directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kayyag...@apache.org
Subject svn commit: r1443107 [2/6] - in /directory/apacheds/trunk: interceptor-kerberos/src/main/java/org/apache/directory/server/core/kerberos/ kerberos-codec/ kerberos-codec/src/main/java/org/apache/directory/server/kerberos/changepwd/ kerberos-codec/src/mai...
Date Wed, 06 Feb 2013 18:19:39 GMT
Modified: directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/server/kerberos/shared/keytab/KeytabEncoder.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/server/kerberos/shared/keytab/KeytabEncoder.java?rev=1443107&r1=1443106&r2=1443107&view=diff
==============================================================================
--- directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/server/kerberos/shared/keytab/KeytabEncoder.java (original)
+++ directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/server/kerberos/shared/keytab/KeytabEncoder.java Wed Feb  6 18:19:36 2013
@@ -20,30 +20,30 @@
 package org.apache.directory.server.kerberos.shared.keytab;
 
 
+import java.nio.ByteBuffer;
 import java.util.Iterator;
 import java.util.List;
 
 import org.apache.directory.shared.kerberos.components.EncryptionKey;
-import org.apache.mina.core.buffer.IoBuffer;
 
 
 /**
- * Encode keytab fields into a {@link IoBuffer}.
+ * Encode keytab fields into a {@link ByteBuffer}.
  *
  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
  */
 class KeytabEncoder
 {
     /**
-     * Write the keytab version and entries into a {@link IoBuffer}.
+     * Write the keytab version and entries into a {@link ByteBuffer}.
      *
      * @param keytabVersion
      * @param entries
-     * @return The IoBuffer.
+     * @return The ByteBuffer.
      */
-    IoBuffer write( byte[] keytabVersion, List<KeytabEntry> entries )
+    ByteBuffer write( byte[] keytabVersion, List<KeytabEntry> entries )
     {
-        IoBuffer buffer = IoBuffer.allocate( 512 );
+        ByteBuffer buffer = ByteBuffer.allocate( 512 );
         putKeytabVersion( buffer, keytabVersion );
         putKeytabEntries( buffer, entries );
         buffer.flip();
@@ -56,7 +56,7 @@ class KeytabEncoder
      * Encode the 16-bit file format version.  This
      * keytab reader currently only support verision 5.2.
      */
-    private void putKeytabVersion( IoBuffer buffer, byte[] version )
+    private void putKeytabVersion( ByteBuffer buffer, byte[] version )
     {
         buffer.put( version );
     }
@@ -68,13 +68,13 @@ class KeytabEncoder
      * @param buffer
      * @param entries
      */
-    private void putKeytabEntries( IoBuffer buffer, List<KeytabEntry> entries )
+    private void putKeytabEntries( ByteBuffer buffer, List<KeytabEntry> entries )
     {
         Iterator<KeytabEntry> iterator = entries.iterator();
 
         while ( iterator.hasNext() )
         {
-            IoBuffer entryBuffer = putKeytabEntry( iterator.next() );
+            ByteBuffer entryBuffer = putKeytabEntry( iterator.next() );
             int size = entryBuffer.position();
 
             entryBuffer.flip();
@@ -89,9 +89,9 @@ class KeytabEncoder
      * Encode a "keytab entry," which consists of a principal name,
      * principal type, key version number, and key material.
      */
-    private IoBuffer putKeytabEntry( KeytabEntry entry )
+    private ByteBuffer putKeytabEntry( KeytabEntry entry )
     {
-        IoBuffer buffer = IoBuffer.allocate( 100 );
+        ByteBuffer buffer = ByteBuffer.allocate( 100 );
 
         putPrincipalName( buffer, entry.getPrincipalName() );
 
@@ -113,7 +113,7 @@ class KeytabEncoder
      * @param buffer
      * @param principalName
      */
-    private void putPrincipalName( IoBuffer buffer, String principalName )
+    private void putPrincipalName( ByteBuffer buffer, String principalName )
     {
         String[] split = principalName.split( "@" );
         String nameComponent = split[0];
@@ -137,7 +137,7 @@ class KeytabEncoder
     /**
      * Encode a 16-bit encryption type and symmetric key material.
      */
-    private void putKeyBlock( IoBuffer buffer, EncryptionKey key )
+    private void putKeyBlock( ByteBuffer buffer, EncryptionKey key )
     {
         buffer.putShort( ( short ) key.getKeyType().getValue() );
         putCountedBytes( buffer, key.getKeyValue() );
@@ -148,7 +148,7 @@ class KeytabEncoder
      * Use a prefixed 16-bit length to encode a String.  Realm and name
      * components are ASCII encoded text with no zero terminator.
      */
-    private void putCountedString( IoBuffer buffer, String string )
+    private void putCountedString( ByteBuffer buffer, String string )
     {
         byte[] data = string.getBytes();
         buffer.putShort( ( short ) data.length );
@@ -159,7 +159,7 @@ class KeytabEncoder
     /**
      * Use a prefixed 16-bit length to encode raw bytes.
      */
-    private void putCountedBytes( IoBuffer buffer, byte[] data )
+    private void putCountedBytes( ByteBuffer buffer, byte[] data )
     {
         buffer.putShort( ( short ) data.length );
         buffer.put( data );

Modified: directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/server/kerberos/shared/replay/ReplayCache.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/server/kerberos/shared/replay/ReplayCache.java?rev=1443107&r1=1443106&r2=1443107&view=diff
==============================================================================
--- directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/server/kerberos/shared/replay/ReplayCache.java (original)
+++ directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/server/kerberos/shared/replay/ReplayCache.java Wed Feb  6 18:19:36 2013
@@ -59,8 +59,7 @@ public interface ReplayCache
      */
     void save( KerberosPrincipal serverPrincipal, KerberosPrincipal clientPrincipal, KerberosTime clientTime,
         int clientMicroSeconds );
-
-
+    
     /**
      * removes all the elements present in the cache
      */

Modified: directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/server/kerberos/shared/store/PrincipalStore.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/server/kerberos/shared/store/PrincipalStore.java?rev=1443107&r1=1443106&r2=1443107&view=diff
==============================================================================
--- directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/server/kerberos/shared/store/PrincipalStore.java (original)
+++ directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/server/kerberos/shared/store/PrincipalStore.java Wed Feb  6 18:19:36 2013
@@ -20,8 +20,11 @@
 package org.apache.directory.server.kerberos.shared.store;
 
 
+
 import javax.security.auth.kerberos.KerberosPrincipal;
 
+import org.apache.directory.server.kerberos.changepwd.exceptions.ChangePasswordException;
+
 
 /**
  * The store interface used by Kerberos services.
@@ -33,13 +36,13 @@ public interface PrincipalStore
 
     /**
      * Change a principal's password.
-     *
-     * @param principal
-     * @param newPassword
-     * @return The name of the principal whose password is being changed.
+     * @param byPrincipal the principal which is changing the password for the forPrincipal
+     * @param forPrincipal the principal whose password is being set or changed
+     * @param newPassword the new password
+     * @param isInitialTicket tells if the ticket is a freshly obtained ticket
      * @throws Exception
      */
-    public String changePassword( KerberosPrincipal principal, String newPassword ) throws Exception;
+    public void changePassword( KerberosPrincipal byPrincipal, KerberosPrincipal forPrincipal, String newPassword, boolean isInitialTicket ) throws ChangePasswordException;
 
 
     /**

Modified: directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/server/kerberos/shared/store/PrincipalStoreEntryModifier.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/server/kerberos/shared/store/PrincipalStoreEntryModifier.java?rev=1443107&r1=1443106&r2=1443107&view=diff
==============================================================================
--- directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/server/kerberos/shared/store/PrincipalStoreEntryModifier.java (original)
+++ directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/server/kerberos/shared/store/PrincipalStoreEntryModifier.java Wed Feb  6 18:19:36 2013
@@ -280,8 +280,7 @@ public class PrincipalStoreEntryModifier
      * @throws LdapException
      * @throws IOException
      */
-    public Map<EncryptionType, EncryptionKey> reconstituteKeyMap( Attribute krb5key ) throws KerberosException,
-        LdapException
+    public Map<EncryptionType, EncryptionKey> reconstituteKeyMap( Attribute krb5key ) throws KerberosException, LdapException
     {
         Map<EncryptionType, EncryptionKey> map = new HashMap<EncryptionType, EncryptionKey>();
 

