| /* |
| * Licensed to the Apache Software Foundation (ASF) under one |
| * or more contributor license agreements. See the NOTICE file |
| * distributed with this work for additional information |
| * regarding copyright ownership. The ASF licenses this file |
| * to you under the Apache License, Version 2.0 (the |
| * "License"); you may not use this file except in compliance |
| * with the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, |
| * software distributed under the License is distributed on an |
| * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| * KIND, either express or implied. See the License for the |
| * specific language governing permissions and limitations |
| * under the License. |
| * |
| */ |
| package org.apache.directory.server.kerberos.shared.messages.value; |
| |
| |
| import java.io.ByteArrayOutputStream; |
| import java.nio.ByteBuffer; |
| import java.text.ParseException; |
| import java.text.SimpleDateFormat; |
| import java.util.Date; |
| import java.util.List; |
| |
| import javax.security.auth.kerberos.KerberosPrincipal; |
| |
| import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType; |
| import org.apache.directory.server.kerberos.shared.io.encoder.KdcRequestEncoder; |
| import org.apache.directory.server.kerberos.shared.messages.KdcRequest; |
| import org.apache.directory.server.kerberos.shared.messages.MessageType; |
| import org.apache.directory.server.kerberos.shared.messages.components.Ticket; |
| import org.apache.directory.server.kerberos.shared.messages.value.flags.KdcOption; |
| import org.apache.directory.server.kerberos.shared.messages.value.flags.KdcOptions; |
| import org.apache.directory.server.kerberos.shared.messages.value.types.HostAddressType; |
| import org.apache.directory.server.kerberos.shared.messages.value.types.PrincipalNameType; |
| import org.apache.directory.server.kerberos.shared.store.TicketFactory; |
| import org.apache.directory.shared.asn1.der.ASN1OutputStream; |
| import org.apache.directory.shared.ldap.util.StringTools; |
| |
| import junit.framework.TestCase; |
| |
| |
| /** |
| * Test the KerberosRequestBody encoding and decoding |
| * |
| * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a> |
| * @version $Rev: 542147 $, $Date: 2007-05-28 10:14:21 +0200 (Mon, 28 May 2007) $ |
| */ |
| public class KerberosRequestBodyTest extends TestCase |
| { |
| private static Date date = null; |
| |
| static |
| { |
| try |
| { |
| date = new SimpleDateFormat( "yyyyMMddHHmmss'Z'" ).parse( "20070717114503Z" ); |
| } |
| catch ( ParseException pe ) |
| { |
| // Do nothing |
| } |
| } |
| |
| public void testEncodingKerberosRequestBody() throws Exception |
| { |
| KerberosRequestBody krb = new KerberosRequestBody(); |
| |
| // KdcOptions |
| KdcOptions kdcOptions = new KdcOptions(); |
| kdcOptions.setFlag( KdcOption.FORWARDABLE ); |
| kdcOptions.setFlag( KdcOption.PROXIABLE ); |
| kdcOptions.setFlag( KdcOption.POSTDATED ); |
| kdcOptions.setFlag( KdcOption.VALIDATE ); |
| |
| krb.setKdcOptions( kdcOptions ); |
| |
| // Client principal |
| KerberosPrincipal ckp = new KerberosPrincipal( "test@APACHE.ORG" ); |
| |
| // cName |
| krb.setClientPrincipal( ckp ); |
| |
| // Realm |
| krb.setRealm( "APACHE.ORG" ); |
| |
| // sName |
| KerberosPrincipal skp = new KerberosPrincipal( "server@APACHE.ORG" ); |
| krb.setServerPrincipal( skp ); |
| |
| // from, till and renew |
| KerberosTime kerberosTime = new KerberosTime( date ); |
| krb.setFrom( kerberosTime ); |
| krb.setTill( kerberosTime ); |
| krb.setRenewtime( kerberosTime ); |
| |
| // nonce |
| krb.setNonce( 1000 ); |
| |
| // EncryptionTypes |
| krb.addEncryptionType( EncryptionType.AES128_CTS_HMAC_SHA1_96 ); |
| krb.addEncryptionType( EncryptionType.DES3_CBC_MD5 ); |
| |
| // addresses |
| HostAddress[] ha = new HostAddress[] |
| { |
| new HostAddress( HostAddressType.ADDRTYPE_INET, new byte[] { 0x01, 0x02, 0x03, 0x04 } ) |
| }; |
| |
| HostAddresses addresses = new HostAddresses( ha ); |
| krb.setAddresses( addresses ); |
