directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From erodrig...@apache.org
Subject svn commit: r540371 [5/7] - in /directory/apacheds/trunk: kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/ kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/ kerberos-s...
Date Tue, 22 May 2007 00:00:59 GMT
Modified: directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/PrincipalStoreEntry.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/PrincipalStoreEntry.java?view=diff&rev=540371&r1=540370&r2=540371
==============================================================================
--- directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/PrincipalStoreEntry.java (original)
+++ directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/PrincipalStoreEntry.java Mon May 21 17:00:43 2007
@@ -20,6 +20,8 @@
 package org.apache.directory.server.kerberos.shared.store;
 
 
+import java.util.Map;
+
 import javax.security.auth.kerberos.KerberosPrincipal;
 
 import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
@@ -50,16 +52,18 @@
     private int maxRenew;
     private int kdcFlags;
     private SamType samType;
-    private EncryptionKey key;
+
     private boolean disabled;
     private boolean lockedOut;
     private KerberosTime expiration;
 
+    private Map<EncryptionType, EncryptionKey> keyMap;
+
 
-    PrincipalStoreEntry(String commonName, String userId, KerberosPrincipal principal, int keyVersionNumber,
+    PrincipalStoreEntry( String commonName, String userId, KerberosPrincipal principal, int keyVersionNumber,
         KerberosTime validStart, KerberosTime validEnd, KerberosTime passwordEnd, int maxLife, int maxRenew,
-        int kdcFlags, int keyType, byte[] key, String realmName, SamType samType, boolean disabled, 
-        boolean lockedOut, KerberosTime expiration )
+        int kdcFlags, int keyType, Map<EncryptionType, EncryptionKey> keyMap, String realmName, SamType samType,
+        boolean disabled, boolean lockedOut, KerberosTime expiration )
     {
         this.commonName = commonName;
         this.userId = userId;
@@ -75,94 +79,169 @@
         this.lockedOut = lockedOut;
         this.expiration = expiration;
         this.samType = samType;
-        this.key = new EncryptionKey( EncryptionType.getTypeByOrdinal( keyType ), key, keyVersionNumber );
+        this.keyMap = keyMap;
     }
 
-    
+
+    /**
+     * Returns whether this account is disabled.
+     *
+     * @return Whether this account is disabled.
+     */
     public boolean isDisabled()
     {
         return disabled;
     }
-    
-    
+
+
+    /**
+     * Returns whether this account is locked-out.
+     *
+     * @return Whether this account is locked-out.
+     */
     public boolean isLockedOut()
     {
         return lockedOut;
     }
-    
-    
+
+
+    /**
+     * Returns the expiration time.
+     *
+     * @return The expiration time.
+     */
     public KerberosTime getExpiration()
     {
         return expiration;
     }
-    
 
+
+    /**
+     * Returns the common name.
+     *
+     * @return The common name.
+     */
     public String getCommonName()
     {
         return commonName;
     }
 
 
+    /**
+     * Returns the user ID.
+     *
+     * @return The user ID.
+     */
     public String getUserId()
     {
         return userId;
     }
 
 
-    public EncryptionKey getEncryptionKey()
-    {
-        return key;
+    /**
+     * Returns the key map.
+     *
+     * @return The key map.
+     */
+    public Map<EncryptionType, EncryptionKey> getKeyMap()
+    {
+        return keyMap;
     }
 
 
+    /**
+     * Returns the KDC flags.
+     *
+     * @return The KDC flags.
+     */
     public int getKDCFlags()
     {
         return kdcFlags;
     }
 
 
+    /**
+     * Returns the max life.
+     *
+     * @return The max life.
+     */
     public int getMaxLife()
     {
         return maxLife;
     }
 
 
+    /**
+     * Returns the maximum renew time.
+     *
+     * @return The maximum renew time.
+     */
     public int getMaxRenew()
     {
         return maxRenew;
     }
 
 
+    /**
+     * Returns the expiration time for the password.
+     *
+     * @return The expiration time for the password.
+     */
     public KerberosTime getPasswordEnd()
     {
         return passwordEnd;
     }
 
 
+    /**
+     * Returns the principal.
+     *
+     * @return The principal.
+     */
     public KerberosPrincipal getPrincipal()
     {
         return principal;
     }
 
 
+    /**
+     * Returns the realm name.
+     *
+     * @return The realm name.
+     */
     public String getRealmName()
     {
         return realmName;
     }
 
 
+    /**
+     * Returns the end of validity.
+     *
+     * @return The end of validity.
+     */
     public KerberosTime getValidEnd()
     {
         return validEnd;
     }
 
 
+    /**
+     * Returns the start of validity.
+     *
+     * @return The start of validity.
+     */
     public KerberosTime getValidStart()
     {
         return validStart;
     }
 
 
+    /**
+     * Returns the single-use authentication (SAM) type.
+     *
+     * @return The single-use authentication (SAM) type.
+     */
     public SamType getSamType()
     {
         return samType;

Modified: directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/PrincipalStoreEntryModifier.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/PrincipalStoreEntryModifier.java?view=diff&rev=540371&r1=540370&r2=540371
==============================================================================
--- directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/PrincipalStoreEntryModifier.java (original)
+++ directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/PrincipalStoreEntryModifier.java Mon May 21 17:00:43 2007
@@ -20,8 +20,17 @@
 package org.apache.directory.server.kerberos.shared.store;
 
 
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.naming.NamingException;
+import javax.naming.directory.Attribute;
 import javax.security.auth.kerberos.KerberosPrincipal;
 
+import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
+import org.apache.directory.server.kerberos.shared.io.decoder.EncryptionKeyDecoder;
+import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
 import org.apache.directory.server.kerberos.shared.messages.value.KerberosTime;
 import org.apache.directory.server.kerberos.shared.messages.value.SamType;
 
@@ -52,118 +61,242 @@
     private int kdcFlags;
     private int encryptionType;
     private SamType samType;
-    private byte[] key;
+
     private boolean disabled = false;
     private boolean lockedOut = false;
     private KerberosTime expiration = KerberosTime.INFINITY;
 
+    private Map<EncryptionType, EncryptionKey> keyMap;
 
+
+    /**
+     * Returns the {@link PrincipalStoreEntry}.
+     *
+     * @return The {@link PrincipalStoreEntry}.
+     */
     public PrincipalStoreEntry getEntry()
     {
         return new PrincipalStoreEntry( commonName, userId, principal, keyVersionNumber, validStart, validEnd,
-            passwordEnd, maxLife, maxRenew, kdcFlags, encryptionType, key, realmName, samType, 
-            disabled, lockedOut, expiration );
+            passwordEnd, maxLife, maxRenew, kdcFlags, encryptionType, keyMap, realmName, samType, disabled, lockedOut,
+            expiration );
     }
 
-    
+
+    /**
+     * Sets whether the account is disabled.
+     *
+     * @param disabled
+     */
     public void setDisabled( boolean disabled )
     {
         this.disabled = disabled;
     }
-    
-    
+
+
+    /**
+     * Sets whether the account is locked-out.
+     *
+     * @param lockedOut
+     */
     public void setLockedOut( boolean lockedOut )
     {
         this.lockedOut = lockedOut;
     }
-    
-    
+
+
+    /**
+     * Sets the expiration time.
+     *
+     * @param expiration
+     */
     public void setExpiration( KerberosTime expiration )
     {
         this.expiration = expiration;
     }
 
-    
+
+    /**
+     * Sets the common name (cn).
+     *
+     * @param commonName
+     */
     public void setCommonName( String commonName )
     {
         this.commonName = commonName;
     }
 
 
+    /**
+     * Sets the user ID.
+     *
+     * @param userId
+     */
     public void setUserId( String userId )
     {
         this.userId = userId;
     }
 
 
+    /**
+     * Sets the encryption type.
+     *
+     * @param encryptionType
+     */
     public void setEncryptionType( int encryptionType )
     {
         this.encryptionType = encryptionType;
     }
 
 
+    /**
+     * Sets the KDC flags.
+     *
+     * @param kdcFlags
+     */
     public void setKDCFlags( int kdcFlags )
     {
         this.kdcFlags = kdcFlags;
     }
 
 
-    public void setKey( byte[] key )
-    {
-        this.key = key;
+    /**
+     * Sets the key map.
+     *
+     * @param keyMap
+     */
+    public void setKeyMap( Map<EncryptionType, EncryptionKey> keyMap )
+    {
+        this.keyMap = keyMap;
     }
 
 
+    /**
+     * Sets the key version number.
+     *
+     * @param keyVersionNumber
+     */
     public void setKeyVersionNumber( int keyVersionNumber )
     {
         this.keyVersionNumber = keyVersionNumber;
     }
 
 
+    /**
+     * Sets the ticket maximum life time.
+     *
+     * @param maxLife
+     */
     public void setMaxLife( int maxLife )
     {
         this.maxLife = maxLife;
     }
 
 
+    /**
+     * Sets the ticket maximum renew time.
+     *
+     * @param maxRenew
+     */
     public void setMaxRenew( int maxRenew )
     {
         this.maxRenew = maxRenew;
     }
 
 
+    /**
+     * Sets the end-of-life for the password.
+     *
+     * @param passwordEnd
+     */
     public void setPasswordEnd( KerberosTime passwordEnd )
     {
         this.passwordEnd = passwordEnd;
     }
 
