directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dran...@apache.org
Subject [3/3] directory-kerby git commit: Introduced kerby-kdc-test module for integration tests
Date Sat, 21 Mar 2015 12:11:45 GMT
Introduced kerby-kdc-test module for integration tests


Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/c59056a8
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/c59056a8
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/c59056a8

Branch: refs/heads/master
Commit: c59056a8e1587ff1da2dcc5ed6fe8f3b763376c7
Parents: 8074931
Author: Drankye <drankye@gmail.com>
Authored: Sat Mar 21 20:11:14 2015 +0800
Committer: Drankye <drankye@gmail.com>
Committed: Sat Mar 21 20:11:14 2015 +0800

----------------------------------------------------------------------
 kerby-dist/kdc-dist/bin/start-kdc.sh            |   2 +-
 kerby-kdc-test/pom.xml                          |  76 ++++++++++++
 kerby-kdc-test/src/main/resources/cacert.pem    |  23 ++++
 kerby-kdc-test/src/main/resources/cakey.pem     |  27 +++++
 .../src/main/resources/extensions.kdc           |  36 ++++++
 kerby-kdc-test/src/main/resources/kdc-krb5.conf |  25 ++++
 kerby-kdc-test/src/main/resources/kdc.ldiff     |  46 +++++++
 kerby-kdc-test/src/main/resources/kdccert.pem   |  26 ++++
 kerby-kdc-test/src/main/resources/kdckey.pem    |  27 +++++
 kerby-kdc-test/src/main/resources/usercert.pem  |  26 ++++
 kerby-kdc-test/src/main/resources/userkey.pem   |  27 +++++
 .../kerby/kerberos/kdc/JsonBackendKdcTest.java  |  55 +++++++++
 .../org/apache/kerby/kerberos/kdc/KdcTest.java  |  87 +++++++++++++
 .../kerby/kerberos/kdc/WithCertKdcTest.java     | 101 ++++++++++++++++
 .../kerby/kerberos/kdc/WithTokenKdcTest.java    |  73 +++++++++++
 .../kerby/kerberos/kdc/KerbyKdcServer.java      | 102 ++++++++++++++++
 .../kerberos/kdc/server/KerbyKdcServer.java     | 102 ----------------
 .../kerby/kerberos/kdc/server/KdcTest.java      |   1 +
 kerby-kerb/kerb-kdc-test/pom.xml                |  11 +-
 .../kerby/kerberos/kerb/server/KdcTestBase.java | 121 +++++++++++++++++++
 .../kerberos/kerb/server/TestKdcServer.java     | 117 ++++++++++++++++++
 .../kerb-kdc-test/src/main/resources/cacert.pem |  23 ----
 .../kerb-kdc-test/src/main/resources/cakey.pem  |  27 -----
 .../src/main/resources/extensions.kdc           |  36 ------
 .../src/main/resources/kdc-krb5.conf            |  25 ----
 .../kerb-kdc-test/src/main/resources/kdc.ldiff  |  46 -------
 .../src/main/resources/kdccert.pem              |  26 ----
 .../kerb-kdc-test/src/main/resources/kdckey.pem |  27 -----
 .../src/main/resources/usercert.pem             |  26 ----
 .../src/main/resources/userkey.pem              |  27 -----
 .../kerb/server/JsonBackendKdcTest.java         |  53 --------
 .../kerby/kerberos/kerb/server/KdcTestBase.java | 121 -------------------
 .../kerberos/kerb/server/TestKdcServer.java     | 117 ------------------
 .../kerberos/kerb/server/WithCertKdcTest.java   |  98 ---------------
 .../kerberos/kerb/server/WithTokenKdcTest.java  |  57 ---------
 pom.xml                                         |   1 +
 36 files changed, 1006 insertions(+), 815 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/c59056a8/kerby-dist/kdc-dist/bin/start-kdc.sh
----------------------------------------------------------------------
diff --git a/kerby-dist/kdc-dist/bin/start-kdc.sh b/kerby-dist/kdc-dist/bin/start-kdc.sh
index b094677..cc48060 100644
--- a/kerby-dist/kdc-dist/bin/start-kdc.sh
+++ b/kerby-dist/kdc-dist/bin/start-kdc.sh
@@ -1,2 +1,2 @@
 #!/bin/bash
-java -Xdebug -Xrunjdwp:transport=dt_socket,address=1044,server=y,suspend=n -cp ../lib/kerb-server-1.0-SNAPSHOT-jar-with-dependencies.jar:../lib/Json-identity-backend-1.0-SNAPSHOT.jar:../lib/ldap-identity-backend-1.0-SNAPSHOT.jar:../lib/zookeeper-backend-1.0-SNAPSHOT.jar:../lib/kerby-kdc-1.0-SNAPSHOT.jar org.apache.kerby.kerberos.kdc.server.KerbyKdcServer $@
+java -Xdebug -Xrunjdwp:transport=dt_socket,address=1044,server=y,suspend=n -cp ../lib/kerb-server-1.0-SNAPSHOT-jar-with-dependencies.jar:../lib/Json-identity-backend-1.0-SNAPSHOT.jar:../lib/ldap-identity-backend-1.0-SNAPSHOT.jar:../lib/zookeeper-backend-1.0-SNAPSHOT.jar:../lib/kerby-kdc-1.0-SNAPSHOT.jar org.apache.kerby.kerberos.kdc.KerbyKdcServer $@

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/c59056a8/kerby-kdc-test/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/pom.xml b/kerby-kdc-test/pom.xml
new file mode 100644
index 0000000..d5a96a5
--- /dev/null
+++ b/kerby-kdc-test/pom.xml
@@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed under the Apache License, Version 2.0 (the "License");
+  you may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License. See accompanying LICENSE file.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+
+  <parent>
+    <groupId>org.apache.kerby</groupId>
+    <artifactId>kerby-all</artifactId>
+    <version>1.0-SNAPSHOT</version>
+  </parent>
+
+  <artifactId>kerby-kdc-test</artifactId>
+
+  <name>Kerby Kdc Test</name>
+  <description>Kerby Kdc Test</description>
+
+  <dependencies>
+    <dependency>
+      <groupId>org.apache.kerby</groupId>
+      <artifactId>kerby-config</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.kerby</groupId>
+      <artifactId>kerb-core</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.kerby</groupId>
+      <artifactId>kerb-util</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.kerby</groupId>
+      <artifactId>kerb-server</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.kerby</groupId>
+      <artifactId>kerb-client</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.kerby</groupId>
+      <artifactId>kerb-kdc-test</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.kerby</groupId>
+      <artifactId>Json-identity-backend</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.kerby</groupId>
+      <artifactId>token-provider</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.kerby</groupId>
+      <artifactId>pki-provider</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+  </dependencies>
+</project>

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/c59056a8/kerby-kdc-test/src/main/resources/cacert.pem
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/main/resources/cacert.pem b/kerby-kdc-test/src/main/resources/cacert.pem
new file mode 100644
index 0000000..6b91561
--- /dev/null
+++ b/kerby-kdc-test/src/main/resources/cacert.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID6zCCAtOgAwIBAgIJAMrZoeDxTzwWMA0GCSqGSIb3DQEBBQUAMIGLMQswCQYD
+VQQGEwJjaDERMA8GA1UECAwIc2hhbmdoYWkxETAPBgNVBAcMCHNoYW5naGFpMQ4w
+DAYDVQQKDAVpbnRlbDEQMA4GA1UECwwHYmlnZGF0YTEQMA4GA1UEAwwHYmlnZGF0
+YTEiMCAGCSqGSIb3DQEJARYTa2FpLnpoZW5nQGludGVsLmNvbTAeFw0xNDA1MTMx
+MzEzMjdaFw0yNDA1MTAxMzEzMjdaMIGLMQswCQYDVQQGEwJjaDERMA8GA1UECAwI
+c2hhbmdoYWkxETAPBgNVBAcMCHNoYW5naGFpMQ4wDAYDVQQKDAVpbnRlbDEQMA4G
+A1UECwwHYmlnZGF0YTEQMA4GA1UEAwwHYmlnZGF0YTEiMCAGCSqGSIb3DQEJARYT
+a2FpLnpoZW5nQGludGVsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAMCznJJ02ZUjCPvAwnBmfPs0akb5QRc/NKu8kCtAPWzgHS2JPTQfJhkDbTAD
+eIlg8IeJpOdrYnzdaBCzgxqjSkls+vxjYotOU0Zbrpy2bj0lRDqdYbNsiuConKgT
+MeuDEd/4ZI0X9NWLAi06Iv1F4mHXf36c6uqiUWTtXiofogrFUoTRwACKR2qeC95X
+Py+FDmpS9lz0mo0vDWjetLQC2IBngjjPFdR16n87QDIWfRBkk66rn7rEA6Li66b/
+cToajMSA/n+2Ud1mntSY4RdDdd0TBtAq9RrXtUOfzGaE7S6t+FtYyEprvT4FdOTU
+uyYgSNaI9ANVP1zhQ9LACKuudOECAwEAAaNQME4wHQYDVR0OBBYEFD91SVOejfwx
+u33+5N0TdYbHJbgAMB8GA1UdIwQYMBaAFD91SVOejfwxu33+5N0TdYbHJbgAMAwG
+A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBADsONtUqGNBPBXnRowcJwv+Y
+F1Vea+4dkBwYbhkiO6H5XMKr+waOnOD2eAvgP4aeYg/a0xOzzETRD9wi1Z1P1ZMy
+d/NzHQjj4egPENwDv1PH2voZgsXXzXIqUMOtz9t12TuJUrSA2SBW1tz/evckHhNY
+fHg4ThvTIgwEdV/yvrOEBLV9dXG5IhhF+NW1MegTGkt4SpOoH1pi3o9VekVRnix9
+xrIdaC4Ee6vQaR603HwDS9Y+a1c2KU7QoLX8Vaa904cQ+rxhGsTAkocnZXeo6Hl5
+V8BlDYXxeP86fzcWi04ll2BmEEw/RimHEOLpGqxTVHJ5p5BVSCHP8aCD0VJheaU=
+-----END CERTIFICATE-----

