Return-Path: Delivered-To: apmail-directory-commits-archive@www.apache.org Received: (qmail 1510 invoked from network); 6 May 2007 23:19:25 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 6 May 2007 23:19:25 -0000 Received: (qmail 77458 invoked by uid 500); 6 May 2007 23:19:24 -0000 Delivered-To: apmail-directory-commits-archive@directory.apache.org Received: (qmail 77430 invoked by uid 500); 6 May 2007 23:19:24 -0000 Mailing-List: contact commits-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@directory.apache.org Delivered-To: mailing list commits@directory.apache.org Received: (qmail 77332 invoked by uid 99); 6 May 2007 23:19:23 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 06 May 2007 16:19:23 -0700 X-ASF-Spam-Status: No, hits=-99.5 required=10.0 tests=ALL_TRUSTED,NO_REAL_NAME X-Spam-Check-By: apache.org Received: from [140.211.11.3] (HELO eris.apache.org) (140.211.11.3) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 06 May 2007 16:19:16 -0700 Received: by eris.apache.org (Postfix, from userid 65534) id 646501A9838; Sun, 6 May 2007 16:18:56 -0700 (PDT) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r535676 - /directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/VerifyAuthHeader.java Date: Sun, 06 May 2007 23:18:56 -0000 To: commits@directory.apache.org From: erodriguez@apache.org X-Mailer: svnmailer-1.1.0 Message-Id: <20070506231856.646501A9838@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: erodriguez Date: Sun May 6 16:18:55 2007 New Revision: 535676 URL: http://svn.apache.org/viewvc?view=rev&rev=535676 Log: Updated auth header verification to work with "key usage." Modified: directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/VerifyAuthHeader.java Modified: directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/VerifyAuthHeader.java URL: http://svn.apache.org/viewvc/directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/VerifyAuthHeader.java?view=diff&rev=535676&r1=535675&r2=535676 ============================================================================== --- directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/VerifyAuthHeader.java (original) +++ directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/service/VerifyAuthHeader.java Sun May 6 16:18:55 2007 @@ -23,6 +23,7 @@ import java.net.InetAddress; import org.apache.directory.server.kerberos.shared.crypto.encryption.CipherTextHandler; +import org.apache.directory.server.kerberos.shared.crypto.encryption.KeyUsage; import org.apache.directory.server.kerberos.shared.exceptions.ErrorType; import org.apache.directory.server.kerberos.shared.exceptions.KerberosException; import org.apache.directory.server.kerberos.shared.messages.ApplicationRequest; @@ -49,6 +50,7 @@ { private String contextKey = "context"; + // RFC 1510 A.10. KRB_AP_REQ verification public Authenticator verifyAuthHeader( ApplicationRequest authHeader, Ticket ticket, EncryptionKey serverKey, long clockSkew, ReplayCache replayCache, boolean emptyAddressesAllowed, InetAddress clientAddress, @@ -91,11 +93,12 @@ throw new KerberosException( ErrorType.KRB_AP_ERR_NOKEY ); } - EncTicketPart encPart = ( EncTicketPart ) lockBox.unseal( EncTicketPart.class, ticketKey, ticket.getEncPart() ); + EncTicketPart encPart = ( EncTicketPart ) lockBox.unseal( EncTicketPart.class, ticketKey, ticket.getEncPart(), + KeyUsage.NUMBER2 ); ticket.setEncTicketPart( encPart ); Authenticator authenticator = ( Authenticator ) lockBox.unseal( Authenticator.class, ticket.getSessionKey(), - authHeader.getEncPart() ); + authHeader.getEncPart(), KeyUsage.NUMBER11 ); if ( !authenticator.getClientPrincipal().getName().equals( ticket.getClientPrincipal().getName() ) ) {