directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From akaras...@apache.org
Subject svn commit: r220258 - in /directory/protocol-providers/kerberos/trunk: project.xml src/java/org/apache/kerberos/kdc/AuthenticationService.java src/java/org/apache/kerberos/protocol/KerberosProtocolHandler.java
Date Fri, 22 Jul 2005 07:35:24 GMT
Author: akarasulu
Date: Fri Jul 22 00:35:23 2005
New Revision: 220258

URL: http://svn.apache.org/viewcvs?rev=220258&view=rev
Log:
changes ...

 o added temporary dep on commons logging for this release
 o added logging statements replacing system.out lines
 o removed tabs
 o fixed bad formatting due to tabs
 

Modified:
    directory/protocol-providers/kerberos/trunk/project.xml
    directory/protocol-providers/kerberos/trunk/src/java/org/apache/kerberos/kdc/AuthenticationService.java
    directory/protocol-providers/kerberos/trunk/src/java/org/apache/kerberos/protocol/KerberosProtocolHandler.java

Modified: directory/protocol-providers/kerberos/trunk/project.xml
URL: http://svn.apache.org/viewcvs/directory/protocol-providers/kerberos/trunk/project.xml?rev=220258&r1=220257&r2=220258&view=diff
==============================================================================
--- directory/protocol-providers/kerberos/trunk/project.xml (original)
+++ directory/protocol-providers/kerberos/trunk/project.xml Fri Jul 22 00:35:23 2005
@@ -75,16 +75,22 @@
       <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
     </license>
   </licenses>
+
   <dependencies>
     <dependency>
+      <groupId>commons-logging</groupId>
+      <artifactId>commons-logging</artifactId>
+      <version>1.0.4</version>
+    </dependency>
+    <dependency>
       <groupId>directory-shared</groupId>
       <artifactId>kerberos-common</artifactId>
-      <version>0.4</version>
+      <version>0.5-SNAPSHOT</version>
     </dependency>
     <dependency>
       <groupId>directory-network</groupId>
       <artifactId>mina</artifactId>
-      <version>0.7</version>
+      <version>0.7.3</version>
     </dependency>
     <dependency>
       <groupId>junit</groupId>

Modified: directory/protocol-providers/kerberos/trunk/src/java/org/apache/kerberos/kdc/AuthenticationService.java
URL: http://svn.apache.org/viewcvs/directory/protocol-providers/kerberos/trunk/src/java/org/apache/kerberos/kdc/AuthenticationService.java?rev=220258&r1=220257&r2=220258&view=diff
==============================================================================
--- directory/protocol-providers/kerberos/trunk/src/java/org/apache/kerberos/kdc/AuthenticationService.java
(original)
+++ directory/protocol-providers/kerberos/trunk/src/java/org/apache/kerberos/kdc/AuthenticationService.java
Fri Jul 22 00:35:23 2005
@@ -58,377 +58,413 @@
 import org.apache.kerberos.service.KerberosService;
 import org.apache.kerberos.store.PrincipalStore;
 import org.apache.kerberos.store.PrincipalStoreEntry;
+import org.apache.commons.logging.LogFactory;
+import org.apache.commons.logging.Log;
 
 
 public class AuthenticationService extends KerberosService
 {
+    /** the log for this class */
+    private static final Log log = LogFactory.getLog( AuthenticationService.class );
+
     static
     {
+        log.debug( "Initializing SAM subsystem" );
         SamSubsystem.getInstance().setIntegrityChecker( new TimestampChecker() );
     }
     
