directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From elecha...@apache.org
Subject svn commit: r1520988 - in /directory/apacheds/trunk: kerberos-client/src/main/java/org/apache/directory/kerberos/client/ kerberos-client/src/main/java/org/apache/directory/kerberos/credentials/ kerberos-client/src/main/java/org/apache/directory/kerbero...
Date Mon, 09 Sep 2013 08:12:25 GMT
Author: elecharny
Date: Mon Sep  9 08:12:25 2013
New Revision: 1520988

URL: http://svn.apache.org/r1520988
Log:
Applied patch from DIRSERVER-1889

Added:
    directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/client/Kinit.java
    directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/credentials/
    directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/credentials/cache/
    directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/credentials/cache/CacheInputStream.java
    directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/credentials/cache/CacheOutputStream.java
    directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/credentials/cache/Credentials.java
    directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/credentials/cache/CredentialsCache.java
    directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/credentials/cache/CredentialsCacheConstants.java
    directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/credentials/cache/SampleCredentialsCacheResource.java
    directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/credentials/cache/Tag.java
    directory/apacheds/trunk/kerberos-client/src/test/java/org/apache/directory/kerberos/client/CredentialsCacheTest.java
Modified:
    directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/client/AbstractTicket.java
    directory/apacheds/trunk/kerberos-client/src/test/java/org/apache/directory/kerberos/client/KdcConnectionTest.java
    directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/components/PrincipalName.java

Modified: directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/client/AbstractTicket.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/client/AbstractTicket.java?rev=1520988&r1=1520987&r2=1520988&view=diff
==============================================================================
--- directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/client/AbstractTicket.java (original)
+++ directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/client/AbstractTicket.java Mon Sep  9 08:12:25 2013
@@ -42,7 +42,12 @@ public abstract class AbstractTicket
     }
 
 
-    /*default protected*/ Ticket getTicket()
+    public EncKdcRepPart getEncKdcRepPart()
+    {
+    	return this.encKdcRepPart;
+    }
+    
+    public Ticket getTicket()
     {
         return ticket;
     }

Added: directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/client/Kinit.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/client/Kinit.java?rev=1520988&view=auto
==============================================================================
--- directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/client/Kinit.java (added)
+++ directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/client/Kinit.java Mon Sep  9 08:12:25 2013
@@ -0,0 +1,66 @@
+package org.apache.directory.kerberos.client;
+
+import java.io.File;
+
+import org.apache.directory.kerberos.credentials.cache.Credentials;
+import org.apache.directory.kerberos.credentials.cache.CredentialsCache;
+import org.apache.directory.shared.kerberos.codec.types.PrincipalNameType;
+import org.apache.directory.shared.kerberos.components.PrincipalName;
+
+/**
+ * Authenticates to the Kerberos server and gets the initial Ticket Granting Ticket,
+ * then cache the tgt in credentials cache, as MIT kinit does.
+ * 
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public class Kinit
+{
+	
+	private KdcConnection kdc;
+	private File credCacheFile;
+	
+	public Kinit( KdcConnection kdc )
+	{
+		this.kdc = kdc;
+	}
+	
+	public void setCredCacheFile( File credCacheFile )
+	{
+		this.credCacheFile = credCacheFile;
+	}
+	
+	public File getCredCacheFile()
+	{
+		return this.credCacheFile;
+	}
+	
+    /**
+     * Authenticates to the Kerberos server and gets the initial Ticket Granting Ticket,
+     * then cache the tgt in credentials cache, as MIT kinit does.
+     * 
+     * @param principal the client's principal 
+     * @param password password of the client
+     * @return
+     * @throws Exception
+     */
+    public void kinit( String principal, String password ) throws Exception
+    {
+    	if ( principal == null || password == null || credCacheFile == null )
+    	{
+    		throw new IllegalArgumentException( "Invalid principal, password, or credentials cache file" );
+    	}
+    	
+    	TgTicket tgt = kdc.getTgt( principal, password );
+    	
+    	CredentialsCache credCache = new CredentialsCache();
+    	
+    	PrincipalName princ = new PrincipalName( principal, PrincipalNameType.KRB_NT_PRINCIPAL );
+    	princ.setRealm( tgt.getRealm() );
+    	credCache.setPrimaryPrincipalName( princ );
+    	
+    	Credentials cred = new Credentials( tgt );
+    	credCache.addCredentials( cred );
+    	
+    	CredentialsCache.store( credCacheFile, credCache );
+    }    
+}

