/** * {@inheritDoc} */ @Override protected void makeReply() throws KrbException { Ticket ticket = getTicket(); TgsRep reply = new TgsRep(); if (getClientEntry() == null) { reply.setCname(ticket.getEncPart().getCname()); reply.setCrealm(ticket.getEncPart().getCrealm()); } else { reply.setCname(getClientEntry().getPrincipal()); reply.setCrealm(getKdcContext().getKdcRealm()); } reply.setTicket(ticket); EncKdcRepPart encKdcRepPart = makeEncKdcRepPart(); reply.setEncPart(encKdcRepPart); EncryptionKey sessionKey; if (getToken() != null) { sessionKey = getSessionKey(); } else { sessionKey = getTgtSessionKey(); } EncryptedData encryptedData = EncryptionUtil.seal(encKdcRepPart, sessionKey, KeyUsage.TGS_REP_ENCPART_SESSKEY); reply.setEncryptedEncPart(encryptedData); setReply(reply); }
@Override public void processResponse(KdcRep kdcRep) throws KrbException { setKdcRep(kdcRep); TgsRep tgsRep = (TgsRep) getKdcRep(); EncTgsRepPart encTgsRepPart; try { encTgsRepPart = EncryptionUtil.unseal(tgsRep.getEncryptedEncPart(), getSessionKey(), KeyUsage.TGS_REP_ENCPART_SESSKEY, EncTgsRepPart.class); } catch (KrbException e) { encTgsRepPart = EncryptionUtil.unseal(tgsRep.getEncryptedEncPart(), getSessionKey(), KeyUsage.TGS_REP_ENCPART_SUBKEY, EncTgsRepPart.class); } tgsRep.setEncPart(encTgsRepPart); if (getChosenNonce() != encTgsRepPart.getNonce()) { LOG.error("Nonce " + getChosenNonce() + "didn't match " + encTgsRepPart.getNonce()); throw new KrbException("Nonce didn't match"); } }
public static KrbMessage decodeMessage(ByteBuffer buffer) throws IOException { Asn1ParseResult parsingResult = Asn1.parse(buffer); Tag tag = parsingResult.tag(); KrbMessage msg; KrbMessageType msgType = KrbMessageType.fromValue(tag.tagNo()); if (msgType == KrbMessageType.TGS_REQ) { msg = new TgsReq(); } else if (msgType == KrbMessageType.AS_REP) { msg = new AsRep(); } else if (msgType == KrbMessageType.AS_REQ) { msg = new AsReq(); } else if (msgType == KrbMessageType.TGS_REP) { msg = new TgsRep(); } else if (msgType == KrbMessageType.AP_REQ) { msg = new ApReq(); } else if (msgType == KrbMessageType.AP_REP) { msg = new ApReq(); } else if (msgType == KrbMessageType.KRB_ERROR) { msg = new KrbError(); } else { throw new IOException("To be supported krb message type with tag: " + tag); } msg.decode(parsingResult); return msg; }
public static KrbMessage decodeMessage(ByteBuffer buffer) throws IOException { Asn1ParseResult parsingResult = Asn1.parse(buffer); Tag tag = parsingResult.tag(); KrbMessage msg; KrbMessageType msgType = KrbMessageType.fromValue(tag.tagNo()); if (msgType == KrbMessageType.TGS_REQ) { msg = new TgsReq(); } else if (msgType == KrbMessageType.AS_REP) { msg = new AsRep(); } else if (msgType == KrbMessageType.AS_REQ) { msg = new AsReq(); } else if (msgType == KrbMessageType.TGS_REP) { msg = new TgsRep(); } else if (msgType == KrbMessageType.AP_REQ) { msg = new ApReq(); } else if (msgType == KrbMessageType.AP_REP) { msg = new ApReq(); } else if (msgType == KrbMessageType.KRB_ERROR) { msg = new KrbError(); } else { throw new IOException("To be supported krb message type with tag: " + tag); } msg.decode(parsingResult); return msg; }
/** * {@inheritDoc} */ @Override protected void makeReply() throws KrbException { Ticket ticket = getTicket(); TgsRep reply = new TgsRep(); if (getClientEntry() == null) { reply.setCname(ticket.getEncPart().getCname()); reply.setCrealm(ticket.getEncPart().getCrealm()); } else { reply.setCname(getClientEntry().getPrincipal()); reply.setCrealm(getKdcContext().getKdcRealm()); } reply.setTicket(ticket); EncKdcRepPart encKdcRepPart = makeEncKdcRepPart(); reply.setEncPart(encKdcRepPart); EncryptionKey sessionKey; if (getToken() != null) { sessionKey = getSessionKey(); } else { sessionKey = getTgtSessionKey(); } EncryptedData encryptedData = EncryptionUtil.seal(encKdcRepPart, sessionKey, KeyUsage.TGS_REP_ENCPART_SESSKEY); reply.setEncryptedEncPart(encryptedData); setReply(reply); }
@Override public void processResponse(KdcRep kdcRep) throws KrbException { setKdcRep(kdcRep); TgsRep tgsRep = (TgsRep) getKdcRep(); EncTgsRepPart encTgsRepPart; try { encTgsRepPart = EncryptionUtil.unseal(tgsRep.getEncryptedEncPart(), getSessionKey(), KeyUsage.TGS_REP_ENCPART_SESSKEY, EncTgsRepPart.class); } catch (KrbException e) { encTgsRepPart = EncryptionUtil.unseal(tgsRep.getEncryptedEncPart(), getSessionKey(), KeyUsage.TGS_REP_ENCPART_SUBKEY, EncTgsRepPart.class); } tgsRep.setEncPart(encTgsRepPart); if (getChosenNonce() != encTgsRepPart.getNonce()) { LOG.error("Nonce " + getChosenNonce() + "didn't match " + encTgsRepPart.getNonce()); throw new KrbException("Nonce didn't match"); } }