Sorry this breaks GSS test and I will fix them ASAP. Regards, Kai
-----Original Message----- From: [email protected] [mailto:[email protected]] Sent: Tuesday, June 30, 2015 11:48 AM To: [email protected] Subject: [1/2] directory-kerby git commit: Changes summary: 1) Enhanced SimpleKdcServer to integrate KrbClient and Kadmin APIs for easier integration tests; 2) Refined related codes; 3) Fixed some issues found in the effort. Repository: directory-kerby Updated Branches: refs/heads/master 22d959b95 -> d49d73da3 Changes summary: 1) Enhanced SimpleKdcServer to integrate KrbClient and Kadmin APIs for easier integration tests; 2) Refined related codes; 3) Fixed some issues found in the effort. Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/497e0303 Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/497e0303 Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/497e0303 Branch: refs/heads/master Commit: 497e0303e2e5e28dee44775174b8072a4b4a4c76 Parents: 2446784 Author: drankye <[email protected]> Authored: Tue Jun 30 11:46:16 2015 +0800 Committer: Drankye <[email protected]> Committed: Tue Jun 30 11:46:16 2015 +0800 ---------------------------------------------------------------------- .../kerby/kerberos/kdc/GssInteropTestBase.java | 54 +++++++---- .../kerby/kerberos/kdc/GssTcpInteropTest.java | 25 ----- .../kerby/kerberos/kdc/GssUdpInteropTest.java | 26 ----- .../kerby/kerberos/kdc/JsonBackendKdcTest.java | 7 +- .../apache/kerby/kerberos/kdc/KerbyKdcTest.java | 15 +-- .../kdc/OnlyTcpForNettyKdcNetworkTest.java | 12 ++- .../kdc/OnlyUdpForNettyKdcNetworkTest.java | 12 ++- .../kerberos/kdc/WithAccessTokenKdcTest.java | 2 +- .../kerberos/kdc/WithIdentityTokenKdcTest.java | 6 +- .../kerberos/kdc/WithTokenKdcTestBase.java | 13 +-- .../kerberos/kdc/ZookeeperBackendKdcTest.java | 7 +- kerby-kdc-test/src/test/resources/krb5-udp.conf | 8 -- kerby-kdc-test/src/test/resources/krb5.conf | 9 -- .../kerby/kerberos/kdc/KerbyKdcServer.java | 4 +- .../kerby/kerberos/kerb/client/ClientUtil.java | 14 +-- .../kerby/kerberos/kerb/client/KrbConfig.java | 9 +- .../kerberos/kerb/client/KrbConfigKey.java | 6 +- .../kerby/kerberos/kerb/client/KrbSetting.java | 5 + .../kerb/client/KrbClientSettingTest.java | 4 +- .../kerberos/kerb/common/KrbConfHelper.java | 15 ++- .../kerby/kerberos/kerb/server/KdcTestBase.java | 99 ++++---------------- .../kerberos/kerb/server/TestKdcServer.java | 54 +++++++++++ .../kerberos/kerb/server/GssInteropTest.java | 21 ++--- .../kerberos/kerb/server/KdcSettingTest.java | 2 +- .../kerby/kerberos/kerb/server/KdcTest.java | 6 +- .../kerb/server/MultiRequestsKdcTest.java | 10 +- .../kerberos/kerb/server/OnlyTcpKdcTest.java | 5 + .../kerberos/kerb/server/OnlyUdpKdcTest.java | 5 + .../kerberos/kerb/server/TcpAndUdpKdcTest.java | 5 + .../kerb-kdc-test/src/test/resources/krb5.conf | 8 -- .../kerby/kerberos/kerb/server/KdcConfig.java | 25 +++-- .../kerberos/kerb/server/KdcConfigKey.java | 9 +- .../kerby/kerberos/kerb/server/KdcServer.java | 13 ++- .../kerberos/kerb/server/KdcServerOption.java | 1 + .../kerby/kerberos/kerb/server/KdcSetting.java | 29 +++++- .../server/impl/AbstractInternalKdcServer.java | 2 +- .../kerberos/kerb/server/SimpleKdcTest.java | 26 +---- .../kerberos/kerb/server/TestKdcConfigLoad.java | 4 +- kerby-kerb/kerb-simplekdc/pom.xml | 5 + .../kerby/kerberos/kerb/server/Krb5Conf.java | 53 +++++++++++ .../kerberos/kerb/server/SimpleKdcServer.java | 95 +++++++++++++++---- .../kerb-simplekdc/src/main/resources/krb5.conf | 7 ++ .../src/main/resources/krb5_udp.conf | 8 ++ .../org/apache/kerby/config/ConfigImpl.java | 3 +- .../main/java/org/apache/kerby/util/IOUtil.java | 27 +++++- 45 files changed, 465 insertions(+), 310 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/GssInteropTestBase.java ---------------------------------------------------------------------- diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/GssInteropTestBase.java b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/GssInteropTestBase.java index 43b89df..bb0fb48 100644 --- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/GssInteropTestBase.java +++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/GssInteropTestBase.java @@ -23,6 +23,7 @@ import org.apache.kerby.kerberos.kerb.KrbException; import org.apache.kerby.kerberos.kerb.server.KdcTestBase; import org.ietf.jgss.*; import org.junit.Assert; +import org.junit.Before; import org.junit.Test; import javax.security.auth.Subject; @@ -32,6 +33,7 @@ import javax.security.auth.callback.PasswordCallback; import javax.security.auth.callback.UnsupportedCallbackException; import javax.security.auth.kerberos.KerberosTicket; import javax.security.auth.login.LoginContext; +import java.io.File; import java.io.IOException; import java.security.Principal; import java.security.PrivilegedExceptionAction; @@ -41,17 +43,29 @@ import java.util.Set; * This is an interop test using the Java GSS APIs against the Kerby KDC */ public abstract class GssInteropTestBase extends KdcTestBase { - @Override protected void createPrincipals() throws KrbException { - kdcServer.createPrincipal(getClientPrincipal(), getClientPassword()); - kdcServer.createPrincipal(getServerPrincipal(), getServerPassword()); + getKdcServer().createPrincipal(getClientPrincipal(), getClientPassword()); + getKdcServer().createPrincipal(getServerPrincipal(), getServerPassword()); } private String getServerPassword() { return getClientPassword(); // Reuse the same password } + @Before + @Override + public void setUp() throws Exception { + super.setUp(); + + File file1 = new File(getClass().getResource("/kerberos.jaas").getPath()); + String content1 = getFileContent(file1.getPath()); + String path1 = writeToTestDir(content1, file1.getName()); + + // System.setProperty("sun.security.krb5.debug", "true"); + System.setProperty("java.security.auth.login.config", path1); + } + @Test public void testKdc() throws Exception { LoginContext loginContext = new LoginContext(getClientPrincipalName(), @@ -80,8 +94,6 @@ public abstract class GssInteropTestBase extends KdcTestBase { loginContext.logout(); validateServiceTicket(kerberosToken); - - kdcServer.stop(); } private void validateServiceTicket(byte[] ticket) throws Exception { @@ -121,17 +133,19 @@ public abstract class GssInteropTestBase extends KdcTestBase { } /** - * This class represents a PrivilegedExceptionAction implementation to obtain a service ticket from a Kerberos - * Key Distribution Center. + * This class represents a PrivilegedExceptionAction implementation to + * obtain a service ticket from a Kerberos Key Distribution Center. */ - private static class KerberosClientExceptionAction implements PrivilegedExceptionAction<byte[]> { + private static class KerberosClientExceptionAction + implements PrivilegedExceptionAction<byte[]> { private static final String JGSS_KERBEROS_TICKET_OID = "1.2.840.113554.1.2.2"; private Principal clientPrincipal; private String serviceName; - public KerberosClientExceptionAction(Principal clientPrincipal, String serviceName) { + public KerberosClientExceptionAction(Principal clientPrincipal, + String serviceName) { this.clientPrincipal = clientPrincipal; this.serviceName = serviceName; } @@ -139,12 +153,15 @@ public abstract class GssInteropTestBase extends KdcTestBase { public byte[] run() throws GSSException { GSSManager gssManager = GSSManager.getInstance(); - GSSName gssService = gssManager.createName(serviceName, GSSName.NT_USER_NAME); + GSSName gssService = gssManager.createName(serviceName, + GSSName.NT_USER_NAME); Oid oid = new Oid(JGSS_KERBEROS_TICKET_OID); - GSSName gssClient = gssManager.createName(clientPrincipal.getName(), GSSName.NT_USER_NAME); + GSSName gssClient = gssManager.createName(clientPrincipal.getName(), + GSSName.NT_USER_NAME); GSSCredential credentials = gssManager.createCredential( - gssClient, GSSCredential.DEFAULT_LIFETIME, oid, GSSCredential.INITIATE_ONLY + gssClient, GSSCredential.DEFAULT_LIFETIME, oid, + GSSCredential.INITIATE_ONLY ); GSSContext secContext = @@ -166,7 +183,8 @@ public abstract class GssInteropTestBase extends KdcTestBase { } } - private static class KerberosServiceExceptionAction implements PrivilegedExceptionAction<byte[]> { + private static class KerberosServiceExceptionAction + implements PrivilegedExceptionAction<byte[]> { private static final String JGSS_KERBEROS_TICKET_OID = "1.2.840.113554.1.2.2"; @@ -179,16 +197,16 @@ public abstract class GssInteropTestBase extends KdcTestBase { } public byte[] run() throws