directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From erodrig...@apache.org
Subject svn commit: r148857 - in incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos: io/decoder kdc messages/components messages/value
Date Fri, 28 Jan 2005 05:04:29 GMT
Author: erodriguez
Date: Thu Jan 27 21:04:26 2005
New Revision: 148857

URL: http://svn.apache.org/viewcvs?view=rev&rev=148857
Log:
Support for pre-authentication by encrypted timestamp.
Added:
   incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/io/decoder/EncryptedDataDecoder.java
   incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/io/decoder/EncryptedTimestampDecoder.java
   incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/EncryptedTimeStampModifier.java
Modified:
   incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/AuthenticationService.java
   incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/components/Authenticator.java
   incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/EncryptedTimeStamp.java
   incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/PreAuthenticationData.java
   incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/PreAuthenticationDataModifier.java
   incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/PreAuthenticationDataType.java

Added: incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/io/decoder/EncryptedDataDecoder.java
Url: http://svn.apache.org/viewcvs/incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/io/decoder/EncryptedDataDecoder.java?view=auto&rev=148857
==============================================================================
--- (empty file)
+++ incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/io/decoder/EncryptedDataDecoder.java
Thu Jan 27 21:04:26 2005
@@ -0,0 +1,38 @@
+/*
+ *   Copyright 2005 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+
+package org.apache.kerberos.io.decoder;
+
+import java.io.IOException;
+
+import org.apache.asn1.der.ASN1InputStream;
+import org.apache.asn1.der.DERSequence;
+import org.apache.kerberos.messages.value.EncryptedData;
+
+
+public class EncryptedDataDecoder extends KerberosMessageDecoder
+{
+	public EncryptedData decode( byte[] encodedEncryptedData ) throws IOException
+	{
+		ASN1InputStream ais = new ASN1InputStream( encodedEncryptedData );
+		
+		DERSequence sequence = (DERSequence) ais.readObject();
+		
+		return decodeEncryptedData( sequence );
+	}
+}
+

Added: incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/io/decoder/EncryptedTimestampDecoder.java
Url: http://svn.apache.org/viewcvs/incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/io/decoder/EncryptedTimestampDecoder.java?view=auto&rev=148857
==============================================================================
--- (empty file)
+++ incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/io/decoder/EncryptedTimestampDecoder.java
Thu Jan 27 21:04:26 2005
@@ -0,0 +1,81 @@
+/*
+ *   Copyright 2005 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+
+package org.apache.kerberos.io.decoder;
+
+import java.io.IOException;
+import java.util.Enumeration;
+
+import org.apache.asn1.der.ASN1InputStream;
+import org.apache.asn1.der.DEREncodable;
+import org.apache.asn1.der.DERGeneralizedTime;
+import org.apache.asn1.der.DERInteger;
+import org.apache.asn1.der.DERSequence;
+import org.apache.asn1.der.DERTaggedObject;
+import org.apache.kerberos.messages.value.EncryptedTimeStamp;
+import org.apache.kerberos.messages.value.EncryptedTimeStampModifier;
+
+/**
+ * padata-type     ::= PA-ENC-TIMESTAMP
+ * padata-value    ::= EncryptedData -- PA-ENC-TS-ENC
+ * 
+ * PA-ENC-TS-ENC   ::= SEQUENCE {
+ *         patimestamp[0]               KerberosTime, -- client's time
+ *         pausec[1]                    INTEGER OPTIONAL
+ * }
+ */
+public class EncryptedTimestampDecoder extends KerberosMessageDecoder
+{
+	public EncryptedTimeStamp decode( byte[] encodedEncryptedTimestamp ) throws IOException
+	{
+		ASN1InputStream ais = new ASN1InputStream( encodedEncryptedTimestamp );
+		
+		DERSequence sequence = (DERSequence) ais.readObject();
+		
+		return decodeEncryptedTimestamp( sequence );
+	}
+	
+	protected EncryptedTimeStamp decodeEncryptedTimestamp( DERSequence sequence )
+	{
+		EncryptedTimeStampModifier modifier = new EncryptedTimeStampModifier();
+		
+		for ( Enumeration e = sequence.getObjects(); e.hasMoreElements(); )
+		{
+			DERTaggedObject object = (DERTaggedObject) e.nextElement();
+			int tag = object.getTagNo();
+			DEREncodable derObject = object.getObject();
+			
+			switch ( tag )
+			{
+				case 0:
+					DERGeneralizedTime tag0 = (DERGeneralizedTime)derObject;
+					modifier.setKerberosTime( decodeKerberosTime( tag0 ) );
+					break;
+				case 1:
+					DERInteger tag1 = (DERInteger)derObject;
+					modifier.setMicroSecond( tag1.intValue() );
+					break;
+			    default:
+			    	System.out.println( object.getObject() );
+			    	break;
+			}
+		}
+		
+		return modifier.getEncryptedTimestamp();
+	}
+}
+