Added: directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/credentials/cache/CacheInputStream.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/credentials/cache/CacheInputStream.java?rev=1520988&view=auto
==============================================================================
--- directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/credentials/cache/CacheInputStream.java (added)
+++ directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/credentials/cache/CacheInputStream.java Mon Sep  9 08:12:25 2013
@@ -0,0 +1,378 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.directory.kerberos.credentials.cache;
+
+import java.io.DataInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.directory.server.kerberos.protocol.codec.KerberosDecoder;
+import org.apache.directory.shared.kerberos.KerberosTime;
+import org.apache.directory.shared.kerberos.codec.types.AuthorizationType;
+import org.apache.directory.shared.kerberos.codec.types.EncryptionType;
+import org.apache.directory.shared.kerberos.codec.types.HostAddrType;
+import org.apache.directory.shared.kerberos.components.AuthorizationData;
+import org.apache.directory.shared.kerberos.components.AuthorizationDataEntry;
+import org.apache.directory.shared.kerberos.components.EncryptionKey;
+import org.apache.directory.shared.kerberos.components.HostAddress;
+import org.apache.directory.shared.kerberos.components.HostAddresses;
+import org.apache.directory.shared.kerberos.components.PrincipalName;
+import org.apache.directory.shared.kerberos.flags.TicketFlags;
+
+/**
+ * Reading credentials cache according to FCC format by reference the following
+ * https://www.gnu.org/software/shishi/manual/html_node/The-Credential-Cache-Binary-File-Format.html
+ * 
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public class CacheInputStream extends DataInputStream
+{	
+	public CacheInputStream( InputStream in )
+	{
+        super( in );
+    }
+
+    public void read(CredentialsCache cache) throws IOException 
+    {   
+    	int version;
+    	List<Tag> tags;
+    	PrincipalName principal;
+    	Credentials cred; 
+    	
+        version = readVersion();
+        cache.setVersion( version );
+        
+        if ( version == CredentialsCacheConstants.FCC_FVNO_4 )
+        {
+            tags = readTag();
+        } 
+        else
+        {
+            tags = null;
+        }
+        cache.setTags( tags );
+        
+        principal = readPrincipal( version );
+        cache.setPrimaryPrincipalName( principal );
+        
+        while ( available() > 0 )
+        {
+            cred = readCredentials( version );
+            if (cred != null)
+            {
+                cache.addCredentials( cred );
+            }
+        }
+    }
+    
+    private int readVersion() throws IOException
+    {
+        int result = readShort();
+        return result;
+    }
+    
+    private List<Tag> readTag() throws IOException
+    {
+    	int len;
+    	int tag;
+    	int taglen;
+    	int time;
+    	int usec;
+
+    	len = readShort();
+    	List<Tag> tags = new ArrayList<Tag>();
+    	
+    	while (len > 0)
+    	{
+    		tag = readShort();
+    		taglen = readShort();
+    		switch (tag)
+    		{
+    			case CredentialsCacheConstants.FCC_TAG_DELTATIME:
+    				time = readInt();
+    				usec = readInt();
+    				tags.add(new Tag(tag, time, usec));
+    				break;
+    			default:
+    				read( new byte[taglen], 0, taglen ); // ignore unknown tag
+    		}
+    		len = len - (4 + taglen);
+    	}
+    	
+    	return tags;
+    }
+    
+    private PrincipalName readPrincipal( int version ) throws IOException 
+    {
+        int type, length;
+        PrincipalName pname;
+
+        if (version == CredentialsCacheConstants.FCC_FVNO_1)
+        {
+            type = CredentialsCacheConstants.NT_UNKNOWN;
+        }
+        else
+        {
+            type = readInt();
+        }
+        length = readInt();
+        
+        if (version == CredentialsCacheConstants.FCC_FVNO_1)
+        {
+            length--;
+        }
+        
+        String realm = readCountedString();
+        
+        String[] result = new String[length];
+        for ( int i = 0; i < length; i++ )
+        {
+        	result[i] = readCountedString();
+        }
+ 
+        pname = new PrincipalName(result, type);
+        if ( isRealm( realm ) )
+        {
+        	pname.setRealm( realm );
+        }
+
+        return pname;
+    }
+
+    private String readCountedString() throws IOException {
+        int namelength = readInt();
+        if ( namelength > CredentialsCacheConstants.MAXNAMELENGTH )
+        {
+            throw new IOException("Invalid name length in principal name.");
+        }
+        byte[] bytes = new byte[namelength];
+        read( bytes, 0, bytes.length );
+        
+        return new String( bytes );
+    }
+    
+    /*
+	 * Domain style realm names MUST look like domain names: they consist of
+     * components separated by periods (.) and they contain neither colons
+     * (:) nor slashes (/). When establishing a new realm name based on an 
+     * internet domain name it is recommended by convention that the characters 
+     * be converted to uppercase.
+     */
+    private static boolean isRealm( String str )
+    {
+    	char chr;
+    	for ( int i = 0; i < str.length(); i++ )
+    	{
+    		chr = str.charAt(i);
+    		if ( chr != '.' && chr >= 'a' )
+    		{
+    			return false;
+    		}
+    	}
+    	
+    	return true;
+    }
+    
+    private EncryptionKey readKey(int version) throws IOException
+    {
