You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by er...@apache.org on 2007/05/03 03:36:56 UTC
svn commit: r534677 - in
/directory/apacheds/branches/kerberos-encryption-types/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc:
./ authentication/ ticketgrant/
Author: erodriguez
Date: Wed May 2 18:36:54 2007
New Revision: 534677
URL: http://svn.apache.org/viewvc?view=rev&rev=534677
Log:
Enhancements to encryption type flexibility to support DES, DES3, RC4-HMAC, and AES:
o KdcContext modified to support session encryption type.
o Overhauled encryption type selection and addition to context.
o Added encryption type selection to AS and TGS services.
o Modified session key selection to use session encryption type.
Modified:
directory/apacheds/branches/kerberos-encryption-types/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/KdcContext.java
directory/apacheds/branches/kerberos-encryption-types/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/SelectEncryptionType.java
directory/apacheds/branches/kerberos-encryption-types/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationServiceChain.java
directory/apacheds/branches/kerberos-encryption-types/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/GetSessionKey.java
directory/apacheds/branches/kerberos-encryption-types/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/GetSessionKey.java
directory/apacheds/branches/kerberos-encryption-types/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/TicketGrantingServiceChain.java
Modified: directory/apacheds/branches/kerberos-encryption-types/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/KdcContext.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/kerberos-encryption-types/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/KdcContext.java?view=diff&rev=534677&r1=534676&r2=534677
==============================================================================
--- directory/apacheds/branches/kerberos-encryption-types/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/KdcContext.java (original)
+++ directory/apacheds/branches/kerberos-encryption-types/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/KdcContext.java Wed May 2 18:36:54 2007
@@ -23,6 +23,7 @@
import java.net.InetAddress;
import org.apache.directory.server.kerberos.shared.crypto.encryption.CipherTextHandler;
+import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
import org.apache.directory.server.kerberos.shared.messages.KdcRequest;
import org.apache.directory.server.kerberos.shared.messages.KerberosMessage;
import org.apache.directory.server.kerberos.shared.store.PrincipalStore;
@@ -42,6 +43,7 @@
private KerberosMessage reply;
private InetAddress clientAddress;
private CipherTextHandler cipherTextHandler;
+ private EncryptionType encryptionType;
/**
@@ -149,5 +151,27 @@
public void setCipherTextHandler( CipherTextHandler cipherTextHandler )
{
this.cipherTextHandler = cipherTextHandler;
+ }
+
+
+ /**
+ * Returns the encryption type to use for this session.
+ *
+ * @return The encryption type.
+ */
+ public EncryptionType getEncryptionType()
+ {
+ return encryptionType;
+ }
+
+
+ /**
+ * Sets the encryption type to use for this session.
+ *
+ * @param encryptionType The encryption type to set.
+ */
+ public void setEncryptionType( EncryptionType encryptionType )
+ {
+ this.encryptionType = encryptionType;
}
}
Modified: directory/apacheds/branches/kerberos-encryption-types/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/SelectEncryptionType.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/kerberos-encryption-types/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/SelectEncryptionType.java?view=diff&rev=534677&r1=534676&r2=534677
==============================================================================
--- directory/apacheds/branches/kerberos-encryption-types/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/SelectEncryptionType.java (original)
+++ directory/apacheds/branches/kerberos-encryption-types/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/SelectEncryptionType.java Wed May 2 18:36:54 2007
@@ -25,6 +25,8 @@
import org.apache.directory.server.kerberos.shared.exceptions.KerberosException;
import org.apache.mina.common.IoSession;
import org.apache.mina.handler.chain.IoHandlerCommand;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
/**
@@ -33,8 +35,12 @@
*/
public class SelectEncryptionType implements IoHandlerCommand
{
+ /** The log for this class. */
+ private static final Logger log = LoggerFactory.getLogger( SelectEncryptionType.class );
+
private String contextKey = "context";
+
public void execute( NextCommand next, IoSession session, Object message ) throws Exception
{
KdcContext kdcContext = ( KdcContext ) session.getAttribute( getContextKey() );
@@ -44,11 +50,15 @@
EncryptionType bestType = getBestEncryptionType( requestedTypes, config.getEncryptionTypes() );
+ log.debug( "Session will use encryption type " + bestType );
+
if ( bestType == null )
{
throw new KerberosException( ErrorType.KDC_ERR_ETYPE_NOSUPP );
}
+ kdcContext.setEncryptionType( bestType );
+
next.execute( session, message );
}
