You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by el...@apache.org on 2010/12/03 14:01:20 UTC
svn commit: r1041794 - in
/directory/apacheds/branches/apacheds-kerberos-codec-2.0:
kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/messages/
protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/
Author: elecharny
Date: Fri Dec 3 13:01:20 2010
New Revision: 1041794
URL: http://svn.apache.org/viewvc?rev=1041794&view=rev
Log:
o Added a field to store an EncTicketPart into the ticket
o Fixed compilation failures
Modified:
directory/apacheds/branches/apacheds-kerberos-codec-2.0/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/messages/Ticket.java
directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationService.java
Modified: directory/apacheds/branches/apacheds-kerberos-codec-2.0/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/messages/Ticket.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos-codec-2.0/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/messages/Ticket.java?rev=1041794&r1=1041793&r2=1041794&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos-codec-2.0/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/messages/Ticket.java (original)
+++ directory/apacheds/branches/apacheds-kerberos-codec-2.0/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/messages/Ticket.java Fri Dec 3 13:01:20 2010
@@ -30,6 +30,7 @@ import org.apache.directory.shared.asn1.
import org.apache.directory.shared.asn1.codec.EncoderException;
import org.apache.directory.shared.kerberos.KerberosConstants;
import org.apache.directory.shared.kerberos.KerberosMessageType;
+import org.apache.directory.shared.kerberos.components.EncTicketPart;
import org.apache.directory.shared.kerberos.components.EncryptedData;
import org.apache.directory.shared.kerberos.components.PrincipalName;
import org.apache.directory.shared.kerberos.exceptions.InvalidTicketException;
@@ -75,6 +76,9 @@ public class Ticket extends KerberosMess
/** The encoded part */
private EncryptedData encPart;
+ /** The encoded ticket part, stored in its original form (not encoded) */
+ private transient EncTicketPart encTicketPart;
+
// Storage for computed lengths
private transient int tktvnoLength;
private transient int realmLength;
@@ -205,6 +209,24 @@ public class Ticket extends KerberosMess
/**
+ * @return the encTicketPart
+ */
+ public EncTicketPart getEncTicketPart()
+ {
+ return encTicketPart;
+ }
+
+
+ /**
+ * @param encTicketPart the encTicketPart to set
+ */
+ public void setEncTicketPart( EncTicketPart encTicketPart )
+ {
+ this.encTicketPart = encTicketPart;
+ }
+
+
+ /**
* Compute the Ticket length
* <pre>
* Ticket :
Modified: directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationService.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationService.java?rev=1041794&r1=1041793&r2=1041794&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationService.java (original)
+++ directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationService.java Fri Dec 3 13:01:20 2010
@@ -295,7 +295,7 @@ public class AuthenticationService
}
}
- if ( preAuthData.length > 0 && timestamp == null )
+ if ( ( preAuthData.size() > 0 ) && ( timestamp == null ) )
{
throw new KerberosException( ErrorType.KDC_ERR_PADATA_TYPE_NOSUPP );
}
@@ -306,7 +306,7 @@ public class AuthenticationService
preparePreAuthenticationError( config.getEncryptionTypes() ) );
}
- if ( !timestamp.getTimeStamp().isInClockSkew( config.getAllowableClockSkew() ) )
+ if ( !timestamp.getPaTimestamp().isInClockSkew( config.getAllowableClockSkew() ) )
{
throw new KerberosException( ErrorType.KDC_ERR_PREAUTH_FAILED );
}
@@ -351,12 +351,12 @@ public class AuthenticationService
PrincipalName ticketPrincipal = request.getKdcReqBody().getSName();
- EncTicketPart newTicketBody = new EncTicketPart();
+ EncTicketPart encTicketPart = new EncTicketPart();
KdcServer config = authContext.getConfig();
// The INITIAL flag indicates that a ticket was issued using the AS protocol.
TicketFlags ticketFlags = new TicketFlags();
- newTicketBody.setFlags( ticketFlags );
+ encTicketPart.setFlags( ticketFlags );
ticketFlags.setFlag( TicketFlag.INITIAL );
// The PRE-AUTHENT flag indicates that the client used pre-authentication.
@@ -405,14 +405,14 @@ public class AuthenticationService
}
EncryptionKey sessionKey = RandomKeyFactory.getRandomKey( authContext.getEncryptionType() );
- newTicketBody.setKey( sessionKey );
+ encTicketPart.setKey( sessionKey );
- newTicketBody.setcName( request.getKdcReqBody().getCName() );
- newTicketBody.setTransited( new TransitedEncoding() );
+ encTicketPart.setcName( request.getKdcReqBody().getCName() );
+ encTicketPart.setTransited( new TransitedEncoding() );
KerberosTime now = new KerberosTime();
- newTicketBody.setAuthTime( now );
+ encTicketPart.setAuthTime( now );
KerberosTime startTime = request.getKdcReqBody().getFrom();
@@ -454,7 +454,7 @@ public class AuthenticationService
ticketFlags.setFlag( TicketFlag.POSTDATED );
ticketFlags.setFlag( TicketFlag.INVALID );
- newTicketBody.setStartTime( startTime );
+ encTicketPart.setStartTime( startTime );
}
long till = 0;
@@ -474,7 +474,7 @@ public class AuthenticationService
*/
long endTime = Math.min( till, startTime.getTime() + config.getMaximumTicketLifetime() );
KerberosTime kerberosEndTime = new KerberosTime( endTime );
- newTicketBody.setEndTime( kerberosEndTime );
+ encTicketPart.setEndTime( kerberosEndTime );
/*
* "If the requested expiration time minus the starttime (as determined
@@ -533,13 +533,13 @@ public class AuthenticationService
* configured in policy.
*/
long renewTill = Math.min( tempRtime.getTime(), startTime.getTime() + config.getMaximumRenewableLifetime() );
- newTicketBody.setRenewTill( new KerberosTime( renewTill ) );
+ encTicketPart.setRenewTill( new KerberosTime( renewTill ) );
}
if ( request.getKdcReqBody().getAddresses() != null && request.getKdcReqBody().getAddresses().getAddresses() != null
&& request.getKdcReqBody().getAddresses().getAddresses().length > 0 )
{
- newTicketBody.setClientAddresses( request.getKdcReqBody().getAddresses() );
+ encTicketPart.setClientAddresses( request.getKdcReqBody().getAddresses() );
}
else
{
@@ -549,12 +549,10 @@ public class AuthenticationService
}
}
- EncTicketPart ticketPart = newTicketBody.getEncTicketPart();
-
- EncryptedData encryptedData = cipherTextHandler.seal( serverKey, ticketPart, KeyUsage.NUMBER2 );
+ EncryptedData encryptedData = cipherTextHandler.seal( serverKey, encTicketPart, KeyUsage.NUMBER2 );
Ticket newTicket = new Ticket( ticketPrincipal, encryptedData );
- newTicket.setEncTicketPart( ticketPart );
+ newTicket.setEncTicketPart( encTicketPart );
if ( LOG.isDebugEnabled() )
{