directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From plusplusjia...@apache.org
Subject directory-kerby git commit: Updating README: asn1, admin, client apis.
Date Fri, 08 Jan 2016 08:00:18 GMT
Repository: directory-kerby
Updated Branches:
  refs/heads/trunk 70ce3a849 -> bb9b05bc1


Updating README: asn1, admin, client apis.


Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/bb9b05bc
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/bb9b05bc
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/bb9b05bc

Branch: refs/heads/trunk
Commit: bb9b05bc141469b7c633cc7e62ff3bd07c5c9b5e
Parents: 70ce3a8
Author: plusplusjiajia <jiajia.li@intel.com>
Authored: Fri Jan 8 16:07:08 2016 +0800
Committer: plusplusjiajia <jiajia.li@intel.com>
Committed: Fri Jan 8 16:07:08 2016 +0800

----------------------------------------------------------------------
 README.md                        |   5 +-
 kerby-asn1/README.md             | 225 +++++++++++++++++++++++-----------
 kerby-dist/README.md             |   2 +-
 kerby-kerb/kerb-admin/README.md  |  16 ++-
 kerby-kerb/kerb-client/README.md |  67 +++++++++-
 5 files changed, 230 insertions(+), 85 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/bb9b05bc/README.md
----------------------------------------------------------------------
diff --git a/README.md b/README.md
index ae5b55f..a4071ea 100644
--- a/README.md
+++ b/README.md
@@ -27,7 +27,7 @@ Apache Kerby is a Java Kerberos binding. It provides a rich, intuitive and
inter
 ### The Initiatives/Goals 
 - Aims as a Java Kerberos binding, with rich and integrated facilities that integrate Kerberos,
PKI and token (OAuth2) for both client and server sides.
 - Provides client APIs at the Kerberos protocol level to interact with a KDC server through
AS and TGS exchanges.
-- Provides a standalone KDC server that supports various identity back ends including memory
based, Json file based, LDAP backed and even Zookeeper backed.
+- Provides a standalone KDC server that supports various identity backends including memory
based, Json file based, LDAP based and even Zookeeper based.
 - Provides an embedded KDC server that applications can easily integrate into products, unit
tests or integration tests.
 - Supports FAST/Preauthentication framework to allow popular and useful authentication mechanisms.
 - Supports PKINIT mechanism to allow clients to request tickets using x509 certificate credentials.
@@ -83,7 +83,7 @@ Independent of Kerberos code in JRE, but rely on JCE
 | camellia | The Camellia family: camellia256-cts-cmac and camellia128-cts-cmac |
 
 ### Identity Backend
-A standalone KDC server that can integrate various identity back ends including:
+A standalone KDC server that can integrate various identity backends including:
 - MemoryIdentityBackend.
   - It is default Identity Backend, and no cofiguration is needed. This backend is for no
permanent storage requirements.
 - JsonIdentityBackend.
@@ -124,7 +124,6 @@ A standalone KDC server that can integrate various identity back ends
including:
 - [Netty](http://netty.io/), needed by netty based KDC server.
 - [Zookeeper](https://zookeeper.apache.org/), needed by zookeeper identity backend.
 
-
 ### How to use library
 The Apache Kerby is also available as a Maven dependency:
 - Kerby Client API:

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/bb9b05bc/kerby-asn1/README.md
----------------------------------------------------------------------
diff --git a/kerby-asn1/README.md b/kerby-asn1/README.md
index e228057..05f5502 100644
--- a/kerby-asn1/README.md
+++ b/kerby-asn1/README.md
@@ -45,31 +45,80 @@ With the following definition from Kerberos protocol
  
