Google Git
Sign in
apache / directory-server / refs/heads/apacheds-kerberos / . / kerberos-shared / src / test / java / org / apache / directory / server / kerberos / shared / messages / AuthServerRequestTest.java
blob: cbe5cfe24a7e094c812ca6e9312e3425fa5f144d [file] [log] [blame]
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*
*/
package org.apache.directory.server.kerberos.shared.messages;
import java.nio.ByteBuffer;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import javax.security.auth.kerberos.KerberosPrincipal;
import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
import org.apache.directory.server.kerberos.shared.exceptions.KerberosException;
import org.apache.directory.server.kerberos.shared.messages.components.Ticket;
import org.apache.directory.server.kerberos.shared.messages.value.EncryptedData;
import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
import org.apache.directory.server.kerberos.shared.messages.value.HostAddress;
import org.apache.directory.server.kerberos.shared.messages.value.HostAddresses;
import org.apache.directory.server.kerberos.shared.messages.value.KerberosRequestBody;
import org.apache.directory.server.kerberos.shared.messages.value.KerberosTime;
import org.apache.directory.server.kerberos.shared.messages.value.PreAuthenticationData;
import org.apache.directory.server.kerberos.shared.messages.value.PrincipalName;
import org.apache.directory.server.kerberos.shared.messages.value.flags.KdcOption;
import org.apache.directory.server.kerberos.shared.messages.value.flags.KdcOptions;
import org.apache.directory.server.kerberos.shared.messages.value.types.HostAddressType;
import org.apache.directory.server.kerberos.shared.messages.value.types.PreAuthenticationDataType;
import org.apache.directory.server.kerberos.shared.messages.value.types.PrincipalNameType;
import org.apache.directory.server.kerberos.shared.store.TicketFactory;
import org.apache.directory.shared.ldap.util.StringTools;
import junit.framework.TestCase;
/**
* Test the AS-REQ encoding and decoding
*
* @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
*/
public class AuthServerRequestTest extends TestCase
{
private static Date date = null;
static
{
try
{
date = new SimpleDateFormat( "yyyyMMddHHmmss'Z'" ).parse( "20070717114503Z" );
}
catch ( ParseException pe )
{
// Do nothing
}
}
private KerberosRequestBody getReqBody() throws ParseException, KerberosException
{
KerberosRequestBody krb = new KerberosRequestBody();
// KdcOptions
KdcOptions kdcOptions = new KdcOptions();
kdcOptions.setFlag( KdcOption.FORWARDABLE );
kdcOptions.setFlag( KdcOption.PROXIABLE );
kdcOptions.setFlag( KdcOption.POSTDATED );
kdcOptions.setFlag( KdcOption.VALIDATE );
krb.setKdcOptions( kdcOptions );
// cName
PrincipalName cname = new PrincipalName( "test@APACHE.ORG", PrincipalNameType.KRB_NT_PRINCIPAL );
krb.setClientPrincipalName( cname );
// Realm
krb.setRealm( "APACHE.ORG" );
// sName
PrincipalName sname = new PrincipalName( "server@APACHE.ORG", PrincipalNameType.KRB_NT_PRINCIPAL );
krb.setServerPrincipalName( sname );
// from, till and renew
KerberosTime kerberosTime = new KerberosTime( date );
krb.setFrom( kerberosTime );
krb.setTill( kerberosTime );
krb.setRenewtime( kerberosTime );
// nonce
krb.setNonce( 1000 );
// EncryptionTypes
krb.addEncryptionType( EncryptionType.AES128_CTS_HMAC_SHA1_96 );
krb.addEncryptionType( EncryptionType.DES3_CBC_MD5 );
// addresses
HostAddress[] ha = new HostAddress[]
{
new HostAddress( HostAddressType.ADDRTYPE_INET, new byte[] { 0x01, 0x02, 0x03, 0x04 } )
};