-	public AuthenticationService( KdcConfiguration config, PrincipalStore store )
+    public AuthenticationService( KdcConfiguration config, PrincipalStore store )
     {
         super( config, store );
-	}
-	
-	public AuthenticationReply getReplyFor( KdcRequest request ) throws KerberosException
-	{
-	    EncryptionKey clientKey = verifyPreAuthentication( request );
-	    
-		Ticket ticket = generateNewTicket( request );
-		
-		AuthenticationReply reply = getAuthenticationReply( request, ticket );
-		
-		encryptReplyPart( reply, clientKey );
-		
-		return reply;
-	}
-	
-	private EncryptionKey verifyPreAuthentication( KdcRequest request )
-		throws KerberosException
-	{
-		KerberosPrincipal clientPrincipal = request.getClientPrincipal();
-		
-		PrincipalStoreEntry entry = getEntryForClient( clientPrincipal );
-		
+    }
+
+    public AuthenticationReply getReplyFor( KdcRequest request ) throws KerberosException
+    {
+        if ( log.isDebugEnabled() )
+        {
+            log.debug( "Responding to authentication request:"
+                    + "\n\trealm:                 " + request.getRealm()
+                    + "\n\tserverPrincipal:       " + request.getServerPrincipal()
+                    + "\n\tclientPrincipal:       " + request.getClientPrincipal()
+                    + "\n\thostAddresses:         " + request.getAddresses()
+                    + "\n\tencryptionType:        " + request.getEType()
+                    + "\n\tfrom krb time:         " + request.getFrom()
+                    + "\n\trealm krb time:        " + request.getRtime()
+                    + "\n\tkdcOptions:            " + request.getKdcOptions()
+                    + "\n\tmessageType:           " + request.getMessageType()
+                    + "\n\tnonce:                 " + request.getNonce()
+                    + "\n\tprotocolVersionNumber: " + request.getProtocolVersionNumber()
+                    + "\n\ttill:                  " + request.getTill()
+                     );
+        }
+
+        EncryptionKey clientKey = verifyPreAuthentication( request );
+        Ticket ticket = generateNewTicket( request );
+        AuthenticationReply reply = getAuthenticationReply( request, ticket );
+        encryptReplyPart( reply, clientKey );
+        return reply;
+    }
+
+    private EncryptionKey verifyPreAuthentication( KdcRequest request )
+        throws KerberosException
+    {
+        KerberosPrincipal clientPrincipal = request.getClientPrincipal();
+        PrincipalStoreEntry entry = getEntryForClient( clientPrincipal );
         EncryptionKey clientKey = null;
         
