You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by el...@apache.org on 2010/11/05 00:48:50 UTC
svn commit: r1031354 [1/4] - in /directory/apacheds/trunk/kerberos-codec: ./
.settings/ src/ src/main/ src/main/java/ src/main/java/org/
src/main/java/org/apache/ src/main/java/org/apache/directory/
src/main/java/org/apache/directory/shared/ src/main/j...
Author: elecharny
Date: Thu Nov 4 23:48:49 2010
New Revision: 1031354
URL: http://svn.apache.org/viewvc?rev=1031354&view=rev
Log:
First drop of the new kerberos codec
Added:
directory/apacheds/trunk/kerberos-codec/ (with props)
directory/apacheds/trunk/kerberos-codec/.classpath
directory/apacheds/trunk/kerberos-codec/.project
directory/apacheds/trunk/kerberos-codec/.settings/
directory/apacheds/trunk/kerberos-codec/.settings/org.eclipse.jdt.core.prefs
directory/apacheds/trunk/kerberos-codec/pom.xml
directory/apacheds/trunk/kerberos-codec/src/
directory/apacheds/trunk/kerberos-codec/src/main/
directory/apacheds/trunk/kerberos-codec/src/main/java/
directory/apacheds/trunk/kerberos-codec/src/main/java/org/
directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/
directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/
directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/
directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/
directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/KerberosConstants.java
directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/KerberosMessageType.java
directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/KerberosUtils.java
directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/codec/
directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/codec/KerberosMessageContainer.java
directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/codec/KerberosMessageGrammar.java
directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/codec/KerberosStatesEnum.java
directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/components/
directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/components/EncryptedData.java
directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/components/EncryptionType.java
directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/components/PrincipalName.java
directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/components/PrincipalNameType.java
directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/exceptions/
directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/exceptions/ErrorType.java
directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/exceptions/InvalidTicketException.java
directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/exceptions/KerberosException.java
directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/messages/
directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/messages/KerberosMessage.java
directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/messages/Ticket.java
directory/apacheds/trunk/kerberos-codec/src/test/
directory/apacheds/trunk/kerberos-codec/src/test/java/
directory/apacheds/trunk/kerberos-codec/src/test/java/org/
directory/apacheds/trunk/kerberos-codec/src/test/java/org/apache/
directory/apacheds/trunk/kerberos-codec/src/test/java/org/apache/directory/
directory/apacheds/trunk/kerberos-codec/src/test/java/org/apache/directory/shared/
directory/apacheds/trunk/kerberos-codec/src/test/java/org/apache/directory/shared/kerberos/
directory/apacheds/trunk/kerberos-codec/src/test/java/org/apache/directory/shared/kerberos/codec/
directory/apacheds/trunk/kerberos-codec/src/test/java/org/apache/directory/shared/kerberos/codec/TicketDecoderTest.java
Propchange: directory/apacheds/trunk/kerberos-codec/
------------------------------------------------------------------------------
--- svn:ignore (added)
+++ svn:ignore Thu Nov 4 23:48:49 2010
