harmony-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From smish...@apache.org
Subject svn commit: r440989 - in /incubator/harmony/enhanced/classlib/trunk/modules/auth: ./ src/main/java/common/org/apache/harmony/auth/internal/kerberos/v5/ src/main/java/common/org/apache/harmony/auth/module/ src/test/java/common/org/apache/harmony/auth/te...
Date Thu, 07 Sep 2006 06:13:23 GMT
Author: smishura
Date: Wed Sep  6 23:13:22 2006
New Revision: 440989

URL: http://svn.apache.org/viewvc?view=rev&rev=440989
Log:
Krb5LoginModule enhancement: add handing KDC error messages

Adding regression test that is excluded for a while

Added:
    incubator/harmony/enhanced/classlib/trunk/modules/auth/src/test/java/common/org/apache/harmony/auth/tests/module/
    incubator/harmony/enhanced/classlib/trunk/modules/auth/src/test/java/common/org/apache/harmony/auth/tests/module/Krb5LoginModuleTest.java
  (with props)
Modified:
    incubator/harmony/enhanced/classlib/trunk/modules/auth/build.xml
    incubator/harmony/enhanced/classlib/trunk/modules/auth/src/main/java/common/org/apache/harmony/auth/internal/kerberos/v5/KDCRequest.java
    incubator/harmony/enhanced/classlib/trunk/modules/auth/src/main/java/common/org/apache/harmony/auth/internal/kerberos/v5/KerberosErrorMessage.java
    incubator/harmony/enhanced/classlib/trunk/modules/auth/src/main/java/common/org/apache/harmony/auth/module/Krb5LoginModule.java
    incubator/harmony/enhanced/classlib/trunk/modules/auth/src/test/java/common/org/apache/harmony/auth/tests/internal/kerberos/v5/KerberosErrorMessageTest.java

Modified: incubator/harmony/enhanced/classlib/trunk/modules/auth/build.xml
URL: http://svn.apache.org/viewvc/incubator/harmony/enhanced/classlib/trunk/modules/auth/build.xml?view=diff&rev=440989&r1=440988&r2=440989
==============================================================================
--- incubator/harmony/enhanced/classlib/trunk/modules/auth/build.xml (original)
+++ incubator/harmony/enhanced/classlib/trunk/modules/auth/build.xml Wed Sep  6 23:13:22 2006
@@ -193,6 +193,10 @@
 
                     <!-- Not a test -->
                     <exclude name="org/apache/harmony/auth/internal/SecurityTest.java"/>
+                	
+                    <!-- The test is under development     -->
+                    <!-- excluded to avoid random failures -->
+                    <exclude name="org/apache/harmony/auth/tests/module/Krb5LoginModuleTest.java"/>
                 </fileset>
             </batchtest>
         </junit>

Modified: incubator/harmony/enhanced/classlib/trunk/modules/auth/src/main/java/common/org/apache/harmony/auth/internal/kerberos/v5/KDCRequest.java
URL: http://svn.apache.org/viewvc/incubator/harmony/enhanced/classlib/trunk/modules/auth/src/main/java/common/org/apache/harmony/auth/internal/kerberos/v5/KDCRequest.java?view=diff&rev=440989&r1=440988&r2=440989
==============================================================================
--- incubator/harmony/enhanced/classlib/trunk/modules/auth/src/main/java/common/org/apache/harmony/auth/internal/kerberos/v5/KDCRequest.java
(original)
+++ incubator/harmony/enhanced/classlib/trunk/modules/auth/src/main/java/common/org/apache/harmony/auth/internal/kerberos/v5/KDCRequest.java
Wed Sep  6 23:13:22 2006
@@ -16,11 +16,16 @@
 
 package org.apache.harmony.auth.internal.kerberos.v5;
 
+import java.io.IOException;
 import java.math.BigInteger;
+import java.net.DatagramPacket;
+import java.net.DatagramSocket;
+import java.net.InetAddress;
 import java.util.ArrayList;
 import java.util.Date;
 
 import org.apache.harmony.security.asn1.ASN1Any;
+import org.apache.harmony.security.asn1.ASN1Constants;
 import org.apache.harmony.security.asn1.ASN1Explicit;
 import org.apache.harmony.security.asn1.ASN1Integer;
 import org.apache.harmony.security.asn1.ASN1Sequence;
@@ -34,7 +39,7 @@
  * @see http://www.ietf.org/rfc/rfc3961.txt
  * @see http://www.ietf.org/rfc/rfc4120.txt
  */
-class KDCRequest {
+public class KDCRequest {
 
     /**
      * Authentication Service request message type
@@ -55,7 +60,7 @@
 
     private final PrincipalName sname;
 
