You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by pl...@apache.org on 2018/02/13 02:05:43 UTC
[1/3] directory-kerby git commit: DIRKRB-696 Add REST API and client
for remote initialization.
Repository: directory-kerby
Updated Branches:
refs/heads/trunk 26748ae43 -> f81bbf549
DIRKRB-696 Add REST API and client for remote initialization.
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/ad48f758
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/ad48f758
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/ad48f758
Branch: refs/heads/trunk
Commit: ad48f758f6a9be8d869624dbefa9347b8b97b643
Parents: 973f7ad
Author: plusplusjiajia <ji...@intel.com>
Authored: Tue Feb 13 10:00:36 2018 +0800
Committer: plusplusjiajia <ji...@intel.com>
Committed: Tue Feb 13 10:00:36 2018 +0800
----------------------------------------------------------------------
.../apache/kerby/has/client/HasInitClient.java | 123 +++++++++++++++
.../org/apache/kerby/has/server/HasServer.java | 17 +++
.../apache/kerby/has/server/web/WebServer.java | 13 ++
.../kerby/has/server/web/rest/AsRequestApi.java | 151 +++++++++++++++++++
.../kerby/has/server/web/rest/HadminApi.java | 2 +-
.../kerby/has/server/web/rest/HasApi.java | 151 -------------------
.../kerby/has/server/web/rest/InitApi.java | 96 ++++++++++++
.../kerby/has/server/web/rest/KadminApi.java | 1 +
8 files changed, 402 insertions(+), 152 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ad48f758/has-project/has-client/src/main/java/org/apache/kerby/has/client/HasInitClient.java
----------------------------------------------------------------------
diff --git a/has-project/has-client/src/main/java/org/apache/kerby/has/client/HasInitClient.java b/has-project/has-client/src/main/java/org/apache/kerby/has/client/HasInitClient.java
new file mode 100644
index 0000000..5d28867
--- /dev/null
+++ b/has-project/has-client/src/main/java/org/apache/kerby/has/client/HasInitClient.java
@@ -0,0 +1,123 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * <p>
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * <p>
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.kerby.has.client;
+
+import com.sun.jersey.api.client.Client;
+import com.sun.jersey.api.client.ClientResponse;
+import com.sun.jersey.api.client.WebResource;
+import com.sun.jersey.api.client.config.ClientConfig;
+import com.sun.jersey.api.client.config.DefaultClientConfig;
+import com.sun.jersey.client.urlconnection.HTTPSProperties;
+import com.sun.jersey.core.util.MultivaluedMapImpl;
+import org.apache.kerby.has.common.HasConfig;
+import org.codehaus.jettison.json.JSONException;
+import org.codehaus.jettison.json.JSONObject;
+import org.glassfish.jersey.SslConfigurator;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSession;
+import javax.ws.rs.core.MultivaluedMap;
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.HttpURLConnection;
+import java.net.URL;
+
+/**
+ * HAS client API for applications to interact with HAS server
+ */
+public class HasInitClient {
+
+ public static final Logger LOG = LoggerFactory.getLogger(HasInitClient.class);
+
+ private HasConfig hasConfig;
+ private File confDir;
+
+ public HasInitClient(HasConfig hasConfig, File confDir) {
+ this.hasConfig = hasConfig;
+ this.confDir = confDir;
+ }
+
+ public File getConfDir() {
+ return confDir;
+ }
+
+ private WebResource getWebResource(String restName) {
+ Client client;
+ String server = null;
+ if (hasConfig.getHttpsPort() != null && hasConfig.getHttpsHost() != null) {
+ server = "https://" + hasConfig.getHttpsHost() + ":" + hasConfig.getHttpsPort()
+ + "/has/v1/" + restName;
+ LOG.info("Admin request url: " + server);
+ HasConfig conf = new HasConfig();
+ try {
+ conf.addIniConfig(new File(hasConfig.getSslClientConf()));
+ } catch (IOException e) {
+ throw new RuntimeException("Errors occurred when adding ssl conf. "
+ + e.getMessage());
+ }
+ SslConfigurator sslConfigurator = SslConfigurator.newInstance()
+ .trustStoreFile(conf.getString("ssl.client.truststore.location"))
+ .trustStorePassword(conf.getString("ssl.client.truststore.password"));
+ sslConfigurator.securityProtocol("SSL");
+ SSLContext sslContext = sslConfigurator.createSSLContext();
+ ClientConfig clientConfig = new DefaultClientConfig();
+ clientConfig.getProperties().put(HTTPSProperties.PROPERTY_HTTPS_PROPERTIES,
+ new HTTPSProperties(new HostnameVerifier() {
+ @Override
+ public boolean verify(String s, SSLSession sslSession) {
+ return false;
+ }
+ }, sslContext));
+ client = Client.create(clientConfig);
+ } else {
+ client = Client.create();
+ }
+ if (server == null) {
+ throw new RuntimeException("Please set the https address and port.");
+ }
+ return client.resource(server);
+ }
+
+ public void startKdc() {
+ WebResource webResource = getWebResource("init/kdcstart");
+ ClientResponse response = webResource.get(ClientResponse.class);
+ try {
+ JSONObject result = new JSONObject(response.getEntity(String.class));
+ if (result.getString("result").equals("success")) {
+ System.out.println(result.getString("msg"));
+ } else {
+ System.err.println(result.getString("msg"));
+ }
+ } catch (JSONException e) {
+ System.err.println(e.getMessage());
+ }
+ }
+
+ public InputStream initKdc() {
+ WebResource webResource = getWebResource("init/kdcinit");