 
+    /**
+     * Sets the principal.
+     *
+     * @param principal
+     */
     public void setPrincipal( KerberosPrincipal principal )
     {
         this.principal = principal;
     }
 
 
+    /**
+     * Sets the realm.
+     *
+     * @param realmName
+     */
     public void setRealmName( String realmName )
     {
         this.realmName = realmName;
     }
 
 
+    /**
+     * Sets the end of validity.
+     *
+     * @param validEnd
+     */
     public void setValidEnd( KerberosTime validEnd )
     {
         this.validEnd = validEnd;
     }
 
 
+    /**
+     * Sets the start of validity.
+     *
+     * @param validStart
+     */
     public void setValidStart( KerberosTime validStart )
     {
         this.validStart = validStart;
     }
 
 
+    /**
+     * Sets the single-use authentication (SAM) type.
+     *
+     * @param samType
+     */
     public void setSamType( SamType samType )
     {
         this.samType = samType;
+    }
+
+
+    /**
+     * Converts the ASN.1 encoded key set to a map of encryption types to encryption keys.
+     *
+     * @param krb5key
+     * @return The map of encryption types to encryption keys.
+     * @throws NamingException
+     * @throws IOException
+     */
+    public Map<EncryptionType, EncryptionKey> reconstituteKeyMap( Attribute krb5key ) throws NamingException,
+        IOException
+    {
+        Map<EncryptionType, EncryptionKey> map = new HashMap<EncryptionType, EncryptionKey>();
+
+        for ( int ii = 0; ii < krb5key.size(); ii++ )
+        {
+            Object key = krb5key.get( ii );
+
+            if ( key instanceof String )
+            {
+                throw new NamingException(
+                    "JNDI should not return a string for the Kerberos key: JNDI property java.naming.ldap.attributes.binary must include the krb5key attribute." );
+            }
+
+            byte[] encryptionKeyBytes = ( byte[] ) key;
+            EncryptionKey encryptionKey = EncryptionKeyDecoder.decode( encryptionKeyBytes );
+            map.put( encryptionKey.getKeyType(), encryptionKey );
+        }
+
+        return map;
     }
 }

Modified: directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/SingleBaseSearch.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/SingleBaseSearch.java?view=diff&rev=540371&r1=540370&r2=540371
==============================================================================
--- directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/SingleBaseSearch.java (original)
+++ directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/SingleBaseSearch.java Mon May 21 17:00:43 2007
@@ -27,7 +27,6 @@
 import javax.naming.NamingException;
 import javax.naming.directory.DirContext;
 import javax.naming.spi.InitialContextFactory;
-import javax.security.auth.kerberos.KerberosKey;
 import javax.security.auth.kerberos.KerberosPrincipal;
 
 import org.apache.directory.server.core.configuration.ConfigurationException;
@@ -52,9 +51,9 @@
     private DirContext ctx;
 
 
-    SingleBaseSearch(ServiceConfiguration config, InitialContextFactory factory)
+    SingleBaseSearch( ServiceConfiguration config, InitialContextFactory factory )
     {
-        Hashtable env = new Hashtable( config.toJndiEnvironment() );
+        Hashtable<String, Object> env = new Hashtable<String, Object>( config.toJndiEnvironment() );
         env.put( Context.INITIAL_CONTEXT_FACTORY, config.getInitialContextFactory() );
         env.put( Context.PROVIDER_URL, config.getEntryBaseDn() );
 
@@ -94,9 +93,9 @@
     }
 
 
-    public String changePassword( KerberosPrincipal principal, KerberosKey newKey ) throws Exception
+    public String changePassword( KerberosPrincipal principal, String newPassword ) throws Exception
     {
-        return ( String ) execute( new ChangePassword( principal, newKey ) );
+        return ( String ) execute( new ChangePassword( principal, newPassword ) );
     }
 
 

Modified: directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/operations/AddPrincipal.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/operations/AddPrincipal.java?view=diff&rev=540371&r1=540370&r2=540371
==============================================================================
--- directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/operations/AddPrincipal.java (original)
+++ directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/operations/AddPrincipal.java Mon May 21 17:00:43 2007
@@ -25,10 +25,6 @@
 import javax.naming.NamingException;
 import javax.naming.directory.Attributes;
 import javax.naming.directory.DirContext;
-
-// this is a jdk 1.5 dep which would make us 1.4 incompatible 
-// reverted to using LdapName for now until a better alt is found
-// import javax.naming.ldap.LdapName;
 import javax.naming.spi.DirStateFactory;
 import javax.naming.spi.DirStateFactory.Result;
 
@@ -53,8 +49,10 @@
 
     /**
      * Creates the action to be used against the embedded ApacheDS DIT.
+     * 
+     * @param entry The {@link PrincipalStoreEntry} to add.
      */
-    public AddPrincipal(PrincipalStoreEntry entry)
+    public AddPrincipal( PrincipalStoreEntry entry )
     {
         this.entry = entry;
     }
@@ -84,22 +82,3 @@
         return null;
     }
 }
-
-/*
- dn: uid=akarasulu, ou=Users, dc=example,dc=com
- cn: Alex Karasulu
- sn: Karasulu
- givenname: Alex
- objectclass: top
- objectclass: person
- objectclass: organizationalPerson
- objectclass: inetOrgPerson
- objectclass: krb5Principal
- objectclass: krb5KDCEntry
- ou: Directory
- ou: Users
- uid: akarasulu
- krb5PrincipalName: akarasulu@EXAMPLE.COM
- krb5KeyVersionNumber: 0
- */
-

Modified: directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/operations/ChangePassword.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/operations/ChangePassword.java?view=diff&rev=540371&r1=540370&r2=540371
==============================================================================
--- directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/operations/ChangePassword.java (original)
+++ directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/operations/ChangePassword.java Mon May 21 17:00:43 2007
@@ -30,7 +30,6 @@
 import javax.naming.directory.Attributes;
 import javax.naming.directory.DirContext;
 import javax.naming.directory.SearchResult;
-import javax.security.auth.kerberos.KerberosKey;
 import javax.security.auth.kerberos.KerberosPrincipal;
 
 import org.apache.directory.server.kerberos.shared.store.KerberosAttribute;
@@ -52,43 +51,41 @@
 
     /** The Kerberos principal who's password is to be changed. */
     protected KerberosPrincipal principal;
-    /** The new key for the update. */
-    protected KerberosKey newKey;
+    /** The new password for the update. */
+    protected String newPassword;
 
 
     /**
      * Creates the action to be used against the embedded ApacheDS DIT.
+     * 
+     * @param principal The principal to change the password for.
+     * @param newPassword The password to change.
      */
-    public ChangePassword(KerberosPrincipal principal, KerberosKey newKey)
+    public ChangePassword( KerberosPrincipal principal, String newPassword )
     {
         this.principal = principal;
-        this.newKey = newKey;
+        this.newPassword = newPassword;
     }
 
 
-    public Object execute( DirContext ctx, Name searchBaseDn )
+    public Object execute( DirContext ctx, Name searchBaseDn ) throws NamingException
     {
         if ( principal == null )
         {
             return null;
         }
 
-        ModificationItemImpl[] mods = new ModificationItemImpl[1];
-        Attribute newKeyAttribute = new AttributeImpl( "krb5key", newKey.getEncoded() );
-        mods[0] = new ModificationItemImpl( DirContext.REPLACE_ATTRIBUTE, newKeyAttribute );
+        ModificationItemImpl[] mods = new ModificationItemImpl[2];
+        Attribute newPasswordAttribute = new AttributeImpl( "userPassword", newPassword );
+        mods[0] = new ModificationItemImpl( DirContext.REPLACE_ATTRIBUTE, newPasswordAttribute );
+        Attribute principalAttribute = new AttributeImpl( "krb5PrincipalName", principal.getName() );
+        mods[1] = new ModificationItemImpl( DirContext.REPLACE_ATTRIBUTE, principalAttribute );
 
         String dn = null;
 
-        try
-        {
-            dn = search( ctx, principal.getName() );
-            Name rdn = getRelativeName( ctx.getNameInNamespace(), dn );
-            ctx.modifyAttributes( rdn, mods );
-        }
-        catch ( NamingException e )
-        {
-            return null;
-        }
+        dn = search( ctx, principal.getName() );
+        Name rdn = getRelativeName( ctx.getNameInNamespace(), dn );
+        ctx.modifyAttributes( rdn, mods );
 
         return dn;
     }

Modified: directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/operations/DeletePrincipal.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/operations/DeletePrincipal.java?view=diff&rev=540371&r1=540370&r2=540371
==============================================================================
--- directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/operations/DeletePrincipal.java (original)
+++ directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/operations/DeletePrincipal.java Mon May 21 17:00:43 2007
@@ -54,8 +54,10 @@
 
     /**
      * Creates the action to be used against the embedded ApacheDS DIT.
+     * 
+     * @param principal The principal to delete.
      */
-    public DeletePrincipal(KerberosPrincipal principal)
+    public DeletePrincipal( KerberosPrincipal principal )
     {
         this.principal = principal;
     }

Modified: directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/operations/GetAllPrincipals.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/operations/GetAllPrincipals.java?view=diff&rev=540371&r1=540370&r2=540371
==============================================================================
--- directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/operations/GetAllPrincipals.java (original)
+++ directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/operations/GetAllPrincipals.java Mon May 21 17:00:43 2007
@@ -21,18 +21,24 @@
 package org.apache.directory.server.kerberos.shared.store.operations;
 
