directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dran...@apache.org
Subject [17/45] directory-kerberos git commit: DIRKRB-149 New layout structure with the new name "Apache Kerby"
Date Thu, 22 Jan 2015 21:47:56 GMT
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/pac/PacLogonInfo.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/pac/PacLogonInfo.java b/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/pac/PacLogonInfo.java
new file mode 100644
index 0000000..8b98753
--- /dev/null
+++ b/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/pac/PacLogonInfo.java
@@ -0,0 +1,322 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.codec.pac;
+
+import java.io.ByteArrayInputStream;
+import java.io.DataInputStream;
+import java.io.IOException;
+import java.util.Date;
+
+public class PacLogonInfo {
+
+    private Date logonTime;
+    private Date logoffTime;
+    private Date kickOffTime;
+    private Date pwdLastChangeTime;
+    private Date pwdCanChangeTime;
+    private Date pwdMustChangeTime;
+    private short logonCount;
+    private short badPasswordCount;
+    private String userName;
+    private String userDisplayName;
+    private String logonScript;
+    private String profilePath;
+    private String homeDirectory;
+    private String homeDrive;
+    private String serverName;
+    private String domainName;
+    private PacSid userSid;
+    private PacSid groupSid;
+    private PacSid[] groupSids;
+    private PacSid[] resourceGroupSids;
+    private PacSid[] extraSids;
+    private int userAccountControl;
+    private int userFlags;
+
+    public PacLogonInfo(byte[] data) throws IOException {
+        try {
+            PacDataInputStream pacStream = new PacDataInputStream(new DataInputStream(
+                    new ByteArrayInputStream(data)));
+
+            // Skip firsts
+            pacStream.skipBytes(20);
+
+            // Dates
+            logonTime = pacStream.readFiletime();
+            logoffTime = pacStream.readFiletime();
+            kickOffTime = pacStream.readFiletime();
+            pwdLastChangeTime = pacStream.readFiletime();
+            pwdCanChangeTime = pacStream.readFiletime();
+            pwdMustChangeTime = pacStream.readFiletime();
+
+            // User related strings as UnicodeStrings
+            PacUnicodeString userNameString = pacStream.readUnicodeString();
+            PacUnicodeString userDisplayNameString = pacStream.readUnicodeString();
+            PacUnicodeString logonScriptString = pacStream.readUnicodeString();
+            PacUnicodeString profilePathString = pacStream.readUnicodeString();
+            PacUnicodeString homeDirectoryString = pacStream.readUnicodeString();
+            PacUnicodeString homeDriveString = pacStream.readUnicodeString();
+
+            // Some counts
+            logonCount = pacStream.readShort();
+            badPasswordCount = pacStream.readShort();
+
+            // IDs for user
+            PacSid userId = pacStream.readId();
+            PacSid groupId = pacStream.readId();
+
+            // Groups information
+            int groupCount = pacStream.readInt();
+            int groupPointer = pacStream.readInt();
+
+            // User flags about PAC Logon Info content
+            userFlags = pacStream.readInt();
+            boolean hasExtraSids = (userFlags & PacConstants.LOGON_EXTRA_SIDS) == PacConstants.LOGON_EXTRA_SIDS;
+            boolean hasResourceGroups = (userFlags & PacConstants.LOGON_RESOURCE_GROUPS) == PacConstants.LOGON_RESOURCE_GROUPS;
+
+            // Skip some reserved fields (User Session Key)
+            pacStream.skipBytes(16);
+
+            // Server related strings as UnicodeStrings
+            PacUnicodeString serverNameString = pacStream.readUnicodeString();
+            PacUnicodeString domainNameString = pacStream.readUnicodeString();
+
+            // ID for domain (used with relative IDs to get SIDs)
+            int domainIdPointer = pacStream.readInt();
+
+            // Skip some reserved fields
+            pacStream.skipBytes(8);
+
+            userAccountControl = pacStream.readInt();
+
+            // Skip some reserved fields
+            pacStream.skipBytes(28);
+
+            // Extra SIDs information
+            int extraSidCount = pacStream.readInt();
+            int extraSidPointer = pacStream.readInt();
+
+            // ID for resource groups domain (used with IDs to get SIDs)
+            int resourceDomainIdPointer = pacStream.readInt();
+
+            // Resource groups information
+            int resourceGroupCount = pacStream.readInt();
+            int resourceGroupPointer = pacStream.readInt();
+
+            // User related strings
+            userName = userNameString.check(pacStream.readString());
+            userDisplayName = userDisplayNameString.check(pacStream.readString());
+            logonScript = logonScriptString.check(pacStream.readString());
+            profilePath = profilePathString.check(pacStream.readString());
+            homeDirectory = homeDirectoryString.check(pacStream.readString());
+            homeDrive = homeDriveString.check(pacStream.readString());
+
+            // Groups data
+            PacGroup[] groups = new PacGroup[0];
+            if(groupPointer != 0) {
+                int realGroupCount = pacStream.readInt();
+                if(realGroupCount != groupCount) {
+                    Object[] args = new Object[]{groupCount, realGroupCount};
+                    throw new IOException("pac.groups.invalid.size");
+                }
+                groups = new PacGroup[groupCount];
+                for(int i = 0; i < groupCount; i++) {
+                    pacStream.align(4);
+                    PacSid id = pacStream.readId();
+                    int attributes = pacStream.readInt();
+                    groups[i] = new PacGroup(id, attributes);
+                }
+            }
+
+            // Server related strings
+            serverName = serverNameString.check(pacStream.readString());
+            domainName = domainNameString.check(pacStream.readString());
+
+            // ID for domain (used with relative IDs to get SIDs)
+            PacSid domainId = null;
+            if(domainIdPointer != 0)
+                domainId = pacStream.readSid();
+
+            // Extra SIDs data
+            PacSidAttributes[] extraSidAtts = new PacSidAttributes[0];
+            if(hasExtraSids && extraSidPointer != 0) {
+                int realExtraSidCount = pacStream.readInt();
+                if(realExtraSidCount != extraSidCount) {
+                    Object[] args = new Object[]{extraSidCount, realExtraSidCount};
+                    throw new IOException("pac.extrasids.invalid.size");
+                }
+                extraSidAtts = new PacSidAttributes[extraSidCount];
+                int[] pointers = new int[extraSidCount];
+                int[] attributes = new int[extraSidCount];
+                for(int i = 0; i < extraSidCount; i++) {
+                    pointers[i] = pacStream.readInt();
+                    attributes[i] = pacStream.readInt();
+                }
+                for(int i = 0; i < extraSidCount; i++) {
+                    PacSid sid = (pointers[i] != 0) ? pacStream.readSid() : null;
+                    extraSidAtts[i] = new PacSidAttributes(sid, attributes[i]);
+                }
+            }
+
+            // ID for resource domain (used with relative IDs to get SIDs)
+            PacSid resourceDomainId = null;
+            if(resourceDomainIdPointer != 0)
+                resourceDomainId = pacStream.readSid();
+
+            // Resource groups data
+            PacGroup[] resourceGroups = new PacGroup[0];
+            if(hasResourceGroups && resourceGroupPointer != 0) {
+                int realResourceGroupCount = pacStream.readInt();
+                if(realResourceGroupCount != resourceGroupCount) {
+                    Object[] args = new Object[]{resourceGroupCount, realResourceGroupCount};
+                    throw new IOException("pac.resourcegroups.invalid.size");
+                }
+                resourceGroups = new PacGroup[resourceGroupCount];
+                for(int i = 0; i < resourceGroupCount; i++) {
+                    PacSid id = pacStream.readSid();
+                    int attributes = pacStream.readInt();
+                    resourceGroups[i] = new PacGroup(id, attributes);
+                }
+            }
+
+            // Extract Extra SIDs
+            extraSids = new PacSid[extraSidAtts.length];
+            for(int i = 0; i < extraSidAtts.length; i++) {
+                extraSids[i] = extraSidAtts[i].getId();
+            }
+
+            // Compute Resource Group IDs with Resource Domain ID to get SIDs
+            resourceGroupSids = new PacSid[resourceGroups.length];
+            for(int i = 0; i < resourceGroups.length; i++) {
+                resourceGroupSids[i] = PacSid.append(resourceDomainId, resourceGroups[i].getId());
