You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by el...@apache.org on 2010/12/09 01:12:08 UTC
svn commit: r1043790 [1/6] - in /directory/apacheds/trunk/protocol-kerberos:
./ src/main/java/org/apache/directory/server/kerberos/kdc/
src/main/java/org/apache/directory/server/kerberos/kdc/authentication/
src/main/java/org/apache/directory/server/ker...
Author: elecharny
Date: Thu Dec 9 00:12:07 2010
New Revision: 1043790
URL: http://svn.apache.org/viewvc?rev=1043790&view=rev
Log:
Merged the kerberos-codec branch
Removed:
directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/protocol/KerberosTcpDecoder.java
directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/protocol/KerberosTcpEncoder.java
directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/protocol/KerberosTcpProtocolCodecFactory.java
directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/protocol/KerberosUdpDecoder.java
directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/protocol/KerberosUdpEncoder.java
directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/protocol/KerberosUdpProtocolCodecFactory.java
Modified:
directory/apacheds/trunk/protocol-kerberos/ (props changed)
directory/apacheds/trunk/protocol-kerberos/pom.xml
directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/KdcContext.java
directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/KdcServer.java
directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationContext.java
directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationService.java
directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/TicketGrantingContext.java
directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/TicketGrantingService.java
directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/protocol/KerberosProtocolHandler.java
directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/sam/SamException.java
directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/sam/SamSubsystem.java
directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/sam/SamVerifier.java
directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/sam/TimestampChecker.java
directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/AbstractAuthenticationServiceTest.java
directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/AbstractTicketGrantingServiceTest.java
directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/AuthenticationEncryptionTypeTest.java
directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/AuthenticationPolicyTest.java
directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/AuthenticationServiceTest.java
directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/EncTktInSkeyTest.java
directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/MapPrincipalStoreImpl.java
directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/PreAuthenticationTest.java
directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/TicketGrantingEncryptionTypeTest.java
directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/TicketGrantingPolicyTest.java
directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/TicketGrantingServiceTest.java
Propchange: directory/apacheds/trunk/protocol-kerberos/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Thu Dec 9 00:12:07 2010
@@ -1,3 +1,4 @@
/directory/apacheds/branches/apacheds-codec-merge/protocol-kerberos:982369-987590
/directory/apacheds/branches/apacheds-config/protocol-kerberos:1023442-1029077
/directory/apacheds/branches/apacheds-dnfactory-experiment/protocol-kerberos:980138-980936
+/directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-kerberos:1040956-1043765
Modified: directory/apacheds/trunk/protocol-kerberos/pom.xml
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-kerberos/pom.xml?rev=1043790&r1=1043789&r2=1043790&view=diff
==============================================================================
--- directory/apacheds/trunk/protocol-kerberos/pom.xml (original)
+++ directory/apacheds/trunk/protocol-kerberos/pom.xml Thu Dec 9 00:12:07 2010
@@ -49,7 +49,7 @@
<dependency>
<groupId>${project.groupId}</groupId>
- <artifactId>apacheds-kerberos-shared</artifactId>
+ <artifactId>apacheds-kerberos-codec</artifactId>
</dependency>
<dependency>
Modified: directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/KdcContext.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/KdcContext.java?rev=1043790&r1=1043789&r2=1043790&view=diff
==============================================================================
--- directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/KdcContext.java (original)
+++ directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/KdcContext.java Thu Dec 9 00:12:07 2010
@@ -23,10 +23,10 @@ package org.apache.directory.server.kerb
import java.net.InetAddress;
import org.apache.directory.server.kerberos.shared.crypto.encryption.CipherTextHandler;
-import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
-import org.apache.directory.server.kerberos.shared.messages.KdcRequest;
-import org.apache.directory.server.kerberos.shared.messages.KerberosMessage;
import org.apache.directory.server.kerberos.shared.store.PrincipalStore;
+import org.apache.directory.shared.kerberos.codec.types.EncryptionType;
+import org.apache.directory.shared.kerberos.components.KdcReq;
+import org.apache.directory.shared.kerberos.messages.KerberosMessage;
/**
@@ -38,7 +38,7 @@ public class KdcContext
private KdcServer config;
private PrincipalStore store;
- private KdcRequest request;
+ private KdcReq request;
private KerberosMessage reply;
private InetAddress clientAddress;
private CipherTextHandler cipherTextHandler;
@@ -84,7 +84,7 @@ public class KdcContext
/**
* @return Returns the request.
*/
- public KdcRequest getRequest()
+ public KdcReq getRequest()
{
return request;
}
@@ -93,7 +93,7 @@ public class KdcContext
/**
* @param request The request to set.
*/
- public void setRequest( KdcRequest request )
+ public void setRequest( KdcReq request )
{
this.request = request;
}
Modified: directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/KdcServer.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/KdcServer.java?rev=1043790&r1=1043789&r2=1043790&view=diff
==============================================================================
--- directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/KdcServer.java (original)
+++ directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/KdcServer.java Thu Dec 9 00:12:07 2010
@@ -26,17 +26,20 @@ import java.util.Set;
import javax.security.auth.kerberos.KerberosPrincipal;
+import net.sf.ehcache.Cache;
+
import org.apache.directory.server.constants.ServerDNConstants;
+import org.apache.directory.server.kerberos.protocol.KerberosProtocolCodecFactory;
import org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler;
-import org.apache.directory.server.kerberos.protocol.KerberosTcpProtocolCodecFactory;
-import org.apache.directory.server.kerberos.protocol.KerberosUdpProtocolCodecFactory;
-import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
+import org.apache.directory.server.kerberos.shared.replay.ReplayCache;
+import org.apache.directory.server.kerberos.shared.replay.ReplayCacheImpl;
import org.apache.directory.server.kerberos.shared.store.DirectoryPrincipalStore;
import org.apache.directory.server.kerberos.shared.store.PrincipalStore;
import org.apache.directory.server.protocol.shared.DirectoryBackedService;
import org.apache.directory.server.protocol.shared.transport.TcpTransport;
import org.apache.directory.server.protocol.shared.transport.Transport;
import org.apache.directory.server.protocol.shared.transport.UdpTransport;
+import org.apache.directory.shared.kerberos.codec.types.EncryptionType;
import org.apache.directory.shared.ldap.exception.LdapInvalidDnException;
import org.apache.directory.shared.ldap.name.DN;
import org.apache.mina.core.filterchain.DefaultIoFilterChainBuilder;
@@ -150,6 +153,8 @@ public class KdcServer extends Directory
/** Whether to verify the body checksum. */
private boolean isBodyChecksumVerified = DEFAULT_VERIFY_BODY_CHECKSUM;
+ /** the cache used for storing AS and TGS requests */
+ private ReplayCache replayCache;
/**
* Creates a new instance of KdcConfiguration.