@@ -0,0 +1,4 @@
+target
+.classpath
+.settings
+.project
Added: directory/apacheds/trunk/kerberos-codec/.classpath
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-codec/.classpath?rev=1031354&view=auto
==============================================================================
--- directory/apacheds/trunk/kerberos-codec/.classpath (added)
+++ directory/apacheds/trunk/kerberos-codec/.classpath Thu Nov 4 23:48:49 2010
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<classpath>
+ <classpathentry excluding="**/*.java" kind="src" path="target/maven-shared-archive-resources"/>
+ <classpathentry kind="src" path="src/main/java"/>
+ <classpathentry kind="src" path="src/test/java"/>
+ <classpathentry kind="var" path="M2_REPO/findbugs/annotations/1.0.0/annotations-1.0.0.jar"/>
+ <classpathentry kind="var" path="M2_REPO/antlr/antlr/2.7.7/antlr-2.7.7.jar"/>
+ <classpathentry kind="src" path="/apacheds-core-api"/>
+ <classpathentry kind="src" path="/apacheds-core-constants"/>
+ <classpathentry kind="src" path="/apacheds-i18n"/>
+ <classpathentry kind="src" path="/apacheds-protocol-shared"/>
+ <classpathentry kind="var" path="M2_REPO/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar" sourcepath="M2_REPO/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1-sources.jar">
+ <attributes>
+ <attribute name="javadoc_location" value="jar:file:/Users/elecharny/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1-javadoc.jar!/"/>
+ </attributes>
+ </classpathentry>
+ <classpathentry kind="var" path="M2_REPO/commons-io/commons-io/1.4/commons-io-1.4.jar" sourcepath="M2_REPO/commons-io/commons-io/1.4/commons-io-1.4-sources.jar">
+ <attributes>
+ <attribute name="javadoc_location" value="jar:file:/Users/elecharny/.m2/repository/commons-io/commons-io/1.4/commons-io-1.4-javadoc.jar!/"/>
+ </attributes>
+ </classpathentry>
+ <classpathentry kind="var" path="M2_REPO/commons-lang/commons-lang/2.5/commons-lang-2.5.jar" sourcepath="M2_REPO/commons-lang/commons-lang/2.5/commons-lang-2.5-sources.jar">
+ <attributes>
+ <attribute name="javadoc_location" value="jar:file:/Users/elecharny/.m2/repository/commons-lang/commons-lang/2.5/commons-lang-2.5-javadoc.jar!/"/>
+ </attributes>
+ </classpathentry>
+ <classpathentry kind="var" path="M2_REPO/commons-pool/commons-pool/1.5.4/commons-pool-1.5.4.jar" sourcepath="M2_REPO/commons-pool/commons-pool/1.5.4/commons-pool-1.5.4-sources.jar">
+ <attributes>
+ <attribute name="javadoc_location" value="jar:file:/Users/elecharny/.m2/repository/commons-pool/commons-pool/1.5.4/commons-pool-1.5.4-javadoc.jar!/"/>
+ </attributes>
+ </classpathentry>
+ <classpathentry kind="var" path="M2_REPO/net/sf/ehcache/ehcache-core/2.2.0/ehcache-core-2.2.0.jar" sourcepath="M2_REPO/net/sf/ehcache/ehcache-core/2.2.0/ehcache-core-2.2.0-sources.jar">
+ <attributes>
+ <attribute name="javadoc_location" value="jar:file:/Users/elecharny/.m2/repository/net/sf/ehcache/ehcache-core/2.2.0/ehcache-core-2.2.0-javadoc.jar!/"/>
+ </attributes>
+ </classpathentry>
+ <classpathentry kind="var" path="M2_REPO/junit/junit/4.8.1/junit-4.8.1.jar" sourcepath="M2_REPO/junit/junit/4.8.1/junit-4.8.1-sources.jar"/>
+ <classpathentry kind="src" path="/junit-addons"/>
+ <classpathentry kind="src" path="/ldap-client-api"/>
+ <classpathentry kind="var" path="M2_REPO/log4j/log4j/1.2.16/log4j-1.2.16.jar" sourcepath="M2_REPO/log4j/log4j/1.2.16/log4j-1.2.16-sources.jar">
+ <attributes>
+ <attribute name="javadoc_location" value="jar:file:/Users/elecharny/.m2/repository/log4j/log4j/1.2.16/log4j-1.2.16-javadoc.jar!/"/>
+ </attributes>
+ </classpathentry>
+ <classpathentry kind="var" path="M2_REPO/org/apache/mina/mina-core/2.0.1/mina-core-2.0.1.jar" sourcepath="M2_REPO/org/apache/mina/mina-core/2.0.1/mina-core-2.0.1-sources.jar">
+ <attributes>
