Merge branch 'master' into installation
diff --git a/3rdparty/not-yet-commons-ssl/pom.xml b/3rdparty/not-yet-commons-ssl/pom.xml
index 8f6c402..5a1b97f 100644
--- a/3rdparty/not-yet-commons-ssl/pom.xml
+++ b/3rdparty/not-yet-commons-ssl/pom.xml
@@ -12,8 +12,8 @@
See the License for the specific language governing permissions and
limitations under the License. See accompanying LICENSE file.
-->
-<project xmlns="http://maven.apache.org/POM/4.0.0"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+<project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns="http://maven.apache.org/POM/4.0.0"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<parent>
<groupId>org.apache.kerby</groupId>
@@ -87,8 +87,6 @@
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
- <version>${junit.version}</version>
- <scope>test</scope>
</dependency>
</dependencies>
diff --git a/3rdparty/pom.xml b/3rdparty/pom.xml
index e9fb76e..e1fa253 100644
--- a/3rdparty/pom.xml
+++ b/3rdparty/pom.xml
@@ -12,7 +12,7 @@
See the License for the specific language governing permissions and
limitations under the License. See accompanying LICENSE file.
-->
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+<project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://maven.apache.org/POM/4.0.0" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
@@ -30,4 +30,11 @@
<module>not-yet-commons-ssl</module>
</modules>
+ <dependencies>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ </dependency>
+ </dependencies>
+
</project>
diff --git a/kdc-tool/README b/kdc-tool/README
new file mode 100644
index 0000000..a261812
--- /dev/null
+++ b/kdc-tool/README
@@ -0,0 +1 @@
+This will contain all kinds of tools provided by or serving for Kerby KDC.
\ No newline at end of file
diff --git a/tool/pom.xml b/kdc-tool/kinit/pom.xml
similarity index 90%
rename from tool/pom.xml
rename to kdc-tool/kinit/pom.xml
index 6862b35..e51f31b 100644
--- a/tool/pom.xml
+++ b/kdc-tool/kinit/pom.xml
@@ -17,13 +17,13 @@
<parent>
<groupId>org.apache.kerby</groupId>
- <artifactId>kerby-all</artifactId>
+ <artifactId>kdc-tool</artifactId>
<version>1.0-SNAPSHOT</version>
</parent>
- <artifactId>tool</artifactId>
- <name>Tool</name>
- <description>Kerby KDC and client tools</description>
+ <artifactId>kinit</artifactId>
+ <name>Kinit</name>
+ <description>Kerby KDC kinit tool</description>
<dependencies>
<dependency>
diff --git a/tool/src/main/java/org/apache/kerberos/tool/Kinit.java b/kdc-tool/kinit/src/main/java/org/apache/kerby/kerberos/tool/Kinit.java
similarity index 100%
rename from tool/src/main/java/org/apache/kerberos/tool/Kinit.java
rename to kdc-tool/kinit/src/main/java/org/apache/kerby/kerberos/tool/Kinit.java
diff --git a/tool/pom.xml b/kdc-tool/pom.xml
similarity index 61%
copy from tool/pom.xml
copy to kdc-tool/pom.xml
index 6862b35..da3cb47 100644
--- a/tool/pom.xml
+++ b/kdc-tool/pom.xml
@@ -21,25 +21,13 @@
<version>1.0-SNAPSHOT</version>
</parent>
- <artifactId>tool</artifactId>
- <name>Tool</name>
- <description>Kerby KDC and client tools</description>
+ <artifactId>kdc-tool</artifactId>
+ <name>Kdc Tool Project</name>
+ <version>1.0-SNAPSHOT</version>
+ <packaging>pom</packaging>
- <dependencies>
- <dependency>
- <groupId>org.apache.kerby</groupId>
- <artifactId>kerby-config</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.apache.kerby</groupId>
- <artifactId>kerb-client</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.apache.kerby</groupId>
- <artifactId>kerby-token</artifactId>
- <version>${project.version}</version>
- </dependency>
- </dependencies>
+ <modules>
+ <module>kinit</module>
+ <module>token-tool</module>
+ </modules>
</project>
diff --git a/lib/kerby-token/pom.xml b/kdc-tool/token-tool/pom.xml
similarity index 83%
rename from lib/kerby-token/pom.xml
rename to kdc-tool/token-tool/pom.xml
index e15128c..10c3e1e 100644
--- a/lib/kerby-token/pom.xml
+++ b/kdc-tool/token-tool/pom.xml
@@ -19,12 +19,12 @@
<parent>
<groupId>org.apache.kerby</groupId>
- <artifactId>lib</artifactId>
+ <artifactId>kdc-tool</artifactId>
<version>1.0-SNAPSHOT</version>
</parent>
- <artifactId>kerby-token</artifactId>
- <name>Kerby-token Project</name>
+ <artifactId>token-tool</artifactId>
+ <name>Token Tool Project</name>
<version>1.0-SNAPSHOT</version>
<packaging>jar</packaging>
@@ -36,6 +36,11 @@
</dependency>
<dependency>
<groupId>org.apache.kerby</groupId>
+ <artifactId>kerb-core</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.kerby</groupId>
<artifactId>kerby-asn1</artifactId>
<version>${project.version}</version>
</dependency>
diff --git a/lib/kerby-token/src/main/java/org/apache/kerby/token/AuthzDataEntry.java b/kdc-tool/token-tool/src/main/java/org/apache/kerby/token/AuthzDataEntry.java
similarity index 100%
rename from lib/kerby-token/src/main/java/org/apache/kerby/token/AuthzDataEntry.java
rename to kdc-tool/token-tool/src/main/java/org/apache/kerby/token/AuthzDataEntry.java
diff --git a/lib/kerby-token/src/main/java/org/apache/kerby/token/TokenCache.java b/kdc-tool/token-tool/src/main/java/org/apache/kerby/token/TokenCache.java
similarity index 100%
rename from lib/kerby-token/src/main/java/org/apache/kerby/token/TokenCache.java
rename to kdc-tool/token-tool/src/main/java/org/apache/kerby/token/TokenCache.java
diff --git a/lib/kerby-token/src/main/java/org/apache/kerby/token/TokenExtractor.java b/kdc-tool/token-tool/src/main/java/org/apache/kerby/token/TokenExtractor.java
similarity index 97%
rename from lib/kerby-token/src/main/java/org/apache/kerby/token/TokenExtractor.java
rename to kdc-tool/token-tool/src/main/java/org/apache/kerby/token/TokenExtractor.java
index 8e43384..2eed75c 100644
--- a/lib/kerby-token/src/main/java/org/apache/kerby/token/TokenExtractor.java
+++ b/kdc-tool/token-tool/src/main/java/org/apache/kerby/token/TokenExtractor.java
@@ -23,6 +23,7 @@
import com.sun.security.jgss.ExtendedGSSContext;
import com.sun.security.jgss.InquireType;
import org.apache.kerby.asn1.type.Asn1SequenceOf;
+import org.apache.kerby.kerberos.kerb.spec.pa.token.KerbToken;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSException;
diff --git a/lib/kerby-token/src/main/java/org/apache/kerby/token/TokenTool.java b/kdc-tool/token-tool/src/main/java/org/apache/kerby/token/TokenTool.java
similarity index 98%
rename from lib/kerby-token/src/main/java/org/apache/kerby/token/TokenTool.java
rename to kdc-tool/token-tool/src/main/java/org/apache/kerby/token/TokenTool.java
index 2de1973..9946dfa 100644
--- a/lib/kerby-token/src/main/java/org/apache/kerby/token/TokenTool.java
+++ b/kdc-tool/token-tool/src/main/java/org/apache/kerby/token/TokenTool.java
@@ -23,6 +23,7 @@
import com.nimbusds.jwt.JWT;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.PlainJWT;
+import org.apache.kerby.kerberos.kerb.spec.pa.token.KerbToken;
import java.text.ParseException;
import java.util.*;
diff --git a/kerby-asn1/pom.xml b/kerby-asn1/pom.xml
index 281199e..427fe7e 100644
--- a/kerby-asn1/pom.xml
+++ b/kerby-asn1/pom.xml
@@ -12,8 +12,8 @@
See the License for the specific language governing permissions and
limitations under the License. See accompanying LICENSE file.
-->
-<project xmlns="http://maven.apache.org/POM/4.0.0"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+<project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns="http://maven.apache.org/POM/4.0.0"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<parent>
@@ -32,13 +32,10 @@
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
- <version>${junit.version}</version>
</dependency>
<dependency>
<groupId>org.assertj</groupId>
<artifactId>assertj-core</artifactId>
- <version>${assertj.version}</version>
- <scope>test</scope>
</dependency>
</dependencies>
diff --git a/kerby-kdc/pom.xml b/kerby-kdc/pom.xml
index ec54b2a..5b575d3 100644
--- a/kerby-kdc/pom.xml
+++ b/kerby-kdc/pom.xml
@@ -12,7 +12,7 @@
See the License for the specific language governing permissions and
limitations under the License. See accompanying LICENSE file.
-->
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+<project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://maven.apache.org/POM/4.0.0" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
@@ -49,8 +49,6 @@
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
- <version>${junit.version}</version>
- <scope>test</scope>
</dependency>
</dependencies>
</project>
diff --git a/kerby-kerb/kerb-client/pom.xml b/kerby-kerb/kerb-client/pom.xml
index c4d1290..d64852d 100644
--- a/kerby-kerb/kerb-client/pom.xml
+++ b/kerby-kerb/kerb-client/pom.xml
@@ -57,4 +57,28 @@
<version>${project.version}</version>
</dependency>
</dependencies>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-assembly-plugin</artifactId>
+ <version>2.2</version>
+ <executions>
+ <execution>
+ <id>package-all</id>
+ <phase>package</phase>
+ <goals>
+ <goal>single</goal>
+ </goals>
+ <configuration>
+ <descriptorRefs>
+ <descriptorRef>jar-with-dependencies</descriptorRef>
+ </descriptorRefs>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
</project>
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbClient.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbClient.java
index 55e9b60..201566e 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbClient.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbClient.java
@@ -23,23 +23,22 @@
import org.apache.kerby.event.EventHub;
import org.apache.kerby.event.EventWaiter;
import org.apache.kerby.kerberos.kerb.KrbErrorCode;
+import org.apache.kerby.kerberos.kerb.KrbErrorException;
+import org.apache.kerby.kerberos.kerb.KrbException;
import org.apache.kerby.kerberos.kerb.client.event.KrbClientEvent;
import org.apache.kerby.kerberos.kerb.client.event.KrbClientEventType;
import org.apache.kerby.kerberos.kerb.client.request.*;
import org.apache.kerby.kerberos.kerb.common.KrbErrorUtil;
import org.apache.kerby.kerberos.kerb.common.KrbStreamingDecoder;
-import org.apache.kerby.kerberos.kerb.KrbErrorException;
-import org.apache.kerby.kerberos.kerb.KrbException;
import org.apache.kerby.kerberos.kerb.spec.common.KrbError;
import org.apache.kerby.kerberos.kerb.spec.common.PrincipalName;
import org.apache.kerby.kerberos.kerb.spec.ticket.ServiceTicket;
import org.apache.kerby.kerberos.kerb.spec.ticket.TgtTicket;
-import org.apache.kerby.token.KerbToken;
-import org.apache.kerby.transport.Connector;
+import org.apache.kerby.kerberos.kerb.spec.pa.token.KerbToken;
+import org.apache.kerby.transport.Network;
import org.apache.kerby.transport.Transport;
import org.apache.kerby.transport.event.TransportEvent;
import org.apache.kerby.transport.event.TransportEventType;
-import org.apache.kerby.transport.tcp.TcpConnector;
import java.io.IOException;
import java.security.PrivateKey;
@@ -58,24 +57,41 @@
private KrbHandler krbHandler;
private KrbContext context;
- private KrbConfig config;
+ private String kdcHost;
+ private int kdcTcpPort;
+ private Boolean allowUdp;
+ private int kdcUdpPort;
+ private KrbConfig krbConfig;
/**
- *
+ * Default constructor.
+ */
+ public KrbClient() {
+ this(new KrbConfig());
+ }
+
+ /**
+ * Construct a KrbClient with host and port. The port can be TCP, UDP or
+ * both, but TCP will try first.
