You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by er...@apache.org on 2004/10/28 03:10:20 UTC

svn commit: rev 55757 - in incubator/directory/kerberos/trunk/source/main/org/apache/kerberos: io/decoder io/encoder kdc messages/value

Author: erodriguez
Date: Wed Oct 27 18:10:19 2004
New Revision: 55757

Added:
   incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/messages/value/PreAuthenticationData.java
   incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/messages/value/PreAuthenticationDataModifier.java
   incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/messages/value/PreAuthenticationDataType.java
Modified:
   incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/io/decoder/KdcRequestDecoder.java
   incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/io/encoder/KdcReplyEncoder.java
   incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/kdc/TicketGrantingService.java
Log:
Infrastructure for supporting pre-authentication.

Modified: incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/io/decoder/KdcRequestDecoder.java
==============================================================================
--- incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/io/decoder/KdcRequestDecoder.java	(original)
+++ incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/io/decoder/KdcRequestDecoder.java	Wed Oct 27 18:10:19 2004
@@ -92,36 +92,42 @@
 	}*/
 	private PreAuthenticationData[] decodePaData(DERSequence sequence) {
 
-		PreAuthenticationData[] paDataSequence = new PreAuthenticationData[2];
+		PreAuthenticationData[] paDataSequence = new PreAuthenticationData[sequence.size()];
 		int i = 0;
 
 		for (Enumeration e = sequence.getObjects(); e.hasMoreElements();) {
-			DERSequence pa = (DERSequence) e.nextElement();
-			
-			paDataSequence[i] = new PreAuthenticationData();
-			
-			for (Enumeration e2 = pa.getObjects(); e2.hasMoreElements();) {
-				DERTaggedObject object = ((DERTaggedObject) e2.nextElement());
-				int tag = object.getTagNo();
-				DERObject derObject = object.getObject();
-				switch (tag) {
-					case 1:
-						DERInteger padataType = (DERInteger) derObject;
-						paDataSequence[i].setDataType(padataType.getValue().intValue());
-						break;
-					case 2:
-						DEROctetString padataValue = (DEROctetString) derObject;
-						paDataSequence[i].setDataValue(padataValue.getOctets());
-						break;
-					default:
-						System.out.println(derObject);
-						break;
-				}
-			}
-			
+			DERSequence object = (DERSequence) e.nextElement();
+			PreAuthenticationData paData = decodePreAuthenticationData(object);
+			paDataSequence[i] = paData;
 			i++;
 		}
 		return paDataSequence;
+	}
+	
+	private PreAuthenticationData decodePreAuthenticationData(DERSequence sequence) {
+		
+		PreAuthenticationDataModifier paDataModifier = new PreAuthenticationDataModifier();
+		
+		for (Enumeration e = sequence.getObjects(); e.hasMoreElements();) {
+			DERTaggedObject object = ((DERTaggedObject) e.nextElement());
+			int tag = object.getTagNo();
+			DERObject derObject = object.getObject();
+			switch (tag) {
+				case 1:
+					DERInteger padataType = (DERInteger) derObject;
+					PreAuthenticationDataType type = PreAuthenticationDataType.getTypeByOrdinal(padataType.getValue().intValue());
+					paDataModifier.setDataType(type);
+					break;
+				case 2:
+					DEROctetString padataValue = (DEROctetString) derObject;
+					paDataModifier.setDataValue(padataValue.getOctets());
+					break;
+				default:
+					System.out.println(derObject);
+					break;
+			}
+		}
+		return paDataModifier.getPreAuthenticationData();
 	}
 
 	/*

Modified: incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/io/encoder/KdcReplyEncoder.java
==============================================================================
--- incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/io/encoder/KdcReplyEncoder.java	(original)
+++ incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/io/encoder/KdcReplyEncoder.java	Wed Oct 27 18:10:19 2004
@@ -78,7 +78,7 @@
 		for (int i = 0; i < paData.length; i++) {
 			ASN1EncodableVector vector = new ASN1EncodableVector();
 
-			vector.add(new DERTaggedObject(1, new DERInteger(paData[i].getDataType())));
+			vector.add(new DERTaggedObject(1, new DERInteger(paData[i].getDataType().getOrdinal())));
 			vector.add(new DERTaggedObject(2, new DEROctetString(paData[i].getDataValue())));
 			pa.add(new DERSequence(vector));
 		}

Modified: incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/kdc/TicketGrantingService.java
==============================================================================
--- incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/kdc/TicketGrantingService.java	(original)
+++ incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/kdc/TicketGrantingService.java	Wed Oct 27 18:10:19 2004
@@ -95,7 +95,7 @@
 	 */
 	private ApplicationRequest getAuthHeader(KdcRequest request) throws KerberosException, IOException {
 		
-		if (request.getPaData()[0].getDataType() != PreAuthenticationData.PA_TGS_REQ)
+		if (request.getPaData()[0].getDataType() != PreAuthenticationDataType.PA_TGS_REQ)
 			throw KerberosException.KDC_ERR_PADATA_TYPE_NOSUPP;
 		
 		byte[] undecodedAuthHeader = request.getPaData()[0].getDataValue();

Added: incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/messages/value/PreAuthenticationData.java
==============================================================================
--- (empty file)
+++ incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/messages/value/PreAuthenticationData.java	Wed Oct 27 18:10:19 2004
@@ -0,0 +1,37 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.kerberos.messages.value;
+
+public class PreAuthenticationData {
+
+	private PreAuthenticationDataType _dataType;
+	private EncryptedData             _dataValue = new EncryptedData();
+	
+	public PreAuthenticationData(PreAuthenticationDataType dataType, EncryptedData encData) {
+		_dataType  = dataType;
+		_dataValue = encData;
+	}
+	
+	public PreAuthenticationDataType getDataType() {
+		return _dataType;
+	}
+	
+	public byte[] getDataValue() {
+		return _dataValue.getCipherText();
+	}
+}
+

