1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20 package org.apache.directory.server.kerberos.protocol;
21
22
23 import javax.security.auth.kerberos.KerberosPrincipal;
24
25 import org.apache.directory.server.kerberos.kdc.KdcServer;
26 import org.apache.directory.server.kerberos.shared.crypto.encryption.CipherTextHandler;
27 import org.apache.directory.server.kerberos.shared.messages.ErrorMessage;
28 import org.apache.directory.server.kerberos.shared.messages.KdcRequest;
29 import org.apache.directory.server.kerberos.shared.messages.components.EncTicketPartModifier;
30 import org.apache.directory.server.kerberos.shared.messages.components.Ticket;
31 import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
32 import org.apache.directory.server.kerberos.shared.messages.value.KdcOptions;
33 import org.apache.directory.server.kerberos.shared.messages.value.KerberosTime;
34 import org.apache.directory.server.kerberos.shared.messages.value.RequestBody;
35 import org.apache.directory.server.kerberos.shared.messages.value.RequestBodyModifier;
36 import org.apache.directory.server.kerberos.shared.store.PrincipalStore;
37
38
39
40
41
42
43
44
45
46 public class EncTktInSkeyTest extends AbstractTicketGrantingServiceTest
47 {
48 private KdcServer config;
49 private PrincipalStore store;
50 private KerberosProtocolHandler handler;
51 private DummySession session;
52
53
54
55
56
57 public EncTktInSkeyTest()
58 {
59 config = new KdcServer();
60
61
62
63
64
65 config.setBodyChecksumVerified( false );
66
67 store = new MapPrincipalStoreImpl();
68 handler = new KerberosProtocolHandler( config, store );
69 session = new DummySession();
70 lockBox = new CipherTextHandler();
71 }
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93 public void testEncTktInSkey() throws Exception
94 {
95
96 KerberosPrincipal clientPrincipal = new KerberosPrincipal( "hnelson@EXAMPLE.COM" );
97 EncTicketPartModifier encTicketPartModifier = getTicketArchetype( clientPrincipal );
98
99
100
101
102 KerberosPrincipal serverPrincipal = new KerberosPrincipal( "krbtgt/EXAMPLE.COM@EXAMPLE.COM" );
103 String passPhrase = "randomKey";
104 EncryptionKey serverKey = getEncryptionKey( serverPrincipal, passPhrase );
105 Ticket tgt = getTicket( encTicketPartModifier, serverPrincipal, serverKey );
106
107 RequestBodyModifier modifier = new RequestBodyModifier();
108 modifier.setServerName( getPrincipalName( "ldap/ldap.example.com@EXAMPLE.COM" ) );
109 modifier.setRealm( "EXAMPLE.COM" );
110 modifier.setEType( config.getEncryptionTypes() );
111 modifier.setNonce( random.nextInt() );
112
113 KdcOptions kdcOptions = new KdcOptions();
114 kdcOptions.set( KdcOptions.ENC_TKT_IN_SKEY );
115 modifier.setKdcOptions( kdcOptions );
116
117 long now = System.currentTimeMillis();
118
119 KerberosTime requestedEndTime = new KerberosTime( now + 1 * KerberosTime.DAY );
120 modifier.setTill( requestedEndTime );
121
122 KerberosTime requestedRenewTillTime = new KerberosTime( now + KerberosTime.WEEK / 2 );
123 modifier.setRtime( requestedRenewTillTime );
124
125 RequestBody requestBody = modifier.getRequestBody();
126 KdcRequest message = getKdcRequest( tgt, requestBody );
127
128 handler.messageReceived( session, message );
129
130 ErrorMessage error = ( ErrorMessage ) session.getMessage();
131 assertEquals( "KDC cannot accommodate requested option", 13, error.getErrorCode() );
132 }
133 }