+ <attribute name="javadoc_location" value="jar:file:/Users/elecharny/.m2/repository/org/apache/mina/mina-core/2.0.1/mina-core-2.0.1-javadoc.jar!/"/>
+ </attributes>
+ </classpathentry>
+ <classpathentry kind="src" path="/shared-i18n"/>
+ <classpathentry kind="src" path="/shared-ldap"/>
+ <classpathentry kind="src" path="/shared-ldap-schema"/>
+ <classpathentry kind="var" path="M2_REPO/org/slf4j/slf4j-api/1.5.11/slf4j-api-1.5.11.jar" sourcepath="M2_REPO/org/slf4j/slf4j-api/1.5.11/slf4j-api-1.5.11-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/slf4j/slf4j-log4j12/1.5.11/slf4j-log4j12-1.5.11.jar" sourcepath="M2_REPO/org/slf4j/slf4j-log4j12/1.5.11/slf4j-log4j12-1.5.11-sources.jar"/>
+ <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
+ <classpathentry kind="output" path="target/classes"/>
+</classpath>
Added: directory/apacheds/trunk/kerberos-codec/.project
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-codec/.project?rev=1031354&view=auto
==============================================================================
--- directory/apacheds/trunk/kerberos-codec/.project (added)
+++ directory/apacheds/trunk/kerberos-codec/.project Thu Nov 4 23:48:49 2010
@@ -0,0 +1,23 @@
+<projectDescription>
+ <name>apacheds-kerberos-codec</name>
+ <comment>The Kerberos protocol encoder/decoder module. NO_M2ECLIPSE_SUPPORT: Project files created with the maven-eclipse-plugin are not supported in M2Eclipse.</comment>
+ <projects>
+ <project>apacheds-core-api</project>
+ <project>apacheds-core-constants</project>
+ <project>apacheds-i18n</project>
+ <project>apacheds-protocol-shared</project>
+ <project>junit-addons</project>
+ <project>ldap-client-api</project>
+ <project>shared-i18n</project>
+ <project>shared-ldap</project>
+ <project>shared-ldap-schema</project>
+ </projects>
+ <buildSpec>
+ <buildCommand>
+ <name>org.eclipse.jdt.core.javabuilder</name>
+ </buildCommand>
+ </buildSpec>
+ <natures>
+ <nature>org.eclipse.jdt.core.javanature</nature>
+ </natures>
+</projectDescription>
\ No newline at end of file
Added: directory/apacheds/trunk/kerberos-codec/.settings/org.eclipse.jdt.core.prefs
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-codec/.settings/org.eclipse.jdt.core.prefs?rev=1031354&view=auto
==============================================================================
--- directory/apacheds/trunk/kerberos-codec/.settings/org.eclipse.jdt.core.prefs (added)
+++ directory/apacheds/trunk/kerberos-codec/.settings/org.eclipse.jdt.core.prefs Thu Nov 4 23:48:49 2010
@@ -0,0 +1,9 @@
+#Thu Nov 04 14:49:54 CET 2010
+encoding//src/test/java=ISO-8859-1
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.5
+eclipse.preferences.version=1
+encoding//src/test/resources=ISO-8859-1
+org.eclipse.jdt.core.compiler.source=1.5
+encoding//src/main/java=ISO-8859-1
+encoding//src/main/resources=ISO-8859-1
+org.eclipse.jdt.core.compiler.compliance=1.5
Added: directory/apacheds/trunk/kerberos-codec/pom.xml
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-codec/pom.xml?rev=1031354&view=auto
==============================================================================
--- directory/apacheds/trunk/kerberos-codec/pom.xml (added)
+++ directory/apacheds/trunk/kerberos-codec/pom.xml Thu Nov 4 23:48:49 2010
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>org.apache.directory.server</groupId>
+ <artifactId>apacheds-parent</artifactId>
+ <version>1.5.8-SNAPSHOT</version>
+ </parent>
+
+ <artifactId>apacheds-kerberos-codec</artifactId>
+ <name>ApacheDS Protocol Kerberos Codec</name>
+
+ <description>The Kerberos protocol encoder/decoder module</description>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.directory.junit</groupId>
+ <artifactId>junit-addons</artifactId>
+ <scope>test</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>${project.groupId}</groupId>
