Examples of org.apache.directory.shared.kerberos.KerberosTime

Package org.apache.directory.shared.kerberos

Examples of org.apache.directory.shared.kerberos.KerberosTime

org.apache.directory.shared.kerberos.KerberosTime
An specialization of the ASN.1 GeneralTime. The Kerberos time contains date and time up to the seconds, but with no fractional seconds. It's also always expressed as UTC timeZone, thus the 'Z' at the end of its string representation. @author Apache Directory Project


    private KerberosTime[] readKerberosTimes() throws IOException
    {
      long[] times = readTimes();
      KerberosTime[] results = new KerberosTime[times.length];
      KerberosTime ktime;
      for ( int i = 0; i < times.length; ++i ) 
      {
        ktime = times[i] == 0 ? null : new KerberosTime( times[i] );
        results[i] = ktime;
      }
      
      return results;
    }

View Full Code Here

        }
        
        EncryptionKey key = readKey(version);


        KerberosTime[] times = readKerberosTimes();
        KerberosTime authtime = times[0];
        KerberosTime starttime = times[1];
        KerberosTime endtime = times[2];
        KerberosTime renewTill = times[3];
        
        boolean skey = readskey();
        
        int flags = readFlags();
        TicketFlags tFlags = new TicketFlags(flags);

View Full Code Here

        encKdcRepPart.setKey( newTicket.getEncTicketPart().getKey() );
        encKdcRepPart.setNonce( request.getKdcReqBody().getNonce() );
        // TODO - resp.last-req := fetch_last_request_info(client); requires store
        // FIXME temporary fix, IMO we should create some new ATs to store this info in DIT
        LastReq lastReq = new LastReq();
        lastReq.addEntry( new LastReqEntry( LastReqType.TIME_OF_INITIAL_REQ, new KerberosTime() ) );
        encKdcRepPart.setLastReq( lastReq );


        encKdcRepPart.setFlags( newTicket.getEncTicketPart().getFlags() );
        encKdcRepPart.setClientAddresses( newTicket.getEncTicketPart().getClientAddresses() );
        encKdcRepPart.setAuthTime( newTicket.getEncTicketPart().getAuthTime() );

View Full Code Here

            if ( !tgt.getEncTicketPart().getFlags().isInvalid() )
            {
                throw new KerberosException( ErrorType.KDC_ERR_POLICY );
            }


            KerberosTime startTime = ( tgt.getEncTicketPart().getStartTime() != null ) ?
                tgt.getEncTicketPart().getStartTime() :
                tgt.getEncTicketPart().getAuthTime();


            if ( startTime.greaterThan( new KerberosTime() ) )
            {
                throw new KerberosException( ErrorType.KRB_AP_ERR_TKT_NYV );
            }


            echoTicket( newTicketPart, tgt );

View Full Code Here




    private static void processTimes( KerberosConfig config, KdcReq request, EncTicketPart newTicketPart,
        Ticket tgt ) throws KerberosException
    {
        KerberosTime now = new KerberosTime();


        newTicketPart.setAuthTime( tgt.getEncTicketPart().getAuthTime() );


        KerberosTime startTime = request.getKdcReqBody().getFrom();


        /*
         * "If the requested starttime is absent, indicates a time in the past,
         * or is within the window of acceptable clock skew for the KDC and the
         * POSTDATE option has not been specified, then the starttime of the
         * ticket is set to the authentication server's current time."
         */
        if ( startTime == null || startTime.lessThan( now ) || startTime.isInClockSkew( config.getAllowableClockSkew() )
            && !request.getKdcReqBody().getKdcOptions().get( KdcOptions.POSTDATED ) )
        {
            startTime = now;
        }


        /*
         * "If it indicates a time in the future beyond the acceptable clock skew,
         * but the POSTDATED option has not been specified or the MAY-POSTDATE flag
         * is not set in the TGT, then the error KDC_ERR_CANNOT_POSTDATE is
         * returned."
         */
        if ( startTime != null
            && startTime.greaterThan( now )
            && !startTime.isInClockSkew( config.getAllowableClockSkew() )
            && ( !request.getKdcReqBody().getKdcOptions().get( KdcOptions.POSTDATED ) || !tgt.getEncTicketPart()
                .getFlags().isMayPosdate() ) )
        {
            throw new KerberosException( ErrorType.KDC_ERR_CANNOT_POSTDATE );
        }


