directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From erodrig...@apache.org
Subject svn commit: r329070 - in /directory/protocol-providers/kerberos/trunk: project.xml src/java/org/apache/kerberos/kdc/KdcConfiguration.java src/java/org/apache/kerberos/kdc/KerberosServer.java
Date Fri, 28 Oct 2005 03:46:31 GMT
Author: erodriguez
Date: Thu Oct 27 20:46:26 2005
New Revision: 329070

URL: http://svn.apache.org/viewcvs?rev=329070&view=rev
Log:
Refactoring in the Kerberos protocol provider:
o  Moved server wrapper out of the OSGi bundle.
o  Cleaned-up configuration.
o  Added deps on MINA 0.8.0 and apacheds-core for configuration.

Added:
    directory/protocol-providers/kerberos/trunk/src/java/org/apache/kerberos/kdc/KerberosServer.java
  (with props)
Modified:
    directory/protocol-providers/kerberos/trunk/project.xml
    directory/protocol-providers/kerberos/trunk/src/java/org/apache/kerberos/kdc/KdcConfiguration.java

Modified: directory/protocol-providers/kerberos/trunk/project.xml
URL: http://svn.apache.org/viewcvs/directory/protocol-providers/kerberos/trunk/project.xml?rev=329070&r1=329069&r2=329070&view=diff
==============================================================================
--- directory/protocol-providers/kerberos/trunk/project.xml (original)
+++ directory/protocol-providers/kerberos/trunk/project.xml Thu Oct 27 20:46:26 2005
@@ -101,12 +101,18 @@
     <dependency>
       <groupId>directory-network</groupId>
       <artifactId>mina</artifactId>
-      <version>0.7.3</version>
+      <version>0.8.0</version>
     </dependency>
     <dependency>
       <groupId>directory-asn1</groupId>
       <artifactId>asn1-der</artifactId>
       <version>0.3.3-SNAPSHOT</version>
+    </dependency>
+    <dependency>
+      <!-- required to load Configuration and LDIFs -->
+      <groupId>directory</groupId>
+      <artifactId>apacheds-core</artifactId>
+      <version>0.9.3-SNAPSHOT</version>
     </dependency>
     <dependency>
       <groupId>junit</groupId>

Modified: directory/protocol-providers/kerberos/trunk/src/java/org/apache/kerberos/kdc/KdcConfiguration.java
URL: http://svn.apache.org/viewcvs/directory/protocol-providers/kerberos/trunk/src/java/org/apache/kerberos/kdc/KdcConfiguration.java?rev=329070&r1=329069&r2=329070&view=diff
==============================================================================
--- directory/protocol-providers/kerberos/trunk/src/java/org/apache/kerberos/kdc/KdcConfiguration.java
(original)
+++ directory/protocol-providers/kerberos/trunk/src/java/org/apache/kerberos/kdc/KdcConfiguration.java
Thu Oct 27 20:46:26 2005
@@ -18,74 +18,196 @@
 package org.apache.kerberos.kdc;
 
 import java.util.ArrayList;
-import java.util.Hashtable;
+import java.util.Dictionary;
+import java.util.HashMap;
 import java.util.Iterator;
 import java.util.List;
-import java.util.Properties;
+import java.util.Map;
 
 import javax.security.auth.kerberos.KerberosPrincipal;
 
 import org.apache.kerberos.crypto.encryption.EncryptionType;
+import org.apache.ldap.server.DirectoryService;
+import org.apache.ldap.server.configuration.ConfigurationException;
+import org.apache.protocol.common.LoadStrategy;
+import org.apache.protocol.common.ServiceConfiguration;
 
-public class KdcConfiguration
+public class KdcConfiguration extends ServiceConfiguration
 {
-    /** the prop key const for kdc.primary.realm */
-    private static final String KDC_PRIMARY_REALM_KEY = "kdc.primary.realm";
+    /** the prop key const for kdc principal */
+    public static final String PRINCIPAL_KEY = "principal";
 
-    /** the prop key const for kdc.principal */
-    private static final String KDC_PRINCIPAL_KEY = "kdc.principal";
+    /** the prop key const for the kdc's primary realm */
+    public static final String REALM_KEY = "realm";
 
-    /** the prop key const for kdc.port */
-    public static final String KDC_PORT_KEY = "kdc.port";
+    /** the prop key const for encryption types */
+    public static final String ENCRYPTION_TYPES_KEY = "encryption.types";
 
