directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From elecha...@apache.org
Subject svn commit: r589782 [1/2] - in /directory/apacheds/branches/bigbang/protocol-kerberos/src: main/java/org/apache/directory/server/kerberos/kdc/authentication/ main/java/org/apache/directory/server/kerberos/kdc/preauthentication/ main/java/org/apache/dir...
Date Mon, 29 Oct 2007 18:17:43 GMT
Author: elecharny
Date: Mon Oct 29 11:17:35 2007
New Revision: 589782

URL: http://svn.apache.org/viewvc?rev=589782&view=rev
Log:
o Align this project with the modification made in Ticket
o Removed the Authentication chain

Added:
    directory/apacheds/branches/bigbang/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationService.java
      - copied, changed from r588233, directory/apacheds/branches/bigbang/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/ConfigureAuthenticationChain.java
Removed:
    directory/apacheds/branches/bigbang/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationServiceChain.java
    directory/apacheds/branches/bigbang/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/BuildReply.java
    directory/apacheds/branches/bigbang/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/ConfigureAuthenticationChain.java
    directory/apacheds/branches/bigbang/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/GenerateTicket.java
    directory/apacheds/branches/bigbang/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/GetClientEntry.java
    directory/apacheds/branches/bigbang/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/GetServerEntry.java
    directory/apacheds/branches/bigbang/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/MonitorContext.java
    directory/apacheds/branches/bigbang/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/SealReply.java
    directory/apacheds/branches/bigbang/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/VerifyPolicy.java
    directory/apacheds/branches/bigbang/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/preauthentication/
Modified:
    directory/apacheds/branches/bigbang/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationContext.java
    directory/apacheds/branches/bigbang/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/BuildReply.java
    directory/apacheds/branches/bigbang/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/GenerateTicket.java
    directory/apacheds/branches/bigbang/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/MonitorContext.java
    directory/apacheds/branches/bigbang/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/SealReply.java
    directory/apacheds/branches/bigbang/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/protocol/KerberosProtocolHandler.java
    directory/apacheds/branches/bigbang/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/AbstractTicketGrantingServiceTest.java
    directory/apacheds/branches/bigbang/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/AuthenticationEncryptionTypeTest.java
    directory/apacheds/branches/bigbang/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/AuthenticationPolicyTest.java
    directory/apacheds/branches/bigbang/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/AuthenticationServiceTest.java
    directory/apacheds/branches/bigbang/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/PreAuthenticationTest.java
    directory/apacheds/branches/bigbang/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/TicketGrantingServiceTest.java

Modified: directory/apacheds/branches/bigbang/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationContext.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationContext.java?rev=589782&r1=589781&r2=589782&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationContext.java (original)
+++ directory/apacheds/branches/bigbang/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationContext.java Mon Oct 29 11:17:35 2007
@@ -20,9 +20,6 @@
 package org.apache.directory.server.kerberos.kdc.authentication;
 
 
-import java.util.HashMap;
-import java.util.Map;
-
 import org.apache.directory.server.kerberos.kdc.KdcContext;
 import org.apache.directory.server.kerberos.shared.messages.components.Ticket;
 import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
@@ -38,7 +35,7 @@
 {
     private static final long serialVersionUID = -2249170923251265359L;
 
-    private Map checksumEngines = new HashMap();
+    //private Map checksumEngines = new HashMap();
 
     private Ticket ticket;
     private EncryptionKey clientKey;
@@ -88,7 +85,7 @@
 
     /**
      * @return Returns the checksumEngines.
-     */
+     *
     public Map getChecksumEngines()
     {
         return checksumEngines;
@@ -97,7 +94,7 @@
 
     /**
      * @param checksumEngines The checksumEngines to set.
-     */
+     *
     public void setChecksumEngines( Map checksumEngines )
     {
         this.checksumEngines = checksumEngines;

Copied: directory/apacheds/branches/bigbang/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationService.java (from r588233, directory/apacheds/branches/bigbang/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/ConfigureAuthenticationChain.java)
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationService.java?p2=directory/apacheds/branches/bigbang/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationService.java&p1=directory/apacheds/branches/bigbang/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/ConfigureAuthenticationChain.java&r1=588233&r2=589782&rev=589782&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/ConfigureAuthenticationChain.java (original)
+++ directory/apacheds/branches/bigbang/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationService.java Mon Oct 29 11:17:35 2007
@@ -20,45 +20,846 @@
 package org.apache.directory.server.kerberos.kdc.authentication;
 
 
+import java.io.IOException;
+import java.net.InetAddress;
+import java.util.Date;
+
+import javax.security.auth.kerberos.KerberosKey;
+import javax.security.auth.kerberos.KerberosPrincipal;
+
+import org.apache.directory.server.kerberos.kdc.KdcContext;
+import org.apache.directory.server.kerberos.kdc.KdcServer;
+import org.apache.directory.server.kerberos.kdc.SelectEncryptionType;
+import org.apache.directory.server.kerberos.sam.SamException;
+import org.apache.directory.server.kerberos.sam.SamSubsystem;
+import org.apache.directory.server.kerberos.shared.KerberosConstants;
 import org.apache.directory.server.kerberos.shared.crypto.encryption.CipherTextHandler;
+import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
+import org.apache.directory.server.kerberos.shared.crypto.encryption.KeyUsage;
+import org.apache.directory.server.kerberos.shared.crypto.encryption.RandomKeyFactory;
 import org.apache.directory.server.kerberos.shared.exceptions.ErrorType;
 import org.apache.directory.server.kerberos.shared.exceptions.KerberosException;
+import org.apache.directory.server.kerberos.shared.io.decoder.EncryptedDataDecoder;
+import org.apache.directory.server.kerberos.shared.io.encoder.EncryptionTypeInfoEncoder;
+import org.apache.directory.server.kerberos.shared.io.encoder.PreAuthenticationDataEncoder;
+import org.apache.directory.server.kerberos.shared.messages.AuthenticationReply;
+import org.apache.directory.server.kerberos.shared.messages.KdcReply;
+import org.apache.directory.server.kerberos.shared.messages.KdcRequest;
+import org.apache.directory.server.kerberos.shared.messages.components.EncTicketPart;
+import org.apache.directory.server.kerberos.shared.messages.components.EncTicketPartModifier;
+import org.apache.directory.server.kerberos.shared.messages.components.InvalidTicketException;
+import org.apache.directory.server.kerberos.shared.messages.components.Ticket;
+import org.apache.directory.server.kerberos.shared.messages.value.EncryptedData;
+import org.apache.directory.server.kerberos.shared.messages.value.EncryptedTimeStamp;
+import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
+import org.apache.directory.server.kerberos.shared.messages.value.EncryptionTypeInfoEntry;
+import org.apache.directory.server.kerberos.shared.messages.value.KdcOptions;
+import org.apache.directory.server.kerberos.shared.messages.value.KerberosTime;
+import org.apache.directory.server.kerberos.shared.messages.value.LastRequest;
+import org.apache.directory.server.kerberos.shared.messages.value.PaData;
+import org.apache.directory.server.kerberos.shared.messages.value.TicketFlags;
+import org.apache.directory.server.kerberos.shared.messages.value.TransitedEncoding;
+import org.apache.directory.server.kerberos.shared.messages.value.types.PaDataType;
 import org.apache.directory.server.kerberos.shared.replay.InMemoryReplayCache;
 import org.apache.directory.server.kerberos.shared.replay.ReplayCache;
+import org.apache.directory.server.kerberos.shared.store.PrincipalStore;
+import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntry;
 import org.apache.mina.common.IoSession;
-import org.apache.mina.handler.chain.IoHandlerCommand;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 
 /**
  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
  * @version $Rev$, $Date$
  */
-public class ConfigureAuthenticationChain implements IoHandlerCommand
+public class AuthenticationService
 {
+    /** The log for this class. */
+    private static final Logger LOG = LoggerFactory.getLogger( SelectEncryptionType.class );
+
     private static final ReplayCache replayCache = new InMemoryReplayCache();
     private static final CipherTextHandler cipherTextHandler = new CipherTextHandler();
 
-    private String contextKey = "context";
+    private static final String CONTEXT_KEY = "context";
+    private static final String SERVICE_NAME = "Authentication Service (AS)";
 
 
-    public void execute( NextCommand next, IoSession session, Object message ) throws Exception
+    public static void execute( IoSession session, AuthenticationContext authContext, Object message ) throws Exception
     {
-        AuthenticationContext authContext = ( AuthenticationContext ) session.getAttribute( getContextKey() );
+        KdcContext kdcContext = ( KdcContext ) session.getAttribute( CONTEXT_KEY );
 
+        if ( LOG.isDebugEnabled() )
+        {
+            monitorRequest( kdcContext );
+        }
+        
         authContext.setReplayCache( replayCache );
         authContext.setCipherTextHandler( cipherTextHandler );
 
-        if ( authContext.getRequest().getProtocolVersionNumber() != 5 )
+        if ( authContext.getRequest().getProtocolVersionNumber() != KerberosConstants.KERBEROS_V5 )
         {
             throw new KerberosException( ErrorType.KDC_ERR_BAD_PVNO );
         }
 