+            }
+
+            // Compute User IDs with Domain ID to get User SIDs
+            // First extra is user if userId is empty
+            if(!userId.isEmpty() && !userId.isBlank()) {
+                userSid = PacSid.append(domainId, userId);
+            } else if(extraSids.length > 0) {
+                userSid = extraSids[0];
+            }
+            groupSid = PacSid.append(domainId, groupId);
+
+            // Compute Group IDs with Domain ID to get Group SIDs
+            groupSids = new PacSid[groups.length];
+            for(int i = 0; i < groups.length; i++) {
+                groupSids[i] = PacSid.append(domainId, groups[i].getId());
+            }
+        } catch(IOException e) {
+            throw new IOException("pac.logoninfo.malformed", e);
+        }
+    }
+
+    public Date getLogonTime() {
+        return logonTime;
+    }
+
+    public Date getLogoffTime() {
+        return logoffTime;
+    }
+
+    public Date getKickOffTime() {
+        return kickOffTime;
+    }
+
+    public Date getPwdLastChangeTime() {
+        return pwdLastChangeTime;
+    }
+
+    public Date getPwdCanChangeTime() {
+        return pwdCanChangeTime;
+    }
+
+    public Date getPwdMustChangeTime() {
+        return pwdMustChangeTime;
+    }
+
+    public short getLogonCount() {
+        return logonCount;
+    }
+
+    public short getBadPasswordCount() {
+        return badPasswordCount;
+    }
+
+    public String getUserName() {
+        return userName;
+    }
+
+    public String getUserDisplayName() {
+        return userDisplayName;
+    }
+
+    public String getLogonScript() {
+        return logonScript;
+    }
+
+    public String getProfilePath() {
+        return profilePath;
+    }
+
+    public String getHomeDirectory() {
+        return homeDirectory;
+    }
+
+    public String getHomeDrive() {
+        return homeDrive;
+    }
+
+    public String getServerName() {
+        return serverName;
+    }
+
+    public String getDomainName() {
+        return domainName;
+    }
+
+    public PacSid getUserSid() {
+        return userSid;
+    }
+
+    public PacSid getGroupSid() {
+        return groupSid;
+    }
+
+    public PacSid[] getGroupSids() {
+        return groupSids;
+    }
+
+    public PacSid[] getResourceGroupSids() {
+        return resourceGroupSids;
+    }
+
+    public PacSid[] getExtraSids() {
+        return extraSids;
+    }
+
+    public int getUserAccountControl() {
+        return userAccountControl;
+    }
+
+    public int getUserFlags() {
+        return userFlags;
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/pac/PacSid.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/pac/PacSid.java b/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/pac/PacSid.java
new file mode 100644
index 0000000..9a00e3b
--- /dev/null
+++ b/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/pac/PacSid.java
@@ -0,0 +1,130 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.codec.pac;
+
+import java.io.IOException;
+
+public class PacSid {
+
+    private static final String FORMAT = "%1$02x";
+
+    private byte revision;
+    private byte subCount;
+    private byte[] authority;
+    private byte[] subs;
+
+    public PacSid(byte[] bytes) throws IOException {
+        if(bytes.length < 8 || ((bytes.length - 8) % 4) != 0
+                || ((bytes.length - 8) / 4) != bytes[1])
+            throw new IOException("pac.sid.malformed.size");
+
+        this.revision = bytes[0];
+        this.subCount = bytes[1];
+        this.authority = new byte[6];
+        System.arraycopy(bytes, 2, this.authority, 0, 6);
+        this.subs = new byte[bytes.length - 8];
+        System.arraycopy(bytes, 8, this.subs, 0, bytes.length - 8);
+    }
+
+    public PacSid(PacSid sid) {
+        this.revision = sid.revision;
+        this.subCount = sid.subCount;
+        this.authority = new byte[6];
+        System.arraycopy(sid.authority, 0, this.authority, 0, 6);
+        this.subs = new byte[sid.subs.length];
+        System.arraycopy(sid.subs, 0, this.subs, 0, sid.subs.length);
+    }
+
+    public String toString() {
+        StringBuilder builder = new StringBuilder();
+
+        builder.append("\\").append(String.format(FORMAT, ((int)revision) & 0xff));
+        builder.append("\\").append(String.format(FORMAT, ((int)subCount) & 0xff));
+        for(int i = 0; i < authority.length; i++) {
+            int unsignedByte = ((int)authority[i]) & 0xff;
+            builder.append("\\").append(String.format(FORMAT, unsignedByte));
+        }
+        for(int i = 0; i < subs.length; i++) {
+            int unsignedByte = ((int)subs[i]) & 0xff;
+            builder.append("\\").append(String.format(FORMAT, unsignedByte));
+        }
+
+        return builder.toString();
+    }
+
+    public boolean isEmpty() {
+        return subCount == 0;
+    }
+
+    public boolean isBlank() {
+        boolean blank = true;
+        for(byte sub : subs)
+            blank = blank && (sub == 0);
+        return blank;
+    }
+
+    public byte[] getBytes() {
+        byte[] bytes = new byte[8 + subCount * 4];
+        bytes[0] = revision;
+        bytes[1] = subCount;
+        System.arraycopy(authority, 0, bytes, 2, 6);
+        System.arraycopy(subs, 0, bytes, 8, subs.length);
+
+        return bytes;
+    }
+
+    public static String toString(byte[] bytes) {
+        StringBuilder builder = new StringBuilder();
+
+        for(int i = 0; i < bytes.length; i++) {
+            int unsignedByte = ((int)bytes[i]) & 0xff;
+            builder.append("\\").append(String.format(FORMAT, unsignedByte));
+        }
+
+        return builder.toString();
+    }
+
+    public static PacSid createFromSubs(byte[] bytes) throws IOException {
+        if((bytes.length % 4) != 0) {
+            Object[] args = new Object[]{bytes.length};
+            throw new IOException("pac.subauthority.malformed.size");
+        }
+
+        byte[] sidBytes = new byte[8 + bytes.length];
+        sidBytes[0] = 1;
+        sidBytes[1] = (byte)(bytes.length / 4);
+        System.arraycopy(new byte[]{0, 0, 0, 0, 0, 5}, 0, sidBytes, 2, 6);
+        System.arraycopy(bytes, 0, sidBytes, 8, bytes.length);
+
+        return new PacSid(sidBytes);
+    }
+
+    public static PacSid append(PacSid sid1, PacSid sid2) {
+        PacSid sid = new PacSid(sid1);
+
+        sid.subCount += sid2.subCount;
+        sid.subs = new byte[sid.subCount * 4];
+        System.arraycopy(sid1.subs, 0, sid.subs, 0, sid1.subs.length);
+        System.arraycopy(sid2.subs, 0, sid.subs, sid1.subs.length, sid2.subs.length);
+
+        return sid;
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/pac/PacSidAttributes.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/pac/PacSidAttributes.java b/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/pac/PacSidAttributes.java
new file mode 100644
index 0000000..33cb7f7
--- /dev/null
+++ b/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/pac/PacSidAttributes.java
@@ -0,0 +1,41 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.codec.pac;
+
+public class PacSidAttributes {
+
+    private PacSid id;
+    private int attributes;
+
+    public PacSidAttributes(PacSid id, int attributes) {
+        super();
+        this.id = id;
+        this.attributes = attributes;
+    }
+
+    public PacSid getId() {
+        return id;
+    }
+
+    public int getAttributes() {
+        return attributes;
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/pac/PacSignature.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/pac/PacSignature.java b/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/pac/PacSignature.java
new file mode 100644
index 0000000..c8d5e08
--- /dev/null
+++ b/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/pac/PacSignature.java
@@ -0,0 +1,52 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.codec.pac;
+
+import java.io.ByteArrayInputStream;
+import java.io.DataInputStream;
+import java.io.IOException;
+
+public class PacSignature {
+
+    private int type;
+    private byte[] checksum;
+
+    public PacSignature(byte[] data) throws IOException {
+        try {
+            PacDataInputStream bufferStream = new PacDataInputStream(new DataInputStream(
+                    new ByteArrayInputStream(data)));
+
+            type = bufferStream.readInt();
+            checksum = new byte[bufferStream.available()];
+            bufferStream.readFully(checksum);
+        } catch(IOException e) {
+            throw new IOException("pac.signature.malformed", e);
+        }
+    }
+
+    public int getType() {
+        return type;
+    }
+
+    public byte[] getChecksum() {
+        return checksum;
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/pac/PacUnicodeString.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/pac/PacUnicodeString.java b/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/pac/PacUnicodeString.java
new file mode 100644
index 0000000..34b311d
