Return-Path: X-Original-To: apmail-directory-kerby-archive@minotaur.apache.org Delivered-To: apmail-directory-kerby-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 5F67018D70 for ; Tue, 30 Jun 2015 05:00:58 +0000 (UTC) Received: (qmail 54511 invoked by uid 500); 30 Jun 2015 05:00:58 -0000 Delivered-To: apmail-directory-kerby-archive@directory.apache.org Received: (qmail 54491 invoked by uid 500); 30 Jun 2015 05:00:58 -0000 Mailing-List: contact kerby-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: kerby@directory.apache.org Delivered-To: mailing list kerby@directory.apache.org Received: (qmail 54480 invoked by uid 99); 30 Jun 2015 05:00:57 -0000 Received: from Unknown (HELO spamd2-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 30 Jun 2015 05:00:57 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id 076CE1A6301 for ; Tue, 30 Jun 2015 05:00:57 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 0.769 X-Spam-Level: X-Spam-Status: No, score=0.769 tagged_above=-999 required=6.31 tests=[KAM_ASCII_DIVIDERS=0.8, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=disabled Received: from mx1-us-west.apache.org ([10.40.0.8]) by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024) with ESMTP id mtPlPl2w5-Nw for ; Tue, 30 Jun 2015 05:00:42 +0000 (UTC) Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by mx1-us-west.apache.org (ASF Mail Server at mx1-us-west.apache.org) with ESMTP id 7034A2502F for ; Tue, 30 Jun 2015 05:00:41 +0000 (UTC) Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga102.fm.intel.com with ESMTP; 29 Jun 2015 22:00:29 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.15,375,1432623600"; d="scan'208";a="737414524" Received: from pgsmsx101.gar.corp.intel.com ([10.221.44.78]) by fmsmga001.fm.intel.com with ESMTP; 29 Jun 2015 22:00:26 -0700 Received: from shsmsx104.ccr.corp.intel.com (10.239.4.70) by PGSMSX101.gar.corp.intel.com (10.221.44.78) with Microsoft SMTP Server (TLS) id 14.3.224.2; Tue, 30 Jun 2015 13:00:24 +0800 Received: from shsmsx103.ccr.corp.intel.com ([169.254.4.46]) by SHSMSX104.ccr.corp.intel.com ([169.254.5.129]) with mapi id 14.03.0224.002; Tue, 30 Jun 2015 13:00:23 +0800 From: "Zheng, Kai" To: "kerby@directory.apache.org" Subject: RE: [1/2] directory-kerby git commit: Changes summary: 1) Enhanced SimpleKdcServer to integrate KrbClient and Kadmin APIs for easier integration tests; 2) Refined related codes; 3) Fixed some issues found in the effort. Thread-Topic: [1/2] directory-kerby git commit: Changes summary: 1) Enhanced SimpleKdcServer to integrate KrbClient and Kadmin APIs for easier integration tests; 2) Refined related codes; 3) Fixed some issues found in the effort. Thread-Index: AQHQsueMlZYm4bT1bkK6AD66WnDOtJ3EfTxQ Date: Tue, 30 Jun 2015 05:00:22 +0000 Message-ID: <8D5F7E3237B3ED47B84CF187BB17B66611B8AE34@SHSMSX103.ccr.corp.intel.com> References: <5f774d0b1ed5497ca159ca5698b21add@git.apache.org> In-Reply-To: <5f774d0b1ed5497ca159ca5698b21add@git.apache.org> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Sorry this breaks GSS test and I will fix them ASAP. Regards, Kai -----Original Message----- From: drankye@apache.org [mailto:drankye@apache.org]=20 Sent: Tuesday, June 30, 2015 11:48 AM To: commits@directory.apache.org Subject: [1/2] directory-kerby git commit: Changes summary: 1) Enhanced Sim= pleKdcServer to integrate KrbClient and Kadmin APIs for easier integration = tests; 2) Refined related codes; 3) Fixed some issues found in the effort. Repository: directory-kerby Updated Branches: refs/heads/master 22d959b95 -> d49d73da3 Changes summary: 1) Enhanced SimpleKdcServer to integrate KrbClient and Kad= min APIs for easier integration tests; 2) Refined related codes; 3) Fixed s= ome issues found in the effort. Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/497e0= 303 Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/497e0303 Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/497e0303 Branch: refs/heads/master Commit: 497e0303e2e5e28dee44775174b8072a4b4a4c76 Parents: 2446784 Author: drankye Authored: Tue Jun 30 11:46:16 2015 +0800 Committer: Drankye Committed: Tue Jun 30 11:46:16 2015 +0800 ---------------------------------------------------------------------- .../kerby/kerberos/kdc/GssInteropTestBase.java | 54 +++++++---- .../kerby/kerberos/kdc/GssTcpInteropTest.java | 25 ----- .../kerby/kerberos/kdc/GssUdpInteropTest.java | 26 ----- .../kerby/kerberos/kdc/JsonBackendKdcTest.java | 7 +- .../apache/kerby/kerberos/kdc/KerbyKdcTest.java | 15 +-- .../kdc/OnlyTcpForNettyKdcNetworkTest.java | 12 ++- .../kdc/OnlyUdpForNettyKdcNetworkTest.java | 12 ++- .../kerberos/kdc/WithAccessTokenKdcTest.java | 2 +- .../kerberos/kdc/WithIdentityTokenKdcTest.java | 6 +- .../kerberos/kdc/WithTokenKdcTestBase.java | 13 +-- .../kerberos/kdc/ZookeeperBackendKdcTest.java | 7 +- kerby-kdc-test/src/test/resources/krb5-udp.conf | 8 -- kerby-kdc-test/src/test/resources/krb5.conf | 9 -- .../kerby/kerberos/kdc/KerbyKdcServer.java | 4 +- .../kerby/kerberos/kerb/client/ClientUtil.java | 14 +-- .../kerby/kerberos/kerb/client/KrbConfig.java | 9 +- .../kerberos/kerb/client/KrbConfigKey.java | 6 +- .../kerby/kerberos/kerb/client/KrbSetting.java | 5 + .../kerb/client/KrbClientSettingTest.java | 4 +- .../kerberos/kerb/common/KrbConfHelper.java | 15 ++- .../kerby/kerberos/kerb/server/KdcTestBase.java | 99 ++++---------------- .../kerberos/kerb/server/TestKdcServer.java | 54 +++++++++++ .../kerberos/kerb/server/GssInteropTest.java | 21 ++--- .../kerberos/kerb/server/KdcSettingTest.java | 2 +- .../kerby/kerberos/kerb/server/KdcTest.java | 6 +- .../kerb/server/MultiRequestsKdcTest.java | 10 +- .../kerberos/kerb/server/OnlyTcpKdcTest.java | 5 + .../kerberos/kerb/server/OnlyUdpKdcTest.java | 5 + .../kerberos/kerb/server/TcpAndUdpKdcTest.java | 5 + .../kerb-kdc-test/src/test/resources/krb5.conf | 8 -- .../kerby/kerberos/kerb/server/KdcConfig.java | 25 +++-- .../kerberos/kerb/server/KdcConfigKey.java | 9 +- .../kerby/kerberos/kerb/server/KdcServer.java | 13 ++- .../kerberos/kerb/server/KdcServerOption.java | 1 + .../kerby/kerberos/kerb/server/KdcSetting.java | 29 +++++- .../server/impl/AbstractInternalKdcServer.java | 2 +- .../kerberos/kerb/server/SimpleKdcTest.java | 26 +---- .../kerberos/kerb/server/TestKdcConfigLoad.java | 4 +- kerby-kerb/kerb-simplekdc/pom.xml | 5 + .../kerby/kerberos/kerb/server/Krb5Conf.java | 53 +++++++++++ .../kerberos/kerb/server/SimpleKdcServer.java | 95 +++++++++++++++---- .../kerb-simplekdc/src/main/resources/krb5.conf | 7 ++ .../src/main/resources/krb5_udp.conf | 8 ++ .../org/apache/kerby/config/ConfigImpl.java | 3 +- .../main/java/org/apache/kerby/util/IOUtil.java | 27 +++++- 45 files changed, 465 insertions(+), 310 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-= kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/GssInteropTestBase.jav= a ---------------------------------------------------------------------- diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/Gss= InteropTestBase.java b/kerby-kdc-test/src/test/java/org/apache/kerby/kerber= os/kdc/GssInteropTestBase.java index 43b89df..bb0fb48 100644 --- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/GssInterop= TestBase.java +++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/GssInterop= TestBase.java @@ -23,6 +23,7 @@ import org.apache.kerby.kerberos.kerb.KrbException; import org.apache.kerby.kerberos.kerb.server.KdcTestBase; import org.ietf.jgss.*; import org.junit.Assert; +import org.junit.Before; import org.junit.Test; =20 import javax.security.auth.Subject; @@ -32,6 +33,7 @@ import javax.security.auth.callback.PasswordCallback; import javax.security.auth.callback.UnsupportedCallbackException; import javax.security.auth.kerberos.KerberosTicket; import javax.security.auth.login.LoginContext; +import java.io.File; import java.io.IOException; import java.security.Principal; import java.security.PrivilegedExceptionAction; @@ -41,17 +43,29 @@ import java.util.Set; * This is an interop test using the Java GSS APIs against the Kerby KDC */ public abstract class GssInteropTestBase extends KdcTestBase { - @Override protected void createPrincipals() throws KrbException { - kdcServer.createPrincipal(getClientPrincipal(), getClientPassword(= )); - kdcServer.createPrincipal(getServerPrincipal(), getServerPassword(= )); + getKdcServer().createPrincipal(getClientPrincipal(), getClientPass= word()); + getKdcServer().createPrincipal(getServerPrincipal(), getServerPass= word()); } =20 private String getServerPassword() { return getClientPassword(); // Reuse the same password } =20 + @Before + @Override + public void setUp() throws Exception { + super.setUp(); + + File file1 =3D new File(getClass().getResource("/kerberos.jaas").g= etPath()); + String content1 =3D getFileContent(file1.getPath()); + String path1 =3D writeToTestDir(content1, file1.getName()); + + // System.setProperty("sun.security.krb5.debug", "true"); + System.setProperty("java.security.auth.login.config", path1); + } + @Test public void testKdc() throws Exception { LoginContext loginContext =3D new LoginContext(getClientPrincipalN= ame(), @@ -80,8 +94,6 @@ public abstract class GssInteropTestBase extends KdcTestB= ase { loginContext.logout(); =20 validateServiceTicket(kerberosToken); - =20 - kdcServer.stop(); } =20 private void validateServiceTicket(byte[] ticket) throws Exception { @@ -121,17 +133,19 @@ public abstract class GssInteropTestBase extends KdcT= estBase { } =20 /** - * This class represents a PrivilegedExceptionAction implementation to= obtain a service ticket from a Kerberos - * Key Distribution Center. + * This class represents a PrivilegedExceptionAction implementation to + * obtain a service ticket from a Kerberos Key Distribution Center. */ - private static class KerberosClientExceptionAction implements Privileg= edExceptionAction { + private static class KerberosClientExceptionAction + implements PrivilegedExceptionAction { =20 private static final String JGSS_KERBEROS_TICKET_OID =3D "1.2.840.