-        next.execute( session, message );
+        selectEncryptionType( authContext, session, message );
+    }
+    
+    private static void selectEncryptionType( AuthenticationContext authContext, IoSession session, Object message ) throws KerberosException, InvalidTicketException
+    {
+        KdcContext kdcContext = ( KdcContext ) session.getAttribute( CONTEXT_KEY );
+        KdcServer config = kdcContext.getConfig();
+
+        EncryptionType[] requestedTypes = kdcContext.getRequest().getEType();
+
+        EncryptionType bestType = getBestEncryptionType( requestedTypes, config.getEncryptionTypes() );
+
+        LOG.debug( "Session will use encryption type {}.", bestType );
+
+        if ( bestType == null )
+        {
+            throw new KerberosException( ErrorType.KDC_ERR_ETYPE_NOSUPP );
+        }
+
+        kdcContext.setEncryptionType( bestType );
+
+        getClientEntry( authContext, session, message );
+    }
+
+    
+    private static void getClientEntry( AuthenticationContext authContext, IoSession session, Object message ) throws KerberosException, InvalidTicketException
+    {
+        KerberosPrincipal principal = authContext.getRequest().getClientPrincipal();
+        PrincipalStore store = authContext.getStore();
+
+        PrincipalStoreEntry storeEntry = getEntry( principal, store, ErrorType.KDC_ERR_C_PRINCIPAL_UNKNOWN ); 
+        authContext.setClientEntry( storeEntry );
+
+        verifyPolicy( authContext, session, message );
+    }
+    
+    private static void verifyPolicy( AuthenticationContext authContext, IoSession session, Object message ) throws KerberosException, InvalidTicketException
+    {
+        PrincipalStoreEntry entry = authContext.getClientEntry();
+
+        if ( entry.isDisabled() )
+        {
+            throw new KerberosException( ErrorType.KDC_ERR_CLIENT_REVOKED );
+        }
+
+        if ( entry.isLockedOut() )
+        {
+            throw new KerberosException( ErrorType.KDC_ERR_CLIENT_REVOKED );
+        }
+
+        if ( entry.getExpiration().getTime() < new Date().getTime() )
+        {
+            throw new KerberosException( ErrorType.KDC_ERR_CLIENT_REVOKED );
+        }
+
+        verifySam( authContext, session, message );
+    }
+    
+    
+    private static void verifySam( AuthenticationContext authContext, IoSession session, Object message ) throws KerberosException, InvalidTicketException
+    {
+        LOG.debug( "Verifying using SAM subsystem." );
+        KdcRequest request = authContext.getRequest();
+        KdcServer config = authContext.getConfig();
+
+        PrincipalStoreEntry clientEntry = authContext.getClientEntry();
+        String clientName = clientEntry.getPrincipal().getName();
+
+        EncryptionKey clientKey = null;
+
+        if ( clientEntry.getSamType() != null )
+        {
+            if ( LOG.isDebugEnabled() )
+            {
+                LOG.debug( "Entry for client principal {} has a valid SAM type.  Invoking SAM subsystem for pre-authentication.", clientName );
+            }
+
+            PaData[] preAuthData = request.getPreAuthData();
+
+            if ( preAuthData == null || preAuthData.length == 0 )
+            {
+                throw new KerberosException( ErrorType.KDC_ERR_PREAUTH_REQUIRED, preparePreAuthenticationError( config
+                    .getEncryptionTypes() ) );
+            }
+
+            try
+            {
+                for ( int ii = 0; ii < preAuthData.length; ii++ )
+                {
+                    if ( preAuthData[ii].getPaDataType().equals( PaDataType.PA_ENC_TIMESTAMP ) )
+                    {
+                        KerberosKey samKey = SamSubsystem.getInstance().verify( clientEntry,
+                            preAuthData[ii].getPaDataValue() );
+                        clientKey = new EncryptionKey( EncryptionType.getTypeByOrdinal( samKey.getKeyType() ), samKey
+                            .getEncoded() );
+                    }
+                }
+            }
+            catch ( SamException se )
+            {
+                throw new KerberosException( ErrorType.KRB_ERR_GENERIC, se );
+            }
+
+            authContext.setClientKey( clientKey );
+            authContext.setPreAuthenticated( true );
+
+            if ( LOG.isDebugEnabled() )
+            {
+                LOG.debug( "Pre-authentication using SAM subsystem successful for {}.", clientName );
+            }
+        }
+
+        verifyEncryptedTimestamp( authContext, session, message );
     }
+    
+    
+    private static void verifyEncryptedTimestamp( AuthenticationContext authContext, IoSession session, Object message ) throws KerberosException, InvalidTicketException
+    {
+        if ( authContext.getClientKey() != null )
+        {
+            getServerEntry( authContext, session, message );
+        }
+
+        LOG.debug( "Verifying using encrypted timestamp." );
+        
+        KdcServer config = authContext.getConfig();
+        KdcRequest request = authContext.getRequest();
+        CipherTextHandler cipherTextHandler = authContext.getCipherTextHandler();
+        PrincipalStoreEntry clientEntry = authContext.getClientEntry();
+        String clientName = clientEntry.getPrincipal().getName();
+
+        EncryptionKey clientKey = null;
+
+        if ( clientEntry.getSamType() == null )
+        {
+            if ( LOG.isDebugEnabled() )
+            {
+                LOG.debug(
+                    "Entry for client principal {} has no SAM type.  Proceeding with standard pre-authentication.",
+                    clientName );
+            }
+
+            EncryptionType encryptionType = authContext.getEncryptionType();
+            clientKey = clientEntry.getKeyMap().get( encryptionType );
+
+            if ( clientKey == null )
+            {
+                throw new KerberosException( ErrorType.KDC_ERR_NULL_KEY );
+            }
+
+            if ( config.isPaEncTimestampRequired() )
+            {
+                PaData[] preAuthData = request.getPreAuthData();
+
+                if ( preAuthData == null )
+                {
+                    throw new KerberosException( ErrorType.KDC_ERR_PREAUTH_REQUIRED,
+                        preparePreAuthenticationError( config.getEncryptionTypes() ) );
+                }
+
+                EncryptedTimeStamp timestamp = null;
+
+                for ( int ii = 0; ii < preAuthData.length; ii++ )
+                {
+                    if ( preAuthData[ii].getPaDataType().equals( PaDataType.PA_ENC_TIMESTAMP ) )
+                    {
+                        EncryptedData dataValue;
+
+                        try
+                        {
+                            dataValue = EncryptedDataDecoder.decode( preAuthData[ii].getPaDataValue() );
+                        }
+                        catch ( IOException ioe )
+                        {
+                            throw new KerberosException( ErrorType.KRB_AP_ERR_BAD_INTEGRITY, ioe );
+                        }
+                        catch ( ClassCastException cce )
+                        {
+                            throw new KerberosException( ErrorType.KRB_AP_ERR_BAD_INTEGRITY, cce );
+                        }
+
+                        timestamp = ( EncryptedTimeStamp ) cipherTextHandler.unseal( EncryptedTimeStamp.class,
+                            clientKey, dataValue, KeyUsage.NUMBER1 );
+                    }
+                }
 
+                if ( preAuthData.length > 0 && timestamp == null )
+                {
+                    throw new KerberosException( ErrorType.KDC_ERR_PADATA_TYPE_NOSUPP );
+                }
 
