directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From elecha...@apache.org
Subject svn commit: r1041794 - in /directory/apacheds/branches/apacheds-kerberos-codec-2.0: kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/messages/ protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/
Date Fri, 03 Dec 2010 13:01:20 GMT
Author: elecharny
Date: Fri Dec  3 13:01:20 2010
New Revision: 1041794

URL: http://svn.apache.org/viewvc?rev=1041794&view=rev
Log:
o Added a field to store an EncTicketPart into the ticket
o Fixed compilation failures

Modified:
    directory/apacheds/branches/apacheds-kerberos-codec-2.0/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/messages/Ticket.java
    directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationService.java

Modified: directory/apacheds/branches/apacheds-kerberos-codec-2.0/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/messages/Ticket.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos-codec-2.0/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/messages/Ticket.java?rev=1041794&r1=1041793&r2=1041794&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos-codec-2.0/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/messages/Ticket.java
(original)
+++ directory/apacheds/branches/apacheds-kerberos-codec-2.0/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/messages/Ticket.java
Fri Dec  3 13:01:20 2010
@@ -30,6 +30,7 @@ import org.apache.directory.shared.asn1.
 import org.apache.directory.shared.asn1.codec.EncoderException;
 import org.apache.directory.shared.kerberos.KerberosConstants;
 import org.apache.directory.shared.kerberos.KerberosMessageType;
+import org.apache.directory.shared.kerberos.components.EncTicketPart;
 import org.apache.directory.shared.kerberos.components.EncryptedData;
 import org.apache.directory.shared.kerberos.components.PrincipalName;
 import org.apache.directory.shared.kerberos.exceptions.InvalidTicketException;
@@ -75,6 +76,9 @@ public class Ticket extends KerberosMess
     /** The encoded part */
     private EncryptedData encPart;
     
+    /** The encoded ticket part, stored in its original form (not encoded) */
+    private transient EncTicketPart encTicketPart;
+    
     // Storage for computed lengths
     private transient int tktvnoLength;
     private transient int realmLength;
@@ -205,6 +209,24 @@ public class Ticket extends KerberosMess
     
 
     /**
+     * @return the encTicketPart
+     */
+    public EncTicketPart getEncTicketPart()
+    {
+        return encTicketPart;
+    }
+
+
+    /**
+     * @param encTicketPart the encTicketPart to set
+     */
+    public void setEncTicketPart( EncTicketPart encTicketPart )
+    {
+        this.encTicketPart = encTicketPart;
+    }
+
+    
+    /**
      * Compute the Ticket length
      * <pre>
      * Ticket :

Modified: directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationService.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationService.java?rev=1041794&r1=1041793&r2=1041794&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationService.java
(original)
+++ directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationService.java
Fri Dec  3 13:01:20 2010
@@ -295,7 +295,7 @@ public class AuthenticationService
                     }
                 }
 
-                if ( preAuthData.length > 0 && timestamp == null )
+                if ( ( preAuthData.size() > 0 ) && ( timestamp == null ) )
                 {
                     throw new KerberosException( ErrorType.KDC_ERR_PADATA_TYPE_NOSUPP );
                 }
@@ -306,7 +306,7 @@ public class AuthenticationService
                         preparePreAuthenticationError( config.getEncryptionTypes() ) );
                 }
 
-                if ( !timestamp.getTimeStamp().isInClockSkew( config.getAllowableClockSkew()
) )
+                if ( !timestamp.getPaTimestamp().isInClockSkew( config.getAllowableClockSkew()
) )
                 {
                     throw new KerberosException( ErrorType.KDC_ERR_PREAUTH_FAILED );
                 }
@@ -351,12 +351,12 @@ public class AuthenticationService
 
         PrincipalName ticketPrincipal = request.getKdcReqBody().getSName();
         
-        EncTicketPart newTicketBody = new EncTicketPart();
+        EncTicketPart encTicketPart = new EncTicketPart();
         KdcServer config = authContext.getConfig();
 
         // The INITIAL flag indicates that a ticket was issued using the AS protocol.
         TicketFlags ticketFlags = new TicketFlags();
-        newTicketBody.setFlags( ticketFlags );
+        encTicketPart.setFlags( ticketFlags );
         ticketFlags.setFlag( TicketFlag.INITIAL );
 
         // The PRE-AUTHENT flag indicates that the client used pre-authentication.
@@ -405,14 +405,14 @@ public class AuthenticationService
         }
 
         EncryptionKey sessionKey = RandomKeyFactory.getRandomKey( authContext.getEncryptionType()
);
-        newTicketBody.setKey( sessionKey );
+        encTicketPart.setKey( sessionKey );
 
-        newTicketBody.setcName( request.getKdcReqBody().getCName() );
-        newTicketBody.setTransited( new TransitedEncoding() );
+        encTicketPart.setcName( request.getKdcReqBody().getCName() );
+        encTicketPart.setTransited( new TransitedEncoding() );
 
         KerberosTime now = new KerberosTime();
 
-        newTicketBody.setAuthTime( now );
+        encTicketPart.setAuthTime( now );
 
         KerberosTime startTime = request.getKdcReqBody().getFrom();
 
@@ -454,7 +454,7 @@ public class AuthenticationService
 
             ticketFlags.setFlag( TicketFlag.POSTDATED );
             ticketFlags.setFlag( TicketFlag.INVALID );
-            newTicketBody.setStartTime( startTime );
+            encTicketPart.setStartTime( startTime );
         }
 
         long till = 0;
@@ -474,7 +474,7 @@ public class AuthenticationService
          */
         long endTime = Math.min( till, startTime.getTime() + config.getMaximumTicketLifetime()
);
         KerberosTime kerberosEndTime = new KerberosTime( endTime );
-        newTicketBody.setEndTime( kerberosEndTime );
+        encTicketPart.setEndTime( kerberosEndTime );
 
         /*
          * "If the requested expiration time minus the starttime (as determined
@@ -533,13 +533,13 @@ public class AuthenticationService
              * configured in policy.
              */
             long renewTill = Math.min( tempRtime.getTime(), startTime.getTime() + config.getMaximumRenewableLifetime()
);
-            newTicketBody.setRenewTill( new KerberosTime( renewTill ) );
+            encTicketPart.setRenewTill( new KerberosTime( renewTill ) );
         }
 
         if ( request.getKdcReqBody().getAddresses() != null && request.getKdcReqBody().getAddresses().getAddresses()
!= null
             && request.getKdcReqBody().getAddresses().getAddresses().length >
0 )
         {
-            newTicketBody.setClientAddresses( request.getKdcReqBody().getAddresses() );
+            encTicketPart.setClientAddresses( request.getKdcReqBody().getAddresses() );
         }
         else
         {
@@ -549,12 +549,10 @@ public class AuthenticationService
             }
         }
 
-        EncTicketPart ticketPart = newTicketBody.getEncTicketPart();
-
-        EncryptedData encryptedData = cipherTextHandler.seal( serverKey, ticketPart, KeyUsage.NUMBER2
);
+        EncryptedData encryptedData = cipherTextHandler.seal( serverKey, encTicketPart, KeyUsage.NUMBER2
);
 
         Ticket newTicket = new Ticket( ticketPrincipal, encryptedData );
-        newTicket.setEncTicketPart( ticketPart );
+        newTicket.setEncTicketPart( encTicketPart );
 
         if ( LOG.isDebugEnabled() )
         {



Mime
View raw message