@@ -430,6 +435,15 @@ public class KdcServer extends Directory
/**
+ * @return the replayCache
+ */
+ public ReplayCache getReplayCache()
+ {
+ return replayCache;
+ }
+
+
+ /**
* @throws IOException if we cannot bind to the sockets
*/
public void start() throws IOException, LdapInvalidDnException
@@ -439,6 +453,11 @@ public class KdcServer extends Directory
// TODO - for now ignoring this catalog crap
store = new DirectoryPrincipalStore( getDirectoryService(), new DN(this.getSearchBaseDn()) );
+ LOG.debug( "initializing the kerberos replay cache" );
+
+ Cache cache = getDirectoryService().getCacheService().getCache( "kdcReplayCache" );
+ replayCache = new ReplayCacheImpl( cache, allowableClockSkew );
+
if ( ( transports == null ) || ( transports.size() == 0 ) )
{
// Default to UDP with port 88
@@ -453,7 +472,7 @@ public class KdcServer extends Directory
((DefaultIoFilterChainBuilder)udpChainBuilder).addFirst( "codec",
new ProtocolCodecFilter(
- KerberosUdpProtocolCodecFactory.getInstance() ) );
+ KerberosProtocolCodecFactory.getInstance() ) );
acceptor.setFilterChainBuilder( udpChainBuilder );
@@ -485,19 +504,12 @@ public class KdcServer extends Directory
// Allow the port to be reused even if the socket is in TIME_WAIT state
((NioSocketAcceptor)acceptor).setReuseAddress( true );
-
- // Inject the codec
- ((DefaultIoFilterChainBuilder)chainBuilder).addFirst( "codec",
- new ProtocolCodecFilter(
- KerberosTcpProtocolCodecFactory.getInstance() ) );
- }
- else
- {
- // Inject the codec
- ((DefaultIoFilterChainBuilder)chainBuilder).addFirst( "codec",
- new ProtocolCodecFilter(
- KerberosUdpProtocolCodecFactory.getInstance() ) );
}
+
+ // Inject the codec
+ ((DefaultIoFilterChainBuilder)chainBuilder).addFirst( "codec",
+ new ProtocolCodecFilter(
+ KerberosProtocolCodecFactory.getInstance() ) );
acceptor.setFilterChainBuilder( chainBuilder );
@@ -524,6 +536,11 @@ public class KdcServer extends Directory
acceptor.dispose();
}
}
+
+ if ( replayCache != null )
+ {
+ replayCache.clear();
+ }
LOG.info( "Kerberos service stopped." );
}
Modified: directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationContext.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationContext.java?rev=1043790&r1=1043789&r2=1043790&view=diff
==============================================================================
--- directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationContext.java (original)
+++ directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationContext.java Thu Dec 9 00:12:07 2010
@@ -21,10 +21,10 @@ package org.apache.directory.server.kerb
import org.apache.directory.server.kerberos.kdc.KdcContext;
-import org.apache.directory.server.kerberos.shared.messages.components.Ticket;
-import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
import org.apache.directory.server.kerberos.shared.replay.ReplayCache;
import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntry;
+import org.apache.directory.shared.kerberos.components.EncryptionKey;
+import org.apache.directory.shared.kerberos.messages.Ticket;
/**
@@ -102,24 +102,6 @@ public class AuthenticationContext exten
/**
- * @return Returns the replayCache.
- */
- public ReplayCache getReplayCache()
- {
- return replayCache;
- }
-
-
- /**
- * @param replayCache The replayCache to set.
- */
- public void setReplayCache( ReplayCache replayCache )
- {
- this.replayCache = replayCache;
- }
-
-
- /**
* @return Returns the clientKey.
