Modified: directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/AuthenticationServiceTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/AuthenticationServiceTest.java?rev=1443107&r1=1443106&r2=1443107&view=diff
==============================================================================
--- directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/AuthenticationServiceTest.java (original)
+++ directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/AuthenticationServiceTest.java Wed Feb 6 18:19:36 2013
@@ -24,10 +24,12 @@ import static org.junit.Assert.assertEqu
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
-import java.util.ArrayList;
-import java.util.List;
+import java.util.HashSet;
+import java.util.Set;
+
import javax.security.auth.kerberos.KerberosPrincipal;
+import org.apache.directory.server.kerberos.KerberosConfig;
import org.apache.directory.server.kerberos.kdc.KdcServer;
import org.apache.directory.server.kerberos.shared.crypto.encryption.CipherTextHandler;
import org.apache.directory.server.kerberos.shared.store.PrincipalStore;
@@ -56,7 +58,8 @@ import org.junit.Test;
*/
public class AuthenticationServiceTest extends AbstractAuthenticationServiceTest
{
- private KdcServer config;
+ private KerberosConfig config;
+ private KdcServer kdcServer;
private PrincipalStore store;
private KerberosProtocolHandler handler;
private KrbDummySession session;
@@ -68,9 +71,10 @@ public class AuthenticationServiceTest e
@Before
public void setUp()
{
- config = new KdcServer();
+ kdcServer = new KdcServer();
+ config = kdcServer.getConfig();
store = new MapPrincipalStoreImpl();
- handler = new KerberosProtocolHandler( config, store );
+ handler = new KerberosProtocolHandler( kdcServer, store );
session = new KrbDummySession();
lockBox = new CipherTextHandler();
}
@@ -82,7 +86,7 @@ public class AuthenticationServiceTest e
@After
public void shutDown()
{
- config.stop();
+ kdcServer.stop();
}
@@ -111,8 +115,7 @@ public class AuthenticationServiceTest e
KrbError error = ( KrbError ) session.getMessage();
- assertEquals( "Additional pre-authentication required", ErrorType.KDC_ERR_PREAUTH_REQUIRED,
- error.getErrorCode() );
+ assertEquals( "Additional pre-authentication required", ErrorType.KDC_ERR_PREAUTH_REQUIRED, error.getErrorCode() );
}
@@ -137,8 +140,7 @@ public class AuthenticationServiceTest e
Object msg = session.getMessage();
assertEquals( "session.getMessage() instanceOf", KrbError.class, msg.getClass() );
KrbError error = ( KrbError ) msg;
- assertEquals( "Requested protocol version number not supported", ErrorType.KDC_ERR_BAD_PVNO,
- error.getErrorCode() );
+ assertEquals( "Requested protocol version number not supported", ErrorType.KDC_ERR_BAD_PVNO, error.getErrorCode() );
}
@@ -193,8 +195,7 @@ public class AuthenticationServiceTest e
Object msg = session.getMessage();
assertEquals( "session.getMessage() instanceOf", KrbError.class, msg.getClass() );
KrbError error = ( KrbError ) msg;
- assertEquals( "Client not found in Kerberos database", ErrorType.KDC_ERR_C_PRINCIPAL_UNKNOWN,
- error.getErrorCode() );
+ assertEquals( "Client not found in Kerberos database", ErrorType.KDC_ERR_C_PRINCIPAL_UNKNOWN, error.getErrorCode() );
}
@@ -215,8 +216,8 @@ public class AuthenticationServiceTest e
kdcReqBody.setSName( getPrincipalName( "krbtgt/EXAMPLE.COM@EXAMPLE.COM" ) );
kdcReqBody.setRealm( "EXAMPLE.COM" );
- List<EncryptionType> encryptionTypes = new ArrayList<EncryptionType>();
- encryptionTypes.add( EncryptionType.DES3_CBC_MD5 );
+ Set<EncryptionType> encryptionTypes = new HashSet<EncryptionType>();
+ encryptionTypes.add( EncryptionType.RC4_HMAC );
kdcReqBody.setEType( encryptionTypes );
@@ -230,7 +231,7 @@ public class AuthenticationServiceTest e
KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
String passPhrase = "secret";
- PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase, config.getEncryptionTypes() );
+ PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase );
KdcReq message = new AsReq();
message.setKdcReqBody( kdcReqBody );
@@ -266,7 +267,7 @@ public class AuthenticationServiceTest e
KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
String passPhrase = "secret";
- PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase, config.getEncryptionTypes() );
+ PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase );
KdcReq message = new AsReq();
message.setKdcReqBody( kdcReqBody );
@@ -281,8 +282,7 @@ public class AuthenticationServiceTest e
Object msg = session.getMessage();
assertEquals( "session.getMessage() instanceOf", KrbError.class, msg.getClass() );
KrbError error = ( KrbError ) msg;
- assertEquals( "Server not found in Kerberos database", ErrorType.KDC_ERR_S_PRINCIPAL_UNKNOWN,
- error.getErrorCode() );
+ assertEquals( "Server not found in Kerberos database", ErrorType.KDC_ERR_S_PRINCIPAL_UNKNOWN, error.getErrorCode() );
}
@@ -329,7 +329,7 @@ public class AuthenticationServiceTest e
KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
String passPhrase = "secret";
- PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase, config.getEncryptionTypes() );
+ PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase );
KdcReq message = new AsReq();
message.setKdcReqBody( kdcReqBody );
@@ -379,7 +379,7 @@ public class AuthenticationServiceTest e
KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
String passPhrase = "secret";
- PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase, config.getEncryptionTypes() );
+ PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase );
KdcReq message = new AsReq();
message.setKdcReqBody( kdcReqBody );
@@ -436,7 +436,7 @@ public class AuthenticationServiceTest e
KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
String passPhrase = "secret";
- PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase, config.getEncryptionTypes() );
+ PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase );
KdcReq message = new AsReq();
message.setKdcReqBody( kdcReqBody );
@@ -493,7 +493,7 @@ public class AuthenticationServiceTest e
KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
String passPhrase = "secret";
- PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase, config.getEncryptionTypes() );
+ PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase );
KdcReq message = new AsReq();
message.setKdcReqBody( kdcReqBody );
@@ -549,7 +549,7 @@ public class AuthenticationServiceTest e
KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
String passPhrase = "secret";
- PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase, config.getEncryptionTypes() );
+ PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase );
KdcReq message = new AsReq();
message.setKdcReqBody( kdcReqBody );
@@ -564,8 +564,7 @@ public class AuthenticationServiceTest e
Object msg = session.getMessage();
assertEquals( "session.getMessage() instanceOf", KrbError.class, msg.getClass() );
KrbError error = ( KrbError ) msg;
- assertEquals( "Requested start time is later than end time", ErrorType.KDC_ERR_NEVER_VALID,
- error.getErrorCode() );
+ assertEquals( "Requested start time is later than end time", ErrorType.KDC_ERR_NEVER_VALID, error.getErrorCode() );
}
@@ -596,12 +595,12 @@ public class AuthenticationServiceTest e
KerberosTime requestedStartTime = new KerberosTime( now );
kdcReqBody.setFrom( requestedStartTime );
- KerberosTime requestedEndTime = new KerberosTime( now + 4 * KerberosTime.MINUTE );
+ KerberosTime requestedEndTime = new KerberosTime( now + 3 * KerberosTime.MINUTE );
kdcReqBody.setTill( requestedEndTime );
KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
String passPhrase = "secret";
- PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase, config.getEncryptionTypes() );
+ PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase );
KdcReq message = new AsReq();
message.setKdcReqBody( kdcReqBody );
@@ -616,8 +615,7 @@ public class AuthenticationServiceTest e
Object msg = session.getMessage();
assertEquals( "session.getMessage() instanceOf", KrbError.class, msg.getClass() );
KrbError error = ( KrbError ) msg;
- assertEquals( "Requested start time is later than end time", ErrorType.KDC_ERR_NEVER_VALID,
- error.getErrorCode() );
+ assertEquals( "Requested start time is later than end time", ErrorType.KDC_ERR_NEVER_VALID, error.getErrorCode() );
}
@@ -652,7 +650,7 @@ public class AuthenticationServiceTest e
KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
String passPhrase = "secret";
- PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase, config.getEncryptionTypes() );
+ PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase );
KdcReq message = new AsReq();
message.setKdcReqBody( kdcReqBody );
@@ -714,7 +712,7 @@ public class AuthenticationServiceTest e
KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
String passPhrase = "secret";
- PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase, config.getEncryptionTypes() );
+ PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase );
KdcReq message = new AsReq();
message.setKdcReqBody( kdcReqBody );
@@ -735,8 +733,7 @@ public class AuthenticationServiceTest e
assertTrue( "POSTDATED flag", reply.getFlags().isPostdated() );
assertTrue( "INVALID flag", reply.getFlags().isInvalid() );
- assertTrue( "Requested start time",
- requestedStartTime.equals( reply.getTicket().getEncTicketPart().getStartTime() ) );
+ assertTrue( "Requested start time", requestedStartTime.equals( reply.getTicket().getEncTicketPart().getStartTime() ) );
assertTrue( "Requested end time", requestedEndTime.equals( reply.getEndTime() ) );
assertTrue( "POSTDATED flag", reply.getTicket().getEncTicketPart().getFlags().isPostdated() );
assertTrue( "INVALID flag", reply.getTicket().getEncTicketPart().getFlags().isInvalid() );
@@ -774,7 +771,7 @@ public class AuthenticationServiceTest e
KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
String passPhrase = "secret";
- PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase, config.getEncryptionTypes() );
+ PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase );
KdcReq message = new AsReq();
message.setKdcReqBody( kdcReqBody );
@@ -826,7 +823,7 @@ public class AuthenticationServiceTest e
KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
String passPhrase = "secret";
- PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase, config.getEncryptionTypes() );
+ PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase );
KdcReq message = new AsReq();
message.setKdcReqBody( kdcReqBody );
@@ -873,7 +870,7 @@ public class AuthenticationServiceTest e
KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
String passPhrase = "secret";
- PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase, config.getEncryptionTypes() );
+ PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase );
KdcReq message = new AsReq();
