You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by dr...@apache.org on 2015/01/22 01:56:57 UTC
[33/50] [abbrv] directory-kerberos git commit: Many changes with
newname
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/token/TokenRequestContext.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/token/TokenRequestContext.java b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/token/TokenRequestContext.java
deleted file mode 100644
index fa88900..0000000
--- a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/preauth/token/TokenRequestContext.java
+++ /dev/null
@@ -1,32 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.server.preauth.token;
-
-import org.apache.kerberos.kerb.preauth.PluginRequestContext;
-import org.apache.kerberos.kerb.spec.pa.PaDataType;
-
-public class TokenRequestContext implements PluginRequestContext {
-
- public boolean doIdentityMatching;
- public PaDataType paType;
- public boolean identityInitialized;
- public boolean identityPrompted;
-
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/replay/CacheService.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/replay/CacheService.java b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/replay/CacheService.java
deleted file mode 100644
index 78fb168..0000000
--- a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/replay/CacheService.java
+++ /dev/null
@@ -1,26 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.server.replay;
-
-public interface CacheService
-{
- boolean checkAndCache(RequestRecord request);
- void clear();
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/replay/ReplayCheckService.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/replay/ReplayCheckService.java b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/replay/ReplayCheckService.java
deleted file mode 100644
index c1232ce..0000000
--- a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/replay/ReplayCheckService.java
+++ /dev/null
@@ -1,25 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.server.replay;
-
-public interface ReplayCheckService
-{
- boolean checkReplay(String clientPrincipal, String serverPrincipal, long requestTime, int microseconds);
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/replay/ReplayCheckServiceImpl.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/replay/ReplayCheckServiceImpl.java b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/replay/ReplayCheckServiceImpl.java
deleted file mode 100644
index 43f1444..0000000
--- a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/replay/ReplayCheckServiceImpl.java
+++ /dev/null
@@ -1,40 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.server.replay;
-
-public class ReplayCheckServiceImpl implements ReplayCheckService
-{
- private CacheService cacheService;
-
- public ReplayCheckServiceImpl(CacheService cacheService) {
- this.cacheService = cacheService;
- }
-
- public ReplayCheckServiceImpl() {
- this(new SimpleCacheService());
- }
-
- @Override
- public boolean checkReplay(String clientPrincipal, String serverPrincipal,
- long requestTime, int microseconds) {
- RequestRecord record = new RequestRecord(clientPrincipal, serverPrincipal, requestTime, microseconds);
- return cacheService.checkAndCache(record);
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/replay/RequestRecord.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/replay/RequestRecord.java b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/replay/RequestRecord.java
deleted file mode 100644
index 4f1dd84..0000000
--- a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/replay/RequestRecord.java
+++ /dev/null
@@ -1,58 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.server.replay;
-
-public class RequestRecord {
- private String clientPrincipal;
- private String serverPrincipal;
- private long requestTime;
- private int microseconds;
-
- public RequestRecord(String clientPrincipal, String serverPrincipal, long requestTime, int microseconds) {
- this.clientPrincipal = clientPrincipal;
- this.serverPrincipal = serverPrincipal;
- this.requestTime = requestTime;
- this.microseconds = microseconds;
- }
-
- @Override
- public boolean equals(Object o) {
- if (this == o) return true;
- if (o == null || getClass() != o.getClass()) return false;
-
- RequestRecord that = (RequestRecord) o;
-
- if (microseconds != that.microseconds) return false;
- if (requestTime != that.requestTime) return false;
- if (!clientPrincipal.equals(that.clientPrincipal)) return false;
- if (!serverPrincipal.equals(that.serverPrincipal)) return false;
-
- return true;
- }
-
- @Override
- public int hashCode() {
- int result = clientPrincipal.hashCode();
- result = 31 * result + serverPrincipal.hashCode();
- result = 31 * result + (int) (requestTime ^ (requestTime >>> 32));
- result = 31 * result + microseconds;
- return result;
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/replay/SimpleCacheService.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/replay/SimpleCacheService.java b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/replay/SimpleCacheService.java
deleted file mode 100644
index f471f43..0000000
--- a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/replay/SimpleCacheService.java
+++ /dev/null
@@ -1,46 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.server.replay;
-
-import java.util.HashSet;
-import java.util.Set;
-
-public class SimpleCacheService implements CacheService {
- private Set<RequestRecord> requests;
-
- public SimpleCacheService() {
- requests = new HashSet<RequestRecord>();
- }
-
- @Override
- public boolean checkAndCache(RequestRecord request) {
- if (requests.contains(request)) {
- return true;
- } else {
- requests.add(request);
- }
- return false;
- }
-
- @Override
- public void clear() {
- requests.clear();
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/request/AsRequest.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/request/AsRequest.java b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/request/AsRequest.java
deleted file mode 100644
index f6d0026..0000000
--- a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/request/AsRequest.java
+++ /dev/null
@@ -1,91 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.server.request;
-
-import org.apache.kerberos.kerb.KrbException;
-import org.apache.kerberos.kerb.common.EncryptionUtil;
-import org.apache.kerberos.kerb.server.KdcContext;
-import org.apache.kerberos.kerb.spec.KerberosTime;
-import org.apache.kerberos.kerb.spec.common.*;
-import org.apache.kerberos.kerb.spec.kdc.*;
-import org.apache.kerberos.kerb.spec.ticket.Ticket;
-import org.apache.kerberos.kerb.spec.ticket.TicketFlag;
-
-public class AsRequest extends KdcRequest {
-
- public AsRequest(AsReq asReq, KdcContext kdcContext) {
- super(asReq, kdcContext);
- }
-
- @Override
- protected void makeReply() throws KrbException {
- Ticket ticket = getTicket();
-
- AsRep reply = new AsRep();
-
- reply.setCname(getClientEntry().getPrincipal());
- reply.setCrealm(kdcContext.getServerRealm());