+        int keyType, keyLen;
+        keyType = readShort();
+        if ( version == CredentialsCacheConstants.FCC_FVNO_3 )
+            readShort();
+        // It's not correct with "uint16_t keylen", instead "uint32_t keylen" in keyblock 
+        keyLen = readInt();
+        byte[] bytes = new byte[keyLen];
+        read( bytes, 0, bytes.length );
+        
+        return new EncryptionKey( EncryptionType.getTypeByValue( keyType ), bytes );
+    }
+
+    private KerberosTime[] readKerberosTimes() throws IOException
+    {
+    	long[] times = readTimes();
+    	KerberosTime[] results = new KerberosTime[times.length];
+    	KerberosTime ktime;
+    	for ( int i = 0; i < times.length; ++i ) 
+    	{
+    		ktime = times[i] == 0 ? null : new KerberosTime( times[i] );
+    		results[i] = ktime;
+    	}
+    	
+    	return results;
+    }
+    
+    private long[] readTimes() throws IOException
+    {
+        long[] times = new long[4];
+        times[0] = (long)readInt() * 1000;
+        times[1] = (long)readInt() * 1000;
+        times[2] = (long)readInt() * 1000;
+        times[3] = (long)readInt() * 1000;
+        return times;
+    }
+
+    private boolean readskey() throws IOException
+    {
+        if ( read() == 0 )
+        {
+            return false;
+        }
+        
+        return true;
+    }
+
+    private HostAddress[] readAddr() throws IOException
+    {
+        int numAddrs, addrType, addrLength;
+        numAddrs = readInt();
+        if ( numAddrs > 0 )
+        {
+            HostAddress[] addrs = new HostAddress[numAddrs];
+            for ( int i = 0; i < numAddrs; i++ )
+            {
+                addrType = readShort();
+                addrLength = readInt();
+                if ( !( addrLength == 4 || addrLength == 16 ) )
+                {
+                    return null;
+                }
+                byte[] result = new byte[addrLength];
+                for (int j = 0; j < addrLength; j++)
+                {
+                    result[j] = (byte)readByte();
+                }
+                addrs[i] = new HostAddress( HostAddrType.getTypeByOrdinal( addrType ), result );
+            }
+            return addrs;
+        }
+        
+        return null;
+    }
+
+    private AuthorizationDataEntry[] readAuth() throws IOException
+    {
+        int num, adtype, adlength;
+        num = readInt();
+        if ( num > 0 )
+        {
+            AuthorizationDataEntry[] auData = new AuthorizationDataEntry[num];
+            byte[] data = null;
+            for (int i = 0; i < num; i++)
+            {
+                adtype = readShort();
+                adlength = readInt();
+                data = new byte[adlength];
+                read( data, 0, data.length );
+                auData[i] = new AuthorizationDataEntry( AuthorizationType.getTypeByValue( adtype ), data );
+            }
+            return auData;
+        }
+        
+        return null;
+    }
+
+    private byte[] readData() throws IOException
+    {
+        int length;
+        length = readInt();
+        if ( length == 0 )
+        {
+            return null;
+        }
+        else 
+        {
+            byte[] bytes = new byte[length];
+            read( bytes, 0, length );
+            return bytes;
+        }
+    }
+
+    private int readFlags() throws IOException
+    {
+        int ticketFlags;
+        ticketFlags = readInt();
+        return ticketFlags;
+    }
+
+    private Credentials readCredentials( int version ) throws IOException
+    {
+        PrincipalName cpname = readPrincipal(version);
+        PrincipalName spname = readPrincipal(version);
+        
+        if ( cpname == null || spname == null )
+        {
+        	throw new IOException("Invalid client principal name or service principal name");
+        }
+        
+        EncryptionKey key = readKey(version);
+
+        KerberosTime[] times = readKerberosTimes();
+        KerberosTime authtime = times[0];
+        KerberosTime starttime = times[1];
+        KerberosTime endtime = times[2];
+        KerberosTime renewTill = times[3];
+        
+        boolean skey = readskey();
+        
+        int flags = readFlags();
+        TicketFlags tFlags = new TicketFlags(flags);
+        HostAddress addr[] = readAddr();
+        HostAddresses addrs = null;
+        if (addr != null)
+        {
+            addrs = new HostAddresses(addr);
+        }
+        
+        AuthorizationDataEntry[] auDataEntries = readAuth();
+        AuthorizationData auData = null;
+        if (auDataEntries != null)
+        {
+        	auData = new AuthorizationData();
+        	for (AuthorizationDataEntry ade : auDataEntries)
+        	{
+        		auData.addEntry(ade);
+        	}
+        }
+        
+        byte[] ticketData = readData();
+        byte[] ticketData2 = readData();
+
+        if ( version != CredentialsCacheConstants.FCC_FVNO_1 && 
+        		spname.getNameType().getValue() == CredentialsCacheConstants.NT_UNKNOWN )
+        {
+        	// skip krb5_ccache_conf_data/fast_avail/krbtgt/REALM@REALM in MIT KRB5
+        	return null; 
+        }
+        
+        try 
+        {
+            return new Credentials(cpname, spname, key, authtime, starttime,
+                endtime, renewTill, skey, tFlags, addrs, auData,
+                ticketData != null ? KerberosDecoder.decodeTicket( ticketData ) : null,
+                ticketData2 != null ? KerberosDecoder.decodeTicket( ticketData2 ) : null);
+        }
+        catch (Exception e)
+        {
+            return null;
+        }
+    }
+}

