directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From erodrig...@apache.org
Subject svn commit: r263970 - /directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/kdc/authentication/
Date Sun, 28 Aug 2005 23:50:40 GMT
Author: erodriguez
Date: Sun Aug 28 16:50:27 2005
New Revision: 263970

URL: http://svn.apache.org/viewcvs?rev=263970&view=rev
Log:
Kerberos Authentication Service (AS) as chain.  Calls pre-authentication sub-chain.

Added:
    directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/kdc/authentication/
    directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/kdc/authentication/AuthenticationContext.java
  (with props)
    directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/kdc/authentication/AuthenticationExceptionHandler.java
  (with props)
    directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/kdc/authentication/AuthenticationServiceChain.java
  (with props)
    directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/kdc/authentication/BuildReply.java
  (with props)
    directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/kdc/authentication/ConfigureAuthenticationChain.java
  (with props)
    directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/kdc/authentication/GenerateTicket.java
  (with props)
    directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/kdc/authentication/GetClientEntry.java
  (with props)
    directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/kdc/authentication/GetServerEntry.java
  (with props)
    directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/kdc/authentication/SealReply.java
  (with props)

Added: directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/kdc/authentication/AuthenticationContext.java
URL: http://svn.apache.org/viewcvs/directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/kdc/authentication/AuthenticationContext.java?rev=263970&view=auto
==============================================================================
--- directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/kdc/authentication/AuthenticationContext.java
(added)
+++ directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/kdc/authentication/AuthenticationContext.java
Sun Aug 28 16:50:27 2005
@@ -0,0 +1,136 @@
+/*
+ *   Copyright 2005 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.kerberos.kdc.authentication;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import org.apache.kerberos.kdc.KdcContext;
+import org.apache.kerberos.messages.components.Ticket;
+import org.apache.kerberos.messages.value.EncryptionKey;
+import org.apache.kerberos.replay.InMemoryReplayCache;
+import org.apache.kerberos.replay.ReplayCache;
+import org.apache.kerberos.store.PrincipalStoreEntry;
+
+public class AuthenticationContext extends KdcContext
+{
+    private ReplayCache replayCache = new InMemoryReplayCache();
+
+    private Map checksumEngines = new HashMap();
+
+    private Ticket ticket;
+    private EncryptionKey clientKey;
+
+    private PrincipalStoreEntry clientEntry;
+    private PrincipalStoreEntry serverEntry;
+
+    /**
+     * @return Returns the serverEntry.
+     */
+    public PrincipalStoreEntry getServerEntry()
+    {
+        return serverEntry;
+    }
+
+    /**
+     * @param serverEntry The serverEntry to set.
+     */
+    public void setServerEntry( PrincipalStoreEntry serverEntry )
+    {
+        this.serverEntry = serverEntry;
+    }
+
+    /**
+     * @return Returns the clientEntry.
+     */
+    public PrincipalStoreEntry getClientEntry()
+    {
+        return clientEntry;
+    }
+
+    /**
+     * @param clientEntry The clientEntry to set.
+     */
+    public void setClientEntry( PrincipalStoreEntry clientEntry )
+    {
+        this.clientEntry = clientEntry;
+    }
+
+    /**
+     * @return Returns the checksumEngines.
+     */
+    public Map getChecksumEngines()
+    {
+        return checksumEngines;
+    }
+
+    /**
+     * @param checksumEngines The checksumEngines to set.
+     */
+    public void setChecksumEngines( Map checksumEngines )
+    {
+        this.checksumEngines = checksumEngines;
+    }
+
+    /**
+     * @return Returns the replayCache.
+     */
+    public ReplayCache getReplayCache()
+    {
+        return replayCache;
+    }
+
+    /**
+     * @param replayCache The replayCache to set.
+     */
+    public void setReplayCache( ReplayCache replayCache )
+    {
+        this.replayCache = replayCache;
+    }
+
+    /**
+     * @return Returns the clientKey.
+     */
+    public EncryptionKey getClientKey()
+    {
+        return clientKey;
+    }
+
+    /**
+     * @param clientKey The clientKey to set.
+     */
+    public void setClientKey( EncryptionKey clientKey )
+    {
+        this.clientKey = clientKey;
+    }
+
+    /**
+     * @return Returns the ticket.
+     */
+    public Ticket getTicket()
+    {
+        return ticket;
+    }
+
+    /**
+     * @param ticket The ticket to set.
+     */
+    public void setTicket( Ticket ticket )
+    {
+        this.ticket = ticket;
+    }
+}