 
+import java.io.IOException;
 import java.util.ArrayList;
 import java.util.List;
+import java.util.Map;
 
 import javax.naming.Name;
 import javax.naming.NamingEnumeration;
 import javax.naming.NamingException;
+import javax.naming.directory.Attribute;
 import javax.naming.directory.Attributes;
 import javax.naming.directory.DirContext;
+import javax.naming.directory.InvalidAttributeValueException;
 import javax.naming.directory.SearchControls;
 import javax.naming.directory.SearchResult;
 import javax.security.auth.kerberos.KerberosPrincipal;
 
+import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
+import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
 import org.apache.directory.server.kerberos.shared.messages.value.SamType;
 import org.apache.directory.server.kerberos.shared.store.KerberosAttribute;
 import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntry;
@@ -53,11 +59,12 @@
 
     private static final String filter = "(objectClass=krb5Principal)";
 
+
     public Object execute( DirContext ctx, Name searchBaseDn )
     {
         SearchControls controls = new SearchControls();
 
-        List answers = new ArrayList();
+        List<PrincipalStoreEntry> answers = new ArrayList<PrincipalStoreEntry>();
 
         try
         {
@@ -70,7 +77,6 @@
                 SearchResult result = ( SearchResult ) answer.next();
                 attrs = result.getAttributes();
                 PrincipalStoreEntry entry = getEntry( attrs );
-                System.out.println( "Result name is " + result.getName() );
                 answers.add( entry );
             }
 
@@ -113,13 +119,25 @@
             modifier.setSamType( SamType.getTypeByOrdinal( Integer.parseInt( samType ) ) );
         }
 
-        byte[] keyBytes = ( byte[] ) attrs.get( KerberosAttribute.KEY ).get();
+        if ( attrs.get( KerberosAttribute.KEY ) != null )
+        {
+            Attribute krb5key = attrs.get( KerberosAttribute.KEY );
+            try
+            {
+                Map<EncryptionType, EncryptionKey> keyMap = modifier.reconstituteKeyMap( krb5key );
+                modifier.setKeyMap( keyMap );
+            }
+            catch ( IOException ioe )
+            {
+                throw new InvalidAttributeValueException( "Account Kerberos key attribute '" + KerberosAttribute.KEY
+                    + "' contained an invalid value for krb5key." );
+            }
+        }
 
         modifier.setCommonName( commonName );
         modifier.setPrincipal( new KerberosPrincipal( principal ) );
         modifier.setEncryptionType( Integer.parseInt( encryptionType ) );
         modifier.setKeyVersionNumber( Integer.parseInt( keyVersionNumber ) );
-        modifier.setKey( keyBytes );
 
         return modifier.getEntry();
     }

Modified: directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/operations/GetPrincipal.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/operations/GetPrincipal.java?view=diff&rev=540371&r1=540370&r2=540371
==============================================================================
--- directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/operations/GetPrincipal.java (original)
+++ directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/operations/GetPrincipal.java Mon May 21 17:00:43 2007
@@ -20,17 +20,22 @@
 package org.apache.directory.server.kerberos.shared.store.operations;
 
 
+import java.io.IOException;
 import java.text.ParseException;
+import java.util.Map;
 
 import javax.naming.Name;
 import javax.naming.NamingEnumeration;
 import javax.naming.NamingException;
+import javax.naming.directory.Attribute;
 import javax.naming.directory.Attributes;
 import javax.naming.directory.DirContext;
 import javax.naming.directory.InvalidAttributeValueException;
 import javax.naming.directory.SearchResult;
 import javax.security.auth.kerberos.KerberosPrincipal;
 
+import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
+import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
 import org.apache.directory.server.kerberos.shared.messages.value.KerberosTime;
 import org.apache.directory.server.kerberos.shared.messages.value.SamType;
 import org.apache.directory.server.kerberos.shared.store.KerberosAttribute;
@@ -57,8 +62,10 @@
 
     /**
      * Creates the action to be used against the embedded ApacheDS DIT.
+     * 
+     * @param principal 
      */
-    public GetPrincipal(KerberosPrincipal principal)
+    public GetPrincipal( KerberosPrincipal principal )
     {
         this.principal = principal;
     }
@@ -77,7 +84,7 @@
 
         String[] attrIDs =
             { KerberosAttribute.PRINCIPAL, KerberosAttribute.VERSION, KerberosAttribute.TYPE, KerberosAttribute.KEY,
-                KerberosAttribute.SAM_TYPE, KerberosAttribute.ACCOUNT_DISABLED, 
+                KerberosAttribute.SAM_TYPE, KerberosAttribute.ACCOUNT_DISABLED,
                 KerberosAttribute.ACCOUNT_EXPIRATION_TIME, KerberosAttribute.ACCOUNT_LOCKEDOUT };
 
         Attributes matchAttrs = new AttributesImpl( true );
@@ -128,28 +135,28 @@
 
         if ( attrs.get( KerberosAttribute.ACCOUNT_DISABLED ) != null )
         {
-            String val = ( String ) attrs.get( KerberosAttribute.ACCOUNT_DISABLED ).get(); 
+            String val = ( String ) attrs.get( KerberosAttribute.ACCOUNT_DISABLED ).get();
             modifier.setDisabled( "true".equalsIgnoreCase( val ) );
         }
 
         if ( attrs.get( KerberosAttribute.ACCOUNT_LOCKEDOUT ) != null )
         {
-            String val = ( String ) attrs.get( KerberosAttribute.ACCOUNT_LOCKEDOUT ).get(); 
+            String val = ( String ) attrs.get( KerberosAttribute.ACCOUNT_LOCKEDOUT ).get();
             modifier.setLockedOut( "true".equalsIgnoreCase( val ) );
         }
-        
+
         if ( attrs.get( KerberosAttribute.ACCOUNT_EXPIRATION_TIME ) != null )
         {
-            String val = ( String ) attrs.get( KerberosAttribute.ACCOUNT_EXPIRATION_TIME ).get(); 
+            String val = ( String ) attrs.get( KerberosAttribute.ACCOUNT_EXPIRATION_TIME ).get();
             try
             {
                 modifier.setExpiration( KerberosTime.getTime( val ) );
             }
             catch ( ParseException e )
             {
-                throw new InvalidAttributeValueException( "Account expiration attribute " +
-                    KerberosAttribute.ACCOUNT_EXPIRATION_TIME 
-                    + " contained an invalid value for generalizedTime: " + val );
+                throw new InvalidAttributeValueException( "Account expiration attribute "
+                    + KerberosAttribute.ACCOUNT_EXPIRATION_TIME + " contained an invalid value for generalizedTime: "
+                    + val );
             }
         }
 
@@ -159,22 +166,24 @@
             modifier.setSamType( SamType.getTypeByOrdinal( Integer.parseInt( samType ) ) );
         }
 
-        Object key = attrs.get( KerberosAttribute.KEY ).get();
-        byte[] keyBytes = null;
-
-        if ( key instanceof String )
+        if ( attrs.get( KerberosAttribute.KEY ) != null )
         {
-            String msg = "JNDI should not return a string for the kerberos key: JNDI property java.naming.ldap.attributes.binary must include the krb5key attribute.";
-            throw new NamingException( msg );
+            Attribute krb5key = attrs.get( KerberosAttribute.KEY );
+            try
+            {
+                Map<EncryptionType, EncryptionKey> keyMap = modifier.reconstituteKeyMap( krb5key );
+                modifier.setKeyMap( keyMap );
+            }
+            catch ( IOException ioe )
+            {
+                throw new InvalidAttributeValueException( "Account Kerberos key attribute '" + KerberosAttribute.KEY
+                    + "' contained an invalid value for krb5key." );
+            }
         }
 
-        keyBytes = ( byte[] ) key;
-        modifier.setKey( keyBytes );
-
         modifier.setPrincipal( new KerberosPrincipal( principal ) );
         modifier.setEncryptionType( Integer.parseInt( encryptionType ) );
         modifier.setKeyVersionNumber( Integer.parseInt( keyVersionNumber ) );
         return modifier.getEntry();
     }
-    
 }

Modified: directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/operations/PrincipalObjectFactory.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/operations/PrincipalObjectFactory.java?view=diff&rev=540371&r1=540370&r2=540371
==============================================================================
--- directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/operations/PrincipalObjectFactory.java (original)
+++ directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/operations/PrincipalObjectFactory.java Mon May 21 17:00:43 2007
@@ -21,14 +21,20 @@
 package org.apache.directory.server.kerberos.shared.store.operations;
 
 
+import java.io.IOException;
 import java.util.Hashtable;
+import java.util.Map;
 
 import javax.naming.Context;
 import javax.naming.Name;
+import javax.naming.directory.Attribute;
 import javax.naming.directory.Attributes;
+import javax.naming.directory.InvalidAttributeValueException;
 import javax.naming.spi.DirObjectFactory;
 import javax.security.auth.kerberos.KerberosPrincipal;
 
+import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
+import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
 import org.apache.directory.server.kerberos.shared.store.KerberosAttribute;
 import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntryModifier;
 import org.apache.directory.shared.ldap.constants.SchemaConstants;
@@ -59,7 +65,21 @@
         KerberosPrincipal principal = new KerberosPrincipal( ( String ) attrs.get( KerberosAttribute.PRINCIPAL ).get() );
         modifier.setPrincipal( principal );
 
