You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by pl...@apache.org on 2015/11/24 08:59:41 UTC
[12/27] directory-kerby git commit: DIRKRB-461 Support getting an
item from multiple sections
DIRKRB-461 Support getting an item from multiple sections
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/ea74f8db
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/ea74f8db
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/ea74f8db
Branch: refs/heads/pkinit-support
Commit: ea74f8dbd2a9faeab4eb356f09323248f079ce75
Parents: 02e97e8
Author: Kai Zheng <ka...@intel.com>
Authored: Fri Nov 20 10:54:32 2015 +0800
Committer: Kai Zheng <ka...@intel.com>
Committed: Fri Nov 20 10:54:32 2015 +0800
----------------------------------------------------------------------
.../main/java/org/apache/kerby/config/Conf.java | 4 +-
.../java/org/apache/kerby/config/Config.java | 2 +-
.../org/apache/kerby/config/ConfigImpl.java | 6 +-
.../kerby/kerberos/kerb/client/KrbConfig.java | 85 +++++-----
.../kerberos/kerb/client/KrbConfigKey.java | 60 +++-----
.../kerby/kerberos/kerb/common/Krb5Conf.java | 154 +++++++++++++++++++
.../kerberos/kerb/common/KrbConfHelper.java | 107 -------------
.../kerberos/kerb/common/SectionConfigKey.java | 31 ----
.../kerby/kerberos/kerb/server/KdcConfig.java | 80 ++++------
.../kerberos/kerb/server/KdcConfigKey.java | 44 ++----
10 files changed, 265 insertions(+), 308 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ea74f8db/kerby-config/src/main/java/org/apache/kerby/config/Conf.java
----------------------------------------------------------------------
diff --git a/kerby-config/src/main/java/org/apache/kerby/config/Conf.java b/kerby-config/src/main/java/org/apache/kerby/config/Conf.java
index ad47157..d5bbcfc 100644
--- a/kerby-config/src/main/java/org/apache/kerby/config/Conf.java
+++ b/kerby-config/src/main/java/org/apache/kerby/config/Conf.java
@@ -225,9 +225,9 @@ public class Conf implements Config {
}
@Override
- public Long getLong(ConfigKey name) {
+ public Long getLong(ConfigKey name, boolean useDefault) {
checkAndLoad();
- return config.getLong(name);
+ return config.getLong(name, useDefault);
}
@Override
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ea74f8db/kerby-config/src/main/java/org/apache/kerby/config/Config.java
----------------------------------------------------------------------
diff --git a/kerby-config/src/main/java/org/apache/kerby/config/Config.java b/kerby-config/src/main/java/org/apache/kerby/config/Config.java
index 1e8c32c..c71405a 100644
--- a/kerby-config/src/main/java/org/apache/kerby/config/Config.java
+++ b/kerby-config/src/main/java/org/apache/kerby/config/Config.java
@@ -88,7 +88,7 @@ public interface Config {
void setInt(ConfigKey name, Integer value);
Long getLong(String name);
- Long getLong(ConfigKey name);
+ Long getLong(ConfigKey name, boolean useDefault);
Long getLong(String name, Long defaultValue);
/**
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ea74f8db/kerby-config/src/main/java/org/apache/kerby/config/ConfigImpl.java
----------------------------------------------------------------------
diff --git a/kerby-config/src/main/java/org/apache/kerby/config/ConfigImpl.java b/kerby-config/src/main/java/org/apache/kerby/config/ConfigImpl.java
index b4cf2b6..d083313 100644
--- a/kerby-config/src/main/java/org/apache/kerby/config/ConfigImpl.java
+++ b/kerby-config/src/main/java/org/apache/kerby/config/ConfigImpl.java
@@ -170,10 +170,10 @@ public class ConfigImpl implements Config {
}
@Override
- public Long getLong(ConfigKey name) {
- if (name.getDefaultValue() != null) {
+ public Long getLong(ConfigKey name, boolean useDefault) {
+ if (useDefault) {
return getLong(name.getPropertyKey(),
- getDefaultValueAs(name, Long.class));
+ getDefaultValueAs(name, Long.class));
}
return getLong(name.getPropertyKey());
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ea74f8db/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfig.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfig.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfig.java
index 78706b1..c04bce7 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfig.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfig.java
@@ -19,8 +19,7 @@
*/
package org.apache.kerby.kerberos.kerb.client;
-import org.apache.kerby.config.Conf;
-import org.apache.kerby.kerberos.kerb.common.KrbConfHelper;
+import org.apache.kerby.kerberos.kerb.common.Krb5Conf;
import org.apache.kerby.kerberos.kerb.spec.base.EncryptionType;
import java.util.List;
@@ -28,10 +27,11 @@ import java.util.List;
/**
* Kerb client side configuration API.
