/// <summary>Creates multiple principals in the KDC and adds them to a keytab file.</summary>
/// <param name="keytabFile">keytab file to add the created principal.s</param>
/// <param name="principals">principals to add to the KDC, do not include the domain.
/// </param>
/// <exception cref="System.Exception">
/// thrown if the principals or the keytab file could not be
/// created.
/// </exception>
public virtual void CreatePrincipal(FilePath keytabFile, params string[] principals
)
{
string generatedPassword = UUID.RandomUUID().ToString();
Org.Apache.Directory.Server.Kerberos.Shared.Keytab.Keytab keytab = new Org.Apache.Directory.Server.Kerberos.Shared.Keytab.Keytab
();
IList <KeytabEntry> entries = new AList <KeytabEntry>();
foreach (string principal in principals)
{
CreatePrincipal(principal, generatedPassword);
principal = principal + "@" + GetRealm();
KerberosTime timestamp = new KerberosTime();
foreach (KeyValuePair <EncryptionType, EncryptionKey> entry in KerberosKeyFactory.
GetKerberosKeys(principal, generatedPassword))
{
EncryptionKey ekey = entry.Value;
byte keyVersion = unchecked ((byte)ekey.GetKeyVersion());
entries.AddItem(new KeytabEntry(principal, 1L, timestamp, keyVersion, ekey));
}
}
keytab.SetEntries(entries);
keytab.Write(keytabFile);
}
/// <summary>Get all the unique principals present in the keytabfile.</summary>
/// <param name="keytabFileName">
///
/// Name of the keytab file to be read.
/// </param>
/// <returns>list of unique principals in the keytab.</returns>
/// <exception cref="System.IO.IOException">
///
/// If keytab entries cannot be read from the file.
/// </exception>
internal static string[] GetPrincipalNames(string keytabFileName)
{
Org.Apache.Directory.Server.Kerberos.Shared.Keytab.Keytab keytab = Org.Apache.Directory.Server.Kerberos.Shared.Keytab.Keytab
.Read(new FilePath(keytabFileName));
ICollection <string> principals = new HashSet <string>();
IList <KeytabEntry> entries = keytab.GetEntries();
foreach (KeytabEntry entry in entries)
{
principals.AddItem(entry.GetPrincipalName().Replace("\\", "/"));
}
return(Collections.ToArray(principals, new string[0]));
}
public virtual void TestKeytabGen()
{
MiniKdc kdc = GetKdc();
FilePath workDir = GetWorkDir();
kdc.CreatePrincipal(new FilePath(workDir, "keytab"), "foo/bar", "bar/foo");
Org.Apache.Directory.Server.Kerberos.Shared.Keytab.Keytab kt = Org.Apache.Directory.Server.Kerberos.Shared.Keytab.Keytab
.Read(new FilePath(workDir, "keytab"));
ICollection <string> principals = new HashSet <string>();
foreach (KeytabEntry entry in kt.GetEntries())
{
principals.AddItem(entry.GetPrincipalName());
}
//here principals use \ instead of /
//because org.apache.directory.server.kerberos.shared.keytab.KeytabDecoder
// .getPrincipalName(IoBuffer buffer) use \\ when generates principal
Assert.Equal(new HashSet <string>(Arrays.AsList("foo\\bar@" + kdc
.GetRealm(), "bar\\foo@" + kdc.GetRealm())), principals);
}
/// <exception cref="System.IO.IOException"/>
private void CreateKeyTab(string fileName, string[] principalNames)
{
//create a test keytab file
IList <KeytabEntry> lstEntries = new AList <KeytabEntry>();
foreach (string principal in principalNames)
{
// create 3 versions of the key to ensure methods don't return
// duplicate principals
for (int kvno = 1; kvno <= 3; kvno++)
{
EncryptionKey key = new EncryptionKey(EncryptionType.Unknown, Runtime.GetBytesForString
("samplekey1"), kvno);
KeytabEntry keytabEntry = new KeytabEntry(principal, 1, new KerberosTime(), unchecked (
(byte)1), key);
lstEntries.AddItem(keytabEntry);
}
}
Org.Apache.Directory.Server.Kerberos.Shared.Keytab.Keytab keytab = Org.Apache.Directory.Server.Kerberos.Shared.Keytab.Keytab
.GetInstance();
keytab.SetEntries(lstEntries);
keytab.Write(new FilePath(testKeytab));
}
