directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Directory Wiki] Update of "Asn1Home" by EmmanuelLecharny
Date Sat, 30 Apr 2005 20:45:53 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Directory Wiki" for change notification.

The following page has been changed by EmmanuelLecharny:
http://wiki.apache.org/directory/Asn1Home

------------------------------------------------------------------------------
  This may seems very complicated, but we have to deal with this kind of constraints, as the
PDU that we can receive may be really strange, or built to break the server. 
  
  == Spnego ASN.1 State Automaton ==
+ The SPNEGO ASN.1 grammar seems very simple, but as there are a lot of optional elements,
it is not that simple to implement...
+ 
+ It is fully described in RFC 2478.
+ 
+ === Spnego Grammar ===
+ Here is the SPNEGO grammar :
+ 
+ {{{
+ 
+ NegotiationToken ::= CHOICE {
+     negTokenInit  [0]  NegTokenInit,
+     negTokenTarg  [1]  NegTokenTarg 
+ }
+ 
+ NegTokenInit ::= SEQUENCE {
+     mechTypes       [0] MechTypeList  OPTIONAL,
+     reqFlags        [1] ContextFlags  OPTIONAL,
+     mechToken       [2] OCTET STRING  OPTIONAL,
+     mechListMIC     [3] OCTET STRING  OPTIONAL
+ }
+ 
+ NegTokenTarg ::= SEQUENCE {
+     negResult      [0] ENUMERATED {
+                             accept_completed    (0),
+                             accept_incomplete   (1),
+                             reject              (2) }          OPTIONAL,
+     supportedMech  [1] MechType                                OPTIONAL,
+     responseToken  [2] OCTET STRING                            OPTIONAL,
+     mechListMIC    [3] OCTET STRING                            OPTIONAL
+ }
+ 
+ MechTypeList ::= SEQUENCE OF MechType
+ 
+ MechType::= OBJECT IDENTIFIER
+ 
+ ContextFlags ::= BIT STRING {
+         delegFlag       (0),
+         mutualFlag      (1),
+         replayFlag      (2),
+         sequenceFlag    (3),
+         anonFlag        (4),
+         confFlag        (5),
+         integFlag       (6)
+ }
+ 
+ }}}
+ 
+ === Spnego state automaton ===
+ 
+ Here is the state automaton of this grammar :
  
  attachment:spnego.png
+ 
+ We can see that the automaton is quite intricated. The following picture is a typical PDU
of the first part of this grammar : the '''Neg``Token``Init''' element :
+ 
+ attachment:spnego-pdu.png
+ 
+ Of course, as some elements are optional, this PDU could be very different. Here is another
PDU, where the '''req``Flags''' and the '''mech``List``MIC''' are missing :
+ 
+ attachement:spnego-pdu2.png
+ 
+ === Spnego used POJO's ===
+ 
+ We will store the result of a decoding in POJO's, where each constructed element is implemented
as a POJO.
+ 
+ Here is the class diagram that could be used to store a SPNEGO '''neg``Token``Init''' :
+ 
+ attachement:spnego-class-diag1.png
+ 
  
  
  == LDAP ASN.1 State Automaton ==

Mime
View raw message