(qpid-broker-j) branch main updated: QPID-8661: [Broker-J] Apache Directory dependencies update (#227)

vavrtom Fri, 10 Nov 2023 06:05:40 -0800

This is an automated email from the ASF dual-hosted git repository.

vavrtom pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/qpid-broker-j.git



The following commit(s) were added to refs/heads/main by this push:
     new 622671cd4a QPID-8661: [Broker-J] Apache Directory dependencies update 
(#227)
622671cd4a is described below

commit 622671cd4ad78fbbbb53ac2c6c60280f4afcf187
Author: Daniil Kirilyuk <daniel.kiril...@gmail.com>
AuthorDate: Fri Nov 10 15:05:29 2023 +0100

    QPID-8661: [Broker-J] Apache Directory dependencies update (#227)
    
    Co-authored-by: vavrtom <vavr...@apache.org>
---
 .../SimpleLDAPAuthenticationManagerTest.java       | 126 +++++++++++++++------
 pom.xml                                            |  41 +------
 qpid-test-utils/pom.xml                            |  10 --
 3 files changed, 92 insertions(+), 85 deletions(-)

diff --git 
a/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManagerTest.java
 
b/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManagerTest.java
index ca7b849392..866ca8fb52 100644
--- 
a/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManagerTest.java
+++ 
b/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManagerTest.java
@@ -34,15 +34,16 @@ import java.nio.file.FileSystems;
 import java.nio.file.Path;
 import java.security.Principal;
 import java.security.PrivilegedAction;
-import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 import java.util.Objects;
 import java.util.Set;
 import java.util.concurrent.atomic.AtomicBoolean;
+import java.util.stream.Collectors;
 
 import javax.security.auth.Subject;
+import javax.security.auth.kerberos.KerberosKey;
 import javax.security.auth.kerberos.KerberosPrincipal;
 
 import org.apache.directory.api.ldap.model.constants.SupportedSaslMechanisms;
@@ -50,7 +51,6 @@ import org.apache.directory.api.ldap.model.entry.DefaultEntry;
 import org.apache.directory.api.ldap.model.entry.Entry;
 import org.apache.directory.api.ldap.model.exception.LdapException;
 import org.apache.directory.api.util.Strings;
-import org.apache.directory.server.annotations.CreateKdcServer;
 import org.apache.directory.server.annotations.CreateLdapServer;
 import org.apache.directory.server.annotations.CreateTransport;
 import org.apache.directory.server.annotations.SaslMechanism;
@@ -59,17 +59,19 @@ import 
org.apache.directory.server.core.annotations.CreateDS;
 import org.apache.directory.server.core.annotations.CreatePartition;
 import org.apache.directory.server.core.api.DirectoryService;
 import org.apache.directory.server.core.kerberos.KeyDerivationInterceptor;
-import org.apache.directory.server.factory.ServerAnnotationProcessor;
-import org.apache.directory.server.kerberos.kdc.KdcServer;
-import 
org.apache.directory.server.kerberos.shared.crypto.encryption.KerberosKeyFactory;
-import org.apache.directory.server.kerberos.shared.keytab.Keytab;
-import org.apache.directory.server.kerberos.shared.keytab.KeytabEntry;
 import org.apache.directory.server.ldap.LdapServer;
 import 
org.apache.directory.server.ldap.handlers.sasl.gssapi.GssapiMechanismHandler;
 import 
org.apache.directory.server.ldap.handlers.sasl.plain.PlainMechanismHandler;
-import org.apache.directory.shared.kerberos.KerberosTime;
-import org.apache.directory.shared.kerberos.codec.types.EncryptionType;
-import org.apache.directory.shared.kerberos.components.EncryptionKey;
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.keytab.Keytab;
+import org.apache.kerby.kerberos.kerb.keytab.KeytabEntry;
+import org.apache.kerby.kerberos.kerb.server.KdcConfigKey;
+import org.apache.kerby.kerberos.kerb.server.SimpleKdcServer;
+import org.apache.kerby.kerberos.kerb.type.KerberosTime;
+import org.apache.kerby.kerberos.kerb.type.base.EncryptionKey;
+import org.apache.kerby.kerberos.kerb.type.base.EncryptionType;
+import org.apache.kerby.kerberos.kerb.type.base.PrincipalName;
+import org.junit.jupiter.api.AfterAll;
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
@@ -117,14 +119,6 @@ import org.apache.qpid.test.utils.UnitTestBase;
         @SaslMechanism(name = SupportedSaslMechanisms.GSSAPI, implClass = 
GssapiMechanismHandler.class)
     }
 )
-@CreateKdcServer(
-    transports =
-    {
-        @CreateTransport(protocol = "TCP", port = 0)
-    },
-    kdcPrincipal="krbtgt/qpid....@qpid.org",
-    primaryRealm="QPID.ORG",
-    searchBaseDn = "ou=users,dc=qpid,dc=org")
 @ApplyLdifFiles("users.ldif")
 public class SimpleLDAPAuthenticationManagerTest extends UnitTestBase
 {
@@ -157,6 +151,7 @@ public class SimpleLDAPAuthenticationManagerTest extends 
UnitTestBase
     public static final SystemPropertySetter SYSTEM_PROPERTY_SETTER = new 
SystemPropertySetter();
 