Propchange: directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/kdc/authentication/AuthenticationContext.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/kdc/authentication/AuthenticationExceptionHandler.java
URL: http://svn.apache.org/viewcvs/directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/kdc/authentication/AuthenticationExceptionHandler.java?rev=263970&view=auto
==============================================================================
--- directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/kdc/authentication/AuthenticationExceptionHandler.java
(added)
+++ directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/kdc/authentication/AuthenticationExceptionHandler.java
Sun Aug 28 16:50:27 2005
@@ -0,0 +1,51 @@
+/*
+ *   Copyright 2005 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.kerberos.kdc.authentication;
+
+import org.apache.kerberos.chain.Context;
+import org.apache.kerberos.exceptions.KerberosException;
+import org.apache.kerberos.kdc.KdcConfiguration;
+import org.apache.kerberos.messages.ErrorMessage;
+import org.apache.kerberos.service.ErrorMessageHandler;
+
+public class AuthenticationExceptionHandler extends ErrorMessageHandler
+{
+    public boolean execute( Context context ) throws Exception
+    {
+        return CONTINUE_CHAIN;
+    }
+
+    public boolean postprocess( Context context, Exception exception )
+    {
+        if ( exception == null )
+        {
+            return CONTINUE_CHAIN;
+        }
+
+        AuthenticationContext authContext = (AuthenticationContext) context;
+        KdcConfiguration config = authContext.getConfig();
+        KerberosException ke = (KerberosException) exception;
+
+        System.out.println( "Exception " + exception.getMessage() + " occurred." );
+
+        ErrorMessage errorMessage = getErrorMessage( config.getKdcPrincipal(), ke );
+
+        authContext.setReply( errorMessage );
+
+        return STOP_CHAIN;
+    }
+}

Propchange: directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/kdc/authentication/AuthenticationExceptionHandler.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/kdc/authentication/AuthenticationServiceChain.java
URL: http://svn.apache.org/viewcvs/directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/kdc/authentication/AuthenticationServiceChain.java?rev=263970&view=auto
==============================================================================
--- directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/kdc/authentication/AuthenticationServiceChain.java
(added)
+++ directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/kdc/authentication/AuthenticationServiceChain.java
Sun Aug 28 16:50:27 2005
@@ -0,0 +1,43 @@
+/*
+ *   Copyright 2005 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.kerberos.kdc.authentication;
+
+import org.apache.kerberos.chain.impl.ChainBase;
+import org.apache.kerberos.kdc.MonitorRequest;
+import org.apache.kerberos.kdc.preauthentication.PreAuthenticationChain;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class AuthenticationServiceChain extends ChainBase
+{
+    /** the log for this class */
+    private static final Logger log = LoggerFactory.getLogger( AuthenticationServiceChain.class
);
+
+    public AuthenticationServiceChain()
+    {
+        super();
+        addCommand( new AuthenticationExceptionHandler() );
+        addCommand( new MonitorRequest() );
+        addCommand( new ConfigureAuthenticationChain() );
+        addCommand( new GetClientEntry() );
+        addCommand( new PreAuthenticationChain() );
+        addCommand( new GetServerEntry() );
+        addCommand( new GenerateTicket() );
+        addCommand( new BuildReply() );
+        addCommand( new SealReply() );
+    }
+}

