org.apache.hadoop.minikdc.MiniKdc Java Examples

@Override
protected void before() throws Throwable {
    Properties conf = MiniKdc.createConf();
    conf.setProperty(MiniKdc.ORG_NAME, "BUILD.ELASTIC");
    conf.setProperty(MiniKdc.ORG_DOMAIN, "CO");
    kdc = new MiniKdc(conf, temporaryFolder.newFolder());
    kdc.start();

    /*
     * So, this test suite is run alongside other suites that are initializing static state
     * all throughout the Hadoop code with the assumption that Kerberos doesn't exist, and
     * no one in this JVM will ever care about it existing. KerberosName has a static field
     * set once and left as-is at class loading time. That field contains the default realm
     * as specified by the JVM's krb5 conf file. MiniKdc adds a test conf file to the JVM
     * properties after it starts up. We need to smash the glass and update the defaultRealm
     * field on the KerberosName class or else Hadoop will not be able to map a Kerberos
     * Principal Name to a regular user name with the DEFAULT rule.
     */
    Field defaultRealm = KerberosName.class.getDeclaredField("defaultRealm");
    defaultRealm.setAccessible(true);
    previousDefaultRealm = (String) defaultRealm.get(null);
    defaultRealm.set(null, KerberosUtil.getDefaultRealm());
}
 

@BeforeClass
public static void setupCluster() throws Exception {
  KEYTAB_FILE = new File(
      UTIL.getDataTestDir("keytab").toUri().getPath());
  final MiniKdc kdc = UTIL.setupMiniKdc(KEYTAB_FILE);

  // Adds our test impls instead of creating service loader entries which
  // might inadvertently get them loaded on a real cluster.
  CONF.setStrings(SaslClientAuthenticationProviders.EXTRA_PROVIDERS_KEY,
      ShadeSaslClientAuthenticationProvider.class.getName());
  CONF.setStrings(SaslServerAuthenticationProviders.EXTRA_PROVIDERS_KEY,
      ShadeSaslServerAuthenticationProvider.class.getName());
  CONF.set(SaslClientAuthenticationProviders.SELECTOR_KEY,
      ShadeProviderSelector.class.getName());

  CLUSTER = createCluster(UTIL, KEYTAB_FILE, kdc,
      Collections.singletonMap("user1", USER1_PASSWORD));
  CLUSTER.startup();
}
 

@BeforeClass
public static void initKdc() throws Exception {
  baseDir = new File(System.getProperty("test.build.dir", "target/test-dir"),
    SaslDataTransferTestCase.class.getSimpleName());
  FileUtil.fullyDelete(baseDir);
  assertTrue(baseDir.mkdirs());

  Properties kdcConf = MiniKdc.createConf();
  kdc = new MiniKdc(kdcConf, baseDir);
  kdc.start();

  String userName = UserGroupInformation.getLoginUser().getShortUserName();
  File keytabFile = new File(baseDir, userName + ".keytab");
  keytab = keytabFile.getAbsolutePath();
  kdc.createPrincipal(keytabFile, userName + "/localhost", "HTTP/localhost");
  hdfsPrincipal = userName + "/localhost@" + kdc.getRealm();
  spnegoPrincipal = "HTTP/localhost@" + kdc.getRealm();
}
 

protected static void startCluster(String rpcServerImpl) throws Exception {
  KEYTAB_FILE = new File(UTIL.getDataTestDir("keytab").toUri().getPath());
  final MiniKdc kdc = UTIL.setupMiniKdc(KEYTAB_FILE);

