Merge pull request #1044 from mposolda/master

Fix kerberos test failing in some environments
This commit is contained in:
Marek Posolda 2015-03-13 17:52:17 +01:00
commit 29030a6d39
4 changed files with 30 additions and 12 deletions

View file

@ -1,5 +1,8 @@
package org.keycloak.testutils.ldap;
import java.net.InetAddress;
import java.net.UnknownHostException;
/**
* Factory for ApacheDS based LDAP and Kerberos servers
*
@ -21,6 +24,7 @@ public class EmbeddedServersFactory {
private String baseDN;
private String bindHost;
private int bindPort;
private String ldapSaslPrincipal;
private String ldifFile;
private String kerberosRealm;
private int kdcPort;
@ -39,6 +43,7 @@ public class EmbeddedServersFactory {
this.bindHost = System.getProperty("ldap.host");
String bindPort = System.getProperty("ldap.port");
this.ldifFile = System.getProperty("ldap.ldif");
this.ldapSaslPrincipal = System.getProperty("ldap.saslPrincipal");
this.kerberosRealm = System.getProperty("kerberos.realm");
String kdcPort = System.getProperty("kerberos.port");
@ -62,6 +67,16 @@ public class EmbeddedServersFactory {
if (kdcEncryptionTypes == null || kdcEncryptionTypes.isEmpty()) {
kdcEncryptionTypes = DEFAULT_KDC_ENCRYPTION_TYPES;
}
if (ldapSaslPrincipal == null || ldapSaslPrincipal.isEmpty()) {
try {
// Same algorithm like sun.security.krb5.PrincipalName constructor
String canonicalHost = (InetAddress.getByName(bindHost)).getCanonicalHostName();
this.ldapSaslPrincipal = "ldap/" + canonicalHost + "@" + kerberosRealm;
} catch (UnknownHostException uhe) {
throw new RuntimeException(uhe);
}
}
}
@ -72,7 +87,7 @@ public class EmbeddedServersFactory {
ldifFile = DEFAULT_LDIF_FILE;
}
return new LDAPEmbeddedServer(baseDN, bindHost, bindPort, ldifFile);
return new LDAPEmbeddedServer(baseDN, bindHost, bindPort, ldifFile, ldapSaslPrincipal);
}
@ -83,6 +98,6 @@ public class EmbeddedServersFactory {
ldifFile = DEFAULT_KERBEROS_LDIF_FILE;
}
return new KerberosEmbeddedServer(baseDN, bindHost, bindPort, ldifFile, kerberosRealm, kdcPort, kdcEncryptionTypes);
return new KerberosEmbeddedServer(baseDN, bindHost, bindPort, ldifFile, ldapSaslPrincipal, kerberosRealm, kdcPort, kdcEncryptionTypes);
}
}

View file

@ -2,6 +2,7 @@ package org.keycloak.testutils.ldap;
import java.io.IOException;
import java.lang.reflect.Field;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Set;
@ -48,8 +49,8 @@ public class KerberosEmbeddedServer extends LDAPEmbeddedServer {
}
protected KerberosEmbeddedServer(String baseDN, String bindHost, int bindPort, String ldifFile, String kerberosRealm, int kdcPort, String kdcEncryptionTypes) {
super(baseDN, bindHost, bindPort, ldifFile);
protected KerberosEmbeddedServer(String baseDN, String bindHost, int bindPort, String ldifFile, String ldapSaslPrincipal, String kerberosRealm, int kdcPort, String kdcEncryptionTypes) {
super(baseDN, bindHost, bindPort, ldifFile, ldapSaslPrincipal);
this.kdcEncryptionTypes = kdcEncryptionTypes;
this.kerberosRealm = kerberosRealm;
this.kdcPort = kdcPort;
@ -79,7 +80,8 @@ public class KerberosEmbeddedServer extends LDAPEmbeddedServer {
LdapServer ldapServer = super.createLdapServer();
ldapServer.setSaslHost( this.bindHost );
ldapServer.setSaslPrincipal( "ldap/" + this.bindHost + "@" + this.kerberosRealm);
ldapServer.setSaslPrincipal( this.ldapSaslPrincipal);
ldapServer.setSaslRealms(new ArrayList<String>());
ldapServer.addSaslMechanismHandler(SupportedSaslMechanisms.PLAIN, new PlainMechanismHandler());
ldapServer.addSaslMechanismHandler(SupportedSaslMechanisms.CRAM_MD5, new CramMd5MechanismHandler());

View file

@ -2,7 +2,6 @@ package org.keycloak.testutils.ldap;
import java.io.File;
import java.io.InputStream;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Map;
@ -35,6 +34,7 @@ public class LDAPEmbeddedServer {
protected final String bindHost;
protected final int bindPort;
protected final String ldifFile;
protected final String ldapSaslPrincipal;
protected DirectoryService directoryService;
protected LdapServer ldapServer;
@ -47,16 +47,19 @@ public class LDAPEmbeddedServer {
ldapEmbeddedServer.start();
}
public LDAPEmbeddedServer(String baseDN, String bindHost, int bindPort, String ldifFile) {
public LDAPEmbeddedServer(String baseDN, String bindHost, int bindPort, String ldifFile, String ldapSaslPrincipal) {
this.baseDN = baseDN;
this.bindHost = bindHost;
this.bindPort = bindPort;
this.ldifFile = ldifFile;
this.ldapSaslPrincipal = ldapSaslPrincipal;
}
public void init() throws Exception {
log.info("Creating LDAP Directory Service. Config: baseDN=" + baseDN + ", bindHost=" + bindHost + ", bindPort=" + bindPort);
log.info("Creating LDAP Directory Service. Config: baseDN=" + baseDN + ", bindHost=" + bindHost + ", bindPort=" + bindPort +
", ldapSaslPrincipal=" + ldapSaslPrincipal);
this.directoryService = createDirectoryService();
log.info("Importing LDIF: " + ldifFile);
@ -133,9 +136,6 @@ public class LDAPEmbeddedServer {
// Propagate the anonymous flag to the DS
directoryService.setAllowAnonymousAccess(false);
ldapServer.setSaslHost( this.bindHost );
ldapServer.setSaslPrincipal( "ldap/" + this.bindHost + "@KEYCLOAK.ORG");
ldapServer.setSaslRealms(new ArrayList<String>());
return ldapServer;
}
@ -143,6 +143,7 @@ public class LDAPEmbeddedServer {
private void importLdif() throws Exception {
Map<String, String> map = new HashMap<String, String>();
map.put("hostname", this.bindHost);
map.put("ldapSaslPrincipal", this.ldapSaslPrincipal);
// For now, assume that LDIF file is on classpath
InputStream is = getClass().getClassLoader().getResourceAsStream(ldifFile);

View file

@ -32,7 +32,7 @@ cn: LDAP
sn: Service
uid: ldap
userPassword: randall
krb5PrincipalName: ldap/${hostname}@KEYCLOAK.ORG
krb5PrincipalName: ${ldapSaslPrincipal}
krb5KeyVersionNumber: 0
dn: uid=HTTP,ou=People,dc=keycloak,dc=org