directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From seelm...@apache.org
Subject svn commit: r1705348 - /directory/apacheds/trunk/kerberos-test/src/test/java/org/apache/directory/server/kerberos/kdc/SaslGssapiBindITest.java
Date Fri, 25 Sep 2015 20:24:10 GMT
Author: seelmann
Date: Fri Sep 25 20:24:10 2015
New Revision: 1705348

URL: http://svn.apache.org/viewvc?rev=1705348&view=rev
Log:
Replace localhost with InetAddress.getLocalHost(), simplyfy test setup.

Modified:
    directory/apacheds/trunk/kerberos-test/src/test/java/org/apache/directory/server/kerberos/kdc/SaslGssapiBindITest.java

Modified: directory/apacheds/trunk/kerberos-test/src/test/java/org/apache/directory/server/kerberos/kdc/SaslGssapiBindITest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-test/src/test/java/org/apache/directory/server/kerberos/kdc/SaslGssapiBindITest.java?rev=1705348&r1=1705347&r2=1705348&view=diff
==============================================================================
--- directory/apacheds/trunk/kerberos-test/src/test/java/org/apache/directory/server/kerberos/kdc/SaslGssapiBindITest.java
(original)
+++ directory/apacheds/trunk/kerberos-test/src/test/java/org/apache/directory/server/kerberos/kdc/SaslGssapiBindITest.java
Fri Sep 25 20:24:10 2015
@@ -29,15 +29,9 @@ import java.util.Hashtable;
 
 import javax.naming.Context;
 import javax.naming.NamingException;
-import javax.naming.directory.Attribute;
 import javax.naming.directory.Attributes;
-import javax.naming.directory.BasicAttribute;
-import javax.naming.directory.BasicAttributes;
 import javax.naming.directory.DirContext;
 import javax.naming.directory.InitialDirContext;
-import javax.naming.directory.ModificationItem;
-import javax.naming.ldap.InitialLdapContext;
-import javax.naming.ldap.LdapContext;
 import javax.security.auth.Subject;
 import javax.security.auth.callback.Callback;
 import javax.security.auth.callback.CallbackHandler;
@@ -48,23 +42,18 @@ import javax.security.auth.login.Configu
 import javax.security.auth.login.LoginContext;
 import javax.security.auth.login.LoginException;
 
