directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From erodrig...@apache.org
Subject svn commit: r541123 [22/25] - in /directory/apacheds/branches/apacheds-sasl-branch: ./ benchmarks/ bootstrap-extract/ bootstrap-extract/src/ bootstrap-extract/src/main/ bootstrap-extract/src/main/java/ bootstrap-extract/src/main/java/org/ bootstrap-ext...
Date Thu, 24 May 2007 00:27:07 GMT
Modified: directory/apacheds/branches/apacheds-sasl-branch/protocol-changepw/src/main/java/org/apache/directory/server/changepw/protocol/ChangePasswordProtocolHandler.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-sasl-branch/protocol-changepw/src/main/java/org/apache/directory/server/changepw/protocol/ChangePasswordProtocolHandler.java?view=diff&rev=541123&r1=541122&r2=541123
==============================================================================
--- directory/apacheds/branches/apacheds-sasl-branch/protocol-changepw/src/main/java/org/apache/directory/server/changepw/protocol/ChangePasswordProtocolHandler.java (original)
+++ directory/apacheds/branches/apacheds-sasl-branch/protocol-changepw/src/main/java/org/apache/directory/server/changepw/protocol/ChangePasswordProtocolHandler.java Wed May 23 17:26:40 2007
@@ -29,6 +29,8 @@
 import javax.security.auth.kerberos.KerberosPrincipal;
 
 import org.apache.directory.server.changepw.ChangePasswordConfiguration;
+import org.apache.directory.server.changepw.exceptions.ChangePasswordException;
+import org.apache.directory.server.changepw.exceptions.ErrorType;
 import org.apache.directory.server.changepw.messages.ChangePasswordErrorModifier;
 import org.apache.directory.server.changepw.messages.ChangePasswordRequest;
 import org.apache.directory.server.changepw.service.ChangePasswordChain;
@@ -61,7 +63,13 @@
     private String contextKey = "context";
 
 
-    public ChangePasswordProtocolHandler(ChangePasswordConfiguration config, PrincipalStore store)
+    /**
+     * Creates a new instance of ChangePasswordProtocolHandler.
+     *
+     * @param config
+     * @param store
+     */
+    public ChangePasswordProtocolHandler( ChangePasswordConfiguration config, PrincipalStore store )
     {
         this.config = config;
         this.store = store;
@@ -124,11 +132,16 @@
 
             session.write( changepwContext.getReply() );
         }
-        catch ( Exception e )
+        catch ( KerberosException ke )
         {
-            log.error( e.getMessage() );
-
-            KerberosException ke = ( KerberosException ) e;
+            if ( log.isDebugEnabled() )
+            {
+                log.debug( ke.getMessage(), ke );
+            }
+            else
+            {
+                log.warn( ke.getMessage() );
+            }
 
             ErrorMessage errorMessage = getErrorMessage( config.getServicePrincipal(), ke );
 
@@ -137,6 +150,13 @@
 
             session.write( modifier.getChangePasswordError() );
         }
+        catch ( Exception e )
+        {
+            log.error( "Unexpected exception:  " + e.getMessage(), e );
+
+            session.write( getErrorMessage( config.getServicePrincipal(), new ChangePasswordException(
+                ErrorType.KRB5_KPASSWD_UNKNOWN_ERROR ) ) );
+        }
     }
 
 
@@ -149,7 +169,7 @@
     }
 
 
-    public String getContextKey()
+    protected String getContextKey()
     {
         return ( this.contextKey );
     }
@@ -176,7 +196,8 @@
     {
         short resultCode = ( short ) exception.getErrorCode();
 
-        byte[] resultString = { (byte) 0x00 };
+        byte[] resultString =
+            { ( byte ) 0x00 };
 
         if ( exception.getExplanatoryData() == null || exception.getExplanatoryData().length == 0 )
         {
@@ -186,7 +207,7 @@
             }
             catch ( UnsupportedEncodingException uee )
             {
-                log.error(  uee.getMessage() );
+                log.error( uee.getMessage() );
             }
         }
         else

Modified: directory/apacheds/branches/apacheds-sasl-branch/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/BuildReply.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-sasl-branch/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/BuildReply.java?view=diff&rev=541123&r1=541122&r2=541123
==============================================================================
--- directory/apacheds/branches/apacheds-sasl-branch/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/BuildReply.java (original)
+++ directory/apacheds/branches/apacheds-sasl-branch/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/BuildReply.java Wed May 23 17:26:40 2007
@@ -25,6 +25,8 @@
 import org.apache.directory.server.changepw.exceptions.ChangePasswordException;
 import org.apache.directory.server.changepw.exceptions.ErrorType;
 import org.apache.directory.server.changepw.messages.ChangePasswordReplyModifier;
+import org.apache.directory.server.kerberos.shared.crypto.encryption.CipherTextHandler;
+import org.apache.directory.server.kerberos.shared.crypto.encryption.KeyUsage;
 import org.apache.directory.server.kerberos.shared.exceptions.KerberosException;
 import org.apache.directory.server.kerberos.shared.messages.application.ApplicationReply;
 import org.apache.directory.server.kerberos.shared.messages.application.PrivateMessage;
@@ -37,7 +39,6 @@
 import org.apache.directory.server.kerberos.shared.messages.value.EncryptedData;
 import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
 import org.apache.directory.server.kerberos.shared.messages.value.HostAddress;
-import org.apache.directory.server.kerberos.shared.service.LockBox;
 import org.apache.mina.common.IoSession;
 import org.apache.mina.handler.chain.IoHandlerCommand;
 import org.slf4j.Logger;
@@ -55,13 +56,14 @@
 
     private String contextKey = "context";
 
+
     public void execute( NextCommand next, IoSession session, Object message ) throws Exception
     {
         ChangePasswordContext changepwContext = ( ChangePasswordContext ) session.getAttribute( getContextKey() );
 
         Authenticator authenticator = changepwContext.getAuthenticator();
         Ticket ticket = changepwContext.getTicket();
-        LockBox lockBox = changepwContext.getLockBox();
+        CipherTextHandler cipherTextHandler = changepwContext.getCipherTextHandler();
 
         // begin building reply
 
@@ -82,7 +84,7 @@
 
         try
         {
-            encPrivPart = lockBox.seal( subSessionKey, privPart );
+            encPrivPart = cipherTextHandler.seal( subSessionKey, privPart, KeyUsage.NUMBER13 );
         }
         catch ( KerberosException ke )
         {
@@ -105,7 +107,7 @@
 
         try
         {
-            encRepPart = lockBox.seal( ticket.getSessionKey(), repPart );
+            encRepPart = cipherTextHandler.seal( ticket.getSessionKey(), repPart, KeyUsage.NUMBER12 );
         }
         catch ( KerberosException ke )
         {
@@ -126,7 +128,7 @@
     }
 
 
-    public String getContextKey()
+    protected String getContextKey()
     {
         return ( this.contextKey );
     }

Modified: directory/apacheds/branches/apacheds-sasl-branch/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ChangePasswordChain.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-sasl-branch/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ChangePasswordChain.java?view=diff&rev=541123&r1=541122&r2=541123
==============================================================================
--- directory/apacheds/branches/apacheds-sasl-branch/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ChangePasswordChain.java (original)
+++ directory/apacheds/branches/apacheds-sasl-branch/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ChangePasswordChain.java Wed May 23 17:26:40 2007
@@ -37,6 +37,9 @@
     private static final Logger log = LoggerFactory.getLogger( ChangePasswordChain.class );
 
 
+    /**
+     * Creates a new instance of ChangePasswordChain.
+     */
     public ChangePasswordChain()
     {
         if ( log.isDebugEnabled() )
@@ -57,7 +60,6 @@
             addLast( "monitorContext", new MonitorContext() );
         }
 
-        addLast( "checkPasswordPolicy", new CheckPasswordPolicy() );
         addLast( "processPasswordChange", new ProcessPasswordChange() );
         addLast( "buildReply", new BuildReply() );
 

Modified: directory/apacheds/branches/apacheds-sasl-branch/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ChangePasswordContext.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-sasl-branch/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ChangePasswordContext.java?view=diff&rev=541123&r1=541122&r2=541123
==============================================================================
--- directory/apacheds/branches/apacheds-sasl-branch/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ChangePasswordContext.java (original)
+++ directory/apacheds/branches/apacheds-sasl-branch/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ChangePasswordContext.java Wed May 23 17:26:40 2007
@@ -24,11 +24,11 @@
 
 import org.apache.directory.server.changepw.ChangePasswordConfiguration;
 import org.apache.directory.server.changepw.messages.AbstractPasswordMessage;
+import org.apache.directory.server.kerberos.shared.crypto.encryption.CipherTextHandler;
 import org.apache.directory.server.kerberos.shared.messages.ApplicationRequest;
 import org.apache.directory.server.kerberos.shared.messages.components.Authenticator;
 import org.apache.directory.server.kerberos.shared.messages.components.Ticket;
 import org.apache.directory.server.kerberos.shared.replay.ReplayCache;
-import org.apache.directory.server.kerberos.shared.service.LockBox;
 import org.apache.directory.server.kerberos.shared.store.PrincipalStore;
 import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntry;
 
@@ -52,7 +52,7 @@
     private Authenticator authenticator;
     private PrincipalStoreEntry serverEntry;
     private ReplayCache replayCache;
-    private LockBox lockBox;
+    private CipherTextHandler cipherTextHandler;
     private String password;
 