* @param kdcHost
* @param kdcPort
*/
- public KrbClient(String kdcHost, short kdcPort) {
+ public KrbClient(String kdcHost, int kdcPort) {
this(new KrbConfig());
setKdcHost(kdcHost);
- setKdcPort(kdcPort);
+ setKdcTcpPort(kdcPort);
+ setKdcUdpPort(kdcPort);
}
- public KrbClient(KrbConfig config) {
- this.config = config;
+ /**
+ * Construct with prepared KrbConfig
+ * @param krbConfig
+ */
+ public KrbClient(KrbConfig krbConfig) {
+ this.krbConfig = krbConfig;
this.context = new KrbContext();
- context.init(config);
+ context.init(krbConfig);
}
/**
@@ -86,20 +102,64 @@
context.setKdcRealm(realm);
}
- /**
- *
- * @param kdcHost
- */
- public void setKdcHost(String kdcHost) {
- context.setKdcHost(kdcHost);
+ private String getKdcHost() {
+ if (kdcHost != null) {
+ return kdcHost;
+ }
+ return krbConfig.getKdcHost();
+ }
+
+ private int getKdcTcpPort() {
+ if (kdcTcpPort > 0) {
+ return kdcTcpPort;
+ }
+ return krbConfig.getKdcTcpPort();
+ }
+
+ private boolean allowUdp() {
+ if (allowUdp != null) {
+ return allowUdp;
+ }
+ return krbConfig.allowKdcUdp();
+ }
+
+ private int getKdcUdpPort() {
+ if (kdcUdpPort > 0) {
+ return kdcUdpPort;
+ }
+ return krbConfig.getKdcUdpPort();
}
/**
- *
- * @param kdcPort
+ * Set KDC host.
+ * @param kdcHost
*/
- public void setKdcPort(short kdcPort) {
- context.setKdcPort(kdcPort);
+ public void setKdcHost(String kdcHost) {
+ this.kdcHost = kdcHost;
+ }
+
+ /**
+ * Set KDC tcp port.
+ * @param kdcTcpPort
+ */
+ public void setKdcTcpPort(int kdcTcpPort) {
+ this.kdcTcpPort = kdcTcpPort;
+ }
+
+ /**
+ * Set to allow UDP or not.
+ * @param allowUdp
+ */
+ public void setAllowUdp(boolean allowUdp) {
+ this.allowUdp = allowUdp;
+ }
+
+ /**
+ * Set KDC udp port. Only makes sense when allowUdp is set.
+ * @param kdcUdpPort
+ */
+ public void setKdcUdpPort(int kdcUdpPort) {
+ this.kdcUdpPort = kdcUdpPort;
}
/**
@@ -117,8 +177,9 @@
this.eventHub = new EventHub();
eventHub.register(krbHandler);
- Connector connector = new TcpConnector(new KrbStreamingDecoder());
- eventHub.register(connector);
+ Network network = new Network();
+ network.setStreamingDecoder(new KrbStreamingDecoder());
+ eventHub.register(network);
eventWaiter = eventHub.waitEvent(
TransportEventType.NEW_TRANSPORT,
@@ -128,7 +189,10 @@
eventHub.start();
- connector.connect(context.getKdcHost(), context.getKdcPort());
+ network.tcpConnect(getKdcHost(), getKdcTcpPort());
+ if (allowUdp()) {
+ network.udpConnect(getKdcHost(), getKdcUdpPort());
+ }
Event event = eventWaiter.waitEvent(TransportEventType.NEW_TRANSPORT);
transport = ((TransportEvent) event).getTransport();
}
@@ -141,7 +205,9 @@
* @throws KrbException
*/
public TgtTicket requestTgtTicket(String principal, KrbOptions options) throws KrbException {
- if (options == null) options = new KrbOptions();
+ if (options == null) {
+ options = new KrbOptions();
+ }
AsRequest asRequest = new AsRequest(context);
asRequest.setKrbOptions(options);
@@ -158,7 +224,9 @@
*/
public TgtTicket requestTgtTicket(String principal, String password,
KrbOptions options) throws KrbException {
- if (options == null) options = new KrbOptions();
+ if (options == null) {
+ options = new KrbOptions();
+ }
AsRequest asRequest = new AsRequestWithPasswd(context);
options.add(KrbOption.USER_PASSWD, password);
@@ -177,7 +245,9 @@
*/
public TgtTicket requestTgtTicket(String principal, Certificate certificate,
PrivateKey privateKey, KrbOptions options) throws KrbException {
- if (options == null) options = new KrbOptions();
+ if (options == null) {
+ options = new KrbOptions();
+ }
AsRequestWithCert asRequest = new AsRequestWithCert(context);
options.add(KrbOption.PKINIT_X509_CERTIFICATE, certificate);
@@ -193,7 +263,9 @@
* @throws KrbException
*/
public TgtTicket requestTgtTicket(KrbOptions options) throws KrbException {
- if (options == null) options = new KrbOptions();
+ if (options == null) {
+ options = new KrbOptions();
+ }
AsRequestWithCert asRequest = new AsRequestWithCert(context);
options.add(KrbOption.PKINIT_X509_ANONYMOUS);
@@ -213,7 +285,9 @@
*/
public TgtTicket requestTgtTicket(String principal, KerbToken token,
KrbOptions options) throws KrbException {
- if (options == null) options = new KrbOptions();
+ if (options == null) {
+ options = new KrbOptions();
+ }
AsRequestWithToken asRequest = new AsRequestWithToken(context);
options.add(KrbOption.TOKEN_USER_ID_TOKEN, token);
@@ -232,7 +306,9 @@
*/
public ServiceTicket requestServiceTicket(String clientPrincipal, String password,
String serverPrincipal, KrbOptions options) throws KrbException {
- if (options == null) options = new KrbOptions();
+ if (options == null) {
+ options = new KrbOptions();
+ }
TgtTicket tgt = requestTgtTicket(clientPrincipal, password, options);
return requestServiceTicket(tgt, serverPrincipal, options);
@@ -249,7 +325,9 @@
*/
public ServiceTicket requestServiceTicket(String clientPrincipal, KerbToken token,
String serverPrincipal, KrbOptions options) throws KrbException {
- if (options == null) options = new KrbOptions();
+ if (options == null) {
+ options = new KrbOptions();
+ }
TgtTicket tgt = requestTgtTicket(clientPrincipal, token, options);
return requestServiceTicket(tgt, serverPrincipal, options);
@@ -299,7 +377,9 @@
*/
public ServiceTicket requestServiceTicket(TgtTicket tgt, String serverPrincipal,
KrbOptions options) throws KrbException {
- if (options == null) options = new KrbOptions();
+ if (options == null) {
+ options = new KrbOptions();
+ }
TgsRequest ticketReq = new TgsRequest(context, tgt);
ticketReq.setServerPrincipal(new PrincipalName(serverPrincipal));
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfig.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfig.java
index e523c12..9317424 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfig.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfig.java
@@ -40,15 +40,55 @@
return conf.getBoolean(KrbConfigKey.KRB_DEBUG);
}
+ /**
+ * Get KDC host name
+ * @return
+ */
public String getKdcHost() {
return conf.getString(KrbConfigKey.KDC_HOST);
}
- public short getKdcPort() {
+ /**
+ * Get KDC port, as both TCP and UDP ports
+ * @return
+ */
+ public int getKdcPort() {
Integer kdcPort = conf.getInt(KrbConfigKey.KDC_PORT);
return kdcPort.shortValue();
}
+ /**
+ * Get KDC TCP port
+ * @return
+ */
+ public int getKdcTcpPort() {
+ Integer kdcPort = conf.getInt(KrbConfigKey.KDC_TCP_PORT);
+ if (kdcPort > 0) {
+ return kdcPort.shortValue();
+ }
+ return getKdcPort();
+ }
+
+ /**
+ * Is to allow UDP for KDC
+ * @return true to allow UDP, false otherwise
+ */
+ public boolean allowKdcUdp() {
+ return conf.getBoolean(KrbConfigKey.KDC_ALLOW_UDP);
+ }
+
+ /**
+ * Get KDC UDP port
+ * @return
+ */
+ public int getKdcUdpPort() {
+ Integer kdcPort = conf.getInt(KrbConfigKey.KDC_UDP_PORT);
+ if (kdcPort > 0) {
+ return kdcPort.shortValue();
+ }
+ return getKdcPort();
+ }
+
public String getKdcRealm() {
return conf.getString(KrbConfigKey.KDC_REALM);
}
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfigKey.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfigKey.java
index 111cc67..bbd3623 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfigKey.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfigKey.java
@@ -25,6 +25,9 @@
KRB_DEBUG(true),
KDC_HOST("localhost"),
KDC_PORT(8015),
+ KDC_ALLOW_UDP(true),
+ KDC_UDP_PORT(8016),
+ KDC_TCP_PORT(8015),
KDC_DOMAIN("example.com"),
KDC_REALM("EXAMPLE.COM"),
TGS_PRINCIPAL("krbtgt@EXAMPLE.COM"),
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbContext.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbContext.java
index 12b155f..e9de501 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbContext.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbContext.java
@@ -27,7 +27,7 @@
private String kdcRealm;
private KrbConfig config;
private String kdcHost;
- private short kdcPort;
+ private int kdcPort;
private long timeout = 10L;
private PreauthHandler preauthHandler;
@@ -48,14 +48,14 @@
this.kdcHost = kdcHost;
}
- public short getKdcPort() {
+ public int getKdcPort() {
if (kdcPort > 0) {
return kdcPort;
}
return config.getKdcPort();
}
- public void setKdcPort(short kdcPort) {
+ public void setKdcPort(int kdcPort) {
this.kdcPort = kdcPort;
}
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbOptions.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbOptions.java
index 06bd361..b3333ca 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbOptions.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbOptions.java
@@ -24,7 +24,7 @@
public class KrbOptions {
- private Map<KrbOption, KrbOption> options = new HashMap<KrbOption, KrbOption>(4);
+ private final Map<KrbOption, KrbOption> options = new HashMap<KrbOption, KrbOption>(4);
public void add(KrbOption option) {
if (option != null) {
@@ -33,8 +33,10 @@
}
public void add(KrbOption option, Object optionValue) {
- option.setValue(optionValue);
- add(option);
+ if (option != null) {
+ option.setValue(optionValue);
+ add(option);
+ }
}
public boolean contains(KrbOption option) {
@@ -58,7 +60,7 @@
public String getStringOption(KrbOption option) {
Object value = getOptionValue(option);
- if (value != null && value instanceof String) {
+ if (value instanceof String) {
return (String) value;
}
return null;
@@ -66,30 +68,26 @@
public boolean getBooleanOption(KrbOption option) {
Object value = getOptionValue(option);
- if (value != null) {
- if (value instanceof String) {
- String strVal = (String) value;
- if (strVal.equalsIgnoreCase("true") ||
- strVal.equalsIgnoreCase("yes") ||
- strVal.equals("1")) {
- return true;
- }
- } else if (value instanceof Boolean) {
- return (Boolean) value;
+ if (value instanceof String) {
+ String strVal = (String) value;
+ if (strVal.equalsIgnoreCase("true") ||
+ strVal.equalsIgnoreCase("yes") ||
+ strVal.equals("1")) {
+ return true;
}
+ } else if (value instanceof Boolean) {
+ return (Boolean) value;
}
return false;
}
public int getIntegerOption(KrbOption option) {
Object value = getOptionValue(option);
- if (value != null) {
- if (value instanceof String) {
- String strVal = (String) value;
- return Integer.valueOf(strVal);
- } else if (value instanceof Integer) {
- return (Integer) value;
- }
+ if (value instanceof String) {
+ String strVal = (String) value;
+ return Integer.valueOf(strVal);
+ } else if (value instanceof Integer) {
+ return (Integer) value;
}
return -1;
}
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/PreauthContext.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/PreauthContext.java
index aa943e4..e622103 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/PreauthContext.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/PreauthContext.java
@@ -34,8 +34,8 @@
private UserResponser userResponser = new UserResponser();
private PaDataType selectedPaType;
private PaDataType allowedPaType;
- private List<PaDataType> triedPaTypes = new ArrayList<PaDataType>(1);
- private List<PreauthHandle> handles = new ArrayList<PreauthHandle>(5);
+ private final List<PaDataType> triedPaTypes = new ArrayList<PaDataType>(1);
+ private final List<PreauthHandle> handles = new ArrayList<PreauthHandle>(5);
public PreauthContext() {
this.selectedPaType = PaDataType.NONE;
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/PreauthHandler.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/PreauthHandler.java
index 39fe3a8..319179e 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/PreauthHandler.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/PreauthHandler.java
@@ -158,7 +158,7 @@
for (PaDataEntry pae : inPadata.getElements()) {
// Restrict real mechanisms to the chosen one if we have one