GSSException { - GSSManager gssManager = GSSManager.getInstance(); - - GSSContext secContext = null; - GSSName gssService = gssManager.createName(serviceName, GSSName.NT_USER_NAME); + GSSContext secContext; + GSSName gssService = gssManager.createName(serviceName, + GSSName.NT_USER_NAME); Oid oid = new Oid(JGSS_KERBEROS_TICKET_OID); GSSCredential credentials = gssManager.createCredential( - gssService, GSSCredential.DEFAULT_LIFETIME, oid, GSSCredential.ACCEPT_ONLY + gssService, GSSCredential.DEFAULT_LIFETIME, oid, + GSSCredential.ACCEPT_ONLY ); secContext = gssManager.createContext(credentials); http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/GssTcpInteropTest.java ---------------------------------------------------------------------- diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/GssTcpInteropTest.java b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/GssTcpInteropTest.java index dca4f4d..c101d0d 100644 --- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/GssTcpInteropTest.java +++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/GssTcpInteropTest.java @@ -19,36 +19,11 @@ */ package org.apache.kerby.kerberos.kdc; -import java.io.File; - -import org.junit.Before; - /** * This is an interop test using the Java GSS APIs against the Kerby KDC (using TCP) */ public class GssTcpInteropTest extends GssInteropTestBase { - @Before - @Override - public void setUp() throws Exception { - super.setUp(); - - File file1 = new File(this.getClass().getResource("/kerberos.jaas").getPath()); - String content1 = getFileContent(file1.getPath()); - String path1 = writeToTestDir(content1, file1.getName()); - - // System.setProperty("sun.security.krb5.debug", "true"); - System.setProperty("java.security.auth.login.config", path1); - - // Read in krb5.conf and substitute in the correct port - File file2 = new File(this.getClass().getResource("/krb5.conf").getPath()); - String content2 = getFileContent(file2.getPath()); - content2 = content2.replaceAll("port", "" + getTcpPort()); - String path2 = writeToTestDir(content2, file2.getName()); - - System.setProperty("java.security.krb5.conf", path2); - } - @Override protected boolean allowUdp() { return false; http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/GssUdpInteropTest.java ---------------------------------------------------------------------- diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/GssUdpInteropTest.java b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/GssUdpInteropTest.java index e2ccd31..a3e8c55 100644 --- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/GssUdpInteropTest.java +++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/GssUdpInteropTest.java @@ -19,39 +19,13 @@ */ package org.apache.kerby.kerberos.kdc; -import org.junit.Before; - -import java.io.File; - /** * This is an interop test using the Java GSS APIs against the Kerby KDC (using UDP) */ public class GssUdpInteropTest extends GssInteropTestBase { - @Before - @Override - public void setUp() throws Exception { - super.setUp(); - - File file1 = new File(getClass().getResource("/kerberos.jaas").getPath()); - String content1 = getFileContent(file1.getPath()); - String path1 = writeToTestDir(content1, file1.getName()); - - // System.setProperty("sun.security.krb5.debug", "true"); - System.setProperty("java.security.auth.login.config", path1); - - // Read in krb5.conf and substitute in the correct port - File file2 = new File(getClass().getResource("/krb5-udp.conf").getPath()); - String content2 = getFileContent(file2.getPath()); - content2 = content2.replaceAll("port", "" + getUdpPort()); - String path2 = writeToTestDir(content2, file2.getName()); - - System.setProperty("java.security.krb5.conf", path2); - } - @Override protected boolean allowUdp() { return true; } - } http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/JsonBackendKdcTest.java ---------------------------------------------------------------------- diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/JsonBackendKdcTest.java b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/JsonBackendKdcTest.java index c5815d8..ad60ef4 100644 --- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/JsonBackendKdcTest.java +++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/JsonBackendKdcTest.java @@ -20,6 +20,7 @@ package org.apache.kerby.kerberos.kdc; import org.apache.kerby.kerberos.kdc.identitybackend.JsonIdentityBackend; +import org.apache.kerby.kerberos.kerb.KrbException; import org.apache.kerby.kerberos.kerb.server.BackendConfig; import org.apache.kerby.kerberos.kerb.server.KdcConfigKey; import org.junit.AfterClass; @@ -31,14 +32,14 @@ public class JsonBackendKdcTest extends KerbyKdcTest { private static File jsonBackendFile; @Override - protected void prepareKdcServer() throws Exception { - super.prepareKdcServer(); + protected void prepareKdc() throws KrbException { + super.prepareKdc(); File testDir = new File(System.getProperty("test.dir", "target")); jsonBackendFile = new File(testDir, "json-backend-file"); String jsonBackendFileString = jsonBackendFile.getAbsolutePath(); - BackendConfig backendConfig = kdcServer.getBackendConfig(); + BackendConfig backendConfig = getKdcServer().getBackendConfig(); backendConfig.setString( JsonIdentityBackend.JSON_IDENTITY_BACKEND_FILE, jsonBackendFileString); backendConfig.setString(KdcConfigKey.KDC_IDENTITY_BACKEND, http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/KerbyKdcTest.java ---------------------------------------------------------------------- diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/KerbyKdcTest.java b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/KerbyKdcTest.java index 394c9ce..2f08601 100644 --- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/KerbyKdcTest.java +++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/KerbyKdcTest.java @@ -20,6 +20,7 @@ package org.apache.kerby.kerberos.kdc; import org.apache.kerby.kerberos.kdc.impl.NettyKdcServerImpl; +import org.apache.kerby.kerberos.kerb.KrbException; import org.apache.kerby.kerberos.kerb.server.KdcTestBase; import org.apache.kerby.kerberos.kerb.spec.ticket.ServiceTicket; import org.apache.kerby.kerberos.kerb.spec.ticket.TgtTicket; @@ -30,10 +31,10 @@ import static org.assertj.core.api.Assertions.assertThat; public abstract class KerbyKdcTest extends KdcTestBase { @Override - protected void prepareKdcServer() throws Exception { - super.prepareKdcServer(); - kdcServer.setInnerKdcImpl( - new NettyKdcServerImpl(kdcServer.getSetting())); + protected void prepareKdc() throws KrbException { + super.prepareKdc(); + getKdcServer().setInnerKdcImpl( + new NettyKdcServerImpl(getKdcServer().getKdcSetting())); } protected void performKdcTest() throws Exception { @@ -41,11 +42,11 @@ public abstract class KerbyKdcTest extends KdcTestBase { ServiceTicket tkt; try { - tgt = krbClnt.requestTgtWithPassword(getClientPrincipal(), - getClientPassword()); + tgt = getKrbClient().requestTgtWithPassword( + getClientPrincipal(), getClientPassword()); assertThat(tgt).isNotNull(); - tkt = krbClnt.requestServiceTicketWithTgt(tgt, getServerPrincipal()); + tkt = getKrbClient().requestServiceTicketWithTgt(tgt, getServerPrincipal()); assertThat(tkt).isNotNull(); } catch (Exception e) { System.out.println("Exception occurred with good password"); http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/OnlyTcpForNettyKdcNetworkTest.java ---------------------------------------------------------------------- diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/OnlyTcpForNettyKdcNetworkTest.java b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/OnlyTcpForNettyKdcNetworkTest.java index 6b46e8e..86f5214 100644 --- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/OnlyTcpForNettyKdcNetworkTest.java +++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/OnlyTcpForNettyKdcNetworkTest.java @@ -20,6 +20,7 @@ package org.apache.kerby.kerberos.kdc; import org.apache.kerby.kerberos.kdc.identitybackend.JsonIdentityBackend; +import org.apache.kerby.kerberos.kerb.KrbException; import org.apache.kerby.kerberos.kerb.server.BackendConfig; import org.junit.AfterClass; import org.junit.Test; @@ -37,19 +38,24 @@ public class OnlyTcpForNettyKdcNetworkTest extends KerbyKdcTest { } @Override + protected boolean allowTcp() { + return true; + } + + @Override protected boolean allowUdp() { return false; } @Override - protected void prepareKdcServer() throws Exception { - super.prepareKdcServer(); + protected void