directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From elecha...@apache.org
Subject svn commit: r1043790 [1/6] - in /directory/apacheds/trunk/protocol-kerberos: ./ src/main/java/org/apache/directory/server/kerberos/kdc/ src/main/java/org/apache/directory/server/kerberos/kdc/authentication/ src/main/java/org/apache/directory/server/ker...
Date Thu, 09 Dec 2010 00:12:08 GMT
Author: elecharny
Date: Thu Dec  9 00:12:07 2010
New Revision: 1043790

URL: http://svn.apache.org/viewvc?rev=1043790&view=rev
Log:
Merged the kerberos-codec branch

Removed:
    directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/protocol/KerberosTcpDecoder.java
    directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/protocol/KerberosTcpEncoder.java
    directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/protocol/KerberosTcpProtocolCodecFactory.java
    directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/protocol/KerberosUdpDecoder.java
    directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/protocol/KerberosUdpEncoder.java
    directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/protocol/KerberosUdpProtocolCodecFactory.java
Modified:
    directory/apacheds/trunk/protocol-kerberos/   (props changed)
    directory/apacheds/trunk/protocol-kerberos/pom.xml
    directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/KdcContext.java
    directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/KdcServer.java
    directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationContext.java
    directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationService.java
    directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/TicketGrantingContext.java
    directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/TicketGrantingService.java
    directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/protocol/KerberosProtocolHandler.java
    directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/sam/SamException.java
    directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/sam/SamSubsystem.java
    directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/sam/SamVerifier.java
    directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/sam/TimestampChecker.java
    directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/AbstractAuthenticationServiceTest.java
    directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/AbstractTicketGrantingServiceTest.java
    directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/AuthenticationEncryptionTypeTest.java
    directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/AuthenticationPolicyTest.java
    directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/AuthenticationServiceTest.java
    directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/EncTktInSkeyTest.java
    directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/MapPrincipalStoreImpl.java
    directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/PreAuthenticationTest.java
    directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/TicketGrantingEncryptionTypeTest.java
    directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/TicketGrantingPolicyTest.java
    directory/apacheds/trunk/protocol-kerberos/src/test/java/org/apache/directory/server/kerberos/protocol/TicketGrantingServiceTest.java

Propchange: directory/apacheds/trunk/protocol-kerberos/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Thu Dec  9 00:12:07 2010
@@ -1,3 +1,4 @@
 /directory/apacheds/branches/apacheds-codec-merge/protocol-kerberos:982369-987590
 /directory/apacheds/branches/apacheds-config/protocol-kerberos:1023442-1029077
 /directory/apacheds/branches/apacheds-dnfactory-experiment/protocol-kerberos:980138-980936
+/directory/apacheds/branches/apacheds-kerberos-codec-2.0/protocol-kerberos:1040956-1043765

Modified: directory/apacheds/trunk/protocol-kerberos/pom.xml
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-kerberos/pom.xml?rev=1043790&r1=1043789&r2=1043790&view=diff
==============================================================================
--- directory/apacheds/trunk/protocol-kerberos/pom.xml (original)
+++ directory/apacheds/trunk/protocol-kerberos/pom.xml Thu Dec  9 00:12:07 2010
@@ -49,7 +49,7 @@
 
     <dependency>
       <groupId>${project.groupId}</groupId>
-      <artifactId>apacheds-kerberos-shared</artifactId>
+      <artifactId>apacheds-kerberos-codec</artifactId>
     </dependency>
 
     <dependency>

Modified: directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/KdcContext.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/KdcContext.java?rev=1043790&r1=1043789&r2=1043790&view=diff
==============================================================================
--- directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/KdcContext.java (original)
+++ directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/KdcContext.java Thu Dec  9 00:12:07 2010
@@ -23,10 +23,10 @@ package org.apache.directory.server.kerb
 import java.net.InetAddress;
 
 import org.apache.directory.server.kerberos.shared.crypto.encryption.CipherTextHandler;
-import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
-import org.apache.directory.server.kerberos.shared.messages.KdcRequest;
-import org.apache.directory.server.kerberos.shared.messages.KerberosMessage;
 import org.apache.directory.server.kerberos.shared.store.PrincipalStore;
+import org.apache.directory.shared.kerberos.codec.types.EncryptionType;
+import org.apache.directory.shared.kerberos.components.KdcReq;
+import org.apache.directory.shared.kerberos.messages.KerberosMessage;
 
 
 /**
@@ -38,7 +38,7 @@ public class KdcContext
 
     private KdcServer config;
     private PrincipalStore store;
-    private KdcRequest request;
+    private KdcReq request;
     private KerberosMessage reply;
     private InetAddress clientAddress;
     private CipherTextHandler cipherTextHandler;
@@ -84,7 +84,7 @@ public class KdcContext
     /**
      * @return Returns the request.
      */
-    public KdcRequest getRequest()
+    public KdcReq getRequest()
     {
         return request;
     }
@@ -93,7 +93,7 @@ public class KdcContext
     /**
      * @param request The request to set.
      */
-    public void setRequest( KdcRequest request )
+    public void setRequest( KdcReq request )
     {
         this.request = request;
     }

Modified: directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/KdcServer.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/KdcServer.java?rev=1043790&r1=1043789&r2=1043790&view=diff
==============================================================================
--- directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/KdcServer.java (original)
+++ directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/KdcServer.java Thu Dec  9 00:12:07 2010
@@ -26,17 +26,20 @@ import java.util.Set;
 
 import javax.security.auth.kerberos.KerberosPrincipal;
 
+import net.sf.ehcache.Cache;
+
 import org.apache.directory.server.constants.ServerDNConstants;
+import org.apache.directory.server.kerberos.protocol.KerberosProtocolCodecFactory;
 import org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler;
-import org.apache.directory.server.kerberos.protocol.KerberosTcpProtocolCodecFactory;
-import org.apache.directory.server.kerberos.protocol.KerberosUdpProtocolCodecFactory;
-import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
+import org.apache.directory.server.kerberos.shared.replay.ReplayCache;
+import org.apache.directory.server.kerberos.shared.replay.ReplayCacheImpl;
 import org.apache.directory.server.kerberos.shared.store.DirectoryPrincipalStore;
 import org.apache.directory.server.kerberos.shared.store.PrincipalStore;
 import org.apache.directory.server.protocol.shared.DirectoryBackedService;
 import org.apache.directory.server.protocol.shared.transport.TcpTransport;
 import org.apache.directory.server.protocol.shared.transport.Transport;
 import org.apache.directory.server.protocol.shared.transport.UdpTransport;
+import org.apache.directory.shared.kerberos.codec.types.EncryptionType;
 import org.apache.directory.shared.ldap.exception.LdapInvalidDnException;
 import org.apache.directory.shared.ldap.name.DN;
 import org.apache.mina.core.filterchain.DefaultIoFilterChainBuilder;
@@ -150,6 +153,8 @@ public class KdcServer extends Directory
     /** Whether to verify the body checksum. */
     private boolean isBodyChecksumVerified = DEFAULT_VERIFY_BODY_CHECKSUM;
 
