You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by el...@apache.org on 2007/09/24 12:18:45 UTC
svn commit: r578743 [3/12] - in
/directory/apacheds/branches/apacheds-kerberos: kerberos-shared/
kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/
kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto...
Modified: directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/io/encoder/TicketEncoder.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/io/encoder/TicketEncoder.java?rev=578743&r1=578742&r2=578743&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/io/encoder/TicketEncoder.java (original)
+++ directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/io/encoder/TicketEncoder.java Mon Sep 24 03:18:05 2007
@@ -22,8 +22,11 @@
import java.io.ByteArrayOutputStream;
import java.io.IOException;
+import java.text.ParseException;
+import java.util.List;
import org.apache.directory.server.kerberos.shared.messages.components.Ticket;
+import org.apache.directory.server.kerberos.shared.messages.value.PrincipalName;
import org.apache.directory.shared.asn1.der.ASN1OutputStream;
import org.apache.directory.shared.asn1.der.DERApplicationSpecific;
import org.apache.directory.shared.asn1.der.DERGeneralString;
@@ -71,7 +74,17 @@
vector.add( new DERTaggedObject( 0, DERInteger.valueOf( ticket.getVersionNumber() ) ) );
vector.add( new DERTaggedObject( 1, DERGeneralString.valueOf( ticket.getRealm() ) ) );
- vector.add( new DERTaggedObject( 2, PrincipalNameEncoder.encode( ticket.getServerPrincipal() ) ) );
+
+ try
+ {
+ vector.add( new DERTaggedObject( 2, PrincipalNameEncoder.encode(
+ new PrincipalName( ticket.getServerPrincipal().getName(), ticket.getServerPrincipal().getNameType() ) ) ) );
+ }
+ catch ( ParseException pe )
+ {
+ pe.printStackTrace();
+ }
+
vector.add( new DERTaggedObject( 3, EncryptedDataEncoder.encodeSequence( ticket.getEncPart() ) ) );
DERApplicationSpecific ticketSequence = null;
@@ -98,6 +111,20 @@
DERSequence vector = new DERSequence();
vector.add( encode( tickets[ii] ) );
outerVector.add( vector );
+ }
+
+ return outerVector;
+ }
+
+ protected static DERSequence encodeSequence( List<Ticket> tickets )
+ {
+ DERSequence outerVector = new DERSequence();
+
+ for ( Ticket ticket:tickets )
+ {
+ //DERSequence vector = new DERSequence();
+ //vector.add( encode( ticket ) );
+ outerVector.add( encode( ticket ) );
}
return outerVector;
Added: directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/AuthServerReply.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/AuthServerReply.java?rev=578743&view=auto
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/AuthServerReply.java (added)
+++ directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/AuthServerReply.java Mon Sep 24 03:18:05 2007
@@ -0,0 +1,70 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.server.kerberos.shared.messages;
+
+
+import java.util.List;
+
+import javax.security.auth.kerberos.KerberosPrincipal;
+
+import org.apache.directory.server.kerberos.shared.messages.components.Ticket;
+import org.apache.directory.server.kerberos.shared.messages.value.EncryptedData;
+import org.apache.directory.server.kerberos.shared.messages.value.PreAuthenticationData;
+
+
+/**
+ * This class implements the AP-REP message.
+ *
+ * The ASN.1 grammar is the following :
+ *
+ * AS-REP ::= [APPLICATION 11] KDC-REP
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev: 540371 $, $Date: 2007-05-22 02:00:43 +0200 (Tue, 22 May 2007) $
+ */
+public class AuthServerReply extends KdcReply
+{
+ /**
+ * Creates a new instance of AuthServerReply.
+ */
+ public AuthServerReply()
+ {
+ super( MessageType.KRB_AS_REP );
+ }
+
+
+ /**
+ * Creates a new instance of AuthServerReply.
+ *
+ * @param paData
+ * @param clientPrincipal
+ * @param ticket
+ * @param encPart
+ */
+ public AuthServerReply( List<PreAuthenticationData> paData, KerberosPrincipal clientPrincipal, Ticket ticket,
+ EncryptedData encPart )
+ {
+ super( MessageType.KRB_AS_REP );
+ super.setPaData( paData );
+ super.setClientPrincipal( clientPrincipal );
+ super.setTicket( ticket );
+ super.setEncPart( encPart );
+ }
+}
Added: directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/AuthServerRequest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/AuthServerRequest.java?rev=578743&view=auto
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/AuthServerRequest.java (added)
+++ directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/AuthServerRequest.java Mon Sep 24 03:18:05 2007
@@ -0,0 +1,150 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.server.kerberos.shared.messages;
+
+
+import java.nio.BufferOverflowException;
+import java.nio.ByteBuffer;
+import java.util.List;
+
+import org.apache.directory.server.kerberos.shared.messages.value.PreAuthenticationData;
+import org.apache.directory.server.kerberos.shared.messages.value.KerberosRequestBody;
+import org.apache.directory.shared.asn1.ber.tlv.TLV;
+import org.apache.directory.shared.asn1.codec.EncoderException;
+import org.apache.directory.shared.ldap.util.StringTools;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+
+/**
+ * This class implements the AS-REQ message.
+ *
+ * The ASN.1 grammar is the following :
+ *
+ * AS-REQ ::= [APPLICATION 10] KDC-REQ
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev: 540371 $, $Date: 2007-05-22 02:00:43 +0200 (Tue, 22 May 2007) $
+ */
+public class AuthServerRequest extends KdcRequest
+{
+ /** The logger */
+ private static final Logger log = LoggerFactory.getLogger( AuthServerRequest.class );
+
+ /** Speedup for logs */
+ private static final boolean IS_DEBUG = log.isDebugEnabled();
+
+ // Storage for computed lengths
+ private transient int asReqAppLength;
+
+ /**
+ * Creates a new instance of AuthServerRequest.
+ *
+ * @param paData
+ * @param clientPrincipal
+ * @param ticket
+ * @param encPart
+ */
+ public AuthServerRequest( List<PreAuthenticationData> paData, KerberosRequestBody requestBody )
+ {
+ super( MessageType.KRB_AS_REQ, paData, requestBody );
+ }
+
+ /**
+ * Return the length of a AS-REQ message .
+ *
+ * 0x6A L1
+ * |
+ * +--> 0x30 L2 KDC-REQ
+ */
+ public int computeLength()
+ {
+ // Compute the KDC-REQ length
+ asReqAppLength = super.computeLength();
+
+ return 1 + TLV.getNbBytes( asReqAppLength ) + asReqAppLength;
+ }
+
+ /**
+ * Encode the AS-REQ message to a PDU.
+ *
+ * AS-REQ :
+ *
+ * 0x6A LL
+ * 0x30 LL KDC-REQ
+ *
+ * @param buffer The buffer where to put the PDU. It should have been allocated
+ * before, with the right size.
+ * @return The constructed PDU.
+ */
+ public ByteBuffer encode( ByteBuffer buffer ) throws EncoderException
+ {
+ if ( buffer == null )
+ {
+ buffer = ByteBuffer.allocate( computeLength() );
+ }
+
+ try
+ {
+ // The AS-REQ application Tag
+ buffer.put( (byte)0x6A );
+ buffer.put( TLV.getBytes( asReqAppLength ) );
+
+ // Encode the requestBody
+ super.encode( buffer );
+ }
+ catch ( BufferOverflowException boe )
+ {
+ log.error( "Cannot encode the AS-REQ object, the PDU size is {} when only {} bytes has been allocated", 1
+ + TLV.getNbBytes( asReqAppLength ) + asReqAppLength, buffer.capacity() );
+ throw new EncoderException( "The PDU buffer size is too small !" );
+ }
+
+ if ( IS_DEBUG )
+ {
+ log.debug( "AS-REQ encoding : {}", StringTools.dumpBytes( buffer.array() ) );
+ log.debug( "AS-REQ initial value : {}", toString() );
+ }
+
+ return buffer;
+ }
+
+ /**
+ * @see Object#toString()
+ */
+public String toString( String tabs )
+ {
+ StringBuilder sb = new StringBuilder();
+
+ sb.append( tabs ).append( "AS-REQ\n" );
+ sb.append( super.toString( tabs + " " ) );
+
+ return sb.toString();
+ }
+
+
+ /**
+ * @see Object#toString()
+ */
+ public String toString()
+ {
+ return toString( "" );
+ }
+}
Modified: directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/KdcReply.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/KdcReply.java?rev=578743&r1=578742&r2=578743&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/KdcReply.java (original)
+++ directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/KdcReply.java Mon Sep 24 03:18:05 2007
@@ -20,6 +20,11 @@
package org.apache.directory.server.kerberos.shared.messages;
+import java.text.ParseException;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+
import javax.security.auth.kerberos.KerberosPrincipal;
import org.apache.directory.server.kerberos.shared.messages.components.EncKdcRepPart;
@@ -30,22 +35,63 @@
import org.apache.directory.server.kerberos.shared.messages.value.KerberosTime;
import org.apache.directory.server.kerberos.shared.messages.value.LastRequest;
import org.apache.directory.server.kerberos.shared.messages.value.PreAuthenticationData;
-import org.apache.directory.server.kerberos.shared.messages.value.TicketFlags;
+import org.apache.directory.server.kerberos.shared.messages.value.PrincipalName;
+import org.apache.directory.server.kerberos.shared.messages.value.flags.KerberosFlags;
+import org.apache.directory.server.kerberos.shared.messages.value.flags.TicketFlags;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
/**
+ * Implements the KDC-REP message.
