Return-Path: Delivered-To: apmail-directory-commits-archive@www.apache.org Received: (qmail 46615 invoked from network); 24 Mar 2007 09:05:19 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 24 Mar 2007 09:05:18 -0000 Received: (qmail 63042 invoked by uid 500); 24 Mar 2007 09:05:26 -0000 Delivered-To: apmail-directory-commits-archive@directory.apache.org Received: (qmail 62993 invoked by uid 500); 24 Mar 2007 09:05:26 -0000 Mailing-List: contact commits-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@directory.apache.org Delivered-To: mailing list commits@directory.apache.org Received: (qmail 62982 invoked by uid 99); 24 Mar 2007 09:05:26 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 24 Mar 2007 02:05:26 -0700 X-ASF-Spam-Status: No, hits=-99.5 required=10.0 tests=ALL_TRUSTED,NO_REAL_NAME X-Spam-Check-By: apache.org Received: from [140.211.11.3] (HELO eris.apache.org) (140.211.11.3) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 24 Mar 2007 02:05:15 -0700 Received: by eris.apache.org (Postfix, from userid 65534) id 9F5681A9838; Sat, 24 Mar 2007 02:04:55 -0700 (PDT) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r521997 [1/2] - in /directory/apacheds/branches/1.0: kerberos-shared/ kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/ kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypt... Date: Sat, 24 Mar 2007 09:04:54 -0000 To: commits@directory.apache.org From: elecharny@apache.org X-Mailer: svnmailer-1.1.0 Message-Id: <20070324090455.9F5681A9838@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: elecharny Date: Sat Mar 24 02:04:51 2007 New Revision: 521997 URL: http://svn.apache.org/viewvc?view=rev&rev=521997 Log: Backported Enrique modifications in 1.0 version. Lot of modifications, because the classes now inherit IoHandler. No more need of BouncyCastle in our code, except in Shared. Added: directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/SessionKeyFactory.java directory/apacheds/branches/1.0/kerberos-shared/src/test/ directory/apacheds/branches/1.0/kerberos-shared/src/test/java/ directory/apacheds/branches/1.0/kerberos-shared/src/test/java/org/ directory/apacheds/branches/1.0/kerberos-shared/src/test/java/org/apache/ directory/apacheds/branches/1.0/kerberos-shared/src/test/java/org/apache/directory/ directory/apacheds/branches/1.0/kerberos-shared/src/test/java/org/apache/directory/server/ directory/apacheds/branches/1.0/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/ directory/apacheds/branches/1.0/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/ directory/apacheds/branches/1.0/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/service/ directory/apacheds/branches/1.0/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/service/LockBoxTest.java Removed: directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/Crc32Checksum.java directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/RsaMd4Checksum.java directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/DesCbcCrcEncryption.java directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/DesCbcMd4Encryption.java directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/DesStringToKey.java Modified: directory/apacheds/branches/1.0/kerberos-shared/pom.xml directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/ChecksumEngine.java directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/RsaMd5Checksum.java directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/Sha1Checksum.java directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/Des3CbcEncryption.java directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/DesCbcEncryption.java directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/EncryptionEngine.java directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/EncryptionEngineFactory.java directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/NullEncryption.java directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/GetPrincipalStoreEntry.java directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/LockBox.java directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/VerifyAuthHeader.java directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/VerifyTicket.java directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/protocol/ChangePasswordProtocolHandler.java directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/BuildReply.java directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ChangePasswordChain.java directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/CheckPasswordPolicy.java directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ConfigureChangePasswordChain.java directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ExtractPassword.java directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/GetAuthHeader.java directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/GetServerEntry.java directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/MonitorContext.java directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/MonitorReply.java directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/MonitorRequest.java directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ProcessPasswordChange.java directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/VerifyServiceTicket.java directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/VerifyServiceTicketAuthHeader.java directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/MonitorReply.java directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/MonitorRequest.java directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationServiceChain.java directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/BuildReply.java directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/ConfigureAuthenticationChain.java directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/GenerateTicket.java directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/GetClientEntry.java directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/GetServerEntry.java directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/GetSessionKey.java directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/SealReply.java directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/VerifyPolicy.java directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/preauthentication/PreAuthenticationChain.java directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/preauthentication/VerifierBase.java directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/preauthentication/VerifyEncryptedTimestamp.java directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/preauthentication/VerifySam.java directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/BuildReply.java directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/ConfigureTicketGrantingChain.java directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/GenerateTicket.java directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/GetAuthHeader.java directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/GetRequestPrincipalEntry.java directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/GetSessionKey.java directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/GetTicketPrincipalEntry.java directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/MonitorContext.java directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/SealReply.java directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/TicketGrantingServiceChain.java directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/VerifyBodyChecksum.java directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/VerifyTgt.java directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/VerifyTgtAuthHeader.java directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/protocol/KerberosProtocolHandler.java Modified: directory/apacheds/branches/1.0/kerberos-shared/pom.xml URL: http://svn.apache.org/viewvc/directory/apacheds/branches/1.0/kerberos-shared/pom.xml?view=diff&rev=521997&r1=521996&r2=521997 ============================================================================== --- directory/apacheds/branches/1.0/kerberos-shared/pom.xml (original) +++ directory/apacheds/branches/1.0/kerberos-shared/pom.xml Sat Mar 24 02:04:51 2007 @@ -14,10 +14,6 @@ jar - bouncycastle - lcrypto-jdk14 - - org.apache.mina mina-core Modified: directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/ChecksumEngine.java URL: http://svn.apache.org/viewvc/directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/ChecksumEngine.java?view=diff&rev=521997&r1=521996&r2=521997 ============================================================================== --- directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/ChecksumEngine.java (original) +++ directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/ChecksumEngine.java