directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From elecha...@apache.org
Subject svn commit: r1032754 - in /directory/apacheds/trunk/kerberos-codec/src: main/java/org/apache/directory/shared/kerberos/components/ main/java/org/apache/directory/shared/kerberos/messages/ test/java/org/apache/directory/shared/kerberos/codec/
Date Mon, 08 Nov 2010 21:54:20 GMT
Author: elecharny
Date: Mon Nov  8 21:54:19 2010
New Revision: 1032754

URL: http://svn.apache.org/viewvc?rev=1032754&view=rev
Log:
o Added the KDC-REQ-BODY computeLength method
o Added a test with a complete KDC-REQ-BODY to check that the encoded length is ok
o Fixed the way PrincipalNames were handling the name-string
o Fixed a bug in the ticket length computation

Added:
    directory/apacheds/trunk/kerberos-codec/src/test/java/org/apache/directory/shared/kerberos/codec/KdcReqBodyDecoderTest.java
Modified:
    directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/components/HostAddress.java
    directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/components/KdcReqBody.java
    directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/components/PrincipalName.java
    directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/messages/Ticket.java

Modified: directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/components/HostAddress.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/components/HostAddress.java?rev=1032754&r1=1032753&r2=1032754&view=diff
==============================================================================
--- directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/components/HostAddress.java
(original)
+++ directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/components/HostAddress.java
Mon Nov  8 21:54:19 2010
@@ -343,17 +343,13 @@ public class HostAddress extends Abstrac
      */
     public String toString()
     {
-        String result = "";
-
         try
         {
-            result = InetAddress.getByAddress( address ).getHostAddress();
+            return InetAddress.getByAddress( address ).getHostAddress();
         }
         catch ( UnknownHostException uhe )
         {
-            result = "Unknow host : " + StringTools.utf8ToString( address );
+            return "Unknow host : " + StringTools.utf8ToString( address );
         }
-
-        return result;
     }
 }

Modified: directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/components/KdcReqBody.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/components/KdcReqBody.java?rev=1032754&r1=1032753&r2=1032754&view=diff
==============================================================================
--- directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/components/KdcReqBody.java
(original)
+++ directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/components/KdcReqBody.java
Mon Nov  8 21:54:19 2010
@@ -25,9 +25,12 @@ import java.util.HashSet;
 import java.util.List;
 import java.util.Set;
 
+import org.apache.directory.shared.asn1.ber.tlv.TLV;
+import org.apache.directory.shared.asn1.ber.tlv.Value;
 import org.apache.directory.shared.kerberos.codec.options.KdcOptions;
 import org.apache.directory.shared.kerberos.codec.types.EncryptionType;
 import org.apache.directory.shared.kerberos.messages.Ticket;
+import org.apache.directory.shared.ldap.util.StringTools;
 
 import sun.security.krb5.internal.AuthorizationData;
 import sun.security.krb5.internal.KerberosTime;
@@ -98,6 +101,25 @@ public class KdcReqBody
     /** Additional tickets */
     private List<Ticket> additionalTickets;
 
+    // Storage for computed lengths
+    private transient int kdcOptionsLength;
+    private transient int cNameLength;
+    private transient int realmLength;
+    private transient byte[] realmBytes;
+    private transient int sNameLength;
+    private transient int fromLength;
+    private transient int tillLength;
+    private transient int rtimeLength;
+    private transient int nonceLength;
+    private transient int eTypeLength;
+    private transient int eTypeSeqLength;
+    private transient int[] eTypeLengths;
+    private transient int addressesLength;
+    private transient int encAuthzDataLength;
+    private transient int additionalTicketSeqLength;
+    private transient int[] additionalTicketsLengths;
+    private transient int kdcReqBodySeqLength;
+    private transient int kdcReqBodyLength;
 
