directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From erodrig...@apache.org
Subject svn commit: r535671 - in /directory/apacheds/branches/kerberos-encryption-types: protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/shared/interceptors/ server-unit/src/test/java/org/apache/directory/server/
Date Sun, 06 May 2007 23:03:51 GMT
Author: erodriguez
Date: Sun May  6 16:03:50 2007
New Revision: 535671

URL: http://svn.apache.org/viewvc?view=rev&rev=535671
Log:
Enhancements to KeyDerivationService interceptor:
o  Updated to generate 5 key types (DES, DES3, AES128, AES256, and RC4-HMAC)
o  Added NAME constant.
o  Updated test case with above.

Modified:
    directory/apacheds/branches/kerberos-encryption-types/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/shared/interceptors/KeyDerivationService.java
    directory/apacheds/branches/kerberos-encryption-types/server-unit/src/test/java/org/apache/directory/server/KeyDerivationServiceTest.java

Modified: directory/apacheds/branches/kerberos-encryption-types/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/shared/interceptors/KeyDerivationService.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/kerberos-encryption-types/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/shared/interceptors/KeyDerivationService.java?view=diff&rev=535671&r1=535670&r2=535671
==============================================================================
--- directory/apacheds/branches/kerberos-encryption-types/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/shared/interceptors/KeyDerivationService.java
(original)
+++ directory/apacheds/branches/kerberos-encryption-types/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/shared/interceptors/KeyDerivationService.java
Sun May  6 16:03:50 2007
@@ -25,6 +25,7 @@
 import java.util.Collection;
 import java.util.Collections;
 import java.util.HashSet;
+import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
@@ -87,6 +88,9 @@
     /** The log for this class. */
     private static final Logger log = LoggerFactory.getLogger( KeyDerivationService.class
);
 
+    /** The service name. */
+    public static final String NAME = "keyDerivationService";
+
     /**
      * Define the interceptors to bypass upon user lookup.
      */
@@ -143,27 +147,14 @@
 
             log.debug( "Got principal " + principalName + " with userPassword " + userPassword
);
 
-            EncryptionKey key = generateKey( principalName, userPassword, EncryptionType.DES_CBC_MD5
);
+            Map<EncryptionType, EncryptionKey> keys = generateKeys( principalName,
userPassword );
 
+            EncryptionKey key = keys.get( EncryptionType.DES_CBC_MD5 );
             entry.put( KerberosAttribute.PRINCIPAL, principalName );
             entry.put( KerberosAttribute.VERSION, Integer.toString( key.getKeyVersion() )
);
             entry.put( KerberosAttribute.TYPE, Integer.toString( key.getKeyType().getOrdinal()
) );
 
-            Attribute keyAttribute = new AttributeImpl( KerberosAttribute.KEY );
-
-            try
-            {
-                keyAttribute.add( EncryptionKeyEncoder.encode( key ) );
-            }
-            catch ( IOException ioe )
-            {
-                ioe.printStackTrace();
-            }
-
-            keyAttribute.add( new byte[]
-                { ( byte ) 0x00 } );
-
-            entry.put( keyAttribute );
+            entry.put( getKeyAttribute( keys ) );
 
             log.debug( "Adding modified entry " + AttributeUtils.toString( entry ) + " for
DN = '"
                 + normName.getUpName() + "'" );
@@ -249,8 +240,9 @@
 
             List<ModificationItemImpl> newModsList = new ArrayList<ModificationItemImpl>();
 
-            EncryptionKey key = generateKey( principalName, userPassword, EncryptionType.DES_CBC_MD5
);
+            Map<EncryptionType, EncryptionKey> keys = generateKeys( principalName,
userPassword );
 
+            EncryptionKey key = keys.get( EncryptionType.DES_CBC_MD5 );
             newModsList.add( new ModificationItemImpl( DirContext.REPLACE_ATTRIBUTE, new
AttributeImpl(
                 KerberosAttribute.PRINCIPAL, principalName ) ) );
             newModsList.add( new ModificationItemImpl( DirContext.REPLACE_ATTRIBUTE, new
AttributeImpl(
@@ -258,21 +250,7 @@
             newModsList.add( new ModificationItemImpl( DirContext.REPLACE_ATTRIBUTE, new
AttributeImpl(
                 KerberosAttribute.TYPE, Integer.toString( key.getKeyType().getOrdinal() )
) ) );
 
-            Attribute keyAttribute = new AttributeImpl( KerberosAttribute.KEY );
-
-            try
-            {
-                keyAttribute.add( EncryptionKeyEncoder.encode( key ) );
-            }
-            catch ( IOException ioe )
-            {
-                ioe.printStackTrace();
-            }
-
-            keyAttribute.add( new byte[]
-                { ( byte ) 0x00 } );
-
-            newModsList.add( new ModificationItemImpl( DirContext.REPLACE_ATTRIBUTE, keyAttribute
) );
+            newModsList.add( new ModificationItemImpl( DirContext.REPLACE_ATTRIBUTE, getKeyAttribute(
keys ) ) );
 
             for ( int ii = 0; ii < mods.length; ii++ )
             {
@@ -339,14 +317,36 @@
     }
 