Sat Mar 24 02:04:51 2007 @@ -20,15 +20,16 @@ package org.apache.directory.server.kerberos.shared.crypto.checksum; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; + import org.apache.directory.server.kerberos.shared.crypto.encryption.CipherType; -import org.bouncycastle.crypto.Digest; public abstract class ChecksumEngine { - public abstract Digest getDigest(); - - + public abstract MessageDigest getDigest() throws NoSuchAlgorithmException; + public abstract ChecksumType checksumType(); @@ -55,12 +56,14 @@ public byte[] calculateChecksum( byte[] data ) { - Digest digester = getDigest(); - - digester.reset(); - digester.update( data, 0, data.length ); - byte[] returnValue = new byte[digester.getDigestSize()]; - digester.doFinal( returnValue, 0 ); - return returnValue; + try + { + MessageDigest digester = getDigest(); + return digester.digest( data ); + } + catch ( NoSuchAlgorithmException nsae ) + { + return null; + } } } Modified: directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/RsaMd5Checksum.java URL: http://svn.apache.org/viewvc/directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/RsaMd5Checksum.java?view=diff&rev=521997&r1=521996&r2=521997 ============================================================================== --- directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/RsaMd5Checksum.java (original) +++ directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/RsaMd5Checksum.java Sat Mar 24 02:04:51 2007 @@ -19,17 +19,17 @@ */ package org.apache.directory.server.kerberos.shared.crypto.checksum; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; import org.apache.directory.server.kerberos.shared.crypto.encryption.CipherType; -import org.bouncycastle.crypto.Digest; -import org.bouncycastle.crypto.digests.MD5Digest; public class RsaMd5Checksum extends ChecksumEngine { - public Digest getDigest() + public MessageDigest getDigest() throws NoSuchAlgorithmException { - return new MD5Digest(); + return MessageDigest.getInstance( "MD5" ); } Modified: directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/Sha1Checksum.java URL: http://svn.apache.org/viewvc/directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/Sha1Checksum.java?view=diff&rev=521997&r1=521996&r2=521997 ============================================================================== --- directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/Sha1Checksum.java (original) +++ directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/Sha1Checksum.java Sat Mar 24 02:04:51 2007 @@ -20,16 +20,17 @@ package org.apache.directory.server.kerberos.shared.crypto.checksum; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; + import org.apache.directory.server.kerberos.shared.crypto.encryption.CipherType; -import org.bouncycastle.crypto.Digest; -import org.bouncycastle.crypto.digests.SHA1Digest; public class Sha1Checksum extends ChecksumEngine { - public Digest getDigest() + public MessageDigest getDigest() throws NoSuchAlgorithmException { - return new SHA1Digest(); + return MessageDigest.getInstance( "SHA1" ); } Modified: directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/Des3CbcEncryption.java URL: http://svn.apache.org/viewvc/directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/Des3CbcEncryption.java?view=diff&rev=521997&r1=521996&r2=521997 ============================================================================== --- directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/Des3CbcEncryption.java (original) +++ directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/Des3CbcEncryption.java Sat Mar 24 02:04:51 2007 @@ -19,16 +19,15 @@ */ package org.apache.directory.server.kerberos.shared.crypto.encryption; +import java.security.GeneralSecurityException; -import org.bouncycastle.crypto.BlockCipher; -import org.bouncycastle.crypto.engines.DESedeEngine; - +import javax.crypto.Cipher; public abstract class Des3CbcEncryption extends EncryptionEngine { - public BlockCipher getBlockCipher() + public Cipher getCipher() throws GeneralSecurityException { - return new DESedeEngine(); + return Cipher.getInstance( "DESede/CBC/NoPadding" ); } Modified: directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/DesCbcEncryption.java URL: http://svn.apache.org/viewvc/directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/DesCbcEncryption.java?view=diff&rev=521997&r1=521996&r2=521997 ============================================================================== --- directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/DesCbcEncryption.java (original) +++ directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/DesCbcEncryption.java Sat Mar 24 02:04:51 2007 @@ -19,16 +19,16 @@ */ package org.apache.directory.server.kerberos.shared.crypto.encryption; +import java.security.GeneralSecurityException; -import org.bouncycastle.crypto.BlockCipher; -import org.bouncycastle.crypto.engines.DESEngine; +import javax.crypto.Cipher; public abstract class DesCbcEncryption extends EncryptionEngine { - public BlockCipher getBlockCipher() + public Cipher getCipher() throws GeneralSecurityException { - return new DESEngine(); + return Cipher.getInstance( "DES/CBC/NoPadding" ); } Modified: directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/EncryptionEngine.java URL: http://svn.apache.org/viewvc/directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/EncryptionEngine.java?view=diff&rev=521997&r1=521996&r2=521997 ============================================================================== --- directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/EncryptionEngine.java (original) +++ directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/EncryptionEngine.java Sat Mar 24 02:04:51 2007 @@ -20,16 +20,22 @@ package org.apache.directory.server.kerberos.shared.crypto.encryption; +import java.security.GeneralSecurityException; import java.security.SecureRandom; +import java.security.spec.AlgorithmParameterSpec; +import java.util.Arrays; + +import javax.crypto.Cipher; +import javax.crypto.SecretKey; +import javax.crypto.spec.IvParameterSpec; +import javax.crypto.spec.SecretKeySpec; import org.apache.directory.server.kerberos.shared.crypto.checksum.ChecksumEngine; import org.apache.directory.server.kerberos.shared.crypto.checksum.ChecksumType; +import org.apache.directory.server.kerberos.shared.exceptions.ErrorType; +import org.apache.directory.server.kerberos.shared.exceptions.KerberosException; import org.apache.directory.server.kerberos.shared.messages.value.EncryptedData; import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey; -import org.bouncycastle.crypto.BlockCipher; -import org.bouncycastle.crypto.modes.CBCBlockCipher; -import org.bouncycastle.crypto.params.KeyParameter; -import org.bouncycastle.crypto.params.ParametersWithIV; public abstract class EncryptionEngine @@ -40,7 +46,7 @@ public abstract ChecksumEngine getChecksumEngine(); - public abstract BlockCipher getBlockCipher(); + public abstract Cipher getCipher() throws GeneralSecurityException; public abstract EncryptionType encryptionType(); @@ -67,10 +73,29 @@ public abstract int keySize(); - public byte[] getDecryptedData( EncryptionKey key, EncryptedData data ) + public byte[] getDecryptedData( EncryptionKey key, EncryptedData data ) throws KerberosException { byte[] decryptedData = decrypt( data.getCipherText(), key.getKeyValue() ); + // extract the old checksum + byte[] oldChecksum = new byte[checksumSize()]; + System.arraycopy( decryptedData, confounderSize(), oldChecksum, 0, oldChecksum.length ); + + // zero out the old checksum in the cipher text + for ( int i = confounderSize(); i < confounderSize() + checksumSize(); i++ ) + { + decryptedData[i] = 0; + } + + // calculate a new checksum + byte[] newChecksum = calculateChecksum( decryptedData ); + + // compare checksums + if ( !Arrays.equals( oldChecksum, newChecksum ) ) + { + throw new KerberosException( ErrorType.KRB_AP_ERR_BAD_INTEGRITY ); + } + return removeBytes( decryptedData, confounderSize(), checksumSize() ); } @@ -98,13 +123,13 @@ private byte[] encrypt( byte[] data, byte[] key ) { - return processBlockCipher( true, data, key, null ); + return processCipher( true, data, key ); } private byte[] decrypt( byte[] data, byte[] key ) { - return processBlockCipher( false, data, key, null ); + return processCipher( false, data, key ); } @@ -190,39 +215,33 @@ } - private byte[] processBlockCipher( boolean encrypt, byte[] data, byte[] key, byte[] ivec ) + private byte[] processCipher( boolean encrypt, byte[] data, byte[] keyBytes ) { - byte[] returnData = new byte[data.length]; - CBCBlockCipher cbcCipher = new CBCBlockCipher( getBlockCipher() ); - KeyParameter keyParameter = new KeyParameter( key ); - - if ( ivec != null ) + try { - ParametersWithIV kpWithIV = new ParametersWithIV( keyParameter, ivec ); - cbcCipher.init( encrypt, kpWithIV ); - } - else - { - cbcCipher.init( encrypt, keyParameter ); - } - - int offset = 0; - int processedBytesLength = 0; + Cipher cipher = getCipher(); + SecretKey key = new SecretKeySpec( keyBytes, "DES" ); + + byte[] iv = new byte[] + { ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00, + ( byte ) 0x00, ( byte ) 0x00 }; + AlgorithmParameterSpec paramSpec = new IvParameterSpec( iv ); - while ( offset < returnData.length ) - { - try + if ( encrypt ) { - processedBytesLength = cbcCipher.processBlock( data, offset, returnData, offset ); - offset += processedBytesLength; + cipher.init( Cipher.ENCRYPT_MODE, key, paramSpec ); } - catch ( Exception e ) + else { - e.printStackTrace(); - break; + cipher.init( Cipher.DECRYPT_MODE, key, paramSpec ); } - } + byte[] finalBytes = cipher.doFinal( data ); - return returnData; + return finalBytes; + } + catch ( GeneralSecurityException nsae ) + { + return null; + } } } Modified: directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/EncryptionEngineFactory.java URL: http://svn.apache.org/viewvc/directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/EncryptionEngineFactory.java?view=diff&rev=521997&r1=521996&r2=521997 ============================================================================== --- directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/EncryptionEngineFactory.java (original) +++ directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/EncryptionEngineFactory.java Sat Mar 24 02:04:51 2007 @@ -35,10 +35,6 @@ { case 0: return new NullEncryption(); - case 1: - return new DesCbcCrcEncryption(); - case 2: - return new DesCbcMd4Encryption(); case 3: return new DesCbcMd5Encryption(); case 5: Modified: directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/NullEncryption.java URL: http://svn.apache.org/viewvc/directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/NullEncryption.java?view=diff&rev=521997&r1=521996&r2=521997 ============================================================================== --- directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/NullEncryption.java (original) +++ directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/NullEncryption.java Sat Mar 24 02:04:51 2007 @@ -20,14 +20,15 @@ package org.apache.directory.server.kerberos.shared.crypto.encryption; +import javax.crypto.Cipher; + import org.apache.directory.server.kerberos.shared.crypto.checksum.ChecksumEngine; import org.apache.directory.server.kerberos.shared.crypto.checksum.ChecksumType; -import org.bouncycastle.crypto.BlockCipher; public class NullEncryption extends EncryptionEngine { - public BlockCipher getBlockCipher() + public Cipher getCipher() { return null; } @@ -87,7 +88,7 @@ } - protected byte[] processBlockCipher( boolean encrypt, byte[] data, byte[] key, byte[] ivec ) + protected byte[] processCipher( boolean encrypt, byte[] data, byte[] key, byte[] ivec ) { return data; } Modified: directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/GetPrincipalStoreEntry.java URL: http://svn.apache.org/viewvc/directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/GetPrincipalStoreEntry.java?view=diff&rev=521997&r1=521996&r2=521997 ============================================================================== --- directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/GetPrincipalStoreEntry.java (original) +++ directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/GetPrincipalStoreEntry.java Sat Mar 24 02:04:51 2007 @@ -26,11 +26,13 @@ import org.apache.directory.server.kerberos.shared.exceptions.KerberosException; import org.apache.directory.server.kerberos.shared.store.PrincipalStore; import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntry; -import org.apache.directory.server.protocol.shared.chain.impl.CommandBase; +import org.apache.mina.handler.chain.IoHandlerCommand; -public abstract class GetPrincipalStoreEntry extends CommandBase +public abstract class GetPrincipalStoreEntry implements IoHandlerCommand { + private String contextKey = "context"; + public PrincipalStoreEntry getEntry( KerberosPrincipal principal, PrincipalStore store, ErrorType errorType ) throws Exception { @@ -51,5 +53,10 @@ } return entry; + } + + public String getContextKey() + { + return ( this.contextKey ); } } Modified: directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/LockBox.java URL: http://svn.apache.org/viewvc/directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/LockBox.java?view=diff&rev=521997&r1=521996&r2=521997 ============================================================================== --- directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/LockBox.java (original) +++ directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/LockBox.java Sat Mar 24 02:04:51 2007 @@ -28,8 +28,6 @@ import org.apache.directory.server.kerberos.shared.crypto.encryption.Des3CbcMd5Encryption; import org.apache.directory.server.kerberos.shared.crypto.encryption.Des3CbcSha1Encryption; -import org.apache.directory.server.kerberos.shared.crypto.encryption.DesCbcCrcEncryption; -import org.apache.directory.server.kerberos.shared.crypto.encryption.DesCbcMd4Encryption; import org.apache.directory.server.kerberos.shared.crypto.encryption.DesCbcMd5Encryption; import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionEngine; import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType; @@ -106,8 +104,6 @@ { Map map = new HashMap(); - map.put( EncryptionType.DES_CBC_CRC, DesCbcCrcEncryption.class ); - map.put( EncryptionType.DES_CBC_MD4, DesCbcMd4Encryption.class ); map.put( EncryptionType.DES_CBC_MD5, DesCbcMd5Encryption.class ); map.put( EncryptionType.DES3_CBC_MD5, Des3CbcMd5Encryption.class ); map.put( EncryptionType.DES3_CBC_SHA1, Des3CbcSha1Encryption.class ); @@ -116,6 +112,14 @@ } + /** + * Performs an encode and an encrypt. + * + * @param key The key to use for encrypting. + * @param encodable The Kerberos object to encode. + * @return The Kerberos EncryptedData. + * @throws KerberosException + */ public EncryptedData seal( EncryptionKey key, Encodable encodable ) throws KerberosException { try @@ -132,7 +136,15 @@ } } - + /** + * Perform a decrypt and a decode. + * + * @param hint The class the encrypted data is expected to contain. + * @param key The key to use for decryption. + * @param data The data to decrypt. + * @return The Kerberos object resulting from a successful decrypt and decode. + * @throws KerberosException + */ public Encodable unseal( Class hint, EncryptionKey key, EncryptedData data ) throws KerberosException { try Added: directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/SessionKeyFactory.java URL: http://svn.apache.org/viewvc/directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/SessionKeyFactory.java?view=auto&rev=521997 ============================================================================== --- directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/SessionKeyFactory.java (added) +++ directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/SessionKeyFactory.java Sat Mar 24 02:04:51 2007 @@ -0,0 +1,143 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.apache.directory.server.kerberos.shared.service; + + +import java.security.InvalidKeyException; +import java.security.SecureRandom; + +import javax.crypto.SecretKey; +import javax.crypto.spec.DESKeySpec; +import javax.crypto.spec.SecretKeySpec; + +import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType; +import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey; + + +/** + * Generates new random keys, suitable for use as session keys. + * + * @author Apache Directory Project + * @version $Rev$, $Date$ + */ +public class SessionKeyFactory +{ + /** + * SecureRandom.nextBytes() is synchronized, making this safe for static use. + */ + private static final SecureRandom random = new SecureRandom(); + + + /** + * Get a new random session key. + * + * @return The new random session key. + */ + public static EncryptionKey getSessionKey() + { + // Only need 7 bytes. With parity will result in 8 bytes. + byte[] raw = new byte[7]; + + // SecureRandom.nextBytes is already synchronized + random.nextBytes( raw ); + + byte[] keyBytes = addParity( raw ); + + try + { + // check for weakness + if ( DESKeySpec.isWeak( keyBytes, 0 ) ) + { + keyBytes = getStrongKey( keyBytes ); + } + } + catch ( InvalidKeyException ike ) + { + /* + * Will only get here if the key is null or less + * than 8 bytes, which won't ever happen. + */ + return null; + } + + SecretKey key = new SecretKeySpec( keyBytes, "DES" ); + byte[] subSessionKey = key.getEncoded(); + + return new EncryptionKey( EncryptionType.DES_CBC_MD5, subSessionKey ); + } + + + /** + * Adds parity to 7-bytes to form an 8-byte DES key. + * + * @param sevenBytes + * @return The 8-byte DES key with parity. + */ + static byte[] addParity( byte[] sevenBytes ) + { + byte[] result = new byte[8]; + + // Keeps track of the bit position in the result. + int resultIndex = 1; + + // Used to keep track of the number of 1 bits in each 7-bit chunk. + int bitCount = 0; + + // Process each of the 56 bits. + for ( int i = 0; i < 56; i++ ) + { + // Get the bit at bit position i + boolean bit = ( sevenBytes[6 - i / 8] & ( 1 << ( i % 8 ) ) ) > 0; + + // If set, set the corresponding bit in the result. + if ( bit ) + { + result[7 - resultIndex / 8] |= ( 1 << ( resultIndex % 8 ) ) & 0xFF; + bitCount++; + } + + // Set the parity bit after every 7 bits. + if ( ( i + 1 ) % 7 == 0 ) + { + if ( bitCount % 2 == 0 ) + { + // Set low-order bit (parity bit) if bit count is even. + result[7 - resultIndex / 8] |= 1; + } + resultIndex++; + bitCount = 0; + } + resultIndex++; + } + + return result; + } + + + /** + * Corrects the weak key by exclusive OR with 0xF0 constant. + */ + private static byte[] getStrongKey( byte keyValue[] ) + { + keyValue[7] ^= 0xf0; + + return keyValue; + } +} \ No newline at end of file Modified: directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/VerifyAuthHeader.java URL: http://svn.apache.org/viewvc/directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/VerifyAuthHeader.java?view=diff&rev=521997&r1=521996&r2=521997 ============================================================================== --- directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/VerifyAuthHeader.java (original) +++ directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/VerifyAuthHeader.java Sat Mar 24 02:04:51 2007 @@ -35,14 +35,19 @@ import org.apache.directory.server.kerberos.shared.messages.value.KerberosTime; import org.apache.directory.server.kerberos.shared.messages.value.TicketFlags; import org.apache.directory.server.kerberos.shared.replay.ReplayCache; -import org.apache.directory.server.protocol.shared.chain.impl.CommandBase; +import org.apache.mina.handler.chain.IoHandlerCommand; -/* - * Shared by TGS and Changepw +/** + * Shared by TGS and Changepw. + * + * @author Apache Directory Project + * @version $Rev$, $Date$ */ -public abstract class VerifyAuthHeader extends CommandBase +public abstract class VerifyAuthHeader implements IoHandlerCommand { + private String contextKey = "context"; + // RFC 1510 A.10. KRB_AP_REQ verification public Authenticator verifyAuthHeader( ApplicationRequest authHeader, Ticket ticket, EncryptionKey serverKey, long clockSkew, ReplayCache replayCache, boolean emptyAddressesAllowed, InetAddress clientAddress, @@ -139,5 +144,10 @@ authHeader.setOption( ApOptions.MUTUAL_REQUIRED ); return authenticator; + } + + public String getContextKey() + { + return ( this.contextKey ); } } Modified: directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/VerifyTicket.java URL: http://svn.apache.org/viewvc/directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/VerifyTicket.java?view=diff&rev=521997&r1=521996&r2=521997 ============================================================================== --- directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/VerifyTicket.java (original) +++ directory/apacheds/branches/1.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/VerifyTicket.java Sat Mar 24 02:04:51 2007 @@ -25,19 +25,29 @@ import org.apache.directory.server.kerberos.shared.exceptions.ErrorType; import org.apache.directory.server.kerberos.shared.exceptions.KerberosException; import org.apache.directory.server.kerberos.shared.messages.components.Ticket; -import org.apache.directory.server.protocol.shared.chain.impl.CommandBase; +import org.apache.mina.handler.chain.IoHandlerCommand; -/* - * Shared by TGS and Changepw +/** + * Shared by TGS and Changepw. + * + * @author Apache Directory Project + * @version $Rev$, $Date$ */ -public abstract class VerifyTicket extends CommandBase +public abstract class VerifyTicket implements IoHandlerCommand { + private String contextKey = "context"; + public void verifyTicket( Ticket ticket, String primaryRealm, KerberosPrincipal serverPrincipal ) throws Exception { if ( !ticket.getRealm().equals( primaryRealm ) && !ticket.getServerPrincipal().equals( serverPrincipal ) ) { throw new KerberosException( ErrorType.KRB_AP_ERR_NOT_US ); } + } + + public String getContextKey() + { + return ( this.contextKey ); } } Added: directory/apacheds/branches/1.0/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/service/LockBoxTest.java URL: http://svn.apache.org/viewvc/directory/apacheds/branches/1.0/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/service/LockBoxTest.java?view=auto&rev=521997 ============================================================================== --- directory/apacheds/branches/1.0/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/service/LockBoxTest.java (added) +++ directory/apacheds/branches/1.0/kerberos-shared/src/test/java/org/apache/directory/server/kerberos/shared/service/LockBoxTest.java Sat Mar 24 02:04:51 2007 @@ -0,0 +1,105 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.apache.directory.server.kerberos.shared.service; + + +import javax.security.auth.kerberos.KerberosKey; +import javax.security.auth.kerberos.KerberosPrincipal; + +import junit.framework.TestCase; + +import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType; +import org.apache.directory.server.kerberos.shared.exceptions.KerberosException; +import org.apache.directory.server.kerberos.shared.messages.value.EncryptedData; +import org.apache.directory.server.kerberos.shared.messages.value.EncryptedTimeStamp; +import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey; + + +/** + * Test case for sealing and unsealing Kerberos CipherText. + * + * @author Apache Directory Project + * @version $Rev$, $Date$ + */ +public class LockBoxTest extends TestCase +{ + private byte[] encryptedTimeStamp = + { ( byte ) 0x97, ( byte ) 0x21, ( byte ) 0x58, ( byte ) 0x5f, ( byte ) 0x81, ( byte ) 0x46, ( byte ) 0x17, + ( byte ) 0xa6, ( byte ) 0x4e, ( byte ) 0x8a, ( byte ) 0x5d, ( byte ) 0xe2, ( byte ) 0xf3, ( byte ) 0xd1, + ( byte ) 0x40, ( byte ) 0x30, ( byte ) 0x38, ( byte ) 0x5e, ( byte ) 0xb8, ( byte ) 0xf6, ( byte ) 0xad, + ( byte ) 0xd8, ( byte ) 0x7c, ( byte ) 0x30, ( byte ) 0xb0, ( byte ) 0x0d, ( byte ) 0x69, ( byte ) 0x71, + ( byte ) 0x08, ( byte ) 0xd5, ( byte ) 0x6a, ( byte ) 0x61, ( byte ) 0x1f, ( byte ) 0xee, ( byte ) 0x38, + ( byte ) 0xad, ( byte ) 0x43, ( byte ) 0x99, ( byte ) 0xae, ( byte ) 0xc2, ( byte ) 0xd2, ( byte ) 0xf5, + ( byte ) 0xb2, ( byte ) 0xb7, ( byte ) 0x95, ( byte ) 0x22, ( byte ) 0x93, ( byte ) 0x12, ( byte ) 0x63, + ( byte ) 0xd5, ( byte ) 0xf4, ( byte ) 0x39, ( byte ) 0xfa, ( byte ) 0x27, ( byte ) 0x6e, ( byte ) 0x8e }; + + + /** + * Tests the unsealing of Kerberos CipherText with a good password. After decryption and + * an integrity check, an attempt is made to decode the bytes as an EncryptedTimestamp. The + * result is timestamp data. + */ + public void testGoodPassword() + { + LockBox lockBox = new LockBox(); + Class hint = EncryptedTimeStamp.class; + KerberosPrincipal principal = new KerberosPrincipal( "erodriguez@EXAMPLE.COM" ); + KerberosKey kerberosKey = new KerberosKey( principal, "kerby".toCharArray(), "DES" ); + EncryptionKey key = new EncryptionKey( EncryptionType.DES_CBC_MD5, kerberosKey.getEncoded() ); + EncryptedData data = new EncryptedData( EncryptionType.DES_CBC_MD5, 0, encryptedTimeStamp ); + + try + { + EncryptedTimeStamp object = ( EncryptedTimeStamp ) lockBox.unseal( hint, key, data ); + assertEquals( "TimeStamp", "20070322233107Z", object.getTimeStamp().toString() ); + assertEquals( "MicroSeconds", 291067, object.getMicroSeconds() ); + } + catch ( KerberosException ke ) + { + fail( "Should not have caught exception." ); + } + } + + + /** + * Tests the unsealing of Kerberos CipherText with a bad password. After decryption, the + * checksum is tested and should fail on comparison, resulting in an integrity check error. + */ + public void testBadPassword() + { + LockBox lockBox = new LockBox(); + Class hint = EncryptedTimeStamp.class; + KerberosPrincipal principal = new KerberosPrincipal( "erodriguez@EXAMPLE.COM" ); + KerberosKey kerberosKey = new KerberosKey( principal, "badpassword".toCharArray(), "DES" ); + EncryptionKey key = new EncryptionKey( EncryptionType.DES_CBC_MD5, kerberosKey.getEncoded() ); + EncryptedData data = new EncryptedData( EncryptionType.DES_CBC_MD5, 0, encryptedTimeStamp ); + + try + { + lockBox.unseal( hint, key, data ); + fail( "Should have thrown exception." ); + } + catch ( KerberosException ke ) + { + assertEquals( "ErrorCode", 31, ke.getErrorCode() ); + } + } +} + Modified: directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/protocol/ChangePasswordProtocolHandler.java URL: http://svn.apache.org/viewvc/directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/protocol/ChangePasswordProtocolHandler.java?view=diff&rev=521997&r1=521996&r2=521997 ============================================================================== --- directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/protocol/ChangePasswordProtocolHandler.java (original) +++ directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/protocol/ChangePasswordProtocolHandler.java Sat Mar 24 02:04:51 2007 @@ -29,11 +29,11 @@ import org.apache.directory.server.changepw.service.ChangePasswordChain; import org.apache.directory.server.changepw.service.ChangePasswordContext; import org.apache.directory.server.kerberos.shared.store.PrincipalStore; -import org.apache.directory.server.protocol.shared.chain.Command; import org.apache.mina.common.IdleStatus; import org.apache.mina.common.IoHandler; import org.apache.mina.common.IoSession; import org.apache.mina.filter.codec.ProtocolCodecFilter; +import org.apache.mina.handler.chain.IoHandlerCommand; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -45,7 +45,8 @@ private ChangePasswordConfiguration config; private PrincipalStore store; - private Command changepwService; + private IoHandlerCommand changepwService; + private String contextKey = "context"; public ChangePasswordProtocolHandler(ChangePasswordConfiguration config, PrincipalStore store) @@ -106,7 +107,7 @@ changepwContext.setClientAddress( clientAddress ); changepwContext.setRequest( request ); - changepwService.execute( changepwContext ); + changepwService.execute( null, session, message ); session.write( changepwContext.getReply() ); } @@ -124,4 +125,10 @@ log.debug( "{} SENT: {}", session.getRemoteAddress(), message ); } } + + public String getContextKey() + { + return ( this.contextKey ); + } + } Modified: directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/BuildReply.java URL: http://svn.apache.org/viewvc/directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/BuildReply.java?view=diff&rev=521997&r1=521996&r2=521997 ============================================================================== --- directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/BuildReply.java (original) +++ directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/BuildReply.java Sat Mar 24 02:04:51 2007 @@ -38,21 +38,26 @@ import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey; import org.apache.directory.server.kerberos.shared.messages.value.HostAddress; import org.apache.directory.server.kerberos.shared.service.LockBox; -import org.apache.directory.server.protocol.shared.chain.Context; -import org.apache.directory.server.protocol.shared.chain.impl.CommandBase; +import org.apache.mina.common.IoSession; +import org.apache.mina.handler.chain.IoHandlerCommand; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -public class BuildReply extends CommandBase +/** + * @author Apache Directory Project + * @version $Rev$, $Date$ + */ +public class BuildReply implements IoHandlerCommand { /** the log for this class */ private static final Logger log = LoggerFactory.getLogger( BuildReply.class ); + private String contextKey = "context"; - public boolean execute( Context context ) throws Exception + public void execute( NextCommand next, IoSession session, Object message ) throws Exception { - ChangePasswordContext changepwContext = ( ChangePasswordContext ) context; + ChangePasswordContext changepwContext = ( ChangePasswordContext ) session.getAttribute( getContextKey() ); Authenticator authenticator = changepwContext.getAuthenticator(); Ticket ticket = changepwContext.getTicket(); @@ -117,6 +122,12 @@ changepwContext.setReply( replyModifier.getChangePasswordReply() ); - return CONTINUE_CHAIN; + next.execute( session, message ); + } + + + public String getContextKey() + { + return ( this.contextKey ); } } Modified: directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ChangePasswordChain.java URL: http://svn.apache.org/viewvc/directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ChangePasswordChain.java?view=diff&rev=521997&r1=521996&r2=521997 ============================================================================== --- directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ChangePasswordChain.java (original) +++ directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ChangePasswordChain.java Sat Mar 24 02:04:51 2007 @@ -20,7 +20,7 @@ package org.apache.directory.server.changepw.service; -import org.apache.directory.server.protocol.shared.chain.impl.ChainBase; +import org.apache.mina.handler.chain.IoHandlerChain; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -28,7 +28,7 @@ /** * Kerberos Change Password and Set Password Protocols (RFC 3244) */ -public class ChangePasswordChain extends ChainBase +public class ChangePasswordChain extends IoHandlerChain { /** the logger for this class */ private static final Logger log = LoggerFactory.getLogger( ChangePasswordChain.class ); @@ -36,34 +36,31 @@ public ChangePasswordChain() { - super(); - addCommand( new ChangePasswordExceptionHandler() ); - if ( log.isDebugEnabled() ) { - addCommand( new MonitorRequest() ); + addLast( "monitorRequest", new MonitorRequest() ); } + + addLast( "configureChangePasswordChain", new ConfigureChangePasswordChain() ); + addLast( "getAuthHeader", new GetAuthHeader() ); + addLast( "verifyServiceTicket", new VerifyServiceTicket() ); + addLast( "getServerEntry", new GetServerEntry() ); + addLast( "verifyServiceTicketAuthHeader", new VerifyServiceTicketAuthHeader() ); - addCommand( new ConfigureChangePasswordChain() ); - addCommand( new GetAuthHeader() ); - addCommand( new VerifyServiceTicket() ); - addCommand( new GetServerEntry() ); - addCommand( new VerifyServiceTicketAuthHeader() ); - - addCommand( new ExtractPassword() ); + addLast( "extractPassword", new ExtractPassword() ); if ( log.isDebugEnabled() ) { - addCommand( new MonitorContext() ); + addLast( "monitorContext", new MonitorContext() ); } - addCommand( new CheckPasswordPolicy() ); - addCommand( new ProcessPasswordChange() ); - addCommand( new BuildReply() ); + addLast( "checkPasswordPolicy", new CheckPasswordPolicy() ); + addLast( "processPasswordChange", new ProcessPasswordChange() ); + addLast( "buildReply", new BuildReply() ); if ( log.isDebugEnabled() ) { - addCommand( new MonitorReply() ); + addLast( "monitorReply", new MonitorReply() ); } } } Modified: directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/CheckPasswordPolicy.java URL: http://svn.apache.org/viewvc/directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/CheckPasswordPolicy.java?view=diff&rev=521997&r1=521996&r2=521997 ============================================================================== --- directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/CheckPasswordPolicy.java (original) +++ directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/CheckPasswordPolicy.java Sat Mar 24 02:04:51 2007 @@ -30,8 +30,8 @@ import org.apache.directory.server.changepw.exceptions.ChangePasswordException; import org.apache.directory.server.changepw.exceptions.ErrorType; import org.apache.directory.server.kerberos.shared.messages.components.Authenticator; -import org.apache.directory.server.protocol.shared.chain.Context; -import org.apache.directory.server.protocol.shared.chain.impl.CommandBase; +import org.apache.mina.common.IoSession; +import org.apache.mina.handler.chain.IoHandlerCommand; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -42,15 +42,16 @@ * @author Apache Directory Project * @version $Rev$, $Date$ */ -public class CheckPasswordPolicy extends CommandBase +public class CheckPasswordPolicy implements IoHandlerCommand { /** the log for this class */ private static final Logger log = LoggerFactory.getLogger( CheckPasswordPolicy.class ); + private String contextKey = "context"; - public boolean execute( Context context ) throws Exception + public void execute( NextCommand next, IoSession session, Object message ) throws Exception { - ChangePasswordContext changepwContext = ( ChangePasswordContext ) context; + ChangePasswordContext changepwContext = ( ChangePasswordContext ) session.getAttribute( getContextKey() ); ChangePasswordConfiguration config = changepwContext.getConfig(); Authenticator authenticator = changepwContext.getAuthenticator(); @@ -65,7 +66,7 @@ if ( isValid( username, password, passwordLength, categoryCount, tokenSize ) ) { - return CONTINUE_CHAIN; + next.execute( session, message ); } String explanation = buildErrorMessage( username, password, passwordLength, categoryCount, tokenSize ); @@ -214,5 +215,10 @@ } return sb.toString(); + } + + public String getContextKey() + { + return ( this.contextKey ); } } Modified: directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ConfigureChangePasswordChain.java URL: http://svn.apache.org/viewvc/directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ConfigureChangePasswordChain.java?view=diff&rev=521997&r1=521996&r2=521997 ============================================================================== --- directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ConfigureChangePasswordChain.java (original) +++ directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ConfigureChangePasswordChain.java Sat Mar 24 02:04:51 2007 @@ -23,23 +23,33 @@ import org.apache.directory.server.kerberos.shared.replay.InMemoryReplayCache; import org.apache.directory.server.kerberos.shared.replay.ReplayCache; import org.apache.directory.server.kerberos.shared.service.LockBox; -import org.apache.directory.server.protocol.shared.chain.Context; -import org.apache.directory.server.protocol.shared.chain.impl.CommandBase; +import org.apache.mina.common.IoSession; +import org.apache.mina.handler.chain.IoHandlerCommand; - -public class ConfigureChangePasswordChain extends CommandBase +/** + * @author Apache Directory Project + * @version $Rev$, $Date$ + */ +public class ConfigureChangePasswordChain implements IoHandlerCommand { private static final ReplayCache replayCache = new InMemoryReplayCache(); private static final LockBox lockBox = new LockBox(); + private String contextKey = "context"; - public boolean execute( Context context ) throws Exception + public void execute( NextCommand next, IoSession session, Object message ) throws Exception { - ChangePasswordContext changepwContext = ( ChangePasswordContext ) context; + ChangePasswordContext changepwContext = ( ChangePasswordContext ) session.getAttribute( getContextKey() ); changepwContext.setReplayCache( replayCache ); changepwContext.setLockBox( lockBox ); - return CONTINUE_CHAIN; + next.execute( session, message ); + } + + + public String getContextKey() + { + return ( this.contextKey ); } } Modified: directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ExtractPassword.java URL: http://svn.apache.org/viewvc/directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ExtractPassword.java?view=diff&rev=521997&r1=521996&r2=521997 ============================================================================== --- directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ExtractPassword.java (original) +++ directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ExtractPassword.java Sat Mar 24 02:04:51 2007 @@ -34,21 +34,26 @@ import org.apache.directory.server.kerberos.shared.messages.value.EncryptedData; import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey; import org.apache.directory.server.kerberos.shared.service.LockBox; -import org.apache.directory.server.protocol.shared.chain.Context; -import org.apache.directory.server.protocol.shared.chain.impl.CommandBase; +import org.apache.mina.common.IoSession; +import org.apache.mina.handler.chain.IoHandlerCommand; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -public class ExtractPassword extends CommandBase +/** + * @author Apache Directory Project + * @version $Rev$, $Date$ + */ +public class ExtractPassword implements IoHandlerCommand { /** the log for this class */ private static final Logger log = LoggerFactory.getLogger( ExtractPassword.class ); + private String contextKey = "context"; - public boolean execute( Context context ) throws Exception + public void execute( NextCommand next, IoSession session, Object message ) throws Exception { - ChangePasswordContext changepwContext = ( ChangePasswordContext ) context; + ChangePasswordContext changepwContext = ( ChangePasswordContext ) session.getAttribute( getContextKey() ); ChangePasswordRequest request = ( ChangePasswordRequest ) changepwContext.getRequest(); Authenticator authenticator = changepwContext.getAuthenticator(); @@ -103,6 +108,12 @@ throw new ChangePasswordException( ErrorType.KRB5_KPASSWD_SOFTERROR ); } - return CONTINUE_CHAIN; + next.execute( session, message ); + } + + + public String getContextKey() + { + return ( this.contextKey ); } } Modified: directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/GetAuthHeader.java URL: http://svn.apache.org/viewvc/directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/GetAuthHeader.java?view=diff&rev=521997&r1=521996&r2=521997 ============================================================================== --- directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/GetAuthHeader.java (original) +++ directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/GetAuthHeader.java Sat Mar 24 02:04:51 2007 @@ -23,18 +23,23 @@ import org.apache.directory.server.changepw.messages.ChangePasswordRequest; import org.apache.directory.server.kerberos.shared.messages.ApplicationRequest; import org.apache.directory.server.kerberos.shared.messages.components.Ticket; -import org.apache.directory.server.protocol.shared.chain.Context; -import org.apache.directory.server.protocol.shared.chain.impl.CommandBase; +import org.apache.mina.common.IoSession; +import org.apache.mina.handler.chain.IoHandlerCommand; -/* - * differs from the TGS getAuthHeader by not verifying the presence of TGS_REQ +/** + * Differs from the TGS getAuthHeader by not verifying the presence of TGS_REQ. + * + * @author Apache Directory Project + * @version $Rev$, $Date$ */ -public class GetAuthHeader extends CommandBase +public class GetAuthHeader implements IoHandlerCommand { - public boolean execute( Context context ) throws Exception + private String contextKey = "context"; + + public void execute( NextCommand next, IoSession session, Object message ) throws Exception { - ChangePasswordContext changepwContext = ( ChangePasswordContext ) context; + ChangePasswordContext changepwContext = ( ChangePasswordContext ) session.getAttribute( getContextKey() ); ChangePasswordRequest request = ( ChangePasswordRequest ) changepwContext.getRequest(); ApplicationRequest authHeader = request.getAuthHeader(); @@ -43,6 +48,12 @@ changepwContext.setAuthHeader( authHeader ); changepwContext.setTicket( ticket ); - return CONTINUE_CHAIN; + next.execute( session, message ); + } + + + public String getContextKey() + { + return ( this.contextKey ); } } Modified: directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/GetServerEntry.java URL: http://svn.apache.org/viewvc/directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/GetServerEntry.java?view=diff&rev=521997&r1=521996&r2=521997 ============================================================================== --- directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/GetServerEntry.java (original) +++ directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/GetServerEntry.java Sat Mar 24 02:04:51 2007 @@ -25,20 +25,28 @@ import org.apache.directory.server.kerberos.shared.exceptions.ErrorType; import org.apache.directory.server.kerberos.shared.service.GetPrincipalStoreEntry; import org.apache.directory.server.kerberos.shared.store.PrincipalStore; -import org.apache.directory.server.protocol.shared.chain.Context; +import org.apache.mina.common.IoSession; public class GetServerEntry extends GetPrincipalStoreEntry { - public boolean execute( Context context ) throws Exception + private String contextKey = "context"; + + public void execute( NextCommand next, IoSession session, Object message ) throws Exception { - ChangePasswordContext changepwContext = ( ChangePasswordContext ) context; + ChangePasswordContext changepwContext = ( ChangePasswordContext ) session.getAttribute( getContextKey() ); KerberosPrincipal principal = changepwContext.getTicket().getServerPrincipal(); PrincipalStore store = changepwContext.getStore(); changepwContext.setServerEntry( getEntry( principal, store, ErrorType.KDC_ERR_S_PRINCIPAL_UNKNOWN ) ); - return CONTINUE_CHAIN; + next.execute( session, message ); + } + + + public String getContextKey() + { + return ( this.contextKey ); } } Modified: directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/MonitorContext.java URL: http://svn.apache.org/viewvc/directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/MonitorContext.java?view=diff&rev=521997&r1=521996&r2=521997 ============================================================================== --- directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/MonitorContext.java (original) +++ directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/MonitorContext.java Sat Mar 24 02:04:51 2007 @@ -32,25 +32,30 @@ import org.apache.directory.server.kerberos.shared.replay.ReplayCache; import org.apache.directory.server.kerberos.shared.store.PrincipalStore; import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntry; -import org.apache.directory.server.protocol.shared.chain.Context; -import org.apache.directory.server.protocol.shared.chain.impl.CommandBase; +import org.apache.mina.common.IoSession; +import org.apache.mina.handler.chain.IoHandlerCommand; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -public class MonitorContext extends CommandBase +/** + * @author Apache Directory Project + * @version $Rev$, $Date$ + */ +public class