Added: directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/KerberosAttribute.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/KerberosAttribute.java?rev=1443107&view=auto
==============================================================================
--- directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/KerberosAttribute.java (added)
+++ directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/KerberosAttribute.java Wed Feb  6 18:19:36 2013
@@ -0,0 +1,60 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.directory.shared.kerberos;
+
+
+/**
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public class KerberosAttribute
+{
+    // ------------------------------------------------------------------------
+    // Krb5 Schema Attributes
+    // ------------------------------------------------------------------------
+    /** the krb5kdc schema principal name for a krb5KDCEntry */
+    public static final String KRB5_PRINCIPAL_NAME_AT = "krb5PrincipalName";
+    public static final String KRB5_PRINCIPAL_NAME_AT_OID = "1.3.6.1.4.1.5322.10.1.1";
+    
+    /** the krb5kdc schema key for a krb5KDCEntry */
+    public static final String KRB5_KEY_AT = "krb5Key";
+    public static final String KRB5_KEY_AT_OID = "1.3.6.1.4.1.5322.10.1.10";
+    
+    /** the krb5kdc schema key version identifier for a krb5KDCEntry */
+    public static final String KRB5_KEY_VERSION_NUMBER_AT = "krb5KeyVersionNumber";
+    public static final String KRB5_KEY_VERSION_NUMBER_AT_OID = "1.3.6.1.4.1.5322.10.1.2";
+    
+    /** the disabled boolean LDAP attribute for a Kerberos account */
+    public static final String KRB5_ACCOUNT_DISABLED_AT = "krb5AccountDisabled";
+    public static final String KRB5_ACCOUNT_DISABLED_AT_OID = "1.3.6.1.4.1.5322.10.1.13";
+    
+    /** the lockedout boolean LDAP attribute for a Kerberos account */
+    public static final String KRB5_ACCOUNT_LOCKEDOUT_AT = "krb5AccountLockedOut";
+    public static final String KRB5_ACCOUNT_LOCKEDOUT_AT_OID = "1.3.6.1.4.1.5322.10.1.14";
+    
+    /** the expiration time attribute LDAP attribute for a Kerberos account */
+    public static final String KRB5_ACCOUNT_EXPIRATION_TIME_AT = "krb5AccountExpirationTime";
+    public static final String KRB5_ACCOUNT_EXPIRATION_TIME_AT_OID = "1.3.6.1.4.1.5322.10.1.15";
+
+
+    /** the Apache specific SAM type attribute */
+    public static final String APACHE_SAM_TYPE_AT = "apacheSamType";
+    public static final String APACHE_SAM_TYPE_AT_OID = "1.3.6.1.4.1.18060.0.4.1.2.9";
+    
+}

Modified: directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/KerberosConstants.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/KerberosConstants.java?rev=1443107&r1=1443106&r2=1443107&view=diff
==============================================================================
--- directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/KerberosConstants.java (original)
+++ directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/KerberosConstants.java Wed Feb  6 18:19:36 2013
@@ -289,4 +289,9 @@ public class KerberosConstants
     /** TypedData tags */
     public static final int TYPED_DATA_TDTYPE_TAG = 0xA0;
     public static final int TYPED_DATA_TDDATA_TAG = 0xA1;
+    
+    /** CHangePasswdData tags */
+    public static final int CHNGPWD_NEWPWD_TAG = 0xA0;
+    public static final int CHNGPWD_TARGNAME_TAG = 0xA1;
+    public static final int CHNGPWD_TARGREALM_TAG = 0xA2;
 }

Modified: directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/KerberosTime.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/KerberosTime.java?rev=1443107&r1=1443106&r2=1443107&view=diff
==============================================================================
--- directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/KerberosTime.java (original)
+++ directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/KerberosTime.java Wed Feb  6 18:19:36 2013
@@ -19,16 +19,12 @@
  */
 package org.apache.directory.shared.kerberos;
 
-
-import java.io.IOException;
-import java.io.ObjectInputStream;
-import java.io.ObjectOutputStream;
-import java.io.Serializable;
 import java.text.ParseException;
 import java.util.Calendar;
 import java.util.Date;
 import java.util.TimeZone;
 
+import org.apache.directory.api.util.DateUtils;
 import org.apache.directory.api.util.Strings;
 
 
@@ -39,7 +35,7 @@ import org.apache.directory.api.util.Str
  * 
  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
  */
-public class KerberosTime implements Comparable<KerberosTime>, Serializable
+public class KerberosTime implements Comparable<KerberosTime>
 {
     private static final long serialVersionUID = 1L;
 
@@ -315,36 +311,8 @@ public class KerberosTime implements Com
     {
         return kerberosTime == 0;
     }
-
-
-    /**
-     * Write a serialized version of this instance.
-     */
-    private void writeObject( ObjectOutputStream out ) throws IOException
-    {
-        out.writeUTF( date );
-    }
-
-
-    /**
-     * Read a KerberosTime from a stream
-     */
-    private void readObject( ObjectInputStream in ) throws IOException, ClassNotFoundException
-    {
-        String date = in.readUTF();
-
-        try
-        {
-            setDate( date );
-        }
-        catch ( ParseException pe )
-        {
-            kerberosTime = ( System.currentTimeMillis() / 1000L ) * 1000L; // drop the ms
-            convertInternal( kerberosTime );
-        }
-    }
-
-
+    
+    
     /**
      * {@inheritDoc}
      */

Modified: directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/KerberosUtils.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/KerberosUtils.java?rev=1443107&r1=1443106&r2=1443107&view=diff
==============================================================================
--- directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/KerberosUtils.java (original)
+++ directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/KerberosUtils.java Wed Feb  6 18:19:36 2013
@@ -19,19 +19,54 @@
  */
 package org.apache.directory.shared.kerberos;
 
+import static org.apache.directory.shared.kerberos.codec.types.EncryptionType.DES3_CBC_MD5;
+import static org.apache.directory.shared.kerberos.codec.types.EncryptionType.DES3_CBC_SHA1;
+import static org.apache.directory.shared.kerberos.codec.types.EncryptionType.DES3_CBC_SHA1_KD;
+import static org.apache.directory.shared.kerberos.codec.types.EncryptionType.DES_CBC_CRC;
+import static org.apache.directory.shared.kerberos.codec.types.EncryptionType.DES_CBC_MD4;
+import static org.apache.directory.shared.kerberos.codec.types.EncryptionType.DES_CBC_MD5;
+import static org.apache.directory.shared.kerberos.codec.types.EncryptionType.DES_EDE3_CBC_ENV_OID;
+import static org.apache.directory.shared.kerberos.codec.types.EncryptionType.DSAWITHSHA1_CMSOID;
+import static org.apache.directory.shared.kerberos.codec.types.EncryptionType.MD5WITHRSAENCRYPTION_CMSOID;
+import static org.apache.directory.shared.kerberos.codec.types.EncryptionType.RC2CBC_ENVOID;
+import static org.apache.directory.shared.kerberos.codec.types.EncryptionType.RC4_HMAC;
+import static org.apache.directory.shared.kerberos.codec.types.EncryptionType.RSAENCRYPTION_ENVOID;
+import static org.apache.directory.shared.kerberos.codec.types.EncryptionType.RSAES_OAEP_ENV_OID;
+import static org.apache.directory.shared.kerberos.codec.types.EncryptionType.SHA1WITHRSAENCRYPTION_CMSOID;
 
+import java.net.InetAddress;
 import java.text.ParseException;
 import java.text.SimpleDateFormat;
 import java.util.ArrayList;
+import java.util.HashSet;
+import java.util.LinkedHashMap;
+import java.util.LinkedHashSet;
 import java.util.List;
+import java.util.Map;
+import java.util.Set;
 import java.util.TimeZone;
 
 import javax.security.auth.kerberos.KerberosPrincipal;
 
 import org.apache.directory.api.util.Strings;
 import org.apache.directory.server.i18n.I18n;
+import org.apache.directory.server.kerberos.protocol.codec.KerberosDecoder;
+import org.apache.directory.server.kerberos.shared.crypto.encryption.CipherTextHandler;
+import org.apache.directory.server.kerberos.shared.crypto.encryption.KeyUsage;
+import org.apache.directory.server.kerberos.shared.replay.ReplayCache;
+import org.apache.directory.server.kerberos.shared.store.PrincipalStore;
+import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntry;
+import org.apache.directory.shared.kerberos.codec.options.ApOptions;
 import org.apache.directory.shared.kerberos.codec.types.EncryptionType;
+import org.apache.directory.shared.kerberos.components.EncTicketPart;
+import org.apache.directory.shared.kerberos.components.EncryptionKey;
+import org.apache.directory.shared.kerberos.components.HostAddress;
 import org.apache.directory.shared.kerberos.components.PrincipalName;
+import org.apache.directory.shared.kerberos.exceptions.ErrorType;
+import org.apache.directory.shared.kerberos.exceptions.KerberosException;
+import org.apache.directory.shared.kerberos.messages.ApReq;
+import org.apache.directory.shared.kerberos.messages.Authenticator;
+import org.apache.directory.shared.kerberos.messages.Ticket;
 
 
 /**
@@ -47,14 +82,43 @@ public class KerberosUtils
     /** An empty list of principal names */
     public static final List<String> EMPTY_PRINCIPAL_NAME = new ArrayList<String>();
 
+    /** 
+     * an order preserved map containing cipher names to the corresponding algorithm 
+     * names in the descending order of strength
+     */
+    private static final Map<String, String> cipherAlgoMap = new LinkedHashMap<String, String>();
+    
     public static final TimeZone UTC_TIME_ZONE = TimeZone.getTimeZone( "UTC" );
 
     /** Defines a default date format with a "yyyyMMddHHmmss'Z'" pattern */
     public static final SimpleDateFormat UTC_DATE_FORMAT = new SimpleDateFormat( "yyyyMMddHHmmss'Z'" );
+
+    private static final Set<EncryptionType> oldEncTypes = new HashSet<EncryptionType>();
     
     static
     {
         UTC_DATE_FORMAT.setTimeZone( UTC_TIME_ZONE );
+        
+        cipherAlgoMap.put( "rc4", "ArcFourHmac" );
+        cipherAlgoMap.put( "aes256", "AES256" );
+        cipherAlgoMap.put( "aes128", "AES128" );
+        cipherAlgoMap.put( "des3", "DESede" );
+        cipherAlgoMap.put( "des", "DES" );
+        
+        oldEncTypes.add( DES_CBC_CRC );
+        oldEncTypes.add( DES_CBC_MD4 );
+        oldEncTypes.add( DES_CBC_MD5 );
+        oldEncTypes.add( DES_EDE3_CBC_ENV_OID );
+        oldEncTypes.add( DES3_CBC_MD5 );
+        oldEncTypes.add( DES3_CBC_SHA1 );
+        oldEncTypes.add( DES3_CBC_SHA1_KD );
+        oldEncTypes.add( DSAWITHSHA1_CMSOID );
+        oldEncTypes.add( MD5WITHRSAENCRYPTION_CMSOID );
+        oldEncTypes.add( SHA1WITHRSAENCRYPTION_CMSOID );
+        oldEncTypes.add( RC2CBC_ENVOID );
+        oldEncTypes.add( RSAENCRYPTION_ENVOID );
+        oldEncTypes.add( RSAES_OAEP_ENV_OID );
+        oldEncTypes.add( RC4_HMAC );
     }
     
