You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by pl...@apache.org on 2016/06/07 02:22:47 UTC
[01/29] directory-kerby git commit: DIRKRB-533 Implementing ApRequest
and ApResponse.
Repository: directory-kerby
Updated Branches:
refs/heads/kadmin-remote 2cb5c16f5 -> 66790030a
DIRKRB-533 Implementing ApRequest and ApResponse.
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/752799ec
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/752799ec
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/752799ec
Branch: refs/heads/kadmin-remote
Commit: 752799ec930b77e2099a8940f249f81703541897
Parents: ddd4112
Author: plusplusjiajia <ji...@intel.com>
Authored: Wed Apr 13 15:10:30 2016 +0800
Committer: plusplusjiajia <ji...@intel.com>
Committed: Wed Apr 13 15:10:30 2016 +0800
----------------------------------------------------------------------
.../kerby/kerberos/kerb/request/ApRequest.java | 130 +++++++++++++++++++
.../kerberos/kerb/response/ApResponse.java | 80 ++++++++++++
.../kerberos/kerb/server/ApRequestTest.java | 75 +++++++++++
3 files changed, 285 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/752799ec/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/request/ApRequest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/request/ApRequest.java b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/request/ApRequest.java
new file mode 100644
index 0000000..82666a6
--- /dev/null
+++ b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/request/ApRequest.java
@@ -0,0 +1,130 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.request;
+
+import org.apache.kerby.kerberos.kerb.KrbErrorCode;
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.common.EncryptionUtil;
+import org.apache.kerby.kerberos.kerb.type.KerberosTime;
+import org.apache.kerby.kerberos.kerb.type.ap.ApOption;
+import org.apache.kerby.kerberos.kerb.type.ap.ApOptions;
+import org.apache.kerby.kerberos.kerb.type.ap.ApReq;
+import org.apache.kerby.kerberos.kerb.type.ap.Authenticator;
+import org.apache.kerby.kerberos.kerb.type.base.EncryptedData;
+import org.apache.kerby.kerberos.kerb.type.base.EncryptionKey;
+import org.apache.kerby.kerberos.kerb.type.base.KeyUsage;
+import org.apache.kerby.kerberos.kerb.type.base.PrincipalName;
+import org.apache.kerby.kerberos.kerb.type.ticket.EncTicketPart;
+import org.apache.kerby.kerberos.kerb.type.ticket.SgtTicket;
+import org.apache.kerby.kerberos.kerb.type.ticket.Ticket;
+
+/**
+ * A wrapper for ApReq request
+ * The client principal and sgt ticket are needed to create ApReq message.
+ */
+public class ApRequest {
+
+ private PrincipalName clientPrincipal;
+ private SgtTicket sgtTicket;
+ private ApReq apReq;
+
+ public ApRequest(PrincipalName clientPrincipal, SgtTicket sgtTicket) {
+ this.clientPrincipal = clientPrincipal;
+ this.sgtTicket = sgtTicket;
+ }
+
+ public ApReq getApReq() throws KrbException {
+ if (apReq == null) {
+ apReq = makeApReq();
+ }
+ return apReq;
+ }
+
+ public void setApReq(ApReq apReq) {
+ this.apReq = apReq;
+ }
+
+ private ApReq makeApReq() throws KrbException {
+ ApReq apReq = new ApReq();
+
+ Authenticator authenticator = makeAuthenticator();
+ EncryptionKey sessionKey = sgtTicket.getSessionKey();
+ EncryptedData authData = EncryptionUtil.seal(authenticator,
+ sessionKey, KeyUsage.AP_REQ_AUTH);
+ apReq.setEncryptedAuthenticator(authData);
+ apReq.setAuthenticator(authenticator);
+ apReq.setTicket(sgtTicket.getTicket());
+ ApOptions apOptions = new ApOptions();
+ apOptions.setFlag(ApOption.USE_SESSION_KEY);
+ apReq.setApOptions(apOptions);
+
+ return apReq;
+ }
+
+ /*
+ * Make the Authenticator for ApReq.
+ */
+ private Authenticator makeAuthenticator() throws KrbException {
+ Authenticator authenticator = new Authenticator();
+ authenticator.setAuthenticatorVno(5);
+ authenticator.setCname(clientPrincipal);
+ authenticator.setCrealm(sgtTicket.getRealm());
+ authenticator.setCtime(KerberosTime.now());
+ authenticator.setCusec(0);
+ authenticator.setSubKey(sgtTicket.getSessionKey());
+
+ return authenticator;
+ }
+
+ /*
+ * Validate the ApReq.
+ */
+ public static void validate(EncryptionKey encKey, ApReq apReq) throws KrbException {
+ Ticket ticket = apReq.getTicket();
+
+ if (encKey == null) {
+ throw new KrbException(KrbErrorCode.KRB_AP_ERR_NOKEY);
+ }
+ EncTicketPart encPart = EncryptionUtil.unseal(ticket.getEncryptedEncPart(),
+ encKey, KeyUsage.KDC_REP_TICKET, EncTicketPart.class);
+ ticket.setEncPart(encPart);
+
+ unsealAuthenticator(encPart.getKey(), apReq);
+
+ Authenticator authenticator = apReq.getAuthenticator();
+ if (!authenticator.getCname().equals(ticket.getEncPart().getCname())) {
+ throw new KrbException(KrbErrorCode.KRB_AP_ERR_BADMATCH);
+ }
+ if (!authenticator.getCrealm().equals(ticket.getEncPart().getCrealm())) {
+ throw new KrbException(KrbErrorCode.KRB_AP_ERR_BADMATCH);
+ }
+ }
+
+ /*
+ * Unseal the authenticator through the encryption key from ticket
+ */
+ public static void unsealAuthenticator(EncryptionKey encKey, ApReq apReq) throws KrbException {
+ EncryptedData authData = apReq.getEncryptedAuthenticator();
+
+ Authenticator authenticator = EncryptionUtil.unseal(authData,
+ encKey, KeyUsage.AP_REQ_AUTH, Authenticator.class);
+ apReq.setAuthenticator(authenticator);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/752799ec/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/response/ApResponse.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/response/ApResponse.java b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/response/ApResponse.java
new file mode 100644
index 0000000..2d01004
--- /dev/null
+++ b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/response/ApResponse.java
@@ -0,0 +1,80 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.response;
+
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.common.EncryptionUtil;
+import org.apache.kerby.kerberos.kerb.request.ApRequest;
+import org.apache.kerby.kerberos.kerb.type.KerberosTime;
+import org.apache.kerby.kerberos.kerb.type.ap.ApRep;
+import org.apache.kerby.kerberos.kerb.type.ap.ApReq;
+import org.apache.kerby.kerberos.kerb.type.ap.EncAPRepPart;
+import org.apache.kerby.kerberos.kerb.type.base.EncryptedData;
+import org.apache.kerby.kerberos.kerb.type.base.EncryptionKey;
+import org.apache.kerby.kerberos.kerb.type.base.KeyUsage;
+
+/**
+ * A wrapper for ApRep request.
+ */
+public class ApResponse {
+ private ApReq apReq;
+ private ApRep apRep;
+ EncryptionKey encryptionKey;
+
+ public ApResponse(ApReq apReq, EncryptionKey encryptionKey) {
+ this.apReq = apReq;
+ this.encryptionKey = encryptionKey;
+ }
+
+ public ApRep getApRep() throws KrbException {
+ ApRequest.validate(encryptionKey, apReq);
+
+ if (apRep == null) {
+ apRep = makeApRep();
+ }
+ return apRep;
+ }
+
+ public void setApRep(ApRep apRep) {
+ this.apRep = apRep;
+ }
+
+ /*
+ * The KRB_AP_REP message contains the Kerberos protocol version number,
+ * the message type, and an encrypted time-stamp.
+ */
+ private ApRep makeApRep() throws KrbException {
+
+ ApRep apRep = new ApRep();
+ EncAPRepPart encAPRepPart = new EncAPRepPart();
+ // This field contains the current time on the client's host.
+ encAPRepPart.setCtime(KerberosTime.now());
+ // This field contains the microsecond part of the client's timestamp.
+ encAPRepPart.setCusec((int) KerberosTime.now().getTimeInSeconds());
+ encAPRepPart.setSubkey(apReq.getAuthenticator().getSubKey());
+ encAPRepPart.setSeqNumber(0);
+ apRep.setEncRepPart(encAPRepPart);
+ EncryptedData encPart = EncryptionUtil.seal(encAPRepPart,
+ apReq.getAuthenticator().getSubKey(), KeyUsage.AP_REP_ENCPART);
+ apRep.setEncryptedEncPart(encPart);
+
+ return apRep;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/752799ec/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/ApRequestTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/ApRequestTest.java b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/ApRequestTest.java
new file mode 100644
index 0000000..da868f9
--- /dev/null
+++ b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/ApRequestTest.java
@@ -0,0 +1,75 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.server;
+
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.request.ApRequest;
+import org.apache.kerby.kerberos.kerb.response.ApResponse;
+import org.apache.kerby.kerberos.kerb.type.ap.ApRep;
+import org.apache.kerby.kerberos.kerb.type.ap.ApReq;
+import org.apache.kerby.kerberos.kerb.type.base.EncryptionKey;
+import org.apache.kerby.kerberos.kerb.type.base.KrbMessageType;
+import org.apache.kerby.kerberos.kerb.type.base.PrincipalName;
+import org.apache.kerby.kerberos.kerb.type.ticket.SgtTicket;
+import org.apache.kerby.kerberos.kerb.type.ticket.TgtTicket;
+import org.junit.Assert;
+import org.junit.Test;
+
+import java.io.IOException;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+public class ApRequestTest extends KdcTestBase {
+
+ @Test
+ public void test() throws IOException, KrbException {
+
+ TgtTicket tgt = null;
+ SgtTicket tkt = null;
+
+ try {
+ tgt = getKrbClient().requestTgt(getClientPrincipal(),
+ getClientPassword());
+ assertThat(tgt).isNotNull();
+
+ tkt = getKrbClient().requestSgt(tgt, getServerPrincipal());
+ assertThat(tkt).isNotNull();
+ } catch (Exception e) {
+ System.out.println("Exception occurred with good password");
+ e.printStackTrace();
+ Assert.fail();
+ }
+
+ ApRequest apRequest = new ApRequest(new PrincipalName(getClientPrincipal()), tkt);
+ ApReq apReq = apRequest.getApReq();
+
+ assertThat(apReq.getPvno()).isEqualTo(5);
+ assertThat(apReq.getMsgType()).isEqualTo(KrbMessageType.AP_REQ);
+ assertThat(apReq.getAuthenticator().getCname()).isEqualTo(tgt.getClientPrincipal());
+ assertThat(apReq.getAuthenticator().getCrealm()).isEqualTo(tgt.getRealm());
+
+ EncryptionKey encryptedKey = getKdcServer().getKadmin().getPrincipal(
+ getServerPrincipal()).getKey(tkt.getTicket().getEncryptedEncPart().getEType());
+ ApResponse apResponse = new ApResponse(apReq, encryptedKey);
+ ApRep apRep = apResponse.getApRep();
+ assertThat(apRep.getPvno()).isEqualTo(5);
+ assertThat(apRep.getMsgType()).isEqualTo(KrbMessageType.AP_REP);
+ }
+}
[15/29] directory-kerby git commit: DIRKRB-552 Fail to restart
KdcServer.
Posted by pl...@apache.org.
DIRKRB-552 Fail to restart KdcServer.
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/3ed0e7cd
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/3ed0e7cd
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/3ed0e7cd
Branch: refs/heads/kadmin-remote
Commit: 3ed0e7cd3b8a0c3ce29293153e4e72f422f0637f
Parents: a412407
Author: plusplusjiajia <ji...@intel.com>
Authored: Mon May 23 16:58:23 2016 +0800
Committer: plusplusjiajia <ji...@intel.com>
Committed: Mon May 23 16:58:23 2016 +0800
----------------------------------------------------------------------
.../kerberos/kdc/impl/NettyKdcNetwork.java | 10 +++++
.../kerberos/kdc/impl/NettyKdcServerImpl.java | 14 ++++++-
kerby-kerb/kerb-kdc-test/pom.xml | 6 +++
.../RepeatLoginWithDefaultKdcNetworkTest.java | 34 ++++++++++++++++
.../RepeatLoginWithNettyKdcNetworkTest.java | 43 ++++++++++++++++++++
.../impl/DefaultInternalKdcServerImpl.java | 19 ++++++++-
6 files changed, 124 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/3ed0e7cd/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/impl/NettyKdcNetwork.java
----------------------------------------------------------------------
diff --git a/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/impl/NettyKdcNetwork.java b/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/impl/NettyKdcNetwork.java
index cfa4adb..1740432 100644
--- a/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/impl/NettyKdcNetwork.java
+++ b/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/impl/NettyKdcNetwork.java
@@ -126,5 +126,15 @@ public class NettyKdcNetwork {
if (udpAddress != null) {
group.shutdownGracefully();
}
+
+ try {
+ bossGroup.terminationFuture().sync();
+ workerGroup.terminationFuture().sync();
+ if (udpAddress != null) {
+ group.terminationFuture().sync();
+ }
+ } catch (InterruptedException e) {
+ e.printStackTrace();
+ }
}
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/3ed0e7cd/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/impl/NettyKdcServerImpl.java
----------------------------------------------------------------------
diff --git a/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/impl/NettyKdcServerImpl.java b/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/impl/NettyKdcServerImpl.java
index 9a795f0..5c527f1 100644
--- a/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/impl/NettyKdcServerImpl.java
+++ b/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/impl/NettyKdcServerImpl.java
@@ -29,6 +29,7 @@ import org.slf4j.LoggerFactory;
import java.net.InetSocketAddress;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
+import java.util.concurrent.TimeUnit;
/**
* A Netty based KDC server implementation.
@@ -81,7 +82,18 @@ public class NettyKdcServerImpl extends AbstractInternalKdcServer {
network.stop();
- executor.shutdownNow();
+ executor.shutdown();
+
+ try {
+ boolean terminated = false;
+ do {
+ // wait until the pool has terminated
+ terminated = executor.awaitTermination(60, TimeUnit.SECONDS);
+ } while (!terminated);
+ } catch (InterruptedException e) {
+ executor.shutdownNow();
+ LOG.warn("waitForTermination interrupted");
+ }
LOG.info("Netty kdc server stopped.");
}
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/3ed0e7cd/kerby-kerb/kerb-kdc-test/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/pom.xml b/kerby-kerb/kerb-kdc-test/pom.xml
index 3f01e59..b471f3a 100644
--- a/kerby-kerb/kerb-kdc-test/pom.xml
+++ b/kerby-kerb/kerb-kdc-test/pom.xml
@@ -63,6 +63,12 @@
<version>${slf4j.version}</version>
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>org.apache.kerby</groupId>
+ <artifactId>kerby-kdc</artifactId>
+ <version>1.0.0-RC3-SNAPSHOT</version>
+ <scope>test</scope>
+ </dependency>
</dependencies>
<build>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/3ed0e7cd/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/RepeatLoginWithDefaultKdcNetworkTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/RepeatLoginWithDefaultKdcNetworkTest.java b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/RepeatLoginWithDefaultKdcNetworkTest.java
new file mode 100644
index 0000000..8ce8e71
--- /dev/null
+++ b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/RepeatLoginWithDefaultKdcNetworkTest.java
@@ -0,0 +1,34 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.server;
+
+import org.junit.Test;
+
+public class RepeatLoginWithDefaultKdcNetworkTest extends LoginTestBase {
+ @Test
+ public void testLogin() throws Exception {
+ checkSubject(super.loginServiceUsingKeytab());
+ }
+
+ @Test
+ public void testLoginSecondTime() throws Exception {
+ checkSubject(super.loginServiceUsingKeytab());
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/3ed0e7cd/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/RepeatLoginWithNettyKdcNetworkTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/RepeatLoginWithNettyKdcNetworkTest.java b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/RepeatLoginWithNettyKdcNetworkTest.java
new file mode 100644
index 0000000..e82db7b
--- /dev/null
+++ b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/RepeatLoginWithNettyKdcNetworkTest.java
@@ -0,0 +1,43 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.server;
+
+import org.apache.kerby.kerberos.kdc.impl.NettyKdcServerImpl;
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.junit.Test;
+
+public class RepeatLoginWithNettyKdcNetworkTest extends LoginTestBase {
+ @Override
+ protected void prepareKdc() throws KrbException {
+ getKdcServer().setInnerKdcImpl(
+ new NettyKdcServerImpl(getKdcServer().getKdcSetting()));
+ super.prepareKdc();
+ }
+
+ @Test
+ public void testLogin() throws Exception {
+ checkSubject(super.loginServiceUsingKeytab());
+ }
+
+ @Test
+ public void testLoginSecondTime() throws Exception {
+ checkSubject(super.loginServiceUsingKeytab());
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/3ed0e7cd/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/impl/DefaultInternalKdcServerImpl.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/impl/DefaultInternalKdcServerImpl.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/impl/DefaultInternalKdcServerImpl.java
index dec1221..3ffd877 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/impl/DefaultInternalKdcServerImpl.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/impl/DefaultInternalKdcServerImpl.java
@@ -26,14 +26,18 @@ import org.apache.kerby.kerberos.kerb.server.preauth.PreauthHandler;
import org.apache.kerby.kerberos.kerb.transport.KdcNetwork;
import org.apache.kerby.kerberos.kerb.transport.KrbTransport;
import org.apache.kerby.kerberos.kerb.transport.TransportPair;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
+import java.util.concurrent.TimeUnit;
/**
* A default KDC server implementation.
*/
public class DefaultInternalKdcServerImpl extends AbstractInternalKdcServer {
+ private static final Logger LOG = LoggerFactory.getLogger(DefaultInternalKdcServerImpl.class);
private ExecutorService executor;
private KdcContext kdcContext;
private KdcNetwork network;
@@ -78,6 +82,19 @@ public class DefaultInternalKdcServerImpl extends AbstractInternalKdcServer {
network.stop();
- executor.shutdownNow();
+ executor.shutdown();
+
+ try {
+ boolean terminated = false;
+ do {
+ // wait until the pool has terminated
+ terminated = executor.awaitTermination(60, TimeUnit.SECONDS);
+ } while (!terminated);
+ } catch (InterruptedException e) {
+ executor.shutdownNow();
+ LOG.warn("waitForTermination interrupted");
+ }
+
+ LOG.info("Default Internal kdc server stopped.");
}
}
[27/29] directory-kerby git commit: DIRKRB-579 KRB_PRIV message type
support.
Posted by pl...@apache.org.
DIRKRB-579 KRB_PRIV message type support.
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/5106221c
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/5106221c
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/5106221c
Branch: refs/heads/kadmin-remote
Commit: 5106221cca87f38458f422f10f56f793934da5ed
Parents: ee3046d
Author: plusplusjiajia <ji...@intel.com>
Authored: Tue Jun 7 10:02:38 2016 +0800
Committer: plusplusjiajia <ji...@intel.com>
Committed: Tue Jun 7 10:02:38 2016 +0800
----------------------------------------------------------------------
.../kerberos/kerb/type/EncKrbPrivPart.java | 122 +++++++++++++++++++
.../kerby/kerberos/kerb/type/KrbPriv.java | 94 ++++++++++++++
2 files changed, 216 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/5106221c/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/EncKrbPrivPart.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/EncKrbPrivPart.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/EncKrbPrivPart.java
new file mode 100644
index 0000000..bccd83c
--- /dev/null
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/EncKrbPrivPart.java
@@ -0,0 +1,122 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.type;
+
+import org.apache.kerby.asn1.Asn1FieldInfo;
+import org.apache.kerby.asn1.EnumType;
+import org.apache.kerby.asn1.ExplicitField;
+import org.apache.kerby.asn1.type.Asn1Integer;
+import org.apache.kerby.asn1.type.Asn1OctetString;
+import org.apache.kerby.kerberos.kerb.type.base.HostAddress;
+
+/**
+ EncKrbPrivPart ::= [APPLICATION 28] SEQUENCE {
+ user-data[0] OCTET STRING,
+ timestamp[1] KerberosTime OPTIONAL,
+ usec[2] INTEGER OPTIONAL,
+ seq-number[3] INTEGER OPTIONAL,
+ s-address[4] HostAddress, -- sender's addr
+ r-address[5] HostAddress OPTIONAL
+ -- recip's addr
+ }
+ */
+public class EncKrbPrivPart extends KrbAppSequenceType {
+ public static final int TAG = 28;
+
+ protected enum EncKrbPrivPartField implements EnumType {
+ USER_DATA,
+ TIMESTAMP,
+ USEC,
+ SEQ_NUMBER,
+ S_ADDRESS,
+ R_ADDRESS;
+
+ @Override
+ public int getValue() {
+ return ordinal();
+ }
+
+ @Override
+ public String getName() {
+ return name();
+ }
+ }
+
+ static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new ExplicitField(EncKrbPrivPart.EncKrbPrivPartField.USER_DATA, Asn1OctetString.class),
+ new ExplicitField(EncKrbPrivPart.EncKrbPrivPartField.TIMESTAMP, KerberosTime.class),
+ new ExplicitField(EncKrbPrivPart.EncKrbPrivPartField.USEC, Asn1Integer.class),
+ new ExplicitField(EncKrbPrivPart.EncKrbPrivPartField.SEQ_NUMBER, Asn1Integer.class),
+ new ExplicitField(EncKrbPrivPart.EncKrbPrivPartField.S_ADDRESS, HostAddress.class),
+ new ExplicitField(EncKrbPrivPart.EncKrbPrivPartField.R_ADDRESS, HostAddress.class)
+ };
+
+ public EncKrbPrivPart() {
+ super(TAG, fieldInfos);
+ }
+
+ public byte[] getUserData() {
+ return getFieldAsOctets(EncKrbPrivPart.EncKrbPrivPartField.USER_DATA);
+ }
+
+ public void setUserData(byte[] userData) {
+ setFieldAsOctets(EncKrbPrivPart.EncKrbPrivPartField.USER_DATA, userData);
+ }
+
+ public KerberosTime getTimeStamp() {
+ return getFieldAsTime(EncKrbPrivPart.EncKrbPrivPartField.TIMESTAMP);
+ }
+
+ public void setTimeStamp(KerberosTime timeStamp) {
+ setFieldAs(EncKrbPrivPart.EncKrbPrivPartField.TIMESTAMP, timeStamp);
+ }
+
+ public int getUsec() {
+ return getFieldAsInt(EncKrbPrivPart.EncKrbPrivPartField.USEC);
+ }
+
+ public void setUsec(int usec) {
+ setFieldAsInt(EncKrbPrivPart.EncKrbPrivPartField.USEC, usec);
+ }
+
+ public int getSeqNumber() {
+ return getFieldAsInt(EncKrbPrivPart.EncKrbPrivPartField.SEQ_NUMBER);
+ }
+
+ public void setSeqNumber(int seqNumber) {
+ setFieldAsInt(EncKrbPrivPart.EncKrbPrivPartField.SEQ_NUMBER, seqNumber);
+ }
+
+ public HostAddress getSAddress() {
+ return getFieldAs(EncKrbPrivPart.EncKrbPrivPartField.S_ADDRESS, HostAddress.class);
+ }
+
+ public void setSAddress(HostAddress hostAddress) {
+ setFieldAs(EncKrbPrivPart.EncKrbPrivPartField.S_ADDRESS, hostAddress);
+ }
+
+ public HostAddress getRAddress() {
+ return getFieldAs(EncKrbPrivPart.EncKrbPrivPartField.R_ADDRESS, HostAddress.class);
+ }
+
+ public void setRAddress(HostAddress hostAddress) {
+ setFieldAs(EncKrbPrivPart.EncKrbPrivPartField.R_ADDRESS, hostAddress);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/5106221c/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/KrbPriv.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/KrbPriv.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/KrbPriv.java
new file mode 100644
index 0000000..0354783
--- /dev/null
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/KrbPriv.java
@@ -0,0 +1,94 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.type;
+
+import org.apache.kerby.asn1.Asn1FieldInfo;
+import org.apache.kerby.asn1.EnumType;
+import org.apache.kerby.asn1.ExplicitField;
+import org.apache.kerby.asn1.type.Asn1Integer;
+import org.apache.kerby.kerberos.kerb.type.base.EncryptedData;
+import org.apache.kerby.kerberos.kerb.type.base.KrbMessage;
+import org.apache.kerby.kerberos.kerb.type.base.KrbMessageType;
+
+/**
+ * The KRB_PRIV message, as defined in RFC 1510 :
+ * The KRB_PRIV message contains user data encrypted in the Session Key.
+ * The message fields are:
+ * <pre>
+ * KRB-PRIV ::= [APPLICATION 21] SEQUENCE {
+ * pvno[0] INTEGER,
+ * msg-type[1] INTEGER,
+ * enc-part[3] EncryptedData
+ * </pre>
+ */
+public class KrbPriv extends KrbMessage {
+ protected enum KrbPrivField implements EnumType {
+ PVNO,
+ MSG_TYPE,
+ ENC_PART;
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public int getValue() {
+ return ordinal();
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public String getName() {
+ return name();
+ }
+ }
+ static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new ExplicitField(KrbPriv.KrbPrivField.PVNO, Asn1Integer.class),
+ new ExplicitField(KrbPriv.KrbPrivField.MSG_TYPE, Asn1Integer.class),
+ new ExplicitField(KrbPriv.KrbPrivField.ENC_PART, EncryptedData.class)
+ };
+
+ /**
+ * Creates a new instance of a KRB-PRIv message
+ */
+ public KrbPriv() {
+ super(KrbMessageType.KRB_PRIV, fieldInfos);
+ }
+
+ private EncKrbPrivPart encPart;
+
+ public EncryptedData getEncryptedEncPart() {
+ return getFieldAs(KrbPriv.KrbPrivField.ENC_PART, EncryptedData.class);
+ }
+
+ public void setEncryptedEncPart(EncryptedData encryptedEncPart) {
+ setFieldAs(KrbPriv.KrbPrivField.ENC_PART, encryptedEncPart);
+ }
+
+
+ public EncKrbPrivPart getEncPart() {
+ return encPart;
+ }
+
+ public void setEncPart(EncKrbPrivPart encPart) {
+ this.encPart = encPart;
+ }
+}
[05/29] directory-kerby git commit: Fix DIRKRB-537.
Posted by pl...@apache.org.
Fix DIRKRB-537.
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/f2e28623
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/f2e28623
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/f2e28623
Branch: refs/heads/kadmin-remote
Commit: f2e28623cc8e4abb7f7153a890a7ea07d56fa95b
Parents: fff2aa1
Author: plusplusjiajia <ji...@intel.com>
Authored: Tue Apr 19 16:25:15 2016 +0800
Committer: plusplusjiajia <ji...@intel.com>
Committed: Tue Apr 19 16:25:15 2016 +0800
----------------------------------------------------------------------
.../org/apache/kerby/kerberos/kerb/client/KrbHandler.java | 5 ++---
.../org/apache/kerby/kerberos/kerb/server/KdcHandler.java | 10 +++++-----
2 files changed, 7 insertions(+), 8 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f2e28623/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbHandler.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbHandler.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbHandler.java
index c885001..1c6743f 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbHandler.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbHandler.java
@@ -135,9 +135,8 @@ public abstract class KrbHandler {
kdcRequest.resetPrequthContxt();
handleRequest(kdcRequest);
LOG.info("Retry with the new kdc request including pre-authentication.");
- }
- if (error.getErrorCode() == KrbErrorCode.KRB_AP_ERR_BAD_INTEGRITY) {
- LOG.info(error.getEtext());
+ } else {
+ LOG.info(error.getErrorCode().getMessage());
throw new KrbException(error.getErrorCode(), error.getEtext());
}
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f2e28623/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcHandler.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcHandler.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcHandler.java
index 02830bd..748f0bc 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcHandler.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcHandler.java
@@ -118,17 +118,17 @@ public class KdcHandler {
if (e instanceof KdcRecoverableException) {
krbResponse = handleRecoverableException(
(KdcRecoverableException) e, kdcRequest);
- } else if (e.getMessage().equals(KrbErrorCode.KRB_AP_ERR_BAD_INTEGRITY.getMessage())) {
+ } else {
KrbError krbError = new KrbError();
krbError.setStime(KerberosTime.now());
- krbError.setErrorCode(KrbErrorCode.KRB_AP_ERR_BAD_INTEGRITY);
+ krbError.setErrorCode(e.getKrbErrorCode());
krbError.setCname(kdcRequest.getClientEntry().getPrincipal());
krbError.setSname(kdcRequest.getServerPrincipal());
krbError.setRealm(kdcContext.getKdcRealm());
- krbError.setEtext("PREAUTH_FAILED");
+ if (e.getKrbErrorCode().equals(KrbErrorCode.KRB_AP_ERR_BAD_INTEGRITY)) {
+ krbError.setEtext("PREAUTH_FAILED");
+ }
krbResponse = krbError;
- } else {
- throw e;
}
}
[07/29] directory-kerby git commit: DIRKRB-557 KDC backend connect to
the zookeeper cluster.
Posted by pl...@apache.org.
DIRKRB-557 KDC backend connect to the zookeeper cluster.
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/7b5f7432
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/7b5f7432
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/7b5f7432
Branch: refs/heads/kadmin-remote
Commit: 7b5f7432cf101ac5732341f71d2ef71cfc1d0f41
Parents: c724d32
Author: plusplusjiajia <ji...@intel.com>
Authored: Fri Apr 22 15:43:14 2016 +0800
Committer: plusplusjiajia <ji...@intel.com>
Committed: Fri Apr 22 15:43:14 2016 +0800
----------------------------------------------------------------------
.../kerberos/kdc/identitybackend/ZKConfKey.java | 6 ++--
.../ZookeeperIdentityBackend.java | 36 ++++++--------------
.../identity/backend/ZookeeperBackendTest.java | 26 ++++++++++----
kerby-dist/kdc-dist/conf/backend.conf | 6 ++--
.../kerberos/kdc/ZookeeperBackendKdcTest.java | 27 ++-------------
5 files changed, 41 insertions(+), 60 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/7b5f7432/kerby-backend/zookeeper-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/ZKConfKey.java
----------------------------------------------------------------------
diff --git a/kerby-backend/zookeeper-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/ZKConfKey.java b/kerby-backend/zookeeper-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/ZKConfKey.java
index 96f5ced..b82b1a0 100644
--- a/kerby-backend/zookeeper-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/ZKConfKey.java
+++ b/kerby-backend/zookeeper-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/ZKConfKey.java
@@ -25,10 +25,10 @@ import org.apache.kerby.config.ConfigKey;
* Define all the ZK backend related configuration items with default values.
*/
public enum ZKConfKey implements ConfigKey {
+ EMBEDDED_ZK(true),
ZK_HOST("127.0.0.1"),
- ZK_PORT(2181),
- DATA_DIR,
- DATA_LOG_DIR;
+ ZK_PORT(2180),
+ DATA_DIR("/tmp/kerby/zookeeper/data");
private Object defaultValue;
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/7b5f7432/kerby-backend/zookeeper-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/ZookeeperIdentityBackend.java
----------------------------------------------------------------------
diff --git a/kerby-backend/zookeeper-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/ZookeeperIdentityBackend.java b/kerby-backend/zookeeper-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/ZookeeperIdentityBackend.java
index 95d14a5..810b271 100644
--- a/kerby-backend/zookeeper-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/ZookeeperIdentityBackend.java
+++ b/kerby-backend/zookeeper-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/ZookeeperIdentityBackend.java
@@ -51,7 +51,6 @@ public class ZookeeperIdentityBackend extends AbstractIdentityBackend {
private String zkHost;
private int zkPort;
private File dataDir;
- private File dataLogDir;
private ZooKeeper zooKeeper;
private static final Logger LOG = LoggerFactory.getLogger(ZookeeperIdentityBackend.class);
@@ -111,19 +110,9 @@ public class ZookeeperIdentityBackend extends AbstractIdentityBackend {
LOG.info("Data dir: " + dataDir);
- String dataLogDirString = getConfig().getString(ZKConfKey.DATA_LOG_DIR, true);
- if (dataLogDirString == null || dataLogDirString.isEmpty()) {
- File zooKeeperDir = new File(getBackendConfig().getConfDir(), "zookeeper");
- dataLogDir = new File(zooKeeperDir, "datalog");
- } else {
- dataLogDir = new File(dataLogDirString);
- }
-
- if (!dataLogDir.exists() && !dataLogDir.mkdirs()) {
- throw new KrbException("could not create data log file dir " + dataLogDir);
+ if (getConfig().getBoolean(ZKConfKey.EMBEDDED_ZK, true)) {
+ startEmbeddedZookeeper();
}
-
- startEmbeddedZookeeper();
connectZK();
}
@@ -132,7 +121,8 @@ public class ZookeeperIdentityBackend extends AbstractIdentityBackend {
*/
private void connectZK() throws KrbException {
try {
- zooKeeper = new ZooKeeper(zkHost, 10000, null);
+ String serverStr = zkHost + ":" + zkPort;
+ zooKeeper = new ZooKeeper(serverStr, 10000, new MyWatcher());
while (true) {
if (!zooKeeper.getState().isConnected()) {
try {
@@ -158,7 +148,6 @@ public class ZookeeperIdentityBackend extends AbstractIdentityBackend {
private void startEmbeddedZookeeper() throws KrbException {
Properties startupProperties = new Properties();
startupProperties.put("dataDir", dataDir.getAbsolutePath());
- startupProperties.put("dataLogDir", dataLogDir.getAbsolutePath());
startupProperties.put("clientPort", zkPort);
QuorumPeerConfig quorumConfiguration = new QuorumPeerConfig();
@@ -188,14 +177,6 @@ public class ZookeeperIdentityBackend extends AbstractIdentityBackend {
}
/**
- * This will watch all the kdb update event so that it's timely synced.
- * @param event The kdb update event ot watch.
- */
- private void process(WatchedEvent event) {
- System.out.print("I got an event: " + event);
- }
-
- /**
* {@inheritDoc}
*/
@Override
@@ -323,9 +304,14 @@ public class ZookeeperIdentityBackend extends AbstractIdentityBackend {
}
class MyWatcher implements Watcher {
- @Override
+
+ /**
+ * This will watch all the kdb update event so that it's timely synced.
+ * @param event The kdb update event ot watch.
