directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From plusplusjia...@apache.org
Subject [2/3] directory-kerby git commit: DIRKRB-716 Implement local admin tool.
Date Fri, 01 Jun 2018 03:42:37 GMT
DIRKRB-716 Implement local admin tool.


Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/ac19d3de
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/ac19d3de
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/ac19d3de

Branch: refs/heads/trunk
Commit: ac19d3de5710edcfbe6d1ecdfde6049a2d4602fa
Parents: 63ba893
Author: plusplusjiajia <jiajia.li@intel.com>
Authored: Fri Jun 1 11:41:53 2018 +0800
Committer: plusplusjiajia <jiajia.li@intel.com>
Committed: Fri Jun 1 11:41:53 2018 +0800

----------------------------------------------------------------------
 .../org/apache/kerby/has/common/Hadmin.java     |   2 +
 .../kerby/has/server/admin/LocalHadmin.java     |  19 ++
 kerby-dist/has-dist/bin/admin-remote.sh         |   2 +-
 kerby-tool/has-tool/pom.xml                     |  15 +
 .../kerberos/tool/admin/AdminRemoteTool.java    | 182 -----------
 .../tool/admin/cmd/AddPrincipalRemoteCmd.java   |  65 ----
 .../tool/admin/cmd/AddPrincipalsRemoteCmd.java  |  82 -----
 .../kerberos/tool/admin/cmd/AdminRemoteCmd.java |  42 ---
 .../admin/cmd/DeletePrincipalRemoteCmd.java     |  83 -----
 .../tool/admin/cmd/DisableConfRemoteCmd.java    |  43 ---
 .../tool/admin/cmd/EnableConfRemoteCmd.java     |  44 ---
 .../tool/admin/cmd/ExportKeytabsRemoteCmd.java  |  52 ---
 .../tool/admin/cmd/GetHostRolesRemoteCmd.java   |  72 -----
 .../tool/admin/cmd/ListPrincipalsRemoteCmd.java |  71 ----
 .../admin/cmd/RenamePrincipalRemoteCmd.java     |  85 -----
 .../tool/admin/local/AdminLocalTool.java        | 322 +++++++++++++++++++
 .../AddPrincipalsAndDeployKeytabsCommand.java   | 177 ++++++++++
 .../admin/local/cmd/AddPrincipalsCommand.java   |  75 +++++
 .../local/cmd/DeployHTTPSCertsCommand.java      | 310 ++++++++++++++++++
 .../local/cmd/DisableConfigureCommand.java      |  40 +++
 .../admin/local/cmd/EnableConfigureCommand.java |  40 +++
 .../admin/local/cmd/ExportKeytabsCommand.java   |  54 ++++
 .../admin/local/cmd/GetHostRolesCommand.java    |  38 +++
 .../tool/admin/local/cmd/HadminCommand.java     |  42 +++
 .../tool/admin/remote/AdminRemoteTool.java      | 182 +++++++++++
 .../admin/remote/cmd/AddPrincipalRemoteCmd.java |  65 ++++
 .../remote/cmd/AddPrincipalsRemoteCmd.java      |  82 +++++
 .../tool/admin/remote/cmd/AdminRemoteCmd.java   |  42 +++
 .../remote/cmd/DeletePrincipalRemoteCmd.java    |  83 +++++
 .../admin/remote/cmd/DisableConfRemoteCmd.java  |  43 +++
 .../admin/remote/cmd/EnableConfRemoteCmd.java   |  44 +++
 .../remote/cmd/ExportKeytabsRemoteCmd.java      |  52 +++
 .../admin/remote/cmd/GetHostRolesRemoteCmd.java |  72 +++++
 .../remote/cmd/ListPrincipalsRemoteCmd.java     |  71 ++++
 .../remote/cmd/RenamePrincipalRemoteCmd.java    |  85 +++++
 pom.xml                                         |   5 +-
 36 files changed, 1959 insertions(+), 824 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ac19d3de/has-project/has-common/src/main/java/org/apache/kerby/has/common/Hadmin.java
----------------------------------------------------------------------
diff --git a/has-project/has-common/src/main/java/org/apache/kerby/has/common/Hadmin.java b/has-project/has-common/src/main/java/org/apache/kerby/has/common/Hadmin.java
index bff7760..15c3fea 100644
--- a/has-project/has-common/src/main/java/org/apache/kerby/has/common/Hadmin.java
+++ b/has-project/has-common/src/main/java/org/apache/kerby/has/common/Hadmin.java
@@ -33,4 +33,6 @@ public interface Hadmin {
     File getKeytabByHostAndRole(String host, String role) throws HasException;
 
     void getHostRoles();
+
+    void setEnableOfConf(String isEnable) throws HasException;
 }

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ac19d3de/has-project/has-server/src/main/java/org/apache/kerby/has/server/admin/LocalHadmin.java
----------------------------------------------------------------------
diff --git a/has-project/has-server/src/main/java/org/apache/kerby/has/server/admin/LocalHadmin.java b/has-project/has-server/src/main/java/org/apache/kerby/has/server/admin/LocalHadmin.java
index 0ece5f8..acf7855 100644
--- a/has-project/has-server/src/main/java/org/apache/kerby/has/server/admin/LocalHadmin.java
+++ b/has-project/has-server/src/main/java/org/apache/kerby/has/server/admin/LocalHadmin.java
@@ -21,6 +21,7 @@ package org.apache.kerby.has.server.admin;
 
 import org.apache.kerby.has.common.Hadmin;
 import org.apache.kerby.has.common.HasException;
+import org.apache.kerby.has.common.util.HasUtil;
 import org.apache.kerby.has.server.HasServer;
 import org.apache.kerby.has.server.web.HostRoleType;
 import org.apache.kerby.kerberos.kerb.KrbException;
@@ -35,6 +36,7 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import java.io.File;
+import java.io.IOException;
 import java.util.ArrayList;
 import java.util.List;
 
@@ -43,6 +45,7 @@ public class LocalHadmin implements Hadmin {
 
     private final ServerSetting serverSetting;
     private LocalKadmin kadmin;
+    private File confDir;
 
     public LocalHadmin(HasServer hasServer) throws KrbException {
         if (hasServer.getKdcServer() == null) {
@@ -60,6 +63,7 @@ public class LocalHadmin implements Hadmin {
      * @throws KrbException e
      */
     public LocalHadmin(File confDir) throws KrbException {
+        this.confDir = confDir;
         KdcConfig tmpKdcConfig = KdcUtil.getKdcConfig(confDir);
         if (tmpKdcConfig == null) {
             tmpKdcConfig = new KdcConfig();
@@ -141,4 +145,19 @@ public class LocalHadmin implements Hadmin {
             }
         }
     }
+
+    @Override
+    public void setEnableOfConf(String isEnable) throws HasException {
+        File hasConf = new File(confDir, "has-server.conf");
+        if (!hasConf.exists()) {
+            System.err.println("has-server.conf is not exists.");
+            return;
+        }
+        try {
+            HasUtil.setEnableConf(hasConf, isEnable);
+        } catch (IOException e) {
+            System.err.println(e.getMessage());
+            return;
+        }
+    }
 }

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ac19d3de/kerby-dist/has-dist/bin/admin-remote.sh
----------------------------------------------------------------------
diff --git a/kerby-dist/has-dist/bin/admin-remote.sh b/kerby-dist/has-dist/bin/admin-remote.sh
index 6aebc81..cd14615 100644
--- a/kerby-dist/has-dist/bin/admin-remote.sh
+++ b/kerby-dist/has-dist/bin/admin-remote.sh
@@ -17,7 +17,7 @@
 # limitations under the License.
 
 CONF_DIR=$1
-APP_MAIN=org.apache.kerby.kerberos.tool.admin.AdminRemoteTool
+APP_MAIN=org.apache.kerby.kerberos.tool.admin.remote.AdminRemoteTool
 
 # Reset HAS_CONF_DIR if CONF_DIR not null
 if [ "$CONF_DIR" != "" ]; then

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ac19d3de/kerby-tool/has-tool/pom.xml
----------------------------------------------------------------------
diff --git a/kerby-tool/has-tool/pom.xml b/kerby-tool/has-tool/pom.xml
index 920174d..0dc5ca4 100644
--- a/kerby-tool/has-tool/pom.xml
+++ b/kerby-tool/has-tool/pom.xml
@@ -19,14 +19,29 @@
         </dependency>
         <dependency>
             <groupId>org.apache.kerby</groupId>
+            <artifactId>has-server</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.kerby</groupId>
             <artifactId>has-common</artifactId>
             <version>${project.version}</version>
         </dependency>
         <dependency>
+            <groupId>org.apache.kerby</groupId>
+            <artifactId>kdc-tool</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
             <groupId>org.jline</groupId>
             <artifactId>jline</artifactId>
             <version>${jline.version}</version>
         </dependency>
+        <dependency>
+            <groupId>com.jcraft</groupId>
+            <artifactId>jsch</artifactId>
+            <version>${jsch.version}</version>
+        </dependency>
     </dependencies>
 