-        modifier.setKey( ( byte[] ) attrs.get( KerberosAttribute.KEY ).get() );
+        if ( attrs.get( KerberosAttribute.KEY ) != null )
+        {
+            Attribute krb5key = attrs.get( KerberosAttribute.KEY );
+            try
+            {
+                Map<EncryptionType, EncryptionKey> keyMap = modifier.reconstituteKeyMap( krb5key );
+                modifier.setKeyMap( keyMap );
+            }
+            catch ( IOException ioe )
+            {
+                throw new InvalidAttributeValueException( "Account Kerberos key attribute '" + KerberosAttribute.KEY
+                    + "' contained an invalid value for krb5key." );
+            }
+        }
+
         modifier.setEncryptionType( Integer.parseInt( ( String ) attrs.get( KerberosAttribute.TYPE ).get() ) );
         modifier.setKeyVersionNumber( Integer.parseInt( ( String ) attrs.get( KerberosAttribute.VERSION ).get() ) );
 

Modified: directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/operations/PrincipalStateFactory.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/operations/PrincipalStateFactory.java?view=diff&rev=540371&r1=540370&r2=540371
==============================================================================
--- directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/operations/PrincipalStateFactory.java (original)
+++ directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/operations/PrincipalStateFactory.java Mon May 21 17:00:43 2007
@@ -21,6 +21,7 @@
 package org.apache.directory.server.kerberos.shared.store.operations;
 
 
+import java.io.IOException;
 import java.util.Hashtable;
 
 import javax.naming.Context;
@@ -28,9 +29,13 @@
 import javax.naming.NamingException;
 import javax.naming.directory.Attribute;
 import javax.naming.directory.Attributes;
+import javax.naming.directory.InvalidAttributeValueException;
 import javax.naming.directory.SchemaViolationException;
 import javax.naming.spi.DirStateFactory;
 
+import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
+import org.apache.directory.server.kerberos.shared.io.encoder.EncryptionKeyEncoder;
+import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
 import org.apache.directory.server.kerberos.shared.store.KerberosAttribute;
 import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntry;
 import org.apache.directory.shared.ldap.constants.SchemaConstants;
@@ -82,7 +87,7 @@
             if ( !AttributeUtils.containsValueCaseIgnore( oc, SchemaConstants.UID_OBJECT_AT ) )
             {
                 oc.add( SchemaConstants.UID_OBJECT_AT );
-                
+
                 if ( p.getUserId() != null )
                 {
                     outAttrs.put( SchemaConstants.UID_AT, p.getUserId() );
@@ -99,8 +104,8 @@
                 outAttrs.put( "apacheSamType", "7" );
             }
 
-            if ( ! ( AttributeUtils.containsValueCaseIgnore( oc, SchemaConstants.PERSON_OC ) ||
-                     oc.contains( SchemaConstants.PERSON_OC_OID ) ) )
+            if ( !( AttributeUtils.containsValueCaseIgnore( oc, SchemaConstants.PERSON_OC ) || oc
+                .contains( SchemaConstants.PERSON_OC_OID ) ) )
             {
                 oc.add( SchemaConstants.PERSON_OC );
 
@@ -109,14 +114,14 @@
                 outAttrs.put( SchemaConstants.CN_AT, p.getCommonName() );
             }
 
-            if ( ! ( AttributeUtils.containsValueCaseIgnore( oc, SchemaConstants.ORGANIZATIONAL_PERSON_OC ) ||
-                oc.contains( SchemaConstants.ORGANIZATIONAL_PERSON_OC_OID ) ) )
+            if ( !( AttributeUtils.containsValueCaseIgnore( oc, SchemaConstants.ORGANIZATIONAL_PERSON_OC ) || oc
+                .contains( SchemaConstants.ORGANIZATIONAL_PERSON_OC_OID ) ) )
             {
                 oc.add( SchemaConstants.ORGANIZATIONAL_PERSON_OC );
             }
 
-            if ( ! ( AttributeUtils.containsValueCaseIgnore( oc, SchemaConstants.INET_ORG_PERSON_OC ) ||
-                oc.contains( SchemaConstants.INET_ORG_PERSON_OC_OID ) ) )
+            if ( !( AttributeUtils.containsValueCaseIgnore( oc, SchemaConstants.INET_ORG_PERSON_OC ) || oc
+                .contains( SchemaConstants.INET_ORG_PERSON_OC_OID ) ) )
             {
                 oc.add( SchemaConstants.INET_ORG_PERSON_OC );
             }
@@ -131,25 +136,31 @@
                 oc.add( "krb5KDCEntry" );
 
                 String principal = p.getPrincipal().getName();
-                byte[] keyBytes = p.getEncryptionKey().getKeyValue();
-                int keyType = p.getEncryptionKey().getKeyType().getOrdinal();
-                int keyVersion = p.getEncryptionKey().getKeyVersion();
+
+                EncryptionKey encryptionKey = p.getKeyMap().get( EncryptionType.DES_CBC_MD5 );
+
+                try
+                {
+                    outAttrs.put( KerberosAttribute.KEY, EncryptionKeyEncoder.encode( encryptionKey ) );
+                }
+                catch ( IOException ioe )
+                {
+                    throw new InvalidAttributeValueException( "Unable to encode Kerberos key." );
+                }
+
+                int keyType = encryptionKey.getKeyType().getOrdinal();
+                int keyVersion = encryptionKey.getKeyVersion();
 
                 outAttrs.put( KerberosAttribute.PRINCIPAL, principal );
-                outAttrs.put( KerberosAttribute.KEY, keyBytes );
                 outAttrs.put( KerberosAttribute.TYPE, Integer.toString( keyType ) );
                 outAttrs.put( KerberosAttribute.VERSION, Integer.toString( keyVersion ) );
             }
 
             Result r = new Result( obj, outAttrs );
 
-            System.out.println( "Result from obj " + obj );
-            System.out.println( "Result attrs " + outAttrs );
-
             return r;
         }
 
-        System.out.println( "ERROR:  entry was not correct type " + obj );
         return null;
     }
 

Modified: directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/ChangePasswordConfiguration.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/ChangePasswordConfiguration.java?view=diff&rev=540371&r1=540370&r2=540371
==============================================================================
--- directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/ChangePasswordConfiguration.java (original)
+++ directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/ChangePasswordConfiguration.java Mon May 21 17:00:43 2007
@@ -111,20 +111,20 @@
      * Creates a new instance with default settings that operates on the
      * {@link DirectoryService} with the specified ID.
      */
-    public ChangePasswordConfiguration(String instanceId)
+    public ChangePasswordConfiguration( String instanceId )
     {
         this( getDefaultConfig(), LoadStrategy.LDAP );
         setInstanceId( instanceId );
     }
 
 
-    public ChangePasswordConfiguration( Map<String, String> properties )
+    public ChangePasswordConfiguration( Map<String, Object> properties )
     {
         this( properties, LoadStrategy.LDAP );
     }
 
 
-    public ChangePasswordConfiguration( Map<String, String> properties, int strategy )
+    public ChangePasswordConfiguration( Map<String, Object> properties, int strategy )
     {
         if ( properties == null )
         {
@@ -146,9 +146,9 @@
     }
 
 
-    public static Map<String, String> getDefaultConfig()
+    public static Map<String, Object> getDefaultConfig()
     {
-        Map<String, String> defaults = new HashMap<String, String>();
+        Map<String, Object> defaults = new HashMap<String, Object>();
 
         defaults.put( SERVICE_PID, DEFAULT_PID );
         defaults.put( IP_PORT_KEY, DEFAULT_IP_PORT );
@@ -208,7 +208,7 @@
     }
 
 
-    public Map<String, String> getProperties()
+    public Map<String, Object> getProperties()
     {
         // Request that the krb5key value be returned as binary
         configuration.put( JndiPropertyConstants.JNDI_LDAP_ATTRIBUTES_BINARY, "krb5Key" );
@@ -338,9 +338,9 @@
 
         List<EncryptionType> encTypes = new ArrayList<EncryptionType>();
 
-        for ( String enc:encryptionTypeStrings )
+        for ( String enc : encryptionTypeStrings )
         {
-            for ( EncryptionType type:EncryptionType.VALUES )
+            for ( EncryptionType type : EncryptionType.VALUES )
             {
                 if ( type.toString().equalsIgnoreCase( enc ) )
                 {

Modified: directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/ChangePasswordServer.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/ChangePasswordServer.java?view=diff&rev=540371&r1=540370&r2=540371
==============================================================================
--- directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/ChangePasswordServer.java (original)
+++ directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/ChangePasswordServer.java Mon May 21 17:00:43 2007
@@ -52,8 +52,17 @@
 
     private IoHandler handler;
 
-    public ChangePasswordServer(ChangePasswordConfiguration config, IoAcceptor acceptor, IoServiceConfig serviceConfig, 
-        PrincipalStore store)
+
+    /**
+     * Creates a new instance of ChangePasswordServer.
+     *
+     * @param config
+     * @param acceptor
+     * @param serviceConfig
+     * @param store
+     */
+    public ChangePasswordServer( ChangePasswordConfiguration config, IoAcceptor acceptor,
+        IoServiceConfig serviceConfig, PrincipalStore store )
     {
         this.config = config;
         this.acceptor = acceptor;
@@ -77,12 +86,21 @@
     }
 
