You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by pl...@apache.org on 2016/07/07 06:41:46 UTC
[01/27] directory-kerby git commit: Adding @Ignore'd GSS interop
testcase
Repository: directory-kerby
Updated Branches:
refs/heads/kpasswd 70fd3d0c5 -> dcbfcbe2d
Adding @Ignore'd GSS interop testcase
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/1bce738d
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/1bce738d
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/1bce738d
Branch: refs/heads/kpasswd
Commit: 1bce738d298cd706bc7d62d25287cc04163cbfcf
Parents: 79d4a58
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Tue Jun 28 14:57:23 2016 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Tue Jun 28 14:57:23 2016 +0100
----------------------------------------------------------------------
.../kerberos/kerb/server/GssInteropTest.java | 52 +++++++++++++++++---
1 file changed, 46 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/1bce738d/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/GssInteropTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/GssInteropTest.java b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/GssInteropTest.java
index 832d59d..7e0d269 100644
--- a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/GssInteropTest.java
+++ b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/GssInteropTest.java
@@ -19,6 +19,20 @@
*/
package org.apache.kerby.kerberos.kerb.server;
+import java.io.ByteArrayOutputStream;
+import java.security.Principal;
+import java.security.PrivilegedExceptionAction;
+import java.util.Set;
+
+import javax.security.auth.Subject;
+import javax.security.auth.kerberos.KerberosTicket;
+
+import org.apache.kerby.kerberos.kerb.ccache.CredCacheOutputStream;
+import org.apache.kerby.kerberos.kerb.ccache.Credential;
+import org.apache.kerby.kerberos.kerb.ccache.CredentialCache;
+import org.apache.kerby.kerberos.kerb.client.KrbClient;
+import org.apache.kerby.kerberos.kerb.type.ticket.SgtTicket;
+import org.apache.kerby.kerberos.kerb.type.ticket.TgtTicket;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
@@ -28,12 +42,6 @@ import org.ietf.jgss.Oid;
import org.junit.Assert;
import org.junit.Test;
-import javax.security.auth.Subject;
-import javax.security.auth.kerberos.KerberosTicket;
-import java.security.Principal;
-import java.security.PrivilegedExceptionAction;
-import java.util.Set;
-
/**
* This is an interop test using the Java GSS APIs against the Kerby KDC
*/
@@ -62,6 +70,38 @@ public class GssInteropTest extends LoginTestBase {
validateServiceTicket(kerberosToken);
}
+
+ @Test
+ @org.junit.Ignore
+ public void testKerbyClientAndGssService() throws Exception {
+ KrbClient client = getKrbClient();
+ client.init();
+
+ try {
+ // Get a service ticket using Kerby APIs
+ TgtTicket tgt = client.requestTgt(getClientPrincipal(), getClientPassword());
+ Assert.assertTrue(tgt != null);
+
+ SgtTicket tkt = client.requestSgt(tgt, getServerPrincipal());
+ Assert.assertTrue(tkt != null);
+
+ Credential credential = new Credential(tkt, tgt.getClientPrincipal());
+ CredentialCache cCache = new CredentialCache();
+ cCache.addCredential(credential);
+ cCache.setPrimaryPrincipal(tgt.getClientPrincipal());
+
+ ByteArrayOutputStream bout = new ByteArrayOutputStream();
+ CredCacheOutputStream os = new CredCacheOutputStream(bout);
+ cCache.store(bout);
+ os.close();
+
+ // Now validate the ticket using GSS
+ validateServiceTicket(bout.toByteArray());
+ } catch (Exception e) {
+ e.printStackTrace();
+ Assert.fail();
+ }
+ }
private void validateServiceTicket(byte[] ticket) throws Exception {
Subject serviceSubject = loginServiceUsingKeytab();
[08/27] directory-kerby git commit: Just write out the JWT token "as
is" if there is no signature key
Posted by pl...@apache.org.
Just write out the JWT token "as is" if there is no signature key
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/55e90d92
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/55e90d92
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/55e90d92
Branch: refs/heads/kpasswd
Commit: 55e90d922e85f969de084fc3e2322a7925547080
Parents: 5e75bf5
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Mon Jul 4 12:18:02 2016 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Mon Jul 4 12:18:32 2016 +0100
----------------------------------------------------------------------
.../test/jaas/TokenAuthLoginModule.java | 73 +++++++++++++-------
.../kerberos/provider/token/JwtAuthToken.java | 6 +-
2 files changed, 51 insertions(+), 28 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/55e90d92/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java b/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java
index 7eee5ba..d0e8549 100644
--- a/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java
+++ b/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java
@@ -33,10 +33,14 @@ import org.apache.kerby.kerberos.kerb.type.base.KrbToken;
import org.apache.kerby.kerberos.kerb.type.base.TokenFormat;
import org.apache.kerby.kerberos.kerb.type.kdc.EncKdcRepPart;
import org.apache.kerby.kerberos.kerb.type.ticket.TgtTicket;
+import org.apache.kerby.kerberos.provider.token.JwtAuthToken;
import org.apache.kerby.kerberos.provider.token.JwtTokenEncoder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import com.nimbusds.jwt.JWT;
+import com.nimbusds.jwt.JWTParser;
+
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.kerberos.KerberosPrincipal;
@@ -50,6 +54,7 @@ import java.io.IOException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.interfaces.RSAPrivateKey;
+import java.text.ParseException;
import java.util.Date;
import java.util.Iterator;
import java.util.Map;
@@ -245,38 +250,55 @@ public class TokenAuthLoginModule implements LoginModule {
throw new LoginException("No valid token was found in token cache: " + tokenCacheName);
}
}
- TokenDecoder tokenDecoder = KrbRuntime.getTokenProvider().createTokenDecoder();
- try {
- authToken = tokenDecoder.decodeFromString(tokenStr);
- } catch (IOException e) {
- e.printStackTrace();
- }
- krbToken = new KrbToken(authToken, TokenFormat.JWT);
- TokenEncoder tokenEncoder = KrbRuntime.getTokenProvider().createTokenEncoder();
- if (tokenEncoder instanceof JwtTokenEncoder && signKeyFile != null) {
- PrivateKey signKey = null;
+ krbToken = new KrbToken();
+
+ // Sign the token.
+ if (signKeyFile != null) {
try {
- FileInputStream fis = new FileInputStream(signKeyFile);
- signKey = PrivateKeyReader.loadPrivateKey(fis);
- } catch (FileNotFoundException e) {
- e.printStackTrace();
- } catch (Exception e) {
- e.printStackTrace();
+ TokenDecoder tokenDecoder = KrbRuntime.getTokenProvider().createTokenDecoder();
+ try {
+ authToken = tokenDecoder.decodeFromString(tokenStr);
+ } catch (IOException e) {
+ e.printStackTrace();
+ }
+ krbToken = new KrbToken(authToken, TokenFormat.JWT);
+ TokenEncoder tokenEncoder = KrbRuntime.getTokenProvider().createTokenEncoder();
+
+ if (tokenEncoder instanceof JwtTokenEncoder) {
+ PrivateKey signKey = null;
+ try {
+ FileInputStream fis = new FileInputStream(signKeyFile);
+ signKey = PrivateKeyReader.loadPrivateKey(fis);
+ } catch (FileNotFoundException e) {
+ e.printStackTrace();
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+
+ ((JwtTokenEncoder) tokenEncoder).setSignKey((RSAPrivateKey) signKey);
+ }
+
+ krbToken.setTokenValue(tokenEncoder.encodeAsBytes(authToken));
+ } catch (KrbException e) {
+ throw new RuntimeException("Failed to encode AuthToken", e);
+ }
+ } else {
+ // Otherwise just write out the token (which could be already signed)
+ krbToken.setTokenValue(tokenStr.getBytes());
+
+ try {
+ JWT jwt = JWTParser.parse(tokenStr);
+ authToken = new JwtAuthToken(jwt.getJWTClaimsSet());
+ } catch (ParseException e) {
+ // Invalid JWT encoding
+ throw new RuntimeException("Failed to parse JWT token string", e);
}
-
- ((JwtTokenEncoder) tokenEncoder).setSignKey((RSAPrivateKey) signKey);
}
-
- krbToken = new KrbToken();
+
krbToken.setInnerToken(authToken);
krbToken.setTokenType();
krbToken.setTokenFormat(TokenFormat.JWT);
- try {
- krbToken.setTokenValue(tokenEncoder.encodeAsBytes(authToken));
- } catch (KrbException e) {
- throw new RuntimeException("Failed to encode AuthToken", e);
- }
KrbClient krbClient = null;
try {
@@ -290,6 +312,7 @@ public class TokenAuthLoginModule implements LoginModule {
} catch (IOException e) {
e.printStackTrace();
}
+
KrbTokenClient tokenClient = new KrbTokenClient(krbClient);
try {
tgtTicket = tokenClient.requestTgt(krbToken,
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/55e90d92/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtAuthToken.java
----------------------------------------------------------------------
diff --git a/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtAuthToken.java b/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtAuthToken.java
index e5d92c8..b6e60c4 100644
--- a/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtAuthToken.java
+++ b/kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtAuthToken.java
@@ -40,15 +40,15 @@ public class JwtAuthToken implements AuthToken {
private Boolean isIdToken = true;
private Boolean isAcToken = false;
- protected JwtAuthToken() {
+ public JwtAuthToken() {
this(new JWTClaimsSet());
}
- protected JwtAuthToken(JWTClaimsSet jwtClaims) {
+ public JwtAuthToken(JWTClaimsSet jwtClaims) {
this.jwtClaims = jwtClaims;
}
- protected JwtAuthToken(ReadOnlyJWTClaimsSet jwtClaims) {
+ public JwtAuthToken(ReadOnlyJWTClaimsSet jwtClaims) {
this.jwtClaims = JwtUtil.from(jwtClaims);
}
[09/27] directory-kerby git commit: NPE fix
Posted by pl...@apache.org.
NPE fix
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/8b9b2f98
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/8b9b2f98
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/8b9b2f98
Branch: refs/heads/kpasswd
Commit: 8b9b2f98397660a91fed5d5300ff5822edfa7809
Parents: 55e90d9
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Mon Jul 4 12:33:11 2016 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Mon Jul 4 12:33:11 2016 +0100
----------------------------------------------------------------------
.../kerb/integration/test/jaas/TokenAuthLoginModule.java | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/8b9b2f98/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java b/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java
index d0e8549..15788b2 100644
--- a/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java
+++ b/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java
@@ -112,7 +112,7 @@ public class TokenAuthLoginModule implements LoginModule {
}
if ((String) options.get(CREDENTIAL_CACHE) != null) {
cCache = new File((String) options.get(CREDENTIAL_CACHE));
- }
+ }
if ((String) options.get(SIGN_KEY_FILE) != null) {
signKeyFile = new File((String) options.get(SIGN_KEY_FILE));
}
@@ -230,6 +230,10 @@ public class TokenAuthLoginModule implements LoginModule {
if (armorCache == null) {
throw new LoginException("An armor cache must be specified via the armorCache configuration option");
}
+
+ if (cCache == null) {
+ throw new LoginException("A credential cache must be specified via the credentialCache configuration option");
+ }
String error = "";
if (tokenStr == null && tokenCacheName == null) {
[14/27] directory-kerby git commit: Another NPE fix if it fails to
load the PKINIT trust anchor
Posted by pl...@apache.org.
Another NPE fix if it fails to load the PKINIT trust anchor
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/35fb465a
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/35fb465a
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/35fb465a
Branch: refs/heads/kpasswd
Commit: 35fb465a7b6d63e1ba4e886f162b1b1cddd677a7
Parents: 36ed64d
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Tue Jul 5 12:34:18 2016 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Tue Jul 5 12:34:18 2016 +0100
----------------------------------------------------------------------
.../kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java | 6 ++++++
1 file changed, 6 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/35fb465a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java
index 9a15c4e..9b37eb2 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java
@@ -363,6 +363,12 @@ public class PkinitPreauth extends AbstractPreauthPlugin {
} catch (KrbException e) {
e.printStackTrace();
}
+
+ if (x509Certificate == null) {
+ LOG.error("Failed to load PKINIT anchor");
+ throw new KrbException("Failed to load PKINIT anchor");
+ }
+
Certificate archorCertificate = PkinitCrypto.changeToCertificate(x509Certificate);
CertificateSet certificateSet = signedData.getCertificates();
[27/27] directory-kerby git commit: Merge remote-tracking branch
'asf/trunk' into kpasswd
Posted by pl...@apache.org.
Merge remote-tracking branch 'asf/trunk' into kpasswd
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/dcbfcbe2
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/dcbfcbe2
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/dcbfcbe2
Branch: refs/heads/kpasswd
Commit: dcbfcbe2d29f4616002d8a9167e62b179d0c1f6b
Parents: 70fd3d0 ff14ab7
Author: plusplusjiajia <ji...@intel.com>
Authored: Thu Jul 7 14:47:22 2016 +0800
Committer: plusplusjiajia <ji...@intel.com>
Committed: Thu Jul 7 14:47:22 2016 +0800
----------------------------------------------------------------------
.../identitybackend/LdapIdentityBackend.java | 2 +
kerby-common/kerby-asn1/pom.xml | 3 -
.../java/org/apache/kerby/asn1/EnumType.java | 2 +-
kerby-common/kerby-xdr/pom.xml | 29 ++
.../java/org/apache/kerby/xdr/EnumType.java | 37 ++
.../java/org/apache/kerby/xdr/XdrDataType.java | 55 +++
.../java/org/apache/kerby/xdr/XdrFieldInfo.java | 53 +++
.../apache/kerby/xdr/type/AbstractXdrType.java | 100 +++++
.../org/apache/kerby/xdr/type/XdrBoolean.java | 94 +++++
.../org/apache/kerby/xdr/type/XdrBytes.java | 45 ++
.../apache/kerby/xdr/type/XdrEnumerated.java | 66 +++
.../org/apache/kerby/xdr/type/XdrInteger.java | 85 ++++
.../org/apache/kerby/xdr/type/XdrSimple.java | 132 ++++++
.../org/apache/kerby/xdr/type/XdrString.java | 346 ++++++++++++++++
.../apache/kerby/xdr/type/XdrStructType.java | 99 +++++
.../java/org/apache/kerby/xdr/type/XdrType.java | 62 +++
.../org/apache/kerby/xdr/type/XdrUnion.java | 131 ++++++
.../kerby/xdr/type/XdrUnsignedInteger.java | 100 +++++
.../java/org/apache/kerby/xdr/util/HexUtil.java | 113 +++++
.../java/org/apache/kerby/xdr/util/IOUtil.java | 109 +++++
.../java/org/apache/kerby/xdr/util/Utf8.java | 34 ++
.../java/org/apache/kerby/xdr/util/XdrUtil.java | 26 ++
.../java/org/apache/kerby/xdr/TestUtil.java | 47 +++
.../org/apache/kerby/xdr/XdrBooleanTest.java | 60 +++
.../apache/kerby/xdr/XdrEnumeratedInstance.java | 56 +++
.../org/apache/kerby/xdr/XdrEnumeratedTest.java | 58 +++
.../org/apache/kerby/xdr/XdrIntegerTest.java | 80 ++++
.../org/apache/kerby/xdr/XdrStringTest.java | 59 +++
.../apache/kerby/xdr/XdrStructTypeInstance.java | 111 +++++
.../org/apache/kerby/xdr/XdrStructTypeTest.java | 83 ++++
.../org/apache/kerby/xdr/XdrUnionInstance.java | 170 ++++++++
.../java/org/apache/kerby/xdr/XdrUnionTest.java | 67 +++
.../kerby/xdr/XdrUnsignedIntegerTest.java | 69 ++++
kerby-common/pom.xml | 1 +
kerby-dist/README.md | 50 +++
kerby-dist/kdc-dist/bin/admin-server.cmd | 32 ++
kerby-dist/kdc-dist/bin/admin-server.sh | 32 ++
kerby-dist/kdc-dist/bin/remote-admin-client.cmd | 32 ++
kerby-dist/kdc-dist/bin/remote-admin-client.sh | 32 ++
kerby-dist/kdc-dist/conf/adminClient.conf | 23 ++
kerby-dist/kdc-dist/conf/adminServer.conf | 23 ++
kerby-dist/kdc-dist/pom.xml | 10 +
.../kerby/kerberos/kdc/KerbyKdcServer.java | 4 +-
.../test/jaas/TokenAuthLoginModule.java | 146 +++++--
.../integration/test/TokenLoginTestBase.java | 10 +-
.../TokenLoginWithTokenPreauthEnabledTest.java | 72 ++++
kerby-kerb/kerb-admin-server/pom.xml | 56 +++
.../kerb/admin/server/KerbyAdminServer.java | 80 ++++
.../kerb/admin/server/kadmin/AdminServer.java | 266 ++++++++++++
.../admin/server/kadmin/AdminServerConfig.java | 105 +++++
.../server/kadmin/AdminServerConfigKey.java | 59 +++
.../admin/server/kadmin/AdminServerContext.java | 52 +++
.../admin/server/kadmin/AdminServerHandler.java | 238 +++++++++++
.../admin/server/kadmin/AdminServerOption.java | 52 +++
.../admin/server/kadmin/AdminServerSetting.java | 212 ++++++++++
.../admin/server/kadmin/AdminServerUtil.java | 165 ++++++++
.../impl/AbstractInternalAdminServer.java | 116 ++++++
.../kadmin/impl/DefaultAdminServerHandler.java | 199 +++++++++
.../impl/DefaultInternalAdminServerImpl.java | 80 ++++
.../server/kadmin/impl/InternalAdminServer.java | 60 +++
.../src/main/resources/adminServer.conf | 20 +
kerby-kerb/kerb-admin/pom.xml | 5 +
.../kerby/kerberos/kerb/admin/AdminHelper.java | 308 --------------
.../kerby/kerberos/kerb/admin/AuthUtil.java | 141 +++++++
.../kerby/kerberos/kerb/admin/Kadmin.java | 207 ----------
.../kerby/kerberos/kerb/admin/KadminOption.java | 76 ----
.../kerby/kerberos/kerb/admin/KadminServer.java | 144 -------
.../kerby/kerberos/kerb/admin/Krb5Conf.java | 86 ++++
.../kerby/kerberos/kerb/admin/LocalKadmin.java | 87 ----
.../kerberos/kerb/admin/LocalKadminImpl.java | 400 ------------------
.../kerb/admin/RemoteAdminClientTool.java | 263 ++++++++++++
.../kerberos/kerb/admin/RemoteKadminImpl.java | 144 -------
.../kerberos/kerb/admin/kadmin/Kadmin.java | 207 ++++++++++
.../kerb/admin/kadmin/KadminOption.java | 76 ++++
.../kerb/admin/kadmin/local/AdminHelper.java | 309 ++++++++++++++
.../kerb/admin/kadmin/local/LocalKadmin.java | 88 ++++
.../admin/kadmin/local/LocalKadminImpl.java | 407 +++++++++++++++++++
.../kerb/admin/kadmin/remote/AdminClient.java | 204 ++++++++++
.../kerb/admin/kadmin/remote/AdminConfig.java | 132 ++++++
.../admin/kadmin/remote/AdminConfigKey.java | 58 +++
.../kerb/admin/kadmin/remote/AdminContext.java | 49 +++
.../kerb/admin/kadmin/remote/AdminHandler.java | 162 ++++++++
.../kerb/admin/kadmin/remote/AdminOption.java | 102 +++++
.../kerb/admin/kadmin/remote/AdminSetting.java | 129 ++++++
.../kerb/admin/kadmin/remote/AdminUtil.java | 127 ++++++
.../admin/kadmin/remote/RemoteKadminImpl.java | 207 ++++++++++
.../command/RemoteAddPrincipalCommand.java | 65 +++
.../kadmin/remote/command/RemoteCommand.java | 41 ++
.../command/RemoteDeletePrincipalCommand.java | 83 ++++
.../remote/command/RemoteGetprincsCommand.java | 65 +++
.../remote/command/RemotePrintUsageCommand.java | 42 ++
.../command/RemoteRenamePrincipalCommand.java | 85 ++++
.../impl/AbstractInternalAdminClient.java | 71 ++++
.../kadmin/remote/impl/DefaultAdminHandler.java | 79 ++++
.../remote/impl/DefaultInternalAdminClient.java | 71 ++++
.../kadmin/remote/impl/InternalAdminClient.java | 41 ++
.../remote/request/AddPrincipalRequest.java | 114 ++++++
.../kadmin/remote/request/AdminRequest.java | 63 +++
.../remote/request/DeletePrincipalRequest.java | 70 ++++
.../kadmin/remote/request/GetprincsRequest.java | 70 ++++
.../remote/request/RenamePrincipalRequest.java | 74 ++++
.../kerb/admin/message/AddPrincipalRep.java | 30 ++
.../kerb/admin/message/AddPrincipalReq.java | 30 ++
.../kerb/admin/message/AdminMessage.java | 56 +++
.../kerb/admin/message/AdminMessageCode.java | 90 ++++
.../kerb/admin/message/AdminMessageEnum.java | 41 ++
.../kerb/admin/message/AdminMessageType.java | 73 ++++
.../kerberos/kerb/admin/message/AdminRep.java | 33 ++
.../kerberos/kerb/admin/message/AdminReq.java | 34 ++
.../kerb/admin/message/DeletePrincipalRep.java | 30 ++
.../kerb/admin/message/DeletePrincipalReq.java | 30 ++
.../kerb/admin/message/GetprincsRep.java | 26 ++
.../kerb/admin/message/GetprincsReq.java | 26 ++
.../kerberos/kerb/admin/message/KadminCode.java | 63 +++
.../kerb/admin/message/RenamePrincipalRep.java | 29 ++
.../kerb/admin/message/RenamePrincipalReq.java | 29 ++
.../kerby/kerberos/kerb/admin/KadminTest.java | 24 --
.../client/preauth/pkinit/PkinitPreauth.java | 21 +-
.../kerb/preauth/pkinit/CertificateHelper.java | 16 +-
.../kerb/preauth/pkinit/PkinitCrypto.java | 68 ++--
.../kerberos/kerb/transport/KdcNetwork.java | 1 -
.../apache/kerby/kerberos/kerb/CryptoTest.java | 52 +++
.../src/test/resources/kdccerttest.pem | 25 ++
.../kerberos/kerb/server/GssInteropTest.java | 15 +-
.../kerby/kerberos/kerb/server/KdcSetting.java | 2 +-
.../kerberos/kerb/server/ServerSetting.java | 35 ++
.../server/preauth/pkinit/PkinitPreauth.java | 61 ++-
.../kerberos/kerb/server/request/AsRequest.java | 8 +-
.../kerberos/kerb/server/SimpleKdcServer.java | 4 +-
kerby-kerb/pom.xml | 1 +
.../kerberos/provider/token/JwtAuthToken.java | 6 +-
kerby-tool/kdc-tool/pom.xml | 6 +
.../kerby/kerberos/tool/kadmin/KadminTool.java | 6 +-
.../kerby/kerberos/tool/kadmin/ToolUtil.java | 2 +-
.../kadmin/command/AddPrincipalCommand.java | 4 +-
.../kadmin/command/AddPrincipalsCommand.java | 4 +-
.../kadmin/command/ChangePasswordCommand.java | 4 +-
.../kadmin/command/DeletePrincipalCommand.java | 4 +-
.../kadmin/command/GetPrincipalCommand.java | 2 +-
.../tool/kadmin/command/KadminCommand.java | 2 +-
.../tool/kadmin/command/KeytabAddCommand.java | 2 +-
.../kadmin/command/KeytabRemoveCommand.java | 4 +-
.../kadmin/command/ListPrincipalCommand.java | 2 +-
.../kadmin/command/ModifyPrincipalCommand.java | 4 +-
.../kadmin/command/RenamePrincipalCommand.java | 7 +-
.../kerberos/tool/kdcinit/KdcInitTool.java | 19 +-
pom.xml | 4 +-
147 files changed, 9444 insertions(+), 1553 deletions(-)
----------------------------------------------------------------------
[21/27] directory-kerby git commit: DIRKRB-592 Merge kadmin-remote
branch to trunk.
Posted by pl...@apache.org.
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-common/kerby-xdr/src/test/java/org/apache/kerby/xdr/XdrIntegerTest.java
----------------------------------------------------------------------
diff --git a/kerby-common/kerby-xdr/src/test/java/org/apache/kerby/xdr/XdrIntegerTest.java b/kerby-common/kerby-xdr/src/test/java/org/apache/kerby/xdr/XdrIntegerTest.java
new file mode 100644
index 0000000..9246f12
--- /dev/null
+++ b/kerby-common/kerby-xdr/src/test/java/org/apache/kerby/xdr/XdrIntegerTest.java
@@ -0,0 +1,80 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.xdr;
+
+import org.apache.kerby.xdr.type.XdrInteger;
+import org.apache.kerby.xdr.util.HexUtil;
+import org.junit.Test;
+
+import java.io.IOException;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+public class XdrIntegerTest {
+ @Test
+ public void testEncoding() throws IOException {
+ testEncodingWith(0, "0x00 00 00 00");
+ testEncodingWith(1, "0x00 00 00 01");
+ testEncodingWith(2, "0x00 00 00 02");
+ testEncodingWith(127, "0x00 00 00 7F");
+ testEncodingWith(128, "0x00 00 00 80");
+ testEncodingWith(-1, "0xFF FF FF FF");
+ testEncodingWith(-127, "0xFF FF FF 81");
+ testEncodingWith(-255, "0xFF FF FF 01");
+ testEncodingWith(-32768, "0xFF FF 80 00");
+ testEncodingWith(1234567890, "0x49 96 02 D2");
+ testEncodingWith(2147483647, "0x7F FF FF FF");
+ testEncodingWith(-2147483647, "0x80 00 00 01");
+ testEncodingWith(-2147483648, "0x80 00 00 00");
+ }
+
+ private void testEncodingWith(int value, String expectedEncoding) throws IOException {
+ byte[] expected = HexUtil.hex2bytesFriendly(expectedEncoding);
+ XdrInteger aValue = new XdrInteger(value);
+
+ byte[] encodingBytes = aValue.encode();
+ assertThat(encodingBytes).isEqualTo(expected);
+ }
+
+
+ @Test
+ public void testDecoding() throws IOException {
+ testDecodingWith(0, "0x00 00 00 00");
+ testDecodingWith(1, "0x00 00 00 01");
+ testDecodingWith(2, "0x00 00 00 02");
+ testDecodingWith(127, "0x00 00 00 7F");
+ testDecodingWith(128, "0x00 00 00 80");
+ testDecodingWith(-1, "0xFF FF FF FF");
+ testDecodingWith(-127, "0xFF FF FF 81");
+ testDecodingWith(-255, "0xFF FF FF 01");
+ testDecodingWith(-32768, "0xFF FF 80 00");
+ testDecodingWith(1234567890, "0x49 96 02 D2");
+ testDecodingWith(2147483647, "0x7F FF FF FF");
+ testDecodingWith(-2147483647, "0x80 00 00 01");
+ testDecodingWith(-2147483648, "0x80 00 00 00");
+ }
+
+ private void testDecodingWith(int expectedValue, String content) throws IOException {
+ XdrInteger decoded = new XdrInteger();
+
+ decoded.decode(HexUtil.hex2bytesFriendly(content));
+ assertThat(decoded.getValue().intValue()).isEqualTo(expectedValue);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-common/kerby-xdr/src/test/java/org/apache/kerby/xdr/XdrStringTest.java
----------------------------------------------------------------------
diff --git a/kerby-common/kerby-xdr/src/test/java/org/apache/kerby/xdr/XdrStringTest.java b/kerby-common/kerby-xdr/src/test/java/org/apache/kerby/xdr/XdrStringTest.java
new file mode 100644
index 0000000..8bb30a4
--- /dev/null
+++ b/kerby-common/kerby-xdr/src/test/java/org/apache/kerby/xdr/XdrStringTest.java
@@ -0,0 +1,59 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.xdr;
+
+import org.apache.kerby.xdr.type.XdrString;
+import org.apache.kerby.xdr.util.HexUtil;
+import org.junit.Test;
+
+import java.io.IOException;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+public class XdrStringTest {
+ @Test
+ public void testEncoding() throws IOException {
+ testEncodingWith("Hello, Kerby!", "0X00 00 00 0D 48 65 6C 6C 6F 2C 20 4B 65 72 62 79 21 00 00 00");
+ testEncodingWith("sillyprog", "0X00 00 00 09 73 69 6C 6C 79 70 72 6F 67 00 00 00");
+ testEncodingWith("(quit)", "0X00 00 00 06 28 71 75 69 74 29 00 00");
+ }
+
+ private void testEncodingWith(String value, String expectedEncoding) throws IOException {
+ byte[] expected = HexUtil.hex2bytesFriendly(expectedEncoding);
+ XdrString aValue = new XdrString(value);
+
+ byte[] encodingBytes = aValue.encode();
+ assertThat(encodingBytes).isEqualTo(expected);
+ }
+
+
+ @Test
+ public void testDecoding() throws IOException {
+ testDecodingWith("Hello, Kerby!", "0X00 00 00 0D 48 65 6C 6C 6F 2C 20 4B 65 72 62 79 21 00 00 00");
+ testDecodingWith("sillyprog", "0X00 00 00 09 73 69 6c 6c 79 70 72 6f 67 00 00 00");
+ testDecodingWith("(quit)", "0X00 00 00 06 28 71 75 69 74 29 00 00");
+ }
+
+ private void testDecodingWith(String expectedValue, String content) throws IOException {
+ XdrString decoded = new XdrString();
+ decoded.decode(HexUtil.hex2bytesFriendly(content));
+ assertThat(decoded.getValue()).isEqualTo(expectedValue);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-common/kerby-xdr/src/test/java/org/apache/kerby/xdr/XdrStructTypeInstance.java
----------------------------------------------------------------------
diff --git a/kerby-common/kerby-xdr/src/test/java/org/apache/kerby/xdr/XdrStructTypeInstance.java b/kerby-common/kerby-xdr/src/test/java/org/apache/kerby/xdr/XdrStructTypeInstance.java
new file mode 100644
index 0000000..37c5196
--- /dev/null
+++ b/kerby-common/kerby-xdr/src/test/java/org/apache/kerby/xdr/XdrStructTypeInstance.java
@@ -0,0 +1,111 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.xdr;
+
+import org.apache.kerby.xdr.type.AbstractXdrType;
+import org.apache.kerby.xdr.type.XdrBoolean;
+import org.apache.kerby.xdr.type.XdrInteger;
+import org.apache.kerby.xdr.type.XdrString;
+import org.apache.kerby.xdr.type.XdrStructType;
+import org.apache.kerby.xdr.type.XdrType;
+import org.apache.kerby.xdr.type.XdrUnion;
+import org.apache.kerby.xdr.type.XdrUnsignedInteger;
+
+class MyFile {
+ String fileName;
+ UnionFileTypeSwitch fileType;
+ String owner;
+
+ MyFile(String name, UnionFileTypeSwitch fileType, String owner) {
+ this.fileName = name;
+ this.fileType = fileType;
+ this.owner = owner;
+ }
+
+ public String getFileName() {
+ return fileName;
+ }
+
+ public UnionFileTypeSwitch getFileType() {
+ return fileType;
+ }
+
+ public String getOwner() {
+ return owner;
+ }
+
+}
+
+public class XdrStructTypeInstance extends XdrStructType {
+ public XdrStructTypeInstance() {
+ super(XdrDataType.STRUCT);
+ }
+
+ public XdrStructTypeInstance(XdrFieldInfo[] fieldInfos) {
+ super(XdrDataType.STRUCT, fieldInfos);
+ }
+
+ protected void getStructTypeInstance(final XdrType[] fields, final XdrFieldInfo[] fieldInfos) {
+ for (int i = 0; i < fieldInfos.length; i++) {
+ switch (fieldInfos[i].getDataType()) {
+ case INTEGER:
+ fields[i] = new XdrInteger((Integer) fieldInfos[i].getValue());
+ break;
+ case UNSIGNED_INTEGER:
+ fields[i] = new XdrUnsignedInteger((Long) fieldInfos[i].getValue());
+ break;
+ case BOOLEAN:
+ fields[i] = new XdrBoolean((Boolean) fieldInfos[i].getValue());
+ break;
+ case ENUM:
+ fields[i] = new FileKindEnumeratedInstance((FileKind) fieldInfos[i].getValue());
+ break;
+ case UNION:
+ fields[i] = (XdrUnion) fieldInfos[i].getValue();
+ break;
+ case STRING:
+ fields[i] = new XdrString((String) fieldInfos[i].getValue());
+ break;
+ case STRUCT:
+ fields[i] = new XdrStructTypeInstance((XdrFieldInfo[]) fieldInfos[i].getValue());
+ default:
+ fields[i] = null;
+ }
+ }
+
+ }
+
+ @Override
+ protected XdrStructType fieldsToValues(AbstractXdrType[] fields) {
+ XdrFieldInfo[] fieldInfos = {new XdrFieldInfo(0, XdrDataType.STRING, fields[0].getValue()),
+ new XdrFieldInfo(1, XdrDataType.UNION, fields[1].getValue()),
+ new XdrFieldInfo(2, XdrDataType.STRING, fields[2].getValue())};
+ return new XdrStructTypeInstance(fieldInfos);
+ }
+
+ @Override
+ protected AbstractXdrType[] getAllFields() {
+ AbstractXdrType[] fields = new AbstractXdrType[3];
+ fields[0] = new XdrString();
+ fields[1] = new XdrUnionInstance();
+ fields[2] = new XdrString();
+ return fields;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-common/kerby-xdr/src/test/java/org/apache/kerby/xdr/XdrStructTypeTest.java
----------------------------------------------------------------------
diff --git a/kerby-common/kerby-xdr/src/test/java/org/apache/kerby/xdr/XdrStructTypeTest.java b/kerby-common/kerby-xdr/src/test/java/org/apache/kerby/xdr/XdrStructTypeTest.java
new file mode 100644
index 0000000..c41a20b
--- /dev/null
+++ b/kerby-common/kerby-xdr/src/test/java/org/apache/kerby/xdr/XdrStructTypeTest.java
@@ -0,0 +1,83 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.xdr;
+
+import org.apache.kerby.xdr.type.XdrStructType;
+import org.apache.kerby.xdr.type.XdrUnion;
+import org.apache.kerby.xdr.util.HexUtil;
+import org.junit.Test;
+
+import java.io.IOException;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+public class XdrStructTypeTest {
+ @Test
+ public void testEncoding() throws IOException {
+ MyFile file = new MyFile("sillyprog", new UnionFileTypeSwitch(FileKind.EXEC), "john");
+ testEncodingWith(file, "0x00 00 00 09 73 69 6c 6c 79 70 72 6f 67 00 00 00 00 00 00 02 "
+ + "00 00 00 04 6c 69 73 70 00 00 00 04 6a 6f 68 6e");
+ }
+
+ private void testEncodingWith(MyFile value, String expectedEncoding) throws IOException {
+ byte[] expected = HexUtil.hex2bytesFriendly(expectedEncoding);
+ UnionFileTypeSwitch fileType = value.getFileType();
+ XdrFieldInfo[] unionFieldInfo = {new XdrFieldInfo(0, fileType.getFileKind(), fileType.getFileValue()),
+ new XdrFieldInfo(1, fileType.getArmKind(), fileType.getArmValue())};
+ XdrFieldInfo[] fieldInfos = {new XdrFieldInfo(0, XdrDataType.STRING, value.getFileName()),
+ new XdrFieldInfo(1, XdrDataType.UNION, new XdrUnionInstance(unionFieldInfo)),
+ new XdrFieldInfo(2, XdrDataType.STRING, value.getOwner())};
+
+ XdrStructType aValue = new XdrStructTypeInstance(fieldInfos);
+
+ byte[] encodingBytes = aValue.encode();
+ assertThat(encodingBytes).isEqualTo(expected);
+ }
+
+
+ @Test
+ public void testDecoding() throws IOException {
+ MyFile file = new MyFile("sillyprog", new UnionFileTypeSwitch(FileKind.EXEC), "john");
+ testDecodingWith(file, "0x00 00 00 09 73 69 6c 6c 79 70 72 6f 67 00 00 00 00 00 00 02 "
+ + "00 00 00 04 6c 69 73 70 00 00 00 04 6a 6f 68 6e");
+ }
+
+ private void testDecodingWith(MyFile expectedValue, String content) throws IOException {
+ XdrStructType decoded = new XdrStructTypeInstance();
+
+ decoded.decode(HexUtil.hex2bytesFriendly(content));
+
+ XdrFieldInfo[] fieldInfos = decoded.getValue().getXdrFieldInfos();
+ assertThat(fieldInfos.length).isEqualTo(3);
+ assertThat(fieldInfos[0].getDataType()).isEqualTo(XdrDataType.STRING);
+ assertThat((String) fieldInfos[0].getValue()).isEqualTo(expectedValue.getFileName());
+
+ assertThat(fieldInfos[1].getDataType()).isEqualTo(XdrDataType.UNION);
+ XdrFieldInfo[] unionFieldInfo = ((XdrUnion) fieldInfos[1].getValue()).getXdrFieldInfos();
+ assertThat(unionFieldInfo[0].getDataType()).isEqualTo(expectedValue.getFileType().getFileKind());
+ assertThat(unionFieldInfo[0].getValue()).isEqualTo(expectedValue.getFileType().getFileValue());
+ assertThat(unionFieldInfo[1].getDataType()).isEqualTo(expectedValue.getFileType().getArmKind());
+ assertThat((String) unionFieldInfo[1].getValue()).isEqualTo(expectedValue.getFileType().getArmValue());
+
+ assertThat(fieldInfos[2].getDataType()).isEqualTo(XdrDataType.STRING);
+ assertThat((String) fieldInfos[2].getValue()).isEqualTo(expectedValue.getOwner());
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-common/kerby-xdr/src/test/java/org/apache/kerby/xdr/XdrUnionInstance.java
----------------------------------------------------------------------
diff --git a/kerby-common/kerby-xdr/src/test/java/org/apache/kerby/xdr/XdrUnionInstance.java b/kerby-common/kerby-xdr/src/test/java/org/apache/kerby/xdr/XdrUnionInstance.java
new file mode 100644
index 0000000..fbc13b7
--- /dev/null
+++ b/kerby-common/kerby-xdr/src/test/java/org/apache/kerby/xdr/XdrUnionInstance.java
@@ -0,0 +1,170 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.xdr;
+
+import org.apache.kerby.xdr.type.AbstractXdrType;
+import org.apache.kerby.xdr.type.XdrBoolean;
+import org.apache.kerby.xdr.type.XdrEnumerated;
+import org.apache.kerby.xdr.type.XdrInteger;
+import org.apache.kerby.xdr.type.XdrString;
+import org.apache.kerby.xdr.type.XdrType;
+import org.apache.kerby.xdr.type.XdrUnion;
+import org.apache.kerby.xdr.type.XdrUnsignedInteger;
+
+enum FileKind implements EnumType {
+ TEXT,
+ DATA,
+ EXEC;
+
+ public int getValue() {
+ return ordinal();
+ }
+
+ public String getName() {
+ return name();
+ }
+}
+
+class FileKindEnumeratedInstance extends XdrEnumerated<FileKind> {
+
+ FileKindEnumeratedInstance() {
+ super(null);
+ }
+
+ FileKindEnumeratedInstance(FileKind value) {
+ super(value);
+ }
+ @Override
+ protected EnumType[] getAllEnumValues() {
+ return FileKind.values();
+ }
+
+}
+
+class UnionFileTypeSwitch {
+ FileKind fileKind;
+ Object arm;
+ UnionFileTypeSwitch(FileKind fileKind) {
+ this.fileKind = fileKind;
+ switch (fileKind) {
+ case TEXT:
+ arm = null;
+ break;
+ case DATA:
+ arm = "creator";
+ break;
+ case EXEC:
+ arm = "lisp";
+ break;
+ }
+ }
+
+ XdrDataType getFileKind() {
+ return XdrDataType.ENUM;
+ }
+
+ FileKind getFileValue() {
+ return fileKind;
+ }
+
+ XdrDataType getArmKind() {
+ XdrDataType xdrDataType = XdrDataType.UNKNOWN;
+ switch (fileKind) {
+ case TEXT:
+ xdrDataType = XdrDataType.UNKNOWN;
+ break;
+ case DATA:
+ xdrDataType = XdrDataType.STRING;
+ break;
+ case EXEC:
+ xdrDataType = XdrDataType.STRING;
+ break;
+ }
+ return xdrDataType;
+ }
+
+ Object getArmValue() {
+ return arm;
+ }
+}
+
+public class XdrUnionInstance extends XdrUnion {
+
+ public XdrUnionInstance() {
+ super(XdrDataType.UNION);
+ }
+
+ public XdrUnionInstance(XdrFieldInfo[] fieldInfos) {
+ super(XdrDataType.UNION, fieldInfos);
+ }
+
+
+ @Override
+ protected void getUnionInstance(XdrType[] fields, XdrFieldInfo[] fieldInfos) {
+ switch (fieldInfos[0].getDataType()) {
+ case INTEGER:
+ fields[0] = new XdrInteger((Integer) fieldInfos[0].getValue());
+ break;
+ case UNSIGNED_INTEGER:
+ fields[0] = new XdrUnsignedInteger((Long) fieldInfos[0].getValue());
+ break;
+ case BOOLEAN:
+ fields[0] = new XdrBoolean((Boolean) fieldInfos[0].getValue());
+ break;
+ case ENUM:
+ fields[0] = new FileKindEnumeratedInstance((FileKind) fieldInfos[0].getValue());
+ break;
+ default:
+ throw new RuntimeException("Wrong discriminant type for union: " + fieldInfos[0].getDataType());
+ }
+
+ switch (fieldInfos[1].getDataType()) {
+ case INTEGER:
+ fields[1] = new XdrInteger((Integer) fieldInfos[1].getValue());
+ break;
+ case UNSIGNED_INTEGER:
+ fields[1] = new XdrUnsignedInteger((Long) fieldInfos[1].getValue());
+ break;
+ case BOOLEAN:
+ fields[1] = new XdrBoolean((Boolean) fieldInfos[1].getValue());
+ break;
+ case STRING:
+ fields[1] = new XdrString((String) fieldInfos[1].getValue());
+ break;
+ default:
+ fields[1] = null;
+ }
+ }
+
+ @Override
+ protected XdrUnion fieldsToValues(AbstractXdrType[] fields) {
+ XdrFieldInfo[] fieldInfos = {new XdrFieldInfo(0, XdrDataType.ENUM, fields[0].getValue()),
+ new XdrFieldInfo(1, XdrDataType.STRING, fields[1].getValue())};
+ return new XdrUnionInstance(fieldInfos);
+ }
+
+ @Override
+ protected AbstractXdrType[] getAllFields() {
+ AbstractXdrType[] fields = new AbstractXdrType[2];
+ fields[0] = new FileKindEnumeratedInstance();
+ fields[1] = new XdrString();
+ return fields;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-common/kerby-xdr/src/test/java/org/apache/kerby/xdr/XdrUnionTest.java
----------------------------------------------------------------------
diff --git a/kerby-common/kerby-xdr/src/test/java/org/apache/kerby/xdr/XdrUnionTest.java b/kerby-common/kerby-xdr/src/test/java/org/apache/kerby/xdr/XdrUnionTest.java
new file mode 100644
index 0000000..e9b9275
--- /dev/null
+++ b/kerby-common/kerby-xdr/src/test/java/org/apache/kerby/xdr/XdrUnionTest.java
@@ -0,0 +1,67 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.xdr;
+
+import org.apache.kerby.xdr.type.XdrUnion;
+import org.apache.kerby.xdr.util.HexUtil;
+import org.junit.Test;
+
+import java.io.IOException;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+public class XdrUnionTest {
+ @Test
+ public void testEncoding() throws IOException {
+ UnionFileTypeSwitch fileType = new UnionFileTypeSwitch(FileKind.EXEC);
+ testEncodingWith(fileType, "0x00 00 00 02 00 00 00 04 6c 69 73 70");
+ }
+
+ private void testEncodingWith(UnionFileTypeSwitch value, String expectedEncoding) throws IOException {
+ byte[] expected = HexUtil.hex2bytesFriendly(expectedEncoding);
+ XdrFieldInfo[] fieldInfos = {new XdrFieldInfo(0, value.getFileKind(), value.getFileValue()),
+ new XdrFieldInfo(1, value.getArmKind(), value.getArmValue())};
+
+ XdrUnion aValue = new XdrUnionInstance(fieldInfos);
+
+ byte[] encodingBytes = aValue.encode();
+ assertThat(encodingBytes).isEqualTo(expected);
+ }
+
+
+ @Test
+ public void testDecoding() throws IOException {
+ UnionFileTypeSwitch fileType = new UnionFileTypeSwitch(FileKind.EXEC);
+ testDecodingWith(fileType, "0x00 00 00 02 00 00 00 04 6c 69 73 70");
+ }
+
+ private void testDecodingWith(UnionFileTypeSwitch expectedValue, String content) throws IOException {
+ XdrUnion decoded = new XdrUnionInstance();
+
+ decoded.decode(HexUtil.hex2bytesFriendly(content));
+
+ XdrFieldInfo[] fieldInfos = decoded.getValue().getXdrFieldInfos();
+ assertThat(fieldInfos.length).isEqualTo(2);
+ assertThat(fieldInfos[0].getDataType()).isEqualTo(expectedValue.getFileKind());
+ assertThat((FileKind) fieldInfos[0].getValue()).isEqualTo(expectedValue.getFileValue());
+ assertThat(fieldInfos[1].getDataType()).isEqualTo(expectedValue.getArmKind());
+ assertThat((String) fieldInfos[1].getValue()).isEqualTo(expectedValue.getArmValue());
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-common/kerby-xdr/src/test/java/org/apache/kerby/xdr/XdrUnsignedIntegerTest.java
----------------------------------------------------------------------
diff --git a/kerby-common/kerby-xdr/src/test/java/org/apache/kerby/xdr/XdrUnsignedIntegerTest.java b/kerby-common/kerby-xdr/src/test/java/org/apache/kerby/xdr/XdrUnsignedIntegerTest.java
new file mode 100644
index 0000000..118f094
--- /dev/null
+++ b/kerby-common/kerby-xdr/src/test/java/org/apache/kerby/xdr/XdrUnsignedIntegerTest.java
@@ -0,0 +1,69 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.xdr;
+
+import org.apache.kerby.xdr.type.XdrUnsignedInteger;
+import org.apache.kerby.xdr.util.HexUtil;
+import org.junit.Test;
+
+import java.io.IOException;
+
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+public class XdrUnsignedIntegerTest {
+ @Test
+ public void testEncoding() throws IOException {
+ testEncodingWith("0", "0x00 00 00 00");
+ testEncodingWith("1", "0x00 00 00 01");
+ testEncodingWith("2", "0x00 00 00 02");
+ testEncodingWith("1234567890", "0x49 96 02 D2");
+ testEncodingWith("2147483647", "0x7F FF FF FF");
+ testEncodingWith("2147483648", "0x80 00 00 00");
+ testEncodingWith("4294967295", "0xFF FF FF FF");
+ }
+
+ private void testEncodingWith(String value, String expectedEncoding) throws IOException {
+ byte[] expected = HexUtil.hex2bytesFriendly(expectedEncoding);
+ XdrUnsignedInteger aValue = new XdrUnsignedInteger(value);
+
+ byte[] encodingBytes = aValue.encode();
+ assertThat(encodingBytes).isEqualTo(expected);
+ }
+
+
+ @Test
+ public void testDecoding() throws IOException {
+ testDecodingWith("0", "0x00 00 00 00");
+ testDecodingWith("1", "0x00 00 00 01");
+ testDecodingWith("2", "0x00 00 00 02");
+ testDecodingWith("1234567890", "0x49 96 02 D2");
+ testDecodingWith("2147483647", "0x7F FF FF FF");
+ testDecodingWith("2147483648", "0x80 00 00 00");
+ testDecodingWith("4294967295", "0xFF FF FF FF");
+ }
+
+ private void testDecodingWith(String expectedValue, String content) throws IOException {
+ XdrUnsignedInteger decoded = new XdrUnsignedInteger();
+
+ decoded.decode(HexUtil.hex2bytesFriendly(content));
+ assertThat(decoded.getValue().toString()).isEqualTo(expectedValue);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-common/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-common/pom.xml b/kerby-common/pom.xml
index 309fcd7..e2e679b 100644
--- a/kerby-common/pom.xml
+++ b/kerby-common/pom.xml
@@ -29,5 +29,6 @@
<module>kerby-asn1</module>
<module>kerby-config</module>
<module>kerby-util</module>
+ <module>kerby-xdr</module>
</modules>
</project>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-dist/kdc-dist/bin/admin-server.cmd
----------------------------------------------------------------------
diff --git a/kerby-dist/kdc-dist/bin/admin-server.cmd b/kerby-dist/kdc-dist/bin/admin-server.cmd
new file mode 100644
index 0000000..091773f
--- /dev/null
+++ b/kerby-dist/kdc-dist/bin/admin-server.cmd
@@ -0,0 +1,32 @@
+@echo off
+@rem Licensed to the Apache Software Foundation (ASF) under one
+@rem or more contributor license agreements. See the NOTICE file
+@rem distributed with this work for additional information
+@rem regarding copyright ownership. The ASF licenses this file
+@rem to you under the Apache License, Version 2.0 (the
+@rem "License"); you may not use this file except in compliance
+@rem with the License. You may obtain a copy of the License at
+@rem
+@rem http://www.apache.org/licenses/LICENSE-2.0
+@rem
+@rem Unless required by applicable law or agreed to in writing,
+@rem software distributed under the License is distributed on an
+@rem "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+@rem KIND, either express or implied. See the License for the
+@rem specific language governing permissions and limitations
+@rem under the License.
