You are viewing a plain text version of this content. The canonical link for it is here.
Posted to kerby@directory.apache.org by "Zheng, Kai" <ka...@intel.com> on 2015/06/30 07:00:22 UTC
RE: [1/2] directory-kerby git commit: Changes summary: 1) Enhanced
SimpleKdcServer to integrate KrbClient and Kadmin APIs for easier
integration tests; 2) Refined related codes; 3) Fixed some issues found in
the effort.
Sorry this breaks GSS test and I will fix them ASAP.
Regards,
Kai
-----Original Message-----
From: drankye@apache.org [mailto:drankye@apache.org]
Sent: Tuesday, June 30, 2015 11:48 AM
To: commits@directory.apache.org
Subject: [1/2] directory-kerby git commit: Changes summary: 1) Enhanced SimpleKdcServer to integrate KrbClient and Kadmin APIs for easier integration tests; 2) Refined related codes; 3) Fixed some issues found in the effort.
Repository: directory-kerby
Updated Branches:
refs/heads/master 22d959b95 -> d49d73da3
Changes summary: 1) Enhanced SimpleKdcServer to integrate KrbClient and Kadmin APIs for easier integration tests; 2) Refined related codes; 3) Fixed some issues found in the effort.
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/497e0303
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/497e0303
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/497e0303
Branch: refs/heads/master
Commit: 497e0303e2e5e28dee44775174b8072a4b4a4c76
Parents: 2446784
Author: drankye <ka...@intel.com>
Authored: Tue Jun 30 11:46:16 2015 +0800
Committer: Drankye <dr...@gmail.com>
Committed: Tue Jun 30 11:46:16 2015 +0800
----------------------------------------------------------------------
.../kerby/kerberos/kdc/GssInteropTestBase.java | 54 +++++++----
.../kerby/kerberos/kdc/GssTcpInteropTest.java | 25 -----
.../kerby/kerberos/kdc/GssUdpInteropTest.java | 26 -----
.../kerby/kerberos/kdc/JsonBackendKdcTest.java | 7 +-
.../apache/kerby/kerberos/kdc/KerbyKdcTest.java | 15 +--
.../kdc/OnlyTcpForNettyKdcNetworkTest.java | 12 ++-
.../kdc/OnlyUdpForNettyKdcNetworkTest.java | 12 ++-
.../kerberos/kdc/WithAccessTokenKdcTest.java | 2 +-
.../kerberos/kdc/WithIdentityTokenKdcTest.java | 6 +-
.../kerberos/kdc/WithTokenKdcTestBase.java | 13 +--
.../kerberos/kdc/ZookeeperBackendKdcTest.java | 7 +-
kerby-kdc-test/src/test/resources/krb5-udp.conf | 8 --
kerby-kdc-test/src/test/resources/krb5.conf | 9 --
.../kerby/kerberos/kdc/KerbyKdcServer.java | 4 +-
.../kerby/kerberos/kerb/client/ClientUtil.java | 14 +--
.../kerby/kerberos/kerb/client/KrbConfig.java | 9 +-
.../kerberos/kerb/client/KrbConfigKey.java | 6 +-
.../kerby/kerberos/kerb/client/KrbSetting.java | 5 +
.../kerb/client/KrbClientSettingTest.java | 4 +-
.../kerberos/kerb/common/KrbConfHelper.java | 15 ++-
.../kerby/kerberos/kerb/server/KdcTestBase.java | 99 ++++----------------
.../kerberos/kerb/server/TestKdcServer.java | 54 +++++++++++
.../kerberos/kerb/server/GssInteropTest.java | 21 ++---
.../kerberos/kerb/server/KdcSettingTest.java | 2 +-
.../kerby/kerberos/kerb/server/KdcTest.java | 6 +-
.../kerb/server/MultiRequestsKdcTest.java | 10 +-
.../kerberos/kerb/server/OnlyTcpKdcTest.java | 5 +
.../kerberos/kerb/server/OnlyUdpKdcTest.java | 5 +
.../kerberos/kerb/server/TcpAndUdpKdcTest.java | 5 +
.../kerb-kdc-test/src/test/resources/krb5.conf | 8 --
.../kerby/kerberos/kerb/server/KdcConfig.java | 25 +++--
.../kerberos/kerb/server/KdcConfigKey.java | 9 +-
.../kerby/kerberos/kerb/server/KdcServer.java | 13 ++-
.../kerberos/kerb/server/KdcServerOption.java | 1 +
.../kerby/kerberos/kerb/server/KdcSetting.java | 29 +++++-
.../server/impl/AbstractInternalKdcServer.java | 2 +-
.../kerberos/kerb/server/SimpleKdcTest.java | 26 +----
.../kerberos/kerb/server/TestKdcConfigLoad.java | 4 +-
kerby-kerb/kerb-simplekdc/pom.xml | 5 +
.../kerby/kerberos/kerb/server/Krb5Conf.java | 53 +++++++++++
.../kerberos/kerb/server/SimpleKdcServer.java | 95 +++++++++++++++----
.../kerb-simplekdc/src/main/resources/krb5.conf | 7 ++
.../src/main/resources/krb5_udp.conf | 8 ++
.../org/apache/kerby/config/ConfigImpl.java | 3 +-
.../main/java/org/apache/kerby/util/IOUtil.java | 27 +++++-
45 files changed, 465 insertions(+), 310 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/GssInteropTestBase.java
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/GssInteropTestBase.java b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/GssInteropTestBase.java
index 43b89df..bb0fb48 100644
--- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/GssInteropTestBase.java
+++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/GssInteropTestBase.java
@@ -23,6 +23,7 @@ import org.apache.kerby.kerberos.kerb.KrbException;
import org.apache.kerby.kerberos.kerb.server.KdcTestBase;
import org.ietf.jgss.*;
import org.junit.Assert;
+import org.junit.Before;
import org.junit.Test;
import javax.security.auth.Subject;
@@ -32,6 +33,7 @@ import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.kerberos.KerberosTicket;
import javax.security.auth.login.LoginContext;
+import java.io.File;
import java.io.IOException;
import java.security.Principal;
import java.security.PrivilegedExceptionAction;
@@ -41,17 +43,29 @@ import java.util.Set;
* This is an interop test using the Java GSS APIs against the Kerby KDC
*/
public abstract class GssInteropTestBase extends KdcTestBase {
-
@Override
protected void createPrincipals() throws KrbException {
- kdcServer.createPrincipal(getClientPrincipal(), getClientPassword());
- kdcServer.createPrincipal(getServerPrincipal(), getServerPassword());
+ getKdcServer().createPrincipal(getClientPrincipal(), getClientPassword());
+ getKdcServer().createPrincipal(getServerPrincipal(), getServerPassword());
}
private String getServerPassword() {
return getClientPassword(); // Reuse the same password
}
+ @Before
+ @Override
+ public void setUp() throws Exception {
+ super.setUp();
+
+ File file1 = new File(getClass().getResource("/kerberos.jaas").getPath());
+ String content1 = getFileContent(file1.getPath());
+ String path1 = writeToTestDir(content1, file1.getName());
+
+ // System.setProperty("sun.security.krb5.debug", "true");
+ System.setProperty("java.security.auth.login.config", path1);
+ }
+
@Test
public void testKdc() throws Exception {
LoginContext loginContext = new LoginContext(getClientPrincipalName(),
@@ -80,8 +94,6 @@ public abstract class GssInteropTestBase extends KdcTestBase {
loginContext.logout();
validateServiceTicket(kerberosToken);
-
- kdcServer.stop();
}
private void validateServiceTicket(byte[] ticket) throws Exception {
@@ -121,17 +133,19 @@ public abstract class GssInteropTestBase extends KdcTestBase {
}
/**
- * This class represents a PrivilegedExceptionAction implementation to obtain a service ticket from a Kerberos
- * Key Distribution Center.
+ * This class represents a PrivilegedExceptionAction implementation to
+ * obtain a service ticket from a Kerberos Key Distribution Center.