+ ClientResponse response = webResource.get(ClientResponse.class);
+ if (response.getStatus() == 200) {
+ return response.getEntityInputStream();
+ }
+ return null;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ad48f758/has-project/has-server/src/main/java/org/apache/kerby/has/server/HasServer.java
----------------------------------------------------------------------
diff --git a/has-project/has-server/src/main/java/org/apache/kerby/has/server/HasServer.java b/has-project/has-server/src/main/java/org/apache/kerby/has/server/HasServer.java
index e14e619..8608bf0 100644
--- a/has-project/has-server/src/main/java/org/apache/kerby/has/server/HasServer.java
+++ b/has-project/has-server/src/main/java/org/apache/kerby/has/server/HasServer.java
@@ -141,6 +141,23 @@ public class HasServer {
setHttpFilter();
}
+ public File initKdcServer() throws KrbException {
+ File adminKeytabFile = new File(workDir, "admin.keytab");
+ LocalKadmin kadmin = new LocalKadminImpl(kdcServer.getKdcSetting(),
+ kdcServer.getIdentityService());
+ if (adminKeytabFile.exists()) {
+ throw new KrbException("KDC Server is already inited.");
+ }
+ kadmin.createBuiltinPrincipals();
+ kadmin.exportKeytab(adminKeytabFile, kadmin.getKadminPrincipal());
+ System.out.println("The keytab for kadmin principal "
+ + " has been exported to the specified file "
+ + adminKeytabFile.getAbsolutePath() + ", please safely keep it, "
+ + "in order to use kadmin tool later");
+
+ return adminKeytabFile;
+ }
+
private void setHttpFilter() throws HasException {
File httpKeytabFile = new File(workDir, "http.keytab");
LocalKadmin kadmin = new LocalKadminImpl(kdcServer.getKdcSetting(),
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ad48f758/has-project/has-server/src/main/java/org/apache/kerby/has/server/web/WebServer.java
----------------------------------------------------------------------
diff --git a/has-project/has-server/src/main/java/org/apache/kerby/has/server/web/WebServer.java b/has-project/has-server/src/main/java/org/apache/kerby/has/server/web/WebServer.java
index 15e817c..abf3a9a 100644
--- a/has-project/has-server/src/main/java/org/apache/kerby/has/server/web/WebServer.java
+++ b/has-project/has-server/src/main/java/org/apache/kerby/has/server/web/WebServer.java
@@ -28,6 +28,7 @@ import org.apache.hadoop.security.authentication.server.KerberosAuthenticationHa
import org.apache.kerby.has.common.HasConfig;
import org.apache.kerby.has.common.HasException;
import org.apache.kerby.has.server.HasServer;
+import org.apache.kerby.has.server.web.rest.AsRequestApi;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -58,6 +59,16 @@ public class WebServer {
return conf;
}
+ private void init() {
+
+ final String pathSpec = "/has/v1/*";
+
+ // add has packages
+ httpServer.addJerseyResourcePackage(AsRequestApi.class
+ .getPackage().getName(),
+ pathSpec);
+ }
+
public void defineFilter() {
String authType = conf.getString(WebConfigKey.HAS_AUTHENTICATION_FILTER_AUTH_TYPE);
if (authType.equals("kerberos")) {
@@ -170,6 +181,8 @@ public class WebServer {
throw new HasException("Errors occurred when building http server. " + e.getMessage());
}
+ init();
+
try {
httpServer.start();
} catch (IOException e) {
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ad48f758/has-project/has-server/src/main/java/org/apache/kerby/has/server/web/rest/AsRequestApi.java
----------------------------------------------------------------------
diff --git a/has-project/has-server/src/main/java/org/apache/kerby/has/server/web/rest/AsRequestApi.java b/has-project/has-server/src/main/java/org/apache/kerby/has/server/web/rest/AsRequestApi.java
new file mode 100644
index 0000000..6415161
--- /dev/null
+++ b/has-project/has-server/src/main/java/org/apache/kerby/has/server/web/rest/AsRequestApi.java
@@ -0,0 +1,151 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * <p>
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * <p>
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.kerby.has.server.web.rest;
+
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import org.apache.commons.codec.binary.Base64;
+import org.apache.hadoop.http.JettyUtils;
+import org.apache.kerby.has.common.HasException;
+import org.apache.kerby.has.server.HasAuthenException;
+import org.apache.kerby.has.server.HasServer;
+import org.apache.kerby.has.server.HasServerPlugin;
+import org.apache.kerby.has.server.HasServerPluginRegistry;
+import org.apache.kerby.has.server.kdc.HasKdcHandler;
+import org.apache.kerby.has.server.web.WebServer;
+import org.apache.kerby.has.server.web.rest.param.AuthTokenParam;
+import org.apache.kerby.has.server.web.rest.param.TypeParam;
+import org.apache.kerby.kerberos.kerb.KrbRuntime;
+import org.apache.kerby.kerberos.kerb.provider.TokenDecoder;
+import org.apache.kerby.kerberos.kerb.type.base.AuthToken;
+import org.apache.kerby.kerberos.kerb.type.base.KrbMessage;
+
+import javax.servlet.ServletContext;
+import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.DefaultValue;
+import javax.ws.rs.PUT;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import javax.ws.rs.QueryParam;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
+import java.io.IOException;
+import java.util.Map;
+import java.util.TreeMap;
+
+/**
+ * HAS web methods implementation.