-    protected String getContextKey()
+                if ( timestamp == null )
+                {
+                    throw new KerberosException( ErrorType.KDC_ERR_PREAUTH_REQUIRED,
+                        preparePreAuthenticationError( config.getEncryptionTypes() ) );
+                }
+
+                if ( !timestamp.getTimeStamp().isInClockSkew( config.getAllowableClockSkew() ) )
+                {
+                    throw new KerberosException( ErrorType.KDC_ERR_PREAUTH_FAILED );
+                }
+
+                /*
+                 * if(decrypted_enc_timestamp and usec is replay)
+                 *         error_out(KDC_ERR_PREAUTH_FAILED);
+                 * endif
+                 * 
+                 * add decrypted_enc_timestamp and usec to replay cache;
+                 */
+            }
+        }
+
+        authContext.setClientKey( clientKey );
+        authContext.setPreAuthenticated( true );
+
+        if ( LOG.isDebugEnabled() )
+        {
+            LOG.debug( "Pre-authentication by encrypted timestamp successful for {}.", clientName );
+        }
+
+        getServerEntry( authContext, session, message );
+    }
+    
+    
+    private static void getServerEntry( AuthenticationContext authContext, IoSession session, Object message ) throws KerberosException, InvalidTicketException
+    {
+        KerberosPrincipal principal = authContext.getRequest().getServerPrincipal();
+        PrincipalStore store = authContext.getStore();
+    
+        authContext.setServerEntry( getEntry( principal, store, ErrorType.KDC_ERR_S_PRINCIPAL_UNKNOWN ) );
+    
+        generateTicket( authContext, session, message );
+    }    
+    
+    
+    private static void generateTicket( AuthenticationContext authContext, IoSession session, Object message ) throws KerberosException, InvalidTicketException
     {
-        return ( this.contextKey );
+        KdcRequest request = authContext.getRequest();
+        CipherTextHandler cipherTextHandler = authContext.getCipherTextHandler();
+        KerberosPrincipal serverPrincipal = request.getServerPrincipal();
+
+        EncryptionType encryptionType = authContext.getEncryptionType();
+        EncryptionKey serverKey = authContext.getServerEntry().getKeyMap().get( encryptionType );
+
+        KerberosPrincipal ticketPrincipal = request.getServerPrincipal();
+        EncTicketPartModifier newTicketBody = new EncTicketPartModifier();
+        KdcServer config = authContext.getConfig();
+
+        // The INITIAL flag indicates that a ticket was issued using the AS protocol.
+        newTicketBody.setFlag( TicketFlags.INITIAL );
+
+        // The PRE-AUTHENT flag indicates that the client used pre-authentication.
+        if ( authContext.isPreAuthenticated() )
+        {
+            newTicketBody.setFlag( TicketFlags.PRE_AUTHENT );
+        }
+
+        if ( request.getOption( KdcOptions.FORWARDABLE ) )
+        {
+            if ( !config.isForwardableAllowed() )
+            {
+                throw new KerberosException( ErrorType.KDC_ERR_POLICY );
+            }
+
+            newTicketBody.setFlag( TicketFlags.FORWARDABLE );
+        }
+
+        if ( request.getOption( KdcOptions.PROXIABLE ) )
+        {
+            if ( !config.isProxiableAllowed() )
+            {
+                throw new KerberosException( ErrorType.KDC_ERR_POLICY );
+            }
+
+            newTicketBody.setFlag( TicketFlags.PROXIABLE );
+        }
+
+        if ( request.getOption( KdcOptions.ALLOW_POSTDATE ) )
+        {
+            if ( !config.isPostdatedAllowed() )
+            {
+                throw new KerberosException( ErrorType.KDC_ERR_POLICY );
+            }
+
+            newTicketBody.setFlag( TicketFlags.MAY_POSTDATE );
+        }
+
+        if ( request.getOption( KdcOptions.RENEW ) || request.getOption( KdcOptions.VALIDATE )
+            || request.getOption( KdcOptions.PROXY ) || request.getOption( KdcOptions.FORWARDED )
+            || request.getOption( KdcOptions.ENC_TKT_IN_SKEY ) )
+        {
+            throw new KerberosException( ErrorType.KDC_ERR_BADOPTION );
+        }
+
+        EncryptionKey sessionKey = RandomKeyFactory.getRandomKey( authContext.getEncryptionType() );
+        newTicketBody.setSessionKey( sessionKey );
+
+        newTicketBody.setClientPrincipal( request.getClientPrincipal() );
+        newTicketBody.setTransitedEncoding( new TransitedEncoding() );
+
+        KerberosTime now = new KerberosTime();
+
+        newTicketBody.setAuthTime( now );
+
+        KerberosTime startTime = request.getFrom();
+
+        /*
+         * "If the requested starttime is absent, indicates a time in the past,
+         * or is within the window of acceptable clock skew for the KDC and the
+         * POSTDATE option has not been specified, then the starttime of the
+         * ticket is set to the authentication server's current time."
+         */
+        if ( startTime == null || startTime.lessThan( now ) || startTime.isInClockSkew( config.getAllowableClockSkew() )
+            && !request.getOption( KdcOptions.POSTDATED ) )
+        {
+            startTime = now;
+        }
+
+        /*
+         * "If it indicates a time in the future beyond the acceptable clock skew,
+         * but the POSTDATED option has not been specified, then the error
+         * KDC_ERR_CANNOT_POSTDATE is returned."
+         */
+        if ( startTime != null && startTime.greaterThan( now )
+            && !startTime.isInClockSkew( config.getAllowableClockSkew() ) && !request.getOption( KdcOptions.POSTDATED ) )
+        {
+            throw new KerberosException( ErrorType.KDC_ERR_CANNOT_POSTDATE );
+        }
+
+        /*
+         * "Otherwise the requested starttime is checked against the policy of the
+         * local realm and if the ticket's starttime is acceptable, it is set as
+         * requested, and the INVALID flag is set in the new ticket."
+         */
+        if ( request.getOption( KdcOptions.POSTDATED ) )
+        {
+            if ( !config.isPostdatedAllowed() )
+            {
+                throw new KerberosException( ErrorType.KDC_ERR_POLICY );
+            }
+
+            newTicketBody.setFlag( TicketFlags.POSTDATED );
+            newTicketBody.setFlag( TicketFlags.INVALID );
+            newTicketBody.setStartTime( startTime );
+        }
+
+        long till = 0;
+        if ( request.getTill().getTime() == 0 )
+        {
+            till = Long.MAX_VALUE;
+        }
+        else
+        {
+            till = request.getTill().getTime();
+        }
+
+        /*
+         * The end time is the minimum of (a) the requested till time or (b)
+         * the start time plus maximum lifetime as configured in policy.
+         */
+        long endTime = Math.min( till, startTime.getTime() + config.getMaximumTicketLifetime() );
+        KerberosTime kerberosEndTime = new KerberosTime( endTime );
+        newTicketBody.setEndTime( kerberosEndTime );
+
+        /*
+         * "If the requested expiration time minus the starttime (as determined
+         * above) is less than a site-determined minimum lifetime, an error
+         * message with code KDC_ERR_NEVER_VALID is returned."
+         */
+        if ( kerberosEndTime.lessThan( startTime ) )
+        {
+            throw new KerberosException( ErrorType.KDC_ERR_NEVER_VALID );
+        }
+
+        long ticketLifeTime = Math.abs( startTime.getTime() - kerberosEndTime.getTime() );
+        if ( ticketLifeTime < config.getAllowableClockSkew() )
+        {
+            throw new KerberosException( ErrorType.KDC_ERR_NEVER_VALID );
+        }
+
+        /*
+         * "If the requested expiration time for the ticket exceeds what was determined
+         * as above, and if the 'RENEWABLE-OK' option was requested, then the 'RENEWABLE'
+         * flag is set in the new ticket, and the renew-till value is set as if the
+         * 'RENEWABLE' option were requested."
+         */
+        KerberosTime tempRtime = request.getRtime();
+
+        if ( request.getOption( KdcOptions.RENEWABLE_OK ) && request.getTill().greaterThan( kerberosEndTime ) )
+        {
+            if ( !config.isRenewableAllowed() )
+            {
+                throw new KerberosException( ErrorType.KDC_ERR_POLICY );
+            }
+
+            request.setOption( KdcOptions.RENEWABLE );
+            tempRtime = request.getTill();
+        }
+
+        if ( request.getOption( KdcOptions.RENEWABLE ) )
+        {
+            if ( !config.isRenewableAllowed() )
+            {
+                throw new KerberosException( ErrorType.KDC_ERR_POLICY );
+            }
+
+            newTicketBody.setFlag( TicketFlags.RENEWABLE );
+
+            if ( tempRtime == null || tempRtime.isZero() )
+            {
+                tempRtime = KerberosTime.INFINITY;
+            }
+
+            /*
+             * The renew-till time is the minimum of (a) the requested renew-till
+             * time or (b) the start time plus maximum renewable lifetime as
+             * configured in policy.
+             */
+            long renewTill = Math.min( tempRtime.getTime(), startTime.getTime() + config.getMaximumRenewableLifetime() );
+            newTicketBody.setRenewTill( new KerberosTime( renewTill ) );
+        }
+
+        if ( request.getAddresses() != null && request.getAddresses().getAddresses() != null
+            && request.getAddresses().getAddresses().length > 0 )
+        {
+            newTicketBody.setClientAddresses( request.getAddresses() );
+        }
+        else
+        {
+            if ( !config.isEmptyAddressesAllowed() )
+            {
+                throw new KerberosException( ErrorType.KDC_ERR_POLICY );
+            }
+        }
+
+        EncTicketPart ticketPart = newTicketBody.getEncTicketPart();
+
+        EncryptedData encryptedData = cipherTextHandler.seal( serverKey, ticketPart, KeyUsage.NUMBER2 );
+
+        Ticket newTicket = new Ticket( ticketPrincipal, encryptedData );
+        newTicket.setEncTicketPart( ticketPart );
+
+        if ( LOG.isDebugEnabled() )
+        {
+            LOG.debug( "Ticket will be issued for access to {}.", serverPrincipal.toString() );
+        }
+
+        authContext.setTicket( newTicket );
+
+        buildReply( authContext, session, message );
+    }
+    
+    
+    private static void buildReply( AuthenticationContext authContext, IoSession session, Object message ) throws KerberosException, InvalidTicketException
+    {
+        KdcRequest request = authContext.getRequest();
+        Ticket ticket = authContext.getTicket();
+
+        AuthenticationReply reply = new AuthenticationReply();
+
+        reply.setClientPrincipal( request.getClientPrincipal() );
+        reply.setTicket( ticket );
+        reply.setKey( ticket.getEncTicketPart().getSessionKey() );
+
+        // TODO - fetch lastReq for this client; requires store
+        reply.setLastRequest( new LastRequest() );
+        // TODO - resp.key-expiration := client.expiration; requires store
+
+        reply.setNonce( request.getNonce() );
+
+        reply.setFlags( ticket.getEncTicketPart().getFlags() );
+        reply.setAuthTime( ticket.getEncTicketPart().getAuthTime() );
+        reply.setStartTime( ticket.getEncTicketPart().getStartTime() );