+@rem
+
+set DEBUG=
+set args=%*
+for %%a in (%*) do (
+ if -D == %%a (
+ set DEBUG=-Xdebug -Xrunjdwp:transport=dt_socket,address=8008,server=y,suspend=n
+ set args=%args:-D=%
+ )
+)
+
+java %DEBUG% ^
+-classpath target\lib\* ^
+-DKERBY_LOGFILE=admin-server ^
+org.apache.kerby.kerberos.kerb.admin.server.KerbyAdminServer %args%
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-dist/kdc-dist/bin/admin-server.sh
----------------------------------------------------------------------
diff --git a/kerby-dist/kdc-dist/bin/admin-server.sh b/kerby-dist/kdc-dist/bin/admin-server.sh
new file mode 100644
index 0000000..fb455f2
--- /dev/null
+++ b/kerby-dist/kdc-dist/bin/admin-server.sh
@@ -0,0 +1,32 @@
+#!/usr/bin/env bash
+
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+DEBUG=
+args=
+for var in $*; do
+ if [ X"$var" = X"-D" ]; then
+ DEBUG="-Xdebug -Xrunjdwp:transport=dt_socket,address=8008,server=y,suspend=n"
+ else
+ args="$args $var"
+ fi
+done
+
+java $DEBUG \
+-classpath target/lib/*:. \
+-DKERBY_LOGFILE=admin-server \
+org.apache.kerby.kerberos.kerb.admin.server.KerbyAdminServer $args
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-dist/kdc-dist/bin/remote-admin-client.cmd
----------------------------------------------------------------------
diff --git a/kerby-dist/kdc-dist/bin/remote-admin-client.cmd b/kerby-dist/kdc-dist/bin/remote-admin-client.cmd
new file mode 100644
index 0000000..d8fc483
--- /dev/null
+++ b/kerby-dist/kdc-dist/bin/remote-admin-client.cmd
@@ -0,0 +1,32 @@
+@echo off
+@rem Licensed to the Apache Software Foundation (ASF) under one
+@rem or more contributor license agreements. See the NOTICE file
+@rem distributed with this work for additional information
+@rem regarding copyright ownership. The ASF licenses this file
+@rem to you under the Apache License, Version 2.0 (the
+@rem "License"); you may not use this file except in compliance
+@rem with the License. You may obtain a copy of the License at
+@rem
+@rem http://www.apache.org/licenses/LICENSE-2.0
+@rem
+@rem Unless required by applicable law or agreed to in writing,
+@rem software distributed under the License is distributed on an
+@rem "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+@rem KIND, either express or implied. See the License for the
+@rem specific language governing permissions and limitations
+@rem under the License.
+@rem
+
+set DEBUG=
+set args=%*
+for %%a in (%*) do (
+ if -D == %%a (
+ set DEBUG=-Xdebug -Xrunjdwp:transport=dt_socket,address=8009,server=y,suspend=n
+ set args=%args:-D=%
+ )
+)
+
+java %DEBUG% ^
+-classpath target\lib\* ^
+-DKERBY_LOGFILE=remote-admin-client ^
+org.apache.kerby.kerberos.kerb.admin.RemoteAdminClientTool %args%
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-dist/kdc-dist/bin/remote-admin-client.sh
----------------------------------------------------------------------
diff --git a/kerby-dist/kdc-dist/bin/remote-admin-client.sh b/kerby-dist/kdc-dist/bin/remote-admin-client.sh
new file mode 100644
index 0000000..21b7848
--- /dev/null
+++ b/kerby-dist/kdc-dist/bin/remote-admin-client.sh
@@ -0,0 +1,32 @@
+#!/usr/bin/env bash
+
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+DEBUG=
+args=
+for var in $*; do
+ if [ X"$var" = X"-D" ]; then
+ DEBUG="-Xdebug -Xrunjdwp:transport=dt_socket,address=8009,server=y,suspend=n"
+ else
+ args="$args $var"
+ fi
+done
+
+java $DEBUG \
+-classpath target/lib/*:. \
+-DKERBY_LOGFILE=remote-admin-client \
+org.apache.kerby.kerberos.kerb.admin.RemoteAdminClientTool $args
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-dist/kdc-dist/conf/adminClient.conf
----------------------------------------------------------------------
diff --git a/kerby-dist/kdc-dist/conf/adminClient.conf b/kerby-dist/kdc-dist/conf/adminClient.conf
new file mode 100644
index 0000000..7c6909b
--- /dev/null
+++ b/kerby-dist/kdc-dist/conf/adminClient.conf
@@ -0,0 +1,23 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+[libdefaults]
+default_realm = EXAMPLE.COM
+admin_port = 65417
+keytab_file = admin.keytab
+protocol = adminprotocol
+server_name = localhost
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-dist/kdc-dist/conf/adminServer.conf
----------------------------------------------------------------------
diff --git a/kerby-dist/kdc-dist/conf/adminServer.conf b/kerby-dist/kdc-dist/conf/adminServer.conf
new file mode 100644
index 0000000..ecb5bca
--- /dev/null
+++ b/kerby-dist/kdc-dist/conf/adminServer.conf
@@ -0,0 +1,23 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+[libdefaults]
+default_realm = EXAMPLE.COM
+admin_port = 65417
+keytab_file = protocol.keytab
+protocol = adminprotocol
+server_name = localhost
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-dist/kdc-dist/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-dist/kdc-dist/pom.xml b/kerby-dist/kdc-dist/pom.xml
index 71c5f25..da3a2e1 100644
--- a/kerby-dist/kdc-dist/pom.xml
+++ b/kerby-dist/kdc-dist/pom.xml
@@ -35,6 +35,16 @@
</dependency>
<dependency>
<groupId>org.apache.kerby</groupId>
+ <artifactId>kerb-admin-server</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.kerby</groupId>
+ <artifactId>kerb-admin</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.kerby</groupId>
<artifactId>kerby-asn1</artifactId>
<version>${project.version}</version>
</dependency>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/KerbyKdcServer.java
----------------------------------------------------------------------
diff --git a/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/KerbyKdcServer.java b/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/KerbyKdcServer.java
index 0bbe7b7..79cc46a 100644
--- a/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/KerbyKdcServer.java
+++ b/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/KerbyKdcServer.java
@@ -21,8 +21,8 @@ package org.apache.kerby.kerberos.kdc;
import org.apache.kerby.kerberos.kdc.impl.NettyKdcServerImpl;
import org.apache.kerby.kerberos.kerb.KrbException;
-import org.apache.kerby.kerberos.kerb.admin.LocalKadmin;
-import org.apache.kerby.kerberos.kerb.admin.LocalKadminImpl;
+import org.apache.kerby.kerberos.kerb.admin.kadmin.local.LocalKadmin;
+import org.apache.kerby.kerberos.kerb.admin.kadmin.local.LocalKadminImpl;
import org.apache.kerby.kerberos.kerb.server.KdcServer;
import org.apache.kerby.util.OSUtil;
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-kerb/kerb-admin-server/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin-server/pom.xml b/kerby-kerb/kerb-admin-server/pom.xml
new file mode 100644
index 0000000..546f6da
--- /dev/null
+++ b/kerby-kerb/kerb-admin-server/pom.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License. See accompanying LICENSE file.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+
+ <parent>
+ <groupId>org.apache.kerby</groupId>
+ <artifactId>kerby-kerb</artifactId>
+ <version>1.0.0-RC3-SNAPSHOT</version>
+ </parent>
+
+ <artifactId>kerb-admin-server</artifactId>
+
+ <name>Kerby-kerb Admin Server</name>
+ <description>Kerby-kerb Admin Server</description>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.kerby</groupId>
+ <artifactId>kerby-config</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.kerby</groupId>
+ <artifactId>kerb-identity</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.kerby</groupId>
+ <artifactId>kerb-util</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.kerby</groupId>
+ <artifactId>kerb-admin</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.kerby</groupId>
+ <artifactId>kerb-common</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ </dependencies>
+</project>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/KerbyAdminServer.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/KerbyAdminServer.java b/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/KerbyAdminServer.java
new file mode 100644
index 0000000..50e59e3
--- /dev/null
+++ b/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/KerbyAdminServer.java
@@ -0,0 +1,80 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.server;
+
+
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.admin.Krb5Conf;
+import org.apache.kerby.kerberos.kerb.admin.server.kadmin.AdminServer;
+import org.apache.kerby.kerberos.kerb.admin.server.kadmin.AdminServerConfig;
+import org.apache.kerby.kerberos.kerb.server.KdcConfig;
+import org.apache.kerby.kerberos.kerb.server.KdcUtil;
+import org.apache.kerby.util.OSUtil;
+
+import java.io.File;
+import java.io.IOException;
+
+public class KerbyAdminServer {
+ private static final String USAGE = (OSUtil.isWindows()
+ ? "Usage: bin\\admin-server.cmd" : "Usage: sh bin/admin-server.sh")
+ + " <conf-file>\n"
+ + "\tExample:\n"
+ + "\t\t"
+ + (OSUtil.isWindows()
+ ? "bin\\admin-server.cmd" : "sh bin/admin-server.sh")
+ + " conf\n";
+
+ public static void main(String[] args) throws Exception {
+
+ if (args.length != 1) {
+ System.err.println(USAGE);
+ System.exit(1);
+ }
+
+ String confDirPath = args[0];
+ AdminServer adminServer = new AdminServer(new File(confDirPath));
+ AdminServerConfig adminServerConfig = adminServer.getAdminServerConfig();
+
+ adminServer.setAdminHost(adminServerConfig.getAdminHost());
+ adminServer.setAllowTcp(true);
+ adminServer.setAllowUdp(false);
+ adminServer.setAdminServerPort(adminServerConfig.getAdminPort());
+
+ KdcConfig kdcConfig = KdcUtil.getKdcConfig(new File(confDirPath));
+ if (kdcConfig == null) {
+ kdcConfig = new KdcConfig();
+ }
+ try {
+ Krb5Conf krb5Conf = new Krb5Conf(new File(confDirPath), kdcConfig);
+ krb5Conf.initKrb5conf();
+ } catch (IOException e) {
+ throw new KrbException("Failed to make krb5.conf", e);
+ }
+
+ try {
+ adminServer.init();
+ } catch (KrbException e) {
+ System.err.println("Errors occurred when start admin server: " + e.getMessage());
+ System.exit(2);
+ }
+ adminServer.start();
+ System.out.println("Admin server started!");
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/kadmin/AdminServer.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/kadmin/AdminServer.java b/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/kadmin/AdminServer.java
new file mode 100644
index 0000000..659750a
--- /dev/null
+++ b/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/kadmin/AdminServer.java
@@ -0,0 +1,266 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.server.kadmin;
+
+import org.apache.kerby.KOptions;
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.admin.server.kadmin.impl.DefaultInternalAdminServerImpl;
+import org.apache.kerby.kerberos.kerb.admin.server.kadmin.impl.InternalAdminServer;
+import org.apache.kerby.kerberos.kerb.identity.backend.BackendConfig;
+import org.apache.kerby.kerberos.kerb.identity.backend.IdentityBackend;
+import org.apache.kerby.kerberos.kerb.server.KdcConfig;
+
+import java.io.File;
+
+/**
+ * The implemented Kerberos remote admin server API.
+ * We add the KdcConfig as a member variable to AdminServer,
+ * In order to make it easy to use LocalKadminImpl.
+ * The Kdc Config of corresponding KDC can be read from ConfDir.
+ */
+public class AdminServer {
+ private final AdminServerConfig adminServerConfig;
+ private final BackendConfig backendConfig;
+ private final KdcConfig kdcConfig;
+ private final AdminServerSetting adminServerSetting;
+ private final KOptions startupOptions;
+
+ private InternalAdminServer innerAdminServer;
+
+ /**
+ * Constructor passing adminServerConfig, kdcConfig and backendConfig.
+ * @param adminServerConfig The admin server config
+ * @param backendConfig The backend config
+ * @param kdcConfig The kdc config
+ * @throws KrbException e
+ */
+ public AdminServer(AdminServerConfig adminServerConfig,
+ BackendConfig backendConfig, KdcConfig kdcConfig) throws KrbException {
+ this.adminServerConfig = adminServerConfig;
+ this.kdcConfig = kdcConfig;
+ this.backendConfig = backendConfig;
+ startupOptions = new KOptions();
+ adminServerSetting = new AdminServerSetting(startupOptions,
+ adminServerConfig, kdcConfig, backendConfig);
+ }
+
+ /**
+ * Constructor given confDir where 'adminServer.conf', 'kdc.conf' and
+ * 'backend.conf' should be available.
+ * adminServer.conf that contains adminServer related items.
+ * kdc.conf, that contains kdc related items.
+ * backend.conf, that contains identity backend related items.
+ *
+ * @param confDir The conf dir
+ * @throws KrbException e
+ */
+ public AdminServer(File confDir) throws KrbException {
+ AdminServerConfig tmpAdminServerConfig =
+ AdminServerUtil.getAdminServerConfig(confDir);
+ if (tmpAdminServerConfig == null) {
+ tmpAdminServerConfig = new AdminServerConfig();
+ }
+ this.adminServerConfig = tmpAdminServerConfig;
+
+ KdcConfig tmpKdcConfig = AdminServerUtil.getKdcConfig(confDir);
+ if (tmpKdcConfig == null) {
+ tmpKdcConfig = new KdcConfig();
+ }
+ this.kdcConfig = tmpKdcConfig;
+
+ BackendConfig tmpBackendConfig = AdminServerUtil.getBackendConfig(confDir);
+ if (tmpBackendConfig == null) {
+ tmpBackendConfig = new BackendConfig();
+ }
+ tmpBackendConfig.setConfDir(confDir);
+ this.backendConfig = tmpBackendConfig;
+
+ startupOptions = new KOptions();
+ adminServerSetting = new AdminServerSetting(startupOptions,
+ adminServerConfig, kdcConfig, backendConfig);
+ }
+
+ /**
+ * Default constructor.
+ */
+ public AdminServer() {
+ adminServerConfig = new AdminServerConfig();
+ backendConfig = new BackendConfig();
+ kdcConfig = new KdcConfig();
+ startupOptions = new KOptions();
+ adminServerSetting = new AdminServerSetting(startupOptions,
+ adminServerConfig, kdcConfig, backendConfig);
+ }
+
+ /**
+ * Set Admin realm for ticket request
+ * @param realm The kdc realm
+ */
+ public void setAdminServerRealm(String realm) {
+ startupOptions.add(AdminServerOption.ADMIN_REALM, realm);
+ }
+
+ /**
+ * Set Admin host.
+ * @param adminHost The kdc host
+ */
+ public void setAdminHost(String adminHost) {
+ startupOptions.add(AdminServerOption.ADMIN_HOST, adminHost);
+ }
+
+ /**
+ * Set Admin port.
+ * @param adminPort The admin port
+ */
+ public void setAdminServerPort(int adminPort) {
+ startupOptions.add(AdminServerOption.ADMIN_PORT, adminPort);
+ }
+
+ /**
+ * Set Admin tcp port.
+ * @param adminTcpPort The admin tcp port
+ */
+ public void setAdminTcpPort(int adminTcpPort) {
+ startupOptions.add(AdminServerOption.ADMIN_TCP_PORT, adminTcpPort);
+ }
+
+ /**
+ * Set to allow UDP or not.
+ * @param allowUdp true if allow udp
+ */
+ public void setAllowUdp(boolean allowUdp) {
+ startupOptions.add(AdminServerOption.ALLOW_UDP, allowUdp);
+ }
+
+ /**
+ * Set to allow TCP or not.
+ * @param allowTcp true if allow tcp
+ */
+ public void setAllowTcp(boolean allowTcp) {
+ startupOptions.add(AdminServerOption.ALLOW_TCP, allowTcp);
+ }
+ /**
+ * Set Admin udp port. Only makes sense when allowUdp is set.
+ * @param adminUdpPort The admin udp port
+ */
+ public void setAdminUdpPort(int adminUdpPort) {
+ startupOptions.add(AdminServerOption.ADMIN_UDP_PORT, adminUdpPort);
+ }
+
+ /**
+ * Set runtime folder.
+ * @param workDir The work dir
+ */
+ public void setWorkDir(File workDir) {
+ startupOptions.add(AdminServerOption.WORK_DIR, workDir);
+ }
+
+ /**
+ * Allow to debug so have more logs.
+ */
+ public void enableDebug() {
+ startupOptions.add(AdminServerOption.ENABLE_DEBUG);
+ }
+
+ /**
+ * Allow to hook customized admin implementation.
+ *
+ * @param innerAdminServerImpl The inner admin implementation
+ */
+ public void setInnerAdminServerImpl(InternalAdminServer innerAdminServerImpl) {
+ startupOptions.add(AdminServerOption.INNER_ADMIN_IMPL, innerAdminServerImpl);
+ }
+
+ /**
+ * Get Admin setting from startup options and configs.
+ * @return setting
+ */
+ public AdminServerSetting getAdminServerSetting() {
+ return adminServerSetting;
+ }
+
+ /**
+ * Get the Admin config.
+ * @return AdminServerConfig
+ */
+ public AdminServerConfig getAdminServerConfig() {
+ return adminServerConfig;
+ }
+
+ /**
+ * Get backend config.
+ *
+ * @return backend configuration
+ */
+ public BackendConfig getBackendConfig() {
+ return backendConfig;
+ }
+
+ /**
+ * Get identity service.
+ * @return IdentityService
+ */
+ public IdentityBackend getIdentityService() {
+ if (innerAdminServer == null) {
+ throw new RuntimeException("Not init yet");
+ }
+ return innerAdminServer.getIdentityBackend();
+ }
+
+ /**
+ * Initialize.
+ *
+ * @throws KrbException e.
+ */
+ public void init() throws KrbException {
+ if (startupOptions.contains(AdminServerOption.INNER_ADMIN_IMPL)) {
+ innerAdminServer = (InternalAdminServer) startupOptions.getOptionValue(
+ AdminServerOption.INNER_ADMIN_IMPL);
+ } else {
+ innerAdminServer =
+ new DefaultInternalAdminServerImpl(adminServerSetting);
+ }
+
+ innerAdminServer.init();
+ }
+
+ /**
+ * Start the Admin admin.
+ *
+ * @throws KrbException e.
+ */
+ public void start() throws KrbException {
+ if (innerAdminServer == null) {
+ throw new RuntimeException("Not init yet");
+ }
+ innerAdminServer.start();
+ }
+
+ /**
+ * Stop the Admin admin.
+ *
+ * @throws KrbException e.
+ */
+ public void stop() throws KrbException {
+ if (innerAdminServer != null) {
+ innerAdminServer.stop();
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/kadmin/AdminServerConfig.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/kadmin/AdminServerConfig.java b/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/kadmin/AdminServerConfig.java
new file mode 100644
index 0000000..97e0904
--- /dev/null
+++ b/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/kadmin/AdminServerConfig.java
@@ -0,0 +1,105 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.server.kadmin;
+
+import org.apache.kerby.kerberos.kerb.common.Krb5Conf;
+
+/**
+ * Kerb admin server side configuration API.
+ */
+public class AdminServerConfig extends Krb5Conf {
+ private static final String KDCDEFAULT = "kdcdefaults";
+
+ public boolean enableDebug() {
+ return getBoolean(AdminServerConfigKey.KRB_DEBUG, true, KDCDEFAULT);
+ }
+
+ public String getAdminServiceName() {
+ return getString(AdminServerConfigKey.ADMIN_SERVICE_NAME, true, KDCDEFAULT);
+ }
+
+ public String getAdminHost() {
+ return getString(AdminServerConfigKey.ADMIN_HOST, true, KDCDEFAULT);
+ }
+
+ public int getAdminPort() {
+ Integer kdcPort = getInt(AdminServerConfigKey.ADMIN_PORT, true, KDCDEFAULT);
+ if (kdcPort != null && kdcPort > 0) {
+ return kdcPort.intValue();
+ }
+ return -1;
+ }
+
+ public int getAdminTcpPort() {
+ Integer kdcTcpPort = getInt(AdminServerConfigKey.ADMIN_TCP_PORT, true, KDCDEFAULT);
+ if (kdcTcpPort != null && kdcTcpPort > 0) {
+ return kdcTcpPort.intValue();
+ }
+ return getAdminPort();
+ }
+
+ /**
+ * Is to allow TCP for KDC
+ * @return true to allow TCP, false otherwise
+ */
+ public Boolean allowTcp() {
+ return getBoolean(AdminServerConfigKey.ADMIN_ALLOW_TCP, true, KDCDEFAULT)
+ || getInt(AdminServerConfigKey.ADMIN_TCP_PORT, true, KDCDEFAULT) != null
+ || getInt(AdminServerConfigKey.ADMIN_PORT, false, KDCDEFAULT) != null;
+ }
+
+ /**
+ * Is to allow UDP for KDC
+ * @return true to allow UDP, false otherwise
+ */
+ public Boolean allowUdp() {
+ return getBoolean(AdminServerConfigKey.ADMIN_ALLOW_UDP, true, KDCDEFAULT)
+ || getInt(AdminServerConfigKey.ADMIN_UDP_PORT, true, KDCDEFAULT) != null
+ || getInt(AdminServerConfigKey.ADMIN_PORT, false, KDCDEFAULT) != null;
+ }
+
+ public int getAdminUdpPort() {
+ Integer kdcUdpPort = getInt(AdminServerConfigKey.ADMIN_UDP_PORT, true, KDCDEFAULT);
+ if (kdcUdpPort != null && kdcUdpPort > 0) {
+ return kdcUdpPort.intValue();
+ }
+ return getAdminPort();
+ }
+
+ public String getAdminRealm() {
+ return getString(AdminServerConfigKey.ADMIN_REALM, true, KDCDEFAULT);
+ }
+
+ public String getAdminDomain() {
+ return getString(AdminServerConfigKey.ADMIN_DOMAIN, true, KDCDEFAULT);
+ }
+
+ public String getKeyTabFile() {
+ return getString(AdminServerConfigKey.KEYTAB_FILE, true, KDCDEFAULT);
+ }
+
+ public String getProtocol() {
+ return getString(AdminServerConfigKey.PROTOCOL, true, KDCDEFAULT);
+ }
+
+ public String getServerName() {
+ return getString(AdminServerConfigKey.SERVER_NAME, true, KDCDEFAULT);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/kadmin/AdminServerConfigKey.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/kadmin/AdminServerConfigKey.java b/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/kadmin/AdminServerConfigKey.java
new file mode 100644
index 0000000..6b71042
--- /dev/null
+++ b/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/kadmin/AdminServerConfigKey.java
@@ -0,0 +1,59 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.server.kadmin;
+
+import org.apache.kerby.config.ConfigKey;
+
+public enum AdminServerConfigKey implements ConfigKey {
+ KRB_DEBUG(true),
+ ADMIN_SERVICE_NAME("Kadmin-Server"),
+ KDC_IDENTITY_BACKEND,
+ ADMIN_HOST("localhost"),
+ ADMIN_PORT,
+ ADMIN_ALLOW_TCP(true),
+ ADMIN_ALLOW_UDP(true),
+ ADMIN_UDP_PORT,
+ ADMIN_TCP_PORT,
+ ADMIN_DOMAIN("example.com"),
+ ADMIN_REALM("EXAMPLE.COM"),
+ KEYTAB_FILE,
+ PROTOCOL,
+ SERVER_NAME("localhost");
+
+ private Object defaultValue;
+
+ AdminServerConfigKey() {
+ this.defaultValue = null;
+ }
+
+ AdminServerConfigKey(Object defaultValue) {
+ this.defaultValue = defaultValue;
+ }
+
+ @Override
+ public String getPropertyKey() {
+ return name().toLowerCase();
+ }
+
+ @Override
+ public Object getDefaultValue() {
+ return this.defaultValue;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/kadmin/AdminServerContext.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/kadmin/AdminServerContext.java b/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/kadmin/AdminServerContext.java
new file mode 100644
index 0000000..e057872
--- /dev/null
+++ b/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/kadmin/AdminServerContext.java
@@ -0,0 +1,52 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.server.kadmin;
+
+import org.apache.kerby.kerberos.kerb.identity.IdentityService;
+
+public class AdminServerContext {
+ private final AdminServerSetting adminServerSetting;
+
+ private IdentityService identityService;
+
+ public AdminServerContext(AdminServerSetting adminServerSetting) {
+ this.adminServerSetting = adminServerSetting;
+ }
+
+ public AdminServerSetting getAdminServerSetting() {
+ return adminServerSetting;
+ }
+
+ public AdminServerConfig getConfig() {
+ return adminServerSetting.getAdminServerConfig();
+ }
+
+ public void setIdentityService(IdentityService identityService) {
+ this.identityService = identityService;
+ }
+
+ public IdentityService getIdentityService() {
+ return identityService;
+ }
+
+ public String getAdminRealm() {
+ return adminServerSetting.getAdminRealm();
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/kadmin/AdminServerHandler.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/kadmin/AdminServerHandler.java b/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/kadmin/AdminServerHandler.java
new file mode 100644
index 0000000..5b85d96
--- /dev/null
+++ b/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/kadmin/AdminServerHandler.java
@@ -0,0 +1,238 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.server.kadmin;
+
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.admin.kadmin.local.LocalKadmin;
+import org.apache.kerby.kerberos.kerb.admin.kadmin.local.LocalKadminImpl;
+import org.apache.kerby.kerberos.kerb.admin.message.AddPrincipalRep;
+import org.apache.kerby.kerberos.kerb.admin.message.AdminMessage;
+import org.apache.kerby.kerberos.kerb.admin.message.AdminMessageCode;
+import org.apache.kerby.kerberos.kerb.admin.message.AdminMessageType;
+import org.apache.kerby.kerberos.kerb.admin.message.DeletePrincipalRep;
+import org.apache.kerby.kerberos.kerb.admin.message.GetprincsRep;
+import org.apache.kerby.kerberos.kerb.admin.message.KadminCode;
+import org.apache.kerby.kerberos.kerb.admin.message.RenamePrincipalRep;
+import org.apache.kerby.xdr.XdrDataType;
+import org.apache.kerby.xdr.XdrFieldInfo;
+import org.apache.kerby.xdr.type.XdrStructType;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.IOException;
+import java.net.InetAddress;
+import java.nio.ByteBuffer;
+import java.util.List;
+
+/**
+ * admin server handler to process client acmin requests.
+ */
+public class AdminServerHandler {
+ private static final Logger LOG = LoggerFactory.getLogger(AdminServerHandler.class);
+ private final AdminServerContext adminServerContext;
+
+ /**
+ * Constructor with admin server context.
+ *
+ * @param adminServerContext admin admin server context
+ */
+ public AdminServerHandler(AdminServerContext adminServerContext) {
+ this.adminServerContext = adminServerContext;
+ LOG.info("Admin realm: " + this.adminServerContext.getAdminRealm());
+ }
+
+ /**
+ * Process the client request message.
+ *
+ * @throws KrbException e
+ * @param receivedMessage The client request message
+ * @param remoteAddress Address from remote side
+ * @return The response message
+ */
+ public ByteBuffer handleMessage(ByteBuffer receivedMessage,
+ InetAddress remoteAddress) throws KrbException, IOException {
+ XdrStructType decoded = new AdminMessageCode();
+ decoded.decode(receivedMessage);
+ XdrFieldInfo[] fieldInfos = decoded.getValue().getXdrFieldInfos();
+ AdminMessageType type = (AdminMessageType) fieldInfos[0].getValue();
+
+ /**Create LocalKadmin here*/
+ LocalKadmin localKadmin = new LocalKadminImpl(adminServerContext.getAdminServerSetting());
+ ByteBuffer responseMessage = null;
+
+ switch (type) {
+ case ADD_PRINCIPAL_REQ:
+ System.out.println("message type: add principal req");
+ responseMessage = handleAddPrincipalReq(localKadmin, fieldInfos);
+ break;
+ case DELETE_PRINCIPAL_REQ:
+ System.out.println("message type: delete principal req");
+ responseMessage = handleDeletePrincipalReq(localKadmin, fieldInfos);
+ break;
+ case RENAME_PRINCIPAL_REQ:
+ System.out.println("message type: rename principal req");
+ responseMessage = handleRenamePrincipalReq(localKadmin, fieldInfos);
+ break;
+ case GET_PRINCS_REQ:
+ System.out.println("message type getPrincs req");
+ responseMessage = handleGetprincsReq(localKadmin, fieldInfos);
+ break;
+ default:
+ throw new KrbException("AdminMessageType error, can not handle it.");
+ }
+ return responseMessage;
+
+ }
+
+ private ByteBuffer handleAddPrincipalReq(LocalKadmin localKadmin, XdrFieldInfo[] fieldInfos) throws IOException {
+ String principal = (String) fieldInfos[2].getValue();
+ int paramNum = (int) fieldInfos[1].getValue();
+
+ if (paramNum == 1) {
+ /** Add principal with only principal name*/
+ LOG.info("handle nokey principal " + principal);
+ String[] temp = principal.split("@");
+ try {
+ localKadmin.addPrincipal(temp[0]);
+ } catch (KrbException e) {
+ String error = "principal already exist!";
+ LOG.error(error);
+ System.err.println(error);
+ ByteBuffer response = infoPackageTool(error, "addPrincipal");
+ return response;
+ }
+ } else if (paramNum == 2 && fieldInfos[3].getDataType() == XdrDataType.STRING) {
+ /** Add principal with password*/
+ LOG.info("handle principal with password " + principal);
+ String[] temp = principal.split("@");
+ String password = (String) fieldInfos[3].getValue();
+ try {
+ localKadmin.addPrincipal(temp[0], password);
+ } catch (KrbException e) {
+ String error = "principal already exist.\n"
+ + "Choose update password instead of add principal";
+ LOG.error(error);
+ ByteBuffer response = infoPackageTool(error, "addPrincipal");
+ return response;
+ }
+ }
+ String message = "add principal of " + principal;
+ LOG.info(message);
+ ByteBuffer responseMessage = infoPackageTool(message, "addPrincipal");
+ return responseMessage;
+ }
+
+ private ByteBuffer handleDeletePrincipalReq(LocalKadmin localKadmin, XdrFieldInfo[] fieldInfos) throws IOException {
+ /** message structure: msg_type, para_num(always equals 1), principal_name*/
+ String principal = (String) fieldInfos[2].getValue();
+ String[] temp = principal.split("@");
+ try {
+ localKadmin.deletePrincipal(temp[0]);
+ } catch (KrbException e) {
+ String error = "no such principal exist!";
+ LOG.error(error);
+ ByteBuffer response = infoPackageTool(error, "deletePrincipal");
+ return response;
+ }
+ String message = "delete principal of " + principal;
+ LOG.info(message);
+ ByteBuffer responseMessage = infoPackageTool(message, "deletePrincipal");
+ return responseMessage;
+ }
+
+ private ByteBuffer handleRenamePrincipalReq(LocalKadmin localKadmin, XdrFieldInfo[] fieldInfos) throws IOException {
+ /** message structure: msg_type, para_num(always equals 2), old name, new name*/
+
+ String[] oldPrincipalName = ((String) fieldInfos[2].getValue()).split("@");
+ String[] newPrincipalName = ((String) fieldInfos[3].getValue()).split("@");
+ try {
+ localKadmin.renamePrincipal(oldPrincipalName[0], newPrincipalName[0]);
+ } catch (KrbException e) {
+ String error = "the old principal name does not exist, or the new principal name"
+ + " already exists, rename failed.";
+ System.err.println(error);
+ ByteBuffer response = infoPackageTool(error, "renamePrincipal");
+ return response;
+ }
+
+ String message = "rename " + oldPrincipalName[0] + " to " + newPrincipalName[0];
+ ByteBuffer responseMessage = infoPackageTool(message, "renamePrincipal");
+ return responseMessage;
+ }
+
+ private ByteBuffer handleGetprincsReq(LocalKadmin localKadmin, XdrFieldInfo[] fieldInfos) throws IOException {
+ String globString = ((String) fieldInfos[2].getValue());
+ List<String> princsList = null;
+
+ try {
+ if (globString == null || globString.isEmpty()) {
+ princsList = localKadmin.getPrincipals();
+ } else {
+ princsList = localKadmin.getPrincipals(globString);
+ }
+ ByteBuffer responseMessage = infoPackageTool(listToString(princsList), "getPrincs");
+ return responseMessage;
+ } catch (KrbException e) {
+ String error = "principal do not exist.";
+ ByteBuffer responseError = infoPackageTool(error, "getPrincs");
+ return responseError;
+ }
+ }
+
+ private ByteBuffer infoPackageTool(String message, String dealType) throws IOException {
+ AdminMessage adminMessage = null;
+ XdrFieldInfo[] xdrFieldInfos = new XdrFieldInfo[3];
+
+ if ("getPrincs".equals(dealType)) {
+ adminMessage = new GetprincsRep();
+ xdrFieldInfos[0] = new XdrFieldInfo(0, XdrDataType.ENUM, AdminMessageType.GET_PRINCS_REP);
+ } else if ("renamePrincipal".equals(dealType)) {
+ adminMessage = new RenamePrincipalRep();
+ xdrFieldInfos[0] = new XdrFieldInfo(0, XdrDataType.ENUM, AdminMessageType.RENAME_PRINCIPAL_REP);
+ } else if ("deletePrincipal".equals(dealType)) {
+ adminMessage = new DeletePrincipalRep();
+ xdrFieldInfos[0] = new XdrFieldInfo(0, XdrDataType.ENUM, AdminMessageType.DELETE_PRINCIPAL_REP);
+ } else if ("addPrincipal".equals(dealType)) {
+ adminMessage = new AddPrincipalRep();
+ xdrFieldInfos[0] = new XdrFieldInfo(0, XdrDataType.ENUM, AdminMessageType.ADD_PRINCIPAL_REP);
+ }
+
+ xdrFieldInfos[1] = new XdrFieldInfo(1, XdrDataType.INTEGER, 1);
+ xdrFieldInfos[2] = new XdrFieldInfo(2, XdrDataType.STRING, message);
+
+ AdminMessageCode value = new AdminMessageCode(xdrFieldInfos);
+ adminMessage.setMessageBuffer(ByteBuffer.wrap(value.encode()));
+
+ ByteBuffer responseMessage = KadminCode.encodeMessage(adminMessage);
+ return responseMessage;
+ }
+
+ private String listToString(List<String> list) {
+ if (list.size() <= 0) {
+ return null;
+ }
+ //Both speed and safety,so use StringBuffer
+ StringBuffer result = new StringBuffer();
+ for (int i = 0; i < list.size(); i++) {
+ result.append(list.get(i)).append(" ");
+ }
+ return result.toString();
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/kadmin/AdminServerOption.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/kadmin/AdminServerOption.java b/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/kadmin/AdminServerOption.java
new file mode 100644
index 0000000..aa87a7c
--- /dev/null
+++ b/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/kadmin/AdminServerOption.java
@@ -0,0 +1,52 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.server.kadmin;
+
+import org.apache.kerby.KOption;
+import org.apache.kerby.KOptionInfo;
+import org.apache.kerby.KOptionType;
+
+/**
+ * KDC admin startup options
+ */
+public enum AdminServerOption implements KOption {
+ NONE(null),
+ INNER_ADMIN_IMPL(new KOptionInfo("inner KDC impl", "inner KDC impl", KOptionType.OBJ)),
+ ADMIN_REALM(new KOptionInfo("kdc realm", "kdc realm", KOptionType.STR)),
+ ADMIN_HOST(new KOptionInfo("kdc host", "kdc host", KOptionType.STR)),
+ ADMIN_PORT(new KOptionInfo("kdc port", "kdc port", KOptionType.INT)),
+ ALLOW_TCP(new KOptionInfo("allow tcp", "allow tcp", KOptionType.BOOL)),
+ ADMIN_TCP_PORT(new KOptionInfo("kdc tcp port", "kdc tcp port", KOptionType.INT)),
+ ALLOW_UDP(new KOptionInfo("allow udp", "allow udp", KOptionType.BOOL)),
+ ADMIN_UDP_PORT(new KOptionInfo("kdc udp port", "kdc udp port", KOptionType.INT)),
+ WORK_DIR(new KOptionInfo("work dir", "work dir", KOptionType.DIR)),
+ ENABLE_DEBUG(new KOptionInfo("enable debug", "enable debug", KOptionType.BOOL));
+
+ private final KOptionInfo optionInfo;
+
+ AdminServerOption(KOptionInfo optionInfo) {
+ this.optionInfo = optionInfo;
+ }
+
+ @Override
+ public KOptionInfo getOptionInfo() {
+ return optionInfo;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/kadmin/AdminServerSetting.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/kadmin/AdminServerSetting.java b/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/kadmin/AdminServerSetting.java
new file mode 100644
index 0000000..a8dba48
--- /dev/null
+++ b/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/kadmin/AdminServerSetting.java
@@ -0,0 +1,212 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.server.kadmin;
+
+import org.apache.kerby.KOptions;
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.identity.backend.BackendConfig;
+import org.apache.kerby.kerberos.kerb.server.KdcConfig;
+import org.apache.kerby.kerberos.kerb.server.ServerSetting;
+
+/**
+ * Admin Server setting that combines startup options and admin config.
+ */
+public class AdminServerSetting implements ServerSetting {
+ private final KOptions startupOptions;
+ private final AdminServerConfig adminServerConfig;
+ private final KdcConfig kdcConfig;
+ private final BackendConfig backendConfig;
+
+ /**
+ * AdminServerSetting constructor
+ * @param startupOptions startup options
+ * @param adminServerConfig admin configuration
+ * @param kdcConfig kdc configuration
+ * @param backendConfig backend configuration
+ */
+ public AdminServerSetting(KOptions startupOptions,
+ AdminServerConfig adminServerConfig,
+ KdcConfig kdcConfig,
+ BackendConfig backendConfig) {
+ this.startupOptions = startupOptions;
+ this.adminServerConfig = adminServerConfig;
+ this.kdcConfig = kdcConfig;
+ this.backendConfig = backendConfig;
+ }
+
+ public AdminServerSetting(AdminServerConfig adminServerConfig,
+ BackendConfig backendConfig, KdcConfig kdcConfig) {
+ this(new KOptions(), adminServerConfig, kdcConfig, backendConfig);
+ }
+
+ /**
+ * Get the Admin Server config.
+ * @return admin configuration
+ */
+ public AdminServerConfig getAdminServerConfig() {
+ return adminServerConfig;
+ }
+
+ /**
+ * Get the realm of KDC of Admin Server.
+ * @return the realm of KDC
+ */
+ @Override
+ public String getKdcRealm() {
+ return kdcConfig.getKdcRealm();
+ }
+
+ /**
+ * Get the KDC config of Admin server.
+ * @return the KDC configuration
+ */
+ @Override
+ public KdcConfig getKdcConfig() {
+ return kdcConfig;
+ }
+
+ /**
+ * Get the backend config.
+ * @return backend configuration
+ */
+ public BackendConfig getBackendConfig() {
+ return backendConfig;
+ }
+
+ public String getAdminHost() {
+ String adminHost = startupOptions.getStringOption(
+ AdminServerOption.ADMIN_HOST);
+ if (adminHost == null) {
+ adminHost = adminServerConfig.getAdminHost();
+ }
+ return adminHost;
+ }
+
+ /**
+ * Check admin tcp setting and see if any bad.
+ * @return valid tcp port or -1 if not allowTcp
+ * @throws KrbException e
+ */
+ public int checkGetAdminTcpPort() throws KrbException {
+ if (allowTcp()) {
+ int adminPort = getAdminTcpPort();
+ if (adminPort < 1) {
+ throw new KrbException("Admin Server tcp port isn't set or configured");
+ }
+ return adminPort;
+ }
+ return -1;
+ }
+
+ /**
+ * Check admin udp setting and see if any bad.
+ * @return valid udp port or -1 if not allowUdp
+ * @throws KrbException e
+ */
+ public int checkGetAdminUdpPort() throws KrbException {
+ if (allowUdp()) {
+ int adminPort = getAdminUdpPort();
+ if (adminPort < 1) {
+ throw new KrbException("Admin Server udp port isn't set or configured");
+ }
+ return adminPort;
+ }
+ return -1;
+ }
+
+ /**
+ * Get admin tcp port
+ *
+ * @return admin tcp port
+ */
+ public int getAdminTcpPort() {
+ int tcpPort = startupOptions.getIntegerOption(AdminServerOption.ADMIN_TCP_PORT);
+ if (tcpPort < 1) {
+ tcpPort = adminServerConfig.getAdminTcpPort();
+ }
+ if (tcpPort < 1) {
+ tcpPort = getAdminPort();
+ }
+
+ return tcpPort;
+ }
+
+ /**
+ * Get admin port
+ *
+ * @return admin port
+ */
+ public int getAdminPort() {
+ int adminPort = startupOptions.getIntegerOption(AdminServerOption.ADMIN_PORT);
+ if (adminPort < 1) {
+ adminPort = adminServerConfig.getAdminPort();
+ }
+ return adminPort;
+ }
+
+ /**
+ * Get whether tcp protocol is allowed
+ * @return tcp protocol is allowed or not
+ */
+ public boolean allowTcp() {
+ Boolean allowTcp = startupOptions.getBooleanOption(
+ AdminServerOption.ALLOW_TCP, adminServerConfig.allowTcp());
+ return allowTcp;
+ }
+
+ /**
+ * Get whether udp protocol is allowed
+ * @return udp protocol is allowed or not
+ */
+ public boolean allowUdp() {
+ Boolean allowUdp = startupOptions.getBooleanOption(
+ AdminServerOption.ALLOW_UDP, adminServerConfig.allowUdp());
+ return allowUdp;
+ }
+
+ /**
+ * Get admin udp port
+ *
+ * @return udp port
+ */
+ public int getAdminUdpPort() {
+ int udpPort = startupOptions.getIntegerOption(AdminServerOption.ADMIN_UDP_PORT);
+ if (udpPort < 1) {
+ udpPort = adminServerConfig.getAdminUdpPort();
+ }
+ if (udpPort < 1) {
+ udpPort = getAdminPort();
+ }
+
+ return udpPort;
+ }
+
+ /**
+ * Get Admin Server realm.
+ * @return Admin Server realm
+ */
+ public String getAdminRealm() {
+ String adminRealm = startupOptions.getStringOption(AdminServerOption.ADMIN_REALM);
+ if (adminRealm == null || adminRealm.isEmpty()) {
+ adminRealm = adminServerConfig.getAdminRealm();
+ }
+ return adminRealm;
+ }
+}
[06/27] directory-kerby git commit: Minor reshuffle
Posted by pl...@apache.org.
Minor reshuffle
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/85188383
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/85188383
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/85188383
Branch: refs/heads/kpasswd
Commit: 85188383e58b03d12da15d15f7c376e87e2bbdd6
Parents: a8b48d3
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Mon Jul 4 10:31:28 2016 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Mon Jul 4 10:31:28 2016 +0100
----------------------------------------------------------------------
.../integration/test/jaas/TokenAuthLoginModule.java | 15 ++++++++-------
1 file changed, 8 insertions(+), 7 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/85188383/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java b/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java
index 0d812c9..cbeb01c 100644
--- a/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java
+++ b/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java
@@ -61,6 +61,13 @@ import java.util.Map;
* armorCache: armor-cache-file
*/
public class TokenAuthLoginModule implements LoginModule {
+ public static final String PRINCIPAL = "principal";
+ public static final String TOKEN = "token";
+ public static final String TOKEN_CACHE = "tokenCache";
+ public static final String ARMOR_CACHE = "armorCache";
+ public static final String CREDENTIAL_CACHE = "credentialCache";
+ public static final String SIGN_KEY_FILE = "signKeyFile";
+
private static final Logger LOG = LoggerFactory.getLogger(TokenAuthLoginModule.class);
/** initial state*/
@@ -76,16 +83,10 @@ public class TokenAuthLoginModule implements LoginModule {
private String princName = null;
private String tokenStr = null;
private AuthToken authToken = null;
- KrbToken krbToken = null;
+ private KrbToken krbToken = null;
private File armorCache;
private File cCache;
private File signKeyFile;
- public static final String PRINCIPAL = "principal";
- public static final String TOKEN = "token";
- public static final String TOKEN_CACHE = "tokenCache";
- public static final String ARMOR_CACHE = "armorCache";
- public static final String CREDENTIAL_CACHE = "credentialCache";
- public static final String SIGN_KEY_FILE = "signKeyFile";
private TgtTicket tgtTicket;
[15/27] directory-kerby git commit: Make it possible to load
certificates from the classpath and not just a filename
Posted by pl...@apache.org.
Make it possible to load certificates from the classpath and not just a filename
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/5c76b64f
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/5c76b64f
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/5c76b64f
Branch: refs/heads/kpasswd
Commit: 5c76b64f618bef19cbaae50469a45a1cea89dee4
Parents: 35fb465
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Tue Jul 5 12:49:00 2016 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Tue Jul 5 12:49:00 2016 +0100
----------------------------------------------------------------------
.../kerb/client/preauth/pkinit/PkinitPreauth.java | 7 +++++--
.../kerb/preauth/pkinit/CertificateHelper.java | 16 ++++++++++++----
2 files changed, 17 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/5c76b64f/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java
index 9b37eb2..b47a46f 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java
@@ -358,8 +358,11 @@ public class PkinitPreauth extends AbstractPreauthPlugin {
X509Certificate x509Certificate = null;
try {
- x509Certificate = (X509Certificate) CertificateHelper.loadCerts(
- anchorFileName).iterator().next();
+ List<java.security.cert.Certificate> certs =
+ CertificateHelper.loadCerts(anchorFileName);
+ if (certs != null && !certs.isEmpty()) {
+ x509Certificate = (X509Certificate) certs.iterator().next();
+ }
} catch (KrbException e) {
e.printStackTrace();
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/5c76b64f/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/pkinit/CertificateHelper.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/pkinit/CertificateHelper.java b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/pkinit/CertificateHelper.java
index db96ed6..53096d4 100644
--- a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/pkinit/CertificateHelper.java
+++ b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/pkinit/CertificateHelper.java
@@ -21,6 +21,7 @@ package org.apache.kerby.kerberos.kerb.preauth.pkinit;
import org.apache.kerby.kerberos.kerb.KrbException;
+import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.InputStream;
@@ -35,12 +36,19 @@ public class CertificateHelper {
public static List<Certificate> loadCerts(String filename) throws KrbException {
+
+ File file = new File(filename);
InputStream res = null;
- try {
- res = new FileInputStream(filename);
- } catch (FileNotFoundException e) {
- e.printStackTrace();
+ if (file.isFile()) {
+ try {
+ res = new FileInputStream(file);
+ } catch (FileNotFoundException e) {
+ e.printStackTrace();
+ }
+ } else {
+ res = CertificateHelper.class.getClassLoader().getResourceAsStream(filename);
}
+
return loadCerts(res);
}
[07/27] directory-kerby git commit: NPE fixes
Posted by pl...@apache.org.
NPE fixes
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/5e75bf59
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/5e75bf59
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/5e75bf59
Branch: refs/heads/kpasswd
Commit: 5e75bf59e378fc7c5c5c37e587c54fb4eb4b916e
Parents: 8518838
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Mon Jul 4 11:18:59 2016 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Mon Jul 4 11:18:59 2016 +0100
----------------------------------------------------------------------
.../test/jaas/TokenAuthLoginModule.java | 18 ++++++++++++++----
1 file changed, 14 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/5e75bf59/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java b/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java
index cbeb01c..7eee5ba 100644
--- a/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java
+++ b/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java
@@ -102,9 +102,15 @@ public class TokenAuthLoginModule implements LoginModule {
princName = (String) options.get(PRINCIPAL);
tokenStr = (String) options.get(TOKEN);
tokenCacheName = (String) options.get(TOKEN_CACHE);
- armorCache = new File((String) options.get(ARMOR_CACHE));
- cCache = new File((String) options.get(CREDENTIAL_CACHE));
- signKeyFile = new File((String) options.get(SIGN_KEY_FILE));
+ if ((String) options.get(ARMOR_CACHE) != null) {
+ armorCache = new File((String) options.get(ARMOR_CACHE));
+ }
+ if ((String) options.get(CREDENTIAL_CACHE) != null) {
+ cCache = new File((String) options.get(CREDENTIAL_CACHE));
+ }
+ if ((String) options.get(SIGN_KEY_FILE) != null) {
+ signKeyFile = new File((String) options.get(SIGN_KEY_FILE));
+ }
}
/**
@@ -215,6 +221,10 @@ public class TokenAuthLoginModule implements LoginModule {
}
private void validateConfiguration() throws LoginException {
+
+ if (armorCache == null) {
+ throw new LoginException("An armor cache must be specified via the armorCache configuration option");
+ }
String error = "";
if (tokenStr == null && tokenCacheName == null) {
@@ -244,7 +254,7 @@ public class TokenAuthLoginModule implements LoginModule {
krbToken = new KrbToken(authToken, TokenFormat.JWT);
TokenEncoder tokenEncoder = KrbRuntime.getTokenProvider().createTokenEncoder();
- if (tokenEncoder instanceof JwtTokenEncoder) {
+ if (tokenEncoder instanceof JwtTokenEncoder && signKeyFile != null) {
PrivateKey signKey = null;
try {
FileInputStream fis = new FileInputStream(signKeyFile);
[16/27] directory-kerby git commit: Some fixes for certificate
validation for anon PKINIT
Posted by pl...@apache.org.
Some fixes for certificate validation for anon PKINIT
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/708456f0
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/708456f0
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/708456f0
Branch: refs/heads/kpasswd
Commit: 708456f0405e5e21d9b0b28bbef2fb386b3f214e
Parents: 5c76b64
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Tue Jul 5 14:56:56 2016 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Tue Jul 5 14:58:28 2016 +0100
----------------------------------------------------------------------
.../client/preauth/pkinit/PkinitPreauth.java | 4 +-
.../kerb/preauth/pkinit/PkinitCrypto.java | 68 ++++++++++++--------
2 files changed, 43 insertions(+), 29 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/708456f0/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java
index b47a46f..df4af89 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java
@@ -372,8 +372,6 @@ public class PkinitPreauth extends AbstractPreauthPlugin {
throw new KrbException("Failed to load PKINIT anchor");
}
- Certificate archorCertificate = PkinitCrypto.changeToCertificate(x509Certificate);
-
CertificateSet certificateSet = signedData.getCertificates();
List<Certificate> certificates = new ArrayList<>();
if (certificateSet != null) {
@@ -383,7 +381,7 @@ public class PkinitPreauth extends AbstractPreauthPlugin {
}
}
try {
- PkinitCrypto.validateChain(certificates, archorCertificate);
+ PkinitCrypto.validateChain(certificates, x509Certificate);
} catch (Exception e) {
throw new KrbException(KrbErrorCode.KDC_ERR_INVALID_CERTIFICATE, e);
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/708456f0/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/pkinit/PkinitCrypto.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/pkinit/PkinitCrypto.java b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/pkinit/PkinitCrypto.java
index cc09a37..63e3e44 100644
--- a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/pkinit/PkinitCrypto.java
+++ b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/preauth/pkinit/PkinitCrypto.java
@@ -18,6 +18,33 @@
*/
package org.apache.kerby.kerberos.kerb.preauth.pkinit;
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.math.BigInteger;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.KeyFactory;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.cert.CertPath;
+import java.security.cert.CertPathValidator;
+import java.security.cert.CertPathValidatorException;
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateExpiredException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.CertificateNotYetValidException;
+import java.security.cert.PKIXParameters;
+import java.security.cert.TrustAnchor;
+import java.security.cert.X509Certificate;
+import java.security.spec.InvalidKeySpecException;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import javax.crypto.interfaces.DHPublicKey;
+import javax.crypto.spec.DHParameterSpec;
+import javax.crypto.spec.DHPublicKeySpec;
+
import org.apache.kerby.asn1.type.Asn1ObjectIdentifier;
import org.apache.kerby.cms.type.CertificateSet;
import org.apache.kerby.cms.type.DigestAlgorithmIdentifiers;
@@ -36,25 +63,6 @@ import org.apache.kerby.x509.type.DhParameter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import javax.crypto.interfaces.DHPublicKey;
-import javax.crypto.spec.DHParameterSpec;
-import javax.crypto.spec.DHPublicKeySpec;
-import java.io.IOException;
-import java.math.BigInteger;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.KeyFactory;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.cert.CertPathValidatorException;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateExpiredException;
-import java.security.cert.CertificateNotYetValidException;
-import java.security.cert.X509Certificate;
-import java.security.spec.InvalidKeySpecException;
-import java.util.ArrayList;
-import java.util.List;
-
/**
* Ref. pkinit_crypto_openssl.c in MIT krb5 project.