-    /** the default kdc realm */
-    private static final String KDC_DEFAULT_REALM = "EXAMPLE.COM";
+    /** the prop key const for allowable clockskew */
+    public static final String ALLOWABLE_CLOCKSKEW_KEY = "allowable.clockskew";
+
+    /** the prop key const for empty addresses allowed */
+    public static final String EMPTY_ADDRESSES_ALLOWED_KEY = "empty.addresses.allowed";
+
+    /** the prop key const for requiring encrypted timestamps */
+    public static final String PA_ENC_TIMESTAMP_REQUIRED_KEY = "pa.enc.timestamp.required";
+
+    /** the prop key const for the maximum ticket lifetime */
+    public static final String TGS_MAXIMUM_TICKET_LIFETIME_KEY = "tgs.maximum.ticket.lifetime";
+
+    /** the prop key const for the maximum renewable lifetime */
+    public static final String TGS_MAXIMUM_RENEWABLE_LIFETIME_KEY = "tgs.maximum.renewable.lifetime";
+
+    /** the prop key const for allowing forwardable tickets */
+    public static final String TGS_FORWARDABLE_ALLOWED_KEY = "tgs.forwardable.allowed";
+
+    /** the prop key const for allowing proxiable tickets */
+    public static final String TGS_PROXIABLE_ALLOWED_KEY = "tgs.proxiable.allowed";
+
+    /** the prop key const for allowing postdated tickets */
+    public static final String TGS_POSTDATE_ALLOWED_KEY = "tgs.postdate.allowed";
+
+    /** the prop key const for allowing renewable tickets */
+    public static final String TGS_RENEWABLE_ALLOWED_KEY = "tgs.renewable.allowed";
 
     /** the default kdc principal */
-    private static final String KDC_DEFAULT_PRINCIPAL = "krbtgt/EXAMPLE.COM@EXAMPLE.COM";
+    private static final String DEFAULT_PRINCIPAL = "krbtgt/EXAMPLE.COM@EXAMPLE.COM";
+
+    /** the default kdc realm */
+    private static final String DEFAULT_REALM = "EXAMPLE.COM";
 
     /** the default kdc port */
-    public static final int KDC_DEFAULT_PORT = 88;
+    private static final String DEFAULT_IP_PORT = "88";
+
+    /** the default allowable clockskew */
+    private static final long DEFAULT_ALLOWABLE_CLOCKSKEW = 5 * MINUTE;
+
+    /** the default encryption types */
+    private static final String[] DEFAULT_ENCRYPTION_TYPES = new String[] { "des-cbc-md5"
};
+
+    /** the default for allowing empty addresses */
+    private static final boolean DEFAULT_EMPTY_ADDRESSES_ALLOWED = true;
+
+    /** the default for requiring encrypted timestamps */
+    private static final boolean DEFAULT_PA_ENC_TIMESTAMP_REQUIRED = true;
+
+    /** the default for the maximum ticket lifetime */
+    private static final int DEFAULT_TGS_MAXIMUM_TICKET_LIFETIME = MINUTE * 1440;
+
+    /** the default for the maximum renewable lifetime */
+    private static final int DEFAULT_TGS_MAXIMUM_RENEWABLE_LIFETIME = MINUTE * 10080;
+
+    /** the default for allowing forwardable tickets */
+    private static final boolean DEFAULT_TGS_FORWARDABLE_ALLOWED = true;
+
+    /** the default for allowing proxiable tickets */
+    private static final boolean DEFAULT_TGS_PROXIABLE_ALLOWED = true;
+
+    /** the default for allowing postdatable tickets */
+    private static final boolean DEFAULT_TGS_POSTDATE_ALLOWED = true;
+
+    /** the default for allowing renewable tickets */
+    private static final boolean DEFAULT_TGS_RENEWABLE_ALLOWED = true;
+
+    private static final String DEFAULT_PID = "org.apache.kerberos";
+    private static final String DEFAULT_NAME = "Apache Kerberos Service";
+    private static final String DEFAULT_PREFIX = "kdc.";
 
-    private static final int BUFFER_SIZE = 1024;
-    private static final int MINUTE = 60000;
-    private final Properties properties = new Properties();
     private EncryptionType[] encryptionTypes;
 
+    /**
+     * Creates a new instance with default settings.
+     */
     public KdcConfiguration()
     {
-        prepareEncryptionTypes();
+        this( getDefaultConfig(), LoadStrategy.LDAP );
     }
 