Modified: incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/AuthenticationService.java
Url: http://svn.apache.org/viewcvs/incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/AuthenticationService.java?view=diff&rev=148857&p1=incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/AuthenticationService.java&r1=148856&p2=incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/AuthenticationService.java&r2=148857
==============================================================================
--- incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/AuthenticationService.java
(original)
+++ incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/AuthenticationService.java
Thu Jan 27 21:04:26 2005
@@ -14,10 +14,17 @@
  *   limitations under the License.
  *
  */
+
 package org.apache.kerberos.kdc;
 
+import java.io.IOException;
+
+import javax.security.auth.kerberos.KerberosPrincipal;
+
 import org.apache.kerberos.crypto.RandomKey;
 import org.apache.kerberos.crypto.encryption.EncryptionEngine;
+import org.apache.kerberos.io.decoder.EncryptedDataDecoder;
+import org.apache.kerberos.io.decoder.EncryptedTimestampDecoder;
 import org.apache.kerberos.io.encoder.EncAsRepPartEncoder;
 import org.apache.kerberos.io.encoder.EncTicketPartEncoder;
 import org.apache.kerberos.kdc.store.PrincipalStore;
@@ -26,93 +33,125 @@
 import org.apache.kerberos.messages.components.EncTicketPart;
 import org.apache.kerberos.messages.components.EncTicketPartModifier;
 import org.apache.kerberos.messages.components.Ticket;
-import org.apache.kerberos.messages.value.*;
+import org.apache.kerberos.messages.value.EncryptedData;
+import org.apache.kerberos.messages.value.EncryptedTimeStamp;
+import org.apache.kerberos.messages.value.EncryptionKey;
+import org.apache.kerberos.messages.value.KdcOptions;
+import org.apache.kerberos.messages.value.KerberosTime;
+import org.apache.kerberos.messages.value.LastRequest;
+import org.apache.kerberos.messages.value.PreAuthenticationData;
+import org.apache.kerberos.messages.value.PreAuthenticationDataType;
+import org.apache.kerberos.messages.value.TicketFlags;
+import org.apache.kerberos.messages.value.TransitedEncoding;
 
-import javax.security.auth.kerberos.KerberosPrincipal;
 
-public class AuthenticationService extends KerberosService {
-	
+public class AuthenticationService extends KerberosService
+{
 	private KdcConfiguration config;
 	
-	public AuthenticationService(PrincipalStore store, PrincipalStore bootstrap, KdcConfiguration
config)
+	public AuthenticationService( PrincipalStore store, PrincipalStore bootstrap, KdcConfiguration
config )
     {
-        super(config, bootstrap, store);
+        super( config, bootstrap, store );
 
 		this.config = config;
 	}
-
-	public AuthenticationReply getReplyFor(KdcRequest request) throws KerberosException {
-		
+	
+	public AuthenticationReply getReplyFor( KdcRequest request ) throws KerberosException
+	{
 		KerberosPrincipal clientPrincipal = request.getClientPrincipal();
 
-		EncryptionKey clientKey = getKeyForPrincipal(clientPrincipal);
+		EncryptionKey clientKey = getKeyForPrincipal( clientPrincipal );
 
-        if (clientKey == null)
+        if ( clientKey == null )
         {
             throw KerberosException.KDC_ERR_C_PRINCIPAL_UNKNOWN;
         }
 
 		KerberosPrincipal serverPrincipal = request.getServerPrincipal();
 
-        EncryptionKey serverKey = getKeyForPrincipal(serverPrincipal);
+        EncryptionKey serverKey = getKeyForPrincipal( serverPrincipal );
 
-        if (serverKey == null)
+        if ( serverKey == null )
         {
             throw KerberosException.KDC_ERR_S_PRINCIPAL_UNKNOWN;
         }
 
-		verifyPreAuthentication(request, clientPrincipal);
+		verifyPreAuthentication( request, clientKey );
 		
-		Ticket ticket = getNewTicket(request, serverKey);
-		AuthenticationReply reply = getAuthenticationReply(request, ticket);
-		encryptReplyPart(reply, clientKey);
+		Ticket ticket = getNewTicket( request, serverKey );
+		AuthenticationReply reply = getAuthenticationReply( request, ticket );
+		encryptReplyPart( reply, clientKey );
 		