+        reply.setEndTime( ticket.getEncTicketPart().getEndTime() );
+
+        if ( ticket.getEncTicketPart().getFlags().get( TicketFlags.RENEWABLE ) )
+        {
+            reply.setRenewTill( ticket.getEncTicketPart().getRenewTill() );
+        }
+
+        reply.setServerPrincipal( ticket.getServerPrincipal() );
+        reply.setClientAddresses( ticket.getEncTicketPart().getClientAddresses() );
+
+        authContext.setReply( reply );
+
+        if ( LOG.isDebugEnabled() )
+        {
+            monitorContext( authContext );
+            monitorReply( ( KdcContext ) session.getAttribute( CONTEXT_KEY ) );
+        }
+        
+        sealReply( authContext, session, message );
+    }
+    
+    
+    private static void sealReply( AuthenticationContext authContext, IoSession session, Object message ) throws KerberosException, InvalidTicketException
+    {
+        AuthenticationReply reply = ( AuthenticationReply ) authContext.getReply();
+        EncryptionKey clientKey = authContext.getClientKey();
+        CipherTextHandler cipherTextHandler = authContext.getCipherTextHandler();
+
+        EncryptedData encryptedData = cipherTextHandler.seal( clientKey, reply, KeyUsage.NUMBER3 );
+        reply.setEncPart( encryptedData );
+
+        //next.execute( session, message );
+    }
+    
+    
+    private static void monitorRequest( KdcContext kdcContext )
+    {
+        KdcRequest request = kdcContext.getRequest();
+
+        if ( LOG.isDebugEnabled() )
+        {
+            try
+            {
+                String clientAddress = kdcContext.getClientAddress().getHostAddress();
+
+                StringBuffer sb = new StringBuffer();
+
+                sb.append( "Received " + SERVICE_NAME + " request:" );
+                sb.append( "\n\t" + "messageType:           " + request.getMessageType() );
+                sb.append( "\n\t" + "protocolVersionNumber: " + request.getProtocolVersionNumber() );
+                sb.append( "\n\t" + "clientAddress:         " + clientAddress );
+                sb.append( "\n\t" + "nonce:                 " + request.getNonce() );
+                sb.append( "\n\t" + "kdcOptions:            " + request.getKdcOptions() );
+                sb.append( "\n\t" + "clientPrincipal:       " + request.getClientPrincipal() );
+                sb.append( "\n\t" + "serverPrincipal:       " + request.getServerPrincipal() );
+                sb.append( "\n\t" + "encryptionType:        " + getEncryptionTypes( request ) );
+                sb.append( "\n\t" + "realm:                 " + request.getRealm() );
+                sb.append( "\n\t" + "from time:             " + request.getFrom() );
+                sb.append( "\n\t" + "till time:             " + request.getTill() );
+                sb.append( "\n\t" + "renew-till time:       " + request.getRtime() );
+                sb.append( "\n\t" + "hostAddresses:         " + request.getAddresses() );
+
+                LOG.debug( sb.toString() );
+            }
+            catch ( Exception e )
+            {
+                // This is a monitor.  No exceptions should bubble up.
+                LOG.error( "Error in request monitor", e );
+            }
+        }
+    }
+    
+    private static void monitorContext( AuthenticationContext authContext )
+    {
+        try
+        {
+            long clockSkew = authContext.getConfig().getAllowableClockSkew();
+            InetAddress clientAddress = authContext.getClientAddress();
+
+            StringBuilder sb = new StringBuilder();
+
+            sb.append( "Monitoring " + SERVICE_NAME + " context:" );
+
+            sb.append( "\n\t" + "clockSkew              " + clockSkew );
+            sb.append( "\n\t" + "clientAddress          " + clientAddress );
+
+            KerberosPrincipal clientPrincipal = authContext.getClientEntry().getPrincipal();
+            PrincipalStoreEntry clientEntry = authContext.getClientEntry();
+
+            sb.append( "\n\t" + "principal              " + clientPrincipal );
+            sb.append( "\n\t" + "cn                     " + clientEntry.getCommonName() );
+            sb.append( "\n\t" + "realm                  " + clientEntry.getRealmName() );
+            sb.append( "\n\t" + "principal              " + clientEntry.getPrincipal() );
+            sb.append( "\n\t" + "SAM type               " + clientEntry.getSamType() );
+
+            KerberosPrincipal serverPrincipal = authContext.getRequest().getServerPrincipal();
+            PrincipalStoreEntry serverEntry = authContext.getServerEntry();
+
+            sb.append( "\n\t" + "principal              " + serverPrincipal );
+            sb.append( "\n\t" + "cn                     " + serverEntry.getCommonName() );
+            sb.append( "\n\t" + "realm                  " + serverEntry.getRealmName() );
+            sb.append( "\n\t" + "principal              " + serverEntry.getPrincipal() );
+            sb.append( "\n\t" + "SAM type               " + serverEntry.getSamType() );
+
+            EncryptionType encryptionType = authContext.getEncryptionType();
+            int clientKeyVersion = clientEntry.getKeyMap().get( encryptionType ).getKeyVersion();
+            int serverKeyVersion = serverEntry.getKeyMap().get( encryptionType ).getKeyVersion();
+            sb.append( "\n\t" + "Request key type       " + encryptionType );
+            sb.append( "\n\t" + "Client key version     " + clientKeyVersion );
+            sb.append( "\n\t" + "Server key version     " + serverKeyVersion );
+
+            LOG.debug( sb.toString() );
+        }
+        catch ( Exception e )
+        {
+            // This is a monitor.  No exceptions should bubble up.
+            LOG.error( "Error in context monitor", e );
+        }
+    }
+    
+    
+    private static void monitorReply( KdcContext kdcContext )
+    {
+        Object reply = kdcContext.getReply();
+
+        if ( LOG.isDebugEnabled() )
+        {
+            if ( reply instanceof KdcReply )
+            {
+                KdcReply success = ( KdcReply ) reply;
+
+                try
+                {
+                    StringBuffer sb = new StringBuffer();
+
+                    sb.append( "Responding with " + SERVICE_NAME + " reply:" );
+                    sb.append( "\n\t" + "messageType:           " + success.getMessageType() );
+                    sb.append( "\n\t" + "protocolVersionNumber: " + success.getProtocolVersionNumber() );
+                    sb.append( "\n\t" + "nonce:                 " + success.getNonce() );
+                    sb.append( "\n\t" + "clientPrincipal:       " + success.getClientPrincipal() );
+                    sb.append( "\n\t" + "client realm:          " + success.getClientRealm() );
+                    sb.append( "\n\t" + "serverPrincipal:       " + success.getServerPrincipal() );
+                    sb.append( "\n\t" + "server realm:          " + success.getServerRealm() );
+                    sb.append( "\n\t" + "auth time:             " + success.getAuthTime() );
+                    sb.append( "\n\t" + "start time:            " + success.getStartTime() );
+                    sb.append( "\n\t" + "end time:              " + success.getEndTime() );
+                    sb.append( "\n\t" + "renew-till time:       " + success.getRenewTill() );
+                    sb.append( "\n\t" + "hostAddresses:         " + success.getClientAddresses() );
+
+                    LOG.debug( sb.toString() );
+                }
+                catch ( Exception e )
+                {
+                    // This is a monitor.  No exceptions should bubble up.
+                    LOG.error( "Error in reply monitor", e );
+                }
+            }
+        }
+    }
+    
+    /**
+     * Get a PrincipalStoreEntry given a principal.  The ErrorType is used to indicate
+     * whether any resulting error pertains to a server or client.
+     */
+    private static PrincipalStoreEntry getEntry( KerberosPrincipal principal, PrincipalStore store, ErrorType errorType )
+        throws KerberosException
+    {
+        PrincipalStoreEntry entry = null;
+
+        try
+        {
+            entry = store.getPrincipal( principal );
+        }
+        catch ( Exception e )
+        {
+            throw new KerberosException( errorType, e );
+        }
+
+        if ( entry == null )
+        {
+            throw new KerberosException( errorType );
+        }
+
+        if ( entry.getKeyMap() == null || entry.getKeyMap().isEmpty() )
+        {
+            throw new KerberosException( ErrorType.KDC_ERR_NULL_KEY );
+        }
+
+        return entry;
+    }
+    
+    
+    /**
+     * Find the best encryption type, comparing the requested type with
+     * configured types.
+     */
+    protected static EncryptionType getBestEncryptionType( EncryptionType[] requestedTypes, EncryptionType[] configuredTypes )
+    {
+        for ( EncryptionType requestedType:requestedTypes )
+        {
+            for ( EncryptionType configuredType:configuredTypes )
+            {
+                if ( requestedType == configuredType )
+                {
+                    return configuredType;
+                }
+            }
+        }
+
+        return null;
+    }
+    
+
+    /**
+     * Prepares a pre-authentication error message containing required
+     * encryption types.
+     *
+     * @param encryptionTypes
+     * @return The error message as bytes.
+     */
+    private static byte[] preparePreAuthenticationError( EncryptionType[] encryptionTypes )
+    {
+        PaData[] paDataSequence = new PaData[2];
+
+        PaData paData = new PaData();
+        paData.setPaDataType( PaDataType.PA_ENC_TIMESTAMP );
+        paData.setPaDataValue( new byte[0] );
+
+        paDataSequence[0] = paData;
+
+        EncryptionTypeInfoEntry[] entries = new EncryptionTypeInfoEntry[encryptionTypes.length];
+        for ( int ii = 0; ii < encryptionTypes.length; ii++ )
+        {
+            entries[ii] = new EncryptionTypeInfoEntry( encryptionTypes[ii], null );
+        }
+
+        byte[] encTypeInfo = null;
+
+        try
+        {
+            encTypeInfo = EncryptionTypeInfoEncoder.encode( entries );
+        }
+        catch ( IOException ioe )
+        {
+            return null;
+        }
+
+        PaData encType = new PaData();
+        encType.setPaDataType( PaDataType.PA_ENCTYPE_INFO );
+        encType.setPaDataValue( encTypeInfo );
+
+        paDataSequence[1] = encType;
+
+        try
+        {
+            return PreAuthenticationDataEncoder.encode( paDataSequence );
+        }
+        catch ( IOException ioe )
+        {
+            return null;
+        }
+    }
+    
+    
+    protected static String getEncryptionTypes( KdcRequest request )
+    {
+        EncryptionType[] etypes = request.getEType();
+
+        StringBuilder sb = new StringBuilder();
+        boolean isFirst = true;
+
+        for ( EncryptionType etype:etypes )
+        {
+            if ( isFirst )
+            {
+                isFirst = false;
+            }
+            else
+            {
+                sb.append( ", " );
+            }
+            
+            sb.append( etype );
+        }
+
+        return sb.toString();
     }
 }