 
+    /**
+     * Returns whether configuration being proposed as new is really different.
+     *
+     * @param newConfig
+     * @return Whether configuration being proposed as new is really different.
+     */
     public boolean isDifferent( Dictionary newConfig )
     {
         return config.isDifferent( newConfig );
     }
 
 
+    /**
+     * Destroys this instance of {@link ChangePasswordServer}.
+     */
     public void destroy()
     {
         acceptor.unbind( new InetSocketAddress( config.getPort() ) );

Modified: directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/exceptions/ErrorType.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/exceptions/ErrorType.java?view=diff&rev=540371&r1=540370&r2=540371
==============================================================================
--- directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/exceptions/ErrorType.java (original)
+++ directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/exceptions/ErrorType.java Mon May 21 17:00:43 2007
@@ -34,43 +34,78 @@
  */
 public final class ErrorType implements Comparable
 {
-    /*
-     * Enumeration elements are constructed once upon class loading.
-     * Order of appearance here determines the order of compareTo.
+    /**
+     * Constant for the "Request failed due to being malformed" error type.
      */
     public static final ErrorType KRB5_KPASSWD_MALFORMED = new ErrorType( 1, "Request failed due to being malformed." );
+
+    /**
+     * Constant for the "Request failed due to a hard error in processing the request" error type.
+     */
     public static final ErrorType KRB5_KPASSWD_HARDERROR = new ErrorType( 2,
         "Request failed due to a hard error in processing the request." );
+
+    /**
+     * Constant for the "Request failed due to an error in authentication processing" error type.
+     */
     public static final ErrorType KRB5_KPASSWD_AUTHERROR = new ErrorType( 3,
         "Request failed due to an error in authentication processing." );
+
+    /**
+     * Constant for the "Request failed due to a soft error in processing the request" error type.
+     */
     public static final ErrorType KRB5_KPASSWD_SOFTERROR = new ErrorType( 4,
         "Request failed due to a soft error in processing the request." );
+
+    /**
+     * Constant for the "Requestor not authorized" error type.
+     */
     public static final ErrorType KRB5_KPASSWD_ACCESSDENIED = new ErrorType( 5, "Requestor not authorized." );
+
+    /**
+     * Constant for the "Protocol version unsupported" error type.
+     */
     public static final ErrorType KRB5_KPASSWD_BAD_VERSION = new ErrorType( 6, "Protocol version unsupported." );
+
+    /**
+     * Constant for the "Initial flag required" error type.
+     */
     public static final ErrorType KRB5_KPASSWD_INITIAL_FLAG_NEEDED = new ErrorType( 7, "Initial flag required." );
+
+    /**
+     * Constant for the "Request failed for an unknown reason" error type.
+     */
     public static final ErrorType KRB5_KPASSWD_UNKNOWN_ERROR = new ErrorType( 8,
         "Request failed for an unknown reason." );
 
-    /** Array for building a List of VALUES. */
+    /**
+     * Array for building a List of VALUES.
+     */
     private static final ErrorType[] values =
         { KRB5_KPASSWD_MALFORMED, KRB5_KPASSWD_HARDERROR, KRB5_KPASSWD_AUTHERROR, KRB5_KPASSWD_SOFTERROR,
             KRB5_KPASSWD_ACCESSDENIED, KRB5_KPASSWD_BAD_VERSION, KRB5_KPASSWD_INITIAL_FLAG_NEEDED,
             KRB5_KPASSWD_UNKNOWN_ERROR };
 
-    /** a list of all the error type constants */
+    /**
+     * A list of all the error type constants.
+     */
     public static final List VALUES = Collections.unmodifiableList( Arrays.asList( values ) );
 
-    /** the name of the error type */
+    /**
+     * The name of the error type.
+     */
     private final String name;
 
-    /** the value/code for the error type */
+    /**
+     * The value/code for the error type.
+     */
     private final int ordinal;
 
 
     /**
      * Private constructor prevents construction outside of this class.
      */
-    private ErrorType(int ordinal, String name)
+    private ErrorType( int ordinal, String name )
     {
         this.ordinal = ordinal;
         this.name = name;

Modified: directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/io/ChangePasswordDataDecoder.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/io/ChangePasswordDataDecoder.java?view=diff&rev=540371&r1=540370&r2=540371
==============================================================================
--- directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/io/ChangePasswordDataDecoder.java (original)
+++ directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/io/ChangePasswordDataDecoder.java Mon May 21 17:00:43 2007
@@ -41,6 +41,13 @@
  */
 public class ChangePasswordDataDecoder
 {
+    /**
+     * Decodes bytes into a ChangePasswordData.
+     *
+     * @param encodedChangePasswdData
+     * @return The {@link ChangePasswordData}.
+     * @throws IOException
+     */
     public ChangePasswordData decodeChangePasswordData( byte[] encodedChangePasswdData ) throws IOException
     {
         ASN1InputStream ais = new ASN1InputStream( encodedChangePasswdData );

Modified: directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/io/ChangePasswordErrorEncoder.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/io/ChangePasswordErrorEncoder.java?view=diff&rev=540371&r1=540370&r2=540371
==============================================================================
--- directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/io/ChangePasswordErrorEncoder.java (original)
+++ directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/io/ChangePasswordErrorEncoder.java Mon May 21 17:00:43 2007
@@ -35,6 +35,13 @@
  */
 public class ChangePasswordErrorEncoder
 {
+    /**
+     * Encodes a {@link ChangePasswordError} into a {@link ByteBuffer}.
+     *
+     * @param buf
+     * @param message
+     * @throws IOException
+     */
     public void encode( ByteBuffer buf, ChangePasswordError message ) throws IOException
     {
         // Build error message bytes

Modified: directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/io/ChangePasswordReplyEncoder.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/io/ChangePasswordReplyEncoder.java?view=diff&rev=540371&r1=540370&r2=540371
==============================================================================
--- directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/io/ChangePasswordReplyEncoder.java (original)
+++ directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/io/ChangePasswordReplyEncoder.java Mon May 21 17:00:43 2007
@@ -37,6 +37,13 @@
  */
 public class ChangePasswordReplyEncoder
 {
+    /**
+     * Encodes a {@link ChangePasswordReply} into a {@link ByteBuffer}.
+     *
+     * @param buf
+     * @param message
+     * @throws IOException
+     */
     public void encode( ByteBuffer buf, ChangePasswordReply message ) throws IOException
     {
         // Build application reply bytes

Modified: directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/io/ChangePasswordRequestDecoder.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/io/ChangePasswordRequestDecoder.java?view=diff&rev=540371&r1=540370&r2=540371
==============================================================================
--- directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/io/ChangePasswordRequestDecoder.java (original)
+++ directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/io/ChangePasswordRequestDecoder.java Mon May 21 17:00:43 2007
@@ -37,6 +37,13 @@
  */
 public class ChangePasswordRequestDecoder
 {
+    /**
+     * Decodes a {@link ByteBuffer} into a {@link ChangePasswordRequest}.
+     *
+     * @param buf
+     * @return The {@link ChangePasswordRequest}.
+     * @throws IOException
+     */
     public ChangePasswordRequest decode( ByteBuffer buf ) throws IOException
     {
         ChangePasswordRequestModifier modifier = new ChangePasswordRequestModifier();

Modified: directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/messages/AbstractPasswordMessage.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/messages/AbstractPasswordMessage.java?view=diff&rev=540371&r1=540370&r2=540371
==============================================================================
--- directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/messages/AbstractPasswordMessage.java (original)
+++ directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/messages/AbstractPasswordMessage.java Mon May 21 17:00:43 2007
@@ -26,7 +26,9 @@
  */
 abstract public class AbstractPasswordMessage
 {
-    // ChangePassword protocol version number
+    /**
+     * ChangePassword protocol version number.
+     */
     public static final int PVNO = 1;
 
     private short messageLength;
@@ -34,7 +36,7 @@
     private short authHeaderLength;
 
 
-    protected AbstractPasswordMessage(short messageLength, short versionNumber, short authHeaderLength)
+    protected AbstractPasswordMessage( short messageLength, short versionNumber, short authHeaderLength )
     {
         this.messageLength = messageLength;
         this.versionNumber = versionNumber;
@@ -42,18 +44,33 @@
     }
 
 
+    /**
+     * Returns the message length.
+     *
+     * @return The message length.
+     */
     public short getMessageLength()
     {
         return messageLength;
     }
 
 
+    /**
+     * Returns the version number.
+     *
+     * @return The version number.
+     */
     public short getVersionNumber()
     {
         return versionNumber;
     }
 
 
+    /**
+     * Returns the length of the AuthHeader.
+     *
+     * @return The length of the AuthHeader.
+     */
     public short getAuthHeaderLength()
     {
         return authHeaderLength;

Modified: directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/messages/AbstractPasswordMessageModifier.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/messages/AbstractPasswordMessageModifier.java?view=diff&rev=540371&r1=540370&r2=540371
==============================================================================
--- directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/messages/AbstractPasswordMessageModifier.java (original)
+++ directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/messages/AbstractPasswordMessageModifier.java Mon May 21 17:00:43 2007
@@ -31,18 +31,33 @@
     protected short authHeaderLength;
 
 
+    /**
+     * Sets the message length.
+     *
+     * @param messageLength
+     */
     public void setMessageLength( short messageLength )
     {
         this.messageLength = messageLength;
     }
 