 You can model AuthzDataEntry as follows
 ```java
-public class AuthzDataEntry extends Asn1SequenceType {
-    static int AD_TYPE = 0;
-    static int AD_DATA = 1;
-
-    public AuthzDataEntry() {
-        super(new Asn1FieldInfo[] {
-                new Asn1FieldInfo(AD_TYPE, Asn1Integer.class),
-                new Asn1FieldInfo(AD_DATA, Asn1OctetString.class)
-        });
+public class AuthorizationDataEntry extends KrbSequenceType {
+    /**
+     * The possible fields
+     */
+    protected enum AuthorizationDataEntryField implements EnumType {
+        AD_TYPE,
+        AD_DATA;
+
+        /**
+         * {@inheritDoc}
+         */
+        @Override
+        public int getValue() {
+            return ordinal();
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        @Override
+        public String getName() {
+            return name();
+        }
+    }
+
+    /** The AuthorizationDataEntry's fields */
+    private static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
+            new ExplicitField(AuthorizationDataEntryField.AD_TYPE, Asn1Integer.class),
+            new ExplicitField(AuthorizationDataEntryField.AD_DATA, Asn1OctetString.class)
+    };
+
+    /**
+     * Creates an AuthorizationDataEntry instance
+     */
+    public AuthorizationDataEntry() {
+        super(fieldInfos);
     }
 
-    public int getAuthzType() {
-        Integer value = getFieldAsInteger(AD_TYPE);
-        return value;
+    /**
+     * @return The AuthorizationType (AD_TYPE) field
+     */
+    public AuthorizationType getAuthzType() {
+        Integer value = getFieldAsInteger(AuthorizationDataEntryField.AD_TYPE);
+        return AuthorizationType.fromValue(value);
     }
 
+    /**
+     * Sets the AuthorizationType (AD_TYPE) field
+     * @param authzType The AuthorizationType to set
+     */
+    public void setAuthzType(AuthorizationType authzType) {
+        setFieldAsInt(AuthorizationDataEntryField.AD_TYPE, authzType.getValue());
+    }
+
+    /**
+     * @return The AuthorizationType (AD_DATA) field
+     */
     public byte[] getAuthzData() {
-        return getFieldAsOctetBytes(AD_DATA);
+        return getFieldAsOctets(AuthorizationDataEntryField.AD_DATA);
+    }
+
+    /**
+     * Sets the AuthorizationData (AD_DATA) field
+     * @param authzData The AuthorizationData to set
+     */
+    public void setAuthzData(byte[] authzData) {
+        setFieldAsOctets(AuthorizationDataEntryField.AD_DATA, authzData);
     }
 }
 ```
 
 And then define AuthorizationData simply
 ```java
-public class AuthorizationData extends Asn1SequenceOf<AuthzDataEntry> {
+public class AuthorizationData extends KrbSequenceOfType<AuthorizationDataEntry> {
 
 }
 ```
@@ -108,74 +157,85 @@ Date ::= [APPLICATION 3] IMPLICIT VisibleString -- YYYYMMDD
 ```
 Similarly as above, we can have (from the unit test codes):
 ```java
-public class PersonnelRecord extends TaggingSet {
-    private static int NAME = 0;
-    private static int TITLE = 1;
-    private static int NUMBER = 2;
-    private static int DATEOFHIRE= 3;
-    private static int NAMEOFSPOUSE = 4;
-    private static int CHILDREN = 5;
+public class PersonnelRecord extends Asn1TaggingSet {
+    protected enum PersonnelRecordField implements EnumType {
+        NAME,
+        TITLE,
+        NUMBER,
+        DATE_OF_HIRE,
+        NAME_OF_SPOUSE,
+        CHILDREN;
+
+        @Override
+        public int getValue() {
+            return ordinal();
+        }
+
+        @Override
+        public String getName() {
+            return name();
+        }
+    }
 
     static Asn1FieldInfo[] fieldInfos = new Asn1FieldInfo[] {
-            new Asn1FieldInfo(NAME, -1, Name.class),
-            new Asn1FieldInfo(TITLE, 0, Asn1VisibleString.class),
-            new Asn1FieldInfo(NUMBER, -1, EmployeeNumber.class),
-            new Asn1FieldInfo(DATEOFHIRE, 1, Date.class),
-            new Asn1FieldInfo(NAMEOFSPOUSE, 2, Name.class),
-            new Asn1FieldInfo(CHILDREN, 3, Children.class, true)
+            new ExplicitField(PersonnelRecordField.NAME, -1, Name.class),
+            new ExplicitField(PersonnelRecordField.TITLE, 0, Asn1VisibleString.class),
+            new ExplicitField(PersonnelRecordField.NUMBER, -1, EmployeeNumber.class),
+            new ExplicitField(PersonnelRecordField.DATE_OF_HIRE, 1, Date.class),
+            new ExplicitField(PersonnelRecordField.NAME_OF_SPOUSE, 2, Name.class),
+            new ImplicitField(PersonnelRecordField.CHILDREN, 3, Children.class)
     };
 
     public PersonnelRecord() {
-        super(0, fieldInfos, true);
-        setEncodingOption(EncodingOption.IMPLICIT);
+        super(0, fieldInfos, true, true);
     }
 
     public void setName(Name name) {
-        setFieldAs(NAME, name);
+        setFieldAs(PersonnelRecordField.NAME, name);
     }
 