- reply.setTicket(ticket);
-
- EncKdcRepPart encKdcRepPart = makeEncKdcRepPart();
- reply.setEncPart(encKdcRepPart);
-
- EncryptionKey clientKey = getClientKey();
- EncryptedData encryptedData = EncryptionUtil.seal(encKdcRepPart,
- clientKey, KeyUsage.AS_REP_ENCPART);
- reply.setEncryptedEncPart(encryptedData);
-
- setReply(reply);
- }
-
- protected EncKdcRepPart makeEncKdcRepPart() {
- KdcReq request = getKdcReq();
- Ticket ticket = getTicket();
-
- EncKdcRepPart encKdcRepPart = new EncAsRepPart();
-
- //session key
- encKdcRepPart.setKey(ticket.getEncPart().getKey());
-
- LastReq lastReq = new LastReq();
- LastReqEntry entry = new LastReqEntry();
- entry.setLrType(LastReqType.THE_LAST_INITIAL);
- entry.setLrValue(new KerberosTime());
- lastReq.add(entry);
- encKdcRepPart.setLastReq(lastReq);
-
- encKdcRepPart.setNonce(request.getReqBody().getNonce());
-
- encKdcRepPart.setFlags(ticket.getEncPart().getFlags());
- encKdcRepPart.setAuthTime(ticket.getEncPart().getAuthTime());
- encKdcRepPart.setStartTime(ticket.getEncPart().getStartTime());
- encKdcRepPart.setEndTime(ticket.getEncPart().getEndTime());
-
- if (ticket.getEncPart().getFlags().isFlagSet(TicketFlag.RENEWABLE)) {
- encKdcRepPart.setRenewTill(ticket.getEncPart().getRenewtill());
- }
-
- encKdcRepPart.setSname(ticket.getSname());
- encKdcRepPart.setSrealm(ticket.getRealm());
- encKdcRepPart.setCaddr(ticket.getEncPart().getClientAddresses());
-
- return encKdcRepPart;
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/request/KdcRequest.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/request/KdcRequest.java b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/request/KdcRequest.java
deleted file mode 100644
index 41dcc10..0000000
--- a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/request/KdcRequest.java
+++ /dev/null
@@ -1,521 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.server.request;
-
-import org.apache.kerberos.kerb.KrbErrorCode;
-import org.apache.kerberos.kerb.codec.KrbCodec;
-import org.apache.kerberos.kerb.common.EncryptionUtil;
-import org.apache.kerberos.kerb.crypto.EncryptionHandler;
-import org.apache.kerberos.kerb.identity.KrbIdentity;
-import org.apache.kerberos.kerb.server.KdcConfig;
-import org.apache.kerberos.kerb.server.KdcContext;
-import org.apache.kerberos.kerb.server.preauth.FastContext;
-import org.apache.kerberos.kerb.server.preauth.PreauthContext;
-import org.apache.kerberos.kerb.server.preauth.PreauthHandler;
-import org.apache.kerberos.kerb.KrbConstant;
-import org.apache.kerberos.kerb.KrbErrorException;
-import org.apache.kerberos.kerb.KrbException;
-import org.apache.kerberos.kerb.spec.KerberosTime;
-import org.apache.kerberos.kerb.spec.common.*;
-import org.apache.kerberos.kerb.spec.kdc.KdcOption;
-import org.apache.kerberos.kerb.spec.kdc.KdcOptions;
-import org.apache.kerberos.kerb.spec.kdc.KdcRep;
-import org.apache.kerberos.kerb.spec.kdc.KdcReq;
-import org.apache.kerberos.kerb.spec.pa.PaData;
-import org.apache.kerberos.kerb.spec.pa.PaDataEntry;
-import org.apache.kerberos.kerb.spec.pa.PaDataType;
-import org.apache.kerberos.kerb.spec.ticket.EncTicketPart;
-import org.apache.kerberos.kerb.spec.ticket.Ticket;
-import org.apache.kerberos.kerb.spec.ticket.TicketFlag;
-import org.apache.kerberos.kerb.spec.ticket.TicketFlags;
-
-import java.net.InetAddress;
-import java.nio.ByteBuffer;
-import java.util.Date;
-import java.util.List;
-
-public abstract class KdcRequest {
-
- protected KdcContext kdcContext;
-
- private Ticket ticket;
- private boolean isPreAuthenticated;
- private KdcReq kdcReq;
- private KdcRep reply;
- private InetAddress clientAddress;
- private boolean isTcp;
- private EncryptionType encryptionType;
- private EncryptionKey clientKey;
- private KrbIdentity clientEntry;
- private KrbIdentity serverEntry;
- private EncryptionKey serverKey;
- private KrbIdentity tgsEntry;
- private PreauthContext preauthContext;
- private FastContext fastContext;
- private PrincipalName serverPrincipal;
-
- public KdcRequest(KdcReq kdcReq, KdcContext kdcContext) {
- this.kdcReq = kdcReq;
- this.kdcContext = kdcContext;
- this.preauthContext = kdcContext.getPreauthHandler()
- .preparePreauthContext(this);
- this.fastContext = new FastContext();
- }
-
- public KdcContext getKdcContext() {
- return kdcContext;
- }
-
- public PreauthContext getPreauthContext() {
- return preauthContext;
- }
-
- public void process() throws KrbException {
- checkVersion();
- checkClient();
- checkServer();
- preauth();
- authenticate();
- issueTicket();
- makeReply();
- }
-
- public KdcReq getKdcReq() {
- return kdcReq;
- }
-
- public KrbIdentity getTgsEntry() {
- return tgsEntry;
- }
-
- public void setTgsEntry(KrbIdentity tgsEntry) {
- this.tgsEntry = tgsEntry;
- }
-
- public boolean isTcp() {
- return isTcp;
- }
-
- public void isTcp(boolean isTcp) {
- this.isTcp = isTcp;
- }
-
- public KrbMessage getReply() {
- return reply;
- }
-
- public void setReply(KdcRep reply) {
- this.reply = reply;
- }
-
- public InetAddress getClientAddress() {
- return clientAddress;
- }
-
- public void setClientAddress(InetAddress clientAddress) {
- this.clientAddress = clientAddress;
- }
-
- public EncryptionType getEncryptionType() {
- return encryptionType;
- }
-
- public void setEncryptionType(EncryptionType encryptionType) {
- this.encryptionType = encryptionType;
- }
-
- public Ticket getTicket() {
- return ticket;
- }
-
- public void setTicket(Ticket ticket) {
- this.ticket = ticket;
- }
-
- public boolean isPreAuthenticated() {
- return isPreAuthenticated;
- }
-
- public void setPreAuthenticated(boolean isPreAuthenticated) {
- this.isPreAuthenticated = isPreAuthenticated;
- }
-
- public KrbIdentity getServerEntry() {
- return serverEntry;
- }
-
- public void setServerEntry(KrbIdentity serverEntry) {
- this.serverEntry = serverEntry;
- }
-
- public KrbIdentity getClientEntry() {
- return clientEntry;
- }
-
- public void setClientEntry(KrbIdentity clientEntry) {
- this.clientEntry = clientEntry;
- }
-
- public EncryptionKey getClientKey(EncryptionType encType) throws KrbException {
- return getClientEntry().getKey(encType);
- }
-
- public EncryptionKey getClientKey() {
- return clientKey;
- }
-
- public void setClientKey(EncryptionKey clientKey) {
- this.clientKey = clientKey;
- }
-
- public EncryptionKey getServerKey() {
- return serverKey;
- }
-
- public void setServerKey(EncryptionKey serverKey) {
- this.serverKey = serverKey;
- }
-
- public PrincipalName getTgsPrincipal() {
- PrincipalName result = new PrincipalName(kdcContext.getConfig().getTgsPrincipal());
- result.setRealm(kdcContext.getKdcRealm());
- return result;
- }
-
- protected abstract void makeReply() throws KrbException;
-
- protected void checkVersion() throws KrbException {
- KdcReq request = getKdcReq();
-
- int kerberosVersion = request.getPvno();
- if (kerberosVersion != KrbConstant.KRB_V5) {
- throw new KrbException(KrbErrorCode.KDC_ERR_BAD_PVNO);
- }
- }
-
- protected void checkPolicy() throws KrbException {
- KrbIdentity entry = getClientEntry();
-
- if (entry.isDisabled()) {