*/
@@ -329,16 +337,25 @@ public class PkinitCrypto {
* @throws NoSuchAlgorithmException e
* @throws InvalidAlgorithmParameterException e
* @throws CertPathValidatorException e
+ * @throws IOException
*/
- public static void validateChain(List<Certificate> certificateList, Certificate anchor)
+ public static void validateChain(List<Certificate> certificateList, X509Certificate anchor)
throws CertificateException, NoSuchAlgorithmException, NoSuchProviderException,
- InvalidAlgorithmParameterException, CertPathValidatorException {
+ InvalidAlgorithmParameterException, CertPathValidatorException, IOException {
- //TODO
- /*
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
- CertPath certPath = certificateFactory.generatertPath(certificateList);
-
+
+ // Convert into a list of X509Certificates
+ List<X509Certificate> certsList = new ArrayList<>(certificateList.size());
+ for (Certificate cert : certificateList) {
+ X509Certificate parsedCert =
+ (X509Certificate) certificateFactory.generateCertificate(
+ new ByteArrayInputStream(cert.encode()));
+ certsList.add(parsedCert);
+ }
+
+ CertPath certPath = certificateFactory.generateCertPath(certsList);
+
CertPathValidator cpv = CertPathValidator.getInstance("PKIX");
TrustAnchor trustAnchor = new TrustAnchor(anchor, null);
@@ -347,7 +364,6 @@ public class PkinitCrypto {
parameters.setRevocationEnabled(false);
cpv.validate(certPath, parameters);
- */
}
/**
[23/27] directory-kerby git commit: DIRKRB-593 Add the remote kadmin
tool usage guide.
Posted by pl...@apache.org.
DIRKRB-593 Add the remote kadmin tool usage guide.
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/cc91e4b8
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/cc91e4b8
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/cc91e4b8
Branch: refs/heads/kpasswd
Commit: cc91e4b890b77546420ab81a0421227c31d26357
Parents: 9f628e5
Author: plusplusjiajia <ji...@intel.com>
Authored: Wed Jul 6 16:03:58 2016 +0800
Committer: plusplusjiajia <ji...@intel.com>
Committed: Wed Jul 6 16:03:58 2016 +0800
----------------------------------------------------------------------
kerby-dist/README.md | 50 +++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 50 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/cc91e4b8/kerby-dist/README.md
----------------------------------------------------------------------
diff --git a/kerby-dist/README.md b/kerby-dist/README.md
index e246956..b2e1e8b 100644
--- a/kerby-dist/README.md
+++ b/kerby-dist/README.md
@@ -168,3 +168,53 @@ The resulting tickets will have the client name WELLKNOWN/ANONYMOUS@WELLKNOWN:AN
[2]http://k5wiki.kerberos.org/wiki/Pkinit_configuration
+## 3. Run remote kadmin steps
+#### 1. Generate libraries for distribution:
+```
+mvn package -Pdist
+```
+
+#### 2. Run kdcinit:
+```
+cd kerby-dist/kdc-dist
+sh bin/kdcinit.sh [server-conf-dir] [keytab]
+```
+The admin principal will be exported into [keytab], it will be used by kadmin tool for the authentication.
+
+#### 3. Start kerby-kdc-server:
+```
+cd kerby-dist/kdc-dist
+sh bin/start-kdc.sh [server-conf-dir] [work-dir]
+```
+
+#### 4. Run kadmin server
+```
+cd kerby-dist/kdc-dist
+sh bin/admin-server.sh [admin-server-conf-dir]
+```
+An example of adminClient.conf:
+```
+[libdefaults]
+ default_realm = EXAMPLE.COM
+ admin_port = 65417
+ keytab_file = admin.keytab
+ protocol = adminprotocol
+ server_name = localhost
+```
+The keytab_file is the keytab file path created by the kdcinit.
+
+#### 5. Run remote kadmin client to add or delete principals:
+```
+cd kerby-dist/kdc-dist
+sh bin/remote-admin-client.sh [admin-client-conf-dir]
+```
+An example of adminServer.conf:
+```
+[libdefaults]
+ default_realm = EXAMPLE.COM
+ admin_port = 65417
+ keytab_file = protocol.keytab
+ protocol = adminprotocol
+ server_name = localhost
+```
+The keytab_file is the keytab file path created by the kdcinit.
[12/27] directory-kerby git commit: Fix NPE if the KDC does not
configure identity keys for PKINIT
Posted by pl...@apache.org.
Fix NPE if the KDC does not configure identity keys for PKINIT
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/2d31702f
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/2d31702f
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/2d31702f
Branch: refs/heads/kpasswd
Commit: 2d31702f083c0c27b1469a805f81212995b96c84
Parents: 4600ee3
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Tue Jul 5 12:29:18 2016 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Tue Jul 5 12:29:18 2016 +0100
----------------------------------------------------------------------
.../server/preauth/pkinit/PkinitPreauth.java | 48 +++++++++++---------
1 file changed, 26 insertions(+), 22 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/2d31702f/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
index f0080c9..0e4867d 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
@@ -302,32 +302,36 @@ public class PkinitPreauth extends AbstractPreauthPlugin {
private PaPkAsRep makePaPkAsRep(DHPublicKey severPubKey, String identityString) throws KrbException {
- List<String> identityList = Arrays.asList(identityString.split(","));
-
List<X509Certificate> certificates = new ArrayList<>();
- for (String identity : identityList) {
- File file = new File(identity);
- try (Scanner scanner = new Scanner(file, "UTF-8")) {
- String found = scanner.findInLine("CERTIFICATE");
-
- if (found != null) {
- InputStream res = null;
- try {
- res = new FileInputStream(identity);
- } catch (FileNotFoundException e) {
- e.printStackTrace();
- }
- X509Certificate certificate = null;
- try {
- certificate = (X509Certificate) CertificateHelper.loadCerts(res).iterator().next();
- } catch (KrbException e) {
- e.printStackTrace();
+ if (identityString != null) {
+ List<String> identityList = Arrays.asList(identityString.split(","));
+ for (String identity : identityList) {
+ File file = new File(identity);
+ try (Scanner scanner = new Scanner(file, "UTF-8")) {
+ String found = scanner.findInLine("CERTIFICATE");
+
+ if (found != null) {
+ InputStream res = null;
+ try {
+ res = new FileInputStream(identity);
+ } catch (FileNotFoundException e) {
+ e.printStackTrace();
+ }
+ X509Certificate certificate = null;
+ try {
+ certificate = (X509Certificate) CertificateHelper.loadCerts(res).iterator().next();
+ } catch (KrbException e) {
+ e.printStackTrace();
+ }
+ certificates.add(certificate);
+ res.close();
}
- certificates.add(certificate);
+ } catch (IOException e) {
+ e.getMessage();
}
- } catch (FileNotFoundException e) {
- e.getMessage();
}
+ } else {
+ LOG.warn("No PKINIT identity keys specified");
}
PaPkAsRep paPkAsRep = new PaPkAsRep();
[22/27] directory-kerby git commit: DIRKRB-592 Merge kadmin-remote
branch to trunk.
Posted by pl...@apache.org.
DIRKRB-592 Merge kadmin-remote branch to trunk.
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/9f628e5a
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/9f628e5a
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/9f628e5a
Branch: refs/heads/kpasswd
Commit: 9f628e5ae9b5a10c8ee7b33fcde6fe67ed7624bc
Parents: 708456f
Author: plusplusjiajia <ji...@intel.com>
Authored: Wed Jul 6 11:38:02 2016 +0800
Committer: plusplusjiajia <ji...@intel.com>
Committed: Wed Jul 6 11:38:02 2016 +0800
----------------------------------------------------------------------
kerby-common/kerby-asn1/pom.xml | 3 -
.../java/org/apache/kerby/asn1/EnumType.java | 2 +-
kerby-common/kerby-xdr/pom.xml | 29 ++
.../java/org/apache/kerby/xdr/EnumType.java | 37 ++
.../java/org/apache/kerby/xdr/XdrDataType.java | 55 +++
.../java/org/apache/kerby/xdr/XdrFieldInfo.java | 53 +++
.../apache/kerby/xdr/type/AbstractXdrType.java | 100 +++++
.../org/apache/kerby/xdr/type/XdrBoolean.java | 94 +++++
.../org/apache/kerby/xdr/type/XdrBytes.java | 45 ++
.../apache/kerby/xdr/type/XdrEnumerated.java | 66 +++
.../org/apache/kerby/xdr/type/XdrInteger.java | 85 ++++
.../org/apache/kerby/xdr/type/XdrSimple.java | 132 ++++++
.../org/apache/kerby/xdr/type/XdrString.java | 346 ++++++++++++++++
.../apache/kerby/xdr/type/XdrStructType.java | 99 +++++
.../java/org/apache/kerby/xdr/type/XdrType.java | 62 +++
.../org/apache/kerby/xdr/type/XdrUnion.java | 131 ++++++
.../kerby/xdr/type/XdrUnsignedInteger.java | 100 +++++
.../java/org/apache/kerby/xdr/util/HexUtil.java | 113 +++++
.../java/org/apache/kerby/xdr/util/IOUtil.java | 109 +++++
.../java/org/apache/kerby/xdr/util/Utf8.java | 34 ++
.../java/org/apache/kerby/xdr/util/XdrUtil.java | 26 ++
.../java/org/apache/kerby/xdr/TestUtil.java | 47 +++
.../org/apache/kerby/xdr/XdrBooleanTest.java | 60 +++
.../apache/kerby/xdr/XdrEnumeratedInstance.java | 56 +++
.../org/apache/kerby/xdr/XdrEnumeratedTest.java | 58 +++
.../org/apache/kerby/xdr/XdrIntegerTest.java | 80 ++++
.../org/apache/kerby/xdr/XdrStringTest.java | 59 +++
.../apache/kerby/xdr/XdrStructTypeInstance.java | 111 +++++
.../org/apache/kerby/xdr/XdrStructTypeTest.java | 83 ++++
.../org/apache/kerby/xdr/XdrUnionInstance.java | 170 ++++++++
.../java/org/apache/kerby/xdr/XdrUnionTest.java | 67 +++
.../kerby/xdr/XdrUnsignedIntegerTest.java | 69 ++++
kerby-common/pom.xml | 1 +
kerby-dist/kdc-dist/bin/admin-server.cmd | 32 ++
kerby-dist/kdc-dist/bin/admin-server.sh | 32 ++
kerby-dist/kdc-dist/bin/remote-admin-client.cmd | 32 ++
kerby-dist/kdc-dist/bin/remote-admin-client.sh | 32 ++
kerby-dist/kdc-dist/conf/adminClient.conf | 23 ++
kerby-dist/kdc-dist/conf/adminServer.conf | 23 ++
kerby-dist/kdc-dist/pom.xml | 10 +
.../kerby/kerberos/kdc/KerbyKdcServer.java | 4 +-
kerby-kerb/kerb-admin-server/pom.xml | 56 +++
.../kerb/admin/server/KerbyAdminServer.java | 80 ++++
.../kerb/admin/server/kadmin/AdminServer.java | 266 ++++++++++++
.../admin/server/kadmin/AdminServerConfig.java | 105 +++++
.../server/kadmin/AdminServerConfigKey.java | 59 +++
.../admin/server/kadmin/AdminServerContext.java | 52 +++
.../admin/server/kadmin/AdminServerHandler.java | 238 +++++++++++
.../admin/server/kadmin/AdminServerOption.java | 52 +++
.../admin/server/kadmin/AdminServerSetting.java | 212 ++++++++++
.../admin/server/kadmin/AdminServerUtil.java | 165 ++++++++
.../impl/AbstractInternalAdminServer.java | 116 ++++++
.../kadmin/impl/DefaultAdminServerHandler.java | 199 +++++++++
.../impl/DefaultInternalAdminServerImpl.java | 80 ++++
.../server/kadmin/impl/InternalAdminServer.java | 60 +++
.../src/main/resources/adminServer.conf | 20 +
kerby-kerb/kerb-admin/pom.xml | 5 +
.../kerby/kerberos/kerb/admin/AdminHelper.java | 308 --------------
.../kerby/kerberos/kerb/admin/AuthUtil.java | 141 +++++++
.../kerby/kerberos/kerb/admin/Kadmin.java | 207 ----------
.../kerby/kerberos/kerb/admin/KadminOption.java | 76 ----
.../kerby/kerberos/kerb/admin/KadminServer.java | 144 -------
.../kerby/kerberos/kerb/admin/Krb5Conf.java | 86 ++++
.../kerby/kerberos/kerb/admin/LocalKadmin.java | 87 ----
.../kerberos/kerb/admin/LocalKadminImpl.java | 400 ------------------
.../kerb/admin/RemoteAdminClientTool.java | 263 ++++++++++++
.../kerberos/kerb/admin/RemoteKadminImpl.java | 144 -------
.../kerberos/kerb/admin/kadmin/Kadmin.java | 207 ++++++++++
.../kerb/admin/kadmin/KadminOption.java | 76 ++++
.../kerb/admin/kadmin/local/AdminHelper.java | 309 ++++++++++++++
.../kerb/admin/kadmin/local/LocalKadmin.java | 88 ++++
.../admin/kadmin/local/LocalKadminImpl.java | 407 +++++++++++++++++++
.../kerb/admin/kadmin/remote/AdminClient.java | 204 ++++++++++
.../kerb/admin/kadmin/remote/AdminConfig.java | 132 ++++++
.../admin/kadmin/remote/AdminConfigKey.java | 58 +++
.../kerb/admin/kadmin/remote/AdminContext.java | 49 +++
.../kerb/admin/kadmin/remote/AdminHandler.java | 162 ++++++++
.../kerb/admin/kadmin/remote/AdminOption.java | 102 +++++
.../kerb/admin/kadmin/remote/AdminSetting.java | 129 ++++++
.../kerb/admin/kadmin/remote/AdminUtil.java | 127 ++++++
.../admin/kadmin/remote/RemoteKadminImpl.java | 207 ++++++++++
.../command/RemoteAddPrincipalCommand.java | 65 +++
.../kadmin/remote/command/RemoteCommand.java | 41 ++
.../command/RemoteDeletePrincipalCommand.java | 83 ++++
.../remote/command/RemoteGetprincsCommand.java | 65 +++
.../remote/command/RemotePrintUsageCommand.java | 42 ++
.../command/RemoteRenamePrincipalCommand.java | 85 ++++
.../impl/AbstractInternalAdminClient.java | 71 ++++
.../kadmin/remote/impl/DefaultAdminHandler.java | 79 ++++
.../remote/impl/DefaultInternalAdminClient.java | 71 ++++
.../kadmin/remote/impl/InternalAdminClient.java | 41 ++
.../remote/request/AddPrincipalRequest.java | 114 ++++++
.../kadmin/remote/request/AdminRequest.java | 63 +++
.../remote/request/DeletePrincipalRequest.java | 70 ++++
.../kadmin/remote/request/GetprincsRequest.java | 70 ++++
.../remote/request/RenamePrincipalRequest.java | 74 ++++
.../kerb/admin/message/AddPrincipalRep.java | 30 ++
.../kerb/admin/message/AddPrincipalReq.java | 30 ++
.../kerb/admin/message/AdminMessage.java | 56 +++
.../kerb/admin/message/AdminMessageCode.java | 90 ++++
.../kerb/admin/message/AdminMessageEnum.java | 41 ++
.../kerb/admin/message/AdminMessageType.java | 73 ++++
.../kerberos/kerb/admin/message/AdminRep.java | 33 ++
.../kerberos/kerb/admin/message/AdminReq.java | 34 ++
.../kerb/admin/message/DeletePrincipalRep.java | 30 ++
.../kerb/admin/message/DeletePrincipalReq.java | 30 ++
.../kerb/admin/message/GetprincsRep.java | 26 ++
.../kerb/admin/message/GetprincsReq.java | 26 ++
.../kerberos/kerb/admin/message/KadminCode.java | 63 +++
.../kerb/admin/message/RenamePrincipalRep.java | 29 ++
.../kerb/admin/message/RenamePrincipalReq.java | 29 ++
.../kerby/kerberos/kerb/admin/KadminTest.java | 24 --
.../kerberos/kerb/transport/KdcNetwork.java | 1 -
.../kerby/kerberos/kerb/server/KdcSetting.java | 2 +-
.../kerberos/kerb/server/ServerSetting.java | 35 ++
.../kerberos/kerb/server/SimpleKdcServer.java | 4 +-
kerby-kerb/pom.xml | 1 +
kerby-tool/kdc-tool/pom.xml | 6 +
.../kerby/kerberos/tool/kadmin/KadminTool.java | 6 +-
.../kerby/kerberos/tool/kadmin/ToolUtil.java | 2 +-
.../kadmin/command/AddPrincipalCommand.java | 4 +-
.../kadmin/command/AddPrincipalsCommand.java | 4 +-
.../kadmin/command/ChangePasswordCommand.java | 4 +-
.../kadmin/command/DeletePrincipalCommand.java | 4 +-
.../kadmin/command/GetPrincipalCommand.java | 2 +-
.../tool/kadmin/command/KadminCommand.java | 2 +-
.../tool/kadmin/command/KeytabAddCommand.java | 2 +-
.../kadmin/command/KeytabRemoveCommand.java | 4 +-
.../kadmin/command/ListPrincipalCommand.java | 2 +-
.../kadmin/command/ModifyPrincipalCommand.java | 4 +-
.../kadmin/command/RenamePrincipalCommand.java | 7 +-
.../kerberos/tool/kdcinit/KdcInitTool.java | 19 +-
132 files changed, 9015 insertions(+), 1426 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-common/kerby-asn1/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-common/kerby-asn1/pom.xml b/kerby-common/kerby-asn1/pom.xml
index 8b1e23c..26dbef8 100644
--- a/kerby-common/kerby-asn1/pom.xml
+++ b/kerby-common/kerby-asn1/pom.xml
@@ -26,7 +26,4 @@
<name>Kerby ASN1 Project</name>
<description>Kerby ASN1 Project</description>
- <dependencies>
- </dependencies>
-
</project>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-common/kerby-asn1/src/main/java/org/apache/kerby/asn1/EnumType.java
----------------------------------------------------------------------
diff --git a/kerby-common/kerby-asn1/src/main/java/org/apache/kerby/asn1/EnumType.java b/kerby-common/kerby-asn1/src/main/java/org/apache/kerby/asn1/EnumType.java
index e0166ec..5b9a65f 100644
--- a/kerby-common/kerby-asn1/src/main/java/org/apache/kerby/asn1/EnumType.java
+++ b/kerby-common/kerby-asn1/src/main/java/org/apache/kerby/asn1/EnumType.java
@@ -20,7 +20,7 @@
package org.apache.kerby.asn1;
/**
- * A helper interface used by Asn1Enumerated.
+ * A helper interface for enum types.
*
* @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
*/
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-common/kerby-xdr/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-common/kerby-xdr/pom.xml b/kerby-common/kerby-xdr/pom.xml
new file mode 100644
index 0000000..d6ad54c
--- /dev/null
+++ b/kerby-common/kerby-xdr/pom.xml
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License. See accompanying LICENSE file.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+
+ <parent>
+ <groupId>org.apache.kerby</groupId>
+ <artifactId>kerby-common</artifactId>
+ <version>1.0.0-RC3-SNAPSHOT</version>
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+
+ <artifactId>kerby-xdr</artifactId>
+ <name>Kerby XDR Project</name>
+ <description>Kerby XDR Project</description>
+
+</project>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-common/kerby-xdr/src/main/java/org/apache/kerby/xdr/EnumType.java
----------------------------------------------------------------------
diff --git a/kerby-common/kerby-xdr/src/main/java/org/apache/kerby/xdr/EnumType.java b/kerby-common/kerby-xdr/src/main/java/org/apache/kerby/xdr/EnumType.java
new file mode 100644
index 0000000..0936863
--- /dev/null
+++ b/kerby-common/kerby-xdr/src/main/java/org/apache/kerby/xdr/EnumType.java
@@ -0,0 +1,37 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.xdr;
+
+/**
+ * A helper interface for enum types.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public interface EnumType {
+ /**
+ * @return the Enum element value
+ */
+ int getValue();
+
+ /**
+ * @return The enum element name
+ */
+ String getName();
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-common/kerby-xdr/src/main/java/org/apache/kerby/xdr/XdrDataType.java
----------------------------------------------------------------------
diff --git a/kerby-common/kerby-xdr/src/main/java/org/apache/kerby/xdr/XdrDataType.java b/kerby-common/kerby-xdr/src/main/java/org/apache/kerby/xdr/XdrDataType.java
new file mode 100644
index 0000000..34bc014
--- /dev/null
+++ b/kerby-common/kerby-xdr/src/main/java/org/apache/kerby/xdr/XdrDataType.java
@@ -0,0 +1,55 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.xdr;
+
+/**
+ * An enumeration for every XDR type.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public enum XdrDataType {
+ UNKNOWN (-1),
+ BOOLEAN (0x01),
+ INTEGER (0x02),
+ BYTES (0x03),
+ STRING (0X04),
+ ENUM (0x05),
+ OPAQUE (0x06),
+ UNSIGNED_INTEGER (0x07),
+ STRUCT (0x08),
+ UNION (0x09);
+
+ /** The dataType value */
+ private int value;
+
+ /**
+ * Create an instance of this class
+ */
+ XdrDataType(int value) {
+ this.value = value;
+ }
+
+ /**
+ * @return The associated dataType value
+ */
+ public int getValue() {
+ return value;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-common/kerby-xdr/src/main/java/org/apache/kerby/xdr/XdrFieldInfo.java
----------------------------------------------------------------------
diff --git a/kerby-common/kerby-xdr/src/main/java/org/apache/kerby/xdr/XdrFieldInfo.java b/kerby-common/kerby-xdr/src/main/java/org/apache/kerby/xdr/XdrFieldInfo.java
new file mode 100644
index 0000000..2ab727c
--- /dev/null
+++ b/kerby-common/kerby-xdr/src/main/java/org/apache/kerby/xdr/XdrFieldInfo.java
@@ -0,0 +1,53 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.xdr;
+
+/**
+ * Representing a field in a XDR struct.
+ */
+public class XdrFieldInfo {
+ private int index;
+ private XdrDataType dataType;
+ private Object value;
+
+ /**
+ * Constructor.
+ * @param index
+ * @param dataType
+ *
+ */
+ public XdrFieldInfo(int index, XdrDataType dataType, Object value) {
+ this.index = index;
+ this.dataType = dataType;
+ this.value = value;
+ }
+
+ public int getIndex() {
+ return index;
+ }
+
+ public XdrDataType getDataType() {
+ return dataType;
+ }
+
+ public Object getValue() {
+ return value;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-common/kerby-xdr/src/main/java/org/apache/kerby/xdr/type/AbstractXdrType.java
----------------------------------------------------------------------
diff --git a/kerby-common/kerby-xdr/src/main/java/org/apache/kerby/xdr/type/AbstractXdrType.java b/kerby-common/kerby-xdr/src/main/java/org/apache/kerby/xdr/type/AbstractXdrType.java
new file mode 100644
index 0000000..68facec
--- /dev/null
+++ b/kerby-common/kerby-xdr/src/main/java/org/apache/kerby/xdr/type/AbstractXdrType.java
@@ -0,0 +1,100 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.xdr.type;
+
+import org.apache.kerby.xdr.XdrDataType;
+
+import java.io.IOException;
+import java.nio.ByteBuffer;
+
+/**
+ * The abstract XDR type for all the XDR types. It provides basic
+ * encoding and decoding utilities.
+ *
+ * @param <T> the type of the value encoded/decoded or wrapped by this
+ */
+public abstract class AbstractXdrType<T> implements XdrType {
+ private XdrDataType dataType;
+
+ // The wrapped real value.
+ private T value;
+
+ /**
+ * Default constructor.
+ * @param dataType the dataType
+ * @param value the value
+ */
+ public AbstractXdrType(XdrDataType dataType, T value) {
+ this(dataType);
+ this.value = value;
+ }
+
+ /**
+ * Default constructor.
+ * @param dataType the dataType
+ */
+ public AbstractXdrType(XdrDataType dataType) {
+ this.dataType = dataType;
+ }
+
+ @Override
+ public byte[] encode() throws IOException {
+ int len = encodingLength();
+ ByteBuffer byteBuffer = ByteBuffer.allocate(len);
+ encode(byteBuffer);
+ byteBuffer.flip();
+ return byteBuffer.array();
+ }
+
+ @Override
+ public void encode(ByteBuffer buffer) throws IOException {
+ encodeBody(buffer);
+ }
+
+ protected abstract void encodeBody(ByteBuffer buffer) throws IOException;
+
+ @Override
+ public void decode(byte[] content) throws IOException {
+ decode(ByteBuffer.wrap(content));
+ }
+
+ @Override
+ public int encodingLength() throws IOException {
+ return encodingBodyLength();
+ }
+
+ protected abstract int encodingBodyLength() throws IOException;
+
+ @Override
+ public void decode(ByteBuffer content) throws IOException {
+ }
+
+ public T getValue() {
+ return value;
+ }
+
+ public void setValue(T value) {
+ this.value = value;
+ }
+
+ public XdrDataType getDataType() {
+ return dataType;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-common/kerby-xdr/src/main/java/org/apache/kerby/xdr/type/XdrBoolean.java
----------------------------------------------------------------------
diff --git a/kerby-common/kerby-xdr/src/main/java/org/apache/kerby/xdr/type/XdrBoolean.java b/kerby-common/kerby-xdr/src/main/java/org/apache/kerby/xdr/type/XdrBoolean.java
new file mode 100644
index 0000000..e8e092f
--- /dev/null
+++ b/kerby-common/kerby-xdr/src/main/java/org/apache/kerby/xdr/type/XdrBoolean.java
@@ -0,0 +1,94 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.xdr.type;
+
+import org.apache.kerby.xdr.XdrDataType;
+
+import java.io.IOException;
+import java.nio.ByteBuffer;
+import java.util.Arrays;
+
+/**
+ * Xdr Boolean type from RFC 4506
+ * Boolean type has the same representation as signed integers.
+ */
+public class XdrBoolean extends XdrSimple<Boolean> {
+ private static final byte[] TRUE_BYTE = new byte[]
+ {(byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x01};
+ private static final byte[] FALSE_BYTE = new byte[]
+ {(byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00};
+
+ public static final XdrBoolean TRUE = new XdrBoolean(true);
+ public static final XdrBoolean FALSE = new XdrBoolean(false);
+
+ /**
+ * Default constructor, generally for decoding as a container
+ */
+ public XdrBoolean() {
+ this(null);
+ }
+
+ /**
+ * Constructor with a value, generally for encoding of the value
+ * @param value The boolean value
+ */
+ public XdrBoolean(Boolean value) {
+ super(XdrDataType.BOOLEAN, value);
+ }
+
+ /**
+ * The length of a signed integer is 4.
+ * @return Length of a boolean type.
+ */
+ @Override
+ protected int encodingBodyLength() {
+ return 4;
+ }
+
+ /**
+ * Encode boolean type to bytes.
+ */
+ @Override
+ protected void toBytes() {
+ setBytes(getValue() ? TRUE_BYTE : FALSE_BYTE);
+ }
+
+ /**
+ * Decode bytes to boolean value.
+ * @throws IOException Wrong bytes for boolean.
+ */
+ @Override
+ protected void toValue() throws IOException {
+ if (getBytes().length != 4) {
+ byte[] boolBytes = ByteBuffer.allocate(4).put(getBytes(), 0, 4).array();
+ /**reset bytes in case the enum type is in a struct or union*/
+ setBytes(boolBytes);
+ }
+
+ byte[] bytes = getBytes();
+ if (Arrays.equals(bytes, TRUE_BYTE)) {
+ setValue(true);
+ } else if (Arrays.equals(bytes, FALSE_BYTE)) {
+ setValue(false);
+ } else {
+ throw new IOException("Fail to decode boolean type: " + bytes.toString());
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-common/kerby-xdr/src/main/java/org/apache/kerby/xdr/type/XdrBytes.java
----------------------------------------------------------------------
diff --git a/kerby-common/kerby-xdr/src/main/java/org/apache/kerby/xdr/type/XdrBytes.java b/kerby-common/kerby-xdr/src/main/java/org/apache/kerby/xdr/type/XdrBytes.java
new file mode 100644
index 0000000..105ff74
--- /dev/null
+++ b/kerby-common/kerby-xdr/src/main/java/org/apache/kerby/xdr/type/XdrBytes.java
@@ -0,0 +1,45 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.xdr.type;
+
+import org.apache.kerby.xdr.XdrDataType;
+
+import java.io.IOException;
+
+public class XdrBytes extends XdrSimple<byte[]> {
+
+ public XdrBytes() {
+ this(null);
+ }
+
+ public XdrBytes(byte[] value) {
+ super(XdrDataType.BYTES, value);
+ }
+
+ @Override
+ protected void toValue() throws IOException {
+
+ }
+
+ @Override
+ protected void toBytes() {
+
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-common/kerby-xdr/src/main/java/org/apache/kerby/xdr/type/XdrEnumerated.java
----------------------------------------------------------------------
diff --git a/kerby-common/kerby-xdr/src/main/java/org/apache/kerby/xdr/type/XdrEnumerated.java b/kerby-common/kerby-xdr/src/main/java/org/apache/kerby/xdr/type/XdrEnumerated.java
new file mode 100644
index 0000000..e04b484
--- /dev/null
+++ b/kerby-common/kerby-xdr/src/main/java/org/apache/kerby/xdr/type/XdrEnumerated.java
@@ -0,0 +1,66 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.xdr.type;
+
+import org.apache.kerby.xdr.EnumType;
+import org.apache.kerby.xdr.XdrDataType;
+
+import java.math.BigInteger;
+import java.nio.ByteBuffer;
+
+public abstract class XdrEnumerated<T extends EnumType> extends XdrSimple<T> {
+ /**
+ * Default constructor, generally for decoding as a container
+ */
+ public XdrEnumerated() {
+ this(null);
+ }
+
+ /**
+ * Constructor with a value, generally for encoding of the value
+ * @param value The Enum value
+ */
+ public XdrEnumerated(T value) {
+ super(XdrDataType.ENUM, value);
+ }
+
+ protected void toBytes() {
+ byte[] bytes = ByteBuffer.allocate(4).putInt(getValue().getValue()).array();
+ setBytes(bytes);
+ }
+
+ protected void toValue() {
+ if (getBytes().length != 4) {
+ byte[] intBytes = ByteBuffer.allocate(4).put(getBytes(), 0, 4).array();
+ /**reset bytes in case the enum type is in a struct or union*/
+ setBytes(intBytes);
+ }
+ BigInteger biVal = new BigInteger(getBytes());
+ int iVal = biVal.intValue();
+ EnumType[] allValues = getAllEnumValues();
+ for (EnumType val : allValues) {
+ if (val.getValue() == iVal) {
+ setValue((T) val);
+ }
+ }
+ }
+
+ protected abstract EnumType[] getAllEnumValues();
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-common/kerby-xdr/src/main/java/org/apache/kerby/xdr/type/XdrInteger.java
----------------------------------------------------------------------
diff --git a/kerby-common/kerby-xdr/src/main/java/org/apache/kerby/xdr/type/XdrInteger.java b/kerby-common/kerby-xdr/src/main/java/org/apache/kerby/xdr/type/XdrInteger.java
new file mode 100644
index 0000000..478cf80
--- /dev/null
+++ b/kerby-common/kerby-xdr/src/main/java/org/apache/kerby/xdr/type/XdrInteger.java
@@ -0,0 +1,85 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.xdr.type;
+
+import org.apache.kerby.xdr.XdrDataType;
+import java.nio.ByteBuffer;
+
+/**
+ * Xdr Integer type from RFC 4506
+ * An XDR signed integer is a 32-bit datum
+ * that encodes an integer in the range [-2147483648,2147483647].
+ * The integer is represented in two's complement notation.
+ * The most and least significant bytes are0 and 3, respectively.
+ * Integers are declared as follows:
+ * int identifier;
+ *
+ * (MSB) (LSB)
+ * +-------+-------+-------+-------+
+ * |byte 0 |byte 1 |byte 2 |byte 3 |
+ * +-------+-------+-------+-------+
+ * <------------32 bits------------>
+ */
+public class XdrInteger extends XdrSimple<Integer> {
+ public XdrInteger() {
+ this((Integer) null);
+ }
+
+ public XdrInteger(Integer value) {
+ super(XdrDataType.INTEGER, value);
+ }
+
+ /**
+ * The length of a signed integer is 4.
+ * @return Length of a signed integer type.
+ */
+ @Override
+ protected int encodingBodyLength() {
+ return 4; /**Length of XdrInteger is fixed as 4 bytes*/
+ }
+
+ /**
+ * Encode Integer type to bytes.
+ * Cannot only use toByteArray() because of fixed 4 bytes length.
+ */
+ @Override
+ protected void toBytes() {
+ int value = getValue().intValue();
+ ByteBuffer buffer = ByteBuffer.allocate(4);
+ buffer.putInt(value);
+ buffer.flip();
+ setBytes(buffer.array());
+ }
+
+ /**
+ * Decode bytes to Integer value.
+ */
+ @Override
+ protected void toValue() {
+ if (getBytes().length != 4) {
+ byte[] intBytes = ByteBuffer.allocate(4).put(getBytes(), 0, 4).array();
+ /**reset bytes in case the enum type is in a struct or union*/
+ setBytes(intBytes);
+ }
+ ByteBuffer buffer = ByteBuffer.wrap(getBytes());
+ setValue(buffer.getInt());
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-common/kerby-xdr/src/main/java/org/apache/kerby/xdr/type/XdrSimple.java
----------------------------------------------------------------------
diff --git a/kerby-common/kerby-xdr/src/main/java/org/apache/kerby/xdr/type/XdrSimple.java b/kerby-common/kerby-xdr/src/main/java/org/apache/kerby/xdr/type/XdrSimple.java
new file mode 100644
index 0000000..a3e13b1
--- /dev/null
+++ b/kerby-common/kerby-xdr/src/main/java/org/apache/kerby/xdr/type/XdrSimple.java
@@ -0,0 +1,132 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.xdr.type;
+
+import org.apache.kerby.xdr.XdrDataType;
+
+import java.io.IOException;
+import java.nio.ByteBuffer;
+
+/**
+ * Xdr simple type, of single value other than complex type of multiple values.
+ * Including: Bytes, Integer, Boolean, String.
+ * Use toBytes() for encoding, toValue() for decoding.
+ */
+public abstract class XdrSimple<T> extends AbstractXdrType<T> {
+ private byte[] bytes;
+
+ /**
+ * Default constructor, generally for decoding as a value container
+ * @param dataTypeNo The dataType number
+ */
+ public XdrSimple(XdrDataType dataTypeNo) {
+ this(dataTypeNo, null);
+ }
+
+ /**
+ * Constructor with a value, generally for encoding of the value
+ * @param xdrDataType The dataType number
+ * @param value The value
+ */
+ public XdrSimple(XdrDataType xdrDataType, T value) {
+ super(xdrDataType, value);
+ }
+
+ protected byte[] getBytes() {
+ return bytes;
+ }
+
+ protected void setBytes(byte[] bytes) {
+ this.bytes = bytes;
+ }
+
+ protected byte[] encodeBody() throws IOException {
+ if (bytes == null) {
+ /**Terminal step for encoding all the simple type to bytes.*/
+ toBytes();
+ }
+ return bytes;
+ }
+
+ /**
+ * Put encoded bytes into buffer.
+ * @param buffer ByteBuffer to hold encoded bytes.
+ */
+ @Override
+ protected void encodeBody(ByteBuffer buffer) throws IOException {
+ byte[] body = encodeBody();
+ if (body != null) {
+ buffer.put(body);
+ }
+ }
+
+ /**
+ * Length including null bytes to maintain an multiple of 4.
+ * @return
+ */
+ @Override
+ protected int encodingBodyLength() throws IOException {
+ if (getValue() == null) {
+ return 0;
+ }
+ if (bytes == null) {
+ /**Terminal step for decoding all the simple type to bytes.*/
+ toBytes();
+ }
+ return bytes.length;
+ }
+
+ @Override
+ public void decode(ByteBuffer content) throws IOException {
+ decodeBody(content);
+ }
+
+ protected void decodeBody(ByteBuffer body) throws IOException {
+ byte[] result = body.array();
+ if (result.length > 0) {
+ setBytes(result);
+ /**Terminal step for decoding all the bytes into simple types.*/
+ toValue();
+ }
+ }
+
+ /**
+ * Decode bytes to simple value.
+ */
+ protected abstract void toValue() throws IOException;
+
+ /**
+ * Encode simple type to bytes.
+ */
+ protected abstract void toBytes() throws IOException;
+
+ public static boolean isSimple(XdrDataType dataType) {
+ switch (dataType) {
+ case BOOLEAN:
+ case INTEGER:
+ case UNSIGNED_INTEGER:
+ case ENUM:
+ case STRING:
+ return true;
+ default:
+ return false;
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-common/kerby-xdr/src/main/java/org/apache/kerby/xdr/type/XdrString.java
----------------------------------------------------------------------
diff --git a/kerby-common/kerby-xdr/src/main/java/org/apache/kerby/xdr/type/XdrString.java b/kerby-common/kerby-xdr/src/main/java/org/apache/kerby/xdr/type/XdrString.java
new file mode 100644
index 0000000..32b2302
--- /dev/null
+++ b/kerby-common/kerby-xdr/src/main/java/org/apache/kerby/xdr/type/XdrString.java
@@ -0,0 +1,346 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.xdr.type;
+
+import org.apache.kerby.xdr.XdrDataType;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.OutputStream;
+import java.nio.ByteBuffer;
+import java.nio.charset.StandardCharsets;
+import java.util.ArrayList;
+import java.util.List;
+
+/*
+ * From RFC 4506 :
+ *
+ * 0 1 2 3 4 5 ...
+ * +-----+-----+-----+-----+-----+-----+...+-----+-----+...+-----+
+ * | length n |byte0|byte1|...| n-1 | 0 |...| 0 |
+ * +-----+-----+-----+-----+-----+-----+...+-----+-----+...+-----+
+ * |<-------4 bytes------->|<------n bytes------>|<---r bytes--->|
+ * |<----n+r (where (n+r) mod 4 = 0)---->|
+ * STRING
+ */
+public class XdrString extends XdrSimple<String> {
+ private int padding;
+
+ public XdrString() {
+ this((String) null);
+ }
+
+ public XdrString(String value) {
+ super(XdrDataType.STRING, value);
+ }
+
+ @Override
+ protected void toBytes() {
+ if (getValue() != null) {
+ /**Default value of byte is 0. So we don't have to initialize it with 0*/
+ byte[] bytes = new byte[encodingBodyLength()];
+ int length = bytes.length - padding - 4;
+ bytes[0] = (byte) (length >> 24);
+ bytes[1] = (byte) (length >> 16);
+ bytes[2] = (byte) (length >> 8);
+ bytes[3] = (byte) (length);
+ System.arraycopy(getValue().getBytes(), 0, bytes, 4, length);
+ setBytes(bytes);
+ }
+ }
+
+ @Override
+ protected int encodingBodyLength() {
+ if (getValue() != null) {
+ padding = (4 - getValue().length() % 4) % 4;
+ return getValue().length() + padding + 4;
+ }
+ return 0;
+ }
+
+ protected void toValue() throws IOException {
+ byte[] bytes = getBytes();
+ byte[] header = new byte[4];
+ System.arraycopy(bytes, 0, header, 0, 4);
+ int stringLen = ByteBuffer.wrap(header).getInt();
+ int paddingBytes = (4 - (stringLen % 4)) % 4;
+ validatePaddingBytes(paddingBytes);
+ setPadding(paddingBytes);
+
+ if (bytes.length != stringLen + 4 + paddingBytes) {
+ int totalLength = stringLen + paddingBytes + 4;
+ byte[] stringBytes = ByteBuffer.allocate(totalLength).put(getBytes(),
+ 0, totalLength).array();
+ /**reset bytes in case the enum type is in a struct or union*/
+ setBytes(stringBytes);
+ }
+
+ byte[] content = new byte[stringLen];
+ if (bytes.length > 1) {
+ System.arraycopy(bytes, 4, content, 0, stringLen);
+ }
+ setValue(new String(content, StandardCharsets.US_ASCII));
+ }
+
+ public void setPadding(int padding) {
+ this.padding = padding;
+ }
+
+ public int getPadding() {
+ return padding;
+ }
+
+ public static String fromUTF8ByteArray(byte[] bytes) {
+ int i = 0;
+ int length = 0;
+
+ while (i < bytes.length) {
+ length++;
+ if ((bytes[i] & 0xf0) == 0xf0) {
+ // surrogate pair
+ length++;
+ i += 4;
+ } else if ((bytes[i] & 0xe0) == 0xe0) {
+ i += 3;
+ } else if ((bytes[i] & 0xc0) == 0xc0) {
+ i += 2;
+ } else {
+ i += 1;
+ }
+ }
+
+ char[] cs = new char[length];
+ i = 0;
+ length = 0;
+
+ while (i < bytes.length) {
+ char ch;
+
+ if ((bytes[i] & 0xf0) == 0xf0) {
+ int codePoint = ((bytes[i] & 0x03) << 18) | ((bytes[i + 1] & 0x3F) << 12)
+ | ((bytes[i + 2] & 0x3F) << 6) | (bytes[i + 3] & 0x3F);
+ int u = codePoint - 0x10000;
+ char w1 = (char) (0xD800 | (u >> 10));
+ char w2 = (char) (0xDC00 | (u & 0x3FF));
+ cs[length++] = w1;
+ ch = w2;
+ i += 4;
+ } else if ((bytes[i] & 0xe0) == 0xe0) {
+ ch = (char) (((bytes[i] & 0x0f) << 12)
+ | ((bytes[i + 1] & 0x3f) << 6) | (bytes[i + 2] & 0x3f));
+ i += 3;
+ } else if ((bytes[i] & 0xd0) == 0xd0) {
+ ch = (char) (((bytes[i] & 0x1f) << 6) | (bytes[i + 1] & 0x3f));
+ i += 2;
+ } else if ((bytes[i] & 0xc0) == 0xc0) {
+ ch = (char) (((bytes[i] & 0x1f) << 6) | (bytes[i + 1] & 0x3f));
+ i += 2;
+ } else {
+ ch = (char) (bytes[i] & 0xff);
+ i += 1;
+ }
+
+ cs[length++] = ch;
+ }
+
+ return new String(cs);
+ }
+
+ public static byte[] toUTF8ByteArray(String string) {
+ return toUTF8ByteArray(string.toCharArray());
+ }
+
+ public static byte[] toUTF8ByteArray(char[] string) {
+ ByteArrayOutputStream bOut = new ByteArrayOutputStream();
+
+ try {
+ toUTF8ByteArray(string, bOut);
+ } catch (IOException e) {
+ throw new IllegalStateException("cannot encode string to byte array!");
+ }
+
+ return bOut.toByteArray();
+ }
+
+ public static void toUTF8ByteArray(char[] string, OutputStream sOut) throws IOException {
+ char[] c = string;
+ int i = 0;
+
+ while (i < c.length) {
+ char ch = c[i];
+
+ if (ch < 0x0080) {
+ sOut.write(ch);
+ } else if (ch < 0x0800) {
+ sOut.write(0xc0 | (ch >> 6));
+ sOut.write(0x80 | (ch & 0x3f));
+ } else if (ch >= 0xD800 && ch <= 0xDFFF) {
+ // in error - can only happen, if the Java String class has a
+ // bug.
+ if (i + 1 >= c.length) {
+ throw new IllegalStateException("invalid UTF-16 codepoint");
+ }
+ char w1 = ch;
+ ch = c[++i];
+ char w2 = ch;
+ // in error - can only happen, if the Java String class has a
+ // bug.
+ if (w1 > 0xDBFF) {
+ throw new IllegalStateException("invalid UTF-16 codepoint");
+ }
+ int codePoint = ((w1 & 0x03FF) << 10) | (w2 & 0x03FF) + 0x10000;
+ sOut.write(0xf0 | (codePoint >> 18));
+ sOut.write(0x80 | ((codePoint >> 12) & 0x3F));
+ sOut.write(0x80 | ((codePoint >> 6) & 0x3F));
+ sOut.write(0x80 | (codePoint & 0x3F));
+ } else {
+ sOut.write(0xe0 | (ch >> 12));
+ sOut.write(0x80 | ((ch >> 6) & 0x3F));
+ sOut.write(0x80 | (ch & 0x3F));
+ }
+
+ i++;
+ }
+ }
+
+ /**
+ * A locale independent version of toUpperCase.
+ *
+ * @param string input to be converted
+ * @return a US Ascii uppercase version
+ */
+ public static String toUpperCase(String string) {
+ boolean changed = false;
+ char[] chars = string.toCharArray();
+
+ for (int i = 0; i != chars.length; i++) {
+ char ch = chars[i];
+ if ('a' <= ch && 'z' >= ch) {
+ changed = true;
+ chars[i] = (char) (ch - 'a' + 'A');
+ }
+ }
+
+ if (changed) {
+ return new String(chars);
+ }
+
+ return string;
+ }
+
+ /**
+ * A locale independent version of toLowerCase.
+ *
+ * @param string input to be converted
+ * @return a US ASCII lowercase version
+ */
+ public static String toLowerCase(String string) {
+ boolean changed = false;
+ char[] chars = string.toCharArray();
+
+ for (int i = 0; i != chars.length; i++) {
+ char ch = chars[i];
+ if ('A' <= ch && 'Z' >= ch) {
+ changed = true;
+ chars[i] = (char) (ch - 'A' + 'a');
+ }
+ }
+
+ if (changed) {
+ return new String(chars);
+ }
+
+ return string;
+ }
+
+ public static byte[] toByteArray(char[] chars) {
+ byte[] bytes = new byte[chars.length];
+
+ for (int i = 0; i != bytes.length; i++) {
+ bytes[i] = (byte) chars[i];
+ }
+
+ return bytes;
+ }
+
+ public static byte[] toByteArray(String string) {
+ byte[] bytes = new byte[string.length()];
+
+ for (int i = 0; i != bytes.length; i++) {
+ char ch = string.charAt(i);
+
+ bytes[i] = (byte) ch;
+ }
+
+ return bytes;
+ }
+
+ /**
+ * Convert an array of 8 bit characters into a string.
+ *
+ * @param bytes 8 bit characters.
+ * @return resulting String.
+ */
+ public static String fromByteArray(byte[] bytes) {
+ return new String(asCharArray(bytes));
+ }
+
+ /**
+ * Do a simple conversion of an array of 8 bit characters into a string.
+ *
+ * @param bytes 8 bit characters.
+ * @return resulting String.