-		if ( entry.getSamType() == null )
-		{
-		    clientKey = entry.getEncryptionKey();
-		    
-	        if ( clientKey == null )
-	        {
-	            throw new KerberosException( ErrorType.KDC_ERR_NULL_KEY );
-	        }
-		    
-		    if ( config.isPaEncTimestampRequired() )
-		    {
-			    PreAuthenticationData[] preAuthData = request.getPreAuthData();
-			    
-		        if ( preAuthData == null )
-		        {
-		            throw new KerberosException( ErrorType.KDC_ERR_PREAUTH_REQUIRED, preparePreAuthenticationError()
);
-		        }
-		        
-		        EncryptedTimeStamp timestamp = null;
-		        
-			    for ( int ii = 0; ii < preAuthData.length; ii++ )
-			    {
-			        if ( preAuthData[ ii ].getDataType().equals( PreAuthenticationDataType.PA_ENC_TIMESTAMP
) )
-			        {
-			    		try
-			    		{
-			    		    EncryptedData dataValue = EncryptedDataDecoder.decode( preAuthData[ ii ].getDataValue()
);
-			    		    
-			                EncryptionEngine engine = EncryptionEngineFactory.getEncryptionEngineFor(
clientKey );
-			                
-			    			byte[] decTimestamp = engine.getDecryptedData( clientKey, dataValue );
-			    			
-			    			EncryptedTimestampDecoder timeStampDecoder = new EncryptedTimestampDecoder();
-			    			timestamp = timeStampDecoder.decode( decTimestamp );
-			    		}
-			    		catch (KerberosException ke)
-			    		{
-			    			throw new KerberosException( ErrorType.KRB_AP_ERR_BAD_INTEGRITY );
-			    		}
-			    		catch (IOException ioe)
-			    		{
-			    		    throw new KerberosException( ErrorType.KRB_AP_ERR_BAD_INTEGRITY );
-			    		}
-			    		catch (ClassCastException cce)
-			    		{
-			    		    throw new KerberosException( ErrorType.KRB_AP_ERR_BAD_INTEGRITY );
-			    		}
-			        }
-			    }
-			    
-		        if ( timestamp == null )
-		        {
-		            throw new KerberosException( ErrorType.KDC_ERR_PREAUTH_REQUIRED, preparePreAuthenticationError()
);
-		        }
-			    
-	    		if ( !timestamp.getTimeStamp().isInClockSkew( config.getClockSkew() ) )
-	    		{
-	    		    throw new KerberosException( ErrorType.KDC_ERR_PREAUTH_FAILED );
-	    		}
-	    		
-	    		/*
-		        if(decrypted_enc_timestamp and usec is replay)
-		                error_out(KDC_ERR_PREAUTH_FAILED);
-		        endif
-		        
-		        add decrypted_enc_timestamp and usec to replay cache;
-	    		*/
-		    }
-		}
-		else
-		{
-		    PreAuthenticationData[] preAuthData = request.getPreAuthData();
-		    
-	        if ( preAuthData == null || preAuthData.length == 0 )
-	        {
-	            throw new KerberosException( ErrorType.KDC_ERR_PREAUTH_REQUIRED, preparePreAuthenticationError()
);
-	        }
-	        
-		    try
-		    {
-			    for ( int ii = 0; ii < preAuthData.length; ii++ )
-			    {
-			        if ( preAuthData[ii].getDataType().equals( PreAuthenticationDataType.PA_ENC_TIMESTAMP
) )
-			        {
-		    		    KerberosKey samKey = SamSubsystem.getInstance().verify( entry, preAuthData[ii].getDataValue()
);
-		    		    clientKey = new EncryptionKey( EncryptionType.getTypeByOrdinal( samKey.getKeyType()
), samKey.getEncoded() );
-			        }
-			    }
-		    }
-		    catch (SamException se)
-		    {
-		        throw new KerberosException( 60, se.getMessage() );
-		    }
-	    }
-	    
-	    System.out.println( "Ticket will be issued to client " + clientPrincipal.toString()
+ "." );
-	    
-	    return clientKey;
-	}
-	
-	private byte[] preparePreAuthenticationError()
-	{
-	    PreAuthenticationData[] paDataSequence = new PreAuthenticationData[ 2 ];
-	    
-	    PreAuthenticationDataModifier modifier = new PreAuthenticationDataModifier();
-	    modifier.setDataType( PreAuthenticationDataType.PA_ENC_TIMESTAMP );
-	    modifier.setDataValue( new byte[ 0 ] );
-	    
-	    paDataSequence[ 0 ] = modifier.getPreAuthenticationData();
-	    
-	    EncryptionTypeInfoEntry[] entries = new EncryptionTypeInfoEntry[ 1 ];
-	    entries[ 0 ] = new EncryptionTypeInfoEntry( EncryptionType.DES_CBC_MD5, null );
-	    
-	    byte[] encTypeInfo = null;
-	    
-	    try
-	    {
-	        encTypeInfo = EncryptionTypeInfoEncoder.encode( entries );
-	    }
-	    catch (IOException ioe)
-	    {
-	        ioe.printStackTrace();
-	        return null;
-	    }
-	    
-	    PreAuthenticationDataModifier encTypeModifier = new PreAuthenticationDataModifier();
-	    encTypeModifier.setDataType( PreAuthenticationDataType.PA_ENCTYPE_INFO );
-	    encTypeModifier.setDataValue( encTypeInfo );
-	    
-	    paDataSequence[ 1 ] = encTypeModifier.getPreAuthenticationData();
-	    
-	    try
-	    {
-	        return PreAuthenticationDataEncoder.encode( paDataSequence );
-	    }
-	    catch (IOException ioe)
-	    {
-	        ioe.printStackTrace();
-	        return null;
-	    }
-	}
-	
-	// TODO - client and server parameters; requires store
-	private Ticket generateNewTicket( KdcRequest request ) throws KerberosException
-	{
-		KerberosPrincipal serverPrincipal = request.getServerPrincipal();
-		
+        if ( entry.getSamType() == null )