- throw new KrbException(KrbErrorCode.KDC_ERR_CLIENT_REVOKED);
- }
-
- if (entry.isLocked()) {
- throw new KrbException(KrbErrorCode.KDC_ERR_CLIENT_REVOKED);
- }
-
- if (entry.getExpireTime().lessThan(new Date().getTime())) {
- throw new KrbException(KrbErrorCode.KDC_ERR_CLIENT_REVOKED);
- }
- }
-
- protected void checkClient() throws KrbException {
- KdcReq request = getKdcReq();
-
- PrincipalName clientPrincipal = request.getReqBody().getCname();
- String clientRealm = request.getReqBody().getRealm();
- if (clientRealm == null || clientRealm.isEmpty()) {
- clientRealm = kdcContext.getServerRealm();
- }
- clientPrincipal.setRealm(clientRealm);
-
- KrbIdentity clientEntry = getEntry(clientPrincipal.getName());
- setClientEntry(clientEntry);
-
- EncryptionType encType = request.getReqBody().getEtypes().listIterator().next();
- EncryptionKey clientKey = clientEntry.getKeys().get(encType);
- setClientKey(clientKey);
- }
-
- protected void preauth() throws KrbException {
- KdcReq request = getKdcReq();
-
- PaData preAuthData = request.getPaData();
-
- if (preauthContext.isPreauthRequired()) {
- if (preAuthData == null || preAuthData.isEmpty()) {
- KrbError krbError = makePreAuthenticationError(kdcContext);
- throw new KrbErrorException(krbError);
- } else {
- getPreauthHandler().verify(this, preAuthData);
- }
- }
-
- setPreAuthenticated(true);
- }
-
- protected void setPreauthRequired(boolean preauthRequired) {
- preauthContext.setPreauthRequired(preauthRequired);
- }
-
- protected boolean isPreauthRequired() {
- return preauthContext.isPreauthRequired();
- }
-
- protected PreauthHandler getPreauthHandler() {
- return kdcContext.getPreauthHandler();
- }
-
- protected void checkEncryptionType() throws KrbException {
- List<EncryptionType> requestedTypes = getKdcReq().getReqBody().getEtypes();
-
- EncryptionType bestType = EncryptionUtil.getBestEncryptionType(requestedTypes,
- kdcContext.getConfig().getEncryptionTypes());
-
- if (bestType == null) {
- throw new KrbException(KrbErrorCode.KDC_ERR_ETYPE_NOSUPP);
- }
-
- setEncryptionType(bestType);
- }
-
- protected void authenticate() throws KrbException {
- checkEncryptionType();
- checkPolicy();
- }
-
- protected void issueTicket() throws KrbException {
- KdcReq request = getKdcReq();
-
- EncryptionType encryptionType = getEncryptionType();
- EncryptionKey serverKey = getServerEntry().getKeys().get(encryptionType);
-
- PrincipalName ticketPrincipal = request.getReqBody().getSname();
-
- EncTicketPart encTicketPart = new EncTicketPart();
- KdcConfig config = kdcContext.getConfig();
-
- TicketFlags ticketFlags = new TicketFlags();
- encTicketPart.setFlags(ticketFlags);
- ticketFlags.setFlag(TicketFlag.INITIAL);
-
- if (isPreAuthenticated()) {
- ticketFlags.setFlag(TicketFlag.PRE_AUTH);
- }
-
- if (request.getReqBody().getKdcOptions().isFlagSet(KdcOption.FORWARDABLE)) {
- if (!config.isForwardableAllowed()) {
- throw new KrbException(KrbErrorCode.KDC_ERR_POLICY);
- }
-
- ticketFlags.setFlag(TicketFlag.FORWARDABLE);
- }
-
- if (request.getReqBody().getKdcOptions().isFlagSet(KdcOption.PROXIABLE)) {
- if (!config.isProxiableAllowed()) {
- throw new KrbException(KrbErrorCode.KDC_ERR_POLICY);
- }
-
- ticketFlags.setFlag(TicketFlag.PROXIABLE);
- }
-
- if (request.getReqBody().getKdcOptions().isFlagSet(KdcOption.ALLOW_POSTDATE)) {
- if (!config.isPostdatedAllowed()) {
- throw new KrbException(KrbErrorCode.KDC_ERR_POLICY);
- }
-
- ticketFlags.setFlag(TicketFlag.MAY_POSTDATE);
- }
-
- KdcOptions kdcOptions = request.getReqBody().getKdcOptions();
-
- EncryptionKey sessionKey = EncryptionHandler.random2Key(getEncryptionType());
- encTicketPart.setKey(sessionKey);
-
- encTicketPart.setCname(request.getReqBody().getCname());
- encTicketPart.setCrealm(request.getReqBody().getRealm());
-
- TransitedEncoding transEnc = new TransitedEncoding();
- encTicketPart.setTransited(transEnc);
- String serverRealm = request.getReqBody().getRealm();
-
- KerberosTime now = KerberosTime.now();
- encTicketPart.setAuthTime(now);
-
- KerberosTime krbStartTime = request.getReqBody().getFrom();
- if (krbStartTime == null || krbStartTime.lessThan(now) ||
- krbStartTime.isInClockSkew(config.getAllowableClockSkew())) {
- krbStartTime = now;
- }
- if (krbStartTime.greaterThan(now)
- && !krbStartTime.isInClockSkew(config.getAllowableClockSkew())
- && !kdcOptions.isFlagSet(KdcOption.POSTDATED)) {
- throw new KrbException(KrbErrorCode.KDC_ERR_CANNOT_POSTDATE);
- }
-
- if (kdcOptions.isFlagSet(KdcOption.POSTDATED)) {
- if (!config.isPostdatedAllowed()) {
- throw new KrbException(KrbErrorCode.KDC_ERR_POLICY);
- }
-
- ticketFlags.setFlag(TicketFlag.POSTDATED);
- encTicketPart.setStartTime(krbStartTime);
- }
-
- KerberosTime krbEndTime = request.getReqBody().getTill();
- if (krbEndTime == null) {
- krbEndTime = krbStartTime.extend(config.getMaximumTicketLifetime() * 1000);
- } else if (krbStartTime.greaterThan(krbEndTime)) {
- throw new KrbException(KrbErrorCode.KDC_ERR_NEVER_VALID);
- }
- encTicketPart.setEndTime(krbEndTime);
-
- long ticketLifeTime = Math.abs(krbEndTime.diff(krbStartTime));
- if (ticketLifeTime < config.getMinimumTicketLifetime()) {
- throw new KrbException(KrbErrorCode.KDC_ERR_NEVER_VALID);
- }
-
- KerberosTime krbRtime = request.getReqBody().getRtime();
- if (kdcOptions.isFlagSet(KdcOption.RENEWABLE_OK)) {
- kdcOptions.setFlag(KdcOption.RENEWABLE);
- }
- if (kdcOptions.isFlagSet(KdcOption.RENEWABLE)) {
- if (!config.isRenewableAllowed()) {
- throw new KrbException(KrbErrorCode.KDC_ERR_POLICY);
- }
-
- ticketFlags.setFlag(TicketFlag.RENEWABLE);
-
- if (krbRtime == null) {
- krbRtime = KerberosTime.NEVER;
- }
- KerberosTime allowedMaximumRenewableTime = krbStartTime;
- allowedMaximumRenewableTime.extend(config.getMaximumRenewableLifetime() * 1000);
- if (krbRtime.greaterThan(allowedMaximumRenewableTime)) {
- krbRtime = allowedMaximumRenewableTime;
- }
- encTicketPart.setRenewtill(krbRtime);
- }
-
- HostAddresses hostAddresses = request.getReqBody().getAddresses();
- if (hostAddresses == null || hostAddresses.isEmpty()) {
- if (!config.isEmptyAddressesAllowed()) {
- throw new KrbException(KrbErrorCode.KDC_ERR_POLICY);
- }
- } else {
- encTicketPart.setClientAddresses(hostAddresses);
- }
-
- EncryptedData encryptedData = EncryptionUtil.seal(encTicketPart,
- serverKey, KeyUsage.KDC_REP_TICKET);
-
- Ticket newTicket = new Ticket();
- newTicket.setSname(ticketPrincipal);
- newTicket.setEncryptedEncPart(encryptedData);
- newTicket.setRealm(serverRealm);
- newTicket.setEncPart(encTicketPart);
-
- setTicket(newTicket);
- }
-
- private void checkServer() throws KrbException {
- KdcReq request = getKdcReq();
-
- KrbIdentity tgsEntry = getEntry(getTgsPrincipal().getName());
- setTgsEntry(tgsEntry);
-
- PrincipalName principal = request.getReqBody().getSname();
- String serverRealm = request.getReqBody().getRealm();
- if (serverRealm == null || serverRealm.isEmpty()) {
- serverRealm = kdcContext.getServerRealm();
- }
- principal.setRealm(serverRealm);
-
- KrbIdentity serverEntry = getEntry(principal.getName());