--- /dev/null
+++ b/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/pac/PacUnicodeString.java
@@ -0,0 +1,61 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.codec.pac;
+
+import java.io.IOException;
+
+public class PacUnicodeString {
+
+    private short length;
+    private short maxLength;
+    private int pointer;
+
+    public PacUnicodeString(short length, short maxLength, int pointer) {
+        super();
+        this.length = length;
+        this.maxLength = maxLength;
+        this.pointer = pointer;
+    }
+
+    public short getLength() {
+        return length;
+    }
+
+    public short getMaxLength() {
+        return maxLength;
+    }
+
+    public int getPointer() {
+        return pointer;
+    }
+
+    public String check(String string) throws IOException {
+        if(pointer == 0 && string != null)
+            throw new IOException("pac.string.notempty");
+
+        int expected = length / 2;
+        if(string.length() != expected) {
+            Object[] args = new Object[]{expected, string.length()};
+            throw new IOException("pac.string.invalid.size");
+        }
+
+        return string;
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/spnego/SpnegoConstants.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/spnego/SpnegoConstants.java b/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/spnego/SpnegoConstants.java
new file mode 100644
index 0000000..9820a7e
--- /dev/null
+++ b/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/spnego/SpnegoConstants.java
@@ -0,0 +1,31 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.codec.spnego;
+
+public interface SpnegoConstants {
+
+    static final String SPNEGO_MECHANISM = "1.3.6.1.5.5.2";
+    static final String KERBEROS_MECHANISM = "1.2.840.113554.1.2.2";
+    static final String LEGACY_KERBEROS_MECHANISM = "1.2.840.48018.1.2.2";
+    static final String NTLMSSP_MECHANISM = "1.3.6.1.4.1.311.2.2.10";
+
+    static final String SPNEGO_OID = SPNEGO_MECHANISM;
+
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/spnego/SpnegoInitToken.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/spnego/SpnegoInitToken.java b/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/spnego/SpnegoInitToken.java
new file mode 100644
index 0000000..3e661ff
--- /dev/null
+++ b/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/spnego/SpnegoInitToken.java
@@ -0,0 +1,53 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.codec.spnego;
+
+import java.io.IOException;
+
+public class SpnegoInitToken extends SpnegoToken {
+
+    public static final int DELEGATION = 0x40;
+    public static final int MUTUAL_AUTHENTICATION = 0x20;
+    public static final int REPLAY_DETECTION = 0x10;
+    public static final int SEQUENCE_CHECKING = 0x08;
+    public static final int ANONYMITY = 0x04;
+    public static final int CONFIDENTIALITY = 0x02;
+    public static final int INTEGRITY = 0x01;
+
+    private String[] mechanisms;
+    private int contextFlags;
+
+    public SpnegoInitToken(byte[] token) throws IOException {
+
+    }
+
+    public int getContextFlags() {
+        return contextFlags;
+    }
+
+    public boolean getContextFlag(int flag) {
+        return (getContextFlags() & flag) == flag;
+    }
+
+    public String[] getMechanisms() {
+        return mechanisms;
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/spnego/SpnegoTargToken.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/spnego/SpnegoTargToken.java b/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/spnego/SpnegoTargToken.java
new file mode 100644
index 0000000..b830d8b
--- /dev/null
+++ b/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/spnego/SpnegoTargToken.java
@@ -0,0 +1,41 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.codec.spnego;
+
+import java.io.IOException;
+
+public class SpnegoTargToken extends SpnegoToken {
+
+    public static final int UNSPECIFIED_RESULT = -1;
+    public static final int ACCEPT_COMPLETED = 0;
+    public static final int ACCEPT_INCOMPLETE = 1;
+    public static final int REJECTED = 2;
+
+    private int result = UNSPECIFIED_RESULT;
+
+    public SpnegoTargToken(byte[] token) throws IOException {
+
+    }
+
+    public int getResult() {
+        return result;
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/spnego/SpnegoToken.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/spnego/SpnegoToken.java b/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/spnego/SpnegoToken.java
new file mode 100644
index 0000000..7c80a59
--- /dev/null
+++ b/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/spnego/SpnegoToken.java
@@ -0,0 +1,67 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.codec.spnego;
+
+import java.io.IOException;
+
+public abstract class SpnegoToken {
+
+    // Default max size as 65K
+    public static int TOKEN_MAX_SIZE = 66560;
+
+    protected byte[] mechanismToken;
+    protected byte[] mechanismList;
+    protected String mechanism;
+
+    public static SpnegoToken parse(byte[] token) throws IOException {
+        SpnegoToken spnegoToken = null;
+
+        if(token.length <= 0)
+            throw new IOException("spnego.token.empty");
+
+        switch (token[0]) {
+        case (byte)0x60:
+            spnegoToken = new SpnegoInitToken(token);
+            break;
+        case (byte)0xa1:
+            spnegoToken = new SpnegoTargToken(token);
+            break;
+        default:
+            spnegoToken = null;
+            Object[] args = new Object[]{token[0]};
+            throw new IOException("spnego.token.invalid");
+        }
+
+        return spnegoToken;
+    }
+
+    public byte[] getMechanismToken() {
+        return mechanismToken;
+    }
+
+    public byte[] getMechanismList() {
+        return mechanismList;
+    }
+
+    public String getMechanism() {
+        return mechanism;
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/test/CodecTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/test/CodecTest.java b/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/test/CodecTest.java
new file mode 100644
index 0000000..58a57e4
--- /dev/null
+++ b/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/test/CodecTest.java
@@ -0,0 +1,46 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.codec.test;
+
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.codec.KrbCodec;
+import org.apache.kerby.kerberos.kerb.spec.common.CheckSum;
+import org.apache.kerby.kerberos.kerb.spec.common.CheckSumType;
+import org.junit.Assert;
+import org.junit.Test;
+
+import java.util.Arrays;
+
+public class CodecTest {
+
+    @Test
+    public void testCodec() throws KrbException {
+        CheckSum mcs = new CheckSum();
+        mcs.setCksumtype(CheckSumType.CRC32);
+        mcs.setChecksum(new byte[] {0x10});
+        byte[] bytes = KrbCodec.encode(mcs);
+        Assert.assertNotNull(bytes);
+
+        CheckSum restored = KrbCodec.decode(bytes, CheckSum.class);
+        Assert.assertNotNull(restored);
+        Assert.assertEquals(mcs.getCksumtype(), restored.getCksumtype());
+        Assert.assertTrue(Arrays.equals(mcs.getChecksum(), restored.getChecksum()));
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/test/CodecTestUtil.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/test/CodecTestUtil.java b/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/test/CodecTestUtil.java
new file mode 100644
index 0000000..ed11259
--- /dev/null
+++ b/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/test/CodecTestUtil.java
@@ -0,0 +1,32 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.codec.test;
+
+import java.io.IOException;
+import java.io.InputStream;
+
+public class CodecTestUtil {
+  /*package*/ static byte[] readBinaryFile(String path) throws IOException {
+    InputStream is = CodecTestUtil.class.getResourceAsStream(path);
+    byte[] bytes = new byte[is.available()];
+    is.read(bytes);
+    return bytes;
+  }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/test/TestAsRepCodec.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/test/TestAsRepCodec.java b/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/test/TestAsRepCodec.java
new file mode 100644
index 0000000..1b336f0
--- /dev/null
+++ b/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/test/TestAsRepCodec.java
@@ -0,0 +1,74 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.codec.test;
+
+import org.apache.kerby.kerberos.kerb.spec.common.KrbMessageType;
+import org.apache.kerby.kerberos.kerb.spec.common.NameType;
+import org.apache.kerby.kerberos.kerb.spec.common.PrincipalName;
+import org.apache.kerby.kerberos.kerb.spec.kdc.AsRep;
+import org.apache.kerby.kerberos.kerb.spec.ticket.Ticket;
+import org.junit.Assert;
+import org.junit.Test;
+
+import java.io.IOException;
+import java.nio.ByteBuffer;
+
+/**
+ * Test AsRep message using a real 'correct' network packet captured from MS-AD to detective programming errors
+ * and compatibility issues particularly regarding Kerberos crypto.
