directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From erodrig...@apache.org
Subject svn commit: r534690 - /directory/apacheds/branches/kerberos-encryption-types/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/VerifyBodyChecksum.java
Date Thu, 03 May 2007 01:59:56 GMT
Author: erodriguez
Date: Wed May  2 18:59:55 2007
New Revision: 534690

URL: http://svn.apache.org/viewvc?view=rev&rev=534690
Log:
Enhanced body checksum verification to support new checksum types associated with AES, DES,
DES3, and RC4-HMAC.

Modified:
    directory/apacheds/branches/kerberos-encryption-types/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/VerifyBodyChecksum.java

Modified: directory/apacheds/branches/kerberos-encryption-types/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/VerifyBodyChecksum.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/kerberos-encryption-types/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/VerifyBodyChecksum.java?view=diff&rev=534690&r1=534689&r2=534690
==============================================================================
--- directory/apacheds/branches/kerberos-encryption-types/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/VerifyBodyChecksum.java
(original)
+++ directory/apacheds/branches/kerberos-encryption-types/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/VerifyBodyChecksum.java
Wed May  2 18:59:55 2007
@@ -20,10 +20,18 @@
 package org.apache.directory.server.kerberos.kdc.ticketgrant;
 
 
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+
 import org.apache.directory.server.kerberos.shared.crypto.checksum.ChecksumHandler;
+import org.apache.directory.server.kerberos.shared.crypto.checksum.ChecksumType;
+import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
 import org.apache.directory.server.kerberos.shared.messages.value.Checksum;
 import org.apache.mina.common.IoSession;
 import org.apache.mina.handler.chain.IoHandlerCommand;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 
 /**
@@ -32,17 +40,45 @@
  */
 public class VerifyBodyChecksum implements IoHandlerCommand
 {
+    /** the log for this class */
+    private static final Logger log = LoggerFactory.getLogger( VerifyBodyChecksum.class );
+
     private ChecksumHandler checksumHandler = new ChecksumHandler();
     private String contextKey = "context";
 
+    /** a map of the default encryption types to the encryption engine class names */
+    private static final Map<EncryptionType, ChecksumType> DEFAULT_CHECKSUMS;
+
+    static
+    {
+        Map<EncryptionType, ChecksumType> map = new HashMap<EncryptionType, ChecksumType>();
+
+        map.put( EncryptionType.DES_CBC_MD5, ChecksumType.RSA_MD5 );
+        map.put( EncryptionType.DES3_CBC_SHA1_KD, ChecksumType.HMAC_SHA1_DES3_KD );
+        map.put( EncryptionType.RC4_HMAC, ChecksumType.HMAC_MD5 );
+        map.put( EncryptionType.AES128_CTS_HMAC_SHA1_96, ChecksumType.HMAC_SHA1_96_AES128
);
+        map.put( EncryptionType.AES256_CTS_HMAC_SHA1_96, ChecksumType.HMAC_SHA1_96_AES256
);
+
+        DEFAULT_CHECKSUMS = Collections.unmodifiableMap( map );
+    }
+
 
     public void execute( NextCommand next, IoSession session, Object message ) throws Exception
     {
         TicketGrantingContext tgsContext = ( TicketGrantingContext ) session.getAttribute(
getContextKey() );
         byte[] bodyBytes = tgsContext.getRequest().getBodyBytes();
-        Checksum checksum = tgsContext.getAuthenticator().getChecksum();
+        Checksum authenticatorChecksum = tgsContext.getAuthenticator().getChecksum();
+
+        EncryptionType encryptionType = tgsContext.getEncryptionType();
+        ChecksumType allowedChecksumType = DEFAULT_CHECKSUMS.get( encryptionType );
+
+        if ( !allowedChecksumType.equals( authenticatorChecksum.getChecksumType() ) )
+        {
+            log.warn( "Allowed checksum type '" + allowedChecksumType + "' did not match
authenticator checksum type '"
+                + authenticatorChecksum.getChecksumType() + "'." );
+        }
 
-        checksumHandler.verifyChecksum( checksum, bodyBytes, null );
+        checksumHandler.verifyChecksum( authenticatorChecksum, bodyBytes, null );
 
         next.execute( session, message );
     }



Mime
View raw message