Author: erodriguez Date: Fri Jan 14 12:49:57 2005 New Revision: 125207 URL: http://svn.apache.org/viewcvs?view=rev&rev=125207 Log: Refactoring. Modified: incubator/directory/changepw/trunk/core/src/java/org/apache/changepw/ChangePasswordDispatcher.java incubator/directory/changepw/trunk/core/src/java/org/apache/changepw/ChangePasswordService.java incubator/directory/changepw/trunk/core/src/java/org/apache/changepw/io/ChangePasswordRequestDecoder.java incubator/directory/changepw/trunk/core/src/java/org/apache/changepw/service/ChangePasswordServiceImpl.java
Modified: incubator/directory/changepw/trunk/core/src/java/org/apache/changepw/ChangePasswordDispatcher.java Url: http://svn.apache.org/viewcvs/incubator/directory/changepw/trunk/core/src/java/org/apache/changepw/ChangePasswordDispatcher.java?view=diff&rev=125207&p1=incubator/directory/changepw/trunk/core/src/java/org/apache/changepw/ChangePasswordDispatcher.java&r1=125206&p2=incubator/directory/changepw/trunk/core/src/java/org/apache/changepw/ChangePasswordDispatcher.java&r2=125207 ============================================================================== --- incubator/directory/changepw/trunk/core/src/java/org/apache/changepw/ChangePasswordDispatcher.java (original) +++ incubator/directory/changepw/trunk/core/src/java/org/apache/changepw/ChangePasswordDispatcher.java Fri Jan 14 12:49:57 2005 @@ -18,6 +18,7 @@ package org.apache.changepw; import java.io.IOException; +import java.nio.ByteBuffer; import org.apache.changepw.io.ChangePasswordErrorEncoder; import org.apache.changepw.io.ChangePasswordReplyEncoder; @@ -25,6 +26,7 @@ import org.apache.changepw.messages.ChangePasswordError; import org.apache.changepw.messages.ChangePasswordReply; import org.apache.changepw.messages.ChangePasswordRequest; +import org.apache.changepw.service.ChangePasswordServiceImpl; import org.apache.changepw.store.PasswordStore; import org.apache.kerberos.kdc.KdcConfiguration; import org.apache.kerberos.kdc.KerberosException; @@ -41,45 +43,45 @@ private ChangePasswordService changepwService; private ChangePasswordErrorService errorService; - public ChangePasswordDispatcher(KdcConfiguration config, BootstrapStore bootstrap, PasswordStore store) + public ChangePasswordDispatcher( KdcConfiguration config, BootstrapStore bootstrap, PasswordStore store ) { this.config = config; this.bootstrap = bootstrap; this.store = store; - errorService = new ChangePasswordErrorService(this.config); - changepwService = new ChangePasswordService(this.store, this.bootstrap, this.config); + errorService = new ChangePasswordErrorService( this.config ); + changepwService = new ChangePasswordServiceImpl( this.store, this.bootstrap, this.config ); } - public byte[] dispatch(byte[] requestBytes) throws IOException + public byte[] dispatch( ByteBuffer requestBuffer ) throws IOException { byte[] reply = null; try { ChangePasswordRequestDecoder decoder = new ChangePasswordRequestDecoder(); - ChangePasswordRequest changepwRequest = decoder.decode(requestBytes); + ChangePasswordRequest changepwRequest = decoder.decode( requestBuffer ); - ChangePasswordReply changepwReply = changepwService.getReplyFor(changepwRequest); + ChangePasswordReply changepwReply = changepwService.getReplyFor( changepwRequest ); ChangePasswordReplyEncoder encoder = new ChangePasswordReplyEncoder(); - reply = encoder.encode(changepwReply); + reply = encoder.encode( changepwReply ); } - catch (KerberosException ke) + catch ( KerberosException ke ) { - System.out.println("Returning error message: " + ke.getMessage()); - ChangePasswordError errorMessage = errorService.getReplyFor(ke); + System.out.println( "Returning error message: " + ke.getMessage() ); + ChangePasswordError errorMessage = errorService.getReplyFor( ke ); ChangePasswordErrorEncoder errorEncoder = new ChangePasswordErrorEncoder(); - reply = errorEncoder.encode(errorMessage); + reply = errorEncoder.encode( errorMessage ); } - catch (IOException ioe) + catch ( IOException ioe ) { - System.out.println("Returning error message: " + ioe.getMessage()); + System.out.println( "Returning error message: " + ioe.getMessage() ); ioe.printStackTrace(); ChangePasswordError errorMessage = - errorService.getReplyFor(ChangePasswordException.KRB5_KPASSWD_MALFORMED); + errorService.getReplyFor( ChangePasswordException.KRB5_KPASSWD_MALFORMED ); ChangePasswordErrorEncoder errorEncoder = new ChangePasswordErrorEncoder(); - reply = errorEncoder.encode(errorMessage); + reply = errorEncoder.encode( errorMessage ); } return reply; Modified: incubator/directory/changepw/trunk/core/src/java/org/apache/changepw/ChangePasswordService.java Url: http://svn.apache.org/viewcvs/incubator/directory/changepw/trunk/core/src/java/org/apache/changepw/ChangePasswordService.java?view=diff&rev=125207&p1=incubator/directory/changepw/trunk/core/src/java/org/apache/changepw/ChangePasswordService.java&r1=125206&p2=incubator/directory/changepw/trunk/core/src/java/org/apache/changepw/ChangePasswordService.java&r2=125207 ============================================================================== --- incubator/directory/changepw/trunk/core/src/java/org/apache/changepw/ChangePasswordService.java (original) +++ incubator/directory/changepw/trunk/core/src/java/org/apache/changepw/ChangePasswordService.java Fri Jan 14 12:49:57 2005 @@ -18,166 +18,17 @@ package org.apache.changepw; import java.io.IOException; -import java.net.InetAddress; -import javax.security.auth.kerberos.KerberosKey; -import javax.security.auth.kerberos.KerberosPrincipal; - -import org.apache.changepw.io.ChangePasswordDataDecoder; import org.apache.changepw.messages.ChangePasswordReply; -import org.apache.changepw.messages.ChangePasswordReplyModifier; import org.apache.changepw.messages.ChangePasswordRequest; -import org.apache.changepw.store.PasswordStore; -import org.apache.changepw.value.ChangePasswordData; -import org.apache.changepw.value.ChangePasswordDataModifier; -import org.apache.kerberos.crypto.encryption.EncryptionEngine; -import org.apache.kerberos.io.decoder.EncKrbPrivPartDecoder; -import org.apache.kerberos.io.encoder.EncApRepPartEncoder; -import org.apache.kerberos.io.encoder.EncKrbPrivPartEncoder; -import org.apache.kerberos.kdc.KdcConfiguration; import org.apache.kerberos.kdc.KerberosException; -import org.apache.kerberos.kdc.KerberosService; -import org.apache.kerberos.kdc.store.PrincipalStore; -import org.apache.kerberos.messages.ApplicationRequest; -import org.apache.kerberos.messages.application.ApplicationReply; -import org.apache.kerberos.messages.application.PrivateMessage; -import org.apache.kerberos.messages.components.Authenticator; -import org.apache.kerberos.messages.components.EncApRepPart; -import org.apache.kerberos.messages.components.EncApRepPartModifier; -import org.apache.kerberos.messages.components.EncKrbPrivPart; -import org.apache.kerberos.messages.components.EncKrbPrivPartModifier; -import org.apache.kerberos.messages.components.Ticket; -import org.apache.kerberos.messages.value.EncryptedData; -import org.apache.kerberos.messages.value.EncryptionKey; -import org.apache.kerberos.messages.value.HostAddress; /** * Kerberos Change Password and Set Password Protocols (RFC 3244) */ -public class ChangePasswordService extends KerberosService +public interface ChangePasswordService { - private PasswordStore store; - private KdcConfiguration config; - - public ChangePasswordService(PasswordStore store, PrincipalStore bootstrap, KdcConfiguration config) - { - super(config, bootstrap, null); - - this.store = store; - this.config = config; - } - - public ChangePasswordReply