     public Name getName() {
-        return getFieldAs(NAME, Name.class);
+        return getFieldAs(PersonnelRecordField.NAME, Name.class);
     }
 
     public void setTitle(String title) {
-        setFieldAs(TITLE, new Asn1VisibleString(title));
+        setFieldAs(PersonnelRecordField.TITLE, new Asn1VisibleString(title));
     }
 
     public String getTitle() {
-        return getFieldAsString(TITLE);
+        return getFieldAsString(PersonnelRecordField.TITLE);
     }
 
     public void setEmployeeNumber(EmployeeNumber employeeNumber) {
-        setFieldAs(NUMBER, employeeNumber);
+        setFieldAs(PersonnelRecordField.NUMBER, employeeNumber);
     }
 
     public EmployeeNumber getEmployeeNumber() {
-        return getFieldAs(NUMBER, EmployeeNumber.class);
+        return getFieldAs(PersonnelRecordField.NUMBER, EmployeeNumber.class);
     }
 
     public void setDateOfHire(Date dateOfHire) {
-        setFieldAs(DATEOFHIRE, dateOfHire);
+        setFieldAs(PersonnelRecordField.DATE_OF_HIRE, dateOfHire);
     }
 
     public Date getDateOfHire() {
-        return getFieldAs(DATEOFHIRE, Date.class);
+        return getFieldAs(PersonnelRecordField.DATE_OF_HIRE, Date.class);
     }
 
     public void setNameOfSpouse(Name spouse) {
-        setFieldAs(NAMEOFSPOUSE, spouse);
+        setFieldAs(PersonnelRecordField.NAME_OF_SPOUSE, spouse);
     }
 
     public Name getNameOfSpouse() {
-        return getFieldAs(NAMEOFSPOUSE, Name.class);
+        return getFieldAs(PersonnelRecordField.NAME_OF_SPOUSE, Name.class);
     }
 
     public void setChildren(Children children) {
-        setFieldAs(CHILDREN, children);
+        setFieldAs(PersonnelRecordField.CHILDREN, children);
     }
 
     public Children getChildren() {
-        return getFieldAs(CHILDREN, Children.class);
+        return getFieldAs(PersonnelRecordField.CHILDREN, Children.class);
     }
 
     public static class Children extends Asn1SequenceOf<ChildInformation> {
@@ -192,12 +252,24 @@ public class PersonnelRecord extends TaggingSet {
     }
 
     public static class ChildInformation extends Asn1SetType {
-        private static int NAME = 0;
-        private static int DATEOFBIRTH = 1;
+        protected enum ChildInformationField implements EnumType {
+            CHILD_NAME,
+            DATE_OF_BIRTH;
+
+            @Override
+            public int getValue() {
+                return ordinal();
+            }
+
+            @Override
+            public String getName() {
+                return name();
+            }
+        }
 
         static Asn1FieldInfo[] tags = new Asn1FieldInfo[] {
-                new Asn1FieldInfo(NAME, -1, Name.class),
-                new Asn1FieldInfo(DATEOFBIRTH, 0, Date.class)
+                new ExplicitField(ChildInformationField.CHILD_NAME, -1, Name.class),
+                new ExplicitField(ChildInformationField.DATE_OF_BIRTH, 0, Date.class)
         };
 
         public ChildInformation() {
@@ -205,36 +277,48 @@ public class PersonnelRecord extends TaggingSet {
         }
 
         public void setName(Name name) {
-            setFieldAs(NAME, name);
+            setFieldAs(ChildInformationField.CHILD_NAME, name);
         }
 
         public Name getName() {
-            return getFieldAs(NAME, Name.class);
+            return getFieldAs(ChildInformationField.CHILD_NAME, Name.class);
         }
 
         public void setDateOfBirth(Date date) {
-            setFieldAs(DATEOFBIRTH, date);
+            setFieldAs(ChildInformationField.DATE_OF_BIRTH, date);
         }
 
         public Date getDateOfBirth() {
-            return getFieldAs(DATEOFBIRTH, Date.class);
+            return getFieldAs(ChildInformationField.DATE_OF_BIRTH, Date.class);
         }
     }
 