- setServerEntry(serverEntry);
-
- EncryptionType encType = request.getReqBody().getEtypes().listIterator().next();
- EncryptionKey serverKey = serverEntry.getKeys().get(encType);
- setServerKey(serverKey);
- }
-
- protected KrbError makePreAuthenticationError(KdcContext kdcContext) throws KrbException {
- EncryptionType requestedType = getEncryptionType();
- List<EncryptionType> encryptionTypes = kdcContext.getConfig().getEncryptionTypes();
- boolean isNewEtype = true;
-
- EtypeInfo2 eTypeInfo2 = new EtypeInfo2();
-
- EtypeInfo eTypeInfo = new EtypeInfo();
-
- for (EncryptionType encryptionType : encryptionTypes) {
- if (!isNewEtype) {
- EtypeInfoEntry etypeInfoEntry = new EtypeInfoEntry();
- etypeInfoEntry.setEtype(encryptionType);
- etypeInfoEntry.setSalt(null);
- eTypeInfo.add(etypeInfoEntry);
- }
-
- EtypeInfo2Entry etypeInfo2Entry = new EtypeInfo2Entry();
- etypeInfo2Entry.setEtype(encryptionType);
- eTypeInfo2.add(etypeInfo2Entry);
- }
-
- byte[] encTypeInfo = null;
- byte[] encTypeInfo2 = null;
- if (!isNewEtype) {
- encTypeInfo = KrbCodec.encode(eTypeInfo);
- }
- encTypeInfo2 = KrbCodec.encode(eTypeInfo2);
-
- MethodData methodData = new MethodData();
- methodData.add(new PaDataEntry(PaDataType.ENC_TIMESTAMP, null));
- if (!isNewEtype) {
- methodData.add(new PaDataEntry(PaDataType.ETYPE_INFO, encTypeInfo));
- }
- methodData.add(new PaDataEntry(PaDataType.ETYPE_INFO2, encTypeInfo2));
-
- KrbError krbError = new KrbError();
- krbError.setErrorCode(KrbErrorCode.KDC_ERR_PREAUTH_REQUIRED);
- byte[] encodedData = KrbCodec.encode(methodData);
- krbError.setEdata(encodedData);
-
- return krbError;
- }
-
- protected KrbIdentity getEntry(String principal) throws KrbException {
- KrbIdentity entry = null;
- KrbErrorCode krbErrorCode = KrbErrorCode.KDC_ERR_C_PRINCIPAL_UNKNOWN;
-
- try {
- entry = kdcContext.getIdentityService().getIdentity(principal);
- } catch (Exception e) {
- throw new KrbException(krbErrorCode, e);
- }
-
- if (entry == null) {
- throw new KrbException(krbErrorCode);
- }
-
- return entry;
- }
-
- public ByteBuffer getRequestBody() throws KrbException {
- return null;
- }
-
- public EncryptionKey getArmorKey() throws KrbException {
- return fastContext.armorKey;
- }
-
- public PrincipalName getServerPrincipal() {
- return serverPrincipal;
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/request/TgsRequest.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/request/TgsRequest.java b/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/request/TgsRequest.java
deleted file mode 100644
index 289e2e4..0000000
--- a/haox-kerb/kerb-server/src/main/java/org/apache/kerberos/kerb/server/request/TgsRequest.java
+++ /dev/null
@@ -1,196 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.server.request;
-
-import org.apache.kerberos.kerb.KrbErrorCode;
-import org.apache.kerberos.kerb.codec.KrbCodec;
-import org.apache.kerberos.kerb.common.EncryptionUtil;
-import org.apache.kerberos.kerb.server.KdcContext;
-import org.apache.kerberos.kerb.KrbConstant;
-import org.apache.kerberos.kerb.KrbException;
-import org.apache.kerberos.kerb.spec.KerberosTime;
-import org.apache.kerberos.kerb.spec.ap.ApOption;
-import org.apache.kerberos.kerb.spec.ap.ApReq;
-import org.apache.kerberos.kerb.spec.ap.Authenticator;
-import org.apache.kerberos.kerb.spec.common.*;
-import org.apache.kerberos.kerb.spec.kdc.*;
-import org.apache.kerberos.kerb.spec.pa.PaDataEntry;
-import org.apache.kerberos.kerb.spec.ticket.EncTicketPart;
-import org.apache.kerberos.kerb.spec.ticket.Ticket;
-import org.apache.kerberos.kerb.spec.ticket.TicketFlag;
-
-import java.nio.ByteBuffer;
-
-public class TgsRequest extends KdcRequest {
-
- private EncryptionKey tgtSessionKey;
-
- public TgsRequest(TgsReq tgsReq, KdcContext kdcContext) {
- super(tgsReq, kdcContext);
-
- setPreauthRequired(true);
- }
-
- public EncryptionKey getTgtSessionKey() {
- return tgtSessionKey;
- }
-
- public void setTgtSessionKey(EncryptionKey tgtSessionKey) {
- this.tgtSessionKey = tgtSessionKey;
- }
-
- public void verifyAuthenticator(PaDataEntry paDataEntry) throws KrbException {
- ApReq apReq = KrbCodec.decode(paDataEntry.getPaDataValue(), ApReq.class);
-
- if (apReq.getPvno() != KrbConstant.KRB_V5) {
- throw new KrbException(KrbErrorCode.KRB_AP_ERR_BADVERSION);
- }
-
- if (apReq.getMsgType() != KrbMessageType.AP_REQ) {
- throw new KrbException(KrbErrorCode.KRB_AP_ERR_MSG_TYPE);
- }
-
- EncryptionType encType = getKdcReq().getReqBody().getEtypes().listIterator().next();
- EncryptionKey tgsKey = getTgsEntry().getKeys().get(encType);
-
- Ticket ticket = apReq.getTicket();
- if (ticket.getTktvno() != KrbConstant.KRB_V5) {
- throw new KrbException(KrbErrorCode.KRB_AP_ERR_BADVERSION);
- }
-
- EncTicketPart encPart = EncryptionUtil.unseal(ticket.getEncryptedEncPart(),
- tgsKey, KeyUsage.KDC_REP_TICKET, EncTicketPart.class);
- ticket.setEncPart(encPart);
-
- EncryptionKey encKey = null;
- //if (apReq.getApOptions().isFlagSet(ApOptions.USE_SESSION_KEY)) {
- encKey = ticket.getEncPart().getKey();
-
- if (encKey == null) {
- throw new KrbException(KrbErrorCode.KRB_AP_ERR_NOKEY);
- }
- Authenticator authenticator = EncryptionUtil.unseal(apReq.getEncryptedAuthenticator(),
- encKey, KeyUsage.TGS_REQ_AUTH, Authenticator.class);
-
- if (!authenticator.getCname().equals(ticket.getEncPart().getCname())) {
- throw new KrbException(KrbErrorCode.KRB_AP_ERR_BADMATCH);
- }
-
- HostAddresses hostAddresses = ticket.getEncPart().getClientAddresses();
- if (hostAddresses == null || hostAddresses.isEmpty()) {
- if (!kdcContext.getConfig().isEmptyAddressesAllowed()) {
- throw new KrbException(KrbErrorCode.KRB_AP_ERR_BADADDR);
- }
- } else if (!hostAddresses.contains(getClientAddress())) {
- throw new KrbException(KrbErrorCode.KRB_AP_ERR_BADADDR);
- }
-
- PrincipalName serverPrincipal = ticket.getSname();
- serverPrincipal.setRealm(ticket.getRealm());
- PrincipalName clientPrincipal = authenticator.getCname();
- clientPrincipal.setRealm(authenticator.getCrealm());
-
- if (!authenticator.getCtime().isInClockSkew(
- kdcContext.getConfig().getAllowableClockSkew() * 1000)) {
- throw new KrbException(KrbErrorCode.KRB_AP_ERR_SKEW);
- }
-
- KerberosTime now = KerberosTime.now();
- KerberosTime startTime = ticket.getEncPart().getStartTime();
- if (startTime == null) {
- startTime = ticket.getEncPart().getAuthTime();
- }
- if (! startTime.lessThan(now)) {
- throw new KrbException(KrbErrorCode.KRB_AP_ERR_TKT_NYV);
- }
-
- KerberosTime endTime = ticket.getEncPart().getEndTime();
- if (! endTime.greaterThan(now)) {
- throw new KrbException(KrbErrorCode.KRB_AP_ERR_TKT_EXPIRED);
- }
-
- apReq.getApOptions().setFlag(ApOption.MUTUAL_REQUIRED);
-
- setTgtSessionKey(ticket.getEncPart().getKey());
- }
-
- @Override
- protected void makeReply() throws KrbException {
- Ticket ticket = getTicket();
-
- TgsRep reply = new TgsRep();
-
- reply.setCname(getClientEntry().getPrincipal());
- reply.setCrealm(kdcContext.getServerRealm());
- reply.setTicket(ticket);
-
- EncKdcRepPart encKdcRepPart = makeEncKdcRepPart();
