Examples of EncryptionKey

• net.suberic.crypto.EncryptionKey
• org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey
  A Kerberos symmetric encryption key, which includes metadata support for the associated key type and key version number. The ASN.1 description for this structure is : EncryptionKey ::= SEQUENCE { keytype [0] Int32 -- actually encryption type --, keyvalue [1] OCTET STRING } @author Apache Directory Project @version $Rev: 902575 $, $Date: 2010-01-24 15:38:06 +0100 (Dim, 24 jan 2010) $
• org.apache.directory.shared.kerberos.components.EncryptionKey
  A Kerberos symmetric encryption key, which includes metadata support for the associated key type and key version number. The ASN.1 description for this structure is :

   EncryptionKey   ::= SEQUENCE { keytype         [0] Int32 -- actually encryption type --, keyvalue        [1] OCTET STRING } 

  @author Apache Directory Project
• org.apache.harmony.auth.internal.kerberos.v5.EncryptionKey
  f.org/rfc/rfc4120.txt
• sun.security.krb5.EncryptionKey
  This class encapsulates the concept of an EncryptionKey. An encryption key is defined in RFC 4120 as: EncryptionKey ::= SEQUENCE { keytype [0] Int32 -- actually encryption type --, keyvalue [1] OCTET STRING } keytype This field specifies the encryption type of the encryption key that follows in the keyvalue field. Although its name is "keytype", it actually specifies an encryption type. Previously, multiple cryptosystems that performed encryption differently but were capable of using keys with the same characteristics were permitted to share an assigned number to designate the type of key; this usage is now deprecated. keyvalue This field contains the key itself, encoded as an octet string.

Examples of org.apache.directory.shared.kerberos.components.EncryptionKey

     */
    protected EncryptionKey getEncryptionKey( KerberosPrincipal principal, String passPhrase )
    {
        KerberosKey kerberosKey = new KerberosKey( principal, passPhrase.toCharArray(), "AES128" );
        byte[] keyBytes = kerberosKey.getEncoded();
        return new EncryptionKey( EncryptionType.AES128_CTS_HMAC_SHA1_96, keyBytes );
    }

Examples of org.apache.directory.shared.kerberos.components.EncryptionKey

        TicketFlags ticketFlags = new TicketFlags();
        ticketFlags.setFlag( TicketFlag.RENEWABLE );
        encTicketPart.setFlags( ticketFlags );

        EncryptionKey sessionKey = RandomKeyFactory.getRandomKey( EncryptionType.AES128_CTS_HMAC_SHA1_96 );

        encTicketPart.setKey( sessionKey );
        encTicketPart.setCName( new PrincipalName( clientPrincipal ) );
        encTicketPart.setCRealm( clientPrincipal.getRealm() );
        encTicketPart.setTransited( new TransitedEncoding() );

Examples of org.apache.directory.shared.kerberos.components.EncryptionKey

        TicketFlags ticketFlags = new TicketFlags();
        ticketFlags.setFlag( TicketFlag.RENEWABLE );
        encTicketPart.setFlags( ticketFlags );

        EncryptionKey sessionKey = RandomKeyFactory.getRandomKey( EncryptionType.AES128_CTS_HMAC_SHA1_96 );

        encTicketPart.setKey( sessionKey );
        encTicketPart.setCName( new PrincipalName( clientPrincipal ) );
        encTicketPart.setCRealm( clientPrincipal.getRealm() );
        encTicketPart.setTransited( new TransitedEncoding() );

Examples of org.apache.directory.shared.kerberos.components.EncryptionKey

        KerberosConfig config = authContext.getConfig();

        PrincipalStoreEntry clientEntry = authContext.getClientEntry();
        String clientName = clientEntry.getPrincipal().getName();

        EncryptionKey clientKey = null;

        if ( clientEntry.getSamType() != null )
        {
            if ( LOG_KRB.isDebugEnabled() )
            {
                LOG_KRB
                    .debug(
                        "Entry for client principal {} has a valid SAM type.  Invoking SAM subsystem for pre-authentication.",
                        clientName );
            }

