private void init(KrbTicket tkt, PrincipalName clientPrincipal) { EncKdcRepPart kdcRepPart = tkt.getEncKdcRepPart(); this.serverName = kdcRepPart.getSname(); this.serverRealm = kdcRepPart.getSrealm(); this.serverName.setRealm(serverRealm); this.clientName = clientPrincipal; this.key = kdcRepPart.getKey(); this.authTime = kdcRepPart.getAuthTime(); this.startTime = kdcRepPart.getStartTime(); this.endTime = kdcRepPart.getEndTime(); this.renewTill = kdcRepPart.getRenewTill(); this.ticketFlags = kdcRepPart.getFlags(); this.clientAddresses = kdcRepPart.getCaddr(); this.ticket = tkt.getTicket(); this.clientRealm = kdcRepPart.getSrealm(); this.isEncInSKey = false; this.secondTicket = null; }
EncKdcRepPart encKdcRepPart = tgtTicket.getEncKdcRepPart(); boolean[] flags = new boolean[7]; int flag = encKdcRepPart.getFlags().getFlags(); for (int i = 6; i >= 0; i--) { flags[i] = (flag & (1 << i)) != 0; if (encKdcRepPart.getStartTime() != null) { startTime = encKdcRepPart.getStartTime().getValue(); new KerberosPrincipal(tgtTicket.getEncKdcRepPart().getSname().getName()), encKdcRepPart.getKey().getKeyData(), encKdcRepPart.getKey().getKeyType().getValue(), flags, encKdcRepPart.getAuthTime().getValue(), startTime, encKdcRepPart.getEndTime().getValue(), encKdcRepPart.getRenewTill().getValue(), null );
KerberosPrincipal server = new KerberosPrincipal(serverName, serverPrinc.getNameType().getValue()); TicketFlags ticketFlags = encKdcRepPart.getFlags(); boolean[] flags = ticketFlagsToBooleans(ticketFlags); Date authTime = new Date(encKdcRepPart.getAuthTime().getTime()); Date startTime = null; if (encKdcRepPart.getStartTime() != null) { startTime = new Date(encKdcRepPart.getStartTime().getTime()); Date endTime = new Date(encKdcRepPart.getEndTime().getTime()); Date renewTill = new Date(encKdcRepPart.getRenewTill().getTime()); if (encKdcRepPart.getCaddr() != null) { List<HostAddress> hostAddresses = encKdcRepPart.getCaddr().getElements(); if (hostAddresses != null) { int i = 0;
encKdcRepPart.decode(decryptedData); } catch (IOException e) { throw new KrbException("Failed to decode EncAsRepPart", e); if (getChosenNonce() != encKdcRepPart.getNonce()) { throw new KrbException("Nonce didn't match"); PrincipalName returnedServerPrincipal = encKdcRepPart.getSname(); returnedServerPrincipal.setRealm(encKdcRepPart.getSrealm()); PrincipalName requestedServerPrincipal = getServerPrincipal(); if (requestedServerPrincipal.getRealm() == null) { List<HostAddress> requestHosts = hostAddresses.getElements(); if (!requestHosts.isEmpty()) { List<HostAddress> responseHosts = encKdcRepPart.getCaddr().getElements(); for (HostAddress h : requestHosts) { if (!responseHosts.contains(h)) {
encKdcRepPart.decode(decryptedData); } catch (IOException e) { throw new HasException("Failed to decode EncAsRepPart. " + e.getMessage()); LOG.debug("Ticket expire time: " + tgtTicket.getEncKdcRepPart().getEndTime());
private void setupInitiatorContext(SgtTicket sgt, ApRequest apRequest) throws GSSException { EncKdcRepPart encKdcRepPart = sgt.getEncKdcRepPart(); TicketFlags ticketFlags = encKdcRepPart.getFlags(); setTicketFlags(ticketFlags); setAuthTime(encKdcRepPart.getAuthTime().toString()); Authenticator auth; try { auth = apRequest.getApReq().getAuthenticator(); } catch (KrbException e) { throw new GSSException(GSSException.FAILURE, -1, "ApReq failed in Initiator"); } setMySequenceNumber(auth.getSeqNumber()); EncryptionKey subKey = auth.getSubKey(); if (subKey != null) { setSessionKey(subKey, GssContext.INITIATOR_SUBKEY); } else { setSessionKey(sgt.getSessionKey(), GssContext.SESSION_KEY); } if (!getMutualAuthState()) { setPeerSequenceNumber(0); } }
public EncryptionKey getSessionKey() { return encKdcRepPart.getKey(); }