*/
public EncryptionKey getClientKey()
Modified: directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationService.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationService.java?rev=1043790&r1=1043789&r2=1043790&view=diff
==============================================================================
--- directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationService.java (original)
+++ directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationService.java Thu Dec 9 00:12:07 2010
@@ -20,9 +20,10 @@
package org.apache.directory.server.kerberos.kdc.authentication;
-import java.io.IOException;
import java.net.InetAddress;
+import java.nio.ByteBuffer;
import java.util.Date;
+import java.util.List;
import java.util.Set;
import javax.security.auth.kerberos.KerberosKey;
@@ -31,41 +32,44 @@ import javax.security.auth.kerberos.Kerb
import org.apache.directory.server.i18n.I18n;
import org.apache.directory.server.kerberos.kdc.KdcContext;
import org.apache.directory.server.kerberos.kdc.KdcServer;
+import org.apache.directory.server.kerberos.protocol.KerberosDecoder;
import org.apache.directory.server.kerberos.sam.SamException;
import org.apache.directory.server.kerberos.sam.SamSubsystem;
-import org.apache.directory.server.kerberos.shared.KerberosConstants;
-import org.apache.directory.server.kerberos.shared.KerberosUtils;
import org.apache.directory.server.kerberos.shared.crypto.encryption.CipherTextHandler;
-import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
import org.apache.directory.server.kerberos.shared.crypto.encryption.KeyUsage;
import org.apache.directory.server.kerberos.shared.crypto.encryption.RandomKeyFactory;
-import org.apache.directory.server.kerberos.shared.exceptions.ErrorType;
-import org.apache.directory.server.kerberos.shared.exceptions.KerberosException;
-import org.apache.directory.server.kerberos.shared.io.decoder.EncryptedDataDecoder;
-import org.apache.directory.server.kerberos.shared.io.encoder.EncryptionTypeInfoEncoder;
-import org.apache.directory.server.kerberos.shared.io.encoder.PreAuthenticationDataEncoder;
-import org.apache.directory.server.kerberos.shared.messages.AuthenticationReply;
-import org.apache.directory.server.kerberos.shared.messages.KdcReply;
-import org.apache.directory.server.kerberos.shared.messages.KdcRequest;
-import org.apache.directory.server.kerberos.shared.messages.components.EncTicketPart;
-import org.apache.directory.server.kerberos.shared.messages.components.EncTicketPartModifier;
-import org.apache.directory.server.kerberos.shared.messages.components.InvalidTicketException;
-import org.apache.directory.server.kerberos.shared.messages.components.Ticket;
-import org.apache.directory.server.kerberos.shared.messages.value.EncryptedData;
-import org.apache.directory.server.kerberos.shared.messages.value.EncryptedTimeStamp;
-import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
-import org.apache.directory.server.kerberos.shared.messages.value.EncryptionTypeInfoEntry;
-import org.apache.directory.server.kerberos.shared.messages.value.KdcOptions;
-import org.apache.directory.server.kerberos.shared.messages.value.KerberosTime;
-import org.apache.directory.server.kerberos.shared.messages.value.LastRequest;
-import org.apache.directory.server.kerberos.shared.messages.value.PaData;
-import org.apache.directory.server.kerberos.shared.messages.value.TransitedEncoding;
-import org.apache.directory.server.kerberos.shared.messages.value.flags.TicketFlag;
-import org.apache.directory.server.kerberos.shared.messages.value.types.PaDataType;
-import org.apache.directory.server.kerberos.shared.replay.InMemoryReplayCache;
-import org.apache.directory.server.kerberos.shared.replay.ReplayCache;
import org.apache.directory.server.kerberos.shared.store.PrincipalStore;
import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntry;
+import org.apache.directory.shared.asn1.codec.EncoderException;
+import org.apache.directory.shared.kerberos.KerberosConstants;
+import org.apache.directory.shared.kerberos.KerberosTime;
+import org.apache.directory.shared.kerberos.KerberosUtils;
+import org.apache.directory.shared.kerberos.codec.options.KdcOptions;
+import org.apache.directory.shared.kerberos.codec.types.EncryptionType;
+import org.apache.directory.shared.kerberos.codec.types.LastReqType;
+import org.apache.directory.shared.kerberos.codec.types.PaDataType;
+import org.apache.directory.shared.kerberos.components.ETypeInfo;
+import org.apache.directory.shared.kerberos.components.ETypeInfoEntry;
+import org.apache.directory.shared.kerberos.components.EncKdcRepPart;
+import org.apache.directory.shared.kerberos.components.EncTicketPart;
+import org.apache.directory.shared.kerberos.components.EncryptedData;
+import org.apache.directory.shared.kerberos.components.EncryptionKey;
+import org.apache.directory.shared.kerberos.components.KdcReq;
+import org.apache.directory.shared.kerberos.components.LastReq;
+import org.apache.directory.shared.kerberos.components.LastReqEntry;
+import org.apache.directory.shared.kerberos.components.MethodData;
+import org.apache.directory.shared.kerberos.components.PaData;
+import org.apache.directory.shared.kerberos.components.PaEncTsEnc;
+import org.apache.directory.shared.kerberos.components.PrincipalName;
+import org.apache.directory.shared.kerberos.components.TransitedEncoding;
+import org.apache.directory.shared.kerberos.exceptions.ErrorType;
+import org.apache.directory.shared.kerberos.exceptions.InvalidTicketException;
+import org.apache.directory.shared.kerberos.exceptions.KerberosException;
+import org.apache.directory.shared.kerberos.flags.TicketFlag;
+import org.apache.directory.shared.kerberos.flags.TicketFlags;
+import org.apache.directory.shared.kerberos.messages.AsRep;
+import org.apache.directory.shared.kerberos.messages.EncAsRepPart;
+import org.apache.directory.shared.kerberos.messages.Ticket;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -78,7 +82,6 @@ public class AuthenticationService
/** The log for this class. */
private static final Logger LOG = LoggerFactory.getLogger( AuthenticationService.class );
- private static final ReplayCache replayCache = new InMemoryReplayCache();
private static final CipherTextHandler cipherTextHandler = new CipherTextHandler();
private static final String SERVICE_NAME = "Authentication Service (AS)";
@@ -91,7 +94,6 @@ public class AuthenticationService
monitorRequest( authContext );
}
- authContext.setReplayCache( replayCache );
authContext.setCipherTextHandler( cipherTextHandler );
if ( authContext.getRequest().getProtocolVersionNumber() != KerberosConstants.KERBEROS_V5 )
@@ -113,14 +115,6 @@ public class AuthenticationService
getServerEntry( authContext );
generateTicket( authContext );
buildReply( authContext );
-
- if ( LOG.isDebugEnabled() )
- {
- monitorContext( authContext );