-		System.out.print("Issuing ticket to client " + clientPrincipal.toString() + " ");
-		System.out.println("for access to " + serverPrincipal.toString());
+		System.out.print( "Issuing ticket to client " + clientPrincipal.toString() + " " );
+		System.out.println( "for access to " + serverPrincipal.toString() );
 		
 		return reply;
 	}
 	
-	// TODO - currently no support for pre-auth; requires server store support
-	private void verifyPreAuthentication(KdcRequest request, KerberosPrincipal clientPrincipal)
{
-		/*
-		if(client.pa_enc_timestamp_required and
-		   pa_enc_timestamp not present) then
-		        error_out(KDC_ERR_PREAUTH_REQUIRED(PA_ENC_TIMESTAMP));
-		endif
-		*/
-		
-		/*
-		if(pa_enc_timestamp present) then
-		        getDecryptedData req.padata-value into decrypted_enc_timestamp
-		                using client.key;
-		                using auth_hdr.authenticator.subkey;
-		        if (decrypt_error()) then
-		                error_out(KRB_AP_ERR_BAD_INTEGRITY);
-		        if(decrypted_enc_timestamp is not within allowable
-		                skew) then error_out(KDC_ERR_PREAUTH_FAILED);
-		        endif
-		        if(decrypted_enc_timestamp and usec is replay)
-		                error_out(KDC_ERR_PREAUTH_FAILED);
-		        endif
-		        add decrypted_enc_timestamp and usec to replay cache;
-		endif
-		*/
-		
-		/*
-		 	if (LocalConfig.DEFAULT_PA_ENC_TIMESTAMP_REQUIRED) {
-			byte[] encTimeStamp = CryptoService.getEncryptedTimestamp(key, new Date());
-			if (key != null) {
-				paData = new PreAuthenticationData[1];
-				paData[0] = new PreAuthenticationData(PreAuthenticationData.PA_ENC_TIMESTAMP, encTimeStamp);
-			}
-		}
-		 */
+	private void verifyPreAuthentication( KdcRequest request, EncryptionKey clientKey )
+		throws KerberosException
+	{
+	    if ( config.isPaEncTimestampRequired() )
+	    {
+		    PreAuthenticationData[] paData = request.getPreAuthData();
+		    
+	        if ( paData == null )
+	        {
+	            throw KerberosException.KDC_ERR_PREAUTH_REQUIRED;
+	        }
+	        
+	        EncryptedTimeStamp timestamp = null;
+	        
+		    for ( int ii = 0; ii < paData.length; ii++ )
+		    {
+		        if ( paData[ ii ].getDataType().equals( PreAuthenticationDataType.PA_ENC_TIMESTAMP
) )
+		        {
+		    		try
+		    		{
+		    		    EncryptedDataDecoder decoder = new EncryptedDataDecoder();
+		    		    EncryptedData dataValue = decoder.decode( paData[ ii ].getDataValue() );
+		    		    
+		                EncryptionEngine engine = getEncryptionEngine( clientKey );
+		                
+		    			byte[] decTimestamp = engine.getDecryptedData( clientKey, dataValue );
+		    			
+		    			EncryptedTimestampDecoder timeStampDecoder = new EncryptedTimestampDecoder();
+		    			timestamp = timeStampDecoder.decode( decTimestamp );
+		    		}
+		    		catch (KerberosException ke)
+		    		{
+		    			throw KerberosException.KRB_AP_ERR_BAD_INTEGRITY;
+		    		}
+		    		catch (IOException ioe)
+		    		{
+		    		    throw KerberosException.KRB_AP_ERR_BAD_INTEGRITY;
+		    		}
+		        }
+		    }
+		    
+	        if ( timestamp == null )
+	        {
+	            throw KerberosException.KDC_ERR_PREAUTH_REQUIRED;
+	        }
+		    
+    		if ( !timestamp.getTimeStamp().isInClockSkew( config.getClockSkew() ) )
+    		{
+    		    throw KerberosException.KDC_ERR_PREAUTH_FAILED;
+    		}
+    		
+    		/*
+	        if(decrypted_enc_timestamp and usec is replay)
+	                error_out(KDC_ERR_PREAUTH_FAILED);
+	        endif
+	        
+	        add decrypted_enc_timestamp and usec to replay cache;
+    		*/
+	    }
 	}
 	
 	// TODO - client and server parameters; requires store
-	private Ticket getNewTicket(KdcRequest request, EncryptionKey serverKey) throws KerberosException
{
-		
+	private Ticket getNewTicket(KdcRequest request, EncryptionKey serverKey) throws KerberosException
+	{
 		KerberosPrincipal ticketPrincipal = request.getServerPrincipal();
 		
 		EncTicketPartModifier newTicketBody = new EncTicketPartModifier();
@@ -140,7 +179,8 @@
 		KerberosTime now = new KerberosTime();
 		newTicketBody.setAuthTime(now);
 	