prepareKdc() throws KrbException { + super.prepareKdc(); File testDir = new File(System.getProperty("test.dir", "target")); jsonBackendFile = new File(testDir, "json-backend-file"); String jsonBackendFileString = jsonBackendFile.getAbsolutePath(); - BackendConfig backendConfig = kdcServer.getBackendConfig(); + BackendConfig backendConfig = getKdcServer().getBackendConfig(); backendConfig.setString( JsonIdentityBackend.JSON_IDENTITY_BACKEND_FILE, jsonBackendFileString); } http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/OnlyUdpForNettyKdcNetworkTest.java ---------------------------------------------------------------------- diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/OnlyUdpForNettyKdcNetworkTest.java b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/OnlyUdpForNettyKdcNetworkTest.java index 0097eec..c844380 100644 --- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/OnlyUdpForNettyKdcNetworkTest.java +++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/OnlyUdpForNettyKdcNetworkTest.java @@ -20,6 +20,7 @@ package org.apache.kerby.kerberos.kdc; import org.apache.kerby.kerberos.kdc.identitybackend.JsonIdentityBackend; +import org.apache.kerby.kerberos.kerb.KrbException; import org.apache.kerby.kerberos.kerb.server.BackendConfig; import org.junit.AfterClass; import org.junit.Test; @@ -42,14 +43,19 @@ public class OnlyUdpForNettyKdcNetworkTest extends KerbyKdcTest { } @Override - protected void prepareKdcServer() throws Exception { - super.prepareKdcServer(); + protected boolean allowUdp() { + return true; + } + + @Override + protected void prepareKdc() throws KrbException { + super.prepareKdc(); File testDir = new File(System.getProperty("test.dir", "target")); jsonBackendFile = new File(testDir, "json-backend-file"); String jsonBackendFileString = jsonBackendFile.getAbsolutePath(); - BackendConfig backendConfig = kdcServer.getBackendConfig(); + BackendConfig backendConfig = getKdcServer().getBackendConfig(); backendConfig.setString( JsonIdentityBackend.JSON_IDENTITY_BACKEND_FILE, jsonBackendFileString); http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithAccessTokenKdcTest.java ---------------------------------------------------------------------- diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithAccessTokenKdcTest.java b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithAccessTokenKdcTest.java index cb23513..d815e37 100644 --- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithAccessTokenKdcTest.java +++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithAccessTokenKdcTest.java @@ -29,7 +29,7 @@ public class WithAccessTokenKdcTest extends WithTokenKdcTestBase { prepareToken(getServerPrincipal()); createCredentialCache(getClientPrincipal(), getClientPassword()); - ServiceTicket serviceTicket = krbClnt.requestServiceTicketWithAccessToken( + ServiceTicket serviceTicket = getKrbClient().requestServiceTicketWithAccessToken( getKrbToken(), getServerPrincipal(), getcCacheFile().getPath()); verifyTicket(serviceTicket); http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithIdentityTokenKdcTest.java ---------------------------------------------------------------------- diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithIdentityTokenKdcTest.java b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithIdentityTokenKdcTest.java index 2a78f01..045da51 100644 --- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithIdentityTokenKdcTest.java +++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithIdentityTokenKdcTest.java @@ -36,14 +36,16 @@ public class WithIdentityTokenKdcTest extends WithTokenKdcTestBase { TgtTicket tgt = null; try { - tgt = krbClnt.requestTgtWithToken(getKrbToken(), getcCacheFile().getPath()); + tgt = getKrbClient().requestTgtWithToken(getKrbToken(), + getcCacheFile().getPath()); } catch (KrbException e) { assertThat(e.getMessage().contains("timeout")).isTrue(); return; } verifyTicket(tgt); - ServiceTicket tkt = krbClnt.requestServiceTicketWithTgt(tgt, getServerPrincipal()); + ServiceTicket tkt = getKrbClient().requestServiceTicketWithTgt(tgt, + getServerPrincipal()); verifyTicket(tkt); } } \ No newline at end of file http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithTokenKdcTestBase.java ---------------------------------------------------------------------- diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithTokenKdcTestBase.java b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithTokenKdcTestBase.java index 3e97223..01f490c 100644 --- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithTokenKdcTestBase.java +++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithTokenKdcTestBase.java @@ -58,13 +58,13 @@ public class WithTokenKdcTestBase extends KdcTestBase { @Override protected void createPrincipals() throws KrbException { super.createPrincipals(); - kdcServer.createPrincipal(getClientPrincipal(), clientPassword); + getKdcServer().createPrincipal(getClientPrincipal(), getClientPassword()); } @Override protected void deletePrincipals() throws KrbException { super.deletePrincipals(); - kdcServer.deletePrincipal(getClientPrincipal()); + getKdcServer().deletePrincipal(getClientPrincipal()); } protected AuthToken getKrbToken() { @@ -104,14 +104,9 @@ public class WithTokenKdcTestBase extends KdcTestBase { return krbToken; } - @Override - protected void prepareKdcServer() throws Exception { - super.prepareKdcServer(); - } - protected File createCredentialCache(String principal, String password) throws Exception { - TgtTicket tgt = krbClnt.requestTgtWithPassword(principal, password); + TgtTicket tgt = getKrbClient().requestTgtWithPassword(principal, password); writeTgtToCache(tgt, principal); return cCacheFile; } @@ -137,7 +132,7 @@ public class WithTokenKdcTestBase extends KdcTestBase { protected void verifyTicket(AbstractServiceTicket ticket) { assertThat(ticket).isNotNull(); - assertThat(ticket.getRealm()).isEqualTo(kdcServer.getKdcRealm()); + assertThat(ticket.getRealm()).isEqualTo(getKdcServer().getKdcSetting().getKdcRealm()); assertThat(ticket.getTicket()).isNotNull(); assertThat(ticket.getSessionKey()).isNotNull(); assertThat(ticket.getEncKdcRepPart()).isNotNull(); http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/ZookeeperBackendKdcTest.java ---------------------------------------------------------------------- diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/ZookeeperBackendKdcTest.java b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/ZookeeperBackendKdcTest.java index fda0f4b..2c62232 100644 --- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/ZookeeperBackendKdcTest.java +++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/ZookeeperBackendKdcTest.java @@ -20,6 +20,7 @@ package org.apache.kerby.kerberos.kdc; import org.apache.kerby.kerberos.kdc.identitybackend.ZKConfKey; +import org.apache.kerby.kerberos.kerb.KrbException; import org.apache.kerby.kerberos.kerb.server.BackendConfig; import org.apache.kerby.kerberos.kerb.server.KdcConfigKey; import org.junit.AfterClass; @@ -47,10 +48,10 @@ public class ZookeeperBackendKdcTest extends KerbyKdcTest { } @Override - protected void prepareKdcServer() throws Exception { - super.prepareKdcServer(); + protected void prepareKdc() throws KrbException { + super.prepareKdc(); - BackendConfig backendConfig = kdcServer.getBackendConfig(); + BackendConfig backendConfig = getKdcServer().getBackendConfig(); File testDir = new File(System.getProperty("test.dir", "target")); instanceDir = new File(testDir, "zookeeper"); http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kdc-test/src/test/resources/krb5-udp.conf ---------------------------------------------------------------------- diff --git a/kerby-kdc-test/src/test/resources/krb5-udp.conf b/kerby-kdc-test/src/test/resources/krb5-udp.conf deleted file mode 100644 index 1e878bd..0000000 --- a/kerby-kdc-test/src/test/resources/krb5-udp.conf +++ /dev/null @@ -1,8 +0,0 @@ -[libdefaults] - default_realm = TEST.COM - permitted_enctypes = des-cbc-crc aes128-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 des3-cbc-sha1-kd - -[realms] - TEST.COM = { - kdc = localhost:port - } \ No newline at end of file http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kdc-test/src/test/resources/krb5.conf ---------------------------------------------------------------------- diff --git a/kerby-kdc-test/src/test/resources/krb5.conf b/kerby-kdc-test/src/test/resources/krb5.conf deleted file mode 100644 index d1361d9..0000000 --- a/kerby-kdc-test/src/test/resources/krb5.conf +++ /dev/null @@ -1,9 +0,0 @@ -[libdefaults] - default_realm = TEST.COM - udp_preference_limit = 1 - permitted_enctypes = des-cbc-crc aes128-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 des3-cbc-sha1-kd - -[realms] - TEST.COM = { - kdc = localhost:port - } \ No newline at end of file http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/KerbyKdcServer.java ---------------------------------------------------------------------- diff --git a/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/KerbyKdcServer.java b/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/KerbyKdcServer.java index e088d5a..e07021c 100644 --- a/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/KerbyKdcServer.java +++ b/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/KerbyKdcServer.java @@ -33,14 +33,14 @@ public class KerbyKdcServer extends KdcServer { private Kadmin kadmin; public KerbyKdcServer(File confDir) throws KrbException { super(confDir); - setInnerKdcImpl(new NettyKdcServerImpl(getSetting())); + setInnerKdcImpl(new NettyKdcServerImpl(getKdcSetting())); } @Override public void init() throws KrbException { super.init(); - kadmin = new Kadmin(getSetting(), getIdentityService()); + kadmin = new Kadmin(getKdcSetting(), getIdentityService()); kadmin.createBuiltinPrincipals(); } http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/ClientUtil.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/ClientUtil.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/ClientUtil.java index 934a78b..c6244f5 100644 --- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/ClientUtil.java +++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/ClientUtil.java @@ -46,7 +46,8 @@ public final class ClientUtil { krbConfig.addIniConfig(confFile); return krbConfig; } catch (IOException e) { - throw new KrbException("Failed to load krb config " + confFile.getAbsolutePath()); + throw new KrbException("Failed to load krb config " + + confFile.getAbsolutePath()); } } @@ -70,7 +71,8 @@ public final class ClientUtil { if (tmpEnv != null) { confFile = new File(tmpEnv); if (!confFile.exists()) { - throw new KrbException("krb5 conf not found. Invalid env " + krb5EnvName); + throw new KrbException("krb5 conf not found. Invalid env " + + krb5EnvName); } } else { confDir = new File("/etc/"); // for Linux. TODO: fix for Win etc. @@ -79,16 +81,16 @@ public final class ClientUtil { } } + KrbConfig krbConfig = new KrbConfig(); if (confFile != null && confFile.exists()) { - KrbConfig krbConfig = new KrbConfig(); try { krbConfig.addIniConfig(confFile); - return krbConfig; } catch (IOException e) { - throw new KrbException("Failed to load krb config " + confFile.getAbsolutePath()); + throw new KrbException("Failed to load krb config " + + confFile.getAbsolutePath()); } } - return null; + return krbConfig; } } http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfig.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfig.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfig.java index e1b2529..4bbfdfa 100644 --- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfig.java +++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfig.java @@ -48,7 +48,10 @@ public class KrbConfig extends Conf { */ public int getKdcPort() { Integer kdcPort = getInt(KrbConfigKey.KDC_PORT); - return kdcPort.shortValue(); + if (kdcPort != null) { + return kdcPort.shortValue(); + } + return -1; } /** @@ -57,7 +60,7 @@ public class KrbConfig extends Conf { */ public int getKdcTcpPort() { Integer kdcPort = getInt(KrbConfigKey.KDC_TCP_PORT); - if (kdcPort > 0) { + if (kdcPort != null && kdcPort > 0) { return kdcPort.shortValue(); } return getKdcPort(); @@ -84,7 +87,7 @@ public class KrbConfig extends Conf { */ public int getKdcUdpPort() { Integer kdcPort = getInt(KrbConfigKey.KDC_UDP_PORT); - if (kdcPort > 0) { + if (kdcPort != null && kdcPort > 0) { return kdcPort.shortValue(); } return getKdcPort(); http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfigKey.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfigKey.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfigKey.java index e644825..75478a7 100644 --- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfigKey.java +++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbConfigKey.java @@ -24,11 +24,11 @@ import org.apache.kerby.kerberos.kerb.common.SectionConfigKey; public enum KrbConfigKey implements SectionConfigKey { KRB_DEBUG(true), KDC_HOST("localhost"), - KDC_PORT(8015), + KDC_PORT(), KDC_ALLOW_UDP(true), KDC_ALLOW_TCP(true), - KDC_UDP_PORT(8016), - KDC_TCP_PORT(8015), + KDC_UDP_PORT(), + KDC_TCP_PORT(), KDC_DOMAIN("example.com"), KDC_REALM("EXAMPLE.COM", "libdefaults"), TGS_PRINCIPAL("[email protected]"), http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbSetting.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbSetting.java b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbSetting.java index 59689a1..da99df0 100644 --- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbSetting.java +++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbSetting.java @@ -33,6 +33,11 @@ public class KrbSetting { this.krbConfig = config; } + public KrbSetting(KrbConfig config) { + this.commonOptions = new KOptions(); + this.krbConfig = config; + } + public KrbConfig getKrbConfig() { return krbConfig; } http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kerb/kerb-client/src/test/java/org/apache/kerby/kerberos/kerb/client/KrbClientSettingTest.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-client/src/test/java/org/apache/kerby/kerberos/kerb/client/KrbClientSettingTest.java b/kerby-kerb/kerb-client/src/test/java/org/apache/kerby/kerberos/kerb/client/KrbClientSettingTest.java index 9377d30..6ccf8bd 100644 --- a/kerby-kerb/kerb-client/src/test/java/org/apache/kerby/kerberos/kerb/client/KrbClientSettingTest.java +++ b/kerby-kerb/kerb-client/src/test/java/org/apache/kerby/kerberos/kerb/client/KrbClientSettingTest.java @@ -29,12 +29,12 @@ public class KrbClientSettingTest { @Test public void testKdcServerMannualSetting() throws KrbException { KrbClient krbClient = new KrbClient(); + krbClient.setKdcHost("localhost"); krbClient.setKdcRealm("TEST2.COM"); + krbClient.setAllowUdp(false); krbClient.setKdcTcpPort(12345); - krbClient.init(); - KrbSetting krbSetting = krbClient.getSetting(); assertThat(krbSetting.getKdcHost()).isEqualTo("localhost"); assertThat(krbSetting.getKdcTcpPort()).isEqualTo(12345); http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/KrbConfHelper.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/KrbConfHelper.java b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/KrbConfHelper.java index 54d57e3..0933b56 100644 --- a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/KrbConfHelper.java +++ b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/KrbConfHelper.java @@ -42,34 +42,34 @@ public class KrbConfHelper { if (subConfig != null) { return subConfig.getString(key); } else { - return (String) conf.getString(key); + return conf.getString(key); } } - public static boolean getBooleanUnderSection(Conf conf, SectionConfigKey key) { + public static Boolean getBooleanUnderSection(Conf conf, SectionConfigKey key) { Config subConfig = conf.getConfig(key.getSectionName()); if (subConfig != null) { return subConfig.getBoolean(key); } else { - return (Boolean) conf.getBoolean(key); + return conf.getBoolean(key); } } - public static long getLongUnderSection(Conf conf, SectionConfigKey key) { + public static Long getLongUnderSection(Conf conf, SectionConfigKey key) { Config subConfig = conf.getConfig(key.getSectionName()); if (subConfig != null) { return subConfig.getLong(key); } else { - return (Long) conf.getLong(key); + return conf.getLong(key); } } - public static int getIntUnderSection(Conf conf, SectionConfigKey key) { + public static Integer getIntUnderSection(Conf conf, SectionConfigKey key) { Config subConfig = conf.getConfig(key.getSectionName()); if (subConfig != null) { return subConfig.getInt(key); } else { - return (Integer) conf.getInt(key); + return conf.getInt(key); } } @@ -103,5 +103,4 @@ public class KrbConfHelper { } return results; } - } http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kerb/kerb-kdc-test/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcTestBase.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-kdc-test/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcTestBase.java b/kerby-kerb/kerb-kdc-test/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcTestBase.java index ba06551..cdf65af 100644 --- a/kerby-kerb/kerb-kdc-test/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcTestBase.java +++ b/kerby-kerb/kerb-kdc-test/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcTestBase.java @@ -21,10 +21,7 @@ package org.apache.kerby.kerberos.kerb.server; import org.apache.kerby.kerberos.kerb.KrbException; import org.apache.kerby.kerberos.kerb.client.KrbClient; -import org.apache.kerby.kerberos.kerb.client.KrbConfig; -import org.apache.kerby.kerberos.kerb.client.KrbConfigKey; import org.apache.kerby.util.IOUtil; -import org.apache.kerby.util.NetworkUtil; import org.junit.After; import org.junit.AfterClass; import org.junit.Before; @@ -36,20 +33,16 @@ import java.io.IOException; public abstract class KdcTestBase { private static File testDir; - private final String kdcRealm = "TEST.COM"; - protected final String clientPassword = "123456"; + private final String clientPassword = "123456"; private final String hostname = "localhost"; private final String clientPrincipalName = "drankye"; - private final String clientPrincipal = clientPrincipalName + "@" + kdcRealm; + private final String clientPrincipal = + clientPrincipalName + "@" + TestKdcServer.kdcRealm; private final String serverPrincipalName = "test-service"; private final String serverPrincipal = - serverPrincipalName + "/" + hostname + "@" + kdcRealm; + serverPrincipalName + "/" + hostname + "@" + TestKdcServer.kdcRealm; - private int tcpPort = -1; - private int udpPort = -1; - - protected SimpleKdcServer kdcServer; - protected KrbClient krbClnt; + private SimpleKdcServer kdcServer; @BeforeClass public static void createTestDir() throws IOException { @@ -67,10 +60,18 @@ public abstract class KdcTestBase { testDir.delete(); } - public File getTestDir() { + protected File getTestDir() { return testDir; } + protected SimpleKdcServer getKdcServer() { + return kdcServer; + } + + protected KrbClient getKrbClient() { + return kdcServer.getKrbClient(); + } + protected String getClientPrincipalName() { return clientPrincipalName; } @@ -99,14 +100,6 @@ public abstract class KdcTestBase { return true; } - protected int getTcpPort() { - return tcpPort; - } - - protected int getUdpPort() { - return udpPort; - } - protected String getFileContent(String path) throws IOException { return IOUtil.readFile(new File(path)); } @@ -123,14 +116,6 @@ public abstract class KdcTestBase { @Before public void setUp() throws Exception { - if (allowTcp()) { - tcpPort = NetworkUtil.getServerPort(); - } - - if (allowUdp()) { - udpPort = NetworkUtil.getServerPort(); - } - setUpKdcServer(); createPrincipals(); @@ -138,65 +123,20 @@ public abstract class KdcTestBase { setUpClient(); } - /** - * Prepare KrbClient startup options and config. - * @throws Exception - */ - protected void prepareKrbClient() throws Exception { - - } - - /** - * Prepare KDC startup options and config. - * @throws Exception - */ - protected void prepareKdcServer() throws Exception { - kdcServer.setKdcRealm(kdcRealm); - kdcServer.setKdcHost(hostname); - kdcServer.setAllowTcp(allowTcp()); - if (tcpPort > 0) { - kdcServer.setKdcTcpPort(tcpPort); - } - - kdcServer.setAllowUdp(allowUdp()); - if (udpPort > 0) { - kdcServer.setKdcUdpPort(udpPort); - } + protected void prepareKdc() throws KrbException { + kdcServer.init(); } protected void setUpKdcServer() throws Exception { - kdcServer = new SimpleKdcServer(); - - prepareKdcServer(); + kdcServer = new TestKdcServer(allowTcp(), allowUdp()); + kdcServer.setWorkDir(testDir); - kdcServer.init(); + prepareKdc(); kdcServer.start(); } protected void setUpClient() throws Exception { - KrbConfig krbConfig = new KrbConfig(); - krbConfig.setString(KrbConfigKey.PERMITTED_ENCTYPES, - "aes128-cts-hmac-sha1-96 des-cbc-crc des-cbc-md5 des3-cbc-sha1"); - - krbClnt = new KrbClient(krbConfig); - - krbClnt.setKdcHost(hostname); - krbClnt.setAllowTcp(allowTcp()); - if (tcpPort > 0) { - krbClnt.setKdcTcpPort(tcpPort); - } - krbClnt.setAllowUdp(allowUdp()); - if (udpPort > 0) { - krbClnt.setKdcUdpPort(udpPort); - } - - krbClnt.setTimeout(10 * 1000); - krbClnt.setKdcRealm(kdcServer.getKdcRealm()); - - prepareKrbClient(); - - krbClnt.init(); } protected void createPrincipals() throws KrbException { @@ -205,6 +145,7 @@ public abstract class KdcTestBase { } protected void deletePrincipals() throws KrbException { + kdcServer.getKadmin().deleteBuiltinPrincipals(); kdcServer.deletePrincipals(serverPrincipal); kdcServer.deletePrincipal(clientPrincipal); } http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kerb/kerb-kdc-test/src/main/java/org/apache/kerby/kerberos/kerb/server/TestKdcServer.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-kdc-test/src/main/java/org/apache/kerby/kerberos/kerb/server/TestKdcServer.java b/kerby-kerb/kerb-kdc-test/src/main/java/org/apache/kerby/kerberos/kerb/server/TestKdcServer.java new file mode 100644 index 0000000..4395f4b --- /dev/null +++ b/kerby-kerb/kerb-kdc-test/src/main/java/org/apache/kerby/kerberos/kerb/server/TestKdcServer.java @@ -0,0 +1,54 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.apache.kerby.kerberos.kerb.server; + +import org.apache.kerby.kerberos.kerb.KrbException; +import org.apache.kerby.kerberos.kerb.client.KrbClient; +import org.apache.kerby.kerberos.kerb.client.KrbConfig; +import org.apache.kerby.kerberos.kerb.client.KrbConfigKey; +import org.apache.kerby.util.NetworkUtil; + +public class TestKdcServer extends SimpleKdcServer { + public final static String kdcRealm = "TEST.COM"; + public final static String hostname = "localhost"; + + public TestKdcServer(boolean allowTcp, boolean allowUdp) throws KrbException { + super(); + + setKdcRealm(kdcRealm); + setKdcHost(hostname); + setAllowTcp(allowTcp); + setAllowUdp(allowUdp); + + if (allowTcp) { + setKdcTcpPort(NetworkUtil.getServerPort()); + } + if (allowUdp) { + setKdcUdpPort(NetworkUtil.getServerPort()); + } + + KrbClient krbClnt = getKrbClient(); + KrbConfig krbConfig = krbClnt.getKrbConfig(); + krbConfig.setString(KrbConfigKey.PERMITTED_ENCTYPES, + "aes128-cts-hmac-sha1-96 des-cbc-crc des-cbc-md5 des3-cbc-sha1"); + + krbClnt.setTimeout(10 * 1000); + } +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/GssInteropTest.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/GssInteropTest.java b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/GssInteropTest.java index 5968ce1..b6d1d8e 100644 --- a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/GssInteropTest.java +++ b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/GssInteropTest.java @@ -43,31 +43,28 @@ import java.util.Set; */ public class GssInteropTest extends KdcTestBase { + protected boolean allowUdp() { + return false; + } + @Before @Override public void setUp() throws Exception { super.setUp(); - File file1 = new File(this.getClass().getResource("/kerberos.jaas").getPath()); + File file1 = new File(this.getClass().getResource( + "/kerberos.jaas").getPath()); String content1 = getFileContent(file1.getPath()); String path1 = writeToTestDir(content1, file1.getName()); // System.setProperty("sun.security.krb5.debug", "true"); System.setProperty("java.security.auth.login.config", path1); - - // Read in krb5.conf and substitute in the correct port - File file2 = new File(this.getClass().getResource("/krb5.conf").getPath()); - String content2 = getFileContent(file2.getPath()); - content2 = content2.replaceAll("port", "" + getTcpPort()); - String path2 = writeToTestDir(content2, file2.getName()); - - System.setProperty("java.security.krb5.conf", path2); } @Override protected void createPrincipals() throws KrbException { - kdcServer.createPrincipal(getClientPrincipal(), getClientPassword()); - kdcServer.createPrincipal(getServerPrincipal(), getServerPassword()); + getKdcServer().createPrincipal(getClientPrincipal(), getClientPassword()); + getKdcServer().createPrincipal(getServerPrincipal(), getServerPassword()); } private String getServerPassword() { @@ -132,7 +129,7 @@ public class GssInteropTest extends KdcTestBase { pc.setPassword(getClientPassword().toCharArray()); break; } else if (pc.getPrompt().contains(getServerPrincipalName())) { - pc.setPassword(clientPassword.toCharArray()); + pc.setPassword(getClientPassword().toCharArray()); break; } } http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcSettingTest.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcSettingTest.java b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcSettingTest.java index 5ee75af..a48a20e 100644 --- a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcSettingTest.java +++ b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcSettingTest.java @@ -35,7 +35,7 @@ public class KdcSettingTest { kerbServer.init(); - KdcSetting kdcSetting = kerbServer.getSetting(); + KdcSetting kdcSetting = kerbServer.getKdcSetting(); assertThat(kdcSetting.getKdcHost()).isEqualTo("localhost"); assertThat(kdcSetting.getKdcTcpPort()).isEqualTo(12345); assertThat(kdcSetting.getKdcRealm()).isEqualTo("TEST2.COM"); http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcTest.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcTest.java b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcTest.java index 80da80f..5fcc9fd 100644 --- a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcTest.java +++ b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcTest.java @@ -23,8 +23,6 @@ import org.apache.kerby.kerberos.kerb.spec.ticket.ServiceTicket; import org.apache.kerby.kerberos.kerb.spec.ticket.TgtTicket; import org.junit.Assert; -import java.io.File; - import static org.assertj.core.api.Assertions.assertThat; public abstract class KdcTest extends KdcTestBase { @@ -34,11 +32,11 @@ public abstract class KdcTest extends KdcTestBase { ServiceTicket tkt; try { - tgt = krbClnt.requestTgtWithPassword(getClientPrincipal(), + tgt = getKrbClient().requestTgtWithPassword(getClientPrincipal(), getClientPassword()); assertThat(tgt).isNotNull(); - tkt = krbClnt.requestServiceTicketWithTgt(tgt, getServerPrincipal()); + tkt = getKrbClient().requestServiceTicketWithTgt(tgt, getServerPrincipal()); assertThat(tkt).isNotNull(); } catch (Exception e) { System.out.println("Exception occurred with good password"); http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/MultiRequestsKdcTest.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/MultiRequestsKdcTest.java b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/MultiRequestsKdcTest.java index 81c48bb..82fa7dc 100644 --- a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/MultiRequestsKdcTest.java +++ b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/MultiRequestsKdcTest.java @@ -38,7 +38,7 @@ public class MultiRequestsKdcTest extends KdcTestBase { protected void createPrincipals() throws KrbException { super.createPrincipals(); clientPrincipal = getClientPrincipal(); - kdcServer.createPrincipal(clientPrincipal, password); + getKdcServer().createPrincipal(clientPrincipal, password); } @Test @@ -48,11 +48,11 @@ public class MultiRequestsKdcTest extends KdcTestBase { // With good password try { - tgt = krbClnt.requestTgtWithPassword(clientPrincipal, password); + tgt = getKrbClient().requestTgtWithPassword(clientPrincipal, password); assertThat(tgt).isNotNull(); serverPrincipal = getServerPrincipal(); - tkt = krbClnt.requestServiceTicketWithTgt(tgt, serverPrincipal); + tkt = getKrbClient().requestServiceTicketWithTgt(tgt, serverPrincipal); assertThat(tkt).isNotNull(); } catch (Exception e) { System.out.println("Exception occurred with good password"); @@ -70,10 +70,10 @@ public class MultiRequestsKdcTest extends KdcTestBase { // With good password again try { - tgt = krbClnt.requestTgtWithPassword(clientPrincipal, password); + tgt = getKrbClient().requestTgtWithPassword(clientPrincipal, password); assertThat(tgt).isNotNull(); - tkt = krbClnt.requestServiceTicketWithTgt(tgt, serverPrincipal); + tkt = getKrbClient().requestServiceTicketWithTgt(tgt, serverPrincipal); assertThat(tkt).isNotNull(); } catch (Exception e) { System.out.println("Exception occurred with good password again"); http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/OnlyTcpKdcTest.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/OnlyTcpKdcTest.java b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/OnlyTcpKdcTest.java index e7e956b..57f1f8d 100644 --- a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/OnlyTcpKdcTest.java +++ b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/OnlyTcpKdcTest.java @@ -24,6 +24,11 @@ import org.junit.Test; public class OnlyTcpKdcTest extends KdcTest { @Override + protected boolean allowTcp() { + return true; + } + + @Override protected boolean allowUdp() { return false; } http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/OnlyUdpKdcTest.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/OnlyUdpKdcTest.java b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/OnlyUdpKdcTest.java index 9bfd7bc..4cbcb2a 100644 --- a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/OnlyUdpKdcTest.java +++ b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/OnlyUdpKdcTest.java @@ -28,6 +28,11 @@ public class OnlyUdpKdcTest extends KdcTest { return false; } + @Override + protected boolean allowUdp() { + return true; + } + @Test public void testKdc() throws Exception { performKdcTest(); http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/TcpAndUdpKdcTest.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/TcpAndUdpKdcTest.java b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/TcpAndUdpKdcTest.java index 673eeb4..2e25fbb 100644 --- a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/TcpAndUdpKdcTest.java +++ b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/TcpAndUdpKdcTest.java @@ -28,6 +28,11 @@ public class TcpAndUdpKdcTest extends KdcTest { return true; } + @Override + protected boolean allowTcp() { + return true; + } + @Test public void testKdc() throws Exception { performKdcTest(); http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kerb/kerb-kdc-test/src/test/resources/krb5.conf ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-kdc-test/src/test/resources/krb5.conf b/kerby-kerb/kerb-kdc-test/src/test/resources/krb5.conf deleted file mode 100644 index e2fa16a..0000000 --- a/kerby-kerb/kerb-kdc-test/src/test/resources/krb5.conf +++ /dev/null @@ -1,8 +0,0 @@ -[libdefaults] - default_realm = TEST.COM - udp_preference_limit = 1 - -[realms] - TEST.COM = { - kdc = localhost:port - } \ No newline at end of file http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfig.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfig.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfig.java index 15e2347..d8747cc 100644 --- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfig.java +++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfig.java @@ -6,16 +6,16 @@ * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. - * + * */ package org.apache.kerby.kerberos.kerb.server; @@ -45,30 +45,41 @@ public class KdcConfig extends Conf { public int getKdcPort() { Integer kdcPort = KrbConfHelper.getIntUnderSection(this, KdcConfigKey.KDC_PORT); - return kdcPort.intValue(); + if (kdcPort != null && kdcPort > 0) { + return kdcPort.intValue(); + } + return -1; } public int getKdcTcpPort() { Integer kdcTcpPort = KrbConfHelper.getIntUnderSection(this, KdcConfigKey.KDC_TCP_PORT); - if (kdcTcpPort > 0) { + if (kdcTcpPort != null && kdcTcpPort > 0) { return kdcTcpPort.intValue(); } return getKdcPort(); } /** + * Is to allow TCP for KDC + * @return true to allow TCP, false otherwise + */ + public Boolean allowTcp() { + return getBoolean(KdcConfigKey.KDC_ALLOW_TCP); + } + + /** * Is to allow UDP for KDC * @return true to allow UDP, false otherwise */ - public boolean allowKdcUdp() { + public Boolean allowUdp() { return getBoolean(KdcConfigKey.KDC_ALLOW_UDP); } public int getKdcUdpPort() { Integer kdcUdpPort = KrbConfHelper.getIntUnderSection(this, KdcConfigKey.KDC_UDP_PORT); - if (kdcUdpPort > 0) { + if (kdcUdpPort != null && kdcUdpPort > 0) { return kdcUdpPort.intValue(); } return getKdcPort(); http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfigKey.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfigKey.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfigKey.java index 02116e7..b071bd6 100644 --- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfigKey.java +++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfigKey.java @@ -26,11 +26,12 @@ public enum KdcConfigKey implements SectionConfigKey { KRB_DEBUG(true), KDC_SERVICE_NAME("KDC-Server"), KDC_IDENTITY_BACKEND, - KDC_HOST("127.0.0.1", "kdcdefaults"), // NOPMD - KDC_PORT(8015, "kdcdefaults"), + KDC_HOST("127.0.0.1", "kdcdefaults"),// NOPMD + KDC_PORT(null, "kdcdefaults"), + KDC_ALLOW_TCP(true, "kdcdefaults"), KDC_ALLOW_UDP(true, "kdcdefaults"), - KDC_UDP_PORT(8016, "kdcdefaults"), - KDC_TCP_PORT(8015, "kdcdefaults"), + KDC_UDP_PORT(null, "kdcdefaults"), + KDC_TCP_PORT(null, "kdcdefaults"), KDC_DOMAIN("example.com"), KDC_REALM("EXAMPLE.COM", "kdcdefaults"), PREAUTH_REQUIRED(true), http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcServer.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcServer.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcServer.java index f5465ad..5541a9e 100644 --- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcServer.java +++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcServer.java @@ -105,6 +105,14 @@ public class KdcServer { } /** + * Set KDC port. + * @param kdcPort + */ + public void setKdcPort(int kdcPort) { + startupOptions.add(KdcServerOption.KDC_PORT, kdcPort); + } + + /** * Set KDC tcp port. * @param kdcTcpPort */ @@ -162,7 +170,7 @@ public class KdcServer { * Get KDC setting from startup options and configs. * @return setting */ - public KdcSetting getSetting() { + public KdcSetting getKdcSetting() { return kdcSetting; } @@ -205,6 +213,9 @@ public class KdcServer { } public void start() throws KrbException { + if (innerKdc == null) { + throw new RuntimeException("Not init yet"); + } innerKdc.start(); } http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcServerOption.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcServerOption.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcServerOption.java index 9d5243a..b663887 100644 --- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcServerOption.java +++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcServerOption.java @@ -30,6 +30,7 @@ public enum KdcServerOption implements KOption { INNER_KDC_IMPL("inner KDC impl", KOptionType.OBJ), KDC_REALM("kdc realm", KOptionType.STR), KDC_HOST("kdc host", KOptionType.STR), + KDC_PORT("kdc port", KOptionType.INT), ALLOW_TCP("allow tcp", KOptionType.BOOL), KDC_TCP_PORT("kdc tcp port", KOptionType.INT), ALLOW_UDP("allow udp", KOptionType.BOOL), http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcSetting.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcSetting.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcSetting.java index 16c21a8..64df7cf 100644 --- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcSetting.java +++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcSetting.java @@ -70,15 +70,36 @@ public class KdcSetting { if (tcpPort < 1) { tcpPort = kdcConfig.getKdcTcpPort(); } + if (tcpPort < 1) { + tcpPort = getKdcPort(); + } + return tcpPort; } + public int getKdcPort() { + int kdcPort = startupOptions.getIntegerOption(KdcServerOption.KDC_PORT); + if (kdcPort < 1) { + kdcPort = kdcConfig.getKdcPort(); + } + return kdcPort; + } + + public boolean allowTcp() { + Boolean allowTcp = startupOptions.getBooleanOption(KdcServerOption.ALLOW_TCP); + if (allowTcp == null) { + allowTcp = kdcConfig.allowTcp(); + } + + return allowTcp != null ? allowTcp : false; + } + public boolean allowUdp() { Boolean allowUdp = startupOptions.getBooleanOption(KdcServerOption.ALLOW_UDP); if (allowUdp == null) { - allowUdp = kdcConfig.allowKdcUdp(); + allowUdp = kdcConfig.allowUdp(); } - return allowUdp; + return allowUdp != null ? allowUdp : false; } public int getKdcUdpPort() { @@ -86,6 +107,10 @@ public class KdcSetting { if (udpPort < 1) { udpPort = kdcConfig.getKdcUdpPort(); } + if (udpPort < 1) { + udpPort = getKdcPort(); + } + return udpPort; } http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/impl/AbstractInternalKdcServer.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/impl/AbstractInternalKdcServer.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/impl/AbstractInternalKdcServer.java index 48d8cfc..52ec4d7 100644 --- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/impl/AbstractInternalKdcServer.java +++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/impl/AbstractInternalKdcServer.java @@ -92,7 +92,7 @@ public class AbstractInternalKdcServer implements InternalKdcServer { try { doStop(); } catch (Exception e) { - throw new KrbException("Failed to stop " + getServiceName()); + throw new KrbException("Failed to stop " + getServiceName(), e); } started = false; http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kerb/kerb-server/src/test/java/org/apache/kerby/kerberos/kerb/server/SimpleKdcTest.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-server/src/test/java/org/apache/kerby/kerberos/kerb/server/SimpleKdcTest.java b/kerby-kerb/kerb-server/src/test/java/org/apache/kerby/kerberos/kerb/server/SimpleKdcTest.java index 8861bc5..3a49f75 100644 --- a/kerby-kerb/kerb-server/src/test/java/org/apache/kerby/kerberos/kerb/server/SimpleKdcTest.java +++ b/kerby-kerb/kerb-server/src/test/java/org/apache/kerby/kerberos/kerb/server/SimpleKdcTest.java @@ -19,6 +19,7 @@ */ package org.apache.kerby.kerberos.kerb.server; +import org.apache.kerby.util.NetworkUtil; import org.junit.After; import org.junit.Before; import org.junit.Test; @@ -31,9 +32,8 @@ import java.nio.ByteBuffer; import java.nio.channels.SocketChannel; public class SimpleKdcTest { - private String serverHost = "localhost"; - private int serverPort = 0; + private int serverPort = -1; private KdcServer kdcServer; @@ -41,7 +41,9 @@ public class SimpleKdcTest { public void setUp() throws Exception { kdcServer = new KdcServer(); kdcServer.setKdcHost(serverHost); - serverPort = getServerPort(); + kdcServer.setAllowUdp(false); + kdcServer.setAllowTcp(true); + serverPort = NetworkUtil.getServerPort(); kdcServer.setKdcTcpPort(serverPort); kdcServer.init(); kdcServer.start(); @@ -64,24 +66,6 @@ public class SimpleKdcTest { socketChannel.write(writeBuffer); } - - /** - * Get a server socket point for testing usage, either TCP or UDP. - * @return server socket point - */ - private static int getServerPort() { - int serverPort = 0; - - try { - ServerSocket serverSocket = new ServerSocket(0); - serverPort = serverSocket.getLocalPort(); - serverSocket.close(); - } catch (IOException e) { - throw new RuntimeException("Failed to get a server socket point"); - } - - return serverPort; - } @After public void tearDown() throws Exception { http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kerb/kerb-server/src/test/java/org/apache/kerby/kerberos/kerb/server/TestKdcConfigLoad.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-server/src/test/java/org/apache/kerby/kerberos/kerb/server/TestKdcConfigLoad.java b/kerby-kerb/kerb-server/src/test/java/org/apache/kerby/kerberos/kerb/server/TestKdcConfigLoad.java index 2238b1a..29840bf 100644 --- a/kerby-kerb/kerb-server/src/test/java/org/apache/kerby/kerberos/kerb/server/TestKdcConfigLoad.java +++ b/kerby-kerb/kerb-server/src/test/java/org/apache/kerby/kerberos/kerb/server/TestKdcConfigLoad.java @@ -77,9 +77,7 @@ public class TestKdcConfigLoad { assertThat(kdcConfig.getKdcHost()).isEqualTo( KdcConfigKey.KDC_HOST.getDefaultValue()); - assertThat(kdcConfig.getKdcTcpPort()).isEqualTo( - KdcConfigKey.KDC_TCP_PORT.getDefaultValue() - ); + assertThat(kdcConfig.getKdcTcpPort()).isEqualTo(-1); assertThat(kdcConfig.getKdcRealm()).isEqualTo( KdcConfigKey.KDC_REALM.getDefaultValue() ); http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kerb/kerb-simplekdc/pom.xml ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-simplekdc/pom.xml b/kerby-kerb/kerb-simplekdc/pom.xml index f71b4fc..8b1cdba 100644 --- a/kerby-kerb/kerb-simplekdc/pom.xml +++ b/kerby-kerb/kerb-simplekdc/pom.xml @@ -39,6 +39,11 @@ </dependency> <dependency> <groupId>org.apache.kerby</groupId> + <artifactId>kerb-client</artifactId> + <version>${project.version}</version> + </dependency> + <dependency> + <groupId>org.apache.kerby</groupId> <artifactId>kerb-util</artifactId> <version>${project.version}</version> </dependency> http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kerb/kerb-simplekdc/src/main/java/org/apache/kerby/kerberos/kerb/server/Krb5Conf.