  // Adds our test impls instead of creating service loader entries which
  // might inadvertently get them loaded on a real cluster.
  CONF.setStrings(SaslClientAuthenticationProviders.EXTRA_PROVIDERS_KEY,
    InMemoryClientProvider.class.getName());
  CONF.setStrings(SaslServerAuthenticationProviders.EXTRA_PROVIDERS_KEY,
    InMemoryServerProvider.class.getName());
  CONF.set(SaslClientAuthenticationProviders.SELECTOR_KEY,
    InMemoryProviderSelector.class.getName());
  createBaseCluster(UTIL, KEYTAB_FILE, kdc);
  CONF.set(RpcServerFactory.CUSTOM_RPC_SERVER_IMPL_CONF_KEY, rpcServerImpl);
  CLUSTER = new LocalHBaseCluster(CONF, 1);
  CLUSTER.startup();
}
 

private static void createBaseCluster(HBaseTestingUtility util, File keytabFile, MiniKdc kdc)
  throws Exception {
  String servicePrincipal = "hbase/localhost";
  String spnegoPrincipal = "HTTP/localhost";
  kdc.createPrincipal(keytabFile, servicePrincipal);
  util.startMiniZKCluster();

  HBaseKerberosUtils.setSecuredConfiguration(util.getConfiguration(),
    servicePrincipal + "@" + kdc.getRealm(), spnegoPrincipal + "@" + kdc.getRealm());
  HBaseKerberosUtils.setSSLConfiguration(util, SecureTestCluster.class);

  util.getConfiguration().setStrings(CoprocessorHost.REGION_COPROCESSOR_CONF_KEY,
    TokenProvider.class.getName());
  util.startMiniDFSCluster(1);
  Path rootdir = util.getDataTestDirOnTestFS("TestCustomSaslAuthenticationProvider");
  CommonFSUtils.setRootDir(util.getConfiguration(), rootdir);
}
 

@Before
public void setUpKerberos() throws Exception {
   kdc = new MiniKdc(MiniKdc.createConf(), temporaryFolder.newFolder("kdc"));
   kdc.start();

   // hard coded match, default_keytab_name in minikdc-krb5.conf template
   File userKeyTab = new File("target/test.krb5.keytab");
   kdc.createPrincipal(userKeyTab, "client", "amqp/localhost");

   if (debug) {
      for (java.util.logging.Logger logger : new java.util.logging.Logger[] {java.util.logging.Logger.getLogger("javax.security.sasl"), java.util.logging.Logger.getLogger("org.apache.qpid.proton")}) {
         logger.setLevel(java.util.logging.Level.FINEST);
         logger.addHandler(new java.util.logging.ConsoleHandler());
         for (java.util.logging.Handler handler : logger.getHandlers()) {
            handler.setLevel(java.util.logging.Level.FINEST);
         }
      }
   }
}
 

@BeforeClass
public static void setUpMiniKdc() throws Exception {
  File kdcDir = getTestDir();
  Properties kdcConf = MiniKdc.createConf();
  kdc = new MiniKdc(kdcConf, kdcDir);
  kdc.start();
  keytab = new File(kdcDir, "keytab");
  List<String> principals = new ArrayList<String>();
  principals.add("HTTP/localhost");
  principals.add("client");
  principals.add("hdfs");
  principals.add("otheradmin");
  principals.add("client/host");
  principals.add("client1");
  for (KMSACLs.Type type : KMSACLs.Type.values()) {
    principals.add(type.toString());
  }
  principals.add("CREATE_MATERIAL");
  principals.add("ROLLOVER_MATERIAL");
  kdc.createPrincipal(keytab,
      principals.toArray(new String[principals.size()]));
}
 

@BeforeClass
public static void setUpMiniKdc() throws Exception {
  File kdcDir = getTestDir();
  Properties kdcConf = MiniKdc.createConf();
  kdc = new MiniKdc(kdcConf, kdcDir);
  kdc.start();
  keytab = new File(kdcDir, "keytab");
  List<String> principals = new ArrayList<String>();
  principals.add("HTTP/localhost");
  principals.add("client");
  principals.add("hdfs");
  principals.add("otheradmin");
  principals.add("client/host");
  principals.add("client1");
  for (KMSACLs.Type type : KMSACLs.Type.values()) {
    principals.add(type.toString());
  }
  principals.add("CREATE_MATERIAL");
  principals.add("ROLLOVER_MATERIAL");
  kdc.createPrincipal(keytab,
      principals.toArray(new String[principals.size()]));
}
 

