public TgsRequestWithTgt(KrbContext context, SgtTicket sgt) { super(context); setAllowedPreauth(PaDataType.TGS_REQ); ticket = sgt; clientPrincipal = sgt.getClientPrincipal(); if (clientPrincipal.getRealm() == null) { clientPrincipal.setRealm(sgt.getRealm()); } }
private Authenticator makeAuthenticator() throws KrbException { Authenticator authenticator = new Authenticator(); authenticator.setAuthenticatorVno(5); authenticator.setCname(clientPrincipal); authenticator.setCrealm(sgtTicket.getRealm()); long millis = System.currentTimeMillis(); int usec = (int) (millis % 1000) * 1000; millis -= millis % 1000; authenticator.setCtime(new KerberosTime(millis)); authenticator.setCusec(usec); if (flags.contains(ApOption.USE_SESSION_KEY)) { authenticator.setSubKey(sgtTicket.getSessionKey()); } return authenticator; }
public SgtTicket getSgt() { SgtTicket serviceTkt = new SgtTicket(getKdcRep().getTicket(), (EncTgsRepPart) getKdcRep().getEncPart()); return serviceTkt; } }
private ApReq makeApReq() throws KrbException { ApReq apReq = new ApReq(); Authenticator authenticator = makeAuthenticator(); EncryptionKey sessionKey = sgtTicket.getSessionKey(); EncryptedData authData = EncryptionUtil.seal(authenticator, sessionKey, KeyUsage.AP_REQ_AUTH); apReq.setEncryptedAuthenticator(authData); apReq.setAuthenticator(authenticator); apReq.setTicket(sgtTicket.getTicket()); ApOptions apOptions = new ApOptions(); for (ApOption flag : flags) { apOptions.setFlag(flag); } apReq.setApOptions(apOptions); return apReq; }
System.out.println(sgtTicket.getEncKdcRepPart().getSname().getName() + ": knvo = " + sgtTicket.getTicket().getEncryptedEncPart().getKvno()); return; System.out.println(sgtTicket.getEncKdcRepPart().getSname().getName() + ": knvo = " + sgtTicket.getTicket().getEncryptedEncPart().getKvno());
private void setupInitiatorContext(SgtTicket sgt, ApRequest apRequest) throws GSSException { EncKdcRepPart encKdcRepPart = sgt.getEncKdcRepPart(); TicketFlags ticketFlags = encKdcRepPart.getFlags(); setTicketFlags(ticketFlags); setAuthTime(encKdcRepPart.getAuthTime().toString()); Authenticator auth; try { auth = apRequest.getApReq().getAuthenticator(); } catch (KrbException e) { throw new GSSException(GSSException.FAILURE, -1, "ApReq failed in Initiator"); } setMySequenceNumber(auth.getSeqNumber()); EncryptionKey subKey = auth.getSubKey(); if (subKey != null) { setSessionKey(subKey, GssContext.INITIATOR_SUBKEY); } else { setSessionKey(sgt.getSessionKey(), GssContext.SESSION_KEY); } if (!getMutualAuthState()) { setPeerSequenceNumber(0); } }
public CredentialCache(SgtTicket sgt) { this(); addCredential(new Credential(sgt, sgt.getClientPrincipal())); setPrimaryPrincipal(sgt.getClientPrincipal()); }
getServerPrincipal()).getKey(tkt.getTicket().getEncryptedEncPart().getEType()); ApResponse apResponse = new ApResponse(apReq, encryptedKey); ApRep apRep = apResponse.getApRep();
this.key = sgt.getSessionKey();
tgsRequest.setRequestOptions(requestOptions); SgtTicket sgtTicket = doRequestSgt(tgsRequest); sgtTicket.setClientPrincipal(clientPrincipalName); tgsRequest = new TgsRequestWithTgt(context, sgtTicket); sgtTicket.setClientPrincipal(clientPrincipalName);
private ApReq makeApReq() throws KrbException { ApReq apReq = new ApReq(); Authenticator authenticator = makeAuthenticator(); EncryptionKey sessionKey = sgtTicket.getSessionKey(); EncryptedData authData = EncryptionUtil.seal(authenticator, sessionKey, KeyUsage.AP_REQ_AUTH); apReq.setEncryptedAuthenticator(authData); apReq.setAuthenticator(authenticator); apReq.setTicket(sgtTicket.getTicket()); ApOptions apOptions = new ApOptions(); for (ApOption flag : flags) { apOptions.setFlag(flag); } apReq.setApOptions(apOptions); return apReq; }