Propchange: directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/kdc/authentication/AuthenticationServiceChain.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/kdc/authentication/BuildReply.java
URL: http://svn.apache.org/viewcvs/directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/kdc/authentication/BuildReply.java?rev=263970&view=auto
==============================================================================
--- directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/kdc/authentication/BuildReply.java
(added)
+++ directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/kdc/authentication/BuildReply.java
Sun Aug 28 16:50:27 2005
@@ -0,0 +1,65 @@
+/*
+ *   Copyright 2005 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.kerberos.kdc.authentication;
+
+import org.apache.kerberos.chain.Context;
+import org.apache.kerberos.chain.impl.CommandBase;
+import org.apache.kerberos.messages.AuthenticationReply;
+import org.apache.kerberos.messages.KdcRequest;
+import org.apache.kerberos.messages.components.Ticket;
+import org.apache.kerberos.messages.value.LastRequest;
+import org.apache.kerberos.messages.value.TicketFlags;
+
+public class BuildReply extends CommandBase
+{
+    public boolean execute( Context ctx ) throws Exception
+    {
+        System.out.println( "Building reply." );
+        AuthenticationContext authContext = (AuthenticationContext) ctx;
+        KdcRequest request = authContext.getRequest();
+        Ticket ticket = authContext.getTicket();
+
+        AuthenticationReply reply = new AuthenticationReply();
+
+        reply.setClientPrincipal( request.getClientPrincipal() );
+        reply.setTicket( ticket );
+        reply.setKey( ticket.getSessionKey() );
+
+        // TODO - fetch lastReq for this client; requires store
+        reply.setLastRequest( new LastRequest() );
+        // TODO    - resp.key-expiration := client.expiration; requires store
+
+        reply.setNonce( request.getNonce() );
+
+        reply.setFlags( ticket.getFlags() );
+        reply.setAuthTime( ticket.getAuthTime() );
+        reply.setStartTime( ticket.getStartTime() );
+        reply.setEndTime( ticket.getEndTime() );
+
+        if ( ticket.getFlags().get( TicketFlags.RENEWABLE ) )
+        {
+            reply.setRenewTill( ticket.getRenewTill() );
+        }
+
+        reply.setServerPrincipal( ticket.getServerPrincipal() );
+        reply.setClientAddresses( ticket.getClientAddresses() );
+
+        authContext.setReply( reply );
+
+        return CONTINUE_CHAIN;
+    }
+}

Propchange: directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/kdc/authentication/BuildReply.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/kdc/authentication/ConfigureAuthenticationChain.java
URL: http://svn.apache.org/viewcvs/directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/kdc/authentication/ConfigureAuthenticationChain.java?rev=263970&view=auto
==============================================================================
--- directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/kdc/authentication/ConfigureAuthenticationChain.java
(added)
+++ directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/kdc/authentication/ConfigureAuthenticationChain.java
Sun Aug 28 16:50:27 2005
@@ -0,0 +1,45 @@
+/*
+ *   Copyright 2005 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.kerberos.kdc.authentication;
+
+import java.util.Map;
+
+import org.apache.kerberos.chain.Context;
+import org.apache.kerberos.chain.impl.CommandBase;
+import org.apache.kerberos.crypto.checksum.ChecksumType;
+import org.apache.kerberos.crypto.checksum.Crc32Checksum;
+import org.apache.kerberos.crypto.checksum.RsaMd4Checksum;
+import org.apache.kerberos.crypto.checksum.RsaMd5Checksum;
+import org.apache.kerberos.crypto.checksum.Sha1Checksum;
+
+public class ConfigureAuthenticationChain extends CommandBase
+{
+    public boolean execute( Context context ) throws Exception
+    {
+        System.out.println( "Configuring authentication chain." );
+
+        AuthenticationContext authContext = (AuthenticationContext) context;
+
+        Map checksumEngines = authContext.getChecksumEngines();
+        checksumEngines.put( ChecksumType.CRC32, new Crc32Checksum() );
+        checksumEngines.put( ChecksumType.RSA_MD4, new RsaMd4Checksum() );
+        checksumEngines.put( ChecksumType.RSA_MD5, new RsaMd5Checksum() );
+        checksumEngines.put( ChecksumType.SHA1, new Sha1Checksum() );
+
+        return CONTINUE_CHAIN;
+    }
+}