Modified: directory/apacheds/branches/bigbang/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/BuildReply.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/BuildReply.java?rev=589782&r1=589781&r2=589782&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/BuildReply.java (original)
+++ directory/apacheds/branches/bigbang/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/BuildReply.java Mon Oct 29 11:17:35 2007
@@ -46,22 +46,22 @@
         Ticket newTicket = tgsContext.getNewTicket();
 
         TicketGrantReply reply = new TicketGrantReply();
-        reply.setClientPrincipal( tgt.getClientPrincipal() );
+        reply.setClientPrincipal( tgt.getEncTicketPart().getClientPrincipal() );
         reply.setTicket( newTicket );
-        reply.setKey( newTicket.getSessionKey() );
+        reply.setKey( newTicket.getEncTicketPart().getSessionKey() );
         reply.setNonce( request.getNonce() );
         // TODO - resp.last-req := fetch_last_request_info(client); requires store
         reply.setLastRequest( new LastRequest() );
-        reply.setFlags( newTicket.getFlags() );
-        reply.setClientAddresses( newTicket.getClientAddresses() );
-        reply.setAuthTime( newTicket.getAuthTime() );
-        reply.setStartTime( newTicket.getStartTime() );
-        reply.setEndTime( newTicket.getEndTime() );
+        reply.setFlags( newTicket.getEncTicketPart().getFlags() );
+        reply.setClientAddresses( newTicket.getEncTicketPart().getClientAddresses() );
+        reply.setAuthTime( newTicket.getEncTicketPart().getAuthTime() );
+        reply.setStartTime( newTicket.getEncTicketPart().getStartTime() );
+        reply.setEndTime( newTicket.getEncTicketPart().getEndTime() );
         reply.setServerPrincipal( newTicket.getServerPrincipal() );
 
-        if ( newTicket.getFlag( TicketFlags.RENEWABLE ) )
+        if ( newTicket.getEncTicketPart().getFlags().get( TicketFlags.RENEWABLE ) )
         {
-            reply.setRenewTill( newTicket.getRenewTill() );
+            reply.setRenewTill( newTicket.getEncTicketPart().getRenewTill() );
         }
 
         tgsContext.setReply( reply );

Modified: directory/apacheds/branches/bigbang/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/GenerateTicket.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/GenerateTicket.java?rev=589782&r1=589781&r2=589782&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/GenerateTicket.java (original)
+++ directory/apacheds/branches/bigbang/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/GenerateTicket.java Mon Oct 29 11:17:35 2007
@@ -74,20 +74,20 @@
 
         EncTicketPartModifier newTicketBody = new EncTicketPartModifier();
 
-        newTicketBody.setClientAddresses( tgt.getClientAddresses() );
+        newTicketBody.setClientAddresses( tgt.getEncTicketPart().getClientAddresses() );
 
         processFlags( config, request, tgt, newTicketBody );
 
         EncryptionKey sessionKey = RandomKeyFactory.getRandomKey( tgsContext.getEncryptionType() );
         newTicketBody.setSessionKey( sessionKey );
 
-        newTicketBody.setClientPrincipal( tgt.getClientPrincipal() );
+        newTicketBody.setClientPrincipal( tgt.getEncTicketPart().getClientPrincipal() );
 
         if ( request.getEncAuthorizationData() != null )
         {
             AuthorizationData authData = ( AuthorizationData ) cipherTextHandler.unseal( AuthorizationData.class,
                 authenticator.getSubSessionKey(), request.getEncAuthorizationData(), KeyUsage.NUMBER4 );
-            authData.add( tgt.getAuthorizationData() );
+            authData.add( tgt.getEncTicketPart().getAuthorizationData() );
             newTicketBody.setAuthorizationData( authData );
         }
 
@@ -130,7 +130,7 @@
     private void processFlags( KdcServer config, KdcRequest request, Ticket tgt,
         EncTicketPartModifier newTicketBody ) throws KerberosException
     {
-        if ( tgt.getFlag( TicketFlags.PRE_AUTHENT ) )
+        if ( tgt.getEncTicketPart().getFlags().get( TicketFlags.PRE_AUTHENT ) )
         {
             newTicketBody.setFlag( TicketFlags.PRE_AUTHENT );
         }
@@ -142,7 +142,7 @@
                 throw new KerberosException( ErrorType.KDC_ERR_POLICY );
             }
 
-            if ( !tgt.getFlag( TicketFlags.FORWARDABLE ) )
+            if ( !tgt.getEncTicketPart().getFlags().get( TicketFlags.FORWARDABLE ) )
             {
                 throw new KerberosException( ErrorType.KDC_ERR_BADOPTION );
             }
@@ -157,7 +157,7 @@
                 throw new KerberosException( ErrorType.KDC_ERR_POLICY );
             }
 
-            if ( !tgt.getFlag( TicketFlags.FORWARDABLE ) )
+            if ( !tgt.getEncTicketPart().getFlags().get( TicketFlags.FORWARDABLE ) )
             {
                 throw new KerberosException( ErrorType.KDC_ERR_BADOPTION );
             }
@@ -178,7 +178,7 @@
             newTicketBody.setFlag( TicketFlags.FORWARDED );
         }
 
-        if ( tgt.getFlag( TicketFlags.FORWARDED ) )
+        if ( tgt.getEncTicketPart().getFlags().get( TicketFlags.FORWARDED ) )
         {
             newTicketBody.setFlag( TicketFlags.FORWARDED );
         }
@@ -190,7 +190,7 @@
                 throw new KerberosException( ErrorType.KDC_ERR_POLICY );
             }
 
-            if ( !tgt.getFlag( TicketFlags.PROXIABLE ) )
+            if ( !tgt.getEncTicketPart().getFlags().get( TicketFlags.PROXIABLE ) )
             {
                 throw new KerberosException( ErrorType.KDC_ERR_BADOPTION );
             }
@@ -205,7 +205,7 @@
                 throw new KerberosException( ErrorType.KDC_ERR_POLICY );
             }
 
-            if ( !tgt.getFlag( TicketFlags.PROXIABLE ) )
+            if ( !tgt.getEncTicketPart().getFlags().get( TicketFlags.PROXIABLE ) )
             {
                 throw new KerberosException( ErrorType.KDC_ERR_BADOPTION );
             }
@@ -233,7 +233,7 @@
                 throw new KerberosException( ErrorType.KDC_ERR_POLICY );
             }
 
-            if ( !tgt.getFlag( TicketFlags.MAY_POSTDATE ) )
+            if ( !tgt.getEncTicketPart().getFlags().get( TicketFlags.MAY_POSTDATE ) )
             {
                 throw new KerberosException( ErrorType.KDC_ERR_BADOPTION );
             }
@@ -258,7 +258,7 @@
                 throw new KerberosException( ErrorType.KDC_ERR_POLICY );
             }
 
-            if ( !tgt.getFlag( TicketFlags.MAY_POSTDATE ) )
+            if ( !tgt.getEncTicketPart().getFlags().get( TicketFlags.MAY_POSTDATE ) )
             {
                 throw new KerberosException( ErrorType.KDC_ERR_BADOPTION );
             }
@@ -276,24 +276,20 @@
                 throw new KerberosException( ErrorType.KDC_ERR_POLICY );
             }
 