+ */
+ public static char[] asCharArray(byte[] bytes) {
+ char[] chars = new char[bytes.length];
+
+ for (int i = 0; i != chars.length; i++) {
+ chars[i] = (char) (bytes[i] & 0xff);
+ }
+
+ return chars;
+ }
+
+ public static String[] split(String input, char delimiter) {
+ List<String> v = new ArrayList<String>();
+ boolean moreTokens = true;
+ String subString;
+
+ while (moreTokens) {
+ int tokenLocation = input.indexOf(delimiter);
+ if (tokenLocation > 0) {
+ subString = input.substring(0, tokenLocation);
+ v.add(subString);
+ input = input.substring(tokenLocation + 1);
+ } else {
+ moreTokens = false;
+ v.add(input);
+ }
+ }
+
+ return v.toArray(new String[v.size()]);
+ }
+
+ private void validatePaddingBytes(int paddingBytes) throws IOException {
+ if (paddingBytes < 0 || paddingBytes > 3) {
+ throw new IOException("Bad padding number: " + paddingBytes + ", should be in [0, 3]");
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-common/kerby-xdr/src/main/java/org/apache/kerby/xdr/type/XdrStructType.java
----------------------------------------------------------------------
diff --git a/kerby-common/kerby-xdr/src/main/java/org/apache/kerby/xdr/type/XdrStructType.java b/kerby-common/kerby-xdr/src/main/java/org/apache/kerby/xdr/type/XdrStructType.java
new file mode 100644
index 0000000..6bb74a5
--- /dev/null
+++ b/kerby-common/kerby-xdr/src/main/java/org/apache/kerby/xdr/type/XdrStructType.java
@@ -0,0 +1,99 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.xdr.type;
+
+import org.apache.kerby.xdr.XdrDataType;
+import org.apache.kerby.xdr.XdrFieldInfo;
+
+import java.io.IOException;
+import java.nio.ByteBuffer;
+
+/**
+ * For collection type that may consist of dataTypeged fields
+ */
+public abstract class XdrStructType extends AbstractXdrType<XdrStructType> {
+ private XdrFieldInfo[] fieldInfos;
+ private XdrType[] fields;
+
+ public XdrStructType(XdrDataType xdrDataType) {
+ super(xdrDataType);
+ this.fieldInfos = null;
+ this.fields = null;
+ }
+
+ public XdrStructType(XdrDataType xdrDataType,
+ final XdrFieldInfo[] fieldInfos) {
+ super(xdrDataType);
+ this.fieldInfos = fieldInfos;
+ this.fields = new XdrType[fieldInfos.length];
+
+ getStructTypeInstance(this.fields, fieldInfos);
+ }
+
+ protected abstract void getStructTypeInstance(final XdrType[] fields, final XdrFieldInfo[] fieldInfos);
+
+ public XdrFieldInfo[] getXdrFieldInfos() {
+ return fieldInfos;
+ }
+
+ @Override
+ protected int encodingBodyLength() throws IOException {
+ int allLen = 0;
+ for (int i = 0; i < fields.length; ++i) {
+ AbstractXdrType field = (AbstractXdrType) fields[i];
+ if (field != null) {
+ allLen += field.encodingLength();
+ }
+ }
+ return allLen;
+ }
+
+ @Override
+ protected void encodeBody(ByteBuffer buffer) throws IOException {
+ for (int i = 0; i < fields.length; ++i) {
+ XdrType field = fields[i];
+ if (field != null) {
+ field.encode(buffer);
+ }
+ }
+ }
+
+ @Override
+ public void decode(ByteBuffer content) throws IOException {
+ AbstractXdrType[] fields = getAllFields();
+ Object[] value;
+ for (int i = 0; i < fields.length; i++) {
+ if (fields[i] != null) {
+ fields[i].decode(content);
+ int length = fields[i].encodingLength();
+ byte[] array = content.array();
+ byte[] newArray = new byte[array.length - length];
+ System.arraycopy(array, length, newArray, 0, array.length - length);
+ content = ByteBuffer.wrap(newArray);
+ }
+ }
+ this.fields = fields;
+ setValue(fieldsToValues(fields));
+ }
+
+ protected abstract XdrStructType fieldsToValues(AbstractXdrType[] fields);
+
+ protected abstract AbstractXdrType[] getAllFields();
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-common/kerby-xdr/src/main/java/org/apache/kerby/xdr/type/XdrType.java
----------------------------------------------------------------------
diff --git a/kerby-common/kerby-xdr/src/main/java/org/apache/kerby/xdr/type/XdrType.java b/kerby-common/kerby-xdr/src/main/java/org/apache/kerby/xdr/type/XdrType.java
new file mode 100644
index 0000000..6840e59
--- /dev/null
+++ b/kerby-common/kerby-xdr/src/main/java/org/apache/kerby/xdr/type/XdrType.java
@@ -0,0 +1,62 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.xdr.type;
+
+import java.io.IOException;
+import java.nio.ByteBuffer;
+
+/**
+ * The ASN1 type interface for all ASN1 types.
+ */
+public interface XdrType {
+
+ /**
+ * Get length of encoding bytes by just calculating without real encoding.
+ * Generally it's called to prepare for the encoding buffer.
+ * @return length of encoding bytes
+ */
+ int encodingLength() throws IOException;
+
+ /**
+ * Encode the type, by recursively.
+ * @return encoded bytes
+ */
+ byte[] encode() throws IOException;
+
+ /**
+ * Encode the type, by recursively, using the provided buffer.
+ * @param buffer The byte buffer
+ */
+ void encode(ByteBuffer buffer) throws IOException;
+
+ /**
+ * Decode the content bytes into this type.
+ * @param content The content bytes
+ * @throws IOException e
+ */
+ void decode(byte[] content) throws IOException;
+
+ /**
+ * Decode the content bytes into this type.
+ * @param content The content bytes
+ * @throws IOException e
+ */
+ void decode(ByteBuffer content) throws IOException;
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-common/kerby-xdr/src/main/java/org/apache/kerby/xdr/type/XdrUnion.java
----------------------------------------------------------------------
diff --git a/kerby-common/kerby-xdr/src/main/java/org/apache/kerby/xdr/type/XdrUnion.java b/kerby-common/kerby-xdr/src/main/java/org/apache/kerby/xdr/type/XdrUnion.java
new file mode 100644
index 0000000..b7dc59c
--- /dev/null
+++ b/kerby-common/kerby-xdr/src/main/java/org/apache/kerby/xdr/type/XdrUnion.java
@@ -0,0 +1,131 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.xdr.type;
+
+import org.apache.kerby.xdr.XdrDataType;
+import org.apache.kerby.xdr.XdrFieldInfo;
+
+import java.io.IOException;
+import java.nio.ByteBuffer;
+
+/**
+ * A discriminated union is a type composed of a discriminant followed
+ * by a type selected from a set of prearranged types according to the
+ * value of the discriminant. The type of discriminant is either "int",
+ * "unsigned int", or an enumerated type, such as "bool". The component
+ * types are called "arms" of the union and are preceded by the value of
+ * the discriminant that implies their encoding. Discriminated unions
+ * are declared as follows:
+ *
+ * union switch (discriminant-declaration) {
+ * case discriminant-value-A:
+ * arm-declaration-A;
+ * case discriminant-value-B:
+ * arm-declaration-B;
+ * ...
+ * default: default-declaration;
+ * } identifier;
+ * Each "case" keyword is followed by a legal value of the discriminant.
+ * The default arm is optional. If it is not specified, then a valid
+ * encoding of the union cannot take on unspecified discriminant values.
+ * The size of the implied arm is always a multiple of four bytes.
+ *
+ * The discriminated union is encoded as its discriminant followed by
+ * the encoding of the implied arm.
+ * 0 1 2 3
+ * +---+---+---+---+---+---+---+---+
+ * | discriminant | implied arm |
+ * +---+---+---+---+---+---+---+---+
+ * |<---4 bytes--->|
+ */
+public abstract class XdrUnion extends AbstractXdrType<XdrUnion> {
+ /**
+ * [0] is the discriminant
+ * index, XdrDataType, value;
+ * [1] is the implied arm
+ */
+ private XdrFieldInfo[] fieldInfos;
+ private XdrType[] fields;
+
+ public XdrUnion(XdrDataType xdrDataType) {
+ super(xdrDataType);
+ this.fieldInfos = null;
+ this.fields = null;
+ }
+
+ public XdrUnion(XdrDataType xdrDataType,
+ final XdrFieldInfo[] fieldInfos) {
+ super(xdrDataType);
+ this.fieldInfos = fieldInfos;
+ this.fields = new XdrType[fieldInfos.length];
+
+ getUnionInstance(this.fields, fieldInfos);
+ }
+
+ protected abstract void getUnionInstance(final XdrType[] fields, final XdrFieldInfo[] fieldInfos);
+
+ public XdrFieldInfo[] getXdrFieldInfos() {
+ return fieldInfos;
+ }
+
+ @Override
+ protected int encodingBodyLength() throws IOException {
+ int allLen = 0;
+ for (int i = 0; i < fields.length; i++) {
+ AbstractXdrType field = (AbstractXdrType) fields[i];
+ if (field != null) {
+ allLen += field.encodingLength();
+ }
+ }
+ return allLen;
+ }
+
+ @Override
+ protected void encodeBody(ByteBuffer buffer) throws IOException {
+ for (int i = 0; i < fields.length; ++i) {
+ XdrType field = fields[i];
+ if (field != null) {
+ field.encode(buffer);
+ }
+ }
+ }
+
+ @Override
+ public void decode(ByteBuffer content) throws IOException {
+ AbstractXdrType[] fields = getAllFields();
+ Object[] value;
+ for (int i = 0; i < fields.length; i++) {
+ if (fields[i] != null) {
+ fields[i].decode(content);
+ int length = fields[i].encodingLength();
+ byte[] array = content.array();
+ byte[] newArray = new byte[array.length - length];
+ System.arraycopy(array, length, newArray, 0, array.length - length);
+ content = ByteBuffer.wrap(newArray);
+ }
+ }
+ this.fields = fields;
+ setValue(fieldsToValues(fields));
+ }
+
+ protected abstract XdrUnion fieldsToValues(AbstractXdrType[] fields);
+
+ protected abstract AbstractXdrType[] getAllFields();
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-common/kerby-xdr/src/main/java/org/apache/kerby/xdr/type/XdrUnsignedInteger.java
----------------------------------------------------------------------
diff --git a/kerby-common/kerby-xdr/src/main/java/org/apache/kerby/xdr/type/XdrUnsignedInteger.java b/kerby-common/kerby-xdr/src/main/java/org/apache/kerby/xdr/type/XdrUnsignedInteger.java
new file mode 100644
index 0000000..ad1df69
--- /dev/null
+++ b/kerby-common/kerby-xdr/src/main/java/org/apache/kerby/xdr/type/XdrUnsignedInteger.java
@@ -0,0 +1,100 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.xdr.type;
+
+import org.apache.kerby.xdr.XdrDataType;
+
+import java.io.IOException;
+import java.nio.ByteBuffer;
+
+/**
+ * Xdr Unsigned Integer type from RFC 4506
+ * An XDR unsigned integer is a 32-bit datum that encodes
+ * a non-negative integer in the range [0,4294967295].
+ * It is represented by an unsigned binary number whose most
+ * and least significant bytes are 0 and 3, respectively.
+ * An unsigned integer is declared as follows:
+ * unsigned int identifier;
+ *
+ * (MSB) (LSB)
+ * +-------+-------+-------+-------+
+ * |byte 0 |byte 1 |byte 2 |byte 3 |
+ * +-------+-------+-------+-------+
+ * <------------32 bits------------>
+ */
+public class XdrUnsignedInteger extends XdrSimple<Long> {
+ public XdrUnsignedInteger() {
+ this((Long) null);
+ }
+
+ public XdrUnsignedInteger(String value) {
+ this(Long.valueOf(value));
+ }
+
+ public XdrUnsignedInteger(Long value) {
+ super(XdrDataType.UNSIGNED_INTEGER, value);
+ }
+
+ /**
+ * The length of an unsigned integer is 4.
+ * @return Length of a unsigned integer type.
+ */
+ @Override
+ protected int encodingBodyLength() {
+ return 4; /**Length of XdrInteger is fixed as 4 bytes*/
+ }
+
+ /**
+ * Encode Unsigned Integer type to bytes.
+ */
+ @Override
+ protected void toBytes() throws IOException {
+ Long value = getValue();
+ validateUnsignedInteger(value); /**Check whether the long value is valid unsigned int*/
+ ByteBuffer buffer = ByteBuffer.allocate(8);
+ buffer.putLong(value);
+ byte[] bytes = new byte[4]; /**The encoding length is 4*/
+ System.arraycopy(buffer.array(), 4, bytes, 0, 4);
+ setBytes(bytes);
+ }
+
+ private void validateUnsignedInteger(Long value) throws IOException {
+ if (value < 0 || value > 4294967295L) {
+ throw new IOException("Invalid unsigned integer: " + value);
+ }
+ }
+
+ /**
+ * Decode bytes to Unsigned Integer value.
+ */
+ @Override
+ protected void toValue() {
+ if (getBytes().length != 4) {
+ byte[] bytes = ByteBuffer.allocate(4).put(getBytes(), 0, 4).array();
+ setBytes(bytes); /**reset bytes in case the enum type is in a struct or union*/
+ }
+
+ byte[] longBytes = {(byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
+ (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00};
+ System.arraycopy(getBytes(), 0, longBytes, 4, 4);
+ ByteBuffer buffer = ByteBuffer.wrap(longBytes);
+ setValue(buffer.getLong());
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-common/kerby-xdr/src/main/java/org/apache/kerby/xdr/util/HexUtil.java
----------------------------------------------------------------------
diff --git a/kerby-common/kerby-xdr/src/main/java/org/apache/kerby/xdr/util/HexUtil.java b/kerby-common/kerby-xdr/src/main/java/org/apache/kerby/xdr/util/HexUtil.java
new file mode 100644
index 0000000..70a2b1c
--- /dev/null
+++ b/kerby-common/kerby-xdr/src/main/java/org/apache/kerby/xdr/util/HexUtil.java
@@ -0,0 +1,113 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.xdr.util;
+
+/**
+ * This is only for test, be careful when use in production codes.
+ */
+public class HexUtil {
+
+ static final String HEX_CHARS_STR = "0123456789ABCDEF";
+ static final char[] HEX_CHARS = HEX_CHARS_STR.toCharArray();
+
+ /**
+ * Convert bytes into friendly format as:
+ * 0x02 02 00 80
+ */
+ public static String bytesToHexFriendly(byte[] bytes) {
+ int len = bytes.length * 2;
+ len += bytes.length; // for ' ' appended for each char
+ len += 2; // for '0x' prefix
+ char[] hexChars = new char[len];
+ hexChars[0] = '0';
+ hexChars[1] = 'x';
+ for (int j = 0; j < bytes.length; j++) {
+ int v = bytes[j] & 0xFF;
+ hexChars[j * 3 + 2] = HEX_CHARS[v >>> 4];
+ hexChars[j * 3 + 3] = HEX_CHARS[v & 0x0F];
+ hexChars[j * 3 + 4] = ' ';
+ }
+
+ return new String(hexChars);
+ }
+
+ /**
+ * Convert friendly hex string like follows into byte array
+ * 0x02 02 00 80
+ */
+ public static byte[] hex2bytesFriendly(String hexString) {
+ hexString = hexString.toUpperCase();
+ String hexStr = hexString;
+ if (hexString.startsWith("0X")) {
+ hexStr = hexString.substring(2);
+ }
+ String[] hexParts = hexStr.split(" ");
+
+ byte[] bytes = new byte[hexParts.length];
+ char[] hexPart;
+ for (int i = 0; i < hexParts.length; ++i) {
+ hexPart = hexParts[i].toCharArray();
+ if (hexPart.length != 2) {
+ throw new IllegalArgumentException("Invalid hex string to convert");
+ }
+ bytes[i] = (byte) ((HEX_CHARS_STR.indexOf(hexPart[0]) << 4)
+ + HEX_CHARS_STR.indexOf(hexPart[1]));
+ }
+
+ return bytes;
+ }
+
+ /**
+ * Convert bytes into format as:
+ * 02020080
+ * @param bytes The bytes
+ * @return The hex string
+ */
+ public static String bytesToHex(byte[] bytes) {
+ int len = bytes.length * 2;
+ char[] hexChars = new char[len];
+ for (int j = 0; j < bytes.length; j++) {
+ int v = bytes[j] & 0xFF;
+ hexChars[j * 2] = HEX_CHARS[v >>> 4];
+ hexChars[j * 2 + 1] = HEX_CHARS[v & 0x0F];
+ }
+
+ return new String(hexChars);
+ }
+
+ /**
+ * Convert hex string like follows into byte array
+ * 02020080
+ * @param hexString The hex string
+ * @return The bytes
+ */
+ public static byte[] hex2bytes(String hexString) {
+ hexString = hexString.toUpperCase();
+ int len = hexString.length() / 2;
+ byte[] bytes = new byte[len];
+ char[] hexChars = hexString.toCharArray();
+ for (int i = 0, j = 0; i < len; ++i) {
+ bytes[i] = (byte) ((HEX_CHARS_STR.indexOf(hexChars[j++]) << 4)
+ + HEX_CHARS_STR.indexOf(hexChars[j++]));
+ }
+
+ return bytes;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-common/kerby-xdr/src/main/java/org/apache/kerby/xdr/util/IOUtil.java
----------------------------------------------------------------------
diff --git a/kerby-common/kerby-xdr/src/main/java/org/apache/kerby/xdr/util/IOUtil.java b/kerby-common/kerby-xdr/src/main/java/org/apache/kerby/xdr/util/IOUtil.java
new file mode 100644
index 0000000..2136511
--- /dev/null
+++ b/kerby-common/kerby-xdr/src/main/java/org/apache/kerby/xdr/util/IOUtil.java
@@ -0,0 +1,109 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.xdr.util;
+
+import java.io.ByteArrayOutputStream;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.nio.ByteBuffer;
+import java.nio.channels.FileChannel;
+
+/**
+ * Some IO and file related utilities.
+ */
+public final class IOUtil {
+ private IOUtil() { }
+
+ public static byte[] readInputStream(InputStream in) throws IOException {
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ byte[] buffer = new byte[1024];
+ int length = 0;
+ while ((length = in.read(buffer)) != -1) {
+ baos.write(buffer, 0, length);
+ }
+ in.close();
+ return baos.toByteArray();
+ }
+
+ public static void readInputStream(InputStream in,
+ byte[] buf) throws IOException {
+ int toRead = buf.length;
+ int off = 0;
+ while (toRead > 0) {
+ int ret = in.read(buf, off, toRead);
+ if (ret < 0) {
+ throw new IOException("Bad inputStream, premature EOF");
+ }
+ toRead -= ret;
+ off += ret;
+ }
+ in.close();
+ }
+
+ /**
+ * Read an input stream and return the content as string assuming UTF8.
+ * @param in The input stream
+ * @return The content
+ * @throws IOException e
+ */
+ public static String readInput(InputStream in) throws IOException {
+ byte[] content = readInputStream(in);
+ return Utf8.toString(content);
+ }
+
+ /**
+ * Read a file and return the content as string assuming UTF8.
+ * @param file The file to read
+ * @return The content
+ * @throws IOException e
+ */
+ public static String readFile(File file) throws IOException {
+ long len = 0;
+ if (file.length() >= Integer.MAX_VALUE) {
+ throw new IOException("Too large file, unexpected!");
+ } else {
+ len = file.length();
+ }
+ byte[] buf = new byte[(int) len];
+
+ InputStream is = new FileInputStream(file);
+ readInputStream(is, buf);
+
+ return Utf8.toString(buf);
+ }
+
+ /**
+ * Write a file with the content assuming UTF8.
+ * @param content The content
+ * @param file The file to write
+ * @throws IOException e
+ */
+ public static void writeFile(String content, File file) throws IOException {
+ FileOutputStream outputStream = new FileOutputStream(file);
+ FileChannel fc = outputStream.getChannel();
+
+ ByteBuffer buffer = ByteBuffer.wrap(Utf8.toBytes(content));
+ fc.write(buffer);
+ outputStream.close();
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-common/kerby-xdr/src/main/java/org/apache/kerby/xdr/util/Utf8.java
----------------------------------------------------------------------
diff --git a/kerby-common/kerby-xdr/src/main/java/org/apache/kerby/xdr/util/Utf8.java b/kerby-common/kerby-xdr/src/main/java/org/apache/kerby/xdr/util/Utf8.java
new file mode 100644
index 0000000..374c16f
--- /dev/null
+++ b/kerby-common/kerby-xdr/src/main/java/org/apache/kerby/xdr/util/Utf8.java
@@ -0,0 +1,34 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.xdr.util;
+
+import java.nio.charset.StandardCharsets;
+
+public final class Utf8 {
+ private Utf8() { }
+
+ public static String toString(byte[] bytes) {
+ return new String(bytes, StandardCharsets.UTF_8);
+ }
+
+ public static byte[] toBytes(String s) {
+ return s.getBytes(StandardCharsets.UTF_8);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-common/kerby-xdr/src/main/java/org/apache/kerby/xdr/util/XdrUtil.java
----------------------------------------------------------------------
diff --git a/kerby-common/kerby-xdr/src/main/java/org/apache/kerby/xdr/util/XdrUtil.java b/kerby-common/kerby-xdr/src/main/java/org/apache/kerby/xdr/util/XdrUtil.java
new file mode 100644
index 0000000..880bbb0
--- /dev/null
+++ b/kerby-common/kerby-xdr/src/main/java/org/apache/kerby/xdr/util/XdrUtil.java
@@ -0,0 +1,26 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.xdr.util;
+
+public final class XdrUtil {
+ private XdrUtil() {
+
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-common/kerby-xdr/src/test/java/org/apache/kerby/xdr/TestUtil.java
----------------------------------------------------------------------
diff --git a/kerby-common/kerby-xdr/src/test/java/org/apache/kerby/xdr/TestUtil.java b/kerby-common/kerby-xdr/src/test/java/org/apache/kerby/xdr/TestUtil.java
new file mode 100644
index 0000000..6a3d9e8
--- /dev/null
+++ b/kerby-common/kerby-xdr/src/test/java/org/apache/kerby/xdr/TestUtil.java
@@ -0,0 +1,47 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.xdr;
+
+import org.apache.kerby.xdr.util.HexUtil;
+import org.apache.kerby.xdr.util.IOUtil;
+
+import java.io.IOException;
+import java.io.InputStream;
+
+public final class TestUtil {
+ private TestUtil() {
+
+ }
+
+ static byte[] readBytesFromTxtFile(String resource) throws IOException {
+ String hexStr = readStringFromTxtFile(resource);
+ return HexUtil.hex2bytes(hexStr);
+ }
+
+ static String readStringFromTxtFile(String resource) throws IOException {
+ InputStream is = TestUtil.class.getResourceAsStream(resource);
+ return IOUtil.readInput(is);
+ }
+
+ static byte[] readBytesFromBinFile(String resource) throws IOException {
+ InputStream is = TestUtil.class.getResourceAsStream(resource);
+ return IOUtil.readInputStream(is);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-common/kerby-xdr/src/test/java/org/apache/kerby/xdr/XdrBooleanTest.java
----------------------------------------------------------------------
diff --git a/kerby-common/kerby-xdr/src/test/java/org/apache/kerby/xdr/XdrBooleanTest.java b/kerby-common/kerby-xdr/src/test/java/org/apache/kerby/xdr/XdrBooleanTest.java
new file mode 100644
index 0000000..0d7b0f2
--- /dev/null
+++ b/kerby-common/kerby-xdr/src/test/java/org/apache/kerby/xdr/XdrBooleanTest.java
@@ -0,0 +1,60 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.xdr;
+
+import org.apache.kerby.xdr.type.XdrBoolean;
+import org.apache.kerby.xdr.util.HexUtil;
+import org.junit.Test;
+
+import java.io.IOException;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+public class XdrBooleanTest {
+ @Test
+ public void testEncoding() throws IOException {
+ testEncodingWith(true, "0x00 00 00 01");
+ testEncodingWith(false, "0x00 00 00 00");
+ //what about undefined codeBytes?
+ }
+
+ private void testEncodingWith(Boolean value, String expectedEncoding) throws IOException {
+ byte[] expected = HexUtil.hex2bytesFriendly(expectedEncoding);
+ XdrBoolean aValue = new XdrBoolean(value);
+
+ byte[] encodingBytes = aValue.encode();
+ assertThat(encodingBytes).isEqualTo(expected);
+ }
+
+ @Test
+ public void testDecoding() throws IOException {
+ testDecodingWith(true, "0x00 00 00 01");
+ testDecodingWith(false, "0x00 00 00 00");
+ //what about undefined codeBytes?
+ }
+
+ private void testDecodingWith(Boolean expectedValue, String content) throws IOException {
+ XdrBoolean decoded = new XdrBoolean();
+
+ decoded.decode(HexUtil.hex2bytesFriendly(content));
+ assertThat(decoded.getValue()).isEqualTo(expectedValue);
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-common/kerby-xdr/src/test/java/org/apache/kerby/xdr/XdrEnumeratedInstance.java
----------------------------------------------------------------------
diff --git a/kerby-common/kerby-xdr/src/test/java/org/apache/kerby/xdr/XdrEnumeratedInstance.java b/kerby-common/kerby-xdr/src/test/java/org/apache/kerby/xdr/XdrEnumeratedInstance.java
new file mode 100644
index 0000000..e35d03c
--- /dev/null
+++ b/kerby-common/kerby-xdr/src/test/java/org/apache/kerby/xdr/XdrEnumeratedInstance.java
@@ -0,0 +1,56 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.xdr;
+
+import org.apache.kerby.xdr.type.XdrEnumerated;
+
+enum Color implements EnumType {
+ RED(2),
+ YELLOW(3),
+ BLUE(5);
+ int value;
+ Color(int value) {
+ this.value = value;
+ }
+
+ public int getValue() {
+ return value;
+ }
+
+ public String getName() {
+ return name();
+ }
+}
+
+public class XdrEnumeratedInstance extends XdrEnumerated<Color> {
+
+ public XdrEnumeratedInstance() {
+ super(null);
+ }
+
+ public XdrEnumeratedInstance(Color value) {
+ super(value);
+ }
+ @Override
+ protected EnumType[] getAllEnumValues() {
+ return Color.values();
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-common/kerby-xdr/src/test/java/org/apache/kerby/xdr/XdrEnumeratedTest.java
----------------------------------------------------------------------
diff --git a/kerby-common/kerby-xdr/src/test/java/org/apache/kerby/xdr/XdrEnumeratedTest.java b/kerby-common/kerby-xdr/src/test/java/org/apache/kerby/xdr/XdrEnumeratedTest.java
new file mode 100644
index 0000000..2a3096a
--- /dev/null
+++ b/kerby-common/kerby-xdr/src/test/java/org/apache/kerby/xdr/XdrEnumeratedTest.java
@@ -0,0 +1,58 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.xdr;
+
+import org.apache.kerby.xdr.type.XdrEnumerated;
+import org.apache.kerby.xdr.util.HexUtil;
+import org.junit.Test;
+import java.io.IOException;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+public class XdrEnumeratedTest {
+ @Test
+ public void testEncoding() throws IOException {
+ testEncodingWith(Color.RED, "0x00 00 00 02");
+ testEncodingWith(Color.YELLOW, "0x00 00 00 03");
+ testEncodingWith(Color.BLUE, "0x00 00 00 05");
+ }
+
+ private void testEncodingWith(Color value, String expectedEncoding) throws IOException {
+ byte[] expected = HexUtil.hex2bytesFriendly(expectedEncoding);
+ XdrEnumerated aValue = new XdrEnumeratedInstance(value);
+
+ byte[] encodingBytes = aValue.encode();
+ assertThat(encodingBytes).isEqualTo(expected);
+ }
+
+
+ @Test
+ public void testDecoding() throws IOException {
+ testDecodingWith(Color.RED, "0x00 00 00 02");
+ testDecodingWith(Color.YELLOW, "0x00 00 00 03");
+ testDecodingWith(Color.BLUE, "0x00 00 00 05");
+ }
+
+ private void testDecodingWith(Color expectedValue, String content) throws IOException {
+ XdrEnumerated decoded = new XdrEnumeratedInstance();
+ decoded.decode(HexUtil.hex2bytesFriendly(content));
+ assertThat(decoded.getValue()).isEqualTo(expectedValue);
+ }
+}
[26/27] directory-kerby git commit: Checkstyle fix
Posted by pl...@apache.org.
Checkstyle fix
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/ff14ab72
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/ff14ab72
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/ff14ab72
Branch: refs/heads/kpasswd
Commit: ff14ab72d51017ce52aa9118b25c0a211ca5fb84
Parents: 88a7c95
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Jul 6 11:51:34 2016 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Jul 6 11:51:34 2016 +0100
----------------------------------------------------------------------
.../kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ff14ab72/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
index ffd59c0..f332e62 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
@@ -305,7 +305,7 @@ public class PkinitPreauth extends AbstractPreauthPlugin {
try {
List<java.security.cert.Certificate> loadedCerts = CertificateHelper.loadCerts(identity);
if (!loadedCerts.isEmpty()) {
- certificates.add((X509Certificate)loadedCerts.iterator().next());
+ certificates.add((X509Certificate) loadedCerts.iterator().next());
}
} catch (KrbException e) {
LOG.warn("Error loading X.509 Certificate", e);
[19/27] directory-kerby git commit: DIRKRB-592 Merge kadmin-remote
branch to trunk.
Posted by pl...@apache.org.
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/RemoteAdminClientTool.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/RemoteAdminClientTool.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/RemoteAdminClientTool.java
new file mode 100644
index 0000000..27a8da2
--- /dev/null
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/RemoteAdminClientTool.java
@@ -0,0 +1,263 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin;
+
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.admin.kadmin.remote.AdminClient;
+import org.apache.kerby.kerberos.kerb.admin.kadmin.remote.AdminConfig;
+import org.apache.kerby.kerberos.kerb.admin.kadmin.remote.AdminUtil;
+import org.apache.kerby.kerberos.kerb.admin.kadmin.remote.command.RemoteAddPrincipalCommand;
+import org.apache.kerby.kerberos.kerb.admin.kadmin.remote.command.RemoteCommand;
+import org.apache.kerby.kerberos.kerb.admin.kadmin.remote.command.RemoteDeletePrincipalCommand;
+import org.apache.kerby.kerberos.kerb.admin.kadmin.remote.command.RemoteGetprincsCommand;
+import org.apache.kerby.kerberos.kerb.admin.kadmin.remote.command.RemotePrintUsageCommand;
+import org.apache.kerby.kerberos.kerb.admin.kadmin.remote.command.RemoteRenamePrincipalCommand;
+import org.apache.kerby.kerberos.kerb.common.KrbUtil;
+import org.apache.kerby.kerberos.kerb.server.KdcConfig;
+import org.apache.kerby.kerberos.kerb.server.KdcUtil;
+import org.apache.kerby.kerberos.kerb.transport.KrbNetwork;
+import org.apache.kerby.kerberos.kerb.transport.KrbTransport;
+import org.apache.kerby.kerberos.kerb.transport.TransportPair;
+import org.apache.kerby.util.OSUtil;
+
+import javax.security.auth.Subject;
+import javax.security.auth.login.LoginException;
+import javax.security.sasl.Sasl;
+import javax.security.sasl.SaslClient;
+import javax.security.sasl.SaslException;
+import java.io.File;
+import java.io.IOException;
+import java.nio.ByteBuffer;
+import java.security.PrivilegedAction;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Scanner;
+
+/**
+ * Command use of remote admin
+ */
+public class RemoteAdminClientTool {
+ private static final byte[] EMPTY = new byte[0];
+ private static KrbTransport transport;
+ private static final String PROMPT = RemoteAdminClientTool.class.getSimpleName() + ".local:";
+ private static final String USAGE = (OSUtil.isWindows()
+ ? "Usage: bin\\remote-admin-client.cmd" : "Usage: sh bin/remote-admin-client.sh")
+ + " <conf-file>\n"
+ + "\tExample:\n"
+ + "\t\t"
+ + (OSUtil.isWindows()
+ ? "bin\\remote-admin-client.cmd" : "sh bin/remote-admin-client.sh")
+ + " conf\n";
+
+ private static final String LEGAL_COMMANDS = "Available commands are: "
+ + "\n"
+ + "add_principal, addprinc\n"
+ + " Add principal\n"
+ + "delete_principal, delprinc\n"
+ + " Delete principal\n"
+ + "rename_principal, renprinc\n"
+ + " Rename principal\n"
+ + "listprincs\n"
+ + " List principals\n";
+
+ public static void main(String[] args) throws Exception {
+ AdminClient adminClient;
+
+ if (args.length < 1) {
+ System.err.println(USAGE);
+ System.exit(1);
+ }
+
+ String confDirPath = args[0];
+
+ File confFile = new File(confDirPath, "adminClient.conf");
+
+ final AdminConfig adminConfig = new AdminConfig();
+ adminConfig.addKrb5Config(confFile);
+
+ KdcConfig tmpKdcConfig = KdcUtil.getKdcConfig(new File(confDirPath));
+ if (tmpKdcConfig == null) {
+ tmpKdcConfig = new KdcConfig();
+ }
+
+ try {
+ Krb5Conf krb5Conf = new Krb5Conf(new File(confDirPath), tmpKdcConfig);
+ krb5Conf.initKrb5conf();
+ } catch (IOException e) {
+ throw new KrbException("Failed to make krb5.conf", e);
+ }
+
+ adminClient = new AdminClient(adminConfig);
+
+ File keytabFile = new File(adminConfig.getKeyTabFile());
+ if (keytabFile == null || !keytabFile.exists()) {
+ System.err.println("Need the valid keytab file value in conf file.");
+ return;
+ }
+
+ String adminRealm = adminConfig.getAdminRealm();
+
+ adminClient.setAdminRealm(adminRealm);
+ adminClient.setAllowTcp(true);
+ adminClient.setAllowUdp(false);
+ adminClient.setAdminTcpPort(adminConfig.getAdminPort());
+
+ adminClient.init();
+ System.out.println("admin init successful");
+
+ TransportPair tpair = null;
+ try {
+ tpair = AdminUtil.getTransportPair(adminClient.getSetting());
+ } catch (KrbException e) {
+ e.printStackTrace();
+ }
+ KrbNetwork network = new KrbNetwork();
+ network.setSocketTimeout(adminClient.getSetting().getTimeout());
+
+ try {
+ transport = network.connect(tpair);
+ } catch (IOException e) {
+ throw new KrbException("Failed to create transport", e);
+ }
+
+ String adminPrincipal = KrbUtil.makeKadminPrincipal(
+ adminClient.getSetting().getKdcRealm()).getName();
+ Subject subject = null;
+ try {
+ subject = AuthUtil.loginUsingKeytab(adminPrincipal,
+ new File(adminConfig.getKeyTabFile()));
+ } catch (LoginException e) {
+ e.printStackTrace();
+ }
+ Subject.doAs(subject, new PrivilegedAction<Object>() {
+ @Override
+ public Object run() {
+ try {
+
+ Map<String, String> props = new HashMap<String, String>();
+ props.put(Sasl.QOP, "auth-conf");
+ props.put(Sasl.SERVER_AUTH, "true");
+ SaslClient saslClient = null;
+ try {
+ String protocol = adminConfig.getProtocol();
+ String serverName = adminConfig.getServerName();
+ saslClient = Sasl.createSaslClient(new String[]{"GSSAPI"}, null,
+ protocol, serverName, props, null);
+ } catch (SaslException e) {
+ e.printStackTrace();
+ }
+ if (saslClient == null) {
+ throw new KrbException("Unable to find client implementation for: GSSAPI");
+ }
+ byte[] response = new byte[0];
+ try {
+ response = saslClient.hasInitialResponse()
+ ? saslClient.evaluateChallenge(EMPTY) : EMPTY;
+ } catch (SaslException e) {
+ e.printStackTrace();
+ }
+
+ sendMessage(response, saslClient);
+
+ ByteBuffer message = transport.receiveMessage();
+
+ while (!saslClient.isComplete()) {
+ int ssComplete = message.getInt();
+ if (ssComplete == 0) {
+ System.out.println("Sasl Server completed");
+ }
+ byte[] arr = new byte[message.remaining()];
+ message.get(arr);
+ byte[] challenge = saslClient.evaluateChallenge(arr);
+
+ sendMessage(challenge, saslClient);
+
+ if (!saslClient.isComplete()) {
+ message = transport.receiveMessage();
+ }
+ }
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ return null;
+ }
+ });
+
+ System.out.println("enter \"command\" to see legal commands.");
+
+ try (Scanner scanner = new Scanner(System.in, "UTF-8")) {
+ String input = scanner.nextLine();
+
+ while (!(input.equals("quit") || input.equals("exit") || input.equals("q"))) {
+ excute(adminClient, input);
+ System.out.print(PROMPT);
+ input = scanner.nextLine();
+ }
+ }
+ }
+
+ private static void sendMessage(byte[] challenge, SaslClient saslClient)
+ throws SaslException {
+
+ // 4 is the head to go through network
+ ByteBuffer buffer = ByteBuffer.allocate(challenge.length + 8);
+ buffer.putInt(challenge.length + 4);
+ int scComplete = saslClient.isComplete() ? 0 : 1;
+
+ buffer.putInt(scComplete);
+ buffer.put(challenge);
+ buffer.flip();
+
+ try {
+ transport.sendMessage(buffer);
+ } catch (IOException e) {
+ e.printStackTrace();
+ }
+ }
+
+ private static void excute(AdminClient adminClient, String input) throws KrbException {
+ input = input.trim();
+ if (input.startsWith("command")) {
+ System.out.println(LEGAL_COMMANDS);
+ return;
+ }
+
+ RemoteCommand executor = null;
+
+ if (input.startsWith("add_principal")
+ || input.startsWith("addprinc")) {
+ executor = new RemoteAddPrincipalCommand(adminClient);
+ } else if (input.startsWith("delete_principal")
+ || input.startsWith("delprinc")) {
+ executor = new RemoteDeletePrincipalCommand(adminClient);
+ } else if (input.startsWith("rename_principal")
+ || input.startsWith("renprinc")) {
+ executor = new RemoteRenamePrincipalCommand(adminClient);
+ } else if (input.startsWith("list_principals")) {
+ executor = new RemoteGetprincsCommand(adminClient);
+ } else if (input.startsWith("listprincs")) {
+ executor = new RemotePrintUsageCommand();
+ } else {
+ System.out.println(LEGAL_COMMANDS);
+ return;
+ }
+ executor.execute(input);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/RemoteKadminImpl.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/RemoteKadminImpl.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/RemoteKadminImpl.java
deleted file mode 100644
index 16115d8..0000000
--- a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/RemoteKadminImpl.java
+++ /dev/null
@@ -1,144 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerby.kerberos.kerb.admin;
-
-import org.apache.kerby.KOptions;
-import org.apache.kerby.kerberos.kerb.KrbException;
-
-import java.io.File;
-import java.util.List;
-
-/**
- * Server side admin facilities from remote, similar to MIT Kadmin remote mode.
- * It uses GSSAPI and XDR to communicate with remote KDC/kadmind to do the
- * requested operations. In the client side, it simply wraps and sends the
- * request info to the server kadmind side, and then unwraps the response for
- * the operation result.
- *
- * TO BE IMPLEMENTED.
- */
-public class RemoteKadminImpl implements Kadmin {
-
- @Override
- public String getKadminPrincipal() {
- return null;
- }
-
- @Override
- public void addPrincipal(String principal) throws KrbException {
-
- }
-
- @Override
- public void addPrincipal(String principal,
- KOptions kOptions) throws KrbException {
-
- }
-
- @Override
- public void addPrincipal(String principal,
- String password) throws KrbException {
-
- }
-
- @Override
- public void addPrincipal(String principal, String password,
- KOptions kOptions) throws KrbException {
-
- }
-
- @Override
- public void exportKeytab(File keytabFile,
- String principal) throws KrbException {
-
- }
-
- @Override
- public void exportKeytab(File keytabFile,
- List<String> principals) throws KrbException {
-
- }
-
- @Override
- public void exportKeytab(File keytabFile) throws KrbException {
-
- }
-
- @Override
- public void removeKeytabEntriesOf(File keytabFile,
- String principal) throws KrbException {
-
- }
-
- @Override
- public void removeKeytabEntriesOf(File keytabFile, String principal,
- int kvno) throws KrbException {
-
- }
-
- @Override
- public void removeOldKeytabEntriesOf(File keytabFile,
- String principal) throws KrbException {
-
- }
-
- @Override
- public void deletePrincipal(String principal) throws KrbException {
-
- }
-
- @Override
- public void modifyPrincipal(String principal,
- KOptions kOptions) throws KrbException {
-
- }
-
- @Override
- public void renamePrincipal(String oldPrincipalName,
- String newPrincipalName) throws KrbException {
-
- }
-
- @Override
- public List<String> getPrincipals() throws KrbException {
- return null;
- }
-
- @Override
- public List<String> getPrincipals(String globString) throws KrbException {
- return null;
- }
-
- @Override
- public void changePassword(String principal,
- String newPassword) throws KrbException {
-
- }
-
- @Override
- public void updateKeys(String principal) throws KrbException {
-
- }
-
- @Override
- public void release() throws KrbException {
-
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/Kadmin.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/Kadmin.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/Kadmin.java
new file mode 100644
index 0000000..8f95b37
--- /dev/null
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/Kadmin.java
@@ -0,0 +1,207 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.kadmin;
+
+import org.apache.kerby.KOptions;
+import org.apache.kerby.kerberos.kerb.KrbException;
+
+import java.io.File;
+import java.util.List;
+
+/**
+ * Server side admin facilities from remote, similar to MIT kadmin remote mode.
+ */
+public interface Kadmin {
+
+ /**
+ * Get the kadmin principal name.
+ *
+ * @return The kadmin principal name.
+ */
+ String getKadminPrincipal();
+
+ /**
+ * Add principal to backend.
+ *
+ * @param principal The principal to be added into backend
+ * @throws KrbException e
+ */
+ void addPrincipal(String principal) throws KrbException;
+
+ /**
+ * Add principal to backend.
+ *
+ * @param principal The principal to be added into backend
+ * @param kOptions The KOptions with principal info
+ * @throws KrbException e
+ */
+ void addPrincipal(String principal, KOptions kOptions) throws KrbException;
+
+ /**
+ * Add principal to backend.
+ *
+ * @param principal The principal to be added into backend
+ * @param password The password to create encryption key
+ * @throws KrbException e
+ */
+ void addPrincipal(String principal, String password) throws KrbException;
+
+ /**
+ * Add principal to backend.
+ *
+ * @param principal The principal to be added into backend
+ * @param password The password to create encryption key
+ * @param kOptions The KOptions with principal info
+ * @throws KrbException e
+ */
+ void addPrincipal(String principal, String password,
+ KOptions kOptions) throws KrbException;
+
+ /**
+ * Export all the keys of the specified principal into the specified keytab
+ * file.
+ *
+ * @param keytabFile The keytab file
+ * @param principal The principal name
+ * @throws KrbException e
+ */
+ void exportKeytab(File keytabFile, String principal) throws KrbException;
+
+ /**
+ * Export all the keys of the specified principals into the specified keytab
+ * file.
+ *
+ * @param keytabFile The keytab file
+ * @param principals The principal names
+ * @throws KrbException e
+ */
+ void exportKeytab(File keytabFile,
+ List<String> principals) throws KrbException;
+
+ /**
+ * Export all identity keys to the specified keytab file.
+ *
+ * @param keytabFile The keytab file
+ * @throws KrbException e
+ */
+ void exportKeytab(File keytabFile) throws KrbException;
+
+ /**
+ * Remove all the keys of the specified principal in the specified keytab
+ * file.
+ *
+ * @param keytabFile The keytab file
+ * @param principal The principal name
+ * @throws KrbException e
+ */
+ void removeKeytabEntriesOf(File keytabFile, String principal)
+ throws KrbException;
+
+ /**
+ * Remove all the keys of the specified principal with specified kvno
+ * in the specified keytab file.
+ *
+ * @param keytabFile The keytab file
+ * @param principal The principal name
+ * @param kvno The kvno
+ * @throws KrbException e
+ */
+ void removeKeytabEntriesOf(File keytabFile, String principal, int kvno)
+ throws KrbException;
+
+ /**
+ * Remove all the old keys of the specified principal
+ * in the specified keytab file.
+ *
+ * @param keytabFile The keytab file
+ * @param principal The principal name
+ * @throws KrbException e
+ */
+ void removeOldKeytabEntriesOf(File keytabFile, String principal)
+ throws KrbException;
+
+ /**
+ * Delete the principal in backend.
+ *
+ * @param principal The principal to be deleted from backend
+ * @throws KrbException e
+ */
+ void deletePrincipal(String principal) throws KrbException;
+
+ /**
+ * Modify the principal with KOptions.
+ *
+ * @param principal The principal to be modified
+ * @param kOptions The KOptions with changed principal info
+ * @throws KrbException e
+ */
+ void modifyPrincipal(String principal, KOptions kOptions) throws KrbException;
+
+ /**
+ * Rename the principal.
+ *
+ * @param oldPrincipalName The original principal name
+ * @param newPrincipalName The new principal name
+ * @throws KrbException e
+ */
+ void renamePrincipal(String oldPrincipalName,
+ String newPrincipalName) throws KrbException;
+
+ /**
+ * Get all the principal names from backend.
+ *
+ * @return principal list
+ * @throws KrbException e
+ */
+ List<String> getPrincipals() throws KrbException;
+
+ /**
+ * Get all the principal names that meets the pattern
+ *
+ * @param globString The glob string for matching
+ * @return Principal names
+ * @throws KrbException e
+ */
+ List<String> getPrincipals(String globString) throws KrbException;
+
+ /**
+ * Change the password of specified principal.
+ *
+ * @param principal The principal to be updated password
+ * @param newPassword The new password
+ * @throws KrbException e
+ */
+ void changePassword(String principal, String newPassword) throws KrbException;
+
+ /**
+ * Update the random keys of specified principal.
+ *
+ * @param principal The principal to be updated keys
+ * @throws KrbException e
+ */
+ void updateKeys(String principal) throws KrbException;
+
+ /**
+ * Release any resources associated.
+ *
+ * @throws KrbException e
+ */
+ void release() throws KrbException;
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/KadminOption.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/KadminOption.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/KadminOption.java
new file mode 100644
index 0000000..f6caa87
--- /dev/null
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/KadminOption.java
@@ -0,0 +1,76 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.kadmin;
+
+import org.apache.kerby.KOption;
+import org.apache.kerby.KOptionInfo;
+import org.apache.kerby.KOptionType;
+
+public enum KadminOption implements KOption {
+ NONE(null),
+ EXPIRE(new KOptionInfo("-expire", "expire time", KOptionType.DATE)),
+ DISABLED(new KOptionInfo("-disabled", "disabled", KOptionType.BOOL)),
+ LOCKED(new KOptionInfo("-locked", "locked", KOptionType.BOOL)),
+ FORCE(new KOptionInfo("-force", "force", KOptionType.NOV)),
+ KVNO(new KOptionInfo("-kvno", "initial key version number", KOptionType.INT)),
+ SIZE(new KOptionInfo("-size", "principal's numbers", KOptionType.STR)),
+ PW(new KOptionInfo("-pw", "password", KOptionType.STR)),
+ RANDKEY(new KOptionInfo("-randkey", "random key", KOptionType.NOV)),
+ KEEPOLD(new KOptionInfo("-keepold", "keep old passowrd", KOptionType.NOV)),
+ KEYSALTLIST(new KOptionInfo("-e", "key saltlist", KOptionType.STR)),
+ K(new KOptionInfo("-k", "keytab file path", KOptionType.STR)),
+ KEYTAB(new KOptionInfo("-keytab", "keytab file path", KOptionType.STR)),
+ CCACHE(new KOptionInfo("-c", "credentials cache", KOptionType.FILE));
+
+ private final KOptionInfo optionInfo;
+
+ KadminOption(KOptionInfo optionInfo) {
+ this.optionInfo = optionInfo;
+ }
+
+ @Override
+ public KOptionInfo getOptionInfo() {
+ return optionInfo;
+ }
+
+ public static KadminOption fromName(String name) {
+ if (name != null) {
+ for (KadminOption ko : values()) {
+ if (ko.optionInfo != null
+ && ko.optionInfo.getName().equals(name)) {
+ return ko;
+ }
+ }
+ }
+ return NONE;
+ }
+
+ public static KadminOption fromOptionName(String optionName) {
+ if (optionName != null) {
+ for (KadminOption ko : values()) {
+ if (ko.optionInfo != null
+ && ko.optionInfo.getName().equals(optionName)) {
+ return ko;
+ }
+ }
+ }
+ return NONE;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/local/AdminHelper.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/local/AdminHelper.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/local/AdminHelper.java
new file mode 100644
index 0000000..f78ec45
--- /dev/null
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/local/AdminHelper.java
@@ -0,0 +1,309 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.kadmin.local;
+
+import org.apache.kerby.KOptions;
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.admin.kadmin.KadminOption;
+import org.apache.kerby.kerberos.kerb.keytab.Keytab;
+import org.apache.kerby.kerberos.kerb.keytab.KeytabEntry;
+import org.apache.kerby.kerberos.kerb.type.base.EncryptionKey;
+import org.apache.kerby.kerberos.kerb.type.base.EncryptionType;
+import org.apache.kerby.kerberos.kerb.identity.KrbIdentity;
+import org.apache.kerby.kerberos.kerb.type.KerberosTime;
+import org.apache.kerby.kerberos.kerb.type.base.PrincipalName;
+
+import java.io.File;
+import java.io.IOException;
+import java.util.Date;
+import java.util.List;
+import java.util.regex.Pattern;
+import java.util.regex.PatternSyntaxException;
+
+/**
+ * LocalKadmin utilities.
+ */
+public final class AdminHelper {
+
+ private AdminHelper() { }
+
+ /**
+ * Export all the keys of the specified principal into the specified keytab
+ * file.
+ *
+ * @param keytabFile The keytab file
+ * @param identity The identity
+ * @throws KrbException
+ */
+ static void exportKeytab(File keytabFile, KrbIdentity identity)
+ throws KrbException {
+
+ Keytab keytab = createOrLoadKeytab(keytabFile);
+
+ exportToKeytab(keytab, identity);
+
+ storeKeytab(keytab, keytabFile);
+ }
+
+ /**
+ * Export all the keys of the specified principal into the specified keytab
+ * file.
+ *
+ * @param keytabFile The keytab file
+ * @param identities Identities to export to keytabFile
+ * @throws KrbException
+ */
+ static void exportKeytab(File keytabFile, List<KrbIdentity> identities)
+ throws KrbException {
+
+ Keytab keytab = createOrLoadKeytab(keytabFile);
+
+ for (KrbIdentity identity : identities) {
+ exportToKeytab(keytab, identity);
+ }
+
+ storeKeytab(keytab, keytabFile);
+ }
+
+ /**
+ * Load keytab from keytab file.
+ *
+ * @param keytabFile The keytab file
+ * @return The keytab load from keytab file
+ * @throws KrbException
+ */
+ static Keytab loadKeytab(File keytabFile) throws KrbException {
+ Keytab keytab;
+ try {
+ keytab = Keytab.loadKeytab(keytabFile);
+ } catch (IOException e) {
+ throw new KrbException("Failed to load keytab", e);
+ }
+
+ return keytab;
+ }
+
+ /**
+ * If keytab file does not exist, create a new keytab,
+ * otherwise load keytab from keytab file.
+ *
+ * @param keytabFile The keytab file
+ * @return The keytab load from keytab file
+ * @throws KrbException
+ */
+ static Keytab createOrLoadKeytab(File keytabFile) throws KrbException {
+
+ Keytab keytab;
+ try {
+ if (!keytabFile.exists()) {
+ if (!keytabFile.createNewFile()) {
+ throw new KrbException("Failed to create keytab file "
+ + keytabFile.getAbsolutePath());
+ }
+ keytab = new Keytab();
+ } else {
+ keytab = Keytab.loadKeytab(keytabFile);
+ }
+ } catch (IOException e) {
+ throw new KrbException("Failed to load or create keytab", e);
+ }
+
+ return keytab;
+ }
+
+ /**
+ * Export all the keys of the specified identity into the keytab.
+ *
+ * @param keytab The keytab
+ * @param identity The identity
+ * @throws KrbException
+ */
+ static void exportToKeytab(Keytab keytab, KrbIdentity identity)
+ throws KrbException {
+
+ //Add principal to keytab.