*/
-public class KrbConfig extends Conf {
+public class KrbConfig extends Krb5Conf {
+ private static final String LIBDEFAULT = "libdefaults";
public boolean enableDebug() {
- return getBoolean(KrbConfigKey.KRB_DEBUG, true);
+ return getBoolean(KrbConfigKey.KRB_DEBUG, true, LIBDEFAULT);
}
/**
@@ -40,8 +40,8 @@ public class KrbConfig extends Conf {
* @return The kdc host
*/
public String getKdcHost() {
- return KrbConfHelper.getStringUnderSection(this,
- KrbConfigKey.KDC_HOST, true);
+ return getString(
+ KrbConfigKey.KDC_HOST, true, LIBDEFAULT);
}
/**
@@ -50,8 +50,7 @@ public class KrbConfig extends Conf {
* @return The kdc host
*/
public int getKdcPort() {
- Integer kdcPort = KrbConfHelper.getIntUnderSection(this,
- KrbConfigKey.KDC_PORT);
+ Integer kdcPort = getInt(KrbConfigKey.KDC_PORT, true, LIBDEFAULT);
if (kdcPort != null) {
return kdcPort.intValue();
}
@@ -64,8 +63,7 @@ public class KrbConfig extends Conf {
* @return The kdc tcp port
*/
public int getKdcTcpPort() {
- Integer kdcPort = KrbConfHelper.getIntUnderSection(this,
- KrbConfigKey.KDC_TCP_PORT);
+ Integer kdcPort = getInt(KrbConfigKey.KDC_TCP_PORT, true, LIBDEFAULT);
if (kdcPort != null && kdcPort > 0) {
return kdcPort.intValue();
}
@@ -78,9 +76,8 @@ public class KrbConfig extends Conf {
* @return true to allow UDP, false otherwise
*/
public boolean allowKdcUdp() {
- return getBoolean(KrbConfigKey.KDC_ALLOW_UDP, true)
- || KrbConfHelper.getIntUnderSection(this,
- KrbConfigKey.KDC_UDP_PORT) != null;
+ return getBoolean(KrbConfigKey.KDC_ALLOW_UDP, true, LIBDEFAULT)
+ || getInt(KrbConfigKey.KDC_UDP_PORT, true, LIBDEFAULT) != null;
}
/**
@@ -89,9 +86,8 @@ public class KrbConfig extends Conf {
* @return true to allow TCP, false otherwise
*/
public boolean allowKdcTcp() {
- return getBoolean(KrbConfigKey.KDC_ALLOW_TCP, true)
- || KrbConfHelper.getIntUnderSection(this,
- KrbConfigKey.KDC_TCP_PORT) != null;
+ return getBoolean(KrbConfigKey.KDC_ALLOW_TCP, true, LIBDEFAULT)
+ || getInt(KrbConfigKey.KDC_TCP_PORT, true, LIBDEFAULT) != null;
}
/**
@@ -100,8 +96,7 @@ public class KrbConfig extends Conf {
* @return The kdc udp port
*/
public int getKdcUdpPort() {
- Integer kdcPort = KrbConfHelper.getIntUnderSection(this,
- KrbConfigKey.KDC_UDP_PORT);
+ Integer kdcPort = getInt(KrbConfigKey.KDC_UDP_PORT, true, LIBDEFAULT);
if (kdcPort != null && kdcPort > 0) {
return kdcPort.intValue();
}
@@ -113,14 +108,11 @@ public class KrbConfig extends Conf {
* @return The kdc realm
*/
public String getKdcRealm() {
- String realm = KrbConfHelper.getStringUnderSection(this,
- KrbConfigKey.KDC_REALM, false);
+ String realm = getString(KrbConfigKey.KDC_REALM, false, LIBDEFAULT);
if (realm == null) {
- realm = KrbConfHelper.getStringUnderSection(this,
- KrbConfigKey.DEFAULT_REALM, false);
+ realm = getString(KrbConfigKey.DEFAULT_REALM, false, LIBDEFAULT);
if (realm == null) {
- realm = KrbConfHelper.getStringUnderSection(this,
- KrbConfigKey.KDC_REALM, true);
+ realm = getString(KrbConfigKey.KDC_REALM, true, LIBDEFAULT);
}
}
@@ -132,7 +124,7 @@ public class KrbConfig extends Conf {
* @return true if preauth required
*/
public boolean isPreauthRequired() {
- return getBoolean(KrbConfigKey.PREAUTH_REQUIRED, true);
+ return getBoolean(KrbConfigKey.PREAUTH_REQUIRED, true, LIBDEFAULT);
}
/**
@@ -140,7 +132,7 @@ public class KrbConfig extends Conf {
* @return The tgs principal
*/
public String getTgsPrincipal() {
- return getString(KrbConfigKey.TGS_PRINCIPAL, true);
+ return getString(KrbConfigKey.TGS_PRINCIPAL, true, LIBDEFAULT);
}
/**
@@ -148,7 +140,7 @@ public class KrbConfig extends Conf {
* @return The allowable clock skew
*/
public long getAllowableClockSkew() {
- return KrbConfHelper.getLongUnderSection(this, KrbConfigKey.CLOCKSKEW);
+ return getLong(KrbConfigKey.CLOCKSKEW, true, LIBDEFAULT);
}
/**
@@ -156,7 +148,7 @@ public class KrbConfig extends Conf {
* @return true if empty address is allowed
*/
public boolean isEmptyAddressesAllowed() {
- return getBoolean(KrbConfigKey.EMPTY_ADDRESSES_ALLOWED, true);
+ return getBoolean(KrbConfigKey.EMPTY_ADDRESSES_ALLOWED, true, LIBDEFAULT);