Added: directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/credentials/cache/CacheOutputStream.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/credentials/cache/CacheOutputStream.java?rev=1520988&view=auto
==============================================================================
--- directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/credentials/cache/CacheOutputStream.java (added)
+++ directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/credentials/cache/CacheOutputStream.java Mon Sep  9 08:12:25 2013
@@ -0,0 +1,252 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.directory.kerberos.credentials.cache;
+
+import java.io.DataOutputStream;
+import java.io.IOException;
+import java.io.OutputStream;
+import java.util.List;
+
+import org.apache.directory.server.kerberos.protocol.codec.KerberosEncoder;
+import org.apache.directory.shared.kerberos.KerberosTime;
+import org.apache.directory.shared.kerberos.components.AuthorizationData;
+import org.apache.directory.shared.kerberos.components.AuthorizationDataEntry;
+import org.apache.directory.shared.kerberos.components.EncryptionKey;
+import org.apache.directory.shared.kerberos.components.HostAddress;
+import org.apache.directory.shared.kerberos.components.HostAddresses;
+import org.apache.directory.shared.kerberos.components.PrincipalName;
+import org.apache.directory.shared.kerberos.messages.Ticket;
+
+/**
+ * Writing credentials cache according to FCC format by reference the following
+ * https://www.gnu.org/software/shishi/manual/html_node/The-Credential-Cache-Binary-File-Format.html
+ * 
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public class CacheOutputStream extends DataOutputStream
+{
+	
+	public CacheOutputStream( OutputStream out )
+	{
+        super( out );
+    }
+
+    public void write( CredentialsCache credCache ) throws IOException 
+    {   
+    	/**
+    	 * Currently we always write using this version to limit the test effort.
+    	 * This version seems to be the easiest to be compatible with MIT tools.
+    	 * In future we might allow to specify the format version to write if necessary. 
+    	 */
+    	int writeVersion = CredentialsCacheConstants.FCC_FVNO_3;
+    	
+        writeVersion( writeVersion );
+        
+        if ( writeVersion == CredentialsCacheConstants.FCC_FVNO_4 )
+        {
+        	writeTags( credCache.getTags() );
+        }
+        
+        writePrincipal( credCache.getPrimaryPrincipalName(), writeVersion );
+
+        List<Credentials> credentialsList = credCache.getCredsList();
+        if ( credentialsList != null )
+        {
+            for ( Credentials cred : credentialsList )
+            {
+                writeCredentials( cred, writeVersion );
+            }
+        }
+    }
+
+    private void writeVersion( int version ) throws IOException 
+    {
+        writeShort( version );        
+    }
+
+    private void writeTags( List<Tag> tags ) throws IOException 
+    {
+    	int length = 0;
+    	if ( tags != null )
+    	{
+    		for ( Tag tag : tags ) 
+    		{
+    			if ( tag.tag != CredentialsCacheConstants.FCC_TAG_DELTATIME ) 
+    			{
+    				continue;
+    			}
+    			length += tag.length;
+    		}
+    	}
+    	
+    	writeShort( length );
+    	
+    	if ( tags != null )
+    	{
+    		for ( Tag tag : tags ) 
+    		{
+    			if ( tag.tag != CredentialsCacheConstants.FCC_TAG_DELTATIME ) 
+    			{
+    				continue;
+    			}
+    			writeTag( tag );
+    		}
+    	}
+    }
+    
+    private void writeTag( Tag tag ) throws IOException
+    {
+        writeShort( tag.tag );
+        writeShort( tag.length );
+        writeInt( tag.time );
+        writeInt( tag.usec );
+    }
+    
+    private void writePrincipal( PrincipalName pname, int version ) throws IOException
+    {
+        int num = pname.getNames().size();
+        
+    	if ( version != CredentialsCacheConstants.FCC_FVNO_1 )
+        {
+        	writeInt( pname.getNameType().getValue() );
+        }
+    	else
+    	{
+        	num++;
+        }
+        
+        writeInt( num );
+        
+        if ( pname.getRealm() != null) 
+        {
+            byte[] realmBytes = null;
+            realmBytes = pname.getRealm().getBytes();
+            writeInt( realmBytes.length );
+            write( realmBytes );
+        }
+        else
+        {
+        	writeInt( 0 );
+        }
+        
+        byte[] bytes = null;
+        for ( int i = 0; i < pname.getNames().size(); i++ )
+        {
+            bytes = pname.getNames().get( i ).getBytes();
+            writeInt( bytes.length );
+            write( bytes );
+        }
+    }
+    
+    private void writeCredentials( Credentials creds, int version ) throws IOException
+    {
+        writePrincipal( creds.getClientName(), version );
+        writePrincipal( creds.getServerName(), version );
+        writeKey( creds.getKey(), version );
+
+        writeKerberosTime( creds.getAuthTime() );
+        writeKerberosTime( creds.getStartTime() );
+        writeKerberosTime( creds.getEndTime() );
+        writeKerberosTime( creds.getRenewTill() );
+        
+        writeByte( creds.isEncInSKey() ? 1 : 0);
+        
+        writeInt( creds.getFlags().getIntValue() );
+        
+        writeAddrs( creds.getClientAddresses() );
+        writeAuth( creds.getAuthzData() );
+        
+        writeTicket( creds.getTicket() );
+        writeTicket( creds.getSecondTicket() );
+    }
+
+    private void writeKerberosTime( KerberosTime ktime) throws IOException
+    {
+    	int time = 0;
+    	if (ktime != null)
+    	{
+    		time = (int) ( ktime.getTime() / 1000 );
+    	}
+    	writeInt( time );
+    }
+    
+    private void writeKey( EncryptionKey key, int version ) throws IOException 
+    {
+    	writeShort( key.getKeyType().getValue());
+    	if ( version == CredentialsCacheConstants.FCC_FVNO_3 )
+    	{
+    		writeShort( key.getKeyType().getValue() );
+    	}
+    	// It's not correct with "uint16_t keylen", instead "uint32_t keylen" in keyblock    	
+    	writeInt( key.getKeyValue().length );
+    	write( key.getKeyValue() );
+    }
+    
+    private void writeAddrs( HostAddresses addresses ) throws IOException 
+    {
+    	if (addresses == null)
+    	{
+    		writeInt( 0 );
+    	}
+    	else
+    	{
+    		HostAddress[] addrs = addresses.getAddresses();
+    		write( addrs.length );
+    		for ( int i = 0; i < addrs.length; i++ )
+    		{
+    			write( addrs[i].getAddrType().getValue() );
+    			write( addrs[i].getAddress().length );
+    			write( addrs[i].getAddress(), 0,
+    					addrs[i].getAddress().length );
+    		}
+    	}
+    }
+    
+    private void writeAuth( AuthorizationData authData ) throws IOException 
+    {
+    	if ( authData == null )
+    	{
+    		writeInt( 0 );
+    	}
+    	else
+    	{
+    		for (AuthorizationDataEntry ade : authData.getAuthorizationData())
+    		{
+    			write(ade.getAdType().getValue());
+    			write(ade.getAdData().length);
+    			write(ade.getAdData());
+    		}
+    	}
+    }
+    
+    private void writeTicket( Ticket t ) throws IOException 
+    {
+        if (t == null)
+        {
+            writeInt( 0 );
+        }
+        else
+        {
+            byte[] bytes = KerberosEncoder.encode(t, false).array();
+            writeInt( bytes.length );
+            write( bytes );
+        }
+    }
+}

