You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by el...@apache.org on 2007/10/31 18:14:28 UTC

svn commit: r590754 - /directory/apacheds/branches/bigbang/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationService.java

Author: elecharny
Date: Wed Oct 31 10:14:27 2007
New Revision: 590754

URL: http://svn.apache.org/viewvc?rev=590754&view=rev
Log:
Reorganized the service :
o We don't pass the message anymore (never used)
o The methods are not calling each others, they are all called in the first method

Modified:
    directory/apacheds/branches/bigbang/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationService.java

Modified: directory/apacheds/branches/bigbang/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationService.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationService.java?rev=590754&r1=590753&r2=590754&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationService.java (original)
+++ directory/apacheds/branches/bigbang/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationService.java Wed Oct 31 10:14:27 2007
@@ -87,7 +87,7 @@
     private static final String SERVICE_NAME = "Authentication Service (AS)";
 
 
-    public static void execute( IoSession session, AuthenticationContext authContext, Object message ) throws Exception
+    public static void execute( IoSession session, AuthenticationContext authContext ) throws Exception
     {
         KdcContext kdcContext = ( KdcContext ) session.getAttribute( CONTEXT_KEY );
 
@@ -104,10 +104,32 @@
             throw new KerberosException( ErrorType.KDC_ERR_BAD_PVNO );
         }
 
-        selectEncryptionType( authContext, session, message );
+        selectEncryptionType( authContext, session );
+        getClientEntry( authContext, session );
+        verifyPolicy( authContext, session );
+        verifySam( authContext, session );
+        verifyEncryptedTimestamp( authContext, session );
+        
+        if ( authContext.getClientKey() == null )
+        {
+            verifyEncryptedTimestamp( authContext, session );
+        }
+
+        getServerEntry( authContext, session );
+        generateTicket( authContext, session );
+        buildReply( authContext, session );
+
+        if ( LOG.isDebugEnabled() )
+        {
+            monitorContext( authContext );
+            monitorReply( ( KdcContext ) session.getAttribute( CONTEXT_KEY ) );
+        }
+        
+        sealReply( authContext, session );
     }
+
     
-    private static void selectEncryptionType( AuthenticationContext authContext, IoSession session, Object message ) throws KerberosException, InvalidTicketException
+    private static void selectEncryptionType( AuthenticationContext authContext, IoSession session ) throws KerberosException, InvalidTicketException
     {
         KdcContext kdcContext = ( KdcContext ) session.getAttribute( CONTEXT_KEY );
         KdcServer config = kdcContext.getConfig();
@@ -124,23 +146,20 @@
         }
 
         kdcContext.setEncryptionType( bestType );
-
-        getClientEntry( authContext, session, message );
     }
 
     
-    private static void getClientEntry( AuthenticationContext authContext, IoSession session, Object message ) throws KerberosException, InvalidTicketException
+    private static void getClientEntry( AuthenticationContext authContext, IoSession session ) throws KerberosException, InvalidTicketException
     {
         KerberosPrincipal principal = authContext.getRequest().getClientPrincipal();
         PrincipalStore store = authContext.getStore();
 
         PrincipalStoreEntry storeEntry = getEntry( principal, store, ErrorType.KDC_ERR_C_PRINCIPAL_UNKNOWN ); 
         authContext.setClientEntry( storeEntry );
-
-        verifyPolicy( authContext, session, message );
     }
     
-    private static void verifyPolicy( AuthenticationContext authContext, IoSession session, Object message ) throws KerberosException, InvalidTicketException
+    
+    private static void verifyPolicy( AuthenticationContext authContext, IoSession session ) throws KerberosException, InvalidTicketException
     {
         PrincipalStoreEntry entry = authContext.getClientEntry();
 
@@ -158,12 +177,10 @@
         {
             throw new KerberosException( ErrorType.KDC_ERR_CLIENT_REVOKED );
         }
-
-        verifySam( authContext, session, message );
     }
     
     
-    private static void verifySam( AuthenticationContext authContext, IoSession session, Object message ) throws KerberosException, InvalidTicketException
+    private static void verifySam( AuthenticationContext authContext, IoSession session ) throws KerberosException, InvalidTicketException
     {
         LOG.debug( "Verifying using SAM subsystem." );
         KdcRequest request = authContext.getRequest();
@@ -215,18 +232,11 @@
                 LOG.debug( "Pre-authentication using SAM subsystem successful for {}.", clientName );
             }
         }
-
-        verifyEncryptedTimestamp( authContext, session, message );
     }
     
