directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From elecha...@apache.org
Subject svn commit: r578743 [4/12] - in /directory/apacheds/branches/apacheds-kerberos: kerberos-shared/ kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/ kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto...
Date Mon, 24 Sep 2007 10:18:45 GMT
Added: directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/application/ApplicationRequest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/application/ApplicationRequest.java?rev=578743&view=auto
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/application/ApplicationRequest.java (added)
+++ directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/application/ApplicationRequest.java Mon Sep 24 03:18:05 2007
@@ -0,0 +1,225 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.directory.server.kerberos.shared.messages.application;
+
+
+import org.apache.directory.server.kerberos.shared.messages.KerberosMessage;
+import org.apache.directory.server.kerberos.shared.messages.MessageType;
+import org.apache.directory.server.kerberos.shared.messages.components.Ticket;
+import org.apache.directory.server.kerberos.shared.messages.value.EncryptedData;
+import org.apache.directory.server.kerberos.shared.messages.value.flags.ApOption;
+import org.apache.directory.server.kerberos.shared.messages.value.flags.ApOptions;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+
+/**
+ * This class implement the AP-REQ message. An AP message is sent by
+ * a client to the targeted Server it want to be authenticatd on.
+ * 
+ * The ASN.1 grammar is the following :
+ * 
+ * AP-REQ          ::= [APPLICATION 14] SEQUENCE {
+ *        pvno            [0] INTEGER (5),
+ *        msg-type        [1] INTEGER (14),
+ *        ap-options      [2] APOptions,
+ *        ticket          [3] Ticket,
+ *        authenticator   [4] EncryptedData -- Authenticator
+ * }
+ * 
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev: 546366 $, $Date: 2007-06-12 05:29:33 +0200 (Tue, 12 Jun 2007) $
+ */
+public class ApplicationRequest extends KerberosMessage
+{
+    /** The logger */
+    private static final Logger log = LoggerFactory.getLogger( ApplicationRequest.class );
+
+    /** Speedup for logs */
+    private static final boolean IS_DEBUG = log.isDebugEnabled();
+
+    /** The request options */
+    private ApOptions apOptions;
+    
+    /** The ticket */
+    private Ticket ticket;
+    
+    /** The encrypted authenticator */
+    private EncryptedData encPart; // Authenticator
+
+
+    /**
+     * Creates a new instance of ApplicationRequest.
+     */
+    public ApplicationRequest()
+    {
+        super( MessageType.KRB_AP_REQ );
+        // used by ASN1 decoder
+    }
+
+
+    /**
+     * Creates a new instance of ApplicationRequest.
+     *
+     * @param apOptions
+     * @param ticket
+     * @param encPart
+     */
+    public ApplicationRequest( ApOptions apOptions, Ticket ticket, EncryptedData encPart )
+    {
+        super( MessageType.KRB_AP_REQ );
+        this.apOptions = apOptions;
+        this.ticket = ticket;
+        this.encPart = encPart;
+    }
+
+
+    /**
+     * Returns the {@link ApOptions}.
+     *
+     * @return The {@link ApOptions}.
+     */
+    public ApOptions getApOptions()
+    {
+        return apOptions;
+    }
+
+
+    /**
+     * Returns the {@link Ticket}.
+     *
+     * @return The {@link Ticket}.
+     */
+    public Ticket getTicket()
+    {
+        return ticket;
+    }
+
+
+    /**
+     * Returns the option at a specified index.
+     *
+     * @param option
+     * @return The option.
+     */
+    public boolean getOption( int option )
+    {
+        return apOptions.isFlagSet( option );
+    }
+
+
+    /**
+     * Returns the option at a specified index.
+     *
+     * @param option
+     * @return The option.
+     */
+    public boolean getOption( ApOption option )
+    {
+        return apOptions.isFlagSet( option );
+    }
+
+
+    /**
+     * Sets the option at a specified index.
+     *
+     * @param option
+     */
+    public void setOption( int option )
+    {
+        apOptions.setFlag( option );
+    }
+    
+
+    /**
+     * Sets the option at a specified index.
+     *
+     * @param option
+     */
+    public void setOption( ApOption option )
+    {
+        apOptions.setFlag( option );
+    }
+
+    
+    /**
+     * Clears the option at a specified index.
+     *
+     * @param option
+     */
+    public void clearOption( int option )
+    {
+        apOptions.clearFlag( option );
+    }
+
+    /**
+     * Clears the option at a specified index.
+     *
+     * @param option
+     */
+    public void clearOption( ApOption option )
+    {
+        apOptions.clearFlag( option );
+    }
+
+
+    /**
+     * Returns the {@link EncryptedData}.
+     *
+     * @return The {@link EncryptedData}.
+     */
+    public EncryptedData getEncPart()
+    {
+        return encPart;
+    }
+
+
+    /**
+     * Sets the {@link EncryptedData}.
+     *
+     * @param data
+     */
+    public void setEncPart( EncryptedData data )
+    {
+        encPart = data;
+    }
+
+
+    /**
+     * Sets the {@link ApOptions}.
+     *
+     * @param options
+     */
+    public void setApOptions( ApOptions options )
+    {
+        apOptions = options;
+    }
+
+
+    /**
+     * Sets the {@link Ticket}.
+     *
+     * @param ticket
+     */
+    public void setTicket( Ticket ticket )
+    {
+        this.ticket = ticket;
+    }
+}

Modified: directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/components/Authenticator.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/components/Authenticator.java?rev=578743&r1=578742&r2=578743&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/components/Authenticator.java (original)
+++ directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/components/Authenticator.java Mon Sep 24 03:18:05 2007
@@ -20,82 +20,141 @@
 package org.apache.directory.server.kerberos.shared.messages.components;
 
 
+import java.nio.BufferOverflowException;
+import java.nio.ByteBuffer;
+import java.text.ParseException;
+
 import javax.security.auth.kerberos.KerberosPrincipal;
 
+import org.apache.directory.server.kerberos.shared.KerberosUtils;
 import org.apache.directory.server.kerberos.shared.messages.Encodable;
 import org.apache.directory.server.kerberos.shared.messages.value.AuthorizationData;
 import org.apache.directory.server.kerberos.shared.messages.value.Checksum;
 import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
 import org.apache.directory.server.kerberos.shared.messages.value.KerberosTime;
+import org.apache.directory.server.kerberos.shared.messages.value.PrincipalName;
+import org.apache.directory.shared.asn1.AbstractAsn1Object;
+import org.apache.directory.shared.asn1.ber.tlv.TLV;
+import org.apache.directory.shared.asn1.ber.tlv.UniversalTag;
+import org.apache.directory.shared.asn1.ber.tlv.Value;
+import org.apache.directory.shared.asn1.codec.EncoderException;
+import org.apache.directory.shared.ldap.util.StringTools;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 
 /**
+ * The Authenticator class
+ * 
+ * The ASN.1 grammar is the following :
+ * 
+ * -- Unencrypted authenticator
+ * Authenticator   ::= [APPLICATION 2] SEQUENCE  {
+ *        authenticator-vno       [0] INTEGER (5),
+ *        crealm                  [1] Realm,
+ *        cname                   [2] PrincipalName,
+ *        cksum                   [3] Checksum OPTIONAL,
+ *        cusec                   [4] Microseconds,
+ *        ctime                   [5] KerberosTime,
+ *        subkey                  [6] EncryptionKey OPTIONAL,
+ *        seq-number              [7] UInt32 OPTIONAL,
+ *        authorization-data      [8] AuthorizationData OPTIONAL
+ * }
+ *
  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
  * @version $Rev$, $Date$
  */
-public class Authenticator implements Encodable
+public class Authenticator extends AbstractAsn1Object implements Encodable
 {
+    /** The logger */
+    private static final Logger log = LoggerFactory.getLogger( Authenticator.class );
+
+    /** Speedup for logs */
+    private static final boolean IS_DEBUG = log.isDebugEnabled();
+    
     /**
      * Constant for the authenticator version number.
      */
     public static final int AUTHENTICATOR_VNO = 5;
 
-    private int versionNumber;
+    /** the version number for the format of the authenticator */
+    private int authenticatorVno;
+    
+    /** The client PrincipalName */
+    private PrincipalName cName;
+    
+    /** The client KerberosPrincipal */
     private KerberosPrincipal clientPrincipal;
-    private Checksum checksum;
-    private int clientMicroSecond;
-    private KerberosTime clientTime;
-    private EncryptionKey subSessionKey;
-    private int sequenceNumber;
+    
+    /** The client realm */
+    private String cRealm;
+    
+    /** The client realm as a byte array */
+    private byte[] cRealmBytes;
+    
+    /** checksum of the the application data */
+    private Checksum cksum;
+    
+    /** the microsecond part of the client's timestamp */
+    private int cusec;
+    
+    /** the current time on the client's host */
+    private KerberosTime cTime;
+    
+    /** the client's choice for an encryption key */
+    private EncryptionKey subKey;
+    
+    /** the initial sequence number to be used by the KRB_PRIV or KRB_SAFE messages */
+    private int seqNumber;
+    
+    /** Authorization data */
     private AuthorizationData authorizationData;
 
+    // Storage for computed lengths
+    private transient int authenticatorAppLength;
+    private transient int authenticatorSeqLength;
+    
+    private transient int authenticatorVnoTagLength;
+    
+    private transient int cRealmTagLength;
+    
+    private transient int cNameTagLength;
+    
+    private transient int cksumTagLength;
+    
+    private transient int cusecTagLength;
+    
+    private transient int cTimeTagLength;
+    private transient int cTimeLength;
+    
+    private transient int subKeyTagLength;
+    
+    private transient int seqNumberTagLength;
+    
+    private transient int authorizationDataTagLength;
 
