directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From elecha...@apache.org
Subject svn commit: r521997 [1/2] - in /directory/apacheds/branches/1.0: kerberos-shared/ kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/ kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypt...
Date Sat, 24 Mar 2007 09:04:54 GMT
Author: elecharny
Date: Sat Mar 24 02:04:51 2007
New Revision: 521997

URL: http://svn.apache.org/viewvc?view=rev&rev=521997
Log:
Backported Enrique modifications in 1.0 version. Lot of modifications,
because the classes now inherit IoHandler.

No more need of BouncyCastle in our code, except in Shared.

Added:
    directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/SessionKeyFactory.java
    directory/apacheds/branches/1.0/kerberos-shared/src/test/
    directory/apacheds/branches/1.0/kerberos-shared/src/test/java/
    directory/apacheds/branches/1.0/kerberos-shared/src/test/java/org/
    directory/apacheds/branches/1.0/kerberos-shared/src/test/java/org/apache/
    directory/apacheds/branches/1.0/kerberos-shared/src/test/java/org/apache/directory/
    directory/apacheds/branches/1.0/kerberos-shared/src/test/java/org/apache/directory/server/
    directory/apacheds/branches/1.0/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/
    directory/apacheds/branches/1.0/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/
    directory/apacheds/branches/1.0/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/service/
    directory/apacheds/branches/1.0/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/service/LockBoxTest.java
Removed:
    directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/Crc32Checksum.java
    directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/RsaMd4Checksum.java
    directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/DesCbcCrcEncryption.java
    directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/DesCbcMd4Encryption.java
    directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/DesStringToKey.java
Modified:
    directory/apacheds/branches/1.0/kerberos-shared/pom.xml
    directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/ChecksumEngine.java
    directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/RsaMd5Checksum.java
    directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/Sha1Checksum.java
    directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/Des3CbcEncryption.java
    directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/DesCbcEncryption.java
    directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/EncryptionEngine.java
    directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/EncryptionEngineFactory.java
    directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/NullEncryption.java
    directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/GetPrincipalStoreEntry.java
    directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/LockBox.java
    directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/VerifyAuthHeader.java
    directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/VerifyTicket.java
    directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/protocol/ChangePasswordProtocolHandler.java
    directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/BuildReply.java
    directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ChangePasswordChain.java
    directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/CheckPasswordPolicy.java
    directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ConfigureChangePasswordChain.java
    directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ExtractPassword.java
    directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/GetAuthHeader.java
    directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/GetServerEntry.java
    directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/MonitorContext.java
    directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/MonitorReply.java
    directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/MonitorRequest.java
    directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ProcessPasswordChange.java
    directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/VerifyServiceTicket.java
    directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/VerifyServiceTicketAuthHeader.java
    directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/MonitorReply.java
    directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/MonitorRequest.java
    directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationServiceChain.java
    directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/BuildReply.java
    directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/ConfigureAuthenticationChain.java
    directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/GenerateTicket.java
    directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/GetClientEntry.java
    directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/GetServerEntry.java
    directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/GetSessionKey.java
    directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/SealReply.java
    directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/VerifyPolicy.java
    directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/preauthentication/PreAuthenticationChain.java
    directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/preauthentication/VerifierBase.java
    directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/preauthentication/VerifyEncryptedTimestamp.java
    directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/preauthentication/VerifySam.java
    directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/BuildReply.java
    directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/ConfigureTicketGrantingChain.java
    directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/GenerateTicket.java
    directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/GetAuthHeader.java
    directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/GetRequestPrincipalEntry.java
    directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/GetSessionKey.java
    directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/GetTicketPrincipalEntry.java
    directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/MonitorContext.java
    directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/SealReply.java
    directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/TicketGrantingServiceChain.java
    directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/VerifyBodyChecksum.java
    directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/VerifyTgt.java
    directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/VerifyTgtAuthHeader.java
    directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/protocol/KerberosProtocolHandler.java

Modified: directory/apacheds/branches/1.0/kerberos-shared/pom.xml
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/1.0/kerberos-shared/pom.xml?view=diff&rev=521997&r1=521996&r2=521997
==============================================================================
--- directory/apacheds/branches/1.0/kerberos-shared/pom.xml (original)
+++ directory/apacheds/branches/1.0/kerberos-shared/pom.xml Sat Mar 24 02:04:51 2007
@@ -14,10 +14,6 @@
   <packaging>jar</packaging>  
   <dependencies>
     <dependency>
-      <groupId>bouncycastle</groupId>
-      <artifactId>lcrypto-jdk14</artifactId>
-    </dependency>
-    <dependency>
       <groupId>org.apache.mina</groupId>
       <artifactId>mina-core</artifactId>
     </dependency>

Modified: directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/ChecksumEngine.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/ChecksumEngine.java?view=diff&rev=521997&r1=521996&r2=521997
==============================================================================
--- directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/ChecksumEngine.java (original)
+++ directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/ChecksumEngine.java Sat Mar 24 02:04:51 2007
@@ -20,15 +20,16 @@
 package org.apache.directory.server.kerberos.shared.crypto.checksum;
 
 
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+
 import org.apache.directory.server.kerberos.shared.crypto.encryption.CipherType;
-import org.bouncycastle.crypto.Digest;
 
 
 public abstract class ChecksumEngine
 {
-    public abstract Digest getDigest();
-
-
+    public abstract MessageDigest getDigest() throws NoSuchAlgorithmException;
+    
     public abstract ChecksumType checksumType();
 
 
@@ -55,12 +56,14 @@
 
     public byte[] calculateChecksum( byte[] data )
     {
-        Digest digester = getDigest();
-
-        digester.reset();
-        digester.update( data, 0, data.length );
-        byte[] returnValue = new byte[digester.getDigestSize()];
-        digester.doFinal( returnValue, 0 );
-        return returnValue;
+        try
+        {
+            MessageDigest digester = getDigest();
+            return digester.digest( data );
+        }
+        catch ( NoSuchAlgorithmException nsae )
+        {
+            return null;
+        }
     }
 }

Modified: directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/RsaMd5Checksum.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/RsaMd5Checksum.java?view=diff&rev=521997&r1=521996&r2=521997
==============================================================================
--- directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/RsaMd5Checksum.java (original)
+++ directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/RsaMd5Checksum.java Sat Mar 24 02:04:51 2007
@@ -19,17 +19,17 @@
  */
 package org.apache.directory.server.kerberos.shared.crypto.checksum;
 
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
 
 import org.apache.directory.server.kerberos.shared.crypto.encryption.CipherType;
-import org.bouncycastle.crypto.Digest;
-import org.bouncycastle.crypto.digests.MD5Digest;
 
 
 public class RsaMd5Checksum extends ChecksumEngine
 {
-    public Digest getDigest()
+    public MessageDigest getDigest() throws NoSuchAlgorithmException
     {
-        return new MD5Digest();
+        return MessageDigest.getInstance( "MD5" );
     }
 
 

Modified: directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/Sha1Checksum.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/Sha1Checksum.java?view=diff&rev=521997&r1=521996&r2=521997
==============================================================================
--- directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/Sha1Checksum.java (original)
+++ directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/Sha1Checksum.java Sat Mar 24 02:04:51 2007
@@ -20,16 +20,17 @@
 package org.apache.directory.server.kerberos.shared.crypto.checksum;
 
 
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+
 import org.apache.directory.server.kerberos.shared.crypto.encryption.CipherType;
-import org.bouncycastle.crypto.Digest;
-import org.bouncycastle.crypto.digests.SHA1Digest;
 
 
 public class Sha1Checksum extends ChecksumEngine
 {
-    public Digest getDigest()
+    public MessageDigest getDigest() throws NoSuchAlgorithmException
     {
-        return new SHA1Digest();
+        return MessageDigest.getInstance( "SHA1" );
     }
 
 

Modified: directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/Des3CbcEncryption.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/Des3CbcEncryption.java?view=diff&rev=521997&r1=521996&r2=521997
==============================================================================
--- directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/Des3CbcEncryption.java (original)
+++ directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/Des3CbcEncryption.java Sat Mar 24 02:04:51 2007
@@ -19,16 +19,15 @@
  */
 package org.apache.directory.server.kerberos.shared.crypto.encryption;
 