+ *
+ * The ASN.1 grammar is the following :
+ *
+ * KDC-REP ::= SEQUENCE {
+ * pvno [0] INTEGER (5),
+ * msg-type [1] INTEGER (11 -- AS -- | 13 -- TGS --),
+ * padata [2] SEQUENCE OF PA-DATA OPTIONAL
+ * -- NOTE: not empty --,
+ * crealm [3] Realm,
+ * cname [4] PrincipalName,
+ * ticket [5] Ticket,
+ * enc-part [6] EncryptedData
+ * -- EncASRepPart or EncTGSRepPart,
+ * -- as appropriate
+ * }
+ *
+
* @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
* @version $Rev$, $Date$
*/
public class KdcReply extends KerberosMessage implements Encodable
{
- private PreAuthenticationData[] paData; //optional
+ /** The logger */
+ private static final Logger log = LoggerFactory.getLogger( KdcReply.class );
+
+ /** Speedup for logs */
+ private static final boolean IS_DEBUG = log.isDebugEnabled();
+
+
+ private List<PreAuthenticationData> paData; //optional
+
+ /** The client principalName */
+ private PrincipalName cName;
+
+ /** The client principalName */
private KerberosPrincipal clientPrincipal;
+
+ /** The client realm */
+ private String cRealm;
+
+ /** The newly issued ticket */
private Ticket ticket;
- private EncKdcRepPart encKDCRepPart = new EncKdcRepPart();
+ /** the encrypted part of a message */
private EncryptedData encPart;
+ //private EncKdcRepPart encKDCRepPart = new EncKdcRepPart();
+
/**
* Creates a new instance of KdcReply.
@@ -59,33 +105,24 @@
/**
- * Creates a new instance of KdcReply.
+ * Returns the client {@link KerberosPrincipal}.
*
- * @param paData
- * @param clientPrincipal
- * @param ticket
- * @param encPart
- * @param msgType
+ * @return The client {@link KerberosPrincipal}.
*/
- public KdcReply( PreAuthenticationData[] paData, KerberosPrincipal clientPrincipal, Ticket ticket,
- EncryptedData encPart, MessageType msgType )
+ public KerberosPrincipal getClientPrincipal()
{
- this( msgType );
- this.paData = paData;
- this.clientPrincipal = clientPrincipal;
- this.ticket = ticket;
- this.encPart = encPart;
+ return clientPrincipal;
}
/**
- * Returns the client {@link KerberosPrincipal}.
+ * Returns the client {@link PrincipalName}.
*
- * @return The client {@link KerberosPrincipal}.
+ * @return The client {@link PrincipalName}.
*/
- public KerberosPrincipal getClientPrincipal()
+ public PrincipalName getClientPrincipalName()
{
- return clientPrincipal;
+ return cName;
}
@@ -96,7 +133,7 @@
*/
public String getClientRealm()
{
- return clientPrincipal.getRealm();
+ return cRealm;
}
@@ -116,7 +153,7 @@
*
* @return The array of {@link PreAuthenticationData}s.
*/
- public PreAuthenticationData[] getPaData()
+ public List<PreAuthenticationData> getPaData()
{
return paData;
}
@@ -138,9 +175,28 @@
*
* @param clientPrincipal
*/
+ public void setCName( PrincipalName cName )
+ {
+ this.cName = cName;
+ }
+
+ /**
+ * Sets the client {@link KerberosPrincipal}.
+ *
+ * @param clientPrincipal
+ */
public void setClientPrincipal( KerberosPrincipal clientPrincipal )
{
this.clientPrincipal = clientPrincipal;
+
+ try
+ {
+ this.cName = new PrincipalName( clientPrincipal.getName(), clientPrincipal.getNameType() );
+ }
+ catch ( ParseException pe )
+ {
+ this.cName = null;
+ }
}
@@ -160,9 +216,9 @@
*
* @param part
*/
- public void setEncPart( EncryptedData part )
+ public void setEncPart( EncryptedData encPart )
{
- encPart = part;
+ this.encPart = encPart;
}
@@ -173,9 +229,36 @@
*/
public void setPaData( PreAuthenticationData[] data )
{
+ paData = Arrays.asList( data );
+ }
+
+
+ /**
+ * Sets the array of {@link PreAuthenticationData}s.
+ *
+ * @param data
+ */
+ public void setPaData( List<PreAuthenticationData> data )
+ {
paData = data;
}
+
+ /**
+ * Sets the array of {@link PreAuthenticationData}s.
+ *
+ * @param data
+ */
+ public void addPaData( PreAuthenticationData data )
+ {
+ if ( paData == null )
+ {
+ paData = new ArrayList<PreAuthenticationData>();
+ }
+
+ paData.add( data );
+ }
+
/**
* Sets the {@link Ticket}.
@@ -228,7 +311,7 @@
*
* @return The {@link TicketFlags}.
*/
- public TicketFlags getFlags()
+ public int getFlags()
{
return encKDCRepPart.getFlags();
}
@@ -301,6 +384,17 @@
/**
+ * Returns the server {@link PrincipalName}.
+ *
+ * @return The server {@link PrincipalName}.
+ */
+ public PrincipalName getServerPrincipalName()
+ {
+ return encKDCRepPart.getServerPrincipalName();
+ }
+
+
+ /**
* Return the server realm.
*
* @return The server realm.
@@ -362,7 +456,7 @@
*
* @param flags
*/
- public void setFlags( TicketFlags flags )
+ public void setFlags( KerberosFlags flags )
{
encKDCRepPart.setFlags( flags );
}
Modified: directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/KdcRequest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/KdcRequest.java?rev=578743&r1=578742&r2=578743&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/KdcRequest.java (original)
+++ directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/KdcRequest.java Mon Sep 24 03:18:05 2007
@@ -20,29 +20,77 @@
package org.apache.directory.server.kerberos.shared.messages;
+import java.nio.BufferOverflowException;
+import java.nio.ByteBuffer;
+import java.util.List;
+
import javax.security.auth.kerberos.KerberosPrincipal;
import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
import org.apache.directory.server.kerberos.shared.messages.components.Ticket;
import org.apache.directory.server.kerberos.shared.messages.value.EncryptedData;
import org.apache.directory.server.kerberos.shared.messages.value.HostAddresses;
-import org.apache.directory.server.kerberos.shared.messages.value.KdcOptions;
import org.apache.directory.server.kerberos.shared.messages.value.KerberosTime;
import org.apache.directory.server.kerberos.shared.messages.value.PreAuthenticationData;
-import org.apache.directory.server.kerberos.shared.messages.value.RequestBody;
+import org.apache.directory.server.kerberos.shared.messages.value.PrincipalName;
+import org.apache.directory.server.kerberos.shared.messages.value.KerberosRequestBody;
+import org.apache.directory.server.kerberos.shared.messages.value.flags.KdcOption;
+import org.apache.directory.server.kerberos.shared.messages.value.flags.KdcOptions;
+import org.apache.directory.server.kerberos.shared.messages.value.flags.KerberosFlag;
+import org.apache.directory.shared.asn1.ber.tlv.TLV;
+import org.apache.directory.shared.asn1.ber.tlv.UniversalTag;
+import org.apache.directory.shared.asn1.codec.DecoderException;
+import org.apache.directory.shared.asn1.codec.EncoderException;
+import org.apache.directory.shared.ldap.util.StringTools;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
/**
+ * Implements the KDC-REQ message.
+ *
+ * The ASN.1 grammar is the following :
+ *
+ * KDC-REQ ::= SEQUENCE {
+ * -- NOTE: first tag is [1], not [0]
+ * pvno [1] INTEGER (5) ,
+ * msg-type [2] INTEGER (10 -- AS -- | 12 -- TGS --),
+ * padata [3] SEQUENCE OF PA-DATA OPTIONAL
+ * -- NOTE: not empty --,
+ * req-body [4] KDC-REQ-BODY
+ * }
+ *
+ * The pvno and msg-type are handled by the KerberosMessage inherited class
+ *
* @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
* @version $Rev$, $Date$
*/
public class KdcRequest extends KerberosMessage
{
- private PreAuthenticationData[] preAuthData; //optional
- private RequestBody requestBody;
- private byte[] bodyBytes;
+ /** The logger */
+ private static final Logger log = LoggerFactory.getLogger( KdcRequest.class );
+ /** Speedup for logs */
+ private static final boolean IS_DEBUG = log.isDebugEnabled();
+ /** The pre-authentication data */
+ private List<PreAuthenticationData> paData; //optional
+
+ /** The request body */
+ private KerberosRequestBody reqBody;
+
+ /** A byte[] representing the request body */
+ private byte[] reqBodyBytes;
+
+
+ // Storage for computed lengths
+ private transient int kdcReqSeqLength;
+
+ private transient int paDataTagLength;
+ private transient int paDataSeqLength;
+
+ private transient int reqBodyTagLength;
+
/**
* Creates a new instance of KdcRequest.
*
@@ -51,14 +99,13 @@
* @param preAuthData
* @param requestBody
*/
- public KdcRequest( int pvno, MessageType messageType, PreAuthenticationData[] preAuthData, RequestBody requestBody )
+ public KdcRequest( int pvno, MessageType messageType, List<PreAuthenticationData> paData, KerberosRequestBody reqBody )
{
super( pvno, messageType );
- this.preAuthData = preAuthData;
- this.requestBody = requestBody;
+ this.paData = paData;
+ this.reqBody = reqBody;
}
-
/**
* Creates a new instance of KdcRequest.
*
@@ -66,35 +113,22 @@
* @param messageType
* @param preAuthData
* @param requestBody
- * @param bodyBytes
*/
- public KdcRequest( int pvno, MessageType messageType, PreAuthenticationData[] preAuthData, RequestBody requestBody,
- byte[] bodyBytes )
+ public KdcRequest( MessageType messageType, List<PreAuthenticationData> paData, KerberosRequestBody reqBody )
{
- this( pvno, messageType, preAuthData, requestBody );
- this.bodyBytes = bodyBytes;
+ super( messageType );
+ this.paData = paData;
+ this.reqBody = reqBody;
}
-
/**
* Returns an array of {@link PreAuthenticationData}s.
