You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by er...@apache.org on 2007/07/23 09:47:15 UTC
svn commit: r558641 - in /directory/apacheds/trunk: kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/value/ protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/preauthentication/

Author: erodriguez
Date: Mon Jul 23 00:47:15 2007
New Revision: 558641

URL: http://svn.apache.org/viewvc?view=rev&rev=558641
Log:
Updated the Authorization Data type and Pre-Authentication Data type classes to the latest Kerberos RFCs (RFC 4120 and RFC 4556).

Modified:
    directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/value/AuthorizationType.java
    directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/value/PreAuthenticationDataType.java
    directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/preauthentication/VerifierBase.java

Modified: directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/value/AuthorizationType.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/value/AuthorizationType.java?view=diff&rev=558641&r1=558640&r2=558641
==============================================================================
--- directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/value/AuthorizationType.java (original)
+++ directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/value/AuthorizationType.java Mon Jul 23 00:47:15 2007
@@ -39,39 +39,49 @@
     /**
      * Constant for the "if relevant" authorization type.
      */
-    public static final AuthorizationType IF_RELEVANT = new AuthorizationType( 1, "if relevant" );
+    public static final AuthorizationType AD_IF_RELEVANT = new AuthorizationType( 1, "if relevant" );
 
     /**
      * Constant for the "intended for server" authorization type.
      */
-    public static final AuthorizationType INTENDED_FOR_SERVER = new AuthorizationType( 2, "intended for server" );
+    public static final AuthorizationType AD_INTENDED_FOR_SERVER = new AuthorizationType( 2, "intended for server" );
 
     /**
      * Constant for the  "intended for application class" authorization type.
      */
-    public static final AuthorizationType INTENDED_FOR_APPLICATION_CLASS = new AuthorizationType( 3,
+    public static final AuthorizationType AD_INTENDED_FOR_APPLICATION_CLASS = new AuthorizationType( 3,
         "intended for application class" );
 
     /**
      * Constant for the "kdc issued" authorization type.
      */
-    public static final AuthorizationType KDC_ISSUED = new AuthorizationType( 4, "kdc issued" );
+    public static final AuthorizationType AD_KDC_ISSUED = new AuthorizationType( 4, "kdc issued" );
 
     /**
-     * Constant for the "or" authorization type.
+     * Constant for the "and-or" authorization type.
      */
-    public static final AuthorizationType OR = new AuthorizationType( 5, "or" );
+    public static final AuthorizationType AD_AND_OR = new AuthorizationType( 5, "and-or" );
 
     /**
      * Constant for the "mandatory ticket extensions" authorization type.
      */
-    public static final AuthorizationType MANDATORY_TICKET_EXTENSIONS = new AuthorizationType( 6,
+    public static final AuthorizationType AD_MANDATORY_TICKET_EXTENSIONS = new AuthorizationType( 6,
         "mandatory ticket extensions" );
 
     /**
      * Constant for the "in ticket extensions" authorization type.
      */
-    public static final AuthorizationType IN_TICKET_EXTENSIONS = new AuthorizationType( 7, "in ticket extensions" );
+    public static final AuthorizationType AD_IN_TICKET_EXTENSIONS = new AuthorizationType( 7, "in ticket extensions" );
+
+    /**
+     * Constant for the "mandatory for KDC" authorization type.
+     */
+    public static final AuthorizationType AD_MANDATORY_FOR_KDC = new AuthorizationType( 8, "mandatory for KDC" );
+
+    /**
+     * Constant for the "Initial verified CAS" authorization type.
+     */
+    public static final AuthorizationType AD_INITIAL_VERIFIED_CAS = new AuthorizationType( 9, "Initial verified CAS" );
 
     /**
      * Constant for the "OSF DCE" authorization type.
@@ -84,11 +94,27 @@
     public static final AuthorizationType SESAME = new AuthorizationType( 65, "sesame" );
 