= 113554.1.2.2"; =20 private Principal clientPrincipal; private String serviceName; =20 - public KerberosClientExceptionAction(Principal clientPrincipal, St= ring serviceName) {=20 + public KerberosClientExceptionAction(Principal clientPrincipal, + String serviceName) { this.clientPrincipal =3D clientPrincipal; this.serviceName =3D serviceName; } @@ -139,12 +153,15 @@ public abstract class GssInteropTestBase extends KdcT= estBase { public byte[] run() throws GSSException { GSSManager gssManager =3D GSSManager.getInstance(); =20 - GSSName gssService =3D gssManager.createName(serviceName, GSSN= ame.NT_USER_NAME); + GSSName gssService =3D gssManager.createName(serviceName, + GSSName.NT_USER_NAME); Oid oid =3D new Oid(JGSS_KERBEROS_TICKET_OID); - GSSName gssClient =3D gssManager.createName(clientPrincipal.ge= tName(), GSSName.NT_USER_NAME); + GSSName gssClient =3D gssManager.createName(clientPrincipal.ge= tName(), + GSSName.NT_USER_NAME); GSSCredential credentials =3D=20 gssManager.createCredential( - gssClient, GSSCredential.DEFAULT_LIFETIME, oid, GSSCre= dential.INITIATE_ONLY + gssClient, GSSCredential.DEFAULT_LIFETIME, oid, + GSSCredential.INITIATE_ONLY ); =20 GSSContext secContext =3D @@ -166,7 +183,8 @@ public abstract class GssInteropTestBase extends KdcTes= tBase { } } =20 - private static class KerberosServiceExceptionAction implements Privile= gedExceptionAction { + private static class KerberosServiceExceptionAction + implements PrivilegedExceptionAction { =20 private static final String JGSS_KERBEROS_TICKET_OID =3D "1.2.840.= 113554.1.2.2"; =20 @@ -179,16 +197,16 @@ public abstract class GssInteropTestBase extends KdcT= estBase { } =20 public byte[] run() throws GSSException { - GSSManager gssManager =3D GSSManager.getInstance(); - - GSSContext secContext =3D null; - GSSName gssService =3D gssManager.createName(serviceName, GSSN= ame.NT_USER_NAME); + GSSContext secContext; + GSSName gssService =3D gssManager.createName(serviceName, + GSSName.NT_USER_NAME); =20 Oid oid =3D new Oid(JGSS_KERBEROS_TICKET_OID); GSSCredential credentials =3D=20 gssManager.createCredential( - gssService, GSSCredential.DEFAULT_LIFETIME, oid, GSSCr= edential.ACCEPT_ONLY + gssService, GSSCredential.DEFAULT_LIFETIME, oid, + GSSCredential.ACCEPT_ONLY ); secContext =3D gssManager.createContext(credentials); =20 http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-= kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/GssTcpInteropTest.java ---------------------------------------------------------------------- diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/Gss= TcpInteropTest.java b/kerby-kdc-test/src/test/java/org/apache/kerby/kerbero= s/kdc/GssTcpInteropTest.java index dca4f4d..c101d0d 100644 --- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/GssTcpInte= ropTest.java +++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/GssTcpInte= ropTest.java @@ -19,36 +19,11 @@ */ package org.apache.kerby.kerberos.kdc; =20 -import java.io.File; - -import org.junit.Before; - /** * This is an interop test using the Java GSS APIs against the Kerby KDC (= using TCP) */ public class GssTcpInteropTest extends GssInteropTestBase { =20 - @Before - @Override - public void setUp() throws Exception { - super.setUp(); - - File file1 =3D new File(this.getClass().getResource("/kerberos.jaa= s").getPath()); - String content1 =3D getFileContent(file1.getPath()); - String path1 =3D writeToTestDir(content1, file1.getName()); - - // System.setProperty("sun.security.krb5.debug", "true"); - System.setProperty("java.security.auth.login.config", path1); - - // Read in krb5.conf and substitute in the correct port - File file2 =3D new File(this.getClass().getResource("/krb5.conf").= getPath()); - String content2 =3D getFileContent(file2.getPath()); - content2 =3D content2.replaceAll("port", "" + getTcpPort()); - String path2 =3D writeToTestDir(content2, file2.getName()); - - System.setProperty("java.security.krb5.conf", path2); - } - @Override protected boolean allowUdp() { return false; http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-= kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/GssUdpInteropTest.java ---------------------------------------------------------------------- diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/Gss= UdpInteropTest.java b/kerby-kdc-test/src/test/java/org/apache/kerby/kerbero= s/kdc/GssUdpInteropTest.java index e2ccd31..a3e8c55 100644 --- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/GssUdpInte= ropTest.java +++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/GssUdpInte= ropTest.java @@ -19,39 +19,13 @@ */ package org.apache.kerby.kerberos.kdc; =20 -import org.junit.Before; - -import java.io.File; - /** * This is an interop test using the Java GSS APIs against the Kerby KDC (= using UDP) */ public class GssUdpInteropTest extends GssInteropTestBase { =20 - @Before - @Override - public void setUp() throws Exception { - super.setUp(); - - File file1 =3D new File(getClass().getResource("/kerberos.jaas").g= etPath()); - String content1 =3D getFileContent(file1.getPath()); - String path1 =3D writeToTestDir(content1, file1.getName()); - - // System.setProperty("sun.security.krb5.debug", "true"); - System.setProperty("java.security.auth.login.config", path1); - - // Read in krb5.conf and substitute in the correct port - File file2 =3D new File(getClass().getResource("/krb5-udp.conf").g= etPath()); - String content2 =3D getFileContent(file2.getPath()); - content2 =3D content2.replaceAll("port", "" + getUdpPort()); - String path2 =3D writeToTestDir(content2, file2.getName()); - - System.setProperty("java.security.krb5.conf", path2); - } - @Override protected boolean allowUdp() { return true; } - } http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-= kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/JsonBackendKdcTest.jav= a ---------------------------------------------------------------------- diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/Jso= nBackendKdcTest.java b/kerby-kdc-test/src/test/java/org/apache/kerby/kerber= os/kdc/JsonBackendKdcTest.java index c5815d8..ad60ef4 100644 --- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/JsonBacken= dKdcTest.java +++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/JsonBacken= dKdcTest.java @@ -20,6 +20,7 @@ package org.apache.kerby.kerberos.kdc; =20 import org.apache.kerby.kerberos.kdc.identitybackend.JsonIdentityBackend; +import org.apache.kerby.kerberos.kerb.KrbException; import org.apache.kerby.kerberos.kerb.server.BackendConfig; import org.apache.kerby.kerberos.kerb.server.KdcConfigKey; import org.junit.AfterClass; @@ -31,14 +32,14 @@ public class JsonBackendKdcTest extends KerbyKdcTest { private static File jsonBackendFile; =20 @Override - protected void prepareKdcServer() throws Exception { - super.prepareKdcServer(); + protected void prepareKdc() throws KrbException { + super.prepareKdc(); =20 File testDir =3D new File(System.getProperty("test.dir", "target")= ); jsonBackendFile =3D new File(testDir, "json-backend-file"); String jsonBackendFileString =3D jsonBackendFile.getAbsolutePath()= ; =20 - BackendConfig backendConfig =3D kdcServer.getBackendConfig(); + BackendConfig backendConfig =3D getKdcServer().getBackendConfig(); backendConfig.setString( JsonIdentityBackend.JSON_IDENTITY_BACKEND_FILE, jsonBacken= dFileString); backendConfig.setString(KdcConfigKey.KDC_IDENTITY_BACKEND, http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-= kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/KerbyKdcTest.java ---------------------------------------------------------------------- diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/Ker= byKdcTest.java b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc= /KerbyKdcTest.java index 394c9ce..2f08601 100644 --- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/KerbyKdcTe= st.java +++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/KerbyKdcTe= st.java @@ -20,6 +20,7 @@ package org.apache.kerby.kerberos.kdc; =20 import org.apache.kerby.kerberos.kdc.impl.NettyKdcServerImpl; +import org.apache.kerby.kerberos.kerb.KrbException; import org.apache.kerby.kerberos.kerb.server.KdcTestBase; import org.apache.kerby.kerberos.kerb.spec.ticket.ServiceTicket; import org.apache.kerby.kerberos.kerb.spec.ticket.TgtTicket; @@ -30,10 +31,10 @@ import static org.assertj.core.api.Assertions.assertTha= t; public abstract class KerbyKdcTest extends KdcTestBase { =20 @Override - protected void prepareKdcServer() throws Exception { - super.prepareKdcServer(); - kdcServer.setInnerKdcImpl( - new NettyKdcServerImpl(kdcServer.getSetting())); + protected void prepareKdc() throws KrbException { + super.prepareKdc(); + getKdcServer().setInnerKdcImpl( + new NettyKdcServerImpl(getKdcServer().getKdcSetting())); } =20 protected void performKdcTest() throws Exception { @@ -41,11 +42,11 @@ public abstract class KerbyKdcTest extends KdcTestBase = { ServiceTicket tkt; =20 