+ */
public void process(WatchedEvent event) {
- ZookeeperIdentityBackend.this.process(event);
+// System.out.println("I got an event: " + event.getPath());
}
+
}
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/7b5f7432/kerby-backend/zookeeper-backend/src/test/java/org/apache/kerby/kerberos/kerb/identity/backend/ZookeeperBackendTest.java
----------------------------------------------------------------------
diff --git a/kerby-backend/zookeeper-backend/src/test/java/org/apache/kerby/kerberos/kerb/identity/backend/ZookeeperBackendTest.java b/kerby-backend/zookeeper-backend/src/test/java/org/apache/kerby/kerberos/kerb/identity/backend/ZookeeperBackendTest.java
index b5dab1d..8f34123 100644
--- a/kerby-backend/zookeeper-backend/src/test/java/org/apache/kerby/kerberos/kerb/identity/backend/ZookeeperBackendTest.java
+++ b/kerby-backend/zookeeper-backend/src/test/java/org/apache/kerby/kerberos/kerb/identity/backend/ZookeeperBackendTest.java
@@ -23,6 +23,7 @@ import org.apache.kerby.config.Conf;
import org.apache.kerby.kerberos.kdc.identitybackend.ZKConfKey;
import org.apache.kerby.kerberos.kdc.identitybackend.ZookeeperIdentityBackend;
import org.apache.kerby.kerberos.kerb.KrbException;
+import org.junit.AfterClass;
import org.junit.BeforeClass;
import java.io.File;
@@ -31,22 +32,35 @@ import java.io.File;
* Zookeeper backend test
*/
public class ZookeeperBackendTest extends BackendTestBase {
+ private static File instanceDir;
+ private static File dataDir;
+
@BeforeClass
public static void setup() throws KrbException {
Conf config = new Conf();
-
File testdir = new File(System.getProperty("test.dir", "target"));
- File instanceDir = new File(testdir, "zookeeper");
+ instanceDir = new File(testdir, "zookeeper");
instanceDir.mkdirs();
- File dataDir = new File(instanceDir, "data");
+ dataDir = new File(instanceDir, "data");
dataDir.mkdirs();
config.setString(ZKConfKey.DATA_DIR.getPropertyKey(), dataDir.getAbsolutePath());
- File dataLogDir = new File(instanceDir, "log");
- dataLogDir.mkdirs();
- config.setString(ZKConfKey.DATA_LOG_DIR.getPropertyKey(), dataLogDir.getAbsolutePath());
backend = new ZookeeperIdentityBackend(config);
backend.initialize();
backend.start();
}
+
+ @AfterClass
+ public static void tearDown() throws KrbException {
+ if (dataDir.exists()) {
+ dataDir.delete();
+ }
+ if (instanceDir.exists()) {
+ instanceDir.delete();
+ }
+ if (backend != null) {
+ backend.stop();
+ backend.release();
+ }
+ }
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/7b5f7432/kerby-dist/kdc-dist/conf/backend.conf
----------------------------------------------------------------------
diff --git a/kerby-dist/kdc-dist/conf/backend.conf b/kerby-dist/kdc-dist/conf/backend.conf
index 28c2632..2ead268 100644
--- a/kerby-dist/kdc-dist/conf/backend.conf
+++ b/kerby-dist/kdc-dist/conf/backend.conf
@@ -18,5 +18,7 @@
kdc_identity_backend = org.apache.kerby.kerberos.kdc.identitybackend.JsonIdentityBackend
backend.json.dir = /tmp/kerby/jsonbackend
-data_dir = /tmp/kerby/zookeeper/data
-data_log_dir = /tmp/kerby/zookeeper/datalog
+embedded_zk = false
+zk_host = 127.0.0.1
+zk_port = 2181
+data_dir = /tmp/zookeeper/data
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/7b5f7432/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/ZookeeperBackendKdcTest.java
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/ZookeeperBackendKdcTest.java b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/ZookeeperBackendKdcTest.java
index bface94..f0634e7 100644
--- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/ZookeeperBackendKdcTest.java
+++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/ZookeeperBackendKdcTest.java
@@ -23,43 +23,22 @@ import org.apache.kerby.kerberos.kdc.identitybackend.ZKConfKey;
import org.apache.kerby.kerberos.kerb.KrbException;
import org.apache.kerby.kerberos.kerb.identity.backend.BackendConfig;
import org.apache.kerby.kerberos.kerb.server.KdcConfigKey;
-import org.junit.AfterClass;
import org.junit.Test;
import java.io.File;
public class ZookeeperBackendKdcTest extends KerbyKdcTest {
- private static File instanceDir;
- private static File dataDir;
- private static File dataLogDir;
-
- @AfterClass
- public static void rmJsonBackendFile() {
- if (instanceDir.exists()) {
- instanceDir.delete();
- }
- if (dataDir.exists()) {
- dataDir.delete();
- }
- if (dataLogDir.exists()) {
- dataLogDir.delete();
- }
- }
-
@Override
protected void prepareKdc() throws KrbException {
BackendConfig backendConfig = getKdcServer().getBackendConfig();
- File testDir = new File(System.getProperty("test.dir", "target"));
- instanceDir = new File(testDir, "zookeeper");
+ File testDir = getTestDir();
+ File instanceDir = new File(testDir, "zookeeper");
instanceDir.mkdirs();
- dataDir = new File(instanceDir, "data");
+ File dataDir = new File(instanceDir, "data");
dataDir.mkdirs();
backendConfig.setString(ZKConfKey.DATA_DIR.getPropertyKey(), dataDir.getAbsolutePath());
- dataLogDir = new File(instanceDir, "log");
- dataLogDir.mkdirs();
- backendConfig.setString(ZKConfKey.DATA_LOG_DIR.getPropertyKey(), dataLogDir.getAbsolutePath());
backendConfig.setString(KdcConfigKey.KDC_IDENTITY_BACKEND,
"org.apache.kerby.kerberos.kdc.identitybackend.ZookeeperIdentityBackend");
[25/29] directory-kerby git commit: Rename the templete conf file
name.
Posted by pl...@apache.org.
Rename the templete conf file name.
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/60357e37
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/60357e37
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/60357e37
Branch: refs/heads/kadmin-remote
Commit: 60357e37832ac86c93974fef4fb48dd469bb7d0a
Parents: 002b873
Author: plusplusjiajia <ji...@intel.com>
Authored: Mon Jun 6 10:01:04 2016 +0800
Committer: plusplusjiajia <ji...@intel.com>
Committed: Mon Jun 6 10:01:04 2016 +0800
----------------------------------------------------------------------
.../kerby/kerberos/kerb/client/Krb5Conf.java | 2 +-
.../src/main/resources/krb5-template.conf | 29 ++++++++++++++++++++
.../kerb-simplekdc/src/main/resources/krb5.conf | 29 --------------------
.../src/main/resources/krb5_udp-template.conf | 29 ++++++++++++++++++++
.../src/main/resources/krb5_udp.conf | 29 --------------------
5 files changed, 59 insertions(+), 59 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/60357e37/kerby-kerb/kerb-simplekdc/src/main/java/org/apache/kerby/kerberos/kerb/client/Krb5Conf.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-simplekdc/src/main/java/org/apache/kerby/kerberos/kerb/client/Krb5Conf.java b/kerby-kerb/kerb-simplekdc/src/main/java/org/apache/kerby/kerberos/kerb/client/Krb5Conf.java
index dc47652..23fea52 100644
--- a/kerby-kerb/kerb-simplekdc/src/main/java/org/apache/kerby/kerberos/kerb/client/Krb5Conf.java
+++ b/kerby-kerb/kerb-simplekdc/src/main/java/org/apache/kerby/kerberos/kerb/client/Krb5Conf.java
@@ -49,7 +49,7 @@ public class Krb5Conf {
private File generateConfFile() throws IOException {
KdcSetting setting = kdcServer.getKdcSetting();
- String resourcePath = setting.allowUdp() ? "/krb5_udp.conf" : "/krb5.conf";
+ String resourcePath = setting.allowUdp() ? "/krb5_udp-template.conf" : "/krb5-template.conf";
InputStream templateResource = getClass().getResourceAsStream(resourcePath);
String templateContent = IOUtil.readInput(templateResource);
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/60357e37/kerby-kerb/kerb-simplekdc/src/main/resources/krb5-template.conf
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-simplekdc/src/main/resources/krb5-template.conf b/kerby-kerb/kerb-simplekdc/src/main/resources/krb5-template.conf
new file mode 100644
index 0000000..0954538
--- /dev/null
+++ b/kerby-kerb/kerb-simplekdc/src/main/resources/krb5-template.conf
@@ -0,0 +1,29 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+[libdefaults]
+ kdc_realm = _REALM_
+ default_realm = _REALM_
+ udp_preference_limit = _UDP_LIMIT_
+ #_KDC_TCP_PORT_
+ #_KDC_UDP_PORT_
+
+[realms]
+ _REALM_ = {
+ kdc = localhost:_KDC_PORT_
+ }
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/60357e37/kerby-kerb/kerb-simplekdc/src/main/resources/krb5.conf
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-simplekdc/src/main/resources/krb5.conf b/kerby-kerb/kerb-simplekdc/src/main/resources/krb5.conf
deleted file mode 100644
index 0954538..0000000
--- a/kerby-kerb/kerb-simplekdc/src/main/resources/krb5.conf
+++ /dev/null
@@ -1,29 +0,0 @@
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-[libdefaults]
- kdc_realm = _REALM_
- default_realm = _REALM_
- udp_preference_limit = _UDP_LIMIT_
- #_KDC_TCP_PORT_
- #_KDC_UDP_PORT_
-
-[realms]
- _REALM_ = {
- kdc = localhost:_KDC_PORT_
- }
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/60357e37/kerby-kerb/kerb-simplekdc/src/main/resources/krb5_udp-template.conf
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-simplekdc/src/main/resources/krb5_udp-template.conf b/kerby-kerb/kerb-simplekdc/src/main/resources/krb5_udp-template.conf
new file mode 100644
index 0000000..0954538
--- /dev/null
+++ b/kerby-kerb/kerb-simplekdc/src/main/resources/krb5_udp-template.conf
@@ -0,0 +1,29 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+[libdefaults]
+ kdc_realm = _REALM_
+ default_realm = _REALM_
+ udp_preference_limit = _UDP_LIMIT_
+ #_KDC_TCP_PORT_
+ #_KDC_UDP_PORT_
+
+[realms]
+ _REALM_ = {
+ kdc = localhost:_KDC_PORT_
+ }
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/60357e37/kerby-kerb/kerb-simplekdc/src/main/resources/krb5_udp.conf
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-simplekdc/src/main/resources/krb5_udp.conf b/kerby-kerb/kerb-simplekdc/src/main/resources/krb5_udp.conf
deleted file mode 100644
index 0954538..0000000
--- a/kerby-kerb/kerb-simplekdc/src/main/resources/krb5_udp.conf
+++ /dev/null
@@ -1,29 +0,0 @@
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-[libdefaults]
- kdc_realm = _REALM_
- default_realm = _REALM_
- udp_preference_limit = _UDP_LIMIT_
- #_KDC_TCP_PORT_
- #_KDC_UDP_PORT_
-
-[realms]
- _REALM_ = {
- kdc = localhost:_KDC_PORT_
- }
\ No newline at end of file
[04/29] directory-kerby git commit: Save the error code in
KrbException.
Posted by pl...@apache.org.
Save the error code in KrbException.
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/fff2aa12
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/fff2aa12
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/fff2aa12
Branch: refs/heads/kadmin-remote
Commit: fff2aa120fa665d1ceb0e4042669a3799825861e
Parents: 1adbb86
Author: plusplusjiajia <ji...@intel.com>
Authored: Tue Apr 19 16:01:22 2016 +0800
Committer: plusplusjiajia <ji...@intel.com>
Committed: Tue Apr 19 16:01:22 2016 +0800
----------------------------------------------------------------------
.../java/org/apache/kerby/kerberos/kerb/KrbException.java | 8 ++++++++
1 file changed, 8 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/fff2aa12/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/KrbException.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/KrbException.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/KrbException.java
index ee3fa8d..0755250 100644
--- a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/KrbException.java
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/KrbException.java
@@ -21,6 +21,7 @@ package org.apache.kerby.kerberos.kerb;
public class KrbException extends Exception {
private static final long serialVersionUID = 7305497872367599428L;
+ private KrbErrorCode errorCode;
public KrbException(String message) {
super(message);
@@ -32,13 +33,20 @@ public class KrbException extends Exception {
public KrbException(KrbErrorCode errorCode) {
super(errorCode.getMessage());
+ this.errorCode = errorCode;
}
public KrbException(KrbErrorCode errorCode, Throwable cause) {
super(errorCode.getMessage(), cause);
+ this.errorCode = errorCode;
}
public KrbException(KrbErrorCode errorCode, String message) {
super(message + " with error code: " + errorCode.name());
+ this.errorCode = errorCode;
+ }
+
+ public KrbErrorCode getKrbErrorCode() {
+ return errorCode;
}
}
[22/29] directory-kerby git commit: DIRKRB-542. Kerby Authorization.
Contributed by Gerard Gagliano
Posted by pl...@apache.org.
DIRKRB-542. Kerby Authorization. Contributed by Gerard Gagliano
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/f751d390
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/f751d390
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/f751d390
Branch: refs/heads/kadmin-remote
Commit: f751d3906ed7b8c0e823dc372afd4c2876b99546
Parents: 369f27d
Author: Kai Zheng <ka...@intel.com>
Authored: Mon May 30 05:08:31 2016 +0800
Committer: Kai Zheng <ka...@intel.com>
Committed: Mon May 30 05:08:31 2016 +0800
----------------------------------------------------------------------
.../org/apache/kerby/asn1/Asn1FieldInfo.java | 12 +-
.../kerby/asn1/type/AbstractAsn1Type.java | 4 +
.../kerby/asn1/type/Asn1CollectionType.java | 53 +++--
.../apache/kerby/asn1/type/Asn1Constructed.java | 5 +
.../apache/kerby/asn1/type/Asn1Encodeable.java | 12 +-
.../org/apache/kerby/asn1/type/Asn1Simple.java | 1 +
.../kerberos/kdc/impl/NettyKdcHandler.java | 14 ++
.../kdc/impl/NettyKdcUdpServerHandler.java | 14 ++
.../client/preauth/pkinit/PkinitPreauth.java | 29 +--
.../kerby/kerberos/kerb/type/ad/ADAndOr.java | 78 +++++++
.../kerb/type/ad/ADAuthenticationIndicator.java | 82 +++++++
.../kerby/kerberos/kerb/type/ad/ADCamMac.java | 187 ++++++++++++++++
.../kerb/type/ad/ADEnctypeNegotiation.java | 83 +++++++
.../type/ad/ADIntendedForApplicationClass.java | 179 +++++++++++++++
.../kerb/type/ad/ADIntendedForServer.java | 162 ++++++++++++++
.../kerberos/kerb/type/ad/ADKdcIssued.java | 169 +++++++++++++++
.../kerby/kerberos/kerb/type/ad/AndOr.java | 87 ++++++++
.../kerb/type/ad/AuthorizationData.java | 10 +
.../kerb/type/ad/AuthorizationDataEntry.java | 49 ++++-
.../kerb/type/ad/AuthorizationDataWrapper.java | 118 ++++++++++
.../kerb/type/ad/AuthorizationType.java | 217 ++++++++++++++++++-
.../kerb/type/ad/CamMacOtherVerifiers.java | 30 +++
.../kerb/type/ad/CamMacVerifierChoice.java | 67 ++++++
.../kerb/type/ad/CamMacVerifierMac.java | 107 +++++++++
.../kerberos/kerb/type/ad/PrincipalList.java | 31 +++
.../kerby/kerberos/kerb/type/base/KeyUsage.java | 3 +-
.../kerby/kerberos/kerb/codec/ADTest.java | 143 ++++++++++++
.../codec/PkinitAnonymousAsRepCodecTest.java | 2 +-
.../codec/PkinitAnonymousAsReqCodecTest.java | 22 +-
.../kerb/identity/CacheableIdentityService.java | 13 ++
.../kerberos/kerb/identity/IdentityService.java | 12 +
.../backend/AbstractIdentityBackend.java | 34 +++
.../kerb/server/preauth/PreauthHandler.java | 16 +-
.../kerb/server/request/KdcRequest.java | 46 ++--
.../kerb/server/request/TgsRequest.java | 2 +-
.../kerb/server/request/TicketIssuer.java | 13 ++
36 files changed, 2023 insertions(+), 83 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f751d390/kerby-common/kerby-asn1/src/main/java/org/apache/kerby/asn1/Asn1FieldInfo.java
----------------------------------------------------------------------
diff --git a/kerby-common/kerby-asn1/src/main/java/org/apache/kerby/asn1/Asn1FieldInfo.java b/kerby-common/kerby-asn1/src/main/java/org/apache/kerby/asn1/Asn1FieldInfo.java
index 72182b0..fcad437 100644
--- a/kerby-common/kerby-asn1/src/main/java/org/apache/kerby/asn1/Asn1FieldInfo.java
+++ b/kerby-common/kerby-asn1/src/main/java/org/apache/kerby/asn1/Asn1FieldInfo.java
@@ -29,6 +29,7 @@ public class Asn1FieldInfo {
private int tagNo = -1; // Indicate a non-tagged field
private boolean isImplicit;
private Class<? extends Asn1Type> type;
+ private Tag tag = null;
/**
* Constructor for a tagged field, the tagNo being the same of index.
@@ -101,7 +102,14 @@ public class Asn1FieldInfo {
}
public Tag getFieldTag() {
- Asn1Type fieldValue = createFieldValue();
- return fieldValue.tag();
+ if (tag == null) {
+ Asn1Type fieldValue = createFieldValue();
+ tag = fieldValue.tag();
+ }
+ return tag;
+ }
+
+ public Class<? extends Asn1Type> getType() {
+ return type;
}
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f751d390/kerby-common/kerby-asn1/src/main/java/org/apache/kerby/asn1/type/AbstractAsn1Type.java
----------------------------------------------------------------------
diff --git a/kerby-common/kerby-asn1/src/main/java/org/apache/kerby/asn1/type/AbstractAsn1Type.java b/kerby-common/kerby-asn1/src/main/java/org/apache/kerby/asn1/type/AbstractAsn1Type.java
index 96c68a1..001c40e 100644
--- a/kerby-common/kerby-asn1/src/main/java/org/apache/kerby/asn1/type/AbstractAsn1Type.java
+++ b/kerby-common/kerby-asn1/src/main/java/org/apache/kerby/asn1/type/AbstractAsn1Type.java
@@ -73,7 +73,11 @@ public abstract class AbstractAsn1Type<T> extends Asn1Encodeable {
}
public void setValue(T value) {
+ resetBodyLength();
this.value = value;
+ if (value instanceof Asn1Encodeable) {
+ ((Asn1Encodeable) value).outerEncodeable = this;
+ }
}
@Override
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f751d390/kerby-common/kerby-asn1/src/main/java/org/apache/kerby/asn1/type/Asn1CollectionType.java
----------------------------------------------------------------------
diff --git a/kerby-common/kerby-asn1/src/main/java/org/apache/kerby/asn1/type/Asn1CollectionType.java b/kerby-common/kerby-asn1/src/main/java/org/apache/kerby/asn1/type/Asn1CollectionType.java
index 8f546c6..d19864c 100644
--- a/kerby-common/kerby-asn1/src/main/java/org/apache/kerby/asn1/type/Asn1CollectionType.java
+++ b/kerby-common/kerby-asn1/src/main/java/org/apache/kerby/asn1/type/Asn1CollectionType.java
@@ -90,7 +90,6 @@ public abstract class Asn1CollectionType
@Override
protected void decodeBody(Asn1ParseResult parseResult) throws IOException {
- checkAndInitFields();
useDefinitiveLength(parseResult.isDefinitiveLength());
Asn1Container container = (Asn1Container) parseResult;
@@ -115,8 +114,9 @@ public abstract class Asn1CollectionType
private void attemptBinding(Asn1ParseResult parseItem,
int foundPos) throws IOException {
- Asn1Type fieldValue = fields[foundPos];
Asn1FieldInfo fieldInfo = fieldInfos[foundPos];
+ checkAndInitField(foundPos);
+ Asn1Type fieldValue = fields[foundPos];
if (fieldValue instanceof Asn1Any) {
Asn1Any any = (Asn1Any) fieldValue;
@@ -146,30 +146,44 @@ public abstract class Asn1CollectionType
foundPos = i;
break;
}
- } else if (fieldValue.tag().equals(parseItem.tag())) {
- foundPos = i;
- break;
- } else if (fieldValue instanceof Asn1Choice) {
- Asn1Choice aChoice = (Asn1Choice) fields[i];
- if (aChoice.matchAndSetValue(parseItem.tag())) {
+ } else if (fieldValue != null) {
+ if (fieldValue.tag().equals(parseItem.tag())) {
+ foundPos = i;
+ break;
+ } else if (fieldValue instanceof Asn1Choice) {
+ Asn1Choice aChoice = (Asn1Choice) fieldValue;
+ if (aChoice.matchAndSetValue(parseItem.tag())) {
+ foundPos = i;
+ break;
+ }
+ } else if (fieldValue instanceof Asn1Any) {
+ foundPos = i;
+ break;
+ }
+ } else {
+ if (fieldInfo.getFieldTag().equals(parseItem.tag())) {
+ foundPos = i;
+ break;
+
+ } else if (Asn1Choice.class
+ .isAssignableFrom(fieldInfo.getType())) {
+ Asn1Choice aChoice = (Asn1Choice) (fields[i] = fieldInfo
+ .createFieldValue());
+ if (aChoice.matchAndSetValue(parseItem.tag())) {
+ foundPos = i;
+ break;
+ }
+ } else if (Asn1Any.class
+ .isAssignableFrom(fieldInfo.getType())) {
foundPos = i;
break;
}
- } else if (fieldValue instanceof Asn1Any) {
- foundPos = i;
- break;
}
}
return foundPos;
}
- private void checkAndInitFields() {
- for (int i = 0; i < fieldInfos.length; ++i) {
- checkAndInitField(i);
- }
- }
-
private void checkAndInitField(int index) {
if (fields[index] == null) {
fields[index] = fieldInfos[index].createFieldValue();
@@ -178,6 +192,7 @@ public abstract class Asn1CollectionType
protected abstract Asn1Collection createCollection();
+ @SuppressWarnings("unchecked")
protected <T extends Asn1Type> T getFieldAs(EnumType index, Class<T> t) {
Asn1Type value = fields[index.getValue()];
if (value == null) {
@@ -187,6 +202,10 @@ public abstract class Asn1CollectionType
}
protected void setFieldAs(EnumType index, Asn1Type value) {
+ resetBodyLength(); // Reset the pre-computed body length
+ if (value instanceof Asn1Encodeable) {
+ ((Asn1Encodeable) value).outerEncodeable = this;
+ }
fields[index.getValue()] = value;
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f751d390/kerby-common/kerby-asn1/src/main/java/org/apache/kerby/asn1/type/Asn1Constructed.java
----------------------------------------------------------------------
diff --git a/kerby-common/kerby-asn1/src/main/java/org/apache/kerby/asn1/type/Asn1Constructed.java b/kerby-common/kerby-asn1/src/main/java/org/apache/kerby/asn1/type/Asn1Constructed.java
index fd8a187..6c62b6c 100644
--- a/kerby-common/kerby-asn1/src/main/java/org/apache/kerby/asn1/type/Asn1Constructed.java
+++ b/kerby-common/kerby-asn1/src/main/java/org/apache/kerby/asn1/type/Asn1Constructed.java
@@ -61,10 +61,15 @@ public class Asn1Constructed
}
public void addItem(Asn1Type value) {
+ resetBodyLength();
getValue().add(value);
+ if (value instanceof Asn1Encodeable) {
+ ((Asn1Encodeable) value).outerEncodeable = this;
+ }
}
public void clear() {
+ resetBodyLength();
getValue().clear();
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f751d390/kerby-common/kerby-asn1/src/main/java/org/apache/kerby/asn1/type/Asn1Encodeable.java
----------------------------------------------------------------------
diff --git a/kerby-common/kerby-asn1/src/main/java/org/apache/kerby/asn1/type/Asn1Encodeable.java b/kerby-common/kerby-asn1/src/main/java/org/apache/kerby/asn1/type/Asn1Encodeable.java
index 0bd2e81..7f4e28f 100644
--- a/kerby-common/kerby-asn1/src/main/java/org/apache/kerby/asn1/type/Asn1Encodeable.java
+++ b/kerby-common/kerby-asn1/src/main/java/org/apache/kerby/asn1/type/Asn1Encodeable.java
@@ -37,7 +37,8 @@ import java.nio.ByteBuffer;
*/
public abstract class Asn1Encodeable extends Asn1Object implements Asn1Type {
- private int bodyLength = -1;
+ protected int bodyLength = -1;
+ public Asn1Encodeable outerEncodeable = null;
// encoding options
private EncodingType encodingType = EncodingType.BER;
@@ -145,6 +146,15 @@ public abstract class Asn1Encodeable extends Asn1Object implements Asn1Type {
encodeBody(buffer);
}
+ public void resetBodyLength() {
+ if (bodyLength != -1) {
+ bodyLength = -1;
+ if (outerEncodeable != null) {
+ outerEncodeable.resetBodyLength();
+ }
+ }
+ }
+
protected void encodeBody(ByteBuffer buffer) throws IOException { }
@Override
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f751d390/kerby-common/kerby-asn1/src/main/java/org/apache/kerby/asn1/type/Asn1Simple.java
----------------------------------------------------------------------
diff --git a/kerby-common/kerby-asn1/src/main/java/org/apache/kerby/asn1/type/Asn1Simple.java b/kerby-common/kerby-asn1/src/main/java/org/apache/kerby/asn1/type/Asn1Simple.java
index 2980086..cac3d60 100644
--- a/kerby-common/kerby-asn1/src/main/java/org/apache/kerby/asn1/type/Asn1Simple.java
+++ b/kerby-common/kerby-asn1/src/main/java/org/apache/kerby/asn1/type/Asn1Simple.java
@@ -61,6 +61,7 @@ public abstract class Asn1Simple<T> extends AbstractAsn1Type<T> {
}
protected void setBytes(byte[] bytes) {
+ resetBodyLength();
this.bytes = bytes;
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f751d390/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/impl/NettyKdcHandler.java
----------------------------------------------------------------------
diff --git a/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/impl/NettyKdcHandler.java b/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/impl/NettyKdcHandler.java
index d442108..1253adf 100644
--- a/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/impl/NettyKdcHandler.java
+++ b/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/impl/NettyKdcHandler.java
@@ -58,6 +58,20 @@ public class NettyKdcHandler extends ChannelInboundHandlerAdapter {
} catch (Exception e) {
LOG.error("Error occurred while processing request:"
+ e);
+ e.printStackTrace();
}
}
+
+ /**
+ * Calls {@link ChannelHandlerContext#fireExceptionCaught(Throwable)} to
+ * forward to the next {@link ChannelHandler} in the {@link ChannelPipeline}
+ *
+ * Sub-classes may override this method to change behavior.
+ */
+ @Override
+ public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause)
+ throws Exception {
+ cause.printStackTrace();
+ ctx.fireExceptionCaught(cause);
+ }
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f751d390/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/impl/NettyKdcUdpServerHandler.java
----------------------------------------------------------------------
diff --git a/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/impl/NettyKdcUdpServerHandler.java b/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/impl/NettyKdcUdpServerHandler.java
index 797808e..04a314a 100644
--- a/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/impl/NettyKdcUdpServerHandler.java
+++ b/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/impl/NettyKdcUdpServerHandler.java
@@ -60,6 +60,20 @@ public class NettyKdcUdpServerHandler extends SimpleChannelInboundHandler<Datagr
} catch (Exception e) {
LOG.error("Error occurred while processing request:"
+ e.getMessage());
+ e.printStackTrace();
}
}
+
+ /**
+ * Calls {@link ChannelHandlerContext#fireExceptionCaught(Throwable)} to
+ * forward to the next {@link ChannelHandler} in the {@link ChannelPipeline}
+ *
+ * Sub-classes may override this method to change behavior.
