Package org.apache.directory.shared.kerberos.messages

Examples of org.apache.directory.shared.kerberos.messages.AsRep

783
784
785
786
787
788
789
790
791
792
793
        handler.messageReceived( session, message );

        Object msg = session.getMessage();
        assertEquals( "session.getMessage() instanceOf", AsRep.class, msg.getClass() );
        AsRep reply = ( AsRep ) msg;

        assertTrue( "Requested end time", requestedEndTime.equals( reply.getEndTime() ) );

        assertTrue( "PRE_AUTHENT flag", reply.getTicket().getEncTicketPart().getFlags().isPreAuth() );
    }
View Full Code Here
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
        Asn1Decoder kdcRepDecoder = new Asn1Decoder();

        KdcRepContainer kdcRepContainer = new KdcRepContainer( asRepContainer.getStream() );

        // Store the created AS-REP object into the KDC-REP container
        AsRep asRep = new AsRep();
        kdcRepContainer.setKdcRep( asRep );

        // Decode the KDC_REP PDU
        try
        {
            kdcRepDecoder.decode( asRepContainer.getStream(), kdcRepContainer );
        }
        catch ( DecoderException de )
        {
            throw de;
        }

        // Update the expected length for the current TLV
        tlv.setExpectedLength( tlv.getExpectedLength() - tlv.getLength() );

        // Update the parent
        asRepContainer.updateParent();

        if ( asRep.getMessageType() != KerberosMessageType.AS_REP )
        {
            throw new DecoderException( "Bad message type" );
        }

        asRepContainer.setAsRep( asRep );
View Full Code Here
62
63
64
65
66
67
68
69
70
71
72
73
74
75
        KerberosMessageContainer kerberosMessageContainer = new KerberosMessageContainer();
        kerberosMessageContainer.setStream( repData );
        kerberosMessageContainer.setGathering( true );
        kerberosMessageContainer.setTCP( false );

        AsRep asReply = ( AsRep ) KerberosDecoder.decode( kerberosMessageContainer, new Asn1Decoder() );

        System.out.println( asReply );
        byte[] decryptedEncAsRepPart = cipherTextHandler.decrypt( clientKey, asReply.getEncPart(), KeyUsage.AS_REP_ENC_PART_WITH_CKEY );
        byte[] tmp = new byte[182];
        System.arraycopy( decryptedEncAsRepPart, 0, tmp, 0, 182 );
        EncAsRepPart encAsRepPart = KerberosDecoder.decodeEncAsRepPart( tmp );
        sessionKey = encAsRepPart.getEncKdcRepPart().getKey();
    }
View Full Code Here
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
                // We have an error
                LOG.debug( "Authentication failed : {}", kdcRep );
                throw new KerberosException( ( KrbError ) kdcRep );
            }

            AsRep rep = ( AsRep ) kdcRep;
           
            if ( !cName.getNameString().equals( rep.getCName().getNameString() ) )
            {
                throw new KerberosException( ErrorType.KDC_ERR_CLIENT_NAME_MISMATCH );
            }
           
            if ( !realm.equals( rep.getCRealm() ) )
            {
                throw new KerberosException( ErrorType.KRB_ERR_WRONG_REALM );
            }
           
            if ( encryptionType != rep.getEncPart().getEType() )
            {
                encryptionType = rep.getEncPart().getEType();
                clientKey = KerberosKeyFactory.string2Key( clientTgtReq.getClientPrincipal(), clientTgtReq.getPassword(), encryptionType );
            }
           
            byte[] decryptedEncAsRepPart = cipherTextHandler.decrypt( clientKey, rep.getEncPart(), KeyUsage.AS_REP_ENC_PART_WITH_CKEY );
           