+ */
+@Path("")
+public class AsRequestApi {
+
+ @Context
+ private ServletContext context;
+
+ @Context
+ private HttpServletRequest httpRequest;
+
+
+ /**
+ * Handle HTTP PUT request.
+ */
+ @PUT
+ @Produces({MediaType.APPLICATION_OCTET_STREAM + "; " + JettyUtils.UTF_8,
+ MediaType.APPLICATION_JSON + "; " + JettyUtils.UTF_8})
+ public Response asRequest(
+ @QueryParam(TypeParam.NAME) @DefaultValue(TypeParam.DEFAULT)
+ final TypeParam type,
+ @QueryParam(AuthTokenParam.NAME) @DefaultValue(AuthTokenParam.DEFAULT)
+ final AuthTokenParam authToken
+ ) {
+ return asRequest(type.getValue(), authToken.getValue());
+ }
+
+ private Response asRequest(String type, String tokenStr) {
+ if (httpRequest.isSecure()) {
+ final HasServer hasServer = WebServer.getHasServerFromContext(context);
+ String errMessage = null;
+ String js = null;
+ ObjectMapper mapper = new ObjectMapper();
+ final Map<String, Object> m = new TreeMap<String, Object>();
+
+ if (hasServer.getKdcServer() == null) {
+ errMessage = "Please start the has KDC server.";
+ } else if (!tokenStr.isEmpty() && tokenStr != null) {
+ HasKdcHandler kdcHandler = new HasKdcHandler(hasServer);
+
+ TokenDecoder tokenDecoder = KrbRuntime.getTokenProvider("JWT").createTokenDecoder();
+
+ AuthToken authToken = null;
+ try {
+ authToken = tokenDecoder.decodeFromString(tokenStr);
+ } catch (IOException e) {
+ errMessage = "Failed to decode the token string." + e.getMessage();
+ WebServer.LOG.error(errMessage);
+ }
+ HasServerPlugin tokenPlugin = null;
+ try {
+ tokenPlugin = HasServerPluginRegistry.createPlugin(type);
+ } catch (HasException e) {
+ errMessage = "Fail to get the plugin: " + type + ". " + e.getMessage();
+ WebServer.LOG.error(errMessage);
+ }
+ AuthToken verifiedAuthToken;
+ try {
+ verifiedAuthToken = tokenPlugin.authenticate(authToken);
+ } catch (HasAuthenException e) {
+ errMessage = "Failed to verify auth token: " + e.getMessage();
+ WebServer.LOG.error(errMessage);
+ verifiedAuthToken = null;
+ }
+
+ if (verifiedAuthToken != null) {
+ KrbMessage asRep = kdcHandler.getResponse(verifiedAuthToken,
+ (String) verifiedAuthToken.getAttributes().get("passPhrase"));
+
+ Base64 base64 = new Base64(0);
+ try {
+ m.put("type", tokenPlugin.getLoginType());
+ m.put("success", "true");
+ m.put("krbMessage", base64.encodeToString(asRep.encode()));
+ } catch (IOException e) {
+ errMessage = "Failed to encode KrbMessage." + e.getMessage();
+ WebServer.LOG.error(errMessage);
+ }
+
+ }
+ } else {
+ errMessage = "The token string should not be empty.";
+ WebServer.LOG.error(errMessage);
+ }
+
+ if (errMessage != null) {
+ m.put("success", "false");
+ m.put("krbMessage", errMessage);
+ }
+ try {
+ js = mapper.writeValueAsString(m);
+ } catch (JsonProcessingException e) {
+ WebServer.LOG.error("Failed write values to string." + e.getMessage());
+ }
+ return Response.ok(js).type(MediaType.APPLICATION_JSON).build();
+ }
+ return Response.status(Response.Status.FORBIDDEN).entity("HTTPS required.\n").build();
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ad48f758/has-project/has-server/src/main/java/org/apache/kerby/has/server/web/rest/HadminApi.java
----------------------------------------------------------------------
diff --git a/has-project/has-server/src/main/java/org/apache/kerby/has/server/web/rest/HadminApi.java b/has-project/has-server/src/main/java/org/apache/kerby/has/server/web/rest/HadminApi.java
index a7febc1..f81a266 100644
--- a/has-project/has-server/src/main/java/org/apache/kerby/has/server/web/rest/HadminApi.java
+++ b/has-project/has-server/src/main/java/org/apache/kerby/has/server/web/rest/HadminApi.java
@@ -54,7 +54,7 @@ import java.util.zip.ZipOutputStream;
/**
* HAS Admin web methods implementation.