-    public KDCRequest(int msgType, PrincipalName cname, String realm,
+    private KDCRequest(int msgType, PrincipalName cname, String realm,
             PrincipalName sname) {
 
         this.msgType = msgType;
@@ -64,6 +69,31 @@
         this.sname = sname;
     }
 
+    public static KDCRequest createASRequest(PrincipalName cname, String realm) {
+
+        PrincipalName krbtgt = new PrincipalName(PrincipalName.NT_SRV_XHST,
+                new String[] { "krbtgt", realm });
+
+        return new KDCRequest(AS_REQ, cname, realm, krbtgt);
+    }
+
+    public DatagramSocket send(InetAddress address, int port)
+            throws IOException {
+
+        if (msgType != AS_REQ) {
+            throw new RuntimeException("Not implemented");
+        }
+        
+        byte[] enc = AS_REQ_ASN1.encode(this);
+
+        DatagramPacket req = new DatagramPacket(enc, enc.length, address, port);
+        DatagramSocket socket = new DatagramSocket();
+
+        socket.send(req);
+
+        return socket;
+    }
+
     // KDC-REQ-BODY    ::= SEQUENCE {
     //     kdc-options             [0] KDCOptions,
     //     cname                   [1] PrincipalName OPTIONAL
@@ -158,17 +188,15 @@
     //     req-body        [4] KDC-REQ-BODY
     // }
     //
-    static final ASN1Sequence KDC_REQ = new ASN1Sequence(
-            new ASN1Type[] {
-            // pvno [1] INTEGER (5)
-                    new ASN1Explicit(1, ASN1Integer.getInstance()),
-                    // msg-type [2] INTEGER
-                    new ASN1Explicit(2, ASN1Integer.getInstance()),
-                    // padata [3] SEQUENCE OF PA-DATA OPTIONAL
-                    new ASN1Explicit(3, new ASN1SequenceOf(ASN1Any
-                            .getInstance())),
-                    // req-body [4] KDC-REQ-BODY
-                    new ASN1Explicit(4, KDC_REQ_BODY), }) {
+    static final ASN1Sequence KDC_REQ_ASN1 = new ASN1Sequence(new ASN1Type[] {
+    // pvno [1] INTEGER (5)
+            new ASN1Explicit(1, ASN1Integer.getInstance()),
+            // msg-type [2] INTEGER
+            new ASN1Explicit(2, ASN1Integer.getInstance()),
+            // padata [3] SEQUENCE OF PA-DATA OPTIONAL
+            new ASN1Explicit(3, new ASN1SequenceOf(ASN1Any.getInstance())),
+            // req-body [4] KDC-REQ-BODY
+            new ASN1Explicit(4, KDC_REQ_BODY), }) {
         {
             setOptional(2); // padata
         }
@@ -182,4 +210,7 @@
             values[3] = request; // pass for further use
         }
     };
+
+    static final ASN1Explicit AS_REQ_ASN1 = new ASN1Explicit(
+            ASN1Constants.CLASS_APPLICATION, AS_REQ, KDC_REQ_ASN1);
 }

Modified: incubator/harmony/enhanced/classlib/trunk/modules/auth/src/main/java/common/org/apache/harmony/auth/internal/kerberos/v5/KerberosErrorMessage.java
URL: http://svn.apache.org/viewvc/incubator/harmony/enhanced/classlib/trunk/modules/auth/src/main/java/common/org/apache/harmony/auth/internal/kerberos/v5/KerberosErrorMessage.java?view=diff&rev=440989&r1=440988&r2=440989
==============================================================================
--- incubator/harmony/enhanced/classlib/trunk/modules/auth/src/main/java/common/org/apache/harmony/auth/internal/kerberos/v5/KerberosErrorMessage.java
(original)
+++ incubator/harmony/enhanced/classlib/trunk/modules/auth/src/main/java/common/org/apache/harmony/auth/internal/kerberos/v5/KerberosErrorMessage.java
Wed Sep  6 23:13:22 2006
@@ -165,6 +165,6 @@
         }
     };
 
-    private static final ASN1Explicit ASN1 = new ASN1Explicit(
+    public static final ASN1Explicit ASN1 = new ASN1Explicit(
             ASN1Constants.CLASS_APPLICATION, 30, KRB_ERROR);
 }

Modified: incubator/harmony/enhanced/classlib/trunk/modules/auth/src/main/java/common/org/apache/harmony/auth/module/Krb5LoginModule.java
URL: http://svn.apache.org/viewvc/incubator/harmony/enhanced/classlib/trunk/modules/auth/src/main/java/common/org/apache/harmony/auth/module/Krb5LoginModule.java?view=diff&rev=440989&r1=440988&r2=440989
==============================================================================
--- incubator/harmony/enhanced/classlib/trunk/modules/auth/src/main/java/common/org/apache/harmony/auth/module/Krb5LoginModule.java
(original)
+++ incubator/harmony/enhanced/classlib/trunk/modules/auth/src/main/java/common/org/apache/harmony/auth/module/Krb5LoginModule.java
Wed Sep  6 23:13:22 2006
@@ -16,6 +16,12 @@
 
 package org.apache.harmony.auth.module;
 
