@Override protected PrincipalName getclientPrincipal() { PrincipalName clientPrincipal; if (token != null) { clientPrincipal = new PrincipalName(token.getSubject()); } else { clientPrincipal = tgtTicket.getEncPart().getCname(); clientPrincipal.setRealm(tgtTicket.getEncPart().getCrealm()); } return clientPrincipal; }
@Override protected PrincipalName getclientPrincipal() { PrincipalName clientPrincipal; if (token != null) { clientPrincipal = new PrincipalName(token.getSubject()); } else { clientPrincipal = tgtTicket.getEncPart().getCname(); clientPrincipal.setRealm(tgtTicket.getEncPart().getCrealm()); } return clientPrincipal; }
public static void validate(EncryptionKey encKey, ApReq apReq) throws KrbException { Ticket ticket = apReq.getTicket(); if (encKey == null) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_NOKEY); } EncTicketPart encPart = EncryptionUtil.unseal(ticket.getEncryptedEncPart(), encKey, KeyUsage.KDC_REP_TICKET, EncTicketPart.class); ticket.setEncPart(encPart); unsealAuthenticator(encPart.getKey(), apReq); Authenticator authenticator = apReq.getAuthenticator(); if (!authenticator.getCname().equals(ticket.getEncPart().getCname())) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_BADMATCH); } if (!authenticator.getCrealm().equals(ticket.getEncPart().getCrealm())) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_BADMATCH); } }
public static void validate(EncryptionKey encKey, ApReq apReq) throws KrbException { Ticket ticket = apReq.getTicket(); if (encKey == null) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_NOKEY); } EncTicketPart encPart = EncryptionUtil.unseal(ticket.getEncryptedEncPart(), encKey, KeyUsage.KDC_REP_TICKET, EncTicketPart.class); ticket.setEncPart(encPart); unsealAuthenticator(encPart.getKey(), apReq); Authenticator authenticator = apReq.getAuthenticator(); if (!authenticator.getCname().equals(ticket.getEncPart().getCname())) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_BADMATCH); } if (!authenticator.getCrealm().equals(ticket.getEncPart().getCrealm())) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_BADMATCH); } }
public static void validate(EncryptionKey encKey, ApReq apReq) throws KrbException { Ticket ticket = apReq.getTicket(); if (encKey == null) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_NOKEY); } EncTicketPart encPart = EncryptionUtil.unseal(ticket.getEncryptedEncPart(), encKey, KeyUsage.KDC_REP_TICKET, EncTicketPart.class); ticket.setEncPart(encPart); unsealAuthenticator(encPart.getKey(), apReq); Authenticator authenticator = apReq.getAuthenticator(); if (!authenticator.getCname().equals(ticket.getEncPart().getCname())) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_BADMATCH); } if (!authenticator.getCrealm().equals(ticket.getEncPart().getCrealm())) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_BADMATCH); } }
/** * {@inheritDoc} */ @Override protected void makeReply() throws KrbException { Ticket ticket = getTicket(); TgsRep reply = new TgsRep(); if (getClientEntry() == null) { reply.setCname(ticket.getEncPart().getCname()); reply.setCrealm(ticket.getEncPart().getCrealm()); } else { reply.setCname(getClientEntry().getPrincipal()); reply.setCrealm(getKdcContext().getKdcRealm()); } reply.setTicket(ticket); EncKdcRepPart encKdcRepPart = makeEncKdcRepPart(); reply.setEncPart(encKdcRepPart); EncryptionKey sessionKey; if (getToken() != null) { sessionKey = getSessionKey(); } else { sessionKey = getTgtSessionKey(); } EncryptedData encryptedData = EncryptionUtil.seal(encKdcRepPart, sessionKey, KeyUsage.TGS_REP_ENCPART_SESSKEY); reply.setEncryptedEncPart(encryptedData); setReply(reply); }
/** * {@inheritDoc} */ @Override protected void makeReply() throws KrbException { Ticket ticket = getTicket(); TgsRep reply = new TgsRep(); if (getClientEntry() == null) { reply.setCname(ticket.getEncPart().getCname()); reply.setCrealm(ticket.getEncPart().getCrealm()); } else { reply.setCname(getClientEntry().getPrincipal()); reply.setCrealm(getKdcContext().getKdcRealm()); } reply.setTicket(ticket); EncKdcRepPart encKdcRepPart = makeEncKdcRepPart(); reply.setEncPart(encKdcRepPart); EncryptionKey sessionKey; if (getToken() != null) { sessionKey = getSessionKey(); } else { sessionKey = getTgtSessionKey(); } EncryptedData encryptedData = EncryptionUtil.seal(encKdcRepPart, sessionKey, KeyUsage.TGS_REP_ENCPART_SESSKEY); reply.setEncryptedEncPart(encryptedData); setReply(reply); }