Examples of org.apache.directory.server.changepw.messages.ChangePasswordRequest

• org.apache.directory.server.changepw.messages.ChangePasswordRequest
  @author Apache Directory Project @version $Rev: 557127 $, $Date: 2007-07-18 05:02:51 +0200 (Mer, 18 jul 2007) $

    }


    private static void getAuthHeader( ChangePasswordContext changepwContext ) throws KerberosException
    {
        ChangePasswordRequest request = ( ChangePasswordRequest ) changepwContext.getRequest();

        if ( request.getVersionNumber() != 1 )
        {
            throw new ChangePasswordException( ErrorType.KRB5_KPASSWD_BAD_VERSION );
        }

        if ( request.getAuthHeader() == null || request.getAuthHeader().getTicket() == null )
        {
            throw new ChangePasswordException( ErrorType.KRB5_KPASSWD_AUTHERROR );
        }

        ApReq authHeader = request.getAuthHeader();
        Ticket ticket = authHeader.getTicket();

        changepwContext.setAuthHeader( authHeader );
        changepwContext.setTicket( ticket );
    }

        CipherTextHandler cipherTextHandler = changepwContext.getCipherTextHandler();

        Authenticator authenticator = KerberosUtils.verifyAuthHeader( authHeader, ticket, serverKey, clockSkew, replayCache,
            emptyAddressesAllowed, clientAddress, cipherTextHandler, KeyUsage.AP_REQ_AUTHNT_SESS_KEY, false );

        ChangePasswordRequest request = ( ChangePasswordRequest ) changepwContext.getRequest();

        if ( request.getVersionNumber() == 1 && !ticket.getEncTicketPart().getFlags().isInitial() )
        {
            throw new ChangePasswordException( ErrorType.KRB5_KPASSWD_INITIAL_FLAG_NEEDED );
        }

        changepwContext.setAuthenticator( authenticator );

    }


    private static void extractPassword( ChangePasswordContext changepwContext ) throws KerberosException, IOException
    {
        ChangePasswordRequest request = ( ChangePasswordRequest ) changepwContext.getRequest();
        Authenticator authenticator = changepwContext.getAuthenticator();
        CipherTextHandler cipherTextHandler = changepwContext.getCipherTextHandler();

        // TODO - check ticket is for service authorized to change passwords
        // ticket.getServerPrincipal().getName().equals(config.getChangepwPrincipal().getName()));

        // TODO - check client principal in ticket is authorized to change password

        // get the subsession key from the Authenticator
        EncryptionKey subSessionKey = authenticator.getSubKey();

        // decrypt the request's private message with the subsession key
        EncryptedData encReqPrivPart = request.getPrivateMessage().getEncryptedPart();

        EncKrbPrivPart privatePart;

        try
        {
            privatePart = ( EncKrbPrivPart ) cipherTextHandler.unseal( EncKrbPrivPart.class, subSessionKey,
                encReqPrivPart, KeyUsage.KRB_PRIV_ENC_PART_CHOSEN_KEY );
        }
        catch ( KerberosException ke )
        {
            throw new ChangePasswordException( ErrorType.KRB5_KPASSWD_SOFTERROR, ke );
        }

        ChangePasswordData passwordData = null;

        if ( request.getVersionNumber() == ( short ) 1 )
        {
            // Use protocol version 0x0001, the legacy Kerberos change password protocol
            ChangePasswordDataModifier modifier = new ChangePasswordDataModifier();
            modifier.setNewPassword( privatePart.getUserData() );
            passwordData = modifier.getChangePasswdData();

    public void messageReceived( IoSession session, Object message )
    {
        log.debug( "{} RCVD:  {}", session.getRemoteAddress(), message );

        InetAddress clientAddress = ( ( InetSocketAddress ) session.getRemoteAddress() ).getAddress();
        ChangePasswordRequest request = ( ChangePasswordRequest ) message;

        try
        {
            ChangePasswordContext changepwContext = new ChangePasswordContext();
            changepwContext.setConfig( config );

     */
    @Test
    public void testProtocolVersionNumber()
    {
        ChPwdDummySession session = new ChPwdDummySession();
        ChangePasswordRequest message = new ChangePasswordRequest( ( short ) 2, null, null );

        handler.messageReceived( session, message );

        ChangePasswordError reply = ( ChangePasswordError ) session.getMessage();
        KrbError error = reply.getKrbError();

     */
    @Test
    public void testMissingTicket()
    {
        ChPwdDummySession session = new ChPwdDummySession();
        ChangePasswordRequest message = new ChangePasswordRequest( ( short ) 1, null, null );

        handler.messageReceived( session, message );

        ChangePasswordError reply = ( ChangePasswordError ) session.getMessage();
        KrbError error = reply.getKrbError();

        String newPassword = "secretsecret";

        PrivateMessage priv = getChangePasswordPrivateMessage( newPassword, subSessionKey );

        ChangePasswordRequest message = new ChangePasswordRequest( ( short ) 1, apReq, priv );

        handler.messageReceived( session, message );

        ChangePasswordError reply = ( ChangePasswordError ) session.getMessage();
        KrbError error = reply.getKrbError();

        String newPassword = "secretsecret";

        PrivateMessage priv = getSetPasswordPrivateMessage( newPassword, subSessionKey, getPrincipalName( "hnelson" ) );

        ChangePasswordRequest message = new ChangePasswordRequest( ( short ) 0xFF80, apReq, priv );

        handler.messageReceived( session, message );

        ChangePasswordError reply = ( ChangePasswordError ) session.getMessage();
        KrbError error = reply.getKrbError();