+    /** the cache used for storing AS and TGS requests */
+    private ReplayCache replayCache;
 
     /**
      * Creates a new instance of KdcConfiguration.
@@ -430,6 +435,15 @@ public class KdcServer extends Directory
 
 
     /**
+     * @return the replayCache
+     */
+    public ReplayCache getReplayCache()
+    {
+        return replayCache;
+    }
+
+
+    /**
      * @throws IOException if we cannot bind to the sockets
      */
     public void start() throws IOException, LdapInvalidDnException
@@ -439,6 +453,11 @@ public class KdcServer extends Directory
         // TODO - for now ignoring this catalog crap
         store = new DirectoryPrincipalStore( getDirectoryService(), new DN(this.getSearchBaseDn())  );
         
+        LOG.debug( "initializing the kerberos replay cache" );
+
+        Cache cache = getDirectoryService().getCacheService().getCache( "kdcReplayCache" );
+        replayCache = new ReplayCacheImpl( cache, allowableClockSkew );
+        
         if ( ( transports == null ) || ( transports.size() == 0 ) )
         {
             // Default to UDP with port 88
@@ -453,7 +472,7 @@ public class KdcServer extends Directory
 
             ((DefaultIoFilterChainBuilder)udpChainBuilder).addFirst( "codec", 
                     new ProtocolCodecFilter( 
-                            KerberosUdpProtocolCodecFactory.getInstance() ) );
+                            KerberosProtocolCodecFactory.getInstance() ) );
 
             acceptor.setFilterChainBuilder( udpChainBuilder );
 
@@ -485,19 +504,12 @@ public class KdcServer extends Directory
                     
                     // Allow the port to be reused even if the socket is in TIME_WAIT state
                     ((NioSocketAcceptor)acceptor).setReuseAddress( true );
-
-                    // Inject the codec
-                    ((DefaultIoFilterChainBuilder)chainBuilder).addFirst( "codec", 
-                        new ProtocolCodecFilter( 
-                                KerberosTcpProtocolCodecFactory.getInstance() ) );
-                }
-                else
-                {
-                    // Inject the codec
-                    ((DefaultIoFilterChainBuilder)chainBuilder).addFirst( "codec", 
-                        new ProtocolCodecFilter( 
-                                KerberosUdpProtocolCodecFactory.getInstance() ) );
                 }
+                
+                // Inject the codec
+                ((DefaultIoFilterChainBuilder)chainBuilder).addFirst( "codec", 
+                    new ProtocolCodecFilter( 
+                        KerberosProtocolCodecFactory.getInstance() ) );
 
                 acceptor.setFilterChainBuilder( chainBuilder );
                 
@@ -524,6 +536,11 @@ public class KdcServer extends Directory
                 acceptor.dispose();
             }
         }
+
+        if ( replayCache != null )
+        {
+            replayCache.clear();
+        }
         
         LOG.info( "Kerberos service stopped." );
     }

Modified: directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationContext.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationContext.java?rev=1043790&r1=1043789&r2=1043790&view=diff
==============================================================================
--- directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationContext.java (original)
+++ directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationContext.java Thu Dec  9 00:12:07 2010
@@ -21,10 +21,10 @@ package org.apache.directory.server.kerb
 
 
 import org.apache.directory.server.kerberos.kdc.KdcContext;
-import org.apache.directory.server.kerberos.shared.messages.components.Ticket;
-import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
 import org.apache.directory.server.kerberos.shared.replay.ReplayCache;
 import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntry;
+import org.apache.directory.shared.kerberos.components.EncryptionKey;
+import org.apache.directory.shared.kerberos.messages.Ticket;
 
 
 /**
@@ -102,24 +102,6 @@ public class AuthenticationContext exten
 
 
     /**
-     * @return Returns the replayCache.
-     */
-    public ReplayCache getReplayCache()
-    {
-        return replayCache;
-    }
-
-
-    /**
-     * @param replayCache The replayCache to set.
-     */
-    public void setReplayCache( ReplayCache replayCache )
-    {
-        this.replayCache = replayCache;
-    }
-
-
-    /**
      * @return Returns the clientKey.
      */
     public EncryptionKey getClientKey()

Modified: directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationService.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationService.java?rev=1043790&r1=1043789&r2=1043790&view=diff
==============================================================================
--- directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationService.java (original)
+++ directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/authentication/AuthenticationService.java Thu Dec  9 00:12:07 2010
@@ -20,9 +20,10 @@
 package org.apache.directory.server.kerberos.kdc.authentication;
 
 
-import java.io.IOException;
 import java.net.InetAddress;
+import java.nio.ByteBuffer;
 import java.util.Date;
+import java.util.List;
 import java.util.Set;
 