-    public KdcConfiguration(Properties properties)
+    /**
+     * Creates a new instance with default settings that operates on the
+     * {@link DirectoryService} with the specified ID.
+     */
+    public KdcConfiguration( String instanceId )
     {
-        this.properties.putAll(properties);
+        this( getDefaultConfig(), LoadStrategy.LDAP );
+        setInstanceId( instanceId );
+    }
+
+    public KdcConfiguration( Map properties )
+    {
+        this( properties, LoadStrategy.LDAP );
+    }
+
+    public KdcConfiguration( Map properties, int strategy )
+    {
+        if ( properties == null )
+        {
+            configuration = getDefaultConfig();
+        }
+        else
+        {
+            loadProperties( DEFAULT_PREFIX, properties, strategy );
+        }
+
+        int port = getPort();
+
+        if ( port < 1 || port > 0xFFFF )
+        {
+            throw new ConfigurationException( "Invalid value:  " + IP_PORT_KEY + "=" + port
);
+        }
 
         prepareEncryptionTypes();
     }
 
+    public static Map getDefaultConfig()
+    {
+        Map defaults = new HashMap();
+
+        defaults.put( SERVICE_PID, DEFAULT_PID );
+        defaults.put( IP_PORT_KEY, DEFAULT_IP_PORT );
+
+        return defaults;
+    }
+
+    public boolean isDifferent( Dictionary config )
+    {
+        int port = getPort();
+
+        if ( port == Integer.parseInt( (String) config.get( IP_PORT_KEY ) ) )
+        {
+            return false;
+        }
+
+        return true;
+    }
+
+    public String getName()
+    {
+        return DEFAULT_NAME;
+    }
+
     public String getPrimaryRealm()
     {
-        String key = KDC_PRIMARY_REALM_KEY;
+        String key = REALM_KEY;
 
-        if (properties.containsKey(key))
+        if ( configuration.containsKey( key ) )
         {
-            return properties.getProperty(key);
+            return get( key );
         }
 
-        return KDC_DEFAULT_REALM;
+        return DEFAULT_REALM;
     }
 
     public KerberosPrincipal getKdcPrincipal()
     {
-        String key = KDC_PRINCIPAL_KEY;
+        String key = PRINCIPAL_KEY;
 
-        if (properties.containsKey(key))
+        if ( configuration.containsKey( key ) )
         {
-            return new KerberosPrincipal(properties.getProperty(key));
+            return new KerberosPrincipal( get( key ) );
         }
 
-        return new KerberosPrincipal(KDC_DEFAULT_PRINCIPAL);
+        return new KerberosPrincipal( DEFAULT_PRINCIPAL );
     }
 
     public EncryptionType[] getEncryptionTypes()
@@ -93,181 +215,180 @@
         return encryptionTypes;
     }
 
-    public Hashtable getProperties()
+    public Map getProperties()
     {
         // Request that the krb5key value be returned as binary
+        configuration.put( "java.naming.ldap.attributes.binary", "krb5Key" );
 
-        properties.setProperty("java.naming.ldap.attributes.binary", "krb5Key");
-
-        return properties;
+        return configuration;
     }
 
     public long getClockSkew()
     {
-        String key = "kdc.allowable.clockskew";
+        String key = ALLOWABLE_CLOCKSKEW_KEY;
 
-        if (properties.containsKey(key))
+        if ( configuration.containsKey( key ) )
         {
-            return MINUTE * Long.parseLong(properties.getProperty(key));
+            return MINUTE * Long.parseLong( get( key ) );
         }
 
-        return MINUTE * 5;
+        return DEFAULT_ALLOWABLE_CLOCKSKEW;
     }
 
-    public long getMaximumTicketLifetime()
+    public int getPort()
     {
-        String key = "tgs.maximum.ticket.lifetime";
+        String key = IP_PORT_KEY;
 
-        if (properties.containsKey(key))
+        if ( configuration.containsKey( key ) )
         {
-            return MINUTE * Long.parseLong(properties.getProperty(key));
+            return Integer.parseInt( get( key ) );
         }
 
-        return MINUTE * 1440;
+        return Integer.parseInt( DEFAULT_IP_PORT );
     }
 
-    public long getMaximumRenewableLifetime()
+    public int getBufferSize()
     {
-        String key = "tgs.maximum.renewable.lifetime";
+        String key = BUFFER_SIZE_KEY;
 
-        if (properties.containsKey(key))
+        if ( configuration.containsKey( key ) )
         {
-            return MINUTE * Long.parseLong(properties.getProperty(key));
+            return Integer.parseInt( get( key ) );
         }
 
-        return MINUTE * 10080;
+        return DEFAULT_BUFFER_SIZE;
     }
 
-    public int getDefaultPort()
+    public boolean isPaEncTimestampRequired()
     {
-        String key = KDC_PORT_KEY;
+        String key = PA_ENC_TIMESTAMP_REQUIRED_KEY;
 