+        {
+            if ( log.isDebugEnabled() )
+            {
+                log.debug( "entry for client principal " + clientPrincipal.getName()
+                        + " has no SAM type: proceeding with standard pre-authentication"
);
+            }
+
+            clientKey = entry.getEncryptionKey();
+
+            if ( clientKey == null )
+            {
+                throw new KerberosException( ErrorType.KDC_ERR_NULL_KEY );
+            }
+
+            if ( config.isPaEncTimestampRequired() )
+            {
+                PreAuthenticationData[] preAuthData = request.getPreAuthData();
+
+                if ( preAuthData == null )
+                {
+                    throw new KerberosException( ErrorType.KDC_ERR_PREAUTH_REQUIRED, preparePreAuthenticationError()
);
+                }
+
+                EncryptedTimeStamp timestamp = null;
+
+                for ( int ii = 0; ii < preAuthData.length; ii++ )
+                {
+                    if ( preAuthData[ ii ].getDataType().equals( PreAuthenticationDataType.PA_ENC_TIMESTAMP
) )
+                    {
+                        try
+                        {
+                            EncryptedData dataValue = EncryptedDataDecoder.decode( preAuthData[
ii ].getDataValue() );
+                            EncryptionEngine engine = EncryptionEngineFactory.getEncryptionEngineFor(
clientKey );
+                            byte[] decTimestamp = engine.getDecryptedData( clientKey, dataValue
);
+
+                            EncryptedTimestampDecoder timeStampDecoder = new EncryptedTimestampDecoder();
+                            timestamp = timeStampDecoder.decode( decTimestamp );
+                        }
+                        catch (KerberosException ke)
+                        {
+                            throw new KerberosException( ErrorType.KRB_AP_ERR_BAD_INTEGRITY
);
+                        }
+                        catch (IOException ioe)
+                        {
+                            throw new KerberosException( ErrorType.KRB_AP_ERR_BAD_INTEGRITY
);
+                        }
+                        catch (ClassCastException cce)
+                        {
+                            throw new KerberosException( ErrorType.KRB_AP_ERR_BAD_INTEGRITY
);
+                        }
+                    }
+                }
+
+                if ( timestamp == null )
+                {
+                    throw new KerberosException( ErrorType.KDC_ERR_PREAUTH_REQUIRED, preparePreAuthenticationError()
);
+                }
+
+                if ( !timestamp.getTimeStamp().isInClockSkew( config.getClockSkew() ) )
+                {
+                    throw new KerberosException( ErrorType.KDC_ERR_PREAUTH_FAILED );
+                }
+
+                /*
+                if(decrypted_enc_timestamp and usec is replay)
+                        error_out(KDC_ERR_PREAUTH_FAILED);
+                endif
+
+                add decrypted_enc_timestamp and usec to replay cache;
+                */
+            }
+        }
+        else
+        {
+            if ( log.isDebugEnabled() )
+            {
+                log.debug( "entry for client principal " + clientPrincipal.getName()
+                        + " has a valid SAM type: invoking SAM subsystem for pre-authentication"
);
+            }
+
+            PreAuthenticationData[] preAuthData = request.getPreAuthData();
+
+            if ( preAuthData == null || preAuthData.length == 0 )
+            {
+                throw new KerberosException( ErrorType.KDC_ERR_PREAUTH_REQUIRED, preparePreAuthenticationError()
);
+            }
+
+            try
+            {
+                for ( int ii = 0; ii < preAuthData.length; ii++ )
+                {
+                    if ( preAuthData[ii].getDataType().equals( PreAuthenticationDataType.PA_ENC_TIMESTAMP
) )
+                    {
+                        KerberosKey samKey = SamSubsystem.getInstance().verify( entry, preAuthData[ii].getDataValue()
);
+                        clientKey = new EncryptionKey( EncryptionType.getTypeByOrdinal( samKey.getKeyType()
), samKey.getEncoded() );
+                    }
+                }
+            }
+            catch (SamException se)
+            {
+                throw new KerberosException( 60, se.getMessage() );
+            }
+        }
+
+        if ( log.isDebugEnabled() )
+        {
+            log.debug( "Ticket will be issued to client " + clientPrincipal.toString() +
"." );
+        }
+
+        return clientKey;
+    }
+
+    private byte[] preparePreAuthenticationError()
+    {
+        PreAuthenticationData[] paDataSequence = new PreAuthenticationData[ 2 ];
+
+        PreAuthenticationDataModifier modifier = new PreAuthenticationDataModifier();
+        modifier.setDataType( PreAuthenticationDataType.PA_ENC_TIMESTAMP );
+        modifier.setDataValue( new byte[ 0 ] );
+
+        paDataSequence[ 0 ] = modifier.getPreAuthenticationData();
+
+        EncryptionTypeInfoEntry[] entries = new EncryptionTypeInfoEntry[ 1 ];