 </project>
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ac19d3de/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/AdminRemoteTool.java
----------------------------------------------------------------------
diff --git a/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/AdminRemoteTool.java b/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/AdminRemoteTool.java
deleted file mode 100644
index c9330b6..0000000
--- a/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/AdminRemoteTool.java
+++ /dev/null
@@ -1,182 +0,0 @@
-/**
- *  Licensed to the Apache Software Foundation (ASF) under one
- *  or more contributor license agreements.  See the NOTICE file
- *  distributed with this work for additional information
- *  regarding copyright ownership.  The ASF licenses this file
- *  to you under the Apache License, Version 2.0 (the
- *  "License"); you may not use this file except in compliance
- *  with the License.  You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing,
- *  software distributed under the License is distributed on an
- *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *  KIND, either express or implied.  See the License for the
- *  specific language governing permissions and limitations
- *  under the License.
- *
- */
-package org.apache.kerby.kerberos.tool.admin;
-
-import org.apache.kerby.has.client.HasAuthAdminClient;
-import org.apache.kerby.has.common.HasConfig;
-import org.apache.kerby.has.common.HasException;
-import org.apache.kerby.has.common.util.HasUtil;
-import org.apache.kerby.kerberos.kerb.KrbException;
-import org.apache.kerby.kerberos.tool.admin.cmd.AddPrincipalRemoteCmd;
-import org.apache.kerby.kerberos.tool.admin.cmd.AddPrincipalsRemoteCmd;
-import org.apache.kerby.kerberos.tool.admin.cmd.AdminRemoteCmd;
-import org.apache.kerby.kerberos.tool.admin.cmd.DeletePrincipalRemoteCmd;
-import org.apache.kerby.kerberos.tool.admin.cmd.DisableConfRemoteCmd;
-import org.apache.kerby.kerberos.tool.admin.cmd.EnableConfRemoteCmd;
-import org.apache.kerby.kerberos.tool.admin.cmd.ExportKeytabsRemoteCmd;
-import org.apache.kerby.kerberos.tool.admin.cmd.GetHostRolesRemoteCmd;
-import org.apache.kerby.kerberos.tool.admin.cmd.ListPrincipalsRemoteCmd;
-import org.apache.kerby.kerberos.tool.admin.cmd.RenamePrincipalRemoteCmd;
-import org.apache.kerby.util.OSUtil;
-import org.jline.reader.Completer;
-import org.jline.reader.EndOfFileException;
-import org.jline.reader.LineReader;
-import org.jline.reader.LineReaderBuilder;
-import org.jline.reader.UserInterruptException;
-import org.jline.reader.impl.completer.StringsCompleter;
-import org.jline.terminal.Terminal;
-import org.jline.terminal.TerminalBuilder;
-
-import java.io.File;
-import java.io.IOException;
-
-public class AdminRemoteTool {
-
-    private static final String PROMPT = "admin.remote";
-    private static final String USAGE = (OSUtil.isWindows()
-        ? "Usage: bin\\admin-remote.cmd" : "Usage: sh bin/admin-remote.sh")
-        + " <conf-file>\n"
-        + "\tExample:\n"
-        + "\t\t"
-        + (OSUtil.isWindows()
-        ? "bin\\admin-remote.cmd" : "sh bin/admin-remote.sh")
-        + " conf\n";
-
-    private static final String LEGAL_COMMANDS = "Available commands are: "
-        + "\n"
-        + "add_principal, addprinc\n"
-        + "                         Add principal\n"
-        + "delete_principal, delprinc\n"
-        + "                         Delete principal\n"
-        + "rename_principal, renprinc\n"
-        + "                         Rename principal\n"
-        + "list_principals, listprincs\n"
-        + "                         List principals\n"
-        + "get_hostroles, hostroles\n"
-        + "                         Get hostRoles\n"
-        + "export_keytabs, expkeytabs\n"
-        + "                         Export keytabs\n"
-        + "add_principals, addprincs\n"
-        + "                         Add principals\n"
-        + "enable_configure, enable\n"
-        + "                         Enable configure\n"
-        + "disable_configure, disable\n"
-        + "                         Disable configure\n";
-
-    public static void main(String[] args) {
-
-        HasAuthAdminClient authHasAdminClient = null;
-
-        if (args.length < 1) {
-            System.err.println(USAGE);
-            System.exit(1);
-        }
-
-        String confDirPath = args[0];
-        File confFile = new File(confDirPath, "admin.conf");
-        HasConfig hasConfig;
-        try {
-            hasConfig = HasUtil.getHasConfig(confFile);
-        } catch (HasException e) {
-            System.err.println(e.getMessage());
-            return;
-        }
-
-        if (hasConfig.getFilterAuthType().equals("kerberos")) {
-            authHasAdminClient = new HasAuthAdminClient(hasConfig);
-        }
-
-        System.out.println("enter \"cmd\" to see legal commands.");
-
-        Completer completer = new StringsCompleter("add_principal",
-                "delete_principal", "rename_principal", "list_principals",
-                "get_hostroles", "export_keytabs", "add_principals", "enable_configure",
-                "disable_configure");
-
-        Terminal terminal = null;
-        try {
-            terminal = TerminalBuilder.terminal();
-        } catch (IOException e) {
-            e.printStackTrace();
-        }
-        LineReader lineReader = LineReaderBuilder.builder().completer(completer).terminal(terminal).build();
-
-        while (true) {
-            try {
-                String line = lineReader.readLine(PROMPT + ": ");
-                if ("quit".equals(line) || "exit".equals(line) || "q".equals(line)) {
-                    break;
-                }
-                execute(authHasAdminClient, line);
-            } catch (UserInterruptException | EndOfFileException ex) {
-                break;
-            } catch (KrbException e) {
-                System.err.println(e.getMessage());
-            }
-        }
-    }
-
-    private static void execute(HasAuthAdminClient hasAuthAdminClient,
-                               String input) throws KrbException {
-        input = input.trim();
-        if (input.startsWith("cmd")) {
-            System.out.println(LEGAL_COMMANDS);
-            return;
-        }
-        AdminRemoteCmd executor;
-
-        String[] items = input.split("\\s+");
-        String cmd = items[0];
-
-        if (cmd.equals("add_principal")
-            || cmd.equals("addprinc")) {
-            executor = new AddPrincipalRemoteCmd(hasAuthAdminClient);
-        } else if (cmd.equals("delete_principal")
-            || cmd.equals("delprinc")) {
-            executor = new DeletePrincipalRemoteCmd(hasAuthAdminClient);
-        } else if (cmd.equals("rename_principal")
-            || cmd.equals("renprinc")) {
-            executor = new RenamePrincipalRemoteCmd(hasAuthAdminClient);
-        } else if (cmd.equals("list_principals")
-            || cmd.equals("listprincs")) {
-            executor = new ListPrincipalsRemoteCmd(hasAuthAdminClient);
-        } else if (cmd.equals("get_hostroles")
-            || cmd.equals("hostroles")) {
-            executor = new GetHostRolesRemoteCmd(hasAuthAdminClient);
-        } else if (cmd.equals("add_principals")
-            || cmd.equals("addprincs")) {
-            executor = new AddPrincipalsRemoteCmd(hasAuthAdminClient);
-        } else if (cmd.equals("export_keytabs")
-            || cmd.equals("expkeytabs")) {
-            executor = new ExportKeytabsRemoteCmd(hasAuthAdminClient);
-        } else if (cmd.equals("enable_configure")
-            || cmd.equals("enable")) {
-            executor = new EnableConfRemoteCmd(hasAuthAdminClient);
-        } else if (cmd.equals("disable_configure")
-            || cmd.equals("disable")) {
-            executor = new DisableConfRemoteCmd(hasAuthAdminClient);
-        } else {
-            System.out.println(LEGAL_COMMANDS);
-            return;
-        }
-        executor.execute(items);
-    }
-
-}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ac19d3de/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/cmd/AddPrincipalRemoteCmd.java
----------------------------------------------------------------------
diff --git a/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/cmd/AddPrincipalRemoteCmd.java b/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/cmd/AddPrincipalRemoteCmd.java
deleted file mode 100644
index 6cbe325..0000000
--- a/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/cmd/AddPrincipalRemoteCmd.java
+++ /dev/null
@@ -1,65 +0,0 @@
-/**
- *  Licensed to the Apache Software Foundation (ASF) under one
- *  or more contributor license agreements.  See the NOTICE file
- *  distributed with this work for additional information
- *  regarding copyright ownership.  The ASF licenses this file
- *  to you under the Apache License, Version 2.0 (the
- *  "License"); you may not use this file except in compliance
- *  with the License.  You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing,
- *  software distributed under the License is distributed on an
- *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *  KIND, either express or implied.  See the License for the
- *  specific language governing permissions and limitations
- *  under the License.
- *
- */
-package org.apache.kerby.kerberos.tool.admin.cmd;
-
-import org.apache.kerby.has.client.HasAuthAdminClient;
-import org.apache.kerby.kerberos.kerb.KrbException;
-
-/**
- * Remote add principal cmd
- */
-public class AddPrincipalRemoteCmd extends AdminRemoteCmd {
-
-    public static final String USAGE = "Usage: add_principal [options] <principal-name>\n"
-        + "\toptions are:\n"
-        + "\t\t[-randkey]\n"
-        + "\t\t[-pw password]"
-        + "\tExample:\n"
-        + "\t\tadd_principal -pw mypassword alice\n";
-
-    public AddPrincipalRemoteCmd(HasAuthAdminClient authHadmin) {
-        super(authHadmin);
-    }
-
-    @Override
-    public void execute(String[] items) throws KrbException {
-        if (items.length < 2) {
-            System.err.println(USAGE);
-            return;
-        }
-
-        String clientPrincipal = items[items.length - 1];
-
-        HasAuthAdminClient client = getAuthAdminClient();
-
-
-        if (!items[1].startsWith("-")) {
-            client.addPrincipal(clientPrincipal);
-        } else if (items[1].startsWith("-randkey")) {
-            client.addPrincipal(clientPrincipal);
-        } else if (items[1].startsWith("-pw")) {
-            String password = items[2];
-            client.addPrincipal(clientPrincipal, password);
-        } else {
-            System.err.println("add_principal cmd format error.");
-            System.err.println(USAGE);
-        }
-    }
-}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ac19d3de/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/cmd/AddPrincipalsRemoteCmd.java
----------------------------------------------------------------------
diff --git a/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/cmd/AddPrincipalsRemoteCmd.java b/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/cmd/AddPrincipalsRemoteCmd.java
deleted file mode 100644
index fd6cfa6..0000000
--- a/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/cmd/AddPrincipalsRemoteCmd.java