*
* @return The array of {@link PreAuthenticationData}s.
*/
- public PreAuthenticationData[] getPreAuthData()
- {
- return preAuthData;
- }
-
-
- /**
- * Returns the request body.
- *
- * @return The request body.
- */
- public RequestBody getRequestBody()
+ public List<PreAuthenticationData> getPreAuthData()
{
- return requestBody;
+ return paData;
}
@@ -106,7 +140,7 @@
*/
public byte[] getBodyBytes()
{
- return bodyBytes;
+ return reqBodyBytes;
}
@@ -117,9 +151,9 @@
*
* @return The {@link Ticket}s.
*/
- public Ticket[] getAdditionalTickets()
+ public List<Ticket> getAdditionalTickets()
{
- return requestBody.getAdditionalTickets();
+ return reqBody.getAdditionalTickets();
}
@@ -130,7 +164,18 @@
*/
public HostAddresses getAddresses()
{
- return requestBody.getAddresses();
+ return reqBody.getAddresses();
+ }
+
+
+ /**
+ * Returns the client {@link PrincipalName}.
+ *
+ * @return The client {@link PrincipalName}.
+ */
+ public PrincipalName getClientPrincipalName()
+ {
+ return reqBody.getClientPrincipalName();
}
@@ -141,7 +186,7 @@
*/
public KerberosPrincipal getClientPrincipal()
{
- return requestBody.getClientPrincipal();
+ return reqBody.getClientPrincipal();
}
@@ -152,7 +197,7 @@
*/
public String getRealm()
{
- return requestBody.getServerPrincipal().getRealm();
+ return reqBody.getRealm();
}
@@ -163,7 +208,7 @@
*/
public EncryptedData getEncAuthorizationData()
{
- return requestBody.getEncAuthorizationData();
+ return reqBody.getEncAuthorizationData();
}
@@ -172,9 +217,9 @@
*
* @return The array of {@link EncryptionType}s.
*/
- public EncryptionType[] getEType()
+ public List<EncryptionType> getEType()
{
- return requestBody.getEType();
+ return reqBody.getEType();
}
@@ -185,7 +230,7 @@
*/
public KerberosTime getFrom()
{
- return requestBody.getFrom();
+ return reqBody.getFrom();
}
@@ -196,7 +241,7 @@
*/
public KdcOptions getKdcOptions()
{
- return requestBody.getKdcOptions();
+ return reqBody.getKdcOptions();
}
@@ -207,18 +252,18 @@
*/
public int getNonce()
{
- return requestBody.getNonce();
+ return reqBody.getNonce();
}
/**
- * Returns the "R" {@link KerberosTime}.
+ * Returns the renew-till" {@link KerberosTime}.
*
- * @return The "R" {@link KerberosTime}.
+ * @return The renew-till" {@link KerberosTime}.
*/
- public KerberosTime getRtime()
+ public KerberosTime getRenewtime()
{
- return requestBody.getRtime();
+ return reqBody.getRenewtime();
}
@@ -229,9 +274,18 @@
*/
public KerberosPrincipal getServerPrincipal()
{
- return requestBody.getServerPrincipal();
+ return reqBody.getServerPrincipal();
}
+ /**
+ * Returns the server {@link PrincipalName}.
+ *
+ * @return The server {@link PrincipalName}.
+ */
+ public PrincipalName getServerPrincipalName()
+ {
+ return reqBody.getServerPrincipalName();
+ }
/**
* Returns the till {@link KerberosTime}.
@@ -240,7 +294,7 @@
*/
public KerberosTime getTill()
{
- return requestBody.getTill();
+ return reqBody.getTill();
}
@@ -254,7 +308,25 @@
*/
public boolean getOption( int option )
{
- return requestBody.getKdcOptions().get( option );
+ try
+ {
+ return reqBody.getKdcOptions().getBit( option );
+ }
+ catch ( DecoderException de )
+ {
+ return false;
+ }
+ }
+
+ /**
+ * Returns the option for the specified flag
+ *
+ * @param option
+ * @return The option.
+ */
+ public boolean getOption( KerberosFlag option )
+ {
+ return reqBody.getKdcOptions().isFlagSet( option );
}
@@ -265,7 +337,18 @@
*/
public void setOption( int option )
{
- requestBody.getKdcOptions().set( option );
+ reqBody.getKdcOptions().setBit( option );
+ }
+
+
+ /**
+ * Sets the option at the specified index.
+ *
+ * @param option
+ */
+ public void setOption( KdcOption option )
+ {
+ reqBody.getKdcOptions().setFlag( option );
}
@@ -276,6 +359,171 @@
*/
public void clearOption( int option )
{
- requestBody.getKdcOptions().clear( option );
+ reqBody.getKdcOptions().clearBit( option );
+ }
+
+ /**
+ * Return the length of a KdcRequest message .
+ *
+ * 0x30 L1
+ * |
+ * +--> 0xA1 0x03
+ * | |
+ * | +--> 0x02 0x01 pvno (integer)
+ * |
+ * +--> 0xA2 0x03
+ * | |
+ * | +--> 0x02 0x01 msg-type (integer)
+ * |
+ * +--> [0xA3 L2
+ * | |
+ * | +--> 0x30 L3-1 padata
+ * | |
+ * | +--> 0x30 L2-1-1 padata (PA-DATA)
+ * | |
+ * | +--> ...
+ * | |
+ * | +--> 0x61 L2-1-N padata ]
+ * |
+ * +--> 0xA4 L4
+ * |
+ * +--> 0x30 L4-1 req-body (KDC-REQ-BODY)
+ */
+ public int computeLength()
+ {
+ // First compute the KerberosMessage length
+ kdcReqSeqLength = super.computeLength();
+
+ // The pa-data length
+ if ( paData == null )
+ {
+ return -1;
+ }
+
+ paDataSeqLength = 0;
+
+ for ( PreAuthenticationData data:paData )
+ {
+ paDataSeqLength += data.computeLength();
+ }
+
+ paDataTagLength = 1 + TLV.getNbBytes( paDataSeqLength ) + paDataSeqLength;
+ kdcReqSeqLength += 1 + TLV.getNbBytes( paDataTagLength ) + paDataTagLength;
+
+ // The request body data length
+ if ( reqBody == null )
+ {
+ return -1;
+ }
+
+ reqBodyTagLength = reqBody.computeLength();
+
+ kdcReqSeqLength +=
+ 1 + TLV.getNbBytes( reqBodyTagLength ) + reqBodyTagLength;
+
+
+ return 1 + TLV.getNbBytes( kdcReqSeqLength ) + kdcReqSeqLength;
+ }
+
+ /**
+ * Encode the KdcRequest message to a PDU.
+ *
+ * KdcRequest :
+ *
+ * 0x30 LL
+ * 0xA1 LL pvno
+ * 0xA2 LL msg-type
+ * 0xA3 LL pa-datas
+ * 0x30 LL
+ * 0x30 LL pa-data
+ * ...
+ * 0x30 LL pa-data
+ * 0xA4 LL req-body
+ *
+ * @param buffer The buffer where to put the PDU. It should have been allocated
+ * before, with the right size.
+ * @return The constructed PDU.
+ */
+ public ByteBuffer encode( ByteBuffer buffer ) throws EncoderException
+ {
+ if ( buffer == null )
+ {
+ throw new EncoderException( "Cannot put a PDU in a null buffer !" );
+ }
+
+ try
+ {
+ // The kdcRequest SEQUENCE Tag
+ buffer.put( UniversalTag.SEQUENCE_TAG );
+ buffer.put( TLV.getBytes( kdcReqSeqLength ) );
+
+ // As the first tag is not 0xA0, we have to inform the super class.
