directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From erodrig...@apache.org
Subject svn commit: r151463 - incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/TicketGrantingService.java
Date Sat, 05 Feb 2005 01:38:12 GMT
Author: erodriguez
Date: Fri Feb  4 17:38:11 2005
New Revision: 151463

URL: http://svn.apache.org/viewcvs?view=rev&rev=151463
Log:
Light refactoring of the ticket-granting service.

Modified:
    incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/TicketGrantingService.java

Modified: incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/TicketGrantingService.java
URL: http://svn.apache.org/viewcvs/incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/TicketGrantingService.java?view=diff&r1=151462&r2=151463
==============================================================================
--- incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/TicketGrantingService.java
(original)
+++ incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/TicketGrantingService.java
Fri Feb  4 17:38:11 2005
@@ -14,6 +14,7 @@
  *   limitations under the License.
  *
  */
+
 package org.apache.kerberos.kdc;
 
 import java.io.IOException;
@@ -55,8 +56,8 @@
 /**
  * RFC 1510 A.6.  KRB_TGS_REQ verification and KRB_TGS_REP generation
  */
-public class TicketGrantingService extends KerberosService {
-	
+public class TicketGrantingService extends KerberosService
+{
 	private KdcConfiguration config;
 
 	public TicketGrantingService( KdcConfiguration config, PrincipalStore bootstrap, PrincipalStore
store )
@@ -66,54 +67,62 @@
 		this.config = config;
 	}
 	
-	public TicketGrantReply getReplyFor(KdcRequest request) throws KerberosException, IOException
{
-		
-		ApplicationRequest authHeader = getAuthHeader(request);
+	public TicketGrantReply getReplyFor(KdcRequest request) throws KerberosException, IOException
+	{
+		ApplicationRequest authHeader = getAuthHeader( request );
 		
 		Ticket tgt = authHeader.getTicket();
 		
-		Authenticator authenticator = verifyAuthHeader(authHeader, tgt);
+		Authenticator authenticator = verifyAuthHeader( authHeader, tgt );
 		
-		verifyTicket(tgt, request.getServerPrincipal());
+		verifyTicket( tgt, request.getServerPrincipal() );
 		
-		verifyBodyChecksum(authenticator.getChecksum(), request);
+		verifyBodyChecksum( authenticator.getChecksum(), request );
 		
 		EncryptionKey sessionKey = new RandomKey().getNewSessionKey();
 		
-		EncryptionType eType = getBestEncryptionType(request.getEType());
+		EncryptionType eType = getBestEncryptionType( request.getEType() );
 		
-		Ticket newTicket = getNewTicket(request, tgt, sessionKey, authenticator);
+		Ticket newTicket = getNewTicket( request, tgt, sessionKey, authenticator );
 		
-		TicketGrantReply reply = getReply(tgt, newTicket, sessionKey, request);
+		TicketGrantReply reply = getReply( tgt, newTicket, sessionKey, request );
 		
-		if (authenticator.getSubSessionKey() != null) {
+		if ( authenticator.getSubSessionKey() != null )
+		{
 			EncryptionKey subKey = authenticator.getSubSessionKey();
-			encryptReplyPart(reply, subKey);
-		} else {
-			encryptReplyPart(reply, tgt.getSessionKey());
+			encryptReplyPart( reply, subKey );
+		}
+		else
+		{
+			encryptReplyPart( reply, tgt.getSessionKey() );
 		}
 		
 		return reply;
 	}
 	
-	private ApplicationRequest getAuthHeader(KdcRequest request) throws KerberosException, IOException
{
-		
-		if (request.getPreAuthData()[0].getDataType() != PreAuthenticationDataType.PA_TGS_REQ)
+	private ApplicationRequest getAuthHeader( KdcRequest request )
+			throws KerberosException, IOException
+	{
+		if ( request.getPreAuthData()[0].getDataType() != PreAuthenticationDataType.PA_TGS_REQ
)
+		{
 			throw KerberosException.KDC_ERR_PADATA_TYPE_NOSUPP;
+		}
 		