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/c59056a8/kerby-kdc-test/src/main/resources/cakey.pem
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/main/resources/cakey.pem b/kerby-kdc-test/src/main/resources/cakey.pem
new file mode 100644
index 0000000..66dc806
--- /dev/null
+++ b/kerby-kdc-test/src/main/resources/cakey.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAwLOcknTZlSMI+8DCcGZ8+zRqRvlBFz80q7yQK0A9bOAdLYk9
+NB8mGQNtMAN4iWDwh4mk52tifN1oELODGqNKSWz6/GNii05TRluunLZuPSVEOp1h
+s2yK4KicqBMx64MR3/hkjRf01YsCLToi/UXiYdd/fpzq6qJRZO1eKh+iCsVShNHA
+AIpHap4L3lc/L4UOalL2XPSajS8NaN60tALYgGeCOM8V1HXqfztAMhZ9EGSTrquf
+usQDouLrpv9xOhqMxID+f7ZR3Wae1JjhF0N13RMG0Cr1Gte1Q5/MZoTtLq34W1jI
+Smu9PgV05NS7JiBI1oj0A1U/XOFD0sAIq6504QIDAQABAoIBAHqFeMax3unxBbQ0
+Aiy/LTX3RJ9tuZITUOTklnG5fZStBkA+oxhxuaJryE+f1VLbvPMgdCXj5BHqIFGG
+IZSdQA1hak9wzWYvXck9X88qOvtLp47xI/6Vw9NFwZ0n3zST+JiD8UK4eaYQpUim
+Tzrj5SU6hEi3crHOlJvsRFPaGwhnA9wycoOo4o22XBj3C8Hwzi4vWcKXH/RCSwZQ
+zFuYbe77Pn9Sv5q5zdglkmm7wngoVt/aKQke/Vk+Eincx1V12b05DNLjugo6FWQh
+0f2MmHpvqNSHs9USC5+y2lKQ1JNHh7mnpPCXkZEH4V7q+3mKVzl9tXzj9Gul20pw
+tneD6WUCgYEA9QUrQoWHKeVMjeukHjDJa2KjRLMmg9YRQyVABH9+nQTp1jYUjMRA
+GUoUx91gG6gjjJD/xvor/U0Fh3vKtZE93c+avrcaYDwf3q/L4gh+3b87lVDfzjrp
+L+MPTpEzWiyyLfr/kLA0TgUjnrj9bav5uDps8mJpNf8s9ZP1/QDhF5sCgYEAyVZA
+pHSIyBI2GT0+92JXvYDK/ZfV5m4RGHaG/PMDoU4IbGbjHVyzzsyzDUgvOASXwfF8
+YzwX7Tf95RZw12P/Jepxt0vqBJPKUCsMLUrmANQvN1Pz8+Vk6UADLM7kNc06MqB9
+/U3GKCFZZuedEhbgXnEV9gzelhILImJGZMxG0zMCgYApymnofLHjGXMHOcvSQmv4
+XuiODShikB59n1rd6YkE6xOfL7YtlEOCjLoipMWBshnuHcUigQUDvSFWTGz0rwMo
+VAKGyOA8zcR5zO4vbVeGJtnYy+SAXlfrjQTNV8K0fK8fXJI+cW9aZ1H9/ntrO0vq
+ejye0t4zEYTvlf782iuKRQKBgQCnTQ7mGRfX+JoPmv8JniR+idkjpNnPYsK96y/8
+XQs1LJx/R3eN3IxlWV+nt8XU7KwWMs5Dv5m6Ov61MFKQCL3qCch4oZJSP2Sr/Tlf
+IY/CPI8HkLF0h7e0wsZgo4Kq2mBz1T0cEVaJ3jxl8Cxq7at/jsTK8qK7XT73UWZh
+OAXaVQKBgDmg2QTX7c0/dbDMOuw18g3xfE/oqU+VWT784wtvpcdjHR+KAVLWHG8l
+oc/bm8Bs0o0f5dfH7uUvWdP6JMvbgYZBgIMqw+iH8P2lFCLzIRf0me/l+r0Oi64U
+5jp9K+7Ggc7S0SSnCLmBLMN5lXQZbhzks1La7DZmFeAz8rOEnlUB
+-----END RSA PRIVATE KEY-----

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/c59056a8/kerby-kdc-test/src/main/resources/extensions.kdc
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/main/resources/extensions.kdc b/kerby-kdc-test/src/main/resources/extensions.kdc
new file mode 100644
index 0000000..8052f71
--- /dev/null
+++ b/kerby-kdc-test/src/main/resources/extensions.kdc
@@ -0,0 +1,36 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+[kdc_cert]
+basicConstraints=CA:FALSE
+keyUsage=nonRepudiation,digitalSignature,keyEncipherment,keyAgreement
+extendedKeyUsage=1.3.6.1.5.2.3.5
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+issuerAltName=issuer:copy
+subjectAltName=otherName:1.3.6.1.5.2.2;SEQUENCE:kdc_princ_name
+
+[kdc_princ_name]
+realm=EXP:0,GeneralString:${ENV::REALM}
+principal_name=EXP:1,SEQUENCE:kdc_principal_seq
+
+[kdc_principal_seq]
+name_type=EXP:0,INTEGER:1
+name_string=EXP:1,SEQUENCE:kdc_principals
+
+[kdc_principals]
+princ1=GeneralString:krbtgt
+princ2=GeneralString:${ENV::REALM}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/c59056a8/kerby-kdc-test/src/main/resources/kdc-krb5.conf
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/main/resources/kdc-krb5.conf b/kerby-kdc-test/src/main/resources/kdc-krb5.conf
new file mode 100644
index 0000000..d118dd1
--- /dev/null
+++ b/kerby-kdc-test/src/main/resources/kdc-krb5.conf
@@ -0,0 +1,25 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+[libdefaults]
+    default_realm = {0}
+    udp_preference_limit = 1
+
+[realms]
+    {0} = '{'
+        kdc = {1}:{2}
+    '}'
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/c59056a8/kerby-kdc-test/src/main/resources/kdc.ldiff
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/main/resources/kdc.ldiff b/kerby-kdc-test/src/main/resources/kdc.ldiff
new file mode 100644
index 0000000..bc989c3
--- /dev/null
+++ b/kerby-kdc-test/src/main/resources/kdc.ldiff
@@ -0,0 +1,46 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+dn: ou=users,dc=${0},dc=${1}
+objectClass: organizationalUnit
+objectClass: top
+ou: users
+
+dn: uid=krbtgt,ou=users,dc=${0},dc=${1}
+objectClass: top
+objectClass: person
+objectClass: inetOrgPerson
+objectClass: krb5principal
+objectClass: krb5kdcentry
+cn: KDC Service
+sn: Service
+uid: krbtgt
+userPassword: secret
+krb5PrincipalName: krbtgt/${2}.${3}@${2}.${3}
+krb5KeyVersionNumber: 0
+
+dn: uid=ldap,ou=users,dc=${0},dc=${1}
+objectClass: top
+objectClass: person
+objectClass: inetOrgPerson
+objectClass: krb5principal
+objectClass: krb5kdcentry
+cn: LDAP
+sn: Service
+uid: ldap
+userPassword: secret
+krb5PrincipalName: ldap/${4}@${2}.${3}
+krb5KeyVersionNumber: 0

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/c59056a8/kerby-kdc-test/src/main/resources/kdccert.pem
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/main/resources/kdccert.pem b/kerby-kdc-test/src/main/resources/kdccert.pem
new file mode 100644
index 0000000..67e538c
--- /dev/null
+++ b/kerby-kdc-test/src/main/resources/kdccert.pem
@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEYjCCA0qgAwIBAgIJAL2ZFUkXCgK2MA0GCSqGSIb3DQEBBQUAMIGLMQswCQYD
+VQQGEwJjaDERMA8GA1UECAwIc2hhbmdoYWkxETAPBgNVBAcMCHNoYW5naGFpMQ4w
+DAYDVQQKDAVpbnRlbDEQMA4GA1UECwwHYmlnZGF0YTEQMA4GA1UEAwwHYmlnZGF0
+YTEiMCAGCSqGSIb3DQEJARYTa2FpLnpoZW5nQGludGVsLmNvbTAeFw0xNDA1MTMx
+MzI3MjFaFw0xNTA1MTMxMzI3MjFaMIGLMQswCQYDVQQGEwJjaDERMA8GA1UECAwI
+c2hhbmdoYWkxETAPBgNVBAcMCHNoYW5naGFpMQ4wDAYDVQQKDAVpbnRlbDEQMA4G
+A1UECwwHYmlnZGF0YTEQMA4GA1UEAwwHYmlnZGF0YTEiMCAGCSqGSIb3DQEJARYT
+a2FpLnpoZW5nQGludGVsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAMs0jF1fi5AVMunQ/jpxgSjRlpmVQyT//LrwBmyI77C+hCD4z/InoG4q2tl5
+fAH+2n7HHgon4E0QXyRxAz0+Ugun7qHW9oT2pnxoc1l8seyGNMK9adsxLpCv7RXK
+quqLcj34UQCzRDKxgkH5UBwxGY0kId0W1MqPh1LZRZIk1hakREC4DBj+slnDkN0s
+nh8pC/8q/hTPJ9QrqWT6oc1FjMVKz3FxFbxXELYxg4M6SXnzGzdWa3xSe4Ou0QO2
+EwncQUoo8N6plOKX5lncDhC2usT//AZHvKdcVmOwX0ByxZqGQIXk7g1kbsbG5m45
+JMjt/HnOQcfg88iSLKJZu+ODw00CAwEAAaOBxjCBwzAJBgNVHRMEAjAAMAsGA1Ud
+DwQEAwID6DASBgNVHSUECzAJBgcrBgEFAgMFMB0GA1UdDgQWBBS8Bmb9kTUkw61e
+Is+9KDV5U6JjyjAfBgNVHSMEGDAWgBQ/dUlTno38Mbt9/uTdE3WGxyW4ADAJBgNV
+HRIEAjAAMEoGA1UdEQRDMEGgPwYGKwYBBQICoDUwM6AOGwxTSC5JTlRFTC5DT02h
+ITAfoAMCAQGhGDAWGwZrcmJ0Z3QbDFNILklOVEVMLkNPTTANBgkqhkiG9w0BAQUF
+AAOCAQEAS/I0zH9ByFcXTF56I5aPmPdzYKpIpFF6Kkwyw0M2EuIcTcpDl74/xmq9
+YPHS6TSDAt3wHzs9JQlSWah04L0R+IgHVacLRgdXfTWqglFFH/pve3p49WCrYmWz
+txQeRV5dxzaE3oTdDq15DRkUJmt0GIk1x6ehrGZOpIL8oTFmVmnR7EgrKWlIMYCs
+R/GkEuCH15wadom/Hw5Db1KLPEjxCdwy947guOh4SO0fcW3h55V3troS/46TbVFF
+FvNSqGD+19/QM/MhLIy5OnTxOio8M9zp+yfDlzLnpbMi0ZO6tLvB4XhjvP0as34c
+5vCA/8HPfaearSyAYi2Ir9vT3O9J/w==
+-----END CERTIFICATE-----

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/c59056a8/kerby-kdc-test/src/main/resources/kdckey.pem
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/main/resources/kdckey.pem b/kerby-kdc-test/src/main/resources/kdckey.pem
new file mode 100644
index 0000000..c9e75e2
--- /dev/null
+++ b/kerby-kdc-test/src/main/resources/kdckey.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAyzSMXV+LkBUy6dD+OnGBKNGWmZVDJP/8uvAGbIjvsL6EIPjP
+8iegbira2Xl8Af7afsceCifgTRBfJHEDPT5SC6fuodb2hPamfGhzWXyx7IY0wr1p
+2zEukK/tFcqq6otyPfhRALNEMrGCQflQHDEZjSQh3RbUyo+HUtlFkiTWFqREQLgM
+GP6yWcOQ3SyeHykL/yr+FM8n1CupZPqhzUWMxUrPcXEVvFcQtjGDgzpJefMbN1Zr
+fFJ7g67RA7YTCdxBSijw3qmU4pfmWdwOELa6xP/8Bke8p1xWY7BfQHLFmoZAheTu
+DWRuxsbmbjkkyO38ec5Bx+DzyJIsolm744PDTQIDAQABAoIBAQC4Byb3iQgDvK8X
+QcZ7dz/Zj7Yr8RmV8J8ZTTcEJB+umVtf4PWyAGEyZG0+dt7vj7ahCgMSf3qLUEBZ
+6F9en4n+NF/RAbTQRfAQyydr65nW8tPlaVTsxWW+cxTrn1eagh88MB5r2+3vWwL0
+bK04Wt8hC4//giXELKgJR+vRprqcVRgy11nYaTP59IDdg4YscbHfc/LYa7ABQ1G5
+5NKtjMy13UvtD/4C3TS1NpL2xtzAgQRe3XFDIyOmv476Ts1boqSHBFX+MXmLBAfi
+8Qhaj1DO8A0HS/c4egcL6esCe4kcgtCuq66n8JzOlVbCDGOYIUkUyQ9Nfo31M5i5
+XhqF9CsBAoGBAP7PqkncLAvyjHQKPpDyWCBtkV7z+DWRZRPz4w8tit+TiAv6hRF7
+kK+NUhP1mBuS4duyEV58B8LWOR0ir7ftbL0/unxR1XWMOvTEHr/9lG1sKZoI0dJS
+Ee+VvuVFwdm/ABxfnveGCRrSHY7GAvFln3gC1Cst3NPPKbpznb3FiH/JAoGBAMwn
+P1Labt/OuzB70Vxve3TCeFA6jYzcYdA3riv1V0FIWoNgcQ742b0+6HDpEQgn4Rdb
+KiKz8hSplM1nx8NyWwS9r7gRQ9HIc0qC5S4A0A9QEbdKrkUiQDlwHgdDKPPCWih9
+qH05etiQ044BtOq7uXsWYqiIomOW/XyDUEhbRRFlAoGALmVnj01Mo9xFILfgzomh
+7D2nE4/+qNpRekGVHWVgfPci9XNnGVjTbnOf90xnptWm1Fbm/Lo+u4ZAHgL71dSg
+UREyhoJsCJxA++Jd6v1kMkxYgtiKQ+53n5U3jg2Wj2xMu93ZVx6Lt9t8UEvTq1qi
+n7p8IWSXaeW1pmJ43V4DTakCgYAFcSpj+ASqnKUqxrIvB52/4As7AESTs7A7z7Ap
+5dFcoSQgimqZHpMXU1z43Y2hrQZ4C+sUn71dRaP80b5mfF7mwnOzsWogZnqESvb3
+AfiJ3/WI8Emy+BXEMjPqt6SY0t56Y9cg925J5ZpuF6eN9lEccd1RZssFYpoBPrLe
+KuitbQKBgQC3DNejUqol2max6rf4h/GnwLE2BOTmFLnswexlw76p/63Jo1SaVpk7
+9nAltsqNCl4L/eAJ8hJdeTE5YVjYsgAVJrXZbiRfxHBMeHj9g0d1VafGqdomKf0R
+7Qytlcvsw8jn96ckEMPPLJF0bX5cu9S6lMyEbb6Ih41P13uvgP6ufg==
+-----END RSA PRIVATE KEY-----