 import javax.security.auth.kerberos.KerberosKey;
@@ -31,41 +32,44 @@ import javax.security.auth.kerberos.Kerb
 import org.apache.directory.server.i18n.I18n;
 import org.apache.directory.server.kerberos.kdc.KdcContext;
 import org.apache.directory.server.kerberos.kdc.KdcServer;
+import org.apache.directory.server.kerberos.protocol.KerberosDecoder;
 import org.apache.directory.server.kerberos.sam.SamException;
 import org.apache.directory.server.kerberos.sam.SamSubsystem;
-import org.apache.directory.server.kerberos.shared.KerberosConstants;
-import org.apache.directory.server.kerberos.shared.KerberosUtils;
 import org.apache.directory.server.kerberos.shared.crypto.encryption.CipherTextHandler;
-import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
 import org.apache.directory.server.kerberos.shared.crypto.encryption.KeyUsage;
 import org.apache.directory.server.kerberos.shared.crypto.encryption.RandomKeyFactory;
-import org.apache.directory.server.kerberos.shared.exceptions.ErrorType;
-import org.apache.directory.server.kerberos.shared.exceptions.KerberosException;
-import org.apache.directory.server.kerberos.shared.io.decoder.EncryptedDataDecoder;
-import org.apache.directory.server.kerberos.shared.io.encoder.EncryptionTypeInfoEncoder;
-import org.apache.directory.server.kerberos.shared.io.encoder.PreAuthenticationDataEncoder;
-import org.apache.directory.server.kerberos.shared.messages.AuthenticationReply;
-import org.apache.directory.server.kerberos.shared.messages.KdcReply;
-import org.apache.directory.server.kerberos.shared.messages.KdcRequest;
-import org.apache.directory.server.kerberos.shared.messages.components.EncTicketPart;
-import org.apache.directory.server.kerberos.shared.messages.components.EncTicketPartModifier;
-import org.apache.directory.server.kerberos.shared.messages.components.InvalidTicketException;
-import org.apache.directory.server.kerberos.shared.messages.components.Ticket;
-import org.apache.directory.server.kerberos.shared.messages.value.EncryptedData;
-import org.apache.directory.server.kerberos.shared.messages.value.EncryptedTimeStamp;
-import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
-import org.apache.directory.server.kerberos.shared.messages.value.EncryptionTypeInfoEntry;
-import org.apache.directory.server.kerberos.shared.messages.value.KdcOptions;
-import org.apache.directory.server.kerberos.shared.messages.value.KerberosTime;
-import org.apache.directory.server.kerberos.shared.messages.value.LastRequest;
-import org.apache.directory.server.kerberos.shared.messages.value.PaData;
-import org.apache.directory.server.kerberos.shared.messages.value.TransitedEncoding;
-import org.apache.directory.server.kerberos.shared.messages.value.flags.TicketFlag;
-import org.apache.directory.server.kerberos.shared.messages.value.types.PaDataType;
-import org.apache.directory.server.kerberos.shared.replay.InMemoryReplayCache;
-import org.apache.directory.server.kerberos.shared.replay.ReplayCache;
 import org.apache.directory.server.kerberos.shared.store.PrincipalStore;
 import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntry;
+import org.apache.directory.shared.asn1.codec.EncoderException;
+import org.apache.directory.shared.kerberos.KerberosConstants;
+import org.apache.directory.shared.kerberos.KerberosTime;
+import org.apache.directory.shared.kerberos.KerberosUtils;
+import org.apache.directory.shared.kerberos.codec.options.KdcOptions;
+import org.apache.directory.shared.kerberos.codec.types.EncryptionType;
+import org.apache.directory.shared.kerberos.codec.types.LastReqType;
+import org.apache.directory.shared.kerberos.codec.types.PaDataType;
+import org.apache.directory.shared.kerberos.components.ETypeInfo;
+import org.apache.directory.shared.kerberos.components.ETypeInfoEntry;
+import org.apache.directory.shared.kerberos.components.EncKdcRepPart;
+import org.apache.directory.shared.kerberos.components.EncTicketPart;
+import org.apache.directory.shared.kerberos.components.EncryptedData;
+import org.apache.directory.shared.kerberos.components.EncryptionKey;
+import org.apache.directory.shared.kerberos.components.KdcReq;
+import org.apache.directory.shared.kerberos.components.LastReq;
+import org.apache.directory.shared.kerberos.components.LastReqEntry;
+import org.apache.directory.shared.kerberos.components.MethodData;
+import org.apache.directory.shared.kerberos.components.PaData;
+import org.apache.directory.shared.kerberos.components.PaEncTsEnc;
+import org.apache.directory.shared.kerberos.components.PrincipalName;
+import org.apache.directory.shared.kerberos.components.TransitedEncoding;
+import org.apache.directory.shared.kerberos.exceptions.ErrorType;
+import org.apache.directory.shared.kerberos.exceptions.InvalidTicketException;
+import org.apache.directory.shared.kerberos.exceptions.KerberosException;
+import org.apache.directory.shared.kerberos.flags.TicketFlag;
+import org.apache.directory.shared.kerberos.flags.TicketFlags;
+import org.apache.directory.shared.kerberos.messages.AsRep;
+import org.apache.directory.shared.kerberos.messages.EncAsRepPart;
+import org.apache.directory.shared.kerberos.messages.Ticket;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -78,7 +82,6 @@ public class AuthenticationService
     /** The log for this class. */
     private static final Logger LOG = LoggerFactory.getLogger( AuthenticationService.class );
 
-    private static final ReplayCache replayCache = new InMemoryReplayCache();
     private static final CipherTextHandler cipherTextHandler = new CipherTextHandler();
 
     private static final String SERVICE_NAME = "Authentication Service (AS)";
@@ -91,7 +94,6 @@ public class AuthenticationService
             monitorRequest( authContext );
         }
         
-        authContext.setReplayCache( replayCache );
         authContext.setCipherTextHandler( cipherTextHandler );
 
         if ( authContext.getRequest().getProtocolVersionNumber() != KerberosConstants.KERBEROS_V5 )
@@ -113,14 +115,6 @@ public class AuthenticationService
         getServerEntry( authContext );
         generateTicket( authContext );
         buildReply( authContext );
-
-        if ( LOG.isDebugEnabled() )
-        {
-            monitorContext( authContext );
-            monitorReply( ( KdcContext ) authContext );
-        }
-        
-        sealReply( authContext );
     }
 
     
@@ -129,7 +123,7 @@ public class AuthenticationService
         KdcContext kdcContext = ( KdcContext ) authContext;
         KdcServer config = kdcContext.getConfig();
 
-        Set<EncryptionType> requestedTypes = kdcContext.getRequest().getEType();
+        Set<EncryptionType> requestedTypes = kdcContext.getRequest().getKdcReqBody().getEType();
 
         EncryptionType bestType = KerberosUtils.getBestEncryptionType( requestedTypes, config.getEncryptionTypes() );
 
@@ -146,7 +140,8 @@ public class AuthenticationService
     
     private static void getClientEntry( AuthenticationContext authContext ) throws KerberosException, InvalidTicketException
     {
-        KerberosPrincipal principal = authContext.getRequest().getClientPrincipal();
+        KerberosPrincipal principal = KerberosUtils.getKerberosPrincipal( 
+            authContext.getRequest().getKdcReqBody().getCName(), authContext.getRequest().getKdcReqBody().getRealm() );
         PrincipalStore store = authContext.getStore();
 