     /**
      * Creates a new instance of Authenticator.
-     *
-     * @param clientPrincipal
-     * @param checksum
-     * @param clientMicroSecond
-     * @param clientTime
-     * @param subSessionKey
-     * @param sequenceNumber
-     * @param authorizationData
      */
-    public Authenticator( KerberosPrincipal clientPrincipal, Checksum checksum, int clientMicroSecond,
-        KerberosTime clientTime, EncryptionKey subSessionKey, int sequenceNumber, AuthorizationData authorizationData )
+    public Authenticator()
     {
-        this( AUTHENTICATOR_VNO, clientPrincipal, checksum, clientMicroSecond, clientTime, subSessionKey,
-            sequenceNumber, authorizationData );
+        cksum = null;          // optional
+        subKey = null;            // optional
+        authorizationData = null; // optional
+        seqNumber = KerberosUtils.NULL; // optional
     }
 
-
     /**
-     * Creates a new instance of Authenticator.
+     * Returns the client {@link PrincipalName}.
      *
-     * @param versionNumber
-     * @param clientPrincipal
-     * @param checksum
-     * @param clientMicroSecond
-     * @param clientTime
-     * @param subSessionKey
-     * @param sequenceNumber
-     * @param authorizationData
-     */
-    public Authenticator( int versionNumber, KerberosPrincipal clientPrincipal, Checksum checksum,
-        int clientMicroSecond, KerberosTime clientTime, EncryptionKey subSessionKey, int sequenceNumber,
-        AuthorizationData authorizationData )
+     * @return The client {@link PrincipalName}.
+     */
+    public PrincipalName getClientPrincipalName()
     {
-        this.versionNumber = versionNumber;
-        this.clientPrincipal = clientPrincipal;
-        this.checksum = checksum;
-        this.clientMicroSecond = clientMicroSecond;
-        this.clientTime = clientTime;
-        this.subSessionKey = subSessionKey;
-        this.sequenceNumber = sequenceNumber;
-        this.authorizationData = authorizationData;
+        return cName;
     }
 
-
+    
     /**
      * Returns the client {@link KerberosPrincipal}.
      *
@@ -108,16 +167,58 @@
 
 
     /**
+     * Sets the client {@link PrincipalName}.
+     *
+     * @param clientPrincipal
+     */
+    public void setClientPrincipalName( PrincipalName cName )
+    {
+        this.cName = cName;
+    }
+
+    
+    /**
+     * Sets the client {@link KerberosPrincipal}.
+     *
+     * @param clientPrincipal
+     */
+    public void setClientPrincipal( KerberosPrincipal clientPrincipal )
+    {
+        this.clientPrincipal = clientPrincipal;
+        
+        try
+        {
+            this.cName = new PrincipalName( clientPrincipal.getName(), clientPrincipal.getNameType() );
+        }
+        catch ( ParseException pe )
+        {
+            this.cName = null;
+        }
+    }
+
+    
+    /**
      * Returns the client {@link KerberosTime}.
      *
      * @return The client {@link KerberosTime}.
      */
     public KerberosTime getClientTime()
     {
-        return clientTime;
+        return cTime;
     }
 
+    
+    /**
+     * Sets the client {@link KerberosTime}.
+     *
+     * @param time the client {@link KerberosTime}.
+     */
+    public void setClientTime( KerberosTime cTime )
+    {
+        this.cTime = cTime;
+    }
 
+    
     /**
      * Returns the client microsecond.
      *
@@ -125,7 +226,18 @@
      */
     public int getClientMicroSecond()
     {
-        return clientMicroSecond;
+        return cusec;
+    }
+
+    
+    /**
+     * Sets the client microsecond.
+     *
+     * @param microSecond the client microsecond.
+     */
+    public void setClientMicroSecond( int cusec )
+    {
+        this.cusec = cusec;
     }
 
 
@@ -139,7 +251,18 @@
         return authorizationData;
     }
 
+    
+    /**
+     * Sets the {@link AuthorizationData}.
+     *
+     * @param data the {@link AuthorizationData}.
+     */
+    public void setAuthorizationData( AuthorizationData authorizationData )
+    {
+        this.authorizationData = authorizationData;
+    }
 
+    
     /**
      * Returns the {@link Checksum}.
      *
@@ -147,10 +270,21 @@
      */
     public Checksum getChecksum()
     {
-        return checksum;
+        return cksum;
     }
 
+    
+    /**
+     * Sets the {@link Checksum}.
+     *
+     * @param checksum the {@link Checksum}.
+     */
+    public void setChecksum( Checksum cksum )
+    {
+        this.cksum = cksum;
+    }
 
+    
     /**
      * Returns the sequence number.
      *
@@ -158,10 +292,21 @@
      */
     public int getSequenceNumber()
     {
-        return sequenceNumber;
+        return seqNumber;
     }
 
+    
+    /**
+     * Sets the sequence number.
+     *
+     * @param seqNumber the sequence number
+     */
+    public void setSequenceNumber( int seqNumber )
+    {
+        this.seqNumber = seqNumber;
+    }
 
+    
     /**
      * Returns the sub-session key.
      *
@@ -169,10 +314,21 @@
      */
     public EncryptionKey getSubSessionKey()
     {
-        return subSessionKey;
+        return subKey;
     }
 
+    
+    /**
+     * Sets the sub-session {@link EncryptionKey}.
+     *
+     * @param subKey the sub-session
+     */
+    public void setSubSessionKey( EncryptionKey subKey )
+    {
+        this.subKey = subKey;
+    }
 