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/c59056a8/kerby-kdc-test/src/main/resources/usercert.pem
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/main/resources/usercert.pem b/kerby-kdc-test/src/main/resources/usercert.pem
new file mode 100644
index 0000000..67e538c
--- /dev/null
+++ b/kerby-kdc-test/src/main/resources/usercert.pem
@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEYjCCA0qgAwIBAgIJAL2ZFUkXCgK2MA0GCSqGSIb3DQEBBQUAMIGLMQswCQYD
+VQQGEwJjaDERMA8GA1UECAwIc2hhbmdoYWkxETAPBgNVBAcMCHNoYW5naGFpMQ4w
+DAYDVQQKDAVpbnRlbDEQMA4GA1UECwwHYmlnZGF0YTEQMA4GA1UEAwwHYmlnZGF0
+YTEiMCAGCSqGSIb3DQEJARYTa2FpLnpoZW5nQGludGVsLmNvbTAeFw0xNDA1MTMx
+MzI3MjFaFw0xNTA1MTMxMzI3MjFaMIGLMQswCQYDVQQGEwJjaDERMA8GA1UECAwI
+c2hhbmdoYWkxETAPBgNVBAcMCHNoYW5naGFpMQ4wDAYDVQQKDAVpbnRlbDEQMA4G
+A1UECwwHYmlnZGF0YTEQMA4GA1UEAwwHYmlnZGF0YTEiMCAGCSqGSIb3DQEJARYT
+a2FpLnpoZW5nQGludGVsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAMs0jF1fi5AVMunQ/jpxgSjRlpmVQyT//LrwBmyI77C+hCD4z/InoG4q2tl5
+fAH+2n7HHgon4E0QXyRxAz0+Ugun7qHW9oT2pnxoc1l8seyGNMK9adsxLpCv7RXK
+quqLcj34UQCzRDKxgkH5UBwxGY0kId0W1MqPh1LZRZIk1hakREC4DBj+slnDkN0s
+nh8pC/8q/hTPJ9QrqWT6oc1FjMVKz3FxFbxXELYxg4M6SXnzGzdWa3xSe4Ou0QO2
+EwncQUoo8N6plOKX5lncDhC2usT//AZHvKdcVmOwX0ByxZqGQIXk7g1kbsbG5m45
+JMjt/HnOQcfg88iSLKJZu+ODw00CAwEAAaOBxjCBwzAJBgNVHRMEAjAAMAsGA1Ud
+DwQEAwID6DASBgNVHSUECzAJBgcrBgEFAgMFMB0GA1UdDgQWBBS8Bmb9kTUkw61e
+Is+9KDV5U6JjyjAfBgNVHSMEGDAWgBQ/dUlTno38Mbt9/uTdE3WGxyW4ADAJBgNV
+HRIEAjAAMEoGA1UdEQRDMEGgPwYGKwYBBQICoDUwM6AOGwxTSC5JTlRFTC5DT02h
+ITAfoAMCAQGhGDAWGwZrcmJ0Z3QbDFNILklOVEVMLkNPTTANBgkqhkiG9w0BAQUF
+AAOCAQEAS/I0zH9ByFcXTF56I5aPmPdzYKpIpFF6Kkwyw0M2EuIcTcpDl74/xmq9
+YPHS6TSDAt3wHzs9JQlSWah04L0R+IgHVacLRgdXfTWqglFFH/pve3p49WCrYmWz
+txQeRV5dxzaE3oTdDq15DRkUJmt0GIk1x6ehrGZOpIL8oTFmVmnR7EgrKWlIMYCs
+R/GkEuCH15wadom/Hw5Db1KLPEjxCdwy947guOh4SO0fcW3h55V3troS/46TbVFF
+FvNSqGD+19/QM/MhLIy5OnTxOio8M9zp+yfDlzLnpbMi0ZO6tLvB4XhjvP0as34c
+5vCA/8HPfaearSyAYi2Ir9vT3O9J/w==
+-----END CERTIFICATE-----

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/c59056a8/kerby-kdc-test/src/main/resources/userkey.pem
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/main/resources/userkey.pem b/kerby-kdc-test/src/main/resources/userkey.pem
new file mode 100644
index 0000000..c9e75e2
--- /dev/null
+++ b/kerby-kdc-test/src/main/resources/userkey.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAyzSMXV+LkBUy6dD+OnGBKNGWmZVDJP/8uvAGbIjvsL6EIPjP
+8iegbira2Xl8Af7afsceCifgTRBfJHEDPT5SC6fuodb2hPamfGhzWXyx7IY0wr1p
+2zEukK/tFcqq6otyPfhRALNEMrGCQflQHDEZjSQh3RbUyo+HUtlFkiTWFqREQLgM
+GP6yWcOQ3SyeHykL/yr+FM8n1CupZPqhzUWMxUrPcXEVvFcQtjGDgzpJefMbN1Zr
+fFJ7g67RA7YTCdxBSijw3qmU4pfmWdwOELa6xP/8Bke8p1xWY7BfQHLFmoZAheTu
+DWRuxsbmbjkkyO38ec5Bx+DzyJIsolm744PDTQIDAQABAoIBAQC4Byb3iQgDvK8X
+QcZ7dz/Zj7Yr8RmV8J8ZTTcEJB+umVtf4PWyAGEyZG0+dt7vj7ahCgMSf3qLUEBZ
+6F9en4n+NF/RAbTQRfAQyydr65nW8tPlaVTsxWW+cxTrn1eagh88MB5r2+3vWwL0
+bK04Wt8hC4//giXELKgJR+vRprqcVRgy11nYaTP59IDdg4YscbHfc/LYa7ABQ1G5
+5NKtjMy13UvtD/4C3TS1NpL2xtzAgQRe3XFDIyOmv476Ts1boqSHBFX+MXmLBAfi
+8Qhaj1DO8A0HS/c4egcL6esCe4kcgtCuq66n8JzOlVbCDGOYIUkUyQ9Nfo31M5i5
+XhqF9CsBAoGBAP7PqkncLAvyjHQKPpDyWCBtkV7z+DWRZRPz4w8tit+TiAv6hRF7
+kK+NUhP1mBuS4duyEV58B8LWOR0ir7ftbL0/unxR1XWMOvTEHr/9lG1sKZoI0dJS
+Ee+VvuVFwdm/ABxfnveGCRrSHY7GAvFln3gC1Cst3NPPKbpznb3FiH/JAoGBAMwn
+P1Labt/OuzB70Vxve3TCeFA6jYzcYdA3riv1V0FIWoNgcQ742b0+6HDpEQgn4Rdb
+KiKz8hSplM1nx8NyWwS9r7gRQ9HIc0qC5S4A0A9QEbdKrkUiQDlwHgdDKPPCWih9
+qH05etiQ044BtOq7uXsWYqiIomOW/XyDUEhbRRFlAoGALmVnj01Mo9xFILfgzomh
+7D2nE4/+qNpRekGVHWVgfPci9XNnGVjTbnOf90xnptWm1Fbm/Lo+u4ZAHgL71dSg
+UREyhoJsCJxA++Jd6v1kMkxYgtiKQ+53n5U3jg2Wj2xMu93ZVx6Lt9t8UEvTq1qi
+n7p8IWSXaeW1pmJ43V4DTakCgYAFcSpj+ASqnKUqxrIvB52/4As7AESTs7A7z7Ap
+5dFcoSQgimqZHpMXU1z43Y2hrQZ4C+sUn71dRaP80b5mfF7mwnOzsWogZnqESvb3
+AfiJ3/WI8Emy+BXEMjPqt6SY0t56Y9cg925J5ZpuF6eN9lEccd1RZssFYpoBPrLe
+KuitbQKBgQC3DNejUqol2max6rf4h/GnwLE2BOTmFLnswexlw76p/63Jo1SaVpk7
+9nAltsqNCl4L/eAJ8hJdeTE5YVjYsgAVJrXZbiRfxHBMeHj9g0d1VafGqdomKf0R
+7Qytlcvsw8jn96ckEMPPLJF0bX5cu9S6lMyEbb6Ih41P13uvgP6ufg==
+-----END RSA PRIVATE KEY-----

