directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From plusplusjia...@apache.org
Subject directory-kerby git commit: [DIRKRB-291]-Implementing doAddIdentity for LdapIdentityBackend. Contributed by Yaning.
Date Fri, 19 Jun 2015 05:41:39 GMT
Repository: directory-kerby
Updated Branches:
  refs/heads/master 12be8a29d -> dc79c2bb1


[DIRKRB-291]-Implementing doAddIdentity for LdapIdentityBackend. Contributed by Yaning.


Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/dc79c2bb
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/dc79c2bb
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/dc79c2bb

Branch: refs/heads/master
Commit: dc79c2bb138bd56f5ec4ecc0755160bb47add644
Parents: 12be8a2
Author: plusplusjiajia <jiajia.li@intel.com>
Authored: Fri Jun 19 13:46:29 2015 +0800
Committer: plusplusjiajia <jiajia.li@intel.com>
Committed: Fri Jun 19 13:46:29 2015 +0800

----------------------------------------------------------------------
 kerby-backend/ldap-backend/pom.xml              | 10 +++
 .../identitybackend/LdapIdentityBackend.java    | 82 ++++++++++++++++++--
 .../identitybackend/LdapIdentityGetHelper.java  |  7 +-
 .../backend/LdapIdentityBackendTest.java        |  6 +-
 .../kerb/identity/backend/BackendTest.java      |  2 +-
 5 files changed, 92 insertions(+), 15 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/dc79c2bb/kerby-backend/ldap-backend/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-backend/ldap-backend/pom.xml b/kerby-backend/ldap-backend/pom.xml
index a8279ca..752770f 100644
--- a/kerby-backend/ldap-backend/pom.xml
+++ b/kerby-backend/ldap-backend/pom.xml
@@ -57,12 +57,22 @@
       <version>${ldap.api.version}</version>
     </dependency>
     <dependency>
+      <groupId>org.apache.directory.api</groupId>
+      <artifactId>api-ldap-model</artifactId>
+      <version>${ldap.api.version}</version>
+    </dependency>
+    <dependency>
       <groupId>org.apache.directory.server</groupId>
       <artifactId>apacheds-core-api</artifactId>
       <version>2.0.0-M20</version>
     </dependency>
     <dependency>
       <groupId>org.apache.directory.server</groupId>
+      <artifactId>apacheds-kerberos-codec</artifactId>
+      <version>2.0.0-M20</version>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.directory.server</groupId>
       <artifactId>apacheds-protocol-ldap</artifactId>
       <version>2.0.0-M20</version>
     </dependency>

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/dc79c2bb/kerby-backend/ldap-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/LdapIdentityBackend.java
----------------------------------------------------------------------
diff --git a/kerby-backend/ldap-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/LdapIdentityBackend.java
b/kerby-backend/ldap-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/LdapIdentityBackend.java
index 5d47a3a..76cc5c0 100644
--- a/kerby-backend/ldap-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/LdapIdentityBackend.java
+++ b/kerby-backend/ldap-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/LdapIdentityBackend.java
@@ -19,23 +19,32 @@
  */
 package org.apache.kerby.kerberos.kdc.identitybackend;
 
+import org.apache.directory.api.ldap.model.entry.DefaultEntry;
+import org.apache.directory.api.ldap.model.entry.Entry;
 import org.apache.directory.api.ldap.model.exception.LdapException;
+import org.apache.directory.api.ldap.model.exception.LdapInvalidDnException;
+import org.apache.directory.api.ldap.model.name.Dn;
+import org.apache.directory.api.ldap.model.name.Rdn;
 import org.apache.directory.api.util.GeneralizedTime;
 import org.apache.directory.ldap.client.api.LdapNetworkConnection;
+import org.apache.directory.shared.kerberos.KerberosAttribute;
 import org.apache.kerby.config.Config;
 import org.apache.kerby.kerberos.kerb.identity.KrbIdentity;
 import org.apache.kerby.kerberos.kerb.identity.backend.AbstractIdentityBackend;
 import org.apache.kerby.kerberos.kerb.spec.KerberosTime;
+import org.apache.kerby.kerberos.kerb.spec.base.EncryptionKey;
+import org.apache.kerby.kerberos.kerb.spec.base.EncryptionType;
 
 import java.io.IOException;
 import java.util.List;
+import java.util.Map;
 