 
-    private EncryptionKey generateKey( String principalName, String userPassword, EncryptionType
encryptionType )
+    private Attribute getKeyAttribute( Map<EncryptionType, EncryptionKey> keys )
+    {
+        Attribute keyAttribute = new AttributeImpl( KerberosAttribute.KEY );
+
+        Iterator<EncryptionKey> it = keys.values().iterator();
+
+        while ( it.hasNext() )
+        {
+            try
+            {
+                keyAttribute.add( EncryptionKeyEncoder.encode( it.next() ) );
+            }
+            catch ( IOException ioe )
+            {
+                log.error( "Error encoding EncryptionKey.", ioe );
+            }
+        }
+
+        return keyAttribute;
+    }
+
+
+    private Map<EncryptionType, EncryptionKey> generateKeys( String principalName,
String userPassword )
     {
         if ( userPassword.equalsIgnoreCase( "randomKey" ) )
         {
             // Generate random key.
             try
             {
-                return RandomKeyFactory.getRandomKey( encryptionType );
+                return RandomKeyFactory.getRandomKeys();
             }
             catch ( KerberosException ke )
             {
@@ -357,9 +357,7 @@
         else
         {
             // Derive key based on password and principal name.
-            Map<EncryptionType, EncryptionKey> map = KerberosKeyFactory.getKerberosKeys(
principalName, userPassword );
-
-            return map.get( encryptionType );
+            return KerberosKeyFactory.getKerberosKeys( principalName, userPassword );
         }
     }
 }

Modified: directory/apacheds/branches/kerberos-encryption-types/server-unit/src/test/java/org/apache/directory/server/KeyDerivationServiceTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/kerberos-encryption-types/server-unit/src/test/java/org/apache/directory/server/KeyDerivationServiceTest.java?view=diff&rev=535671&r1=535670&r2=535671
==============================================================================
--- directory/apacheds/branches/kerberos-encryption-types/server-unit/src/test/java/org/apache/directory/server/KeyDerivationServiceTest.java
(original)
+++ directory/apacheds/branches/kerberos-encryption-types/server-unit/src/test/java/org/apache/directory/server/KeyDerivationServiceTest.java
Sun May  6 16:03:50 2007
@@ -23,9 +23,11 @@
 import java.io.IOException;
 import java.security.InvalidKeyException;
 import java.util.Arrays;
+import java.util.HashMap;
 import java.util.HashSet;
 import java.util.Hashtable;
 import java.util.List;
+import java.util.Map;
 import java.util.Set;
 
 import javax.crypto.spec.DESKeySpec;
@@ -107,7 +109,7 @@
         MutableInterceptorConfiguration interceptorCfg = new MutableInterceptorConfiguration();
         List<InterceptorConfiguration> list = configuration.getInterceptorConfigurations();
 
-        interceptorCfg.setName( "keyDerivationService" );
+        interceptorCfg.setName( KeyDerivationService.NAME );
         interceptorCfg.setInterceptor( new KeyDerivationService() );
         list.add( interceptorCfg );
         configuration.setInterceptorConfigurations( list );
@@ -195,27 +197,20 @@
             userPassword = ( byte[] ) attributes.get( "userPassword" ).get();
         }
 
-        assertEquals( "Number of keys", 2, attributes.get( "krb5key" ).size() );
+        assertEquals( "Number of keys", 5, attributes.get( "krb5key" ).size() );
 
         byte[] testPasswordBytes =
             { ( byte ) 0x73, ( byte ) 0x65, ( byte ) 0x63, ( byte ) 0x72, ( byte ) 0x65,
( byte ) 0x74 };
         assertTrue( Arrays.equals( userPassword, testPasswordBytes ) );
 
-        byte[] krb5key = ( byte[] ) attributes.get( "krb5key" ).get();
+        Attribute krb5key = attributes.get( "krb5key" );
+        Map<EncryptionType, EncryptionKey> map = reconstituteKeyMap( krb5key );
+        EncryptionKey encryptionKey = map.get( EncryptionType.DES_CBC_MD5 );
 
         byte[] testKeyBytes =
             { ( byte ) 0xF4, ( byte ) 0xA7, ( byte ) 0x13, ( byte ) 0x64, ( byte ) 0x8A,
( byte ) 0x61, ( byte ) 0xCE,
                 ( byte ) 0x5B };
 
