You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by er...@apache.org on 2005/01/28 06:04:29 UTC
svn commit: r148857 - in incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos: io/decoder kdc messages/components messages/value
Author: erodriguez
Date: Thu Jan 27 21:04:26 2005
New Revision: 148857
URL: http://svn.apache.org/viewcvs?view=rev&rev=148857
Log:
Support for pre-authentication by encrypted timestamp.
Added:
incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/io/decoder/EncryptedDataDecoder.java
incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/io/decoder/EncryptedTimestampDecoder.java
incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/EncryptedTimeStampModifier.java
Modified:
incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/AuthenticationService.java
incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/components/Authenticator.java
incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/EncryptedTimeStamp.java
incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/PreAuthenticationData.java
incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/PreAuthenticationDataModifier.java
incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/PreAuthenticationDataType.java
Added: incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/io/decoder/EncryptedDataDecoder.java
Url: http://svn.apache.org/viewcvs/incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/io/decoder/EncryptedDataDecoder.java?view=auto&rev=148857
==============================================================================
--- (empty file)
+++ incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/io/decoder/EncryptedDataDecoder.java Thu Jan 27 21:04:26 2005
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2005 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package org.apache.kerberos.io.decoder;
+
+import java.io.IOException;
+
+import org.apache.asn1.der.ASN1InputStream;
+import org.apache.asn1.der.DERSequence;
+import org.apache.kerberos.messages.value.EncryptedData;
+
+
+public class EncryptedDataDecoder extends KerberosMessageDecoder
+{
+ public EncryptedData decode( byte[] encodedEncryptedData ) throws IOException
+ {
+ ASN1InputStream ais = new ASN1InputStream( encodedEncryptedData );
+
+ DERSequence sequence = (DERSequence) ais.readObject();
+
+ return decodeEncryptedData( sequence );
+ }
+}
+
Added: incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/io/decoder/EncryptedTimestampDecoder.java
Url: http://svn.apache.org/viewcvs/incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/io/decoder/EncryptedTimestampDecoder.java?view=auto&rev=148857
==============================================================================
--- (empty file)
+++ incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/io/decoder/EncryptedTimestampDecoder.java Thu Jan 27 21:04:26 2005
@@ -0,0 +1,81 @@
+/*
+ * Copyright 2005 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package org.apache.kerberos.io.decoder;
+
+import java.io.IOException;
+import java.util.Enumeration;
+
+import org.apache.asn1.der.ASN1InputStream;
+import org.apache.asn1.der.DEREncodable;
+import org.apache.asn1.der.DERGeneralizedTime;
+import org.apache.asn1.der.DERInteger;
+import org.apache.asn1.der.DERSequence;
+import org.apache.asn1.der.DERTaggedObject;
+import org.apache.kerberos.messages.value.EncryptedTimeStamp;
+import org.apache.kerberos.messages.value.EncryptedTimeStampModifier;
+
+/**
+ * padata-type ::= PA-ENC-TIMESTAMP
+ * padata-value ::= EncryptedData -- PA-ENC-TS-ENC
+ *
+ * PA-ENC-TS-ENC ::= SEQUENCE {
+ * patimestamp[0] KerberosTime, -- client's time
+ * pausec[1] INTEGER OPTIONAL
+ * }
+ */
+public class EncryptedTimestampDecoder extends KerberosMessageDecoder
+{
+ public EncryptedTimeStamp decode( byte[] encodedEncryptedTimestamp ) throws IOException
+ {
+ ASN1InputStream ais = new ASN1InputStream( encodedEncryptedTimestamp );
+
+ DERSequence sequence = (DERSequence) ais.readObject();
+
+ return decodeEncryptedTimestamp( sequence );
+ }
+
+ protected EncryptedTimeStamp decodeEncryptedTimestamp( DERSequence sequence )
+ {
+ EncryptedTimeStampModifier modifier = new EncryptedTimeStampModifier();
+
+ for ( Enumeration e = sequence.getObjects(); e.hasMoreElements(); )
+ {
+ DERTaggedObject object = (DERTaggedObject) e.nextElement();
+ int tag = object.getTagNo();
+ DEREncodable derObject = object.getObject();
+
+ switch ( tag )
+ {
+ case 0:
+ DERGeneralizedTime tag0 = (DERGeneralizedTime)derObject;
+ modifier.setKerberosTime( decodeKerberosTime( tag0 ) );
+ break;
+ case 1:
+ DERInteger tag1 = (DERInteger)derObject;
+ modifier.setMicroSecond( tag1.intValue() );
+ break;
+ default:
+ System.out.println( object.getObject() );
+ break;
+ }
+ }
+
+ return modifier.getEncryptedTimestamp();
+ }
+}
+
Modified: incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/AuthenticationService.java
Url: http://svn.apache.org/viewcvs/incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/AuthenticationService.java?view=diff&rev=148857&p1=incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/AuthenticationService.java&r1=148856&p2=incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/AuthenticationService.java&r2=148857
==============================================================================
--- incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/AuthenticationService.java (original)
+++ incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/AuthenticationService.java Thu Jan 27 21:04:26 2005
@@ -14,10 +14,17 @@
* limitations under the License.