     /**
@@ -247,8 +311,7 @@ public class KerberosUtils
      * @param configuredTypes The configured encryption types
      * @return The first matching encryption type.
      */
-    public static EncryptionType getBestEncryptionType( List<EncryptionType> requestedTypes,
-        List<EncryptionType> configuredTypes )
+    public static EncryptionType getBestEncryptionType( Set<EncryptionType> requestedTypes, Set<EncryptionType> configuredTypes )
     {
         for ( EncryptionType encryptionType : requestedTypes )
         {
@@ -268,7 +331,7 @@ public class KerberosUtils
      * @param encryptionTypes The encryptionTypes
      * @return A list comma separated of the encryptionTypes
      */
-    public static String getEncryptionTypesString( List<EncryptionType> encryptionTypes )
+    public static String getEncryptionTypesString( Set<EncryptionType> encryptionTypes )
     {
         StringBuilder sb = new StringBuilder();
         boolean isFirst = true;
@@ -309,6 +372,218 @@ public class KerberosUtils
         return true;
     }
 
+
+    public static String getAlgoNameFromEncType( EncryptionType encType )
+    {
+        String cipherName = encType.getName().toLowerCase();
+        
+        for( String c : cipherAlgoMap.keySet() )
+        {
+            if ( cipherName.startsWith( c ) )
+            {
+                return cipherAlgoMap.get( c );
+            }
+        }
+                
+        throw new IllegalArgumentException( "Unknown algorithm name for the encryption type " + encType );
+    }
+
+    
+    public static Set<EncryptionType> orderEtypesByStrength( Set<EncryptionType> etypes )
+    {
+        Set<EncryptionType> ordered = new LinkedHashSet<EncryptionType>( etypes.size() );
+        
+        for( String algo : cipherAlgoMap.values() )
+        {
+            for( EncryptionType encType : etypes )
+            {
+                String foundAlgo = getAlgoNameFromEncType( encType );
+                
+                if ( algo.equals( foundAlgo ) )
+                {
+                    ordered.add( encType );
+                }
+            }
+        }
+        
+        return ordered;
+    }
+
+    /**
+     * Get a PrincipalStoreEntry given a principal.  The ErrorType is used to indicate
+     * whether any resulting error pertains to a server or client.
+     */
+    public static PrincipalStoreEntry getEntry( KerberosPrincipal principal, PrincipalStore store, ErrorType errorType )
+        throws KerberosException
+    {
+        PrincipalStoreEntry entry = null;
+    
+        try
+        {
+            entry = store.getPrincipal( principal );
+        }
+        catch ( Exception e )
+        {
+            throw new KerberosException( errorType, e );
+        }
+    
+        if ( entry == null )
+        {
+            throw new KerberosException( errorType );
+        }
+    
+        if ( entry.getKeyMap() == null || entry.getKeyMap().isEmpty() )
+        {
+            throw new KerberosException( ErrorType.KDC_ERR_NULL_KEY );
+        }
+    
+        return entry;
+    }
+
+    /**
+         * Verifies an AuthHeader using guidelines from RFC 1510 section A.10., "KRB_AP_REQ verification."
+         *
+         * @param authHeader
+         * @param ticket
+         * @param serverKey
+         * @param clockSkew
+         * @param replayCache
+         * @param emptyAddressesAllowed
+         * @param clientAddress
+         * @param lockBox
+         * @param authenticatorKeyUsage
+         * @param isValidate
+         * @return The authenticator.
+         * @throws KerberosException
+         */
+        public static Authenticator verifyAuthHeader( ApReq authHeader, Ticket ticket, EncryptionKey serverKey,
+            long clockSkew, ReplayCache replayCache, boolean emptyAddressesAllowed, InetAddress clientAddress,
+            CipherTextHandler lockBox, KeyUsage authenticatorKeyUsage, boolean isValidate ) throws KerberosException
+        {
+            if ( authHeader.getProtocolVersionNumber() != KerberosConstants.KERBEROS_V5 )
+            {
+                throw new KerberosException( ErrorType.KRB_AP_ERR_BADVERSION );
+            }
+    
+            if ( authHeader.getMessageType() != KerberosMessageType.AP_REQ )
+            {
+                throw new KerberosException( ErrorType.KRB_AP_ERR_MSG_TYPE );
+            }
+    
+            if ( authHeader.getTicket().getTktVno() != KerberosConstants.KERBEROS_V5 )
+            {
+                throw new KerberosException( ErrorType.KRB_AP_ERR_BADVERSION );
+            }
+    
+            EncryptionKey ticketKey = null;
+    
+            if ( authHeader.getOption( ApOptions.USE_SESSION_KEY ) )
+            {
+                ticketKey = authHeader.getTicket().getEncTicketPart().getKey();
+            }
+            else
+            {
+                ticketKey = serverKey;
+            }
+    
+            if ( ticketKey == null )
+            {
+                // TODO - check server key version number, skvno; requires store
+    //            if ( false )
+    //            {
+    //                throw new KerberosException( ErrorType.KRB_AP_ERR_BADKEYVER );
+    //            }
+    
+                throw new KerberosException( ErrorType.KRB_AP_ERR_NOKEY );
+            }
+            
+            byte[] encTicketPartData = lockBox.decrypt( ticketKey, ticket.getEncPart(), KeyUsage.AS_OR_TGS_REP_TICKET_WITH_SRVKEY );
+            EncTicketPart encPart = KerberosDecoder.decodeEncTicketPart( encTicketPartData ); 
+            ticket.setEncTicketPart( encPart );
+    
+            byte[] authenticatorData = lockBox.decrypt( ticket.getEncTicketPart().getKey(),  authHeader.getAuthenticator(), authenticatorKeyUsage );
+            
+            Authenticator authenticator = KerberosDecoder.decodeAuthenticator( authenticatorData ); 
+    
+            if ( !authenticator.getCName().getNameString().equals( ticket.getEncTicketPart().getCName().getNameString() ) )
+            {
+                throw new KerberosException( ErrorType.KRB_AP_ERR_BADMATCH );
+            }
+    
+            if ( ticket.getEncTicketPart().getClientAddresses() != null )
+            {
+                if ( !ticket.getEncTicketPart().getClientAddresses().contains( new HostAddress( clientAddress ) ) )
+                {
+                    throw new KerberosException( ErrorType.KRB_AP_ERR_BADADDR );
+                }
+            }
+            else
+            {
+                if ( !emptyAddressesAllowed )
+                {
+                    throw new KerberosException( ErrorType.KRB_AP_ERR_BADADDR );
+                }
+            }
+    
+            KerberosPrincipal serverPrincipal = getKerberosPrincipal( ticket.getSName(), ticket.getRealm() );
+            KerberosPrincipal clientPrincipal = getKerberosPrincipal( authenticator.getCName(), authenticator.getCRealm() );
+            KerberosTime clientTime = authenticator.getCtime();
+            int clientMicroSeconds = authenticator.getCusec();
+    
+            if ( replayCache != null )
+            {
+                if ( replayCache.isReplay( serverPrincipal, clientPrincipal, clientTime, clientMicroSeconds ) )
+                {
+                    throw new KerberosException( ErrorType.KRB_AP_ERR_REPEAT );
+                }
+        
+                replayCache.save( serverPrincipal, clientPrincipal, clientTime, clientMicroSeconds );
+            }
+    
+            if ( !authenticator.getCtime().isInClockSkew( clockSkew ) )
+            {
+                throw new KerberosException( ErrorType.KRB_AP_ERR_SKEW );
+            }
+    
+            /*
+             * "The server computes the age of the ticket: local (server) time minus
+             * the starttime inside the Ticket.  If the starttime is later than the
+             * current time by more than the allowable clock skew, or if the INVALID
+             * flag is set in the ticket, the KRB_AP_ERR_TKT_NYV error is returned."
+             */
+            KerberosTime startTime = ( ticket.getEncTicketPart().getStartTime() != null ) ? ticket.getEncTicketPart().getStartTime() : ticket.getEncTicketPart().getAuthTime();
+    
+            KerberosTime now = new KerberosTime();
+            boolean isValidStartTime = startTime.lessThan( now );
+    
+            if ( !isValidStartTime || ( ticket.getEncTicketPart().getFlags().isInvalid() && !isValidate ) )
+            {
+                // it hasn't yet become valid
+                throw new KerberosException( ErrorType.KRB_AP_ERR_TKT_NYV );
+            }
+    
+            // TODO - doesn't take into account skew
+            if ( !ticket.getEncTicketPart().getEndTime().greaterThan( now ) )
+            {
+                throw new KerberosException( ErrorType.KRB_AP_ERR_TKT_EXPIRED );
+            }
+    
+            authHeader.getApOptions().set( ApOptions.MUTUAL_REQUIRED );
+    
+            return authenticator;
+        }
+
+    /**
+     * checks if the given encryption type is *new* (ref sec#3.1.3 of rfc4120)
+     *
+     * @param eType the encryption type
+     * @return true if the encryption type is new, false otherwise
+     */
+    public static boolean isNewEncryptionType( EncryptionType eType )
+    {
+        return !oldEncTypes.contains( eType );
+    }
+        
     /**
      * Verifies an AuthHeader using guidelines from RFC 1510 section A.10., "KRB_AP_REQ verification."
      *