- if (real >0 && !preauthContext.isPaTypeAllowed(pae.getPaDataType())) {
+ if (real > 0 && !preauthContext.isPaTypeAllowed(pae.getPaDataType())) {
continue;
}
@@ -190,10 +190,11 @@
PaData inPadata, PaData outPadata) {
PreauthContext preauthContext = kdcRequest.getPreauthContext();
- PreauthHandle handle;
for (PaDataEntry pae : inPadata.getElements()) {
- handle = findHandle(kdcRequest, pae.getPaDataType());
- if (handle == null) continue;
+ PreauthHandle handle = findHandle(kdcRequest, pae.getPaDataType());
+ if (handle == null) {
+ continue;
+ }
boolean gotData = handle.tryAgain(kdcRequest,
pae.getPaDataType(), preauthContext.getErrorPaData(), outPadata);
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/UserResponser.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/UserResponser.java
index 695e111..eeaad10 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/UserResponser.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/UserResponser.java
@@ -24,7 +24,7 @@
public class UserResponser {
- private List<UserResponseItem> items = new ArrayList<UserResponseItem>(1);
+ private final List<UserResponseItem> items = new ArrayList<UserResponseItem>(1);
/**
* Let customize an interface like CMD or WEB UI to selectively respond all the questions
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/token/TokenContext.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/token/TokenContext.java
index e1696dc..f46956c 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/token/TokenContext.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/token/TokenContext.java
@@ -19,7 +19,7 @@
*/
package org.apache.kerby.kerberos.kerb.client.preauth.token;
-import org.apache.kerby.token.KerbToken;
+import org.apache.kerby.kerberos.kerb.spec.pa.token.KerbToken;
public class TokenContext {
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/token/TokenPreauth.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/token/TokenPreauth.java
index f67ad71..b912311 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/token/TokenPreauth.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/token/TokenPreauth.java
@@ -33,7 +33,7 @@
import org.apache.kerby.kerberos.kerb.spec.pa.PaData;
import org.apache.kerby.kerberos.kerb.spec.pa.PaDataEntry;
import org.apache.kerby.kerberos.kerb.spec.pa.PaDataType;
-import org.apache.kerby.token.KerbToken;
+import org.apache.kerby.kerberos.kerb.spec.pa.token.KerbToken;
import java.util.Collections;
import java.util.List;
diff --git a/kerby-kerb/kerb-client/src/main/resources/kdc-krb5.conf b/kerby-kerb/kerb-client/src/test/resources/kdc-krb5.conf
similarity index 100%
rename from kerby-kerb/kerb-client/src/main/resources/kdc-krb5.conf
rename to kerby-kerb/kerb-client/src/test/resources/kdc-krb5.conf
diff --git a/kerby-kerb/kerb-client/src/main/resources/kdc.ldiff b/kerby-kerb/kerb-client/src/test/resources/kdc.ldiff
similarity index 100%
rename from kerby-kerb/kerb-client/src/main/resources/kdc.ldiff
rename to kerby-kerb/kerb-client/src/test/resources/kdc.ldiff
diff --git a/kerby-kerb/kerb-client/src/main/resources/krb5.conf b/kerby-kerb/kerb-client/src/test/resources/krb5.conf
similarity index 100%
rename from kerby-kerb/kerb-client/src/main/resources/krb5.conf
rename to kerby-kerb/kerb-client/src/test/resources/krb5.conf
diff --git a/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/test/TestKerberos.java b/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/test/TestKerberos.java
index 42e5feb..c8c7f0f 100644
--- a/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/test/TestKerberos.java
+++ b/kerby-kerb/kerb-core-test/src/test/java/org/apache/kerby/kerberos/kerb/codec/test/TestKerberos.java
@@ -21,6 +21,7 @@
import org.apache.kerby.kerberos.kerb.codec.kerberos.KerberosTicket;
import org.apache.kerby.kerberos.kerb.codec.kerberos.KerberosToken;
+import org.apache.kerby.kerberos.kerb.crypto.EncryptionHandler;
import org.apache.kerby.kerberos.kerb.spec.common.EncryptionKey;
import org.junit.Before;
import org.junit.Test;
@@ -138,6 +139,10 @@
@Test
public void testAes256Ticket() throws Exception {
+ if(!EncryptionHandler.isAES256Enabled()) {
+ return;
+ }
+
KerberosToken token = null;
token = new KerberosToken(aes256Token, aes256Key);
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/common/CheckSumType.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/common/CheckSumType.java
index b7be286..ef25212 100644
--- a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/common/CheckSumType.java
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/common/CheckSumType.java
@@ -91,6 +91,14 @@
return displayName;
}
+ /**
+ * Is the type uses AES256 or not
+ * @return true if uses AES256, false otherwise.
+ */
+ public boolean usesAES256() {
+ return name.contains("aes256");
+ }
+
public static CheckSumType fromValue(Integer value) {
if (value != null) {
for (KrbEnum e : values()) {
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/common/EncryptionType.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/common/EncryptionType.java
index 45c2427..58ee648 100644
--- a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/common/EncryptionType.java
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/common/EncryptionType.java
@@ -108,6 +108,14 @@
return displayName;
}
+ /**
+ * Is the type uses AES256 or not
+ * @return true if uses AES256, false otherwise.
+ */
+ public boolean usesAES256() {
+ return name.contains("aes256");
+ }
+
public static EncryptionType fromValue(Integer value) {
if (value != null) {
for (KrbEnum e : values()) {
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/token/KerbToken.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/token/KerbToken.java
new file mode 100644
index 0000000..360c979
--- /dev/null
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/spec/pa/token/KerbToken.java
@@ -0,0 +1,50 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.spec.pa.token;
+
+import java.util.Map;
+
+/**
+ * This is the token definition according to TokenPreauth draft.
+ */
+public class KerbToken {
+
+ private Map<String, Object> attributes;
+
+ public KerbToken(Map<String, Object> attributes) {
+ this.attributes = attributes;
+ }
+
+ public Map<String, Object> getAttributes() {
+ return attributes;
+ }
+
+ public String getPrincipal() {
+ return (String) attributes.get("sub");
+ }
+
+ public String[] getGroups() {
+ String grp = (String) attributes.get("group");
+ if (grp != null) {
+ return new String[] { grp };
+ }
+ return new String[0];
+ }
+}
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/AbstractCryptoTypeHandler.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/AbstractCryptoTypeHandler.java
index 71103c5..1a809a7 100644
--- a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/AbstractCryptoTypeHandler.java
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/AbstractCryptoTypeHandler.java
@@ -51,15 +51,19 @@
protected static boolean checksumEqual(byte[] cksum1,
byte[] cksum2, int cksum2Start, int len) {
- if (cksum1 == cksum2)
+ if (cksum1 == cksum2) {
return true;
- if (cksum1 == null || cksum2 == null)
+ }
+ if (cksum1 == null || cksum2 == null) {
return false;
+ }
if (len <= cksum2.length && len <= cksum1.length) {
- for (int i = 0; i < len; i++)
- if (cksum1[i] != cksum2[cksum2Start + i])
+ for (int i = 0; i < len; i++) {
+ if (cksum1[i] != cksum2[cksum2Start + i]) {
return false;
+ }
+ }
} else {
return false;
}
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/EncryptionHandler.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/EncryptionHandler.java
index e645a32..aece35b 100644
--- a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/EncryptionHandler.java
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/EncryptionHandler.java
@@ -19,6 +19,8 @@
*/
package org.apache.kerby.kerberos.kerb.crypto;
+import javax.crypto.Cipher;
+
import org.apache.kerby.kerberos.kerb.KrbErrorCode;
import org.apache.kerby.kerberos.kerb.crypto.enc.*;
import org.apache.kerby.kerberos.kerb.KrbException;
@@ -32,6 +34,21 @@
*/
public class EncryptionHandler {
+ private static boolean isAES256Enabled = false;
+
+ static {
+ try {
+ isAES256Enabled = Cipher.getMaxAllowedKeyLength("AES") >= 256;
+ } catch (Exception e) {
+ // should not happen
+ }
+
+ }
+
+ public static boolean isAES256Enabled() {
+ return isAES256Enabled;
+ }
+
public static EncryptionType getEncryptionType(String eType) throws KrbException {
EncryptionType result = EncryptionType.fromName(eType);
return result;
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/CmacKcCheckSum.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/CmacKcCheckSum.java
index 6a51d29..90f676f 100644
--- a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/CmacKcCheckSum.java
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/CmacKcCheckSum.java
@@ -30,7 +30,6 @@
}
protected byte[] mac(byte[] Kc, byte[] data, int start, int len) throws KrbException {
- byte[] mac = Cmac.cmac(encProvider(), Kc, data, start, len);
- return mac;
+ return Cmac.cmac(encProvider(), Kc, data, start, len);
}
}
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacKcCheckSum.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacKcCheckSum.java
index 03b8c0b..3f2fd84 100644
--- a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacKcCheckSum.java
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacKcCheckSum.java
@@ -31,7 +31,6 @@
}
protected byte[] mac(byte[] Kc, byte[] data, int start, int len) throws KrbException {
- byte[] hmac = Hmac.hmac(hashProvider(), Kc, data, start, len);
- return hmac;
+ return Hmac.hmac(hashProvider(), Kc, data, start, len);
}
}
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacMd5Rc4CheckSum.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacMd5Rc4CheckSum.java
index 3123f71..6a588b1 100644
--- a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacMd5Rc4CheckSum.java
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/HmacMd5Rc4CheckSum.java
@@ -55,11 +55,10 @@
protected byte[] doChecksumWithKey(byte[] data, int start, int len,
byte[] key, int usage) throws KrbException {
- byte[] Ksign = null;
byte[] signKey = "signaturekey".getBytes();
byte[] newSignKey = new byte[signKey.length + 1];
System.arraycopy(signKey, 0, newSignKey, 0, signKey.length);
- Ksign = Hmac.hmac(hashProvider(), key, newSignKey);
+ byte[] Ksign = Hmac.hmac(hashProvider(), key, newSignKey);
byte[] salt = Rc4.getSalt(usage, false);
@@ -67,7 +66,6 @@
hashProvider().hash(data, start, len);
byte[] hashTmp = hashProvider().output();
- byte[] hmac = Hmac.hmac(hashProvider(), Ksign, hashTmp);
- return hmac;
+ return Hmac.hmac(hashProvider(), Ksign, hashTmp);
}
}
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/KcCheckSum.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/KcCheckSum.java
index 2e7db3b..9550c08 100644
--- a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/KcCheckSum.java
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/KcCheckSum.java
@@ -34,14 +34,12 @@
@Override
protected byte[] doChecksumWithKey(byte[] data, int start, int len,
byte[] key, int usage) throws KrbException {
- byte[] Kc;
byte[] constant = new byte[5];
BytesUtil.int2bytes(usage, constant, 0, true);
constant[4] = (byte) 0x99;
- Kc = ((DkKeyMaker) keyMaker()).dk(key, constant);
+ byte[] Kc = ((DkKeyMaker) keyMaker()).dk(key, constant);
- byte[] mac = mac(Kc, data, start, len);
- return mac;
+ return mac(Kc, data, start, len);
}
protected abstract byte[] mac(byte[] Kc, byte[] data, int start,
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/Md5HmacRc4CheckSum.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/Md5HmacRc4CheckSum.java