            List<PaData> preAuthData = request.getPaData();

            if ( ( preAuthData == null ) || ( preAuthData.size() == 0 ) )
            {
                LOG_KRB.debug( "No PreAuth Data" );
                throw new KerberosException( ErrorType.KDC_ERR_PREAUTH_REQUIRED, preparePreAuthenticationError(
                    authContext.getEncryptionType(), config
                        .getEncryptionTypes() ) );
            }

            try
            {
                for ( PaData paData : preAuthData )
                {
                    if ( paData.getPaDataType().equals( PaDataType.PA_ENC_TIMESTAMP ) )
                    {
                        KerberosKey samKey = SamSubsystem.getInstance().verify( clientEntry,
                            paData.getPaDataValue() );
                        clientKey = new EncryptionKey( EncryptionType.getTypeByValue( samKey.getKeyType() ), samKey
                            .getEncoded() );
                    }
                }
            }
            catch ( SamException se )

Examples of org.apache.directory.shared.kerberos.components.EncryptionKey

        KdcReq request = authContext.getRequest();
        CipherTextHandler cipherTextHandler = authContext.getCipherTextHandler();
        PrincipalStoreEntry clientEntry = authContext.getClientEntry();
        String clientName = clientEntry.getPrincipal().getName();

        EncryptionKey clientKey = null;

        if ( clientEntry.getSamType() == null )
        {
            LOG_KRB.debug(
                "Entry for client principal {} has no SAM type.  Proceeding with standard pre-authentication.",

Examples of org.apache.directory.shared.kerberos.components.EncryptionKey

        PrincipalName serverPrincipal = request.getKdcReqBody().getSName();

        LOG_KRB.debug( "--> Generating ticket for {}", serverPrincipal );

        EncryptionType encryptionType = authContext.getEncryptionType();
        EncryptionKey serverKey = authContext.getServerEntry().getKeyMap().get( encryptionType );

        PrincipalName ticketPrincipal = request.getKdcReqBody().getSName();

        EncTicketPart encTicketPart = new EncTicketPart();
        KerberosConfig config = authContext.getConfig();

        // The INITIAL flag indicates that a ticket was issued using the AS protocol.
        TicketFlags ticketFlags = new TicketFlags();
        encTicketPart.setFlags( ticketFlags );
        ticketFlags.setFlag( TicketFlag.INITIAL );

        // The PRE-AUTHENT flag indicates that the client used pre-authentication.
        if ( authContext.isPreAuthenticated() )
        {
            ticketFlags.setFlag( TicketFlag.PRE_AUTHENT );
        }

        if ( request.getKdcReqBody().getKdcOptions().get( KdcOptions.FORWARDABLE ) )
        {
            if ( !config.isForwardableAllowed() )
            {
                LOG_KRB.error( "Ticket cannot be generated, because Forwadable is not allowed" );
                throw new KerberosException( ErrorType.KDC_ERR_POLICY );
            }

            ticketFlags.setFlag( TicketFlag.FORWARDABLE );
        }

        if ( request.getKdcReqBody().getKdcOptions().get( KdcOptions.PROXIABLE ) )
        {
            if ( !config.isProxiableAllowed() )
            {
                LOG_KRB.error( "Ticket cannot be generated, because proxyiable is not allowed" );
                throw new KerberosException( ErrorType.KDC_ERR_POLICY );
            }

            ticketFlags.setFlag( TicketFlag.PROXIABLE );
        }

        if ( request.getKdcReqBody().getKdcOptions().get( KdcOptions.ALLOW_POSTDATE ) )
        {
            if ( !config.isPostdatedAllowed() )
            {
                LOG_KRB.error( "Ticket cannot be generated, because Posdate is not allowed" );
                throw new KerberosException( ErrorType.KDC_ERR_POLICY );
            }