try { - tgt =3D krbClnt.requestTgtWithPassword(getClientPrincipal(), - getClientPassword()); + tgt =3D getKrbClient().requestTgtWithPassword( + getClientPrincipal(), getClientPassword()); assertThat(tgt).isNotNull(); =20 - tkt =3D krbClnt.requestServiceTicketWithTgt(tgt, getServerPrin= cipal()); + tkt =3D getKrbClient().requestServiceTicketWithTgt(tgt, getSer= verPrincipal()); assertThat(tkt).isNotNull(); } catch (Exception e) { System.out.println("Exception occurred with good password"); http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-= kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/OnlyTcpForNettyKdcNetw= orkTest.java ---------------------------------------------------------------------- diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/Onl= yTcpForNettyKdcNetworkTest.java b/kerby-kdc-test/src/test/java/org/apache/k= erby/kerberos/kdc/OnlyTcpForNettyKdcNetworkTest.java index 6b46e8e..86f5214 100644 --- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/OnlyTcpFor= NettyKdcNetworkTest.java +++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/OnlyTcpFor= NettyKdcNetworkTest.java @@ -20,6 +20,7 @@ package org.apache.kerby.kerberos.kdc; =20 import org.apache.kerby.kerberos.kdc.identitybackend.JsonIdentityBackend; +import org.apache.kerby.kerberos.kerb.KrbException; import org.apache.kerby.kerberos.kerb.server.BackendConfig; import org.junit.AfterClass; import org.junit.Test; @@ -37,19 +38,24 @@ public class OnlyTcpForNettyKdcNetworkTest extends Kerb= yKdcTest { } =20 @Override + protected boolean allowTcp() { + return true; + } + + @Override protected boolean allowUdp() { return false; } =20 @Override - protected void prepareKdcServer() throws Exception { - super.prepareKdcServer(); + protected void prepareKdc() throws KrbException { + super.prepareKdc(); =20 File testDir =3D new File(System.getProperty("test.dir", "target")= ); jsonBackendFile =3D new File(testDir, "json-backend-file"); String jsonBackendFileString =3D jsonBackendFile.getAbsolutePath()= ; =20 - BackendConfig backendConfig =3D kdcServer.getBackendConfig(); + BackendConfig backendConfig =3D getKdcServer().getBackendConfig(); backendConfig.setString( JsonIdentityBackend.JSON_IDENTITY_BACKEND_FILE, jsonBacken= dFileString); } http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-= kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/OnlyUdpForNettyKdcNetw= orkTest.java ---------------------------------------------------------------------- diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/Onl= yUdpForNettyKdcNetworkTest.java b/kerby-kdc-test/src/test/java/org/apache/k= erby/kerberos/kdc/OnlyUdpForNettyKdcNetworkTest.java index 0097eec..c844380 100644 --- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/OnlyUdpFor= NettyKdcNetworkTest.java +++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/OnlyUdpFor= NettyKdcNetworkTest.java @@ -20,6 +20,7 @@ package org.apache.kerby.kerberos.kdc; =20 import org.apache.kerby.kerberos.kdc.identitybackend.JsonIdentityBackend; +import org.apache.kerby.kerberos.kerb.KrbException; import org.apache.kerby.kerberos.kerb.server.BackendConfig; import org.junit.AfterClass; import org.junit.Test; @@ -42,14 +43,19 @@ public class OnlyUdpForNettyKdcNetworkTest extends Kerb= yKdcTest { } =20 @Override - protected void prepareKdcServer() throws Exception { - super.prepareKdcServer(); + protected boolean allowUdp() { + return true; + } + + @Override + protected void prepareKdc() throws KrbException { + super.prepareKdc(); =20 File testDir =3D new File(System.getProperty("test.dir", "target")= ); jsonBackendFile =3D new File(testDir, "json-backend-file"); String jsonBackendFileString =3D jsonBackendFile.getAbsolutePath()= ; =20 - BackendConfig backendConfig =3D kdcServer.getBackendConfig(); + BackendConfig backendConfig =3D getKdcServer().getBackendConfig(); backendConfig.setString( JsonIdentityBackend.JSON_IDENTITY_BACKEND_FILE, jsonBackendFileString); http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-= kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithAccessTokenKdcTest= .java ---------------------------------------------------------------------- diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/Wit= hAccessTokenKdcTest.java b/kerby-kdc-test/src/test/java/org/apache/kerby/ke= rberos/kdc/WithAccessTokenKdcTest.java index cb23513..d815e37 100644 --- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithAccess= TokenKdcTest.java +++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithAccess= TokenKdcTest.java @@ -29,7 +29,7 @@ public class WithAccessTokenKdcTest extends WithTokenKdcT= estBase { prepareToken(getServerPrincipal()); createCredentialCache(getClientPrincipal(), getClientPassword()); =20 - ServiceTicket serviceTicket =3D krbClnt.requestServiceTicketWithAc= cessToken( + ServiceTicket serviceTicket =3D getKrbClient().requestServiceTicke= tWithAccessToken( getKrbToken(), getServerPrincipal(), getcCacheFile().getPath()= ); verifyTicket(serviceTicket); =20 http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-= kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithIdentityTokenKdcTe= st.java ---------------------------------------------------------------------- diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/Wit= hIdentityTokenKdcTest.java b/kerby-kdc-test/src/test/java/org/apache/kerby/= kerberos/kdc/WithIdentityTokenKdcTest.java index 2a78f01..045da51 100644 --- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithIdenti= tyTokenKdcTest.java +++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithIdenti= tyTokenKdcTest.java @@ -36,14 +36,16 @@ public class WithIdentityTokenKdcTest extends WithToken= KdcTestBase { =20 TgtTicket tgt =3D null; try { - tgt =3D krbClnt.requestTgtWithToken(getKrbToken(), getcCacheFi= le().getPath()); + tgt =3D getKrbClient().requestTgtWithToken(getKrbToken(), + getcCacheFile().getPath()); } catch (KrbException e) { assertThat(e.getMessage().contains("timeout")).isTrue(); return; } verifyTicket(tgt); =20 - ServiceTicket tkt =3D krbClnt.requestServiceTicketWithTgt(tgt, get= ServerPrincipal()); + ServiceTicket tkt =3D getKrbClient().requestServiceTicketWithTgt(t= gt, + getServerPrincipal()); verifyTicket(tkt); } } \ No newline at end of file http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-= kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithTokenKdcTestBase.j= ava ---------------------------------------------------------------------- diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/Wit= hTokenKdcTestBase.java b/kerby-kdc-test/src/test/java/org/apache/kerby/kerb= eros/kdc/WithTokenKdcTestBase.java index 3e97223..01f490c 100644 --- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithTokenK= dcTestBase.java +++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/WithTokenK= dcTestBase.java @@ -58,13 +58,13 @@ public class WithTokenKdcTestBase extends KdcTestBase { @Override protected void createPrincipals() throws KrbException { super.createPrincipals(); - kdcServer.createPrincipal(getClientPrincipal(), clientPassword); + getKdcServer().createPrincipal(getClientPrincipal(), getClientPass= word()); } =20 @Override protected void deletePrincipals() throws KrbException { super.deletePrincipals(); - kdcServer.deletePrincipal(getClientPrincipal()); + getKdcServer().deletePrincipal(getClientPrincipal()); } =20 protected AuthToken getKrbToken() { @@ -104,14 +104,9 @@ public class WithTokenKdcTestBase extends KdcTestBase = { return krbToken; } =20 - @Override - protected void prepareKdcServer() throws Exception { - super.prepareKdcServer(); - } - protected File createCredentialCache(String principal, String password) throws Exception { - TgtTicket tgt =3D krbClnt.requestTgtWithPassword(principal, passwo= rd); + TgtTicket tgt =3D getKrbClient().requestTgtWithPassword(principal,= password); writeTgtToCache(tgt, principal); return cCacheFile; } @@ -137,7 +132,7 @@ public class WithTokenKdcTestBase extends KdcTestBase { =20 protected void verifyTicket(AbstractServiceTicket ticket) { assertThat(ticket).isNotNull(); - assertThat(ticket.getRealm()).isEqualTo(kdcServer.getKdcRealm()); + assertThat(ticket.getRealm()).isEqualTo(getKdcServer().getKdcSetti= ng().getKdcRealm()); assertThat(ticket.getTicket()).isNotNull(); assertThat(ticket.getSessionKey()).isNotNull(); assertThat(ticket.getEncKdcRepPart()).isNotNull(); http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-= kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/ZookeeperBackendKdcTes= t.java ---------------------------------------------------------------------- diff --git a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/Zoo= keeperBackendKdcTest.java b/kerby-kdc-test/src/test/java/org/apache/kerby/k= erberos/kdc/ZookeeperBackendKdcTest.java index fda0f4b..2c62232 100644 --- a/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/ZookeeperB= ackendKdcTest.java +++ b/kerby-kdc-test/src/test/java/org/apache/kerby/kerberos/kdc/ZookeeperB= ackendKdcTest.java @@ -20,6 +20,7 @@ package org.apache.kerby.kerberos.kdc; =20 import org.apache.kerby.kerberos.kdc.identitybackend.ZKConfKey; +import org.apache.kerby.kerberos.kerb.KrbException; import org.apache.kerby.kerberos.kerb.server.BackendConfig; import org.apache.kerby.kerberos.kerb.server.KdcConfigKey; import org.junit.AfterClass; @@ -47,10 +48,10 @@ public class ZookeeperBackendKdcTest extends KerbyKdcTe= st { } =20 @Override - protected void prepareKdcServer() throws