     private SimpleLDAPAuthenticationManager<?> _authenticationProvider;
+    private SimpleKdcServer kerbyServer;
 
     @BeforeEach
     public void setUp()
@@ -173,6 +168,32 @@ public class SimpleLDAPAuthenticationManagerTest extends 
UnitTestBase
         }
     }
 
+    @AfterAll
+    public void afterAll()
+    {
+        final Path targetDir = FileSystems.getDefault().getPath("target");
+        final File file = new File(targetDir.toFile(), "kerberos.keytab");
+        if (file.exists())
+        {
+            if (!file.delete())
+            {
+                throw new RuntimeException("Failed to delete keytab file:" + 
file.getAbsolutePath());
+            }
+        }
+        if (kerbyServer != null)
+        {
+            try
+            {
+                kerbyServer.stop();
+                kerbyServer = null;
+            }
+            catch (Exception e)
+            {
+                throw new RuntimeException("Failed to stop kerberos server", 
e);
+            }
+        }
+    }
+
     @Test
     public void testAuthenticateSuccess()
     {
@@ -364,11 +385,19 @@ public class SimpleLDAPAuthenticationManagerTest extends 
UnitTestBase
     private void setUpKerberos() throws Exception
     {
         final LdapServer ldapServer = LDAP.getLdapServer();
-        final KdcServer kdcServer =
-                
ServerAnnotationProcessor.getKdcServer(LDAP.getDirectoryService(), 
ldapServer.getPort() + 1);
-        kdcServer.getConfig().setPaEncTimestampRequired(false);
+        final int port = ldapServer.getPort() + 1;
+
+        kerbyServer = new SimpleKdcServer();
+        kerbyServer.setKdcHost("localhost");
+        kerbyServer.setKdcRealm("QPID.ORG");
+        kerbyServer.setAllowTcp(true);
+        kerbyServer.setAllowUdp(false);
+        kerbyServer.setKdcTcpPort(port);
+        
kerbyServer.setWorkDir(FileSystems.getDefault().getPath("target").toFile());
+        
kerbyServer.getKdcConfig().setBoolean(KdcConfigKey.PA_ENC_TIMESTAMP_REQUIRED, 
false);
+        kerbyServer.init();
+        kerbyServer.start();
 
