public static void validate(EncryptionKey encKey, ApReq apReq) throws KrbException { Ticket ticket = apReq.getTicket(); if (encKey == null) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_NOKEY); } EncTicketPart encPart = EncryptionUtil.unseal(ticket.getEncryptedEncPart(), encKey, KeyUsage.KDC_REP_TICKET, EncTicketPart.class); ticket.setEncPart(encPart); unsealAuthenticator(encPart.getKey(), apReq); Authenticator authenticator = apReq.getAuthenticator(); if (!authenticator.getCname().equals(ticket.getEncPart().getCname())) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_BADMATCH); } if (!authenticator.getCrealm().equals(ticket.getEncPart().getCrealm())) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_BADMATCH); } }
public static void validate(EncryptionKey encKey, ApReq apReq) throws KrbException { Ticket ticket = apReq.getTicket(); if (encKey == null) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_NOKEY); } EncTicketPart encPart = EncryptionUtil.unseal(ticket.getEncryptedEncPart(), encKey, KeyUsage.KDC_REP_TICKET, EncTicketPart.class); ticket.setEncPart(encPart); unsealAuthenticator(encPart.getKey(), apReq); Authenticator authenticator = apReq.getAuthenticator(); if (!authenticator.getCname().equals(ticket.getEncPart().getCname())) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_BADMATCH); } if (!authenticator.getCrealm().equals(ticket.getEncPart().getCrealm())) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_BADMATCH); } }
public static void validate(EncryptionKey encKey, ApReq apReq) throws KrbException { Ticket ticket = apReq.getTicket(); if (encKey == null) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_NOKEY); } EncTicketPart encPart = EncryptionUtil.unseal(ticket.getEncryptedEncPart(), encKey, KeyUsage.KDC_REP_TICKET, EncTicketPart.class); ticket.setEncPart(encPart); unsealAuthenticator(encPart.getKey(), apReq); Authenticator authenticator = apReq.getAuthenticator(); if (!authenticator.getCname().equals(ticket.getEncPart().getCname())) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_BADMATCH); } if (!authenticator.getCrealm().equals(ticket.getEncPart().getCrealm())) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_BADMATCH); } }
assertThat(apReq.getAuthenticator().getCname()).isEqualTo(tgt.getClientPrincipal()); assertThat(apReq.getAuthenticator().getCrealm()).isEqualTo(tgt.getRealm());
encKey, KeyUsage.TGS_REQ_AUTH, Authenticator.class); if (!authenticator.getCname().equals(tgtTicket.getEncPart().getCname())) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_BADMATCH); PrincipalName clientPrincipal = authenticator.getCname(); clientPrincipal.setRealm(authenticator.getCrealm()); KrbIdentity clientEntry = getEntry(clientPrincipal.getName());
encKey, KeyUsage.TGS_REQ_AUTH, Authenticator.class); if (!authenticator.getCname().equals(tgtTicket.getEncPart().getCname())) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_BADMATCH); PrincipalName clientPrincipal = authenticator.getCname(); clientPrincipal.setRealm(authenticator.getCrealm()); KrbIdentity clientEntry = getEntry(clientPrincipal.getName());