+ */
+public class TestAsRepCodec {
+
+    @Test
+    public void test() throws IOException {
+        byte[] bytes = CodecTestUtil.readBinaryFile("/asrep.token");
+        ByteBuffer asRepToken = ByteBuffer.wrap(bytes);
+
+        AsRep asRep = new AsRep();
+        asRep.decode(asRepToken);
+
+        Assert.assertEquals(asRep.getPvno(), 5);
+        Assert.assertEquals(asRep.getMsgType(), KrbMessageType.AS_REP);
+        Assert.assertEquals(asRep.getCrealm(), "DENYDC.COM");
+
+        PrincipalName cname = asRep.getCname();
+        Assert.assertEquals(cname.getNameType(), NameType.NT_PRINCIPAL);
+        Assert.assertEquals(cname.getNameStrings().size(), 1);
+        Assert.assertEquals(cname.getNameStrings().get(0), "u5");
+
+        Ticket ticket = asRep.getTicket();
+        Assert.assertEquals(ticket.getTktvno(), 5);
+        Assert.assertEquals(ticket.getRealm(), "DENYDC.COM");
+        PrincipalName sname = ticket.getSname();
+        Assert.assertEquals(sname.getNameType(), NameType.NT_SRV_INST);
+        Assert.assertEquals(sname.getNameStrings().size(), 2);
+        Assert.assertEquals(sname.getNameStrings().get(0), "krbtgt");
+        Assert.assertEquals(sname.getNameStrings().get(1), "DENYDC.COM");
+        //EncTicketPart encTicketPart = ticket.getEncPart();//FIXME
+        //Assert.assertEquals(encTicketPart.getKey().getKvno(), 2);
+        //Assert.assertEquals(encTicketPart.getKey().getKeyType().getValue(), 0x0017);
+        //TODO decode cinpher
+
+        //EncKdcRepPart encKdcRepPart = asRep.getEncPart();//FIXME
+        //Assert.assertEquals(encKdcRepPart.getKey().getKeyType().getValue(), 0x0017);
+        //Assert.assertEquals(encKdcRepPart.getKey().getKvno(), 7);
+        //TODO decode cinpher
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/test/TestAsReqCodec.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/test/TestAsReqCodec.java b/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/test/TestAsReqCodec.java
new file mode 100644
index 0000000..f86c3de
--- /dev/null
+++ b/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/test/TestAsReqCodec.java
@@ -0,0 +1,97 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.codec.test;
+
+import org.apache.kerby.kerberos.kerb.spec.common.EncryptionType;
+import org.apache.kerby.kerberos.kerb.spec.common.HostAddrType;
+import org.apache.kerby.kerberos.kerb.spec.common.KrbMessageType;
+import org.apache.kerby.kerberos.kerb.spec.common.NameType;
+import org.apache.kerby.kerberos.kerb.spec.kdc.AsReq;
+import org.apache.kerby.kerberos.kerb.spec.pa.PaDataType;
+import org.junit.Assert;
+import org.junit.Test;
+
+import java.io.IOException;
+import java.nio.ByteBuffer;
+import java.text.ParseException;
+import java.text.SimpleDateFormat;
+import java.util.Arrays;
+import java.util.Date;
+import java.util.List;
+import java.util.SimpleTimeZone;
+
+/**
+ * Test AsReq message using a real 'correct' network packet captured from MS-AD to detective programming errors
+ * and compatibility issues particularly regarding Kerberos crypto.
+ */
+public class TestAsReqCodec {
+
+    @Test
+    public void test() throws IOException, ParseException {
+        byte[] bytes = CodecTestUtil.readBinaryFile("/asreq.token");
+        ByteBuffer asreqToken = ByteBuffer.wrap(bytes);
+
+        AsReq asReq = new AsReq();
+        asReq.decode(asreqToken);
+
+        Assert.assertEquals(asReq.getPvno(), 5);
+        Assert.assertEquals(asReq.getMsgType(), KrbMessageType.AS_REQ);
+
+        Assert.assertEquals(asReq.getPaData().findEntry(PaDataType.ENC_TIMESTAMP).getPaDataType(), PaDataType.ENC_TIMESTAMP);
+        byte[] paDataEncTimestampValue = Arrays.copyOfRange(bytes, 33, 96);
+        byte[] paDataEncTimestampRealValue = asReq.getPaData().findEntry(PaDataType.ENC_TIMESTAMP).getPaDataValue();
+        Assert.assertTrue(Arrays.equals(paDataEncTimestampValue, paDataEncTimestampRealValue));
+        Assert.assertEquals(asReq.getPaData().findEntry(PaDataType.PAC_REQUEST).getPaDataType(), PaDataType.PAC_REQUEST);
+        byte[] paPacRequestValue = Arrays.copyOfRange(bytes, 108, 115);
+        byte[] paPacRequestRealValue = asReq.getPaData().findEntry(PaDataType.PAC_REQUEST).getPaDataValue();
+        Assert.assertTrue(Arrays.equals(paPacRequestValue, paPacRequestRealValue));
+
+        Assert.assertEquals(asReq.getReqBody().getKdcOptions().getPadding(), 0);
+        Assert.assertTrue(Arrays.equals(asReq.getReqBody().getKdcOptions().getValue(), Arrays.copyOfRange(bytes, 126, 130)));
+
+        Assert.assertEquals(asReq.getReqBody().getCname().getNameType(), NameType.NT_PRINCIPAL);
+        Assert.assertEquals(asReq.getReqBody().getCname().getName(), "des");
+        Assert.assertEquals(asReq.getReqBody().getRealm(), "DENYDC");
+        Assert.assertEquals(asReq.getReqBody().getSname().getNameType(), NameType.NT_SRV_INST);
+        Assert.assertEquals(asReq.getReqBody().getSname().getNameStrings().get(0), "krbtgt");
+        Assert.assertEquals(asReq.getReqBody().getSname().getNameStrings().get(1), "DENYDC");
+
+        SimpleDateFormat sdf = new SimpleDateFormat("yyyyMMddHHmmss");
+        sdf.setTimeZone(new SimpleTimeZone(0, "Z"));
+        Date date = sdf.parse("20370913024805");
+        Assert.assertEquals(asReq.getReqBody().getTill().getTime(), date.getTime());
+        Assert.assertEquals(asReq.getReqBody().getRtime().getTime(), date.getTime());
+
+        Assert.assertEquals(asReq.getReqBody().getNonce(), 197451134);
+
+        List<EncryptionType> types = asReq.getReqBody().getEtypes();
+        Assert.assertEquals(types.get(0).getValue(), 0x0017);
+        //Assert.assertEquals(types.get(1).getValue(), 0xff7b);//FIXME
+        //Assert.assertEquals(types.get(2).getValue(), 0x0080);//FIXME
+        Assert.assertEquals(types.get(3).getValue(), 0x0003);
+        Assert.assertEquals(types.get(4).getValue(), 0x0001);
+        Assert.assertEquals(types.get(5).getValue(), 0x0018);
+        //Assert.assertEquals(types.get(6).getValue(), 0xff79);//FIXME
+
+        Assert.assertEquals(asReq.getReqBody().getAddresses().getElements().size(), 1);
+        Assert.assertEquals(asReq.getReqBody().getAddresses().getElements().get(0).getAddrType(), HostAddrType.ADDRTYPE_NETBIOS);
+        //FIXME net bios name
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/test/TestKerberos.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/test/TestKerberos.java b/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/test/TestKerberos.java
new file mode 100644
index 0000000..45fb075
--- /dev/null
+++ b/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/test/TestKerberos.java
@@ -0,0 +1,267 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.codec.test;
+
+import org.apache.kerby.kerberos.kerb.codec.kerberos.AuthzDataUtil;
+import org.apache.kerby.kerberos.kerb.codec.kerberos.KerberosCredentials;