*/
- private static class KerberosClientExceptionAction implements PrivilegedExceptionAction<byte[]> {
+ private static class KerberosClientExceptionAction
+ implements PrivilegedExceptionAction<byte[]> {
private static final String JGSS_KERBEROS_TICKET_OID = "1.2.840.113554.1.2.2";
private Principal clientPrincipal;
private String serviceName;
- public KerberosClientExceptionAction(Principal clientPrincipal, String serviceName) {
+ public KerberosClientExceptionAction(Principal clientPrincipal,
+ String serviceName) {
this.clientPrincipal = clientPrincipal;
this.serviceName = serviceName;
}
@@ -139,12 +153,15 @@ public abstract class GssInteropTestBase extends KdcTestBase {
public byte[] run() throws GSSException {
GSSManager gssManager = GSSManager.getInstance();
- GSSName gssService = gssManager.createName(serviceName, GSSName.NT_USER_NAME);
+ GSSName gssService = gssManager.createName(serviceName,
+ GSSName.NT_USER_NAME);
Oid oid = new Oid(JGSS_KERBEROS_TICKET_OID);
- GSSName gssClient = gssManager.createName(clientPrincipal.getName(), GSSName.NT_USER_NAME);
+ GSSName gssClient = gssManager.createName(clientPrincipal.getName(),
+ GSSName.NT_USER_NAME);
GSSCredential credentials =
gssManager.createCredential(
- gssClient, GSSCredential.DEFAULT_LIFETIME, oid, GSSCredential.INITIATE_ONLY
+ gssClient, GSSCredential.DEFAULT_LIFETIME, oid,
+ GSSCredential.INITIATE_ONLY
);
GSSContext secContext =
@@ -166,7 +183,8 @@ public abstract class GssInteropTestBase extends KdcTestBase {
}
}
- private static class KerberosServiceExceptionAction implements PrivilegedExceptionAction<byte[]> {
+ private static class KerberosServiceExceptionAction
+ implements PrivilegedExceptionAction<byte[]> {
private static final String JGSS_KERBEROS_TICKET_OID = "1.2.840.113554.1.2.2";
@@ -179,16 +197,16 @@ public abstract class GssInteropTestBase extends KdcTestBase {
}
public byte[] run() throws GSSException {
-
GSSManager gssManager = GSSManager.getInstance();
-
- GSSContext secContext = null;
- GSSName gssService = gssManager.createName(serviceName, GSSName.NT_USER_NAME);
+ GSSContext secContext;
+ GSSName gssService = gssManager.createName(serviceName,
+ GSSName.NT_USER_NAME);
Oid oid = new Oid(JGSS_KERBEROS_TICKET_OID);
GSSCredential credentials =
gssManager.createCredential(
- gssService, GSSCredential.DEFAULT_LIFETIME, oid, GSSCredential.ACCEPT_ONLY
+ gssService, GSSCredential.DEFAULT_LIFETIME, oid,
+ GSSCredential.ACCEPT_ONLY
);
secContext = gssManager.createContext(credentials);
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/GssTcpInteropTest.java
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/GssTcpInteropTest.java b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/GssTcpInteropTest.java
index dca4f4d..c101d0d 100644
--- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/GssTcpInteropTest.java
+++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/GssTcpInteropTest.java
@@ -19,36 +19,11 @@
*/
package org.apache.kerby.kerberos.kdc;
-import java.io.File;
-
-import org.junit.Before;
-
/**
* This is an interop test using the Java GSS APIs against the Kerby KDC (using TCP)
*/
public class GssTcpInteropTest extends GssInteropTestBase {
- @Before
- @Override
- public void setUp() throws Exception {
- super.setUp();
-
- File file1 = new File(this.getClass().getResource("/kerberos.jaas").getPath());
- String content1 = getFileContent(file1.getPath());
- String path1 = writeToTestDir(content1, file1.getName());
-
- // System.setProperty("sun.security.krb5.debug", "true");
- System.setProperty("java.security.auth.login.config", path1);
-
- // Read in krb5.conf and substitute in the correct port
- File file2 = new File(this.getClass().getResource("/krb5.conf").getPath());
- String content2 = getFileContent(file2.getPath());
- content2 = content2.replaceAll("port", "" + getTcpPort());
- String path2 = writeToTestDir(content2, file2.getName());
-
- System.setProperty("java.security.krb5.conf", path2);
- }
-
@Override
protected boolean allowUdp() {
return false;
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/GssUdpInteropTest.java
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/GssUdpInteropTest.java b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/GssUdpInteropTest.java
index e2ccd31..a3e8c55 100644
--- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/GssUdpInteropTest.java
+++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/GssUdpInteropTest.java
@@ -19,39 +19,13 @@
*/
package org.apache.kerby.kerberos.kdc;
-import org.junit.Before;
-
-import java.io.File;
-
/**
* This is an interop test using the Java GSS APIs against the Kerby KDC (using UDP)
*/
public class GssUdpInteropTest extends GssInteropTestBase {
- @Before
- @Override
- public void setUp() throws Exception {
- super.setUp();
-
- File file1 = new File(getClass().getResource("/kerberos.jaas").getPath());
- String content1 = getFileContent(file1.getPath());
- String path1 = writeToTestDir(content1, file1.getName());
-
- // System.setProperty("sun.security.krb5.debug", "true");
- System.setProperty("java.security.auth.login.config", path1);
-
- // Read in krb5.conf and substitute in the correct port
- File file2 = new File(getClass().getResource("/krb5-udp.conf").getPath());
- String content2 = getFileContent(file2.getPath());
- content2 = content2.replaceAll("port", "" + getUdpPort());
- String path2 = writeToTestDir(content2, file2.getName());
-
- System.setProperty("java.security.krb5.conf", path2);
- }
-
@Override
protected boolean allowUdp() {
return true;
}
-
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/JsonBackendKdcTest.java
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/JsonBackendKdcTest.java b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/JsonBackendKdcTest.java
index c5815d8..ad60ef4 100644
--- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/JsonBackendKdcTest.java
+++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/JsonBackendKdcTest.java
@@ -20,6 +20,7 @@
package org.apache.kerby.kerberos.kdc;
import org.apache.kerby.kerberos.kdc.identitybackend.JsonIdentityBackend;
+import org.apache.kerby.kerberos.kerb.KrbException;
import org.apache.kerby.kerberos.kerb.server.BackendConfig;
import org.apache.kerby.kerberos.kerb.server.KdcConfigKey;
import org.junit.AfterClass;
@@ -31,14 +32,14 @@ public class JsonBackendKdcTest extends KerbyKdcTest {
private static File jsonBackendFile;
@Override
- protected void prepareKdcServer() throws Exception {
- super.prepareKdcServer();
+ protected void prepareKdc() throws KrbException {
+ super.prepareKdc();
File testDir = new File(System.getProperty("test.dir", "target"));
jsonBackendFile = new File(testDir, "json-backend-file");
String jsonBackendFileString = jsonBackendFile.getAbsolutePath();
- BackendConfig backendConfig = kdcServer.getBackendConfig();
+ BackendConfig backendConfig = getKdcServer().getBackendConfig();
backendConfig.setString(
JsonIdentityBackend.JSON_IDENTITY_BACKEND_FILE, jsonBackendFileString);
backendConfig.setString(KdcConfigKey.KDC_IDENTITY_BACKEND,
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/KerbyKdcTest.java
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/KerbyKdcTest.java b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/KerbyKdcTest.java
index 394c9ce..2f08601 100644
--- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/KerbyKdcTest.java
+++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/KerbyKdcTest.java
@@ -20,6 +20,7 @@
package org.apache.kerby.kerberos.kdc;
import org.apache.kerby.kerberos.kdc.impl.NettyKdcServerImpl;
+import org.apache.kerby.kerberos.kerb.KrbException;
import org.apache.kerby.kerberos.kerb.server.KdcTestBase;
import org.apache.kerby.kerberos.kerb.spec.ticket.ServiceTicket;
import org.apache.kerby.kerberos.kerb.spec.ticket.TgtTicket;
@@ -30,10 +31,10 @@ import static org.assertj.core.api.Assertions.assertThat;
public abstract class KerbyKdcTest extends KdcTestBase {
@Override
- protected void prepareKdcServer() throws Exception {
- super.prepareKdcServer();
- kdcServer.setInnerKdcImpl(
- new NettyKdcServerImpl(kdcServer.getSetting()));
+ protected void prepareKdc() throws KrbException {
+ super.prepareKdc();
+ getKdcServer().setInnerKdcImpl(
+ new NettyKdcServerImpl(getKdcServer().getKdcSetting()));
}
protected void performKdcTest() throws Exception {
@@ -41,11 +42,11 @@ public abstract class KerbyKdcTest extends KdcTestBase {
ServiceTicket tkt;
try {
- tgt = krbClnt.requestTgtWithPassword(getClientPrincipal(),
- getClientPassword());
+ tgt = getKrbClient().requestTgtWithPassword(
+ getClientPrincipal(), getClientPassword());
assertThat(tgt).isNotNull();
- tkt = krbClnt.requestServiceTicketWithTgt(tgt, getServerPrincipal());
+ tkt = getKrbClient().requestServiceTicketWithTgt(tgt, getServerPrincipal());
assertThat(tkt).isNotNull();
} catch (Exception e) {
System.out.println("Exception occurred with good password");
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/OnlyTcpForNettyKdcNetworkTest.java
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/OnlyTcpForNettyKdcNetworkTest.java b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/OnlyTcpForNettyKdcNetworkTest.java
index 6b46e8e..86f5214 100644
--- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/OnlyTcpForNettyKdcNetworkTest.java
+++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/OnlyTcpForNettyKdcNetworkTest.java
@@ -20,6 +20,7 @@
package org.apache.kerby.kerberos.kdc;
import org.apache.kerby.kerberos.kdc.identitybackend.JsonIdentityBackend;
+import org.apache.kerby.kerberos.kerb.KrbException;
import org.apache.kerby.kerberos.kerb.server.BackendConfig;
import org.junit.AfterClass;
import org.junit.Test;
@@ -37,19 +38,24 @@ public class OnlyTcpForNettyKdcNetworkTest extends KerbyKdcTest {
}
@Override
+ protected boolean allowTcp() {
+ return true;
+ }
+
+ @Override
protected boolean allowUdp() {
return false;
}
@Override
- protected void prepareKdcServer() throws Exception {
- super.prepareKdcServer();
+ protected void prepareKdc() throws KrbException {
+ super.prepareKdc();
File testDir = new File(System.getProperty("test.dir", "target"));
