You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by er...@apache.org on 2007/07/23 09:47:15 UTC
svn commit: r558641 - in /directory/apacheds/trunk:
kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/value/
protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/preauthentication/
Author: erodriguez
Date: Mon Jul 23 00:47:15 2007
New Revision: 558641
URL: http://svn.apache.org/viewvc?view=rev&rev=558641
Log:
Updated the Authorization Data type and Pre-Authentication Data type classes to the latest Kerberos RFCs (RFC 4120 and RFC 4556).
Modified:
directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/value/AuthorizationType.java
directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/value/PreAuthenticationDataType.java
directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/preauthentication/VerifierBase.java
Modified: directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/value/AuthorizationType.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/value/AuthorizationType.java?view=diff&rev=558641&r1=558640&r2=558641
==============================================================================
--- directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/value/AuthorizationType.java (original)
+++ directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/value/AuthorizationType.java Mon Jul 23 00:47:15 2007
@@ -39,39 +39,49 @@
/**
* Constant for the "if relevant" authorization type.
*/
- public static final AuthorizationType IF_RELEVANT = new AuthorizationType( 1, "if relevant" );
+ public static final AuthorizationType AD_IF_RELEVANT = new AuthorizationType( 1, "if relevant" );
/**
* Constant for the "intended for server" authorization type.
*/
- public static final AuthorizationType INTENDED_FOR_SERVER = new AuthorizationType( 2, "intended for server" );
+ public static final AuthorizationType AD_INTENDED_FOR_SERVER = new AuthorizationType( 2, "intended for server" );
/**
* Constant for the "intended for application class" authorization type.
*/
- public static final AuthorizationType INTENDED_FOR_APPLICATION_CLASS = new AuthorizationType( 3,
+ public static final AuthorizationType AD_INTENDED_FOR_APPLICATION_CLASS = new AuthorizationType( 3,
"intended for application class" );
/**
* Constant for the "kdc issued" authorization type.
*/
- public static final AuthorizationType KDC_ISSUED = new AuthorizationType( 4, "kdc issued" );
+ public static final AuthorizationType AD_KDC_ISSUED = new AuthorizationType( 4, "kdc issued" );
/**
- * Constant for the "or" authorization type.
+ * Constant for the "and-or" authorization type.
*/
- public static final AuthorizationType OR = new AuthorizationType( 5, "or" );
+ public static final AuthorizationType AD_AND_OR = new AuthorizationType( 5, "and-or" );
/**
* Constant for the "mandatory ticket extensions" authorization type.
*/
- public static final AuthorizationType MANDATORY_TICKET_EXTENSIONS = new AuthorizationType( 6,
+ public static final AuthorizationType AD_MANDATORY_TICKET_EXTENSIONS = new AuthorizationType( 6,
"mandatory ticket extensions" );
/**
* Constant for the "in ticket extensions" authorization type.
*/
- public static final AuthorizationType IN_TICKET_EXTENSIONS = new AuthorizationType( 7, "in ticket extensions" );
+ public static final AuthorizationType AD_IN_TICKET_EXTENSIONS = new AuthorizationType( 7, "in ticket extensions" );
+
+ /**
+ * Constant for the "mandatory for KDC" authorization type.
+ */
+ public static final AuthorizationType AD_MANDATORY_FOR_KDC = new AuthorizationType( 8, "mandatory for KDC" );
+
+ /**
+ * Constant for the "Initial verified CAS" authorization type.
+ */
+ public static final AuthorizationType AD_INITIAL_VERIFIED_CAS = new AuthorizationType( 9, "Initial verified CAS" );
/**
* Constant for the "OSF DCE" authorization type.
@@ -84,11 +94,27 @@
public static final AuthorizationType SESAME = new AuthorizationType( 65, "sesame" );
/**
+ * Constant for the "OSF DCE PKI CERTID" authorization type.