-            if ( !tgt.getFlag( TicketFlags.INVALID ) )
+            if ( !tgt.getEncTicketPart().getFlags().get( TicketFlags.INVALID ) )
             {
                 throw new KerberosException( ErrorType.KDC_ERR_POLICY );
             }
 
-            KerberosTime startTime = ( tgt.getStartTime() != null ) ? tgt.getStartTime() : tgt.getAuthTime();
+            KerberosTime startTime = ( tgt.getEncTicketPart().getStartTime() != null ) ? 
+                    tgt.getEncTicketPart().getStartTime() : 
+                        tgt.getEncTicketPart().getAuthTime();
 
             if ( startTime.greaterThan( new KerberosTime() ) )
             {
                 throw new KerberosException( ErrorType.KRB_AP_ERR_TKT_NYV );
             }
 
-            /*
-             * if (check_hot_list(tgt)) then
-             *         error_out(KRB_AP_ERR_REPEAT);
-             * endif
-             */
-
             echoTicket( newTicketBody, tgt );
             newTicketBody.clearFlag( TicketFlags.INVALID );
         }
@@ -310,7 +306,7 @@
     {
         KerberosTime now = new KerberosTime();
 
-        newTicketBody.setAuthTime( tgt.getAuthTime() );
+        newTicketBody.setAuthTime( tgt.getEncTicketPart().getAuthTime() );
 
         KerberosTime startTime = request.getFrom();
 
@@ -334,7 +330,7 @@
          */
         if ( startTime != null && startTime.greaterThan( now )
             && !startTime.isInClockSkew( config.getAllowableClockSkew() )
-            && ( !request.getOption( KdcOptions.POSTDATED ) || !tgt.getFlag( TicketFlags.MAY_POSTDATE ) ) )
+            && ( !request.getOption( KdcOptions.POSTDATED ) || !tgt.getEncTicketPart().getFlags().get( TicketFlags.MAY_POSTDATE ) ) )
         {
             throw new KerberosException( ErrorType.KDC_ERR_CANNOT_POSTDATE );
         }
@@ -349,12 +345,12 @@
                 throw new KerberosException( ErrorType.KDC_ERR_POLICY );
             }
 
-            if ( !tgt.getFlag( TicketFlags.RENEWABLE ) )
+            if ( !tgt.getEncTicketPart().getFlags().get( TicketFlags.RENEWABLE ) )
             {
                 throw new KerberosException( ErrorType.KDC_ERR_BADOPTION );
             }
 
-            if ( tgt.getRenewTill().lessThan( now ) )
+            if ( tgt.getEncTicketPart().getRenewTill().lessThan( now ) )
             {
                 throw new KerberosException( ErrorType.KRB_AP_ERR_TKT_EXPIRED );
             }
@@ -363,11 +359,13 @@
 
             newTicketBody.setStartTime( now );
 
-            KerberosTime tgtStartTime = ( tgt.getStartTime() != null ) ? tgt.getStartTime() : tgt.getAuthTime();
+            KerberosTime tgtStartTime = ( tgt.getEncTicketPart().getStartTime() != null ) ? 
+                tgt.getEncTicketPart().getStartTime() : 
+                    tgt.getEncTicketPart().getAuthTime();
 
-            long oldLife = tgt.getEndTime().getTime() - tgtStartTime.getTime();
+            long oldLife = tgt.getEncTicketPart().getEndTime().getTime() - tgtStartTime.getTime();
 
-            kerberosEndTime = new KerberosTime( Math.min( tgt.getRenewTill().getTime(), now.getTime() + oldLife ) );
+            kerberosEndTime = new KerberosTime( Math.min( tgt.getEncTicketPart().getRenewTill().getTime(), now.getTime() + oldLife ) );
             newTicketBody.setEndTime( kerberosEndTime );
         }
         else
@@ -395,13 +393,13 @@
             List<KerberosTime> minimizer = new ArrayList<KerberosTime>();
             minimizer.add( till );
             minimizer.add( new KerberosTime( startTime.getTime() + config.getMaximumTicketLifetime() ) );
-            minimizer.add( tgt.getEndTime() );
+            minimizer.add( tgt.getEncTicketPart().getEndTime() );
             kerberosEndTime = Collections.min( minimizer );
 
             newTicketBody.setEndTime( kerberosEndTime );
 
             if ( request.getOption( KdcOptions.RENEWABLE_OK ) && kerberosEndTime.lessThan( request.getTill() )
-                && tgt.getFlag( TicketFlags.RENEWABLE ) )
+                && tgt.getEncTicketPart().getFlags().get( TicketFlags.RENEWABLE ) )
             {
                 if ( !config.isRenewableAllowed() )
                 {
@@ -410,7 +408,7 @@
 
                 // We set the RENEWABLE option for later processing.                           
                 request.setOption( KdcOptions.RENEWABLE );
-                long rtime = Math.min( request.getTill().getTime(), tgt.getRenewTill().getTime() );
+                long rtime = Math.min( request.getTill().getTime(), tgt.getEncTicketPart().getRenewTill().getTime() );
                 renewalTime = new KerberosTime( rtime );
             }
         }
@@ -430,7 +428,7 @@
             rtime = renewalTime;
         }
 
-        if ( request.getOption( KdcOptions.RENEWABLE ) && tgt.getFlag( TicketFlags.RENEWABLE ) )
+        if ( request.getOption( KdcOptions.RENEWABLE ) && tgt.getEncTicketPart().getFlags().get( TicketFlags.RENEWABLE ) )
         {
             if ( !config.isRenewableAllowed() )
             {
@@ -455,7 +453,7 @@
             }
 
             minimizer.add( new KerberosTime( startTime.getTime() + config.getMaximumRenewableLifetime() ) );
-            minimizer.add( tgt.getRenewTill() );
+            minimizer.add( tgt.getEncTicketPart().getRenewTill() );
             newTicketBody.setRenewTill( Collections.min( minimizer ) );
         }
 
@@ -493,21 +491,22 @@
     private void processTransited( EncTicketPartModifier newTicketBody, Ticket tgt )
     {
         // TODO - currently no transited support other than local
-        newTicketBody.setTransitedEncoding( tgt.getTransitedEncoding() );
+        newTicketBody.setTransitedEncoding( tgt.getEncTicketPart().getTransitedEncoding() );
     }
 
 
     protected void echoTicket( EncTicketPartModifier newTicketBody, Ticket tgt )
     {
-        newTicketBody.setAuthorizationData( tgt.getAuthorizationData() );
-        newTicketBody.setAuthTime( tgt.getAuthTime() );
-        newTicketBody.setClientAddresses( tgt.getClientAddresses() );
-        newTicketBody.setClientPrincipal( tgt.getClientPrincipal() );
-        newTicketBody.setEndTime( tgt.getEndTime() );
-        newTicketBody.setFlags( tgt.getFlags() );
-        newTicketBody.setRenewTill( tgt.getRenewTill() );
-        newTicketBody.setSessionKey( tgt.getSessionKey() );
-        newTicketBody.setTransitedEncoding( tgt.getTransitedEncoding() );
+        EncTicketPart encTicketpart = tgt.getEncTicketPart();
+        newTicketBody.setAuthorizationData( encTicketpart.getAuthorizationData() );
+        newTicketBody.setAuthTime( encTicketpart.getAuthTime() );
+        newTicketBody.setClientAddresses( encTicketpart.getClientAddresses() );
+        newTicketBody.setClientPrincipal( encTicketpart.getClientPrincipal() );
+        newTicketBody.setEndTime( encTicketpart.getEndTime() );
+        newTicketBody.setFlags( encTicketpart.getFlags() );
+        newTicketBody.setRenewTill( encTicketpart.getRenewTill() );
+        newTicketBody.setSessionKey( encTicketpart.getSessionKey() );
+        newTicketBody.setTransitedEncoding( encTicketpart.getTransitedEncoding() );
     }
 
 

Modified: directory/apacheds/branches/bigbang/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/MonitorContext.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/MonitorContext.java?rev=589782&r1=589781&r2=589782&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/MonitorContext.java (original)
+++ directory/apacheds/branches/bigbang/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/MonitorContext.java Mon Oct 29 11:17:35 2007
@@ -73,12 +73,12 @@
                 long clockSkew = tgsContext.getConfig().getAllowableClockSkew();
                 ChecksumType checksumType = tgsContext.getAuthenticator().getChecksum().getChecksumType();
                 InetAddress clientAddress = tgsContext.getClientAddress();
-                HostAddresses clientAddresses = tgt.getClientAddresses();
+                HostAddresses clientAddresses = tgt.getEncTicketPart().getClientAddresses();
 
                 boolean caddrContainsSender = false;
-                if ( tgt.getClientAddresses() != null )
+                if ( tgt.getEncTicketPart().getClientAddresses() != null )
                 {
-                    caddrContainsSender = tgt.getClientAddresses().contains( new HostAddress( clientAddress ) );
+                    caddrContainsSender = tgt.getEncTicketPart().getClientAddresses().contains( new HostAddress( clientAddress ) );
                 }
 
                 StringBuffer sb = new StringBuffer();