jsonBackendFile = new File(testDir, "json-backend-file");
String jsonBackendFileString = jsonBackendFile.getAbsolutePath();
- BackendConfig backendConfig = kdcServer.getBackendConfig();
+ BackendConfig backendConfig = getKdcServer().getBackendConfig();
backendConfig.setString(
JsonIdentityBackend.JSON_IDENTITY_BACKEND_FILE, jsonBackendFileString);
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/OnlyUdpForNettyKdcNetworkTest.java
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/OnlyUdpForNettyKdcNetworkTest.java b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/OnlyUdpForNettyKdcNetworkTest.java
index 0097eec..c844380 100644
--- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/OnlyUdpForNettyKdcNetworkTest.java
+++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/OnlyUdpForNettyKdcNetworkTest.java
@@ -20,6 +20,7 @@
package org.apache.kerby.kerberos.kdc;
import org.apache.kerby.kerberos.kdc.identitybackend.JsonIdentityBackend;
+import org.apache.kerby.kerberos.kerb.KrbException;
import org.apache.kerby.kerberos.kerb.server.BackendConfig;
import org.junit.AfterClass;
import org.junit.Test;
@@ -42,14 +43,19 @@ public class OnlyUdpForNettyKdcNetworkTest extends KerbyKdcTest {
}
@Override
- protected void prepareKdcServer() throws Exception {
- super.prepareKdcServer();
+ protected boolean allowUdp() {
+ return true;
+ }
+
+ @Override
+ protected void prepareKdc() throws KrbException {
+ super.prepareKdc();
File testDir = new File(System.getProperty("test.dir", "target"));
jsonBackendFile = new File(testDir, "json-backend-file");
String jsonBackendFileString = jsonBackendFile.getAbsolutePath();
- BackendConfig backendConfig = kdcServer.getBackendConfig();
+ BackendConfig backendConfig = getKdcServer().getBackendConfig();
backendConfig.setString(
JsonIdentityBackend.JSON_IDENTITY_BACKEND_FILE,
jsonBackendFileString);
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithAccessTokenKdcTest.java
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithAccessTokenKdcTest.java b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithAccessTokenKdcTest.java
index cb23513..d815e37 100644
--- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithAccessTokenKdcTest.java
+++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithAccessTokenKdcTest.java
@@ -29,7 +29,7 @@ public class WithAccessTokenKdcTest extends WithTokenKdcTestBase {
prepareToken(getServerPrincipal());
createCredentialCache(getClientPrincipal(), getClientPassword());
- ServiceTicket serviceTicket = krbClnt.requestServiceTicketWithAccessToken(
+ ServiceTicket serviceTicket = getKrbClient().requestServiceTicketWithAccessToken(
getKrbToken(), getServerPrincipal(), getcCacheFile().getPath());
verifyTicket(serviceTicket);
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithIdentityTokenKdcTest.java
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithIdentityTokenKdcTest.java b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithIdentityTokenKdcTest.java
index 2a78f01..045da51 100644
--- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithIdentityTokenKdcTest.java
+++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithIdentityTokenKdcTest.java
@@ -36,14 +36,16 @@ public class WithIdentityTokenKdcTest extends WithTokenKdcTestBase {
TgtTicket tgt = null;
try {
- tgt = krbClnt.requestTgtWithToken(getKrbToken(), getcCacheFile().getPath());
+ tgt = getKrbClient().requestTgtWithToken(getKrbToken(),
+ getcCacheFile().getPath());
} catch (KrbException e) {
assertThat(e.getMessage().contains("timeout")).isTrue();
return;
}
verifyTicket(tgt);
- ServiceTicket tkt = krbClnt.requestServiceTicketWithTgt(tgt, getServerPrincipal());
+ ServiceTicket tkt = getKrbClient().requestServiceTicketWithTgt(tgt,
+ getServerPrincipal());
verifyTicket(tkt);
}
}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithTokenKdcTestBase.java
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithTokenKdcTestBase.java b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithTokenKdcTestBase.java
index 3e97223..01f490c 100644
--- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithTokenKdcTestBase.java
+++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithTokenKdcTestBase.java
@@ -58,13 +58,13 @@ public class WithTokenKdcTestBase extends KdcTestBase {
@Override
protected void createPrincipals() throws KrbException {
super.createPrincipals();
- kdcServer.createPrincipal(getClientPrincipal(), clientPassword);
+ getKdcServer().createPrincipal(getClientPrincipal(), getClientPassword());
}
@Override
protected void deletePrincipals() throws KrbException {
super.deletePrincipals();
- kdcServer.deletePrincipal(getClientPrincipal());
+ getKdcServer().deletePrincipal(getClientPrincipal());
}
protected AuthToken getKrbToken() {
@@ -104,14 +104,9 @@ public class WithTokenKdcTestBase extends KdcTestBase {
return krbToken;
}
- @Override
- protected void prepareKdcServer() throws Exception {
- super.prepareKdcServer();
- }
-
protected File createCredentialCache(String principal,
String password) throws Exception {
- TgtTicket tgt = krbClnt.requestTgtWithPassword(principal, password);
+ TgtTicket tgt = getKrbClient().requestTgtWithPassword(principal, password);
writeTgtToCache(tgt, principal);
return cCacheFile;
}
@@ -137,7 +132,7 @@ public class WithTokenKdcTestBase extends KdcTestBase {
protected void verifyTicket(AbstractServiceTicket ticket) {
assertThat(ticket).isNotNull();
- assertThat(ticket.getRealm()).isEqualTo(kdcServer.getKdcRealm());
+ assertThat(ticket.getRealm()).isEqualTo(getKdcServer().getKdcSetting().getKdcRealm());
assertThat(ticket.getTicket()).isNotNull();
assertThat(ticket.getSessionKey()).isNotNull();
assertThat(ticket.getEncKdcRepPart()).isNotNull();
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/ZookeeperBackendKdcTest.java
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/ZookeeperBackendKdcTest.java b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/ZookeeperBackendKdcTest.java
index fda0f4b..2c62232 100644
--- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/ZookeeperBackendKdcTest.java
+++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/ZookeeperBackendKdcTest.java
@@ -20,6 +20,7 @@
package org.apache.kerby.kerberos.kdc;
import org.apache.kerby.kerberos.kdc.identitybackend.ZKConfKey;
+import org.apache.kerby.kerberos.kerb.KrbException;
import org.apache.kerby.kerberos.kerb.server.BackendConfig;
import org.apache.kerby.kerberos.kerb.server.KdcConfigKey;
import org.junit.AfterClass;
@@ -47,10 +48,10 @@ public class ZookeeperBackendKdcTest extends KerbyKdcTest {
}
@Override
- protected void prepareKdcServer() throws Exception {
- super.prepareKdcServer();
+ protected void prepareKdc() throws KrbException {
+ super.prepareKdc();
- BackendConfig backendConfig = kdcServer.getBackendConfig();
+ BackendConfig backendConfig = getKdcServer().getBackendConfig();
File testDir = new File(System.getProperty("test.dir", "target"));
instanceDir = new File(testDir, "zookeeper");
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kdc-test/src/test/resources/krb5-udp.conf
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/resources/krb5-udp.conf b/kerby-kdc-test/src/test/resources/krb5-udp.conf
deleted file mode 100644
index 1e878bd..0000000
--- a/kerby-kdc-test/src/test/resources/krb5-udp.conf
+++ /dev/null
@@ -1,8 +0,0 @@
-[libdefaults]
- default_realm = TEST.COM
- permitted_enctypes = des-cbc-crc aes128-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 des3-cbc-sha1-kd
-
-[realms]
- TEST.COM = {
- kdc = localhost:port
- }
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kdc-test/src/test/resources/krb5.conf
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/resources/krb5.conf b/kerby-kdc-test/src/test/resources/krb5.conf
deleted file mode 100644
index d1361d9..0000000
--- a/kerby-kdc-test/src/test/resources/krb5.conf
+++ /dev/null
@@ -1,9 +0,0 @@
-[libdefaults]
- default_realm = TEST.COM
- udp_preference_limit = 1
- permitted_enctypes = des-cbc-crc aes128-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 des3-cbc-sha1-kd
-
-[realms]
- TEST.COM = {
- kdc = localhost:port
- }
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/KerbyKdcServer.java
----------------------------------------------------------------------
diff --git a/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/KerbyKdcServer.java b/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/KerbyKdcServer.java
index e088d5a..e07021c 100644
--- a/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/KerbyKdcServer.java
+++ b/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/KerbyKdcServer.java
@@ -33,14 +33,14 @@ public class KerbyKdcServer extends KdcServer {
private Kadmin kadmin;
public KerbyKdcServer(File confDir) throws KrbException {
super(confDir);
- setInnerKdcImpl(new NettyKdcServerImpl(getSetting()));
+ setInnerKdcImpl(new NettyKdcServerImpl(getKdcSetting()));
}
@Override
public void init() throws KrbException {
super.init();
- kadmin = new Kadmin(getSetting(), getIdentityService());
+ kadmin = new Kadmin(getKdcSetting(), getIdentityService());
kadmin.createBuiltinPrincipals();
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/ClientUtil.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/ClientUtil.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/ClientUtil.java
index 934a78b..c6244f5 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/ClientUtil.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/ClientUtil.java
@@ -46,7 +46,8 @@ public final class ClientUtil {
krbConfig.addIniConfig(confFile);
return krbConfig;
} catch (IOException e) {
- throw new KrbException("Failed to load krb config " + confFile.getAbsolutePath());
+ throw new KrbException("Failed to load krb config " +
+ confFile.getAbsolutePath());
}
}
@@ -70,7 +71,8 @@ public final class ClientUtil {
if (tmpEnv != null) {
confFile = new File(tmpEnv);
if (!confFile.exists()) {
- throw new KrbException("krb5 conf not found. Invalid env " + krb5EnvName);
+ throw new KrbException("krb5 conf not found. Invalid env "
+ + krb5EnvName);
}
} else {
confDir = new File("/etc/"); // for Linux. TODO: fix for Win etc.