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.net.DatagramPacket;
+import java.net.DatagramSocket;
+import java.net.InetAddress;
+import java.net.UnknownHostException;
 import java.util.Map;
 
 import javax.security.auth.Subject;
@@ -23,8 +29,23 @@
 import javax.security.auth.login.LoginException;
 import javax.security.auth.spi.LoginModule;
 
+import org.apache.harmony.auth.internal.kerberos.v5.KDCRequest;
+import org.apache.harmony.auth.internal.kerberos.v5.KerberosErrorMessage;
+import org.apache.harmony.auth.internal.kerberos.v5.PrincipalName;
+import org.apache.harmony.security.asn1.DerInputStream;
+
 public class Krb5LoginModule implements LoginModule {
 
+    private static final int BUF_SIZE = 1024;
+
+    private static final String PRINCIPAL = "cname";
+
+    private static final String REALM = "realm";
+
+    private static final String KDC = "kdc";
+
+    private Map<String, ?> options;
+
     public boolean abort() throws LoginException {
         // TODO
         return false;
@@ -37,11 +58,70 @@
 
     public void initialize(Subject subject, CallbackHandler callbackHandler,
             Map<String, ?> sharedState, Map<String, ?> options) {
+
         // TODO
+        this.options = options;
     }
 
     public boolean login() throws LoginException {
-        // TODO
+        String kdc = (String) options.get(KDC);
+        String name = (String) options.get(PRINCIPAL);
+        String realm = (String) options.get(REALM);
+
+        if (name == null || realm == null || kdc == null) {
+            throw new LoginException();//FIXME check params
+        }
+
+        int port = 88;//default
+        int pos = kdc.indexOf(':');
+        if (pos != -1) {
+            port = Integer.parseInt(kdc.substring(pos + 1));
+            kdc = kdc.substring(0, pos);
+        }
+
+        PrincipalName cname = new PrincipalName(PrincipalName.NT_UNKNOWN,
+                new String[] { name });
+
+        KDCRequest request = KDCRequest.createASRequest(cname, realm);
+
+        try {
+            DatagramSocket socket = request.send(InetAddress.getByName(kdc),
+                    port);
+
+            ByteArrayOutputStream out = new ByteArrayOutputStream(BUF_SIZE);
+
+            byte[] buf = new byte[BUF_SIZE];
+
+            DatagramPacket resp = new DatagramPacket(buf, buf.length);
+
+            int bytesRead = BUF_SIZE;
+            while (bytesRead == BUF_SIZE) {
+                socket.receive(resp);
+
+                bytesRead = resp.getLength();
+                out.write(buf, resp.getOffset(), bytesRead);
+            }
+
+            DerInputStream in = new DerInputStream(out.toByteArray());
+
+            if (in.tag == 0) { //TODO AS reply
+                throw new RuntimeException();//FIXME
+            } else if (in.tag == KerberosErrorMessage.ASN1.constrId) {
+                KerberosErrorMessage errMsg = KerberosErrorMessage.decode(in);
+                throw new LoginException("Error code: " + errMsg.getErrorCode());
+            } else {
+                new LoginException(); //FIXME message
+            }
+
+        } catch (UnknownHostException e) {
+            LoginException ex = new LoginException();
+            ex.initCause(e);
+            throw ex;
+        } catch (IOException e) {
+            LoginException ex = new LoginException();
+            ex.initCause(e);
+            throw ex;
+        }
         return false;
     }
 

Modified: incubator/harmony/enhanced/classlib/trunk/modules/auth/src/test/java/common/org/apache/harmony/auth/tests/internal/kerberos/v5/KerberosErrorMessageTest.java
URL: http://svn.apache.org/viewvc/incubator/harmony/enhanced/classlib/trunk/modules/auth/src/test/java/common/org/apache/harmony/auth/tests/internal/kerberos/v5/KerberosErrorMessageTest.java?view=diff&rev=440989&r1=440988&r2=440989
==============================================================================
--- incubator/harmony/enhanced/classlib/trunk/modules/auth/src/test/java/common/org/apache/harmony/auth/tests/internal/kerberos/v5/KerberosErrorMessageTest.java
(original)
+++ incubator/harmony/enhanced/classlib/trunk/modules/auth/src/test/java/common/org/apache/harmony/auth/tests/internal/kerberos/v5/KerberosErrorMessageTest.java
Wed Sep  6 23:13:22 2006
@@ -52,7 +52,7 @@
     }
 