            EncKdcRepPart encKdcRepPart = null;
            try
            {
                EncAsRepPart encAsRepPart = KerberosDecoder.decodeEncAsRepPart( decryptedEncAsRepPart );
                encKdcRepPart = encAsRepPart.getEncKdcRepPart();
            }
            catch( KerberosException e )
            {
                LOG.info("Trying an encTgsRepPart instead");
                EncTgsRepPart encTgsRepPart = KerberosDecoder.decodeEncTgsRepPart( decryptedEncAsRepPart );
                encKdcRepPart = encTgsRepPart.getEncKdcRepPart();
            }
           
            if ( currentNonce != encKdcRepPart.getNonce() )
            {
                throw new KerberosException( ErrorType.KRB_ERR_GENERIC, "received nonce didn't match with the nonce sent in the request" );
            }
                      
            if ( !encKdcRepPart.getSName().getNameString().equals( clientTgtReq.getSName() ) )
            {
                throw new KerberosException( ErrorType.KDC_ERR_SERVER_NOMATCH );
            }
           
            if ( !encKdcRepPart.getSRealm().equals( clientTgtReq.getRealm() ) )
            {
                throw new KerberosException( ErrorType.KRB_ERR_GENERIC, "received server realm does not match with requested server realm" );
            }
           
            List<HostAddress> hosts = clientTgtReq.getHostAddresses();
           
            if( !hosts.isEmpty() )
            {
                HostAddresses addresses = encKdcRepPart.getClientAddresses();
                for( HostAddress h : hosts )
                {
                    if ( !addresses.contains( h ) )
                    {
                        throw new KerberosException( ErrorType.KRB_ERR_GENERIC, "requested client address" + h + " is not found in the ticket" );
                    }
                }
            }
           
            // Everything is fine, return the response
            LOG.debug( "Authentication successful : {}", kdcRep );
           
            TgTicket tgTicket = new TgTicket( rep.getTicket(), encKdcRepPart, rep.getCName().getNameString() );
           
            return tgTicket;
        }
        catch( KerberosException ke )
        {
View Full Code Here
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
    {
        LOG_KRB.debug( "--> Building reply" );
        KdcReq request = authContext.getRequest();
        Ticket ticket = authContext.getTicket();

        AsRep reply = new AsRep();

        reply.setCName( request.getKdcReqBody().getCName() );
        reply.setCRealm( request.getKdcReqBody().getRealm() );
        reply.setTicket( ticket );

        EncKdcRepPart encKdcRepPart = new EncKdcRepPart();
        //session key
        encKdcRepPart.setKey( ticket.getEncTicketPart().getKey() );

        // TODO - fetch lastReq for this client; requires store
        // FIXME temporary fix, IMO we should create some new ATs to store this info in DIT
        LastReq lastReq = new LastReq();
        lastReq.addEntry( new LastReqEntry( LastReqType.TIME_OF_INITIAL_REQ, new KerberosTime() ) );
        encKdcRepPart.setLastReq( lastReq );
        // TODO - resp.key-expiration := client.expiration; requires store

        encKdcRepPart.setNonce( request.getKdcReqBody().getNonce() );

        encKdcRepPart.setFlags( ticket.getEncTicketPart().getFlags() );
        encKdcRepPart.setAuthTime( ticket.getEncTicketPart().getAuthTime() );
        encKdcRepPart.setStartTime( ticket.getEncTicketPart().getStartTime() );
        encKdcRepPart.setEndTime( ticket.getEncTicketPart().getEndTime() );

        if ( ticket.getEncTicketPart().getFlags().isRenewable() )
        {
            encKdcRepPart.setRenewTill( ticket.getEncTicketPart().getRenewTill() );
        }

        encKdcRepPart.setSName( ticket.getSName() );
        encKdcRepPart.setSRealm( ticket.getRealm() );
        encKdcRepPart.setClientAddresses( ticket.getEncTicketPart().getClientAddresses() );

        EncAsRepPart encAsRepPart = new EncAsRepPart();
        encAsRepPart.setEncKdcRepPart( encKdcRepPart );

        if ( LOG_KRB.isDebugEnabled() )
        {
            monitorContext( authContext );
            monitorReply( reply, encKdcRepPart );
        }

        EncryptionKey clientKey = authContext.getClientKey();
        EncryptedData encryptedData = cipherTextHandler.seal( clientKey, encAsRepPart,
            KeyUsage.AS_REP_ENC_PART_WITH_CKEY );
        reply.setEncPart( encryptedData );
        //FIXME the below setter is useless, remove it
        reply.setEncKdcRepPart( encKdcRepPart );

        authContext.setReply( reply );
    }
View Full Code Here
229
230
231
232
233
234
235
236
237
238
239
        stream.flip();

