directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject directory-kerby git commit: DIRKRB-Add some unit tests for cross realm
Date Fri, 10 Nov 2017 15:26:34 GMT
Repository: directory-kerby
Updated Branches:
  refs/heads/trunk 5d9bece9d -> 3a86646a8


DIRKRB-Add some unit tests for cross realm


Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/3a86646a
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/3a86646a
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/3a86646a

Branch: refs/heads/trunk
Commit: 3a86646a8f47e417b09013b32d826836e3b87d7c
Parents: 5d9bece
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Fri Nov 10 15:26:20 2017 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Fri Nov 10 15:26:20 2017 +0000

----------------------------------------------------------------------
 kerby-kdc-test/pom.xml                          |  40 +++++
 .../kerby/kerberos/kdc/CrossRealmKdcTest.java   | 178 +++++++++++++++++++
 .../src/test/resources/realm1/kdc.conf          |  29 +++
 .../test/resources/realm1/krb5-cross-realm.conf |  45 +++++
 .../src/test/resources/realm2/kdc.conf          |  29 +++
 .../resources/realm2/krb5-cross-realm2.conf     |  45 +++++
 6 files changed, 366 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/3a86646a/kerby-kdc-test/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/pom.xml b/kerby-kdc-test/pom.xml
index 124689a..745e1e3 100644
--- a/kerby-kdc-test/pom.xml
+++ b/kerby-kdc-test/pom.xml
@@ -78,4 +78,44 @@
       <artifactId>assertj-core</artifactId>
     </dependency>
   </dependencies>
+  <build>
+        <testResources>
+            <testResource>
+                <directory>src/test/resources</directory>
+                <filtering>true</filtering>
+                <includes>
+                    <include>**/*.conf</include>
+                </includes>
+            </testResource>
+            <testResource>
+                <directory>src/test/resources</directory>
+                <filtering>false</filtering>
+                <excludes>
+                    <exclude>**/*.conf</exclude>
+                </excludes>
+            </testResource>
+        </testResources>
+        <plugins>
+            <plugin>
+                <groupId>org.codehaus.mojo</groupId>
+                <artifactId>build-helper-maven-plugin</artifactId>
+                <version>3.0.0</version>
+                <executions>
+                    <execution>
+                        <id>reserve-network-port</id>
+                        <goals>
+                            <goal>reserve-network-port</goal>
+                        </goals>
+                        <phase>initialize</phase>
+                        <configuration>
+                            <portNames>
+                                <portName>kdc1.port</portName>
+                                <portName>kdc2.port</portName>
+                            </portNames>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
+        </plugins>
+   </build>
 </project>

