You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by ka...@apache.org on 2010/12/08 19:49:04 UTC
svn commit: r1043596 -
/directory/sandbox/kayyagari/kerberos-client/src/main/java/org/apache/directory/kerberos/client/KerberosConnection.java
Author: kayyagari
Date: Wed Dec 8 18:49:04 2010
New Revision: 1043596
URL: http://svn.apache.org/viewvc?rev=1043596&view=rev
Log:
o fixed numerous issues
Modified:
directory/sandbox/kayyagari/kerberos-client/src/main/java/org/apache/directory/kerberos/client/KerberosConnection.java
Modified: directory/sandbox/kayyagari/kerberos-client/src/main/java/org/apache/directory/kerberos/client/KerberosConnection.java
URL: http://svn.apache.org/viewvc/directory/sandbox/kayyagari/kerberos-client/src/main/java/org/apache/directory/kerberos/client/KerberosConnection.java?rev=1043596&r1=1043595&r2=1043596&view=diff
==============================================================================
--- directory/sandbox/kayyagari/kerberos-client/src/main/java/org/apache/directory/kerberos/client/KerberosConnection.java (original)
+++ directory/sandbox/kayyagari/kerberos-client/src/main/java/org/apache/directory/kerberos/client/KerberosConnection.java Wed Dec 8 18:49:04 2010
@@ -34,6 +34,7 @@ import java.util.concurrent.TimeUnit;
import javax.security.auth.kerberos.KerberosPrincipal;
+import org.apache.directory.server.kerberos.protocol.KerberosDecoder;
import org.apache.directory.server.kerberos.protocol.KerberosProtocolCodecFactory;
import org.apache.directory.server.kerberos.shared.crypto.encryption.CipherTextHandler;
import org.apache.directory.server.kerberos.shared.crypto.encryption.KerberosKeyFactory;
@@ -43,6 +44,7 @@ import org.apache.directory.shared.kerbe
import org.apache.directory.shared.kerberos.codec.options.KdcOptions;
import org.apache.directory.shared.kerberos.codec.types.EncryptionType;
import org.apache.directory.shared.kerberos.codec.types.PaDataType;
+import org.apache.directory.shared.kerberos.codec.types.PrincipalNameType;
import org.apache.directory.shared.kerberos.components.EncryptedData;
import org.apache.directory.shared.kerberos.components.EncryptionKey;
import org.apache.directory.shared.kerberos.components.HostAddress;
@@ -55,7 +57,9 @@ import org.apache.directory.shared.kerbe
import org.apache.directory.shared.kerberos.exceptions.KerberosException;
import org.apache.directory.shared.kerberos.messages.AsRep;
import org.apache.directory.shared.kerberos.messages.AsReq;
+import org.apache.directory.shared.kerberos.messages.EncAsRepPart;
import org.apache.directory.shared.kerberos.messages.KerberosMessage;
+import org.apache.directory.shared.ldap.util.StringTools;
import org.apache.mina.core.filterchain.IoFilter;
import org.apache.mina.core.future.ConnectFuture;
import org.apache.mina.core.future.WriteFuture;
@@ -98,7 +102,7 @@ public class KerberosConnection extends
private Map<Integer, ReplyFuture> futureMap;
- private Map<Integer, EncryptionKey> clientKeyMap;
+ private EncryptionKey key;
/** The timeout used for response we are waiting for */
private long timeout = 30000L;
@@ -126,12 +130,11 @@ public class KerberosConnection extends
random = new SecureRandom();
futureMap = new HashMap<Integer, ReplyFuture>();
- clientKeyMap = new HashMap<Integer, EncryptionKey>();
connector = new NioSocketConnector();
connector.getFilterChain().addLast( "kerberoscodec", filter );
connector.setHandler( this );
-
+
SocketAddress address = new InetSocketAddress( hostName, port );
LOG.debug( "trying to establish connection to the kerberso server {} running at port {}", hostName, port );
@@ -179,7 +182,7 @@ public class KerberosConnection extends
}
catch( Exception e )
{
-
+ e.printStackTrace();
}
}
@@ -197,7 +200,9 @@ public class KerberosConnection extends
reqBody.setCName( new PrincipalName( principal ) );
reqBody.setRealm( principal.getRealm() );
- reqBody.setSName( new PrincipalName( targetPrincipal ) );
+ PrincipalName srvPrincipal = new PrincipalName( targetPrincipal );
+ srvPrincipal.setNameType( PrincipalNameType.KRB_NT_SRV_INST );
+ reqBody.setSName( srvPrincipal );
Date prefStartTime = clientOptions.getStartTime();
if ( prefStartTime != null )
@@ -251,7 +256,7 @@ public class KerberosConnection extends
password, ciphers );
/** The client's encryption key. */
- EncryptionKey clientKey = keys.get( ciphers.iterator().next() ); // FIXME this is always taking first cipher, not good
+ key = keys.get( ciphers.iterator().next() ); // FIXME this is always taking first cipher, not good
PaData paData = new PaData();
@@ -264,7 +269,7 @@ public class KerberosConnection extends
try
{
- encryptedData = lockBox.seal( clientKey, paEncTimeStamp, KeyUsage.NUMBER1 );
+ encryptedData = lockBox.seal( key, paEncTimeStamp, KeyUsage.AS_REQ_PA_ENC_TIMESTAMP_WITH_CKEY );
}
catch ( KerberosException ke )
{
@@ -285,7 +290,6 @@ public class KerberosConnection extends
ReplyFuture repFuture = new ReplyFuture();
futureMap.put( nonce, repFuture );
- clientKeyMap.put( nonce, clientKey );
// Send the request to the server
WriteFuture writeFuture = kerberosSession.write( request );
@@ -334,20 +338,33 @@ public class KerberosConnection extends
KerberosMessageType messageType = krbMessage.getMessageType();
- switch ( messageType )
+ try
{
- case AS_REP:
-
- AsRep asrep = ( AsRep ) krbMessage;
- ReplyFuture future = futureMap.remove( asrep.getNonce() );
- future.set( krbMessage );
- break;
-
- case TGS_REP:
- break;
-
- case KRB_ERROR:
- break;
+ switch ( messageType )
+ {
+ case AS_REP:
+
+ AsRep asrep = ( AsRep ) krbMessage;
+
+ byte[] encAsRepPartData = lockBox.decrypt( key, asrep.getEncPart(), KeyUsage.AS_REP_ENC_PART_WITH_CKEY );
+ System.out.println( StringTools.dumpBytes( encAsRepPartData ) );
+ EncAsRepPart encAsRepPart = KerberosDecoder.decodeEncAsRepPart( encAsRepPartData );
+ asrep.setEncKdcRepPart( encAsRepPart.getEncKdcRepPart() );
+
+ ReplyFuture future = futureMap.remove( asrep.getNonce() );
+ future.set( krbMessage );
+ break;
+
+ case TGS_REP:
+ break;
+
+ case KRB_ERROR:
+ break;
+ }
+ }
+ catch( Exception e )
+ {
+ e.printStackTrace();
}
}
}