Propchange: directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/kdc/authentication/ConfigureAuthenticationChain.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/kdc/authentication/GenerateTicket.java
URL: http://svn.apache.org/viewcvs/directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/kdc/authentication/GenerateTicket.java?rev=263970&view=auto
==============================================================================
--- directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/kdc/authentication/GenerateTicket.java
(added)
+++ directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/kdc/authentication/GenerateTicket.java
Sun Aug 28 16:50:27 2005
@@ -0,0 +1,205 @@
+/*
+ *   Copyright 2005 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.kerberos.kdc.authentication;
+
+import javax.security.auth.kerberos.KerberosPrincipal;
+
+import org.apache.kerberos.chain.Context;
+import org.apache.kerberos.chain.impl.CommandBase;
+import org.apache.kerberos.crypto.RandomKey;
+import org.apache.kerberos.crypto.encryption.EncryptionEngine;
+import org.apache.kerberos.crypto.encryption.EncryptionEngineFactory;
+import org.apache.kerberos.exceptions.ErrorType;
+import org.apache.kerberos.exceptions.KerberosException;
+import org.apache.kerberos.io.encoder.EncTicketPartEncoder;
+import org.apache.kerberos.kdc.KdcConfiguration;
+import org.apache.kerberos.messages.KdcRequest;
+import org.apache.kerberos.messages.components.EncTicketPart;
+import org.apache.kerberos.messages.components.EncTicketPartModifier;
+import org.apache.kerberos.messages.components.Ticket;
+import org.apache.kerberos.messages.value.EncryptedData;
+import org.apache.kerberos.messages.value.EncryptionKey;
+import org.apache.kerberos.messages.value.KdcOptions;
+import org.apache.kerberos.messages.value.KerberosTime;
+import org.apache.kerberos.messages.value.TicketFlags;
+import org.apache.kerberos.messages.value.TransitedEncoding;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class GenerateTicket extends CommandBase
+{
+    /** the log for this class */
+    private static final Logger log = LoggerFactory.getLogger( GenerateTicket.class );
+    
+    public boolean execute(Context context) throws Exception
+    {
+        System.out.println("Generating ticket.");
+
+        AuthenticationContext authContext = (AuthenticationContext) context;
+        KdcRequest request = authContext.getRequest();
+
+        KerberosPrincipal serverPrincipal = request.getServerPrincipal();
+        EncryptionKey serverKey = authContext.getServerEntry().getEncryptionKey();
+        KerberosPrincipal ticketPrincipal = request.getServerPrincipal();
+        EncTicketPartModifier newTicketBody = new EncTicketPartModifier();
+        KdcConfiguration config = authContext.getConfig();
+
+        if(request.getKdcOptions().get(KdcOptions.FORWARDABLE))
+        {
+            newTicketBody.setFlag(TicketFlags.FORWARDABLE);
+        }
+
+        if(request.getKdcOptions().get(KdcOptions.PROXIABLE))
+        {
+            newTicketBody.setFlag(TicketFlags.PROXIABLE);
+        }
+
+        if(request.getKdcOptions().get(KdcOptions.ALLOW_POSTDATE))
+        {
+            newTicketBody.setFlag(TicketFlags.MAY_POSTDATE);
+        }
+
+        if(request.getKdcOptions().get(KdcOptions.RENEW) ||
+                request.getKdcOptions().get(KdcOptions.VALIDATE) ||
+                request.getKdcOptions().get(KdcOptions.PROXY) ||
+                request.getKdcOptions().get(KdcOptions.FORWARDED) ||
+                request.getKdcOptions().get(KdcOptions.ENC_TKT_IN_SKEY))
+        {
+            throw new KerberosException( ErrorType.KDC_ERR_BADOPTION );
+        }
+
+        newTicketBody.setSessionKey(new RandomKey().getNewSessionKey());
+        newTicketBody.setClientPrincipal(request.getClientPrincipal());
+        newTicketBody.setTransitedEncoding(new TransitedEncoding());
+
+        KerberosTime now = new KerberosTime();
+        newTicketBody.setAuthTime(now);
+
+        if (request.getKdcOptions().get(KdcOptions.POSTDATED))
+        {
+            // TODO - possibly allow req.from range
+            if (!config.isPostdateAllowed())
+                throw new KerberosException( ErrorType.KDC_ERR_POLICY );
+            newTicketBody.setFlag(TicketFlags.INVALID);
+            newTicketBody.setStartTime(request.getFrom());
+        }
+
+        long till = 0;
+        if (request.getTill().getTime() == 0)
+                till = Long.MAX_VALUE;
+        else
+                till = request.getTill().getTime();
+        /*
+        new_tkt.endtime := min(till,
+                              new_tkt.starttime+client.max_life,
+                              new_tkt.starttime+server.max_life,
+                              new_tkt.starttime+max_life_for_realm);
+        */
+        long endTime = Math.min(now.getTime() + config.getMaximumTicketLifetime(), till);
+        KerberosTime kerberosEndTime = new KerberosTime(endTime);
+        newTicketBody.setEndTime(kerberosEndTime);
+
+        long tempRtime = 0;
+        if (request.getKdcOptions().get(KdcOptions.RENEWABLE_OK) &&
+                request.getTill().greaterThan(kerberosEndTime))
+        {
+            request.getKdcOptions().set(KdcOptions.RENEWABLE);
+            tempRtime = request.getTill().getTime();
+        }
+
+        /*
+        if (req.kdc-options.RENEWABLE is set) then
+                set new_tkt.flags.RENEWABLE;
+                new_tkt.renew-till := min(rtime,
+                new_tkt.starttime+client.max_rlife,
+                new_tkt.starttime+server.max_rlife,
+                new_tkt.starttime+max_rlife_for_realm);
+        else
+                omit new_tkt.renew-till;
+        endif
+        */
+
+        if (tempRtime == 0)
+        {
+            tempRtime = Long.MAX_VALUE;
+        }
+        else
+        {
+            tempRtime = request.getRtime().getTime();
+        }
+
+        if ( request.getKdcOptions().get( KdcOptions.RENEWABLE ) )
+        {
+            newTicketBody.setFlag( TicketFlags.RENEWABLE );
+
+            /*
+             * 'from' KerberosTime is OPTIONAL
+             */
+            KerberosTime fromTime = request.getFrom();
+
+            if ( fromTime == null )
+            {
+                fromTime = new KerberosTime();
+            }
+
+            long renewTill = Math.min( fromTime.getTime()
+                    + config.getMaximumRenewableLifetime(), tempRtime );
+            newTicketBody.setRenewTill( new KerberosTime( renewTill ) );
+        }
+
+        if (request.getAddresses() != null)
+        {
+            newTicketBody.setClientAddresses(request.getAddresses());
+        }
+
+        EncTicketPart ticketPart = newTicketBody.getEncTicketPart();
+
+        EncryptedData encryptedData = encryptTicketPart(ticketPart, serverKey);
+
+        Ticket newTicket = new Ticket(ticketPrincipal, encryptedData);
+        newTicket.setEncTicketPart(ticketPart);
+
+        if ( log.isDebugEnabled() )
+        {
+            log.debug( "Ticket will be issued for access to " + serverPrincipal.toString()
+ "." );
+        }
+
+        authContext.setTicket( newTicket );
+        
+        return CONTINUE_CHAIN;
+    }
+    
+    private EncryptedData encryptTicketPart(EncTicketPart ticketPart, EncryptionKey serverKey)
+    {
+        EncTicketPartEncoder encoder = new EncTicketPartEncoder();
+        EncryptedData encryptedTicketPart = null;
+        try
+        {
+            byte[] plainText = encoder.encode(ticketPart);
+
+            EncryptionEngine engine = EncryptionEngineFactory.getEncryptionEngineFor( serverKey
);
+
+            encryptedTicketPart = engine.getEncryptedData(serverKey, plainText);
+
+        }
+        catch (Exception e)
+        {
+            e.printStackTrace();
+        }
+        return encryptedTicketPart;
+    }
+}

