[ELY-2721] upgraded to ApacheDS AM27 and Apache Kerby KDC

pom.xml

@@ -61,8 +61,9 @@
         <version.commons-cli>1.6.0</version.commons-cli>
         <version.jakarta.enterprise>4.0.1</version.jakarta.enterprise>
         <version.org.apache.commons>3.14.0</version.org.apache.commons>
-        <version.org.apache.directory.server>2.0.0-M24</version.org.apache.directory.server>
-        <version.org.apache.directory.api>1.0.0</version.org.apache.directory.api>
+        <version.org.apache.directory.server>2.0.0.AM27</version.org.apache.directory.server>
+        <version.org.apache.directory.api>2.1.6</version.org.apache.directory.api>
+        <version.org.apache.kerby>2.0.3</version.org.apache.kerby>
         <version.org.apache.directory.jdbm>2.0.0-M3</version.org.apache.directory.jdbm>
         <version.org.apache.directory.mavibot>1.0.0-M8</version.org.apache.directory.mavibot>
         <version.org.bouncycastle>1.67</version.org.bouncycastle>
@@ -1071,12 +1072,6 @@
                 <version>${version.org.apache.directory.server}</version>
                 <scope>test</scope>
             </dependency>
-            <dependency>
-                <groupId>org.apache.directory.server</groupId>
-                <artifactId>apacheds-protocol-kerberos</artifactId>
-                <version>${version.org.apache.directory.server}</version>
-                <scope>test</scope>
-            </dependency>
             <dependency>
                 <groupId>org.apache.directory.server</groupId>
                 <artifactId>apacheds-protocol-ldap</artifactId>
@@ -1109,6 +1104,12 @@
                     </exclusion>
                 </exclusions>
             </dependency>
+            <dependency>
+                <groupId>org.apache.kerby</groupId>
+                <artifactId>kerb-simplekdc</artifactId>
+                <version>${version.org.apache.kerby}</version>
+                <scope>test</scope>
+            </dependency>
             <dependency>
                 <groupId>commons-io</groupId>
                 <artifactId>commons-io</artifactId>

tests/base/pom.xml

@@ -642,11 +642,6 @@
             <artifactId>apacheds-kerberos-codec</artifactId>
             <scope>test</scope>
         </dependency>
-        <dependency>
-            <groupId>org.apache.directory.server</groupId>
-            <artifactId>apacheds-protocol-kerberos</artifactId>
-            <scope>test</scope>
-        </dependency>
         <dependency>
             <groupId>org.apache.directory.server</groupId>
             <artifactId>apacheds-protocol-ldap</artifactId>
@@ -658,6 +653,11 @@
                 </exclusion>
             </exclusions>
         </dependency>
+        <dependency>
+            <groupId>org.apache.kerby</groupId>
+            <artifactId>kerb-simplekdc</artifactId>
+            <scope>test</scope>
+        </dependency>
         <dependency>
             <groupId>org.apache.directory.mavibot</groupId>
             <artifactId>mavibot</artifactId>

tests/base/src/test/java/org/wildfly/security/apacheds/LdapService.java

@@ -143,7 +143,6 @@ public Builder addPartition(final String id, final String partitionName, final i
             for (String current : indexes) {
                 partitionFactory.addIndex(partition, current, indexSize);
             }
-            partition.setCacheService(directoryService.getCacheService());
             partition.initialize();
             directoryService.addPartition(partition);
 

tests/base/src/test/java/org/wildfly/security/credential/store/KeystorePasswordStoreTest.java

@@ -34,7 +34,7 @@
 import java.util.concurrent.locks.ReadWriteLock;
 import java.util.function.Supplier;
 
-import org.apache.commons.lang.RandomStringUtils;
+import org.apache.commons.lang3.RandomStringUtils;
 import org.junit.Assert;
 import org.junit.BeforeClass;
 import org.junit.Test;

tests/base/src/test/java/org/wildfly/security/ldap/DirContextFactoryRule.java

@@ -94,7 +94,6 @@ private static void createStores(KeyStore localhostKeyStore, KeyStore scarabKeyS
                 .addExtension(false, "BasicConstraints", "CA:true,pathlen:2147483647")
                 .build();
         X509Certificate issuerCertificate = issuerSelfSignedX509CertificateAndSigningKey.getSelfSignedCertificate();
-        localhostKeyStore.setCertificateEntry("ca", issuerCertificate);
         trustStore.setCertificateEntry("mykey", issuerCertificate);
 