+ <artifactId>apacheds-core-api</artifactId>
+ </dependency>
+
+ <dependency>
+ <groupId>${project.groupId}</groupId>
+ <artifactId>apacheds-i18n</artifactId>
+ </dependency>
+
+ <dependency>
+ <groupId>${project.groupId}</groupId>
+ <artifactId>apacheds-protocol-shared</artifactId>
+ </dependency>
+
+ <dependency>
+ <groupId>org.apache.mina</groupId>
+ <artifactId>mina-core</artifactId>
+ </dependency>
+
+ <dependency>
+ <groupId>org.apache.directory.shared</groupId>
+ <artifactId>shared-ldap</artifactId>
+ </dependency>
+ </dependencies>
+</project>
+
Added: directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/KerberosConstants.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/KerberosConstants.java?rev=1031354&view=auto
==============================================================================
--- directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/KerberosConstants.java (added)
+++ directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/KerberosConstants.java Thu Nov 4 23:48:49 2010
@@ -0,0 +1,38 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.shared.kerberos;
+
+/**
+ * An cass to define Kerberos constants
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public class KerberosConstants
+{
+ /** The Kerberos version 5 */
+ public static final int KERBEROS_V5 = 5;
+
+ /** Ticket message's tags */
+ public static final int TICKET_TAG = 0x61;
+ public static final int TICKET_TKT_VNO_TAG = 0xA0;
+ public static final int TICKET_REALM_TAG = 0xA1;
+ public static final int TICKET_SNAME_TAG = 0xA2;
+ public static final int TICKET_ENC_PART_TAG = 0xA3;
+}
Added: directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/KerberosMessageType.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/KerberosMessageType.java?rev=1031354&view=auto
==============================================================================
--- directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/KerberosMessageType.java (added)
+++ directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/KerberosMessageType.java Thu Nov 4 23:48:49 2010
@@ -0,0 +1,122 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.shared.kerberos;
+
+/**
+ * An enum listing all the Kerberos V5 messages :
+ *
+ * AS-REQ (10) : Authentication Serveur Request
+ * AS-REP (11) : Authentication Serveur Response
+ * TGS-REQ (12) : Ticket Granting Server Request
+ * TGS-REP (13) : Ticket Granting Server Response
+ * AP-REQ (14) : Application Request
+ * AP-REP (15) : Application Response
+ * KRB-SAFE (20) : Safe (checksummed) application message
+ * KRB-PRIV (21) : Private (encrypted) application message
+ * KRB-CRED (22) : Private (encrypted) message to forward credentials
+ * ENC_AP_REP_PART (27) : Encrypted application reply part
+ * ENC_PRIV_PART (28) : Encrypted private message part
+ * KRB-ERROR (30) : A kerberos error response
+ *
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public enum KerberosMessageType
+{
+ TICKET( 1, "ticket" ),
+ AUTHENTICATOR( 2, "Authenticator" ),
+ ENC_TICKET_PART( 3, "EncTicketPart" ),
+ AS_REQ( 10, "initial authentication request" ),
+ AS_REP( 11, "initial authentication response"),
+ TGS_REQ( 12, "request for authentication based on TGT" ),
+ TGS_REP( 13, "response to authentication based on TGT" ),
+ AP_REQ( 14, "application request" ),
+ AP_REP( 15, "application response" ),
+ KRB_SAFE( 20, "safe (checksummed) application message" ),
+ KRB_PRIV( 21, "private (encrypted) application message" ),
+ KRB_CRED( 22, "private (encrypted) message to forward credentials" ),
+ ENC_AP_REP_PART( 27, "encrypted application reply part" ),
+ ENC_PRIV_PART( 28, "encrypted private message part" ),
+ KRB_ERROR( 30, "error response" );
+
+ private int value;
+ private String message;
+
+ /**
+ * Creates a new instance of KerberosMessageType.
