directory-commits mailing list archives

Site index · List index

Message view	« Date » · « Thread »
Top	« Date » · « Thread »
From	erodrig...@apache.org
Subject	svn commit: r548929 - in /directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared: crypto/checksum/ crypto/encryption/ io/decoder/ io/encoder/ messages/components/
Date	Wed, 20 Jun 2007 04:28:47 GMT
Author: erodriguez Date: Tue Jun 19 21:28:46 2007 New Revision: 548929 URL: http://svn.apache.org/viewvc?view=rev&rev=548929 Log: Updates to kerberos-shared to support client-side Kerberos: o Added support for EncKdcRepPart unseal. o Added body checksum calculation. Added: directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/io/decoder/EncKdcRepPartDecoder.java (with props) Modified: directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/ChecksumHandler.java directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/CipherTextHandler.java directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/io/decoder/LastRequestDecoder.java directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/io/decoder/TicketDecoder.java directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/io/encoder/KdcRequestEncoder.java directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/components/EncKdcRepPart.java Modified: directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/ChecksumHandler.java URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/ChecksumHandler.java?view=diff&rev=548929&r1=548928&r2=548929 ============================================================================== --- directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/ChecksumHandler.java (original) +++ directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/checksum/ChecksumHandler.java Tue Jun 19 21:28:46 2007 @@ -59,6 +59,29 @@ /** + * Calculate a checksum based on raw bytes and an (optional) key for keyed checksums. + * + * @param checksumType + * @param bytes + * @param key + * @param usage + * @return The {@link Checksum}. + * @throws KerberosException + / + public Checksum calculateChecksum( ChecksumType checksumType, byte[] bytes, byte[] key, KeyUsage usage ) + throws KerberosException + { + if ( !DEFAULT_CHECKSUMS.containsKey( checksumType ) ) + { + throw new KerberosException( ErrorType.KDC_ERR_SUMTYPE_NOSUPP ); + } + + ChecksumEngine digester = getEngine( checksumType ); + return new Checksum( checksumType, digester.calculateChecksum( bytes, key, usage ) ); + } + + + /* * Verify a checksum by providing the raw bytes and an (optional) key for keyed checksums. * * @param checksum Modified: directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/CipherTextHandler.java URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/CipherTextHandler.java?view=diff&rev=548929&r1=548928&r2=548929 ============================================================================== --- directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/CipherTextHandler.java (original) +++ directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/CipherTextHandler.java Tue Jun 19 21:28:46 2007 @@ -33,6 +33,7 @@ import org.apache.directory.server.kerberos.shared.io.decoder.Decoder; import org.apache.directory.server.kerberos.shared.io.decoder.DecoderFactory; import org.apache.directory.server.kerberos.shared.io.decoder.EncApRepPartDecoder; +import org.apache.directory.server.kerberos.shared.io.decoder.EncKdcRepPartDecoder; import org.apache.directory.server.kerberos.shared.io.decoder.EncKrbPrivPartDecoder; import org.apache.directory.server.kerberos.shared.io.decoder.EncTicketPartDecoder; import org.apache.directory.server.kerberos.shared.io.decoder.EncryptedTimestampDecoder; @@ -50,6 +51,7 @@ import org.apache.directory.server.kerberos.shared.messages.TicketGrantReply; import org.apache.directory.server.kerberos.shared.messages.components.Authenticator; import org.apache.directory.server.kerberos.shared.messages.components.EncApRepPart; +import org.apache.directory.server.kerberos.shared.messages.components.EncKdcRepPart; import org.apache.directory.server.kerberos.shared.messages.components.EncKrbPrivPart; import org.apache.directory.server.kerberos.shared.messages.components.EncTicketPart; import org.apache.directory.server.kerberos.shared.messages.value.AuthorizationData; @@ -100,6 +102,7 @@ map.put( AuthorizationData.class, AuthorizationDataDecoder.class ); map.put( EncKrbPrivPart.class, EncKrbPrivPartDecoder.class ); map.put( EncApRepPart.class, EncApRepPartDecoder.class ); + map.put( EncKdcRepPart.class, EncKdcRepPartDecoder.class ); DEFAULT_DECODERS = Collections.unmodifiableMap( map ); } Added: directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/io/decoder/EncKdcRepPartDecoder.java URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/io/decoder/EncKdcRepPartDecoder.java?view=auto&rev=548929 ============================================================================== --- directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/io/decoder/EncKdcRepPartDecoder.java (added) +++ directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/io/decoder/EncKdcRepPartDecoder.java Tue Jun 19 21:28:46 2007 @@ -0,0 +1,149 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + / +package org.apache.directory.server.kerberos.shared.io.decoder; + + +import java.io.IOException; +import java.util.Enumeration; + +import org.apache.directory.server.kerberos.shared.messages.Encodable; +import org.apache.directory.server.kerberos.shared.messages.components.EncKdcRepPart; +import org.apache.directory.server.kerberos.shared.messages.value.KerberosPrincipalModifier; +import org.apache.directory.server.kerberos.shared.messages.value.TicketFlags; +import org.apache.directory.shared.asn1.der.ASN1InputStream; +import org.apache.directory.shared.asn1.der.DERApplicationSpecific; +import org.apache.directory.shared.asn1.der.DERBitString; +import org.apache.directory.shared.asn1.der.DEREncodable; +import org.apache.directory.shared.asn1.der.DERGeneralString; +import org.apache.directory.shared.asn1.der.DERGeneralizedTime; +import org.apache.directory.shared.asn1.der.DERInteger; +import org.apache.directory.shared.asn1.der.DERSequence; +import org.apache.directory.shared.asn1.der.DERTaggedObject; + + +/* + * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a> + * @version $Rev: 502338 $, $Date: 2007-02-01 11:59:43 -0800 (Thu, 01 Feb 2007) $ + / +public class EncKdcRepPartDecoder implements Decoder, DecoderFactory +{ + public Decoder getDecoder() + { + return new EncKdcRepPartDecoder(); + } + + + public Encodable decode( byte[] encoded ) throws IOException + { + ASN1InputStream ais = new ASN1InputStream( encoded ); + + DERApplicationSpecific app = ( DERApplicationSpecific ) ais.readObject(); + + DERSequence sequence = ( DERSequence ) app.getObject(); + + return decodeEncKdcRepPartSequence( sequence ); + } + + + /* + * EncKDCRepPart ::= SEQUENCE { + * key[0] EncryptionKey, + * last-req[1] LastReq, + * nonce[2] INTEGER, + * key-expiration[3] KerberosTime OPTIONAL, + * flags[4] TicketFlags, + * authtime[5] KerberosTime, + * starttime[6] KerberosTime OPTIONAL, + * endtime[7] KerberosTime, + * renew-till[8] KerberosTime OPTIONAL, + * srealm[9] Realm, + * sname[10] PrincipalName, + * caddr[11] HostAddresses OPTIONAL + * } + / + private EncKdcRepPart decodeEncKdcRepPartSequence( DERSequence sequence ) + { + EncKdcRepPart modifier = new EncKdcRepPart(); + KerberosPrincipalModifier principalModifier = new KerberosPrincipalModifier(); + + for ( Enumeration e = sequence.getObjects(); e.hasMoreElements(); ) + { + DERTaggedObject object = ( DERTaggedObject ) e.nextElement(); + int tag = object.getTagNo(); + DEREncodable derObject = object.getObject(); + + switch ( tag ) + { + case 0: + DERSequence tag0 = ( DERSequence ) derObject; + modifier.setKey( EncryptionKeyDecoder.decode( tag0 ) ); + break; + case 1: + DERSequence tag1 = ( DERSequence ) derObject; + modifier.setLastRequest( LastRequestDecoder.decodeSequence( tag1 ) ); + break; + case 2: + DERInteger tag2 = ( DERInteger ) derObject; + modifier.setNonce( new Integer( tag2.intValue() ) ); + break; + case 3: + DERGeneralizedTime tag3 = ( DERGeneralizedTime ) derObject; + modifier.setKeyExpiration( KerberosTimeDecoder.decode( tag3 ) ); + break; + case 4: + DERBitString tag4 = ( DERBitString ) derObject; + modifier.setFlags( new TicketFlags( tag4.getOctets() ) ); + break; + case 5: + DERGeneralizedTime tag5 = ( DERGeneralizedTime ) derObject; + modifier.setAuthTime( KerberosTimeDecoder.decode( tag5 ) ); + break; + case 6: + DERGeneralizedTime tag6 = ( DERGeneralizedTime ) derObject; + modifier.setStartTime( KerberosTimeDecoder.decode( tag6 ) ); + break; + case 7: + DERGeneralizedTime tag7 = ( DERGeneralizedTime ) derObject; + modifier.setEndTime( KerberosTimeDecoder.decode( tag7 ) ); + break; + case 8: + DERGeneralizedTime tag8 = ( DERGeneralizedTime ) derObject; + modifier.setRenewTill( KerberosTimeDecoder.decode( tag8 ) ); + break; + case 9: + DERGeneralString tag9 = ( DERGeneralString ) derObject; + principalModifier.setRealm( tag9.getString() ); + break; + case 10: + DERSequence tag10 = ( DERSequence ) derObject; + principalModifier.setPrincipalName( PrincipalNameDecoder.decode( tag10 ) ); + break; + case 11: + DERSequence tag11 = ( DERSequence ) derObject; + modifier.setClientAddresses( HostAddressDecoder.decodeSequence( tag11 ) ); + break; + } + } + + modifier.setServerPrincipal( principalModifier.getKerberosPrincipal() ); + + return modifier; + } +} Propchange: directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/io/decoder/EncKdcRepPartDecoder.java ------------------------------------------------------------------------------ svn:eol-style = native Modified: directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/io/decoder/LastRequestDecoder.java URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/io/decoder/LastRequestDecoder.java?view=diff&rev=548929&r1=548928&r2=548929 ============================================================================== --- directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/io/decoder/LastRequestDecoder.java (original) +++ directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/io/decoder/LastRequestDecoder.java Tue Jun 19 21:28:46 2007 @@ -45,7 +45,7 @@ lr-value[1] KerberosTime * } / - protected LastRequest decodeSequence( DERSequence sequence ) + protected static LastRequest decodeSequence( DERSequence sequence ) { LastRequestEntry[] entries = new LastRequestEntry[sequence.size()]; @@ -62,7 +62,7 @@ } - protected LastRequestEntry decode( DERSequence sequence ) + protected static LastRequestEntry decode( DERSequence sequence ) { LastRequestType type = LastRequestType.NONE; KerberosTime value = null; Modified: directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/io/decoder/TicketDecoder.java URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/io/decoder/TicketDecoder.java?view=diff&rev=548929&r1=548928&r2=548929 ============================================================================== --- directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/io/decoder/TicketDecoder.java (original) +++ directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/io/decoder/TicketDecoder.java Tue Jun 19 21:28:46 2007 @@ -25,6 +25,7 @@ import org.apache.directory.server.kerberos.shared.messages.components.Ticket; import org.apache.directory.server.kerberos.shared.messages.components.TicketModifier; +import org.apache.directory.shared.asn1.der.ASN1InputStream; import org.apache.directory.shared.asn1.der.DERApplicationSpecific; import org.apache.directory.shared.asn1.der.DEREncodable; import org.apache.directory.shared.asn1.der.DERGeneralString; @@ -39,6 +40,23 @@ / public class TicketDecoder { + /** + * Decodes a byte array into an {@link Ticket}. + * + * @param encodedTicket + * @return The {@link Ticket}. + * @throws IOException + / + public static Ticket decode( byte[] encodedTicket ) throws IOException + { + ASN1InputStream ais = new ASN1InputStream( encodedTicket ); + + DERApplicationSpecific app = ( DERApplicationSpecific ) ais.readObject(); + + return decode( app ); + } + + /* * Decodes a {@link DERSequence} into an array of {@link Ticket}s. * Modified: directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/io/encoder/KdcRequestEncoder.java URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/io/encoder/KdcRequestEncoder.java?view=diff&rev=548929&r1=548928&r2=548929 ============================================================================== --- directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/io/encoder/KdcRequestEncoder.java (original) +++ directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/io/encoder/KdcRequestEncoder.java Tue Jun 19 21:28:46 2007 @@ -20,6 +20,7 @@ package org.apache.directory.server.kerberos.shared.io.encoder; +import java.io.ByteArrayOutputStream; import java.io.IOException; import java.nio.ByteBuffer; @@ -84,6 +85,25 @@ sequence.add( new DERTaggedObject( 4, encodeKdcRequestBody( app ) ) ); return sequence; + } + + + /** + * Encodes a {@link KdcRequest} into a byte[]. + * + * @param request + * @return The encoded {@link KdcRequest}. + * @throws IOException + / + public byte[] encodeBody( KdcRequest request ) throws IOException + { + ByteArrayOutputStream baos = new ByteArrayOutputStream(); + ASN1OutputStream aos = new ASN1OutputStream( baos ); + + aos.writeObject( encodeKdcRequestBody( request ) ); + aos.close(); + + return baos.toByteArray(); } Modified: directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/components/EncKdcRepPart.java URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/components/EncKdcRepPart.java?view=diff&rev=548929&r1=548928&r2=548929 ============================================================================== --- directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/components/EncKdcRepPart.java (original) +++ directory/apacheds/trunk/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/components/EncKdcRepPart.java Tue Jun 19 21:28:46 2007 @@ -22,6 +22,7 @@ import javax.security.auth.kerberos.KerberosPrincipal; +import org.apache.directory.server.kerberos.shared.messages.Encodable; import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey; import org.apache.directory.server.kerberos.shared.messages.value.HostAddresses; import org.apache.directory.server.kerberos.shared.messages.value.KerberosTime; @@ -35,7 +36,7 @@ @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a> * @version $Rev$, $Date$ */ -public class EncKdcRepPart +public class EncKdcRepPart implements Encodable { private EncryptionKey key; private LastRequest lastRequest;
Mime	Unnamed text/plain (inline, 7-Bit, 19077 bytes)
	View raw message