- reply.setEncPart(encKdcRepPart);
-
- EncryptionKey sessionKey = getTgtSessionKey();
- EncryptedData encryptedData = EncryptionUtil.seal(encKdcRepPart,
- sessionKey, KeyUsage.TGS_REP_ENCPART_SESSKEY);
- reply.setEncryptedEncPart(encryptedData);
-
- setReply(reply);
- }
-
- private EncKdcRepPart makeEncKdcRepPart() {
- KdcReq request = getKdcReq();
- Ticket ticket = getTicket();
-
- EncKdcRepPart encKdcRepPart = new EncTgsRepPart();
-
- //session key
- encKdcRepPart.setKey(ticket.getEncPart().getKey());
-
- LastReq lastReq = new LastReq();
- LastReqEntry entry = new LastReqEntry();
- entry.setLrType(LastReqType.THE_LAST_INITIAL);
- entry.setLrValue(new KerberosTime());
- lastReq.add(entry);
- encKdcRepPart.setLastReq(lastReq);
-
- encKdcRepPart.setNonce(request.getReqBody().getNonce());
-
- encKdcRepPart.setFlags(ticket.getEncPart().getFlags());
- encKdcRepPart.setAuthTime(ticket.getEncPart().getAuthTime());
- encKdcRepPart.setStartTime(ticket.getEncPart().getStartTime());
- encKdcRepPart.setEndTime(ticket.getEncPart().getEndTime());
-
- if (ticket.getEncPart().getFlags().isFlagSet(TicketFlag.RENEWABLE)) {
- encKdcRepPart.setRenewTill(ticket.getEncPart().getRenewtill());
- }
-
- encKdcRepPart.setSname(ticket.getSname());
- encKdcRepPart.setSrealm(ticket.getRealm());
- encKdcRepPart.setCaddr(ticket.getEncPart().getClientAddresses());
-
- return encKdcRepPart;
- }
-
- public ByteBuffer getRequestBody() throws KrbException {
- return null;
- }
-
- public EncryptionKey getArmorKey() throws KrbException {
- return null;
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/haox-kerb/kerb-server/src/main/resources/kdc.conf
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-server/src/main/resources/kdc.conf b/haox-kerb/kerb-server/src/main/resources/kdc.conf
deleted file mode 100644
index 8f286a1..0000000
--- a/haox-kerb/kerb-server/src/main/resources/kdc.conf
+++ /dev/null
@@ -1,51 +0,0 @@
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-[logging]
- default = FILE:/var/log/krb5libs.log
- kdc = FILE:/var/log/krb5kdc.log
- admin_server = FILE:/var/log/kadmind.log
-
-[kdcdefaults]
- kdc_udp_port = 88
- kdc_tcp_port = 8014
- restrict_anonymous_to_tgt = true
- kdc_max_dgram_reply_size = 4096
-
-[realms]
-# ATHENA.MIT.EDU = {
-# kadmind_port = 749
-# max_life = 12h 0m 0s
-# max_renewable_life = 7d 0h 0m 0s
-# master_key_type = des3-hmac-sha1
-# supported_enctypes = des3-hmac-sha1:normal des-cbc-crc:normal des-cbc-crc:v4
-# database_module = openldap_ldapconf
-# }
-
-[dbdefaults]
- ldap_kerberos_container_dn = cn=krbcontainer dc=mit dc=edu
-
-[dbmodules]
-# openldap_ldapconf = {
-# db_library = kldap
-# disable_last_success = true
-# ldap_kdc_dn = cn=krbadmin dc=mit,dc=edu
-# ldap_kadmind_dn = cn=krbadmin dc=mit dc=edu
-# ldap_service_password_file = /etc/kerberos/service.keyfile
-# ldap_servers = ldaps://kerberos.mit.edu
-# ldap_conns_per_server = 5
-# }
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/haox-kerb/kerb-server/src/test/java/org/apache/kerberos/kerb/server/KdcTest.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-server/src/test/java/org/apache/kerberos/kerb/server/KdcTest.java b/haox-kerb/kerb-server/src/test/java/org/apache/kerberos/kerb/server/KdcTest.java
deleted file mode 100644
index ebab9df..0000000
--- a/haox-kerb/kerb-server/src/test/java/org/apache/kerberos/kerb/server/KdcTest.java
+++ /dev/null
@@ -1,70 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.server;
-
-import org.junit.After;
-import org.junit.Before;
-import org.junit.Test;
-
-import java.io.IOException;
-import java.net.InetSocketAddress;
-import java.net.SocketAddress;
-import java.nio.ByteBuffer;
-import java.nio.channels.SocketChannel;
-
-public class KdcTest {
-
- private String serverHost = "localhost";
- private short serverPort = 8089;
-
- private SimpleKdcServer kdcServer;
-
- @Before
- public void setUp() throws Exception {
- kdcServer = new SimpleKdcServer();
- kdcServer.setKdcHost(serverHost);
- kdcServer.setKdcTcpPort(serverPort);
- kdcServer.init();
- kdcServer.start();
- }
-
- @Test
- public void testKdc() throws IOException, InterruptedException {
- Thread.sleep(15);
-
- SocketChannel socketChannel = SocketChannel.open();
- socketChannel.configureBlocking(true);
- SocketAddress sa = new InetSocketAddress(serverHost, serverPort);
- socketChannel.connect(sa);
-
- String BAD_KRB_MESSAGE = "Hello World!";
- ByteBuffer writeBuffer = ByteBuffer.allocate(4 + BAD_KRB_MESSAGE.getBytes().length);
- writeBuffer.putInt(BAD_KRB_MESSAGE.getBytes().length);
- writeBuffer.put(BAD_KRB_MESSAGE.getBytes());
- writeBuffer.flip();
-
- socketChannel.write(writeBuffer);
- }
-
- @After
- public void tearDown() throws Exception {
- kdcServer.stop();
- }
-}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/haox-kerb/kerb-server/src/test/java/org/apache/kerberos/kerb/server/TestKdcConfigLoad.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-server/src/test/java/org/apache/kerberos/kerb/server/TestKdcConfigLoad.java b/haox-kerb/kerb-server/src/test/java/org/apache/kerberos/kerb/server/TestKdcConfigLoad.java
deleted file mode 100644
index 923861a..0000000
--- a/haox-kerb/kerb-server/src/test/java/org/apache/kerberos/kerb/server/TestKdcConfigLoad.java
+++ /dev/null
@@ -1,57 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.server;
-
-import org.apache.haox.config.Conf;
-import org.junit.Assert;
-import org.junit.Test;
-
-import java.io.File;
-import java.io.IOException;
-import java.net.URISyntaxException;
-import java.net.URL;
-
-public class TestKdcConfigLoad {
-
- @Test
- public void test() throws URISyntaxException, IOException {
- URL confFileUrl = TestKdcConfigLoad.class.getResource("/kdc.conf");
- File confFile = new File(confFileUrl.toURI());
-
- KdcConfig krbConfig = new KdcConfig();
- Conf conf = krbConfig.getConf();
- conf.addIniConfig(confFile);
-
- Assert.assertEquals(krbConfig.getDefaultLoggingLocation(), "FILE:/var/log/krb5libs.log");
- Assert.assertEquals(krbConfig.getKdcLoggingLocation(), "FILE:/var/log/krb5kdc.log");
- Assert.assertEquals(krbConfig.getAdminLoggingLocation(), "FILE:/var/log/kadmind.log");
-
- Assert.assertEquals(krbConfig.getKdcUdpPort(), 88);
- Assert.assertEquals(krbConfig.getKdcTcpPort(), 8014);
- Assert.assertTrue(krbConfig.isRestrictAnonymousToTgt());
- Assert.assertEquals(krbConfig.getKdcMaxDgramReplySize(), 4096);
-
- String[] ldapContainerDn = krbConfig.getLdapKerberosContainerDn();
- Assert.assertEquals(ldapContainerDn.length, 3);
- Assert.assertEquals(ldapContainerDn[0], "cn=krbcontainer");
- Assert.assertEquals(ldapContainerDn[1], "dc=mit");
- Assert.assertEquals(ldapContainerDn[2], "dc=edu");
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/haox-kerb/kerb-util/pom.xml
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-util/pom.xml b/haox-kerb/kerb-util/pom.xml
deleted file mode 100644
index 6a0d367..0000000
--- a/haox-kerb/kerb-util/pom.xml
+++ /dev/null
@@ -1,46 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License. See accompanying LICENSE file.
