directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From erodrig...@apache.org
Subject svn commit: r548929 - in /directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared: crypto/checksum/ crypto/encryption/ io/decoder/ io/encoder/ messages/components/
Date Wed, 20 Jun 2007 04:28:47 GMT
Author: erodriguez
Date: Tue Jun 19 21:28:46 2007
New Revision: 548929

URL: http://svn.apache.org/viewvc?view=rev&rev=548929
Log:
Updates to kerberos-shared to support client-side Kerberos:
o  Added support for EncKdcRepPart unseal.
o  Added body checksum calculation.

Added:
    directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/io/decoder/EncKdcRepPartDecoder.java
  (with props)
Modified:
    directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/ChecksumHandler.java
    directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/CipherTextHandler.java
    directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/io/decoder/LastRequestDecoder.java
    directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/io/decoder/TicketDecoder.java
    directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/io/encoder/KdcRequestEncoder.java
    directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/components/EncKdcRepPart.java

Modified: directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/ChecksumHandler.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/ChecksumHandler.java?view=diff&rev=548929&r1=548928&r2=548929
==============================================================================
--- directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/ChecksumHandler.java
(original)
+++ directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/ChecksumHandler.java
Tue Jun 19 21:28:46 2007
@@ -59,6 +59,29 @@
 
 
     /**
+     * Calculate a checksum based on raw bytes and an (optional) key for keyed checksums.
+     *
+     * @param checksumType
+     * @param bytes
+     * @param key
+     * @param usage
+     * @return The {@link Checksum}.
+     * @throws KerberosException
+     */
+    public Checksum calculateChecksum( ChecksumType checksumType, byte[] bytes, byte[] key,
KeyUsage usage )
+        throws KerberosException
+    {
+        if ( !DEFAULT_CHECKSUMS.containsKey( checksumType ) )
+        {
+            throw new KerberosException( ErrorType.KDC_ERR_SUMTYPE_NOSUPP );
+        }
+
+        ChecksumEngine digester = getEngine( checksumType );
+        return new Checksum( checksumType, digester.calculateChecksum( bytes, key, usage
) );
+    }
+
+
+    /**
      * Verify a checksum by providing the raw bytes and an (optional) key for keyed checksums.
      *
      * @param checksum

Modified: directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/CipherTextHandler.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/CipherTextHandler.java?view=diff&rev=548929&r1=548928&r2=548929
==============================================================================
--- directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/CipherTextHandler.java
(original)
+++ directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/CipherTextHandler.java
Tue Jun 19 21:28:46 2007
@@ -33,6 +33,7 @@
 import org.apache.directory.server.kerberos.shared.io.decoder.Decoder;
 import org.apache.directory.server.kerberos.shared.io.decoder.DecoderFactory;
 import org.apache.directory.server.kerberos.shared.io.decoder.EncApRepPartDecoder;
+import org.apache.directory.server.kerberos.shared.io.decoder.EncKdcRepPartDecoder;
 import org.apache.directory.server.kerberos.shared.io.decoder.EncKrbPrivPartDecoder;
 import org.apache.directory.server.kerberos.shared.io.decoder.EncTicketPartDecoder;
 import org.apache.directory.server.kerberos.shared.io.decoder.EncryptedTimestampDecoder;
@@ -50,6 +51,7 @@
 import org.apache.directory.server.kerberos.shared.messages.TicketGrantReply;
 import org.apache.directory.server.kerberos.shared.messages.components.Authenticator;
 import org.apache.directory.server.kerberos.shared.messages.components.EncApRepPart;
+import org.apache.directory.server.kerberos.shared.messages.components.EncKdcRepPart;
 import org.apache.directory.server.kerberos.shared.messages.components.EncKrbPrivPart;
 import org.apache.directory.server.kerberos.shared.messages.components.EncTicketPart;
 import org.apache.directory.server.kerberos.shared.messages.value.AuthorizationData;
@@ -100,6 +102,7 @@
         map.put( AuthorizationData.class, AuthorizationDataDecoder.class );
         map.put( EncKrbPrivPart.class, EncKrbPrivPartDecoder.class );
         map.put( EncApRepPart.class, EncApRepPartDecoder.class );
+        map.put( EncKdcRepPart.class, EncKdcRepPartDecoder.class );
 
