You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by er...@apache.org on 2005/02/05 01:43:22 UTC
svn commit: r151451 - in
incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos:
kdc/AuthenticationService.java sam/TimestampChecker.java
Author: erodriguez
Date: Fri Feb 4 16:43:20 2005
New Revision: 151451
URL: http://svn.apache.org/viewcvs?view=rev&rev=151451
Log:
Simplified pre-authentication verification.
Modified:
incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/AuthenticationService.java
incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/sam/TimestampChecker.java
Modified: incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/AuthenticationService.java
URL: http://svn.apache.org/viewcvs/incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/AuthenticationService.java?view=diff&r1=151450&r2=151451
==============================================================================
--- incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/AuthenticationService.java (original)
+++ incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/AuthenticationService.java Fri Feb 4 16:43:20 2005
@@ -30,7 +30,6 @@
import org.apache.kerberos.io.decoder.EncryptedTimestampDecoder;
import org.apache.kerberos.io.encoder.EncAsRepPartEncoder;
import org.apache.kerberos.io.encoder.EncTicketPartEncoder;
-import org.apache.kerberos.io.encoder.PreAuthenticationDataEncoder;
import org.apache.kerberos.kdc.store.PrincipalStore;
import org.apache.kerberos.kdc.store.PrincipalStoreEntry;
import org.apache.kerberos.messages.AuthenticationReply;
@@ -168,18 +167,12 @@
for ( int ii = 0; ii < preAuthData.length; ii++ )
{
- if ( preAuthData[ ii ].getDataType().equals( PreAuthenticationDataType.PA_ENC_TIMESTAMP ) )
+ if ( preAuthData[ii].getDataType().equals( PreAuthenticationDataType.PA_ENC_TIMESTAMP ) )
{
- PreAuthenticationDataEncoder preAuthEncoder = new PreAuthenticationDataEncoder();
- byte[] sad = preAuthEncoder.encode( preAuthData[ii] );
- KerberosKey samKey = SamSubsystem.verify( entry, sad );
+ KerberosKey samKey = SamSubsystem.verify( entry, preAuthData[ii].getDataValue() );
clientKey = new EncryptionKey( EncryptionType.getTypeByOrdinal( samKey.getKeyType() ), samKey.getEncoded() );
}
}
- }
- catch (IOException ioe)
- {
- throw KerberosException.KRB_AP_ERR_BAD_INTEGRITY;
}
catch (SamException se)
{
Modified: incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/sam/TimestampChecker.java
URL: http://svn.apache.org/viewcvs/incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/sam/TimestampChecker.java?view=diff&r1=151450&r2=151451
==============================================================================
--- incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/sam/TimestampChecker.java (original)
+++ incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/sam/TimestampChecker.java Fri Feb 4 16:43:20 2005
@@ -26,41 +26,27 @@
import org.apache.kerberos.crypto.encryption.EncryptionType;
import org.apache.kerberos.io.decoder.EncryptedDataDecoder;
import org.apache.kerberos.io.decoder.EncryptedTimestampDecoder;
-import org.apache.kerberos.io.decoder.PreAuthenticationDataDecoder;
import org.apache.kerberos.kdc.KerberosException;
import org.apache.kerberos.messages.value.EncryptedData;
import org.apache.kerberos.messages.value.EncryptedTimeStamp;
import org.apache.kerberos.messages.value.EncryptionKey;
import org.apache.kerberos.messages.value.KerberosTime;
-import org.apache.kerberos.messages.value.PreAuthenticationData;
-import org.apache.kerberos.messages.value.PreAuthenticationDataType;
-import org.apache.kerberos.sam.KeyIntegrityChecker;
public class TimestampChecker implements KeyIntegrityChecker
{
private static final long FIVE_MINUTES = 300000;
- public boolean checkKeyIntegrity( byte[] preauthData, KerberosKey kerberosKey )
+ public boolean checkKeyIntegrity( byte[] encryptedData, KerberosKey kerberosKey )
{
EncryptionType keyType = EncryptionType.getTypeByOrdinal( kerberosKey.getKeyType() );
EncryptionKey key = new EncryptionKey( keyType, kerberosKey.getEncoded() );
try
{
- // Decode the pre-authentication data from ASN.1
- PreAuthenticationDataDecoder preAuthDecoder = new PreAuthenticationDataDecoder();
- PreAuthenticationData sad = preAuthDecoder.decode( preauthData );
-
- // If this pre-auth is not an encrypted timestamp, we aren't interested
- if ( sad.getDataType() != PreAuthenticationDataType.PA_ENC_TIMESTAMP )
- {
- return false;
- }
-
// Since the pre-auth value is of type PA-ENC-TIMESTAMP, it should be a valid
// ASN.1 PA-ENC-TS-ENC structure, so we can decode it into EncryptedData.
- EncryptedData sadValue = EncryptedDataDecoder.decode( sad.getDataValue() );
+ EncryptedData sadValue = EncryptedDataDecoder.decode( encryptedData );
// Decrypt the EncryptedData structure to get the PA-ENC-TS-ENC
EncryptionEngine engine = EncryptionEngineFactory.getEncryptionEngineFor( key );