-		if (request.getKdcOptions().get(KdcOptions.POSTDATED)) {
+		if (request.getKdcOptions().get(KdcOptions.POSTDATED))
+		{
 			// TODO - possibly allow req.from range
 			if (!config.isPostdateAllowed())
 				throw KerberosException.KDC_ERR_POLICY;
@@ -165,7 +205,8 @@
 
 	long tempRtime = 0;
 	if (request.getKdcOptions().get(KdcOptions.RENEWABLE_OK) &&
-			request.getTill().greaterThan(kerberosEndTime)) {
+			request.getTill().greaterThan(kerberosEndTime))
+	{
 		request.getKdcOptions().set(KdcOptions.RENEWABLE);
 		tempRtime = request.getTill().getTime();
 	}
@@ -186,14 +227,16 @@
 		else
 			tempRtime = request.getRtime().getTime();
 
-		if (request.getKdcOptions().get(KdcOptions.RENEWABLE)) {
+		if (request.getKdcOptions().get(KdcOptions.RENEWABLE))
+		{
 			newTicketBody.setFlag(TicketFlags.RENEWABLE);
 			long renewTill = Math.min(request.getFrom().getTime()
 					+ config.getMaximumRenewableLifetime(), tempRtime);
 			newTicketBody.setRenewTill(new KerberosTime(renewTill));
 		}
 
-		if (request.getAddresses() != null) {
+		if (request.getAddresses() != null)
+		{
 			newTicketBody.setClientAddresses(request.getAddresses());
 		}
 		
@@ -207,25 +250,31 @@
 		return newTicket;
 	}
 	
-	private EncryptedData encryptTicketPart(EncTicketPart ticketPart, EncryptionKey serverKey)
{
+	private EncryptedData encryptTicketPart(EncTicketPart ticketPart, EncryptionKey serverKey)
+	{
 		EncTicketPartEncoder encoder = new EncTicketPartEncoder();
 		EncryptedData encryptedTicketPart = null;
-		try {
+		try
+		{
 			byte[] plainText = encoder.encode(ticketPart);
 
             EncryptionEngine engine = getEncryptionEngine(serverKey);
 
 			encryptedTicketPart = engine.getEncryptedData(serverKey, plainText);
 			
-		} catch (Exception e) {
+		}
+		catch (Exception e)
+		{
 			e.printStackTrace();
 		}
 		return encryptedTicketPart;
 	}
 	
-	private void encryptReplyPart(AuthenticationReply reply, EncryptionKey clientKey) {
+	private void encryptReplyPart( AuthenticationReply reply, EncryptionKey clientKey )
+	{
 		EncAsRepPartEncoder encoder = new EncAsRepPartEncoder();
-		try {
+		try
+		{
 			byte[] plainText = encoder.encode(reply);
 
             EncryptionEngine engine = getEncryptionEngine(clientKey);
@@ -233,35 +282,39 @@
 			EncryptedData cipherText = engine.getEncryptedData(clientKey, plainText);
 
 			reply.setEncPart(cipherText);
-			
-		} catch (Exception e) {
+		}
+		catch (Exception e)
+		{
 			e.printStackTrace();
 		}
 	}
 	
-	private AuthenticationReply getAuthenticationReply(KdcRequest request, Ticket ticket) {
+	private AuthenticationReply getAuthenticationReply( KdcRequest request, Ticket ticket )
+	{
 		AuthenticationReply reply = new AuthenticationReply();
 		
-		reply.setClientPrincipal(request.getClientPrincipal());
-		reply.setTicket(ticket);
-		reply.setKey(ticket.getSessionKey());
+		reply.setClientPrincipal( request.getClientPrincipal() );
+		reply.setTicket( ticket );
+		reply.setKey( ticket.getSessionKey() );
 		
 		// TODO - fetch lastReq for this client; requires store
-		reply.setLastRequest(new LastRequest());
+		reply.setLastRequest( new LastRequest() );
 		// TODO	- resp.key-expiration := client.expiration; requires store
 		
-		reply.setNonce(request.getNonce());
+		reply.setNonce( request.getNonce() );
 		
-		reply.setFlags(ticket.getFlags());
-		reply.setAuthTime(ticket.getAuthTime());
-		reply.setStartTime(ticket.getStartTime());
-		reply.setEndTime(ticket.getEndTime());
+		reply.setFlags( ticket.getFlags() );
+		reply.setAuthTime( ticket.getAuthTime() );
+		reply.setStartTime( ticket.getStartTime() );
+		reply.setEndTime( ticket.getEndTime() );
 		
-		if (ticket.getFlags().get(TicketFlags.RENEWABLE))
+		if ( ticket.getFlags().get( TicketFlags.RENEWABLE ) )
+		{
 			reply.setRenewTill(ticket.getRenewTill());
+		}
 		