index 038631e..26f9e9d 100644
--- a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/Md5HmacRc4CheckSum.java
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/cksum/Md5HmacRc4CheckSum.java
@@ -63,7 +63,6 @@
hashProvider().hash(data, start, len);
byte[] hashTmp = hashProvider().output();
- byte[] hmac = Hmac.hmac(hashProvider(), Ksign, hashTmp);
- return hmac;
+ return Hmac.hmac(hashProvider(), Ksign, hashTmp);
}
}
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/AbstractEncTypeHandler.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/AbstractEncTypeHandler.java
index 99828c8..9708de7 100644
--- a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/AbstractEncTypeHandler.java
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/AbstractEncTypeHandler.java
@@ -123,7 +123,7 @@
byte[] workBuffer = new byte[workLength];
System.arraycopy(data, 0, workBuffer, headerLen, data.length);
- int [] workLens = new int[] {confounderLen, checksumLen,
+ int[] workLens = new int[] {confounderLen, checksumLen,
inputLen, paddingLen};
encryptWith(workBuffer, workLens, key, iv, usage);
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/KeKiEnc.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/KeKiEnc.java
index b1bc7dc..9f2e5ec 100644
--- a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/KeKiEnc.java
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/KeKiEnc.java
@@ -47,16 +47,16 @@
int inputLen = workLens[2];
int paddingLen = workLens[3];
- byte[] Ke, Ki;
byte[] constant = new byte[5];
constant[0] = (byte) ((usage>>24)&0xff);
constant[1] = (byte) ((usage>>16)&0xff);
constant[2] = (byte) ((usage>>8)&0xff);
constant[3] = (byte) (usage&0xff);
constant[4] = (byte) 0xaa;
- Ke = ((DkKeyMaker) keyMaker()).dk(key, constant);
+
+ byte[] Ke = ((DkKeyMaker) keyMaker()).dk(key, constant);
constant[4] = (byte) 0x55;
- Ki = ((DkKeyMaker) keyMaker()).dk(key, constant);
+ byte[] Ki = ((DkKeyMaker) keyMaker()).dk(key, constant);
/**
* Instead of E(Confounder | Checksum | Plaintext | Padding),
@@ -79,8 +79,7 @@
}
// checksum & encrypt
- byte[] checksum;
- checksum = makeChecksum(Ki, tmpEnc, checksumLen);
+ byte[] checksum = makeChecksum(Ki, tmpEnc, checksumLen);
encProvider().encrypt(Ke, iv, tmpEnc);
System.arraycopy(tmpEnc, 0, workBuffer, 0, tmpEnc.length);
@@ -94,13 +93,12 @@
int checksumLen = workLens[1];
int dataLen = workLens[2];
- byte[] Ke, Ki;
byte[] constant = new byte[5];
BytesUtil.int2bytes(usage, constant, 0, true);
constant[4] = (byte) 0xaa;
- Ke = ((DkKeyMaker) keyMaker()).dk(key, constant);
+ byte[] Ke = ((DkKeyMaker) keyMaker()).dk(key, constant);
constant[4] = (byte) 0x55;
- Ki = ((DkKeyMaker) keyMaker()).dk(key, constant);
+ byte[] Ki = ((DkKeyMaker) keyMaker()).dk(key, constant);
// decrypt and verify checksum
@@ -111,9 +109,8 @@
System.arraycopy(workBuffer, confounderLen + dataLen,
checksum, 0, checksumLen);
- byte[] newChecksum;
encProvider().decrypt(Ke, iv, tmpEnc);
- newChecksum = makeChecksum(Ki, tmpEnc, checksumLen);
+ byte[] newChecksum = makeChecksum(Ki, tmpEnc, checksumLen);
if (! checksumEqual(checksum, newChecksum)) {
throw new KrbException(KrbErrorCode.KRB_AP_ERR_BAD_INTEGRITY);
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/Rc4HmacEnc.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/Rc4HmacEnc.java
index 9d9e90d..1347fc9 100644
--- a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/Rc4HmacEnc.java
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/Rc4HmacEnc.java
@@ -97,8 +97,7 @@
protected byte[] makeUsageKey(byte[] key, int usage) throws KrbException {
byte[] salt = Rc4.getSalt(usage, exportable);
- byte[] usageKey = Hmac.hmac(hashProvider(), key, salt);
- return usageKey;
+ return Hmac.hmac(hashProvider(), key, salt);
}
protected byte[] makeEncKey(byte[] usageKey, byte[] checksum) throws KrbException {
@@ -111,8 +110,7 @@
}
}
- byte[] encKey = Hmac.hmac(hashProvider(), tmpKey, checksum);
- return encKey;
+ return Hmac.hmac(hashProvider(), tmpKey, checksum);
}
@Override
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/provider/DesProvider.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/provider/DesProvider.java
index 0a03027..75a1cde 100644
--- a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/provider/DesProvider.java
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/enc/provider/DesProvider.java
@@ -22,8 +22,6 @@
import org.apache.kerby.kerberos.kerb.KrbException;
import javax.crypto.Cipher;
-import javax.crypto.SecretKey;
-import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import java.security.GeneralSecurityException;
@@ -47,10 +45,7 @@
IvParameterSpec params = new IvParameterSpec(cipherState);
SecretKeySpec skSpec = new SecretKeySpec(key, "DES");
try {
- SecretKeyFactory skf = SecretKeyFactory.getInstance("DES");
- SecretKey sk = (SecretKey) skSpec;
-
- cipher.init(encrypt ? Cipher.ENCRYPT_MODE : Cipher.DECRYPT_MODE, sk, params);
+ cipher.init(encrypt ? Cipher.ENCRYPT_MODE : Cipher.DECRYPT_MODE, skSpec, params);
byte[] output = cipher.doFinal(input);
System.arraycopy(output, 0, input, 0, output.length);
@@ -74,13 +69,10 @@
byte[] output = null;
try {
- SecretKeyFactory skf = SecretKeyFactory.getInstance("DES");
- // SecretKey sk = skf.generateSecret(skSpec);
- SecretKey sk = (SecretKey) skSpec;
- cipher.init(Cipher.ENCRYPT_MODE, sk, params);
+ cipher.init(Cipher.ENCRYPT_MODE, skSpec, params);
for (int i = 0; i < data.length / 8; i++) {
output = cipher.doFinal(data, i * 8, 8);
- cipher.init(Cipher.ENCRYPT_MODE, sk, (new IvParameterSpec(output)));
+ cipher.init(Cipher.ENCRYPT_MODE, skSpec, (new IvParameterSpec(output)));
}
}
catch (GeneralSecurityException e) {
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/key/AesKeyMaker.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/key/AesKeyMaker.java
index f777a12..7f1ac1f 100644
--- a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/key/AesKeyMaker.java
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/key/AesKeyMaker.java
@@ -57,9 +57,7 @@
}
byte[] tmpKey = random2Key(random);
- byte[] result = dk(tmpKey, KERBEROS_CONSTANT);
-
- return result;
+ return dk(tmpKey, KERBEROS_CONSTANT);
}
}
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/key/CamelliaKeyMaker.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/key/CamelliaKeyMaker.java
index a790a38..83f6f59 100644
--- a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/key/CamelliaKeyMaker.java
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/key/CamelliaKeyMaker.java
@@ -59,15 +59,12 @@
}
byte[] tmpKey = random2Key(random);
- byte[] result = dk(tmpKey, KERBEROS_CONSTANT);
-
- return result;
+ return dk(tmpKey, KERBEROS_CONSTANT);
}
private String getPepper() {
int keySize = encProvider().keySize();
- String pepper = keySize == 16 ? "camellia128-cts-cmac" : "camellia256-cts-cmac";
- return pepper;
+ return keySize == 16 ? "camellia128-cts-cmac" : "camellia256-cts-cmac";
}
/*
@@ -79,7 +76,6 @@
int blocksize = encProvider().blockSize();
int keyInuptSize = encProvider().keyInputSize();
byte[] keyBytes = new byte[keyInuptSize];
- byte[] Ki;
int len = 0;
// K(i-1): the previous block of PRF output, initially all-zeros.
@@ -93,18 +89,16 @@
// four-byte big-endian binary string giving the output length
len += 4;
- Ki = new byte[len];
+ byte[] Ki = new byte[len];
System.arraycopy(constant, 0, Ki, blocksize + 4, constant.length);
BytesUtil.int2bytes(keyInuptSize * 8, Ki, len - 4, true);
- int i, n = 0;
- byte[] tmp;
- for (i = 1, n = 0; n < keyInuptSize; i++) {
+ for (int i = 1, n = 0; n < keyInuptSize; i++) {
// Update the block counter
BytesUtil.int2bytes(i, Ki, blocksize, true);
// Compute a CMAC checksum, update Ki with the result
- tmp = Cmac.cmac(encProvider(), key, Ki);
+ byte[] tmp = Cmac.cmac(encProvider(), key, Ki);
System.arraycopy(tmp, 0, Ki, 0, blocksize);
if (n + blocksize >= keyInuptSize) {
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/key/Des3KeyMaker.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/key/Des3KeyMaker.java
index 363eb29..28c29ac 100644
--- a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/key/Des3KeyMaker.java
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/key/Des3KeyMaker.java
@@ -49,11 +49,9 @@
* 8 key bytes, then compute the parity bits. Do this three times.
*/
byte[] key = new byte[encProvider().keySize()];
- int nthByte;
- int tmp;
for (int i = 0; i < 3; i++) {
System.arraycopy(randomBits, i * 7, key, i * 8, 7);
- nthByte = i * 8;
+ int nthByte = i * 8;
key[nthByte + 7] = (byte) (((key[nthByte + 0] & 1) << 1) |
((key[nthByte + 1] & 1) << 2) |
@@ -64,7 +62,7 @@
((key[nthByte + 6] & 1) << 7));
for (int j = 0; j < 8; j++) {
- tmp = key[nthByte + j] & 0xfe;
+ int tmp = key[nthByte + j] & 0xfe;
tmp |= (Integer.bitCount(tmp) & 1) ^ 1;
key[nthByte + j] = (byte) tmp;
}
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/key/DesKeyMaker.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/key/DesKeyMaker.java
index daf15c2..d8e01d9 100644
--- a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/key/DesKeyMaker.java
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/key/DesKeyMaker.java
@@ -52,8 +52,7 @@
throw new KrbException(error);
}
- byte[] key = toKey(string, salt);
- return key;
+ return toKey(string, salt);
}
/**
@@ -233,7 +232,6 @@
=>
11000001 00011111 00111000 01101000 10001010 11001000 01101101 00101111
*/
- byte bt;
for (int i = 0; i < 8; i++) {
bits56[i] <<= 1;
}
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/key/DkKeyMaker.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/key/DkKeyMaker.java
index ad38932..c279d7a 100644
--- a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/key/DkKeyMaker.java
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/key/DkKeyMaker.java
@@ -55,7 +55,7 @@
System.arraycopy(constant, 0, Ki, 0, constant.length);
}
- int n = 0, len;
+ int n = 0;
while (n < keyInuptSize) {
encProvider().encrypt(key, Ki);
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/util/BytesUtil.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/util/BytesUtil.java
index 1c58293..c85d8c5 100644
--- a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/util/BytesUtil.java
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/util/BytesUtil.java
@@ -162,21 +162,19 @@
}
public static void xor(byte[] input, int offset, byte[] output) {
- int a, b;
for (int i = 0; i < output.length / 4; ++i) {
- a = BytesUtil.bytes2int(input, offset + i * 4, true);
- b = BytesUtil.bytes2int(output, i * 4, true);
+ int a = BytesUtil.bytes2int(input, offset + i * 4, true);
+ int b = BytesUtil.bytes2int(output, i * 4, true);
b = a ^ b;
BytesUtil.int2bytes(b, output, i * 4, true);
}
}
public static void xor(byte[] a, byte[] b, byte[] output) {
- int av, bv, v;
for (int i = 0; i < a.length / 4; ++i) {
- av = BytesUtil.bytes2int(a, i * 4, true);
- bv = BytesUtil.bytes2int(b, i * 4, true);
- v = av ^ bv;
+ int av = BytesUtil.bytes2int(a, i * 4, true);
+ int bv = BytesUtil.bytes2int(b, i * 4, true);
+ int v = av ^ bv;
BytesUtil.int2bytes(v, output, i * 4, true);
}
}
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/util/Crc32.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/util/Crc32.java
index 5807429..c12fe2a 100644
--- a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/util/Crc32.java
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/util/Crc32.java
@@ -67,9 +67,8 @@
public static long crc(long initial, byte[] data, int start, int len) {
long c = initial;
- int idx;
for (int i = 0; i < len; i++) {
- idx = (int) ((data[start + i] ^ c) & 0xff);
+ int idx = (int) ((data[start + i] ^ c) & 0xff);
c = ((c & 0xffffffffL) >>> 8) ^ table[idx]; // why?