+        entries[ 0 ] = new EncryptionTypeInfoEntry( EncryptionType.DES_CBC_MD5, null );
+
+        byte[] encTypeInfo = null;
+
+        try
+        {
+            encTypeInfo = EncryptionTypeInfoEncoder.encode( entries );
+        }
+        catch (IOException ioe)
+        {
+            log.error( "returning null pre-authentication error", ioe );
+            return null;
+        }
+
+        PreAuthenticationDataModifier encTypeModifier = new PreAuthenticationDataModifier();
+        encTypeModifier.setDataType( PreAuthenticationDataType.PA_ENCTYPE_INFO );
+        encTypeModifier.setDataValue( encTypeInfo );
+
+        paDataSequence[ 1 ] = encTypeModifier.getPreAuthenticationData();
+
+        try
+        {
+            return PreAuthenticationDataEncoder.encode( paDataSequence );
+        }
+        catch (IOException ioe)
+        {
+            log.error( "returning null pre-authentication error", ioe );
+            return null;
+        }
+    }
+
+    // TODO - client and server parameters; requires store
+    private Ticket generateNewTicket( KdcRequest request ) throws KerberosException
+    {
+        KerberosPrincipal serverPrincipal = request.getServerPrincipal();
         EncryptionKey serverKey = getServerKey( serverPrincipal );
-        
-		KerberosPrincipal ticketPrincipal = request.getServerPrincipal();
-		
-		EncTicketPartModifier newTicketBody = new EncTicketPartModifier();
-		
-		if(request.getKdcOptions().get(KdcOptions.FORWARDABLE))
-		{
-			newTicketBody.setFlag(TicketFlags.FORWARDABLE);
-		}
-		
-		if(request.getKdcOptions().get(KdcOptions.PROXIABLE))
-		{
-			newTicketBody.setFlag(TicketFlags.PROXIABLE);
-		}
-		
-		if(request.getKdcOptions().get(KdcOptions.ALLOW_POSTDATE))
-		{
-			newTicketBody.setFlag(TicketFlags.MAY_POSTDATE);
-		}
-		
-		if(request.getKdcOptions().get(KdcOptions.RENEW) ||
-				request.getKdcOptions().get(KdcOptions.VALIDATE) ||
-				request.getKdcOptions().get(KdcOptions.PROXY) ||
-				request.getKdcOptions().get(KdcOptions.FORWARDED) ||
-				request.getKdcOptions().get(KdcOptions.ENC_TKT_IN_SKEY))
-		{
-			throw new KerberosException( ErrorType.KDC_ERR_BADOPTION );
-		}
-		
-		newTicketBody.setSessionKey(new RandomKey().getNewSessionKey());
-		newTicketBody.setClientPrincipal(request.getClientPrincipal());
-		newTicketBody.setTransitedEncoding(new TransitedEncoding());
-		
-		KerberosTime now = new KerberosTime();
-		newTicketBody.setAuthTime(now);
-	
-		if (request.getKdcOptions().get(KdcOptions.POSTDATED))
-		{
-			// TODO - possibly allow req.from range
-			if (!config.isPostdateAllowed())
-				throw new KerberosException( ErrorType.KDC_ERR_POLICY );
-			newTicketBody.setFlag(TicketFlags.INVALID);
-			newTicketBody.setStartTime(request.getFrom());
-		}
-	
-	long till = 0;
-	if (request.getTill().getTime() == 0)
-	        till = Long.MAX_VALUE;
-	else
-	        till = request.getTill().getTime();
-	/*
-	new_tkt.endtime := min(till,
-	                      new_tkt.starttime+client.max_life,
-	                      new_tkt.starttime+server.max_life,
-	                      new_tkt.starttime+max_life_for_realm);
-	*/
-	long endTime = Math.min(now.getTime() + config.getMaximumTicketLifetime(), till);
-	KerberosTime kerberosEndTime = new KerberosTime(endTime);
-	newTicketBody.setEndTime(kerberosEndTime);
-
-	long tempRtime = 0;
-	if (request.getKdcOptions().get(KdcOptions.RENEWABLE_OK) &&
-			request.getTill().greaterThan(kerberosEndTime))
-	{
-		request.getKdcOptions().set(KdcOptions.RENEWABLE);
-		tempRtime = request.getTill().getTime();
-	}
-	
-	/*
-	if (req.kdc-options.RENEWABLE is set) then
-	        set new_tkt.flags.RENEWABLE;
-	        new_tkt.renew-till := min(rtime,
-	        new_tkt.starttime+client.max_rlife,
-	        new_tkt.starttime+server.max_rlife,
-	        new_tkt.starttime+max_rlife_for_realm);
-	else
-	        omit new_tkt.renew-till;
-	endif
-	*/
-	if (tempRtime == 0)
-			tempRtime = Long.MAX_VALUE;
-		else
-			tempRtime = request.getRtime().getTime();
-
-		if ( request.getKdcOptions().get( KdcOptions.RENEWABLE ) )
-		{
-			newTicketBody.setFlag( TicketFlags.RENEWABLE );
-			
-			/*
-			 * 'from' KerberosTime is OPTIONAL
-			 */
-			KerberosTime fromTime = request.getFrom();
-			
-			if ( fromTime == null )
-			{
-			    fromTime = new KerberosTime();
-			}
-			
-			long renewTill = Math.min( fromTime.getTime()
-					+ config.getMaximumRenewableLifetime(), tempRtime );
-			newTicketBody.setRenewTill( new KerberosTime( renewTill ) );
-		}
-		
-		if (request.getAddresses() != null)
-		{
-			newTicketBody.setClientAddresses(request.getAddresses());
-		}
-		
-		EncTicketPart ticketPart = newTicketBody.getEncTicketPart();
-		
-		EncryptedData encryptedData = encryptTicketPart(ticketPart, serverKey);
-		
-		Ticket newTicket = new Ticket(ticketPrincipal, encryptedData);
-		newTicket.setEncTicketPart(ticketPart);
-		
-		System.out.println( "Ticket will be issued for access to " + serverPrincipal.toString()
+ "." );
-		
-		return newTicket;
-	}
-	