 
@@ -165,20 +165,20 @@
 
 
     /**
-     * @return Returns the lockBox.
+     * @return Returns the {@link CipherTextHandler}.
      */
-    public LockBox getLockBox()
+    public CipherTextHandler getCipherTextHandler()
     {
-        return lockBox;
+        return cipherTextHandler;
     }
 
 
     /**
-     * @param lockBox The lockBox to set.
+     * @param cipherTextHandler The {@link CipherTextHandler} to set.
      */
-    public void setLockBox( LockBox lockBox )
+    public void setCipherTextHandler( CipherTextHandler cipherTextHandler )
     {
-        this.lockBox = lockBox;
+        this.cipherTextHandler = cipherTextHandler;
     }
 
 

Modified: directory/apacheds/branches/apacheds-sasl-branch/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/CheckPasswordPolicy.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-sasl-branch/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/CheckPasswordPolicy.java?view=diff&rev=541123&r1=541122&r2=541123
==============================================================================
--- directory/apacheds/branches/apacheds-sasl-branch/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/CheckPasswordPolicy.java (original)
+++ directory/apacheds/branches/apacheds-sasl-branch/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/CheckPasswordPolicy.java Wed May 23 17:26:40 2007
@@ -48,6 +48,7 @@
 
     private String contextKey = "context";
 
+
     public void execute( NextCommand next, IoSession session, Object message ) throws Exception
     {
         ChangePasswordContext changepwContext = ( ChangePasswordContext ) session.getAttribute( getContextKey() );
@@ -202,8 +203,8 @@
         StringBuffer sb = new StringBuffer( "Password violates policy:  " );
 
         boolean isFirst = true;
-        
-        for ( String violation:violations )
+
+        for ( String violation : violations )
         {
             if ( isFirst )
             {
@@ -213,7 +214,7 @@
             {
                 sb.append( ", " );
             }
-            
+
             sb.append( violation );
         }
 
@@ -221,7 +222,7 @@
     }
 
 
-    public String getContextKey()
+    protected String getContextKey()
     {
         return ( this.contextKey );
     }

Modified: directory/apacheds/branches/apacheds-sasl-branch/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ConfigureChangePasswordChain.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-sasl-branch/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ConfigureChangePasswordChain.java?view=diff&rev=541123&r1=541122&r2=541123
==============================================================================
--- directory/apacheds/branches/apacheds-sasl-branch/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ConfigureChangePasswordChain.java (original)
+++ directory/apacheds/branches/apacheds-sasl-branch/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ConfigureChangePasswordChain.java Wed May 23 17:26:40 2007
@@ -20,9 +20,9 @@
 package org.apache.directory.server.changepw.service;
 
 
+import org.apache.directory.server.kerberos.shared.crypto.encryption.CipherTextHandler;
 import org.apache.directory.server.kerberos.shared.replay.InMemoryReplayCache;
 import org.apache.directory.server.kerberos.shared.replay.ReplayCache;
-import org.apache.directory.server.kerberos.shared.service.LockBox;
 import org.apache.mina.common.IoSession;
 import org.apache.mina.handler.chain.IoHandlerCommand;
 
@@ -34,22 +34,23 @@
 public class ConfigureChangePasswordChain implements IoHandlerCommand
 {
     private static final ReplayCache replayCache = new InMemoryReplayCache();
-    private static final LockBox lockBox = new LockBox();
+    private static final CipherTextHandler cipherTextHandler = new CipherTextHandler();
 
     private String contextKey = "context";
 
+
     public void execute( NextCommand next, IoSession session, Object message ) throws Exception
     {
         ChangePasswordContext changepwContext = ( ChangePasswordContext ) session.getAttribute( getContextKey() );
 
         changepwContext.setReplayCache( replayCache );
-        changepwContext.setLockBox( lockBox );
+        changepwContext.setCipherTextHandler( cipherTextHandler );
 
         next.execute( session, message );
     }
 
 
-    public String getContextKey()
+    protected String getContextKey()
     {
         return ( this.contextKey );
     }

Modified: directory/apacheds/branches/apacheds-sasl-branch/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ExtractPassword.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-sasl-branch/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ExtractPassword.java?view=diff&rev=541123&r1=541122&r2=541123
==============================================================================
--- directory/apacheds/branches/apacheds-sasl-branch/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ExtractPassword.java (original)
+++ directory/apacheds/branches/apacheds-sasl-branch/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ExtractPassword.java Wed May 23 17:26:40 2007
@@ -28,12 +28,13 @@
 import org.apache.directory.server.changepw.messages.ChangePasswordRequest;
 import org.apache.directory.server.changepw.value.ChangePasswordData;
 import org.apache.directory.server.changepw.value.ChangePasswordDataModifier;
+import org.apache.directory.server.kerberos.shared.crypto.encryption.CipherTextHandler;
+import org.apache.directory.server.kerberos.shared.crypto.encryption.KeyUsage;
 import org.apache.directory.server.kerberos.shared.exceptions.KerberosException;
 import org.apache.directory.server.kerberos.shared.messages.components.Authenticator;
 import org.apache.directory.server.kerberos.shared.messages.components.EncKrbPrivPart;
 import org.apache.directory.server.kerberos.shared.messages.value.EncryptedData;
 import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
-import org.apache.directory.server.kerberos.shared.service.LockBox;
 import org.apache.mina.common.IoSession;
 import org.apache.mina.handler.chain.IoHandlerCommand;
 import org.slf4j.Logger;
@@ -51,13 +52,14 @@
 
     private String contextKey = "context";
 
+
     public void execute( NextCommand next, IoSession session, Object message ) throws Exception
     {
         ChangePasswordContext changepwContext = ( ChangePasswordContext ) session.getAttribute( getContextKey() );
 
         ChangePasswordRequest request = ( ChangePasswordRequest ) changepwContext.getRequest();
         Authenticator authenticator = changepwContext.getAuthenticator();
-        LockBox lockBox = changepwContext.getLockBox();
+        CipherTextHandler cipherTextHandler = changepwContext.getCipherTextHandler();
 
         // TODO - check ticket is for service authorized to change passwords
         // ticket.getServerPrincipal().getName().equals(config.getChangepwPrincipal().getName()));
@@ -74,7 +76,8 @@
 
         try
         {
-            privatePart = ( EncKrbPrivPart ) lockBox.unseal( EncKrbPrivPart.class, subSessionKey, encReqPrivPart );
+            privatePart = ( EncKrbPrivPart ) cipherTextHandler.unseal( EncKrbPrivPart.class, subSessionKey,
+                encReqPrivPart, KeyUsage.NUMBER13 );
         }
         catch ( KerberosException ke )
         {
@@ -112,7 +115,7 @@
     }
 
 
-    public String getContextKey()
+    protected String getContextKey()
     {
         return ( this.contextKey );
     }

Modified: directory/apacheds/branches/apacheds-sasl-branch/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/GetAuthHeader.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-sasl-branch/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/GetAuthHeader.java?view=diff&rev=541123&r1=541122&r2=541123
==============================================================================
--- directory/apacheds/branches/apacheds-sasl-branch/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/GetAuthHeader.java (original)
+++ directory/apacheds/branches/apacheds-sasl-branch/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/GetAuthHeader.java Wed May 23 17:26:40 2007
@@ -37,6 +37,7 @@
 {
     private String contextKey = "context";
 
+
     public void execute( NextCommand next, IoSession session, Object message ) throws Exception
     {
         ChangePasswordContext changepwContext = ( ChangePasswordContext ) session.getAttribute( getContextKey() );
@@ -52,7 +53,7 @@
     }
 
 
-    public String getContextKey()
+    protected String getContextKey()
     {
         return ( this.contextKey );
     }

Modified: directory/apacheds/branches/apacheds-sasl-branch/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/MonitorContext.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-sasl-branch/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/MonitorContext.java?view=diff&rev=541123&r1=541122&r2=541123
==============================================================================
--- directory/apacheds/branches/apacheds-sasl-branch/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/MonitorContext.java (original)
+++ directory/apacheds/branches/apacheds-sasl-branch/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/MonitorContext.java Wed May 23 17:26:40 2007
@@ -24,6 +24,7 @@
 
 import javax.security.auth.kerberos.KerberosPrincipal;
 
+import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
 import org.apache.directory.server.kerberos.shared.messages.ApplicationRequest;
 import org.apache.directory.server.kerberos.shared.messages.components.Authenticator;
 import org.apache.directory.server.kerberos.shared.messages.components.Ticket;
@@ -49,13 +50,15 @@
 
     private String contextKey = "context";
 
+
     public void execute( NextCommand next, IoSession session, Object message ) throws Exception
     {
         if ( log.isDebugEnabled() )
         {
             try
             {
-                ChangePasswordContext changepwContext = ( ChangePasswordContext ) session.getAttribute( getContextKey() );
+                ChangePasswordContext changepwContext = ( ChangePasswordContext ) session
+                    .getAttribute( getContextKey() );
 
                 PrincipalStore store = changepwContext.getStore();
                 ApplicationRequest authHeader = changepwContext.getAuthHeader();
@@ -91,15 +94,18 @@
                 sb.append( "\n\t" + "caddr contains sender  " + caddrContainsSender );
 
