directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From plusplusjia...@apache.org
Subject directory-kerby git commit: Get the ReqBody bytes in PkinitPreauth.
Date Mon, 14 Dec 2015 06:27:36 GMT
Repository: directory-kerby
Updated Branches:
  refs/heads/pkinit-support 4d6602522 -> 2f47da369


Get the ReqBody bytes in PkinitPreauth.


Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/2f47da36
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/2f47da36
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/2f47da36

Branch: refs/heads/pkinit-support
Commit: 2f47da369c143051c5d3f90ec21016349dc6562c
Parents: 4d66025
Author: plusplusjiajia <jiajia.li@intel.com>
Authored: Mon Dec 14 14:34:06 2015 +0800
Committer: plusplusjiajia <jiajia.li@intel.com>
Committed: Mon Dec 14 14:34:06 2015 +0800

----------------------------------------------------------------------
 .../kerby/kerberos/kerb/server/KdcHandler.java  | 25 +--------------
 .../server/preauth/pkinit/PkinitPreauth.java    | 32 +++++++++++++++++---
 .../kerb/server/request/KdcRequest.java         | 10 +++---
 3 files changed, 33 insertions(+), 34 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/2f47da36/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcHandler.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcHandler.java
b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcHandler.java
index 903056c..78eb8a0 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcHandler.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/KdcHandler.java
@@ -19,10 +19,6 @@
  */
 package org.apache.kerby.kerberos.kerb.server;
 
-import org.apache.kerby.asn1.Asn1;
-import org.apache.kerby.asn1.parse.Asn1Container;
-import org.apache.kerby.asn1.parse.Asn1Item;
-import org.apache.kerby.asn1.parse.Asn1ParseResult;
 import org.apache.kerby.kerberos.kerb.KrbCodec;
 import org.apache.kerby.kerberos.kerb.KrbErrorCode;
 import org.apache.kerby.kerberos.kerb.KrbException;
@@ -43,7 +39,6 @@ import org.slf4j.LoggerFactory;
 import java.io.IOException;
 import java.net.InetAddress;
 import java.nio.ByteBuffer;
-import java.util.List;
 
 /**
  * KDC handler to process client requests. Currently only one realm is supported.
@@ -78,24 +73,6 @@ public class KdcHandler {
 
         ByteBuffer message = receivedMessage.duplicate();
 
-        Asn1ParseResult parseResult = null;
-        try {
-            parseResult = Asn1.parse(message);
-        } catch (IOException e) {
-            e.printStackTrace();
-        }
-        /**Get REQ_BODY in KDC_REQ for checksum*/
-        byte[] reqBodyBytes = null;
-        Asn1Container container = (Asn1Container) parseResult;
-        List<Asn1ParseResult> parseResults = container.getChildren();
-        Asn1Container parsingItem = (Asn1Container)parseResults.get(0);
-        List<Asn1ParseResult> items = parsingItem.getChildren();
-        if (items.size() > 3) { // TO BE FIXED: INDICATE PKINIT CASE!!
-            ByteBuffer bodyBuffer = items.get(3).getBodyBuffer();
-            byte[] result = new byte[bodyBuffer.remaining()];
-            bodyBuffer.get(result);
-        }
-
         try {
             krbRequest = KrbCodec.decodeMessage(receivedMessage);
         } catch (IOException e) {
@@ -124,7 +101,7 @@ public class KdcHandler {
         }
 
         // For checksum
-        kdcRequest.setReqBodyBytes(reqBodyBytes);
+        kdcRequest.setReqPackage(message);
 
         if (remoteAddress == null) {
             throw new KrbException("Remote address is null, not available.");

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/2f47da36/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
index eb33144..08afe58 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/preauth/pkinit/PkinitPreauth.java
@@ -18,9 +18,11 @@
  */
 package org.apache.kerby.kerberos.kerb.server.preauth.pkinit;
 
