directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dran...@apache.org
Subject [16/50] [abbrv] directory-kerberos git commit: Many changes with newname
Date Thu, 22 Jan 2015 00:56:40 GMT
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/ComplexAttribute.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/ComplexAttribute.java b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/ComplexAttribute.java
new file mode 100644
index 0000000..d56bb66
--- /dev/null
+++ b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/ComplexAttribute.java
@@ -0,0 +1,42 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.identity;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+public class ComplexAttribute extends Attribute {
+    private List<String> values;
+
+    public ComplexAttribute(String name) {
+        super(name);
+        this.values = new ArrayList<String>(1);
+    }
+
+    public List<String> getValues() {
+        return Collections.unmodifiableList(values);
+    }
+
+    public void setValues(List<String> values) {
+        this.values.clear();
+        this.values.addAll(values);
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/Identity.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/Identity.java b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/Identity.java
new file mode 100644
index 0000000..18da5f8
--- /dev/null
+++ b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/Identity.java
@@ -0,0 +1,67 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.identity;
+
+import java.util.*;
+
+public class Identity {
+    private String name;
+    private Map<String, Attribute> attributes;
+
+    public Identity(String name) {
+        this.name = name;
+        this.attributes = new HashMap<String, Attribute>();
+    }
+
+    public String getName() {
+        return name;
+    }
+
+    public void setName(String name) {
+        this.name = name;
+    }
+
+    public void addAttribute(String name, String value) {
+        attributes.put(name, new SimpleAttribute(name, value));
+    }
+
+    public void addAttribute(Attribute attribute) {
+        attributes.put(attribute.getName(), attribute);
+    }
+
+    public Set<String> getAttributes() {
+        return Collections.unmodifiableSet(attributes.keySet());
+    }
+
+    public String getSimpleAttribute(String name) {
+        Attribute attr = attributes.get(name);
+        if (! (attr instanceof SimpleAttribute)) {
+            throw new RuntimeException("Not simple attribute");
+        }
+        return ((SimpleAttribute) attr).getValue();
+    }
+
+    public void setAttributes(List<Attribute> attributes) {
+        this.attributes.clear();
+        for (Attribute attr : attributes) {
+            addAttribute(attr);
+        }
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/IdentityService.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/IdentityService.java b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/IdentityService.java
new file mode 100644
index 0000000..96efea5
--- /dev/null
+++ b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/IdentityService.java
@@ -0,0 +1,31 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.identity;
+
+import java.util.List;
+
+public interface IdentityService {
+    public List<KrbIdentity> getIdentities();
+    public boolean checkIdentity(String name);
+    public KrbIdentity getIdentity(String name);
+    public void addIdentity(KrbIdentity identity);
+    public void updateIdentity(KrbIdentity identity);
+    public void deleteIdentity(KrbIdentity identity);
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/KrbAttributes.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/KrbAttributes.java b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/KrbAttributes.java
new file mode 100644
index 0000000..008eb1b
--- /dev/null
+++ b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/KrbAttributes.java
@@ -0,0 +1,25 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.identity;
+
+public class KrbAttributes {
+    public static final String PRINCIPAL = "principal";
+    public static final String PASSWORD = "password";
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/KrbIdentity.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/KrbIdentity.java b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/KrbIdentity.java
new file mode 100644
index 0000000..8acd430
--- /dev/null
+++ b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/KrbIdentity.java
@@ -0,0 +1,126 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.identity;
+
+import org.apache.kerby.kerberos.kerb.spec.KerberosTime;
+import org.apache.kerby.kerberos.kerb.spec.common.EncryptionKey;
+import org.apache.kerby.kerberos.kerb.spec.common.EncryptionType;
+import org.apache.kerby.kerberos.kerb.spec.common.PrincipalName;
+
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+public class KrbIdentity {
+    private String principalName;
+    private PrincipalName principal;
+    private int keyVersion = 1;
+    private int kdcFlags = 0;
+    private boolean disabled = false;
+    private boolean locked = false;
+    private KerberosTime expireTime = KerberosTime.NEVER;
+    private KerberosTime createdTime = KerberosTime.now();
+
+    private Map<EncryptionType, EncryptionKey> keys =
+            new HashMap<EncryptionType, EncryptionKey>();
+
+    public KrbIdentity(String principalName) {
+        this.principalName = principalName;
+        this.principal = new PrincipalName(principalName);
+    }
+
+    public String getPrincipalName() {
+        return principalName;
+    }
+
+    public void setPrincipal(PrincipalName principal) {
+        this.principal = principal;
+    }
+
+    public PrincipalName getPrincipal() {
+        return principal;
+    }
+
+    public void setKeyVersion(int keyVersion) {
+        this.keyVersion = keyVersion;
+    }
+
+    public void setKdcFlags(int kdcFlags) {
+        this.kdcFlags = kdcFlags;
+    }
+
+    public void setDisabled(boolean disabled) {
+        this.disabled = disabled;
+    }
+
+    public void setLocked(boolean locked) {
+        this.locked = locked;
+    }
+
+    public void setExpireTime(KerberosTime expireTime) {
+        this.expireTime = expireTime;
+    }
+
+    public KerberosTime getExpireTime() {
+        return expireTime;
+    }
+
+    public KerberosTime getCreatedTime() {
+        return createdTime;
+    }
+
+    public void setCreatedTime(KerberosTime createdTime) {
+        this.createdTime = createdTime;
+    }
+
+    public boolean isDisabled() {
+        return disabled;
+    }
+
+    public boolean isLocked() {
+        return locked;
+    }
+
+    public void addKey(EncryptionKey encKey) {
+        keys.put(encKey.getKeyType(), encKey);
+    }
+
+    public void addKeys(List<EncryptionKey> encKeys) {
+        for (EncryptionKey key : encKeys) {
+            keys.put(key.getKeyType(), key);
+        }
+    }
+
+    public Map<EncryptionType, EncryptionKey> getKeys() {
+        return keys;
+    }
+
+    public EncryptionKey getKey(EncryptionType encType) {
+        return keys.get(encType);
+    }
+
+    public int getKdcFlags() {
+        return kdcFlags;
+    }
+
+    public int getKeyVersion() {
+        return keyVersion;
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/SimpleAttribute.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/SimpleAttribute.java b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/SimpleAttribute.java
new file mode 100644
index 0000000..53add12
--- /dev/null