+    
     /**
      * Returns the version number of the {@link Authenticator}.
      *
@@ -180,6 +336,281 @@
      */
     public int getVersionNumber()
     {
-        return versionNumber;
+        return authenticatorVno;
+    }
+    
+    
+    /**
+     * Sets the version number.
+     *
+     * @param versionNumber The version number
+     */
+    public void setVersionNumber( int authenticatorVno )
+    {
+        this.authenticatorVno = authenticatorVno;
+    }
+
+
+    /**
+     * @return The client realm
+     */
+    public String getClientRealm()
+    {
+        return cRealm;
+    }
+
+    /**
+     * Sets the client realm.
+     *
+     * @param realm the client realm.
+     */
+    public void setClientRealm( String cRealm )
+    {
+        this.cRealm = cRealm;
+    }
+    
+    /**
+     * Compute the Authenticator length
+     * 
+     * Authenticator :
+     * 
+     * 0x62 L1 Authenticator Tag (Application 2)
+     *  |
+     *  +-->  0x30 L2 Authenticator sequence
+     *         |
+     *         +--> 0xA0 L2 authenticator-vno tag
+     *         |     |
+     *         |     +--> 0x02 L2-1 authenticator-vno (int)
+     *         |
+     *         +--> 0xA1 L3 crealm tag
+     *         |     |
+     *         |     +--> 0x1B L3-1 crealm (crealm)
+     *         |
+     *         +--> 0xA2 L4 cname tag
+     *         |     |
+     *         |     +--> 0x30 L4-1 cname (PrincipalName)
+     *         |
+     *         +--> [0xA3 L5 cksum tag
+     *         |     |
+     *         |     +--> 0x30 L5-1 cksum (Checksum)] (optional)
+     *         |
+     *         +--> 0xA4 L6 cusec tag
+     *         |     |
+     *         |     +--> 0x02 L6-1 cusec (int)
+     *         |
+     *         +--> 0xA5 0x11 ctime tag
+     *         |     |
+     *         |     +--> 0x18 0x0F ctime (KerberosTime)
+     *         |
+     *         +--> [0xA6 L7 subkey tag
+     *         |     |
+     *         |     +--> 0x30 L7-1 subkey (EncryptionKey)] (optional)
+     *         |
+     *         +--> [0xA7 L8 seqNumber tag
+     *         |     |
+     *         |     +--> 0x02 L8-1 seqNulber (int > 0)] (optional)
+     *         |
+     *         +--> [0xA8 L9 authorization-data tag
+     *               |
+     *               +--> 0x30 L9-1 authorization-data (AuthorizationData)] (optional)
+     */
+    public int computeLength()
+    {
+        authenticatorAppLength = 0;
+        authenticatorSeqLength = 0;
+
+        // Compute the authenticator-vno length
+        int authenticatorVnoLength = Value.getNbBytes( authenticatorVno );
+        authenticatorVnoTagLength = 1 + TLV.getNbBytes( authenticatorVnoLength ) + authenticatorVnoLength;
+        
+        authenticatorSeqLength += 1 + TLV.getNbBytes( authenticatorVnoTagLength ) + authenticatorVnoTagLength;
+
+        // Compute the client Realm length
+        cRealmBytes = StringTools.getBytesUtf8( cRealm );
+        cRealmTagLength = 1 + TLV.getNbBytes( cRealmBytes.length ) + cRealmBytes.length;
+        authenticatorSeqLength += 1 + TLV.getNbBytes( cRealmTagLength ) + cRealmTagLength;
+        
+        // Compute the clientPrincipalName length
+        cNameTagLength = cName.computeLength();
+        authenticatorSeqLength += 1 + TLV.getNbBytes( cNameTagLength ) + cNameTagLength;
+        
+        // Compute the cksum length, if any
+        if ( cksum != null )
+        {
+            cksumTagLength = cksum.computeLength();
+            authenticatorSeqLength += 1 + TLV.getNbBytes( cksumTagLength ) + cksumTagLength;
+        }
+        
+        // Compute the cusec length
+        int cusecLength = Value.getNbBytes( cusec );
+        cusecTagLength = 1 + TLV.getNbBytes( cusecLength ) + cusecLength;
+        authenticatorSeqLength += 1 + TLV.getNbBytes( cusecTagLength ) + cusecTagLength;
+        
+        // Compute the clientTime length
+        cTimeLength = 15; 
+        cTimeTagLength = 1 + 1 + cTimeLength; 
+        
+        authenticatorSeqLength += 
+            1 + TLV.getNbBytes( cTimeTagLength ) + cTimeTagLength;
+        
+        // Compute the subkey length, if any
+        if ( subKey != null )
+        {
+            subKeyTagLength = subKey.computeLength();
+            authenticatorSeqLength += 1 + TLV.getNbBytes( subKeyTagLength ) + subKeyTagLength;
+        }
+        
+        // Compute the seqNumber length
+        int seqNumberLength = Value.getNbBytes( seqNumber );
+        seqNumberTagLength = 1 + TLV.getNbBytes( seqNumberLength ) + seqNumberLength;
+        authenticatorSeqLength += 1 + TLV.getNbBytes( seqNumberTagLength ) + seqNumberTagLength;
+        
+        // Compute the authorization-data length, if any
+        if ( authorizationData != null )
+        {
+            authorizationDataTagLength = authorizationData.computeLength();
+            authenticatorSeqLength += 1 + TLV.getNbBytes( authorizationDataTagLength ) + authorizationDataTagLength;
+        }
+        
+        // Compute the whole sequence length
+        authenticatorAppLength = 1 + TLV.getNbBytes( authenticatorSeqLength ) + authenticatorSeqLength;
+        
+        // Compute the whole application length
+        return 1 + TLV.getNbBytes( authenticatorAppLength ) + authenticatorAppLength;
+    }
+    
+    /**
+     * Encode the Authenticator message to a PDU. 
+     * 
+     * Authenticator :
+     * 
+     * 0x62 LL
+     *   0x30 LL
+     *     0xA0 LL 
+     *       0x03 LL authenticator-vno (int)
+     *     0xA1 LL
+     *       0x1B LL crealm (KerberosString)
+     *     0xA2 LL
+     *       0x30 LL cname (PrincipalName)
+     *     [0xA3 LL
+     *       0x30 LL cksum (Checksum) (optional)]
+     *     0xA4 LL
+     *       0x02 LL cusec (int)
+     *     0xA5 0x11
+     *       0x18 0x0F ctime (KerberosTime)
+     *     [0xA6 LL
+     *       0x30 LL subkey (EncryptionKey) (optional)]
+     *     [0xA7 LL
+     *       0x02 LL seqNulber (int) (optional)]
+     *     [0xA8 LL
+     *       0x30 LL authorization-data (AuthorizationData) (optional)]
+     * 
+     * @param buffer The buffer where to put the PDU. It should have been allocated
+     * before, with the right size.
+     * @return The constructed PDU.
+     */
+    public ByteBuffer encode( ByteBuffer buffer ) throws EncoderException
+    {
+        if ( buffer == null )
+        {
+            buffer = ByteBuffer.allocate( computeLength() );
+        }
+
+        try
+        {
+            // The authenticator APP Tag
+            buffer.put( (byte)0x62 );
+            buffer.put( TLV.getBytes( authenticatorAppLength ) );
+
+            // The authenticator SEQ Tag
+            buffer.put( UniversalTag.SEQUENCE_TAG );
+            buffer.put( TLV.getBytes( authenticatorSeqLength ) );
+
+            // The authenticator-vno encoding, first the tag, then the value
+            buffer.put( ( byte ) 0xA0 );
+            buffer.put( TLV.getBytes( authenticatorVnoTagLength ) );
+
+            Value.encode( buffer, authenticatorVno );
+            
+            // The client realm encoding
+            buffer.put( (byte)0xA1 );
+            buffer.put( TLV.getBytes( cRealmTagLength ) );
+            
+            buffer.put( UniversalTag.GENERALIZED_STRING_TAG );
+            buffer.put( TLV.getBytes( cRealmBytes.length ) );
+            buffer.put( cRealmBytes );
+
+            // The clientprincipalName encoding
+            buffer.put( (byte)0xA2 );
+            buffer.put( TLV.getBytes( cNameTagLength ) );
+            cName.encode( buffer );
+            
+            // The cksum encoding, if any
+            if ( cksum != null )
+            {
+                buffer.put( (byte)0xA3 );
+                buffer.put( TLV.getBytes( cksumTagLength ) );
+                cksum.encode( buffer );
+            }
+            
+            // Client millisecond encoding
+            buffer.put( ( byte )0xA4 );
+            buffer.put( TLV.getBytes( cusecTagLength ) );
+            Value.encode( buffer, cusec );
+            
+            // The clientTime Tag and value
+            buffer.put( ( byte )0xA5 );
+            buffer.put( TLV.getBytes( cTimeTagLength ) );
+            buffer.put( UniversalTag.GENERALIZED_TIME_TAG );
+            buffer.put( TLV.getBytes( cTimeLength ) );
+            buffer.put( StringTools.getBytesUtf8( cTime.toString() ) );
+            
+            // The subkey encoding, if any
+            if ( subKey != null )
+            {
+                buffer.put( (byte)0xA6 );
+                buffer.put( TLV.getBytes( subKeyTagLength ) );
+                subKey.encode( buffer );
+            }
+            
+            // The seqNumber encoding, if any
+            if ( seqNumber != KerberosUtils.NULL )
+            {
+                buffer.put( ( byte )0xA7 );
+                buffer.put( TLV.getBytes( seqNumberTagLength ) );
+                Value.encode( buffer, seqNumber );
+            }
+            
+            // The authorization-data encoding, if any
+            if ( authorizationData != null )
+            {
+                buffer.put( (byte)0xA8 );
+                buffer.put( TLV.getBytes( authorizationDataTagLength ) );
+                authorizationData.encode( buffer );
+            }
+        }
+        catch ( BufferOverflowException boe )
+        {
+            log.error(
+                "Cannot encode the Authenticator object, the PDU size is {} when only {} bytes has been allocated", 1
+                    + TLV.getNbBytes( authenticatorAppLength ) + authenticatorAppLength, buffer.capacity() );
+            throw new EncoderException( "The PDU buffer size is too small !" );
+        }
+
+        if ( IS_DEBUG )
+        {
+            log.debug( "Authenticator encoding : {}", StringTools.dumpBytes( buffer.array() ) );
+            log.debug( "Authenticator initial value : {}", toString() );
+        }
+
+        return buffer;
+    }
+    
+    /**
+     * @see Object#toString()
+     */
+    public String toString()
+    {
+        return "NYI";
     }
 }

Modified: directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/components/EncAsRepPart.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/components/EncAsRepPart.java?rev=578743&r1=578742&r2=578743&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/components/EncAsRepPart.java (original)
+++ directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/components/EncAsRepPart.java Mon Sep 24 03:18:05 2007
@@ -26,7 +26,6 @@
 import org.apache.directory.server.kerberos.shared.messages.value.HostAddresses;
 import org.apache.directory.server.kerberos.shared.messages.value.KerberosTime;
 import org.apache.directory.server.kerberos.shared.messages.value.LastRequest;
-import org.apache.directory.server.kerberos.shared.messages.value.TicketFlags;
 
 
 /**
@@ -53,7 +52,7 @@
      * @param caddr
      */
     public EncAsRepPart(EncryptionKey key, LastRequest lastReq, int nonce, KerberosTime keyExpiration,
-        TicketFlags flags, KerberosTime authTime, KerberosTime startTime, KerberosTime endTime, KerberosTime renewTill,
+        int flags, KerberosTime authTime, KerberosTime startTime, KerberosTime endTime, KerberosTime renewTill,
         KerberosPrincipal serverPrincipal, HostAddresses caddr)
     {
         super( key, lastReq, nonce, keyExpiration, flags, authTime, startTime, endTime, renewTill, serverPrincipal,

Modified: directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/components/EncKdcRepPart.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/components/EncKdcRepPart.java?rev=578743&r1=578742&r2=578743&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/components/EncKdcRepPart.java (original)
+++ directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/components/EncKdcRepPart.java Mon Sep 24 03:18:05 2007
@@ -27,7 +27,7 @@
 import org.apache.directory.server.kerberos.shared.messages.value.HostAddresses;
 import org.apache.directory.server.kerberos.shared.messages.value.KerberosTime;
 import org.apache.directory.server.kerberos.shared.messages.value.LastRequest;
-import org.apache.directory.server.kerberos.shared.messages.value.TicketFlags;
+import org.apache.directory.server.kerberos.shared.messages.value.flags.TicketFlags;
 
 
 /**
@@ -42,7 +42,7 @@
     private LastRequest lastRequest;
     private int nonce;
     private KerberosTime keyExpiration; //optional
-    private TicketFlags flags = new TicketFlags();
+    private TicketFlags flags;
     private KerberosTime authTime;
     private KerberosTime startTime; //optional
     private KerberosTime endTime;
@@ -62,41 +62,6 @@
 
 
     /**
-     * Creates a new instance of EncKdcRepPart.
-     *
-     * @param key
-     * @param lastReq
-     * @param nonce
-     * @param keyExpiration
-     * @param flags
-     * @param authtime
-     * @param starttime
-     * @param endtime
-     * @param renewTill
-     * @param serverPrincipal
-     * @param caddr
-     * @param componentType
-     */
-    public EncKdcRepPart( EncryptionKey key, LastRequest lastReq, int nonce, KerberosTime keyExpiration,
-        TicketFlags flags, KerberosTime authtime, KerberosTime starttime, KerberosTime endtime, KerberosTime renewTill,
-        KerberosPrincipal serverPrincipal, HostAddresses caddr, MessageComponentType componentType )
-    {
-        this.key = key;
-        this.lastRequest = lastReq;
-        this.nonce = nonce;
-        this.keyExpiration = keyExpiration;
-        this.flags = flags;
-        this.authTime = authtime;
-        this.startTime = starttime;
-        this.endTime = endtime;
-        this.renewTill = renewTill;
-        this.serverPrincipal = serverPrincipal;
-        this.clientAddresses = caddr;
-        this.componentType = componentType;
-    }
-
-
-    /**
      * Returns the auth {@link KerberosTime}.
      *
      * @return The auth {@link KerberosTime}.
@@ -130,9 +95,9 @@
 
 
     /**
-     * Returns the {@link TicketFlags}.
+     * Returns the TicketFlags.
      *
-     * @return The {@link TicketFlags}.
+     * @return The TicketFlags.
      */
     public TicketFlags getFlags()
     {
@@ -269,6 +234,17 @@
     public void setEndTime( KerberosTime time )
     {
         endTime = time;
+    }
+
+
+    /**
+     * Sets the {@link TicketFlags}.
+     *
+     * @param flags
+     */
+    public void setFlags( int flags )
+    {
+        this.flags = new TicketFlags( flags );
     }
 
