You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by ak...@apache.org on 2005/02/02 08:13:00 UTC
svn commit: r149493 - in incubator/directory:
apacheds/trunk/core/src/main/schema/
kerberos/trunk/core/src/java/org/apache/kerberos/kdc/store/
kerberos/trunk/core/src/java/org/apache/kerberos/sam/
ldap/trunk/apache-provider/src/java/org/apache/ldap/common/berlib/asn1/
Author: akarasulu
Date: Tue Feb 1 23:12:58 2005
New Revision: 149493
URL: http://svn.apache.org/viewcvs?view=rev&rev=149493
Log:
changes ...
o added sam type to apache schema
o made store lookup and populate the SamType using apacheSamType
- this is added in addition to the extensibleObject objectClass value
o sam subsystem now performs additional checks to make sure input is correct
o the subsystem also caches instances of verifiers
Modified:
incubator/directory/apacheds/trunk/core/src/main/schema/apache.schema
incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/store/EmbeddedEveStore.java
incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/store/PrincipalStoreEntry.java
incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/store/PrincipalStoreEntryModifier.java
incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/sam/SamSubsystem.java
incubator/directory/ldap/trunk/apache-provider/src/java/org/apache/ldap/common/berlib/asn1/SnickersEncoder.java
Modified: incubator/directory/apacheds/trunk/core/src/main/schema/apache.schema
URL: http://svn.apache.org/viewcvs/incubator/directory/apacheds/trunk/core/src/main/schema/apache.schema?view=diff&r1=149492&r2=149493
==============================================================================
--- incubator/directory/apacheds/trunk/core/src/main/schema/apache.schema (original)
+++ incubator/directory/apacheds/trunk/core/src/main/schema/apache.schema Tue Feb 1 23:12:58 2005
@@ -71,6 +71,12 @@
NO-USER-MODIFICATION
USAGE dSAOperation )
+attributetype ( 1.2.6.1.4.1.18060.1.1.1.3.9 NAME 'apacheSamType'
+ DESC 'Single-use Authentication Mechanism type/vendor code'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+
attributetype ( 1.2.6.1.4.1.18060.1.1.1.3.8 NAME 'prefNodeName'
DESC 'Attribute to describe the name of a Java Preferences API node'
EQUALITY caseExactMatch
Modified: incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/store/EmbeddedEveStore.java
URL: http://svn.apache.org/viewcvs/incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/store/EmbeddedEveStore.java?view=diff&r1=149492&r2=149493
==============================================================================
--- incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/store/EmbeddedEveStore.java (original)
+++ incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/store/EmbeddedEveStore.java Tue Feb 1 23:12:58 2005
@@ -32,6 +32,7 @@
import javax.security.auth.kerberos.KerberosPrincipal;
import org.apache.kerberos.kdc.KerberosException;
+import org.apache.kerberos.sam.SamType;
import org.apache.ldap.common.ldif.LdifIterator;
import org.apache.ldap.common.ldif.LdifParser;
import org.apache.ldap.common.ldif.LdifParserImpl;
@@ -305,6 +306,7 @@
return null;
}
}
+
/**
* Marshals an a PrincipalStoreEntry from an Attributes object.