     /**
+     * Constant for the "OSF DCE PKI CERTID" authorization type.
+     */
+    public static final AuthorizationType AD_OSF_DCE_PKI_CERTID = new AuthorizationType( 66, "OSF DCE PKI CERTID" );
+
+    /**
+     * Constant for the "WIN2K PAC" authorization type.
+     */
+    public static final AuthorizationType AD_WIN2K_PAC = new AuthorizationType( 128, "WIN2K PAC" );
+
+    /**
+     * Constant for the "encryption negotiation" authorization type.
+     */
+    public static final AuthorizationType AD_ETYPE_NEGOTIATION = new AuthorizationType( 129, "encryption negotiation" );
+
+    /**
      * Array for building a List of VALUES.
      */
     private static final AuthorizationType[] values =
-        { NULL, IF_RELEVANT, INTENDED_FOR_SERVER, INTENDED_FOR_APPLICATION_CLASS, KDC_ISSUED, OR,
-            MANDATORY_TICKET_EXTENSIONS, IN_TICKET_EXTENSIONS, OSF_DCE, SESAME };
+        { NULL, AD_IF_RELEVANT, AD_INTENDED_FOR_SERVER, AD_INTENDED_FOR_APPLICATION_CLASS, AD_KDC_ISSUED, AD_AND_OR,
+            AD_MANDATORY_TICKET_EXTENSIONS, AD_IN_TICKET_EXTENSIONS, AD_MANDATORY_FOR_KDC, AD_INITIAL_VERIFIED_CAS,
+            OSF_DCE, SESAME, AD_OSF_DCE_PKI_CERTID, AD_WIN2K_PAC, AD_ETYPE_NEGOTIATION };
 
     /**
      * A List of all the authorization type constants.

Modified: directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/value/PreAuthenticationDataType.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/value/PreAuthenticationDataType.java?view=diff&rev=558641&r1=558640&r2=558641
==============================================================================
--- directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/value/PreAuthenticationDataType.java (original)
+++ directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/value/PreAuthenticationDataType.java Mon Jul 23 00:47:15 2007
@@ -87,28 +87,46 @@
     /**
      * Constant for the "encryption info" pre-authentication data type.
      */
-    public static final PreAuthenticationDataType PA_ENCTYPE_INFO = new PreAuthenticationDataType( 11,
-        "Encryption info." );
+    public static final PreAuthenticationDataType PA_ETYPE_INFO = new PreAuthenticationDataType( 11, "Encryption info." );
 
     /**
      * Constant for the "SAM challenge" pre-authentication data type.
      */
-    public static final PreAuthenticationDataType SAM_CHALLENGE = new PreAuthenticationDataType( 12, "SAM challenge." );
+    public static final PreAuthenticationDataType PA_SAM_CHALLENGE = new PreAuthenticationDataType( 12,
+        "SAM challenge." );
 
     /**
      * Constant for the "SAM response" pre-authentication data type.
      */
-    public static final PreAuthenticationDataType SAM_RESPONSE = new PreAuthenticationDataType( 13, "SAM response." );
+    public static final PreAuthenticationDataType PA_SAM_RESPONSE = new PreAuthenticationDataType( 13, "SAM response." );
 
     /**
-     * Constant for the "PK as request" pre-authentication data type.
+     * Constant for the "Old PK AS request" pre-authentication data type.
      */
-    public static final PreAuthenticationDataType PA_PK_AS_REQ = new PreAuthenticationDataType( 14, "PK as request" );
+    public static final PreAuthenticationDataType PA_PK_AS_REQ_OLD = new PreAuthenticationDataType( 14,
+        "Old PK AS request." );
 
