[Neuclear-develop] neuclear-id/src/java/org/neuclear/auth AuthenticationTicket.java,1.3,1.4

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Update of /cvsroot/neuclear/neuclear-id/src/java/org/neuclear/auth
In directory sc8-pr-cvs1:/tmp/cvs-serv5401/src/java/org/neuclear/auth

Modified Files:
	AuthenticationTicket.java 
Log Message:
Did a security review of the basic Verification process and needed to make changes.
I've introduced the SignedNamedCore which all subclasses of SignedNamedObject need to include in their constructor.
What does this mean?
It means that all subclasses of SignedNamedObject have a guaranteed "signed final ticket" that can only be created in one place.
This also simplifies the constructors as well as the NamedObjectReaders.
I've gone through making everything in these contracts that is possible final. Thus further ensuring the security.


Index: AuthenticationTicket.java
===================================================================
RCS file: /cvsroot/neuclear/neuclear-id/src/java/org/neuclear/auth/AuthenticationTicket.java,v
retrieving revision 1.3
retrieving revision 1.4
diff -C2 -d -r1.3 -r1.4
*** AuthenticationTicket.java	19 Nov 2003 23:33:58 -0000	1.3
--- AuthenticationTicket.java	20 Nov 2003 16:01:25 -0000	1.4
***************
*** 17,20 ****
--- 17,21 ----
  import org.neuclear.id.NamedObjectReader;
  import org.neuclear.id.SignedNamedObject;
+ import org.neuclear.id.SignedNamedCore;
  import org.neuclear.xml.xmlsec.XMLSecurityException;
  
***************
*** 25,29 ****
   * It generates a unique Name in the users Identity, which the user then signs.
   */
! public class AuthenticationTicket extends SignedNamedObject {
      /**
       * <p>Used by a website to create an authentication ticket for validation.</p>
--- 26,30 ----
   * It generates a unique Name in the users Identity, which the user then signs.
   */
! public final class AuthenticationTicket extends SignedNamedObject {
      /**
       * <p>Used by a website to create an authentication ticket for validation.</p>
***************
*** 35,49 ****
       * </pre>
       * 
!      * @param name      
!      * @param signatory 
!      * @param timestamp 
!      * @param encoded   
!      * @param requester 
       * @param validto   
       * @param siteurl   
       * @throws NeuClearException 
       */
!     private AuthenticationTicket(String name, Identity signatory, Timestamp timestamp, String encoded, String requester, Timestamp validto, String siteurl) throws NeuClearException {
!         super(name, signatory, timestamp, encoded);
          this.validTo = validto;
          this.siteurl = siteurl;
--- 36,47 ----
       * </pre>
       * 
!      * @param core
!      * @param requester
       * @param validto   
       * @param siteurl   
       * @throws NeuClearException 
       */
!     private AuthenticationTicket(SignedNamedCore core, String requester, Timestamp validto, String siteurl) throws NeuClearException {
!         super(core);
          this.validTo = validto;
          this.siteurl = siteurl;
***************
*** 52,63 ****
      }
  
- /*
-     public static SignatureRequest createAuthenticationRequest(String user, String requester, long validity, String siteurl, String targeturl, PrivateKey signer) throws NeuClearException {
-         AuthenticationTicket ticket = new AuthenticationTicket(user, requester, validity, siteurl);
-         return SignatureRequest.createRequest(requester, targeturl, ticket, signer);
- 
-     }
- */
- 
  
      /**
--- 50,53 ----
***************
*** 67,71 ****
       * @throws NeuClearException 
       */
!     public Timestamp getValidTo() throws NeuClearException {
          return validTo;
      }
--- 57,61 ----
       * @throws NeuClearException 
       */
!     public final Timestamp getValidTo() throws NeuClearException {
          return validTo;
      }
***************
*** 76,87 ****
       * @return the URL or null if unavailable.
       */
!     public String getSiteHref() {
          return siteurl;
      }
  
-     public String getTagName() {
-         return TAG_NAME;
-     }
- 
      public final static class Reader implements NamedObjectReader {
          /**
--- 66,73 ----
       * @return the URL or null if unavailable.
       */
!     public final String getSiteHref() {
          return siteurl;
      }
  
      public final static class Reader implements NamedObjectReader {
          /**
***************
*** 91,100 ****
           * @return 
           */
!         public SignedNamedObject read(Element elem, String name, Identity signatory, String digest, Timestamp timestamp) throws XMLSecurityException, NeuClearException {
              String requester = elem.attributeValue(DocumentHelper.createQName("requester", NS_NSAUTH));
              String sitehref = elem.attributeValue(DocumentHelper.createQName("sitehref", NS_NSAUTH));
              Timestamp validto = TimeTools.parseTimeStamp(elem.attributeValue(DocumentHelper.createQName("validto", NS_NSAUTH)));
  
!             return new AuthenticationTicket(name, signatory, timestamp, digest, requester, validto, sitehref);
          }
  
--- 77,86 ----
           * @return 
           */
!         public final SignedNamedObject read(SignedNamedCore core, Element elem) throws NeuClearException, XMLSecurityException {
              String requester = elem.attributeValue(DocumentHelper.createQName("requester", NS_NSAUTH));
              String sitehref = elem.attributeValue(DocumentHelper.createQName("sitehref", NS_NSAUTH));
              Timestamp validto = TimeTools.parseTimeStamp(elem.attributeValue(DocumentHelper.createQName("validto", NS_NSAUTH)));
  
!             return new AuthenticationTicket(core, requester, validto, sitehref);
          }