 

Modified: directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/components/EncKrbPrivPart.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/components/EncKrbPrivPart.java?rev=578743&r1=578742&r2=578743&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/components/EncKrbPrivPart.java (original)
+++ directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/components/EncKrbPrivPart.java Mon Sep 24 03:18:05 2007
@@ -36,34 +36,22 @@
 public class EncKrbPrivPart extends KerberosMessage implements Encodable
 {
     private byte[] userData;
-    private KerberosTime timestamp; //optional
-    private Integer usec; //optional
-    private Integer sequenceNumber; //optional
-    private HostAddress senderAddress; //optional
-    private HostAddress recipientAddress; //optional
-
+    private KerberosTime timestamp;         // optional
+    private int usec;                       // optional
+    private int sequenceNumber;             // optional
+    private HostAddress senderAddress;      // optional
+    private HostAddress recipientAddress;   // optional
 
     /**
      * Creates a new instance of EncKrbPrivPart.
      *
-     * @param userData
-     * @param timestamp
-     * @param usec
-     * @param sequenceNumber
-     * @param senderAddress
-     * @param recipientAddress
+     * @return The {@link EncKrbPrivPart}.
      */
-    public EncKrbPrivPart( byte[] userData, KerberosTime timestamp, Integer usec, Integer sequenceNumber,
-        HostAddress senderAddress, HostAddress recipientAddress )
+    public EncKrbPrivPart()
     {
         super( MessageType.ENC_PRIV_PART );
-
-        this.userData = userData;
-        this.timestamp = timestamp;
-        this.usec = usec;
-        this.sequenceNumber = sequenceNumber;
-        this.senderAddress = senderAddress;
-        this.recipientAddress = recipientAddress;
+        usec = -1;
+        sequenceNumber = -1;
     }
 
 
@@ -79,6 +67,17 @@
 
 
     /**
+     * Sets the recipient {@link HostAddress}.
+     *
+     * @param address
+     */
+    public void setRecipientAddress( HostAddress address )
+    {
+        recipientAddress = address;
+    }
+
+    
+    /**
      * Returns the sender {@link HostAddress}.
      *
      * @return The sender {@link HostAddress}.
@@ -90,17 +89,39 @@
 
 
     /**
+     * Sets the sender {@link HostAddress}.
+     *
+     * @param address
+     */
+    public void setSenderAddress( HostAddress address )
+    {
+        senderAddress = address;
+    }
+
+    
+    /**
      * Returns the sequence number.
      *
      * @return The sequence number.
      */
-    public Integer getSequenceNumber()
+    public int getSequenceNumber()
     {
         return sequenceNumber;
     }
 
 
     /**
+     * Sets the sequence number.
+     *
+     * @param number
+     */
+    public void setSequenceNumber( int number )
+    {
+        sequenceNumber = number;
+    }
+
+    
+    /**
      * Returns the {@link KerberosTime} timestamp.
      *
      * @return The {@link KerberosTime} timestamp.
@@ -112,17 +133,39 @@
 
 
     /**
+     * Sets the {@link KerberosTime} timestamp.
+     *
+     * @param timestamp
+     */
+    public void setTimestamp( KerberosTime timestamp )
+    {
+        this.timestamp = timestamp;
+    }
+
+    
+    /**
      * Returns the microsecond.
      *
      * @return The microsecond.
      */
-    public Integer getMicroSecond()
+    public int getMicroSecond()
     {
         return usec;
     }
 
 
     /**
+     * Sets the microsecond.
+     *
+     * @param usec
+     */
+    public void setMicroSecond( int usec )
+    {
+        this.usec = usec;
+    }
+
+
+    /**
      * Returns the user data.
      *
      * @return The user data.
@@ -130,5 +173,16 @@
     public byte[] getUserData()
     {
         return userData;
+    }
+
+    
+    /**
+     * Sets the user data.
+     *
+     * @param data
+     */
+    public void setUserData( byte[] data )
+    {
+        userData = data;
     }
 }

Modified: directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/components/EncTgsRepPart.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/components/EncTgsRepPart.java?rev=578743&r1=578742&r2=578743&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/components/EncTgsRepPart.java (original)
+++ directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/components/EncTgsRepPart.java Mon Sep 24 03:18:05 2007
@@ -26,7 +26,6 @@
 import org.apache.directory.server.kerberos.shared.messages.value.HostAddresses;
 import org.apache.directory.server.kerberos.shared.messages.value.KerberosTime;
 import org.apache.directory.server.kerberos.shared.messages.value.LastRequest;
-import org.apache.directory.server.kerberos.shared.messages.value.TicketFlags;
 
 
 /**
@@ -53,7 +52,7 @@
      * @param caddr
      */
     public EncTgsRepPart(EncryptionKey key, LastRequest lastReq, int nonce, KerberosTime keyExpiration,
-        TicketFlags flags, KerberosTime authtime, KerberosTime starttime, KerberosTime endtime, KerberosTime renewTill,
+        int flags, KerberosTime authtime, KerberosTime starttime, KerberosTime endtime, KerberosTime renewTill,
         KerberosPrincipal serverPrincipal, HostAddresses caddr)
     {
         super( key, lastReq, nonce, keyExpiration, flags, authtime, starttime, endtime, renewTill, serverPrincipal,

Modified: directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/components/EncTicketPart.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/components/EncTicketPart.java?rev=578743&r1=578742&r2=578743&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/components/EncTicketPart.java (original)
+++ directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/components/EncTicketPart.java Mon Sep 24 03:18:05 2007
@@ -20,68 +20,143 @@
 package org.apache.directory.server.kerberos.shared.messages.components;
 
 
+import java.nio.BufferOverflowException;
+import java.nio.ByteBuffer;
+import java.text.ParseException;
+
 import javax.security.auth.kerberos.KerberosPrincipal;
 
+import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
 import org.apache.directory.server.kerberos.shared.messages.Encodable;
 import org.apache.directory.server.kerberos.shared.messages.value.AuthorizationData;
 import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
+import org.apache.directory.server.kerberos.shared.messages.value.HostAddress;
 import org.apache.directory.server.kerberos.shared.messages.value.HostAddresses;
 import org.apache.directory.server.kerberos.shared.messages.value.KerberosTime;
-import org.apache.directory.server.kerberos.shared.messages.value.TicketFlags;
+import org.apache.directory.server.kerberos.shared.messages.value.PrincipalName;
 import org.apache.directory.server.kerberos.shared.messages.value.TransitedEncoding;
+import org.apache.directory.server.kerberos.shared.messages.value.flags.TicketFlags;
+import org.apache.directory.server.kerberos.shared.messages.value.flags.TicketFlag;
+import org.apache.directory.shared.asn1.AbstractAsn1Object;
+import org.apache.directory.shared.asn1.ber.tlv.TLV;
+import org.apache.directory.shared.asn1.ber.tlv.UniversalTag;
+import org.apache.directory.shared.asn1.ber.tlv.Value;
+import org.apache.directory.shared.asn1.codec.EncoderException;
+import org.apache.directory.shared.asn1.primitives.BitString;
+import org.apache.directory.shared.ldap.util.StringTools;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 
 /**
  * Encrypted part of Tickets.
  * 
+ * The ASN.1 grammar used to describe tis structure is the following :
+ * 
+ * EncTicketPart   ::= [APPLICATION 3] SEQUENCE {
+ *       flags                   [0] TicketFlags,
+ *       key                     [1] EncryptionKey,
+ *       crealm                  [2] Realm,
+ *       cname                   [3] PrincipalName,
+ *       transited               [4] TransitedEncoding,
+ *       authtime                [5] KerberosTime,
+ *       starttime               [6] KerberosTime OPTIONAL,
+ *       endtime                 [7] KerberosTime,
+ *       renew-till              [8] KerberosTime OPTIONAL,
+ *       caddr                   [9] HostAddresses OPTIONAL,
+ *       authorization-data      [10] AuthorizationData OPTIONAL
+ * }
+ * 
  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
  * @version $Rev$, $Date$
  */
-public class EncTicketPart implements Encodable
+public class EncTicketPart extends AbstractAsn1Object implements Encodable
 {
+    /** The logger */
+    private static final Logger log = LoggerFactory.getLogger( EncTicketPart.class );
+
+    /** Speedup for logs */
+    private static final boolean IS_DEBUG = log.isDebugEnabled();
+    
+    /** The ticket flags */
     private TicketFlags flags;
-    private EncryptionKey sessionKey;
+    
+    /** The session key */
+    private EncryptionKey key;
+    
+    /** The client realm */
+    private String cRealm;
+    
+    /** A byte array to store the client realm */
+    private transient byte[] cRealmBytes;
+    
+    /** The client principalName */
+    private PrincipalName cName;
+    
+    /** The client KerberosPrincipal */
     private KerberosPrincipal clientPrincipal;
-    private TransitedEncoding transitedEncoding;
-    private KerberosTime authtime;
+    
+    /** 
+     * The names of the Kerberos realms that took part
+     * in authenticating the user to whom this ticket was issued
+     */
+    private TransitedEncoding transited;
+    
+    /** The time of initial authentication for the named principal */
+    private KerberosTime authTime;
+    
+    /** The time after which the ticket is valid */ 
     private KerberosTime startTime; //optional
+    
+    /** The time after which the ticket will not be honored */
     private KerberosTime endTime;
+    
+    /** The maximum endtime that may be included in a renewal */
     private KerberosTime renewTill; //optional
-    private HostAddresses clientAddresses; //optional
+    
+    /** The addresses from which the ticket can be used */
+    private HostAddresses caddr; //optional
+    
+    /** 
+     * used to pass authorization data from the principal on 
+     * whose behalf a ticket was issued to the application service
+     */
     private AuthorizationData authorizationData; //optional
 
