/** * Construct a SgtTicket from KerberosTicket * @param kerberosTicket * @return * @throws GSSException */ public static SgtTicket getSgtTicketFromKerberosTicket(KerberosTicket kerberosTicket) throws GSSException { if (kerberosTicket == null) { return null; } Ticket ticket = getTicketFromAsn1Encoded(kerberosTicket.getEncoded()); EncTgsRepPart encTgsRepPart = new EncTgsRepPart(); fillEncKdcRepPart(encTgsRepPart, kerberosTicket); SgtTicket sgt = new SgtTicket(ticket, encTgsRepPart); return sgt; }
@Override public void processResponse(KdcRep kdcRep) throws KrbException { setKdcRep(kdcRep); TgsRep tgsRep = (TgsRep) getKdcRep(); EncTgsRepPart encTgsRepPart; try { encTgsRepPart = EncryptionUtil.unseal(tgsRep.getEncryptedEncPart(), getSessionKey(), KeyUsage.TGS_REP_ENCPART_SESSKEY, EncTgsRepPart.class); } catch (KrbException e) { encTgsRepPart = EncryptionUtil.unseal(tgsRep.getEncryptedEncPart(), getSessionKey(), KeyUsage.TGS_REP_ENCPART_SUBKEY, EncTgsRepPart.class); } tgsRep.setEncPart(encTgsRepPart); if (getChosenNonce() != encTgsRepPart.getNonce()) { LOG.error("Nonce " + getChosenNonce() + "didn't match " + encTgsRepPart.getNonce()); throw new KrbException("Nonce didn't match"); } }
/** * Make EncKdcRepPart. * @return encryption kdc response part */ private EncKdcRepPart makeEncKdcRepPart() { KdcReq request = getKdcReq(); Ticket ticket = getTicket(); EncKdcRepPart encKdcRepPart = new EncTgsRepPart(); //session key encKdcRepPart.setKey(ticket.getEncPart().getKey()); LastReq lastReq = new LastReq(); LastReqEntry entry = new LastReqEntry(); entry.setLrType(LastReqType.THE_LAST_INITIAL); entry.setLrValue(new KerberosTime()); lastReq.add(entry); encKdcRepPart.setLastReq(lastReq); encKdcRepPart.setNonce(request.getReqBody().getNonce()); encKdcRepPart.setFlags(ticket.getEncPart().getFlags()); encKdcRepPart.setAuthTime(ticket.getEncPart().getAuthTime()); encKdcRepPart.setStartTime(ticket.getEncPart().getStartTime()); encKdcRepPart.setEndTime(ticket.getEncPart().getEndTime()); if (ticket.getEncPart().getFlags().isFlagSet(TicketFlag.RENEWABLE)) { encKdcRepPart.setRenewTill(ticket.getEncPart().getRenewtill()); } encKdcRepPart.setSname(ticket.getSname()); encKdcRepPart.setSrealm(ticket.getRealm()); encKdcRepPart.setCaddr(ticket.getEncPart().getClientAddresses()); return encKdcRepPart; }
@Override public void processResponse(KdcRep kdcRep) throws KrbException { setKdcRep(kdcRep); TgsRep tgsRep = (TgsRep) getKdcRep(); EncTgsRepPart encTgsRepPart; try { encTgsRepPart = EncryptionUtil.unseal(tgsRep.getEncryptedEncPart(), getSessionKey(), KeyUsage.TGS_REP_ENCPART_SESSKEY, EncTgsRepPart.class); } catch (KrbException e) { encTgsRepPart = EncryptionUtil.unseal(tgsRep.getEncryptedEncPart(), getSessionKey(), KeyUsage.TGS_REP_ENCPART_SUBKEY, EncTgsRepPart.class); } tgsRep.setEncPart(encTgsRepPart); if (getChosenNonce() != encTgsRepPart.getNonce()) { LOG.error("Nonce " + getChosenNonce() + "didn't match " + encTgsRepPart.getNonce()); throw new KrbException("Nonce didn't match"); } }
/** * Make EncKdcRepPart. * @return encryption kdc response part */ private EncKdcRepPart makeEncKdcRepPart() { KdcReq request = getKdcReq(); Ticket ticket = getTicket(); EncKdcRepPart encKdcRepPart = new EncTgsRepPart(); //session key encKdcRepPart.setKey(ticket.getEncPart().getKey()); LastReq lastReq = new LastReq(); LastReqEntry entry = new LastReqEntry(); entry.setLrType(LastReqType.THE_LAST_INITIAL); entry.setLrValue(new KerberosTime()); lastReq.add(entry); encKdcRepPart.setLastReq(lastReq); encKdcRepPart.setNonce(request.getReqBody().getNonce()); encKdcRepPart.setFlags(ticket.getEncPart().getFlags()); encKdcRepPart.setAuthTime(ticket.getEncPart().getAuthTime()); encKdcRepPart.setStartTime(ticket.getEncPart().getStartTime()); encKdcRepPart.setEndTime(ticket.getEncPart().getEndTime()); if (ticket.getEncPart().getFlags().isFlagSet(TicketFlag.RENEWABLE)) { encKdcRepPart.setRenewTill(ticket.getEncPart().getRenewtill()); } encKdcRepPart.setSname(ticket.getSname()); encKdcRepPart.setSrealm(ticket.getRealm()); encKdcRepPart.setCaddr(ticket.getEncPart().getClientAddresses()); return encKdcRepPart; }