@Override protected TransitedEncoding getTransitedEncoding() { if (token != null) { return super.getTransitedEncoding(); } return tgtTicket.getEncPart().getTransited(); } }
@Override protected TransitedEncoding getTransitedEncoding() { if (token != null) { return super.getTransitedEncoding(); } return tgtTicket.getEncPart().getTransited(); } }
@Override protected PrincipalName getclientPrincipal() { PrincipalName clientPrincipal; if (token != null) { clientPrincipal = new PrincipalName(token.getSubject()); } else { clientPrincipal = tgtTicket.getEncPart().getCname(); clientPrincipal.setRealm(tgtTicket.getEncPart().getCrealm()); } return clientPrincipal; }
@Override protected PrincipalName getclientPrincipal() { PrincipalName clientPrincipal; if (token != null) { clientPrincipal = new PrincipalName(token.getSubject()); } else { clientPrincipal = tgtTicket.getEncPart().getCname(); clientPrincipal.setRealm(tgtTicket.getEncPart().getCrealm()); } return clientPrincipal; }
/** * {@inheritDoc} */ @Override protected void issueTicket() throws KrbException { TicketIssuer issuer = new ServiceTicketIssuer(this); Ticket newTicket = issuer.issueTicket(); LOG.info("TGS_REQ ISSUE: authtime " + newTicket.getEncPart().getAuthTime().getTime() + "," + newTicket.getEncPart().getCname() + " for " + newTicket.getSname()); setTicket(newTicket); }
/** * {@inheritDoc} */ @Override protected void issueTicket() throws KrbException { TicketIssuer issuer = new TgtTicketIssuer(this); Ticket newTicket = issuer.issueTicket(); LOG.info("AS_REQ ISSUE: authtime " + newTicket.getEncPart().getAuthTime().getTime() + "," + newTicket.getEncPart().getCname() + " for " + newTicket.getSname()); setTicket(newTicket); }
/** * {@inheritDoc} */ @Override protected void issueTicket() throws KrbException { TicketIssuer issuer = new TgtTicketIssuer(this); Ticket newTicket = issuer.issueTicket(); LOG.info("AS_REQ ISSUE: authtime " + newTicket.getEncPart().getAuthTime().getTime() + "," + newTicket.getEncPart().getCname() + " for " + newTicket.getSname()); setTicket(newTicket); }
/** * {@inheritDoc} */ @Override protected void issueTicket() throws KrbException { TicketIssuer issuer = new ServiceTicketIssuer(this); Ticket newTicket = issuer.issueTicket(); LOG.info("TGS_REQ ISSUE: authtime " + newTicket.getEncPart().getAuthTime().getTime() + "," + newTicket.getEncPart().getCname() + " for " + newTicket.getSname()); setTicket(newTicket); }
/** * Make EncKdcRepPart. * @return encryption kdc response part */ private EncKdcRepPart makeEncKdcRepPart() { KdcReq request = getKdcReq(); Ticket ticket = getTicket(); EncKdcRepPart encKdcRepPart = new EncTgsRepPart(); //session key encKdcRepPart.setKey(ticket.getEncPart().getKey()); LastReq lastReq = new LastReq(); LastReqEntry entry = new LastReqEntry(); entry.setLrType(LastReqType.THE_LAST_INITIAL); entry.setLrValue(new KerberosTime()); lastReq.add(entry); encKdcRepPart.setLastReq(lastReq); encKdcRepPart.setNonce(request.getReqBody().getNonce()); encKdcRepPart.setFlags(ticket.getEncPart().getFlags()); encKdcRepPart.setAuthTime(ticket.getEncPart().getAuthTime()); encKdcRepPart.setStartTime(ticket.getEncPart().getStartTime()); encKdcRepPart.setEndTime(ticket.getEncPart().getEndTime()); if (ticket.getEncPart().getFlags().isFlagSet(TicketFlag.RENEWABLE)) { encKdcRepPart.setRenewTill(ticket.getEncPart().getRenewtill()); } encKdcRepPart.setSname(ticket.getSname()); encKdcRepPart.setSrealm(ticket.getRealm()); encKdcRepPart.setCaddr(ticket.getEncPart().getClientAddresses()); return encKdcRepPart; }
encKdcRepPart.setKey(ticket.getEncPart().getKey()); encKdcRepPart.setFlags(ticket.getEncPart().getFlags()); encKdcRepPart.setAuthTime(ticket.getEncPart().getAuthTime()); encKdcRepPart.setStartTime(ticket.getEncPart().getStartTime()); encKdcRepPart.setEndTime(ticket.getEncPart().getEndTime()); if (ticket.getEncPart().getFlags().isFlagSet(TicketFlag.RENEWABLE)) { encKdcRepPart.setRenewTill(ticket.getEncPart().getRenewtill()); encKdcRepPart.setCaddr(ticket.getEncPart().getClientAddresses());