        KerberosTime renewalTime = null;
        KerberosTime kerberosEndTime = null;


        if ( request.getKdcReqBody().getKdcOptions().get( KdcOptions.RENEW ) )
        {
            if ( !config.isRenewableAllowed() )
            {
                throw new KerberosException( ErrorType.KDC_ERR_POLICY );
            }


            if ( !tgt.getEncTicketPart().getFlags().isRenewable() )
            {
                throw new KerberosException( ErrorType.KDC_ERR_BADOPTION );
            }


            if ( tgt.getEncTicketPart().getRenewTill().lessThan( now ) )
            {
                throw new KerberosException( ErrorType.KRB_AP_ERR_TKT_EXPIRED );
            }


            echoTicket( newTicketPart, tgt );


            newTicketPart.setStartTime( now );


            KerberosTime tgtStartTime = ( tgt.getEncTicketPart().getStartTime() != null ) ?
                tgt.getEncTicketPart().getStartTime() :
                tgt.getEncTicketPart().getAuthTime();


            long oldLife = tgt.getEncTicketPart().getEndTime().getTime() - tgtStartTime.getTime();


            kerberosEndTime = new KerberosTime( Math.min( tgt.getEncTicketPart().getRenewTill().getTime(),
                now.getTime() + oldLife ) );
            newTicketPart.setEndTime( kerberosEndTime );
        }
        else
        {
            if ( newTicketPart.getStartTime() == null )
            {
                newTicketPart.setStartTime( now );
            }


            KerberosTime till;
            if ( request.getKdcReqBody().getTill().isZero() )
            {
                till = KerberosTime.INFINITY;
            }
            else
            {
                till = request.getKdcReqBody().getTill();
            }


            /*
             * The end time is the minimum of (a) the requested till time or (b)
             * the start time plus maximum lifetime as configured in policy or (c)
             * the end time of the TGT.
             */
            List<KerberosTime> minimizer = new ArrayList<KerberosTime>();
            minimizer.add( till );
            minimizer.add( new KerberosTime( startTime.getTime() + config.getMaximumTicketLifetime() ) );
            minimizer.add( tgt.getEncTicketPart().getEndTime() );
            kerberosEndTime = Collections.min( minimizer );


            newTicketPart.setEndTime( kerberosEndTime );


            if ( request.getKdcReqBody().getKdcOptions().get( KdcOptions.RENEWABLE_OK )
                && kerberosEndTime.lessThan( request.getKdcReqBody().getTill() )
                && tgt.getEncTicketPart().getFlags().isRenewable() )
            {
                if ( !config.isRenewableAllowed() )
                {
                    throw new KerberosException( ErrorType.KDC_ERR_POLICY );
                }


                // We set the RENEWABLE option for later processing.
                request.getKdcReqBody().getKdcOptions().set( KdcOptions.RENEWABLE );
                long rtime = Math.min( request.getKdcReqBody().getTill().getTime(), tgt.getEncTicketPart()
                    .getRenewTill().getTime() );
                renewalTime = new KerberosTime( rtime );
            }
        }


        if ( renewalTime == null )
        {
            renewalTime = request.getKdcReqBody().getRTime();
        }


        KerberosTime rtime;
        if ( renewalTime != null && renewalTime.isZero() )
        {
            rtime = KerberosTime.INFINITY;
        }
        else
        {
            rtime = renewalTime;
        }


        if ( request.getKdcReqBody().getKdcOptions().get( KdcOptions.RENEWABLE )
            && tgt.getEncTicketPart().getFlags().isRenewable() )
        {
            if ( !config.isRenewableAllowed() )
            {
                throw new KerberosException( ErrorType.KDC_ERR_POLICY );
            }


            newTicketPart.setFlag( TicketFlag.RENEWABLE );