*
*/
+
package org.apache.kerberos.kdc;
+import java.io.IOException;
+
+import javax.security.auth.kerberos.KerberosPrincipal;
+
import org.apache.kerberos.crypto.RandomKey;
import org.apache.kerberos.crypto.encryption.EncryptionEngine;
+import org.apache.kerberos.io.decoder.EncryptedDataDecoder;
+import org.apache.kerberos.io.decoder.EncryptedTimestampDecoder;
import org.apache.kerberos.io.encoder.EncAsRepPartEncoder;
import org.apache.kerberos.io.encoder.EncTicketPartEncoder;
import org.apache.kerberos.kdc.store.PrincipalStore;
@@ -26,93 +33,125 @@
import org.apache.kerberos.messages.components.EncTicketPart;
import org.apache.kerberos.messages.components.EncTicketPartModifier;
import org.apache.kerberos.messages.components.Ticket;
-import org.apache.kerberos.messages.value.*;
+import org.apache.kerberos.messages.value.EncryptedData;
+import org.apache.kerberos.messages.value.EncryptedTimeStamp;
+import org.apache.kerberos.messages.value.EncryptionKey;
+import org.apache.kerberos.messages.value.KdcOptions;
+import org.apache.kerberos.messages.value.KerberosTime;
+import org.apache.kerberos.messages.value.LastRequest;
+import org.apache.kerberos.messages.value.PreAuthenticationData;
+import org.apache.kerberos.messages.value.PreAuthenticationDataType;
+import org.apache.kerberos.messages.value.TicketFlags;
+import org.apache.kerberos.messages.value.TransitedEncoding;
-import javax.security.auth.kerberos.KerberosPrincipal;
-public class AuthenticationService extends KerberosService {
-
+public class AuthenticationService extends KerberosService
+{
private KdcConfiguration config;
- public AuthenticationService(PrincipalStore store, PrincipalStore bootstrap, KdcConfiguration config)
+ public AuthenticationService( PrincipalStore store, PrincipalStore bootstrap, KdcConfiguration config )
{
- super(config, bootstrap, store);
+ super( config, bootstrap, store );
this.config = config;
}
-
- public AuthenticationReply getReplyFor(KdcRequest request) throws KerberosException {
-
+
+ public AuthenticationReply getReplyFor( KdcRequest request ) throws KerberosException
+ {
KerberosPrincipal clientPrincipal = request.getClientPrincipal();
- EncryptionKey clientKey = getKeyForPrincipal(clientPrincipal);
+ EncryptionKey clientKey = getKeyForPrincipal( clientPrincipal );
- if (clientKey == null)
+ if ( clientKey == null )
{
throw KerberosException.KDC_ERR_C_PRINCIPAL_UNKNOWN;
}
KerberosPrincipal serverPrincipal = request.getServerPrincipal();
- EncryptionKey serverKey = getKeyForPrincipal(serverPrincipal);
+ EncryptionKey serverKey = getKeyForPrincipal( serverPrincipal );
- if (serverKey == null)
+ if ( serverKey == null )
{
throw KerberosException.KDC_ERR_S_PRINCIPAL_UNKNOWN;
}
- verifyPreAuthentication(request, clientPrincipal);
+ verifyPreAuthentication( request, clientKey );
- Ticket ticket = getNewTicket(request, serverKey);
- AuthenticationReply reply = getAuthenticationReply(request, ticket);
- encryptReplyPart(reply, clientKey);
+ Ticket ticket = getNewTicket( request, serverKey );
+ AuthenticationReply reply = getAuthenticationReply( request, ticket );
+ encryptReplyPart( reply, clientKey );
- System.out.print("Issuing ticket to client " + clientPrincipal.toString() + " ");
- System.out.println("for access to " + serverPrincipal.toString());
+ System.out.print( "Issuing ticket to client " + clientPrincipal.toString() + " " );
+ System.out.println( "for access to " + serverPrincipal.toString() );
return reply;
}
- // TODO - currently no support for pre-auth; requires server store support
- private void verifyPreAuthentication(KdcRequest request, KerberosPrincipal clientPrincipal) {
- /*
- if(client.pa_enc_timestamp_required and
- pa_enc_timestamp not present) then