Exception { - super.prepareKdcServer(); + protected void prepareKdc() throws KrbException { + super.prepareKdc(); =20 - BackendConfig backendConfig =3D kdcServer.getBackendConfig(); + BackendConfig backendConfig =3D getKdcServer().getBackendConfig(); =20 File testDir =3D new File(System.getProperty("test.dir", "target")= ); instanceDir =3D new File(testDir, "zookeeper"); http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-= kdc-test/src/test/resources/krb5-udp.conf ---------------------------------------------------------------------- diff --git a/kerby-kdc-test/src/test/resources/krb5-udp.conf b/kerby-kdc-te= st/src/test/resources/krb5-udp.conf deleted file mode 100644 index 1e878bd..0000000 --- a/kerby-kdc-test/src/test/resources/krb5-udp.conf +++ /dev/null @@ -1,8 +0,0 @@ -[libdefaults] - default_realm =3D TEST.COM - permitted_enctypes =3D des-cbc-crc aes128-cts-hmac-sha1-96 aes128-cts-= hmac-sha1-96 des3-cbc-sha1-kd - -[realms] - TEST.COM =3D { - kdc =3D localhost:port - } \ No newline at end of file http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-= kdc-test/src/test/resources/krb5.conf ---------------------------------------------------------------------- diff --git a/kerby-kdc-test/src/test/resources/krb5.conf b/kerby-kdc-test/s= rc/test/resources/krb5.conf deleted file mode 100644 index d1361d9..0000000 --- a/kerby-kdc-test/src/test/resources/krb5.conf +++ /dev/null @@ -1,9 +0,0 @@ -[libdefaults] - default_realm =3D TEST.COM - udp_preference_limit =3D 1 - permitted_enctypes =3D des-cbc-crc aes128-cts-hmac-sha1-96 aes128-cts-= hmac-sha1-96 des3-cbc-sha1-kd - -[realms] - TEST.COM =3D { - kdc =3D localhost:port - } \ No newline at end of file http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-= kdc/src/main/java/org/apache/kerby/kerberos/kdc/KerbyKdcServer.java ---------------------------------------------------------------------- diff --git a/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/KerbyKdc= Server.java b/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/KerbyKd= cServer.java index e088d5a..e07021c 100644 --- a/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/KerbyKdcServer.= java +++ b/kerby-kdc/src/main/java/org/apache/kerby/kerberos/kdc/KerbyKdcServer.= java @@ -33,14 +33,14 @@ public class KerbyKdcServer extends KdcServer { private Kadmin kadmin; public KerbyKdcServer(File confDir) throws KrbException { super(confDir); - setInnerKdcImpl(new NettyKdcServerImpl(getSetting())); + setInnerKdcImpl(new NettyKdcServerImpl(getKdcSetting())); } =20 @Override public void init() throws KrbException { super.init(); =20 - kadmin =3D new Kadmin(getSetting(), getIdentityService()); + kadmin =3D new Kadmin(getKdcSetting(), getIdentityService()); =20 kadmin.createBuiltinPrincipals(); } http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-= kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/Client= Util.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos= /kerb/client/ClientUtil.java b/kerby-kerb/kerb-client/src/main/java/org/apa= che/kerby/kerberos/kerb/client/ClientUtil.java index 934a78b..c6244f5 100644 --- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/c= lient/ClientUtil.java +++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/c= lient/ClientUtil.java @@ -46,7 +46,8 @@ public final class ClientUtil { krbConfig.addIniConfig(confFile); return krbConfig; } catch (IOException e) { - throw new KrbException("Failed to load krb config " + conf= File.getAbsolutePath()); + throw new KrbException("Failed to load krb config " + + confFile.getAbsolutePath()); } } =20 @@ -70,7 +71,8 @@ public final class ClientUtil { if (tmpEnv !=3D null) { confFile =3D new File(tmpEnv); if (!confFile.exists()) { - throw new KrbException("krb5 conf not found. Invalid env "= + krb5EnvName); + throw new KrbException("krb5 conf not found. Invalid env " + + krb5EnvName); } } else { confDir =3D new File("/etc/"); // for Linux. TODO: fix for Win= etc. @@ -79,16 +81,16 @@ public final class ClientUtil { } } =20 + KrbConfig krbConfig =3D new KrbConfig(); if (confFile !=3D null && confFile.exists()) { - KrbConfig krbConfig =3D new KrbConfig(); try { krbConfig.addIniConfig(confFile); - return krbConfig; } catch (IOException e) { - throw new KrbException("Failed to load krb config " + conf= File.getAbsolutePath()); + throw new KrbException("Failed to load krb config " + + confFile.getAbsolutePath()); } } =20 - return null; + return krbConfig; } } http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-= kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbCon= fig.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos= /kerb/client/KrbConfig.java b/kerby-kerb/kerb-client/src/main/java/org/apac= he/kerby/kerberos/kerb/client/KrbConfig.java index e1b2529..4bbfdfa 100644 --- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/c= lient/KrbConfig.java +++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/c= lient/KrbConfig.java @@ -48,7 +48,10 @@ public class KrbConfig extends Conf { */ public int getKdcPort() { Integer kdcPort =3D getInt(KrbConfigKey.KDC_PORT); - return kdcPort.shortValue(); + if (kdcPort !=3D null) { + return kdcPort.shortValue(); + } + return -1; } =20 /** @@ -57,7 +60,7 @@ public class KrbConfig extends Conf { */ public int getKdcTcpPort() { Integer kdcPort =3D getInt(KrbConfigKey.KDC_TCP_PORT); - if (kdcPort > 0) { + if (kdcPort !=3D null && kdcPort > 0) { return kdcPort.shortValue(); } return getKdcPort(); @@ -84,7 +87,7 @@ public class KrbConfig extends Conf { */ public int getKdcUdpPort() { Integer kdcPort =3D getInt(KrbConfigKey.KDC_UDP_PORT); - if (kdcPort > 0) { + if (kdcPort !=3D null && kdcPort > 0) { return kdcPort.shortValue(); } return getKdcPort(); http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-= kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbCon= figKey.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos= /kerb/client/KrbConfigKey.java b/kerby-kerb/kerb-client/src/main/java/org/a= pache/kerby/kerberos/kerb/client/KrbConfigKey.java index e644825..75478a7 100644 --- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/c= lient/KrbConfigKey.java +++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/c= lient/KrbConfigKey.java @@ -24,11 +24,11 @@ import org.apache.kerby.kerberos.kerb.common.SectionCon= figKey; public enum KrbConfigKey implements SectionConfigKey { KRB_DEBUG(true), KDC_HOST("localhost"), - KDC_PORT(8015), + KDC_PORT(), KDC_ALLOW_UDP(true), KDC_ALLOW_TCP(true), - KDC_UDP_PORT(8016), - KDC_TCP_PORT(8015), + KDC_UDP_PORT(), + KDC_TCP_PORT(), KDC_DOMAIN("example.com"), KDC_REALM("EXAMPLE.COM", "libdefaults"), TGS_PRINCIPAL("krbtgt@EXAMPLE.COM"), http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-= kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/KrbSet= ting.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos= /kerb/client/KrbSetting.java b/kerby-kerb/kerb-client/src/main/java/org/apa= che/kerby/kerberos/kerb/client/KrbSetting.java index 59689a1..da99df0 100644 --- a/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/c= lient/KrbSetting.java +++ b/kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/c= lient/KrbSetting.java @@ -33,6 +33,11 @@ public class KrbSetting { this.krbConfig =3D config; } =20 + public KrbSetting(KrbConfig config) { + this.commonOptions =3D new KOptions(); + this.krbConfig =3D config; + } + public KrbConfig getKrbConfig() { return krbConfig; } http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-= kerb/kerb-client/src/test/java/org/apache/kerby/kerberos/kerb/client/KrbCli= entSettingTest.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-client/src/test/java/org/apache/kerby/kerberos= /kerb/client/KrbClientSettingTest.java b/kerby-kerb/kerb-client/src/test/ja= va/org/apache/kerby/kerberos/kerb/client/KrbClientSettingTest.java index 9377d30..6ccf8bd 100644 --- a/kerby-kerb/kerb-client/src/test/java/org/apache/kerby/kerberos/kerb/c= lient/KrbClientSettingTest.java +++ b/kerby-kerb/kerb-client/src/test/java/org/apache/kerby/kerberos/kerb/c= lient/KrbClientSettingTest.java @@ -29,12 +29,12 @@ public class KrbClientSettingTest { @Test public void testKdcServerMannualSetting() throws KrbException { KrbClient krbClient =3D new KrbClient(); + krbClient.setKdcHost("localhost"); krbClient.setKdcRealm("TEST2.COM"); + krbClient.setAllowUdp(false); krbClient.setKdcTcpPort(12345); =20 - krbClient.init(); - KrbSetting krbSetting =3D krbClient.getSetting(); assertThat(krbSetting.getKdcHost()).isEqualTo("localhost"); assertThat(krbSetting.getKdcTcpPort()).isEqualTo(12345); http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-= kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/common/KrbCon= fHelper.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos= /kerb/common/KrbConfHelper.java b/kerby-kerb/kerb-common/src/main/java/org/= apache/kerby/kerberos/kerb/common/KrbConfHelper.java index 54d57e3..0933b56 100644 --- a/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/c= ommon/KrbConfHelper.java +++ b/kerby-kerb/kerb-common/src/main/java/org/apache/kerby/kerberos/kerb/c= ommon/KrbConfHelper.java @@ -42,34 +42,34 @@ public class KrbConfHelper { if (subConfig !=3D null) { return subConfig.getString(key); } else { - return (String) conf.getString(key); + return conf.getString(key); } } =20 - public static boolean getBooleanUnderSection(Conf conf, SectionConfigK= ey key) { + public static Boolean getBooleanUnderSection(Conf conf, SectionConfigK= ey key) { Config subConfig =3D conf.getConfig(key.getSectionName()); if (subConfig !