Added: directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/credentials/cache/Credentials.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/credentials/cache/Credentials.java?rev=1520988&view=auto
==============================================================================
--- directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/credentials/cache/Credentials.java (added)
+++ directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/credentials/cache/Credentials.java Mon Sep  9 08:12:25 2013
@@ -0,0 +1,216 @@
+
+package org.apache.directory.kerberos.credentials.cache;
+
+import java.text.ParseException;
+
+import org.apache.directory.kerberos.client.AbstractTicket;
+import org.apache.directory.kerberos.client.TgTicket;
+import org.apache.directory.shared.kerberos.KerberosTime;
+import org.apache.directory.shared.kerberos.codec.types.PrincipalNameType;
+import org.apache.directory.shared.kerberos.components.AuthorizationData;
+import org.apache.directory.shared.kerberos.components.EncKdcRepPart;
+import org.apache.directory.shared.kerberos.components.EncryptionKey;
+import org.apache.directory.shared.kerberos.components.HostAddresses;
+import org.apache.directory.shared.kerberos.components.PrincipalName;
+import org.apache.directory.shared.kerberos.flags.TicketFlags;
+import org.apache.directory.shared.kerberos.messages.Ticket;
+
+/**
+ * Looks like KrbCredInfo can be used here, however it's not enough for this
+ * 
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public class Credentials
+{
+
+    private PrincipalName clientName;
+    private String clientRealm;
+    private PrincipalName serverName;
+    private String serverRealm;
+    private EncryptionKey key;
+    private KerberosTime authTime;
+    private KerberosTime startTime;
+    private KerberosTime endTime;
+    private KerberosTime renewTill;
+    private HostAddresses clientAddresses;
+    private AuthorizationData authzData;
+    private boolean isEncInSKey;
+    private TicketFlags flags;
+    private Ticket ticket;
+    private Ticket secondTicket;
+    
+    public Credentials(
+            PrincipalName cname,
+            PrincipalName sname,
+            EncryptionKey ekey,
+            KerberosTime authtime,
+            KerberosTime starttime,
+            KerberosTime endtime,
+            KerberosTime renewTill,
+            boolean isEncInSKey,
+            TicketFlags flags,
+            HostAddresses caddr,
+            AuthorizationData authData,
+            Ticket ticket,
+            Ticket secondTicket)
+    {
+        this.clientName = (PrincipalName) cname;
+
+        if (cname.getRealm() != null)
+        {
+            clientRealm = cname.getRealm();
+        }
+
+        this.serverName = (PrincipalName) sname;
+
+        if (sname.getRealm() != null)
+        {
+            serverRealm = sname.getRealm();
+        }
+
+        this.key = ekey;
+
+        this.authTime = authtime;
+        this.startTime = starttime;
+        this.endTime = endtime;
+        this.renewTill = renewTill;
+        this.clientAddresses = caddr;
+        this.authzData = authData;
+        this.isEncInSKey = isEncInSKey;
+        this.flags = flags;
+        this.ticket = ticket;
+        this.secondTicket = secondTicket;
+    }
+
+    public Credentials( TgTicket tgt )
+    {
+    	PrincipalName clientPrincipal = null;
+    	try {
+			clientPrincipal = new PrincipalName( tgt.getClientName(), 
+					PrincipalNameType.KRB_NT_PRINCIPAL );
+		} catch (ParseException e) {
+			throw new RuntimeException( "Invalid tgt with bad client name" );
+		}
+    	
+    	clientPrincipal.setRealm( tgt.getRealm() );
+    	
+    	init( tgt, clientPrincipal );
+    }
+    
+    public Credentials( AbstractTicket tkt, PrincipalName clientPrincipal ) 
+    {
+    	init( tkt, clientPrincipal );
+    }
+    
+    private void init( AbstractTicket tkt, PrincipalName clientPrincipal )
+    {
+    	EncKdcRepPart kdcRepPart = tkt.getEncKdcRepPart();
+    	
+        this.serverName = kdcRepPart.getSName();
+        this.serverRealm = kdcRepPart.getSRealm();
+        this.serverName.setRealm(serverRealm);
+
+        this.clientName = clientPrincipal;
+        
+        this.key = kdcRepPart.getKey();
+        this.authTime = kdcRepPart.getAuthTime();
+        this.startTime = kdcRepPart.getStartTime();
+        this.endTime = kdcRepPart.getEndTime();
+
+        this.renewTill = kdcRepPart.getRenewTill();
+
+        this.flags = kdcRepPart.getFlags();
+        this.clientAddresses = kdcRepPart.getClientAddresses();
+
+        this.ticket = tkt.getTicket();
+        
+        this.isEncInSKey = false;
+        
+        this.secondTicket = null;
+    }
+
+    public PrincipalName getServicePrincipal()
+    {
+        return serverName;
+    }
+
+    public KerberosTime getAuthTime()
+    {
+        return authTime;
+    }
+
+    public KerberosTime getEndTime()
+    {
+        return endTime;
+    }
+
+    public TicketFlags getTicketFlags()
+    {
+        return flags;
+    }
+
+    public int getEType()
+    {
+        return key.getKeyType().getValue();
+    }
+
+	public PrincipalName getClientName()
+	{
+		return clientName;
+	}
+
+	public PrincipalName getServerName()
+	{
+		return serverName;
+	}
+	
+	public String getClientRealm()
+	{
+		return clientRealm;
+	}
+
+	public EncryptionKey getKey()
+	{
+		return key;
+	}
+
+	public KerberosTime getStartTime()
+	{
+		return startTime;
+	}
+
+	public KerberosTime getRenewTill()
+	{
+		return renewTill;
+	}
+
+	public HostAddresses getClientAddresses()
+	{
+		return clientAddresses;
+	}
+
+	public AuthorizationData getAuthzData()
+	{
+		return authzData;
+	}
+
+	public boolean isEncInSKey()
+	{
+		return isEncInSKey;
+	}
+
+	public TicketFlags getFlags()
+	{
+		return flags;
+	}
+
+	public Ticket getTicket()
+	{
+		return ticket;
+	}
+	
+	public Ticket getSecondTicket()
+	{
+		return secondTicket;
+	}
+}