         // Generates certificate and keystore for Localhost

tests/base/src/test/java/org/wildfly/security/ldap/ModifiabilitySuiteChild.java

@@ -72,7 +72,7 @@ public static void createRealm() throws InvalidNameException {
                      AttributeMapping.fromIdentity().from("sn").to("lastName").build(),
                      AttributeMapping.fromIdentity().from("description").to("description").build(),
                      AttributeMapping.fromIdentity().from("telephoneNumber").to("phones").build(),
-                     AttributeMapping.fromFilter("(&(objectClass=groupOfNames)(member={0}))").searchDn("ou=Finance,dc=elytron,dc=wildfly,dc=org").extractRdn("OU").to("businessArea").build())
+                     AttributeMapping.fromFilter("(&(objectClass=groupOfNames)(member=uid={0}))").searchDn("ou=Finance,dc=elytron,dc=wildfly,dc=org").extractRdn("OU").to("businessArea").build())
                 .setNewIdentityParent(new LdapName("dc=elytron,dc=wildfly,dc=org"))
                 .setNewIdentityAttributes(attributes)
                 .setIteratorFilter("(uid=*)")

tests/base/src/test/java/org/wildfly/security/sasl/gssapi/TestKDC.java

@@ -26,7 +26,6 @@
 import java.util.Map;
 
 import org.apache.directory.api.ldap.model.entry.DefaultEntry;
-import org.apache.directory.api.ldap.model.exception.LdapInvalidDnException;
 import org.apache.directory.api.ldap.model.ldif.LdifEntry;
 import org.apache.directory.api.ldap.model.ldif.LdifReader;
 import org.apache.directory.api.ldap.model.schema.SchemaManager;
@@ -37,21 +36,21 @@
 import org.apache.directory.server.core.factory.DirectoryServiceFactory;
 import org.apache.directory.server.core.factory.PartitionFactory;
 import org.apache.directory.server.core.kerberos.KeyDerivationInterceptor;
-import org.apache.directory.server.kerberos.KerberosConfig;
-import org.apache.directory.server.kerberos.kdc.KdcServer;
 import org.apache.directory.server.kerberos.shared.crypto.encryption.KerberosKeyFactory;
-import org.apache.directory.server.kerberos.shared.keytab.Keytab;
-import org.apache.directory.server.kerberos.shared.keytab.KeytabEntry;
 import org.apache.directory.server.ldap.LdapServer;
 import org.apache.directory.server.protocol.shared.transport.TcpTransport;
 import org.apache.directory.server.protocol.shared.transport.Transport;
-import org.apache.directory.server.protocol.shared.transport.UdpTransport;
-import org.apache.directory.shared.kerberos.KerberosTime;
 import org.apache.directory.shared.kerberos.codec.types.EncryptionType;
 import org.apache.directory.shared.kerberos.components.EncryptionKey;
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.keytab.Keytab;
+import org.apache.kerby.kerberos.kerb.keytab.KeytabEntry;
+import org.apache.kerby.kerberos.kerb.server.SimpleKdcServer;
+import org.apache.kerby.kerberos.kerb.server.impl.DefaultInternalKdcServerImpl;
+import org.apache.kerby.kerberos.kerb.type.KerberosTime;
+import org.apache.kerby.kerberos.kerb.type.base.PrincipalName;
 import org.jboss.logging.Logger;
 
-import javax.security.auth.kerberos.KerberosPrincipal;
 
 /**
  * Utility class to wrap starting and stopping of the directory server and the KDC.
@@ -63,7 +62,7 @@ public class TestKDC {
     private static Logger log = Logger.getLogger(TestKDC.class);
     private File workingDir;
     private DirectoryService directoryService;
-    private KdcServer kdcServer;
+    private SimpleKdcServer kdcServer;
     private String originalConfig;
     private boolean exposeLdapServer;
     private LdapServer ldapServer;
@@ -117,7 +116,6 @@ private static void createPartition(final DirectoryServiceFactory dsf, final Sch
         for (String current : indexAttributes) {
             pf.addIndex(p, current, 10);
         }
-        p.setCacheService(directoryService.getCacheService());
         p.initialize();
         directoryService.addPartition(p);
     }
@@ -156,27 +154,24 @@ public void startKDC() {
         File configPath = new File(TestKDC.class.getResource("/krb5.conf").getFile());
         originalConfig = System.setProperty("java.security.krb5.conf", configPath.getAbsolutePath());
 