message.setKdcReqBody( kdcReqBody );
@@ -921,7 +918,7 @@ public class AuthenticationServiceTest e
KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
String passPhrase = "secret";
- PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase, config.getEncryptionTypes() );
+ PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase );
KdcReq message = new AsReq();
message.setKdcReqBody( kdcReqBody );
@@ -982,7 +979,7 @@ public class AuthenticationServiceTest e
KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
String passPhrase = "secret";
- PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase, config.getEncryptionTypes() );
+ PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase );
KdcReq message = new AsReq();
message.setKdcReqBody( kdcReqBody );
@@ -1040,7 +1037,7 @@ public class AuthenticationServiceTest e
KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
String passPhrase = "secret";
- PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase, config.getEncryptionTypes() );
+ PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase );
KdcReq message = new AsReq();
message.setKdcReqBody( kdcReqBody );
@@ -1093,7 +1090,7 @@ public class AuthenticationServiceTest e
KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
String passPhrase = "secret";
- PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase, config.getEncryptionTypes() );
+ PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase );
KdcReq message = new AsReq();
message.setKdcReqBody( kdcReqBody );
@@ -1146,7 +1143,7 @@ public class AuthenticationServiceTest e
KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
String passPhrase = "secret";
- PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase, config.getEncryptionTypes() );
+ PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase );
KdcReq message = new AsReq();
message.setKdcReqBody( kdcReqBody );
@@ -1205,7 +1202,7 @@ public class AuthenticationServiceTest e
KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
String passPhrase = "secret";
- PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase, config.getEncryptionTypes() );
+ PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase );
KdcReq message = new AsReq();
message.setKdcReqBody( kdcReqBody );
@@ -1267,7 +1264,7 @@ public class AuthenticationServiceTest e
KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
String passPhrase = "secret";
- PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase, config.getEncryptionTypes() );
+ PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase );
KdcReq message = new AsReq();
message.setKdcReqBody( kdcReqBody );
@@ -1321,7 +1318,7 @@ public class AuthenticationServiceTest e
KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
String passPhrase = "secret";
- PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase, config.getEncryptionTypes() );
+ PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase );
KdcReq message = new AsReq();
message.setKdcReqBody( kdcReqBody );
@@ -1366,7 +1363,7 @@ public class AuthenticationServiceTest e
KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
String passPhrase = "secret";
- PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase, config.getEncryptionTypes() );
+ PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase );
KdcReq message = new AsReq();
message.setKdcReqBody( kdcReqBody );
@@ -1411,7 +1408,7 @@ public class AuthenticationServiceTest e
KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
String passPhrase = "secret";
- PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase, config.getEncryptionTypes() );
+ PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase );
KdcReq message = new AsReq();
message.setKdcReqBody( kdcReqBody );
@@ -1456,7 +1453,7 @@ public class AuthenticationServiceTest e
KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
String passPhrase = "secret";
- PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase, config.getEncryptionTypes() );
+ PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase );
KdcReq message = new AsReq();
message.setKdcReqBody( kdcReqBody );
@@ -1501,7 +1498,7 @@ public class AuthenticationServiceTest e
KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
String passPhrase = "secret";
- PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase, config.getEncryptionTypes() );
+ PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase );
KdcReq message = new AsReq();
message.setKdcReqBody( kdcReqBody );
Modified: directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/EncTktInSkeyTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/EncTktInSkeyTest.java?rev=1443107&r1=1443106&r2=1443107&view=diff
==============================================================================
--- directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/EncTktInSkeyTest.java (original)
+++ directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/EncTktInSkeyTest.java Wed Feb 6 18:19:36 2013
@@ -24,6 +24,7 @@ import static org.junit.Assert.assertEqu
import javax.security.auth.kerberos.KerberosPrincipal;
+import org.apache.directory.server.kerberos.KerberosConfig;
import org.apache.directory.server.kerberos.kdc.KdcServer;
import org.apache.directory.server.kerberos.protocol.AbstractAuthenticationServiceTest.KrbDummySession;
import org.apache.directory.server.kerberos.shared.crypto.encryption.CipherTextHandler;
@@ -50,7 +51,8 @@ import org.junit.Test;
*/
public class EncTktInSkeyTest extends AbstractTicketGrantingServiceTest
{
- private KdcServer config;
+ private KerberosConfig config;
+ private KdcServer kdcServer;
private PrincipalStore store;
private KerberosProtocolHandler handler;
private KrbDummySession session;
@@ -62,7 +64,8 @@ public class EncTktInSkeyTest extends Ab
@Before
public void setUp()
{
- config = new KdcServer();
+ kdcServer = new KdcServer();
+ config = kdcServer.getConfig();
/*
* Body checksum verification must be disabled because we are bypassing
@@ -71,7 +74,7 @@ public class EncTktInSkeyTest extends Ab
config.setBodyChecksumVerified( false );
store = new MapPrincipalStoreImpl();
- handler = new KerberosProtocolHandler( config, store );
+ handler = new KerberosProtocolHandler( kdcServer, store );
session = new KrbDummySession();
lockBox = new CipherTextHandler();
}
@@ -83,7 +86,7 @@ public class EncTktInSkeyTest extends Ab
@After
public void shutDown()
{
- config.stop();
+ kdcServer.stop();
}
Modified: directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/MapPrincipalStoreImpl.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/MapPrincipalStoreImpl.java?rev=1443107&r1=1443106&r2=1443107&view=diff
==============================================================================
--- directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/MapPrincipalStoreImpl.java (original)
+++ directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/MapPrincipalStoreImpl.java Wed Feb 6 18:19:36 2013
@@ -25,6 +25,7 @@ import java.util.Map;
import javax.security.auth.kerberos.KerberosPrincipal;
+import org.apache.directory.server.kerberos.changepwd.exceptions.ChangePasswordException;
import org.apache.directory.server.kerberos.shared.crypto.encryption.KerberosKeyFactory;
import org.apache.directory.server.kerberos.shared.store.PrincipalStore;
import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntry;
@@ -79,9 +80,8 @@ public class MapPrincipalStoreImpl imple
}
- public String changePassword( KerberosPrincipal principal, String newPassword ) throws Exception
+ public void changePassword( KerberosPrincipal byPrincipal, KerberosPrincipal forPrincipal, String newPassword, boolean isInitialTicket ) throws ChangePasswordException
{
- return null;
}
Modified: directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/PreAuthenticationTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/PreAuthenticationTest.java?rev=1443107&r1=1443106&r2=1443107&view=diff
==============================================================================
--- directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/PreAuthenticationTest.java (original)
+++ directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/PreAuthenticationTest.java Wed Feb 6 18:19:36 2013
@@ -23,10 +23,10 @@ package org.apache.directory.server.kerb
import static org.junit.Assert.assertEquals;
import java.nio.ByteBuffer;
-import java.util.ArrayList;
-import java.util.List;
+
import javax.security.auth.kerberos.KerberosPrincipal;
+import org.apache.directory.server.kerberos.KerberosConfig;
import org.apache.directory.server.kerberos.kdc.KdcServer;
import org.apache.directory.server.kerberos.shared.crypto.encryption.CipherTextHandler;
import org.apache.directory.server.kerberos.shared.crypto.encryption.KeyUsage;
@@ -57,7 +57,8 @@ import org.junit.Test;
*/
public class PreAuthenticationTest extends AbstractAuthenticationServiceTest
{
- private KdcServer config;
+ private KerberosConfig config;
+ private KdcServer kdcServer;
private PrincipalStore store;
private KerberosProtocolHandler handler;
private KrbDummySession session;
@@ -69,15 +70,10 @@ public class PreAuthenticationTest exten
@Before
public void setUp()
{
- List<EncryptionType> encryptionTypes = new ArrayList<EncryptionType>();
- encryptionTypes.add( EncryptionType.AES128_CTS_HMAC_SHA1_96 );
-
- config = new KdcServer();
-
- config.setEncryptionTypes( encryptionTypes );
-
- store = new MapPrincipalStoreImpl();
- handler = new KerberosProtocolHandler( config, store );
+ kdcServer = new KdcServer();
+ config = kdcServer.getConfig();
+ store = new MapPrincipalStoreImpl();
+ handler = new KerberosProtocolHandler( kdcServer, store );
session = new KrbDummySession();
lockBox = new CipherTextHandler();
}
@@ -89,7 +85,7 @@ public class PreAuthenticationTest exten
@After
public void shutDown()
{
- config.stop();
+ kdcServer.stop();
}
@@ -155,7 +151,7 @@ public class PreAuthenticationTest exten
KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
String passPhrase = "badpassword";
- PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase, config.getEncryptionTypes() );
+ PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase );
KdcReq message = new AsReq();
message.setKdcReqBody( kdcReqBody );
@@ -202,7 +198,7 @@ public class PreAuthenticationTest exten
KerberosTime timeStamp = new KerberosTime( 0 );
String passPhrase = "secret";
- PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase, timeStamp, config.getEncryptionTypes() );
+ PaData[] paDatas = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase, timeStamp );
KdcReq message = new AsReq();
message.setKdcReqBody( kdcReqBody );
@@ -224,8 +220,9 @@ public class PreAuthenticationTest exten
/**
- * Tests when pre-authentication is included that is not supported by the KDC, that
- * the correct error message is returned.