            ticketFlags.setFlag( TicketFlag.MAY_POSTDATE );
        }

        KdcOptions kdcOptions = request.getKdcReqBody().getKdcOptions();

        if ( kdcOptions.get( KdcOptions.RENEW )
            || kdcOptions.get( KdcOptions.VALIDATE )
            || kdcOptions.get( KdcOptions.PROXY )
            || kdcOptions.get( KdcOptions.FORWARDED )
            || kdcOptions.get( KdcOptions.ENC_TKT_IN_SKEY ) )
        {
            String msg = "";

            if ( kdcOptions.get( KdcOptions.RENEW ) )
            {
                msg = "Ticket cannot be generated, as it's a renew";
            }

            if ( kdcOptions.get( KdcOptions.VALIDATE ) )
            {
                msg = "Ticket cannot be generated, as it's a validate";
            }

            if ( kdcOptions.get( KdcOptions.PROXY ) )
            {
                msg = "Ticket cannot be generated, as it's a proxy";
            }

            if ( kdcOptions.get( KdcOptions.FORWARDED ) )
            {
                msg = "Ticket cannot be generated, as it's forwarded";
            }

            if ( kdcOptions.get( KdcOptions.ENC_TKT_IN_SKEY ) )
            {
                msg = "Ticket cannot be generated, as it's a user-to-user ";
            }

            if ( LOG_KRB.isDebugEnabled() )
            {
                LOG_KRB.debug( msg );
            }

            throw new KerberosException( ErrorType.KDC_ERR_BADOPTION, msg );
        }

        EncryptionKey sessionKey = RandomKeyFactory.getRandomKey( authContext.getEncryptionType() );
        encTicketPart.setKey( sessionKey );

        encTicketPart.setCName( request.getKdcReqBody().getCName() );
        encTicketPart.setCRealm( request.getKdcReqBody().getRealm() );
        encTicketPart.setTransited( new TransitedEncoding() );

Examples of org.apache.directory.shared.kerberos.components.EncryptionKey

        {
            monitorContext( authContext );
            monitorReply( reply, encKdcRepPart );
        }

        EncryptionKey clientKey = authContext.getClientKey();
        EncryptedData encryptedData = cipherTextHandler.seal( clientKey, encAsRepPart,
            KeyUsage.AS_REP_ENC_PART_WITH_CKEY );
        reply.setEncPart( encryptedData );
        //FIXME the below setter is useless, remove it
        reply.setEncKdcRepPart( encKdcRepPart );

Examples of org.apache.directory.shared.kerberos.components.EncryptionKey

        // It's not correct with "uint16_t keylen", instead "uint32_t keylen" in keyblock
        keyLen = readInt();
        byte[] bytes = new byte[keyLen];
        read( bytes, 0, bytes.length );

        return new EncryptionKey( EncryptionType.getTypeByValue( keyType ), bytes );
    }

Examples of org.apache.directory.shared.kerberos.components.EncryptionKey

        if ( cpname == null || spname == null )
        {
          throw new IOException("Invalid client principal name or service principal name");
        }

        EncryptionKey key = readKey(version);

        KerberosTime[] times = readKerberosTimes();
        KerberosTime authtime = times[0];
        KerberosTime starttime = times[1];
        KerberosTime endtime = times[2];

Examples of org.apache.directory.shared.kerberos.components.EncryptionKey

        encTicketPart.setFlag( TicketFlag.INVALID );

        // Seal the ticket for the server.
        KerberosPrincipal serverPrincipal = new KerberosPrincipal( "krbtgt/EXAMPLE.COM@EXAMPLE.COM" );
        String passPhrase = "randomKey";
        EncryptionKey serverKey = getEncryptionKey( serverPrincipal, passPhrase );
        Ticket tgt = getTicket( encTicketPart, serverPrincipal, serverKey );

        KdcReqBody kdcReqBody = new KdcReqBody();
        kdcReqBody.setSName( getPrincipalName( "hnelson" ) );
        kdcReqBody.setRealm( "EXAMPLE.COM" );