                 KerberosPrincipal ticketServerPrincipal = ticket.getServerPrincipal();
-                PrincipalStoreEntry ticketPrincipal = changepwContext.getServerEntry();
+                sb.append( "\n\t" + "Ticket principal       " + ticketServerPrincipal );
 
-                sb.append( "\n\t" + "principal              " + ticketServerPrincipal );
+                PrincipalStoreEntry ticketPrincipal = changepwContext.getServerEntry();
                 sb.append( "\n\t" + "cn                     " + ticketPrincipal.getCommonName() );
                 sb.append( "\n\t" + "realm                  " + ticketPrincipal.getRealmName() );
-                sb.append( "\n\t" + "principal              " + ticketPrincipal.getPrincipal() );
+                sb.append( "\n\t" + "Service principal      " + ticketPrincipal.getPrincipal() );
                 sb.append( "\n\t" + "SAM type               " + ticketPrincipal.getSamType() );
-                sb.append( "\n\t" + "Key type               " + ticketPrincipal.getEncryptionKey().getKeyType() );
-                sb.append( "\n\t" + "Key version            " + ticketPrincipal.getEncryptionKey().getKeyVersion() );
+
+                EncryptionType encryptionType = ticket.getEncPart().getEncryptionType();
+                int keyVersion = ticketPrincipal.getKeyMap().get( encryptionType ).getKeyVersion();
+                sb.append( "\n\t" + "Ticket key type        " + encryptionType );
+                sb.append( "\n\t" + "Service key version    " + keyVersion );
 
                 log.debug( sb.toString() );
             }
@@ -114,7 +120,7 @@
     }
 
 
-    public String getContextKey()
+    protected String getContextKey()
     {
         return ( this.contextKey );
     }

Modified: directory/apacheds/branches/apacheds-sasl-branch/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/MonitorReply.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-sasl-branch/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/MonitorReply.java?view=diff&rev=541123&r1=541122&r2=541123
==============================================================================
--- directory/apacheds/branches/apacheds-sasl-branch/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/MonitorReply.java (original)
+++ directory/apacheds/branches/apacheds-sasl-branch/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/MonitorReply.java Wed May 23 17:26:40 2007
@@ -40,13 +40,15 @@
 
     private String contextKey = "context";
 
+
     public void execute( NextCommand next, IoSession session, Object message ) throws Exception
     {
         if ( log.isDebugEnabled() )
         {
             try
             {
-                ChangePasswordContext changepwContext = ( ChangePasswordContext ) session.getAttribute( getContextKey() );
+                ChangePasswordContext changepwContext = ( ChangePasswordContext ) session
+                    .getAttribute( getContextKey() );
 
                 ChangePasswordReply reply = ( ChangePasswordReply ) changepwContext.getReply();
                 ApplicationReply appReply = reply.getApplicationReply();
@@ -70,7 +72,7 @@
     }
 
 
-    public String getContextKey()
+    protected String getContextKey()
     {
         return ( this.contextKey );
     }

Modified: directory/apacheds/branches/apacheds-sasl-branch/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/MonitorRequest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-sasl-branch/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/MonitorRequest.java?view=diff&rev=541123&r1=541122&r2=541123
==============================================================================
--- directory/apacheds/branches/apacheds-sasl-branch/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/MonitorRequest.java (original)
+++ directory/apacheds/branches/apacheds-sasl-branch/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/MonitorRequest.java Wed May 23 17:26:40 2007
@@ -38,13 +38,15 @@
 
     private String contextKey = "context";
 
+
     public void execute( NextCommand next, IoSession session, Object message ) throws Exception
     {
         if ( log.isDebugEnabled() )
         {
             try
             {
-                ChangePasswordContext changepwContext = ( ChangePasswordContext ) session.getAttribute( getContextKey() );
+                ChangePasswordContext changepwContext = ( ChangePasswordContext ) session
+                    .getAttribute( getContextKey() );
 
                 ChangePasswordRequest request = ( ChangePasswordRequest ) changepwContext.getRequest();
                 short authHeaderLength = request.getAuthHeaderLength();
@@ -70,7 +72,7 @@
     }
 
 
-    public String getContextKey()
+    protected String getContextKey()
     {
         return ( this.contextKey );
     }

Modified: directory/apacheds/branches/apacheds-sasl-branch/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ProcessPasswordChange.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-sasl-branch/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ProcessPasswordChange.java?view=diff&rev=541123&r1=541122&r2=541123
==============================================================================
--- directory/apacheds/branches/apacheds-sasl-branch/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ProcessPasswordChange.java (original)
+++ directory/apacheds/branches/apacheds-sasl-branch/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/ProcessPasswordChange.java Wed May 23 17:26:40 2007
@@ -20,7 +20,7 @@
 package org.apache.directory.server.changepw.service;
 
 
-import javax.security.auth.kerberos.KerberosKey;
+import javax.naming.NamingException;
 import javax.security.auth.kerberos.KerberosPrincipal;
 
 import org.apache.directory.server.changepw.exceptions.ChangePasswordException;
@@ -34,6 +34,8 @@
 
 
 /**
+ * An {@link IoHandlerCommand} for storing the new password.
+ * 
  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
  * @version $Rev$, $Date$
  */
@@ -44,31 +46,33 @@
 
     private String contextKey = "context";
 
+
     public void execute( NextCommand next, IoSession session, Object message ) throws Exception
     {
         ChangePasswordContext changepwContext = ( ChangePasswordContext ) session.getAttribute( getContextKey() );
 
         PrincipalStore store = changepwContext.getStore();
         Authenticator authenticator = changepwContext.getAuthenticator();
-        String password = changepwContext.getPassword();
+        String newPassword = changepwContext.getPassword();
+        KerberosPrincipal clientPrincipal = authenticator.getClientPrincipal();
 
         // usec and seq-number must be present per MS but aren't in legacy kpasswd
         // seq-number must have same value as authenticator
         // ignore r-address
 
-        // generate key from password
-        KerberosPrincipal clientPrincipal = authenticator.getClientPrincipal();
-        KerberosKey newKey = new KerberosKey( clientPrincipal, password.toCharArray(), "DES" );
-
-        // store password in database
         try
         {
-            String principalName = store.changePassword( clientPrincipal, newKey );
+            String principalName = store.changePassword( clientPrincipal, newPassword );
             log.debug( "Successfully modified principal {}", principalName );
         }
+        catch ( NamingException ne )
+        {
+            log.warn( ne.getMessage(), ne );
+            throw new ChangePasswordException( ErrorType.KRB5_KPASSWD_SOFTERROR, ne.getExplanation().getBytes() );
+        }
         catch ( Exception e )
         {
-            log.error( e.getMessage(), e );
+            log.error( "Unexpected exception.", e );
             throw new ChangePasswordException( ErrorType.KRB5_KPASSWD_HARDERROR );
         }
 
@@ -76,7 +80,7 @@
     }
 
 
-    public String getContextKey()
+    protected String getContextKey()
     {
         return ( this.contextKey );
     }

Modified: directory/apacheds/branches/apacheds-sasl-branch/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/VerifyServiceTicketAuthHeader.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-sasl-branch/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/VerifyServiceTicketAuthHeader.java?view=diff&rev=541123&r1=541122&r2=541123
==============================================================================
--- directory/apacheds/branches/apacheds-sasl-branch/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/VerifyServiceTicketAuthHeader.java (original)
+++ directory/apacheds/branches/apacheds-sasl-branch/protocol-changepw/src/main/java/org/apache/directory/server/changepw/service/VerifyServiceTicketAuthHeader.java Wed May 23 17:26:40 2007
@@ -22,12 +22,14 @@
 
 import java.net.InetAddress;
 
+import org.apache.directory.server.kerberos.shared.crypto.encryption.CipherTextHandler;
+import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
+import org.apache.directory.server.kerberos.shared.crypto.encryption.KeyUsage;
 import org.apache.directory.server.kerberos.shared.messages.ApplicationRequest;
 import org.apache.directory.server.kerberos.shared.messages.components.Authenticator;
 import org.apache.directory.server.kerberos.shared.messages.components.Ticket;
 import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
 import org.apache.directory.server.kerberos.shared.replay.ReplayCache;
-import org.apache.directory.server.kerberos.shared.service.LockBox;
 import org.apache.directory.server.kerberos.shared.service.VerifyAuthHeader;
 import org.apache.mina.common.IoSession;
 
@@ -40,21 +42,25 @@
 {
     private String contextKey = "context";
 
+
     public void execute( NextCommand next, IoSession session, Object message ) throws Exception
     {
         ChangePasswordContext changepwContext = ( ChangePasswordContext ) session.getAttribute( getContextKey() );
 
         ApplicationRequest authHeader = changepwContext.getAuthHeader();
         Ticket ticket = changepwContext.getTicket();
-        EncryptionKey serverKey = changepwContext.getServerEntry().getEncryptionKey();
+
+        EncryptionType encryptionType = ticket.getEncPart().getEncryptionType();
+        EncryptionKey serverKey = changepwContext.getServerEntry().getKeyMap().get( encryptionType );
+
         long clockSkew = changepwContext.getConfig().getAllowableClockSkew();
         ReplayCache replayCache = changepwContext.getReplayCache();
         boolean emptyAddressesAllowed = changepwContext.getConfig().isEmptyAddressesAllowed();
         InetAddress clientAddress = changepwContext.getClientAddress();
-        LockBox lockBox = changepwContext.getLockBox();
+        CipherTextHandler cipherTextHandler = changepwContext.getCipherTextHandler();
 