 
+    /**
+     * Sets the protocol version number.
+     *
+     * @param versionNumber
+     */
     public void setProtocolVersionNumber( short versionNumber )
     {
         this.versionNumber = versionNumber;
     }
 
 
+    /**
+     * Sets the AuthHeader length.
+     *
+     * @param authHeaderLength
+     */
     public void setAuthHeaderLength( short authHeaderLength )
     {
         this.authHeaderLength = authHeaderLength;

Modified: directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/messages/ChangePasswordError.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/messages/ChangePasswordError.java?view=diff&rev=540371&r1=540370&r2=540371
==============================================================================
--- directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/messages/ChangePasswordError.java (original)
+++ directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/messages/ChangePasswordError.java Mon May 21 17:00:43 2007
@@ -32,8 +32,16 @@
     private ErrorMessage errorMessage;
 
 
-    public ChangePasswordError(short messageLength, short versionNumber, short authHeaderLength,
-        ErrorMessage errorMessage)
+    /**
+     * Creates a new instance of ChangePasswordError.
+     *
+     * @param messageLength
+     * @param versionNumber
+     * @param authHeaderLength
+     * @param errorMessage
+     */
+    public ChangePasswordError( short messageLength, short versionNumber, short authHeaderLength,
+        ErrorMessage errorMessage )
     {
         super( messageLength, versionNumber, authHeaderLength );
 
@@ -41,6 +49,11 @@
     }
 
 
+    /**
+     * Returns the {@link ErrorMessage}.
+     *
+     * @return The {@link ErrorMessage}.
+     */
     public ErrorMessage getErrorMessage()
     {
         return errorMessage;

Modified: directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/messages/ChangePasswordErrorModifier.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/messages/ChangePasswordErrorModifier.java?view=diff&rev=540371&r1=540370&r2=540371
==============================================================================
--- directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/messages/ChangePasswordErrorModifier.java (original)
+++ directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/messages/ChangePasswordErrorModifier.java Mon May 21 17:00:43 2007
@@ -32,12 +32,22 @@
     private ErrorMessage errorMessage;
 
 
+    /**
+     * Returns the {@link ChangePasswordError}.
+     *
+     * @return The {@link ChangePasswordError}.
+     */
     public ChangePasswordError getChangePasswordError()
     {
         return new ChangePasswordError( messageLength, versionNumber, authHeaderLength, errorMessage );
     }
 
 
+    /**
+     * Sets the {@link ErrorMessage}.
+     *
+     * @param errorMessage
+     */
     public void setErrorMessage( ErrorMessage errorMessage )
     {
         this.errorMessage = errorMessage;

Modified: directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/messages/ChangePasswordReply.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/messages/ChangePasswordReply.java?view=diff&rev=540371&r1=540370&r2=540371
==============================================================================
--- directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/messages/ChangePasswordReply.java (original)
+++ directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/messages/ChangePasswordReply.java Mon May 21 17:00:43 2007
@@ -34,8 +34,17 @@
     private PrivateMessage privateMessage;
 
 
-    public ChangePasswordReply(short messageLength, short versionNumber, short authHeaderLength,
-        ApplicationReply applicationReply, PrivateMessage privateMessage)
+    /**
+     * Creates a new instance of ChangePasswordReply.
+     *
+     * @param messageLength
+     * @param versionNumber
+     * @param authHeaderLength
+     * @param applicationReply
+     * @param privateMessage
+     */
+    public ChangePasswordReply( short messageLength, short versionNumber, short authHeaderLength,
+        ApplicationReply applicationReply, PrivateMessage privateMessage )
     {
         super( messageLength, versionNumber, authHeaderLength );
 
@@ -44,12 +53,22 @@
     }
 
 
+    /**
+     * Returns the {@link ApplicationReply}.
+     *
+     * @return The {@link ApplicationReply}.
+     */
     public ApplicationReply getApplicationReply()
     {
         return applicationReply;
     }
 
 
+    /**
+     * Returns the {@link PrivateMessage}.
+     *
+     * @return The {@link PrivateMessage}.
+     */
     public PrivateMessage getPrivateMessage()
     {
         return privateMessage;

Modified: directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/messages/ChangePasswordReplyModifier.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/messages/ChangePasswordReplyModifier.java?view=diff&rev=540371&r1=540370&r2=540371
==============================================================================
--- directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/messages/ChangePasswordReplyModifier.java (original)
+++ directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/messages/ChangePasswordReplyModifier.java Mon May 21 17:00:43 2007
@@ -34,6 +34,11 @@
     private PrivateMessage privateMessage;
 
 
+    /**
+     * Returns the {@link ChangePasswordReply}.
+     *
+     * @return The {@link ChangePasswordReply}.
+     */
     public ChangePasswordReply getChangePasswordReply()
     {
         return new ChangePasswordReply( messageLength, versionNumber, authHeaderLength, applicationReply,
@@ -41,12 +46,22 @@
     }
 
 
+    /**
+     * Sets the {@link ApplicationReply}.
+     *
+     * @param applicationReply
+     */
     public void setApplicationReply( ApplicationReply applicationReply )
     {
         this.applicationReply = applicationReply;
     }
 
 
+    /**
+     * Sets the {@link PrivateMessage}.
+     *
+     * @param privateMessage
+     */
     public void setPrivateMessage( PrivateMessage privateMessage )
     {
         this.privateMessage = privateMessage;

Modified: directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/messages/ChangePasswordRequest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/messages/ChangePasswordRequest.java?view=diff&rev=540371&r1=540370&r2=540371
==============================================================================
--- directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/messages/ChangePasswordRequest.java (original)
+++ directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/messages/ChangePasswordRequest.java Mon May 21 17:00:43 2007
@@ -34,8 +34,17 @@
     private PrivateMessage privateMessage;
 
 
-    public ChangePasswordRequest(short messageLength, short versionNumber, short authHeaderLength,
-        ApplicationRequest authHeader, PrivateMessage privateMessage)
+    /**
+     * Creates a new instance of ChangePasswordRequest.
+     *
+     * @param messageLength
+     * @param versionNumber
+     * @param authHeaderLength
+     * @param authHeader
+     * @param privateMessage
+     */
+    public ChangePasswordRequest( short messageLength, short versionNumber, short authHeaderLength,
+        ApplicationRequest authHeader, PrivateMessage privateMessage )
     {
         super( messageLength, versionNumber, authHeaderLength );
 
@@ -44,12 +53,22 @@
     }
 
 
+    /**
+     * Returns the {@link ApplicationRequest}.
+     *
+     * @return The {@link ApplicationRequest}.
+     */
     public ApplicationRequest getAuthHeader()
     {
         return authHeader;
     }
 
 
+    /**
+     * Returns the {@link PrivateMessage}.
+     *
+     * @return The {@link PrivateMessage}.
+     */
     public PrivateMessage getPrivateMessage()
     {
         return privateMessage;

Modified: directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/messages/ChangePasswordRequestModifier.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/messages/ChangePasswordRequestModifier.java?view=diff&rev=540371&r1=540370&r2=540371
==============================================================================
--- directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/messages/ChangePasswordRequestModifier.java (original)
+++ directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/messages/ChangePasswordRequestModifier.java Mon May 21 17:00:43 2007
@@ -34,18 +34,33 @@
     private PrivateMessage privateMessage;
 
 
+    /**
+     * Returns the {@link ChangePasswordRequest}.
+     *
+     * @return The {@link ChangePasswordRequest}.
+     */
     public ChangePasswordRequest getChangePasswordMessage()
     {
         return new ChangePasswordRequest( messageLength, versionNumber, authHeaderLength, authHeader, privateMessage );
     }
 
 
+    /**
+     * Sets the AuthHeader.
+     *
+     * @param authHeader
+     */
     public void setAuthHeader( ApplicationRequest authHeader )
     {
         this.authHeader = authHeader;
     }
 
 
+    /**
+     * Sets the {@link PrivateMessage}.
+     *
+     * @param privateMessage
+     */
     public void setPrivateMessage( PrivateMessage privateMessage )
     {
         this.privateMessage = privateMessage;

Modified: directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/protocol/ChangePasswordProtocolCodecFactory.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/protocol/ChangePasswordProtocolCodecFactory.java?view=diff&rev=540371&r1=540370&r2=540371
==============================================================================
--- directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/protocol/ChangePasswordProtocolCodecFactory.java (original)
+++ directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/protocol/ChangePasswordProtocolCodecFactory.java Mon May 21 17:00:43 2007
@@ -35,6 +35,11 @@
     private static final ChangePasswordProtocolCodecFactory INSTANCE = new ChangePasswordProtocolCodecFactory();
 
 
+    /**
+     * Returns the singleton instance of {@link ChangePasswordProtocolCodecFactory}.
+     *
+     * @return The singleton instance of {@link ChangePasswordProtocolCodecFactory}.
+     */
     public static ChangePasswordProtocolCodecFactory getInstance()
     {
         return INSTANCE;