+ */
+ public static final AuthorizationType AD_OSF_DCE_PKI_CERTID = new AuthorizationType( 66, "OSF DCE PKI CERTID" );
+
+ /**
+ * Constant for the "WIN2K PAC" authorization type.
+ */
+ public static final AuthorizationType AD_WIN2K_PAC = new AuthorizationType( 128, "WIN2K PAC" );
+
+ /**
+ * Constant for the "encryption negotiation" authorization type.
+ */
+ public static final AuthorizationType AD_ETYPE_NEGOTIATION = new AuthorizationType( 129, "encryption negotiation" );
+
+ /**
* Array for building a List of VALUES.
*/
private static final AuthorizationType[] values =
- { NULL, IF_RELEVANT, INTENDED_FOR_SERVER, INTENDED_FOR_APPLICATION_CLASS, KDC_ISSUED, OR,
- MANDATORY_TICKET_EXTENSIONS, IN_TICKET_EXTENSIONS, OSF_DCE, SESAME };
+ { NULL, AD_IF_RELEVANT, AD_INTENDED_FOR_SERVER, AD_INTENDED_FOR_APPLICATION_CLASS, AD_KDC_ISSUED, AD_AND_OR,
+ AD_MANDATORY_TICKET_EXTENSIONS, AD_IN_TICKET_EXTENSIONS, AD_MANDATORY_FOR_KDC, AD_INITIAL_VERIFIED_CAS,
+ OSF_DCE, SESAME, AD_OSF_DCE_PKI_CERTID, AD_WIN2K_PAC, AD_ETYPE_NEGOTIATION };
/**
* A List of all the authorization type constants.
Modified: directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/value/PreAuthenticationDataType.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/value/PreAuthenticationDataType.java?view=diff&rev=558641&r1=558640&r2=558641
==============================================================================
--- directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/value/PreAuthenticationDataType.java (original)
+++ directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/value/PreAuthenticationDataType.java Mon Jul 23 00:47:15 2007
@@ -87,28 +87,46 @@
/**
* Constant for the "encryption info" pre-authentication data type.
*/
- public static final PreAuthenticationDataType PA_ENCTYPE_INFO = new PreAuthenticationDataType( 11,
- "Encryption info." );
+ public static final PreAuthenticationDataType PA_ETYPE_INFO = new PreAuthenticationDataType( 11, "Encryption info." );
/**
* Constant for the "SAM challenge" pre-authentication data type.
*/
- public static final PreAuthenticationDataType SAM_CHALLENGE = new PreAuthenticationDataType( 12, "SAM challenge." );
+ public static final PreAuthenticationDataType PA_SAM_CHALLENGE = new PreAuthenticationDataType( 12,
+ "SAM challenge." );
/**
* Constant for the "SAM response" pre-authentication data type.
*/
- public static final PreAuthenticationDataType SAM_RESPONSE = new PreAuthenticationDataType( 13, "SAM response." );
+ public static final PreAuthenticationDataType PA_SAM_RESPONSE = new PreAuthenticationDataType( 13, "SAM response." );
/**
- * Constant for the "PK as request" pre-authentication data type.
+ * Constant for the "Old PK AS request" pre-authentication data type.
*/
- public static final PreAuthenticationDataType PA_PK_AS_REQ = new PreAuthenticationDataType( 14, "PK as request" );
+ public static final PreAuthenticationDataType PA_PK_AS_REQ_OLD = new PreAuthenticationDataType( 14,
+ "Old PK AS request." );
/**
- * Constant for the "PK as response" pre-authentication data type.
+ * Constant for the "Old PK AS reply" pre-authentication data type.
*/
- public static final PreAuthenticationDataType PA_PK_AS_REP = new PreAuthenticationDataType( 15, "PK as response" );
+ public static final PreAuthenticationDataType PA_PK_AS_REP_OLD = new PreAuthenticationDataType( 15,
+ "Old PK AS reply." );
+
+ /**
+ * Constant for the "PK AS request" pre-authentication data type.
