public static void main(String[] args) throws IOException { if (args.length != 2) { System.err.println("Dump credential cache file"); System.err.println("Usage: CredentialCache <ccache-file>"); System.exit(1); } String cacheFile = args[1]; CredentialCache cc = new CredentialCache(); cc.load(new File(cacheFile)); for (Credential cred : cc.getCredentials()) { Ticket tkt = cred.getTicket(); System.out.println("Tkt server name: " + tkt.getSname().getName()); System.out.println("Tkt client name: " + cred.getClientName().getName()); System.out.println("Tkt encrypt type: " + tkt.getEncryptedEncPart().getEType().getName()); } }
public void writeTicket(Ticket t) throws IOException { if (t == null) { writeInt(0); } else { byte[] bytes = t.encode(); writeInt(bytes.length); write(bytes); } }
/** * {@inheritDoc} */ @Override protected void issueTicket() throws KrbException { TicketIssuer issuer = new ServiceTicketIssuer(this); Ticket newTicket = issuer.issueTicket(); LOG.info("TGS_REQ ISSUE: authtime " + newTicket.getEncPart().getAuthTime().getTime() + "," + newTicket.getEncPart().getCname() + " for " + newTicket.getSname()); setTicket(newTicket); }
public Ticket issueTicket() throws KrbException { KdcReq request = kdcRequest.getKdcReq(); Ticket issuedTicket = new Ticket(); PrincipalName serverPrincipal = getServerPrincipal(); issuedTicket.setSname(serverPrincipal); String serverRealm = request.getReqBody().getRealm(); issuedTicket.setRealm(serverRealm); EncTicketPart encTicketPart = makeEncTicketPart(); EncryptionKey encryptionKey = getTicketEncryptionKey(); EncryptedData encryptedData = EncryptionUtil.seal(encTicketPart, encryptionKey, KeyUsage.KDC_REP_TICKET); issuedTicket.setEncryptedEncPart(encryptedData); issuedTicket.setEncPart(encTicketPart); return issuedTicket; }
EncryptionType encType = tgtTicket.getEncryptedEncPart().getEType(); String remoteRealm = tgtTicket.getRealm(); if (checkCrossRealm(remoteRealm)) { KrbIdentity tgs = getCrossRealmTgsEntry(remoteRealm); if (tgtTicket.getTktvno() != KrbConstant.KRB_V5) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_BADVERSION); EncTicketPart encPart = EncryptionUtil.unseal(tgtTicket.getEncryptedEncPart(), tgsKey, KeyUsage.KDC_REP_TICKET, EncTicketPart.class); tgtTicket.setEncPart(encPart); encKey = tgtTicket.getEncPart().getKey(); if (!authenticator.getCname().equals(tgtTicket.getEncPart().getCname())) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_BADMATCH); HostAddresses hostAddresses = tgtTicket.getEncPart().getClientAddresses(); if (hostAddresses == null || hostAddresses.isEmpty()) { if (!getKdcContext().getConfig().isEmptyAddressesAllowed()) { PrincipalName serverPrincipal = tgtTicket.getSname(); serverPrincipal.setRealm(tgtTicket.getRealm()); KerberosTime startTime = tgtTicket.getEncPart().getStartTime(); if (startTime == null) { startTime = tgtTicket.getEncPart().getAuthTime(); KerberosTime endTime = tgtTicket.getEncPart().getEndTime();
public static void validate(EncryptionKey encKey, ApReq apReq) throws KrbException { Ticket ticket = apReq.getTicket(); if (encKey == null) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_NOKEY); } EncTicketPart encPart = EncryptionUtil.unseal(ticket.getEncryptedEncPart(), encKey, KeyUsage.KDC_REP_TICKET, EncTicketPart.class); ticket.setEncPart(encPart); unsealAuthenticator(encPart.getKey(), apReq); Authenticator authenticator = apReq.getAuthenticator(); if (!authenticator.getCname().equals(ticket.getEncPart().getCname())) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_BADMATCH); } if (!authenticator.getCrealm().equals(ticket.getEncPart().getCrealm())) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_BADMATCH); } }