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/c59056a8/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/JsonBackendKdcTest.java
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/JsonBackendKdcTest.java b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/JsonBackendKdcTest.java
new file mode 100644
index 0000000..8fbb593
--- /dev/null
+++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/JsonBackendKdcTest.java
@@ -0,0 +1,55 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License.
+ *
+ */
+package org.apache.kerby.kerberos.kdc;
+
+import org.apache.kerby.config.Conf;
+import org.apache.kerby.config.Config;
+import org.apache.kerby.kerberos.kdc.identitybackend.JsonIdentityBackend;
+import org.apache.kerby.kerberos.kerb.identity.backend.IdentityBackend;
+import org.junit.Test;
+
+import java.io.File;
+
+public class JsonBackendKdcTest extends KdcTest {
+
+    @Override
+    protected void setUpKdcServer() throws Exception {
+        super.setUpKdcServer();
+
+        File testDir = new File(System.getProperty("test.dir", "target"));
+        String jsonBackendFileString = new File(testDir,
+                "json-identity-backend-file").getAbsolutePath();
+
+        Config backendConfig = new Conf();
+        backendConfig.setString(
+                JsonIdentityBackend.JSON_IDENTITY_BACKEND_FILE, jsonBackendFileString);
+
+        IdentityBackend backend = new JsonIdentityBackend(backendConfig);
+        backend.initialize();
+
+        kdcServer.setBackend(backend);
+    }
+
+    @Test
+    public void testKdc() throws Exception {
+        performKdcTest();
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/c59056a8/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/KdcTest.java
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/KdcTest.java b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/KdcTest.java
new file mode 100644
index 0000000..56e4a92
--- /dev/null
+++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/KdcTest.java
@@ -0,0 +1,87 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kdc;
+
+import org.apache.kerby.kerberos.kerb.server.KdcTestBase;
+import org.apache.kerby.kerberos.kerb.spec.ticket.ServiceTicket;
+import org.apache.kerby.kerberos.kerb.spec.ticket.TgtTicket;
+import org.junit.Assert;
+
+import java.io.File;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+public abstract class KdcTest extends KdcTestBase {
+
+    private String password = "123456";
+
+    @Override
+    protected void createPrincipals() {
+        super.createPrincipals();
+        kdcServer.createPrincipal(clientPrincipal, password);
+    }
+
+    protected void performKdcTest() throws Exception {
+        kdcServer.start();
+        assertThat(kdcServer.isStarted()).isTrue();
+
+        File testDir = new File(System.getProperty("test.dir", "target"));
+        File testConfDir = new File(testDir, "conf");
+        krbClnt.setConfDir(testConfDir);
+        krbClnt.init();
+
+        TgtTicket tgt;
+        ServiceTicket tkt;
+
+        // With good password
+        try {
+            tgt = krbClnt.requestTgtTicket(clientPrincipal, password, null);
+            assertThat(tgt).isNotNull();
+
+            tkt = krbClnt.requestServiceTicket(tgt, serverPrincipal, null);
+            assertThat(tkt).isNotNull();
+        } catch (Exception e) {
+            System.out.println("Exception occurred with good password");
+            e.printStackTrace();
+            Assert.fail();
+        }
+
+        // With bad password
+        try {
+            tgt = krbClnt.requestTgtTicket(clientPrincipal, "badpassword", null);
+        } catch (Exception e) {
+            System.out.println("Exception occurred with bad password");
+        }
+
+        // TODO: With good password again. This will fail, to be investigated.
+        /*
+        try {
+            tgt = krbClnt.requestTgtTicket(clientPrincipal, password, null);
+            assertThat(tgt).isNotNull();
+
+            tkt = krbClnt.requestServiceTicket(tgt, serverPrincipal, null);
+            assertThat(tkt).isNotNull();
+        } catch (Exception e) {
+            System.out.println("Exception occurred with good password again");
+            e.printStackTrace();
+            Assert.fail();
+        }*/
+    }
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/c59056a8/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithCertKdcTest.java
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithCertKdcTest.java b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithCertKdcTest.java
new file mode 100644
index 0000000..5df9495
--- /dev/null
+++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithCertKdcTest.java
@@ -0,0 +1,101 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kdc;
+
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.KrbRuntime;
+import org.apache.kerby.kerberos.kerb.provider.PkiLoader;
+import org.apache.kerby.kerberos.kerb.server.KdcTestBase;
+import org.apache.kerby.kerberos.kerb.spec.ticket.ServiceTicket;
+import org.apache.kerby.kerberos.kerb.spec.ticket.TgtTicket;
+import org.apache.kerby.kerberos.provider.pki.KerbyPkiProvider;
+import org.junit.Before;
+
+import java.io.InputStream;
+import java.security.PrivateKey;
+import java.security.cert.Certificate;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+/**
+ openssl genrsa -out cakey.pem 2048
+ openssl req -key cakey.pem -new -x509 -out cacert.pem -days 3650
+ vi extensions.kdc
+ openssl genrsa -out kdckey.pem 2048
+ openssl req -new -out kdc.req -key kdckey.pem
+ env REALM=SH.INTEL.COM openssl x509 -req -in kdc.req -CAkey cakey.pem \
+ -CA cacert.pem -out kdc.pem -days 365 -extfile extensions.kdc -extensions kdc_cert -CAcreateserial
+ */
+public class WithCertKdcTest extends KdcTestBase {
+    private PkiLoader pkiLoader;
+
+    private Certificate userCert;
+    private PrivateKey userKey;
+
+    @Before
+    public void setUp() throws Exception {
+        KrbRuntime.setPkiProvider(new KerbyPkiProvider());
+        pkiLoader = KrbRuntime.getPkiProvider().createPkiLoader();
+
+        super.setUp();
+    }
+
+    @Override
+    protected void setUpClient() throws Exception {
+        super.setUpClient();
+
+        loadCredentials();
+    }
+
+    @Override
+    protected void setUpKdcServer() throws Exception {
+        super.setUpKdcServer();
+        kdcServer.createPrincipals(clientPrincipal);
+    }
+
+    //@Test
+    public void testKdc() throws Exception {
+        assertThat(userCert).isNotNull();
+
+        kdcServer.start();
+        assertThat(kdcServer.isStarted()).isTrue();
+        krbClnt.init();
+
+        TgtTicket tgt = null;
+        try {
+            tgt = krbClnt.requestTgtTicket(clientPrincipal, userCert, userKey, null);
+        } catch (KrbException te) {
+            assertThat(te.getMessage().contains("timeout")).isTrue();
+            return;
+        }
+        assertThat(tgt).isNull();
+
+        ServiceTicket tkt = krbClnt.requestServiceTicket(tgt, serverPrincipal, null);
+        assertThat(tkt).isNull();
+    }
+
+    private void loadCredentials() throws KrbException {
+        InputStream res = getClass().getResourceAsStream("/usercert.pem");
+        userCert = pkiLoader.loadCerts(res).iterator().next();
+
+        res = getClass().getResourceAsStream("/userkey.pem");
+        userKey = pkiLoader.loadPrivateKey(res, null);
+    }
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/c59056a8/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithTokenKdcTest.java
----------------------------------------------------------------------
diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithTokenKdcTest.java b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithTokenKdcTest.java
new file mode 100644
index 0000000..248a0f9
--- /dev/null
+++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithTokenKdcTest.java
@@ -0,0 +1,73 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kdc;
+
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.KrbRuntime;
+import org.apache.kerby.kerberos.kerb.provider.PkiLoader;
+import org.apache.kerby.kerberos.kerb.provider.TokenEncoder;
+import org.apache.kerby.kerberos.kerb.server.KdcTestBase;
+import org.apache.kerby.kerberos.kerb.spec.ticket.ServiceTicket;
+import org.apache.kerby.kerberos.kerb.spec.ticket.TgtTicket;
+import org.apache.kerby.kerberos.kerb.spec.base.AuthToken;
+import org.apache.kerby.kerberos.provider.pki.KerbyPkiProvider;
+import org.apache.kerby.kerberos.provider.token.KerbyTokenProvider;
+import org.junit.Before;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+public class WithTokenKdcTest extends KdcTestBase {
+    private TokenEncoder tokenEncoder;
+
+    private AuthToken token;
+
+    @Before
+    public void setUp() throws Exception {
+        KrbRuntime.setTokenProvider(new KerbyTokenProvider());
+        tokenEncoder = KrbRuntime.getTokenProvider().createTokenEncoder();
+
+        super.setUp();
+    }
+
+    @Override
+    protected void setUpKdcServer() throws Exception {
+        super.setUpKdcServer();
+        kdcServer.createPrincipals(clientPrincipal);
+    }
+
+    //@Test
+    public void testKdc() throws Exception {
+        kdcServer.start();
+        assertThat(kdcServer.isStarted()).isTrue();
+        krbClnt.init();
+
+        TgtTicket tgt;
+        try {
+            tgt = krbClnt.requestTgtTicket(clientPrincipal, token, null);
+        } catch (KrbException te) {
+            assertThat(te.getMessage().contains("timeout")).isTrue();
+            return;
+        }
+        assertThat(tgt).isNull();
+
+        ServiceTicket tkt = krbClnt.requestServiceTicket(tgt, serverPrincipal, null);
+        assertThat(tkt).isNull();
+    }
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/c59056a8/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/KerbyKdcServer.java
----------------------------------------------------------------------
diff --git a/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/KerbyKdcServer.java b/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/KerbyKdcServer.java
new file mode 100644
index 0000000..0c30fe8
--- /dev/null
+++ b/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/KerbyKdcServer.java
@@ -0,0 +1,102 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *
+ */
+package org.apache.kerby.kerberos.kdc;
+
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.common.EncryptionUtil;
+import org.apache.kerby.kerberos.kerb.identity.KrbIdentity;
+import org.apache.kerby.kerberos.kerb.server.KdcServer;
+import org.apache.kerby.kerberos.kerb.spec.base.EncryptionKey;
+import org.apache.kerby.kerberos.kerb.spec.base.EncryptionType;
+
+import java.io.File;
+import java.util.List;
+import java.util.UUID;
+
+/**
+ * The mentioned Kerby KDC server implementation.
+ */
+public class KerbyKdcServer extends KdcServer {
+    private static KerbyKdcServer server;
+
+    private static final String USAGE = "Usage: " +
+            KerbyKdcServer.class.getSimpleName() +
+            " -start conf-dir working-dir|-stop";
+
+    public static void main(String[] args) {
+        if (args.length == 0) {
+            System.err.println(USAGE);
+            return;
+        }
+
+        if (args[0].equals("-start")) {
+            if (args.length != 3) {
+                System.err.println(USAGE);
+                return;
+            }
+            String confDir = args[1];
+            String workDir = args[2];
+
+            server = new KerbyKdcServer();
+            server.setWorkDir(new File(workDir));
+            server.setConfDir(new File(confDir));
+            server.init();
+
+            server.createPrincipals("krbtgt");
+
+            server.start();
+            System.out.println("KDC started.");
+        } else if (args[0].equals("-stop")) {
+            //server.stop();//FIXME can't get the server instance here
+            System.out.println("KDC Server stopped.");
+        } else {
+            System.err.println(USAGE);
+        }
+    }
+
+    //create some principal for test
+    private void createPrincipal(String principal, String password) {
+        KrbIdentity identity = new KrbIdentity(fixPrincipal(principal));
+        List<EncryptionType> encTypes = getKdcConfig().getEncryptionTypes();
+        List<EncryptionKey> encKeys = null;
+        try {
+            encKeys = EncryptionUtil.generateKeys(fixPrincipal(principal), password, encTypes);
+        } catch (KrbException e) {
+            throw new RuntimeException("Failed to generate encryption keys", e);
+        }
+        identity.addKeys(encKeys);
+        getIdentityService().addIdentity(identity);
+    }
+
+    private void createPrincipals(String ... principals) {
+        String passwd;
+        for (String principal : principals) {
+            passwd = UUID.randomUUID().toString();
+            createPrincipal(fixPrincipal(principal), passwd);
+        }
+    }
+
+    private String fixPrincipal(String principal) {
+        if (! principal.contains("@")) {
+            principal += "@" + getKdcRealm();
+        }
+        return principal;
+    }
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/c59056a8/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/server/KerbyKdcServer.java
----------------------------------------------------------------------
diff --git a/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/server/KerbyKdcServer.java b/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/server/KerbyKdcServer.java
deleted file mode 100644
index 764d691..0000000
--- a/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/server/KerbyKdcServer.java
+++ /dev/null
@@ -1,102 +0,0 @@
-/**
- *  Licensed to the Apache Software Foundation (ASF) under one
- *  or more contributor license agreements.  See the NOTICE file
- *  distributed with this work for additional information
- *  regarding copyright ownership.  The ASF licenses this file
- *  to you under the Apache License, Version 2.0 (the
- *  "License"); you may not use this file except in compliance
- *  with the License.  You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing,
- *  software distributed under the License is distributed on an
- *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *  KIND, either express or implied.  See the License for the
- *  specific language governing permissions and limitations
- *  under the License. 
- *
- */
-package org.apache.kerby.kerberos.kdc.server;
-
-import org.apache.kerby.kerberos.kerb.KrbException;
-import org.apache.kerby.kerberos.kerb.common.EncryptionUtil;
-import org.apache.kerby.kerberos.kerb.identity.KrbIdentity;
-import org.apache.kerby.kerberos.kerb.server.KdcServer;
-import org.apache.kerby.kerberos.kerb.spec.base.EncryptionKey;
-import org.apache.kerby.kerberos.kerb.spec.base.EncryptionType;
-
-import java.io.File;
-import java.util.List;
-import java.util.UUID;
-
-/**
- * The mentioned Kerby KDC server implementation.
- */
-public class KerbyKdcServer extends KdcServer {
-    private static KerbyKdcServer server;
-
-    private static final String USAGE = "Usage: " +
-            KerbyKdcServer.class.getSimpleName() +
-            " -start conf-dir working-dir|-stop";
-
-    public static void main(String[] args) {
-        if (args.length == 0) {
-            System.err.println(USAGE);
-            return;
-        }
-
-        if (args[0].equals("-start")) {
-            if (args.length != 3) {
-                System.err.println(USAGE);
-                return;
-            }
-            String confDir = args[1];
-            String workDir = args[2];
-
-            server = new KerbyKdcServer();
-            server.setWorkDir(new File(workDir));
-            server.setConfDir(new File(confDir));
-            server.init();
-
-            server.createPrincipals("krbtgt");
-
-            server.start();
-            System.out.println("KDC started.");
-        } else if (args[0].equals("-stop")) {
-            //server.stop();//FIXME can't get the server instance here
-            System.out.println("KDC Server stopped.");
-        } else {
-            System.err.println(USAGE);
-        }
-    }
-
-    //create some principal for test
-    private void createPrincipal(String principal, String password) {
-        KrbIdentity identity = new KrbIdentity(fixPrincipal(principal));
-        List<EncryptionType> encTypes = getKdcConfig().getEncryptionTypes();
-        List<EncryptionKey> encKeys = null;
-        try {
-            encKeys = EncryptionUtil.generateKeys(fixPrincipal(principal), password, encTypes);
-        } catch (KrbException e) {
-            throw new RuntimeException("Failed to generate encryption keys", e);
-        }
-        identity.addKeys(encKeys);
-        getIdentityService().addIdentity(identity);
-    }
-
-    private void createPrincipals(String ... principals) {
-        String passwd;
-        for (String principal : principals) {
-            passwd = UUID.randomUUID().toString();
-            createPrincipal(fixPrincipal(principal), passwd);
-        }
-    }
-
-    private String fixPrincipal(String principal) {
-        if (! principal.contains("@")) {
-            principal += "@" + getKdcRealm();
-        }
-        return principal;
-    }
-}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/c59056a8/kerby-kdc/src/test/java/org/apache/kerby/kerberos/kdc/server/KdcTest.java
----------------------------------------------------------------------
diff --git a/kerby-kdc/src/test/java/org/apache/kerby/kerberos/kdc/server/KdcTest.java b/kerby-kdc/src/test/java/org/apache/kerby/kerberos/kdc/server/KdcTest.java
index 07a1b82..fadc570 100644
--- a/kerby-kdc/src/test/java/org/apache/kerby/kerberos/kdc/server/KdcTest.java
+++ b/kerby-kdc/src/test/java/org/apache/kerby/kerberos/kdc/server/KdcTest.java
@@ -19,6 +19,7 @@
  */
 package org.apache.kerby.kerberos.kdc.server;
 