+ */
+ @Override
+ public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause)
+ throws Exception {
+ cause.printStackTrace();
+ ctx.fireExceptionCaught(cause);
+ }
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f751d390/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java
index 230ccb0..3620f23 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java
@@ -44,6 +44,7 @@ import org.apache.kerby.kerberos.kerb.preauth.pkinit.CertificateHelper;
import org.apache.kerby.kerberos.kerb.preauth.pkinit.CmsMessageType;
import org.apache.kerby.kerberos.kerb.preauth.pkinit.PkinitCrypto;
import org.apache.kerby.kerberos.kerb.preauth.pkinit.PkinitIdenity;
+import org.apache.kerby.kerberos.kerb.preauth.pkinit.PkinitPlgCryptoContext;
import org.apache.kerby.kerberos.kerb.preauth.pkinit.PkinitPreauthMeta;
import org.apache.kerby.kerberos.kerb.type.KerberosTime;
import org.apache.kerby.kerberos.kerb.type.base.CheckSum;
@@ -79,7 +80,6 @@ import java.util.Calendar;
import java.util.Date;
import java.util.List;
-@SuppressWarnings("PMD.UnusedFormalParameter")
public class PkinitPreauth extends AbstractPreauthPlugin {
private static final Logger LOG = LoggerFactory.getLogger(PkinitPreauth.class);
@@ -213,6 +213,7 @@ public class PkinitPreauth extends AbstractPreauthPlugin {
processingRequest = true;
break;
case PK_AS_REP:
+ default:
break;
}
@@ -226,14 +227,17 @@ public class PkinitPreauth extends AbstractPreauthPlugin {
}
}
+ @SuppressWarnings("unused")
private void generateRequest(PkinitRequestContext reqCtx, KdcRequest kdcRequest,
PaData outPadata) {
}
+ @SuppressWarnings("unused")
private PaPkAsReq makePaPkAsReq(KdcRequest kdcRequest,
PkinitRequestContext reqCtx,
int cusec, KerberosTime ctime, int nonce, CheckSum checkSum) throws KrbException {
+ KdcRequest kdc = kdcRequest;
LOG.info("Making the PK_AS_REQ.");
PaPkAsReq paPkAsReq = new PaPkAsReq();
@@ -291,30 +295,28 @@ public class PkinitPreauth extends AbstractPreauthPlugin {
authPack.setClientPublicValue(pubInfo);
-// DhNonce dhNonce = new DhNonce();
-// authPack.setClientDhNonce(dhNonce);
+ // DhNonce dhNonce = new DhNonce();
+ // authPack.setClientDhNonce(dhNonce);
byte[] signedAuthPack = signAuthPack(authPack);
paPkAsReq.setSignedAuthPack(signedAuthPack);
} else {
LOG.info("RSA key transport algorithm");
-// authPack.setClientPublicValue(null);
+ // authPack.setClientPublicValue(null);
}
-
-
TrustedCertifiers trustedCertifiers = pkinitContext.pluginOpts.createTrustedCertifiers();
paPkAsReq.setTrustedCertifiers(trustedCertifiers);
-// byte[] kdcPkId = pkinitContext.pluginOpts.createIssuerAndSerial();
-// paPkAsReq.setKdcPkId(kdcPkId);
+ // byte[] kdcPkId = pkinitContext.pluginOpts.createIssuerAndSerial();
+ // paPkAsReq.setKdcPkId(kdcPkId);
return paPkAsReq;
}
private byte[] signAuthPack(AuthPack authPack) throws KrbException {
- String oid = pkinitContext.cryptoctx.getIdPkinitAuthDataOID();
+ String oid = PkinitPlgCryptoContext.getIdPkinitAuthDataOID();
byte[] signedDataBytes = PkinitCrypto.eContentInfoCreate(
KrbCodec.encode(authPack), oid);
@@ -348,7 +350,6 @@ public class PkinitPreauth extends AbstractPreauthPlugin {
PkinitCrypto.verifyCmsSignedData(
CmsMessageType.CMS_SIGN_SERVER, signedData);
-
String anchorFileName = kdcRequest.getContext().getConfig().getPkinitAnchors().get(0);
X509Certificate x509Certificate = null;
@@ -361,10 +362,12 @@ public class PkinitPreauth extends AbstractPreauthPlugin {
Certificate archorCertificate = PkinitCrypto.changeToCertificate(x509Certificate);
CertificateSet certificateSet = signedData.getCertificates();
- List<CertificateChoices> certificateChoicesList = certificateSet.getElements();
List<Certificate> certificates = new ArrayList<>();
- for (CertificateChoices certificateChoices : certificateChoicesList) {
- certificates.add(certificateChoices.getCertificate());
+ if (certificateSet != null) {
+ List<CertificateChoices> certificateChoicesList = certificateSet.getElements();
+ for (CertificateChoices certificateChoices : certificateChoicesList) {
+ certificates.add(certificateChoices.getCertificate());
+ }
}
try {
PkinitCrypto.validateChain(certificates, archorCertificate);
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f751d390/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ad/ADAndOr.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ad/ADAndOr.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ad/ADAndOr.java
new file mode 100644
index 0000000..50ac2f7
--- /dev/null
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ad/ADAndOr.java
@@ -0,0 +1,78 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.type.ad;
+
+import java.io.IOException;
+import java.util.List;
+
+import org.apache.kerby.asn1.Asn1Dumper;
+import org.apache.kerby.kerberos.kerb.type.KrbSequenceOfType;
+
+/**
+ * Contributed to the Apache Kerby Project by: Prodentity - Corrales, NM
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache DirectoryProject</a>
+ */
+public class ADAndOr extends AuthorizationDataEntry {
+
+ private KrbSequenceOfType<AndOr> myAndOr;
+
+ public ADAndOr() {
+ super(AuthorizationType.AD_AND_OR);
+ myAndOr = new KrbSequenceOfType<AndOr>();
+ myAndOr.outerEncodeable = this;
+ }
+
+ public ADAndOr(byte[] encoded) throws IOException {
+ this();
+ myAndOr.decode(encoded);
+ }
+
+ public ADAndOr(List<AndOr> elements) {
+ this();
+ for (AndOr element : elements) {
+ myAndOr.add(element);
+ }
+ }
+
+ public List<AndOr> getAndOrs() throws IOException {
+ return myAndOr.getElements();
+ }
+
+ public void add(AndOr element) {
+ myAndOr.add(element);
+ }
+
+ @Override
+ protected int encodingBodyLength() throws IOException {
+ if (bodyLength == -1) {
+ setAuthzData(myAndOr.encode());
+ bodyLength = super.encodingBodyLength();
+ }
+ return bodyLength;
+ };
+
+ @Override
+ public void dumpWith(Asn1Dumper dumper, int indents) {
+ super.dumpWith(dumper, indents);
+ dumper.newLine();
+ myAndOr.dumpWith(dumper, indents + 8);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f751d390/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ad/ADAuthenticationIndicator.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ad/ADAuthenticationIndicator.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ad/ADAuthenticationIndicator.java
new file mode 100644
index 0000000..f76b4e2
--- /dev/null
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ad/ADAuthenticationIndicator.java
@@ -0,0 +1,82 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.type.ad;
+
+import java.io.IOException;
+import java.util.List;
+
+import org.apache.kerby.asn1.Asn1Dumper;
+import org.apache.kerby.asn1.type.Asn1Utf8String;
+import org.apache.kerby.kerberos.kerb.type.KrbSequenceOfType;
+
+/**
+ * Contributed to the Apache Kerby Project by: Prodentity - Corrales, NM
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache DirectoryProject</a>
+ */
+public class ADAuthenticationIndicator extends AuthorizationDataEntry {
+
+ private AuthIndicator myAuthIndicator;
+
+ private class AuthIndicator extends KrbSequenceOfType<Asn1Utf8String> {
+ }
+
+ public ADAuthenticationIndicator() {
+ super(AuthorizationType.AD_AUTHENTICAION_INDICATOR);
+ myAuthIndicator = new AuthIndicator();
+ myAuthIndicator.outerEncodeable = this;
+ }
+
+ public ADAuthenticationIndicator(byte[] encoded) throws IOException {
+ this();
+ myAuthIndicator.decode(encoded);
+ }
+
+ public List<Asn1Utf8String> getAuthIndicators() {
+ return myAuthIndicator.getElements();
+ }
+
+ public void add(Asn1Utf8String indicator) {
+ myAuthIndicator.add(indicator);
+ resetBodyLength();
+ }
+
+ public void clear() {
+ myAuthIndicator.clear();
+ resetBodyLength();
+ }
+
+ @Override
+ protected int encodingBodyLength() throws IOException {
+ if (bodyLength == -1) {
+ setAuthzData(myAuthIndicator.encode());
+ bodyLength = super.encodingBodyLength();
+ }
+ return bodyLength;
+ };
+
+ @Override
+ public void dumpWith(Asn1Dumper dumper, int indents) {
+ super.dumpWith(dumper, indents);
+ dumper.newLine();
+ myAuthIndicator.dumpWith(dumper, indents + 8);
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f751d390/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ad/ADCamMac.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ad/ADCamMac.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ad/ADCamMac.java
new file mode 100644
index 0000000..138ba04
--- /dev/null
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ad/ADCamMac.java
@@ -0,0 +1,187 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.type.ad;
+
+import java.io.IOException;
+
+import org.apache.kerby.asn1.Asn1Dumper;
+import org.apache.kerby.asn1.Asn1FieldInfo;
+import org.apache.kerby.asn1.EnumType;
+import org.apache.kerby.asn1.ExplicitField;
+import org.apache.kerby.kerberos.kerb.type.KrbSequenceType;
+
+/**
+ * <pre>
+ * AD-CAMMAC ::= SEQUENCE {
+ * elements [0] AuthorizationData,
+ * kdc-verifier [1] Verifier-MAC OPTIONAL,
+ * svc-verifier [2] Verifier-MAC OPTIONAL,
+ * other-verifiers [3] SEQUENCE (SIZE (1..MAX))
+ * OF Verifier OPTIONAL
+ * }
+ * </pre>
+ *
+ * Contributed to the Apache Kerby Project by: Prodentity - Corrales, NM
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache DirectoryProject</a>
+ */
+public class ADCamMac extends AuthorizationDataEntry {
+
+ private CamMac myCamMac;
+
+ private static class CamMac extends KrbSequenceType {
+
+ protected enum CamMacField implements EnumType {
+ CAMMAC_elements, CAMMAC_kdc_verifier, CAMMAC_svc_verifier, CAMMAC_other_verifiers;
+
+ @Override
+ public int getValue() {
+ return ordinal();
+ }
+
+ @Override
+ public String getName() {
+ return name();
+ }
+ }
+
+ /** The CamMac's fields */
+ private static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new ExplicitField(CamMacField.CAMMAC_elements, AuthorizationData.class),
+ new ExplicitField(CamMacField.CAMMAC_kdc_verifier, CamMacVerifierMac.class),
+ new ExplicitField(CamMacField.CAMMAC_svc_verifier, CamMacVerifierMac.class),
+ new ExplicitField(CamMacField.CAMMAC_other_verifiers, CamMacOtherVerifiers.class)};
+
+ CamMac() {
+ super(fieldInfos);
+ }
+
+ CamMac(byte[] authzFields) {
+ super(fieldInfos);
+ super.setFieldAsOctets(AuthorizationDataEntryField.AD_DATA, authzFields);
+ }
+
+ CamMac(AuthorizationData authzData) {
+ super(fieldInfos);
+ setFieldAs(CamMacField.CAMMAC_elements, authzData);
+ }
+
+ public AuthorizationData getAuthorizationData() {
+ return getFieldAs(CamMacField.CAMMAC_elements, AuthorizationData.class);
+ }
+
+ public void setAuthorizationData(AuthorizationData authzData) {
+ setFieldAs(CamMacField.CAMMAC_elements, authzData);
+ resetBodyLength();
+ }
+
+ public CamMacVerifierMac getKdcVerifier() {
+ return getFieldAs(CamMacField.CAMMAC_kdc_verifier, CamMacVerifierMac.class);
+ }
+
+ public void setKdcVerifier(CamMacVerifierMac kdcVerifier) {
+ setFieldAs(CamMacField.CAMMAC_kdc_verifier, kdcVerifier);
+ resetBodyLength();
+ }
+
+ public CamMacVerifierMac getSvcVerifier() {
+ return getFieldAs(CamMacField.CAMMAC_svc_verifier, CamMacVerifierMac.class);
+ }
+
+ public void setSvcVerifier(CamMacVerifierMac svcVerifier) {
+ setFieldAs(CamMacField.CAMMAC_svc_verifier, svcVerifier);
+ resetBodyLength();
+ }
+
+ public CamMacOtherVerifiers getOtherVerifiers() {
+ return getFieldAs(CamMacField.CAMMAC_other_verifiers, CamMacOtherVerifiers.class);
+ }
+
+ public void setOtherVerifiers(CamMacOtherVerifiers svcVerifier) {
+ setFieldAs(CamMacField.CAMMAC_other_verifiers, svcVerifier);
+ resetBodyLength();
+ }
+ }
+
+ public ADCamMac() {
+ super(AuthorizationType.AD_CAMMAC);
+ myCamMac = new CamMac();
+ myCamMac.outerEncodeable = this;
+ }
+
+ public ADCamMac(byte[] encoded) throws IOException {
+ this();
+ myCamMac.decode(encoded);
+ }
+
+ public AuthorizationData getAuthorizationData() {
+ return myCamMac.getAuthorizationData();
+ }
+
+ public void setAuthorizationData(AuthorizationData authzData) {
+ myCamMac.setAuthorizationData(authzData);
+ }
+
+ public CamMacVerifierMac getKdcVerifier() {
+ return myCamMac.getKdcVerifier();
+ }
+
+ public void setKdcVerifier(CamMacVerifierMac kdcVerifier) {
+ myCamMac.setKdcVerifier(kdcVerifier);
+ }
+
+ public CamMacVerifierMac getSvcVerifier() {
+ return myCamMac.getSvcVerifier();
+ }
+
+ public void setSvcVerifier(CamMacVerifierMac svcVerifier) {
+ myCamMac.setSvcVerifier(svcVerifier);
+ }
+
+ public CamMacOtherVerifiers getOtherVerifiers() {
+ return myCamMac.getOtherVerifiers();
+ }
+
+ public void setOtherVerifiers(CamMacOtherVerifiers otherVerifiers) {
+ myCamMac.setOtherVerifiers(otherVerifiers);
+ }
+
+ @Override
+ protected int encodingBodyLength() throws IOException {
+ if (bodyLength == -1) {
+ setAuthzData(myCamMac.encode());
+ bodyLength = super.encodingBodyLength();
+ }
+ return bodyLength;
+ };
+
+ @Override
+ public void dumpWith(Asn1Dumper dumper, int indents) {
+ try {
+ setAuthzData(myCamMac.encode());
+ } catch (IOException e) {
+ e.printStackTrace();
+ }
+ super.dumpWith(dumper, indents);
+ dumper.newLine();
+ myCamMac.dumpWith(dumper, indents + 8);
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f751d390/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ad/ADEnctypeNegotiation.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ad/ADEnctypeNegotiation.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ad/ADEnctypeNegotiation.java
new file mode 100644
index 0000000..3a40490
--- /dev/null
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ad/ADEnctypeNegotiation.java
@@ -0,0 +1,83 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.type.ad;
+
+import java.io.IOException;
+import java.util.List;
+
+import org.apache.kerby.asn1.Asn1Dumper;
+import org.apache.kerby.asn1.type.Asn1Integer;
+import org.apache.kerby.kerberos.kerb.type.KrbSequenceOfType;
+
+/**
+ * Contributed to the Apache Kerby Project by: Prodentity - Corrales, NM
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache DirectoryProject</a>
+ */
+public class ADEnctypeNegotiation extends AuthorizationDataEntry {
+
+ private KrbSequenceOfType<Asn1Integer> myEnctypeNeg;
+
+ public ADEnctypeNegotiation() {
+ super(AuthorizationType.AD_ETYPE_NEGOTIATION);
+ myEnctypeNeg = new KrbSequenceOfType<Asn1Integer>();
+ myEnctypeNeg.outerEncodeable = this;
+ }
+
+ public ADEnctypeNegotiation(byte[] encoded) throws IOException {
+ this();
+ myEnctypeNeg.decode(encoded);
+ }
+
+ public ADEnctypeNegotiation(List<Asn1Integer> enctypeNeg) throws IOException {
+ this();
+ for (Asn1Integer element : enctypeNeg) {
+ myEnctypeNeg.add(element);
+ }
+ }
+
+ public List<Asn1Integer> getEnctypeNegotiation() {
+ return myEnctypeNeg.getElements();
+ }
+
+ public void add(Asn1Integer element) {
+ myEnctypeNeg.add(element);
+ }
+
+ public void clear() {
+ myEnctypeNeg.clear();
+ }
+
+ @Override
+ protected int encodingBodyLength() throws IOException {
+ if (bodyLength == -1) {
+ setAuthzData(myEnctypeNeg.encode());
+ bodyLength = super.encodingBodyLength();
+ }
+ return bodyLength;
+ }
+
+ @Override
+ public void dumpWith(Asn1Dumper dumper, int indents) {
+ super.dumpWith(dumper, indents);
+ dumper.newLine();
+ myEnctypeNeg.dumpWith(dumper, indents + 8);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f751d390/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ad/ADIntendedForApplicationClass.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ad/ADIntendedForApplicationClass.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ad/ADIntendedForApplicationClass.java
new file mode 100644
index 0000000..fee3657
--- /dev/null
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ad/ADIntendedForApplicationClass.java
@@ -0,0 +1,179 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.type.ad;
+
+import java.io.IOException;
+
+import org.apache.kerby.asn1.Asn1Dumper;
+import org.apache.kerby.asn1.Asn1FieldInfo;
+import org.apache.kerby.asn1.EnumType;
+import org.apache.kerby.asn1.ExplicitField;
+import org.apache.kerby.kerberos.kerb.type.KerberosStrings;
+import org.apache.kerby.kerberos.kerb.type.KrbSequenceType;
+
+/**
+ * Asn1 Class for the "intended for application class" authorization type.
+ *
+ * RFC 4120
+ *
+ * AD-INTENDED-FOR-APPLICATION-CLASS SEQUENCE { intended-application-class[0]
+ * SEQUENCE OF GeneralString elements[1] AuthorizationData } AD elements
+ *
+ * encapsulated within the intended-for-application-class element may be ignored
+ * if the application server is not in one of the named classes of application
+ * servers. Examples of application server classes include "FILESYSTEM", and
+ * other kinds of servers.
+ *
+ * This element and the elements it encapsulates may be safely ignored by
+ * applications, application servers, and KDCs that do not implement this
+ * element.
+ *
+ * Contributed to the Apache Kerby Project by: Prodentity - Corrales, NM
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache DirectoryProject</a>
+ */
+public class ADIntendedForApplicationClass extends AuthorizationDataEntry {
+
+ private IntendedForApplicationClass myIntForAppClass;
+
+ private static class IntendedForApplicationClass extends KrbSequenceType {
+
+ private AuthorizationData authzData;
+
+ /**
+ * The possible fields
+ */
+ protected enum IntendedForApplicationClassField implements EnumType {
+ IFAC_intendedAppClass, IFAC_elements;
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public int getValue() {
+ return ordinal();
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public String getName() {
+ return name();
+ }
+ }
+
+ /** The IntendedForApplicationClass's fields */
+ private static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new ExplicitField(IntendedForApplicationClassField.IFAC_intendedAppClass, KerberosStrings.class),
+ new ExplicitField(IntendedForApplicationClassField.IFAC_elements, AuthorizationData.class)};
+
+ /**
+ * Creates an IntendedForApplicationClass instance
+ */
+ IntendedForApplicationClass() {
+ super(fieldInfos);
+ }
+
+ /**
+ * Creates an IntendedForApplicationClass instance
+ */
+ IntendedForApplicationClass(KerberosStrings intendedAppClass) {
+ super(fieldInfos);
+ setFieldAs(IntendedForApplicationClassField.IFAC_intendedAppClass, intendedAppClass);
+ }
+
+ public KerberosStrings getIntendedForApplicationClass() {
+ return getFieldAs(IntendedForApplicationClassField.IFAC_intendedAppClass, KerberosStrings.class);
+ }
+
+ /**
+ * Sets the Intended Application Class value.
+ */
+ public void setIntendedForApplicationClass(KerberosStrings intendedAppClass) {
+ setFieldAs(IntendedForApplicationClassField.IFAC_intendedAppClass, intendedAppClass);
+ resetBodyLength();
+ }
+
+ public AuthorizationData getAuthzData() {
+ if (authzData == null) {
+ authzData = getFieldAs(IntendedForApplicationClassField.IFAC_elements, AuthorizationData.class);
+ }
+ return authzData;
+ }
+
+ public void setAuthzData(AuthorizationData authzData) {
+ this.authzData = authzData;
+ setFieldAs(IntendedForApplicationClassField.IFAC_elements, authzData);
+ resetBodyLength();
+ }
+ }
+
+ public ADIntendedForApplicationClass() {
+ super(AuthorizationType.AD_INTENDED_FOR_APPLICATION_CLASS);
+ myIntForAppClass = new IntendedForApplicationClass();
+ myIntForAppClass.outerEncodeable = this;
+ }
+
+ public ADIntendedForApplicationClass(byte[] encoded) throws IOException {
+ this();
+ myIntForAppClass.decode(encoded);
+ }
+
+ public ADIntendedForApplicationClass(KerberosStrings intendedAppClass) throws IOException {
+ this();
+ myIntForAppClass.setIntendedForApplicationClass(intendedAppClass);
+ }
+
+ public KerberosStrings getIntendedForApplicationClass() {
+ return myIntForAppClass.getIntendedForApplicationClass();
+ }
+
+ /**
+ * Sets the Intended Application Class value.
+ */
+ public void setIntendedForApplicationClass(KerberosStrings intendedAppClass) {
+ myIntForAppClass.setIntendedForApplicationClass(intendedAppClass);
+ }
+
+ public AuthorizationData getAuthorizationData() {
+ return myIntForAppClass.getAuthzData();
+ }
+
+ public void setAuthorizationData(AuthorizationData authzData) {
+ myIntForAppClass.setAuthzData(authzData);
+ }
+
+ @Override
+ protected int encodingBodyLength() throws IOException {
+ if (bodyLength == -1) {
+ setAuthzData(myIntForAppClass.encode());
+ bodyLength = super.encodingBodyLength();
+ }
+ return bodyLength;
+ };
+
+ @Override
+ public void dumpWith(Asn1Dumper dumper, int indents) {
+ super.dumpWith(dumper, indents);
+ dumper.newLine();
+ myIntForAppClass.dumpWith(dumper, indents + 8);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f751d390/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ad/ADIntendedForServer.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ad/ADIntendedForServer.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ad/ADIntendedForServer.java
new file mode 100644
index 0000000..fa28b96
--- /dev/null
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ad/ADIntendedForServer.java
@@ -0,0 +1,162 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.type.ad;
+
+import java.io.IOException;
+
+import org.apache.kerby.asn1.Asn1Dumper;
+import org.apache.kerby.asn1.Asn1FieldInfo;
+import org.apache.kerby.asn1.EnumType;
+import org.apache.kerby.asn1.ExplicitField;
+import org.apache.kerby.kerberos.kerb.type.KrbSequenceType;
+
+/**
+ * Asn1 Class for the "intended for server" authorization type.
+ *
+ * RFC 4120
+ *
+ * AD-INTENDED-FOR-SERVER SEQUENCE { intended-server[0] SEQUENCE OF
+ * PrincipalName elements[1] AuthorizationData }
+ *
+ * AD elements encapsulated within the intended-for-server element may be
+ * ignored if the application server is not in the list of principal names of
+ * intended servers. Further, a KDC issuing a ticket for an application server
+ * can remove this element if the application server is not in the list of
+ * intended servers.
+ *
+ * Application servers should check for their principal name in the
+ * intended-server field of this element. If their principal name is not found,
+ * this element should be ignored. If found, then the encapsulated elements
+ * should be evaluated in the same manner as if they were present in the top
+ * level authorization data field. Applications and application servers that do
+ * not implement this element should reject tickets that contain authorization
+ * data elements of this type.
+ *
+ * Contributed to the Apache Kerby Project by: Prodentity - Corrales, NM
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache DirectoryProject</a>
+ */
+public class ADIntendedForServer extends AuthorizationDataEntry {
+
+ private IntForSrvr myIntForSrvr;
+
+ private static class IntForSrvr extends KrbSequenceType {
+
+ private AuthorizationData authzData;
+
+ protected enum IntForSrvrField implements EnumType {
+ IFS_intendedServer, IFS_elements;
+
+ @Override
+ public int getValue() {
+ return ordinal();
+ }
+
+ @Override
+ public String getName() {
+ return name();
+ }
+ }
+
+ /** The IntendedForServer's fields */
+ private static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new ExplicitField(IntForSrvrField.IFS_intendedServer, PrincipalList.class),
+ new ExplicitField(IntForSrvrField.IFS_elements, AuthorizationData.class)};
+
+ IntForSrvr() {
+ super(fieldInfos);
+ }
+
+ IntForSrvr(PrincipalList principals) {
+ super(fieldInfos);
+ setFieldAs(IntForSrvrField.IFS_intendedServer, principals);
+ }
+
+ public PrincipalList getIntendedServer() {
+ return getFieldAs(IntForSrvrField.IFS_intendedServer, PrincipalList.class);
+ }
+
+ public void setIntendedServer(PrincipalList principals) {
+ setFieldAs(IntForSrvrField.IFS_intendedServer, principals);
+ resetBodyLength();
+ }
+
+ public AuthorizationData getAuthzData() {
+ if (authzData == null) {
+ authzData = getFieldAs(IntForSrvrField.IFS_elements, AuthorizationData.class);
+ }
+ return authzData;
+ }
+
+ public void setAuthzData(AuthorizationData authzData) {
+ this.authzData = authzData;
+ setFieldAs(IntForSrvrField.IFS_elements, authzData);
+ resetBodyLength();
+ }
+ }
+
+ public ADIntendedForServer() {
+ super(AuthorizationType.AD_INTENDED_FOR_SERVER);
+ myIntForSrvr = new IntForSrvr();
+ myIntForSrvr.outerEncodeable = this;
+ }
+
+ public ADIntendedForServer(byte[] encoded) throws IOException {
+ this();
+ myIntForSrvr.decode(encoded);
+ }
+
+ public ADIntendedForServer(PrincipalList principals) throws IOException {
+ this();
+ myIntForSrvr.setIntendedServer(principals);
+ }
+
+ public PrincipalList getIntendedServer() {
+ return myIntForSrvr.getIntendedServer();
+ }
+
+ public void setIntendedServer(PrincipalList principals) {
+ myIntForSrvr.setIntendedServer(principals);
+ }
+
+ public AuthorizationData getAuthorizationData() {
+ return myIntForSrvr.getAuthzData();
+ }
+
+ public void setAuthorizationData(AuthorizationData authzData) {
+ myIntForSrvr.setAuthzData(authzData);
+ }
+
+ @Override
+ protected int encodingBodyLength() throws IOException {
+ if (bodyLength == -1) {
+ setAuthzData(myIntForSrvr.encode());
+ bodyLength = super.encodingBodyLength();
+ }
+ return bodyLength;
+ };
+
+ @Override
+ public void dumpWith(Asn1Dumper dumper, int indents) {
+ super.dumpWith(dumper, indents);
+ dumper.newLine();
+ myIntForSrvr.dumpWith(dumper, indents + 8);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f751d390/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ad/ADKdcIssued.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ad/ADKdcIssued.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ad/ADKdcIssued.java
new file mode 100644
index 0000000..22a7b52
--- /dev/null
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ad/ADKdcIssued.java
@@ -0,0 +1,169 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.type.ad;
+
+import java.io.IOException;
+
+import org.apache.kerby.asn1.Asn1Dumper;
+import org.apache.kerby.asn1.Asn1FieldInfo;
+import org.apache.kerby.asn1.EnumType;
+import org.apache.kerby.asn1.ExplicitField;
+import org.apache.kerby.kerberos.kerb.type.KrbSequenceType;
+import org.apache.kerby.kerberos.kerb.type.base.CheckSum;
+import org.apache.kerby.kerberos.kerb.type.base.PrincipalName;
+import org.apache.kerby.kerberos.kerb.type.base.Realm;
+
+/**
+ * <pre>
+ * AD-KDCIssued ::= SEQUENCE {
+ * ad-checksum [0] Checksum,
+ * i-realm [1] Realm OPTIONAL,
+ * i-sname [2] PrincipalName OPTIONAL,
+ * elements [3] AuthorizationData
+ * }
+ * </pre>
+ *
+ * Contributed to the Apache Kerby Project by: Prodentity - Corrales, NM
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache DirectoryProject</a>
+ */
+public class ADKdcIssued extends AuthorizationDataEntry {
+
+ private KdcIssued myKdcIssued;
+
+ private static class KdcIssued extends KrbSequenceType {
+
+ enum KdcIssuedField implements EnumType {
+ AD_CHECKSUM, I_REALM, I_SNAME, ELEMENTS;
+
+ @Override
+ public int getValue() {
+ return ordinal();
+ }
+
+ @Override
+ public String getName() {
+ return name();
+ }
+ }
+
+ /** The AuthorizationDataEntry's fields */
+ private static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new ExplicitField(KdcIssuedField.AD_CHECKSUM, CheckSum.class),
+ new ExplicitField(KdcIssuedField.I_REALM, Realm.class),
+ new ExplicitField(KdcIssuedField.I_SNAME, PrincipalName.class),
+ new ExplicitField(KdcIssuedField.ELEMENTS, AuthorizationData.class)};
+
+ KdcIssued() {
+ super(fieldInfos);
+ }
+
+ public CheckSum getCheckSum() {
+ return getFieldAs(KdcIssuedField.AD_CHECKSUM, CheckSum.class);
+ }
+
+ public void setCheckSum(CheckSum chkSum) {
+ setFieldAs(KdcIssuedField.AD_CHECKSUM, chkSum);
+ }
+
+ public Realm getRealm() {
+ return getFieldAs(KdcIssuedField.I_REALM, Realm.class);
+ }
+
+ public void setRealm(Realm realm) {
+ setFieldAs(KdcIssuedField.I_REALM, realm);
+ }
+
+ public PrincipalName getSname() {
+ return getFieldAs(KdcIssuedField.I_SNAME, PrincipalName.class);
+ }
+
+ public void setSname(PrincipalName sName) {
+ setFieldAs(KdcIssuedField.I_SNAME, sName);
+ }
+
+ public AuthorizationData getAuthzData() {
+ return getFieldAs(KdcIssuedField.ELEMENTS, AuthorizationData.class);
+ }
+
+ public void setAuthzData(AuthorizationData authzData) {
+ setFieldAs(KdcIssuedField.ELEMENTS, authzData);
+ }
+ }
+
+ public ADKdcIssued() {
+ super(AuthorizationType.AD_KDC_ISSUED);
+ myKdcIssued = new KdcIssued();
+ myKdcIssued.outerEncodeable = this;
+ }
+
+ public ADKdcIssued(byte[] encoded) throws IOException {
+ this();
+ myKdcIssued.decode(encoded);
+ }
+
+ public CheckSum getCheckSum() {
+ return myKdcIssued.getCheckSum();
+ }
+
+ public void setCheckSum(CheckSum chkSum) {
+ myKdcIssued.setCheckSum(chkSum);
+ }
+
+ public Realm getRealm() {
+ return myKdcIssued.getRealm();
+ }
+
+ public void setRealm(Realm realm) {
+ myKdcIssued.setRealm(realm);
+ }
+
+ public PrincipalName getSname() {
+ return myKdcIssued.getSname();
+ }
+
+ public void setSname(PrincipalName sName) {
+ myKdcIssued.setSname(sName);
+ }
+
+ public AuthorizationData getAuthorizationData() {
+ return myKdcIssued.getAuthzData();
+ }
+
+ public void setAuthzData(AuthorizationData authzData) {
+ myKdcIssued.setAuthzData(authzData);
+ }
+
+ @Override
+ protected int encodingBodyLength() throws IOException {
+ if (bodyLength == -1) {
+ setAuthzData(myKdcIssued.encode());
+ bodyLength = super.encodingBodyLength();
+ }
+ return bodyLength;
+ };
+
+ @Override
+ public void dumpWith(Asn1Dumper dumper, int indents) {
+ super.dumpWith(dumper, indents);
+ dumper.newLine();
+ myKdcIssued.dumpWith(dumper, indents + 8);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f751d390/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ad/AndOr.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ad/AndOr.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ad/AndOr.java
new file mode 100644
index 0000000..927cc4a
--- /dev/null
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ad/AndOr.java
@@ -0,0 +1,87 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.type.ad;
+
+import org.apache.kerby.asn1.Asn1FieldInfo;
+import org.apache.kerby.asn1.EnumType;
+import org.apache.kerby.asn1.ExplicitField;
+import org.apache.kerby.asn1.type.Asn1Integer;
+import org.apache.kerby.kerberos.kerb.type.KrbSequenceType;
+
+/**
+ * <pre>
+ * AD-AND-OR ::= SEQUENCE {
+ * condition-count [0] Int32,
+ * elements [1] AuthorizationData
+ * }
+ * </pre>
+ *
+ * Contributed to the Apache Kerby Project by: Prodentity - Corrales, NM
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache DirectoryProject</a>
+ */
+public class AndOr extends KrbSequenceType {
+
+ protected enum AndOrField implements EnumType {
+ AndOr_ConditionCount, AndOr_Elements;
+
+ @Override
+ public int getValue() {
+ return ordinal();
+ }
+
+ @Override
+ public String getName() {
+ return name();
+ }
+ }
+
+ /** The CamMac's fields */
+ private static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new ExplicitField(AndOrField.AndOr_ConditionCount, Asn1Integer.class),
+ new ExplicitField(AndOrField.AndOr_Elements, AuthorizationData.class)};
+
+ public AndOr() {
+ super(fieldInfos);
+ }
+
+ public AndOr(int conditionCount, AuthorizationData authzData) {
+ super(fieldInfos);
+ setFieldAs(AndOrField.AndOr_ConditionCount, new Asn1Integer(conditionCount));
+ setFieldAs(AndOrField.AndOr_Elements, authzData);
+ }
+
+ public int getConditionCount() {
+ return getFieldAs(AndOrField.AndOr_ConditionCount, Asn1Integer.class).getValue().intValue();
+ }
+
+ public void setConditionCount(int conditionCount) {
+ setFieldAs(AndOrField.AndOr_ConditionCount, new Asn1Integer(conditionCount));
+ }
+
+ public AuthorizationData getAuthzData() {
+ return getFieldAs(AndOrField.AndOr_Elements, AuthorizationData.class);
+ }
+
+ public void setAuthzData(AuthorizationData authzData) {
+ setFieldAs(AndOrField.AndOr_Elements, authzData);
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f751d390/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ad/AuthorizationData.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ad/AuthorizationData.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ad/AuthorizationData.java
index 57f8299..3f8b07d 100644
--- a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ad/AuthorizationData.java
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ad/AuthorizationData.java
@@ -35,4 +35,14 @@ import org.apache.kerby.kerberos.kerb.type.KrbSequenceOfType;
* @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
*/
public class AuthorizationData extends KrbSequenceOfType<AuthorizationDataEntry> {
+
+ public AuthorizationData clone() {
+ AuthorizationData result = new AuthorizationData();
+
+ for (AuthorizationDataEntry entry : super.getElements()) {
+ result.add(entry.clone());
+ }
+
+ return result;
+ }
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f751d390/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ad/AuthorizationDataEntry.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ad/AuthorizationDataEntry.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ad/AuthorizationDataEntry.java
index bd08692..fa9284b 100644
--- a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ad/AuthorizationDataEntry.java
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ad/AuthorizationDataEntry.java
@@ -24,8 +24,11 @@ import org.apache.kerby.asn1.EnumType;
import org.apache.kerby.asn1.ExplicitField;
import org.apache.kerby.asn1.type.Asn1Integer;
import org.apache.kerby.asn1.type.Asn1OctetString;
+import org.apache.kerby.asn1.type.Asn1Type;
import org.apache.kerby.kerberos.kerb.type.KrbSequenceType;
+import java.io.IOException;
+
/**
* The AuthorizationData component as defined in RFC 4120 :
*
@@ -79,6 +82,23 @@ public class AuthorizationDataEntry extends KrbSequenceType {
}
/**
+ * Creates an AuthorizationDataEntry instance
+ */
+ public AuthorizationDataEntry(AuthorizationType type) {
+ super(fieldInfos);
+ setAuthzType(type);
+ }
+
+ /**
+ * Creates an AuthorizationDataEntry instance
+ */
+ public AuthorizationDataEntry(AuthorizationType type, byte[] authzData) {
+ super(fieldInfos);
+ setAuthzType(type);
+ setAuthzData(authzData);
+ }
+
+ /**
* @return The AuthorizationType (AD_TYPE) field
*/
public AuthorizationType getAuthzType() {
@@ -96,7 +116,7 @@ public class AuthorizationDataEntry extends KrbSequenceType {
}
/**
- * @return The AuthorizationType (AD_DATA) field
+ * @return The AuthorizationData (AD_DATA) field
*/
public byte[] getAuthzData() {
return getFieldAsOctets(AuthorizationDataEntryField.AD_DATA);
@@ -109,4 +129,31 @@ public class AuthorizationDataEntry extends KrbSequenceType {
public void setAuthzData(byte[] authzData) {
setFieldAsOctets(AuthorizationDataEntryField.AD_DATA, authzData);
}
+
+ /**
+ * @param <T>
+ * @return The AuthorizationData (AD_DATA) field
+ * @throws IllegalAccessException
+ * @throws InstantiationException
+ */
+ public <T extends Asn1Type> T getAuthzDataAs(Class<T> type) {
+ T result = null;
+ byte[] authzBytes = getFieldAsOctets(
+ AuthorizationDataEntryField.AD_DATA);
+ if (authzBytes != null) {
+ try {
+ result = type.newInstance();
+ result.decode(authzBytes);
+ } catch (InstantiationException | IllegalAccessException | IOException e) {
+ e.printStackTrace();
+ }
+
+ }
+ return result;
+ }
+
+ public AuthorizationDataEntry clone() {
+ return new AuthorizationDataEntry(getAuthzType(),
+ getAuthzData().clone());
+ }
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f751d390/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ad/AuthorizationDataWrapper.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ad/AuthorizationDataWrapper.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ad/AuthorizationDataWrapper.java
new file mode 100644
index 0000000..e7c3fa5
--- /dev/null
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ad/AuthorizationDataWrapper.java
@@ -0,0 +1,118 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.type.ad;
+
+import java.io.IOException;
+
+import org.apache.kerby.asn1.Asn1Dumper;
+import org.apache.kerby.asn1.EnumType;
+
+/**
+ * Contributed to the Apache Kerby Project by: Prodentity - Corrales, NM
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache DirectoryProject</a>
+ */
+public class AuthorizationDataWrapper extends AuthorizationDataEntry {
+
+ private AuthorizationData authorizationData;
+
+ public enum WrapperType implements EnumType {
+ AD_IF_RELEVANT(AuthorizationType.AD_IF_RELEVANT.getValue()), AD_MANDATORY_FOR_KDC(
+ AuthorizationType.AD_MANDATORY_FOR_KDC.getValue());
+
+ /** The internal value */
+ private final int value;
+
+ /**
+ * Create a new enum
+ */
+ WrapperType(int value) {
+ this.value = value;
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public int getValue() {
+ return value;
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public String getName() {
+ return name();
+ }
+
+ }
+
+ public AuthorizationDataWrapper(WrapperType type) {
+ super(Enum.valueOf(AuthorizationType.class, type.name()));
+ }
+
+ public AuthorizationDataWrapper(WrapperType type, AuthorizationData authzData) throws IOException {
+ super(Enum.valueOf(AuthorizationType.class, type.name()));
+ authorizationData = authzData;
+ if (authzData != null) {
+ setAuthzData(authzData.encode());
+ } else {
+ setAuthzData(null);
+ }
+ }
+
+ /**
+ * @return The AuthorizationType (AD_DATA) field
+ * @throws IOException
+ */
+ public AuthorizationData getAuthorizationData() throws IOException {
+ AuthorizationData result;
+ if (authorizationData != null) {
+ result = authorizationData;
+ } else {
+ result = new AuthorizationData();
+ result.decode(getAuthzData());
+ }
+ return result;
+ }
+
+ /**
+ * Sets the AuthorizationData (AD_DATA) field
+ *
+ * @param authzData The AuthorizationData to set
+ * @throws IOException
+ */
+ public void setAuthorizationData(AuthorizationData authzData) throws IOException {
+ setAuthzData(authzData.encode());
+ }
+
+ @Override
+ public void dumpWith(Asn1Dumper dumper, int indents) {
+ super.dumpWith(dumper, indents);
+ dumper.newLine();
+ try {
+ getAuthorizationData().dumpWith(dumper, indents + 8);
+ } catch (IOException e) {
+ e.printStackTrace();
+ }
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f751d390/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ad/AuthorizationType.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ad/AuthorizationType.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ad/AuthorizationType.java
index 4718206..0135215 100644
--- a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ad/AuthorizationType.java
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ad/AuthorizationType.java
@@ -21,6 +21,9 @@ package org.apache.kerby.kerberos.kerb.type.ad;
import org.apache.kerby.asn1.EnumType;
+import java.util.HashMap;
+import java.util.Map;
+
/**
* The various AuthorizationType values, as defined in RFC 4120 and RFC 1510.
*
@@ -36,6 +39,14 @@ public enum AuthorizationType implements EnumType {
* Constant for the "if relevant" authorization type.
