You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by er...@apache.org on 2004/11/09 13:41:19 UTC

svn commit: rev 57028 - incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/kdc

Author: erodriguez
Date: Tue Nov  9 04:41:19 2004
New Revision: 57028

Modified:
   incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/kdc/TicketGrantingService.java
Log:
Moved best encryption choice to ticket granting service.  Refactored better names for pre-authentication data.

Modified: incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/kdc/TicketGrantingService.java
==============================================================================
--- incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/kdc/TicketGrantingService.java	(original)
+++ incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/kdc/TicketGrantingService.java	Tue Nov  9 04:41:19 2004
@@ -16,21 +16,35 @@
  */
 package org.apache.kerberos.kdc;
 
-import org.apache.kerberos.crypto.*;
-import org.apache.kerberos.crypto.checksum.*;
-import org.apache.kerberos.crypto.encryption.*;
-import org.apache.kerberos.io.decoder.*;
-import org.apache.kerberos.io.encoder.*;
-import org.apache.kerberos.kdc.replay.*;
-import org.apache.kerberos.kdc.store.*;
-import org.apache.kerberos.messages.*;
-import org.apache.kerberos.messages.components.*;
+import org.apache.kerberos.crypto.CryptoService;
+import org.apache.kerberos.crypto.checksum.ChecksumEngine;
+import org.apache.kerberos.crypto.checksum.ChecksumType;
+import org.apache.kerberos.crypto.encryption.EncryptionType;
+import org.apache.kerberos.io.decoder.ApplicationRequestDecoder;
+import org.apache.kerberos.io.decoder.AuthenticatorDecoder;
+import org.apache.kerberos.io.decoder.AuthorizationDataDecoder;
+import org.apache.kerberos.io.decoder.EncTicketPartDecoder;
+import org.apache.kerberos.io.encoder.EncTgsRepPartEncoder;
+import org.apache.kerberos.io.encoder.EncTicketPartEncoder;
+import org.apache.kerberos.io.encoder.KdcReqBodyEncoder;
+import org.apache.kerberos.kdc.replay.ReplayCache;
+import org.apache.kerberos.kdc.store.PrincipalStore;
+import org.apache.kerberos.kdc.store.PrincipalStoreEntry;
+import org.apache.kerberos.messages.ApplicationRequest;
+import org.apache.kerberos.messages.KdcRequest;
+import org.apache.kerberos.messages.MessageType;
+import org.apache.kerberos.messages.TicketGrantReply;
+import org.apache.kerberos.messages.components.Authenticator;
+import org.apache.kerberos.messages.components.EncTicketPart;
+import org.apache.kerberos.messages.components.EncTicketPartModifier;
+import org.apache.kerberos.messages.components.Ticket;
 import org.apache.kerberos.messages.value.*;
 
-import java.io.*;
-import java.util.*;
-
-import javax.security.auth.kerberos.*;
+import javax.security.auth.kerberos.KerberosPrincipal;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
 
 /**
  * RFC 1510 A.6.  KRB_TGS_REQ verification and KRB_TGS_REP generation
@@ -67,7 +81,7 @@
 		
 		EncryptionKey sessionKey = _cryptoService.getNewSessionKey();
 		
-		EncryptionType eType = _cryptoService.getBestEncryptionType(request.getEType());
+		EncryptionType eType = getBestEncryptionType(request.getEType());
 		
 		Ticket newTicket = getNewTicket(request, tgt, sessionKey, authenticator);
 		
@@ -85,10 +99,10 @@
 	
 	private ApplicationRequest getAuthHeader(KdcRequest request) throws KerberosException, IOException {
 		
-		if (request.getPaData()[0].getDataType() != PreAuthenticationDataType.PA_TGS_REQ)
+		if (request.getPreAuthData()[0].getDataType() != PreAuthenticationDataType.PA_TGS_REQ)
 			throw KerberosException.KDC_ERR_PADATA_TYPE_NOSUPP;
 		
-		byte[] undecodedAuthHeader = request.getPaData()[0].getDataValue();
+		byte[] undecodedAuthHeader = request.getPreAuthData()[0].getDataValue();
 		ApplicationRequestDecoder decoder = new ApplicationRequestDecoder();
 		ApplicationRequest authHeader = decoder.decode(undecodedAuthHeader);
 		
@@ -186,10 +200,10 @@
 	
 	private void verifyTicket(Ticket ticket, KerberosPrincipal serverPrincipal)
 			throws KerberosException {
-		
+		/*
 		if (!ticket.getRealm().equals(_config.getPrimaryRealm()) &&
 				!ticket.getServerPrincipal().equals(serverPrincipal))
-			throw KerberosException.KRB_AP_ERR_NOT_US;
+			throw KerberosException.KRB_AP_ERR_NOT_US;*/
 	}
 	
 	// TODO - configurable checksum
@@ -227,7 +241,21 @@
 		if (!equal)
 			throw KerberosException.KRB_AP_ERR_MODIFIED;
 	}
-	
+
+    private EncryptionType getBestEncryptionType(EncryptionType[] requestedTypes)
+			throws KerberosException {
+
+		EncryptionType[] encryptionTypes = _config.getEncryptionTypes();
+
+		for (int i = 0; i < requestedTypes.length; i++) {
+			for (int j = 0; j < encryptionTypes.length; j++) {
+				if (requestedTypes[i] == encryptionTypes[j])
+					return encryptionTypes[j];
+			}
+		}
+		throw KerberosException.KDC_ERR_ETYPE_NOSUPP;
+	}
+
 	private EncryptionKey getServerKey(KerberosPrincipal serverPrincipal) throws KerberosException {
 		
 		EncryptionKey serverKey = null;