@@ -79,16 +81,16 @@ public final class ClientUtil {
}
}
+ KrbConfig krbConfig = new KrbConfig();
if (confFile != null && confFile.exists()) {
- KrbConfig krbConfig = new KrbConfig();
try {
krbConfig.addIniConfig(confFile);
- return krbConfig;
} catch (IOException e) {
- throw new KrbException("Failed to load krb config " + confFile.getAbsolutePath());
+ throw new KrbException("Failed to load krb config " +
+ confFile.getAbsolutePath());
}
}
- return null;
+ return krbConfig;
}
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfig.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfig.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfig.java
index e1b2529..4bbfdfa 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfig.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfig.java
@@ -48,7 +48,10 @@ public class KrbConfig extends Conf {
*/
public int getKdcPort() {
Integer kdcPort = getInt(KrbConfigKey.KDC_PORT);
- return kdcPort.shortValue();
+ if (kdcPort != null) {
+ return kdcPort.shortValue();
+ }
+ return -1;
}
/**
@@ -57,7 +60,7 @@ public class KrbConfig extends Conf {
*/
public int getKdcTcpPort() {
Integer kdcPort = getInt(KrbConfigKey.KDC_TCP_PORT);
- if (kdcPort > 0) {
+ if (kdcPort != null && kdcPort > 0) {
return kdcPort.shortValue();
}
return getKdcPort();
@@ -84,7 +87,7 @@ public class KrbConfig extends Conf {
*/
public int getKdcUdpPort() {
Integer kdcPort = getInt(KrbConfigKey.KDC_UDP_PORT);
- if (kdcPort > 0) {
+ if (kdcPort != null && kdcPort > 0) {
return kdcPort.shortValue();
}
return getKdcPort();
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfigKey.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfigKey.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfigKey.java
index e644825..75478a7 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfigKey.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfigKey.java
@@ -24,11 +24,11 @@ import org.apache.kerby.kerberos.kerb.common.SectionConfigKey;
public enum KrbConfigKey implements SectionConfigKey {
KRB_DEBUG(true),
KDC_HOST("localhost"),
- KDC_PORT(8015),
+ KDC_PORT(),
KDC_ALLOW_UDP(true),
KDC_ALLOW_TCP(true),
- KDC_UDP_PORT(8016),
- KDC_TCP_PORT(8015),
+ KDC_UDP_PORT(),
+ KDC_TCP_PORT(),
KDC_DOMAIN("example.com"),
KDC_REALM("EXAMPLE.COM", "libdefaults"),
TGS_PRINCIPAL("krbtgt@EXAMPLE.COM"),
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbSetting.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbSetting.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbSetting.java
index 59689a1..da99df0 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbSetting.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbSetting.java
@@ -33,6 +33,11 @@ public class KrbSetting {
this.krbConfig = config;
}
+ public KrbSetting(KrbConfig config) {
+ this.commonOptions = new KOptions();
+ this.krbConfig = config;
+ }
+
public KrbConfig getKrbConfig() {
return krbConfig;
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kerb/kerb-client/src/test/java/org/apache/kerby/kerberos/kerb/client/KrbClientSettingTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/test/java/org/apache/kerby/kerberos/kerb/client/KrbClientSettingTest.java b/kerby-kerb/kerb-client/src/test/java/org/apache/kerby/kerberos/kerb/client/KrbClientSettingTest.java
index 9377d30..6ccf8bd 100644
--- a/kerby-kerb/kerb-client/src/test/java/org/apache/kerby/kerberos/kerb/client/KrbClientSettingTest.java
+++ b/kerby-kerb/kerb-client/src/test/java/org/apache/kerby/kerberos/kerb/client/KrbClientSettingTest.java
@@ -29,12 +29,12 @@ public class KrbClientSettingTest {
@Test
public void testKdcServerMannualSetting() throws KrbException {
KrbClient krbClient = new KrbClient();
+
krbClient.setKdcHost("localhost");
krbClient.setKdcRealm("TEST2.COM");
+ krbClient.setAllowUdp(false);
krbClient.setKdcTcpPort(12345);
- krbClient.init();
-
KrbSetting krbSetting = krbClient.getSetting();
assertThat(krbSetting.getKdcHost()).isEqualTo("localhost");
assertThat(krbSetting.getKdcTcpPort()).isEqualTo(12345);
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/KrbConfHelper.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/KrbConfHelper.java b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/KrbConfHelper.java
index 54d57e3..0933b56 100644
--- a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/KrbConfHelper.java
+++ b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/KrbConfHelper.java
@@ -42,34 +42,34 @@ public class KrbConfHelper {
if (subConfig != null) {
return subConfig.getString(key);
} else {
- return (String) conf.getString(key);
+ return conf.getString(key);
}
}
- public static boolean getBooleanUnderSection(Conf conf, SectionConfigKey key) {
+ public static Boolean getBooleanUnderSection(Conf conf, SectionConfigKey key) {
Config subConfig = conf.getConfig(key.getSectionName());
if (subConfig != null) {
return subConfig.getBoolean(key);
} else {
- return (Boolean) conf.getBoolean(key);
+ return conf.getBoolean(key);
}
}
- public static long getLongUnderSection(Conf conf, SectionConfigKey key) {
+ public static Long getLongUnderSection(Conf conf, SectionConfigKey key) {
Config subConfig = conf.getConfig(key.getSectionName());
if (subConfig != null) {
return subConfig.getLong(key);
} else {
- return (Long) conf.getLong(key);
+ return conf.getLong(key);
}
}
- public static int getIntUnderSection(Conf conf, SectionConfigKey key) {
+ public static Integer getIntUnderSection(Conf conf, SectionConfigKey key) {
Config subConfig = conf.getConfig(key.getSectionName());
if (subConfig != null) {
return subConfig.getInt(key);
} else {
- return (Integer) conf.getInt(key);
+ return conf.getInt(key);
}
}
@@ -103,5 +103,4 @@ public class KrbConfHelper {
}
return results;
}
-
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kerb/kerb-kdc-test/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcTestBase.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcTestBase.java b/kerby-kerb/kerb-kdc-test/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcTestBase.java
index ba06551..cdf65af 100644
--- a/kerby-kerb/kerb-kdc-test/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcTestBase.java
+++ b/kerby-kerb/kerb-kdc-test/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcTestBase.java
@@ -21,10 +21,7 @@ package org.apache.kerby.kerberos.kerb.server;
import org.apache.kerby.kerberos.kerb.KrbException;
import org.apache.kerby.kerberos.kerb.client.KrbClient;
-import org.apache.kerby.kerberos.kerb.client.KrbConfig;
-import org.apache.kerby.kerberos.kerb.client.KrbConfigKey;
import org.apache.kerby.util.IOUtil;
-import org.apache.kerby.util.NetworkUtil;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
@@ -36,20 +33,16 @@ import java.io.IOException;
public abstract class KdcTestBase {
private static File testDir;
- private final String kdcRealm = "TEST.COM";
- protected final String clientPassword = "123456";
+ private final String clientPassword = "123456";
private final String hostname = "localhost";
private final String clientPrincipalName = "drankye";
- private final String clientPrincipal = clientPrincipalName + "@" + kdcRealm;
+ private final String clientPrincipal =
+ clientPrincipalName + "@" + TestKdcServer.kdcRealm;
private final String serverPrincipalName = "test-service";
private final String serverPrincipal =
- serverPrincipalName + "/" + hostname + "@" + kdcRealm;
+ serverPrincipalName + "/" + hostname + "@" + TestKdcServer.kdcRealm;
- private int tcpPort = -1;
- private int udpPort = -1;
-
- protected SimpleKdcServer kdcServer;
- protected KrbClient krbClnt;
+ private SimpleKdcServer kdcServer;
@BeforeClass
public static void createTestDir() throws IOException {
@@ -67,10 +60,18 @@ public abstract class KdcTestBase {
testDir.delete();
}
- public File getTestDir() {
+ protected File getTestDir() {
return testDir;
}
+ protected SimpleKdcServer getKdcServer() {
+ return kdcServer;
+ }
+
+ protected KrbClient getKrbClient() {
+ return kdcServer.getKrbClient();
+ }
+
protected String getClientPrincipalName() {
return clientPrincipalName;
}
@@ -99,14 +100,6 @@ public abstract class KdcTestBase {
return true;
}
- protected int getTcpPort() {
- return tcpPort;
- }
-
- protected int getUdpPort() {
- return udpPort;
- }
-
protected String getFileContent(String path) throws IOException {
return IOUtil.readFile(new File(path));
}
@@ -123,14 +116,6 @@ public abstract class KdcTestBase {
@Before
public void setUp() throws Exception {
- if (allowTcp()) {
- tcpPort = NetworkUtil.getServerPort();
- }
-
- if (allowUdp()) {
- udpPort = NetworkUtil.getServerPort();
- }
-
setUpKdcServer();
createPrincipals();
@@ -138,65 +123,20 @@ public abstract class KdcTestBase {
setUpClient();
}
- /**
- * Prepare KrbClient startup options and config.