+import org.apache.kerby.kerberos.kerb.codec.kerberos.KerberosTicket;
+import org.apache.kerby.kerberos.kerb.codec.kerberos.KerberosToken;
+import org.apache.kerby.kerberos.kerb.codec.pac.Pac;
+import org.apache.kerby.kerberos.kerb.codec.pac.PacLogonInfo;
+import org.apache.kerby.kerberos.kerb.codec.pac.PacSid;
+import org.apache.kerby.kerberos.kerb.spec.common.AuthorizationData;
+import org.apache.kerby.kerberos.kerb.spec.common.EncryptionKey;
+import org.apache.kerby.kerberos.kerb.spec.common.EncryptionType;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.ArrayList;
+import java.util.List;
+
+public class TestKerberos {
+
+    private byte[] rc4Token;
+    private byte[] desToken;
+    private byte[] aes128Token;
+    private byte[] aes256Token;
+    private byte[] corruptToken;
+    private EncryptionKey rc4Key;
+    private EncryptionKey desKey;
+    private EncryptionKey aes128Key;
+    private EncryptionKey aes256Key;
+    private EncryptionKey corruptKey;
+
+    @Before
+    public void setUp() throws IOException {
+        InputStream file;
+        byte[] keyData;
+
+        file = this.getClass().getClassLoader().getResourceAsStream("rc4-kerberos-data");
+        rc4Token = new byte[file.available()];
+        file.read(rc4Token);
+        file.close();
+
+        file = this.getClass().getClassLoader().getResourceAsStream("des-kerberos-data");
+        desToken = new byte[file.available()];
+        file.read(desToken);
+        file.close();
+
+        file = this.getClass().getClassLoader().getResourceAsStream("aes128-kerberos-data");
+        aes128Token = new byte[file.available()];
+        file.read(aes128Token);
+        file.close();
+
+        file = this.getClass().getClassLoader().getResourceAsStream("aes256-kerberos-data");
+        aes256Token = new byte[file.available()];
+        file.read(aes256Token);
+        file.close();
+
+        corruptToken = new byte[]{1, 2, 3, 4, 5, 6};
+
+        file = this.getClass().getClassLoader().getResourceAsStream("rc4-key-data");
+        keyData = new byte[file.available()];
+        file.read(keyData);
+        rc4Key = new EncryptionKey(23, keyData, 2);
+        file.close();
+
+        file = this.getClass().getClassLoader().getResourceAsStream("des-key-data");
+        keyData = new byte[file.available()];
+        file.read(keyData);
+        desKey = new EncryptionKey(3, keyData, 2);
+        file.close();
+
+        file = this.getClass().getClassLoader().getResourceAsStream("aes128-key-data");
+        keyData = new byte[file.available()];
+        file.read(keyData);
+        aes128Key = new EncryptionKey(17, keyData, 2);
+        file.close();
+
+        file = this.getClass().getClassLoader().getResourceAsStream("aes256-key-data");
+        keyData = new byte[file.available()];
+        file.read(keyData);
+        aes256Key = new EncryptionKey(18, keyData, 2);
+        file.close();
+
+        corruptKey = new EncryptionKey(23, new byte[]{5, 4, 2, 1, 5, 4, 2, 1, 3}, 2);
+    }
+
+    @Test
+    public void testRc4Ticket() throws Exception {
+        KerberosToken token = new KerberosToken(rc4Token, rc4Key);
+
+        Assert.assertNotNull(token);
+        Assert.assertNotNull(token.getApRequest());
+
+        KerberosTicket ticket = token.getApRequest().getTicket();
+        Assert.assertNotNull(ticket);
+        Assert.assertEquals("HTTP/server.test.domain.com", ticket.getServerPrincipalName());
+        Assert.assertEquals("DOMAIN.COM", ticket.getServerRealm());
+        Assert.assertEquals("user.test", ticket.getUserPrincipalName());
+        Assert.assertEquals("DOMAIN.COM", ticket.getUserRealm());
+    }
+
+    //@Test
+    public void testDesTicket() throws Exception {
+        KerberosToken token = new KerberosToken(desToken, desKey);
+
+        Assert.assertNotNull(token);
+        Assert.assertNotNull(token.getApRequest());
+
+        KerberosTicket ticket = token.getApRequest().getTicket();
+        Assert.assertNotNull(ticket);
+        Assert.assertEquals("HTTP/server.test.domain.com", ticket.getServerPrincipalName());
+        Assert.assertEquals("DOMAIN.COM", ticket.getServerRealm());
+        Assert.assertEquals("user.test@domain.com", ticket.getUserPrincipalName());
+        Assert.assertEquals("DOMAIN.COM", ticket.getUserRealm());
+    }
+
+    @Test
+    public void testAes128Ticket() throws Exception {
+        KerberosToken token = null;
+        token = new KerberosToken(aes128Token, aes128Key);
+
+        Assert.assertNotNull(token);
+        Assert.assertNotNull(token.getApRequest());
+
+        KerberosTicket ticket = token.getApRequest().getTicket();
+        Assert.assertNotNull(ticket);
+        Assert.assertEquals("HTTP/server.test.domain.com", ticket.getServerPrincipalName());
+        Assert.assertEquals("DOMAIN.COM", ticket.getServerRealm());
+        Assert.assertEquals("user.test", ticket.getUserPrincipalName());
+        Assert.assertEquals("DOMAIN.COM", ticket.getUserRealm());
+    }
+
+    @Test
+    public void testAes256Ticket() throws Exception {
+        KerberosToken token = null;
+        token = new KerberosToken(aes256Token, aes256Key);
+
+        Assert.assertNotNull(token);
+        Assert.assertNotNull(token.getApRequest());
+
+        KerberosTicket ticket = token.getApRequest().getTicket();
+        Assert.assertNotNull(ticket);
+        Assert.assertEquals("HTTP/server.test.domain.com", ticket.getServerPrincipalName());
+        Assert.assertEquals("DOMAIN.COM", ticket.getServerRealm());
+        Assert.assertEquals("user.test", ticket.getUserPrincipalName());
+        Assert.assertEquals("DOMAIN.COM", ticket.getUserRealm());
+    }
+
+    @Test
+    public void testCorruptTicket() {
+        KerberosToken token = null;
+        try {
+            token = new KerberosToken(corruptToken, rc4Key);
+            Assert.fail("Should have thrown Exception.");
+        } catch(Exception e) {
+            Assert.assertNotNull(e);
+            Assert.assertNull(token);
+        }
+    }
+
+    @Test
+    public void testEmptyTicket() {
+        KerberosToken token = null;
+        try {
+            token = new KerberosToken(new byte[0], rc4Key);
+            Assert.fail("Should have thrown Exception.");
+        } catch(Exception e) {
+            Assert.assertNotNull(e);
+            Assert.assertNull(token);
+        }
+    }
+
+    @Test
+    public void testNullTicket() throws Exception {
+        KerberosToken token = null;
+        try {
+            token = new KerberosToken(null, rc4Key);
+            Assert.fail("Should have thrown NullPointerException.");
+        } catch(IOException e) {
+            e.printStackTrace();
+            Assert.fail(e.getMessage());
+        } catch(NullPointerException e) {
+            Assert.assertNotNull(e);
+            Assert.assertNull(token);
+        }
+    }
+
+    @Test
+    public void testCorruptKey() {
