Author: elecharny
Date: Sun Dec 5 21:33:45 2010
New Revision: 1042453
URL: http://svn.apache.org/viewvc?rev=1042453&view=rev
Log:
o Some more decoder removal
o Some fixes
Removed:
directory/apacheds/branches/apacheds-kerberos-codec-2.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/io/decoder/ApplicationReplyDecoder.java
directory/apacheds/branches/apacheds-kerberos-codec-2.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/io/decoder/ApplicationRequestDecoder.java
directory/apacheds/branches/apacheds-kerberos-codec-2.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/io/decoder/EncryptionKeyDecoder.java
Modified:
directory/apacheds/branches/apacheds-kerberos-codec-2.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/PrincipalStoreEntryModifier.java
directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/TicketGrantingContext.java
directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/TicketGrantingService.java
directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/protocol/KerberosDecoder.java
directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/AuthenticationEncryptionTypeTest.java
Modified: directory/apacheds/branches/apacheds-kerberos-codec-2.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/PrincipalStoreEntryModifier.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos-codec-2.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/PrincipalStoreEntryModifier.java?rev=1042453&r1=1042452&r2=1042453&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos-codec-2.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/PrincipalStoreEntryModifier.java
(original)
+++ directory/apacheds/branches/apacheds-kerberos-codec-2.0/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/store/PrincipalStoreEntryModifier.java
Sun Dec 5 21:33:45 2010
@@ -27,7 +27,6 @@ import java.util.Map;
import javax.security.auth.kerberos.KerberosPrincipal;
import org.apache.directory.server.i18n.I18n;
-import org.apache.directory.server.kerberos.shared.io.decoder.EncryptionKeyDecoder;
import org.apache.directory.server.kerberos.shared.messages.value.types.SamType;
import org.apache.directory.shared.kerberos.KerberosTime;
import org.apache.directory.shared.kerberos.codec.types.EncryptionType;
@@ -291,7 +290,7 @@ public class PrincipalStoreEntryModifier
}
byte[] encryptionKeyBytes = val.getBytes();
- EncryptionKey encryptionKey = EncryptionKeyDecoder.decode( encryptionKeyBytes
);
+ EncryptionKey encryptionKey = KerberosDecoder.decodeEncryptionKey( encryptionKeyBytes
);
map.put( encryptionKey.getKeyType(), encryptionKey );
}
Modified: directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/TicketGrantingContext.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/TicketGrantingContext.java?rev=1042453&r1=1042452&r2=1042453&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/TicketGrantingContext.java
(original)
+++ directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/TicketGrantingContext.java
Sun Dec 5 21:33:45 2010
@@ -21,9 +21,8 @@ package org.apache.directory.server.kerb
import org.apache.directory.server.kerberos.kdc.KdcContext;
-import org.apache.directory.server.kerberos.shared.messages.ApplicationRequest;
-import org.apache.directory.server.kerberos.shared.replay.ReplayCache;
import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntry;
+import org.apache.directory.shared.kerberos.messages.ApReq;
import org.apache.directory.shared.kerberos.messages.Authenticator;
import org.apache.directory.shared.kerberos.messages.Ticket;
@@ -35,7 +34,7 @@ public class TicketGrantingContext exten
{
private static final long serialVersionUID = 2130665703752837491L;
- private ApplicationRequest authHeader;
+ private ApReq authHeader;
private Ticket tgt;
private Ticket newTicket;
private Authenticator authenticator;
@@ -137,7 +136,7 @@ public class TicketGrantingContext exten
/**
* @return Returns the authHeader.
*/
- public ApplicationRequest getAuthHeader()
+ public ApReq getAuthHeader()
{
return authHeader;
}
@@ -146,7 +145,7 @@ public class TicketGrantingContext exten
/**
* @param authHeader The authHeader to set.