Added: directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/codec/changePwdData/ChangePasswdDataContainer.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/codec/changePwdData/ChangePasswdDataContainer.java?rev=1443107&view=auto
==============================================================================
--- directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/codec/changePwdData/ChangePasswdDataContainer.java (added)
+++ directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/codec/changePwdData/ChangePasswdDataContainer.java Wed Feb  6 18:19:36 2013
@@ -0,0 +1,50 @@
+package org.apache.directory.shared.kerberos.codec.changePwdData;
+
+import java.nio.ByteBuffer;
+
+import org.apache.directory.api.asn1.ber.AbstractContainer;
+import org.apache.directory.shared.kerberos.messages.ChangePasswdData;
+
+
+/**
+ * The ChangePasswdData container.
+ * 
+ */
+public class ChangePasswdDataContainer extends AbstractContainer
+{
+    /** An ChangePasswdData container */
+    private ChangePasswdData chngPwdData;
+
+    /**
+     * Creates a new ChangePasswdDataContainer object.
+     * @param stream The stream containing the data to decode
+     */
+    public ChangePasswdDataContainer( ByteBuffer stream )
+    {
+        super( stream );
+        this.stateStack = new int[1];
+        this.grammar = ChangePasswdDataGrammar.getInstance();
+        setTransition( ChangePasswdDataStatesEnum.START_STATE );
+    }
+
+
+    /**
+     * @return Returns the ApRep.
+     */
+    public ChangePasswdData getChngPwdData()
+    {
+        return chngPwdData;
+    }
+
+    
+    /**
+     * Set an ChangePasswdData Object into the container. It will be completed by the
+     * KerberosDecoder.
+     * 
+     * @param chngPwdData The ChangePasswdData to set.
+     */
+    public void setChngPwdData( ChangePasswdData chngPwdData )
+    {
+        this.chngPwdData = chngPwdData;
+    }
+}

Added: directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/codec/changePwdData/ChangePasswdDataGrammar.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/codec/changePwdData/ChangePasswdDataGrammar.java?rev=1443107&view=auto
==============================================================================
--- directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/codec/changePwdData/ChangePasswdDataGrammar.java (added)
+++ directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/codec/changePwdData/ChangePasswdDataGrammar.java Wed Feb  6 18:19:36 2013
@@ -0,0 +1,143 @@
+package org.apache.directory.shared.kerberos.codec.changePwdData;
+
+
+import org.apache.directory.api.asn1.actions.CheckNotNullLength;
+import org.apache.directory.api.asn1.ber.grammar.AbstractGrammar;
+import org.apache.directory.api.asn1.ber.grammar.Grammar;
+import org.apache.directory.api.asn1.ber.grammar.GrammarTransition;
+import org.apache.directory.api.asn1.ber.tlv.UniversalTag;
+import org.apache.directory.shared.kerberos.KerberosConstants;
+import org.apache.directory.shared.kerberos.codec.changePwdData.actions.ChangePasswdDataInit;
+import org.apache.directory.shared.kerberos.codec.changePwdData.actions.StoreNewPassword;
+import org.apache.directory.shared.kerberos.codec.changePwdData.actions.StoreTargName;
+import org.apache.directory.shared.kerberos.codec.changePwdData.actions.StoreTargRealm;
+
+
+/**
+ * This class implements the ChangePasswdData message. All the actions are declared
+ * in this class. As it is a singleton, these declaration are only done once. If
+ * an action is to be added or modified, this is where the work is to be done !
+ *
+ */
+public final class ChangePasswdDataGrammar extends AbstractGrammar<ChangePasswdDataContainer>
+{
+    /** The instance of grammar. ChangePasswdDataGrammar is a singleton */
+    private static Grammar<ChangePasswdDataContainer> instance = new ChangePasswdDataGrammar();
+
+
+    /**
+     * Creates a new ChangePasswdDataGrammar object.
+     */
+    @SuppressWarnings("unchecked")
+    private ChangePasswdDataGrammar()
+    {
+        setName( ChangePasswdDataGrammar.class.getName() );
+
+        // Create the transitions table
+        super.transitions = new GrammarTransition[ChangePasswdDataStatesEnum.LAST_CHNGPWD_STATE.ordinal()][256];
+
+        // ============================================================================================
+        // ChangePasswdData
+        // ============================================================================================
+        // --------------------------------------------------------------------------------------------
+        // Transition from START to ChangePasswdData SEQ
+        // --------------------------------------------------------------------------------------------
+        // This is the starting state :
+        // ChangePasswdData          ::= SEQUENCE ...
+        super.transitions[ChangePasswdDataStatesEnum.START_STATE.ordinal()][UniversalTag.SEQUENCE.getValue()] =
+            new GrammarTransition<ChangePasswdDataContainer>(
+                ChangePasswdDataStatesEnum.START_STATE,
+                ChangePasswdDataStatesEnum.CHNGPWD_SEQ_STATE,
+                UniversalTag.SEQUENCE,
+                new ChangePasswdDataInit() );
+
+        // --------------------------------------------------------------------------------------------
+        // Transition from ChangePasswdData-SEQ to newPasswd tag
+        // --------------------------------------------------------------------------------------------
+        // ChangePasswdData          ::= SEQUENCE {
+        //         newPasswd         [0]
+        super.transitions[ChangePasswdDataStatesEnum.CHNGPWD_SEQ_STATE.ordinal()][KerberosConstants.CHNGPWD_NEWPWD_TAG] =
+            new GrammarTransition<ChangePasswdDataContainer>(
+                ChangePasswdDataStatesEnum.CHNGPWD_SEQ_STATE,
+                ChangePasswdDataStatesEnum.CHNGPWD_NEWPASSWD_TAG_STATE,
+                KerberosConstants.CHNGPWD_NEWPWD_TAG,
+                new CheckNotNullLength<ChangePasswdDataContainer>() );
+
+        // --------------------------------------------------------------------------------------------
+        // Transition from newPasswd tag to newPasswd
+        // --------------------------------------------------------------------------------------------
+        // ChangePasswdData          ::= SEQUENCE {
+        //         newPasswd         [0] OCTET STRING,
+        super.transitions[ChangePasswdDataStatesEnum.CHNGPWD_NEWPASSWD_TAG_STATE.ordinal()][UniversalTag.OCTET_STRING.getValue()] =
+            new GrammarTransition<ChangePasswdDataContainer>(
+                ChangePasswdDataStatesEnum.CHNGPWD_NEWPASSWD_TAG_STATE,
+                ChangePasswdDataStatesEnum.CHNGPWD_NEWPASSWD_STATE,
+                UniversalTag.OCTET_STRING,
+                new StoreNewPassword() );
+
+        // --------------------------------------------------------------------------------------------
+        // Transition from newPasswd to targName tag
+        // --------------------------------------------------------------------------------------------
+        // ChangePasswdData          ::= SEQUENCE {
+        //         newPasswd         [0] OCTET STRING,
+        //         targName          [1] PrincipalName OPTIONAL,
+        super.transitions[ChangePasswdDataStatesEnum.CHNGPWD_NEWPASSWD_STATE.ordinal()][KerberosConstants.CHNGPWD_TARGNAME_TAG] =
+            new GrammarTransition<ChangePasswdDataContainer>(
+                ChangePasswdDataStatesEnum.CHNGPWD_NEWPASSWD_STATE,
+                ChangePasswdDataStatesEnum.CHNGPWD_TARGNAME_TAG_STATE,
+                KerberosConstants.CHNGPWD_TARGNAME_TAG,
+                new StoreTargName() );
+
+        // --------------------------------------------------------------------------------------------
+        // Transition from targName to targRealm tag
+        // --------------------------------------------------------------------------------------------
+        // ChangePasswdData          ::= SEQUENCE {
+        //         ...
+        //         targName          [1] PrincipalName OPTIONAL,
+        //         targRealm         [2] 
+        super.transitions[ChangePasswdDataStatesEnum.CHNGPWD_TARGNAME_TAG_STATE.ordinal()][KerberosConstants.CHNGPWD_TARGREALM_TAG] =
+            new GrammarTransition<ChangePasswdDataContainer>(
+                ChangePasswdDataStatesEnum.CHNGPWD_TARGNAME_TAG_STATE,
+                ChangePasswdDataStatesEnum.CHNGPWD_TARGREALM_TAG_STATE,
+                KerberosConstants.CHNGPWD_TARGREALM_TAG,
+                new CheckNotNullLength<ChangePasswdDataContainer>() );
+
+        // --------------------------------------------------------------------------------------------
+        // Transition from targRealm tag to targRealm
+        // --------------------------------------------------------------------------------------------
+        // ChangePasswdData          ::= SEQUENCE {
+        //         ...
+        //         targName          [1] PrincipalName OPTIONAL,
+        //         targRealm         [2] Realm OPTIONAL
+        super.transitions[ChangePasswdDataStatesEnum.CHNGPWD_TARGREALM_TAG_STATE.ordinal()][UniversalTag.GENERAL_STRING.getValue()] =
+            new GrammarTransition<ChangePasswdDataContainer>(
+                ChangePasswdDataStatesEnum.CHNGPWD_TARGREALM_TAG_STATE,
+                ChangePasswdDataStatesEnum.CHNGPWD_TARGREALM_STATE,
+                UniversalTag.GENERAL_STRING,
+                new StoreTargRealm() );
+
+        // --------------------------------------------------------------------------------------------
+        // Transition from newPasswd to targRealm tag
+        // --------------------------------------------------------------------------------------------
+        // ChangePasswdData          ::= SEQUENCE {
+        //         newPasswd         [0] OCTET STRING,
+        //         targRealm         [2] 
+        super.transitions[ChangePasswdDataStatesEnum.CHNGPWD_NEWPASSWD_STATE.ordinal()][KerberosConstants.CHNGPWD_TARGREALM_TAG] =
+            new GrammarTransition<ChangePasswdDataContainer>(
+                ChangePasswdDataStatesEnum.CHNGPWD_NEWPASSWD_STATE,
+                ChangePasswdDataStatesEnum.CHNGPWD_TARGREALM_TAG_STATE,
+                KerberosConstants.CHNGPWD_TARGREALM_TAG,
+                new CheckNotNullLength<ChangePasswdDataContainer>() );
+    }
+
+
+    /**
+     * Get the instance of this grammar
+     *
+     * @return An instance on the ChangePasswdData Grammar
+     */
+    public static Grammar<ChangePasswdDataContainer> getInstance()
+    {
+        return instance;
+    }
+}