-		reply.setServerPrincipal(ticket.getServerPrincipal());
-		reply.setClientAddresses(ticket.getClientAddresses());
+		reply.setServerPrincipal( ticket.getServerPrincipal() );
+		reply.setClientAddresses( ticket.getClientAddresses() );
 		
 		return reply;
 	}

Modified: incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/components/Authenticator.java
Url: http://svn.apache.org/viewcvs/incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/components/Authenticator.java?view=diff&rev=148857&p1=incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/components/Authenticator.java&r1=148856&p2=incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/components/Authenticator.java&r2=148857
==============================================================================
--- incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/components/Authenticator.java
(original)
+++ incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/components/Authenticator.java
Thu Jan 27 21:04:26 2005
@@ -14,70 +14,90 @@
  *   limitations under the License.
  *
  */
+
 package org.apache.kerberos.messages.components;
 
-import org.apache.kerberos.messages.value.*;
+import javax.security.auth.kerberos.KerberosPrincipal;
 
-import javax.security.auth.kerberos.*;
+import org.apache.kerberos.messages.value.AuthorizationData;
+import org.apache.kerberos.messages.value.Checksum;
+import org.apache.kerberos.messages.value.EncryptionKey;
+import org.apache.kerberos.messages.value.KerberosTime;
 
-public class Authenticator {
-	
+
+public class Authenticator
+{
 	public static final int AUTHENTICATOR_VNO = 5;
 	
-	private int               _versionNumber;
-	private KerberosPrincipal _clientPrincipal;
-	private Checksum          _checksum;
-	private int               _clientMicroSecond;
-	private KerberosTime      _clientTime;
-	private EncryptionKey     _subSessionKey;
-	private int               _sequenceNumber;
-	private AuthorizationData _authorizationData;
-	
-	public Authenticator(KerberosPrincipal clientPrincipal, Checksum checksum,
-			int cusec, KerberosTime clientTime, EncryptionKey subSessionKey, int sequenceNumber,
-			AuthorizationData authorizationData) {
-		
-		this(AUTHENTICATOR_VNO, clientPrincipal, checksum, cusec, clientTime,
-		 		subSessionKey, sequenceNumber, authorizationData);
-	}
-
-	public Authenticator(int versionNumber, KerberosPrincipal clientPrincipal, Checksum checksum,
-			int cusec, KerberosTime clientTime, EncryptionKey subSessionKey, int sequenceNumber,
-			AuthorizationData authorizationData) {
-		
-		_versionNumber     = versionNumber;
-		_clientPrincipal   = clientPrincipal;
-		_checksum          = checksum;
-		_clientMicroSecond = cusec;
-		_clientTime        = clientTime;
-		_subSessionKey     = subSessionKey;
-		_sequenceNumber    = sequenceNumber;
-		_authorizationData = authorizationData;
-	}
-	
-	public KerberosPrincipal getClientPrincipal() {
-		return _clientPrincipal;
-	}
-	public KerberosTime getClientTime() {
-		return _clientTime;
-	}
-	public int getClientMicroSecond() {
-		return _clientMicroSecond;
-	}
-	public AuthorizationData getAuthorizationData() {
-		return _authorizationData;
-	}
-	public Checksum getChecksum() {
-		return _checksum;
+	private int               versionNumber;
+	private KerberosPrincipal clientPrincipal;
+	private Checksum          checksum;
+	private int               clientMicroSecond;
+	private KerberosTime      clientTime;
+	private EncryptionKey     subSessionKey;
+	private int               sequenceNumber;
+	private AuthorizationData authorizationData;
+	
+	public Authenticator( KerberosPrincipal clientPrincipal, Checksum checksum,
+			int clientMicroSecond, KerberosTime clientTime, EncryptionKey subSessionKey,
+			int sequenceNumber, AuthorizationData authorizationData )
+	{
+		this( AUTHENTICATOR_VNO, clientPrincipal, checksum, clientMicroSecond, clientTime,
+		 		subSessionKey, sequenceNumber, authorizationData );
+	}
+
+	public Authenticator( int versionNumber, KerberosPrincipal clientPrincipal, Checksum checksum,
+			int clientMicroSecond, KerberosTime clientTime, EncryptionKey subSessionKey, int sequenceNumber,
+			AuthorizationData authorizationData )
+	{
+		this.versionNumber     = versionNumber;
+		this.clientPrincipal   = clientPrincipal;
+		this.checksum          = checksum;
+		this.clientMicroSecond = clientMicroSecond;
+		this.clientTime        = clientTime;
+		this.subSessionKey     = subSessionKey;
+		this.sequenceNumber    = sequenceNumber;
+		this.authorizationData = authorizationData;
+	}
+	
+	public KerberosPrincipal getClientPrincipal()
+	{
+		return clientPrincipal;
 	}
-	public int getSequenceNumber() {
-		return _sequenceNumber;
+	
+	public KerberosTime getClientTime()
+	{
+		return clientTime;
 	}
-	public EncryptionKey getSubSessionKey() {
-		return _subSessionKey;
+	
+	public int getClientMicroSecond()
+	{
+		return clientMicroSecond;
 	}
-	public int getVersionNumber() {
-		return _versionNumber;
+	
+	public AuthorizationData getAuthorizationData()
+	{
+		return authorizationData;
+	}
+	
+	public Checksum getChecksum()
+	{
+		return checksum;
+	}
+	
+	public int getSequenceNumber()
+	{
+		return sequenceNumber;
+	}
+	
+	public EncryptionKey getSubSessionKey()
+	{
+		return subSessionKey;
+	}
+	
+	public int getVersionNumber()
+	{
+		return versionNumber;
 	}
 }
 