+ * Tests when pre-authentication is included that is not supported by the KDC.
+ * The server will ignore the unsupported pre-authentication type and returns the
+ * error related pre-auth requirement
*
* @throws Exception
*/
@@ -263,7 +260,7 @@ public class PreAuthenticationTest exten
assertEquals( "session.getMessage() instanceOf", KrbError.class, msg.getClass() );
KrbError error = ( KrbError ) msg;
- assertEquals( "KDC has no support for padata type", ErrorType.KDC_ERR_PADATA_TYPE_NOSUPP, error.getErrorCode() );
+ assertEquals( "ignores unknown pre-auth type and expects PA_ENC_TMSTMP pre-auth", ErrorType.KDC_ERR_PREAUTH_REQUIRED, error.getErrorCode() );
}
@@ -306,10 +303,9 @@ public class PreAuthenticationTest exten
PaEncTsEnc encryptedTimeStamp = new PaEncTsEnc( timeStamp, 0 );
- EncryptionKey clientKey = getEncryptionKey( clientPrincipal, passPhrase, config.getEncryptionTypes() );
+ EncryptionKey clientKey = getEncryptionKey( clientPrincipal, passPhrase );
- EncryptedData encryptedData = lockBox.seal( clientKey, encryptedTimeStamp,
- KeyUsage.AS_REQ_PA_ENC_TIMESTAMP_WITH_CKEY );
+ EncryptedData encryptedData = lockBox.seal( clientKey, encryptedTimeStamp, KeyUsage.AS_REQ_PA_ENC_TIMESTAMP_WITH_CKEY );
ByteBuffer buffer = ByteBuffer.allocate( encryptedData.computeLength() );
byte[] encodedEncryptedData = encryptedData.encode( buffer ).array();
Modified: directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/TicketGrantingEncryptionTypeTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/TicketGrantingEncryptionTypeTest.java?rev=1443107&r1=1443106&r2=1443107&view=diff
==============================================================================
--- directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/TicketGrantingEncryptionTypeTest.java (original)
+++ directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/TicketGrantingEncryptionTypeTest.java Wed Feb 6 18:19:36 2013
@@ -22,14 +22,13 @@ package org.apache.directory.server.kerb
import static org.junit.Assert.assertEquals;
-import java.util.ArrayList;
import java.util.HashSet;
-import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.security.auth.kerberos.KerberosPrincipal;
+import org.apache.directory.server.kerberos.KerberosConfig;
import org.apache.directory.server.kerberos.kdc.KdcServer;
import org.apache.directory.server.kerberos.protocol.AbstractAuthenticationServiceTest.KrbDummySession;
import org.apache.directory.server.kerberos.shared.crypto.encryption.CipherTextHandler;
@@ -48,6 +47,7 @@ import org.apache.directory.shared.kerbe
import org.apache.directory.shared.kerberos.messages.Ticket;
import org.junit.After;
import org.junit.Before;
+import org.junit.Ignore;
import org.junit.Test;
@@ -58,7 +58,8 @@ import org.junit.Test;
*/
public class TicketGrantingEncryptionTypeTest extends AbstractTicketGrantingServiceTest
{
- private KdcServer config;
+ private KerberosConfig config;
+ private KdcServer kdcServer;
private PrincipalStore store;
private KerberosProtocolHandler handler;
private KrbDummySession session;
@@ -70,7 +71,8 @@ public class TicketGrantingEncryptionTyp
@Before
public void setUp()
{
- config = new KdcServer();
+ kdcServer = new KdcServer();
+ config = kdcServer.getConfig();
/*
* Body checksum verification must be disabled because we are bypassing
@@ -79,7 +81,7 @@ public class TicketGrantingEncryptionTyp
config.setBodyChecksumVerified( false );
store = new MapPrincipalStoreImpl();
- handler = new KerberosProtocolHandler( config, store );
+ handler = new KerberosProtocolHandler( kdcServer, store );
session = new KrbDummySession();
lockBox = new CipherTextHandler();
}
@@ -91,7 +93,7 @@ public class TicketGrantingEncryptionTyp
@After
public void shutDown()
{
- config.stop();
+ kdcServer.stop();
}
@@ -101,6 +103,7 @@ public class TicketGrantingEncryptionTyp
* @throws Exception
*/
@Test
+ @Ignore( "uses DES but the encryption key is generated in AbstractAuthenticationServiceTest always uses AES" )
public void testRequestDesCbcMd5() throws Exception
{
// Get the mutable ticket part.
@@ -117,7 +120,7 @@ public class TicketGrantingEncryptionTyp
kdcReqBody.setSName( new PrincipalName( new KerberosPrincipal( "ldap/ldap.example.com@EXAMPLE.COM" ) ) );
kdcReqBody.setRealm( "EXAMPLE.COM" );
- List<EncryptionType> encryptionTypes = new ArrayList<EncryptionType>();
+ Set<EncryptionType> encryptionTypes = new HashSet<EncryptionType>();
encryptionTypes.add( EncryptionType.DES_CBC_MD5 );
kdcReqBody.setEType( encryptionTypes );
@@ -153,7 +156,7 @@ public class TicketGrantingEncryptionTyp
public void testRequestAes128() throws Exception
{
EncryptionType[] configuredEncryptionTypes =
- { EncryptionType.AES128_CTS_HMAC_SHA1_96 };
+ {EncryptionType.AES128_CTS_HMAC_SHA1_96};
config.setEncryptionTypes( configuredEncryptionTypes );
// Get the mutable ticket part.
@@ -170,7 +173,7 @@ public class TicketGrantingEncryptionTyp
kdcReqBody.setSName( getPrincipalName( "ldap/ldap.example.com@EXAMPLE.COM" ) );
kdcReqBody.setRealm( "EXAMPLE.COM" );
- List<EncryptionType> encryptionTypes = new ArrayList<EncryptionType>();
+ Set<EncryptionType> encryptionTypes = new HashSet<EncryptionType>();
encryptionTypes.add( EncryptionType.AES128_CTS_HMAC_SHA1_96 );
kdcReqBody.setEType( encryptionTypes );
@@ -192,9 +195,9 @@ public class TicketGrantingEncryptionTyp
assertEquals( "session.getMessage() instanceOf", TgsRep.class, msg.getClass() );
TgsRep reply = ( TgsRep ) msg;
- assertEquals( "Encryption type", EncryptionType.DES_CBC_MD5, reply.getEncPart().getEType() );
+ assertEquals( "Encryption type", EncryptionType.AES128_CTS_HMAC_SHA1_96, reply.getEncPart().getEType() );
assertEquals( "Encryption type", EncryptionType.AES128_CTS_HMAC_SHA1_96, reply.getTicket().getEncPart()
- .getEType() );
+ .getEType() );
}
@@ -236,7 +239,7 @@ public class TicketGrantingEncryptionTyp
kdcReqBody.setSName( getPrincipalName( "ldap/ldap.example.com@EXAMPLE.COM" ) );
kdcReqBody.setRealm( "EXAMPLE.COM" );
- List<EncryptionType> encryptionTypes = new ArrayList<EncryptionType>();
+ Set<EncryptionType> encryptionTypes = new HashSet<EncryptionType>();
encryptionTypes.add( EncryptionType.AES128_CTS_HMAC_SHA1_96 );
kdcReqBody.setEType( encryptionTypes );
@@ -301,7 +304,7 @@ public class TicketGrantingEncryptionTyp
kdcReqBody.setSName( getPrincipalName( "ldap/ldap.example.com@EXAMPLE.COM" ) );
kdcReqBody.setRealm( "EXAMPLE.COM" );
- List<EncryptionType> encryptionTypes = new ArrayList<EncryptionType>();
+ Set<EncryptionType> encryptionTypes = new HashSet<EncryptionType>();
encryptionTypes.add( EncryptionType.AES128_CTS_HMAC_SHA1_96 );
kdcReqBody.setEType( encryptionTypes );
@@ -369,7 +372,7 @@ public class TicketGrantingEncryptionTyp
kdcReqBody.setSName( getPrincipalName( "ldap/ldap.example.com@EXAMPLE.COM" ) );
kdcReqBody.setRealm( "EXAMPLE.COM" );
- List<EncryptionType> encryptionTypes = new ArrayList<EncryptionType>();
+ Set<EncryptionType> encryptionTypes = new HashSet<EncryptionType>();
encryptionTypes.add( EncryptionType.AES128_CTS_HMAC_SHA1_96 );
kdcReqBody.setEType( encryptionTypes );
@@ -435,7 +438,7 @@ public class TicketGrantingEncryptionTyp
kdcReqBody.setSName( getPrincipalName( "ldap/ldap.example.com@EXAMPLE.COM" ) );
kdcReqBody.setRealm( "EXAMPLE.COM" );
- List<EncryptionType> encryptionTypes = new ArrayList<EncryptionType>();
+ Set<EncryptionType> encryptionTypes = new HashSet<EncryptionType>();
encryptionTypes.add( EncryptionType.AES128_CTS_HMAC_SHA1_96 );
kdcReqBody.setEType( encryptionTypes );
Modified: directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/TicketGrantingPolicyTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/TicketGrantingPolicyTest.java?rev=1443107&r1=1443106&r2=1443107&view=diff
==============================================================================
--- directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/TicketGrantingPolicyTest.java (original)
+++ directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/TicketGrantingPolicyTest.java Wed Feb 6 18:19:36 2013
@@ -27,6 +27,7 @@ import java.net.InetAddress;
import javax.security.auth.kerberos.KerberosPrincipal;
+import org.apache.directory.server.kerberos.KerberosConfig;
import org.apache.directory.server.kerberos.kdc.KdcServer;
import org.apache.directory.server.kerberos.protocol.AbstractAuthenticationServiceTest.KrbDummySession;
import org.apache.directory.server.kerberos.shared.crypto.encryption.CipherTextHandler;
@@ -55,7 +56,8 @@ import org.junit.Test;
*/
public class TicketGrantingPolicyTest extends AbstractTicketGrantingServiceTest
{