+ setStartingTag( (byte)0xA1 );
+
+ // The pvno and msg-type Tag and value
+ super.encode( buffer );
+
+ // The padata, if any
+ buffer.put( (byte)0xA3 );
+ buffer.put( TLV.getBytes( paDataTagLength ) );
+
+ buffer.put( UniversalTag.SEQUENCE_TAG );
+ buffer.put( TLV.getBytes( paDataSeqLength ) );
+
+ if ( paData != null )
+ {
+ for ( PreAuthenticationData pa:paData )
+ {
+ pa.encode( buffer );
+ }
+ }
+
+ // REQ-BODY encoding
+ buffer.put( (byte)0xA4 );
+ buffer.put( TLV.getBytes( reqBodyTagLength ) );
+
+ if ( reqBody != null )
+ {
+ reqBody.encode( buffer );
+ }
+ else
+ {
+ log.error( "Null REQ-BODY part" );
+ throw new EncoderException( "The REQ-BODY must not be null" );
+ }
+ }
+ catch ( BufferOverflowException boe )
+ {
+ log.error( "Cannot encode the KRB-CRED object, the PDU size is {} when only {} bytes has been allocated", 1
+ + TLV.getNbBytes( kdcReqSeqLength ) + kdcReqSeqLength, buffer.capacity() );
+ throw new EncoderException( "The PDU buffer size is too small !" );
+ }
+
+ if ( IS_DEBUG )
+ {
+ log.debug( "KdcRequest encoding : {}", StringTools.dumpBytes( buffer.array() ) );
+ log.debug( "KdcRequest initial value : {}", toString() );
+ }
+
+ return buffer;
+ }
+
+ public String toString( String tabs )
+ {
+ StringBuilder sb = new StringBuilder();
+
+ sb.append( tabs ).append( "NYI\n" );
+ sb.append( super.toString( tabs + " " ) );
+
+ return sb.toString();
+ }
+
+
+ /**
+ * @see Object#toString()
+ */
+ public String toString()
+ {
+ return toString( "" );
}
}
Added: directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/KerberosCred.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/KerberosCred.java?rev=578743&view=auto
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/KerberosCred.java (added)
+++ directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/KerberosCred.java Mon Sep 24 03:18:05 2007
@@ -0,0 +1,286 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.server.kerberos.shared.messages;
+
+import java.nio.BufferOverflowException;
+import java.nio.ByteBuffer;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.directory.server.kerberos.shared.messages.components.Ticket;
+import org.apache.directory.server.kerberos.shared.messages.value.EncryptedData;
+import org.apache.directory.shared.asn1.ber.tlv.TLV;
+import org.apache.directory.shared.asn1.ber.tlv.UniversalTag;
+import org.apache.directory.shared.asn1.codec.EncoderException;
+import org.apache.directory.shared.ldap.util.StringTools;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * The KRB-CRED message. The ASN.1 grammar is the following :
+ *
+ * KRB-CRED ::= [APPLICATION 22] SEQUENCE {
+ * pvno [0] INTEGER (5),
+ * msg-type [1] INTEGER (22),
+ * tickets [2] SEQUENCE OF Ticket,
+ * enc-part [3] EncryptedData -- EncKrbCredPart
+ * }
+ *
+ * pvno and msg-type are inherited from KerberosMessage
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev: 540371 $, $Date: 2007-05-22 02:00:43 +0200 (Tue, 22 May 2007) $
+ */
+public class KerberosCred extends KerberosMessage
+{
+ /** The logger */
+ private static final Logger log = LoggerFactory.getLogger( KerberosCred.class );
+
+ /** Speedup for logs */
+ private static final boolean IS_DEBUG = log.isDebugEnabled();
+
+ /** The ticket list */
+ private List<Ticket> tickets;
+
+ /** The encrypted part */
+ private EncryptedData encPart;
+
+ // Storage for computed lengths
+ private transient int encPartTagLength = 0;
+
+ private transient int ticketsTagLength = 0;
+ private transient int ticketsSeqLength = 0;
+
+ private transient int kerberosCredSeqLength;
+ private transient int kerberosCredApplLength;
+
+ /**
+ * Creates a new instance of KerberosCred.
+ */
+ public KerberosCred()
+ {
+ super( MessageType.KRB_CRED );
+ encPart = null;
+ tickets = new ArrayList<Ticket>();
+ }
+
+ /**
+ * @return The encrypted part
+ */
+ public EncryptedData getEncPart()
+ {
+ return encPart;
+ }
+
+ /**
+ * Set the encrypted part
+ * @param encPart The encrypted part
+ */
+ public void setEncPart( EncryptedData encPart )
+ {
+ this.encPart = encPart;
+ }
+
+ /**
+ * @return The ticket list
+ */
+ public List<Ticket> getTickets()
+ {
+ return tickets;
+ }
+
+ /**
+ * Set a ticket list
+ * @param tickets The ticket list
+ */
+ public void setTickets( List<Ticket> tickets )
+ {
+ this.tickets = tickets;
+ }
+
+ /**
+ * Add a ticket to the KRB-CRED
+ * @param ticket The added ticket
+ */
+ public void addTicket( Ticket ticket )
+ {
+ tickets.add( ticket );
+ }
+
+
+ /**
+ * Return the length of a Kerberos Cred message .
+ *
+ * 0x72 L1
+ * |
+ * +--> 0x30 L2
+ * |
+ * +--> 0xA0 0x03
+ * | |
+ * | +--> 0x02 0x01 pvno (integer)
+ * |
+ * +--> 0xA1 0x03
+ * | |
+ * | +--> 0x02 0x01 msg-type (integer)
+ * |
+ * +--> 0xA2 L3
+ * | |
+ * | +--> 0x30 L3-1 tickets
+ * | |
+ * | +--> 0x61 L3-1-1 ticket
+ * | |
+ * | +--> ...
+ * | |
+ * | +--> 0x61 L3-1-N ticket
+ * |
+ * +--> 0xA3 L4
+ * |
+ * +--> 0x02 L4-1 enc-part (EncryptedData)
+ */
+ public int computeLength()
+ {
+ // First compute the KerberosMessage length
+ kerberosCredSeqLength = super.computeLength();
+
+ // The tickets length
+ if ( tickets == null )
+ {
+ return -1;
+ }
+
+ ticketsSeqLength = 0;
+
+ for ( Ticket ticket:tickets )
+ {
+ ticketsSeqLength += ticket.computeLength();
+ }
+
+ ticketsTagLength = 1 + TLV.getNbBytes( ticketsSeqLength ) + ticketsSeqLength;
+ kerberosCredSeqLength += 1 + TLV.getNbBytes( ticketsTagLength ) + ticketsTagLength;
+
+ // The encrypted data length
+ if ( encPart == null )
+ {
+ return -1;
+ }
+
+ encPartTagLength = encPart.computeLength();
+
+ kerberosCredSeqLength +=
+ 1 + TLV.getNbBytes( encPartTagLength ) + encPartTagLength;
+
+
+ kerberosCredApplLength = 1 + TLV.getNbBytes( kerberosCredSeqLength ) + kerberosCredSeqLength;
+ return 1 + TLV.getNbBytes( kerberosCredApplLength ) + kerberosCredApplLength;
+ }
+
+ /**
+ * Encode the KerberosCred message to a PDU.
+ *
+ * KRB-Cred :
+ *
+ * 0x72 LL
+ * 0x30 LL
+ * 0xA0 LL pvno
+ * 0xA1 LL msg-type
+ * 0xA2 LL tickets
+ * 0x30 LL
+ * 0x61 LL ticket
+ * ...
+ * 0x61 LL ticket
+ * 0xA3 LL enc-part
+ *
+ * @param buffer The buffer where to put the PDU. It should have been allocated
+ * before, with the right size.
+ * @return The constructed PDU.
+ */
+ public ByteBuffer encode( ByteBuffer buffer ) throws EncoderException
+ {
+ if ( buffer == null )
+ {
+ int bufferCapacity = computeLength();
+
+ if ( bufferCapacity == -1 )
+ {
+ log.error( "Cannot compute the buffer size" );
+ throw new EncoderException( "Cannot compute the buffer size" );
+ }
+
+ buffer = ByteBuffer.allocate( bufferCapacity );
+ }
+
+ try
+ {
+ // The KerberosCred APPLICATION Tag
+ buffer.put( (byte)0x72 );
+ buffer.put( TLV.getBytes( kerberosCredApplLength ) );
+
+ // The KerberosCred SEQUENCE Tag
+ buffer.put( UniversalTag.SEQUENCE_TAG );
+ buffer.put( TLV.getBytes( kerberosCredSeqLength ) );
+
+ // The pvno and msg-type Tag and value
+ super.encode( buffer );
+
+ // The tickets
+ buffer.put( (byte)0xA2 );
+ buffer.put( TLV.getBytes( ticketsTagLength ) );
+
+ buffer.put( UniversalTag.SEQUENCE_TAG );
+ buffer.put( TLV.getBytes( ticketsSeqLength ) );
+
+ if ( tickets != null )
+ {
+ for ( Ticket ticket:tickets )
+ {
+ ticket.encode( buffer );
+ }
+ }
+
+ // Encrypted Data encoding
+ buffer.put( (byte)0xA3 );
+ buffer.put( TLV.getBytes( encPartTagLength ) );
+
+ if ( encPart != null )
+ {
+ encPart.encode( buffer );
+ }
+ else
+ {
+ log.error( "Null Encrypted Data part" );
+ throw new EncoderException( "The encrypted Data must not be null" );
+ }
+ }
+ catch ( BufferOverflowException boe )
+ {
+ log.error( "Cannot encode the KRB-CRED object, the PDU size is {} when only {} bytes has been allocated", 1
+ + TLV.getNbBytes( kerberosCredApplLength ) + kerberosCredApplLength, buffer.capacity() );
+ throw new EncoderException( "The PDU buffer size is too small !" );
+ }
+
+ if ( IS_DEBUG )
+ {
+ log.debug( "KRB-CRED encoding : {}", StringTools.dumpBytes( buffer.array() ) );
+ log.debug( "KRB-CRED initial value : {}", toString() );
+ }
+
+ return buffer;
+ }
+}
Added: directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/KerberosError.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/KerberosError.java?rev=578743&view=auto
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/KerberosError.java (added)
+++ directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/KerberosError.java Mon Sep 24 03:18:05 2007
@@ -0,0 +1,760 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.server.kerberos.shared.messages;
+
+
+import java.nio.BufferOverflowException;
+import java.nio.ByteBuffer;
+import java.text.ParseException;
+
+import javax.security.auth.kerberos.KerberosPrincipal;
+
+import org.apache.directory.server.kerberos.shared.KerberosUtils;
+import org.apache.directory.server.kerberos.shared.messages.value.KerberosTime;
+import org.apache.directory.server.kerberos.shared.messages.value.PrincipalName;
