Author: erodriguez Date: Thu Jan 27 21:04:26 2005 New Revision: 148857 URL: http://svn.apache.org/viewcvs?view=rev&rev=148857 Log: Support for pre-authentication by encrypted timestamp. Added: incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/io/decoder/EncryptedDataDecoder.java incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/io/decoder/EncryptedTimestampDecoder.java incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/EncryptedTimeStampModifier.java Modified: incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/AuthenticationService.java incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/components/Authenticator.java incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/EncryptedTimeStamp.java incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/PreAuthenticationData.java incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/PreAuthenticationDataModifier.java incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/PreAuthenticationDataType.java
Added: incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/io/decoder/EncryptedDataDecoder.java Url: http://svn.apache.org/viewcvs/incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/io/decoder/EncryptedDataDecoder.java?view=auto&rev=148857 ============================================================================== --- (empty file) +++ incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/io/decoder/EncryptedDataDecoder.java Thu Jan 27 21:04:26 2005 @@ -0,0 +1,38 @@ +/* + * Copyright 2005 The Apache Software Foundation + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package org.apache.kerberos.io.decoder; + +import java.io.IOException; + +import org.apache.asn1.der.ASN1InputStream; +import org.apache.asn1.der.DERSequence; +import org.apache.kerberos.messages.value.EncryptedData; + + +public class EncryptedDataDecoder extends KerberosMessageDecoder +{ + public EncryptedData decode( byte[] encodedEncryptedData ) throws IOException + { + ASN1InputStream ais = new ASN1InputStream( encodedEncryptedData ); + + DERSequence sequence = (DERSequence) ais.readObject(); + + return decodeEncryptedData( sequence ); + } +} + Added: incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/io/decoder/EncryptedTimestampDecoder.java Url: http://svn.apache.org/viewcvs/incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/io/decoder/EncryptedTimestampDecoder.java?view=auto&rev=148857 ============================================================================== --- (empty file) +++ incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/io/decoder/EncryptedTimestampDecoder.java Thu Jan 27 21:04:26 2005 @@ -0,0 +1,81 @@ +/* + * Copyright 2005 The Apache Software Foundation + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package org.apache.kerberos.io.decoder; + +import java.io.IOException; +import java.util.Enumeration; + +import org.apache.asn1.der.ASN1InputStream; +import org.apache.asn1.der.DEREncodable; +import org.apache.asn1.der.DERGeneralizedTime; +import org.apache.asn1.der.DERInteger; +import org.apache.asn1.der.DERSequence; +import org.apache.asn1.der.DERTaggedObject; +import org.apache.kerberos.messages.value.EncryptedTimeStamp; +import org.apache.kerberos.messages.value.EncryptedTimeStampModifier; + +/** + * padata-type ::= PA-ENC-TIMESTAMP + * padata-value ::= EncryptedData -- PA-ENC-TS-ENC + * + * PA-ENC-TS-ENC ::= SEQUENCE { + * patimestamp[0] KerberosTime, -- client's time + * pausec[1] INTEGER OPTIONAL + * } + */ +public class EncryptedTimestampDecoder extends KerberosMessageDecoder +{ + public EncryptedTimeStamp decode( byte[] encodedEncryptedTimestamp ) throws IOException + { + ASN1InputStream ais = new ASN1InputStream( encodedEncryptedTimestamp ); + + DERSequence sequence = (DERSequence) ais.readObject(); + + return decodeEncryptedTimestamp( sequence ); + } + + protected EncryptedTimeStamp decodeEncryptedTimestamp( DERSequence sequence ) + { + EncryptedTimeStampModifier modifier = new EncryptedTimeStampModifier(); + + for ( Enumeration e = sequence.getObjects(); e.hasMoreElements(); ) + { + DERTaggedObject object = (DERTaggedObject) e.nextElement(); + int tag = object.getTagNo(); + DEREncodable