- monitorReply( ( KdcContext ) authContext );
- }
-
- sealReply( authContext );
}
@@ -129,7 +123,7 @@ public class AuthenticationService
KdcContext kdcContext = ( KdcContext ) authContext;
KdcServer config = kdcContext.getConfig();
- Set<EncryptionType> requestedTypes = kdcContext.getRequest().getEType();
+ Set<EncryptionType> requestedTypes = kdcContext.getRequest().getKdcReqBody().getEType();
EncryptionType bestType = KerberosUtils.getBestEncryptionType( requestedTypes, config.getEncryptionTypes() );
@@ -146,7 +140,8 @@ public class AuthenticationService
private static void getClientEntry( AuthenticationContext authContext ) throws KerberosException, InvalidTicketException
{
- KerberosPrincipal principal = authContext.getRequest().getClientPrincipal();
+ KerberosPrincipal principal = KerberosUtils.getKerberosPrincipal(
+ authContext.getRequest().getKdcReqBody().getCName(), authContext.getRequest().getKdcReqBody().getRealm() );
PrincipalStore store = authContext.getStore();
PrincipalStoreEntry storeEntry = getEntry( principal, store, ErrorType.KDC_ERR_C_PRINCIPAL_UNKNOWN );
@@ -178,7 +173,7 @@ public class AuthenticationService
private static void verifySam( AuthenticationContext authContext ) throws KerberosException, InvalidTicketException
{
LOG.debug( "Verifying using SAM subsystem." );
- KdcRequest request = authContext.getRequest();
+ KdcReq request = authContext.getRequest();
KdcServer config = authContext.getConfig();
PrincipalStoreEntry clientEntry = authContext.getClientEntry();
@@ -193,9 +188,9 @@ public class AuthenticationService
LOG.debug( "Entry for client principal {} has a valid SAM type. Invoking SAM subsystem for pre-authentication.", clientName );
}
- PaData[] preAuthData = request.getPreAuthData();
+ List<PaData> preAuthData = request.getPaData();
- if ( preAuthData == null || preAuthData.length == 0 )
+ if ( preAuthData == null || preAuthData.size() == 0 )
{
throw new KerberosException( ErrorType.KDC_ERR_PREAUTH_REQUIRED, preparePreAuthenticationError( config
.getEncryptionTypes() ) );
@@ -203,13 +198,13 @@ public class AuthenticationService
try
{
- for ( int ii = 0; ii < preAuthData.length; ii++ )
+ for ( PaData paData : preAuthData )
{
- if ( preAuthData[ii].getPaDataType().equals( PaDataType.PA_ENC_TIMESTAMP ) )
+ if ( paData.getPaDataType().equals( PaDataType.PA_ENC_TIMESTAMP ) )
{
KerberosKey samKey = SamSubsystem.getInstance().verify( clientEntry,
- preAuthData[ii].getPaDataValue() );
- clientKey = new EncryptionKey( EncryptionType.getTypeByOrdinal( samKey.getKeyType() ), samKey
+ paData.getPaDataValue() );
+ clientKey = new EncryptionKey( EncryptionType.getTypeByValue( samKey.getKeyType() ), samKey
.getEncoded() );
}
}
@@ -235,7 +230,7 @@ public class AuthenticationService
LOG.debug( "Verifying using encrypted timestamp." );
KdcServer config = authContext.getConfig();
- KdcRequest request = authContext.getRequest();
+ KdcReq request = authContext.getRequest();
CipherTextHandler cipherTextHandler = authContext.getCipherTextHandler();
PrincipalStoreEntry clientEntry = authContext.getClientEntry();
String clientName = clientEntry.getPrincipal().getName();
@@ -261,7 +256,7 @@ public class AuthenticationService
if ( config.isPaEncTimestampRequired() )
{
- PaData[] preAuthData = request.getPreAuthData();
+ List<PaData> preAuthData = request.getPaData();
if ( preAuthData == null )
{
@@ -269,33 +264,19 @@ public class AuthenticationService
preparePreAuthenticationError( config.getEncryptionTypes() ) );
}
- EncryptedTimeStamp timestamp = null;
+ PaEncTsEnc timestamp = null;
- for ( int ii = 0; ii < preAuthData.length; ii++ )
+ for ( PaData paData : preAuthData )
{
- if ( preAuthData[ii].getPaDataType().equals( PaDataType.PA_ENC_TIMESTAMP ) )
+ if ( paData.getPaDataType().equals( PaDataType.PA_ENC_TIMESTAMP ) )
{
- EncryptedData dataValue;
-
- try
- {
- dataValue = EncryptedDataDecoder.decode( preAuthData[ii].getPaDataValue() );
- }
- catch ( IOException ioe )
- {
- throw new KerberosException( ErrorType.KRB_AP_ERR_BAD_INTEGRITY, ioe );
- }
- catch ( ClassCastException cce )
- {
- throw new KerberosException( ErrorType.KRB_AP_ERR_BAD_INTEGRITY, cce );
- }
-
- timestamp = ( EncryptedTimeStamp ) cipherTextHandler.unseal( EncryptedTimeStamp.class,
- clientKey, dataValue, KeyUsage.NUMBER1 );
+ EncryptedData dataValue = KerberosDecoder.decodeEncryptedData( paData.getPaDataValue() );
+ byte[] decryptedData = cipherTextHandler.decrypt( clientKey, dataValue, KeyUsage.AS_REQ_PA_ENC_TIMESTAMP_WITH_CKEY );
+ timestamp = KerberosDecoder.decodePaEncTsEnc( decryptedData );
}
}
- if ( preAuthData.length > 0 && timestamp == null )
+ if ( ( preAuthData.size() > 0 ) && ( timestamp == null ) )
{
throw new KerberosException( ErrorType.KDC_ERR_PADATA_TYPE_NOSUPP );
}
@@ -306,7 +287,7 @@ public class AuthenticationService
preparePreAuthenticationError( config.getEncryptionTypes() ) );
}
- if ( !timestamp.getTimeStamp().isInClockSkew( config.getAllowableClockSkew() ) )
+ if ( !timestamp.getPaTimestamp().isInClockSkew( config.getAllowableClockSkew() ) )
{
throw new KerberosException( ErrorType.KDC_ERR_PREAUTH_FAILED );
}
@@ -333,83 +314,91 @@ public class AuthenticationService
private static void getServerEntry( AuthenticationContext authContext ) throws KerberosException, InvalidTicketException
{
- KerberosPrincipal principal = authContext.getRequest().getServerPrincipal();
+ PrincipalName principal = authContext.getRequest().getKdcReqBody().getSName();
PrincipalStore store = authContext.getStore();
- authContext.setServerEntry( getEntry( principal, store, ErrorType.KDC_ERR_S_PRINCIPAL_UNKNOWN ) );
+ KerberosPrincipal principalWithRealm = new KerberosPrincipal( principal.getNameString() + "@" + authContext.getRequest().getKdcReqBody().getRealm() );
+ authContext.setServerEntry( getEntry( principalWithRealm, store, ErrorType.KDC_ERR_S_PRINCIPAL_UNKNOWN ) );
}
private static void generateTicket( AuthenticationContext authContext ) throws KerberosException, InvalidTicketException
{
- KdcRequest request = authContext.getRequest();
+ KdcReq request = authContext.getRequest();
CipherTextHandler cipherTextHandler = authContext.getCipherTextHandler();
- KerberosPrincipal serverPrincipal = request.getServerPrincipal();
+ PrincipalName serverPrincipal = request.getKdcReqBody().getSName();
EncryptionType encryptionType = authContext.getEncryptionType();
EncryptionKey serverKey = authContext.getServerEntry().getKeyMap().get( encryptionType );
- KerberosPrincipal ticketPrincipal = request.getServerPrincipal();
- EncTicketPartModifier newTicketBody = new EncTicketPartModifier();
+ PrincipalName ticketPrincipal = request.getKdcReqBody().getSName();
+
+ EncTicketPart encTicketPart = new EncTicketPart();
KdcServer config = authContext.getConfig();
// The INITIAL flag indicates that a ticket was issued using the AS protocol.
