Examples of org.apache.directory.server.kerberos.shared.messages.components.Authenticator

Package org.apache.directory.server.kerberos.shared.messages.components

Examples of org.apache.directory.server.kerberos.shared.messages.components.Authenticator

org.apache.directory.server.kerberos.shared.messages.components.Authenticator
@author Apache Directory Project @version $Rev: 590676 $, $Date: 2007-10-31 14:55:38 +0100 (Mer, 31 oct 2007) $

        ReplayCache replayCache = tgsContext.getReplayCache();
        boolean emptyAddressesAllowed = tgsContext.getConfig().isEmptyAddressesAllowed();
        InetAddress clientAddress = tgsContext.getClientAddress();
        CipherTextHandler cipherTextHandler = tgsContext.getCipherTextHandler();


        Authenticator authenticator = KerberosUtils.verifyAuthHeader( authHeader, tgt, serverKey, clockSkew, replayCache,
            emptyAddressesAllowed, clientAddress, cipherTextHandler, KeyUsage.NUMBER7, isValidate );


        tgsContext.setAuthenticator( authenticator );
    }

View Full Code Here

    
    private static void generateTicket( TicketGrantingContext tgsContext ) throws KerberosException
    {
        KdcRequest request = tgsContext.getRequest();
        Ticket tgt = tgsContext.getTgt();
        Authenticator authenticator = tgsContext.getAuthenticator();
        CipherTextHandler cipherTextHandler = tgsContext.getCipherTextHandler();
        KerberosPrincipal ticketPrincipal = request.getServerPrincipal();


        EncryptionType encryptionType = tgsContext.getEncryptionType();
        EncryptionKey serverKey = tgsContext.getRequestPrincipalEntry().getKeyMap().get( encryptionType );


        KdcServer config = tgsContext.getConfig();


        EncTicketPartModifier newTicketBody = new EncTicketPartModifier();


        newTicketBody.setClientAddresses( tgt.getEncTicketPart().getClientAddresses() );


        processFlags( config, request, tgt, newTicketBody );


        EncryptionKey sessionKey = RandomKeyFactory.getRandomKey( tgsContext.getEncryptionType() );
        newTicketBody.setSessionKey( sessionKey );


        newTicketBody.setClientPrincipal( tgt.getEncTicketPart().getClientPrincipal() );


        if ( request.getEncAuthorizationData() != null )
        {
            AuthorizationData authData = ( AuthorizationData ) cipherTextHandler.unseal( AuthorizationData.class,
                authenticator.getSubSessionKey(), request.getEncAuthorizationData(), KeyUsage.NUMBER4 );
            authData.add( tgt.getEncTicketPart().getAuthorizationData() );
            newTicketBody.setAuthorizationData( authData );
        }


        processTransited( newTicketBody, tgt );

View Full Code Here

    private static void sealReply( TicketGrantingContext tgsContext ) throws KerberosException
    {
        TicketGrantReply reply = ( TicketGrantReply ) tgsContext.getReply();
        Ticket tgt = tgsContext.getTgt();
        CipherTextHandler cipherTextHandler = tgsContext.getCipherTextHandler();
        Authenticator authenticator = tgsContext.getAuthenticator();


        EncryptedData encryptedData;


        if ( authenticator.getSubSessionKey() != null )
        {
            encryptedData = cipherTextHandler.seal( authenticator.getSubSessionKey(), reply, KeyUsage.NUMBER9 );
        }
        else
        {
            encryptedData = cipherTextHandler.seal( tgt.getEncTicketPart().getSessionKey(), reply, KeyUsage.NUMBER8 );
        }

View Full Code Here

        authenticatorModifier.setSequenceNumber( sequenceNumber );


        Checksum checksum = getBodyChecksum( requestBody, checksumType );
        authenticatorModifier.setChecksum( checksum );


        Authenticator authenticator = authenticatorModifier.getAuthenticator();


        EncryptedData encryptedAuthenticator = lockBox.seal( sessionKey, authenticator, KeyUsage.NUMBER7 );


        return encryptedAuthenticator;
    }

View Full Code Here

    
    
    private static void processPasswordChange( ChangePasswordContext changepwContext ) throws KerberosException
    {
        PrincipalStore store = changepwContext.getStore();
        Authenticator authenticator = changepwContext.getAuthenticator();
        String newPassword = changepwContext.getPassword();
        KerberosPrincipal clientPrincipal = authenticator.getClientPrincipal();


        // usec and seq-number must be present per MS but aren't in legacy kpasswd
        // seq-number must have same value as authenticator
        // ignore r-address

View Full Code Here

        ReplayCache replayCache = changepwContext.getReplayCache();
        boolean emptyAddressesAllowed = changepwContext.getConfig().isEmptyAddressesAllowed();
        InetAddress clientAddress = changepwContext.getClientAddress();
        CipherTextHandler cipherTextHandler = changepwContext.getCipherTextHandler();


