svn commit: r1572913 - in /directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/client: KdcConfig.java KdcConnection.java

[ka...@apache.org]

Author: kayyagari
Date: Fri Feb 28 10:44:42 2014
New Revision: 1572913

URL: http://svn.apache.org/r1572913
Log:
o fixed the wrong etype used while decrypting the TGT (DIRKRB-101)
o initialized encryptionTypes in the config

Modified:
    directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/client/KdcConfig.java
    directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/client/KdcConnection.java

Modified: directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/client/KdcConfig.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/client/KdcConfig.java?rev=1572913&r1=1572912&r2=1572913&view=diff
==============================================================================
--- directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/client/KdcConfig.java (original)
+++ directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/client/KdcConfig.java Fri Feb 28 10:44:42 2014
@@ -58,29 +58,22 @@ public class KdcConfig
     /** the timeout of the connection to the Kerberos server */
     private int timeout = 60000; // default 1 min
 
-    /** the set of encryption types that the client can support */
+    /** the set of encryption types that the client can support, by default this includes all the encryption types supported by ApacheDS */
     private Set<EncryptionType> encryptionTypes;
 
-    /** the default encryption types, this includes <b>many</b> encryption types */
-    private static Set<EncryptionType> DEFAULT_ENCRYPTION_TYPES;
-
-    static
-    {
-        DEFAULT_ENCRYPTION_TYPES = new HashSet<EncryptionType>();
-
-        DEFAULT_ENCRYPTION_TYPES.add( AES128_CTS_HMAC_SHA1_96 );
-        DEFAULT_ENCRYPTION_TYPES.add( AES256_CTS_HMAC_SHA1_96 );
-        DEFAULT_ENCRYPTION_TYPES.add( DES_CBC_MD5 );
-        DEFAULT_ENCRYPTION_TYPES.add( DES3_CBC_SHA1_KD );
-        DEFAULT_ENCRYPTION_TYPES.add( RC4_HMAC );
-        //DEFAULT_ENCRYPTION_TYPES.add( RC4_HMAC_EXP );
-
-        DEFAULT_ENCRYPTION_TYPES = KerberosUtils.orderEtypesByStrength( DEFAULT_ENCRYPTION_TYPES );
-    }
-
 
     public KdcConfig()
     {
+        encryptionTypes = new HashSet<EncryptionType>();
+        
+        encryptionTypes.add( AES128_CTS_HMAC_SHA1_96 );
+        encryptionTypes.add( AES256_CTS_HMAC_SHA1_96 );
+        encryptionTypes.add( DES_CBC_MD5 );
+        encryptionTypes.add( DES3_CBC_SHA1_KD );
+        encryptionTypes.add( RC4_HMAC );
+        //DEFAULT_ENCRYPTION_TYPES.add( RC4_HMAC_EXP );
+        
+        encryptionTypes = KerberosUtils.orderEtypesByStrength( encryptionTypes );
     }
 
 

Modified: directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/client/KdcConnection.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/client/KdcConnection.java?rev=1572913&r1=1572912&r2=1572913&view=diff
==============================================================================
--- directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/client/KdcConnection.java (original)
+++ directory/apacheds/trunk/kerberos-client/src/main/java/org/apache/directory/kerberos/client/KdcConnection.java Fri Feb 28 10:44:42 2014
@@ -206,8 +206,7 @@ public class KdcConnection
         return tgt;
     }
     
-    private EncryptionType usedEType;
-    
+
     /* default protected */ TgTicket _getTgt( TgtRequest clientTgtReq ) throws KerberosException
     {
         String realm = clientTgtReq.getRealm();
@@ -260,7 +259,6 @@ public class KdcConnection
         }
         
         EncryptionType encryptionType = clientTgtReq.getETypes().iterator().next();
-        usedEType = encryptionType;
         EncryptionKey clientKey = KerberosKeyFactory.string2Key( clientTgtReq.getClientPrincipal(), clientTgtReq.getPassword(), encryptionType );
 
         AsReq req = new AsReq();
@@ -315,6 +313,12 @@ public class KdcConnection
                 throw new KerberosException( ErrorType.KRB_ERR_WRONG_REALM );
             }
             
+            if ( encryptionType != rep.getEncPart().getEType() )
+            {
+                encryptionType = rep.getEncPart().getEType();
+                clientKey = KerberosKeyFactory.string2Key( clientTgtReq.getClientPrincipal(), clientTgtReq.getPassword(), encryptionType );
+            }
+            
             byte[] decryptedEncAsRepPart = cipherTextHandler.decrypt( clientKey, rep.getEncPart(), KeyUsage.AS_REP_ENC_PART_WITH_CKEY );
             
             EncKdcRepPart encKdcRepPart = null;
@@ -543,7 +547,7 @@ public class KdcConnection
             authenticator.setCusec( 0 );
             authenticator.setSeqNumber( nonceGenerator.nextInt() );
             
-            EncryptionKey subKey = RandomKeyFactory.getRandomKey( usedEType );
+            EncryptionKey subKey = RandomKeyFactory.getRandomKey( tgt.getEncKdcRepPart().getKey().getKeyType() );
             
             authenticator.setSubKey( subKey );