+ PrincipalName principal = identity.getPrincipal();
+ KerberosTime timestamp = KerberosTime.now();
+ for (EncryptionType encType : identity.getKeys().keySet()) {
+ EncryptionKey ekey = identity.getKeys().get(encType);
+ int keyVersion = ekey.getKvno();
+ keytab.addEntry(new KeytabEntry(principal, timestamp, keyVersion, ekey));
+ }
+ }
+
+ /**
+ * Store the keytab to keytab file.
+ *
+ * @param keytab The keytab
+ * @param keytabFile The keytab file
+ * @throws KrbException
+ */
+ static void storeKeytab(Keytab keytab, File keytabFile) throws KrbException {
+ try {
+ keytab.store(keytabFile);
+ } catch (IOException e) {
+ throw new KrbException("Failed to store keytab", e);
+ }
+ }
+
+ /**
+ * Remove all the keys of the specified principal in the specified keytab
+ * file.
+ *
+ * @param keytabFile The keytab file
+ * @param principalName The principal name
+ * @throws KrbException
+ */
+ static void removeKeytabEntriesOf(File keytabFile,
+ String principalName) throws KrbException {
+ Keytab keytab = loadKeytab(keytabFile);
+
+ keytab.removeKeytabEntries(new PrincipalName(principalName));
+
+ storeKeytab(keytab, keytabFile);
+ }
+
+ /**
+ * Remove all the keys of the specified principal with specified kvno
+ * in the specified keytab file.
+ *
+ * @param keytabFile The keytab file
+ * @param principalName The principal name
+ * @param kvno The kvno
+ * @throws KrbException
+ */
+ static void removeKeytabEntriesOf(File keytabFile,
+ String principalName, int kvno) throws KrbException {
+ Keytab keytab = loadKeytab(keytabFile);
+
+ keytab.removeKeytabEntries(new PrincipalName(principalName), kvno);
+
+ storeKeytab(keytab, keytabFile);
+ }
+
+ /**
+ * Remove all the old keys of the specified principal
+ * in the specified keytab file.
+ *
+ * @param keytabFile The keytab file
+ * @param principalName The principal name
+ * @throws KrbException
+ */
+ static void removeOldKeytabEntriesOf(File keytabFile,
+ String principalName) throws KrbException {
+ Keytab keytab = loadKeytab(keytabFile);
+
+ List<KeytabEntry> entries = keytab.getKeytabEntries(
+ new PrincipalName(principalName));
+
+ int maxKvno = 0;
+ for (KeytabEntry entry : entries) {
+ if (maxKvno < entry.getKvno()) {
+ maxKvno = entry.getKvno();
+ }
+ }
+
+ for (KeytabEntry entry : entries) {
+ if (entry.getKvno() < maxKvno) {
+ keytab.removeKeytabEntry(entry);
+ }
+ }
+
+ storeKeytab(keytab, keytabFile);
+ }
+
+ /**
+ * Create principal.
+ *
+ * @param principal The principal name to be created
+ * @param kOptions The KOptions with principal info
+ */
+ static KrbIdentity createIdentity(String principal, KOptions kOptions)
+ throws KrbException {
+ KrbIdentity kid = new KrbIdentity(principal);
+ kid.setCreatedTime(KerberosTime.now());
+ if (kOptions.contains(KadminOption.EXPIRE)) {
+ Date date = kOptions.getDateOption(KadminOption.EXPIRE);
+ kid.setExpireTime(new KerberosTime(date.getTime()));
+ } else {
+ kid.setExpireTime(new KerberosTime(253402300799900L));
+ }
+ if (kOptions.contains(KadminOption.KVNO)) {
+ kid.setKeyVersion(kOptions.getIntegerOption(KadminOption.KVNO));
+ } else {
+ kid.setKeyVersion(1);
+ }
+ kid.setDisabled(false);
+ kid.setLocked(false);
+
+ return kid;
+ }
+
+ /**
+ * Modify the principal with KOptions.
+ *
+ * @param identity The identity to be modified
+ * @param kOptions The KOptions with changed principal info
+ * @throws KrbException
+ */
+ static void updateIdentity(KrbIdentity identity, KOptions kOptions) {
+ if (kOptions.contains(KadminOption.EXPIRE)) {
+ Date date = kOptions.getDateOption(KadminOption.EXPIRE);
+ identity.setExpireTime(new KerberosTime(date.getTime()));
+ }
+ if (kOptions.contains(KadminOption.DISABLED)) {
+ identity.setDisabled(kOptions.getBooleanOption(KadminOption.DISABLED, false));
+ }
+ if (kOptions.contains(KadminOption.LOCKED)) {
+ identity.setLocked(kOptions.getBooleanOption(KadminOption.LOCKED, false));
+ }
+ }
+
+ /**
+ * Get all the Pattern for matching from glob string.
+ * The glob string can contain "." "*" and "[]"
+ *
+ * @param globString The glob string for matching
+ * @return pattern
+ * @throws KrbException
+ */
+ static Pattern getPatternFromGlobPatternString(String globString) throws KrbException {
+ if (globString == null || globString.equals("")) {
+ return null;
+ }
+ if (!Pattern.matches("^[0-9A-Za-z._/@*?\\[\\]\\-]+$", globString)) {
+ throw new KrbException("Glob pattern string contains invalid character");
+ }
+
+ String patternString = globString;
+ patternString = patternString.replaceAll("\\.", "\\\\.");
+ patternString = patternString.replaceAll("\\?", ".");
+ patternString = patternString.replaceAll("\\*", ".*");
+ patternString = "^" + patternString + "$";
+
+ Pattern pt;
+ try {
+ pt = Pattern.compile(patternString);
+ } catch (PatternSyntaxException e) {
+ throw new KrbException("Invalid glob pattern string");
+ }
+ return pt;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/local/LocalKadmin.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/local/LocalKadmin.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/local/LocalKadmin.java
new file mode 100644
index 0000000..5fd2d0d
--- /dev/null
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/local/LocalKadmin.java
@@ -0,0 +1,88 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.kadmin.local;
+
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.admin.kadmin.Kadmin;
+import org.apache.kerby.kerberos.kerb.identity.KrbIdentity;
+import org.apache.kerby.kerberos.kerb.identity.backend.BackendConfig;
+import org.apache.kerby.kerberos.kerb.identity.backend.IdentityBackend;
+import org.apache.kerby.kerberos.kerb.server.KdcConfig;
+
+/**
+ * Server side admin facilities for local, similar to MIT kadmin local mode. It
+ * may be not accurate regarding 'local' because, if the identity backend itself
+ * is supported to be accessed from remote, it won't have to be remote; but if
+ * not, then it must be local to the KDC admin bounded with the local backend.
+ *
+ * Note, suitable with Kerby AdminServerImpl based KDCs like Kerby KDC.
+ */
+public interface LocalKadmin extends Kadmin {
+
+ /**
+ * Check the built-in principals, will throw KrbException if not exist.
+ * @throws KrbException e
+ */
+ void checkBuiltinPrincipals() throws KrbException;
+
+ /**
+ * Create build-in principals.
+ * @throws KrbException e
+ */
+ void createBuiltinPrincipals() throws KrbException;
+
+ /**
+ * Delete build-in principals.
+ * @throws KrbException e
+ */
+ void deleteBuiltinPrincipals() throws KrbException;
+
+ /**
+ * Get kdc config.
+ *
+ * @return The kdc config.
+ */
+ KdcConfig getKdcConfig();
+
+ /**
+ * Get backend config.
+ *
+ * @return The backend config.
+ */
+ BackendConfig getBackendConfig();
+
+ /**
+ * Get identity backend.
+ *
+ * @return IdentityBackend
+ */
+ IdentityBackend getIdentityBackend();
+
+ /**
+ * Get the identity from backend.
+ *
+ * @param principalName The principal name
+ * @return identity
+ * @throws KrbException e
+ */
+ KrbIdentity getPrincipal(String principalName) throws KrbException;
+
+ int size() throws KrbException;
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/local/LocalKadminImpl.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/local/LocalKadminImpl.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/local/LocalKadminImpl.java
new file mode 100644
index 0000000..80fc10b
--- /dev/null
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/local/LocalKadminImpl.java
@@ -0,0 +1,407 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.kadmin.local;
+
+import org.apache.kerby.KOptions;
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.identity.backend.IdentityBackend;
+import org.apache.kerby.kerberos.kerb.keytab.Keytab;
+import org.apache.kerby.kerberos.kerb.server.KdcConfig;
+import org.apache.kerby.kerberos.kerb.server.KdcSetting;
+import org.apache.kerby.kerberos.kerb.server.KdcUtil;
+import org.apache.kerby.kerberos.kerb.server.ServerSetting;
+import org.apache.kerby.kerberos.kerb.type.base.EncryptionKey;
+import org.apache.kerby.kerberos.kerb.common.EncryptionUtil;
+import org.apache.kerby.kerberos.kerb.common.KrbUtil;
+import org.apache.kerby.kerberos.kerb.identity.KrbIdentity;
+import org.apache.kerby.kerberos.kerb.identity.backend.BackendConfig;
+import org.apache.kerby.kerberos.kerb.type.base.PrincipalName;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.File;
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+/**
+ * The implementation of admin side admin facilities for local mode.
+ */
+public class LocalKadminImpl implements LocalKadmin {
+ private static final Logger LOG = LoggerFactory.getLogger(LocalKadminImpl.class);
+
+ private final ServerSetting serverSetting;
+ private final IdentityBackend backend;
+
+ /**
+ * Construct with prepared AdminServerConfig and BackendConfig.
+ *
+ * @param kdcConfig The kdc config
+ * @param backendConfig The backend config
+ * @throws KrbException e
+ */
+ public LocalKadminImpl(KdcConfig kdcConfig,
+ BackendConfig backendConfig) throws KrbException {
+ this.backend = KdcUtil.getBackend(backendConfig);
+ this.serverSetting = new KdcSetting(kdcConfig, backendConfig);
+ }
+
+ //
+ public LocalKadminImpl(ServerSetting serverSetting) throws KrbException {
+ this.backend = KdcUtil.getBackend(serverSetting.getBackendConfig());
+ this.serverSetting = serverSetting;
+ }
+
+ /**
+ * Construct with prepared conf dir.
+ *
+ * @param confDir The path of conf dir
+ * @throws KrbException e
+ */
+ public LocalKadminImpl(File confDir) throws KrbException {
+ KdcConfig tmpKdcConfig = KdcUtil.getKdcConfig(confDir);
+ if (tmpKdcConfig == null) {
+ tmpKdcConfig = new KdcConfig();
+ }
+
+ BackendConfig tmpBackendConfig = KdcUtil.getBackendConfig(confDir);
+ if (tmpBackendConfig == null) {
+ tmpBackendConfig = new BackendConfig();
+ }
+
+ this.serverSetting = new KdcSetting(tmpKdcConfig, tmpBackendConfig);
+
+ backend = KdcUtil.getBackend(tmpBackendConfig);
+ }
+
+ /**
+ * Construct with prepared AdminServerSetting and Backend.
+ *
+ * @param kdcSetting The kdc setting
+ * @param backend The identity backend
+ */
+ public LocalKadminImpl(KdcSetting kdcSetting, IdentityBackend backend) {
+ this.serverSetting = kdcSetting;
+ this.backend = backend;
+ }
+
+ /**
+ * Get the tgs principal name.
+ */
+ private String getTgsPrincipal() {
+ return KrbUtil.makeTgsPrincipal(serverSetting.getKdcRealm()).getName();
+ }
+
+ @Override
+ public String getKadminPrincipal() {
+ return KrbUtil.makeKadminPrincipal(serverSetting.getKdcRealm()).getName();
+ }
+
+ @Override
+ public void checkBuiltinPrincipals() throws KrbException {
+ String tgsPrincipal = getTgsPrincipal();
+ String kadminPrincipal = getKadminPrincipal();
+ if (backend.getIdentity(tgsPrincipal) == null
+ || backend.getIdentity(kadminPrincipal) == null) {
+ String errorMsg = "The built-in principals do not exist in backend,"
+ + " please run the kdcinit tool.";
+ LOG.error(errorMsg);
+ throw new KrbException(errorMsg);
+ }
+ }
+
+ @Override
+ public void createBuiltinPrincipals() throws KrbException {
+ String tgsPrincipal = getTgsPrincipal();
+ if (backend.getIdentity(tgsPrincipal) == null) {
+ addPrincipal(tgsPrincipal);
+ } else {
+ String errorMsg = "The tgs principal already exists in backend.";
+ LOG.error(errorMsg);
+ throw new KrbException(errorMsg);
+ }
+
+ String kadminPrincipal = getKadminPrincipal();
+ if (backend.getIdentity(kadminPrincipal) == null) {
+ addPrincipal(kadminPrincipal);
+ } else {
+ String errorMsg = "The kadmin principal already exists in backend.";
+ LOG.error(errorMsg);
+ throw new KrbException(errorMsg);
+ }
+ }
+
+ @Override
+ public void deleteBuiltinPrincipals() throws KrbException {
+ deletePrincipal(getTgsPrincipal());
+ deletePrincipal(getKadminPrincipal());
+ }
+
+ @Override
+ public KdcConfig getKdcConfig() {
+ return serverSetting.getKdcConfig();
+ }
+
+ @Override
+ public BackendConfig getBackendConfig() {
+ return serverSetting.getBackendConfig();
+ }
+
+ @Override
+ public IdentityBackend getIdentityBackend() {
+ return backend;
+ }
+
+ @Override
+ public void addPrincipal(String principal) throws KrbException {
+ principal = fixPrincipal(principal);
+ addPrincipal(principal, new KOptions());
+ }
+
+ @Override
+ public void addPrincipal(String principal, KOptions kOptions)
+ throws KrbException {
+ principal = fixPrincipal(principal);
+ KrbIdentity identity = AdminHelper.createIdentity(principal, kOptions);
+ List<EncryptionKey> keys = EncryptionUtil.generateKeys(
+ getKdcConfig().getEncryptionTypes());
+ identity.addKeys(keys);
+ backend.addIdentity(identity);
+ }
+
+ @Override
+ public void addPrincipal(String principal, String password)
+ throws KrbException {
+ principal = fixPrincipal(principal);
+ addPrincipal(principal, password, new KOptions());
+ }
+
+ @Override
+ public void addPrincipal(String principal, String password, KOptions kOptions)
+ throws KrbException {
+ principal = fixPrincipal(principal);
+ KrbIdentity identity = AdminHelper.createIdentity(principal, kOptions);
+ List<EncryptionKey> keys = EncryptionUtil.generateKeys(principal, password,
+ getKdcConfig().getEncryptionTypes());
+ identity.addKeys(keys);
+ backend.addIdentity(identity);
+ }
+
+ @Override
+ public void exportKeytab(File keytabFile, String principal)
+ throws KrbException {
+ principal = fixPrincipal(principal);
+ List<String> principals = new ArrayList<>(1);
+ principals.add(principal);
+ exportKeytab(keytabFile, principals);
+ }
+
+ @Override
+ public void exportKeytab(File keytabFile, List<String> principals)
+ throws KrbException {
+ //Get Identity
+ List<KrbIdentity> identities = new LinkedList<>();
+ for (String principal : principals) {
+ KrbIdentity identity = backend.getIdentity(principal);
+ if (identity == null) {
+ throw new KrbException("Can not find the identity for pincipal "
+ + principal);
+ }
+ identities.add(identity);
+ }
+
+ AdminHelper.exportKeytab(keytabFile, identities);
+ }
+
+ @Override
+ public void exportKeytab(File keytabFile) throws KrbException {
+ Keytab keytab = AdminHelper.createOrLoadKeytab(keytabFile);
+
+ Iterable<String> principals = backend.getIdentities();
+ for (String principal : principals) {
+ KrbIdentity identity = backend.getIdentity(principal);
+ if (identity != null) {
+ AdminHelper.exportToKeytab(keytab, identity);
+ }
+ }
+
+ AdminHelper.storeKeytab(keytab, keytabFile);
+ }
+
+ @Override
+ public void removeKeytabEntriesOf(File keytabFile, String principal)
+ throws KrbException {
+ principal = fixPrincipal(principal);
+ AdminHelper.removeKeytabEntriesOf(keytabFile, principal);
+ }
+
+ @Override
+ public void removeKeytabEntriesOf(File keytabFile, String principal, int kvno)
+ throws KrbException {
+ principal = fixPrincipal(principal);
+ AdminHelper.removeKeytabEntriesOf(keytabFile, principal, kvno);
+ }
+
+ @Override
+ public void removeOldKeytabEntriesOf(File keytabFile, String principal)
+ throws KrbException {
+ principal = fixPrincipal(principal);
+ AdminHelper.removeOldKeytabEntriesOf(keytabFile, principal);
+ }
+
+ @Override
+ public void deletePrincipal(String principal) throws KrbException {
+ principal = fixPrincipal(principal);
+ backend.deleteIdentity(principal);
+ }
+
+ @Override
+ public void modifyPrincipal(String principal, KOptions kOptions)
+ throws KrbException {
+ principal = fixPrincipal(principal);
+ KrbIdentity identity = backend.getIdentity(principal);
+ if (identity == null) {
+ throw new KrbException("Principal \""
+ + principal + "\" does not exist.");
+ }
+ AdminHelper.updateIdentity(identity, kOptions);
+ backend.updateIdentity(identity);
+ }
+
+ @Override
+ public void renamePrincipal(String oldPrincipalName, String newPrincipalName)
+ throws KrbException {
+ oldPrincipalName = fixPrincipal(oldPrincipalName);
+ newPrincipalName = fixPrincipal(newPrincipalName);
+ KrbIdentity oldIdentity = backend.getIdentity(newPrincipalName);
+ if (oldIdentity != null) {
+ throw new KrbException("Principal \""
+ + oldIdentity.getPrincipalName() + "\" is already exist.");
+ }
+ KrbIdentity identity = backend.getIdentity(oldPrincipalName);
+ if (identity == null) {
+ throw new KrbException("Principal \""
+ + oldPrincipalName + "\" does not exist.");
+ }
+ backend.deleteIdentity(oldPrincipalName);
+
+ identity.setPrincipalName(newPrincipalName);
+ identity.setPrincipal(new PrincipalName(newPrincipalName));
+ backend.addIdentity(identity);
+ }
+
+ @Override
+ public KrbIdentity getPrincipal(String principalName) throws KrbException {
+ KrbIdentity identity = backend.getIdentity(principalName);
+ return identity;
+ }
+
+ @Override
+ public List<String> getPrincipals() throws KrbException {
+ Iterable<String> principalNames = backend.getIdentities();
+ List<String> principalList = new LinkedList<>();
+ Iterator<String> iterator = principalNames.iterator();
+ while (iterator.hasNext()) {
+ principalList.add(iterator.next());
+ }
+ return principalList;
+ }
+
+ @Override
+ public List<String> getPrincipals(String globString) throws KrbException {
+ Pattern pt = AdminHelper.getPatternFromGlobPatternString(globString);
+ if (pt == null) {
+ return getPrincipals();
+ }
+
+ Boolean containsAt = pt.pattern().indexOf('@') != -1;
+ List<String> result = new LinkedList<>();
+
+ List<String> principalNames = getPrincipals();
+ for (String principal: principalNames) {
+ String toMatch = containsAt ? principal : principal.split("@")[0];
+ Matcher m = pt.matcher(toMatch);
+ if (m.matches()) {
+ result.add(principal);
+ }
+ }
+ return result;
+ }
+
+ @Override
+ public void changePassword(String principal,
+ String newPassword) throws KrbException {
+ principal = fixPrincipal(principal);
+ KrbIdentity identity = backend.getIdentity(principal);
+ if (identity == null) {
+ throw new KrbException("Principal " + principal
+ + "was not found. Please check the input and try again");
+ }
+ List<EncryptionKey> keys = EncryptionUtil.generateKeys(principal, newPassword,
+ getKdcConfig().getEncryptionTypes());
+ identity.addKeys(keys);
+
+ backend.updateIdentity(identity);
+ }
+
+ @Override
+ public void updateKeys(String principal) throws KrbException {
+ principal = fixPrincipal(principal);
+ KrbIdentity identity = backend.getIdentity(principal);
+ if (identity == null) {
+ throw new KrbException("Principal " + principal
+ + "was not found. Please check the input and try again");
+ }
+ List<EncryptionKey> keys = EncryptionUtil.generateKeys(
+ getKdcConfig().getEncryptionTypes());
+ identity.addKeys(keys);
+ backend.updateIdentity(identity);
+ }
+
+ @Override
+ public void release() throws KrbException {
+ if (backend != null) {
+ backend.stop();
+ }
+ }
+
+ /**
+ * get size of principal
+ */
+ @Override
+ public int size() throws KrbException {
+ return this.getPrincipals().size();
+ }
+
+ /**
+ * Fix principal name, making it complete.
+ *
+ * @param principal The principal name
+ */
+ private String fixPrincipal(String principal) {
+ if (!principal.contains("@")) {
+ principal += "@" + serverSetting.getKdcRealm();
+ }
+ return principal;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/AdminClient.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/AdminClient.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/AdminClient.java
new file mode 100644
index 0000000..01c336d
--- /dev/null
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/AdminClient.java
@@ -0,0 +1,204 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.kadmin.remote;
+
+import org.apache.kerby.KOptions;
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.admin.kadmin.Kadmin;
+import org.apache.kerby.kerberos.kerb.admin.kadmin.remote.impl.DefaultInternalAdminClient;
+import org.apache.kerby.kerberos.kerb.admin.kadmin.remote.impl.InternalAdminClient;
+
+import java.io.File;
+import java.util.List;
+
+/**
+ * A Admin client API for applications to interact with Admin Server
+ */
+public class AdminClient {
+
+ private final AdminConfig adminConfig;
+ private final KOptions commonOptions;
+ private final AdminSetting adminSetting;
+
+ private InternalAdminClient innerClient;
+
+ /**
+ * Default constructor.
+ * @throws KrbException e
+ */
+ public AdminClient() throws KrbException {
+ this.adminConfig = AdminUtil.getDefaultConfig();
+ this.commonOptions = new KOptions();
+ this.adminSetting = new AdminSetting(commonOptions, adminConfig);
+ }
+
+ /**
+ * Construct with prepared AdminConfig.
+ * @param adminConfig The krb config
+ */
+ public AdminClient(AdminConfig adminConfig) {
+ this.adminConfig = adminConfig;
+ this.commonOptions = new KOptions();
+ this.adminSetting = new AdminSetting(commonOptions, adminConfig);
+ }
+
+ /**
+ * Constructor with conf dir
+ * @param confDir The conf dir
+ * @throws KrbException e
+ */
+ public AdminClient(File confDir) throws KrbException {
+ this.commonOptions = new KOptions();
+ this.adminConfig = AdminUtil.getConfig(confDir);
+ this.adminSetting = new AdminSetting(commonOptions, adminConfig);
+ }
+
+ /**
+ * Constructor with prepared AdminClient.
+ * @param krbClient The krb client
+ */
+ public AdminClient(AdminClient krbClient) {
+ this.commonOptions = krbClient.commonOptions;
+ this.adminConfig = krbClient.adminConfig;
+ this.adminSetting = krbClient.adminSetting;
+ this.innerClient = krbClient.innerClient;
+ }
+
+ /**
+ * Set KDC realm for ticket request
+ * @param realm The realm
+ */
+ public void setAdminRealm(String realm) {
+ commonOptions.add(AdminOption.ADMIN_REALM, realm);
+ }
+
+ public void setKeyTabFile(File file) {
+ commonOptions.add(AdminOption.KEYTAB_FILE, file);
+ }
+
+ /**
+ * Set Admin Server host.
+ * @param kdcHost The kdc host
+ */
+ public void setKdcHost(String kdcHost) {
+ commonOptions.add(AdminOption.ADMIN_HOST, kdcHost);
+ }
+
+ /**
+ * Set Admin Server tcp port.
+ * @param kdcTcpPort The kdc tcp port
+ */
+ public void setAdminTcpPort(int kdcTcpPort) {
+ if (kdcTcpPort < 1) {
+ throw new IllegalArgumentException("Invalid port");
+ }
+ commonOptions.add(AdminOption.ADMIN_TCP_PORT, kdcTcpPort);
+ setAllowTcp(true);
+ }
+
+ /**
+ * Set to allow UDP or not.
+ * @param allowUdp true if allow udp
+ */
+ public void setAllowUdp(boolean allowUdp) {
+ commonOptions.add(AdminOption.ALLOW_UDP, allowUdp);
+ }
+
+ /**
+ * Set to allow TCP or not.
+ * @param allowTcp true if allow tcp
+ */
+ public void setAllowTcp(boolean allowTcp) {
+ commonOptions.add(AdminOption.ALLOW_TCP, allowTcp);
+ }
+
+ /**
+ * Set Admin Server udp port. Only makes sense when allowUdp is set.
+ * @param adminUdpPort The kdc udp port
+ */
+ public void setAdminUdpPort(int adminUdpPort) {
+ if (adminUdpPort < 1) {
+ throw new IllegalArgumentException("Invalid port");
+ }
+ commonOptions.add(AdminOption.ADMIN_UDP_PORT, adminUdpPort);
+ setAllowUdp(true);
+ }
+
+ /**
+ * Set time out for connection
+ * @param timeout in seconds
+ */
+ public void setTimeout(int timeout) {
+ commonOptions.add(AdminOption.CONN_TIMEOUT, timeout);
+ }
+
+ /**
+ * Init the client.
+ * @throws KrbException e
+ */
+ public void init() throws KrbException {
+ innerClient = new DefaultInternalAdminClient(adminSetting);
+ innerClient.init();
+ }
+
+ /**
+ * Get krb client settings from options and configs.
+ * @return setting
+ */
+ public AdminSetting getSetting() {
+ return adminSetting;
+ }
+
+ public AdminConfig getAdminConfig() {
+ return adminConfig;
+ }
+
+ public void requestAddPrincipal(String principal) throws KrbException {
+ Kadmin remote = new RemoteKadminImpl(innerClient);
+ remote.addPrincipal(principal);
+ }
+
+ public void requestAddPrincipal(String principal, String password) throws KrbException {
+ Kadmin remote = new RemoteKadminImpl(innerClient);
+ remote.addPrincipal(principal, password);
+ }
+
+ public void requestDeletePrincipal(String principal) throws KrbException {
+ Kadmin remote = new RemoteKadminImpl(innerClient);
+ remote.deletePrincipal(principal);
+ }
+
+ public void requestRenamePrincipal(String oldPrincipal, String newPrincipal) throws KrbException {
+ Kadmin remote = new RemoteKadminImpl(innerClient);
+ remote.renamePrincipal(oldPrincipal, newPrincipal);
+ }
+
+ public List<String> requestGetprincs() throws KrbException {
+ Kadmin remote = new RemoteKadminImpl(innerClient);
+ List<String> principalLists = remote.getPrincipals();
+ return principalLists;
+ }
+
+ public List<String> requestGetprincsWithExp(String exp) throws KrbException {
+ Kadmin remote = new RemoteKadminImpl(innerClient);
+ List<String> principalLists = remote.getPrincipals(exp);
+ return principalLists;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/AdminConfig.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/AdminConfig.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/AdminConfig.java
new file mode 100644
index 0000000..e2e6443
--- /dev/null
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/AdminConfig.java
@@ -0,0 +1,132 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.kadmin.remote;
+
+import org.apache.kerby.kerberos.kerb.common.Krb5Conf;
+
+/**
+ * Kerb client side configuration API.
+ */
+public class AdminConfig extends Krb5Conf {
+ private static final String LIBDEFAULT = "libdefaults";
+
+ public boolean enableDebug() {
+ return getBoolean(AdminConfigKey.KRB_DEBUG, true, LIBDEFAULT);
+ }
+
+ /**
+ * Get KDC host name
+ *
+ * @return The kdc host
+ */
+ public String getAdminHost() {
+ return getString(
+ AdminConfigKey.ADMIN_HOST, true, LIBDEFAULT);
+ }
+
+ /**
+ * Get KDC port, as both TCP and UDP ports
+ *
+ * @return The kdc host
+ */
+ public int getAdminPort() {
+ Integer kdcPort = getInt(AdminConfigKey.ADMIN_PORT, true, LIBDEFAULT);
+ if (kdcPort != null) {
+ return kdcPort.intValue();
+ }
+ return -1;
+ }
+
+ /**
+ * Get KDC TCP port
+ *
+ * @return The kdc tcp port
+ */
+ public int getAdminTcpPort() {
+ Integer kdcPort = getInt(AdminConfigKey.ADMIN_TCP_PORT, true, LIBDEFAULT);
+ if (kdcPort != null && kdcPort > 0) {
+ return kdcPort.intValue();
+ }
+ return getAdminPort();
+ }
+
+ /**
+ * Is to allow UDP for KDC
+ *
+ * @return true to allow UDP, false otherwise
+ */
+ public boolean allowUdp() {
+ return getBoolean(AdminConfigKey.ADMIN_ALLOW_UDP, true, LIBDEFAULT)
+ || getInt(AdminConfigKey.ADMIN_UDP_PORT, true, LIBDEFAULT) != null
+ || getInt(AdminConfigKey.ADMIN_PORT, false, LIBDEFAULT) != null;
+ }
+
+ /**
+ * Is to allow TCP for KDC
+ *
+ * @return true to allow TCP, false otherwise
+ */
+ public boolean allowTcp() {
+ return getBoolean(AdminConfigKey.ADMIN_ALLOW_TCP, true, LIBDEFAULT)
+ || getInt(AdminConfigKey.ADMIN_TCP_PORT, true, LIBDEFAULT) != null
+ || getInt(AdminConfigKey.ADMIN_PORT, false, LIBDEFAULT) != null;
+ }
+
+ /**
+ * Get KDC UDP port
+ *
+ * @return The kdc udp port
+ */
+ public int getAdminUdpPort() {
+ Integer kdcPort = getInt(AdminConfigKey.ADMIN_UDP_PORT, true, LIBDEFAULT);
+ if (kdcPort != null && kdcPort > 0) {
+ return kdcPort.intValue();
+ }
+ return getAdminPort();
+ }
+
+ /**
+ * Get KDC realm.
+ * @return The kdc realm
+ */
+ public String getAdminRealm() {
+ String realm = getString(AdminConfigKey.ADMIN_REALM, false, LIBDEFAULT);
+ if (realm == null) {
+ realm = getString(AdminConfigKey.DEFAULT_REALM, false, LIBDEFAULT);
+ if (realm == null) {
+ realm = (String) AdminConfigKey.ADMIN_REALM.getDefaultValue();
+ }
+ }
+
+ return realm;
+ }
+
+ public String getKeyTabFile() {
+ return getString(AdminConfigKey.KEYTAB_FILE, true, LIBDEFAULT);
+ }
+
+ public String getProtocol() {
+ return getString(AdminConfigKey.PROTOCOL, true, LIBDEFAULT);
+ }
+
+ public String getServerName() {
+ return getString(AdminConfigKey.SERVER_NAME, true, LIBDEFAULT);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/AdminConfigKey.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/AdminConfigKey.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/AdminConfigKey.java
new file mode 100644
index 0000000..4227930
--- /dev/null
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/AdminConfigKey.java
@@ -0,0 +1,58 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.kadmin.remote;
+
+import org.apache.kerby.config.ConfigKey;
+
+public enum AdminConfigKey implements ConfigKey {
+ KRB_DEBUG(true),
+ ADMIN_HOST("localhost"),
+ ADMIN_PORT(null),
+ ADMIN_ALLOW_UDP(false),
+ ADMIN_ALLOW_TCP(false),
+ ADMIN_UDP_PORT(null),
+ ADMIN_TCP_PORT(null),
+ ADMIN_DOMAIN("example.com"),
+ DEFAULT_REALM(null),
+ ADMIN_REALM("EXAMPLE.COM"),
+ KEYTAB_FILE,
+ PROTOCOL,
+ SERVER_NAME("localhost");
+
+ private Object defaultValue;
+
+ AdminConfigKey() {
+ this.defaultValue = null;
+ }
+
+ AdminConfigKey(Object defaultValue) {
+ this.defaultValue = defaultValue;
+ }
+
+ @Override
+ public String getPropertyKey() {
+ return name().toLowerCase();
+ }
+
+ @Override
+ public Object getDefaultValue() {
+ return this.defaultValue;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/AdminContext.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/AdminContext.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/AdminContext.java
new file mode 100644
index 0000000..67219a6
--- /dev/null
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/AdminContext.java
@@ -0,0 +1,49 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.kadmin.remote;
+
+public class AdminContext {
+
+ private AdminSetting adminSetting;
+
+ /**
+ * Init with krbsetting.
+ * @param adminSetting The krb setting
+ */
+ public void init(AdminSetting adminSetting) {
+ this.adminSetting = adminSetting;
+ }
+
+ /**
+ * Get krbsetting.
+ * @return The krb setting
+ */
+ public AdminSetting getAdminSetting() {
+ return adminSetting;
+ }
+
+ /**
+ * Get krbconfig.
+ * @return The krb config
+ */
+ public AdminConfig getConfig() {
+ return adminSetting.getAdminConfig();
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/AdminHandler.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/AdminHandler.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/AdminHandler.java
new file mode 100644
index 0000000..9debfdd
--- /dev/null
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/AdminHandler.java
@@ -0,0 +1,162 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.kadmin.remote;
+
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.admin.kadmin.remote.request.AdminRequest;
+import org.apache.kerby.kerberos.kerb.admin.message.AdminMessageCode;
+import org.apache.kerby.kerberos.kerb.admin.message.AdminMessageType;
+import org.apache.kerby.kerberos.kerb.admin.message.AdminReq;
+import org.apache.kerby.kerberos.kerb.admin.message.KadminCode;
+import org.apache.kerby.xdr.XdrFieldInfo;
+import org.apache.kerby.xdr.type.XdrStructType;
+
+import java.io.IOException;
+import java.nio.ByteBuffer;
+import java.util.Arrays;
+import java.util.List;
+
+public abstract class AdminHandler {
+
+ /**
+ * Init with krbcontext.
+ *
+ * @param context The krbcontext
+ */
+ public void init(AdminContext context) {
+
+ }
+
+ /**
+ * Handle the kdc request.
+ *
+ * @param adminRequest The admin request
+ * @throws KrbException e
+ */
+ public void handleRequest(AdminRequest adminRequest) throws KrbException {
+ adminRequest.process();
+ AdminReq adminReq = adminRequest.getAdminReq();
+ ByteBuffer requestMessage = KadminCode.encodeMessage(adminReq);
+ requestMessage.flip();
+
+ try {
+ sendMessage(adminRequest, requestMessage);
+ } catch (IOException e) {
+ throw new KrbException("Admin sends request message failed", e);
+ }
+
+ }
+
+ /**
+ * Process the response message from kdc.
+ *
+ * @param adminRequest The admin request
+ * @param responseMessage The message from kdc
+ * @throws KrbException e
+ */
+ public void onResponseMessage(AdminRequest adminRequest,
+ ByteBuffer responseMessage) throws KrbException {
+
+
+ XdrStructType decoded = new AdminMessageCode();
+ try {
+ decoded.decode(responseMessage);
+ } catch (IOException e) {
+ throw new KrbException("On response message failed.", e);
+ }
+ XdrFieldInfo[] fieldInfos = decoded.getValue().getXdrFieldInfos();
+ AdminMessageType type = (AdminMessageType) fieldInfos[0].getValue();
+
+ switch (type) {
+ case ADD_PRINCIPAL_REP:
+ if (adminRequest.getAdminReq().getAdminMessageType()
+ == AdminMessageType.ADD_PRINCIPAL_REQ) {
+ System.out.println((String) fieldInfos[2].getValue());
+ } else {
+ throw new KrbException("Response message type error: need "
+ + AdminMessageType.ADD_PRINCIPAL_REP);
+ }
+ break;
+ case DELETE_PRINCIPAL_REP:
+ if (adminRequest.getAdminReq().getAdminMessageType()
+ == AdminMessageType.DELETE_PRINCIPAL_REQ) {
+ System.out.println((String) fieldInfos[2].getValue());
+ } else {
+ throw new KrbException("Response message type error: need "
+ + AdminMessageType.DELETE_PRINCIPAL_REP);
+ }
+ break;
+ case RENAME_PRINCIPAL_REP:
+ if (adminRequest.getAdminReq().getAdminMessageType()
+ == AdminMessageType.RENAME_PRINCIPAL_REQ) {
+ System.out.println((String) fieldInfos[2].getValue());
+ } else {
+ throw new KrbException("Response message type error: need "
+ + AdminMessageType.RENAME_PRINCIPAL_REP);
+ }
+ break;
+ default:
+ throw new KrbException("Response message type error: " + type);
+ }
+ }
+
+ public List<String> onResponseMessageForList(AdminRequest adminRequest,
+ ByteBuffer responseMessage) throws KrbException {
+ List<String> princalsList = null;
+
+ XdrStructType decoded = new AdminMessageCode();
+ try {
+ decoded.decode(responseMessage);
+ } catch (IOException e) {
+ throw new KrbException("On response message failed.", e);
+ }
+ XdrFieldInfo[] fieldInfos = decoded.getValue().getXdrFieldInfos();
+ AdminMessageType type = (AdminMessageType) fieldInfos[0].getValue();
+
+ switch (type) {
+ case GET_PRINCS_REP:
+ if (adminRequest.getAdminReq().getAdminMessageType()
+ == AdminMessageType.GET_PRINCS_REQ) {
+ String[] temp = ((String) fieldInfos[2].getValue()).trim().split(" ");
+ princalsList = Arrays.asList(temp);
+ } else {
+ throw new KrbException("Response message type error: need "
+ + AdminMessageType.GET_PRINCS_REP);
+ }
+ break;
+ default:
+ throw new KrbException("Response message type error: " + type);
+ }
+
+ return princalsList;
+ }
+
+ /**
+ * Send message to kdc.
+ *
+ * @param adminRequest The admin request
+ * @param requestMessage The request message to kdc
+ * @throws IOException e
+ */
+ protected abstract void sendMessage(AdminRequest adminRequest,
+ ByteBuffer requestMessage) throws IOException;
+
+ protected abstract List<String> handleRequestForList(AdminRequest adminRequest) throws KrbException;
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/AdminOption.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/AdminOption.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/AdminOption.java
new file mode 100644
index 0000000..fc2d45b
--- /dev/null
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/AdminOption.java
@@ -0,0 +1,102 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.kadmin.remote;
+
+import org.apache.kerby.KOption;
+import org.apache.kerby.KOptionInfo;
+import org.apache.kerby.KOptionType;
+
+/**
+ * This defines all the options that come across the client side.
+ */
+public enum AdminOption implements KOption {
+ NONE(null),
+
+ ADMIN_REALM(new KOptionInfo("admin-realm", "kdc realm",
+ KOptionType.STR)),
+ ADMIN_HOST(new KOptionInfo("admin-host", "kdc host",
+ KOptionType.STR)),
+ ADMIN_TCP_PORT(new KOptionInfo("admin-tcp-port", "kdc tcp port",
+ KOptionType.INT)),
+ ALLOW_UDP(new KOptionInfo("allow-udp", "allow udp",
+ KOptionType.BOOL)),
+ ALLOW_TCP(new KOptionInfo("allow-tcp", "allow tcp",
+ KOptionType.BOOL)),
+ ADMIN_UDP_PORT(new KOptionInfo("admin-udp-port", "kdc udp port",
+ KOptionType.INT)),
+ CONN_TIMEOUT(new KOptionInfo("conn-timeout", "connection timeout",
+ KOptionType.INT)),
+
+ LIFE_TIME(new KOptionInfo("life-time", "life time",
+ KOptionType.INT)),
+ START_TIME(new KOptionInfo("start-time", "start time",
+ KOptionType.INT)),
+ RENEWABLE_TIME(new KOptionInfo("renewable_lifetime", "renewable lifetime",
+ KOptionType.INT)),
+ INCLUDE_ADDRESSES(new KOptionInfo("include_addresses",
+ "include addresses")),
+ AS_ENTERPRISE_PN(new KOptionInfo("as-enterprise-pn",
+ "client is enterprise principal name")),
+ CLIENT_PRINCIPAL(new KOptionInfo("client-principal", "Client principal",
+ KOptionType.STR)),
+
+ USE_PASSWD(new KOptionInfo("using-password", "using password")),
+ USER_PASSWD(new KOptionInfo("user-passwd", "User plain password")),
+
+ USE_KEYTAB(new KOptionInfo("use-keytab", "use keytab")),
+ USE_DFT_KEYTAB(new KOptionInfo("use-dft-keytab", "use default client keytab (with -k)")),
+ KEYTAB_FILE(new KOptionInfo("keytab-file", "filename of keytab to use",
+ KOptionType.FILE)),
+
+ KRB5_CACHE(new KOptionInfo("krb5-cache", "K5 cache name",
+ KOptionType.FILE)),
+ SERVICE_PRINCIPAL(new KOptionInfo("service-principal", "service principal",
+ KOptionType.STR)),
+ SERVER_PRINCIPAL(new KOptionInfo("admin-principal", "admin principal",
+ KOptionType.STR)),
+ ARMOR_CACHE(new KOptionInfo("armor-cache", "armor credential cache",
+ KOptionType.STR)),
+ USE_TGT(new KOptionInfo("use-tgt", "use tgt to get service ticket",
+ KOptionType.OBJ)),
+ CONF_DIR(new KOptionInfo("-conf", "conf dir", KOptionType.DIR));
+
+ private final KOptionInfo optionInfo;
+
+ AdminOption(KOptionInfo optionInfo) {
+ this.optionInfo = optionInfo;
+ }
+
+ @Override
+ public KOptionInfo getOptionInfo() {
+ return optionInfo;
+ }
+
+ public static AdminOption fromOptionName(String optionName) {
+ if (optionName != null) {
+ for (AdminOption ko : values()) {
+ if (ko.optionInfo != null
+ && ko.optionInfo.getName().equals(optionName)) {
+ return ko;
+ }
+ }
+ }
+ return NONE;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/AdminSetting.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/AdminSetting.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/AdminSetting.java
new file mode 100644
index 0000000..1e519ea
--- /dev/null
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/AdminSetting.java
@@ -0,0 +1,129 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.kadmin.remote;
+
+import org.apache.kerby.KOptions;
+import org.apache.kerby.kerberos.kerb.KrbException;
+
+/**
+ * Admin client setting that combines common options and client config.
+ */
+public class AdminSetting {
+ private final KOptions commonOptions;
+ private final AdminConfig adminConfig;
+
+ public AdminSetting(KOptions commonOptions, AdminConfig config) {
+ this.commonOptions = commonOptions;
+ this.adminConfig = config;
+ }
+
+ public AdminSetting(AdminConfig config) {
+ this.commonOptions = new KOptions();
+ this.adminConfig = config;
+ }
+
+ public AdminConfig getAdminConfig() {
+ return adminConfig;
+ }
+
+ public String getKdcRealm() {
+ String kdcRealm = commonOptions.getStringOption(AdminOption.ADMIN_REALM);
+ if (kdcRealm == null || kdcRealm.isEmpty()) {
+ kdcRealm = adminConfig.getAdminRealm();
+ }
+ return kdcRealm;
+ }
+
+ public String getKdcHost() {
+ String kdcHost = commonOptions.getStringOption(AdminOption.ADMIN_HOST);
+ if (kdcHost == null) {
+ return adminConfig.getAdminHost();
+ }
+ return kdcHost;
+ }
+
+ /**
+ * Check kdc tcp setting and see if any bad.
+ * @return valid tcp port or -1 if not allowTcp
+ * @throws KrbException e
+ */
+ public int checkGetKdcTcpPort() throws KrbException {
+ if (allowTcp()) {
+ int kdcPort = getKdcTcpPort();
+ if (kdcPort < 1) {
+ throw new KrbException("KDC tcp port isn't set or configured");
+ }
+ return kdcPort;
+ }
+ return -1;
+ }
+
+ /**
+ * Check kdc udp setting and see if any bad.
+ * @return valid udp port or -1 if not allowUdp
+ * @throws KrbException e
+ */
+ public int checkGetKdcUdpPort() throws KrbException {
+ if (allowUdp()) {
+ int kdcPort = getKdcUdpPort();
+ if (kdcPort < 1) {
+ throw new KrbException("KDC udp port isn't set or configured");
+ }
+ return kdcPort;
+ }
+ return -1;
+ }
+
+ public int getKdcTcpPort() {
+ int tcpPort = commonOptions.getIntegerOption(AdminOption.ADMIN_TCP_PORT);
+ if (tcpPort > 0) {
+ return tcpPort;
+ }
+ return adminConfig.getAdminTcpPort();
+ }
+
+ public boolean allowUdp() {
+ Boolean allowUdp = commonOptions.getBooleanOption(
+ AdminOption.ALLOW_UDP, adminConfig.allowUdp());
+ return allowUdp;
+ }
+
+ public boolean allowTcp() {
+ Boolean allowTcp = commonOptions.getBooleanOption(
+ AdminOption.ALLOW_TCP, adminConfig.allowTcp());
+ return allowTcp;
+ }
+
+ public int getKdcUdpPort() {
+ int udpPort = commonOptions.getIntegerOption(AdminOption.ADMIN_UDP_PORT);
+ if (udpPort > 0) {
+ return udpPort;
+ }
+ return adminConfig.getAdminUdpPort();
+ }
+
+ public int getTimeout() {
+ int timeout = commonOptions.getIntegerOption(AdminOption.CONN_TIMEOUT);
+ if (timeout > 0) {
+ return timeout;
+ }
+ return 1000; // by default
+ }
+}
[10/27] directory-kerby git commit: Checkstyle fix
Posted by pl...@apache.org.
Checkstyle fix
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/054db32c
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/054db32c
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/054db32c
Branch: refs/heads/kpasswd
Commit: 054db32c98377d55727049086517146e43f52f60
Parents: 8b9b2f9
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Mon Jul 4 12:53:55 2016 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Mon Jul 4 12:53:55 2016 +0100
----------------------------------------------------------------------
.../kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/054db32c/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java b/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java
index 15788b2..441fd71 100644
--- a/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java
+++ b/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java
@@ -232,7 +232,8 @@ public class TokenAuthLoginModule implements LoginModule {
}
if (cCache == null) {
- throw new LoginException("A credential cache must be specified via the credentialCache configuration option");
+ throw new LoginException("A credential cache must be specified via the credentialCache"
+ + " configuration option");
}
String error = "";
[25/27] directory-kerby git commit: Adding @Ignore'd test case for
certificate encoding
Posted by pl...@apache.org.
Adding @Ignore'd test case for certificate encoding
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/88a7c956
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/88a7c956
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/88a7c956
Branch: refs/heads/kpasswd
Commit: 88a7c9566f3dd68cfd74f495808b29067052281b
Parents: 9af4754
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Jul 6 11:44:55 2016 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Jul 6 11:44:55 2016 +0100
----------------------------------------------------------------------
.../apache/kerby/kerberos/kerb/CryptoTest.java | 52 ++++++++++++++++++++
.../src/test/resources/kdccerttest.pem | 25 ++++++++++
2 files changed, 77 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/88a7c956/kerby-kerb/kerb-common/src/test/java/org/apache/kerby/kerberos/kerb/CryptoTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-common/src/test/java/org/apache/kerby/kerberos/kerb/CryptoTest.java b/kerby-kerb/kerb-common/src/test/java/org/apache/kerby/kerberos/kerb/CryptoTest.java
new file mode 100644
index 0000000..715e67d
--- /dev/null
+++ b/kerby-kerb/kerb-common/src/test/java/org/apache/kerby/kerberos/kerb/CryptoTest.java
@@ -0,0 +1,52 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb;
+
+import java.io.IOException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateEncodingException;
+import java.util.List;
+
+import org.apache.kerby.kerberos.kerb.preauth.pkinit.CertificateHelper;
+import org.junit.Assert;
+import org.junit.Test;
+
+public class CryptoTest {
+
+ @Test
+ @org.junit.Ignore
+ public void testCertificateLoading() throws IOException, KrbException, CertificateEncodingException {
+ // Load cert
+ List<Certificate> certs = CertificateHelper.loadCerts("kdccerttest.pem");
+ Assert.assertEquals(1, certs.size());
+
+ // Now convert to a Kerby Certificate type
+ org.apache.kerby.x509.type.Certificate certificate = new org.apache.kerby.x509.type.Certificate();
+ byte[] encodedBytes = certs.get(0).getEncoded();
+ certificate.decode(encodedBytes);
+ Assert.assertNotNull(certificate);
+
+ // Now convert back to an X.509 Certificate
+ byte[] certBytes = certificate.encode();
+
+ // Test for equality
+ Assert.assertArrayEquals(certBytes, encodedBytes);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/88a7c956/kerby-kerb/kerb-common/src/test/resources/kdccerttest.pem
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-common/src/test/resources/kdccerttest.pem b/kerby-kerb/kerb-common/src/test/resources/kdccerttest.pem
new file mode 100644
index 0000000..f1d6bb2
--- /dev/null
+++ b/kerby-kerb/kerb-common/src/test/resources/kdccerttest.pem
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEQDCCAyigAwIBAgIJAJV7O31Zn93hMA0GCSqGSIb3DQEBBQUAMHwxCzAJBgNV
+BAYTAkNOMQswCQYDVQQIDAJTSDELMAkGA1UEBwwCU0gxDjAMBgNVBAoMBUlOVEVM
+MQ4wDAYDVQQLDAVJTlRFTDEPMA0GA1UEAwwGSklBSklBMSIwIAYJKoZIhvcNAQkB
+FhNKSUFKSUEuTElASU5URUwuQ09NMB4XDTE1MDkxNTAyMTk1OVoXDTE2MDkxNDAy
+MTk1OVowfDELMAkGA1UEBhMCQ04xCzAJBgNVBAgMAlNIMQswCQYDVQQHDAJTSDEO
+MAwGA1UECgwFSU5URUwxDjAMBgNVBAsMBUlOVEVMMQ8wDQYDVQQDDAZKSUFKSUEx
+IjAgBgkqhkiG9w0BCQEWE0pJQUpJQS5MSUBJTlRFTC5DT00wggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQC0kDRrl+o9v6hdWWyUtAT7rK87ig8lqt3xeZAI
+9N7xwjG9x9bpJ9KWef+IlP17yZEs7G2GO6MlIs2Sg+64nj+2FQ0afQ1iLnx3sY8z
+oLJWnAEkzYKsx5TToTmjA30s8Hqd7NXSff4uENUrfIDRS1uFm7QjZEwanpfq/2qx
+anvRV7zCTWzzn18UE1+gBR1H+OM1HH3Z1QCOsHTSdn4K56f1jyD7Q7LDgDZZTEpg
+qnINXMPYk5X+WKn/X8/oX9AJvC5Zx6CA7t2IPOXBUfaYg2y7ufO4yLrUX9zwOQ3b
+yeRd2+bL51xQEofbuXRPCb6npjjvwD10slkzvA85dEQj+fJhAgMBAAGjgcQwgcEw
+CQYDVR0TBAIwADALBgNVHQ8EBAMCA+gwEgYDVR0lBAswCQYHKwYBBQIDBTAdBgNV
+HQ4EFgQUH5Rn/jDvxhXJqk6BCX4RQ2yk3wkwHwYDVR0jBBgwFoAUQj1WCkYNl6CK
+utAENvik1CZh17AwCQYDVR0SBAIwADBIBgNVHREEQTA/oD0GBisGAQUCAqAzMDGg
+DRsLRVhBTVBMRS5DT02hIDAeoAMCAQGhFzAVGwZrcmJ0Z3QbC0VYQU1QTEUuQ09N
+MA0GCSqGSIb3DQEBBQUAA4IBAQCO+G3mDx6wT0thG+7HC80QKUFEouRhbX8fwCRs
+0KFg+GIHjO0+9B6u+0xBogAor6Q9R8PNrvnj/Ys5hPtcUJLTm2JUM15V8nssFwh4
+QVw2JMRccSl5gLHReTkwFiCdHzON4x/BMz/S0dXkVW3eJKUJ7EbZAhX/liUwKsbd
+EHO+c6QPUm0BU98tn6j9BAl0tdlTRDAMC40MGOonCQs0o4HGFeGIbwLYxxS0O0oo
+61vMFHYzdyzdmbyixgGSnmZyGZyyUPboY1A+7VPCMdvwxBerd3BEvS3taDo62ZRv
+XrmSmcKtblm1FkxLy6A2ilzhbJ/35VDa3phmvVV73QHHH5gj
+-----END CERTIFICATE-----
[13/27] directory-kerby git commit: Avoid array out of bounds
exception if the client forgets to configure pkinit trust anchors
Posted by pl...@apache.org.