-        byte[] encodedKey = new byte[]
-            { ( byte ) 0x30, ( byte ) 0x11, ( byte ) 0xA0, ( byte ) 0x03, ( byte ) 0x02,
( byte ) 0x01, ( byte ) 0x03,
-                ( byte ) 0xA1, ( byte ) 0x0A, ( byte ) 0x04, ( byte ) 0x08, ( byte ) 0xF4,
( byte ) 0xA7,
-                ( byte ) 0x13, ( byte ) 0x64, ( byte ) 0x8A, ( byte ) 0x61, ( byte ) 0xCE,
( byte ) 0x5B };
-
-        assertTrue( Arrays.equals( krb5key, encodedKey ) );
-
-        EncryptionKey encryptionKey = EncryptionKeyDecoder.decode( krb5key );
-
         assertTrue( Arrays.equals( encryptionKey.getKeyValue(), testKeyBytes ) );
         assertEquals( EncryptionType.DES_CBC_MD5, encryptionKey.getKeyType() );
     }
@@ -264,20 +259,20 @@
             userPassword = ( byte[] ) attributes.get( "userPassword" ).get();
         }
 
-        assertEquals( "Number of keys", 2, attributes.get( "krb5key" ).size() );
+        assertEquals( "Number of keys", 5, attributes.get( "krb5key" ).size() );
 
         byte[] testBytes =
             { 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74 };
         assertTrue( Arrays.equals( userPassword, testBytes ) );
 
-        byte[] krb5key = ( byte[] ) attributes.get( "krb5key" ).get();
+        Attribute krb5key = attributes.get( "krb5key" );
+        Map<EncryptionType, EncryptionKey> map = reconstituteKeyMap( krb5key );
+        EncryptionKey encryptionKey = map.get( EncryptionType.DES_CBC_MD5 );
 
         byte[] testKeyBytes =
             { ( byte ) 0x16, ( byte ) 0x4A, ( byte ) 0x6D, ( byte ) 0x89, ( byte ) 0x5D,
( byte ) 0x76, ( byte ) 0x0E,
                 ( byte ) 0x23 };
 
-        EncryptionKey encryptionKey = EncryptionKeyDecoder.decode( krb5key );
-
         assertTrue( Arrays.equals( encryptionKey.getKeyValue(), testKeyBytes ) );
         assertEquals( EncryptionType.DES_CBC_MD5, encryptionKey.getKeyType() );
     }
@@ -352,16 +347,17 @@
             { ( byte ) 0xF4, ( byte ) 0xA7, ( byte ) 0x13, ( byte ) 0x64, ( byte ) 0x8A,
( byte ) 0x61, ( byte ) 0xCE,
                 ( byte ) 0x5B };
 
-        byte[] tquistKey = ( byte[] ) tquistAttrs.get( "krb5key" ).get();
-        byte[] jfryerKey = ( byte[] ) jfryerAttrs.get( "krb5key" ).get();
-
-        EncryptionKey encryptionKey = EncryptionKeyDecoder.decode( tquistKey );
-        tquistKey = encryptionKey.getKeyValue();
+        Attribute krb5key = tquistAttrs.get( "krb5key" );
+        Map<EncryptionType, EncryptionKey> map = reconstituteKeyMap( krb5key );
+        EncryptionKey encryptionKey = map.get( EncryptionType.DES_CBC_MD5 );
+        byte[] tquistKey = encryptionKey.getKeyValue();
 
         assertEquals( EncryptionType.DES_CBC_MD5, encryptionKey.getKeyType() );
 
-        encryptionKey = EncryptionKeyDecoder.decode( jfryerKey );
-        jfryerKey = encryptionKey.getKeyValue();
+        krb5key = jfryerAttrs.get( "krb5key" );
+        map = reconstituteKeyMap( krb5key );
+        encryptionKey = map.get( EncryptionType.DES_CBC_MD5 );
+        byte[] jfryerKey = encryptionKey.getKeyValue();
 
         assertEquals( EncryptionType.DES_CBC_MD5, encryptionKey.getKeyType() );
 
@@ -435,5 +431,21 @@
         attrs.put( "ou", ou );
 
         return attrs;
+    }
+
+
+    private Map<EncryptionType, EncryptionKey> reconstituteKeyMap( Attribute krb5key
) throws NamingException,
+        IOException
+    {
+        Map<EncryptionType, EncryptionKey> map = new HashMap<EncryptionType, EncryptionKey>();
+
+        for ( int ii = 0; ii < krb5key.size(); ii++ )
+        {
+            byte[] encryptionKeyBytes = ( byte[] ) krb5key.get( ii );
+            EncryptionKey encryptionKey = EncryptionKeyDecoder.decode( encryptionKeyBytes
);
+            map.put( encryptionKey.getKeyType(), encryptionKey );
+        }
+
+        return map;
     }
 }



Mime
View raw message