You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by er...@apache.org on 2005/09/10 20:56:33 UTC
svn commit: r280023 - in
/directory/protocol-providers/kerberos/trunk/src/java/org/apache/kerberos/kdc:
authentication/ ticketgrant/
Author: erodriguez
Date: Sat Sep 10 11:56:25 2005
New Revision: 280023
URL: http://svn.apache.org/viewcvs?rev=280023&view=rev
Log:
Refactored AS and TGS chains to use new random session key command in kerberos-common:
o added GetSessionKey commands
o inserted GetSessionKey commands into AS and TGS chains
o added session key getter/setter to authentication context
o updated GenerateTicket's to use session key from contexts
Added:
directory/protocol-providers/kerberos/trunk/src/java/org/apache/kerberos/kdc/authentication/GetSessionKey.java (with props)
directory/protocol-providers/kerberos/trunk/src/java/org/apache/kerberos/kdc/ticketgrant/GetSessionKey.java (with props)
Modified:
directory/protocol-providers/kerberos/trunk/src/java/org/apache/kerberos/kdc/authentication/AuthenticationContext.java
directory/protocol-providers/kerberos/trunk/src/java/org/apache/kerberos/kdc/authentication/AuthenticationServiceChain.java
directory/protocol-providers/kerberos/trunk/src/java/org/apache/kerberos/kdc/authentication/GenerateTicket.java
directory/protocol-providers/kerberos/trunk/src/java/org/apache/kerberos/kdc/ticketgrant/GenerateTicket.java
directory/protocol-providers/kerberos/trunk/src/java/org/apache/kerberos/kdc/ticketgrant/TicketGrantingServiceChain.java
Modified: directory/protocol-providers/kerberos/trunk/src/java/org/apache/kerberos/kdc/authentication/AuthenticationContext.java
URL: http://svn.apache.org/viewcvs/directory/protocol-providers/kerberos/trunk/src/java/org/apache/kerberos/kdc/authentication/AuthenticationContext.java?rev=280023&r1=280022&r2=280023&view=diff
==============================================================================
--- directory/protocol-providers/kerberos/trunk/src/java/org/apache/kerberos/kdc/authentication/AuthenticationContext.java (original)
+++ directory/protocol-providers/kerberos/trunk/src/java/org/apache/kerberos/kdc/authentication/AuthenticationContext.java Sat Sep 10 11:56:25 2005
@@ -34,6 +34,7 @@
private Ticket ticket;
private EncryptionKey clientKey;
+ private EncryptionKey sessionKey;
private PrincipalStoreEntry clientEntry;
private PrincipalStoreEntry serverEntry;
@@ -116,6 +117,22 @@
public void setClientKey( EncryptionKey clientKey )
{
this.clientKey = clientKey;
+ }
+
+ /**
+ * @return Returns the sessionKey.
+ */
+ public EncryptionKey getSessionKey()
+ {
+ return sessionKey;
+ }
+
+ /**
+ * @param sessionKey The sessionKey to set.
+ */
+ public void setSessionKey( EncryptionKey sessionKey )
+ {
+ this.sessionKey = sessionKey;
}
/**
Modified: directory/protocol-providers/kerberos/trunk/src/java/org/apache/kerberos/kdc/authentication/AuthenticationServiceChain.java
URL: http://svn.apache.org/viewcvs/directory/protocol-providers/kerberos/trunk/src/java/org/apache/kerberos/kdc/authentication/AuthenticationServiceChain.java?rev=280023&r1=280022&r2=280023&view=diff
==============================================================================
--- directory/protocol-providers/kerberos/trunk/src/java/org/apache/kerberos/kdc/authentication/AuthenticationServiceChain.java (original)
+++ directory/protocol-providers/kerberos/trunk/src/java/org/apache/kerberos/kdc/authentication/AuthenticationServiceChain.java Sat Sep 10 11:56:25 2005
@@ -36,6 +36,7 @@
addCommand( new GetClientEntry() );
addCommand( new PreAuthenticationChain() );
addCommand( new GetServerEntry() );
+ addCommand( new GetSessionKey() );
addCommand( new GenerateTicket() );
addCommand( new BuildReply() );
addCommand( new SealReply() );
Modified: directory/protocol-providers/kerberos/trunk/src/java/org/apache/kerberos/kdc/authentication/GenerateTicket.java