--->
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
- <modelVersion>4.0.0</modelVersion>
-
- <parent>
- <groupId>org.haox</groupId>
- <artifactId>haox-kerb</artifactId>
- <version>1.0-SNAPSHOT</version>
- </parent>
-
- <artifactId>kerb-util</artifactId>
-
- <name>Haox-kerb Util</name>
- <description>Haox-kerb Utilities</description>
-
- <dependencies>
- <dependency>
- <groupId>org.haox</groupId>
- <artifactId>haox-config</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.haox</groupId>
- <artifactId>kerb-core</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.haox</groupId>
- <artifactId>kerb-crypto</artifactId>
- <version>${project.version}</version>
- </dependency>
- </dependencies>
-</project>
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/KrbInputStream.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/KrbInputStream.java b/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/KrbInputStream.java
deleted file mode 100644
index e8d430d..0000000
--- a/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/KrbInputStream.java
+++ /dev/null
@@ -1,74 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb;
-
-import org.apache.kerberos.kerb.spec.KerberosTime;
-import org.apache.kerberos.kerb.spec.common.EncryptionKey;
-import org.apache.kerberos.kerb.spec.common.EncryptionType;
-import org.apache.kerberos.kerb.spec.common.PrincipalName;
-
-import java.io.DataInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-
-public abstract class KrbInputStream extends DataInputStream
-{
- public KrbInputStream(InputStream in) {
- super(in);
- }
-
- public KerberosTime readTime() throws IOException {
- long value = readInt();
- KerberosTime time = new KerberosTime(value * 1000);
- return time;
- }
-
- public abstract PrincipalName readPrincipal(int version) throws IOException;
-
- public EncryptionKey readKey(int version) throws IOException {
- int eType = readShort();
- EncryptionType encryptionType = EncryptionType.fromValue(eType);
-
- byte[] keyData = readCountedOctets();
- EncryptionKey key = new EncryptionKey(encryptionType, keyData);
-
- return key;
- }
-
- public String readCountedString() throws IOException {
- byte[] countedOctets = readCountedOctets();
- // ASCII
- return new String(countedOctets);
- }
-
- public byte[] readCountedOctets() throws IOException {
- int len = readOctetsCount();
- if (len == 0) {
- return null;
- }
-
- byte[] data = new byte[len];
- read(data);
-
- return data;
- }
-
- public abstract int readOctetsCount() throws IOException;
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/KrbOutputStream.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/KrbOutputStream.java b/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/KrbOutputStream.java
deleted file mode 100644
index cc54694..0000000
--- a/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/KrbOutputStream.java
+++ /dev/null
@@ -1,66 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb;
-
-import org.apache.kerberos.kerb.spec.KerberosTime;
-import org.apache.kerberos.kerb.spec.common.EncryptionKey;
-import org.apache.kerberos.kerb.spec.common.PrincipalName;
-
-import java.io.DataOutputStream;
-import java.io.IOException;
-import java.io.OutputStream;
-
-public abstract class KrbOutputStream extends DataOutputStream
-{
- public KrbOutputStream(OutputStream out) {
- super(out);
- }
-
- public abstract void writePrincipal(PrincipalName principal, int version) throws IOException;
-
- public void writeRealm(String realm) throws IOException {
- writeCountedString(realm);
- }
-
- public abstract void writeKey(EncryptionKey key, int version) throws IOException;
-
- public void writeTime(KerberosTime ktime) throws IOException {
- int time = 0;
- if (ktime != null) {
- time = (int) (ktime.getValue().getTime() / 1000);
- }
- writeInt(time);
- }
-
- public void writeCountedString(String string) throws IOException {
- byte[] data = string != null ? string.getBytes() : null; // ASCII
-
- writeCountedOctets(data);
- }
-
- public void writeCountedOctets(byte[] data) throws IOException {
- if (data != null) {
- writeInt(data.length);
- write(data);
- } else {
- writeInt(0);
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/ccache/CredCacheInputStream.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/ccache/CredCacheInputStream.java b/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/ccache/CredCacheInputStream.java
deleted file mode 100644
index 97b5780..0000000
--- a/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/ccache/CredCacheInputStream.java
+++ /dev/null
@@ -1,167 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.ccache;
-
-import org.apache.kerberos.kerb.KrbInputStream;
-import org.apache.kerberos.kerb.spec.KerberosTime;
-import org.apache.kerberos.kerb.spec.common.*;
-import org.apache.kerberos.kerb.spec.ticket.Ticket;
-import org.apache.kerberos.kerb.spec.ticket.TicketFlags;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.util.ArrayList;
-import java.util.List;
-
-public class CredCacheInputStream extends KrbInputStream
-{
- public CredCacheInputStream(InputStream in) {
- super(in);
- }
-
- @Override
- public PrincipalName readPrincipal(int version) throws IOException {
- NameType nameType = NameType.NT_UNKNOWN;
- if (version != CredentialCache.FCC_FVNO_1) {
- int typeValue = readInt();
- nameType = NameType.fromValue(typeValue);
- }
-
- int numComponents = readInt();
- if (version == CredentialCache.FCC_FVNO_1) {
- numComponents -= 1;
- }
-
- String realm = readCountedString();
-
- List<String> nameStrings = new ArrayList<String>();
- String component;
- for (int i = 0; i < numComponents; i++) { // sub 1 if version 0x501
- component = readCountedString();
- nameStrings.add(component);
- }
-
- PrincipalName principal = new PrincipalName(nameStrings, nameType);
- principal.setRealm(realm);
-
- return principal;
- }
-
- public EncryptionKey readKey(int version) throws IOException {
- if (version == CredentialCache.FCC_FVNO_3) {
- readShort(); // ignore keytype
- }
-
- return super.readKey(version);
- }
-
- public KerberosTime[] readTimes() throws IOException {
- KerberosTime[] times = new KerberosTime[4];
-
- for (int i = 0; i < times.length; ++i) {
- times[i] = readTime();
- }
-
- return times;
- }
-
- public boolean readIsSkey() throws IOException {
- int value = readByte();
- return value == 1 ? true : false;
- }
-
- public HostAddresses readAddr() throws IOException {
- int numAddresses = readInt();
- if (numAddresses <= 0) {
- return null;
- }
-
- HostAddress[] addresses = new HostAddress[numAddresses];
- for (int i = 0; i < numAddresses; i++) {
- addresses[i] = readAddress();
- }
-
- HostAddresses result = new HostAddresses();
- result.addElements(addresses);
- return result;
- }
-
- public HostAddress readAddress() throws IOException {
- int typeValue = readShort();
- HostAddrType addrType = HostAddrType.fromValue(typeValue);
- byte[] addrData = readCountedOctets();
-
- HostAddress addr = new HostAddress();
- addr.setAddrType(addrType);
- addr.setAddress(addrData);
-
- return addr;
- }
-
- public AuthorizationData readAuthzData() throws IOException {
- int numEntries = readInt();
- if (numEntries <= 0) {
- return null;
- }
-
- AuthorizationDataEntry[] authzData = new AuthorizationDataEntry[numEntries];
- for (int i = 0; i < numEntries; i++) {
- authzData[i] = readAuthzDataEntry();
- }
-
- AuthorizationData result = new AuthorizationData();
- result.addElements(authzData);
- return result;
- }
-
- public AuthorizationDataEntry readAuthzDataEntry() throws IOException {
- int typeValue = readShort();
- AuthorizationType authzType = AuthorizationType.fromValue(typeValue);
- byte[] authzData = readCountedOctets();
-
- AuthorizationDataEntry authzEntry = new AuthorizationDataEntry();
- authzEntry.setAuthzType(authzType);
- authzEntry.setAuthzData(authzData);
-
- return authzEntry;
- }
-
- @Override
- public int readOctetsCount() throws IOException {
- return readInt();
- }
-
- public TicketFlags readTicketFlags() throws IOException {
- int flags = readInt();
- TicketFlags tktFlags = new TicketFlags(flags);
- return tktFlags;
- }
-
- public Ticket readTicket() throws IOException {
- byte[] ticketData = readCountedOctets();
- if (ticketData == null) {
- return null;
- }
-
- Ticket ticket = new Ticket();
- ticket.decode(ticketData);
- return ticket;
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/ccache/CredCacheOutputStream.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/ccache/CredCacheOutputStream.java b/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/ccache/CredCacheOutputStream.java
