TimestampChecker.java

erodriguez 5 Feb 2005 00:43:25 -0000

Author: erodriguez
Date: Fri Feb  4 16:43:20 2005
New Revision: 151451

URL: http://svn.apache.org/viewcvs?view=rev&rev=151451
Log:
Simplified pre-authentication verification.


Modified:
    
incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/AuthenticationService.java
    
incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/sam/TimestampChecker.java

Modified: 
incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/AuthenticationService.java
URL: 
http://svn.apache.org/viewcvs/incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/AuthenticationService.java?view=diff&r1=151450&r2=151451
==============================================================================
--- 
incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/AuthenticationService.java
 (original)
+++ 
incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/AuthenticationService.java
 Fri Feb  4 16:43:20 2005
@@ -30,7 +30,6 @@
 import org.apache.kerberos.io.decoder.EncryptedTimestampDecoder;
 import org.apache.kerberos.io.encoder.EncAsRepPartEncoder;
 import org.apache.kerberos.io.encoder.EncTicketPartEncoder;
-import org.apache.kerberos.io.encoder.PreAuthenticationDataEncoder;
 import org.apache.kerberos.kdc.store.PrincipalStore;
 import org.apache.kerberos.kdc.store.PrincipalStoreEntry;
 import org.apache.kerberos.messages.AuthenticationReply;
@@ -168,18 +167,12 @@
                        
                            for ( int ii = 0; ii < preAuthData.length; ii++ )
                            {
-                               if ( preAuthData[ ii ].getDataType().equals( 
PreAuthenticationDataType.PA_ENC_TIMESTAMP ) )
+                               if ( preAuthData[ii].getDataType().equals( 
PreAuthenticationDataType.PA_ENC_TIMESTAMP ) )
                                {
-                                   PreAuthenticationDataEncoder preAuthEncoder 
= new PreAuthenticationDataEncoder();
-                               byte[] sad = preAuthEncoder.encode( 
preAuthData[ii] );
-                                   KerberosKey samKey = SamSubsystem.verify( 
entry, sad );
+                                   KerberosKey samKey = SamSubsystem.verify( 
entry, preAuthData[ii].getDataValue() );
                                    clientKey = new EncryptionKey( 
EncryptionType.getTypeByOrdinal( samKey.getKeyType() ), samKey.getEncoded() );
                                }
                            }
-                   }
-                   catch (IOException ioe)
-                   {
-                   throw KerberosException.KRB_AP_ERR_BAD_INTEGRITY;
                    }
                    catch (SamException se)
                    {

Modified: 
incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/sam/TimestampChecker.java
URL: 
http://svn.apache.org/viewcvs/incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/sam/TimestampChecker.java?view=diff&r1=151450&r2=151451
==============================================================================
--- 
incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/sam/TimestampChecker.java
 (original)
+++ 
incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/sam/TimestampChecker.java
 Fri Feb  4 16:43:20 2005
@@ -26,41 +26,27 @@
 import org.apache.kerberos.crypto.encryption.EncryptionType;
 import org.apache.kerberos.io.decoder.EncryptedDataDecoder;
 import org.apache.kerberos.io.decoder.EncryptedTimestampDecoder;
-import org.apache.kerberos.io.decoder.PreAuthenticationDataDecoder;
 import org.apache.kerberos.kdc.KerberosException;
 import org.apache.kerberos.messages.value.EncryptedData;
 import org.apache.kerberos.messages.value.EncryptedTimeStamp;
 import org.apache.kerberos.messages.value.EncryptionKey;
 import org.apache.kerberos.messages.value.KerberosTime;
-import org.apache.kerberos.messages.value.PreAuthenticationData;
-import org.apache.kerberos.messages.value.PreAuthenticationDataType;
-import org.apache.kerberos.sam.KeyIntegrityChecker;
 
 
 public class TimestampChecker implements KeyIntegrityChecker
 {
     private static final long FIVE_MINUTES = 300000;
     
-    public boolean checkKeyIntegrity( byte[] preauthData, KerberosKey 
kerberosKey )
+    public boolean checkKeyIntegrity( byte[] encryptedData, KerberosKey 
kerberosKey )
     {
         EncryptionType keyType = EncryptionType.getTypeByOrdinal( 
kerberosKey.getKeyType() );
         EncryptionKey key = new EncryptionKey( keyType, 
kerberosKey.getEncoded() );
         
         try
         {
-               // Decode the pre-authentication data from ASN.1
-               PreAuthenticationDataDecoder preAuthDecoder = new 
PreAuthenticationDataDecoder();
-               PreAuthenticationData sad = preAuthDecoder.decode( preauthData 
);
-               
-               // If this pre-auth is not an encrypted timestamp, we aren't 
interested
-               if ( sad.getDataType() != 
PreAuthenticationDataType.PA_ENC_TIMESTAMP )
-               {
-                   return false;
-               }
-               
                // Since the pre-auth value is of type PA-ENC-TIMESTAMP, it 
should be a valid
                // ASN.1 PA-ENC-TS-ENC structure, so we can decode it into 
EncryptedData.
-               EncryptedData sadValue = EncryptedDataDecoder.decode( 
sad.getDataValue() );
+               EncryptedData sadValue = EncryptedDataDecoder.decode( 
encryptedData );
                
                // Decrypt the EncryptedData structure to get the PA-ENC-TS-ENC
             EncryptionEngine engine = 
EncryptionEngineFactory.getEncryptionEngineFor( key );

svn commit: r151451 - in incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos: kdc/AuthenticationService.java sam/TimestampChecker.java

Reply via email to