private Authenticator makeAuthenticator() throws KrbException { Authenticator authenticator = new Authenticator(); authenticator.setAuthenticatorVno(5); authenticator.setCname(clientPrincipal); authenticator.setCrealm(clientPrincipal.getRealm()); authenticator.setCtime(KerberosTime.now()); authenticator.setCusec(0); authenticator.setSubKey(ticket.getSessionKey()); KerberosTime renewTill = null; if (getRequestOptions().contains(KrbKdcOption.RENEW)) { renewTill = ticket.getEncKdcRepPart().getRenewTill(); } KdcReqBody reqBody = getReqBody(renewTill); CheckSum checksum = CheckSumUtil.seal(reqBody, null, ticket.getSessionKey(), KeyUsage.TGS_REQ_AUTH_CKSUM); authenticator.setCksum(checksum); return authenticator; } }
EncKdcRepPart encKdcRepPart = tgtTicket.getEncKdcRepPart(); boolean[] flags = new boolean[7]; int flag = encKdcRepPart.getFlags().getFlags(); for (int i = 6; i >= 0; i--) { flags[i] = (flag & (1 << i)) != 0; if (encKdcRepPart.getStartTime() != null) { startTime = encKdcRepPart.getStartTime().getValue(); new KerberosPrincipal(tgtTicket.getEncKdcRepPart().getSname().getName()), encKdcRepPart.getKey().getKeyData(), encKdcRepPart.getKey().getKeyType().getValue(), flags, encKdcRepPart.getAuthTime().getValue(), startTime, encKdcRepPart.getEndTime().getValue(), encKdcRepPart.getRenewTill().getValue(), null );
encKdcRepPart.decode(decryptedData); } catch (IOException e) { throw new KrbException("Failed to decode EncAsRepPart", e); if (getChosenNonce() != encKdcRepPart.getNonce()) { throw new KrbException("Nonce didn't match"); PrincipalName returnedServerPrincipal = encKdcRepPart.getSname(); returnedServerPrincipal.setRealm(encKdcRepPart.getSrealm()); PrincipalName requestedServerPrincipal = getServerPrincipal(); if (requestedServerPrincipal.getRealm() == null) { List<HostAddress> requestHosts = hostAddresses.getElements(); if (!requestHosts.isEmpty()) { List<HostAddress> responseHosts = encKdcRepPart.getCaddr().getElements(); for (HostAddress h : requestHosts) { if (!responseHosts.contains(h)) {
encKdcRepPart.decode(decryptedData); } catch (IOException e) { throw new HasException("Failed to decode EncAsRepPart. " + e.getMessage()); LOG.debug("Ticket expire time: " + tgtTicket.getEncKdcRepPart().getEndTime());
public EncryptionKey getSessionKey() { return encKdcRepPart.getKey(); }
private Authenticator makeAuthenticator() throws KrbException { Authenticator authenticator = new Authenticator(); authenticator.setAuthenticatorVno(5); authenticator.setCname(clientPrincipal); authenticator.setCrealm(clientPrincipal.getRealm()); authenticator.setCtime(KerberosTime.now()); authenticator.setCusec(0); authenticator.setSubKey(ticket.getSessionKey()); KerberosTime renewTill = null; if (getRequestOptions().contains(KrbKdcOption.RENEW)) { renewTill = ticket.getEncKdcRepPart().getRenewTill(); } KdcReqBody reqBody = getReqBody(renewTill); CheckSum checksum = CheckSumUtil.seal(reqBody, null, ticket.getSessionKey(), KeyUsage.TGS_REQ_AUTH_CKSUM); authenticator.setCksum(checksum); return authenticator; } }
private void init(KrbTicket tkt, PrincipalName clientPrincipal) { EncKdcRepPart kdcRepPart = tkt.getEncKdcRepPart(); this.serverName = kdcRepPart.getSname(); this.serverRealm = kdcRepPart.getSrealm(); this.serverName.setRealm(serverRealm); this.clientName = clientPrincipal; this.key = kdcRepPart.getKey(); this.authTime = kdcRepPart.getAuthTime(); this.startTime = kdcRepPart.getStartTime(); this.endTime = kdcRepPart.getEndTime(); this.renewTill = kdcRepPart.getRenewTill(); this.ticketFlags = kdcRepPart.getFlags(); this.clientAddresses = kdcRepPart.getCaddr(); this.ticket = tkt.getTicket(); this.clientRealm = kdcRepPart.getSrealm(); this.isEncInSKey = false; this.secondTicket = null; }