            /*
             * The renew-till time is the minimum of (a) the requested renew-till
             * time or (b) the start time plus maximum renewable lifetime as
             * configured in policy or (c) the renew-till time of the TGT.
             */
            List<KerberosTime> minimizer = new ArrayList<KerberosTime>();


            /*
             * 'rtime' KerberosTime is OPTIONAL
             */
            if ( rtime != null )
            {
                minimizer.add( rtime );
            }


            minimizer.add( new KerberosTime( startTime.getTime() + config.getMaximumRenewableLifetime() ) );
            minimizer.add( tgt.getEncTicketPart().getRenewTill() );
            newTicketPart.setRenewTill( Collections.min( minimizer ) );
        }


        /*

View Full Code Here

        kdcOptions.set( KdcOptions.FORWARDABLE );
        kdcReqBody.setKdcOptions( kdcOptions );


        long now = System.currentTimeMillis();


        KerberosTime requestedEndTime = new KerberosTime( now + 1 * KerberosTime.DAY );
        kdcReqBody.setTill( requestedEndTime );


        KdcReq message = getKdcRequest( tgt, kdcReqBody );


        handler.messageReceived( session, message );

View Full Code Here

        kdcOptions.set( KdcOptions.FORWARDED );
        kdcReqBody.setKdcOptions( kdcOptions );


        long now = System.currentTimeMillis();


        KerberosTime requestedEndTime = new KerberosTime( now + 1 * KerberosTime.DAY );
        kdcReqBody.setTill( requestedEndTime );


        KdcReq message = getKdcRequest( tgt, kdcReqBody );


        handler.messageReceived( session, message );

View Full Code Here

        kdcOptions.set( KdcOptions.FORWARDED );
        kdcReqBody.setKdcOptions( kdcOptions );


        long now = System.currentTimeMillis();


        KerberosTime requestedEndTime = new KerberosTime( now + 1 * KerberosTime.DAY );
        kdcReqBody.setTill( requestedEndTime );


        KdcReq message = getKdcRequest( tgt, kdcReqBody );


        handler.messageReceived( session, message );

View Full Code Here

        kdcOptions.set( KdcOptions.PROXIABLE );
        kdcReqBody.setKdcOptions( kdcOptions );


        long now = System.currentTimeMillis();


        KerberosTime requestedEndTime = new KerberosTime( now + 1 * KerberosTime.DAY );
        kdcReqBody.setTill( requestedEndTime );


        KdcReq message = getKdcRequest( tgt, kdcReqBody );


        handler.messageReceived( session, message );

View Full Code Here

        kdcOptions.set( KdcOptions.PROXY );
        kdcReqBody.setKdcOptions( kdcOptions );


        long now = System.currentTimeMillis();


        KerberosTime requestedEndTime = new KerberosTime( now + 1 * KerberosTime.DAY );
        kdcReqBody.setTill( requestedEndTime );


        HostAddress[] address =
            { new HostAddress( InetAddress.getByName( "127.0.0.1" ) ) };
        HostAddresses addresses = new HostAddresses( address );

View Full Code Here

0 1 2 3 4 5 6 7 8 9

TOP

Related Classes of org.apache.directory.shared.kerberos.KerberosTime

org.apache.directory.kerberos.client.KdcConnection

org.apache.directory.kerberos.client.KerberosConnection

org.apache.directory.kerberos.credentials.cache.CacheInputStream

org.apache.directory.server.changepw.protocol.ChangePasswordProtocolHandler

org.apache.directory.server.changepw.protocol.ChangepwProtocolHandlerTest

org.apache.directory.server.kerberos.changepwd.protocol.ChangePasswordProtocolHandler

org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService

org.apache.directory.server.kerberos.kdc.ticketgrant.TicketGrantingService

org.apache.directory.server.kerberos.protocol.AbstractAuthenticationServiceTest

org.apache.directory.server.kerberos.protocol.AbstractTicketGrantingServiceTest

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.