+++ /dev/null
@@ -1,82 +0,0 @@
-/**
- *  Licensed to the Apache Software Foundation (ASF) under one
- *  or more contributor license agreements.  See the NOTICE file
- *  distributed with this work for additional information
- *  regarding copyright ownership.  The ASF licenses this file
- *  to you under the Apache License, Version 2.0 (the
- *  "License"); you may not use this file except in compliance
- *  with the License.  You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing,
- *  software distributed under the License is distributed on an
- *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *  KIND, either express or implied.  See the License for the
- *  specific language governing permissions and limitations
- *  under the License.
- *
- */
-package org.apache.kerby.kerberos.tool.admin.cmd;
-
-import org.apache.kerby.has.client.HasAuthAdminClient;
-import org.apache.kerby.kerberos.kerb.KrbException;
-
-import java.io.BufferedReader;
-import java.io.File;
-import java.io.FileNotFoundException;
-import java.io.FileReader;
-import java.io.IOException;
-import java.util.List;
-
-public class AddPrincipalsRemoteCmd extends AdminRemoteCmd {
-    private static final String USAGE = "\nUsage: add_principals [hostRoles-file]\n"
-            + "\t'hostRoles-file' is a file with a hostRoles json string like:\n"
-            + "\t\t{HOSTS: [ {\"name\":\"host1\",\"hostRoles\":\"HDFS\"}, "
-            + "{\"name\":\"host2\",\"hostRoles\":\"HDFS,HBASE\"} ] }\n"
-            + "\tExample:\n"
-            + "\t\tadd_principals hostroles.txt\n";
-
-    public AddPrincipalsRemoteCmd(HasAuthAdminClient authHadmin) {
-        super(authHadmin);
-    }
-
-    @Override
-    public void execute(String[] items) throws KrbException {
-        //String param = items[0];
-        if (items.length != 2) {
-            System.err.println(USAGE);
-            return;
-        }
-
-        File hostRoles = new File(items[1]);
-        if (!hostRoles.exists()) {
-            System.err.println("HostRoles file is not exists.");
-            return;
-        }
-
-        HasAuthAdminClient client = getAuthAdminClient();
-
-        BufferedReader reader;
-        try {
-            reader = new BufferedReader(new FileReader(hostRoles));
-        } catch (FileNotFoundException e) {
-            throw new KrbException("File not exist", e);
-        }
-        StringBuilder sb = new StringBuilder();
-        String tempString;
-        try {
-            while ((tempString = reader.readLine()) != null) {
-                sb.append(tempString);
-            }
-        } catch (IOException e) {
-            throw new KrbException("Errors occurred when read line. ", e);
-        }
-        List<String> results = client.addPrincipalsByRole(sb.toString());
-        if (results != null) {
-            for (int i = 0; i < results.size(); i++) {
-                System.out.println(results.get(i));
-            }
-        }
-    }
-}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ac19d3de/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/cmd/AdminRemoteCmd.java
----------------------------------------------------------------------
diff --git a/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/cmd/AdminRemoteCmd.java b/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/cmd/AdminRemoteCmd.java
deleted file mode 100644
index b74f69f..0000000
--- a/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/cmd/AdminRemoteCmd.java
+++ /dev/null
@@ -1,42 +0,0 @@
-/**
- *  Licensed to the Apache Software Foundation (ASF) under one
- *  or more contributor license agreements.  See the NOTICE file
- *  distributed with this work for additional information
- *  regarding copyright ownership.  The ASF licenses this file
- *  to you under the Apache License, Version 2.0 (the
- *  "License"); you may not use this file except in compliance
- *  with the License.  You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing,
- *  software distributed under the License is distributed on an
- *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *  KIND, either express or implied.  See the License for the
- *  specific language governing permissions and limitations
- *  under the License.
- *
- */
-package org.apache.kerby.kerberos.tool.admin.cmd;
-
-import org.apache.kerby.has.client.HasAuthAdminClient;
-import org.apache.kerby.kerberos.kerb.KrbException;
-
-public abstract class AdminRemoteCmd {
-
-    private HasAuthAdminClient client;
-
-    public AdminRemoteCmd(HasAuthAdminClient authHadminClient) {
-        this.client = authHadminClient;
-    }
-
-    protected HasAuthAdminClient getAuthAdminClient() {
-        return client;
-    }
-
-    /**
-     * Execute the admin cmd.
-     * @param items Input cmd to execute
-     */
-    public abstract void execute(String[] items) throws KrbException;
-}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ac19d3de/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/cmd/DeletePrincipalRemoteCmd.java
----------------------------------------------------------------------
diff --git a/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/cmd/DeletePrincipalRemoteCmd.java b/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/cmd/DeletePrincipalRemoteCmd.java
deleted file mode 100644
index fee5b0d..0000000
--- a/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/cmd/DeletePrincipalRemoteCmd.java
+++ /dev/null
@@ -1,83 +0,0 @@
-/**
- *  Licensed to the Apache Software Foundation (ASF) under one
- *  or more contributor license agreements.  See the NOTICE file
- *  distributed with this work for additional information
- *  regarding copyright ownership.  The ASF licenses this file
- *  to you under the Apache License, Version 2.0 (the
- *  "License"); you may not use this file except in compliance
- *  with the License.  You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing,
- *  software distributed under the License is distributed on an
- *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *  KIND, either express or implied.  See the License for the
- *  specific language governing permissions and limitations
- *  under the License.
- *
- */
-package org.apache.kerby.kerberos.tool.admin.cmd;
-
-import org.apache.kerby.has.client.HasAuthAdminClient;
-import org.apache.kerby.kerberos.kerb.KrbException;
-
-import java.io.Console;
-import java.util.Scanner;
-
-/**
- * Remote delete principal cmd
- */
-public class DeletePrincipalRemoteCmd extends AdminRemoteCmd {
-
-    public static final String USAGE = "Usage: delete_principal <principal-name>\n"
-        + "\tExample:\n"
-        + "\t\tdelete_principal alice\n";
-
-    public DeletePrincipalRemoteCmd(HasAuthAdminClient authHadmin) {
-        super(authHadmin);
-    }
-
-    @Override
-    public void execute(String[] items) throws KrbException {
-        if (items.length < 2) {
-            System.err.println(USAGE);
-            return;
-        }
-
-        HasAuthAdminClient client = getAuthAdminClient();
-
-        String principal = items[items.length - 1];
-        String reply;
-        Console console = System.console();
-        String prompt = "Are you sure to delete the principal? (yes/no, YES/NO, y/n, Y/N) ";
-        if (console == null) {
-            System.out.println("Couldn't get Console instance, "
-                + "maybe you're running this from within an IDE. "
-                + "Use scanner to read password.");
-            Scanner scanner = new Scanner(System.in, "UTF-8");
-            reply = getReply(scanner, prompt);
-        } else {
-            reply = getReply(console, prompt);
-        }
-        if (reply.equals("yes") || reply.equals("YES") || reply.equals("y") || reply.equals("Y")) {
-            client.deletePrincipal(principal);
-        } else if (reply.equals("no") || reply.equals("NO") || reply.equals("n") || reply.equals("N")) {
-            System.out.println("Principal \"" + principal + "\"  not deleted.");
-        } else {
-            System.err.println("Unknown request, fail to delete the principal.");
-            System.err.println(USAGE);
-        }
-    }
-
-    private String getReply(Scanner scanner, String prompt) {
-        System.out.println(prompt);
-        return scanner.nextLine().trim();
-    }
-
-    private String getReply(Console console, String prompt) {
-        console.printf(prompt);
-        String line = console.readLine();
-        return line;
-    }
-}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ac19d3de/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/cmd/DisableConfRemoteCmd.java
----------------------------------------------------------------------
diff --git a/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/cmd/DisableConfRemoteCmd.java b/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/cmd/DisableConfRemoteCmd.java
deleted file mode 100644
index 9a6d6a3..0000000
--- a/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/cmd/DisableConfRemoteCmd.java
+++ /dev/null
@@ -1,43 +0,0 @@
-/**
- *  Licensed to the Apache Software Foundation (ASF) under one
- *  or more contributor license agreements.  See the NOTICE file
- *  distributed with this work for additional information
- *  regarding copyright ownership.  The ASF licenses this file
- *  to you under the Apache License, Version 2.0 (the
- *  "License"); you may not use this file except in compliance
- *  with the License.  You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing,
- *  software distributed under the License is distributed on an
- *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *  KIND, either express or implied.  See the License for the
- *  specific language governing permissions and limitations
- *  under the License.
- *
- */
-package org.apache.kerby.kerberos.tool.admin.cmd;
-
-import org.apache.kerby.has.client.HasAuthAdminClient;
-import org.apache.kerby.kerberos.kerb.KrbException;
-
-/**
- * Remote add principal cmd
- */
-public class DisableConfRemoteCmd extends AdminRemoteCmd {
-
-    public static final String USAGE = "Usage: disable_configure\n"
-            + "\tExample:\n"
-            + "\t\tdisable\n";
-
-    public DisableConfRemoteCmd(HasAuthAdminClient authHadmin) {
-        super(authHadmin);
-    }
-
-    @Override
-    public void execute(String[] items) throws KrbException {
-        HasAuthAdminClient client = getAuthAdminClient();
-        client.setEnableOfConf("false");
-    }
-}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ac19d3de/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/cmd/EnableConfRemoteCmd.java
----------------------------------------------------------------------
diff --git a/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/cmd/EnableConfRemoteCmd.java b/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/cmd/EnableConfRemoteCmd.java
deleted file mode 100644
index 6b72db3..0000000
--- a/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/cmd/EnableConfRemoteCmd.java
+++ /dev/null
@@ -1,44 +0,0 @@
-/**
- *  Licensed to the Apache Software Foundation (ASF) under one
- *  or more contributor license agreements.  See the NOTICE file
- *  distributed with this work for additional information
- *  regarding copyright ownership.  The ASF licenses this file