- private KdcServer config;
+ private KerberosConfig config;
+ private KdcServer kdcServer;
private PrincipalStore store;
private KerberosProtocolHandler handler;
private KrbDummySession session;
@@ -67,7 +69,8 @@ public class TicketGrantingPolicyTest ex
@Before
public void setUp() throws IOException
{
- config = new KdcServer();
+ kdcServer = new KdcServer();
+ config = kdcServer.getConfig();
/*
* Body checksum verification must be disabled because we are bypassing
@@ -76,7 +79,7 @@ public class TicketGrantingPolicyTest ex
config.setBodyChecksumVerified( false );
store = new MapPrincipalStoreImpl();
- handler = new KerberosProtocolHandler( config, store );
+ handler = new KerberosProtocolHandler( kdcServer, store );
session = new KrbDummySession();
lockBox = new CipherTextHandler();
}
@@ -88,7 +91,7 @@ public class TicketGrantingPolicyTest ex
@After
public void shutDown()
{
- config.stop();
+ kdcServer.stop();
}
Modified: directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/TicketGrantingServiceTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/TicketGrantingServiceTest.java?rev=1443107&r1=1443106&r2=1443107&view=diff
==============================================================================
--- directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/TicketGrantingServiceTest.java (original)
+++ directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/TicketGrantingServiceTest.java Wed Feb 6 18:19:36 2013
@@ -26,10 +26,12 @@ import static org.junit.Assert.assertNot
import static org.junit.Assert.assertTrue;
import java.net.InetAddress;
-import java.util.ArrayList;
-import java.util.List;
+import java.util.HashSet;
+import java.util.Set;
+
import javax.security.auth.kerberos.KerberosPrincipal;
+import org.apache.directory.server.kerberos.KerberosConfig;
import org.apache.directory.server.kerberos.kdc.KdcServer;
import org.apache.directory.server.kerberos.protocol.AbstractAuthenticationServiceTest.KrbDummySession;
import org.apache.directory.server.kerberos.shared.crypto.encryption.CipherTextHandler;
@@ -60,7 +62,8 @@ import org.junit.Test;
public class TicketGrantingServiceTest extends AbstractTicketGrantingServiceTest
{
- private KdcServer config;
+ private KerberosConfig config;
+ private KdcServer kdcServer;
private PrincipalStore store;
private KerberosProtocolHandler handler;
private KrbDummySession session;
@@ -72,7 +75,8 @@ public class TicketGrantingServiceTest e
@Before
public void setUp()
{
- config = new KdcServer();
+ kdcServer = new KdcServer();
+ config = kdcServer.getConfig();
/*
* Body checksum verification must be disabled because we are bypassing
@@ -81,7 +85,7 @@ public class TicketGrantingServiceTest e
config.setBodyChecksumVerified( false );
store = new MapPrincipalStoreImpl();
- handler = new KerberosProtocolHandler( config, store );
+ handler = new KerberosProtocolHandler( kdcServer, store );
session = new KrbDummySession();
lockBox = new CipherTextHandler();
}
@@ -93,7 +97,7 @@ public class TicketGrantingServiceTest e
@After
public void shutDown()
{
- config.stop();
+ kdcServer.stop();
}
@@ -163,8 +167,7 @@ public class TicketGrantingServiceTest e
Object msg = session.getMessage();
assertEquals( "session.getMessage() instanceOf", KrbError.class, msg.getClass() );
KrbError error = ( KrbError ) msg;
- assertEquals( "Requested protocol version number not supported", ErrorType.KDC_ERR_BAD_PVNO,
- error.getErrorCode() );
+ assertEquals( "Requested protocol version number not supported", ErrorType.KDC_ERR_BAD_PVNO, error.getErrorCode() );
}
@@ -203,8 +206,7 @@ public class TicketGrantingServiceTest e
Object msg = session.getMessage();
assertEquals( "session.getMessage() instanceOf", KrbError.class, msg.getClass() );
KrbError error = ( KrbError ) msg;
- assertEquals( "Server not found in Kerberos database", ErrorType.KDC_ERR_S_PRINCIPAL_UNKNOWN,
- error.getErrorCode() );
+ assertEquals( "Server not found in Kerberos database", ErrorType.KDC_ERR_S_PRINCIPAL_UNKNOWN, error.getErrorCode() );
}
@@ -297,8 +299,7 @@ public class TicketGrantingServiceTest e
Object msg = session.getMessage();
assertEquals( "session.getMessage() instanceOf", KrbError.class, msg.getClass() );
KrbError error = ( KrbError ) msg;
- assertEquals( "Inappropriate type of checksum in message", ErrorType.KRB_AP_ERR_INAPP_CKSUM,
- error.getErrorCode() );
+ assertEquals( "Inappropriate type of checksum in message", ErrorType.KRB_AP_ERR_INAPP_CKSUM, error.getErrorCode() );
}
@@ -389,6 +390,7 @@ public class TicketGrantingServiceTest e
*
* @throws Exception
*/
+ @Ignore( "with the introduction of cross-realm auth this test is invalid" )
@Test
public void testNotUs() throws Exception
{
@@ -858,7 +860,7 @@ public class TicketGrantingServiceTest e
kdcReqBody.setSName( getPrincipalName( "krbtgt/EXAMPLE.COM@EXAMPLE.COM" ) );
kdcReqBody.setRealm( "EXAMPLE.COM" );
- List<EncryptionType> encryptionTypes = new ArrayList<EncryptionType>();
+ Set<EncryptionType> encryptionTypes = new HashSet<EncryptionType>();
encryptionTypes.add( EncryptionType.DES3_CBC_MD5 );
kdcReqBody.setEType( encryptionTypes );
@@ -1144,8 +1146,7 @@ public class TicketGrantingServiceTest e
Object msg = session.getMessage();
assertEquals( "session.getMessage() instanceOf", KrbError.class, msg.getClass() );
KrbError error = ( KrbError ) session.getMessage();
- assertEquals( "Requested start time is later than end time", ErrorType.KDC_ERR_NEVER_VALID,
- error.getErrorCode() );
+ assertEquals( "Requested start time is later than end time", ErrorType.KDC_ERR_NEVER_VALID, error.getErrorCode() );
}
@@ -1200,8 +1201,7 @@ public class TicketGrantingServiceTest e
Object msg = session.getMessage();
assertEquals( "session.getMessage() instanceOf", KrbError.class, msg.getClass() );
KrbError error = ( KrbError ) session.getMessage();
- assertEquals( "Requested start time is later than end time", ErrorType.KDC_ERR_NEVER_VALID,
- error.getErrorCode() );
+ assertEquals( "Requested start time is later than end time", ErrorType.KDC_ERR_NEVER_VALID, error.getErrorCode() );
}
@@ -1327,8 +1327,7 @@ public class TicketGrantingServiceTest e
assertTrue( "POSTDATED flag", reply.getFlags().isPostdated() );
assertTrue( "INVALID flag", reply.getFlags().isInvalid() );
- assertTrue( "Requested start time",
- requestedStartTime.equals( reply.getTicket().getEncTicketPart().getStartTime() ) );
+ assertTrue( "Requested start time", requestedStartTime.equals( reply.getTicket().getEncTicketPart().getStartTime() ) );
assertTrue( "Requested end time", requestedEndTime.equals( reply.getEndTime() ) );
assertTrue( "POSTDATED flag", reply.getTicket().getEncTicketPart().getFlags().isPostdated() );
assertTrue( "INVALID flag", reply.getTicket().getEncTicketPart().getFlags().isInvalid() );
Modified: directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/gssapi/GssapiCallbackHandler.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/gssapi/GssapiCallbackHandler.java?rev=1443107&r1=1443106&r2=1443107&view=diff
==============================================================================
--- directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/gssapi/GssapiCallbackHandler.java (original)
+++ directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/gssapi/GssapiCallbackHandler.java Wed Feb 6 18:19:36 2013
@@ -32,7 +32,7 @@ import org.apache.directory.api.util.Str
import org.apache.directory.server.core.api.CoreSession;
import org.apache.directory.server.core.api.LdapPrincipal;
import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntry;
-import org.apache.directory.server.kerberos.shared.store.operations.GetPrincipal;
+import org.apache.directory.server.protocol.shared.kerberos.GetPrincipal;
import org.apache.directory.server.ldap.LdapSession;
import org.apache.directory.server.ldap.handlers.bind.AbstractSaslCallbackHandler;
import org.apache.directory.server.ldap.handlers.bind.SaslConstants;
Modified: directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/gssapi/GssapiMechanismHandler.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/gssapi/GssapiMechanismHandler.java?rev=1443107&r1=1443106&r2=1443107&view=diff
==============================================================================
--- directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/gssapi/GssapiMechanismHandler.java (original)
+++ directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/bind/gssapi/GssapiMechanismHandler.java Wed Feb 6 18:19:36 2013
@@ -37,7 +37,7 @@ import org.apache.directory.api.ldap.mod
import org.apache.directory.server.core.api.CoreSession;
