Return-Path: 
 <commits-return-41763-apmail-directory-commits-archive=directory.apache.org@directory.apache.org>
X-Original-To: apmail-directory-commits-archive@www.apache.org
Delivered-To: apmail-directory-commits-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id D5E3618395
	for <apmail-directory-commits-archive@www.apache.org>;
 Wed, 29 Apr 2015 10:37:25 +0000 (UTC)
Received: (qmail 71768 invoked by uid 500); 29 Apr 2015 10:37:25 -0000
Delivered-To: apmail-directory-commits-archive@directory.apache.org
Received: (qmail 71719 invoked by uid 500); 29 Apr 2015 10:37:25 -0000
Mailing-List: contact commits-help@directory.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@directory.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@directory.apache.org>
List-Post: <mailto:commits@directory.apache.org>
List-Id: <commits.directory.apache.org>
Reply-To: dev@directory.apache.org
Delivered-To: mailing list commits@directory.apache.org
Received: (qmail 71710 invoked by uid 99); 29 Apr 2015 10:37:25 -0000
Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org)
 (140.211.11.23)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 29 Apr 2015 10:37:25 +0000
Received: by git1-us-west.apache.org (ASF Mail Server at
 git1-us-west.apache.org, from userid 33)
	id 8EA5FE008F; Wed, 29 Apr 2015 10:37:25 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: coheigea@apache.org
To: commits@directory.apache.org
Message-Id: <3cf7ee78e692498fb358cf15e6a424fb@git.apache.org>
X-Mailer: ASF-Git Admin Mailer
Subject: directory-kerby git commit: Adding a GSS unit test
Date: Wed, 29 Apr 2015 10:37:25 +0000 (UTC)

Repository: directory-kerby
Updated Branches:
  refs/heads/master e452f1854 -> eb2e4c1ae


Adding a GSS unit test


Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/eb2e4c1a
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/eb2e4c1a
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/eb2e4c1a

Branch: refs/heads/master
Commit: eb2e4c1ae1c665e065d0b76227cc5b727157ccab
Parents: e452f18
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Wed Apr 29 11:37:14 2015 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Wed Apr 29 11:37:14 2015 +0100

----------------------------------------------------------------------
 kerby-kerb/kerb-kdc-test/pom.xml                |   7 +
 .../kerberos/kerb/server/GSSInteropTest.java    | 192 +++++++++++++++++++
 .../src/test/resources/kerberos.jaas            |   5 +
 .../kerb-kdc-test/src/test/resources/krb5.conf  |   8 +
 4 files changed, 212 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/eb2e4c1a/kerby-kerb/kerb-kdc-test/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/pom.xml b/kerby-kerb/kerb-kdc-test/pom.xml
index 378ef90..3e8f447 100644
--- a/kerby-kerb/kerb-kdc-test/pom.xml
+++ b/kerby-kerb/kerb-kdc-test/pom.xml
@@ -62,5 +62,12 @@
       <artifactId>assertj-core</artifactId>
       <scope>compile</scope>
     </dependency>
+    <dependency>
+      <groupId>commons-io</groupId>
+      <artifactId>commons-io</artifactId>
+      <version>2.4</version>
+      <scope>test</scope>
+    </dependency>
+
   </dependencies>
 </project>