*
* RFC 4120
+ *
+ * AD elements encapsulated within the if-relevant element are intended for
+ * interpretation only by application servers that understand the particular
+ * ad-type of the embedded element. Application servers that do not
+ * understand the type of an element embedded within the if-relevant element
+ * may ignore the uninterpretable element. This element promotes
+ * interoperability across implementations which may have local extensions
+ * for authorization.
*/
AD_IF_RELEVANT(1),
@@ -43,6 +54,23 @@ public enum AuthorizationType implements EnumType {
* Constant for the "intended for server" authorization type.
*
* RFC 4120
+ *
+ * AD-INTENDED-FOR-SERVER SEQUENCE { intended-server[0] SEQUENCE OF
+ * PrincipalName elements[1] AuthorizationData }
+ *
+ * AD elements encapsulated within the intended-for-server element may be
+ * ignored if the application server is not in the list of principal names
+ * of intended servers. Further, a KDC issuing a ticket for an application
+ * server can remove this element if the application server is not in the
+ * list of intended servers.
+ *
+ * Application servers should check for their principal name in the
+ * intended-server field of this element. If their principal name is not
+ * found, this element should be ignored. If found, then the encapsulated
+ * elements should be evaluated in the same manner as if they were present
+ * in the top level authorization data field. Applications and application
+ * servers that do not implement this element should reject tickets that
+ * contain authorization data elements of this type.
*/
AD_INTENDED_FOR_SERVER(2),
@@ -50,6 +78,19 @@ public enum AuthorizationType implements EnumType {
* Constant for the "intended for application class" authorization type.
*
* RFC 4120
+ *
+ * AD-INTENDED-FOR-APPLICATION-CLASS SEQUENCE {
+ * intended-application-class[0] SEQUENCE OF GeneralString elements[1]
+ * AuthorizationData } AD elements
+ *
+ * encapsulated within the intended-for-application-class element may be
+ * ignored if the application server is not in one of the named classes of
+ * application servers. Examples of application server classes include
+ * "FILESYSTEM", and other kinds of servers.
+ *
+ * This element and the elements it encapsulates may be safely ignored by
+ * applications, application servers, and KDCs that do not implement this
+ * element.
*/
AD_INTENDED_FOR_APPLICATION_CLASS(3),
@@ -57,20 +98,68 @@ public enum AuthorizationType implements EnumType {
* Constant for the "kdc issued" authorization type.
*
* RFC 4120
+ *
+ * AD-KDCIssued SEQUENCE { ad-checksum[0] Checksum, i-realm[1] Realm
+ * OPTIONAL, i-sname[2] PrincipalName OPTIONAL, elements[3]
+ * AuthorizationData. }
+ *
+ * ad-checksum A checksum over the elements field using a cryptographic
+ * checksum method that is identical to the checksum used to protect the
+ * ticket itself (i.e. using the same hash function and the same encryption
+ * algorithm used to encrypt the ticket) and using a key derived from the
+ * same key used to protect the ticket. i-realm, i-sname The name of the
+ * issuing principal if different from the KDC itself. This field would be
+ * used when the KDC can verify the authenticity of elements signed by the
+ * issuing principal and it allows this KDC to notify the application server
+ * of the validity of those elements. elements A sequence of authorization
+ * data elements issued by the KDC.
+ *
+ * The KDC-issued ad-data field is intended to provide a means for Kerberos
+ * principal credentials to embed within themselves privilege attributes and
+ * other mechanisms for positive authorization, amplifying the privileges of
+ * the principal beyond what can be done using a credentials without such an
+ * a-data element.
+ *
+ * This can not be provided without this element because the definition of
+ * the authorization-data field allows elements to be added at will by the
+ * bearer of a TGT at the time that they request service tickets and
+ * elements may also be added to a delegated ticket by inclusion in the
+ * authenticator.
*/
AD_KDC_ISSUED(4),
/**
- * Constant for the "or" authorization type.
+ * Constant for the "and/or" authorization type.
*
* RFC 4120
+ *
+ * When restrictive AD elements encapsulated within the and-or element are
+ * encountered, only the number specified in condition-count of the
+ * encapsulated conditions must be met in order to satisfy this element.
+ * This element may be used to implement an "or" operation by setting the
+ * condition-count field to 1, and it may specify an "and" operation by
+ * setting the condition count to the number of embedded elements.
+ * Application servers that do not implement this element must reject
+ * tickets that contain authorization data elements of this type.
*/
- AD_OR(5),
+ AD_AND_OR(5),
/**
* Constant for the "mandatory ticket extensions" authorization type.
*
* RFC 4120
+ *
+ * AD-Mandatory-Ticket-Extensions Checksum
+ *
+ * An authorization data element of type mandatory-ticket-extensions
+ * specifies a collision-proof checksum using the same hash algorithm used
+ * to protect the integrity of the ticket itself. This checksum will be
+ * calculated over the entire extensions field. If there are more than one
+ * extension, all will be covered by the checksum. This restriction
+ * indicates that the ticket should not be accepted if the checksum does not
+ * match that calculated over the ticket extensions. Application servers
+ * that do not implement this element must reject tickets that contain
+ * authorization data elements of this type.
*/
AD_MANDATORY_TICKET_EXTENSIONS(6),
@@ -78,6 +167,22 @@ public enum AuthorizationType implements EnumType {
* Constant for the "in ticket extensions" authorization type.
*
* RFC 4120
+ *
+ * AD-IN-Ticket-Extensions Checksum
+ *
+ * An authorization data element of type in-ticket-extensions specifies a
+ * collision-proof checksum using the same hash algorithm used to protect
+ * the integrity of the ticket itself. This checksum is calculated over a
+ * separate external AuthorizationData field carried in the ticket
+ * extensions. Application servers that do not implement this element must
+ * reject tickets that contain authorization data elements of this type.
+ * Application servers that do implement this element will search the ticket
+ * extensions for authorization data fields, calculate the specified
+ * checksum over each authorization data field and look for one matching the
+ * checksum in this in-ticket-extensions element. If not found, then the
+ * ticket must be rejected. If found, the corresponding authorization data
+ * elements will be interpreted in the same manner as if they were contained
+ * in the top level authorization data field.
*/
AD_IN_TICKET_EXTENSIONS(7),
@@ -85,10 +190,74 @@ public enum AuthorizationType implements EnumType {
* Constant for the "mandatory-for-kdc" authorization type.
*
* RFC 4120
+ *
+ * AD-MANDATORY-FOR-KDC ::= AuthorizationData
+ *
+ * AD elements encapsulated within the mandatory-for-kdc element are to be
+ * interpreted by the KDC. KDCs that do not understand the type of an
+ * element embedded within the mandatory-for-kdc element MUST reject the
+ * request.
*/
AD_MANDATORY_FOR_KDC(8),
/**
+ * Constant for the "initial-verified-cas" authorization type.
+ *
+ * RFC 4556
+ *
+ * AD-INITIAL-VERIFIED-CAS ::= SEQUENCE OF ExternalPrincipalIdentifier --
+ * Identifies the certification path with which -- the client certificate
+ * was validated. -- Each ExternalPrincipalIdentifier identifies a CA -- or
+ * a CA certificate (thereby its public key).
+ *
+ * The AD-INITIAL-VERIFIED-CAS structure identifies the certification path
+ * with which the client certificate was validated. Each
+ * ExternalPrincipalIdentifier (as defined in Section 3.2.1) in the AD-
+ * INITIAL-VERIFIED-CAS structure identifies a CA or a CA certificate
+ * (thereby its public key).
+ *
+ * Note that the syntax for the AD-INITIAL-VERIFIED-CAS authorization data
+ * does permit empty SEQUENCEs to be encoded. Such empty sequences may only
+ * be used if the KDC itself vouches for the user's certificate.
+ *
+ * The AS wraps any AD-INITIAL-VERIFIED-CAS data in AD-IF-RELEVANT
+ * containers if the list of CAs satisfies the AS' realm's local policy
+ * (this corresponds to the TRANSITED-POLICY-CHECKED ticket flag [RFC4120]).
+ * Furthermore, any TGS MUST copy such authorization data from tickets used
+ * within a PA-TGS-REQ of the TGS-REQ into the resulting ticket. If the list
+ * of CAs satisfies the local KDC's realm's policy, the TGS MAY wrap the
+ * data into the AD-IF-RELEVANT container; otherwise, it MAY unwrap the
+ * authorization data out of the AD-IF-RELEVANT container.
+ *
+ * Application servers that understand this authorization data type SHOULD
+ * apply local policy to determine whether a given ticket bearing such a
+ * type *not* contained within an AD-IF-RELEVANT container is acceptable.
+ * (This corresponds to the AP server's checking the transited field when
+ * the TRANSITED-POLICY-CHECKED flag has not been set [RFC4120].) If such a
+ * data type is contained within an AD-IF- RELEVANT container, AP servers
+ * MAY apply local policy to determine whether the authorization data is
+ * acceptable.
+ *
+ * ExternalPrincipalIdentifier ::= SEQUENCE { subjectName [0] IMPLICIT OCTET
+ * STRING OPTIONAL, -- Contains a PKIX type Name encoded according to --
+ * [RFC3280]. -- Identifies the certificate subject by the -- distinguished
+ * subject name. -- REQUIRED when there is a distinguished subject -- name
+ * present in the certificate. issuerAndSerialNumber [1] IMPLICIT OCTET
+ * STRING OPTIONAL, -- Contains a CMS type IssuerAndSerialNumber encoded --
+ * according to [RFC3852]. -- Identifies a certificate of the subject. --
+ * REQUIRED for TD-INVALID-CERTIFICATES and -- TD-TRUSTED-CERTIFIERS.
+ * subjectKeyIdentifier [2] IMPLICIT OCTET STRING OPTIONAL, -- Identifies
+ * the subject's public key by a key -- identifier. When an X.509
+ * certificate is -- referenced, this key identifier matches the X.509 --
+ * subjectKeyIdentifier extension value. When other -- certificate formats
+ * are referenced, the documents -- that specify the certificate format and
+ * their use -- with the CMS must include details on matching the -- key
+ * identifier to the appropriate certificate -- field. -- RECOMMENDED for
+ * TD-TRUSTED-CERTIFIERS. ... }
+ */
+ AD_INITIAL_VERIFIED_CAS(9),
+
+ /**
* Constant for the "OSF DCE" authorization type.
*
* RFC 1510
@@ -98,34 +267,56 @@ public enum AuthorizationType implements EnumType {
/**
* Constant for the "sesame" authorization type.
*
- * RFC 1510
+ * RFC 4120
*/
SESAME(65),
/**
* Constant for the "OSF-DCE pki certid" authorization type.
*
- * RFC 1510
+ * RFC 4120
*/
AD_OSF_DCE_PKI_CERTID(66),
/**
- * Constant for the "sesame" authorization type.
+ * Constant for the "CAM-MAC" authorization type.
*
- * RFC 1510
+ * RFC 7751 for details.
+ */
+ AD_CAMMAC(96),
+
+ /**
+ * Constant for the "Windows 2K Privilege Attribute Certificate (PAC)"
+ * authorization type.
+ *
+ * RFC 4120
+ *
+ * See: Microsoft standard documents MS-PAC and MS-KILE.
*/
AD_WIN2K_PAC(128),
/**
- * Constant for the "sesame" authorization type.
+ * Constant for the "EncType-Negotiation" authorization type.
*
- * RFC 1510
+ * RFC 4537 for details.
*/
- AD_ETYPE_NEGOTIATION(129);
+ AD_ETYPE_NEGOTIATION(129),
+
+ /**
+ * Constant for the "Authentication-Indicator" authorization type.
+ *
+ * RFC 6711 An IANA Registry for Level of Assurance (LoA) Profiles provides
+ * the syntax and semantics of LoA profiles.
+ *
+ * See: Internet draft "draft-jain-kitten-krb-auth-indicator-01"
+ */
+ AD_AUTHENTICAION_INDICATOR(-1); // Not yet assigned an IANA registry number.
/** The internal value */
private final int value;
+ private static Map<Integer, AuthorizationType> valueMap;
+
/**
* Create a new enum
*/
@@ -157,11 +348,13 @@ public enum AuthorizationType implements EnumType {
*/
public static AuthorizationType fromValue(Integer value) {
if (value != null) {
- for (EnumType e : values()) {
- if (e.getValue() == value.intValue()) {
- return (AuthorizationType) e;
+ if (valueMap == null) {
+ valueMap = new HashMap<Integer, AuthorizationType>(32);
+ for (EnumType e : values()) {
+ valueMap.put(e.getValue(), (AuthorizationType) e);
}
}
+ return valueMap.get(value);
}
return NULL;
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f751d390/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ad/CamMacOtherVerifiers.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ad/CamMacOtherVerifiers.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ad/CamMacOtherVerifiers.java
new file mode 100644
index 0000000..7430fdd
--- /dev/null
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ad/CamMacOtherVerifiers.java
@@ -0,0 +1,30 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.type.ad;
+
+import org.apache.kerby.kerberos.kerb.type.KrbSequenceOfType;
+
+/**
+ * Contributed to the Apache Kerby Project by: Prodentity - Corrales, NM
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache DirectoryProject</a>
+ */
+public class CamMacOtherVerifiers extends KrbSequenceOfType<CamMacVerifierChoice> {
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f751d390/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ad/CamMacVerifierChoice.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ad/CamMacVerifierChoice.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ad/CamMacVerifierChoice.java
new file mode 100644
index 0000000..9832aca
--- /dev/null
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ad/CamMacVerifierChoice.java
@@ -0,0 +1,67 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.type.ad;
+
+import org.apache.kerby.asn1.Asn1FieldInfo;
+import org.apache.kerby.asn1.EnumType;
+import org.apache.kerby.asn1.ExplicitField;
+import org.apache.kerby.asn1.type.Asn1Choice;
+import org.apache.kerby.asn1.type.Asn1Type;
+
+/**
+ * <pre>
+ * Verifier ::= CHOICE {
+ mac Verifier-MAC,
+ ...
+ }
+ * </pre>
+ *
+ * Contributed to the Apache Kerby Project by: Prodentity - Corrales, NM
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache DirectoryProject</a>
+ */
+public class CamMacVerifierChoice extends Asn1Choice {
+
+ protected enum VerifierChoice implements EnumType {
+ CAMMAC_verifierMac;
+
+ @Override
+ public int getValue() {
+ return ordinal();
+ }
+
+ @Override
+ public String getName() {
+ return name();
+ }
+ }
+
+ /** The CamMac's fields */
+ private static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new ExplicitField(VerifierChoice.CAMMAC_verifierMac, CamMacVerifierMac.class)};
+
+ public CamMacVerifierChoice() {
+ super(fieldInfos);
+ }
+
+ public void setChoice(EnumType type, Asn1Type choice) {
+ setChoiceValue(type, choice);
+ }
+}
[26/29] directory-kerby git commit: Continued on DIRKRB-552 Fail to
restart KdcServer.
Posted by pl...@apache.org.
Continued on DIRKRB-552 Fail to restart KdcServer.
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/ee3046d9
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/ee3046d9
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/ee3046d9
Branch: refs/heads/kadmin-remote
Commit: ee3046d9fa48e0a9c82c5c15ca1760be0dee0ab8
Parents: 60357e3
Author: plusplusjiajia <ji...@intel.com>
Authored: Mon Jun 6 15:26:07 2016 +0800
Committer: plusplusjiajia <ji...@intel.com>
Committed: Mon Jun 6 15:26:07 2016 +0800
----------------------------------------------------------------------
.../org/apache/kerby/kerberos/kerb/transport/KdcNetwork.java | 6 ++++++
1 file changed, 6 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ee3046d9/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/transport/KdcNetwork.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/transport/KdcNetwork.java b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/transport/KdcNetwork.java
index e3d7570..5323225 100644
--- a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/transport/KdcNetwork.java
+++ b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/transport/KdcNetwork.java
@@ -106,6 +106,12 @@ public abstract class KdcNetwork {
//CHECKSTYLE:ON
public synchronized void stop() {
+ // TODO: waiting the network closed.
+ try {
+ Thread.sleep(1000);
+ } catch (InterruptedException e) {
+ e.printStackTrace();
+ }
isStopped = true;
}
[28/29] directory-kerby git commit: Remove bin in .gitignore file.
Posted by pl...@apache.org.
Remove bin in .gitignore file.
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/9d0f9d29
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/9d0f9d29
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/9d0f9d29
Branch: refs/heads/kadmin-remote
Commit: 9d0f9d29df4f5f8b8a358fc112bccb0c1af83d8f
Parents: 5106221
Author: plusplusjiajia <ji...@intel.com>
Authored: Tue Jun 7 10:23:51 2016 +0800
Committer: plusplusjiajia <ji...@intel.com>
Committed: Tue Jun 7 10:23:51 2016 +0800
----------------------------------------------------------------------
.gitignore | 1 -
1 file changed, 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/9d0f9d29/.gitignore
----------------------------------------------------------------------
diff --git a/.gitignore b/.gitignore
index d639513..c0eb2f8 100644
--- a/.gitignore
+++ b/.gitignore
@@ -14,7 +14,6 @@ dependency-reduced-pom.xml
.pmdruleset.xml
.pmd
.checkstyle
-bin/
kerby-dist/kdc-dist/logs/
kerby-dist/tool-dist/logs/
kerby-dist/kdc-dist/conf/krb5.conf
[02/29] directory-kerby git commit: DIRKRB-553 Unexpected import of
slf4j to log4j12 bindings. Contributed by Mauro Rocchi.
Posted by pl...@apache.org.
DIRKRB-553 Unexpected import of slf4j to log4j12 bindings. Contributed by Mauro Rocchi.
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/f77c4b3e
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/f77c4b3e
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/f77c4b3e
Branch: refs/heads/kadmin-remote
Commit: f77c4b3ed7329e0246494eef9a284f30cea2996e
Parents: 752799e
Author: plusplusjiajia <ji...@intel.com>
Authored: Mon Apr 18 10:17:47 2016 +0800
Committer: plusplusjiajia <ji...@intel.com>
Committed: Mon Apr 18 10:17:47 2016 +0800
----------------------------------------------------------------------
kerby-backend/json-backend/pom.xml | 6 ++++++
kerby-backend/ldap-backend/pom.xml | 6 ++++++
kerby-backend/mavibot-backend/pom.xml | 7 +++++++
kerby-common/kerby-config/pom.xml | 3 ++-
kerby-kerb/integration-test/pom.xml | 6 ++++++
kerby-kerb/kerb-client/pom.xml | 6 ++++++
kerby-kerb/kerb-kdc-test/pom.xml | 8 +++++++-
kerby-kerb/kerb-server/pom.xml | 6 ++++++
kerby-pkix/pom.xml | 6 ++++++
9 files changed, 52 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f77c4b3e/kerby-backend/json-backend/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-backend/json-backend/pom.xml b/kerby-backend/json-backend/pom.xml
index 4261c22..4f8218e 100644
--- a/kerby-backend/json-backend/pom.xml
+++ b/kerby-backend/json-backend/pom.xml
@@ -48,5 +48,11 @@
<artifactId>gson</artifactId>
<version>${gson.version}</version>
</dependency>
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-simple</artifactId>
+ <version>${slf4j.version}</version>
+ <scope>test</scope>
+ </dependency>
</dependencies>
</project>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f77c4b3e/kerby-backend/ldap-backend/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-backend/ldap-backend/pom.xml b/kerby-backend/ldap-backend/pom.xml
index 6c2493c..e972a9c 100644
--- a/kerby-backend/ldap-backend/pom.xml
+++ b/kerby-backend/ldap-backend/pom.xml
@@ -88,5 +88,11 @@
<version>${project.version}</version>
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-simple</artifactId>
+ <version>${slf4j.version}</version>
+ <scope>test</scope>
+ </dependency>
</dependencies>
</project>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f77c4b3e/kerby-backend/mavibot-backend/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-backend/mavibot-backend/pom.xml b/kerby-backend/mavibot-backend/pom.xml
index 116b28f..5375a07 100644
--- a/kerby-backend/mavibot-backend/pom.xml
+++ b/kerby-backend/mavibot-backend/pom.xml
@@ -58,5 +58,12 @@
<version>${project.version}</version>
<scope>test</scope>
</dependency>
+
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-simple</artifactId>
+ <version>${slf4j.version}</version>
+ <scope>test</scope>
+ </dependency>
</dependencies>
</project>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f77c4b3e/kerby-common/kerby-config/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-common/kerby-config/pom.xml b/kerby-common/kerby-config/pom.xml
index e99588a..eb76920 100644
--- a/kerby-common/kerby-config/pom.xml
+++ b/kerby-common/kerby-config/pom.xml
@@ -34,8 +34,9 @@
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
- <artifactId>slf4j-log4j12</artifactId>
+ <artifactId>slf4j-simple</artifactId>
<version>${slf4j.version}</version>
+ <scope>test</scope>
</dependency>
</dependencies>
</project>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f77c4b3e/kerby-kerb/integration-test/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/pom.xml b/kerby-kerb/integration-test/pom.xml
index 8ca6821..efc11aa 100644
--- a/kerby-kerb/integration-test/pom.xml
+++ b/kerby-kerb/integration-test/pom.xml
@@ -49,5 +49,11 @@
<artifactId>token-provider</artifactId>
<version>${project.version}</version>
</dependency>
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-simple</artifactId>
+ <version>${slf4j.version}</version>
+ <scope>test</scope>
+ </dependency>
</dependencies>
</project>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f77c4b3e/kerby-kerb/kerb-client/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/pom.xml b/kerby-kerb/kerb-client/pom.xml
index 1692943..72bd5db 100644
--- a/kerby-kerb/kerb-client/pom.xml
+++ b/kerby-kerb/kerb-client/pom.xml
@@ -46,5 +46,11 @@
<artifactId>kerb-util</artifactId>
<version>${project.version}</version>
</dependency>
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-simple</artifactId>
+ <version>${slf4j.version}</version>
+ <scope>test</scope>
+ </dependency>
</dependencies>
</project>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f77c4b3e/kerby-kerb/kerb-kdc-test/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/pom.xml b/kerby-kerb/kerb-kdc-test/pom.xml
index da424dc..3f01e59 100644
--- a/kerby-kerb/kerb-kdc-test/pom.xml
+++ b/kerby-kerb/kerb-kdc-test/pom.xml
@@ -57,6 +57,12 @@
<artifactId>kerb-client</artifactId>
<version>${project.version}</version>
</dependency>
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-simple</artifactId>
+ <version>${slf4j.version}</version>
+ <scope>test</scope>
+ </dependency>
</dependencies>
<build>
@@ -73,5 +79,5 @@
</executions>
</plugin>
</plugins>
- </build>
+ </build>
</project>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f77c4b3e/kerby-kerb/kerb-server/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/pom.xml b/kerby-kerb/kerb-server/pom.xml
index 22e71d3..eb3ac78 100644
--- a/kerby-kerb/kerb-server/pom.xml
+++ b/kerby-kerb/kerb-server/pom.xml
@@ -37,5 +37,11 @@
<artifactId>kerb-identity</artifactId>
<version>${project.version}</version>
</dependency>
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-simple</artifactId>
+ <version>${slf4j.version}</version>
+ <scope>test</scope>
+ </dependency>
</dependencies>
</project>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f77c4b3e/kerby-pkix/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-pkix/pom.xml b/kerby-pkix/pom.xml
index b584b35..96d5dc9 100644
--- a/kerby-pkix/pom.xml
+++ b/kerby-pkix/pom.xml
@@ -59,6 +59,12 @@
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-simple</artifactId>
+ <version>${slf4j.version}</version>
+ <scope>test</scope>
+ </dependency>
</dependencies>
</project>
[18/29] directory-kerby git commit: NOTICE file in the root folder
only contain the AL2.0 and standard notice.
Posted by pl...@apache.org.
NOTICE file in the root folder only contain the AL2.0 and standard notice.
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/19d72ebb
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/19d72ebb
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/19d72ebb
Branch: refs/heads/kadmin-remote
Commit: 19d72ebb8bba5074380ed0d98dfb4cfe16a3e88d
Parents: 6dfaa43
Author: plusplusjiajia <ji...@intel.com>
Authored: Wed May 25 16:42:14 2016 +0800
Committer: plusplusjiajia <ji...@intel.com>
Committed: Wed May 25 16:42:14 2016 +0800
----------------------------------------------------------------------
NOTICE | 6 ++++++
NOTICE.txt | 18 ------------------
2 files changed, 6 insertions(+), 18 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/19d72ebb/NOTICE
----------------------------------------------------------------------
diff --git a/NOTICE b/NOTICE
new file mode 100644
index 0000000..9503483
--- /dev/null
+++ b/NOTICE
@@ -0,0 +1,6 @@
+Apache Kerby
+Copyright 2015-2016 The Apache Software Foundation
+
+This product includes software developed at
+The Apache Software Foundation (http://www.apache.org/).
+
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/19d72ebb/NOTICE.txt
----------------------------------------------------------------------
diff --git a/NOTICE.txt b/NOTICE.txt
deleted file mode 100644
index e3bad4e..0000000
--- a/NOTICE.txt
+++ /dev/null
@@ -1,18 +0,0 @@
-Apache Kerby
-Copyright 2015 The Apache Software Foundation
-
-This product includes software developed at
-The Apache Software Foundation (http://www.apache.org/).
-
-
-This product includes/uses SLF4J (http://www.slf4j.org/)
-Copyright (c) 2004-2016 QOS.ch
-
-This product includes/uses JUnit (http://www.junit.org/)
-Copyright (c) 2002-2016 JUnit.
-
-This product includes/uses Gson (https://github.com/google/gson)
-Copyright (c) 2008 Google Inc.
-
-This product includes/uses Netty (http://netty.io/)
-Copyright (c) 2016 The Netty project
\ No newline at end of file
[09/29] directory-kerby git commit: Revert "DIRKRB-424 Need to
initialize the log4j system properly."
Posted by pl...@apache.org.
Revert "DIRKRB-424 Need to initialize the log4j system properly."
This reverts commit eff5d0ca70f6c1d21b68409615dab12ceec4cf1b.
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/80c04272
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/80c04272
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/80c04272
Branch: refs/heads/kadmin-remote
Commit: 80c0427231b88fb1620f40db86cdfb65aa1040c7
Parents: f57bf74
Author: plusplusjiajia <ji...@intel.com>
Authored: Wed Apr 27 15:42:43 2016 +0800
Committer: plusplusjiajia <ji...@intel.com>
Committed: Wed Apr 27 15:42:43 2016 +0800
----------------------------------------------------------------------
.../src/main/resources/log4j.properties | 23 --------------------
1 file changed, 23 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/80c04272/kerby-kerb/kerb-identity/src/main/resources/log4j.properties
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-identity/src/main/resources/log4j.properties b/kerby-kerb/kerb-identity/src/main/resources/log4j.properties
deleted file mode 100644
index 3c91c57..0000000
--- a/kerby-kerb/kerb-identity/src/main/resources/log4j.properties
+++ /dev/null
@@ -1,23 +0,0 @@
-#############################################################################
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements. See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#############################################################################
-log4j.rootLogger=ERROR, console
-
-
-log4j.appender.console=org.apache.log4j.ConsoleAppender
-log4j.appender.console.layout=org.apache.log4j.PatternLayout
-log4j.appender.console.layout.ConversionPattern=%d{ISO8601} %-5p [%t] %c{2}: %m%n
-
[20/29] directory-kerby git commit: A few plugin + dependency updates
Posted by pl...@apache.org.
A few plugin + dependency updates
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/369f27d6
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/369f27d6
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/369f27d6
Branch: refs/heads/kadmin-remote
Commit: 369f27d6ad297d3fbac4e06a77aba8cb60233a44
Parents: ae26c10
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Fri May 27 16:05:12 2016 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Fri May 27 16:05:12 2016 +0100
----------------------------------------------------------------------
benchmark/pom.xml | 6 +++---
kerby-kerb/kerb-client-api-all/pom.xml | 2 +-
kerby-kerb/kerb-server-api-all/pom.xml | 2 +-
pom.xml | 12 ++++++------
4 files changed, 11 insertions(+), 11 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/369f27d6/benchmark/pom.xml
----------------------------------------------------------------------
diff --git a/benchmark/pom.xml b/benchmark/pom.xml
index 9b8eddc..1d5c0d5 100644
--- a/benchmark/pom.xml
+++ b/benchmark/pom.xml
@@ -31,7 +31,7 @@
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
- <jmh.version>1.11.1</jmh.version>
+ <jmh.version>1.12</jmh.version>
<javac.target>1.7</javac.target>
<uberjar.name>benchmarks</uberjar.name>
</properties>
@@ -95,7 +95,7 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
- <version>3.3</version>
+ <version>3.5.1</version>
<configuration>
<compilerVersion>${javac.target}</compilerVersion>
<source>${javac.target}</source>
@@ -106,7 +106,7 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-shade-plugin</artifactId>
- <version>2.4.2</version>
+ <version>2.4.3</version>
<executions>
<execution>
<phase>package</phase>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/369f27d6/kerby-kerb/kerb-client-api-all/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client-api-all/pom.xml b/kerby-kerb/kerb-client-api-all/pom.xml
index abf4f80..9359538 100644
--- a/kerby-kerb/kerb-client-api-all/pom.xml
+++ b/kerby-kerb/kerb-client-api-all/pom.xml
@@ -42,7 +42,7 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-shade-plugin</artifactId>
- <version>2.4.2</version>
+ <version>2.4.3</version>
<executions>
<execution>
<phase>package</phase>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/369f27d6/kerby-kerb/kerb-server-api-all/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server-api-all/pom.xml b/kerby-kerb/kerb-server-api-all/pom.xml
index f9030a3..80e0770 100644
--- a/kerby-kerb/kerb-server-api-all/pom.xml
+++ b/kerby-kerb/kerb-server-api-all/pom.xml
@@ -42,7 +42,7 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-shade-plugin</artifactId>
- <version>2.4.2</version>
+ <version>2.4.3</version>
<executions>
<execution>
<phase>package</phase>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/369f27d6/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index 2f67957..7e6967f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -49,13 +49,13 @@
<properties>
<apacheds.version>2.0.0-M21</apacheds.version>
<bouncycastle.version>1.54</bouncycastle.version>
- <gson.version>2.5</gson.version>
+ <gson.version>2.6.2</gson.version>
<ldap.api.version>1.0.0-M33</ldap.api.version>
<log4j.version>1.2.17</log4j.version>
<junit.version>4.12</junit.version>
<nimbus.jose.version>3.10</nimbus.jose.version>
- <slf4j.version>1.7.14</slf4j.version>
- <assertj.version>2.3.0</assertj.version>
+ <slf4j.version>1.7.21</slf4j.version>
+ <assertj.version>2.4.1</assertj.version>
<findbugs.version>3.0.3</findbugs.version>
<buildtools.dir>${basedir}/build-tools</buildtools.dir>
<skipTests>false</skipTests>
@@ -112,7 +112,7 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
- <version>3.1</version>
+ <version>3.5.1</version>
<configuration>
<source>1.7</source>
<target>1.7</target>
@@ -175,7 +175,7 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
- <version>2.18.1</version>
+ <version>2.19.1</version>
<configuration>
<skipTests>${skipTests}</skipTests>
<reuseForks>false</reuseForks>
@@ -197,7 +197,7 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-pmd-plugin</artifactId>
- <version>3.5</version>
+ <version>3.6</version>
<configuration>
<rulesets>
<ruleset>${buildtools.dir}/kerby-pmd-ruleset.xml</ruleset>
[11/29] directory-kerby git commit: Add some logs of issuing ticket.
Posted by pl...@apache.org.
Add some logs of issuing ticket.
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/db8866ed
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/db8866ed
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/db8866ed
Branch: refs/heads/kadmin-remote
Commit: db8866edd161a25b9d381de8162b2613ba3613d4
Parents: 6875beb
Author: plusplusjiajia <ji...@intel.com>
Authored: Tue May 3 15:36:35 2016 +0800
Committer: plusplusjiajia <ji...@intel.com>
Committed: Tue May 3 15:36:35 2016 +0800
----------------------------------------------------------------------
.../apache/kerby/kerberos/kerb/server/request/AsRequest.java | 3 +++
.../apache/kerby/kerberos/kerb/server/request/KdcRequest.java | 4 +++-
.../apache/kerby/kerberos/kerb/server/request/TgsRequest.java | 6 ++++++
3 files changed, 12 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/db8866ed/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/AsRequest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/AsRequest.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/AsRequest.java
index 66fdac5..7cb7dbb 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/AsRequest.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/AsRequest.java
@@ -109,6 +109,9 @@ public class AsRequest extends KdcRequest {
protected void issueTicket() throws KrbException {
TicketIssuer issuer = new TgtTicketIssuer(this);
Ticket newTicket = issuer.issueTicket();
+ LOG.info("AS_REQ ISSUE: authtime " + newTicket.getEncPart().getAuthTime().getTime() + ","
+ + newTicket.getEncPart().getCname() + " for "
+ + newTicket.getSname());
setTicket(newTicket);
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/db8866ed/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java
index 8203501..e374734 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java
@@ -167,7 +167,8 @@ public abstract class KdcRequest {
checkVersion();
checkTgsEntry();
kdcFindFast();
- authenticate();
+ checkEncryptionType();
+
if (PreauthHandler.isToken(getKdcReq().getPaData())) {
isToken = true;
preauth();
@@ -181,6 +182,7 @@ public abstract class KdcRequest {
checkServer();
preauth();
}
+ checkPolicy();
issueTicket();
makeReply();
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/db8866ed/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/TgsRequest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/TgsRequest.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/TgsRequest.java
index 941ef9f..21ff6fb 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/TgsRequest.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/TgsRequest.java
@@ -49,10 +49,13 @@ import org.apache.kerby.kerberos.kerb.type.pa.PaDataEntry;
import org.apache.kerby.kerberos.kerb.type.ticket.EncTicketPart;
import org.apache.kerby.kerberos.kerb.type.ticket.Ticket;
import org.apache.kerby.kerberos.kerb.type.ticket.TicketFlag;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import java.nio.ByteBuffer;
public class TgsRequest extends KdcRequest {
+ private static final Logger LOG = LoggerFactory.getLogger(TgsRequest.class);
private EncryptionKey tgtSessionKey;
private Ticket tgtTicket;
@@ -109,6 +112,9 @@ public class TgsRequest extends KdcRequest {
protected void issueTicket() throws KrbException {
TicketIssuer issuer = new ServiceTicketIssuer(this);
Ticket newTicket = issuer.issueTicket();
+ LOG.info("TGS_REQ ISSUE: authtime " + newTicket.getEncPart().getAuthTime().getTime() + ","
+ + newTicket.getEncPart().getCname() + " for "
+ + newTicket.getSname());
setTicket(newTicket);
}
[06/29] directory-kerby git commit: Fix kdc can't set backend in unit
tests.