derObject = object.getObject(); + + switch ( tag ) + { + case 0: + DERGeneralizedTime tag0 = (DERGeneralizedTime)derObject; + modifier.setKerberosTime( decodeKerberosTime( tag0 ) ); + break; + case 1: + DERInteger tag1 = (DERInteger)derObject; + modifier.setMicroSecond( tag1.intValue() ); + break; + default: + System.out.println( object.getObject() ); + break; + } + } + + return modifier.getEncryptedTimestamp(); + } +} + Modified: incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/AuthenticationService.java Url: http://svn.apache.org/viewcvs/incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/AuthenticationService.java?view=diff&rev=148857&p1=incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/AuthenticationService.java&r1=148856&p2=incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/AuthenticationService.java&r2=148857 ============================================================================== --- incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/AuthenticationService.java (original) +++ incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/AuthenticationService.java Thu Jan 27 21:04:26 2005 @@ -14,10 +14,17 @@ * limitations under the License. * */ + package org.apache.kerberos.kdc; +import java.io.IOException; + +import javax.security.auth.kerberos.KerberosPrincipal; + import org.apache.kerberos.crypto.RandomKey; import org.apache.kerberos.crypto.encryption.EncryptionEngine; +import org.apache.kerberos.io.decoder.EncryptedDataDecoder; +import org.apache.kerberos.io.decoder.EncryptedTimestampDecoder; import org.apache.kerberos.io.encoder.EncAsRepPartEncoder; import org.apache.kerberos.io.encoder.EncTicketPartEncoder; import org.apache.kerberos.kdc.store.PrincipalStore; @@ -26,93 +33,125 @@ import org.apache.kerberos.messages.components.EncTicketPart; import org.apache.kerberos.messages.components.EncTicketPartModifier; import org.apache.kerberos.messages.components.Ticket; -import org.apache.kerberos.messages.value.*; +import org.apache.kerberos.messages.value.EncryptedData; +import org.apache.kerberos.messages.value.EncryptedTimeStamp; +import org.apache.kerberos.messages.value.EncryptionKey; +import org.apache.kerberos.messages.value.KdcOptions; +import org.apache.kerberos.messages.value.KerberosTime; +import org.apache.kerberos.messages.value.LastRequest; +import org.apache.kerberos.messages.value.PreAuthenticationData; +import org.apache.kerberos.messages.value.PreAuthenticationDataType; +import org.apache.kerberos.messages.value.TicketFlags; +import org.apache.kerberos.messages.value.TransitedEncoding; -import javax.security.auth.kerberos.KerberosPrincipal; -public class AuthenticationService extends KerberosService { - +public class AuthenticationService extends KerberosService +{ private KdcConfiguration config; - public AuthenticationService(PrincipalStore store, PrincipalStore bootstrap, KdcConfiguration config) + public AuthenticationService( PrincipalStore store, PrincipalStore bootstrap, KdcConfiguration config ) { - super(config, bootstrap, store); + super( config, bootstrap, store ); this.config = config; } - - public AuthenticationReply getReplyFor(KdcRequest request) throws KerberosException { - + + public AuthenticationReply getReplyFor( KdcRequest request ) throws KerberosException + { KerberosPrincipal clientPrincipal = request.getClientPrincipal(); - EncryptionKey clientKey = getKeyForPrincipal(clientPrincipal); + EncryptionKey clientKey = getKeyForPrincipal( clientPrincipal ); - if (clientKey == null) + if ( clientKey == null ) { throw KerberosException.KDC_ERR_C_PRINCIPAL_UNKNOWN; } KerberosPrincipal serverPrincipal = request.getServerPrincipal(); - EncryptionKey serverKey = getKeyForPrincipal(serverPrincipal); + EncryptionKey serverKey = getKeyForPrincipal( serverPrincipal ); - if (serverKey == null) + if ( serverKey == null ) { throw KerberosException.KDC_ERR_S_PRINCIPAL_UNKNOWN; } - verifyPreAuthentication(request, clientPrincipal); + verifyPreAuthentication( request, clientKey ); - Ticket ticket = getNewTicket(request, serverKey); - AuthenticationReply reply = getAuthenticationReply(request, ticket); - encryptReplyPart(reply, clientKey); + Ticket