public static void validate(EncryptionKey encKey, ApReq apReq, InetAddress initiator, long timeSkew) throws KrbException { validate(encKey, apReq); Ticket ticket = apReq.getTicket(); EncTicketPart tktEncPart = ticket.getEncPart(); Authenticator authenticator = apReq.getAuthenticator(); if (initiator != null) { HostAddresses clientAddrs = tktEncPart.getClientAddresses(); if (clientAddrs != null && !clientAddrs.contains(initiator)) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_BADADDR); } } if (timeSkew != 0) { if (!authenticator.getCtime().isInClockSkew(timeSkew)) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_SKEW); } KerberosTime now = KerberosTime.now(); KerberosTime startTime = tktEncPart.getStartTime(); if (startTime != null && !startTime.lessThanWithSkew(now, timeSkew)) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_TKT_NYV); } if (tktEncPart.getEndTime().lessThanWithSkew(now, timeSkew)) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_TKT_EXPIRED); } } }
public static void validate(EncryptionKey encKey, ApReq apReq, InetAddress initiator, long timeSkew) throws KrbException { validate(encKey, apReq); Ticket ticket = apReq.getTicket(); EncTicketPart tktEncPart = ticket.getEncPart(); Authenticator authenticator = apReq.getAuthenticator(); if (initiator != null) { HostAddresses clientAddrs = tktEncPart.getClientAddresses(); if (clientAddrs != null && !clientAddrs.contains(initiator)) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_BADADDR); } } if (timeSkew != 0) { if (!authenticator.getCtime().isInClockSkew(timeSkew)) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_SKEW); } KerberosTime now = KerberosTime.now(); KerberosTime startTime = tktEncPart.getStartTime(); if (startTime != null && !startTime.lessThanWithSkew(now, timeSkew)) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_TKT_NYV); } if (tktEncPart.getEndTime().lessThanWithSkew(now, timeSkew)) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_TKT_EXPIRED); } } }
public static void validate(EncryptionKey encKey, ApReq apReq, InetAddress initiator, long timeSkew) throws KrbException { validate(encKey, apReq); Ticket ticket = apReq.getTicket(); EncTicketPart tktEncPart = ticket.getEncPart(); Authenticator authenticator = apReq.getAuthenticator(); if (initiator != null) { HostAddresses clientAddrs = tktEncPart.getClientAddresses(); if (clientAddrs != null && !clientAddrs.contains(initiator)) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_BADADDR); } } if (timeSkew != 0) { if (!authenticator.getCtime().isInClockSkew(timeSkew)) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_SKEW); } KerberosTime now = KerberosTime.now(); KerberosTime startTime = tktEncPart.getStartTime(); if (startTime != null && !startTime.lessThanWithSkew(now, timeSkew)) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_TKT_NYV); } if (tktEncPart.getEndTime().lessThanWithSkew(now, timeSkew)) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_TKT_EXPIRED); } } }
/** * Make EncKdcRepPart. * @return encryption kdc response part */ private EncKdcRepPart makeEncKdcRepPart() { KdcReq request = getKdcReq(); Ticket ticket = getTicket(); EncKdcRepPart encKdcRepPart = new EncTgsRepPart(); //session key encKdcRepPart.setKey(ticket.getEncPart().getKey()); LastReq lastReq = new LastReq(); LastReqEntry entry = new LastReqEntry(); entry.setLrType(LastReqType.THE_LAST_INITIAL); entry.setLrValue(new KerberosTime()); lastReq.add(entry); encKdcRepPart.setLastReq(lastReq); encKdcRepPart.setNonce(request.getReqBody().getNonce()); encKdcRepPart.setFlags(ticket.getEncPart().getFlags()); encKdcRepPart.setAuthTime(ticket.getEncPart().getAuthTime()); encKdcRepPart.setStartTime(ticket.getEncPart().getStartTime()); encKdcRepPart.setEndTime(ticket.getEncPart().getEndTime()); if (ticket.getEncPart().getFlags().isFlagSet(TicketFlag.RENEWABLE)) { encKdcRepPart.setRenewTill(ticket.getEncPart().getRenewtill()); } encKdcRepPart.setSname(ticket.getSname()); encKdcRepPart.setSrealm(ticket.getRealm()); encKdcRepPart.setCaddr(ticket.getEncPart().getClientAddresses()); return encKdcRepPart; }
encKdcRepPart.setStartTime(ticket.getEncPart().getStartTime()); encKdcRepPart.setEndTime(ticket.getEncPart().getEndTime());
/** * Make EncKdcRepPart. * @return encryption kdc response part */ private EncKdcRepPart makeEncKdcRepPart() { KdcReq request = getKdcReq(); Ticket ticket = getTicket(); EncKdcRepPart encKdcRepPart = new EncTgsRepPart(); //session key encKdcRepPart.setKey(ticket.getEncPart().getKey()); LastReq lastReq = new LastReq(); LastReqEntry entry = new LastReqEntry(); entry.setLrType(LastReqType.THE_LAST_INITIAL); entry.setLrValue(new KerberosTime()); lastReq.add(entry); encKdcRepPart.setLastReq(lastReq); encKdcRepPart.setNonce(request.getReqBody().getNonce()); encKdcRepPart.setFlags(ticket.getEncPart().getFlags()); encKdcRepPart.setAuthTime(ticket.getEncPart().getAuthTime()); encKdcRepPart.setStartTime(ticket.getEncPart().getStartTime()); encKdcRepPart.setEndTime(ticket.getEncPart().getEndTime()); if (ticket.getEncPart().getFlags().isFlagSet(TicketFlag.RENEWABLE)) { encKdcRepPart.setRenewTill(ticket.getEncPart().getRenewtill()); } encKdcRepPart.setSname(ticket.getSname()); encKdcRepPart.setSrealm(ticket.getRealm()); encKdcRepPart.setCaddr(ticket.getEncPart().getClientAddresses()); return encKdcRepPart; }
encKdcRepPart.setStartTime(ticket.getEncPart().getStartTime()); encKdcRepPart.setEndTime(ticket.getEncPart().getEndTime());
KerberosTime startTime = tgtTicket.getEncPart().getStartTime(); if (startTime == null) { startTime = tgtTicket.getEncPart().getAuthTime();
KerberosTime startTime = tgtTicket.getEncPart().getStartTime(); if (startTime == null) { startTime = tgtTicket.getEncPart().getAuthTime();