-    public static class Name extends TaggingSequence {
-        private static int GIVENNAME = 0;
-        private static int INITIAL = 1;
-        private static int FAMILYNAME = 2;
+    public static class Name extends Asn1TaggingSequence {
+
+        protected enum NameField implements EnumType {
+            GIVENNAME,
+            INITIAL,
+            FAMILYNAME;
+
+            @Override
+            public int getValue() {
+                return ordinal();
+            }
+
+            @Override
+            public String getName() {
+                return name();
+            }
+        }
 
         static Asn1FieldInfo[] tags = new Asn1FieldInfo[] {
-                new Asn1FieldInfo(GIVENNAME, -1, Asn1VisibleString.class),
-                new Asn1FieldInfo(INITIAL, -1, Asn1VisibleString.class),
-                new Asn1FieldInfo(FAMILYNAME, -1, Asn1VisibleString.class)
+                new ExplicitField(NameField.GIVENNAME, -1, Asn1VisibleString.class),
+                new ExplicitField(NameField.INITIAL, -1, Asn1VisibleString.class),
+                new ExplicitField(NameField.FAMILYNAME, -1, Asn1VisibleString.class)
         };
 
         public Name() {
-            super(1, tags, true);
-            setEncodingOption(EncodingOption.IMPLICIT);
+            super(1, tags, true, true);
         }
 
         public Name(String givenName, String initial, String familyName) {
@@ -245,44 +329,43 @@ public class PersonnelRecord extends TaggingSet {
         }
 
         public void setGivenName(String givenName) {
-            setFieldAs(GIVENNAME, new Asn1VisibleString(givenName));
+            setFieldAs(NameField.GIVENNAME, new Asn1VisibleString(givenName));
         }
 
         public String getGivenName() {
-            return getFieldAsString(GIVENNAME);
+            return getFieldAsString(NameField.GIVENNAME);
         }
 
         public void setInitial(String initial) {
-            setFieldAs(INITIAL, new Asn1VisibleString(initial));
+            setFieldAs(NameField.INITIAL, new Asn1VisibleString(initial));
         }
 
         public String getInitial() {
-            return getFieldAsString(INITIAL);
+            return getFieldAsString(NameField.INITIAL);
         }
 
         public void setFamilyName(String familyName) {
-            setFieldAs(FAMILYNAME, new Asn1VisibleString(familyName));
+            setFieldAs(NameField.FAMILYNAME, new Asn1VisibleString(familyName));
         }
 
         public String getFamilyName() {
-            return getFieldAsString(FAMILYNAME);
+            return getFieldAsString(NameField.FAMILYNAME);
         }
     }
 
     public static class EmployeeNumber extends Asn1Tagging<Asn1Integer> {
         public EmployeeNumber(Integer value) {
-            super(2, new Asn1Integer(value), true);
-            setEncodingOption(EncodingOption.IMPLICIT);
+            super(2, new Asn1Integer(value), true, true);
         }
+
         public EmployeeNumber() {
-            this(null);
+            super(2, new Asn1Integer(), true, true);
         }
     }
 
     public static class Date extends Asn1Tagging<Asn1VisibleString> {
         public Date(String value) {
-            super(3, new Asn1VisibleString(value), true);
-            setEncodingOption(EncodingOption.IMPLICIT);
+            super(3, new Asn1VisibleString(value), true, true);
         }
         public Date() {
             this(null);
@@ -290,6 +373,10 @@ public class PersonnelRecord extends TaggingSet {
     }
 }
 ```
+### ASN1 dumping tool
+* ASN1 dumping tool to help analyze ASN1 encoding stream or packet. It can be used to exercise
the framework with all kinds of testing binary inputs.
+* The shortcut API for ASN1 encoding, decoding and dumping in Asn1.java
+
 ### Notes
 * 90% tests coverage for DER encoding
 * For BER & CER encoding, to be fully supported

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/bb9b05bc/kerby-dist/README.md
----------------------------------------------------------------------
diff --git a/kerby-dist/README.md b/kerby-dist/README.md
index 29e5971..940af9f 100644
--- a/kerby-dist/README.md
+++ b/kerby-dist/README.md
@@ -42,7 +42,7 @@ cd kerby-dist/kdc-dist
 sh bin/start-kdc.sh [server-conf-dir] [work-dir]
 ```
 
