You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by er...@apache.org on 2005/08/28 06:06:33 UTC
svn commit: r263815 - in
/directory/shared/kerberos/branches/refactor-to-chain/common/src/java/org/apache/kerberos/service:
VerifyAuthHeader.java VerifyTicket.java
Author: erodriguez
Date: Sat Aug 27 21:06:28 2005
New Revision: 263815
URL: http://svn.apache.org/viewcvs?rev=263815&view=rev
Log:
Better dependency management
o config to long clock skew
o config to String primary realm
Modified:
directory/shared/kerberos/branches/refactor-to-chain/common/src/java/org/apache/kerberos/service/VerifyAuthHeader.java
directory/shared/kerberos/branches/refactor-to-chain/common/src/java/org/apache/kerberos/service/VerifyTicket.java
Modified: directory/shared/kerberos/branches/refactor-to-chain/common/src/java/org/apache/kerberos/service/VerifyAuthHeader.java
URL: http://svn.apache.org/viewcvs/directory/shared/kerberos/branches/refactor-to-chain/common/src/java/org/apache/kerberos/service/VerifyAuthHeader.java?rev=263815&r1=263814&r2=263815&view=diff
==============================================================================
--- directory/shared/kerberos/branches/refactor-to-chain/common/src/java/org/apache/kerberos/service/VerifyAuthHeader.java (original)
+++ directory/shared/kerberos/branches/refactor-to-chain/common/src/java/org/apache/kerberos/service/VerifyAuthHeader.java Sat Aug 27 21:06:28 2005
@@ -43,7 +43,7 @@
{
// RFC 1510 A.10. KRB_AP_REQ verification
public Authenticator verifyAuthHeader( ApplicationRequest authHeader, Ticket ticket,
- EncryptionKey serverKey, KdcConfiguration config, ReplayCache replayCache )
+ EncryptionKey serverKey, long clockSkew, ReplayCache replayCache )
throws KerberosException, IOException
{
if ( authHeader.getProtocolVersionNumber() != 5 )
@@ -138,13 +138,13 @@
replayCache.save( authenticator.getClientTime(), authenticator.getClientPrincipal() );
- if ( !authenticator.getClientTime().isInClockSkew( config.getClockSkew() ) )
+ if ( !authenticator.getClientTime().isInClockSkew( clockSkew ) )
{
throw new KerberosException( ErrorType.KRB_AP_ERR_SKEW );
}
if ( ticket.getStartTime() != null
- && !ticket.getStartTime().isInClockSkew( config.getClockSkew() )
+ && !ticket.getStartTime().isInClockSkew( clockSkew )
|| ticket.getFlag( TicketFlags.INVALID ) )
{
// it hasn't yet become valid
Modified: directory/shared/kerberos/branches/refactor-to-chain/common/src/java/org/apache/kerberos/service/VerifyTicket.java
URL: http://svn.apache.org/viewcvs/directory/shared/kerberos/branches/refactor-to-chain/common/src/java/org/apache/kerberos/service/VerifyTicket.java?rev=263815&r1=263814&r2=263815&view=diff
==============================================================================
--- directory/shared/kerberos/branches/refactor-to-chain/common/src/java/org/apache/kerberos/service/VerifyTicket.java (original)
+++ directory/shared/kerberos/branches/refactor-to-chain/common/src/java/org/apache/kerberos/service/VerifyTicket.java Sat Aug 27 21:06:28 2005
@@ -28,9 +28,9 @@
*/
public abstract class VerifyTicket extends CommandBase
{
- public void verifyTicket( KdcConfiguration config, Ticket ticket, KerberosPrincipal serverPrincipal ) throws Exception
+ public void verifyTicket( Ticket ticket, String primaryRealm, KerberosPrincipal serverPrincipal ) throws Exception
{
- if ( !ticket.getRealm().equals( config.getPrimaryRealm() )
+ if ( !ticket.getRealm().equals( primaryRealm )
&& !ticket.getServerPrincipal().equals( serverPrincipal ) )
{
throw new KerberosException( ErrorType.KRB_AP_ERR_NOT_US );