     /**
      * Creates a new instance of RequestBody.
@@ -363,4 +385,311 @@ public class KdcReqBody
     {
         this.till = till;
     }
+
+    
+    /**
+     * Compute the KdcReqBody length
+     * 
+     * KdcReqBody :
+     * 
+     * 0x30 L1 KdcReqBody sequence
+     *  |
+     *  +--> 0xA0 L2 kdc-options tag
+     *  |     |
+     *  |     +--> 0x05 L2-1 kdc-options (BitString)
+     *  |
+     *  +--> 0xA1 L3 cname tag
+     *  |     |
+     *  |     +--> 0x30 L3-1 cname (PrincipalName)
+     *  |     
+     *  +--> 0xA2 L4 realm tag
+     *  |     |
+     *  |     +--> 0x1B L4-1 realm (Realm, KerberosString)
+     *  |     
+     *  +--> 0xA3 L5 sname tag
+     *  |     |
+     *  |     +--> 0x30 L5-1 sname (PrincipalName)
+     *  |     
+     *  +--> 0xA4 L6 from tag
+     *  |     |
+     *  |     +--> 0x18 L6-1 from (KerberosTime)
+     *  |     
+     *  +--> 0xA5 L7 till tag
+     *  |     |
+     *  |     +--> 0x18 L7-1 till (KerberosTime)
+     *  |     
+     *  +--> 0xA6 L8 rtime tag
+     *  |     |
+     *  |     +--> 0x18 L8-1 rtime (KerberosTime)
+     *  |     
+     *  +--> 0xA7 L9 nonce tag
+     *  |     |
+     *  |     +--> 0x02 L9-1 nonce (Int)
+     *  |     
+     *  +--> 0xA8 L10 etype tag
+     *  |     |
+     *  |     +--> 0x30 L10-1 SEQ
+     *  |           |
+     *  |           +--> 0x02 L10-1-1 etype
+     *  |           |
+     *  |           +--> 0x02 L10-1-2 etype
+     *  |           |
+     *  |           :
+     *  |
+     *  +--> 0xA9 L11 addresses tag
+     *  |     |
+     *  |     +--> 0x30 L11-1 addresses (HostAddresses)
+     *  |     
+     *  +--> 0xA10 L12 enc-authorization-data tag
+     *  |     |
+     *  |     +--> 0x30 L12-1 enc-authorization-data
+     *  |     
+     *  +--> 0xA11 L13 additional-tickets tag
+     *        |
+     *        +--> 0x30 L13-1 additional-tickets
+     *              |
+     *              +--> 0x61 L13-1-1 Ticket
+     *              |
+     *              +--> 0x61 L13-1-2 Ticket
+     *              |
+     *              :
+     *        
+     */
+    public int computeLength()
+    {
+        // The KdcOptions length
+        kdcOptionsLength = 1 + 1 + kdcOptions.getBytes().length;
+        
+        // The cname length
+        if ( cName != null )
+        {
+            cNameLength = cName.computeLength();
+        }
+
+        // Compute the realm length.
+        realmBytes = StringTools.getBytesUtf8( realm );
+        realmLength = 1 + TLV.getNbBytes( realmBytes.length ) + realmBytes.length;
+        
+        // The sname length
+        if ( sName != null )
+        {
+            sNameLength = sName.computeLength();
+        }
+
+        // The from length
+        if ( from != null )
+        {
+            fromLength = 1 + 1 + 0x0F;
+        }
+
+        // The till length
+        tillLength = 1 + 1 + 0x0F;
+
+        // The rtime length
+        if ( rtime != null )
+        {
+            rtimeLength = 1 + 1 + 0x0F;
+        }
+
+        // The nonce length
+        nonceLength = 1 + 1 + Value.getNbBytes( nonce );
+        
+        // The eType length
+        eTypeLengths = new int[eType.size()];
+        int pos = 0;
+        
+        for ( EncryptionType encryptionType : eType )
+        {
+            eTypeLengths[pos] = 1 + 1 + Value.getNbBytes( encryptionType.ordinal() );
+            eTypeSeqLength += eTypeLengths[pos];
+            pos++;
+        }
+        
+        eTypeLength = 1 + TLV.getNbBytes( eTypeSeqLength ) + eTypeSeqLength;
+        
+        // The Addresses length
+        if ( addresses != null )
+        {
+            addressesLength = addresses.computeLength();
+        }
+        
+        // The EncAuthorizationData length
+        if ( encAuthorizationData != null )
+        {
+            encAuthzDataLength = encAuthorizationData.computeLength();
+        }
+        
+        // The additionalTickets length
+        if ( additionalTickets.size() != 0 )
+        {
+            additionalTicketsLengths = new int[additionalTickets.size()];
+            pos = 0;
+            
+            for ( Ticket ticket : additionalTickets )
+            {
+                additionalTicketsLengths[pos] = ticket.computeLength();
+                additionalTicketSeqLength += additionalTicketsLengths[pos];
+                pos++;
+            }
+            
+            additionalTicketSeqLength = 1 + TLV.getNbBytes( additionalTicketSeqLength ) +
additionalTicketSeqLength;
+        }
+
+        // Compute the sequence size.
+        // The mandatory fields first
+        kdcReqBodySeqLength = 1 + TLV.getNbBytes( kdcOptionsLength ) + kdcOptionsLength;

