/*

 * Copyright (c) 2008, 2015, Oracle and/or its affiliates. All rights reserved.

 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

 *

 * This code is free software; you can redistribute it and/or modify it

 * under the terms of the GNU General Public License version 2 only, as

 * published by the Free Software Foundation.

 *

 * This code is distributed in the hope that it will be useful, but WITHOUT

 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or

 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License

 * version 2 for more details (a copy is included in the LICENSE file that

 * accompanied this code).

 *

 * You should have received a copy of the GNU General Public License version

 * 2 along with this work; if not, write to the Free Software Foundation,

 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

 *

 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA

 * or visit www.oracle.com if you need additional information or have any

 * questions.

 */

import java.lang.reflect.Constructor;

import java.lang.reflect.Field;

import java.lang.reflect.InvocationTargetException;

import java.net.*;

import java.io.*;

import java.lang.reflect.Method;

import java.security.SecureRandom;

import java.util.*;

import java.util.concurrent.*;

import sun.net.spi.nameservice.NameService;

import sun.net.spi.nameservice.NameServiceDescriptor;

import sun.security.krb5.*;

import sun.security.krb5.internal.*;

import sun.security.krb5.internal.ccache.CredentialsCache;

import sun.security.krb5.internal.crypto.EType;

import sun.security.krb5.internal.crypto.KeyUsage;

import sun.security.krb5.internal.ktab.KeyTab;

import sun.security.util.DerInputStream;

import sun.security.util.DerOutputStream;

import sun.security.util.DerValue;

/**

 * A KDC server.

 * <p>

 * Features:

 * <ol>

 * <li> Supports TCP and UDP

 * <li> Supports AS-REQ and TGS-REQ

 * <li> Principal db and other settings hard coded in application

 * <li> Options, say, request preauth or not

 * </ol>

 * Side effects:

 * <ol>

 * <li> The Sun-internal class <code>sun.security.krb5.Config</code> is a

 * singleton and initialized according to Kerberos settings (krb5.conf and

 * java.security.krb5.* system properties). This means once it's initialized

 * it will not automatically notice any changes to these settings (or file

 * changes of krb5.conf). The KDC class normally does not touch these

 * settings (except for the <code>writeKtab()</code> method). However, to make

 * sure nothing ever goes wrong, if you want to make any changes to these

 * settings after calling a KDC method, call <code>Config.refresh()</code> to

 * make sure your changes are reflected in the <code>Config</code> object.

 * </ol>

 * System properties recognized:

 * <ul>

 * <li>test.kdc.save.ccache

 * </ul>

 * Issues and TODOs:

 * <ol>

 * <li> Generates krb5.conf to be used on another machine, currently the kdc is

 * always localhost

 * <li> More options to KDC, say, error output, say, response nonce !=

 * request nonce

 * </ol>

 * Note: This program uses internal krb5 classes (including reflection to

 * access private fields and methods).

 * <p>

 * Usages:

 * <p>

 * 1. Init and start the KDC:

 * <pre>

 * KDC kdc = KDC.create("REALM.NAME", port, isDaemon);

 * KDC kdc = KDC.create("REALM.NAME");

 * </pre>

 * Here, <code>port</code> is the UDP and TCP port number the KDC server

 * listens on. If zero, a random port is chosen, which you can use getPort()

 * later to retrieve the value.

 * <p>

 * If <code>isDaemon</code> is true, the KDC worker threads will be daemons.

 * <p>

 * The shortcut <code>KDC.create("REALM.NAME")</code> has port=0 and

 * isDaemon=false, and is commonly used in an embedded KDC.

 * <p>

 * 2. Adding users:

 * <pre>

 * kdc.addPrincipal(String principal_name, char[] password);

 * kdc.addPrincipalRandKey(String principal_name);

 * </pre>

 * A service principal's name should look like "host/f.q.d.n". The second form

 * generates a random key. To expose this key, call <code>writeKtab()</code> to

 * save the keys into a keytab file.

 * <p>

 * Note that you need to add the principal name krbtgt/REALM.NAME yourself.

 * <p>

 * Note that you can safely add a principal at any time after the KDC is

 * started and before a user requests info on this principal.