Modified: directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/protocol/ChangePasswordProtocolHandler.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/protocol/ChangePasswordProtocolHandler.java?view=diff&rev=540371&r1=540370&r2=540371
==============================================================================
--- directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/protocol/ChangePasswordProtocolHandler.java (original)
+++ directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/protocol/ChangePasswordProtocolHandler.java Mon May 21 17:00:43 2007
@@ -29,6 +29,8 @@
 import javax.security.auth.kerberos.KerberosPrincipal;
 
 import org.apache.directory.server.changepw.ChangePasswordConfiguration;
+import org.apache.directory.server.changepw.exceptions.ChangePasswordException;
+import org.apache.directory.server.changepw.exceptions.ErrorType;
 import org.apache.directory.server.changepw.messages.ChangePasswordErrorModifier;
 import org.apache.directory.server.changepw.messages.ChangePasswordRequest;
 import org.apache.directory.server.changepw.service.ChangePasswordChain;
@@ -61,7 +63,13 @@
     private String contextKey = "context";
 
 
-    public ChangePasswordProtocolHandler(ChangePasswordConfiguration config, PrincipalStore store)
+    /**
+     * Creates a new instance of ChangePasswordProtocolHandler.
+     *
+     * @param config
+     * @param store
+     */
+    public ChangePasswordProtocolHandler( ChangePasswordConfiguration config, PrincipalStore store )
     {
         this.config = config;
         this.store = store;
@@ -124,11 +132,16 @@
 
             session.write( changepwContext.getReply() );
         }
-        catch ( Exception e )
+        catch ( KerberosException ke )
         {
-            log.error( e.getMessage() );
-
-            KerberosException ke = ( KerberosException ) e;
+            if ( log.isDebugEnabled() )
+            {
+                log.debug( ke.getMessage(), ke );
+            }
+            else
+            {
+                log.warn( ke.getMessage() );
+            }
 
             ErrorMessage errorMessage = getErrorMessage( config.getChangepwPrincipal(), ke );
 
@@ -137,6 +150,13 @@
 
             session.write( modifier.getChangePasswordError() );
         }
+        catch ( Exception e )
+        {
+            log.error( "Unexpected exception:  " + e.getMessage(), e );
+
+            session.write( getErrorMessage( config.getChangepwPrincipal(), new ChangePasswordException(
+                ErrorType.KRB5_KPASSWD_UNKNOWN_ERROR ) ) );
+        }
     }
 
 
@@ -149,7 +169,7 @@
     }
 
 
-    public String getContextKey()
+    protected String getContextKey()
     {
         return ( this.contextKey );
     }
@@ -176,7 +196,8 @@
     {
         short resultCode = ( short ) exception.getErrorCode();
 
-        byte[] resultString = { (byte) 0x00 };
+        byte[] resultString =
+            { ( byte ) 0x00 };
 
         if ( exception.getExplanatoryData() == null || exception.getExplanatoryData().length == 0 )
         {
@@ -186,7 +207,7 @@
             }
             catch ( UnsupportedEncodingException uee )
             {
-                log.error(  uee.getMessage() );
+                log.error( uee.getMessage() );
             }
         }
         else

Modified: directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/BuildReply.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/BuildReply.java?view=diff&rev=540371&r1=540370&r2=540371
==============================================================================
--- directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/BuildReply.java (original)
+++ directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/BuildReply.java Mon May 21 17:00:43 2007
@@ -25,6 +25,8 @@
 import org.apache.directory.server.changepw.exceptions.ChangePasswordException;
 import org.apache.directory.server.changepw.exceptions.ErrorType;
 import org.apache.directory.server.changepw.messages.ChangePasswordReplyModifier;
+import org.apache.directory.server.kerberos.shared.crypto.encryption.CipherTextHandler;
+import org.apache.directory.server.kerberos.shared.crypto.encryption.KeyUsage;
 import org.apache.directory.server.kerberos.shared.exceptions.KerberosException;
 import org.apache.directory.server.kerberos.shared.messages.application.ApplicationReply;
 import org.apache.directory.server.kerberos.shared.messages.application.PrivateMessage;
@@ -37,7 +39,6 @@
 import org.apache.directory.server.kerberos.shared.messages.value.EncryptedData;
 import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
 import org.apache.directory.server.kerberos.shared.messages.value.HostAddress;
-import org.apache.directory.server.kerberos.shared.service.LockBox;
 import org.apache.mina.common.IoSession;
 import org.apache.mina.handler.chain.IoHandlerCommand;
 import org.slf4j.Logger;
@@ -55,13 +56,14 @@
 
     private String contextKey = "context";
 
+
     public void execute( NextCommand next, IoSession session, Object message ) throws Exception
     {
         ChangePasswordContext changepwContext = ( ChangePasswordContext ) session.getAttribute( getContextKey() );
 
         Authenticator authenticator = changepwContext.getAuthenticator();
         Ticket ticket = changepwContext.getTicket();
-        LockBox lockBox = changepwContext.getLockBox();
+        CipherTextHandler cipherTextHandler = changepwContext.getCipherTextHandler();
 
         // begin building reply
 
@@ -82,7 +84,7 @@
 
         try
         {
-            encPrivPart = lockBox.seal( subSessionKey, privPart );
+            encPrivPart = cipherTextHandler.seal( subSessionKey, privPart, KeyUsage.NUMBER13 );
         }
         catch ( KerberosException ke )
         {
@@ -105,7 +107,7 @@
 
         try
         {
-            encRepPart = lockBox.seal( ticket.getSessionKey(), repPart );
+            encRepPart = cipherTextHandler.seal( ticket.getSessionKey(), repPart, KeyUsage.NUMBER12 );
         }
         catch ( KerberosException ke )
         {
@@ -126,7 +128,7 @@
     }
 
 
-    public String getContextKey()
+    protected String getContextKey()
     {
         return ( this.contextKey );
     }

Modified: directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ChangePasswordChain.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ChangePasswordChain.java?view=diff&rev=540371&r1=540370&r2=540371
==============================================================================
--- directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ChangePasswordChain.java (original)
+++ directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ChangePasswordChain.java Mon May 21 17:00:43 2007
@@ -37,6 +37,9 @@
     private static final Logger log = LoggerFactory.getLogger( ChangePasswordChain.class );
 
 
+    /**
+     * Creates a new instance of ChangePasswordChain.
+     */
     public ChangePasswordChain()
     {
         if ( log.isDebugEnabled() )
@@ -57,7 +60,6 @@
             addLast( "monitorContext", new MonitorContext() );
         }
 
-        addLast( "checkPasswordPolicy", new CheckPasswordPolicy() );
         addLast( "processPasswordChange", new ProcessPasswordChange() );
         addLast( "buildReply", new BuildReply() );
 

Modified: directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ChangePasswordContext.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ChangePasswordContext.java?view=diff&rev=540371&r1=540370&r2=540371
==============================================================================
--- directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ChangePasswordContext.java (original)
+++ directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ChangePasswordContext.java Mon May 21 17:00:43 2007
@@ -24,11 +24,11 @@
 
 import org.apache.directory.server.changepw.ChangePasswordConfiguration;
 import org.apache.directory.server.changepw.messages.AbstractPasswordMessage;
+import org.apache.directory.server.kerberos.shared.crypto.encryption.CipherTextHandler;
 import org.apache.directory.server.kerberos.shared.messages.ApplicationRequest;
 import org.apache.directory.server.kerberos.shared.messages.components.Authenticator;
 import org.apache.directory.server.kerberos.shared.messages.components.Ticket;
 import org.apache.directory.server.kerberos.shared.replay.ReplayCache;
-import org.apache.directory.server.kerberos.shared.service.LockBox;
 import org.apache.directory.server.kerberos.shared.store.PrincipalStore;
 import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntry;
 
@@ -52,7 +52,7 @@
     private Authenticator authenticator;
     private PrincipalStoreEntry serverEntry;
     private ReplayCache replayCache;
-    private LockBox lockBox;
+    private CipherTextHandler cipherTextHandler;
     private String password;
 
 
@@ -165,20 +165,20 @@
 
 
     /**
-     * @return Returns the lockBox.
+     * @return Returns the {@link CipherTextHandler}.
      */
-    public LockBox getLockBox()
+    public CipherTextHandler getCipherTextHandler()
     {
-        return lockBox;
+        return cipherTextHandler;
     }
 
 
     /**
-     * @param lockBox The lockBox to set.
+     * @param cipherTextHandler The {@link CipherTextHandler} to set.
      */
-    public void setLockBox( LockBox lockBox )
+    public void setCipherTextHandler( CipherTextHandler cipherTextHandler )
     {
-        this.lockBox = lockBox;
+        this.cipherTextHandler = cipherTextHandler;
     }
 
 

Modified: directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/CheckPasswordPolicy.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/CheckPasswordPolicy.java?view=diff&rev=540371&r1=540370&r2=540371
==============================================================================
--- directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/CheckPasswordPolicy.java (original)
+++ directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/CheckPasswordPolicy.java Mon May 21 17:00:43 2007
@@ -48,6 +48,7 @@
 
     private String contextKey = "context";
 
+
     public void execute( NextCommand next, IoSession session, Object message ) throws Exception
     {
         ChangePasswordContext changepwContext = ( ChangePasswordContext ) session.getAttribute( getContextKey() );
@@ -202,8 +203,8 @@
         StringBuffer sb = new StringBuffer( "Password violates policy:  " );
 
         boolean isFirst = true;
-        
-        for ( String violation:violations )
+
+        for ( String violation : violations )
         {
             if ( isFirst )
             {
@@ -213,7 +214,7 @@
             {
                 sb.append( ", " );
             }
-            
+
             sb.append( violation );
         }
 