@BeforeClass
public static void initKdc() throws Exception {
  baseDir = new File(System.getProperty("test.build.dir", "target/test-dir"),
    SaslDataTransferTestCase.class.getSimpleName());
  FileUtil.fullyDelete(baseDir);
  assertTrue(baseDir.mkdirs());

  Properties kdcConf = MiniKdc.createConf();
  kdc = new MiniKdc(kdcConf, baseDir);
  kdc.start();

  String userName = UserGroupInformation.getLoginUser().getShortUserName();
  File keytabFile = new File(baseDir, userName + ".keytab");
  keytab = keytabFile.getAbsolutePath();
  kdc.createPrincipal(keytabFile, userName + "/localhost", "HTTP/localhost");
  hdfsPrincipal = userName + "/localhost@" + kdc.getRealm();
  spnegoPrincipal = "HTTP/localhost@" + kdc.getRealm();
}
 

@BeforeClass
public static void startKdc() throws Exception {
  testDir = new File("target", UUID.randomUUID().toString()).getAbsoluteFile();
  Assert.assertTrue(testDir.mkdirs());
  File kdcDir = new File(testDir, "kdc");
  Assert.assertTrue(kdcDir.mkdirs());
  keytabFile = new File(testDir, "test.keytab");
  miniKdc = new MiniKdc(MiniKdc.createConf(), testDir);
  miniKdc.start();
  miniKdc.createPrincipal(keytabFile, "foo", "bar/localhost");
}
 

@BeforeClass
public static void setupKDC() throws Exception {
  testRootDir = new File("target",
    TestRMWebServicesDelegationTokens.class.getName() + "-root");
  testMiniKDC = new MiniKdc(MiniKdc.createConf(), testRootDir);
  testMiniKDC.start();
  testMiniKDC.createPrincipal(httpSpnegoKeytabFile, "HTTP/localhost",
    "client", "client2", "client3");
}
 

@BeforeClass
public static void setUp() {
  try {
    testMiniKDC = new MiniKdc(MiniKdc.createConf(), testRootDir);
    setupKDC();
    setupAndStartRM();
  } catch (Exception e) {
    fail("Couldn't create MiniKDC");
  }
}
 

/**
 * Sets up the KDC and a set of principals in the JAAS file
 *
 * @throws Exception
 */
public static void setupKDCAndPrincipals() throws Exception {
  // set up the KDC
  File target = new File(System.getProperty("test.dir", "target"));
  kdcWorkDir = new File(target, "kdc");
  kdcWorkDir.mkdirs();
  if (!kdcWorkDir.mkdirs()) {
    assertTrue(kdcWorkDir.isDirectory());
  }
  kdcConf = MiniKdc.createConf();
  kdcConf.setProperty(MiniKdc.DEBUG, "true");
  kdc = new MiniKdc(kdcConf, kdcWorkDir);
  kdc.start();

  keytab_zk = createKeytab(ZOOKEEPER, "zookeeper.keytab");
  keytab_alice = createKeytab(ALICE, "alice.keytab");
  keytab_bob = createKeytab(BOB, "bob.keytab");
  zkServerPrincipal = Shell.WINDOWS ? ZOOKEEPER_1270001 : ZOOKEEPER_LOCALHOST;

  StringBuilder jaas = new StringBuilder(1024);
  jaas.append(registrySecurity.createJAASEntry(ZOOKEEPER_CLIENT_CONTEXT,
      ZOOKEEPER, keytab_zk));
  jaas.append(registrySecurity.createJAASEntry(ZOOKEEPER_SERVER_CONTEXT,
      zkServerPrincipal, keytab_zk));
  jaas.append(registrySecurity.createJAASEntry(ALICE_CLIENT_CONTEXT,
      ALICE_LOCALHOST , keytab_alice));
  jaas.append(registrySecurity.createJAASEntry(BOB_CLIENT_CONTEXT,
      BOB_LOCALHOST, keytab_bob));

  jaasFile = new File(kdcWorkDir, "jaas.txt");
  FileUtils.write(jaasFile, jaas.toString());
  LOG.info("\n"+ jaas);
  RegistrySecurity.bindJVMtoJAASFile(jaasFile);
}
 