/** * Make EncKdcRepPart. * @return encryption kdc response part */ private EncKdcRepPart makeEncKdcRepPart() { KdcReq request = getKdcReq(); Ticket ticket = getTicket(); EncKdcRepPart encKdcRepPart = new EncTgsRepPart(); //session key encKdcRepPart.setKey(ticket.getEncPart().getKey()); LastReq lastReq = new LastReq(); LastReqEntry entry = new LastReqEntry(); entry.setLrType(LastReqType.THE_LAST_INITIAL); entry.setLrValue(new KerberosTime()); lastReq.add(entry); encKdcRepPart.setLastReq(lastReq); encKdcRepPart.setNonce(request.getReqBody().getNonce()); encKdcRepPart.setFlags(ticket.getEncPart().getFlags()); encKdcRepPart.setAuthTime(ticket.getEncPart().getAuthTime()); encKdcRepPart.setStartTime(ticket.getEncPart().getStartTime()); encKdcRepPart.setEndTime(ticket.getEncPart().getEndTime()); if (ticket.getEncPart().getFlags().isFlagSet(TicketFlag.RENEWABLE)) { encKdcRepPart.setRenewTill(ticket.getEncPart().getRenewtill()); } encKdcRepPart.setSname(ticket.getSname()); encKdcRepPart.setSrealm(ticket.getRealm()); encKdcRepPart.setCaddr(ticket.getEncPart().getClientAddresses()); return encKdcRepPart; }
encKdcRepPart.setKey(ticket.getEncPart().getKey()); encKdcRepPart.setFlags(ticket.getEncPart().getFlags()); encKdcRepPart.setAuthTime(ticket.getEncPart().getAuthTime()); encKdcRepPart.setStartTime(ticket.getEncPart().getStartTime()); encKdcRepPart.setEndTime(ticket.getEncPart().getEndTime()); if (ticket.getEncPart().getFlags().isFlagSet(TicketFlag.RENEWABLE)) { encKdcRepPart.setRenewTill(ticket.getEncPart().getRenewtill()); encKdcRepPart.setCaddr(ticket.getEncPart().getClientAddresses());
public static void validate(EncryptionKey encKey, ApReq apReq) throws KrbException { Ticket ticket = apReq.getTicket(); if (encKey == null) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_NOKEY); } EncTicketPart encPart = EncryptionUtil.unseal(ticket.getEncryptedEncPart(), encKey, KeyUsage.KDC_REP_TICKET, EncTicketPart.class); ticket.setEncPart(encPart); unsealAuthenticator(encPart.getKey(), apReq); Authenticator authenticator = apReq.getAuthenticator(); if (!authenticator.getCname().equals(ticket.getEncPart().getCname())) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_BADMATCH); } if (!authenticator.getCrealm().equals(ticket.getEncPart().getCrealm())) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_BADMATCH); } }
public static void validate(EncryptionKey encKey, ApReq apReq) throws KrbException { Ticket ticket = apReq.getTicket(); if (encKey == null) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_NOKEY); } EncTicketPart encPart = EncryptionUtil.unseal(ticket.getEncryptedEncPart(), encKey, KeyUsage.KDC_REP_TICKET, EncTicketPart.class); ticket.setEncPart(encPart); unsealAuthenticator(encPart.getKey(), apReq); Authenticator authenticator = apReq.getAuthenticator(); if (!authenticator.getCname().equals(ticket.getEncPart().getCname())) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_BADMATCH); } if (!authenticator.getCrealm().equals(ticket.getEncPart().getCrealm())) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_BADMATCH); } }
public static void validate(EncryptionKey encKey, ApReq apReq) throws KrbException { Ticket ticket = apReq.getTicket(); if (encKey == null) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_NOKEY); } EncTicketPart encPart = EncryptionUtil.unseal(ticket.getEncryptedEncPart(), encKey, KeyUsage.KDC_REP_TICKET, EncTicketPart.class); ticket.setEncPart(encPart); unsealAuthenticator(encPart.getKey(), apReq); Authenticator authenticator = apReq.getAuthenticator(); if (!authenticator.getCname().equals(ticket.getEncPart().getCname())) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_BADMATCH); } if (!authenticator.getCrealm().equals(ticket.getEncPart().getCrealm())) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_BADMATCH); } }
/** * {@inheritDoc} */ @Override protected void makeReply() throws KrbException { Ticket ticket = getTicket(); TgsRep reply = new TgsRep(); if (getClientEntry() == null) { reply.setCname(ticket.getEncPart().getCname()); reply.setCrealm(ticket.getEncPart().getCrealm()); } else { reply.setCname(getClientEntry().getPrincipal()); reply.setCrealm(getKdcContext().getKdcRealm()); } reply.setTicket(ticket); EncKdcRepPart encKdcRepPart = makeEncKdcRepPart(); reply.setEncPart(encKdcRepPart); EncryptionKey sessionKey; if (getToken() != null) { sessionKey = getSessionKey(); } else { sessionKey = getTgtSessionKey(); } EncryptedData encryptedData = EncryptionUtil.seal(encKdcRepPart, sessionKey, KeyUsage.TGS_REP_ENCPART_SESSKEY); reply.setEncryptedEncPart(encryptedData); setReply(reply); }