+        kdcReqBodySeqLength += 1 + TLV.getNbBytes( realmLength ) + realmLength;
+        kdcReqBodySeqLength += 1 + 1 + tillLength;
+        kdcReqBodySeqLength += 1 + 1 + nonceLength;
+        kdcReqBodySeqLength += 1 + TLV.getNbBytes( eTypeLength ) + eTypeLength;
+        
+        // The optional fields
+        if ( cName != null )
+        {
+            kdcReqBodySeqLength += 1 + TLV.getNbBytes( cNameLength ) + cNameLength;
+        }
+        
+        if ( sName != null )
+        {
+            kdcReqBodySeqLength += 1 + TLV.getNbBytes( sNameLength ) + sNameLength;
+        }
+        
+        if ( from != null )
+        {
+            kdcReqBodySeqLength += 1 + 1 + fromLength;
+        }
+        
+        if ( rtime != null )
+        {
+            kdcReqBodySeqLength += 1 + 1 + rtimeLength;
+        }
+
+        if ( addresses != null )
+        {
+            kdcReqBodySeqLength += 1 + TLV.getNbBytes( addressesLength ) + addressesLength;
+        }
+        
+        if ( encAuthorizationData != null )
+        {
+            kdcReqBodySeqLength += 1 + TLV.getNbBytes( encAuthzDataLength ) + encAuthzDataLength;
+        }
+        
+        if ( additionalTickets.size() != 0 )
+        {
+            kdcReqBodySeqLength += 1 + TLV.getNbBytes( additionalTicketSeqLength ) + additionalTicketSeqLength;
+        }
+        
+        // compute the global size
+        kdcReqBodyLength = 1 + TLV.getNbBytes( kdcReqBodySeqLength ) + kdcReqBodySeqLength;
+        
+        return 1 + TLV.getNbBytes( kdcReqBodyLength ) + kdcReqBodyLength;
+    }
+
+    /**
+     * @see Object#toString()
+     */
+    public String toString()
+    {
+        StringBuilder sb = new StringBuilder();
+
+        sb.append( "KDCOptions : " ).append( kdcOptions ).append( '\n' );
+
+        if ( cName != null )
+        {
+            sb.append( "cname : " ).append( cName ).append( '\n' );
+        }
+        
+        sb.append( "ream : " ).append( realm ).append( '\n' );
+
+        if ( sName != null )
+        {
+            sb.append( "sname : " ).append( sName ).append( '\n' );
+        }
+
+        if ( from != null )
+        {
+            sb.append( "from : " ).append( from ).append( '\n' );
+        }
+        
+        sb.append( "till : " ).append( till ).append( '\n' );
+        
+
+        if ( from != null )
+        {
+            sb.append( "rtime : " ).append( rtime ).append( '\n' );
+        }
+        
+        sb.append( "nonce : " ).append( nonce ).append( '\n' );
+        
+        sb.append( "etype : " );
+        boolean isFirst = true;
+        
+        for ( EncryptionType encryptionType : eType )
+        {
+            if ( isFirst )
+            {
+                isFirst = false;
+            }
+            else
+            {
+                sb.append( " " );
+            }
+            
+            sb.append( encryptionType );
+        }
+        
+        sb.append( '\n' );
+        
+        if ( addresses != null )
+        {
+            sb.append( "addresses : " );
+            isFirst = true;
+            
+            for ( HostAddress hostAddress : addresses.getAddresses() )
+            {
+                if ( isFirst )
+                {
+                    isFirst = false;
+                }
+                else
+                {
+                    sb.append( " " );
+                }
+
+                sb.append( hostAddress );
+            }
+            
+            sb.append( '\n' );
+        }
+        
+
+        if ( encAuthorizationData != null )
+        {
+            sb.append( "enc-authorization-data" ).append( encAuthorizationData ).append(
'\n' );
+        }
+        
+        if ( additionalTickets.size() != 0 )
+        {
+            sb.append( "Tickets : " );
+            isFirst = true;
+
+            for ( Ticket ticket : additionalTickets )
+            {
+                if ( isFirst )
+                {
+                    isFirst = false;
+                }
+                else
+                {
+                    sb.append( " " );
+                }
+
+                sb.append( ticket );
+            }
+            
+            sb.append( '\n' );
+        }
+        
+        return sb.toString();
+    }
 }