}
/**
@@ -164,7 +156,7 @@ public class KrbConfig extends Conf {
* @return true if forward is allowed
*/
public boolean isForwardableAllowed() {
- return KrbConfHelper.getBooleanUnderSection(this, KrbConfigKey.FORWARDABLE);
+ return getBoolean(KrbConfigKey.FORWARDABLE, true, LIBDEFAULT);
}
/**
@@ -172,7 +164,7 @@ public class KrbConfig extends Conf {
* @return true if post dated is allowed
*/
public boolean isPostdatedAllowed() {
- return getBoolean(KrbConfigKey.POSTDATED_ALLOWED, true);
+ return getBoolean(KrbConfigKey.POSTDATED_ALLOWED, true, LIBDEFAULT);
}
/**
@@ -180,7 +172,7 @@ public class KrbConfig extends Conf {
* @return true if proxy is allowed
*/
public boolean isProxiableAllowed() {
- return KrbConfHelper.getBooleanUnderSection(this, KrbConfigKey.PROXIABLE);
+ return getBoolean(KrbConfigKey.PROXIABLE, true, LIBDEFAULT);
}
/**
@@ -188,7 +180,7 @@ public class KrbConfig extends Conf {
* @return true if renew is allowed
*/
public boolean isRenewableAllowed() {
- return getBoolean(KrbConfigKey.RENEWABLE_ALLOWED, true);
+ return getBoolean(KrbConfigKey.RENEWABLE_ALLOWED, true, LIBDEFAULT);
}
/**
@@ -196,7 +188,7 @@ public class KrbConfig extends Conf {
* @return The maximum renewable life time
*/
public long getMaximumRenewableLifetime() {
- return getLong(KrbConfigKey.MAXIMUM_RENEWABLE_LIFETIME);
+ return getLong(KrbConfigKey.MAXIMUM_RENEWABLE_LIFETIME, true, LIBDEFAULT);
}
/**
@@ -204,7 +196,7 @@ public class KrbConfig extends Conf {
* @return The maximum ticket life time
*/
public long getMaximumTicketLifetime() {
- return getLong(KrbConfigKey.MAXIMUM_TICKET_LIFETIME);
+ return getLong(KrbConfigKey.MAXIMUM_TICKET_LIFETIME, true, LIBDEFAULT);
}
/**
@@ -212,7 +204,7 @@ public class KrbConfig extends Conf {
* @return The minimum ticket life time
*/
public long getMinimumTicketLifetime() {
- return getLong(KrbConfigKey.MINIMUM_TICKET_LIFETIME);
+ return getLong(KrbConfigKey.MINIMUM_TICKET_LIFETIME, true, LIBDEFAULT);
}
/**
@@ -220,7 +212,7 @@ public class KrbConfig extends Conf {
* @return encryption type list
*/
public List<EncryptionType> getEncryptionTypes() {
- return KrbConfHelper.getEncTypesUnderSection(this, KrbConfigKey.PERMITTED_ENCTYPES);
+ return getEncTypes(KrbConfigKey.PERMITTED_ENCTYPES, true, LIBDEFAULT);
}
/**
@@ -228,7 +220,7 @@ public class KrbConfig extends Conf {
* @return true if pa encrypt time required
*/
public boolean isPaEncTimestampRequired() {
- return getBoolean(KrbConfigKey.PA_ENC_TIMESTAMP_REQUIRED, true);
+ return getBoolean(KrbConfigKey.PA_ENC_TIMESTAMP_REQUIRED, true, LIBDEFAULT);
}
/**
@@ -236,7 +228,7 @@ public class KrbConfig extends Conf {
* @return true if body checksum verified
*/
public boolean isBodyChecksumVerified() {
- return getBoolean(KrbConfigKey.VERIFY_BODY_CHECKSUM, true);
+ return getBoolean(KrbConfigKey.VERIFY_BODY_CHECKSUM, true, LIBDEFAULT);
}
/**
@@ -244,8 +236,7 @@ public class KrbConfig extends Conf {
* @return The default realm
*/
public String getDefaultRealm() {
- return KrbConfHelper.getStringUnderSection(this,
- KrbConfigKey.DEFAULT_REALM, true);
+ return getString(KrbConfigKey.DEFAULT_REALM, true, LIBDEFAULT);
}
/**
@@ -253,7 +244,7 @@ public class KrbConfig extends Conf {
* @return true if dnc look up kdc
*/
public boolean getDnsLookUpKdc() {
- return KrbConfHelper.getBooleanUnderSection(this, KrbConfigKey.DNS_LOOKUP_KDC);
+ return getBoolean(KrbConfigKey.DNS_LOOKUP_KDC, true, LIBDEFAULT);
}
/**
@@ -261,7 +252,7 @@ public class KrbConfig extends Conf {
* @return true if dns look up realm
*/
public boolean getDnsLookUpRealm() {
- return KrbConfHelper.getBooleanUnderSection(this, KrbConfigKey.DNS_LOOKUP_REALM);
+ return getBoolean(KrbConfigKey.DNS_LOOKUP_REALM, true, LIBDEFAULT);
}
/**
@@ -269,7 +260,7 @@ public class KrbConfig extends Conf {
* @return true if allow weak crypto
*/
public boolean getAllowWeakCrypto() {
- return KrbConfHelper.getBooleanUnderSection(this, KrbConfigKey.ALLOW_WEAK_CRYPTO);
+ return getBoolean(KrbConfigKey.ALLOW_WEAK_CRYPTO, true, LIBDEFAULT);
}
/**