-        if (properties.containsKey(key))
+        if ( configuration.containsKey( key ) )
         {
-            return Integer.parseInt(properties.getProperty(key));
+            return "true".equalsIgnoreCase( get( key ) );
         }
 
-        return KDC_DEFAULT_PORT;
+        return DEFAULT_PA_ENC_TIMESTAMP_REQUIRED;
     }
 
-    public int getBufferSize()
+    public long getMaximumTicketLifetime()
     {
-        String key = "kdc.buffer.size";
+        String key = TGS_MAXIMUM_TICKET_LIFETIME_KEY;
 
-        if (properties.containsKey(key))
+        if ( configuration.containsKey( key ) )
         {
-            return Integer.parseInt(properties.getProperty(key));
+            return MINUTE * Long.parseLong( get( key ) );
         }
 
-        return BUFFER_SIZE;
+        return DEFAULT_TGS_MAXIMUM_TICKET_LIFETIME;
     }
 
-    public boolean isPaEncTimestampRequired()
+    public long getMaximumRenewableLifetime()
     {
-        String key = "kdc.pa.enc.timestamp.required";
+        String key = TGS_MAXIMUM_RENEWABLE_LIFETIME_KEY;
 
-        if (properties.containsKey(key))
+        if ( configuration.containsKey( key ) )
         {
-            return "true".equalsIgnoreCase(properties.getProperty(key));
+            return MINUTE * Long.parseLong( get( key ) );
         }
 
-        return true;
+        return DEFAULT_TGS_MAXIMUM_RENEWABLE_LIFETIME;
     }
 
     public boolean isEmptyAddressesAllowed()
     {
-        String key = "tgs.empty.addresses.allowed";
+        String key = EMPTY_ADDRESSES_ALLOWED_KEY;
 
-        if (properties.containsKey(key))
+        if ( configuration.containsKey( key ) )
         {
-            return "true".equalsIgnoreCase(properties.getProperty(key));
+            return "true".equalsIgnoreCase( get( key ) );
         }
 
-        return true;
+        return DEFAULT_EMPTY_ADDRESSES_ALLOWED;
     }
 
     public boolean isForwardableAllowed()
     {
-        String key = "tgs.forwardable.allowed";
+        String key = TGS_FORWARDABLE_ALLOWED_KEY;
 
-        if (properties.containsKey(key))
+        if ( configuration.containsKey( key ) )
         {
-            return "true".equalsIgnoreCase(properties.getProperty(key));
+            return "true".equalsIgnoreCase( get( key ) );
         }
 
-        return true;
+        return DEFAULT_TGS_FORWARDABLE_ALLOWED;
     }
 
     public boolean isProxiableAllowed()
     {
-        String key = "tgs.proxiable.allowed";
+        String key = TGS_PROXIABLE_ALLOWED_KEY;
 
-        if (properties.containsKey(key))
+        if ( configuration.containsKey( key ) )
         {
-            return "true".equalsIgnoreCase(properties.getProperty(key));
+            return "true".equalsIgnoreCase( get( key ) );
         }
 
-        return true;
+        return DEFAULT_TGS_PROXIABLE_ALLOWED;
     }
 
     public boolean isPostdateAllowed()
     {
-        String key = "tgs.postdate.allowed";
+        String key = TGS_POSTDATE_ALLOWED_KEY;
 
-        if (properties.containsKey(key))
+        if ( configuration.containsKey( key ) )
         {
-            return "true".equalsIgnoreCase(properties.getProperty(key));
+            return "true".equalsIgnoreCase( get( key ) );
         }
 
-        return true;
+        return DEFAULT_TGS_POSTDATE_ALLOWED;
     }
 
     public boolean isRenewableAllowed()
     {
-        String key = "tgs.renewable.allowed";
+        String key = TGS_RENEWABLE_ALLOWED_KEY;
 
-        if (properties.containsKey(key))
+        if ( configuration.containsKey( key ) )
         {
-            return "true".equalsIgnoreCase(properties.getProperty(key));
+            return "true".equalsIgnoreCase( get( key ) );
         }
 
-        return true;
+        return DEFAULT_TGS_RENEWABLE_ALLOWED;
     }
 
     private void prepareEncryptionTypes()
     {
         String[] encryptionTypeStrings = null;
 
-        String key = "kdc.encryption.types";
+        String key = ENCRYPTION_TYPES_KEY;
 