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/eb2e4c1a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/GSSInteropTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/GSSInteropTest.java b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/GSSInteropTest.java
new file mode 100644
index 0000000..8071cfe
--- /dev/null
+++ b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/GSSInteropTest.java
@@ -0,0 +1,192 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.server;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.security.Principal;
+import java.security.PrivilegedExceptionAction;
+import java.util.Set;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.security.auth.kerberos.KerberosTicket;
+import javax.security.auth.login.LoginContext;
+
+import org.apache.commons.io.IOUtils;
+import org.ietf.jgss.GSSContext;
+import org.ietf.jgss.GSSCredential;
+import org.ietf.jgss.GSSException;
+import org.ietf.jgss.GSSManager;
+import org.ietf.jgss.GSSName;
+import org.ietf.jgss.Oid;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+
+/**
+ * This is an interop test using the Java GSS APIs against the Kerby KDC
+ */
+public class GSSInteropTest extends KdcTest {
+    
+    @Override
+    protected void setUpKdcServer() throws Exception {
+        kdcServer = new TestKdcServer();
+        prepareKdcServer();
+        
+        kdcServer.init();
+        
+        // Must disable pre-auth
+        kdcServer.getSetting().getKdcConfig().setBoolean(KdcConfigKey.PREAUTH_REQUIRED, false);
+        
+        kdcRealm = kdcServer.getKdcRealm();
+        clientPrincipal = "drankye@" + kdcRealm;
+        serverPrincipal = "test-service/localhost@" + kdcRealm;
+    }
+    
+    @Before
+    @Override
+    public void setUp() throws Exception {
+        super.setUp();
+        
+        String basedir = System.getProperty("basedir");
+        if (basedir == null) {
+            basedir = new File(".").getCanonicalPath();
+        }
+        
+        // System.setProperty("sun.security.krb5.debug", "true");
+        System.setProperty("java.security.auth.login.config", 
+                           basedir + "/src/test/resources/kerberos.jaas");
+        
+        // Read in krb5.conf and substitute in the correct port
+        File f = new File(basedir + "/src/test/resources/krb5.conf");
+
+        FileInputStream inputStream = new FileInputStream(f);
+        String content = IOUtils.toString(inputStream, "UTF-8");
+        inputStream.close();
+        content = content.replaceAll("port", "" + tcpPort);
+
+        File f2 = new File(basedir + "/target/test-classes/krb5.conf");
+        FileOutputStream outputStream = new FileOutputStream(f2);
+        IOUtils.write(content, outputStream, "UTF-8");
+        outputStream.close();
+
+        System.setProperty("java.security.krb5.conf", f2.getPath());
+    }
+
+    @Override
+    protected boolean allowUdp() {
+        return false;
+    }
+
+    @Test
+    public void testKdc() throws Exception {
+        kdcServer.start();
+        
+        LoginContext loginContext = new LoginContext("drankye", new KerberosCallbackHandler());
+        loginContext.login();
+        
+        Subject clientSubject = loginContext.getSubject();
+        Set<Principal> clientPrincipals = clientSubject.getPrincipals();
+        Assert.assertFalse(clientPrincipals.isEmpty());
+
+        // Get the TGT
+        Set<KerberosTicket> privateCredentials = 
+            clientSubject.getPrivateCredentials(KerberosTicket.class);
+        Assert.assertFalse(privateCredentials.isEmpty());
+        KerberosTicket tgt = privateCredentials.iterator().next();
+        Assert.assertNotNull(tgt);
+
+        // Get the service ticket
+        KerberosClientExceptionAction action =
+            new KerberosClientExceptionAction(clientPrincipals.iterator().next(), 
+                                              "test-service/localhost@TEST.COM");
+        
+        byte[] kerberosToken = (byte[]) Subject.doAs(clientSubject, action);
+        Assert.assertNotNull(kerberosToken);
+    }
+    
+    private static class KerberosCallbackHandler implements CallbackHandler {
+
+        public void handle(Callback[] callbacks) throws IOException,
+                UnsupportedCallbackException {
+            for (int i = 0; i < callbacks.length; i++) {
+                if (callbacks[i] instanceof PasswordCallback) {
+                    PasswordCallback pc = (PasswordCallback) callbacks[i];
+                    if (pc.getPrompt().contains("drankye")) {
+                        pc.setPassword(TEST_PASSWORD.toCharArray());
+                        break;
+                    }
+                }
+            }
+        }
+    }
+    
+    /**
+     * This class represents a PrivilegedExceptionAction implementation to obtain a service ticket from a Kerberos
+     * Key Distribution Center.
+     */
+    private static class KerberosClientExceptionAction implements PrivilegedExceptionAction<byte[]> {
+
+        private static final String JGSS_KERBEROS_TICKET_OID = "1.2.840.113554.1.2.2";
+        
+        private Principal clientPrincipal;
+        private String serviceName;
+
+        public KerberosClientExceptionAction(Principal clientPrincipal, String serviceName) { 
+            this.clientPrincipal = clientPrincipal;
+            this.serviceName = serviceName;
+        }
+        
+        public byte[] run() throws GSSException {
+            GSSManager gssManager = GSSManager.getInstance();
+
+            GSSName gssService = gssManager.createName(serviceName, GSSName.NT_USER_NAME);
+            Oid oid = new Oid(JGSS_KERBEROS_TICKET_OID);
+            GSSName gssClient = gssManager.createName(clientPrincipal.getName(), GSSName.NT_USER_NAME);
+            GSSCredential credentials = 
+                gssManager.createCredential(
+                    gssClient, GSSCredential.DEFAULT_LIFETIME, oid, GSSCredential.INITIATE_ONLY
+                );
+
+            GSSContext secContext =
+                gssManager.createContext(
+                    gssService, oid, credentials, GSSContext.DEFAULT_LIFETIME
+                );
+
+            secContext.requestMutualAuth(false);
+            secContext.requestCredDeleg(false);
+
+            try {
+                byte[] token = new byte[0];
+                byte[] returnedToken = secContext.initSecContext(token, 0, token.length);
+
+                return returnedToken;
+            } finally {
+                secContext.dispose();
+            }
+        }
+    }
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/eb2e4c1a/kerby-kerb/kerb-kdc-test/src/test/resources/kerberos.jaas
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/src/test/resources/kerberos.jaas b/kerby-kerb/kerb-kdc-test/src/test/resources/kerberos.jaas
new file mode 100644
index 0000000..e7ebb83
--- /dev/null
+++ b/kerby-kerb/kerb-kdc-test/src/test/resources/kerberos.jaas
@@ -0,0 +1,5 @@
+
+drankye {
+    com.sun.security.auth.module.Krb5LoginModule required refreshKrb5Config=true useKeyTab=false principal="drankye";
+};
+

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/eb2e4c1a/kerby-kerb/kerb-kdc-test/src/test/resources/krb5.conf
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/src/test/resources/krb5.conf b/kerby-kerb/kerb-kdc-test/src/test/resources/krb5.conf
new file mode 100644
index 0000000..e2fa16a
--- /dev/null
+++ b/kerby-kerb/kerb-kdc-test/src/test/resources/krb5.conf
@@ -0,0 +1,8 @@
+[libdefaults]
+	default_realm = TEST.COM
+	udp_preference_limit = 1
+
+[realms]
+	TEST.COM = {
+		kdc = localhost:port
+	}
\ No newline at end of file