+ */
+ private KerberosMessageType( int value, String message )
+ {
+ this.value = value;
+ this.message = message;
+ }
+
+
+ /**
+ * Get the int value for this element
+ *
+ * @return The int value of this element
+ */
+ public int getOrdinal()
+ {
+ return value;
+ }
+
+
+ /**
+ * Get the message associated with this element
+ *
+ * @return The message associated with this element
+ */
+ public String getMessage()
+ {
+ return message;
+ }
+
+
+ /**
+ * Get the instance of a KerberosMessageType from an int value
+ *
+ * @param value The int value
+ * @return A KerberosMessageType associated with this value
+ */
+ public static KerberosMessageType getTypeByOrdinal( int value )
+ {
+ switch ( value )
+ {
+ case 1 : return TICKET;
+ case 2 : return AUTHENTICATOR;
+ case 3 : return ENC_TICKET_PART;
+ case 10 : return AS_REQ;
+ case 11 : return AS_REP;
+ case 12 : return TGS_REQ;
+ case 13 : return TGS_REP;
+ case 14 : return AP_REQ;
+ case 15 : return AP_REP;
+ case 20 : return KRB_SAFE;
+ case 21 : return KRB_PRIV;
+ case 22 : return KRB_CRED;
+ case 27 : return ENC_AP_REP_PART;
+ case 28 : return ENC_PRIV_PART;
+ case 30 : return KRB_ERROR;
+ default : return null;
+ }
+ }
+}
Added: directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/KerberosUtils.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/KerberosUtils.java?rev=1031354&view=auto
==============================================================================
--- directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/KerberosUtils.java (added)
+++ directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/KerberosUtils.java Thu Nov 4 23:48:49 2010
@@ -0,0 +1,407 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.shared.kerberos;
+
+import java.text.ParseException;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Set;
+
+import javax.security.auth.kerberos.KerberosPrincipal;
+
+import org.apache.directory.server.i18n.I18n;
+import org.apache.directory.shared.kerberos.components.EncryptionType;
+import org.apache.directory.shared.kerberos.components.PrincipalName;
+import org.apache.directory.shared.ldap.util.StringTools;
+
+/**
+ * An utility class for Kerberos.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public class KerberosUtils
+{
+ /** A constant for integer optional values */
+ public static final int NULL = -1;
+
+ /** An empty list of principal names */
+ public static final List<String> EMPTY_PRINCIPAL_NAME = new ArrayList<String>();
+
+ /**
+ * Parse a KerberosPrincipal instance and return the names. The Principal name
+ * is described in RFC 1964 : <br/>
+ * <br/>
+ * This name type corresponds to the single-string representation of a<br/>
+ * Kerberos name. (Within the MIT Kerberos V5 implementation, such<br/>
+ * names are parseable with the krb5_parse_name() function.) The<br/>
+ * elements included within this name representation are as follows,<br/>
+ * proceeding from the beginning of the string:<br/>
+ * <br/>
+ * (1) One or more principal name components; if more than one<br/>
+ * principal name component is included, the components are<br/>
+ * separated by `/`. Arbitrary octets may be included within<br/>
+ * principal name components, with the following constraints and<br/>
+ * special considerations:<br/>
+ * <br/>
+ * (1a) Any occurrence of the characters `@` or `/` within a<br/>
+ * name component must be immediately preceded by the `\`<br/>
+ * quoting character, to prevent interpretation as a component<br/>
+ * or realm separator.<br/>
+ * <br/>
+ * (1b) The ASCII newline, tab, backspace, and null characters<br/>
+ * may occur directly within the component or may be<br/>
+ * represented, respectively, by `\n`, `\t`, `\b`, or `\0`.<br/>
+ * <br/>
+ * (1c) If the `\` quoting character occurs outside the contexts<br/>
+ * described in (1a) and (1b) above, the following character is<br/>
+ * interpreted literally. As a special case, this allows the<br/>
+ * doubled representation `\\` to represent a single occurrence<br/>
+ * of the quoting character.<br/>
+ * <br/>
+ * (1d) An occurrence of the `\` quoting character as the last<br/>
+ * character of a component is illegal.<br/>
+ * <br/>
+ * (2) Optionally, a `@` character, signifying that a realm name<br/>
+ * immediately follows. If no realm name element is included, the<br/>
+ * local realm name is assumed. The `/` , `:`, and null characters<br/>
+ * may not occur within a realm name; the `@`, newline, tab, and<br/>
+ * backspace characters may be included using the quoting<br/>
+ * conventions described in (1a), (1b), and (1c) above.<br/>
+ *
+ * @param principal The principal to be parsed
+ * @return The names as a List of nameComponent
+ *
+ * @throws ParseException if the name is not valid
+ */
+ public static List<String> getNames( KerberosPrincipal principal ) throws ParseException
+ {
+ if ( principal == null )
+ {
+ return EMPTY_PRINCIPAL_NAME;
+ }
+
+ String names = principal.getName();
+
+ if ( StringTools.isEmpty( names ) )
+ {
+ // Empty name...