+import java.security.GeneralSecurityException;
 
-import org.bouncycastle.crypto.BlockCipher;
-import org.bouncycastle.crypto.engines.DESedeEngine;
-
+import javax.crypto.Cipher;
 
 public abstract class Des3CbcEncryption extends EncryptionEngine
 {
-    public BlockCipher getBlockCipher()
+    public Cipher getCipher() throws GeneralSecurityException
     {
-        return new DESedeEngine();
+        return Cipher.getInstance( "DESede/CBC/NoPadding" );
     }
 
 

Modified: directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/DesCbcEncryption.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/DesCbcEncryption.java?view=diff&rev=521997&r1=521996&r2=521997
==============================================================================
--- directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/DesCbcEncryption.java (original)
+++ directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/DesCbcEncryption.java Sat Mar 24 02:04:51 2007
@@ -19,16 +19,16 @@
  */
 package org.apache.directory.server.kerberos.shared.crypto.encryption;
 
+import java.security.GeneralSecurityException;
 
-import org.bouncycastle.crypto.BlockCipher;
-import org.bouncycastle.crypto.engines.DESEngine;
+import javax.crypto.Cipher;
 
 
 public abstract class DesCbcEncryption extends EncryptionEngine
 {
-    public BlockCipher getBlockCipher()
+    public Cipher getCipher() throws GeneralSecurityException
     {
-        return new DESEngine();
+        return Cipher.getInstance( "DES/CBC/NoPadding" );
     }
 
 

Modified: directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/EncryptionEngine.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/EncryptionEngine.java?view=diff&rev=521997&r1=521996&r2=521997
==============================================================================
--- directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/EncryptionEngine.java (original)
+++ directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/EncryptionEngine.java Sat Mar 24 02:04:51 2007
@@ -20,16 +20,22 @@
 package org.apache.directory.server.kerberos.shared.crypto.encryption;
 
 
+import java.security.GeneralSecurityException;
 import java.security.SecureRandom;
+import java.security.spec.AlgorithmParameterSpec;
+import java.util.Arrays;
+
+import javax.crypto.Cipher;
+import javax.crypto.SecretKey;
+import javax.crypto.spec.IvParameterSpec;
+import javax.crypto.spec.SecretKeySpec;
 
 import org.apache.directory.server.kerberos.shared.crypto.checksum.ChecksumEngine;
 import org.apache.directory.server.kerberos.shared.crypto.checksum.ChecksumType;
+import org.apache.directory.server.kerberos.shared.exceptions.ErrorType;
+import org.apache.directory.server.kerberos.shared.exceptions.KerberosException;
 import org.apache.directory.server.kerberos.shared.messages.value.EncryptedData;
 import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
-import org.bouncycastle.crypto.BlockCipher;
-import org.bouncycastle.crypto.modes.CBCBlockCipher;
-import org.bouncycastle.crypto.params.KeyParameter;
-import org.bouncycastle.crypto.params.ParametersWithIV;
 
 
 public abstract class EncryptionEngine
@@ -40,7 +46,7 @@
     public abstract ChecksumEngine getChecksumEngine();
 
 
-    public abstract BlockCipher getBlockCipher();
+    public abstract Cipher getCipher() throws GeneralSecurityException;
 
 
     public abstract EncryptionType encryptionType();
@@ -67,10 +73,29 @@
     public abstract int keySize();
 
 
-    public byte[] getDecryptedData( EncryptionKey key, EncryptedData data )
+    public byte[] getDecryptedData( EncryptionKey key, EncryptedData data ) throws KerberosException
     {
         byte[] decryptedData = decrypt( data.getCipherText(), key.getKeyValue() );
 
+        // extract the old checksum
+        byte[] oldChecksum = new byte[checksumSize()];
+        System.arraycopy( decryptedData, confounderSize(), oldChecksum, 0, oldChecksum.length );
+
+        // zero out the old checksum in the cipher text
+        for ( int i = confounderSize(); i < confounderSize() + checksumSize(); i++ )
+        {
+            decryptedData[i] = 0;
+        }
+
+        // calculate a new checksum
+        byte[] newChecksum = calculateChecksum( decryptedData );
+
+        // compare checksums
+        if ( !Arrays.equals( oldChecksum, newChecksum ) )
+        {
+            throw new KerberosException( ErrorType.KRB_AP_ERR_BAD_INTEGRITY );
+        }
+
         return removeBytes( decryptedData, confounderSize(), checksumSize() );
     }
 
@@ -98,13 +123,13 @@
 
     private byte[] encrypt( byte[] data, byte[] key )
     {
-        return processBlockCipher( true, data, key, null );
+        return processCipher( true, data, key );
     }
 
 
     private byte[] decrypt( byte[] data, byte[] key )
     {
-        return processBlockCipher( false, data, key, null );
+        return processCipher( false, data, key );
     }
 
 
@@ -190,39 +215,33 @@
     }
 
 
-    private byte[] processBlockCipher( boolean encrypt, byte[] data, byte[] key, byte[] ivec )
+    private byte[] processCipher( boolean encrypt, byte[] data, byte[] keyBytes )
     {
-        byte[] returnData = new byte[data.length];
-        CBCBlockCipher cbcCipher = new CBCBlockCipher( getBlockCipher() );
-        KeyParameter keyParameter = new KeyParameter( key );
-
-        if ( ivec != null )
+        try
         {
-            ParametersWithIV kpWithIV = new ParametersWithIV( keyParameter, ivec );
-            cbcCipher.init( encrypt, kpWithIV );
-        }
-        else
-        {
-            cbcCipher.init( encrypt, keyParameter );
-        }
-
-        int offset = 0;
-        int processedBytesLength = 0;
+            Cipher cipher = getCipher();
+            SecretKey key = new SecretKeySpec( keyBytes, "DES" );
+            
+            byte[] iv = new byte[]
+                { ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00,
+                    ( byte ) 0x00, ( byte ) 0x00 };
+            AlgorithmParameterSpec paramSpec = new IvParameterSpec( iv );
 
-        while ( offset < returnData.length )
-        {
-            try
+            if ( encrypt )
             {
-                processedBytesLength = cbcCipher.processBlock( data, offset, returnData, offset );
-                offset += processedBytesLength;
+                cipher.init( Cipher.ENCRYPT_MODE, key, paramSpec );
             }
-            catch ( Exception e )
+            else
             {
-                e.printStackTrace();
-                break;
+                cipher.init( Cipher.DECRYPT_MODE, key, paramSpec );
             }
-        }
+            byte[] finalBytes = cipher.doFinal( data );
 
-        return returnData;
+            return finalBytes;
+        }
+        catch ( GeneralSecurityException nsae )
+        {
+            return null;
+        }
     }
 }

Modified: directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/EncryptionEngineFactory.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/EncryptionEngineFactory.java?view=diff&rev=521997&r1=521996&r2=521997
==============================================================================
--- directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/EncryptionEngineFactory.java (original)
+++ directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/EncryptionEngineFactory.java Sat Mar 24 02:04:51 2007
@@ -35,10 +35,6 @@
         {
             case 0:
                 return new NullEncryption();
-            case 1:
-                return new DesCbcCrcEncryption();
-            case 2:
-                return new DesCbcMd4Encryption();
             case 3:
                 return new DesCbcMd5Encryption();
             case 5:

Modified: directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/NullEncryption.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/NullEncryption.java?view=diff&rev=521997&r1=521996&r2=521997
==============================================================================
--- directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/NullEncryption.java (original)
+++ directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/NullEncryption.java Sat Mar 24 02:04:51 2007
@@ -20,14 +20,15 @@
 package org.apache.directory.server.kerberos.shared.crypto.encryption;
 
 
+import javax.crypto.Cipher;
+
 import org.apache.directory.server.kerberos.shared.crypto.checksum.ChecksumEngine;
 import org.apache.directory.server.kerberos.shared.crypto.checksum.ChecksumType;
-import org.bouncycastle.crypto.BlockCipher;
 
 
 public class NullEncryption extends EncryptionEngine
 {
-    public BlockCipher getBlockCipher()
+    public Cipher getCipher() 
     {
         return null;
     }
@@ -87,7 +88,7 @@
     }
 
