Examples of org.apache.directory.shared.kerberos.components.EncryptedData

• org.apache.directory.shared.kerberos.components.EncryptedData
  A structure storing an encrypted data element. The ASN.1 grammar is :

   EncryptedData   ::= SEQUENCE { etype   [0] Int32 -- EncryptionType --, kvno    [1] UInt32 OPTIONAL, cipher  [2] OCTET STRING -- ciphertext } 

  @author Apache Directory Project

             * new_tkt.enc-part := encrypt OCTET STRING using etype_for_key(second-ticket.key), second-ticket.key;
             */
            //throw new KerberosException( ErrorType.KDC_ERR_BADOPTION );
        }

        EncryptedData encryptedData = cipherTextHandler.seal( serverKey, newTicketPart, KeyUsage.AS_OR_TGS_REP_TICKET_WITH_SRVKEY );

        Ticket newTicket = new Ticket( request.getKdcReqBody().getSName(), encryptedData );
        newTicket.setEncTicketPart( newTicketPart );
        newTicket.setRealm( request.getKdcReqBody().getRealm() );

        EncTgsRepPart encTgsRepPart = new EncTgsRepPart();
        encTgsRepPart.setEncKdcRepPart( encKdcRepPart );

        Authenticator authenticator = tgsContext.getAuthenticator();

        EncryptedData encryptedData;

        if ( authenticator.getSubKey() != null )
        {
            encryptedData = cipherTextHandler.seal( authenticator.getSubKey(), encTgsRepPart,
                KeyUsage.TGS_REP_ENC_PART_TGS_AUTHNT_SUB_KEY );

            paddedDataBytes[i] = checksumBytes[i - getConfounderLength()];
        }

        byte[] encryptedData = encrypt( paddedDataBytes, key.getKeyValue() );

        return new EncryptedData( getEncryptionType(), key.getKeyVersion(), encryptedData );
    }

             * new_tkt.enc-part := encrypt OCTET STRING using etype_for_key(second-ticket.key), second-ticket.key;
             */
            //throw new KerberosException( ErrorType.KDC_ERR_BADOPTION );
        }

        EncryptedData encryptedData = cipherTextHandler.seal( serverKey, newTicketPart,
            KeyUsage.AS_OR_TGS_REP_TICKET_WITH_SRVKEY );

        Ticket newTicket = new Ticket( request.getKdcReqBody().getSName(), encryptedData );
        newTicket.setEncTicketPart( newTicketPart );
        newTicket.setRealm( request.getKdcReqBody().getRealm() );

        EncTgsRepPart encTgsRepPart = new EncTgsRepPart();
        encTgsRepPart.setEncKdcRepPart( encKdcRepPart );

        Authenticator authenticator = tgsContext.getAuthenticator();

        EncryptedData encryptedData;

        if ( authenticator.getSubKey() != null )
        {
            encryptedData = cipherTextHandler.seal( authenticator.getSubKey(), encTgsRepPart,
                KeyUsage.TGS_REP_ENC_PART_TGS_AUTHNT_SUB_KEY );

                for ( PaData paData : preAuthData )
                {
                    if ( paData.getPaDataType().equals( PaDataType.PA_ENC_TIMESTAMP ) )
                    {
                        EncryptedData dataValue = KerberosDecoder.decodeEncryptedData( paData.getPaDataValue() );
                        byte[] decryptedData = cipherTextHandler.decrypt( clientKey, dataValue,
                            KeyUsage.AS_REQ_PA_ENC_TIMESTAMP_WITH_CKEY );
                        timestamp = KerberosDecoder.decodePaEncTsEnc( decryptedData );
                    }
                }

                LOG_KRB.error( "Ticket cannot be generated, as the addresses are null, and it's not allowed" );
                throw new KerberosException( ErrorType.KDC_ERR_POLICY );
            }
        }

        EncryptedData encryptedData = cipherTextHandler.seal( serverKey, encTicketPart,
            KeyUsage.AS_OR_TGS_REP_TICKET_WITH_SRVKEY );

        Ticket newTicket = new Ticket( ticketPrincipal, encryptedData );

        newTicket.setRealm( serverRealm );

            monitorContext( authContext );
            monitorReply( reply, encKdcRepPart );
        }

        EncryptionKey clientKey = authContext.getClientKey();
        EncryptedData encryptedData = cipherTextHandler.seal( clientKey, encAsRepPart,
            KeyUsage.AS_REP_ENC_PART_WITH_CKEY );
        reply.setEncPart( encryptedData );
        //FIXME the below setter is useless, remove it
        reply.setEncKdcRepPart( encKdcRepPart );

        if ( clientTgtReq.isPreAuthEnabled() )
        {
            PaEncTsEnc tmstmp = new PaEncTsEnc();
            tmstmp.setPaTimestamp( new KerberosTime() );

            EncryptedData paDataValue = cipherTextHandler.encrypt( clientKey, getEncoded( tmstmp ), KeyUsage.AS_REQ_PA_ENC_TIMESTAMP_WITH_CKEY );

            PaData paEncTstmp = new PaData();
            paEncTstmp.setPaDataType( PaDataType.PA_ENC_TIMESTAMP );
            paEncTstmp.setPaDataValue( getEncoded( paDataValue ) );

        {
            sessionKey = srvTktReq.getSubSessionKey();
            authenticator.setSubKey( sessionKey );
        }

        EncryptedData authnData = cipherTextHandler.encrypt( sessionKey, getEncoded( authenticator ), KeyUsage.TGS_REQ_PA_TGS_REQ_PADATA_AP_REQ_TGS_SESS_KEY );

        ApReq apReq = new ApReq();

        apReq.setAuthenticator( authnData );
        apReq.setTicket( srvTktReq.getTgt().getTicket() );