@@ -316,15 +318,30 @@
private PrincipalStoreEntry getEntry( Attributes attrs ) throws NamingException
{
PrincipalStoreEntryModifier modifier = new PrincipalStoreEntryModifier();
- String principal = (String) attrs.get( PRINCIPAL_ATTR ).get();
- String encryptionType = (String) attrs.get( TYPE_ATTR ).get();
- String keyVersionNumber = (String) attrs.get( VERSION_ATTR ).get();
+
+ String principal = ( String ) attrs.get( PRINCIPAL_ATTR ).get();
+
+ String encryptionType = ( String ) attrs.get( TYPE_ATTR ).get();
+
+ String keyVersionNumber = ( String ) attrs.get( VERSION_ATTR ).get();
+
+ if ( attrs.get( "apacheSamType" ) != null )
+ {
+ String samType = ( String ) attrs.get( "apacheSamType" ).get();
+
+ modifier.setSamType( SamType.getTypeByOrdinal( Integer.parseInt( samType ) ) );
+ }
+
byte[] keyBytes = (byte[]) attrs.get( KEY_ATTR ).get();
modifier.setPrincipal( new KerberosPrincipal( principal ) );
+
modifier.setEncryptionType( Integer.parseInt( encryptionType ) );
+
modifier.setKeyVersionNumber( Integer.parseInt( keyVersionNumber ) );
+
modifier.setKey( keyBytes );
+
return modifier.getEntry();
}
}
Modified: incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/store/PrincipalStoreEntry.java
URL: http://svn.apache.org/viewcvs/incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/store/PrincipalStoreEntry.java?view=diff&r1=149492&r2=149493
==============================================================================
--- incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/store/PrincipalStoreEntry.java (original)
+++ incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/store/PrincipalStoreEntry.java Tue Feb 1 23:12:58 2005
@@ -35,7 +35,7 @@
private int _maxLife;
private int _maxRenew;
private int _kdcFlags;
- private SamType samType = SamType.PA_SAM_TYPE_APACHE;
+ private SamType samType = null;
private EncryptionKey _key;
private String _realmName;
@@ -43,7 +43,7 @@
PrincipalStoreEntry(String commonName, KerberosPrincipal principal,
int keyVersionNumber, KerberosTime validStart, KerberosTime validEnd,
KerberosTime passwordEnd, int maxLife, int maxRenew, int kdcFlags,
- int keyType, byte[] key, String realmName) {
+ int keyType, byte[] key, String realmName, SamType samType) {
_commonName = commonName;
_principal = principal;
@@ -54,7 +54,9 @@
_maxRenew = maxRenew;
_kdcFlags = kdcFlags;
_realmName = realmName;
-
+
+ this.samType = samType;
+
_key = new EncryptionKey(EncryptionType.getTypeByOrdinal(keyType), key, keyVersionNumber);
}
Modified: incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/store/PrincipalStoreEntryModifier.java
URL: http://svn.apache.org/viewcvs/incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/store/PrincipalStoreEntryModifier.java?view=diff&r1=149492&r2=149493
==============================================================================
--- incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/store/PrincipalStoreEntryModifier.java (original)
+++ incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/store/PrincipalStoreEntryModifier.java Tue Feb 1 23:12:58 2005
@@ -17,6 +17,7 @@
package org.apache.kerberos.kdc.store;
import org.apache.kerberos.messages.value.*;
+import org.apache.kerberos.sam.SamType;
import javax.security.auth.kerberos.*;
@@ -36,6 +37,7 @@
private int _maxRenew;
private int _kdcFlags;
private int _encryptionType;
+ private SamType samType;
private byte[] _key;
private String _realmName;
@@ -43,7 +45,7 @@
public PrincipalStoreEntry getEntry() {
return new PrincipalStoreEntry(_commonName, _principal, _keyVersionNumber,
_validStart, _validEnd, _passwordEnd, _maxLife, _maxRenew,
- _kdcFlags, _encryptionType, _key, _realmName);
+ _kdcFlags, _encryptionType, _key, _realmName, samType);
}
public void setCommonName(String commonName) {
@@ -79,8 +81,13 @@
public void setValidEnd(KerberosTime validEnd) {
_validEnd = validEnd;
}
- public void setValidStart(KerberosTime validStart) {
- _validStart = validStart;
- }