 
-    protected byte[] processBlockCipher( boolean encrypt, byte[] data, byte[] key, byte[] ivec )
+    protected byte[] processCipher( boolean encrypt, byte[] data, byte[] key, byte[] ivec )
     {
         return data;
     }

Modified: directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/GetPrincipalStoreEntry.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/GetPrincipalStoreEntry.java?view=diff&rev=521997&r1=521996&r2=521997
==============================================================================
--- directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/GetPrincipalStoreEntry.java (original)
+++ directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/GetPrincipalStoreEntry.java Sat Mar 24 02:04:51 2007
@@ -26,11 +26,13 @@
 import org.apache.directory.server.kerberos.shared.exceptions.KerberosException;
 import org.apache.directory.server.kerberos.shared.store.PrincipalStore;
 import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntry;
-import org.apache.directory.server.protocol.shared.chain.impl.CommandBase;
+import org.apache.mina.handler.chain.IoHandlerCommand;
 
 
-public abstract class GetPrincipalStoreEntry extends CommandBase
+public abstract class GetPrincipalStoreEntry implements IoHandlerCommand
 {
+    private String contextKey = "context";
+    
     public PrincipalStoreEntry getEntry( KerberosPrincipal principal, PrincipalStore store, ErrorType errorType )
         throws Exception
     {
@@ -51,5 +53,10 @@
         }
 
         return entry;
+    }
+
+    public String getContextKey()
+    {
+        return ( this.contextKey );
     }
 }

Modified: directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/LockBox.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/LockBox.java?view=diff&rev=521997&r1=521996&r2=521997
==============================================================================
--- directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/LockBox.java (original)
+++ directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/LockBox.java Sat Mar 24 02:04:51 2007
@@ -28,8 +28,6 @@
 
 import org.apache.directory.server.kerberos.shared.crypto.encryption.Des3CbcMd5Encryption;
 import org.apache.directory.server.kerberos.shared.crypto.encryption.Des3CbcSha1Encryption;
-import org.apache.directory.server.kerberos.shared.crypto.encryption.DesCbcCrcEncryption;
-import org.apache.directory.server.kerberos.shared.crypto.encryption.DesCbcMd4Encryption;
 import org.apache.directory.server.kerberos.shared.crypto.encryption.DesCbcMd5Encryption;
 import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionEngine;
 import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
@@ -106,8 +104,6 @@
     {
         Map map = new HashMap();
 
-        map.put( EncryptionType.DES_CBC_CRC, DesCbcCrcEncryption.class );
-        map.put( EncryptionType.DES_CBC_MD4, DesCbcMd4Encryption.class );
         map.put( EncryptionType.DES_CBC_MD5, DesCbcMd5Encryption.class );
         map.put( EncryptionType.DES3_CBC_MD5, Des3CbcMd5Encryption.class );
         map.put( EncryptionType.DES3_CBC_SHA1, Des3CbcSha1Encryption.class );
@@ -116,6 +112,14 @@
     }
 
 
+    /**
+     * Performs an encode and an encrypt.
+     *
+     * @param key The key to use for encrypting.
+     * @param encodable The Kerberos object to encode.
+     * @return The Kerberos EncryptedData.
+     * @throws KerberosException
+     */
     public EncryptedData seal( EncryptionKey key, Encodable encodable ) throws KerberosException
     {
         try
@@ -132,7 +136,15 @@
         }
     }
 
-
+    /**
+     * Perform a decrypt and a decode.
+     *
+     * @param hint The class the encrypted data is expected to contain.
+     * @param key The key to use for decryption.
+     * @param data The data to decrypt.
+     * @return The Kerberos object resulting from a successful decrypt and decode.
+     * @throws KerberosException
+     */
     public Encodable unseal( Class hint, EncryptionKey key, EncryptedData data ) throws KerberosException
     {
         try

Added: directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/SessionKeyFactory.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/SessionKeyFactory.java?view=auto&rev=521997
==============================================================================
--- directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/SessionKeyFactory.java (added)
+++ directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/SessionKeyFactory.java Sat Mar 24 02:04:51 2007
@@ -0,0 +1,143 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.directory.server.kerberos.shared.service;
+
+
+import java.security.InvalidKeyException;
+import java.security.SecureRandom;
+
+import javax.crypto.SecretKey;
+import javax.crypto.spec.DESKeySpec;
+import javax.crypto.spec.SecretKeySpec;
+
+import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
+import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
+
+
+/**
+ * Generates new random keys, suitable for use as session keys.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev$, $Date$
+ */
+public class SessionKeyFactory
+{
+    /**
+     * SecureRandom.nextBytes() is synchronized, making this safe for static use.
+     */
+    private static final SecureRandom random = new SecureRandom();
+
+
+    /**
+     * Get a new random session key.
+     *
+     * @return The new random session key.
+     */
+    public static EncryptionKey getSessionKey()
+    {
+        // Only need 7 bytes.  With parity will result in 8 bytes.
+        byte[] raw = new byte[7];
+
+        // SecureRandom.nextBytes is already synchronized
+        random.nextBytes( raw );
+
+        byte[] keyBytes = addParity( raw );
+
+        try
+        {
+            // check for weakness
+            if ( DESKeySpec.isWeak( keyBytes, 0 ) )
+            {
+                keyBytes = getStrongKey( keyBytes );
+            }
+        }
+        catch ( InvalidKeyException ike )
+        {
+            /*
+             * Will only get here if the key is null or less
+             * than 8 bytes, which won't ever happen.
+             */
+            return null;
+        }
+
+        SecretKey key = new SecretKeySpec( keyBytes, "DES" );
+        byte[] subSessionKey = key.getEncoded();
+
+        return new EncryptionKey( EncryptionType.DES_CBC_MD5, subSessionKey );
+    }
+
+
+    /**
+     * Adds parity to 7-bytes to form an 8-byte DES key.
+     *
+     * @param sevenBytes
+     * @return The 8-byte DES key with parity.
+     */
+    static byte[] addParity( byte[] sevenBytes )
+    {
+        byte[] result = new byte[8];
+
+        // Keeps track of the bit position in the result.
+        int resultIndex = 1;
+
+        // Used to keep track of the number of 1 bits in each 7-bit chunk.
+        int bitCount = 0;
+
+        // Process each of the 56 bits.
+        for ( int i = 0; i < 56; i++ )
+        {
+            // Get the bit at bit position i
+            boolean bit = ( sevenBytes[6 - i / 8] & ( 1 << ( i % 8 ) ) ) > 0;
+
+            // If set, set the corresponding bit in the result.
+            if ( bit )
+            {
+                result[7 - resultIndex / 8] |= ( 1 << ( resultIndex % 8 ) ) & 0xFF;
+                bitCount++;
+            }
+
+            // Set the parity bit after every 7 bits.
+            if ( ( i + 1 ) % 7 == 0 )
+            {
+                if ( bitCount % 2 == 0 )
+                {
+                    // Set low-order bit (parity bit) if bit count is even.
+                    result[7 - resultIndex / 8] |= 1;
+                }
+                resultIndex++;
+                bitCount = 0;
+            }
+            resultIndex++;
+        }
+
+        return result;
+    }
+
+
+    /**
+     * Corrects the weak key by exclusive OR with 0xF0 constant.
+     */
+    private static byte[] getStrongKey( byte keyValue[] )
+    {
+        keyValue[7] ^= 0xf0;
+
+        return keyValue;
+    }
+}
\ No newline at end of file

Modified: directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/VerifyAuthHeader.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/VerifyAuthHeader.java?view=diff&rev=521997&r1=521996&r2=521997
==============================================================================
--- directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/VerifyAuthHeader.java (original)
+++ directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/VerifyAuthHeader.java Sat Mar 24 02:04:51 2007
@@ -35,14 +35,19 @@
 import org.apache.directory.server.kerberos.shared.messages.value.KerberosTime;
 import org.apache.directory.server.kerberos.shared.messages.value.TicketFlags;
 import org.apache.directory.server.kerberos.shared.replay.ReplayCache;
-import org.apache.directory.server.protocol.shared.chain.impl.CommandBase;
+import org.apache.mina.handler.chain.IoHandlerCommand;
 