Posted by pl...@apache.org.
Fix kdc can't set backend in unit tests.
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/c724d32f
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/c724d32f
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/c724d32f
Branch: refs/heads/kadmin-remote
Commit: c724d32f61cad7ad3cb0ff5f900b151b4df821d2
Parents: f2e2862
Author: plusplusjiajia <ji...@intel.com>
Authored: Fri Apr 22 11:00:00 2016 +0800
Committer: plusplusjiajia <ji...@intel.com>
Committed: Fri Apr 22 11:00:00 2016 +0800
----------------------------------------------------------------------
.../java/org/apache/kerby/kerberos/kdc/JsonBackendKdcTest.java | 2 +-
.../java/org/apache/kerby/kerberos/kdc/LdapBackendKdcTest.java | 2 +-
.../org/apache/kerby/kerberos/kdc/ZookeeperBackendKdcTest.java | 4 ++--
.../kerby/kerberos/kerb/integration/test/SaslAppTest.java | 5 ++---
4 files changed, 6 insertions(+), 7 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/c724d32f/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/JsonBackendKdcTest.java
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/JsonBackendKdcTest.java b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/JsonBackendKdcTest.java
index 1292aa9..9247e3e 100644
--- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/JsonBackendKdcTest.java
+++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/JsonBackendKdcTest.java
@@ -33,7 +33,6 @@ public class JsonBackendKdcTest extends KerbyKdcTest {
@Override
protected void prepareKdc() throws KrbException {
- super.prepareKdc();
File testDir = new File(System.getProperty("test.dir", "target"));
jsonBackendFile = new File(testDir, "json-backend-file");
@@ -44,6 +43,7 @@ public class JsonBackendKdcTest extends KerbyKdcTest {
JsonIdentityBackend.JSON_IDENTITY_BACKEND_DIR, jsonBackendFileString);
backendConfig.setString(KdcConfigKey.KDC_IDENTITY_BACKEND,
"org.apache.kerby.kerberos.kdc.identitybackend.JsonIdentityBackend");
+ super.prepareKdc();
}
@Test
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/c724d32f/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/LdapBackendKdcTest.java
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/LdapBackendKdcTest.java b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/LdapBackendKdcTest.java
index b367c5a..d3f20ae 100644
--- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/LdapBackendKdcTest.java
+++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/LdapBackendKdcTest.java
@@ -87,7 +87,6 @@ public class LdapBackendKdcTest extends AbstractLdapBackendKdcTest {
@Override
protected void prepareKdc() throws KrbException {
- super.prepareKdc();
BackendConfig backendConfig = getKdcServer().getBackendConfig();
backendConfig.setString("host", "localhost");
backendConfig.setString("admin_dn", ADMIN_DN);
@@ -96,6 +95,7 @@ public class LdapBackendKdcTest extends AbstractLdapBackendKdcTest {
backendConfig.setInt("port", getLdapServer().getPort());
backendConfig.setString(KdcConfigKey.KDC_IDENTITY_BACKEND,
"org.apache.kerby.kerberos.kdc.identitybackend.LdapIdentityBackend");
+ super.prepareKdc();
}
@Test
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/c724d32f/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/ZookeeperBackendKdcTest.java
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/ZookeeperBackendKdcTest.java b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/ZookeeperBackendKdcTest.java
index f7d1251..bface94 100644
--- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/ZookeeperBackendKdcTest.java
+++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/ZookeeperBackendKdcTest.java
@@ -49,8 +49,6 @@ public class ZookeeperBackendKdcTest extends KerbyKdcTest {
@Override
protected void prepareKdc() throws KrbException {
- super.prepareKdc();
-
BackendConfig backendConfig = getKdcServer().getBackendConfig();
File testDir = new File(System.getProperty("test.dir", "target"));
@@ -64,6 +62,8 @@ public class ZookeeperBackendKdcTest extends KerbyKdcTest {
backendConfig.setString(ZKConfKey.DATA_LOG_DIR.getPropertyKey(), dataLogDir.getAbsolutePath());
backendConfig.setString(KdcConfigKey.KDC_IDENTITY_BACKEND,
"org.apache.kerby.kerberos.kdc.identitybackend.ZookeeperIdentityBackend");
+
+ super.prepareKdc();
}
@Test
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/c724d32f/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/SaslAppTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/SaslAppTest.java b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/SaslAppTest.java
index 68d34cd..e7e6dba 100644
--- a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/SaslAppTest.java
+++ b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/SaslAppTest.java
@@ -21,6 +21,7 @@ package org.apache.kerby.kerberos.kerb.integration.test;
import org.apache.kerby.kerberos.kerb.integration.test.sasl.SaslAppClient;
import org.apache.kerby.kerberos.kerb.integration.test.sasl.SaslAppServer;
+import org.junit.Test;
public class SaslAppTest extends AppTest {
@@ -43,9 +44,7 @@ public class SaslAppTest extends AppTest {
});
}
- @SuppressWarnings("PMD")
- //@Test
- //TODO: not robust enough, with "ICMP Port Unreachable" exception.
+ @Test
public void test() throws Exception {
runAppClient();
}
[14/29] directory-kerby git commit: DIRKRB-569 Add unit test of
multiple KDCs for a given realm in client.
Posted by pl...@apache.org.
DIRKRB-569 Add unit test of multiple KDCs for a given realm in client.
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/a4124070
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/a4124070
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/a4124070
Branch: refs/heads/kadmin-remote
Commit: a412407061721d24db80c06546ceb9ccf18f9296
Parents: 4bd0fb9
Author: plusplusjiajia <ji...@intel.com>
Authored: Fri May 13 15:50:13 2016 +0800
Committer: plusplusjiajia <ji...@intel.com>
Committed: Fri May 13 15:50:13 2016 +0800
----------------------------------------------------------------------
.../kerby/kerberos/kdc/MultiKdcsTest.java | 50 ++++++++++++++++++++
kerby-kdc-test/src/test/resources/kdc.conf | 29 ++++++++++++
.../src/test/resources/krb5-multikdc.conf | 29 ++++++++++++
.../kerby/kerberos/kerb/client/KrbHandler.java | 2 +-
.../client/impl/DefaultInternalKrbClient.java | 4 +-
.../kerberos/kerb/transport/KrbNetwork.java | 18 +++++--
.../kerby/kerberos/kerb/server/KdcTestBase.java | 4 ++
.../kerberos/kerb/server/TestKdcServer.java | 13 ++++-
.../kerberos/kerb/server/SimpleKdcServer.java | 10 ++++
9 files changed, 152 insertions(+), 7 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/a4124070/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/MultiKdcsTest.java
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/MultiKdcsTest.java b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/MultiKdcsTest.java
new file mode 100644
index 0000000..6a61e49
--- /dev/null
+++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/MultiKdcsTest.java
@@ -0,0 +1,50 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kdc;
+
+import org.apache.kerby.kerberos.kerb.client.KrbConfig;
+import org.apache.kerby.kerberos.kerb.server.SimpleKdcServer;
+import org.apache.kerby.kerberos.kerb.server.TestKdcServer;
+import org.junit.Test;
+
+import java.io.File;
+import java.net.URL;
+
+public class MultiKdcsTest extends KerbyKdcTest {
+
+ @Override
+ protected void setUpKdcServer() throws Exception {
+
+ URL krb5FileUrl = this.getClass().getResource("/krb5-multikdc.conf");
+ File krb5File = new File(krb5FileUrl.toURI());
+ KrbConfig krbConfig = new KrbConfig();
+ krbConfig.addKrb5Config(krb5File);
+ SimpleKdcServer kdcServer = new TestKdcServer(krb5File.getParentFile(), krbConfig);
+ setKdcServer(kdcServer);
+ configKdcSeverAndClient();
+ prepareKdc();
+ kdcServer.start();
+ }
+
+ @Test
+ public void testKdc() throws Exception {
+ performKdcTest();
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/a4124070/kerby-kdc-test/src/test/resources/kdc.conf
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/resources/kdc.conf b/kerby-kdc-test/src/test/resources/kdc.conf
new file mode 100644
index 0000000..cde6b0d
--- /dev/null
+++ b/kerby-kdc-test/src/test/resources/kdc.conf
@@ -0,0 +1,29 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+[logging]
+ default = FILE:/var/log/krb5libs.log
+ kdc = FILE:/var/log/krb5kdc.log
+ admin_server = FILE:/var/log/kadmind.log
+
+[kdcdefaults]
+ kdc_host = localhost
+ kdc_udp_port = 8801
+ kdc_tcp_port = 8801
+ kdc_realm = TEST.COM
+ restrict_anonymous_to_tgt = true
+ kdc_max_dgram_reply_size = 4096
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/a4124070/kerby-kdc-test/src/test/resources/krb5-multikdc.conf
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/resources/krb5-multikdc.conf b/kerby-kdc-test/src/test/resources/krb5-multikdc.conf
new file mode 100644
index 0000000..d5c30c0
--- /dev/null
+++ b/kerby-kdc-test/src/test/resources/krb5-multikdc.conf
@@ -0,0 +1,29 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+[libdefaults]
+ default_realm = TEST.COM
+ kdc_host = localhost
+ kdc_realm = TEST.COM
+ kdc_tcp_port = 88
+ kdc_udp_port = 88
+
+[realms]
+ TEST.COM = {
+ kdc = localhost:8801
+ admin_server = kerberos.gnu.org
+ }
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/a4124070/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbHandler.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbHandler.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbHandler.java
index 1ec4e4d..32fad41 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbHandler.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbHandler.java
@@ -67,7 +67,7 @@ public abstract class KrbHandler {
* @throws KrbException e
*/
public void handleRequest(KdcRequest kdcRequest, boolean tryNextKdc) throws KrbException {
- if (!tryNextKdc) {
+ if (!tryNextKdc || kdcRequest.getKdcReq() == null) {
kdcRequest.process();
}
KdcReq kdcReq = kdcRequest.getKdcReq();
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/a4124070/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/impl/DefaultInternalKrbClient.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/impl/DefaultInternalKrbClient.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/impl/DefaultInternalKrbClient.java
index 06c6a7f..2c83e2f 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/impl/DefaultInternalKrbClient.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/impl/DefaultInternalKrbClient.java
@@ -90,7 +90,9 @@ public class DefaultInternalKrbClient extends AbstractInternalKrbClient {
throw new KrbException("Failed to create transport", first);
}
} finally {
- transport.release();
+ if (transport != null) {
+ transport.release();
+ }
}
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/a4124070/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/transport/KrbNetwork.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/transport/KrbNetwork.java b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/transport/KrbNetwork.java
index 62e0a43..4ff8e84 100644
--- a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/transport/KrbNetwork.java
+++ b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/transport/KrbNetwork.java
@@ -41,13 +41,25 @@ public class KrbNetwork {
if (tpair.tcpAddress != null) {
try {
transport = tcpConnect();
- } catch (IOException e) {
+ } catch (IOException e1) {
if (tpair.udpAddress != null) {
- transport = new KrbUdpTransport(tpair.udpAddress);
+ try {
+ transport = new KrbUdpTransport(tpair.udpAddress);
+ } catch (Exception e2) {
+ transport = null;
+ }
}
+ } catch (Exception e) {
+ e.printStackTrace();
}
} else {
- transport = new KrbUdpTransport(tpair.udpAddress);
+ if (tpair.udpAddress != null) {
+ try {
+ transport = new KrbUdpTransport(tpair.udpAddress);
+ } catch (Exception e3) {
+ transport = null;
+ }
+ }
}
if (transport == null) {
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/a4124070/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcTestBase.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcTestBase.java b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcTestBase.java
index 8bc4205..9e8424f 100644
--- a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcTestBase.java
+++ b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcTestBase.java
@@ -69,6 +69,10 @@ public abstract class KdcTestBase {
return kdcServer;
}
+ protected void setKdcServer(SimpleKdcServer kdcServer) {
+ this.kdcServer = kdcServer;
+ }
+
protected KrbClient getKrbClient() {
return kdcServer.getKrbClient();
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/a4124070/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/TestKdcServer.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/TestKdcServer.java b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/TestKdcServer.java
index 76f9bc1..955f966 100644
--- a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/TestKdcServer.java
+++ b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/TestKdcServer.java
@@ -25,13 +25,14 @@ import org.apache.kerby.kerberos.kerb.client.KrbConfig;
import org.apache.kerby.kerberos.kerb.client.KrbConfigKey;
import org.apache.kerby.util.NetworkUtil;
+import java.io.File;
+
public class TestKdcServer extends SimpleKdcServer {
public static final String KDC_REALM = "TEST.COM";
public static final String HOSTNAME = "localhost";
public TestKdcServer(boolean allowTcp, boolean allowUdp) throws KrbException {
super();
-
setKdcRealm(KDC_REALM);
setKdcHost(HOSTNAME);
setAllowTcp(allowTcp);
@@ -43,11 +44,19 @@ public class TestKdcServer extends SimpleKdcServer {
if (allowUdp) {
setKdcUdpPort(NetworkUtil.getServerPort());
}
+ setClient();
+ }
+
+ public TestKdcServer(File confDir, KrbConfig krbConfig) throws KrbException {
+ super(confDir, krbConfig);
+ setClient();
+ }
+ private void setClient() {
KrbClient krbClnt = getKrbClient();
KrbConfig krbConfig = krbClnt.getKrbConfig();
krbConfig.setString(KrbConfigKey.PERMITTED_ENCTYPES,
- "aes128-cts-hmac-sha1-96 des-cbc-crc des-cbc-md5 des3-cbc-sha1");
+ "aes128-cts-hmac-sha1-96 des-cbc-crc des-cbc-md5 des3-cbc-sha1");
krbClnt.setTimeout(10 * 1000);
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/a4124070/kerby-kerb/kerb-simplekdc/src/main/java/org/apache/kerby/kerberos/kerb/server/SimpleKdcServer.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-simplekdc/src/main/java/org/apache/kerby/kerberos/kerb/server/SimpleKdcServer.java b/kerby-kerb/kerb-simplekdc/src/main/java/org/apache/kerby/kerberos/kerb/server/SimpleKdcServer.java
index 74e4ec9..c342d8b 100644
--- a/kerby-kerb/kerb-simplekdc/src/main/java/org/apache/kerby/kerberos/kerb/server/SimpleKdcServer.java
+++ b/kerby-kerb/kerb-simplekdc/src/main/java/org/apache/kerby/kerberos/kerb/server/SimpleKdcServer.java
@@ -59,6 +59,16 @@ public class SimpleKdcServer extends KdcServer {
setKdcPort(NetworkUtil.getServerPort());
}
+ public SimpleKdcServer(KrbConfig krbConfig) {
+ super();
+ this.krbClnt = new KrbClient(krbConfig);
+ }
+
+ public SimpleKdcServer(File confDir, KrbConfig krbConfig) throws KrbException {
+ super(confDir);
+ this.krbClnt = new KrbClient(krbConfig);
+ }
+
public void setWorkDir(File workDir) {
this.workDir = workDir;
}
[08/29] directory-kerby git commit: DIRKRB-561 Jaas client failed to
decode KrbError message from Kerby KDC.
Posted by pl...@apache.org.
DIRKRB-561 Jaas client failed to decode KrbError message from Kerby KDC.
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/f57bf747
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/f57bf747
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/f57bf747
Branch: refs/heads/kadmin-remote
Commit: f57bf74740b99df5b45546bfa1b1595ff34f2c48
Parents: 7b5f743
Author: plusplusjiajia <ji...@intel.com>
Authored: Tue Apr 26 16:54:36 2016 +0800
Committer: plusplusjiajia <ji...@intel.com>
Committed: Tue Apr 26 16:54:36 2016 +0800
----------------------------------------------------------------------
.../kerby/kerberos/kerb/type/base/KrbError.java | 18 +++++++++---------
.../kerby/kerberos/kerb/server/KdcHandler.java | 16 ++++++++++++++--
.../kerberos/kerb/server/request/AsRequest.java | 1 +
.../kerberos/kerb/server/request/KdcRequest.java | 17 +++++++++++++++++
4 files changed, 41 insertions(+), 11 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f57bf747/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/base/KrbError.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/base/KrbError.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/base/KrbError.java
index 9e272d5..52ffb49 100644
--- a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/base/KrbError.java
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/base/KrbError.java
@@ -80,9 +80,9 @@ public class KrbError extends KrbMessage {
new ExplicitField(KrbErrorField.STIME, KerberosTime.class),
new ExplicitField(KrbErrorField.SUSEC, Asn1Integer.class),
new ExplicitField(KrbErrorField.ERROR_CODE, Asn1Integer.class),
- new ExplicitField(KrbErrorField.CREALM, KerberosString.class),
+ new ExplicitField(KrbErrorField.CREALM, Realm.class),
new ExplicitField(KrbErrorField.CNAME, PrincipalName.class),
- new ExplicitField(KrbErrorField.REALM, KerberosString.class),
+ new ExplicitField(KrbErrorField.REALM, Realm.class),
new ExplicitField(KrbErrorField.SNAME, PrincipalName.class),
new ExplicitField(KrbErrorField.ETEXT, KerberosString.class),
new ExplicitField(KrbErrorField.EDATA, Asn1OctetString.class)
@@ -129,7 +129,7 @@ public class KrbError extends KrbMessage {
}
public void setErrorCode(KrbErrorCode errorCode) {
- setField(KrbErrorField.ERROR_CODE, errorCode);
+ setFieldAsInt(KrbErrorField.ERROR_CODE, errorCode.getValue());
}
public String getCrealm() {
@@ -137,15 +137,15 @@ public class KrbError extends KrbMessage {
}
public void setCrealm(String realm) {
- setFieldAs(KrbErrorField.CREALM, new KerberosString(realm));
+ setFieldAs(KrbErrorField.CREALM, new Realm(realm));
}
public PrincipalName getCname() {
return getFieldAs(KrbErrorField.CNAME, PrincipalName.class);
}
- public void setCname(PrincipalName sname) {
- setFieldAs(KrbErrorField.CNAME, sname);
+ public void setCname(PrincipalName cname) {
+ setFieldAs(KrbErrorField.CNAME, cname);
}
public PrincipalName getSname() {
@@ -161,15 +161,15 @@ public class KrbError extends KrbMessage {
}
public void setRealm(String realm) {
- setFieldAs(KrbErrorField.REALM, new KerberosString(realm));
+ setFieldAs(KrbErrorField.REALM, new Realm(realm));
}
public String getEtext() {
return getFieldAsString(KrbErrorField.ETEXT);
}
- public void setEtext(String realm) {
- setFieldAs(KrbErrorField.ETEXT, new KerberosString(realm));
+ public void setEtext(String text) {
+ setFieldAs(KrbErrorField.ETEXT, new KerberosString(text));
}
public byte[] getEdata() {
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f57bf747/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcHandler.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcHandler.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcHandler.java
index 748f0bc..aa896c2 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcHandler.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcHandler.java
@@ -121,12 +121,24 @@ public class KdcHandler {
} else {
KrbError krbError = new KrbError();
krbError.setStime(KerberosTime.now());
+ krbError.setSusec(100);
krbError.setErrorCode(e.getKrbErrorCode());
- krbError.setCname(kdcRequest.getClientEntry().getPrincipal());
- krbError.setSname(kdcRequest.getServerPrincipal());
+ krbError.setCrealm(kdcContext.getKdcRealm());
+ if (kdcRequest.getClientPrincipal() != null) {
+ krbError.setCname(kdcRequest.getClientPrincipal());
+ }
krbError.setRealm(kdcContext.getKdcRealm());
+ if (kdcRequest.getServerPrincipal() != null) {
+ krbError.setSname(kdcRequest.getServerPrincipal());
+ } else {
+ PrincipalName serverPrincipal = kdcRequest.getKdcReq().getReqBody().getSname();
+ serverPrincipal.setRealm(kdcRequest.getKdcReq().getReqBody().getRealm());
+ krbError.setSname(serverPrincipal);
+ }
if (e.getKrbErrorCode().equals(KrbErrorCode.KRB_AP_ERR_BAD_INTEGRITY)) {
krbError.setEtext("PREAUTH_FAILED");
+ } else {
+ krbError.setEtext(e.getMessage());
}
krbResponse = krbError;
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f57bf747/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/AsRequest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/AsRequest.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/AsRequest.java
index 49aa892..66fdac5 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/AsRequest.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/AsRequest.java
@@ -73,6 +73,7 @@ public class AsRequest extends KdcRequest {
clientRealm = getKdcContext().getKdcRealm();
}
clientPrincipal.setRealm(clientRealm);
+ setClientPrincipal(clientPrincipal);
KrbIdentity clientEntry;
if (isToken()) {
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f57bf747/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java
index abd7eec..8203501 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java
@@ -90,6 +90,7 @@ public abstract class KdcRequest {
private KrbIdentity tgsEntry;
private PreauthContext preauthContext;
private KdcFastContext fastContext;
+ private PrincipalName clientPrincipal;
private PrincipalName serverPrincipal;
private byte[] innerBodyout;
private AuthToken token;
@@ -757,6 +758,22 @@ public abstract class KdcRequest {
}
/**
+ * Get client principal.
+ * @return client principal
+ */
+ public PrincipalName getClientPrincipal() {
+ return clientPrincipal;
+ }
+
+ /**
+ * Set client principal.
+ * @param clientPrincipal client principal
+ */
+ public void setClientPrincipal(PrincipalName clientPrincipal) {
+ this.clientPrincipal = clientPrincipal;
+ }
+
+ /**
* Get server principal.
* @return server principal
*/
[03/29] directory-kerby git commit: PreAuth and incorrect Password
fails silently.
Posted by pl...@apache.org.
PreAuth and incorrect Password fails silently.
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/1adbb865
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/1adbb865
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/1adbb865
Branch: refs/heads/kadmin-remote
Commit: 1adbb865db4d02adefe567dda7a2005fa20c1079
Parents: f77c4b3
Author: plusplusjiajia <ji...@intel.com>
Authored: Tue Apr 19 15:19:24 2016 +0800
Committer: plusplusjiajia <ji...@intel.com>
Committed: Tue Apr 19 15:19:24 2016 +0800
----------------------------------------------------------------------
.../org/apache/kerby/kerberos/kerb/client/KrbHandler.java | 4 ++++
.../org/apache/kerby/kerberos/kerb/server/KdcHandler.java | 9 +++++++++
2 files changed, 13 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/1adbb865/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbHandler.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbHandler.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbHandler.java
index 38e93b2..c885001 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbHandler.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbHandler.java
@@ -136,6 +136,10 @@ public abstract class KrbHandler {
handleRequest(kdcRequest);
LOG.info("Retry with the new kdc request including pre-authentication.");
}
+ if (error.getErrorCode() == KrbErrorCode.KRB_AP_ERR_BAD_INTEGRITY) {
+ LOG.info(error.getEtext());
+ throw new KrbException(error.getErrorCode(), error.getEtext());
+ }
}
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/1adbb865/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcHandler.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcHandler.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcHandler.java
index 7abf49f..02830bd 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcHandler.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcHandler.java
@@ -118,6 +118,15 @@ public class KdcHandler {
if (e instanceof KdcRecoverableException) {
krbResponse = handleRecoverableException(
(KdcRecoverableException) e, kdcRequest);
+ } else if (e.getMessage().equals(KrbErrorCode.KRB_AP_ERR_BAD_INTEGRITY.getMessage())) {
+ KrbError krbError = new KrbError();
+ krbError.setStime(KerberosTime.now());
+ krbError.setErrorCode(KrbErrorCode.KRB_AP_ERR_BAD_INTEGRITY);
+ krbError.setCname(kdcRequest.getClientEntry().getPrincipal());
+ krbError.setSname(kdcRequest.getServerPrincipal());
+ krbError.setRealm(kdcContext.getKdcRealm());
+ krbError.setEtext("PREAUTH_FAILED");
+ krbResponse = krbError;
} else {
throw e;
}
[12/29] directory-kerby git commit: DIRKRB-562 KDC virtual memory
used increases with the requestes processed. Contributed by Wei.
Posted by pl...@apache.org.
DIRKRB-562 KDC virtual memory used increases with the requestes processed. Contributed by Wei.
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/8d1694b7
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/8d1694b7
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/8d1694b7
Branch: refs/heads/kadmin-remote
Commit: 8d1694b78179073f865165c91d108f61c5f99827
Parents: db8866e
Author: plusplusjiajia <ji...@intel.com>
Authored: Wed May 4 09:28:29 2016 +0800
Committer: plusplusjiajia <ji...@intel.com>
Committed: Wed May 4 09:28:29 2016 +0800
----------------------------------------------------------------------
.../java/org/apache/kerby/kerberos/kdc/impl/NettyKdcNetwork.java | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/8d1694b7/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/impl/NettyKdcNetwork.java
----------------------------------------------------------------------
diff --git a/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/impl/NettyKdcNetwork.java b/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/impl/NettyKdcNetwork.java
index 86160a9..cfa4adb 100644
--- a/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/impl/NettyKdcNetwork.java
+++ b/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/impl/NettyKdcNetwork.java
@@ -51,6 +51,7 @@ public class NettyKdcNetwork {
private EventLoopGroup bossGroup;
private EventLoopGroup workerGroup;
private EventLoopGroup group;
+ private DefaultEventExecutorGroup executorGroup;
private static final Logger LOG = LoggerFactory.getLogger(NettyKdcNetwork.class);
public void init(KdcContext kdcContext) {
@@ -58,6 +59,7 @@ public class NettyKdcNetwork {
// Configure the server.
bossGroup = new NioEventLoopGroup(1);
workerGroup = new NioEventLoopGroup();
+ executorGroup = new DefaultEventExecutorGroup(10); //TODO: to configure.
}
public void listen(InetSocketAddress tcpAddress,
@@ -110,7 +112,7 @@ public class NettyKdcNetwork {
public void initChannel(SocketChannel ch) throws Exception {
ChannelPipeline p = ch.pipeline();
p.addLast(new KrbMessageDecoder());
- p.addLast(new DefaultEventExecutorGroup(10), //TODO: to configure.
+ p.addLast(executorGroup,
"KDC_HANDLER",
new NettyKdcHandler(kdcContext));
}
[21/29] directory-kerby git commit: DIRKRB-542. Kerby Authorization.
Contributed by Gerard Gagliano
Posted by pl...@apache.org.
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f751d390/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ad/CamMacVerifierMac.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ad/CamMacVerifierMac.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ad/CamMacVerifierMac.java
new file mode 100644
index 0000000..2ee906d
--- /dev/null
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ad/CamMacVerifierMac.java
@@ -0,0 +1,107 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.type.ad;
+
+import org.apache.kerby.asn1.Asn1FieldInfo;
+import org.apache.kerby.asn1.EnumType;
+import org.apache.kerby.asn1.ExplicitField;
+import org.apache.kerby.asn1.type.Asn1Integer;
+import org.apache.kerby.kerberos.kerb.type.KrbSequenceType;
+import org.apache.kerby.kerberos.kerb.type.base.CheckSum;
+import org.apache.kerby.kerberos.kerb.type.base.PrincipalName;
+
+/**
+ * <pre>
+ * Verifier-MAC ::= SEQUENCE {
+ * identifier [0] PrincipalName OPTIONAL,
+ * kvno [1] UInt32 OPTIONAL,
+ * enctype [2] Int32 OPTIONAL,
+ * mac [3] Checksum
+ * }
+ * </pre>
+ *
+ * Contributed to the Apache Kerby Project by: Prodentity - Corrales, NM
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache DirectoryProject</a>
+ */
+public class CamMacVerifierMac extends KrbSequenceType {
+
+ protected enum CamMacField implements EnumType {
+ CAMMAC_identifier, CAMMAC_kvno, CAMMAC_enctype, CAMMAC_mac;
+
+ @Override
+ public int getValue() {
+ return ordinal();
+ }
+
+ @Override
+ public String getName() {
+ return name();
+ }
+ }
+
+ /** The CamMac's fields */
+ private static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+ new ExplicitField(CamMacField.CAMMAC_identifier, PrincipalName.class),
+ new ExplicitField(CamMacField.CAMMAC_kvno, Asn1Integer.class),
+ new ExplicitField(CamMacField.CAMMAC_enctype, Asn1Integer.class),
+ new ExplicitField(CamMacField.CAMMAC_mac, CheckSum.class)};
+
+ public CamMacVerifierMac() {
+ super(fieldInfos);
+ }
+
+ public CamMacVerifierMac(PrincipalName identifier) {
+ super(fieldInfos);
+ setFieldAs(CamMacField.CAMMAC_identifier, identifier);
+ }
+
+ public PrincipalName getIdentifier() {
+ return getFieldAs(CamMacField.CAMMAC_identifier, PrincipalName.class);
+ }
+
+ public void setIdentifier(PrincipalName identifier) {
+ setFieldAs(CamMacField.CAMMAC_identifier, identifier);
+ }
+
+ public int getKvno() {
+ return getFieldAs(CamMacField.CAMMAC_kvno, Asn1Integer.class).getValue().intValue();
+ }
+
+ public void setKvno(int kvno) {
+ setFieldAs(CamMacField.CAMMAC_kvno, new Asn1Integer(kvno));
+ }
+
+ public int getEnctype() {
+ return getFieldAs(CamMacField.CAMMAC_enctype, Asn1Integer.class).getValue().intValue();
+ }
+
+ public void setEnctype(int encType) {
+ setFieldAs(CamMacField.CAMMAC_enctype, new Asn1Integer(encType));
+ }
+
+ public CheckSum getMac() {
+ return getFieldAs(CamMacField.CAMMAC_mac, CheckSum.class);
+ }
+
+ public void setMac(CheckSum mac) {
+ setFieldAs(CamMacField.CAMMAC_mac, mac);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f751d390/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ad/PrincipalList.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ad/PrincipalList.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ad/PrincipalList.java
new file mode 100644
index 0000000..667315a
--- /dev/null
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/ad/PrincipalList.java
@@ -0,0 +1,31 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.type.ad;
+
+import org.apache.kerby.kerberos.kerb.type.KrbSequenceOfType;
+import org.apache.kerby.kerberos.kerb.type.base.PrincipalName;
+
+/**
+ * Contributed to the Apache Kerby Project by: Prodentity - Corrales, NM
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache DirectoryProject</a>
+ */
+public class PrincipalList extends KrbSequenceOfType<PrincipalName> {
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f751d390/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/base/KeyUsage.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/base/KeyUsage.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/base/KeyUsage.java
index 44256cc..a47d81e 100644
--- a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/base/KeyUsage.java
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/type/base/KeyUsage.java
@@ -100,7 +100,8 @@ public enum KeyUsage implements EnumType {
ENC_CHALLENGE_KDC(55),
AS_REQ(56),
//PA-TOKEN padata,encrypted with the client key
- PA_TOKEN(57);
+ PA_TOKEN(57),
+ AD_CAMMAC_VERIFIER_MAC(64); //See RFC 7751
private int value;
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f751d390/kerby-kerb/kerb-core/src/test/java/org/apache/kerby/kerberos/kerb/codec/ADTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/test/java/org/apache/kerby/kerberos/kerb/codec/ADTest.java b/kerby-kerb/kerb-core/src/test/java/org/apache/kerby/kerberos/kerb/codec/ADTest.java
new file mode 100644
index 0000000..21cb16f
--- /dev/null
+++ b/kerby-kerb/kerb-core/src/test/java/org/apache/kerby/kerberos/kerb/codec/ADTest.java
@@ -0,0 +1,143 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.codec;
+
+import static org.junit.Assert.assertEquals;
+
+import java.io.IOException;
+
+import org.apache.kerby.asn1.type.Asn1Utf8String;
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.type.ad.ADAuthenticationIndicator;
+import org.apache.kerby.kerberos.kerb.type.ad.AuthorizationData;
+import org.apache.kerby.kerberos.kerb.type.ad.AuthorizationDataEntry;
+import org.apache.kerby.kerberos.kerb.type.ad.AuthorizationDataWrapper;
+import org.apache.kerby.kerberos.kerb.type.ad.AuthorizationDataWrapper.WrapperType;
+import org.junit.Test;
+
+/**
+ * Test class for Authorization data codec.
+ *
+ * Contributed to the Apache Kerby Project by: Prodentity - Corrales, NM
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache DirectoryProject</a>
+ */
+public class ADTest {
+
+ private static final String FOO = "Foo";
+ private static final String BAR = "Bar";
+
+ /**
+ * Test the Authorization Data codec.