deleted file mode 100644
index 2f5ecb8..0000000
--- a/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/ccache/CredCacheOutputStream.java
+++ /dev/null
@@ -1,123 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.ccache;
-
-import org.apache.kerberos.kerb.KrbOutputStream;
-import org.apache.kerberos.kerb.spec.KerberosTime;
-import org.apache.kerberos.kerb.spec.common.*;
-import org.apache.kerberos.kerb.spec.ticket.Ticket;
-import org.apache.kerberos.kerb.spec.ticket.TicketFlags;
-
-import java.io.IOException;
-import java.io.OutputStream;
-import java.util.List;
-
-public class CredCacheOutputStream extends KrbOutputStream
-{
- public CredCacheOutputStream(OutputStream out) {
- super(out);
- }
-
- @Override
- public void writePrincipal(PrincipalName principal, int version) throws IOException {
- List<String> nameComponents = principal.getNameStrings();
-
- if (version != CredentialCache.FCC_FVNO_1) {
- writeInt(principal.getNameType().getValue());
- }
-
- int numComponents = nameComponents.size();
- if (version == CredentialCache.FCC_FVNO_1) {
- numComponents ++;
- }
- writeInt(numComponents);
-
- writeRealm(principal.getRealm());
-
- for (String nameCom : nameComponents) {
- writeCountedString(nameCom);
- }
- }
-
- @Override
- public void writeKey(EncryptionKey key, int version) throws IOException {
- writeShort(key.getKeyType().getValue());
- if (version == CredentialCache.FCC_FVNO_3) {
- writeShort(key.getKeyType().getValue());
- }
-
- writeCountedOctets(key.getKeyData());
- }
-
- public void writeTimes(KerberosTime[] times) throws IOException {
- for (int i = 0; i < times.length; ++i) {
- writeTime(times[i]);
- }
- }
-
- public void writeAddresses(HostAddresses addrs) throws IOException {
- if (addrs == null) {
- writeInt(0);
- } else {
- List<HostAddress> addresses = addrs.getElements();
- write(addresses.size());
- for (HostAddress addr : addresses) {
- writeAddress(addr);
- }
- }
- }
-
- public void writeAddress(HostAddress address) throws IOException {
- write(address.getAddrType().getValue());
- write(address.getAddress().length);
- write(address.getAddress(), 0,
- address.getAddress().length);
- }
-
- public void writeAuthzData(AuthorizationData authData) throws IOException {
- if (authData == null) {
- writeInt(0);
- } else {
- for (AuthorizationDataEntry entry : authData.getElements()) {
- write(entry.getAuthzType().getValue());
- write(entry.getAuthzData().length);
- write(entry.getAuthzData());
- }
- }
- }
-
- public void writeTicket(Ticket t) throws IOException {
- if (t == null) {
- writeInt(0);
- } else {
- byte[] bytes = t.encode();
- writeInt(bytes.length);
- write(bytes);
- }
- }
-
- public void writeIsSkey(boolean isEncInSKey) throws IOException {
- writeByte(isEncInSKey ? 1 : 0);
- }
-
- public void writeTicketFlags(TicketFlags ticketFlags) throws IOException {
- writeInt(ticketFlags.getFlags());
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/ccache/Credential.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/ccache/Credential.java b/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/ccache/Credential.java
deleted file mode 100644
index 5a403c8..0000000
--- a/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/ccache/Credential.java
+++ /dev/null
@@ -1,225 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.ccache;
-
-import org.apache.kerberos.kerb.spec.KerberosTime;
-import org.apache.kerberos.kerb.spec.common.AuthorizationData;
-import org.apache.kerberos.kerb.spec.common.EncryptionKey;
-import org.apache.kerberos.kerb.spec.common.HostAddresses;
-import org.apache.kerberos.kerb.spec.common.PrincipalName;
-import org.apache.kerberos.kerb.spec.kdc.EncKdcRepPart;
-import org.apache.kerberos.kerb.spec.ticket.AbstractServiceTicket;
-import org.apache.kerberos.kerb.spec.ticket.TgtTicket;
-import org.apache.kerberos.kerb.spec.ticket.Ticket;
-import org.apache.kerberos.kerb.spec.ticket.TicketFlags;
-
-import java.io.IOException;
-
-public class Credential
-{
- private static String CONF_REALM = "X-CACHECONF:";
-
- private PrincipalName clientName;
- private String clientRealm;
- private PrincipalName serverName;
- private String serverRealm;
- private EncryptionKey key;
- private KerberosTime authTime;
- private KerberosTime startTime;
- private KerberosTime endTime;
- private KerberosTime renewTill;
- private HostAddresses clientAddresses;
- private AuthorizationData authzData;
- private boolean isEncInSKey;
- private TicketFlags ticketFlags;
- private Ticket ticket;
- private Ticket secondTicket;
-
- public Credential() {
-
- }
-
- public Credential(TgtTicket tgt) {
- PrincipalName clientPrincipal = tgt.getClientPrincipal();
-
- clientPrincipal.setRealm(tgt.getRealm());
-
- init(tgt, clientPrincipal);
- }
-
- public Credential(AbstractServiceTicket tkt, PrincipalName clientPrincipal) {
- init(tkt, clientPrincipal);
- }
-
- private void init(AbstractServiceTicket tkt, PrincipalName clientPrincipal) {
- EncKdcRepPart kdcRepPart = tkt.getEncKdcRepPart();
-
- this.serverName = kdcRepPart.getSname();
- this.serverRealm = kdcRepPart.getSrealm();
- this.serverName.setRealm(serverRealm);
-
- this.clientName = clientPrincipal;
-
- this.key = kdcRepPart.getKey();
- this.authTime = kdcRepPart.getAuthTime();
- this.startTime = kdcRepPart.getStartTime();
- this.endTime = kdcRepPart.getEndTime();
-
- this.renewTill = kdcRepPart.getRenewTill();
-
- this.ticketFlags = kdcRepPart.getFlags();
- this.clientAddresses = kdcRepPart.getCaddr();
-
- this.ticket = tkt.getTicket();
-
- this.isEncInSKey = false;
-
- this.secondTicket = null;
- }
-
- public PrincipalName getServicePrincipal() {
- return serverName;
- }
-
- public KerberosTime getAuthTime() {
- return authTime;
- }
-
- public KerberosTime getEndTime() {
- return endTime;
- }
-
- public int getEType() {
- return key.getKeyType().getValue();
- }
-
- public PrincipalName getClientName() {
- return clientName;
- }
-
- public PrincipalName getServerName() {
- return serverName;
- }
-
- public String getClientRealm() {
- return clientRealm;
- }
-
- public EncryptionKey getKey() {
- return key;
- }
-
- public KerberosTime getStartTime() {
- return startTime;
- }
-
- public KerberosTime getRenewTill() {
- return renewTill;
- }
-
- public HostAddresses getClientAddresses() {
- return clientAddresses;
- }
-
- public AuthorizationData getAuthzData() {
- return authzData;
- }
-
- public boolean isEncInSKey() {
- return isEncInSKey;
- }
-
- public TicketFlags getTicketFlags() {
- return ticketFlags;
- }
-
- public Ticket getTicket() {
- return ticket;
- }
-
- public Ticket getSecondTicket() {
- return secondTicket;
- }
-
- public void load(CredCacheInputStream ccis, int version) throws IOException {
- this.clientName = ccis.readPrincipal(version);
- if (clientName == null) {
- throw new IOException("Invalid client principal name");
- }
-
- this.serverName = ccis.readPrincipal(version);
- if (serverName == null) {
- throw new IOException("Invalid server principal name");
- }
-
- boolean isConfEntry = false;
-
- if (serverName.getRealm().equals(CONF_REALM)) {
- isConfEntry = true;
- }
-
- this.key = ccis.readKey(version);
-
- KerberosTime[] times = ccis.readTimes();
- this.authTime = times[0];
- this.startTime = times[1];
- this.endTime = times[2];
- this.renewTill = times[3];
-
- this.isEncInSKey = ccis.readIsSkey();
-
- this.ticketFlags = ccis.readTicketFlags();
-
- this.clientAddresses = ccis.readAddr();
-
- this.authzData = ccis.readAuthzData();
-
- if (isConfEntry) {
- byte[] confData = ccis.readCountedOctets();
- // ignoring confData for now
- } else {
- this.ticket = ccis.readTicket();
- }
-
- this.secondTicket = ccis.readTicket();
-
- // might skip krb5_ccache_conf_data/fast_avail/krbtgt/REALM@REALM in MIT KRB5
- }
-
- public void store(CredCacheOutputStream ccos, int version) throws IOException {
- ccos.writePrincipal(clientName, version);
- ccos.writePrincipal(serverName, version);
- ccos.writeKey(key, version);
-
- ccos.writeTimes(new KerberosTime[]{authTime, startTime, endTime, renewTill});
-
- ccos.writeIsSkey(isEncInSKey);
-
- ccos.writeTicketFlags(ticketFlags);
-
- ccos.writeAddresses(clientAddresses);
-
- ccos.writeAuthzData(authzData);
-
- ccos.writeTicket(ticket);
-
- ccos.writeTicket(secondTicket);
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/ccache/CredentialCache.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/ccache/CredentialCache.java b/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/ccache/CredentialCache.java