 
-/*
- * Shared by TGS and Changepw
+/**
+ * Shared by TGS and Changepw.
+ * 
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev$, $Date$
  */
-public abstract class VerifyAuthHeader extends CommandBase
+public abstract class VerifyAuthHeader implements IoHandlerCommand
 {
+    private String contextKey = "context";
+
     // RFC 1510 A.10.  KRB_AP_REQ verification
     public Authenticator verifyAuthHeader( ApplicationRequest authHeader, Ticket ticket, EncryptionKey serverKey,
         long clockSkew, ReplayCache replayCache, boolean emptyAddressesAllowed, InetAddress clientAddress,
@@ -139,5 +144,10 @@
         authHeader.setOption( ApOptions.MUTUAL_REQUIRED );
 
         return authenticator;
+    }
+
+    public String getContextKey()
+    {
+        return ( this.contextKey );
     }
 }

Modified: directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/VerifyTicket.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/VerifyTicket.java?view=diff&rev=521997&r1=521996&r2=521997
==============================================================================
--- directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/VerifyTicket.java (original)
+++ directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/VerifyTicket.java Sat Mar 24 02:04:51 2007
@@ -25,19 +25,29 @@
 import org.apache.directory.server.kerberos.shared.exceptions.ErrorType;
 import org.apache.directory.server.kerberos.shared.exceptions.KerberosException;
 import org.apache.directory.server.kerberos.shared.messages.components.Ticket;
-import org.apache.directory.server.protocol.shared.chain.impl.CommandBase;
+import org.apache.mina.handler.chain.IoHandlerCommand;
 
 
-/*
- * Shared by TGS and Changepw
+/**
+ * Shared by TGS and Changepw.
+ * 
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev$, $Date$
  */
-public abstract class VerifyTicket extends CommandBase
+public abstract class VerifyTicket implements IoHandlerCommand
 {
+    private String contextKey = "context";
+
     public void verifyTicket( Ticket ticket, String primaryRealm, KerberosPrincipal serverPrincipal ) throws Exception
     {
         if ( !ticket.getRealm().equals( primaryRealm ) && !ticket.getServerPrincipal().equals( serverPrincipal ) )
         {
             throw new KerberosException( ErrorType.KRB_AP_ERR_NOT_US );
         }
+    }
+    
+    public String getContextKey()
+    {
+        return ( this.contextKey );
     }
 }

Added: directory/apacheds/branches/1.0/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/service/LockBoxTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/1.0/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/service/LockBoxTest.java?view=auto&rev=521997
==============================================================================
--- directory/apacheds/branches/1.0/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/service/LockBoxTest.java (added)
+++ directory/apacheds/branches/1.0/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/service/LockBoxTest.java Sat Mar 24 02:04:51 2007
@@ -0,0 +1,105 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.directory.server.kerberos.shared.service;
+
+
+import javax.security.auth.kerberos.KerberosKey;
+import javax.security.auth.kerberos.KerberosPrincipal;
+
+import junit.framework.TestCase;
+
+import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
+import org.apache.directory.server.kerberos.shared.exceptions.KerberosException;
+import org.apache.directory.server.kerberos.shared.messages.value.EncryptedData;
+import org.apache.directory.server.kerberos.shared.messages.value.EncryptedTimeStamp;
+import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
+
+
+/**
+ * Test case for sealing and unsealing Kerberos CipherText.
+ * 
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev$, $Date$
+ */
+public class LockBoxTest extends TestCase
+{
+    private byte[] encryptedTimeStamp =
+        { ( byte ) 0x97, ( byte ) 0x21, ( byte ) 0x58, ( byte ) 0x5f, ( byte ) 0x81, ( byte ) 0x46, ( byte ) 0x17,
+            ( byte ) 0xa6, ( byte ) 0x4e, ( byte ) 0x8a, ( byte ) 0x5d, ( byte ) 0xe2, ( byte ) 0xf3, ( byte ) 0xd1,
+            ( byte ) 0x40, ( byte ) 0x30, ( byte ) 0x38, ( byte ) 0x5e, ( byte ) 0xb8, ( byte ) 0xf6, ( byte ) 0xad,
+            ( byte ) 0xd8, ( byte ) 0x7c, ( byte ) 0x30, ( byte ) 0xb0, ( byte ) 0x0d, ( byte ) 0x69, ( byte ) 0x71,
+            ( byte ) 0x08, ( byte ) 0xd5, ( byte ) 0x6a, ( byte ) 0x61, ( byte ) 0x1f, ( byte ) 0xee, ( byte ) 0x38,
+            ( byte ) 0xad, ( byte ) 0x43, ( byte ) 0x99, ( byte ) 0xae, ( byte ) 0xc2, ( byte ) 0xd2, ( byte ) 0xf5,
+            ( byte ) 0xb2, ( byte ) 0xb7, ( byte ) 0x95, ( byte ) 0x22, ( byte ) 0x93, ( byte ) 0x12, ( byte ) 0x63,
+            ( byte ) 0xd5, ( byte ) 0xf4, ( byte ) 0x39, ( byte ) 0xfa, ( byte ) 0x27, ( byte ) 0x6e, ( byte ) 0x8e };
+
+
+    /**
+     * Tests the unsealing of Kerberos CipherText with a good password.  After decryption and
+     * an integrity check, an attempt is made to decode the bytes as an EncryptedTimestamp.  The
+     * result is timestamp data.
+     */
+    public void testGoodPassword()
+    {
+        LockBox lockBox = new LockBox();
+        Class hint = EncryptedTimeStamp.class;
+        KerberosPrincipal principal = new KerberosPrincipal( "erodriguez@EXAMPLE.COM" );
+        KerberosKey kerberosKey = new KerberosKey( principal, "kerby".toCharArray(), "DES" );
+        EncryptionKey key = new EncryptionKey( EncryptionType.DES_CBC_MD5, kerberosKey.getEncoded() );
+        EncryptedData data = new EncryptedData( EncryptionType.DES_CBC_MD5, 0, encryptedTimeStamp );
+
+        try
+        {
+            EncryptedTimeStamp object = ( EncryptedTimeStamp ) lockBox.unseal( hint, key, data );
+            assertEquals( "TimeStamp", "20070322233107Z", object.getTimeStamp().toString() );
+            assertEquals( "MicroSeconds", 291067, object.getMicroSeconds() );
+        }
+        catch ( KerberosException ke )
+        {
+            fail( "Should not have caught exception." );
+        }
+    }
+
+
+    /**
+     * Tests the unsealing of Kerberos CipherText with a bad password.  After decryption, the
+     * checksum is tested and should fail on comparison, resulting in an integrity check error.
+     */
+    public void testBadPassword()
+    {
+        LockBox lockBox = new LockBox();
+        Class hint = EncryptedTimeStamp.class;
+        KerberosPrincipal principal = new KerberosPrincipal( "erodriguez@EXAMPLE.COM" );
+        KerberosKey kerberosKey = new KerberosKey( principal, "badpassword".toCharArray(), "DES" );
+        EncryptionKey key = new EncryptionKey( EncryptionType.DES_CBC_MD5, kerberosKey.getEncoded() );
+        EncryptedData data = new EncryptedData( EncryptionType.DES_CBC_MD5, 0, encryptedTimeStamp );
+
+        try
+        {
+            lockBox.unseal( hint, key, data );
+            fail( "Should have thrown exception." );
+        }
+        catch ( KerberosException ke )
+        {
+            assertEquals( "ErrorCode", 31, ke.getErrorCode() );
+        }
+    }
+}
+

Modified: directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/protocol/ChangePasswordProtocolHandler.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/protocol/ChangePasswordProtocolHandler.java?view=diff&rev=521997&r1=521996&r2=521997
==============================================================================
--- directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/protocol/ChangePasswordProtocolHandler.java (original)
+++ directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/protocol/ChangePasswordProtocolHandler.java Sat Mar 24 02:04:51 2007
@@ -29,11 +29,11 @@
 import org.apache.directory.server.changepw.service.ChangePasswordChain;
 import org.apache.directory.server.changepw.service.ChangePasswordContext;
 import org.apache.directory.server.kerberos.shared.store.PrincipalStore;
-import org.apache.directory.server.protocol.shared.chain.Command;
 import org.apache.mina.common.IdleStatus;
 import org.apache.mina.common.IoHandler;
 import org.apache.mina.common.IoSession;
 import org.apache.mina.filter.codec.ProtocolCodecFilter;
+import org.apache.mina.handler.chain.IoHandlerCommand;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -45,7 +45,8 @@
     private ChangePasswordConfiguration config;
     private PrincipalStore store;
 