-	private EncryptedData encryptTicketPart(EncTicketPart ticketPart, EncryptionKey serverKey)
-	{
-		EncTicketPartEncoder encoder = new EncTicketPartEncoder();
-		EncryptedData encryptedTicketPart = null;
-		try
-		{
-			byte[] plainText = encoder.encode(ticketPart);
+        KerberosPrincipal ticketPrincipal = request.getServerPrincipal();
+        EncTicketPartModifier newTicketBody = new EncTicketPartModifier();
+
+        if(request.getKdcOptions().get(KdcOptions.FORWARDABLE))
+        {
+            newTicketBody.setFlag(TicketFlags.FORWARDABLE);
+        }
+
+        if(request.getKdcOptions().get(KdcOptions.PROXIABLE))
+        {
+            newTicketBody.setFlag(TicketFlags.PROXIABLE);
+        }
+
+        if(request.getKdcOptions().get(KdcOptions.ALLOW_POSTDATE))
+        {
+            newTicketBody.setFlag(TicketFlags.MAY_POSTDATE);
+        }
+
+        if(request.getKdcOptions().get(KdcOptions.RENEW) ||
+                request.getKdcOptions().get(KdcOptions.VALIDATE) ||
+                request.getKdcOptions().get(KdcOptions.PROXY) ||
+                request.getKdcOptions().get(KdcOptions.FORWARDED) ||
+                request.getKdcOptions().get(KdcOptions.ENC_TKT_IN_SKEY))
+        {
+            throw new KerberosException( ErrorType.KDC_ERR_BADOPTION );
+        }
+
+        newTicketBody.setSessionKey(new RandomKey().getNewSessionKey());
+        newTicketBody.setClientPrincipal(request.getClientPrincipal());
+        newTicketBody.setTransitedEncoding(new TransitedEncoding());
+
+        KerberosTime now = new KerberosTime();
+        newTicketBody.setAuthTime(now);
+
+        if (request.getKdcOptions().get(KdcOptions.POSTDATED))
+        {
+            // TODO - possibly allow req.from range
+            if (!config.isPostdateAllowed())
+                throw new KerberosException( ErrorType.KDC_ERR_POLICY );
+            newTicketBody.setFlag(TicketFlags.INVALID);
+            newTicketBody.setStartTime(request.getFrom());
+        }
+
+        long till = 0;
+        if (request.getTill().getTime() == 0)
+                till = Long.MAX_VALUE;
+        else
+                till = request.getTill().getTime();
+        /*
+        new_tkt.endtime := min(till,
+                              new_tkt.starttime+client.max_life,
+                              new_tkt.starttime+server.max_life,
+                              new_tkt.starttime+max_life_for_realm);
+        */
+        long endTime = Math.min(now.getTime() + config.getMaximumTicketLifetime(), till);
+        KerberosTime kerberosEndTime = new KerberosTime(endTime);
+        newTicketBody.setEndTime(kerberosEndTime);
+
+        long tempRtime = 0;
+        if (request.getKdcOptions().get(KdcOptions.RENEWABLE_OK) &&
+                request.getTill().greaterThan(kerberosEndTime))
+        {
+            request.getKdcOptions().set(KdcOptions.RENEWABLE);
+            tempRtime = request.getTill().getTime();
+        }
+
+        /*
+        if (req.kdc-options.RENEWABLE is set) then
+                set new_tkt.flags.RENEWABLE;
+                new_tkt.renew-till := min(rtime,
+                new_tkt.starttime+client.max_rlife,
+                new_tkt.starttime+server.max_rlife,
+                new_tkt.starttime+max_rlife_for_realm);
+        else
+                omit new_tkt.renew-till;
+        endif
+        */
+
+        if (tempRtime == 0)
+        {
+            tempRtime = Long.MAX_VALUE;
+        }
+        else
+        {
+            tempRtime = request.getRtime().getTime();
+        }
+
+        if ( request.getKdcOptions().get( KdcOptions.RENEWABLE ) )
+        {
+            newTicketBody.setFlag( TicketFlags.RENEWABLE );
+
+            /*
+             * 'from' KerberosTime is OPTIONAL
+             */
+            KerberosTime fromTime = request.getFrom();
+
+            if ( fromTime == null )
+            {
+                fromTime = new KerberosTime();
+            }
+
+            long renewTill = Math.min( fromTime.getTime()
+                    + config.getMaximumRenewableLifetime(), tempRtime );
+            newTicketBody.setRenewTill( new KerberosTime( renewTill ) );
+        }
+
+        if (request.getAddresses() != null)
+        {
+            newTicketBody.setClientAddresses(request.getAddresses());
+        }
+
+        EncTicketPart ticketPart = newTicketBody.getEncTicketPart();
+
+        EncryptedData encryptedData = encryptTicketPart(ticketPart, serverKey);
+
+        Ticket newTicket = new Ticket(ticketPrincipal, encryptedData);
+        newTicket.setEncTicketPart(ticketPart);
+
+        if ( log.isDebugEnabled() )
+        {
+            log.debug( "Ticket will be issued for access to " + serverPrincipal.toString()
+ "." );
+        }
+
+        return newTicket;
+    }
+
+    private EncryptedData encryptTicketPart(EncTicketPart ticketPart, EncryptionKey serverKey)
+    {
+        EncTicketPartEncoder encoder = new EncTicketPartEncoder();
+        EncryptedData encryptedTicketPart = null;
+        try
+        {
+            byte[] plainText = encoder.encode(ticketPart);
 