- error_out(KDC_ERR_PREAUTH_REQUIRED(PA_ENC_TIMESTAMP));
- endif
- */
-
- /*
- if(pa_enc_timestamp present) then
- getDecryptedData req.padata-value into decrypted_enc_timestamp
- using client.key;
- using auth_hdr.authenticator.subkey;
- if (decrypt_error()) then
- error_out(KRB_AP_ERR_BAD_INTEGRITY);
- if(decrypted_enc_timestamp is not within allowable
- skew) then error_out(KDC_ERR_PREAUTH_FAILED);
- endif
- if(decrypted_enc_timestamp and usec is replay)
- error_out(KDC_ERR_PREAUTH_FAILED);
- endif
- add decrypted_enc_timestamp and usec to replay cache;
- endif
- */
-
- /*
- if (LocalConfig.DEFAULT_PA_ENC_TIMESTAMP_REQUIRED) {
- byte[] encTimeStamp = CryptoService.getEncryptedTimestamp(key, new Date());
- if (key != null) {
- paData = new PreAuthenticationData[1];
- paData[0] = new PreAuthenticationData(PreAuthenticationData.PA_ENC_TIMESTAMP, encTimeStamp);
- }
- }
- */
+ private void verifyPreAuthentication( KdcRequest request, EncryptionKey clientKey )
+ throws KerberosException
+ {
+ if ( config.isPaEncTimestampRequired() )
+ {
+ PreAuthenticationData[] paData = request.getPreAuthData();
+
+ if ( paData == null )
+ {
+ throw KerberosException.KDC_ERR_PREAUTH_REQUIRED;
+ }
+
+ EncryptedTimeStamp timestamp = null;
+
+ for ( int ii = 0; ii < paData.length; ii++ )
+ {
+ if ( paData[ ii ].getDataType().equals( PreAuthenticationDataType.PA_ENC_TIMESTAMP ) )
+ {
+ try
+ {
+ EncryptedDataDecoder decoder = new EncryptedDataDecoder();
+ EncryptedData dataValue = decoder.decode( paData[ ii ].getDataValue() );
+
+ EncryptionEngine engine = getEncryptionEngine( clientKey );
+
+ byte[] decTimestamp = engine.getDecryptedData( clientKey, dataValue );
+
+ EncryptedTimestampDecoder timeStampDecoder = new EncryptedTimestampDecoder();
+ timestamp = timeStampDecoder.decode( decTimestamp );
+ }
+ catch (KerberosException ke)
+ {
+ throw KerberosException.KRB_AP_ERR_BAD_INTEGRITY;
+ }
+ catch (IOException ioe)
+ {
+ throw KerberosException.KRB_AP_ERR_BAD_INTEGRITY;
+ }
+ }
+ }
+
+ if ( timestamp == null )
+ {
+ throw KerberosException.KDC_ERR_PREAUTH_REQUIRED;
+ }
+
+ if ( !timestamp.getTimeStamp().isInClockSkew( config.getClockSkew() ) )
+ {
+ throw KerberosException.KDC_ERR_PREAUTH_FAILED;
+ }
+
+ /*
+ if(decrypted_enc_timestamp and usec is replay)
+ error_out(KDC_ERR_PREAUTH_FAILED);
+ endif
+
+ add decrypted_enc_timestamp and usec to replay cache;
+ */
+ }
}
// TODO - client and server parameters; requires store
- private Ticket getNewTicket(KdcRequest request, EncryptionKey serverKey) throws KerberosException {
-
+ private Ticket getNewTicket(KdcRequest request, EncryptionKey serverKey) throws KerberosException
+ {
KerberosPrincipal ticketPrincipal = request.getServerPrincipal();
EncTicketPartModifier newTicketBody = new EncTicketPartModifier();
@@ -140,7 +179,8 @@
KerberosTime now = new KerberosTime();
newTicketBody.setAuthTime(now);
- if (request.getKdcOptions().get(KdcOptions.POSTDATED)) {
+ if (request.getKdcOptions().get(KdcOptions.POSTDATED))
+ {
// TODO - possibly allow req.from range
if (!config.isPostdateAllowed())
throw KerberosException.KDC_ERR_POLICY;
@@ -165,7 +205,8 @@
long tempRtime = 0;
if (request.getKdcOptions().get(KdcOptions.RENEWABLE_OK) &&
- request.getTill().greaterThan(kerberosEndTime)) {
+ request.getTill().greaterThan(kerberosEndTime))
+ {
request.getKdcOptions().set(KdcOptions.RENEWABLE);
tempRtime = request.getTill().getTime();
}
@@ -186,14 +227,16 @@
else
tempRtime = request.getRtime().getTime();
- if (request.getKdcOptions().get(KdcOptions.RENEWABLE)) {
+ if (request.getKdcOptions().get(KdcOptions.RENEWABLE))
+ {
newTicketBody.setFlag(TicketFlags.RENEWABLE);
long renewTill = Math.min(request.getFrom().getTime()
+ config.getMaximumRenewableLifetime(), tempRtime);