-    private Command changepwService;
+    private IoHandlerCommand changepwService;
+    private String contextKey = "context";
 
 
     public ChangePasswordProtocolHandler(ChangePasswordConfiguration config, PrincipalStore store)
@@ -106,7 +107,7 @@
             changepwContext.setClientAddress( clientAddress );
             changepwContext.setRequest( request );
 
-            changepwService.execute( changepwContext );
+            changepwService.execute( null, session, message );
 
             session.write( changepwContext.getReply() );
         }
@@ -124,4 +125,10 @@
             log.debug( "{} SENT: {}", session.getRemoteAddress(), message );
         }
     }
+    
+    public String getContextKey()
+    {
+        return ( this.contextKey );
+    }
+
 }

Modified: directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/BuildReply.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/BuildReply.java?view=diff&rev=521997&r1=521996&r2=521997
==============================================================================
--- directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/BuildReply.java (original)
+++ directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/BuildReply.java Sat Mar 24 02:04:51 2007
@@ -38,21 +38,26 @@
 import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
 import org.apache.directory.server.kerberos.shared.messages.value.HostAddress;
 import org.apache.directory.server.kerberos.shared.service.LockBox;
-import org.apache.directory.server.protocol.shared.chain.Context;
-import org.apache.directory.server.protocol.shared.chain.impl.CommandBase;
+import org.apache.mina.common.IoSession;
+import org.apache.mina.handler.chain.IoHandlerCommand;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 
-public class BuildReply extends CommandBase
+/**
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev$, $Date$
+ */
+public class BuildReply implements IoHandlerCommand
 {
     /** the log for this class */
     private static final Logger log = LoggerFactory.getLogger( BuildReply.class );
 
+    private String contextKey = "context";
 
-    public boolean execute( Context context ) throws Exception
+    public void execute( NextCommand next, IoSession session, Object message ) throws Exception
     {
-        ChangePasswordContext changepwContext = ( ChangePasswordContext ) context;
+        ChangePasswordContext changepwContext = ( ChangePasswordContext ) session.getAttribute( getContextKey() );
 
         Authenticator authenticator = changepwContext.getAuthenticator();
         Ticket ticket = changepwContext.getTicket();
@@ -117,6 +122,12 @@
 
         changepwContext.setReply( replyModifier.getChangePasswordReply() );
 
-        return CONTINUE_CHAIN;
+        next.execute( session, message );
+    }
+
+
+    public String getContextKey()
+    {
+        return ( this.contextKey );
     }
 }

Modified: directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ChangePasswordChain.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ChangePasswordChain.java?view=diff&rev=521997&r1=521996&r2=521997
==============================================================================
--- directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ChangePasswordChain.java (original)
+++ directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ChangePasswordChain.java Sat Mar 24 02:04:51 2007
@@ -20,7 +20,7 @@
 package org.apache.directory.server.changepw.service;
 
 
-import org.apache.directory.server.protocol.shared.chain.impl.ChainBase;
+import org.apache.mina.handler.chain.IoHandlerChain;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -28,7 +28,7 @@
 /**
  * Kerberos Change Password and Set Password Protocols (RFC 3244)
  */
-public class ChangePasswordChain extends ChainBase
+public class ChangePasswordChain extends IoHandlerChain
 {
     /** the logger for this class */
     private static final Logger log = LoggerFactory.getLogger( ChangePasswordChain.class );
@@ -36,34 +36,31 @@
 
     public ChangePasswordChain()
     {
-        super();
-        addCommand( new ChangePasswordExceptionHandler() );
-
         if ( log.isDebugEnabled() )
         {
-            addCommand( new MonitorRequest() );
+            addLast( "monitorRequest", new MonitorRequest() );
         }
+        
+        addLast( "configureChangePasswordChain", new ConfigureChangePasswordChain() );
+        addLast( "getAuthHeader", new GetAuthHeader() );
+        addLast( "verifyServiceTicket", new VerifyServiceTicket() );
+        addLast( "getServerEntry", new GetServerEntry() );
+        addLast( "verifyServiceTicketAuthHeader", new VerifyServiceTicketAuthHeader() );
 
-        addCommand( new ConfigureChangePasswordChain() );
-        addCommand( new GetAuthHeader() );
-        addCommand( new VerifyServiceTicket() );
-        addCommand( new GetServerEntry() );
-        addCommand( new VerifyServiceTicketAuthHeader() );
-
-        addCommand( new ExtractPassword() );
+        addLast( "extractPassword", new ExtractPassword() );
 
         if ( log.isDebugEnabled() )
         {
-            addCommand( new MonitorContext() );
+            addLast( "monitorContext", new MonitorContext() );
         }
 
-        addCommand( new CheckPasswordPolicy() );
-        addCommand( new ProcessPasswordChange() );
-        addCommand( new BuildReply() );
+        addLast( "checkPasswordPolicy", new CheckPasswordPolicy() );
+        addLast( "processPasswordChange", new ProcessPasswordChange() );
+        addLast( "buildReply", new BuildReply() );
 
         if ( log.isDebugEnabled() )
         {
-            addCommand( new MonitorReply() );
+            addLast( "monitorReply", new MonitorReply() );
         }
     }
 }

Modified: directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/CheckPasswordPolicy.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/CheckPasswordPolicy.java?view=diff&rev=521997&r1=521996&r2=521997
==============================================================================
--- directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/CheckPasswordPolicy.java (original)
+++ directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/CheckPasswordPolicy.java Sat Mar 24 02:04:51 2007
@@ -30,8 +30,8 @@
 import org.apache.directory.server.changepw.exceptions.ChangePasswordException;
 import org.apache.directory.server.changepw.exceptions.ErrorType;
 import org.apache.directory.server.kerberos.shared.messages.components.Authenticator;
-import org.apache.directory.server.protocol.shared.chain.Context;
-import org.apache.directory.server.protocol.shared.chain.impl.CommandBase;
+import org.apache.mina.common.IoSession;
+import org.apache.mina.handler.chain.IoHandlerCommand;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -42,15 +42,16 @@
  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
  * @version $Rev$, $Date$
  */
-public class CheckPasswordPolicy extends CommandBase
+public class CheckPasswordPolicy implements IoHandlerCommand
 {
     /** the log for this class */
     private static final Logger log = LoggerFactory.getLogger( CheckPasswordPolicy.class );
 
+    private String contextKey = "context";
 
-    public boolean execute( Context context ) throws Exception
+    public void execute( NextCommand next, IoSession session, Object message ) throws Exception
     {
-        ChangePasswordContext changepwContext = ( ChangePasswordContext ) context;
+        ChangePasswordContext changepwContext = ( ChangePasswordContext ) session.getAttribute( getContextKey() );
 
         ChangePasswordConfiguration config = changepwContext.getConfig();
         Authenticator authenticator = changepwContext.getAuthenticator();
@@ -65,7 +66,7 @@
 
         if ( isValid( username, password, passwordLength, categoryCount, tokenSize ) )
         {
-            return CONTINUE_CHAIN;
+            next.execute( session, message );
         }
 
         String explanation = buildErrorMessage( username, password, passwordLength, categoryCount, tokenSize );
@@ -214,5 +215,10 @@
         }
 
         return sb.toString();
+    }
+
+    public String getContextKey()
+    {
+        return ( this.contextKey );
     }
 }

Modified: directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ConfigureChangePasswordChain.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ConfigureChangePasswordChain.java?view=diff&rev=521997&r1=521996&r2=521997
==============================================================================
--- directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ConfigureChangePasswordChain.java (original)
+++ directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ConfigureChangePasswordChain.java Sat Mar 24 02:04:51 2007
@@ -23,23 +23,33 @@
 import org.apache.directory.server.kerberos.shared.replay.InMemoryReplayCache;
 import org.apache.directory.server.kerberos.shared.replay.ReplayCache;
 import org.apache.directory.server.kerberos.shared.service.LockBox;
-import org.apache.directory.server.protocol.shared.chain.Context;
-import org.apache.directory.server.protocol.shared.chain.impl.CommandBase;
+import org.apache.mina.common.IoSession;
+import org.apache.mina.handler.chain.IoHandlerCommand;
 