}
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/util/Hmac.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/util/Hmac.java
index cebb3a1..45f8951 100644
--- a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/util/Hmac.java
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/util/Hmac.java
@@ -76,7 +76,6 @@
hashProvider.hash(outerPaddedKey);
hashProvider.hash(tmp);
- tmp = hashProvider.output();
- return tmp;
+ return hashProvider.output();
}
}
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/util/Nfold.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/util/Nfold.java
index 4d9bcba..82c9aac 100644
--- a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/util/Nfold.java
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/util/Nfold.java
@@ -45,32 +45,29 @@
int inBytesNum = inBytes.length; // count inBytes byte
int outBytesNum = size; // count inBytes byte
- int a, b, c, lcm;
- a = outBytesNum;
- b = inBytesNum;
+ int a = outBytesNum;
+ int b = inBytesNum;
while (b != 0) {
- c = b;
+ int c = b;
b = a % b;
a = c;
}
- lcm = (outBytesNum * inBytesNum) / a;
+ int lcm = (outBytesNum * inBytesNum) / a;
byte[] outBytes = new byte[outBytesNum];
Arrays.fill(outBytes, (byte)0);
int tmpByte = 0;
- int msbit, i, tmp;
-
- for (i = lcm-1; i >= 0; i--) {
+ for (int i = lcm - 1; i >= 0; i--) {
// first, start with the msbit inBytes the first, unrotated byte
- tmp = ((inBytesNum<<3)-1);
+ int tmp = ((inBytesNum<<3)-1);
// then, for each byte, shift to the right for each repetition
tmp += (((inBytesNum<<3)+13)*(i/inBytesNum));
// last, pick outBytes the correct byte within that shifted repetition
tmp += ((inBytesNum-(i%inBytesNum)) << 3);
- msbit = tmp % (inBytesNum << 3);
+ int msbit = tmp % (inBytesNum << 3);
// pull outBytes the byte value itself
tmp = ((((inBytes[((inBytesNum - 1)-(msbit >>> 3)) % inBytesNum] & 0xff) << 8) |
@@ -88,7 +85,7 @@
// if there's a carry bit left over, add it back inBytes
if (tmpByte != 0) {
- for (i = outBytesNum-1; i >= 0; i--) {
+ for (int i = outBytesNum-1; i >= 0; i--) {
// do the addition
tmpByte += (outBytes[i] & 0xff);
outBytes[i] = (byte) (tmpByte & 0xff);
diff --git a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/util/Pbkdf.java b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/util/Pbkdf.java
index 7dac089..646fc79 100644
--- a/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/util/Pbkdf.java
+++ b/kerby-kerb/kerb-crypto/src/main/java/org/apache/kerby/kerberos/kerb/crypto/util/Pbkdf.java
@@ -33,8 +33,6 @@
SecretKeyFactory skf =
SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
SecretKey key = skf.generateSecret(ks);
- byte[] result = key.getEncoded();
-
- return result;
+ return key.getEncoded();
}
}
diff --git a/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/CamelliaEncTest.java b/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/CamelliaEncTest.java
index a84652d..7ebdb05 100644
--- a/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/CamelliaEncTest.java
+++ b/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/CamelliaEncTest.java
@@ -70,7 +70,7 @@
outputs.add("==========");
List<String> newLines = expectedLines;
- assertThat(expectedLines).as("Comparing new lines with expected lines").isEqualTo(outputs);
+ assertThat(newLines).as("Comparing new lines with expected lines").isEqualTo(outputs);
}
private void testWith(int keySize) throws KrbException {
diff --git a/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/CheckSumTest.java b/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/CheckSumTest.java
index c47d9d4..89246e3 100644
--- a/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/CheckSumTest.java
+++ b/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/CheckSumTest.java
@@ -71,7 +71,6 @@
private void testWith(CksumTest testCase) throws Exception {
byte[] knownChecksum = HexUtil.hex2bytes(testCase.knownChecksum);
byte[] plainData = testCase.plainText.getBytes();
- CheckSum newCksum;
if (! CheckSumHandler.isImplemented(testCase.cksumType)) {
System.err.println("Checksum type not supported yet: "
@@ -81,7 +80,7 @@
EncryptionKey key = new EncryptionKey(EncryptionType.DES_CBC_CRC, TESTKEY);
- newCksum = CheckSumHandler.checksumWithKey(testCase.cksumType, plainData, key.getKeyData(), KeyUsage.NONE);
+ CheckSum newCksum = CheckSumHandler.checksumWithKey(testCase.cksumType, plainData, key.getKeyData(), KeyUsage.NONE);
if (CheckSumHandler.verifyWithKey(newCksum, plainData, key.getKeyData(), KeyUsage.NONE)) {
System.err.println("Checksum verifying is OK for " + testCase.cksumType.getName());
diff --git a/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/CheckSumsTest.java b/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/CheckSumsTest.java
index 796cc11..4739cfd 100644
--- a/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/CheckSumsTest.java
+++ b/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/CheckSumsTest.java
@@ -111,6 +111,10 @@
@Test
public void testCheckSums_HMAC_SHA1_96_AES256() throws Exception {
+ if(!EncryptionHandler.isAES256Enabled()) {
+ return;
+ }
+
performTest(new CksumTest(
"fourteen",
CheckSumType.HMAC_SHA1_96_AES256, EncryptionType.AES256_CTS_HMAC_SHA1_96, 4,
diff --git a/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/CmacTest.java b/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/CmacTest.java
index e210709..f8f7a39 100644
--- a/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/CmacTest.java
+++ b/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/CmacTest.java
@@ -66,10 +66,9 @@
byte[] key = HexUtil.hex2bytes(keyBytes);
byte[] input = HexUtil.hex2bytes(inputBytes);
EncryptProvider encProvider = new Camellia128Provider();
- byte[] result;
// test 1
- result = Cmac.cmac(encProvider, key, input, 0, 0);
+ byte[] result = Cmac.cmac(encProvider, key, input, 0, 0);
assertThat(result).as("Test 1").isEqualTo(HexUtil.hex2bytes(cmac1));
// test 2
diff --git a/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/DecryptionTest.java b/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/DecryptionTest.java
index 6f766ec..e688803 100644
--- a/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/DecryptionTest.java
+++ b/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/DecryptionTest.java
@@ -712,6 +712,10 @@
*/
@Test
public void testDecryptAES256_CTS_HMAC_SHA1_96_0() {
+ if(!EncryptionHandler.isAES256Enabled()) {
+ return;
+ }
+
TestCase testCase = new TestCase(
EncryptionType.AES256_CTS_HMAC_SHA1_96,
"", 0,
@@ -730,6 +734,10 @@
*/
@Test
public void testDecryptAES256_CTS_HMAC_SHA1_96_1() {
+ if(!EncryptionHandler.isAES256Enabled()) {
+ return;
+ }
+
TestCase testCase = new TestCase(
EncryptionType.AES256_CTS_HMAC_SHA1_96,
"1", 1,
@@ -748,6 +756,10 @@
*/
@Test
public void testDecryptAES256_CTS_HMAC_SHA1_96_9() {
+ if(!EncryptionHandler.isAES256Enabled()) {
+ return;
+ }
+
TestCase testCase = new TestCase(
EncryptionType.AES256_CTS_HMAC_SHA1_96,
"9 bytesss", 2,
@@ -767,6 +779,9 @@
*/
@Test
public void testDecryptAES256_CTS_HMAC_SHA1_96_13() {
+ if(!EncryptionHandler.isAES256Enabled()) {
+ return;
+ }
TestCase testCase = new TestCase(
EncryptionType.AES256_CTS_HMAC_SHA1_96,
"13 bytes byte", 3,
@@ -786,6 +801,10 @@
*/
@Test
public void testDecryptAES256_CTS_HMAC_SHA1_96_30() {
+ if(!EncryptionHandler.isAES256Enabled()) {
+ return;
+ }
+
TestCase testCase = new TestCase(
EncryptionType.AES256_CTS_HMAC_SHA1_96,
"30 bytes bytes bytes bytes byt", 4,
diff --git a/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/KeyDeriveTest.java b/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/KeyDeriveTest.java
index e2932b5..cf36588 100644
--- a/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/KeyDeriveTest.java
+++ b/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/KeyDeriveTest.java
@@ -52,125 +52,186 @@
}
}
- static TestCase[] testCases = new TestCase[] {
- /* Kc, Ke, Kei for a DES3 key */
- new TestCase(
- EncryptionType.DES3_CBC_SHA1,
- "850BB51358548CD05E86768C313E3BFE" +
- "F7511937DCF72C3E",
- "0000000299",
- "F78C496D16E6C2DAE0E0B6C24057A84C" +
- "0426AEEF26FD6DCE"
- ),
- new TestCase(
- EncryptionType.DES3_CBC_SHA1,
- "850BB51358548CD05E86768C313E3BFE" +
- "F7511937DCF72C3E",
- "00000002AA",
- "5B5723D0B634CB684C3EBA5264E9A70D" +
- "52E683231AD3C4CE"
- ),
- new TestCase(
- EncryptionType.DES3_CBC_SHA1,
- "850BB51358548CD05E86768C313E3BFE" +
- "F7511937DCF72C3E",
- "0000000255",
- "A77C94980E9B7345A81525C423A737CE" +
- "67F4CD91B6B3DA45"
- ),
+ @Test
+ public void testKeyDerive_DES3_CBC_SHA1_299() throws Exception {
+ performTest(new TestCase(
+ EncryptionType.DES3_CBC_SHA1,
+ "850BB51358548CD05E86768C313E3BFE" +
+ "F7511937DCF72C3E",
+ "0000000299",
+ "F78C496D16E6C2DAE0E0B6C24057A84C" +
+ "0426AEEF26FD6DCE"
+ ));
+ }
+
+ @Test
+ public void testKeyDerive_DES3_CBC_SHA1_2AA() throws Exception {
+ performTest(new TestCase(
+ EncryptionType.DES3_CBC_SHA1,
+ "850BB51358548CD05E86768C313E3BFE" +
+ "F7511937DCF72C3E",
+ "00000002AA",
+ "5B5723D0B634CB684C3EBA5264E9A70D" +
+ "52E683231AD3C4CE"
+ ));
- /* Kc, Ke, Ki for an AES-128 key */
- new TestCase(
- EncryptionType.AES128_CTS_HMAC_SHA1_96,
- "42263C6E89F4FC28B8DF68EE09799F15",
- "0000000299",
- "34280A382BC92769B2DA2F9EF066854B"
- ),
- new TestCase(
- EncryptionType.AES128_CTS_HMAC_SHA1_96,
- "42263C6E89F4FC28B8DF68EE09799F15",
- "00000002AA",
- "5B14FC4E250E14DDF9DCCF1AF6674F53"
- ),
- new TestCase(
- EncryptionType.AES128_CTS_HMAC_SHA1_96,
- "42263C6E89F4FC28B8DF68EE09799F15",
- "0000000255",
- "4ED31063621684F09AE8D89991AF3E8F"
- ),
+ }
+
+ @Test
+ public void testKeyDerive_DES3_CBC_SHA1_255() throws Exception {
+ performTest(new TestCase(
+ EncryptionType.DES3_CBC_SHA1,
+ "850BB51358548CD05E86768C313E3BFE" +
+ "F7511937DCF72C3E",
+ "0000000255",
+ "A77C94980E9B7345A81525C423A737CE" +
+ "67F4CD91B6B3DA45"
+ ));
+ }
+
+ @Test
+ public void testKeyDerive_AES128_CTS_HMAC_SHA1_96_299() throws Exception {
+ performTest(new TestCase(
+ EncryptionType.AES128_CTS_HMAC_SHA1_96,
+ "42263C6E89F4FC28B8DF68EE09799F15",
+ "0000000299",
+ "34280A382BC92769B2DA2F9EF066854B"
+ ));
+ }
+
+ @Test
+ public void testKeyDerive_AES128_CTS_HMAC_SHA1_96_2AA() throws Exception {
+ performTest(new TestCase(
+ EncryptionType.AES128_CTS_HMAC_SHA1_96,
+ "42263C6E89F4FC28B8DF68EE09799F15",
+ "00000002AA",
+ "5B14FC4E250E14DDF9DCCF1AF6674F53"
+ ));
+ }
+
+ @Test
+ public void testKeyDerive_AES128_CTS_HMAC_SHA1_96_255() throws Exception {
+ performTest(new TestCase(
+ EncryptionType.AES128_CTS_HMAC_SHA1_96,
+ "42263C6E89F4FC28B8DF68EE09799F15",
+ "0000000255",
+ "4ED31063621684F09AE8D89991AF3E8F"
+ ));
+ }
+
+ @Test
+ public void testKeyDerive_AES256_CTS_HMAC_SHA1_96_299() throws Exception {
+ if(!EncryptionHandler.isAES256Enabled()) {
+ return;