/** * Make EncKdcRepPart. * @return encryption kdc response part */ private EncKdcRepPart makeEncKdcRepPart() { KdcReq request = getKdcReq(); Ticket ticket = getTicket(); EncKdcRepPart encKdcRepPart = new EncTgsRepPart(); //session key encKdcRepPart.setKey(ticket.getEncPart().getKey()); LastReq lastReq = new LastReq(); LastReqEntry entry = new LastReqEntry(); entry.setLrType(LastReqType.THE_LAST_INITIAL); entry.setLrValue(new KerberosTime()); lastReq.add(entry); encKdcRepPart.setLastReq(lastReq); encKdcRepPart.setNonce(request.getReqBody().getNonce()); encKdcRepPart.setFlags(ticket.getEncPart().getFlags()); encKdcRepPart.setAuthTime(ticket.getEncPart().getAuthTime()); encKdcRepPart.setStartTime(ticket.getEncPart().getStartTime()); encKdcRepPart.setEndTime(ticket.getEncPart().getEndTime()); if (ticket.getEncPart().getFlags().isFlagSet(TicketFlag.RENEWABLE)) { encKdcRepPart.setRenewTill(ticket.getEncPart().getRenewtill()); } encKdcRepPart.setSname(ticket.getSname()); encKdcRepPart.setSrealm(ticket.getRealm()); encKdcRepPart.setCaddr(ticket.getEncPart().getClientAddresses()); return encKdcRepPart; }
EncryptionType encType = ticket.getEncryptedEncPart().getEType(); EncryptionKey tgsKey = getTgsEntry().getKeys().get(encType); if (ticket.getTktvno() != KrbConstant.KRB_V5) { LOG.error(KrbErrorCode.KRB_AP_ERR_BADVERSION.getMessage()); throw new KrbException(KrbErrorCode.KRB_AP_ERR_BADVERSION); encPart = EncryptionUtil.unseal(ticket.getEncryptedEncPart(), tgsKey, KeyUsage.KDC_REP_TICKET, EncTicketPart.class); } catch (KrbException e) { throw new KrbException(errMessage); ticket.setEncPart(encPart); EncryptionKey encKey = ticket.getEncPart().getKey(); setSessionKey(encKey);
byte[] asn1Encoding; try { asn1Encoding = krbTicket.getTicket().encode(); } catch (IOException e) { throw new GSSException(GSSException.FAILURE, -1, e.getMessage()); KerberosPrincipal client = new KerberosPrincipal(clientName); PrincipalName serverPrinc = krbTicket.getTicket().getSname(); String serverName = serverPrinc.getName() + "@" + krbTicket.getTicket().getRealm(); KerberosPrincipal server = new KerberosPrincipal(serverName, serverPrinc.getNameType().getValue());
int kvno = apReq.getTicket().getEncryptedEncPart().getKvno(); int encryptType = apReq.getTicket().getEncryptedEncPart().getEType().getValue(); EncTicketPart apReqTicketEncPart = apReq.getTicket().getEncPart();
+ sgtTicket.getTicket().getEncryptedEncPart().getKvno()); return; + sgtTicket.getTicket().getEncryptedEncPart().getKvno());
@Override protected TransitedEncoding getTransitedEncoding() { if (token != null) { return super.getTransitedEncoding(); } return tgtTicket.getEncPart().getTransited(); } }
@Benchmark @Fork(1) @Warmup(iterations = 5) public void decodeWithKerby() throws Exception { ApReq apReq = new ApReq(); apReq.decode(apreqToken.duplicate()); String serverName = apReq.getTicket().getSname().toString(); if (serverName == null) { throw new RuntimeException("Decoding test failed"); } } }
public String getRealm() { return ticket.getRealm(); } }