     // testing array was created by hands according to RFC4120
-    private static byte[] err_resp = new byte[] {
+    public static byte[] err_resp = new byte[] {
     // KRB-ERROR ::= [APPLICATION 30]
             (byte) 0x7e,
             (byte) 0x81,

Added: incubator/harmony/enhanced/classlib/trunk/modules/auth/src/test/java/common/org/apache/harmony/auth/tests/module/Krb5LoginModuleTest.java
URL: http://svn.apache.org/viewvc/incubator/harmony/enhanced/classlib/trunk/modules/auth/src/test/java/common/org/apache/harmony/auth/tests/module/Krb5LoginModuleTest.java?view=auto&rev=440989
==============================================================================
--- incubator/harmony/enhanced/classlib/trunk/modules/auth/src/test/java/common/org/apache/harmony/auth/tests/module/Krb5LoginModuleTest.java
(added)
+++ incubator/harmony/enhanced/classlib/trunk/modules/auth/src/test/java/common/org/apache/harmony/auth/tests/module/Krb5LoginModuleTest.java
Wed Sep  6 23:13:22 2006
@@ -0,0 +1,148 @@
+/*
+ *  Copyright 2006 The Apache Software Foundation or its licensors, as applicable.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+package org.apache.harmony.auth.tests.module;
+
+import java.io.IOException;
+import java.net.DatagramPacket;
+import java.net.DatagramSocket;
+import java.util.TreeMap;
+
+import javax.security.auth.login.LoginException;
+
+import junit.framework.TestCase;
+
+import org.apache.harmony.auth.module.Krb5LoginModule;
+import org.apache.harmony.auth.tests.internal.kerberos.v5.KerberosErrorMessageTest;
+
+public class Krb5LoginModuleTest extends TestCase {
+
+    private KrbServer server;
+
+    private TreeMap<String, String> options = new TreeMap<String, String>();
+
+    protected void setUp() throws Exception {
+
+        String kdc = System.getProperty("java.security.krb5.kdc");
+        if (kdc == null) {
+            // run test with embedded server
+            server = new KrbServer();
+
+            server.start();
+            while (server.port == 0) {
+            }
+
+            options.put("kdc", "localhost:" + server.port);
+        } else {
+            // run test with external server
+            options.put("kdc", kdc);
+        }
+    }
+
+    protected void tearDown() throws Exception {
+        if (server != null) {
+            server.interrupt();
+        }
+    }
+
+    /**
+     * @tests request ticket for absent user
+     */
+    public void test_login() throws Exception {
+
+        if (server != null) {
+            server.respond = KerberosErrorMessageTest.err_resp;
+        }
+
+        Krb5LoginModule module = new Krb5LoginModule();
+
+        options.put("cname", "no_such_user");
+        options.put("realm", "MY.REALM");
+
+        module.initialize(null, null, null, options);
+
+        try {
+            module.login();
+            fail("No expected LoginException");
+        } catch (LoginException e) {
+            System.out.println(e);
+        }
+    }
+
+    /**
+     * Embedded test server
+     */
+    static class KrbServer extends Thread {
+
+        private static boolean debug = false;
+
+        private static final int BUF_SIZE = 1024;
+
+        public int port;
+
+        public byte[] respond;
+
+        public void run() {
+
+            try {
+                DatagramSocket socket = new DatagramSocket();
+
+                port = socket.getLocalPort();
+
+                byte[] request = new byte[BUF_SIZE];
+                DatagramPacket packet = new DatagramPacket(request,
+                        request.length);
+
+                int bytesRead = BUF_SIZE;
+                while (bytesRead == BUF_SIZE) {
+                    socket.receive(packet);
+                    bytesRead = packet.getLength();
+                }
+
+                printAsHex(10, "(byte)", ",", request);
+
+                if (respond != null) {
+                    packet = new DatagramPacket(respond, respond.length, packet
+                            .getAddress(), packet.getPort());
+                    socket.send(packet);
+                }
+            } catch (IOException e) {
+                e.printStackTrace();
+            }
+        }
+
+        public static void printAsHex(int perLine, String prefix,
+                String delimiter, byte[] data) {
+
+            if (!debug) {
+                return;
+            }
+
+            for (int i = 0; i < data.length; i++) {
+                String tail = Integer.toHexString(0x000000ff & data[i]);
+                if (tail.length() == 1) {
+                    tail = "0" + tail;
+                }
+                System.out.print(prefix + "0x" + tail + delimiter);
+
+                if (((i + 1) % perLine) == 0) {
+                    System.out.println("");
+                }
+            }
+            System.out.println("");
+        }
+    }
+}

Propchange: incubator/harmony/enhanced/classlib/trunk/modules/auth/src/test/java/common/org/apache/harmony/auth/tests/module/Krb5LoginModuleTest.java
------------------------------------------------------------------------------
    svn:eol-style = native



Mime
View raw message