@@ -277,7 +268,7 @@ public class KrbConfig extends Conf {
* @return The ticket life time
*/
public long getTicketLifetime() {
- return KrbConfHelper.getLongUnderSection(this, KrbConfigKey.TICKET_LIFETIME);
+ return getLong(KrbConfigKey.TICKET_LIFETIME, true, LIBDEFAULT);
}
/**
@@ -285,7 +276,7 @@ public class KrbConfig extends Conf {
* @return The renew life time
*/
public long getRenewLifetime() {
- return KrbConfHelper.getLongUnderSection(this, KrbConfigKey.RENEW_LIFETIME);
+ return getLong(KrbConfigKey.RENEW_LIFETIME, true, LIBDEFAULT);
}
/**
@@ -293,7 +284,7 @@ public class KrbConfig extends Conf {
* @return The tgs encryption type list
*/
public List<EncryptionType> getDefaultTgsEnctypes() {
- return KrbConfHelper.getEncTypesUnderSection(this, KrbConfigKey.DEFAULT_TGS_ENCTYPES);
+ return getEncTypes(KrbConfigKey.DEFAULT_TGS_ENCTYPES, true, LIBDEFAULT);
}
/**
@@ -301,6 +292,6 @@ public class KrbConfig extends Conf {
* @return The encryption type list
*/
public List<EncryptionType> getDefaultTktEnctypes() {
- return KrbConfHelper.getEncTypesUnderSection(this, KrbConfigKey.DEFAULT_TKT_ENCTYPES);
+ return getEncTypes(KrbConfigKey.DEFAULT_TKT_ENCTYPES, true, LIBDEFAULT);
}
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ea74f8db/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfigKey.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfigKey.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfigKey.java
index 4533b4e..0dd911a 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfigKey.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfigKey.java
@@ -19,59 +19,47 @@
*/
package org.apache.kerby.kerberos.kerb.client;
-import org.apache.kerby.kerberos.kerb.common.SectionConfigKey;
+import org.apache.kerby.config.ConfigKey;
-public enum KrbConfigKey implements SectionConfigKey {
+public enum KrbConfigKey implements ConfigKey {
KRB_DEBUG(true),
- KDC_HOST("localhost", "libdefaults"),
- KDC_PORT(null, "libdefaults"),
+ KDC_HOST("localhost"),
+ KDC_PORT(null),
KDC_ALLOW_UDP(false),
KDC_ALLOW_TCP(false),
- KDC_UDP_PORT(null, "libdefaults"),
- KDC_TCP_PORT(null, "libdefaults"),
+ KDC_UDP_PORT(null),
+ KDC_TCP_PORT(null),
KDC_DOMAIN("example.com"),
- KDC_REALM("EXAMPLE.COM", "libdefaults"),
+ KDC_REALM("EXAMPLE.COM"),
TGS_PRINCIPAL("krbtgt@EXAMPLE.COM"),
PREAUTH_REQUIRED(true),
- CLOCKSKEW(5 * 60L, "libdefaults"),
+ CLOCKSKEW(5 * 60L),
EMPTY_ADDRESSES_ALLOWED(true),
PA_ENC_TIMESTAMP_REQUIRED(true),
MAXIMUM_TICKET_LIFETIME(24 * 3600L),
MINIMUM_TICKET_LIFETIME(1 * 3600L),
MAXIMUM_RENEWABLE_LIFETIME(48 * 3600L),
- FORWARDABLE(true, "libdefaults"),
+ FORWARDABLE(true),
POSTDATED_ALLOWED(true),
- PROXIABLE(true, "libdefaults"),
+ PROXIABLE(true),
RENEWABLE_ALLOWED(true),
VERIFY_BODY_CHECKSUM(true),
- PERMITTED_ENCTYPES("aes128-cts-hmac-sha1-96", "libdefaults"),
- DEFAULT_REALM(null, "libdefaults"),
- DNS_LOOKUP_KDC(false, "libdefaults"),
- DNS_LOOKUP_REALM(false, "libdefaults"),
- ALLOW_WEAK_CRYPTO(true, "libdefaults"),
- TICKET_LIFETIME(24 * 3600L, "libdefaults"),
- RENEW_LIFETIME(48 * 3600L, "libdefaults"),
+ PERMITTED_ENCTYPES("aes128-cts-hmac-sha1-96"),
+ DEFAULT_REALM(null),
+ DNS_LOOKUP_KDC(false),
+ DNS_LOOKUP_REALM(false),
+ ALLOW_WEAK_CRYPTO(true),
+ TICKET_LIFETIME(24 * 3600L),
+ RENEW_LIFETIME(48 * 3600L),
DEFAULT_TGS_ENCTYPES("aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 "
+ "des3-cbc-sha1 arcfour-hmac-md5 camellia256-cts-cmac "
- + "camellia128-cts-cmac des-cbc-crc des-cbc-md5 des-cbc-md4",
- "libdefaults"),
+ + "camellia128-cts-cmac des-cbc-crc des-cbc-md5 des-cbc-md4"),
DEFAULT_TKT_ENCTYPES("aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 "
+ "des3-cbc-sha1 arcfour-hmac-md5 camellia256-cts-cmac "
- + "camellia128-cts-cmac des-cbc-crc des-cbc-md5 des-cbc-md4",
- "libdefaults"),
-
- //key for logging location
- DEFAULT(null, "logging"),
- KDC(null, "logging"),
- ADMIN_SERVER(null, "logging");
+ + "camellia128-cts-cmac des-cbc-crc des-cbc-md5 des-cbc-md4");
private Object defaultValue;
- /**
- * The name of a section where a config key is contained in
- * section-able config file.
