/** * Process the recoverable exception. * * @param e The exception return by kdc * @param kdcRequest kdc request * @return The KrbError */ private KrbMessage handleRecoverableException(KdcRecoverableException e, KdcRequest kdcRequest) { LOG.info("KRB error occurred while processing request:" + e.getMessage()); KrbError error = e.getKrbError(); error.setStime(KerberosTime.now()); error.setSusec(100); error.setErrorCode(e.getKrbError().getErrorCode()); error.setRealm(kdcContext.getKdcRealm()); if (kdcRequest != null) { error.setSname(kdcRequest.getKdcReq().getReqBody().getCname()); } else { error.setSname(new PrincipalName("NONE")); } error.setEtext(e.getMessage()); return error; }
public TgtTicket handleResponse(JSONObject json, String passPhrase) throws HasException { KrbMessage kdcRep = getKrbMessage(json); KrbMessageType messageType = kdcRep.getMsgType(); if (messageType == KrbMessageType.AS_REP) { return processResponse((KdcRep) kdcRep, passPhrase); } else if (messageType == KrbMessageType.KRB_ERROR) { KrbError error = (KrbError) kdcRep; LOG.error("HAS server response with message: " + error.getErrorCode().getMessage()); throw new HasException(error.getEtext()); } return null; }
(KdcRecoverableException) e, kdcRequest); } else { KrbError krbError = new KrbError(); krbError.setStime(KerberosTime.now()); krbError.setSusec(100); errorCode = ((KrbException) e).getKrbErrorCode(); krbError.setErrorCode(errorCode); krbError.setCrealm(kdcContext.getKdcRealm()); if (kdcRequest.getClientPrincipal() != null) { krbError.setCname(kdcRequest.getClientPrincipal()); krbError.setRealm(kdcContext.getKdcRealm()); if (kdcRequest.getServerPrincipal() != null) { krbError.setSname(kdcRequest.getServerPrincipal()); } else { PrincipalName serverPrincipal = kdcRequest.getKdcReq().getReqBody().getSname(); serverPrincipal.setRealm(kdcRequest.getKdcReq().getReqBody().getRealm()); krbError.setSname(serverPrincipal); krbError.setEtext("PREAUTH_FAILED"); } else { krbError.setEtext(e.getMessage());
KrbError error = (KrbError) kdcRep; LOG.info("KDC server response with message: " + error.getErrorCode().getMessage()); if (error.getErrorCode() == KrbErrorCode.KDC_ERR_PREAUTH_REQUIRED) { MethodData methodData = KrbCodec.decode(error.getEdata(), MethodData.class); List<PaDataEntry> paDataEntryList = methodData.getElements(); List<EncryptionType> encryptionTypes = new ArrayList<>(); LOG.info("Retry with the new kdc request including pre-authentication."); } else { LOG.info(error.getErrorCode().getMessage()); throw new KrbException(error.getErrorCode(), error.getEtext());
KrbError krbError = new KrbError(); krbError.setErrorCode(errorCode); byte[] encodedData = KrbCodec.encode(methodData); krbError.setEdata(encodedData);
public KrbErrorException(KrbError krbError) { super(krbError.getErrorCode().getMessage()); this.krbError = krbError; }
public static KrbMessage decodeMessage(ByteBuffer buffer) throws IOException { Asn1ParseResult parsingResult = Asn1.parse(buffer); Tag tag = parsingResult.tag(); KrbMessage msg; KrbMessageType msgType = KrbMessageType.fromValue(tag.tagNo()); if (msgType == KrbMessageType.TGS_REQ) { msg = new TgsReq(); } else if (msgType == KrbMessageType.AS_REP) { msg = new AsRep(); } else if (msgType == KrbMessageType.AS_REQ) { msg = new AsReq(); } else if (msgType == KrbMessageType.TGS_REP) { msg = new TgsRep(); } else if (msgType == KrbMessageType.AP_REQ) { msg = new ApReq(); } else if (msgType == KrbMessageType.AP_REP) { msg = new ApReq(); } else if (msgType == KrbMessageType.KRB_ERROR) { msg = new KrbError(); } else { throw new IOException("To be supported krb message type with tag: " + tag); } msg.decode(parsingResult); return msg; }