Added: directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/credentials/cache/CredentialsCache.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/credentials/cache/CredentialsCache.java?rev=1520988&view=auto
==============================================================================
--- directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/credentials/cache/CredentialsCache.java (added)
+++ directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/credentials/cache/CredentialsCache.java Mon Sep  9 08:12:25 2013
@@ -0,0 +1,142 @@
+package org.apache.directory.kerberos.credentials.cache;
+
+import java.io.ByteArrayInputStream;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.directory.shared.kerberos.components.PrincipalName;
+
+/**
+ * Kerberos credentials cache in FCC format
+ * 
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public class CredentialsCache
+{	
+	private int version = CredentialsCacheConstants.FCC_FVNO_4;
+	private List<Tag> tags;
+	private PrincipalName primaryPrincipal;
+	private List<Credentials> credentialsList = new ArrayList<Credentials> ();
+	
+    public static CredentialsCache load( File cacheFile ) throws IOException 
+    {
+        return load(new FileInputStream( cacheFile ));
+    }
+    
+    public static CredentialsCache load( InputStream is ) throws IOException 
+    {
+        CacheInputStream cis = new CacheInputStream(is);
+        
+        CredentialsCache credCache = new CredentialsCache();
+        cis.read(credCache);
+        
+        cis.close();
+        
+        return credCache;
+    }
+    
+    public static void store( File fileName, CredentialsCache credCache ) throws IOException 
+    {
+        store( new FileOutputStream(fileName), credCache );
+    }
+    
+    public static void store( OutputStream os, CredentialsCache credCache ) throws IOException 
+    {
+        CacheOutputStream cos = new CacheOutputStream(os);
+        
+        cos.write( credCache );
+        
+        cos.close();
+    }
+    
+    public void addCredentials( Credentials cred )
+    {
+    	this.credentialsList.add( cred );
+    }
+    
+    public int getVersion()
+    {
+    	return this.version;
+    }
+    
+    public void setVersion( int version )
+    {
+    	this.version = version;
+    }
+    
+    /**
+     * Returns the primary principal
+     */
+    public PrincipalName getPrimaryPrincipalName() 
+    {
+    	return this.primaryPrincipal;
+    }
+    
+    /**
+     * Set the primary principal
+     */
+    public void setPrimaryPrincipalName( PrincipalName principal ) 
+    {
+    	this.primaryPrincipal = principal;
+    }
+    
+    public void setTags( List<Tag> tags )
+    {
+    	this.tags = tags;
+    }
+    
+    public List<Tag> getTags()
+    {
+    	return this.tags;
+    }
+    
+    /**
+     * Returns the credentials entries
+     */
+    public List<Credentials> getCredsList() 
+    {
+    	return this.credentialsList;
+    }
+
+    
+    public static void main(String[] args) throws IOException
+    {
+    	String dumpFile = File.createTempFile( "credCache-", ".cc" ).getAbsolutePath();
+    	System.out.println( "This tool tests CredentialsCache reading and writing, " + 
+				"and will load the built-in sample credentials cache by default, and dump to " + dumpFile );
+    	
+    	System.out.println( "To specify your own credentials cache file, run this as: CredentialsCache [cred-cache-file] " );
+    	
+    	System.out.println( "When dumped successfully, run 'klist -e -c' from MIT to check the dumped file" );
+    	
+    	CredentialsCache cc;
+    	String cacheFile = args.length > 0 ? args[0] : null;
+    	if (cacheFile == null)
+    	{    		
+    		byte[] sampleCache = SampleCredentialsCacheResource.getCacheContent();
+    		ByteArrayInputStream bais = new ByteArrayInputStream(sampleCache);
+    		cc = CredentialsCache.load(bais);
+    	} 
+    	else
+    	{
+    		cc = CredentialsCache.load( new File( cacheFile ) );
+    	}
+    	
+    	if ( cc != null )
+    	{
+    		System.out.println( "Reading credentials cache is successful" );
+    		
+    		File tmpCacheFile = new File(dumpFile);
+    		tmpCacheFile.delete();
+    		CredentialsCache.store(tmpCacheFile, cc);
+
+    		System.out.println( "Writing credentials cache successfully to: " + dumpFile );
+    	}
+    }
+}