getReplyFor(ChangePasswordRequest request) - throws KerberosException, IOException - { - ApplicationRequest authHeader = request.getAuthHeader(); - - Ticket ticket = authHeader.getTicket(); - - Authenticator authenticator = verifyAuthHeader(authHeader, ticket); - - verifyTicket(ticket, config.getChangepwPrincipal()); - - // TODO - check ticket is for service authorized to change passwords - // ticket.getServerPrincipal().getName().equals(config.getChangepwPrincipal().getName())); - - // TODO - check client principal in ticket is authorized to change password - - // get the subsession key from the Authenticator - EncryptionKey sessionKey = authenticator.getSubSessionKey(); - - // getDecryptedData the request's private message with the subsession key - EncryptedData encReqPrivPart = request.getPrivateMessage().getEncryptedPart(); - EncKrbPrivPart privatePart; - try { - EncryptionEngine engine = getEncryptionEngine(sessionKey); - - byte[] decPrivPart = engine.getDecryptedData(sessionKey, encReqPrivPart); - - EncKrbPrivPartDecoder privDecoder = new EncKrbPrivPartDecoder(); - privatePart = privDecoder.decode(decPrivPart); - } catch (KerberosException ke) { - ke.printStackTrace(); - throw ChangePasswordException.KRB5_KPASSWD_AUTHERROR; - } - - ChangePasswordData passwordData = null; - - if (request.getProtocolVersionNumber() == (short)1) { - // Use protocol version 0x0001, the legacy Kerberos change password protocol - ChangePasswordDataModifier modifier = new ChangePasswordDataModifier(); - modifier.setNewPassword(privatePart.getUserData()); - passwordData = modifier.getChangePasswdData(); - } else { - // Use protocol version 0xFF80, the backwards-compatible MS protocol - ChangePasswordDataDecoder passwordDecoder = new ChangePasswordDataDecoder(); - passwordData = passwordDecoder.decodeChangePasswordData(privatePart.getUserData()); - } - - // usec and seq-number must be present per MS but aren't in legacy kpasswd - // seq-number must have same value as authenticator - // ignore r-address - - // generate key from password - String password = new String(passwordData.getNewPassword()); - KerberosPrincipal clientPrincipal = authenticator.getClientPrincipal(); - KerberosKey newKey = new KerberosKey(clientPrincipal, password.toCharArray(), "DES"); - - // store password in database - String principalName = store.changePassword(clientPrincipal, newKey.getEncoded()); - System.out.println("Successfully modified principal named " + principalName); - - // begin building reply - - // create priv message - // user-data component is short result code - EncKrbPrivPartModifier modifier = new EncKrbPrivPartModifier(); - byte[] resultCode = {(byte)0x00, (byte)0x00}; - modifier.setUserData(resultCode); - - modifier.setSenderAddress(new HostAddress(InetAddress.getLocalHost())); - EncKrbPrivPart privPart = modifier.getEncKrbPrivPart(); - - EncKrbPrivPartEncoder encoder = new EncKrbPrivPartEncoder(); - byte[] encodedPrivPart = encoder.encode(privPart); - - EncryptedData encPrivPart = null; - try { - EncryptionEngine engine = getEncryptionEngine(sessionKey); - - encPrivPart = engine.getEncryptedData(sessionKey, encodedPrivPart); - } catch (KerberosException ke) { - ke.printStackTrace(); - } - PrivateMessage privateMessage = new PrivateMessage(encPrivPart); - - // Begin AP_REP generation - EncApRepPartModifier encApModifier = new EncApRepPartModifier(); - encApModifier.setClientTime(authenticator.getClientTime()); - encApModifier.setClientMicroSecond(authenticator.getClientMicroSecond()); - encApModifier.setSequenceNumber(new Integer(authenticator.getSequenceNumber())); - encApModifier.setSubSessionKey(authenticator.getSubSessionKey()); - - EncApRepPart repPart = encApModifier.getEncApRepPart(); - EncApRepPartEncoder repEncoder = new EncApRepPartEncoder(); - byte[] encodedRepPart = repEncoder.encode(repPart); - - EncryptedData encRepPart = null; - try { - EncryptionEngine engine = getEncryptionEngine(ticket.getSessionKey()); - - encRepPart = engine.getEncryptedData(ticket.getSessionKey(), encodedRepPart); - } catch (KerberosException ke) { - ke.printStackTrace(); - } - ApplicationReply appReply = new ApplicationReply(encRepPart); - - // return status message value object - ChangePasswordReplyModifier replyModifier = new ChangePasswordReplyModifier(); - replyModifier.setApplicationReply(appReply); - replyModifier.setPrivateMessage(privateMessage); - - return replyModifier.getChangePasswordReply(); - } + public ChangePasswordReply getReplyFor( ChangePasswordRequest request ) + throws KerberosException, IOException; } Modified: incubator/directory/changepw/trunk/core/src/java/org/apache/changepw/io/ChangePasswordRequestDecoder.java Url: http://svn.apache.org/viewcvs/incubator/directory/changepw/trunk/core/src/java/org/apache/changepw/io/ChangePasswordRequestDecoder.java?view=diff&rev=125207&p1=incubator/directory/changepw/trunk/core/src/java/org/apache/changepw/io/ChangePasswordRequestDecoder.java&r1=125206&p2=incubator/directory/changepw/trunk/core/src/java/org/apache/changepw/io/ChangePasswordRequestDecoder.java&r2=125207 ============================================================================== --- incubator/directory/changepw/trunk/core/src/java/org/apache/changepw/io/ChangePasswordRequestDecoder.java (original) +++ incubator/directory/changepw/trunk/core/src/java/org/apache/changepw/io/ChangePasswordRequestDecoder.java Fri Jan 14 12:49:57 2005 @@ -27,35 +27,33 @@ import org.apache.kerberos.messages.ApplicationRequest; import org.apache.kerberos.messages.application.PrivateMessage; -public class ChangePasswordRequestDecoder extends KerberosMessageDecoder { - - public ChangePasswordRequest decode(byte[] message) throws IOException { - - ByteBuffer buf = ByteBuffer.wrap(message); - +public class ChangePasswordRequestDecoder extends KerberosMessageDecoder +{ + public ChangePasswordRequest decode( ByteBuffer buf ) throws IOException + { ChangePasswordRequestModifier modifier = new ChangePasswordRequestModifier(); - modifier.setMessageLength(buf.getShort()); - modifier.setProtocolVersionNumber(buf.getShort()); + modifier.setMessageLength( buf.getShort() ); + modifier.setProtocolVersionNumber( buf.getShort() ); short authHeaderLength = buf.getShort(); - modifier.setAuthHeaderLength(authHeaderLength); + modifier.setAuthHeaderLength( authHeaderLength ); - byte[] undecodedAuthHeader = new byte[authHeaderLength]; - buf.get(undecodedAuthHeader, 0, authHeaderLength); + byte[] undecodedAuthHeader = new byte[ authHeaderLength ]; + buf.get( undecodedAuthHeader, 0, authHeaderLength ); ApplicationRequestDecoder decoder = new ApplicationRequestDecoder(); - ApplicationRequest authHeader = decoder.decode(undecodedAuthHeader); + ApplicationRequest authHeader = decoder.decode( undecodedAuthHeader ); - modifier.setAuthHeader(authHeader); + modifier.setAuthHeader( authHeader ); - byte[] encodedPrivate = new byte[buf.remaining()]; - buf.get(encodedPrivate, 0, buf.remaining()); + byte[] encodedPrivate = new byte[ buf.remaining() ]; + buf.get( encodedPrivate, 0, buf.remaining() ); PrivateMessageDecoder privateDecoder = new PrivateMessageDecoder(); - PrivateMessage privMessage = privateDecoder.decode(encodedPrivate); + PrivateMessage privMessage = privateDecoder.decode( encodedPrivate ); - modifier.setPrivateMessage(privMessage); + modifier.setPrivateMessage( privMessage ); return modifier.getChangePasswordMessage(); } Modified: incubator/directory/changepw/trunk/core/src/java/org/apache/changepw/service/ChangePasswordServiceImpl.java Url: http://svn.apache.org/viewcvs/incubator/directory/changepw/trunk/core/src/java/org/apache/changepw/service/ChangePasswordServiceImpl.java?view=diff&rev=125207&p1=incubator/directory/changepw/trunk/core/src/java/org/apache/changepw/service/ChangePasswordServiceImpl.java&r1=125206&p2=incubator/directory/changepw/trunk/core/src/java/org/apache/changepw/service/ChangePasswordServiceImpl.java&r2=125207 ============================================================================== --- incubator/directory/changepw/trunk/core/src/java/org/apache/changepw/service/ChangePasswordServiceImpl.java (original) +++ incubator/directory/changepw/trunk/core/src/java/org/apache/changepw/service/ChangePasswordServiceImpl.java Fri Jan 14 12:49:57 2005 @@ -17,11 +17,170 @@ package org.apache.changepw.service; +import java.io.IOException; +import java.net.InetAddress; + +import javax.security.auth.kerberos.KerberosKey; +import javax.security.auth.kerberos.KerberosPrincipal; + +import org.apache.changepw.ChangePasswordException; import org.apache.changepw.ChangePasswordService; +import org.apache.changepw.io.ChangePasswordDataDecoder; +import org.apache.changepw.messages.ChangePasswordReply; +import org.apache.changepw.messages.ChangePasswordReplyModifier; +import org.apache.changepw.messages.ChangePasswordRequest; +import org.apache.changepw.store.PasswordStore; +import org.apache.changepw.value.ChangePasswordData; +import org.apache.changepw.value.ChangePasswordDataModifier; +import org.apache.kerberos.crypto.encryption.EncryptionEngine; +import org.apache.kerberos.io.decoder.EncKrbPrivPartDecoder; +import org.apache.kerberos.io.encoder.EncApRepPartEncoder; +import org.apache.kerberos.io.encoder.EncKrbPrivPartEncoder; +import org.apache.kerberos.kdc.KdcConfiguration; +import org.apache.kerberos.kdc.KerberosException; +import org.apache.kerberos.kdc.KerberosService; +import org.apache.kerberos.kdc.store.PrincipalStore; +import org.apache.kerberos.messages.ApplicationRequest; +import org.apache.kerberos.messages.application.ApplicationReply; +import org.apache.kerberos.messages.application.PrivateMessage; +import org.apache.kerberos.messages.components.Authenticator; +import org.apache.kerberos.messages.components.EncApRepPart; +import org.apache.kerberos.messages.components.EncApRepPartModifier; +import org.apache.kerberos.messages.components.EncKrbPrivPart; +import org.apache.kerberos.messages.components.EncKrbPrivPartModifier; +import org.apache.kerberos.messages.components.Ticket; +import org.apache.kerberos.messages.value.EncryptedData; +import org.apache.kerberos.messages.value.EncryptionKey; +import org.apache.kerberos.messages.value.HostAddress; -public class ChangePasswordServiceImpl implements ChangePasswordService +/** + * Kerberos Change Password and Set Password Protocols (RFC 3244) + */ +public class ChangePasswordServiceImpl extends KerberosService implements ChangePasswordService { + private PasswordStore store; + private KdcConfiguration config; + public ChangePasswordServiceImpl( PasswordStore store, PrincipalStore bootstrap, KdcConfiguration config ) + { + super(config, bootstrap, null); + + this.store = store; + this.config = config; + } + + public ChangePasswordReply getReplyFor(ChangePasswordRequest request) + throws KerberosException, IOException + { + ApplicationRequest authHeader = request.getAuthHeader(); + + Ticket ticket = authHeader.getTicket(); + + Authenticator authenticator = verifyAuthHeader(authHeader, ticket); + + verifyTicket(ticket, config.getChangepwPrincipal()); + + // TODO - check ticket is for service authorized to change passwords + // ticket.getServerPrincipal().getName().equals(config.getChangepwPrincipal().getName())); + + // TODO - check client principal in ticket is authorized to change password + + // get the subsession key from the Authenticator + EncryptionKey sessionKey = authenticator.getSubSessionKey(); + + // getDecryptedData the request's private message with the subsession key + EncryptedData encReqPrivPart = request.getPrivateMessage().getEncryptedPart(); + EncKrbPrivPart privatePart; + try { + EncryptionEngine engine = getEncryptionEngine(sessionKey); + + byte[] decPrivPart = engine.getDecryptedData(sessionKey, encReqPrivPart); + + EncKrbPrivPartDecoder privDecoder = new EncKrbPrivPartDecoder(); + privatePart = privDecoder.decode(decPrivPart); + } catch (KerberosException ke) { + ke.printStackTrace(); + throw ChangePasswordException.KRB5_KPASSWD_AUTHERROR; + } + + ChangePasswordData passwordData = null; + + if (request.getProtocolVersionNumber() == (short)1) { + // Use protocol version 0x0001, the legacy Kerberos change password protocol + ChangePasswordDataModifier modifier = new ChangePasswordDataModifier(); + modifier.setNewPassword(privatePart.getUserData()); + passwordData = modifier.getChangePasswdData(); + } else { + // Use protocol version 0xFF80, the backwards-compatible MS protocol + ChangePasswordDataDecoder passwordDecoder = new ChangePasswordDataDecoder(); + passwordData = passwordDecoder.decodeChangePasswordData(privatePart.getUserData()); + } + + // usec and seq-number must be present per MS but aren't in legacy kpasswd + // seq-number must have same value as authenticator + // ignore r-address + + // generate key from password + String password = new String(passwordData.getNewPassword()); + KerberosPrincipal clientPrincipal = authenticator.getClientPrincipal(); + KerberosKey newKey = new KerberosKey(clientPrincipal, password.toCharArray(), "DES"); + + // store password in database + String principalName = store.changePassword(clientPrincipal, newKey.getEncoded()); + System.out.println("Successfully modified principal named " + principalName); + + // begin building reply + + // create priv message + // user-data component is short result code + EncKrbPrivPartModifier modifier = new EncKrbPrivPartModifier(); + byte[] resultCode = {(byte)0x00, (byte)0x00}; + modifier.setUserData(resultCode); + + modifier.setSenderAddress(new HostAddress(InetAddress.getLocalHost())); + EncKrbPrivPart privPart = modifier.getEncKrbPrivPart(); + + EncKrbPrivPartEncoder encoder = new EncKrbPrivPartEncoder(); + byte[] encodedPrivPart = encoder.encode(privPart); + + EncryptedData encPrivPart = null; + try { + EncryptionEngine engine = getEncryptionEngine(sessionKey); + + encPrivPart = engine.getEncryptedData(sessionKey, encodedPrivPart); + } catch (KerberosException ke) { + ke.printStackTrace(); + } + PrivateMessage privateMessage = new PrivateMessage(encPrivPart); + + // Begin AP_REP generation + EncApRepPartModifier encApModifier = new EncApRepPartModifier(); + encApModifier.setClientTime(authenticator.getClientTime()); + encApModifier.setClientMicroSecond(authenticator.getClientMicroSecond()); + encApModifier.setSequenceNumber(new Integer(authenticator.getSequenceNumber())); + encApModifier.setSubSessionKey(authenticator.getSubSessionKey()); + + EncApRepPart repPart = encApModifier.getEncApRepPart(); + EncApRepPartEncoder repEncoder = new EncApRepPartEncoder(); + byte[] encodedRepPart = repEncoder.encode(repPart); + + EncryptedData encRepPart = null; + try { + EncryptionEngine engine = getEncryptionEngine(ticket.getSessionKey()); + + encRepPart = engine.getEncryptedData(ticket.getSessionKey(), encodedRepPart); + } catch (KerberosException ke) { + ke.printStackTrace(); + } + ApplicationReply appReply = new ApplicationReply(encRepPart); + + // return status message value object + ChangePasswordReplyModifier replyModifier = new ChangePasswordReplyModifier(); + replyModifier.setApplicationReply(appReply); + replyModifier.setPrivateMessage(privateMessage); + + return replyModifier.getChangePasswordReply(); + } }