+++ b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/SimpleAttribute.java
@@ -0,0 +1,37 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.identity;
+
+public class SimpleAttribute extends Attribute {
+    private String value;
+
+    public SimpleAttribute(String name, String value) {
+        super(name);
+        this.value = value;
+    }
+
+    public String getValue() {
+        return value;
+    }
+
+    public void setValue(String value) {
+        this.value = value;
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/AbstractIdentityBackend.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/AbstractIdentityBackend.java b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/AbstractIdentityBackend.java
new file mode 100644
index 0000000..3342afd
--- /dev/null
+++ b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/AbstractIdentityBackend.java
@@ -0,0 +1,26 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.identity.backend;
+
+import org.apache.kerby.kerberos.kerb.identity.IdentityService;
+
+public abstract class AbstractIdentityBackend implements IdentityService {
+
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/InMemoryIdentityBackend.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/InMemoryIdentityBackend.java b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/InMemoryIdentityBackend.java
new file mode 100644
index 0000000..3ef6140
--- /dev/null
+++ b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/InMemoryIdentityBackend.java
@@ -0,0 +1,76 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.identity.backend;
+
+import org.apache.kerby.kerberos.kerb.identity.KrbIdentity;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+public class InMemoryIdentityBackend extends AbstractIdentityBackend {
+
+    private Map<String, KrbIdentity> identities;
+
+    public InMemoryIdentityBackend() {
+        this.identities = new HashMap<String, KrbIdentity>();
+    }
+
+    public InMemoryIdentityBackend(Map<String, KrbIdentity> identities) {
+        this();
+        this.identities.putAll(identities);
+    }
+
+    @Override
+    public List<KrbIdentity> getIdentities() {
+        List<KrbIdentity> results = new ArrayList<KrbIdentity>(identities.size());
+        results.addAll(identities.values());
+        return results;
+    }
+
+    @Override
+    public boolean checkIdentity(String name) {
+        return identities.containsKey(name);
+    }
+
+    @Override
+    public KrbIdentity getIdentity(String name) {
+        if (identities.containsKey(name)) {
+            return identities.get(name);
+        }
+        return null;
+    }
+
+    @Override
+    public void addIdentity(KrbIdentity identity) {
+        identities.put(identity.getPrincipalName(), identity);
+    }
+
+    @Override
+    public void updateIdentity(KrbIdentity identity) {
+        identities.put(identity.getPrincipalName(), identity);
+    }
+
+    @Override
+    public void deleteIdentity(KrbIdentity identity) {
+        identities.remove(identity.getPrincipalName());
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/SimpleIdentityBackend.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/SimpleIdentityBackend.java b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/SimpleIdentityBackend.java
new file mode 100644
index 0000000..df7a0dd
--- /dev/null
+++ b/kerby-kerb/kerb-identity/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/SimpleIdentityBackend.java
@@ -0,0 +1,46 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.identity.backend;
+
+import java.io.File;
+
+public class SimpleIdentityBackend extends InMemoryIdentityBackend {
+
+    private File identityFile;
+
+    public SimpleIdentityBackend(File identityFile) {
+        super();
+        this.identityFile = identityFile;
+    }
+
+    /**
+     * Load identities from file
+     */
+    public void load() {
+        // todo
+    }
+
+    /**
+     * Persist the updated identities back
+     */
+    public void save() {
+        // todo
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-kdc-test/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/pom.xml b/kerby-kerb/kerb-kdc-test/pom.xml
new file mode 100644
index 0000000..905337b
--- /dev/null
+++ b/kerby-kerb/kerb-kdc-test/pom.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed under the Apache License, Version 2.0 (the "License");
+  you may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License. See accompanying LICENSE file.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+
+  <parent>
+    <groupId>org.apache.kerby</groupId>
+    <artifactId>kerby-kerb</artifactId>
+    <version>1.0-SNAPSHOT</version>
+  </parent>
+
+  <artifactId>kerb-kdc-test</artifactId>
+
+  <name>Kerby-kerb-KdcTest</name>
+  <description>Kerby-kerb Kdc Test</description>
+
+  <dependencies>
+    <dependency>
+      <groupId>org.apache.kerby</groupId>
+      <artifactId>kerby-config</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.kerby</groupId>
+      <artifactId>kerb-core</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.kerby</groupId>
+      <artifactId>kerb-util</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.kerby</groupId>
+      <artifactId>kerb-server</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.kerby</groupId>
+      <artifactId>kerb-client</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.kerby</groupId>
+      <artifactId>kerby-pkix</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+  </dependencies>
+</project>

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-kdc-test/src/main/java/org/apache/kerby/kerberos/kerb/server/TestKdcServer.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/src/main/java/org/apache/kerby/kerberos/kerb/server/TestKdcServer.java b/kerby-kerb/kerb-kdc-test/src/main/java/org/apache/kerby/kerberos/kerb/server/TestKdcServer.java
new file mode 100644
index 0000000..3720317
--- /dev/null
+++ b/kerby-kerb/kerb-kdc-test/src/main/java/org/apache/kerby/kerberos/kerb/server/TestKdcServer.java
@@ -0,0 +1,122 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.server;
+
+import org.apache.kerby.kerberos.kerb.common.EncryptionUtil;
+import org.apache.kerby.kerberos.kerb.identity.KrbIdentity;
+import org.apache.kerby.kerberos.kerb.keytab.Keytab;
+import org.apache.kerby.kerberos.kerb.keytab.KeytabEntry;
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.spec.KerberosTime;
+import org.apache.kerby.kerberos.kerb.spec.common.EncryptionKey;
+import org.apache.kerby.kerberos.kerb.spec.common.EncryptionType;
+import org.apache.kerby.kerberos.kerb.spec.common.PrincipalName;
+
+import java.io.File;
+import java.io.IOException;
+import java.util.List;
+import java.util.Properties;
+import java.util.UUID;
+
+public class TestKdcServer extends SimpleKdcServer {
+
+    public static final String ORG_DOMAIN = KdcConfigKey.KDC_DOMAIN.getPropertyKey();
+    public static final String KDC_REALM = KdcConfigKey.KDC_REALM.getPropertyKey();
+    public static final String KDC_HOST = KdcConfigKey.KDC_HOST.getPropertyKey();
+    public static final String KDC_TCP_PORT = KdcConfigKey.KDC_TCP_PORT.getPropertyKey();
+    public static final String WORK_DIR = KdcConfigKey.WORK_DIR.getPropertyKey();
+
+    private static final Properties DEFAULT_CONFIG = new Properties();
+    static {
+        DEFAULT_CONFIG.setProperty(KDC_HOST, "localhost");
+        DEFAULT_CONFIG.setProperty(KDC_TCP_PORT, "8018");
+        DEFAULT_CONFIG.setProperty(ORG_DOMAIN, "test.com");
+        DEFAULT_CONFIG.setProperty(KDC_REALM, "TEST.COM");
+    }
+
+    public static Properties createConf() {
