/// <summary>Creates multiple principals in the KDC and adds them to a keytab file.</summary> /// <param name="keytabFile">keytab file to add the created principal.s</param> /// <param name="principals">principals to add to the KDC, do not include the domain. /// </param> /// <exception cref="System.Exception"> /// thrown if the principals or the keytab file could not be /// created. /// </exception> public virtual void CreatePrincipal(FilePath keytabFile, params string[] principals ) { string generatedPassword = UUID.RandomUUID().ToString(); Org.Apache.Directory.Server.Kerberos.Shared.Keytab.Keytab keytab = new Org.Apache.Directory.Server.Kerberos.Shared.Keytab.Keytab (); IList <KeytabEntry> entries = new AList <KeytabEntry>(); foreach (string principal in principals) { CreatePrincipal(principal, generatedPassword); principal = principal + "@" + GetRealm(); KerberosTime timestamp = new KerberosTime(); foreach (KeyValuePair <EncryptionType, EncryptionKey> entry in KerberosKeyFactory. GetKerberosKeys(principal, generatedPassword)) { EncryptionKey ekey = entry.Value; byte keyVersion = unchecked ((byte)ekey.GetKeyVersion()); entries.AddItem(new KeytabEntry(principal, 1L, timestamp, keyVersion, ekey)); } } keytab.SetEntries(entries); keytab.Write(keytabFile); }
/// <summary>Get all the unique principals present in the keytabfile.</summary> /// <param name="keytabFileName"> /// /// Name of the keytab file to be read. /// </param> /// <returns>list of unique principals in the keytab.</returns> /// <exception cref="System.IO.IOException"> /// /// If keytab entries cannot be read from the file. /// </exception> internal static string[] GetPrincipalNames(string keytabFileName) { Org.Apache.Directory.Server.Kerberos.Shared.Keytab.Keytab keytab = Org.Apache.Directory.Server.Kerberos.Shared.Keytab.Keytab .Read(new FilePath(keytabFileName)); ICollection <string> principals = new HashSet <string>(); IList <KeytabEntry> entries = keytab.GetEntries(); foreach (KeytabEntry entry in entries) { principals.AddItem(entry.GetPrincipalName().Replace("\\", "/")); } return(Collections.ToArray(principals, new string[0])); }
public virtual void TestKeytabGen() { MiniKdc kdc = GetKdc(); FilePath workDir = GetWorkDir(); kdc.CreatePrincipal(new FilePath(workDir, "keytab"), "foo/bar", "bar/foo"); Org.Apache.Directory.Server.Kerberos.Shared.Keytab.Keytab kt = Org.Apache.Directory.Server.Kerberos.Shared.Keytab.Keytab .Read(new FilePath(workDir, "keytab")); ICollection <string> principals = new HashSet <string>(); foreach (KeytabEntry entry in kt.GetEntries()) { principals.AddItem(entry.GetPrincipalName()); } //here principals use \ instead of / //because org.apache.directory.server.kerberos.shared.keytab.KeytabDecoder // .getPrincipalName(IoBuffer buffer) use \\ when generates principal Assert.Equal(new HashSet <string>(Arrays.AsList("foo\\bar@" + kdc .GetRealm(), "bar\\foo@" + kdc.GetRealm())), principals); }
/// <exception cref="System.IO.IOException"/> private void CreateKeyTab(string fileName, string[] principalNames) { //create a test keytab file IList <KeytabEntry> lstEntries = new AList <KeytabEntry>(); foreach (string principal in principalNames) { // create 3 versions of the key to ensure methods don't return // duplicate principals for (int kvno = 1; kvno <= 3; kvno++) { EncryptionKey key = new EncryptionKey(EncryptionType.Unknown, Runtime.GetBytesForString ("samplekey1"), kvno); KeytabEntry keytabEntry = new KeytabEntry(principal, 1, new KerberosTime(), unchecked ( (byte)1), key); lstEntries.AddItem(keytabEntry); } } Org.Apache.Directory.Server.Kerberos.Shared.Keytab.Keytab keytab = Org.Apache.Directory.Server.Kerberos.Shared.Keytab.Keytab .GetInstance(); keytab.SetEntries(lstEntries); keytab.Write(new FilePath(testKeytab)); }