newTicketBody.setRenewTill(new KerberosTime(renewTill));
}
- if (request.getAddresses() != null) {
+ if (request.getAddresses() != null)
+ {
newTicketBody.setClientAddresses(request.getAddresses());
}
@@ -207,25 +250,31 @@
return newTicket;
}
- private EncryptedData encryptTicketPart(EncTicketPart ticketPart, EncryptionKey serverKey) {
+ private EncryptedData encryptTicketPart(EncTicketPart ticketPart, EncryptionKey serverKey)
+ {
EncTicketPartEncoder encoder = new EncTicketPartEncoder();
EncryptedData encryptedTicketPart = null;
- try {
+ try
+ {
byte[] plainText = encoder.encode(ticketPart);
EncryptionEngine engine = getEncryptionEngine(serverKey);
encryptedTicketPart = engine.getEncryptedData(serverKey, plainText);
- } catch (Exception e) {
+ }
+ catch (Exception e)
+ {
e.printStackTrace();
}
return encryptedTicketPart;
}
- private void encryptReplyPart(AuthenticationReply reply, EncryptionKey clientKey) {
+ private void encryptReplyPart( AuthenticationReply reply, EncryptionKey clientKey )
+ {
EncAsRepPartEncoder encoder = new EncAsRepPartEncoder();
- try {
+ try
+ {
byte[] plainText = encoder.encode(reply);
EncryptionEngine engine = getEncryptionEngine(clientKey);
@@ -233,35 +282,39 @@
EncryptedData cipherText = engine.getEncryptedData(clientKey, plainText);
reply.setEncPart(cipherText);
-
- } catch (Exception e) {
+ }
+ catch (Exception e)
+ {
e.printStackTrace();
}
}
- private AuthenticationReply getAuthenticationReply(KdcRequest request, Ticket ticket) {
+ private AuthenticationReply getAuthenticationReply( KdcRequest request, Ticket ticket )
+ {
AuthenticationReply reply = new AuthenticationReply();
- reply.setClientPrincipal(request.getClientPrincipal());
- reply.setTicket(ticket);
- reply.setKey(ticket.getSessionKey());
+ reply.setClientPrincipal( request.getClientPrincipal() );
+ reply.setTicket( ticket );
+ reply.setKey( ticket.getSessionKey() );
// TODO - fetch lastReq for this client; requires store
- reply.setLastRequest(new LastRequest());
+ reply.setLastRequest( new LastRequest() );
// TODO - resp.key-expiration := client.expiration; requires store
- reply.setNonce(request.getNonce());
+ reply.setNonce( request.getNonce() );
- reply.setFlags(ticket.getFlags());
- reply.setAuthTime(ticket.getAuthTime());
- reply.setStartTime(ticket.getStartTime());
- reply.setEndTime(ticket.getEndTime());
+ reply.setFlags( ticket.getFlags() );
+ reply.setAuthTime( ticket.getAuthTime() );
+ reply.setStartTime( ticket.getStartTime() );
+ reply.setEndTime( ticket.getEndTime() );
- if (ticket.getFlags().get(TicketFlags.RENEWABLE))
+ if ( ticket.getFlags().get( TicketFlags.RENEWABLE ) )
+ {
reply.setRenewTill(ticket.getRenewTill());
+ }
- reply.setServerPrincipal(ticket.getServerPrincipal());
- reply.setClientAddresses(ticket.getClientAddresses());
+ reply.setServerPrincipal( ticket.getServerPrincipal() );
+ reply.setClientAddresses( ticket.getClientAddresses() );
return reply;
}
Modified: incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/components/Authenticator.java
Url: http://svn.apache.org/viewcvs/incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/components/Authenticator.java?view=diff&rev=148857&p1=incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/components/Authenticator.java&r1=148856&p2=incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/components/Authenticator.java&r2=148857
==============================================================================
--- incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/components/Authenticator.java (original)
+++ incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/components/Authenticator.java Thu Jan 27 21:04:26 2005
@@ -14,70 +14,90 @@
* limitations under the License.