*/
-@Path("/admin")
+@Path("/hadmin")
public class HadminApi {
@Context
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ad48f758/has-project/has-server/src/main/java/org/apache/kerby/has/server/web/rest/HasApi.java
----------------------------------------------------------------------
diff --git a/has-project/has-server/src/main/java/org/apache/kerby/has/server/web/rest/HasApi.java b/has-project/has-server/src/main/java/org/apache/kerby/has/server/web/rest/HasApi.java
deleted file mode 100644
index eaa3587..0000000
--- a/has-project/has-server/src/main/java/org/apache/kerby/has/server/web/rest/HasApi.java
+++ /dev/null
@@ -1,151 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- * <p>
- * http://www.apache.org/licenses/LICENSE-2.0
- * <p>
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.kerby.has.server.web.rest;
-
-import com.fasterxml.jackson.core.JsonProcessingException;
-import com.fasterxml.jackson.databind.ObjectMapper;
-import org.apache.commons.codec.binary.Base64;
-import org.apache.hadoop.http.JettyUtils;
-import org.apache.kerby.has.common.HasException;
-import org.apache.kerby.has.server.HasAuthenException;
-import org.apache.kerby.has.server.HasServer;
-import org.apache.kerby.has.server.HasServerPlugin;
-import org.apache.kerby.has.server.HasServerPluginRegistry;
-import org.apache.kerby.has.server.kdc.HasKdcHandler;
-import org.apache.kerby.has.server.web.WebServer;
-import org.apache.kerby.has.server.web.rest.param.AuthTokenParam;
-import org.apache.kerby.has.server.web.rest.param.TypeParam;
-import org.apache.kerby.kerberos.kerb.KrbRuntime;
-import org.apache.kerby.kerberos.kerb.provider.TokenDecoder;
-import org.apache.kerby.kerberos.kerb.type.base.AuthToken;
-import org.apache.kerby.kerberos.kerb.type.base.KrbMessage;
-
-import javax.servlet.ServletContext;
-import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.DefaultValue;
-import javax.ws.rs.PUT;
-import javax.ws.rs.Path;
-import javax.ws.rs.Produces;
-import javax.ws.rs.QueryParam;
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.Response;
-import java.io.IOException;
-import java.util.Map;
-import java.util.TreeMap;
-
-/**
- * HAS web methods implementation.
- */
-@Path("")
-public class HasApi {
-
- @Context
- private ServletContext context;
-
- @Context
- private HttpServletRequest httpRequest;
-
-
- /**
- * Handle HTTP PUT request.
- */
- @PUT
- @Produces({MediaType.APPLICATION_OCTET_STREAM + "; " + JettyUtils.UTF_8,
- MediaType.APPLICATION_JSON + "; " + JettyUtils.UTF_8})
- public Response asRequest(
- @QueryParam(TypeParam.NAME) @DefaultValue(TypeParam.DEFAULT)
- final TypeParam type,
- @QueryParam(AuthTokenParam.NAME) @DefaultValue(AuthTokenParam.DEFAULT)
- final AuthTokenParam authToken
- ) {
- return asRequest(type.getValue(), authToken.getValue());
- }
-
- private Response asRequest(String type, String tokenStr) {
- if (httpRequest.isSecure()) {
- final HasServer hasServer = WebServer.getHasServerFromContext(context);
- String errMessage = null;
- String js = null;
- ObjectMapper mapper = new ObjectMapper();
- final Map<String, Object> m = new TreeMap<String, Object>();
-
- if (hasServer.getKdcServer() == null) {
- errMessage = "Please start the has KDC server.";
- } else if (!tokenStr.isEmpty() && tokenStr != null) {
- HasKdcHandler kdcHandler = new HasKdcHandler(hasServer);
-
- TokenDecoder tokenDecoder = KrbRuntime.getTokenProvider("JWT").createTokenDecoder();
-
- AuthToken authToken = null;
- try {
- authToken = tokenDecoder.decodeFromString(tokenStr);
- } catch (IOException e) {
- errMessage = "Failed to decode the token string." + e.getMessage();
- WebServer.LOG.error(errMessage);
- }
- HasServerPlugin tokenPlugin = null;
- try {
- tokenPlugin = HasServerPluginRegistry.createPlugin(type);
- } catch (HasException e) {
- errMessage = "Fail to get the plugin: " + type + ". " + e.getMessage();
- WebServer.LOG.error(errMessage);
- }
- AuthToken verifiedAuthToken;
- try {
- verifiedAuthToken = tokenPlugin.authenticate(authToken);
- } catch (HasAuthenException e) {
- errMessage = "Failed to verify auth token: " + e.getMessage();
- WebServer.LOG.error(errMessage);
- verifiedAuthToken = null;
- }
-
- if (verifiedAuthToken != null) {
- KrbMessage asRep = kdcHandler.getResponse(verifiedAuthToken,
- (String) verifiedAuthToken.getAttributes().get("passPhrase"));
-
- Base64 base64 = new Base64(0);
- try {
- m.put("type", tokenPlugin.getLoginType());
- m.put("success", "true");
- m.put("krbMessage", base64.encodeToString(asRep.encode()));
- } catch (IOException e) {
- errMessage = "Failed to encode KrbMessage." + e.getMessage();
- WebServer.LOG.error(errMessage);
- }
-
- }
- } else {
- errMessage = "The token string should not be empty.";
- WebServer.LOG.error(errMessage);
- }
-
- if (errMessage != null) {
- m.put("success", "false");
- m.put("krbMessage", errMessage);
- }
- try {
- js = mapper.writeValueAsString(m);
- } catch (JsonProcessingException e) {
- WebServer.LOG.error("Failed write values to string." + e.getMessage());
- }
- return Response.ok(js).type(MediaType.APPLICATION_JSON).build();
- }
- return Response.status(403).entity("HTTPS required.\n").build();
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ad48f758/has-project/has-server/src/main/java/org/apache/kerby/has/server/web/rest/InitApi.java
----------------------------------------------------------------------
diff --git a/has-project/has-server/src/main/java/org/apache/kerby/has/server/web/rest/InitApi.java b/has-project/has-server/src/main/java/org/apache/kerby/has/server/web/rest/InitApi.java
new file mode 100644
index 0000000..6e1cc6e
--- /dev/null
+++ b/has-project/has-server/src/main/java/org/apache/kerby/has/server/web/rest/InitApi.java
@@ -0,0 +1,96 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * <p>
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * <p>
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.kerby.has.server.web.rest;
+
+import org.apache.kerby.has.common.HasException;
+import org.apache.kerby.has.server.HasServer;
+import org.apache.kerby.has.server.web.WebServer;
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.codehaus.jettison.json.JSONObject;
+
+import javax.servlet.ServletContext;
+import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.GET;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
+import java.io.File;
+
+/**
+ * HAS initialize methods implementation.
