[Directory Wiki] Update of "Asn1Home" by EmmanuelLecharny

30 Apr 2005 20:45:57 -0000 

Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Directory Wiki" for 
change notification.

The following page has been changed by EmmanuelLecharny:
http://wiki.apache.org/directory/Asn1Home

------------------------------------------------------------------------------
  This may seems very complicated, but we have to deal with this kind of 
constraints, as the PDU that we can receive may be really strange, or built to 
break the server. 
  
  == Spnego ASN.1 State Automaton ==
+ The SPNEGO ASN.1 grammar seems very simple, but as there are a lot of 
optional elements, it is not that simple to implement...
+ 
+ It is fully described in RFC 2478.
+ 
+ === Spnego Grammar ===
+ Here is the SPNEGO grammar :
+ 
+ {{{
+ 
+ NegotiationToken ::= CHOICE {
+     negTokenInit  [0]  NegTokenInit,
+     negTokenTarg  [1]  NegTokenTarg 
+ }
+ 
+ NegTokenInit ::= SEQUENCE {
+     mechTypes       [0] MechTypeList  OPTIONAL,
+     reqFlags        [1] ContextFlags  OPTIONAL,
+     mechToken       [2] OCTET STRING  OPTIONAL,
+     mechListMIC     [3] OCTET STRING  OPTIONAL
+ }
+ 
+ NegTokenTarg ::= SEQUENCE {
+     negResult      [0] ENUMERATED {
+                             accept_completed    (0),
+                             accept_incomplete   (1),
+                             reject              (2) }          OPTIONAL,
+     supportedMech  [1] MechType                                OPTIONAL,
+     responseToken  [2] OCTET STRING                            OPTIONAL,
+     mechListMIC    [3] OCTET STRING                            OPTIONAL
+ }
+ 
+ MechTypeList ::= SEQUENCE OF MechType
+ 
+ MechType::= OBJECT IDENTIFIER
+ 
+ ContextFlags ::= BIT STRING {
+         delegFlag       (0),
+         mutualFlag      (1),
+         replayFlag      (2),
+         sequenceFlag    (3),
+         anonFlag        (4),
+         confFlag        (5),
+         integFlag       (6)
+ }
+ 
+ }}}
+ 
+ === Spnego state automaton ===
+ 
+ Here is the state automaton of this grammar :
  
  attachment:spnego.png
+ 
+ We can see that the automaton is quite intricated. The following picture is a 
typical PDU of the first part of this grammar : the '''Neg``Token``Init''' 
element :
+ 
+ attachment:spnego-pdu.png
+ 
+ Of course, as some elements are optional, this PDU could be very different. 
Here is another PDU, where the '''req``Flags''' and the '''mech``List``MIC''' 
are missing :
+ 
+ attachement:spnego-pdu2.png
+ 
+ === Spnego used POJO's ===
+ 
+ We will store the result of a decoding in POJO's, where each constructed 
element is implemented as a POJO.
+ 
+ Here is the class diagram that could be used to store a SPNEGO 
'''neg``Token``Init''' :
+ 
+ attachement:spnego-class-diag1.png
+ 
  
  
  == LDAP ASN.1 State Automaton ==

Reply via email to