- * @throws Exception
- */
- protected void prepareKrbClient() throws Exception {
-
- }
-
- /**
- * Prepare KDC startup options and config.
- * @throws Exception
- */
- protected void prepareKdcServer() throws Exception {
- kdcServer.setKdcRealm(kdcRealm);
- kdcServer.setKdcHost(hostname);
- kdcServer.setAllowTcp(allowTcp());
- if (tcpPort > 0) {
- kdcServer.setKdcTcpPort(tcpPort);
- }
-
- kdcServer.setAllowUdp(allowUdp());
- if (udpPort > 0) {
- kdcServer.setKdcUdpPort(udpPort);
- }
+ protected void prepareKdc() throws KrbException {
+ kdcServer.init();
}
protected void setUpKdcServer() throws Exception {
- kdcServer = new SimpleKdcServer();
-
- prepareKdcServer();
+ kdcServer = new TestKdcServer(allowTcp(), allowUdp());
+ kdcServer.setWorkDir(testDir);
- kdcServer.init();
+ prepareKdc();
kdcServer.start();
}
protected void setUpClient() throws Exception {
- KrbConfig krbConfig = new KrbConfig();
- krbConfig.setString(KrbConfigKey.PERMITTED_ENCTYPES,
- "aes128-cts-hmac-sha1-96 des-cbc-crc des-cbc-md5 des3-cbc-sha1");
-
- krbClnt = new KrbClient(krbConfig);
-
- krbClnt.setKdcHost(hostname);
- krbClnt.setAllowTcp(allowTcp());
- if (tcpPort > 0) {
- krbClnt.setKdcTcpPort(tcpPort);
- }
- krbClnt.setAllowUdp(allowUdp());
- if (udpPort > 0) {
- krbClnt.setKdcUdpPort(udpPort);
- }
-
- krbClnt.setTimeout(10 * 1000);
- krbClnt.setKdcRealm(kdcServer.getKdcRealm());
-
- prepareKrbClient();
-
- krbClnt.init();
}
protected void createPrincipals() throws KrbException {
@@ -205,6 +145,7 @@ public abstract class KdcTestBase {
}
protected void deletePrincipals() throws KrbException {
+ kdcServer.getKadmin().deleteBuiltinPrincipals();
kdcServer.deletePrincipals(serverPrincipal);
kdcServer.deletePrincipal(clientPrincipal);
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kerb/kerb-kdc-test/src/main/java/org/apache/kerby/kerberos/kerb/server/TestKdcServer.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/src/main/java/org/apache/kerby/kerberos/kerb/server/TestKdcServer.java b/kerby-kerb/kerb-kdc-test/src/main/java/org/apache/kerby/kerberos/kerb/server/TestKdcServer.java
new file mode 100644
index 0000000..4395f4b
--- /dev/null
+++ b/kerby-kerb/kerb-kdc-test/src/main/java/org/apache/kerby/kerberos/kerb/server/TestKdcServer.java
@@ -0,0 +1,54 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.server;
+
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.client.KrbClient;
+import org.apache.kerby.kerberos.kerb.client.KrbConfig;
+import org.apache.kerby.kerberos.kerb.client.KrbConfigKey;
+import org.apache.kerby.util.NetworkUtil;
+
+public class TestKdcServer extends SimpleKdcServer {
+ public final static String kdcRealm = "TEST.COM";
+ public final static String hostname = "localhost";
+
+ public TestKdcServer(boolean allowTcp, boolean allowUdp) throws KrbException {
+ super();
+
+ setKdcRealm(kdcRealm);
+ setKdcHost(hostname);
+ setAllowTcp(allowTcp);
+ setAllowUdp(allowUdp);
+
+ if (allowTcp) {
+ setKdcTcpPort(NetworkUtil.getServerPort());
+ }
+ if (allowUdp) {
+ setKdcUdpPort(NetworkUtil.getServerPort());
+ }
+
+ KrbClient krbClnt = getKrbClient();
+ KrbConfig krbConfig = krbClnt.getKrbConfig();
+ krbConfig.setString(KrbConfigKey.PERMITTED_ENCTYPES,
+ "aes128-cts-hmac-sha1-96 des-cbc-crc des-cbc-md5 des3-cbc-sha1");
+
+ krbClnt.setTimeout(10 * 1000);
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/GssInteropTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/GssInteropTest.java b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/GssInteropTest.java
index 5968ce1..b6d1d8e 100644
--- a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/GssInteropTest.java
+++ b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/GssInteropTest.java
@@ -43,31 +43,28 @@ import java.util.Set;
*/
public class GssInteropTest extends KdcTestBase {
+ protected boolean allowUdp() {
+ return false;
+ }
+
@Before
@Override
public void setUp() throws Exception {
super.setUp();
- File file1 = new File(this.getClass().getResource("/kerberos.jaas").getPath());
+ File file1 = new File(this.getClass().getResource(
+ "/kerberos.jaas").getPath());
String content1 = getFileContent(file1.getPath());
String path1 = writeToTestDir(content1, file1.getName());
// System.setProperty("sun.security.krb5.debug", "true");
System.setProperty("java.security.auth.login.config", path1);
-
- // Read in krb5.conf and substitute in the correct port
- File file2 = new File(this.getClass().getResource("/krb5.conf").getPath());
- String content2 = getFileContent(file2.getPath());
- content2 = content2.replaceAll("port", "" + getTcpPort());
- String path2 = writeToTestDir(content2, file2.getName());
-
- System.setProperty("java.security.krb5.conf", path2);
}
@Override
protected void createPrincipals() throws KrbException {
- kdcServer.createPrincipal(getClientPrincipal(), getClientPassword());
- kdcServer.createPrincipal(getServerPrincipal(), getServerPassword());
+ getKdcServer().createPrincipal(getClientPrincipal(), getClientPassword());
+ getKdcServer().createPrincipal(getServerPrincipal(), getServerPassword());
}
private String getServerPassword() {
@@ -132,7 +129,7 @@ public class GssInteropTest extends KdcTestBase {
pc.setPassword(getClientPassword().toCharArray());
break;
} else if (pc.getPrompt().contains(getServerPrincipalName())) {
- pc.setPassword(clientPassword.toCharArray());
+ pc.setPassword(getClientPassword().toCharArray());
break;
}
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcSettingTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcSettingTest.java b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcSettingTest.java
index 5ee75af..a48a20e 100644
--- a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcSettingTest.java
+++ b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcSettingTest.java
@@ -35,7 +35,7 @@ public class KdcSettingTest {
kerbServer.init();
- KdcSetting kdcSetting = kerbServer.getSetting();
+ KdcSetting kdcSetting = kerbServer.getKdcSetting();
assertThat(kdcSetting.getKdcHost()).isEqualTo("localhost");
assertThat(kdcSetting.getKdcTcpPort()).isEqualTo(12345);
assertThat(kdcSetting.getKdcRealm()).isEqualTo("TEST2.COM");
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcTest.java b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcTest.java
index 80da80f..5fcc9fd 100644
--- a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcTest.java
+++ b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcTest.java
@@ -23,8 +23,6 @@ import org.apache.kerby.kerberos.kerb.spec.ticket.ServiceTicket;
import org.apache.kerby.kerberos.kerb.spec.ticket.TgtTicket;
import org.junit.Assert;
-import java.io.File;
-
import static org.assertj.core.api.Assertions.assertThat;
public abstract class KdcTest extends KdcTestBase {
@@ -34,11 +32,11 @@ public abstract class KdcTest extends KdcTestBase {
ServiceTicket tkt;
try {
- tgt = krbClnt.requestTgtWithPassword(getClientPrincipal(),
+ tgt = getKrbClient().requestTgtWithPassword(getClientPrincipal(),
getClientPassword());
assertThat(tgt).isNotNull();
- tkt = krbClnt.requestServiceTicketWithTgt(tgt, getServerPrincipal());
+ tkt = getKrbClient().requestServiceTicketWithTgt(tgt, getServerPrincipal());
assertThat(tkt).isNotNull();
} catch (Exception e) {
System.out.println("Exception occurred with good password");