ticket = getNewTicket( request, serverKey ); + AuthenticationReply reply = getAuthenticationReply( request, ticket ); + encryptReplyPart( reply, clientKey ); - System.out.print("Issuing ticket to client " + clientPrincipal.toString() + " "); - System.out.println("for access to " + serverPrincipal.toString()); + System.out.print( "Issuing ticket to client " + clientPrincipal.toString() + " " ); + System.out.println( "for access to " + serverPrincipal.toString() ); return reply; } - // TODO - currently no support for pre-auth; requires server store support - private void verifyPreAuthentication(KdcRequest request, KerberosPrincipal clientPrincipal) { - /* - if(client.pa_enc_timestamp_required and - pa_enc_timestamp not present) then - error_out(KDC_ERR_PREAUTH_REQUIRED(PA_ENC_TIMESTAMP)); - endif - */ - - /* - if(pa_enc_timestamp present) then - getDecryptedData req.padata-value into decrypted_enc_timestamp - using client.key; - using auth_hdr.authenticator.subkey; - if (decrypt_error()) then - error_out(KRB_AP_ERR_BAD_INTEGRITY); - if(decrypted_enc_timestamp is not within allowable - skew) then error_out(KDC_ERR_PREAUTH_FAILED); - endif - if(decrypted_enc_timestamp and usec is replay) - error_out(KDC_ERR_PREAUTH_FAILED); - endif - add decrypted_enc_timestamp and usec to replay cache; - endif - */ - - /* - if (LocalConfig.DEFAULT_PA_ENC_TIMESTAMP_REQUIRED) { - byte[] encTimeStamp = CryptoService.getEncryptedTimestamp(key, new Date()); - if (key != null) { - paData = new PreAuthenticationData[1]; - paData[0] = new PreAuthenticationData(PreAuthenticationData.PA_ENC_TIMESTAMP, encTimeStamp); - } - } - */ + private void verifyPreAuthentication( KdcRequest request, EncryptionKey clientKey ) + throws KerberosException + { + if ( config.isPaEncTimestampRequired() ) + { + PreAuthenticationData[] paData = request.getPreAuthData(); + + if ( paData == null ) + { + throw KerberosException.KDC_ERR_PREAUTH_REQUIRED; + } + + EncryptedTimeStamp timestamp = null; + + for ( int ii = 0; ii < paData.length; ii++ ) + { + if ( paData[ ii ].getDataType().equals( PreAuthenticationDataType.PA_ENC_TIMESTAMP ) ) + { + try + { + EncryptedDataDecoder decoder = new EncryptedDataDecoder(); + EncryptedData dataValue = decoder.decode( paData[ ii ].getDataValue() ); + + EncryptionEngine engine = getEncryptionEngine( clientKey ); + + byte[] decTimestamp = engine.getDecryptedData( clientKey, dataValue ); + + EncryptedTimestampDecoder timeStampDecoder = new EncryptedTimestampDecoder(); + timestamp = timeStampDecoder.decode( decTimestamp ); + } + catch (KerberosException ke) + { + throw KerberosException.KRB_AP_ERR_BAD_INTEGRITY; + } + catch (IOException ioe) + { + throw KerberosException.KRB_AP_ERR_BAD_INTEGRITY; + } + } + } + + if ( timestamp == null ) + { + throw KerberosException.KDC_ERR_PREAUTH_REQUIRED; + } + + if ( !timestamp.getTimeStamp().isInClockSkew( config.getClockSkew() ) ) + { + throw KerberosException.KDC_ERR_PREAUTH_FAILED; + } + + /* + if(decrypted_enc_timestamp and usec is replay) + error_out(KDC_ERR_PREAUTH_FAILED); + endif + + add decrypted_enc_timestamp and usec to replay cache; + */ + } } // TODO - client and server parameters; requires store - private Ticket getNewTicket(KdcRequest request, EncryptionKey serverKey) throws KerberosException { - + private Ticket getNewTicket(KdcRequest request, EncryptionKey serverKey) throws KerberosException + { KerberosPrincipal ticketPrincipal = request.getServerPrincipal(); EncTicketPartModifier newTicketBody = new EncTicketPartModifier(); @@ -140,7 +179,8 @@ KerberosTime now = new KerberosTime(); newTicketBody.setAuthTime(now); - if (request.getKdcOptions().get(KdcOptions.POSTDATED)) { + if (request.getKdcOptions().get(KdcOptions.POSTDATED)) + { // TODO - possibly allow req.from range if (!config.isPostdateAllowed()) throw KerberosException.KDC_ERR_POLICY; @@ -165,7 +205,8 @@ long tempRtime = 0; if (request.getKdcOptions().get(KdcOptions.RENEWABLE_OK) && - request.getTill().greaterThan(kerberosEndTime)) { + request.getTill().greaterThan(kerberosEndTime)) + { request.getKdcOptions().set(KdcOptions.RENEWABLE); tempRtime = request.getTill().getTime(); } @@ -186,14 +227,16 @@ else tempRtime = request.getRtime().getTime(); - if (request.getKdcOptions().get(KdcOptions.RENEWABLE)) { + if (request.getKdcOptions().get(KdcOptions.RENEWABLE)) + { newTicketBody.setFlag(TicketFlags.RENEWABLE); long renewTill = Math.min(request.getFrom().getTime() + config.getMaximumRenewableLifetime(), tempRtime); newTicketBody.setRenewTill(new KerberosTime(renewTill)); } - if (request.getAddresses() != null) { + if (request.getAddresses() != null) + { newTicketBody.setClientAddresses(request.getAddresses()); } @@ -207,25 +250,31 @@ return newTicket; } - private EncryptedData encryptTicketPart(EncTicketPart ticketPart, EncryptionKey serverKey) { + private EncryptedData encryptTicketPart(EncTicketPart ticketPart, EncryptionKey serverKey) + { EncTicketPartEncoder encoder = new EncTicketPartEncoder(); EncryptedData encryptedTicketPart = null; - try { + try + { byte[] plainText = encoder.encode(ticketPart); EncryptionEngine engine = getEncryptionEngine(serverKey); encryptedTicketPart = engine.getEncryptedData(serverKey, plainText); - } catch (Exception e) { + } + catch (Exception e) + { e.printStackTrace(); } return encryptedTicketPart; } - private void encryptReplyPart(AuthenticationReply reply, EncryptionKey clientKey) { + private void encryptReplyPart( AuthenticationReply reply, EncryptionKey clientKey ) + { EncAsRepPartEncoder encoder = new EncAsRepPartEncoder(); - try { + try + { byte[] plainText = encoder.encode(reply); EncryptionEngine engine = getEncryptionEngine(clientKey); @@ -233,35 +282,39 @@ EncryptedData cipherText = engine.getEncryptedData(clientKey, plainText); reply.setEncPart(cipherText); - - } catch (Exception e) { + } + catch (Exception e) + { e.printStackTrace(); } } - private AuthenticationReply getAuthenticationReply(KdcRequest request, Ticket ticket) { + private AuthenticationReply getAuthenticationReply( KdcRequest request, Ticket ticket ) + { AuthenticationReply reply = new AuthenticationReply(); - reply.setClientPrincipal(request.getClientPrincipal()); - reply.setTicket(ticket); - reply.setKey(ticket.getSessionKey()); + reply.setClientPrincipal( request.getClientPrincipal() ); + reply.setTicket( ticket ); + reply.setKey( ticket.getSessionKey() ); // TODO - fetch lastReq for this client; requires store - reply.setLastRequest(new LastRequest()); + reply.setLastRequest( new LastRequest() ); // TODO - resp.key-expiration := client.expiration; requires store - reply.setNonce(request.getNonce()); + reply.setNonce( request.getNonce() ); - reply.setFlags(ticket.getFlags()); - reply.setAuthTime(ticket.getAuthTime()); - reply.setStartTime(ticket.getStartTime()); - reply.setEndTime(ticket.getEndTime()); + reply.setFlags( ticket.getFlags() ); + reply.setAuthTime( ticket.getAuthTime() ); + reply.setStartTime( ticket.getStartTime() ); + reply.setEndTime( ticket.getEndTime() ); - if (ticket.getFlags().get(TicketFlags.RENEWABLE)) + if ( ticket.getFlags().get( TicketFlags.RENEWABLE ) ) + { reply.setRenewTill(ticket.getRenewTill()); + } - reply.setServerPrincipal(ticket.getServerPrincipal()); - reply.setClientAddresses(ticket.getClientAddresses()); + reply.setServerPrincipal( ticket.getServerPrincipal() ); + reply.setClientAddresses( ticket.getClientAddresses() ); return reply; } Modified: incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/components/Authenticator.java Url: http://svn.apache.org/viewcvs/incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/components/Authenticator.java?view=diff&rev=148857&p1=incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/components/Authenticator.java&r1=148856&p2=incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/components/Authenticator.java&r2=148857 ============================================================================== --- incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/components/Authenticator.java (original) +++ incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/components/Authenticator.java Thu Jan 27 21:04:26 2005 @@ -14,70 +14,90 @@ * limitations under the License. * */ + package org.apache.kerberos.messages.components; -import org.apache.kerberos.messages.value.