 /**
  * An LDAP based backend implementation.
  *
  */
 public class LdapIdentityBackend extends AbstractIdentityBackend {
-    private static final String BASE_DN = "ou=users,dc=example,dc=com";//NOPMD
+    private static final String BASE_DN = "ou=users,dc=example,dc=com";
     private static final String ADMIN_DN = "uid=admin,ou=system";
     private LdapNetworkConnection connection;
 
@@ -87,19 +96,80 @@ public class LdapIdentityBackend extends AbstractIdentityBackend {
     }
 
 
-    private String toGeneralizedTime(KerberosTime kerberosTime)//NOPMD
-    {
+    private String toGeneralizedTime(KerberosTime kerberosTime) {
         GeneralizedTime generalizedTime = new GeneralizedTime(kerberosTime.getValue());
         return generalizedTime.toString();
     }
 
-    @Override
-    protected KrbIdentity doGetIdentity(String principalName) {
-        return null;
+    class KeysInfo{
+        private String[] etypes;
+        private byte[][] keys;
+        private String[] kvnos;
+
+        public KeysInfo(KrbIdentity identity) {
+            Map<EncryptionType, EncryptionKey> keymap = identity.getKeys();
+            this.etypes = new String[keymap.size()];
+            this.keys = new byte[keymap.size()][];
+            this.kvnos = new String[keymap.size()];
+            int i = 0;
+            for (Map.Entry<EncryptionType, EncryptionKey> entryKey : keymap.entrySet())
{
+                etypes[i] = entryKey.getKey().getValue() + "";
+                keys[i] = entryKey.getValue().encode();
+                kvnos[i] = entryKey.getValue().getKvno() + "";
+                i++;
+            }
+        }
+
+        public String[] getEtypes() {
+            return etypes;
+        }
+
+        public byte[][] getKeys() {
+            return keys;
+        }
+
+        public String[] getKvnos() {
+            return kvnos;
+        }
     }
 
     @Override
     protected KrbIdentity doAddIdentity(KrbIdentity identity) {
+        String principalName = identity.getPrincipalName();
+        String[] names = principalName.split("@");
+        String uid = names[0];
+        Entry entry = new DefaultEntry();
+        KeysInfo keysInfo = new KeysInfo(identity);
+        try {
+            Dn dn = new Dn(new Rdn("uid", uid), new Dn(BASE_DN));
+            entry.setDn(dn);
+            entry.add("objectClass", "top", "person", "inetOrgPerson", "krb5principal", "krb5kdcentry");
+            entry.add("cn", names[0]);
+            entry.add( "sn", names[0]);
+            entry.add(KerberosAttribute.KRB5_KEY_AT, keysInfo.getKeys());
+            entry.add( "krb5EncryptionType", keysInfo.getEtypes());
+            entry.add( KerberosAttribute.KRB5_PRINCIPAL_NAME_AT, principalName);
+            entry.add( KerberosAttribute.KRB5_KEY_VERSION_NUMBER_AT, identity.getKeyVersion()
+ "");
+            entry.add( "krb5KDCFlags", "" + identity.getKdcFlags());
+            entry.add( KerberosAttribute.KRB5_ACCOUNT_DISABLED_AT, "" + identity.isDisabled());
+            entry.add( "createTimestamp",
+                    toGeneralizedTime(identity.getCreatedTime()));
+            entry.add(KerberosAttribute.KRB5_ACCOUNT_LOCKEDOUT_AT, "" + identity.isLocked());
+            entry.add( KerberosAttribute.KRB5_ACCOUNT_EXPIRATION_TIME_AT,
+                    toGeneralizedTime(identity.getExpireTime()));
+            connection.add(entry);
+        } catch (LdapInvalidDnException e) {
+            e.printStackTrace();
+        } catch (LdapException e) {
+            e.printStackTrace();
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+        return identity;
+    }
+
+    @Override
+    protected KrbIdentity doGetIdentity(String principalName) {
         return null;
     }
 