 * <p>

 * 3. Other public methods:

 * <ul>

 * <li> <code>getPort</code>: Returns the port number the KDC uses

 * <li> <code>getRealm</code>: Returns the realm name

 * <li> <code>writeKtab</code>: Writes all principals' keys into a keytab file

 * <li> <code>saveConfig</code>: Saves a krb5.conf file to access this KDC

 * <li> <code>setOption</code>: Sets various options

 * </ul>

 * Read the javadoc for details. Lazy developer can use <code>OneKDC</code>

 * directly.

 */

public class KDC {

    public static final int DEFAULT_LIFETIME = 39600;

    public static final int DEFAULT_RENEWTIME = 86400;

    // Under the hood.

    // The random generator to generate random keys (including session keys)

    private static SecureRandom secureRandom = new SecureRandom();

    // Principal db. principal -> pass. A case-insensitive TreeMap is used

    // so that even if the client provides a name with different case, the KDC

    // can still locate the principal and give back correct salt.

    private TreeMap<String,char[]> passwords = new TreeMap<>

            (String.CASE_INSENSITIVE_ORDER);

    // Realm name

    private String realm;

    // KDC

    private String kdc;

    // Service port number

    private int port;

    // The request/response job queue

    private BlockingQueue<Job> q = new ArrayBlockingQueue<>(100);

    // Options

    private Map<Option,Object> options = new HashMap<>();

    // Realm-specific krb5.conf settings

    private List<String> conf = new ArrayList<>();

    private Thread thread1, thread2, thread3;

    private volatile boolean udpConsumerReady = false;

    private volatile boolean tcpConsumerReady = false;

    private volatile boolean dispatcherReady = false;

    DatagramSocket u1 = null;

    ServerSocket t1 = null;

    public static enum KtabMode { APPEND, EXISTING };

    /**

     * Option names, to be expanded forever.

     */

    public static enum Option {

        /**

         * Whether pre-authentication is required. Default Boolean.TRUE

         */

        PREAUTH_REQUIRED,

        /**

         * Only issue TGT in RC4

         */

        ONLY_RC4_TGT,

        /**

         * Use RC4 as the first in preauth

         */

        RC4_FIRST_PREAUTH,

        /**

         * Use only one preauth, so that some keys are not easy to generate

         */

        ONLY_ONE_PREAUTH,

        /**

         * Set all name-type to a value in response

         */

        RESP_NT,

        /**

         * Multiple ETYPE-INFO-ENTRY with same etype but different salt

         */

        DUP_ETYPE,

        /**

         * What backend server can be delegated to

         */

        OK_AS_DELEGATE,

        /**

         * Allow S4U2self, List<String> of middle servers.

         * If not set, means KDC does not understand S4U2self at all, therefore

         * would ignore any PA-FOR-USER request and send a ticket using the

         * cname of teh requestor. If set, it returns FORWARDABLE tickets to

         * a server with its name in the list

         */

        ALLOW_S4U2SELF,

        /**

         * Allow S4U2proxy, Map<String,List<String>> of middle servers to

         * backends. If not set or a backend not in a server's list,

         * Krb5.KDC_ERR_POLICY will be send for S4U2proxy request.

         */

        ALLOW_S4U2PROXY,

        /**

         * Sensitive accounts can never be delegated.

         */

        SENSITIVE_ACCOUNTS,

        /**

         * If true, will check if TGS-REQ contains a non-null addresses field.

         */

        CHECK_ADDRESSES,

    };

    static {

        System.setProperty("sun.net.spi.nameservice.provider.1", "ns,mock");

    }

    /**

     * A standalone KDC server.

     */

    public static void main(String[] args) throws Exception {

        int port = args.length > 0 ? Integer.parseInt(args[0]) : 0;

        KDC kdc = create("RABBIT.HOLE", "kdc.rabbit.hole", port, false);

        kdc.addPrincipal("dummy", "bogus".toCharArray());

        kdc.addPrincipal("foo", "bar".toCharArray());

        kdc.addPrincipalRandKey("krbtgt/RABBIT.HOLE");

        kdc.addPrincipalRandKey("server/host.rabbit.hole");

        kdc.addPrincipalRandKey("backend/host.rabbit.hole");

        KDC.saveConfig("krb5.conf", kdc, "forwardable = true");

    }

    /**

     * Creates and starts a KDC running as a daemon on a random port.

