You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by el...@apache.org on 2010/11/14 15:03:48 UTC
svn commit: r1034997 - in /directory/apacheds/trunk/kerberos-codec/src:
main/java/org/apache/directory/shared/kerberos/codec/kdcReqBody/
main/java/org/apache/directory/shared/kerberos/codec/kdcReqBody/actions/
main/java/org/apache/directory/shared/kerb...
Author: elecharny
Date: Sun Nov 14 14:03:48 2010
New Revision: 1034997
URL: http://svn.apache.org/viewvc?rev=1034997&view=rev
Log:
o Finished the KDC-REQ-BODY decoder
o Added a first test for it, some other will be added
Added:
directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/codec/kdcReqBody/actions/AddTicket.java
Modified:
directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/codec/kdcReqBody/KdcReqBodyGrammar.java
directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/codec/ticket/actions/TicketEncPart.java
directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/components/KdcReqBody.java
directory/apacheds/trunk/kerberos-codec/src/test/java/org/apache/directory/shared/kerberos/codec/KdcReqBodyDecoderTest.java
Modified: directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/codec/kdcReqBody/KdcReqBodyGrammar.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/codec/kdcReqBody/KdcReqBodyGrammar.java?rev=1034997&r1=1034996&r2=1034997&view=diff
==============================================================================
--- directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/codec/kdcReqBody/KdcReqBodyGrammar.java (original)
+++ directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/codec/kdcReqBody/KdcReqBodyGrammar.java Sun Nov 14 14:03:48 2010
@@ -27,6 +27,7 @@ import org.apache.directory.shared.asn1.
import org.apache.directory.shared.kerberos.KerberosConstants;
import org.apache.directory.shared.kerberos.codec.actions.CheckNotNullLength;
import org.apache.directory.shared.kerberos.codec.kdcReqBody.actions.AddEType;
+import org.apache.directory.shared.kerberos.codec.kdcReqBody.actions.AddTicket;
import org.apache.directory.shared.kerberos.codec.kdcReqBody.actions.ETypeSequence;
import org.apache.directory.shared.kerberos.codec.kdcReqBody.actions.KdcReqBodyInit;
import org.apache.directory.shared.kerberos.codec.kdcReqBody.actions.StoreAddresses;
@@ -321,6 +322,16 @@ public final class KdcReqBodyGrammar ext
KdcReqBodyStatesEnum.KDC_REQ_BODY_ETYPE_STATE, KdcReqBodyStatesEnum.KDC_REQ_BODY_ENC_AUTH_DATA_STATE, KerberosConstants.KDC_REQ_BODY_ENC_AUTHZ_DATA_TAG,
new StoreEncAuthorizationData() );
+ // --------------------------------------------------------------------------------------------
+ // Transition from EType values to additionalTickets tag (addresses and enc-authorization data
+ // are empty)
+ // --------------------------------------------------------------------------------------------
+ // KDC-REQ-BODY ::= SEQUENCE {
+ // ...
+ // additional-tickets [11]
+ super.transitions[KdcReqBodyStatesEnum.KDC_REQ_BODY_ETYPE_STATE.ordinal()][KerberosConstants.KDC_REQ_BODY_ADDITIONAL_TICKETS_TAG] = new GrammarTransition(
+ KdcReqBodyStatesEnum.KDC_REQ_BODY_ETYPE_STATE, KdcReqBodyStatesEnum.KDC_REQ_BODY_ADDITIONAL_TICKETS_TAG_STATE, KerberosConstants.KDC_REQ_BODY_ADDITIONAL_TICKETS_TAG,
+ new CheckNotNullLength() );
@@ -333,11 +344,61 @@ public final class KdcReqBodyGrammar ext
super.transitions[KdcReqBodyStatesEnum.KDC_REQ_BODY_ADDRESSES_STATE.ordinal()][KerberosConstants.KDC_REQ_BODY_ENC_AUTHZ_DATA_TAG] = new GrammarTransition(
KdcReqBodyStatesEnum.KDC_REQ_BODY_ADDRESSES_STATE, KdcReqBodyStatesEnum.KDC_REQ_BODY_ENC_AUTH_DATA_STATE, KerberosConstants.KDC_REQ_BODY_ENC_AUTHZ_DATA_TAG,
new StoreEncAuthorizationData() );
- }
+ // --------------------------------------------------------------------------------------------
+ // Transition from addresses values to additional-tickets tag
+ // --------------------------------------------------------------------------------------------
+ // KDC-REQ-BODY ::= SEQUENCE {
+ // ...