-        final int port = kdcServer.getTransports()[0].getPort();
         final String krb5confPath = createKrb5Conf(port);
         SYSTEM_PROPERTY_SETTER.setSystemProperty("java.security.krb5.conf", 
krb5confPath);
         SYSTEM_PROPERTY_SETTER.setSystemProperty("java.security.krb5.realm", 
null);
@@ -378,13 +407,16 @@ public class SimpleLDAPAuthenticationManagerTest extends 
UnitTestBase
                 new KerberosPrincipal(LDAP_SERVICE_NAME + "/" + HOSTNAME + "@" 
+ REALM,
                                       KerberosPrincipal.KRB_NT_SRV_HST);
         final String servicePrincipalName = servicePrincipal.getName();
-        
ldapServer.setSaslHost(servicePrincipalName.substring(servicePrincipalName.indexOf("/")
 + 1,
-                                                              
servicePrincipalName.indexOf("@")));
+        final String saslHost = 
servicePrincipalName.substring(servicePrincipalName.indexOf("/") + 1, 
servicePrincipalName.indexOf("@"));
+        ldapServer.setSaslHost(saslHost);
         ldapServer.setSaslPrincipal(servicePrincipalName);
+        ldapServer.setSaslRealms(List.of(REALM));
         ldapServer.setSearchBaseDn(USERS_DN);
 
+        final String pwd = randomUUID().toString();
         createPrincipal("KDC", "KDC", "krbtgt", randomUUID().toString(), 
"krbtgt/" + REALM + "@" + REALM);
-        createPrincipal("Service", "LDAP Service", "ldap", 
randomUUID().toString(), servicePrincipalName);
+        createPrincipal("Service", "LDAP Service", "ldap", pwd, 
servicePrincipalName);
+        createKerberosPrincipal(servicePrincipalName, pwd);
     }
 
     private void setUpJaas() throws Exception
@@ -445,22 +477,19 @@ public class SimpleLDAPAuthenticationManagerTest extends 
UnitTestBase
     private void createPrincipal(final File keyTabFile, final String... 
principals) throws LdapException, IOException
     {
         final Keytab keytab = new Keytab();
-        final List<KeytabEntry> entries = new ArrayList<>();
         final String password = randomUUID().toString();
         for (final String principal : principals)
         {
             createPrincipal(principal, password);
             final String principalName = principal + "@" + REALM;
             final KerberosTime timestamp = new KerberosTime();
-            final Map<EncryptionType, EncryptionKey> keys = 
KerberosKeyFactory.getKerberosKeys(principalName, password);
-            keys.forEach((type, key) -> entries.add(new 
KeytabEntry(principalName,
-                                                                    1,
-                                                                    timestamp,
-                                                                    (byte) 
key.getKeyVersion(),
-                                                                    key)));
-        }
-        keytab.setEntries(entries);
-        keytab.write(keyTabFile);
+            final List<KeytabEntry> entries = getKerberosKeys(principalName, 
password).stream()
+                    .map(key -> new KeytabEntry(new 
PrincipalName(principalName), timestamp, key.getKvno(), key))
+                    .collect(Collectors.toList());
+            keytab.addKeytabEntries(entries);
+            createKerberosPrincipal(principalName, password);
+         }
+        keytab.store(keyTabFile);
     }
 
     private void createKeyTab(final String... principals) throws 
LdapException, IOException
@@ -486,4 +515,31 @@ public class SimpleLDAPAuthenticationManagerTest extends 
UnitTestBase
         }
         return file;
     }
+
+    private void createKerberosPrincipal(final String principalName, final 
String password)
+    {
+        try
+        {
+            if (kerbyServer.getIdentityService().getIdentity(principalName) == 
null)
+            {
+                kerbyServer.createPrincipal(principalName, password);
+            }
+        }
+        catch (KrbException e)
+        {
+            throw new RuntimeException(e);
+        }
+    }
+
+    private List<EncryptionKey> getKerberosKeys(final String principalName, 
final String passPhrase)
+    {
+        return Map.of(EncryptionType.DES_CBC_MD5, "DES",
+                    EncryptionType.DES3_CBC_SHA1_KD, "DESede",
+                    EncryptionType.RC4_HMAC, "ArcFourHmac",
+                    EncryptionType.AES128_CTS_HMAC_SHA1_96, "AES128",
+                    EncryptionType.AES256_CTS_HMAC_SHA1_96, "AES256")
+                .entrySet().stream()
+                .map(entry -> new EncryptionKey(entry.getKey(), new 
KerberosKey(new KerberosPrincipal(principalName), passPhrase.toCharArray(), 
entry.getValue()).getEncoded(), 0))
+                .collect(Collectors.toList());
+    }
 }
diff --git a/pom.xml b/pom.xml
index b04622f5aa..b8ba6eb28b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -159,7 +159,7 @@
     <maven-surefire-plugin-version>3.2.2</maven-surefire-plugin-version>
     