- */
- private String sectionName;
private KrbConfigKey() {
this.defaultValue = null;
@@ -81,11 +69,6 @@ public enum KrbConfigKey implements SectionConfigKey {
this.defaultValue = defaultValue;
}
- private KrbConfigKey(Object defaultValue, String sectionName) {
- this(defaultValue);
- this.sectionName = sectionName;
- }
-
@Override
public String getPropertyKey() {
return name().toLowerCase();
@@ -95,9 +78,4 @@ public enum KrbConfigKey implements SectionConfigKey {
public Object getDefaultValue() {
return this.defaultValue;
}
-
- @Override
- public String getSectionName() {
- return sectionName;
- }
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ea74f8db/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/Krb5Conf.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/Krb5Conf.java b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/Krb5Conf.java
new file mode 100644
index 0000000..5ac0669
--- /dev/null
+++ b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/Krb5Conf.java
@@ -0,0 +1,154 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.common;
+
+import org.apache.kerby.config.Conf;
+import org.apache.kerby.config.Config;
+import org.apache.kerby.config.ConfigKey;
+import org.apache.kerby.kerberos.kerb.spec.base.EncryptionType;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+
+/**
+ * A krb5.conf format support.
+ */
+public class Krb5Conf extends Conf {
+ /**
+ * The regex to split a config value(string) to a list
+ * of config value(string list).
+ */
+ private static final String LIST_SPLITTER = " |,";
+
+ protected String getString(ConfigKey key, boolean useDefault,
+ String ... sections) {
+ String value = getString(key, false);
+ if (value == null) {
+ for (String section : sections) {
+ Config subConfig = getConfig(section);
+ if (subConfig != null) {
+ value = subConfig.getString(key, false);
+ if (value != null) {
+ break;
+ }
+ }
+ }
+ }
+ if (value == null && useDefault) {
+ value = (String) key.getDefaultValue();
+ }
+
+ return value;
+ }
+
+ protected Boolean getBoolean(ConfigKey key, boolean useDefault,
+ String ... sections) {
+ Boolean value = getBoolean(key, false);
+ if (value == null) {
+ for (String section : sections) {
+ Config subConfig = getConfig(section);
+ if (subConfig != null) {
+ value = subConfig.getBoolean(key, false);
+ if (value != null) {
+ break;
+ }
+ }
+ }
+ }
+ if (value == null && useDefault) {
+ value = (Boolean) key.getDefaultValue();
+ }
+
+ return value;
+ }
+
+ protected Long getLong(ConfigKey key, boolean useDefault,
+ String ... sections) {
+ Long value = getLong(key, false);
+ if (value == null) {
+ for (String section : sections) {
+ Config subConfig = getConfig(section);
+ if (subConfig != null) {
+ value = subConfig.getLong(key, false);
+ if (value != null) {
+ break;
+ }
+ }
+ }
+ }
+ if (value == null && useDefault) {
+ value = (Long) key.getDefaultValue();
+ }
+
+ return value;
+ }
+
+ protected Integer getInt(ConfigKey key, boolean useDefault,
+ String ... sections) {
+ Integer value = getInt(key, false);
+ if (value == null) {
+ for (String section : sections) {
+ Config subConfig = getConfig(section);
+ if (subConfig != null) {
+ value = subConfig.getInt(key, false);
+ if (value != null) {
+ break;
+ }
+ }
+ }
+ }
+ if (value == null && useDefault) {
+ value = (Integer) key.getDefaultValue();
+ }
+
+ return value;
+ }
+
+ protected List<EncryptionType> getEncTypes(ConfigKey key, boolean useDefault,
+ String ... sections) {
+ String[] encTypesNames = getStringArray(key, useDefault, sections);
+ return getEncryptionTypes(encTypesNames);
+ }
+
+ protected List<EncryptionType> getEncryptionTypes(String[] encTypeNames) {
+ return getEncryptionTypes(Arrays.asList(encTypeNames));
+ }
+
+ protected List<EncryptionType> getEncryptionTypes(List<String> encTypeNames) {
+ List<EncryptionType> results = new ArrayList<>(encTypeNames.size());
+
+ for (String eTypeName : encTypeNames) {
+ EncryptionType eType = EncryptionType.fromName(eTypeName);
+ if (eType != EncryptionType.NONE) {
+ results.add(eType);
+ }
+ }
+
+ return results;
+ }
+
+ protected String[] getStringArray(ConfigKey key, boolean useDefault,
+ String ... sections) {
+ String value = getString(key, useDefault, sections);
+ String[] values = value.split(LIST_SPLITTER);
+ return values;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ea74f8db/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/KrbConfHelper.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/KrbConfHelper.java b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/KrbConfHelper.java
deleted file mode 100644
index 27aab36..0000000
--- a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/KrbConfHelper.java
+++ /dev/null
@@ -1,107 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
-
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerby.kerberos.kerb.common;
-
-import org.apache.kerby.config.Conf;
-import org.apache.kerby.config.Config;
-import org.apache.kerby.kerberos.kerb.spec.base.EncryptionType;
-
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.List;
-
-/**
- * Help KrbConfig and KdcConfig to load configs.