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/dc79c2bb/kerby-backend/ldap-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/LdapIdentityGetHelper.java
----------------------------------------------------------------------
diff --git a/kerby-backend/ldap-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/LdapIdentityGetHelper.java
b/kerby-backend/ldap-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/LdapIdentityGetHelper.java
index 39aedda..89664c3 100644
--- a/kerby-backend/ldap-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/LdapIdentityGetHelper.java
+++ b/kerby-backend/ldap-backend/src/main/java/org/apache/kerby/kerberos/kdc/identitybackend/LdapIdentityGetHelper.java
@@ -26,14 +26,13 @@ import org.apache.kerby.kerberos.kerb.spec.KerberosTime;
 import java.text.ParseException;
 
 public class LdapIdentityGetHelper {
-    private Entry entry;//NOPMD
-
+    private Entry entry;
     public LdapIdentityGetHelper(Entry entry) {
         this.entry = entry;
     }
 
-    private KerberosTime createKerberosTime(String generalizedTime) throws ParseException
//NOPMD
-    {
+    private KerberosTime createKerberosTime(String generalizedTime)//NOPMD
+            throws ParseException {
         long time = new GeneralizedTime(generalizedTime).getTime();
         return new KerberosTime(time);
     }

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/dc79c2bb/kerby-backend/ldap-backend/src/test/java/org/apache/kerby/kerberos/kerb/identity/backend/LdapIdentityBackendTest.java
----------------------------------------------------------------------
diff --git a/kerby-backend/ldap-backend/src/test/java/org/apache/kerby/kerberos/kerb/identity/backend/LdapIdentityBackendTest.java
b/kerby-backend/ldap-backend/src/test/java/org/apache/kerby/kerberos/kerb/identity/backend/LdapIdentityBackendTest.java
index 6d500d3..10bf3f5 100644
--- a/kerby-backend/ldap-backend/src/test/java/org/apache/kerby/kerberos/kerb/identity/backend/LdapIdentityBackendTest.java
+++ b/kerby-backend/ldap-backend/src/test/java/org/apache/kerby/kerberos/kerb/identity/backend/LdapIdentityBackendTest.java
@@ -61,8 +61,7 @@ public class LdapIdentityBackendTest extends AbstractLdapIdentityBackendTest
     private LdapIdentityBackend backend;
 
     @Test
-    public void setUp() throws Exception
-    {
+    public void setUp() throws Exception {
         Conf config = new Conf();
         config.setInt("port", getLdapServer().getPort());
         this.backend = new LdapIdentityBackend(config);
@@ -71,8 +70,7 @@ public class LdapIdentityBackendTest extends AbstractLdapIdentityBackendTest
     }
 
     @After
-    public void tearDown() throws Exception
-    {
+    public void tearDown() throws Exception {
         backend.stop();
         backend.release();
     }

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/dc79c2bb/kerby-kerb/kerb-identity-test/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/BackendTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-identity-test/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/BackendTest.java
b/kerby-kerb/kerb-identity-test/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/BackendTest.java
index caa02ac..dbd01a3 100644
--- a/kerby-kerb/kerb-identity-test/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/BackendTest.java
+++ b/kerby-kerb/kerb-identity-test/src/main/java/org/apache/kerby/kerberos/kerb/identity/backend/BackendTest.java
@@ -143,7 +143,7 @@ public abstract class BackendTest {
     protected KrbIdentity createOneIdentity(String principal) {
         KrbIdentity kid = new KrbIdentity(principal);
         kid.setCreatedTime(KerberosTime.now());
-        kid.setExpireTime(KerberosTime.NEVER);
+        kid.setExpireTime(new KerberosTime(253402300799900L));
         kid.setDisabled(false);
         kid.setKeyVersion(1);
         kid.setLocked(false);


Mime
View raw message