Propchange: directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/kdc/authentication/GenerateTicket.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/kdc/authentication/GetClientEntry.java
URL: http://svn.apache.org/viewcvs/directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/kdc/authentication/GetClientEntry.java?rev=263970&view=auto
==============================================================================
--- directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/kdc/authentication/GetClientEntry.java
(added)
+++ directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/kdc/authentication/GetClientEntry.java
Sun Aug 28 16:50:27 2005
@@ -0,0 +1,41 @@
+/*
+ *   Copyright 2005 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.kerberos.kdc.authentication;
+
+import javax.security.auth.kerberos.KerberosPrincipal;
+
+import org.apache.kerberos.chain.Context;
+import org.apache.kerberos.exceptions.ErrorType;
+import org.apache.kerberos.service.GetPrincipalStoreEntry;
+import org.apache.kerberos.store.PrincipalStore;
+
+public class GetClientEntry extends GetPrincipalStoreEntry
+{
+    public boolean execute(Context context) throws Exception
+    {
+        System.out.println( "Getting client entry." );
+        
+        AuthenticationContext authContext = (AuthenticationContext) context;
+        
+        KerberosPrincipal principal = authContext.getRequest().getClientPrincipal();
+        PrincipalStore store = authContext.getStore();
+
+        authContext.setClientEntry( getEntry( principal, store, ErrorType.KDC_ERR_C_PRINCIPAL_UNKNOWN
) );
+        
+        return CONTINUE_CHAIN;
+    }
+}