HostAddresses addresses = new HostAddresses( ha );
krb.setAddresses( addresses );
// encAuthorizationData
EncryptedData ed = new EncryptedData( EncryptionType.AES128_CTS_HMAC_SHA1_96, 1, new byte[]
{ 0x01, 0x02, 0x03, 0x04 } );
krb.setEncAuthorizationData( ed );
// additionalTickets
TicketFactory ticketFactory = new TicketFactory();
KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
KerberosPrincipal serverPrincipal = new KerberosPrincipal( "kadmin/changepw@EXAMPLE.COM" );
String serverPassword = "s3crEt";
EncryptionKey serverKey = ticketFactory.getServerKey( serverPrincipal, serverPassword );
Ticket serviceTicket = ticketFactory.getTicket( clientPrincipal, serverPrincipal, serverKey );
krb.addAdditionalTicket( serviceTicket );
return krb;
}
public void testAuthServerRequestBase() throws Exception
{
PreAuthenticationData pad = new PreAuthenticationData(
PreAuthenticationDataType.PA_ASF3_SALT,
new byte[] { 0x01, 0x02, 0x03 } );
List<PreAuthenticationData> paData = new ArrayList<PreAuthenticationData>();
paData.add( pad );
AuthServerRequest asr = new AuthServerRequest( paData, getReqBody() );
ByteBuffer encoded = asr.encode( null );
byte[] expectedResult = new byte[]
{
0x6A, (byte)0x82, 0x01, (byte)0xD1,
0x30, (byte)0x82, 0x01, (byte)0xCD,
(byte)0xA1, 0x03,
0x02, 0x01, 0x05,
(byte)0xA2, 0x03,
0x02, 0x01, 0x0A,
(byte)0xA3, 0x10,
0x30, 0x0E,
0x30, 0x0C,
(byte)0xA1, 0x03,
0x02, 0x01, 0x0A,
(byte)0xA2, 0x05,
0x04, 0x03,
0x01, 0x02, 0x03,
(byte)0xA4, (byte)0x82, 0x01, (byte)0xAD,
0x30, (byte)0x82, 0x01, (byte)0xA9,
(byte)0xA0, 0x07,
0x03, 0x05,
0x00, (byte)0x52, 0x00, 0x00, 0x01,
(byte)0xA1, 0x11,
0x30, 0x0F,
(byte) 0xA0, 0x03,
0x02, 0x01, 0x01,
(byte) 0xA1, 0x08,
0x30, 0x06,
0x1B, 0x04,
't', 'e', 's', 't',
(byte)0xA2,0x0C,
0x1B, 0x0A,
'A', 'P', 'A', 'C', 'H', 'E', '.', 'O', 'R', 'G',
(byte)0xA3, 0x13,
0x30, 0x11,
(byte) 0xA0, 0x03,
0x02, 0x01, 0x01,
(byte) 0xA1, 0x0A,
0x30, 0x08,
0x1B, 0x06,
's', 'e', 'r', 'v', 'e', 'r',
(byte)0xA4, 0x11,
0x18, 0x0F,
'2', '0', '0', '7', '0', '7', '1', '7', '0', '9', '4', '5', '0', '3', 'Z',
(byte)0xA5, 0x11,
0x18, 0x0F,
'2', '0', '0', '7', '0', '7', '1', '7', '0', '9', '4', '5', '0', '3', 'Z',
(byte)0xA6, 0x11,
0x18, 0x0F,
'2', '0', '0', '7', '0', '7', '1', '7', '0', '9', '4', '5', '0', '3', 'Z',
(byte)0xA7, 0x04,
0x02, (byte)0x02, 0x03, (byte)0xE8,
(byte)0xA8, 0x08,
0x30, 0x06,
0x02, 0x01, 0x11,
0x02, 0x01, 0x05,
(byte)0xA9, 0x11,
0x30, 0x0F,
0x30, 0x0d,
(byte)0xA0, 0x03,
0x02, 0x01, 0x02,
(byte)0xA1, 0x06,
0x04, 0x04,
0x01, 0x02, 0x03, 0x04,
(byte)0xAA, 0x14,
0x30, 0x12,
(byte)0xA0, 0x03,
0x02, 0x01, 0x11,
(byte)0xA1, 0x03,
0x02, 0x01, 0x01,
(byte)0xA2, 0x06,
0x04, 0x04, 0x01, 0x02, 0x03, 0x04,
(byte)0xAB, (byte)0x81, (byte)0xF5,
0x30, (byte)0x81, (byte)0xF2,
0x61, (byte)0x81, (byte)0xEF,
0x30, (byte)0x81, (byte)0xEC,
(byte)0xA0, 0x03,
0x02, 0x01, 0x05,
(byte)0xA1, 0x0D,
0x1B, 0x0B,
'E', 'X', 'A', 'M', 'P', 'L', 'E', '.', 'C', 'O', 'M',
(byte)0xA2, 0x1D,
0x30, 0x1B,
(byte)0xA0, 0x03,
0x02, 0x01, 0x01,
(byte)0xA1, 0x14,
0x30, 0x12,
0x1B, 0x06,
'k', 'a', 'd', 'm', 'i', 'n',
0x1B, 0x08,
'c', 'h', 'a', 'n', 'g', 'e', 'p', 'w',
(byte)0xA3, (byte)0x81, (byte)0xB6,
0x30, (byte)0x81, (byte)0xB3,
(byte)0xA0, 0x03,
0x02, 0x01, 0x03,
(byte)0xA2, (byte)0x81, (byte)0xAB,
0x04, (byte)0x81, (byte)0xA8
};
// We will just compared the first bytes (everyting before the encrypted data)
String expectedResultString = StringTools.dumpBytes( expectedResult );
String resultString = StringTools.dumpBytes( encoded.array() ).substring( 0, expectedResultString.length() );
assertEquals( expectedResultString, resultString );
}
}