+ */
+@Path("/init")
+public class InitApi {
+
+ @Context
+ private ServletContext context;
+
+ @Context
+ private HttpServletRequest httpRequest;
+
+ @GET
+ @Path("/kdcinit")
+ @Produces(MediaType.TEXT_PLAIN)
+ public Response kdcInit() {
+ if (httpRequest.isSecure()) {
+ final HasServer hasServer = WebServer.getHasServerFromContext(context);
+ String msg;
+ try {
+ File adminKeytab = hasServer.initKdcServer();
+ return Response.ok(adminKeytab).header("Content-Disposition",
+ "attachment; filename=" + adminKeytab.getName()).build();
+ } catch (KrbException e) {
+ msg = "Failed to initialize KDC, because: " + e.getMessage();
+ WebServer.LOG.error(msg);
+ return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(msg).build();
+ }
+ }
+ return Response.status(Response.Status.FORBIDDEN).entity("HTTPS required.\n").build();
+ }
+
+ @GET
+ @Path("/kdcstart")
+ @Produces(MediaType.TEXT_PLAIN)
+ public Response kdcStart() {
+ if (httpRequest.isSecure()) {
+ final HasServer hasServer = WebServer.getHasServerFromContext(context);
+ JSONObject result = new JSONObject();
+ String msg;
+ try {
+ hasServer.startKdcServer();
+ } catch (HasException e) {
+ msg = "Failed to start kdc server, because: " + e.getMessage();
+ WebServer.LOG.error(msg);
+ return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(msg).build();
+ }
+ try {
+ msg = "Succeed in starting KDC server.";
+ result.put("result", "success");
+ result.put("msg", msg);
+ return Response.ok(result.toString()).build();
+ } catch (Exception e) {
+ msg = "Failed to start kdc server, because: " + e.getMessage();
+ WebServer.LOG.error(msg);
+ return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(msg).build();
+ }
+ }
+ return Response.status(Response.Status.FORBIDDEN).entity("HTTPS required.\n").build();
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ad48f758/has-project/has-server/src/main/java/org/apache/kerby/has/server/web/rest/KadminApi.java
----------------------------------------------------------------------
diff --git a/has-project/has-server/src/main/java/org/apache/kerby/has/server/web/rest/KadminApi.java b/has-project/has-server/src/main/java/org/apache/kerby/has/server/web/rest/KadminApi.java
index 1e8e82c..6445156 100644
--- a/has-project/has-server/src/main/java/org/apache/kerby/has/server/web/rest/KadminApi.java
+++ b/has-project/has-server/src/main/java/org/apache/kerby/has/server/web/rest/KadminApi.java
@@ -45,6 +45,7 @@ import java.util.List;
/**
* Kadmin web methods implementation.
*/
+@Path("/kadmin")
public class KadminApi {
@Context
private ServletContext context;
[3/3] directory-kerby git commit: Merge remote-tracking branch
'asf/trunk' into trunk
Posted by pl...@apache.org.
Merge remote-tracking branch 'asf/trunk' into trunk
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/f81bbf54
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/f81bbf54
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/f81bbf54
Branch: refs/heads/trunk
Commit: f81bbf54992bf05747e169906f665ba8fed3b25f
Parents: ad08b9c 26748ae
Author: plusplusjiajia <ji...@intel.com>
Authored: Tue Feb 13 10:02:31 2018 +0800
Committer: plusplusjiajia <ji...@intel.com>
Committed: Tue Feb 13 10:02:31 2018 +0800
----------------------------------------------------------------------
benchmark/pom.xml | 2 +-
has-project/has-client/pom.xml | 2 +-
has-project/has-common/pom.xml | 4 +-
has-project/has-plugins/pom.xml | 43 +++++++
.../client/mysql/MySQLHasClientPlugin.java | 68 +++++++++++
.../server/mysql/MySQLHasServerPlugin.java | 112 +++++++++++++++++++
.../org.apache.kerby.has.client.HasClientPlugin | 16 +++
.../org.apache.kerby.has.server.HasServerPlugin | 16 +++
.../plugins/TestHasClientPluginRegistry.java | 44 ++++++++
.../plugins/TestHasServerPluginRegistry.java | 43 +++++++
has-project/has-server/pom.xml | 2 +-
has-project/pom.xml | 4 +-
kerby-backend/json-backend/pom.xml | 2 +-
kerby-backend/ldap-backend/pom.xml | 2 +-
kerby-backend/mavibot-backend/pom.xml | 2 +-
kerby-backend/mysql-backend/pom.xml | 2 +-
kerby-backend/pom.xml | 2 +-
kerby-backend/zookeeper-backend/pom.xml | 2 +-
kerby-common/kerby-asn1/pom.xml | 2 +-
kerby-common/kerby-config/pom.xml | 2 +-
kerby-common/kerby-util/pom.xml | 2 +-
kerby-common/kerby-xdr/pom.xml | 2 +-
kerby-common/pom.xml | 2 +-
kerby-dist/has-dist/pom.xml | 2 +-
kerby-dist/kdc-dist/LICENSE | 5 +
kerby-dist/kdc-dist/licenses/LICENSE.jline.txt | 35 ++++++
kerby-dist/kdc-dist/pom.xml | 2 +-
kerby-dist/pom.xml | 2 +-
kerby-dist/tool-dist/pom.xml | 2 +-
kerby-kdc-test/pom.xml | 2 +-
kerby-kdc/pom.xml | 2 +-
kerby-kerb/integration-test/pom.xml | 2 +-
kerby-kerb/kerb-admin-server/pom.xml | 2 +-
kerby-kerb/kerb-admin/pom.xml | 2 +-
kerby-kerb/kerb-client-api-all/pom.xml | 2 +-
kerby-kerb/kerb-client/pom.xml | 2 +-
.../kerberos/kerb/client/KrbClientBase.java | 21 +++-