 		byte[] undecodedAuthHeader = request.getPreAuthData()[0].getDataValue();
 		ApplicationRequestDecoder decoder = new ApplicationRequestDecoder();
-		ApplicationRequest authHeader = decoder.decode(undecodedAuthHeader);
+		ApplicationRequest authHeader = decoder.decode( undecodedAuthHeader );
 		
 		return authHeader;
 	}
 
 	// TODO - configurable checksum
-	private void verifyBodyChecksum(Checksum authChecksum, KdcRequest request)
-			throws KerberosException {
-		
-		if (authChecksum == null)
+	private void verifyBodyChecksum( Checksum authChecksum, KdcRequest request )
+			throws KerberosException
+	{
+		if ( authChecksum == null )
+		{
 			throw KerberosException.KRB_AP_ERR_INAPP_CKSUM;
+		}
 		
 		/*
 		if (auth_hdr.authenticator.cksum type is not supported) then
@@ -129,28 +138,34 @@
 		
 		KdcReqBodyEncoder encoder = new KdcReqBodyEncoder();
 		byte[] bytes = null;
-		try {
-			bytes = encoder.encode(request);
-		} catch (IOException ioe) {
+		try
+		{
+			bytes = encoder.encode( request );
+		}
+		catch (IOException ioe)
+		{
 			ioe.printStackTrace();
 		}
 		
 		ChecksumEngine digester = new RsaMd5Checksum();
-		Checksum newChecksum = new Checksum(digester.checksumType(), digester.calculateChecksum(bytes));
+		Checksum newChecksum = new Checksum( digester.checksumType(), digester.calculateChecksum(
bytes ) );
 		
-		boolean equal = newChecksum.equals(authChecksum);
+		boolean equal = newChecksum.equals( authChecksum );
 		
-		if (!equal)
+		if ( !equal )
+		{
 			throw KerberosException.KRB_AP_ERR_MODIFIED;
+		}
 	}
 
-	private EncryptionKey getServerKey(KerberosPrincipal serverPrincipal) throws KerberosException
{
-		
+	private EncryptionKey getServerKey( KerberosPrincipal serverPrincipal )
+			throws KerberosException
+	{
 		EncryptionKey serverKey = null;
 		// TODO - allow lookup with realm
 		try
         {
-			serverKey = getKeyForPrincipal(serverPrincipal);
+			serverKey = getKeyForPrincipal( serverPrincipal );
 		}
         catch (Exception e)
         {
@@ -169,140 +184,187 @@
 		return serverKey;
 	}
 	
-	private Ticket getNewTicket(KdcRequest request, Ticket tgt, EncryptionKey sessionKey,
-			Authenticator authenticator) throws KerberosException {
-		
+	private Ticket getNewTicket( KdcRequest request, Ticket tgt, EncryptionKey sessionKey,
+			Authenticator authenticator ) throws KerberosException
+	{
 		KerberosPrincipal ticketPrincipal = request.getServerPrincipal();
 
 		EncTicketPartModifier newTicketBody = new EncTicketPartModifier();
 		
-		newTicketBody.setClientAddresses(tgt.getClientAddresses());
+		newTicketBody.setClientAddresses( tgt.getClientAddresses() );
 		
-		processFlags(request, tgt, newTicketBody);
+		processFlags( request, tgt, newTicketBody );
 		
-		newTicketBody.setSessionKey(sessionKey);
-		newTicketBody.setClientPrincipal(tgt.getClientPrincipal());
+		newTicketBody.setSessionKey( sessionKey );
+		newTicketBody.setClientPrincipal( tgt.getClientPrincipal() );
 		
-		AuthorizationData authData = processAuthorizationData(request, authenticator, tgt);
-		newTicketBody.setAuthorizationData(authData);
+		AuthorizationData authData = processAuthorizationData( request, authenticator, tgt );
+		newTicketBody.setAuthorizationData( authData );
 		