     
-    private static void verifyEncryptedTimestamp( AuthenticationContext authContext, IoSession session, Object message ) throws KerberosException, InvalidTicketException
+    private static void verifyEncryptedTimestamp( AuthenticationContext authContext, IoSession session ) throws KerberosException, InvalidTicketException
     {
-        if ( authContext.getClientKey() != null )
-        {
-            getServerEntry( authContext, session, message );
-        }
-
         LOG.debug( "Verifying using encrypted timestamp." );
         
         KdcServer config = authContext.getConfig();
@@ -323,23 +333,19 @@
         {
             LOG.debug( "Pre-authentication by encrypted timestamp successful for {}.", clientName );
         }
-
-        getServerEntry( authContext, session, message );
     }
     
     
-    private static void getServerEntry( AuthenticationContext authContext, IoSession session, Object message ) throws KerberosException, InvalidTicketException
+    private static void getServerEntry( AuthenticationContext authContext, IoSession session ) throws KerberosException, InvalidTicketException
     {
         KerberosPrincipal principal = authContext.getRequest().getServerPrincipal();
         PrincipalStore store = authContext.getStore();
     
         authContext.setServerEntry( getEntry( principal, store, ErrorType.KDC_ERR_S_PRINCIPAL_UNKNOWN ) );
-    
-        generateTicket( authContext, session, message );
     }    
     
     
-    private static void generateTicket( AuthenticationContext authContext, IoSession session, Object message ) throws KerberosException, InvalidTicketException
+    private static void generateTicket( AuthenticationContext authContext, IoSession session ) throws KerberosException, InvalidTicketException
     {
         KdcRequest request = authContext.getRequest();
         CipherTextHandler cipherTextHandler = authContext.getCipherTextHandler();
@@ -451,6 +457,7 @@
         }
 
         long till = 0;
+        
         if ( request.getTill().getTime() == 0 )
         {
             till = Long.MAX_VALUE;
@@ -479,6 +486,7 @@
         }
 
         long ticketLifeTime = Math.abs( startTime.getTime() - kerberosEndTime.getTime() );
+        
         if ( ticketLifeTime < config.getAllowableClockSkew() )
         {
             throw new KerberosException( ErrorType.KDC_ERR_NEVER_VALID );
@@ -552,12 +560,10 @@
         }
 
         authContext.setTicket( newTicket );
-
-        buildReply( authContext, session, message );
     }
     
     
-    private static void buildReply( AuthenticationContext authContext, IoSession session, Object message ) throws KerberosException, InvalidTicketException
+    private static void buildReply( AuthenticationContext authContext, IoSession session ) throws KerberosException, InvalidTicketException
     {
         KdcRequest request = authContext.getRequest();
         Ticket ticket = authContext.getTicket();
@@ -588,18 +594,10 @@
         reply.setClientAddresses( ticket.getEncTicketPart().getClientAddresses() );
 
         authContext.setReply( reply );
-
-        if ( LOG.isDebugEnabled() )
-        {
-            monitorContext( authContext );
-            monitorReply( ( KdcContext ) session.getAttribute( CONTEXT_KEY ) );
-        }
-        
-        sealReply( authContext, session, message );
     }
     
     
-    private static void sealReply( AuthenticationContext authContext, IoSession session, Object message ) throws KerberosException, InvalidTicketException
+    private static void sealReply( AuthenticationContext authContext, IoSession session ) throws KerberosException, InvalidTicketException
     {
         AuthenticationReply reply = ( AuthenticationReply ) authContext.getReply();
         EncryptionKey clientKey = authContext.getClientKey();
@@ -607,8 +605,6 @@
 
         EncryptedData encryptedData = cipherTextHandler.seal( clientKey, reply, KeyUsage.NUMBER3 );
         reply.setEncPart( encryptedData );
-
-        //next.execute( session, message );
     }
     
     
@@ -736,6 +732,7 @@
             }
         }
     }
+    
     
     /**
      * Get a PrincipalStoreEntry given a principal.  The ErrorType is used to indicate