- newTicketBody.setFlag( TicketFlag.INITIAL );
+ TicketFlags ticketFlags = new TicketFlags();
+ encTicketPart.setFlags( ticketFlags );
+ ticketFlags.setFlag( TicketFlag.INITIAL );
// The PRE-AUTHENT flag indicates that the client used pre-authentication.
if ( authContext.isPreAuthenticated() )
{
- newTicketBody.setFlag( TicketFlag.PRE_AUTHENT );
+ ticketFlags.setFlag( TicketFlag.PRE_AUTHENT );
}
- if ( request.getOption( KdcOptions.FORWARDABLE ) )
+ if ( request.getKdcReqBody().getKdcOptions().get( KdcOptions.FORWARDABLE ) )
{
if ( !config.isForwardableAllowed() )
{
throw new KerberosException( ErrorType.KDC_ERR_POLICY );
}
- newTicketBody.setFlag( TicketFlag.FORWARDABLE );
+ ticketFlags.setFlag( TicketFlag.FORWARDABLE );
}
- if ( request.getOption( KdcOptions.PROXIABLE ) )
+ if ( request.getKdcReqBody().getKdcOptions().get( KdcOptions.PROXIABLE ) )
{
if ( !config.isProxiableAllowed() )
{
throw new KerberosException( ErrorType.KDC_ERR_POLICY );
}
- newTicketBody.setFlag( TicketFlag.PROXIABLE );
+ ticketFlags.setFlag( TicketFlag.PROXIABLE );
}
- if ( request.getOption( KdcOptions.ALLOW_POSTDATE ) )
+ if ( request.getKdcReqBody().getKdcOptions().get( KdcOptions.ALLOW_POSTDATE ) )
{
if ( !config.isPostdatedAllowed() )
{
throw new KerberosException( ErrorType.KDC_ERR_POLICY );
}
- newTicketBody.setFlag( TicketFlag.MAY_POSTDATE );
+ ticketFlags.setFlag( TicketFlag.MAY_POSTDATE );
}
- if ( request.getOption( KdcOptions.RENEW ) || request.getOption( KdcOptions.VALIDATE )
- || request.getOption( KdcOptions.PROXY ) || request.getOption( KdcOptions.FORWARDED )
- || request.getOption( KdcOptions.ENC_TKT_IN_SKEY ) )
+ if ( request.getKdcReqBody().getKdcOptions().get( KdcOptions.RENEW )
+ || request.getKdcReqBody().getKdcOptions().get( KdcOptions.VALIDATE )
+ || request.getKdcReqBody().getKdcOptions().get( KdcOptions.PROXY )
+ || request.getKdcReqBody().getKdcOptions().get( KdcOptions.FORWARDED )
+ || request.getKdcReqBody().getKdcOptions().get( KdcOptions.ENC_TKT_IN_SKEY ) )
{
throw new KerberosException( ErrorType.KDC_ERR_BADOPTION );
}
EncryptionKey sessionKey = RandomKeyFactory.getRandomKey( authContext.getEncryptionType() );
- newTicketBody.setSessionKey( sessionKey );
+ encTicketPart.setKey( sessionKey );
- newTicketBody.setClientPrincipal( request.getClientPrincipal() );
- newTicketBody.setTransitedEncoding( new TransitedEncoding() );
+ encTicketPart.setCName( request.getKdcReqBody().getCName() );
+ encTicketPart.setCRealm( request.getKdcReqBody().getRealm() );
+ encTicketPart.setTransited( new TransitedEncoding() );
+ String serverRealm = request.getKdcReqBody().getRealm();
KerberosTime now = new KerberosTime();
- newTicketBody.setAuthTime( now );
+ encTicketPart.setAuthTime( now );
- KerberosTime startTime = request.getFrom();
+ KerberosTime startTime = request.getKdcReqBody().getFrom();
/*
* "If the requested starttime is absent, indicates a time in the past,
@@ -418,7 +407,7 @@ public class AuthenticationService
* ticket is set to the authentication server's current time."
*/
if ( startTime == null || startTime.lessThan( now ) || startTime.isInClockSkew( config.getAllowableClockSkew() )
- && !request.getOption( KdcOptions.POSTDATED ) )
+ && !request.getKdcReqBody().getKdcOptions().get( KdcOptions.POSTDATED ) )
{
startTime = now;
}
@@ -429,7 +418,8 @@ public class AuthenticationService
* KDC_ERR_CANNOT_POSTDATE is returned."
*/
if ( startTime != null && startTime.greaterThan( now )
- && !startTime.isInClockSkew( config.getAllowableClockSkew() ) && !request.getOption( KdcOptions.POSTDATED ) )
+ && !startTime.isInClockSkew( config.getAllowableClockSkew() )
+ && !request.getKdcReqBody().getKdcOptions().get( KdcOptions.POSTDATED ) )
{
throw new KerberosException( ErrorType.KDC_ERR_CANNOT_POSTDATE );
}
@@ -439,27 +429,27 @@ public class AuthenticationService
* local realm and if the ticket's starttime is acceptable, it is set as
* requested, and the INVALID flag is set in the new ticket."