             EncryptionEngine engine = EncryptionEngineFactory.getEncryptionEngineFor( serverKey
);
 
-			encryptedTicketPart = engine.getEncryptedData(serverKey, plainText);
-			
-		}
-		catch (Exception e)
-		{
-			e.printStackTrace();
-		}
-		return encryptedTicketPart;
-	}
-	
-	private void encryptReplyPart( AuthenticationReply reply, EncryptionKey clientKey )
-	{
-		EncAsRepPartEncoder encoder = new EncAsRepPartEncoder();
-		try
-		{
-			byte[] plainText = encoder.encode(reply);
+            encryptedTicketPart = engine.getEncryptedData(serverKey, plainText);
+
+        }
+        catch (Exception e)
+        {
+            e.printStackTrace();
+        }
+        return encryptedTicketPart;
+    }
+
+    private void encryptReplyPart( AuthenticationReply reply, EncryptionKey clientKey )
+    {
+        EncAsRepPartEncoder encoder = new EncAsRepPartEncoder();
+        try
+        {
+            byte[] plainText = encoder.encode(reply);
 
             EncryptionEngine engine = EncryptionEngineFactory.getEncryptionEngineFor( clientKey
);
 
-			EncryptedData cipherText = engine.getEncryptedData(clientKey, plainText);
+            EncryptedData cipherText = engine.getEncryptedData(clientKey, plainText);
+
+            reply.setEncPart(cipherText);
+        }
+        catch (Exception e)
+        {
+            e.printStackTrace();
+        }
+    }
 
-			reply.setEncPart(cipherText);
-		}
-		catch (Exception e)
-		{
-			e.printStackTrace();
-		}
-	}
-	
-	private AuthenticationReply getAuthenticationReply( KdcRequest request, Ticket ticket )
-	{
-		AuthenticationReply reply = new AuthenticationReply();
-		
-		reply.setClientPrincipal( request.getClientPrincipal() );
-		reply.setTicket( ticket );
-		reply.setKey( ticket.getSessionKey() );
-		
-		// TODO - fetch lastReq for this client; requires store
-		reply.setLastRequest( new LastRequest() );
-		// TODO	- resp.key-expiration := client.expiration; requires store
-		
-		reply.setNonce( request.getNonce() );
-		
-		reply.setFlags( ticket.getFlags() );
-		reply.setAuthTime( ticket.getAuthTime() );
-		reply.setStartTime( ticket.getStartTime() );
-		reply.setEndTime( ticket.getEndTime() );
-		
-		if ( ticket.getFlags().get( TicketFlags.RENEWABLE ) )
-		{
-			reply.setRenewTill(ticket.getRenewTill());
-		}
-		
-		reply.setServerPrincipal( ticket.getServerPrincipal() );
-		reply.setClientAddresses( ticket.getClientAddresses() );
-		
-		return reply;
-	}
+    private AuthenticationReply getAuthenticationReply( KdcRequest request, Ticket ticket
)
+    {
+        AuthenticationReply reply = new AuthenticationReply();
+
+        reply.setClientPrincipal( request.getClientPrincipal() );
+        reply.setTicket( ticket );
+        reply.setKey( ticket.getSessionKey() );
+
+        // TODO - fetch lastReq for this client; requires store
+        reply.setLastRequest( new LastRequest() );
+        // TODO    - resp.key-expiration := client.expiration; requires store
+
+        reply.setNonce( request.getNonce() );
+
+        reply.setFlags( ticket.getFlags() );
+        reply.setAuthTime( ticket.getAuthTime() );
+        reply.setStartTime( ticket.getStartTime() );
+        reply.setEndTime( ticket.getEndTime() );
+
+        if ( ticket.getFlags().get( TicketFlags.RENEWABLE ) )
+        {
+            reply.setRenewTill(ticket.getRenewTill());
+        }
+
+        reply.setServerPrincipal( ticket.getServerPrincipal() );
+        reply.setClientAddresses( ticket.getClientAddresses() );
+
+        return reply;
+    }
 }
 