         Authenticator authenticator = verifyAuthHeader( authHeader, ticket, serverKey, clockSkew, replayCache,
-            emptyAddressesAllowed, clientAddress, lockBox );
+            emptyAddressesAllowed, clientAddress, cipherTextHandler, KeyUsage.NUMBER11 );
 
         changepwContext.setAuthenticator( authenticator );
 

Modified: directory/apacheds/branches/apacheds-sasl-branch/protocol-changepw/src/main/java/org/apache/directory/server/changepw/value/ChangePasswordData.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-sasl-branch/protocol-changepw/src/main/java/org/apache/directory/server/changepw/value/ChangePasswordData.java?view=diff&rev=541123&r1=541122&r2=541123
==============================================================================
--- directory/apacheds/branches/apacheds-sasl-branch/protocol-changepw/src/main/java/org/apache/directory/server/changepw/value/ChangePasswordData.java (original)
+++ directory/apacheds/branches/apacheds-sasl-branch/protocol-changepw/src/main/java/org/apache/directory/server/changepw/value/ChangePasswordData.java Wed May 23 17:26:40 2007
@@ -34,7 +34,14 @@
     private String realm;
 
 
-    public ChangePasswordData(byte[] password, PrincipalName principalName, String realm)
+    /**
+     * Creates a new instance of ChangePasswordData.
+     *
+     * @param password
+     * @param principalName
+     * @param realm
+     */
+    public ChangePasswordData( byte[] password, PrincipalName principalName, String realm )
     {
         this.password = password;
         this.principalName = principalName;
@@ -42,18 +49,33 @@
     }
 
 
+    /**
+     * Returns the password as bytes.
+     *
+     * @return The password as bytes.
+     */
     public byte[] getPassword()
     {
         return password;
     }
 
 
+    /**
+     * Returns the principal name.
+     *
+     * @return The principal name.
+     */
     public PrincipalName getPrincipalName()
     {
         return principalName;
     }
 
 
+    /**
+     * Returns the realm.
+     *
+     * @return The realm.
+     */
     public String getRealm()
     {
         return realm;

Modified: directory/apacheds/branches/apacheds-sasl-branch/protocol-changepw/src/main/java/org/apache/directory/server/changepw/value/ChangePasswordDataModifier.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-sasl-branch/protocol-changepw/src/main/java/org/apache/directory/server/changepw/value/ChangePasswordDataModifier.java?view=diff&rev=541123&r1=541122&r2=541123
==============================================================================
--- directory/apacheds/branches/apacheds-sasl-branch/protocol-changepw/src/main/java/org/apache/directory/server/changepw/value/ChangePasswordDataModifier.java (original)
+++ directory/apacheds/branches/apacheds-sasl-branch/protocol-changepw/src/main/java/org/apache/directory/server/changepw/value/ChangePasswordDataModifier.java Wed May 23 17:26:40 2007
@@ -34,24 +34,44 @@
     private String realm;
 
 
+    /**
+     * Returns the {@link ChangePasswordData}.
+     *
+     * @return The {@link ChangePasswordData}.
+     */
     public ChangePasswordData getChangePasswdData()
     {
         return new ChangePasswordData( password, principalName, realm );
     }
 
 
+    /**
+     * Sets the bytes of the new password.
+     *
+     * @param password
+     */
     public void setNewPassword( byte[] password )
     {
         this.password = password;
     }
 
 
+    /**
+     * Sets the target principal name whose password is to be changed.
+     *
+     * @param principalName
+     */
     public void setTargetName( PrincipalName principalName )
     {
         this.principalName = principalName;
     }
 
 
+    /**
+     * Sets the target realm of the principal whose password is to be changed.
+     *
+     * @param realm
+     */
     public void setTargetRealm( String realm )
     {
         this.realm = realm;

Modified: directory/apacheds/branches/apacheds-sasl-branch/protocol-changepw/src/test/java/org/apache/directory/server/changepw/service/CheckPasswordPolicyTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-sasl-branch/protocol-changepw/src/test/java/org/apache/directory/server/changepw/service/CheckPasswordPolicyTest.java?view=diff&rev=541123&r1=541122&r2=541123
==============================================================================
--- directory/apacheds/branches/apacheds-sasl-branch/protocol-changepw/src/test/java/org/apache/directory/server/changepw/service/CheckPasswordPolicyTest.java (original)
+++ directory/apacheds/branches/apacheds-sasl-branch/protocol-changepw/src/test/java/org/apache/directory/server/changepw/service/CheckPasswordPolicyTest.java Wed May 23 17:26:40 2007
@@ -22,8 +22,6 @@
 
 import javax.security.auth.kerberos.KerberosPrincipal;
 
-import org.apache.directory.server.changepw.service.CheckPasswordPolicy;
-
 import junit.framework.TestCase;
 
 
@@ -42,6 +40,9 @@
     private CheckPasswordPolicy policy = new CheckPasswordPolicy();
 
 
+    /**
+     * Tests that a good password is valid according to all policy checks.
+     */
     public void testGoodPassword()
     {
         String username = "Enrique Rodriguez";
@@ -53,6 +54,9 @@
     }
 
 
+    /**
+     * Tests that a bad password fails all validity checks.
+     */
     public void testBadPassword()
     {
         String username = "Erin Randall";
@@ -64,6 +68,9 @@
     }
 
 
+    /**
+     * Tests variations of a password where the password includes tokens of the username.
+     */
     public void testPrincipalAsUsername()
     {
         String username = new KerberosPrincipal( "erodriguez@EXAMPLE.COM" ).getName();

Modified: directory/apacheds/branches/apacheds-sasl-branch/protocol-dhcp/pom.xml
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-sasl-branch/protocol-dhcp/pom.xml?view=diff&rev=541123&r1=541122&r2=541123
==============================================================================
--- directory/apacheds/branches/apacheds-sasl-branch/protocol-dhcp/pom.xml (original)
+++ directory/apacheds/branches/apacheds-sasl-branch/protocol-dhcp/pom.xml Wed May 23 17:26:40 2007
@@ -4,7 +4,7 @@
   <parent>
     <groupId>org.apache.directory.server</groupId>
     <artifactId>build</artifactId>
-    <version>1.5.0-SNAPSHOT</version>
+    <version>1.5.1-SNAPSHOT</version>
   </parent>
   <artifactId>apacheds-protocol-dhcp</artifactId>
   <name>ApacheDS Protocol Dhcp</name>

Modified: directory/apacheds/branches/apacheds-sasl-branch/protocol-dns/pom.xml
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-sasl-branch/protocol-dns/pom.xml?view=diff&rev=541123&r1=541122&r2=541123
==============================================================================
--- directory/apacheds/branches/apacheds-sasl-branch/protocol-dns/pom.xml (original)
+++ directory/apacheds/branches/apacheds-sasl-branch/protocol-dns/pom.xml Wed May 23 17:26:40 2007
@@ -4,7 +4,7 @@
   <parent>
     <groupId>org.apache.directory.server</groupId>
     <artifactId>build</artifactId>
-    <version>1.5.0-SNAPSHOT</version>
+    <version>1.5.1-SNAPSHOT</version>
   </parent>
   <artifactId>apacheds-protocol-dns</artifactId>
   <name>ApacheDS Protocol Dns</name>

Modified: directory/apacheds/branches/apacheds-sasl-branch/protocol-dns/src/main/java/org/apache/directory/server/dns/store/DnsAttribute.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-sasl-branch/protocol-dns/src/main/java/org/apache/directory/server/dns/store/DnsAttribute.java?view=diff&rev=541123&r1=541122&r2=541123
==============================================================================
--- directory/apacheds/branches/apacheds-sasl-branch/protocol-dns/src/main/java/org/apache/directory/server/dns/store/DnsAttribute.java (original)
+++ directory/apacheds/branches/apacheds-sasl-branch/protocol-dns/src/main/java/org/apache/directory/server/dns/store/DnsAttribute.java Wed May 23 17:26:40 2007
@@ -32,9 +32,6 @@
      * Apache DNS Schema Attributes
      */
 
-    /** the apachedns schema common name for an Apache DNS entry */
-    public static final String CN = "cn";
-
     /**
      * An abstract DNS record objectClass used to build other specific structural
      * objectclasses for different record types

Modified: directory/apacheds/branches/apacheds-sasl-branch/protocol-dns/src/main/java/org/apache/directory/server/dns/store/operations/GetRecords.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-sasl-branch/protocol-dns/src/main/java/org/apache/directory/server/dns/store/operations/GetRecords.java?view=diff&rev=541123&r1=541122&r2=541123
==============================================================================
--- directory/apacheds/branches/apacheds-sasl-branch/protocol-dns/src/main/java/org/apache/directory/server/dns/store/operations/GetRecords.java (original)
+++ directory/apacheds/branches/apacheds-sasl-branch/protocol-dns/src/main/java/org/apache/directory/server/dns/store/operations/GetRecords.java Wed May 23 17:26:40 2007
@@ -45,6 +45,7 @@
 import org.apache.directory.server.dns.messages.ResourceRecordModifier;
 import org.apache.directory.server.dns.store.DnsAttribute;
 import org.apache.directory.server.protocol.shared.store.ContextOperation;
+import org.apache.directory.shared.ldap.constants.SchemaConstants;
 