| |
| // encAuthorizationData |
| EncryptedData ed = new EncryptedData( EncryptionType.AES128_CTS_HMAC_SHA1_96, 1, new byte[] |
| { 0x01, 0x02, 0x03, 0x04 } ); |
| krb.setEncAuthorizationData( ed ); |
| |
| // additionalTickets |
| TicketFactory ticketFactory = new TicketFactory(); |
| |
| KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" ); |
| KerberosPrincipal serverPrincipal = new KerberosPrincipal( "kadmin/changepw@EXAMPLE.COM" ); |
| String serverPassword = "s3crEt"; |
| |
| EncryptionKey serverKey = ticketFactory.getServerKey( serverPrincipal, serverPassword ); |
| |
| Ticket serviceTicket = ticketFactory.getTicket( clientPrincipal, serverPrincipal, serverKey ); |
| |
| krb.addAdditionalTicket( serviceTicket ); |
| |
| // Encode the body |
| ByteBuffer encoded = ByteBuffer.allocate( krb.computeLength() ); |
| krb.encode( encoded ); |
| |
| // Check with the old encoder |
| KdcRequestEncoder encoder = new KdcRequestEncoder(); |
| ByteArrayOutputStream baos = new ByteArrayOutputStream(); |
| ASN1OutputStream aos = new ASN1OutputStream( baos ); |
| |
| KdcRequest request = new KdcRequest( MessageType.KRB_AS_REQ, (List<PreAuthenticationData>)null, krb ); |
| |
| aos.writeObject( encoder.encodeKdcRequestBody( request ) ); |
| aos.close(); |
| |
| byte[] result = baos.toByteArray(); |
| |
| // The expected result |
| byte[] expectedResult = new byte[] |
| { |
| 0x30, (byte)0x82, 0x01, (byte)0xA9, |
| (byte)0xA0, 0x07, |
| 0x03, 0x05, |
| 0x00, 0x52, 0x00, 0x00, 0x01, |
| (byte)0xA1, 0x11, |
| 0x30, 0x0F, |
| (byte) 0xA0, 0x03, |
| 0x02, 0x01, 0x01, |
| (byte) 0xA1, 0x08, |
| 0x30, 0x06, |
| 0x1B, 0x04, |
| 't', 'e', 's', 't', |
| (byte)0xA2,0x0C, |
| 0x1B, 0x0A, |
| 'A', 'P', 'A', 'C', 'H', 'E', '.', 'O', 'R', 'G', |
| (byte)0xA3, 0x13, |
| 0x30, 0x11, |
| (byte) 0xA0, 0x03, |
| 0x02, 0x01, 0x01, |
| (byte) 0xA1, 0x0A, |
| 0x30, 0x08, |
| 0x1B, 0x06, |
| 's', 'e', 'r', 'v', 'e', 'r', |
| (byte)0xA4, 0x11, |
| 0x18, 0x0F, |
| '2', '0', '0', '7', '0', '7', '1', '7', '0', '9', '4', '5', '0', '3', 'Z', |
| (byte)0xA5, 0x11, |
| 0x18, 0x0F, |
| '2', '0', '0', '7', '0', '7', '1', '7', '0', '9', '4', '5', '0', '3', 'Z', |
| (byte)0xA6, 0x11, |
| 0x18, 0x0F, |
| '2', '0', '0', '7', '0', '7', '1', '7', '0', '9', '4', '5', '0', '3', 'Z', |
| (byte)0xA7, 0x04, |
| 0x02, (byte)0x02, 0x03, (byte)0xE8, |
| (byte)0xA8, 0x08, |
| 0x30, 0x06, |
| 0x02, 0x01, 0x11, |
| 0x02, 0x01, 0x05, |
| (byte)0xA9, 0x11, |
| 0x30, 0x0F, |
| 0x30, 0x0d, |
| (byte)0xA0, 0x03, |
| 0x02, 0x01, 0x02, |
| (byte)0xA1, 0x06, |
| 0x04, 0x04, |
| 0x01, 0x02, 0x03, 0x04, |
| (byte)0xAA, 0x14, |
| 0x30, 0x12, |
| (byte)0xA0, 0x03, |
| 0x02, 0x01, 0x11, |
| (byte)0xA1, 0x03, |
| 0x02, 0x01, 0x01, |
| (byte)0xA2, 0x06, |
| 0x04, 0x04, 0x01, 0x02, 0x03, 0x04, |
| (byte)0xAB, (byte)0x81, (byte)0xF5, |
| 0x30, (byte)0x81, (byte)0xF2, |
| 0x61, (byte)0x81, (byte)0xEF, |
| 0x30, (byte)0x81, (byte)0xEC, |
| (byte)0xA0, 0x03, |
| 0x02, 0x01, 0x05, |
| (byte)0xA1, 0x0D, |
| 0x1B, 0x0B, |
| 'E', 'X', 'A', 'M', 'P', 'L', 'E', '.', 'C', 'O', 'M', |
| (byte)0xA2, 0x1D, |
| 0x30, 0x1B, |
| (byte)0xA0, 0x03, |
| 0x02, 0x01, 0x01, |
| (byte)0xA1, 0x14, |
| 0x30, 0x12, |
| 0x1B, 0x06, |
| 'k', 'a', 'd', 'm', 'i', 'n', |
| 0x1B, 0x08, |
| 'c', 'h', 'a', 'n', 'g', 'e', 'p', 'w', |
| (byte)0xA3, (byte)0x81, (byte)0xB6, |
| 0x30, (byte)0x81, (byte)0xB3, |
| (byte)0xA0, 0x03, |
| 0x02, 0x01, 0x03, |
| (byte)0xA2, (byte)0x81, (byte)0xAB, |
| 0x04, (byte)0x81, (byte)0xA8 |
| }; |
| |
| // We will just compared the first bytes (everyting before the encrypted data) |
| String expectedResultString = StringTools.dumpBytes( expectedResult ); |
| String resultString = StringTools.dumpBytes( encoded.array() ).substring( 0, expectedResultString.length() ); |
| String encoderResultString = StringTools.dumpBytes( result ).substring( 0, expectedResultString.length() ); |
| |
| assertEquals( expectedResultString, resultString ); |
| assertEquals( expectedResultString, encoderResultString ); |
| } |
| } |