=3D null) { return subConfig.getBoolean(key); } else { - return (Boolean) conf.getBoolean(key); + return conf.getBoolean(key); } } =20 - public static long getLongUnderSection(Conf conf, SectionConfigKey key= ) { + public static Long getLongUnderSection(Conf conf, SectionConfigKey key= ) { Config subConfig =3D conf.getConfig(key.getSectionName()); if (subConfig !=3D null) { return subConfig.getLong(key); } else { - return (Long) conf.getLong(key); + return conf.getLong(key); } } =20 - public static int getIntUnderSection(Conf conf, SectionConfigKey key) = { + public static Integer getIntUnderSection(Conf conf, SectionConfigKey k= ey) { Config subConfig =3D conf.getConfig(key.getSectionName()); if (subConfig !=3D null) { return subConfig.getInt(key); } else { - return (Integer) conf.getInt(key); + return conf.getInt(key); } } =20 @@ -103,5 +103,4 @@ public class KrbConfHelper { } return results; } - } http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-= kerb/kerb-kdc-test/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcT= estBase.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-kdc-test/src/main/java/org/apache/kerby/kerber= os/kerb/server/KdcTestBase.java b/kerby-kerb/kerb-kdc-test/src/main/java/or= g/apache/kerby/kerberos/kerb/server/KdcTestBase.java index ba06551..cdf65af 100644 --- a/kerby-kerb/kerb-kdc-test/src/main/java/org/apache/kerby/kerberos/kerb= /server/KdcTestBase.java +++ b/kerby-kerb/kerb-kdc-test/src/main/java/org/apache/kerby/kerberos/kerb= /server/KdcTestBase.java @@ -21,10 +21,7 @@ package org.apache.kerby.kerberos.kerb.server; =20 import org.apache.kerby.kerberos.kerb.KrbException; import org.apache.kerby.kerberos.kerb.client.KrbClient; -import org.apache.kerby.kerberos.kerb.client.KrbConfig; -import org.apache.kerby.kerberos.kerb.client.KrbConfigKey; import org.apache.kerby.util.IOUtil; -import org.apache.kerby.util.NetworkUtil; import org.junit.After; import org.junit.AfterClass; import org.junit.Before; @@ -36,20 +33,16 @@ import java.io.IOException; public abstract class KdcTestBase { private static File testDir; =20 - private final String kdcRealm =3D "TEST.COM"; - protected final String clientPassword =3D "123456"; + private final String clientPassword =3D "123456"; private final String hostname =3D "localhost"; private final String clientPrincipalName =3D "drankye"; - private final String clientPrincipal =3D clientPrincipalName + "@" + k= dcRealm; + private final String clientPrincipal =3D + clientPrincipalName + "@" + TestKdcServer.kdcRealm; private final String serverPrincipalName =3D "test-service"; private final String serverPrincipal =3D - serverPrincipalName + "/" + hostname + "@" + kdcRealm; + serverPrincipalName + "/" + hostname + "@" + TestKdcServer.kdc= Realm; =20 - private int tcpPort =3D -1; - private int udpPort =3D -1; - - protected SimpleKdcServer kdcServer; - protected KrbClient krbClnt; + private SimpleKdcServer kdcServer; =20 @BeforeClass public static void createTestDir() throws IOException { @@ -67,10 +60,18 @@ public abstract class KdcTestBase { testDir.delete(); } =20 - public File getTestDir() { + protected File getTestDir() { return testDir; } =20 + protected SimpleKdcServer getKdcServer() { + return kdcServer; + } + + protected KrbClient getKrbClient() { + return kdcServer.getKrbClient(); + } + protected String getClientPrincipalName() { return clientPrincipalName; } @@ -99,14 +100,6 @@ public abstract class KdcTestBase { return true; } =20 - protected int getTcpPort() { - return tcpPort; - } - - protected int getUdpPort() { - return udpPort; - } - protected String getFileContent(String path) throws IOException { return IOUtil.readFile(new File(path)); } @@ -123,14 +116,6 @@ public abstract class KdcTestBase { =20 @Before public void setUp() throws Exception { - if (allowTcp()) { - tcpPort =3D NetworkUtil.getServerPort(); - } - - if (allowUdp()) { - udpPort =3D NetworkUtil.getServerPort(); - } - setUpKdcServer(); =20 createPrincipals(); @@ -138,65 +123,20 @@ public abstract class KdcTestBase { setUpClient(); } =20 - /** - * Prepare KrbClient startup options and config. - * @throws Exception - */ - protected void prepareKrbClient() throws Exception { - - } - - /** - * Prepare KDC startup options and config. - * @throws Exception - */ - protected void prepareKdcServer() throws Exception { - kdcServer.setKdcRealm(kdcRealm); - kdcServer.setKdcHost(hostname); - kdcServer.setAllowTcp(allowTcp()); - if (tcpPort > 0) { - kdcServer.setKdcTcpPort(tcpPort); - } - - kdcServer.setAllowUdp(allowUdp()); - if (udpPort > 0) { - kdcServer.setKdcUdpPort(udpPort); - } + protected void prepareKdc() throws KrbException { + kdcServer.init(); } =20 protected void setUpKdcServer() throws Exception { - kdcServer =3D new SimpleKdcServer(); - - prepareKdcServer(); + kdcServer =3D new TestKdcServer(allowTcp(), allowUdp()); + kdcServer.setWorkDir(testDir); =20 - kdcServer.init(); + prepareKdc(); =20 kdcServer.start(); } =20 protected void setUpClient() throws Exception { - KrbConfig krbConfig =3D new KrbConfig(); - krbConfig.setString(KrbConfigKey.PERMITTED_ENCTYPES, - "aes128-cts-hmac-sha1-96 des-cbc-crc des-cbc-md5 des3-cbc-sha1= "); - - krbClnt =3D new KrbClient(krbConfig); - - krbClnt.setKdcHost(hostname); - krbClnt.setAllowTcp(allowTcp()); - if (tcpPort > 0) { - krbClnt.setKdcTcpPort(tcpPort); - } - krbClnt.setAllowUdp(allowUdp()); - if (udpPort > 0) { - krbClnt.setKdcUdpPort(udpPort); - } - - krbClnt.setTimeout(10 * 1000); - krbClnt.setKdcRealm(kdcServer.getKdcRealm()); - - prepareKrbClient(); - - krbClnt.init(); } =20 protected void createPrincipals() throws KrbException { @@ -205,6 +145,7 @@ public abstract class KdcTestBase { } =20 protected void deletePrincipals() throws KrbException { + kdcServer.getKadmin().deleteBuiltinPrincipals(); kdcServer.deletePrincipals(serverPrincipal); kdcServer.deletePrincipal(clientPrincipal); } http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-= kerb/kerb-kdc-test/src/main/java/org/apache/kerby/kerberos/kerb/server/Test= KdcServer.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-kdc-test/src/main/java/org/apache/kerby/kerber= os/kerb/server/TestKdcServer.java b/kerby-kerb/kerb-kdc-test/src/main/java/= org/apache/kerby/kerberos/kerb/server/TestKdcServer.java new file mode 100644 index 0000000..4395f4b --- /dev/null +++ b/kerby-kerb/kerb-kdc-test/src/main/java/org/apache/kerby/kerberos/kerb= /server/TestKdcServer.java @@ -0,0 +1,54 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * =20 + * http://www.apache.org/licenses/LICENSE-2.0 + * =20 + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License.=20 + * =20 + */ +package org.apache.kerby.kerberos.kerb.server; + +import org.apache.kerby.kerberos.kerb.KrbException; +import org.apache.kerby.kerberos.kerb.client.KrbClient; +import org.apache.kerby.kerberos.kerb.client.KrbConfig; +import org.apache.kerby.kerberos.kerb.client.KrbConfigKey; +import org.apache.kerby.util.NetworkUtil; + +public class TestKdcServer extends SimpleKdcServer { + public final static String kdcRealm =3D "TEST.COM"; + public final static String hostname =3D "localhost"; + + public TestKdcServer(boolean allowTcp, boolean allowUdp) throws KrbExc= eption { + super(); + + setKdcRealm(kdcRealm); + setKdcHost(hostname); + setAllowTcp(allowTcp); + setAllowUdp(allowUdp); + + if (allowTcp) { + setKdcTcpPort(NetworkUtil.getServerPort()); + } + if (allowUdp) { + setKdcUdpPort(NetworkUtil.getServerPort()); + } + + KrbClient krbClnt =3D getKrbClient(); + KrbConfig krbConfig =3D krbClnt.getKrbConfig(); + krbConfig.setString(KrbConfigKey.PERMITTED_ENCTYPES, + "aes128-cts-hmac-sha1-96 des-cbc-crc des-cbc-md5 des3-cbc-= sha1"); + + krbClnt.setTimeout(10 * 1000); + } +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-= kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/GssI= nteropTest.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerber= os/kerb/server/GssInteropTest.java b/kerby-kerb/kerb-kdc-test/src/test/java= /org/apache/kerby/kerberos/kerb/server/GssInteropTest.java index 5968ce1..b6d1d8e 100644 --- a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb= /server/GssInteropTest.java +++ b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb= /server/GssInteropTest.java @@ -43,31 +43,28 @@ import java.util.Set; */ public class GssInteropTest extends KdcTestBase { =20 + protected boolean allowUdp() { + return false; + } + @Before @Override public void setUp() throws Exception { super.setUp(); =20 - File file1 =3D new File(this.getClass().getResource("/kerberos.jaa= s").getPath()); + File file1 =3D new File(this.getClass().getResource( + "/kerberos.jaas").getPath()); String content1 =3D getFileContent(file1.getPath()); String path1 =3D writeToTestDir(content1, file1.getName()); =20 // System.setProperty("sun.security.krb5.debug", "true"); System.setProperty("java.security.auth.login.config", path1); - - // Read in krb5.conf and substitute in the correct port - File file2 =3D new File(this.getClass().getResource("/krb5.conf").