- */
-public class KrbConfHelper {
- /**
- * The regex to split a config value(string) to a list of config value(string list).
- */
- private static final String LIST_SPLITTER = " |,";
-
- public static String getStringUnderSection(
- Conf conf, SectionConfigKey key, boolean useDefault) {
- Config subConfig = conf.getConfig(key.getSectionName());
- if (subConfig != null) {
- return subConfig.getString(key, useDefault);
- } else {
- return conf.getString(key, useDefault);
- }
- }
-
- public static Boolean getBooleanUnderSection(Conf conf, SectionConfigKey key) {
- Config subConfig = conf.getConfig(key.getSectionName());
- if (subConfig != null) {
- return subConfig.getBoolean(key, true);
- } else {
- return conf.getBoolean(key, true);
- }
- }
-
- public static Long getLongUnderSection(Conf conf, SectionConfigKey key) {
- Config subConfig = conf.getConfig(key.getSectionName());
- if (subConfig != null) {
- return subConfig.getLong(key);
- } else {
- return conf.getLong(key);
- }
- }
-
- public static Integer getIntUnderSection(Conf conf, SectionConfigKey key) {
- Config subConfig = conf.getConfig(key.getSectionName());
- if (subConfig != null) {
- return subConfig.getInt(key, true);
- } else {
- return conf.getInt(key, true);
- }
- }
-
- public static String[] getStringArrayUnderSection(Conf conf,
- SectionConfigKey key) {
- String value = getStringUnderSection(conf, key, true);
- String[] values = value.split(LIST_SPLITTER);
- return values;
- }
-
- public static List<EncryptionType> getEncTypesUnderSection(
- Conf conf, SectionConfigKey key) {
- String[] encTypesNames = getStringArrayUnderSection(conf, key);
- return getEncryptionTypes(encTypesNames);
- }
-
- public static List<EncryptionType> getEncryptionTypes(String[] encTypeNames) {
- return getEncryptionTypes(Arrays.asList(encTypeNames));
- }
-
- public static List<EncryptionType> getEncryptionTypes(
- List<String> encTypeNames) {
- List<EncryptionType> results = new ArrayList<EncryptionType>(
- encTypeNames.size());
-
- for (String eTypeName : encTypeNames) {
- EncryptionType eType = EncryptionType.fromName(eTypeName);
- if (eType != EncryptionType.NONE) {
- results.add(eType);
- }
- }
- return results;
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ea74f8db/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/SectionConfigKey.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/SectionConfigKey.java b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/SectionConfigKey.java
deleted file mode 100644
index d459a5f..0000000
--- a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/SectionConfigKey.java
+++ /dev/null
@@ -1,31 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerby.kerberos.kerb.common;
-
-import org.apache.kerby.config.ConfigKey;
-
-/**
- * Config Keys with section name, to support formats like
- * MIT Kerberos configuration.
- */
-public interface SectionConfigKey extends ConfigKey {
-
- String getSectionName();
-}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ea74f8db/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfig.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfig.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfig.java
index 1f4bf8d..a22411c 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfig.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfig.java
@@ -19,8 +19,7 @@
*/
package org.apache.kerby.kerberos.kerb.server;
-import org.apache.kerby.config.Conf;
-import org.apache.kerby.kerberos.kerb.common.KrbConfHelper;
+import org.apache.kerby.kerberos.kerb.common.Krb5Conf;
import org.apache.kerby.kerberos.kerb.spec.base.EncryptionType;
import java.util.Arrays;
@@ -29,24 +28,23 @@ import java.util.List;
/**
* Kerb KDC side configuration API.
*/
-public class KdcConfig extends Conf {
+public class KdcConfig extends Krb5Conf {
+ private static final String KDCDEFAULT = "kdcdefaults";
public boolean enableDebug() {
- return getBoolean(KdcConfigKey.KRB_DEBUG, true);
+ return getBoolean(KdcConfigKey.KRB_DEBUG, true, KDCDEFAULT);
}
public String getKdcServiceName() {
- return getString(KdcConfigKey.KDC_SERVICE_NAME, true);
+ return getString(KdcConfigKey.KDC_SERVICE_NAME, true, KDCDEFAULT);