*
*/
+
package org.apache.kerberos.messages.components;
-import org.apache.kerberos.messages.value.*;
+import javax.security.auth.kerberos.KerberosPrincipal;
-import javax.security.auth.kerberos.*;
+import org.apache.kerberos.messages.value.AuthorizationData;
+import org.apache.kerberos.messages.value.Checksum;
+import org.apache.kerberos.messages.value.EncryptionKey;
+import org.apache.kerberos.messages.value.KerberosTime;
-public class Authenticator {
-
+
+public class Authenticator
+{
public static final int AUTHENTICATOR_VNO = 5;
- private int _versionNumber;
- private KerberosPrincipal _clientPrincipal;
- private Checksum _checksum;
- private int _clientMicroSecond;
- private KerberosTime _clientTime;
- private EncryptionKey _subSessionKey;
- private int _sequenceNumber;
- private AuthorizationData _authorizationData;
-
- public Authenticator(KerberosPrincipal clientPrincipal, Checksum checksum,
- int cusec, KerberosTime clientTime, EncryptionKey subSessionKey, int sequenceNumber,
- AuthorizationData authorizationData) {
-
- this(AUTHENTICATOR_VNO, clientPrincipal, checksum, cusec, clientTime,
- subSessionKey, sequenceNumber, authorizationData);
- }
-
- public Authenticator(int versionNumber, KerberosPrincipal clientPrincipal, Checksum checksum,
- int cusec, KerberosTime clientTime, EncryptionKey subSessionKey, int sequenceNumber,
- AuthorizationData authorizationData) {
-
- _versionNumber = versionNumber;
- _clientPrincipal = clientPrincipal;
- _checksum = checksum;
- _clientMicroSecond = cusec;
- _clientTime = clientTime;
- _subSessionKey = subSessionKey;
- _sequenceNumber = sequenceNumber;
- _authorizationData = authorizationData;
- }
-
- public KerberosPrincipal getClientPrincipal() {
- return _clientPrincipal;
- }
- public KerberosTime getClientTime() {
- return _clientTime;
- }
- public int getClientMicroSecond() {
- return _clientMicroSecond;
- }
- public AuthorizationData getAuthorizationData() {
- return _authorizationData;
- }
- public Checksum getChecksum() {
- return _checksum;
+ private int versionNumber;
+ private KerberosPrincipal clientPrincipal;
+ private Checksum checksum;
+ private int clientMicroSecond;
+ private KerberosTime clientTime;
+ private EncryptionKey subSessionKey;
+ private int sequenceNumber;
+ private AuthorizationData authorizationData;
+
+ public Authenticator( KerberosPrincipal clientPrincipal, Checksum checksum,
+ int clientMicroSecond, KerberosTime clientTime, EncryptionKey subSessionKey,
+ int sequenceNumber, AuthorizationData authorizationData )
+ {
+ this( AUTHENTICATOR_VNO, clientPrincipal, checksum, clientMicroSecond, clientTime,
+ subSessionKey, sequenceNumber, authorizationData );
+ }
+
+ public Authenticator( int versionNumber, KerberosPrincipal clientPrincipal, Checksum checksum,
+ int clientMicroSecond, KerberosTime clientTime, EncryptionKey subSessionKey, int sequenceNumber,
+ AuthorizationData authorizationData )
+ {
+ this.versionNumber = versionNumber;
+ this.clientPrincipal = clientPrincipal;
+ this.checksum = checksum;
+ this.clientMicroSecond = clientMicroSecond;
+ this.clientTime = clientTime;
+ this.subSessionKey = subSessionKey;
+ this.sequenceNumber = sequenceNumber;
+ this.authorizationData = authorizationData;
+ }
+
+ public KerberosPrincipal getClientPrincipal()
+ {
+ return clientPrincipal;
}
- public int getSequenceNumber() {
- return _sequenceNumber;
+
+ public KerberosTime getClientTime()
+ {
+ return clientTime;
}
- public EncryptionKey getSubSessionKey() {
- return _subSessionKey;
+
+ public int getClientMicroSecond()
+ {
+ return clientMicroSecond;
}
- public int getVersionNumber() {
- return _versionNumber;
+
+ public AuthorizationData getAuthorizationData()
+ {
+ return authorizationData;
+ }
+
+ public Checksum getChecksum()
+ {
+ return checksum;
+ }
+
+ public int getSequenceNumber()
+ {
+ return sequenceNumber;
+ }
+
+ public EncryptionKey getSubSessionKey()
+ {
+ return subSessionKey;
+ }
+
+ public int getVersionNumber()
+ {
+ return versionNumber;
}
}
Modified: incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/EncryptedTimeStamp.java
Url: http://svn.apache.org/viewcvs/incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/EncryptedTimeStamp.java?view=diff&rev=148857&p1=incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/EncryptedTimeStamp.java&r1=148856&p2=incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/EncryptedTimeStamp.java&r2=148857
==============================================================================
--- incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/EncryptedTimeStamp.java (original)
+++ incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/EncryptedTimeStamp.java Thu Jan 27 21:04:26 2005
@@ -14,26 +14,31 @@
* limitations under the License.