-		processTransited(newTicketBody, tgt);
+		processTransited( newTicketBody, tgt );
 		
-		processTimes(request, newTicketBody, tgt);
+		processTimes( request, newTicketBody, tgt );
 		
-		EncryptionKey serverKey = getServerKey(request.getServerPrincipal());
+		EncryptionKey serverKey = getServerKey( request.getServerPrincipal() );
 		
 		EncTicketPart ticketPart = newTicketBody.getEncTicketPart();
 		
-		EncryptedData encryptedData = encryptTicketPart(ticketPart, serverKey, request);
+		EncryptedData encryptedData = encryptTicketPart( ticketPart, serverKey, request );
 		
-		Ticket newTicket = new Ticket(ticketPrincipal, encryptedData);
-		newTicket.setEncTicketPart(ticketPart);
+		Ticket newTicket = new Ticket( ticketPrincipal, encryptedData );
+		newTicket.setEncTicketPart( ticketPart );
 		
 		return newTicket;
 	}
 	
-	private void processFlags(KdcRequest request, Ticket tgt, EncTicketPartModifier newTicketBody)

-			throws KerberosException {
-		
-		if (request.getOption(KdcOptions.FORWARDABLE)) {
-			if (!tgt.getFlag(TicketFlags.FORWARDABLE))
+	private void processFlags( KdcRequest request, Ticket tgt, EncTicketPartModifier newTicketBody
) 
+			throws KerberosException
+	{
+		if ( request.getOption( KdcOptions.FORWARDABLE ) )
+		{
+			if ( !tgt.getFlag( TicketFlags.FORWARDABLE ) )
+			{
 				throw KerberosException.KDC_ERR_BADOPTION;
-			newTicketBody.setFlag(TicketFlags.FORWARDABLE);
+			}
+			
+			newTicketBody.setFlag( TicketFlags.FORWARDABLE );
 		}
 
-		if (request.getOption(KdcOptions.FORWARDED)) {
-			if (!tgt.getFlag(TicketFlags.FORWARDABLE))
+		if ( request.getOption( KdcOptions.FORWARDED ) )
+		{
+			if ( !tgt.getFlag( TicketFlags.FORWARDABLE ) )
+			{
 				throw KerberosException.KDC_ERR_BADOPTION;
-			newTicketBody.setFlag(TicketFlags.FORWARDED);
-			newTicketBody.setClientAddresses(request.getAddresses());
+			}
+			newTicketBody.setFlag( TicketFlags.FORWARDED );
+			newTicketBody.setClientAddresses( request.getAddresses() );
 			// reply.setClientAddresses(request.getClientAddresses()); moved to getReply
 		}
 		
-		if (tgt.getFlag(TicketFlags.FORWARDED))
+		if ( tgt.getFlag( TicketFlags.FORWARDED ) )
+		{
 			newTicketBody.setFlag(TicketFlags.FORWARDED);
+		}
 
-		if (request.getOption(KdcOptions.PROXIABLE)) {
-			if (!tgt.getFlag(TicketFlags.PROXIABLE))
+		if ( request.getOption( KdcOptions.PROXIABLE ) )
+		{
+			if ( !tgt.getFlag( TicketFlags.PROXIABLE ) )
+			{
 				throw KerberosException.KDC_ERR_BADOPTION;
-			newTicketBody.setFlag(TicketFlags.PROXIABLE);
+			}
+			
+			newTicketBody.setFlag( TicketFlags.PROXIABLE );
 		}
 		
-		if (request.getOption(KdcOptions.PROXY)) {
-			if (!tgt.getFlag(TicketFlags.PROXIABLE))
+		if ( request.getOption( KdcOptions.PROXY ) )
+		{
+			if ( !tgt.getFlag( TicketFlags.PROXIABLE ) )
+			{
 				throw KerberosException.KDC_ERR_BADOPTION;
-			newTicketBody.setFlag(TicketFlags.PROXY);
-			newTicketBody.setClientAddresses(request.getAddresses());
+			}
+			
+			newTicketBody.setFlag( TicketFlags.PROXY );
+			newTicketBody.setClientAddresses( request.getAddresses() );
 			// reply.setClientAddresses(request.getClientAddresses()); moved to getReply
 		}
 		