- *  to you under the Apache License, Version 2.0 (the
- *  "License"); you may not use this file except in compliance
- *  with the License.  You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing,
- *  software distributed under the License is distributed on an
- *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *  KIND, either express or implied.  See the License for the
- *  specific language governing permissions and limitations
- *  under the License.
- *
- */
-package org.apache.kerby.kerberos.tool.admin.cmd;
-
-import org.apache.kerby.has.client.HasAuthAdminClient;
-import org.apache.kerby.kerberos.kerb.KrbException;
-
-/**
- * Remote add principal cmd
- */
-public class EnableConfRemoteCmd extends AdminRemoteCmd {
-
-    public static final String USAGE = "Usage: enable_configure\n"
-            + "\tExample:\n"
-            + "\t\tenable\n";
-
-    public EnableConfRemoteCmd(HasAuthAdminClient authHadmin) {
-        super(authHadmin);
-    }
-
-    @Override
-    public void execute(String[] items) throws KrbException {
-
-        HasAuthAdminClient client = getAuthAdminClient();
-        client.setEnableOfConf("true");
-    }
-}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ac19d3de/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/cmd/ExportKeytabsRemoteCmd.java
----------------------------------------------------------------------
diff --git a/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/cmd/ExportKeytabsRemoteCmd.java b/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/cmd/ExportKeytabsRemoteCmd.java
deleted file mode 100644
index 5d5614d..0000000
--- a/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/cmd/ExportKeytabsRemoteCmd.java
+++ /dev/null
@@ -1,52 +0,0 @@
-/**
- *  Licensed to the Apache Software Foundation (ASF) under one
- *  or more contributor license agreements.  See the NOTICE file
- *  distributed with this work for additional information
- *  regarding copyright ownership.  The ASF licenses this file
- *  to you under the Apache License, Version 2.0 (the
- *  "License"); you may not use this file except in compliance
- *  with the License.  You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing,
- *  software distributed under the License is distributed on an
- *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *  KIND, either express or implied.  See the License for the
- *  specific language governing permissions and limitations
- *  under the License.
- *
- */
-package org.apache.kerby.kerberos.tool.admin.cmd;
-
-import org.apache.kerby.has.client.HasAuthAdminClient;
-import org.apache.kerby.kerberos.kerb.KrbException;
-
-public class ExportKeytabsRemoteCmd extends AdminRemoteCmd {
-    private static final String USAGE = "\nUsage: export_keytabs <host> [role]\n"
-            + "\tExample:\n"
-            + "\t\texport_keytabs host1 HDFS\n";
-
-    public ExportKeytabsRemoteCmd(HasAuthAdminClient authHadmin) {
-        super(authHadmin);
-    }
-
-    @Override
-    public void execute(String[] items) throws KrbException {
-        //TODO add save path option
-        //String param = items[0];
-        if (items.length < 2) {
-            System.err.println(USAGE);
-            return;
-        }
-
-        HasAuthAdminClient client = getAuthAdminClient();
-
-        String host = items[1];
-        String role = "";
-        if (items.length >= 3) {
-            role = items[2];
-        }
-        client.getKeytabByHostAndRole(host, role);
-    }
-}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ac19d3de/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/cmd/GetHostRolesRemoteCmd.java
----------------------------------------------------------------------
diff --git a/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/cmd/GetHostRolesRemoteCmd.java b/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/cmd/GetHostRolesRemoteCmd.java
deleted file mode 100644
index cc01e63..0000000
--- a/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/cmd/GetHostRolesRemoteCmd.java
+++ /dev/null
@@ -1,72 +0,0 @@
-/**
- *  Licensed to the Apache Software Foundation (ASF) under one
- *  or more contributor license agreements.  See the NOTICE file
- *  distributed with this work for additional information
- *  regarding copyright ownership.  The ASF licenses this file
- *  to you under the Apache License, Version 2.0 (the
- *  "License"); you may not use this file except in compliance
- *  with the License.  You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing,
- *  software distributed under the License is distributed on an
- *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *  KIND, either express or implied.  See the License for the
- *  specific language governing permissions and limitations
- *  under the License.
- *
- */
-package org.apache.kerby.kerberos.tool.admin.cmd;
-
-import org.apache.kerby.has.client.HasAuthAdminClient;
-import org.apache.kerby.kerberos.kerb.KrbException;
-import org.codehaus.jettison.json.JSONArray;
-import org.codehaus.jettison.json.JSONException;
-import org.codehaus.jettison.json.JSONObject;
-
-public class GetHostRolesRemoteCmd extends AdminRemoteCmd {
-    private static final String USAGE = "Usage: get_hostroles\n"
-            + "\tExample:\n"
-            + "\t\tget_hostroles\n";
-
-    public GetHostRolesRemoteCmd(HasAuthAdminClient authHadmin) {
-        super(authHadmin);
-    }
-
-    @Override
-    public void execute(String[] items) throws KrbException {
-        if (items.length > 2) {
-            System.err.println(USAGE);
-            return;
-        }
-
-        HasAuthAdminClient hasAdminClient = getAuthAdminClient();
-        String result = hasAdminClient.getHostRoles();
-
-        if (result != null) {
-            try {
-                JSONArray hostRoles = new JSONArray(result);
-                for (int i = 0; i < hostRoles.length(); i++) {
-                    JSONObject hostRole = hostRoles.getJSONObject(i);
-                    System.out.print("\tHostRole: " + hostRole.getString("HostRole")
-                            + ", PrincipalNames: ");
-                    JSONArray principalNames = hostRole.getJSONArray("PrincipalNames");
-                    for (int j = 0; j < principalNames.length(); j++) {
-                        System.out.print(principalNames.getString(j));
-                        if (j == principalNames.length() - 1) {
-                            System.out.println();
-                        } else {
-                            System.out.print(", ");
-                        }
-                    }
-                }
-            } catch (JSONException e) {
-                throw new KrbException("Errors occurred when getting the host roles.", e);
-            }
-        } else {
-            throw new KrbException("Could not get hostRoles.");
-        }
-    }
-
-}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ac19d3de/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/cmd/ListPrincipalsRemoteCmd.java
----------------------------------------------------------------------
diff --git a/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/cmd/ListPrincipalsRemoteCmd.java b/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/cmd/ListPrincipalsRemoteCmd.java
deleted file mode 100644
index 470ca33..0000000
--- a/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/cmd/ListPrincipalsRemoteCmd.java
+++ /dev/null
@@ -1,71 +0,0 @@
-/**
- *  Licensed to the Apache Software Foundation (ASF) under one
- *  or more contributor license agreements.  See the NOTICE file
- *  distributed with this work for additional information
- *  regarding copyright ownership.  The ASF licenses this file
- *  to you under the Apache License, Version 2.0 (the
- *  "License"); you may not use this file except in compliance
- *  with the License.  You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing,
- *  software distributed under the License is distributed on an
- *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *  KIND, either express or implied.  See the License for the
- *  specific language governing permissions and limitations
- *  under the License.
- *
- */
-package org.apache.kerby.kerberos.tool.admin.cmd;
-
-import org.apache.kerby.has.client.HasAuthAdminClient;
-import org.apache.kerby.kerberos.kerb.KrbException;
-
-import java.util.List;
-
-public class ListPrincipalsRemoteCmd extends AdminRemoteCmd {
-    private static final String USAGE = "Usage: list_principals [expression]\n"
-            + "\t'expression' is a shell-style glob expression that can contain the wild-card characters ?, *, and []."
-            + "\tExample:\n"
-            + "\t\tlist_principals [expression]\n";
-
-    public ListPrincipalsRemoteCmd(HasAuthAdminClient authHadmin) {
-        super(authHadmin);
-    }
-
-    @Override
-    public void execute(String[] items) throws KrbException {
-        if (items.length > 2) {
-            System.err.println(USAGE);
-            return;
-        }
-
-        HasAuthAdminClient client = getAuthAdminClient();
-
-        List<String> principalLists = null;
-
-        if (items.length == 1) {
-            try {
-                principalLists = client.getPrincipals();
-            } catch (Exception e) {
-                System.err.println("Errors occurred when getting the principals. " + e.getMessage());
-            }
-        } else {
-            //have expression
-            String exp = items[1];
-            principalLists = client.getPrincipals(exp);
-        }
-
-        if (principalLists == null || principalLists.size() == 0
-                || principalLists.size() == 1 && principalLists.get(0).isEmpty()) {
-            return;
-        } else {
-            System.out.println("Principals are listed:");
-            for (int i = 0; i < principalLists.size(); i++) {
-                System.out.println(principalLists.get(i));
-            }
-        }
-    }
-
-}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ac19d3de/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/cmd/RenamePrincipalRemoteCmd.java
----------------------------------------------------------------------
diff --git a/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/cmd/RenamePrincipalRemoteCmd.java b/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/cmd/RenamePrincipalRemoteCmd.java
deleted file mode 100644
index 0be563e..0000000
--- a/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/cmd/RenamePrincipalRemoteCmd.java
+++ /dev/null
@@ -1,85 +0,0 @@
-/**
- *  Licensed to the Apache Software Foundation (ASF) under one
- *  or more contributor license agreements.  See the NOTICE file
- *  distributed with this work for additional information
- *  regarding copyright ownership.  The ASF licenses this file
- *  to you under the Apache License, Version 2.0 (the
- *  "License"); you may not use this file except in compliance
- *  with the License.  You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing,
- *  software distributed under the License is distributed on an
- *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- *  KIND, either express or implied.  See the License for the
- *  specific language governing permissions and limitations