*
*/
+
package org.apache.kerberos.messages.value;
/**
* Pre-authentication encrypted timestamp
*/
-public class EncryptedTimeStamp {
- private KerberosTime _timeStamp;
- private int _microSeconds; //optional
+public class EncryptedTimeStamp
+{
+ private KerberosTime timeStamp;
+ private int microSeconds; //optional
- public EncryptedTimeStamp(KerberosTime timeStamp, int microSeconds) {
- _timeStamp = timeStamp;
- _microSeconds = microSeconds;
+ public EncryptedTimeStamp( KerberosTime timeStamp, int microSeconds )
+ {
+ this.timeStamp = timeStamp;
+ this.microSeconds = microSeconds;
}
- public KerberosTime getTimeStamp() {
- return _timeStamp;
+ public KerberosTime getTimeStamp()
+ {
+ return timeStamp;
}
- public int getMicroSeconds() {
- return _microSeconds;
+ public int getMicroSeconds()
+ {
+ return microSeconds;
}
}
Added: incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/EncryptedTimeStampModifier.java
Url: http://svn.apache.org/viewcvs/incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/EncryptedTimeStampModifier.java?view=auto&rev=148857
==============================================================================
--- (empty file)
+++ incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/EncryptedTimeStampModifier.java Thu Jan 27 21:04:26 2005
@@ -0,0 +1,41 @@
+/*
+ * Copyright 2005 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package org.apache.kerberos.messages.value;
+
+
+public class EncryptedTimeStampModifier
+{
+ private KerberosTime timeStamp;
+ private int microSecond; //optional
+
+ public EncryptedTimeStamp getEncryptedTimestamp()
+ {
+ return new EncryptedTimeStamp( timeStamp, microSecond );
+ }
+
+ public void setKerberosTime( KerberosTime timeStamp )
+ {
+ this.timeStamp = timeStamp;
+ }
+
+ public void setMicroSecond( int microSecond )
+ {
+ this.microSecond = microSecond;
+ }
+}
+
Modified: incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/PreAuthenticationData.java
Url: http://svn.apache.org/viewcvs/incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/PreAuthenticationData.java?view=diff&rev=148857&p1=incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/PreAuthenticationData.java&r1=148856&p2=incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/PreAuthenticationData.java&r2=148857
==============================================================================
--- incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/PreAuthenticationData.java (original)
+++ incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/PreAuthenticationData.java Thu Jan 27 21:04:26 2005
@@ -14,14 +14,16 @@
* limitations under the License.
*
*/
+
package org.apache.kerberos.messages.value;
+
public class PreAuthenticationData
{
private PreAuthenticationDataType dataType;
private byte[] dataValue;
- public PreAuthenticationData(PreAuthenticationDataType dataType, byte[] dataValue)
+ public PreAuthenticationData( PreAuthenticationDataType dataType, byte[] dataValue )
{
this.dataType = dataType;
this.dataValue = dataValue;
Modified: incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/PreAuthenticationDataModifier.java
Url: http://svn.apache.org/viewcvs/incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/PreAuthenticationDataModifier.java?view=diff&rev=148857&p1=incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/PreAuthenticationDataModifier.java&r1=148856&p2=incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/PreAuthenticationDataModifier.java&r2=148857
==============================================================================
--- incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/PreAuthenticationDataModifier.java (original)
+++ incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/PreAuthenticationDataModifier.java Thu Jan 27 21:04:26 2005
@@ -14,8 +14,10 @@
* limitations under the License.