*/
- if ( request.getOption( KdcOptions.POSTDATED ) )
+ if ( request.getKdcReqBody().getKdcOptions().get( KdcOptions.POSTDATED ) )
{
if ( !config.isPostdatedAllowed() )
{
throw new KerberosException( ErrorType.KDC_ERR_POLICY );
}
- newTicketBody.setFlag( TicketFlag.POSTDATED );
- newTicketBody.setFlag( TicketFlag.INVALID );
- newTicketBody.setStartTime( startTime );
+ ticketFlags.setFlag( TicketFlag.POSTDATED );
+ ticketFlags.setFlag( TicketFlag.INVALID );
+ encTicketPart.setStartTime( startTime );
}
long till = 0;
- if ( request.getTill().getTime() == 0 )
+ if ( request.getKdcReqBody().getTill().getTime() == 0 )
{
till = Long.MAX_VALUE;
}
else
{
- till = request.getTill().getTime();
+ till = request.getKdcReqBody().getTill().getTime();
}
/*
@@ -468,7 +458,7 @@ public class AuthenticationService
*/
long endTime = Math.min( till, startTime.getTime() + config.getMaximumTicketLifetime() );
KerberosTime kerberosEndTime = new KerberosTime( endTime );
- newTicketBody.setEndTime( kerberosEndTime );
+ encTicketPart.setEndTime( kerberosEndTime );
/*
* "If the requested expiration time minus the starttime (as determined
@@ -493,27 +483,28 @@ public class AuthenticationService
* flag is set in the new ticket, and the renew-till value is set as if the
* 'RENEWABLE' option were requested."
*/
- KerberosTime tempRtime = request.getRtime();
+ KerberosTime tempRtime = request.getKdcReqBody().getRTime();
- if ( request.getOption( KdcOptions.RENEWABLE_OK ) && request.getTill().greaterThan( kerberosEndTime ) )
+ if ( request.getKdcReqBody().getKdcOptions().get( KdcOptions.RENEWABLE_OK )
+ && request.getKdcReqBody().getTill().greaterThan( kerberosEndTime ) )
{
if ( !config.isRenewableAllowed() )
{
throw new KerberosException( ErrorType.KDC_ERR_POLICY );
}
- request.setOption( KdcOptions.RENEWABLE );
- tempRtime = request.getTill();
+ request.getKdcReqBody().getKdcOptions().set( KdcOptions.RENEWABLE );
+ tempRtime = request.getKdcReqBody().getTill();
}
- if ( request.getOption( KdcOptions.RENEWABLE ) )
+ if ( request.getKdcReqBody().getKdcOptions().get( KdcOptions.RENEWABLE ) )
{
if ( !config.isRenewableAllowed() )
{
throw new KerberosException( ErrorType.KDC_ERR_POLICY );
}
- newTicketBody.setFlag( TicketFlag.RENEWABLE );
+ ticketFlags.setFlag( TicketFlag.RENEWABLE );
if ( tempRtime == null || tempRtime.isZero() )
{
@@ -526,13 +517,13 @@ public class AuthenticationService
* configured in policy.
*/
long renewTill = Math.min( tempRtime.getTime(), startTime.getTime() + config.getMaximumRenewableLifetime() );
- newTicketBody.setRenewTill( new KerberosTime( renewTill ) );
+ encTicketPart.setRenewTill( new KerberosTime( renewTill ) );
}
- if ( request.getAddresses() != null && request.getAddresses().getAddresses() != null
- && request.getAddresses().getAddresses().length > 0 )
+ if ( request.getKdcReqBody().getAddresses() != null && request.getKdcReqBody().getAddresses().getAddresses() != null
+ && request.getKdcReqBody().getAddresses().getAddresses().length > 0 )
{
- newTicketBody.setClientAddresses( request.getAddresses() );
+ encTicketPart.setClientAddresses( request.getKdcReqBody().getAddresses() );
}
else
{
@@ -542,12 +533,13 @@ public class AuthenticationService
}
}
- EncTicketPart ticketPart = newTicketBody.getEncTicketPart();
-
- EncryptedData encryptedData = cipherTextHandler.seal( serverKey, ticketPart, KeyUsage.NUMBER2 );
+ EncryptedData encryptedData = cipherTextHandler.seal( serverKey, encTicketPart, KeyUsage.AS_OR_TGS_REP_TICKET_WITH_SRVKEY );
Ticket newTicket = new Ticket( ticketPrincipal, encryptedData );
- newTicket.setEncTicketPart( ticketPart );
+
+ newTicket.setRealm( serverRealm );
+ newTicket.setEncTicketPart( encTicketPart );
+
if ( LOG.isDebugEnabled() )
{
@@ -560,52 +552,62 @@ public class AuthenticationService
private static void buildReply( AuthenticationContext authContext ) throws KerberosException, InvalidTicketException
{
- KdcRequest request = authContext.getRequest();
+ KdcReq request = authContext.getRequest();
Ticket ticket = authContext.getTicket();
- AuthenticationReply reply = new AuthenticationReply();
-
- reply.setClientPrincipal( request.getClientPrincipal() );
+ AsRep reply = new AsRep();
+
+ reply.setCName( request.getKdcReqBody().getCName() );
+ reply.setCRealm( request.getKdcReqBody().getRealm() );
reply.setTicket( ticket );
- reply.setKey( ticket.getEncTicketPart().getSessionKey() );
+
+ EncKdcRepPart encKdcRepPart = new EncKdcRepPart();
+ encKdcRepPart.setKey( ticket.getEncTicketPart().getKey() );
// TODO - fetch lastReq for this client; requires store
- reply.setLastRequest( new LastRequest() );
+ // FIXME temporary fix, IMO we should create some new ATs to store this info in DIT
+ LastReq lastReq = new LastReq();
+ lastReq.addEntry( new LastReqEntry( LastReqType.TIME_OF_INITIAL_REQ, new KerberosTime() ) );
+ encKdcRepPart.setLastReq( lastReq );
// TODO - resp.key-expiration := client.expiration; requires store
- reply.setNonce( request.getNonce() );
+ encKdcRepPart.setNonce( request.getKdcReqBody().getNonce() );
- reply.setFlags( ticket.getEncTicketPart().getFlags() );
- reply.setAuthTime( ticket.getEncTicketPart().getAuthTime() );