+ // additional-tickets [11]
+ super.transitions[KdcReqBodyStatesEnum.KDC_REQ_BODY_ADDRESSES_STATE.ordinal()][KerberosConstants.KDC_REQ_BODY_ADDITIONAL_TICKETS_TAG] = new GrammarTransition(
+ KdcReqBodyStatesEnum.KDC_REQ_BODY_ADDRESSES_STATE, KdcReqBodyStatesEnum.KDC_REQ_BODY_ADDITIONAL_TICKETS_TAG_STATE, KerberosConstants.KDC_REQ_BODY_ADDITIONAL_TICKETS_TAG,
+ new CheckNotNullLength() );
+
+
+
+ // --------------------------------------------------------------------------------------------
+ // Transition from encAuthorizationData to additional-tickets tag
+ // --------------------------------------------------------------------------------------------
+ // KDC-REQ-BODY ::= SEQUENCE {
+ // ...
+ // additional-tickets [11]
+ super.transitions[KdcReqBodyStatesEnum.KDC_REQ_BODY_ENC_AUTH_DATA_STATE.ordinal()][KerberosConstants.KDC_REQ_BODY_ADDITIONAL_TICKETS_TAG] = new GrammarTransition(
+ KdcReqBodyStatesEnum.KDC_REQ_BODY_ENC_AUTH_DATA_STATE, KdcReqBodyStatesEnum.KDC_REQ_BODY_ADDITIONAL_TICKETS_TAG_STATE, KerberosConstants.KDC_REQ_BODY_ADDITIONAL_TICKETS_TAG,
+ new CheckNotNullLength() );
- // ~ Methods
- // ------------------------------------------------------------------------------------
+
+
+ // --------------------------------------------------------------------------------------------
+ // Transition from additional-tickets tag to Ticket SEQUENCE
+ // --------------------------------------------------------------------------------------------
+ // KDC-REQ-BODY ::= SEQUENCE {
+ // ...
+ // additional-tickets [11] SEQUENCE OF
+ super.transitions[KdcReqBodyStatesEnum.KDC_REQ_BODY_ADDITIONAL_TICKETS_TAG_STATE.ordinal()][UniversalTag.SEQUENCE.getValue()] = new GrammarTransition(
+ KdcReqBodyStatesEnum.KDC_REQ_BODY_ADDITIONAL_TICKETS_TAG_STATE, KdcReqBodyStatesEnum.KDC_REQ_BODY_ADDITIONAL_TICKETS_SEQ_STATE, UniversalTag.SEQUENCE.getValue(),
+ new CheckNotNullLength() );
+
+ // --------------------------------------------------------------------------------------------
+ // Transition from Ticket SEQUENCE to Ticket
+ // --------------------------------------------------------------------------------------------
+ // KDC-REQ-BODY ::= SEQUENCE {
+ // ...
+ // additional-tickets [11] SEQUENCE OF Ticket
+ super.transitions[KdcReqBodyStatesEnum.KDC_REQ_BODY_ADDITIONAL_TICKETS_SEQ_STATE.ordinal()][KerberosConstants.TICKET_TAG] = new GrammarTransition(
+ KdcReqBodyStatesEnum.KDC_REQ_BODY_ADDITIONAL_TICKETS_SEQ_STATE, KdcReqBodyStatesEnum.KDC_REQ_BODY_ADDITIONAL_TICKETS_STATE, KerberosConstants.TICKET_TAG,
+ new AddTicket() );
+
+ // --------------------------------------------------------------------------------------------
+ // Transition from Ticket to Ticket
+ // --------------------------------------------------------------------------------------------
+ // KDC-REQ-BODY ::= SEQUENCE {
+ // ...