*; +import javax.security.auth.kerberos.KerberosPrincipal; -import javax.security.auth.kerberos.*; +import org.apache.kerberos.messages.value.AuthorizationData; +import org.apache.kerberos.messages.value.Checksum; +import org.apache.kerberos.messages.value.EncryptionKey; +import org.apache.kerberos.messages.value.KerberosTime; -public class Authenticator { - + +public class Authenticator +{ public static final int AUTHENTICATOR_VNO = 5; - private int _versionNumber; - private KerberosPrincipal _clientPrincipal; - private Checksum _checksum; - private int _clientMicroSecond; - private KerberosTime _clientTime; - private EncryptionKey _subSessionKey; - private int _sequenceNumber; - private AuthorizationData _authorizationData; - - public Authenticator(KerberosPrincipal clientPrincipal, Checksum checksum, - int cusec, KerberosTime clientTime, EncryptionKey subSessionKey, int sequenceNumber, - AuthorizationData authorizationData) { - - this(AUTHENTICATOR_VNO, clientPrincipal, checksum, cusec, clientTime, - subSessionKey, sequenceNumber, authorizationData); - } - - public Authenticator(int versionNumber, KerberosPrincipal clientPrincipal, Checksum checksum, - int cusec, KerberosTime clientTime, EncryptionKey subSessionKey, int sequenceNumber, - AuthorizationData authorizationData) { - - _versionNumber = versionNumber; - _clientPrincipal = clientPrincipal; - _checksum = checksum; - _clientMicroSecond = cusec; - _clientTime = clientTime; - _subSessionKey = subSessionKey; - _sequenceNumber = sequenceNumber; - _authorizationData = authorizationData; - } - - public KerberosPrincipal getClientPrincipal() { - return _clientPrincipal; - } - public KerberosTime getClientTime() { - return _clientTime; - } - public int getClientMicroSecond() { - return _clientMicroSecond; - } - public AuthorizationData getAuthorizationData() { - return _authorizationData; - } - public Checksum getChecksum() { - return _checksum; + private int versionNumber; + private KerberosPrincipal clientPrincipal; + private Checksum checksum; + private int clientMicroSecond; + private KerberosTime clientTime; + private EncryptionKey subSessionKey; + private int sequenceNumber; + private AuthorizationData authorizationData; + + public Authenticator( KerberosPrincipal clientPrincipal, Checksum checksum, + int clientMicroSecond, KerberosTime clientTime, EncryptionKey subSessionKey, + int sequenceNumber, AuthorizationData authorizationData ) + { + this( AUTHENTICATOR_VNO, clientPrincipal, checksum, clientMicroSecond, clientTime, + subSessionKey, sequenceNumber, authorizationData ); + } + + public Authenticator( int versionNumber, KerberosPrincipal clientPrincipal, Checksum checksum, + int clientMicroSecond, KerberosTime clientTime, EncryptionKey subSessionKey, int sequenceNumber, + AuthorizationData authorizationData ) + { + this.versionNumber = versionNumber; + this.clientPrincipal = clientPrincipal; + this.checksum = checksum; + this.clientMicroSecond = clientMicroSecond; + this.clientTime = clientTime; + this.subSessionKey = subSessionKey; + this.sequenceNumber = sequenceNumber; + this.authorizationData = authorizationData; + } + + public KerberosPrincipal getClientPrincipal() + { + return clientPrincipal; } - public int getSequenceNumber() { - return _sequenceNumber; + + public KerberosTime getClientTime() + { + return clientTime; } - public EncryptionKey getSubSessionKey() { - return _subSessionKey; + + public int getClientMicroSecond() + { + return clientMicroSecond; } - public int getVersionNumber() { - return _versionNumber; + + public AuthorizationData getAuthorizationData() + { + return authorizationData; + } + + public Checksum getChecksum() + { + return checksum; + } + + public int getSequenceNumber() + { + return sequenceNumber; + } + + public EncryptionKey getSubSessionKey() + { + return subSessionKey; + } + + public int getVersionNumber() + { + return versionNumber; } } Modified: incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/EncryptedTimeStamp.java Url: http://svn.apache.org/viewcvs/incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/EncryptedTimeStamp.java?view=diff&rev=148857&p1=incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/EncryptedTimeStamp.java&r1=148856&p2=incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/EncryptedTimeStamp.java&r2=148857 ============================================================================== --- incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/EncryptedTimeStamp.java (original) +++ incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/EncryptedTimeStamp.java Thu Jan 27 21:04:26 2005 @@ -14,26 +14,31 @@ * limitations under the License. * */ + package org.apache.kerberos.messages.value; /** * Pre-authentication encrypted timestamp */ -public class EncryptedTimeStamp { - private KerberosTime _timeStamp; - private int _microSeconds; //optional +public class EncryptedTimeStamp +{ + private KerberosTime timeStamp; + private int microSeconds; //optional - public EncryptedTimeStamp(KerberosTime timeStamp, int microSeconds) { - _timeStamp = timeStamp; - _microSeconds = microSeconds; + public EncryptedTimeStamp( KerberosTime timeStamp, int microSeconds ) + { + this.timeStamp = timeStamp; + this.microSeconds = microSeconds; } - public KerberosTime getTimeStamp() { - return _timeStamp; + public KerberosTime getTimeStamp() + { + return timeStamp; } - public int getMicroSeconds() { - return _microSeconds; + public int getMicroSeconds() + { + return microSeconds; } } Added: incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/EncryptedTimeStampModifier.java Url: http://svn.apache.org/viewcvs/incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/EncryptedTimeStampModifier.java?view=auto&rev=148857 ============================================================================== --- (empty file) +++ incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/EncryptedTimeStampModifier.java Thu Jan 27 21:04:26 2005 @@ -0,0 +1,41 @@ +/* + * Copyright 2005 The Apache Software Foundation + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package org.apache.kerberos.messages.value; + + +public class EncryptedTimeStampModifier +{ + private KerberosTime timeStamp; + private int microSecond; //optional + + public EncryptedTimeStamp getEncryptedTimestamp() + { + return new EncryptedTimeStamp( timeStamp, microSecond ); + } + + public void setKerberosTime( KerberosTime timeStamp ) + { + this.timeStamp = timeStamp; + } + + public void setMicroSecond( int microSecond ) + { + this.microSecond = microSecond; + } +} + Modified: incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/PreAuthenticationData.java Url: http://svn.apache.org/viewcvs/incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/PreAuthenticationData.java?view=diff&rev=148857&p1=incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/PreAuthenticationData.java&r1=148856&p2=incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/PreAuthenticationData.java&r2=148857 ============================================================================== --- incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/PreAuthenticationData.java (original) +++ incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/PreAuthenticationData.java Thu Jan 27 21:04:26 2005 @@ -14,14 +14,16 @@ * limitations under the License. * */ + package org.apache.kerberos.messages.value; + public class PreAuthenticationData { private PreAuthenticationDataType dataType; private byte[] dataValue; - public PreAuthenticationData(PreAuthenticationDataType dataType, byte[] dataValue) + public PreAuthenticationData( PreAuthenticationDataType dataType, byte[] dataValue ) { this.dataType = dataType; this.dataValue = dataValue; Modified: incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/PreAuthenticationDataModifier.java Url: http://svn.apache.org/viewcvs/incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/PreAuthenticationDataModifier.java?view=diff&rev=148857&p1=incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/PreAuthenticationDataModifier.java&r1=148856&p2=incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/PreAuthenticationDataModifier.java&r2=148857 ============================================================================== --- incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/PreAuthenticationDataModifier.java (original) +++ incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/PreAuthenticationDataModifier.java Thu Jan 27 21:04:26 2005 @@ -14,8 +14,10 @@ * limitations under the License. * */ + package org.apache.kerberos.messages.value; + public class PreAuthenticationDataModifier { private PreAuthenticationDataType dataType; @@ -23,15 +25,15 @@ public PreAuthenticationData getPreAuthenticationData() { - return new PreAuthenticationData(dataType, dataValue); + return new PreAuthenticationData( dataType, dataValue ); } - public void setDataType(PreAuthenticationDataType dataType) + public void setDataType( PreAuthenticationDataType dataType ) { this.dataType = dataType; } - public void setDataValue(byte[] dataValue) + public void setDataValue( byte[] dataValue ) { this.dataValue = dataValue; } Modified: incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/PreAuthenticationDataType.java Url: http://svn.apache.org/viewcvs/incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/PreAuthenticationDataType.java?view=diff&rev=148857&p1=incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/PreAuthenticationDataType.java&r1=148856&p2=incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/PreAuthenticationDataType.java&r2=148857 ============================================================================== --- incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/PreAuthenticationDataType.java (original) +++ incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/messages/value/PreAuthenticationDataType.java Thu Jan 27 21:04:26 2005 @@ -14,75 +14,89 @@ * limitations under the License. * */ + package org.apache.kerberos.messages.value; -import java.util.*; +import java.util.Arrays; +import java.util.Collections; +import java.util.List; -public class PreAuthenticationDataType implements Comparable { +public class PreAuthenticationDataType implements Comparable +{ /** * Enumeration elements are constructed once upon class loading. * Order of appearance here determines the order of compareTo. */ - public static final PreAuthenticationDataType NULL = new PreAuthenticationDataType(0, "null"); - public static final PreAuthenticationDataType PA_TGS_REQ = new PreAuthenticationDataType(1, "TGS Request"); - public static final PreAuthenticationDataType PA_ENC_TIMESTAMP = new PreAuthenticationDataType(2, "Enc timestamp"); - public static final PreAuthenticationDataType PA_PW_SALT = new PreAuthenticationDataType(3, "password salt"); - public static final PreAuthenticationDataType PA_ENC_UNIX_TIME = new PreAuthenticationDataType(5, "enc unix time"); - public static final PreAuthenticationDataType PA_SANDIA_SECUREID = new PreAuthenticationDataType(6, "sandia secureid"); - public static final PreAuthenticationDataType PA_SESAME = new PreAuthenticationDataType(7, "sesame"); - public static final PreAuthenticationDataType PA_OSF_DCE = new PreAuthenticationDataType(8, "OSF DCE"); - public static final PreAuthenticationDataType PA_CYBERSAFE_SECUREID = new PreAuthenticationDataType(9, "cybersafe secureid"); - public static final PreAuthenticationDataType PA_ASF3_SALT = new PreAuthenticationDataType(10, "ASF3 salt"); - public static final PreAuthenticationDataType PA_ETYPE_INFO = new PreAuthenticationDataType(11, "encryption info"); - public static final PreAuthenticationDataType SAM_CHALLENGE = new PreAuthenticationDataType(12, "SAM challenge"); - public static final PreAuthenticationDataType SAM_RESPONSE = new PreAuthenticationDataType(13, "SAM response"); - public static final PreAuthenticationDataType PA_PK_AS_REQ = new PreAuthenticationDataType(14, "PK as request"); - public static final PreAuthenticationDataType PA_PK_AS_REP = new PreAuthenticationDataType(15, "PK as response"); - public static final PreAuthenticationDataType PA_USE_SPECIFIED_KVNO = new PreAuthenticationDataType(20, "use specified key version"); - public static final PreAuthenticationDataType SAM_REDIRECT = new PreAuthenticationDataType(21, "SAM redirect"); - public static final PreAuthenticationDataType PA_GET_FROM_TYPED_DATA = new PreAuthenticationDataType(22, "Get from typed data"); + public static final PreAuthenticationDataType