URL: http://svn.apache.org/viewcvs/directory/protocol-providers/kerberos/trunk/src/java/org/apache/kerberos/kdc/authentication/GenerateTicket.java?rev=280023&r1=280022&r2=280023&view=diff
==============================================================================
--- directory/protocol-providers/kerberos/trunk/src/java/org/apache/kerberos/kdc/authentication/GenerateTicket.java (original)
+++ directory/protocol-providers/kerberos/trunk/src/java/org/apache/kerberos/kdc/authentication/GenerateTicket.java Sat Sep 10 11:56:25 2005
@@ -20,7 +20,6 @@
import org.apache.kerberos.chain.Context;
import org.apache.kerberos.chain.impl.CommandBase;
-import org.apache.kerberos.crypto.RandomKey;
import org.apache.kerberos.crypto.encryption.EncryptionEngine;
import org.apache.kerberos.crypto.encryption.EncryptionEngineFactory;
import org.apache.kerberos.exceptions.ErrorType;
@@ -55,6 +54,7 @@
KerberosPrincipal ticketPrincipal = request.getServerPrincipal();
EncTicketPartModifier newTicketBody = new EncTicketPartModifier();
KdcConfiguration config = authContext.getConfig();
+ EncryptionKey sessionKey = authContext.getSessionKey();
if(request.getKdcOptions().get(KdcOptions.FORWARDABLE))
{
@@ -80,7 +80,7 @@
throw new KerberosException( ErrorType.KDC_ERR_BADOPTION );
}
- newTicketBody.setSessionKey(new RandomKey().getNewSessionKey());
+ newTicketBody.setSessionKey( sessionKey );
newTicketBody.setClientPrincipal(request.getClientPrincipal());
newTicketBody.setTransitedEncoding(new TransitedEncoding());
Added: directory/protocol-providers/kerberos/trunk/src/java/org/apache/kerberos/kdc/authentication/GetSessionKey.java
URL: http://svn.apache.org/viewcvs/directory/protocol-providers/kerberos/trunk/src/java/org/apache/kerberos/kdc/authentication/GetSessionKey.java?rev=280023&view=auto
==============================================================================
--- directory/protocol-providers/kerberos/trunk/src/java/org/apache/kerberos/kdc/authentication/GetSessionKey.java (added)
+++ directory/protocol-providers/kerberos/trunk/src/java/org/apache/kerberos/kdc/authentication/GetSessionKey.java Sat Sep 10 11:56:25 2005
@@ -0,0 +1,49 @@
+/*
+ * Copyright 2005 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.kerberos.kdc.authentication;
+
+import java.security.SecureRandom;
+
+import org.apache.kerberos.chain.Context;
+import org.apache.kerberos.crypto.encryption.EncryptionType;
+import org.apache.kerberos.messages.value.EncryptionKey;
+import org.apache.kerberos.service.DesStringToKey;
+
+public class GetSessionKey extends DesStringToKey
+{
+ private static final SecureRandom random = new SecureRandom();
+
+ public boolean execute( Context context ) throws Exception
+ {
+ AuthenticationContext authContext = (AuthenticationContext) context;
+ authContext.setSessionKey( getNewSessionKey() );
+
+ return CONTINUE_CHAIN;
+ }
+
+ private EncryptionKey getNewSessionKey()
+ {
+ byte[] confounder = new byte[ 8 ];
+
+ // SecureRandom.nextBytes is already synchronized
+ random.nextBytes( confounder );
+
+ byte[] subSessionKey = getKey( new String( confounder ) );
+
+ return new EncryptionKey( EncryptionType.DES_CBC_MD5, subSessionKey );
+ }
+}
Propchange: directory/protocol-providers/kerberos/trunk/src/java/org/apache/kerberos/kdc/authentication/GetSessionKey.java
------------------------------------------------------------------------------
svn:eol-style = native
Modified: directory/protocol-providers/kerberos/trunk/src/java/org/apache/kerberos/kdc/ticketgrant/GenerateTicket.java
URL: http://svn.apache.org/viewcvs/directory/protocol-providers/kerberos/trunk/src/java/org/apache/kerberos/kdc/ticketgrant/GenerateTicket.java?rev=280023&r1=280022&r2=280023&view=diff
==============================================================================