+ return EMPTY_PRINCIPAL_NAME;
+ }
+
+ return getNames( names );
+ }
+
+ /**
+ * Parse a PrincipalName and return the names.
+ */
+ public static List<String> getNames( String principalNames ) throws ParseException
+ {
+ if ( principalNames == null )
+ {
+ return EMPTY_PRINCIPAL_NAME;
+ }
+
+ List<String> nameComponents = new ArrayList<String>();
+
+ // Start the parsing. Another State Machine :)
+ char[] chars = principalNames.toCharArray();
+
+ boolean escaped = false;
+ boolean done = false;
+ int start = 0;
+ int pos = 0;
+
+ for ( int i = 0; i < chars.length; i++ )
+ {
+ pos = i;
+
+ switch ( chars[i] )
+ {
+ case '\\' :
+ escaped = !escaped;
+ break;
+
+ case '/' :
+ if ( escaped )
+ {
+ escaped = false;
+ }
+ else
+ {
+ // We have a new name component
+ if ( i - start > 0 )
+ {
+ String nameComponent = new String( chars, start, i - start );
+ nameComponents.add( nameComponent );
+ start = i + 1;
+ }
+ else
+ {
+ throw new ParseException( I18n.err( I18n.ERR_628 ), i );
+ }
+ }
+
+ break;
+
+ case '@' :
+ if ( escaped )
+ {
+ escaped = false;
+ }
+ else
+ {
+ // We have reached the realm : let's get out
+ done = true;
+ // We have a new name component
+
+ if ( i - start > 0 )
+ {
+ String nameComponent = new String( chars, start, i - start );
+ nameComponents.add( nameComponent );
+ start = i + 1;
+ }
+ else
+ {
+ throw new ParseException( I18n.err( I18n.ERR_628 ), i );
+ }
+ }
+
+ break;
+
+ default :
+ }
+
+ if ( done )
+ {
+ break;
+ }
+ }
+
+ if ( escaped )
+ {
+ throw new ParseException( I18n.err( I18n.ERR_629 ), pos );
+ }
+
+ return nameComponents;
+ }
+
+
+ /**
+ * Constructs a KerberosPrincipal from a PrincipalName and an
+ * optional realm
+ *
+ * @param principal The principal name and type
+ * @param realm The optional realm
+ *
+ * @return A KerberosPrincipal
+ */
+ public static KerberosPrincipal getKerberosPrincipal( PrincipalName principal, String realm )
+ {
+ String name = principal.getNameString();
+
+ if ( !StringTools.isEmpty( realm ) )
+ {
+ name += '@' + realm;
+ }
+
+ return new KerberosPrincipal( name, principal.getNameType().getOrdinal() );
+ }
+
+
+ /**
+ * Get the matching encryption type from the configured types, searching
+ * into the requested types. We returns the first we find.
+ *
+ * @param requestedTypes The client encryption types
+ * @param configuredTypes The configured encryption types
+ * @return The first matching encryption type.
