You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by er...@apache.org on 2007/05/26 08:46:26 UTC
svn commit: r541864 - in
/directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/io:
decoder/KdcReplyDecoder.java encoder/KdcReqBodyEncoder.java
encoder/KdcRequestEncoder.java
Author: erodriguez
Date: Fri May 25 23:46:25 2007
New Revision: 541864
URL: http://svn.apache.org/viewvc?view=rev&rev=541864
Log:
Added ASN.1 codec support for the client side of KDC request-response pairs.
Added:
directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/io/decoder/KdcReplyDecoder.java (with props)
directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/io/encoder/KdcRequestEncoder.java (contents, props changed)
- copied, changed from r541561, directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/io/encoder/KdcReqBodyEncoder.java
Removed:
directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/io/encoder/KdcReqBodyEncoder.java
Added: directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/io/decoder/KdcReplyDecoder.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/io/decoder/KdcReplyDecoder.java?view=auto&rev=541864
==============================================================================
--- directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/io/decoder/KdcReplyDecoder.java (added)
+++ directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/io/decoder/KdcReplyDecoder.java Fri May 25 23:46:25 2007
@@ -0,0 +1,134 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.server.kerberos.shared.io.decoder;
+
+
+import java.io.IOException;
+import java.nio.ByteBuffer;
+import java.util.Enumeration;
+
+import javax.security.auth.kerberos.KerberosPrincipal;
+
+import org.apache.directory.server.kerberos.shared.messages.KdcReply;
+import org.apache.directory.server.kerberos.shared.messages.MessageType;
+import org.apache.directory.server.kerberos.shared.messages.components.Ticket;
+import org.apache.directory.server.kerberos.shared.messages.value.EncryptedData;
+import org.apache.directory.server.kerberos.shared.messages.value.KerberosPrincipalModifier;
+import org.apache.directory.server.kerberos.shared.messages.value.PreAuthenticationData;
+import org.apache.directory.shared.asn1.der.ASN1InputStream;
+import org.apache.directory.shared.asn1.der.DERApplicationSpecific;
+import org.apache.directory.shared.asn1.der.DEREncodable;
+import org.apache.directory.shared.asn1.der.DERGeneralString;
+import org.apache.directory.shared.asn1.der.DERInteger;
+import org.apache.directory.shared.asn1.der.DERSequence;
+import org.apache.directory.shared.asn1.der.DERTaggedObject;
+
+
+/**
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev: 540371 $, $Date: 2007-05-21 17:00:43 -0700 (Mon, 21 May 2007) $
+ */
+public class KdcReplyDecoder
+{
+ /**
+ * Decodes a {@link ByteBuffer} into a {@link KdcReply}.
+ *
+ * AS-REP ::= [APPLICATION 11] KDC-REP
+ * TGS-REP ::= [APPLICATION 13] KDC-REP
+ *
+ * @param in
+ * @return The {@link KdcReply}.
+ * @throws IOException
+ */
+ public KdcReply decode( ByteBuffer in ) throws IOException
+ {
+ ASN1InputStream ais = new ASN1InputStream( in );
+
+ DERApplicationSpecific app = ( DERApplicationSpecific ) ais.readObject();
+
+ DERSequence kdcreq = ( DERSequence ) app.getObject();
+
+ return decodeKdcReplySequence( kdcreq );
+ }
+
+
+ /*
+ KDC-REP ::= SEQUENCE {
+ pvno[0] INTEGER,
+ msg-type[1] INTEGER,
+ padata[2] SEQUENCE OF PA-DATA OPTIONAL,
+ crealm[3] Realm,
+ cname[4] PrincipalName,
+ ticket[5] Ticket,
+ enc-part[6] EncryptedData
+ }*/
+ private KdcReply decodeKdcReplySequence( DERSequence sequence ) throws IOException
+ {
+ MessageType msgType = MessageType.NULL;
+ PreAuthenticationData[] paData = null;
+ Ticket ticket = null;
+ EncryptedData encPart = null;
+
+ KerberosPrincipalModifier modifier = new KerberosPrincipalModifier();
+
+ for ( Enumeration e = sequence.getObjects(); e.hasMoreElements(); )
+ {
+ DERTaggedObject object = ( DERTaggedObject ) e.nextElement();
+ int tag = object.getTagNo();
+ DEREncodable derObject = object.getObject();
+
+ switch ( tag )
+ {
+ case 0:
+ // DERInteger tag0 = ( DERInteger ) derObject;
+ // int pvno = tag0.intValue();
+ break;
+ case 1:
+ DERInteger tag1 = ( DERInteger ) derObject;
+ msgType = MessageType.getTypeByOrdinal( tag1.intValue() );
+ break;
+ case 2:
+ DERSequence tag2 = ( DERSequence ) derObject;
+ paData = PreAuthenticationDataDecoder.decodeSequence( tag2 );
+ break;
+ case 3:
+ DERGeneralString tag3 = ( DERGeneralString ) derObject;
+ modifier.setRealm( tag3.getString() );
+ break;
+ case 4:
+ DERSequence tag4 = ( DERSequence ) derObject;
+ modifier.setPrincipalName( PrincipalNameDecoder.decode( tag4 ) );
+ break;
+ case 5:
+ DERApplicationSpecific tag5 = ( DERApplicationSpecific ) derObject;
+ ticket = TicketDecoder.decode( tag5 );
+ break;
+ case 6:
+ DERSequence tag6 = ( DERSequence ) derObject;
+ encPart = ( EncryptedDataDecoder.decode( tag6 ) );
+ break;
+ }
+ }
+
+ KerberosPrincipal clientPrincipal = modifier.getKerberosPrincipal();
