directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dran...@apache.org
Subject [1/3] directory-kerby git commit: DIRKRB-320 Added SASL test using real application client and server; and also added some test scripts
Date Mon, 06 Jul 2015 07:15:55 GMT
Repository: directory-kerby
Updated Branches:
  refs/heads/master 74a4f7236 -> a5efcfba6


DIRKRB-320 Added SASL test using real application client and server; and also added some test
scripts


Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/e29e1d49
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/e29e1d49
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/e29e1d49

Branch: refs/heads/master
Commit: e29e1d4971610c4c022c85340d046a3a3c7adae6
Parents: 1ca7154
Author: drankye <kai.zheng@intel.com>
Authored: Sun Jul 5 07:10:58 2015 +0800
Committer: Drankye <drankye@gmail.com>
Committed: Sun Jul 5 07:10:58 2015 +0800

----------------------------------------------------------------------
 kerby-kerb/integration-test/run/login.conf      |  20 ++++
 kerby-kerb/integration-test/run/rungssclient.sh |   6 +
 kerby-kerb/integration-test/run/rungssserver.sh |   5 +
 .../integration-test/run/runsaslclient.sh       |   7 ++
 .../integration-test/run/runsaslserver.sh       |   6 +
 .../integration/test/sasl/SaslAppClient.java    |  85 ++++++++++++++
 .../integration/test/sasl/SaslAppServer.java    | 117 +++++++++++++++++++
 .../kerberos/kerb/integration/test/AppTest.java |   2 -
 .../kerb/integration/test/SaslAppTest.java      |  51 ++++++++
 9 files changed, 297 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/e29e1d49/kerby-kerb/integration-test/run/login.conf
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/run/login.conf b/kerby-kerb/integration-test/run/login.conf
new file mode 100644
index 0000000..33bda06
--- /dev/null
+++ b/kerby-kerb/integration-test/run/login.conf
@@ -0,0 +1,20 @@
+/** 
+ * Login Configuration for JAAS.
+ */
+
+com.sun.security.jgss.initiate {
+  kerb.token.login.Krb5TokenAuthnLoginModule required 
+  debug=true
+  principal="drankye@SH.INTEL.COM"
+  useTicketCache=true
+  doNotPrompt=false;
+};
+
+com.sun.security.jgss.accept {
+  com.sun.security.auth.module.Krb5LoginModule required
+  useTicketCache=false
+  useKeyTab=true
+  principal="myservice/zkdesk.sh.intel.com@SH.INTEL.COM"
+  keyTab="/tmp/myservice.keytab"
+  doNotPrompt=false;
+};