@Before
public void startMiniKdc() throws Exception {
  // This setting below is required. If not enabled, UGI will abort
  // any attempt to loginUserFromKeytab.
  Configuration conf = new Configuration();
  conf.set(CommonConfigurationKeys.HADOOP_SECURITY_AUTHENTICATION,
      "kerberos");
  UserGroupInformation.setConfiguration(conf);
  workDir = folder.getRoot();
  kdc = new MiniKdc(MiniKdc.createConf(), workDir);
  kdc.start();
}
 

protected File startKDC() throws Exception {
    File target = Files.createTempDirectory("sectest").toFile();
    File kdcWorkDir = new File(target, "kdc");
    Properties kdcConf = MiniKdc.createConf();
    kdcConf.setProperty(MiniKdc.DEBUG, "true");
    kdc = new MiniKdc(kdcConf, kdcWorkDir);
    kdc.start();

    Assert.assertNotNull(kdc.getRealm());
    return kdcWorkDir;
}
 

@Override
public void start() throws Exception {

    LOG.info("KDC: Starting MiniKdc");
    configure();
    miniKdc = new MiniKdc(conf, new File(baseDir));
    miniKdc.start();

    UserGroupInformation ugi = UserGroupInformation.createRemoteUser("guest");
    UserGroupInformation.setLoginUser(ugi);
    String username = UserGroupInformation.getLoginUser().getShortUserName();

    List<String> temp = new ArrayList<>(principals);
    temp.add(username);
    this.principals = Collections.unmodifiableList(temp);

    principals.forEach(p -> {
        try {
            File keytab = new File(baseDir, p + ".keytab");
            LOG.info("KDC: Creating keytab for {} in {}", p, keytab);
            miniKdc.createPrincipal(keytab, p, getKrbPrincipal(p), getKrbPrincipalWithRealm(p));
        } catch (Exception e) {
            throw Throwables.propagate(e);
        }
    });
    refreshDefaultRealm();
    prepareSecureConfiguration(username);
}
 

public void startLdapServer(MiniKdc miniKdc) throws Exception {
    ldapServer = new LdapServer();
    Field f = MiniKdc.class.getDeclaredField("ds");
    f.setAccessible(true);
    DirectoryService ds = (DirectoryService) f.get(miniKdc);
    ldapServer.setDirectoryService(ds);
    TcpTransport tcpTransport = new TcpTransport(4016);
    ldapServer.setTransports(tcpTransport);
    LOG.info(ds.getAdminSession().getAuthenticatedPrincipal().getDn());
    ldapServer.start();
}
 

@Override
@Before
public void setUp() throws Exception {
   super.setUp();
   kdc = new MiniKdc(MiniKdc.createConf(), temporaryFolder.newFolder("kdc"));
   kdc.start();
}
 

static LocalHBaseCluster createCluster(HBaseTestingUtility util, File keytabFile,
    MiniKdc kdc, Map<String,char[]> userDatabase) throws Exception {
  String servicePrincipal = "hbase/localhost";
  String spnegoPrincipal = "HTTP/localhost";
  kdc.createPrincipal(keytabFile, servicePrincipal);
  util.startMiniZKCluster();

