You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by er...@apache.org on 2005/08/21 10:36:23 UTC
svn commit: r234168 - in
/directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/sam:
KeyIntegrityChecker.java SamException.java SamSubsystem.java
SamVerifier.java TimestampChecker.java
Author: erodriguez
Date: Sun Aug 21 01:36:19 2005
New Revision: 234168
URL: http://svn.apache.org/viewcvs?rev=234168&view=rev
Log:
Reformatting: imports, whitespace, line breaks, or code convention.
Modified:
directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/sam/KeyIntegrityChecker.java
directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/sam/SamException.java
directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/sam/SamSubsystem.java
directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/sam/SamVerifier.java
directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/sam/TimestampChecker.java
Modified: directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/sam/KeyIntegrityChecker.java
URL: http://svn.apache.org/viewcvs/directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/sam/KeyIntegrityChecker.java?rev=234168&r1=234167&r2=234168&view=diff
==============================================================================
--- directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/sam/KeyIntegrityChecker.java (original)
+++ directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/sam/KeyIntegrityChecker.java Sun Aug 21 01:36:19 2005
@@ -16,9 +16,7 @@
*/
package org.apache.kerberos.sam;
-
import javax.security.auth.kerberos.KerberosKey;
-
/**
* Checks the integrity of a kerberos key to decode-decrypt an encrypted
Modified: directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/sam/SamException.java
URL: http://svn.apache.org/viewcvs/directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/sam/SamException.java?rev=234168&r1=234167&r2=234168&view=diff
==============================================================================
--- directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/sam/SamException.java (original)
+++ directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/sam/SamException.java Sun Aug 21 01:36:19 2005
@@ -18,7 +18,6 @@
import org.apache.kerberos.messages.value.SamType;
-
/**
* Base class for all SAM subsystem errors.
*
@@ -31,7 +30,6 @@
/** the SAM type that caused this exception */
private final SamType type;
-
/**
* Creates a SamException for a specific SamType.
*
@@ -44,7 +42,6 @@
this.type = type;
}
-
/**
* Creates a SamException for a specific SamType, with message.
*
@@ -58,7 +55,6 @@
this.type = type;
}
-
/**
* Creates a SamException for a specific SamType, with the cause resulted in
* this exception.
@@ -73,7 +69,6 @@
this.type = type;
}
-
/**
* Creates a SamException for a specific SamType, with a message and the
* cause that resulted in this exception.
@@ -89,7 +84,6 @@
this.type = type;
}
-
/**
* Gets the registered SAM algorithm type associated with this SamException.
Modified: directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/sam/SamSubsystem.java
URL: http://svn.apache.org/viewcvs/directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/sam/SamSubsystem.java?rev=234168&r1=234167&r2=234168&view=diff
==============================================================================
--- directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/sam/SamSubsystem.java (original)
+++ directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/sam/SamSubsystem.java Sun Aug 21 01:36:19 2005
@@ -16,17 +16,15 @@
*/
package org.apache.kerberos.sam;
-
import java.util.HashMap;
import java.util.Hashtable;
-import javax.security.auth.kerberos.KerberosKey;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
+import javax.security.auth.kerberos.KerberosKey;
import org.apache.kerberos.store.PrincipalStoreEntry;
-
/**
* The Subsystem that enables the Kerberos server to use plugable Single-use
* Authentication mechanisms.
@@ -51,7 +49,6 @@
private DirContext userContext;
private String userBaseRdn;
-
/**
* Gets the singleton instance of the SamSubsystem.
*
@@ -67,7 +64,6 @@
return instance;
}
-
/**
* Sets the KeyIntegrityChecker used by the entire SamSubsystem.
*
@@ -78,7 +74,6 @@
this.keyChecker = keyChecker;
}
-
/**
* Uses the principal entry information to load the approapriate SamVerifier
* and verify the Single-use password.
