directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From plusplusjia...@apache.org
Subject directory-kerby git commit: Separate the AnonymousPkinitKdcTest from WithCertKdcTest.
Date Mon, 14 Dec 2015 06:53:01 GMT
Repository: directory-kerby
Updated Branches:
  refs/heads/pkinit-support 2f47da369 -> ae04916b1


Separate the AnonymousPkinitKdcTest from WithCertKdcTest.


Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/ae04916b
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/ae04916b
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/ae04916b

Branch: refs/heads/pkinit-support
Commit: ae04916b171b43b71409f34ffd2cb08d30ffaad5
Parents: 2f47da3
Author: plusplusjiajia <jiajia.li@intel.com>
Authored: Mon Dec 14 14:59:26 2015 +0800
Committer: plusplusjiajia <jiajia.li@intel.com>
Committed: Mon Dec 14 14:59:26 2015 +0800

----------------------------------------------------------------------
 .../kerberos/kdc/AnonymousPkinitKdcTest.java    | 91 ++++++++++++++++++++
 .../kerby/kerberos/kdc/WithCertKdcTest.java     | 27 ------
 .../client/preauth/pkinit/PkinitPreauth.java    |  3 +-
 .../kerb/client/request/AsRequestWithCert.java  |  9 +-
 .../kerb/crypto/dh/DhKeyAgreementTest.java      |  2 +-
 .../server/preauth/pkinit/PkinitPreauth.java    |  4 +-
 .../apache/kerby/x509/type/TBSCertificate.java  |  2 +-
 7 files changed, 102 insertions(+), 36 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ae04916b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/AnonymousPkinitKdcTest.java
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/AnonymousPkinitKdcTest.java
b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/AnonymousPkinitKdcTest.java
new file mode 100644
index 0000000..1eb8fa5
--- /dev/null
+++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/AnonymousPkinitKdcTest.java
@@ -0,0 +1,91 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kdc;
+
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.client.KrbPkinitClient;
+import org.apache.kerby.kerberos.kerb.server.KdcConfigKey;
+import org.apache.kerby.kerberos.kerb.server.KdcTestBase;
+import org.apache.kerby.kerberos.kerb.type.ticket.SgtTicket;
+import org.apache.kerby.kerberos.kerb.type.ticket.TgtTicket;
+import org.apache.kerby.pki.PkiLoader;
+import org.junit.Before;
+import org.junit.Test;
+
+import java.net.URL;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+public class AnonymousPkinitKdcTest extends KdcTestBase {
+
+    private PkiLoader pkiLoader;
+    private String serverPrincipal;
+
+    @Before
+    public void setUp() throws Exception {
+        pkiLoader = new PkiLoader();
+
+        super.setUp();
+    }
+
+    @Override
+    protected void configKdcSeverAndClient() {
+        super.configKdcSeverAndClient();
+
+        String pkinitIdentity = getClass().getResource("/kdccerttest.pem").getPath() + ","
+                + getClass().getResource("/kdckey.pem").getPath();
+        getKdcServer().getKdcConfig().setString(KdcConfigKey.PKINIT_IDENTITY, pkinitIdentity);
+    }
+
+    @Override
+    protected void setUpClient() throws Exception {
+        super.setUpClient();
+    }
+
+    @Override
+    protected void createPrincipals() throws KrbException {
+        super.createPrincipals();
+        //Anonymity support is not enabled by default.
+        //To enable it, you must create the principal WELLKNOWN/ANONYMOUS
+        getKdcServer().createPrincipal("WELLKNOWN/ANONYMOUS");
+    }
+
+    @Test
+    public void testAnonymity() throws Exception {
+
+        getKrbClient().init();
+
+        URL url = getClass().getResource("/cacerttest.pem");
+        TgtTicket tgt;
+        KrbPkinitClient pkinitClient = new KrbPkinitClient(getKrbClient());
+        try {
+            tgt = pkinitClient.requestTgt(url.getPath());
+        } catch (KrbException te) {
+            te.printStackTrace();
+            assertThat(te.getMessage().contains("timeout")).isTrue();
+            return;
+        }
+        assertThat(tgt).isNotNull();
+
+        serverPrincipal = getServerPrincipal();
+        SgtTicket tkt = getKrbClient().requestSgt(tgt, serverPrincipal);
+        assertThat(tkt).isNotNull();
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ae04916b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithCertKdcTest.java
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithCertKdcTest.java
b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithCertKdcTest.java
index b15793f..38f8a8c 100644
--- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithCertKdcTest.java
+++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithCertKdcTest.java
@@ -29,7 +29,6 @@ import org.apache.kerby.pki.PkiLoader;
 import org.junit.Before;
 
 import java.io.InputStream;
-import java.net.URL;
 import java.security.PrivateKey;
 import java.security.cert.Certificate;
 