-import org.apache.directory.api.ldap.model.constants.SchemaConstants;
 import org.apache.directory.api.ldap.model.constants.SupportedSaslMechanisms;
 import org.apache.directory.ldap.client.api.Krb5LoginConfiguration;
 import org.apache.directory.server.annotations.CreateKdcServer;
 import org.apache.directory.server.annotations.CreateLdapServer;
 import org.apache.directory.server.annotations.CreateTransport;
 import org.apache.directory.server.annotations.SaslMechanism;
-import org.apache.directory.server.constants.ServerDNConstants;
+import org.apache.directory.server.core.annotations.ApplyLdifs;
 import org.apache.directory.server.core.annotations.ContextEntry;
 import org.apache.directory.server.core.annotations.CreateDS;
 import org.apache.directory.server.core.annotations.CreateIndex;
 import org.apache.directory.server.core.annotations.CreatePartition;
-import org.apache.directory.server.core.api.CoreSession;
-import org.apache.directory.server.core.api.DirectoryService;
-import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
 import org.apache.directory.server.core.integ.FrameworkRunner;
-import org.apache.directory.server.core.jndi.CoreContextFactory;
 import org.apache.directory.server.core.kerberos.KeyDerivationInterceptor;
 import org.apache.directory.server.i18n.I18n;
 import org.apache.directory.server.ldap.handlers.sasl.cramMD5.CramMd5MechanismHandler;
@@ -72,8 +61,9 @@ import org.apache.directory.server.ldap.
 import org.apache.directory.server.ldap.handlers.sasl.gssapi.GssapiMechanismHandler;
 import org.apache.directory.server.ldap.handlers.sasl.ntlm.NtlmMechanismHandler;
 import org.apache.directory.server.ldap.handlers.sasl.plain.PlainMechanismHandler;
-import org.junit.After;
-import org.junit.Before;
+import org.apache.directory.server.protocol.shared.transport.TcpTransport;
+import org.apache.directory.shared.kerberos.codec.types.EncryptionType;
+import org.apache.directory.shared.kerberos.crypto.checksum.ChecksumType;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 
@@ -133,147 +123,28 @@ import org.junit.runner.RunWith;
             @CreateTransport(protocol = "UDP", port = 6088),
             @CreateTransport(protocol = "TCP", port = 6088)
     })
-public class SaslGssapiBindITest extends AbstractLdapTestUnit
+@ApplyLdifs({
+    "dn: ou=users,dc=example,dc=com",
+    "objectClass: top",
+    "objectClass: organizationalUnit",
+    "ou: users"
+})
+public class SaslGssapiBindITest extends AbstractKerberosITest
 {
-    private DirContext ctx;
-
-    /** the context root for the schema */
-    protected LdapContext schemaRoot;
-
-    /** the context root for the system partition */
-    protected LdapContext sysRoot;
-
-    /** the context root for the rootDSE */
-    protected CoreSession rootDse;
-
-
-    /**
-     * Creates a new instance of SaslGssapiBindTest and sets JAAS system properties.
-     */
-    public SaslGssapiBindITest()
-    {
-        String krbConfPath = getClass().getClassLoader().getResource( "krb5.conf" ).getFile();
-        System.setProperty( "java.security.krb5.conf", krbConfPath );
-        System.setProperty( "sun.security.krb5.debug", "false" );
-    }
-
-
-    /**
-     * Set up a partition for EXAMPLE.COM and add user and service principals to
-     * test authentication with.
-     */
-    @Before
-    public void setUp() throws Exception
-    {
-        String servicePrincipalName = KerberosTestUtils.fixServicePrincipalName( "ldap/localhost@EXAMPLE.COM",
null, getLdapServer() );
-
-        Attributes attrs;
-
-        setContexts( "uid=admin,ou=system", "secret" );
-
-        // -------------------------------------------------------------------
-        // Enable the krb5kdc schema
-        // -------------------------------------------------------------------
-
-        // check if krb5kdc is disabled
-        Attributes krb5kdcAttrs = schemaRoot.getAttributes( "cn=Krb5kdc" );
-        boolean isKrb5KdcDisabled = false;
-
-        if ( krb5kdcAttrs.get( "m-disabled" ) != null )
-        {
-            isKrb5KdcDisabled = ( ( String ) krb5kdcAttrs.get( "m-disabled" ).get() ).equalsIgnoreCase(
"TRUE" );
-        }
-
-        // if krb5kdc is disabled then enable it
-        if ( isKrb5KdcDisabled )
-        {
-            Attribute disabled = new BasicAttribute( "m-disabled" );
-            ModificationItem[] mods = new ModificationItem[]
-                { new ModificationItem( DirContext.REMOVE_ATTRIBUTE, disabled ) };
-            schemaRoot.modifyAttributes( "cn=Krb5kdc", mods );
-        }
-
-        // Get a context, create the ou=users subcontext, then create the 3 principals.
-        Hashtable<String, Object> env = new Hashtable<String, Object>();
-        env.put( DirectoryService.JNDI_KEY, getService() );
-        env.put( Context.INITIAL_CONTEXT_FACTORY, "org.apache.directory.server.core.jndi.CoreContextFactory"
);
-        env.put( Context.PROVIDER_URL, "dc=example,dc=com" );
-        env.put( Context.SECURITY_PRINCIPAL, "uid=admin,ou=system" );
-        env.put( Context.SECURITY_CREDENTIALS, "secret" );
-        env.put( Context.SECURITY_AUTHENTICATION, "simple" );
-
-        ctx = new InitialDirContext( env );
-
-        attrs = getOrgUnitAttributes( "users" );
-        DirContext users = ctx.createSubcontext( "ou=users", attrs );
-
-        attrs = getPrincipalAttributes( "Nelson", "Horatio Nelson", "hnelson", "secret",
"hnelson@EXAMPLE.COM" );
-        users.createSubcontext( "uid=hnelson", attrs );
-
-        attrs = getPrincipalAttributes( "Service", "KDC Service", "krbtgt", "secret", "krbtgt/EXAMPLE.COM@EXAMPLE.COM"
);
-        users.createSubcontext( "uid=krbtgt", attrs );
-
-        attrs = getPrincipalAttributes( "Service", "LDAP Service", "ldap", "randall", servicePrincipalName
);
-        users.createSubcontext( "uid=ldap", attrs );
-    }
-
-
-    /**
-     * Convenience method for creating principals.
-     *
-     * @param cn           the commonName of the person
-     * @param principal    the kerberos principal name for the person
-     * @param sn           the surName of the person
-     * @param uid          the unique identifier for the person
-     * @param userPassword the credentials of the person
-     * @return the attributes of the person principal
-     */
-    protected Attributes getPrincipalAttributes( String sn, String cn, String uid, String
userPassword, String principal )
-    {
-        Attributes attrs = new BasicAttributes( true );
-        Attribute ocls = new BasicAttribute( "objectClass" );
-        ocls.add( "top" );
-        ocls.add( "person" ); // sn $ cn
-        ocls.add( "inetOrgPerson" ); // uid
-        ocls.add( "krb5principal" );
-        ocls.add( "krb5kdcentry" );
-        attrs.put( ocls );
-        attrs.put( "cn", cn );
-        attrs.put( "sn", sn );
-        attrs.put( "uid", uid );
-        attrs.put( "userPassword", userPassword );
-        attrs.put( "krb5PrincipalName", principal );
-        attrs.put( "krb5KeyVersionNumber", "0" );
-
-        return attrs;
-    }
-
-
-    /**
-     * Convenience method for creating an organizational unit.
-     *
-     * @param ou the ou of the organizationalUnit
-     * @return the attributes of the organizationalUnit
-     */
-    protected Attributes getOrgUnitAttributes( String ou )
-    {
-        Attributes attrs = new BasicAttributes( true );
-        Attribute ocls = new BasicAttribute( "objectClass" );
-        ocls.add( "top" );
-        ocls.add( "organizationalUnit" );
-        attrs.put( ocls );
-        attrs.put( "ou", ou );
-
-        return attrs;
-    }
-
 