import org.apache.directory.server.i18n.I18n;
import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntry;
-import org.apache.directory.server.kerberos.shared.store.operations.GetPrincipal;
+import org.apache.directory.server.protocol.shared.kerberos.GetPrincipal;
import org.apache.directory.server.ldap.LdapServer;
import org.apache.directory.server.ldap.LdapSession;
import org.apache.directory.server.ldap.handlers.bind.AbstractMechanismHandler;
Modified: directory/apacheds/trunk/protocol-shared/pom.xml
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-shared/pom.xml?rev=1443107&r1=1443106&r2=1443107&view=diff
==============================================================================
--- directory/apacheds/trunk/protocol-shared/pom.xml (original)
+++ directory/apacheds/trunk/protocol-shared/pom.xml Wed Feb 6 18:19:36 2013
@@ -53,6 +53,11 @@
<groupId>org.apache.directory.api</groupId>
<artifactId>api-ldap-model</artifactId>
</dependency>
+
+ <dependency>
+ <groupId>${project.groupId}</groupId>
+ <artifactId>apacheds-kerberos-codec</artifactId>
+ </dependency>
</dependencies>
<build>
Added: directory/apacheds/trunk/protocol-shared/src/main/java/org/apache/directory/server/protocol/shared/kerberos/GetPrincipal.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-shared/src/main/java/org/apache/directory/server/protocol/shared/kerberos/GetPrincipal.java?rev=1443107&view=auto
==============================================================================
--- directory/apacheds/trunk/protocol-shared/src/main/java/org/apache/directory/server/protocol/shared/kerberos/GetPrincipal.java (added)
+++ directory/apacheds/trunk/protocol-shared/src/main/java/org/apache/directory/server/protocol/shared/kerberos/GetPrincipal.java Wed Feb 6 18:19:36 2013
@@ -0,0 +1,151 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.server.protocol.shared.kerberos;
+
+
+import java.text.ParseException;
+import java.util.Map;
+
+import javax.security.auth.kerberos.KerberosPrincipal;
+
+import org.apache.directory.server.core.api.CoreSession;
+import org.apache.directory.server.i18n.I18n;
+import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntry;
+import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntryModifier;
+import org.apache.directory.shared.kerberos.KerberosAttribute;
+import org.apache.directory.shared.kerberos.KerberosTime;
+import org.apache.directory.shared.kerberos.codec.types.EncryptionType;
+import org.apache.directory.shared.kerberos.codec.types.PrincipalNameType;
+import org.apache.directory.shared.kerberos.codec.types.SamType;
+import org.apache.directory.shared.kerberos.components.EncryptionKey;
+import org.apache.directory.shared.kerberos.exceptions.KerberosException;
+import org.apache.directory.api.ldap.model.entry.Attribute;
+import org.apache.directory.api.ldap.model.entry.Entry;
+import org.apache.directory.api.ldap.model.name.Dn;
+
+
+/**
+ * Encapsulates the action of looking up a principal in an embedded ApacheDS DIT.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public class GetPrincipal
+{
+ /** The name of the principal to get. */
+ private final KerberosPrincipal principal;
+
+
+ /**
+ * Creates the action to be used against the embedded ApacheDS DIT.
+ *
+ * @param principal The principal to search for in the directory.
+ */
+ public GetPrincipal( KerberosPrincipal principal )
+ {
+ this.principal = principal;
+ }
+
+
+ /**
+ * Note that the base is a relative path from the existing context.
+ * It is not a Dn.
+ */
+ public Object execute( CoreSession session, Dn base ) throws Exception
+ {
+ if ( principal == null )
+ {
+ return null;
+ }
+
+ return getEntry( StoreUtils.findPrincipalEntry( session, base, principal.getName() ) );
+ }
+
+
+ /**
+ * Marshals an a PrincipalStoreEntry from an Attributes object.
+ *
+ * @param dn the distinguished name of the Kerberos principal
+ * @param attrs the attributes of the Kerberos principal
+ * @return the entry for the principal
+ * @throws Exception if there are any access problems
+ */
+ private PrincipalStoreEntry getEntry( Entry entry ) throws Exception
+ {
+ PrincipalStoreEntryModifier modifier = new PrincipalStoreEntryModifier();
+
+ modifier.setDistinguishedName( entry.getDn().getName() );
+
+ String principal = entry.get( KerberosAttribute.KRB5_PRINCIPAL_NAME_AT ).getString();
+ modifier.setPrincipal( new KerberosPrincipal( principal, PrincipalNameType.KRB_NT_PRINCIPAL.getValue() ) );
+
+ String keyVersionNumber = entry.get( KerberosAttribute.KRB5_KEY_VERSION_NUMBER_AT ).getString();
+ modifier.setKeyVersionNumber( Integer.parseInt( keyVersionNumber ) );
+
+ if ( entry.get( KerberosAttribute.KRB5_ACCOUNT_DISABLED_AT ) != null )
+ {
+ String val = entry.get( KerberosAttribute.KRB5_ACCOUNT_DISABLED_AT ).getString();
+ modifier.setDisabled( "true".equalsIgnoreCase( val ) );
+ }
+
+ if ( entry.get( KerberosAttribute.KRB5_ACCOUNT_LOCKEDOUT_AT ) != null )
+ {
+ String val = entry.get( KerberosAttribute.KRB5_ACCOUNT_LOCKEDOUT_AT ).getString();
+ modifier.setLockedOut( "true".equalsIgnoreCase( val ) );
+ }
+
+ if ( entry.get( KerberosAttribute.KRB5_ACCOUNT_EXPIRATION_TIME_AT ) != null )
+ {
+ String val = entry.get( KerberosAttribute.KRB5_ACCOUNT_EXPIRATION_TIME_AT ).getString();
+ try
+ {
+ modifier.setExpiration( KerberosTime.getTime( val ) );
+ }
+ catch ( ParseException e )
+ {
+ throw new Exception( "Account expiration attribute "
+ + KerberosAttribute.KRB5_ACCOUNT_EXPIRATION_TIME_AT + " contained an invalid value for generalizedTime: "
+ + val );
+ }
+ }
+
+ if ( entry.get( KerberosAttribute.APACHE_SAM_TYPE_AT ) != null )
+ {
+ String samType = entry.get( KerberosAttribute.APACHE_SAM_TYPE_AT ).getString();
+ modifier.setSamType( SamType.getTypeByOrdinal( Integer.parseInt( samType ) ) );
+ }
+
+ if ( entry.get( KerberosAttribute.KRB5_KEY_AT ) != null )
+ {
+ Attribute krb5key = entry.get( KerberosAttribute.KRB5_KEY_AT );
+
+ try
+ {
+ Map<EncryptionType, EncryptionKey> keyMap = modifier.reconstituteKeyMap( krb5key );
+ modifier.setKeyMap( keyMap );
+ }
+ catch ( KerberosException ioe )
+ {
+ throw new Exception( I18n.err( I18n.ERR_623, KerberosAttribute.KRB5_KEY_AT ) );
+ }
+ }
+
+ return modifier.getEntry();
+ }
+}
Added: directory/apacheds/trunk/protocol-shared/src/main/java/org/apache/directory/server/protocol/shared/kerberos/StoreUtils.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-shared/src/main/java/org/apache/directory/server/protocol/shared/kerberos/StoreUtils.java?rev=1443107&view=auto
==============================================================================
--- directory/apacheds/trunk/protocol-shared/src/main/java/org/apache/directory/server/protocol/shared/kerberos/StoreUtils.java (added)
+++ directory/apacheds/trunk/protocol-shared/src/main/java/org/apache/directory/server/protocol/shared/kerberos/StoreUtils.java Wed Feb 6 18:19:36 2013
@@ -0,0 +1,162 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.server.protocol.shared.kerberos;
+
+import java.nio.ByteBuffer;
+
+import org.apache.directory.api.ldap.model.entry.StringValue;
+import org.apache.directory.api.ldap.model.constants.SchemaConstants;
+import org.apache.directory.api.ldap.model.entry.Entry;
+import org.apache.directory.api.ldap.model.entry.Value;
+import org.apache.directory.api.ldap.model.filter.EqualityNode;
+import org.apache.directory.api.ldap.model.filter.ExprNode;
+import org.apache.directory.api.ldap.model.message.AliasDerefMode;
+import org.apache.directory.api.ldap.model.message.SearchScope;
+import org.apache.directory.api.ldap.model.name.Dn;
+import org.apache.directory.api.ldap.model.schema.AttributeType;
+import org.apache.directory.api.ldap.model.schema.SchemaManager;
+import org.apache.directory.server.core.api.CoreSession;
+import org.apache.directory.server.core.api.filtering.EntryFilteringCursor;
+import org.apache.directory.server.i18n.I18n;
+import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntry;
+import org.apache.directory.shared.kerberos.KerberosAttribute;
+import org.apache.directory.shared.kerberos.codec.types.EncryptionType;
+import org.apache.directory.shared.kerberos.components.EncryptionKey;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+
+/**
+ * Commonly used store utility operations.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public class StoreUtils
+{
+ private static final Logger LOG = LoggerFactory.getLogger( StoreUtils.class );
+
+
+ /**
+ * Creates a Entry for a PrincipalStoreEntry, doing what a state
+ * factory does but for Entry instead of Attributes.