NULL = new PreAuthenticationDataType( 0, "null" ); + public static final PreAuthenticationDataType PA_TGS_REQ = new PreAuthenticationDataType( 1, "TGS Request." ); + public static final PreAuthenticationDataType PA_ENC_TIMESTAMP = new PreAuthenticationDataType( 2, "Encrypted timestamp." ); + public static final PreAuthenticationDataType PA_PW_SALT = new PreAuthenticationDataType( 3, "password salt" ); + public static final PreAuthenticationDataType PA_ENC_UNIX_TIME = new PreAuthenticationDataType( 5, "enc unix time" ); + public static final PreAuthenticationDataType PA_SANDIA_SECUREID = new PreAuthenticationDataType( 6, "sandia secureid" ); + public static final PreAuthenticationDataType PA_SESAME = new PreAuthenticationDataType( 7, "sesame" ); + public static final PreAuthenticationDataType PA_OSF_DCE = new PreAuthenticationDataType( 8, "OSF DCE" ); + public static final PreAuthenticationDataType PA_CYBERSAFE_SECUREID = new PreAuthenticationDataType( 9, "cybersafe secureid" ); + public static final PreAuthenticationDataType PA_ASF3_SALT = new PreAuthenticationDataType( 10, "ASF3 salt" ); + public static final PreAuthenticationDataType PA_ETYPE_INFO = new PreAuthenticationDataType( 11, "encryption info" ); + public static final PreAuthenticationDataType SAM_CHALLENGE = new PreAuthenticationDataType( 12, "SAM challenge." ); + public static final PreAuthenticationDataType SAM_RESPONSE = new PreAuthenticationDataType( 13, "SAM response." ); + public static final PreAuthenticationDataType PA_PK_AS_REQ = new PreAuthenticationDataType( 14, "PK as request" ); + public static final PreAuthenticationDataType PA_PK_AS_REP = new PreAuthenticationDataType( 15, "PK as response" ); + public static final PreAuthenticationDataType PA_USE_SPECIFIED_KVNO = new PreAuthenticationDataType( 20, "use specified key version" ); + public static final PreAuthenticationDataType SAM_REDIRECT = new PreAuthenticationDataType( 21, "SAM redirect." ); + public static final PreAuthenticationDataType PA_GET_FROM_TYPED_DATA = new PreAuthenticationDataType( 22, "Get from typed data" ); - public String toString() { - return _fName + " (" + _fOrdinal + ")"; + public String toString() + { + return name + " (" + ordinal + ")"; } - public int compareTo(Object that) { - return _fOrdinal - ((PreAuthenticationDataType) that)._fOrdinal; + public int compareTo( Object that ) + { + return ordinal - ( (PreAuthenticationDataType) that ).ordinal; } - public static PreAuthenticationDataType getTypeByOrdinal(int type) { - for (int i = 0; i < fValues.length; i++) - if (fValues[i]._fOrdinal == type) - return fValues[i]; + public static PreAuthenticationDataType getTypeByOrdinal( int type ) + { + for ( int ii = 0; ii < values.length; ii++ ) + { + if ( values[ ii ].ordinal == type ) + { + return values[ ii ]; + } + } + return NULL; } - public int getOrdinal() { - return _fOrdinal; + public int getOrdinal() + { + return ordinal; } /// PRIVATE ///// - private final String _fName; - private final int _fOrdinal; + private final String name; + private final int ordinal; /** * Private constructor prevents construction outside of this class. */ - private PreAuthenticationDataType(int ordinal, String name) { - _fOrdinal = ordinal; - _fName = name; + private PreAuthenticationDataType( int ordinal, String name ) + { + this.ordinal = ordinal; + this.name = name; } /** * These two lines are all that's necessary to export a List of VALUES. */ - private static final PreAuthenticationDataType[] fValues = {NULL, PA_TGS_REQ, + private static final PreAuthenticationDataType[] values = { NULL, PA_TGS_REQ, PA_ENC_TIMESTAMP, PA_PW_SALT, PA_ENC_UNIX_TIME, PA_SANDIA_SECUREID, PA_SESAME, PA_OSF_DCE, PA_CYBERSAFE_SECUREID, PA_ASF3_SALT, PA_ETYPE_INFO, SAM_CHALLENGE, SAM_RESPONSE, PA_PK_AS_REQ, PA_PK_AS_REP, PA_USE_SPECIFIED_KVNO, - SAM_REDIRECT, PA_GET_FROM_TYPED_DATA}; + SAM_REDIRECT, PA_GET_FROM_TYPED_DATA }; // VALUES needs to be located here, otherwise illegal forward reference - public static final List VALUES = Collections.unmodifiableList(Arrays.asList(fValues)); + public static final List VALUES = Collections.unmodifiableList( Arrays.asList( values ) ); }