Modified: incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/EncryptedTimeStamp.java
Url: http://svn.apache.org/viewcvs/incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/EncryptedTimeStamp.java?view=diff&rev=148857&p1=incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/EncryptedTimeStamp.java&r1=148856&p2=incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/EncryptedTimeStamp.java&r2=148857
==============================================================================
--- incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/EncryptedTimeStamp.java
(original)
+++ incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/EncryptedTimeStamp.java
Thu Jan 27 21:04:26 2005
@@ -14,26 +14,31 @@
  *   limitations under the License.
  *
  */
+
 package org.apache.kerberos.messages.value;
 
 /**
  * Pre-authentication encrypted timestamp
  */
-public class EncryptedTimeStamp {
-	private KerberosTime _timeStamp;
-	private int          _microSeconds; //optional
+public class EncryptedTimeStamp
+{
+	private KerberosTime timeStamp;
+	private int          microSeconds; //optional
 
-	public EncryptedTimeStamp(KerberosTime timeStamp, int microSeconds) {
-		_timeStamp = timeStamp;
-		_microSeconds = microSeconds;
+	public EncryptedTimeStamp( KerberosTime timeStamp, int microSeconds )
+	{
+		this.timeStamp    = timeStamp;
+		this.microSeconds = microSeconds;
 	}
 
-	public KerberosTime getTimeStamp() {
-		return _timeStamp;
+	public KerberosTime getTimeStamp()
+	{
+		return timeStamp;
 	}
 	
-	public int getMicroSeconds() {
-		return _microSeconds;
+	public int getMicroSeconds()
+	{
+		return microSeconds;
 	}
 }
 

Added: incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/EncryptedTimeStampModifier.java
Url: http://svn.apache.org/viewcvs/incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/EncryptedTimeStampModifier.java?view=auto&rev=148857
==============================================================================
--- (empty file)
+++ incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/EncryptedTimeStampModifier.java
Thu Jan 27 21:04:26 2005
@@ -0,0 +1,41 @@
+/*
+ *   Copyright 2005 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+
+package org.apache.kerberos.messages.value;
+
+
+public class EncryptedTimeStampModifier
+{
+	private KerberosTime timeStamp;
+	private int          microSecond; //optional
+	
+	public EncryptedTimeStamp getEncryptedTimestamp()
+    {
+        return new EncryptedTimeStamp( timeStamp, microSecond );
+	}
+	
+	public void setKerberosTime( KerberosTime timeStamp )
+    {
+		this.timeStamp = timeStamp;
+	}
+	
+	public void setMicroSecond( int microSecond )
+    {
+		this.microSecond = microSecond;
+	}
+}
+

Modified: incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/PreAuthenticationData.java
Url: http://svn.apache.org/viewcvs/incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/PreAuthenticationData.java?view=diff&rev=148857&p1=incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/PreAuthenticationData.java&r1=148856&p2=incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/PreAuthenticationData.java&r2=148857
==============================================================================
--- incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/PreAuthenticationData.java
(original)
+++ incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/PreAuthenticationData.java
Thu Jan 27 21:04:26 2005
@@ -14,14 +14,16 @@
  *   limitations under the License.
  *
  */
+
 package org.apache.kerberos.messages.value;
 
+
 public class PreAuthenticationData
 {
 	private PreAuthenticationDataType dataType;
 	private byte[]                    dataValue;
 	
-	public PreAuthenticationData(PreAuthenticationDataType dataType, byte[] dataValue)
+	public PreAuthenticationData( PreAuthenticationDataType dataType, byte[] dataValue )
     {
 		this.dataType  = dataType;
 		this.dataValue = dataValue;

Modified: incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/PreAuthenticationDataModifier.java
Url: http://svn.apache.org/viewcvs/incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/PreAuthenticationDataModifier.java?view=diff&rev=148857&p1=incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/PreAuthenticationDataModifier.java&r1=148856&p2=incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/PreAuthenticationDataModifier.java&r2=148857
==============================================================================
--- incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/PreAuthenticationDataModifier.java
(original)
+++ incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/PreAuthenticationDataModifier.java
Thu Jan 27 21:04:26 2005
@@ -14,8 +14,10 @@
  *   limitations under the License.
  *
  */
+
 package org.apache.kerberos.messages.value;
 