+import org.apache.directory.server.kerberos.shared.messages.value.types.KerberosErrorType;
+import org.apache.directory.shared.asn1.ber.tlv.TLV;
+import org.apache.directory.shared.asn1.ber.tlv.UniversalTag;
+import org.apache.directory.shared.asn1.ber.tlv.Value;
+import org.apache.directory.shared.asn1.codec.EncoderException;
+import org.apache.directory.shared.ldap.util.StringTools;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+
+/**
+ * The KRB-ERROR message. The ASN.1 grammar is the following :
+ *
+ * KRB-ERROR ::= [APPLICATION 30] SEQUENCE {
+ * pvno [0] INTEGER (5),
+ * msg-type [1] INTEGER (30),
+ * ctime [2] KerberosTime OPTIONAL,
+ * cusec [3] Microseconds OPTIONAL,
+ * stime [4] KerberosTime,
+ * susec [5] Microseconds,
+ * error-code [6] Int32,
+ * crealm [7] Realm OPTIONAL,
+ * cname [8] PrincipalName OPTIONAL,
+ * realm [9] Realm -- service realm --,
+ * sname [10] PrincipalName -- service name --,
+ * e-text [11] KerberosString OPTIONAL,
+ * e-data [12] OCTET STRING OPTIONAL
+ * }
+ *
+ * pvno and msg-type are inherited from KerberosMessage
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev: 540371 $, $Date: 2007-05-22 02:00:43 +0200 (Tue, 22 May 2007) $
+ */
+public class KerberosError extends KerberosMessage
+{
+ /** The logger */
+ private static final Logger log = LoggerFactory.getLogger( KerberosError.class );
+
+ /** Speedup for logs */
+ private static final boolean IS_DEBUG = log.isDebugEnabled();
+
+ /** The client time */
+ private KerberosTime cTime; //optional
+
+ /** The client microSecond */
+ private int cusec; //optional : from 0 to 999. -1 means unknown
+
+ /** The server time */
+ private KerberosTime sTime;
+
+ /** The server microseconds */
+ private int susec;
+
+ /** The error code */
+ private KerberosErrorType errorCode;
+
+ /** The client principal */
+ private PrincipalName cName; //optional
+
+ /** The server principal */
+ private PrincipalName sName;
+
+ /** Explanatory text */
+ private String explanatoryText; //optional
+ private byte[] explanatoryTextBytes; //optional
+
+ /** Explanatory data */
+ private byte[] explanatoryData; //optional
+
+ /** The server realm*/
+ private String realm;
+ private byte[] realmBytes;
+
+ /** The client realm */
+ private String cRealm;
+ private byte[] cRealmBytes;
+
+ // Storage for computed lengths
+ private transient int cTimeTagLength = 0; // optionnal
+ private transient int cTimeLength = 0; // optionnal
+
+ private transient int cusecTagLength = 0; // optionnal
+ private transient int cusecLength = 0; // optionnal
+
+ private transient int sTimeTagLength;
+ private transient int sTimeLength;
+
+ private transient int susecTagLength;
+
+ private transient int errorCodeTagLength;
+ private transient int errorCodeLength;
+
+ private transient int cRealmTagLength = 0; // optionnal
+ private transient int cRealmLength = 0; // optionnal
+
+ private transient int cNameTagLength = 0; // optionnal
+
+ private transient int realmTagLength;
+ private transient int realmLength;
+
+ private transient int sNameTagLength;
+
+ private transient int explanatoryTextTagLength;
+ private transient int explanatoryTextLength;
+
+ private transient int explanatoryDataTagLength;
+ private transient int explanatoryDataLength;
+
+ private transient int kerberosErrorSeqLength;
+ private transient int kerberosErrorApplLength;
+
+ /**
+ * Creates a new instance of ErrorMessage.
+ */
+ public KerberosError()
+ {
+ super( MessageType.KRB_ERROR );
+
+ // Nullify optionnal data
+ cTime = null;
+ cusec = KerberosUtils.NULL;
+ cRealm = null;
+ cName = null;
+ explanatoryText = null;
+ explanatoryData = null;
+ }
+
+ /**
+ * Creates a new instance of ErrorMessage.
+ *
+ * @param clientTime
+ * @param clientMicroSecond
+ * @param serverTime
+ * @param serverMicroSecond
+ * @param errorCode
+ * @param cname
+ * @param serverPrincipal
+ * @param explanatoryText
+ * @param explanatoryData
+ */
+ public KerberosError( KerberosTime cTime, int cusec, KerberosTime sTime,
+ int susec, KerberosErrorType errorCode, KerberosPrincipal cName, KerberosPrincipal sName,
+ String explanatoryText, byte[] explanatoryData ) throws ParseException
+ {
+ super( MessageType.KRB_ERROR );
+
+ this.cTime = cTime;
+ this.cusec = cusec;
+ this.sTime = sTime;
+ this.susec = susec;
+ this.errorCode = errorCode;
+ this.cName = new PrincipalName( cName );
+ this.cRealm = cName.getRealm();
+ this.sName = new PrincipalName( sName );
+ this.realm = sName.getRealm();
+ this.explanatoryText = explanatoryText;
+ this.explanatoryData = explanatoryData;
+ }
+
+
+ /**
+ * Returns the client {@link KerberosPrincipal}.
+ *
+ * @return The client {@link KerberosPrincipal}.
+ */
+ public PrincipalName getClientPrincipal()
+ {
+ return cName;
+ }
+
+ /**
+ * Set the client principal
+ * @param name Set the client principal
+ */
+ public void setClientPrincipal( KerberosPrincipal cName )
+ {
+ try
+ {
+ this.cName = new PrincipalName( cName );
+ }
+ catch ( ParseException pe )
+ {
+ this.cName = null;
+ }
+ }
+
+ /**
+ * Set the client principal
+ * @param name Set the client principal
+ */
+ public void setClientPrincipal( PrincipalName cName )
+ {
+ this.cName = cName;
+ }
+
+
+ /**
+ * Returns the client {@link KerberosTime}.
+ *
+ * @return The client {@link KerberosTime}.
+ */
+ public KerberosTime getClientTime()
+ {
+ return cTime;
+ }
+
+ /**
+ * Set the client time
+ * @param cTime the client time
+ */
+ public void setClientTime( KerberosTime cTime )
+ {
+ this.cTime = cTime;
+ }
+
+ /**
+ * Returns the client microsecond.
+ *
+ * @return The client microsecond.
+ */
+ public int getClientMicroSecond()
+ {
+ return cusec;
+ }
+
+ /**
+ * Set the client Microseconds
+ * @param cusec the cllient Microseconds
+ */
+ public void setClientMicroSecond( int cusec )
+ {
+ this.cusec = cusec;
+ }
+
+
+ /**
+ * Returns the explanatory data.
+ *
+ * @return The explanatory data.
+ */
+ public byte[] getExplanatoryData()
+ {
+ return explanatoryData;
+ }
+
+ /**
+ * Set the explanatory data
+ * @param explanatoryData The data
+ */
+ public void setExplanatoryData( byte[] explanatoryData )
+ {
+ this.explanatoryData = explanatoryData;
+ }
+
+ /**
+ * Returns the error code.
+ *
+ * @return The error code.
+ */
+ public KerberosErrorType getErrorCode()
+ {
+ return errorCode;
+ }
+
+ /**
+ * Set the error code
+ * @param errorCode The error code
+ */
+ public void setErrorCode( KerberosErrorType errorCode )
+ {
+ this.errorCode = errorCode;
+ }
+
+ /**
+ * Returns the explanatory text.
+ *
+ * @return The explanatory text.
+ */
+ public String getExplanatoryText()
+ {
+ return explanatoryText;
+ }
+
+ /**
+ * Set the explanatory text
+ * @param explanatoryText
+ */
+ public void setExplanatoryText( String explanatoryText )
+ {
+ this.explanatoryText = explanatoryText;
+ }
+
+ /**
+ * Returns the server {@link KerberosPrincipal}.
+ *
+ * @return The server {@link KerberosPrincipal}.
+ */
+ public PrincipalName getServerPrincipal()
+ {
+ return sName;
+ }
+
+ /**
+ * Set the server principal
+ * @param sName The server principal
+ */
+ public void setServerPrincipal( KerberosPrincipal sName )
+ {
+ try
+ {
+ this.sName = new PrincipalName( sName );
+ }
+ catch ( ParseException pe )
+ {
+ this.sName = null;
+ }
+ }
+
+ /**
+ * Set the server principal
+ * @param sName The server principal
+ */
+ public void setServerPrincipal( PrincipalName sName )
+ {
+ this.sName = sName;
+ }
+
+ /**
+ * Returns the server {@link KerberosTime}.
+ *
+ * @return The server {@link KerberosTime}.
+ */
+ public KerberosTime getServerTime()
+ {
+ return sTime;
+ }
+
+ /**
+ * Set the server time
+ * @param time The server time
+ */
+ public void setServerTime( KerberosTime sTime )
+ {
+ this.sTime = sTime;
+ }
+
+ /**
+ * Returns the server microsecond.
+ *
+ * @return The server microsecond.
+ */
+ public int getServerMicroSecond()
+ {
+ return susec;
+ }
+
+ /**
+ * Get the microsecond part of the server's
+ * timestamp
+ * @return the microsecond part of the server's
+ * timestamp
+ */
+ public int getServerMicroseconds()
+ {
+ return susec;
+ }
+
+ /**
+ * Set the microsecond part of the server's
+ * timestamp
+ * @susec the microsecond part of the server's
+ * timestamp
+ */
+ public void setServerMicroseconds( int susec )
+ {
+ this.susec = susec;
+ }
+
+ /**
+ * Get the client realm
+ * @return the client realm
+ */
+ public String getClientRealm()
+ {
+ return cRealm;
+ }
+
+ /**
+ * Set the client realm
+ * @param realm The client realm
+ */
+ public void setClientRealm( String realm )
+ {
+ cRealm = realm;
+ }
+
+ /**
+ * Get the server realm
+ * @return the server realm
+ */
+ public String getServerRealm()
+ {
+ return realm;
+ }
+
+ /**
+ * Set the server realm
+ * @param realm The server realm
+ */
+ public void setServerRealm( String realm )
+ {
+ this.realm = realm;
+ }
+
+ /**
+ * Return the length of a kerberos error message .