         PrincipalStoreEntry storeEntry = getEntry( principal, store, ErrorType.KDC_ERR_C_PRINCIPAL_UNKNOWN ); 
@@ -178,7 +173,7 @@ public class AuthenticationService
     private static void verifySam( AuthenticationContext authContext ) throws KerberosException, InvalidTicketException
     {
         LOG.debug( "Verifying using SAM subsystem." );
-        KdcRequest request = authContext.getRequest();
+        KdcReq request = authContext.getRequest();
         KdcServer config = authContext.getConfig();
 
         PrincipalStoreEntry clientEntry = authContext.getClientEntry();
@@ -193,9 +188,9 @@ public class AuthenticationService
                 LOG.debug( "Entry for client principal {} has a valid SAM type.  Invoking SAM subsystem for pre-authentication.", clientName );
             }
 
-            PaData[] preAuthData = request.getPreAuthData();
+            List<PaData> preAuthData = request.getPaData();
 
-            if ( preAuthData == null || preAuthData.length == 0 )
+            if ( preAuthData == null || preAuthData.size() == 0 )
             {
                 throw new KerberosException( ErrorType.KDC_ERR_PREAUTH_REQUIRED, preparePreAuthenticationError( config
                     .getEncryptionTypes() ) );
@@ -203,13 +198,13 @@ public class AuthenticationService
 
             try
             {
-                for ( int ii = 0; ii < preAuthData.length; ii++ )
+                for ( PaData paData : preAuthData )
                 {
-                    if ( preAuthData[ii].getPaDataType().equals( PaDataType.PA_ENC_TIMESTAMP ) )
+                    if ( paData.getPaDataType().equals( PaDataType.PA_ENC_TIMESTAMP ) )
                     {
                         KerberosKey samKey = SamSubsystem.getInstance().verify( clientEntry,
-                            preAuthData[ii].getPaDataValue() );
-                        clientKey = new EncryptionKey( EncryptionType.getTypeByOrdinal( samKey.getKeyType() ), samKey
+                            paData.getPaDataValue() );
+                        clientKey = new EncryptionKey( EncryptionType.getTypeByValue( samKey.getKeyType() ), samKey
                             .getEncoded() );
                     }
                 }
@@ -235,7 +230,7 @@ public class AuthenticationService
         LOG.debug( "Verifying using encrypted timestamp." );
         
         KdcServer config = authContext.getConfig();
-        KdcRequest request = authContext.getRequest();
+        KdcReq request = authContext.getRequest();
         CipherTextHandler cipherTextHandler = authContext.getCipherTextHandler();
         PrincipalStoreEntry clientEntry = authContext.getClientEntry();
         String clientName = clientEntry.getPrincipal().getName();
@@ -261,7 +256,7 @@ public class AuthenticationService
 
             if ( config.isPaEncTimestampRequired() )
             {
-                PaData[] preAuthData = request.getPreAuthData();
+                List<PaData> preAuthData = request.getPaData();
 
                 if ( preAuthData == null )
                 {
@@ -269,33 +264,19 @@ public class AuthenticationService
                         preparePreAuthenticationError( config.getEncryptionTypes() ) );
                 }
 
-                EncryptedTimeStamp timestamp = null;
+                PaEncTsEnc timestamp = null;
 
-                for ( int ii = 0; ii < preAuthData.length; ii++ )
+                for ( PaData paData : preAuthData )
                 {
-                    if ( preAuthData[ii].getPaDataType().equals( PaDataType.PA_ENC_TIMESTAMP ) )
+                    if ( paData.getPaDataType().equals( PaDataType.PA_ENC_TIMESTAMP ) )
                     {
-                        EncryptedData dataValue;
-
-                        try
-                        {
-                            dataValue = EncryptedDataDecoder.decode( preAuthData[ii].getPaDataValue() );
-                        }
-                        catch ( IOException ioe )
-                        {
-                            throw new KerberosException( ErrorType.KRB_AP_ERR_BAD_INTEGRITY, ioe );
-                        }
-                        catch ( ClassCastException cce )
-                        {
-                            throw new KerberosException( ErrorType.KRB_AP_ERR_BAD_INTEGRITY, cce );
-                        }
-
-                        timestamp = ( EncryptedTimeStamp ) cipherTextHandler.unseal( EncryptedTimeStamp.class,
-                            clientKey, dataValue, KeyUsage.NUMBER1 );
+                        EncryptedData dataValue = KerberosDecoder.decodeEncryptedData( paData.getPaDataValue() );
+                        byte[] decryptedData = cipherTextHandler.decrypt( clientKey, dataValue, KeyUsage.AS_REQ_PA_ENC_TIMESTAMP_WITH_CKEY );
+                        timestamp = KerberosDecoder.decodePaEncTsEnc( decryptedData );
                     }
                 }
 
-                if ( preAuthData.length > 0 && timestamp == null )
+                if ( ( preAuthData.size() > 0 ) && ( timestamp == null ) )
                 {
                     throw new KerberosException( ErrorType.KDC_ERR_PADATA_TYPE_NOSUPP );
                 }
@@ -306,7 +287,7 @@ public class AuthenticationService
                         preparePreAuthenticationError( config.getEncryptionTypes() ) );
                 }
 
-                if ( !timestamp.getTimeStamp().isInClockSkew( config.getAllowableClockSkew() ) )
+                if ( !timestamp.getPaTimestamp().isInClockSkew( config.getAllowableClockSkew() ) )
                 {
                     throw new KerberosException( ErrorType.KDC_ERR_PREAUTH_FAILED );
                 }
@@ -333,83 +314,91 @@ public class AuthenticationService
     
     private static void getServerEntry( AuthenticationContext authContext ) throws KerberosException, InvalidTicketException
     {
-        KerberosPrincipal principal = authContext.getRequest().getServerPrincipal();
+        PrincipalName principal = authContext.getRequest().getKdcReqBody().getSName();
         PrincipalStore store = authContext.getStore();
     
-        authContext.setServerEntry( getEntry( principal, store, ErrorType.KDC_ERR_S_PRINCIPAL_UNKNOWN ) );
+        KerberosPrincipal principalWithRealm = new KerberosPrincipal( principal.getNameString() + "@" + authContext.getRequest().getKdcReqBody().getRealm() );
+        authContext.setServerEntry( getEntry( principalWithRealm, store, ErrorType.KDC_ERR_S_PRINCIPAL_UNKNOWN ) );
     }    
     
     
     private static void generateTicket( AuthenticationContext authContext ) throws KerberosException, InvalidTicketException
     {
-        KdcRequest request = authContext.getRequest();
+        KdcReq request = authContext.getRequest();
         CipherTextHandler cipherTextHandler = authContext.getCipherTextHandler();
-        KerberosPrincipal serverPrincipal = request.getServerPrincipal();
+        PrincipalName serverPrincipal = request.getKdcReqBody().getSName();
 