- reply.setStartTime( ticket.getEncTicketPart().getStartTime() );
- reply.setEndTime( ticket.getEncTicketPart().getEndTime() );
+ encKdcRepPart.setFlags( ticket.getEncTicketPart().getFlags() );
+ encKdcRepPart.setAuthTime( ticket.getEncTicketPart().getAuthTime() );
+ encKdcRepPart.setStartTime( ticket.getEncTicketPart().getStartTime() );
+ encKdcRepPart.setEndTime( ticket.getEncTicketPart().getEndTime() );
if ( ticket.getEncTicketPart().getFlags().isRenewable() )
{
- reply.setRenewTill( ticket.getEncTicketPart().getRenewTill() );
+ encKdcRepPart.setRenewTill( ticket.getEncTicketPart().getRenewTill() );
}
- reply.setServerPrincipal( ticket.getServerPrincipal() );
- reply.setClientAddresses( ticket.getEncTicketPart().getClientAddresses() );
+ encKdcRepPart.setSName( ticket.getSName() );
+ encKdcRepPart.setSRealm( ticket.getRealm() );
+ encKdcRepPart.setClientAddresses( ticket.getEncTicketPart().getClientAddresses() );
- authContext.setReply( reply );
- }
-
-
- private static void sealReply( AuthenticationContext authContext ) throws KerberosException, InvalidTicketException
- {
- AuthenticationReply reply = ( AuthenticationReply ) authContext.getReply();
- EncryptionKey clientKey = authContext.getClientKey();
- CipherTextHandler cipherTextHandler = authContext.getCipherTextHandler();
+ EncAsRepPart encAsRepPart = new EncAsRepPart();
+ encAsRepPart.setEncKdcRepPart( encKdcRepPart );
- EncryptedData encryptedData = cipherTextHandler.seal( clientKey, reply, KeyUsage.NUMBER3 );
+ if ( LOG.isDebugEnabled() )
+ {
+ monitorContext( authContext );
+ monitorReply( reply, encKdcRepPart );
+ }
+
+ EncryptionKey clientKey = authContext.getClientKey();
+ EncryptedData encryptedData = cipherTextHandler.seal( clientKey, encAsRepPart, KeyUsage.AS_REP_ENC_PART_WITH_CKEY );
reply.setEncPart( encryptedData );
+ reply.setEncKdcRepPart( encKdcRepPart );
+
+ authContext.setReply( reply );
}
private static void monitorRequest( KdcContext kdcContext )
{
- KdcRequest request = kdcContext.getRequest();
+ KdcReq request = kdcContext.getRequest();
if ( LOG.isDebugEnabled() )
{
@@ -619,16 +621,16 @@ public class AuthenticationService
sb.append( "\n\t" + "messageType: " + request.getMessageType() );
sb.append( "\n\t" + "protocolVersionNumber: " + request.getProtocolVersionNumber() );
sb.append( "\n\t" + "clientAddress: " + clientAddress );
- sb.append( "\n\t" + "nonce: " + request.getNonce() );
- sb.append( "\n\t" + "kdcOptions: " + request.getKdcOptions() );
- sb.append( "\n\t" + "clientPrincipal: " + request.getClientPrincipal() );
- sb.append( "\n\t" + "serverPrincipal: " + request.getServerPrincipal() );
- sb.append( "\n\t" + "encryptionType: " + KerberosUtils.getEncryptionTypesString( request.getEType() ) );
- sb.append( "\n\t" + "realm: " + request.getRealm() );
- sb.append( "\n\t" + "from time: " + request.getFrom() );
- sb.append( "\n\t" + "till time: " + request.getTill() );
- sb.append( "\n\t" + "renew-till time: " + request.getRtime() );
- sb.append( "\n\t" + "hostAddresses: " + request.getAddresses() );
+ sb.append( "\n\t" + "nonce: " + request.getKdcReqBody().getNonce() );
+ sb.append( "\n\t" + "kdcOptions: " + request.getKdcReqBody().getKdcOptions() );
+ sb.append( "\n\t" + "clientPrincipal: " + request.getKdcReqBody().getCName() );
+ sb.append( "\n\t" + "serverPrincipal: " + request.getKdcReqBody().getSName() );
+ sb.append( "\n\t" + "encryptionType: " + KerberosUtils.getEncryptionTypesString( request.getKdcReqBody().getEType() ) );
+ sb.append( "\n\t" + "realm: " + request.getKdcReqBody().getRealm() );
+ sb.append( "\n\t" + "from time: " + request.getKdcReqBody().getFrom() );
+ sb.append( "\n\t" + "till time: " + request.getKdcReqBody().getTill() );
+ sb.append( "\n\t" + "renew-till time: " + request.getKdcReqBody().getRTime() );
+ sb.append( "\n\t" + "hostAddresses: " + request.getKdcReqBody().getAddresses() );
LOG.debug( sb.toString() );
}
@@ -663,7 +665,7 @@ public class AuthenticationService
sb.append( "\n\t" + "principal " + clientEntry.getPrincipal() );
sb.append( "\n\t" + "SAM type " + clientEntry.getSamType() );
- KerberosPrincipal serverPrincipal = authContext.getRequest().getServerPrincipal();
+ PrincipalName serverPrincipal = authContext.getRequest().getKdcReqBody().getSName();
PrincipalStoreEntry serverEntry = authContext.getServerEntry();
sb.append( "\n\t" + "principal " + serverPrincipal );
@@ -689,31 +691,27 @@ public class AuthenticationService
}
- private static void monitorReply( KdcContext kdcContext )
+ private static void monitorReply( AsRep reply, EncKdcRepPart part )
{
- Object reply = kdcContext.getReply();
-
- if ( LOG.isDebugEnabled() && reply instanceof KdcReply )
+ if ( LOG.isDebugEnabled() )
{
- KdcReply success = ( KdcReply ) reply;
-
try
{
StringBuffer sb = new StringBuffer();
sb.append( "Responding with " + SERVICE_NAME + " reply:" );
- sb.append( "\n\t" + "messageType: " + success.getMessageType() );
- sb.append( "\n\t" + "protocolVersionNumber: " + success.getProtocolVersionNumber() );
- sb.append( "\n\t" + "nonce: " + success.getNonce() );
- sb.append( "\n\t" + "clientPrincipal: " + success.getClientPrincipal() );
- sb.append( "\n\t" + "client realm: " + success.getClientRealm() );
