directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From erodrig...@apache.org
Subject svn commit: r550017 - in /directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc: authentication/ ticketgrant/
Date Sat, 23 Jun 2007 07:24:42 GMT
Author: erodriguez
Date: Sat Jun 23 00:24:40 2007
New Revision: 550017

URL: http://svn.apache.org/viewvc?view=rev&rev=550017
Log:
Removed session key links from AS and TGS chains.  Session key generation was better encapsulated
in the RandomKeyFactory in the advanced encryption types branch work.

Removed:
    directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/GetSessionKey.java
    directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/GetSessionKey.java
Modified:
    directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationContext.java
    directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationServiceChain.java
    directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/GenerateTicket.java
    directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/BuildReply.java
    directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/GenerateTicket.java
    directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/TicketGrantingContext.java
    directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/TicketGrantingServiceChain.java

Modified: directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationContext.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationContext.java?view=diff&rev=550017&r1=550016&r2=550017
==============================================================================
--- directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationContext.java
(original)
+++ directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationContext.java
Sat Jun 23 00:24:40 2007
@@ -42,7 +42,6 @@
 
     private Ticket ticket;
     private EncryptionKey clientKey;
-    private EncryptionKey sessionKey;
     private ReplayCache replayCache;
 
     private PrincipalStoreEntry clientEntry;
@@ -136,24 +135,6 @@
     public void setClientKey( EncryptionKey clientKey )
     {
         this.clientKey = clientKey;
-    }
-
-
-    /**
-     * @return Returns the sessionKey.
-     */
-    public EncryptionKey getSessionKey()
-    {
-        return sessionKey;
-    }
-
-
-    /**
-     * @param sessionKey The sessionKey to set.
-     */
-    public void setSessionKey( EncryptionKey sessionKey )
-    {
-        this.sessionKey = sessionKey;
     }
 
 

Modified: directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationServiceChain.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationServiceChain.java?view=diff&rev=550017&r1=550016&r2=550017
==============================================================================
--- directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationServiceChain.java
(original)
+++ directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationServiceChain.java
Sat Jun 23 00:24:40 2007
@@ -44,7 +44,6 @@
         addLast( "verifyPolicy", new VerifyPolicy() );
         addLast( "preAuthenticationChain", new PreAuthenticationChain() );
         addLast( "getServerEntry", new GetServerEntry() );
-        addLast( "getSessionKey", new GetSessionKey() );
         addLast( "generateTicket", new GenerateTicket() );
         addLast( "buildReply", new BuildReply() );
         addLast( "sealReply", new SealReply() );

Modified: directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/GenerateTicket.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/GenerateTicket.java?view=diff&rev=550017&r1=550016&r2=550017
==============================================================================
--- directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/GenerateTicket.java
(original)
+++ directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/GenerateTicket.java
Sat Jun 23 00:24:40 2007
@@ -26,6 +26,7 @@
 import org.apache.directory.server.kerberos.shared.crypto.encryption.CipherTextHandler;
 import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
 import org.apache.directory.server.kerberos.shared.crypto.encryption.KeyUsage;
+import org.apache.directory.server.kerberos.shared.crypto.encryption.RandomKeyFactory;
 import org.apache.directory.server.kerberos.shared.exceptions.ErrorType;
 import org.apache.directory.server.kerberos.shared.exceptions.KerberosException;
 import org.apache.directory.server.kerberos.shared.messages.KdcRequest;
@@ -70,7 +71,6 @@
         KerberosPrincipal ticketPrincipal = request.getServerPrincipal();
         EncTicketPartModifier newTicketBody = new EncTicketPartModifier();
         KdcConfiguration config = authContext.getConfig();
-        EncryptionKey sessionKey = authContext.getSessionKey();
 
         if ( request.getKdcOptions().get( KdcOptions.FORWARDABLE ) )
         {
@@ -94,7 +94,9 @@
             throw new KerberosException( ErrorType.KDC_ERR_BADOPTION );
         }
 
+        EncryptionKey sessionKey = RandomKeyFactory.getRandomKey( authContext.getEncryptionType()
);
         newTicketBody.setSessionKey( sessionKey );
+
         newTicketBody.setClientPrincipal( request.getClientPrincipal() );
         newTicketBody.setTransitedEncoding( new TransitedEncoding() );
 

Modified: directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/BuildReply.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/BuildReply.java?view=diff&rev=550017&r1=550016&r2=550017
==============================================================================
--- directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/BuildReply.java
(original)
+++ directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/BuildReply.java
Sat Jun 23 00:24:40 2007
@@ -23,7 +23,6 @@
 import org.apache.directory.server.kerberos.shared.messages.KdcRequest;
 import org.apache.directory.server.kerberos.shared.messages.TicketGrantReply;
 import org.apache.directory.server.kerberos.shared.messages.components.Ticket;
-import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
 import org.apache.directory.server.kerberos.shared.messages.value.LastRequest;
 import org.apache.directory.server.kerberos.shared.messages.value.TicketFlags;
 import org.apache.mina.common.IoSession;
@@ -38,18 +37,18 @@
 {
     private String contextKey = "context";
 