     * @param realm the realm name

     * @return the running KDC instance

     * @throws java.io.IOException for any socket creation error

     */

    public static KDC create(String realm) throws IOException {

        return create(realm, "kdc." + realm.toLowerCase(), 0, true);

    }

    public static KDC existing(String realm, String kdc, int port) {

        KDC k = new KDC(realm, kdc);

        k.port = port;

        return k;

    }

    /**

     * Creates and starts a KDC server.

     * @param realm the realm name

     * @param port the TCP and UDP port to listen to. A random port will to

     *        chosen if zero.

     * @param asDaemon if true, KDC threads will be daemons. Otherwise, not.

     * @return the running KDC instance

     * @throws java.io.IOException for any socket creation error

     */

    public static KDC create(String realm, String kdc, int port, boolean asDaemon) throws IOException {

        return new KDC(realm, kdc, port, asDaemon);

    }

    /**

     * Sets an option

     * @param key the option name

     * @param value the value

     */

    public void setOption(Option key, Object value) {

        if (value == null) {

            options.remove(key);

        } else {

            options.put(key, value);

        }

    }

    /**

     * Writes or appends keys into a keytab.

     * <p>

     * Attention: This is the most basic one of a series of methods below on

     * keytab creation or modification. All these methods reference krb5.conf

     * settings. If you need to modify krb5.conf or switch to another krb5.conf

     * later, please call <code>Config.refresh()</code> again. For example:

     * <pre>

     * kdc.writeKtab("/etc/kdc/ktab", true);  // Config is initialized,

     * System.setProperty("java.security.krb5.conf", "/home/mykrb5.conf");

     * Config.refresh();

     * </pre>

     * Inside this method there are 2 places krb5.conf is used:

     * <ol>

     * <li> (Fatal) Generating keys: EncryptionKey.acquireSecretKeys

     * <li> (Has workaround) Creating PrincipalName

     * </ol>

     * @param tab the keytab file name

     * @param append true if append, otherwise, overwrite.

     * @param names the names to write into, write all if names is empty

     */

    public void writeKtab(String tab, boolean append, String... names)

            throws IOException, KrbException {

        KeyTab ktab = append ? KeyTab.getInstance(tab) : KeyTab.create(tab);

        Iterable<String> entries =

                (names.length != 0) ? Arrays.asList(names): passwords.keySet();

        for (String name : entries) {

            char[] pass = passwords.get(name);

            int kvno = 0;

            if (Character.isDigit(pass[pass.length-1])) {

                kvno = pass[pass.length-1] - '0';

            }

            PrincipalName pn = new PrincipalName(name,

                        name.indexOf('/') < 0 ?

                            PrincipalName.KRB_NT_UNKNOWN :

                            PrincipalName.KRB_NT_SRV_HST);

            ktab.addEntry(pn,

                        getSalt(pn),

                        pass,

                        kvno,

                        true);

        }

        ktab.save();

    }

    /**

     * Writes all principals' keys from multiple KDCs into one keytab file.

     * @throws java.io.IOException for any file output error

     * @throws sun.security.krb5.KrbException for any realm and/or principal

     *         name error.

     */

    public static void writeMultiKtab(String tab, KDC... kdcs)

            throws IOException, KrbException {

        KeyTab.create(tab).save();      // Empty the old keytab

        appendMultiKtab(tab, kdcs);

    }

    /**

     * Appends all principals' keys from multiple KDCs to one keytab file.

     */

    public static void appendMultiKtab(String tab, KDC... kdcs)

            throws IOException, KrbException {

        for (KDC kdc: kdcs) {

            kdc.writeKtab(tab, true);

        }

    }

    /**

     * Write a ktab for this KDC.

     */

    public void writeKtab(String tab) throws IOException, KrbException {

        writeKtab(tab, false);

    }

    /**

     * Appends keys in this KDC to a ktab.