+
 public class PreAuthenticationDataModifier
 {
 	private PreAuthenticationDataType dataType;
@@ -23,15 +25,15 @@
 	
 	public PreAuthenticationData getPreAuthenticationData()
     {
-		return new PreAuthenticationData(dataType, dataValue);
+		return new PreAuthenticationData( dataType, dataValue );
 	}
 	
-	public void setDataType(PreAuthenticationDataType dataType)
+	public void setDataType( PreAuthenticationDataType dataType )
     {
 		this.dataType = dataType;
 	}
 	
-	public void setDataValue(byte[] dataValue)
+	public void setDataValue( byte[] dataValue )
     {
 		this.dataValue = dataValue;
 	}

Modified: incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/PreAuthenticationDataType.java
Url: http://svn.apache.org/viewcvs/incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/PreAuthenticationDataType.java?view=diff&rev=148857&p1=incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/PreAuthenticationDataType.java&r1=148856&p2=incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/PreAuthenticationDataType.java&r2=148857
==============================================================================
--- incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/PreAuthenticationDataType.java
(original)
+++ incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/PreAuthenticationDataType.java
Thu Jan 27 21:04:26 2005
@@ -14,75 +14,89 @@
  *   limitations under the License.
  *
  */
+
 package org.apache.kerberos.messages.value;
 
-import java.util.*;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
 
-public class PreAuthenticationDataType implements Comparable {
 
+public class PreAuthenticationDataType implements Comparable
+{
 	/**
 	 * Enumeration elements are constructed once upon class loading.
 	 * Order of appearance here determines the order of compareTo.
 	 */
-	public static final PreAuthenticationDataType NULL                   = new PreAuthenticationDataType(0,
"null");
-	public static final PreAuthenticationDataType PA_TGS_REQ             = new PreAuthenticationDataType(1,
"TGS Request");
-	public static final PreAuthenticationDataType PA_ENC_TIMESTAMP       = new PreAuthenticationDataType(2,
"Enc timestamp");
-	public static final PreAuthenticationDataType PA_PW_SALT             = new PreAuthenticationDataType(3,
"password salt");
-	public static final PreAuthenticationDataType PA_ENC_UNIX_TIME       = new PreAuthenticationDataType(5,
"enc unix time");
-	public static final PreAuthenticationDataType PA_SANDIA_SECUREID     = new PreAuthenticationDataType(6,
"sandia secureid");
-	public static final PreAuthenticationDataType PA_SESAME              = new PreAuthenticationDataType(7,
"sesame");
-	public static final PreAuthenticationDataType PA_OSF_DCE             = new PreAuthenticationDataType(8,
"OSF DCE");
-	public static final PreAuthenticationDataType PA_CYBERSAFE_SECUREID  = new PreAuthenticationDataType(9,
"cybersafe secureid");
-	public static final PreAuthenticationDataType PA_ASF3_SALT           = new PreAuthenticationDataType(10,
"ASF3 salt");
-	public static final PreAuthenticationDataType PA_ETYPE_INFO          = new PreAuthenticationDataType(11,
"encryption info");
-	public static final PreAuthenticationDataType SAM_CHALLENGE          = new PreAuthenticationDataType(12,
"SAM challenge");
-	public static final PreAuthenticationDataType SAM_RESPONSE           = new PreAuthenticationDataType(13,
"SAM response");
-	public static final PreAuthenticationDataType PA_PK_AS_REQ           = new PreAuthenticationDataType(14,
"PK as request");
-	public static final PreAuthenticationDataType PA_PK_AS_REP           = new PreAuthenticationDataType(15,
"PK as response");
-	public static final PreAuthenticationDataType PA_USE_SPECIFIED_KVNO  = new PreAuthenticationDataType(20,
"use specified key version");
-	public static final PreAuthenticationDataType SAM_REDIRECT           = new PreAuthenticationDataType(21,
"SAM redirect");
-	public static final PreAuthenticationDataType PA_GET_FROM_TYPED_DATA = new PreAuthenticationDataType(22,
"Get from typed data");
+	public static final PreAuthenticationDataType NULL                   = new PreAuthenticationDataType(
0, "null" );
+	public static final PreAuthenticationDataType PA_TGS_REQ             = new PreAuthenticationDataType(
1, "TGS Request." );
+	public static final PreAuthenticationDataType PA_ENC_TIMESTAMP       = new PreAuthenticationDataType(
2, "Encrypted timestamp." );
+	public static final PreAuthenticationDataType PA_PW_SALT             = new PreAuthenticationDataType(
3, "password salt" );
+	public static final PreAuthenticationDataType PA_ENC_UNIX_TIME       = new PreAuthenticationDataType(
5, "enc unix time" );
+	public static final PreAuthenticationDataType PA_SANDIA_SECUREID     = new PreAuthenticationDataType(
6, "sandia secureid" );
+	public static final PreAuthenticationDataType PA_SESAME              = new PreAuthenticationDataType(
7, "sesame" );
+	public static final PreAuthenticationDataType PA_OSF_DCE             = new PreAuthenticationDataType(
8, "OSF DCE" );
+	public static final PreAuthenticationDataType PA_CYBERSAFE_SECUREID  = new PreAuthenticationDataType(
9, "cybersafe secureid" );
+	public static final PreAuthenticationDataType PA_ASF3_SALT           = new PreAuthenticationDataType(
10, "ASF3 salt" );
+	public static final PreAuthenticationDataType PA_ETYPE_INFO          = new PreAuthenticationDataType(
11, "encryption info" );
+	public static final PreAuthenticationDataType SAM_CHALLENGE          = new PreAuthenticationDataType(
12, "SAM challenge." );
+	public static final PreAuthenticationDataType SAM_RESPONSE           = new PreAuthenticationDataType(
13, "SAM response." );
+	public static final PreAuthenticationDataType PA_PK_AS_REQ           = new PreAuthenticationDataType(
14, "PK as request" );
+	public static final PreAuthenticationDataType PA_PK_AS_REP           = new PreAuthenticationDataType(
15, "PK as response" );
+	public static final PreAuthenticationDataType PA_USE_SPECIFIED_KVNO  = new PreAuthenticationDataType(
20, "use specified key version" );
+	public static final PreAuthenticationDataType SAM_REDIRECT           = new PreAuthenticationDataType(
21, "SAM redirect." );
+	public static final PreAuthenticationDataType PA_GET_FROM_TYPED_DATA = new PreAuthenticationDataType(
22, "Get from typed data" );
 	