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/3a86646a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/CrossRealmKdcTest.java
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/CrossRealmKdcTest.java
b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/CrossRealmKdcTest.java
new file mode 100644
index 0000000..4800ff2
--- /dev/null
+++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/CrossRealmKdcTest.java
@@ -0,0 +1,178 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kdc;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+import java.io.File;
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.URL;
+import java.net.UnknownHostException;
+
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.client.KrbClient;
+import org.apache.kerby.kerberos.kerb.client.KrbConfig;
+import org.apache.kerby.kerberos.kerb.server.SimpleKdcServer;
+import org.apache.kerby.kerberos.kerb.server.TestKdcServer;
+import org.apache.kerby.kerberos.kerb.type.ticket.SgtTicket;
+import org.apache.kerby.kerberos.kerb.type.ticket.TgtTicket;
+import org.junit.AfterClass;
+import org.junit.Assert;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+/**
+ * A test for a cross-realm KDC call.
+ */
+public class CrossRealmKdcTest {
+
+    private static final String REALM1 = "TEST.COM";
+    private static final String REALM2 = "TEST2.COM";
+
+    private static File testDir1;
+    private static File testDir2;
+
+    private KerbyCrossRealmKdc kdc1;
+    private KerbyCrossRealmKdc kdc2;
+
+    @BeforeClass
+    public static void createTestDirs() throws IOException {
+        String basedir = System.getProperty("basedir");
+        if (basedir == null) {
+            basedir = new File(".").getCanonicalPath();
+        }
+        File targetdir = new File(basedir, "target");
+
+        testDir1 = new File(targetdir, "tmp1");
+        testDir1.mkdirs();
+
+        testDir2 = new File(targetdir, "tmp2");
+        testDir2.mkdirs();
+    }
+
+    @AfterClass
+    public static void deleteTestDir() throws IOException {
+        testDir1.delete();
+        testDir2.delete();
+    }
+
+    public CrossRealmKdcTest() throws Exception {
+        // Create the two KDCs
+        URL krb5FileUrl = this.getClass().getResource("/realm1/krb5-cross-realm.conf");
+        kdc1 = startKdc(krb5FileUrl, REALM1, testDir1);
+
+        URL krb5FileUrl2 = this.getClass().getResource("/realm2/krb5-cross-realm2.conf");
+        kdc2 = startKdc(krb5FileUrl2, REALM2, testDir2);
+    }
+
+    private KerbyCrossRealmKdc startKdc(URL krb5FileURL, String realm, File workDir) throws
Exception {
+        File krb5File = new File(krb5FileURL.toURI());
+        KrbConfig krbConfig = new KrbConfig();
+        krbConfig.addKrb5Config(krb5File);
+        SimpleKdcServer kdcServer = new TestKdcServer(krb5File.getParentFile(), krbConfig);
+
+        KerbyCrossRealmKdc kdc = new KerbyCrossRealmKdc(realm);
+        kdc.setKdcServer(kdcServer);
+        kdc.configKdcServerAndClient(workDir);
+        kdc.prepareKdc();
+
+        kdcServer.start();
+
+        kdc.createPrincipals();
+
+        return kdc;
+    }
+
+    @Test
+    public void testCrossRealm() throws Exception {
+        TgtTicket tgt;
+        SgtTicket tkt;
+
+        try {
+            tgt = kdc1.getKrbClient().requestTgt(
+                kdc1.getClientPrincipal(), kdc1.getClientPassword());
+            assertThat(tgt).isNotNull();
+
+            tkt = kdc1.getKrbClient().requestSgt(tgt, kdc2.getServerPrincipal());
+            assertThat(tkt).isNotNull();
+        } catch (Exception e) {
+            Assert.fail("Exception occurred with good password. "
+                    + e.toString());
+        }
+    }
+
+    private static class KerbyCrossRealmKdc {
+
+        private final String clientPassword = "123456";
+        private String hostname;
+        private final String clientPrincipalName = "drankye";
+        private final String serverPassword = "654321";
+        private final String serverPrincipalName = "test-service";
+
+        private SimpleKdcServer kdcServer;
+        private String realm;
+
+        KerbyCrossRealmKdc(String realm) {
+            this.realm = realm;
+            try {
+                hostname = InetAddress.getByName("127.0.0.1").getHostName();
+            } catch (UnknownHostException e) {
+                hostname = "localhost";
+            }
+        }
+
+        public void prepareKdc() throws KrbException {
+            kdcServer.init();
+        }
+
+        public String getClientPassword() {
+            return clientPassword;
+        }
+
+        public void createPrincipals() throws KrbException {
+            kdcServer.createPrincipal(getServerPrincipal(), serverPassword);
+            kdcServer.createPrincipal(getClientPrincipal(), clientPassword);
+
+            // Special cross-realm principal
+            kdcServer.createPrincipal("krbtgt/TEST2.COM@TEST.COM", "security");
+        }
+
+        public void setKdcServer(SimpleKdcServer kdcServer) {
+            this.kdcServer = kdcServer;
+        }
+
+        public void configKdcServerAndClient(File workDir) {
+            kdcServer.setWorkDir(workDir);
+        }
+
+        public KrbClient getKrbClient() {
+            return kdcServer.getKrbClient();
+        }
+
+        public String getClientPrincipal() {
+            return clientPrincipalName + "@" + realm;
+        }
+
+        public String getServerPrincipal() {
+            return serverPrincipalName + "/" + hostname + "@" + realm;
+        }
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/3a86646a/kerby-kdc-test/src/test/resources/realm1/kdc.conf
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/resources/realm1/kdc.conf b/kerby-kdc-test/src/test/resources/realm1/kdc.conf
new file mode 100644
index 0000000..d5895c6
--- /dev/null
+++ b/kerby-kdc-test/src/test/resources/realm1/kdc.conf
@@ -0,0 +1,29 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+[logging]
+  default = FILE:/var/log/krb5libs.log
+  kdc = FILE:/var/log/krb5kdc.log
+  admin_server = FILE:/var/log/kadmind.log
+
+[kdcdefaults]
+  kdc_host = localhost
+  kdc_udp_port = ${kdc1.port}
+  kdc_tcp_port = ${kdc1.port}
+  kdc_realm = TEST.COM
+  restrict_anonymous_to_tgt = true
+  kdc_max_dgram_reply_size = 4096