+ *
+ * @param session the session to use to access the directory's registries
+ * @param dn the distinguished name of the principal to be
+ * @param principalEntry the principal entry to convert into a Entry
+ * @return the resultant server entry for the PrincipalStoreEntry argument
+ * @throws Exception if there are problems accessing registries
+ */
+ public static Entry toServerEntry( CoreSession session, Dn dn, PrincipalStoreEntry principalEntry )
+ throws Exception
+ {
+ Entry outAttrs = session.getDirectoryService().newEntry( dn );
+
+ // process the objectClass attribute
+ outAttrs.add( SchemaConstants.OBJECT_CLASS_AT,
+ SchemaConstants.TOP_OC, SchemaConstants.UID_OBJECT_AT,
+ "uidObject", SchemaConstants.EXTENSIBLE_OBJECT_OC,
+ SchemaConstants.PERSON_OC, SchemaConstants.ORGANIZATIONAL_PERSON_OC,
+ SchemaConstants.INET_ORG_PERSON_OC, SchemaConstants.KRB5_PRINCIPAL_OC,
+ "krb5KDCEntry" );
+
+ outAttrs.add( SchemaConstants.UID_AT, principalEntry.getUserId() );
+ outAttrs.add( KerberosAttribute.APACHE_SAM_TYPE_AT, "7" );
+ outAttrs.add( SchemaConstants.SN_AT, principalEntry.getUserId() );
+ outAttrs.add( SchemaConstants.CN_AT, principalEntry.getCommonName() );
+
+ EncryptionKey encryptionKey = principalEntry.getKeyMap().get( EncryptionType.DES_CBC_MD5 );
+
+ ByteBuffer buffer = ByteBuffer.allocate( encryptionKey.computeLength() );
+ outAttrs.add( KerberosAttribute.KRB5_KEY_AT, encryptionKey.encode( buffer ).array() );
+
+ int keyVersion = encryptionKey.getKeyVersion();
+
+ outAttrs.add( KerberosAttribute.KRB5_PRINCIPAL_NAME_AT, principalEntry.getPrincipal().toString() );
+ outAttrs.add( KerberosAttribute.KRB5_KEY_VERSION_NUMBER_AT, Integer.toString( keyVersion ) );
+
+ return outAttrs;
+ }
+
+
+ /**
+ * Constructs a filter expression tree for the filter used to search the
+ * directory.
+ *
+ * @param schemaManager The server schemaManager to use for attribute lookups
+ * @param principal the principal to use for building the filter
+ * @return the filter expression tree
+ * @throws Exception if there are problems while looking up attributes
+ */
+ private static ExprNode getFilter( SchemaManager schemaManager, String principal ) throws Exception
+ {
+ AttributeType type = schemaManager.lookupAttributeTypeRegistry( KerberosAttribute.KRB5_PRINCIPAL_NAME_AT );
+ Value<String> value = new StringValue( type, principal );
+ return new EqualityNode<String>( KerberosAttribute.KRB5_PRINCIPAL_NAME_AT, value );
+ }
+
+
+ /**
+ * Finds the Entry associated with the Kerberos principal name.
+ *
+ * @param session the session to use for the search
+ * @param searchBaseDn the base to use while searching
+ * @param principal the name of the principal to search for
+ * @return the server entry for the principal or null if non-existent
+ * @throws Exception if there are problems while searching the directory
+ */
+ public static Entry findPrincipalEntry( CoreSession session, Dn searchBaseDn, String principal )
+ throws Exception
+ {
+ EntryFilteringCursor cursor = null;
+
+ try
+ {
+ SchemaManager schemaManager = session.getDirectoryService().getSchemaManager();
+ cursor = session.search( searchBaseDn, SearchScope.SUBTREE,
+ getFilter( schemaManager, principal ), AliasDerefMode.DEREF_ALWAYS, null );
+
+ cursor.beforeFirst();
+ if ( cursor.next() )
+ {
+ Entry entry = cursor.get();
+ LOG.debug( "Found entry {} for kerberos principal name {}", entry, principal );
+
+ while ( cursor.next() )
+ {
+ LOG.error( I18n.err( I18n.ERR_149, principal, cursor.next() ) );
+ }
+
+ return entry;
+ }
+ else
+ {
+ LOG.warn( "No server entry found for kerberos principal name {}", principal );
+ return null;
+ }
+ }
+ finally
+ {
+ if ( cursor != null )
+ {
+ cursor.close();
+ }
+ }
+ }
+}
Added: directory/apacheds/trunk/server-annotations/src/main/java/org/apache/directory/server/annotations/CreateChngPwdServer.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/server-annotations/src/main/java/org/apache/directory/server/annotations/CreateChngPwdServer.java?rev=1443107&view=auto
==============================================================================
--- directory/apacheds/trunk/server-annotations/src/main/java/org/apache/directory/server/annotations/CreateChngPwdServer.java (added)
+++ directory/apacheds/trunk/server-annotations/src/main/java/org/apache/directory/server/annotations/CreateChngPwdServer.java Wed Feb 6 18:19:36 2013
@@ -0,0 +1,11 @@
+
+package org.apache.directory.server.annotations;
+
+public @interface CreateChngPwdServer
+{
+ /** The default kdc service principal */
+ String srvPrincipal() default "kadmin/changepw@EXAMPLE.COM";
+
+ /** The transports to use, default none */
+ CreateTransport[] transports() default {};
+}
Modified: directory/apacheds/trunk/server-annotations/src/main/java/org/apache/directory/server/annotations/CreateKdcServer.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/server-annotations/src/main/java/org/apache/directory/server/annotations/CreateKdcServer.java?rev=1443107&r1=1443106&r2=1443107&view=diff
==============================================================================
--- directory/apacheds/trunk/server-annotations/src/main/java/org/apache/directory/server/annotations/CreateKdcServer.java (original)
+++ directory/apacheds/trunk/server-annotations/src/main/java/org/apache/directory/server/annotations/CreateKdcServer.java Wed Feb 6 18:19:36 2013
@@ -69,4 +69,13 @@ public @interface CreateKdcServer
/** The maximum renewable lifetime. */
long maxRenewableLifetime() default 60000 * 10080;
+
+ /** the change password server.