        // Allocate a KdcRep Container
        KdcRepContainer kdcRepContainer = new KdcRepContainer( stream );
        kdcRepContainer.setKdcRep( new AsRep() );

        // Decode the KdcRep PDU
        try
        {
            kerberosDecoder.decode( stream, kdcRepContainer );
View Full Code Here
835
836
837
838
839
840
841
842
843
844
845
        handler.messageReceived( session, message );

        Object msg = session.getMessage();
        assertEquals( "session.getMessage() instanceOf", AsRep.class, msg.getClass() );
        AsRep reply = ( AsRep ) msg;

        KerberosTime expectedEndTime = new KerberosTime( now + KerberosTime.DAY );
        boolean isClose = Math.abs( reply.getEndTime().getTime() - expectedEndTime.getTime() ) < 5000;
        assertTrue( "Expected end time", isClose );
    }
View Full Code Here
882
883
884
885
886
887
888
889
890
891
892
893
        handler.messageReceived( session, message );

        Object msg = session.getMessage();
        assertEquals( "session.getMessage() instanceOf", AsRep.class, msg.getClass() );
        AsRep reply = ( AsRep ) msg;

        long now = System.currentTimeMillis();
        KerberosTime expectedEndTime = new KerberosTime( now + KerberosTime.DAY );
        boolean isClose = Math.abs( reply.getEndTime().getTime() - expectedEndTime.getTime() ) < 5000;
        assertTrue( "Expected end time", isClose );
    }
View Full Code Here
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
        handler.messageReceived( session, message );

        Object msg = session.getMessage();
        assertEquals( "session.getMessage() instanceOf", AsRep.class, msg.getClass() );
        AsRep reply = ( AsRep ) msg;

        assertTrue( "INITIAL flag", reply.getFlags().isInitial() );
        assertFalse( "INVALID flag", reply.getFlags().isInvalid() );

        assertTrue( "INITIAL flag", reply.getTicket().getEncTicketPart().getFlags().isInitial() );
        assertFalse( "INVALID flag", reply.getTicket().getEncTicketPart().getFlags().isInvalid() );

        assertEquals( "Service principal name", "ldap/ldap.example.com", reply.getSName().getNameString() );
        assertEquals( "Service principal name", "ldap/ldap.example.com", reply.getTicket().getSName().getNameString() );
    }
View Full Code Here
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
        handler.messageReceived( session, message );

        Object msg = session.getMessage();
        assertEquals( "session.getMessage() instanceOf", AsRep.class, msg.getClass() );
        AsRep reply = ( AsRep ) msg;

        KerberosTime expectedEndTime = new KerberosTime( now + KerberosTime.DAY );
        boolean isClose = Math.abs( reply.getEndTime().getTime() - expectedEndTime.getTime() ) < 5000;
        assertTrue( "Expected end time", isClose );

        assertTrue( "RENEWABLE flag", reply.getFlags().isRenewable() );
        assertFalse( "INVALID flag", reply.getFlags().isInvalid() );

        KerberosTime expectedRenewTillTime = new KerberosTime( now + KerberosTime.WEEK );
        isClose = Math.abs( reply.getRenewTill().getTime() - expectedRenewTillTime.getTime() ) < 5000;
        assertTrue( "Expected renew-till time", isClose );
    }
View Full Code Here
TOP

Related Classes of org.apache.directory.shared.kerberos.messages.AsRep

  • org.apache.directory.kerberos.client.KdcConnection
  • org.apache.directory.kerberos.client.KerberosConnection
  • org.apache.directory.kerberos.client.KpasswdDecode
  • org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService
  • org.apache.directory.server.kerberos.protocol.AuthenticationEncryptionTypeTest
  • org.apache.directory.server.kerberos.protocol.AuthenticationServiceTest
  • org.apache.directory.shared.kerberos.codec.asRep.actions.StoreKdcRep
  • org.apache.directory.shared.kerberos.codec.AsRepDecoderTest
  • org.apache.directory.shared.kerberos.codec.KdcRepDecoderTest
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.