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/MultiRequestsKdcTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/MultiRequestsKdcTest.java b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/MultiRequestsKdcTest.java
index 81c48bb..82fa7dc 100644
--- a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/MultiRequestsKdcTest.java
+++ b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/MultiRequestsKdcTest.java
@@ -38,7 +38,7 @@ public class MultiRequestsKdcTest extends KdcTestBase {
protected void createPrincipals() throws KrbException {
super.createPrincipals();
clientPrincipal = getClientPrincipal();
- kdcServer.createPrincipal(clientPrincipal, password);
+ getKdcServer().createPrincipal(clientPrincipal, password);
}
@Test
@@ -48,11 +48,11 @@ public class MultiRequestsKdcTest extends KdcTestBase {
// With good password
try {
- tgt = krbClnt.requestTgtWithPassword(clientPrincipal, password);
+ tgt = getKrbClient().requestTgtWithPassword(clientPrincipal, password);
assertThat(tgt).isNotNull();
serverPrincipal = getServerPrincipal();
- tkt = krbClnt.requestServiceTicketWithTgt(tgt, serverPrincipal);
+ tkt = getKrbClient().requestServiceTicketWithTgt(tgt, serverPrincipal);
assertThat(tkt).isNotNull();
} catch (Exception e) {
System.out.println("Exception occurred with good password");
@@ -70,10 +70,10 @@ public class MultiRequestsKdcTest extends KdcTestBase {
// With good password again
try {
- tgt = krbClnt.requestTgtWithPassword(clientPrincipal, password);
+ tgt = getKrbClient().requestTgtWithPassword(clientPrincipal, password);
assertThat(tgt).isNotNull();
- tkt = krbClnt.requestServiceTicketWithTgt(tgt, serverPrincipal);
+ tkt = getKrbClient().requestServiceTicketWithTgt(tgt, serverPrincipal);
assertThat(tkt).isNotNull();
} catch (Exception e) {
System.out.println("Exception occurred with good password again");
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/OnlyTcpKdcTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/OnlyTcpKdcTest.java b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/OnlyTcpKdcTest.java
index e7e956b..57f1f8d 100644
--- a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/OnlyTcpKdcTest.java
+++ b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/OnlyTcpKdcTest.java
@@ -24,6 +24,11 @@ import org.junit.Test;
public class OnlyTcpKdcTest extends KdcTest {
@Override
+ protected boolean allowTcp() {
+ return true;
+ }
+
+ @Override
protected boolean allowUdp() {
return false;
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/OnlyUdpKdcTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/OnlyUdpKdcTest.java b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/OnlyUdpKdcTest.java
index 9bfd7bc..4cbcb2a 100644
--- a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/OnlyUdpKdcTest.java
+++ b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/OnlyUdpKdcTest.java
@@ -28,6 +28,11 @@ public class OnlyUdpKdcTest extends KdcTest {
return false;
}
+ @Override
+ protected boolean allowUdp() {
+ return true;
+ }
+
@Test
public void testKdc() throws Exception {
performKdcTest();
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/TcpAndUdpKdcTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/TcpAndUdpKdcTest.java b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/TcpAndUdpKdcTest.java
index 673eeb4..2e25fbb 100644
--- a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/TcpAndUdpKdcTest.java
+++ b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/TcpAndUdpKdcTest.java
@@ -28,6 +28,11 @@ public class TcpAndUdpKdcTest extends KdcTest {
return true;
}
+ @Override
+ protected boolean allowTcp() {
+ return true;
+ }
+
@Test
public void testKdc() throws Exception {
performKdcTest();
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kerb/kerb-kdc-test/src/test/resources/krb5.conf
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/src/test/resources/krb5.conf b/kerby-kerb/kerb-kdc-test/src/test/resources/krb5.conf
deleted file mode 100644
index e2fa16a..0000000
--- a/kerby-kerb/kerb-kdc-test/src/test/resources/krb5.conf
+++ /dev/null
@@ -1,8 +0,0 @@
-[libdefaults]
- default_realm = TEST.COM
- udp_preference_limit = 1
-
-[realms]
- TEST.COM = {
- kdc = localhost:port
- }
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfig.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfig.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfig.java
index 15e2347..d8747cc 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfig.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfig.java
@@ -6,16 +6,16 @@
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
- *
+ *
*/
package org.apache.kerby.kerberos.kerb.server;
@@ -45,30 +45,41 @@ public class KdcConfig extends Conf {
public int getKdcPort() {
Integer kdcPort = KrbConfHelper.getIntUnderSection(this,
KdcConfigKey.KDC_PORT);
- return kdcPort.intValue();
+ if (kdcPort != null && kdcPort > 0) {
+ return kdcPort.intValue();
+ }
+ return -1;
}
public int getKdcTcpPort() {
Integer kdcTcpPort = KrbConfHelper.getIntUnderSection(this,
KdcConfigKey.KDC_TCP_PORT);
- if (kdcTcpPort > 0) {
+ if (kdcTcpPort != null && kdcTcpPort > 0) {
return kdcTcpPort.intValue();
}
return getKdcPort();
}
/**
+ * Is to allow TCP for KDC
+ * @return true to allow TCP, false otherwise
+ */
+ public Boolean allowTcp() {
+ return getBoolean(KdcConfigKey.KDC_ALLOW_TCP);
+ }
+
+ /**
* Is to allow UDP for KDC
* @return true to allow UDP, false otherwise
*/
- public boolean allowKdcUdp() {
+ public Boolean allowUdp() {
return getBoolean(KdcConfigKey.KDC_ALLOW_UDP);
}
public int getKdcUdpPort() {
Integer kdcUdpPort = KrbConfHelper.getIntUnderSection(this,
KdcConfigKey.KDC_UDP_PORT);
- if (kdcUdpPort > 0) {
+ if (kdcUdpPort != null && kdcUdpPort > 0) {
return kdcUdpPort.intValue();
}
return getKdcPort();
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfigKey.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfigKey.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfigKey.java
index 02116e7..b071bd6 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfigKey.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfigKey.java
@@ -26,11 +26,12 @@ public enum KdcConfigKey implements SectionConfigKey {
KRB_DEBUG(true),
KDC_SERVICE_NAME("KDC-Server"),
KDC_IDENTITY_BACKEND,
- KDC_HOST("127.0.0.1", "kdcdefaults"), // NOPMD
- KDC_PORT(8015, "kdcdefaults"),
+ KDC_HOST("127.0.0.1", "kdcdefaults"),// NOPMD
+ KDC_PORT(null, "kdcdefaults"),
+ KDC_ALLOW_TCP(true, "kdcdefaults"),
KDC_ALLOW_UDP(true, "kdcdefaults"),
- KDC_UDP_PORT(8016, "kdcdefaults"),
- KDC_TCP_PORT(8015, "kdcdefaults"),
+ KDC_UDP_PORT(null, "kdcdefaults"),
+ KDC_TCP_PORT(null, "kdcdefaults"),
KDC_DOMAIN("example.com"),
KDC_REALM("EXAMPLE.COM", "kdcdefaults"),
PREAUTH_REQUIRED(true),
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcServer.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcServer.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcServer.java
index f5465ad..5541a9e 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcServer.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcServer.java
@@ -105,6 +105,14 @@ public class KdcServer {
}
/**
+ * Set KDC port.
+ * @param kdcPort
+ */
+ public void setKdcPort(int kdcPort) {
+ startupOptions.add(KdcServerOption.KDC_PORT, kdcPort);
+ }
+
+ /**
* Set KDC tcp port.
* @param kdcTcpPort
*/
@@ -162,7 +170,7 @@ public class KdcServer {
* Get KDC setting from startup options and configs.