-
-public class ConfigureChangePasswordChain extends CommandBase
+/**
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev$, $Date$
+ */
+public class ConfigureChangePasswordChain implements IoHandlerCommand
 {
     private static final ReplayCache replayCache = new InMemoryReplayCache();
     private static final LockBox lockBox = new LockBox();
 
+    private String contextKey = "context";
 
-    public boolean execute( Context context ) throws Exception
+    public void execute( NextCommand next, IoSession session, Object message ) throws Exception
     {
-        ChangePasswordContext changepwContext = ( ChangePasswordContext ) context;
+        ChangePasswordContext changepwContext = ( ChangePasswordContext ) session.getAttribute( getContextKey() );
 
         changepwContext.setReplayCache( replayCache );
         changepwContext.setLockBox( lockBox );
 
-        return CONTINUE_CHAIN;
+        next.execute( session, message );
+    }
+
+
+    public String getContextKey()
+    {
+        return ( this.contextKey );
     }
 }

Modified: directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ExtractPassword.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ExtractPassword.java?view=diff&rev=521997&r1=521996&r2=521997
==============================================================================
--- directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ExtractPassword.java (original)
+++ directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ExtractPassword.java Sat Mar 24 02:04:51 2007
@@ -34,21 +34,26 @@
 import org.apache.directory.server.kerberos.shared.messages.value.EncryptedData;
 import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
 import org.apache.directory.server.kerberos.shared.service.LockBox;
-import org.apache.directory.server.protocol.shared.chain.Context;
-import org.apache.directory.server.protocol.shared.chain.impl.CommandBase;
+import org.apache.mina.common.IoSession;
+import org.apache.mina.handler.chain.IoHandlerCommand;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 
-public class ExtractPassword extends CommandBase
+/**
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev$, $Date$
+ */
+public class ExtractPassword implements IoHandlerCommand
 {
     /** the log for this class */
     private static final Logger log = LoggerFactory.getLogger( ExtractPassword.class );
 
+    private String contextKey = "context";
 
-    public boolean execute( Context context ) throws Exception
+    public void execute( NextCommand next, IoSession session, Object message ) throws Exception
     {
-        ChangePasswordContext changepwContext = ( ChangePasswordContext ) context;
+        ChangePasswordContext changepwContext = ( ChangePasswordContext ) session.getAttribute( getContextKey() );
 
         ChangePasswordRequest request = ( ChangePasswordRequest ) changepwContext.getRequest();
         Authenticator authenticator = changepwContext.getAuthenticator();
@@ -103,6 +108,12 @@
             throw new ChangePasswordException( ErrorType.KRB5_KPASSWD_SOFTERROR );
         }
 
-        return CONTINUE_CHAIN;
+        next.execute( session, message );
+    }
+
+
+    public String getContextKey()
+    {
+        return ( this.contextKey );
     }
 }

Modified: directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/GetAuthHeader.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/GetAuthHeader.java?view=diff&rev=521997&r1=521996&r2=521997
==============================================================================
--- directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/GetAuthHeader.java (original)
+++ directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/GetAuthHeader.java Sat Mar 24 02:04:51 2007
@@ -23,18 +23,23 @@
 import org.apache.directory.server.changepw.messages.ChangePasswordRequest;
 import org.apache.directory.server.kerberos.shared.messages.ApplicationRequest;
 import org.apache.directory.server.kerberos.shared.messages.components.Ticket;
-import org.apache.directory.server.protocol.shared.chain.Context;
-import org.apache.directory.server.protocol.shared.chain.impl.CommandBase;
+import org.apache.mina.common.IoSession;
+import org.apache.mina.handler.chain.IoHandlerCommand;
 
 
-/*
- * differs from the TGS getAuthHeader by not verifying the presence of TGS_REQ
+/**
+ * Differs from the TGS getAuthHeader by not verifying the presence of TGS_REQ.
+ * 
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev$, $Date$
  */
-public class GetAuthHeader extends CommandBase
+public class GetAuthHeader implements IoHandlerCommand
 {
-    public boolean execute( Context context ) throws Exception
+    private String contextKey = "context";
+
+    public void execute( NextCommand next, IoSession session, Object message ) throws Exception
     {
-        ChangePasswordContext changepwContext = ( ChangePasswordContext ) context;
+        ChangePasswordContext changepwContext = ( ChangePasswordContext ) session.getAttribute( getContextKey() );
         ChangePasswordRequest request = ( ChangePasswordRequest ) changepwContext.getRequest();
 
         ApplicationRequest authHeader = request.getAuthHeader();
@@ -43,6 +48,12 @@
         changepwContext.setAuthHeader( authHeader );
         changepwContext.setTicket( ticket );
 
-        return CONTINUE_CHAIN;
+        next.execute( session, message );
+    }
+
+
+    public String getContextKey()
+    {
+        return ( this.contextKey );
     }
 }

Modified: directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/GetServerEntry.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/GetServerEntry.java?view=diff&rev=521997&r1=521996&r2=521997
==============================================================================
--- directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/GetServerEntry.java (original)
+++ directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/GetServerEntry.java Sat Mar 24 02:04:51 2007
@@ -25,20 +25,28 @@
 import org.apache.directory.server.kerberos.shared.exceptions.ErrorType;
 import org.apache.directory.server.kerberos.shared.service.GetPrincipalStoreEntry;
 import org.apache.directory.server.kerberos.shared.store.PrincipalStore;
-import org.apache.directory.server.protocol.shared.chain.Context;
+import org.apache.mina.common.IoSession;
 
 
 public class GetServerEntry extends GetPrincipalStoreEntry
 {
-    public boolean execute( Context context ) throws Exception
+    private String contextKey = "context";
+    
+    public void execute( NextCommand next, IoSession session, Object message ) throws Exception
     {
-        ChangePasswordContext changepwContext = ( ChangePasswordContext ) context;
+        ChangePasswordContext changepwContext = ( ChangePasswordContext ) session.getAttribute( getContextKey() );
 
         KerberosPrincipal principal = changepwContext.getTicket().getServerPrincipal();
         PrincipalStore store = changepwContext.getStore();
 
         changepwContext.setServerEntry( getEntry( principal, store, ErrorType.KDC_ERR_S_PRINCIPAL_UNKNOWN ) );
 
-        return CONTINUE_CHAIN;
+        next.execute( session, message );
+    }
+
+
+    public String getContextKey()
+    {
+        return ( this.contextKey );
     }
 }

Modified: directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/MonitorContext.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/MonitorContext.java?view=diff&rev=521997&r1=521996&r2=521997
==============================================================================
--- directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/MonitorContext.java (original)
+++ directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/MonitorContext.java Sat Mar 24 02:04:51 2007
@@ -32,25 +32,30 @@
 import org.apache.directory.server.kerberos.shared.replay.ReplayCache;
 import org.apache.directory.server.kerberos.shared.store.PrincipalStore;
 import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntry;
-import org.apache.directory.server.protocol.shared.chain.Context;
-import org.apache.directory.server.protocol.shared.chain.impl.CommandBase;
+import org.apache.mina.common.IoSession;
+import org.apache.mina.handler.chain.IoHandlerCommand;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 
-public class MonitorContext extends CommandBase
+/**
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev$, $Date$
+ */
+public class MonitorContext implements IoHandlerCommand
 {
     /** the log for this class */
     private static final Logger log = LoggerFactory.getLogger( MonitorContext.class );
 
+    private String contextKey = "context";
 
-    public boolean execute( Context context ) throws Exception
+    public void execute( NextCommand next, IoSession session, Object message ) throws Exception
     {
         if ( log.isDebugEnabled() )
         {
             try
             {
-                ChangePasswordContext changepwContext = ( ChangePasswordContext ) context;
+                ChangePasswordContext changepwContext = ( ChangePasswordContext ) session.getAttribute( getContextKey() );
 