-		if (request.getOption(KdcOptions.ALLOW_POSTDATE)) {
-			if (!tgt.getFlag(TicketFlags.MAY_POSTDATE))
+		if ( request.getOption( KdcOptions.ALLOW_POSTDATE ) )
+		{
+			if ( !tgt.getFlag( TicketFlags.MAY_POSTDATE ) )
+			{
 				throw KerberosException.KDC_ERR_BADOPTION;
-			newTicketBody.setFlag(TicketFlags.MAY_POSTDATE);
+			}
+			
+			newTicketBody.setFlag( TicketFlags.MAY_POSTDATE );
 		}
 		
-		if (request.getOption(KdcOptions.POSTDATED)) {
-			if (!tgt.getFlag(TicketFlags.MAY_POSTDATE))
+		if ( request.getOption( KdcOptions.POSTDATED ) )
+		{
+			if ( !tgt.getFlag( TicketFlags.MAY_POSTDATE ) )
+			{
 				throw KerberosException.KDC_ERR_BADOPTION;
-			newTicketBody.setFlag(TicketFlags.POSTDATED);
-			newTicketBody.setFlag(TicketFlags.INVALID);
+			}
+			
+			newTicketBody.setFlag( TicketFlags.POSTDATED );
+			newTicketBody.setFlag( TicketFlags.INVALID );
 			
-			if (!config.isPostdateAllowed())
+			if ( !config.isPostdateAllowed() )
+			{
 				throw KerberosException.KDC_ERR_POLICY;
+			}
 			
-			newTicketBody.setStartTime(request.getFrom());
+			newTicketBody.setStartTime( request.getFrom() );
 		}
 
-		if (request.getOption(KdcOptions.VALIDATE)) {
-			if (!tgt.getFlag(TicketFlags.INVALID))
+		if ( request.getOption( KdcOptions.VALIDATE ) )
+		{
+			if ( !tgt.getFlag( TicketFlags.INVALID ) )
+			{
 				throw KerberosException.KDC_ERR_POLICY;
-			if (tgt.getStartTime().greaterThan(new KerberosTime()))
+			}
+			
+			if ( tgt.getStartTime().greaterThan( new KerberosTime() ) )
+			{
 				throw KerberosException.KRB_AP_ERR_TKT_NYV;
+			}
+			
 			/*
 	        if (check_hot_list(tgt)) then
             	error_out(KRB_AP_ERR_REPEAT);
 	        endif
 	        */
 			
-			echoTicket(newTicketBody, tgt);
-			newTicketBody.clearFlag(TicketFlags.INVALID);
+			echoTicket( newTicketBody, tgt );
+			newTicketBody.clearFlag( TicketFlags.INVALID );
 		}
 
-		if (request.getOption(KdcOptions.RESERVED) ||
-				request.getOption(KdcOptions.RENEWABLE) ||
-				request.getOption(KdcOptions.RENEWABLE_OK))
+		if ( request.getOption( KdcOptions.RESERVED ) ||
+				request.getOption( KdcOptions.RENEWABLE ) ||
+				request.getOption( KdcOptions.RENEWABLE_OK ) )
+		{
 				throw KerberosException.KRB_AP_ERR_TKT_NYV;
+		}
 	}
 	
-	private void processTimes(KdcRequest request, EncTicketPartModifier newTicketBody, Ticket
tgt)
-			throws KerberosException {
-		
+	private void processTimes( KdcRequest request, EncTicketPartModifier newTicketBody, Ticket
tgt )
+			throws KerberosException
+	{
 		KerberosTime now = new KerberosTime();
 		
-		newTicketBody.setAuthTime(tgt.getAuthTime());
+		newTicketBody.setAuthTime( tgt.getAuthTime() );
 		