     /**
-     * Constant for the "PK as response" pre-authentication data type.
+     * Constant for the "Old PK AS reply" pre-authentication data type.
      */
-    public static final PreAuthenticationDataType PA_PK_AS_REP = new PreAuthenticationDataType( 15, "PK as response" );
+    public static final PreAuthenticationDataType PA_PK_AS_REP_OLD = new PreAuthenticationDataType( 15,
+        "Old PK AS reply." );
+
+    /**
+     * Constant for the "PK AS request" pre-authentication data type.
+     */
+    public static final PreAuthenticationDataType PA_PK_AS_REQ = new PreAuthenticationDataType( 16, "PK AS request." );
+
+    /**
+     * Constant for the "PK AS reply" pre-authentication data type.
+     */
+    public static final PreAuthenticationDataType PA_PK_AS_REP = new PreAuthenticationDataType( 17, "PK AS reply." );
+
+    /**
+     * Constant for the "Encryption info 2" pre-authentication data type.
+     */
+    public static final PreAuthenticationDataType PA_ETYPE_INFO2 = new PreAuthenticationDataType( 19,
+        "Encryption info 2." );
 
     /**
      * Constant for the "use specified key version" pre-authentication data type.
@@ -119,21 +137,110 @@
     /**
      * Constant for the "SAM redirect" pre-authentication data type.
      */
-    public static final PreAuthenticationDataType SAM_REDIRECT = new PreAuthenticationDataType( 21, "SAM redirect." );
+    public static final PreAuthenticationDataType PA_SAM_REDIRECT = new PreAuthenticationDataType( 21, "SAM redirect." );
 
     /**
-     * Constant for the "get from typed data" pre-authentication data type.
+     * Constant for the "Embedded in typed data" pre-authentication data type.
      */
     public static final PreAuthenticationDataType PA_GET_FROM_TYPED_DATA = new PreAuthenticationDataType( 22,
-        "Get from typed data" );
+        "Embedded in typed data." );
+
+    /**
+     * Constant for the "Embeds padata" pre-authentication data type.
+     */
+    public static final PreAuthenticationDataType TD_PADATA = new PreAuthenticationDataType( 22, "Embeds padata." );
+
+    /**
+     * Constant for the "SAM encryption info" pre-authentication data type.
+     */
+    public static final PreAuthenticationDataType PA_SAM_ETYPE_INFO = new PreAuthenticationDataType( 23,
+        "SAM encryption info." );
+
+    /**
+     * Constant for the "Alternate principal" pre-authentication data type.
+     */
+    public static final PreAuthenticationDataType PA_ALT_PRINC = new PreAuthenticationDataType( 24,
+        "Alternate principal." );
+
+    /**
+     * Constant for the "SAM challenge 2" pre-authentication data type.
+     */
+    public static final PreAuthenticationDataType PA_SAM_CHALLENGE2 = new PreAuthenticationDataType( 30,
+        "SAM challenge 2." );
+
+    /**
+     * Constant for the "SAM response 2" pre-authentication data type.
+     */
+    public static final PreAuthenticationDataType PA_SAM_RESPONSE2 = new PreAuthenticationDataType( 31,
+        "SAM response 2." );
+
+    /**
+     * Constant for the "Reserved extra TGT" pre-authentication data type.
+     */
+    public static final PreAuthenticationDataType PA_EXTRA_TGT = new PreAuthenticationDataType( 41,
+        "Reserved extra TGT." );
+
+    /**
+     * Constant for the "CertificateSet from CMS" pre-authentication data type.
+     */
+    public static final PreAuthenticationDataType TD_PKINIT_CMS_CERTIFICATES = new PreAuthenticationDataType( 101,
+        "CertificateSet from CMS." );
+
+    /**
+     * Constant for the "PrincipalName" pre-authentication data type.
+     */
+    public static final PreAuthenticationDataType TD_KRB_PRINCIPAL = new PreAuthenticationDataType( 102,
+        "PrincipalName." );
+
+    /**
+     * Constant for the "Realm" pre-authentication data type.
+     */
+    public static final PreAuthenticationDataType TD_KRB_REALM = new PreAuthenticationDataType( 103, "Realm." );
+
+    /**
+     * Constant for the "Trusted certifiers" pre-authentication data type.
+     */
+    public static final PreAuthenticationDataType TD_TRUSTED_CERTIFIERS = new PreAuthenticationDataType( 104,
+        "Trusted certifiers." );
+
+    /**
+     * Constant for the "Certificate index" pre-authentication data type.
+     */
+    public static final PreAuthenticationDataType TD_CERTIFICATE_INDEX = new PreAuthenticationDataType( 105,
+        "Certificate index." );
+
+    /**
+     * Constant for the "application specific" pre-authentication data type.
+     */
+    public static final PreAuthenticationDataType TD_APP_DEFINED_ERROR = new PreAuthenticationDataType( 106,
+        "application specific." );
+
+    /**
+     * Constant for the "Request nonce" pre-authentication data type.
+     */
+    public static final PreAuthenticationDataType TD_REQ_NONCE = new PreAuthenticationDataType( 107, "Request nonce." );
+
+    /**
+     * Constant for the "Request sequence number" pre-authentication data type.
+     */
+    public static final PreAuthenticationDataType TD_REQ_SEQ = new PreAuthenticationDataType( 108,
+        "Request sequence number." );
+
+    /**
+     * Constant for the "PAC request" pre-authentication data type.
+     */
+    public static final PreAuthenticationDataType PA_PAC_REQUEST = new PreAuthenticationDataType( 128, "PAC request." );
 