+        return (Properties) DEFAULT_CONFIG.clone();
+    }
+
+    public TestKdcServer() {
+        this(createConf());
+    }
+
+    public TestKdcServer(Properties conf) {
+        super();
+        getConfig().getConf().addPropertiesConfig(conf);
+    }
+
+    @Override
+    public void init() {
+        super.init();
+
+        createPrincipals("krbtgt");
+    }
+
+    public String getKdcRealm() {
+        return getConfig().getKdcRealm();
+    }
+
+    public synchronized void createPrincipal(String principal, String password) {
+        KrbIdentity identity = new KrbIdentity(principal);
+        List<EncryptionType> encTypes = getConfig().getEncryptionTypes();
+        List<EncryptionKey> encKeys = null;
+        try {
+            encKeys = EncryptionUtil.generateKeys(fixPrincipal(principal), password, encTypes);
+        } catch (KrbException e) {
+            throw new RuntimeException("Failed to generate encryption keys", e);
+        }
+        identity.addKeys(encKeys);
+        getIdentityService().addIdentity(identity);
+    }
+
+    public void createPrincipals(String ... principals) {
+        String passwd;
+        for (String principal : principals) {
+            passwd = UUID.randomUUID().toString();
+            createPrincipal(fixPrincipal(principal), passwd);
+        }
+    }
+
+    private String fixPrincipal(String principal) {
+        if (! principal.contains("@")) {
+            principal += "@" + getKdcRealm();
+        }
+        return principal;
+    }
+
+    public void exportPrincipals(File keytabFile) throws IOException {
+        Keytab keytab = new Keytab();
+
+        List<KrbIdentity> identities = getIdentityService().getIdentities();
+        for (KrbIdentity identity : identities) {
+            PrincipalName principal = identity.getPrincipal();
+            KerberosTime timestamp = new KerberosTime();
+            for (EncryptionType encType : identity.getKeys().keySet()) {
+                EncryptionKey ekey = identity.getKeys().get(encType);
+                int keyVersion = ekey.getKvno();
+                keytab.addEntry(new KeytabEntry(principal, timestamp, keyVersion, ekey));
+            }
+        }
+
+        keytab.store(keytabFile);
+    }
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-kdc-test/src/main/resources/cacert.pem
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/src/main/resources/cacert.pem b/kerby-kerb/kerb-kdc-test/src/main/resources/cacert.pem
new file mode 100644
index 0000000..6b91561
--- /dev/null
+++ b/kerby-kerb/kerb-kdc-test/src/main/resources/cacert.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID6zCCAtOgAwIBAgIJAMrZoeDxTzwWMA0GCSqGSIb3DQEBBQUAMIGLMQswCQYD
+VQQGEwJjaDERMA8GA1UECAwIc2hhbmdoYWkxETAPBgNVBAcMCHNoYW5naGFpMQ4w
+DAYDVQQKDAVpbnRlbDEQMA4GA1UECwwHYmlnZGF0YTEQMA4GA1UEAwwHYmlnZGF0
+YTEiMCAGCSqGSIb3DQEJARYTa2FpLnpoZW5nQGludGVsLmNvbTAeFw0xNDA1MTMx
+MzEzMjdaFw0yNDA1MTAxMzEzMjdaMIGLMQswCQYDVQQGEwJjaDERMA8GA1UECAwI
+c2hhbmdoYWkxETAPBgNVBAcMCHNoYW5naGFpMQ4wDAYDVQQKDAVpbnRlbDEQMA4G
+A1UECwwHYmlnZGF0YTEQMA4GA1UEAwwHYmlnZGF0YTEiMCAGCSqGSIb3DQEJARYT
+a2FpLnpoZW5nQGludGVsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAMCznJJ02ZUjCPvAwnBmfPs0akb5QRc/NKu8kCtAPWzgHS2JPTQfJhkDbTAD
+eIlg8IeJpOdrYnzdaBCzgxqjSkls+vxjYotOU0Zbrpy2bj0lRDqdYbNsiuConKgT
+MeuDEd/4ZI0X9NWLAi06Iv1F4mHXf36c6uqiUWTtXiofogrFUoTRwACKR2qeC95X
+Py+FDmpS9lz0mo0vDWjetLQC2IBngjjPFdR16n87QDIWfRBkk66rn7rEA6Li66b/
+cToajMSA/n+2Ud1mntSY4RdDdd0TBtAq9RrXtUOfzGaE7S6t+FtYyEprvT4FdOTU
+uyYgSNaI9ANVP1zhQ9LACKuudOECAwEAAaNQME4wHQYDVR0OBBYEFD91SVOejfwx
+u33+5N0TdYbHJbgAMB8GA1UdIwQYMBaAFD91SVOejfwxu33+5N0TdYbHJbgAMAwG
+A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBADsONtUqGNBPBXnRowcJwv+Y
+F1Vea+4dkBwYbhkiO6H5XMKr+waOnOD2eAvgP4aeYg/a0xOzzETRD9wi1Z1P1ZMy
+d/NzHQjj4egPENwDv1PH2voZgsXXzXIqUMOtz9t12TuJUrSA2SBW1tz/evckHhNY
+fHg4ThvTIgwEdV/yvrOEBLV9dXG5IhhF+NW1MegTGkt4SpOoH1pi3o9VekVRnix9
+xrIdaC4Ee6vQaR603HwDS9Y+a1c2KU7QoLX8Vaa904cQ+rxhGsTAkocnZXeo6Hl5
+V8BlDYXxeP86fzcWi04ll2BmEEw/RimHEOLpGqxTVHJ5p5BVSCHP8aCD0VJheaU=
+-----END CERTIFICATE-----

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-kdc-test/src/main/resources/cakey.pem
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/src/main/resources/cakey.pem b/kerby-kerb/kerb-kdc-test/src/main/resources/cakey.pem
new file mode 100644
index 0000000..66dc806
--- /dev/null
+++ b/kerby-kerb/kerb-kdc-test/src/main/resources/cakey.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAwLOcknTZlSMI+8DCcGZ8+zRqRvlBFz80q7yQK0A9bOAdLYk9
+NB8mGQNtMAN4iWDwh4mk52tifN1oELODGqNKSWz6/GNii05TRluunLZuPSVEOp1h
+s2yK4KicqBMx64MR3/hkjRf01YsCLToi/UXiYdd/fpzq6qJRZO1eKh+iCsVShNHA
+AIpHap4L3lc/L4UOalL2XPSajS8NaN60tALYgGeCOM8V1HXqfztAMhZ9EGSTrquf
+usQDouLrpv9xOhqMxID+f7ZR3Wae1JjhF0N13RMG0Cr1Gte1Q5/MZoTtLq34W1jI
+Smu9PgV05NS7JiBI1oj0A1U/XOFD0sAIq6504QIDAQABAoIBAHqFeMax3unxBbQ0
+Aiy/LTX3RJ9tuZITUOTklnG5fZStBkA+oxhxuaJryE+f1VLbvPMgdCXj5BHqIFGG
+IZSdQA1hak9wzWYvXck9X88qOvtLp47xI/6Vw9NFwZ0n3zST+JiD8UK4eaYQpUim
+Tzrj5SU6hEi3crHOlJvsRFPaGwhnA9wycoOo4o22XBj3C8Hwzi4vWcKXH/RCSwZQ
+zFuYbe77Pn9Sv5q5zdglkmm7wngoVt/aKQke/Vk+Eincx1V12b05DNLjugo6FWQh
+0f2MmHpvqNSHs9USC5+y2lKQ1JNHh7mnpPCXkZEH4V7q+3mKVzl9tXzj9Gul20pw
+tneD6WUCgYEA9QUrQoWHKeVMjeukHjDJa2KjRLMmg9YRQyVABH9+nQTp1jYUjMRA
+GUoUx91gG6gjjJD/xvor/U0Fh3vKtZE93c+avrcaYDwf3q/L4gh+3b87lVDfzjrp
+L+MPTpEzWiyyLfr/kLA0TgUjnrj9bav5uDps8mJpNf8s9ZP1/QDhF5sCgYEAyVZA
+pHSIyBI2GT0+92JXvYDK/ZfV5m4RGHaG/PMDoU4IbGbjHVyzzsyzDUgvOASXwfF8
+YzwX7Tf95RZw12P/Jepxt0vqBJPKUCsMLUrmANQvN1Pz8+Vk6UADLM7kNc06MqB9
+/U3GKCFZZuedEhbgXnEV9gzelhILImJGZMxG0zMCgYApymnofLHjGXMHOcvSQmv4
+XuiODShikB59n1rd6YkE6xOfL7YtlEOCjLoipMWBshnuHcUigQUDvSFWTGz0rwMo
+VAKGyOA8zcR5zO4vbVeGJtnYy+SAXlfrjQTNV8K0fK8fXJI+cW9aZ1H9/ntrO0vq
+ejye0t4zEYTvlf782iuKRQKBgQCnTQ7mGRfX+JoPmv8JniR+idkjpNnPYsK96y/8
+XQs1LJx/R3eN3IxlWV+nt8XU7KwWMs5Dv5m6Ov61MFKQCL3qCch4oZJSP2Sr/Tlf
+IY/CPI8HkLF0h7e0wsZgo4Kq2mBz1T0cEVaJ3jxl8Cxq7at/jsTK8qK7XT73UWZh
+OAXaVQKBgDmg2QTX7c0/dbDMOuw18g3xfE/oqU+VWT784wtvpcdjHR+KAVLWHG8l
+oc/bm8Bs0o0f5dfH7uUvWdP6JMvbgYZBgIMqw+iH8P2lFCLzIRf0me/l+r0Oi64U
+5jp9K+7Ggc7S0SSnCLmBLMN5lXQZbhzks1La7DZmFeAz8rOEnlUB
+-----END RSA PRIVATE KEY-----

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-kdc-test/src/main/resources/extensions.kdc
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/src/main/resources/extensions.kdc b/kerby-kerb/kerb-kdc-test/src/main/resources/extensions.kdc
new file mode 100644
index 0000000..8052f71
--- /dev/null
+++ b/kerby-kerb/kerb-kdc-test/src/main/resources/extensions.kdc
@@ -0,0 +1,36 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+[kdc_cert]
+basicConstraints=CA:FALSE
+keyUsage=nonRepudiation,digitalSignature,keyEncipherment,keyAgreement
+extendedKeyUsage=1.3.6.1.5.2.3.5
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+issuerAltName=issuer:copy
+subjectAltName=otherName:1.3.6.1.5.2.2;SEQUENCE:kdc_princ_name
+
+[kdc_princ_name]
+realm=EXP:0,GeneralString:${ENV::REALM}
+principal_name=EXP:1,SEQUENCE:kdc_principal_seq
+
+[kdc_principal_seq]
+name_type=EXP:0,INTEGER:1
+name_string=EXP:1,SEQUENCE:kdc_principals
+
+[kdc_principals]
+princ1=GeneralString:krbtgt
+princ2=GeneralString:${ENV::REALM}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-kdc-test/src/main/resources/kdc-krb5.conf
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/src/main/resources/kdc-krb5.conf b/kerby-kerb/kerb-kdc-test/src/main/resources/kdc-krb5.conf
new file mode 100644
index 0000000..d118dd1
--- /dev/null
+++ b/kerby-kerb/kerb-kdc-test/src/main/resources/kdc-krb5.conf
@@ -0,0 +1,25 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+[libdefaults]
