Adding a keytab test for a different encryption type
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/local/AdminHelper.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/local/AdminHelper.java
index a0ca3b0..9e8724d 100644
--- a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/local/AdminHelper.java
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/local/AdminHelper.java
@@ -299,12 +299,10 @@
patternString = patternString.replaceAll("\\*", ".*");
patternString = "^" + patternString + "$";
- Pattern pt;
try {
- pt = Pattern.compile(patternString);
+ return Pattern.compile(patternString);
} catch (PatternSyntaxException e) {
throw new KrbException("Invalid glob pattern string");
}
- return pt;
}
}
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/local/LocalKadminImpl.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/local/LocalKadminImpl.java
index dc67f12..bb914f4 100644
--- a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/local/LocalKadminImpl.java
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/local/LocalKadminImpl.java
@@ -14,7 +14,7 @@
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
- * under the License.
+ * under the License.
*
*/
package org.apache.kerby.kerberos.kerb.admin.kadmin.local;
@@ -37,7 +37,7 @@
import org.slf4j.LoggerFactory;
import java.io.File;
-import java.util.ArrayList;
+import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
@@ -211,9 +211,7 @@
public void exportKeytab(File keytabFile, String principal)
throws KrbException {
principal = fixPrincipal(principal);
- List<String> principals = new ArrayList<>(1);
- principals.add(principal);
- exportKeytab(keytabFile, principals);
+ exportKeytab(keytabFile, Collections.singletonList(principal));
}
@Override
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/EncryptionHandler.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/EncryptionHandler.java
index db33e53..4122c3e 100644
--- a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/EncryptionHandler.java
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/EncryptionHandler.java
@@ -14,7 +14,7 @@
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
- * under the License.
+ * under the License.
*
*/
package org.apache.kerby.kerberos.kerb.crypto;
@@ -52,8 +52,7 @@
* @throws KrbException e
*/
public static EncryptionType getEncryptionType(String eType) throws KrbException {
- EncryptionType result = EncryptionType.fromName(eType);
- return result;
+ return EncryptionType.fromName(eType);
}
/**
@@ -208,8 +207,7 @@
KeyUsage usage) throws KrbException {
EncTypeHandler handler = getEncHandler(key.getKeyType());
- byte[] plainData = handler.decrypt(data, key.getKeyData(), usage.getValue());
- return plainData;
+ return handler.decrypt(data, key.getKeyData(), usage.getValue());
}
/**
@@ -225,9 +223,8 @@
KeyUsage usage) throws KrbException {
EncTypeHandler handler = getEncHandler(key.getKeyType());
- byte[] plainData = handler.decrypt(data.getCipher(),
+ return handler.decrypt(data.getCipher(),
key.getKeyData(), usage.getValue());
- return plainData;
}
/**
@@ -243,7 +240,7 @@
} catch (KrbException e) {
return false;
}
- return handler != null;
+ return handler != null;
}
/**
@@ -291,8 +288,7 @@
byte[] randomBytes = Random.makeBytes(handler.keyInputSize());
byte[] keyBytes = handler.random2Key(randomBytes);
- EncryptionKey encKey = new EncryptionKey(eType, keyBytes);
- return encKey;
+ return new EncryptionKey(eType, keyBytes);
}
/**
@@ -308,8 +304,7 @@
byte[] randomBytes1 = randomBytes;
byte[] keyBytes = handler.random2Key(randomBytes1);
- EncryptionKey encKey = new EncryptionKey(eType, keyBytes);
- return encKey;
+ return new EncryptionKey(eType, keyBytes);
}
/**
diff --git a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KeytabArcFourMd5LoginTest.java b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KeytabArcFourMd5LoginTest.java
new file mode 100644
index 0000000..9a42020
--- /dev/null
+++ b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KeytabArcFourMd5LoginTest.java
@@ -0,0 +1,45 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.server;
+
+import org.apache.kerby.kerberos.kerb.identity.backend.BackendConfig;
+import org.junit.Test;
+
+public class KeytabArcFourMd5LoginTest extends LoginTestBase {
+
+ @Override
+ protected void setUpKdcServer() throws Exception {
+ KdcConfig config = new KdcConfig();
+ config.setString(KdcConfigKey.ENCRYPTION_TYPES, "arcfour-hmac");
+ SimpleKdcServer kdcServer = new TestKdcServer(allowTcp(), allowUdp(), config, new BackendConfig());
+ super.setKdcServer(kdcServer);
+
+ configKdcSeverAndClient();
+
+ prepareKdc();
+
+ kdcServer.start();
+ }
+
+ @Test
+ public void testLogin() throws Exception {
+ checkSubject(super.loginServiceUsingKeytab());
+ }
+}
\ No newline at end of file
diff --git a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/TestKdcServer.java b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/TestKdcServer.java
index 955f966..a15d8c9 100644
--- a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/TestKdcServer.java
+++ b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/TestKdcServer.java
@@ -6,16 +6,16 @@
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
- * under the License.