Avoid array out of bounds exception if the client forgets to configure pkinit trust anchors
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/36ed64d8
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/36ed64d8
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/36ed64d8
Branch: refs/heads/kpasswd
Commit: 36ed64d8f02753adb37c22c0bd16231674c2e607
Parents: 2d31702
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Tue Jul 5 12:31:29 2016 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Tue Jul 5 12:31:29 2016 +0100
----------------------------------------------------------------------
.../kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java | 4 ++++
1 file changed, 4 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/36ed64d8/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java
index 3620f23..9a15c4e 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java
@@ -350,6 +350,10 @@ public class PkinitPreauth extends AbstractPreauthPlugin {
PkinitCrypto.verifyCmsSignedData(
CmsMessageType.CMS_SIGN_SERVER, signedData);
+ if (kdcRequest.getContext().getConfig().getPkinitAnchors().isEmpty()) {
+ LOG.error("No PKINIT anchors specified");
+ throw new KrbException("No PKINIT anchors specified");
+ }
String anchorFileName = kdcRequest.getContext().getConfig().getPkinitAnchors().get(0);
X509Certificate x509Certificate = null;
[04/27] directory-kerby git commit: DIRKRB-591 Add the KerberosTicket
to subject's private credentials in TokenAuthLoginModule.
Posted by pl...@apache.org.
DIRKRB-591 Add the KerberosTicket to subject's private credentials in TokenAuthLoginModule.
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/358340dd
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/358340dd
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/358340dd
Branch: refs/heads/kpasswd
Commit: 358340dd2a60a36a69988f1dd7c509cf585acdc8
Parents: 68933ae
Author: plusplusjiajia <ji...@intel.com>
Authored: Mon Jul 4 14:41:39 2016 +0800
Committer: plusplusjiajia <ji...@intel.com>
Committed: Mon Jul 4 14:41:39 2016 +0800
----------------------------------------------------------------------
.../test/jaas/TokenAuthLoginModule.java | 37 ++++++++++++++++++--
.../TokenLoginWithTokenPreauthEnabledTest.java | 12 +++----
2 files changed, 40 insertions(+), 9 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/358340dd/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java b/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java
index bee4938..0d812c9 100644
--- a/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java
+++ b/kerby-kerb/integration-test/src/main/java/org/apache/kerby/kerberos/kerb/integration/test/jaas/TokenAuthLoginModule.java
@@ -31,6 +31,7 @@ import org.apache.kerby.kerberos.kerb.provider.TokenEncoder;
import org.apache.kerby.kerberos.kerb.type.base.AuthToken;
import org.apache.kerby.kerberos.kerb.type.base.KrbToken;
import org.apache.kerby.kerberos.kerb.type.base.TokenFormat;
+import org.apache.kerby.kerberos.kerb.type.kdc.EncKdcRepPart;
import org.apache.kerby.kerberos.kerb.type.ticket.TgtTicket;
import org.apache.kerby.kerberos.provider.token.JwtTokenEncoder;
import org.slf4j.Logger;
@@ -38,6 +39,8 @@ import org.slf4j.LoggerFactory;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.kerberos.KerberosPrincipal;
+import javax.security.auth.kerberos.KerberosTicket;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import java.io.File;
@@ -47,6 +50,7 @@ import java.io.IOException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.interfaces.RSAPrivateKey;
+import java.util.Date;
import java.util.Iterator;
import java.util.Map;
@@ -83,6 +87,8 @@ public class TokenAuthLoginModule implements LoginModule {
public static final String CREDENTIAL_CACHE = "credentialCache";
public static final String SIGN_KEY_FILE = "signKeyFile";
+ private TgtTicket tgtTicket;
+
/**
* {@inheritDoc}
*/
@@ -120,7 +126,35 @@ public class TokenAuthLoginModule implements LoginModule {
if (succeeded == false) {
return false;
} else {
- subject.getPublicCredentials().add(krbToken);
+ KerberosTicket ticket = null;
+ try {
+ EncKdcRepPart encKdcRepPart = tgtTicket.getEncKdcRepPart();
+ boolean[] flags = new boolean[7];
+ int flag = encKdcRepPart.getFlags().getFlags();
+ for (int i = 6; i >= 0; i--) {
+ flags[i] = (flag & (1 << i)) != 0;
+ }
+ Date startTime = null;
+ if (encKdcRepPart.getStartTime() != null) {
+ startTime = encKdcRepPart.getStartTime().getValue();
+ }
+
+ ticket = new KerberosTicket(tgtTicket.getTicket().encode(),
+ new KerberosPrincipal(tgtTicket.getClientPrincipal().getName()),
+ new KerberosPrincipal(tgtTicket.getEncKdcRepPart().getSname().getName()),
+ encKdcRepPart.getKey().getKeyData(),
+ encKdcRepPart.getKey().getKeyType().getValue(),
+ flags,
+ encKdcRepPart.getAuthTime().getValue(),
+ startTime,
+ encKdcRepPart.getEndTime().getValue(),
+ encKdcRepPart.getRenewTill().getValue(),
+ null
+ );
+ } catch (IOException e) {
+ e.printStackTrace();
+ }
+ subject.getPrivateCredentials().add(ticket);
}
commitSucceeded = true;
LOG.info("Commit Succeeded \n");
@@ -245,7 +279,6 @@ public class TokenAuthLoginModule implements LoginModule {
} catch (IOException e) {
e.printStackTrace();
}
- TgtTicket tgtTicket;
KrbTokenClient tokenClient = new KrbTokenClient(krbClient);
try {
tgtTicket = tokenClient.requestTgt(krbToken,
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/358340dd/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginWithTokenPreauthEnabledTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginWithTokenPreauthEnabledTest.java b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginWithTokenPreauthEnabledTest.java
index ed4ec8a..f8e7ee4 100644
--- a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginWithTokenPreauthEnabledTest.java
+++ b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginWithTokenPreauthEnabledTest.java
@@ -19,12 +19,6 @@
*/
package org.apache.kerby.kerberos.kerb.integration.test;
-import java.security.Principal;
-import java.security.PrivilegedExceptionAction;
-import java.util.Set;
-
-import javax.security.auth.Subject;
-
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
@@ -34,6 +28,11 @@ import org.ietf.jgss.Oid;
import org.junit.Assert;
import org.junit.Test;
+import javax.security.auth.Subject;
+import java.security.Principal;
+import java.security.PrivilegedExceptionAction;
+import java.util.Set;
+
/**
* Test login with token when token preauth is allowed by kdc.
*/
@@ -55,7 +54,6 @@ public class TokenLoginWithTokenPreauthEnabledTest extends TokenLoginTestBase {
}
@Test
- @org.junit.Ignore
public void testLoginWithTokenCacheGSS() throws Exception {
Subject subject = super.testLoginWithTokenCacheAndRetSubject();
Set<Principal> clientPrincipals = subject.getPrincipals();
[18/27] directory-kerby git commit: DIRKRB-592 Merge kadmin-remote
branch to trunk.
Posted by pl...@apache.org.
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/AdminUtil.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/AdminUtil.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/AdminUtil.java
new file mode 100644
index 0000000..00cc409
--- /dev/null
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/AdminUtil.java
@@ -0,0 +1,127 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.kadmin.remote;
+
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.transport.TransportPair;
+
+import java.io.File;
+import java.io.IOException;
+import java.net.InetSocketAddress;
+import java.util.Map;
+
+public final class AdminUtil {
+ private AdminUtil() { }
+
+ private static final String KRB5_FILE_NAME = "krb5.conf";
+ private static final String KRB5_ENV_NAME = "KRB5_CONFIG";
+
+ /**
+ * Load krb5.conf from specified conf dir.
+ * @param confDir The conf dir
+ * @return AdminConfig
+ * @throws KrbException e
+ */
+ public static AdminConfig getConfig(File confDir) throws KrbException {
+ File confFile = new File(confDir, KRB5_FILE_NAME);
+ if (!confFile.exists()) {
+ throw new KrbException(KRB5_FILE_NAME + " not found");
+ }
+
+ if (confFile != null && confFile.exists()) {
+ AdminConfig adminConfig = new AdminConfig();
+ try {
+ adminConfig.addKrb5Config(confFile);
+ return adminConfig;
+ } catch (IOException e) {
+ throw new KrbException("Failed to load krb config "
+ + confFile.getAbsolutePath());
+ }
+ }
+
+ return null;
+ }
+
+ /**
+ * Load default krb5.conf
+ * @return The AdminConfig
+ * @throws KrbException e
+ */
+ public static AdminConfig getDefaultConfig() throws KrbException {
+ File confFile = null;
+ File confDir;
+ String tmpEnv;
+
+ try {
+ Map<String, String> mapEnv = System.getenv();
+ tmpEnv = mapEnv.get(KRB5_ENV_NAME);
+ } catch (SecurityException e) {
+ tmpEnv = null;
+ }
+ if (tmpEnv != null) {
+ confFile = new File(tmpEnv);
+ if (!confFile.exists()) {
+ throw new KrbException("krb5 conf not found. Invalid env "
+ + KRB5_ENV_NAME);
+ }
+ } else {
+ confDir = new File("/etc/"); // for Linux. TODO: fix for Win etc.
+ if (confDir.exists()) {
+ confFile = new File(confDir, "krb5.conf");
+ }
+ }
+
+ AdminConfig adminConfig = new AdminConfig();
+ if (confFile != null && confFile.exists()) {
+ try {
+ adminConfig.addKrb5Config(confFile);
+ } catch (IOException e) {
+ throw new KrbException("Failed to load krb config "
+ + confFile.getAbsolutePath());
+ }
+ }
+
+ return adminConfig;
+ }
+
+ /**
+ * Get KDC network transport addresses according to krb client setting.
+ * @param setting The krb setting
+ * @return UDP and TCP addresses pair
+ * @throws KrbException e
+ */
+ public static TransportPair getTransportPair(
+ AdminSetting setting) throws KrbException {
+ TransportPair result = new TransportPair();
+
+ int tcpPort = setting.checkGetKdcTcpPort();
+ if (tcpPort > 0) {
+ result.tcpAddress = new InetSocketAddress(
+ setting.getKdcHost(), tcpPort);
+ }
+ int udpPort = setting.checkGetKdcUdpPort();
+ if (udpPort > 0) {
+ result.udpAddress = new InetSocketAddress(
+ setting.getKdcHost(), udpPort);
+ }
+
+ return result;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/RemoteKadminImpl.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/RemoteKadminImpl.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/RemoteKadminImpl.java
new file mode 100644
index 0000000..c4ac154
--- /dev/null
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/RemoteKadminImpl.java
@@ -0,0 +1,207 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.kadmin.remote;
+
+import org.apache.kerby.KOptions;
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.admin.kadmin.Kadmin;
+import org.apache.kerby.kerberos.kerb.admin.kadmin.remote.impl.DefaultAdminHandler;
+import org.apache.kerby.kerberos.kerb.admin.kadmin.remote.impl.InternalAdminClient;
+import org.apache.kerby.kerberos.kerb.admin.kadmin.remote.request.AddPrincipalRequest;
+import org.apache.kerby.kerberos.kerb.admin.kadmin.remote.request.AdminRequest;
+import org.apache.kerby.kerberos.kerb.admin.kadmin.remote.request.DeletePrincipalRequest;
+import org.apache.kerby.kerberos.kerb.admin.kadmin.remote.request.GetprincsRequest;
+import org.apache.kerby.kerberos.kerb.admin.kadmin.remote.request.RenamePrincipalRequest;
+import org.apache.kerby.kerberos.kerb.common.KrbUtil;
+import org.apache.kerby.kerberos.kerb.transport.KrbNetwork;
+import org.apache.kerby.kerberos.kerb.transport.KrbTransport;
+import org.apache.kerby.kerberos.kerb.transport.TransportPair;
+
+import java.io.File;
+import java.io.IOException;
+import java.util.List;
+
+/**
+ * Server side admin facilities from remote, similar to MIT Kadmin remote mode.
+ * It uses GSSAPI and XDR to communicate with remote KDC/kadmind to do the
+ * requested operations. In the client side, it simply wraps and sends the
+ * request info to the admin kadmind side, and then unwraps the response for
+ * the operation result.
+ *
+ * TO BE IMPLEMENTED.
+ */
+public class RemoteKadminImpl implements Kadmin {
+
+ private InternalAdminClient innerClient;
+ private KrbTransport transport;
+
+ public RemoteKadminImpl(InternalAdminClient innerClient) throws KrbException {
+ this.innerClient = innerClient;
+ TransportPair tpair = null;
+ try {
+ tpair = AdminUtil.getTransportPair(innerClient.getSetting());
+ } catch (KrbException e) {
+ e.printStackTrace();
+ }
+ KrbNetwork network = new KrbNetwork();
+ network.setSocketTimeout(innerClient.getSetting().getTimeout());
+ try {
+ transport = network.connect(tpair);
+ } catch (IOException e) {
+ throw new KrbException("Failed to create transport", e);
+ }
+ }
+
+ public InternalAdminClient getInnerClient() {
+ return innerClient;
+ }
+
+
+ @Override
+ public String getKadminPrincipal() {
+ return KrbUtil.makeKadminPrincipal(innerClient.getSetting().getKdcRealm()).getName();
+ }
+
+ @Override
+ public void addPrincipal(String principal) throws KrbException {
+ //generate an admin request
+ AdminRequest adRequest = new AddPrincipalRequest(principal);
+ adRequest.setTransport(transport);
+ //handle it
+ AdminHandler adminHandler = new DefaultAdminHandler();
+ adminHandler.handleRequest(adRequest);
+
+ }
+
+ @Override
+ public void addPrincipal(String principal,
+ KOptions kOptions) throws KrbException {
+ AdminRequest adRequest = new AddPrincipalRequest(principal, kOptions);
+ //wrap buffer problem
+ adRequest.setTransport(transport);
+ AdminHandler adminHandler = new DefaultAdminHandler();
+ adminHandler.handleRequest(adRequest);
+ }
+
+ @Override
+ public void addPrincipal(String principal,
+ String password) throws KrbException {
+ AdminRequest addPrincipalRequest = new AddPrincipalRequest(principal, password);
+ addPrincipalRequest.setTransport(transport);
+ AdminHandler adminHandler = new DefaultAdminHandler();
+ adminHandler.handleRequest(addPrincipalRequest);
+ }
+
+ @Override
+ public void addPrincipal(String principal, String password,
+ KOptions kOptions) throws KrbException {
+
+ }
+
+ @Override
+ public void exportKeytab(File keytabFile,
+ String principal) throws KrbException {
+
+ }
+
+ @Override
+ public void exportKeytab(File keytabFile,
+ List<String> principals) throws KrbException {
+
+ }
+
+ @Override
+ public void exportKeytab(File keytabFile) throws KrbException {
+
+ }
+
+ @Override
+ public void removeKeytabEntriesOf(File keytabFile,
+ String principal) throws KrbException {
+
+ }
+
+ @Override
+ public void removeKeytabEntriesOf(File keytabFile, String principal,
+ int kvno) throws KrbException {
+
+ }
+
+ @Override
+ public void removeOldKeytabEntriesOf(File keytabFile,
+ String principal) throws KrbException {
+
+ }
+
+ @Override
+ public void deletePrincipal(String principal) throws KrbException {
+ AdminRequest deletePrincipalRequest = new DeletePrincipalRequest(principal);
+ deletePrincipalRequest.setTransport(transport);
+ AdminHandler adminHandler = new DefaultAdminHandler();
+ adminHandler.handleRequest(deletePrincipalRequest);
+ }
+
+ @Override
+ public void modifyPrincipal(String principal,
+ KOptions kOptions) throws KrbException {
+
+ }
+
+ @Override
+ public void renamePrincipal(String oldPrincipalName,
+ String newPrincipalName) throws KrbException {
+ AdminRequest renamePrincipalRequest = new RenamePrincipalRequest(oldPrincipalName, newPrincipalName);
+ renamePrincipalRequest.setTransport(transport);
+ AdminHandler adminHandler = new DefaultAdminHandler();
+ adminHandler.handleRequest(renamePrincipalRequest);
+ }
+
+ @Override
+ public List<String> getPrincipals() throws KrbException {
+ AdminRequest grtPrincsRequest = new GetprincsRequest();
+ grtPrincsRequest.setTransport(transport);
+ AdminHandler adminHandler = new DefaultAdminHandler();
+ return adminHandler.handleRequestForList(grtPrincsRequest);
+ }
+
+ @Override
+ public List<String> getPrincipals(String globString) throws KrbException {
+ AdminRequest grtPrincsRequest = new GetprincsRequest(globString);
+ grtPrincsRequest.setTransport(transport);
+ AdminHandler adminHandler = new DefaultAdminHandler();
+ return adminHandler.handleRequestForList(grtPrincsRequest);
+ }
+
+ @Override
+ public void changePassword(String principal,
+ String newPassword) throws KrbException {
+
+ }
+
+ @Override
+ public void updateKeys(String principal) throws KrbException {
+
+ }
+
+ @Override
+ public void release() throws KrbException {
+
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/command/RemoteAddPrincipalCommand.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/command/RemoteAddPrincipalCommand.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/command/RemoteAddPrincipalCommand.java
new file mode 100644
index 0000000..d3d27a5
--- /dev/null
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/command/RemoteAddPrincipalCommand.java
@@ -0,0 +1,65 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.kadmin.remote.command;
+
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.admin.kadmin.remote.AdminClient;
+
+/**
+ * Remote add principal command
+ */
+public class RemoteAddPrincipalCommand extends RemoteCommand {
+
+ public static final String USAGE = "Usage: add_principal [options] <principal-name>\n"
+ + "\toptions are:\n"
+ + "\t\t[-randkey|-nokey]\n"
+ + "\t\t[-pw password]"
+ + "\tExample:\n"
+ + "\t\tadd_principal -pw mypassword alice\n";
+
+ public RemoteAddPrincipalCommand(AdminClient adminClient) {
+ super(adminClient);
+ }
+
+ @Override
+ public void execute(String input) throws KrbException {
+ String[] items = input.split("\\s+");
+
+ if (items.length < 2) {
+ System.err.println(USAGE);
+ return;
+ }
+
+ String adminRealm = adminClient.getAdminConfig().getAdminRealm();
+ String clientPrincipal = items[items.length - 1] + "@" + adminRealm;
+
+ if (!items[1].startsWith("-")) {
+ adminClient.requestAddPrincipal(clientPrincipal);
+ } else if (items[1].startsWith("-nokey")) {
+ adminClient.requestAddPrincipal(clientPrincipal);
+ } else if (items[1].startsWith("-pw")) {
+ String password = items[2];
+ adminClient.requestAddPrincipal(clientPrincipal, password);
+ } else {
+ System.err.println("add_principal command format error.");
+ System.err.println(USAGE);
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/command/RemoteCommand.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/command/RemoteCommand.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/command/RemoteCommand.java
new file mode 100644
index 0000000..d5ffe0f
--- /dev/null
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/command/RemoteCommand.java
@@ -0,0 +1,41 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.kadmin.remote.command;
+
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.admin.kadmin.remote.AdminClient;
+
+/**
+ * Abstract class of all remote kadmin commands
+ */
+public abstract class RemoteCommand {
+
+ AdminClient adminClient;
+
+ public RemoteCommand(AdminClient adminClient) {
+ this.adminClient = adminClient;
+ }
+
+ /**
+ * Execute the remote kadmin command
+ * @param input String includes commands
+ */
+ public abstract void execute(String input) throws KrbException;
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/command/RemoteDeletePrincipalCommand.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/command/RemoteDeletePrincipalCommand.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/command/RemoteDeletePrincipalCommand.java
new file mode 100644
index 0000000..e6368bd
--- /dev/null
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/command/RemoteDeletePrincipalCommand.java
@@ -0,0 +1,83 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.kadmin.remote.command;
+
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.admin.kadmin.remote.AdminClient;
+
+import java.io.Console;
+import java.util.Scanner;
+
+/**
+ * Remote delete principal command
+ */
+public class RemoteDeletePrincipalCommand extends RemoteCommand {
+
+ public static final String USAGE = "Usage: delete_principal <principal-name>\n"
+ + "\tExample:\n"
+ + "\t\tdelete_principal alice\n";
+
+ public RemoteDeletePrincipalCommand(AdminClient adminClient) {
+ super(adminClient);
+ }
+
+ @Override
+ public void execute(String input) throws KrbException {
+ String[] items = input.split("\\s+");
+ if (items.length < 2) {
+ System.err.println(USAGE);
+ return;
+ }
+
+ String principal = items[items.length - 1] + "@"
+ + adminClient.getAdminConfig().getAdminRealm();
+ String reply;
+ Console console = System.console();
+ String prompt = "Are you sure to delete the principal? (yes/no, YES/NO, y/n, Y/N) ";
+ if (console == null) {
+ System.out.println("Couldn't get Console instance, "
+ + "maybe you're running this from within an IDE. "
+ + "Use scanner to read password.");
+ Scanner scanner = new Scanner(System.in, "UTF-8");
+ reply = getReply(scanner, prompt);
+ } else {
+ reply = getReply(console, prompt);
+ }
+ if (reply.equals("yes") || reply.equals("YES") || reply.equals("y") || reply.equals("Y")) {
+ adminClient.requestDeletePrincipal(principal);
+ } else if (reply.equals("no") || reply.equals("NO") || reply.equals("n") || reply.equals("N")) {
+ System.out.println("Principal \"" + principal + "\" not deleted.");
+ } else {
+ System.err.println("Unknown request, fail to delete the principal.");
+ System.err.println(USAGE);
+ }
+ }
+
+ private String getReply(Scanner scanner, String prompt) {
+ System.out.println(prompt);
+ return scanner.nextLine().trim();
+ }
+
+ private String getReply(Console console, String prompt) {
+ console.printf(prompt);
+ String line = console.readLine();
+ return line;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/command/RemoteGetprincsCommand.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/command/RemoteGetprincsCommand.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/command/RemoteGetprincsCommand.java
new file mode 100644
index 0000000..2e15281
--- /dev/null
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/command/RemoteGetprincsCommand.java
@@ -0,0 +1,65 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.kadmin.remote.command;
+
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.admin.kadmin.remote.AdminClient;
+import java.util.List;
+
+public class RemoteGetprincsCommand extends RemoteCommand {
+ private static final String USAGE = "Usage: list_principals [expression]\n"
+ + "\t'expression' is a shell-style glob expression that can contain the wild-card characters ?, *, and []."
+ + "\tExample:\n"
+ + "\t\tlist_principals [expression]\n";
+
+ public RemoteGetprincsCommand(AdminClient adminClient) {
+ super(adminClient);
+ }
+
+ @Override
+ public void execute(String input) throws KrbException {
+ String[] items = input.split("\\s+");
+ //String param = items[0];
+ if (items.length > 2) {
+ System.err.println(USAGE);
+ return;
+ }
+
+ List<String> principalLists = null;
+
+ if (items.length == 1) {
+ principalLists = adminClient.requestGetprincs();
+ } else {
+ //have expression
+ String exp = items[1];
+ principalLists = adminClient.requestGetprincsWithExp(exp);
+ }
+
+ if (principalLists.size() == 0 || principalLists.size() == 1 && principalLists.get(0).isEmpty()) {
+ return;
+ } else {
+ System.out.println("Principals are listed:");
+ for (int i = 0; i < principalLists.size(); i++) {
+ System.out.println(principalLists.get(i));
+ }
+ }
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/command/RemotePrintUsageCommand.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/command/RemotePrintUsageCommand.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/command/RemotePrintUsageCommand.java
new file mode 100644
index 0000000..a27e252
--- /dev/null
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/command/RemotePrintUsageCommand.java
@@ -0,0 +1,42 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.kadmin.remote.command;
+
+import org.apache.kerby.kerberos.kerb.KrbException;
+
+public class RemotePrintUsageCommand extends RemoteCommand {
+
+ private static final String LISTPRINCSUSAGE = "Usage: list_principals [expression]\n"
+ + "\t'expression' is a shell-style glob expression that can contain "
+ + "the wild-card characters ?, *, and [].\n"
+ + "\tExample:\n"
+ + "\t\tlist_principals [expression]\n";
+
+ public RemotePrintUsageCommand() {
+ super(null);
+ }
+
+ @Override
+ public void execute(String input) throws KrbException {
+ if (input.startsWith("listprincs")) {
+ System.out.println(LISTPRINCSUSAGE);
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/command/RemoteRenamePrincipalCommand.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/command/RemoteRenamePrincipalCommand.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/command/RemoteRenamePrincipalCommand.java
new file mode 100644
index 0000000..fd0cd61
--- /dev/null
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/command/RemoteRenamePrincipalCommand.java
@@ -0,0 +1,85 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.kadmin.remote.command;
+
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.admin.kadmin.remote.AdminClient;
+
+import java.io.Console;
+import java.util.Scanner;
+
+/**
+ * Remote rename principal command
+ */
+public class RemoteRenamePrincipalCommand extends RemoteCommand {
+ public static final String USAGE = "Usage: rename_principal <old_principal_name>"
+ + " <new_principal_name>\n"
+ + "\tExample:\n"
+ + "\t\trename_principal alice bob\n";
+
+ public RemoteRenamePrincipalCommand(AdminClient adminClient) {
+ super(adminClient);
+ }
+
+ @Override
+ public void execute(String input) throws KrbException {
+ String[] items = input.split("\\s+");
+ if (items.length < 3) {
+ System.err.println(USAGE);
+ return;
+ }
+
+ String adminRealm = adminClient.getAdminConfig().getAdminRealm();
+ String oldPrincipalName = items[items.length - 2] + "@" + adminRealm;
+ String newPrincipalName = items[items.length - 1] + "@" + adminRealm;
+
+ String reply;
+ Console console = System.console();
+ String prompt = "Are you sure to rename the principal? (yes/no, YES/NO, y/n, Y/N) ";
+ if (console == null) {
+ System.out.println("Couldn't get Console instance, "
+ + "maybe you're running this from within an IDE. "
+ + "Use scanner to read password.");
+ Scanner scanner = new Scanner(System.in, "UTF-8");
+ reply = getReply(scanner, prompt);
+ } else {
+ reply = getReply(console, prompt);
+ }
+ if (reply.equals("yes") || reply.equals("YES") || reply.equals("y") || reply.equals("Y")) {
+ adminClient.requestRenamePrincipal(oldPrincipalName, newPrincipalName);
+ } else if (reply.equals("no") || reply.equals("NO") || reply.equals("n") || reply.equals("N")) {
+ System.out.println("Principal \"" + oldPrincipalName + "\" not renamed.");
+ } else {
+ System.err.println("Unknown request, fail to rename the principal.");
+ System.err.println(USAGE);
+ }
+ }
+
+ private String getReply(Scanner scanner, String prompt) {
+ System.out.println(prompt);
+ return scanner.nextLine().trim();
+ }
+
+ private String getReply(Console console, String prompt) {
+ console.printf(prompt);
+ String line = console.readLine();
+ return line;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/impl/AbstractInternalAdminClient.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/impl/AbstractInternalAdminClient.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/impl/AbstractInternalAdminClient.java
new file mode 100644
index 0000000..1f1635f
--- /dev/null
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/impl/AbstractInternalAdminClient.java
@@ -0,0 +1,71 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.kadmin.remote.impl;
+
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.admin.kadmin.remote.AdminContext;
+import org.apache.kerby.kerberos.kerb.admin.kadmin.remote.AdminSetting;
+
+/**
+ * A krb client API for applications to interact with KDC
+ */
+public abstract class AbstractInternalAdminClient
+ implements InternalAdminClient {
+ private AdminContext context;
+ private final AdminSetting krbSetting;
+
+ public AbstractInternalAdminClient(AdminSetting krbSetting) {
+ this.krbSetting = krbSetting;
+ }
+
+ protected AdminContext getContext() {
+ return context;
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public AdminSetting getSetting() {
+ return krbSetting;
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public void init() throws KrbException {
+ context = new AdminContext();
+ context.init(krbSetting);
+ }
+
+ /**
+ * Fix principal name.
+ *
+ * @param principal The principal name
+ * @return The fixed principal
+ */
+ protected String fixPrincipal(String principal) {
+ if (!principal.contains("@")) {
+ principal += "@" + krbSetting.getKdcRealm();
+ }
+ return principal;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/impl/DefaultAdminHandler.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/impl/DefaultAdminHandler.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/impl/DefaultAdminHandler.java
new file mode 100644
index 0000000..3d05b50
--- /dev/null
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/impl/DefaultAdminHandler.java
@@ -0,0 +1,79 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.kadmin.remote.impl;
+
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.admin.kadmin.remote.AdminHandler;
+import org.apache.kerby.kerberos.kerb.admin.kadmin.remote.request.AdminRequest;
+import org.apache.kerby.kerberos.kerb.transport.KrbTransport;
+
+import java.io.IOException;
+import java.nio.ByteBuffer;
+import java.util.List;
+
+public class DefaultAdminHandler extends AdminHandler {
+
+ /**
+ * Use super.handleRequest to send message
+ * and use this to receive message.
+ */
+ @Override
+ public void handleRequest(AdminRequest adminRequest) throws KrbException {
+ /**super is used to send message*/
+ super.handleRequest(adminRequest);
+
+ KrbTransport transport = adminRequest.getTransport();
+ ByteBuffer receiveMessage = null;
+ try {
+ receiveMessage = transport.receiveMessage();
+ } catch (IOException e) {
+ throw new KrbException("Admin receives response message failed", e);
+ }
+ super.onResponseMessage(adminRequest, receiveMessage);
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ protected void sendMessage(AdminRequest adminRequest,
+ ByteBuffer requestMessage) throws IOException {
+ KrbTransport transport = adminRequest.getTransport();
+ transport.sendMessage(requestMessage);
+ }
+
+ @Override
+ public List<String> handleRequestForList(AdminRequest adminRequest) throws KrbException {
+ /**send message*/
+ super.handleRequest(adminRequest);
+
+ KrbTransport transport = adminRequest.getTransport();
+ ByteBuffer receiveMessage = null;
+ List<String> prinicalList = null;
+ try {
+ receiveMessage = transport.receiveMessage();
+ prinicalList = super.onResponseMessageForList(adminRequest, receiveMessage);
+ } catch (IOException e) {
+ throw new KrbException("Admin receives response message failed", e);
+ }
+
+ return prinicalList;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/impl/DefaultInternalAdminClient.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/impl/DefaultInternalAdminClient.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/impl/DefaultInternalAdminClient.java
new file mode 100644
index 0000000..2d40b6f
--- /dev/null
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/impl/DefaultInternalAdminClient.java
@@ -0,0 +1,71 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.kadmin.remote.impl;
+
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.admin.kadmin.remote.AdminHandler;
+import org.apache.kerby.kerberos.kerb.admin.kadmin.remote.AdminSetting;
+import org.apache.kerby.kerberos.kerb.admin.kadmin.remote.AdminUtil;
+import org.apache.kerby.kerberos.kerb.transport.KrbNetwork;
+import org.apache.kerby.kerberos.kerb.transport.KrbTransport;
+import org.apache.kerby.kerberos.kerb.transport.TransportPair;
+
+import java.io.IOException;
+
+/**
+ * A default krb client implementation.
+ */
+public class DefaultInternalAdminClient extends AbstractInternalAdminClient {
+
+ private DefaultAdminHandler adminHandler;
+ private KrbTransport transport;
+
+ public DefaultInternalAdminClient(AdminSetting krbSetting) {
+ super(krbSetting);
+ }
+
+ public AdminHandler getAdminHanlder() {
+ return adminHandler;
+ }
+
+ public KrbTransport getTransport() {
+ return transport;
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public void init() throws KrbException {
+ super.init();
+
+ this.adminHandler = new DefaultAdminHandler();
+ adminHandler.init(getContext());
+
+ TransportPair tpair = AdminUtil.getTransportPair(getSetting());
+ KrbNetwork network = new KrbNetwork();
+ network.setSocketTimeout(getSetting().getTimeout());
+ try {
+ transport = network.connect(tpair);
+ } catch (IOException e) {
+ throw new KrbException("Failed to create transport", e);
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/impl/InternalAdminClient.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/impl/InternalAdminClient.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/impl/InternalAdminClient.java
new file mode 100644
index 0000000..47bfd3d
--- /dev/null
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/impl/InternalAdminClient.java
@@ -0,0 +1,41 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.kadmin.remote.impl;
+
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.admin.kadmin.remote.AdminSetting;
+
+/**
+ * An internal krb client interface.
+ */
+public interface InternalAdminClient {
+
+ /**
+ * Init with all the necessary options.
+ * @throws KrbException e
+ */
+ void init() throws KrbException;
+
+ /**
+ * Get krb client settings.
+ * @return setting
+ */
+ AdminSetting getSetting();
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/request/AddPrincipalRequest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/request/AddPrincipalRequest.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/request/AddPrincipalRequest.java
new file mode 100644
index 0000000..96622bc
--- /dev/null
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/request/AddPrincipalRequest.java
@@ -0,0 +1,114 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.kadmin.remote.request;
+
+import org.apache.kerby.KOptions;
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.admin.message.AddPrincipalReq;
+import org.apache.kerby.kerberos.kerb.admin.message.AdminMessageCode;
+import org.apache.kerby.kerberos.kerb.admin.message.AdminMessageType;
+import org.apache.kerby.xdr.XdrDataType;
+import org.apache.kerby.xdr.XdrFieldInfo;
+
+import java.io.IOException;
+import java.nio.ByteBuffer;
+
+/**
+ * AddPrincipal request
+ */
+public class AddPrincipalRequest extends AdminRequest {
+
+ private KOptions kOptions;
+ private String password;
+
+ public AddPrincipalRequest(String principal) {
+ super(principal);
+ }
+
+ public AddPrincipalRequest(String principal, KOptions kOptions) {
+ super(principal);
+ this.kOptions = kOptions;
+ }
+
+ public AddPrincipalRequest(String principal, String password) {
+ super(principal);
+ this.password = password;
+ }
+
+ public AddPrincipalRequest(String princial, KOptions kOptions, String password) {
+ super(princial);
+ this.kOptions = kOptions;
+ this.password = password;
+ }
+
+
+ @Override
+ public void process() throws KrbException {
+ super.process();
+ /**replace this with encode in handler*/
+ AddPrincipalReq addPrincipalReq = new AddPrincipalReq();
+ /** encode admin message:
+ * encode type
+ * encode paranum
+ * encode principal name
+ * (encode koptions)
+ * (encode passsword)
+ */
+ int paramNum = getParamNum();
+ XdrFieldInfo[] xdrFieldInfos = new XdrFieldInfo[paramNum + 2];
+ xdrFieldInfos[0] = new XdrFieldInfo(0, XdrDataType.ENUM, AdminMessageType.ADD_PRINCIPAL_REQ);
+ xdrFieldInfos[1] = new XdrFieldInfo(1, XdrDataType.INTEGER, paramNum);
+ xdrFieldInfos[2] = new XdrFieldInfo(2, XdrDataType.STRING, getPrincipal());
+ if (paramNum == 2 && kOptions != null) {
+ xdrFieldInfos[3] = new XdrFieldInfo(3, XdrDataType.STRUCT, kOptions); /////koption
+ } else if (paramNum == 2 && password != null) {
+ xdrFieldInfos[3] = new XdrFieldInfo(3, XdrDataType.STRING, password);
+ } else if (paramNum == 3) {
+ xdrFieldInfos[3] = new XdrFieldInfo(3, XdrDataType.STRUCT, kOptions); ////koption
+ xdrFieldInfos[4] = new XdrFieldInfo(4, XdrDataType.STRING, password);
+ }
+ AdminMessageCode value = new AdminMessageCode(xdrFieldInfos);
+ byte[] encodeBytes;
+ try {
+ encodeBytes = value.encode();
+ } catch (IOException e) {
+ throw new KrbException("Xdr encode error when generate add principal request.", e);
+ }
+ ByteBuffer messageBuffer = ByteBuffer.wrap(encodeBytes);
+ addPrincipalReq.setMessageBuffer(messageBuffer);
+
+ setAdminReq(addPrincipalReq);
+ }
+
+ public int getParamNum() {
+ int paramNum = 0;
+ if (getPrincipal() == null) {
+ throw new RuntimeException("Principal name missing.");
+ }
+ if (kOptions == null && password == null) {
+ paramNum = 1;
+ } else if (kOptions == null || password == null) {
+ paramNum = 2;
+ } else {
+ paramNum = 3;
+ }
+ return paramNum;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/request/AdminRequest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/request/AdminRequest.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/request/AdminRequest.java
new file mode 100644
index 0000000..7c8d152
--- /dev/null
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/request/AdminRequest.java
@@ -0,0 +1,63 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.kadmin.remote.request;
+
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.transport.KrbTransport;
+import org.apache.kerby.kerberos.kerb.admin.message.AdminReq;
+
+public class AdminRequest {
+ private String principal;
+ private KrbTransport transport;
+ private AdminReq adminReq;
+
+ public AdminRequest(String principal) {
+ this.principal = principal;
+ }
+
+ public String getPrincipal() {
+ return principal;
+ }
+
+ public void setPrincipal(String principal) {
+ this.principal = principal;
+ }
+
+ public void setAdminReq(AdminReq adminReq) {
+ this.adminReq = adminReq;
+ }
+
+ public AdminReq getAdminReq() {
+ return adminReq;
+ }
+
+ public void process() throws KrbException {
+ //encoding and set adminReq
+ }
+
+
+ public void setTransport(KrbTransport transport) {
+ this.transport = transport;
+ }
+
+ public KrbTransport getTransport() {
+ return transport;
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/request/DeletePrincipalRequest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/request/DeletePrincipalRequest.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/request/DeletePrincipalRequest.java
new file mode 100644
index 0000000..929f324
--- /dev/null
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/request/DeletePrincipalRequest.java
@@ -0,0 +1,70 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.kadmin.remote.request;
+
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.admin.message.AdminMessageCode;
+import org.apache.kerby.kerberos.kerb.admin.message.AdminMessageType;
+import org.apache.kerby.kerberos.kerb.admin.message.DeletePrincipalReq;
+import org.apache.kerby.xdr.XdrDataType;
+import org.apache.kerby.xdr.XdrFieldInfo;
+
+import java.io.IOException;
+import java.nio.ByteBuffer;
+
+/**
+ * DeletePrincipal request
+ */
+public class DeletePrincipalRequest extends AdminRequest {
+ /** Admin delete principal do not need password or koptions. */
+
+ public DeletePrincipalRequest(String principal) {
+ super(principal);
+ }
+
+ @Override
+ public void process() throws KrbException {
+ super.process();
+ DeletePrincipalReq deletePrincipalReq = new DeletePrincipalReq();
+ /** encode admin message:
+ * encode type
+ * encode paranum
+ * encode principal name
+ * (encode koptions)
+ * (encode passsword)
+ */
+ XdrFieldInfo[] xdrFieldInfos = new XdrFieldInfo[3];
+ xdrFieldInfos[0] = new XdrFieldInfo(0, XdrDataType.ENUM, AdminMessageType.DELETE_PRINCIPAL_REQ);
+ xdrFieldInfos[1] = new XdrFieldInfo(1, XdrDataType.INTEGER, 1);
+ xdrFieldInfos[2] = new XdrFieldInfo(2, XdrDataType.STRING, getPrincipal());
+
+ AdminMessageCode value = new AdminMessageCode(xdrFieldInfos);
+ byte[] encodeBytes;
+ try {
+ encodeBytes = value.encode();
+ } catch (IOException e) {
+ throw new KrbException("Xdr encode error when generate delete principal request.", e);
+ }
+ ByteBuffer messageBuffer = ByteBuffer.wrap(encodeBytes);
+ deletePrincipalReq.setMessageBuffer(messageBuffer);
+
+ setAdminReq(deletePrincipalReq);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/request/GetprincsRequest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/request/GetprincsRequest.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/request/GetprincsRequest.java
new file mode 100644
index 0000000..2794010
--- /dev/null
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/request/GetprincsRequest.java
@@ -0,0 +1,70 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.kadmin.remote.request;
+
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.admin.message.AdminMessageCode;
+import org.apache.kerby.kerberos.kerb.admin.message.AdminMessageType;
+import org.apache.kerby.kerberos.kerb.admin.message.GetprincsReq;
+import org.apache.kerby.xdr.XdrDataType;
+import org.apache.kerby.xdr.XdrFieldInfo;
+
+import java.io.IOException;
+import java.nio.ByteBuffer;
+
+/**
+ * GetprincsRequest request.
+ */
+public class GetprincsRequest extends AdminRequest {
+ private String globString = null;
+
+ public GetprincsRequest() {
+ super(null);
+ }
+
+ public GetprincsRequest(String globString) {
+ super(null);
+ this.globString = globString;
+ }
+
+ @Override
+ public void process() throws KrbException {
+ //encoding and set adminReq
+
+ GetprincsReq getprincsReq = new GetprincsReq();
+
+ XdrFieldInfo[] xdrFieldInfos = new XdrFieldInfo[3];
+ xdrFieldInfos[0] = new XdrFieldInfo(0, XdrDataType.ENUM, AdminMessageType.GET_PRINCS_REQ);
+ xdrFieldInfos[1] = new XdrFieldInfo(1, XdrDataType.INTEGER, 2);
+ xdrFieldInfos[2] = new XdrFieldInfo(2, XdrDataType.STRING, globString);
+
+ AdminMessageCode value = new AdminMessageCode(xdrFieldInfos);
+ byte[] encodeBytes;
+ try {
+ encodeBytes = value.encode();
+ } catch (IOException e) {
+ throw new KrbException("Xdr encode error when generate get principals request.", e);
+ }
+ ByteBuffer messageBuffer = ByteBuffer.wrap(encodeBytes);
+ getprincsReq.setMessageBuffer(messageBuffer);
+
+ setAdminReq(getprincsReq);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/request/RenamePrincipalRequest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/request/RenamePrincipalRequest.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/request/RenamePrincipalRequest.java
new file mode 100644
index 0000000..a7cfcc2
--- /dev/null
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/request/RenamePrincipalRequest.java
@@ -0,0 +1,74 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.kadmin.remote.request;
+
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.admin.message.AdminMessageCode;
+import org.apache.kerby.kerberos.kerb.admin.message.AdminMessageType;
+import org.apache.kerby.kerberos.kerb.admin.message.RenamePrincipalReq;
+import org.apache.kerby.xdr.XdrDataType;
+import org.apache.kerby.xdr.XdrFieldInfo;
+
+import java.io.IOException;
+import java.nio.ByteBuffer;
+
+/**
+ * RenamePrincipal request.
+ */
+public class RenamePrincipalRequest extends AdminRequest {
+ String newPrincipalName;
+
+ public RenamePrincipalRequest(String oldPrincipalName, String newPrincipalName) {
+ super(oldPrincipalName);
+ this.newPrincipalName = newPrincipalName;
+ }
+
+ @Override
+ public void process() throws KrbException {
+ super.process();
+
+ RenamePrincipalReq renamePrincipalReq = new RenamePrincipalReq();
+
+ /** encode admin message:
+ * encode type
+ * encode paranum
+ * encode old principal name
+ * encode new principal name
+ */
+ int paramNum = 2;
+ XdrFieldInfo[] xdrFieldInfos = new XdrFieldInfo[paramNum + 2];
+ xdrFieldInfos[0] = new XdrFieldInfo(0, XdrDataType.ENUM, AdminMessageType.RENAME_PRINCIPAL_REQ);
+ xdrFieldInfos[1] = new XdrFieldInfo(1, XdrDataType.INTEGER, paramNum);
+ xdrFieldInfos[2] = new XdrFieldInfo(2, XdrDataType.STRING, getPrincipal());
+ xdrFieldInfos[3] = new XdrFieldInfo(3, XdrDataType.STRING, newPrincipalName);
+
+ AdminMessageCode value = new AdminMessageCode(xdrFieldInfos);
+ byte[] encodeBytes;
+ try {
+ encodeBytes = value.encode();
+ } catch (IOException e) {
+ throw new KrbException("Xdr encode error when generate rename principal request.", e);
+ }
+ ByteBuffer messageBuffer = ByteBuffer.wrap(encodeBytes);
+ renamePrincipalReq.setMessageBuffer(messageBuffer);
+
+ setAdminReq(renamePrincipalReq);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/message/AddPrincipalRep.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/message/AddPrincipalRep.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/message/AddPrincipalRep.java
new file mode 100644
index 0000000..3c52ab0
--- /dev/null
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/message/AddPrincipalRep.java
@@ -0,0 +1,30 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.message;
+
+
+/**
+ * Add principal reply, to general admin message
+ */
+public class AddPrincipalRep extends AdminRep {
+ public AddPrincipalRep() {
+ super(AdminMessageType.ADD_PRINCIPAL_REP);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/message/AddPrincipalReq.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/message/AddPrincipalReq.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/message/AddPrincipalReq.java
new file mode 100644
index 0000000..0450a0e
--- /dev/null
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/message/AddPrincipalReq.java
@@ -0,0 +1,30 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.message;
+
+
+/**
+ * Add principal request, to general admin message
+ */
+public class AddPrincipalReq extends AdminReq {
+ public AddPrincipalReq() {
+ super(AdminMessageType.ADD_PRINCIPAL_REQ);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/message/AdminMessage.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/message/AdminMessage.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/message/AdminMessage.java
new file mode 100644
index 0000000..ec21f91
--- /dev/null
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/message/AdminMessage.java
@@ -0,0 +1,56 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.message;
+
+import java.nio.ByteBuffer;
+
+/**
+ * Deal with messages sent and received between Kadmin and Kadmin Server.
+ * (MSB) (LSB)
+ * +-------+-------+-------+-------+
+ * |msg_type |para_num |prin_name |...(koptions, password) |
+ * +-------+-------+-------+-------+
+ */
+public class AdminMessage {
+ private AdminMessageType adminMessageType;
+ private ByteBuffer messageBuffer;
+
+ public AdminMessage(AdminMessageType adminMessageType) {
+ this.adminMessageType = adminMessageType;
+ }
+
+ public AdminMessageType getAdminMessageType() {
+ return adminMessageType;
+ }
+
+ public void setMessageBuffer(ByteBuffer messageBuffer) {
+ this.messageBuffer = messageBuffer;
+ }
+
+ public ByteBuffer getMessageBuffer() {
+ return messageBuffer;
+ }
+
+ public int encodingLength() {
+ return messageBuffer.limit(); // no + 4 is the length of whole message
+ }
+
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/message/AdminMessageCode.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/message/AdminMessageCode.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/message/AdminMessageCode.java
new file mode 100644
index 0000000..016d577
--- /dev/null
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/message/AdminMessageCode.java
@@ -0,0 +1,90 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.message;
+
+import org.apache.kerby.KOptions;
+import org.apache.kerby.xdr.XdrDataType;
+import org.apache.kerby.xdr.XdrFieldInfo;
+import org.apache.kerby.xdr.type.AbstractXdrType;
+import org.apache.kerby.xdr.type.XdrInteger;
+import org.apache.kerby.xdr.type.XdrString;
+import org.apache.kerby.xdr.type.XdrStructType;
+import org.apache.kerby.xdr.type.XdrType;
+
+/**
+ * An extend XdrStructType to encode and decode AdminMessage.