  HBaseKerberosUtils.setSecuredConfiguration(util.getConfiguration(),
      servicePrincipal + "@" + kdc.getRealm(), spnegoPrincipal + "@" + kdc.getRealm());
  HBaseKerberosUtils.setSSLConfiguration(util, TestShadeSaslAuthenticationProvider.class);

  util.getConfiguration().setStrings(CoprocessorHost.REGION_COPROCESSOR_CONF_KEY,
      TokenProvider.class.getName());
  util.startMiniDFSCluster(1);
  Path testDir = util.getDataTestDirOnTestFS("TestShadeSaslAuthenticationProvider");
  USER_DATABASE_FILE = new Path(testDir, "user-db.txt");

  createUserDBFile(
      USER_DATABASE_FILE.getFileSystem(CONF), USER_DATABASE_FILE, userDatabase);
  CONF.set(ShadeSaslServerAuthenticationProvider.PASSWORD_FILE_KEY,
      USER_DATABASE_FILE.toString());

  Path rootdir = new Path(testDir, "hbase-root");
  CommonFSUtils.setRootDir(CONF, rootdir);
  LocalHBaseCluster cluster = new LocalHBaseCluster(CONF, 1);
  return cluster;
}
 

@BeforeClass
public static void setUpKerberos() throws Exception {
    servicePrincipal = prepareServiceName();
    LOG.info("Using service principal: " + servicePrincipal);

    Path targetDir = FileSystems.getDefault().getPath("target");
    Path tempDirectory = Files.createTempDirectory(targetDir, "junit.SaslGssApiIntegrationTest.");
    File root = tempDirectory.toFile();

    kdc = new MiniKdc(MiniKdc.createConf(), new File(root, "kdc"));
    kdc.start();

    // hard coded match, default_keytab_name in minikdc-krb5.conf template
    File userKeyTab = new File(KRB5_KEYTAB);
    kdc.createPrincipal(userKeyTab, CLIENT_PRINCIPAL_LOGIN_CONFIG, CLIENT_PRINCIPAL_FACTORY_USERNAME,
            CLIENT_PRINCIPAL_URI_USERNAME, CLIENT_PRINCIPAL_DEFAULT_CONFIG_SCOPE, servicePrincipal);

    if (DEBUG) {
        Keytab kt = Keytab.read(userKeyTab);
        for (KeytabEntry entry : kt.getEntries()) {
            LOG.info("KeyTab Entry: PrincipalName:" + entry.getPrincipalName() + " ; KeyInfo:"+ entry.getKey().getKeyType());
        }

        java.util.logging.Logger logger = java.util.logging.Logger.getLogger("javax.security.sasl");
        logger.setLevel(java.util.logging.Level.FINEST);
        logger.addHandler(new java.util.logging.ConsoleHandler());
        for (java.util.logging.Handler handler : logger.getHandlers()) {
            handler.setLevel(java.util.logging.Level.FINEST);
        }
    }
}
 

public KDCServer(final File baseDir) {
    this.baseDir = baseDir;

    this.kdcProperties = MiniKdc.createConf();
    this.kdcProperties.setProperty(MiniKdc.INSTANCE, "DefaultKrbServer");
    this.kdcProperties.setProperty(MiniKdc.ORG_NAME, "NIFI");
    this.kdcProperties.setProperty(MiniKdc.ORG_DOMAIN, "COM");
}
 

@BeforeClass
public static void setup() throws Exception {
  Assume.assumeTrue("true".equalsIgnoreCase(System.getProperty(
      "sentry.hive.test.ticket.timeout", "false")));
  kdcConfOverlay.setProperty(MiniKdc.MAX_TICKET_LIFETIME, "300001");
  setup();
}
 

@BeforeClass
public static void setUp() {
  try {
    testMiniKDC = new MiniKdc(MiniKdc.createConf(), testRootDir);
    setupKDC();
  } catch (Exception e) {
    assertTrue("Couldn't create MiniKDC", false);
  }
}
 

@BeforeClass
public static void setUp() {
  try {
    testMiniKDC = new MiniKdc(MiniKdc.createConf(), testRootDir);
    setupKDC();
    setupAndStartRM();
  } catch (Exception e) {
    assertTrue("Couldn't create MiniKDC", false);
  }
}
 