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/e29e1d49/kerby-kerb/integration-test/run/rungssclient.sh
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/run/rungssclient.sh b/kerby-kerb/integration-test/run/rungssclient.sh
new file mode 100644
index 0000000..5d4be93
--- /dev/null
+++ b/kerby-kerb/integration-test/run/rungssclient.sh
@@ -0,0 +1,6 @@
+java -Djava.security.krb5.realm=SH.INTEL.COM \
+     -Djava.security.krb5.kdc=zkdev.sh.intel.com \
+     -Djavax.security.auth.useSubjectCredsOnly=false \
+     -Djava.security.auth.login.config=login.conf \
+     SampleClient myservice/zkdev.sh.intel.com@SH.INTEL.COM \
+     zkdev.sh.intel.com 8080
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/e29e1d49/kerby-kerb/integration-test/run/rungssserver.sh
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/run/rungssserver.sh b/kerby-kerb/integration-test/run/rungssserver.sh
new file mode 100644
index 0000000..6c5bd55
--- /dev/null
+++ b/kerby-kerb/integration-test/run/rungssserver.sh
@@ -0,0 +1,5 @@
+java -Djava.security.krb5.realm=SH.INTEL.COM \
+     -Djava.security.krb5.kdc=zkdev.sh.intel.com \
+     -Djavax.security.auth.useSubjectCredsOnly=false \
+     -Djava.security.auth.login.config=login.conf \
+     SampleServer 8080
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/e29e1d49/kerby-kerb/integration-test/run/runsaslclient.sh
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/run/runsaslclient.sh b/kerby-kerb/integration-test/run/runsaslclient.sh
new file mode 100644
index 0000000..d23d513
--- /dev/null
+++ b/kerby-kerb/integration-test/run/runsaslclient.sh
@@ -0,0 +1,7 @@
+java -Djava.security.krb5.realm=SH.INTEL.COM \
+     -Djava.security.krb5.kdc=zkdesk.sh.intel.com \
+     -Djavax.security.auth.useSubjectCredsOnly=false \
+     -Djava.security.auth.login.config=login.conf \
+      security.samples.sasl.SaslSampleClient \
+      zkdesk.sh.intel.com 8080 \
+      myservice zkdesk.sh.intel.com
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/e29e1d49/kerby-kerb/integration-test/run/runsaslserver.sh
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/run/runsaslserver.sh b/kerby-kerb/integration-test/run/runsaslserver.sh
new file mode 100644
index 0000000..77f003e
--- /dev/null
+++ b/kerby-kerb/integration-test/run/runsaslserver.sh
@@ -0,0 +1,6 @@
+java -Djava.security.krb5.realm=SH.INTEL.COM \
+     -Djava.security.krb5.kdc=zkdesk.sh.intel.com \
+     -Djavax.security.auth.useSubjectCredsOnly=false \
+     -Djava.security.auth.login.config=login.conf \
+     token.samples.sasl.TokenSaslSampleServer \
+     8080 myservice zkdesk.sh.intel.com
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/e29e1d49/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/sasl/SaslAppClient.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/sasl/SaslAppClient.java
b/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/sasl/SaslAppClient.java
new file mode 100644
index 0000000..07ec6ab
--- /dev/null
+++ b/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/sasl/SaslAppClient.java
@@ -0,0 +1,85 @@
+package org.apache.kerby.kerberos.kerb.integration.test.sasl;
+
+import org.apache.kerby.kerberos.kerb.integration.test.AppClient;
+import org.apache.kerby.kerberos.kerb.integration.test.Transport;
+
+import javax.security.sasl.Sasl;
+import javax.security.sasl.SaslClient;
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.Map;
+
+public class SaslAppClient extends AppClient {
+    private SaslClient saslClient;
+
+    @Override
+    protected void usage(String[] args) {
+        if (args.length < 4) {
+            System.err.println("Usage: SaslAppClient "
+                    + "<server-host> <server-port> <service-protocol> <server-fqdn>");
+            System.exit(-1);
+        }
+    }
+
+    public SaslAppClient(String[] args) throws Exception {
+        super(args);
+
+        String protocol = args[2];
+        String serverFqdn = args[3];
+        Map<String, String> props = new HashMap<String, String>();
+        props.put(Sasl.QOP, "auth");
+
+        this.saslClient = Sasl.createSaslClient(new String[]{"GSSAPI"}, null,
+                protocol, serverFqdn, props, null);
+    }
+
+    @Override
+    protected void withConnection(Transport.Connection conn) throws Exception {
+        byte[] token = saslClient.hasInitialResponse() ? new byte[0] : null;
+        token = saslClient.evaluateChallenge(token);
+        conn.sendMessage("CONT", token);
+
+        Transport.Message msg = conn.recvMessage();
+        while (!saslClient.isComplete() && (isContinue(msg) || isOK(msg))) {
+            byte[] respToken = saslClient.evaluateChallenge(msg.body);
+
+            if (isOK(msg)) {
+                if (respToken != null) {
+                    throw new IOException("Attempting to send response after completion");
+                }
+                break;
+            } else {
+                conn.sendMessage("CONT", respToken);
+                msg = conn.recvMessage();
+            }
+        }
+
+        System.out.println("Context Established! ");
+
+        token = "Hello There!\0".getBytes();
+        System.out.println("Will send wrap token of size " + token.length);
+
+        conn.sendToken(token);
+        setTestOK(true);
+
+        saslClient.dispose();
+    }
+
+    private boolean isOK(Transport.Message msg) {
+        if (msg.header != null) {
+            return new String(msg.header).equals("OK");
+        }
+        return false;
+    }
+
+    private boolean isContinue(Transport.Message msg) {
+        if (msg.header != null) {
+            return new String(msg.header).equals("CONT");
+        }
+        return false;
+    }
+
+    public static void main(String[] args) throws Exception  {
+        new SaslAppClient(args).run();
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/e29e1d49/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/sasl/SaslAppServer.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/sasl/SaslAppServer.java
b/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/sasl/SaslAppServer.java
new file mode 100644
index 0000000..d54ad1f
--- /dev/null