System.out.println(sgtTicket.getEncKdcRepPart().getSname().getName() + ": knvo = " + sgtTicket.getTicket().getEncryptedEncPart().getKvno()); return; System.out.println(sgtTicket.getEncKdcRepPart().getSname().getName() + ": knvo = " + sgtTicket.getTicket().getEncryptedEncPart().getKvno());
public CredentialCache(SgtTicket sgt) { this(); addCredential(new Credential(sgt, sgt.getClientPrincipal())); setPrimaryPrincipal(sgt.getClientPrincipal()); }
tgsRequest.setRequestOptions(requestOptions); SgtTicket sgtTicket = doRequestSgt(tgsRequest); sgtTicket.setClientPrincipal(clientPrincipalName); tgsRequest = new TgsRequestWithTgt(context, sgtTicket); sgtTicket.setClientPrincipal(clientPrincipalName);
private ApReq makeApReq() throws KrbException { ApReq apReq = new ApReq(); Authenticator authenticator = makeAuthenticator(); EncryptionKey sessionKey = sgtTicket.getSessionKey(); EncryptedData authData = EncryptionUtil.seal(authenticator, sessionKey, KeyUsage.AP_REQ_AUTH); apReq.setEncryptedAuthenticator(authData); apReq.setAuthenticator(authenticator); apReq.setTicket(sgtTicket.getTicket()); ApOptions apOptions = new ApOptions(); for (ApOption flag : flags) { apOptions.setFlag(flag); } apReq.setApOptions(apOptions); return apReq; }
private Authenticator makeAuthenticator() throws KrbException { Authenticator authenticator = new Authenticator(); authenticator.setAuthenticatorVno(5); authenticator.setCname(clientPrincipal); authenticator.setCrealm(sgtTicket.getRealm()); long millis = System.currentTimeMillis(); int usec = (int) (millis % 1000) * 1000; millis -= millis % 1000; authenticator.setCtime(new KerberosTime(millis)); authenticator.setCusec(usec); if (flags.contains(ApOption.USE_SESSION_KEY)) { authenticator.setSubKey(sgtTicket.getSessionKey()); } return authenticator; }
public TgsRequestWithTgt(KrbContext context, SgtTicket sgt) { super(context); setAllowedPreauth(PaDataType.TGS_REQ); ticket = sgt; clientPrincipal = sgt.getClientPrincipal(); if (clientPrincipal.getRealm() == null) { clientPrincipal.setRealm(sgt.getRealm()); } }
public static ApReq makeReq( SgtTicket sgt ) throws KrbException { ApRequest apRequest = new ApRequest( sgt.getClientPrincipal(), sgt ); ApReq apReq = apRequest.getApReq(); return apReq; }
public SgtTicket getSgt() { SgtTicket serviceTkt = new SgtTicket(getKdcRep().getTicket(), (EncTgsRepPart) getKdcRep().getEncPart()); return serviceTkt; } }
/** * Request a service ticket * @param ccFile The credential cache file * @param servicePrincipal The service principal * @return service ticket * @throws KrbException e */ public SgtTicket requestSgt(File ccFile, String servicePrincipal) throws KrbException { Credential credential = getCredentialFromFile(ccFile); TgtTicket tgt = getTgtTicketFromCredential(credential); KOptions requestOptions = new KOptions(); // Renew ticket if argument named servicePrincipal is null if (servicePrincipal == null) { requestOptions.add(KrbKdcOption.RENEW); servicePrincipal = credential.getServicePrincipal().getName(); } requestOptions.add(KrbOption.USE_TGT, tgt); requestOptions.add(KrbOption.SERVER_PRINCIPAL, servicePrincipal); SgtTicket sgtTicket = innerClient.requestSgt(requestOptions); sgtTicket.setClientPrincipal(tgt.getClientPrincipal()); return sgtTicket; }