+ */
+ public static EncryptionType getBestEncryptionType( Set<EncryptionType> requestedTypes, Set<EncryptionType> configuredTypes )
+ {
+ for ( EncryptionType encryptionType:requestedTypes )
+ {
+ if ( configuredTypes.contains( encryptionType ) )
+ {
+ return encryptionType;
+ }
+ }
+
+ return null;
+ }
+
+
+ /**
+ * Build a list of encryptionTypes
+ *
+ * @param encryptionTypes The encryptionTypes
+ * @return A list comma separated of the encryptionTypes
+ */
+ public static String getEncryptionTypesString( Set<EncryptionType> encryptionTypes )
+ {
+ StringBuilder sb = new StringBuilder();
+ boolean isFirst = true;
+
+ for ( EncryptionType etype:encryptionTypes )
+ {
+ if ( isFirst )
+ {
+ isFirst = false;
+ }
+ else
+ {
+ sb.append( ", " );
+ }
+
+ sb.append( etype );
+ }
+
+ return sb.toString();
+ }
+
+
+ /**
+ * Verifies an AuthHeader using guidelines from RFC 1510 section A.10., "KRB_AP_REQ verification."
+ *
+ * @param authHeader
+ * @param ticket
+ * @param serverKey
+ * @param clockSkew
+ * @param replayCache
+ * @param emptyAddressesAllowed
+ * @param clientAddress
+ * @param lockBox
+ * @param authenticatorKeyUsage
+ * @param isValidate
+ * @return The authenticator.
+ * @throws KerberosException
+ *
+ public static Authenticator verifyAuthHeader( ApplicationRequest authHeader, Ticket ticket, EncryptionKey serverKey,
+ long clockSkew, ReplayCache replayCache, boolean emptyAddressesAllowed, InetAddress clientAddress,
+ CipherTextHandler lockBox, KeyUsage authenticatorKeyUsage, boolean isValidate ) throws KerberosException
+ {
+ if ( authHeader.getProtocolVersionNumber() != KerberosConstants.KERBEROS_V5 )
+ {
+ throw new KerberosException( ErrorType.KRB_AP_ERR_BADVERSION );
+ }
+
+ if ( authHeader.getMessageType() != KerberosMessageType.AP_REQ )
+ {
+ throw new KerberosException( ErrorType.KRB_AP_ERR_MSG_TYPE );
+ }
+
+ if ( authHeader.getTicket().getTktVno() != KerberosConstants.KERBEROS_V5 )
+ {
+ throw new KerberosException( ErrorType.KRB_AP_ERR_BADVERSION );
+ }
+
+ EncryptionKey ticketKey = null;
+
+ if ( authHeader.getOption( ApOptions.USE_SESSION_KEY ) )
+ {
+ ticketKey = authHeader.getTicket().getEncTicketPart().getSessionKey();
+ }
+ else
+ {
+ ticketKey = serverKey;
+ }
+
+ if ( ticketKey == null )
+ {
+ // TODO - check server key version number, skvno; requires store
+ if ( false )
+ {
+ throw new KerberosException( ErrorType.KRB_AP_ERR_BADKEYVER );
+ }
+
+ throw new KerberosException( ErrorType.KRB_AP_ERR_NOKEY );
+ }
+
+ EncTicketPart encPart = ( EncTicketPart ) lockBox.unseal( EncTicketPart.class, ticketKey, ticket.getEncPart(),
+ KeyUsage.NUMBER2 );
+ ticket.setEncTicketPart( encPart );
+
+ Authenticator authenticator = ( Authenticator ) lockBox.unseal( Authenticator.class, ticket.getEncTicketPart().getSessionKey(),
+ authHeader.getEncPart(), authenticatorKeyUsage );
+
+ if ( !authenticator.getClientPrincipal().getName().equals( ticket.getEncTicketPart().getClientPrincipal().getName() ) )
+ {
+ throw new KerberosException( ErrorType.KRB_AP_ERR_BADMATCH );
+ }
+
+ if ( ticket.getEncTicketPart().getClientAddresses() != null )
+ {
+ if ( !ticket.getEncTicketPart().getClientAddresses().contains( new HostAddress( clientAddress ) ) )
+ {
+ throw new KerberosException( ErrorType.KRB_AP_ERR_BADADDR );
+ }
+ }
+ else
+ {
+ if ( !emptyAddressesAllowed )
+ {
+ throw new KerberosException( ErrorType.KRB_AP_ERR_BADADDR );
+ }
+ }
+
+ KerberosPrincipal serverPrincipal = ticket.getServerPrincipal();
+ KerberosPrincipal clientPrincipal = authenticator.getClientPrincipal();
+ KerberosTime clientTime = authenticator.getClientTime();
+ int clientMicroSeconds = authenticator.getClientMicroSecond();
+
+ if ( replayCache.isReplay( serverPrincipal, clientPrincipal, clientTime, clientMicroSeconds ) )
+ {
+ throw new KerberosException( ErrorType.KRB_AP_ERR_REPEAT );
+ }
+
+ replayCache.save( serverPrincipal, clientPrincipal, clientTime, clientMicroSeconds );
+
+ if ( !authenticator.getClientTime().isInClockSkew( clockSkew ) )
+ {
+ throw new KerberosException( ErrorType.KRB_AP_ERR_SKEW );
+ }
+
+ /*
+ * "The server computes the age of the ticket: local (server) time minus
+ * the starttime inside the Ticket. If the starttime is later than the
+ * current time by more than the allowable clock skew, or if the INVALID
+ * flag is set in the ticket, the KRB_AP_ERR_TKT_NYV error is returned."