/** * {@inheritDoc} */ @Override protected void makeReply() throws KrbException { Ticket ticket = getTicket(); TgsRep reply = new TgsRep(); if (getClientEntry() == null) { reply.setCname(ticket.getEncPart().getCname()); reply.setCrealm(ticket.getEncPart().getCrealm()); } else { reply.setCname(getClientEntry().getPrincipal()); reply.setCrealm(getKdcContext().getKdcRealm()); } reply.setTicket(ticket); EncKdcRepPart encKdcRepPart = makeEncKdcRepPart(); reply.setEncPart(encKdcRepPart); EncryptionKey sessionKey; if (getToken() != null) { sessionKey = getSessionKey(); } else { sessionKey = getTgtSessionKey(); } EncryptedData encryptedData = EncryptionUtil.seal(encKdcRepPart, sessionKey, KeyUsage.TGS_REP_ENCPART_SESSKEY); reply.setEncryptedEncPart(encryptedData); setReply(reply); }
public static void validate(EncryptionKey encKey, ApReq apReq, InetAddress initiator, long timeSkew) throws KrbException { validate(encKey, apReq); Ticket ticket = apReq.getTicket(); EncTicketPart tktEncPart = ticket.getEncPart(); Authenticator authenticator = apReq.getAuthenticator(); if (initiator != null) { HostAddresses clientAddrs = tktEncPart.getClientAddresses(); if (clientAddrs != null && !clientAddrs.contains(initiator)) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_BADADDR); } } if (timeSkew != 0) { if (!authenticator.getCtime().isInClockSkew(timeSkew)) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_SKEW); } KerberosTime now = KerberosTime.now(); KerberosTime startTime = tktEncPart.getStartTime(); if (startTime != null && !startTime.lessThanWithSkew(now, timeSkew)) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_TKT_NYV); } if (tktEncPart.getEndTime().lessThanWithSkew(now, timeSkew)) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_TKT_EXPIRED); } } }
public static void validate(EncryptionKey encKey, ApReq apReq, InetAddress initiator, long timeSkew) throws KrbException { validate(encKey, apReq); Ticket ticket = apReq.getTicket(); EncTicketPart tktEncPart = ticket.getEncPart(); Authenticator authenticator = apReq.getAuthenticator(); if (initiator != null) { HostAddresses clientAddrs = tktEncPart.getClientAddresses(); if (clientAddrs != null && !clientAddrs.contains(initiator)) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_BADADDR); } } if (timeSkew != 0) { if (!authenticator.getCtime().isInClockSkew(timeSkew)) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_SKEW); } KerberosTime now = KerberosTime.now(); KerberosTime startTime = tktEncPart.getStartTime(); if (startTime != null && !startTime.lessThanWithSkew(now, timeSkew)) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_TKT_NYV); } if (tktEncPart.getEndTime().lessThanWithSkew(now, timeSkew)) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_TKT_EXPIRED); } } }
public static void validate(EncryptionKey encKey, ApReq apReq, InetAddress initiator, long timeSkew) throws KrbException { validate(encKey, apReq); Ticket ticket = apReq.getTicket(); EncTicketPart tktEncPart = ticket.getEncPart(); Authenticator authenticator = apReq.getAuthenticator(); if (initiator != null) { HostAddresses clientAddrs = tktEncPart.getClientAddresses(); if (clientAddrs != null && !clientAddrs.contains(initiator)) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_BADADDR); } } if (timeSkew != 0) { if (!authenticator.getCtime().isInClockSkew(timeSkew)) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_SKEW); } KerberosTime now = KerberosTime.now(); KerberosTime startTime = tktEncPart.getStartTime(); if (startTime != null && !startTime.lessThanWithSkew(now, timeSkew)) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_TKT_NYV); } if (tktEncPart.getEndTime().lessThanWithSkew(now, timeSkew)) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_TKT_EXPIRED); } } }