= getPath()); - String content2 =3D getFileContent(file2.getPath()); - content2 =3D content2.replaceAll("port", "" + getTcpPort()); - String path2 =3D writeToTestDir(content2, file2.getName()); - - System.setProperty("java.security.krb5.conf", path2); } =20 @Override protected void createPrincipals() throws KrbException { - kdcServer.createPrincipal(getClientPrincipal(), getClientPassword(= )); - kdcServer.createPrincipal(getServerPrincipal(), getServerPassword(= )); + getKdcServer().createPrincipal(getClientPrincipal(), getClientPass= word()); + getKdcServer().createPrincipal(getServerPrincipal(), getServerPass= word()); } =20 private String getServerPassword() { @@ -132,7 +129,7 @@ public class GssInteropTest extends KdcTestBase { pc.setPassword(getClientPassword().toCharArray()); break; } else if (pc.getPrompt().contains(getServerPrincipalN= ame())) { - pc.setPassword(clientPassword.toCharArray()); + pc.setPassword(getClientPassword().toCharArray()); break; } } http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-= kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcS= ettingTest.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerber= os/kerb/server/KdcSettingTest.java b/kerby-kerb/kerb-kdc-test/src/test/java= /org/apache/kerby/kerberos/kerb/server/KdcSettingTest.java index 5ee75af..a48a20e 100644 --- a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb= /server/KdcSettingTest.java +++ b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb= /server/KdcSettingTest.java @@ -35,7 +35,7 @@ public class KdcSettingTest { =20 kerbServer.init(); =20 - KdcSetting kdcSetting =3D kerbServer.getSetting(); + KdcSetting kdcSetting =3D kerbServer.getKdcSetting(); assertThat(kdcSetting.getKdcHost()).isEqualTo("localhost"); assertThat(kdcSetting.getKdcTcpPort()).isEqualTo(12345); assertThat(kdcSetting.getKdcRealm()).isEqualTo("TEST2.COM"); http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-= kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/KdcT= est.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerber= os/kerb/server/KdcTest.java b/kerby-kerb/kerb-kdc-test/src/test/java/org/ap= ache/kerby/kerberos/kerb/server/KdcTest.java index 80da80f..5fcc9fd 100644 --- a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb= /server/KdcTest.java +++ b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb= /server/KdcTest.java @@ -23,8 +23,6 @@ import org.apache.kerby.kerberos.kerb.spec.ticket.Service= Ticket; import org.apache.kerby.kerberos.kerb.spec.ticket.TgtTicket; import org.junit.Assert; =20 -import java.io.File; - import static org.assertj.core.api.Assertions.assertThat; =20 public abstract class KdcTest extends KdcTestBase { @@ -34,11 +32,11 @@ public abstract class KdcTest extends KdcTestBase { ServiceTicket tkt; =20 try { - tgt =3D krbClnt.requestTgtWithPassword(getClientPrincipal(), + tgt =3D getKrbClient().requestTgtWithPassword(getClientPrincip= al(), getClientPassword()); assertThat(tgt).isNotNull(); =20 - tkt =3D krbClnt.requestServiceTicketWithTgt(tgt, getServerPrin= cipal()); + tkt =3D getKrbClient().requestServiceTicketWithTgt(tgt, getSer= verPrincipal()); assertThat(tkt).isNotNull(); } catch (Exception e) { System.out.println("Exception occurred with good password"); http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-= kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/Mult= iRequestsKdcTest.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerber= os/kerb/server/MultiRequestsKdcTest.java b/kerby-kerb/kerb-kdc-test/src/tes= t/java/org/apache/kerby/kerberos/kerb/server/MultiRequestsKdcTest.java index 81c48bb..82fa7dc 100644 --- a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb= /server/MultiRequestsKdcTest.java +++ b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb= /server/MultiRequestsKdcTest.java @@ -38,7 +38,7 @@ public class MultiRequestsKdcTest extends KdcTestBase { protected void createPrincipals() throws KrbException { super.createPrincipals(); clientPrincipal =3D getClientPrincipal(); - kdcServer.createPrincipal(clientPrincipal, password); + getKdcServer().createPrincipal(clientPrincipal, password); } =20 @Test @@ -48,11 +48,11 @@ public class MultiRequestsKdcTest extends KdcTestBase { =20 // With good password try { - tgt =3D krbClnt.requestTgtWithPassword(clientPrincipal, passwo= rd); + tgt =3D getKrbClient().requestTgtWithPassword(clientPrincipal,= password); assertThat(tgt).isNotNull(); =20 serverPrincipal =3D getServerPrincipal(); - tkt =3D krbClnt.requestServiceTicketWithTgt(tgt, serverPrincip= al); + tkt =3D getKrbClient().requestServiceTicketWithTgt(tgt, server= Principal); assertThat(tkt).isNotNull(); } catch (Exception e) { System.out.println("Exception occurred with good password"); @@ -70,10 +70,10 @@ public class MultiRequestsKdcTest extends KdcTestBase { =20 // With good password again try { - tgt =3D krbClnt.requestTgtWithPassword(clientPrincipal, passwo= rd); + tgt =3D getKrbClient().requestTgtWithPassword(clientPrincipal,= password); assertThat(tgt).isNotNull(); =20 - tkt =3D krbClnt.requestServiceTicketWithTgt(tgt, serverPrincip= al); + tkt =3D getKrbClient().requestServiceTicketWithTgt(tgt, server= Principal); assertThat(tkt).isNotNull(); } catch (Exception e) { System.out.println("Exception occurred with good password agai= n"); http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-= kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/Only= TcpKdcTest.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerber= os/kerb/server/OnlyTcpKdcTest.java b/kerby-kerb/kerb-kdc-test/src/test/java= /org/apache/kerby/kerberos/kerb/server/OnlyTcpKdcTest.java index e7e956b..57f1f8d 100644 --- a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb= /server/OnlyTcpKdcTest.java +++ b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb= /server/OnlyTcpKdcTest.java @@ -24,6 +24,11 @@ import org.junit.Test; public class OnlyTcpKdcTest extends KdcTest { =20 @Override + protected boolean allowTcp() { + return true; + } + + @Override protected boolean allowUdp() { return false; } http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-= kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/Only= UdpKdcTest.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerber= os/kerb/server/OnlyUdpKdcTest.java b/kerby-kerb/kerb-kdc-test/src/test/java= /org/apache/kerby/kerberos/kerb/server/OnlyUdpKdcTest.java index 9bfd7bc..4cbcb2a 100644 --- a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb= /server/OnlyUdpKdcTest.java +++ b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb= /server/OnlyUdpKdcTest.java @@ -28,6 +28,11 @@ public class OnlyUdpKdcTest extends KdcTest { return false; } =20 + @Override + protected boolean allowUdp() { + return true; + } + @Test public void testKdc() throws Exception { performKdcTest(); http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-= kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb/server/TcpA= ndUdpKdcTest.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerber= os/kerb/server/TcpAndUdpKdcTest.java b/kerby-kerb/kerb-kdc-test/src/test/ja= va/org/apache/kerby/kerberos/kerb/server/TcpAndUdpKdcTest.java index 673eeb4..2e25fbb 100644 --- a/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb= /server/TcpAndUdpKdcTest.java +++ b/kerby-kerb/kerb-kdc-test/src/test/java/org/apache/kerby/kerberos/kerb= /server/TcpAndUdpKdcTest.java @@ -28,6 +28,11 @@ public class TcpAndUdpKdcTest extends KdcTest { return true; } =20 + @Override + protected boolean allowTcp() { + return true; + } + @Test public void testKdc() throws Exception { performKdcTest(); http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-= kerb/kerb-kdc-test/src/test/resources/krb5.conf ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-kdc-test/src/test/resources/krb5.conf b/kerby-= kerb/kerb-kdc-test/src/test/resources/krb5.conf deleted file mode 100644 index e2fa16a..0000000 --- a/kerby-kerb/kerb-kdc-test/src/test/resources/krb5.conf +++ /dev/null @@ -1,8 +0,0 @@ -[libdefaults] - default_realm =3D TEST.COM - udp_preference_limit =3D 1 - -[realms] - TEST.COM =3D { - kdc =3D localhost:port - } \ No newline at end of file http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-= kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcCon= fig.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos= /kerb/server/KdcConfig.java b/kerby-kerb/kerb-server/src/main/java/org/apac= he/kerby/kerberos/kerb/server/KdcConfig.java index 15e2347..d8747cc 100644 --- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/s= erver/KdcConfig.java +++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/s= erver/KdcConfig.java @@ -6,16 +6,16 @@ * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at - * =20 + * * http://www.apache.org/licenses/LICENSE-2.0 - * =20 + * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License.=20 - * =20 + * */ package org.apache.kerby.kerberos.kerb.server; =20 @@ -45,30 +45,41 @@ public class KdcConfig extends Conf { public int getKdcPort() { Integer kdcPort =3D KrbConfHelper.getIntUnderSection(this, KdcConfigKey.KDC_PORT); - return kdcPort.intValue(); + if (kdcPort !=3D null && kdcPort > 0) { + return kdcPort.intValue(); + } + return -1; } =20 public int getKdcTcpPort() { Integer kdcTcpPort =3D KrbConfHelper.getIntUnderSection(this, KdcConfigKey.KDC_TCP_PORT); - if (kdcTcpPort > 0) { + if (kdcTcpPort !=3D null && kdcTcpPort > 0) { return kdcTcpPort.intValue(); } return getKdcPort(); } =20 /** + * Is to allow TCP for KDC + * @return true to allow TCP, false otherwise + */ + public Boolean allowTcp() { + return getBoolean(KdcConfigKey.KDC_ALLOW_TCP); + } + + /** * Is to allow UDP for KDC * @return true to allow UDP, false otherwise */ - public boolean allowKdcUdp() { + public Boolean allowUdp() { return getBoolean(KdcConfigKey.KDC_ALLOW_UDP); } =20 public int getKdcUdpPort() { Integer kdcUdpPort =3D KrbConfHelper.getIntUnderSection(this, KdcConfigKey.KDC_UDP_PORT); - if (kdcUdpPort > 0) { + if (kdcUdpPort !