deleted file mode 100644
index c71fa0d..0000000
--- a/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/ccache/CredentialCache.java
+++ /dev/null
@@ -1,278 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.ccache;
-
-import org.apache.kerberos.kerb.spec.common.PrincipalName;
-import org.apache.kerberos.kerb.spec.ticket.Ticket;
-
-import java.io.*;
-import java.util.ArrayList;
-import java.util.List;
-
-public class CredentialCache implements KrbCredentialCache
-{
- public static final int FCC_FVNO_1 = 0x501;
- public static final int FCC_FVNO_2 = 0x502;
- public static final int FCC_FVNO_3 = 0x503;
- public static final int FCC_FVNO_4 = 0x504;
-
- public static final int FCC_TAG_DELTATIME = 1;
- public static final int NT_UNKNOWN = 0;
- public static final int MAXNAMELENGTH = 1024;
-
- private int version = FCC_FVNO_4;
- private List<Tag> tags;
- private PrincipalName primaryPrincipal;
- private List<Credential> credentials = new ArrayList<Credential> ();
-
- @Override
- public void store(File ccacheFile) throws IOException {
- OutputStream outputStream = new FileOutputStream(ccacheFile);
-
- store(outputStream);
- }
-
- @Override
- public void store(OutputStream outputStream) throws IOException {
- if (outputStream == null) {
- throw new IllegalArgumentException("Invalid and null output stream");
- }
-
- CredCacheOutputStream ccos = new CredCacheOutputStream(outputStream);
-
- doStore(ccos);
-
- ccos.close();
- }
-
- private void doStore(CredCacheOutputStream ccos) throws IOException {
- this.version = FCC_FVNO_3;
-
- writeVersion(ccos);
-
- if (version == FCC_FVNO_4) {
- writeTags(ccos);
- }
-
- ccos.writePrincipal(primaryPrincipal, version);
-
- for (Credential cred : credentials) {
- cred.store(ccos, version);
- }
- }
-
- @Override
- public void setVersion(int version) {
- this.version = version;
- }
-
- @Override
- public PrincipalName getPrimaryPrincipal() {
- return primaryPrincipal;
- }
-
- @Override
- public void setPrimaryPrincipal(PrincipalName principal) {
- primaryPrincipal = principal;
- }
-
- @Override
- public int getVersion() {
- return version;
- }
-
- public void setTags(List<Tag> tags) {
- this.tags = tags;
- }
-
- public List<Tag> getTags() {
- return this.tags;
- }
-
- @Override
- public List<Credential> getCredentials() {
- return credentials;
- }
-
- @Override
- public void addCredential(Credential credential) {
- if (credential != null) {
- this.credentials.add(credential);
- }
- }
-
- @Override
- public void addCredentials(List<Credential> credentials) {
- if (credentials != null) {
- this.credentials.addAll(credentials);
- }
- }
-
- @Override
- public void removeCredentials(List<Credential> credentials) {
- if (credentials != null) {
- for (Credential cred : credentials) {
- removeCredential(cred);
- }
- }
- }
-
- @Override
- public void removeCredential(Credential credential) {
- if (credential != null) {
- for (Credential cred : credentials) {
- if (cred.equals(credential)) {
- credentials.remove(cred);
- break;
- }
- }
- }
- }
-
- @Override
- public void load(File ccacheFile) throws IOException {
- if (! ccacheFile.exists() || ! ccacheFile.canRead()) {
- throw new IllegalArgumentException("Invalid ccache file: " + ccacheFile.getAbsolutePath());
- }
-
- InputStream inputStream = new FileInputStream(ccacheFile);
-
- load(inputStream);
- }
-
- @Override
- public void load(InputStream inputStream) throws IOException {
- if (inputStream == null) {
- throw new IllegalArgumentException("Invalid and null input stream");
- }
-
- CredCacheInputStream ccis = new CredCacheInputStream(inputStream);
-
- doLoad(ccis);
-
- ccis.close();
- }
-
- private void doLoad(CredCacheInputStream ccis) throws IOException {
- this.version = readVersion(ccis);
-
- this.tags = readTags(ccis);
-
- this.primaryPrincipal = ccis.readPrincipal(version);
-
- this.credentials = readCredentials(ccis);
- }
-
- private List<Credential> readCredentials(CredCacheInputStream ccis) throws IOException {
- List<Credential> results = new ArrayList<Credential>(2);
-
- Credential cred;
- while (ccis.available() > 0) {
- cred = new Credential();
- cred.load(ccis, version);
-
- results.add(cred);
- }
-
- return results;
- }
-
- private int readVersion(CredCacheInputStream ccis) throws IOException {
- int result = ccis.readShort();
- return result;
- }
-
- private List<Tag> readTags(CredCacheInputStream ccis) throws IOException {
- int len = ccis.readShort();
- List<Tag> tags = new ArrayList<Tag>();
-
- int tag, tagLen, time, usec;
- while (len > 0) {
- tag = ccis.readShort();
- tagLen = ccis.readShort();
- switch (tag) {
- case FCC_TAG_DELTATIME:
- time = ccis.readInt();
- usec = ccis.readInt();
- tags.add(new Tag(tag, time, usec));
- break;
- default:
- ccis.read(new byte[tagLen], 0, tagLen); // ignore unknown tag
- }
- len = len - (4 + tagLen);
- }
-
- return tags;
- }
-
- private void writeVersion(CredCacheOutputStream ccos) throws IOException {
- ccos.writeShort(version);
- }
-
- private void writeTags(CredCacheOutputStream ccos) throws IOException {
- if (tags == null) {
- ccos.writeShort(0);
- return;
- }
-
- int length = 0;
- for (Tag tag : tags) {
- if (tag.tag != FCC_TAG_DELTATIME) {
- continue;
- }
- length += tag.length;
- }
- ccos.writeShort(length);
-
- for (Tag tag : tags) {
- if (tag.tag != CredentialCache.FCC_TAG_DELTATIME) {
- continue;
- }
- writeTag(ccos, tag);
- }
- }
-
- private void writeTag(CredCacheOutputStream ccos, Tag tag) throws IOException {
- ccos.writeShort(tag.tag);
- ccos.writeShort(tag.length);
- ccos.writeInt(tag.time);
- ccos.writeInt(tag.usec);
- }
-
- public static void main(String[] args) throws IOException {
- if (args.length != 2) {
- System.err.println("Dump credential cache file");
- System.err.println("Usage: CredentialCache <ccache-file>");
- System.exit(1);
- }
-
- String cacheFile = args[1];
- CredentialCache cc = new CredentialCache();
- cc.load(new File(cacheFile));
-
- Ticket tkt;
- for (Credential cred : cc.getCredentials()) {
- tkt = cred.getTicket();
- System.out.println("Tkt server name: " + tkt.getSname().getName());
- System.out.println("Tkt client name: " + cred.getClientName().getName());
- System.out.println("Tkt encrypt type: " + tkt.getEncryptedEncPart().getEType().getName());
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/ccache/KrbCredentialCache.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/ccache/KrbCredentialCache.java b/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/ccache/KrbCredentialCache.java
deleted file mode 100644
index 864501d..0000000
--- a/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/ccache/KrbCredentialCache.java
+++ /dev/null
@@ -1,57 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.ccache;
-
-import org.apache.kerberos.kerb.spec.common.PrincipalName;
-
-import java.io.File;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-import java.util.List;
-
-public interface KrbCredentialCache {
-
- public PrincipalName getPrimaryPrincipal();
-
- public void setPrimaryPrincipal(PrincipalName principal);
-
- public int getVersion();
-
- public void setVersion(int version);
-
- public List<Credential> getCredentials();
-
- public void addCredential(Credential credential);
-
- public void addCredentials(List<Credential> credentials);
-
- public void removeCredentials(List<Credential> credentials);
-
- public void removeCredential(Credential credential);
-
- public void load(File ccacheFile) throws IOException;
-
- public void load(InputStream inputStream) throws IOException;
-
- public void store(File ccacheFile) throws IOException;
-
- public void store(OutputStream outputStream) throws IOException;
-}
http://git-wip-us.apache.org/repos/asf/directory-kerberos/blob/7d9261af/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/ccache/Tag.java
----------------------------------------------------------------------
diff --git a/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/ccache/Tag.java b/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/ccache/Tag.java
deleted file mode 100644
index 668f9d3..0000000
--- a/haox-kerb/kerb-util/src/main/java/org/apache/kerberos/kerb/ccache/Tag.java
+++ /dev/null
@@ -1,34 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.kerberos.kerb.ccache;
-
-public class Tag {
- int tag = 0;
- int tagLen = 8;
- int time = 0;
- int usec = 0;
- int length = 2 + 2 + 8; // len(tag) + len(tagLen) + len(tagData);
-
- public Tag(int tag, int time, int usec) {
- this.tag = tag;
- this.time = time;
- this.usec = usec;
- }
-}