         DEFAULT_DECODERS = Collections.unmodifiableMap( map );
     }

Added: directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/io/decoder/EncKdcRepPartDecoder.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/io/decoder/EncKdcRepPartDecoder.java?view=auto&rev=548929
==============================================================================
--- directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/io/decoder/EncKdcRepPartDecoder.java
(added)
+++ directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/io/decoder/EncKdcRepPartDecoder.java
Tue Jun 19 21:28:46 2007
@@ -0,0 +1,149 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.directory.server.kerberos.shared.io.decoder;
+
+
+import java.io.IOException;
+import java.util.Enumeration;
+
+import org.apache.directory.server.kerberos.shared.messages.Encodable;
+import org.apache.directory.server.kerberos.shared.messages.components.EncKdcRepPart;
+import org.apache.directory.server.kerberos.shared.messages.value.KerberosPrincipalModifier;
+import org.apache.directory.server.kerberos.shared.messages.value.TicketFlags;
+import org.apache.directory.shared.asn1.der.ASN1InputStream;
+import org.apache.directory.shared.asn1.der.DERApplicationSpecific;
+import org.apache.directory.shared.asn1.der.DERBitString;
+import org.apache.directory.shared.asn1.der.DEREncodable;
+import org.apache.directory.shared.asn1.der.DERGeneralString;
+import org.apache.directory.shared.asn1.der.DERGeneralizedTime;
+import org.apache.directory.shared.asn1.der.DERInteger;
+import org.apache.directory.shared.asn1.der.DERSequence;
+import org.apache.directory.shared.asn1.der.DERTaggedObject;
+
+
+/**
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev: 502338 $, $Date: 2007-02-01 11:59:43 -0800 (Thu, 01 Feb 2007) $
+ */
+public class EncKdcRepPartDecoder implements Decoder, DecoderFactory
+{
+    public Decoder getDecoder()
+    {
+        return new EncKdcRepPartDecoder();
+    }
+
+
+    public Encodable decode( byte[] encoded ) throws IOException
+    {
+        ASN1InputStream ais = new ASN1InputStream( encoded );
+
+        DERApplicationSpecific app = ( DERApplicationSpecific ) ais.readObject();
+
+        DERSequence sequence = ( DERSequence ) app.getObject();
+
+        return decodeEncKdcRepPartSequence( sequence );
+    }
+
+
+    /**
+     *    EncKDCRepPart ::=   SEQUENCE {
+     *                key[0]                       EncryptionKey,
+     *                last-req[1]                  LastReq,
+     *                nonce[2]                     INTEGER,
+     *                key-expiration[3]            KerberosTime OPTIONAL,
+     *                flags[4]                     TicketFlags,
+     *                authtime[5]                  KerberosTime,
+     *                starttime[6]                 KerberosTime OPTIONAL,
+     *                endtime[7]                   KerberosTime,
+     *                renew-till[8]                KerberosTime OPTIONAL,
+     *                srealm[9]                    Realm,
+     *                sname[10]                    PrincipalName,
+     *                caddr[11]                    HostAddresses OPTIONAL
+     * }
+     */
+    private EncKdcRepPart decodeEncKdcRepPartSequence( DERSequence sequence )
+    {
+        EncKdcRepPart modifier = new EncKdcRepPart();
+        KerberosPrincipalModifier principalModifier = new KerberosPrincipalModifier();
+
+        for ( Enumeration e = sequence.getObjects(); e.hasMoreElements(); )
+        {
+            DERTaggedObject object = ( DERTaggedObject ) e.nextElement();
+            int tag = object.getTagNo();
+            DEREncodable derObject = object.getObject();
+
+            switch ( tag )
+            {
+                case 0:
+                    DERSequence tag0 = ( DERSequence ) derObject;
+                    modifier.setKey( EncryptionKeyDecoder.decode( tag0 ) );
+                    break;
+                case 1:
+                    DERSequence tag1 = ( DERSequence ) derObject;
+                    modifier.setLastRequest( LastRequestDecoder.decodeSequence( tag1 ) );
+                    break;
+                case 2:
+                    DERInteger tag2 = ( DERInteger ) derObject;
+                    modifier.setNonce( new Integer( tag2.intValue() ) );
+                    break;
+                case 3:
+                    DERGeneralizedTime tag3 = ( DERGeneralizedTime ) derObject;
+                    modifier.setKeyExpiration( KerberosTimeDecoder.decode( tag3 ) );
+                    break;
+                case 4:
+                    DERBitString tag4 = ( DERBitString ) derObject;
+                    modifier.setFlags( new TicketFlags( tag4.getOctets() ) );
+                    break;
+                case 5:
+                    DERGeneralizedTime tag5 = ( DERGeneralizedTime ) derObject;
+                    modifier.setAuthTime( KerberosTimeDecoder.decode( tag5 ) );
+                    break;
+                case 6:
+                    DERGeneralizedTime tag6 = ( DERGeneralizedTime ) derObject;
+                    modifier.setStartTime( KerberosTimeDecoder.decode( tag6 ) );
+                    break;
+                case 7:
+                    DERGeneralizedTime tag7 = ( DERGeneralizedTime ) derObject;
+                    modifier.setEndTime( KerberosTimeDecoder.decode( tag7 ) );
+                    break;
+                case 8:
+                    DERGeneralizedTime tag8 = ( DERGeneralizedTime ) derObject;
+                    modifier.setRenewTill( KerberosTimeDecoder.decode( tag8 ) );
+                    break;
+                case 9:
+                    DERGeneralString tag9 = ( DERGeneralString ) derObject;
+                    principalModifier.setRealm( tag9.getString() );
+                    break;
+                case 10:
+                    DERSequence tag10 = ( DERSequence ) derObject;
+                    principalModifier.setPrincipalName( PrincipalNameDecoder.decode( tag10
) );
+                    break;
+                case 11:
+                    DERSequence tag11 = ( DERSequence ) derObject;
+                    modifier.setClientAddresses( HostAddressDecoder.decodeSequence( tag11
) );
+                    break;
+            }
+        }
+
+        modifier.setServerPrincipal( principalModifier.getKerberosPrincipal() );
+
+        return modifier;
+    }
+}