}
public String getKdcHost() {
- return KrbConfHelper.getStringUnderSection(this,
- KdcConfigKey.KDC_HOST, true);
+ return getString(KdcConfigKey.KDC_HOST, true, KDCDEFAULT);
}
public int getKdcPort() {
- Integer kdcPort = KrbConfHelper.getIntUnderSection(this,
- KdcConfigKey.KDC_PORT);
+ Integer kdcPort = getInt(KdcConfigKey.KDC_PORT, true, KDCDEFAULT);
if (kdcPort != null && kdcPort > 0) {
return kdcPort.intValue();
}
@@ -54,8 +52,7 @@ public class KdcConfig extends Conf {
}
public int getKdcTcpPort() {
- Integer kdcTcpPort = KrbConfHelper.getIntUnderSection(this,
- KdcConfigKey.KDC_TCP_PORT);
+ Integer kdcTcpPort = getInt(KdcConfigKey.KDC_TCP_PORT, true, KDCDEFAULT);
if (kdcTcpPort != null && kdcTcpPort > 0) {
return kdcTcpPort.intValue();
}
@@ -67,9 +64,8 @@ public class KdcConfig extends Conf {
* @return true to allow TCP, false otherwise
*/
public Boolean allowTcp() {
- return getBoolean(KdcConfigKey.KDC_ALLOW_TCP, true)
- || KrbConfHelper.getIntUnderSection(this,
- KdcConfigKey.KDC_TCP_PORT) != null;
+ return getBoolean(KdcConfigKey.KDC_ALLOW_TCP, true, KDCDEFAULT)
+ || getInt(KdcConfigKey.KDC_TCP_PORT, true, KDCDEFAULT) != null;
}
/**
@@ -77,14 +73,12 @@ public class KdcConfig extends Conf {
* @return true to allow UDP, false otherwise
*/
public Boolean allowUdp() {
- return getBoolean(KdcConfigKey.KDC_ALLOW_UDP, true)
- || KrbConfHelper.getIntUnderSection(this,
- KdcConfigKey.KDC_UDP_PORT) != null;
+ return getBoolean(KdcConfigKey.KDC_ALLOW_UDP, true, KDCDEFAULT)
+ || getInt(KdcConfigKey.KDC_UDP_PORT, true, KDCDEFAULT) != null;
}
public int getKdcUdpPort() {
- Integer kdcUdpPort = KrbConfHelper.getIntUnderSection(this,
- KdcConfigKey.KDC_UDP_PORT);
+ Integer kdcUdpPort = getInt(KdcConfigKey.KDC_UDP_PORT, true, KDCDEFAULT);
if (kdcUdpPort != null && kdcUdpPort > 0) {
return kdcUdpPort.intValue();
}
@@ -92,92 +86,86 @@ public class KdcConfig extends Conf {
}
public String getKdcRealm() {
- return KrbConfHelper.getStringUnderSection(this,
- KdcConfigKey.KDC_REALM, true);
+ return getString(KdcConfigKey.KDC_REALM, true, KDCDEFAULT);
}
public String getKdcDomain() {
- return getString(KdcConfigKey.KDC_DOMAIN, true);
+ return getString(KdcConfigKey.KDC_DOMAIN, true, KDCDEFAULT);
}
public boolean isPreauthRequired() {
- return getBoolean(KdcConfigKey.PREAUTH_REQUIRED, true);
+ return getBoolean(KdcConfigKey.PREAUTH_REQUIRED, true, KDCDEFAULT);
}
public boolean isAllowTokenPreauth() {
- return getBoolean(KdcConfigKey.ALLOW_TOKEN_PREAUTH, true);
+ return getBoolean(KdcConfigKey.ALLOW_TOKEN_PREAUTH, true, KDCDEFAULT);
}
public long getAllowableClockSkew() {
- return getLong(KdcConfigKey.ALLOWABLE_CLOCKSKEW);
+ return getLong(KdcConfigKey.ALLOWABLE_CLOCKSKEW, true, KDCDEFAULT);
}
public boolean isEmptyAddressesAllowed() {
- return getBoolean(KdcConfigKey.EMPTY_ADDRESSES_ALLOWED, true);
+ return getBoolean(KdcConfigKey.EMPTY_ADDRESSES_ALLOWED, true, KDCDEFAULT);
}
public boolean isForwardableAllowed() {
- return getBoolean(KdcConfigKey.FORWARDABLE_ALLOWED, true);
+ return getBoolean(KdcConfigKey.FORWARDABLE_ALLOWED, true, KDCDEFAULT);
}
public boolean isPostdatedAllowed() {
- return getBoolean(KdcConfigKey.POSTDATED_ALLOWED, true);
+ return getBoolean(KdcConfigKey.POSTDATED_ALLOWED, true, KDCDEFAULT);
}
public boolean isProxiableAllowed() {
- return getBoolean(KdcConfigKey.PROXIABLE_ALLOWED, true);
+ return getBoolean(KdcConfigKey.PROXIABLE_ALLOWED, true, KDCDEFAULT);
}
public boolean isRenewableAllowed() {
- return getBoolean(KdcConfigKey.RENEWABLE_ALLOWED, true);
+ return getBoolean(KdcConfigKey.RENEWABLE_ALLOWED, true, KDCDEFAULT);
}
public long getMaximumRenewableLifetime() {
- return getLong(KdcConfigKey.MAXIMUM_RENEWABLE_LIFETIME);
+ return getLong(KdcConfigKey.MAXIMUM_RENEWABLE_LIFETIME, true, KDCDEFAULT);
}
public long getMaximumTicketLifetime() {
- return getLong(KdcConfigKey.MAXIMUM_TICKET_LIFETIME);
+ return getLong(KdcConfigKey.MAXIMUM_TICKET_LIFETIME, true, KDCDEFAULT);
}
public long getMinimumTicketLifetime() {
- return getLong(KdcConfigKey.MINIMUM_TICKET_LIFETIME);
+ return getLong(KdcConfigKey.MINIMUM_TICKET_LIFETIME, true, KDCDEFAULT);