=3D null && kdcUdpPort > 0) { return kdcUdpPort.intValue(); } return getKdcPort(); http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-= kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcCon= figKey.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos= /kerb/server/KdcConfigKey.java b/kerby-kerb/kerb-server/src/main/java/org/a= pache/kerby/kerberos/kerb/server/KdcConfigKey.java index 02116e7..b071bd6 100644 --- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/s= erver/KdcConfigKey.java +++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/s= erver/KdcConfigKey.java @@ -26,11 +26,12 @@ public enum KdcConfigKey implements SectionConfigKey { KRB_DEBUG(true), KDC_SERVICE_NAME("KDC-Server"), KDC_IDENTITY_BACKEND, - KDC_HOST("127.0.0.1", "kdcdefaults"), // NOPMD - KDC_PORT(8015, "kdcdefaults"), + KDC_HOST("127.0.0.1", "kdcdefaults"),// NOPMD + KDC_PORT(null, "kdcdefaults"), + KDC_ALLOW_TCP(true, "kdcdefaults"), KDC_ALLOW_UDP(true, "kdcdefaults"), - KDC_UDP_PORT(8016, "kdcdefaults"), - KDC_TCP_PORT(8015, "kdcdefaults"), + KDC_UDP_PORT(null, "kdcdefaults"), + KDC_TCP_PORT(null, "kdcdefaults"), KDC_DOMAIN("example.com"), KDC_REALM("EXAMPLE.COM", "kdcdefaults"), PREAUTH_REQUIRED(true), http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-= kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcSer= ver.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos= /kerb/server/KdcServer.java b/kerby-kerb/kerb-server/src/main/java/org/apac= he/kerby/kerberos/kerb/server/KdcServer.java index f5465ad..5541a9e 100644 --- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/s= erver/KdcServer.java +++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/s= erver/KdcServer.java @@ -105,6 +105,14 @@ public class KdcServer { } =20 /** + * Set KDC port. + * @param kdcPort + */ + public void setKdcPort(int kdcPort) { + startupOptions.add(KdcServerOption.KDC_PORT, kdcPort); + } + + /** * Set KDC tcp port. * @param kdcTcpPort */ @@ -162,7 +170,7 @@ public class KdcServer { * Get KDC setting from startup options and configs. * @return setting */ - public KdcSetting getSetting() { + public KdcSetting getKdcSetting() { return kdcSetting; } =20 @@ -205,6 +213,9 @@ public class KdcServer { } =20 public void start() throws KrbException { + if (innerKdc =3D=3D null) { + throw new RuntimeException("Not init yet"); + } innerKdc.start(); } =20 http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-= kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcSer= verOption.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos= /kerb/server/KdcServerOption.java b/kerby-kerb/kerb-server/src/main/java/or= g/apache/kerby/kerberos/kerb/server/KdcServerOption.java index 9d5243a..b663887 100644 --- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/s= erver/KdcServerOption.java +++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/s= erver/KdcServerOption.java @@ -30,6 +30,7 @@ public enum KdcServerOption implements KOption { INNER_KDC_IMPL("inner KDC impl", KOptionType.OBJ), KDC_REALM("kdc realm", KOptionType.STR), KDC_HOST("kdc host", KOptionType.STR), + KDC_PORT("kdc port", KOptionType.INT), ALLOW_TCP("allow tcp", KOptionType.BOOL), KDC_TCP_PORT("kdc tcp port", KOptionType.INT), ALLOW_UDP("allow udp", KOptionType.BOOL), http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-= kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcSet= ting.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos= /kerb/server/KdcSetting.java b/kerby-kerb/kerb-server/src/main/java/org/apa= che/kerby/kerberos/kerb/server/KdcSetting.java index 16c21a8..64df7cf 100644 --- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/s= erver/KdcSetting.java +++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/s= erver/KdcSetting.java @@ -70,15 +70,36 @@ public class KdcSetting { if (tcpPort < 1) { tcpPort =3D kdcConfig.getKdcTcpPort(); } + if (tcpPort < 1) { + tcpPort =3D getKdcPort(); + } + return tcpPort; } =20 + public int getKdcPort() { + int kdcPort =3D startupOptions.getIntegerOption(KdcServerOption.KD= C_PORT); + if (kdcPort < 1) { + kdcPort =3D kdcConfig.getKdcPort(); + } + return kdcPort; + } + + public boolean allowTcp() { + Boolean allowTcp =3D startupOptions.getBooleanOption(KdcServerOpti= on.ALLOW_TCP); + if (allowTcp =3D=3D null) { + allowTcp =3D kdcConfig.allowTcp(); + } + + return allowTcp !=3D null ? allowTcp : false; + } + public boolean allowUdp() { Boolean allowUdp =3D startupOptions.getBooleanOption(KdcServerOpti= on.ALLOW_UDP); if (allowUdp =3D=3D null) { - allowUdp =3D kdcConfig.allowKdcUdp(); + allowUdp =3D kdcConfig.allowUdp(); } - return allowUdp; + return allowUdp !=3D null ? allowUdp : false; } =20 public int getKdcUdpPort() { @@ -86,6 +107,10 @@ public class KdcSetting { if (udpPort < 1) { udpPort =3D kdcConfig.getKdcUdpPort(); } + if (udpPort < 1) { + udpPort =3D getKdcPort(); + } + return udpPort; } =20 http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-= kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/impl/A= bstractInternalKdcServer.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos= /kerb/server/impl/AbstractInternalKdcServer.java b/kerby-kerb/kerb-server/s= rc/main/java/org/apache/kerby/kerberos/kerb/server/impl/AbstractInternalKdc= Server.java index 48d8cfc..52ec4d7 100644 --- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/s= erver/impl/AbstractInternalKdcServer.java +++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/s= erver/impl/AbstractInternalKdcServer.java @@ -92,7 +92,7 @@ public class AbstractInternalKdcServer implements Interna= lKdcServer { try { doStop(); } catch (Exception e) { - throw new KrbException("Failed to stop " + getServiceName()); + throw new KrbException("Failed to stop " + getServiceName(), e= ); } =20 started =3D false; http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-= kerb/kerb-server/src/test/java/org/apache/kerby/kerberos/kerb/server/Simple= KdcTest.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-server/src/test/java/org/apache/kerby/kerberos= /kerb/server/SimpleKdcTest.java b/kerby-kerb/kerb-server/src/test/java/org/= apache/kerby/kerberos/kerb/server/SimpleKdcTest.java index 8861bc5..3a49f75 100644 --- a/kerby-kerb/kerb-server/src/test/java/org/apache/kerby/kerberos/kerb/s= erver/SimpleKdcTest.java +++ b/kerby-kerb/kerb-server/src/test/java/org/apache/kerby/kerberos/kerb/s= erver/SimpleKdcTest.java @@ -19,6 +19,7 @@ */ package org.apache.kerby.kerberos.kerb.server; =20 +import org.apache.kerby.util.NetworkUtil; import org.junit.After; import org.junit.Before; import org.junit.Test; @@ -31,9 +32,8 @@ import java.nio.ByteBuffer; import java.nio.channels.SocketChannel; =20 public class SimpleKdcTest { - private String serverHost =3D "localhost"; - private int serverPort =3D 0; + private int serverPort =3D -1; =20 private KdcServer kdcServer; =20 @@ -41,7 +41,9 @@ public class SimpleKdcTest { public void setUp() throws Exception { kdcServer =3D new KdcServer(); kdcServer.setKdcHost(serverHost); - serverPort =3D getServerPort(); + kdcServer.setAllowUdp(false); + kdcServer.setAllowTcp(true); + serverPort =3D NetworkUtil.getServerPort(); kdcServer.setKdcTcpPort(serverPort); kdcServer.init(); kdcServer.start(); @@ -64,24 +66,6 @@ public class SimpleKdcTest { =20 socketChannel.write(writeBuffer); } - =20 - /** - * Get a server socket point for testing usage, either TCP or UDP. - * @return server socket point - */ - private static int getServerPort() { - int serverPort =3D 0; - - try { - ServerSocket serverSocket =3D new ServerSocket(0); - serverPort =3D serverSocket.getLocalPort(); - serverSocket.close(); - } catch (IOException e) { - throw new RuntimeException("Failed to get a server socket poin= t"); - } - - return serverPort; - } =20 @After public void tearDown() throws Exception { http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-= kerb/kerb-server/src/test/java/org/apache/kerby/kerberos/kerb/server/TestKd= cConfigLoad.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-server/src/test/java/org/apache/kerby/kerberos= /kerb/server/TestKdcConfigLoad.java b/kerby-kerb/kerb-server/src/test/java/= org/apache/kerby/kerberos/kerb/server/TestKdcConfigLoad.java index 2238b1a..29840bf 100644 --- a/kerby-kerb/kerb-server/src/test/java/org/apache/kerby/kerberos/kerb/s= erver/TestKdcConfigLoad.java +++ b/kerby-kerb/kerb-server/src/test/java/org/apache/kerby/kerberos/kerb/s= erver/TestKdcConfigLoad.java @@ -77,9 +77,7 @@ public class TestKdcConfigLoad { =20 assertThat(kdcConfig.getKdcHost()).isEqualTo( KdcConfigKey.KDC_HOST.getDefaultValue()); - assertThat(kdcConfig.getKdcTcpPort()).isEqualTo( - KdcConfigKey.KDC_TCP_PORT.getDefaultValue() - ); + assertThat(kdcConfig.getKdcTcpPort()).isEqualTo(-1); assertThat(kdcConfig.getKdcRealm()).isEqualTo( KdcConfigKey.KDC_REALM.getDefaultValue() ); http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-= kerb/kerb-simplekdc/pom.xml ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-simplekdc/pom.xml b/kerby-kerb/kerb-simplekdc/= pom.xml index f71b4fc..8b1cdba 100644 --- a/kerby-kerb/kerb-simplekdc/pom.xml +++ b/kerby-kerb/kerb-simplekdc/pom.xml @@ -39,6 +39,11 @@ org.apache.kerby + kerb-client + ${project.version} + + + org.apache.kerby kerb-util ${project.version} http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-= kerb/kerb-simplekdc/src/main/java/org/apache/kerby/kerberos/kerb/server/Krb= 5Conf.