+ }
- /* Kc, Ke, Ki for an AES-256 key */
- new TestCase(
- EncryptionType.AES256_CTS_HMAC_SHA1_96,
- "FE697B52BC0D3CE14432BA036A92E65B" +
- "BB52280990A2FA27883998D72AF30161",
- "0000000299",
- "BFAB388BDCB238E9F9C98D6A878304F0" +
- "4D30C82556375AC507A7A852790F4674"
- ),
- new TestCase(
- EncryptionType.AES256_CTS_HMAC_SHA1_96,
- "FE697B52BC0D3CE14432BA036A92E65B" +
- "BB52280990A2FA27883998D72AF30161",
- "00000002AA",
- "C7CFD9CD75FE793A586A542D87E0D139" +
- "6F1134A104BB1A9190B8C90ADA3DDF37"
- ),
- new TestCase(
- EncryptionType.AES256_CTS_HMAC_SHA1_96,
- "FE697B52BC0D3CE14432BA036A92E65B" +
- "BB52280990A2FA27883998D72AF30161",
- "0000000255",
- "97151B4C76945063E2EB0529DC067D97" +
- "D7BBA90776D8126D91F34F3101AEA8BA"
- ),
+ performTest(new TestCase(
+ EncryptionType.AES256_CTS_HMAC_SHA1_96,
+ "FE697B52BC0D3CE14432BA036A92E65B" +
+ "BB52280990A2FA27883998D72AF30161",
+ "0000000299",
+ "BFAB388BDCB238E9F9C98D6A878304F0" +
+ "4D30C82556375AC507A7A852790F4674"
+ ));
+ }
+
+ @Test
+ public void testKeyDerive_AES256_CTS_HMAC_SHA1_96_2AA() throws Exception {
+ if(!EncryptionHandler.isAES256Enabled()) {
+ return;
+ }
- /* Kc, Ke, Ki for a Camellia-128 key */
- new TestCase(
- EncryptionType.CAMELLIA128_CTS_CMAC,
- "57D0297298FFD9D35DE5A47FB4BDE24B",
- "0000000299",
- "D155775A209D05F02B38D42A389E5A56"
- ),
- new TestCase(
- EncryptionType.CAMELLIA128_CTS_CMAC,
- "57D0297298FFD9D35DE5A47FB4BDE24B",
- "00000002AA",
- "64DF83F85A532F17577D8C37035796AB"
- ),
- new TestCase(
- EncryptionType.CAMELLIA128_CTS_CMAC,
- "57D0297298FFD9D35DE5A47FB4BDE24B",
- "0000000255",
- "3E4FBDF30FB8259C425CB6C96F1F4635"
- ),
+ performTest(new TestCase(
+ EncryptionType.AES256_CTS_HMAC_SHA1_96,
+ "FE697B52BC0D3CE14432BA036A92E65B" +
+ "BB52280990A2FA27883998D72AF30161",
+ "00000002AA",
+ "C7CFD9CD75FE793A586A542D87E0D139" +
+ "6F1134A104BB1A9190B8C90ADA3DDF37"
+ ));
+ }
+
+ @Test
+ public void testKeyDerive_AES256_CTS_HMAC_SHA1_96_255() throws Exception {
+ if(!EncryptionHandler.isAES256Enabled()) {
+ return;
+ }
- /* Kc, Ke, Ki for a Camellia-256 key */
- new TestCase(
- EncryptionType.CAMELLIA256_CTS_CMAC,
- "B9D6828B2056B7BE656D88A123B1FAC6" +
- "8214AC2B727ECF5F69AFE0C4DF2A6D2C",
- "0000000299",
- "E467F9A9552BC7D3155A6220AF9C1922" +
- "0EEED4FF78B0D1E6A1544991461A9E50"
- ),
- new TestCase(
- EncryptionType.CAMELLIA256_CTS_CMAC,
- "B9D6828B2056B7BE656D88A123B1FAC6" +
- "8214AC2B727ECF5F69AFE0C4DF2A6D2C",
- "00000002AA",
- "412AEFC362A7285FC3966C6A5181E760" +
- "5AE675235B6D549FBFC9AB6630A4C604"
- ),
- new TestCase(
- EncryptionType.CAMELLIA256_CTS_CMAC,
- "B9D6828B2056B7BE656D88A123B1FAC6" +
- "8214AC2B727ECF5F69AFE0C4DF2A6D2C",
- "0000000255",
- "FA624FA0E523993FA388AEFDC67E67EB" +
- "CD8C08E8A0246B1D73B0D1DD9FC582B0"
- )
- };
+ performTest(new TestCase(
+ EncryptionType.AES256_CTS_HMAC_SHA1_96,
+ "FE697B52BC0D3CE14432BA036A92E65B" +
+ "BB52280990A2FA27883998D72AF30161",
+ "0000000255",
+ "97151B4C76945063E2EB0529DC067D97" +
+ "D7BBA90776D8126D91F34F3101AEA8BA"
+ ));
+ }
+
+ @Test
+ public void testKeyDerive_CAMELLIA128_CTS_CMAC_299() throws Exception {
+ performTest(new TestCase(
+ EncryptionType.CAMELLIA128_CTS_CMAC,
+ "57D0297298FFD9D35DE5A47FB4BDE24B",
+ "0000000299",
+ "D155775A209D05F02B38D42A389E5A56"
+ ));
+ }
+
+ @Test
+ public void testKeyDerive_CAMELLIA128_CTS_CMAC_2AA() throws Exception {
+ performTest(new TestCase(
+ EncryptionType.CAMELLIA128_CTS_CMAC,
+ "57D0297298FFD9D35DE5A47FB4BDE24B",
+ "00000002AA",
+ "64DF83F85A532F17577D8C37035796AB"
+ ));
+ }
+
+ @Test
+ public void testKeyDerive_CAMELLIA128_CTS_CMAC_255() throws Exception {
+ performTest(new TestCase(
+ EncryptionType.CAMELLIA128_CTS_CMAC,
+ "57D0297298FFD9D35DE5A47FB4BDE24B",
+ "0000000255",
+ "3E4FBDF30FB8259C425CB6C96F1F4635"
+ ));
+ }
+
+ @Test
+ public void testKeyDerive_CAMELLIA256_CTS_CMAC_299() throws Exception {
+ performTest(new TestCase(
+ EncryptionType.CAMELLIA256_CTS_CMAC,
+ "B9D6828B2056B7BE656D88A123B1FAC6" +
+ "8214AC2B727ECF5F69AFE0C4DF2A6D2C",
+ "0000000299",
+ "E467F9A9552BC7D3155A6220AF9C1922" +
+ "0EEED4FF78B0D1E6A1544991461A9E50"
+ ));
+ }
+
+ @Test
+ public void testKeyDerive_CAMELLIA256_CTS_CMAC_2AA() throws Exception {
+ performTest(new TestCase(
+ EncryptionType.CAMELLIA256_CTS_CMAC,
+ "B9D6828B2056B7BE656D88A123B1FAC6" +
+ "8214AC2B727ECF5F69AFE0C4DF2A6D2C",
+ "00000002AA",
+ "412AEFC362A7285FC3966C6A5181E760" +
+ "5AE675235B6D549FBFC9AB6630A4C604"
+ ));
+ }
+
+ @Test
+ public void testKeyDerive_CAMELLIA256_CTS_CMAC_255() throws Exception {
+ performTest(new TestCase(
+ EncryptionType.CAMELLIA256_CTS_CMAC,
+ "B9D6828B2056B7BE656D88A123B1FAC6" +
+ "8214AC2B727ECF5F69AFE0C4DF2A6D2C",
+ "0000000255",
+ "FA624FA0E523993FA388AEFDC67E67EB" +
+ "CD8C08E8A0246B1D73B0D1DD9FC582B0"
+ ));
+ }
static DkKeyMaker getKeyMaker(EncryptionType encType) {
switch (encType) {
@@ -189,41 +250,26 @@
}
}
- @Test
- public void testDeriveKeys() {
- boolean overallResult = true;
-
- for (TestCase tc : testCases) {
- System.err.println("Key deriving test for " + tc.encType.getName());
- try {
- if (! testWith(tc)) {
- overallResult = false;
- }
- } catch (Exception e) {
- e.printStackTrace();
- overallResult = false;
- }
- }
-
- if (!overallResult) {
- fail(null);
- }
- }
-
- private boolean testWith(TestCase testCase) throws Exception {
+ /**
+ * Perform key derive tests using the testCase data object
+ * @param testCase
+ * @throws Exception
+ */
+ private static void performTest(TestCase testCase) throws Exception {
byte[] answer = HexUtil.hex2bytes(testCase.answer);
byte[] inkey = HexUtil.hex2bytes(testCase.inkey);
byte[] constant = HexUtil.hex2bytes(testCase.constant);
byte[] outkey;
-
+
DkKeyMaker km = getKeyMaker(testCase.encType);
outkey = km.dk(inkey, constant);
if (! Arrays.equals(answer, outkey)) {
System.err.println("failed with:");
System.err.println("outKey:" + HexUtil.bytesToHex(outkey));
System.err.println("answer:" + testCase.answer);
- return false;
- }
- return true;
+ fail("KeyDerive test failed for " + testCase.encType.getName());
+ } else {
+ System.out.println("KeyDerive test OK for " + testCase.encType.getName());
+ }
}
}
diff --git a/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/String2keyTest.java b/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/String2keyTest.java
index 3fbe38f..ae0c9b5 100644
--- a/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/String2keyTest.java
+++ b/kerby-kerb/kerb-crypto/src/test/java/org/apache/kerby/kerberos/kerb/crypto/String2keyTest.java
@@ -269,6 +269,10 @@
@Test
public void test_AES256_CTS_HMAC_SHA1_96_0() {
+ if(!EncryptionHandler.isAES256Enabled()) {
+ return;
+ }
+
performTest(new TestCase(
EncryptionType.AES256_CTS_HMAC_SHA1_96,
"password",
@@ -281,6 +285,10 @@
@Test
public void test_AES256_CTS_HMAC_SHA1_96_1() {
+ if(!EncryptionHandler.isAES256Enabled()) {
+ return;
+ }
+
performTest(new TestCase(
EncryptionType.AES256_CTS_HMAC_SHA1_96,
"password",
@@ -293,6 +301,10 @@
@Test
public void test_AES256_CTS_HMAC_SHA1_96_2() {
+ if(!EncryptionHandler.isAES256Enabled()) {
+ return;
+ }
+
performTest(new TestCase(
EncryptionType.AES256_CTS_HMAC_SHA1_96,
"password",
@@ -305,6 +317,10 @@
@Test
public void test_AES256_CTS_HMAC_SHA1_96_3() {
+ if(!EncryptionHandler.isAES256Enabled()) {
+ return;
+ }
+
performTest(new TestCase(
EncryptionType.AES256_CTS_HMAC_SHA1_96,
"password",
@@ -317,6 +333,10 @@
@Test
public void test_AES256_CTS_HMAC_SHA1_96_4() {
+ if(!EncryptionHandler.isAES256Enabled()) {
+ return;
+ }
+
performTest(new TestCase(
EncryptionType.AES256_CTS_HMAC_SHA1_96,
"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
@@ -331,6 +351,10 @@
@Test
public void test_AES256_CTS_HMAC_SHA1_96_5() {
+ if(!EncryptionHandler.isAES256Enabled()) {
+ return;
+ }
+
performTest(new TestCase(
EncryptionType.AES256_CTS_HMAC_SHA1_96,
"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
@@ -343,6 +367,10 @@
@Test
public void test_AES256_CTS_HMAC_SHA1_96_6() {
+ if(!EncryptionHandler.isAES256Enabled()) {
+ return;
+ }
+
performTest(new TestCase(
EncryptionType.AES256_CTS_HMAC_SHA1_96,
toUtf8("F09D849E"),
@@ -356,6 +384,10 @@
// Check for KRB5_ERR_BAD_S2K_PARAMS return when weak iteration counts are forbidden
@Test
public void test_AES256_CTS_HMAC_SHA1_96_7() {
+ if(!EncryptionHandler.isAES256Enabled()) {
+ return;
+ }
+
performTest(new TestCase(
EncryptionType.AES256_CTS_HMAC_SHA1_96,
toUtf8("F09D849E"),
diff --git a/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/ComplexAttribute.java b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/ComplexAttribute.java
index d56bb66..7372c01 100644
--- a/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/ComplexAttribute.java
+++ b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/ComplexAttribute.java
@@ -24,7 +24,7 @@
import java.util.List;
public class ComplexAttribute extends Attribute {
- private List<String> values;
+ private final List<String> values;
public ComplexAttribute(String name) {
super(name);
diff --git a/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/Identity.java b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/Identity.java
index 18da5f8..59dcd92 100644
--- a/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/Identity.java
+++ b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/Identity.java
@@ -23,7 +23,7 @@
public class Identity {
private String name;
- private Map<String, Attribute> attributes;
+ private final Map<String, Attribute> attributes;
public Identity(String name) {
this.name = name;
@@ -53,7 +53,7 @@
public String getSimpleAttribute(String name) {
Attribute attr = attributes.get(name);
if (! (attr instanceof SimpleAttribute)) {
- throw new RuntimeException("Not simple attribute");
+ throw new RuntimeException("Not a simple attribute");
}
return ((SimpleAttribute) attr).getValue();
}
diff --git a/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/KrbIdentity.java b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/KrbIdentity.java
index 8acd430..6402248 100644
--- a/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/KrbIdentity.java
+++ b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/KrbIdentity.java
@@ -33,8 +33,8 @@
private PrincipalName principal;
private int keyVersion = 1;
private int kdcFlags = 0;
- private boolean disabled = false;
- private boolean locked = false;
+ private boolean disabled;
+ private boolean locked;
private KerberosTime expireTime = KerberosTime.NEVER;
private KerberosTime createdTime = KerberosTime.now();
diff --git a/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/InMemoryIdentityBackend.java b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/InMemoryIdentityBackend.java
index 3ef6140..d5e8738 100644
--- a/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/InMemoryIdentityBackend.java