Modified: directory/apacheds/branches/bigbang/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/SealReply.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/SealReply.java?rev=589782&r1=589781&r2=589782&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/SealReply.java (original)
+++ directory/apacheds/branches/bigbang/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/SealReply.java Mon Oct 29 11:17:35 2007
@@ -56,7 +56,7 @@
         }
         else
         {
-            encryptedData = cipherTextHandler.seal( tgt.getSessionKey(), reply, KeyUsage.NUMBER8 );
+            encryptedData = cipherTextHandler.seal( tgt.getEncTicketPart().getSessionKey(), reply, KeyUsage.NUMBER8 );
         }
 
         reply.setEncPart( encryptedData );

Modified: directory/apacheds/branches/bigbang/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/protocol/KerberosProtocolHandler.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/protocol/KerberosProtocolHandler.java?rev=589782&r1=589781&r2=589782&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/protocol/KerberosProtocolHandler.java (original)
+++ directory/apacheds/branches/bigbang/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/protocol/KerberosProtocolHandler.java Mon Oct 29 11:17:35 2007
@@ -27,9 +27,10 @@
 
 import org.apache.directory.server.kerberos.kdc.KdcServer;
 import org.apache.directory.server.kerberos.kdc.authentication.AuthenticationContext;
-import org.apache.directory.server.kerberos.kdc.authentication.AuthenticationServiceChain;
+import org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService;
 import org.apache.directory.server.kerberos.kdc.ticketgrant.TicketGrantingContext;
 import org.apache.directory.server.kerberos.kdc.ticketgrant.TicketGrantingServiceChain;
+import org.apache.directory.server.kerberos.shared.KerberosMessageType;
 import org.apache.directory.server.kerberos.shared.exceptions.ErrorType;
 import org.apache.directory.server.kerberos.shared.exceptions.KerberosException;
 import org.apache.directory.server.kerberos.shared.messages.ErrorMessage;
@@ -60,7 +61,6 @@
 
     private KdcServer config;
     private PrincipalStore store;
-    private IoHandlerCommand authService;
     private IoHandlerCommand tgsService;
     private String contextKey = "context";
 
@@ -76,7 +76,6 @@
         this.config = config;
         this.store = store;
 
-        authService = new AuthenticationServiceChain();
         tgsService = new TicketGrantingServiceChain();
     }
 
@@ -145,13 +144,13 @@
         InetAddress clientAddress = ( ( InetSocketAddress ) session.getRemoteAddress() ).getAddress();
         KdcRequest request = ( KdcRequest ) message;
 
-        int messageType = request.getMessageType().getOrdinal();
+        KerberosMessageType messageType = request.getMessageType();
 
         try
         {
             switch ( messageType )
             {
-                case 10:
+                case AS_REQ :
                     AuthenticationContext authContext = new AuthenticationContext();
                     authContext.setConfig( config );
                     authContext.setStore( store );
@@ -159,12 +158,12 @@
                     authContext.setRequest( request );
                     session.setAttribute( getContextKey(), authContext );
 
-                    authService.execute( null, session, message );
+                    AuthenticationService.execute( session, authContext, message );
 
                     session.write( authContext.getReply() );
                     break;
 
-                case 12:
+                case TGS_REQ:
                     TicketGrantingContext tgsContext = new TicketGrantingContext();
                     tgsContext.setConfig( config );
                     tgsContext.setStore( store );
@@ -177,8 +176,8 @@
                     session.write( tgsContext.getReply() );
                     break;
 
-                case 11:
-                case 13:
+                case AS_REP:
+                case TGS_REP:
                     throw new KerberosException( ErrorType.KRB_AP_ERR_BADDIRECTION );
 
                 default:

Modified: directory/apacheds/branches/bigbang/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/AbstractTicketGrantingServiceTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/AbstractTicketGrantingServiceTest.java?rev=589782&r1=589781&r2=589782&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/AbstractTicketGrantingServiceTest.java (original)
+++ directory/apacheds/branches/bigbang/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/AbstractTicketGrantingServiceTest.java Mon Oct 29 11:17:35 2007
@@ -30,6 +30,8 @@
 
 import junit.framework.TestCase;
 
+import org.apache.directory.server.kerberos.shared.KerberosConstants;
+import org.apache.directory.server.kerberos.shared.KerberosMessageType;
 import org.apache.directory.server.kerberos.shared.crypto.checksum.ChecksumHandler;
 import org.apache.directory.server.kerberos.shared.crypto.checksum.ChecksumType;
 import org.apache.directory.server.kerberos.shared.crypto.encryption.CipherTextHandler;
@@ -41,13 +43,11 @@
 import org.apache.directory.server.kerberos.shared.io.encoder.KdcRequestEncoder;
 import org.apache.directory.server.kerberos.shared.messages.ApplicationRequest;
 import org.apache.directory.server.kerberos.shared.messages.KdcRequest;
-import org.apache.directory.server.kerberos.shared.messages.MessageType;
 import org.apache.directory.server.kerberos.shared.messages.components.Authenticator;
 import org.apache.directory.server.kerberos.shared.messages.components.AuthenticatorModifier;
 import org.apache.directory.server.kerberos.shared.messages.components.EncTicketPart;
 import org.apache.directory.server.kerberos.shared.messages.components.EncTicketPartModifier;
 import org.apache.directory.server.kerberos.shared.messages.components.Ticket;
-import org.apache.directory.server.kerberos.shared.messages.components.TicketModifier;
 import org.apache.directory.server.kerberos.shared.messages.value.ApOptions;
 import org.apache.directory.server.kerberos.shared.messages.value.Checksum;
 import org.apache.directory.server.kerberos.shared.messages.value.EncryptedData;
@@ -75,7 +75,9 @@
  * for generating message components.
  * 
  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
- * @version $Rev$, $Date$
+ * @version $Rev$, $Date$        Ticket ticket = ticketModifier.getTicket();
+
+
  */
 public abstract class AbstractTicketGrantingServiceTest extends TestCase
 {
@@ -154,12 +156,7 @@
 
         EncryptedData encryptedTicketPart = lockBox.seal( serverKey, encTicketPart, KeyUsage.NUMBER2 );
 
-        TicketModifier ticketModifier = new TicketModifier();
-        ticketModifier.setTicketVersionNumber( 5 );
-        ticketModifier.setServerPrincipal( serverPrincipal );
-        ticketModifier.setEncPart( encryptedTicketPart );
-
-        Ticket ticket = ticketModifier.getTicket();
+        Ticket ticket = new Ticket( KerberosConstants.KERBEROS_V5, serverPrincipal, encryptedTicketPart );
 
         ticket.setEncTicketPart( encTicketPart );
 
@@ -200,12 +197,10 @@
 
         EncryptedData encryptedTicketPart = lockBox.seal( serverKey, encTicketPart, KeyUsage.NUMBER2 );
 
-        TicketModifier ticketModifier = new TicketModifier();
-        ticketModifier.setTicketVersionNumber( 5 );
-        ticketModifier.setServerPrincipal( serverPrincipal );
-        ticketModifier.setEncPart( encryptedTicketPart );
-
-        Ticket ticket = ticketModifier.getTicket();
+        Ticket ticket = new Ticket();
+        ticket.setTktVno( 5 );
+        ticket.setServerPrincipal( serverPrincipal );
+        ticket.setEncPart( encryptedTicketPart );
 
         ticket.setEncTicketPart( encTicketPart );
 
@@ -226,17 +221,17 @@
         throws Exception
     {
         // Get the session key from the service ticket.
-        sessionKey = tgt.getSessionKey();
+        sessionKey = tgt.getEncTicketPart().getSessionKey();
 
         // Generate a new sequence number.
         sequenceNumber = random.nextInt();
         now = new KerberosTime();
 
-        EncryptedData authenticator = getAuthenticator( tgt.getClientPrincipal(), requestBody, checksumType );
+        EncryptedData authenticator = getAuthenticator( tgt.getEncTicketPart().getClientPrincipal(), requestBody, checksumType );
 
         PaData[] paData = getPreAuthenticationData( tgt, authenticator );
 
-        return new KdcRequest( 5, MessageType.KRB_TGS_REQ, paData, requestBody );
+        return new KdcRequest( 5, KerberosMessageType.TGS_REQ, paData, requestBody );
     }
 
 
@@ -298,7 +293,7 @@
         throws IOException
     {
         ApplicationRequest applicationRequest = new ApplicationRequest();
-        applicationRequest.setMessageType( MessageType.KRB_AP_REQ );
+        applicationRequest.setMessageType( KerberosMessageType.AP_REQ );
         applicationRequest.setProtocolVersionNumber( 5 );
         applicationRequest.setApOptions( new ApOptions() );
         applicationRequest.setTicket( ticket );