+import org.apache.kerby.asn1.Asn1;
+import org.apache.kerby.asn1.parse.Asn1Container;
+import org.apache.kerby.asn1.parse.Asn1ParseResult;
 import org.apache.kerby.asn1.type.Asn1Integer;
 import org.apache.kerby.asn1.type.Asn1ObjectIdentifier;
-import org.apache.kerby.x509.type.Certificate;
 import org.apache.kerby.cms.type.CertificateChoices;
 import org.apache.kerby.cms.type.CertificateSet;
 import org.apache.kerby.cms.type.ContentInfo;
@@ -54,6 +56,7 @@ import org.apache.kerby.kerberos.kerb.type.pa.pkinit.KdcDHKeyInfo;
 import org.apache.kerby.kerberos.kerb.type.pa.pkinit.PaPkAsRep;
 import org.apache.kerby.kerberos.kerb.type.pa.pkinit.PaPkAsReq;
 import org.apache.kerby.kerberos.kerb.type.pa.pkinit.PkAuthenticator;
+import org.apache.kerby.x509.type.Certificate;
 import org.apache.kerby.x509.type.DHParameter;
 import org.apache.kerby.x509.type.SubjectPublicKeyInfo;
 import org.slf4j.Logger;
@@ -66,6 +69,7 @@ import java.io.FileNotFoundException;
 import java.io.IOException;
 import java.io.InputStream;
 import java.math.BigInteger;
+import java.nio.ByteBuffer;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
 import java.util.Arrays;
@@ -165,15 +169,33 @@ public class PkinitPreauth extends AbstractPreauthPlugin {
             checkClockskew(kdcRequest, pkAuthenticator.getCtime());
             DHParameter dhParameter;
 
-            if (kdcRequest.getReqBodyBytes() == null) {
+            byte[] reqBodyBytes = null;
+            if (kdcRequest.getReqPackage() == null) {
                 LOG.error("ReqBodyBytes isn't available");
                 return false;
+            } else {
+                Asn1ParseResult parseResult = null;
+                try {
+                    parseResult = Asn1.parse(kdcRequest.getReqPackage());
+                } catch (IOException e) {
+                    e.printStackTrace();
+                }
+                /**Get REQ_BODY in KDC_REQ for checksum*/
+                Asn1Container container = (Asn1Container) parseResult;
+                List<Asn1ParseResult> parseResults = container.getChildren();
+                Asn1Container parsingItem = (Asn1Container)parseResults.get(0);
+                List<Asn1ParseResult> items = parsingItem.getChildren();
+                if (items.size() > 3) { // TO BE FIXED: INDICATE PKINIT CASE!!
+                    ByteBuffer bodyBuffer = items.get(3).getBodyBuffer();
+                    reqBodyBytes = new byte[bodyBuffer.remaining()];
+                    bodyBuffer.get(reqBodyBytes);
+                }
             }
 
             CheckSum expectedCheckSum = null;
             try {
                 expectedCheckSum = CheckSumUtil.makeCheckSum(CheckSumType.NIST_SHA,
-                        kdcRequest.getReqBodyBytes());
+                        reqBodyBytes);
             } catch (KrbException e) {
                 LOG.error("Unable to calculate AS REQ checksum.", e.getMessage());
             }
@@ -255,8 +277,8 @@ public class PkinitPreauth extends AbstractPreauthPlugin {
 
         PaDataEntry paDataEntry = new PaDataEntry();
         paDataEntry.setPaDataType(PaDataType.PK_AS_REP);
-        //TODO CHOICE
         paDataEntry.setPaDataValue(paPkAsRep.encode());
+
         return paDataEntry;
     }
 
@@ -314,7 +336,7 @@ public class PkinitPreauth extends AbstractPreauthPlugin {
 
         Asn1ObjectIdentifier oid = cryptoContext.getIdPkinitDHKeyDataOID();
         signedDataBytes = PkinitCrypto.cmsSignedDataCreate(kdcDhKeyInfo.encode(), oid, 3,
null,
-                certificateSet, null, null);
+                null, null, null);
 
         dhRepInfo.setDHSignedData(signedDataBytes);
 

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/2f47da36/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java
b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java
index 4940dfe..b8ba6d7 100644
--- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java
+++ b/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java
@@ -97,7 +97,7 @@ public abstract class KdcRequest {
     private boolean isPkinit = false;
     private boolean isAnonymous = false;
     private EncryptionKey sessionKey;
-    private byte[] bodybytes;
+    private ByteBuffer reqPackage;
 
     /**
      * Get session key.
@@ -815,11 +815,11 @@ public abstract class KdcRequest {
         return kdcReq.getReqBody().getKdcOptions();
     }
 
-    public void setReqBodyBytes(byte[] bodyBytes) {
-        this.bodybytes = bodyBytes;
+    public void setReqPackage(ByteBuffer reqPackage) {
+        this.reqPackage = reqPackage;
     }
 
-    public byte[] getReqBodyBytes() {
-        return this.bodybytes;
+    public ByteBuffer getReqPackage() {
+        return this.reqPackage;
     }
 }


Mime
View raw message