+import org.apache.kerby.kerberos.kdc.KerbyKdcServer;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/c59056a8/kerby-kerb/kerb-kdc-test/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/pom.xml b/kerby-kerb/kerb-kdc-test/pom.xml
index c42d6c4..378ef90 100644
--- a/kerby-kerb/kerb-kdc-test/pom.xml
+++ b/kerby-kerb/kerb-kdc-test/pom.xml
@@ -53,9 +53,14 @@
       <version>${project.version}</version>
     </dependency>
     <dependency>
-      <groupId>org.apache.kerby</groupId>
-      <artifactId>Json-identity-backend</artifactId>
-      <version>${project.version}</version>
+      <groupId>junit</groupId>
+      <artifactId>junit</artifactId>
+      <scope>compile</scope>
+    </dependency>
+    <dependency>
+      <groupId>org.assertj</groupId>
+      <artifactId>assertj-core</artifactId>
+      <scope>compile</scope>
     </dependency>
   </dependencies>
 </project>

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/c59056a8/kerby-kerb/kerb-kdc-test/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcTestBase.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcTestBase.java b/kerby-kerb/kerb-kdc-test/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcTestBase.java
new file mode 100644
index 0000000..a4c6235
--- /dev/null
+++ b/kerby-kerb/kerb-kdc-test/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcTestBase.java
@@ -0,0 +1,121 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.server;
+
+import org.apache.kerby.kerberos.kerb.client.KrbClient;
+import org.junit.After;
+import org.junit.Before;
+
+import java.io.IOException;
+import java.net.ServerSocket;
+
+public abstract class KdcTestBase {
+
+    protected String kdcRealm;
+    protected String clientPrincipal;
+    protected String serverPrincipal;
+
+    protected String hostname = "localhost";
+    protected int tcpPort = -1;
+    protected int udpPort = -1;
+
+    protected TestKdcServer kdcServer;
+    protected KrbClient krbClnt;
+
+    protected boolean allowUdp() {
+        return true;
+    }
+
+    @Before
+    public void setUp() throws Exception {
+        tcpPort = getServerPort();
+
+        if (allowUdp()) {
+            udpPort = getServerPort();
+        }
+
+        setUpKdcServer();
+        setUpClient();
+        createPrincipals();
+    }
+
+    protected void setUpKdcServer() throws Exception {
+        kdcServer = new TestKdcServer();
+        kdcServer.setKdcHost(hostname);
+        if (tcpPort > 0) {
+            kdcServer.setKdcTcpPort(tcpPort);
+        }
+        kdcServer.setAllowUdp(allowUdp());
+        if (udpPort > 0) {
+            kdcServer.setKdcUdpPort(udpPort);
+        }
+
+        kdcServer.init();
+
+        kdcRealm = kdcServer.getKdcRealm();
+        clientPrincipal = "drankye@" + kdcRealm;
+
+        serverPrincipal = "test-service/localhost@" + kdcRealm;
+    }
+
+    protected void setUpClient() throws Exception {
+        krbClnt = new KrbClient();
+
+        krbClnt.setKdcHost(hostname);
+        if (tcpPort > 0) {
+            krbClnt.setKdcTcpPort(tcpPort);
+        }
+        krbClnt.setAllowUdp(allowUdp());
+        if (udpPort > 0) {
+            krbClnt.setKdcUdpPort(udpPort);
+        }
+
+        krbClnt.setTimeout(5);
+        krbClnt.setKdcRealm(kdcServer.getKdcRealm());
+    }
+
+    protected void createPrincipals() {
+        kdcServer.createKrbtgtPrincipal();
+        kdcServer.createPrincipals(serverPrincipal);
+    }
+
+    /**
+     * Get a server socket point for testing usage, either TCP or UDP.
+     * @return server socket point
+     */
+    private static int getServerPort() {
+        int serverPort = 0;
+
+        try {
+            ServerSocket serverSocket = new ServerSocket(0);
+            serverPort = serverSocket.getLocalPort();
+            serverSocket.close();
+        } catch (IOException e) {
+            throw new RuntimeException("Failed to get a server socket point");
+        }
+
+        return serverPort;
+    }
+
+    @After
+    public void tearDown() throws Exception {
+        kdcServer.stop();
+    }
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/c59056a8/kerby-kerb/kerb-kdc-test/src/main/java/org/apache/kerby/kerberos/kerb/server/TestKdcServer.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/src/main/java/org/apache/kerby/kerberos/kerb/server/TestKdcServer.java b/kerby-kerb/kerb-kdc-test/src/main/java/org/apache/kerby/kerberos/kerb/server/TestKdcServer.java
new file mode 100644
index 0000000..1374c97
--- /dev/null
+++ b/kerby-kerb/kerb-kdc-test/src/main/java/org/apache/kerby/kerberos/kerb/server/TestKdcServer.java
@@ -0,0 +1,117 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.kerby.kerberos.kerb.server;
+
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.common.EncryptionUtil;
+import org.apache.kerby.kerberos.kerb.identity.KrbIdentity;
+import org.apache.kerby.kerberos.kerb.identity.backend.IdentityBackend;
+import org.apache.kerby.kerberos.kerb.keytab.Keytab;
+import org.apache.kerby.kerberos.kerb.keytab.KeytabEntry;
+import org.apache.kerby.kerberos.kerb.spec.KerberosTime;
+import org.apache.kerby.kerberos.kerb.spec.base.EncryptionKey;
+import org.apache.kerby.kerberos.kerb.spec.base.EncryptionType;
+import org.apache.kerby.kerberos.kerb.spec.base.PrincipalName;
+
+import java.io.File;
+import java.io.IOException;
+import java.util.List;
+import java.util.UUID;
+
+public class TestKdcServer extends SimpleKdcServer {
+
+    /**
+     * Prepare KDC configuration for the test.
+     */
+    protected void prepareKdcConfig() {
+        KdcConfig kdcConfig = getKdcConfig();
+
+        kdcConfig.setString(KdcConfigKey.KDC_HOST, "localhost");
+        kdcConfig.setInt(KdcConfigKey.KDC_TCP_PORT, 8018);
+        kdcConfig.setString(KdcConfigKey.KDC_DOMAIN, "test.com");
+        kdcConfig.setString(KdcConfigKey.KDC_REALM, "TEST.COM");
+    }
+
+    @Override
+    public void init() {
+        super.init();
+
+        prepareKdcConfig();
+    }
+
+    public void createKrbtgtPrincipal() {
+        createPrincipals("krbtgt");
+    }
+
+    public String getKdcRealm() {
+        return getKdcConfig().getKdcRealm();
+    }
+
+    public synchronized void createPrincipal(String principal, String password) {
+        KrbIdentity identity = new KrbIdentity(principal);
+        List<EncryptionType> encTypes = getKdcConfig().getEncryptionTypes();
+        List<EncryptionKey> encKeys = null;
+        try {
+            encKeys = EncryptionUtil.generateKeys(fixPrincipal(principal), password, encTypes);
+        } catch (KrbException e) {
+            throw new RuntimeException("Failed to generate encryption keys", e);
+        }
+        identity.addKeys(encKeys);
+        getIdentityService().addIdentity(identity);
+    }
+
+    public void setBackend(IdentityBackend backend) {
+        super.setBackend(backend);
+    }
+
+
+    public void createPrincipals(String ... principals) {
+        String passwd;
+        for (String principal : principals) {
+            passwd = UUID.randomUUID().toString();
+            createPrincipal(fixPrincipal(principal), passwd);
+        }
+    }
+
+    private String fixPrincipal(String principal) {
+        if (! principal.contains("@")) {
+            principal += "@" + getKdcRealm();
+        }
+        return principal;
+    }
+
+    public void exportPrincipals(File keytabFile) throws IOException {
+        Keytab keytab = new Keytab();
+
+        List<String> principals = getIdentityService().getIdentities(-1, -1);
+        for (String pn : principals) {
+            KrbIdentity identity = getIdentityService().getIdentity(pn);
+            PrincipalName principal = identity.getPrincipal();
+            KerberosTime timestamp = new KerberosTime();
+            for (EncryptionType encType : identity.getKeys().keySet()) {
+                EncryptionKey ekey = identity.getKeys().get(encType);
+                int keyVersion = ekey.getKvno();
+                keytab.addEntry(new KeytabEntry(principal, timestamp, keyVersion, ekey));
+            }
+        }
+
+        keytab.store(keytabFile);
+    }
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/c59056a8/kerby-kerb/kerb-kdc-test/src/main/resources/cacert.pem
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/src/main/resources/cacert.pem b/kerby-kerb/kerb-kdc-test/src/main/resources/cacert.pem
deleted file mode 100644
index 6b91561..0000000
--- a/kerby-kerb/kerb-kdc-test/src/main/resources/cacert.pem
+++ /dev/null
@@ -1,23 +0,0 @@
------BEGIN CERTIFICATE-----
-MIID6zCCAtOgAwIBAgIJAMrZoeDxTzwWMA0GCSqGSIb3DQEBBQUAMIGLMQswCQYD
-VQQGEwJjaDERMA8GA1UECAwIc2hhbmdoYWkxETAPBgNVBAcMCHNoYW5naGFpMQ4w
-DAYDVQQKDAVpbnRlbDEQMA4GA1UECwwHYmlnZGF0YTEQMA4GA1UEAwwHYmlnZGF0
-YTEiMCAGCSqGSIb3DQEJARYTa2FpLnpoZW5nQGludGVsLmNvbTAeFw0xNDA1MTMx
-MzEzMjdaFw0yNDA1MTAxMzEzMjdaMIGLMQswCQYDVQQGEwJjaDERMA8GA1UECAwI
-c2hhbmdoYWkxETAPBgNVBAcMCHNoYW5naGFpMQ4wDAYDVQQKDAVpbnRlbDEQMA4G
-A1UECwwHYmlnZGF0YTEQMA4GA1UEAwwHYmlnZGF0YTEiMCAGCSqGSIb3DQEJARYT
-a2FpLnpoZW5nQGludGVsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
-ggEBAMCznJJ02ZUjCPvAwnBmfPs0akb5QRc/NKu8kCtAPWzgHS2JPTQfJhkDbTAD
-eIlg8IeJpOdrYnzdaBCzgxqjSkls+vxjYotOU0Zbrpy2bj0lRDqdYbNsiuConKgT
-MeuDEd/4ZI0X9NWLAi06Iv1F4mHXf36c6uqiUWTtXiofogrFUoTRwACKR2qeC95X
-Py+FDmpS9lz0mo0vDWjetLQC2IBngjjPFdR16n87QDIWfRBkk66rn7rEA6Li66b/
-cToajMSA/n+2Ud1mntSY4RdDdd0TBtAq9RrXtUOfzGaE7S6t+FtYyEprvT4FdOTU
-uyYgSNaI9ANVP1zhQ9LACKuudOECAwEAAaNQME4wHQYDVR0OBBYEFD91SVOejfwx
-u33+5N0TdYbHJbgAMB8GA1UdIwQYMBaAFD91SVOejfwxu33+5N0TdYbHJbgAMAwG
-A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBADsONtUqGNBPBXnRowcJwv+Y
-F1Vea+4dkBwYbhkiO6H5XMKr+waOnOD2eAvgP4aeYg/a0xOzzETRD9wi1Z1P1ZMy
-d/NzHQjj4egPENwDv1PH2voZgsXXzXIqUMOtz9t12TuJUrSA2SBW1tz/evckHhNY
-fHg4ThvTIgwEdV/yvrOEBLV9dXG5IhhF+NW1MegTGkt4SpOoH1pi3o9VekVRnix9
-xrIdaC4Ee6vQaR603HwDS9Y+a1c2KU7QoLX8Vaa904cQ+rxhGsTAkocnZXeo6Hl5
-V8BlDYXxeP86fzcWi04ll2BmEEw/RimHEOLpGqxTVHJ5p5BVSCHP8aCD0VJheaU=
------END CERTIFICATE-----