+ // additional-tickets [11] SEQUENCE OF Ticket
+ super.transitions[KdcReqBodyStatesEnum.KDC_REQ_BODY_ADDITIONAL_TICKETS_STATE.ordinal()][KerberosConstants.TICKET_TAG] = new GrammarTransition(
+ KdcReqBodyStatesEnum.KDC_REQ_BODY_ADDITIONAL_TICKETS_STATE, KdcReqBodyStatesEnum.KDC_REQ_BODY_ADDITIONAL_TICKETS_STATE, KerberosConstants.TICKET_TAG,
+ new AddTicket() );
+ }
/**
* Get the instance of this grammar
Added: directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/codec/kdcReqBody/actions/AddTicket.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/codec/kdcReqBody/actions/AddTicket.java?rev=1034997&view=auto
==============================================================================
--- directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/codec/kdcReqBody/actions/AddTicket.java (added)
+++ directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/codec/kdcReqBody/actions/AddTicket.java Sun Nov 14 14:03:48 2010
@@ -0,0 +1,108 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.shared.kerberos.codec.kdcReqBody.actions;
+
+
+import org.apache.directory.shared.asn1.ber.Asn1Container;
+import org.apache.directory.shared.asn1.ber.Asn1Decoder;
+import org.apache.directory.shared.asn1.ber.grammar.GrammarAction;
+import org.apache.directory.shared.asn1.ber.tlv.TLV;
+import org.apache.directory.shared.asn1.codec.DecoderException;
+import org.apache.directory.shared.i18n.I18n;
+import org.apache.directory.shared.kerberos.codec.kdcReqBody.KdcReqBodyContainer;
+import org.apache.directory.shared.kerberos.codec.ticket.TicketContainer;
+import org.apache.directory.shared.kerberos.components.KdcReqBody;
+import org.apache.directory.shared.kerberos.messages.Ticket;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+
+/**
+ * The action used to add a Ticket
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public class AddTicket extends GrammarAction
+{
+ /** The logger */
+ private static final Logger LOG = LoggerFactory.getLogger( AddTicket.class );
+
+ /** Speedup for logs */
+ private static final boolean IS_DEBUG = LOG.isDebugEnabled();
+
+ /**
+ * Instantiates a new AddTicket action.
+ */
+ public AddTicket()
+ {
+ super( "KDC-REQ-BODY Add Ticket" );
+ }
+
+
+ /**
+ * {@inheritDoc}
+ */
+ public void action( Asn1Container container ) throws DecoderException
+ {
+ KdcReqBodyContainer kdcReqBodyContainer = ( KdcReqBodyContainer ) container;
+
+ TLV tlv = kdcReqBodyContainer.getCurrentTLV();
+
+ // The Length can't be null
+ if ( tlv.getLength() == 0 )
+ {
+ LOG.error( I18n.err( I18n.ERR_04066 ) );
+
+ // This will generate a PROTOCOL_ERROR
+ throw new DecoderException( I18n.err( I18n.ERR_04067 ) );
+ }
+
+ // Now, let's decode the Ticket
+ Asn1Decoder ticketDecoder = new Asn1Decoder();
+
+ TicketContainer ticketContainer = new TicketContainer();
+ ticketContainer.setStream( container.getStream() );
+
+ // Compute the start position in the stream for the HostAdress to decode :
+ // We have to move back to the HostAddress tag
+ int start = container.getStream().position() - 1 - tlv.getLengthNbBytes();
+ container.getStream().position( start );
+
+ // Decode the Ticket PDU
+ try
+ {
+ ticketDecoder.decode( container.getStream(), ticketContainer );
+ }
+ catch ( DecoderException de )
+ {
+ throw de;
+ }
+
+ // Update the parent
+ container.setParentTLV( tlv.getParent() );
+
+ // Store the Ticket in the container
+ Ticket ticket = ticketContainer.getTicket();
+ KdcReqBody kdcReqBody = kdcReqBodyContainer.getKdcReqBody();
+ kdcReqBody.addAdditionalTicket( ticket );
+
+ container.setGrammarEndAllowed( true );
+ }
+}
Modified: directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/codec/ticket/actions/TicketEncPart.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/codec/ticket/actions/TicketEncPart.java?rev=1034997&r1=1034996&r2=1034997&view=diff
==============================================================================
--- directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/codec/ticket/actions/TicketEncPart.java (original)
+++ directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/codec/ticket/actions/TicketEncPart.java Sun Nov 14 14:03:48 2010
@@ -80,6 +80,7 @@ public class TicketEncPart extends Gramm
Asn1Decoder encryptedDataDecoder = new Asn1Decoder();