+ public void setValidStart(KerberosTime validStart) {
+ _validStart = validStart;
+ }
+
+ public void setSamType( SamType samType )
+ {
+ this.samType = samType;
+ }
}
Modified: incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/sam/SamSubsystem.java
URL: http://svn.apache.org/viewcvs/incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/sam/SamSubsystem.java?view=diff&r1=149492&r2=149493
==============================================================================
--- incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/sam/SamSubsystem.java (original)
+++ incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/sam/SamSubsystem.java Tue Feb 1 23:12:58 2005
@@ -17,6 +17,8 @@
package org.apache.kerberos.sam;
+import java.util.HashMap;
+
import org.apache.kerberos.kdc.store.PrincipalStoreEntry;
@@ -32,6 +34,9 @@
/** the property key base used for SAM algorithm verifiers */
public static final String PROPKEY_BASE = "kerberos.sam.type.";
+ /** a map of verifiers so we do not need to create a new one every time */
+ private static final HashMap verifiers = new HashMap();
+
/**
* Uses the principal entry information to load the approapriate SamVerifier
@@ -45,11 +50,29 @@
*/
public static boolean verify( PrincipalStoreEntry entry, String sup ) throws SamException
{
+ SamVerifier verifier = null;
+
+ if ( entry.getSamType() == null )
+ {
+ throw new SamException( entry.getSamType(), "Entry has null SAM type" );
+ }
+
+ if ( verifiers.containsKey( entry.getSamType() ) )
+ {
+ verifier = ( SamVerifier ) verifiers.get( entry.getSamType() );
+
+ String user = entry.getPrincipal().getName();
+
+ return verifier.verify( user, entry.getRealmName(), sup );
+ }
+
String key = PROPKEY_BASE + entry.getSamType().getOrdinal();
if ( System.getProperties().containsKey( key ) )
{
- throw new SamException( entry.getSamType(), "Could not find property '" + key + "'" );
+ String msg = "Could not find property '" + key + "'";
+
+ throw new SamException( entry.getSamType(), msg );
}
String fqcn = System.getProperty( key );
@@ -58,9 +81,20 @@
{
Class c = Class.forName( fqcn );
- SamVerifier verifier = ( SamVerifier ) c.newInstance();
+ verifier = ( SamVerifier ) c.newInstance();
+
+ if ( ! verifier.getSamType().equals( entry.getSamType() ) )
+ {
+ String msg = "Expecting entries with SAM type of " + verifier.getSamType();
+
+ msg += " but got a type of entry with SAM type of " + entry.getSamType();
+
+ throw new SamException( entry.getSamType(), msg );
+ }
String user = entry.getPrincipal().getName();
+
+ verifiers.put( verifier.getSamType(), verifier );
return verifier.verify( user, entry.getRealmName(), sup );
}
Modified: incubator/directory/ldap/trunk/apache-provider/src/java/org/apache/ldap/common/berlib/asn1/SnickersEncoder.java
URL: http://svn.apache.org/viewcvs/incubator/directory/ldap/trunk/apache-provider/src/java/org/apache/ldap/common/berlib/asn1/SnickersEncoder.java?view=diff&r1=149492&r2=149493
==============================================================================
--- incubator/directory/ldap/trunk/apache-provider/src/java/org/apache/ldap/common/berlib/asn1/SnickersEncoder.java (original)
+++ incubator/directory/ldap/trunk/apache-provider/src/java/org/apache/ldap/common/berlib/asn1/SnickersEncoder.java Tue Feb 1 23:12:58 2005
@@ -22,14 +22,9 @@
import org.apache.asn1.codec.stateful.EncoderCallback;
import org.apache.asn1.codec.stateful.StatefulEncoder;
import org.apache.asn1.codec.stateful.EncoderMonitor;
-import org.apache.asn1.codec.stateful.StatefulEncoder;
-import org.apache.asn1.codec.EncoderException;
import org.apache.asn1.codec.EncoderException;
import org.apache.asn1.ber.digester.rules.ByteAccumulator;
import org.apache.ldap.common.berlib.asn1.encoder.SnickersLdapEncoder;
-import org.apache.ldap.common.berlib.asn1.encoder.SnickersLdapEncoder;
-import org.apache.ldap.common.berlib.asn1.BufferUtils;
-import org.apache.asn1.ber.digester.rules.ByteAccumulator;
import java.io.OutputStream;
import java.io.IOException;