*
*/
+
package org.apache.kerberos.messages.value;
+
public class PreAuthenticationDataModifier
{
private PreAuthenticationDataType dataType;
@@ -23,15 +25,15 @@
public PreAuthenticationData getPreAuthenticationData()
{
- return new PreAuthenticationData(dataType, dataValue);
+ return new PreAuthenticationData( dataType, dataValue );
}
- public void setDataType(PreAuthenticationDataType dataType)
+ public void setDataType( PreAuthenticationDataType dataType )
{
this.dataType = dataType;
}
- public void setDataValue(byte[] dataValue)
+ public void setDataValue( byte[] dataValue )
{
this.dataValue = dataValue;
}
Modified: incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/PreAuthenticationDataType.java
Url: http://svn.apache.org/viewcvs/incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/PreAuthenticationDataType.java?view=diff&rev=148857&p1=incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/PreAuthenticationDataType.java&r1=148856&p2=incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/PreAuthenticationDataType.java&r2=148857
==============================================================================
--- incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/PreAuthenticationDataType.java (original)
+++ incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/PreAuthenticationDataType.java Thu Jan 27 21:04:26 2005
@@ -14,75 +14,89 @@
* limitations under the License.
*
*/
+
package org.apache.kerberos.messages.value;
-import java.util.*;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
-public class PreAuthenticationDataType implements Comparable {
+public class PreAuthenticationDataType implements Comparable
+{
/**
* Enumeration elements are constructed once upon class loading.
* Order of appearance here determines the order of compareTo.
*/
- public static final PreAuthenticationDataType NULL = new PreAuthenticationDataType(0, "null");
- public static final PreAuthenticationDataType PA_TGS_REQ = new PreAuthenticationDataType(1, "TGS Request");
- public static final PreAuthenticationDataType PA_ENC_TIMESTAMP = new PreAuthenticationDataType(2, "Enc timestamp");
- public static final PreAuthenticationDataType PA_PW_SALT = new PreAuthenticationDataType(3, "password salt");
- public static final PreAuthenticationDataType PA_ENC_UNIX_TIME = new PreAuthenticationDataType(5, "enc unix time");
- public static final PreAuthenticationDataType PA_SANDIA_SECUREID = new PreAuthenticationDataType(6, "sandia secureid");
- public static final PreAuthenticationDataType PA_SESAME = new PreAuthenticationDataType(7, "sesame");
- public static final PreAuthenticationDataType PA_OSF_DCE = new PreAuthenticationDataType(8, "OSF DCE");
- public static final PreAuthenticationDataType PA_CYBERSAFE_SECUREID = new PreAuthenticationDataType(9, "cybersafe secureid");
- public static final PreAuthenticationDataType PA_ASF3_SALT = new PreAuthenticationDataType(10, "ASF3 salt");
- public static final PreAuthenticationDataType PA_ETYPE_INFO = new PreAuthenticationDataType(11, "encryption info");
- public static final PreAuthenticationDataType SAM_CHALLENGE = new PreAuthenticationDataType(12, "SAM challenge");
- public static final PreAuthenticationDataType SAM_RESPONSE = new PreAuthenticationDataType(13, "SAM response");
- public static final PreAuthenticationDataType PA_PK_AS_REQ = new PreAuthenticationDataType(14, "PK as request");
- public static final PreAuthenticationDataType PA_PK_AS_REP = new PreAuthenticationDataType(15, "PK as response");
- public static final PreAuthenticationDataType PA_USE_SPECIFIED_KVNO = new PreAuthenticationDataType(20, "use specified key version");
- public static final PreAuthenticationDataType SAM_REDIRECT = new PreAuthenticationDataType(21, "SAM redirect");
- public static final PreAuthenticationDataType PA_GET_FROM_TYPED_DATA = new PreAuthenticationDataType(22, "Get from typed data");
+ public static final PreAuthenticationDataType NULL = new PreAuthenticationDataType( 0, "null" );
+ public static final PreAuthenticationDataType PA_TGS_REQ = new PreAuthenticationDataType( 1, "TGS Request." );