+++ b/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/sasl/SaslAppServer.java
@@ -0,0 +1,117 @@
+package org.apache.kerby.kerberos.kerb.integration.test.sasl;
+
+import org.apache.kerby.kerberos.kerb.integration.test.AppServer;
+import org.apache.kerby.kerberos.kerb.integration.test.Transport;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.security.sasl.AuthorizeCallback;
+import javax.security.sasl.Sasl;
+import javax.security.sasl.SaslException;
+import javax.security.sasl.SaslServer;
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.Map;
+
+public class SaslAppServer extends AppServer {
+    private String mechanism;
+    private String serviceProtocol;
+    private String serverFqdn;
+
+    @Override
+    protected void usage(String[] args) {
+        if (args.length < 3) {
+            System.err.println("Usage: SaslAppServer "
+                    + "<ListenPort> <service-protocol> <server-fqdn>");
+            System.exit(-1);
+        }
+    }
+
+    public SaslAppServer(String[] args) throws Exception {
+        super(args);
+
+        this.mechanism = "GSSAPI";
+        this.serviceProtocol = args[1];
+        this.serverFqdn = args[2];
+    }
+
+    @Override
+    protected void onConnection(Transport.Connection conn) throws Exception {
+        System.out.print("Starting negotiating security context");
+
+        //mechanism, protocol, serverId, saslProperties, callback
+        CallbackHandler callbackHandler = new SaslGssCallbackHandler();
+        Map<String, Object> props = new HashMap<String, Object>();
+        props.put(Sasl.QOP, "auth");
+
+        SaslServer ss = Sasl.createSaslServer(mechanism,
+                serviceProtocol, serverFqdn, props, callbackHandler);
+        Transport.Message msg = conn.recvMessage();
+        while (!ss.isComplete()) {
+            try {
+                byte[] respToken = ss.evaluateResponse(msg.body);
+                if (ss.isComplete()) {
+                    conn.sendMessage("OK", respToken);
+                } else {
+                    conn.sendMessage("CONT", respToken);
+                    msg = conn.recvMessage();
+                }
+
+            } catch (SaslException e) {
+                conn.sendMessage("ERR", null);
+                ss.dispose();
+                break;
+            }
+        }
+
+        System.out.print("Context Established! ");
+
+        doWith(ss, props, conn);
+
+        ss.dispose();
+    }
+
+    protected void doWith(SaslServer ss, Map<String, Object> props,
+                          Transport.Connection conn) throws IOException, Exception {
+        byte[] token = conn.recvToken();
+        String str = new String(token);
+        System.out.println("Received data \""
+                + str + "\" of length " + str.length());
+    }
+
+    public static class SaslGssCallbackHandler implements CallbackHandler {
+
+        @Override
+        public void handle(Callback[] callbacks) throws
+                UnsupportedCallbackException {
+            AuthorizeCallback ac = null;
+            for (Callback callback : callbacks) {
+                if (callback instanceof AuthorizeCallback) {
+                    ac = (AuthorizeCallback) callback;
+                } else {
+                    throw new UnsupportedCallbackException(callback,
+                            "Unrecognized SASL GSSAPI Callback");
+                }
+            }
+            if (ac != null) {
+                String authid = ac.getAuthenticationID();
+                String authzid = ac.getAuthorizationID();
+                if (authid.equals(authzid)) {
+                    ac.setAuthorized(true);
+                } else {
+                    ac.setAuthorized(false);
+                }
+                if (ac.isAuthorized()) {
+                    System.out.println("SASL server GSSAPI callback: setting "
+                            + "canonicalized client ID: " + authzid);
+                    ac.setAuthorizedID(authzid);
+                }
+            }
+        }
+    }
+
+    public static void main(String[] args) throws Exception {
+        new SaslAppServer(args).run();
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/e29e1d49/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/AppTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/AppTest.java
b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/AppTest.java
index 16e8fd2..0964598 100644
--- a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/AppTest.java
+++ b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/AppTest.java
@@ -40,8 +40,6 @@ public abstract class AppTest extends LoginTestBase {
         serverPort = NetworkUtil.getServerPort();
 
         setupAppServer();
-
-        runAppClient();
     }
 
     protected int getServerPort() {

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/e29e1d49/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/SaslAppTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/SaslAppTest.java
b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/SaslAppTest.java
new file mode 100644
index 0000000..508adec
--- /dev/null
+++ b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/SaslAppTest.java
@@ -0,0 +1,51 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.integration.test;
+
+import org.apache.kerby.kerberos.kerb.integration.test.sasl.SaslAppClient;
+import org.apache.kerby.kerberos.kerb.integration.test.sasl.SaslAppServer;
+import org.junit.Test;
+
+public class SaslAppTest extends AppTest {
+
+    @Override
+    protected AppServer createAppServer() throws Exception {
+        return new SaslAppServer(new String[] {
+            String.valueOf(getServerPort()),
+                getServerPrincipalName(),
+                getHostname()
+        });
+    }
+
+    @Override
+    protected AppClient createAppClient() throws Exception {
+        return new SaslAppClient(new String[] {
+            getHostname(),
+            String.valueOf(getServerPort()),
+                getServerPrincipalName(),
+                getHostname()
+        });
+    }
+
+    @Test
+    public void test() throws Exception {
+        runAppClient();
+    }
+}
\ No newline at end of file


Mime
View raw message