Added: directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/codec/changePwdData/ChangePasswdDataStatesEnum.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/codec/changePwdData/ChangePasswdDataStatesEnum.java?rev=1443107&view=auto
==============================================================================
--- directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/codec/changePwdData/ChangePasswdDataStatesEnum.java (added)
+++ directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/codec/changePwdData/ChangePasswdDataStatesEnum.java Wed Feb  6 18:19:36 2013
@@ -0,0 +1,91 @@
+package org.apache.directory.shared.kerberos.codec.changePwdData;
+
+
+import org.apache.directory.api.asn1.ber.grammar.Grammar;
+import org.apache.directory.api.asn1.ber.grammar.States;
+
+
+/**
+ * This class store the ChangePasswdData grammar's constants.
+ *
+ */
+public enum ChangePasswdDataStatesEnum implements States
+{
+    // Start
+    START_STATE,                            // 0
+
+    // ----- ChangePasswdData message --------------------------------------
+    CHNGPWD_SEQ_STATE,                    // 1
+    
+    CHNGPWD_NEWPASSWD_TAG_STATE,          // 2
+    CHNGPWD_NEWPASSWD_STATE,              // 3
+
+    CHNGPWD_TARGNAME_TAG_STATE,           // 4
+
+    CHNGPWD_TARGREALM_TAG_STATE,          // 5
+    CHNGPWD_TARGREALM_STATE,              // 6
+
+    // End
+    LAST_CHNGPWD_STATE;                   // 7
+
+
+    /**
+     * Get the grammar name
+     *
+     * @param grammar The grammar code
+     * @return The grammar name
+     */
+    public String getGrammarName( int grammar )
+    {
+        return "CHNGPWD_DATA_GRAMMAR";
+    }
+
+
+    /**
+     * Get the grammar name
+     *
+     * @param grammar The grammar class
+     * @return The grammar name
+     */
+    public String getGrammarName( Grammar<ChangePasswdDataContainer> grammar )
+    {
+        if ( grammar instanceof ChangePasswdDataGrammar )
+        {
+            return "CHNGPWD_DATA_GRAMMAR";
+        }
+        else
+        {
+            return "UNKNOWN GRAMMAR";
+        }
+    }
+
+
+    /**
+     * Get the string representing the state
+     *
+     * @param state The state number
+     * @return The String representing the state
+     */
+    public String getState( int state )
+    {
+        return ( ( state == LAST_CHNGPWD_STATE.ordinal() ) ? "LAST_CHNGPWD_STATE" : name() );
+    }
+
+
+    /**
+     * {@inheritDoc}
+     */
+    public boolean isEndState()
+    {
+        return this == LAST_CHNGPWD_STATE;
+    }
+
+
+    /**
+     * {@inheritDoc}
+     */
+    public ChangePasswdDataStatesEnum getStartState()
+    {
+        return START_STATE;
+    }
+}

Added: directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/codec/changePwdData/actions/ChangePasswdDataInit.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/codec/changePwdData/actions/ChangePasswdDataInit.java?rev=1443107&view=auto
==============================================================================
--- directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/codec/changePwdData/actions/ChangePasswdDataInit.java (added)
+++ directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/codec/changePwdData/actions/ChangePasswdDataInit.java Wed Feb  6 18:19:36 2013
@@ -0,0 +1,52 @@
+package org.apache.directory.shared.kerberos.codec.changePwdData.actions;
+
+
+import org.apache.directory.server.i18n.I18n;
+import org.apache.directory.api.asn1.DecoderException;
+import org.apache.directory.api.asn1.ber.grammar.GrammarAction;
+import org.apache.directory.api.asn1.ber.tlv.TLV;
+import org.apache.directory.shared.kerberos.codec.changePwdData.ChangePasswdDataContainer;
+import org.apache.directory.shared.kerberos.messages.ChangePasswdData;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+
+/**
+ * The action used to initialize the Ticket object
+ */
+public class ChangePasswdDataInit extends GrammarAction<ChangePasswdDataContainer>
+{
+    /** The logger */
+    private static final Logger LOG = LoggerFactory.getLogger( ChangePasswdDataInit.class );
+
+    /**
+     * Instantiates a new TicketInit action.
+     */
+    public ChangePasswdDataInit()
+    {
+        super( "Ticket initialization" );
+    }
+
+
+    /**
+     * {@inheritDoc}
+     */
+    public void action( ChangePasswdDataContainer chngPwdDataContainer ) throws DecoderException
+    {
+        TLV tlv = chngPwdDataContainer.getCurrentTLV();
+
+        // The Length should not be null
+        if ( tlv.getLength() == 0 )
+        {
+            LOG.error( I18n.err( I18n.ERR_744_NULL_PDU_LENGTH ) );
+
+            // This will generate a PROTOCOL_ERROR
+            throw new DecoderException( I18n.err( I18n.ERR_744_NULL_PDU_LENGTH ) );
+        }
+
+        // Create the Ticket now
+        ChangePasswdData chngPwdData = new ChangePasswdData();
+
+        chngPwdDataContainer.setChngPwdData( chngPwdData );
+    }
+}

Added: directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/codec/changePwdData/actions/StoreNewPassword.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/codec/changePwdData/actions/StoreNewPassword.java?rev=1443107&view=auto
==============================================================================
--- directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/codec/changePwdData/actions/StoreNewPassword.java (added)
+++ directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/codec/changePwdData/actions/StoreNewPassword.java Wed Feb  6 18:19:36 2013
@@ -0,0 +1,31 @@
+package org.apache.directory.shared.kerberos.codec.changePwdData.actions;
+
+
+import org.apache.directory.api.asn1.actions.AbstractReadOctetString;
+import org.apache.directory.shared.kerberos.codec.changePwdData.ChangePasswdDataContainer;
+
+
+/**
+ * The action used to set the new password
+ */
+public class StoreNewPassword extends AbstractReadOctetString<ChangePasswdDataContainer>
+{
+    /**
+     * Instantiates a new StoreNewPassword action.
+     */
+    public StoreNewPassword()
+    {
+        super( "Kerberos changepassword's new password value" );
+    }
+
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    protected void setOctetString( byte[] newPasswd, ChangePasswdDataContainer container )
+    {
+        container.getChngPwdData().setNewPasswd( newPasswd );
+        container.setGrammarEndAllowed( true );
+    }
+}

Added: directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/codec/changePwdData/actions/StoreTargName.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/codec/changePwdData/actions/StoreTargName.java?rev=1443107&view=auto
==============================================================================
--- directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/codec/changePwdData/actions/StoreTargName.java (added)
+++ directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/codec/changePwdData/actions/StoreTargName.java Wed Feb  6 18:19:36 2013
@@ -0,0 +1,32 @@
+package org.apache.directory.shared.kerberos.codec.changePwdData.actions;
+
+
+import org.apache.directory.shared.kerberos.codec.actions.AbstractReadPrincipalName;
+import org.apache.directory.shared.kerberos.codec.changePwdData.ChangePasswdDataContainer;
+import org.apache.directory.shared.kerberos.components.PrincipalName;
+
+
+/**
+ * The action used to set the targname of ChangePasswdData
+ */
+public class StoreTargName extends AbstractReadPrincipalName<ChangePasswdDataContainer>
+{
+    /**
+     * Instantiates a new StoreTargName action.
+     */
+    public StoreTargName()
+    {
+        super( "Kerberos change password targetName" );
+    }
+
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    protected void setPrincipalName( PrincipalName principalName, ChangePasswdDataContainer ticketContainer )
+    {
+        ticketContainer.getChngPwdData().setTargName( principalName );
+        ticketContainer.setGrammarEndAllowed( true );
+    }
+}

Added: directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/codec/changePwdData/actions/StoreTargRealm.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/codec/changePwdData/actions/StoreTargRealm.java?rev=1443107&view=auto
==============================================================================
--- directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/codec/changePwdData/actions/StoreTargRealm.java (added)
+++ directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/codec/changePwdData/actions/StoreTargRealm.java Wed Feb  6 18:19:36 2013
@@ -0,0 +1,31 @@
+package org.apache.directory.shared.kerberos.codec.changePwdData.actions;
+
+
+import org.apache.directory.shared.kerberos.codec.actions.AbstractReadRealm;
+import org.apache.directory.shared.kerberos.codec.changePwdData.ChangePasswdDataContainer;
+
+
+/**
+ * The action used to set the target realm of the ChangePasswdData
+ */
+public class StoreTargRealm extends AbstractReadRealm<ChangePasswdDataContainer>
+{
+    /**
+     * Instantiates a new StoreRealm action.
+     */
+    public StoreTargRealm()
+    {
+        super( "Kerberos changepassword target realm value" );
+    }
+
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    protected void setRealm( String realm, ChangePasswdDataContainer container )
+    {
+        container.getChngPwdData().setTargRealm( realm );
+        container.setGrammarEndAllowed( true );
+    }
+}

