Mailing-List: contact dev-help@directory.apache.org; run by ezmlm
Precedence: bulk
Reply-To: "Apache Directory Developers List" <dev@directory.apache.org>
Message-ID: <1961536633.1222172204580.JavaMail.jira@brutus>
Date: Tue, 23 Sep 2008 05:16:44 -0700 (PDT)
From: "Norval Hope (JIRA)" <jira@apache.org>
To: dev@directory.apache.org
Subject: [jira] Commented: (DIRSERVER-1247) removing unrequired escaping in
 DNs / filters
In-Reply-To: <630448109.1221012104488.JavaMail.jira@brutus>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit


    [ https://issues.apache.org/jira/browse/DIRSERVER-1247?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12633706#action_12633706 ] 

Norval Hope commented on DIRSERVER-1247:
----------------------------------------

Unfortunately I seem to have run into another failure unrelated to my changes in ...\apacheds\protocol-kerberos :

...
Tests in error:
  testRequestAes128(org.apache.directory.server.kerberos.protocol.TicketGrantingEncryptionTypeTest)

Tests run: 105, Failures: 0, Errors: 1, Skipped: 0

----
-------------------------------------------------------------------------------
Test set: org.apache.directory.server.kerberos.protocol.TicketGrantingEncryptionTypeTest
-------------------------------------------------------------------------------
Tests run: 6, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 0.375 sec <<< FAILURE!
testRequestAes128(org.apache.directory.server.kerberos.protocol.TicketGrantingEncryptionTypeTest)  Time elapsed: 0 sec  <<< ERROR!
java.lang.ClassCastException: org.apache.directory.server.kerberos.shared.messages.ErrorMessage
	at org.apache.directory.server.kerberos.protocol.TicketGrantingEncryptionTypeTest.testRequestAes128(TicketGrantingEncryptionTypeTest.java:171)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)

the line that is failing is marked with ------<<<<< below:


    /**
     * Tests the use of a TGT containing a DES-CBC-MD5 session key while the
     * requested encryption type is AES-128.
     *
     * @throws Exception
     */
    public void testRequestAes128() throws Exception
    {
        EncryptionType[] configuredEncryptionTypes =
                {EncryptionType.AES128_CTS_HMAC_SHA1_96};
        config.setEncryptionTypes( configuredEncryptionTypes );

        // Get the mutable ticket part.
        KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
        EncTicketPartModifier encTicketPartModifier = getTicketArchetype( clientPrincipal );

        // Seal the ticket for the server.
        KerberosPrincipal serverPrincipal = new KerberosPrincipal( "krbtgt/EXAMPLE.COM@EXAMPLE.COM" );
        String passPhrase = "randomKey";
        EncryptionKey serverKey = getEncryptionKey( serverPrincipal, passPhrase );
        Ticket tgt = getTicket( encTicketPartModifier, serverPrincipal, serverKey );

        RequestBodyModifier modifier = new RequestBodyModifier();
        modifier.setServerName( getPrincipalName( "ldap/ldap.example.com@EXAMPLE.COM" ) );
        modifier.setRealm( "EXAMPLE.COM" );

        Set<EncryptionType> encryptionTypes = new HashSet<EncryptionType>();
        encryptionTypes.add( EncryptionType.AES128_CTS_HMAC_SHA1_96 );

        modifier.setEType( encryptionTypes );

        modifier.setNonce( random.nextInt() );

        KdcOptions kdcOptions = new KdcOptions();
        modifier.setKdcOptions( kdcOptions );

        long now = System.currentTimeMillis();
        KerberosTime requestedEndTime = new KerberosTime( now + 1 * KerberosTime.DAY );
        modifier.setTill( requestedEndTime );

        RequestBody requestBody = modifier.getRequestBody();
        KdcRequest message = getKdcRequest( tgt, requestBody );

        handler.messageReceived( session, message );

        TicketGrantReply reply = ( TicketGrantReply ) session.getMessage();                   /------------------------------------------<<<<<<<<

        assertEquals( "Encryption type", EncryptionType.DES_CBC_MD5, reply.getEncPart().getEType() );
        assertEquals( "Encryption type", EncryptionType.AES128_CTS_HMAC_SHA1_96, reply.getTicket().getEncPart()
                .getEType() );
    }


> removing unrequired escaping in DNs / filters
> ---------------------------------------------
>
>                 Key: DIRSERVER-1247
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-1247
>             Project: Directory ApacheDS
>          Issue Type: Improvement
>          Components: ldap
>    Affects Versions: 1.5.4
>            Reporter: Norval Hope
>             Fix For: 1.5.5
>
>         Attachments: escaping.patch
>
>   Original Estimate: 8h
>  Remaining Estimate: 8h
>
> The current Dn and filter handling is overly restrictive in that all non-ascii characters are quoted using the \NN syntax. This is probably due to rfc 2253 being unclear about the fact that multibyte UTF-8 encoded values can be used, but this iss further clarified in rfc 4514 which superceeds 2253. The application of unrequired quoting makes debugging / reading logs much harder then it should be, as it requires manual calculations rather then just setting the file encoding on your log file / IDE windows to being UTF-8.
> I have attached a patch file with the required updates to code and unit tests under /shared/ldap (some problems i had noted with earlier AD version due to unspecified encoding when converting bytes to / from Strings had already been tidied up in AD 1.5.4). 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.