+++ b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/InMemoryIdentityBackend.java
@@ -28,7 +28,7 @@
public class InMemoryIdentityBackend extends AbstractIdentityBackend {
- private Map<String, KrbIdentity> identities;
+ private final Map<String, KrbIdentity> identities;
public InMemoryIdentityBackend() {
this.identities = new HashMap<String, KrbIdentity>();
diff --git a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcTest.java b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcTest.java
index f16fa08..dff0f6f 100644
--- a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcTest.java
+++ b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcTest.java
@@ -25,7 +25,7 @@
import static org.assertj.core.api.Assertions.assertThat;
-public class KdcTest extends KdcTestBase {
+public abstract class KdcTest extends KdcTestBase {
private String password = "123456";
@@ -35,16 +35,17 @@
kdcServer.createPrincipal(clientPrincipal, password);
}
- @Test
- public void testKdc() throws Exception {
+ protected void performKdcTest() throws Exception {
kdcServer.start();
assertThat(kdcServer.isStarted()).isTrue();
krbClnt.init();
- TgtTicket tgt = krbClnt.requestTgtTicket(clientPrincipal, password, null);
+ TgtTicket tgt = krbClnt.requestTgtTicket(clientPrincipal,
+ password, null);
assertThat(tgt).isNotNull();
- ServiceTicket tkt = krbClnt.requestServiceTicket(tgt, serverPrincipal, null);
+ ServiceTicket tkt = krbClnt.requestServiceTicket(tgt,
+ serverPrincipal, null);
assertThat(tkt).isNotNull();
}
}
\ No newline at end of file
diff --git a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcTestBase.java b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcTestBase.java
index 1751474..900b7f4 100644
--- a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcTestBase.java
+++ b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcTestBase.java
@@ -19,6 +19,9 @@
*/
package org.apache.kerby.kerberos.kerb.server;
+import java.io.IOException;
+import java.net.ServerSocket;
+
import org.apache.kerby.kerberos.kerb.client.KrbClient;
import org.junit.After;
import org.junit.Before;
@@ -30,14 +33,24 @@
protected String serverPrincipal;
protected String hostname = "localhost";
- protected short tcpPort = 8088;
- protected short udpPort = 8089;
+ protected int tcpPort = -1;
+ protected int udpPort = -1;
protected TestKdcServer kdcServer;
protected KrbClient krbClnt;
+ protected boolean allowUdp() {
+ return true;
+ }
+
@Before
public void setUp() throws Exception {
+ tcpPort = getServerPort();
+
+ if (allowUdp()) {
+ udpPort = getServerPort();
+ }
+
setUpKdcServer();
setUpClient();
}
@@ -45,8 +58,14 @@
protected void setUpKdcServer() throws Exception {
kdcServer = new TestKdcServer();
kdcServer.setKdcHost(hostname);
- kdcServer.setKdcTcpPort(tcpPort);
- kdcServer.setKdcUdpPort(udpPort);
+ if (tcpPort > 0) {
+ kdcServer.setKdcTcpPort(tcpPort);
+ }
+ kdcServer.setAllowUdp(allowUdp());
+ if (udpPort > 0) {
+ kdcServer.setKdcUdpPort(udpPort);
+ }
+
kdcServer.init();
kdcRealm = kdcServer.getKdcRealm();
@@ -57,12 +76,38 @@
}
protected void setUpClient() throws Exception {
- krbClnt = new KrbClient(hostname, tcpPort);
+ krbClnt = new KrbClient();
+
+ krbClnt.setKdcHost(hostname);
+ if (tcpPort > 0) {
+ krbClnt.setKdcTcpPort(tcpPort);
+ }
+ krbClnt.setAllowUdp(allowUdp());
+ if (udpPort > 0) {
+ krbClnt.setKdcUdpPort(udpPort);
+ }
+
krbClnt.setTimeout(5);
krbClnt.setKdcRealm(kdcServer.getKdcRealm());
}
+ /**
+ * Get a server socket point for testing usage, either TCP or UDP.
+ * @return server socket point
+ */
+ private static int getServerPort() {
+ int serverPort = 0;
+ try {
+ ServerSocket serverSocket = new ServerSocket(0);
+ serverPort = serverSocket.getLocalPort();
+ serverSocket.close();
+ } catch (IOException e) {
+ throw new RuntimeException("Failed to get a server socket point");
+ }
+
+ return serverPort;
+ }
@After
public void tearDown() throws Exception {
diff --git a/lib/kerby-token/src/main/java/org/apache/kerby/token/KerbToken.java b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/OnlyTcpKdcTest.java
similarity index 60%
copy from lib/kerby-token/src/main/java/org/apache/kerby/token/KerbToken.java
copy to kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/OnlyTcpKdcTest.java
index be4a127..e7e956b 100644
--- a/lib/kerby-token/src/main/java/org/apache/kerby/token/KerbToken.java
+++ b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/OnlyTcpKdcTest.java
@@ -17,31 +17,19 @@
* under the License.
*
*/
-package org.apache.kerby.token;
+package org.apache.kerby.kerberos.kerb.server;
-import java.util.Map;
+import org.junit.Test;
-public class KerbToken {
+public class OnlyTcpKdcTest extends KdcTest {
- private Map<String, Object> attributes;
-
- public KerbToken(Map<String, Object> attributes) {
- this.attributes = attributes;
- }
-
- public Map<String, Object> getAttributes() {
- return attributes;
- }
-
- public String getPrincipal() {
- return (String) attributes.get("sub");
- }
-
- public String[] getGroups() {
- String grp = (String) attributes.get("group");
- if (grp != null) {
- return new String[] { grp };
+ @Override
+ protected boolean allowUdp() {
+ return false;
}
- return new String[0];
- }
-}
+
+ @Test
+ public void testKdc() throws Exception {
+ performKdcTest();
+ }
+}
\ No newline at end of file
diff --git a/lib/kerby-token/src/main/java/org/apache/kerby/token/KerbToken.java b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/TcpAndUdpKdcTest.java
similarity index 60%
rename from lib/kerby-token/src/main/java/org/apache/kerby/token/KerbToken.java
rename to kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/TcpAndUdpKdcTest.java
index be4a127..673eeb4 100644
--- a/lib/kerby-token/src/main/java/org/apache/kerby/token/KerbToken.java
+++ b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/TcpAndUdpKdcTest.java
@@ -17,31 +17,19 @@
* under the License.
*
*/
-package org.apache.kerby.token;
+package org.apache.kerby.kerberos.kerb.server;
-import java.util.Map;
+import org.junit.Test;
-public class KerbToken {
+public class TcpAndUdpKdcTest extends KdcTest {
- private Map<String, Object> attributes;
-
- public KerbToken(Map<String, Object> attributes) {
- this.attributes = attributes;
- }
-
- public Map<String, Object> getAttributes() {
- return attributes;
- }
-
- public String getPrincipal() {
- return (String) attributes.get("sub");
- }
-
- public String[] getGroups() {
- String grp = (String) attributes.get("group");
- if (grp != null) {
- return new String[] { grp };
+ @Override
+ protected boolean allowUdp() {
+ return true;
}
- return new String[0];
- }
-}
+
+ @Test
+ public void testKdc() throws Exception {
+ performKdcTest();
+ }
+}
\ No newline at end of file
diff --git a/kerby-kerb/kerb-kdc-test/src/main/java/org/apache/kerby/kerberos/kerb/server/TestKdcServer.java b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/TestKdcServer.java
similarity index 100%
rename from kerby-kerb/kerb-kdc-test/src/main/java/org/apache/kerby/kerberos/kerb/server/TestKdcServer.java
rename to kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/TestKdcServer.java
diff --git a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/WithTokenKdcTest.java b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/WithTokenKdcTest.java
index b0b0489..46be468 100644
--- a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/WithTokenKdcTest.java
+++ b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/WithTokenKdcTest.java
@@ -22,7 +22,7 @@
import org.apache.kerby.kerberos.kerb.KrbException;
import org.apache.kerby.kerberos.kerb.spec.ticket.ServiceTicket;
import org.apache.kerby.kerberos.kerb.spec.ticket.TgtTicket;
-import org.apache.kerby.token.KerbToken;
+import org.apache.kerby.kerberos.kerb.spec.pa.token.KerbToken;
import static org.assertj.core.api.Assertions.assertThat;
diff --git a/kerby-kerb/kerb-server/pom.xml b/kerby-kerb/kerb-server/pom.xml
index f421ef6..98a347b 100644
--- a/kerby-kerb/kerb-server/pom.xml
+++ b/kerby-kerb/kerb-server/pom.xml
@@ -58,4 +58,28 @@
<version>${project.version}</version>
</dependency>
</dependencies>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-assembly-plugin</artifactId>
+ <version>2.2</version>
+ <executions>
+ <execution>
+ <id>package-all</id>
+ <phase>package</phase>
+ <goals>
+ <goal>single</goal>
+ </goals>
+ <configuration>
+ <descriptorRefs>
+ <descriptorRef>jar-with-dependencies</descriptorRef>
+ </descriptorRefs>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
</project>
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfig.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfig.java
index 86fc6ad..a3a4703 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfig.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfig.java
@@ -61,14 +61,36 @@
return conf.getString(KdcConfigKey.KDC_HOST);
}
- public short getKdcTcpPort() {
- Integer kdcTcpPort = KrbConfHelper.getIntUnderSection(conf, KdcConfigKey.KDC_TCP_PORT);
- return kdcTcpPort.shortValue();
+ public int getKdcPort() {
+ Integer kdcPort = KrbConfHelper.getIntUnderSection(conf,
+ KdcConfigKey.KDC_PORT);
+ return kdcPort.intValue();
}
- public short getKdcUdpPort() {
- Integer kdcUdpPort = KrbConfHelper.getIntUnderSection(conf, KdcConfigKey.KDC_UDP_PORT);
- return kdcUdpPort.shortValue();
+ public int getKdcTcpPort() {
+ Integer kdcTcpPort = KrbConfHelper.getIntUnderSection(conf,
+ KdcConfigKey.KDC_TCP_PORT);
+ if (kdcTcpPort > 0) {
+ return kdcTcpPort.intValue();
+ }
+ return getKdcPort();
+ }
+
+ /**
+ * Is to allow UDP for KDC
+ * @return true to allow UDP, false otherwise
+ */
+ public boolean allowKdcUdp() {
+ return conf.getBoolean(KdcConfigKey.KDC_ALLOW_UDP);
+ }
+
+ public int getKdcUdpPort() {
+ Integer kdcUdpPort = KrbConfHelper.getIntUnderSection(conf,
+ KdcConfigKey.KDC_UDP_PORT);
+ if (kdcUdpPort > 0) {
+ return kdcUdpPort.intValue();
+ }
+ return getKdcPort();
}
public String getKdcRealm() {
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfigKey.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfigKey.java
index 6180698..6792d06 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfigKey.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfigKey.java
@@ -24,8 +24,10 @@
public enum KdcConfigKey implements SectionConfigKey {
KRB_DEBUG(true),
WORK_DIR,
- KDC_SERVICE_NAME("Haox_KDC_Server"),
+ KDC_SERVICE_NAME("Kerby_KDC_Server"),
KDC_HOST("127.0.0.1"),
+ KDC_PORT(8015, "kdcdefaults"),
+ KDC_ALLOW_UDP(true, "kdcdefaults"),
KDC_UDP_PORT(8016, "kdcdefaults"),
KDC_TCP_PORT(8015, "kdcdefaults"),
KDC_DOMAIN("example.com"),
@@ -48,7 +50,7 @@
KDC_MAX_DGRAM_REPLY_SIZE(4096, "kdcdefaults"),
//logging location
- //TODO: the default log location need to be determinded.
