You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by er...@apache.org on 2004/10/02 18:51:42 UTC

svn commit: rev 51807 - incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/kdc/replay

Author: erodriguez
Date: Sat Oct  2 09:51:41 2004
New Revision: 51807

Added:
   incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/kdc/replay/
   incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/kdc/replay/InMemoryReplayCache.java
   incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/kdc/replay/ReplayCache.java
Log:
basic in-memory replay cache implementation

Added: incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/kdc/replay/InMemoryReplayCache.java
==============================================================================
--- (empty file)
+++ incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/kdc/replay/InMemoryReplayCache.java	Sat Oct  2 09:51:41 2004
@@ -0,0 +1,84 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.kerberos.kdc.replay;
+
+import org.apache.kerberos.messages.value.*;
+
+import java.util.*;
+
+public class InMemoryReplayCache implements ReplayCache {
+	
+	private static final long TWO_WEEKS = 1000 * 60 * 60 * 24 * 14;
+
+    private List list = new ArrayList();
+
+    public synchronized boolean isReplay(KerberosTime clientTime, PrincipalName clientName, Realm clientRealm) {
+        ReplayCacheEntry testEntry = new ReplayCacheEntry(clientTime, clientName, clientRealm);
+        Iterator it = list.iterator();
+        while (it.hasNext()) {
+            ReplayCacheEntry entry = (ReplayCacheEntry)it.next();
+            if (entry.equals(testEntry))
+                return true;
+        }
+        return false;
+    }
+
+    public synchronized void save(KerberosTime clientTime, PrincipalName clientName, Realm clientRealm) {
+        list.add(new ReplayCacheEntry(clientTime, clientName, clientRealm));
+        purgeExpired();
+    }
+    
+    /*
+     * TODO - age needs to be configurable; requires store
+     */
+    private synchronized void purgeExpired() {
+    	long now = new Date().getTime();
+    	
+        KerberosTime age = new KerberosTime(now - TWO_WEEKS);
+        
+        Iterator it = list.iterator();
+        while (it.hasNext()) {
+            ReplayCacheEntry entry = (ReplayCacheEntry)it.next();
+            if (entry.olderThan(age))
+                list.remove(entry);
+        }
+    }
+    
+    private class ReplayCacheEntry {
+
+    	private KerberosTime      _clientTime;
+    	private PrincipalName     _clientName;
+    	private Realm             _clientRealm;
+    	
+    	public ReplayCacheEntry(KerberosTime time, PrincipalName name, Realm realm) {
+    		_clientTime  = time;
+    		_clientName  = name;
+    		_clientRealm = realm;
+    	}
+    	
+        public boolean equals(ReplayCacheEntry other) {
+            return _clientTime.equals(other._clientTime) && 
+    				_clientName.equals(other._clientName) &&
+            		_clientRealm.equals(other._clientRealm);
+        }
+        
+        public boolean olderThan(KerberosTime time) {
+            return time.greaterThan(_clientTime);
+        }
+    }
+}
+

Added: incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/kdc/replay/ReplayCache.java
==============================================================================
--- (empty file)
+++ incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/kdc/replay/ReplayCache.java	Sat Oct  2 09:51:41 2004
@@ -0,0 +1,27 @@
+/*
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.kerberos.kdc.replay;
+
+import org.apache.kerberos.messages.value.*;
+
+public interface ReplayCache {
+
+    boolean isReplay(KerberosTime clientTime, PrincipalName clientName, Realm clientRealm);
+    
+    void save(KerberosTime clientTime, PrincipalName clientName, Realm clientRealm);
+}
+