+    // Storage for computed lengths
+    private transient int encTicketPartAppLength;
+    private transient int encTicketPartSeqLength;
+    
+    private transient int keyTagLength;
+    
+    private transient int flagsTagLength;
+    private transient int flagsLength;
+
+    private transient int realmTagLength;
+    
+    private transient int cNameTagLength;
+    
+    private transient int authTimeTagLength;
+    private transient int authTimeLength;
+
+    private transient int startTimeTagLength;
+    private transient int startTimeLength;
+
+    private transient int endTimeTagLength;
+    private transient int endTimeLength;
+
+    private transient int renewTillTagLength;
+    private transient int renewTillLength;
+
 
     /**
      * Creates a new instance of EncTicketPart.
-     *
-     * @param flags
-     * @param key
-     * @param clientPrincipal
-     * @param transited
-     * @param authtime
-     * @param starttime
-     * @param endtime
-     * @param renewTill
-     * @param caddr
-     * @param authorizationData
-     */
-    public EncTicketPart( TicketFlags flags, EncryptionKey key, KerberosPrincipal clientPrincipal,
-        TransitedEncoding transited, KerberosTime authtime, KerberosTime starttime, KerberosTime endtime,
-        KerberosTime renewTill, HostAddresses caddr, AuthorizationData authorizationData )
+     */
+    public EncTicketPart()
     {
-        this.flags = flags;
-        this.sessionKey = key;
-        this.clientPrincipal = clientPrincipal;
-        this.transitedEncoding = transited;
-        this.authtime = authtime;
-        this.startTime = starttime;
-        this.endTime = endtime;
-        this.renewTill = renewTill;
-        this.clientAddresses = caddr;
-        this.authorizationData = authorizationData;
     }
 
-
+    
     /**
      * Returns the {@link AuthorizationData}.
      *
@@ -94,13 +169,35 @@
 
 
     /**
+     * Sets the {@link AuthorizationData}.
+     *
+     * @param data The authorization data
+     */
+    public void setAuthorizationData( AuthorizationData data )
+    {
+        authorizationData = data;
+    }
+
+
+    /**
      * Returns the auth {@link KerberosTime}
      *
      * @return The auth {@link KerberosTime}
      */
     public KerberosTime getAuthTime()
     {
-        return authtime;
+        return authTime;
+    }
+
+
+    /**
+     * Sets the auth {@link KerberosTime}.
+     *
+     * @param authtime
+     */
+    public void setAuthTime( KerberosTime authtime )
+    {
+        this.authTime = authtime;
     }
 
 
@@ -111,21 +208,76 @@
      */
     public HostAddresses getClientAddresses()
     {
-        return clientAddresses;
+        return caddr;
+    }
+
+
+    /**
+     * Sets the client {@link HostAddresses}.
+     *
+     * @param addresses The client addresses
+     */
+    public void setClientAddresses( HostAddresses addresses )
+    {
+        this.caddr = addresses;
+    }
+
+
+    /**
+     * Add a client {@link HostAddresses}.
+     *
+     * @param addresses The client address to add
+     */
+    public void addClientAddresses( HostAddress hostAddress )
+    {
+        caddr.addHostAddress( hostAddress );
+    }
+
+    
+    /**
+     * Returns the client {@link PrincipalName}.
+     *
+     * @return The client {@link PrincipalName}.
+     */
+    public PrincipalName getClientPrincipalName()
+    {
+        return cName;
     }
 
 
     /**
-     * Returns the client {@link KerberosPrincipal}.
+     * Returns the client {@link PrincipalName}.
      *
-     * @return The client {@link KerberosPrincipal}.
+     * @return The client {@link PrincipalName}.
      */
     public KerberosPrincipal getClientPrincipal()
     {
         return clientPrincipal;
     }
 
-
+    
+    /**
+     * Sets the client {@link KerberosPrincipal}.
+     *
+     * @param clientPrincipal
+     */
+    public void setClientPrincipal( KerberosPrincipal clientPrincipal ) throws ParseException
+    {
+        this.cName = new PrincipalName( clientPrincipal );
+        this.clientPrincipal = clientPrincipal;
+        this.cRealm = clientPrincipal.getRealm();
+    }
+    
+    /**
+     * Sets the client {@link PrincipalName}.
+     *
+     * @param cName The principalName
+     */
+    public void setClientPrincipalName( PrincipalName cName ) throws ParseException
+    {
+        this.cName = cName;
+    }
+    
     /**
      * Returns the client realm.
      *
@@ -133,11 +285,21 @@
      */
     public String getClientRealm()
     {
-        return clientPrincipal.getRealm();
+        return cRealm;
     }
 
 
     /**
+     * Sets the client realm.
+     *
+     * @param realm The client realm
+     */
+    public void setClientRealm( String cRealm )
+    {
+        this.cRealm = cRealm;
+    }
+    
+    /**
      * Returns the end {@link KerberosTime}
      *
      * @return The end {@link KerberosTime}
@@ -149,9 +311,20 @@
 
 
     /**
-     * Returns the {@link TicketFlags}.
+     * Sets the end {@link KerberosTime}.
+     *
+     * @param time The ending time
+     */
+    public void setEndTime( KerberosTime time )
+    {
+        endTime = time;
+    }
+
+    
+    /**
+     * Returns the TicketFlags.
      *
-     * @return The {@link TicketFlags}.
+     * @return The  TicketFlags.
      */
     public TicketFlags getFlags()
     {
@@ -160,13 +333,91 @@
 
 
     /**
+     * get a TicketFlags.
+     *
+     * @param flag The flag to set
+     */
+    public boolean getFlag( TicketFlag flag )
+    {
+        return flags.isFlagSet( flag );
+    }
+
+
+    /**
+     * Clear a TicketFlags.
+     *
+     * @param flag The flag to clear
+     */
+    public void clearFlag( TicketFlag flag )
+    {
+        flags.clearFlag( flag );
+    }
+
+
+    /**
+     * Sets the TicketFlags.
+     *
+     * @param flags
+     */
+    public void setFlags( int flags )
+    {
+        this.flags = new TicketFlags( flags );
+    }
+
+
+    /**
+     * Sets the TicketFlags.
+     *
+     * @param flags
+     */
+    public void setFlags( TicketFlags flags )
+    {
+        this.flags = flags;
+    }
+
+
+    /**
+     * Sets the specified flag
+     *
+     * @param flag The flag to be set
+     */
+    public void setFlag( TicketFlag flag )
+    {
+        flags.setFlag( flag );
+    }
+
+    
+    /**
+     * Sets the flag at the given index.
+     *
+     * @param flag The flag to be set
+     */
+    public void setFlag( int flag )
+    {
+        flags.setFlag( flag );
+    }
+
+    
+    
+    /**
      * Returns the session {@link EncryptionKey}.
      *
      * @return The session {@link EncryptionKey}.
      */
     public EncryptionKey getSessionKey()
     {
-        return sessionKey;
+        return key;
+    }
+
+
+    /**
+     * Sets the session {@link EncryptionKey}.
+     *
+     * @param key The session key
+     */
+    public void setSessionKey( EncryptionKey key )
+    {
+        this.key = key;
     }
 
 
@@ -182,6 +433,17 @@
 
 
     /**
+     * Sets the renew till {@link KerberosTime}.
+     *
+     * @param till The renew time
+     */
+    public void setRenewTill( KerberosTime till )
+    {
+        renewTill = till;
+    }
+
+
+    /**
      * Returns the start {@link KerberosTime}
      *
      * @return The start {@link KerberosTime}
@@ -191,6 +453,17 @@
         return startTime;
     }
 
+    
+    /**
+     * Sets the start {@link KerberosTime}.
+     *
+     * @param time The starting time
+     */
+    public void setStartTime( KerberosTime time )
+    {
+        startTime = time;
+    }
+    
 