}
public List<EncryptionType> getEncryptionTypes() {
- return KrbConfHelper.getEncTypesUnderSection(this, KdcConfigKey.ENCRYPTION_TYPES);
+ return getEncTypes(KdcConfigKey.ENCRYPTION_TYPES, true, KDCDEFAULT);
}
public boolean isPaEncTimestampRequired() {
- return getBoolean(KdcConfigKey.PA_ENC_TIMESTAMP_REQUIRED, true);
+ return getBoolean(KdcConfigKey.PA_ENC_TIMESTAMP_REQUIRED, true, KDCDEFAULT);
}
public boolean isBodyChecksumVerified() {
- return getBoolean(KdcConfigKey.VERIFY_BODY_CHECKSUM, true);
+ return getBoolean(KdcConfigKey.VERIFY_BODY_CHECKSUM, true, KDCDEFAULT);
}
public boolean isRestrictAnonymousToTgt() {
- return KrbConfHelper.getBooleanUnderSection(this,
- KdcConfigKey.RESTRICT_ANONYMOUS_TO_TGT);
+ return getBoolean(KdcConfigKey.RESTRICT_ANONYMOUS_TO_TGT, true, KDCDEFAULT);
}
public int getKdcMaxDgramReplySize() {
- return KrbConfHelper.getIntUnderSection(this,
- KdcConfigKey.KDC_MAX_DGRAM_REPLY_SIZE);
+ return getInt(KdcConfigKey.KDC_MAX_DGRAM_REPLY_SIZE, true, KDCDEFAULT);
}
public String getVerifyKeyConfig() {
- return KrbConfHelper.getStringUnderSection(this,
- KdcConfigKey.VERIFY_KEY, true);
+ return getString(KdcConfigKey.VERIFY_KEY, true, KDCDEFAULT);
}
public String getDecryptionKeyConfig() {
- return KrbConfHelper.getStringUnderSection(this,
- KdcConfigKey.DECRYPTION_KEY, true);
+ return getString(KdcConfigKey.DECRYPTION_KEY, true, KDCDEFAULT);
}
public List<String> getIssuers() {
- return Arrays.asList(KrbConfHelper.getStringArrayUnderSection(this,
- KdcConfigKey.ISSUERS));
+ return Arrays.asList(getStringArray(KdcConfigKey.ISSUERS, true, KDCDEFAULT));
}
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ea74f8db/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfigKey.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfigKey.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfigKey.java
index 178d19d..e9c736d 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfigKey.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfigKey.java
@@ -19,20 +19,20 @@
*/
package org.apache.kerby.kerberos.kerb.server;
-import org.apache.kerby.kerberos.kerb.common.SectionConfigKey;
+import org.apache.kerby.config.ConfigKey;
-public enum KdcConfigKey implements SectionConfigKey {
+public enum KdcConfigKey implements ConfigKey {
KRB_DEBUG(true),
KDC_SERVICE_NAME("KDC-Server"),
KDC_IDENTITY_BACKEND,
- KDC_HOST("127.0.0.1", "kdcdefaults"), // NOPMD
- KDC_PORT(null, "kdcdefaults"),
- KDC_ALLOW_TCP(true, "kdcdefaults"),
- KDC_ALLOW_UDP(true, "kdcdefaults"),
- KDC_UDP_PORT(null, "kdcdefaults"),
- KDC_TCP_PORT(null, "kdcdefaults"),
+ KDC_HOST("127.0.0.1"), // NOPMD
+ KDC_PORT,
+ KDC_ALLOW_TCP(true),
+ KDC_ALLOW_UDP(true),
+ KDC_UDP_PORT,
+ KDC_TCP_PORT,
KDC_DOMAIN("example.com"),
- KDC_REALM("EXAMPLE.COM", "kdcdefaults"),
+ KDC_REALM("EXAMPLE.COM"),
PREAUTH_REQUIRED(true),
ALLOW_TOKEN_PREAUTH(true),
ALLOWABLE_CLOCKSKEW(5 * 60L),
@@ -47,20 +47,14 @@ public enum KdcConfigKey implements SectionConfigKey {
RENEWABLE_ALLOWED(true),
VERIFY_BODY_CHECKSUM(true),
ENCRYPTION_TYPES("aes128-cts-hmac-sha1-96 des3-cbc-sha1-kd"),
- RESTRICT_ANONYMOUS_TO_TGT(false, "kdcdefaults"),
- KDC_MAX_DGRAM_REPLY_SIZE(4096, "kdcdefaults"),
- VERIFY_KEY(null, "kdcdefaults"),
- DECRYPTION_KEY(null, "kdcdefaults"),
- ISSUERS(null, "kdcdefaults");
+ RESTRICT_ANONYMOUS_TO_TGT(false),
+ KDC_MAX_DGRAM_REPLY_SIZE(4096),
+ VERIFY_KEY(),
+ DECRYPTION_KEY(),
+ ISSUERS();
private Object defaultValue;
- /**
- * The name of a section where a config key is contained
- * in section-able config file.
- */
- private String sectionName;
-
private KdcConfigKey() {
this.defaultValue = null;
}
@@ -69,11 +63,6 @@ public enum KdcConfigKey implements SectionConfigKey {
this.defaultValue = defaultValue;
}
- private KdcConfigKey(Object defaultValue, String sectionName) {
- this(defaultValue);
- this.sectionName = sectionName;
- }
-
@Override
public String getPropertyKey() {
return name().toLowerCase();
@@ -83,9 +72,4 @@ public enum KdcConfigKey implements SectionConfigKey {
public Object getDefaultValue() {
return this.defaultValue;
}
-
- @Override
- public String getSectionName() {
- return sectionName;
- }
}