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/c59056a8/kerby-kerb/kerb-kdc-test/src/main/resources/cakey.pem
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/src/main/resources/cakey.pem b/kerby-kerb/kerb-kdc-test/src/main/resources/cakey.pem
deleted file mode 100644
index 66dc806..0000000
--- a/kerby-kerb/kerb-kdc-test/src/main/resources/cakey.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEAwLOcknTZlSMI+8DCcGZ8+zRqRvlBFz80q7yQK0A9bOAdLYk9
-NB8mGQNtMAN4iWDwh4mk52tifN1oELODGqNKSWz6/GNii05TRluunLZuPSVEOp1h
-s2yK4KicqBMx64MR3/hkjRf01YsCLToi/UXiYdd/fpzq6qJRZO1eKh+iCsVShNHA
-AIpHap4L3lc/L4UOalL2XPSajS8NaN60tALYgGeCOM8V1HXqfztAMhZ9EGSTrquf
-usQDouLrpv9xOhqMxID+f7ZR3Wae1JjhF0N13RMG0Cr1Gte1Q5/MZoTtLq34W1jI
-Smu9PgV05NS7JiBI1oj0A1U/XOFD0sAIq6504QIDAQABAoIBAHqFeMax3unxBbQ0
-Aiy/LTX3RJ9tuZITUOTklnG5fZStBkA+oxhxuaJryE+f1VLbvPMgdCXj5BHqIFGG
-IZSdQA1hak9wzWYvXck9X88qOvtLp47xI/6Vw9NFwZ0n3zST+JiD8UK4eaYQpUim
-Tzrj5SU6hEi3crHOlJvsRFPaGwhnA9wycoOo4o22XBj3C8Hwzi4vWcKXH/RCSwZQ
-zFuYbe77Pn9Sv5q5zdglkmm7wngoVt/aKQke/Vk+Eincx1V12b05DNLjugo6FWQh
-0f2MmHpvqNSHs9USC5+y2lKQ1JNHh7mnpPCXkZEH4V7q+3mKVzl9tXzj9Gul20pw
-tneD6WUCgYEA9QUrQoWHKeVMjeukHjDJa2KjRLMmg9YRQyVABH9+nQTp1jYUjMRA
-GUoUx91gG6gjjJD/xvor/U0Fh3vKtZE93c+avrcaYDwf3q/L4gh+3b87lVDfzjrp
-L+MPTpEzWiyyLfr/kLA0TgUjnrj9bav5uDps8mJpNf8s9ZP1/QDhF5sCgYEAyVZA
-pHSIyBI2GT0+92JXvYDK/ZfV5m4RGHaG/PMDoU4IbGbjHVyzzsyzDUgvOASXwfF8
-YzwX7Tf95RZw12P/Jepxt0vqBJPKUCsMLUrmANQvN1Pz8+Vk6UADLM7kNc06MqB9
-/U3GKCFZZuedEhbgXnEV9gzelhILImJGZMxG0zMCgYApymnofLHjGXMHOcvSQmv4
-XuiODShikB59n1rd6YkE6xOfL7YtlEOCjLoipMWBshnuHcUigQUDvSFWTGz0rwMo
-VAKGyOA8zcR5zO4vbVeGJtnYy+SAXlfrjQTNV8K0fK8fXJI+cW9aZ1H9/ntrO0vq
-ejye0t4zEYTvlf782iuKRQKBgQCnTQ7mGRfX+JoPmv8JniR+idkjpNnPYsK96y/8
-XQs1LJx/R3eN3IxlWV+nt8XU7KwWMs5Dv5m6Ov61MFKQCL3qCch4oZJSP2Sr/Tlf
-IY/CPI8HkLF0h7e0wsZgo4Kq2mBz1T0cEVaJ3jxl8Cxq7at/jsTK8qK7XT73UWZh
-OAXaVQKBgDmg2QTX7c0/dbDMOuw18g3xfE/oqU+VWT784wtvpcdjHR+KAVLWHG8l
-oc/bm8Bs0o0f5dfH7uUvWdP6JMvbgYZBgIMqw+iH8P2lFCLzIRf0me/l+r0Oi64U
-5jp9K+7Ggc7S0SSnCLmBLMN5lXQZbhzks1La7DZmFeAz8rOEnlUB
------END RSA PRIVATE KEY-----

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/c59056a8/kerby-kerb/kerb-kdc-test/src/main/resources/extensions.kdc
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/src/main/resources/extensions.kdc b/kerby-kerb/kerb-kdc-test/src/main/resources/extensions.kdc
deleted file mode 100644
index 8052f71..0000000
--- a/kerby-kerb/kerb-kdc-test/src/main/resources/extensions.kdc
+++ /dev/null
@@ -1,36 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements.  See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership.  The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License.  You may obtain a copy of the License at
-#
-#   http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied.  See the License for the
-# specific language governing permissions and limitations
-# under the License.
-[kdc_cert]
-basicConstraints=CA:FALSE
-keyUsage=nonRepudiation,digitalSignature,keyEncipherment,keyAgreement
-extendedKeyUsage=1.3.6.1.5.2.3.5
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer
-issuerAltName=issuer:copy
-subjectAltName=otherName:1.3.6.1.5.2.2;SEQUENCE:kdc_princ_name
-
-[kdc_princ_name]
-realm=EXP:0,GeneralString:${ENV::REALM}
-principal_name=EXP:1,SEQUENCE:kdc_principal_seq
-
-[kdc_principal_seq]
-name_type=EXP:0,INTEGER:1
-name_string=EXP:1,SEQUENCE:kdc_principals
-
-[kdc_principals]
-princ1=GeneralString:krbtgt
-princ2=GeneralString:${ENV::REALM}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/c59056a8/kerby-kerb/kerb-kdc-test/src/main/resources/kdc-krb5.conf
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/src/main/resources/kdc-krb5.conf b/kerby-kerb/kerb-kdc-test/src/main/resources/kdc-krb5.conf
deleted file mode 100644
index d118dd1..0000000
--- a/kerby-kerb/kerb-kdc-test/src/main/resources/kdc-krb5.conf
+++ /dev/null
@@ -1,25 +0,0 @@
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements.  See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership.  The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License.  You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-[libdefaults]
-    default_realm = {0}
-    udp_preference_limit = 1
-
-[realms]
-    {0} = '{'
-        kdc = {1}:{2}
-    '}'
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/c59056a8/kerby-kerb/kerb-kdc-test/src/main/resources/kdc.ldiff
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/src/main/resources/kdc.ldiff b/kerby-kerb/kerb-kdc-test/src/main/resources/kdc.ldiff
deleted file mode 100644
index bc989c3..0000000
--- a/kerby-kerb/kerb-kdc-test/src/main/resources/kdc.ldiff
+++ /dev/null
@@ -1,46 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements.  See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership.  The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License.  You may obtain a copy of the License at
-#
-#   http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied.  See the License for the
-# specific language governing permissions and limitations
-# under the License.
-dn: ou=users,dc=${0},dc=${1}
-objectClass: organizationalUnit
-objectClass: top
-ou: users
-
-dn: uid=krbtgt,ou=users,dc=${0},dc=${1}
-objectClass: top
-objectClass: person
-objectClass: inetOrgPerson
-objectClass: krb5principal
-objectClass: krb5kdcentry
-cn: KDC Service
-sn: Service
-uid: krbtgt
-userPassword: secret
-krb5PrincipalName: krbtgt/${2}.${3}@${2}.${3}
-krb5KeyVersionNumber: 0
-
-dn: uid=ldap,ou=users,dc=${0},dc=${1}
-objectClass: top
-objectClass: person
-objectClass: inetOrgPerson
-objectClass: krb5principal
-objectClass: krb5kdcentry
-cn: LDAP
-sn: Service
-uid: ldap
-userPassword: secret
-krb5PrincipalName: ldap/${4}@${2}.${3}
-krb5KeyVersionNumber: 0

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/c59056a8/kerby-kerb/kerb-kdc-test/src/main/resources/kdccert.pem
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/src/main/resources/kdccert.pem b/kerby-kerb/kerb-kdc-test/src/main/resources/kdccert.pem
deleted file mode 100644
index 67e538c..0000000
--- a/kerby-kerb/kerb-kdc-test/src/main/resources/kdccert.pem
+++ /dev/null
@@ -1,26 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEYjCCA0qgAwIBAgIJAL2ZFUkXCgK2MA0GCSqGSIb3DQEBBQUAMIGLMQswCQYD
-VQQGEwJjaDERMA8GA1UECAwIc2hhbmdoYWkxETAPBgNVBAcMCHNoYW5naGFpMQ4w
-DAYDVQQKDAVpbnRlbDEQMA4GA1UECwwHYmlnZGF0YTEQMA4GA1UEAwwHYmlnZGF0
-YTEiMCAGCSqGSIb3DQEJARYTa2FpLnpoZW5nQGludGVsLmNvbTAeFw0xNDA1MTMx
-MzI3MjFaFw0xNTA1MTMxMzI3MjFaMIGLMQswCQYDVQQGEwJjaDERMA8GA1UECAwI
-c2hhbmdoYWkxETAPBgNVBAcMCHNoYW5naGFpMQ4wDAYDVQQKDAVpbnRlbDEQMA4G
-A1UECwwHYmlnZGF0YTEQMA4GA1UEAwwHYmlnZGF0YTEiMCAGCSqGSIb3DQEJARYT
-a2FpLnpoZW5nQGludGVsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
-ggEBAMs0jF1fi5AVMunQ/jpxgSjRlpmVQyT//LrwBmyI77C+hCD4z/InoG4q2tl5
-fAH+2n7HHgon4E0QXyRxAz0+Ugun7qHW9oT2pnxoc1l8seyGNMK9adsxLpCv7RXK
-quqLcj34UQCzRDKxgkH5UBwxGY0kId0W1MqPh1LZRZIk1hakREC4DBj+slnDkN0s
-nh8pC/8q/hTPJ9QrqWT6oc1FjMVKz3FxFbxXELYxg4M6SXnzGzdWa3xSe4Ou0QO2
-EwncQUoo8N6plOKX5lncDhC2usT//AZHvKdcVmOwX0ByxZqGQIXk7g1kbsbG5m45
-JMjt/HnOQcfg88iSLKJZu+ODw00CAwEAAaOBxjCBwzAJBgNVHRMEAjAAMAsGA1Ud
-DwQEAwID6DASBgNVHSUECzAJBgcrBgEFAgMFMB0GA1UdDgQWBBS8Bmb9kTUkw61e
-Is+9KDV5U6JjyjAfBgNVHSMEGDAWgBQ/dUlTno38Mbt9/uTdE3WGxyW4ADAJBgNV
-HRIEAjAAMEoGA1UdEQRDMEGgPwYGKwYBBQICoDUwM6AOGwxTSC5JTlRFTC5DT02h
-ITAfoAMCAQGhGDAWGwZrcmJ0Z3QbDFNILklOVEVMLkNPTTANBgkqhkiG9w0BAQUF
-AAOCAQEAS/I0zH9ByFcXTF56I5aPmPdzYKpIpFF6Kkwyw0M2EuIcTcpDl74/xmq9
-YPHS6TSDAt3wHzs9JQlSWah04L0R+IgHVacLRgdXfTWqglFFH/pve3p49WCrYmWz
-txQeRV5dxzaE3oTdDq15DRkUJmt0GIk1x6ehrGZOpIL8oTFmVmnR7EgrKWlIMYCs
-R/GkEuCH15wadom/Hw5Db1KLPEjxCdwy947guOh4SO0fcW3h55V3troS/46TbVFF
-FvNSqGD+19/QM/MhLIy5OnTxOio8M9zp+yfDlzLnpbMi0ZO6tLvB4XhjvP0as34c
-5vCA/8HPfaearSyAYi2Ir9vT3O9J/w==
------END CERTIFICATE-----

