/**
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.coheigea.cxf.kerberos.authentication;
import java.io.File;
import org.apache.kerby.kerberos.kdc.impl.NettyKdcServerImpl;
import org.apache.kerby.kerberos.kerb.KrbConstant;
import org.apache.kerby.kerberos.kerb.KrbException;
import org.apache.kerby.kerberos.kerb.KrbRuntime;
import org.apache.kerby.kerberos.kerb.client.KrbConfigKey;
import org.apache.kerby.kerberos.kerb.client.KrbPkinitClient;
import org.apache.kerby.kerberos.kerb.server.KdcConfigKey;
import org.apache.kerby.kerberos.kerb.server.SimpleKdcServer;
import org.apache.kerby.kerberos.kerb.type.ticket.TgtTicket;
import org.apache.kerby.kerberos.provider.token.JwtTokenProvider;
import org.apache.wss4j.dom.engine.WSSConfig;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
/**
* Some tests for anonymous PKINIT
*/
public class AnonymousPKInitTest extends org.junit.Assert {
private static SimpleKdcServer kerbyServer;
@BeforeClass
public static void setUp() throws Exception {
WSSConfig.init();
String basedir = System.getProperty("basedir");
if (basedir == null) {
basedir = new File(".").getCanonicalPath();
}
System.setProperty("sun.security.krb5.debug", "true");
System.setProperty("java.security.auth.login.config", basedir + "/target/test-classes/kerberos/kerberos.jaas");
KrbRuntime.setTokenProvider(new JwtTokenProvider());
kerbyServer = new SimpleKdcServer();
kerbyServer.setKdcRealm("service.ws.apache.org");
kerbyServer.setAllowUdp(true);
kerbyServer.setWorkDir(new File(basedir + "/target"));
kerbyServer.setInnerKdcImpl(new NettyKdcServerImpl(kerbyServer.getKdcSetting()));
// kerbyServer.getKdcConfig().setString(KdcConfigKey.PKINIT_IDENTITY, "myclient.cer");
String pkinitIdentity = AnonymousPKInitTest.class.getResource("/kdccerttest.pem").getPath() + ","
+ AnonymousPKInitTest.class.getResource("/kdckey.pem").getPath();
kerbyServer.getKdcConfig().setString(KdcConfigKey.PKINIT_IDENTITY, pkinitIdentity);
kerbyServer.getKdcConfig().setBoolean(KdcConfigKey.PREAUTH_REQUIRED, Boolean.TRUE);
kerbyServer.init();
// Create principals
String alice = "alice@service.ws.apache.org";
String bob = "bob/service.ws.apache.org@service.ws.apache.org";
kerbyServer.createPrincipal(alice, "alice");
kerbyServer.createPrincipal(bob, "bob");
kerbyServer.createPrincipal(KrbConstant.ANONYMOUS_PRINCIPAL + "@service.ws.apache.org");
kerbyServer.start();
System.setProperty("java.security.krb5.conf", basedir + "/target/krb5.conf");
}
@AfterClass
public static void tearDown() throws KrbException {
if (kerbyServer != null) {
kerbyServer.stop();
}
}
// TODO Certificate is expired
@org.junit.Test
@org.junit.Ignore
public void unitTest() throws Exception {
KrbPkinitClient client = new KrbPkinitClient();
client.setKdcHost("localhost");
client.setKdcTcpPort(kerbyServer.getKdcPort());
client.setAllowUdp(false);
// client.setKdcUdpPort(Integer.parseInt(KDC_UDP_PORT));
client.setKdcRealm(kerbyServer.getKdcSetting().getKdcRealm());
// client.getKrbConfig().setString(KrbConfigKey.PKINIT_ANCHORS, "myclient.cer");
String pkinitAnchors = AnonymousPKInitTest.class.getResource("/cacerttest.pem").getPath();
client.getKrbConfig().setString(KrbConfigKey.PKINIT_ANCHORS, pkinitAnchors);
client.init();
try {
TgtTicket tgt = client.requestTgt();
assertTrue(tgt != null);
//SgtTicket tkt = client.requestSgt(tgt, "bob/service.ws.apache.org@service.ws.apache.org");
//assertTrue(tkt != null);
} catch (Exception e) {
e.printStackTrace();
Assert.fail();
}
}
}