 
 /**
@@ -188,7 +189,7 @@
         }
         else
         {
-            modifier.setDnsType( getType( attrs.get( "objectclass" ) ) );
+            modifier.setDnsType( getType( attrs.get( SchemaConstants.OBJECT_CLASS_AT ) ) );
         }
 
         // class defaults to SOA CLASS

Modified: directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/pom.xml
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/pom.xml?view=diff&rev=541123&r1=541122&r2=541123
==============================================================================
--- directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/pom.xml (original)
+++ directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/pom.xml Wed May 23 17:26:40 2007
@@ -4,7 +4,7 @@
   <parent>
     <groupId>org.apache.directory.server</groupId>
     <artifactId>build</artifactId>
-    <version>1.5.0-SNAPSHOT</version>
+    <version>1.5.1-SNAPSHOT</version>
   </parent>
   <artifactId>apacheds-protocol-kerberos</artifactId>
   <name>ApacheDS Protocol Kerberos</name>

Modified: directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/KdcConfiguration.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/KdcConfiguration.java?view=diff&rev=541123&r1=541122&r2=541123
==============================================================================
--- directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/KdcConfiguration.java (original)
+++ directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/KdcConfiguration.java Wed May 23 17:26:40 2007
@@ -27,6 +27,7 @@
 
 import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
 import org.apache.directory.server.protocol.shared.ServiceConfiguration;
+import org.apache.directory.shared.ldap.constants.JndiPropertyConstants;
 
 
 /**
@@ -375,7 +376,7 @@
         {
             for ( EncryptionType type : EncryptionType.VALUES )
             {
-                if ( type.toString().equalsIgnoreCase( enc ) )
+                if ( type.getName().equalsIgnoreCase( enc ) )
                 {
                     encTypes.add( type );
                 }

Modified: directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/KdcContext.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/KdcContext.java?view=diff&rev=541123&r1=541122&r2=541123
==============================================================================
--- directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/KdcContext.java (original)
+++ directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/KdcContext.java Wed May 23 17:26:40 2007
@@ -22,9 +22,10 @@
 
 import java.net.InetAddress;
 
+import org.apache.directory.server.kerberos.shared.crypto.encryption.CipherTextHandler;
+import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
 import org.apache.directory.server.kerberos.shared.messages.KdcRequest;
 import org.apache.directory.server.kerberos.shared.messages.KerberosMessage;
-import org.apache.directory.server.kerberos.shared.service.LockBox;
 import org.apache.directory.server.kerberos.shared.store.PrincipalStore;
 
 
@@ -41,7 +42,8 @@
     private KdcRequest request;
     private KerberosMessage reply;
     private InetAddress clientAddress;
-    private LockBox lockBox;
+    private CipherTextHandler cipherTextHandler;
+    private EncryptionType encryptionType;
 
 
     /**
@@ -135,19 +137,41 @@
 
 
     /**
-     * @return Returns the lockBox.
+     * @return Returns the {@link CipherTextHandler}.
      */
-    public LockBox getLockBox()
+    public CipherTextHandler getCipherTextHandler()
     {
-        return lockBox;
+        return cipherTextHandler;
     }
 
 
     /**
-     * @param lockBox The lockBox to set.
+     * @param cipherTextHandler The {@link CipherTextHandler} to set.
      */
-    public void setLockBox( LockBox lockBox )
+    public void setCipherTextHandler( CipherTextHandler cipherTextHandler )
     {
-        this.lockBox = lockBox;
+        this.cipherTextHandler = cipherTextHandler;
+    }
+
+
+    /**
+     * Returns the encryption type to use for this session.
+     *
+     * @return The encryption type.
+     */
+    public EncryptionType getEncryptionType()
+    {
+        return encryptionType;
+    }
+
+
+    /**
+     * Sets the encryption type to use for this session.
+     *
+     * @param encryptionType The encryption type to set.
+     */
+    public void setEncryptionType( EncryptionType encryptionType )
+    {
+        this.encryptionType = encryptionType;
     }
 }

Modified: directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/KerberosServer.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/KerberosServer.java?view=diff&rev=541123&r1=541122&r2=541123
==============================================================================
--- directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/KerberosServer.java (original)
+++ directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/KerberosServer.java Wed May 23 17:26:40 2007
@@ -73,7 +73,7 @@
 
         try
         {
-            handler = new KerberosProtocolHandler( new KdcConfiguration(), this.store );
+            handler = new KerberosProtocolHandler( config, this.store );
 
             acceptor.bind( new InetSocketAddress( port ), handler, serviceConfig );
 
@@ -87,8 +87,7 @@
 
 
     /**
-     * Compares whether a {@link Dictionary} of configuration is different
-     * from the currently used configuration.
+     * Returns whether configuration being proposed as new is really different.
      *
      * @param newConfig
      * @return <code>True</true> if the configuration is different.
@@ -100,7 +99,7 @@
 
 
     /**
-     * Destroys this instance of the service.
+     * Destroys this instance of KerberosServer.
      */
     public void destroy()
     {

Modified: directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/MonitorContext.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/MonitorContext.java?view=diff&rev=541123&r1=541122&r2=541123
==============================================================================
--- directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/MonitorContext.java (original)
+++ directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/MonitorContext.java Wed May 23 17:26:40 2007
@@ -37,6 +37,7 @@
 
     private String contextKey = "context";
 
+
     public void execute( NextCommand next, IoSession session, Object message ) throws Exception
     {
         KdcContext kdcContext = ( KdcContext ) session.getAttribute( getContextKey() );
@@ -52,7 +53,7 @@
     }
 
 
-    public String getContextKey()
+    protected String getContextKey()
     {
         return ( this.contextKey );
     }

Modified: directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/MonitorReply.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/MonitorReply.java?view=diff&rev=541123&r1=541122&r2=541123
==============================================================================
--- directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/MonitorReply.java (original)
+++ directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/MonitorReply.java Wed May 23 17:26:40 2007
@@ -39,6 +39,7 @@
 
     private String contextKey = "context";
 
+
     public void execute( NextCommand next, IoSession session, Object message ) throws Exception
     {
         KdcContext kdcContext = ( KdcContext ) session.getAttribute( getContextKey() );
@@ -82,7 +83,7 @@
     }
 
 
-    public String getContextKey()
+    protected String getContextKey()
     {
         return ( this.contextKey );
     }

Modified: directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/MonitorRequest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/MonitorRequest.java?view=diff&rev=541123&r1=541122&r2=541123
==============================================================================
--- directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/MonitorRequest.java (original)
+++ directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/MonitorRequest.java Wed May 23 17:26:40 2007
@@ -39,6 +39,7 @@
 
     private String contextKey = "context";
 
+
     public void execute( NextCommand next, IoSession session, Object message ) throws Exception
     {
         KdcContext kdcContext = ( KdcContext ) session.getAttribute( getContextKey() );
@@ -62,7 +63,7 @@
     }
 
 
-    public String getEncryptionTypes( KdcRequest request )
+    protected String getEncryptionTypes( KdcRequest request )
     {
         EncryptionType[] etypes = request.getEType();
 
@@ -82,7 +83,7 @@
     }
 
 
-    public String getContextKey()
+    protected String getContextKey()
     {
         return ( this.contextKey );
     }

Modified: directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/SelectEncryptionType.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/SelectEncryptionType.java?view=diff&rev=541123&r1=541122&r2=541123
==============================================================================
--- directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/SelectEncryptionType.java (original)
+++ directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/SelectEncryptionType.java Wed May 23 17:26:40 2007
@@ -25,6 +25,8 @@
 import org.apache.directory.server.kerberos.shared.exceptions.KerberosException;
 import org.apache.mina.common.IoSession;
 import org.apache.mina.handler.chain.IoHandlerCommand;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 
 /**
@@ -33,8 +35,12 @@
  */
 public class SelectEncryptionType implements IoHandlerCommand
 {
+    /** The log for this class. */
+    private static final Logger log = LoggerFactory.getLogger( SelectEncryptionType.class );
+
     private String contextKey = "context";
 
+
     public void execute( NextCommand next, IoSession session, Object message ) throws Exception
     {
         KdcContext kdcContext = ( KdcContext ) session.getAttribute( getContextKey() );
@@ -44,11 +50,15 @@
 
         EncryptionType bestType = getBestEncryptionType( requestedTypes, config.getEncryptionTypes() );
 
+        log.debug( "Session will use encryption type " + bestType );
+
         if ( bestType == null )
         {
             throw new KerberosException( ErrorType.KDC_ERR_ETYPE_NOSUPP );
         }
 
+        kdcContext.setEncryptionType( bestType );
+
         next.execute( session, message );
     }
 
@@ -70,7 +80,7 @@
     }
 
 
-    public String getContextKey()
+    protected String getContextKey()
     {
         return ( this.contextKey );
     }