@@ -105,7 +100,7 @@
if ( verifiers.containsKey( entry.getSamType() ) )
{
- verifier = ( SamVerifier ) verifiers.get( entry.getSamType() );
+ verifier = (SamVerifier) verifiers.get( entry.getSamType() );
return verifier.verify( entry.getPrincipal(), sad );
}
@@ -118,31 +113,31 @@
{
env.putAll( userContext.getEnvironment() );
}
- catch (NamingException e)
+ catch ( NamingException e )
{
e.printStackTrace();
}
- if ( ! env.containsKey( key ) )
+ if ( !env.containsKey( key ) )
{
String msg = "Could not find property '" + key + "'";
throw new SamException( entry.getSamType(), msg );
}
- String fqcn = ( String ) env.get( key );
+ String fqcn = (String) env.get( key );
try
{
Class c = Class.forName( fqcn );
- verifier = ( SamVerifier ) c.newInstance();
+ verifier = (SamVerifier) c.newInstance();
try
{
- verifier.setUserContext( ( DirContext ) userContext.lookup( userBaseRdn ) );
+ verifier.setUserContext( (DirContext) userContext.lookup( userBaseRdn ) );
}
- catch (NamingException e)
+ catch ( NamingException e )
{
e.printStackTrace();
@@ -152,7 +147,7 @@
verifier.startup();
- if ( ! verifier.getSamType().equals( entry.getSamType() ) )
+ if ( !verifier.getSamType().equals( entry.getSamType() ) )
{
String msg = "Expecting entries with SAM type of " + verifier.getSamType();
@@ -169,7 +164,7 @@
{
String msg = "Could not find verifier class '" + fqcn;
- msg += "' for SamType( " + entry.getSamType() + " ) " ;
+ msg += "' for SamType( " + entry.getSamType() + " ) ";
throw new SamException( entry.getSamType(), msg, e );
}
@@ -177,7 +172,7 @@
{
String msg = "No public default constructor on class '" + fqcn;
- msg += "' for SamType( " + entry.getSamType() + " ) " ;
+ msg += "' for SamType( " + entry.getSamType() + " ) ";
throw new SamException( entry.getSamType(), msg, e );
}
@@ -185,12 +180,11 @@
{
String msg = "Failed on default constructor invocation for class '" + fqcn;
- msg += "' for SamType( " + entry.getSamType() + " ) " ;
+ msg += "' for SamType( " + entry.getSamType() + " ) ";
throw new SamException( entry.getSamType(), msg, e );
}
}
-
/**
* Sets the context under which user entries can be found.
Modified: directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/sam/SamVerifier.java
URL: http://svn.apache.org/viewcvs/directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/sam/SamVerifier.java?rev=234168&r1=234167&r2=234168&view=diff
==============================================================================
--- directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/sam/SamVerifier.java (original)
+++ directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/sam/SamVerifier.java Sun Aug 21 01:36:19 2005
@@ -16,13 +16,11 @@
*/
package org.apache.kerberos.sam;
-
+import javax.naming.directory.DirContext;
import javax.security.auth.kerberos.KerberosKey;
import javax.security.auth.kerberos.KerberosPrincipal;
-import javax.naming.directory.DirContext;
import org.apache.kerberos.messages.value.SamType;
-
/**
* Single-use Authentication Mechanism verifier (subsystem) interface.
Modified: directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/sam/TimestampChecker.java
URL: http://svn.apache.org/viewcvs/directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/sam/TimestampChecker.java?rev=234168&r1=234167&r2=234168&view=diff
==============================================================================
--- directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/sam/TimestampChecker.java (original)
+++ directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/sam/TimestampChecker.java Sun Aug 21 01:36:19 2005
@@ -14,7 +14,6 @@
* limitations under the License.
*
*/
-
package org.apache.kerberos.sam;
import java.io.IOException;
@@ -32,53 +31,51 @@
import org.apache.kerberos.messages.value.EncryptionKey;
import org.apache.kerberos.messages.value.KerberosTime;
-
public class TimestampChecker implements KeyIntegrityChecker
{
private static final long FIVE_MINUTES = 300000;
-
+
public boolean checkKeyIntegrity( byte[] encryptedData, KerberosKey kerberosKey )
{
EncryptionType keyType = EncryptionType.getTypeByOrdinal( kerberosKey.getKeyType() );
EncryptionKey key = new EncryptionKey( keyType, kerberosKey.getEncoded() );
-
+
try
{
- // Since the pre-auth value is of type PA-ENC-TIMESTAMP, it should be a valid
- // ASN.1 PA-ENC-TS-ENC structure, so we can decode it into EncryptedData.
- EncryptedData sadValue = EncryptedDataDecoder.decode( encryptedData );
-
- // Decrypt the EncryptedData structure to get the PA-ENC-TS-ENC
+ // Since the pre-auth value is of type PA-ENC-TIMESTAMP, it should be a valid
+ // ASN.1 PA-ENC-TS-ENC structure, so we can decode it into EncryptedData.
+ EncryptedData sadValue = EncryptedDataDecoder.decode( encryptedData );
+
+ // Decrypt the EncryptedData structure to get the PA-ENC-TS-ENC
EncryptionEngine engine = EncryptionEngineFactory.getEncryptionEngineFor( key );
byte[] decryptedTimestamp = engine.getDecryptedData( key, sadValue );
-
+
// Decode the decrypted timestamp into our timestamp object.
EncryptedTimestampDecoder decoder = new EncryptedTimestampDecoder();
EncryptedTimeStamp timestamp = decoder.decode( decryptedTimestamp );
-
+
// Since we got here we must have a valid timestamp structure that we can
// validate to be within a five minute skew.
KerberosTime time = timestamp.getTimeStamp();
-
+
if ( time.isInClockSkew( FIVE_MINUTES ) )
{
return true;
}
}
- catch (IOException ioe)
+ catch ( IOException ioe )
{
return false;
}
- catch (KerberosException ke)
+ catch ( KerberosException ke )
{
return false;
}
- catch (ClassCastException cce)
+ catch ( ClassCastException cce )
{
return false;
}
-
+
return false;
}
}
-