Modified: directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/codec/types/PaDataType.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/codec/types/PaDataType.java?rev=1443107&r1=1443106&r2=1443107&view=diff
==============================================================================
--- directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/codec/types/PaDataType.java (original)
+++ directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/codec/types/PaDataType.java Wed Feb  6 18:19:36 2013
@@ -101,6 +101,11 @@ public enum PaDataType
     PA_PK_AS_REP(15),
 
     /**
+     * Constant for the "encryption info2" pre-authentication data type.
+     */
+    PA_ENCTYPE_INFO2( 19 ),
+    
+    /**
      * Constant for the "use specified key version" pre-authentication data type.
      */
     PA_USE_SPECIFIED_KVNO(20),
@@ -179,6 +184,8 @@ public enum PaDataType
                 return PA_PK_AS_REQ;
             case 15:
                 return PA_PK_AS_REQ;
+            case 19 :   
+                return PA_ENCTYPE_INFO2;
             case 20:
                 return PA_USE_SPECIFIED_KVNO;
             case 21:
@@ -236,6 +243,9 @@ public enum PaDataType
 
             case PA_PK_AS_REQ:
                 return "PK as request" + "(" + value + ")";
+            
+            case PA_ENCTYPE_INFO2 : 
+                return "Encryption info." + "(" + value + ")";
 
             case PA_PK_AS_REP:
                 return "PK as response" + "(" + value + ")";

Modified: directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/components/ETypeInfo2Entry.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/components/ETypeInfo2Entry.java?rev=1443107&r1=1443106&r2=1443107&view=diff
==============================================================================
--- directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/components/ETypeInfo2Entry.java (original)
+++ directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/components/ETypeInfo2Entry.java Wed Feb  6 18:19:36 2013
@@ -81,6 +81,11 @@ public class ETypeInfo2Entry extends Abs
     {
     }
 
+    
+    public ETypeInfo2Entry( EncryptionType etype )
+    {
+        this.etype = etype;
+    }
 
     /**
      * Returns the salt.

Modified: directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/components/KdcReqBody.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/components/KdcReqBody.java?rev=1443107&r1=1443106&r2=1443107&view=diff
==============================================================================
--- directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/components/KdcReqBody.java (original)
+++ directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/components/KdcReqBody.java Wed Feb  6 18:19:36 2013
@@ -22,7 +22,9 @@ package org.apache.directory.shared.kerb
 
 import java.nio.ByteBuffer;
 import java.util.ArrayList;
+import java.util.LinkedHashSet;
 import java.util.List;
+import java.util.Set;
 
 import org.apache.directory.api.asn1.AbstractAsn1Object;
 import org.apache.directory.api.asn1.EncoderException;
@@ -90,8 +92,8 @@ public class KdcReqBody extends Abstract
     /** Random number to avoid MiM attacks */
     private int nonce;
 
-    /** List of desired encryption types */
-    private List<EncryptionType> eType;
+    /** Set of desired encryption types */
+    private Set<EncryptionType> eType;
 
     /** Addresses valid for the requested ticket */
     private HostAddresses addresses;
@@ -130,7 +132,7 @@ public class KdcReqBody extends Abstract
     public KdcReqBody()
     {
         additionalTickets = new ArrayList<Ticket>();
-        eType = new ArrayList<EncryptionType>();
+        eType = new LinkedHashSet<EncryptionType>();
     }
 
 
@@ -229,7 +231,7 @@ public class KdcReqBody extends Abstract
      *
      * @return The requested {@link EncryptionType}s.
      */
-    public List<EncryptionType> getEType()
+    public Set<EncryptionType> getEType()
     {
         return eType;
     }
@@ -238,7 +240,7 @@ public class KdcReqBody extends Abstract
     /**
      * @param eType the eType to set
      */
-    public void setEType( List<EncryptionType> eType )
+    public void setEType( Set<EncryptionType> eType )
     {
         this.eType = eType;
     }

Modified: directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/messages/Authenticator.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/messages/Authenticator.java?rev=1443107&r1=1443106&r2=1443107&view=diff
==============================================================================
--- directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/messages/Authenticator.java (original)
+++ directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/messages/Authenticator.java Wed Feb  6 18:19:36 2013
@@ -114,6 +114,7 @@ public class Authenticator extends Kerbe
     public Authenticator()
     {
         super( KerberosMessageType.AUTHENTICATOR );
+        versionNumber = getProtocolVersionNumber();
     }
 
 
@@ -230,7 +231,7 @@ public class Authenticator extends Kerbe
     /**
      * @return the seqNumber
      */
-    public int getSeqNumber()
+    public Integer getSeqNumber()
     {
         return seqNumber;
     }
@@ -327,8 +328,8 @@ public class Authenticator extends Kerbe
         reset();
 
         // Compute the Authenticator version length.
-        authenticatorVnoLength = 1 + 1 + BerValue.getNbBytes( getProtocolVersionNumber() );
-        authenticatorSeqLength = 1 + TLV.getNbBytes( authenticatorVnoLength ) + authenticatorVnoLength;
+        authenticatorVnoLength = 1 + 1 + BerValue.getNbBytes( getVersionNumber() );
+        authenticatorSeqLength =  1 + TLV.getNbBytes( authenticatorVnoLength ) + authenticatorVnoLength;
 
         // Compute the  crealm length.
         crealmBytes = Strings.getBytesUtf8( crealm );
@@ -434,8 +435,8 @@ public class Authenticator extends Kerbe
             buffer.put( TLV.getBytes( authenticatorVnoLength ) );
 
             // The value
-            BerValue.encode( buffer, getProtocolVersionNumber() );
-
+            BerValue.encode( buffer, getVersionNumber() );
+            
             // The crealm -----------------------------------------------------
             // The tag
             buffer.put( ( byte ) KerberosConstants.AUTHENTICATOR_CREALM_TAG );
@@ -495,13 +496,16 @@ public class Authenticator extends Kerbe
             }
 
             // The seq-number, if any -----------------------------------------
-            // The tag
-            buffer.put( ( byte ) KerberosConstants.AUTHENTICATOR_SEQ_NUMBER_TAG );
-            buffer.put( TLV.getBytes( seqNumberLength ) );
-
-            // The value
-            BerValue.encode( buffer, seqNumber );
-
+            if ( seqNumber != null )
+            {
+                // The tag
+                buffer.put( (byte)KerberosConstants.AUTHENTICATOR_SEQ_NUMBER_TAG );
+                buffer.put( TLV.getBytes( seqNumberLength ) );
+                
+                // The value
+                BerValue.encode( buffer, seqNumber );
+            }
+            
             // The authorization-data, if any ---------------------------------
             if ( authorizationData != null )
             {

Added: directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/messages/ChangePasswdData.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/messages/ChangePasswdData.java?rev=1443107&view=auto
==============================================================================
--- directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/messages/ChangePasswdData.java (added)
+++ directory/apacheds/trunk/kerberos-codec/src/main/java/org/apache/directory/shared/kerberos/messages/ChangePasswdData.java Wed Feb  6 18:19:36 2013
@@ -0,0 +1,181 @@
+package org.apache.directory.shared.kerberos.messages;
+
+
+import java.nio.ByteBuffer;
+
+import org.apache.directory.api.asn1.AbstractAsn1Object;
+import org.apache.directory.api.asn1.EncoderException;
+import org.apache.directory.api.asn1.ber.tlv.TLV;
+import org.apache.directory.api.asn1.ber.tlv.UniversalTag;
+import org.apache.directory.api.asn1.ber.tlv.BerValue;
+import org.apache.directory.shared.kerberos.KerberosConstants;
+import org.apache.directory.shared.kerberos.components.PrincipalName;
+import org.apache.directory.api.util.Strings;
+
+
+/**
+ * Change password data structure
+ * 
+ * ChangePasswdData ::=  SEQUENCE {
+ *       newpasswd[0]   OCTET STRING,
+ *       targname[1]    PrincipalName OPTIONAL,
+ *       targrealm[2]   Realm OPTIONAL
+ *     }
+ */
+public class ChangePasswdData extends AbstractAsn1Object
+{
+
+    /** the new password */
+    private byte[] newPasswd;
+
+    /** principal name of the client */
+    private PrincipalName targName;
+
+    /** name of client's realm */
+    private String targRealm;
+
+    private int newPasswdLen;
+    private int targNameLen;
+    private int targRealmLen;
+    private int seqLen;
+
+
+    public ChangePasswdData()
+    {
+    }
+
+
+    /**
+     * Compute the ChangePasswdData length
+     * <pre>
+     * ChangePasswdData :
+     *
+     * 0x30 L1 ChangePasswdData sequence
+     *  |
+     *  +--> 0xA0 L2 newPasswd tag
+     *  |     |
+     *  |     +--> 0x04 L2-1 newPasswd (Octet string)
+     *  |
+     *  +--> 0xA1 L3 targName tag
+     *  |     |
+     *  |     +--> 0x30 L3-1 targName (PrincipalName)
+     *  |
+     *  +--> 0xA2 L4 targRealm tag
+     *        |
+     *        +--> 0x1B L4-1 targRealm (KerberosString)
+     */
+    @Override
+    public int computeLength()
+    {
+        newPasswdLen = 1 + TLV.getNbBytes( newPasswd.length ) + newPasswd.length;
+
+        seqLen = 1 + TLV.getNbBytes( newPasswdLen ) + newPasswdLen;
+
+        if ( targName != null )
+        {
+            targNameLen = targName.computeLength();
+            seqLen += 1 + TLV.getNbBytes( targNameLen ) + targNameLen;
+        }
+
+        if ( targRealm != null )
+        {
+            targRealmLen = Strings.getBytesUtf8( targRealm ).length;
+            targRealmLen = 1 + TLV.getNbBytes( targRealmLen ) + targRealmLen;
+            seqLen += 1 + TLV.getNbBytes( targRealmLen ) + targRealmLen;
+        }
+
+        return 1 + TLV.getNbBytes( seqLen ) + seqLen;
+    }
+
+
+    @Override
+    public ByteBuffer encode( ByteBuffer buffer ) throws EncoderException
+    {
+        if ( buffer == null )
+        {
+            buffer = ByteBuffer.allocate( computeLength() );
+        }
+        
+        // ChangePasswdData
+        buffer.put( UniversalTag.SEQUENCE.getValue() );
+        buffer.put( BerValue.getBytes( seqLen ) );
+        
+        // newpasswd
+        buffer.put( ( byte ) KerberosConstants.CHNGPWD_NEWPWD_TAG );
+        buffer.put( BerValue.getBytes( newPasswdLen ) );
+        BerValue.encode( buffer, newPasswd );
+        
+        if ( targName != null )
+        {
+            buffer.put( ( byte ) KerberosConstants.CHNGPWD_TARGNAME_TAG );
+            buffer.put( BerValue.getBytes( targNameLen ) );
+            
+            targName.encode( buffer );
+        }
+        
+        if ( targRealm != null )
+        {
+            buffer.put( ( byte ) KerberosConstants.CHNGPWD_TARGREALM_TAG );
+            buffer.put( BerValue.getBytes( targRealmLen ) );
+            buffer.put( UniversalTag.GENERAL_STRING.getValue() );
+            buffer.put( BerValue.getBytes( targRealmLen - 2 ) );
+            buffer.put( Strings.getBytesUtf8( targRealm ) );
+        }
+        
+        return buffer;
+    }
+
+
+    public byte[] getNewPasswd()
+    {
+        return newPasswd;
+    }
+
+
+    public void setNewPasswd( byte[] newPasswd )
+    {
+        this.newPasswd = newPasswd;
+    }
+
+
+    public PrincipalName getTargName()
+    {
+        return targName;
+    }
+
+
+    public void setTargName( PrincipalName targName )
+    {
+        this.targName = targName;
+    }
+
+
+    public String getTargRealm()
+    {
+        return targRealm;
+    }
+
+
+    public void setTargRealm( String targRealm )
+    {
+        this.targRealm = targRealm;
+    }
+
+
+    /**
+     * @see Object#toString()
+     */
+    public String toString()
+    {
+        StringBuilder sb = new StringBuilder();
+
+
+        sb.append( "ChangePasswdData : \n" );
+        
+        sb.append( "    newPasswd : " ).append( newPasswd ).append( '\n' );
+        sb.append( "    targName : " ).append( targName ).append( '\n' );
+        sb.append( "    targRealm : " ).append( targRealm ).append( '\n' );
+
+        return sb.toString();
+    } 
+}