- *  under the License.
- *
- */
-package org.apache.kerby.kerberos.tool.admin.cmd;
-
-import org.apache.kerby.has.client.HasAuthAdminClient;
-import org.apache.kerby.kerberos.kerb.KrbException;
-
-import java.io.Console;
-import java.util.Scanner;
-
-/**
- * Remote rename principal cmd
- */
-public class RenamePrincipalRemoteCmd extends AdminRemoteCmd {
-    public static final String USAGE = "Usage: rename_principal <old_principal_name>"
-        + " <new_principal_name>\n"
-        + "\tExample:\n"
-        + "\t\trename_principal alice bob\n";
-
-    public RenamePrincipalRemoteCmd(HasAuthAdminClient client) {
-        super(client);
-    }
-
-    @Override
-    public void execute(String[] items) throws KrbException {
-        if (items.length < 3) {
-            System.err.println(USAGE);
-            return;
-        }
-
-        HasAuthAdminClient client = getAuthAdminClient();
-
-        String oldPrincipalName = items[items.length - 2];
-        String newPrincipalName = items[items.length - 1];
-
-        String reply;
-        Console console = System.console();
-        String prompt = "Are you sure to rename the principal? (yes/no, YES/NO, y/n, Y/N) ";
-        if (console == null) {
-            System.out.println("Couldn't get Console instance, "
-                + "maybe you're running this from within an IDE. "
-                + "Use scanner to read password.");
-            Scanner scanner = new Scanner(System.in, "UTF-8");
-            reply = getReply(scanner, prompt);
-        } else {
-            reply = getReply(console, prompt);
-        }
-        if (reply.equals("yes") || reply.equals("YES") || reply.equals("y") || reply.equals("Y")) {
-            client.renamePrincipal(oldPrincipalName, newPrincipalName);
-        } else if (reply.equals("no") || reply.equals("NO") || reply.equals("n") || reply.equals("N")) {
-            System.out.println("Principal \"" + oldPrincipalName + "\"  not renamed.");
-        } else {
-            System.err.println("Unknown request, fail to rename the principal.");
-            System.err.println(USAGE);
-        }
-    }
-
-    private String getReply(Scanner scanner, String prompt) {
-        System.out.println(prompt);
-        return scanner.nextLine().trim();
-    }
-
-    private String getReply(Console console, String prompt) {
-        console.printf(prompt);
-        String line = console.readLine();
-        return line;
-    }
-}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ac19d3de/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/local/AdminLocalTool.java
----------------------------------------------------------------------
diff --git a/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/local/AdminLocalTool.java b/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/local/AdminLocalTool.java
new file mode 100644
index 0000000..f4cc879
--- /dev/null
+++ b/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/local/AdminLocalTool.java
@@ -0,0 +1,322 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License.
+ *
+ */
+package org.apache.kerby.kerberos.tool.admin.local;
+
+import org.apache.kerby.KOptions;
+import org.apache.kerby.has.common.HasException;
+import org.apache.kerby.has.server.admin.LocalHadmin;
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.apache.kerby.kerberos.kerb.admin.kadmin.KadminOption;
+import org.apache.kerby.kerberos.kerb.admin.kadmin.local.LocalKadmin;
+import org.apache.kerby.kerberos.kerb.admin.kadmin.local.LocalKadminImpl;
+import org.apache.kerby.kerberos.tool.admin.local.cmd.AddPrincipalsAndDeployKeytabsCommand;
+import org.apache.kerby.kerberos.tool.admin.local.cmd.AddPrincipalsCommand;
+import org.apache.kerby.kerberos.tool.admin.local.cmd.DeployHTTPSCertsCommand;
+import org.apache.kerby.kerberos.tool.admin.local.cmd.DisableConfigureCommand;
+import org.apache.kerby.kerberos.tool.admin.local.cmd.EnableConfigureCommand;
+import org.apache.kerby.kerberos.tool.admin.local.cmd.ExportKeytabsCommand;
+import org.apache.kerby.kerberos.tool.admin.local.cmd.GetHostRolesCommand;
+import org.apache.kerby.kerberos.tool.admin.local.cmd.HadminCommand;
+import org.apache.kerby.kerberos.tool.kadmin.AuthUtil;
+import org.apache.kerby.kerberos.tool.kadmin.Krb5Conf;
+import org.apache.kerby.kerberos.tool.kadmin.ToolUtil;
+import org.apache.kerby.kerberos.tool.kadmin.command.AddPrincipalCommand;
+import org.apache.kerby.kerberos.tool.kadmin.command.ChangePasswordCommand;
+import org.apache.kerby.kerberos.tool.kadmin.command.DeletePrincipalCommand;
+import org.apache.kerby.kerberos.tool.kadmin.command.GetPrincipalCommand;
+import org.apache.kerby.kerberos.tool.kadmin.command.KadminCommand;
+import org.apache.kerby.kerberos.tool.kadmin.command.KeytabAddCommand;
+import org.apache.kerby.kerberos.tool.kadmin.command.ListPrincipalCommand;
+import org.apache.kerby.kerberos.tool.kadmin.command.RenamePrincipalCommand;
+import org.apache.kerby.util.OSUtil;
+import org.jline.reader.Completer;
+import org.jline.reader.LineReader;
+import org.jline.reader.LineReaderBuilder;
+import org.jline.reader.impl.completer.StringsCompleter;
+import org.jline.terminal.Terminal;
+import org.jline.terminal.TerminalBuilder;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.security.auth.Subject;
+import javax.security.auth.kerberos.KerberosPrincipal;
+import javax.security.auth.login.LoginException;
+import java.io.File;
+import java.io.IOException;
+import java.security.Principal;
+import java.util.Map;
+import java.util.Set;
+
+public class AdminLocalTool {
+    private static final Logger LOG = LoggerFactory.getLogger(AdminLocalTool.class);
+    private static File confDir;
+
+    private static final String PROMPT = "admin.local";
+    private static  final String USAGE = (OSUtil.isWindows()
+            ? "Usage: bin\\admin-local.cmd" : "Usage: sh bin/admin-local.sh")
+            + " <conf-dir> <-c cache_name>|<-k keytab>\n"
+            + "\tExample:\n"
+            + "\t\t"
+            + (OSUtil.isWindows()
+            ? "bin\\admin-local.cmd" : "sh bin/admin-local.sh")
+            + " conf -k admin.keytab\n";
+
+    private static void printUsage(String error) {
+        System.err.println(error + "\n");
+        System.err.println(USAGE);
+        System.exit(-1);
+    }
+
+    private static final String LEGAL_COMMANDS = "Available commands are: "
+        + "\n"
+        + "add_principal, addprinc\n"
+        + "                         Add principal\n"
+        + "delete_principal, delprinc\n"
+        + "                         Delete principal\n"
+        + "rename_principal, renprinc\n"
+        + "                         Rename principal\n"
+        + "change_password, cpw\n"
+        + "                         Change password\n"
+        + "get_principal, getprinc\n"
+        + "                         Get principal\n"
+        + "list_principals, listprincs\n"
+        + "                         List principals\n"
+        + "ktadd, xst\n"
+        + "                         Add entry(s) to a keytab\n"
+        + "get_hostroles, hostroles\n"
+        + "                         Get hostRoles\n"
+        + "export_keytabs, expkeytabs\n"
+        + "                         Export keytabs\n"
+        + "create_principals, creprincs\n"
+        + "                         Create principals\n"
+        + "enable_configure, enable\n"
+        + "                         Enable configure\n"
+        + "disable_configure, disable\n"
+        + "                         Disable configure\n"
+        + "deploy_keytabs, depkeytabs\n"
+        + "                         Deploy keytabs\n"
+        + "deploy_https, dephttps\n"
+        + "                         Deploy https\n";
+
+    private static void execute(LocalKadmin kadmin, LocalHadmin hadmin, String input) throws HasException {
+        // Omit the leading and trailing whitespace.
+        input = input.trim();
+        if (input.startsWith("cmd")) {
+            System.out.println(LEGAL_COMMANDS);
+            return;
+        }
+
+        String[] items = input.split("\\s+");
+        String cmd = items[0];
+        HadminCommand hadminExecutor = null;
+        KadminCommand kadminExecutor = null;
+        if (cmd.startsWith("add_principal")
+            || cmd.startsWith("addprinc")) {
+            kadminExecutor = new AddPrincipalCommand(kadmin);
+        } else if (cmd.startsWith("delete_principal")
+            || cmd.startsWith("delprinc")) {
+            kadminExecutor = new DeletePrincipalCommand(kadmin);
+        } else if (cmd.startsWith("rename_principal")
+            || cmd.startsWith("renprinc")) {
+            kadminExecutor = new RenamePrincipalCommand(kadmin);
+        } else if (cmd.startsWith("change_password")
+                || cmd.startsWith("cpw")) {
+            kadminExecutor = new ChangePasswordCommand(kadmin);
+        } else if (cmd.startsWith("list_principals")
+            || cmd.startsWith("listprincs")) {
+            kadminExecutor = new ListPrincipalCommand(kadmin);
+        } else if (cmd.startsWith("get_principal")
+                || cmd.startsWith("getprinc")) {
+            kadminExecutor = new GetPrincipalCommand(kadmin);
+        } else if (cmd.startsWith("ktadd")
+            || cmd.startsWith("xst")) {
+            kadminExecutor = new KeytabAddCommand(kadmin);
+        } else if (cmd.startsWith("get_hostroles")
+            || cmd.startsWith("hostroles")) {
+            hadminExecutor = new GetHostRolesCommand(hadmin);
+        } else if (cmd.startsWith("create_principals")
+            || cmd.startsWith("creprincs")) {
+            hadminExecutor = new AddPrincipalsCommand(hadmin);
+        } else if (cmd.startsWith("export_keytabs")
+            || cmd.startsWith("expkeytabs")) {
+            hadminExecutor = new ExportKeytabsCommand(hadmin);
+        } else if (cmd.startsWith("enable_configure")
+            || cmd.startsWith("enable")) {
+            hadminExecutor = new EnableConfigureCommand(hadmin);
+        } else if (cmd.startsWith("disable_configure")
+            || cmd.startsWith("disable")) {
+            hadminExecutor = new DisableConfigureCommand(hadmin);
+        } else if (cmd.startsWith("deploy_keytabs")
+            || cmd.startsWith("depkeytabs")) {
+            hadminExecutor = new AddPrincipalsAndDeployKeytabsCommand(hadmin);
+        } else if (cmd.startsWith("deploy_https")
+            || cmd.startsWith("dephttps")) {
+            hadminExecutor = new DeployHTTPSCertsCommand(hadmin);
+        } else {
+            System.out.println(LEGAL_COMMANDS);
+            return;
+        }
+        if (kadminExecutor != null) {
+            kadminExecutor.execute(input);
+        } else if (hadminExecutor != null) {
+            hadminExecutor.execute(items);
+        }
+    }
+
+    private static File getConfDir(String[] args) {
+        String envDir;
+        confDir = new File(args[0]);
+        if (confDir == null || !confDir.exists()) {
+            try {
+                Map<String, String> mapEnv = System.getenv();
+                envDir = mapEnv.get("KRB5_KDC_DIR");
+            } catch (SecurityException e) {
+                envDir = null;
+            }
+            if (envDir != null) {
+                confDir = new File(envDir);