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/3a86646a/kerby-kdc-test/src/test/resources/realm1/krb5-cross-realm.conf
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/resources/realm1/krb5-cross-realm.conf b/kerby-kdc-test/src/test/resources/realm1/krb5-cross-realm.conf
new file mode 100644
index 0000000..fd2f797
--- /dev/null
+++ b/kerby-kdc-test/src/test/resources/realm1/krb5-cross-realm.conf
@@ -0,0 +1,45 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+[libdefaults]
+  default_realm = TEST.COM
+  kdc_host = localhost
+  kdc_realm = TEST.COM
+  kdc_tcp_port = ${kdc1.port}
+  kdc_udp_port = ${kdc1.port}
+
+[realms]
+  TEST.COM = {
+    kdc = localhost:${kdc1.port}
+  }
+  TEST2.COM = {
+    kdc = localhost:${kdc2.port}
+  }
+  
+[domain_realm]
+  .TEST.COM = test.com
+  TEST.COM = test.com
+  .TEST2.COM = test2.com
+  TEST2.COM = test2.com
+
+[capaths]
+  TEST.COM = {
+    TEST2.COM = .
+  }
+  TEST2.COM = {
+    TEST.COM = .
+  }
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/3a86646a/kerby-kdc-test/src/test/resources/realm2/kdc.conf
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/resources/realm2/kdc.conf b/kerby-kdc-test/src/test/resources/realm2/kdc.conf
new file mode 100644
index 0000000..7b71752
--- /dev/null
+++ b/kerby-kdc-test/src/test/resources/realm2/kdc.conf
@@ -0,0 +1,29 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+[logging]
+  default = FILE:/var/log/krb5libs.log
+  kdc = FILE:/var/log/krb5kdc.log
+  admin_server = FILE:/var/log/kadmind.log
+
+[kdcdefaults]
+  kdc_host = localhost
+  kdc_udp_port = ${kdc2.port}
+  kdc_tcp_port = ${kdc2.port}
+  kdc_realm = TEST2.COM
+  restrict_anonymous_to_tgt = true
+  kdc_max_dgram_reply_size = 4096

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/3a86646a/kerby-kdc-test/src/test/resources/realm2/krb5-cross-realm2.conf
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/resources/realm2/krb5-cross-realm2.conf b/kerby-kdc-test/src/test/resources/realm2/krb5-cross-realm2.conf
new file mode 100644
index 0000000..a552d1c
--- /dev/null
+++ b/kerby-kdc-test/src/test/resources/realm2/krb5-cross-realm2.conf
@@ -0,0 +1,45 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+[libdefaults]
+  default_realm = TEST2.COM
+  kdc_host = localhost
+  kdc_realm = TEST2.COM
+  kdc_tcp_port = ${kdc2.port}
+  kdc_udp_port = ${kdc2.port}
+
+[realms]
+  TEST2.COM = {
+    kdc = localhost:${kdc2.port}
+  }
+  TEST.COM = {
+    kdc = localhost:${kdc1.port}
+  }
+ 
+ [domain_realm]
+  .TEST.COM = test.com
+  TEST.COM = test.com
+  .TEST2.COM = test2.com
+  TEST2.COM = test2.com
+
+[capaths]
+  TEST.COM = {
+    TEST2.COM = .
+  }
+  TEST2.COM = {
+    TEST.COM = .
+  }
\ No newline at end of file


Mime
View raw message