+    default_realm = {0}
+    udp_preference_limit = 1
+
+[realms]
+    {0} = '{'
+        kdc = {1}:{2}
+    '}'
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-kdc-test/src/main/resources/kdc.ldiff
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/src/main/resources/kdc.ldiff b/kerby-kerb/kerb-kdc-test/src/main/resources/kdc.ldiff
new file mode 100644
index 0000000..bc989c3
--- /dev/null
+++ b/kerby-kerb/kerb-kdc-test/src/main/resources/kdc.ldiff
@@ -0,0 +1,46 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+dn: ou=users,dc=${0},dc=${1}
+objectClass: organizationalUnit
+objectClass: top
+ou: users
+
+dn: uid=krbtgt,ou=users,dc=${0},dc=${1}
+objectClass: top
+objectClass: person
+objectClass: inetOrgPerson
+objectClass: krb5principal
+objectClass: krb5kdcentry
+cn: KDC Service
+sn: Service
+uid: krbtgt
+userPassword: secret
+krb5PrincipalName: krbtgt/${2}.${3}@${2}.${3}
+krb5KeyVersionNumber: 0
+
+dn: uid=ldap,ou=users,dc=${0},dc=${1}
+objectClass: top
+objectClass: person
+objectClass: inetOrgPerson
+objectClass: krb5principal
+objectClass: krb5kdcentry
+cn: LDAP
+sn: Service
+uid: ldap
+userPassword: secret
+krb5PrincipalName: ldap/${4}@${2}.${3}
+krb5KeyVersionNumber: 0

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-kdc-test/src/main/resources/kdccert.pem
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/src/main/resources/kdccert.pem b/kerby-kerb/kerb-kdc-test/src/main/resources/kdccert.pem
new file mode 100644
index 0000000..67e538c
--- /dev/null
+++ b/kerby-kerb/kerb-kdc-test/src/main/resources/kdccert.pem
@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEYjCCA0qgAwIBAgIJAL2ZFUkXCgK2MA0GCSqGSIb3DQEBBQUAMIGLMQswCQYD
+VQQGEwJjaDERMA8GA1UECAwIc2hhbmdoYWkxETAPBgNVBAcMCHNoYW5naGFpMQ4w
+DAYDVQQKDAVpbnRlbDEQMA4GA1UECwwHYmlnZGF0YTEQMA4GA1UEAwwHYmlnZGF0
+YTEiMCAGCSqGSIb3DQEJARYTa2FpLnpoZW5nQGludGVsLmNvbTAeFw0xNDA1MTMx
+MzI3MjFaFw0xNTA1MTMxMzI3MjFaMIGLMQswCQYDVQQGEwJjaDERMA8GA1UECAwI
+c2hhbmdoYWkxETAPBgNVBAcMCHNoYW5naGFpMQ4wDAYDVQQKDAVpbnRlbDEQMA4G
+A1UECwwHYmlnZGF0YTEQMA4GA1UEAwwHYmlnZGF0YTEiMCAGCSqGSIb3DQEJARYT
+a2FpLnpoZW5nQGludGVsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAMs0jF1fi5AVMunQ/jpxgSjRlpmVQyT//LrwBmyI77C+hCD4z/InoG4q2tl5
+fAH+2n7HHgon4E0QXyRxAz0+Ugun7qHW9oT2pnxoc1l8seyGNMK9adsxLpCv7RXK
+quqLcj34UQCzRDKxgkH5UBwxGY0kId0W1MqPh1LZRZIk1hakREC4DBj+slnDkN0s
+nh8pC/8q/hTPJ9QrqWT6oc1FjMVKz3FxFbxXELYxg4M6SXnzGzdWa3xSe4Ou0QO2
+EwncQUoo8N6plOKX5lncDhC2usT//AZHvKdcVmOwX0ByxZqGQIXk7g1kbsbG5m45
+JMjt/HnOQcfg88iSLKJZu+ODw00CAwEAAaOBxjCBwzAJBgNVHRMEAjAAMAsGA1Ud
+DwQEAwID6DASBgNVHSUECzAJBgcrBgEFAgMFMB0GA1UdDgQWBBS8Bmb9kTUkw61e
+Is+9KDV5U6JjyjAfBgNVHSMEGDAWgBQ/dUlTno38Mbt9/uTdE3WGxyW4ADAJBgNV
+HRIEAjAAMEoGA1UdEQRDMEGgPwYGKwYBBQICoDUwM6AOGwxTSC5JTlRFTC5DT02h
+ITAfoAMCAQGhGDAWGwZrcmJ0Z3QbDFNILklOVEVMLkNPTTANBgkqhkiG9w0BAQUF
+AAOCAQEAS/I0zH9ByFcXTF56I5aPmPdzYKpIpFF6Kkwyw0M2EuIcTcpDl74/xmq9
+YPHS6TSDAt3wHzs9JQlSWah04L0R+IgHVacLRgdXfTWqglFFH/pve3p49WCrYmWz
+txQeRV5dxzaE3oTdDq15DRkUJmt0GIk1x6ehrGZOpIL8oTFmVmnR7EgrKWlIMYCs
+R/GkEuCH15wadom/Hw5Db1KLPEjxCdwy947guOh4SO0fcW3h55V3troS/46TbVFF
+FvNSqGD+19/QM/MhLIy5OnTxOio8M9zp+yfDlzLnpbMi0ZO6tLvB4XhjvP0as34c
+5vCA/8HPfaearSyAYi2Ir9vT3O9J/w==
+-----END CERTIFICATE-----

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-kdc-test/src/main/resources/kdckey.pem
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/src/main/resources/kdckey.pem b/kerby-kerb/kerb-kdc-test/src/main/resources/kdckey.pem
new file mode 100644
index 0000000..c9e75e2
--- /dev/null
+++ b/kerby-kerb/kerb-kdc-test/src/main/resources/kdckey.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAyzSMXV+LkBUy6dD+OnGBKNGWmZVDJP/8uvAGbIjvsL6EIPjP
+8iegbira2Xl8Af7afsceCifgTRBfJHEDPT5SC6fuodb2hPamfGhzWXyx7IY0wr1p
+2zEukK/tFcqq6otyPfhRALNEMrGCQflQHDEZjSQh3RbUyo+HUtlFkiTWFqREQLgM
+GP6yWcOQ3SyeHykL/yr+FM8n1CupZPqhzUWMxUrPcXEVvFcQtjGDgzpJefMbN1Zr
+fFJ7g67RA7YTCdxBSijw3qmU4pfmWdwOELa6xP/8Bke8p1xWY7BfQHLFmoZAheTu
+DWRuxsbmbjkkyO38ec5Bx+DzyJIsolm744PDTQIDAQABAoIBAQC4Byb3iQgDvK8X
+QcZ7dz/Zj7Yr8RmV8J8ZTTcEJB+umVtf4PWyAGEyZG0+dt7vj7ahCgMSf3qLUEBZ
+6F9en4n+NF/RAbTQRfAQyydr65nW8tPlaVTsxWW+cxTrn1eagh88MB5r2+3vWwL0
+bK04Wt8hC4//giXELKgJR+vRprqcVRgy11nYaTP59IDdg4YscbHfc/LYa7ABQ1G5
+5NKtjMy13UvtD/4C3TS1NpL2xtzAgQRe3XFDIyOmv476Ts1boqSHBFX+MXmLBAfi
+8Qhaj1DO8A0HS/c4egcL6esCe4kcgtCuq66n8JzOlVbCDGOYIUkUyQ9Nfo31M5i5
+XhqF9CsBAoGBAP7PqkncLAvyjHQKPpDyWCBtkV7z+DWRZRPz4w8tit+TiAv6hRF7
+kK+NUhP1mBuS4duyEV58B8LWOR0ir7ftbL0/unxR1XWMOvTEHr/9lG1sKZoI0dJS
+Ee+VvuVFwdm/ABxfnveGCRrSHY7GAvFln3gC1Cst3NPPKbpznb3FiH/JAoGBAMwn
+P1Labt/OuzB70Vxve3TCeFA6jYzcYdA3riv1V0FIWoNgcQ742b0+6HDpEQgn4Rdb
+KiKz8hSplM1nx8NyWwS9r7gRQ9HIc0qC5S4A0A9QEbdKrkUiQDlwHgdDKPPCWih9
+qH05etiQ044BtOq7uXsWYqiIomOW/XyDUEhbRRFlAoGALmVnj01Mo9xFILfgzomh
+7D2nE4/+qNpRekGVHWVgfPci9XNnGVjTbnOf90xnptWm1Fbm/Lo+u4ZAHgL71dSg
+UREyhoJsCJxA++Jd6v1kMkxYgtiKQ+53n5U3jg2Wj2xMu93ZVx6Lt9t8UEvTq1qi
+n7p8IWSXaeW1pmJ43V4DTakCgYAFcSpj+ASqnKUqxrIvB52/4As7AESTs7A7z7Ap
+5dFcoSQgimqZHpMXU1z43Y2hrQZ4C+sUn71dRaP80b5mfF7mwnOzsWogZnqESvb3
+AfiJ3/WI8Emy+BXEMjPqt6SY0t56Y9cg925J5ZpuF6eN9lEccd1RZssFYpoBPrLe
+KuitbQKBgQC3DNejUqol2max6rf4h/GnwLE2BOTmFLnswexlw76p/63Jo1SaVpk7
+9nAltsqNCl4L/eAJ8hJdeTE5YVjYsgAVJrXZbiRfxHBMeHj9g0d1VafGqdomKf0R
+7Qytlcvsw8jn96ckEMPPLJF0bX5cu9S6lMyEbb6Ih41P13uvgP6ufg==
+-----END RSA PRIVATE KEY-----

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-kdc-test/src/main/resources/usercert.pem
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/src/main/resources/usercert.pem b/kerby-kerb/kerb-kdc-test/src/main/resources/usercert.pem
new file mode 100644
index 0000000..67e538c
--- /dev/null
+++ b/kerby-kerb/kerb-kdc-test/src/main/resources/usercert.pem
@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEYjCCA0qgAwIBAgIJAL2ZFUkXCgK2MA0GCSqGSIb3DQEBBQUAMIGLMQswCQYD
+VQQGEwJjaDERMA8GA1UECAwIc2hhbmdoYWkxETAPBgNVBAcMCHNoYW5naGFpMQ4w
+DAYDVQQKDAVpbnRlbDEQMA4GA1UECwwHYmlnZGF0YTEQMA4GA1UEAwwHYmlnZGF0
+YTEiMCAGCSqGSIb3DQEJARYTa2FpLnpoZW5nQGludGVsLmNvbTAeFw0xNDA1MTMx
+MzI3MjFaFw0xNTA1MTMxMzI3MjFaMIGLMQswCQYDVQQGEwJjaDERMA8GA1UECAwI
+c2hhbmdoYWkxETAPBgNVBAcMCHNoYW5naGFpMQ4wDAYDVQQKDAVpbnRlbDEQMA4G
+A1UECwwHYmlnZGF0YTEQMA4GA1UEAwwHYmlnZGF0YTEiMCAGCSqGSIb3DQEJARYT
+a2FpLnpoZW5nQGludGVsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAMs0jF1fi5AVMunQ/jpxgSjRlpmVQyT//LrwBmyI77C+hCD4z/InoG4q2tl5
+fAH+2n7HHgon4E0QXyRxAz0+Ugun7qHW9oT2pnxoc1l8seyGNMK9adsxLpCv7RXK
+quqLcj34UQCzRDKxgkH5UBwxGY0kId0W1MqPh1LZRZIk1hakREC4DBj+slnDkN0s
+nh8pC/8q/hTPJ9QrqWT6oc1FjMVKz3FxFbxXELYxg4M6SXnzGzdWa3xSe4Ou0QO2
+EwncQUoo8N6plOKX5lncDhC2usT//AZHvKdcVmOwX0ByxZqGQIXk7g1kbsbG5m45
+JMjt/HnOQcfg88iSLKJZu+ODw00CAwEAAaOBxjCBwzAJBgNVHRMEAjAAMAsGA1Ud
+DwQEAwID6DASBgNVHSUECzAJBgcrBgEFAgMFMB0GA1UdDgQWBBS8Bmb9kTUkw61e
+Is+9KDV5U6JjyjAfBgNVHSMEGDAWgBQ/dUlTno38Mbt9/uTdE3WGxyW4ADAJBgNV
+HRIEAjAAMEoGA1UdEQRDMEGgPwYGKwYBBQICoDUwM6AOGwxTSC5JTlRFTC5DT02h
+ITAfoAMCAQGhGDAWGwZrcmJ0Z3QbDFNILklOVEVMLkNPTTANBgkqhkiG9w0BAQUF
+AAOCAQEAS/I0zH9ByFcXTF56I5aPmPdzYKpIpFF6Kkwyw0M2EuIcTcpDl74/xmq9
+YPHS6TSDAt3wHzs9JQlSWah04L0R+IgHVacLRgdXfTWqglFFH/pve3p49WCrYmWz
+txQeRV5dxzaE3oTdDq15DRkUJmt0GIk1x6ehrGZOpIL8oTFmVmnR7EgrKWlIMYCs
+R/GkEuCH15wadom/Hw5Db1KLPEjxCdwy947guOh4SO0fcW3h55V3troS/46TbVFF
+FvNSqGD+19/QM/MhLIy5OnTxOio8M9zp+yfDlzLnpbMi0ZO6tLvB4XhjvP0as34c
+5vCA/8HPfaearSyAYi2Ir9vT3O9J/w==
+-----END CERTIFICATE-----

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-kdc-test/src/main/resources/userkey.pem
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/src/main/resources/userkey.pem b/kerby-kerb/kerb-kdc-test/src/main/resources/userkey.pem
new file mode 100644
index 0000000..c9e75e2