Modified: directory/apacheds/branches/bigbang/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/AuthenticationEncryptionTypeTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/AuthenticationEncryptionTypeTest.java?rev=589782&r1=589781&r2=589782&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/AuthenticationEncryptionTypeTest.java (original)
+++ directory/apacheds/branches/bigbang/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/AuthenticationEncryptionTypeTest.java Mon Oct 29 11:17:35 2007
@@ -27,6 +27,8 @@
 import javax.security.auth.kerberos.KerberosPrincipal;
 
 import org.apache.directory.server.kerberos.kdc.KdcServer;
+import org.apache.directory.server.kerberos.shared.KerberosConstants;
+import org.apache.directory.server.kerberos.shared.KerberosMessageType;
 import org.apache.directory.server.kerberos.shared.crypto.encryption.CipherTextHandler;
 import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
 import org.apache.directory.server.kerberos.shared.crypto.encryption.KerberosKeyFactory;
@@ -35,7 +37,6 @@
 import org.apache.directory.server.kerberos.shared.messages.AuthenticationReply;
 import org.apache.directory.server.kerberos.shared.messages.ErrorMessage;
 import org.apache.directory.server.kerberos.shared.messages.KdcRequest;
-import org.apache.directory.server.kerberos.shared.messages.MessageType;
 import org.apache.directory.server.kerberos.shared.messages.value.EncryptedData;
 import org.apache.directory.server.kerberos.shared.messages.value.EncryptedTimeStamp;
 import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
@@ -102,7 +103,7 @@
         String passPhrase = "secret";
         PaData[] paData = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase );
 
-        KdcRequest message = new KdcRequest( 5, MessageType.KRB_AS_REQ, paData, modifier.getRequestBody() );
+        KdcRequest message = new KdcRequest( KerberosConstants.KERBEROS_V5, KerberosMessageType.AS_REQ, paData, modifier.getRequestBody() );
 
         handler.messageReceived( session, message );
 
@@ -151,14 +152,14 @@
         KerberosTime timeStamp = new KerberosTime();
         PaData[] paData = getPreAuthEncryptedTimeStamp( clientKey, timeStamp );
 
-        KdcRequest message = new KdcRequest( 5, MessageType.KRB_AS_REQ, paData, modifier.getRequestBody() );
+        KdcRequest message = new KdcRequest( KerberosConstants.KERBEROS_V5, KerberosMessageType.AS_REQ, paData, modifier.getRequestBody() );
 
         handler.messageReceived( session, message );
 
         AuthenticationReply reply = ( AuthenticationReply ) session.getMessage();
 
         assertTrue( "Requested end time", requestedEndTime.equals( reply.getEndTime() ) );
-        assertTrue( "PRE_AUTHENT flag", reply.getTicket().getFlags().get( TicketFlags.PRE_AUTHENT ) );
+        assertTrue( "PRE_AUTHENT flag", reply.getTicket().getEncTicketPart().getFlags().get( TicketFlags.PRE_AUTHENT ) );
         assertEquals( "Encryption type", EncryptionType.AES128_CTS_HMAC_SHA1_96, reply.getEncPart().getEType() );
     }
 
@@ -203,14 +204,14 @@
         KerberosTime timeStamp = new KerberosTime();
         PaData[] paData = getPreAuthEncryptedTimeStamp( clientKey, timeStamp );
 
-        KdcRequest message = new KdcRequest( 5, MessageType.KRB_AS_REQ, paData, modifier.getRequestBody() );
+        KdcRequest message = new KdcRequest( KerberosConstants.KERBEROS_V5, KerberosMessageType.AS_REQ, paData, modifier.getRequestBody() );
 
         handler.messageReceived( session, message );
 
         AuthenticationReply reply = ( AuthenticationReply ) session.getMessage();
 
         assertTrue( "Requested end time", requestedEndTime.equals( reply.getEndTime() ) );
-        assertTrue( "PRE_AUTHENT flag", reply.getTicket().getFlags().get( TicketFlags.PRE_AUTHENT ) );
+        assertTrue( "PRE_AUTHENT flag", reply.getTicket().getEncTicketPart().getFlags().get( TicketFlags.PRE_AUTHENT ) );
         assertEquals( "Encryption type", EncryptionType.AES128_CTS_HMAC_SHA1_96, reply.getEncPart().getEType() );
 
         assertEquals( "Nonce", nonce, reply.getNonce() );
@@ -245,7 +246,7 @@
         String passPhrase = "secret";
         PaData[] paData = getPreAuthEncryptedTimeStamp( clientPrincipal, passPhrase );
 
-        KdcRequest message = new KdcRequest( 5, MessageType.KRB_AS_REQ, paData, modifier.getRequestBody() );
+        KdcRequest message = new KdcRequest( KerberosConstants.KERBEROS_V5, KerberosMessageType.AS_REQ, paData, modifier.getRequestBody() );
 
         handler.messageReceived( session, message );
 

Modified: directory/apacheds/branches/bigbang/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/AuthenticationPolicyTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/AuthenticationPolicyTest.java?rev=589782&r1=589781&r2=589782&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/AuthenticationPolicyTest.java (original)
+++ directory/apacheds/branches/bigbang/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/AuthenticationPolicyTest.java Mon Oct 29 11:17:35 2007
@@ -21,9 +21,10 @@
 
 
 import org.apache.directory.server.kerberos.kdc.KdcServer;
+import org.apache.directory.server.kerberos.shared.KerberosConstants;
+import org.apache.directory.server.kerberos.shared.KerberosMessageType;
 import org.apache.directory.server.kerberos.shared.messages.ErrorMessage;
 import org.apache.directory.server.kerberos.shared.messages.KdcRequest;
-import org.apache.directory.server.kerberos.shared.messages.MessageType;
 import org.apache.directory.server.kerberos.shared.messages.value.KdcOptions;
 import org.apache.directory.server.kerberos.shared.messages.value.KerberosTime;
 import org.apache.directory.server.kerberos.shared.messages.value.RequestBodyModifier;
@@ -82,7 +83,7 @@
         KerberosTime requestedEndTime = new KerberosTime( now + 1 * KerberosTime.DAY );
         modifier.setTill( requestedEndTime );
 
-        KdcRequest message = new KdcRequest( 5, MessageType.KRB_AS_REQ, null, modifier.getRequestBody() );
+        KdcRequest message = new KdcRequest( KerberosConstants.KERBEROS_V5, KerberosMessageType.AS_REQ, null, modifier.getRequestBody() );
 
         handler.messageReceived( session, message );
 
@@ -117,7 +118,7 @@
         KerberosTime requestedEndTime = new KerberosTime( now + 1 * KerberosTime.DAY );
         modifier.setTill( requestedEndTime );
 
-        KdcRequest message = new KdcRequest( 5, MessageType.KRB_AS_REQ, null, modifier.getRequestBody() );
+        KdcRequest message = new KdcRequest( KerberosConstants.KERBEROS_V5, KerberosMessageType.AS_REQ, null, modifier.getRequestBody() );
 
         handler.messageReceived( session, message );
 
@@ -152,7 +153,7 @@
         KerberosTime requestedEndTime = new KerberosTime( now + 1 * KerberosTime.DAY );
         modifier.setTill( requestedEndTime );
 
-        KdcRequest message = new KdcRequest( 5, MessageType.KRB_AS_REQ, null, modifier.getRequestBody() );
+        KdcRequest message = new KdcRequest( KerberosConstants.KERBEROS_V5, KerberosMessageType.AS_REQ, null, modifier.getRequestBody() );
 
         handler.messageReceived( session, message );
 
@@ -187,7 +188,7 @@
         KerberosTime requestedEndTime = new KerberosTime( now + 1 * KerberosTime.DAY );
         modifier.setTill( requestedEndTime );
 
-        KdcRequest message = new KdcRequest( 5, MessageType.KRB_AS_REQ, null, modifier.getRequestBody() );
+        KdcRequest message = new KdcRequest( KerberosConstants.KERBEROS_V5, KerberosMessageType.AS_REQ, null, modifier.getRequestBody() );
 
         handler.messageReceived( session, message );
 
@@ -222,7 +223,7 @@
         KerberosTime requestedEndTime = new KerberosTime( now + KerberosTime.WEEK );
         modifier.setTill( requestedEndTime );
 
-        KdcRequest message = new KdcRequest( 5, MessageType.KRB_AS_REQ, null, modifier.getRequestBody() );
+        KdcRequest message = new KdcRequest( KerberosConstants.KERBEROS_V5, KerberosMessageType.AS_REQ, null, modifier.getRequestBody() );
 
         handler.messageReceived( session, message );
 
@@ -260,7 +261,7 @@
         KerberosTime requestedRenewTillTime = new KerberosTime( now + KerberosTime.WEEK / 2 );
         modifier.setRtime( requestedRenewTillTime );
 
-        KdcRequest message = new KdcRequest( 5, MessageType.KRB_AS_REQ, null, modifier.getRequestBody() );
+        KdcRequest message = new KdcRequest( KerberosConstants.KERBEROS_V5, KerberosMessageType.AS_REQ, null, modifier.getRequestBody() );
 
         handler.messageReceived( session, message );
 
@@ -297,7 +298,7 @@
         KerberosTime requestedRenewTillTime = new KerberosTime( now + KerberosTime.WEEK / 2 );
         modifier.setRtime( requestedRenewTillTime );
 
-        KdcRequest message = new KdcRequest( 5, MessageType.KRB_AS_REQ, null, modifier.getRequestBody() );
+        KdcRequest message = new KdcRequest( KerberosConstants.KERBEROS_V5, KerberosMessageType.AS_REQ, null, modifier.getRequestBody() );
 
         handler.messageReceived( session, message );
 



Mime
View raw message