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-simplekdc/src/main/java/org/apache/kerby/kerberos/kerb/server/Krb5Conf.java b/kerby-kerb/kerb-simplekdc/src/main/java/org/apache/kerby/kerberos/kerb/server/Krb5Conf.java new file mode 100644 index 0000000..b96ba50 --- /dev/null +++ b/kerby-kerb/kerb-simplekdc/src/main/java/org/apache/kerby/kerberos/kerb/server/Krb5Conf.java @@ -0,0 +1,53 @@ +package org.apache.kerby.kerberos.kerb.server; + +import org.apache.kerby.util.IOUtil; + +import java.io.File; +import java.io.IOException; +import java.io.InputStream; + +/** + * Generate krb5 file using given kdc server settings. + */ +public class Krb5Conf { + private static final String KRB5_CONF = "java.security.krb5.conf"; + private static final String KRB5_CONF_FILE = "krb5.conf"; + private SimpleKdcServer kdcServer; + + public Krb5Conf(SimpleKdcServer kdcServer) { + this.kdcServer = kdcServer; + } + + public void initKrb5conf() throws IOException { + File confFile = generateConfFile(); + System.setProperty(KRB5_CONF, confFile.getAbsolutePath()); + } + + // Read in krb5.conf and substitute in the correct port + private File generateConfFile() throws IOException { + KdcSetting setting = kdcServer.getKdcSetting(); + + String resourcePath = setting.allowUdp() ? "/krb5_udp.conf" : "/krb5.conf"; + InputStream templateResource = getClass().getResourceAsStream(resourcePath); + String templateContent = IOUtil.readInput(templateResource); + + String content = templateContent; + + content = content.replaceAll("_REALM_", "" + setting.getKdcRealm()); + + int kdcPort = setting.allowUdp() ? setting.getKdcUdpPort() : + setting.getKdcTcpPort(); + content = content.replaceAll("_PORT_", + String.valueOf(kdcPort)); + + if (setting.allowUdp()) { + int udpLimit = setting.allowUdp() ? 1 : 4096; + content = content.replaceAll("_UDP_LIMIT_", String.valueOf(udpLimit)); + } + + File confFile = new File(kdcServer.getWorkDir(), KRB5_CONF_FILE); + IOUtil.writeFile(content, confFile); + + return confFile; + } +} http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kerb/kerb-simplekdc/src/main/java/org/apache/kerby/kerberos/kerb/server/SimpleKdcServer.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-simplekdc/src/main/java/org/apache/kerby/kerberos/kerb/server/SimpleKdcServer.java b/kerby-kerb/kerb-simplekdc/src/main/java/org/apache/kerby/kerberos/kerb/server/SimpleKdcServer.java index 18ba81b..6acf37f 100644 --- a/kerby-kerb/kerb-simplekdc/src/main/java/org/apache/kerby/kerberos/kerb/server/SimpleKdcServer.java +++ b/kerby-kerb/kerb-simplekdc/src/main/java/org/apache/kerby/kerberos/kerb/server/SimpleKdcServer.java @@ -21,35 +21,102 @@ package org.apache.kerby.kerberos.kerb.server; import org.apache.kerby.kerberos.kerb.KrbException; import org.apache.kerby.kerberos.kerb.admin.Kadmin; +import org.apache.kerby.kerberos.kerb.client.KrbClient; import org.apache.kerby.util.NetworkUtil; import java.io.File; +import java.io.IOException; /** - * A simple KDC server mainly for test usage. + * A simple KDC server mainly for test usage. It also integrates krb client and + * kadmin sides for convenience. */ public class SimpleKdcServer extends KdcServer { + private final KrbClient krbClnt; private Kadmin kadmin; - /** - * Prepare KDC configuration. - */ - public SimpleKdcServer() { + private File workDir; + + public SimpleKdcServer() throws KrbException { super(); + this.krbClnt = new KrbClient(); + + setKdcRealm("EXAMPLE.COM"); + setKdcHost("localhost"); + setKdcPort(NetworkUtil.getServerPort()); + } - KdcConfig kdcConfig = getKdcConfig(); - kdcConfig.setString(KdcConfigKey.KDC_HOST, "localhost"); - kdcConfig.setInt(KdcConfigKey.KDC_PORT, NetworkUtil.getServerPort()); - kdcConfig.setString(KdcConfigKey.KDC_REALM, "EXAMPLE.COM"); + public void setWorkDir(File workDir) { + this.workDir = workDir; + } + + public File getWorkDir() { + return workDir; + } + + @Override + public void setKdcRealm(String realm) { + super.setKdcRealm(realm); + krbClnt.setKdcRealm(realm); + } + + @Override + public void setKdcHost(String kdcHost) { + super.setKdcHost(kdcHost); + krbClnt.setKdcHost(kdcHost); + } + + @Override + public void setKdcTcpPort(int kdcTcpPort) { + super.setKdcTcpPort(kdcTcpPort); + krbClnt.setKdcTcpPort(kdcTcpPort); + setAllowTcp(true); + } + + @Override + public void setAllowUdp(boolean allowUdp) { + super.setAllowUdp(allowUdp); + krbClnt.setAllowUdp(allowUdp); + } + + @Override + public void setAllowTcp(boolean allowTcp) { + super.setAllowTcp(allowTcp); + krbClnt.setAllowTcp(allowTcp); + } + + @Override + public void setKdcUdpPort(int kdcUdpPort) { + super.setKdcUdpPort(kdcUdpPort); + krbClnt.setKdcUdpPort(kdcUdpPort); + setAllowUdp(true); } @Override public void init() throws KrbException { super.init(); - kadmin = new Kadmin(getSetting(), getIdentityService()); + kadmin = new Kadmin(getKdcSetting(), getIdentityService()); kadmin.createBuiltinPrincipals(); + + try { + Krb5Conf krb5Conf = new Krb5Conf(this); + krb5Conf.initKrb5conf(); + } catch (IOException e) { + throw new KrbException("Failed to make krb5.conf", e); + } + } + + @Override + public void start() throws KrbException { + super.start(); + + krbClnt.init(); + } + + public KrbClient getKrbClient() { + return krbClnt; } /** @@ -60,14 +127,6 @@ public class SimpleKdcServer extends KdcServer { return kadmin; } - public String getKdcRealm() { - return getSetting().getKdcRealm(); - } - - public String getKdcHost() { - return getSetting().getKdcHost(); - } - public void createPrincipal(String principal) throws KrbException { kadmin.addPrincipal(principal); } http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kerb/kerb-simplekdc/src/main/resources/krb5.conf ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-simplekdc/src/main/resources/krb5.conf b/kerby-kerb/kerb-simplekdc/src/main/resources/krb5.conf new file mode 100644 index 0000000..6ee7d8f --- /dev/null +++ b/kerby-kerb/kerb-simplekdc/src/main/resources/krb5.conf @@ -0,0 +1,7 @@ +[libdefaults] + default_realm = _REALM_ + +[realms] + _REALM_ = { + kdc = localhost:_PORT_ + } \ No newline at end of file http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-kerb/kerb-simplekdc/src/main/resources/krb5_udp.conf ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-simplekdc/src/main/resources/krb5_udp.conf b/kerby-kerb/kerb-simplekdc/src/main/resources/krb5_udp.conf new file mode 100644 index 0000000..511587c --- /dev/null +++ b/kerby-kerb/kerb-simplekdc/src/main/resources/krb5_udp.conf @@ -0,0 +1,8 @@ +[libdefaults] + default_realm = _REALM_ + udp_preference_limit = _UDP_LIMIT_ + +[realms] + _REALM_ = { + kdc = localhost:_PORT_ + } \ No newline at end of file http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/lib/kerby-config/src/main/java/org/apache/kerby/config/ConfigImpl.java ---------------------------------------------------------------------- diff --git a/lib/kerby-config/src/main/java/org/apache/kerby/config/ConfigImpl.java b/lib/kerby-config/src/main/java/org/apache/kerby/config/ConfigImpl.java index 92cafe2..9836792 100644 --- a/lib/kerby-config/src/main/java/org/apache/kerby/config/ConfigImpl.java +++ b/lib/kerby-config/src/main/java/org/apache/kerby/config/ConfigImpl.java @@ -229,7 +229,8 @@ public class ConfigImpl implements Config { @Override public Boolean getBoolean(ConfigKey name) { if (name.getDefaultValue() != null) { - return getBoolean(name.getPropertyKey(), (Boolean) name.getDefaultValue()); + return getBoolean(name.getPropertyKey(), + (Boolean) name.getDefaultValue()); } return getBoolean(name.getPropertyKey()); } http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/lib/kerby-util/src/main/java/org/apache/kerby/util/IOUtil.java ---------------------------------------------------------------------- diff --git a/lib/kerby-util/src/main/java/org/apache/kerby/util/IOUtil.java b/lib/kerby-util/src/main/java/org/apache/kerby/util/IOUtil.java index 187b6f2..abfae3d 100644 --- a/lib/kerby-util/src/main/java/org/apache/kerby/util/IOUtil.java +++ b/lib/kerby-util/src/main/java/org/apache/kerby/util/IOUtil.java @@ -26,9 +26,21 @@ import java.nio.channels.FileChannel; /** * Some IO and file related utilities. */ -public class IOUtil { +public final class IOUtil { + private IOUtil() {} - public static void readInputStream(InputStream in, byte buf[]) throws IOException { + public static byte[] readInputStream(InputStream in) throws IOException { + ByteArrayOutputStream baos = new ByteArrayOutputStream(); + byte[] buffer = new byte[1024]; + int length = 0; + while ((length = in.read(buffer)) != -1) { + baos.write(buffer, 0, length); + } + return baos.toByteArray(); + } + + public static void readInputStream(InputStream in, + byte buf[]) throws IOException { int toRead = buf.length; int off = 0; while (toRead > 0) { @@ -42,6 +54,17 @@ public class IOUtil { } /** + * Read an input stream and return the content as string assuming UTF8. + * @param in + * @return + * @throws IOException + */ + public static String readInput(InputStream in) throws IOException { + byte[] content = readInputStream(in); + return Utf8.toString(content); + } + + /** * Read a file and return the content as string assuming UTF8. * @param file * @return
