Examples of org.apache.directory.server.kerberos.kdc.KdcServer

• org.apache.directory.server.kerberos.kdc.KdcServer
  Contains the configuration parameters for the Kerberos protocol provider. @author Apache Directory Project

    private static void selectEncryptionType( TicketGrantingContext tgsContext ) throws Exception
    {
        KdcContext kdcContext = tgsContext;
        KdcServer config = kdcContext.getConfig();

        List<EncryptionType> requestedTypes = kdcContext.getRequest().getKdcReqBody().getEType();

        EncryptionType bestType = KerberosUtils.getBestEncryptionType( requestedTypes, config.getEncryptionTypes() );

        LOG.debug( "Session will use encryption type {}.", bestType );

        if ( bestType == null )
        {

    }


    public static void verifyTgt( TicketGrantingContext tgsContext ) throws KerberosException
    {
        KdcServer config = tgsContext.getConfig();
        Ticket tgt = tgsContext.getTgt();

        // Check primary realm.
        if ( !tgt.getRealm().equals( config.getPrimaryRealm() ) )
        {
            throw new KerberosException( ErrorType.KRB_AP_ERR_NOT_US );
        }

        String tgtServerName = KerberosUtils.getKerberosPrincipal( tgt.getSName(), tgt.getRealm() ).getName();
        String requestServerName = KerberosUtils.getKerberosPrincipal(
            tgsContext.getRequest().getKdcReqBody().getSName(), tgsContext.getRequest().getKdcReqBody().getRealm() )
            .getName();

        /*
         * if (tgt.sname is not a TGT for local realm and is not req.sname)
         *     then error_out(KRB_AP_ERR_NOT_US);
         */
        if ( !tgtServerName.equals( config.getServicePrincipal().getName() )
            && !tgtServerName.equals( requestServerName ) )
        {
            throw new KerberosException( ErrorType.KRB_AP_ERR_NOT_US );
        }
    }

     * <li>Section 3.3.2. Receipt of KRB_TGS_REQ Message -> 2nd paragraph
     * <li>Section 5.5.1. KRB_AP_REQ Definition -> Authenticator -> cksum
     */
    private static void verifyBodyChecksum( TicketGrantingContext tgsContext ) throws KerberosException
    {
        KdcServer config = tgsContext.getConfig();

        if ( config.isBodyChecksumVerified() )
        {
            KdcReqBody body = tgsContext.getRequest().getKdcReqBody();
            // FIXME how this byte[] is computed??
            // is it full ASN.1 encoded bytes OR just the bytes of all the values alone?
            // for now am using the ASN.1 encoded value

            request.getKdcReqBody().getSName(), request.getKdcReqBody().getRealm() );

        EncryptionType encryptionType = tgsContext.getEncryptionType();
        EncryptionKey serverKey = tgsContext.getRequestPrincipalEntry().getKeyMap().get( encryptionType );

        KdcServer config = tgsContext.getConfig();

        EncTicketPart newTicketPart = new EncTicketPart();

        newTicketPart.setClientAddresses( tgt.getEncTicketPart().getClientAddresses() );

    for (LdifEntry ldifEntry : reader) {
      ds.getAdminSession().add(new DefaultEntry(schemaManager,
              ldifEntry.getEntry()));
    }

    kdc = new KdcServer();
    kdc.setDirectoryService(ds);

    // transport
    String transport = conf.getProperty(TRANSPORT);
    if (transport.trim().equals("TCP")) {

        if ( createKdcServer == null )
        {
            return null;
        }

        KdcServer kdcServer = new KdcServer();
        kdcServer.setServiceName( createKdcServer.name() );
        kdcServer.setKdcPrincipal( createKdcServer.kdcPrincipal() );
        kdcServer.setPrimaryRealm( createKdcServer.primaryRealm() );
        kdcServer.setMaximumTicketLifetime( createKdcServer.maxTicketLifetime() );
        kdcServer.setMaximumRenewableLifetime( createKdcServer.maxRenewableLifetime() );

        CreateTransport[] transportBuilders = createKdcServer.transports();

        if ( transportBuilders == null )
        {
            // create only UDP transport if none specified
            UdpTransport defaultTransport = new UdpTransport( AvailablePortFinder.getNextAvailable( startPort ) );
            kdcServer.addTransports( defaultTransport );
        }
        else if ( transportBuilders.length > 0 )
        {
            for ( CreateTransport transportBuilder : transportBuilders )
            {
                String protocol = transportBuilder.protocol();
                int port = transportBuilder.port();
                int nbThreads = transportBuilder.nbThreads();
                int backlog = transportBuilder.backlog();
                String address = transportBuilder.address();

                if ( port == -1 )
                {
                    port = AvailablePortFinder.getNextAvailable( startPort );
                    startPort = port + 1;
                }

                if ( protocol.equalsIgnoreCase( "TCP" ) )
                {
                    Transport tcp = new TcpTransport( address, port, nbThreads, backlog );
                    kdcServer.addTransports( tcp );
                }
                else if ( protocol.equalsIgnoreCase( "UDP" ) )
                {
                    UdpTransport udp = new UdpTransport( address, port );
                    kdcServer.addTransports( udp );
                }
                else
                {
                    throw new IllegalArgumentException( I18n.err( I18n.ERR_689, protocol ) );
                }
            }
        }

        kdcServer.setDirectoryService( directoryService );

        // Launch the server
        try
        {
            kdcServer.start();
        }
        catch ( Exception e )
        {
            e.printStackTrace();
        }

    {
        DirectoryService directoryService = DSAnnotationProcessor.getDirectoryService();

        assertEquals( "CreateKdcServerAnnotationTest-class", directoryService.getInstanceId() );

        KdcServer server = ServerAnnotationProcessor.getKdcServer( directoryService,
            AvailablePortFinder.getNextAvailable( 1024 ) );

        assertEquals( 2, server.getTransports().length );

        assertEquals( directoryService, server.getDirectoryService() );
        assertEquals( "apache.org", server.getPrimaryRealm() );
        assertEquals( "krbtgt/apache.org@apache.org", server.getServicePrincipal().getName() );
        assertEquals( 1000, server.getMaximumTicketLifetime() );
        assertEquals( 2000, server.getMaximumRenewableLifetime() );

        server.stop();
        directoryService.shutdown();

        FileUtils.deleteDirectory( directoryService.getInstanceLayout().getInstanceDirectory() );
    }

        ldifReader.close();
        ldifInput.close();
    }

    private static void startKDC() throws Exception {
        kdcServer = new KdcServer();
        kdcServer.setServiceName("Test KDC");
        kdcServer.setSearchBaseDn("ou=users,dc=undertow,dc=io");
        KerberosConfig config = kdcServer.getConfig();
        config.setServicePrincipal("krbtgt/UNDERTOW.IO@UNDERTOW.IO");
        config.setPrimaryRealm("UNDERTOW.IO");

     * Creates a new instance of {@link TicketGrantingEncryptionTypeTest}.
     */
    @Before
    public void setUp()
    {
        config = new KdcServer();

        /*
         * Body checksum verification must be disabled because we are bypassing
         * the codecs, where the body bytes are set on the KdcReq message.
         */

     * Creates a new instance of {@link AuthenticationEncryptionTypeTest}.
     */
    @Before
    public void setUp()
    {
        config = new KdcServer();
        store = new MapPrincipalStoreImpl();
        handler = new KerberosProtocolHandler( config, store );
        session = new KrbDummySession();
        lockBox = new CipherTextHandler();
    }