+ *
+ * @throws KrbException Exception
+ * @throws IOException Exception
+ */
+ @Test
+ public void testADCodec() throws KrbException, IOException {
+ int i = -1;
+
+ // Construct an AD_AUTHENTICATION_INDICATOR entry
+ ADAuthenticationIndicator indicators = new ADAuthenticationIndicator();
+ indicators.add(new Asn1Utf8String(FOO));
+ indicators.add(new Asn1Utf8String(BAR));
+
+ // Encode
+ System.out.println("\nIndicators prior to encoding:");
+ for (Asn1Utf8String ind : indicators.getAuthIndicators()) {
+ System.out.println(ind.toString());
+ }
+ byte[] enIndicators = indicators.encode();
+
+ // Decode get this out of asn1 tests
+ indicators.decode(enIndicators);
+ System.out.println("\nIndicators after decoding:");
+ for (Asn1Utf8String ind : indicators.getAuthIndicators()) {
+ System.out.println(ind.toString());
+ }
+
+ // Create an AD_IF_RELEVENT container
+ AuthorizationData adirData = new AuthorizationData();
+ adirData.add(indicators);
+ AuthorizationDataWrapper adirWrap = new AuthorizationDataWrapper(WrapperType.AD_IF_RELEVANT, adirData);
+
+ // Encode
+ System.out.println("\nADE (IR) Wrapper prior to encoding:");
+ for (AuthorizationDataEntry ade : adirWrap.getAuthorizationData().getElements()) {
+ ADAuthenticationIndicator ad = (ADAuthenticationIndicator) ade;
+ for (Asn1Utf8String ind : ad.getAuthIndicators()) {
+ System.out.println(ind.toString());
+ }
+ }
+ byte[] enAdir = adirWrap.encode();
+
+ // Decode
+ adirWrap.decode(enAdir);
+ System.out.println("\nADE (IR) Wrapper after decoding:");
+ for (AuthorizationDataEntry ade : adirWrap.getAuthorizationData().getElements()) {
+ ADAuthenticationIndicator ad = (ADAuthenticationIndicator) ade;
+ i = 0;
+ for (Asn1Utf8String ind : ad.getAuthIndicators()) {
+ System.out.println(ind.toString());
+ if (i == 0) {
+ assertEquals(ind.getValue(), FOO);
+ } else {
+ assertEquals(ind.getValue(), BAR);
+ }
+ i++;
+ }
+ }
+
+ // Create an AD_MANDATORY_FOR_KDC container
+ AuthorizationData admfkData = new AuthorizationData();
+ admfkData.add(indicators);
+ AuthorizationDataWrapper admfkWrap = new AuthorizationDataWrapper(WrapperType.AD_MANDATORY_FOR_KDC, admfkData);
+
+ // Encode
+ System.out.println("\nADE (MFK) Wrapper prior to encoding:");
+ for (AuthorizationDataEntry ade : admfkWrap.getAuthorizationData().getElements()) {
+ ADAuthenticationIndicator ad = (ADAuthenticationIndicator) ade;
+ for (Asn1Utf8String ind : ad.getAuthIndicators()) {
+ System.out.println(ind.toString());
+ }
+ }
+ byte[] enAdmfk = admfkWrap.encode();
+
+ // Decode
+ admfkWrap.decode(enAdmfk);
+ System.out.println("\nADE (MFK) Wrapper after decoding:");
+ for (AuthorizationDataEntry ade : admfkWrap.getAuthorizationData().getElements()) {
+ ADAuthenticationIndicator ad = (ADAuthenticationIndicator) ade;
+ for (Asn1Utf8String ind : ad.getAuthIndicators()) {
+ System.out.println(ind.toString());
+ }
+ i = 0;
+ for (Asn1Utf8String ind : ad.getAuthIndicators()) {
+ System.out.println(ind.toString());
+ if (i == 0) {
+ assertEquals(ind.getValue(), FOO);
+ } else {
+ assertEquals(ind.getValue(), BAR);
+ }
+ i++;
+ }
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f751d390/kerby-kerb/kerb-core/src/test/java/org/apache/kerby/kerberos/kerb/codec/PkinitAnonymousAsRepCodecTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/test/java/org/apache/kerby/kerberos/kerb/codec/PkinitAnonymousAsRepCodecTest.java b/kerby-kerb/kerb-core/src/test/java/org/apache/kerby/kerberos/kerb/codec/PkinitAnonymousAsRepCodecTest.java
index af24cb9..c2a46dc 100644
--- a/kerby-kerb/kerb-core/src/test/java/org/apache/kerby/kerberos/kerb/codec/PkinitAnonymousAsRepCodecTest.java
+++ b/kerby-kerb/kerb-core/src/test/java/org/apache/kerby/kerberos/kerb/codec/PkinitAnonymousAsRepCodecTest.java
@@ -117,7 +117,7 @@ public class PkinitAnonymousAsRepCodecTest {
KdcDhKeyInfo kdcDhKeyInfo = new KdcDhKeyInfo();
kdcDhKeyInfo.decode(eContentInfo);
assertThat(kdcDhKeyInfo.getSubjectPublicKey()).isNotNull();
- assertThat(kdcDhKeyInfo.getDHKeyExpiration()).isNotNull();
+ assertThat(kdcDhKeyInfo.getDHKeyExpiration()).isNull();
assertThat(kdcDhKeyInfo.getNonce()).isNotNull();
}
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f751d390/kerby-kerb/kerb-core/src/test/java/org/apache/kerby/kerberos/kerb/codec/PkinitAnonymousAsReqCodecTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/test/java/org/apache/kerby/kerberos/kerb/codec/PkinitAnonymousAsReqCodecTest.java b/kerby-kerb/kerb-core/src/test/java/org/apache/kerby/kerberos/kerb/codec/PkinitAnonymousAsReqCodecTest.java
index 424a430..7138ca0 100644
--- a/kerby-kerb/kerb-core/src/test/java/org/apache/kerby/kerberos/kerb/codec/PkinitAnonymousAsReqCodecTest.java
+++ b/kerby-kerb/kerb-core/src/test/java/org/apache/kerby/kerberos/kerb/codec/PkinitAnonymousAsReqCodecTest.java
@@ -20,8 +20,10 @@
package org.apache.kerby.kerberos.kerb.codec;
import org.apache.kerby.asn1.Asn1;
+import org.apache.kerby.cms.type.DigestAlgorithmIdentifiers;
import org.apache.kerby.cms.type.SignedContentInfo;
import org.apache.kerby.cms.type.SignedData;
+import org.apache.kerby.cms.type.SignerInfos;
import org.apache.kerby.kerberos.kerb.KrbConstant;
import org.apache.kerby.kerberos.kerb.type.base.EncryptionType;
import org.apache.kerby.kerberos.kerb.type.base.KrbMessageType;
@@ -45,7 +47,7 @@ import java.text.ParseException;
import java.util.Arrays;
import java.util.List;
-import static org.assertj.core.api.Assertions.*;
+import static org.assertj.core.api.Assertions.assertThat;
public class PkinitAnonymousAsReqCodecTest {
@Test
@@ -114,15 +116,23 @@ public class PkinitAnonymousAsReqCodecTest {
SignedContentInfo contentInfo = new SignedContentInfo();
Asn1.parseAndDump(paPkAsReq.getSignedAuthPack());
contentInfo.decode(paPkAsReq.getSignedAuthPack());
- assertThat(contentInfo.getContentType()).isEqualTo("1.2.840.113549.1.7.2");
+ assertThat(contentInfo.getContentType()) .isEqualTo("1.2.840.113549.1.7.2");
Asn1.dump(contentInfo);
SignedData signedData = contentInfo.getSignedData();
assertThat(signedData.getVersion()).isEqualTo(3);
- assertThat(signedData.getDigestAlgorithms().getElements().isEmpty()).isTrue();
- assertThat(signedData.getCertificates().getElements().isEmpty()).isTrue();
- assertThat(signedData.getCrls().getElements().isEmpty()).isTrue();
- assertThat(signedData.getSignerInfos().getElements().isEmpty()).isTrue();
+ DigestAlgorithmIdentifiers dais = signedData.getDigestAlgorithms();
+ assertThat(dais).isNotNull();
+ if (dais != null) {
+ assertThat(dais.getElements()).isEmpty();
+ }
+ assertThat(signedData.getCertificates()).isNull();
+ assertThat(signedData.getCrls()).isNull();
+ SignerInfos signerInfos = signedData.getSignerInfos();
+ assertThat(signerInfos).isNotNull();
+ if (signerInfos != null) {
+ assertThat(signerInfos.getElements()).isEmpty();
+ }
assertThat(signedData.getEncapContentInfo().getContentType())
.isEqualTo("1.3.6.1.5.2.3.1");
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f751d390/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/CacheableIdentityService.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/CacheableIdentityService.java b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/CacheableIdentityService.java
index 0e8fe4b..41dc555 100644
--- a/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/CacheableIdentityService.java
+++ b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/CacheableIdentityService.java
@@ -22,6 +22,8 @@ package org.apache.kerby.kerberos.kerb.identity;
import org.apache.kerby.config.Config;
import org.apache.kerby.config.Configured;
import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.type.ad.AuthorizationData;
+import org.apache.kerby.kerberos.kerb.type.ticket.EncTicketPart;
import java.util.LinkedHashMap;
import java.util.Map;
@@ -142,4 +144,15 @@ public class CacheableIdentityService
underlying.deleteIdentity(principalName);
}
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public AuthorizationData getIdentityAuthorizationData(Object kdcRequest,
+ EncTicketPart encTicketPart) throws KrbException {
+
+ return underlying.getIdentityAuthorizationData(kdcRequest,
+ encTicketPart);
+ }
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f751d390/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/IdentityService.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/IdentityService.java b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/IdentityService.java
index 2f0ca2e..e09aeec 100644
--- a/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/IdentityService.java
+++ b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/IdentityService.java
@@ -20,6 +20,8 @@
package org.apache.kerby.kerberos.kerb.identity;
import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.type.ad.AuthorizationData;
+import org.apache.kerby.kerberos.kerb.type.ticket.EncTicketPart;
/**
* Identity service for KDC backend to create, get and manage principal accounts.
@@ -55,6 +57,16 @@ public interface IdentityService {
KrbIdentity getIdentity(String principalName) throws KrbException;
/**
+ * Get an identity's Authorization Data.
+ * @param kdcRequest The KdcRequest
+ * @param encTicketPart The EncTicketPart being built for the KrbIdentity
+ * @return The Authorization Data
+ * @throws KrbException e
+ */
+ AuthorizationData getIdentityAuthorizationData(Object kdcRequest,
+ EncTicketPart encTicketPart) throws KrbException;
+
+ /**
* Add an identity, and return the newly created result.
* @param identity The identity
* @return identity
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f751d390/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/AbstractIdentityBackend.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/AbstractIdentityBackend.java b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/AbstractIdentityBackend.java
index 7c0e6b3..5349e43 100644
--- a/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/AbstractIdentityBackend.java
+++ b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/AbstractIdentityBackend.java
@@ -23,6 +23,8 @@ import org.apache.kerby.config.Configured;
import org.apache.kerby.kerberos.kerb.KrbException;
import org.apache.kerby.kerberos.kerb.identity.BatchTrans;
import org.apache.kerby.kerberos.kerb.identity.KrbIdentity;
+import org.apache.kerby.kerberos.kerb.type.ad.AuthorizationData;
+import org.apache.kerby.kerberos.kerb.type.ticket.EncTicketPart;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -167,6 +169,38 @@ public abstract class AbstractIdentityBackend
* {@inheritDoc}
*/
@Override
+ public AuthorizationData getIdentityAuthorizationData(Object kdcRequest,
+ EncTicketPart encTicketPart) throws KrbException {
+ if (kdcRequest == null) {
+ throw new IllegalArgumentException("Invalid identity");
+ }
+
+ logger.debug("getIdentityAuthorizationData called, krbIdentity = {}",
+ kdcRequest);
+
+ AuthorizationData authData = doGetIdentityAuthorizationData(kdcRequest,
+ encTicketPart);
+ logger.debug("getIdentityAuthorizationData {}, authData = {}",
+ (authData != null ? "successful" : "failed"), authData);
+
+ return authData;
+ }
+
+ /**
+ * Get an identity's Authorization Data, invoked by getIdentityAuthorizationData.
+ * @param krbIdentity The KrbIdentity
+ * @param encTicketPart The EncTicketPart being built for the KrbIdentity
+ * @return The Authorization Data
+ * @throws KrbException e
+ */
+ protected AuthorizationData doGetIdentityAuthorizationData(
+ Object kdcRequest, EncTicketPart encTicketPart)
+ throws KrbException {
+ return null;
+ }
+
+ /** {@inheritDoc} */
+ @Override
public KrbIdentity addIdentity(KrbIdentity identity) throws KrbException {
if (identity == null) {
throw new IllegalArgumentException("null identity to add");
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f751d390/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/PreauthHandler.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/PreauthHandler.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/PreauthHandler.java
index 2844956..4f45026 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/PreauthHandler.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/PreauthHandler.java
@@ -131,18 +131,22 @@ public class PreauthHandler {
}
public static boolean isToken(PaData paData) {
- for (PaDataEntry paEntry : paData.getElements()) {
- if (paEntry.getPaDataType() == PaDataType.TOKEN_REQUEST) {
- return true;
+ if (paData != null) {
+ for (PaDataEntry paEntry : paData.getElements()) {
+ if (paEntry.getPaDataType() == PaDataType.TOKEN_REQUEST) {
+ return true;
+ }
}
}
return false;
}
public static boolean isPkinit(PaData paData) {
- for (PaDataEntry paEntry : paData.getElements()) {
- if (paEntry.getPaDataType() == PaDataType.PK_AS_REQ) {
- return true;
+ if (paData != null) {
+ for (PaDataEntry paEntry : paData.getElements()) {
+ if (paEntry.getPaDataType() == PaDataType.PK_AS_REQ) {
+ return true;
+ }
}
}
return false;
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f751d390/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java
index e374734..8d44d9f 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java
@@ -205,29 +205,31 @@ public abstract class KdcRequest {
private void kdcFindFast() throws KrbException {
PaData paData = getKdcReq().getPaData();
- for (PaDataEntry paEntry : paData.getElements()) {
- if (paEntry.getPaDataType() == PaDataType.FX_FAST) {
- LOG.info("Found fast padata and start to process it.");
- KrbFastArmoredReq fastArmoredReq = KrbCodec.decode(paEntry.getPaDataValue(),
- KrbFastArmoredReq.class);
- KrbFastArmor fastArmor = fastArmoredReq.getArmor();
- armorApRequest(fastArmor);
-
- EncryptedData encryptedData = fastArmoredReq.getEncryptedFastReq();
- KrbFastReq fastReq = KrbCodec.decode(
- EncryptionHandler.decrypt(encryptedData, getArmorKey(), KeyUsage.FAST_ENC),
- KrbFastReq.class);
- innerBodyout = KrbCodec.encode(fastReq.getKdcReqBody());
-
- // TODO: get checksumed data in stream
- CheckSum checkSum = fastArmoredReq.getReqChecksum();
- if (checkSum == null) {
- LOG.warn("Checksum is empty.");
- throw new KrbException(KrbErrorCode.KDC_ERR_PA_CHECKSUM_MUST_BE_INCLUDED);
+ if (paData != null) {
+ for (PaDataEntry paEntry : paData.getElements()) {
+ if (paEntry.getPaDataType() == PaDataType.FX_FAST) {
+ LOG.info("Found fast padata and start to process it.");
+ KrbFastArmoredReq fastArmoredReq = KrbCodec.decode(paEntry.getPaDataValue(),
+ KrbFastArmoredReq.class);
+ KrbFastArmor fastArmor = fastArmoredReq.getArmor();
+ armorApRequest(fastArmor);
+
+ EncryptedData encryptedData = fastArmoredReq.getEncryptedFastReq();
+ KrbFastReq fastReq = KrbCodec.decode(
+ EncryptionHandler.decrypt(encryptedData, getArmorKey(), KeyUsage.FAST_ENC),
+ KrbFastReq.class);
+ innerBodyout = KrbCodec.encode(fastReq.getKdcReqBody());
+
+ // TODO: get checksumed data in stream
+ CheckSum checkSum = fastArmoredReq.getReqChecksum();
+ if (checkSum == null) {
+ LOG.warn("Checksum is empty.");
+ throw new KrbException(KrbErrorCode.KDC_ERR_PA_CHECKSUM_MUST_BE_INCLUDED);
+ }
+ byte[] reqBody = KrbCodec.encode(getKdcReq().getReqBody());
+ CheckSumHandler.verifyWithKey(checkSum, reqBody,
+ getArmorKey().getKeyData(), KeyUsage.FAST_REQ_CHKSUM);
}
- byte[] reqBody = KrbCodec.encode(getKdcReq().getReqBody());
- CheckSumHandler.verifyWithKey(checkSum, reqBody,
- getArmorKey().getKeyData(), KeyUsage.FAST_REQ_CHKSUM);
}
}
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f751d390/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/TgsRequest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/TgsRequest.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/TgsRequest.java
index 21ff6fb..9d18057 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/TgsRequest.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/TgsRequest.java
@@ -101,7 +101,7 @@ public class TgsRequest extends KdcRequest {
*
* @return The tgt ticket.
*/
- protected Ticket getTgtTicket() {
+ public Ticket getTgtTicket() {
return tgtTicket;
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f751d390/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/TicketIssuer.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/TicketIssuer.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/TicketIssuer.java
index a9bae5b..5df40d6 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/TicketIssuer.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/TicketIssuer.java
@@ -26,6 +26,7 @@ import org.apache.kerby.kerberos.kerb.crypto.EncryptionHandler;
import org.apache.kerby.kerberos.kerb.server.KdcConfig;
import org.apache.kerby.kerberos.kerb.server.KdcContext;
import org.apache.kerby.kerberos.kerb.type.KerberosTime;
+import org.apache.kerby.kerberos.kerb.type.ad.AuthorizationData;
import org.apache.kerby.kerberos.kerb.type.base.EncryptedData;
import org.apache.kerby.kerberos.kerb.type.base.EncryptionKey;
import org.apache.kerby.kerberos.kerb.type.base.EncryptionType;
@@ -204,9 +205,21 @@ public abstract class TicketIssuer {
encTicketPart.setClientAddresses(hostAddresses);
}
+ AuthorizationData authData = makeAuthorizationData(kdcRequest,
+ encTicketPart);
+ if (authData != null) {
+ encTicketPart.setAuthorizationData(authData);
+ }
+
return encTicketPart;
}
+ protected AuthorizationData makeAuthorizationData(KdcRequest kdcRequest,
+ EncTicketPart encTicketPart) throws KrbException {
+ return getKdcContext().getIdentityService()
+ .getIdentityAuthorizationData(kdcRequest, encTicketPart);
+ }
+
protected KdcContext getKdcContext() {
return kdcRequest.getKdcContext();
}
[29/29] directory-kerby git commit: Merge remote-tracking branch
'asf/trunk' into kadmin-remote
Posted by pl...@apache.org.
Merge remote-tracking branch 'asf/trunk' into kadmin-remote
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/66790030
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/66790030
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/66790030
Branch: refs/heads/kadmin-remote
Commit: 66790030a91767dc0090e4e12c99fcb7707c8984
Parents: 2cb5c16 9d0f9d2
Author: plusplusjiajia <ji...@intel.com>
Authored: Tue Jun 7 10:28:02 2016 +0800
Committer: plusplusjiajia <ji...@intel.com>
Committed: Tue Jun 7 10:28:02 2016 +0800
----------------------------------------------------------------------
.gitignore | 1 -
NOTICE | 6 +
benchmark/pom.xml | 6 +-
kerby-backend/json-backend/pom.xml | 6 +
.../identitybackend/JsonIdentityBackend.java | 1 +
kerby-backend/ldap-backend/pom.xml | 6 +
kerby-backend/mavibot-backend/pom.xml | 7 +
.../kerberos/kdc/identitybackend/ZKConfKey.java | 6 +-
.../ZookeeperIdentityBackend.java | 36 +-
.../identity/backend/ZookeeperBackendTest.java | 26 +-
.../org/apache/kerby/asn1/Asn1FieldInfo.java | 12 +-
.../kerby/asn1/type/AbstractAsn1Type.java | 4 +
.../kerby/asn1/type/Asn1CollectionType.java | 53 ++-
.../apache/kerby/asn1/type/Asn1Constructed.java | 5 +
.../apache/kerby/asn1/type/Asn1Encodeable.java | 12 +-
.../org/apache/kerby/asn1/type/Asn1Simple.java | 1 +
kerby-common/kerby-config/pom.xml | 3 +-
kerby-dist/kdc-dist/conf/backend.conf | 6 +-
kerby-dist/tool-dist/bin/kinitConcurrent.cmd | 33 ++
kerby-dist/tool-dist/bin/kinitConcurrent.sh | 33 ++
kerby-dist/tool-dist/conf/krb5.conf | 5 +
.../kerby/kerberos/kdc/JsonBackendKdcTest.java | 2 +-
.../kerby/kerberos/kdc/LdapBackendKdcTest.java | 2 +-
.../kerby/kerberos/kdc/MultiKdcsTest.java | 50 +++
.../kerberos/kdc/ZookeeperBackendKdcTest.java | 31 +-
kerby-kdc-test/src/test/resources/kdc.conf | 29 ++
.../src/test/resources/krb5-multikdc.conf | 29 ++
.../kerberos/kdc/impl/NettyKdcHandler.java | 14 +
.../kerberos/kdc/impl/NettyKdcNetwork.java | 14 +-
.../kerberos/kdc/impl/NettyKdcServerImpl.java | 14 +-
.../kdc/impl/NettyKdcUdpServerHandler.java | 14 +
kerby-kerb/integration-test/pom.xml | 6 +
.../kerb/integration/test/SaslAppTest.java | 5 +-
.../kerb/admin/kadmin/KadminOption.java | 1 +
.../kerb/admin/kadmin/local/LocalKadmin.java | 2 +
.../admin/kadmin/local/LocalKadminImpl.java | 8 +
kerby-kerb/kerb-client-api-all/pom.xml | 3 +-
kerby-kerb/kerb-client/pom.xml | 6 +
.../kerby/kerberos/kerb/client/ClientUtil.java | 108 +++++-
.../kerby/kerberos/kerb/client/KrbConfig.java | 32 ++
.../kerby/kerberos/kerb/client/KrbHandler.java | 12 +-
.../client/impl/DefaultInternalKrbClient.java | 55 +++-
.../kerb/client/impl/DefaultKrbHandler.java | 4 +-
.../client/preauth/pkinit/PkinitPreauth.java | 29 +-
.../kerberos/kerb/client/KrbConfigLoadTest.java | 4 +-
.../kerby/kerberos/kerb/common/Krb5Conf.java | 14 +-
.../kerby/kerberos/kerb/common/Krb5Parser.java | 35 +-
.../kerby/kerberos/kerb/request/ApRequest.java | 130 ++++++++
.../kerberos/kerb/response/ApResponse.java | 80 +++++
.../kerberos/kerb/transport/KdcNetwork.java | 6 +
.../kerberos/kerb/transport/KrbNetwork.java | 18 +-
.../kerby/kerberos/kerb/Krb5ParserTest.java | 10 +-
.../kerby/kerberos/kerb/KrbErrorCode.java | 4 +-
.../kerby/kerberos/kerb/KrbException.java | 8 +
.../kerberos/kerb/type/EncKrbPrivPart.java | 122 +++++++
.../kerby/kerberos/kerb/type/KrbPriv.java | 94 ++++++
.../kerby/kerberos/kerb/type/ad/ADAndOr.java | 78 +++++
.../kerb/type/ad/ADAuthenticationIndicator.java | 82 +++++
.../kerby/kerberos/kerb/type/ad/ADCamMac.java | 187 +++++++++++
.../kerb/type/ad/ADEnctypeNegotiation.java | 83 +++++
.../type/ad/ADIntendedForApplicationClass.java | 179 ++++++++++
.../kerb/type/ad/ADIntendedForServer.java | 162 +++++++++
.../kerberos/kerb/type/ad/ADKdcIssued.java | 169 ++++++++++
.../kerby/kerberos/kerb/type/ad/AndOr.java | 87 +++++
.../kerb/type/ad/AuthorizationData.java | 10 +
.../kerb/type/ad/AuthorizationDataEntry.java | 49 ++-
.../kerb/type/ad/AuthorizationDataWrapper.java | 118 +++++++
.../kerb/type/ad/AuthorizationType.java | 217 +++++++++++-
.../kerb/type/ad/CamMacOtherVerifiers.java | 30 ++
.../kerb/type/ad/CamMacVerifierChoice.java | 67 ++++
.../kerb/type/ad/CamMacVerifierMac.java | 107 ++++++
.../kerberos/kerb/type/ad/PrincipalList.java | 31 ++
.../kerby/kerberos/kerb/type/base/KeyUsage.java | 3 +-
.../kerby/kerberos/kerb/type/base/KrbError.java | 18 +-
.../kerby/kerberos/kerb/codec/ADTest.java | 143 ++++++++
.../codec/PkinitAnonymousAsRepCodecTest.java | 2 +-
.../codec/PkinitAnonymousAsReqCodecTest.java | 22 +-
.../kerb/identity/CacheableIdentityService.java | 13 +
.../kerberos/kerb/identity/IdentityService.java | 12 +
.../backend/AbstractIdentityBackend.java | 34 ++
.../src/main/resources/log4j.properties | 23 --
kerby-kerb/kerb-kdc-test/pom.xml | 14 +-
.../kerberos/kerb/server/ApRequestTest.java | 75 +++++
.../kerby/kerberos/kerb/server/KdcTestBase.java | 21 +-
.../RepeatLoginWithDefaultKdcNetworkTest.java | 34 ++
.../RepeatLoginWithNettyKdcNetworkTest.java | 43 +++
.../kerberos/kerb/server/TestKdcServer.java | 13 +-
kerby-kerb/kerb-server-api-all/pom.xml | 3 +-
kerby-kerb/kerb-server/pom.xml | 6 +
.../kerby/kerberos/kerb/server/KdcHandler.java | 30 +-
.../impl/DefaultInternalKdcServerImpl.java | 19 +-
.../kerb/server/preauth/PreauthHandler.java | 16 +-
.../kerb/server/preauth/token/TokenPreauth.java | 4 +-
.../kerberos/kerb/server/request/AsRequest.java | 4 +
.../kerb/server/request/KdcRequest.java | 67 ++--
.../kerb/server/request/TgsRequest.java | 8 +-
.../kerb/server/request/TicketIssuer.java | 13 +
.../kerby/kerberos/kerb/client/Krb5Conf.java | 2 +-
.../kerberos/kerb/server/SimpleKdcServer.java | 13 +-
.../src/main/resources/krb5-template.conf | 29 ++
.../kerb-simplekdc/src/main/resources/krb5.conf | 29 --
.../src/main/resources/krb5_udp-template.conf | 29 ++
.../src/main/resources/krb5_udp.conf | 29 --
kerby-pkix/pom.xml | 6 +
.../tool/kinit/KinitToolWithConcurrence.java | 329 +++++++++++++++++++
.../kerby/kerberos/tool/kadmin/KadminTool.java | 6 +
.../kadmin/command/AddPrincipalsCommand.java | 112 +++++++
pom.xml | 12 +-
108 files changed, 3845 insertions(+), 310 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/66790030/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/KadminOption.java
----------------------------------------------------------------------
diff --cc kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/KadminOption.java
index b84ee7c,0000000..f6caa87
mode 100644,000000..100644
--- a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/KadminOption.java
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/KadminOption.java
@@@ -1,75 -1,0 +1,76 @@@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.kadmin;
+
+import org.apache.kerby.KOption;
+import org.apache.kerby.KOptionInfo;
+import org.apache.kerby.KOptionType;
+
+public enum KadminOption implements KOption {
+ NONE(null),
+ EXPIRE(new KOptionInfo("-expire", "expire time", KOptionType.DATE)),
+ DISABLED(new KOptionInfo("-disabled", "disabled", KOptionType.BOOL)),
+ LOCKED(new KOptionInfo("-locked", "locked", KOptionType.BOOL)),
+ FORCE(new KOptionInfo("-force", "force", KOptionType.NOV)),
+ KVNO(new KOptionInfo("-kvno", "initial key version number", KOptionType.INT)),
++ SIZE(new KOptionInfo("-size", "principal's numbers", KOptionType.STR)),
+ PW(new KOptionInfo("-pw", "password", KOptionType.STR)),
+ RANDKEY(new KOptionInfo("-randkey", "random key", KOptionType.NOV)),
+ KEEPOLD(new KOptionInfo("-keepold", "keep old passowrd", KOptionType.NOV)),
+ KEYSALTLIST(new KOptionInfo("-e", "key saltlist", KOptionType.STR)),
+ K(new KOptionInfo("-k", "keytab file path", KOptionType.STR)),
+ KEYTAB(new KOptionInfo("-keytab", "keytab file path", KOptionType.STR)),
+ CCACHE(new KOptionInfo("-c", "credentials cache", KOptionType.FILE));
+
+ private final KOptionInfo optionInfo;
+
+ KadminOption(KOptionInfo optionInfo) {
+ this.optionInfo = optionInfo;
+ }
+
+ @Override
+ public KOptionInfo getOptionInfo() {
+ return optionInfo;
+ }
+
+ public static KadminOption fromName(String name) {
+ if (name != null) {
+ for (KadminOption ko : values()) {
+ if (ko.optionInfo != null
+ && ko.optionInfo.getName().equals(name)) {
+ return ko;
+ }
+ }
+ }
+ return NONE;
+ }
+
+ public static KadminOption fromOptionName(String optionName) {
+ if (optionName != null) {
+ for (KadminOption ko : values()) {
+ if (ko.optionInfo != null
+ && ko.optionInfo.getName().equals(optionName)) {
+ return ko;
+ }
+ }
+ }
+ return NONE;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/66790030/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/local/LocalKadmin.java
----------------------------------------------------------------------
diff --cc kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/local/LocalKadmin.java
index c3d0afa,0000000..5fd2d0d
mode 100644,000000..100644
--- a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/local/LocalKadmin.java
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/local/LocalKadmin.java
@@@ -1,86 -1,0 +1,88 @@@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.kadmin.local;
+
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.admin.kadmin.Kadmin;
+import org.apache.kerby.kerberos.kerb.identity.KrbIdentity;
+import org.apache.kerby.kerberos.kerb.identity.backend.BackendConfig;
+import org.apache.kerby.kerberos.kerb.identity.backend.IdentityBackend;
+import org.apache.kerby.kerberos.kerb.server.KdcConfig;
+
+/**
+ * Server side admin facilities for local, similar to MIT kadmin local mode. It
+ * may be not accurate regarding 'local' because, if the identity backend itself
+ * is supported to be accessed from remote, it won't have to be remote; but if
+ * not, then it must be local to the KDC admin bounded with the local backend.
+ *
+ * Note, suitable with Kerby AdminServerImpl based KDCs like Kerby KDC.
+ */
+public interface LocalKadmin extends Kadmin {
+
+ /**
+ * Check the built-in principals, will throw KrbException if not exist.
+ * @throws KrbException e
+ */
+ void checkBuiltinPrincipals() throws KrbException;
+
+ /**
+ * Create build-in principals.
+ * @throws KrbException e
+ */
+ void createBuiltinPrincipals() throws KrbException;
+
+ /**
+ * Delete build-in principals.
+ * @throws KrbException e
+ */
+ void deleteBuiltinPrincipals() throws KrbException;
+
+ /**
+ * Get kdc config.
+ *
+ * @return The kdc config.
+ */
+ KdcConfig getKdcConfig();
+
+ /**
+ * Get backend config.
+ *
+ * @return The backend config.
+ */
+ BackendConfig getBackendConfig();
+
+ /**
+ * Get identity backend.
+ *
+ * @return IdentityBackend
+ */
+ IdentityBackend getIdentityBackend();
+
+ /**
+ * Get the identity from backend.
+ *
+ * @param principalName The principal name
+ * @return identity
+ * @throws KrbException e
+ */
+ KrbIdentity getPrincipal(String principalName) throws KrbException;
++
++ int size() throws KrbException;
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/66790030/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/local/LocalKadminImpl.java
----------------------------------------------------------------------
diff --cc kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/local/LocalKadminImpl.java
index 657ad6d,0000000..84c7d36
mode 100644,000000..100644
--- a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/local/LocalKadminImpl.java
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/kadmin/local/LocalKadminImpl.java
@@@ -1,401 -1,0 +1,409 @@@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kerb.admin.kadmin.local;
+
+import org.apache.kerby.KOptions;
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.identity.backend.IdentityBackend;
+import org.apache.kerby.kerberos.kerb.keytab.Keytab;
+import org.apache.kerby.kerberos.kerb.server.KdcConfig;
+import org.apache.kerby.kerberos.kerb.server.KdcSetting;
+import org.apache.kerby.kerberos.kerb.server.KdcUtil;
+import org.apache.kerby.kerberos.kerb.server.ServerSetting;
+import org.apache.kerby.kerberos.kerb.type.base.EncryptionKey;
+import org.apache.kerby.kerberos.kerb.common.EncryptionUtil;
+import org.apache.kerby.kerberos.kerb.common.KrbUtil;
+import org.apache.kerby.kerberos.kerb.identity.KrbIdentity;
+import org.apache.kerby.kerberos.kerb.identity.backend.BackendConfig;
+import org.apache.kerby.kerberos.kerb.type.base.PrincipalName;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.File;
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+/**
+ * The implementation of admin side admin facilities for local mode.
+ */
+public class LocalKadminImpl implements LocalKadmin {
+ private static final Logger LOG = LoggerFactory.getLogger(LocalKadminImpl.class);
+
+ private final ServerSetting serverSetting;
+ private final IdentityBackend backend;
+
+ /**
+ * Construct with prepared AdminServerConfig and BackendConfig.
+ *
+ * @param kdcConfig The kdc config
+ * @param backendConfig The backend config
+ * @throws KrbException e
+ */
+ public LocalKadminImpl(KdcConfig kdcConfig,
+ BackendConfig backendConfig) throws KrbException {
+ this.backend = KdcUtil.getBackend(backendConfig);
+ this.serverSetting = new KdcSetting(kdcConfig, backendConfig);
+ }
+
+ //
+ public LocalKadminImpl(ServerSetting serverSetting) throws KrbException {
+ this.backend = KdcUtil.getBackend(serverSetting.getBackendConfig());
+ this.serverSetting = serverSetting;
+ }
+
+ /**
+ * Construct with prepared conf dir.
+ *
+ * @param confDir The path of conf dir
+ * @throws KrbException e
+ */
+ public LocalKadminImpl(File confDir) throws KrbException {
+ KdcConfig tmpKdcConfig = KdcUtil.getKdcConfig(confDir);
+ if (tmpKdcConfig == null) {
+ tmpKdcConfig = new KdcConfig();
+ }
+
+ BackendConfig tmpBackendConfig = KdcUtil.getBackendConfig(confDir);
+ if (tmpBackendConfig == null) {
+ tmpBackendConfig = new BackendConfig();
+ }
+
+ this.serverSetting = new KdcSetting(tmpKdcConfig, tmpBackendConfig);
+
+ backend = KdcUtil.getBackend(tmpBackendConfig);
+ }
+
+ /**
+ * Construct with prepared AdminServerSetting and Backend.
+ *
+ * @param kdcSetting The kdc setting
+ * @param backend The identity backend
+ */
+ public LocalKadminImpl(KdcSetting kdcSetting, IdentityBackend backend) {
+ this.serverSetting = kdcSetting;
+ this.backend = backend;
+ }
+
+ /**
+ * Get the tgs principal name.
