You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by er...@apache.org on 2007/05/07 02:46:42 UTC
svn commit: r535696 - in
/directory/apacheds/branches/kerberos-encryption-types/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant:
MonitorContext.java VerifyTgtAuthHeader.java
Author: erodriguez
Date: Sun May 6 17:46:42 2007
New Revision: 535696
URL: http://svn.apache.org/viewvc?view=rev&rev=535696
Log:
Updated kerberos-protocol to support multiple key types.
Modified:
directory/apacheds/branches/kerberos-encryption-types/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/MonitorContext.java
directory/apacheds/branches/kerberos-encryption-types/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/VerifyTgtAuthHeader.java
Modified: directory/apacheds/branches/kerberos-encryption-types/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/MonitorContext.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/kerberos-encryption-types/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/MonitorContext.java?view=diff&rev=535696&r1=535695&r2=535696
==============================================================================
--- directory/apacheds/branches/kerberos-encryption-types/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/MonitorContext.java (original)
+++ directory/apacheds/branches/kerberos-encryption-types/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/MonitorContext.java Sun May 6 17:46:42 2007
@@ -25,6 +25,7 @@
import javax.security.auth.kerberos.KerberosPrincipal;
import org.apache.directory.server.kerberos.shared.crypto.checksum.ChecksumType;
+import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
import org.apache.directory.server.kerberos.shared.messages.ApplicationRequest;
import org.apache.directory.server.kerberos.shared.messages.components.Ticket;
import org.apache.directory.server.kerberos.shared.messages.value.HostAddress;
@@ -49,6 +50,7 @@
private String contextKey = "context";
+
public void execute( NextCommand next, IoSession session, Object message ) throws Exception
{
if ( log.isDebugEnabled() )
@@ -92,8 +94,6 @@
sb.append( "\n\t" + "realm " + requestPrincipal.getRealmName() );
sb.append( "\n\t" + "principal " + requestPrincipal.getPrincipal() );
sb.append( "\n\t" + "SAM type " + requestPrincipal.getSamType() );
- sb.append( "\n\t" + "Key type " + requestPrincipal.getEncryptionKey().getKeyType() );
- sb.append( "\n\t" + "Key version " + requestPrincipal.getEncryptionKey().getKeyVersion() );
KerberosPrincipal ticketServerPrincipal = tgsContext.getTgt().getServerPrincipal();
PrincipalStoreEntry ticketPrincipal = tgsContext.getTicketPrincipalEntry();
@@ -103,8 +103,11 @@
sb.append( "\n\t" + "realm " + ticketPrincipal.getRealmName() );
sb.append( "\n\t" + "principal " + ticketPrincipal.getPrincipal() );
sb.append( "\n\t" + "SAM type " + ticketPrincipal.getSamType() );
- sb.append( "\n\t" + "Key type " + ticketPrincipal.getEncryptionKey().getKeyType() );
- sb.append( "\n\t" + "Key version " + ticketPrincipal.getEncryptionKey().getKeyVersion() );
+
+ EncryptionType encryptionType = tgsContext.getTgt().getEncPart().getEncryptionType();
+ int keyVersion = ticketPrincipal.getKeyMap().get( encryptionType ).getKeyVersion();
+ sb.append( "\n\t" + "Ticket key type " + encryptionType );
+ sb.append( "\n\t" + "Service key version " + keyVersion );
log.debug( sb.toString() );
}
@@ -119,7 +122,7 @@
}
- public String getContextKey()
+ protected String getContextKey()
{
return ( this.contextKey );
}
Modified: directory/apacheds/branches/kerberos-encryption-types/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/VerifyTgtAuthHeader.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/kerberos-encryption-types/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/VerifyTgtAuthHeader.java?view=diff&rev=535696&r1=535695&r2=535696
==============================================================================
--- directory/apacheds/branches/kerberos-encryption-types/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/VerifyTgtAuthHeader.java (original)
+++ directory/apacheds/branches/kerberos-encryption-types/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/VerifyTgtAuthHeader.java Sun May 6 17:46:42 2007
@@ -23,6 +23,7 @@
import java.net.InetAddress;
import org.apache.directory.server.kerberos.shared.crypto.encryption.CipherTextHandler;
+import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
import org.apache.directory.server.kerberos.shared.messages.ApplicationRequest;
import org.apache.directory.server.kerberos.shared.messages.components.Authenticator;
import org.apache.directory.server.kerberos.shared.messages.components.Ticket;
@@ -44,7 +45,10 @@
ApplicationRequest authHeader = tgsContext.getAuthHeader();
Ticket tgt = tgsContext.getTgt();
- EncryptionKey serverKey = tgsContext.getTicketPrincipalEntry().getEncryptionKey();
+
+ EncryptionType encryptionType = tgt.getEncPart().getEncryptionType();
+ EncryptionKey serverKey = tgsContext.getTicketPrincipalEntry().getKeyMap().get( encryptionType );
+
long clockSkew = tgsContext.getConfig().getClockSkew();
ReplayCache replayCache = tgsContext.getReplayCache();
boolean emptyAddressesAllowed = tgsContext.getConfig().isEmptyAddressesAllowed();