         EncryptionType encryptionType = authContext.getEncryptionType();
         EncryptionKey serverKey = authContext.getServerEntry().getKeyMap().get( encryptionType );
 
-        KerberosPrincipal ticketPrincipal = request.getServerPrincipal();
-        EncTicketPartModifier newTicketBody = new EncTicketPartModifier();
+        PrincipalName ticketPrincipal = request.getKdcReqBody().getSName();
+        
+        EncTicketPart encTicketPart = new EncTicketPart();
         KdcServer config = authContext.getConfig();
 
         // The INITIAL flag indicates that a ticket was issued using the AS protocol.
-        newTicketBody.setFlag( TicketFlag.INITIAL );
+        TicketFlags ticketFlags = new TicketFlags();
+        encTicketPart.setFlags( ticketFlags );
+        ticketFlags.setFlag( TicketFlag.INITIAL );
 
         // The PRE-AUTHENT flag indicates that the client used pre-authentication.
         if ( authContext.isPreAuthenticated() )
         {
-            newTicketBody.setFlag( TicketFlag.PRE_AUTHENT );
+            ticketFlags.setFlag( TicketFlag.PRE_AUTHENT );
         }
 
-        if ( request.getOption( KdcOptions.FORWARDABLE ) )
+        if ( request.getKdcReqBody().getKdcOptions().get( KdcOptions.FORWARDABLE ) )
         {
             if ( !config.isForwardableAllowed() )
             {
                 throw new KerberosException( ErrorType.KDC_ERR_POLICY );
             }
 
-            newTicketBody.setFlag( TicketFlag.FORWARDABLE );
+            ticketFlags.setFlag( TicketFlag.FORWARDABLE );
         }
 
-        if ( request.getOption( KdcOptions.PROXIABLE ) )
+        if ( request.getKdcReqBody().getKdcOptions().get( KdcOptions.PROXIABLE ) )
         {
             if ( !config.isProxiableAllowed() )
             {
                 throw new KerberosException( ErrorType.KDC_ERR_POLICY );
             }
 
-            newTicketBody.setFlag( TicketFlag.PROXIABLE );
+            ticketFlags.setFlag( TicketFlag.PROXIABLE );
         }
 
-        if ( request.getOption( KdcOptions.ALLOW_POSTDATE ) )
+        if ( request.getKdcReqBody().getKdcOptions().get( KdcOptions.ALLOW_POSTDATE ) )
         {
             if ( !config.isPostdatedAllowed() )
             {
                 throw new KerberosException( ErrorType.KDC_ERR_POLICY );
             }
 
-            newTicketBody.setFlag( TicketFlag.MAY_POSTDATE );
+            ticketFlags.setFlag( TicketFlag.MAY_POSTDATE );
         }
 
-        if ( request.getOption( KdcOptions.RENEW ) || request.getOption( KdcOptions.VALIDATE )
-            || request.getOption( KdcOptions.PROXY ) || request.getOption( KdcOptions.FORWARDED )
-            || request.getOption( KdcOptions.ENC_TKT_IN_SKEY ) )
+        if ( request.getKdcReqBody().getKdcOptions().get( KdcOptions.RENEW ) 
+            || request.getKdcReqBody().getKdcOptions().get( KdcOptions.VALIDATE )
+            || request.getKdcReqBody().getKdcOptions().get( KdcOptions.PROXY ) 
+            || request.getKdcReqBody().getKdcOptions().get( KdcOptions.FORWARDED )
+            || request.getKdcReqBody().getKdcOptions().get( KdcOptions.ENC_TKT_IN_SKEY ) )
         {
             throw new KerberosException( ErrorType.KDC_ERR_BADOPTION );
         }
 
         EncryptionKey sessionKey = RandomKeyFactory.getRandomKey( authContext.getEncryptionType() );
-        newTicketBody.setSessionKey( sessionKey );
+        encTicketPart.setKey( sessionKey );
 
-        newTicketBody.setClientPrincipal( request.getClientPrincipal() );
-        newTicketBody.setTransitedEncoding( new TransitedEncoding() );
+        encTicketPart.setCName( request.getKdcReqBody().getCName() );
+        encTicketPart.setCRealm( request.getKdcReqBody().getRealm() );
+        encTicketPart.setTransited( new TransitedEncoding() );
+        String serverRealm = request.getKdcReqBody().getRealm();
 
         KerberosTime now = new KerberosTime();
 
-        newTicketBody.setAuthTime( now );
+        encTicketPart.setAuthTime( now );
 
-        KerberosTime startTime = request.getFrom();
+        KerberosTime startTime = request.getKdcReqBody().getFrom();
 
         /*
          * "If the requested starttime is absent, indicates a time in the past,
@@ -418,7 +407,7 @@ public class AuthenticationService
          * ticket is set to the authentication server's current time."
          */
         if ( startTime == null || startTime.lessThan( now ) || startTime.isInClockSkew( config.getAllowableClockSkew() )
-            && !request.getOption( KdcOptions.POSTDATED ) )
+            && !request.getKdcReqBody().getKdcOptions().get( KdcOptions.POSTDATED ) )
         {
             startTime = now;
         }
@@ -429,7 +418,8 @@ public class AuthenticationService
          * KDC_ERR_CANNOT_POSTDATE is returned."
          */
         if ( startTime != null && startTime.greaterThan( now )
-            && !startTime.isInClockSkew( config.getAllowableClockSkew() ) && !request.getOption( KdcOptions.POSTDATED ) )
+            && !startTime.isInClockSkew( config.getAllowableClockSkew() ) 
+            && !request.getKdcReqBody().getKdcOptions().get( KdcOptions.POSTDATED ) )
         {
             throw new KerberosException( ErrorType.KDC_ERR_CANNOT_POSTDATE );
         }
@@ -439,27 +429,27 @@ public class AuthenticationService
          * local realm and if the ticket's starttime is acceptable, it is set as
          * requested, and the INVALID flag is set in the new ticket."
          */
-        if ( request.getOption( KdcOptions.POSTDATED ) )
+        if ( request.getKdcReqBody().getKdcOptions().get( KdcOptions.POSTDATED ) )
         {
             if ( !config.isPostdatedAllowed() )
             {
                 throw new KerberosException( ErrorType.KDC_ERR_POLICY );
             }
 