+ *
+ * 0x7E L1
+ * |
+ * +--> 0x30 L2
+ * |
+ * +--> 0xA0 0x03
+ * | |
+ * | +--> 0x02 0x01 pvno (integer)
+ * |
+ * +--> 0xA1 0x03
+ * | |
+ * | +--> 0x02 0x01 messageType (integer)
+ * |
+ * [+--> 0xA2 0x11
+ * | |
+ * | +--> 0x18 0x0F ctime (KerberosTime, optionnal)]
+ * |
+ * [+--> 0xA3 L3
+ * | |
+ * | +--> 0x02 L3-1 cusec (integer, optionnal)]
+ * |
+ * +--> 0xA4 L4
+ * | |
+ * | +--> 0x18 L4-1 stime (KerberosTime)
+ * |
+ * +--> 0xA5 L5
+ * | |
+ * | +--> 0x02 L5-1 susec (integer)
+ * |
+ * +--> 0xA6 L6
+ * | |
+ * | +--> 0x02 L6-1 error-code (integer)
+ * |
+ * [+--> 0xA7 L7
+ * | |
+ * | +--> 0x1B L7-1 crealm (String, optionnal)]
+ * |
+ * [+--> 0xA8 L8
+ * | |
+ * | +--> 0x1B L8-1 cname (String, optionnal)]
+ * |
+ * +--> 0xA9 L9
+ * | |
+ * | +--> 0x1B L9-1 realm (String)
+ * |
+ * +--> 0xAA L10
+ * | |
+ * | +--> 0x1B L10-1 sname (String)
+ * |
+ * [+--> 0xAB L11
+ * | |
+ * | +--> 0x1B L11-1 e-text (String, optionnal)]
+ * |
+ * [+--> 0xAC L12
+ * |
+ * +--> 0x04 L12-1 e-data (OCTET-STRING, optionnal)]
+ */
+ public int computeLength()
+ {
+ // First compute the KerberosMessage length
+ kerberosErrorSeqLength = super.computeLength();
+
+ // The clientTime (optionnal)
+ if ( cTime != null )
+ {
+ // The time length
+ cTimeLength = 15;
+ cTimeTagLength = 1 + 1 + cTimeLength;
+
+ kerberosErrorSeqLength +=
+ 1 + TLV.getNbBytes( cTimeTagLength ) + cTimeTagLength;
+ }
+
+ if ( cusec != KerberosUtils.NULL )
+ {
+ // The cusec length
+ cusecLength = Value.getNbBytes( cusec );
+ cusecTagLength = 1 + TLV.getNbBytes( cusecLength ) + cusecLength;
+
+ kerberosErrorSeqLength +=
+ 1 + TLV.getNbBytes( cusecTagLength ) + cusecTagLength;
+ }
+
+ // The serverTime length
+ sTimeLength = 15;
+ sTimeTagLength = 1 + 1 + sTimeLength;
+
+ kerberosErrorSeqLength +=
+ 1 + TLV.getNbBytes( sTimeTagLength ) + sTimeTagLength;
+
+ // The susec length
+ int susecLength = Value.getNbBytes( susec );
+ susecTagLength = 1 + TLV.getNbBytes( susecLength ) + susecLength;
+
+ kerberosErrorSeqLength +=
+ 1 + TLV.getNbBytes( susecTagLength ) + susecTagLength;
+
+ // The error-code length
+ errorCodeLength = Value.getNbBytes( errorCode.getOrdinal() );
+ errorCodeTagLength = 1 + TLV.getNbBytes( errorCodeLength ) + errorCodeLength;
+
+ kerberosErrorSeqLength +=
+ 1 + TLV.getNbBytes( errorCodeTagLength ) + errorCodeTagLength;
+
+ // The client realm length
+ if ( cRealm != null)
+ {
+ // The crealm length
+ cRealmBytes = StringTools.getBytesUtf8( cRealm );
+ cRealmLength = cRealmBytes.length;
+ cRealmTagLength = 1 + TLV.getNbBytes( cRealmLength ) + cRealmLength;
+
+ kerberosErrorSeqLength +=
+ 1 + TLV.getNbBytes( cRealmTagLength ) + cRealmTagLength;
+ }
+
+ // The client principalName, if any
+ if ( cName != null )
+ {
+ // The cname length
+ cNameTagLength = cName.computeLength();
+
+ kerberosErrorSeqLength +=
+ 1 + TLV.getNbBytes( cNameTagLength ) + cNameTagLength;
+ }
+
+ // The realm length
+ realmBytes = StringTools.getBytesUtf8( realm );
+ realmLength = realmBytes.length;
+ realmTagLength = 1 + TLV.getNbBytes( realmLength ) + realmLength;
+
+ kerberosErrorSeqLength +=
+ 1 + TLV.getNbBytes( realmTagLength ) + realmTagLength;
+
+ // The sname length
+ sNameTagLength = sName.computeLength();
+
+ kerberosErrorSeqLength +=
+ 1 + TLV.getNbBytes( sNameTagLength ) + sNameTagLength;
+
+ // The explanatory length, if any
+ if ( explanatoryText != null )
+ {
+ explanatoryTextBytes = StringTools.getBytesUtf8( explanatoryText );
+ explanatoryTextLength = explanatoryTextBytes.length;
+ explanatoryTextTagLength = 1 + TLV.getNbBytes( explanatoryTextLength ) + explanatoryTextLength;
+
+ kerberosErrorSeqLength +=
+ 1 + TLV.getNbBytes( explanatoryTextTagLength ) + explanatoryTextTagLength;
+ }
+
+ // The explanatoryData length, if any
+ if ( explanatoryData != null )
+ {
+ explanatoryDataLength = explanatoryData.length;
+ explanatoryDataTagLength = 1 + TLV.getNbBytes( explanatoryDataLength ) + explanatoryDataLength;
+
+ kerberosErrorSeqLength +=
+ 1 + TLV.getNbBytes( explanatoryDataTagLength ) + explanatoryDataTagLength;
+ }
+
+ kerberosErrorApplLength = 1 + TLV.getNbBytes( kerberosErrorSeqLength ) + kerberosErrorSeqLength;
+ return 1 + TLV.getNbBytes( kerberosErrorApplLength ) + kerberosErrorApplLength;
+ }
+
+ /**
+ * Encode the KerberosError message to a PDU.
+ *
+ * KRB-ERROR :
+ *
+ * 0x7E LL
+ * 0x30 LL
+ * 0xA0 LL pvno
+ * 0xA1 LL msg-type
+ * [0xA2 LL ctime]
+ * [0xA3 LL cusec]
+ * 0xA4 LL stime
+ * 0xA5 LL susec
+ * 0xA6 LL error-code
+ * [0xA7 LL crealm]
+ * [0xA8 LL cname]
+ * 0xA9 LL realm
+ * 0xAA LL sname
+ * [0xAB LL e-text]
+ * [0xAC LL e-data]
+ *
+ * @param buffer The buffer where to put the PDU. It should have been allocated
+ * before, with the right size.
+ * @return The constructed PDU.
+ */
+ public ByteBuffer encode( ByteBuffer buffer ) throws EncoderException
+ {
+ if ( buffer == null )
+ {
+ buffer = ByteBuffer.allocate( computeLength() );
+ }
+
+ try
+ {
+ // The KerberosError APPLICATION Tag
+ buffer.put( (byte)0x7E );
+ buffer.put( TLV.getBytes( kerberosErrorApplLength ) );
+
+ // The KerberosError SEQUENCE Tag
+ buffer.put( UniversalTag.SEQUENCE_TAG );
+ buffer.put( TLV.getBytes( kerberosErrorSeqLength ) );
+
+ // The pvno Tag and value
+ super.encode( buffer );
+
+
+ // The clientTime Tag and value, if any
+ if ( cTime != null )
+ {
+ buffer.put( ( byte )0xA2 );
+ buffer.put( TLV.getBytes( cTimeTagLength ) );
+ buffer.put( UniversalTag.GENERALIZED_TIME_TAG );
+ buffer.put( TLV.getBytes( cTimeLength ) );
+ buffer.put( StringTools.getBytesUtf8( cTime.toString() ) );
+ }
+
+ // The cusec Tag and value, if any
+ if ( cusec != KerberosUtils.NULL )
+ {
+ buffer.put( ( byte )0xA3 );
+ buffer.put( TLV.getBytes( cusecTagLength ) );
+ Value.encode( buffer, cusec );
+ }
+
+ // The serverTime Tag and value, if any
+ if ( sTime != null )
+ {
+ buffer.put( ( byte )0xA4 );
+ buffer.put( TLV.getBytes( sTimeTagLength ) );
+ buffer.put( UniversalTag.GENERALIZED_TIME_TAG );
+ buffer.put( TLV.getBytes( sTimeLength ) );
+ buffer.put( StringTools.getBytesUtf8( sTime.toString() ) );
+ }
+
+ // Server millisecond encoding
+ buffer.put( ( byte )0xA5 );
+ buffer.put( TLV.getBytes( susecTagLength ) );
+ Value.encode( buffer, susec );
+
+ // Error code encoding
+ buffer.put( ( byte )0xA6 );
+ buffer.put( TLV.getBytes( errorCodeTagLength ) );
+ Value.encode( buffer, errorCode.getOrdinal() );
+
+ // Client Realm encoding, if any
+ if ( cRealm != null )
+ {
+ buffer.put( ( byte )0xA7 );
+ buffer.put( TLV.getBytes( cRealmTagLength ) );
+ buffer.put( UniversalTag.GENERALIZED_STRING_TAG );
+ buffer.put( TLV.getBytes( cRealmLength ) );
+ buffer.put( cRealmBytes );
+ }
+
+ // ClientPrincipal encoding, if any
+ if ( cName != null )
+ {
+ buffer.put( ( byte )0xA8 );
+ buffer.put( TLV.getBytes( cNameTagLength ) );
+ cName.encode( buffer );
+ }
+
+ // ServerRealm encoding
+ buffer.put( ( byte )0xA9 );
+ buffer.put( TLV.getBytes( realmTagLength ) );
+ buffer.put( UniversalTag.GENERALIZED_STRING_TAG );
+ buffer.put( TLV.getBytes( realmLength ) );
+ buffer.put( realmBytes );
+
+ // Server principal encoding
+ buffer.put( ( byte )0xAA );
+ buffer.put( TLV.getBytes( sNameTagLength ) );
+ sName.encode( buffer );
+
+ // Explanatory Text encoding if any
+ if ( explanatoryText != null )
+ {
+ buffer.put( ( byte )0xAB );
+ buffer.put( TLV.getBytes( explanatoryTextTagLength ) );
+ buffer.put( UniversalTag.GENERALIZED_STRING_TAG );
+ buffer.put( TLV.getBytes( explanatoryTextLength ) );
+ buffer.put( explanatoryTextBytes );
+ }
+
+ // Explanatory Data encoding if any
+ if ( explanatoryData != null )
+ {
+ buffer.put( ( byte )0xAC );
+ buffer.put( TLV.getBytes( explanatoryDataTagLength ) );
+ Value.encode( buffer, explanatoryData );
+ }
+ }
+ catch ( BufferOverflowException boe )
+ {
+ log.error( "Cannot encode the KRB-ERROR object, the PDU size is {} when only {} bytes has been allocated", 1
+ + TLV.getNbBytes( kerberosErrorApplLength ) + kerberosErrorApplLength, buffer.capacity() );
+ throw new EncoderException( "The PDU buffer size is too small !" );
+ }
+
+ if ( IS_DEBUG )
+ {
+ log.debug( "KRB-ERROR encoding : {}", StringTools.dumpBytes( buffer.array() ) );
+ log.debug( "KRB-ERROR initial value : {}", toString() );
+ }
+
+ return buffer;
+ }
+}
Modified: directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/KerberosMessage.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/KerberosMessage.java?rev=578743&r1=578742&r2=578743&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/KerberosMessage.java (original)
+++ directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/KerberosMessage.java Mon Sep 24 03:18:05 2007
@@ -19,21 +19,62 @@
*/
package org.apache.directory.server.kerberos.shared.messages;
+import java.nio.BufferOverflowException;
+import java.nio.ByteBuffer;
+
+import org.apache.directory.shared.asn1.AbstractAsn1Object;
+import org.apache.directory.shared.asn1.ber.tlv.TLV;
+import org.apache.directory.shared.asn1.ber.tlv.Value;
+import org.apache.directory.shared.asn1.codec.EncoderException;
+import org.apache.directory.shared.ldap.util.StringTools;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
/**
+ * A common inherited class which contains the protocol version number and the
+ * message type.