+            } else {
+                confDir = new File("/etc/kerby/"); // for Linux. TODO: fix for Win etc.
+            }
+
+            if (!confDir.exists()) {
+                throw new RuntimeException("Can not locate KDC backend directory "
+                        + confDir.getAbsolutePath());
+            }
+        }
+        LOG.info("Conf dir:" + confDir.getAbsolutePath());
+        return confDir;
+    }
+
+    public static void main(String[] args) {
+
+        if (args.length < 2) {
+            System.err.println(USAGE);
+            return;
+        }
+
+        LocalKadmin kadmin;
+        try {
+            kadmin = new LocalKadminImpl(getConfDir(args));
+        } catch (KrbException e) {
+            System.err.println("Failed to init Kadmin due to " + e.getMessage());
+            return;
+        }
+
+        LocalHadmin hadmin;
+        try {
+            hadmin = new LocalHadmin(getConfDir(args));
+        } catch (KrbException e) {
+            System.err.println("Failed to init Hadmin due to " + e.getMessage());
+            return;
+        }
+
+        try {
+            Krb5Conf krb5Conf = new Krb5Conf(confDir, kadmin.getKdcConfig());
+            krb5Conf.initKrb5conf();
+        } catch (IOException e) {
+            System.err.println("Failed to make krb5.conf." + e.getMessage());
+        }
+
+        String kadminPrincipal = kadmin.getKadminPrincipal();
+
+
+        KOptions kOptions = ToolUtil.parseOptions(args, 1, args.length - 1);
+        if (kOptions == null) {
+            System.err.println(USAGE);
+            return;
+        }
+
+        Subject subject = null;
+        if (kOptions.contains(KadminOption.CCACHE)) {
+            File ccFile = kOptions.getFileOption(KadminOption.CCACHE);
+            if (ccFile == null || !ccFile.exists()) {
+                printUsage("Need the valid credentials cache file.");
+                return;
+            }
+            try {
+                subject = AuthUtil.loginUsingTicketCache(kadminPrincipal, ccFile);
+            } catch (LoginException e) {
+                System.err.println("Could not login with: " + kadminPrincipal
+                    + e.getMessage());
+                return;
+            }
+        } else if (kOptions.contains(KadminOption.K)) {
+            File keyTabFile = new File(kOptions.getStringOption(KadminOption.K));
+            if (keyTabFile == null || !keyTabFile.exists()) {
+                printUsage("Need the valid keytab file.");
+                return;
+            }
+            try {
+                subject = AuthUtil.loginUsingKeytab(kadminPrincipal, keyTabFile);
+            } catch (LoginException e) {
+                System.err.println("Could not login with: " + kadminPrincipal
+                    + e.getMessage());
+                return;
+            }
+        } else {
+            printUsage("No credentials cache file or keytab file for authentication.");
+        }
+        if (subject != null) {
+            Principal adminPrincipal = new KerberosPrincipal(kadminPrincipal);
+            Set<Principal> princSet = subject.getPrincipals();
+            if (princSet == null || princSet.isEmpty()) {
+                printUsage("The principals in subject is empty.");
+                return;
+            }
+            if (princSet.contains(adminPrincipal)) {
+                System.out.println("Login successful for user: " + kadminPrincipal);
+            } else {
+                printUsage("Login failure for " + kadminPrincipal);
+                return;
+            }
+        } else {
+            printUsage("The subject is null, login failure for " + kadminPrincipal);
+            return;
+        }
+
+        System.out.println("enter \"cmd\" to see legal commands.");
+
+        Completer completer = new StringsCompleter("add_principal",
+                "delete_principal", "rename_principal", "change_password", "list_principals",
+                "get_principal", "ktadd", "get_hostroles", "export_keytabs", "add_principals",
+                "enable_configure", "disable_configure", "deploy_keytabs", "deploy_https");
+
+        Terminal terminal = null;
+        try {
+            terminal = TerminalBuilder.terminal();
+        } catch (IOException e) {
+            e.printStackTrace();
+        }
+        LineReader lineReader = LineReaderBuilder.builder().completer(completer).terminal(terminal).build();
+
+        while (true) {
+            try {
+                String line = lineReader.readLine(PROMPT + ": ");
+                if ("quit".equals(line) || "exit".equals(line) || "q".equals(line)) {
+                    break;
+                }
+                execute(kadmin, hadmin, line);
+            } catch (HasException e) {
+                System.err.println(e.getMessage());
+            }
+        }
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ac19d3de/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/local/cmd/AddPrincipalsAndDeployKeytabsCommand.java
----------------------------------------------------------------------
diff --git a/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/local/cmd/AddPrincipalsAndDeployKeytabsCommand.java b/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/local/cmd/AddPrincipalsAndDeployKeytabsCommand.java
new file mode 100644
index 0000000..865f1c6
--- /dev/null
+++ b/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/local/cmd/AddPrincipalsAndDeployKeytabsCommand.java
@@ -0,0 +1,177 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License.
+ *
+ */
+package org.apache.kerby.kerberos.tool.admin.local.cmd;
+
+
+import com.jcraft.jsch.ChannelSftp;
+import com.jcraft.jsch.JSch;
+import com.jcraft.jsch.JSchException;
+import com.jcraft.jsch.Session;
+import com.jcraft.jsch.SftpException;
+import org.apache.kerby.has.common.HasException;
+import org.apache.kerby.has.server.admin.LocalHadmin;
+import org.codehaus.jettison.json.JSONArray;
+import org.codehaus.jettison.json.JSONException;
+import org.codehaus.jettison.json.JSONObject;
+
+import java.io.BufferedReader;
+import java.io.File;
+import java.io.FileNotFoundException;
+import java.io.FileReader;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+
+public class AddPrincipalsAndDeployKeytabsCommand extends HadminCommand {
+    private static final String USAGE
+        = "\nUsage: deploy_keytabs [HostRoles-File] [Where-to-Deploy] [SSH-Port] [UserName] [Password]\n"
+        + "\tExample:\n"
+        + "\t\tdeploy_keytabs hostroles.txt /etc/has/ 22 username password\n";
+
+    public AddPrincipalsAndDeployKeytabsCommand(LocalHadmin hadmin) {
+        super(hadmin);
+    }
+
+    @Override
+    public void execute(String[] items) throws HasException {
+
+        if (items.length < 5 || items.length > 6) {
+            System.err.println(USAGE);
+            return;
+        }
+
+        File hostfile = new File(items[1]);
+        if (!hostfile.exists()) {
+            throw new HasException("HostRoles file is not exists.");
+        }
+        String pathToDeploy = items[2];
+        int port = Integer.valueOf(items[3]);
+        String username = items[4];
+        String password = "";
+        if (items.length == 6) {
+            password = items[5];
+        }
+
+        BufferedReader reader;
+        try {
+            reader = new BufferedReader(new FileReader(hostfile));
+        } catch (FileNotFoundException e) {
+            throw new HasException("The host roles file: " + hostfile + "is not exist. " + e.getMessage());
+        }
+        StringBuilder sb = new StringBuilder();
+        String tempString;
+        try {
+            while ((tempString = reader.readLine()) != null) {
+                sb.append(tempString);
+            }
+        } catch (IOException e) {
+            throw new HasException("Failed to read file: " + e.getMessage());
+        }
+        JSONArray hostArray;
+        try {
+            hostArray = new JSONObject(sb.toString()).optJSONArray("HOSTS");
+        } catch (JSONException e) {
+            throw new HasException(e.getMessage());
+        }
+        for (int i = 0; i < hostArray.length(); i++) {
+            JSONObject host;
+            try {
+                host = (JSONObject) hostArray.get(i);
+            } catch (JSONException e) {
+                throw new HasException(e.getMessage());
+            }
+            String hostname;
+            try {
+                hostname = host.getString("name");
+            } catch (JSONException e) {
+                throw new HasException(e.getMessage());
+            }
+            String[] roles;
+            try {
+                roles = host.getString("hostRoles").split(",");
+            } catch (JSONException e) {
+                throw new HasException(e.getMessage());
+            }
+            List<File> keytabs = new ArrayList<>();
+            for (String role : roles) {
+                // Add principal.
+                System.out.println(getHadmin().addPrincByRole(hostname,
+                    role.toUpperCase()));
+                // Export keytab
+                File keytab = getHadmin().getKeytabByHostAndRole(hostname, role);
+
+                keytabs.add(keytab);
+            }
+
+            JSch jsch = new JSch();
+            Session session;
+            try {
+                session = jsch.getSession(username, hostname, port);
+            } catch (JSchException e) {
+                throw new HasException(e.getMessage());
+            }
+            session.setPassword(password);
+
+            java.util.Properties config = new java.util.Properties();
+            config.put("StrictHostKeyChecking", "no");
+            session.setConfig(config);
+
+            ChannelSftp channel;
+            try {
+                session.connect();
+                channel = (ChannelSftp) session.openChannel("sftp");
+                channel.connect();
+            } catch (JSchException e) {
+                throw new HasException("Failed to set the session: " + e.getMessage());
+            }
+            try {
+                String path = "";
+                String[] paths = pathToDeploy.split("/");
+                for (int j = 1; j < paths.length; j++) {
+                    path = path + "/" + paths[i];
+
+                    try {
+                        channel.cd(path);
+                    } catch (SftpException e) {
+                        if (e.id == ChannelSftp.SSH_FX_NO_SUCH_FILE) {
+                            channel.mkdir(path);
+                        } else {
+                            throw new HasException(e.getMessage());
+                        }
+                    }
+                }
+            } catch (SftpException e) {
+                throw new HasException("Failed to mkdir path: " + e.getMessage());
+            }
+
+            for (File keytab : keytabs) {
+                // Send the keytab to remote
+                try {
+                    channel.put(keytab.getAbsolutePath(), pathToDeploy + keytab.getName());
+                } catch (SftpException e) {
+                    throw new HasException("Failed to send the keytab file: " + keytab.getName());
+                }
+            }
+            channel.disconnect();
+        }
+    }
+}
+
+