Added: directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/credentials/cache/CredentialsCacheConstants.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/credentials/cache/CredentialsCacheConstants.java?rev=1520988&view=auto
==============================================================================
--- directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/credentials/cache/CredentialsCacheConstants.java (added)
+++ directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/credentials/cache/CredentialsCacheConstants.java Mon Sep  9 08:12:25 2013
@@ -0,0 +1,35 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.directory.kerberos.credentials.cache;
+
+/**
+ * 
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public interface CredentialsCacheConstants
+{
+    public static final int FCC_FVNO_1 = 0x501;
+    public static final int FCC_FVNO_2 = 0x502;
+    public static final int FCC_FVNO_3 = 0x503;
+    public static final int FCC_FVNO_4 = 0x504;
+    public static final int FCC_TAG_DELTATIME = 1;
+    public static final int NT_UNKNOWN = 0;
+    public static final int MAXNAMELENGTH = 1024;
+}

Added: directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/credentials/cache/SampleCredentialsCacheResource.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/credentials/cache/SampleCredentialsCacheResource.java?rev=1520988&view=auto
==============================================================================
--- directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/credentials/cache/SampleCredentialsCacheResource.java (added)
+++ directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/credentials/cache/SampleCredentialsCacheResource.java Mon Sep  9 08:12:25 2013
@@ -0,0 +1,110 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.directory.kerberos.credentials.cache;
+
+
+import org.apache.directory.api.util.Base64;
+
+
+/**
+ * This is a sample credentials cache generated using MIT KRB5 kinit command.
+ * SAMPLE_CACHE_CONTENT is the content of the sample cache encoded in base64.
+ * It's not just for unit test, but also for development, so better to maintain it here,
+ * instead of just as resource file.
+ * 
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public class SampleCredentialsCacheResource
+{
+	/**
+	 * klist
+     * Ticket cache: FILE:/tmp/krb5cc_0
+     * Default principal: apacheds@SH.INTEL.COM
+     *
+     * Valid starting     Expires            Service principal
+     * 09/06/13 01:54:10  09/06/13 11:54:10  krbtgt/SH.INTEL.COM@SH.INTEL.COM
+	 * renew until 09/07/13 01:54:07
+     * 09/06/13 01:54:11  09/06/13 11:54:10  host/hadoop-nn.sh.intel.com@SH.INTEL.COM
+	 * renew until 09/07/13 01:54:07
+	 */
+	private static final String SAMPLE_CACHE_CONTENT = 
+			        "BQQADAABAAgAAAAAAAAAAAAAAAEAAAABAAAADFNILklOVEVMLkNPTQAAAAhhcGFjaGVkcwAAAAEA" +
+					"AAABAAAADFNILklOVEVMLkNPTQAAAAhhcGFjaGVkcwAAAAIAAAACAAAADFNILklOVEVMLkNPTQAA" +
+					"AAZrcmJ0Z3QAAAAMU0guSU5URUwuQ09NAAEAAAAI3H/4OE/NpCpSKGeiUihnolIo9EJSKbkfAEDh" +
+					"AAAAAAAAAAAAAAAAAUFhggE9MIIBOaADAgEFoQ4bDFNILklOVEVMLkNPTaIhMB+gAwIBAqEYMBYb" +
+					"BmtyYnRndBsMU0guSU5URUwuQ09No4H+MIH7oAMCARehAwIBAaKB7gSB6/v51fFhnp/E2uto2e9I" +
+					"9+RUk2grlKW9pYQUc4lAV602hdP6I80s1KU1rNtezbmf8plmxdZ48yogt0KwzAoGoFWCiZk4S1dR" +
+					"zzvl/TmNtk9q1gFuVycoP1EvScPYWhdTPAR4/t1Si1DKrYY19eegYmv6PfKoisdAADatLOjqJsVc" +
+					"Ntl/cUU4qUJfm181X1b+mguIdAX4jKzWbEc52pYQr8UIDl3TNT8OIzmQC0Wjn93ocOpKwOGsclbN" +
+					"OoxSfqpxvARjg+uE5HSm5tX7nUsccjhKMJ76Uy78CEULXkg6ySPYiim5wKVvgwxI7/AAAAAAAAAA" +
+					"AQAAAAEAAAAMU0guSU5URUwuQ09NAAAACGFwYWNoZWRzAAAAAAAAAAMAAAAMWC1DQUNIRUNPTkY6" +
+					"AAAAFWtyYjVfY2NhY2hlX2NvbmZfZGF0YQAAAApmYXN0X2F2YWlsAAAAIGtyYnRndC9TSC5JTlRF" +
+					"TC5DT01AU0guSU5URUwuQ09NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD" +
+					"eWVzAAAAAAAAAAEAAAABAAAADFNILklOVEVMLkNPTQAAAAhhcGFjaGVkcwAAAAMAAAACAAAADFNI" +
+					"LklOVEVMLkNPTQAAAARob3N0AAAAFmhhZG9vcC1ubi5zaC5pbnRlbC5jb20AAQAAAAgsx5ub9wI0" +
+					"01IoZ6JSKGemUij0QlIpuR8AQKkAAAAAAAAAAAAAAAABX2GCAVswggFXoAMCAQWhDhsMU0guSU5U" +
+					"RUwuQ09NoikwJ6ADAgEDoSAwHhsEaG9zdBsWaGFkb29wLW5uLnNoLmludGVsLmNvbaOCARMwggEP" +
+					"oAMCARehAwIBB6KCAQEEgf7Z6Xz1bYJ9uE4e2Buyrp2aflcqgVoh9YUVAZyIiqpsrMa71wMuZFUl" +
+					"FD+S58Q3T39pZ9vIfXENNoKje1Y5kyImPHC1D/eHIeUN9v5kmDPJP9U31di8dOi3TbHUQWWLbB6k" +
+					"+uQE25GAP2hQg0vm5WtU3Fjo0ysXQTMpe+FSwe9ca9V3soPSbDhmlEt8WjAY05iXD8Fe6o/aY/PJ" +
+					"nElmCwQayRT87vENJI9LeMVEzhIjxBmg124G4nGnjUCaf++G03kJ04mLFZDB9kS8sA7V8AT1IF00" +
+					"ehpt7c9KbUM1Iz/S3Ni5hq8IfdOTSWMjGdNIsUMhJmivYFzQ0PRBzSBxbAAAAAA=";
+	
+	private static final String SAMPLE_PRINCIPAL = "apacheds";
+	private static final String SAMPLE_REALM = "SH.INTEL.COM";
+	private static final String[] SAMPLE_SERVERS = new String[] {"krbtgt/SH.INTEL.COM", "host/hadoop-nn.sh.intel.com"};
+	
+	public static byte[] getCacheContent()
+	{
+		byte[] content = Base64.decode(SampleCredentialsCacheResource.SAMPLE_CACHE_CONTENT.toCharArray());
+		return content;
+	}
+	
+	/**
+	 * Get the primary principal name contained in the sample cache
+	 */
+	public static String getSamplePrincipal()
+	{
+		return SAMPLE_PRINCIPAL;
+	}
+	
+	/**
+	 * Get the realm contained in the sample cache
+	 */
+	public static String getSampleRealm()
+	{
+		return SAMPLE_REALM;
+	}
+	
+	/**
+	 * Get the servers in the tickets contained in the sample cache
+	 */
+	public static String[] getSampleServers()
+	{
+		return SAMPLE_SERVERS;
+	}
+
+	/**
+	 * Get the tickets count in the sample cache
+	 */
+	public static int getSampleTicketsCount() {
+		return 2;
+	}
+}

Added: directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/credentials/cache/Tag.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/credentials/cache/Tag.java?rev=1520988&view=auto
==============================================================================
--- directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/credentials/cache/Tag.java (added)
+++ directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/credentials/cache/Tag.java Mon Sep  9 08:12:25 2013
@@ -0,0 +1,21 @@
+package org.apache.directory.kerberos.credentials.cache;
+
+/**
+ * 
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public class Tag
+{
+    int tag = 0;
+    int tagLen = 8;
+    int time = 0;
+    int usec = 0;
+    int length = 2 + 2 + 8; // len(tag) + len(tagLen) + len(tagData);
+
+    public Tag(int tag, int time, int usec)
+    {
+        this.tag = tag;
+        this.time = time;
+        this.usec = usec;
+    }
+}