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/c59056a8/kerby-kerb/kerb-kdc-test/src/main/resources/kdckey.pem
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/src/main/resources/kdckey.pem b/kerby-kerb/kerb-kdc-test/src/main/resources/kdckey.pem
deleted file mode 100644
index c9e75e2..0000000
--- a/kerby-kerb/kerb-kdc-test/src/main/resources/kdckey.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAyzSMXV+LkBUy6dD+OnGBKNGWmZVDJP/8uvAGbIjvsL6EIPjP
-8iegbira2Xl8Af7afsceCifgTRBfJHEDPT5SC6fuodb2hPamfGhzWXyx7IY0wr1p
-2zEukK/tFcqq6otyPfhRALNEMrGCQflQHDEZjSQh3RbUyo+HUtlFkiTWFqREQLgM
-GP6yWcOQ3SyeHykL/yr+FM8n1CupZPqhzUWMxUrPcXEVvFcQtjGDgzpJefMbN1Zr
-fFJ7g67RA7YTCdxBSijw3qmU4pfmWdwOELa6xP/8Bke8p1xWY7BfQHLFmoZAheTu
-DWRuxsbmbjkkyO38ec5Bx+DzyJIsolm744PDTQIDAQABAoIBAQC4Byb3iQgDvK8X
-QcZ7dz/Zj7Yr8RmV8J8ZTTcEJB+umVtf4PWyAGEyZG0+dt7vj7ahCgMSf3qLUEBZ
-6F9en4n+NF/RAbTQRfAQyydr65nW8tPlaVTsxWW+cxTrn1eagh88MB5r2+3vWwL0
-bK04Wt8hC4//giXELKgJR+vRprqcVRgy11nYaTP59IDdg4YscbHfc/LYa7ABQ1G5
-5NKtjMy13UvtD/4C3TS1NpL2xtzAgQRe3XFDIyOmv476Ts1boqSHBFX+MXmLBAfi
-8Qhaj1DO8A0HS/c4egcL6esCe4kcgtCuq66n8JzOlVbCDGOYIUkUyQ9Nfo31M5i5
-XhqF9CsBAoGBAP7PqkncLAvyjHQKPpDyWCBtkV7z+DWRZRPz4w8tit+TiAv6hRF7
-kK+NUhP1mBuS4duyEV58B8LWOR0ir7ftbL0/unxR1XWMOvTEHr/9lG1sKZoI0dJS
-Ee+VvuVFwdm/ABxfnveGCRrSHY7GAvFln3gC1Cst3NPPKbpznb3FiH/JAoGBAMwn
-P1Labt/OuzB70Vxve3TCeFA6jYzcYdA3riv1V0FIWoNgcQ742b0+6HDpEQgn4Rdb
-KiKz8hSplM1nx8NyWwS9r7gRQ9HIc0qC5S4A0A9QEbdKrkUiQDlwHgdDKPPCWih9
-qH05etiQ044BtOq7uXsWYqiIomOW/XyDUEhbRRFlAoGALmVnj01Mo9xFILfgzomh
-7D2nE4/+qNpRekGVHWVgfPci9XNnGVjTbnOf90xnptWm1Fbm/Lo+u4ZAHgL71dSg
-UREyhoJsCJxA++Jd6v1kMkxYgtiKQ+53n5U3jg2Wj2xMu93ZVx6Lt9t8UEvTq1qi
-n7p8IWSXaeW1pmJ43V4DTakCgYAFcSpj+ASqnKUqxrIvB52/4As7AESTs7A7z7Ap
-5dFcoSQgimqZHpMXU1z43Y2hrQZ4C+sUn71dRaP80b5mfF7mwnOzsWogZnqESvb3
-AfiJ3/WI8Emy+BXEMjPqt6SY0t56Y9cg925J5ZpuF6eN9lEccd1RZssFYpoBPrLe
-KuitbQKBgQC3DNejUqol2max6rf4h/GnwLE2BOTmFLnswexlw76p/63Jo1SaVpk7
-9nAltsqNCl4L/eAJ8hJdeTE5YVjYsgAVJrXZbiRfxHBMeHj9g0d1VafGqdomKf0R
-7Qytlcvsw8jn96ckEMPPLJF0bX5cu9S6lMyEbb6Ih41P13uvgP6ufg==
------END RSA PRIVATE KEY-----

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/c59056a8/kerby-kerb/kerb-kdc-test/src/main/resources/usercert.pem
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/src/main/resources/usercert.pem b/kerby-kerb/kerb-kdc-test/src/main/resources/usercert.pem
deleted file mode 100644
index 67e538c..0000000
--- a/kerby-kerb/kerb-kdc-test/src/main/resources/usercert.pem
+++ /dev/null
@@ -1,26 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEYjCCA0qgAwIBAgIJAL2ZFUkXCgK2MA0GCSqGSIb3DQEBBQUAMIGLMQswCQYD
-VQQGEwJjaDERMA8GA1UECAwIc2hhbmdoYWkxETAPBgNVBAcMCHNoYW5naGFpMQ4w
-DAYDVQQKDAVpbnRlbDEQMA4GA1UECwwHYmlnZGF0YTEQMA4GA1UEAwwHYmlnZGF0
-YTEiMCAGCSqGSIb3DQEJARYTa2FpLnpoZW5nQGludGVsLmNvbTAeFw0xNDA1MTMx
-MzI3MjFaFw0xNTA1MTMxMzI3MjFaMIGLMQswCQYDVQQGEwJjaDERMA8GA1UECAwI
-c2hhbmdoYWkxETAPBgNVBAcMCHNoYW5naGFpMQ4wDAYDVQQKDAVpbnRlbDEQMA4G
-A1UECwwHYmlnZGF0YTEQMA4GA1UEAwwHYmlnZGF0YTEiMCAGCSqGSIb3DQEJARYT
-a2FpLnpoZW5nQGludGVsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
-ggEBAMs0jF1fi5AVMunQ/jpxgSjRlpmVQyT//LrwBmyI77C+hCD4z/InoG4q2tl5
-fAH+2n7HHgon4E0QXyRxAz0+Ugun7qHW9oT2pnxoc1l8seyGNMK9adsxLpCv7RXK
-quqLcj34UQCzRDKxgkH5UBwxGY0kId0W1MqPh1LZRZIk1hakREC4DBj+slnDkN0s
-nh8pC/8q/hTPJ9QrqWT6oc1FjMVKz3FxFbxXELYxg4M6SXnzGzdWa3xSe4Ou0QO2
-EwncQUoo8N6plOKX5lncDhC2usT//AZHvKdcVmOwX0ByxZqGQIXk7g1kbsbG5m45
-JMjt/HnOQcfg88iSLKJZu+ODw00CAwEAAaOBxjCBwzAJBgNVHRMEAjAAMAsGA1Ud
-DwQEAwID6DASBgNVHSUECzAJBgcrBgEFAgMFMB0GA1UdDgQWBBS8Bmb9kTUkw61e
-Is+9KDV5U6JjyjAfBgNVHSMEGDAWgBQ/dUlTno38Mbt9/uTdE3WGxyW4ADAJBgNV
-HRIEAjAAMEoGA1UdEQRDMEGgPwYGKwYBBQICoDUwM6AOGwxTSC5JTlRFTC5DT02h
-ITAfoAMCAQGhGDAWGwZrcmJ0Z3QbDFNILklOVEVMLkNPTTANBgkqhkiG9w0BAQUF
-AAOCAQEAS/I0zH9ByFcXTF56I5aPmPdzYKpIpFF6Kkwyw0M2EuIcTcpDl74/xmq9
-YPHS6TSDAt3wHzs9JQlSWah04L0R+IgHVacLRgdXfTWqglFFH/pve3p49WCrYmWz
-txQeRV5dxzaE3oTdDq15DRkUJmt0GIk1x6ehrGZOpIL8oTFmVmnR7EgrKWlIMYCs
-R/GkEuCH15wadom/Hw5Db1KLPEjxCdwy947guOh4SO0fcW3h55V3troS/46TbVFF
-FvNSqGD+19/QM/MhLIy5OnTxOio8M9zp+yfDlzLnpbMi0ZO6tLvB4XhjvP0as34c
-5vCA/8HPfaearSyAYi2Ir9vT3O9J/w==
------END CERTIFICATE-----

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/c59056a8/kerby-kerb/kerb-kdc-test/src/main/resources/userkey.pem
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/src/main/resources/userkey.pem b/kerby-kerb/kerb-kdc-test/src/main/resources/userkey.pem
deleted file mode 100644
index c9e75e2..0000000
--- a/kerby-kerb/kerb-kdc-test/src/main/resources/userkey.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAyzSMXV+LkBUy6dD+OnGBKNGWmZVDJP/8uvAGbIjvsL6EIPjP
-8iegbira2Xl8Af7afsceCifgTRBfJHEDPT5SC6fuodb2hPamfGhzWXyx7IY0wr1p
-2zEukK/tFcqq6otyPfhRALNEMrGCQflQHDEZjSQh3RbUyo+HUtlFkiTWFqREQLgM
-GP6yWcOQ3SyeHykL/yr+FM8n1CupZPqhzUWMxUrPcXEVvFcQtjGDgzpJefMbN1Zr
-fFJ7g67RA7YTCdxBSijw3qmU4pfmWdwOELa6xP/8Bke8p1xWY7BfQHLFmoZAheTu
-DWRuxsbmbjkkyO38ec5Bx+DzyJIsolm744PDTQIDAQABAoIBAQC4Byb3iQgDvK8X
-QcZ7dz/Zj7Yr8RmV8J8ZTTcEJB+umVtf4PWyAGEyZG0+dt7vj7ahCgMSf3qLUEBZ
-6F9en4n+NF/RAbTQRfAQyydr65nW8tPlaVTsxWW+cxTrn1eagh88MB5r2+3vWwL0
-bK04Wt8hC4//giXELKgJR+vRprqcVRgy11nYaTP59IDdg4YscbHfc/LYa7ABQ1G5
-5NKtjMy13UvtD/4C3TS1NpL2xtzAgQRe3XFDIyOmv476Ts1boqSHBFX+MXmLBAfi
-8Qhaj1DO8A0HS/c4egcL6esCe4kcgtCuq66n8JzOlVbCDGOYIUkUyQ9Nfo31M5i5
-XhqF9CsBAoGBAP7PqkncLAvyjHQKPpDyWCBtkV7z+DWRZRPz4w8tit+TiAv6hRF7
-kK+NUhP1mBuS4duyEV58B8LWOR0ir7ftbL0/unxR1XWMOvTEHr/9lG1sKZoI0dJS
-Ee+VvuVFwdm/ABxfnveGCRrSHY7GAvFln3gC1Cst3NPPKbpznb3FiH/JAoGBAMwn
-P1Labt/OuzB70Vxve3TCeFA6jYzcYdA3riv1V0FIWoNgcQ742b0+6HDpEQgn4Rdb
-KiKz8hSplM1nx8NyWwS9r7gRQ9HIc0qC5S4A0A9QEbdKrkUiQDlwHgdDKPPCWih9
-qH05etiQ044BtOq7uXsWYqiIomOW/XyDUEhbRRFlAoGALmVnj01Mo9xFILfgzomh
-7D2nE4/+qNpRekGVHWVgfPci9XNnGVjTbnOf90xnptWm1Fbm/Lo+u4ZAHgL71dSg
-UREyhoJsCJxA++Jd6v1kMkxYgtiKQ+53n5U3jg2Wj2xMu93ZVx6Lt9t8UEvTq1qi
-n7p8IWSXaeW1pmJ43V4DTakCgYAFcSpj+ASqnKUqxrIvB52/4As7AESTs7A7z7Ap
-5dFcoSQgimqZHpMXU1z43Y2hrQZ4C+sUn71dRaP80b5mfF7mwnOzsWogZnqESvb3
-AfiJ3/WI8Emy+BXEMjPqt6SY0t56Y9cg925J5ZpuF6eN9lEccd1RZssFYpoBPrLe
-KuitbQKBgQC3DNejUqol2max6rf4h/GnwLE2BOTmFLnswexlw76p/63Jo1SaVpk7
-9nAltsqNCl4L/eAJ8hJdeTE5YVjYsgAVJrXZbiRfxHBMeHj9g0d1VafGqdomKf0R
-7Qytlcvsw8jn96ckEMPPLJF0bX5cu9S6lMyEbb6Ih41P13uvgP6ufg==
------END RSA PRIVATE KEY-----