+
+ return new KdcReply( paData, clientPrincipal, ticket, encPart, msgType );
+ }
+}
Propchange: directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/io/decoder/KdcReplyDecoder.java
------------------------------------------------------------------------------
svn:eol-style = native
Copied: directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/io/encoder/KdcRequestEncoder.java (from r541561, directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/io/encoder/KdcReqBodyEncoder.java)
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/io/encoder/KdcRequestEncoder.java?view=diff&rev=541864&p1=directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/io/encoder/KdcReqBodyEncoder.java&r1=541561&p2=directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/io/encoder/KdcRequestEncoder.java&r2=541864
==============================================================================
--- directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/io/encoder/KdcReqBodyEncoder.java (original)
+++ directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/io/encoder/KdcRequestEncoder.java Fri May 25 23:46:25 2007
@@ -20,14 +20,17 @@
package org.apache.directory.server.kerberos.shared.io.encoder;
-import java.io.ByteArrayOutputStream;
import java.io.IOException;
+import java.nio.ByteBuffer;
import org.apache.directory.server.kerberos.shared.messages.KdcRequest;
+import org.apache.directory.server.kerberos.shared.messages.value.PreAuthenticationData;
import org.apache.directory.shared.asn1.der.ASN1OutputStream;
+import org.apache.directory.shared.asn1.der.DERApplicationSpecific;
import org.apache.directory.shared.asn1.der.DERBitString;
import org.apache.directory.shared.asn1.der.DERGeneralString;
import org.apache.directory.shared.asn1.der.DERInteger;
+import org.apache.directory.shared.asn1.der.DEROctetString;
import org.apache.directory.shared.asn1.der.DERSequence;
import org.apache.directory.shared.asn1.der.DERTaggedObject;
@@ -36,24 +39,51 @@
* @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
* @version $Rev$, $Date$
*/
-public class KdcReqBodyEncoder
+public class KdcRequestEncoder
{
/**
- * Encodes a {@link KdcRequest} into a byte array.
+ * Encodes a {@link KdcRequest} into a {@link ByteBuffer}.
+ *
+ * AS-REQ ::= [APPLICATION 10] KDC-REQ
+ * TGS-REQ ::= [APPLICATION 12] KDC-REQ
*
* @param request
- * @return The byte array.
+ * @param out
* @throws IOException
*/
- public byte[] encode( KdcRequest request ) throws IOException
+ public void encode( KdcRequest request, ByteBuffer out ) throws IOException
{
- ByteArrayOutputStream baos = new ByteArrayOutputStream();
- ASN1OutputStream aos = new ASN1OutputStream( baos );
+ ASN1OutputStream aos = new ASN1OutputStream( out );
- aos.writeObject( encodeInitialSequence( request ) );
+ DERSequence kdcRequest = encodeInitialSequence( request );
+ aos.writeObject( DERApplicationSpecific.valueOf( request.getMessageType().getOrdinal(), kdcRequest ) );
aos.close();
+ }
+
+
+ /*
+ KDC-REQ ::= SEQUENCE {
+ pvno[1] INTEGER,
+ msg-type[2] INTEGER,
+ padata[3] SEQUENCE OF PA-DATA OPTIONAL,
+ req-body[4] KDC-REQ-BODY
+ }*/
+ private DERSequence encodeInitialSequence( KdcRequest app )
+ {
+ DERSequence sequence = new DERSequence();
+
+ sequence.add( new DERTaggedObject( 1, DERInteger.valueOf( app.getProtocolVersionNumber() ) ) );
+
+ sequence.add( new DERTaggedObject( 2, DERInteger.valueOf( app.getMessageType().getOrdinal() ) ) );
+
+ if ( app.getPreAuthData() != null )
+ {
+ sequence.add( new DERTaggedObject( 3, encodePreAuthData( app.getPreAuthData() ) ) );
+ }
- return baos.toByteArray();
+ sequence.add( new DERTaggedObject( 4, encodeKdcRequestBody( app ) ) );
+
+ return sequence;
}
@@ -78,7 +108,7 @@
* additional-tickets[11] SEQUENCE OF Ticket OPTIONAL
* }
*/
- private DERSequence encodeInitialSequence( KdcRequest request )
+ private DERSequence encodeKdcRequestBody( KdcRequest request )
{
DERSequence sequence = new DERSequence();
@@ -136,5 +166,28 @@
}
return sequence;
+ }
+
+
+ /*
+ PA-DATA ::= SEQUENCE {
+ padata-type[1] INTEGER,
+ padata-value[2] OCTET STRING,
+ -- might be encoded AP-REQ
+ }*/
+ private DERSequence encodePreAuthData( PreAuthenticationData[] preAuthData )
+ {
+ DERSequence preAuth = new DERSequence();
+
+ for ( int ii = 0; ii < preAuthData.length; ii++ )
+ {
+ DERSequence sequence = new DERSequence();
+
+ sequence.add( new DERTaggedObject( 1, DERInteger.valueOf( preAuthData[ii].getDataType().getOrdinal() ) ) );
+ sequence.add( new DERTaggedObject( 2, new DEROctetString( preAuthData[ii].getDataValue() ) ) );
+ preAuth.add( sequence );
+ }
+
+ return preAuth;
}
}
Propchange: directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/io/encoder/KdcRequestEncoder.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/io/encoder/KdcRequestEncoder.java
------------------------------------------------------------------------------
--- svn:keywords (added)
+++ svn:keywords Fri May 25 23:46:25 2007
@@ -0,0 +1,4 @@
+Rev
+Revision
+Date
+Id