-	public String toString() {
-		return _fName + " (" + _fOrdinal + ")";
+	public String toString()
+	{
+		return name + " (" + ordinal + ")";
 	}
 
-	public int compareTo(Object that) {
-		return _fOrdinal - ((PreAuthenticationDataType) that)._fOrdinal;
+	public int compareTo( Object that )
+	{
+		return ordinal - ( (PreAuthenticationDataType) that ).ordinal;
 	}
 
-	public static PreAuthenticationDataType getTypeByOrdinal(int type) {
-		for (int i = 0; i < fValues.length; i++)
-			if (fValues[i]._fOrdinal == type)
-				return fValues[i];
+	public static PreAuthenticationDataType getTypeByOrdinal( int type )
+	{
+		for ( int ii = 0; ii < values.length; ii++ )
+		{
+			if ( values[ ii ].ordinal == type )
+			{
+				return values[ ii ];
+			}
+		}
+		
 		return NULL;
 	}
 	
-	public int getOrdinal() {
-		return _fOrdinal;
+	public int getOrdinal()
+	{
+		return ordinal;
 	}
 
 	/// PRIVATE /////
-	private final String _fName;
-	private final int    _fOrdinal;
+	private final String name;
+	private final int    ordinal;
 
 	/**
 	 * Private constructor prevents construction outside of this class.
 	 */
-	private PreAuthenticationDataType(int ordinal, String name) {
-		_fOrdinal = ordinal;
-		_fName    = name;
+	private PreAuthenticationDataType( int ordinal, String name )
+	{
+		this.ordinal = ordinal;
+		this.name    = name;
 	}
 
 	/**
 	 * These two lines are all that's necessary to export a List of VALUES.
 	 */
-	private static final PreAuthenticationDataType[] fValues = {NULL, PA_TGS_REQ,
+	private static final PreAuthenticationDataType[] values = { NULL, PA_TGS_REQ,
 			PA_ENC_TIMESTAMP, PA_PW_SALT, PA_ENC_UNIX_TIME, PA_SANDIA_SECUREID,
 			PA_SESAME, PA_OSF_DCE, PA_CYBERSAFE_SECUREID, PA_ASF3_SALT, PA_ETYPE_INFO,
 			SAM_CHALLENGE, SAM_RESPONSE, PA_PK_AS_REQ, PA_PK_AS_REP, PA_USE_SPECIFIED_KVNO,
-			SAM_REDIRECT, PA_GET_FROM_TYPED_DATA};
+			SAM_REDIRECT, PA_GET_FROM_TYPED_DATA };
 	// VALUES needs to be located here, otherwise illegal forward reference
-	public static final List VALUES = Collections.unmodifiableList(Arrays.asList(fValues));
+	public static final List VALUES = Collections.unmodifiableList( Arrays.asList( values )
);
 }
 

Mime
View raw message