@@ -70,7 +80,7 @@
}
- public String getContextKey()
+ protected String getContextKey()
{
return ( this.contextKey );
}
Modified: directory/apacheds/branches/kerberos-encryption-types/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationServiceChain.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/kerberos-encryption-types/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationServiceChain.java?view=diff&rev=534677&r1=534676&r2=534677
==============================================================================
--- directory/apacheds/branches/kerberos-encryption-types/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationServiceChain.java (original)
+++ directory/apacheds/branches/kerberos-encryption-types/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationServiceChain.java Wed May 2 18:36:54 2007
@@ -21,6 +21,7 @@
import org.apache.directory.server.kerberos.kdc.MonitorRequest;
+import org.apache.directory.server.kerberos.kdc.SelectEncryptionType;
import org.apache.directory.server.kerberos.kdc.preauthentication.PreAuthenticationChain;
import org.apache.mina.handler.chain.IoHandlerChain;
@@ -35,6 +36,7 @@
{
addLast( "monitorRequest", new MonitorRequest() );
addLast( "configureAuthenticationChain", new ConfigureAuthenticationChain() );
+ addLast( "selectEncryptionType", new SelectEncryptionType() );
addLast( "getClientEntry", new GetClientEntry() );
addLast( "verifyPolicy", new VerifyPolicy() );
addLast( "preAuthenticationChain", new PreAuthenticationChain() );
Modified: directory/apacheds/branches/kerberos-encryption-types/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/GetSessionKey.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/kerberos-encryption-types/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/GetSessionKey.java?view=diff&rev=534677&r1=534676&r2=534677
==============================================================================
--- directory/apacheds/branches/kerberos-encryption-types/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/GetSessionKey.java (original)
+++ directory/apacheds/branches/kerberos-encryption-types/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/GetSessionKey.java Wed May 2 18:36:54 2007
@@ -39,7 +39,7 @@
public void execute( NextCommand next, IoSession session, Object message ) throws Exception
{
AuthenticationContext authContext = ( AuthenticationContext ) session.getAttribute( getContextKey() );
- authContext.setSessionKey( SessionKeyFactory.getSessionKey() );
+ authContext.setSessionKey( SessionKeyFactory.getSessionKey( authContext.getEncryptionType() ) );
next.execute( session, message );
}
Modified: directory/apacheds/branches/kerberos-encryption-types/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/GetSessionKey.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/kerberos-encryption-types/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/GetSessionKey.java?view=diff&rev=534677&r1=534676&r2=534677
==============================================================================
--- directory/apacheds/branches/kerberos-encryption-types/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/GetSessionKey.java (original)
+++ directory/apacheds/branches/kerberos-encryption-types/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/GetSessionKey.java Wed May 2 18:36:54 2007
@@ -40,7 +40,7 @@
public void execute( NextCommand next, IoSession session, Object message ) throws Exception
{
AuthenticationContext authContext = ( AuthenticationContext ) session.getAttribute( getContextKey() );
- authContext.setSessionKey( SessionKeyFactory.getSessionKey() );
+ authContext.setSessionKey( SessionKeyFactory.getSessionKey( authContext.getEncryptionType() ) );
next.execute( session, message );
}
Modified: directory/apacheds/branches/kerberos-encryption-types/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/TicketGrantingServiceChain.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/kerberos-encryption-types/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/TicketGrantingServiceChain.java?view=diff&rev=534677&r1=534676&r2=534677
==============================================================================
--- directory/apacheds/branches/kerberos-encryption-types/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/TicketGrantingServiceChain.java (original)
+++ directory/apacheds/branches/kerberos-encryption-types/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/TicketGrantingServiceChain.java Wed May 2 18:36:54 2007
@@ -22,6 +22,7 @@
import org.apache.directory.server.kerberos.kdc.MonitorReply;
import org.apache.directory.server.kerberos.kdc.MonitorRequest;
+import org.apache.directory.server.kerberos.kdc.SelectEncryptionType;
import org.apache.mina.handler.chain.IoHandlerChain;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -47,6 +48,7 @@
}
addLast( "configureTicketGrantingChain", new ConfigureTicketGrantingChain() );
+ addLast( "selectEncryptionType", new SelectEncryptionType() );
addLast( "getAuthHeader", new GetAuthHeader() );
addLast( "verifyTgt", new VerifyTgt() );
addLast( "getTicketPrincipalEntry", new GetTicketPrincipalEntry() );