Modified: directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationServiceChain.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationServiceChain.java?view=diff&rev=541123&r1=541122&r2=541123
==============================================================================
--- directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationServiceChain.java (original)
+++ directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationServiceChain.java Wed May 23 17:26:40 2007
@@ -21,6 +21,7 @@
 
 
 import org.apache.directory.server.kerberos.kdc.MonitorRequest;
+import org.apache.directory.server.kerberos.kdc.SelectEncryptionType;
 import org.apache.directory.server.kerberos.kdc.preauthentication.PreAuthenticationChain;
 import org.apache.mina.handler.chain.IoHandlerChain;
 
@@ -31,10 +32,14 @@
  */
 public class AuthenticationServiceChain extends IoHandlerChain
 {
+    /**
+     * Creates a new instance of AuthenticationServiceChain.
+     */
     public AuthenticationServiceChain()
     {
         addLast( "monitorRequest", new MonitorRequest() );
         addLast( "configureAuthenticationChain", new ConfigureAuthenticationChain() );
+        addLast( "selectEncryptionType", new SelectEncryptionType() );
         addLast( "getClientEntry", new GetClientEntry() );
         addLast( "verifyPolicy", new VerifyPolicy() );
         addLast( "preAuthenticationChain", new PreAuthenticationChain() );

Modified: directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/BuildReply.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/BuildReply.java?view=diff&rev=541123&r1=541122&r2=541123
==============================================================================
--- directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/BuildReply.java (original)
+++ directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/BuildReply.java Wed May 23 17:26:40 2007
@@ -74,7 +74,7 @@
     }
 
 
-    public String getContextKey()
+    protected String getContextKey()
     {
         return ( this.contextKey );
     }

Modified: directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/ConfigureAuthenticationChain.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/ConfigureAuthenticationChain.java?view=diff&rev=541123&r1=541122&r2=541123
==============================================================================
--- directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/ConfigureAuthenticationChain.java (original)
+++ directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/ConfigureAuthenticationChain.java Wed May 23 17:26:40 2007
@@ -20,16 +20,9 @@
 package org.apache.directory.server.kerberos.kdc.authentication;
 
 
-import java.util.Map;
-
-import org.apache.directory.server.kerberos.shared.crypto.checksum.ChecksumType;
-import org.apache.directory.server.kerberos.shared.crypto.checksum.Crc32Checksum;
-import org.apache.directory.server.kerberos.shared.crypto.checksum.RsaMd4Checksum;
-import org.apache.directory.server.kerberos.shared.crypto.checksum.RsaMd5Checksum;
-import org.apache.directory.server.kerberos.shared.crypto.checksum.Sha1Checksum;
+import org.apache.directory.server.kerberos.shared.crypto.encryption.CipherTextHandler;
 import org.apache.directory.server.kerberos.shared.replay.InMemoryReplayCache;
 import org.apache.directory.server.kerberos.shared.replay.ReplayCache;
-import org.apache.directory.server.kerberos.shared.service.LockBox;
 import org.apache.mina.common.IoSession;
 import org.apache.mina.handler.chain.IoHandlerCommand;
 
@@ -41,28 +34,23 @@
 public class ConfigureAuthenticationChain implements IoHandlerCommand
 {
     private static final ReplayCache replayCache = new InMemoryReplayCache();
-    private static final LockBox lockBox = new LockBox();
+    private static final CipherTextHandler cipherTextHandler = new CipherTextHandler();
 
     private String contextKey = "context";
 
+
     public void execute( NextCommand next, IoSession session, Object message ) throws Exception
     {
         AuthenticationContext authContext = ( AuthenticationContext ) session.getAttribute( getContextKey() );
 
         authContext.setReplayCache( replayCache );
-        authContext.setLockBox( lockBox );
-
-        Map checksumEngines = authContext.getChecksumEngines();
-        checksumEngines.put( ChecksumType.CRC32, new Crc32Checksum() );
-        checksumEngines.put( ChecksumType.RSA_MD4, new RsaMd4Checksum() );
-        checksumEngines.put( ChecksumType.RSA_MD5, new RsaMd5Checksum() );
-        checksumEngines.put( ChecksumType.SHA1, new Sha1Checksum() );
+        authContext.setCipherTextHandler( cipherTextHandler );
 
         next.execute( session, message );
     }
 
 
-    public String getContextKey()
+    protected String getContextKey()
     {
         return ( this.contextKey );
     }

Modified: directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/GenerateTicket.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/GenerateTicket.java?view=diff&rev=541123&r1=541122&r2=541123
==============================================================================
--- directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/GenerateTicket.java (original)
+++ directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/GenerateTicket.java Wed May 23 17:26:40 2007
@@ -23,6 +23,9 @@
 import javax.security.auth.kerberos.KerberosPrincipal;
 
 import org.apache.directory.server.kerberos.kdc.KdcConfiguration;
+import org.apache.directory.server.kerberos.shared.crypto.encryption.CipherTextHandler;
+import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
+import org.apache.directory.server.kerberos.shared.crypto.encryption.KeyUsage;
 import org.apache.directory.server.kerberos.shared.exceptions.ErrorType;
 import org.apache.directory.server.kerberos.shared.exceptions.KerberosException;
 import org.apache.directory.server.kerberos.shared.messages.KdcRequest;
@@ -35,7 +38,6 @@
 import org.apache.directory.server.kerberos.shared.messages.value.KerberosTime;
 import org.apache.directory.server.kerberos.shared.messages.value.TicketFlags;
 import org.apache.directory.server.kerberos.shared.messages.value.TransitedEncoding;
-import org.apache.directory.server.kerberos.shared.service.LockBox;
 import org.apache.mina.common.IoSession;
 import org.apache.mina.handler.chain.IoHandlerCommand;
 import org.slf4j.Logger;
@@ -53,14 +55,18 @@
 
     private String contextKey = "context";
 
+
     public void execute( NextCommand next, IoSession session, Object message ) throws Exception
     {
         AuthenticationContext authContext = ( AuthenticationContext ) session.getAttribute( getContextKey() );
 
         KdcRequest request = authContext.getRequest();
-        LockBox lockBox = authContext.getLockBox();
+        CipherTextHandler cipherTextHandler = authContext.getCipherTextHandler();
         KerberosPrincipal serverPrincipal = request.getServerPrincipal();
-        EncryptionKey serverKey = authContext.getServerEntry().getEncryptionKey();
+
+        EncryptionType encryptionType = authContext.getEncryptionType();
+        EncryptionKey serverKey = authContext.getServerEntry().getKeyMap().get( encryptionType );
+
         KerberosPrincipal ticketPrincipal = request.getServerPrincipal();
         EncTicketPartModifier newTicketBody = new EncTicketPartModifier();
         KdcConfiguration config = authContext.getConfig();
@@ -138,9 +144,9 @@
          endif
          */
 
-        if ( tempRtime == 0 )
+        if ( tempRtime == 0 || request.getRtime() == null )
         {
-            tempRtime = Long.MAX_VALUE;
+            tempRtime = request.getTill().getTime();
         }
         else
         {
@@ -172,7 +178,7 @@
 
         EncTicketPart ticketPart = newTicketBody.getEncTicketPart();
 
-        EncryptedData encryptedData = lockBox.seal( serverKey, ticketPart );
+        EncryptedData encryptedData = cipherTextHandler.seal( serverKey, ticketPart, KeyUsage.NUMBER2 );
 
         Ticket newTicket = new Ticket( ticketPrincipal, encryptedData );
         newTicket.setEncTicketPart( ticketPart );
@@ -188,7 +194,7 @@
     }
 
 
-    public String getContextKey()
+    protected String getContextKey()
     {
         return ( this.contextKey );
     }

Modified: directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/GetSessionKey.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/GetSessionKey.java?view=diff&rev=541123&r1=541122&r2=541123
==============================================================================
--- directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/GetSessionKey.java (original)
+++ directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/GetSessionKey.java Wed May 23 17:26:40 2007
@@ -20,41 +20,33 @@
 package org.apache.directory.server.kerberos.kdc.authentication;
 
 
-import java.security.SecureRandom;
-
-import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
-import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
-import org.apache.directory.server.kerberos.shared.service.DesStringToKey;
+import org.apache.directory.server.kerberos.shared.crypto.encryption.RandomKeyFactory;
 import org.apache.mina.common.IoSession;
+import org.apache.mina.handler.chain.IoHandlerCommand;
 
 
 /**
+ * Get a session key for this session.
+ * 
  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
  * @version $Rev$, $Date$
  */
-public class GetSessionKey extends DesStringToKey
+public class GetSessionKey implements IoHandlerCommand
 {
-    private static final SecureRandom random = new SecureRandom();
+    private String contextKey = "context";
 
 
     public void execute( NextCommand next, IoSession session, Object message ) throws Exception
     {
         AuthenticationContext authContext = ( AuthenticationContext ) session.getAttribute( getContextKey() );
-        authContext.setSessionKey( getNewSessionKey() );
+        authContext.setSessionKey( RandomKeyFactory.getRandomKey( authContext.getEncryptionType() ) );
 
         next.execute( session, message );
     }
 
 
-    private EncryptionKey getNewSessionKey()
+    protected String getContextKey()
     {
-        byte[] confounder = new byte[8];
-
-        // SecureRandom.nextBytes is already synchronized
-        random.nextBytes( confounder );
-
-        byte[] subSessionKey = getKey( new String( confounder ) );
-
-        return new EncryptionKey( EncryptionType.DES_CBC_MD5, subSessionKey );
+        return ( this.contextKey );
     }
 }