--- /dev/null
+++ b/kerby-kerb/kerb-kdc-test/src/main/resources/userkey.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAyzSMXV+LkBUy6dD+OnGBKNGWmZVDJP/8uvAGbIjvsL6EIPjP
+8iegbira2Xl8Af7afsceCifgTRBfJHEDPT5SC6fuodb2hPamfGhzWXyx7IY0wr1p
+2zEukK/tFcqq6otyPfhRALNEMrGCQflQHDEZjSQh3RbUyo+HUtlFkiTWFqREQLgM
+GP6yWcOQ3SyeHykL/yr+FM8n1CupZPqhzUWMxUrPcXEVvFcQtjGDgzpJefMbN1Zr
+fFJ7g67RA7YTCdxBSijw3qmU4pfmWdwOELa6xP/8Bke8p1xWY7BfQHLFmoZAheTu
+DWRuxsbmbjkkyO38ec5Bx+DzyJIsolm744PDTQIDAQABAoIBAQC4Byb3iQgDvK8X
+QcZ7dz/Zj7Yr8RmV8J8ZTTcEJB+umVtf4PWyAGEyZG0+dt7vj7ahCgMSf3qLUEBZ
+6F9en4n+NF/RAbTQRfAQyydr65nW8tPlaVTsxWW+cxTrn1eagh88MB5r2+3vWwL0
+bK04Wt8hC4//giXELKgJR+vRprqcVRgy11nYaTP59IDdg4YscbHfc/LYa7ABQ1G5
+5NKtjMy13UvtD/4C3TS1NpL2xtzAgQRe3XFDIyOmv476Ts1boqSHBFX+MXmLBAfi
+8Qhaj1DO8A0HS/c4egcL6esCe4kcgtCuq66n8JzOlVbCDGOYIUkUyQ9Nfo31M5i5
+XhqF9CsBAoGBAP7PqkncLAvyjHQKPpDyWCBtkV7z+DWRZRPz4w8tit+TiAv6hRF7
+kK+NUhP1mBuS4duyEV58B8LWOR0ir7ftbL0/unxR1XWMOvTEHr/9lG1sKZoI0dJS
+Ee+VvuVFwdm/ABxfnveGCRrSHY7GAvFln3gC1Cst3NPPKbpznb3FiH/JAoGBAMwn
+P1Labt/OuzB70Vxve3TCeFA6jYzcYdA3riv1V0FIWoNgcQ742b0+6HDpEQgn4Rdb
+KiKz8hSplM1nx8NyWwS9r7gRQ9HIc0qC5S4A0A9QEbdKrkUiQDlwHgdDKPPCWih9
+qH05etiQ044BtOq7uXsWYqiIomOW/XyDUEhbRRFlAoGALmVnj01Mo9xFILfgzomh
+7D2nE4/+qNpRekGVHWVgfPci9XNnGVjTbnOf90xnptWm1Fbm/Lo+u4ZAHgL71dSg
+UREyhoJsCJxA++Jd6v1kMkxYgtiKQ+53n5U3jg2Wj2xMu93ZVx6Lt9t8UEvTq1qi
+n7p8IWSXaeW1pmJ43V4DTakCgYAFcSpj+ASqnKUqxrIvB52/4As7AESTs7A7z7Ap
+5dFcoSQgimqZHpMXU1z43Y2hrQZ4C+sUn71dRaP80b5mfF7mwnOzsWogZnqESvb3
+AfiJ3/WI8Emy+BXEMjPqt6SY0t56Y9cg925J5ZpuF6eN9lEccd1RZssFYpoBPrLe
+KuitbQKBgQC3DNejUqol2max6rf4h/GnwLE2BOTmFLnswexlw76p/63Jo1SaVpk7
+9nAltsqNCl4L/eAJ8hJdeTE5YVjYsgAVJrXZbiRfxHBMeHj9g0d1VafGqdomKf0R
+7Qytlcvsw8jn96ckEMPPLJF0bX5cu9S6lMyEbb6Ih41P13uvgP6ufg==
+-----END RSA PRIVATE KEY-----

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcTest.java b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcTest.java
new file mode 100644
index 0000000..81c0b3a
--- /dev/null
+++ b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcTest.java
@@ -0,0 +1,49 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.server;
+
+import org.apache.kerby.kerberos.kerb.spec.ticket.ServiceTicket;
+import org.apache.kerby.kerberos.kerb.spec.ticket.TgtTicket;
+import org.junit.Assert;
+import org.junit.Test;
+
+public class KdcTest extends KdcTestBase {
+
+    private String password = "123456";
+
+    @Override
+    protected void setUpKdcServer() throws Exception {
+        super.setUpKdcServer();
+        kdcServer.createPrincipal(clientPrincipal, password);
+    }
+
+    @Test
+    public void testKdc() throws Exception {
+        kdcServer.start();
+        Assert.assertTrue(kdcServer.isStarted());
+
+        krbClnt.init();
+        TgtTicket tgt = krbClnt.requestTgtTicket(clientPrincipal, password, null);
+        Assert.assertNotNull(tgt);
+
+        ServiceTicket tkt = krbClnt.requestServiceTicket(tgt, serverPrincipal, null);
+        Assert.assertNotNull(tkt);
+    }
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcTestBase.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcTestBase.java b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcTestBase.java
new file mode 100644
index 0000000..1751474
--- /dev/null
+++ b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcTestBase.java
@@ -0,0 +1,71 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.server;
+
+import org.apache.kerby.kerberos.kerb.client.KrbClient;
+import org.junit.After;
+import org.junit.Before;
+
+public abstract class KdcTestBase {
+
+    protected String kdcRealm;
+    protected String clientPrincipal;
+    protected String serverPrincipal;
+
+    protected String hostname = "localhost";
+    protected short tcpPort = 8088;
+    protected short udpPort = 8089;
+
+    protected TestKdcServer kdcServer;
+    protected KrbClient krbClnt;
+
+    @Before
+    public void setUp() throws Exception {
+        setUpKdcServer();
+        setUpClient();
+    }
+
+    protected void setUpKdcServer() throws Exception {
+        kdcServer = new TestKdcServer();
+        kdcServer.setKdcHost(hostname);
+        kdcServer.setKdcTcpPort(tcpPort);
+        kdcServer.setKdcUdpPort(udpPort);
+        kdcServer.init();
+
+        kdcRealm = kdcServer.getKdcRealm();
+        clientPrincipal = "drankye@" + kdcRealm;
+
+        serverPrincipal = "test-service/localhost@" + kdcRealm;
+        kdcServer.createPrincipals(serverPrincipal);
+    }
+
+    protected void setUpClient() throws Exception {
+        krbClnt = new KrbClient(hostname, tcpPort);
+        krbClnt.setTimeout(5);
+        krbClnt.setKdcRealm(kdcServer.getKdcRealm());
+    }
+
+
+
+    @After
+    public void tearDown() throws Exception {
+        kdcServer.stop();
+    }
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/WithCertKdcTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/WithCertKdcTest.java b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/WithCertKdcTest.java
new file mode 100644
index 0000000..3986005
--- /dev/null
+++ b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/WithCertKdcTest.java
@@ -0,0 +1,89 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.server;
+
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.spec.ticket.ServiceTicket;
+import org.apache.kerby.kerberos.kerb.spec.ticket.TgtTicket;
+import org.haox.pki.Pkix;
+import org.junit.Assert;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.GeneralSecurityException;
+import java.security.PrivateKey;
+import java.security.cert.Certificate;
+
+/**
+ openssl genrsa -out cakey.pem 2048
+ openssl req -key cakey.pem -new -x509 -out cacert.pem -days 3650
+ vi extensions.kdc
+ openssl genrsa -out kdckey.pem 2048
+ openssl req -new -out kdc.req -key kdckey.pem
+ env REALM=SH.INTEL.COM openssl x509 -req -in kdc.req -CAkey cakey.pem \
+ -CA cacert.pem -out kdc.pem -days 365 -extfile extensions.kdc -extensions kdc_cert -CAcreateserial
+ */
+public class WithCertKdcTest extends KdcTestBase {
+
+    private Certificate userCert;
+    private PrivateKey userKey;
+
+    @Override
+    protected void setUpClient() throws Exception {
+        super.setUpClient();
+
+        loadCredentials();
+    }
+
+    @Override
+    protected void setUpKdcServer() throws Exception {
+        super.setUpKdcServer();
+        kdcServer.createPrincipals(clientPrincipal);
+    }
+
+    //@Test
+    public void testKdc() throws Exception {
+        Assert.assertNotNull(userCert);
+
+        kdcServer.start();
+        Assert.assertTrue(kdcServer.isStarted());
+        krbClnt.init();
+
+        TgtTicket tgt = null;
+        try {
+            tgt = krbClnt.requestTgtTicket(clientPrincipal, userCert, userKey, null);
+        } catch (KrbException te) {
+            Assert.assertTrue(te.getMessage().contains("timeout"));
+            return;
+        }
+        Assert.assertNull(tgt);
+
+        ServiceTicket tkt = krbClnt.requestServiceTicket(tgt, serverPrincipal, null);
+        Assert.assertNull(tkt);
+    }
+
+    private void loadCredentials() throws IOException, GeneralSecurityException {
+        InputStream res = getClass().getResourceAsStream("/usercert.pem");
+        userCert = Pkix.getCerts(res).iterator().next();
+
+        res = getClass().getResourceAsStream("/userkey.pem");
+        userKey = Pkix.getPrivateKey(res, null);
+    }
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/WithTokenKdcTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/WithTokenKdcTest.java b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/WithTokenKdcTest.java
new file mode 100644