-            newTicketBody.setFlag( TicketFlag.POSTDATED );
-            newTicketBody.setFlag( TicketFlag.INVALID );
-            newTicketBody.setStartTime( startTime );
+            ticketFlags.setFlag( TicketFlag.POSTDATED );
+            ticketFlags.setFlag( TicketFlag.INVALID );
+            encTicketPart.setStartTime( startTime );
         }
 
         long till = 0;
         
-        if ( request.getTill().getTime() == 0 )
+        if ( request.getKdcReqBody().getTill().getTime() == 0 )
         {
             till = Long.MAX_VALUE;
         }
         else
         {
-            till = request.getTill().getTime();
+            till = request.getKdcReqBody().getTill().getTime();
         }
 
         /*
@@ -468,7 +458,7 @@ public class AuthenticationService
          */
         long endTime = Math.min( till, startTime.getTime() + config.getMaximumTicketLifetime() );
         KerberosTime kerberosEndTime = new KerberosTime( endTime );
-        newTicketBody.setEndTime( kerberosEndTime );
+        encTicketPart.setEndTime( kerberosEndTime );
 
         /*
          * "If the requested expiration time minus the starttime (as determined
@@ -493,27 +483,28 @@ public class AuthenticationService
          * flag is set in the new ticket, and the renew-till value is set as if the
          * 'RENEWABLE' option were requested."
          */
-        KerberosTime tempRtime = request.getRtime();
+        KerberosTime tempRtime = request.getKdcReqBody().getRTime();
 
-        if ( request.getOption( KdcOptions.RENEWABLE_OK ) && request.getTill().greaterThan( kerberosEndTime ) )
+        if ( request.getKdcReqBody().getKdcOptions().get( KdcOptions.RENEWABLE_OK ) 
+            && request.getKdcReqBody().getTill().greaterThan( kerberosEndTime ) )
         {
             if ( !config.isRenewableAllowed() )
             {
                 throw new KerberosException( ErrorType.KDC_ERR_POLICY );
             }
 
-            request.setOption( KdcOptions.RENEWABLE );
-            tempRtime = request.getTill();
+            request.getKdcReqBody().getKdcOptions().set( KdcOptions.RENEWABLE );
+            tempRtime = request.getKdcReqBody().getTill();
         }
 
-        if ( request.getOption( KdcOptions.RENEWABLE ) )
+        if ( request.getKdcReqBody().getKdcOptions().get( KdcOptions.RENEWABLE ) )
         {
             if ( !config.isRenewableAllowed() )
             {
                 throw new KerberosException( ErrorType.KDC_ERR_POLICY );
             }
 
-            newTicketBody.setFlag( TicketFlag.RENEWABLE );
+            ticketFlags.setFlag( TicketFlag.RENEWABLE );
 
             if ( tempRtime == null || tempRtime.isZero() )
             {
@@ -526,13 +517,13 @@ public class AuthenticationService
              * configured in policy.
              */
             long renewTill = Math.min( tempRtime.getTime(), startTime.getTime() + config.getMaximumRenewableLifetime() );
-            newTicketBody.setRenewTill( new KerberosTime( renewTill ) );
+            encTicketPart.setRenewTill( new KerberosTime( renewTill ) );
         }
 
-        if ( request.getAddresses() != null && request.getAddresses().getAddresses() != null
-            && request.getAddresses().getAddresses().length > 0 )
+        if ( request.getKdcReqBody().getAddresses() != null && request.getKdcReqBody().getAddresses().getAddresses() != null
+            && request.getKdcReqBody().getAddresses().getAddresses().length > 0 )
         {
-            newTicketBody.setClientAddresses( request.getAddresses() );
+            encTicketPart.setClientAddresses( request.getKdcReqBody().getAddresses() );
         }
         else
         {
@@ -542,12 +533,13 @@ public class AuthenticationService
             }
         }
 
-        EncTicketPart ticketPart = newTicketBody.getEncTicketPart();
-
-        EncryptedData encryptedData = cipherTextHandler.seal( serverKey, ticketPart, KeyUsage.NUMBER2 );
+        EncryptedData encryptedData = cipherTextHandler.seal( serverKey, encTicketPart, KeyUsage.AS_OR_TGS_REP_TICKET_WITH_SRVKEY );
 
         Ticket newTicket = new Ticket( ticketPrincipal, encryptedData );
-        newTicket.setEncTicketPart( ticketPart );
+
+        newTicket.setRealm( serverRealm );
+        newTicket.setEncTicketPart( encTicketPart );
+        
 
         if ( LOG.isDebugEnabled() )
         {
@@ -560,52 +552,62 @@ public class AuthenticationService
     
     private static void buildReply( AuthenticationContext authContext ) throws KerberosException, InvalidTicketException
     {
-        KdcRequest request = authContext.getRequest();
+        KdcReq request = authContext.getRequest();
         Ticket ticket = authContext.getTicket();
 
-        AuthenticationReply reply = new AuthenticationReply();
-
-        reply.setClientPrincipal( request.getClientPrincipal() );
+        AsRep reply = new AsRep();
+        
+        reply.setCName( request.getKdcReqBody().getCName() );
+        reply.setCRealm( request.getKdcReqBody().getRealm() );
         reply.setTicket( ticket );
-        reply.setKey( ticket.getEncTicketPart().getSessionKey() );
+        
+        EncKdcRepPart encKdcRepPart = new EncKdcRepPart();
+        encKdcRepPart.setKey( ticket.getEncTicketPart().getKey() );
 
         // TODO - fetch lastReq for this client; requires store
-        reply.setLastRequest( new LastRequest() );
+        // FIXME temporary fix, IMO we should create some new ATs to store this info in DIT
+        LastReq lastReq = new LastReq();
+        lastReq.addEntry( new LastReqEntry( LastReqType.TIME_OF_INITIAL_REQ, new KerberosTime() ) );
+        encKdcRepPart.setLastReq( lastReq );
         // TODO - resp.key-expiration := client.expiration; requires store
 
-        reply.setNonce( request.getNonce() );
+        encKdcRepPart.setNonce( request.getKdcReqBody().getNonce() );
 