public static List<EncryptionType> getEtypes(KrbError error) throws IOException { MethodData methodData = new MethodData(); methodData.decode(error.getEdata()); for (PaDataEntry pd : methodData.getElements()) { if (pd.getPaDataType() == PaDataType.ETYPE_INFO2) { return getEtypes2(pd.getPaDataValue()); } else if (pd.getPaDataType() == PaDataType.ETYPE_INFO) { return getEtypes(pd.getPaDataValue()); } } return Collections.emptyList(); }
(KdcRecoverableException) e, kdcRequest); } else { KrbError krbError = new KrbError(); krbError.setStime(KerberosTime.now()); krbError.setSusec(100); errorCode = ((KrbException) e).getKrbErrorCode(); krbError.setErrorCode(errorCode); krbError.setCrealm(kdcContext.getKdcRealm()); if (kdcRequest.getClientPrincipal() != null) { krbError.setCname(kdcRequest.getClientPrincipal()); krbError.setRealm(kdcContext.getKdcRealm()); if (kdcRequest.getServerPrincipal() != null) { krbError.setSname(kdcRequest.getServerPrincipal()); } else { PrincipalName serverPrincipal = kdcRequest.getKdcReq().getReqBody().getSname(); serverPrincipal.setRealm(kdcRequest.getKdcReq().getReqBody().getRealm()); krbError.setSname(serverPrincipal); krbError.setEtext("PREAUTH_FAILED"); } else { krbError.setEtext(e.getMessage());
KrbError error = (KrbError) kdcRep; LOG.info("KDC server response with message: " + error.getErrorCode().getMessage()); if (error.getErrorCode() == KrbErrorCode.KDC_ERR_PREAUTH_REQUIRED) { MethodData methodData = KrbCodec.decode(error.getEdata(), MethodData.class); List<PaDataEntry> paDataEntryList = methodData.getElements(); List<EncryptionType> encryptionTypes = new ArrayList<>(); LOG.info("Retry with the new kdc request including pre-authentication."); } else { LOG.info(error.getErrorCode().getMessage()); throw new KrbException(error.getErrorCode(), error.getEtext());
KrbError krbError = new KrbError(); krbError.setErrorCode(errorCode); byte[] encodedData = KrbCodec.encode(methodData); krbError.setEdata(encodedData);
public KrbErrorException(KrbError krbError) { super(krbError.getErrorCode().getMessage()); this.krbError = krbError; }
public static KrbMessage decodeMessage(ByteBuffer buffer) throws IOException { Asn1ParseResult parsingResult = Asn1.parse(buffer); Tag tag = parsingResult.tag(); KrbMessage msg; KrbMessageType msgType = KrbMessageType.fromValue(tag.tagNo()); if (msgType == KrbMessageType.TGS_REQ) { msg = new TgsReq(); } else if (msgType == KrbMessageType.AS_REP) { msg = new AsRep(); } else if (msgType == KrbMessageType.AS_REQ) { msg = new AsReq(); } else if (msgType == KrbMessageType.TGS_REP) { msg = new TgsRep(); } else if (msgType == KrbMessageType.AP_REQ) { msg = new ApReq(); } else if (msgType == KrbMessageType.AP_REP) { msg = new ApReq(); } else if (msgType == KrbMessageType.KRB_ERROR) { msg = new KrbError(); } else { throw new IOException("To be supported krb message type with tag: " + tag); } msg.decode(parsingResult); return msg; }
public static List<EncryptionType> getEtypes(KrbError error) throws IOException { MethodData methodData = new MethodData(); methodData.decode(error.getEdata()); for (PaDataEntry pd : methodData.getElements()) { if (pd.getPaDataType() == PaDataType.ETYPE_INFO2) { return getEtypes2(pd.getPaDataValue()); } else if (pd.getPaDataType() == PaDataType.ETYPE_INFO) { return getEtypes(pd.getPaDataValue()); } } return Collections.emptyList(); }
(KdcRecoverableException) e, kdcRequest); } else { KrbError krbError = new KrbError(); krbError.setStime(KerberosTime.now()); krbError.setSusec(100); if (e.getKrbErrorCode() != null) { krbError.setErrorCode(e.getKrbErrorCode()); } else { krbError.setErrorCode(KrbErrorCode.UNKNOWN_ERR); krbError.setCrealm(kdcContext.getKdcRealm()); if (kdcRequest.getClientPrincipal() != null) { krbError.setCname(kdcRequest.getClientPrincipal()); krbError.setRealm(kdcContext.getKdcRealm()); if (kdcRequest.getServerPrincipal() != null) { krbError.setSname(kdcRequest.getServerPrincipal()); } else { PrincipalName serverPrincipal = kdcRequest.getKdcReq().getReqBody().getSname(); serverPrincipal.setRealm(kdcRequest.getKdcReq().getReqBody().getRealm()); krbError.setSname(serverPrincipal); krbError.setEtext("PREAUTH_FAILED"); } else { krbError.setEtext(e.getMessage());