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/c59056a8/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/JsonBackendKdcTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/JsonBackendKdcTest.java b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/JsonBackendKdcTest.java
deleted file mode 100644
index 87016ee..0000000
--- a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/JsonBackendKdcTest.java
+++ /dev/null
@@ -1,53 +0,0 @@
-/**
- *  Licensed to the Apache Software Foundation (ASF) under one
- *  or more contributor license agreements.  See the NOTICE file
- *  distributed with this work for additional information
- *  regarding copyright ownership.  The ASF licenses this file
- *  to you under the Apache License, Version 2.0 (the
- *  "License"); you may not use this file except in compliance
- *  with the License.  You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing,
- *  software distributed under the License is distributed on an
- *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *  KIND, either express or implied.  See the License for the
- *  specific language governing permissions and limitations
- *  under the License.
- *
- */
-package org.apache.kerby.kerberos.kerb.server;
-
-import org.apache.kerby.config.Conf;
-import org.apache.kerby.config.Config;
-import org.apache.kerby.kerberos.kdc.identitybackend.JsonIdentityBackend;
-import org.apache.kerby.kerberos.kerb.identity.backend.IdentityBackend;
-import org.junit.Test;
-
-import java.io.File;
-
-public class JsonBackendKdcTest extends KdcTest{
-
-    @Override
-    protected void setUpKdcServer() throws Exception {
-        super.setUpKdcServer();
-
-        File testDir = new File(System.getProperty("test.dir", "target"));
-        String jsonBackendFileString = new File(testDir, "json-identity-backend-file").getAbsolutePath();
-
-        Config backendConfig = new Conf();
-        backendConfig.setString(JsonIdentityBackend.JSON_IDENTITY_BACKEND_FILE, jsonBackendFileString);
-
-        IdentityBackend backend = new JsonIdentityBackend(backendConfig);
-        backend.initialize();
-
-        kdcServer.setBackend(backend);
-    }
-
-    @Test
-    public void testKdc() throws Exception {
-        performKdcTest();
-    }
-
-}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/c59056a8/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcTestBase.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcTestBase.java b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcTestBase.java
deleted file mode 100644
index a4c6235..0000000
--- a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcTestBase.java
+++ /dev/null
@@ -1,121 +0,0 @@
-/**
- *  Licensed to the Apache Software Foundation (ASF) under one
- *  or more contributor license agreements.  See the NOTICE file
- *  distributed with this work for additional information
- *  regarding copyright ownership.  The ASF licenses this file
- *  to you under the Apache License, Version 2.0 (the
- *  "License"); you may not use this file except in compliance
- *  with the License.  You may obtain a copy of the License at
- *  
- *    http://www.apache.org/licenses/LICENSE-2.0
- *  
- *  Unless required by applicable law or agreed to in writing,
- *  software distributed under the License is distributed on an
- *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *  KIND, either express or implied.  See the License for the
- *  specific language governing permissions and limitations
- *  under the License. 
- *  
- */
-package org.apache.kerby.kerberos.kerb.server;
-
-import org.apache.kerby.kerberos.kerb.client.KrbClient;
-import org.junit.After;
-import org.junit.Before;
-
-import java.io.IOException;
-import java.net.ServerSocket;
-
-public abstract class KdcTestBase {
-
-    protected String kdcRealm;
-    protected String clientPrincipal;
-    protected String serverPrincipal;
-
-    protected String hostname = "localhost";
-    protected int tcpPort = -1;
-    protected int udpPort = -1;
-
-    protected TestKdcServer kdcServer;
-    protected KrbClient krbClnt;
-
-    protected boolean allowUdp() {
-        return true;
-    }
-
-    @Before
-    public void setUp() throws Exception {
-        tcpPort = getServerPort();
-
-        if (allowUdp()) {
-            udpPort = getServerPort();
-        }
-
-        setUpKdcServer();
-        setUpClient();
-        createPrincipals();
-    }
-
-    protected void setUpKdcServer() throws Exception {
-        kdcServer = new TestKdcServer();
-        kdcServer.setKdcHost(hostname);
-        if (tcpPort > 0) {
-            kdcServer.setKdcTcpPort(tcpPort);
-        }
-        kdcServer.setAllowUdp(allowUdp());
-        if (udpPort > 0) {
-            kdcServer.setKdcUdpPort(udpPort);
-        }
-
-        kdcServer.init();
-
-        kdcRealm = kdcServer.getKdcRealm();
-        clientPrincipal = "drankye@" + kdcRealm;
-
-        serverPrincipal = "test-service/localhost@" + kdcRealm;
-    }
-
-    protected void setUpClient() throws Exception {
-        krbClnt = new KrbClient();
-
-        krbClnt.setKdcHost(hostname);
-        if (tcpPort > 0) {
-            krbClnt.setKdcTcpPort(tcpPort);
-        }
-        krbClnt.setAllowUdp(allowUdp());
-        if (udpPort > 0) {
-            krbClnt.setKdcUdpPort(udpPort);
-        }
-
-        krbClnt.setTimeout(5);
-        krbClnt.setKdcRealm(kdcServer.getKdcRealm());
-    }
-
-    protected void createPrincipals() {
-        kdcServer.createKrbtgtPrincipal();
-        kdcServer.createPrincipals(serverPrincipal);
-    }
-
-    /**
-     * Get a server socket point for testing usage, either TCP or UDP.
-     * @return server socket point
-     */
-    private static int getServerPort() {
-        int serverPort = 0;
-
-        try {
-            ServerSocket serverSocket = new ServerSocket(0);
-            serverPort = serverSocket.getLocalPort();
-            serverSocket.close();
-        } catch (IOException e) {
-            throw new RuntimeException("Failed to get a server socket point");
-        }
-
-        return serverPort;
-    }
-
-    @After
-    public void tearDown() throws Exception {
-        kdcServer.stop();
-    }
-}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/c59056a8/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/TestKdcServer.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/TestKdcServer.java b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/TestKdcServer.java
deleted file mode 100644
index 1374c97..0000000
--- a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/TestKdcServer.java
+++ /dev/null
@@ -1,117 +0,0 @@
-/**
- *  Licensed to the Apache Software Foundation (ASF) under one
- *  or more contributor license agreements.  See the NOTICE file
- *  distributed with this work for additional information
- *  regarding copyright ownership.  The ASF licenses this file
- *  to you under the Apache License, Version 2.0 (the
- *  "License"); you may not use this file except in compliance
- *  with the License.  You may obtain a copy of the License at
- *  
- *    http://www.apache.org/licenses/LICENSE-2.0
- *  
- *  Unless required by applicable law or agreed to in writing,
- *  software distributed under the License is distributed on an
- *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *  KIND, either express or implied.  See the License for the
- *  specific language governing permissions and limitations
- *  under the License. 
- *  
- */
-package org.apache.kerby.kerberos.kerb.server;
-
-import org.apache.kerby.kerberos.kerb.KrbException;
-import org.apache.kerby.kerberos.kerb.common.EncryptionUtil;
-import org.apache.kerby.kerberos.kerb.identity.KrbIdentity;
-import org.apache.kerby.kerberos.kerb.identity.backend.IdentityBackend;
-import org.apache.kerby.kerberos.kerb.keytab.Keytab;
-import org.apache.kerby.kerberos.kerb.keytab.KeytabEntry;
-import org.apache.kerby.kerberos.kerb.spec.KerberosTime;
-import org.apache.kerby.kerberos.kerb.spec.base.EncryptionKey;
-import org.apache.kerby.kerberos.kerb.spec.base.EncryptionType;
-import org.apache.kerby.kerberos.kerb.spec.base.PrincipalName;
-
-import java.io.File;
-import java.io.IOException;
-import java.util.List;
-import java.util.UUID;
-
-public class TestKdcServer extends SimpleKdcServer {
-
-    /**
-     * Prepare KDC configuration for the test.
-     */
-    protected void prepareKdcConfig() {
-        KdcConfig kdcConfig = getKdcConfig();
-
-        kdcConfig.setString(KdcConfigKey.KDC_HOST, "localhost");
-        kdcConfig.setInt(KdcConfigKey.KDC_TCP_PORT, 8018);
-        kdcConfig.setString(KdcConfigKey.KDC_DOMAIN, "test.com");
-        kdcConfig.setString(KdcConfigKey.KDC_REALM, "TEST.COM");
-    }
-
-    @Override
-    public void init() {
-        super.init();
-
-        prepareKdcConfig();
-    }
-
-    public void createKrbtgtPrincipal() {
-        createPrincipals("krbtgt");
-    }
-
-    public String getKdcRealm() {
-        return getKdcConfig().getKdcRealm();
-    }
-
-    public synchronized void createPrincipal(String principal, String password) {
-        KrbIdentity identity = new KrbIdentity(principal);
-        List<EncryptionType> encTypes = getKdcConfig().getEncryptionTypes();
-        List<EncryptionKey> encKeys = null;
-        try {
-            encKeys = EncryptionUtil.generateKeys(fixPrincipal(principal), password, encTypes);
-        } catch (KrbException e) {
-            throw new RuntimeException("Failed to generate encryption keys", e);
-        }
-        identity.addKeys(encKeys);
-        getIdentityService().addIdentity(identity);
-    }
-
-    public void setBackend(IdentityBackend backend) {
-        super.setBackend(backend);
-    }
-
-
-    public void createPrincipals(String ... principals) {
-        String passwd;
-        for (String principal : principals) {
-            passwd = UUID.randomUUID().toString();
-            createPrincipal(fixPrincipal(principal), passwd);
-        }
-    }
-
-    private String fixPrincipal(String principal) {
-        if (! principal.contains("@")) {
-            principal += "@" + getKdcRealm();
-        }
-        return principal;
-    }
-
-    public void exportPrincipals(File keytabFile) throws IOException {
-        Keytab keytab = new Keytab();
-
-        List<String> principals = getIdentityService().getIdentities(-1, -1);
-        for (String pn : principals) {
-            KrbIdentity identity = getIdentityService().getIdentity(pn);
-            PrincipalName principal = identity.getPrincipal();
-            KerberosTime timestamp = new KerberosTime();
-            for (EncryptionType encType : identity.getKeys().keySet()) {
-                EncryptionKey ekey = identity.getKeys().get(encType);
-                int keyVersion = ekey.getKvno();
-                keytab.addEntry(new KeytabEntry(principal, timestamp, keyVersion, ekey));
-            }
-        }
-
-        keytab.store(keytabFile);
-    }
-}
\ No newline at end of file


Mime
View raw message