Added: incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/messages/value/PreAuthenticationDataModifier.java
==============================================================================
--- (empty file)
+++ incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/messages/value/PreAuthenticationDataModifier.java	Wed Oct 27 18:10:19 2004
@@ -0,0 +1,36 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.kerberos.messages.value;
+
+public class PreAuthenticationDataModifier {
+	
+	private PreAuthenticationDataType _dataType;
+	private EncryptedData             _dataValue = new EncryptedData();
+	
+	public PreAuthenticationData getPreAuthenticationData() {
+		return new PreAuthenticationData(_dataType, _dataValue);
+	}
+	
+	public void setDataType(PreAuthenticationDataType type) {
+		_dataType = type;
+	}
+	
+	public void setDataValue(byte[] value) {
+		_dataValue.setCipherText(value);
+	}
+}
+

Added: incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/messages/value/PreAuthenticationDataType.java
==============================================================================
--- (empty file)
+++ incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/messages/value/PreAuthenticationDataType.java	Wed Oct 27 18:10:19 2004
@@ -0,0 +1,88 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.kerberos.messages.value;
+
+import java.util.*;
+
+public class PreAuthenticationDataType implements Comparable {
+
+	/**
+	 * Enumeration elements are constructed once upon class loading.
+	 * Order of appearance here determines the order of compareTo.
+	 */
+	public static final PreAuthenticationDataType NULL                   = new PreAuthenticationDataType(0, "null");
+	public static final PreAuthenticationDataType PA_TGS_REQ             = new PreAuthenticationDataType(1, "TGS Request");
+	public static final PreAuthenticationDataType PA_ENC_TIMESTAMP       = new PreAuthenticationDataType(2, "Enc timestamp");
+	public static final PreAuthenticationDataType PA_PW_SALT             = new PreAuthenticationDataType(3, "password salt");
+	public static final PreAuthenticationDataType PA_ENC_UNIX_TIME       = new PreAuthenticationDataType(5, "enc unix time");
+	public static final PreAuthenticationDataType PA_SANDIA_SECUREID     = new PreAuthenticationDataType(6, "sandia secureid");
+	public static final PreAuthenticationDataType PA_SESAME              = new PreAuthenticationDataType(7, "sesame");
+	public static final PreAuthenticationDataType PA_OSF_DCE             = new PreAuthenticationDataType(8, "OSF DCE");
+	public static final PreAuthenticationDataType PA_CYBERSAFE_SECUREID  = new PreAuthenticationDataType(9, "cybersafe secureid");
+	public static final PreAuthenticationDataType PA_ASF3_SALT           = new PreAuthenticationDataType(10, "ASF3 salt");
+	public static final PreAuthenticationDataType PA_ETYPE_INFO          = new PreAuthenticationDataType(11, "encryption info");
+	public static final PreAuthenticationDataType SAM_CHALLENGE          = new PreAuthenticationDataType(12, "SAM challenge");
+	public static final PreAuthenticationDataType SAM_RESPONSE           = new PreAuthenticationDataType(13, "SAM response");
+	public static final PreAuthenticationDataType PA_PK_AS_REQ           = new PreAuthenticationDataType(14, "PK as request");
+	public static final PreAuthenticationDataType PA_PK_AS_REP           = new PreAuthenticationDataType(15, "PK as response");
+	public static final PreAuthenticationDataType PA_USE_SPECIFIED_KVNO  = new PreAuthenticationDataType(20, "use specified key version");
+	public static final PreAuthenticationDataType SAM_REDIRECT           = new PreAuthenticationDataType(21, "SAM redirect");
+	public static final PreAuthenticationDataType PA_GET_FROM_TYPED_DATA = new PreAuthenticationDataType(22, "Get from typed data");
+	
+	public String toString() {
+		return _fName + " (" + _fOrdinal + ")";
+	}
+
+	public int compareTo(Object that) {
+		return _fOrdinal - ((PreAuthenticationDataType) that)._fOrdinal;
+	}
+
+	public static PreAuthenticationDataType getTypeByOrdinal(int type) {
+		for (int i = 0; i < fValues.length; i++)
+			if (fValues[i]._fOrdinal == type)
+				return fValues[i];
+		return NULL;
+	}
+	
+	public int getOrdinal() {
+		return _fOrdinal;
+	}
+
+	/// PRIVATE /////
+	private final String _fName;
+	private final int    _fOrdinal;
+
+	/**
+	 * Private constructor prevents construction outside of this class.
+	 */
+	private PreAuthenticationDataType(int ordinal, String name) {
+		_fOrdinal = ordinal;
+		_fName    = name;
+	}
+
+	/**
+	 * These two lines are all that's necessary to export a List of VALUES.
+	 */
+	private static final PreAuthenticationDataType[] fValues = {NULL, PA_TGS_REQ,
+			PA_ENC_TIMESTAMP, PA_PW_SALT, PA_ENC_UNIX_TIME, PA_SANDIA_SECUREID,
+			PA_SESAME, PA_OSF_DCE, PA_CYBERSAFE_SECUREID, PA_ASF3_SALT, PA_ETYPE_INFO,
+			SAM_CHALLENGE, SAM_RESPONSE, PA_PK_AS_REQ, PA_PK_AS_REP, PA_USE_SPECIFIED_KVNO,
+			SAM_REDIRECT, PA_GET_FROM_TYPED_DATA};
+	// VALUES needs to be located here, otherwise illegal forward reference
+	public static final List VALUES = Collections.unmodifiableList(Arrays.asList(fValues));
+}
+