int pos, boolean set ) { if ( set ) Modified: directory/apacheds/trunk/kerberos-client2/src/test/java/org/apache/directory/kerberos/client/KdcAsRepTest.java URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-client2/src/test/java/org/apache/directory/kerberos/client/KdcAsRepTest.java?rev=1471363&r1=1471362&r2=1471363&view=diff ============================================================================== --- directory/apacheds/trunk/kerberos-client2/src/test/java/org/apache/directory/kerberos/client/KdcAsRepTest.java (original) +++ directory/apacheds/trunk/kerberos-client2/src/test/java/org/apache/directory/kerberos/client/KdcAsRepTest.java Wed Apr 24 10:42:25 2013 @@ -54,7 +54,7 @@ import org.junit.runner.RunWith; @RunWith(FrameworkRunner.class) -@CreateDS(name = "KerberosTcpIT-class", enableChangeLog = false, +@CreateDS(name = "KdcAsRepTest-class", enableChangeLog = false, partitions = { @CreatePartition( @@ -133,8 +133,12 @@ public class KdcAsRepTest extends Abstra if ( conn == null ) { - conn = KdcConnection.createTcpConnection( "localhost", kdcServer.getTcpPort() ); - conn.setTimeout( Integer.MAX_VALUE ); + KdcConfig config = KdcConfig.getDefaultConfig(); + config.setUseUdp( false ); + config.setKdcPort( kdcServer.getTcpPort() ); + config.setEncryptionTypes( kdcServer.getConfig().getEncryptionTypes() ); + config.setTimeout( Integer.MAX_VALUE ); + conn = new KdcConnection( config ); } } Modified: directory/apacheds/trunk/kerberos-client2/src/test/java/org/apache/directory/kerberos/client/KdcConnectionTest.java URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-client2/src/test/java/org/apache/directory/kerberos/client/KdcConnectionTest.java?rev=1471363&r1=1471362&r2=1471363&view=diff ============================================================================== --- directory/apacheds/trunk/kerberos-client2/src/test/java/org/apache/directory/kerberos/client/KdcConnectionTest.java (original) +++ directory/apacheds/trunk/kerberos-client2/src/test/java/org/apache/directory/kerberos/client/KdcConnectionTest.java Wed Apr 24 10:42:25 2013 @@ -20,6 +20,7 @@ package org.apache.directory.kerberos.client; +import static org.apache.directory.kerberos.client.ChangePasswordResultCode.KRB5_KPASSWD_SUCCESS; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertTrue; @@ -43,13 +44,11 @@ import org.apache.directory.server.proto import org.apache.directory.server.protocol.shared.transport.UdpTransport; import org.apache.directory.shared.kerberos.exceptions.KerberosException; import org.junit.Before; -import org.junit.Ignore; import org.junit.Test; import org.junit.runner.RunWith; -import static org.apache.directory.kerberos.client.ChangePasswordResultCode.*; @RunWith(FrameworkRunner.class) -@CreateDS(name = "KerberosTcpIT-class", enableChangeLog = false, +@CreateDS(name = "KdcConnectionTest-class", enableChangeLog = false, partitions = { @CreatePartition( @@ -146,21 +145,26 @@ public class KdcConnectionTest extends A private String serverPrincipal = "ldap/localhost@EXAMPLE.COM"; + @Before public void setup() throws Exception { + kdcServer.setSearchBaseDn( USERS_DN ); if ( session == null ) { - kdcServer.setSearchBaseDn( USERS_DN ); session = kdcServer.getDirectoryService().getAdminSession(); createPrincipal( "will", userPassword, principalName ); } if ( conn == null ) { - conn = KdcConnection.createTcpConnection( "localhost", kdcServer.getTcpPort() ); - conn.setEncryptionTypes( kdcServer.getConfig().getEncryptionTypes() ); - conn.setTimeout( Integer.MAX_VALUE ); + KdcConfig config = KdcConfig.getDefaultConfig(); + config.setUseUdp( false ); + config.setKdcPort( kdcServer.getTcpPort() ); + config.setPasswdPort( kdcServer.getChangePwdServer().getTcpPort() ); + config.setEncryptionTypes( kdcServer.getConfig().getEncryptionTypes() ); + config.setTimeout( Integer.MAX_VALUE ); + conn = new KdcConnection( config ); } } @@ -177,9 +181,11 @@ public class KdcConnectionTest extends A @Test public void testGettingInitialTicketUdp() throws Exception { - KdcConnection udpConn = KdcConnection.createUdpConnection( "localhost", getUdpPort() ); - udpConn.setEncryptionTypes( kdcServer.getConfig().getEncryptionTypes() ); - udpConn.setTimeout( Integer.MAX_VALUE ); + KdcConfig config = new KdcConfig(); + config.setKdcPort( getUdpPort() ); + config.setEncryptionTypes( kdcServer.getConfig().getEncryptionTypes() ); + config.setTimeout( Integer.MAX_VALUE ); + KdcConnection udpConn = new KdcConnection( config ); TgTicket tgt = udpConn.getTgt( principalName, userPassword ); assertNotNull( tgt ); @@ -210,19 +216,21 @@ public class KdcConnectionTest extends A @Test - @Ignore("Failing with NPE in public ChangePasswdErrorType getResultCode()") public void testChangePassword() throws Exception { + String uid = "kayyagari"; + String principal = uid + "@EXAMPLE.COM"; + createPrincipal( uid, userPassword, principal ); + String newPassword = "newPassword"; - int port = kdcServer.getChangePwdServer().getTcpPort(); - ChangePasswordResult result = conn.changePassword( principalName, userPassword, newPassword, "localhost", port, false, false ); + ChangePasswordResult result = conn.changePassword( principal, userPassword, newPassword ); assertNotNull( result ); assertTrue( KRB5_KPASSWD_SUCCESS.getVal() == result.getCode().getVal() ); try { - conn.getTgt( principalName, userPassword ); + conn.getTgt( principal, userPassword ); fail( "should fail with kerberos exception cause of invalid password" ); } catch( KerberosException e ) @@ -230,7 +238,7 @@ public class KdcConnectionTest extends A e.printStackTrace(); } - TgTicket tgt = conn.getTgt( principalName, newPassword ); + TgTicket tgt = conn.getTgt( principal, newPassword ); assertNotNull( tgt ); }