Propchange: directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/io/decoder/EncKdcRepPartDecoder.java
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/io/decoder/LastRequestDecoder.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/io/decoder/LastRequestDecoder.java?view=diff&rev=548929&r1=548928&r2=548929
==============================================================================
--- directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/io/decoder/LastRequestDecoder.java
(original)
+++ directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/io/decoder/LastRequestDecoder.java
Tue Jun 19 21:28:46 2007
@@ -45,7 +45,7 @@
      * lr-value[1]              KerberosTime
      * }
      */
-    protected LastRequest decodeSequence( DERSequence sequence )
+    protected static LastRequest decodeSequence( DERSequence sequence )
     {
         LastRequestEntry[] entries = new LastRequestEntry[sequence.size()];
 
@@ -62,7 +62,7 @@
     }
 
 
-    protected LastRequestEntry decode( DERSequence sequence )
+    protected static LastRequestEntry decode( DERSequence sequence )
     {
         LastRequestType type = LastRequestType.NONE;
         KerberosTime value = null;

Modified: directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/io/decoder/TicketDecoder.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/io/decoder/TicketDecoder.java?view=diff&rev=548929&r1=548928&r2=548929
==============================================================================
--- directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/io/decoder/TicketDecoder.java
(original)
+++ directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/io/decoder/TicketDecoder.java
Tue Jun 19 21:28:46 2007
@@ -25,6 +25,7 @@
 
 import org.apache.directory.server.kerberos.shared.messages.components.Ticket;
 import org.apache.directory.server.kerberos.shared.messages.components.TicketModifier;
+import org.apache.directory.shared.asn1.der.ASN1InputStream;
 import org.apache.directory.shared.asn1.der.DERApplicationSpecific;
 import org.apache.directory.shared.asn1.der.DEREncodable;
 import org.apache.directory.shared.asn1.der.DERGeneralString;
@@ -39,6 +40,23 @@
  */
 public class TicketDecoder
 {
+    /**
+     * Decodes a byte array into an {@link Ticket}.
+     *
+     * @param encodedTicket
+     * @return The {@link Ticket}.
+     * @throws IOException
+     */
+    public static Ticket decode( byte[] encodedTicket ) throws IOException
+    {
+        ASN1InputStream ais = new ASN1InputStream( encodedTicket );
+
+        DERApplicationSpecific app = ( DERApplicationSpecific ) ais.readObject();
+
+        return decode( app );
+    }
+
+
     /**
      * Decodes a {@link DERSequence} into an array of {@link Ticket}s.
      *

Modified: directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/io/encoder/KdcRequestEncoder.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/io/encoder/KdcRequestEncoder.java?view=diff&rev=548929&r1=548928&r2=548929
==============================================================================
--- directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/io/encoder/KdcRequestEncoder.java
(original)
+++ directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/io/encoder/KdcRequestEncoder.java
Tue Jun 19 21:28:46 2007
@@ -20,6 +20,7 @@
 package org.apache.directory.server.kerberos.shared.io.encoder;
 
 
+import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.nio.ByteBuffer;
 
@@ -84,6 +85,25 @@
         sequence.add( new DERTaggedObject( 4, encodeKdcRequestBody( app ) ) );
 
         return sequence;
+    }
+
+
+    /**
+     * Encodes a {@link KdcRequest} into a byte[].
+     *
+     * @param request
+     * @return The encoded {@link KdcRequest}.
+     * @throws IOException
+     */
+    public byte[] encodeBody( KdcRequest request ) throws IOException
+    {
+        ByteArrayOutputStream baos = new ByteArrayOutputStream();
+        ASN1OutputStream aos = new ASN1OutputStream( baos );
+
+        aos.writeObject( encodeKdcRequestBody( request ) );
+        aos.close();
+
+        return baos.toByteArray();
     }
 
 

Modified: directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/components/EncKdcRepPart.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/components/EncKdcRepPart.java?view=diff&rev=548929&r1=548928&r2=548929
==============================================================================
--- directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/components/EncKdcRepPart.java
(original)
+++ directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/components/EncKdcRepPart.java
Tue Jun 19 21:28:46 2007
@@ -22,6 +22,7 @@
 
 import javax.security.auth.kerberos.KerberosPrincipal;
 
+import org.apache.directory.server.kerberos.shared.messages.Encodable;
 import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
 import org.apache.directory.server.kerberos.shared.messages.value.HostAddresses;
 import org.apache.directory.server.kerberos.shared.messages.value.KerberosTime;
@@ -35,7 +36,7 @@
  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
  * @version $Rev$, $Date$
  */
-public class EncKdcRepPart
+public class EncKdcRepPart implements Encodable
 {
     private EncryptionKey key;
     private LastRequest lastRequest;



Mime
View raw message