-        if (properties.containsKey(key))
+        if ( configuration.containsKey( key ) )
         {
-            encryptionTypeStrings = (properties.getProperty(key)).split("\\s");
+            encryptionTypeStrings = ( get( key ) ).split( "\\s" );
         }
         else
         {
-            encryptionTypeStrings = new String[] { "des-cbc-md5" };
+            encryptionTypeStrings = DEFAULT_ENCRYPTION_TYPES;
         }
 
         List encTypes = new ArrayList();
 
-        for (int i = 0; i < encryptionTypeStrings.length; i++)
+        for ( int i = 0; i < encryptionTypeStrings.length; i++ )
         {
-            String enc = encryptionTypeStrings[i];
+            String enc = encryptionTypeStrings[ i ];
 
             Iterator it = EncryptionType.VALUES.iterator();
 
-            while (it.hasNext())
+            while ( it.hasNext() )
             {
                 EncryptionType type = (EncryptionType) it.next();
 
-                if (type.toString().equalsIgnoreCase(enc))
+                if ( type.toString().equalsIgnoreCase( enc ) )
                 {
-                    encTypes.add(type);
+                    encTypes.add( type );
                 }
             }
         }
 
-        encryptionTypes = (EncryptionType[]) encTypes.toArray(new EncryptionType[encTypes.size()]);
+        encryptionTypes = (EncryptionType[]) encTypes.toArray( new EncryptionType[ encTypes.size()
] );
     }
 }

Added: directory/protocol-providers/kerberos/trunk/src/java/org/apache/kerberos/kdc/KerberosServer.java
URL: http://svn.apache.org/viewcvs/directory/protocol-providers/kerberos/trunk/src/java/org/apache/kerberos/kdc/KerberosServer.java?rev=329070&view=auto
==============================================================================
--- directory/protocol-providers/kerberos/trunk/src/java/org/apache/kerberos/kdc/KerberosServer.java
(added)
+++ directory/protocol-providers/kerberos/trunk/src/java/org/apache/kerberos/kdc/KerberosServer.java
Thu Oct 27 20:46:26 2005
@@ -0,0 +1,96 @@
+/*
+ *   Copyright 2005 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+
+package org.apache.kerberos.kdc;
+
+import java.io.IOException;
+import java.util.Dictionary;
+
+import org.apache.kerberos.protocol.KerberosProtocolProvider;
+import org.apache.kerberos.store.PrincipalStore;
+import org.apache.mina.common.TransportType;
+import org.apache.mina.protocol.ProtocolProvider;
+import org.apache.mina.registry.Service;
+import org.apache.mina.registry.ServiceRegistry;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * A wrapper encapsulating configuration, a MINA registry, and a PrincipalStore
+ * to implement a complete Kerberos server. 
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev$, $Date$
+ */
+public class KerberosServer
+{
+    /** the log for this class */
+    private static final Logger log = LoggerFactory.getLogger( KerberosServer.class );
+
+    private KdcConfiguration config;
+    private ServiceRegistry registry;
+    private PrincipalStore store;
+
+    private ProtocolProvider provider;
+    private Service tcpService;
+    private Service udpService;
+
+    public KerberosServer( KdcConfiguration config, ServiceRegistry registry, PrincipalStore
store )
+    {
+        this.config = config;
+        this.registry = registry;
+        this.store = store;
+
+        String name = config.getName();
+        int port = config.getPort();
+
+        try
+        {
+            provider = new KerberosProtocolProvider( new KdcConfiguration(), this.store );
+
+            udpService = new Service( name, TransportType.DATAGRAM, port );
+            tcpService = new Service( name, TransportType.SOCKET, port );
+
+            registry.bind( udpService, provider );
+            registry.bind( tcpService, provider );
+
+            log.debug( name + " listening on port " + port );
+        }
+        catch ( IOException ioe )
+        {
+            log.error( ioe.getMessage(), ioe );
+        }
+    }
+
+    public boolean isDifferent( Dictionary newConfig )
+    {
+        return config.isDifferent( newConfig );
+    }
+
+    public void destroy()
+    {
+        registry.unbind( udpService );
+        registry.unbind( tcpService );
+
+        registry = null;
+        provider = null;
+        udpService = null;
+        tcpService = null;
+
+        log.debug( config.getName() + " has stopped listening on port " + config.getPort()
);
+    }
+}

Propchange: directory/protocol-providers/kerberos/trunk/src/java/org/apache/kerberos/kdc/KerberosServer.java
------------------------------------------------------------------------------
    svn:eol-style = native



Mime
View raw message