 		KerberosTime renewalTime = null;
 		
-		if (request.getOption(KdcOptions.RENEW))
+		if ( request.getOption( KdcOptions.RENEW ) )
         {
-			if (!tgt.getFlag(TicketFlags.RENEWABLE))
+			if ( !tgt.getFlag( TicketFlags.RENEWABLE ) )
+			{
 				throw KerberosException.KDC_ERR_BADOPTION;
-			if (tgt.getRenewTill().greaterThan(now))
+			}
+			
+			if ( tgt.getRenewTill().greaterThan( now ) )
+			{
 				throw KerberosException.KRB_AP_ERR_TKT_EXPIRED;
+			}
 
-            echoTicket(newTicketBody, tgt);
+            echoTicket( newTicketBody, tgt );
 
-            newTicketBody.setStartTime(now);
+            newTicketBody.setStartTime( now );
 			long oldLife = tgt.getEndTime().getTime() - tgt.getStartTime().getTime();
-			newTicketBody.setEndTime(new KerberosTime(Math.min(tgt.getRenewTill().getTime(), now.getTime()
+ oldLife)));
-		} else {
-			newTicketBody.setStartTime(now);
+			newTicketBody.setEndTime( new KerberosTime( Math.min( tgt.getRenewTill().getTime(), now.getTime()
+ oldLife ) ) );
+		}
+		else
+		{
+			newTicketBody.setStartTime( now );
 			KerberosTime till;
-			if (request.getTill().isZero())
+			if ( request.getTill().isZero() )
+			{
 				till = KerberosTime.INFINITY;
+			}
 			else
+			{
 				till = request.getTill();
+			}
 			
 			// TODO - config; requires store
 			/*
@@ -310,35 +372,42 @@
             new_tkt.starttime+server.max_life,
             */
 			List minimizer = new ArrayList();
-			minimizer.add(till);
-			minimizer.add(new KerberosTime(now.getTime() + config.getMaximumTicketLifetime()));
-			minimizer.add(tgt.getEndTime());
-			KerberosTime minTime = (KerberosTime)Collections.min(minimizer);
-			newTicketBody.setEndTime(minTime);
-			
-			if (request.getOption(KdcOptions.RENEWABLE_OK) &&
-					minTime.lessThan(request.getTill()) &&
-					tgt.getFlag(TicketFlags.RENEWABLE)) {
+			minimizer.add( till );
+			minimizer.add( new KerberosTime( now.getTime() + config.getMaximumTicketLifetime() ) );
+			minimizer.add( tgt.getEndTime() );
+			KerberosTime minTime = (KerberosTime)Collections.min( minimizer );
+			newTicketBody.setEndTime( minTime );
+			
+			if ( request.getOption( KdcOptions.RENEWABLE_OK ) &&
+					minTime.lessThan( request.getTill() ) &&
+					tgt.getFlag( TicketFlags.RENEWABLE ) )
+			{
                 // we set the RENEWABLE option for later processing                     
     
-				request.setOption(KdcOptions.RENEWABLE);
-				long rtime = Math.min(request.getTill().getTime(), tgt.getRenewTill().getTime());
-				renewalTime = new KerberosTime(rtime);
+				request.setOption( KdcOptions.RENEWABLE );
+				long rtime = Math.min( request.getTill().getTime(), tgt.getRenewTill().getTime() );
+				renewalTime = new KerberosTime( rtime );
 			}
 		}
 		
-		if (renewalTime == null) {
+		if ( renewalTime == null )
+		{
 			renewalTime = request.getRtime();
 		}
 		
 		KerberosTime rtime;
-		if (renewalTime != null && renewalTime.isZero())
+		if ( renewalTime != null && renewalTime.isZero() )
+		{
 			rtime = KerberosTime.INFINITY;
+		}
 		else
+		{
 			rtime = renewalTime;
+		}
 		