Modified: directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/components/PrincipalName.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/components/PrincipalName.java?rev=1032754&r1=1032753&r2=1032754&view=diff
==============================================================================
--- directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/components/PrincipalName.java
(original)
+++ directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/components/PrincipalName.java
Mon Nov  8 21:54:19 2010
@@ -129,7 +129,7 @@ public class PrincipalName extends Abstr
     private PrincipalNameType nameType;
 
     /** The principal name - we may have more than one - */
-    private List<String> nameString;
+    private List<String> nameString = new ArrayList<String>();
     
     /** The principal name as a byte[], for encoding purpose */
     private transient List<byte[]> nameBytes;
@@ -179,8 +179,7 @@ public class PrincipalName extends Abstr
      */
     public PrincipalName( String nameString, PrincipalNameType nameType )  throws ParseException
     {
-        this.nameString = KerberosUtils.getNames( nameString );
-        
+        this.nameString.add( nameString );
         this.nameType = nameType;
     }
 
@@ -313,7 +312,7 @@ public class PrincipalName extends Abstr
     {
         // The principalName can't be empty.
         principalTypeLength = Value.getNbBytes( nameType.getOrdinal() );
-        principalTypeTagLength = 1 + TLV.getNbBytes( principalTypeLength ) + principalTypeLength;
+        principalTypeTagLength = 1 + 1 + principalTypeLength;
         
         principalNameSeqLength = 1 + TLV.getNbBytes( principalTypeTagLength ) + principalTypeTagLength;
 

Modified: directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/messages/Ticket.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/messages/Ticket.java?rev=1032754&r1=1032753&r2=1032754&view=diff
==============================================================================
--- directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/messages/Ticket.java
(original)
+++ directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/messages/Ticket.java
Mon Nov  8 21:54:19 2010
@@ -441,7 +441,7 @@ public class Ticket extends KerberosMess
     public int computeLength()
     {
         // Compute the Ticket version length.
-        tktvnoLength = 1 + TLV.getNbBytes( tktvno ) + Value.getNbBytes( tktvno );
+        tktvnoLength = 1 + 1 + Value.getNbBytes( tktvno );
 
         // Compute the Ticket realm length.
         realmBytes = StringTools.getBytesUtf8( realm );