*/
- public void setAuthHeader( ApplicationRequest authHeader )
+ public void setAuthHeader( ApReq authHeader )
{
this.authHeader = authHeader;
}
Modified: directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/TicketGrantingService.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/TicketGrantingService.java?rev=1042453&r1=1042452&r2=1042453&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/TicketGrantingService.java
(original)
+++ directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/TicketGrantingService.java
Sun Dec 5 21:33:45 2010
@@ -39,8 +39,6 @@ import org.apache.directory.server.kerbe
import org.apache.directory.server.kerberos.shared.crypto.encryption.KeyUsage;
import org.apache.directory.server.kerberos.shared.crypto.encryption.RandomKeyFactory;
import org.apache.directory.server.kerberos.shared.exceptions.KerberosException;
-import org.apache.directory.server.kerberos.shared.io.decoder.ApplicationRequestDecoder;
-import org.apache.directory.server.kerberos.shared.messages.ApplicationRequest;
import org.apache.directory.server.kerberos.shared.replay.ReplayCache;
import org.apache.directory.server.kerberos.shared.store.PrincipalStore;
import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntry;
@@ -69,6 +67,7 @@ import org.apache.directory.shared.kerbe
import org.apache.directory.shared.kerberos.exceptions.ErrorType;
import org.apache.directory.shared.kerberos.exceptions.InvalidTicketException;
import org.apache.directory.shared.kerberos.flags.TicketFlag;
+import org.apache.directory.shared.kerberos.messages.ApReq;
import org.apache.directory.shared.kerberos.messages.Authenticator;
import org.apache.directory.shared.kerberos.messages.EncTgsRepPart;
import org.apache.directory.shared.kerberos.messages.TgsRep;
@@ -202,8 +201,7 @@ public class TicketGrantingService
throw new KerberosException( ErrorType.KDC_ERR_PADATA_TYPE_NOSUPP );
}
- ApplicationRequestDecoder decoder = new ApplicationRequestDecoder();
- ApplicationRequest authHeader = decoder.decode( undecodedAuthHeader );
+ ApReq authHeader = KerberosDecoder.decodeApReq( undecodedAuthHeader );
Ticket tgt = authHeader.getTicket();
@@ -251,7 +249,7 @@ public class TicketGrantingService
private static void verifyTgtAuthHeader( TicketGrantingContext tgsContext ) throws KerberosException
{
- ApplicationRequest authHeader = tgsContext.getAuthHeader();
+ ApReq authHeader = tgsContext.getAuthHeader();
Ticket tgt = tgsContext.getTgt();
boolean isValidate = tgsContext.getRequest().getKdcReqBody().getKdcOptions().get(
KdcOptions.VALIDATE );
@@ -987,7 +985,7 @@ public class TicketGrantingService
* @return The authenticator.
* @throws KerberosException
*/
- public static Authenticator verifyAuthHeader( ApplicationRequest authHeader, Ticket ticket,
EncryptionKey serverKey,
+ public static Authenticator verifyAuthHeader( ApReq authHeader, Ticket ticket, EncryptionKey
serverKey,
long clockSkew, ReplayCache replayCache, boolean emptyAddressesAllowed, InetAddress
clientAddress,
CipherTextHandler lockBox, KeyUsage authenticatorKeyUsage, boolean isValidate ) throws
KerberosException
{
@@ -1096,7 +1094,7 @@ public class TicketGrantingService
throw new KerberosException( ErrorType.KRB_AP_ERR_TKT_EXPIRED );
}
- authHeader.setOption( ApOptions.MUTUAL_REQUIRED );
+ authHeader.getApOptions().set( ApOptions.MUTUAL_REQUIRED );
return authenticator;
}
Modified: directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/protocol/KerberosDecoder.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/protocol/KerberosDecoder.java?rev=1042453&r1=1042452&r2=1042453&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/protocol/KerberosDecoder.java
(original)
+++ directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/protocol/KerberosDecoder.java
Sun Dec 5 21:33:45 2010
@@ -32,6 +32,8 @@ import org.apache.directory.shared.asn1.
import org.apache.directory.shared.asn1.codec.DecoderException;
import org.apache.directory.shared.kerberos.codec.KerberosMessageContainer;
import org.apache.directory.shared.kerberos.codec.EncKdcRepPart.EncKdcRepPartContainer;
+import org.apache.directory.shared.kerberos.codec.apRep.ApRepContainer;
+import org.apache.directory.shared.kerberos.codec.apReq.ApReqContainer;
import org.apache.directory.shared.kerberos.codec.authenticator.AuthenticatorContainer;
import org.apache.directory.shared.kerberos.codec.authorizationData.AuthorizationDataContainer;
import org.apache.directory.shared.kerberos.codec.encApRepPart.EncApRepPartContainer;
@@ -51,6 +53,8 @@ import org.apache.directory.shared.kerbe
import org.apache.directory.shared.kerberos.components.PaEncTsEnc;
import org.apache.directory.shared.kerberos.components.PrincipalName;
import org.apache.directory.shared.kerberos.exceptions.ErrorType;
+import org.apache.directory.shared.kerberos.messages.ApRep;
+import org.apache.directory.shared.kerberos.messages.ApReq;
import org.apache.directory.shared.kerberos.messages.Authenticator;
import org.apache.directory.shared.kerberos.messages.EncApRepPart;
import org.apache.directory.shared.kerberos.messages.Ticket;
@@ -515,4 +519,73 @@ public class KerberosDecoder extends Pro