-        reply.setFlags( ticket.getEncTicketPart().getFlags() );
-        reply.setAuthTime( ticket.getEncTicketPart().getAuthTime() );
-        reply.setStartTime( ticket.getEncTicketPart().getStartTime() );
-        reply.setEndTime( ticket.getEncTicketPart().getEndTime() );
+        encKdcRepPart.setFlags( ticket.getEncTicketPart().getFlags() );
+        encKdcRepPart.setAuthTime( ticket.getEncTicketPart().getAuthTime() );
+        encKdcRepPart.setStartTime( ticket.getEncTicketPart().getStartTime() );
+        encKdcRepPart.setEndTime( ticket.getEncTicketPart().getEndTime() );
 
         if ( ticket.getEncTicketPart().getFlags().isRenewable() )
         {
-            reply.setRenewTill( ticket.getEncTicketPart().getRenewTill() );
+            encKdcRepPart.setRenewTill( ticket.getEncTicketPart().getRenewTill() );
         }
 
-        reply.setServerPrincipal( ticket.getServerPrincipal() );
-        reply.setClientAddresses( ticket.getEncTicketPart().getClientAddresses() );
+        encKdcRepPart.setSName( ticket.getSName() );
+        encKdcRepPart.setSRealm( ticket.getRealm() );
+        encKdcRepPart.setClientAddresses( ticket.getEncTicketPart().getClientAddresses() );
 
-        authContext.setReply( reply );
-    }
-    
-    
-    private static void sealReply( AuthenticationContext authContext ) throws KerberosException, InvalidTicketException
-    {
-        AuthenticationReply reply = ( AuthenticationReply ) authContext.getReply();
-        EncryptionKey clientKey = authContext.getClientKey();
-        CipherTextHandler cipherTextHandler = authContext.getCipherTextHandler();
+        EncAsRepPart encAsRepPart = new EncAsRepPart();
+        encAsRepPart.setEncKdcRepPart( encKdcRepPart );
 
-        EncryptedData encryptedData = cipherTextHandler.seal( clientKey, reply, KeyUsage.NUMBER3 );
+        if ( LOG.isDebugEnabled() )
+        {
+            monitorContext( authContext );
+            monitorReply( reply, encKdcRepPart );
+        }
+        
+        EncryptionKey clientKey = authContext.getClientKey();
+        EncryptedData encryptedData = cipherTextHandler.seal( clientKey, encAsRepPart, KeyUsage.AS_REP_ENC_PART_WITH_CKEY );
         reply.setEncPart( encryptedData );
+        reply.setEncKdcRepPart( encKdcRepPart );
+        
+        authContext.setReply( reply );
     }
     
     
     private static void monitorRequest( KdcContext kdcContext )
     {
-        KdcRequest request = kdcContext.getRequest();
+        KdcReq request = kdcContext.getRequest();
 
         if ( LOG.isDebugEnabled() )
         {
@@ -619,16 +621,16 @@ public class AuthenticationService
                 sb.append( "\n\t" + "messageType:           " + request.getMessageType() );
                 sb.append( "\n\t" + "protocolVersionNumber: " + request.getProtocolVersionNumber() );
                 sb.append( "\n\t" + "clientAddress:         " + clientAddress );
-                sb.append( "\n\t" + "nonce:                 " + request.getNonce() );
-                sb.append( "\n\t" + "kdcOptions:            " + request.getKdcOptions() );
-                sb.append( "\n\t" + "clientPrincipal:       " + request.getClientPrincipal() );
-                sb.append( "\n\t" + "serverPrincipal:       " + request.getServerPrincipal() );
-                sb.append( "\n\t" + "encryptionType:        " + KerberosUtils.getEncryptionTypesString( request.getEType() ) );
-                sb.append( "\n\t" + "realm:                 " + request.getRealm() );
-                sb.append( "\n\t" + "from time:             " + request.getFrom() );
-                sb.append( "\n\t" + "till time:             " + request.getTill() );
-                sb.append( "\n\t" + "renew-till time:       " + request.getRtime() );
-                sb.append( "\n\t" + "hostAddresses:         " + request.getAddresses() );
+                sb.append( "\n\t" + "nonce:                 " + request.getKdcReqBody().getNonce() );
+                sb.append( "\n\t" + "kdcOptions:            " + request.getKdcReqBody().getKdcOptions() );
+                sb.append( "\n\t" + "clientPrincipal:       " + request.getKdcReqBody().getCName() );
+                sb.append( "\n\t" + "serverPrincipal:       " + request.getKdcReqBody().getSName() );
+                sb.append( "\n\t" + "encryptionType:        " + KerberosUtils.getEncryptionTypesString( request.getKdcReqBody().getEType() ) );
+                sb.append( "\n\t" + "realm:                 " + request.getKdcReqBody().getRealm() );
+                sb.append( "\n\t" + "from time:             " + request.getKdcReqBody().getFrom() );
+                sb.append( "\n\t" + "till time:             " + request.getKdcReqBody().getTill() );
+                sb.append( "\n\t" + "renew-till time:       " + request.getKdcReqBody().getRTime() );
+                sb.append( "\n\t" + "hostAddresses:         " + request.getKdcReqBody().getAddresses() );
 
                 LOG.debug( sb.toString() );
             }
@@ -663,7 +665,7 @@ public class AuthenticationService
             sb.append( "\n\t" + "principal              " + clientEntry.getPrincipal() );
             sb.append( "\n\t" + "SAM type               " + clientEntry.getSamType() );
 
-            KerberosPrincipal serverPrincipal = authContext.getRequest().getServerPrincipal();
+            PrincipalName serverPrincipal = authContext.getRequest().getKdcReqBody().getSName();
             PrincipalStoreEntry serverEntry = authContext.getServerEntry();
 
             sb.append( "\n\t" + "principal              " + serverPrincipal );
@@ -689,31 +691,27 @@ public class AuthenticationService
     }
     