--- directory/protocol-providers/kerberos/trunk/src/java/org/apache/kerberos/kdc/ticketgrant/GenerateTicket.java (original)
+++ directory/protocol-providers/kerberos/trunk/src/java/org/apache/kerberos/kdc/ticketgrant/GenerateTicket.java Sat Sep 10 11:56:25 2005
@@ -25,7 +25,6 @@
import org.apache.kerberos.chain.Context;
import org.apache.kerberos.chain.impl.CommandBase;
-import org.apache.kerberos.crypto.RandomKey;
import org.apache.kerberos.crypto.encryption.EncryptionEngine;
import org.apache.kerberos.crypto.encryption.EncryptionEngineFactory;
import org.apache.kerberos.exceptions.ErrorType;
@@ -62,10 +61,7 @@
KerberosPrincipal ticketPrincipal = request.getServerPrincipal();
EncryptionKey serverKey = tgsContext.getRequestPrincipalEntry().getEncryptionKey();
KdcConfiguration config = tgsContext.getConfig();
-
- // TODO - quite possibly its own chain command
- EncryptionKey sessionKey = new RandomKey().getNewSessionKey();
- tgsContext.setSessionKey( sessionKey );
+ EncryptionKey sessionKey = tgsContext.getSessionKey();
EncTicketPartModifier newTicketBody = new EncTicketPartModifier();
Added: directory/protocol-providers/kerberos/trunk/src/java/org/apache/kerberos/kdc/ticketgrant/GetSessionKey.java
URL: http://svn.apache.org/viewcvs/directory/protocol-providers/kerberos/trunk/src/java/org/apache/kerberos/kdc/ticketgrant/GetSessionKey.java?rev=280023&view=auto
==============================================================================
--- directory/protocol-providers/kerberos/trunk/src/java/org/apache/kerberos/kdc/ticketgrant/GetSessionKey.java (added)
+++ directory/protocol-providers/kerberos/trunk/src/java/org/apache/kerberos/kdc/ticketgrant/GetSessionKey.java Sat Sep 10 11:56:25 2005
@@ -0,0 +1,49 @@
+/*
+ * Copyright 2005 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.kerberos.kdc.ticketgrant;
+
+import java.security.SecureRandom;
+
+import org.apache.kerberos.chain.Context;
+import org.apache.kerberos.crypto.encryption.EncryptionType;
+import org.apache.kerberos.messages.value.EncryptionKey;
+import org.apache.kerberos.service.DesStringToKey;
+
+public class GetSessionKey extends DesStringToKey
+{
+ private static final SecureRandom random = new SecureRandom();
+
+ public boolean execute( Context context ) throws Exception
+ {
+ TicketGrantingContext tgsContext = (TicketGrantingContext) context;
+ tgsContext.setSessionKey( getNewSessionKey() );
+
+ return CONTINUE_CHAIN;
+ }
+
+ private EncryptionKey getNewSessionKey()
+ {
+ byte[] confounder = new byte[ 8 ];
+
+ // SecureRandom.nextBytes is already synchronized
+ random.nextBytes( confounder );
+
+ byte[] subSessionKey = getKey( new String( confounder ) );
+
+ return new EncryptionKey( EncryptionType.DES_CBC_MD5, subSessionKey );
+ }
+}
Propchange: directory/protocol-providers/kerberos/trunk/src/java/org/apache/kerberos/kdc/ticketgrant/GetSessionKey.java
------------------------------------------------------------------------------
svn:eol-style = native
Modified: directory/protocol-providers/kerberos/trunk/src/java/org/apache/kerberos/kdc/ticketgrant/TicketGrantingServiceChain.java
URL: http://svn.apache.org/viewcvs/directory/protocol-providers/kerberos/trunk/src/java/org/apache/kerberos/kdc/ticketgrant/TicketGrantingServiceChain.java?rev=280023&r1=280022&r2=280023&view=diff
==============================================================================
--- directory/protocol-providers/kerberos/trunk/src/java/org/apache/kerberos/kdc/ticketgrant/TicketGrantingServiceChain.java (original)
+++ directory/protocol-providers/kerberos/trunk/src/java/org/apache/kerberos/kdc/ticketgrant/TicketGrantingServiceChain.java Sat Sep 10 11:56:25 2005
@@ -47,6 +47,7 @@
addCommand( new VerifyTgtAuthHeader() );
addCommand( new VerifyBodyChecksum() );
addCommand( new GetRequestPrincipalEntry() );
+ addCommand( new GetSessionKey() );
addCommand( new GenerateTicket() );
addCommand( new BuildReply() );