diff --git a/testsuite/integration/src/main/java/org/keycloak/testutils/ldap/EmbeddedServersFactory.java b/testsuite/integration/src/main/java/org/keycloak/testutils/ldap/EmbeddedServersFactory.java
index a377d9b..d739b6c 100644
--- a/testsuite/integration/src/main/java/org/keycloak/testutils/ldap/EmbeddedServersFactory.java
+++ b/testsuite/integration/src/main/java/org/keycloak/testutils/ldap/EmbeddedServersFactory.java
@@ -16,6 +16,7 @@ public class EmbeddedServersFactory {
private static final String DEFAULT_KERBEROS_REALM = "KEYCLOAK.ORG";
private static final int DEFAULT_KDC_PORT = 6088;
+ private static final String DEFAULT_KDC_ENCRYPTION_TYPES = "aes128-cts-hmac-sha1-96, des-cbc-md5, des3-cbc-sha1-kd";
private String baseDN;
private String bindHost;
@@ -23,6 +24,7 @@ public class EmbeddedServersFactory {
private String ldifFile;
private String kerberosRealm;
private int kdcPort;
+ private String kdcEncryptionTypes;
public static EmbeddedServersFactory readConfiguration() {
@@ -40,6 +42,7 @@ public class EmbeddedServersFactory {
this.kerberosRealm = System.getProperty("kerberos.realm");
String kdcPort = System.getProperty("kerberos.port");
+ this.kdcEncryptionTypes = System.getProperty("kerberos.encTypes");
if (baseDN == null || baseDN.isEmpty()) {
baseDN = DEFAULT_BASE_DN;
@@ -56,6 +59,9 @@ public class EmbeddedServersFactory {
kerberosRealm = DEFAULT_KERBEROS_REALM;
}
this.kdcPort = (kdcPort == null || kdcPort.isEmpty()) ? DEFAULT_KDC_PORT : Integer.parseInt(kdcPort);
+ if (kdcEncryptionTypes == null || kdcEncryptionTypes.isEmpty()) {
+ kdcEncryptionTypes = DEFAULT_KDC_ENCRYPTION_TYPES;
+ }
}
@@ -77,6 +83,6 @@ public class EmbeddedServersFactory {
ldifFile = DEFAULT_KERBEROS_LDIF_FILE;
}
- return new KerberosEmbeddedServer(baseDN, bindHost, bindPort, ldifFile, kerberosRealm, kdcPort);
+ return new KerberosEmbeddedServer(baseDN, bindHost, bindPort, ldifFile, kerberosRealm, kdcPort, kdcEncryptionTypes);
}
}
diff --git a/testsuite/integration/src/main/java/org/keycloak/testutils/ldap/KerberosEmbeddedServer.java b/testsuite/integration/src/main/java/org/keycloak/testutils/ldap/KerberosEmbeddedServer.java
index 527c9b3..f568342 100644
--- a/testsuite/integration/src/main/java/org/keycloak/testutils/ldap/KerberosEmbeddedServer.java
+++ b/testsuite/integration/src/main/java/org/keycloak/testutils/ldap/KerberosEmbeddedServer.java
@@ -2,6 +2,8 @@ package org.keycloak.testutils.ldap;
import java.io.IOException;
import java.lang.reflect.Field;
+import java.util.HashSet;
+import java.util.Set;
import javax.security.auth.kerberos.KerberosPrincipal;
@@ -20,6 +22,8 @@ import org.apache.directory.server.ldap.handlers.sasl.ntlm.NtlmMechanismHandler;
import org.apache.directory.server.ldap.handlers.sasl.plain.PlainMechanismHandler;
import org.apache.directory.server.protocol.shared.transport.UdpTransport;
import org.apache.directory.shared.kerberos.KerberosTime;
+import org.apache.directory.shared.kerberos.KerberosUtils;
+import org.apache.directory.shared.kerberos.codec.types.EncryptionType;
import org.jboss.logging.Logger;
/**
@@ -31,6 +35,7 @@ public class KerberosEmbeddedServer extends LDAPEmbeddedServer {
private final String kerberosRealm;
private final int kdcPort;
+ private final String kdcEncryptionTypes;
private KdcServer kdcServer;
@@ -43,8 +48,9 @@ public class KerberosEmbeddedServer extends LDAPEmbeddedServer {
}
- protected KerberosEmbeddedServer(String baseDN, String bindHost, int bindPort, String ldifFile, String kerberosRealm, int kdcPort) {
+ protected KerberosEmbeddedServer(String baseDN, String bindHost, int bindPort, String ldifFile, String kerberosRealm, int kdcPort, String kdcEncryptionTypes) {
super(baseDN, bindHost, bindPort, ldifFile);
+ this.kdcEncryptionTypes = kdcEncryptionTypes;
this.kerberosRealm = kerberosRealm;
this.kdcPort = kdcPort;
}
@@ -54,7 +60,7 @@ public class KerberosEmbeddedServer extends LDAPEmbeddedServer {
public void init() throws Exception {
super.init();
- log.info("Creating KDC server. kerberosRealm: " + kerberosRealm + ", kdcPort: " + kdcPort);
+ log.info("Creating KDC server. kerberosRealm: " + kerberosRealm + ", kdcPort: " + kdcPort + ", kdcEncryptionTypes: " + kdcEncryptionTypes);
createAndStartKdcServer();
}
@@ -93,6 +99,8 @@ public class KerberosEmbeddedServer extends LDAPEmbeddedServer {
kdcConfig.setMaximumTicketLifetime(60000 * 1440);
kdcConfig.setMaximumRenewableLifetime(60000 * 10080);
kdcConfig.setPaEncTimestampRequired(false);
+ Set<EncryptionType> encryptionTypes = convertEncryptionTypes();
+ kdcConfig.setEncryptionTypes(encryptionTypes);
kdcServer = new NoReplayKdcServer(kdcConfig);
kdcServer.setSearchBaseDn(this.baseDN);
@@ -122,6 +130,24 @@ public class KerberosEmbeddedServer extends LDAPEmbeddedServer {
}
+ private Set<EncryptionType> convertEncryptionTypes() {
+ Set<EncryptionType> encryptionTypes = new HashSet<EncryptionType>();
+ String[] configEncTypes = kdcEncryptionTypes.split(",");
+
+ for ( String enc : configEncTypes ) {
+ enc = enc.trim();
+ for ( EncryptionType type : EncryptionType.getEncryptionTypes() ) {
+ if ( type.getName().equalsIgnoreCase( enc ) ) {
+ encryptionTypes.add( type );
+ }
+ }
+ }
+
+ encryptionTypes = KerberosUtils.orderEtypesByStrength(encryptionTypes);
+ return encryptionTypes;
+ }
+
+
/**
* Replacement of apacheDS KdcServer class with disabled ticket replay cache.
*
@@ -151,12 +177,10 @@ public class KerberosEmbeddedServer extends LDAPEmbeddedServer {
@Override
public void save(KerberosPrincipal serverPrincipal, KerberosPrincipal clientPrincipal, KerberosTime clientTime,
int clientMicroSeconds) {
- return;
}
@Override
public void clear() {
- return;
}
}