        Authenticator authenticator = KerberosUtils.verifyAuthHeader( authHeader, ticket, serverKey, clockSkew, replayCache,
            emptyAddressesAllowed, clientAddress, cipherTextHandler, KeyUsage.NUMBER11, false );


        ChangePasswordRequest request = ( ChangePasswordRequest ) changepwContext.getRequest();


        if ( request.getVersionNumber() == 1 && !ticket.getEncTicketPart().getFlags().isInitial() )

View Full Code Here

    
    
    private static void extractPassword( ChangePasswordContext changepwContext ) throws KerberosException, IOException
    {
        ChangePasswordRequest request = ( ChangePasswordRequest ) changepwContext.getRequest();
        Authenticator authenticator = changepwContext.getAuthenticator();
        CipherTextHandler cipherTextHandler = changepwContext.getCipherTextHandler();


        // TODO - check ticket is for service authorized to change passwords
        // ticket.getServerPrincipal().getName().equals(config.getChangepwPrincipal().getName()));


        // TODO - check client principal in ticket is authorized to change password


        // get the subsession key from the Authenticator
        EncryptionKey subSessionKey = authenticator.getSubSessionKey();


        // decrypt the request's private message with the subsession key
        EncryptedData encReqPrivPart = request.getPrivateMessage().getEncryptedPart();


        EncKrbPrivPart privatePart;

View Full Code Here

            ApplicationRequest authHeader = changepwContext.getAuthHeader();
            Ticket ticket = changepwContext.getTicket();
            ReplayCache replayCache = changepwContext.getReplayCache();
            long clockSkew = changepwContext.getConfig().getAllowableClockSkew();


            Authenticator authenticator = changepwContext.getAuthenticator();
            KerberosPrincipal clientPrincipal = authenticator.getClientPrincipal();
            String desiredPassword = changepwContext.getPassword();


            InetAddress clientAddress = changepwContext.getClientAddress();
            HostAddresses clientAddresses = ticket.getEncTicketPart().getClientAddresses();

View Full Code Here

    }
    
    
    private static void buildReply( ChangePasswordContext changepwContext ) throws KerberosException, UnknownHostException
    {
        Authenticator authenticator = changepwContext.getAuthenticator();
        Ticket ticket = changepwContext.getTicket();
        CipherTextHandler cipherTextHandler = changepwContext.getCipherTextHandler();


        // begin building reply


        // create priv message
        // user-data component is short result code
        EncKrbPrivPartModifier modifier = new EncKrbPrivPartModifier();
        byte[] resultCode =
            { ( byte ) 0x00, ( byte ) 0x00 };
        modifier.setUserData( resultCode );


        modifier.setSenderAddress( new HostAddress( InetAddress.getLocalHost() ) );
        EncKrbPrivPart privPart = modifier.getEncKrbPrivPart();


        // get the subsession key from the Authenticator
        EncryptionKey subSessionKey = authenticator.getSubSessionKey();


        EncryptedData encPrivPart;


        try
        {
            encPrivPart = cipherTextHandler.seal( subSessionKey, privPart, KeyUsage.NUMBER13 );
        }
        catch ( KerberosException ke )
        {
            throw new ChangePasswordException( ErrorType.KRB5_KPASSWD_SOFTERROR, ke );
        }


        PrivateMessage privateMessage = new PrivateMessage( encPrivPart );


        // Begin AP_REP generation
        EncApRepPartModifier encApModifier = new EncApRepPartModifier();
        encApModifier.setClientTime( authenticator.getClientTime() );
        encApModifier.setClientMicroSecond( authenticator.getClientMicroSecond() );
        encApModifier.setSequenceNumber( new Integer( authenticator.getSequenceNumber() ) );
        encApModifier.setSubSessionKey( authenticator.getSubSessionKey() );


        EncApRepPart repPart = encApModifier.getEncApRepPart();


        EncryptedData encRepPart;

View Full Code Here

    public void execute( NextCommand next, IoSession session, Object message ) throws Exception
    {
        ChangePasswordContext changepwContext = ( ChangePasswordContext ) session.getAttribute( getContextKey() );


        ChangePasswordServer config = changepwContext.getConfig();
        Authenticator authenticator = changepwContext.getAuthenticator();
        KerberosPrincipal clientPrincipal = authenticator.getClientPrincipal();


        String password = changepwContext.getPassword();
        String username = clientPrincipal.getName();


        int passwordLength = config.getPasswordLengthPolicy();

View Full Code Here

0 1

TOP

Related Classes of org.apache.directory.server.kerberos.shared.messages.components.Authenticator

org.apache.directory.server.changepw.service.ChangePasswordService

org.apache.directory.server.changepw.service.CheckPasswordPolicy

org.apache.directory.server.kerberos.kdc.ticketgrant.TicketGrantingService

org.apache.directory.server.kerberos.protocol.AbstractTicketGrantingServiceTest

org.apache.directory.server.kerberos.shared.KerberosUtils

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.