/** * Process the recoverable exception. * * @param e The exception return by kdc * @param kdcRequest kdc request * @return The KrbError */ private KrbMessage handleRecoverableException(KdcRecoverableException e, KdcRequest kdcRequest) throws KrbException { LOG.info("KRB error occurred while processing request: " + e.getMessage()); KrbError error = e.getKrbError(); error.setStime(KerberosTime.now()); error.setSusec(100); error.setErrorCode(e.getKrbError().getErrorCode()); error.setRealm(kdcContext.getKdcRealm()); if (kdcRequest != null) { error.setSname(kdcRequest.getKdcReq().getReqBody().getCname()); } else { error.setSname(new PrincipalName("NONE")); } error.setEtext(e.getMessage()); return error; }
public TgtTicket handleResponse(JSONObject json, String passPhrase) throws HasException { KrbMessage kdcRep = getKrbMessage(json); KrbMessageType messageType = kdcRep.getMsgType(); if (messageType == KrbMessageType.AS_REP) { return processResponse((KdcRep) kdcRep, passPhrase); } else if (messageType == KrbMessageType.KRB_ERROR) { KrbError error = (KrbError) kdcRep; LOG.error("HAS server response with message: " + error.getErrorCode().getMessage()); throw new HasException(error.getEtext()); } return null; }
(KdcRecoverableException) e, kdcRequest); } else { KrbError krbError = new KrbError(); krbError.setStime(KerberosTime.now()); krbError.setSusec(100); if (e.getKrbErrorCode() != null) { krbError.setErrorCode(e.getKrbErrorCode()); } else { krbError.setErrorCode(KrbErrorCode.UNKNOWN_ERR); krbError.setCrealm(kdcContext.getKdcRealm()); if (kdcRequest.getClientPrincipal() != null) { krbError.setCname(kdcRequest.getClientPrincipal()); krbError.setRealm(kdcContext.getKdcRealm()); if (kdcRequest.getServerPrincipal() != null) { krbError.setSname(kdcRequest.getServerPrincipal()); } else { PrincipalName serverPrincipal = kdcRequest.getKdcReq().getReqBody().getSname(); serverPrincipal.setRealm(kdcRequest.getKdcReq().getReqBody().getRealm()); krbError.setSname(serverPrincipal); krbError.setEtext("PREAUTH_FAILED"); } else { krbError.setEtext(e.getMessage());
/** * Process the recoverable exception. * * @param e The exception return by kdc * @param kdcRequest kdc request * @return The KrbError */ private KrbMessage handleRecoverableException(KdcRecoverableException e, KdcRequest kdcRequest) { LOG.info("KRB error occurred while processing request:" + e.getMessage()); KrbError error = e.getKrbError(); error.setStime(KerberosTime.now()); error.setSusec(100); error.setErrorCode(e.getKrbError().getErrorCode()); error.setRealm(kdcContext.getKdcRealm()); if (kdcRequest != null) { error.setSname(kdcRequest.getKdcReq().getReqBody().getCname()); } else { error.setSname(new PrincipalName("NONE")); } error.setEtext(e.getMessage()); return error; }
/** * Process the recoverable exception. * * @param e The exception return by kdc * @param kdcRequest kdc request * @return The KrbError */ private KrbMessage handleRecoverableException(KdcRecoverableException e, KdcRequest kdcRequest) throws KrbException { LOG.info("KRB error occurred while processing request: " + e.getMessage()); KrbError error = e.getKrbError(); error.setStime(KerberosTime.now()); error.setSusec(100); error.setErrorCode(e.getKrbError().getErrorCode()); error.setRealm(kdcContext.getKdcRealm()); if (kdcRequest != null) { error.setSname(kdcRequest.getKdcReq().getReqBody().getCname()); } else { error.setSname(new PrincipalName("NONE")); } error.setEtext(e.getMessage()); return error; }