Modified: directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/SealReply.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/SealReply.java?view=diff&rev=541123&r1=541122&r2=541123
==============================================================================
--- directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/SealReply.java (original)
+++ directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/SealReply.java Wed May 23 17:26:40 2007
@@ -20,10 +20,11 @@
 package org.apache.directory.server.kerberos.kdc.authentication;
 
 
+import org.apache.directory.server.kerberos.shared.crypto.encryption.CipherTextHandler;
+import org.apache.directory.server.kerberos.shared.crypto.encryption.KeyUsage;
 import org.apache.directory.server.kerberos.shared.messages.AuthenticationReply;
 import org.apache.directory.server.kerberos.shared.messages.value.EncryptedData;
 import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
-import org.apache.directory.server.kerberos.shared.service.LockBox;
 import org.apache.mina.common.IoSession;
 import org.apache.mina.handler.chain.IoHandlerCommand;
 
@@ -36,22 +37,23 @@
 {
     private String contextKey = "context";
 
+
     public void execute( NextCommand next, IoSession session, Object message ) throws Exception
     {
         AuthenticationContext authContext = ( AuthenticationContext ) session.getAttribute( getContextKey() );
 
         AuthenticationReply reply = ( AuthenticationReply ) authContext.getReply();
         EncryptionKey clientKey = authContext.getClientKey();
-        LockBox lockBox = authContext.getLockBox();
+        CipherTextHandler cipherTextHandler = authContext.getCipherTextHandler();
 
-        EncryptedData encryptedData = lockBox.seal( clientKey, reply );
+        EncryptedData encryptedData = cipherTextHandler.seal( clientKey, reply, KeyUsage.NUMBER3 );
         reply.setEncPart( encryptedData );
 
         next.execute( session, message );
     }
 
 
-    public String getContextKey()
+    protected String getContextKey()
     {
         return ( this.contextKey );
     }

Modified: directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/VerifyPolicy.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/VerifyPolicy.java?view=diff&rev=541123&r1=541122&r2=541123
==============================================================================
--- directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/VerifyPolicy.java (original)
+++ directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/VerifyPolicy.java Wed May 23 17:26:40 2007
@@ -27,8 +27,6 @@
 import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntry;
 import org.apache.mina.common.IoSession;
 import org.apache.mina.handler.chain.IoHandlerCommand;
-//import org.slf4j.Logger;
-//import org.slf4j.LoggerFactory;
 
 
 /**
@@ -37,10 +35,8 @@
  */
 public class VerifyPolicy implements IoHandlerCommand
 {
-    /** the log for this class */
-//    private static final Logger log = LoggerFactory.getLogger( VerifyPolicy.class );
     private String contextKey = "context";
-    
+
 
     public void execute( NextCommand next, IoSession session, Object message ) throws Exception
     {
@@ -61,11 +57,12 @@
         {
             throw new KerberosException( ErrorType.KDC_ERR_CLIENT_REVOKED );
         }
-        next.execute( session, message ); 
+
+        next.execute( session, message );
     }
 
 
-    public String getContextKey()
+    protected String getContextKey()
     {
         return ( this.contextKey );
     }

Modified: directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/preauthentication/PreAuthenticationChain.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/preauthentication/PreAuthenticationChain.java?view=diff&rev=541123&r1=541122&r2=541123
==============================================================================
--- directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/preauthentication/PreAuthenticationChain.java (original)
+++ directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/preauthentication/PreAuthenticationChain.java Wed May 23 17:26:40 2007
@@ -28,6 +28,9 @@
  */
 public class PreAuthenticationChain extends IoHandlerChain
 {
+    /**
+     * Creates a new instance of PreAuthenticationChain.
+     */
     public PreAuthenticationChain()
     {
         addLast( "verifySam", new VerifySam() );

Modified: directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/preauthentication/VerifierBase.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/preauthentication/VerifierBase.java?view=diff&rev=541123&r1=541122&r2=541123
==============================================================================
--- directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/preauthentication/VerifierBase.java (original)
+++ directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/preauthentication/VerifierBase.java Wed May 23 17:26:40 2007
@@ -40,12 +40,15 @@
 {
     private String contextKey = "context";
 
-    public String getContextKey()
-    {
-        return ( this.contextKey );
-    }
 
-    public byte[] preparePreAuthenticationError()
+    /**
+     * Prepares a pre-authentication error message containing required
+     * encryption types.
+     *
+     * @param encryptionTypes
+     * @return The error message as bytes.
+     */
+    public byte[] preparePreAuthenticationError( EncryptionType[] encryptionTypes )
     {
         PreAuthenticationData[] paDataSequence = new PreAuthenticationData[2];
 
@@ -55,8 +58,11 @@
 
         paDataSequence[0] = modifier.getPreAuthenticationData();
 
-        EncryptionTypeInfoEntry[] entries = new EncryptionTypeInfoEntry[1];
-        entries[0] = new EncryptionTypeInfoEntry( EncryptionType.DES_CBC_MD5, null );
+        EncryptionTypeInfoEntry[] entries = new EncryptionTypeInfoEntry[encryptionTypes.length];
+        for ( int ii = 0; ii < encryptionTypes.length; ii++ )
+        {
+            entries[ii] = new EncryptionTypeInfoEntry( encryptionTypes[ii], null );
+        }
 
         byte[] encTypeInfo = null;
 
@@ -83,5 +89,11 @@
         {
             return null;
         }
+    }
+
+
+    protected String getContextKey()
+    {
+        return ( this.contextKey );
     }
 }

Modified: directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/preauthentication/VerifyEncryptedTimestamp.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/preauthentication/VerifyEncryptedTimestamp.java?view=diff&rev=541123&r1=541122&r2=541123
==============================================================================
--- directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/preauthentication/VerifyEncryptedTimestamp.java (original)
+++ directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/preauthentication/VerifyEncryptedTimestamp.java Wed May 23 17:26:40 2007
@@ -24,6 +24,9 @@
 
 import org.apache.directory.server.kerberos.kdc.KdcConfiguration;
 import org.apache.directory.server.kerberos.kdc.authentication.AuthenticationContext;
+import org.apache.directory.server.kerberos.shared.crypto.encryption.CipherTextHandler;
+import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
+import org.apache.directory.server.kerberos.shared.crypto.encryption.KeyUsage;
 import org.apache.directory.server.kerberos.shared.exceptions.ErrorType;
 import org.apache.directory.server.kerberos.shared.exceptions.KerberosException;
 import org.apache.directory.server.kerberos.shared.io.decoder.EncryptedDataDecoder;
@@ -33,7 +36,6 @@
 import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
 import org.apache.directory.server.kerberos.shared.messages.value.PreAuthenticationData;
 import org.apache.directory.server.kerberos.shared.messages.value.PreAuthenticationDataType;
-import org.apache.directory.server.kerberos.shared.service.LockBox;
 import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntry;
 import org.apache.mina.common.IoSession;
 import org.slf4j.Logger;
@@ -62,7 +64,7 @@
         log.debug( "Verifying using encrypted timestamp." );
         KdcConfiguration config = authContext.getConfig();
         KdcRequest request = authContext.getRequest();
-        LockBox lockBox = authContext.getLockBox();
+        CipherTextHandler cipherTextHandler = authContext.getCipherTextHandler();
         PrincipalStoreEntry clientEntry = authContext.getClientEntry();
         String clientName = clientEntry.getPrincipal().getName();
 
@@ -76,7 +78,8 @@
                     + " has no SAM type: proceeding with standard pre-authentication" );
             }
 
-            clientKey = clientEntry.getEncryptionKey();
+            EncryptionType encryptionType = authContext.getEncryptionType();
+            clientKey = clientEntry.getKeyMap().get( encryptionType );
 
             if ( clientKey == null )
             {
@@ -89,7 +92,8 @@
 
                 if ( preAuthData == null )
                 {
-                    throw new KerberosException( ErrorType.KDC_ERR_PREAUTH_REQUIRED, preparePreAuthenticationError() );
+                    throw new KerberosException( ErrorType.KDC_ERR_PREAUTH_REQUIRED,
+                        preparePreAuthenticationError( config.getEncryptionTypes() ) );
                 }
 
                 EncryptedTimeStamp timestamp = null;
@@ -113,14 +117,15 @@
                             throw new KerberosException( ErrorType.KRB_AP_ERR_BAD_INTEGRITY );
                         }
 
-                        timestamp = ( EncryptedTimeStamp ) lockBox.unseal( EncryptedTimeStamp.class, clientKey,
-                            dataValue );
+                        timestamp = ( EncryptedTimeStamp ) cipherTextHandler.unseal( EncryptedTimeStamp.class,
+                            clientKey, dataValue, KeyUsage.NUMBER1 );
                     }
                 }
 
                 if ( timestamp == null )
                 {
-                    throw new KerberosException( ErrorType.KDC_ERR_PREAUTH_REQUIRED, preparePreAuthenticationError() );
+                    throw new KerberosException( ErrorType.KDC_ERR_PREAUTH_REQUIRED,
+                        preparePreAuthenticationError( config.getEncryptionTypes() ) );
                 }
 
                 if ( !timestamp.getTimeStamp().isInClockSkew( config.getAllowableClockSkew() ) )