     /**
      * Tests to make sure GSSAPI binds below the RootDSE work.
      */
     @Test
-    public void testSaslGssapiBind()
+    public void testSaslGssapiBind() throws Exception
     {
+        // Set up a partition for EXAMPLE.COM and add user and service principals to test
authentication with.
+        KerberosTestUtils.fixServicePrincipalName(
+            "ldap/" + KerberosTestUtils.getHostName() + "@EXAMPLE.COM", null, getLdapServer()
);
+        ObtainTicketParameters parameters = new ObtainTicketParameters( TcpTransport.class,
+            EncryptionType.AES128_CTS_HMAC_SHA1_96, ChecksumType.HMAC_SHA1_96_AES128 );
+        setupEnv( parameters );
+
         kdcServer.getConfig().setPaEncTimestampRequired( false );
         // Use our custom configuration to avoid reliance on external config
         Configuration.setConfiguration( new Krb5LoginConfiguration() );
@@ -292,9 +163,9 @@ public class SaslGssapiBindITest extends
         }
 
         // 2. Perform JNDI work as authenticated Subject.
-        Subject.doAs( lc.getSubject(), new PrivilegedAction()
+        Subject.doAs( lc.getSubject(), new PrivilegedAction<Void>()
         {
-            public Object run()
+            public Void run()
             {
                 //FIXME activate this code as soon as the GSSAPIMechanismHandler is fixed.
                 //Currently GSSAPI authentication for the ldap server is broken
@@ -303,7 +174,8 @@ public class SaslGssapiBindITest extends
                     // Create the initial context
                     Hashtable<String, String> env = new Hashtable<String, String>();
                     env.put( Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"
);
-                    env.put( Context.PROVIDER_URL, "ldap://localhost:" + getLdapServer().getPort()
);
+                    env.put( Context.PROVIDER_URL, "ldap://" + KerberosTestUtils.getHostName()
+ ":"
+                        + getLdapServer().getPort() );
 
                     // Request the use of the "GSSAPI" SASL mechanism
                     // Authenticate by using already established Kerberos credentials
@@ -346,59 +218,6 @@ public class SaslGssapiBindITest extends
     }
 
 
-    /**
-     * Tear down.
-     */
-    @After
-    public void tearDown() throws Exception
-    {
-        ctx.close();
-        ctx = null;
-    }
-
-
-    // copied the below two methods from AbstractServerTest
-    /**
-     * Sets the contexts for this base class.  Values of user and password used to
-     * set the respective JNDI properties.  These values can be overriden by the
-     * overrides properties.
-     *
-     * @param user the username for authenticating as this user
-     * @param passwd the password of the user
-     * @throws NamingException if there is a failure of any kind
-     */
-    protected void setContexts( String user, String passwd ) throws Exception
-    {
-        Hashtable<String, Object> env = new Hashtable<String, Object>();
-        env.put( DirectoryService.JNDI_KEY, getService() );
-        env.put( Context.SECURITY_PRINCIPAL, user );
-        env.put( Context.SECURITY_CREDENTIALS, passwd );
-        env.put( Context.SECURITY_AUTHENTICATION, "simple" );
-        env.put( Context.INITIAL_CONTEXT_FACTORY, CoreContextFactory.class.getName() );
-        setContexts( env );
-    }
-
-
-    /**
-     * Sets the contexts of this class taking into account the extras and overrides
-     * properties.
-     *
-     * @param env an environment to use while setting up the system root.
-     * @throws NamingException if there is a failure of any kind
-     */
-    protected void setContexts( Hashtable<String, Object> env ) throws Exception
-    {
-        Hashtable<String, Object> envFinal = new Hashtable<String, Object>( env
);
-        envFinal.put( Context.PROVIDER_URL, ServerDNConstants.SYSTEM_DN );
-        sysRoot = new InitialLdapContext( envFinal, null );
-
-        envFinal.put( Context.PROVIDER_URL, "" );
-        rootDse = getService().getAdminSession();
-
-        envFinal.put( Context.PROVIDER_URL, SchemaConstants.OU_SCHEMA );
-        schemaRoot = new InitialLdapContext( envFinal, null );
-    }
-
     private class CallbackHandlerBean implements CallbackHandler
     {
         private String name;



Mime
View raw message