+        KerberosToken token = null;
+        try {
+            token = new KerberosToken(rc4Token, corruptKey);
+            Assert.fail("Should have thrown Exception.");
+        } catch(Exception e) {
+            Assert.assertNotNull(e);
+            Assert.assertNull(token);
+        }
+    }
+
+    @Test
+    public void testNoMatchingKey() {
+        KerberosToken token = null;
+        try {
+            token = new KerberosToken(rc4Token, desKey);
+            Assert.fail("Should have thrown Exception.");
+        } catch(Exception e) {
+            Assert.assertNotNull(e);
+            Assert.assertNull(token);
+        }
+    }
+
+    @Test
+    public void testKerberosPac() throws Exception {
+        KerberosToken token = new KerberosToken(rc4Token, rc4Key);
+
+        Assert.assertNotNull(token);
+        Assert.assertNotNull(token.getApRequest());
+
+        KerberosTicket ticket = token.getApRequest().getTicket();
+        Assert.assertNotNull(ticket);
+
+        AuthorizationData authzData = ticket.getAuthorizationData();
+        Assert.assertNotNull(authzData);
+        Assert.assertTrue(authzData.getElements().size() > 0);
+
+        EncryptionType eType = ticket.getTicket().getEncPart().getKey().getKeyType();
+        Pac pac = AuthzDataUtil.getPac(authzData,
+                KerberosCredentials.getServerKey(eType).getKeyData());
+        Assert.assertNotNull(pac);
+
+        PacLogonInfo logonInfo = pac.getLogonInfo();
+        Assert.assertNotNull(logonInfo);
+
+        List<String> sids = new ArrayList<String>();
+        if(logonInfo.getGroupSid() != null)
+            sids.add(logonInfo.getGroupSid().toString());
+        for(PacSid pacSid : logonInfo.getGroupSids())
+            sids.add(pacSid.toString());
+        for(PacSid pacSid : logonInfo.getExtraSids())
+            sids.add(pacSid.toString());
+        for(PacSid pacSid : logonInfo.getResourceGroupSids())
+            sids.add(pacSid.toString());
+
+        Assert.assertEquals(ticket.getUserPrincipalName(), logonInfo.getUserName());
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/test/TestPac.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/test/TestPac.java b/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/test/TestPac.java
new file mode 100644
index 0000000..c8ec0c9
--- /dev/null
+++ b/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/test/TestPac.java
@@ -0,0 +1,154 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.codec.test;
+
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.codec.pac.Pac;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+
+import java.io.IOException;
+import java.io.InputStream;
+
+public class TestPac {
+
+    private byte[] rc4Data;
+    private byte[] desData;
+    private byte[] corruptData;
+    private byte[] rc4Key;
+    private byte[] desKey;
+    private byte[] corruptKey;
+
+    @Before
+    public void setUp() throws IOException {
+        InputStream file;
+        byte[] keyData;
+
+        file = this.getClass().getClassLoader().getResourceAsStream("rc4-pac-data");
+        rc4Data = new byte[file.available()];
+        file.read(rc4Data);
+        file.close();
+
+        file = this.getClass().getClassLoader().getResourceAsStream("des-pac-data");
+        desData = new byte[file.available()];
+        file.read(desData);
+        file.close();
+
+        corruptData = new byte[]{5, 4, 2, 1, 5, 4, 2, 1, 3};
+
+        file = this.getClass().getClassLoader().getResourceAsStream("rc4-key-data");
+        keyData = new byte[file.available()];
+        file.read(keyData);
+        rc4Key = keyData;
+        file.close();
+
+        file = this.getClass().getClassLoader().getResourceAsStream("des-key-data");
+        keyData = new byte[file.available()];
+        file.read(keyData);
+        desKey = keyData;
+        file.close();
+
+        corruptKey = new byte[]{5, 4, 2, 1, 5, 4, 2, 1, 3};
+    }
+
+    @Test
+    public void testRc4Pac() throws KrbException {
+        Pac pac = new Pac(rc4Data, rc4Key);
+
+        Assert.assertNotNull(pac);
+        Assert.assertNotNull(pac.getLogonInfo());
+
+        Assert.assertEquals("user.test", pac.getLogonInfo().getUserName());
+        Assert.assertEquals("User Test", pac.getLogonInfo().getUserDisplayName());
+        Assert.assertEquals(0, pac.getLogonInfo().getBadPasswordCount());
+        Assert.assertEquals(32, pac.getLogonInfo().getUserFlags());
+        Assert.assertEquals(46, pac.getLogonInfo().getLogonCount());
+        Assert.assertEquals("DOMAIN", pac.getLogonInfo().getDomainName());
+        Assert.assertEquals("WS2008", pac.getLogonInfo().getServerName());
+    }
+
+    @Test
+    public void testDesPac() throws KrbException {
+        Pac pac = new Pac(desData, desKey);
+
+        Assert.assertNotNull(pac);
+        Assert.assertNotNull(pac.getLogonInfo());
+
+        Assert.assertEquals("user.test", pac.getLogonInfo().getUserName());
+        Assert.assertEquals("User Test", pac.getLogonInfo().getUserDisplayName());
+        Assert.assertEquals(0, pac.getLogonInfo().getBadPasswordCount());
+        Assert.assertEquals(32, pac.getLogonInfo().getUserFlags());
+        Assert.assertEquals(48, pac.getLogonInfo().getLogonCount());
+        Assert.assertEquals("DOMAIN", pac.getLogonInfo().getDomainName());
+        Assert.assertEquals("WS2008", pac.getLogonInfo().getServerName());
+    }
+
+    @Test
+    public void testCorruptPac() {
+        Pac pac = null;
+        try {
+            pac = new Pac(corruptData, rc4Key);
+            Assert.fail("Should have thrown KrbException.");
+        } catch(KrbException e) {
+            Assert.assertNotNull(e);
+            Assert.assertNull(pac);
+        }
+    }
+
+    @Test
+    public void testEmptyPac() {
+        Pac pac = null;
+        try {
+            pac = new Pac(new byte[0], rc4Key);
+            Assert.fail("Should have thrown KrbException.");
+        } catch(KrbException e) {
+            Assert.assertNotNull(e);
+            Assert.assertNull(pac);
+        }
+    }
+
+    @Test
+    public void testNullPac() {
+        Pac pac = null;
+        try {
+            pac = new Pac(null, rc4Key);
+            Assert.fail("Should have thrown NullPointerException.");
+        } catch(KrbException e) {
+            e.printStackTrace();
+            Assert.fail(e.getMessage());
+        } catch(NullPointerException e) {
+            Assert.assertNotNull(e);
+            Assert.assertNull(pac);
+        }
+    }
+
+    @Test
+    public void testCorruptKey() {
+        Pac pac = null;
+        try {
+            pac = new Pac(rc4Data, corruptKey);
+            Assert.fail("Should have thrown KrbException.");
+        } catch(KrbException e) {
+            Assert.assertNotNull(e);
+            Assert.assertNull(pac);
+        }