+
     public void execute( NextCommand next, IoSession session, Object message ) throws Exception
     {
         TicketGrantingContext tgsContext = ( TicketGrantingContext ) session.getAttribute(
getContextKey() );
         KdcRequest request = tgsContext.getRequest();
         Ticket tgt = tgsContext.getTgt();
         Ticket newTicket = tgsContext.getNewTicket();
-        EncryptionKey sessionKey = tgsContext.getSessionKey();
 
         TicketGrantReply reply = new TicketGrantReply();
         reply.setClientPrincipal( tgt.getClientPrincipal() );
         reply.setTicket( newTicket );
-        reply.setKey( sessionKey );
+        reply.setKey( newTicket.getSessionKey() );
         reply.setNonce( request.getNonce() );
         // TODO - resp.last-req := fetch_last_request_info(client); requires store
         reply.setLastRequest( new LastRequest() );

Modified: directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/GenerateTicket.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/GenerateTicket.java?view=diff&rev=550017&r1=550016&r2=550017
==============================================================================
--- directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/GenerateTicket.java
(original)
+++ directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/GenerateTicket.java
Sat Jun 23 00:24:40 2007
@@ -30,6 +30,7 @@
 import org.apache.directory.server.kerberos.shared.crypto.encryption.CipherTextHandler;
 import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
 import org.apache.directory.server.kerberos.shared.crypto.encryption.KeyUsage;
+import org.apache.directory.server.kerberos.shared.crypto.encryption.RandomKeyFactory;
 import org.apache.directory.server.kerberos.shared.exceptions.ErrorType;
 import org.apache.directory.server.kerberos.shared.exceptions.KerberosException;
 import org.apache.directory.server.kerberos.shared.messages.KdcRequest;
@@ -70,7 +71,6 @@
         EncryptionKey serverKey = tgsContext.getRequestPrincipalEntry().getKeyMap().get(
encryptionType );
 
         KdcConfiguration config = tgsContext.getConfig();
-        EncryptionKey sessionKey = tgsContext.getSessionKey();
 
         EncTicketPartModifier newTicketBody = new EncTicketPartModifier();
 
@@ -78,7 +78,9 @@
 
         processFlags( config, request, tgt, newTicketBody );
 
+        EncryptionKey sessionKey = RandomKeyFactory.getRandomKey( tgsContext.getEncryptionType()
);
         newTicketBody.setSessionKey( sessionKey );
+
         newTicketBody.setClientPrincipal( tgt.getClientPrincipal() );
 
         if ( request.getEncAuthorizationData() != null )

Modified: directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/TicketGrantingContext.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/TicketGrantingContext.java?view=diff&rev=550017&r1=550016&r2=550017
==============================================================================
--- directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/TicketGrantingContext.java
(original)
+++ directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/TicketGrantingContext.java
Sat Jun 23 00:24:40 2007
@@ -24,7 +24,6 @@
 import org.apache.directory.server.kerberos.shared.messages.ApplicationRequest;
 import org.apache.directory.server.kerberos.shared.messages.components.Authenticator;
 import org.apache.directory.server.kerberos.shared.messages.components.Ticket;
-import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
 import org.apache.directory.server.kerberos.shared.replay.ReplayCache;
 import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntry;
 
@@ -40,7 +39,6 @@
     private ApplicationRequest authHeader;
     private Ticket tgt;
     private Ticket newTicket;
-    private EncryptionKey sessionKey;
     private Authenticator authenticator;
     private ReplayCache replayCache;
 
@@ -135,24 +133,6 @@
     public void setNewTicket( Ticket newTicket )
     {
         this.newTicket = newTicket;
-    }
-
-
-    /**
-     * @return Returns the sessionKey.
-     */
-    public EncryptionKey getSessionKey()
-    {
-        return sessionKey;
-    }
-
-
-    /**
-     * @param sessionKey The sessionKey to set.
-     */
-    public void setSessionKey( EncryptionKey sessionKey )
-    {
-        this.sessionKey = sessionKey;
     }
 
 

Modified: directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/TicketGrantingServiceChain.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/TicketGrantingServiceChain.java?view=diff&rev=550017&r1=550016&r2=550017
==============================================================================
--- directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/TicketGrantingServiceChain.java
(original)
+++ directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/TicketGrantingServiceChain.java
Sat Jun 23 00:24:40 2007
@@ -58,7 +58,6 @@
         addLast( "verifyTgtAuthHeader", new VerifyTgtAuthHeader() );
         addLast( "verifyBodyChecksum", new VerifyBodyChecksum() );
         addLast( "getRequestPrincipalEntry", new GetRequestPrincipalEntry() );
-        addLast( "getSessionKey", new GetSessionKey() );
         addLast( "generateTicket", new GenerateTicket() );
         addLast( "buildReply", new BuildReply() );
 



Mime
View raw message