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-simplekdc/src/main/java/org/apache/kerby/kerbe= ros/kerb/server/Krb5Conf.java b/kerby-kerb/kerb-simplekdc/src/main/java/org= /apache/kerby/kerberos/kerb/server/Krb5Conf.java new file mode 100644 index 0000000..b96ba50 --- /dev/null +++ b/kerby-kerb/kerb-simplekdc/src/main/java/org/apache/kerby/kerberos/ker= b/server/Krb5Conf.java @@ -0,0 +1,53 @@ +package org.apache.kerby.kerberos.kerb.server; + +import org.apache.kerby.util.IOUtil; + +import java.io.File; +import java.io.IOException; +import java.io.InputStream; + +/** + * Generate krb5 file using given kdc server settings. + */ +public class Krb5Conf { + private static final String KRB5_CONF =3D "java.security.krb5.conf"; + private static final String KRB5_CONF_FILE =3D "krb5.conf"; + private SimpleKdcServer kdcServer; + + public Krb5Conf(SimpleKdcServer kdcServer) { + this.kdcServer =3D kdcServer; + } + + public void initKrb5conf() throws IOException { + File confFile =3D generateConfFile(); + System.setProperty(KRB5_CONF, confFile.getAbsolutePath()); + } + + // Read in krb5.conf and substitute in the correct port + private File generateConfFile() throws IOException { + KdcSetting setting =3D kdcServer.getKdcSetting(); + + String resourcePath =3D setting.allowUdp() ? "/krb5_udp.conf" : "/= krb5.conf"; + InputStream templateResource =3D getClass().getResourceAsStream(re= sourcePath); + String templateContent =3D IOUtil.readInput(templateResource); + + String content =3D templateContent; + + content =3D content.replaceAll("_REALM_", "" + setting.getKdcRealm= ()); + + int kdcPort =3D setting.allowUdp() ? setting.getKdcUdpPort() : + setting.getKdcTcpPort(); + content =3D content.replaceAll("_PORT_", + String.valueOf(kdcPort)); + + if (setting.allowUdp()) { + int udpLimit =3D setting.allowUdp() ? 1 : 4096; + content =3D content.replaceAll("_UDP_LIMIT_", String.valueOf(u= dpLimit)); + } + + File confFile =3D new File(kdcServer.getWorkDir(), KRB5_CONF_FILE)= ; + IOUtil.writeFile(content, confFile); + + return confFile; + } +} http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-= kerb/kerb-simplekdc/src/main/java/org/apache/kerby/kerberos/kerb/server/Sim= pleKdcServer.java ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-simplekdc/src/main/java/org/apache/kerby/kerbe= ros/kerb/server/SimpleKdcServer.java b/kerby-kerb/kerb-simplekdc/src/main/j= ava/org/apache/kerby/kerberos/kerb/server/SimpleKdcServer.java index 18ba81b..6acf37f 100644 --- a/kerby-kerb/kerb-simplekdc/src/main/java/org/apache/kerby/kerberos/ker= b/server/SimpleKdcServer.java +++ b/kerby-kerb/kerb-simplekdc/src/main/java/org/apache/kerby/kerberos/ker= b/server/SimpleKdcServer.java @@ -21,35 +21,102 @@ package org.apache.kerby.kerberos.kerb.server; =20 import org.apache.kerby.kerberos.kerb.KrbException; import org.apache.kerby.kerberos.kerb.admin.Kadmin; +import org.apache.kerby.kerberos.kerb.client.KrbClient; import org.apache.kerby.util.NetworkUtil; =20 import java.io.File; +import java.io.IOException; =20 /** - * A simple KDC server mainly for test usage. + * A simple KDC server mainly for test usage. It also integrates krb clien= t and + * kadmin sides for convenience. */ public class SimpleKdcServer extends KdcServer { + private final KrbClient krbClnt; private Kadmin kadmin; =20 - /** - * Prepare KDC configuration. - */ - public SimpleKdcServer() { + private File workDir; + + public SimpleKdcServer() throws KrbException { super(); + this.krbClnt =3D new KrbClient(); + + setKdcRealm("EXAMPLE.COM"); + setKdcHost("localhost"); + setKdcPort(NetworkUtil.getServerPort()); + } =20 - KdcConfig kdcConfig =3D getKdcConfig(); - kdcConfig.setString(KdcConfigKey.KDC_HOST, "localhost"); - kdcConfig.setInt(KdcConfigKey.KDC_PORT, NetworkUtil.getServerPort(= )); - kdcConfig.setString(KdcConfigKey.KDC_REALM, "EXAMPLE.COM"); + public void setWorkDir(File workDir) { + this.workDir =3D workDir; + } + + public File getWorkDir() { + return workDir; + } + + @Override + public void setKdcRealm(String realm) { + super.setKdcRealm(realm); + krbClnt.setKdcRealm(realm); + } + + @Override + public void setKdcHost(String kdcHost) { + super.setKdcHost(kdcHost); + krbClnt.setKdcHost(kdcHost); + } + + @Override + public void setKdcTcpPort(int kdcTcpPort) { + super.setKdcTcpPort(kdcTcpPort); + krbClnt.setKdcTcpPort(kdcTcpPort); + setAllowTcp(true); + } + + @Override + public void setAllowUdp(boolean allowUdp) { + super.setAllowUdp(allowUdp); + krbClnt.setAllowUdp(allowUdp); + } + + @Override + public void setAllowTcp(boolean allowTcp) { + super.setAllowTcp(allowTcp); + krbClnt.setAllowTcp(allowTcp); + } + + @Override + public void setKdcUdpPort(int kdcUdpPort) { + super.setKdcUdpPort(kdcUdpPort); + krbClnt.setKdcUdpPort(kdcUdpPort); + setAllowUdp(true); } =20 @Override public void init() throws KrbException { super.init(); =20 - kadmin =3D new Kadmin(getSetting(), getIdentityService()); + kadmin =3D new Kadmin(getKdcSetting(), getIdentityService()); =20 kadmin.createBuiltinPrincipals(); + + try { + Krb5Conf krb5Conf =3D new Krb5Conf(this); + krb5Conf.initKrb5conf(); + } catch (IOException e) { + throw new KrbException("Failed to make krb5.conf", e); + } + } + + @Override + public void start() throws KrbException { + super.start(); + + krbClnt.init(); + } + + public KrbClient getKrbClient() { + return krbClnt; } =20 /** @@ -60,14 +127,6 @@ public class SimpleKdcServer extends KdcServer { return kadmin; } =20 - public String getKdcRealm() { - return getSetting().getKdcRealm(); - } - - public String getKdcHost() { - return getSetting().getKdcHost(); - } - public void createPrincipal(String principal) throws KrbException { kadmin.addPrincipal(principal); } http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-= kerb/kerb-simplekdc/src/main/resources/krb5.conf ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-simplekdc/src/main/resources/krb5.conf b/kerby= -kerb/kerb-simplekdc/src/main/resources/krb5.conf new file mode 100644 index 0000000..6ee7d8f --- /dev/null +++ b/kerby-kerb/kerb-simplekdc/src/main/resources/krb5.conf @@ -0,0 +1,7 @@ +[libdefaults] + default_realm =3D _REALM_ + +[realms] + _REALM_ =3D { + kdc =3D localhost:_PORT_ + } \ No newline at end of file http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/kerby-= kerb/kerb-simplekdc/src/main/resources/krb5_udp.conf ---------------------------------------------------------------------- diff --git a/kerby-kerb/kerb-simplekdc/src/main/resources/krb5_udp.conf b/k= erby-kerb/kerb-simplekdc/src/main/resources/krb5_udp.conf new file mode 100644 index 0000000..511587c --- /dev/null +++ b/kerby-kerb/kerb-simplekdc/src/main/resources/krb5_udp.conf @@ -0,0 +1,8 @@ +[libdefaults] + default_realm =3D _REALM_ + udp_preference_limit =3D _UDP_LIMIT_ + +[realms] + _REALM_ =3D { + kdc =3D localhost:_PORT_ + } \ No newline at end of file http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/lib/ke= rby-config/src/main/java/org/apache/kerby/config/ConfigImpl.java ---------------------------------------------------------------------- diff --git a/lib/kerby-config/src/main/java/org/apache/kerby/config/ConfigI= mpl.java b/lib/kerby-config/src/main/java/org/apache/kerby/config/ConfigImp= l.java index 92cafe2..9836792 100644 --- a/lib/kerby-config/src/main/java/org/apache/kerby/config/ConfigImpl.jav= a +++ b/lib/kerby-config/src/main/java/org/apache/kerby/config/ConfigImpl.jav= a @@ -229,7 +229,8 @@ public class ConfigImpl implements Config { @Override public Boolean getBoolean(ConfigKey name) { if (name.getDefaultValue() !=3D null) { - return getBoolean(name.getPropertyKey(), (Boolean) name.getDef= aultValue()); + return getBoolean(name.getPropertyKey(), + (Boolean) name.getDefaultValue()); } return getBoolean(name.getPropertyKey()); } http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/497e0303/lib/ke= rby-util/src/main/java/org/apache/kerby/util/IOUtil.java ---------------------------------------------------------------------- diff --git a/lib/kerby-util/src/main/java/org/apache/kerby/util/IOUtil.java= b/lib/kerby-util/src/main/java/org/apache/kerby/util/IOUtil.java index 187b6f2..abfae3d 100644 --- a/lib/kerby-util/src/main/java/org/apache/kerby/util/IOUtil.java +++ b/lib/kerby-util/src/main/java/org/apache/kerby/util/IOUtil.java @@ -26,9 +26,21 @@ import java.nio.channels.FileChannel; /** * Some IO and file related utilities. */ -public class IOUtil { +public final class IOUtil { + private IOUtil() {} =20 - public static void readInputStream(InputStream in, byte buf[]) throws = IOException { + public static byte[] readInputStream(InputStream in) throws IOExceptio= n { + ByteArrayOutputStream baos =3D new ByteArrayOutputStream(); + byte[] buffer =3D new byte[1024]; + int length =3D 0; + while ((length =3D in.read(buffer)) !=3D -1) { + baos.write(buffer, 0, length); + } + return baos.toByteArray(); + } + + public static void readInputStream(InputStream in, + byte buf[]) throws IOException { int toRead =3D buf.length; int off =3D 0; while (toRead > 0) { @@ -42,6 +54,17 @@ public class IOUtil { } =20 /** + * Read an input stream and return the content as string assuming UTF8= . + * @param in + * @return + * @throws IOException + */ + public static String readInput(InputStream in) throws IOException { + byte[] content =3D readInputStream(in); + return Utf8.toString(content); + } + + /** * Read a file and return the content as string assuming UTF8. * @param file * @return