+ */
+ private String getTgsPrincipal() {
+ return KrbUtil.makeTgsPrincipal(serverSetting.getKdcRealm()).getName();
+ }
+
+ // TODO: 2016/3/14 check whether it is possible to return getAdminServerRealm
+ @Override
+ public String getKadminPrincipal() {
+ return KrbUtil.makeKadminPrincipal(serverSetting.getKdcRealm()).getName();
+ }
+
+ @Override
+ public void checkBuiltinPrincipals() throws KrbException {
+ String tgsPrincipal = getTgsPrincipal();
+ String kadminPrincipal = getKadminPrincipal();
+ if (backend.getIdentity(tgsPrincipal) == null
+ || backend.getIdentity(kadminPrincipal) == null) {
+ String errorMsg = "The built-in principals do not exist in backend,"
+ + " please run the kdcinit tool.";
+ LOG.error(errorMsg);
+ throw new KrbException(errorMsg);
+ }
+ }
+
+ @Override
+ public void createBuiltinPrincipals() throws KrbException {
+ String tgsPrincipal = getTgsPrincipal();
+ if (backend.getIdentity(tgsPrincipal) == null) {
+ addPrincipal(tgsPrincipal);
+ } else {
+ String errorMsg = "The tgs principal already exists in backend.";
+ LOG.error(errorMsg);
+ throw new KrbException(errorMsg);
+ }
+
+ String kadminPrincipal = getKadminPrincipal();
+ if (backend.getIdentity(kadminPrincipal) == null) {
+ addPrincipal(kadminPrincipal);
+ } else {
+ String errorMsg = "The kadmin principal already exists in backend.";
+ LOG.error(errorMsg);
+ throw new KrbException(errorMsg);
+ }
+ }
+
+ @Override
+ public void deleteBuiltinPrincipals() throws KrbException {
+ deletePrincipal(getTgsPrincipal());
+ deletePrincipal(getKadminPrincipal());
+ }
+
+ @Override
+ public KdcConfig getKdcConfig() {
+ return serverSetting.getKdcConfig();
+ }
+
+ @Override
+ public BackendConfig getBackendConfig() {
+ return serverSetting.getBackendConfig();
+ }
+
+ @Override
+ public IdentityBackend getIdentityBackend() {
+ return backend;
+ }
+
+ @Override
+ public void addPrincipal(String principal) throws KrbException {
+ principal = fixPrincipal(principal);
+ addPrincipal(principal, new KOptions());
+ }
+
+ @Override
+ public void addPrincipal(String principal, KOptions kOptions)
+ throws KrbException {
+ principal = fixPrincipal(principal);
+ KrbIdentity identity = AdminHelper.createIdentity(principal, kOptions);
+ List<EncryptionKey> keys = EncryptionUtil.generateKeys(
+ getKdcConfig().getEncryptionTypes());
+ identity.addKeys(keys);
+ backend.addIdentity(identity);
+ System.out.println("add backend success"); //delete
+ }
+
+ @Override
+ public void addPrincipal(String principal, String password)
+ throws KrbException {
+ principal = fixPrincipal(principal);
+ addPrincipal(principal, password, new KOptions());
+ }
+
+ @Override
+ public void addPrincipal(String principal, String password, KOptions kOptions)
+ throws KrbException {
+ principal = fixPrincipal(principal);
+ KrbIdentity identity = AdminHelper.createIdentity(principal, kOptions);
+ List<EncryptionKey> keys = EncryptionUtil.generateKeys(principal, password,
+ getKdcConfig().getEncryptionTypes());
+ identity.addKeys(keys);
+ backend.addIdentity(identity);
+ }
+
+ @Override
+ public void exportKeytab(File keytabFile, String principal)
+ throws KrbException {
+ principal = fixPrincipal(principal);
+ List<String> principals = new ArrayList<>(1);
+ principals.add(principal);
+ exportKeytab(keytabFile, principals);
+ }
+
+ @Override
+ public void exportKeytab(File keytabFile, List<String> principals)
+ throws KrbException {
+ //Get Identity
+ List<KrbIdentity> identities = new LinkedList<>();
+ for (String principal : principals) {
+ KrbIdentity identity = backend.getIdentity(principal);
+ if (identity == null) {
+ throw new KrbException("Can not find the identity for pincipal "
+ + principal);
+ }
+ identities.add(identity);
+ }
+
+ AdminHelper.exportKeytab(keytabFile, identities);
+ }
+
+ @Override
+ public void exportKeytab(File keytabFile) throws KrbException {
+ Keytab keytab = AdminHelper.createOrLoadKeytab(keytabFile);
+
+ Iterable<String> principals = backend.getIdentities();
+ for (String principal : principals) {
+ KrbIdentity identity = backend.getIdentity(principal);
+ if (identity != null) {
+ AdminHelper.exportToKeytab(keytab, identity);
+ }
+ }
+
+ AdminHelper.storeKeytab(keytab, keytabFile);
+ }
+
+ @Override
+ public void removeKeytabEntriesOf(File keytabFile, String principal)
+ throws KrbException {
+ principal = fixPrincipal(principal);
+ AdminHelper.removeKeytabEntriesOf(keytabFile, principal);
+ }
+
+ @Override
+ public void removeKeytabEntriesOf(File keytabFile, String principal, int kvno)
+ throws KrbException {
+ principal = fixPrincipal(principal);
+ AdminHelper.removeKeytabEntriesOf(keytabFile, principal, kvno);
+ }
+
+ @Override
+ public void removeOldKeytabEntriesOf(File keytabFile, String principal)
+ throws KrbException {
+ principal = fixPrincipal(principal);
+ AdminHelper.removeOldKeytabEntriesOf(keytabFile, principal);
+ }
+
+ @Override
+ public void deletePrincipal(String principal) throws KrbException {
+ principal = fixPrincipal(principal);
+ backend.deleteIdentity(principal);
+ }
+
+ @Override
+ public void modifyPrincipal(String principal, KOptions kOptions)
+ throws KrbException {
+ principal = fixPrincipal(principal);
+ KrbIdentity identity = backend.getIdentity(principal);
+ if (identity == null) {
+ throw new KrbException("Principal \""
+ + principal + "\" does not exist.");
+ }
+ AdminHelper.updateIdentity(identity, kOptions);
+ backend.updateIdentity(identity);
+ }
+
+ @Override
+ public void renamePrincipal(String oldPrincipalName, String newPrincipalName)
+ throws KrbException {
+ oldPrincipalName = fixPrincipal(oldPrincipalName);
+ newPrincipalName = fixPrincipal(newPrincipalName);
+ KrbIdentity oldIdentity = backend.getIdentity(newPrincipalName);
+ if (oldIdentity != null) {
+ throw new KrbException("Principal \""
+ + oldIdentity.getPrincipalName() + "\" is already exist.");
+ }
+ KrbIdentity identity = backend.getIdentity(oldPrincipalName);
+ if (identity == null) {
+ throw new KrbException("Principal \""
+ + oldPrincipalName + "\" does not exist.");
+ }
+ backend.deleteIdentity(oldPrincipalName);
+
+ identity.setPrincipalName(newPrincipalName);
+ identity.setPrincipal(new PrincipalName(newPrincipalName));
+ backend.addIdentity(identity);
+ }
+
+ @Override
+ public KrbIdentity getPrincipal(String principalName) throws KrbException {
+ KrbIdentity identity = backend.getIdentity(principalName);
+ return identity;
+ }
+
+ @Override
+ public List<String> getPrincipals() throws KrbException {
+ Iterable<String> principalNames = backend.getIdentities();
+ List<String> principalList = new LinkedList<>();
+ Iterator<String> iterator = principalNames.iterator();
+ while (iterator.hasNext()) {
+ principalList.add(iterator.next());
+ }
+ return principalList;
+ }
+
+ @Override
+ public List<String> getPrincipals(String globString) throws KrbException {
+ Pattern pt = AdminHelper.getPatternFromGlobPatternString(globString);
+ if (pt == null) {
+ return getPrincipals();
+ }
+
+ Boolean containsAt = pt.pattern().indexOf('@') != -1;
+ List<String> result = new LinkedList<>();
+
+ List<String> principalNames = getPrincipals();
+ for (String principal: principalNames) {
+ String toMatch = containsAt ? principal : principal.split("@")[0];
+ Matcher m = pt.matcher(toMatch);
+ if (m.matches()) {
+ result.add(principal);
+ }
+ }
+ return result;
+ }
+
+ @Override
+ public void changePassword(String principal,
+ String newPassword) throws KrbException {
+ principal = fixPrincipal(principal);
+ KrbIdentity identity = backend.getIdentity(principal);
+ if (identity == null) {
+ throw new KrbException("Principal " + principal
+ + "was not found. Please check the input and try again");
+ }
+ List<EncryptionKey> keys = EncryptionUtil.generateKeys(principal, newPassword,
+ getKdcConfig().getEncryptionTypes());
+ identity.addKeys(keys);
+
+ backend.updateIdentity(identity);
+ }
+
+ @Override
+ public void updateKeys(String principal) throws KrbException {
+ principal = fixPrincipal(principal);
+ KrbIdentity identity = backend.getIdentity(principal);
+ if (identity == null) {
+ throw new KrbException("Principal " + principal
+ + "was not found. Please check the input and try again");
+ }
+ List<EncryptionKey> keys = EncryptionUtil.generateKeys(
+ getKdcConfig().getEncryptionTypes());
+ identity.addKeys(keys);
+ backend.updateIdentity(identity);
+ }
+
+ @Override
+ public void release() throws KrbException {
+ if (backend != null) {
+ backend.stop();
+ }
+ }
+
+ /**
++ * get size of principal
++ */
++ @Override
++ public int size() throws KrbException {
++ return this.getPrincipals().size();
++ }
++
++ /**
+ * Fix principal name, making it complete.
+ *
+ * @param principal The principal name
+ */
+ private String fixPrincipal(String principal) {
+ if (!principal.contains("@")) {
+ principal += "@" + serverSetting.getKdcRealm();
+ }
+ return principal;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/66790030/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/transport/KdcNetwork.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/66790030/kerby-kerb/kerb-simplekdc/src/main/java/org/apache/kerby/kerberos/kerb/server/SimpleKdcServer.java
----------------------------------------------------------------------
diff --cc kerby-kerb/kerb-simplekdc/src/main/java/org/apache/kerby/kerberos/kerb/server/SimpleKdcServer.java
index 2d1f175,c342d8b..4de8e7f
--- a/kerby-kerb/kerb-simplekdc/src/main/java/org/apache/kerby/kerberos/kerb/server/SimpleKdcServer.java
+++ b/kerby-kerb/kerb-simplekdc/src/main/java/org/apache/kerby/kerberos/kerb/server/SimpleKdcServer.java
@@@ -20,10 -20,11 +20,11 @@@
package org.apache.kerby.kerberos.kerb.server;
import org.apache.kerby.kerberos.kerb.KrbException;
-import org.apache.kerby.kerberos.kerb.admin.LocalKadmin;
-import org.apache.kerby.kerberos.kerb.admin.LocalKadminImpl;
+import org.apache.kerby.kerberos.kerb.admin.kadmin.local.LocalKadmin;
+import org.apache.kerby.kerberos.kerb.admin.kadmin.local.LocalKadminImpl;
import org.apache.kerby.kerberos.kerb.client.Krb5Conf;
import org.apache.kerby.kerberos.kerb.client.KrbClient;
+ import org.apache.kerby.kerberos.kerb.client.KrbConfig;
import org.apache.kerby.kerberos.kerb.client.KrbPkinitClient;
import org.apache.kerby.kerberos.kerb.client.KrbTokenClient;
import org.apache.kerby.util.NetworkUtil;
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/66790030/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/KadminTool.java
----------------------------------------------------------------------
[24/29] directory-kerby git commit: DIRKRB-577 Improve for better
latency measuring in kerby KDC. Contributed by Qing.
Posted by pl...@apache.org.
DIRKRB-577 Improve for better latency measuring in kerby KDC. Contributed by Qing.
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/002b873f
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/002b873f
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/002b873f
Branch: refs/heads/kadmin-remote
Commit: 002b873f2378d427053b457223b3d860977db951
Parents: 7414732
Author: plusplusjiajia <ji...@intel.com>
Authored: Fri Jun 3 16:21:06 2016 +0800
Committer: plusplusjiajia <ji...@intel.com>
Committed: Fri Jun 3 16:21:06 2016 +0800
----------------------------------------------------------------------
.../kerberos/tool/kinit/KinitToolWithConcurrence.java | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/002b873f/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/kinit/KinitToolWithConcurrence.java
----------------------------------------------------------------------
diff --git a/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/kinit/KinitToolWithConcurrence.java b/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/kinit/KinitToolWithConcurrence.java
index 7427307..08bbb8f 100644
--- a/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/kinit/KinitToolWithConcurrence.java
+++ b/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/kinit/KinitToolWithConcurrence.java
@@ -234,7 +234,7 @@ public class KinitToolWithConcurrence {
Long now = System.currentTimeMillis();
for (int j = 0; j < threadNumbers; j++) {
- delayNumbers[j] = reList[j * INTERVAL] - delayNumbers[j];
+ delayNumbers[j] = reList[j * INTERVAL] - tempDelayNumbers[j];
tempDelayNumbers[j] = reList[j * INTERVAL];
}
@@ -243,7 +243,8 @@ public class KinitToolWithConcurrence {
}
float res = (now - startTime) / 1000;
- int totalDelay = 0;
+ double totalDelay = 0.0;
+ int cutThreads = 0;
for (int j = 0; j < threadNumbers; j++) {
if (delayNumbers[j] != 0) {
if (delayNumbers[max] < delayNumbers[j]) {
@@ -252,12 +253,14 @@ public class KinitToolWithConcurrence {
if (delayNumbers[min] == 0 || delayNumbers[min] > delayNumbers[j]) {
min = j;
}
- totalDelay += (now - startTime) / delayNumbers[j];
+ totalDelay += (now - startTime) * 1.0 / delayNumbers[j];
+ } else {
+ cutThreads += 1;
}
}
if (delayNumbers[min] != 0 && delayNumbers[max] != 0) {
System.out.println((now - timeStamp) / 1000 + "," + (temp - tmpTotals) / res
- + "," + totalDelay / threadNumbers
+ + "," + (int) (totalDelay / (threadNumbers - cutThreads))
+ "," + (now - startTime) / delayNumbers[min] + "," + (now - startTime) / delayNumbers[max]);
}
[23/29] directory-kerby git commit: DIRKRB-574 Implement a concurrent
test to benchmark throughput and latency of kerby KDC. Contributed by Qing.
Posted by pl...@apache.org.
DIRKRB-574 Implement a concurrent test to benchmark throughput and latency of kerby KDC. Contributed by Qing.
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/74147325
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/74147325
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/74147325
Branch: refs/heads/kadmin-remote
Commit: 741473254f5891a748aa2942cefe25e3f3e70323
Parents: f751d39
Author: plusplusjiajia <ji...@intel.com>
Authored: Wed Jun 1 09:51:16 2016 +0800
Committer: plusplusjiajia <ji...@intel.com>
Committed: Wed Jun 1 09:51:16 2016 +0800
----------------------------------------------------------------------
.../identitybackend/JsonIdentityBackend.java | 1 +
kerby-dist/tool-dist/bin/kinitConcurrent.cmd | 33 ++
kerby-dist/tool-dist/bin/kinitConcurrent.sh | 33 ++
.../kerby/kerberos/kerb/admin/KadminOption.java | 1 +
.../kerby/kerberos/kerb/admin/LocalKadmin.java | 2 +
.../kerberos/kerb/admin/LocalKadminImpl.java | 8 +
.../tool/kinit/KinitToolWithConcurrence.java | 326 +++++++++++++++++++
.../kerby/kerberos/tool/kadmin/KadminTool.java | 6 +
.../kadmin/command/AddPrincipalsCommand.java | 112 +++++++
9 files changed, 522 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/74147325/kerby-backend/json-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/JsonIdentityBackend.java
----------------------------------------------------------------------
diff --git a/kerby-backend/json-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/JsonIdentityBackend.java b/kerby-backend/json-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/JsonIdentityBackend.java
index ad61967..3908cc5 100644
--- a/kerby-backend/json-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/JsonIdentityBackend.java
+++ b/kerby-backend/json-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/JsonIdentityBackend.java
@@ -244,6 +244,7 @@ public class JsonIdentityBackend extends AbstractIdentityBackend {
*/
@Override
protected Iterable<String> doGetIdentities() throws KrbException {
+ load();
List<String> principals = new ArrayList<>(identities.keySet());
Collections.sort(principals);
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/74147325/kerby-dist/tool-dist/bin/kinitConcurrent.cmd
----------------------------------------------------------------------
diff --git a/kerby-dist/tool-dist/bin/kinitConcurrent.cmd b/kerby-dist/tool-dist/bin/kinitConcurrent.cmd
new file mode 100644
index 0000000..359e370
--- /dev/null
+++ b/kerby-dist/tool-dist/bin/kinitConcurrent.cmd
@@ -0,0 +1,33 @@
+@echo off
+@rem Licensed to the Apache Software Foundation (ASF) under one
+@rem or more contributor license agreements. See the NOTICE file
+@rem distributed with this work for additional information
+@rem regarding copyright ownership. The ASF licenses this file
+@rem to you under the Apache License, Version 2.0 (the
+@rem "License"); you may not use this file except in compliance
+@rem with the License. You may obtain a copy of the License at
+@rem
+@rem http://www.apache.org/licenses/LICENSE-2.0
+@rem
+@rem Unless required by applicable law or agreed to in writing,
+@rem software distributed under the License is distributed on an
+@rem "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+@rem KIND, either express or implied. See the License for the
+@rem specific language governing permissions and limitations
+@rem under the License.
+@rem
+
+set DEBUG=
+set args=%*
+for %%a in (%*) do (
+ if -D == %%a (
+ set DEBUG=-Xdebug -Xrunjdwp:transport=dt_socket,address=8002,server=y,suspend=y
+ set args=%args:-D=%
+ )
+)
+
+java %DEBUG% ^
+-classpath target\lib\* ^
+-DKERBY_LOGFILE=kinit ^
+org.apache.kerby.kerberos.tool.kinit.KinitToolWithConcurrence %args%
+
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/74147325/kerby-dist/tool-dist/bin/kinitConcurrent.sh
----------------------------------------------------------------------
diff --git a/kerby-dist/tool-dist/bin/kinitConcurrent.sh b/kerby-dist/tool-dist/bin/kinitConcurrent.sh
new file mode 100644
index 0000000..7c46052
--- /dev/null
+++ b/kerby-dist/tool-dist/bin/kinitConcurrent.sh
@@ -0,0 +1,33 @@
+#!/usr/bin/env bash
+
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+DEBUG=
+args=
+for var in $*; do
+ if [ X"$var" = X"-D" ]; then
+ DEBUG="-Xdebug -Xrunjdwp:transport=dt_socket,address=8002,server=y,suspend=y"
+ else
+ args="$args $var"
+ fi
+done
+
+java $DEBUG \
+-classpath target/lib/*:. \
+-DKERBY_LOGFILE=kinit \
+org.apache.kerby.kerberos.tool.kinit.KinitToolWithConcurrence $args
+
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/74147325/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/KadminOption.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/KadminOption.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/KadminOption.java
index bdab4d6..0c11fe7 100644
--- a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/KadminOption.java
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/KadminOption.java
@@ -30,6 +30,7 @@ public enum KadminOption implements KOption {
LOCKED(new KOptionInfo("-locked", "locked", KOptionType.BOOL)),
FORCE(new KOptionInfo("-force", "force", KOptionType.NOV)),
KVNO(new KOptionInfo("-kvno", "initial key version number", KOptionType.INT)),
+ SIZE(new KOptionInfo("-size", "principal's numbers", KOptionType.STR)),
PW(new KOptionInfo("-pw", "password", KOptionType.STR)),
RANDKEY(new KOptionInfo("-randkey", "random key", KOptionType.NOV)),
KEEPOLD(new KOptionInfo("-keepold", "keep old passowrd", KOptionType.NOV)),
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/74147325/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/LocalKadmin.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/LocalKadmin.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/LocalKadmin.java
index 6125f0b..d8d38f1 100644
--- a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/LocalKadmin.java
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/LocalKadmin.java
@@ -82,4 +82,6 @@ public interface LocalKadmin extends Kadmin {
* @throws KrbException e
*/
KrbIdentity getPrincipal(String principalName) throws KrbException;
+
+ int size() throws KrbException;
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/74147325/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/LocalKadminImpl.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/LocalKadminImpl.java b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/LocalKadminImpl.java
index 5ba4eb8..9f0f89e 100644
--- a/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/LocalKadminImpl.java
+++ b/kerby-kerb/kerb-admin/src/main/java/org/apache/kerby/kerberos/kerb/admin/LocalKadminImpl.java
@@ -379,6 +379,14 @@ public class LocalKadminImpl implements LocalKadmin {
}
/**
+ * get size of principal
+ */
+ @Override
+ public int size() throws KrbException {
+ return this.getPrincipals().size();
+ }
+
+ /**
* Fix principal name, making it complete.
*
* @param principal The principal name
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/74147325/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/kinit/KinitToolWithConcurrence.java
----------------------------------------------------------------------
diff --git a/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/kinit/KinitToolWithConcurrence.java b/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/kinit/KinitToolWithConcurrence.java
new file mode 100644
index 0000000..7427307
--- /dev/null
+++ b/kerby-tool/client-tool/src/main/java/org/apache/kerby/kerberos/tool/kinit/KinitToolWithConcurrence.java
@@ -0,0 +1,326 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.tool.kinit;
+
+import org.apache.kerby.KOption;
+import org.apache.kerby.KOptionGroup;
+import org.apache.kerby.KOptionInfo;
+import org.apache.kerby.KOptionType;
+import org.apache.kerby.KOptions;
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.client.KrbClient;
+import org.apache.kerby.kerberos.kerb.client.KrbKdcOption;
+import org.apache.kerby.kerberos.kerb.client.KrbOption;
+import org.apache.kerby.kerberos.kerb.client.KrbOptionGroup;
+import org.apache.kerby.kerberos.kerb.client.PkinitOption;
+import org.apache.kerby.kerberos.kerb.client.TokenOption;
+import org.apache.kerby.util.OSUtil;
+import java.io.File;
+import java.util.concurrent.locks.Lock;
+import java.util.concurrent.locks.ReentrantLock;
+
+/**
+ * kinit like tool with concurrence
+ *
+ * Ref. MIT kinit command tool usage.aa
+ */
+public class KinitToolWithConcurrence {
+ /**
+ * control the number of request
+ */
+ private static int[] reList = new int[100000];
+ private static String[] prList = new String[10000];
+ private static KOptions ktOptions = new KOptions();
+ private static int thFlag = 0;
+ private static Long startTime = 0L;
+ private static Lock lock = new ReentrantLock();
+ private static int tmpTotals = 0;
+ private static final int INTERVAL = 16;
+
+ private static final String USAGE = (OSUtil.isWindows()
+ ? "Usage: bin\\kinit.cmd" : "Usage: sh bin/kinit.sh")
+ + " <-conf conf_dir> [-V] [-l lifetime] [-s start_time]\n"
+ + "\t\t[-r renewable_life] [-f | -F] [-p | -P] -n [-a | -A] [-C] [-E]\n"
+ + "\t\t[-v] [-R] [-k [-i|-t keytab_file]] [-c cachename]\n"
+ + "\t\t[-S service_name] [-T ticket_armor_cache]\n"
+ + "\t\t[-X <attribute>[=<value>]] <principal>\n\n"
+ + "\tDESCRIPTION:\n"
+ + "\t\tkinit obtains and caches an initial ticket-granting ticket for principal.\n\n"
+ + "\tOPTIONS:\n"
+ + "\t\t-V verbose\n"
+ + "\t\t-l lifetime\n"
+ + "\t\t--s start time\n"
+ + "\t\t-r renewable lifetime\n"
+ + "\t\t-f forwardable\n"
+ + "\t\t-F not forwardable\n"
+ + "\t\t-p proxiable\n"
+ + "\t\t-P not proxiable\n"
+ + "\t\t-n anonymous\n"
+ + "\t\t-a include addresses\n"
+ + "\t\t-A do not include addresses\n"
+ + "\t\t-v validate\n"
+ + "\t\t-R renew\n"
+ + "\t\t-C canonicalize\n"
+ + "\t\t-E client is enterprise principal name\n"
+ + "\t\t-k use keytab\n"
+ + "\t\t-i use default client keytab (with -k)\n"
+ + "\t\t-t filename of keytab to use\n"
+ + "\t\t-c Kerberos 5 cache name\n"
+ + "\t\t-S service\n"
+ + "\t\t-T armor credential cache\n"
+ + "\t\t-X <attribute>[=<value>]\n"
+ + "\n";
+
+
+ private static void printUsage(String error) {
+ System.err.println(error + "\n");
+ System.err.println(USAGE);
+ System.exit(-1);
+ }
+
+ private static void requestTicket(String principal,
+ KOptions ktOptions, int flag) throws KrbException {
+ ktOptions.add(KinitOption.CLIENT_PRINCIPAL, principal);
+
+ File confDir = null;
+ if (ktOptions.contains(KinitOption.CONF_DIR)) {
+ confDir = ktOptions.getDirOption(KinitOption.CONF_DIR);
+ }
+
+ if (ktOptions.contains(KinitOption.ANONYMOUS)) {
+ ktOptions.add(PkinitOption.USE_ANONYMOUS);
+ ktOptions.add(PkinitOption.X509_ANCHORS);
+ } else if (!ktOptions.contains(KinitOption.USE_KEYTAB)) {
+ //If not request tickets by keytab than by password.
+ ktOptions.add(KinitOption.USE_PASSWD);
+ String password = "12";
+ ktOptions.add(KinitOption.USER_PASSWD, password);
+ }
+
+ KrbClient krbClient = null;
+ try {
+ krbClient = getClient(confDir);
+ } catch (KrbException e) {
+ System.err.println("Create krbClient failed: " + e.getMessage());
+ System.exit(1);
+ }
+
+ KOptions results = convertOptions(ktOptions);
+ try {
+ flag *= INTERVAL;
+ while (true) {
+ krbClient.requestTgt(results);
+ reList[flag] += 1;
+ }
+ } catch (KrbException e) {
+ System.err.println("Authentication failed: " + e.getMessage());
+ System.exit(1);
+ }
+ }
+
+ /**
+ * Init the client.
+ */
+ private static KrbClient getClient(File confDir) throws KrbException {
+ KrbClient krbClient;
+
+ if (confDir != null) {
+ krbClient = new KrbClient(confDir);
+ } else {
+ krbClient = new KrbClient();
+ }
+
+ krbClient.init();
+ return krbClient;
+ }
+
+ public static void main(String[] args) throws Exception {
+ KinitOption kto;
+ String principalNumbers = null;
+ String startIndex = null;
+
+ int i = 0;
+ String opt, param, error;
+ while (i < args.length) {
+ error = null;
+
+ opt = args[i++];
+ if (opt.startsWith("-")) {
+ kto = KinitOption.fromName(opt);
+ if (kto == KinitOption.NONE) {
+ error = "Invalid option:" + opt;
+ System.err.println(error);
+ break;
+ }
+ } else {
+ principalNumbers = opt;
+ kto = KinitOption.NONE;
+ // require a parameter
+ startIndex = args[i++];
+ }
+
+ if (kto != KinitOption.NONE && kto.getOptionInfo().getType() != KOptionType.NOV) {
+ // require a parameter
+ param = null;
+ if (i < args.length) {
+ param = args[i++];
+ }
+ if (param != null) {
+ KOptions.parseSetValue(kto.getOptionInfo(), param);
+ } else {
+ error = "Option " + opt + " require a parameter";
+ }
+ }
+
+ if (error != null) {
+ printUsage(error);
+ }
+ if (kto != KinitOption.NONE) {
+ ktOptions.add(kto);
+ }
+ }
+
+ int threadNumbers = Integer.parseInt(principalNumbers);
+ int stIndex = Integer.parseInt(startIndex);
+
+ if (threadNumbers <= 0) {
+ printUsage("principal must be greater than zero");
+ System.exit(-1);
+ }
+
+ for (int j = 0; j < threadNumbers; j++) {
+ int tmpIndex = j + stIndex;
+ String tempName = "E" + tmpIndex + "@EXAMPLE.COM";
+ prList[j] = tempName;
+ }
+
+ for (int j = 0; j < threadNumbers; j++) {
+ Thread th = new Thread(new PreThread());
+ th.start();
+ }
+
+ // statistical
+ int[] tempDelayNumbers = new int[threadNumbers];
+ int[] delayNumbers = new int[threadNumbers];
+ startTime = System.currentTimeMillis();
+ Long timeStamp = System.currentTimeMillis();
+
+ int max = 0;
+ int min = 0;
+
+ System.out.println("Time stamp (sec),Throughput (sec),"
+ + "avgDelay (ms),maxDelay (ms),minDelay (ms)");
+
+ while (true) {
+ Thread.sleep(2000);
+ int temp = 0;
+ Long now = System.currentTimeMillis();
+
+ for (int j = 0; j < threadNumbers; j++) {
+ delayNumbers[j] = reList[j * INTERVAL] - delayNumbers[j];
+ tempDelayNumbers[j] = reList[j * INTERVAL];
+ }
+
+ for (int j = 0; j < threadNumbers; j++) {
+ temp += reList[j * INTERVAL];
+ }
+ float res = (now - startTime) / 1000;
+
+ int totalDelay = 0;
+ for (int j = 0; j < threadNumbers; j++) {
+ if (delayNumbers[j] != 0) {
+ if (delayNumbers[max] < delayNumbers[j]) {
+ max = j;
+ }
+ if (delayNumbers[min] == 0 || delayNumbers[min] > delayNumbers[j]) {
+ min = j;
+ }
+ totalDelay += (now - startTime) / delayNumbers[j];
+ }
+ }
+ if (delayNumbers[min] != 0 && delayNumbers[max] != 0) {
+ System.out.println((now - timeStamp) / 1000 + "," + (temp - tmpTotals) / res
+ + "," + totalDelay / threadNumbers
+ + "," + (now - startTime) / delayNumbers[min] + "," + (now - startTime) / delayNumbers[max]);
+ }
+
+ tmpTotals = temp;
+ startTime = now;
+ }
+
+ }
+
+ public static class PreThread implements Runnable {
+ @Override
+ public void run() {
+ try {
+ request();
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+ }
+
+ public static void request() throws Exception {
+ int tempFlag = 0;
+ lock.lock();
+ try {
+ tempFlag = thFlag;
+ thFlag++;
+ } catch (Exception e) {
+ e.printStackTrace();
+ } finally {
+ lock.unlock();
+ }
+ requestTicket(prList[tempFlag], ktOptions, tempFlag);
+ }
+
+ /**
+ * Convert kinit tool options to KOptions.
+ * @param toolOptions
+ * @return KOptions
+ */
+ static KOptions convertOptions(KOptions toolOptions) {
+ KOptions results = new KOptions();
+
+ for (KOption toolOpt : toolOptions.getOptions()) {
+ KOptionInfo kOptionInfo = toolOpt.getOptionInfo();
+ KOptionGroup group = kOptionInfo.getGroup();
+ KOption kOpt = null;
+
+ if (group == KrbOptionGroup.KRB) {
+ kOpt = KrbOption.fromOptionName(kOptionInfo.getName());
+ } else if (group == KrbOptionGroup.PKINIT) {
+ kOpt = PkinitOption.fromOptionName(kOptionInfo.getName());
+ } else if (group == KrbOptionGroup.TOKEN) {
+ kOpt = TokenOption.fromOptionName(kOptionInfo.getName());
+ } else if (group == KrbOptionGroup.KDC_FLAGS) {
+ kOpt = KrbKdcOption.fromOptionName(kOptionInfo.getName());
+ }
+ if (kOpt != null && kOpt.getOptionInfo() != KrbOption.NONE.getOptionInfo()) {
+ kOpt.getOptionInfo().setValue(toolOpt.getOptionInfo().getValue());
+ results.add(kOpt);
+ }
+ }
+
+ return results;
+ }
+
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/74147325/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/KadminTool.java
----------------------------------------------------------------------
diff --git a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/KadminTool.java b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/KadminTool.java
index 224c9ed..1c97204 100644
--- a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/KadminTool.java
+++ b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/KadminTool.java
@@ -34,6 +34,7 @@ import org.apache.kerby.kerberos.tool.kadmin.command.KeytabRemoveCommand;
import org.apache.kerby.kerberos.tool.kadmin.command.ListPrincipalCommand;
import org.apache.kerby.kerberos.tool.kadmin.command.ModifyPrincipalCommand;
import org.apache.kerby.kerberos.tool.kadmin.command.RenamePrincipalCommand;
+import org.apache.kerby.kerberos.tool.kadmin.command.AddPrincipalsCommand;
import org.apache.kerby.util.OSUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -56,6 +57,8 @@ public class KadminTool {
+ "\n"
+ "add_principal, addprinc, ank\n"
+ " Add principal\n"
+ + "batch_anks, batch\n"
+ + " Add principals\n"
+ "delete_principal, delprinc\n"
+ " Delete principal\n"
+ "modify_principal, modprinc\n"
@@ -121,6 +124,9 @@ public class KadminTool {
|| command.startsWith("addprinc")
|| command.startsWith("ank")) {
executor = new AddPrincipalCommand(kadmin);
+ } else if (command.startsWith("batch_anks")
+ || command.startsWith("batch")) {
+ executor = new AddPrincipalsCommand(kadmin);
} else if (command.startsWith("ktadd")
|| command.startsWith("xst")) {
executor = new KeytabAddCommand(kadmin);
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/74147325/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/AddPrincipalsCommand.java
----------------------------------------------------------------------
diff --git a/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/AddPrincipalsCommand.java b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/AddPrincipalsCommand.java
new file mode 100644
index 0000000..32fe808
--- /dev/null
+++ b/kerby-tool/kdc-tool/src/main/java/org/apache/kerby/kerberos/tool/kadmin/command/AddPrincipalsCommand.java
@@ -0,0 +1,112 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.tool.kadmin.command;
+
+import org.apache.kerby.KOptions;
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.admin.LocalKadmin;
+import org.apache.kerby.kerberos.kerb.admin.KadminOption;
+import org.apache.kerby.kerberos.tool.kadmin.ToolUtil;
+
+public class AddPrincipalsCommand extends KadminCommand {
+ private static final String USAGE = "Usage: add_principals [options]\n"
+ + "\toptions are:\n"
+ + "[-pwexpire pwexpdate] [-maxlife maxtixlife]\n"
+ + "\t\t[-kvno kvno] [-policy policy] [-clearpolicy]\n"
+ + "\t\t[-size principal's numbers,must be greater than zero]\n"
+ + "\t\t[-e keysaltlist]\n"
+ + "\t\t[{+|-}attribute]\n"
+ + "\tattributes are:\n"
+ + "\t\tallow_postdated allow_forwardable allow_tgs_req allow_renewable\n"
+ + "\t\tallow_proxiable allow_dup_skey allow_tix requires_preauth\n"
+ + "\t\trequires_hwauth needchange allow_svr password_changing_service\n"
+ + "\t\tok_as_delegate ok_to_auth_as_delegate no_auth_data_required\n"
+ + "\n"
+ + "\twhere,\n"
+ + "\t[-x db_princ_args]* - any number of database specific arguments.\n"
+ + "\t\t\tLook at each database documentation for supported arguments.\n"
+ + "\tExample:\n"
+ + "\t\tbatch_anks -expire 23/04/15:01:01:01 -kvno 1 -size 6";
+
+
+ private KOptions kOptions;
+
+ public AddPrincipalsCommand(LocalKadmin kadmin) {
+ super(kadmin);
+ }
+
+ @Override
+ public void execute(String input) {
+ String[] commands = input.split("\\s+");
+ if (commands.length < 2) {
+ System.err.println(USAGE);
+ return;
+ }
+ kOptions = ToolUtil.parseOptions(commands, 1, commands.length - 1);
+
+ int size;
+ if (kOptions.contains(KadminOption.SIZE)) {
+ String sizeTemp = kOptions.getStringOption(KadminOption.SIZE);
+
+ String isNum = "^[1-9][0-9]+";
+ if (sizeTemp.matches(isNum)) {
+ size = Integer.parseInt(sizeTemp);
+ } else {
+ System.err.println(USAGE);
+ return;
+ }
+ } else {
+ System.err.println(USAGE);
+ return;
+ }
+
+ if (size <= 0) {
+ System.err.println(USAGE);
+ return;
+ }
+
+ int existNumbers = 0;
+ try {
+ existNumbers = getKadmin().size();
+ } catch (KrbException e) {
+ e.printStackTrace();
+ return;
+ }
+
+ addPrincipalForSize(size, existNumbers);
+ }
+
+ private void addPrincipalForSize(int size, int existNumbers) {
+ int i = 0;
+ while (i < size) {
+ try {
+ int temp = i + existNumbers;
+ String principalName = "E" + temp + "@EXAMPLE.COM";
+ String password = "12";
+ getKadmin().addPrincipal(principalName, password, kOptions);
+ } catch (KrbException e) {
+ e.printStackTrace();
+ }
+ i++;
+ }
+
+ System.out.println("Principals created");
+ }
+}
[19/29] directory-kerby git commit: DIRKRB-575 SaslAppTest failure
due to input having nothing to do with test. Contributed by Gerard Gagliano.
