[jira] Commented: (DIRSERVER-1247) removing unrequired escaping in DNs / filters

[Norval Hope (JIRA)]

    [ 
https://issues.apache.org/jira/browse/DIRSERVER-1247?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12633706#action_12633706
 ] 

Norval Hope commented on DIRSERVER-1247:
----------------------------------------

Unfortunately I seem to have run into another failure unrelated to my changes 
in ...\apacheds\protocol-kerberos :

...
Tests in error:
  
testRequestAes128(org.apache.directory.server.kerberos.protocol.TicketGrantingEncryptionTypeTest)

Tests run: 105, Failures: 0, Errors: 1, Skipped: 0

----
-------------------------------------------------------------------------------
Test set: 
org.apache.directory.server.kerberos.protocol.TicketGrantingEncryptionTypeTest
-------------------------------------------------------------------------------
Tests run: 6, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 0.375 sec <<< 
FAILURE!
testRequestAes128(org.apache.directory.server.kerberos.protocol.TicketGrantingEncryptionTypeTest)
  Time elapsed: 0 sec  <<< ERROR!
java.lang.ClassCastException: 
org.apache.directory.server.kerberos.shared.messages.ErrorMessage
        at 
org.apache.directory.server.kerberos.protocol.TicketGrantingEncryptionTypeTest.testRequestAes128(TicketGrantingEncryptionTypeTest.java:171)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)

the line that is failing is marked with ------<<<<< below:


    /**
     * Tests the use of a TGT containing a DES-CBC-MD5 session key while the
     * requested encryption type is AES-128.
     *
     * @throws Exception
     */
    public void testRequestAes128() throws Exception
    {
        EncryptionType[] configuredEncryptionTypes =
                {EncryptionType.AES128_CTS_HMAC_SHA1_96};
        config.setEncryptionTypes( configuredEncryptionTypes );

        // Get the mutable ticket part.
        KerberosPrincipal clientPrincipal = new KerberosPrincipal( "[EMAIL 
PROTECTED]" );
        EncTicketPartModifier encTicketPartModifier = getTicketArchetype( 
clientPrincipal );

        // Seal the ticket for the server.
        KerberosPrincipal serverPrincipal = new KerberosPrincipal( 
"krbtgt/[EMAIL PROTECTED]" );
        String passPhrase = "randomKey";
        EncryptionKey serverKey = getEncryptionKey( serverPrincipal, passPhrase 
);
        Ticket tgt = getTicket( encTicketPartModifier, serverPrincipal, 
serverKey );

        RequestBodyModifier modifier = new RequestBodyModifier();
        modifier.setServerName( getPrincipalName( "ldap/[EMAIL PROTECTED]" ) );
        modifier.setRealm( "EXAMPLE.COM" );

        Set<EncryptionType> encryptionTypes = new HashSet<EncryptionType>();
        encryptionTypes.add( EncryptionType.AES128_CTS_HMAC_SHA1_96 );

        modifier.setEType( encryptionTypes );

        modifier.setNonce( random.nextInt() );

        KdcOptions kdcOptions = new KdcOptions();
        modifier.setKdcOptions( kdcOptions );

        long now = System.currentTimeMillis();
        KerberosTime requestedEndTime = new KerberosTime( now + 1 * 
KerberosTime.DAY );
        modifier.setTill( requestedEndTime );

        RequestBody requestBody = modifier.getRequestBody();
        KdcRequest message = getKdcRequest( tgt, requestBody );

        handler.messageReceived( session, message );

        TicketGrantReply reply = ( TicketGrantReply ) session.getMessage();     
              /------------------------------------------<<<<<<<<

        assertEquals( "Encryption type", EncryptionType.DES_CBC_MD5, 
reply.getEncPart().getEType() );
        assertEquals( "Encryption type", 
EncryptionType.AES128_CTS_HMAC_SHA1_96, reply.getTicket().getEncPart()
                .getEType() );
    }


> removing unrequired escaping in DNs / filters
> ---------------------------------------------
>
>                 Key: DIRSERVER-1247
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-1247
>             Project: Directory ApacheDS
>          Issue Type: Improvement
>          Components: ldap
>    Affects Versions: 1.5.4
>            Reporter: Norval Hope
>             Fix For: 1.5.5
>
>         Attachments: escaping.patch
>
>   Original Estimate: 8h
>  Remaining Estimate: 8h
>
> The current Dn and filter handling is overly restrictive in that all 
> non-ascii characters are quoted using the \NN syntax. This is probably due to 
> rfc 2253 being unclear about the fact that multibyte UTF-8 encoded values can 
> be used, but this iss further clarified in rfc 4514 which superceeds 2253. 
> The application of unrequired quoting makes debugging / reading logs much 
> harder then it should be, as it requires manual calculations rather then just 
> setting the file encoding on your log file / IDE windows to being UTF-8.
> I have attached a patch file with the required updates to code and unit tests 
> under /shared/ldap (some problems i had noted with earlier AD version due to 
> unspecified encoding when converting bytes to / from Strings had already been 
> tidied up in AD 1.5.4). 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.