-		if (request.getOption(KdcOptions.RENEWABLE) &&
-				tgt.getFlag(TicketFlags.RENEWABLE)) {
-			newTicketBody.setFlag(TicketFlags.RENEWABLE);
+		if ( request.getOption( KdcOptions.RENEWABLE ) &&
+				tgt.getFlag( TicketFlags.RENEWABLE ) )
+		{
+			newTicketBody.setFlag( TicketFlags.RENEWABLE );
 			
 			/*
 	        new_tkt.starttime+client.max_rlife,
@@ -346,34 +415,40 @@
 	        */
 			// TODO - client and server configurable; requires store 
 			List minimizer = new ArrayList();
-			minimizer.add(rtime);
-			minimizer.add(new KerberosTime(now.getTime() + config.getMaximumRenewableLifetime()));
-			minimizer.add(tgt.getRenewTill());
-			newTicketBody.setRenewTill((KerberosTime)Collections.min(minimizer));
+			minimizer.add( rtime );
+			minimizer.add( new KerberosTime( now.getTime() + config.getMaximumRenewableLifetime()
) );
+			minimizer.add( tgt.getRenewTill() );
+			newTicketBody.setRenewTill( (KerberosTime)Collections.min( minimizer ) );
 		}
 	}
 
-    private AuthorizationData processAuthorizationData(KdcRequest request,
-			Authenticator authHeader, Ticket tgt) throws KerberosException {
-
+    private AuthorizationData processAuthorizationData( KdcRequest request,
+			Authenticator authHeader, Ticket tgt ) throws KerberosException
+	{
 		AuthorizationData authData = null;
 
-		if (request.getEncAuthorizationData() != null) {
-			try {
+		if ( request.getEncAuthorizationData() != null )
+		{
+			try
+			{
                 EncryptionEngine engine = EncryptionEngineFactory.getEncryptionEngineFor(
authHeader.getSubSessionKey() );
-
-				byte[] decryptedAuthData = engine.getDecryptedData(authHeader.getSubSessionKey(),
-						request.getEncAuthorizationData());
+                
+				byte[] decryptedAuthData = engine.getDecryptedData( authHeader.getSubSessionKey(),
+						request.getEncAuthorizationData() );
 				AuthorizationDataDecoder decoder = new AuthorizationDataDecoder();
-				authData = decoder.decode(decryptedAuthData);
-			} catch (KerberosException e) {
+				authData = decoder.decode( decryptedAuthData );
+			}
+			catch (KerberosException e)
+			{
 				throw KerberosException.KRB_AP_ERR_BAD_INTEGRITY;
-			} catch (IOException ioe) {
+			}
+			catch (IOException ioe)
+			{
 				throw KerberosException.KRB_AP_ERR_BAD_INTEGRITY;
 			}
 
 			AuthorizationData ticketData = tgt.getAuthorizationData();
-			authData.add(ticketData);
+			authData.add( ticketData );
 		}
 		
 		return authData;
@@ -391,27 +466,29 @@
 	        new_tkt.transited := compress_transited(tgt.transited + tgt.realm)
 	endif
 	*/
-	private void processTransited(EncTicketPartModifier newTicketBody, Ticket tgt) {
+	private void processTransited( EncTicketPartModifier newTicketBody, Ticket tgt )
+	{
 		// TODO - currently no transited support other than local
-		newTicketBody.setTransitedEncoding(tgt.getTransitedEncoding());
+		newTicketBody.setTransitedEncoding( tgt.getTransitedEncoding() );
 	}
 	
-	private EncryptedData encryptTicketPart(EncTicketPart newTicketBody, EncryptionKey serverKey,
-			KdcRequest request) throws KerberosException {
-		
+	private EncryptedData encryptTicketPart( EncTicketPart newTicketBody, EncryptionKey serverKey,
+			KdcRequest request ) throws KerberosException
+	{
 		byte[] encodedTicket = null;
 		