@@ -221,7 +222,7 @@
     }
 
 
-    public String getContextKey()
+    protected String getContextKey()
     {
         return ( this.contextKey );
     }

Modified: directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ConfigureChangePasswordChain.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ConfigureChangePasswordChain.java?view=diff&rev=540371&r1=540370&r2=540371
==============================================================================
--- directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ConfigureChangePasswordChain.java (original)
+++ directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ConfigureChangePasswordChain.java Mon May 21 17:00:43 2007
@@ -20,9 +20,9 @@
 package org.apache.directory.server.changepw.service;
 
 
+import org.apache.directory.server.kerberos.shared.crypto.encryption.CipherTextHandler;
 import org.apache.directory.server.kerberos.shared.replay.InMemoryReplayCache;
 import org.apache.directory.server.kerberos.shared.replay.ReplayCache;
-import org.apache.directory.server.kerberos.shared.service.LockBox;
 import org.apache.mina.common.IoSession;
 import org.apache.mina.handler.chain.IoHandlerCommand;
 
@@ -34,22 +34,23 @@
 public class ConfigureChangePasswordChain implements IoHandlerCommand
 {
     private static final ReplayCache replayCache = new InMemoryReplayCache();
-    private static final LockBox lockBox = new LockBox();
+    private static final CipherTextHandler cipherTextHandler = new CipherTextHandler();
 
     private String contextKey = "context";
 
+
     public void execute( NextCommand next, IoSession session, Object message ) throws Exception
     {
         ChangePasswordContext changepwContext = ( ChangePasswordContext ) session.getAttribute( getContextKey() );
 
         changepwContext.setReplayCache( replayCache );
-        changepwContext.setLockBox( lockBox );
+        changepwContext.setCipherTextHandler( cipherTextHandler );
 
         next.execute( session, message );
     }
 
 
-    public String getContextKey()
+    protected String getContextKey()
     {
         return ( this.contextKey );
     }

Modified: directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ExtractPassword.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ExtractPassword.java?view=diff&rev=540371&r1=540370&r2=540371
==============================================================================
--- directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ExtractPassword.java (original)
+++ directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ExtractPassword.java Mon May 21 17:00:43 2007
@@ -28,12 +28,13 @@
 import org.apache.directory.server.changepw.messages.ChangePasswordRequest;
 import org.apache.directory.server.changepw.value.ChangePasswordData;
 import org.apache.directory.server.changepw.value.ChangePasswordDataModifier;
+import org.apache.directory.server.kerberos.shared.crypto.encryption.CipherTextHandler;
+import org.apache.directory.server.kerberos.shared.crypto.encryption.KeyUsage;
 import org.apache.directory.server.kerberos.shared.exceptions.KerberosException;
 import org.apache.directory.server.kerberos.shared.messages.components.Authenticator;
 import org.apache.directory.server.kerberos.shared.messages.components.EncKrbPrivPart;
 import org.apache.directory.server.kerberos.shared.messages.value.EncryptedData;
 import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
-import org.apache.directory.server.kerberos.shared.service.LockBox;
 import org.apache.mina.common.IoSession;
 import org.apache.mina.handler.chain.IoHandlerCommand;
 import org.slf4j.Logger;
@@ -51,13 +52,14 @@
 
     private String contextKey = "context";
 
+
     public void execute( NextCommand next, IoSession session, Object message ) throws Exception
     {
         ChangePasswordContext changepwContext = ( ChangePasswordContext ) session.getAttribute( getContextKey() );
 
         ChangePasswordRequest request = ( ChangePasswordRequest ) changepwContext.getRequest();
         Authenticator authenticator = changepwContext.getAuthenticator();
-        LockBox lockBox = changepwContext.getLockBox();
+        CipherTextHandler cipherTextHandler = changepwContext.getCipherTextHandler();
 
         // TODO - check ticket is for service authorized to change passwords
         // ticket.getServerPrincipal().getName().equals(config.getChangepwPrincipal().getName()));
@@ -74,7 +76,8 @@
 
         try
         {
-            privatePart = ( EncKrbPrivPart ) lockBox.unseal( EncKrbPrivPart.class, subSessionKey, encReqPrivPart );
+            privatePart = ( EncKrbPrivPart ) cipherTextHandler.unseal( EncKrbPrivPart.class, subSessionKey,
+                encReqPrivPart, KeyUsage.NUMBER13 );
         }
         catch ( KerberosException ke )
         {
@@ -112,7 +115,7 @@
     }
 
 
-    public String getContextKey()
+    protected String getContextKey()
     {
         return ( this.contextKey );
     }

Modified: directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/GetAuthHeader.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/GetAuthHeader.java?view=diff&rev=540371&r1=540370&r2=540371
==============================================================================
--- directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/GetAuthHeader.java (original)
+++ directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/GetAuthHeader.java Mon May 21 17:00:43 2007
@@ -37,6 +37,7 @@
 {
     private String contextKey = "context";
 
+
     public void execute( NextCommand next, IoSession session, Object message ) throws Exception
     {
         ChangePasswordContext changepwContext = ( ChangePasswordContext ) session.getAttribute( getContextKey() );
@@ -52,7 +53,7 @@
     }
 
 
-    public String getContextKey()
+    protected String getContextKey()
     {
         return ( this.contextKey );
     }

Modified: directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/MonitorContext.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/MonitorContext.java?view=diff&rev=540371&r1=540370&r2=540371
==============================================================================
--- directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/MonitorContext.java (original)
+++ directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/MonitorContext.java Mon May 21 17:00:43 2007
@@ -24,6 +24,7 @@
 
 import javax.security.auth.kerberos.KerberosPrincipal;
 
+import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
 import org.apache.directory.server.kerberos.shared.messages.ApplicationRequest;
 import org.apache.directory.server.kerberos.shared.messages.components.Authenticator;
 import org.apache.directory.server.kerberos.shared.messages.components.Ticket;
@@ -49,13 +50,15 @@
 
     private String contextKey = "context";
 
+
     public void execute( NextCommand next, IoSession session, Object message ) throws Exception
     {
         if ( log.isDebugEnabled() )
         {
             try
             {
-                ChangePasswordContext changepwContext = ( ChangePasswordContext ) session.getAttribute( getContextKey() );
+                ChangePasswordContext changepwContext = ( ChangePasswordContext ) session
+                    .getAttribute( getContextKey() );
 
                 PrincipalStore store = changepwContext.getStore();
                 ApplicationRequest authHeader = changepwContext.getAuthHeader();
@@ -91,15 +94,18 @@
                 sb.append( "\n\t" + "caddr contains sender  " + caddrContainsSender );
 
                 KerberosPrincipal ticketServerPrincipal = ticket.getServerPrincipal();
-                PrincipalStoreEntry ticketPrincipal = changepwContext.getServerEntry();
+                sb.append( "\n\t" + "Ticket principal       " + ticketServerPrincipal );
 
-                sb.append( "\n\t" + "principal              " + ticketServerPrincipal );
+                PrincipalStoreEntry ticketPrincipal = changepwContext.getServerEntry();
                 sb.append( "\n\t" + "cn                     " + ticketPrincipal.getCommonName() );
                 sb.append( "\n\t" + "realm                  " + ticketPrincipal.getRealmName() );
-                sb.append( "\n\t" + "principal              " + ticketPrincipal.getPrincipal() );
+                sb.append( "\n\t" + "Service principal      " + ticketPrincipal.getPrincipal() );
                 sb.append( "\n\t" + "SAM type               " + ticketPrincipal.getSamType() );
-                sb.append( "\n\t" + "Key type               " + ticketPrincipal.getEncryptionKey().getKeyType() );
-                sb.append( "\n\t" + "Key version            " + ticketPrincipal.getEncryptionKey().getKeyVersion() );
+
+                EncryptionType encryptionType = ticket.getEncPart().getEncryptionType();
+                int keyVersion = ticketPrincipal.getKeyMap().get( encryptionType ).getKeyVersion();
+                sb.append( "\n\t" + "Ticket key type        " + encryptionType );
+                sb.append( "\n\t" + "Service key version    " + keyVersion );
 
                 log.debug( sb.toString() );
             }
@@ -114,7 +120,7 @@
     }
 
 
-    public String getContextKey()
+    protected String getContextKey()
     {
         return ( this.contextKey );
     }

Modified: directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/MonitorReply.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/MonitorReply.java?view=diff&rev=540371&r1=540370&r2=540371
==============================================================================
--- directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/MonitorReply.java (original)
+++ directory/apacheds/trunk/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/MonitorReply.java Mon May 21 17:00:43 2007
@@ -40,13 +40,15 @@
 
     private String contextKey = "context";
 
+
     public void execute( NextCommand next, IoSession session, Object message ) throws Exception
     {
         if ( log.isDebugEnabled() )
         {
             try
             {
-                ChangePasswordContext changepwContext = ( ChangePasswordContext ) session.getAttribute( getContextKey() );
+                ChangePasswordContext changepwContext = ( ChangePasswordContext ) session
+                    .getAttribute( getContextKey() );
 
                 ChangePasswordReply reply = ( ChangePasswordReply ) changepwContext.getReply();
                 ApplicationReply appReply = reply.getApplicationReply();
@@ -70,7 +72,7 @@
     }
 
 
-    public String getContextKey()
+    protected String getContextKey()
     {
         return ( this.contextKey );
     }



Mime
View raw message