+ *
+ * The part of ASN.1 grammar will be something like :
+ * pvno [T1] INTEGER (5),
+ * msg-type [T2] INTEGER (11 -- AS -- | 13 -- TGS --),
+ *
+ * where T1 and T2 can differ from one message to another.
+ * Encoding such a message won't be done in this upper class, but in each of
+ * the inherited class, for this reason
+ *
* @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
* @version $Rev$, $Date$
*/
-public class KerberosMessage
+public abstract class KerberosMessage extends AbstractAsn1Object
{
+ /** The logger */
+ private static final Logger log = LoggerFactory.getLogger( KerberosMessage.class );
+
+ /** Speedup for logs */
+ private static final boolean IS_DEBUG = log.isDebugEnabled();
+
/**
* The Kerberos protocol version number (5).
*/
public static final int PVNO = 5;
- private int protocolVersionNumber;
+ /** The protocol version number */
+ private int pvno;
+
+ /** The message type */
private MessageType messageType;
-
+
+ /** The starting tag for the encoding and decoding
+ * It can differ from one message to another. Default to 0xA0;
+ **/
+ private byte startingTag = (byte)0xA0;
+
+ // Storage for computed lengths
+ private transient int pvnoTagLength;
+ private transient int pvnoLength;
+ private transient int msgTypeTagLength;
+ private transient int msgTypeLength;
/**
* Creates a new instance of KerberosMessage.
@@ -54,7 +95,7 @@
*/
public KerberosMessage( int versionNumber, MessageType type )
{
- protocolVersionNumber = versionNumber;
+ pvno = versionNumber;
messageType = type;
}
@@ -88,7 +129,7 @@
*/
public int getProtocolVersionNumber()
{
- return protocolVersionNumber;
+ return pvno;
}
@@ -99,6 +140,115 @@
*/
public void setProtocolVersionNumber( int versionNumber )
{
- protocolVersionNumber = versionNumber;
+ pvno = versionNumber;
+ }
+
+ /**
+ * Set the starting tag if different to 0xA0
+ * @param startingTag The starting tag
+ */
+ protected void setStartingTag( byte startingTag )
+ {
+ this.startingTag = startingTag;
+ }
+
+ /**
+ * Return the length of this encoded part.
+ *
+ * Ax L1
+ * 0X02 0X01 pvno (default to 5)
+ * A(x+1) L2
+ * 0x02 0x01 messageType (Integer)
+ *
+ * The Ax and A(x+1) can be different depending on the handled messages.
+ */
+ public int computeLength()
+ {
+ // This part's length is easy to compute :
+ // 1 for each tag
+ // 1 for each integer value
+ // 1 for each value
+ pvnoLength = Value.getNbBytes( pvno );
+ pvnoTagLength = 1 + TLV.getNbBytes( pvnoLength ) + pvnoLength;
+
+ msgTypeLength = Value.getNbBytes( messageType.getOrdinal() );
+ msgTypeTagLength = 1 + TLV.getNbBytes( msgTypeLength ) + msgTypeLength;
+
+ return
+ 1 + TLV.getNbBytes( pvnoTagLength ) + pvnoTagLength +
+ 1 + TLV.getNbBytes( msgTypeTagLength ) + msgTypeTagLength;
+ }
+
+ /**
+ * Encode the common KerberosMessage part.
+ *
+ * 0xA0 L1
+ * 0X02 0X01 pvno (default to 5)
+ * 0xA1 L2
+ * 0x02 0x01 messageType (Integer)
+ *
+ * or
+ * 0xA1 L1
+ * 0X02 0X01 pvno (default to 5)
+ * 0xA2 L2
+ * 0x02 0x01 messageType (Integer)
+ *
+ * depending on the startingTag value.
+ */
+ public ByteBuffer encode( ByteBuffer buffer ) throws EncoderException
+ {
+ if ( buffer == null )
+ {
+ throw new EncoderException( "Null buffer not allowed" );
+ }
+
+ try
+ {
+ // The pvno tag
+ buffer.put( startingTag );
+ buffer.put( TLV.getBytes( pvnoTagLength ) );
+ Value.encode( buffer, pvno );
+
+ // The Ticket SEQUENCE Tag
+ buffer.put( (byte)( startingTag + 1 ) );
+ buffer.put( TLV.getBytes( msgTypeTagLength ) );
+ Value.encode( buffer, messageType.getOrdinal() );
+ }
+ catch ( BufferOverflowException boe )
+ {
+ log.error( "Cannot encode the KerberosMessage object, the PDU size is {} when only {} bytes has been allocated",
+ 1 + TLV.getNbBytes( pvno ) + pvnoLength +
+ 1 + TLV.getNbBytes( messageType.getOrdinal() ) + msgTypeLength );
+ throw new EncoderException( "The PDU buffer size is too small !" );
+ }
+
+ if ( IS_DEBUG )
+ {
+ log.debug( "KerberosMessage encoding : {}", StringTools.dumpBytes( buffer.array() ) );
+ log.debug( "KerberosMessage initial value : {}", toString() );
+ }
+
+ return buffer;
+ }
+
+ /**
+ * @see Object#toString()
+ */
+ public String toString( String tabs )
+ {
+ StringBuilder sb = new StringBuilder();
+
+ sb.append( tabs ).append( "NYI\n" );
+
+ return sb.toString();
+ }
+
+
+ /**
+ * @see Object#toString()
+ */
+ public String toString()
+ {
+ return toString( "" );
}
}
Added: directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/KerberosPriv.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/KerberosPriv.java?rev=578743&view=auto
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/KerberosPriv.java (added)
+++ directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/KerberosPriv.java Mon Sep 24 03:18:05 2007
@@ -0,0 +1,204 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.server.kerberos.shared.messages;
+
+import java.nio.BufferOverflowException;
+import java.nio.ByteBuffer;
+
+import org.apache.directory.server.kerberos.shared.messages.value.EncryptedData;
+import org.apache.directory.shared.asn1.ber.tlv.TLV;
+import org.apache.directory.shared.asn1.ber.tlv.UniversalTag;
+import org.apache.directory.shared.asn1.codec.EncoderException;
+import org.apache.directory.shared.ldap.util.StringTools;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * The KRB-PRIV message. The ASN.1 grammar is the following :
+ *
+ * KRB-PRIV ::= [APPLICATION 21] SEQUENCE {
+ * pvno [0] INTEGER (5),
+ * msg-type [1] INTEGER (21),
+ * -- NOTE: there is no [2] tag
+ * enc-part [3] EncryptedData -- EncKrbPrivPart
+ * }
+ *
+ * pvno and msg-type are inherited from KerberosMessage
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev: 540371 $, $Date: 2007-05-22 02:00:43 +0200 (Tue, 22 May 2007) $
+ */
+public class KerberosPriv extends KerberosMessage
+{
+ /** The logger */
+ private static final Logger log = LoggerFactory.getLogger( KerberosPriv.class );
+
+ /** Speedup for logs */
+ private static final boolean IS_DEBUG = log.isDebugEnabled();
+
+ /** The encrypted data part */
+ private EncryptedData encPart;
+
+ // Storage for computed lengths
+ private transient int encPartTagLength = 0;
+
+ private transient int kerberosPrivSeqLength;
+ private transient int kerberosPrivApplLength;
+
+
+
+ /**
+ * Creates a new instance of KerberosPriv.