.../client/impl/AbstractInternalKrbClient.java | 20 +++-
kerby-kerb/kerb-common/pom.xml | 2 +-
kerby-kerb/kerb-core/pom.xml | 2 +-
kerby-kerb/kerb-crypto/pom.xml | 2 +-
kerby-kerb/kerb-gssapi/pom.xml | 2 +-
kerby-kerb/kerb-identity-test/pom.xml | 2 +-
kerby-kerb/kerb-identity/pom.xml | 2 +-
kerby-kerb/kerb-kdc-test/pom.xml | 2 +-
.../kerberos/kerb/server/CacheFileTest.java | 3 +-
kerby-kerb/kerb-server-api-all/pom.xml | 2 +-
kerby-kerb/kerb-server/pom.xml | 2 +-
kerby-kerb/kerb-simplekdc/pom.xml | 2 +-
kerby-kerb/kerb-util/pom.xml | 2 +-
kerby-kerb/pom.xml | 2 +-
kerby-pkix/pom.xml | 2 +-
kerby-provider/pom.xml | 2 +-
kerby-provider/token-provider/pom.xml | 2 +-
kerby-tool/client-tool/pom.xml | 2 +-
kerby-tool/kdc-tool/pom.xml | 7 +-
.../kerby/kerberos/tool/kadmin/KadminTool.java | 34 ++++--
kerby-tool/pom.xml | 2 +-
pom.xml | 5 +-
59 files changed, 496 insertions(+), 68 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f81bbf54/kerby-dist/has-dist/pom.xml
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/f81bbf54/kerby-tool/pom.xml
----------------------------------------------------------------------
[2/3] directory-kerby git commit: DIRKRB-691 Add tool for remote
initialization.
Posted by pl...@apache.org.
DIRKRB-691 Add tool for remote initialization.
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/ad08b9c3
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/ad08b9c3
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/ad08b9c3
Branch: refs/heads/trunk
Commit: ad08b9c3027d4627e93c80485997ae4bc4057d92
Parents: ad48f75
Author: plusplusjiajia <ji...@intel.com>
Authored: Tue Feb 13 10:02:14 2018 +0800
Committer: plusplusjiajia <ji...@intel.com>
Committed: Tue Feb 13 10:02:14 2018 +0800
----------------------------------------------------------------------
kerby-dist/has-dist/bin/hasinit.sh | 56 ++++++++++
kerby-dist/has-dist/conf/hadmin.conf | 6 ++
kerby-dist/has-dist/pom.xml | 5 +
kerby-tool/has-tool/pom.xml | 28 +++++
.../apache/kerby/kerberos/tool/HasInitTool.java | 108 +++++++++++++++++++
.../apache/kerby/kerberos/tool/cmd/InitCmd.java | 42 ++++++++
.../kerby/kerberos/tool/cmd/InitKdcCmd.java | 90 ++++++++++++++++
.../kerby/kerberos/tool/cmd/StartKdcCmd.java | 52 +++++++++
kerby-tool/pom.xml | 1 +
9 files changed, 388 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ad08b9c3/kerby-dist/has-dist/bin/hasinit.sh
----------------------------------------------------------------------
diff --git a/kerby-dist/has-dist/bin/hasinit.sh b/kerby-dist/has-dist/bin/hasinit.sh
new file mode 100644
index 0000000..2bbbf6a
--- /dev/null
+++ b/kerby-dist/has-dist/bin/hasinit.sh
@@ -0,0 +1,56 @@
+#!/usr/bin/env bash
+
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+CONF_DIR=$1
+APP_MAIN=org.apache.kerby.kerberos.tool.HasInitTool
+
+# Reset HAS_CONF_DIR if CONF_DIR not null
+if [ "$CONF_DIR" != "" ]; then
+ if [ ! -d "$CONF_DIR" ]; then
+ echo "[ERROR] ${CONF_DIR} is not a directory"
+ usage
+ fi
+else
+ if [ "$HAS_CONF_DIR" != "" ] && [ -d "$HAS_CONF_DIR" ]; then
+ CONF_DIR=${HAS_CONF_DIR}
+ else
+ echo "[ERROR] HAS_CONF_DIR is null or not a directory"
+ exit
+ fi
+fi
+
+# Load HAS environment variables
+if [ -f "${CONF_DIR}/has-env.sh" ]; then
+ . "${CONF_DIR}/has-env.sh"
+fi
+
+# Get HAS_HOME directory
+bin=`dirname "$0"`
+HAS_HOME=`cd ${bin}/..; pwd`
+cd ${HAS_HOME}
+
+for var in $*; do
+ if [ X"$var" = X"-D" ]; then
+ DEBUG="-Xdebug -Xrunjdwp:transport=dt_socket,address=8011,server=y,suspend=y"
+ fi
+done
+
+echo "[INFO] conf_dir=$CONF_DIR"
+HAS_OPTS="-DHAS_LOGFILE=kdcinit"
+
+java ${DEBUG} -classpath target/lib/*:. ${HAS_OPTS} ${APP_MAIN} ${CONF_DIR}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ad08b9c3/kerby-dist/has-dist/conf/hadmin.conf
----------------------------------------------------------------------
diff --git a/kerby-dist/has-dist/conf/hadmin.conf b/kerby-dist/has-dist/conf/hadmin.conf
new file mode 100644
index 0000000..e950aea
--- /dev/null
+++ b/kerby-dist/has-dist/conf/hadmin.conf
@@ -0,0 +1,6 @@
+[HAS]
+ https_host = plusplus-desktop
+ https_port = 8092
+ admin_keytab = /etc/has/admin.keytab
+ admin_keytab_principal = kadmin/HADOOP.COM@HADOOP.COM
+ filter_auth_type = kerberos
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ad08b9c3/kerby-dist/has-dist/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-dist/has-dist/pom.xml b/kerby-dist/has-dist/pom.xml
index d64c2a9..48ca99f 100644
--- a/kerby-dist/has-dist/pom.xml
+++ b/kerby-dist/has-dist/pom.xml
@@ -19,6 +19,11 @@
<artifactId>has-server</artifactId>
<version>${project.version}</version>
</dependency>
+ <dependency>
+ <groupId>org.apache.kerby</groupId>
+ <artifactId>has-tool</artifactId>
+ <version>${project.version}</version>
+ </dependency>
</dependencies>
<build>
