You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by er...@apache.org on 2005/02/05 01:43:22 UTC

svn commit: r151451 - in incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos: kdc/AuthenticationService.java sam/TimestampChecker.java

Author: erodriguez
Date: Fri Feb  4 16:43:20 2005
New Revision: 151451

URL: http://svn.apache.org/viewcvs?view=rev&rev=151451
Log:
Simplified pre-authentication verification.

Modified:
    incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/AuthenticationService.java
    incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/sam/TimestampChecker.java

Modified: incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/AuthenticationService.java
URL: http://svn.apache.org/viewcvs/incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/AuthenticationService.java?view=diff&r1=151450&r2=151451
==============================================================================
--- incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/AuthenticationService.java (original)
+++ incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/AuthenticationService.java Fri Feb  4 16:43:20 2005
@@ -30,7 +30,6 @@
 import org.apache.kerberos.io.decoder.EncryptedTimestampDecoder;
 import org.apache.kerberos.io.encoder.EncAsRepPartEncoder;
 import org.apache.kerberos.io.encoder.EncTicketPartEncoder;
-import org.apache.kerberos.io.encoder.PreAuthenticationDataEncoder;
 import org.apache.kerberos.kdc.store.PrincipalStore;
 import org.apache.kerberos.kdc.store.PrincipalStoreEntry;
 import org.apache.kerberos.messages.AuthenticationReply;
@@ -168,18 +167,12 @@
 		        
 			    for ( int ii = 0; ii < preAuthData.length; ii++ )
 			    {
-			        if ( preAuthData[ ii ].getDataType().equals( PreAuthenticationDataType.PA_ENC_TIMESTAMP ) )
+			        if ( preAuthData[ii].getDataType().equals( PreAuthenticationDataType.PA_ENC_TIMESTAMP ) )
 			        {
-		    		    PreAuthenticationDataEncoder preAuthEncoder = new PreAuthenticationDataEncoder();
-		    	        byte[] sad = preAuthEncoder.encode( preAuthData[ii] );
-		    		    KerberosKey samKey = SamSubsystem.verify( entry, sad );
+		    		    KerberosKey samKey = SamSubsystem.verify( entry, preAuthData[ii].getDataValue() );
 		    		    clientKey = new EncryptionKey( EncryptionType.getTypeByOrdinal( samKey.getKeyType() ), samKey.getEncoded() );
 			        }
 			    }
-		    }
-		    catch (IOException ioe)
-		    {
-    		    throw KerberosException.KRB_AP_ERR_BAD_INTEGRITY;
 		    }
 		    catch (SamException se)
 		    {

Modified: incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/sam/TimestampChecker.java
URL: http://svn.apache.org/viewcvs/incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/sam/TimestampChecker.java?view=diff&r1=151450&r2=151451
==============================================================================
--- incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/sam/TimestampChecker.java (original)
+++ incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/sam/TimestampChecker.java Fri Feb  4 16:43:20 2005
@@ -26,41 +26,27 @@
 import org.apache.kerberos.crypto.encryption.EncryptionType;
 import org.apache.kerberos.io.decoder.EncryptedDataDecoder;
 import org.apache.kerberos.io.decoder.EncryptedTimestampDecoder;
-import org.apache.kerberos.io.decoder.PreAuthenticationDataDecoder;
 import org.apache.kerberos.kdc.KerberosException;
 import org.apache.kerberos.messages.value.EncryptedData;
 import org.apache.kerberos.messages.value.EncryptedTimeStamp;
 import org.apache.kerberos.messages.value.EncryptionKey;
 import org.apache.kerberos.messages.value.KerberosTime;
-import org.apache.kerberos.messages.value.PreAuthenticationData;
-import org.apache.kerberos.messages.value.PreAuthenticationDataType;
-import org.apache.kerberos.sam.KeyIntegrityChecker;
 
 
 public class TimestampChecker implements KeyIntegrityChecker
 {
     private static final long FIVE_MINUTES = 300000;
     
-    public boolean checkKeyIntegrity( byte[] preauthData, KerberosKey kerberosKey )
+    public boolean checkKeyIntegrity( byte[] encryptedData, KerberosKey kerberosKey )
     {
         EncryptionType keyType = EncryptionType.getTypeByOrdinal( kerberosKey.getKeyType() );
         EncryptionKey key = new EncryptionKey( keyType, kerberosKey.getEncoded() );
         
         try
         {
-	        // Decode the pre-authentication data from ASN.1
-	        PreAuthenticationDataDecoder preAuthDecoder = new PreAuthenticationDataDecoder();
-	        PreAuthenticationData sad = preAuthDecoder.decode( preauthData );
-	        
-	        // If this pre-auth is not an encrypted timestamp, we aren't interested
-	        if ( sad.getDataType() != PreAuthenticationDataType.PA_ENC_TIMESTAMP )
-	        {
-	            return false;
-	        }
-	        
 	        // Since the pre-auth value is of type PA-ENC-TIMESTAMP, it should be a valid
 	        // ASN.1 PA-ENC-TS-ENC structure, so we can decode it into EncryptedData.
-	        EncryptedData sadValue = EncryptedDataDecoder.decode( sad.getDataValue() );
+	        EncryptedData sadValue = EncryptedDataDecoder.decode( encryptedData );
 	        
 	        // Decrypt the EncryptedData structure to get the PA-ENC-TS-ENC
             EncryptionEngine engine = EncryptionEngineFactory.getEncryptionEngineFor( key );