+ //TODO: the default log location need to be determined.
DEFAULT(null, "logging"),
KDC(null, "logging"),
ADMIN_SERVER(null, "logging");
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcServer.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcServer.java
index dd291f9..c3a7b82 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcServer.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcServer.java
@@ -28,12 +28,13 @@
public class KdcServer {
private String kdcHost;
- private short kdcTcpPort;
- private short kdcUdpPort;
+ private int kdcTcpPort;
+ private Boolean allowUdp;
+ private int kdcUdpPort;
private String kdcRealm;
private boolean started;
- private String serviceName = "HaoxKdc";
+ private String serviceName = "KerbyKdc";
private KdcHandler kdcHandler;
private EventHub eventHub;
@@ -112,14 +113,21 @@
return kdcConfig.getKdcHost();
}
- private short getKdcTcpPort() {
+ private int getKdcTcpPort() {
if (kdcTcpPort > 0) {
return kdcTcpPort;
}
return kdcConfig.getKdcTcpPort();
}
- private short getKdcUdpPort() {
+ private boolean allowUdp() {
+ if (allowUdp != null) {
+ return allowUdp;
+ }
+ return kdcConfig.allowKdcUdp();
+ }
+
+ private int getKdcUdpPort() {
if (kdcUdpPort > 0) {
return kdcUdpPort;
}
@@ -130,14 +138,34 @@
this.kdcHost = kdcHost;
}
- public void setKdcTcpPort(short kdcTcpPort) {
+ /**
+ * Set to allow UDP or not.
+ * @param allowUdp
+ */
+ public void setAllowUdp(boolean allowUdp) {
+ this.allowUdp = allowUdp;
+ }
+
+ /**
+ * Set KDC tcp port.
+ * @param kdcTcpPort
+ */
+ public void setKdcTcpPort(int kdcTcpPort) {
this.kdcTcpPort = kdcTcpPort;
}
- public void setKdcUdpPort(short kdcUdpPort) {
+ /**
+ * Set KDC udp port. Only makes sense when allowUdp is set.
+ * @param kdcUdpPort
+ */
+ public void setKdcUdpPort(int kdcUdpPort) {
this.kdcUdpPort = kdcUdpPort;
}
+ /**
+ * Set KDC realm.
+ * @param realm
+ */
public void setKdcRealm(String realm) {
this.kdcRealm = realm;
}
@@ -159,7 +187,9 @@
eventHub.start();
network.tcpListen(getKdcHost(), getKdcTcpPort());
- network.udpListen(getKdcHost(), getKdcUdpPort());
+ if (allowUdp()) {
+ network.udpListen(getKdcHost(), getKdcUdpPort());
+ }
}
private void prepareHandler() {
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
index c383037..7ab8c1a 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
@@ -36,7 +36,7 @@
public class PkinitPreauth extends AbstractPreauthPlugin {
- private Map<String, PkinitKdcContext> pkinitContexts;
+ private final Map<String, PkinitKdcContext> pkinitContexts;
public PkinitPreauth() {
super(new PkinitPreauthMeta());
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/replay/RequestRecord.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/replay/RequestRecord.java
index 3708d18..0cafefa 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/replay/RequestRecord.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/replay/RequestRecord.java
@@ -34,15 +34,27 @@
@Override
public boolean equals(Object o) {
- if (this == o) return true;
- if (o == null || getClass() != o.getClass()) return false;
+ if (this == o) {
+ return true;
+ }
+ if (o == null || getClass() != o.getClass()) {
+ return false;
+ }
RequestRecord that = (RequestRecord) o;
- if (microseconds != that.microseconds) return false;
- if (requestTime != that.requestTime) return false;
- if (!clientPrincipal.equals(that.clientPrincipal)) return false;
- if (!serverPrincipal.equals(that.serverPrincipal)) return false;
+ if (microseconds != that.microseconds) {
+ return false;
+ }
+ if (requestTime != that.requestTime) {
+ return false;
+ }
+ if (!clientPrincipal.equals(that.clientPrincipal)) {
+ return false;
+ }
+ if (!serverPrincipal.equals(that.serverPrincipal)) {
+ return false;
+ }
return true;
}
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/replay/SimpleCacheService.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/replay/SimpleCacheService.java
index 96d95c1..90b27ec 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/replay/SimpleCacheService.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/replay/SimpleCacheService.java
@@ -23,7 +23,7 @@
import java.util.Set;
public class SimpleCacheService implements CacheService {
- private Set<RequestRecord> requests;
+ private final Set<RequestRecord> requests;
public SimpleCacheService() {
requests = new HashSet<RequestRecord>();
diff --git a/kerby-kerb/kerb-server/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcTest.java b/kerby-kerb/kerb-server/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcTest.java
index c98c00d..9b276b4 100644
--- a/kerby-kerb/kerb-server/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcTest.java
+++ b/kerby-kerb/kerb-server/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcTest.java
@@ -25,6 +25,7 @@
import java.io.IOException;
import java.net.InetSocketAddress;
+import java.net.ServerSocket;
import java.net.SocketAddress;
import java.nio.ByteBuffer;
import java.nio.channels.SocketChannel;
@@ -32,7 +33,7 @@
public class KdcTest {
private String serverHost = "localhost";
- private short serverPort = 8089;
+ private int serverPort = 0;
private SimpleKdcServer kdcServer;
@@ -40,6 +41,7 @@
public void setUp() throws Exception {
kdcServer = new SimpleKdcServer();
kdcServer.setKdcHost(serverHost);
+ serverPort = getServerPort();
kdcServer.setKdcTcpPort(serverPort);
kdcServer.init();
kdcServer.start();
@@ -62,6 +64,24 @@
socketChannel.write(writeBuffer);
}
+
+ /**
+ * Get a server socket point for testing usage, either TCP or UDP.
+ * @return server socket point
+ */
+ private static int getServerPort() {
+ int serverPort = 0;
+
+ try {
+ ServerSocket serverSocket = new ServerSocket(0);
+ serverPort = serverSocket.getLocalPort();
+ serverSocket.close();
+ } catch (IOException e) {
+ throw new RuntimeException("Failed to get a server socket point");
+ }
+
+ return serverPort;
+ }
@After
public void tearDown() throws Exception {
diff --git a/kerby-kerb/kerb-server/src/test/java/org/apache/kerby/kerberos/kerb/server/TestKdcConfigLoad.java b/kerby-kerb/kerb-server/src/test/java/org/apache/kerby/kerberos/kerb/server/TestKdcConfigLoad.java
index 643b539..7f00a3a 100644
--- a/kerby-kerb/kerb-server/src/test/java/org/apache/kerby/kerberos/kerb/server/TestKdcConfigLoad.java
+++ b/kerby-kerb/kerb-server/src/test/java/org/apache/kerby/kerberos/kerb/server/TestKdcConfigLoad.java
@@ -44,8 +44,8 @@
assertThat(krbConfig.getKdcLoggingLocation()).isEqualTo("FILE:/var/log/krb5kdc.log");
assertThat(krbConfig.getAdminLoggingLocation()).isEqualTo("FILE:/var/log/kadmind.log");
- assertThat(krbConfig.getKdcUdpPort()).isEqualTo((short)88);
- assertThat(krbConfig.getKdcTcpPort()).isEqualTo((short)8014);
+ assertThat(krbConfig.getKdcUdpPort()).isEqualTo(88);
+ assertThat(krbConfig.getKdcTcpPort()).isEqualTo(8014);
assertThat(krbConfig.isRestrictAnonymousToTgt()).isTrue();
assertThat(krbConfig.getKdcMaxDgramReplySize()).isEqualTo(4096);
diff --git a/kerby-kerb/kerb-server/src/main/resources/kdc.conf b/kerby-kerb/kerb-server/src/test/resources/kdc.conf
similarity index 100%
rename from kerby-kerb/kerb-server/src/main/resources/kdc.conf
rename to kerby-kerb/kerb-server/src/test/resources/kdc.conf
diff --git a/kerby-kerb/kerb-util/src/test/java/org/apache/kerby/kerberos/kerb/util/EncryptionTest.java b/kerby-kerb/kerb-util/src/test/java/org/apache/kerby/kerberos/kerb/util/EncryptionTest.java
index 9fb6f9e..1ca2ee7 100644
--- a/kerby-kerb/kerb-util/src/test/java/org/apache/kerby/kerberos/kerb/util/EncryptionTest.java
+++ b/kerby-kerb/kerb-util/src/test/java/org/apache/kerby/kerberos/kerb/util/EncryptionTest.java
@@ -69,6 +69,10 @@
@Test
public void testAes256() throws IOException, KrbException {
+ if(!EncryptionHandler.isAES256Enabled()) {
+ return;
+ }
+
testEncWith("aes256-cts-hmac-sha1-96.cc");
}
diff --git a/kerby-kerb/kerb-util/src/test/java/org/apache/kerby/kerberos/kerb/util/KeysTest.java b/kerby-kerb/kerb-util/src/test/java/org/apache/kerby/kerberos/kerb/util/KeysTest.java
index 6cc98b1..cfb3894 100644
--- a/kerby-kerb/kerb-util/src/test/java/org/apache/kerby/kerberos/kerb/util/KeysTest.java
+++ b/kerby-kerb/kerb-util/src/test/java/org/apache/kerby/kerberos/kerb/util/KeysTest.java
@@ -67,6 +67,9 @@
for (KeytabEntry ke : entries) {
EncryptionType keyType = ke.getKey().getKeyType();
+ if (keyType.usesAES256()) {
+ continue;
+ }
if (EncryptionHandler.isImplemented(keyType)) {
EncryptionKey genKey = EncryptionHandler.string2Key(principal.getName(),
TEST_PASSWORD, keyType);
diff --git a/kerby-kerb/pom.xml b/kerby-kerb/pom.xml
index 4422235..1f4d4cf 100644
--- a/kerby-kerb/pom.xml
+++ b/kerby-kerb/pom.xml
@@ -12,7 +12,7 @@
See the License for the specific language governing permissions and
limitations under the License. See accompanying LICENSE file.
-->
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+<project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://maven.apache.org/POM/4.0.0" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
@@ -42,14 +42,10 @@
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
- <version>${junit.version}</version>
- <scope>test</scope>
</dependency>
<dependency>
<groupId>org.assertj</groupId>
<artifactId>assertj-core</artifactId>
- <version>${assertj.version}</version>
- <scope>test</scope>
</dependency>
</dependencies>
</project>
diff --git a/lib/pom.xml b/lib/pom.xml
index e6284ef..2185fdd 100644
--- a/lib/pom.xml
+++ b/lib/pom.xml
@@ -12,7 +12,7 @@
See the License for the specific language governing permissions and
limitations under the License. See accompanying LICENSE file.
-->
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+<project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://maven.apache.org/POM/4.0.0" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
@@ -30,7 +30,6 @@
<module>kerby-config</module>
<module>kerby-event</module>
<module>kerby-pkix</module>
- <module>kerby-token</module>
<module>kerby-util</module>
</modules>
@@ -38,14 +37,10 @@
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
- <version>${junit.version}</version>
- <scope>test</scope>
</dependency>
<dependency>
<groupId>org.assertj</groupId>
<artifactId>assertj-core</artifactId>
- <version>${assertj.version}</version>
- <scope>test</scope>
</dependency>
</dependencies>
diff --git a/pom.xml b/pom.xml
index 3d08524..d03c850 100644
--- a/pom.xml
+++ b/pom.xml
@@ -41,7 +41,7 @@
<module>kerby-asn1</module>
<module>kerby-kerb</module>
<module>kerby-kdc</module>
- <module>tool</module>
+ <module>kdc-tool</module>
<module>kdc-backend</module>
<module>benchmark</module>
<module>kerby-dist</module>