MonitorContext implements IoHandlerCommand { /** the log for this class */ private static final Logger log = LoggerFactory.getLogger( MonitorContext.class ); + private String contextKey = "context"; - public boolean execute( Context context ) throws Exception + public void execute( NextCommand next, IoSession session, Object message ) throws Exception { if ( log.isDebugEnabled() ) { try { - ChangePasswordContext changepwContext = ( ChangePasswordContext ) context; + ChangePasswordContext changepwContext = ( ChangePasswordContext ) session.getAttribute( getContextKey() ); PrincipalStore store = changepwContext.getStore(); ApplicationRequest authHeader = changepwContext.getAuthHeader(); @@ -105,6 +110,12 @@ } } - return CONTINUE_CHAIN; + next.execute( session, message ); + } + + + public String getContextKey() + { + return ( this.contextKey ); } } Modified: directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/MonitorReply.java URL: http://svn.apache.org/viewvc/directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/MonitorReply.java?view=diff&rev=521997&r1=521996&r2=521997 ============================================================================== --- directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/MonitorReply.java (original) +++ directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/MonitorReply.java Sat Mar 24 02:04:51 2007 @@ -23,25 +23,30 @@ import org.apache.directory.server.changepw.messages.ChangePasswordReply; import org.apache.directory.server.kerberos.shared.messages.application.ApplicationReply; import org.apache.directory.server.kerberos.shared.messages.application.PrivateMessage; -import org.apache.directory.server.protocol.shared.chain.Context; -import org.apache.directory.server.protocol.shared.chain.impl.CommandBase; +import org.apache.mina.common.IoSession; +import org.apache.mina.handler.chain.IoHandlerCommand; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -public class MonitorReply extends CommandBase +/** + * @author Apache Directory Project + * @version $Rev$, $Date$ + */ +public class MonitorReply implements IoHandlerCommand { /** the log for this class */ private static final Logger log = LoggerFactory.getLogger( MonitorReply.class ); + private String contextKey = "context"; - public boolean execute( Context context ) throws Exception + public void execute( NextCommand next, IoSession session, Object message ) throws Exception { if ( log.isDebugEnabled() ) { try { - ChangePasswordContext changepwContext = ( ChangePasswordContext ) context; + ChangePasswordContext changepwContext = ( ChangePasswordContext ) session.getAttribute( getContextKey() ); ChangePasswordReply reply = ( ChangePasswordReply ) changepwContext.getReply(); ApplicationReply appReply = reply.getApplicationReply(); @@ -61,6 +66,12 @@ } } - return CONTINUE_CHAIN; + next.execute( session, message ); + } + + + public String getContextKey() + { + return ( this.contextKey ); } } Modified: directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/MonitorRequest.java URL: http://svn.apache.org/viewvc/directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/MonitorRequest.java?view=diff&rev=521997&r1=521996&r2=521997 ============================================================================== --- directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/MonitorRequest.java (original) +++ directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/MonitorRequest.java Sat Mar 24 02:04:51 2007 @@ -21,25 +21,30 @@ import org.apache.directory.server.changepw.messages.ChangePasswordRequest; -import org.apache.directory.server.protocol.shared.chain.Context; -import org.apache.directory.server.protocol.shared.chain.impl.CommandBase; +import org.apache.mina.common.IoSession; +import org.apache.mina.handler.chain.IoHandlerCommand; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -public class MonitorRequest extends CommandBase +/** + * @author Apache Directory Project + * @version $Rev$, $Date$ + */ +public class MonitorRequest implements IoHandlerCommand { /** the log for this class */ private static final Logger log = LoggerFactory.getLogger( MonitorRequest.class ); + private String contextKey = "context"; - public boolean execute( Context context ) throws Exception + public void execute( NextCommand next, IoSession session, Object message ) throws Exception { if ( log.isDebugEnabled() ) { try { - ChangePasswordContext changepwContext = ( ChangePasswordContext ) context; + ChangePasswordContext changepwContext = ( ChangePasswordContext ) session.getAttribute( getContextKey() ); ChangePasswordRequest request = ( ChangePasswordRequest ) changepwContext.getRequest(); short authHeaderLength = request.getAuthHeaderLength(); @@ -61,6 +66,12 @@ } } - return CONTINUE_CHAIN; + next.execute( session, message ); + } + + + public String getContextKey() + { + return ( this.contextKey ); } } Modified: directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ProcessPasswordChange.java URL: http://svn.apache.org/viewvc/directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ProcessPasswordChange.java?view=diff&rev=521997&r1=521996&r2=521997 ============================================================================== --- directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ProcessPasswordChange.java (original) +++ directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ProcessPasswordChange.java Sat Mar 24 02:04:51 2007 @@ -27,21 +27,26 @@ import org.apache.directory.server.changepw.exceptions.ErrorType; import org.apache.directory.server.kerberos.shared.messages.components.Authenticator; import org.apache.directory.server.kerberos.shared.store.PrincipalStore; -import org.apache.directory.server.protocol.shared.chain.Context; -import org.apache.directory.server.protocol.shared.chain.impl.CommandBase; +import org.apache.mina.common.IoSession; +import org.apache.mina.handler.chain.IoHandlerCommand; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -public class ProcessPasswordChange extends CommandBase +/** + * @author Apache Directory Project + * @version $Rev$, $Date$ + */ +public class ProcessPasswordChange implements IoHandlerCommand { /** the log for this class */ private static final Logger log = LoggerFactory.getLogger( ProcessPasswordChange.class ); + private String contextKey = "context"; - public boolean execute( Context context ) throws Exception + public void execute( NextCommand next, IoSession session, Object message ) throws Exception { - ChangePasswordContext changepwContext = ( ChangePasswordContext ) context; + ChangePasswordContext changepwContext = ( ChangePasswordContext ) session.getAttribute( getContextKey() ); PrincipalStore store = changepwContext.getStore(); Authenticator authenticator = changepwContext.getAuthenticator(); @@ -67,6 +72,12 @@ throw new ChangePasswordException( ErrorType.KRB5_KPASSWD_HARDERROR ); } - return CONTINUE_CHAIN; + next.execute( session, message ); + } + + + public String getContextKey() + { + return ( this.contextKey ); } } Modified: directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/VerifyServiceTicket.java URL: http://svn.apache.org/viewvc/directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/VerifyServiceTicket.java?view=diff&rev=521997&r1=521996&r2=521997 ============================================================================== --- directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/VerifyServiceTicket.java (original) +++ directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/VerifyServiceTicket.java Sat Mar 24 02:04:51 2007 @@ -25,14 +25,16 @@ import org.apache.directory.server.changepw.ChangePasswordConfiguration; import org.apache.directory.server.kerberos.shared.messages.components.Ticket; import org.apache.directory.server.kerberos.shared.service.VerifyTicket; -import org.apache.directory.server.protocol.shared.chain.Context; +import org.apache.mina.common.IoSession; public class VerifyServiceTicket extends VerifyTicket { - public boolean execute( Context context ) throws Exception + private String contextKey = "context"; + + public void execute( NextCommand next, IoSession session, Object message ) throws Exception { - ChangePasswordContext changepwContext = ( ChangePasswordContext ) context; + ChangePasswordContext changepwContext = ( ChangePasswordContext ) session.getAttribute( getContextKey() ); ChangePasswordConfiguration config = changepwContext.getConfig(); Ticket ticket = changepwContext.getTicket(); String primaryRealm = config.getPrimaryRealm(); @@ -40,6 +42,11 @@ verifyTicket( ticket, primaryRealm, changepwPrincipal ); - return CONTINUE_CHAIN; + next.execute( session, message ); + } + + public String getContextKey() + { + return ( this.contextKey ); } } Modified: directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/VerifyServiceTicketAuthHeader.java URL: http://svn.apache.org/viewvc/directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/VerifyServiceTicketAuthHeader.java?view=diff&rev=521997&r1=521996&r2=521997 ============================================================================== --- directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/VerifyServiceTicketAuthHeader.java (original) +++ directory/apacheds/branches/1.0/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/VerifyServiceTicketAuthHeader.java Sat Mar 24 02:04:51 2007 @@ -29,14 +29,16 @@ import org.apache.directory.server.kerberos.shared.replay.ReplayCache; import org.apache.directory.server.kerberos.shared.service.LockBox; import org.apache.directory.server.kerberos.shared.service.VerifyAuthHeader; -import org.apache.directory.server.protocol.shared.chain.Context; +import org.apache.mina.common.IoSession; public class VerifyServiceTicketAuthHeader extends VerifyAuthHeader { - public boolean execute( Context context ) throws Exception + private String contextKey = "context"; + + public void execute( NextCommand next, IoSession session, Object message ) throws Exception { - ChangePasswordContext changepwContext = ( ChangePasswordContext ) context; + ChangePasswordContext changepwContext = ( ChangePasswordContext ) session.getAttribute( getContextKey() ); ApplicationRequest authHeader = changepwContext.getAuthHeader(); Ticket ticket = changepwContext.getTicket(); @@ -52,6 +54,12 @@ changepwContext.setAuthenticator( authenticator ); - return CONTINUE_CHAIN; + next.execute( session, message ); + } + + + public String getContextKey() + { + return ( this.contextKey ); } } Modified: directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/MonitorReply.java URL: http://svn.apache.org/viewvc/directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/MonitorReply.java?view=diff&rev=521997&r1=521996&r2=521997 ============================================================================== --- directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/MonitorReply.java (original) +++ directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/MonitorReply.java Sat Mar 24 02:04:51 2007 @@ -22,38 +22,43 @@ import org.apache.directory.server.kerberos.shared.messages.ErrorMessage; import org.apache.directory.server.kerberos.shared.messages.KdcReply; -import org.apache.directory.server.protocol.shared.chain.Context; -import org.apache.directory.server.protocol.shared.chain.impl.CommandBase; +import org.apache.mina.common.IoSession; +import org.apache.mina.handler.chain.IoHandlerCommand; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -public class MonitorReply extends CommandBase +/** + * @author Apache Directory Project + * @version $Rev$, $Date$ + */ +public class MonitorReply implements IoHandlerCommand { /** the log for this class */ private static final Logger log = LoggerFactory.getLogger( MonitorReply.class ); + private String contextKey = "context"; - public boolean execute( Context context ) throws Exception + public void execute( NextCommand next, IoSession session, Object message ) throws Exception { - KdcContext kdcContext = ( KdcContext ) context; - Object message = kdcContext.getReply(); + KdcContext kdcContext = ( KdcContext ) session.getAttribute( getContextKey() ); + Object reply = kdcContext.getReply(); - if ( message instanceof KdcReply ) + if ( reply instanceof KdcReply ) { - KdcReply reply = ( KdcReply ) message; + KdcReply success = ( KdcReply ) message; if ( log.isDebugEnabled() ) { log.debug( "Responding to authentication request with reply:" + "\n\tclient realm: " - + reply.getClientRealm() + "\n\tserver realm: " + reply.getServerRealm() - + "\n\tserverPrincipal: " + reply.getServerPrincipal() + "\n\tclientPrincipal: " - + reply.getClientPrincipal() + "\n\thostAddresses: " + reply.getClientAddresses() - + "\n\tstart time: " + reply.getStartTime() + "\n\tend time: " - + reply.getEndTime() + "\n\tauth time: " + reply.getAuthTime() - + "\n\trenew till time: " + reply.getRenewTill() + "\n\tmessageType: " - + reply.getMessageType() + "\n\tnonce: " + reply.getNonce() - + "\n\tprotocolVersionNumber: " + reply.getProtocolVersionNumber() ); + + success.getClientRealm() + "\n\tserver realm: " + success.getServerRealm() + + "\n\tserverPrincipal: " + success.getServerPrincipal() + "\n\tclientPrincipal: " + + success.getClientPrincipal() + "\n\thostAddresses: " + success.getClientAddresses() + + "\n\tstart time: " + success.getStartTime() + "\n\tend time: " + + success.getEndTime() + "\n\tauth time: " + success.getAuthTime() + + "\n\trenew till time: " + success.getRenewTill() + "\n\tmessageType: " + + success.getMessageType() + "\n\tnonce: " + success.getNonce() + + "\n\tprotocolVersionNumber: " + success.getProtocolVersionNumber() ); } } else @@ -73,6 +78,12 @@ } } - return CONTINUE_CHAIN; + next.execute( session, message ); + } + + + public String getContextKey() + { + return ( this.contextKey ); } } Modified: directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/MonitorRequest.java URL: http://svn.apache.org/viewvc/directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/MonitorRequest.java?view=diff&rev=521997&r1=521996&r2=521997 ============================================================================== --- directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/MonitorRequest.java (original) +++ directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/MonitorRequest.java Sat Mar 24 02:04:51 2007 @@ -22,21 +22,22 @@ import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType; import org.apache.directory.server.kerberos.shared.messages.KdcRequest; -import org.apache.directory.server.protocol.shared.chain.Context; -import org.apache.directory.server.protocol.shared.chain.impl.CommandBase; +import org.apache.mina.common.IoSession; +import org.apache.mina.handler.chain.IoHandlerCommand; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -public class MonitorRequest extends CommandBase +public class MonitorRequest implements IoHandlerCommand { /** the log for this class */ private static final Logger log = LoggerFactory.getLogger( MonitorRequest.class ); + private String contextKey = "context"; - public boolean execute( Context context ) throws Exception + public void execute( NextCommand next, IoSession session, Object message ) throws Exception { - KdcContext kdcContext = ( KdcContext ) context; + KdcContext kdcContext = ( KdcContext ) session.getAttribute( getContextKey() ); KdcRequest request = kdcContext.getRequest(); String clientAddress = kdcContext.getClientAddress().getHostAddress(); @@ -53,7 +54,7 @@ + request.getProtocolVersionNumber() + "\n\ttill: " + request.getTill() ); } - return CONTINUE_CHAIN; + next.execute( session, message ); } @@ -74,5 +75,10 @@ } return sb.toString(); + } + + public String getContextKey() + { + return ( this.contextKey ); } } Modified: directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationServiceChain.java URL: http://svn.apache.org/viewvc/directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationServiceChain.java?view=diff&rev=521997&r1=521996&r2=521997 ============================================================================== --- directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationServiceChain.java (original) +++ directory/apacheds/branches/1.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationServiceChain.java Sat Mar 24 02:04:51 2007 @@ -22,24 +22,22 @@ import org.apache.directory.server.kerberos.kdc.MonitorRequest; import org.apache.directory.server.kerberos.kdc.preauthentication.PreAuthenticationChain; -import org.apache.directory.server.protocol.shared.chain.impl.ChainBase; +import org.apache.mina.handler.chain.IoHandlerChain; -public class AuthenticationServiceChain extends ChainBase +public class AuthenticationServiceChain extends IoHandlerChain { public AuthenticationServiceChain() { - super(); - addCommand( new AuthenticationExceptionHandler() ); - addCommand( new MonitorRequest() ); - addCommand( new ConfigureAuthenticationChain() ); - addCommand( new GetClientEntry() ); - addCommand( new VerifyPolicy() ); - addCommand( new PreAuthenticationChain() ); - addCommand( new GetServerEntry() ); - addCommand( new GetSessionKey() ); - addCommand( new GenerateTicket() ); - addCommand( new BuildReply() ); - addCommand( new SealReply() ); + addLast( "monitorRequest", new MonitorRequest() ); + addLast( "configureAuthenticationChain", new ConfigureAuthenticationChain() ); + addLast( "getClientEntry", new GetClientEntry() ); + addLast( "verifyPolicy", new VerifyPolicy() ); + addLast( "preAuthenticationChain", new PreAuthenticationChain() ); + addLast( "getServerEntry", new GetServerEntry() ); + addLast( "getSessionKey", new GetSessionKey() ); + addLast( "generateTicket", new GenerateTicket() ); + addLast( "buildReply", new BuildReply() ); + addLast( "sealReply", new SealReply() ); } }