EncryptedDataContainer encryptedDataContainer = new EncryptedDataContainer();
+ encryptedDataContainer.setStream( container.getStream() );
// Decode the Ticket PDU
try
@@ -99,5 +100,11 @@ public class TicketEncPart extends Gramm
{
LOG.debug( "EncryptedData : " + encryptedData );
}
+
+ // Update the TLV
+ tlv.setExpectedLength( tlv.getExpectedLength() - tlv.getLength() );
+ //container.setParentTLV( tlv.getParent() );
+
+ container.setGrammarEndAllowed( true );
}
}
Modified: directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/components/KdcReqBody.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/components/KdcReqBody.java?rev=1034997&r1=1034996&r2=1034997&view=diff
==============================================================================
--- directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/components/KdcReqBody.java (original)
+++ directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/components/KdcReqBody.java Sun Nov 14 14:03:48 2010
@@ -463,8 +463,8 @@ public class KdcReqBody
*/
public int computeLength()
{
- // The KdcOptions length (we have to add the unusedBits byte
- kdcOptionsLength = 1 + 1 + 1 + kdcOptions.getBytes().length;
+ // The KdcOptions length
+ kdcOptionsLength = 1 + 1 + kdcOptions.getBytes().length;
// The cname length
if ( cName != null )
Modified: directory/apacheds/trunk/kerberos-codec/src/test/java/org/apache/directory/shared/kerberos/codec/KdcReqBodyDecoderTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-codec/src/test/java/org/apache/directory/shared/kerberos/codec/KdcReqBodyDecoderTest.java?rev=1034997&r1=1034996&r2=1034997&view=diff
==============================================================================
--- directory/apacheds/trunk/kerberos-codec/src/test/java/org/apache/directory/shared/kerberos/codec/KdcReqBodyDecoderTest.java (original)
+++ directory/apacheds/trunk/kerberos-codec/src/test/java/org/apache/directory/shared/kerberos/codec/KdcReqBodyDecoderTest.java Sun Nov 14 14:03:48 2010
@@ -27,9 +27,12 @@ import java.nio.ByteBuffer;
import org.apache.directory.junit.tools.Concurrent;
import org.apache.directory.junit.tools.ConcurrentJunitRunner;
+import org.apache.directory.shared.asn1.ber.Asn1Container;
import org.apache.directory.shared.asn1.ber.Asn1Decoder;
+import org.apache.directory.shared.asn1.codec.DecoderException;
import org.apache.directory.shared.asn1.codec.EncoderException;
import org.apache.directory.shared.kerberos.KerberosTime;
+import org.apache.directory.shared.kerberos.codec.kdcReqBody.KdcReqBodyContainer;
import org.apache.directory.shared.kerberos.codec.options.KdcOptions;
import org.apache.directory.shared.kerberos.codec.types.EncryptionType;
import org.apache.directory.shared.kerberos.codec.types.HostAddrType;
@@ -57,7 +60,7 @@ public class KdcReqBodyDecoderTest
* Test the decoding of a KdcReqBody message
*/
@Test
- public void testEncodeTicket() throws Exception
+ public void testDecodeFullKdcReqBody() throws Exception
{
Asn1Decoder kerberosDecoder = new Asn1Decoder();
@@ -67,8 +70,8 @@ public class KdcReqBodyDecoderTest
{
0x30, (byte)0x82, 0x01, 0x57,
(byte)0xA0, 0x07,
- 0x03, 0x04,
- 0x01, 0x02, 0x03, 0x04,
+ 0x03, 0x05,
+ 0x00, 0x01, 0x04, 0x00, 0x32,
(byte)0xA1, 0x13,
0x30, 0x11,
(byte)0xA0, 0x03,
@@ -178,9 +181,23 @@ public class KdcReqBodyDecoderTest
String decodedPdu = StringTools.dumpBytes( stream.array() );
stream.flip();
+ // Allocate a KdcReqBody Container
+ Asn1Container kdcReqBodyContainer = new KdcReqBodyContainer();
+ kdcReqBodyContainer.setStream( stream );
+
+ // Decode the KdcReqBody PDU
+ try
+ {
+ kerberosDecoder.decode( stream, kdcReqBodyContainer );
+ }
+ catch ( DecoderException de )
+ {
+ fail( de.getMessage() );
+ }
+
KdcReqBody body = new KdcReqBody();
- body.setKdcOptions( new KdcOptions( new byte[]{0x01, 0x02, 0x03, 0x04} ) );
+ body.setKdcOptions( new KdcOptions( new byte[]{0x00, 0x01, 0x04, 0x00, 0x32} ) );
body.setCName( new PrincipalName( "client", PrincipalNameType.KRB_NT_ENTERPRISE ) );
body.setRealm( "EXAMPLE.COM" );
body.setSName( new PrincipalName( "server", PrincipalNameType.KRB_NT_ENTERPRISE ) );
@@ -233,8 +250,6 @@ public class KdcReqBodyDecoderTest
// Check the length
assertEquals( 0x15B, encodedPdu.limit() );
-
- //assertEquals( StringTools.dumpBytes( encodedPdu.array() ), decodedPdu );
}
catch ( EncoderException ee )
{