svn commit: rev 57028 - incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/kdc

erodriguez 9 Nov 2004 12:41:22 -0000

Author: erodriguez
Date: Tue Nov  9 04:41:19 2004
New Revision: 57028

Modified:
   
incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/kdc/TicketGrantingService.java
Log:
Moved best encryption choice to ticket granting service.  Refactored better 
names for pre-authentication data.


Modified: 
incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/kdc/TicketGrantingService.java
==============================================================================
--- 
incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/kdc/TicketGrantingService.java
     (original)
+++ 
incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/kdc/TicketGrantingService.java
     Tue Nov  9 04:41:19 2004
@@ -16,21 +16,35 @@
  */
 package org.apache.kerberos.kdc;
 
-import org.apache.kerberos.crypto.*;
-import org.apache.kerberos.crypto.checksum.*;
-import org.apache.kerberos.crypto.encryption.*;
-import org.apache.kerberos.io.decoder.*;
-import org.apache.kerberos.io.encoder.*;
-import org.apache.kerberos.kdc.replay.*;
-import org.apache.kerberos.kdc.store.*;
-import org.apache.kerberos.messages.*;
-import org.apache.kerberos.messages.components.*;
+import org.apache.kerberos.crypto.CryptoService;
+import org.apache.kerberos.crypto.checksum.ChecksumEngine;
+import org.apache.kerberos.crypto.checksum.ChecksumType;
+import org.apache.kerberos.crypto.encryption.EncryptionType;
+import org.apache.kerberos.io.decoder.ApplicationRequestDecoder;
+import org.apache.kerberos.io.decoder.AuthenticatorDecoder;
+import org.apache.kerberos.io.decoder.AuthorizationDataDecoder;
+import org.apache.kerberos.io.decoder.EncTicketPartDecoder;
+import org.apache.kerberos.io.encoder.EncTgsRepPartEncoder;
+import org.apache.kerberos.io.encoder.EncTicketPartEncoder;
+import org.apache.kerberos.io.encoder.KdcReqBodyEncoder;
+import org.apache.kerberos.kdc.replay.ReplayCache;
+import org.apache.kerberos.kdc.store.PrincipalStore;
+import org.apache.kerberos.kdc.store.PrincipalStoreEntry;
+import org.apache.kerberos.messages.ApplicationRequest;
+import org.apache.kerberos.messages.KdcRequest;
+import org.apache.kerberos.messages.MessageType;
+import org.apache.kerberos.messages.TicketGrantReply;
+import org.apache.kerberos.messages.components.Authenticator;
+import org.apache.kerberos.messages.components.EncTicketPart;
+import org.apache.kerberos.messages.components.EncTicketPartModifier;
+import org.apache.kerberos.messages.components.Ticket;
 import org.apache.kerberos.messages.value.*;
 
-import java.io.*;
-import java.util.*;
-
-import javax.security.auth.kerberos.*;
+import javax.security.auth.kerberos.KerberosPrincipal;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
 
 /**
  * RFC 1510 A.6.  KRB_TGS_REQ verification and KRB_TGS_REP generation
@@ -67,7 +81,7 @@
                
                EncryptionKey sessionKey = _cryptoService.getNewSessionKey();
                
-               EncryptionType eType = 
_cryptoService.getBestEncryptionType(request.getEType());
+               EncryptionType eType = 
getBestEncryptionType(request.getEType());
                
                Ticket newTicket = getNewTicket(request, tgt, sessionKey, 
authenticator);
                
@@ -85,10 +99,10 @@
        
        private ApplicationRequest getAuthHeader(KdcRequest request) throws 
KerberosException, IOException {
                
-               if (request.getPaData()[0].getDataType() != 
PreAuthenticationDataType.PA_TGS_REQ)
+               if (request.getPreAuthData()[0].getDataType() != 
PreAuthenticationDataType.PA_TGS_REQ)
                        throw KerberosException.KDC_ERR_PADATA_TYPE_NOSUPP;
                
-               byte[] undecodedAuthHeader = 
request.getPaData()[0].getDataValue();
+               byte[] undecodedAuthHeader = 
request.getPreAuthData()[0].getDataValue();
                ApplicationRequestDecoder decoder = new 
ApplicationRequestDecoder();
                ApplicationRequest authHeader = 
decoder.decode(undecodedAuthHeader);
                
@@ -186,10 +200,10 @@
        
        private void verifyTicket(Ticket ticket, KerberosPrincipal 
serverPrincipal)
                        throws KerberosException {
-               
+               /*
                if (!ticket.getRealm().equals(_config.getPrimaryRealm()) &&
                                
!ticket.getServerPrincipal().equals(serverPrincipal))
-                       throw KerberosException.KRB_AP_ERR_NOT_US;
+                       throw KerberosException.KRB_AP_ERR_NOT_US;*/
        }
        
        // TODO - configurable checksum
@@ -227,7 +241,21 @@
                if (!equal)
                        throw KerberosException.KRB_AP_ERR_MODIFIED;
        }
-       
+
+    private EncryptionType getBestEncryptionType(EncryptionType[] 
requestedTypes)
+                       throws KerberosException {
+
+               EncryptionType[] encryptionTypes = _config.getEncryptionTypes();
+
+               for (int i = 0; i < requestedTypes.length; i++) {
+                       for (int j = 0; j < encryptionTypes.length; j++) {
+                               if (requestedTypes[i] == encryptionTypes[j])
+                                       return encryptionTypes[j];
+                       }
+               }
+               throw KerberosException.KDC_ERR_ETYPE_NOSUPP;
+       }
+
        private EncryptionKey getServerKey(KerberosPrincipal serverPrincipal) 
throws KerberosException {
                
                EncryptionKey serverKey = null;

svn commit: rev 57028 - incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/kdc

Reply via email to