EncryptionType encType = tgtTicket.getEncryptedEncPart().getEType(); String remoteRealm = tgtTicket.getRealm(); if (checkCrossRealm(remoteRealm)) { KrbIdentity tgs = getCrossRealmTgsEntry(remoteRealm); if (tgtTicket.getTktvno() != KrbConstant.KRB_V5) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_BADVERSION); EncTicketPart encPart = EncryptionUtil.unseal(tgtTicket.getEncryptedEncPart(), tgsKey, KeyUsage.KDC_REP_TICKET, EncTicketPart.class); tgtTicket.setEncPart(encPart); encKey = tgtTicket.getEncPart().getKey(); if (!authenticator.getCname().equals(tgtTicket.getEncPart().getCname())) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_BADMATCH); HostAddresses hostAddresses = tgtTicket.getEncPart().getClientAddresses(); if (hostAddresses == null || hostAddresses.isEmpty()) { if (!getKdcContext().getConfig().isEmptyAddressesAllowed()) { PrincipalName serverPrincipal = tgtTicket.getSname(); serverPrincipal.setRealm(tgtTicket.getRealm()); KerberosTime startTime = tgtTicket.getEncPart().getStartTime(); if (startTime == null) { startTime = tgtTicket.getEncPart().getAuthTime(); KerberosTime endTime = tgtTicket.getEncPart().getEndTime();
public static void validate(EncryptionKey encKey, ApReq apReq) throws KrbException { Ticket ticket = apReq.getTicket(); if (encKey == null) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_NOKEY); } EncTicketPart encPart = EncryptionUtil.unseal(ticket.getEncryptedEncPart(), encKey, KeyUsage.KDC_REP_TICKET, EncTicketPart.class); ticket.setEncPart(encPart); unsealAuthenticator(encPart.getKey(), apReq); Authenticator authenticator = apReq.getAuthenticator(); if (!authenticator.getCname().equals(ticket.getEncPart().getCname())) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_BADMATCH); } if (!authenticator.getCrealm().equals(ticket.getEncPart().getCrealm())) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_BADMATCH); } }
encKdcRepPart.setKey(ticket.getEncPart().getKey()); encKdcRepPart.setFlags(ticket.getEncPart().getFlags()); encKdcRepPart.setAuthTime(ticket.getEncPart().getAuthTime()); encKdcRepPart.setStartTime(ticket.getEncPart().getStartTime()); encKdcRepPart.setEndTime(ticket.getEncPart().getEndTime()); if (ticket.getEncPart().getFlags().isFlagSet(TicketFlag.RENEWABLE)) { encKdcRepPart.setRenewTill(ticket.getEncPart().getRenewtill()); encKdcRepPart.setSname(ticket.getSname()); encKdcRepPart.setSrealm(ticket.getRealm()); encKdcRepPart.setCaddr(ticket.getEncPart().getClientAddresses());
EncryptionType encType = ticket.getEncryptedEncPart().getEType(); EncryptionKey tgsKey = getTgsEntry().getKeys().get(encType); if (ticket.getTktvno() != KrbConstant.KRB_V5) { LOG.error(KrbErrorCode.KRB_AP_ERR_BADVERSION.getMessage()); throw new KrbException(KrbErrorCode.KRB_AP_ERR_BADVERSION); encPart = EncryptionUtil.unseal(ticket.getEncryptedEncPart(), tgsKey, KeyUsage.KDC_REP_TICKET, EncTicketPart.class); } catch (KrbException e) { throw new KrbException(errMessage); ticket.setEncPart(encPart); EncryptionKey encKey = ticket.getEncPart().getKey(); setSessionKey(encKey);
public Ticket issueTicket() throws KrbException { KdcReq request = kdcRequest.getKdcReq(); Ticket issuedTicket = new Ticket(); PrincipalName serverPrincipal = getServerPrincipal(); issuedTicket.setSname(serverPrincipal); String serverRealm = request.getReqBody().getRealm(); issuedTicket.setRealm(serverRealm); EncTicketPart encTicketPart = makeEncTicketPart(); EncryptionKey encryptionKey = getTicketEncryptionKey(); EncryptedData encryptedData = EncryptionUtil.seal(encTicketPart, encryptionKey, KeyUsage.KDC_REP_TICKET); issuedTicket.setEncryptedEncPart(encryptedData); issuedTicket.setEncPart(encTicketPart); return issuedTicket; }