public Ticket issueTicket() throws KrbException { KdcReq request = kdcRequest.getKdcReq(); Ticket issuedTicket = new Ticket(); PrincipalName serverPrincipal = getServerPrincipal(); issuedTicket.setSname(serverPrincipal); String serverRealm = request.getReqBody().getRealm(); issuedTicket.setRealm(serverRealm); EncTicketPart encTicketPart = makeEncTicketPart(); EncryptionKey encryptionKey = getTicketEncryptionKey(); EncryptedData encryptedData = EncryptionUtil.seal(encTicketPart, encryptionKey, KeyUsage.KDC_REP_TICKET); issuedTicket.setEncryptedEncPart(encryptedData); issuedTicket.setEncPart(encTicketPart); return issuedTicket; }
public static void validate(EncryptionKey encKey, ApReq apReq) throws KrbException { Ticket ticket = apReq.getTicket(); if (encKey == null) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_NOKEY); } EncTicketPart encPart = EncryptionUtil.unseal(ticket.getEncryptedEncPart(), encKey, KeyUsage.KDC_REP_TICKET, EncTicketPart.class); ticket.setEncPart(encPart); unsealAuthenticator(encPart.getKey(), apReq); Authenticator authenticator = apReq.getAuthenticator(); if (!authenticator.getCname().equals(ticket.getEncPart().getCname())) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_BADMATCH); } if (!authenticator.getCrealm().equals(ticket.getEncPart().getCrealm())) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_BADMATCH); } }
public Ticket issueTicket() throws KrbException { KdcReq request = kdcRequest.getKdcReq(); Ticket issuedTicket = new Ticket(); PrincipalName serverPrincipal = getServerPrincipal(); issuedTicket.setSname(serverPrincipal); String serverRealm = request.getReqBody().getRealm(); issuedTicket.setRealm(serverRealm); EncTicketPart encTicketPart = makeEncTicketPart(); EncryptionKey encryptionKey = getTicketEncryptionKey(); EncryptedData encryptedData = EncryptionUtil.seal(encTicketPart, encryptionKey, KeyUsage.KDC_REP_TICKET); issuedTicket.setEncryptedEncPart(encryptedData); issuedTicket.setEncPart(encTicketPart); return issuedTicket; }
public static void validate(EncryptionKey encKey, ApReq apReq) throws KrbException { Ticket ticket = apReq.getTicket(); if (encKey == null) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_NOKEY); } EncTicketPart encPart = EncryptionUtil.unseal(ticket.getEncryptedEncPart(), encKey, KeyUsage.KDC_REP_TICKET, EncTicketPart.class); ticket.setEncPart(encPart); unsealAuthenticator(encPart.getKey(), apReq); Authenticator authenticator = apReq.getAuthenticator(); if (!authenticator.getCname().equals(ticket.getEncPart().getCname())) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_BADMATCH); } if (!authenticator.getCrealm().equals(ticket.getEncPart().getCrealm())) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_BADMATCH); } }
public static void validate(EncryptionKey encKey, ApReq apReq) throws KrbException { Ticket ticket = apReq.getTicket(); if (encKey == null) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_NOKEY); } EncTicketPart encPart = EncryptionUtil.unseal(ticket.getEncryptedEncPart(), encKey, KeyUsage.KDC_REP_TICKET, EncTicketPart.class); ticket.setEncPart(encPart); unsealAuthenticator(encPart.getKey(), apReq); Authenticator authenticator = apReq.getAuthenticator(); if (!authenticator.getCname().equals(ticket.getEncPart().getCname())) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_BADMATCH); } if (!authenticator.getCrealm().equals(ticket.getEncPart().getCrealm())) { throw new KrbException(KrbErrorCode.KRB_AP_ERR_BADMATCH); } }
throw new KrbException(errMessage); ticket.setEncPart(encPart);
throw new KrbException(errMessage); ticket.setEncPart(encPart);
tgtTicket.setEncPart(encPart);
tgtTicket.setEncPart(encPart);