+ */
+public class AdminMessageCode extends XdrStructType {
+ public AdminMessageCode() {
+ super(XdrDataType.STRUCT);
+ }
+
+ public AdminMessageCode(XdrFieldInfo[] fieldInfos) {
+ super(XdrDataType.STRUCT, fieldInfos);
+ }
+
+ protected void getStructTypeInstance(final XdrType[] fields, final XdrFieldInfo[] fieldInfos) {
+ for (int i = 0; i < fieldInfos.length; i++) {
+ switch (fieldInfos[i].getDataType()) {
+ case INTEGER:
+ fields[i] = new XdrInteger((Integer) fieldInfos[i].getValue());
+ break;
+ case ENUM:
+ fields[i] = new AdminMessageEnum((AdminMessageType) fieldInfos[i].getValue());
+ break;
+ case STRING:
+ fields[i] = new XdrString((String) fieldInfos[i].getValue());
+ break;
+ default:
+ fields[i] = null;
+ }
+
+ }
+ }
+
+ @Override
+ protected XdrStructType fieldsToValues(AbstractXdrType[] fields) {
+ int paramNum = (int) fields[1].getValue();
+ XdrFieldInfo[] xdrFieldInfos = new XdrFieldInfo[paramNum + 2];
+ xdrFieldInfos[0] = new XdrFieldInfo(0, XdrDataType.ENUM, fields[0].getValue());
+ xdrFieldInfos[1] = new XdrFieldInfo(1, XdrDataType.INTEGER, fields[1].getValue());
+ xdrFieldInfos[2] = new XdrFieldInfo(2, XdrDataType.STRING, fields[2].getValue());
+ if (paramNum == 2 && fields[3].getValue() instanceof KOptions) {
+ xdrFieldInfos[3] = new XdrFieldInfo(3, XdrDataType.STRUCT, fields[3].getValue()); /////koption
+ } else if (paramNum == 2 && fields[3].getValue() instanceof String) {
+ xdrFieldInfos[3] = new XdrFieldInfo(3, XdrDataType.STRING, fields[3].getValue());
+ } else if (paramNum == 3) {
+ xdrFieldInfos[3] = new XdrFieldInfo(3, XdrDataType.STRUCT, fields[3].getValue()); ////koption
+ xdrFieldInfos[4] = new XdrFieldInfo(4, XdrDataType.STRING, fields[4].getValue());
+ }
+ return new AdminMessageCode(xdrFieldInfos);
+ }
+
+ @Override
+ protected AbstractXdrType[] getAllFields() {
+ AbstractXdrType[] fields = new AbstractXdrType[5];
+ fields[0] = new AdminMessageEnum();
+ fields[1] = new XdrInteger();
+ fields[2] = new XdrString();
+ fields[3] = new XdrString(); //suppose it is string
+ fields[4] = null; // kOptions is not supported.
+ return fields;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/message/AdminMessageEnum.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/message/AdminMessageEnum.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/message/AdminMessageEnum.java
new file mode 100644
index 0000000..2ea60b8
--- /dev/null
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/message/AdminMessageEnum.java
@@ -0,0 +1,41 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.message;
+
+import org.apache.kerby.xdr.EnumType;
+import org.apache.kerby.xdr.type.XdrEnumerated;
+
+/**
+ * An extend XdrEnumerate to encode and decode AdminMessageType.
+ */
+public class AdminMessageEnum extends XdrEnumerated<AdminMessageType> {
+ public AdminMessageEnum() {
+ super(null);
+ }
+
+ public AdminMessageEnum(AdminMessageType value) {
+ super(value);
+ }
+ @Override
+ protected EnumType[] getAllEnumValues() {
+ return AdminMessageType.values();
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/message/AdminMessageType.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/message/AdminMessageType.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/message/AdminMessageType.java
new file mode 100644
index 0000000..f44187e
--- /dev/null
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/message/AdminMessageType.java
@@ -0,0 +1,73 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.message;
+
+import org.apache.kerby.xdr.EnumType;
+
+/**
+ * Type of Admin Message:
+ * NONE(-1)
+ * ADD_PRINCIPAL_REQ(0) add principal request
+ * ADD_PRINCIPAL_REP(1) add principal reply
+ * DELETE_PRINCIPAL_REQ(2),
+ * DELETE_PRINCIPAL_REP(3);
+ * RENAME_PRINCIPAL_REQ(4),
+ * RENAME_PRINCIPAL_REP(5);
+ *
+ */
+
+public enum AdminMessageType implements EnumType {
+ NONE(-1),
+ ADD_PRINCIPAL_REQ(0),
+ ADD_PRINCIPAL_REP(1),
+ DELETE_PRINCIPAL_REQ(2),
+ DELETE_PRINCIPAL_REP(3),
+ RENAME_PRINCIPAL_REQ(4),
+ RENAME_PRINCIPAL_REP(5),
+ GET_PRINCS_REQ(6),
+ GET_PRINCS_REP(7);
+
+ private int value;
+
+ AdminMessageType(int value) {
+ this.value = value;
+ }
+
+ @Override
+ public int getValue() {
+ return value;
+ }
+
+ @Override
+ public String getName() {
+ return name();
+ }
+
+ public static AdminMessageType findType(int value) {
+ if (value >= 0) {
+ for (EnumType e : values()) {
+ if (e.getValue() == value) {
+ return (AdminMessageType) e;
+ }
+ }
+ }
+ return NONE;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/message/AdminRep.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/message/AdminRep.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/message/AdminRep.java
new file mode 100644
index 0000000..a26cd6b
--- /dev/null
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/message/AdminRep.java
@@ -0,0 +1,33 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.message;
+
+
+/**
+ * Use to construct Admin message.
+ * Probably two kinds of reply.
+ * add principal -- AdRep
+ * change password? -- chRep
+ */
+public class AdminRep extends AdminMessage {
+ public AdminRep(AdminMessageType messageType) {
+ super(messageType);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/message/AdminReq.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/message/AdminReq.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/message/AdminReq.java
new file mode 100644
index 0000000..c69218f
--- /dev/null
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/message/AdminReq.java
@@ -0,0 +1,34 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.message;
+
+
+/**
+ * Use to construct Admin message.
+ * Probably two kinds of request.
+ * add principal -- AdReq
+ * change password? -- chReq
+ */
+public class AdminReq extends AdminMessage {
+ public AdminReq(AdminMessageType messageType) {
+ super(messageType);
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/message/DeletePrincipalRep.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/message/DeletePrincipalRep.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/message/DeletePrincipalRep.java
new file mode 100644
index 0000000..35b1f6e
--- /dev/null
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/message/DeletePrincipalRep.java
@@ -0,0 +1,30 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.message;
+
+
+/**
+ * Delete principal reply, to general admin message
+ */
+public class DeletePrincipalRep extends AdminRep {
+ public DeletePrincipalRep() {
+ super(AdminMessageType.DELETE_PRINCIPAL_REP);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/message/DeletePrincipalReq.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/message/DeletePrincipalReq.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/message/DeletePrincipalReq.java
new file mode 100644
index 0000000..ad3b320
--- /dev/null
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/message/DeletePrincipalReq.java
@@ -0,0 +1,30 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.message;
+
+
+/**
+ * Delete principal request, to general admin message
+ */
+public class DeletePrincipalReq extends AdminReq {
+ public DeletePrincipalReq() {
+ super(AdminMessageType.DELETE_PRINCIPAL_REQ);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/message/GetprincsRep.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/message/GetprincsRep.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/message/GetprincsRep.java
new file mode 100644
index 0000000..2a6364a
--- /dev/null
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/message/GetprincsRep.java
@@ -0,0 +1,26 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.message;
+
+public class GetprincsRep extends AdminRep {
+ public GetprincsRep() {
+ super(AdminMessageType.GET_PRINCS_REP);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/message/GetprincsReq.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/message/GetprincsReq.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/message/GetprincsReq.java
new file mode 100644
index 0000000..75e819b
--- /dev/null
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/message/GetprincsReq.java
@@ -0,0 +1,26 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.message;
+
+public class GetprincsReq extends AdminReq {
+ public GetprincsReq() {
+ super(AdminMessageType.GET_PRINCS_REQ);
+ }
+}
[02/27] directory-kerby git commit: Updating Apache DS
Posted by pl...@apache.org.
Updating Apache DS
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/b0d7554c
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/b0d7554c
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/b0d7554c
Branch: refs/heads/kpasswd
Commit: b0d7554c0ac28f435cd7424ef05bf22943a35cf0
Parents: 1bce738
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Tue Jun 28 15:21:54 2016 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Tue Jun 28 15:21:54 2016 +0100
----------------------------------------------------------------------
.../kerby/kerberos/kdc/identitybackend/LdapIdentityBackend.java | 2 ++
pom.xml | 4 ++--
2 files changed, 4 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/b0d7554c/kerby-backend/ldap-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/LdapIdentityBackend.java
----------------------------------------------------------------------
diff --git a/kerby-backend/ldap-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/LdapIdentityBackend.java b/kerby-backend/ldap-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/LdapIdentityBackend.java
index 99ba85d..21fb731 100644
--- a/kerby-backend/ldap-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/LdapIdentityBackend.java
+++ b/kerby-backend/ldap-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/LdapIdentityBackend.java
@@ -343,6 +343,8 @@ public class LdapIdentityBackend extends AbstractIdentityBackend {
e.printStackTrace();
} catch (CursorException e) {
e.printStackTrace();
+ } catch (IOException e) {
+ e.printStackTrace();
}
return identityNames;
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/b0d7554c/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index 3aeef2a..2a96ed5 100644
--- a/pom.xml
+++ b/pom.xml
@@ -47,11 +47,11 @@
</distributionManagement>
<properties>
- <apacheds.version>2.0.0-M21</apacheds.version>
+ <apacheds.version>2.0.0-M22</apacheds.version>
<bouncycastle.version>1.54</bouncycastle.version>
<commons-io.version>2.5</commons-io.version>
<gson.version>2.6.2</gson.version>
- <ldap.api.version>1.0.0-M33</ldap.api.version>
+ <ldap.api.version>1.0.0-RC1</ldap.api.version>
<log4j.version>1.2.17</log4j.version>
<junit.version>4.12</junit.version>
<nimbus.jose.version>3.10</nimbus.jose.version>
[20/27] directory-kerby git commit: DIRKRB-592 Merge kadmin-remote
branch to trunk.
Posted by pl...@apache.org.
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/kadmin/AdminServerUtil.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/kadmin/AdminServerUtil.java b/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/kadmin/AdminServerUtil.java
new file mode 100644
index 0000000..f48bf5b
--- /dev/null
+++ b/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/kadmin/AdminServerUtil.java
@@ -0,0 +1,165 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.server.kadmin;
+
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.identity.backend.BackendConfig;
+import org.apache.kerby.kerberos.kerb.identity.backend.IdentityBackend;
+import org.apache.kerby.kerberos.kerb.identity.backend.MemoryIdentityBackend;
+import org.apache.kerby.kerberos.kerb.server.KdcConfig;
+import org.apache.kerby.kerberos.kerb.transport.TransportPair;
+
+import java.io.File;
+import java.io.IOException;
+import java.net.InetSocketAddress;
+
+/**
+ * Admin Server utilities.
+ */
+public final class AdminServerUtil {
+
+ private AdminServerUtil() { }
+
+ /**
+ * Get adminServer configuration
+ * @param confDir configuration directory
+ * @return adminServer configuration
+ * @throws KrbException e.
+ */
+ public static AdminServerConfig getAdminServerConfig(File confDir) throws KrbException {
+ File adminServerConfFile = new File(confDir, "adminServer.conf");
+ if (adminServerConfFile.exists()) {
+ AdminServerConfig adminServerConfig = new AdminServerConfig();
+ try {
+ adminServerConfig.addKrb5Config(adminServerConfFile);
+ } catch (IOException e) {
+ throw new KrbException("Can not load the adminServer configuration file "
+ + adminServerConfFile.getAbsolutePath());
+ }
+ return adminServerConfig;
+ }
+
+ return null;
+ }
+
+ /**
+ * Get kdc configuration
+ * @param confDir configuration directory
+ * @return kdc configuration
+ * @throws KrbException e.
+ */
+ public static KdcConfig getKdcConfig(File confDir) throws KrbException {
+ File kdcConfFile = new File(confDir, "kdc.conf");
+ if (kdcConfFile.exists()) {
+ KdcConfig kdcConfig = new KdcConfig();
+ try {
+ kdcConfig.addKrb5Config(kdcConfFile);
+ } catch (IOException e) {
+ throw new KrbException("Can not load the kdc configuration file "
+ + kdcConfFile.getAbsolutePath());
+ }
+ return kdcConfig;
+ }
+
+ return null;
+ }
+
+ /**
+ * Get backend configuration
+ * @param confDir configuration directory
+ * @return backend configuration
+ * @throws KrbException e.
+ */
+ public static BackendConfig getBackendConfig(File confDir) throws KrbException {
+ File backendConfigFile = new File(confDir, "backend.conf");
+ if (backendConfigFile.exists()) {
+ BackendConfig backendConfig = new BackendConfig();
+ try {
+ backendConfig.addIniConfig(backendConfigFile);
+ } catch (IOException e) {
+ throw new KrbException("Can not load the backend configuration file "
+ + backendConfigFile.getAbsolutePath());
+ }
+ return backendConfig;
+ }
+
+ return null;
+ }
+
+ /**
+ * Init the identity backend from backend configuration.
+ *
+ * @throws KrbException e.
+ * @param backendConfig backend configuration information
+ * @return backend
+ */
+ public static IdentityBackend getBackend(
+ BackendConfig backendConfig) throws KrbException {
+ String backendClassName = backendConfig.getString(
+ AdminServerConfigKey.KDC_IDENTITY_BACKEND, true);
+ if (backendClassName == null) {
+ backendClassName = MemoryIdentityBackend.class.getCanonicalName();
+ }
+
+ Class<?> backendClass;
+ try {
+ backendClass = Class.forName(backendClassName);
+ } catch (ClassNotFoundException e) {
+ throw new KrbException("Failed to load backend class: "
+ + backendClassName);
+ }
+
+ IdentityBackend backend;
+ try {
+ backend = (IdentityBackend) backendClass.newInstance();
+ } catch (InstantiationException | IllegalAccessException e) {
+ throw new KrbException("Failed to create backend: "
+ + backendClassName);
+ }
+
+ backend.setConfig(backendConfig);
+ backend.initialize();
+ return backend;
+ }
+
+ /**
+ * Get KDC network transport addresses according to KDC setting.
+ * @param setting kdc setting
+ * @return UDP and TCP addresses pair
+ * @throws KrbException e
+ */
+ public static TransportPair getTransportPair(
+ AdminServerSetting setting) throws KrbException {
+ TransportPair result = new TransportPair();
+
+ int tcpPort = setting.checkGetAdminTcpPort();
+ if (tcpPort > 0) {
+ result.tcpAddress = new InetSocketAddress(
+ setting.getAdminHost(), tcpPort);
+ }
+ int udpPort = setting.checkGetAdminUdpPort();
+ if (udpPort > 0) {
+ result.udpAddress = new InetSocketAddress(
+ setting.getAdminHost(), udpPort);
+ }
+
+ return result;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/kadmin/impl/AbstractInternalAdminServer.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/kadmin/impl/AbstractInternalAdminServer.java b/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/kadmin/impl/AbstractInternalAdminServer.java
new file mode 100644
index 0000000..ac71386
--- /dev/null
+++ b/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/kadmin/impl/AbstractInternalAdminServer.java
@@ -0,0 +1,116 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.server.kadmin.impl;
+
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.admin.server.kadmin.AdminServerConfig;
+import org.apache.kerby.kerberos.kerb.admin.server.kadmin.AdminServerSetting;
+import org.apache.kerby.kerberos.kerb.identity.CacheableIdentityService;
+import org.apache.kerby.kerberos.kerb.identity.IdentityService;
+import org.apache.kerby.kerberos.kerb.identity.backend.BackendConfig;
+import org.apache.kerby.kerberos.kerb.identity.backend.IdentityBackend;
+import org.apache.kerby.kerberos.kerb.identity.backend.MemoryIdentityBackend;
+import org.apache.kerby.kerberos.kerb.server.KdcUtil;
+
+/**
+ * Abstract Kadmin admin implementation.
+ */
+public class AbstractInternalAdminServer implements InternalAdminServer {
+ private boolean started;
+ private final AdminServerConfig adminServerConfig;
+ private final BackendConfig backendConfig;
+ private final AdminServerSetting adminServerSetting;
+ private IdentityBackend backend;
+ private IdentityService identityService;
+
+ public AbstractInternalAdminServer(AdminServerSetting adminServerSetting) {
+ this.adminServerSetting = adminServerSetting;
+ this.adminServerConfig = adminServerSetting.getAdminServerConfig();
+ this.backendConfig = adminServerSetting.getBackendConfig();
+ }
+
+ @Override
+ public AdminServerSetting getSetting() {
+ return adminServerSetting;
+ }
+
+ public boolean isStarted() {
+ return started;
+ }
+
+ protected String getServiceName() {
+ return adminServerConfig.getAdminServiceName();
+ }
+
+ protected IdentityService getIdentityService() {
+ if (identityService == null) {
+ if (backend instanceof MemoryIdentityBackend) { // Already in memory
+ identityService = backend;
+ } else {
+ identityService = new CacheableIdentityService(
+ backendConfig, backend);
+ }
+ }
+ return identityService;
+ }
+
+ @Override
+ public void init() throws KrbException {
+ backend = KdcUtil.getBackend(backendConfig);
+ }
+
+ @Override
+ public void start() throws KrbException {
+ try {
+ doStart();
+ } catch (Exception e) {
+ throw new KrbException("Failed to start " + getServiceName(), e);
+ }
+
+ started = true;
+ }
+
+ public boolean enableDebug() {
+ return adminServerConfig.enableDebug();
+ }
+
+ @Override
+ public IdentityBackend getIdentityBackend() {
+ return backend;
+ }
+
+ protected void doStart() throws Exception {
+ backend.start();
+ }
+
+ public void stop() throws KrbException {
+ try {
+ doStop();
+ } catch (Exception e) {
+ throw new KrbException("Failed to stop " + getServiceName(), e);
+ }
+
+ started = false;
+ }
+
+ protected void doStop() throws Exception {
+ backend.stop();
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/kadmin/impl/DefaultAdminServerHandler.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/kadmin/impl/DefaultAdminServerHandler.java b/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/kadmin/impl/DefaultAdminServerHandler.java
new file mode 100644
index 0000000..1dbb017
--- /dev/null
+++ b/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/kadmin/impl/DefaultAdminServerHandler.java
@@ -0,0 +1,199 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.server.kadmin.impl;
+
+import org.apache.kerby.kerberos.kerb.admin.AuthUtil;
+import org.apache.kerby.kerberos.kerb.admin.server.kadmin.AdminServerContext;
+import org.apache.kerby.kerberos.kerb.admin.server.kadmin.AdminServerHandler;
+import org.apache.kerby.kerberos.kerb.transport.KrbTransport;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.security.sasl.AuthorizeCallback;
+import javax.security.sasl.Sasl;
+import javax.security.sasl.SaslServer;
+import java.io.File;
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.SocketTimeoutException;
+import java.nio.ByteBuffer;
+import java.security.PrivilegedAction;
+import java.util.HashMap;
+import java.util.Map;
+
+public class DefaultAdminServerHandler extends AdminServerHandler implements Runnable {
+ private static Logger logger = LoggerFactory.getLogger(DefaultAdminServerHandler.class);
+ private final KrbTransport transport;
+ private static boolean sasl = false;
+ private AdminServerContext adminServerContext;
+
+ public DefaultAdminServerHandler(AdminServerContext adminServerContext, KrbTransport transport) {
+ super(adminServerContext);
+ this.transport = transport;
+ this.adminServerContext = adminServerContext;
+ }
+
+ @Override
+ public void run() {
+ while (true) {
+ try {
+ if (!sasl) {
+ logger.info("Doing the sasl negotiation !!!");
+ try {
+ saslNegotiation();
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ } else {
+ ByteBuffer message = transport.receiveMessage();
+ if (message == null) {
+ logger.debug("No valid request recved. Disconnect actively");
+ transport.release();
+ break;
+ }
+ handleMessage(message);
+ }
+ } catch (IOException e) {
+ transport.release();
+ logger.debug("Transport or decoding error occurred, "
+ + "disconnecting abnormally", e);
+ break;
+ }
+ }
+ }
+
+ protected void handleMessage(ByteBuffer message) {
+ InetAddress clientAddress = transport.getRemoteAddress();
+
+ try {
+ ByteBuffer adminResponse = handleMessage(message, clientAddress);
+ transport.sendMessage(adminResponse);
+ } catch (Exception e) {
+ transport.release();
+ logger.error("Error occured while processing request:", e);
+ }
+ }
+
+ private void saslNegotiation() throws Exception {
+
+ File keytabFile = new File(adminServerContext.getConfig().getKeyTabFile());
+ String principal = adminServerContext.getConfig().getProtocol() + "/"
+ + adminServerContext.getConfig().getAdminHost();
+
+ Subject subject = AuthUtil.loginUsingKeytab(principal, keytabFile);
+ Subject.doAs(subject, new PrivilegedAction<Object>() {
+ @Override
+ public Object run() {
+ try {
+ ByteBuffer message = null;
+ try {
+ message = transport.receiveMessage();
+ } catch (SocketTimeoutException e) {
+ // ignore time out
+ return null;
+ }
+
+ Map<String, Object> props = new HashMap<String, Object>();
+ props.put(Sasl.QOP, "auth-conf");
+ props.put(Sasl.SERVER_AUTH, "true");
+
+ String protocol = adminServerContext.getConfig().getProtocol();
+ String serverName = adminServerContext.getConfig().getServerName();
+ CallbackHandler callbackHandler = new SaslGssCallbackHandler();
+ SaslServer ss = Sasl.createSaslServer("GSSAPI",
+ protocol, serverName, props, callbackHandler);
+
+ if (ss == null) {
+ throw new Exception("Unable to find server implementation for: GSSAPI");
+ }
+
+ while (!ss.isComplete()) {
+ int scComplete = message.getInt();
+ if (scComplete == 0) {
+ System.out.println("success!!!");
+ sasl = true;
+ break;
+ }
+ sendMessage(message, ss);
+ if (!ss.isComplete()) {
+ logger.info("Waiting receive message");
+ message = transport.receiveMessage();
+ }
+ }
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ return null;
+ }
+ });
+
+ }
+
+ private void sendMessage(ByteBuffer message, SaslServer ss) throws IOException {
+
+ byte[] arr = new byte[message.remaining()];
+ message.get(arr);
+ byte[] challenge = ss.evaluateResponse(arr);
+
+ // 4 is the head to go through network
+ ByteBuffer buffer = ByteBuffer.allocate(challenge.length + 8);
+ buffer.putInt(challenge.length + 4);
+ int ssComplete = ss.isComplete() ? 0 : 1;
+ buffer.putInt(ssComplete);
+ buffer.put(challenge);
+ buffer.flip();
+ transport.sendMessage(buffer);
+ }
+
+ private static class SaslGssCallbackHandler implements CallbackHandler {
+
+ @Override
+ public void handle(Callback[] callbacks) throws
+ UnsupportedCallbackException {
+ AuthorizeCallback ac = null;
+ for (Callback callback : callbacks) {
+ if (callback instanceof AuthorizeCallback) {
+ ac = (AuthorizeCallback) callback;
+ } else {
+ throw new UnsupportedCallbackException(callback,
+ "Unrecognized SASL GSSAPI Callback");
+ }
+ }
+ if (ac != null) {
+ String authid = ac.getAuthenticationID();
+ String authzid = ac.getAuthorizationID();
+ if (authid.equals(authzid)) {
+ ac.setAuthorized(true);
+ } else {
+ ac.setAuthorized(false);
+ }
+ if (ac.isAuthorized()) {
+ // System.out.println("SASL server GSSAPI callback: setting "
+ //+ "canonicalized client ID: " + authzid);
+ ac.setAuthorizedID(authzid);
+ }
+ }
+ }
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/kadmin/impl/DefaultInternalAdminServerImpl.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/kadmin/impl/DefaultInternalAdminServerImpl.java b/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/kadmin/impl/DefaultInternalAdminServerImpl.java
new file mode 100644
index 0000000..4234481
--- /dev/null
+++ b/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/kadmin/impl/DefaultInternalAdminServerImpl.java
@@ -0,0 +1,80 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.server.kadmin.impl;
+
+import org.apache.kerby.kerberos.kerb.admin.server.kadmin.AdminServerContext;
+import org.apache.kerby.kerberos.kerb.admin.server.kadmin.AdminServerSetting;
+import org.apache.kerby.kerberos.kerb.admin.server.kadmin.AdminServerUtil;
+import org.apache.kerby.kerberos.kerb.transport.KdcNetwork;
+import org.apache.kerby.kerberos.kerb.transport.KrbTransport;
+import org.apache.kerby.kerberos.kerb.transport.TransportPair;
+
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Executors;
+
+/**
+ * A default admin admin implementation.
+ */
+public class DefaultInternalAdminServerImpl extends AbstractInternalAdminServer {
+ private ExecutorService executor;
+ private AdminServerContext adminContext;
+ private KdcNetwork network;
+
+ public DefaultInternalAdminServerImpl(AdminServerSetting adminSetting) {
+ super(adminSetting);
+ }
+
+ @Override
+ protected void doStart() throws Exception {
+ super.doStart();
+
+ prepareHandler();
+
+ executor = Executors.newCachedThreadPool();
+
+ network = new KdcNetwork() {
+ @Override
+ protected void onNewTransport(KrbTransport transport) {
+ DefaultAdminServerHandler kdcHandler =
+ new DefaultAdminServerHandler(adminContext, transport);
+ executor.execute(kdcHandler);
+ }
+ };
+
+ network.init();
+ TransportPair tpair = AdminServerUtil.getTransportPair(getSetting());
+ network.listen(tpair);
+ network.start();
+ }
+
+ private void prepareHandler() {
+ adminContext = new AdminServerContext(getSetting());
+ adminContext.setIdentityService(getIdentityService());
+ }
+
+ @Override
+ protected void doStop() throws Exception {
+ super.doStop();
+
+ network.stop();
+
+ executor.shutdownNow();
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/kadmin/impl/InternalAdminServer.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/kadmin/impl/InternalAdminServer.java b/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/kadmin/impl/InternalAdminServer.java
new file mode 100644
index 0000000..c0cde44
--- /dev/null
+++ b/kerby-kerb/kerb-admin-server/src/main/java/org/apache/kerby/kerberos/kerb/admin/server/kadmin/impl/InternalAdminServer.java
@@ -0,0 +1,60 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.server.kadmin.impl;
+
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.admin.server.kadmin.AdminServerSetting;
+import org.apache.kerby.kerberos.kerb.identity.backend.IdentityBackend;
+
+/**
+ * An internal KDC admin interface.
+ */
+public interface InternalAdminServer {
+
+ /**
+ * Initialize.
+ * @throws KrbException e
+ */
+ void init() throws KrbException;
+
+ /**
+ * Start the KDC admin.
+ * @throws KrbException e
+ */
+ void start() throws KrbException;
+
+ /**
+ * Stop the KDC admin.
+ * @throws KrbException e
+ */
+ void stop() throws KrbException;
+
+ /**
+ * Get admin admin setting.
+ * @return setting
+ */
+ AdminServerSetting getSetting();
+
+ /**
+ * Get identity backend.
+ * @return IdentityBackend
+ */
+ IdentityBackend getIdentityBackend();
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-kerb/kerb-admin-server/src/main/resources/adminServer.conf
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin-server/src/main/resources/adminServer.conf b/kerby-kerb/kerb-admin-server/src/main/resources/adminServer.conf
new file mode 100644
index 0000000..8c7a11e
--- /dev/null
+++ b/kerby-kerb/kerb-admin-server/src/main/resources/adminServer.conf
@@ -0,0 +1,20 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+[libdefaults]
+default_realm = TEST.COM
+admin_port = 65417
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-kerb/kerb-admin/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/pom.xml b/kerby-kerb/kerb-admin/pom.xml
index 2a50bce..e4d52de 100644
--- a/kerby-kerb/kerb-admin/pom.xml
+++ b/kerby-kerb/kerb-admin/pom.xml
@@ -37,5 +37,10 @@
<artifactId>kerb-util</artifactId>
<version>${project.version}</version>
</dependency>
+ <dependency>
+ <groupId>org.apache.kerby</groupId>
+ <artifactId>kerby-xdr</artifactId>
+ <version>${project.version}</version>
+ </dependency>
</dependencies>
</project>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/AdminHelper.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/AdminHelper.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/AdminHelper.java
deleted file mode 100644
index 62c38b6..0000000
--- a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/AdminHelper.java
+++ /dev/null
@@ -1,308 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerby.kerberos.kerb.admin;
-
-import org.apache.kerby.KOptions;
-import org.apache.kerby.kerberos.kerb.KrbException;
-import org.apache.kerby.kerberos.kerb.identity.KrbIdentity;
-import org.apache.kerby.kerberos.kerb.keytab.Keytab;
-import org.apache.kerby.kerberos.kerb.keytab.KeytabEntry;
-import org.apache.kerby.kerberos.kerb.type.KerberosTime;
-import org.apache.kerby.kerberos.kerb.type.base.EncryptionKey;
-import org.apache.kerby.kerberos.kerb.type.base.EncryptionType;
-import org.apache.kerby.kerberos.kerb.type.base.PrincipalName;
-
-import java.io.File;
-import java.io.IOException;
-import java.util.Date;
-import java.util.List;
-import java.util.regex.Pattern;
-import java.util.regex.PatternSyntaxException;
-
-/**
- * LocalKadmin utilities.
- */
-public final class AdminHelper {
-
- private AdminHelper() { }
-
- /**
- * Export all the keys of the specified principal into the specified keytab
- * file.
- *
- * @param keytabFile The keytab file
- * @param identity The identity
- * @throws KrbException
- */
- static void exportKeytab(File keytabFile, KrbIdentity identity)
- throws KrbException {
-
- Keytab keytab = createOrLoadKeytab(keytabFile);
-
- exportToKeytab(keytab, identity);
-
- storeKeytab(keytab, keytabFile);
- }
-
- /**
- * Export all the keys of the specified principal into the specified keytab
- * file.
- *
- * @param keytabFile The keytab file
- * @param identities Identities to export to keytabFile
- * @throws KrbException
- */
- static void exportKeytab(File keytabFile, List<KrbIdentity> identities)
- throws KrbException {
-
- Keytab keytab = createOrLoadKeytab(keytabFile);
-
- for (KrbIdentity identity : identities) {
- exportToKeytab(keytab, identity);
- }
-
- storeKeytab(keytab, keytabFile);
- }
-
- /**
- * Load keytab from keytab file.
- *
- * @param keytabFile The keytab file
- * @return The keytab load from keytab file
- * @throws KrbException
- */
- static Keytab loadKeytab(File keytabFile) throws KrbException {
- Keytab keytab;
- try {
- keytab = Keytab.loadKeytab(keytabFile);
- } catch (IOException e) {
- throw new KrbException("Failed to load keytab", e);
- }
-
- return keytab;
- }
-
- /**
- * If keytab file does not exist, create a new keytab,
- * otherwise load keytab from keytab file.
- *
- * @param keytabFile The keytab file
- * @return The keytab load from keytab file
- * @throws KrbException
- */
- static Keytab createOrLoadKeytab(File keytabFile) throws KrbException {
-
- Keytab keytab;
- try {
- if (!keytabFile.exists()) {
- if (!keytabFile.createNewFile()) {
- throw new KrbException("Failed to create keytab file "
- + keytabFile.getAbsolutePath());
- }
- keytab = new Keytab();
- } else {
- keytab = Keytab.loadKeytab(keytabFile);
- }
- } catch (IOException e) {
- throw new KrbException("Failed to load or create keytab", e);
- }
-
- return keytab;
- }
-
- /**
- * Export all the keys of the specified identity into the keytab.
- *
- * @param keytab The keytab
- * @param identity The identity
- * @throws KrbException
- */
- static void exportToKeytab(Keytab keytab, KrbIdentity identity)
- throws KrbException {
-
- //Add principal to keytab.
- PrincipalName principal = identity.getPrincipal();
- KerberosTime timestamp = KerberosTime.now();
- for (EncryptionType encType : identity.getKeys().keySet()) {
- EncryptionKey ekey = identity.getKeys().get(encType);
- int keyVersion = ekey.getKvno();
- keytab.addEntry(new KeytabEntry(principal, timestamp, keyVersion, ekey));
- }
- }
-
- /**
- * Store the keytab to keytab file.
- *
- * @param keytab The keytab
- * @param keytabFile The keytab file
- * @throws KrbException
- */
- static void storeKeytab(Keytab keytab, File keytabFile) throws KrbException {
- try {
- keytab.store(keytabFile);
- } catch (IOException e) {
- throw new KrbException("Failed to store keytab", e);
- }
- }
-
- /**
- * Remove all the keys of the specified principal in the specified keytab
- * file.
- *
- * @param keytabFile The keytab file
- * @param principalName The principal name
- * @throws KrbException
- */
- static void removeKeytabEntriesOf(File keytabFile,
- String principalName) throws KrbException {
- Keytab keytab = loadKeytab(keytabFile);
-
- keytab.removeKeytabEntries(new PrincipalName(principalName));
-
- storeKeytab(keytab, keytabFile);
- }
-
- /**
- * Remove all the keys of the specified principal with specified kvno
- * in the specified keytab file.
- *
- * @param keytabFile The keytab file
- * @param principalName The principal name
- * @param kvno The kvno
- * @throws KrbException
- */
- static void removeKeytabEntriesOf(File keytabFile,
- String principalName, int kvno) throws KrbException {
- Keytab keytab = loadKeytab(keytabFile);
-
- keytab.removeKeytabEntries(new PrincipalName(principalName), kvno);
-
- storeKeytab(keytab, keytabFile);
- }
-
- /**
- * Remove all the old keys of the specified principal
- * in the specified keytab file.
- *
- * @param keytabFile The keytab file
- * @param principalName The principal name
- * @throws KrbException
- */
- static void removeOldKeytabEntriesOf(File keytabFile,
- String principalName) throws KrbException {
- Keytab keytab = loadKeytab(keytabFile);
-
- List<KeytabEntry> entries = keytab.getKeytabEntries(
- new PrincipalName(principalName));
-
- int maxKvno = 0;
- for (KeytabEntry entry : entries) {
- if (maxKvno < entry.getKvno()) {
- maxKvno = entry.getKvno();
- }
- }
-
- for (KeytabEntry entry : entries) {
- if (entry.getKvno() < maxKvno) {
- keytab.removeKeytabEntry(entry);
- }
- }
-
- storeKeytab(keytab, keytabFile);
- }
-
- /**
- * Create principal.
- *
- * @param principal The principal name to be created
- * @param kOptions The KOptions with principal info
- */
- static KrbIdentity createIdentity(String principal, KOptions kOptions)
- throws KrbException {
- KrbIdentity kid = new KrbIdentity(principal);
- kid.setCreatedTime(KerberosTime.now());
- if (kOptions.contains(KadminOption.EXPIRE)) {
- Date date = kOptions.getDateOption(KadminOption.EXPIRE);
- kid.setExpireTime(new KerberosTime(date.getTime()));
- } else {
- kid.setExpireTime(new KerberosTime(253402300799900L));
- }
- if (kOptions.contains(KadminOption.KVNO)) {
- kid.setKeyVersion(kOptions.getIntegerOption(KadminOption.KVNO));
- } else {
- kid.setKeyVersion(1);
- }
- kid.setDisabled(false);
- kid.setLocked(false);
-
- return kid;
- }
-
- /**
- * Modify the principal with KOptions.
- *
- * @param identity The identity to be modified
- * @param kOptions The KOptions with changed principal info
- * @throws KrbException
- */
- static void updateIdentity(KrbIdentity identity, KOptions kOptions) {
- if (kOptions.contains(KadminOption.EXPIRE)) {
- Date date = kOptions.getDateOption(KadminOption.EXPIRE);
- identity.setExpireTime(new KerberosTime(date.getTime()));
- }
- if (kOptions.contains(KadminOption.DISABLED)) {
- identity.setDisabled(kOptions.getBooleanOption(KadminOption.DISABLED, false));
- }
- if (kOptions.contains(KadminOption.LOCKED)) {
- identity.setLocked(kOptions.getBooleanOption(KadminOption.LOCKED, false));
- }
- }
-
- /**
- * Get all the Pattern for matching from glob string.
- * The glob string can contain "." "*" and "[]"
- *
- * @param globString The glob string for matching
- * @return pattern
- * @throws KrbException
- */
- static Pattern getPatternFromGlobPatternString(String globString) throws KrbException {
- if (globString == null || globString.equals("")) {
- return null;
- }
- if (!Pattern.matches("^[0-9A-Za-z._/@*?\\[\\]\\-]+$", globString)) {
- throw new KrbException("Glob pattern string contains invalid character");
- }
-
- String patternString = globString;
- patternString = patternString.replaceAll("\\.", "\\\\.");
- patternString = patternString.replaceAll("\\?", ".");
- patternString = patternString.replaceAll("\\*", ".*");
- patternString = "^" + patternString + "$";
-
- Pattern pt;
- try {
- pt = Pattern.compile(patternString);
- } catch (PatternSyntaxException e) {
- throw new KrbException("Invalid glob pattern string");
- }
- return pt;
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/AuthUtil.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/AuthUtil.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/AuthUtil.java
new file mode 100644
index 0000000..68d03e7
--- /dev/null
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/AuthUtil.java
@@ -0,0 +1,141 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin;
+
+import javax.security.auth.Subject;
+import javax.security.auth.kerberos.KerberosPrincipal;
+import javax.security.auth.login.AppConfigurationEntry;
+import javax.security.auth.login.Configuration;
+import javax.security.auth.login.LoginContext;
+import javax.security.auth.login.LoginException;
+import java.io.File;
+import java.security.Principal;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+
+public class AuthUtil {
+
+ public static final boolean ENABLE_DEBUG = true;
+
+ private static String getKrb5LoginModuleName() {
+ return System.getProperty("java.vendor").contains("IBM")
+ ? "com.ibm.security.auth.module.Krb5LoginModule"
+ : "com.sun.security.auth.module.Krb5LoginModule";
+ }
+
+ public static Subject loginUsingTicketCache(
+ String principal, File cacheFile) throws LoginException {
+ Set<Principal> principals = new HashSet<Principal>();
+ principals.add(new KerberosPrincipal(principal));
+
+ Subject subject = new Subject(false, principals,
+ new HashSet<Object>(), new HashSet<Object>());
+
+ Configuration conf = useTicketCache(principal, cacheFile);
+ String confName = "TicketCacheConf";
+ LoginContext loginContext = new LoginContext(confName, subject, null, conf);
+ loginContext.login();
+ return loginContext.getSubject();
+ }
+
+ public static Subject loginUsingKeytab(
+ String principal, File keytabFile) throws LoginException {
+ Set<Principal> principals = new HashSet<Principal>();
+ principals.add(new KerberosPrincipal(principal));
+
+ Subject subject = new Subject(false, principals,
+ new HashSet<Object>(), new HashSet<Object>());
+
+ Configuration conf = useKeytab(principal, keytabFile);
+ String confName = "KeytabConf";
+ LoginContext loginContext = new LoginContext(confName, subject, null, conf);
+ loginContext.login();
+ return loginContext.getSubject();
+ }
+
+ public static Configuration useTicketCache(String principal,
+ File credentialFile) {
+ return new TicketCacheJaasConf(principal, credentialFile);
+ }
+
+ public static Configuration useKeytab(String principal, File keytabFile) {
+ return new KeytabJaasConf(principal, keytabFile);
+ }
+
+ static class TicketCacheJaasConf extends Configuration {
+ private String principal;
+ private File clientCredentialFile;
+
+ TicketCacheJaasConf(String principal, File clientCredentialFile) {
+ this.principal = principal;
+ this.clientCredentialFile = clientCredentialFile;
+ }
+
+ @Override
+ public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
+ Map<String, String> options = new HashMap<String, String>();
+ options.put("principal", principal);
+ options.put("storeKey", "false");
+ options.put("doNotPrompt", "false");
+ options.put("useTicketCache", "true");
+ options.put("renewTGT", "true");
+ options.put("refreshKrb5Config", "true");
+ options.put("isInitiator", "true");
+ options.put("ticketCache", clientCredentialFile.getAbsolutePath());
+ options.put("debug", String.valueOf(ENABLE_DEBUG));
+
+ return new AppConfigurationEntry[]{
+ new AppConfigurationEntry(getKrb5LoginModuleName(),
+ AppConfigurationEntry.LoginModuleControlFlag.REQUIRED,
+ options)};
+ }
+ }
+
+ static class KeytabJaasConf extends Configuration {
+ private String principal;
+ private File keytabFile;
+
+ KeytabJaasConf(String principal, File keytab) {
+ this.principal = principal;
+ this.keytabFile = keytab;
+ }
+
+ @Override
+ public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
+ Map<String, String> options = new HashMap<String, String>();
+ options.put("keyTab", keytabFile.getAbsolutePath());
+ options.put("principal", principal);
+ options.put("useKeyTab", "true");
+ options.put("storeKey", "true");
+ options.put("doNotPrompt", "true");
+ options.put("renewTGT", "false");
+ options.put("refreshKrb5Config", "true");
+ options.put("isInitiator", "true");
+ options.put("debug", String.valueOf(ENABLE_DEBUG));
+
+ return new AppConfigurationEntry[]{
+ new AppConfigurationEntry(getKrb5LoginModuleName(),
+ AppConfigurationEntry.LoginModuleControlFlag.REQUIRED,
+ options)};
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/Kadmin.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/Kadmin.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/Kadmin.java
deleted file mode 100644
index 594ff6b..0000000
--- a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/Kadmin.java
+++ /dev/null
@@ -1,207 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerby.kerberos.kerb.admin;
-
-import org.apache.kerby.KOptions;
-import org.apache.kerby.kerberos.kerb.KrbException;
-
-import java.io.File;
-import java.util.List;
-
-/**
- * Server side admin facilities from remote, similar to MIT kadmin remote mode.
- */
-public interface Kadmin {
-
- /**
- * Get the kadmin principal name.
- *
- * @return The kadmin principal name.
- */
- String getKadminPrincipal();
-
- /**
- * Add principal to backend.
- *
- * @param principal The principal to be added into backend
- * @throws KrbException e
- */
- void addPrincipal(String principal) throws KrbException;
-
- /**
- * Add principal to backend.
- *
- * @param principal The principal to be added into backend
- * @param kOptions The KOptions with principal info
- * @throws KrbException e
- */
- void addPrincipal(String principal, KOptions kOptions) throws KrbException;
-
- /**
- * Add principal to backend.
- *
- * @param principal The principal to be added into backend
- * @param password The password to create encryption key
- * @throws KrbException e
- */
- void addPrincipal(String principal, String password) throws KrbException;
-
- /**
- * Add principal to backend.
- *
- * @param principal The principal to be added into backend
- * @param password The password to create encryption key
- * @param kOptions The KOptions with principal info
- * @throws KrbException e
- */
- void addPrincipal(String principal, String password,
- KOptions kOptions) throws KrbException;
-
- /**
- * Export all the keys of the specified principal into the specified keytab
- * file.
- *
- * @param keytabFile The keytab file
- * @param principal The principal name
- * @throws KrbException e
- */
- void exportKeytab(File keytabFile, String principal) throws KrbException;
-
- /**
- * Export all the keys of the specified principals into the specified keytab
- * file.
- *
- * @param keytabFile The keytab file
- * @param principals The principal names
- * @throws KrbException e
- */
- void exportKeytab(File keytabFile,
- List<String> principals) throws KrbException;
-
- /**
- * Export all identity keys to the specified keytab file.
- *
- * @param keytabFile The keytab file
- * @throws KrbException e
- */
- void exportKeytab(File keytabFile) throws KrbException;
-
- /**
- * Remove all the keys of the specified principal in the specified keytab
- * file.
- *
- * @param keytabFile The keytab file
- * @param principal The principal name
- * @throws KrbException e
- */
- void removeKeytabEntriesOf(File keytabFile, String principal)
- throws KrbException;
-
- /**
- * Remove all the keys of the specified principal with specified kvno
- * in the specified keytab file.
- *
- * @param keytabFile The keytab file
- * @param principal The principal name
- * @param kvno The kvno
- * @throws KrbException e
- */
- void removeKeytabEntriesOf(File keytabFile, String principal, int kvno)
- throws KrbException;
-
- /**
- * Remove all the old keys of the specified principal
- * in the specified keytab file.
- *
- * @param keytabFile The keytab file
- * @param principal The principal name
- * @throws KrbException e
- */
- void removeOldKeytabEntriesOf(File keytabFile, String principal)
- throws KrbException;
-
- /**
- * Delete the principal in backend.
- *
- * @param principal The principal to be deleted from backend
- * @throws KrbException e
- */
- void deletePrincipal(String principal) throws KrbException;
-
- /**
- * Modify the principal with KOptions.
- *
- * @param principal The principal to be modified
- * @param kOptions The KOptions with changed principal info
- * @throws KrbException e
- */
- void modifyPrincipal(String principal, KOptions kOptions) throws KrbException;
-
- /**
- * Rename the principal.
- *
- * @param oldPrincipalName The original principal name
- * @param newPrincipalName The new principal name
- * @throws KrbException e
- */
- void renamePrincipal(String oldPrincipalName,
- String newPrincipalName) throws KrbException;
-
- /**
- * Get all the principal names from backend.
- *
- * @return principal list
- * @throws KrbException e
- */
- List<String> getPrincipals() throws KrbException;
-
- /**
- * Get all the principal names that meets the pattern
- *
- * @param globString The glob string for matching
- * @return Principal names
- * @throws KrbException e
- */
- List<String> getPrincipals(String globString) throws KrbException;
-
- /**
- * Change the password of specified principal.
- *
- * @param principal The principal to be updated password
- * @param newPassword The new password
- * @throws KrbException e
- */
- void changePassword(String principal, String newPassword) throws KrbException;
-
- /**
- * Update the random keys of specified principal.
- *
- * @param principal The principal to be updated keys
- * @throws KrbException e
- */
- void updateKeys(String principal) throws KrbException;
-
- /**
- * Release any resources associated.
- *
- * @throws KrbException e
- */
- void release() throws KrbException;
-}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/KadminOption.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/KadminOption.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/KadminOption.java
deleted file mode 100644
index 0c11fe7..0000000
--- a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/KadminOption.java
+++ /dev/null
@@ -1,76 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerby.kerberos.kerb.admin;
-
-import org.apache.kerby.KOption;
-import org.apache.kerby.KOptionInfo;
-import org.apache.kerby.KOptionType;
-
-public enum KadminOption implements KOption {
- NONE(null),
- EXPIRE(new KOptionInfo("-expire", "expire time", KOptionType.DATE)),
- DISABLED(new KOptionInfo("-disabled", "disabled", KOptionType.BOOL)),
- LOCKED(new KOptionInfo("-locked", "locked", KOptionType.BOOL)),
- FORCE(new KOptionInfo("-force", "force", KOptionType.NOV)),
- KVNO(new KOptionInfo("-kvno", "initial key version number", KOptionType.INT)),
- SIZE(new KOptionInfo("-size", "principal's numbers", KOptionType.STR)),
- PW(new KOptionInfo("-pw", "password", KOptionType.STR)),
- RANDKEY(new KOptionInfo("-randkey", "random key", KOptionType.NOV)),
- KEEPOLD(new KOptionInfo("-keepold", "keep old passowrd", KOptionType.NOV)),
- KEYSALTLIST(new KOptionInfo("-e", "key saltlist", KOptionType.STR)),
- K(new KOptionInfo("-k", "keytab file path", KOptionType.STR)),
- KEYTAB(new KOptionInfo("-keytab", "keytab file path", KOptionType.STR)),
- CCACHE(new KOptionInfo("-c", "credentials cache", KOptionType.FILE));
-
- private final KOptionInfo optionInfo;
-
- KadminOption(KOptionInfo optionInfo) {
- this.optionInfo = optionInfo;
- }
-
- @Override
- public KOptionInfo getOptionInfo() {
- return optionInfo;
- }
-
- public static KadminOption fromName(String name) {
- if (name != null) {
- for (KadminOption ko : values()) {
- if (ko.optionInfo != null
- && ko.optionInfo.getName().equals(name)) {
- return ko;
- }
- }
- }
- return NONE;
- }
-
- public static KadminOption fromOptionName(String optionName) {
- if (optionName != null) {
- for (KadminOption ko : values()) {
- if (ko.optionInfo != null
- && ko.optionInfo.getName().equals(optionName)) {
- return ko;
- }
- }
- }
- return NONE;
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/KadminServer.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/KadminServer.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/KadminServer.java
deleted file mode 100644
index 933accf..0000000
--- a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/KadminServer.java
+++ /dev/null
@@ -1,144 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerby.kerberos.kerb.admin;
-
-import org.apache.kerby.KOptions;
-import org.apache.kerby.kerberos.kerb.KrbException;
-
-import java.io.File;
-import java.util.List;
-
-/**
- * Server side admin facilities for remote, similar to MIT kadmind service.
- * It uses GSSAPI and XDR to communicate with remote client/kadmin to receive
- * and perform the requested operations. In this server side, it simply leverages
- * LocalKadmin to perform the real work.
- *
- * TO BE IMPLEMENTED.
- */
-public class KadminServer implements Kadmin {
- //private LocalKadmin localKadmin;
-
- @Override
- public String getKadminPrincipal() {
- return null;
- }
-
- @Override
- public void addPrincipal(String principal) throws KrbException {
-
- }
-
- @Override
- public void addPrincipal(String principal,
- KOptions kOptions) throws KrbException {
-
- }
-
- @Override
- public void addPrincipal(String principal,
- String password) throws KrbException {
-
- }
-
- @Override
- public void addPrincipal(String principal, String password,
- KOptions kOptions) throws KrbException {
-
- }
-
- @Override
- public void exportKeytab(File keytabFile,
- String principal) throws KrbException {
-
- }
-
- @Override
- public void exportKeytab(File keytabFile,
- List<String> principals) throws KrbException {
-
- }
-
- @Override
- public void exportKeytab(File keytabFile) throws KrbException {
-
- }
-
- @Override
- public void removeKeytabEntriesOf(File keytabFile,
- String principal) throws KrbException {
-
- }
-
- @Override
- public void removeKeytabEntriesOf(File keytabFile, String principal,
- int kvno) throws KrbException {
-
- }
-
- @Override
- public void removeOldKeytabEntriesOf(File keytabFile,
- String principal) throws KrbException {
-
- }
-
- @Override
- public void deletePrincipal(String principal) throws KrbException {
-
- }
-
- @Override
- public void modifyPrincipal(String principal,
- KOptions kOptions) throws KrbException {
-
- }
-
- @Override
- public void renamePrincipal(String oldPrincipalName,
- String newPrincipalName) throws KrbException {
-
- }
-
- @Override
- public List<String> getPrincipals() throws KrbException {
- return null;
- }
-
- @Override
- public List<String> getPrincipals(String globString) throws KrbException {
- return null;
- }
-
- @Override
- public void changePassword(String principal,
- String newPassword) throws KrbException {
-
- }
-
- @Override
- public void updateKeys(String principal) throws KrbException {
-
- }
-
- @Override
- public void release() throws KrbException {
-
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/Krb5Conf.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/Krb5Conf.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/Krb5Conf.java
new file mode 100644
index 0000000..9e3b3cf
--- /dev/null
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/Krb5Conf.java
@@ -0,0 +1,86 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin;
+
+import org.apache.kerby.kerberos.kerb.server.KdcConfig;
+import org.apache.kerby.util.IOUtil;
+
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
+
+/**
+ * Generate krb5 file using given kdc server settings.