return authorizationData;
}
+
+ /**
+ * Decode a AP-REP structure
+ *
+ * @param data The byte array containing the data structure to decode
+ * @return An instance of ApRep
+ * @throws KerberosException If the decoding fails
+ */
+ public static ApRep decodeApRep( byte[] data ) throws KerberosException
+ {
+ ByteBuffer stream = ByteBuffer.allocate( data.length );
+ stream.put( data );
+ stream.flip();
+
+ // Allocate a ApRep Container
+ Asn1Container apRepContainer = new ApRepContainer();
+
+ Asn1Decoder kerberosDecoder = new Asn1Decoder();
+
+ // Decode the ApRep PDU
+ try
+ {
+ kerberosDecoder.decode( stream, apRepContainer );
+ }
+ catch ( DecoderException de )
+ {
+ throw new KerberosException( ErrorType.KRB_AP_ERR_BAD_INTEGRITY, de );
+ }
+
+ // get the decoded ApRep
+ ApRep apRep = ( ( ApRepContainer ) apRepContainer ).getApRep();
+
+ return apRep;
+ }
+
+
+ /**
+ * Decode a AP-REQ structure
+ *
+ * @param data The byte array containing the data structure to decode
+ * @return An instance of ApReq
+ * @throws KerberosException If the decoding fails
+ */
+ public static ApReq decodeApReq( byte[] data ) throws KerberosException
+ {
+ ByteBuffer stream = ByteBuffer.allocate( data.length );
+ stream.put( data );
+ stream.flip();
+
+ // Allocate a ApReq Container
+ Asn1Container apReqContainer = new ApReqContainer();
+
+ Asn1Decoder kerberosDecoder = new Asn1Decoder();
+
+ // Decode the ApReq PDU
+ try
+ {
+ kerberosDecoder.decode( stream, apReqContainer );
+ }
+ catch ( DecoderException de )
+ {
+ throw new KerberosException( ErrorType.KRB_AP_ERR_BAD_INTEGRITY, de );
+ }
+
+ // get the decoded ApReq
+ ApReq apReq = ( ( ApReqContainer ) apReqContainer ).getApReq();
+
+ return apReq;
+ }
}
Modified: directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/AuthenticationEncryptionTypeTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/AuthenticationEncryptionTypeTest.java?rev=1042453&r1=1042452&r2=1042453&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/AuthenticationEncryptionTypeTest.java
(original)
+++ directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/AuthenticationEncryptionTypeTest.java
Sun Dec 5 21:33:45 2010
@@ -34,7 +34,6 @@ import org.apache.directory.server.kerbe
import org.apache.directory.server.kerberos.shared.crypto.encryption.CipherTextHandler;
import org.apache.directory.server.kerberos.shared.crypto.encryption.KerberosKeyFactory;
import org.apache.directory.server.kerberos.shared.crypto.encryption.KeyUsage;
-import org.apache.directory.shared.kerberos.messages.AsRep;
import org.apache.directory.server.kerberos.shared.store.PrincipalStore;
import org.apache.directory.shared.kerberos.KerberosTime;
import org.apache.directory.shared.kerberos.codec.options.KdcOptions;
@@ -46,6 +45,7 @@ import org.apache.directory.shared.kerbe
import org.apache.directory.shared.kerberos.components.KdcReqBody;
import org.apache.directory.shared.kerberos.components.PaData;
import org.apache.directory.shared.kerberos.components.PaEncTsEnc;
+import org.apache.directory.shared.kerberos.messages.AsRep;
import org.apache.directory.shared.kerberos.messages.AsReq;
import org.apache.directory.shared.kerberos.messages.KrbError;
import org.junit.After;
@@ -129,8 +129,8 @@ public class AuthenticationEncryptionTyp
handler.messageReceived( session, message );
Object msg = session.getMessage();
- assertEquals( "session.getMessage() instanceOf", AuthenticationReply.class, msg.getClass()
);
- AuthenticationReply reply = ( AuthenticationReply ) msg;
+ assertEquals( "session.getMessage() instanceOf", AsRep.class, msg.getClass() );
+ AsRep reply = ( AsRep ) msg;
assertEquals( "Encryption type", EncryptionType.DES_CBC_MD5, reply.getEncPart().getEType()
);
}
@@ -187,8 +187,8 @@ public class AuthenticationEncryptionTyp
handler.messageReceived( session, message );
Object msg = session.getMessage();
- assertEquals( "session.getMessage() instanceOf", AuthenticationReply.class, msg.getClass()
);
- AuthenticationReply reply = ( AuthenticationReply ) msg;
+ assertEquals( "session.getMessage() instanceOf", AsRep.class, msg.getClass() );
+ AsRep reply = ( AsRep ) msg;
assertTrue( "Requested end time", requestedEndTime.equals( reply.getEndTime() ) );
assertTrue( "PRE_AUTHENT flag", reply.getTicket().getEncTicketPart().getFlags().isPreAuth()
);
@@ -248,14 +248,14 @@ public class AuthenticationEncryptionTyp
handler.messageReceived( session, message );
Object msg = session.getMessage();
- assertEquals( "session.getMessage() instanceOf", AuthenticationReply.class, msg.getClass()
);
- AuthenticationReply reply = ( AuthenticationReply ) msg;
+ assertEquals( "session.getMessage() instanceOf", AsRep.class, msg.getClass() );
+ AsRep reply = ( AsRep ) msg;
assertTrue( "Requested end time", requestedEndTime.equals( reply.getEndTime() ) );
assertTrue( "PRE_AUTHENT flag", reply.getTicket().getEncTicketPart().getFlags().isPreAuth()
);
assertEquals( "Encryption type", EncryptionType.AES128_CTS_HMAC_SHA1_96, reply.getEncPart().getEType()
);
- assertEquals( "Nonce", nonce, reply.getNonce() );
+ assertEquals( "Nonce", nonce, reply.getEncPart().getNonce() );
}
|