+ *
+ KerberosTime startTime = ( ticket.getEncTicketPart().getStartTime() != null ) ? ticket.getEncTicketPart().getStartTime() : ticket.getEncTicketPart().getAuthTime();
+
+ KerberosTime now = new KerberosTime();
+ boolean isValidStartTime = startTime.lessThan( now );
+
+ if ( !isValidStartTime || ( ticket.getEncTicketPart().getFlags().isInvalid() && !isValidate ) )
+ {
+ // it hasn't yet become valid
+ throw new KerberosException( ErrorType.KRB_AP_ERR_TKT_NYV );
+ }
+
+ // TODO - doesn't take into account skew
+ if ( !ticket.getEncTicketPart().getEndTime().greaterThan( now ) )
+ {
+ throw new KerberosException( ErrorType.KRB_AP_ERR_TKT_EXPIRED );
+ }
+
+ authHeader.setOption( ApOptions.MUTUAL_REQUIRED );
+
+ return authenticator;
+ }*/
+}
Added: directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/codec/KerberosMessageContainer.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/codec/KerberosMessageContainer.java?rev=1031354&view=auto
==============================================================================
--- directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/codec/KerberosMessageContainer.java (added)
+++ directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/codec/KerberosMessageContainer.java Thu Nov 4 23:48:49 2010
@@ -0,0 +1,81 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.shared.kerberos.codec;
+
+import org.apache.directory.shared.asn1.ber.AbstractContainer;
+import org.apache.directory.shared.kerberos.messages.KerberosMessage;
+import org.apache.directory.shared.kerberos.messages.Ticket;
+import org.apache.directory.shared.ldap.codec.LdapStatesEnum;
+
+
+/**
+ * The KerberosMessage container stores all the messages decoded by the Asn1Decoder.
+ * When dealing with an incoding PDU, we will obtain a KerberosMessage in the
+ * container.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public class KerberosMessageContainer extends AbstractContainer
+{
+ /** The internal kerberos message */
+ private KerberosMessage message;
+
+ /**
+ * Creates a new KerberosMessageContainer object. We will store ten grammars,
+ * it's enough ...
+ */
+ public KerberosMessageContainer()
+ {
+ super();
+ this.stateStack = new int[10];
+ this.grammar = KerberosMessageGrammar.getInstance();
+ setTransition( LdapStatesEnum.START_STATE );
+ }
+
+
+ /**
+ * @return Returns the KerberosMessage.
+ */
+ public KerberosMessage getMessage()
+ {
+ return message;
+ }
+
+
+ /**
+ * @return Returns the Ticket.
+ */
+ public Ticket getTicket()
+ {
+ return (Ticket)message;
+ }
+
+
+ /**
+ * Set a Message Object into the container. It will be completed by the
+ * KerberosDecoder.
+ *
+ * @param message The message to set.
+ */
+ public void setMessage( KerberosMessage message )
+ {
+ this.message = message;
+ }
+}