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/test/TestSpnego.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/test/TestSpnego.java b/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/test/TestSpnego.java
new file mode 100644
index 0000000..b3c0019
--- /dev/null
+++ b/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/test/TestSpnego.java
@@ -0,0 +1,172 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.codec.test;
+
+import org.apache.kerby.kerberos.kerb.codec.spnego.SpnegoConstants;
+import org.apache.kerby.kerberos.kerb.codec.spnego.SpnegoInitToken;
+import org.apache.kerby.kerberos.kerb.codec.spnego.SpnegoToken;
+import org.junit.Assert;
+
+import java.io.IOException;
+import java.io.InputStream;
+
+public class TestSpnego {
+
+    private byte[] rc4Token;
+    private byte[] desToken;
+    private byte[] aes128Token;
+    private byte[] aes256Token;
+    private byte[] corruptToken;
+
+    //@Before
+    public void setUp() throws IOException {
+        InputStream file;
+
+        file = this.getClass().getClassLoader().getResourceAsStream("rc4-spnego-data");
+        rc4Token = new byte[file.available()];
+        file.read(rc4Token);
+        file.close();
+
+        file = this.getClass().getClassLoader().getResourceAsStream("des-spnego-data");
+        desToken = new byte[file.available()];
+        file.read(desToken);
+        file.close();
+
+        file = this.getClass().getClassLoader().getResourceAsStream("aes128-spnego-data");
+        aes128Token = new byte[file.available()];
+        file.read(aes128Token);
+        file.close();
+
+        file = this.getClass().getClassLoader().getResourceAsStream("aes256-spnego-data");
+        aes256Token = new byte[file.available()];
+        file.read(aes256Token);
+        file.close();
+
+        corruptToken = new byte[]{5, 4, 2, 1};
+    }
+
+    //@Test
+    public void testRc4Token() {
+        try {
+            SpnegoToken spnegoToken = SpnegoToken.parse(rc4Token);
+
+            Assert.assertNotNull(spnegoToken);
+            Assert.assertTrue(spnegoToken instanceof SpnegoInitToken);
+            Assert.assertNotNull(spnegoToken.getMechanismToken());
+            Assert.assertTrue(spnegoToken.getMechanismToken().length < rc4Token.length);
+            Assert.assertNotNull(spnegoToken.getMechanism());
+            Assert.assertEquals(SpnegoConstants.LEGACY_KERBEROS_MECHANISM, spnegoToken.getMechanism());
+        } catch(IOException e) {
+            e.printStackTrace();
+            Assert.fail(e.getMessage());
+        }
+    }
+
+    //@Test
+    public void testDesToken() {
+        try {
+            SpnegoToken spnegoToken = SpnegoToken.parse(desToken);
+
+            Assert.assertNotNull(spnegoToken);
+            Assert.assertTrue(spnegoToken instanceof SpnegoInitToken);
+            Assert.assertNotNull(spnegoToken.getMechanismToken());
+            Assert.assertTrue(spnegoToken.getMechanismToken().length < desToken.length);
+            Assert.assertNotNull(spnegoToken.getMechanism());
+            Assert.assertEquals(SpnegoConstants.LEGACY_KERBEROS_MECHANISM, spnegoToken.getMechanism());
+        } catch(IOException e) {
+            e.printStackTrace();
+            Assert.fail(e.getMessage());
+        }
+    }
+
+    //@Test
+    public void testAes128Token() {
+        try {
+            SpnegoToken spnegoToken = SpnegoToken.parse(aes128Token);
+
+            Assert.assertNotNull(spnegoToken);
+            Assert.assertTrue(spnegoToken instanceof SpnegoInitToken);
+            Assert.assertNotNull(spnegoToken.getMechanismToken());
+            Assert.assertTrue(spnegoToken.getMechanismToken().length < aes128Token.length);
+            Assert.assertNotNull(spnegoToken.getMechanism());
+            Assert.assertEquals(SpnegoConstants.LEGACY_KERBEROS_MECHANISM, spnegoToken.getMechanism());
+        } catch(IOException e) {
+            e.printStackTrace();
+            Assert.fail(e.getMessage());
+        }
+    }
+
+    //@Test
+    public void testAes256Token() {
+        try {
+            SpnegoToken spnegoToken = SpnegoToken.parse(aes256Token);
+
+            Assert.assertNotNull(spnegoToken);
+            Assert.assertTrue(spnegoToken instanceof SpnegoInitToken);
+            Assert.assertNotNull(spnegoToken.getMechanismToken());
+            Assert.assertTrue(spnegoToken.getMechanismToken().length < aes256Token.length);
+            Assert.assertNotNull(spnegoToken.getMechanism());
+            Assert.assertEquals(SpnegoConstants.LEGACY_KERBEROS_MECHANISM, spnegoToken.getMechanism());
+        } catch(IOException e) {
+            e.printStackTrace();
+            Assert.fail(e.getMessage());
+        }
+    }
+
+    //@Test
+    public void testEmptyToken() {
+        SpnegoToken spnegoToken = null;
+        try {
+            spnegoToken = SpnegoToken.parse(new byte[0]);
+            Assert.fail("Should have thrown DecodingException.");
+        } catch(IOException e) {
+            Assert.assertNotNull(e);
+            Assert.assertNull(spnegoToken);
+        }
+    }
+
+    //@Test
+    public void testCorruptToken() {
+        SpnegoToken spnegoToken = null;
+        try {
+            spnegoToken = SpnegoToken.parse(corruptToken);
+            Assert.fail("Should have thrown DecodingException.");
+        } catch(IOException e) {
+            Assert.assertNotNull(e);
+            Assert.assertNull(spnegoToken);
+        }
+    }
+
+    //@Test
+    public void testNullToken() {
+        SpnegoToken spnegoToken = null;
+        try {
+            spnegoToken = SpnegoToken.parse(null);
+            Assert.fail("Should have thrown NullPointerException.");
+        } catch(IOException e) {
+            e.printStackTrace();
+            Assert.fail(e.getMessage());
+        } catch(NullPointerException e) {
+            Assert.assertNotNull(e);
+            Assert.assertNull(spnegoToken);
+        }
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/test/TestTgsRepCodec.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/test/TestTgsRepCodec.java b/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/test/TestTgsRepCodec.java
new file mode 100644
index 0000000..0510e6d
--- /dev/null
+++ b/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/test/TestTgsRepCodec.java
@@ -0,0 +1,70 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.codec.test;
+
+import org.apache.kerby.kerberos.kerb.spec.common.KrbMessageType;
+import org.apache.kerby.kerberos.kerb.spec.common.NameType;
+import org.apache.kerby.kerberos.kerb.spec.common.PrincipalName;
+import org.apache.kerby.kerberos.kerb.spec.kdc.TgsRep;
+import org.apache.kerby.kerberos.kerb.spec.ticket.Ticket;
+import org.junit.Assert;
+import org.junit.Test;
+
+import java.io.IOException;
+
+/**
+ * Test TgsRep message using a real 'correct' network packet captured from MS-AD to detective programming errors
+ * and compatibility issues particularly regarding Kerberos crypto.