@BeforeClass
public static void setUp() {
  try {
    testMiniKDC = new MiniKdc(MiniKdc.createConf(), testRootDir);
    setupKDC();
  } catch (Exception e) {
    assertTrue("Couldn't create MiniKDC", false);
  }
}
 

protected File startKDC() throws Exception {
    File target = Files.createTempDirectory("sectest").toFile();
    File kdcWorkDir = new File(target, "kdc");
    Properties kdcConf = MiniKdc.createConf();
    kdcConf.setProperty(MiniKdc.DEBUG, "true");
    kdc = new MiniKdc(kdcConf, kdcWorkDir);
    kdc.start();

    Assert.assertNotNull(kdc.getRealm());
    return kdcWorkDir;
}
 

@BeforeClass
public static void setupKDC() throws Exception {
  testRootDir = new File("target",
    TestRMWebServicesDelegationTokens.class.getName() + "-root");
  testMiniKDC = new MiniKdc(MiniKdc.createConf(), testRootDir);
  testMiniKDC.start();
  testMiniKDC.createPrincipal(httpSpnegoKeytabFile, "HTTP/localhost",
    "client", "client2", "client3");
}
 

@BeforeClass
public static void setUp() {
  try {
    testMiniKDC = new MiniKdc(MiniKdc.createConf(), testRootDir);
    setupKDC();
    setupAndStartRM();
  } catch (Exception e) {
    fail("Couldn't create MiniKDC");
  }
}
 

/**
 * Sets up the KDC and a set of principals in the JAAS file
 *
 * @throws Exception
 */
public static void setupKDCAndPrincipals() throws Exception {
  // set up the KDC
  File target = new File(System.getProperty("test.dir", "target"));
  kdcWorkDir = new File(target, "kdc");
  kdcWorkDir.mkdirs();
  if (!kdcWorkDir.mkdirs()) {
    assertTrue(kdcWorkDir.isDirectory());
  }
  kdcConf = MiniKdc.createConf();
  kdcConf.setProperty(MiniKdc.DEBUG, "true");
  kdc = new MiniKdc(kdcConf, kdcWorkDir);
  kdc.start();

  keytab_zk = createKeytab(ZOOKEEPER, "zookeeper.keytab");
  keytab_alice = createKeytab(ALICE, "alice.keytab");
  keytab_bob = createKeytab(BOB, "bob.keytab");
  zkServerPrincipal = Shell.WINDOWS ? ZOOKEEPER_1270001 : ZOOKEEPER_LOCALHOST;

  StringBuilder jaas = new StringBuilder(1024);
  jaas.append(registrySecurity.createJAASEntry(ZOOKEEPER_CLIENT_CONTEXT,
      ZOOKEEPER, keytab_zk));
  jaas.append(registrySecurity.createJAASEntry(ZOOKEEPER_SERVER_CONTEXT,
      zkServerPrincipal, keytab_zk));
  jaas.append(registrySecurity.createJAASEntry(ALICE_CLIENT_CONTEXT,
      ALICE_LOCALHOST , keytab_alice));
  jaas.append(registrySecurity.createJAASEntry(BOB_CLIENT_CONTEXT,
      BOB_LOCALHOST, keytab_bob));

  jaasFile = new File(kdcWorkDir, "jaas.txt");
  FileUtils.write(jaasFile, jaas.toString());
  LOG.info("\n"+ jaas);
  RegistrySecurity.bindJVMtoJAASFile(jaasFile);
}
 

@Before
public void startMiniKdc() throws Exception {
  // This setting below is required. If not enabled, UGI will abort
  // any attempt to loginUserFromKeytab.
  Configuration conf = new Configuration();
  conf.set(CommonConfigurationKeys.HADOOP_SECURITY_AUTHENTICATION,
      "kerberos");
  UserGroupInformation.setConfiguration(conf);
  workDir = folder.getRoot();
  kdc = new MiniKdc(MiniKdc.createConf(), workDir);
  kdc.start();
}