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ad08b9c3/kerby-tool/has-tool/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-tool/has-tool/pom.xml b/kerby-tool/has-tool/pom.xml
new file mode 100644
index 0000000..36328ed
--- /dev/null
+++ b/kerby-tool/has-tool/pom.xml
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <parent>
+ <artifactId>kerby-tool</artifactId>
+ <groupId>org.apache.kerby</groupId>
+ <version>1.1.1-SNAPSHOT</version>
+ </parent>
+ <modelVersion>4.0.0</modelVersion>
+
+ <artifactId>has-tool</artifactId>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.kerby</groupId>
+ <artifactId>has-client</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.kerby</groupId>
+ <artifactId>has-common</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ </dependencies>
+
+
+</project>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ad08b9c3/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/HasInitTool.java
----------------------------------------------------------------------
diff --git a/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/HasInitTool.java b/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/HasInitTool.java
new file mode 100644
index 0000000..bd0a466
--- /dev/null
+++ b/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/HasInitTool.java
@@ -0,0 +1,108 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.tool;
+
+import org.apache.kerby.has.client.HasInitClient;
+import org.apache.kerby.has.common.HasConfig;
+import org.apache.kerby.has.common.HasException;
+import org.apache.kerby.has.common.util.HasUtil;
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.tool.cmd.InitKdcCmd;
+import org.apache.kerby.kerberos.tool.cmd.StartKdcCmd;
+import org.apache.kerby.kerberos.tool.cmd.InitCmd;
+import org.apache.kerby.util.OSUtil;
+
+import java.io.File;
+import java.util.Scanner;
+
+public class HasInitTool {
+ private static final String PROMPT = HasInitTool.class.getSimpleName();
+ private static final String USAGE = (OSUtil.isWindows()
+ ? "Usage: bin\\hasinit.cmd" : "Usage: sh bin/hasinit.sh")
+ + " <conf-file>\n"
+ + "\tExample:\n"
+ + "\t\t"
+ + (OSUtil.isWindows()
+ ? "bin\\hasinit.cmd" : "sh bin/hasinit.sh")
+ + " conf\n";
+
+ private static final String LEGAL_COMMANDS = "Available commands are: "
+ + "\n"
+ + "start_kdc, start\n"
+ + " Start kdc\n"
+ + "init_kdc, init\n"
+ + " Init kdc\n";
+
+ public static void main(String[] args) {
+ if (args.length < 1) {
+ System.err.println(USAGE);
+ System.exit(1);
+ }
+ String confDirPath = args[0];
+ File confFile = new File(confDirPath, "hadmin.conf");
+ HasConfig hasConfig;
+ try {
+ hasConfig = HasUtil.getHasConfig(confFile);
+ } catch (HasException e) {
+ System.err.println(e.getMessage());
+ return;
+ }
+
+ System.out.println(LEGAL_COMMANDS);
+ System.out.println("enter \"<cmd> [?][-help]\" to get cmd help.");
+ Scanner scanner = new Scanner(System.in, "UTF-8");
+ System.out.print(PROMPT + ": ");
+ String input = scanner.nextLine();
+
+ HasInitClient hasInitClient = new HasInitClient(hasConfig, new File(confDirPath));
+ while (!(input.equals("quit") || input.equals("exit") || input.equals("q"))) {
+ try {
+ execute(hasInitClient, input);
+ } catch (KrbException e) {
+ System.err.println(e.getMessage());
+ }
+ System.out.print(PROMPT + ": ");
+ input = scanner.nextLine();
+ }
+ }
+
+ private static void execute(HasInitClient hasInitClient, String input) throws KrbException {
+ input = input.trim();
+ if (input.startsWith("cmd")) {
+ System.out.println(LEGAL_COMMANDS);
+ return;
+ }
+ String[] items = input.split("\\s+");
+ String cmd = items[0];
+
+ InitCmd executor;
+ if (cmd.equals("start_kdc")
+ || cmd.equals("start")) {
+ executor = new StartKdcCmd(hasInitClient);
+ } else if (cmd.equals("init_kdc")
+ || cmd.equals("init")) {
+ executor = new InitKdcCmd(hasInitClient);
+ } else {
+ System.out.println(LEGAL_COMMANDS);
+ return;
+ }
+ executor.execute(items);
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ad08b9c3/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/cmd/InitCmd.java
----------------------------------------------------------------------
diff --git a/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/cmd/InitCmd.java b/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/cmd/InitCmd.java
new file mode 100644
index 0000000..c03d5bd
--- /dev/null
+++ b/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/cmd/InitCmd.java
@@ -0,0 +1,42 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.tool.cmd;
+
+import org.apache.kerby.has.client.HasInitClient;
+import org.apache.kerby.kerberos.kerb.KrbException;
+
+public abstract class InitCmd {
+
+ private HasInitClient client;
+
+ public InitCmd(HasInitClient client) {
+ this.client = client;
+ }
+
+ protected HasInitClient getClient() {
+ return client;
+ }
+
+ /**
+ * Execute the kdc init cmd.