+ * NOTE: this annotation is declared as an array cause there is no
+ * way to define the default value as null for a value in annotation
+ *
+ * Only the one declaration of changepassword server is enough and
+ * the first element alone is taken into consideration, rest of the
+ * array elements will be ignored*/
+ CreateChngPwdServer[] chngPwdServer() default {};
}
\ No newline at end of file
Modified: directory/apacheds/trunk/server-annotations/src/main/java/org/apache/directory/server/annotations/CreateLdapServer.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/server-annotations/src/main/java/org/apache/directory/server/annotations/CreateLdapServer.java?rev=1443107&r1=1443106&r2=1443107&view=diff
==============================================================================
--- directory/apacheds/trunk/server-annotations/src/main/java/org/apache/directory/server/annotations/CreateLdapServer.java (original)
+++ directory/apacheds/trunk/server-annotations/src/main/java/org/apache/directory/server/annotations/CreateLdapServer.java Wed Feb 6 18:19:36 2013
@@ -98,8 +98,10 @@ public @interface CreateLdapServer
/** The name of this host, validated during SASL negotiation. */
String saslHost() default "ldap.example.com";
-
-
+
+ /** The name of this host, validated during SASL negotiation. */
+ String[] saslRealms() default {"example.com"};
+
/** The service principal, used by GSSAPI. */
String saslPrincipal() default "ldap/ldap.example.com@EXAMPLE.COM";
}
\ No newline at end of file
Modified: directory/apacheds/trunk/server-annotations/src/main/java/org/apache/directory/server/factory/ServerAnnotationProcessor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/server-annotations/src/main/java/org/apache/directory/server/factory/ServerAnnotationProcessor.java?rev=1443107&r1=1443106&r2=1443107&view=diff
==============================================================================
--- directory/apacheds/trunk/server-annotations/src/main/java/org/apache/directory/server/factory/ServerAnnotationProcessor.java (original)
+++ directory/apacheds/trunk/server-annotations/src/main/java/org/apache/directory/server/factory/ServerAnnotationProcessor.java Wed Feb 6 18:19:36 2013
@@ -23,7 +23,10 @@ import java.io.IOException;
import java.lang.annotation.Annotation;
import java.lang.reflect.Method;
import java.net.ServerSocket;
+import java.util.ArrayList;
+import java.util.List;
+import org.apache.directory.server.annotations.CreateChngPwdServer;
import org.apache.directory.api.ldap.model.constants.SupportedSaslMechanisms;
import org.apache.directory.api.util.Strings;
import org.apache.directory.server.annotations.CreateConsumer;
@@ -34,6 +37,9 @@ import org.apache.directory.server.annot
import org.apache.directory.server.core.annotations.AnnotationUtils;
import org.apache.directory.server.core.api.DirectoryService;
import org.apache.directory.server.i18n.I18n;
+import org.apache.directory.server.kerberos.ChangePasswordConfig;
+import org.apache.directory.server.kerberos.KerberosConfig;
+import org.apache.directory.server.kerberos.changepwd.ChangePasswordServer;
import org.apache.directory.server.kerberos.kdc.KdcServer;
import org.apache.directory.server.ldap.ExtendedOperationHandler;
import org.apache.directory.server.ldap.LdapServer;
@@ -106,11 +112,11 @@ public class ServerAnnotationProcessor
else
{
// Create default LDAP and LDAPS transports
- int port = AvailablePortFinder.getNextAvailable();
+ int port = AvailablePortFinder.getNextAvailable( 1024 );
Transport ldap = new TcpTransport( port );
ldapServer.addTransports( ldap );
-
- port = AvailablePortFinder.getNextAvailable();
+
+ port = AvailablePortFinder.getNextAvailable( port );
Transport ldaps = new TcpTransport( port );
ldaps.setEnableSSL( true );
ldapServer.addTransports( ldaps );
@@ -193,7 +199,15 @@ public class ServerAnnotationProcessor
}
}
}
-
+
+ List<String> realms = new ArrayList<String>();
+ for( String s : createLdapServer.saslRealms() )
+ {
+ realms.add( s );
+ }
+
+ ldapServer.setSaslRealms( realms );
+
return ldapServer;
}
else
@@ -361,63 +375,64 @@ public class ServerAnnotationProcessor
return createKdcServer( createKdcServer, directoryService, startPort );
}
-
- private static KdcServer createKdcServer( CreateKdcServer createKdcServer, DirectoryService directoryService,
- int startPort )
+
+ private static KdcServer createKdcServer( CreateKdcServer createKdcServer, DirectoryService directoryService, int startPort )
{
- if ( createKdcServer == null )
+ if( createKdcServer == null )
{
return null;
}
- KdcServer kdcServer = new KdcServer();
- kdcServer.setServiceName( createKdcServer.name() );
- kdcServer.setKdcPrincipal( createKdcServer.kdcPrincipal() );
- kdcServer.setPrimaryRealm( createKdcServer.primaryRealm() );
- kdcServer.setMaximumTicketLifetime( createKdcServer.maxTicketLifetime() );
- kdcServer.setMaximumRenewableLifetime( createKdcServer.maxRenewableLifetime() );
-
+ KerberosConfig kdcConfig = new KerberosConfig();
+ kdcConfig.setServicePrincipal( createKdcServer.kdcPrincipal() );
+ kdcConfig.setPrimaryRealm( createKdcServer.primaryRealm() );
+ kdcConfig.setMaximumTicketLifetime( createKdcServer.maxTicketLifetime() );
+ kdcConfig.setMaximumRenewableLifetime( createKdcServer.maxRenewableLifetime() );
+
+ KdcServer kdcServer = new KdcServer( kdcConfig );
+
CreateTransport[] transportBuilders = createKdcServer.transports();
-
- if ( transportBuilders == null )
+
+ if( transportBuilders == null )
{
// create only UDP transport if none specified
- UdpTransport defaultTransport = new UdpTransport( AvailablePortFinder.getNextAvailable() );
+ UdpTransport defaultTransport = new UdpTransport( AvailablePortFinder.getNextAvailable( startPort ) );
kdcServer.addTransports( defaultTransport );
}
- else if ( transportBuilders.length > 0 )
+ else if( transportBuilders.length > 0 )
{
- for ( CreateTransport transportBuilder : transportBuilders )
+ for( CreateTransport transportBuilder : transportBuilders )
{
- String protocol = transportBuilder.protocol();
- int port = transportBuilder.port();
- int nbThreads = transportBuilder.nbThreads();
- int backlog = transportBuilder.backlog();
- String address = transportBuilder.address();
-
- if ( port == -1 )
- {
- port = AvailablePortFinder.getNextAvailable();
- startPort = port + 1;
- }
-
- if ( protocol.equalsIgnoreCase( "TCP" ) )
- {
- Transport tcp = new TcpTransport( address, port, nbThreads, backlog );
- kdcServer.addTransports( tcp );
- }
- else if ( protocol.equalsIgnoreCase( "UDP" ) )
- {
- UdpTransport udp = new UdpTransport( address, port );
- kdcServer.addTransports( udp );
- }
- else
- {
- throw new IllegalArgumentException( I18n.err( I18n.ERR_689, protocol ) );
- }
+ Transport t = createTransport( transportBuilder, startPort );
+ startPort = t.getPort() + 1;
+ kdcServer.addTransports( t );
}
}
+ CreateChngPwdServer[] createChngPwdServers = createKdcServer.chngPwdServer();
+
+
+ if( createChngPwdServers.length > 0 )
+ {
+
+ CreateChngPwdServer createChngPwdServer = createChngPwdServers[0];
+ ChangePasswordConfig config = new ChangePasswordConfig( kdcConfig );
+ config.setServicePrincipal( createChngPwdServer.srvPrincipal() );
+
+ ChangePasswordServer chngPwdServer = new ChangePasswordServer( config );
+
+ for( CreateTransport transportBuilder : createChngPwdServer.transports() )
+ {
+ Transport t = createTransport( transportBuilder, startPort );
+ startPort = t.getPort() + 1;
+ chngPwdServer.addTransports( t );
+ }
+
+ chngPwdServer.setDirectoryService( directoryService );
+
+ kdcServer.setChangePwdServer( chngPwdServer );
+ }
+
kdcServer.setDirectoryService( directoryService );
// Launch the server
@@ -432,10 +447,40 @@ public class ServerAnnotationProcessor
return kdcServer;
}
+
+
+ public static Transport createTransport( CreateTransport transportBuilder, int startPort )
+ {
+ String protocol = transportBuilder.protocol();
+ int port = transportBuilder.port();
+ int nbThreads = transportBuilder.nbThreads();
+ int backlog = transportBuilder.backlog();
+ String address = transportBuilder.address();
-
- public static KdcServer getKdcServer( Description description, DirectoryService directoryService, int startPort )
- throws Exception
+ if ( port == -1 )
+ {
+ port = AvailablePortFinder.getNextAvailable( startPort );
+ startPort = port + 1;
+ }
+
+ if ( protocol.equalsIgnoreCase( "TCP" ) )
+ {
+ Transport tcp = new TcpTransport( address, port, nbThreads, backlog );
+ return tcp;
+ }
+ else if ( protocol.equalsIgnoreCase( "UDP" ) )
+ {
+ UdpTransport udp = new UdpTransport( address, port );
+ return udp;
+ }
+ else
+ {
+ throw new IllegalArgumentException( I18n.err( I18n.ERR_689, protocol ) );
+ }
+ }
+
+
+ public static KdcServer getKdcServer( Description description, DirectoryService directoryService, int startPort ) throws Exception
{
CreateKdcServer createLdapServer = description.getAnnotation( CreateKdcServer.class );
Modified: directory/apacheds/trunk/server-annotations/src/test/java/org/apache/directory/server/factory/CreateKdcServerAnnotationTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/server-annotations/src/test/java/org/apache/directory/server/factory/CreateKdcServerAnnotationTest.java?rev=1443107&r1=1443106&r2=1443107&view=diff
==============================================================================