<maven-surefire-report-plugin-version>3.2.2</maven-surefire-report-plugin-version>
     <h2.version>2.2.224</h2.version>
-    <apache-directory-version>2.0.0.AM25</apache-directory-version>
+    <apache-directory-version>2.0.0.AM27</apache-directory-version>
     <kerby-version>2.0.3</kerby-version>
     <bcprov-version>1.76</bcprov-version>
     <bcpkix-version>1.76</bcpkix-version>
@@ -864,12 +864,6 @@
         <artifactId>apacheds-core-annotations</artifactId>
         <version>${apache-directory-version}</version>
         <scope>test</scope>
-        <exclusions>
-          <exclusion>
-            <groupId>junit</groupId>
-            <artifactId>junit</artifactId>
-          </exclusion>
-        </exclusions>
       </dependency>
 
       <dependency>
@@ -886,20 +880,6 @@
         <scope>test</scope>
       </dependency>
 
-      <dependency>
-        <groupId>org.apache.directory.server</groupId>
-        <artifactId>apacheds-kerberos-codec</artifactId>
-        <version>${apache-directory-version}</version>
-        <scope>test</scope>
-      </dependency>
-
-      <dependency>
-        <groupId>org.apache.directory.server</groupId>
-        <artifactId>apacheds-protocol-kerberos</artifactId>
-        <version>${apache-directory-version}</version>
-        <scope>test</scope>
-      </dependency>
-
       <dependency>
         <groupId>org.apache.directory.server</groupId>
         <artifactId>apacheds-protocol-ldap</artifactId>
@@ -907,24 +887,11 @@
         <scope>test</scope>
       </dependency>
 
-      <dependency>
-        <groupId>org.apache.directory.server</groupId>
-        <artifactId>apacheds-protocol-shared</artifactId>
-        <version>${apache-directory-version}</version>
-        <scope>test</scope>
-      </dependency>
-
       <dependency>
         <groupId>org.apache.directory.server</groupId>
         <artifactId>apacheds-server-annotations</artifactId>
         <version>${apache-directory-version}</version>
         <scope>test</scope>
-        <exclusions>
-          <exclusion>
-            <groupId>junit</groupId>
-            <artifactId>junit</artifactId>
-          </exclusion>
-        </exclusions>
       </dependency>
 
       <dependency>
@@ -939,12 +906,6 @@
         <artifactId>apacheds-test-framework</artifactId>
         <version>${apache-directory-version}</version>
         <scope>test</scope>
-        <exclusions>
-          <exclusion>
-            <groupId>junit</groupId>
-            <artifactId>junit</artifactId>
-          </exclusion>
-        </exclusions>
       </dependency>
 
       <!-- kerby test dependency -->
diff --git a/qpid-test-utils/pom.xml b/qpid-test-utils/pom.xml
index 33277867d5..11f4f43489 100644
--- a/qpid-test-utils/pom.xml
+++ b/qpid-test-utils/pom.xml
@@ -92,16 +92,6 @@
         </exclusion>
       </exclusions>
     </dependency>
-    <dependency>
-      <groupId>org.apache.directory.server</groupId>
-      <artifactId>apacheds-protocol-shared</artifactId>
-      <scope>compile</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.apache.directory.server</groupId>
-      <artifactId>apacheds-protocol-kerberos</artifactId>
-      <scope>compile</scope>
-    </dependency>
     <dependency>
       <groupId>org.apache.directory.server</groupId>
       <artifactId>apacheds-core-api</artifactId>


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@qpid.apache.org
For additional commands, e-mail: commits-h...@qpid.apache.org

(qpid-broker-j) branch main updated: QPID-8661: [Broker-J] Apache Directory dependencies update (#227)

Reply via email to