- *
+ * under the License.
+ *
*/
package org.apache.kerby.kerberos.kerb.server;
@@ -23,6 +23,7 @@
import org.apache.kerby.kerberos.kerb.client.KrbClient;
import org.apache.kerby.kerberos.kerb.client.KrbConfig;
import org.apache.kerby.kerberos.kerb.client.KrbConfigKey;
+import org.apache.kerby.kerberos.kerb.identity.backend.BackendConfig;
import org.apache.kerby.util.NetworkUtil;
import java.io.File;
@@ -47,6 +48,24 @@
setClient();
}
+ public TestKdcServer(boolean allowTcp, boolean allowUdp, KdcConfig kdcConfig,
+ BackendConfig backendConfig) throws KrbException {
+ super(kdcConfig, backendConfig);
+
+ setKdcRealm(KDC_REALM);
+ setKdcHost(HOSTNAME);
+ setAllowTcp(allowTcp);
+ setAllowUdp(allowUdp);
+
+ if (allowTcp) {
+ setKdcTcpPort(NetworkUtil.getServerPort());
+ }
+ if (allowUdp) {
+ setKdcUdpPort(NetworkUtil.getServerPort());
+ }
+ setClient();
+ }
+
public TestKdcServer(File confDir, KrbConfig krbConfig) throws KrbException {
super(confDir, krbConfig);
setClient();
diff --git a/kerby-kerb/kerb-simplekdc/src/main/java/org/apache/kerby/kerberos/kerb/server/SimpleKdcServer.java b/kerby-kerb/kerb-simplekdc/src/main/java/org/apache/kerby/kerberos/kerb/server/SimpleKdcServer.java
index 0c3f423..3f2fe0f 100644
--- a/kerby-kerb/kerb-simplekdc/src/main/java/org/apache/kerby/kerberos/kerb/server/SimpleKdcServer.java
+++ b/kerby-kerb/kerb-simplekdc/src/main/java/org/apache/kerby/kerberos/kerb/server/SimpleKdcServer.java
@@ -27,6 +27,7 @@
import org.apache.kerby.kerberos.kerb.client.KrbConfig;
import org.apache.kerby.kerberos.kerb.client.KrbPkinitClient;
import org.apache.kerby.kerberos.kerb.client.KrbTokenClient;
+import org.apache.kerby.kerberos.kerb.identity.backend.BackendConfig;
import org.apache.kerby.util.NetworkUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -62,6 +63,16 @@
setKdcPort(NetworkUtil.getServerPort());
}
+ public SimpleKdcServer(KdcConfig kdcConfig,
+ BackendConfig backendConfig) throws KrbException {
+ super(kdcConfig, backendConfig);
+ this.krbClnt = new KrbClient(new KrbConfig());
+
+ setKdcRealm("EXAMPLE.COM");
+ setKdcHost("localhost");
+ setKdcPort(NetworkUtil.getServerPort());
+ }
+
public SimpleKdcServer(KrbConfig krbConfig) {
super();
this.krbClnt = new KrbClient(krbConfig);
diff --git a/kerby-kerb/kerb-util/src/test/java/org/apache/kerby/kerberos/kerb/util/NewEncryptionTest.java b/kerby-kerb/kerb-util/src/test/java/org/apache/kerby/kerberos/kerb/util/NewEncryptionTest.java
index 23de695..3238cbf 100644
--- a/kerby-kerb/kerb-util/src/test/java/org/apache/kerby/kerberos/kerb/util/NewEncryptionTest.java
+++ b/kerby-kerb/kerb-util/src/test/java/org/apache/kerby/kerberos/kerb/util/NewEncryptionTest.java
@@ -88,6 +88,11 @@
testEncWith(EncryptionType.RC4_HMAC_EXP);
}
+ @Test
+ public void testArcfourHmacMd5() throws IOException, KrbException {
+ testEncWith(EncryptionType.ARCFOUR_HMAC_MD5);
+ }
+
/**
* Decryption can leave a little trailing cruft. For the current cryptosystems, this can be up to 7 bytes.
* @param inData
@@ -101,11 +106,7 @@
byte[] resultData = Arrays.copyOf(outData, inData.length);
- if (Arrays.equals(inData, resultData)) {
- return true;
- } else {
- return false;
- }
+ return Arrays.equals(inData, resultData);
}
private void testEncWith(EncryptionType eType) throws KrbException {