-        KdcServer kdcServer = new KdcServer();
-        kdcServer.setServiceName("TestKDCServer");
-        kdcServer.setSearchBaseDn("dc=wildfly,dc=org");
-        KerberosConfig config = kdcServer.getConfig();
-        config.setServicePrincipal("krbtgt/WILDFLY.ORG@WILDFLY.ORG");
-        config.setPrimaryRealm("WILDFLY.ORG");
-        config.setMaximumTicketLifetime(60000 * 1440);
-        config.setMaximumRenewableLifetime(60000 * 10080);
-
-        config.setPaEncTimestampRequired(false);
+        try {
+            SimpleKdcServer kdcServer = new SimpleKdcServer();
+            kdcServer.setKdcRealm("WILDFLY.ORG");
+            kdcServer.setKdcHost("localhost");
+            kdcServer.setInnerKdcImpl(new DefaultInternalKdcServerImpl(kdcServer.getKdcSetting()));
+            kdcServer.setAllowUdp(true);
+            kdcServer.setKdcUdpPort(6088);
 
-        UdpTransport udp = new UdpTransport("localhost", 6088);
-        kdcServer.addTransports(udp);
+            kdcServer.init();
 
-        kdcServer.setDirectoryService(directoryService);
+            kdcServer.createPrincipal("sasl/test_server_1@WILDFLY.ORG", "servicepwd");
+            kdcServer.createPrincipal("sasl/test_server_2@WILDFLY.ORG", "servicepwd");
+            kdcServer.createPrincipal("jduke@WILDFLY.ORG", "theduke");
 
-        // Launch the server
-        try {
+            // Launch the server
             kdcServer.start();
             this.kdcServer = kdcServer;
-        } catch (IOException | LdapInvalidDnException e) {
+        } catch (KrbException e) {
             throw new IllegalStateException("Unable to start KDC", e);
         }
     }
@@ -186,7 +181,11 @@ private void stopKDC() {
             return;
         }
 
-        kdcServer.stop();
+        try {
+            kdcServer.stop();
+        } catch (KrbException e) {
+            throw new IllegalStateException("Unable to stop KDC", e);
+        }
         kdcServer = null;
 
         if (originalConfig != null) {
@@ -232,7 +231,7 @@ public void stopAll() {
     public String generateKeyTab(String keyTabFileName, String... credentials) {
         log.debug("Generating keytab: " + keyTabFileName);
         List<KeytabEntry> entries = new ArrayList<>();
-        KerberosTime ktm = new KerberosTime();
+        KerberosTime ktm = KerberosTime.now();
 
         for (int i = 0; i < credentials.length;) {
             String principal = credentials[i++];
@@ -242,15 +241,16 @@ public String generateKeyTab(String keyTabFileName, String... credentials) {
                     .entrySet()) {
                 EncryptionKey key = keyEntry.getValue();
                 log.debug("Adding key=" + key + " for principal=" + principal);
-                entries.add(new KeytabEntry(principal, KerberosPrincipal.KRB_NT_PRINCIPAL, ktm, (byte) key.getKeyVersion(), key));
+                entries.add(new KeytabEntry(new PrincipalName(principal), ktm, key.getKeyVersion(),
+                        new org.apache.kerby.kerberos.kerb.type.base.EncryptionKey(key.getKeyType().getValue(), key.getKeyValue(), key.getKeyVersion())));
             }
         }
 
-        Keytab keyTab = Keytab.getInstance();
-        keyTab.setEntries(entries);
+        Keytab keyTab = new Keytab();
+        keyTab.addKeytabEntries(entries);
         try {
             File keyTabFile = new File(workingDir, keyTabFileName);
-            keyTab.write(keyTabFile);
+            keyTab.store(keyTabFile);
             return keyTabFile.getAbsolutePath();
         } catch (IOException e) {
             throw new IllegalStateException("Cannot create keytab: " + keyTabFileName, e);