     
-    private static void monitorReply( KdcContext kdcContext )
+    private static void monitorReply( AsRep reply, EncKdcRepPart part )
     {
-        Object reply = kdcContext.getReply();
-
-        if ( LOG.isDebugEnabled() && reply instanceof KdcReply )
+        if ( LOG.isDebugEnabled() )
         {
-            KdcReply success = ( KdcReply ) reply;
-
             try
             {
                 StringBuffer sb = new StringBuffer();
 
                 sb.append( "Responding with " + SERVICE_NAME + " reply:" );
-                sb.append( "\n\t" + "messageType:           " + success.getMessageType() );
-                sb.append( "\n\t" + "protocolVersionNumber: " + success.getProtocolVersionNumber() );
-                sb.append( "\n\t" + "nonce:                 " + success.getNonce() );
-                sb.append( "\n\t" + "clientPrincipal:       " + success.getClientPrincipal() );
-                sb.append( "\n\t" + "client realm:          " + success.getClientRealm() );
-                sb.append( "\n\t" + "serverPrincipal:       " + success.getServerPrincipal() );
-                sb.append( "\n\t" + "server realm:          " + success.getServerRealm() );
-                sb.append( "\n\t" + "auth time:             " + success.getAuthTime() );
-                sb.append( "\n\t" + "start time:            " + success.getStartTime() );
-                sb.append( "\n\t" + "end time:              " + success.getEndTime() );
-                sb.append( "\n\t" + "renew-till time:       " + success.getRenewTill() );
-                sb.append( "\n\t" + "hostAddresses:         " + success.getClientAddresses() );
+                sb.append( "\n\t" + "messageType:           " + reply.getMessageType() );
+                sb.append( "\n\t" + "protocolVersionNumber: " + reply.getProtocolVersionNumber() );
+                sb.append( "\n\t" + "nonce:                 " + part.getNonce() );
+                sb.append( "\n\t" + "clientPrincipal:       " + reply.getCName() );
+                sb.append( "\n\t" + "client realm:          " + reply.getCRealm() );
+                sb.append( "\n\t" + "serverPrincipal:       " + part.getSName() );
+                sb.append( "\n\t" + "server realm:          " + part.getSRealm() );
+                sb.append( "\n\t" + "auth time:             " + part.getAuthTime() );
+                sb.append( "\n\t" + "start time:            " + part.getStartTime() );
+                sb.append( "\n\t" + "end time:              " + part.getEndTime() );
+                sb.append( "\n\t" + "renew-till time:       " + part.getRenewTill() );
+                sb.append( "\n\t" + "hostAddresses:         " + part.getClientAddresses() );
 
                 LOG.debug( sb.toString() );
             }
@@ -775,36 +773,37 @@ public class AuthenticationService
 
         paDataSequence[0] = paData;
 
-        EncryptionTypeInfoEntry[] entries = new EncryptionTypeInfoEntry[ encryptionTypes.size() ];
-        int i = 0;
+        ETypeInfo eTypeInfo = new ETypeInfo();
         
         for ( EncryptionType encryptionType:encryptionTypes )
         {
-            entries[i++] = new EncryptionTypeInfoEntry( encryptionType, null );
+            ETypeInfoEntry etypeInfoEntry = new ETypeInfoEntry( encryptionType, null );
+            eTypeInfo.addETypeInfoEntry( etypeInfoEntry );
         }
 
         byte[] encTypeInfo = null;
 
         try
         {
-            encTypeInfo = EncryptionTypeInfoEncoder.encode( entries );
+            ByteBuffer buffer = ByteBuffer.allocate( eTypeInfo.computeLength() );
+            encTypeInfo = eTypeInfo.encode( buffer ).array();
         }
-        catch ( IOException ioe )
+        catch ( EncoderException ioe )
         {
             return null;
         }
 
-        PaData encType = new PaData();
-        encType.setPaDataType( PaDataType.PA_ENCTYPE_INFO );
-        encType.setPaDataValue( encTypeInfo );
+        PaData responsePaData = new PaData( PaDataType.PA_ENCTYPE_INFO, encTypeInfo );
 
-        paDataSequence[1] = encType;
+        MethodData methodData = new MethodData();
+        methodData.addPaData( responsePaData );
 
         try
         {
-            return PreAuthenticationDataEncoder.encode( paDataSequence );
+            ByteBuffer buffer = ByteBuffer.allocate( methodData.computeLength() );
+            return methodData.encode( buffer ).array();
         }
-        catch ( IOException ioe )
+        catch ( EncoderException ee )
         {
             return null;
         }

Modified: directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/TicketGrantingContext.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/TicketGrantingContext.java?rev=1043790&r1=1043789&r2=1043790&view=diff
==============================================================================
--- directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/TicketGrantingContext.java (original)
+++ directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/kdc/ticketgrant/TicketGrantingContext.java Thu Dec  9 00:12:07 2010
@@ -21,11 +21,10 @@ package org.apache.directory.server.kerb
 
 
 import org.apache.directory.server.kerberos.kdc.KdcContext;
-import org.apache.directory.server.kerberos.shared.messages.ApplicationRequest;
-import org.apache.directory.server.kerberos.shared.messages.components.Authenticator;
-import org.apache.directory.server.kerberos.shared.messages.components.Ticket;
-import org.apache.directory.server.kerberos.shared.replay.ReplayCache;
 import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntry;
+import org.apache.directory.shared.kerberos.messages.ApReq;
+import org.apache.directory.shared.kerberos.messages.Authenticator;
+import org.apache.directory.shared.kerberos.messages.Ticket;
 
 
 /**
@@ -35,11 +34,10 @@ public class TicketGrantingContext exten
 {
     private static final long serialVersionUID = 2130665703752837491L;
 
-    private ApplicationRequest authHeader;
+    private ApReq authHeader;
     private Ticket tgt;
     private Ticket newTicket;
     private Authenticator authenticator;
-    private ReplayCache replayCache;
 
     private PrincipalStoreEntry ticketPrincipalEntry;
     private PrincipalStoreEntry requestPrincipalEntry;
@@ -82,24 +80,6 @@ public class TicketGrantingContext exten
 
 
     /**
-     * @return Returns the replayCache.
-     */
-    public ReplayCache getReplayCache()
-    {
-        return replayCache;
-    }
-
-
-    /**
-     * @param replayCache The replayCache to set.
-     */
-    public void setReplayCache( ReplayCache replayCache )
-    {
-        this.replayCache = replayCache;
-    }
-
-
-    /**
      * @return Returns the authenticator.
      */
     public Authenticator getAuthenticator()
@@ -156,7 +136,7 @@ public class TicketGrantingContext exten
     /**
      * @return Returns the authHeader.
      */
-    public ApplicationRequest getAuthHeader()
+    public ApReq getAuthHeader()
     {
         return authHeader;
     }
@@ -165,7 +145,7 @@ public class TicketGrantingContext exten
     /**
      * @param authHeader The authHeader to set.
      */
-    public void setAuthHeader( ApplicationRequest authHeader )
+    public void setAuthHeader( ApReq authHeader )
     {
         this.authHeader = authHeader;
     }



Mime
View raw message