     /**
      * Returns the {@link TransitedEncoding}.
@@ -199,6 +472,320 @@
      */
     public TransitedEncoding getTransitedEncoding()
     {
-        return transitedEncoding;
+        return transited;
+    }
+
+    
+    /**
+     * Set the {@link TransitedEncoding}.
+     */
+    public void setTransitedEncoding( TransitedEncoding transited )
+    {
+        this.transited = transited;
+    }
+
+    
+    /**
+     * Compute the EncTicketPart length
+     * 
+     * EncTicketPart :
+     * 
+     * 0x63 L1 EncTicketPart
+     *  |
+     *  +--> 0x30 L2 EncTicketPart SEQUENCE
+     *        |
+     *        +--> 0xA0 L3 flags tag
+     *        |     |
+     *        |     +--> 0x05 L3-1 flags (bitstring)
+     *        |
+     *        +--> 0xA1 L4 key (EncryptionKey)
+     *        |
+     *        +--> 0xA2 L5 crealm tag
+     *        |     |
+     *        |     +--> 0x1B L5-1 crealm (generalizedString)
+     *        |
+     *        +--> 0xA3 L6 cname (PrincipalName)
+     *        |
+     *        +--> 0xA4 L7 transited (TransitedEncoding)
+     *        |
+     *        +--> 0xA5 L8 authtime tag
+     *        |     |
+     *        |     +--> 0x18 L8-1 authtime (generalizedTime)
+     *        |
+     *        +--> [0xA6 L9 starttime tag
+     *        |     |
+     *        |     +--> 0x18 L9-1 starttime (generalizedTime)]
+     *        |
+     *        +--> 0xA7 L10 endtime tag
+     *        |     |
+     *        |     +--> 0x18 L10-1 endtime (generalizedTime)
+     *        |
+     *        +--> [0xA8 L11 renew-till tag
+     *        |     |
+     *        |     +--> 0x18 L11-1 renew-till (generalizedTime)]
+     *        |
+     *        +--> [0xA9 L12 caddr:HostAddresses]
+     *        |
+     *        +--> [0xAA L13 authorization-data:AuthorizationData]
+     */
+    public int computeLength()
+    {
+        // The flags size (always 0x01 0x05 b1 b2 b3 b4 b5)
+        flagsLength = 5;
+        flagsTagLength = 1 + TLV.getNbBytes( flagsLength ) + flagsLength;
+        encTicketPartSeqLength = 1 + TLV.getNbBytes( flagsTagLength ) + flagsTagLength; 
+    	
+    	// The encryption key is computed in its own class
+        keyTagLength = key.computeLength();
+    	encTicketPartSeqLength += 1 + TLV.getNbBytes( keyTagLength ) + keyTagLength;
+        
+        // The client Realm
+        cRealmBytes = StringTools.getBytesUtf8( cRealm );
+        realmTagLength = 1 + TLV.getNbBytes( cRealmBytes.length ) + cRealmBytes.length;
+        encTicketPartSeqLength += 1 + TLV.getNbBytes( realmTagLength ) + realmTagLength;
+
+        // The clientPrincipal length
+        cNameTagLength = cName.computeLength();
+        encTicketPartSeqLength += 1 + TLV.getNbBytes( cNameTagLength ) + cNameTagLength;
+        
+    	// The transited part
+        encTicketPartSeqLength += transited.computeLength();
+        
+        // Compute the authTime length
+        authTimeLength = 15;
+        authTimeTagLength = 1 + 1 + authTimeLength;
+        encTicketPartSeqLength += 
+            1 + TLV.getNbBytes( authTimeTagLength ) + authTimeTagLength;
+        
+        // Compute the startTime length, if any
+        if ( startTime != null )
+        {
+            startTimeLength = 15;
+            startTimeTagLength = 1 + 1 + startTimeLength;
+            encTicketPartSeqLength += 
+                1 + TLV.getNbBytes( startTimeTagLength ) + startTimeTagLength;
+        }
+        
+        // Compute the endTime length
+        endTimeLength = 15;
+        endTimeTagLength = 1 + 1 + endTimeLength;
+        encTicketPartSeqLength += 
+            1 + TLV.getNbBytes( endTimeTagLength ) + endTimeTagLength;
+        
+        // Compute the renew-till length, if any
+        if ( renewTill != null )
+        {
+            renewTillLength = 15;
+            renewTillTagLength = 1 + 1 + renewTillLength;
+            encTicketPartSeqLength += 
+                1 + TLV.getNbBytes( renewTillTagLength ) + renewTillTagLength;
+        }
+        
+        // Compute the clientAddresses length, if any
+        if ( caddr != null )
+        {
+            encTicketPartSeqLength += caddr.computeLength();
+        }
+        
+        // Compute the authorizationData length, if any
+        if ( authorizationData != null )
+        {
+            encTicketPartSeqLength += authorizationData.computeLength();
+        }
+
+        // compute the global size
+        encTicketPartAppLength = 1 + TLV.getNbBytes( encTicketPartSeqLength ) + encTicketPartSeqLength;
+
+        int result = 1 + TLV.getNbBytes( encTicketPartAppLength ) + encTicketPartAppLength;
+        
+        if ( IS_DEBUG )
+        {
+            log.debug( "EncTicketPart PDU length = {}", Integer.valueOf( result ) );
+        }
+
+        return result;
+    }
+    
+    /**
+     * Encode the EncTicketPart message to a PDU. 
+     * 
+     * EncTicketPart :
+     * 
+     * 0x63 LL
+     *   0x30 LL 
+     *     0xA0 LL 
+     *       0x03 LL flags (BIT STRING)
+     *   0xA1 LL
+     *     0x30 LL key (EncryptionKey)
+     *   0xA2 LL
+     *     0x1B LL crealm (KerberosString)
+     *   0xA3 LL
+     *     0x30 LL cname (PrincipalName)
+     *   0xA4 LL
+     *     0x30 LL transited (TransitedEncoding)
+     *   0xA5 11
+     *     0x18 0x0F authtime (KerberosTime)
+     *   [0xA6 11
+     *     0x18 0x0F starttime (KerberosTime) (optional)]
+     *   0xA7 11
+     *     0x18 0x0F endtime (KerberosTime)
+     *   [0xA8 11
+     *     0x18 0x0F renew-till (KerberosTime) (optional)]
+     *   [0xA9 LL
+     *     0x30 LL addresses (HostAddresses) (optional)]
+     *   [0xAA LL
+     *     0x30 LL authorization-data (AuthorizationData) (optional)]
+     * 
+     * @param buffer The buffer where to put the PDU
+     * @return The PDU.
+     */
+    public ByteBuffer encode( ByteBuffer buffer ) throws EncoderException
+    {
+        if ( buffer == null )
+        {
+            buffer = ByteBuffer.allocate( computeLength() );
+        }
+
+        try
+        {
+            // The encTicketPart SEQ Tag
+            buffer.put( UniversalTag.SEQUENCE_TAG );
+            buffer.put( TLV.getBytes( encTicketPartSeqLength ) );
+
+            // The flags, first the tag, then the value
+            buffer.put( ( byte ) 0xA0 );
+            buffer.put( TLV.getBytes( flagsTagLength ) );
+
+            // Th BIT STRING element
+            Value.encode( buffer, flags );
+            
+            // The session key
+            buffer.put( ( byte ) 0xA1 );
+            buffer.put( TLV.getBytes( keyTagLength ) );
+            key.encode( buffer );
+            
+            // The clientprincipalName, if any
+            if ( cName != null )
+            {
+                buffer.put( (byte)0xA1 );
+                buffer.put( TLV.getBytes( cNameTagLength ) );
+                cName.encode( buffer );
+            }
+            
+            // The server realm
+            buffer.put( (byte)0xA2 );
+            buffer.put( TLV.getBytes( realmTagLength ) );
+            
+            buffer.put( UniversalTag.GENERALIZED_STRING_TAG );
+            buffer.put( TLV.getBytes( realmBytes.length ) );
+            buffer.put( realmBytes );
+
+            // The serverprincipalName, if any
+            if ( sName != null )
+            {
+                buffer.put( (byte)0xA3 );
+                buffer.put( TLV.getBytes( sNameTagLength ) );
+                sName.encode( buffer );
+            }
+            
+            // The from KerberosTime Tag and value, if any
+            if ( from != null )
+            {
+                buffer.put( (byte)0xA4 );
+                buffer.put( TLV.getBytes( fromTagLength ) );
+                buffer.put( UniversalTag.GENERALIZED_TIME_TAG );
+                buffer.put( TLV.getBytes( fromLength ) );
+                buffer.put( StringTools.getBytesUtf8( from.toString() ) );
+            }
+            
+            // The till KerberosTime Tag and value, if any
+            buffer.put( (byte)0xA5 );
+            buffer.put( TLV.getBytes( tillTagLength ) );
+            buffer.put( UniversalTag.GENERALIZED_TIME_TAG );
+            buffer.put( TLV.getBytes( tillLength ) );
+            buffer.put( StringTools.getBytesUtf8( till.toString() ) );
+            
+            // The from KerberosTime Tag and value, if any
+            if ( rTime != null )
+            {
+                buffer.put( (byte)0xA6 );
+                buffer.put( TLV.getBytes( rTimeTagLength ) );
+                buffer.put( UniversalTag.GENERALIZED_TIME_TAG );
+                buffer.put( TLV.getBytes( rTimeLength ) );
+                buffer.put( StringTools.getBytesUtf8( rTime.toString() ) );
+            }
+            
+            // The nonce, first the tag, then the value
+            buffer.put( ( byte ) 0xA7 );
+            buffer.put( TLV.getBytes( nonceTagLength ) );
+            Value.encode( buffer, nonce );
+            
+            // The EncryptionTypes
+            if ( ( eType == null ) || ( eType.size() == 0 ) )
+            {
+                log.error( "We should have at least one encryption type" );
+                throw new EncoderException( "No encryptionType available" );
+            }
+            
+            // Fisrt, the tag
+            buffer.put( (byte)0xA8 );
+            buffer.put( TLV.getBytes( eTypeTagLength ) );
+            
+            // Then the sequence
+            buffer.put( (byte)0x30 );
+            buffer.put( TLV.getBytes( eTypeSeqLength ) );
+
+            // Now, the eTypes
+            for ( EncryptionType type:eType )
+            {
+                Value.encode( buffer, type.getOrdinal() );
+            }
+            
+            // The addresses
+            if ( addresses != null )
+            {
+                buffer.put( (byte)0xA9 );
+                buffer.put( TLV.getBytes( addressesTagLength ) );
+                addresses.encode( buffer );
+            }
+            
+            // The enc-authorization-data
+            if ( encAuthorizationData != null )
+            {
+                buffer.put( (byte)0xAA );
+                buffer.put( TLV.getBytes( encAuthorizationDataTagLength ) );
+                encAuthorizationData.encode( buffer );
+            }
+            
+            // The additional tickets
+            if ( additionalTickets != null )
+            {
+                buffer.put( (byte)0xAB );
+                buffer.put( TLV.getBytes( additionalTicketsTagLength ) );
+                
+                buffer.put( UniversalTag.SEQUENCE_TAG );
+                buffer.put( TLV.getBytes( additionalTicketsSeqLength ) );
+                
+                for ( Ticket ticket:additionalTickets )
+                {
+                    ticket.encode( buffer );
+                }
+            }
+        }
+        catch ( BufferOverflowException boe )
+        {
+            log.error(
+                "Cannot encode the EncTicketPart object, the PDU size is {} when only {} bytes has been allocated", 1
+                    + TLV.getNbBytes( encTicketPartAppLength ) + encTicketPartAppLength, buffer.capacity() );
+            throw new EncoderException( "The PDU buffer size is too small !" );
+        }
+
+        if ( IS_DEBUG )
+        {
+            log.debug( "EncTicketPart encoding : {}", StringTools.dumpBytes( buffer.array() ) );
+            log.debug( "EncTicketPart initial value : {}", toString() );
+        }
+
+        return buffer;
     }
 }

