@Benchmark @Fork(1) @Warmup(iterations = 5) public void decodeWithKerby() throws Exception { ApReq apReq = new ApReq(); apReq.decode(apreqToken.duplicate()); String serverName = apReq.getTicket().getSname().toString(); if (serverName == null) { throw new RuntimeException("Decoding test failed"); } } }
public static void validate(EncryptionKey encKey, ApReq apReq) throws KrbException { Ticket ticket = apReq.getTicket(); if (encKey == null) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_NOKEY); } EncTicketPart encPart = EncryptionUtil.unseal(ticket.getEncryptedEncPart(), encKey, KeyUsage.KDC_REP_TICKET, EncTicketPart.class); ticket.setEncPart(encPart); unsealAuthenticator(encPart.getKey(), apReq); Authenticator authenticator = apReq.getAuthenticator(); if (!authenticator.getCname().equals(ticket.getEncPart().getCname())) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_BADMATCH); } if (!authenticator.getCrealm().equals(ticket.getEncPart().getCrealm())) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_BADMATCH); } }
public static void validate(EncryptionKey encKey, ApReq apReq) throws KrbException { Ticket ticket = apReq.getTicket(); if (encKey == null) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_NOKEY); } EncTicketPart encPart = EncryptionUtil.unseal(ticket.getEncryptedEncPart(), encKey, KeyUsage.KDC_REP_TICKET, EncTicketPart.class); ticket.setEncPart(encPart); unsealAuthenticator(encPart.getKey(), apReq); Authenticator authenticator = apReq.getAuthenticator(); if (!authenticator.getCname().equals(ticket.getEncPart().getCname())) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_BADMATCH); } if (!authenticator.getCrealm().equals(ticket.getEncPart().getCrealm())) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_BADMATCH); } }
public static void validate(EncryptionKey encKey, ApReq apReq) throws KrbException { Ticket ticket = apReq.getTicket(); if (encKey == null) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_NOKEY); } EncTicketPart encPart = EncryptionUtil.unseal(ticket.getEncryptedEncPart(), encKey, KeyUsage.KDC_REP_TICKET, EncTicketPart.class); ticket.setEncPart(encPart); unsealAuthenticator(encPart.getKey(), apReq); Authenticator authenticator = apReq.getAuthenticator(); if (!authenticator.getCname().equals(ticket.getEncPart().getCname())) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_BADMATCH); } if (!authenticator.getCrealm().equals(ticket.getEncPart().getCrealm())) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_BADMATCH); } }
Ticket ticket = apReq.getTicket(); EncryptionType encType = ticket.getEncryptedEncPart().getEType(); EncryptionKey tgsKey = getTgsEntry().getKeys().get(encType);
Ticket ticket = apReq.getTicket(); EncryptionType encType = ticket.getEncryptedEncPart().getEType(); EncryptionKey tgsKey = getTgsEntry().getKeys().get(encType);
public static void validate(EncryptionKey encKey, ApReq apReq, InetAddress initiator, long timeSkew) throws KrbException { validate(encKey, apReq); Ticket ticket = apReq.getTicket(); EncTicketPart tktEncPart = ticket.getEncPart(); Authenticator authenticator = apReq.getAuthenticator(); if (initiator != null) { HostAddresses clientAddrs = tktEncPart.getClientAddresses(); if (clientAddrs != null && !clientAddrs.contains(initiator)) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_BADADDR); } } if (timeSkew != 0) { if (!authenticator.getCtime().isInClockSkew(timeSkew)) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_SKEW); } KerberosTime now = KerberosTime.now(); KerberosTime startTime = tktEncPart.getStartTime(); if (startTime != null && !startTime.lessThanWithSkew(now, timeSkew)) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_TKT_NYV); } if (tktEncPart.getEndTime().lessThanWithSkew(now, timeSkew)) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_TKT_EXPIRED); } } }
public static void validate(EncryptionKey encKey, ApReq apReq, InetAddress initiator, long timeSkew) throws KrbException { validate(encKey, apReq); Ticket ticket = apReq.getTicket(); EncTicketPart tktEncPart = ticket.getEncPart(); Authenticator authenticator = apReq.getAuthenticator(); if (initiator != null) { HostAddresses clientAddrs = tktEncPart.getClientAddresses(); if (clientAddrs != null && !clientAddrs.contains(initiator)) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_BADADDR); } } if (timeSkew != 0) { if (!authenticator.getCtime().isInClockSkew(timeSkew)) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_SKEW); } KerberosTime now = KerberosTime.now(); KerberosTime startTime = tktEncPart.getStartTime(); if (startTime != null && !startTime.lessThanWithSkew(now, timeSkew)) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_TKT_NYV); } if (tktEncPart.getEndTime().lessThanWithSkew(now, timeSkew)) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_TKT_EXPIRED); } } }
public static void validate(EncryptionKey encKey, ApReq apReq, InetAddress initiator, long timeSkew) throws KrbException { validate(encKey, apReq); Ticket ticket = apReq.getTicket(); EncTicketPart tktEncPart = ticket.getEncPart(); Authenticator authenticator = apReq.getAuthenticator(); if (initiator != null) { HostAddresses clientAddrs = tktEncPart.getClientAddresses(); if (clientAddrs != null && !clientAddrs.contains(initiator)) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_BADADDR); } } if (timeSkew != 0) { if (!authenticator.getCtime().isInClockSkew(timeSkew)) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_SKEW); } KerberosTime now = KerberosTime.now(); KerberosTime startTime = tktEncPart.getStartTime(); if (startTime != null && !startTime.lessThanWithSkew(now, timeSkew)) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_TKT_NYV); } if (tktEncPart.getEndTime().lessThanWithSkew(now, timeSkew)) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_TKT_EXPIRED); } } }
tgtTicket = apReq.getTicket(); EncryptionKey tgsKey; EncryptionType encType = tgtTicket.getEncryptedEncPart().getEType();
tgtTicket = apReq.getTicket(); EncryptionKey tgsKey; EncryptionType encType = tgtTicket.getEncryptedEncPart().getEType();