Added: directory/apacheds/trunk/kerberos-codec/src/test/java/org/apache/directory/shared/kerberos/codec/KdcReqBodyDecoderTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-codec/src/test/java/org/apache/directory/shared/kerberos/codec/KdcReqBodyDecoderTest.java?rev=1032754&view=auto
==============================================================================
--- directory/apacheds/trunk/kerberos-codec/src/test/java/org/apache/directory/shared/kerberos/codec/KdcReqBodyDecoderTest.java
(added)
+++ directory/apacheds/trunk/kerberos-codec/src/test/java/org/apache/directory/shared/kerberos/codec/KdcReqBodyDecoderTest.java
Mon Nov  8 21:54:19 2010
@@ -0,0 +1,102 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.directory.shared.kerberos.codec;
+
+
+import static org.junit.Assert.assertEquals;
+
+import org.apache.directory.junit.tools.Concurrent;
+import org.apache.directory.junit.tools.ConcurrentJunitRunner;
+import org.apache.directory.shared.kerberos.codec.options.KdcOptions;
+import org.apache.directory.shared.kerberos.codec.types.EncryptionType;
+import org.apache.directory.shared.kerberos.codec.types.HostAddrType;
+import org.apache.directory.shared.kerberos.codec.types.PrincipalNameType;
+import org.apache.directory.shared.kerberos.components.EncryptedData;
+import org.apache.directory.shared.kerberos.components.HostAddress;
+import org.apache.directory.shared.kerberos.components.HostAddresses;
+import org.apache.directory.shared.kerberos.components.KdcReqBody;
+import org.apache.directory.shared.kerberos.components.PrincipalName;
+import org.apache.directory.shared.kerberos.messages.Ticket;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import sun.security.krb5.internal.KerberosTime;
+
+
+/**
+ * Test the decoder for a KdcReqBody
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+@RunWith(ConcurrentJunitRunner.class)
+@Concurrent()
+public class KdcReqBodyDecoderTest
+{
+    /**
+     * Test the decoding of a KdcReqBody message
+     */
+    @Test
+    public void testEncodeTicket() throws Exception
+    {
+        KdcReqBody body = new KdcReqBody();
+        
+        body.setKdcOptions( new KdcOptions( new byte[]{0x01, 0x02, 0x03, 0x04} ) );
+        body.setCName( new PrincipalName( "client", PrincipalNameType.KRB_NT_ENTERPRISE )
);
+        body.setRealm( "EXAMPLE.COM" );
+        body.setSName( new PrincipalName( "server", PrincipalNameType.KRB_NT_ENTERPRISE )
);
+        body.setFrom( new KerberosTime( System.currentTimeMillis() ) );
+        body.setTill( new KerberosTime( System.currentTimeMillis() ) );
+        body.setRtime( new KerberosTime( System.currentTimeMillis() ) );
+        body.setNonce( 12345 );
+        
+        body.addEType( EncryptionType.AES256_CTS_HMAC_SHA1_96 );
+        body.addEType( EncryptionType.DES3_CBC_MD5 );
+        body.addEType( EncryptionType.AES128_CTS_HMAC_SHA1_96 );
+        
+        HostAddresses addresses = new HostAddresses();
+        addresses.addHostAddress( new HostAddress( HostAddrType.ADDRTYPE_INET, "192.168.0.1".getBytes()
) );
+        addresses.addHostAddress( new HostAddress( HostAddrType.ADDRTYPE_INET, "192.168.0.2".getBytes()
) );
+        body.setAddresses( addresses );
+
+        EncryptedData encAuthorizationData = new EncryptedData( EncryptionType.AES128_CTS_HMAC_SHA1_96,
"abcdef".getBytes() );
+        body.setEncAuthorizationData( encAuthorizationData );
+        
+        Ticket ticket1 = new Ticket();
+        ticket1.setTktVno( 5 );
+        ticket1.setRealm( "EXAMPLE.COM" );
+        ticket1.setSName( new PrincipalName( "client", PrincipalNameType.KRB_NT_PRINCIPAL
) );
+        ticket1.setEncPart( new EncryptedData( EncryptionType.AES128_CTS_HMAC_SHA1_96, "abcdef".getBytes()
) );
+        
+        body.addAdditionalTicket( ticket1 );
+
+        Ticket ticket2 = new Ticket();
+        ticket2.setTktVno( 5 );
+        ticket2.setRealm( "EXAMPLE.COM" );
+        ticket2.setSName( new PrincipalName( "server", PrincipalNameType.KRB_NT_PRINCIPAL
) );
+        ticket2.setEncPart( new EncryptedData( EncryptionType.AES128_CTS_HMAC_SHA1_96, "abcdef".getBytes()
) );
+        
+        body.addAdditionalTicket( ticket2 );
+        
+        // Check the encoding
+        int length = body.computeLength();
+
+        // Check the length
+        assertEquals( 0x15E, length );
+    }
+}



Mime
View raw message