Added: directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/components/InvalidTicketException.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/components/InvalidTicketException.java?rev=578743&view=auto
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/components/InvalidTicketException.java (added)
+++ directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/components/InvalidTicketException.java Mon Sep 24 03:18:05 2007
@@ -0,0 +1,42 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.directory.server.kerberos.shared.messages.components;
+
+/**
+ * A exception used when there was an error while creating a Ticket
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public class InvalidTicketException extends Exception
+{
+    static final long serialVersionUID = 1L;
+
+
+    public InvalidTicketException()
+    {
+        super();
+    }
+
+
+    public InvalidTicketException(String explanation)
+    {
+        super( explanation );
+    }
+
+}

Modified: directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/components/Ticket.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/components/Ticket.java?rev=578743&r1=578742&r2=578743&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/components/Ticket.java (original)
+++ directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/components/Ticket.java Mon Sep 24 03:18:05 2007
@@ -20,6 +20,10 @@
 package org.apache.directory.server.kerberos.shared.messages.components;
 
 
+import java.nio.BufferOverflowException;
+import java.nio.ByteBuffer;
+import java.text.ParseException;
+
 import javax.security.auth.kerberos.KerberosPrincipal;
 
 import org.apache.directory.server.kerberos.shared.messages.value.AuthorizationData;
@@ -27,8 +31,17 @@
 import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
 import org.apache.directory.server.kerberos.shared.messages.value.HostAddresses;
 import org.apache.directory.server.kerberos.shared.messages.value.KerberosTime;
-import org.apache.directory.server.kerberos.shared.messages.value.TicketFlags;
+import org.apache.directory.server.kerberos.shared.messages.value.PrincipalName;
 import org.apache.directory.server.kerberos.shared.messages.value.TransitedEncoding;
+import org.apache.directory.server.kerberos.shared.messages.value.flags.TicketFlags;
+import org.apache.directory.shared.asn1.AbstractAsn1Object;
+import org.apache.directory.shared.asn1.ber.tlv.TLV;
+import org.apache.directory.shared.asn1.ber.tlv.UniversalTag;
+import org.apache.directory.shared.asn1.ber.tlv.Value;
+import org.apache.directory.shared.asn1.codec.EncoderException;
+import org.apache.directory.shared.ldap.util.StringTools;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 
 /**
@@ -37,18 +50,45 @@
  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
  * @version $Rev$, $Date$
  */
-public class Ticket
+public class Ticket extends AbstractAsn1Object
 {
-    /**
-     * Constant for the {@link Ticket} version number (5).
-     */
+    /** The logger */
+    private static final Logger log = LoggerFactory.getLogger( Ticket.class );
+
+    /** Speedup for logs */
+    private static final boolean IS_DEBUG = log.isDebugEnabled();
+    
+    /** Constant for the {@link Ticket} version number (5) */
     public static final int TICKET_VNO = 5;
 
-    private int versionNumber;
+    /** The Kerberos verison number. Should be 5 */
+    private int tktvno;
+    
+    /** A storage for a byte array representation of the realm */
+    private byte[] realmBytes;
+    
+    /** The server principal name */
+    private PrincipalName sName;
+    
+    /** 
+     * Components of the name part of the server's identity.
+     * It includes the realm. 
+     **/
     private KerberosPrincipal serverPrincipal;
+    
+    /** The encoded part */
     private EncryptedData encPart;
+    
+    /** The encoded ticket part */
     private EncTicketPart encTicketPart;
 
+    // Storage for computed lengths
+    private transient int tktvnoLength;
+    private transient int realmLength;
+    private transient int sNameLength;
+    private transient int encPartLength;
+    private transient int ticketSeqLength;
+    private transient int ticketLength;
 
     /**
      * Creates a new instance of Ticket.
@@ -56,24 +96,44 @@
      * @param serverPrincipal
      * @param encPart
      */
-    public Ticket( KerberosPrincipal serverPrincipal, EncryptedData encPart )
+    public Ticket( KerberosPrincipal serverPrincipal, EncryptedData encPart ) throws InvalidTicketException
     {
         this( TICKET_VNO, serverPrincipal, encPart );
+
+        try
+        {
+            sName = new PrincipalName( serverPrincipal.getName(), serverPrincipal.getNameType() );
+        }
+        catch ( ParseException pe )
+        {
+            log.error( "Cannot create a ticket for the {} KerberosPrincipal, error : {}", serverPrincipal, pe.getMessage() );
+            throw new InvalidTicketException( "Cannot create a ticket : " + pe.getMessage() );
+        }
     }
 
 
     /**
      * Creates a new instance of Ticket.
      *
-     * @param versionNumber
+     * @param tktvno The kerberos version number
      * @param serverPrincipal
      * @param encPart
      */
-    public Ticket( int versionNumber, KerberosPrincipal serverPrincipal, EncryptedData encPart )
+    public Ticket( int tktvno, KerberosPrincipal serverPrincipal, EncryptedData encPart ) throws InvalidTicketException
     {
-        this.versionNumber = versionNumber;
+        this.tktvno = tktvno;
         this.serverPrincipal = serverPrincipal;
         this.encPart = encPart;
+        
+        try
+        {
+            sName = new PrincipalName( serverPrincipal.getName(), serverPrincipal.getNameType() );
+        }
+        catch ( ParseException pe )
+        {
+            log.error( "Cannot create a ticket for the {} KerberosPrincipal, error : {}", serverPrincipal, pe.getMessage() );
+            throw new InvalidTicketException( "Cannot create a ticket : " + pe.getMessage() );
+        }
     }
 
 
@@ -95,7 +155,7 @@
      */
     public int getVersionNumber()
     {
-        return versionNumber;
+        return tktvno;
     }
 
 
@@ -109,6 +169,16 @@
         return serverPrincipal;
     }
 
+    /**
+     * Returns the server {@link PrincipalName}.
+     *
+     * @return The server {@link Principalname}.
+     */
+    public PrincipalName getServerPrincipalName()
+    {
+        return sName;
+    }
+
 
     /**
      * Returns the server realm.
@@ -186,6 +256,16 @@
         return encTicketPart.getClientPrincipal();
     }
 
+    /**
+     * Returns the client {@link PrincipalName}.
+     *
+     * @return The client {@link PrincipalName}.
+     */
+    public PrincipalName getClientPrincipalName()
+    {
+        return encTicketPart.getClientPrincipalName();
+    }
+
 
     /**
      * Returns the client realm.
@@ -194,7 +274,7 @@
      */
     public String getClientRealm()
     {
-        return encTicketPart.getClientPrincipal().getRealm();
+        return encTicketPart.getClientRealm();
     }
 
 
@@ -219,6 +299,16 @@
         return encTicketPart.getFlags();
     }
 
+    /**
+     * Returns the integer value for the {@link TicketFlags}.
+     *
+     * @return The {@link TicketFlags}.
+     */
+    public int getFlagsIntValue()
+    {
+        return encTicketPart.getFlags().getIntValue();
+    }
+
 
     /**
      * Returns the renew till {@link KerberosTime}.
@@ -269,9 +359,131 @@
      *
      * @param flag
      * @return true if the flag at the given index is set.
-     */
+     */  
     public boolean getFlag( int flag )
     {
-        return encTicketPart.getFlags().get( flag );
+        return encTicketPart.getFlags().isFlagSet( flag );
+    }
+
+    /**
+     * Compute the Ticket length
+     * 
+     * Ticket :
+     * 
+     * 0x61 L1 Ticket [APPLICATION 1]
+     *  |
+     *  +--> 0x30 L2 Ticket SEQUENCE
+     *        |
+     *        +--> 0xA0 L3 tkt-vno tag
+     *        |     |
+     *        |     +--> 0x02 L3-1 tkt-vno (int, 5)
+     *        |
+     *        +--> 0xA1 L4 realm tag
+     *        |     |
+     *        |     +--> 0x1B L4-1 realm (KerberosString)
+     *        |
+     *        +--> 0xA2 L5 sname (PrincipalName)
+     *        |
+     *        +--> 0xA3 L6 enc-part (EncryptedData)
+     */
+    public int computeLength()
+    {
+        // Compute the Ticket version length.
+        tktvnoLength = 1 + TLV.getNbBytes( tktvno ) + Value.getNbBytes( tktvno );
+
+        // Compute the Ticket realm length.
+        realmBytes = StringTools.getBytesUtf8( serverPrincipal.getRealm() );
+        realmLength = 1 + TLV.getNbBytes( realmBytes.length ) + realmBytes.length;
+
+        // Compute the principal length
+        sNameLength = sName.computeLength();
+        
+        // Compute the encrypted data
+        encPartLength = encPart.computeLength();
+
+        // Compute the sequence size
+        ticketSeqLength = 
+            1 + TLV.getNbBytes( tktvnoLength ) + tktvnoLength +
+            1 + TLV.getNbBytes( realmLength ) + realmLength +
+            1 + TLV.getNbBytes( sNameLength ) + sNameLength + 
+            1 + TLV.getNbBytes( encPartLength ) + encPartLength;
+        
+        // compute the global size
+        ticketLength = 1 + TLV.getNbBytes( ticketSeqLength ) + ticketSeqLength;
+        
+        return 1 + TLV.getNbBytes( ticketLength ) + ticketLength;
+    }
+    
+    /**
+     * Encode the Ticket message to a PDU. 
+     * 
+     * Ticket :
+     * 
+     * 0x61 LL
+     *   0x30 LL
+     *     0xA0 LL tktvno 
+     *     0xA1 LL realm
+     *     0xA2 LL
+     *       sname (PrincipalName)
+     *     0xA3 LL
+     *       enc-part (EncryptedData)
+     * 
+     * @param buffer The buffer where to put the PDU. It should have been allocated
+     * before, with the right size.
+     * @return The constructed PDU.
+     */
+    public ByteBuffer encode( ByteBuffer buffer ) throws EncoderException
+    {
+        if ( buffer == null )
+        {
+            buffer = ByteBuffer.allocate( computeLength() );
+        }
+
+        try
+        {
+            // The Ticket APPLICATION Tag
+            buffer.put( (byte)0x61 );
+            buffer.put( TLV.getBytes( ticketLength ) );
+
+            // The Ticket SEQUENCE Tag
+            buffer.put( UniversalTag.SEQUENCE_TAG );
+            buffer.put( TLV.getBytes( ticketSeqLength ) );
+
+            // The tkt-vno Tag and value
+            buffer.put( ( byte ) 0xA0 );
+            buffer.put( TLV.getBytes( tktvnoLength ) );
+            Value.encode( buffer, tktvno );
+
+            // The realm Tag and value
+            buffer.put( ( byte ) 0xA1 );
+            buffer.put( TLV.getBytes( realmLength ) );
+            buffer.put( UniversalTag.GENERALIZED_STRING_TAG );
+            buffer.put( TLV.getBytes( realmBytes.length ) );
+            buffer.put( realmBytes );
+
+            // The sname Tag and value
+            buffer.put( ( byte ) 0xA2 );
+            buffer.put( TLV.getBytes( sNameLength ) );
+            sName.encode( buffer );
+            
+            // The encPartLength Tag and value
+            buffer.put( ( byte ) 0xA3 );
+            buffer.put( TLV.getBytes( encPartLength ) );
+            encPart.encode( buffer );
+        }
+        catch ( BufferOverflowException boe )
+        {
+            log.error( "Cannot encode the Ticket object, the PDU size is {} when only {} bytes has been allocated", 1
+                + TLV.getNbBytes( ticketLength ) + ticketLength, buffer.capacity() );
+            throw new EncoderException( "The PDU buffer size is too small !" );
+        }
+
+        if ( IS_DEBUG )
+        {
+            log.debug( "Ticket encoding : {}", StringTools.dumpBytes( buffer.array() ) );
+            log.debug( "Ticket initial value : {}", toString() );
+        }
+
+        return buffer;
     }
 }