Modified: directory/protocol-providers/kerberos/trunk/src/java/org/apache/kerberos/protocol/KerberosProtocolHandler.java
URL: http://svn.apache.org/viewcvs/directory/protocol-providers/kerberos/trunk/src/java/org/apache/kerberos/protocol/KerberosProtocolHandler.java?rev=220258&r1=220257&r2=220258&view=diff
==============================================================================
--- directory/protocol-providers/kerberos/trunk/src/java/org/apache/kerberos/protocol/KerberosProtocolHandler.java
(original)
+++ directory/protocol-providers/kerberos/trunk/src/java/org/apache/kerberos/protocol/KerberosProtocolHandler.java
Fri Jul 22 00:35:23 2005
@@ -33,10 +33,20 @@
 import org.apache.mina.common.IdleStatus;
 import org.apache.mina.protocol.ProtocolHandler;
 import org.apache.mina.protocol.ProtocolSession;
+import org.apache.commons.logging.LogFactory;
+import org.apache.commons.logging.Log;
 
 
+/**
+ * The Kerberos protocol handler for MINA which handles requests for the authentication
+ * service and the ticket granting service of the KDC.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev$
+ */
 public class KerberosProtocolHandler implements ProtocolHandler
 {
+    private static final Log log = LogFactory.getLog( KerberosProtocolHandler.class );
 	private AuthenticationService authService;
 	private TicketGrantingService tgsService;
 	private ErrorService          errorService;
@@ -50,39 +60,52 @@
 
     public void sessionCreated( ProtocolSession session )
     {
-        System.out.println( session.getRemoteAddress() + " CREATED" );
+        if ( log.isDebugEnabled() )
+        {
+            log.debug( session.getRemoteAddress() + " CREATED" );
+        }
     }
 
     public void sessionOpened( ProtocolSession session )
     {
-        System.out.println( session.getRemoteAddress() + " OPENED" );
+        if ( log.isDebugEnabled() )
+        {
+            log.debug( session.getRemoteAddress() + " OPENED" );
+        }
     }
 
     public void sessionClosed( ProtocolSession session )
     {
-        System.out.println( session.getRemoteAddress() + " CLOSED" );
+        if ( log.isDebugEnabled() )
+        {
+            log.debug( session.getRemoteAddress() + " CLOSED" );
+        }
     }
 
     public void sessionIdle( ProtocolSession session, IdleStatus status )
     {
-        System.out.println( session.getRemoteAddress() + " IDLE(" + status + ")" );
+        if ( log.isDebugEnabled() )
+        {
+            log.debug( session.getRemoteAddress() + " IDLE(" + status + ")" );
+        }
     }
 
     public void exceptionCaught( ProtocolSession session, Throwable cause )
     {
-        System.out.println( session.getRemoteAddress() + " EXCEPTION" );
-        cause.printStackTrace( System.out );
-
+        log.error( session.getRemoteAddress() + " EXCEPTION", cause );
         session.close();
     }
 
     public void messageReceived( ProtocolSession session, Object message )
     {
-        System.out.println( session.getRemoteAddress() + " RCVD: " + message );
-        
+        if ( log.isDebugEnabled() )
+        {
+            log.debug( session.getRemoteAddress() + " RCVD: " + message );
+        }
+
 		try
 		{
-			KdcRequest request = (KdcRequest)message;
+			KdcRequest request = ( KdcRequest ) message;
 			
 			int messageType = request.getMessageType().getOrdinal();
 			
@@ -108,19 +131,22 @@
 		}
 		catch ( KerberosException ke )
 		{
-			System.out.println( "Returning error message:  " + ke.getMessage() );
+			log.error( "Returning error message:  " + ke.getMessage(), ke );
 			ErrorMessage errorMessage = errorService.getReplyFor( ke );
 			session.write( errorMessage );
 		}
 		catch ( IOException ioe )
 		{
-			ioe.printStackTrace();
+			log.error( ioe );
 		}
     }
 
     public void messageSent( ProtocolSession session, Object message )
     {
-        System.out.println( session.getRemoteAddress() + " SENT: " + message );
+        if ( log.isDebugEnabled() )
+        {
+            log.debug( session.getRemoteAddress() + " SENT: " + message );
+        }
     }
 }
 



Mime
View raw message