+ * @param input Input cmd to execute
+ */
+ public abstract void execute(String[] input) throws KrbException;
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ad08b9c3/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/cmd/InitKdcCmd.java
----------------------------------------------------------------------
diff --git a/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/cmd/InitKdcCmd.java b/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/cmd/InitKdcCmd.java
new file mode 100644
index 0000000..63fe30a
--- /dev/null
+++ b/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/cmd/InitKdcCmd.java
@@ -0,0 +1,90 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.tool.cmd;
+
+import org.apache.kerby.has.client.HasInitClient;
+import org.apache.kerby.kerberos.kerb.KrbException;
+
+import java.io.File;
+import java.io.FileNotFoundException;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+
+/**
+ * Remote init kdc cmd
+ */
+public class InitKdcCmd extends InitCmd {
+
+ public static final String USAGE = "Usage: init_kdc [-p] [path]\n"
+ + "\tExample:\n"
+ + "\t\tinit_kdc\n";
+
+ public InitKdcCmd(HasInitClient client) {
+ super(client);
+ }
+
+ @Override
+ public void execute(String[] items) throws KrbException {
+ if (items.length >= 2 && (items[1].startsWith("?") || items[1].startsWith("-help"))) {
+ System.out.println(USAGE);
+ return;
+ }
+ File path = getClient().getConfDir();
+ if (items.length >= 3 && items[1].startsWith("-p")) {
+ path = new File(items[2]);
+ if (!path.exists() && !path.mkdirs()) {
+ System.err.println("Cannot create file : " + items[2]);
+ return;
+ }
+ }
+ File adminKeytab = new File(path, "admin.keytab");
+
+ HasInitClient client = getClient();
+ InputStream content = client.initKdc();
+
+ if (content == null) {
+ System.err.println("Failed to init kdc.");
+ return;
+ }
+
+ FileOutputStream fos = null;
+ try {
+ fos = new FileOutputStream(adminKeytab);
+ } catch (FileNotFoundException e) {
+ System.err.println("the admin keytab file not found. " + e.getMessage());
+ }
+ byte[] buffer = new byte[4 * 1024];
+ int read;
+ try {
+ while ((read = content.read(buffer)) > 0) {
+ fos.write(buffer, 0, read);
+ }
+ fos.close();
+ content.close();
+ } catch (IOException e) {
+ System.err.println("Errors occurred when getting the admin.keytab. " + e.getMessage());
+ }
+
+ System.out.println("admin.keytab has saved in : " + adminKeytab.getAbsolutePath()
+ + ",\nplease safely save it to use kadmin.");
+
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ad08b9c3/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/cmd/StartKdcCmd.java
----------------------------------------------------------------------
diff --git a/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/cmd/StartKdcCmd.java b/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/cmd/StartKdcCmd.java
new file mode 100644
index 0000000..05c9932
--- /dev/null
+++ b/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/cmd/StartKdcCmd.java
@@ -0,0 +1,52 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.kerby.kerberos.tool.cmd;
+
+import org.apache.kerby.has.client.HasInitClient;
+import org.apache.kerby.kerberos.kerb.KrbException;
+
+/**
+ * Remote start kdc cmd
+ */
+public class StartKdcCmd extends InitCmd {
+
+ public static final String USAGE = "Usage: start_kdc\n"
+ + "\tExample:\n"
+ + "\t\tstart\n";
+
+ public StartKdcCmd(HasInitClient client) {
+ super(client);
+ }
+
+ @Override
+ public void execute(String[] items) throws KrbException {
+ if (items.length >= 2 && (items[1].startsWith("?") || items[1].startsWith("-help"))) {
+ System.out.println(USAGE);
+ return;
+ }
+
+ if (items.length != 1) {
+ System.err.println(USAGE);
+ return;
+ }
+ HasInitClient client = getClient();
+ client.startKdc();
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ad08b9c3/kerby-tool/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-tool/pom.xml b/kerby-tool/pom.xml
index 6383356..f3f9be3 100644
--- a/kerby-tool/pom.xml
+++ b/kerby-tool/pom.xml
@@ -28,6 +28,7 @@
<modules>
<module>client-tool</module>
<module>kdc-tool</module>
+ <module>has-tool</module>
</modules>
</project>