- sb.append( "\n\t" + "serverPrincipal: " + success.getServerPrincipal() );
- sb.append( "\n\t" + "server realm: " + success.getServerRealm() );
- sb.append( "\n\t" + "auth time: " + success.getAuthTime() );
- sb.append( "\n\t" + "start time: " + success.getStartTime() );
- sb.append( "\n\t" + "end time: " + success.getEndTime() );
- sb.append( "\n\t" + "renew-till time: " + success.getRenewTill() );
- sb.append( "\n\t" + "hostAddresses: " + success.getClientAddresses() );
+ sb.append( "\n\t" + "messageType: " + reply.getMessageType() );
+ sb.append( "\n\t" + "protocolVersionNumber: " + reply.getProtocolVersionNumber() );
+ sb.append( "\n\t" + "nonce: " + part.getNonce() );
+ sb.append( "\n\t" + "clientPrincipal: " + reply.getCName() );
+ sb.append( "\n\t" + "client realm: " + reply.getCRealm() );
+ sb.append( "\n\t" + "serverPrincipal: " + part.getSName() );
+ sb.append( "\n\t" + "server realm: " + part.getSRealm() );
+ sb.append( "\n\t" + "auth time: " + part.getAuthTime() );
+ sb.append( "\n\t" + "start time: " + part.getStartTime() );
+ sb.append( "\n\t" + "end time: " + part.getEndTime() );
+ sb.append( "\n\t" + "renew-till time: " + part.getRenewTill() );
+ sb.append( "\n\t" + "hostAddresses: " + part.getClientAddresses() );
LOG.debug( sb.toString() );
}
@@ -775,36 +773,37 @@ public class AuthenticationService
paDataSequence[0] = paData;
- EncryptionTypeInfoEntry[] entries = new EncryptionTypeInfoEntry[ encryptionTypes.size() ];
- int i = 0;
+ ETypeInfo eTypeInfo = new ETypeInfo();
for ( EncryptionType encryptionType:encryptionTypes )
{
- entries[i++] = new EncryptionTypeInfoEntry( encryptionType, null );
+ ETypeInfoEntry etypeInfoEntry = new ETypeInfoEntry( encryptionType, null );
+ eTypeInfo.addETypeInfoEntry( etypeInfoEntry );
}
byte[] encTypeInfo = null;
try
{
- encTypeInfo = EncryptionTypeInfoEncoder.encode( entries );
+ ByteBuffer buffer = ByteBuffer.allocate( eTypeInfo.computeLength() );
+ encTypeInfo = eTypeInfo.encode( buffer ).array();
}
- catch ( IOException ioe )
+ catch ( EncoderException ioe )
{
return null;
}
- PaData encType = new PaData();
- encType.setPaDataType( PaDataType.PA_ENCTYPE_INFO );
- encType.setPaDataValue( encTypeInfo );
+ PaData responsePaData = new PaData( PaDataType.PA_ENCTYPE_INFO, encTypeInfo );
- paDataSequence[1] = encType;
+ MethodData methodData = new MethodData();
+ methodData.addPaData( responsePaData );
try
{
- return PreAuthenticationDataEncoder.encode( paDataSequence );
+ ByteBuffer buffer = ByteBuffer.allocate( methodData.computeLength() );
+ return methodData.encode( buffer ).array();
}
- catch ( IOException ioe )
+ catch ( EncoderException ee )
{
return null;
}
Modified: directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/TicketGrantingContext.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/TicketGrantingContext.java?rev=1043790&r1=1043789&r2=1043790&view=diff
==============================================================================
--- directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/TicketGrantingContext.java (original)
+++ directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/TicketGrantingContext.java Thu Dec 9 00:12:07 2010
@@ -21,11 +21,10 @@ package org.apache.directory.server.kerb
import org.apache.directory.server.kerberos.kdc.KdcContext;
-import org.apache.directory.server.kerberos.shared.messages.ApplicationRequest;
-import org.apache.directory.server.kerberos.shared.messages.components.Authenticator;
-import org.apache.directory.server.kerberos.shared.messages.components.Ticket;
-import org.apache.directory.server.kerberos.shared.replay.ReplayCache;
import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntry;
+import org.apache.directory.shared.kerberos.messages.ApReq;
+import org.apache.directory.shared.kerberos.messages.Authenticator;
+import org.apache.directory.shared.kerberos.messages.Ticket;
/**
@@ -35,11 +34,10 @@ public class TicketGrantingContext exten
{
private static final long serialVersionUID = 2130665703752837491L;
- private ApplicationRequest authHeader;
+ private ApReq authHeader;
private Ticket tgt;
private Ticket newTicket;
private Authenticator authenticator;
- private ReplayCache replayCache;
private PrincipalStoreEntry ticketPrincipalEntry;
private PrincipalStoreEntry requestPrincipalEntry;
@@ -82,24 +80,6 @@ public class TicketGrantingContext exten
/**
- * @return Returns the replayCache.
- */
- public ReplayCache getReplayCache()
- {
- return replayCache;
- }
-
-
- /**
- * @param replayCache The replayCache to set.
- */
- public void setReplayCache( ReplayCache replayCache )
- {
- this.replayCache = replayCache;
- }
-
-
- /**
* @return Returns the authenticator.
*/
public Authenticator getAuthenticator()
@@ -156,7 +136,7 @@ public class TicketGrantingContext exten
/**
* @return Returns the authHeader.
*/
- public ApplicationRequest getAuthHeader()
+ public ApReq getAuthHeader()
{
return authHeader;
}
@@ -165,7 +145,7 @@ public class TicketGrantingContext exten
/**
* @param authHeader The authHeader to set.
*/
- public void setAuthHeader( ApplicationRequest authHeader )
+ public void setAuthHeader( ApReq authHeader )
{
this.authHeader = authHeader;
}