                 PrincipalStore store = changepwContext.getStore();
                 ApplicationRequest authHeader = changepwContext.getAuthHeader();
@@ -105,6 +110,12 @@
             }
         }
 
-        return CONTINUE_CHAIN;
+        next.execute( session, message );
+    }
+
+
+    public String getContextKey()
+    {
+        return ( this.contextKey );
     }
 }

Modified: directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/MonitorReply.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/MonitorReply.java?view=diff&rev=521997&r1=521996&r2=521997
==============================================================================
--- directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/MonitorReply.java (original)
+++ directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/MonitorReply.java Sat Mar 24 02:04:51 2007
@@ -23,25 +23,30 @@
 import org.apache.directory.server.changepw.messages.ChangePasswordReply;
 import org.apache.directory.server.kerberos.shared.messages.application.ApplicationReply;
 import org.apache.directory.server.kerberos.shared.messages.application.PrivateMessage;
-import org.apache.directory.server.protocol.shared.chain.Context;
-import org.apache.directory.server.protocol.shared.chain.impl.CommandBase;
+import org.apache.mina.common.IoSession;
+import org.apache.mina.handler.chain.IoHandlerCommand;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 
-public class MonitorReply extends CommandBase
+/**
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev$, $Date$
+ */
+public class MonitorReply implements IoHandlerCommand
 {
     /** the log for this class */
     private static final Logger log = LoggerFactory.getLogger( MonitorReply.class );
 
+    private String contextKey = "context";
 
-    public boolean execute( Context context ) throws Exception
+    public void execute( NextCommand next, IoSession session, Object message ) throws Exception
     {
         if ( log.isDebugEnabled() )
         {
             try
             {
-                ChangePasswordContext changepwContext = ( ChangePasswordContext ) context;
+                ChangePasswordContext changepwContext = ( ChangePasswordContext ) session.getAttribute( getContextKey() );
 
                 ChangePasswordReply reply = ( ChangePasswordReply ) changepwContext.getReply();
                 ApplicationReply appReply = reply.getApplicationReply();
@@ -61,6 +66,12 @@
             }
         }
 
-        return CONTINUE_CHAIN;
+        next.execute( session, message );
+    }
+
+
+    public String getContextKey()
+    {
+        return ( this.contextKey );
     }
 }

Modified: directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/MonitorRequest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/MonitorRequest.java?view=diff&rev=521997&r1=521996&r2=521997
==============================================================================
--- directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/MonitorRequest.java (original)
+++ directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/MonitorRequest.java Sat Mar 24 02:04:51 2007
@@ -21,25 +21,30 @@
 
 
 import org.apache.directory.server.changepw.messages.ChangePasswordRequest;
-import org.apache.directory.server.protocol.shared.chain.Context;
-import org.apache.directory.server.protocol.shared.chain.impl.CommandBase;
+import org.apache.mina.common.IoSession;
+import org.apache.mina.handler.chain.IoHandlerCommand;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 
-public class MonitorRequest extends CommandBase
+/**
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev$, $Date$
+ */
+public class MonitorRequest implements IoHandlerCommand
 {
     /** the log for this class */
     private static final Logger log = LoggerFactory.getLogger( MonitorRequest.class );
 
+    private String contextKey = "context";
 
-    public boolean execute( Context context ) throws Exception
+    public void execute( NextCommand next, IoSession session, Object message ) throws Exception
     {
         if ( log.isDebugEnabled() )
         {
             try
             {
-                ChangePasswordContext changepwContext = ( ChangePasswordContext ) context;
+                ChangePasswordContext changepwContext = ( ChangePasswordContext ) session.getAttribute( getContextKey() );
 
                 ChangePasswordRequest request = ( ChangePasswordRequest ) changepwContext.getRequest();
                 short authHeaderLength = request.getAuthHeaderLength();
@@ -61,6 +66,12 @@
             }
         }
 
-        return CONTINUE_CHAIN;
+        next.execute( session, message );
+    }
+
+
+    public String getContextKey()
+    {
+        return ( this.contextKey );
     }
 }

Modified: directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ProcessPasswordChange.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ProcessPasswordChange.java?view=diff&rev=521997&r1=521996&r2=521997
==============================================================================
--- directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ProcessPasswordChange.java (original)
+++ directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ProcessPasswordChange.java Sat Mar 24 02:04:51 2007
@@ -27,21 +27,26 @@
 import org.apache.directory.server.changepw.exceptions.ErrorType;
 import org.apache.directory.server.kerberos.shared.messages.components.Authenticator;
 import org.apache.directory.server.kerberos.shared.store.PrincipalStore;
-import org.apache.directory.server.protocol.shared.chain.Context;
-import org.apache.directory.server.protocol.shared.chain.impl.CommandBase;
+import org.apache.mina.common.IoSession;
+import org.apache.mina.handler.chain.IoHandlerCommand;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 
-public class ProcessPasswordChange extends CommandBase
+/**
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev$, $Date$
+ */
+public class ProcessPasswordChange implements IoHandlerCommand
 {
     /** the log for this class */
     private static final Logger log = LoggerFactory.getLogger( ProcessPasswordChange.class );
 
+    private String contextKey = "context";
 
-    public boolean execute( Context context ) throws Exception
+    public void execute( NextCommand next, IoSession session, Object message ) throws Exception
     {
-        ChangePasswordContext changepwContext = ( ChangePasswordContext ) context;
+        ChangePasswordContext changepwContext = ( ChangePasswordContext ) session.getAttribute( getContextKey() );
 
         PrincipalStore store = changepwContext.getStore();
         Authenticator authenticator = changepwContext.getAuthenticator();
@@ -67,6 +72,12 @@
             throw new ChangePasswordException( ErrorType.KRB5_KPASSWD_HARDERROR );
         }
 
-        return CONTINUE_CHAIN;
+        next.execute( session, message );
+    }
+
+
+    public String getContextKey()
+    {
+        return ( this.contextKey );
     }
 }

Modified: directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/VerifyServiceTicket.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/VerifyServiceTicket.java?view=diff&rev=521997&r1=521996&r2=521997
==============================================================================
--- directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/VerifyServiceTicket.java (original)
+++ directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/VerifyServiceTicket.java Sat Mar 24 02:04:51 2007
@@ -25,14 +25,16 @@
 import org.apache.directory.server.changepw.ChangePasswordConfiguration;
 import org.apache.directory.server.kerberos.shared.messages.components.Ticket;
 import org.apache.directory.server.kerberos.shared.service.VerifyTicket;
-import org.apache.directory.server.protocol.shared.chain.Context;
+import org.apache.mina.common.IoSession;
 
 
 public class VerifyServiceTicket extends VerifyTicket
 {
-    public boolean execute( Context context ) throws Exception
+    private String contextKey = "context";
+
+    public void execute( NextCommand next, IoSession session, Object message ) throws Exception
     {
-        ChangePasswordContext changepwContext = ( ChangePasswordContext ) context;
+        ChangePasswordContext changepwContext = ( ChangePasswordContext ) session.getAttribute( getContextKey() );
         ChangePasswordConfiguration config = changepwContext.getConfig();
         Ticket ticket = changepwContext.getTicket();
         String primaryRealm = config.getPrimaryRealm();
@@ -40,6 +42,11 @@
 
         verifyTicket( ticket, primaryRealm, changepwPrincipal );
 
-        return CONTINUE_CHAIN;
+        next.execute( session, message );
+    }
+    
+    public String getContextKey()
+    {
+        return ( this.contextKey );
     }
 }

Modified: directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/VerifyServiceTicketAuthHeader.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/VerifyServiceTicketAuthHeader.java?view=diff&rev=521997&r1=521996&r2=521997
==============================================================================
--- directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/VerifyServiceTicketAuthHeader.java (original)
+++ directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/VerifyServiceTicketAuthHeader.java Sat Mar 24 02:04:51 2007
@@ -29,14 +29,16 @@
 import org.apache.directory.server.kerberos.shared.replay.ReplayCache;
 import org.apache.directory.server.kerberos.shared.service.LockBox;
 import org.apache.directory.server.kerberos.shared.service.VerifyAuthHeader;
-import org.apache.directory.server.protocol.shared.chain.Context;
+import org.apache.mina.common.IoSession;
 
 
 public class VerifyServiceTicketAuthHeader extends VerifyAuthHeader
 {
-    public boolean execute( Context context ) throws Exception
+    private String contextKey = "context";
+
+    public void execute( NextCommand next, IoSession session, Object message ) throws Exception
     {
-        ChangePasswordContext changepwContext = ( ChangePasswordContext ) context;
+        ChangePasswordContext changepwContext = ( ChangePasswordContext ) session.getAttribute( getContextKey() );
 