Propchange: directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/kdc/authentication/GetClientEntry.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/kdc/authentication/GetServerEntry.java
URL: http://svn.apache.org/viewcvs/directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/kdc/authentication/GetServerEntry.java?rev=263970&view=auto
==============================================================================
--- directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/kdc/authentication/GetServerEntry.java
(added)
+++ directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/kdc/authentication/GetServerEntry.java
Sun Aug 28 16:50:27 2005
@@ -0,0 +1,41 @@
+/*
+ *   Copyright 2005 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.kerberos.kdc.authentication;
+
+import javax.security.auth.kerberos.KerberosPrincipal;
+
+import org.apache.kerberos.chain.Context;
+import org.apache.kerberos.exceptions.ErrorType;
+import org.apache.kerberos.service.GetPrincipalStoreEntry;
+import org.apache.kerberos.store.PrincipalStore;
+
+public class GetServerEntry extends GetPrincipalStoreEntry
+{
+    public boolean execute(Context context) throws Exception
+    {
+        System.out.println( "Getting server entry." );
+        
+        AuthenticationContext authContext = (AuthenticationContext) context;
+        
+        KerberosPrincipal principal = authContext.getRequest().getServerPrincipal();
+        PrincipalStore store = authContext.getStore();
+        
+        authContext.setServerEntry( getEntry( principal, store, ErrorType.KDC_ERR_S_PRINCIPAL_UNKNOWN
) );
+        
+        return CONTINUE_CHAIN;
+    }
+}

Propchange: directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/kdc/authentication/GetServerEntry.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/kdc/authentication/SealReply.java
URL: http://svn.apache.org/viewcvs/directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/kdc/authentication/SealReply.java?rev=263970&view=auto
==============================================================================
--- directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/kdc/authentication/SealReply.java
(added)
+++ directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/kdc/authentication/SealReply.java
Sun Aug 28 16:50:27 2005
@@ -0,0 +1,57 @@
+/*
+ *   Copyright 2005 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.kerberos.kdc.authentication;
+
+import org.apache.kerberos.chain.Context;
+import org.apache.kerberos.chain.impl.CommandBase;
+import org.apache.kerberos.crypto.encryption.EncryptionEngine;
+import org.apache.kerberos.crypto.encryption.EncryptionEngineFactory;
+import org.apache.kerberos.io.encoder.EncAsRepPartEncoder;
+import org.apache.kerberos.messages.AuthenticationReply;
+import org.apache.kerberos.messages.value.EncryptedData;
+import org.apache.kerberos.messages.value.EncryptionKey;
+
+public class SealReply extends CommandBase
+{
+    public boolean execute( Context context ) throws Exception
+    {
+        System.out.println( "Sealing reply." );
+
+        AuthenticationContext authContext = (AuthenticationContext) context;
+
+        AuthenticationReply reply = (AuthenticationReply) authContext.getReply();
+        EncryptionKey clientKey = authContext.getClientKey();
+
+        EncAsRepPartEncoder encoder = new EncAsRepPartEncoder();
+        try
+        {
+            byte[] plainText = encoder.encode( reply );
+
+            EncryptionEngine engine = EncryptionEngineFactory.getEncryptionEngineFor( clientKey
);
+
+            EncryptedData cipherText = engine.getEncryptedData( clientKey, plainText );
+
+            reply.setEncPart( cipherText );
+        }
+        catch ( Exception e )
+        {
+            e.printStackTrace();
+        }
+
+        return CONTINUE_CHAIN;
+    }
+}

Propchange: directory/protocol-providers/kerberos/branches/refactor-to-chain/src/java/org/apache/kerberos/kdc/authentication/SealReply.java
------------------------------------------------------------------------------
    svn:eol-style = native



Mime
View raw message