-* 4. Run kadmin to add principals:
+* 4. Run kadmin to add or delete principals:
 ```
 cd kerby-dist/kdc-dist
 sh bin/kadmin.sh [server-conf-dir] -k [keytab]

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/bb9b05bc/kerby-kerb/kerb-admin/README.md
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-admin/README.md b/kerby-kerb/kerb-admin/README.md
index 2e8fe0d..e166dfc 100644
--- a/kerby-kerb/kerb-admin/README.md
+++ b/kerby-kerb/kerb-admin/README.md
@@ -19,15 +19,19 @@
 
 kerb-admin
 ============
-
-### Initiate a Kadmin
-* Initiate a Kadmin with confDir.
+## Local mode
+### Initiate a LocalKadminImpl
+* Initiate a LocalKadminImpl with prepared KdcConfig and BackendConfig.
+<pre>
+LocalKadminImpl kadmin = new LocalKadminImpl(kdcConfig, backendConfig);
+</pre>
+* Initiate a LocalKadminImpl with confDir.
 <pre>
-Kadmin kadmin = new Kadmin(confDir);
+LocalKadminImpl kadmin = new LocalKadminImpl(confDir);
 </pre>
-* Initiate a Kadmin with kdcSetting and backend.
+* Initiate a LocalKadminImpl with kdcSetting and backend.
 <pre>
-Kadmin kadmin = new Kadmin(kdcSetting, backend);
+LocalKadminImpl kadmin = new LocalKadminImpl(kdcSetting, backend);
 </pre>
 
 ### Principal operating

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/bb9b05bc/kerby-kerb/kerb-client/README.md
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-client/README.md b/kerby-kerb/kerb-client/README.md
index 14a4972..ab5a48c 100644
--- a/kerby-kerb/kerb-client/README.md
+++ b/kerby-kerb/kerb-client/README.md
@@ -20,32 +20,87 @@
 kerb-client
 ============
 
+## 1. KrbClient
 ### Initiate a KrbClient
 * Initiate a KrbClient with prepared KrbConfig.
 <pre>
 KrbClient krbClient = new KrbClient(krbConfig);
 </pre>
-* Initiate a KrbClient with with conf dir.
+* Initiate a KrbClient with conf dir.
 <pre>
 KrbClient krbClient = new KrbClient(confDir);
 </pre>
 
 ### Request a TGT
+* Request a TGT with using well prepared requestOptions.
+<pre>
+requestTgt(requestOptions);
+</pre>
 * Request a TGT with user plain password credential
 <pre>
-requestTgtWithPassword(principal, password);
+requestTgt(principal, password);
+</pre>
+* Request a TGT with user plain keytab credential
+<pre>
+requestTgt(principal, keytabFile);
+</pre>
+
+### Request a service ticket
+* Request a service ticket with a TGT targeting for a server
+<pre>
+requestSgt(tgt, serverPrincipal);
+</pre>
+* Request a service ticket provided request options
+<pre>
+requestSgt(requestOptions);
+</pre>
+
+## 2. KrbTokenClient
+### Initiate a KrbTokenClient
+* Initiate a KrbTokenClient with prepared KrbConfig.
+<pre>
+KrbTokenClient krbTokenClient = new KrbTokenClient(krbConfig);
+</pre>
+* Initiate a KrbTokenClient with conf dir.
+<pre>
+KrbTokenClient krbTokenClient = new KrbTokenClient(confDir);
+</pre>
+* Initiate a KrbTokenClient with prepared KrbClient.
+<pre>
+KrbTokenClient krbTokenClient = new KrbTokenClient(krbClient);
 </pre>
+
+### Request a TGT
 * Request a TGT with user token credential
 <pre>
 requestTgtWithToken(token, armorCache);
 </pre>
 
 ### Request a service ticket
-* Request a service ticket with user TGT credential for a server
-<pre>
-requestServiceTicketWithTgt(tgt, serverPrincipal);
 </pre>
 * Request a service ticket with user AccessToken credential for a server
 <pre>
-requestServiceTicketWithAccessToken(accessToken, serverPrincipal, armorCache);
+requestSgt(accessToken, serverPrincipal, armorCache);
+</pre>
+
+## 3. KrbPkinitClient
+### Initiate a KrbPkinitClient
+* Initiate a KrbPkinitClient with prepared KrbConfig.
+<pre>
+KrbPkinitClient krbPkinitClient = new KrbPkinitClient(krbConfig);
+</pre>
+* Initiate a KrbPkinitClient with conf dir.
+<pre>
+KrbPkinitClient krbPkinitClient = new KrbPkinitClient(confDir);
+</pre>
+* Initiate a KrbPkinitClient with prepared KrbClient.
+<pre>
+KrbPkinitClient krbPkinitClient = new KrbPkinitClient(krbClient);
+</pre>
+
+### Request a TGT
+* Request a TGT with using Anonymous PKINIT
+<pre>
+requestTgt();
 </pre>
+


Mime
View raw message