Modified: directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/preauthentication/VerifySam.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/preauthentication/VerifySam.java?view=diff&rev=541123&r1=541122&r2=541123
==============================================================================
--- directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/preauthentication/VerifySam.java (original)
+++ directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/preauthentication/VerifySam.java Wed May 23 17:26:40 2007
@@ -22,6 +22,7 @@
 
 import javax.security.auth.kerberos.KerberosKey;
 
+import org.apache.directory.server.kerberos.kdc.KdcConfiguration;
 import org.apache.directory.server.kerberos.kdc.authentication.AuthenticationContext;
 import org.apache.directory.server.kerberos.sam.SamException;
 import org.apache.directory.server.kerberos.sam.SamSubsystem;
@@ -60,6 +61,8 @@
         log.debug( "Verifying using SAM subsystem." );
         AuthenticationContext authContext = ( AuthenticationContext ) session.getAttribute( getContextKey() );
         KdcRequest request = authContext.getRequest();
+        KdcConfiguration config = authContext.getConfig();
+
         PrincipalStoreEntry clientEntry = authContext.getClientEntry();
         String clientName = clientEntry.getPrincipal().getName();
 
@@ -77,7 +80,7 @@
 
             if ( preAuthData == null || preAuthData.length == 0 )
             {
-                throw new KerberosException( ErrorType.KDC_ERR_PREAUTH_REQUIRED, preparePreAuthenticationError() );
+                throw new KerberosException( ErrorType.KDC_ERR_PREAUTH_REQUIRED, preparePreAuthenticationError( config.getEncryptionTypes() ) );
             }
 
             try

Modified: directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/BuildReply.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/BuildReply.java?view=diff&rev=541123&r1=541122&r2=541123
==============================================================================
--- directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/BuildReply.java (original)
+++ directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/BuildReply.java Wed May 23 17:26:40 2007
@@ -71,7 +71,7 @@
     }
 
 
-    public String getContextKey()
+    protected String getContextKey()
     {
         return ( this.contextKey );
     }

Modified: directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/ConfigureTicketGrantingChain.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/ConfigureTicketGrantingChain.java?view=diff&rev=541123&r1=541122&r2=541123
==============================================================================
--- directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/ConfigureTicketGrantingChain.java (original)
+++ directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/ConfigureTicketGrantingChain.java Wed May 23 17:26:40 2007
@@ -20,9 +20,9 @@
 package org.apache.directory.server.kerberos.kdc.ticketgrant;
 
 
+import org.apache.directory.server.kerberos.shared.crypto.encryption.CipherTextHandler;
 import org.apache.directory.server.kerberos.shared.replay.InMemoryReplayCache;
 import org.apache.directory.server.kerberos.shared.replay.ReplayCache;
-import org.apache.directory.server.kerberos.shared.service.LockBox;
 import org.apache.mina.common.IoSession;
 import org.apache.mina.handler.chain.IoHandlerCommand;
 
@@ -34,7 +34,7 @@
 public class ConfigureTicketGrantingChain implements IoHandlerCommand
 {
     private static final ReplayCache replayCache = new InMemoryReplayCache();
-    private static final LockBox lockBox = new LockBox();
+    private static final CipherTextHandler cipherTextHandler = new CipherTextHandler();
 
     private String contextKey = "context";
 
@@ -43,13 +43,13 @@
         TicketGrantingContext tgsContext = ( TicketGrantingContext ) session.getAttribute( getContextKey() );
 
         tgsContext.setReplayCache( replayCache );
-        tgsContext.setLockBox( lockBox );
+        tgsContext.setCipherTextHandler( cipherTextHandler );
 
         next.execute( session, message );
     }
 
 
-    public String getContextKey()
+    protected String getContextKey()
     {
         return ( this.contextKey );
     }

Modified: directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/GenerateTicket.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/GenerateTicket.java?view=diff&rev=541123&r1=541122&r2=541123
==============================================================================
--- directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/GenerateTicket.java (original)
+++ directory/apacheds/branches/apacheds-sasl-branch/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/GenerateTicket.java Wed May 23 17:26:40 2007
@@ -27,6 +27,9 @@
 import javax.security.auth.kerberos.KerberosPrincipal;
 
 import org.apache.directory.server.kerberos.kdc.KdcConfiguration;
+import org.apache.directory.server.kerberos.shared.crypto.encryption.CipherTextHandler;
+import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
+import org.apache.directory.server.kerberos.shared.crypto.encryption.KeyUsage;
 import org.apache.directory.server.kerberos.shared.exceptions.ErrorType;
 import org.apache.directory.server.kerberos.shared.exceptions.KerberosException;
 import org.apache.directory.server.kerberos.shared.messages.KdcRequest;
@@ -40,7 +43,6 @@
 import org.apache.directory.server.kerberos.shared.messages.value.KdcOptions;
 import org.apache.directory.server.kerberos.shared.messages.value.KerberosTime;
 import org.apache.directory.server.kerberos.shared.messages.value.TicketFlags;
-import org.apache.directory.server.kerberos.shared.service.LockBox;
 import org.apache.mina.common.IoSession;
 import org.apache.mina.handler.chain.IoHandlerCommand;
 
@@ -53,6 +55,7 @@
 {
     private String contextKey = "context";
 
+
     public void execute( NextCommand next, IoSession session, Object message ) throws Exception
     {
         TicketGrantingContext tgsContext = ( TicketGrantingContext ) session.getAttribute( getContextKey() );
@@ -60,9 +63,12 @@
         KdcRequest request = tgsContext.getRequest();
         Ticket tgt = tgsContext.getTgt();
         Authenticator authenticator = tgsContext.getAuthenticator();
-        LockBox lockBox = tgsContext.getLockBox();
+        CipherTextHandler cipherTextHandler = tgsContext.getCipherTextHandler();
         KerberosPrincipal ticketPrincipal = request.getServerPrincipal();
-        EncryptionKey serverKey = tgsContext.getRequestPrincipalEntry().getEncryptionKey();
+
+        EncryptionType encryptionType = tgsContext.getEncryptionType();
+        EncryptionKey serverKey = tgsContext.getRequestPrincipalEntry().getKeyMap().get( encryptionType );
+
         KdcConfiguration config = tgsContext.getConfig();
         EncryptionKey sessionKey = tgsContext.getSessionKey();
 
@@ -77,8 +83,8 @@
 
         if ( request.getEncAuthorizationData() != null )
         {
-            AuthorizationData authData = ( AuthorizationData ) lockBox.unseal( AuthorizationData.class, authenticator
-                .getSubSessionKey(), request.getEncAuthorizationData() );
+            AuthorizationData authData = ( AuthorizationData ) cipherTextHandler.unseal( AuthorizationData.class,
+                authenticator.getSubSessionKey(), request.getEncAuthorizationData(), KeyUsage.NUMBER4 );
             authData.add( tgt.getAuthorizationData() );
             newTicketBody.setAuthorizationData( authData );
         }
@@ -105,7 +111,7 @@
             throw new KerberosException( ErrorType.KDC_ERR_SVC_UNAVAILABLE );
         }
 
-        EncryptedData encryptedData = lockBox.seal( serverKey, ticketPart );
+        EncryptedData encryptedData = cipherTextHandler.seal( serverKey, ticketPart, KeyUsage.NUMBER2 );
 
         Ticket newTicket = new Ticket( ticketPrincipal, encryptedData );
         newTicket.setEncTicketPart( ticketPart );
@@ -116,12 +122,6 @@
     }
 
 
-    public String getContextKey()
-    {
-        return ( this.contextKey );
-    }
-
-
     private void processFlags( KdcConfiguration config, KdcRequest request, Ticket tgt,
         EncTicketPartModifier newTicketBody ) throws KerberosException
     {
@@ -274,7 +274,7 @@
              new_tkt.starttime+client.max_life,
              new_tkt.starttime+server.max_life,
              */
-            List minimizer = new ArrayList();
+            List<KerberosTime> minimizer = new ArrayList<KerberosTime>();
             minimizer.add( till );
             minimizer.add( new KerberosTime( now.getTime() + config.getMaximumTicketLifetime() ) );
             minimizer.add( tgt.getEndTime() );
@@ -315,7 +315,7 @@
              new_tkt.starttime+server.max_rlife,
              */
             // TODO - client and server configurable; requires store
-            List minimizer = new ArrayList();
+            List<KerberosTime> minimizer = new ArrayList<KerberosTime>();
 
             /*
              * 'rtime' KerberosTime is OPTIONAL
@@ -327,7 +327,7 @@
 
             minimizer.add( new KerberosTime( now.getTime() + config.getMaximumRenewableLifetime() ) );
             minimizer.add( tgt.getRenewTill() );
-            newTicketBody.setRenewTill( ( KerberosTime ) Collections.min( minimizer ) );
+            newTicketBody.setRenewTill( Collections.min( minimizer ) );
         }
     }
 
@@ -362,5 +362,11 @@
         newTicketBody.setRenewTill( tgt.getRenewTill() );
         newTicketBody.setSessionKey( tgt.getSessionKey() );
         newTicketBody.setTransitedEncoding( tgt.getTransitedEncoding() );
+    }
+
+
+    protected String getContextKey()
+    {
+        return ( this.contextKey );
     }
 }



Mime
View raw message