Posted by pl...@apache.org.
DIRKRB-575 SaslAppTest failure due to input having nothing to do with test. Contributed by Gerard Gagliano.
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/ae26c10e
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/ae26c10e
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/ae26c10e
Branch: refs/heads/kadmin-remote
Commit: ae26c10e52a6a92b1233f31308f848dbf53b71da
Parents: 19d72eb
Author: plusplusjiajia <ji...@intel.com>
Authored: Fri May 27 09:39:50 2016 +0800
Committer: plusplusjiajia <ji...@intel.com>
Committed: Fri May 27 09:39:50 2016 +0800
----------------------------------------------------------------------
.../kerby/kerberos/kerb/server/KdcTestBase.java | 17 ++++++++++++++---
1 file changed, 14 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ae26c10e/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcTestBase.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcTestBase.java b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcTestBase.java
index 9e8424f..c4a87be 100644
--- a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcTestBase.java
+++ b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcTestBase.java
@@ -30,21 +30,32 @@ import org.junit.BeforeClass;
import java.io.File;
import java.io.IOException;
+import java.net.InetAddress;
+import java.net.UnknownHostException;
public abstract class KdcTestBase {
private static File testDir;
private final String clientPassword = "123456";
- private final String hostname = "localhost";
+ private String hostname;
private final String clientPrincipalName = "drankye";
private final String clientPrincipal =
clientPrincipalName + "@" + TestKdcServer.KDC_REALM;
private final String serverPrincipalName = "test-service";
- private final String serverPrincipal =
- serverPrincipalName + "/" + hostname + "@" + TestKdcServer.KDC_REALM;
+ private final String serverPrincipal;
private SimpleKdcServer kdcServer;
+ public KdcTestBase() {
+ try {
+ hostname = InetAddress.getByName("127.0.0.1").getHostName();
+ } catch (UnknownHostException e) {
+ hostname = "localhost";
+ }
+ serverPrincipal =
+ serverPrincipalName + "/" + hostname + "@" + TestKdcServer.KDC_REALM;
+ }
+
@BeforeClass
public static void createTestDir() throws IOException {
String basedir = System.getProperty("basedir");
[17/29] directory-kerby git commit: Add the copyright in NOTICE.
Posted by pl...@apache.org.
Add the copyright in NOTICE.
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/6dfaa43a
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/6dfaa43a
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/6dfaa43a
Branch: refs/heads/kadmin-remote
Commit: 6dfaa43a616815a25f7823e8df2985d0f3e19899
Parents: 8a3559b
Author: plusplusjiajia <ji...@intel.com>
Authored: Tue May 24 16:33:08 2016 +0800
Committer: plusplusjiajia <ji...@intel.com>
Committed: Tue May 24 16:33:08 2016 +0800
----------------------------------------------------------------------
NOTICE.txt | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/6dfaa43a/NOTICE.txt
----------------------------------------------------------------------
diff --git a/NOTICE.txt b/NOTICE.txt
index 5d797ab..e3bad4e 100644
--- a/NOTICE.txt
+++ b/NOTICE.txt
@@ -6,5 +6,13 @@ The Apache Software Foundation (http://www.apache.org/).
This product includes/uses SLF4J (http://www.slf4j.org/)
+Copyright (c) 2004-2016 QOS.ch
-This product includes/uses JUnit (http://www.junit.org/
\ No newline at end of file
+This product includes/uses JUnit (http://www.junit.org/)
+Copyright (c) 2002-2016 JUnit.
+
+This product includes/uses Gson (https://github.com/google/gson)
+Copyright (c) 2008 Google Inc.
+
+This product includes/uses Netty (http://netty.io/)
+Copyright (c) 2016 The Netty project
\ No newline at end of file
[16/29] directory-kerby git commit: DIRKRB-412 Update NOTICE file
with required attributions of used dependencies.
Posted by pl...@apache.org.
DIRKRB-412 Update NOTICE file with required attributions of used dependencies.
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/8a3559bc
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/8a3559bc
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/8a3559bc
Branch: refs/heads/kadmin-remote
Commit: 8a3559bc4c8c7b069b0235a5a6c85062ca6f44a8
Parents: 3ed0e7c
Author: plusplusjiajia <ji...@intel.com>
Authored: Tue May 24 16:21:39 2016 +0800
Committer: plusplusjiajia <ji...@intel.com>
Committed: Tue May 24 16:21:39 2016 +0800
----------------------------------------------------------------------
NOTICE.txt | 10 ++++++++++
1 file changed, 10 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/8a3559bc/NOTICE.txt
----------------------------------------------------------------------
diff --git a/NOTICE.txt b/NOTICE.txt
new file mode 100644
index 0000000..5d797ab
--- /dev/null
+++ b/NOTICE.txt
@@ -0,0 +1,10 @@
+Apache Kerby
+Copyright 2015 The Apache Software Foundation
+
+This product includes software developed at
+The Apache Software Foundation (http://www.apache.org/).
+
+
+This product includes/uses SLF4J (http://www.slf4j.org/)
+
+This product includes/uses JUnit (http://www.junit.org/
\ No newline at end of file
[10/29] directory-kerby git commit: Update pom.xml in
kerb-client-api-all and kerb-server-api-all.
Posted by pl...@apache.org.
Update pom.xml in kerb-client-api-all and kerb-server-api-all.
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/6875beb3
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/6875beb3
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/6875beb3
Branch: refs/heads/kadmin-remote
Commit: 6875beb381216b4502d360c9e2a914f216ed9f94
Parents: 80c0427
Author: plusplusjiajia <ji...@intel.com>
Authored: Wed Apr 27 16:22:47 2016 +0800
Committer: plusplusjiajia <ji...@intel.com>
Committed: Wed Apr 27 16:22:47 2016 +0800
----------------------------------------------------------------------
kerby-kerb/kerb-client-api-all/pom.xml | 1 -
kerby-kerb/kerb-server-api-all/pom.xml | 1 -
2 files changed, 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/6875beb3/kerby-kerb/kerb-client-api-all/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client-api-all/pom.xml b/kerby-kerb/kerb-client-api-all/pom.xml
index ce90731..abf4f80 100644
--- a/kerby-kerb/kerb-client-api-all/pom.xml
+++ b/kerby-kerb/kerb-client-api-all/pom.xml
@@ -54,7 +54,6 @@
<excludes>
<exclude>junit:junit</exclude>
<exclude>org.slf4j:slf4j-api</exclude>
- <exclude>org.slf4j:slf4j-log4j12</exclude>
<exclude>org.apache.kerby:kerby-asn1</exclude>
<exclude>org.bouncycastle:bcpkix-jdk15on</exclude>
<exclude>org.bouncycastle:bcprov-jdk15on</exclude>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/6875beb3/kerby-kerb/kerb-server-api-all/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server-api-all/pom.xml b/kerby-kerb/kerb-server-api-all/pom.xml
index b6829d7..f9030a3 100644
--- a/kerby-kerb/kerb-server-api-all/pom.xml
+++ b/kerby-kerb/kerb-server-api-all/pom.xml
@@ -54,7 +54,6 @@
<excludes>
<exclude>junit:junit</exclude>
<exclude>org.slf4j:slf4j-api</exclude>
- <exclude>org.slf4j:slf4j-log4j12</exclude>
<exclude>org.apache.kerby:kerby-asn1</exclude>
</excludes>
</artifactSet>
[13/29] directory-kerby git commit: DIRKRB-567 Support multiple KDCs
for a given realm in client.
Posted by pl...@apache.org.
DIRKRB-567 Support multiple KDCs for a given realm in client.
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/4bd0fb91
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/4bd0fb91
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/4bd0fb91
Branch: refs/heads/kadmin-remote
Commit: 4bd0fb91fbdba4f3230e63309227affd6e6a6498
Parents: 8d1694b
Author: plusplusjiajia <ji...@intel.com>
Authored: Wed May 11 13:24:23 2016 +0800
Committer: plusplusjiajia <ji...@intel.com>
Committed: Wed May 11 13:24:23 2016 +0800
----------------------------------------------------------------------
kerby-dist/tool-dist/conf/krb5.conf | 5 +
.../kerby/kerberos/kerb/client/ClientUtil.java | 108 +++++++++++++++++--
.../kerby/kerberos/kerb/client/KrbConfig.java | 32 ++++++
.../kerby/kerberos/kerb/client/KrbHandler.java | 9 +-
.../client/impl/DefaultInternalKrbClient.java | 51 +++++++--
.../kerb/client/impl/DefaultKrbHandler.java | 4 +-
.../kerberos/kerb/client/KrbConfigLoadTest.java | 4 +-
.../kerby/kerberos/kerb/common/Krb5Conf.java | 14 ++-
.../kerby/kerberos/kerb/common/Krb5Parser.java | 35 ++++--
.../kerby/kerberos/kerb/Krb5ParserTest.java | 10 +-
.../kerby/kerberos/kerb/KrbErrorCode.java | 4 +-
.../kerby/kerberos/kerb/server/KdcHandler.java | 9 +-
.../kerb/server/preauth/token/TokenPreauth.java | 4 +-
.../kerberos/kerb/server/SimpleKdcServer.java | 3 +-
14 files changed, 252 insertions(+), 40 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/4bd0fb91/kerby-dist/tool-dist/conf/krb5.conf
----------------------------------------------------------------------
diff --git a/kerby-dist/tool-dist/conf/krb5.conf b/kerby-dist/tool-dist/conf/krb5.conf
index e857b84..8e024e3 100644
--- a/kerby-dist/tool-dist/conf/krb5.conf
+++ b/kerby-dist/tool-dist/conf/krb5.conf
@@ -22,3 +22,8 @@
kdc_udp_port = 88
kdc_tcp_port = 88
pkinit_anchors = /etc/krb5/cacert.pem
+
+[realms]
+ EXAMPLE.COM = {
+ kdc = localhost:88
+ }
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/4bd0fb91/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/ClientUtil.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/ClientUtil.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/ClientUtil.java
index 49b7666..f3dbc44 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/ClientUtil.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/ClientUtil.java
@@ -21,15 +21,20 @@ package org.apache.kerby.kerberos.kerb.client;
import org.apache.kerby.kerberos.kerb.KrbException;
import org.apache.kerby.kerberos.kerb.transport.TransportPair;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import java.io.File;
import java.io.IOException;
import java.net.InetSocketAddress;
+import java.util.ArrayList;
+import java.util.List;
import java.util.Map;
public final class ClientUtil {
private ClientUtil() { }
+ private static final Logger LOG = LoggerFactory.getLogger(ClientUtil.class);
private static final String KRB5_FILE_NAME = "krb5.conf";
private static final String KRB5_ENV_NAME = "KRB5_CONFIG";
@@ -104,24 +109,115 @@ public final class ClientUtil {
/**
* Get KDC network transport addresses according to krb client setting.
* @param setting The krb setting
+ * @param kdcString The kdc string, may include the port number
* @return UDP and TCP addresses pair
* @throws KrbException e
*/
public static TransportPair getTransportPair(
- KrbSetting setting) throws KrbException {
+ KrbSetting setting, String kdcString) throws KrbException, IOException {
TransportPair result = new TransportPair();
-
int tcpPort = setting.checkGetKdcTcpPort();
+ int udpPort = setting.checkGetKdcUdpPort();
+
+ int port = 0;
+ String kdc;
+ String portStr = null;
+
+ // Explicit IPv6 in []
+ if (kdcString.charAt(0) == '[') {
+ int pos = kdcString.indexOf(']', 1);
+ if (pos == -1) {
+ throw new IOException("Illegal KDC: " + kdcString);
+ }
+ kdc = kdcString.substring(1, pos);
+ // with port number
+ if (pos != kdcString.length() - 1) {
+ if (kdcString.charAt(pos + 1) != ':') {
+ throw new IOException("Illegal KDC: " + kdcString);
+ }
+ portStr = kdcString.substring(pos + 2);
+ }
+ } else {
+ int colon = kdcString.indexOf(':');
+ // Hostname or IPv4 host only
+ if (colon == -1) {
+ kdc = kdcString;
+ } else {
+ int nextColon = kdcString.indexOf(':', colon + 1);
+ // >=2 ":", IPv6 with no port
+ if (nextColon > 0) {
+ kdc = kdcString;
+ } else {
+ // 1 ":", hostname or IPv4 with port
+ kdc = kdcString.substring(0, colon);
+ portStr = kdcString.substring(colon + 1);
+ }
+ }
+ }
+ if (portStr != null) {
+ int tempPort = parsePositiveIntString(portStr);
+ if (tempPort > 0) {
+ port = tempPort;
+ }
+ }
+ if (port != 0) {
+ tcpPort = port;
+ udpPort = port;
+ }
if (tcpPort > 0) {
result.tcpAddress = new InetSocketAddress(
- setting.getKdcHost(), tcpPort);
+ kdc, tcpPort);
}
- int udpPort = setting.checkGetKdcUdpPort();
if (udpPort > 0) {
result.udpAddress = new InetSocketAddress(
- setting.getKdcHost(), udpPort);
+ kdc, udpPort);
}
-
return result;
}
+
+ private static int parsePositiveIntString(String intString) {
+ if (intString == null) {
+ return -1;
+ }
+ int ret = -1;
+ try {
+ ret = Integer.parseInt(intString);
+ } catch (Exception exc) {
+ return -1;
+ }
+ if (ret >= 0) {
+ return ret;
+ }
+ return -1;
+ }
+
+ /**
+ * Returns a list of KDC
+ *
+ * @throws KrbException if there's no way to find KDC for the realm
+ * @return the list of KDC, always non null
+ */
+ public static List<String> getKDCList(KrbSetting krbSetting) throws KrbException {
+
+ List<String> kdcList = new ArrayList<>();
+ kdcList.add(krbSetting.getKdcHost());
+ /*get the kdc realm */
+ String realm = krbSetting.getKdcRealm();
+ if (realm != null) {
+ KrbConfig krbConfig = krbSetting.getKrbConfig();
+ List<Object> kdcs = krbConfig.getRealmSectionItems(realm, "kdc");
+ if (kdcs != null) {
+ for (Object object : kdcs) {
+ kdcList.add(object != null ? object.toString() : null);
+ }
+ }
+
+ if (kdcList == null) {
+ LOG.info("Cannot get kdc for realm " + realm);
+ }
+ } else {
+ throw new KrbException("Can't get the realm");
+ }
+ return kdcList;
+ }
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/4bd0fb91/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfig.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfig.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfig.java
index 37161bf..dbbc64c 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfig.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfig.java
@@ -22,14 +22,17 @@ package org.apache.kerby.kerberos.kerb.client;
import org.apache.kerby.kerberos.kerb.common.Krb5Conf;
import org.apache.kerby.kerberos.kerb.type.base.EncryptionType;
+import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
+import java.util.Map;
/**
* Kerb client side configuration API.
*/
public class KrbConfig extends Krb5Conf {
private static final String LIBDEFAULT = "libdefaults";
+ private static final String REALMS = "realms";
public boolean enableDebug() {
return getBoolean(KrbConfigKey.KRB_DEBUG, true, LIBDEFAULT);
@@ -312,4 +315,33 @@ public class KrbConfig extends Krb5Conf {
return getString(
KrbConfigKey.PKINIT_KDC_HOSTNAME, true, LIBDEFAULT);
}
+
+ public List<Object> getRealmSectionItems(String realm, String key) {
+ Map<String, Object> map = getRealmSection(realm);
+ List<Object> items = null;
+ if (map != null) {
+ items = new ArrayList<>();
+ for (Map.Entry<String, Object> entry : map.entrySet()) {
+ if (entry.getKey().equals(key)) {
+ items.add(entry.getValue());
+ }
+ }
+ }
+ return items;
+ }
+
+ public Map<String, Object> getRealmSection(String realm) {
+ Object realms = getSection(REALMS);
+ if (realms != null) {
+ Map<String, Object> map = (Map) realms;
+ for (Map.Entry<String, Object> entry : map.entrySet()) {
+ if (entry.getKey().equals(realm)) {
+ return (Map) entry.getValue();
+ }
+ }
+ return null;
+ } else {
+ return null;
+ }
+ }
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/4bd0fb91/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbHandler.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbHandler.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbHandler.java
index 1c6743f..1ec4e4d 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbHandler.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbHandler.java
@@ -63,10 +63,13 @@ public abstract class KrbHandler {
* Handle the kdc request.
*
* @param kdcRequest The kdc request
+ * @param tryNextKdc try next kdc or not
* @throws KrbException e
*/
- public void handleRequest(KdcRequest kdcRequest) throws KrbException {
- kdcRequest.process();
+ public void handleRequest(KdcRequest kdcRequest, boolean tryNextKdc) throws KrbException {
+ if (!tryNextKdc) {
+ kdcRequest.process();
+ }
KdcReq kdcReq = kdcRequest.getKdcReq();
int bodyLen = kdcReq.encodingLength();
KrbTransport transport = (KrbTransport) kdcRequest.getSessionData();
@@ -133,7 +136,7 @@ public abstract class KrbHandler {
kdcRequest.setEncryptionTypes(encryptionTypes);
kdcRequest.setPreauthRequired(true);
kdcRequest.resetPrequthContxt();
- handleRequest(kdcRequest);
+ handleRequest(kdcRequest, false);
LOG.info("Retry with the new kdc request including pre-authentication.");
} else {
LOG.info(error.getErrorCode().getMessage());
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/4bd0fb91/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/impl/DefaultInternalKrbClient.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/impl/DefaultInternalKrbClient.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/impl/DefaultInternalKrbClient.java
index df4ed10..06c6a7f 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/impl/DefaultInternalKrbClient.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/impl/DefaultInternalKrbClient.java
@@ -30,13 +30,18 @@ import org.apache.kerby.kerberos.kerb.transport.KrbTransport;
import org.apache.kerby.kerberos.kerb.transport.TransportPair;
import org.apache.kerby.kerberos.kerb.type.ticket.SgtTicket;
import org.apache.kerby.kerberos.kerb.type.ticket.TgtTicket;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import java.io.IOException;
+import java.util.Iterator;
+import java.util.List;
/**
* A default krb client implementation.
*/
public class DefaultInternalKrbClient extends AbstractInternalKrbClient {
+ private static final Logger LOG = LoggerFactory.getLogger(DefaultInternalKrbClient.class);
private DefaultKrbHandler krbHandler;
private KrbTransport transport;
@@ -57,21 +62,49 @@ public class DefaultInternalKrbClient extends AbstractInternalKrbClient {
}
private void doRequest(KdcRequest request) throws KrbException {
- try {
- TransportPair tpair = ClientUtil.getTransportPair(getSetting());
- KrbNetwork network = new KrbNetwork();
- network.setSocketTimeout(getSetting().getTimeout());
+ List<String> kdcList = ClientUtil.getKDCList(getSetting());
- transport = network.connect(tpair);
+ // tempKdc may include the port number
+ Iterator<String> tempKdc = kdcList.iterator();
+ if (!tempKdc.hasNext()) {
+ throw new KrbException("Cannot get kdc for realm " + getSetting().getKdcRealm());
+ }
- request.setSessionData(transport);
- krbHandler.handleRequest(request);
- } catch (IOException e) {
- throw new KrbException("Failed to create transport", e);
+ try {
+ sendIfPossible(request, tempKdc.next(), getSetting(), false);
+ LOG.info("Send to kdc success.");
+ } catch (Exception first) {
+ boolean ok = false;
+ while (tempKdc.hasNext()) {
+ try {
+ sendIfPossible(request, tempKdc.next(), getSetting(), true);
+ ok = true;
+ LOG.info("Send to kdc success.");
+ break;
+ } catch (Exception ignore) {
+ LOG.info("ignore this kdc");
+ }
+ }
+ if (!ok) {
+ throw new KrbException("Failed to create transport", first);
+ }
} finally {
transport.release();
}
+
+ }
+
+ private void sendIfPossible(KdcRequest request, String kdcString, KrbSetting setting,
+ boolean tryNextKdc)
+ throws KrbException, IOException {
+
+ TransportPair tpair = ClientUtil.getTransportPair(setting, kdcString);
+ KrbNetwork network = new KrbNetwork();
+ network.setSocketTimeout(setting.getTimeout());
+ transport = network.connect(tpair);
+ request.setSessionData(transport);
+ krbHandler.handleRequest(request, tryNextKdc);
}
/**
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/4bd0fb91/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/impl/DefaultKrbHandler.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/impl/DefaultKrbHandler.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/impl/DefaultKrbHandler.java
index 246f399..8da5970 100644
--- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/impl/DefaultKrbHandler.java
+++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/impl/DefaultKrbHandler.java
@@ -33,11 +33,11 @@ public class DefaultKrbHandler extends KrbHandler {
* {@inheritDoc}
*/
@Override
- public void handleRequest(KdcRequest kdcRequest) throws KrbException {
+ public void handleRequest(KdcRequest kdcRequest, boolean tryNextKdc) throws KrbException {
KrbTransport transport = (KrbTransport) kdcRequest.getSessionData();
transport.setAttachment(kdcRequest);
- super.handleRequest(kdcRequest);
+ super.handleRequest(kdcRequest, tryNextKdc);
ByteBuffer receivedMessage = null;
try {
receivedMessage = transport.receiveMessage();
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/4bd0fb91/kerby-kerb/kerb-client/src/test/java/org/apache/kerby/kerberos/kerb/client/KrbConfigLoadTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/src/test/java/org/apache/kerby/kerberos/kerb/client/KrbConfigLoadTest.java b/kerby-kerb/kerb-client/src/test/java/org/apache/kerby/kerberos/kerb/client/KrbConfigLoadTest.java
index cfd3929..50ee72b 100644
--- a/kerby-kerb/kerb-client/src/test/java/org/apache/kerby/kerberos/kerb/client/KrbConfigLoadTest.java
+++ b/kerby-kerb/kerb-client/src/test/java/org/apache/kerby/kerberos/kerb/client/KrbConfigLoadTest.java
@@ -25,7 +25,7 @@ import org.junit.Test;
import java.io.File;
import java.net.URL;
-import static org.assertj.core.api.Assertions.*;
+import static org.assertj.core.api.Assertions.assertThat;
/**
* Test for loading configurations form krb5.conf.
@@ -61,5 +61,7 @@ public class KrbConfigLoadTest {
assertThat(krbConfig.getPkinitAnchors()).hasSize(1);
assertThat(krbConfig.getPkinitIdentities()).hasSize(2);
assertThat(krbConfig.getPkinitKdcHostName()).isEqualTo("kdc-server.example.com");
+ assertThat(krbConfig.getRealmSection("ATHENA.MIT.EDU")).hasSize(3);
+ assertThat(krbConfig.getRealmSectionItems("ATHENA.MIT.EDU", "admin_server")).hasSize(1);
}
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/4bd0fb91/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/Krb5Conf.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/Krb5Conf.java b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/Krb5Conf.java
index 1834ae5..1dba876 100644
--- a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/Krb5Conf.java
+++ b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/Krb5Conf.java
@@ -41,11 +41,12 @@ public class Krb5Conf extends Conf {
* of config value(string list).
*/
private static final String LIST_SPLITTER = " |,";
+ private Map<String, Object> krb5Map;
public void addKrb5Config(File krb5File) throws IOException {
Krb5Parser krb5Parser = new Krb5Parser(krb5File);
krb5Parser.load();
- Map<String, Object> krb5Map = krb5Parser.getItems();
+ krb5Map = krb5Parser.getItems();
addResource(Resource.createMapResource(krb5Map));
}
@@ -162,4 +163,15 @@ public class Krb5Conf extends Conf {
String[] values = value.split(LIST_SPLITTER);
return values;
}
+
+ protected Object getSection(String sectionName) {
+ if (krb5Map != null) {
+ for (Map.Entry<String, Object> entry : krb5Map.entrySet()) {
+ if (entry.getKey().equals(sectionName)) {
+ return entry.getValue();
+ }
+ }
+ }
+ return null;
+ }
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/4bd0fb91/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/Krb5Parser.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/Krb5Parser.java b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/Krb5Parser.java
index 1494377..9f4196c 100644
--- a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/Krb5Parser.java
+++ b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/Krb5Parser.java
@@ -26,7 +26,7 @@ import java.io.IOException;
import java.io.InputStreamReader;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
-import java.util.HashMap;
+import java.util.IdentityHashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
@@ -57,7 +57,7 @@ public class Krb5Parser {
public void load() throws IOException {
BufferedReader br = new BufferedReader(new InputStreamReader(new FileInputStream(krb5conf),
StandardCharsets.UTF_8));
- items = new HashMap<String, Object>();
+ items = new IdentityHashMap<>();
String originLine = br.readLine();
while (originLine != null) {
@@ -97,11 +97,32 @@ public class Krb5Parser {
/**
* Get the contents of a section given the section name.
* @param sectionName the name of a section
+ * @param keys the keys list
* @return a Map of section contents
*/
- public Map<String, Object> getSection(String sectionName) {
- Map<String, Object> sections = (HashMap) items.get(sectionName);
- return sections;
+ public Object getSection(String sectionName, String ... keys) {
+ Object value = null;
+ for (Map.Entry<String, Object> item : items.entrySet()) {
+ if (item.getKey().equals(sectionName)) {
+ value = item.getValue();
+ Map<String, Object> map = (Map) item.getValue();
+ for (Map.Entry<String, Object> entry : map.entrySet()) {
+ if (entry.getKey().equals(keys[0])) {
+ value = entry.getValue();
+ }
+ }
+ }
+ }
+
+ for (int i = 1; i < keys.length; i++) {
+ Map<String, Object> map = (Map) value;
+ for (Map.Entry<String, Object> entry : map.entrySet()) {
+ if (entry.getKey().equals(keys[i])) {
+ value = entry.getValue();
+ }
+ }
+ }
+ return value;
}
/**
@@ -118,7 +139,7 @@ public class Krb5Parser {
private void insertSections(String line, BufferedReader br, Map<String, Object> items) throws IOException {
while (line.startsWith("[")) {
String sectionName = line.substring(1, line.length() - 1);
- Map<String, Object> entries = new HashMap<String, Object>();
+ Map<String, Object> entries = new IdentityHashMap<>();
line = br.readLine();
if (line == null) {
break;
@@ -174,7 +195,7 @@ public class Krb5Parser {
kv[1] = kv[1].trim();
if (kv[1].startsWith("{")) {
- Map<String, Object> meValue = new HashMap<String, Object>();
+ Map<String, Object> meValue = new IdentityHashMap<>();
line = br.readLine();
if (line != null) {
line = line.trim();
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/4bd0fb91/kerby-kerb/kerb-common/src/test/java/org/apache/kerby/kerberos/kerb/Krb5ParserTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-common/src/test/java/org/apache/kerby/kerberos/kerb/Krb5ParserTest.java b/kerby-kerb/kerb-common/src/test/java/org/apache/kerby/kerberos/kerb/Krb5ParserTest.java
index b11ad16..fb09722 100644
--- a/kerby-kerb/kerb-common/src/test/java/org/apache/kerby/kerberos/kerb/Krb5ParserTest.java
+++ b/kerby-kerb/kerb-common/src/test/java/org/apache/kerby/kerberos/kerb/Krb5ParserTest.java
@@ -45,11 +45,9 @@ public class Krb5ParserTest {
assertThat(k.getSections().size()).isEqualTo(4);
assertThat(k.getSections().contains("libdefaults")).isTrue();
- assertThat(k.getSection("libdefaults").get("dns_lookup_kdc")).isEqualTo("false");
- assertThat(k.getSection("realms").get("ATHENA.MIT.EDU") instanceof Map).isTrue();
- Map<String, Object> m1 = (Map) k.getSection("realms").get("ATHENA.MIT.EDU");
- assertThat(m1.get("v4_instance_convert") instanceof Map).isTrue();
- Map<String, Object> m2 = (Map) m1.get("v4_instance_convert");
- assertThat(m2.get("mit")).isEqualTo("mit.edu");
+ assertThat(k.getSection("libdefaults", "dns_lookup_kdc")).isEqualTo("false");
+ assertThat(k.getSection("realms", "ATHENA.MIT.EDU") instanceof Map).isTrue();
+ assertThat(k.getSection("realms", "ATHENA.MIT.EDU", "v4_instance_convert") instanceof Map).isTrue();
+ assertThat(k.getSection("realms", "ATHENA.MIT.EDU", "v4_instance_convert", "mit").equals("mit.edu"));
}
}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/4bd0fb91/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/KrbErrorCode.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/KrbErrorCode.java b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/KrbErrorCode.java
index cd4ad1e..b7f3df3 100644
--- a/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/KrbErrorCode.java
+++ b/kerby-kerb/kerb-core/src/main/java/org/apache/kerby/kerberos/kerb/KrbErrorCode.java
@@ -95,8 +95,10 @@ public enum KrbErrorCode implements EnumType {
KDC_ERR_PA_CHECKSUM_MUST_BE_INCLUDED(79, "PA checksum must be included"),
KDC_ERR_DIGEST_IN_SIGNED_DATA_NOT_ACCEPTED(80, "Digest in signed data not accepted"),
KDC_ERR_PUBLIC_KEY_ENCRYPTION_NOT_SUPPORTED(81, "Public key encryption not supported"),
+ TOKEN_PREAUTH_NOT_ALLOWED(82, "Token preauth is not allowed"),
- KRB_TIMEOUT(5000, "Network timeout");
+ KRB_TIMEOUT(5000, "Network timeout"),
+ UNKNOWN_ERR(5001, "Unknow error");
private final int value;
private final String message;
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/4bd0fb91/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcHandler.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcHandler.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcHandler.java
index aa896c2..8a1a21a 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcHandler.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcHandler.java
@@ -87,7 +87,8 @@ public class KdcHandler {
String realm = getRequestRealm(kdcReq);
if (realm == null || !kdcContext.getKdcRealm().equals(realm)) {
LOG.error("Invalid realm from kdc request: " + realm);
- throw new KrbException("Invalid realm from kdc request: " + realm);
+ throw new KrbException(KrbErrorCode.WRONG_REALM,
+ "Invalid realm from kdc request: " + realm);
}
if (messageType == KrbMessageType.TGS_REQ) {
@@ -122,7 +123,11 @@ public class KdcHandler {
KrbError krbError = new KrbError();
krbError.setStime(KerberosTime.now());
krbError.setSusec(100);
- krbError.setErrorCode(e.getKrbErrorCode());
+ if (e.getKrbErrorCode() != null) {
+ krbError.setErrorCode(e.getKrbErrorCode());
+ } else {
+ krbError.setErrorCode(KrbErrorCode.UNKNOWN_ERR);
+ }
krbError.setCrealm(kdcContext.getKdcRealm());
if (kdcRequest.getClientPrincipal() != null) {
krbError.setCname(kdcRequest.getClientPrincipal());
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/4bd0fb91/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java
index 11e9b6f..f4580fc 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/token/TokenPreauth.java
@@ -20,6 +20,7 @@
package org.apache.kerby.kerberos.kerb.server.preauth.token;
import org.apache.kerby.kerberos.kerb.KrbCodec;
+import org.apache.kerby.kerberos.kerb.KrbErrorCode;
import org.apache.kerby.kerberos.kerb.KrbException;
import org.apache.kerby.kerberos.kerb.KrbRuntime;
import org.apache.kerby.kerberos.kerb.common.EncryptionUtil;
@@ -62,7 +63,8 @@ public class TokenPreauth extends AbstractPreauthPlugin {
PaDataEntry paData) throws KrbException {
if (!kdcRequest.getKdcContext().getConfig().isAllowTokenPreauth()) {
- throw new KrbException("Token preauth is not allowed.");
+ throw new KrbException(KrbErrorCode.TOKEN_PREAUTH_NOT_ALLOWED,
+ "Token preauth is not allowed.");
}
if (paData.getPaDataType() == PaDataType.TOKEN_REQUEST) {
EncryptedData encData = KrbCodec.decode(paData.getPaDataValue(), EncryptedData.class);
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/4bd0fb91/kerby-kerb/kerb-simplekdc/src/main/java/org/apache/kerby/kerberos/kerb/server/SimpleKdcServer.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-simplekdc/src/main/java/org/apache/kerby/kerberos/kerb/server/SimpleKdcServer.java b/kerby-kerb/kerb-simplekdc/src/main/java/org/apache/kerby/kerberos/kerb/server/SimpleKdcServer.java
index 6f4fd63..74e4ec9 100644
--- a/kerby-kerb/kerb-simplekdc/src/main/java/org/apache/kerby/kerberos/kerb/server/SimpleKdcServer.java
+++ b/kerby-kerb/kerb-simplekdc/src/main/java/org/apache/kerby/kerberos/kerb/server/SimpleKdcServer.java
@@ -24,6 +24,7 @@ import org.apache.kerby.kerberos.kerb.admin.LocalKadmin;
import org.apache.kerby.kerberos.kerb.admin.LocalKadminImpl;
import org.apache.kerby.kerberos.kerb.client.Krb5Conf;
import org.apache.kerby.kerberos.kerb.client.KrbClient;
+import org.apache.kerby.kerberos.kerb.client.KrbConfig;
import org.apache.kerby.kerberos.kerb.client.KrbPkinitClient;
import org.apache.kerby.kerberos.kerb.client.KrbTokenClient;
import org.apache.kerby.util.NetworkUtil;
@@ -51,7 +52,7 @@ public class SimpleKdcServer extends KdcServer {
*/
public SimpleKdcServer() throws KrbException {
super();
- this.krbClnt = new KrbClient();
+ this.krbClnt = new KrbClient(new KrbConfig());
setKdcRealm("EXAMPLE.COM");
setKdcHost("localhost");