Added: directory/apacheds/trunk/kerberos-client/src/test/java/org/apache/directory/kerberos/client/CredentialsCacheTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-client/src/test/java/org/apache/directory/kerberos/client/CredentialsCacheTest.java?rev=1520988&view=auto
==============================================================================
--- directory/apacheds/trunk/kerberos-client/src/test/java/org/apache/directory/kerberos/client/CredentialsCacheTest.java (added)
+++ directory/apacheds/trunk/kerberos-client/src/test/java/org/apache/directory/kerberos/client/CredentialsCacheTest.java Mon Sep  9 08:12:25 2013
@@ -0,0 +1,75 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.directory.kerberos.client;
+
+
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+
+import java.io.ByteArrayInputStream;
+import java.util.HashSet;
+import java.util.Set;
+
+import org.apache.directory.kerberos.credentials.cache.Credentials;
+import org.apache.directory.kerberos.credentials.cache.CredentialsCache;
+import org.apache.directory.kerberos.credentials.cache.SampleCredentialsCacheResource;
+import org.apache.directory.shared.kerberos.components.PrincipalName;
+import org.junit.Test;
+
+/**
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public class CredentialsCacheTest
+{	
+    @Test
+    public void testReadMITCredCache()
+    {
+    	byte[] sampleCache = SampleCredentialsCacheResource.getCacheContent();
+    	ByteArrayInputStream bais = new ByteArrayInputStream(sampleCache);
+    	    	
+        try
+        {
+        	CredentialsCache cc = CredentialsCache.load(bais);
+        	
+            PrincipalName principal = cc.getPrimaryPrincipalName();
+            assertTrue( principal.getNameString().equals( SampleCredentialsCacheResource.getSamplePrincipal() ) );
+            assertTrue( principal.getRealm().equals( SampleCredentialsCacheResource.getSampleRealm() ) );
+            
+            assertTrue( cc.getCredsList().size() == SampleCredentialsCacheResource.getSampleTicketsCount() );
+            
+            Set<String> servers = new HashSet<String>();
+            for (String server : SampleCredentialsCacheResource.getSampleServers())
+            {
+            	servers.add( server );
+            }
+            
+            String tktServer;
+            for (Credentials cred : cc.getCredsList()) {
+            	tktServer = cred.getTicket().getSName().getNameString();
+            	assertTrue( servers.contains( tktServer ) );
+            }
+        }
+        catch ( Exception ike )
+        {
+            fail( "Testing failed due to " + ike.getMessage() );
+        }
+    }
+}

Modified: directory/apacheds/trunk/kerberos-client/src/test/java/org/apache/directory/kerberos/client/KdcConnectionTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-client/src/test/java/org/apache/directory/kerberos/client/KdcConnectionTest.java?rev=1520988&r1=1520987&r2=1520988&view=diff
==============================================================================
--- directory/apacheds/trunk/kerberos-client/src/test/java/org/apache/directory/kerberos/client/KdcConnectionTest.java (original)
+++ directory/apacheds/trunk/kerberos-client/src/test/java/org/apache/directory/kerberos/client/KdcConnectionTest.java Mon Sep  9 08:12:25 2013
@@ -26,9 +26,13 @@ import static org.junit.Assert.assertNot
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
 
+import java.io.File;
+
 import org.apache.directory.api.ldap.model.entry.DefaultEntry;
 import org.apache.directory.api.ldap.model.entry.Entry;
 import org.apache.directory.api.ldap.model.name.Dn;
+import org.apache.directory.kerberos.client.Kinit;
+import org.apache.directory.kerberos.credentials.cache.CredentialsCache;
 import org.apache.directory.server.annotations.CreateChngPwdServer;
 import org.apache.directory.server.annotations.CreateKdcServer;
 import org.apache.directory.server.annotations.CreateLdapServer;
@@ -221,6 +225,19 @@ public class KdcConnectionTest extends A
         assertNotNull( rep );
     }
     
+    @Test
+    public void testKinit() throws Exception
+    {
+    	File ccFile = File.createTempFile( "credCache-", ".cc" );
+    	Kinit kinit = new Kinit( conn );
+    	kinit.setCredCacheFile( ccFile );
+    	
+    	kinit.kinit(principalName, userPassword);
+    	System.out.println( "Kinit generated file " + ccFile.getAbsolutePath() );
+    	
+    	CredentialsCache credCache = CredentialsCache.load( ccFile );    	
+        assertNotNull( credCache );
+    }
     
     @Test
     public void testChangePassword() throws Exception

Modified: directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/components/PrincipalName.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/components/PrincipalName.java?rev=1520988&r1=1520987&r2=1520988&view=diff
==============================================================================
--- directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/components/PrincipalName.java (original)
+++ directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/components/PrincipalName.java Mon Sep  9 08:12:25 2013
@@ -166,6 +166,7 @@ public class PrincipalName extends Abstr
         try
         {
             nameString = KerberosUtils.getNames( principal );
+            realm = principal.getRealm();
         }
         catch ( ParseException pe )
         {
@@ -189,7 +190,32 @@ public class PrincipalName extends Abstr
         this.nameType = nameType;
     }
 
-
+    
+    /**
+     * Creates a new instance of PrincipalName given a String[] and an 
+     * principal type.
+     * 
+     * @param nameParts The name string, which can contains more than one nameComponent
+     * @param nameType The principal name type
+     */
+    public PrincipalName( String[] nameParts, int nameType )
+    {
+    	if ( nameParts == null || nameParts.length == 0 )
+    	{
+    		throw new IllegalArgumentException("Empty name parts");
+    	}
+    	
+    	List<String> nameComponents = new ArrayList<String>();
+    	for ( String np : nameParts )
+    	{
+    		nameComponents.add( np );
+    	}
+    	
+        this.nameString = nameComponents;
+        this.nameType = PrincipalNameType.getTypeByValue( nameType );;
+    }
+    
+    
     /**
      * Creates a new instance of PrincipalName.
      *
@@ -241,7 +267,24 @@ public class PrincipalName extends Abstr
         this.nameType = PrincipalNameType.getTypeByValue( nameType );
     }
 
-
+    /**
+     * Set the realm for the principal
+     * @param realm the realm of the principal
+     */
+    public void setRealm( String realm )
+    {
+    	this.realm = realm;
+    }
+    
+    /**
+     * Get the realm for the principal
+     * @return realm the realm of the principal
+     */
+    public String getRealm()
+    {
+    	return realm;
+    }
+    
     /**
      * Returns the name components.
      *
@@ -483,13 +526,20 @@ public class PrincipalName extends Abstr
                 sb.append( '\'' ).append( name ).append( '\'' );
             }
 
-            sb.append( "> }" );
+            sb.append( ">" );
         }
         else
         {
-            sb.append( " no name-string }" );
+            sb.append( " no name-string" );
         }
 
+        if ( realm != null )
+        {
+        	sb.append( "realm: " ).append( realm );
+        }
+        
+        sb.append( " }" );
+        
         return sb.toString();
     }
 



Mime
View raw message