--- directory/apacheds/trunk/server-annotations/src/test/java/org/apache/directory/server/factory/CreateKdcServerAnnotationTest.java (original)
+++ directory/apacheds/trunk/server-annotations/src/test/java/org/apache/directory/server/factory/CreateKdcServerAnnotationTest.java Wed Feb 6 18:19:36 2013
@@ -29,6 +29,7 @@ import org.apache.directory.server.annot
import org.apache.directory.server.core.annotations.CreateDS;
import org.apache.directory.server.core.api.DirectoryService;
import org.apache.directory.server.core.factory.DSAnnotationProcessor;
+import org.apache.directory.server.kerberos.KerberosConfig;
import org.apache.directory.server.kerberos.kdc.KdcServer;
import org.apache.mina.util.AvailablePortFinder;
import org.junit.Test;
@@ -55,20 +56,20 @@ public class CreateKdcServerAnnotationTe
public void testCreateKdcServer() throws Exception
{
DirectoryService directoryService = DSAnnotationProcessor.getDirectoryService();
-
+
assertEquals( "CreateKdcServerAnnotationTest-class", directoryService.getInstanceId() );
-
- KdcServer server = ServerAnnotationProcessor.getKdcServer( directoryService,
- AvailablePortFinder.getNextAvailable() );
+
+ KdcServer server = ServerAnnotationProcessor.getKdcServer( directoryService, AvailablePortFinder.getNextAvailable( 1024 ) );
assertEquals( 2, server.getTransports().length );
-
+
+ KerberosConfig config = server.getConfig();
assertEquals( directoryService, server.getDirectoryService() );
- assertEquals( "apache.org", server.getPrimaryRealm() );
- assertEquals( "krbtgt/apache.org@apache.org", server.getServicePrincipal().getName() );
- assertEquals( 1000, server.getMaximumTicketLifetime() );
- assertEquals( 2000, server.getMaximumRenewableLifetime() );
-
+ assertEquals( "apache.org", config.getPrimaryRealm() );
+ assertEquals( "krbtgt/apache.org@apache.org", config.getServicePrincipal().getName() );
+ assertEquals( 1000, config.getMaximumTicketLifetime() );
+ assertEquals( 2000, config.getMaximumRenewableLifetime() );
+
server.stop();
directoryService.shutdown();
Modified: directory/apacheds/trunk/server-config/src/main/java/org/apache/directory/server/config/beans/ChangePasswordServerBean.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/server-config/src/main/java/org/apache/directory/server/config/beans/ChangePasswordServerBean.java?rev=1443107&r1=1443106&r2=1443107&view=diff
==============================================================================
--- directory/apacheds/trunk/server-config/src/main/java/org/apache/directory/server/config/beans/ChangePasswordServerBean.java (original)
+++ directory/apacheds/trunk/server-config/src/main/java/org/apache/directory/server/config/beans/ChangePasswordServerBean.java Wed Feb 6 18:19:36 2013
@@ -19,11 +19,9 @@
*/
package org.apache.directory.server.config.beans;
+import org.apache.directory.shared.ldap.model.name.Dn;
-import java.util.ArrayList;
-import java.util.List;
-import org.apache.directory.server.config.ConfigurationElement;
/**
@@ -33,38 +31,6 @@ import org.apache.directory.server.confi
*/
public class ChangePasswordServerBean extends DSBasedServerBean
{
- /** The policy for category count. */
- @ConfigurationElement(attributeType = "ads-chgPwdPolicyCategoryCount", isOptional = true)
- private int chgPwdPolicyCategoryCount;
-
- /** The policy for password length. */
- @ConfigurationElement(attributeType = "ads-chgPwdPolicyPasswordLength", isOptional = true)
- private int chgPwdPolicyPasswordLength;
-
- /** The policy for token size. */
- @ConfigurationElement(attributeType = "ads-chgPwdPolicyTokenSize", isOptional = true)
- private int chgPwdPolicyTokenSize;
-
- /** The service principal name. */
- @ConfigurationElement(attributeType = "ads-chgPwdServicePrincipal", isOptional = true)
- private String chgPwdServicePrincipal;
-
- /** The allowable clock skew. */
- @ConfigurationElement(attributeType = "ads-krbAllowableClockSkew", isOptional = true)
- private long krbAllowableClockSkew;
-
- /** Whether empty addresses are allowed. */
- @ConfigurationElement(attributeType = "ads-krbEmptyAddressesAllowed", isOptional = true)
- private boolean krbEmptyAddressesAllowed;
-
- /** The encryption types. */
- @ConfigurationElement(attributeType = "ads-krbEncryptionTypes", isOptional = true)
- private List<String> krbEncryptionTypes = new ArrayList<String>();
-
- /** The primary realm. */
- @ConfigurationElement(attributeType = "ads-krbPrimaryRealm", isOptional = true)
- private String krbPrimaryRealm;
-
/**
* Create a new ChangePasswordServer instance
@@ -74,194 +40,11 @@ public class ChangePasswordServerBean ex
super();
}
-
- /**
- * @return the krbAllowableClockSkew
- */
- public long getKrbAllowableClockSkew()
- {
- return krbAllowableClockSkew;
- }
-
-
- /**
- * @param krbAllowableClockSkew the krbAllowableClockSkew to set
- */
- public void setKrbAllowableClockSkew( long krbAllowableClockSkew )
- {
- this.krbAllowableClockSkew = krbAllowableClockSkew;
- }
-
-
- /**
- * @return the krbEmptyAddressesAllowed
- */
- public boolean isKrbEmptyAddressesAllowed()
- {
- return krbEmptyAddressesAllowed;
- }
-
-
- /**
- * @param krbEmptyAddressesAllowed the krbEmptyAddressesAllowed to set
- */
- public void setKrbEmptyAddressesAllowed( boolean krbEmptyAddressesAllowed )
- {
- this.krbEmptyAddressesAllowed = krbEmptyAddressesAllowed;
- }
-
-
- /**
- * @return the krbEncryptionTypes
- */
- public List<String> getKrbEncryptionTypes()
- {
- return krbEncryptionTypes;
- }
-
-
- /**
- * @param krbEncryptionTypes the krbEncryptionTypes to set
- */
- public void setKrbEncryptionTypes( List<String> krbEncryptionTypes )
- {
- this.krbEncryptionTypes = krbEncryptionTypes;
- }
-
-
- /**
- * Initialize the encryptionTypes set
- *
- * @param krbEncryptionTypes the encryptionTypes to set
- */
- public void addKrbEncryptionTypes( String... krbEncryptionTypes )
- {
- for ( String encryptionType : krbEncryptionTypes )
- {
- this.krbEncryptionTypes.add( encryptionType );
- }
- }
-
-
- /**
- * @return the krbPrimaryRealm
- */
- public String getKrbPrimaryRealm()
- {
- return krbPrimaryRealm;
- }
-
-
- /**
- * @param krbPrimaryRealm the krbPrimaryRealm to set
- */
- public void setKrbPrimaryRealm( String krbPrimaryRealm )
- {
- this.krbPrimaryRealm = krbPrimaryRealm;
- }
-
-
- /**
- * @return the chgPwdPolicyCategoryCount
- */
- public int getChgPwdPolicyCategoryCount()
- {
- return chgPwdPolicyCategoryCount;
- }
-
-
- /**
- * @param chgPwdPolicyCategoryCount the chgPwdPolicyCategoryCount to set
- */
- public void setChgPwdPolicyCategoryCount( int chgPwdPolicyCategoryCount )
- {
- this.chgPwdPolicyCategoryCount = chgPwdPolicyCategoryCount;
- }
-
-
- /**
- * @return the chgPwdPolicyPasswordLength
- */
- public int getChgPwdPolicyPasswordLength()
- {
- return chgPwdPolicyPasswordLength;
- }
-
-
- /**
- * @param chgPwdPolicyPasswordLength the chgPwdPolicyPasswordLength to set
- */
- public void setChgPwdPolicyPasswordLength( int chgPwdPolicyPasswordLength )
- {
- this.chgPwdPolicyPasswordLength = chgPwdPolicyPasswordLength;
- }
-
-
- /**
- * @return the chgPwdPolicyTokenSize
- */
- public int getChgPwdPolicyTokenSize()
- {
- return chgPwdPolicyTokenSize;
- }
-
-
- /**
- * @param chgPwdPolicyTokenSize the chgPwdPolicyTokenSize to set
- */
- public void setChgPwdPolicyTokenSize( int chgPwdPolicyTokenSize )
- {
- this.chgPwdPolicyTokenSize = chgPwdPolicyTokenSize;
- }
-
-
- /**
- * @return the chgPwdServicePrincipal
- */
- public String getChgPwdServicePrincipal()
- {
- return chgPwdServicePrincipal;
- }
-
-
- /**
- * @param chgPwdServicePrincipal the chgPwdServicePrincipal to set
- */
- public void setChgPwdServicePrincipal( String chgPwdServicePrincipal )
- {
- this.chgPwdServicePrincipal = chgPwdServicePrincipal;
- }
-
-
- /**
- * {@inheritDoc}
- */
- public String toString( String tabs )
+
+ @Override
+ public void setSearchBaseDn( Dn searchBaseDn )
{
- StringBuilder sb = new StringBuilder();
-
- sb.append( tabs ).append( "ChangePasswordServer :\n" );
- sb.append( super.toString( tabs + " " ) );
- sb.append( toString( tabs, " change password service principal", chgPwdServicePrincipal ) );
- sb.append( toString( tabs, " KRB primary realm", krbPrimaryRealm ) );
-
- if ( ( krbEncryptionTypes != null ) && ( krbEncryptionTypes.size() != 0 ) )
- {
- sb.append( tabs ).append( " encryption types : \n" );
-
- for ( String encryptionType : krbEncryptionTypes )
- {
- sb.append( tabs ).append( " encryptionType : " ).append( encryptionType ).append( '\n' );
- }
- }
-
- sb.append( toString( tabs, " change password policy category count", chgPwdPolicyCategoryCount ) );
- sb.append( toString( tabs, " change password policy password length", chgPwdPolicyPasswordLength ) );
- sb.append( toString( tabs, " change password policy token size", chgPwdPolicyTokenSize ) );
- sb.append( toString( tabs, " KRB allowable clock skew", krbAllowableClockSkew ) );
- sb.append( toString( tabs, " KRB empty addresses allowed", krbEmptyAddressesAllowed ) );
-
- return sb.toString();
+ throw new UnsupportedOperationException( "No need to set the search base DN, the kerberos server's search base DN is used internally" );
}
@@ -270,6 +53,6 @@ public class ChangePasswordServerBean ex
*/
public String toString()
{
- return toString( "" );
+ return "ChangePasswordServer";
}
}
|