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ac19d3de/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/local/cmd/AddPrincipalsCommand.java
----------------------------------------------------------------------
diff --git a/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/local/cmd/AddPrincipalsCommand.java b/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/local/cmd/AddPrincipalsCommand.java
new file mode 100644
index 0000000..d9db07c
--- /dev/null
+++ b/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/local/cmd/AddPrincipalsCommand.java
@@ -0,0 +1,75 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License.
+ *
+ */
+package org.apache.kerby.kerberos.tool.admin.local.cmd;
+
+import org.apache.kerby.has.common.HasException;
+import org.apache.kerby.has.server.admin.LocalHadmin;
+import org.codehaus.jettison.json.JSONArray;
+import org.codehaus.jettison.json.JSONObject;
+
+import java.io.BufferedReader;
+import java.io.File;
+import java.io.FileReader;
+
+public class AddPrincipalsCommand extends HadminCommand {
+
+    private static final String USAGE = "\nUsage: create_principals [hostRoles-file]\n"
+            + "\t'hostRoles-file' is a file with a hostRoles json string like:\n"
+            + "\t\t{HOSTS: [ {\"name\":\"host1\",\"hostRoles\":\"HDFS\"}, "
+            + "{\"name\":\"host2\",\"hostRoles\":\"HDFS,HBASE\"} ] }\n"
+            + "\tExample:\n"
+            + "\t\tcreate_principals hostroles.txt\n";
+
+    public AddPrincipalsCommand(LocalHadmin hadmin) {
+        super(hadmin);
+    }
+
+    @Override
+    public void execute(String[] items) throws HasException {
+        if (items.length != 2) {
+            System.err.println(USAGE);
+            return;
+        }
+
+        File hostRoles = new File(items[1]);
+        if (!hostRoles.exists()) {
+            throw new HasException("HostRoles file is not exists.");
+        }
+        try {
+            BufferedReader reader = new BufferedReader(new FileReader(hostRoles));
+            StringBuilder sb = new StringBuilder();
+            String tempString;
+            while ((tempString = reader.readLine()) != null) {
+                sb.append(tempString);
+            }
+            JSONArray hostArray = new JSONObject(sb.toString()).optJSONArray("HOSTS");
+            for (int i = 0; i < hostArray.length(); i++) {
+                JSONObject host = (JSONObject) hostArray.get(i);
+                String[] roles = host.getString("hostRoles").split(",");
+                for (String role : roles) {
+                    System.out.println(getHadmin().addPrincByRole(host.getString("name"),
+                            role.toUpperCase()));
+                }
+            }
+        } catch (Exception e) {
+            throw new HasException("Failed to execute creating principals, because : " + e.getMessage());
+        }
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ac19d3de/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/local/cmd/DeployHTTPSCertsCommand.java
----------------------------------------------------------------------
diff --git a/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/local/cmd/DeployHTTPSCertsCommand.java b/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/local/cmd/DeployHTTPSCertsCommand.java
new file mode 100644
index 0000000..e49ffa5
--- /dev/null
+++ b/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/local/cmd/DeployHTTPSCertsCommand.java
@@ -0,0 +1,310 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License.
+ *
+ */
+package org.apache.kerby.kerberos.tool.admin.local.cmd;
+
+import com.jcraft.jsch.ChannelSftp;
+import com.jcraft.jsch.JSch;
+import com.jcraft.jsch.JSchException;
+import com.jcraft.jsch.Session;
+import com.jcraft.jsch.SftpException;
+import org.apache.commons.text.CharacterPredicates;
+import org.apache.commons.text.RandomStringGenerator;
+import org.apache.kerby.has.common.HasException;
+import org.apache.kerby.has.server.admin.LocalHadmin;
+import org.apache.kerby.util.IOUtil;
+import org.bouncycastle.x509.X509V1CertificateGenerator;
+
+import javax.security.auth.x500.X500Principal;
+import java.io.BufferedReader;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.FileOutputStream;
+import java.io.FileReader;
+import java.io.IOException;
+import java.io.InputStream;
+import java.math.BigInteger;
+import java.net.InetAddress;
+import java.net.UnknownHostException;
+import java.security.GeneralSecurityException;
+import java.security.InvalidKeyException;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.KeyStore;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+import java.security.SignatureException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+/**
+ * HTTPS certifications deploy tool.
+ */
+public class DeployHTTPSCertsCommand extends HadminCommand {
+    private static final String USAGE
+            = "\nUsage: deploy_certs [Hosts-File] [truststore_file] [truststore_password]"
+            + " [Where-to-Deploy] [SSH-Port] [UserName] [Password]\n"
+            + "\tExample:\n"
+            + "\t\tdeploy_https hosts.txt /etc/has/truststore.jks 123456 /etc/has 22 username password\n";
+
+    public DeployHTTPSCertsCommand(LocalHadmin hadmin) {
+        super(hadmin);
+    }
+
+    private static KeyPair generateKeyPair() throws NoSuchAlgorithmException {
+        KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
+        keyGen.initialize(1024);
+        return keyGen.genKeyPair();
+    }
+
+    private static X509Certificate generateCertificate(String args, KeyPair pair)
+            throws CertificateEncodingException, InvalidKeyException, IllegalStateException,
+            NoSuchAlgorithmException, SignatureException {
+
+        Date from = new Date();
+        Date to = new Date(from.getTime() + 90 * 86400000L);
+        BigInteger sn = new BigInteger(64, new SecureRandom());
+        X509V1CertificateGenerator certGen = new X509V1CertificateGenerator();
+        X500Principal dnName = new X500Principal(args);
+
+        certGen.setSerialNumber(sn);
+        certGen.setIssuerDN(dnName);
+        certGen.setNotBefore(from);
+        certGen.setNotAfter(to);
+        certGen.setSubjectDN(dnName);
+        certGen.setPublicKey(pair.getPublic());
+        certGen.setSignatureAlgorithm("SHA1withRSA");
+
+        return certGen.generate(pair.getPrivate());
+    }
+
+    private static File saveKeyStore(String fileName, KeyStore ks, String password)
+            throws GeneralSecurityException, IOException {
+        File keystoreFile = new File(fileName);
+        if (keystoreFile.exists() && !keystoreFile.delete()) {
+            throw new IOException("Failed to delete original file: " + fileName);
+        }
+        FileOutputStream out = new FileOutputStream(keystoreFile);
+        ks.store(out, password.toCharArray());
+        out.close();
+        return keystoreFile;
+    }
+
+    private File createClientSSLConfig(String trustStorePath, String trustStorePassword,
+                                       String keyStorePassword) throws HasException {
+        String resourcePath = "/ssl-client.conf.template";
+        InputStream templateResource = getClass().getResourceAsStream(resourcePath);
+        File sslConfigFile = new File("ssl-client.conf");
+        try {
+            String content = IOUtil.readInput(templateResource);
+            content = content.replaceAll("_location_", trustStorePath);
+            content = content.replaceAll("_password_", trustStorePassword);
+            content = content.replaceAll("_keyPassword_", keyStorePassword);
+
+            IOUtil.writeFile(content, sslConfigFile);
+            return sslConfigFile;
+        } catch (IOException e) {
+            throw new HasException("Failed to create client ssl configuration file", e);
+        }
+    }
+
+    private final class KeyStoreInfo {
+        KeyStore keyStore;
+        String keyPasswd;
+
+        private KeyStoreInfo(KeyStore keyStore, String keyPasswd) {
+            this.keyStore = keyStore;
+            this.keyPasswd = keyPasswd;
+        }
+
+        private String getKeyPasswd() {
+            return this.keyPasswd;
+        }
+
+        private KeyStore getKeyStore() {
+            return this.keyStore;
+        }
+    }
+
+    @Override
+    public void execute(String[] items) throws HasException {
+
+        if (items.length < 7 || items.length > 8) {
+            System.err.println(USAGE);
+            return;
+        }
+
+        File hostFile = new File(items[1]);
+        if (!hostFile.exists()) {
+            throw new HasException("Host file is not exist.");
+        }
+        String truststoreFile = items[2];
+        String truststoreSecret = items[3];