+ */
+public class Krb5Conf {
+ public static final String KRB5_CONF = "java.security.krb5.conf";
+ private static final String KRB5_CONF_FILE = "krb5.conf";
+ private File confDir;
+ private KdcConfig kdcConfig;
+
+ public Krb5Conf(File confDir, KdcConfig kdcConfig) {
+ this.confDir = confDir;
+ this.kdcConfig = kdcConfig;
+ }
+
+ public void initKrb5conf() throws IOException {
+ File confFile = generateConfFile();
+ System.setProperty(KRB5_CONF, confFile.getAbsolutePath());
+ }
+
+ // Read in krb5.conf and substitute in the correct port
+ private File generateConfFile() throws IOException {
+
+ String resourcePath = kdcConfig.allowUdp() ? "/krb5_udp.conf" : "/krb5.conf";
+ InputStream templateResource = getClass().getResourceAsStream(resourcePath);
+
+ String templateContent = IOUtil.readInput(templateResource);
+
+ String content = templateContent;
+
+ content = content.replaceAll("_REALM_", "" + kdcConfig.getKdcRealm());
+
+ int kdcPort = kdcConfig.allowUdp() ? kdcConfig.getKdcUdpPort()
+ : kdcConfig.getKdcTcpPort();
+ content = content.replaceAll("_KDC_PORT_",
+ String.valueOf(kdcPort));
+
+ if (kdcConfig.allowTcp()) {
+ content = content.replaceAll("#_KDC_TCP_PORT_", "kdc_tcp_port = " + kdcConfig.getKdcTcpPort());
+ }
+ if (kdcConfig.allowUdp()) {
+ content = content.replaceAll("#_KDC_UDP_PORT_", "kdc_udp_port = " + kdcConfig.getKdcUdpPort());
+ }
+
+ int udpLimit = kdcConfig.allowUdp() ? 4096 : 1;
+ content = content.replaceAll("_UDP_LIMIT_", String.valueOf(udpLimit));
+
+ File confFile = new File(confDir, KRB5_CONF_FILE);
+ if (confFile.exists()) {
+ boolean delete = confFile.delete();
+ if (!delete) {
+ throw new RuntimeException("File delete error!");
+ }
+ }
+ IOUtil.writeFile(content, confFile);
+
+ return confFile;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/LocalKadmin.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/LocalKadmin.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/LocalKadmin.java
deleted file mode 100644
index d8d38f1..0000000
--- a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/LocalKadmin.java
+++ /dev/null
@@ -1,87 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerby.kerberos.kerb.admin;
-
-import org.apache.kerby.kerberos.kerb.KrbException;
-import org.apache.kerby.kerberos.kerb.identity.KrbIdentity;
-import org.apache.kerby.kerberos.kerb.identity.backend.BackendConfig;
-import org.apache.kerby.kerberos.kerb.identity.backend.IdentityBackend;
-import org.apache.kerby.kerberos.kerb.server.KdcConfig;
-
-/**
- * Server side admin facilities for local, similar to MIT kadmin local mode. It
- * may be not accurate regarding 'local' because, if the identity backend itself
- * is supported to be accessed from remote, it won't have to be remote; but if
- * not, then it must be local to the KDC server bounded with the local backend.
- *
- * Note, suitable with Kerby KdcServer based KDCs like Kerby KDC.
- */
-public interface LocalKadmin extends Kadmin {
-
- /**
- * Check the built-in principals, will throw KrbException if not exist.
- * @throws KrbException e
- */
- void checkBuiltinPrincipals() throws KrbException;
-
- /**
- * Create build-in principals.
- * @throws KrbException e
- */
- void createBuiltinPrincipals() throws KrbException;
-
- /**
- * Delete build-in principals.
- * @throws KrbException e
- */
- void deleteBuiltinPrincipals() throws KrbException;
-
- /**
- * Get kdc config.
- *
- * @return The kdc config.
- */
- KdcConfig getKdcConfig();
-
- /**
- * Get backend config.
- *
- * @return The backend config.
- */
- BackendConfig getBackendConfig();
-
- /**
- * Get identity backend.
- *
- * @return IdentityBackend
- */
- IdentityBackend getIdentityBackend();
-
- /**
- * Get the identity from backend.
- *
- * @param principalName The principal name
- * @return identity
- * @throws KrbException e
- */
- KrbIdentity getPrincipal(String principalName) throws KrbException;
-
- int size() throws KrbException;
-}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/LocalKadminImpl.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/LocalKadminImpl.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/LocalKadminImpl.java
deleted file mode 100644
index 9f0f89e..0000000
--- a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/LocalKadminImpl.java
+++ /dev/null
@@ -1,400 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerby.kerberos.kerb.admin;
-
-import org.apache.kerby.KOptions;
-import org.apache.kerby.kerberos.kerb.KrbException;
-import org.apache.kerby.kerberos.kerb.common.EncryptionUtil;
-import org.apache.kerby.kerberos.kerb.common.KrbUtil;
-import org.apache.kerby.kerberos.kerb.identity.KrbIdentity;
-import org.apache.kerby.kerberos.kerb.identity.backend.BackendConfig;
-import org.apache.kerby.kerberos.kerb.identity.backend.IdentityBackend;
-import org.apache.kerby.kerberos.kerb.keytab.Keytab;
-import org.apache.kerby.kerberos.kerb.server.KdcConfig;
-import org.apache.kerby.kerberos.kerb.server.KdcSetting;
-import org.apache.kerby.kerberos.kerb.server.KdcUtil;
-import org.apache.kerby.kerberos.kerb.type.base.EncryptionKey;
-import org.apache.kerby.kerberos.kerb.type.base.PrincipalName;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import java.io.File;
-import java.util.ArrayList;
-import java.util.Iterator;
-import java.util.LinkedList;
-import java.util.List;
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
-
-/**
- * The implementation of server side admin facilities for local mode.
- */
-public class LocalKadminImpl implements LocalKadmin {
- private static final Logger LOG = LoggerFactory.getLogger(LocalKadminImpl.class);
-
- private final KdcSetting kdcSetting;
- private final IdentityBackend backend;
-
- /**
- * Construct with prepared KdcConfig and BackendConfig.
- *
- * @param kdcConfig The kdc config
- * @param backendConfig The backend config
- * @throws KrbException e
- */
- public LocalKadminImpl(KdcConfig kdcConfig,
- BackendConfig backendConfig) throws KrbException {
- this.backend = KdcUtil.getBackend(backendConfig);
- this.kdcSetting = new KdcSetting(kdcConfig, backendConfig);
- }
-
- /**
- * Construct with prepared conf dir.
- *
- * @param confDir The path of conf dir
- * @throws KrbException e
- */
- public LocalKadminImpl(File confDir) throws KrbException {
- KdcConfig tmpKdcConfig = KdcUtil.getKdcConfig(confDir);
- if (tmpKdcConfig == null) {
- tmpKdcConfig = new KdcConfig();
- }
-
- BackendConfig tmpBackendConfig = KdcUtil.getBackendConfig(confDir);
- if (tmpBackendConfig == null) {
- tmpBackendConfig = new BackendConfig();
- }
-
- this.kdcSetting = new KdcSetting(tmpKdcConfig, tmpBackendConfig);
-
- backend = KdcUtil.getBackend(tmpBackendConfig);
- }
-
- /**
- * Construct with prepared KdcSetting and Backend.
- *
- * @param kdcSetting The kdc setting
- * @param backend The identity backend
- */
- public LocalKadminImpl(KdcSetting kdcSetting, IdentityBackend backend) {
- this.kdcSetting = kdcSetting;
- this.backend = backend;
- }
-
- /**
- * Get the tgs principal name.
- */
- private String getTgsPrincipal() {
- return KrbUtil.makeTgsPrincipal(kdcSetting.getKdcRealm()).getName();
- }
-
- @Override
- public String getKadminPrincipal() {
- return KrbUtil.makeKadminPrincipal(kdcSetting.getKdcRealm()).getName();
- }
-
- @Override
- public void checkBuiltinPrincipals() throws KrbException {
- String tgsPrincipal = getTgsPrincipal();
- String kadminPrincipal = getKadminPrincipal();
- if (backend.getIdentity(tgsPrincipal) == null
- || backend.getIdentity(kadminPrincipal) == null) {
- String errorMsg = "The built-in principals do not exist in backend,"
- + " please run the kdcinit tool.";
- LOG.error(errorMsg);
- throw new KrbException(errorMsg);
- }
- }
-
- @Override
- public void createBuiltinPrincipals() throws KrbException {
- String tgsPrincipal = getTgsPrincipal();
- if (backend.getIdentity(tgsPrincipal) == null) {
- addPrincipal(tgsPrincipal);
- } else {
- String errorMsg = "The tgs principal already exists in backend.";
- LOG.error(errorMsg);
- throw new KrbException(errorMsg);
- }
-
- String kadminPrincipal = getKadminPrincipal();
- if (backend.getIdentity(kadminPrincipal) == null) {
- addPrincipal(kadminPrincipal);
- } else {
- String errorMsg = "The kadmin principal already exists in backend.";
- LOG.error(errorMsg);
- throw new KrbException(errorMsg);
- }
- }
-
- @Override
- public void deleteBuiltinPrincipals() throws KrbException {
- deletePrincipal(getTgsPrincipal());
- deletePrincipal(getKadminPrincipal());
- }
-
- @Override
- public KdcConfig getKdcConfig() {
- return kdcSetting.getKdcConfig();
- }
-
- @Override
- public BackendConfig getBackendConfig() {
- return kdcSetting.getBackendConfig();
- }
-
- @Override
- public IdentityBackend getIdentityBackend() {
- return backend;
- }
-
- @Override
- public void addPrincipal(String principal) throws KrbException {
- principal = fixPrincipal(principal);
- addPrincipal(principal, new KOptions());
- }
-
- @Override
- public void addPrincipal(String principal, KOptions kOptions)
- throws KrbException {
- principal = fixPrincipal(principal);
- KrbIdentity identity = AdminHelper.createIdentity(principal, kOptions);
- List<EncryptionKey> keys = EncryptionUtil.generateKeys(
- getKdcConfig().getEncryptionTypes());
- identity.addKeys(keys);
- backend.addIdentity(identity);
- }
-
- @Override
- public void addPrincipal(String principal, String password)
- throws KrbException {
- principal = fixPrincipal(principal);
- addPrincipal(principal, password, new KOptions());
- }
-
- @Override
- public void addPrincipal(String principal, String password, KOptions kOptions)
- throws KrbException {
- principal = fixPrincipal(principal);
- KrbIdentity identity = AdminHelper.createIdentity(principal, kOptions);
- List<EncryptionKey> keys = EncryptionUtil.generateKeys(principal, password,
- getKdcConfig().getEncryptionTypes());
- identity.addKeys(keys);
- backend.addIdentity(identity);
- }
-
- @Override
- public void exportKeytab(File keytabFile, String principal)
- throws KrbException {
- principal = fixPrincipal(principal);
- List<String> principals = new ArrayList<>(1);
- principals.add(principal);
- exportKeytab(keytabFile, principals);
- }
-
- @Override
- public void exportKeytab(File keytabFile, List<String> principals)
- throws KrbException {
- //Get Identity
- List<KrbIdentity> identities = new LinkedList<>();
- for (String principal : principals) {
- KrbIdentity identity = backend.getIdentity(principal);
- if (identity == null) {
- throw new KrbException("Can not find the identity for pincipal "
- + principal);
- }
- identities.add(identity);
- }
-
- AdminHelper.exportKeytab(keytabFile, identities);
- }
-
- @Override
- public void exportKeytab(File keytabFile) throws KrbException {
- Keytab keytab = AdminHelper.createOrLoadKeytab(keytabFile);
-
- Iterable<String> principals = backend.getIdentities();
- for (String principal : principals) {
- KrbIdentity identity = backend.getIdentity(principal);
- if (identity != null) {
- AdminHelper.exportToKeytab(keytab, identity);
- }
- }
-
- AdminHelper.storeKeytab(keytab, keytabFile);
- }
-
- @Override
- public void removeKeytabEntriesOf(File keytabFile, String principal)
- throws KrbException {
- principal = fixPrincipal(principal);
- AdminHelper.removeKeytabEntriesOf(keytabFile, principal);
- }
-
- @Override
- public void removeKeytabEntriesOf(File keytabFile, String principal, int kvno)
- throws KrbException {
- principal = fixPrincipal(principal);
- AdminHelper.removeKeytabEntriesOf(keytabFile, principal, kvno);
- }
-
- @Override
- public void removeOldKeytabEntriesOf(File keytabFile, String principal)
- throws KrbException {
- principal = fixPrincipal(principal);
- AdminHelper.removeOldKeytabEntriesOf(keytabFile, principal);
- }
-
- @Override
- public void deletePrincipal(String principal) throws KrbException {
- principal = fixPrincipal(principal);
- backend.deleteIdentity(principal);
- }
-
- @Override
- public void modifyPrincipal(String principal, KOptions kOptions)
- throws KrbException {
- principal = fixPrincipal(principal);
- KrbIdentity identity = backend.getIdentity(principal);
- if (identity == null) {
- throw new KrbException("Principal \""
- + principal + "\" does not exist.");
- }
- AdminHelper.updateIdentity(identity, kOptions);
- backend.updateIdentity(identity);
- }
-
- @Override
- public void renamePrincipal(String oldPrincipalName, String newPrincipalName)
- throws KrbException {
- oldPrincipalName = fixPrincipal(oldPrincipalName);
- newPrincipalName = fixPrincipal(newPrincipalName);
- KrbIdentity oldIdentity = backend.getIdentity(newPrincipalName);
- if (oldIdentity != null) {
- throw new KrbException("Principal \""
- + oldIdentity.getPrincipalName() + "\" is already exist.");
- }
- KrbIdentity identity = backend.getIdentity(oldPrincipalName);
- if (identity == null) {
- throw new KrbException("Principal \""
- + oldPrincipalName + "\" does not exist.");
- }
- backend.deleteIdentity(oldPrincipalName);
-
- identity.setPrincipalName(newPrincipalName);
- identity.setPrincipal(new PrincipalName(newPrincipalName));
- backend.addIdentity(identity);
- }
-
- @Override
- public KrbIdentity getPrincipal(String principalName) throws KrbException {
- KrbIdentity identity = backend.getIdentity(principalName);
- return identity;
- }
-
- @Override
- public List<String> getPrincipals() throws KrbException {
- Iterable<String> principalNames = backend.getIdentities();
- List<String> principalList = new LinkedList<>();
- Iterator<String> iterator = principalNames.iterator();
- while (iterator.hasNext()) {
- principalList.add(iterator.next());
- }
- return principalList;
- }
-
- @Override
- public List<String> getPrincipals(String globString) throws KrbException {
- Pattern pt = AdminHelper.getPatternFromGlobPatternString(globString);
- if (pt == null) {
- return getPrincipals();
- }
-
- Boolean containsAt = pt.pattern().indexOf('@') != -1;
- List<String> result = new LinkedList<>();
-
- List<String> principalNames = getPrincipals();
- for (String principal: principalNames) {
- String toMatch = containsAt ? principal : principal.split("@")[0];
- Matcher m = pt.matcher(toMatch);
- if (m.matches()) {
- result.add(principal);
- }
- }
- return result;
- }
-
- @Override
- public void changePassword(String principal,
- String newPassword) throws KrbException {
- principal = fixPrincipal(principal);
- KrbIdentity identity = backend.getIdentity(principal);
- if (identity == null) {
- throw new KrbException("Principal " + principal
- + "was not found. Please check the input and try again");
- }
- List<EncryptionKey> keys = EncryptionUtil.generateKeys(principal, newPassword,
- getKdcConfig().getEncryptionTypes());
- identity.addKeys(keys);
-
- backend.updateIdentity(identity);
- }
-
- @Override
- public void updateKeys(String principal) throws KrbException {
- principal = fixPrincipal(principal);
- KrbIdentity identity = backend.getIdentity(principal);
- if (identity == null) {
- throw new KrbException("Principal " + principal
- + "was not found. Please check the input and try again");
- }
- List<EncryptionKey> keys = EncryptionUtil.generateKeys(
- getKdcConfig().getEncryptionTypes());
- identity.addKeys(keys);
- backend.updateIdentity(identity);
- }
-
- @Override
- public void release() throws KrbException {
- if (backend != null) {
- backend.stop();
- }
- }
-
- /**
- * get size of principal
- */
- @Override
- public int size() throws KrbException {
- return this.getPrincipals().size();
- }
-
- /**
- * Fix principal name, making it complete.
- *
- * @param principal The principal name
- */
- private String fixPrincipal(String principal) {
- if (!principal.contains("@")) {
- principal += "@" + kdcSetting.getKdcRealm();
- }
- return principal;
- }
-}
[17/27] directory-kerby git commit: DIRKRB-592 Merge kadmin-remote
branch to trunk.
Posted by pl...@apache.org.
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/message/KadminCode.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/message/KadminCode.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/message/KadminCode.java
new file mode 100644
index 0000000..c5d6359
--- /dev/null
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/message/KadminCode.java
@@ -0,0 +1,63 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.message;
+
+import java.io.IOException;
+import java.nio.ByteBuffer;
+
+/**
+ * Used to decode messages between admin and admin server.
+ */
+public class KadminCode {
+ public static ByteBuffer encodeMessage(AdminMessage adminMessage) {
+ int length = adminMessage.encodingLength();
+ // 4 is the head to go through network
+ ByteBuffer buffer = ByteBuffer.allocate(length + 4);
+ buffer.putInt(length); // head in network
+ //buffer.putInt(adminMessage.getAdminMessageType().getValue());
+ // type has been encoded in the admin message
+ buffer.put(adminMessage.getMessageBuffer());
+ buffer.flip();
+ return buffer;
+ }
+
+ public static AdminMessage decodeMessage(ByteBuffer buffer) throws IOException {
+ //go through network, the total length has been removed.
+ int type = buffer.getInt();
+ System.out.println("type: " + type);
+ AdminMessageType adminMessageType = AdminMessageType.findType(type);
+ AdminMessage adminMessage = null;
+ byte[] bytes = new byte[buffer.remaining()];
+ buffer.get(bytes);
+ if (adminMessageType == AdminMessageType.ADD_PRINCIPAL_REQ) {
+ adminMessage = new AddPrincipalReq();
+ System.out.println("check if decoding right: "
+ + new String(ByteBuffer.wrap(bytes).array()));
+ } else if (adminMessageType == AdminMessageType.ADD_PRINCIPAL_REP) {
+ adminMessage = new AddPrincipalRep();
+ System.out.println("check if decoding right2: "
+ + new String(ByteBuffer.wrap(bytes).array()));
+ } else {
+ throw new IOException("Unknown Admin Message Type: " + type);
+ }
+
+ return adminMessage;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/message/RenamePrincipalRep.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/message/RenamePrincipalRep.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/message/RenamePrincipalRep.java
new file mode 100644
index 0000000..5406190
--- /dev/null
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/message/RenamePrincipalRep.java
@@ -0,0 +1,29 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.message;
+
+/**
+ * Rename principal reply, to general admin message
+ */
+public class RenamePrincipalRep extends AdminRep {
+ public RenamePrincipalRep() {
+ super(AdminMessageType.RENAME_PRINCIPAL_REP);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/message/RenamePrincipalReq.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/message/RenamePrincipalReq.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/message/RenamePrincipalReq.java
new file mode 100644
index 0000000..4bc8c1b
--- /dev/null
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/message/RenamePrincipalReq.java
@@ -0,0 +1,29 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.message;
+
+/**
+ * Rename principal request, to general admin message
+ */
+public class RenamePrincipalReq extends AdminReq {
+ public RenamePrincipalReq() {
+ super(AdminMessageType.RENAME_PRINCIPAL_REQ);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-kerb/kerb-admin/src/test/java/org/apache/kerby/kerberos/kerb/admin/KadminTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/test/java/org/apache/kerby/kerberos/kerb/admin/KadminTest.java b/kerby-kerb/kerb-admin/src/test/java/org/apache/kerby/kerberos/kerb/admin/KadminTest.java
deleted file mode 100644
index 325f1db..0000000
--- a/kerby-kerb/kerb-admin/src/test/java/org/apache/kerby/kerberos/kerb/admin/KadminTest.java
+++ /dev/null
@@ -1,24 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerby.kerberos.kerb.admin;
-
-public class KadminTest {
-
-}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/transport/KdcNetwork.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/transport/KdcNetwork.java b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/transport/KdcNetwork.java
index 5323225..135eb6e 100644
--- a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/transport/KdcNetwork.java
+++ b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/transport/KdcNetwork.java
@@ -124,7 +124,6 @@ public abstract class KdcNetwork {
}
}
-
private void checkUdpMessage() throws IOException {
InetSocketAddress fromAddress = (InetSocketAddress) udpServer.receive(recvBuffer);
if (fromAddress != null) {
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcSetting.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcSetting.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcSetting.java
index 85f4da7..c53d5d6 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcSetting.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcSetting.java
@@ -26,7 +26,7 @@ import org.apache.kerby.kerberos.kerb.identity.backend.BackendConfig;
/**
* KDC setting that combines startup options and kdc config.
*/
-public class KdcSetting {
+public class KdcSetting implements ServerSetting {
private final KOptions startupOptions;
private final KdcConfig kdcConfig;
private final BackendConfig backendConfig;
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/ServerSetting.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/ServerSetting.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/ServerSetting.java
new file mode 100644
index 0000000..7044693
--- /dev/null
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/ServerSetting.java
@@ -0,0 +1,35 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.server;
+
+import org.apache.kerby.kerberos.kerb.identity.backend.BackendConfig;
+
+/**
+ * Super clsss of KdcSetting and AdminServer Setting.
+ * This class is used to solve the problem of member variable in
+ * LocalKadminImpl (KdcSetting or AdminServerSetting).
+ */
+public interface ServerSetting {
+ String getKdcRealm();
+
+ KdcConfig getKdcConfig();
+
+ BackendConfig getBackendConfig();
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-kerb/kerb-simplekdc/src/main/java/org/apache/kerby/kerberos/kerb/server/SimpleKdcServer.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-simplekdc/src/main/java/org/apache/kerby/kerberos/kerb/server/SimpleKdcServer.java b/kerby-kerb/kerb-simplekdc/src/main/java/org/apache/kerby/kerberos/kerb/server/SimpleKdcServer.java
index c342d8b..4de8e7f 100644
--- a/kerby-kerb/kerb-simplekdc/src/main/java/org/apache/kerby/kerberos/kerb/server/SimpleKdcServer.java
+++ b/kerby-kerb/kerb-simplekdc/src/main/java/org/apache/kerby/kerberos/kerb/server/SimpleKdcServer.java
@@ -20,8 +20,8 @@
package org.apache.kerby.kerberos.kerb.server;
import org.apache.kerby.kerberos.kerb.KrbException;
-import org.apache.kerby.kerberos.kerb.admin.LocalKadmin;
-import org.apache.kerby.kerberos.kerb.admin.LocalKadminImpl;
+import org.apache.kerby.kerberos.kerb.admin.kadmin.local.LocalKadmin;
+import org.apache.kerby.kerberos.kerb.admin.kadmin.local.LocalKadminImpl;
import org.apache.kerby.kerberos.kerb.client.Krb5Conf;
import org.apache.kerby.kerberos.kerb.client.KrbClient;
import org.apache.kerby.kerberos.kerb.client.KrbConfig;
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-kerb/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/pom.xml b/kerby-kerb/pom.xml
index 4b2537b..d9879d9 100644
--- a/kerby-kerb/pom.xml
+++ b/kerby-kerb/pom.xml
@@ -37,6 +37,7 @@
<module>kerb-kdc-test</module>
<module>integration-test</module>
<module>kerb-admin</module>
+ <module>kerb-admin-server</module>
<module>kerb-simplekdc</module>
<module>kerb-client-api-all</module>
<module>kerb-server-api-all</module>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-tool/kdc-tool/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-tool/kdc-tool/pom.xml b/kerby-tool/kdc-tool/pom.xml
index 64edba2..dd4d62c 100644
--- a/kerby-tool/kdc-tool/pom.xml
+++ b/kerby-tool/kdc-tool/pom.xml
@@ -51,6 +51,12 @@
<artifactId>kerb-admin</artifactId>
<version>${project.version}</version>
</dependency>
+ <dependency>
+ <groupId>org.apache.kerby</groupId>
+ <artifactId>kerb-admin-server</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+
</dependencies>
</project>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/KadminTool.java
----------------------------------------------------------------------
diff --git a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/KadminTool.java b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/KadminTool.java
index 1c97204..add63a4 100644
--- a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/KadminTool.java
+++ b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/KadminTool.java
@@ -21,9 +21,9 @@ package org.apache.kerby.kerberos.tool.kadmin;
import org.apache.kerby.KOptions;
import org.apache.kerby.kerberos.kerb.KrbException;
-import org.apache.kerby.kerberos.kerb.admin.LocalKadmin;
-import org.apache.kerby.kerberos.kerb.admin.LocalKadminImpl;
-import org.apache.kerby.kerberos.kerb.admin.KadminOption;
+import org.apache.kerby.kerberos.kerb.admin.kadmin.KadminOption;
+import org.apache.kerby.kerberos.kerb.admin.kadmin.local.LocalKadmin;
+import org.apache.kerby.kerberos.kerb.admin.kadmin.local.LocalKadminImpl;
import org.apache.kerby.kerberos.tool.kadmin.command.AddPrincipalCommand;
import org.apache.kerby.kerberos.tool.kadmin.command.ChangePasswordCommand;
import org.apache.kerby.kerberos.tool.kadmin.command.DeletePrincipalCommand;
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/ToolUtil.java
----------------------------------------------------------------------
diff --git a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/ToolUtil.java b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/ToolUtil.java
index e2f33ff..9c64351 100644
--- a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/ToolUtil.java
+++ b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/ToolUtil.java
@@ -21,7 +21,7 @@ package org.apache.kerby.kerberos.tool.kadmin;
import org.apache.kerby.KOptionType;
import org.apache.kerby.KOptions;
-import org.apache.kerby.kerberos.kerb.admin.KadminOption;
+import org.apache.kerby.kerberos.kerb.admin.kadmin.KadminOption;
import java.util.Scanner;
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/AddPrincipalCommand.java
----------------------------------------------------------------------
diff --git a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/AddPrincipalCommand.java b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/AddPrincipalCommand.java
index e2374bd..c9b36be 100644
--- a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/AddPrincipalCommand.java
+++ b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/AddPrincipalCommand.java
@@ -21,8 +21,8 @@ package org.apache.kerby.kerberos.tool.kadmin.command;
import org.apache.kerby.KOptions;
import org.apache.kerby.kerberos.kerb.KrbException;
-import org.apache.kerby.kerberos.kerb.admin.LocalKadmin;
-import org.apache.kerby.kerberos.kerb.admin.KadminOption;
+import org.apache.kerby.kerberos.kerb.admin.kadmin.KadminOption;
+import org.apache.kerby.kerberos.kerb.admin.kadmin.local.LocalKadmin;
import org.apache.kerby.kerberos.tool.kadmin.ToolUtil;
import java.io.Console;
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/AddPrincipalsCommand.java
----------------------------------------------------------------------
diff --git a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/AddPrincipalsCommand.java b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/AddPrincipalsCommand.java
index 32fe808..b1843e5 100644
--- a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/AddPrincipalsCommand.java
+++ b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/AddPrincipalsCommand.java
@@ -21,8 +21,8 @@ package org.apache.kerby.kerberos.tool.kadmin.command;
import org.apache.kerby.KOptions;
import org.apache.kerby.kerberos.kerb.KrbException;
-import org.apache.kerby.kerberos.kerb.admin.LocalKadmin;
-import org.apache.kerby.kerberos.kerb.admin.KadminOption;
+import org.apache.kerby.kerberos.kerb.admin.kadmin.KadminOption;
+import org.apache.kerby.kerberos.kerb.admin.kadmin.local.LocalKadmin;
import org.apache.kerby.kerberos.tool.kadmin.ToolUtil;
public class AddPrincipalsCommand extends KadminCommand {
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/ChangePasswordCommand.java
----------------------------------------------------------------------
diff --git a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/ChangePasswordCommand.java b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/ChangePasswordCommand.java
index f3d2f45..b4bc4a0 100644
--- a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/ChangePasswordCommand.java
+++ b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/ChangePasswordCommand.java
@@ -21,8 +21,8 @@ package org.apache.kerby.kerberos.tool.kadmin.command;
import org.apache.kerby.KOptions;
import org.apache.kerby.kerberos.kerb.KrbException;
-import org.apache.kerby.kerberos.kerb.admin.LocalKadmin;
-import org.apache.kerby.kerberos.kerb.admin.KadminOption;
+import org.apache.kerby.kerberos.kerb.admin.kadmin.KadminOption;
+import org.apache.kerby.kerberos.kerb.admin.kadmin.local.LocalKadmin;
import org.apache.kerby.kerberos.tool.kadmin.ToolUtil;
import java.io.Console;
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/DeletePrincipalCommand.java
----------------------------------------------------------------------
diff --git a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/DeletePrincipalCommand.java b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/DeletePrincipalCommand.java
index 8322b7b..0a2e146 100644
--- a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/DeletePrincipalCommand.java
+++ b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/DeletePrincipalCommand.java
@@ -20,8 +20,8 @@
package org.apache.kerby.kerberos.tool.kadmin.command;
import org.apache.kerby.kerberos.kerb.KrbException;
-import org.apache.kerby.kerberos.kerb.admin.Kadmin;
-import org.apache.kerby.kerberos.kerb.admin.LocalKadmin;
+import org.apache.kerby.kerberos.kerb.admin.kadmin.Kadmin;
+import org.apache.kerby.kerberos.kerb.admin.kadmin.local.LocalKadmin;
import java.io.Console;
import java.util.Scanner;
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/GetPrincipalCommand.java
----------------------------------------------------------------------
diff --git a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/GetPrincipalCommand.java b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/GetPrincipalCommand.java
index 6c4501f..bc8024a 100644
--- a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/GetPrincipalCommand.java
+++ b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/GetPrincipalCommand.java
@@ -20,7 +20,7 @@
package org.apache.kerby.kerberos.tool.kadmin.command;
import org.apache.kerby.kerberos.kerb.KrbException;
-import org.apache.kerby.kerberos.kerb.admin.LocalKadmin;
+import org.apache.kerby.kerberos.kerb.admin.kadmin.local.LocalKadmin;
import org.apache.kerby.kerberos.kerb.identity.KrbIdentity;
import org.apache.kerby.kerberos.kerb.type.base.EncryptionKey;
import org.apache.kerby.kerberos.kerb.type.base.EncryptionType;
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/KadminCommand.java
----------------------------------------------------------------------
diff --git a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/KadminCommand.java b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/KadminCommand.java
index 53890e2..46f1087 100644
--- a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/KadminCommand.java
+++ b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/KadminCommand.java
@@ -19,7 +19,7 @@
*/
package org.apache.kerby.kerberos.tool.kadmin.command;
-import org.apache.kerby.kerberos.kerb.admin.LocalKadmin;
+import org.apache.kerby.kerberos.kerb.admin.kadmin.local.LocalKadmin;
public abstract class KadminCommand {
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/KeytabAddCommand.java
----------------------------------------------------------------------
diff --git a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/KeytabAddCommand.java b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/KeytabAddCommand.java
index 65802f4..d96d5a0 100644
--- a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/KeytabAddCommand.java
+++ b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/KeytabAddCommand.java
@@ -20,7 +20,7 @@
package org.apache.kerby.kerberos.tool.kadmin.command;
import org.apache.kerby.kerberos.kerb.KrbException;
-import org.apache.kerby.kerberos.kerb.admin.LocalKadmin;
+import org.apache.kerby.kerberos.kerb.admin.kadmin.local.LocalKadmin;
import java.io.File;
import java.util.List;
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/KeytabRemoveCommand.java
----------------------------------------------------------------------
diff --git a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/KeytabRemoveCommand.java b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/KeytabRemoveCommand.java
index d1d9df4..82ab676 100644
--- a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/KeytabRemoveCommand.java
+++ b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/KeytabRemoveCommand.java
@@ -21,8 +21,8 @@ package org.apache.kerby.kerberos.tool.kadmin.command;
import org.apache.kerby.KOptions;
import org.apache.kerby.kerberos.kerb.KrbException;
-import org.apache.kerby.kerberos.kerb.admin.LocalKadmin;
-import org.apache.kerby.kerberos.kerb.admin.KadminOption;
+import org.apache.kerby.kerberos.kerb.admin.kadmin.KadminOption;
+import org.apache.kerby.kerberos.kerb.admin.kadmin.local.LocalKadmin;
import org.apache.kerby.kerberos.tool.kadmin.ToolUtil;
import java.io.File;
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/ListPrincipalCommand.java
----------------------------------------------------------------------
diff --git a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/ListPrincipalCommand.java b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/ListPrincipalCommand.java
index 71d909f..d236c65 100644
--- a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/ListPrincipalCommand.java
+++ b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/ListPrincipalCommand.java
@@ -20,7 +20,7 @@
package org.apache.kerby.kerberos.tool.kadmin.command;
import org.apache.kerby.kerberos.kerb.KrbException;
-import org.apache.kerby.kerberos.kerb.admin.LocalKadmin;
+import org.apache.kerby.kerberos.kerb.admin.kadmin.local.LocalKadmin;
import java.util.List;
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/ModifyPrincipalCommand.java
----------------------------------------------------------------------
diff --git a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/ModifyPrincipalCommand.java b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/ModifyPrincipalCommand.java
index 4d0d16b..f3fe0fc 100644
--- a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/ModifyPrincipalCommand.java
+++ b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/ModifyPrincipalCommand.java
@@ -22,8 +22,8 @@ package org.apache.kerby.kerberos.tool.kadmin.command;
import org.apache.kerby.KOptionType;
import org.apache.kerby.KOptions;
import org.apache.kerby.kerberos.kerb.KrbException;
-import org.apache.kerby.kerberos.kerb.admin.LocalKadmin;
-import org.apache.kerby.kerberos.kerb.admin.KadminOption;
+import org.apache.kerby.kerberos.kerb.admin.kadmin.KadminOption;
+import org.apache.kerby.kerberos.kerb.admin.kadmin.local.LocalKadmin;
import org.apache.kerby.kerberos.tool.kadmin.ToolUtil;
public class ModifyPrincipalCommand extends KadminCommand {
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/RenamePrincipalCommand.java
----------------------------------------------------------------------
diff --git a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/RenamePrincipalCommand.java b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/RenamePrincipalCommand.java
index 80d6785..ca31199 100644
--- a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/RenamePrincipalCommand.java
+++ b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/RenamePrincipalCommand.java
@@ -21,12 +21,11 @@ package org.apache.kerby.kerberos.tool.kadmin.command;
import org.apache.kerby.KOptions;
import org.apache.kerby.kerberos.kerb.KrbException;
-import org.apache.kerby.kerberos.kerb.admin.Kadmin;
-import org.apache.kerby.kerberos.kerb.admin.LocalKadmin;
-import org.apache.kerby.kerberos.kerb.admin.KadminOption;
+import org.apache.kerby.kerberos.kerb.admin.kadmin.Kadmin;
+import org.apache.kerby.kerberos.kerb.admin.kadmin.KadminOption;
+import org.apache.kerby.kerberos.kerb.admin.kadmin.local.LocalKadmin;
import org.apache.kerby.kerberos.tool.kadmin.ToolUtil;
-
public class RenamePrincipalCommand extends KadminCommand {
private static final String USAGE = "Usage: rename_principal [-force] old_principal new_principal\n";
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9f628e5a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kdcinit/KdcInitTool.java
----------------------------------------------------------------------
diff --git a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kdcinit/KdcInitTool.java b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kdcinit/KdcInitTool.java
index 4cf4de8..faf1cb2 100644
--- a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kdcinit/KdcInitTool.java
+++ b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kdcinit/KdcInitTool.java
@@ -20,8 +20,10 @@
package org.apache.kerby.kerberos.tool.kdcinit;
import org.apache.kerby.kerberos.kerb.KrbException;
-import org.apache.kerby.kerberos.kerb.admin.LocalKadmin;
-import org.apache.kerby.kerberos.kerb.admin.LocalKadminImpl;
+import org.apache.kerby.kerberos.kerb.admin.kadmin.local.LocalKadmin;
+import org.apache.kerby.kerberos.kerb.admin.kadmin.local.LocalKadminImpl;
+import org.apache.kerby.kerberos.kerb.admin.server.kadmin.AdminServer;
+import org.apache.kerby.kerberos.kerb.admin.server.kadmin.AdminServerConfig;
import org.apache.kerby.util.OSUtil;
import java.io.File;
@@ -53,6 +55,19 @@ public class KdcInitTool {
+ " has been exported to the specified file "
+ keytabFile.getAbsolutePath() + ", please safely keep it, "
+ "in order to use kadmin tool later");
+
+ // Export protocol keytab file for remote admin tool
+ AdminServer adminServer = new AdminServer(confDir);
+ AdminServerConfig adminServerConfig = adminServer.getAdminServerConfig();
+ String principal = adminServerConfig.getProtocol() + "/"
+ + adminServerConfig.getAdminHost() + "@" + adminServerConfig.getAdminRealm();
+ kadmin.addPrincipal(principal);
+ File protocolFile = new File("protocol.keytab");
+ kadmin.exportKeytab(protocolFile, principal);
+ System.out.println("The keytab for protocol principal "
+ + " has been exported to the specified file "
+ + protocolFile.getAbsolutePath() + ", please safely keep it, "
+ + "in order to use remote kadmin tool later");
} finally {
kadmin.release();
}
[11/27] directory-kerby git commit: NPE fix for pkinit if the client
principal is not known
Posted by pl...@apache.org.
NPE fix for pkinit if the client principal is not known
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/4600ee35
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/4600ee35
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/4600ee35
Branch: refs/heads/kpasswd
Commit: 4600ee351ff44bb90e58710e5441a423e4a6bf71
Parents: 054db32
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Tue Jul 5 12:16:03 2016 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Tue Jul 5 12:16:03 2016 +0100
----------------------------------------------------------------------
.../apache/kerby/kerberos/kerb/server/request/AsRequest.java | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/4600ee35/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/AsRequest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/AsRequest.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/AsRequest.java
index 7cb7dbb..37e89bb 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/AsRequest.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/AsRequest.java
@@ -82,15 +82,15 @@ public class AsRequest extends KdcRequest {
} else {
clientEntry = getEntry(clientPrincipal.getName());
}
- if (isAnonymous()) {
- clientEntry.setPrincipal(new PrincipalName(clientPrincipal.getName(), NameType.NT_WELLKNOWN));
- }
-
if (clientEntry == null) {
LOG.warn("Can't get the client entry.");
throw new KrbException(KrbErrorCode.KDC_ERR_C_PRINCIPAL_UNKNOWN);
}
+ if (isAnonymous()) {
+ clientEntry.setPrincipal(new PrincipalName(clientPrincipal.getName(), NameType.NT_WELLKNOWN));
+ }
+
setClientEntry(clientEntry);
for (EncryptionType encType : request.getReqBody().getEtypes()) {
[03/27] directory-kerby git commit: Adding Token Auth testcase
Posted by pl...@apache.org.
Adding Token Auth testcase
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/68933ae0
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/68933ae0
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/68933ae0
Branch: refs/heads/kpasswd
Commit: 68933ae0cf397cf1f0e9af9a1934243de62cb9ab
Parents: b0d7554
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Fri Jul 1 12:07:01 2016 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Fri Jul 1 12:07:01 2016 +0100
----------------------------------------------------------------------
.../integration/test/TokenLoginTestBase.java | 10 ++-
.../TokenLoginWithTokenPreauthEnabledTest.java | 74 ++++++++++++++++++++
2 files changed, 83 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/68933ae0/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginTestBase.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginTestBase.java b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginTestBase.java
index 4741372..7258907 100644
--- a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginTestBase.java
+++ b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginTestBase.java
@@ -141,11 +141,19 @@ public class TokenLoginTestBase extends LoginTestBase {
protected void testLoginWithTokenStr() throws Exception {
String tokenStr = createTokenAndArmorCache();
- checkSubject(loginClientUsingTokenStr(tokenStr, armorCache, tgtCache, signKeyFile));
+ Subject subj = loginClientUsingTokenStr(tokenStr, armorCache, tgtCache, signKeyFile);
+ checkSubject(subj);
}
protected void testLoginWithTokenCache() throws Exception {
createTokenAndArmorCache();
checkSubject(loginClientUsingTokenCache(tokenCache, armorCache, tgtCache, signKeyFile));
}
+
+ protected Subject testLoginWithTokenCacheAndRetSubject() throws Exception {
+ createTokenAndArmorCache();
+ Subject subj = loginClientUsingTokenCache(tokenCache, armorCache, tgtCache, signKeyFile);
+ checkSubject(subj);
+ return subj;
+ }
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/68933ae0/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginWithTokenPreauthEnabledTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginWithTokenPreauthEnabledTest.java b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginWithTokenPreauthEnabledTest.java
index 86faf11..ed4ec8a 100644
--- a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginWithTokenPreauthEnabledTest.java
+++ b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginWithTokenPreauthEnabledTest.java
@@ -19,6 +19,19 @@
*/
package org.apache.kerby.kerberos.kerb.integration.test;
+import java.security.Principal;
+import java.security.PrivilegedExceptionAction;
+import java.util.Set;
+
+import javax.security.auth.Subject;
+
+import org.ietf.jgss.GSSContext;
+import org.ietf.jgss.GSSCredential;
+import org.ietf.jgss.GSSException;
+import org.ietf.jgss.GSSManager;
+import org.ietf.jgss.GSSName;
+import org.ietf.jgss.Oid;
+import org.junit.Assert;
import org.junit.Test;
/**
@@ -40,4 +53,65 @@ public class TokenLoginWithTokenPreauthEnabledTest extends TokenLoginTestBase {
public void testLoginWithTokenCache() throws Exception {
super.testLoginWithTokenCache();
}
+
+ @Test
+ @org.junit.Ignore
+ public void testLoginWithTokenCacheGSS() throws Exception {
+ Subject subject = super.testLoginWithTokenCacheAndRetSubject();
+ Set<Principal> clientPrincipals = subject.getPrincipals();
+
+ // Get the service ticket
+ KerberosClientExceptionAction action =
+ new KerberosClientExceptionAction(clientPrincipals.iterator().next(),
+ getServerPrincipal());
+
+ byte[] kerberosToken = (byte[]) Subject.doAs(subject, action);
+ Assert.assertNotNull(kerberosToken);
+ }
+
+ /**
+ * This class represents a PrivilegedExceptionAction implementation to
+ * a service ticket from a Kerberos Key Distribution Center.
+ */
+ private class KerberosClientExceptionAction implements PrivilegedExceptionAction<byte[]> {
+
+ private static final String JGSS_KERBEROS_TICKET_OID = "1.2.840.113554.1.2.2";
+
+ private Principal clientPrincipal;
+ private String serviceName;
+
+ KerberosClientExceptionAction(Principal clientPrincipal, String serviceName) {
+ this.clientPrincipal = clientPrincipal;
+ this.serviceName = serviceName;
+ }
+
+ public byte[] run() throws GSSException {
+ GSSManager gssManager = GSSManager.getInstance();
+
+ GSSName gssService = gssManager.createName(serviceName,
+ GSSName.NT_USER_NAME);
+ Oid oid = new Oid(JGSS_KERBEROS_TICKET_OID);
+ GSSName gssClient = gssManager.createName(clientPrincipal.getName(),
+ GSSName.NT_USER_NAME);
+ GSSCredential credentials = gssManager.createCredential(
+ gssClient, GSSCredential.DEFAULT_LIFETIME, oid,
+ GSSCredential.INITIATE_ONLY);
+
+ GSSContext secContext = gssManager.createContext(
+ gssService, oid, credentials, GSSContext.DEFAULT_LIFETIME
+ );
+
+ secContext.requestMutualAuth(false);
+ secContext.requestCredDeleg(false);
+
+ try {
+ byte[] token = new byte[0];
+ byte[] returnedToken = secContext.initSecContext(token,
+ 0, token.length);
+ return returnedToken;
+ } finally {
+ secContext.dispose();
+ }
+ }
+ }
}
[05/27] directory-kerby git commit: Removing GSS interop testcase
Posted by pl...@apache.org.
Removing GSS interop testcase
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/a8b48d34
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/a8b48d34
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/a8b48d34
Branch: refs/heads/kpasswd
Commit: a8b48d3448feafc61e8ea373459472925ed434bf
Parents: 358340d
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Mon Jul 4 10:28:33 2016 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Mon Jul 4 10:28:33 2016 +0100
----------------------------------------------------------------------
.../kerberos/kerb/server/GssInteropTest.java | 39 --------------------
1 file changed, 39 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/a8b48d34/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/GssInteropTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/GssInteropTest.java b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/GssInteropTest.java
index 7e0d269..cb74b3f 100644
--- a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/GssInteropTest.java
+++ b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/GssInteropTest.java
@@ -19,7 +19,6 @@
*/
package org.apache.kerby.kerberos.kerb.server;
-import java.io.ByteArrayOutputStream;
import java.security.Principal;
import java.security.PrivilegedExceptionAction;
import java.util.Set;
@@ -27,12 +26,6 @@ import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.kerberos.KerberosTicket;
-import org.apache.kerby.kerberos.kerb.ccache.CredCacheOutputStream;
-import org.apache.kerby.kerberos.kerb.ccache.Credential;
-import org.apache.kerby.kerberos.kerb.ccache.CredentialCache;
-import org.apache.kerby.kerberos.kerb.client.KrbClient;
-import org.apache.kerby.kerberos.kerb.type.ticket.SgtTicket;
-import org.apache.kerby.kerberos.kerb.type.ticket.TgtTicket;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
@@ -71,38 +64,6 @@ public class GssInteropTest extends LoginTestBase {
validateServiceTicket(kerberosToken);
}
- @Test
- @org.junit.Ignore
- public void testKerbyClientAndGssService() throws Exception {
- KrbClient client = getKrbClient();
- client.init();
-
- try {
- // Get a service ticket using Kerby APIs
- TgtTicket tgt = client.requestTgt(getClientPrincipal(), getClientPassword());
- Assert.assertTrue(tgt != null);
-
- SgtTicket tkt = client.requestSgt(tgt, getServerPrincipal());
- Assert.assertTrue(tkt != null);
-
- Credential credential = new Credential(tkt, tgt.getClientPrincipal());
- CredentialCache cCache = new CredentialCache();
- cCache.addCredential(credential);
- cCache.setPrimaryPrincipal(tgt.getClientPrincipal());
-
- ByteArrayOutputStream bout = new ByteArrayOutputStream();
- CredCacheOutputStream os = new CredCacheOutputStream(bout);
- cCache.store(bout);
- os.close();
-
- // Now validate the ticket using GSS
- validateServiceTicket(bout.toByteArray());
- } catch (Exception e) {
- e.printStackTrace();
- Assert.fail();
- }
- }
-
private void validateServiceTicket(byte[] ticket) throws Exception {
Subject serviceSubject = loginServiceUsingKeytab();
Set<Principal> servicePrincipals = serviceSubject.getPrincipals();
[24/27] directory-kerby git commit: Fix to load server certificates
from the classpath as well
Posted by pl...@apache.org.
Fix to load server certificates from the classpath as well
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/9af4754f
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/9af4754f
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/9af4754f
Branch: refs/heads/kpasswd
Commit: 9af4754f254881c69bba0046d092e155b532f2e1
Parents: cc91e4b
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Jul 6 10:59:59 2016 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Jul 6 10:59:59 2016 +0100
----------------------------------------------------------------------
.../server/preauth/pkinit/PkinitPreauth.java | 55 +++++++-------------
1 file changed, 18 insertions(+), 37 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9af4754f/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
index 0e4867d..ffd59c0 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
@@ -19,6 +19,18 @@
*/
package org.apache.kerby.kerberos.kerb.server.preauth.pkinit;
+import java.io.IOException;
+import java.math.BigInteger;
+import java.nio.ByteBuffer;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import javax.crypto.interfaces.DHPublicKey;
+
import org.apache.kerby.asn1.Asn1;
import org.apache.kerby.asn1.parse.Asn1Container;
import org.apache.kerby.asn1.parse.Asn1ParseResult;
@@ -63,22 +75,6 @@ import org.apache.kerby.x509.type.SubjectPublicKeyInfo;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import javax.crypto.interfaces.DHPublicKey;
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileNotFoundException;
-import java.io.IOException;
-import java.io.InputStream;
-import java.math.BigInteger;
-import java.nio.ByteBuffer;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.Scanner;
-
public class PkinitPreauth extends AbstractPreauthPlugin {
private static final Logger LOG = LoggerFactory.getLogger(PkinitPreauth.class);
@@ -306,28 +302,13 @@ public class PkinitPreauth extends AbstractPreauthPlugin {
if (identityString != null) {
List<String> identityList = Arrays.asList(identityString.split(","));
for (String identity : identityList) {
- File file = new File(identity);
- try (Scanner scanner = new Scanner(file, "UTF-8")) {
- String found = scanner.findInLine("CERTIFICATE");
-
- if (found != null) {
- InputStream res = null;
- try {
- res = new FileInputStream(identity);
- } catch (FileNotFoundException e) {
- e.printStackTrace();
- }
- X509Certificate certificate = null;
- try {
- certificate = (X509Certificate) CertificateHelper.loadCerts(res).iterator().next();
- } catch (KrbException e) {
- e.printStackTrace();
- }
- certificates.add(certificate);
- res.close();
+ try {
+ List<java.security.cert.Certificate> loadedCerts = CertificateHelper.loadCerts(identity);
+ if (!loadedCerts.isEmpty()) {
+ certificates.add((X509Certificate)loadedCerts.iterator().next());
}
- } catch (IOException e) {
- e.getMessage();
+ } catch (KrbException e) {
+ LOG.warn("Error loading X.509 Certificate", e);
}
}
} else {