     */

    public void appendKtab(String tab) throws IOException, KrbException {

        writeKtab(tab, true);

    }

    /**

     * Adds a new principal to this realm with a given password.

     * @param user the principal's name. For a service principal, use the

     *        form of host/f.q.d.n

     * @param pass the password for the principal

     */

    public void addPrincipal(String user, char[] pass) {

        if (user.indexOf('@') < 0) {

            user = user + "@" + realm;

        }

        passwords.put(user, pass);

    }

    /**

     * Adds a new principal to this realm with a random password

     * @param user the principal's name. For a service principal, use the

     *        form of host/f.q.d.n

     */

    public void addPrincipalRandKey(String user) {

        addPrincipal(user, randomPassword());

    }

    /**

     * Returns the name of this realm

     * @return the name of this realm

     */

    public String getRealm() {

        return realm;

    }

    /**

     * Returns the name of kdc

     * @return the name of kdc

     */

    public String getKDC() {

        return kdc;

    }

    /**

     * Add realm-specific krb5.conf setting

     */

    public void addConf(String s) {

        conf.add(s);

    }

    /**

     * Writes a krb5.conf for one or more KDC that includes KDC locations for

     * each realm and the default realm name. You can also add extra strings

     * into the file. The method should be called like:

     * <pre>

     *   KDC.saveConfig("krb5.conf", kdc1, kdc2, ..., line1, line2, ...);

     * </pre>

     * Here you can provide one or more kdc# and zero or more line# arguments.

     * The line# will be put after [libdefaults] and before [realms]. Therefore

     * you can append new lines into [libdefaults] and/or create your new

     * stanzas as well. Note that a newline character will be appended to

     * each line# argument.

     * <p>

     * For example:

     * <pre>

     * KDC.saveConfig("krb5.conf", this);

     * </pre>

     * generates:

     * <pre>

     * [libdefaults]

     * default_realm = REALM.NAME

     *

     * [realms]

     *   REALM.NAME = {

     *     kdc = host:port_number

     *     # realm-specific settings

     *   }

     * </pre>

     *

     * Another example:

     * <pre>

     * KDC.saveConfig("krb5.conf", kdc1, kdc2, "forwardable = true", "",

     *         "[domain_realm]",

     *         ".kdc1.com = KDC1.NAME");

     * </pre>

     * generates:

     * <pre>

     * [libdefaults]

     * default_realm = KDC1.NAME

     * forwardable = true

     *

     * [domain_realm]

     * .kdc1.com = KDC1.NAME

     *

     * [realms]

     *   KDC1.NAME = {

     *     kdc = host:port1

     *   }

     *   KDC2.NAME = {

     *     kdc = host:port2

     *   }

     * </pre>

     * @param file the name of the file to write into

     * @param kdc the first (and default) KDC

     * @param more more KDCs or extra lines (in their appearing order) to

     * insert into the krb5.conf file. This method reads each argument's type

     * to determine what it's for. This argument can be empty.

     * @throws java.io.IOException for any file output error

     */

    public static void saveConfig(String file, KDC kdc, Object... more)

            throws IOException {

        File f = new File(file);

        StringBuffer sb = new StringBuffer();

        sb.append("[libdefaults]\ndefault_realm = ");

        sb.append(kdc.realm);

        sb.append("\n");

        for (Object o: more) {

            if (o instanceof String) {

                sb.append(o);

                sb.append("\n");

            }

        }

        sb.append("\n[realms]\n");

        sb.append(kdc.realmLine());

        for (Object o: more) {

            if (o instanceof KDC) {

                sb.append(((KDC)o).realmLine());

            }

        }

        FileOutputStream fos = new FileOutputStream(f);

        fos.write(sb.toString().getBytes());

        fos.close();

    }

    /**

     * Returns the service port of the KDC server.

     * @return the KDC service port

     */

    public int getPort() {

        return port;

    }

    // Private helper methods

    /**

     * Private constructor, cannot be called outside.

     * @param realm

     */

    private KDC(String realm, String kdc) {

        this.realm = realm;

        this.kdc = kdc;

    }

    /**

     * A constructor that starts the KDC service also.