Modified: directory/apacheds/trunk/kerberos-codec/src/test/java/org/apache/directory/server/kerberos/shared/keytab/KeytabTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-codec/src/test/java/org/apache/directory/server/kerberos/shared/keytab/KeytabTest.java?rev=1443107&r1=1443106&r2=1443107&view=diff
==============================================================================
--- directory/apacheds/trunk/kerberos-codec/src/test/java/org/apache/directory/server/kerberos/shared/keytab/KeytabTest.java (original)
+++ directory/apacheds/trunk/kerberos-codec/src/test/java/org/apache/directory/server/kerberos/shared/keytab/KeytabTest.java Wed Feb  6 18:19:36 2013
@@ -24,6 +24,7 @@ import static org.junit.Assert.assertEqu
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
 
+import java.nio.ByteBuffer;
 import java.security.InvalidKeyException;
 import java.text.ParseException;
 import java.util.ArrayList;
@@ -39,7 +40,6 @@ import org.apache.directory.shared.kerbe
 import org.apache.directory.shared.kerberos.KerberosUtils;
 import org.apache.directory.shared.kerberos.codec.types.EncryptionType;
 import org.apache.directory.shared.kerberos.components.EncryptionKey;
-import org.apache.mina.core.buffer.IoBuffer;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 
@@ -151,7 +151,7 @@ public class KeytabTest
 
         Keytab writer = Keytab.getInstance();
         writer.setEntries( entries );
-        IoBuffer buffer = writer.write();
+        ByteBuffer buffer = writer.write();
         assertEquals( "Expected file size.", 130, buffer.limit() );
     }
 

Modified: directory/apacheds/trunk/kerberos-codec/src/test/java/org/apache/directory/server/kerberos/shared/messages/value/flags/AbstractKerberosFlagsTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-codec/src/test/java/org/apache/directory/server/kerberos/shared/messages/value/flags/AbstractKerberosFlagsTest.java?rev=1443107&r1=1443106&r2=1443107&view=diff
==============================================================================
--- directory/apacheds/trunk/kerberos-codec/src/test/java/org/apache/directory/server/kerberos/shared/messages/value/flags/AbstractKerberosFlagsTest.java (original)
+++ directory/apacheds/trunk/kerberos-codec/src/test/java/org/apache/directory/server/kerberos/shared/messages/value/flags/AbstractKerberosFlagsTest.java Wed Feb  6 18:19:36 2013
@@ -24,13 +24,14 @@ import static org.junit.Assert.assertEqu
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertTrue;
 
-import com.mycila.junit.concurrent.Concurrency;
-import com.mycila.junit.concurrent.ConcurrentJunitRunner;
 import org.apache.directory.shared.kerberos.flags.AbstractKerberosFlags;
 import org.apache.directory.shared.kerberos.flags.TicketFlag;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 
+import com.mycila.junit.concurrent.Concurrency;
+import com.mycila.junit.concurrent.ConcurrentJunitRunner;
+
 
 /**
  * Test for AbstractKerberosFlags

Modified: directory/apacheds/trunk/kerberos-codec/src/test/java/org/apache/directory/server/kerberos/shared/replay/ReplayCacheImplTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-codec/src/test/java/org/apache/directory/server/kerberos/shared/replay/ReplayCacheImplTest.java?rev=1443107&r1=1443106&r2=1443107&view=diff
==============================================================================
--- directory/apacheds/trunk/kerberos-codec/src/test/java/org/apache/directory/server/kerberos/shared/replay/ReplayCacheImplTest.java (original)
+++ directory/apacheds/trunk/kerberos-codec/src/test/java/org/apache/directory/server/kerberos/shared/replay/ReplayCacheImplTest.java Wed Feb  6 18:19:36 2013
@@ -24,6 +24,8 @@ import static org.junit.Assert.assertEqu
 import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertTrue;
 
+import java.io.InputStream;
+import java.util.Arrays;
 import java.util.List;
 
 import javax.security.auth.kerberos.KerberosPrincipal;
@@ -69,10 +71,10 @@ public class ReplayCacheImplTest
         try
         {
             long clockSkew = 1000; // 1 sec
-
-            cacheManager = new CacheManager( ReplayCacheImplTest.class.getClassLoader().getResource(
-                "directory-cacheservice.xml" ) );
-
+    
+            cacheManager = new CacheManager();
+    
+            cacheManager.addCache( "kdcReplayCache" );
             Cache ehCache = cacheManager.getCache( "kdcReplayCache" );
             ehCache.getCacheConfiguration().setMaxElementsInMemory( 2 );
             ehCache.getCacheConfiguration().setTimeToLiveSeconds( 1 );