+ */
+ public static final PreAuthenticationDataType PA_PK_AS_REQ = new PreAuthenticationDataType( 16, "PK AS request." );
+
+ /**
+ * Constant for the "PK AS reply" pre-authentication data type.
+ */
+ public static final PreAuthenticationDataType PA_PK_AS_REP = new PreAuthenticationDataType( 17, "PK AS reply." );
+
+ /**
+ * Constant for the "Encryption info 2" pre-authentication data type.
+ */
+ public static final PreAuthenticationDataType PA_ETYPE_INFO2 = new PreAuthenticationDataType( 19,
+ "Encryption info 2." );
/**
* Constant for the "use specified key version" pre-authentication data type.
@@ -119,21 +137,110 @@
/**
* Constant for the "SAM redirect" pre-authentication data type.
*/
- public static final PreAuthenticationDataType SAM_REDIRECT = new PreAuthenticationDataType( 21, "SAM redirect." );
+ public static final PreAuthenticationDataType PA_SAM_REDIRECT = new PreAuthenticationDataType( 21, "SAM redirect." );
/**
- * Constant for the "get from typed data" pre-authentication data type.
+ * Constant for the "Embedded in typed data" pre-authentication data type.
*/
public static final PreAuthenticationDataType PA_GET_FROM_TYPED_DATA = new PreAuthenticationDataType( 22,
- "Get from typed data" );
+ "Embedded in typed data." );
+
+ /**
+ * Constant for the "Embeds padata" pre-authentication data type.
+ */
+ public static final PreAuthenticationDataType TD_PADATA = new PreAuthenticationDataType( 22, "Embeds padata." );
+
+ /**
+ * Constant for the "SAM encryption info" pre-authentication data type.
+ */
+ public static final PreAuthenticationDataType PA_SAM_ETYPE_INFO = new PreAuthenticationDataType( 23,
+ "SAM encryption info." );
+
+ /**
+ * Constant for the "Alternate principal" pre-authentication data type.
+ */
+ public static final PreAuthenticationDataType PA_ALT_PRINC = new PreAuthenticationDataType( 24,
+ "Alternate principal." );
+
+ /**
+ * Constant for the "SAM challenge 2" pre-authentication data type.
+ */
+ public static final PreAuthenticationDataType PA_SAM_CHALLENGE2 = new PreAuthenticationDataType( 30,
+ "SAM challenge 2." );
+
+ /**
+ * Constant for the "SAM response 2" pre-authentication data type.
+ */
+ public static final PreAuthenticationDataType PA_SAM_RESPONSE2 = new PreAuthenticationDataType( 31,
+ "SAM response 2." );
+
+ /**
+ * Constant for the "Reserved extra TGT" pre-authentication data type.
+ */
+ public static final PreAuthenticationDataType PA_EXTRA_TGT = new PreAuthenticationDataType( 41,
+ "Reserved extra TGT." );
+
+ /**
+ * Constant for the "CertificateSet from CMS" pre-authentication data type.
+ */
+ public static final PreAuthenticationDataType TD_PKINIT_CMS_CERTIFICATES = new PreAuthenticationDataType( 101,
+ "CertificateSet from CMS." );
+
+ /**
+ * Constant for the "PrincipalName" pre-authentication data type.
+ */
+ public static final PreAuthenticationDataType TD_KRB_PRINCIPAL = new PreAuthenticationDataType( 102,
+ "PrincipalName." );
+
+ /**
+ * Constant for the "Realm" pre-authentication data type.
+ */
+ public static final PreAuthenticationDataType TD_KRB_REALM = new PreAuthenticationDataType( 103, "Realm." );
+
+ /**
+ * Constant for the "Trusted certifiers" pre-authentication data type.