* @return setting
*/
- public KdcSetting getSetting() {
+ public KdcSetting getKdcSetting() {
return kdcSetting;
}
@@ -205,6 +213,9 @@ public class KdcServer {
}
public void start() throws KrbException {
+ if (innerKdc == null) {
+ throw new RuntimeException("Not init yet");
+ }
innerKdc.start();
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcServerOption.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcServerOption.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcServerOption.java
index 9d5243a..b663887 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcServerOption.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcServerOption.java
@@ -30,6 +30,7 @@ public enum KdcServerOption implements KOption {
INNER_KDC_IMPL("inner KDC impl", KOptionType.OBJ),
KDC_REALM("kdc realm", KOptionType.STR),
KDC_HOST("kdc host", KOptionType.STR),
+ KDC_PORT("kdc port", KOptionType.INT),
ALLOW_TCP("allow tcp", KOptionType.BOOL),
KDC_TCP_PORT("kdc tcp port", KOptionType.INT),
ALLOW_UDP("allow udp", KOptionType.BOOL),
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcSetting.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcSetting.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcSetting.java
index 16c21a8..64df7cf 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcSetting.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcSetting.java
@@ -70,15 +70,36 @@ public class KdcSetting {
if (tcpPort < 1) {
tcpPort = kdcConfig.getKdcTcpPort();
}
+ if (tcpPort < 1) {
+ tcpPort = getKdcPort();
+ }
+
return tcpPort;
}
+ public int getKdcPort() {
+ int kdcPort = startupOptions.getIntegerOption(KdcServerOption.KDC_PORT);
+ if (kdcPort < 1) {
+ kdcPort = kdcConfig.getKdcPort();
+ }
+ return kdcPort;
+ }
+
+ public boolean allowTcp() {
+ Boolean allowTcp = startupOptions.getBooleanOption(KdcServerOption.ALLOW_TCP);
+ if (allowTcp == null) {
+ allowTcp = kdcConfig.allowTcp();
+ }
+
+ return allowTcp != null ? allowTcp : false;
+ }
+
public boolean allowUdp() {
Boolean allowUdp = startupOptions.getBooleanOption(KdcServerOption.ALLOW_UDP);
if (allowUdp == null) {
- allowUdp = kdcConfig.allowKdcUdp();
+ allowUdp = kdcConfig.allowUdp();
}
- return allowUdp;
+ return allowUdp != null ? allowUdp : false;
}
public int getKdcUdpPort() {
@@ -86,6 +107,10 @@ public class KdcSetting {
if (udpPort < 1) {
udpPort = kdcConfig.getKdcUdpPort();
}
+ if (udpPort < 1) {
+ udpPort = getKdcPort();
+ }
+
return udpPort;
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/impl/AbstractInternalKdcServer.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/impl/AbstractInternalKdcServer.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/impl/AbstractInternalKdcServer.java
index 48d8cfc..52ec4d7 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/impl/AbstractInternalKdcServer.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/impl/AbstractInternalKdcServer.java
@@ -92,7 +92,7 @@ public class AbstractInternalKdcServer implements InternalKdcServer {
try {
doStop();
} catch (Exception e) {
- throw new KrbException("Failed to stop " + getServiceName());
+ throw new KrbException("Failed to stop " + getServiceName(), e);
}
started = false;
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kerb/kerb-server/src/test/java/org/apache/kerby/kerberos/kerb/server/SimpleKdcTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/test/java/org/apache/kerby/kerberos/kerb/server/SimpleKdcTest.java b/kerby-kerb/kerb-server/src/test/java/org/apache/kerby/kerberos/kerb/server/SimpleKdcTest.java
index 8861bc5..3a49f75 100644
--- a/kerby-kerb/kerb-server/src/test/java/org/apache/kerby/kerberos/kerb/server/SimpleKdcTest.java
+++ b/kerby-kerb/kerb-server/src/test/java/org/apache/kerby/kerberos/kerb/server/SimpleKdcTest.java
@@ -19,6 +19,7 @@
*/
package org.apache.kerby.kerberos.kerb.server;
+import org.apache.kerby.util.NetworkUtil;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
@@ -31,9 +32,8 @@ import java.nio.ByteBuffer;
import java.nio.channels.SocketChannel;
public class SimpleKdcTest {
-
private String serverHost = "localhost";
- private int serverPort = 0;
+ private int serverPort = -1;
private KdcServer kdcServer;
@@ -41,7 +41,9 @@ public class SimpleKdcTest {
public void setUp() throws Exception {
kdcServer = new KdcServer();
kdcServer.setKdcHost(serverHost);
- serverPort = getServerPort();
+ kdcServer.setAllowUdp(false);
+ kdcServer.setAllowTcp(true);
+ serverPort = NetworkUtil.getServerPort();
kdcServer.setKdcTcpPort(serverPort);
kdcServer.init();
kdcServer.start();
@@ -64,24 +66,6 @@ public class SimpleKdcTest {
socketChannel.write(writeBuffer);
}
-
- /**
- * Get a server socket point for testing usage, either TCP or UDP.
- * @return server socket point
- */
- private static int getServerPort() {
- int serverPort = 0;
-
- try {
- ServerSocket serverSocket = new ServerSocket(0);
- serverPort = serverSocket.getLocalPort();
- serverSocket.close();
- } catch (IOException e) {
- throw new RuntimeException("Failed to get a server socket point");
- }
-
- return serverPort;
- }
@After
public void tearDown() throws Exception {
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kerb/kerb-server/src/test/java/org/apache/kerby/kerberos/kerb/server/TestKdcConfigLoad.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/test/java/org/apache/kerby/kerberos/kerb/server/TestKdcConfigLoad.java b/kerby-kerb/kerb-server/src/test/java/org/apache/kerby/kerberos/kerb/server/TestKdcConfigLoad.java
index 2238b1a..29840bf 100644
--- a/kerby-kerb/kerb-server/src/test/java/org/apache/kerby/kerberos/kerb/server/TestKdcConfigLoad.java
+++ b/kerby-kerb/kerb-server/src/test/java/org/apache/kerby/kerberos/kerb/server/TestKdcConfigLoad.java
@@ -77,9 +77,7 @@ public class TestKdcConfigLoad {
assertThat(kdcConfig.getKdcHost()).isEqualTo(
KdcConfigKey.KDC_HOST.getDefaultValue());
- assertThat(kdcConfig.getKdcTcpPort()).isEqualTo(
- KdcConfigKey.KDC_TCP_PORT.getDefaultValue()
- );
+ assertThat(kdcConfig.getKdcTcpPort()).isEqualTo(-1);
assertThat(kdcConfig.getKdcRealm()).isEqualTo(
KdcConfigKey.KDC_REALM.getDefaultValue()
);
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kerb/kerb-simplekdc/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-simplekdc/pom.xml b/kerby-kerb/kerb-simplekdc/pom.xml
index f71b4fc..8b1cdba 100644
--- a/kerby-kerb/kerb-simplekdc/pom.xml
+++ b/kerby-kerb/kerb-simplekdc/pom.xml
@@ -39,6 +39,11 @@
</dependency>
<dependency>
<groupId>org.apache.kerby</groupId>
+ <artifactId>kerb-client</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.kerby</groupId>
<artifactId>kerb-util</artifactId>
<version>${project.version}</version>
</dependency>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kerb/kerb-simplekdc/src/main/java/org/apache/kerby/kerberos/kerb/server/Krb5Conf.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-simplekdc/src/main/java/org/apache/kerby/kerberos/kerb/server/Krb5Conf.java b/kerby-kerb/kerb-simplekdc/src/main/java/org/apache/kerby/kerberos/kerb/server/Krb5Conf.java
new file mode 100644
index 0000000..b96ba50
--- /dev/null
+++ b/kerby-kerb/kerb-simplekdc/src/main/java/org/apache/kerby/kerberos/kerb/server/Krb5Conf.java
@@ -0,0 +1,53 @@
+package org.apache.kerby.kerberos.kerb.server;
+
+import org.apache.kerby.util.IOUtil;
+
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
+
+/**
+ * Generate krb5 file using given kdc server settings.