Added: directory/apacheds/trunk/kerberos-codec/src/test/java/org/apache/directory/shared/kerberos/codec/ChangePasswdDataDecoderTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-codec/src/test/java/org/apache/directory/shared/kerberos/codec/ChangePasswdDataDecoderTest.java?rev=1443107&view=auto
==============================================================================
--- directory/apacheds/trunk/kerberos-codec/src/test/java/org/apache/directory/shared/kerberos/codec/ChangePasswdDataDecoderTest.java (added)
+++ directory/apacheds/trunk/kerberos-codec/src/test/java/org/apache/directory/shared/kerberos/codec/ChangePasswdDataDecoderTest.java Wed Feb  6 18:19:36 2013
@@ -0,0 +1,154 @@
+
+package org.apache.directory.shared.kerberos.codec;
+
+import static org.junit.Assert.assertArrayEquals;
+import static org.junit.Assert.assertEquals;
+
+import java.nio.ByteBuffer;
+
+import org.apache.directory.api.asn1.ber.Asn1Decoder;
+import org.apache.directory.api.util.Strings;
+import org.apache.directory.shared.kerberos.codec.changePwdData.ChangePasswdDataContainer;
+import org.apache.directory.shared.kerberos.messages.ChangePasswdData;
+import org.junit.Test;
+
+public class ChangePasswdDataDecoderTest
+{
+
+    @Test
+    public void testDecodeChangePasswdData() throws Exception
+    {
+        Asn1Decoder decoder = new Asn1Decoder();
+        
+        ByteBuffer buf = ByteBuffer.allocate( 0x30 );
+        buf.put( new byte[]
+            {
+               0x30, 0x2E,
+                (byte)0xA0, 0x08, // newpasswd
+                    0x04, 0x06, 's', 'e', 'c', 'r', 'e', 't',
+                (byte)0xA1, 0x13, // targname
+                        0x30, 0x11,
+                        (byte)0xA0, 0x03,                 // name-type
+                          0x02, 0x01, 0x01,               // NT-PRINCIPAL
+                        (byte)0xA1, 0x0A,                 // name-string
+                          0x30, 0x08,
+                            0x1B, 0x06, 'k', 'r', 'b', 't', 'g', 't',
+                (byte)0xA2, 0x0D, 
+                       0x1B, 0x0B, 'E', 'X', 'A', 'M', 'P', 'L', 'E', '.', 'C', 'O', 'M'
+                
+            } );
+        
+        String decodedPdu = Strings.dumpBytes( buf.array() );
+        buf.flip();
+        
+        ChangePasswdDataContainer container = new ChangePasswdDataContainer( buf );
+        
+        decoder.decode( buf, container );
+        
+        ChangePasswdData chngPwdData = container.getChngPwdData();
+        
+        assertArrayEquals( "secret".getBytes(), chngPwdData.getNewPasswd() );
+        assertEquals( "krbtgt", chngPwdData.getTargName().getNameString() );
+        assertEquals( "EXAMPLE.COM", chngPwdData.getTargRealm() );
+        
+        String encodedPdu = Strings.dumpBytes( chngPwdData.encode( null ).array() );
+        assertEquals( decodedPdu, encodedPdu );
+    }
+    
+    @Test
+    public void testDecodeChangePasswdDataWithoutTargName() throws Exception
+    {
+        Asn1Decoder decoder = new Asn1Decoder();
+        
+        ByteBuffer buf = ByteBuffer.allocate( 0x1B );
+        buf.put( new byte[]
+            {
+               0x30, 0x19,
+                (byte)0xA0, 0x08, // newpasswd
+                    0x04, 0x06, 's', 'e', 'c', 'r', 'e', 't',
+                (byte)0xA2, 0x0D, 
+                       0x1B, 0x0B, 'E', 'X', 'A', 'M', 'P', 'L', 'E', '.', 'C', 'O', 'M'
+                
+            } );
+        
+        String decodedPdu = Strings.dumpBytes( buf.array() );
+        buf.flip();
+        
+        ChangePasswdDataContainer container = new ChangePasswdDataContainer( buf );
+        
+        decoder.decode( buf, container );
+        
+        ChangePasswdData chngPwdData = container.getChngPwdData();
+        
+        assertArrayEquals( "secret".getBytes(), chngPwdData.getNewPasswd() );
+        assertEquals( "EXAMPLE.COM", chngPwdData.getTargRealm() );
+        
+        String encodedPdu = Strings.dumpBytes( chngPwdData.encode( null ).array() );
+        assertEquals( decodedPdu, encodedPdu );
+    }
+
+    
+    @Test
+    public void testDecodeChangePasswdDataWithoutTargRealm() throws Exception
+    {
+        Asn1Decoder decoder = new Asn1Decoder();
+        
+        ByteBuffer buf = ByteBuffer.allocate( 0x21 );
+        buf.put( new byte[]
+            {
+               0x30, 0x1F,
+                (byte)0xA0, 0x08, // newpasswd
+                    0x04, 0x06, 's', 'e', 'c', 'r', 'e', 't',
+                (byte)0xA1, 0x13, // targname
+                        0x30, 0x11,
+                        (byte)0xA0, 0x03,                 // name-type
+                          0x02, 0x01, 0x01,               // NT-PRINCIPAL
+                        (byte)0xA1, 0x0A,                 // name-string
+                          0x30, 0x08,
+                            0x1B, 0x06, 'k', 'r', 'b', 't', 'g', 't'
+            } );
+        
+        String decodedPdu = Strings.dumpBytes( buf.array() );
+        buf.flip();
+        
+        ChangePasswdDataContainer container = new ChangePasswdDataContainer( buf );
+        
+        decoder.decode( buf, container );
+        
+        ChangePasswdData chngPwdData = container.getChngPwdData();
+        
+        assertArrayEquals( "secret".getBytes(), chngPwdData.getNewPasswd() );
+        assertEquals( "krbtgt", chngPwdData.getTargName().getNameString() );
+        
+        String encodedPdu = Strings.dumpBytes( chngPwdData.encode( null ).array() );
+        assertEquals( decodedPdu, encodedPdu );
+    }
+    
+    @Test
+    public void testDecodeChangePasswdDataWithoutTargNameAndRealm() throws Exception
+    {
+        Asn1Decoder decoder = new Asn1Decoder();
+        
+        ByteBuffer buf = ByteBuffer.allocate( 0x0C );
+        buf.put( new byte[]
+            {
+               0x30, 0x0A,
+                (byte)0xA0, 0x08, // newpasswd
+                    0x04, 0x06, 's', 'e', 'c', 'r', 'e', 't'
+            } );
+        
+        String decodedPdu = Strings.dumpBytes( buf.array() );
+        buf.flip();
+        
+        ChangePasswdDataContainer container = new ChangePasswdDataContainer( buf );
+        
+        decoder.decode( buf, container );
+        
+        ChangePasswdData chngPwdData = container.getChngPwdData();
+        
+        assertArrayEquals( "secret".getBytes(), chngPwdData.getNewPasswd() );
+        
+        String encodedPdu = Strings.dumpBytes( chngPwdData.encode( null ).array() );
+        assertEquals( decodedPdu, encodedPdu );
+    }
+}

Modified: directory/apacheds/trunk/kerberos-test/src/test/java/org/apache/directory/server/kerberos/kdc/AbstractKerberosITest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-test/src/test/java/org/apache/directory/server/kerberos/kdc/AbstractKerberosITest.java?rev=1443107&r1=1443106&r2=1443107&view=diff
==============================================================================
--- directory/apacheds/trunk/kerberos-test/src/test/java/org/apache/directory/server/kerberos/kdc/AbstractKerberosITest.java (original)
+++ directory/apacheds/trunk/kerberos-test/src/test/java/org/apache/directory/server/kerberos/kdc/AbstractKerberosITest.java Wed Feb  6 18:19:36 2013
@@ -151,7 +151,7 @@ public class AbstractKerberosITest exten
         System.setProperty( "java.security.krb5.conf", krb5confPath );
         
         // change encryption type in KDC
-        kdcServer.setEncryptionTypes( Collections.singletonList( parameters.encryptionType ) );
+        kdcServer.getConfig().setEncryptionTypes( Collections.singleton( parameters.encryptionType ) );
 
         // create principals
         createPrincipal( "uid=" + USER_UID, "Last", "First Last",

Modified: directory/apacheds/trunk/kerberos-test/src/test/java/org/apache/directory/server/kerberos/kdc/SaslGssapiBindITest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/kerberos-test/src/test/java/org/apache/directory/server/kerberos/kdc/SaslGssapiBindITest.java?rev=1443107&r1=1443106&r2=1443107&view=diff
==============================================================================
--- directory/apacheds/trunk/kerberos-test/src/test/java/org/apache/directory/server/kerberos/kdc/SaslGssapiBindITest.java (original)
+++ directory/apacheds/trunk/kerberos-test/src/test/java/org/apache/directory/server/kerberos/kdc/SaslGssapiBindITest.java Wed Feb  6 18:19:36 2013
@@ -293,6 +293,7 @@ public class SaslGssapiBindITest extends
     @Test
     public void testSaslGssapiBind()
     {
+        kdcServer.getConfig().setPaEncTimestampRequired( false );
         // Use our custom configuration to avoid reliance on external config
         Configuration.setConfiguration( new Krb5LoginConfiguration() );
         // 1. Authenticate to Kerberos.

Modified: directory/apacheds/trunk/protocol-kerberos/pom.xml
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-kerberos/pom.xml?rev=1443107&r1=1443106&r2=1443107&view=diff
==============================================================================
--- directory/apacheds/trunk/protocol-kerberos/pom.xml (original)
+++ directory/apacheds/trunk/protocol-kerberos/pom.xml Wed Feb  6 18:19:36 2013
@@ -53,6 +53,11 @@
     </dependency>
 
     <dependency>
+      <groupId>${project.groupId}</groupId>
+      <artifactId>apacheds-core-shared</artifactId>
+    </dependency>
+
+    <dependency>
       <groupId>org.apache.directory.api</groupId>
       <artifactId>api-asn1-api</artifactId>
     </dependency>

Added: directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/ChangePasswordConfig.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/ChangePasswordConfig.java?rev=1443107&view=auto
==============================================================================
--- directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/ChangePasswordConfig.java (added)
+++ directory/apacheds/trunk/protocol-kerberos/src/main/java/org/apache/directory/server/kerberos/ChangePasswordConfig.java Wed Feb  6 18:19:36 2013
@@ -0,0 +1,29 @@
+
+package org.apache.directory.server.kerberos;
+
+public class ChangePasswordConfig extends KerberosConfig
+{
+    /** The default change password principal name. */
+    private static final String SERVICE_PRINCIPAL_DEFAULT = "kadmin/changepw@EXAMPLE.COM";
+
+    public ChangePasswordConfig()
+    {
+        setServicePrincipal( SERVICE_PRINCIPAL_DEFAULT );
+    }
+
+    public ChangePasswordConfig( KerberosConfig kdcConfig )
+    {
+        setServicePrincipal( "kadmin/changepw@" + kdcConfig.getPrimaryRealm() );
+
+        // copy the relevant kdc config parameters
+        this.setAllowableClockSkew( kdcConfig.getAllowableClockSkew() );
+        this.setBodyChecksumVerified( kdcConfig.isBodyChecksumVerified() );
+        this.setEmptyAddressesAllowed( kdcConfig.isEmptyAddressesAllowed() );
+        this.setEncryptionTypes( kdcConfig.getEncryptionTypes() );
+        this.setForwardableAllowed( kdcConfig.isForwardableAllowed() );
+        this.setMaximumRenewableLifetime( kdcConfig.getMaximumRenewableLifetime() );
+        this.setMaximumTicketLifetime( kdcConfig.getMaximumTicketLifetime() );
+        this.setPaEncTimestampRequired( kdcConfig.isPaEncTimestampRequired() );
+        this.setSearchBaseDn( kdcConfig.getSearchBaseDn() );
+    }
+}



Mime
View raw message