@@ -80,32 +79,6 @@ public class WithCertKdcTest extends KdcTestBase {
     @Override
     protected void createPrincipals() throws KrbException {
         super.createPrincipals();
-        //Anonymity support is not enabled by default.
-        //To enable it, you must create the principal WELLKNOWN/ANONYMOUS
-        getKdcServer().createPrincipal("WELLKNOWN/ANONYMOUS");
-    }
-
-    // TO BE FIXED
-    //@Test
-    public void testAnonymity() throws Exception {
-
-        getKrbClient().init();
-
-        URL url = getClass().getResource("/cacerttest.pem");
-        TgtTicket tgt;
-        KrbPkinitClient pkinitClient = new KrbPkinitClient(getKrbClient());
-        try {
-            tgt = pkinitClient.requestTgt(url.getPath());
-        } catch (KrbException te) {
-            te.printStackTrace();
-            assertThat(te.getMessage().contains("timeout")).isTrue();
-            return;
-        }
-        assertThat(tgt).isNotNull();
-
-        serverPrincipal = getServerPrincipal();
-        SgtTicket tkt = getKrbClient().requestSgt(tgt, serverPrincipal);
-        assertThat(tkt).isNotNull();
     }
 
     //@Test

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ae04916b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java
b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java
index 72d09d2..5a0688e 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java
@@ -261,8 +261,7 @@ public class PkinitPreauth extends AbstractPreauthPlugin {
 
             DHPublicKey clientPubKey = null;
             try {
-                // TO BE FIXED: MODP_GROUP14 may fail!
-                clientPubKey = client.init(DhGroup.MODP_GROUP2);
+                clientPubKey = client.init(DhGroup.MODP_GROUP14);
             } catch (Exception e) {
                 e.printStackTrace();
             }

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ae04916b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/request/AsRequestWithCert.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/request/AsRequestWithCert.java
b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/request/AsRequestWithCert.java
index 854d199..e3f0dde 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/request/AsRequestWithCert.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/request/AsRequestWithCert.java
@@ -21,7 +21,6 @@ package org.apache.kerby.kerberos.kerb.client.request;
 
 import org.apache.kerby.KOptions;
 import org.apache.kerby.asn1.type.Asn1Integer;
-import org.apache.kerby.x509.type.Certificate;
 import org.apache.kerby.cms.type.CertificateChoices;
 import org.apache.kerby.cms.type.CertificateSet;
 import org.apache.kerby.cms.type.ContentInfo;
@@ -49,6 +48,7 @@ import org.apache.kerby.kerberos.kerb.type.pa.pkinit.DHNonce;
 import org.apache.kerby.kerberos.kerb.type.pa.pkinit.DHRepInfo;
 import org.apache.kerby.kerberos.kerb.type.pa.pkinit.KdcDHKeyInfo;
 import org.apache.kerby.kerberos.kerb.type.pa.pkinit.PaPkAsRep;
+import org.apache.kerby.x509.type.Certificate;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -110,9 +110,10 @@ public class AsRequestWithCert extends AsRequest {
             if (paEntry.getPaDataType() == PaDataType.PK_AS_REP) {
                 LOG.info("processing PK_AS_REP");
 
-                PaPkAsRep paPkAsRep = KrbCodec.decode(paEntry.getPaDataValue(), PaPkAsRep.class);
-
-                DHRepInfo dhRepInfo = paPkAsRep.getDHRepInfo();
+                //TODO CHOICE
+                //PaPkAsRep paPkAsRep = KrbCodec.decode(paEntry.getPaDataValue(), PaPkAsRep.class);
+                //DHRepInfo dhRepInfo = paPkAsRep.getDHRepInfo();
+                DHRepInfo dhRepInfo = KrbCodec.decode(paEntry.getPaDataValue(), DHRepInfo.class);
 
                 DHNonce nonce = dhRepInfo.getServerDhNonce();
                 byte[] dhSignedData = dhRepInfo.getDHSignedData();

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ae04916b/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/dh/DhKeyAgreementTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/dh/DhKeyAgreementTest.java
b/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/dh/DhKeyAgreementTest.java
index 1c0ba81..4ddf122 100644
--- a/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/dh/DhKeyAgreementTest.java
+++ b/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/dh/DhKeyAgreementTest.java
@@ -125,7 +125,7 @@ public class DhKeyAgreementTest {
      *
      * @throws Exception
      */
-    //@Test
+    @Test
     public void testGeneratedDhParams() throws Exception {
         DhClient client = new DhClient();
         DhServer server = new DhServer();

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ae04916b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
index 08afe58..ae78357 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
@@ -277,7 +277,9 @@ public class PkinitPreauth extends AbstractPreauthPlugin {
 
         PaDataEntry paDataEntry = new PaDataEntry();
         paDataEntry.setPaDataType(PaDataType.PK_AS_REP);
-        paDataEntry.setPaDataValue(paPkAsRep.encode());
+        //TODO CHOICE
+        //paDataEntry.setPaDataValue(paPkAsRep.encode());
+        paDataEntry.setPaDataValue(paPkAsRep.getDHRepInfo().encode());
 
         return paDataEntry;
     }

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ae04916b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/TBSCertificate.java
----------------------------------------------------------------------
diff --git a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/TBSCertificate.java b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/TBSCertificate.java
index 1730fda..60519c3 100644
--- a/kerby-pkix/src/main/java/org/apache/kerby/x509/type/TBSCertificate.java
+++ b/kerby-pkix/src/main/java/org/apache/kerby/x509/type/TBSCertificate.java
@@ -166,7 +166,7 @@ public class TBSCertificate extends Asn1SequenceType {
     }
 
     public void setSubjectUniqueId(byte[] issuerUniqueId) {
-        setFieldAs(ISSUER_UNIQUE_ID, new Asn1BitString(issuerUniqueId));
+        setFieldAs(SUBJECT_UNIQUE_ID, new Asn1BitString(issuerUniqueId));
     }
 
     public Extensions getExtensions() {


Mime
View raw message