index 0000000..1bad71d
--- /dev/null
+++ b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/WithTokenKdcTest.java
@@ -0,0 +1,56 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.server;
+
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.spec.ticket.ServiceTicket;
+import org.apache.kerby.kerberos.kerb.spec.ticket.TgtTicket;
+import org.haox.token.KerbToken;
+import org.junit.Assert;
+
+public class WithTokenKdcTest extends KdcTestBase {
+
+    private KerbToken token;
+
+    @Override
+    protected void setUpKdcServer() throws Exception {
+        super.setUpKdcServer();
+        kdcServer.createPrincipals(clientPrincipal);
+    }
+
+    //@Test
+    public void testKdc() throws Exception {
+        kdcServer.start();
+        Assert.assertTrue(kdcServer.isStarted());
+        krbClnt.init();
+
+        TgtTicket tgt = null;
+        try {
+            tgt = krbClnt.requestTgtTicket(clientPrincipal, token, null);
+        } catch (KrbException te) {
+            Assert.assertTrue(te.getMessage().contains("timeout"));
+            return;
+        }
+        Assert.assertNull(tgt);
+
+        ServiceTicket tkt = krbClnt.requestServiceTicket(tgt, serverPrincipal, null);
+        Assert.assertNull(tkt);
+    }
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-server/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/pom.xml b/kerby-kerb/kerb-server/pom.xml
new file mode 100644
index 0000000..f19efc1
--- /dev/null
+++ b/kerby-kerb/kerb-server/pom.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed under the Apache License, Version 2.0 (the "License");
+  you may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License. See accompanying LICENSE file.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+
+  <parent>
+    <groupId>org.apache.kerby</groupId>
+    <artifactId>kerby-kerb</artifactId>
+    <version>1.0-SNAPSHOT</version>
+  </parent>
+
+  <artifactId>kerb-server</artifactId>
+
+  <name>Kerby-kerb Server</name>
+  <description>Kerby-kerb Server</description>
+
+  <dependencies>
+    <dependency>
+      <groupId>org.apache.kerby</groupId>
+      <artifactId>kerby-config</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.kerby</groupId>
+      <artifactId>kerb-core</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.kerby</groupId>
+      <artifactId>kerb-common</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.kerby</groupId>
+      <artifactId>kerb-identity</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.kerby</groupId>
+      <artifactId>kerby-event</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.kerby</groupId>
+      <artifactId>kerby-pkix</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+  </dependencies>
+</project>

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfig.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfig.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfig.java
new file mode 100644
index 0000000..aeca837
--- /dev/null
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfig.java
@@ -0,0 +1,153 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.server;
+
+import org.apache.haox.config.Conf;
+import org.apache.kerby.kerberos.kerb.common.KrbConfHelper;
+import org.apache.kerby.kerberos.kerb.spec.common.EncryptionType;
+
+import java.util.List;
+
+public class KdcConfig {
+    protected Conf conf;
+
+    public KdcConfig() {
+        this.conf = new Conf();
+    }
+
+    public Conf getConf() {
+        return this.conf;
+    }
+
+    public boolean enableDebug() {
+        return conf.getBoolean(KdcConfigKey.KRB_DEBUG);
+    }
+
+    public String getKdcServiceName() {
+        return conf.getString(KdcConfigKey.KDC_SERVICE_NAME);
+    }
+
+    public String getWorkDir() {
+        return conf.getString(KdcConfigKey.WORK_DIR);
+    }
+
+    public String getKdcHost() {
+        return conf.getString(KdcConfigKey.KDC_HOST);
+    }
+
+    public short getKdcTcpPort() {
+        Integer kdcTcpPort =  KrbConfHelper.getIntUnderSection(conf, KdcConfigKey.KDC_TCP_PORT);
+        return kdcTcpPort.shortValue();
+    }
+
+    public short getKdcUdpPort() {
+        Integer kdcUdpPort = KrbConfHelper.getIntUnderSection(conf, KdcConfigKey.KDC_UDP_PORT);
+        return kdcUdpPort.shortValue();
+    }
+
+    public String getKdcRealm() {
+        return conf.getString(KdcConfigKey.KDC_REALM);
+    }
+
+    public String getKdcDomain() {
+        return conf.getString(KdcConfigKey.KDC_DOMAIN);
+    }
+
+    public boolean isPreauthRequired() {
+        return conf.getBoolean(KdcConfigKey.PREAUTH_REQUIRED);
+    }
+
+    public String getTgsPrincipal() {
+        return conf.getString(KdcConfigKey.TGS_PRINCIPAL);
+    }
+
+    public long getAllowableClockSkew() {
+        return conf.getLong(KdcConfigKey.ALLOWABLE_CLOCKSKEW);
+    }
+
+    public boolean isEmptyAddressesAllowed() {
+        return conf.getBoolean(KdcConfigKey.EMPTY_ADDRESSES_ALLOWED);
+    }
+
+    public boolean isForwardableAllowed() {
+        return conf.getBoolean(KdcConfigKey.FORWARDABLE_ALLOWED);
+    }
+
+    public boolean isPostdatedAllowed() {
+        return conf.getBoolean(KdcConfigKey.POSTDATED_ALLOWED);
+    }
+
+    public boolean isProxiableAllowed() {
+        return conf.getBoolean(KdcConfigKey.PROXIABLE_ALLOWED);
+    }
+
+    public boolean isRenewableAllowed() {
+        return conf.getBoolean(KdcConfigKey.RENEWABLE_ALLOWED);
+    }
+
+    public long getMaximumRenewableLifetime() {
+        return conf.getLong(KdcConfigKey.MAXIMUM_RENEWABLE_LIFETIME);
+    }
+
+    public long getMaximumTicketLifetime() {
+        return conf.getLong(KdcConfigKey.MAXIMUM_TICKET_LIFETIME);
+    }
+
+    public long getMinimumTicketLifetime() {
+        return conf.getLong(KdcConfigKey.MINIMUM_TICKET_LIFETIME);
+    }
+
+    public List<EncryptionType> getEncryptionTypes() {
+        List<String> eTypes = conf.getList(KdcConfigKey.ENCRYPTION_TYPES);
+        return KrbConfHelper.getEncryptionTypes(eTypes);
+    }
+
+    public boolean isPaEncTimestampRequired() {
+        return conf.getBoolean(KdcConfigKey.PA_ENC_TIMESTAMP_REQUIRED);
+    }
+
+    public boolean isBodyChecksumVerified() {
+        return conf.getBoolean(KdcConfigKey.VERIFY_BODY_CHECKSUM);
+    }
+
+    public String getDefaultLoggingLocation() {
+        return KrbConfHelper.getStringUnderSection(conf, KdcConfigKey.DEFAULT);
+    }
+
+    public String getKdcLoggingLocation() {
+        return KrbConfHelper.getStringUnderSection(conf, KdcConfigKey.KDC);
+    }
+
+    public String getAdminLoggingLocation() {
+        return KrbConfHelper.getStringUnderSection(conf, KdcConfigKey.ADMIN_SERVER);
+    }
+
+    public boolean isRestrictAnonymousToTgt() {
+        return KrbConfHelper.getBooleanUnderSection(conf, KdcConfigKey.RESTRICT_ANONYMOUS_TO_TGT);
+    }
+
+    public int getKdcMaxDgramReplySize() {
+        return KrbConfHelper.getIntUnderSection(conf, KdcConfigKey.KDC_MAX_DGRAM_REPLY_SIZE);
+    }
+
+    public String[] getLdapKerberosContainerDn() {
+        return KrbConfHelper.getStringArrayUnderSection(conf, KdcConfigKey.LDAP_KERBEROS_CONTAINER_DN);
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfigKey.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfigKey.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfigKey.java
new file mode 100644
index 0000000..1f77c94
--- /dev/null
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcConfigKey.java
@@ -0,0 +1,94 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *
+ */
+package org.apache.kerby.kerberos.kerb.server;
+