+ */
+ public static final PreAuthenticationDataType TD_TRUSTED_CERTIFIERS = new PreAuthenticationDataType( 104,
+ "Trusted certifiers." );
+
+ /**
+ * Constant for the "Certificate index" pre-authentication data type.
+ */
+ public static final PreAuthenticationDataType TD_CERTIFICATE_INDEX = new PreAuthenticationDataType( 105,
+ "Certificate index." );
+
+ /**
+ * Constant for the "application specific" pre-authentication data type.
+ */
+ public static final PreAuthenticationDataType TD_APP_DEFINED_ERROR = new PreAuthenticationDataType( 106,
+ "application specific." );
+
+ /**
+ * Constant for the "Request nonce" pre-authentication data type.
+ */
+ public static final PreAuthenticationDataType TD_REQ_NONCE = new PreAuthenticationDataType( 107, "Request nonce." );
+
+ /**
+ * Constant for the "Request sequence number" pre-authentication data type.
+ */
+ public static final PreAuthenticationDataType TD_REQ_SEQ = new PreAuthenticationDataType( 108,
+ "Request sequence number." );
+
+ /**
+ * Constant for the "PAC request" pre-authentication data type.
+ */
+ public static final PreAuthenticationDataType PA_PAC_REQUEST = new PreAuthenticationDataType( 128, "PAC request." );
/**
* Array for building a List of VALUES.
*/
private static final PreAuthenticationDataType[] values =
{ NULL, PA_TGS_REQ, PA_ENC_TIMESTAMP, PA_PW_SALT, PA_ENC_UNIX_TIME, PA_SANDIA_SECUREID, PA_SESAME, PA_OSF_DCE,
- PA_CYBERSAFE_SECUREID, PA_ASF3_SALT, PA_ENCTYPE_INFO, SAM_CHALLENGE, SAM_RESPONSE, PA_PK_AS_REQ,
- PA_PK_AS_REP, PA_USE_SPECIFIED_KVNO, SAM_REDIRECT, PA_GET_FROM_TYPED_DATA };
+ PA_CYBERSAFE_SECUREID, PA_ASF3_SALT, PA_ETYPE_INFO, PA_SAM_CHALLENGE, PA_SAM_RESPONSE, PA_PK_AS_REQ_OLD,
+ PA_PK_AS_REP_OLD, PA_PK_AS_REQ, PA_PK_AS_REP, PA_ETYPE_INFO2, PA_USE_SPECIFIED_KVNO, PA_SAM_REDIRECT,
+ PA_GET_FROM_TYPED_DATA, TD_PADATA, PA_SAM_ETYPE_INFO, PA_ALT_PRINC, PA_SAM_CHALLENGE2, PA_SAM_RESPONSE2,
+ PA_EXTRA_TGT, TD_PKINIT_CMS_CERTIFICATES, TD_KRB_PRINCIPAL, TD_KRB_REALM, TD_TRUSTED_CERTIFIERS,
+ TD_CERTIFICATE_INDEX, TD_APP_DEFINED_ERROR, TD_REQ_NONCE, TD_REQ_SEQ, PA_PAC_REQUEST };
/**
* A list of all the pre-authentication type constants.
Modified: directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/preauthentication/VerifierBase.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/preauthentication/VerifierBase.java?view=diff&rev=558641&r1=558640&r2=558641
==============================================================================
--- directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/preauthentication/VerifierBase.java (original)
+++ directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/preauthentication/VerifierBase.java Mon Jul 23 00:47:15 2007
@@ -76,7 +76,7 @@
}
PreAuthenticationDataModifier encTypeModifier = new PreAuthenticationDataModifier();
- encTypeModifier.setDataType( PreAuthenticationDataType.PA_ENCTYPE_INFO );
+ encTypeModifier.setDataType( PreAuthenticationDataType.PA_ETYPE_INFO );
encTypeModifier.setDataValue( encTypeInfo );
paDataSequence[1] = encTypeModifier.getPreAuthenticationData();