+ public static final PreAuthenticationDataType PA_ENC_TIMESTAMP = new PreAuthenticationDataType( 2, "Encrypted timestamp." );
+ public static final PreAuthenticationDataType PA_PW_SALT = new PreAuthenticationDataType( 3, "password salt" );
+ public static final PreAuthenticationDataType PA_ENC_UNIX_TIME = new PreAuthenticationDataType( 5, "enc unix time" );
+ public static final PreAuthenticationDataType PA_SANDIA_SECUREID = new PreAuthenticationDataType( 6, "sandia secureid" );
+ public static final PreAuthenticationDataType PA_SESAME = new PreAuthenticationDataType( 7, "sesame" );
+ public static final PreAuthenticationDataType PA_OSF_DCE = new PreAuthenticationDataType( 8, "OSF DCE" );
+ public static final PreAuthenticationDataType PA_CYBERSAFE_SECUREID = new PreAuthenticationDataType( 9, "cybersafe secureid" );
+ public static final PreAuthenticationDataType PA_ASF3_SALT = new PreAuthenticationDataType( 10, "ASF3 salt" );
+ public static final PreAuthenticationDataType PA_ETYPE_INFO = new PreAuthenticationDataType( 11, "encryption info" );
+ public static final PreAuthenticationDataType SAM_CHALLENGE = new PreAuthenticationDataType( 12, "SAM challenge." );
+ public static final PreAuthenticationDataType SAM_RESPONSE = new PreAuthenticationDataType( 13, "SAM response." );
+ public static final PreAuthenticationDataType PA_PK_AS_REQ = new PreAuthenticationDataType( 14, "PK as request" );
+ public static final PreAuthenticationDataType PA_PK_AS_REP = new PreAuthenticationDataType( 15, "PK as response" );
+ public static final PreAuthenticationDataType PA_USE_SPECIFIED_KVNO = new PreAuthenticationDataType( 20, "use specified key version" );
+ public static final PreAuthenticationDataType SAM_REDIRECT = new PreAuthenticationDataType( 21, "SAM redirect." );
+ public static final PreAuthenticationDataType PA_GET_FROM_TYPED_DATA = new PreAuthenticationDataType( 22, "Get from typed data" );
- public String toString() {
- return _fName + " (" + _fOrdinal + ")";
+ public String toString()
+ {
+ return name + " (" + ordinal + ")";
}
- public int compareTo(Object that) {
- return _fOrdinal - ((PreAuthenticationDataType) that)._fOrdinal;
+ public int compareTo( Object that )
+ {
+ return ordinal - ( (PreAuthenticationDataType) that ).ordinal;
}
- public static PreAuthenticationDataType getTypeByOrdinal(int type) {
- for (int i = 0; i < fValues.length; i++)
- if (fValues[i]._fOrdinal == type)
- return fValues[i];
+ public static PreAuthenticationDataType getTypeByOrdinal( int type )
+ {
+ for ( int ii = 0; ii < values.length; ii++ )
+ {
+ if ( values[ ii ].ordinal == type )
+ {
+ return values[ ii ];
+ }
+ }
+
return NULL;
}
- public int getOrdinal() {
- return _fOrdinal;
+ public int getOrdinal()
+ {
+ return ordinal;
}
/// PRIVATE /////
- private final String _fName;
- private final int _fOrdinal;
+ private final String name;
+ private final int ordinal;
/**
* Private constructor prevents construction outside of this class.
*/
- private PreAuthenticationDataType(int ordinal, String name) {
- _fOrdinal = ordinal;
- _fName = name;
+ private PreAuthenticationDataType( int ordinal, String name )
+ {
+ this.ordinal = ordinal;
+ this.name = name;
}
/**
* These two lines are all that's necessary to export a List of VALUES.
*/
- private static final PreAuthenticationDataType[] fValues = {NULL, PA_TGS_REQ,
+ private static final PreAuthenticationDataType[] values = { NULL, PA_TGS_REQ,
PA_ENC_TIMESTAMP, PA_PW_SALT, PA_ENC_UNIX_TIME, PA_SANDIA_SECUREID,
PA_SESAME, PA_OSF_DCE, PA_CYBERSAFE_SECUREID, PA_ASF3_SALT, PA_ETYPE_INFO,
SAM_CHALLENGE, SAM_RESPONSE, PA_PK_AS_REQ, PA_PK_AS_REP, PA_USE_SPECIFIED_KVNO,
- SAM_REDIRECT, PA_GET_FROM_TYPED_DATA};
+ SAM_REDIRECT, PA_GET_FROM_TYPED_DATA };
// VALUES needs to be located here, otherwise illegal forward reference
- public static final List VALUES = Collections.unmodifiableList(Arrays.asList(fValues));
+ public static final List VALUES = Collections.unmodifiableList( Arrays.asList( values ) );
}