+import org.apache.kerby.kerberos.kerb.common.SectionConfigKey;
+
+public enum KdcConfigKey implements SectionConfigKey {
+    KRB_DEBUG(true),
+    WORK_DIR,
+    KDC_SERVICE_NAME("Haox_KDC_Server"),
+    KDC_HOST("127.0.0.1"),
+    KDC_UDP_PORT(8016, "kdcdefaults"),
+    KDC_TCP_PORT(8015, "kdcdefaults"),
+    KDC_DOMAIN("example.com"),
+    KDC_REALM("EXAMPLE.COM"),
+    TGS_PRINCIPAL("krbtgt@EXAMPLE.COM"),
+    PREAUTH_REQUIRED(true),
+    ALLOWABLE_CLOCKSKEW(5 * 60L),
+    EMPTY_ADDRESSES_ALLOWED(true),
+    PA_ENC_TIMESTAMP_REQUIRED(true),
+    MAXIMUM_TICKET_LIFETIME(24 * 3600L),
+    MINIMUM_TICKET_LIFETIME(1 * 3600L),
+    MAXIMUM_RENEWABLE_LIFETIME(48 * 3600L),
+    FORWARDABLE_ALLOWED(true),
+    POSTDATED_ALLOWED(true),
+    PROXIABLE_ALLOWED(true),
+    RENEWABLE_ALLOWED(true),
+    VERIFY_BODY_CHECKSUM(true),
+    ENCRYPTION_TYPES(new String[] { "aes128-cts-hmac-sha1-96", "des3-cbc-sha1-kd" }),
+    RESTRICT_ANONYMOUS_TO_TGT(false, "kdcdefaults"),
+    KDC_MAX_DGRAM_REPLY_SIZE(4096, "kdcdefaults"),
+
+    //logging location TODO the default log location need to be determinded.
+    DEFAULT(null, "logging"),
+    KDC(null, "logging"),
+    ADMIN_SERVER(null, "logging"),
+
+    //dbdefaults
+    LDAP_KERBEROS_CONTAINER_DN(null, "dbdefaults");
+
+    private Object defaultValue;
+    /**
+     * The name of a section where a config key is contained in MIT Kerberos config file.
+     */
+    private String sectionName;
+
+    private KdcConfigKey() {
+        this.defaultValue = null;
+    }
+
+    private KdcConfigKey(Object defaultValue) {
+        this.defaultValue = defaultValue;
+    }
+
+    private KdcConfigKey(Object defaultValue, String sectionName) {
+        this(defaultValue);
+        this.sectionName = sectionName;
+    }
+
+    /**
+     * Use the propertyKey, we can get the configuration value from Object Conf.
+     */
+    @Override
+    public String getPropertyKey() {
+        return name().toLowerCase();
+    }
+
+    @Override
+    public Object getDefaultValue() {
+        return this.defaultValue;
+    }
+
+    @Override
+    public String getSectionName() {
+        return sectionName;
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcContext.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcContext.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcContext.java
new file mode 100644
index 0000000..bb7b467
--- /dev/null
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcContext.java
@@ -0,0 +1,91 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.server;
+
+import org.apache.kerby.kerberos.kerb.identity.IdentityService;
+import org.apache.kerby.kerberos.kerb.server.preauth.PreauthHandler;
+import org.apache.kerby.kerberos.kerb.server.replay.ReplayCheckService;
+
+import java.util.List;
+
+public class KdcContext {
+    private KdcConfig config;
+    private List<String> supportedKdcRealms;
+    private String kdcRealm;
+    private IdentityService identityService;
+    private ReplayCheckService replayCache;
+    private PreauthHandler preauthHandler;
+
+    public void init(KdcConfig config) {
+        this.config = config;
+    }
+
+    public KdcConfig getConfig() {
+        return config;
+    }
+
+    public void setPreauthHandler(PreauthHandler preauthHandler) {
+        this.preauthHandler = preauthHandler;
+    }
+
+    public PreauthHandler getPreauthHandler() {
+        return this.preauthHandler;
+    }
+
+    public List<String> getSupportedKdcRealms() {
+        return supportedKdcRealms;
+    }
+
+    public void setSupportedKdcRealms(List<String> supportedKdcRealms) {
+        this.supportedKdcRealms = supportedKdcRealms;
+    }
+
+    public void setKdcRealm(String realm) {
+        this.kdcRealm = realm;
+    }
+
+    public String getServerRealm() {
+        return config.getKdcRealm();
+    }
+
+    public String getKdcRealm() {
+        if (kdcRealm != null) {
+            return kdcRealm;
+        }
+        return config.getKdcRealm();
+    }
+
+    public void setReplayCache(ReplayCheckService replayCache) {
+        this.replayCache = replayCache;
+    }
+
+    public ReplayCheckService getReplayCache() {
+        return replayCache;
+    }
+
+    public void setIdentityService(IdentityService identityService) {
+        this.identityService = identityService;
+    }
+
+
+    public IdentityService getIdentityService() {
+        return identityService;
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcHandler.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcHandler.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcHandler.java
new file mode 100644
index 0000000..a6e2803
--- /dev/null
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcHandler.java
@@ -0,0 +1,148 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.server;
+
+import org.apache.kerby.kerberos.kerb.common.KrbUtil;
+import org.apache.kerby.kerberos.kerb.identity.IdentityService;
+import org.apache.kerby.kerberos.kerb.server.preauth.PreauthHandler;
+import org.apache.kerby.kerberos.kerb.server.replay.ReplayCheckService;
+import org.apache.kerby.kerberos.kerb.server.request.AsRequest;
+import org.apache.kerby.kerberos.kerb.server.request.KdcRequest;
+import org.apache.kerby.kerberos.kerb.server.request.TgsRequest;
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.spec.common.KrbMessage;
+import org.apache.kerby.kerberos.kerb.spec.common.KrbMessageType;
+import org.apache.kerby.kerberos.kerb.spec.kdc.AsReq;
+import org.apache.kerby.kerberos.kerb.spec.kdc.KdcReq;
+import org.apache.kerby.kerberos.kerb.spec.kdc.TgsReq;
+import org.apache.haox.transport.MessageHandler;
+import org.apache.haox.transport.Transport;
+import org.apache.haox.transport.event.MessageEvent;
+import org.apache.haox.transport.tcp.TcpTransport;
+
+import java.net.InetSocketAddress;
+import java.nio.ByteBuffer;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+public class KdcHandler extends MessageHandler {
+
+    private List<String> kdcRealms = new ArrayList<String>(1);
+    private Map<String, KdcContext> kdcContexts;
+
+    private KdcConfig kdcConfig;
+    private PreauthHandler preauthHandler;
+
+    // TODO: per realm for below
+    private IdentityService identityService;
+    private ReplayCheckService replayCheckService;
+
+    /**
+     * Should be called when all the necessary properties are set
+     */
+    public void init() {
+        loadKdcRealms();
+
+        preauthHandler = new PreauthHandler();
+        preauthHandler.init(kdcConfig);
+
+        kdcContexts = new HashMap<String, KdcContext>(1);
+        for (String realm : kdcRealms) {
+            initRealmContext(realm);
+        }
+    }
+
+    private void initRealmContext(String kdcRealm) {
+        KdcContext kdcContext = new KdcContext();
+        kdcContext.init(kdcConfig);
+        kdcContext.setKdcRealm(kdcRealm);
+        kdcContext.setPreauthHandler(preauthHandler);
+        kdcContext.setIdentityService(identityService);
+        kdcContext.setReplayCache(replayCheckService);
+
+        kdcContexts.put(kdcRealm, kdcContext);
+    }
+
+    public void setKdcRealm(String realm) {
+        this.kdcRealms.add(realm);
+    }
+
+    public void setConfig(KdcConfig config) {
+        this.kdcConfig = config;
+    }
+
+    public void setIdentityService(IdentityService identityService) {
+        this.identityService = identityService;
+    }
+
+    @Override
+    protected void handleMessage(MessageEvent event) throws Exception {
+        ByteBuffer message = event.getMessage();
+        Transport transport = event.getTransport();
