/** * @return The KVNO for this instance */ public int getKvno() { Integer value = getFieldAsInteger(EncryptedDataField.KVNO); if (value != null) { return value.intValue(); } return -1; }
/** * @return The Cipher stored in this instance */ public byte[] getCipher() { return getFieldAsOctets(EncryptedDataField.CIPHER); }
public static void main(String[] args) throws IOException { if (args.length != 2) { System.err.println("Dump credential cache file"); System.err.println("Usage: CredentialCache <ccache-file>"); System.exit(1); } String cacheFile = args[1]; CredentialCache cc = new CredentialCache(); cc.load(new File(cacheFile)); for (Credential cred : cc.getCredentials()) { Ticket tkt = cred.getTicket(); System.out.println("Tkt server name: " + tkt.getSname().getName()); System.out.println("Tkt client name: " + cred.getClientName().getName()); System.out.println("Tkt encrypt type: " + tkt.getEncryptedEncPart().getEType().getName()); } }
/** * Encrypt with the encryption key and key usage. * * @param plainText The plain test * @param key The encryption key * @param usage The key usage * @return The encrypted data * @throws KrbException e */ public static EncryptedData encrypt(byte[] plainText, EncryptionKey key, KeyUsage usage) throws KrbException { EncTypeHandler handler = getEncHandler(key.getKeyType()); byte[] cipher = handler.encrypt(plainText, key.getKeyData(), usage.getValue()); EncryptedData ed = new EncryptedData(); ed.setCipher(cipher); ed.setEType(key.getKeyType()); if (key.getKvno() > 0) { ed.setKvno(key.getKvno()); } return ed; }
/** * Decrypt with the encryption key and key usage. * * @param data The encrypted data * @param key The encryption key * @param usage The key usage * @return The decrypted data * @throws KrbException e */ public static byte[] decrypt(EncryptedData data, EncryptionKey key, KeyUsage usage) throws KrbException { EncTypeHandler handler = getEncHandler(key.getKeyType()); return handler.decrypt(data.getCipher(), key.getKeyData(), usage.getValue()); }
public static void main(String[] args) throws IOException { if (args.length != 2) { System.err.println("Dump credential cache file"); System.err.println("Usage: CredentialCache <ccache-file>"); System.exit(1); } String cacheFile = args[1]; CredentialCache cc = new CredentialCache(); cc.load(new File(cacheFile)); for (Credential cred : cc.getCredentials()) { Ticket tkt = cred.getTicket(); System.out.println("Tkt server name: " + tkt.getSname().getName()); System.out.println("Tkt client name: " + cred.getClientName().getName()); System.out.println("Tkt encrypt type: " + tkt.getEncryptedEncPart().getEType().getName()); } }
/** * Encrypt with the encryption key and key usage. * * @param plainText The plain test * @param key The encryption key * @param usage The key usage * @return The encrypted data * @throws KrbException e */ public static EncryptedData encrypt(byte[] plainText, EncryptionKey key, KeyUsage usage) throws KrbException { EncTypeHandler handler = getEncHandler(key.getKeyType()); byte[] cipher = handler.encrypt(plainText, key.getKeyData(), usage.getValue()); EncryptedData ed = new EncryptedData(); ed.setCipher(cipher); ed.setEType(key.getKeyType()); if (key.getKvno() > 0) { ed.setKvno(key.getKvno()); } return ed; }
/** * Decrypt with the encryption key and key usage. * * @param data The encrypted data * @param key The encryption key * @param usage The key usage * @return The decrypted data * @throws KrbException e */ public static byte[] decrypt(EncryptedData data, EncryptionKey key, KeyUsage usage) throws KrbException { EncTypeHandler handler = getEncHandler(key.getKeyType()); return handler.decrypt(data.getCipher(), key.getKeyData(), usage.getValue()); }
@Override public boolean verify(KdcRequest kdcRequest, PluginRequestContext requestContext, PaDataEntry paData) throws KrbException { EncryptedData encData = KrbCodec.decode(paData.getPaDataValue(), EncryptedData.class); EncryptionKey clientKey = kdcRequest.getClientKey(encData.getEType()); if (clientKey == null) { throw new KrbException(KrbErrorCode.KDC_ERR_ETYPE_NOSUPP); } PaEncTsEnc timestamp = EncryptionUtil.unseal(encData, clientKey, KeyUsage.AS_REQ_PA_ENC_TS, PaEncTsEnc.class); KdcContext kdcContext = kdcRequest.getKdcContext(); long clockSkew = kdcContext.getConfig().getAllowableClockSkew() * 1000; if (!timestamp.getAllTime().isInClockSkew(clockSkew)) { throw new KrbException(KrbErrorCode.KDC_ERR_PREAUTH_FAILED); } return true; }
/** * @return The KVNO for this instance */ public int getKvno() { Integer value = getFieldAsInteger(EncryptedDataField.KVNO); if (value != null) { return value.intValue(); } return -1; }
/** * @return The Cipher stored in this instance */ public byte[] getCipher() { return getFieldAsOctets(EncryptedDataField.CIPHER); }
@Override public boolean verify(KdcRequest kdcRequest, PluginRequestContext requestContext, PaDataEntry paData) throws KrbException { EncryptedData encData = KrbCodec.decode(paData.getPaDataValue(), EncryptedData.class); EncryptionKey clientKey = kdcRequest.getClientKey(encData.getEType()); if (clientKey == null) { throw new KrbException(KrbErrorCode.KDC_ERR_ETYPE_NOSUPP); } PaEncTsEnc timestamp = EncryptionUtil.unseal(encData, clientKey, KeyUsage.AS_REQ_PA_ENC_TS, PaEncTsEnc.class); KdcContext kdcContext = kdcRequest.getKdcContext(); long clockSkew = kdcContext.getConfig().getAllowableClockSkew() * 1000; if (!timestamp.getAllTime().isInClockSkew(clockSkew)) { throw new KrbException(KrbErrorCode.KDC_ERR_PREAUTH_FAILED); } return true; }
/** * @return The {@link EncryptionType} of this instance */ public EncryptionType getEType() { Integer value = getFieldAsInteger(EncryptedDataField.ETYPE); return EncryptionType.fromValue(value); }
EncryptionType encType = ticket.getEncryptedEncPart().getEType(); EncryptionKey tgsKey = getTgsEntry().getKeys().get(encType); if (ticket.getTktvno() != KrbConstant.KRB_V5) {