+        String pathToDeploy = items[4];
+        int port = Integer.valueOf(items[5]);
+        String username = items[6];
+        String password = "";
+        if (items.length == 8) {
+            password = items[7];
+        }
+
+        // Get hosts from host file
+        BufferedReader reader;
+        try {
+            reader = new BufferedReader(new FileReader(hostFile));
+        } catch (FileNotFoundException e) {
+            throw new HasException("The hosts file: " + hostFile
+                + "is not exist. " + e.getMessage());
+        }
+        StringBuilder sb = new StringBuilder();
+        String tempString;
+        try {
+            while ((tempString = reader.readLine()) != null) {
+                sb.append(tempString);
+            }
+        } catch (IOException e1) {
+            throw new HasException("Failed to read file: " + e1.getMessage());
+        }
+        String[] hostArray = sb.toString().replace(" ", "").split(",");
+
+        // Get truststore from truststore file
+        Map<String, KeyStoreInfo> keyStoreInfoMap = new HashMap<>(16);
+        KeyStore trustStore;
+        try {
+            trustStore = KeyStore.getInstance("JKS");
+            FileInputStream in = new FileInputStream(truststoreFile);
+            trustStore.load(in, truststoreSecret.toCharArray());
+        } catch (Exception e2) {
+            throw new HasException("Failed to get truststore from the file: "
+                + truststoreFile, e2);
+        }
+        RandomStringGenerator generator = new RandomStringGenerator.Builder()
+            .withinRange('a', 'z')
+            .filteredBy(CharacterPredicates.LETTERS, CharacterPredicates.DIGITS)
+            .build();
+
+        // Generate keystore map
+        for (String hostname : hostArray) {
+            try {
+                InetAddress inetAddress = InetAddress.getLocalHost();
+                String localHostname = inetAddress.getHostName();
+                if (hostname.equals(localHostname)) {
+                    continue;
+                }
+            } catch (UnknownHostException e3) {
+                throw new HasException("Failed to get local hostname.", e3);
+            }
+
+            KeyStore ks;
+            try {
+                KeyPair cKP = generateKeyPair();
+                String keyPassword = generator.generate(15);
+                X509Certificate cert = generateCertificate("CN=" + hostname + ", O=has", cKP);
+                ks = KeyStore.getInstance("JKS");
+                ks.load(null, null);
+                ks.setKeyEntry(hostname, cKP.getPrivate(), keyPassword.toCharArray(),
+                    new Certificate[]{cert});
+                KeyStoreInfo keyStoreInfo = new KeyStoreInfo(ks, keyPassword);
+                keyStoreInfoMap.put(hostname, keyStoreInfo);
+                trustStore.setCertificateEntry(hostname, cert);
+            } catch (Exception e4) {
+                throw new HasException("Failed to generate keystore.", e4);
+            }
+        }
+
+        File finalTrustStoreFile;
+        try {
+            finalTrustStoreFile = saveKeyStore(truststoreFile, trustStore, password);
+        } catch (Exception e5) {
+            throw new HasException("Failed to generate trust store files.", e5);
+        }
+
+        // Generate keystore, truststore, ssl config files and transfer them to destination
+        for (String hostname : hostArray) {
+            List<File> files = new ArrayList<>(3);
+            try {
+                KeyStoreInfo keyStoreInfo = keyStoreInfoMap.get(hostname);
+                File file = saveKeyStore(hostname + "_keystore.jks",
+                    keyStoreInfo.getKeyStore(), keyStoreInfo.getKeyPasswd());
+                files.add(file);
+                files.add(finalTrustStoreFile);
+                files.add(createClientSSLConfig(pathToDeploy + "/truststore.jks",
+                    truststoreSecret, keyStoreInfo.getKeyPasswd()));
+            } catch (Exception e6) {
+                throw new HasException("Failed to generate key store files.", e6);
+            }
+
+            JSch jsch = new JSch();
+            Session session;
+            try {
+                session = jsch.getSession(username, hostname, port);
+            } catch (JSchException e7) {
+                throw new HasException(e7.getMessage());
+            }
+            session.setPassword(password);
+
+            java.util.Properties config = new java.util.Properties();
+            config.put("StrictHostKeyChecking", "no");
+            session.setConfig(config);
+
+            ChannelSftp channel;
+            try {
+                session.connect();
+                channel = (ChannelSftp) session.openChannel("sftp");
+                channel.connect();
+            } catch (JSchException e8) {
+                throw new HasException("Failed to set the session: " + e8.getMessage());
+            }
+            try {
+                String path = "";
+                String[] paths = pathToDeploy.split("/");
+                for (int i = 1; i < paths.length; i++) {
+                    path = path + "/" + paths[i];
+                    try {
+                        channel.cd(path);
+                    } catch (SftpException e9) {
+                        if (e9.id == ChannelSftp.SSH_FX_NO_SUCH_FILE) {
+                            channel.mkdir(path);
+                        } else {
+                            throw new HasException(e9.getMessage());
+                        }
+                    }
+                }
+            } catch (SftpException e10) {
+                throw new HasException("Failed to mkdir path: " + e10);
+            }
+
+            for (File file : files) {
+                try {
+                    channel.put(file.getAbsolutePath(), file.getName());
+                } catch (SftpException e10) {
+                    throw new HasException("Failed to send the https cert files.", e10);
+                }
+            }
+            channel.disconnect();
+        }
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ac19d3de/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/local/cmd/DisableConfigureCommand.java
----------------------------------------------------------------------
diff --git a/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/local/cmd/DisableConfigureCommand.java b/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/local/cmd/DisableConfigureCommand.java
new file mode 100644
index 0000000..a499076
--- /dev/null
+++ b/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/local/cmd/DisableConfigureCommand.java
@@ -0,0 +1,40 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License.
+ *
+ */
+package org.apache.kerby.kerberos.tool.admin.local.cmd;
+
+import org.apache.kerby.has.common.HasException;
+import org.apache.kerby.has.server.admin.LocalHadmin;
+
+public class DisableConfigureCommand extends HadminCommand {
+
+    public static final String USAGE = "Usage: enable_configure\n"
+            + "\tExample:\n"
+            + "\t\tenable\n";
+
+    public DisableConfigureCommand(LocalHadmin hadmin) {
+        super(hadmin);
+    }
+
+    @Override
+    public void execute(String[] items) throws HasException {
+        getHadmin().setEnableOfConf("false");
+        System.out.println("Set conf disable.");
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ac19d3de/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/local/cmd/EnableConfigureCommand.java
----------------------------------------------------------------------
diff --git a/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/local/cmd/EnableConfigureCommand.java b/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/local/cmd/EnableConfigureCommand.java
new file mode 100644
index 0000000..404e3f5
--- /dev/null
+++ b/kerby-tool/has-tool/src/main/java/org/apache/kerby/kerberos/tool/admin/local/cmd/EnableConfigureCommand.java
@@ -0,0 +1,40 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License.
+ *
+ */
+package org.apache.kerby.kerberos.tool.admin.local.cmd;
+
+import org.apache.kerby.has.common.HasException;
+import org.apache.kerby.has.server.admin.LocalHadmin;
+
+public class EnableConfigureCommand extends HadminCommand {
+
+    public static final String USAGE = "Usage: enable_configure\n"
+            + "\tExample:\n"
+            + "\t\tenable\n";
+
+    public EnableConfigureCommand(LocalHadmin hadmin) {
+        super(hadmin);
+    }
+
+    @Override
+    public void execute(String[] items) throws HasException {
+        getHadmin().setEnableOfConf("true");
+        System.out.println("Set conf enable.");
+    }
+}


Mime
View raw message