+ */
+public class TestTgsRepCodec {
+
+    @Test
+    public void test() throws IOException {
+        byte[] bytes = CodecTestUtil.readBinaryFile("/tgsrep.token");
+        TgsRep tgsRep = new TgsRep();
+        tgsRep.decode(bytes);
+
+        Assert.assertEquals(tgsRep.getPvno(), 5);
+        Assert.assertEquals(tgsRep.getMsgType(), KrbMessageType.TGS_REP);
+        Assert.assertEquals(tgsRep.getCrealm(), "DENYDC.COM");
+
+        PrincipalName cname = tgsRep.getCname();
+        Assert.assertEquals(cname.getNameType(), NameType.NT_PRINCIPAL);
+        Assert.assertEquals(cname.getNameStrings().size(), 1);
+        Assert.assertEquals(cname.getNameStrings().iterator().next(), "des");
+
+        Ticket ticket = tgsRep.getTicket();
+        Assert.assertEquals(ticket.getTktvno(), 5);
+        Assert.assertEquals(ticket.getRealm(), "DENYDC.COM");
+        PrincipalName sname = ticket.getSname();
+        Assert.assertEquals(sname.getNameType(), NameType.NT_SRV_HST);
+        Assert.assertEquals(sname.getNameStrings().size(), 2);
+        Assert.assertEquals(sname.getNameStrings().get(0), "host");
+        Assert.assertEquals(sname.getNameStrings().get(1), "xp1.denydc.com");
+        //EncTicketPart encTicketPart = ticket.getEncPart();//FIXME null pointer!!
+        //Assert.assertEquals(encTicketPart.getKey().getKeyType().getValue(), 23);
+        //Assert.assertEquals(encTicketPart.getKey().getKvno(), 2);
+        //TODO decode cipher
+
+        //EncKdcRepPart encKdcRepPart = tgsRep.getEncPart();//FIXME null pointer!!
+        //Assert.assertEquals(encKdcRepPart.getKey().getKeyType().getValue(), 3);
+        //TODO decode cinpher
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/test/TestTgsReqCodec.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/test/TestTgsReqCodec.java b/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/test/TestTgsReqCodec.java
new file mode 100644
index 0000000..1c06024
--- /dev/null
+++ b/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/test/TestTgsReqCodec.java
@@ -0,0 +1,94 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.codec.test;
+
+import org.apache.kerby.kerberos.kerb.spec.common.EncryptionType;
+import org.apache.kerby.kerberos.kerb.spec.common.KrbMessageType;
+import org.apache.kerby.kerberos.kerb.spec.common.NameType;
+import org.apache.kerby.kerberos.kerb.spec.common.PrincipalName;
+import org.apache.kerby.kerberos.kerb.spec.kdc.KdcReqBody;
+import org.apache.kerby.kerberos.kerb.spec.kdc.TgsReq;
+import org.apache.kerby.kerberos.kerb.spec.pa.PaData;
+import org.apache.kerby.kerberos.kerb.spec.pa.PaDataEntry;
+import org.apache.kerby.kerberos.kerb.spec.pa.PaDataType;
+import org.junit.Assert;
+import org.junit.Test;
+
+import java.io.IOException;
+import java.text.ParseException;
+import java.text.SimpleDateFormat;
+import java.util.Arrays;
+import java.util.Date;
+import java.util.List;
+import java.util.SimpleTimeZone;
+
+/**
+ * Test TgsReq message using a real 'correct' network packet captured from MS-AD to detective programming errors
+ * and compatibility issues particularly regarding Kerberos crypto.
+ */
+public class TestTgsReqCodec {
+
+    @Test
+    public void test() throws IOException, ParseException {
+        byte[] bytes = CodecTestUtil.readBinaryFile("/tgsreq.token");
+        TgsReq tgsReq = new TgsReq();
+        tgsReq.decode(bytes);
+
+        Assert.assertEquals(tgsReq.getPvno(), 5);
+        Assert.assertEquals(tgsReq.getMsgType(), KrbMessageType.TGS_REQ);
+
+        PaData paData = tgsReq.getPaData();
+        Assert.assertEquals(paData.getElements().size(), 1);
+        PaDataEntry entry = paData.getElements().iterator().next();
+        Assert.assertEquals(entry.getPaDataType(), PaDataType.TGS_REQ);
+        //TODO Decode:padata-value
+
+        //request body
+        KdcReqBody body = tgsReq.getReqBody();
+        Assert.assertEquals(body.getKdcOptions().getPadding(), 0);
+        byte[] kdcOptionsValue = {64, (byte) 128, 0, 0};
+        Assert.assertTrue(Arrays.equals(body.getKdcOptions().getValue(), kdcOptionsValue));
+
+        Assert.assertEquals(body.getRealm(), "DENYDC.COM");
+
+        PrincipalName sname = body.getSname();
+        Assert.assertEquals(sname.getNameType(), NameType.NT_SRV_HST);
+        Assert.assertEquals(sname.getNameStrings().size(), 2);
+        Assert.assertEquals(sname.getNameStrings().get(0), "host");
+        Assert.assertEquals(sname.getNameStrings().get(1), "xp1.denydc.com");
+
+        SimpleDateFormat sdf = new SimpleDateFormat("yyyyMMddHHmmss");
+        sdf.setTimeZone(new SimpleTimeZone(0, "Z"));
+        Date date = sdf.parse("20370913024805");
+        Assert.assertEquals(tgsReq.getReqBody().getTill().getTime(), date.getTime());
+
+        Assert.assertEquals(body.getNonce(), 197296424);
+
+        List<EncryptionType> eTypes = body.getEtypes();
+        Assert.assertEquals(eTypes.size(), 7);
+        Assert.assertEquals(eTypes.get(0).getValue(), 23);
+        //Assert.assertEquals(eTypes.get(1).getValue(), -133);//FIXME
+        //Assert.assertEquals(eTypes.get(2).getValue(), -128);//FIXME
+        Assert.assertEquals(eTypes.get(3).getValue(), 3);
+        Assert.assertEquals(eTypes.get(4).getValue(), 1);
+        Assert.assertEquals(eTypes.get(5).getValue(), 24);
+        //Assert.assertEquals(eTypes.get(6).getValue(), -135);//FIXME
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-core/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/pom.xml b/kerby-kerb/kerb-core/pom.xml
new file mode 100644
index 0000000..9bd0963
--- /dev/null
+++ b/kerby-kerb/kerb-core/pom.xml
@@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed under the Apache License, Version 2.0 (the "License");
+  you may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License. See accompanying LICENSE file.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+
+  <parent>
+    <groupId>org.apache.kerby</groupId>
+    <artifactId>kerby-kerb</artifactId>
+    <version>1.0-SNAPSHOT</version>
+  </parent>
+
+  <artifactId>kerb-core</artifactId>
+
+  <name>Kerby-kerb core</name>
+  <description>Kerby-kerb core facilities</description>
+
+  <dependencies>
+    <dependency>
+      <groupId>org.apache.kerby</groupId>
+      <artifactId>kerby-asn1</artifactId>
+      <version>1.0-SNAPSHOT</version>
+    </dependency>
+
+  </dependencies>
+</project>

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/ceacb982/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/KrbConstant.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/KrbConstant.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/KrbConstant.java
new file mode 100644
index 0000000..e6eabcb
--- /dev/null
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/KrbConstant.java
@@ -0,0 +1,26 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb;
+
+public interface KrbConstant {
+    public final static int KRB_V5 = 5;
+
+    public final static String TGS_PRINCIPAL = "krbtgt";
+}


Mime
View raw message