+
+        KrbMessage krbRequest = KrbUtil.decodeMessage(message);
+        KdcRequest kdcRequest = null;
+
+        KrbMessageType messageType = krbRequest.getMsgType();
+        if (messageType == KrbMessageType.TGS_REQ || messageType == KrbMessageType.AS_REQ) {
+            KdcReq kdcReq = (KdcReq) krbRequest;
+            String realm = getRequestRealm(kdcReq);
+            if (realm == null || !kdcContexts.containsKey(realm)) {
+                throw new KrbException("Invalid realm from kdc request: " + realm);
+            }
+
+            KdcContext kdcContext = kdcContexts.get(realm);
+            if (messageType == KrbMessageType.TGS_REQ) {
+                kdcRequest = new TgsRequest((TgsReq) kdcReq, kdcContext);
+            } else if (messageType == KrbMessageType.AS_REQ) {
+                kdcRequest = new AsRequest((AsReq) kdcReq, kdcContext);
+            }
+        }
+
+        InetSocketAddress clientAddress = transport.getRemoteAddress();
+        kdcRequest.setClientAddress(clientAddress.getAddress());
+        boolean isTcp = (transport instanceof TcpTransport);
+        kdcRequest.isTcp(isTcp);
+
+        kdcRequest.process();
+
+        KrbMessage krbResponse = kdcRequest.getReply();
+        KrbUtil.sendMessage(krbResponse, transport);
+    }
+
+    private void loadKdcRealms() {
+        if (kdcRealms.isEmpty()) {
+            kdcRealms.add(kdcConfig.getKdcRealm());
+        }
+    }
+
+    private String getRequestRealm(KdcReq kdcReq) {
+        String realm = kdcReq.getReqBody().getRealm();
+        if (realm == null && kdcReq.getReqBody().getCname() != null) {
+            realm = kdcReq.getReqBody().getCname().getRealm();
+        }
+        if (realm == null || realm.isEmpty()) {
+            realm = "NULL-KDC-REALM";
+        }
+        return realm;
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcServer.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcServer.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcServer.java
new file mode 100644
index 0000000..b298cf2
--- /dev/null
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcServer.java
@@ -0,0 +1,196 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.server;
+
+import org.apache.haox.event.EventHub;
+import org.apache.kerby.kerberos.kerb.common.KrbStreamingDecoder;
+import org.apache.kerby.kerberos.kerb.identity.IdentityService;
+import org.apache.haox.transport.Network;
+
+import java.io.File;
+
+public class KdcServer {
+    private String kdcHost;
+    private short kdcTcpPort;
+    private short kdcUdpPort;
+    private String kdcRealm;
+
+    private boolean started;
+    private String serviceName = "HaoxKdc";
+
+    private KdcHandler kdcHandler;
+    private EventHub eventHub;
+
+    protected KdcConfig kdcConfig;
+    protected IdentityService identityService;
+    protected File workDir;
+
+    public KdcServer() {
+        kdcConfig = new KdcConfig();
+    }
+
+    public void init() {
+        initConfig();
+
+        initWorkDir();
+    }
+
+    protected void initWorkDir() {
+        String path = kdcConfig.getWorkDir();
+        File file;
+        if (path != null) {
+            file = new File(path);
+            file.mkdirs();
+        } else {
+            file = new File(".");
+        }
+
+        this.workDir = file;
+    }
+
+    protected void initConfig() {}
+
+    public void start() {
+        try {
+            doStart();
+        } catch (Exception e) {
+            throw new RuntimeException("Failed to start " + getServiceName(), e);
+        }
+
+        started = true;
+    }
+
+    public String getKdcRealm() {
+        if (kdcRealm != null) {
+            return kdcRealm;
+        }
+        return kdcConfig.getKdcRealm();
+    }
+
+    private String getKdcHost() {
+        if (kdcHost != null) {
+            return kdcHost;
+        }
+        return kdcConfig.getKdcHost();
+    }
+
+    private short getKdcTcpPort() {
+        if (kdcTcpPort > 0) {
+            return kdcTcpPort;
+        }
+        return kdcConfig.getKdcTcpPort();
+    }
+
+    private short getKdcUdpPort() {
+        if (kdcUdpPort > 0) {
+            return kdcUdpPort;
+        }
+        return kdcConfig.getKdcUdpPort();
+    }
+
+    public void setKdcHost(String kdcHost) {
+        this.kdcHost = kdcHost;
+    }
+
+    public void setKdcTcpPort(short kdcTcpPort) {
+        this.kdcTcpPort = kdcTcpPort;
+    }
+
+    public void setKdcUdpPort(short kdcUdpPort) {
+        this.kdcUdpPort = kdcUdpPort;
+    }
+
+    public void setKdcRealm(String realm) {
+        this.kdcRealm = realm;
+    }
+
+    public boolean enableDebug() {
+        return kdcConfig.enableDebug();
+    }
+
+    protected void doStart() throws Exception {
+        prepareHandler();
+
+        this.eventHub = new EventHub();
+
+        eventHub.register(kdcHandler);
+
+        Network network = new Network();
+        network.setStreamingDecoder(new KrbStreamingDecoder());
+        eventHub.register(network);
+
+        eventHub.start();
+        network.tcpListen(getKdcHost(), getKdcTcpPort());
+        network.udpListen(getKdcHost(), getKdcUdpPort());
+    }
+
+    private void prepareHandler() {
+        this.kdcHandler = new KdcHandler();
+        kdcHandler.setConfig(kdcConfig);
+        kdcHandler.setIdentityService(identityService);
+        if (kdcRealm != null) {
+            kdcHandler.setKdcRealm(kdcRealm);
+        }
+        kdcHandler.init();
+    }
+
+    public void stop() {
+        try {
+            doStop();
+        } catch (Exception e) {
+            throw new RuntimeException("Failed to stop " + getServiceName());
+        }
+    }
+
+    protected void doStop() throws Exception {
+        eventHub.stop();
+    }
+
+    public KdcConfig getConfig() {
+        return kdcConfig;
+    }
+
+    public boolean isStarted() {
+        return started;
+    }
+
+    protected void setStarted( boolean started ) {
+        this.started = started;
+    }
+
+    protected void setServiceName( String name ) {
+        this.serviceName = name;
+    }
+
+    protected String getServiceName() {
+        if (serviceName != null) {
+            return serviceName;
+        }
+        return kdcConfig.getKdcServiceName();
+    }
+
+    public IdentityService getIdentityService() {
+        return identityService;
+    }
+
+    protected void setIdentityService(IdentityService identityService) {
+        this.identityService = identityService;
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/SimpleKdcServer.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/SimpleKdcServer.java b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/SimpleKdcServer.java
new file mode 100644
index 0000000..4cc0b35
--- /dev/null
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/SimpleKdcServer.java
@@ -0,0 +1,43 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.server;
+
+import org.apache.kerby.kerberos.kerb.identity.IdentityService;
+import org.apache.kerby.kerberos.kerb.identity.backend.SimpleIdentityBackend;
+
+import java.io.File;
+
+public class SimpleKdcServer extends KdcServer {
+
+    public SimpleKdcServer() {
+        super();
+    }
+
+    public void init() {
+        super.init();
+        initIdentityService();
+    }
+
+    protected void initIdentityService() {
+        File identityFile = new File(workDir, "simplekdb.dat");
+        IdentityService identityService = new SimpleIdentityBackend(identityFile);
+        setIdentityService(identityService);
+    }
+}
\ No newline at end of file


Mime
View raw message