 		EncTicketPartEncoder encoder = new EncTicketPartEncoder();
 		try
         {
-			encodedTicket = encoder.encode(newTicketBody);
+			encodedTicket = encoder.encode( newTicketBody );
 		}
         catch (IOException ioe)
         {
 			ioe.printStackTrace();
 		}
 		
-		if (request.getOption(KdcOptions.ENC_TKT_IN_SKEY)) {
+		if ( request.getOption( KdcOptions.ENC_TKT_IN_SKEY ) )
+		{
 			/*
 			if (server not specified) then
 				server = req.second_ticket.client;
@@ -423,48 +500,57 @@
 			new_tkt.enc-part := encrypt OCTET STRING
 				using etype_for_key(second-ticket.key), second-ticket.key;
 			*/
-		} else {
+		}
+		else
+		{
 			// encrypt with serverKey
 		}
+		
         EncryptionEngine engine = EncryptionEngineFactory.getEncryptionEngineFor( serverKey
);
 
-		return engine.getEncryptedData(serverKey, encodedTicket);
+		return engine.getEncryptedData( serverKey, encodedTicket );
 	}
 	
-	private void encryptReplyPart(TicketGrantReply reply, EncryptionKey key) {
+	private void encryptReplyPart( TicketGrantReply reply, EncryptionKey key )
+	{
 		EncTgsRepPartEncoder encoder = new EncTgsRepPartEncoder();
-		try {
-			byte[] plainText = encoder.encode(reply);
+		try
+		{
+			byte[] plainText = encoder.encode( reply );
             EncryptionEngine engine = EncryptionEngineFactory.getEncryptionEngineFor( key
);
 
-			EncryptedData cipherText = engine.getEncryptedData(key, plainText);
+			EncryptedData cipherText = engine.getEncryptedData( key, plainText );
 
-			reply.setEncPart(cipherText);
+			reply.setEncPart( cipherText );
 			
-		} catch (Exception e) {
+		}
+		catch (Exception e)
+		{
 			e.printStackTrace();
 		}
 	}
 	
-	private TicketGrantReply getReply(Ticket tgt, Ticket newTicket,
-			EncryptionKey sessionKey, KdcRequest request) {
-		
+	private TicketGrantReply getReply( Ticket tgt, Ticket newTicket,
+			EncryptionKey sessionKey, KdcRequest request )
+	{
 		TicketGrantReply reply = new TicketGrantReply();
-		reply.setClientPrincipal(tgt.getClientPrincipal());
-		reply.setTicket(newTicket);
-		reply.setKey(sessionKey);
-		reply.setNonce(request.getNonce());
+		reply.setClientPrincipal( tgt.getClientPrincipal() );
+		reply.setTicket( newTicket );
+		reply.setKey( sessionKey );
+		reply.setNonce( request.getNonce() );
 		// TODO - resp.last-req := fetch_last_request_info(client); requires store
-		reply.setLastRequest(new LastRequest());
-		reply.setFlags(newTicket.getFlags());
-		reply.setClientAddresses(newTicket.getClientAddresses());
-		reply.setAuthTime(newTicket.getAuthTime());
-		reply.setStartTime(newTicket.getStartTime());
-		reply.setEndTime(newTicket.getEndTime());
-		reply.setServerPrincipal(newTicket.getServerPrincipal());
-		
-		if (newTicket.getFlag(TicketFlags.RENEWABLE))
-			reply.setRenewTill(newTicket.getRenewTill());
+		reply.setLastRequest( new LastRequest() );
+		reply.setFlags( newTicket.getFlags() );
+		reply.setClientAddresses( newTicket.getClientAddresses() );
+		reply.setAuthTime( newTicket.getAuthTime() );
+		reply.setStartTime( newTicket.getStartTime() );
+		reply.setEndTime( newTicket.getEndTime() );
+		reply.setServerPrincipal( newTicket.getServerPrincipal() );
+		
+		if ( newTicket.getFlag( TicketFlags.RENEWABLE ) )
+		{
+			reply.setRenewTill( newTicket.getRenewTill() );
+		}
 		
 		return reply;
 	}



Mime
View raw message