+ */
+public class Krb5Conf {
+ private static final String KRB5_CONF = "java.security.krb5.conf";
+ private static final String KRB5_CONF_FILE = "krb5.conf";
+ private SimpleKdcServer kdcServer;
+
+ public Krb5Conf(SimpleKdcServer kdcServer) {
+ this.kdcServer = kdcServer;
+ }
+
+ public void initKrb5conf() throws IOException {
+ File confFile = generateConfFile();
+ System.setProperty(KRB5_CONF, confFile.getAbsolutePath());
+ }
+
+ // Read in krb5.conf and substitute in the correct port
+ private File generateConfFile() throws IOException {
+ KdcSetting setting = kdcServer.getKdcSetting();
+
+ String resourcePath = setting.allowUdp() ? "/krb5_udp.conf" : "/krb5.conf";
+ InputStream templateResource = getClass().getResourceAsStream(resourcePath);
+ String templateContent = IOUtil.readInput(templateResource);
+
+ String content = templateContent;
+
+ content = content.replaceAll("_REALM_", "" + setting.getKdcRealm());
+
+ int kdcPort = setting.allowUdp() ? setting.getKdcUdpPort() :
+ setting.getKdcTcpPort();
+ content = content.replaceAll("_PORT_",
+ String.valueOf(kdcPort));
+
+ if (setting.allowUdp()) {
+ int udpLimit = setting.allowUdp() ? 1 : 4096;
+ content = content.replaceAll("_UDP_LIMIT_", String.valueOf(udpLimit));
+ }
+
+ File confFile = new File(kdcServer.getWorkDir(), KRB5_CONF_FILE);
+ IOUtil.writeFile(content, confFile);
+
+ return confFile;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kerb/kerb-simplekdc/src/main/java/org/apache/kerby/kerberos/kerb/server/SimpleKdcServer.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-simplekdc/src/main/java/org/apache/kerby/kerberos/kerb/server/SimpleKdcServer.java b/kerby-kerb/kerb-simplekdc/src/main/java/org/apache/kerby/kerberos/kerb/server/SimpleKdcServer.java
index 18ba81b..6acf37f 100644
--- a/kerby-kerb/kerb-simplekdc/src/main/java/org/apache/kerby/kerberos/kerb/server/SimpleKdcServer.java
+++ b/kerby-kerb/kerb-simplekdc/src/main/java/org/apache/kerby/kerberos/kerb/server/SimpleKdcServer.java
@@ -21,35 +21,102 @@ package org.apache.kerby.kerberos.kerb.server;
import org.apache.kerby.kerberos.kerb.KrbException;
import org.apache.kerby.kerberos.kerb.admin.Kadmin;
+import org.apache.kerby.kerberos.kerb.client.KrbClient;
import org.apache.kerby.util.NetworkUtil;
import java.io.File;
+import java.io.IOException;
/**
- * A simple KDC server mainly for test usage.
+ * A simple KDC server mainly for test usage. It also integrates krb client and
+ * kadmin sides for convenience.
*/
public class SimpleKdcServer extends KdcServer {
+ private final KrbClient krbClnt;
private Kadmin kadmin;
- /**
- * Prepare KDC configuration.
- */
- public SimpleKdcServer() {
+ private File workDir;
+
+ public SimpleKdcServer() throws KrbException {
super();
+ this.krbClnt = new KrbClient();
+
+ setKdcRealm("EXAMPLE.COM");
+ setKdcHost("localhost");
+ setKdcPort(NetworkUtil.getServerPort());
+ }
- KdcConfig kdcConfig = getKdcConfig();
- kdcConfig.setString(KdcConfigKey.KDC_HOST, "localhost");
- kdcConfig.setInt(KdcConfigKey.KDC_PORT, NetworkUtil.getServerPort());
- kdcConfig.setString(KdcConfigKey.KDC_REALM, "EXAMPLE.COM");
+ public void setWorkDir(File workDir) {
+ this.workDir = workDir;
+ }
+
+ public File getWorkDir() {
+ return workDir;
+ }
+
+ @Override
+ public void setKdcRealm(String realm) {
+ super.setKdcRealm(realm);
+ krbClnt.setKdcRealm(realm);
+ }
+
+ @Override
+ public void setKdcHost(String kdcHost) {
+ super.setKdcHost(kdcHost);
+ krbClnt.setKdcHost(kdcHost);
+ }
+
+ @Override
+ public void setKdcTcpPort(int kdcTcpPort) {
+ super.setKdcTcpPort(kdcTcpPort);
+ krbClnt.setKdcTcpPort(kdcTcpPort);
+ setAllowTcp(true);
+ }
+
+ @Override
+ public void setAllowUdp(boolean allowUdp) {
+ super.setAllowUdp(allowUdp);
+ krbClnt.setAllowUdp(allowUdp);
+ }
+
+ @Override
+ public void setAllowTcp(boolean allowTcp) {
+ super.setAllowTcp(allowTcp);
+ krbClnt.setAllowTcp(allowTcp);
+ }
+
+ @Override
+ public void setKdcUdpPort(int kdcUdpPort) {
+ super.setKdcUdpPort(kdcUdpPort);
+ krbClnt.setKdcUdpPort(kdcUdpPort);
+ setAllowUdp(true);
}
@Override
public void init() throws KrbException {
super.init();
- kadmin = new Kadmin(getSetting(), getIdentityService());
+ kadmin = new Kadmin(getKdcSetting(), getIdentityService());
kadmin.createBuiltinPrincipals();
+
+ try {
+ Krb5Conf krb5Conf = new Krb5Conf(this);
+ krb5Conf.initKrb5conf();
+ } catch (IOException e) {
+ throw new KrbException("Failed to make krb5.conf", e);
+ }
+ }
+
+ @Override
+ public void start() throws KrbException {
+ super.start();
+
+ krbClnt.init();
+ }
+
+ public KrbClient getKrbClient() {
+ return krbClnt;
}
/**
@@ -60,14 +127,6 @@ public class SimpleKdcServer extends KdcServer {
return kadmin;
}
- public String getKdcRealm() {
- return getSetting().getKdcRealm();
- }
-
- public String getKdcHost() {
- return getSetting().getKdcHost();
- }
-
public void createPrincipal(String principal) throws KrbException {
kadmin.addPrincipal(principal);
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kerb/kerb-simplekdc/src/main/resources/krb5.conf
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-simplekdc/src/main/resources/krb5.conf b/kerby-kerb/kerb-simplekdc/src/main/resources/krb5.conf
new file mode 100644
index 0000000..6ee7d8f
--- /dev/null
+++ b/kerby-kerb/kerb-simplekdc/src/main/resources/krb5.conf
@@ -0,0 +1,7 @@
+[libdefaults]
+ default_realm = _REALM_
+
+[realms]
+ _REALM_ = {
+ kdc = localhost:_PORT_
+ }
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kerb/kerb-simplekdc/src/main/resources/krb5_udp.conf
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-simplekdc/src/main/resources/krb5_udp.conf b/kerby-kerb/kerb-simplekdc/src/main/resources/krb5_udp.conf
new file mode 100644
index 0000000..511587c
--- /dev/null
+++ b/kerby-kerb/kerb-simplekdc/src/main/resources/krb5_udp.conf
@@ -0,0 +1,8 @@
+[libdefaults]
+ default_realm = _REALM_
+ udp_preference_limit = _UDP_LIMIT_
+
+[realms]
+ _REALM_ = {
+ kdc = localhost:_PORT_
+ }
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/lib/kerby-config/src/main/java/org/apache/kerby/config/ConfigImpl.java
----------------------------------------------------------------------
diff --git a/lib/kerby-config/src/main/java/org/apache/kerby/config/ConfigImpl.java b/lib/kerby-config/src/main/java/org/apache/kerby/config/ConfigImpl.java
index 92cafe2..9836792 100644
--- a/lib/kerby-config/src/main/java/org/apache/kerby/config/ConfigImpl.java
+++ b/lib/kerby-config/src/main/java/org/apache/kerby/config/ConfigImpl.java
@@ -229,7 +229,8 @@ public class ConfigImpl implements Config {
@Override
public Boolean getBoolean(ConfigKey name) {
if (name.getDefaultValue() != null) {
- return getBoolean(name.getPropertyKey(), (Boolean) name.getDefaultValue());
+ return getBoolean(name.getPropertyKey(),
+ (Boolean) name.getDefaultValue());
}
return getBoolean(name.getPropertyKey());
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/lib/kerby-util/src/main/java/org/apache/kerby/util/IOUtil.java
----------------------------------------------------------------------
diff --git a/lib/kerby-util/src/main/java/org/apache/kerby/util/IOUtil.java b/lib/kerby-util/src/main/java/org/apache/kerby/util/IOUtil.java
index 187b6f2..abfae3d 100644
--- a/lib/kerby-util/src/main/java/org/apache/kerby/util/IOUtil.java
+++ b/lib/kerby-util/src/main/java/org/apache/kerby/util/IOUtil.java
@@ -26,9 +26,21 @@ import java.nio.channels.FileChannel;
/**
* Some IO and file related utilities.
*/
-public class IOUtil {
+public final class IOUtil {
+ private IOUtil() {}
- public static void readInputStream(InputStream in, byte buf[]) throws IOException {
+ public static byte[] readInputStream(InputStream in) throws IOException {
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ byte[] buffer = new byte[1024];
+ int length = 0;
+ while ((length = in.read(buffer)) != -1) {
+ baos.write(buffer, 0, length);
+ }
+ return baos.toByteArray();
+ }
+
+ public static void readInputStream(InputStream in,
+ byte buf[]) throws IOException {
int toRead = buf.length;
int off = 0;
while (toRead > 0) {
@@ -42,6 +54,17 @@ public class IOUtil {
}
/**
+ * Read an input stream and return the content as string assuming UTF8.
+ * @param in
+ * @return
+ * @throws IOException
+ */
+ public static String readInput(InputStream in) throws IOException {
+ byte[] content = readInputStream(in);
+ return Utf8.toString(content);
+ }
+
+ /**
* Read a file and return the content as string assuming UTF8.
* @param file
* @return