+ */
+ public KerberosPriv()
+ {
+ super( MessageType.KRB_PRIV );
+ encPart = null;
+ }
+
+ /**
+ * @return The encrypted part
+ */
+ public EncryptedData getEncPart()
+ {
+ return encPart;
+ }
+
+ /**
+ * Set the encrypted part
+ * @param encPart The encrypted part
+ */
+ public void setEncPart( EncryptedData encPart )
+ {
+ this.encPart = encPart;
+ }
+
+ /**
+ * Return the length of a Kerberos Priv message .
+ *
+ * 0x75 L1
+ * |
+ * +--> 0x30 L2
+ * |
+ * +--> 0xA0 0x03
+ * | |
+ * | +--> 0x02 0x01 pvno (integer)
+ * |
+ * +--> 0xA1 0x03
+ * | |
+ * | +--> 0x02 0x01 msg-type (integer)
+ * |
+ * +--> 0xA3 L3
+ * |
+ * +--> 0x02 L3-1 enc-part (EncryptedData)
+ */
+ public int computeLength()
+ {
+ // First compute the KerberosMessage length
+ kerberosPrivSeqLength = super.computeLength();
+
+ // The encrypted data length
+ if ( encPart == null )
+ {
+ return -1;
+ }
+
+ encPartTagLength = encPart.computeLength();
+
+ kerberosPrivSeqLength +=
+ 1 + TLV.getNbBytes( encPartTagLength ) + encPartTagLength;
+
+
+ kerberosPrivApplLength = 1 + TLV.getNbBytes( kerberosPrivSeqLength ) + kerberosPrivSeqLength;
+ return 1 + TLV.getNbBytes( kerberosPrivApplLength ) + kerberosPrivApplLength;
+ }
+
+ /**
+ * Encode the KerberosPriv message to a PDU.
+ *
+ * KRB-PRIV :
+ *
+ * 0x75 LL
+ * 0x30 LL
+ * 0xA0 LL pvno
+ * 0xA1 LL msg-type
+ * 0xA3 LL enc-part
+ *
+ * @param buffer The buffer where to put the PDU. It should have been allocated
+ * before, with the right size.
+ * @return The constructed PDU.
+ */
+ public ByteBuffer encode( ByteBuffer buffer ) throws EncoderException
+ {
+ if ( buffer == null )
+ {
+ int bufferCapacity = computeLength();
+
+ if ( bufferCapacity == -1 )
+ {
+ log.error( "Cannot compute the buffer size" );
+ throw new EncoderException( "Cannot compute the buffer size" );
+ }
+ buffer = ByteBuffer.allocate( bufferCapacity );
+ }
+
+ try
+ {
+ // The KerberosPriv APPLICATION Tag
+ buffer.put( (byte)0x75 );
+ buffer.put( TLV.getBytes( kerberosPrivApplLength ) );
+
+ // The KerberosPriv SEQUENCE Tag
+ buffer.put( UniversalTag.SEQUENCE_TAG );
+ buffer.put( TLV.getBytes( kerberosPrivSeqLength ) );
+
+ // The pvno Tag and value
+ super.encode( buffer );
+
+ // Encrypted Data encoding
+ buffer.put( ( byte )0xA3 );
+ buffer.put( TLV.getBytes( encPartTagLength ) );
+
+ if ( encPart != null )
+ {
+ encPart.encode( buffer );
+ }
+ else
+ {
+ log.error( "Null Encrypted Data part" );
+ throw new EncoderException( "The encrypted Data must not be null" );
+ }
+ }
+ catch ( BufferOverflowException boe )
+ {
+ log.error( "Cannot encode the KRB-PRIV object, the PDU size is {} when only {} bytes has been allocated", 1
+ + TLV.getNbBytes( kerberosPrivApplLength ) + kerberosPrivApplLength, buffer.capacity() );
+ throw new EncoderException( "The PDU buffer size is too small !" );
+ }
+
+ if ( IS_DEBUG )
+ {
+ log.debug( "KRB-PRIV encoding : {}", StringTools.dumpBytes( buffer.array() ) );
+ log.debug( "KRB-PRIV initial value : {}", toString() );
+ }
+
+ return buffer;
+ }
+}
Modified: directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/TicketGrantReply.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/TicketGrantReply.java?rev=578743&r1=578742&r2=578743&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/TicketGrantReply.java (original)
+++ directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/TicketGrantReply.java Mon Sep 24 03:18:05 2007
@@ -20,6 +20,8 @@
package org.apache.directory.server.kerberos.shared.messages;
+import java.util.List;
+
import javax.security.auth.kerberos.KerberosPrincipal;
import org.apache.directory.server.kerberos.shared.messages.components.Ticket;
@@ -50,9 +52,12 @@
* @param ticket
* @param encPart
*/
- public TicketGrantReply( PreAuthenticationData[] pAData, KerberosPrincipal clientPrincipal, Ticket ticket,
+ public TicketGrantReply( List<PreAuthenticationData> pAData, KerberosPrincipal clientPrincipal, Ticket ticket,
EncryptedData encPart )
{
- super( pAData, clientPrincipal, ticket, encPart, MessageType.KRB_TGS_REP );
+ super( MessageType.KRB_TGS_REP );
+ super.setPaData( pAData );
+ super.setClientPrincipal( clientPrincipal );
+ super.setEncPart( encPart );
}
}
Added: directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/TicketGrantingServerRequest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/TicketGrantingServerRequest.java?rev=578743&view=auto
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/TicketGrantingServerRequest.java (added)
+++ directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/TicketGrantingServerRequest.java Mon Sep 24 03:18:05 2007
@@ -0,0 +1,150 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.server.kerberos.shared.messages;
+
+
+import java.nio.BufferOverflowException;
+import java.nio.ByteBuffer;
+import java.util.List;
+
+import org.apache.directory.server.kerberos.shared.messages.value.PreAuthenticationData;
+import org.apache.directory.server.kerberos.shared.messages.value.KerberosRequestBody;
+import org.apache.directory.shared.asn1.ber.tlv.TLV;
+import org.apache.directory.shared.asn1.codec.EncoderException;
+import org.apache.directory.shared.ldap.util.StringTools;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+
+/**
+ * This class implements the TGS-REQ message.
+ *
+ * The ASN.1 grammar is the following :
+ *
+ * TGS-REQ ::= [APPLICATION 12] KDC-REQ
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev: 540371 $, $Date: 2007-05-22 02:00:43 +0200 (Tue, 22 May 2007) $
+ */
+public class TicketGrantingServerRequest extends KdcRequest
+{
+ /** The logger */
+ private static final Logger log = LoggerFactory.getLogger( TicketGrantingServerRequest.class );
+
+ /** Speedup for logs */
+ private static final boolean IS_DEBUG = log.isDebugEnabled();
+
+ // Storage for computed lengths
+ private transient int tgsReqAppLength;
+
+ /**
+ * Creates a new instance of TicketGrantingServerRequest.
+ *
+ * @param paData
+ * @param clientPrincipal
+ * @param ticket
+ * @param encPart
+ */
+ public TicketGrantingServerRequest( List<PreAuthenticationData> paData, KerberosRequestBody requestBody )
+ {
+ super( MessageType.KRB_TGS_REQ, paData, requestBody );
+ }
+
+ /**
+ * Return the length of a TGS-REQ message .
+ *
+ * 0x6C L1
+ * |
+ * +--> 0x30 L2 KDC-REQ
+ */
+ public int computeLength()
+ {
+ // Compute the KDC-REQ length
+ tgsReqAppLength = super.computeLength();
+
+ return 1 + TLV.getNbBytes( tgsReqAppLength ) + tgsReqAppLength;
+ }
+
+ /**
+ * Encode the TGS-REQ message to a PDU.
+ *
+ * TGS-REQ :
+ *
+ * 0x6C LL
+ * 0x30 LL KDC-REQ
+ *
+ * @param buffer The buffer where to put the PDU. It should have been allocated
+ * before, with the right size.
+ * @return The constructed PDU.
+ */
+ public ByteBuffer encode( ByteBuffer buffer ) throws EncoderException
+ {
+ if ( buffer == null )
+ {
+ buffer = ByteBuffer.allocate( computeLength() );
+ }
+
+ try
+ {
+ // The TGS-REQ application Tag
+ buffer.put( (byte)0x6C );
+ buffer.put( TLV.getBytes( tgsReqAppLength ) );
+
+ // Encode the requestBody
+ super.encode( buffer );
+ }
+ catch ( BufferOverflowException boe )
+ {
+ log.error( "Cannot encode the TGS-REQ object, the PDU size is {} when only {} bytes has been allocated", 1
+ + TLV.getNbBytes( tgsReqAppLength ) + tgsReqAppLength, buffer.capacity() );
+ throw new EncoderException( "The PDU buffer size is too small !" );
+ }
+
+ if ( IS_DEBUG )
+ {
+ log.debug( "TGS-REQ encoding : {}", StringTools.dumpBytes( buffer.array() ) );
+ log.debug( "TGS-REQ initial value : {}", toString() );
+ }
+
+ return buffer;
+ }
+
+ /**
+ * @see Object#toString()
+ */
+ public String toString( String tabs )
+ {
+ StringBuilder sb = new StringBuilder();
+
+ sb.append( tabs ).append( "TGS-REQ\n" );
+ sb.append( super.toString( tabs + " " ) );
+
+ return sb.toString();
+ }
+
+
+ /**
+ * @see Object#toString()
+ */
+ public String toString()
+ {
+ return toString( "" );
+ }
+}