         ApplicationRequest authHeader = changepwContext.getAuthHeader();
         Ticket ticket = changepwContext.getTicket();
@@ -52,6 +54,12 @@
 
         changepwContext.setAuthenticator( authenticator );
 
-        return CONTINUE_CHAIN;
+        next.execute( session, message );
+    }
+
+
+    public String getContextKey()
+    {
+        return ( this.contextKey );
     }
 }

Modified: directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/MonitorReply.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/MonitorReply.java?view=diff&rev=521997&r1=521996&r2=521997
==============================================================================
--- directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/MonitorReply.java (original)
+++ directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/MonitorReply.java Sat Mar 24 02:04:51 2007
@@ -22,38 +22,43 @@
 
 import org.apache.directory.server.kerberos.shared.messages.ErrorMessage;
 import org.apache.directory.server.kerberos.shared.messages.KdcReply;
-import org.apache.directory.server.protocol.shared.chain.Context;
-import org.apache.directory.server.protocol.shared.chain.impl.CommandBase;
+import org.apache.mina.common.IoSession;
+import org.apache.mina.handler.chain.IoHandlerCommand;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 
-public class MonitorReply extends CommandBase
+/**
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev$, $Date$
+ */
+public class MonitorReply implements IoHandlerCommand
 {
     /** the log for this class */
     private static final Logger log = LoggerFactory.getLogger( MonitorReply.class );
 
+    private String contextKey = "context";
 
-    public boolean execute( Context context ) throws Exception
+    public void execute( NextCommand next, IoSession session, Object message ) throws Exception
     {
-        KdcContext kdcContext = ( KdcContext ) context;
-        Object message = kdcContext.getReply();
+        KdcContext kdcContext = ( KdcContext ) session.getAttribute( getContextKey() );
+        Object reply = kdcContext.getReply();
 
-        if ( message instanceof KdcReply )
+        if ( reply instanceof KdcReply )
         {
-            KdcReply reply = ( KdcReply ) message;
+            KdcReply success = ( KdcReply ) message;
 
             if ( log.isDebugEnabled() )
             {
                 log.debug( "Responding to authentication request with reply:" + "\n\tclient realm:          "
-                    + reply.getClientRealm() + "\n\tserver realm:          " + reply.getServerRealm()
-                    + "\n\tserverPrincipal:       " + reply.getServerPrincipal() + "\n\tclientPrincipal:       "
-                    + reply.getClientPrincipal() + "\n\thostAddresses:         " + reply.getClientAddresses()
-                    + "\n\tstart time:            " + reply.getStartTime() + "\n\tend time:              "
-                    + reply.getEndTime() + "\n\tauth time:             " + reply.getAuthTime()
-                    + "\n\trenew till time:       " + reply.getRenewTill() + "\n\tmessageType:           "
-                    + reply.getMessageType() + "\n\tnonce:                 " + reply.getNonce()
-                    + "\n\tprotocolVersionNumber: " + reply.getProtocolVersionNumber() );
+                    + success.getClientRealm() + "\n\tserver realm:          " + success.getServerRealm()
+                    + "\n\tserverPrincipal:       " + success.getServerPrincipal() + "\n\tclientPrincipal:       "
+                    + success.getClientPrincipal() + "\n\thostAddresses:         " + success.getClientAddresses()
+                    + "\n\tstart time:            " + success.getStartTime() + "\n\tend time:              "
+                    + success.getEndTime() + "\n\tauth time:             " + success.getAuthTime()
+                    + "\n\trenew till time:       " + success.getRenewTill() + "\n\tmessageType:           "
+                    + success.getMessageType() + "\n\tnonce:                 " + success.getNonce()
+                    + "\n\tprotocolVersionNumber: " + success.getProtocolVersionNumber() );
             }
         }
         else
@@ -73,6 +78,12 @@
             }
         }
 
-        return CONTINUE_CHAIN;
+        next.execute( session, message );
+    }
+
+
+    public String getContextKey()
+    {
+        return ( this.contextKey );
     }
 }

Modified: directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/MonitorRequest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/MonitorRequest.java?view=diff&rev=521997&r1=521996&r2=521997
==============================================================================
--- directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/MonitorRequest.java (original)
+++ directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/MonitorRequest.java Sat Mar 24 02:04:51 2007
@@ -22,21 +22,22 @@
 
 import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
 import org.apache.directory.server.kerberos.shared.messages.KdcRequest;
-import org.apache.directory.server.protocol.shared.chain.Context;
-import org.apache.directory.server.protocol.shared.chain.impl.CommandBase;
+import org.apache.mina.common.IoSession;
+import org.apache.mina.handler.chain.IoHandlerCommand;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 
-public class MonitorRequest extends CommandBase
+public class MonitorRequest implements IoHandlerCommand
 {
     /** the log for this class */
     private static final Logger log = LoggerFactory.getLogger( MonitorRequest.class );
 
+    private String contextKey = "context";
 
-    public boolean execute( Context context ) throws Exception
+    public void execute( NextCommand next, IoSession session, Object message ) throws Exception
     {
-        KdcContext kdcContext = ( KdcContext ) context;
+        KdcContext kdcContext = ( KdcContext ) session.getAttribute( getContextKey() );
         KdcRequest request = kdcContext.getRequest();
         String clientAddress = kdcContext.getClientAddress().getHostAddress();
 
@@ -53,7 +54,7 @@
                 + request.getProtocolVersionNumber() + "\n\ttill:                  " + request.getTill() );
         }
 
-        return CONTINUE_CHAIN;
+        next.execute( session, message );
     }
 
 
@@ -74,5 +75,10 @@
         }
 
         return sb.toString();
+    }
+    
+    public String getContextKey()
+    {
+        return ( this.contextKey );
     }
 }

Modified: directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationServiceChain.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationServiceChain.java?view=diff&rev=521997&r1=521996&r2=521997
==============================================================================
--- directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationServiceChain.java (original)
+++ directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationServiceChain.java Sat Mar 24 02:04:51 2007
@@ -22,24 +22,22 @@
 
 import org.apache.directory.server.kerberos.kdc.MonitorRequest;
 import org.apache.directory.server.kerberos.kdc.preauthentication.PreAuthenticationChain;
-import org.apache.directory.server.protocol.shared.chain.impl.ChainBase;
+import org.apache.mina.handler.chain.IoHandlerChain;
 
 
-public class AuthenticationServiceChain extends ChainBase
+public class AuthenticationServiceChain extends IoHandlerChain
 {
     public AuthenticationServiceChain()
     {
-        super();
-        addCommand( new AuthenticationExceptionHandler() );
-        addCommand( new MonitorRequest() );
-        addCommand( new ConfigureAuthenticationChain() );
-        addCommand( new GetClientEntry() );
-        addCommand( new VerifyPolicy() );
-        addCommand( new PreAuthenticationChain() );
-        addCommand( new GetServerEntry() );
-        addCommand( new GetSessionKey() );
-        addCommand( new GenerateTicket() );
-        addCommand( new BuildReply() );
-        addCommand( new SealReply() );
+        addLast( "monitorRequest", new MonitorRequest() );
+        addLast( "configureAuthenticationChain", new ConfigureAuthenticationChain() );
+        addLast( "getClientEntry", new GetClientEntry() );
+        addLast( "verifyPolicy", new VerifyPolicy() );
+        addLast( "preAuthenticationChain", new PreAuthenticationChain() );
+        addLast( "getServerEntry", new GetServerEntry() );
+        addLast( "getSessionKey", new GetSessionKey() );
+        addLast( "generateTicket", new GenerateTicket() );
+        addLast( "buildReply", new BuildReply() );
+        addLast( "sealReply", new SealReply() );
     }
 }



Mime
View raw message