     /**
      * Array for building a List of VALUES.
      */
     private static final PreAuthenticationDataType[] values =
         { NULL, PA_TGS_REQ, PA_ENC_TIMESTAMP, PA_PW_SALT, PA_ENC_UNIX_TIME, PA_SANDIA_SECUREID, PA_SESAME, PA_OSF_DCE,
-            PA_CYBERSAFE_SECUREID, PA_ASF3_SALT, PA_ENCTYPE_INFO, SAM_CHALLENGE, SAM_RESPONSE, PA_PK_AS_REQ,
-            PA_PK_AS_REP, PA_USE_SPECIFIED_KVNO, SAM_REDIRECT, PA_GET_FROM_TYPED_DATA };
+            PA_CYBERSAFE_SECUREID, PA_ASF3_SALT, PA_ETYPE_INFO, PA_SAM_CHALLENGE, PA_SAM_RESPONSE, PA_PK_AS_REQ_OLD,
+            PA_PK_AS_REP_OLD, PA_PK_AS_REQ, PA_PK_AS_REP, PA_ETYPE_INFO2, PA_USE_SPECIFIED_KVNO, PA_SAM_REDIRECT,
+            PA_GET_FROM_TYPED_DATA, TD_PADATA, PA_SAM_ETYPE_INFO, PA_ALT_PRINC, PA_SAM_CHALLENGE2, PA_SAM_RESPONSE2,
+            PA_EXTRA_TGT, TD_PKINIT_CMS_CERTIFICATES, TD_KRB_PRINCIPAL, TD_KRB_REALM, TD_TRUSTED_CERTIFIERS,
+            TD_CERTIFICATE_INDEX, TD_APP_DEFINED_ERROR, TD_REQ_NONCE, TD_REQ_SEQ, PA_PAC_REQUEST };
 
     /**
      * A list of all the pre-authentication type constants.

Modified: directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/preauthentication/VerifierBase.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/preauthentication/VerifierBase.java?view=diff&rev=558641&r1=558640&r2=558641
==============================================================================
--- directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/preauthentication/VerifierBase.java (original)
+++ directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/preauthentication/VerifierBase.java Mon Jul 23 00:47:15 2007
@@ -76,7 +76,7 @@
         }
 
         PreAuthenticationDataModifier encTypeModifier = new PreAuthenticationDataModifier();
-        encTypeModifier.setDataType( PreAuthenticationDataType.PA_ENCTYPE_INFO );
+        encTypeModifier.setDataType( PreAuthenticationDataType.PA_ETYPE_INFO );
         encTypeModifier.setDataValue( encTypeInfo );
 
         paDataSequence[1] = encTypeModifier.getPreAuthenticationData();