Modified: directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/components/TicketModifier.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/components/TicketModifier.java?rev=578743&r1=578742&r2=578743&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/components/TicketModifier.java (original)
+++ directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/components/TicketModifier.java Mon Sep 24 03:18:05 2007
@@ -51,7 +51,14 @@
             serverPrincipal = serverModifier.getKerberosPrincipal();
         }
 
-        return new Ticket( ticketVersionNumber, serverPrincipal, encPart );
+        try
+        {
+            return new Ticket( ticketVersionNumber, serverPrincipal, encPart );
+        }
+        catch ( InvalidTicketException ite )
+        {
+            return null;
+        }
     }
 
 

Added: directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/value/AdAndOr.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/value/AdAndOr.java?rev=578743&view=auto
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/value/AdAndOr.java (added)
+++ directory/apacheds/branches/apacheds-kerberos/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/messages/value/AdAndOr.java Mon Sep 24 03:18:05 2007
@@ -0,0 +1,263 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.directory.server.kerberos.shared.messages.value;
+
+
+import java.nio.BufferOverflowException;
+import java.nio.ByteBuffer;
+import java.util.List;
+
+import org.apache.directory.shared.asn1.AbstractAsn1Object;
+import org.apache.directory.shared.asn1.ber.tlv.TLV;
+import org.apache.directory.shared.asn1.ber.tlv.UniversalTag;
+import org.apache.directory.shared.asn1.ber.tlv.Value;
+import org.apache.directory.shared.asn1.codec.EncoderException;
+import org.apache.directory.shared.ldap.util.StringTools;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+
+/**
+ * An AD AND-OR container. AD AND-OR are contained in the ad-data part
+ * of the AuthorizationData
+ * 
+ * The ASN.1 grammar is :
+ * 
+ * AD-AND-OR               ::= SEQUENCE {
+ *         condition-count [0] Int32,
+ *         elements        [1] AuthorizationData
+ * }
+ * 
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev: 540371 $, $Date: 2007-05-22 02:00:43 +0200 (Tue, 22 May 2007) $
+ */
+public class AdAndOr extends AbstractAsn1Object
+{
+    /** The logger */
+    private static final Logger log = LoggerFactory.getLogger( AdAndOr.class );
+
+    /** Speedup for logs */
+    private static final boolean IS_DEBUG = log.isDebugEnabled();
+
+    /** The number of AuthorizationData */
+    private int conditionCounts;
+
+    /** The list of AuthorizationData elements */
+    private AuthorizationData elements;
+
+    /** The OR condition is used when the conditionCounts value is 1 */
+    public static final int OR_CONDITION = 1;
+
+    // Storage for computed lengths
+    private transient int conditionCountsLength;
+    private transient int elementsLength;
+    private transient int adAndOrLength;
+
+
+    /**
+     * Creates a new instance of AdAndOr.
+     */
+    public AdAndOr()
+    {
+        // used by ASN.1 decoder
+    }
+
+
+    /**
+     * Sets {@link AuthorizationData} to this {@link AdAndOr}.
+     *
+     * @param elements the authorizationData
+     */
+    public void setAuthorizationData( AuthorizationData elements )
+    {
+        this.elements = elements;
+        conditionCounts = OR_CONDITION;
+    }
+
+
+    /**
+     * Sets {@link AuthorizationData} to this {@link AdAndOr}.
+     *
+     * @param elements the authorizationData
+     */
+    public void setORAuthorizationData( AuthorizationData elements )
+    {
+        this.elements = elements;
+        conditionCounts = OR_CONDITION;
+    }
+
+
+    /**
+     * Sets {@link AuthorizationData} to this {@link AdAndOr}.
+     *
+     * @param elements the authorizationData
+     */
+    public void setANDAuthorizationData( AuthorizationData elements )
+    {
+        this.elements = elements;
+
+        if ( elements != null )
+        {
+            List<AuthorizationDataEntry> entries = elements.getEntries();
+
+            if ( entries != null )
+            {
+                conditionCounts = elements.getEntries().size();
+            }
+            else
+            {
+                conditionCounts = OR_CONDITION;
+            }
+        }
+        else
+        {
+            conditionCounts = OR_CONDITION;
+        }
+    }
+
+
+    /**
+     * Sets {@link AuthorizationData} to this {@link AdAndOr}.
+     *
+     * @param elements the authorizationData
+     */
+    public void setConditionCounts( int conditionCounts )
+    {
+        this.conditionCounts = conditionCounts;
+    }
+
+
+    /**
+     * Compute the AdAndOr length
+     * 
+     * AdAndOr :
+     * 
+     * 0x30 L1 AdAndOr
+     *  |
+     *  +--> 0xA0 L2 conditionCounts tag
+     *  |     |
+     *  |     +--> 0x02 L2-1 conditionCounts (int)
+     *  |
+     *  +--> 0xA1 L3 AuthorizationData
+     *        |
+     *        +--> 0x02 L3-1 AuthorizationData object
+     */
+    public int computeLength()
+    {
+        // Compute the AdAndOr length.
+        conditionCountsLength = 1 + TLV.getNbBytes( conditionCounts ) + Value.getNbBytes( conditionCounts );
+
+        adAndOrLength = 1 + TLV.getNbBytes( conditionCountsLength ) + conditionCountsLength;
+
+        if ( elements != null )
+        {
+            elementsLength = elements.computeLength();
+            adAndOrLength += 1 + TLV.getNbBytes( elementsLength ) + elementsLength;
+        }
+
+        return 1 + TLV.getNbBytes( adAndOrLength ) + adAndOrLength;
+    }
+
+
+    /**
+     * Encode the AdAndOr message to a PDU. 
+     * 
+     * AdAndOr :
+     * 
+     * 0x30 LL
+     *   0xA0 LL conditionCounts 
+     *   0xA1 LL 
+     *     AuthorizationData
+     * 
+     * @param buffer The buffer where to put the PDU. It should have been allocated
+     * before, with the right size.
+     * @return The constructed PDU.
+     */
+    public ByteBuffer encode( ByteBuffer buffer ) throws EncoderException
+    {
+        if ( buffer == null )
+        {
+            throw new EncoderException( "Cannot put a PDU in a null buffer !" );
+        }
+
+        try
+        {
+            // The AdAndOr SEQ Tag
+            buffer.put( UniversalTag.SEQUENCE_TAG );
+            buffer.put( TLV.getBytes( adAndOrLength ) );
+
+            // The conditionCounts Tag and value
+            buffer.put( ( byte ) 0xA0 );
+            buffer.put( TLV.getBytes( conditionCountsLength ) );
+            Value.encode( buffer, conditionCounts );
+
+            // The elements Tag and value
+            buffer.put( ( byte ) 0xA1 );
+            buffer.put( TLV.getBytes( elementsLength ) );
+            elements.encode( buffer );
+        }
+        catch ( BufferOverflowException boe )
+        {
+            log.error( "Cannot encode the AdAndOr object, the PDU size is {} when only {} bytes has been allocated", 1
+                + TLV.getNbBytes( adAndOrLength ) + adAndOrLength, buffer.capacity() );
+            throw new EncoderException( "The PDU buffer size is too small !" );
+        }
+
+        if ( IS_DEBUG )
+        {
+            log.debug( "AdAndOr encoding : {}", StringTools.dumpBytes( buffer.array() ) );
+            log.debug( "AdAndOr initial value : {}", toString() );
+        }
+
+        return buffer;
+    }
+
+
+    /**
+     * @see Object#toString()
+     */
+    public String toString()
+    {
+        return toString( "" );
+    }
+
+
+    /**
+     * @see Object#toString()
+     */
+    public String toString( String tabs )
+    {
+        StringBuilder sb = new StringBuilder();
+
+        sb.append( tabs ).append( "AdAndOr : {\n" );
+        sb.append( tabs ).append( "    condition-counts: " );
+
+        sb.append( ( conditionCounts == OR_CONDITION ) ? "OR\n" : "AND\n" );
+
+        if ( elements != null )
+        {
+            sb.append( elements.toString( tabs + "    " ) ).append( '\n' );
+        }
+
+        sb.append( tabs + "}\n" );
+
+        return sb.toString();
+    }
+}



Mime
View raw message