Package org.apache.directory.shared.kerberos.messages

Examples of org.apache.directory.shared.kerberos.messages.Authenticator

402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
        String serverPrincipal = srvTktReq.getServerPrincipal();
       
        // session key
        EncryptionKey sessionKey = srvTktReq.getTgt().getSessionKey();
       
        Authenticator authenticator = new Authenticator();
       
        try
        {
            authenticator.setCName( new PrincipalName( srvTktReq.getTgt().getClientName(), PrincipalNameType.KRB_NT_PRINCIPAL ) );
        }
        catch( ParseException e )
        {
            throw new IllegalArgumentException( "Couldn't parse the given principal", e );
        }
       
        authenticator.setCRealm( srvTktReq.getTgt().getRealm() );
        authenticator.setCTime( new KerberosTime() );
        authenticator.setCusec( 0 );

        if( srvTktReq.getSubSessionKey() != null )
        {
            sessionKey = srvTktReq.getSubSessionKey();
            authenticator.setSubKey( sessionKey );
        }
       
        EncryptedData authnData = cipherTextHandler.encrypt( sessionKey, getEncoded( authenticator ), KeyUsage.TGS_REQ_PA_TGS_REQ_PADATA_AP_REQ_TGS_SESS_KEY );
       
        ApReq apReq = new ApReq();
View Full Code Here
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
            ApReq apReq = new ApReq();
            ApOptions options = new ApOptions();
            apReq.setApOptions( options );
            apReq.setTicket( tgt.getTicket() );
           
            Authenticator authenticator = new Authenticator();
            authenticator.setCName( new PrincipalName( tgt.getClientName(), PrincipalNameType.KRB_NT_PRINCIPAL ) );
            authenticator.setCRealm( tgt.getRealm() );
            KerberosTime ctime = new KerberosTime();
            authenticator.setCTime( ctime );
            authenticator.setCusec( 0 );
            authenticator.setSeqNumber( nonceGenerator.nextInt() );
           
            EncryptionKey subKey = RandomKeyFactory.getRandomKey( tgt.getEncKdcRepPart().getKey().getKeyType() );
           
            authenticator.setSubKey( subKey );
           
            EncryptedData authData = cipherTextHandler.encrypt( tgt.getSessionKey(), getEncoded( authenticator ), KeyUsage.AP_REQ_AUTHNT_SESS_KEY );
            apReq.setAuthenticator( authData );
           
           
            KrbPriv privateMessage = new KrbPriv();
           
            EncKrbPrivPart part = new EncKrbPrivPart();
            part.setSenderAddress( new HostAddress( InetAddress.getLocalHost() ) );
            part.setSeqNumber( authenticator.getSeqNumber() );
            part.setTimestamp( authenticator.getCtime() );

            short changePwdPVNO = ChangePasswordRequest.PVNO;
           
            if( config.isUseLegacyChngPwdProtocol() )
            {
View Full Code Here
269
270
271
272
273
274
275
276
277
278
279
        ReplayCache replayCache = tgsContext.getReplayCache();
        boolean emptyAddressesAllowed = tgsContext.getConfig().isEmptyAddressesAllowed();
        InetAddress clientAddress = tgsContext.getClientAddress();
        CipherTextHandler cipherTextHandler = tgsContext.getCipherTextHandler();

        Authenticator authenticator = KerberosUtils.verifyAuthHeader( authHeader, tgt, serverKey, clockSkew,
            replayCache,
            emptyAddressesAllowed, clientAddress, cipherTextHandler,
            KeyUsage.TGS_REQ_PA_TGS_REQ_PADATA_AP_REQ_TGS_SESS_KEY, isValidate );

        tgsContext.setAuthenticator( authenticator );
View Full Code Here
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
    private static void generateTicket( TicketGrantingContext tgsContext ) throws KerberosException,
        InvalidTicketException
    {
        KdcReq request = tgsContext.getRequest();
        Ticket tgt = tgsContext.getTgt();
        Authenticator authenticator = tgsContext.getAuthenticator();
        CipherTextHandler cipherTextHandler = tgsContext.getCipherTextHandler();
        KerberosPrincipal ticketPrincipal = KerberosUtils.getKerberosPrincipal(
            request.getKdcReqBody().getSName(), request.getKdcReqBody().getRealm() );

        EncryptionType encryptionType = tgsContext.getEncryptionType();
        EncryptionKey serverKey = tgsContext.getRequestPrincipalEntry().getKeyMap().get( encryptionType );

        KerberosConfig config = tgsContext.getConfig();

        tgsContext.getRequest().getKdcReqBody().getAdditionalTickets();

        EncTicketPart newTicketPart = new EncTicketPart();

        newTicketPart.setClientAddresses( tgt.getEncTicketPart().getClientAddresses() );

        processFlags( config, request, tgt, newTicketPart );

        EncryptionKey sessionKey = RandomKeyFactory.getRandomKey( tgsContext.getEncryptionType() );
        newTicketPart.setKey( sessionKey );

        newTicketPart.setCName( tgt.getEncTicketPart().getCName() );
        newTicketPart.setCRealm( tgt.getEncTicketPart().getCRealm() );

        if ( request.getKdcReqBody().getEncAuthorizationData() != null )
        {
            byte[] authorizationData = cipherTextHandler.decrypt( authenticator.getSubKey(), request.getKdcReqBody()
                .getEncAuthorizationData(), KeyUsage.TGS_REQ_KDC_REQ_BODY_AUTHZ_DATA_ENC_WITH_TGS_SESS_KEY );
            AuthorizationData authData = KerberosDecoder.decodeAuthorizationData( authorizationData );
            authData.addEntry( tgt.getEncTicketPart().getAuthorizationData().getCurrentAD() );
            newTicketPart.setAuthorizationData( authData );
        }
View Full Code Here
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
        }

        EncTgsRepPart encTgsRepPart = new EncTgsRepPart();
        encTgsRepPart.setEncKdcRepPart( encKdcRepPart );

        Authenticator authenticator = tgsContext.getAuthenticator();

        EncryptedData encryptedData;

        if ( authenticator.getSubKey() != null )
        {
            encryptedData = cipherTextHandler.seal( authenticator.getSubKey(), encTgsRepPart,
                KeyUsage.TGS_REP_ENC_PART_TGS_AUTHNT_SUB_KEY );
        }
        else
        {
            encryptedData = cipherTextHandler.seal( tgt.getEncTicketPart().getKey(), encTgsRepPart,
View Full Code Here
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
        catch ( DecoderException de )
        {
            fail( de.getMessage() );
        }

        Authenticator authenticator = ( ( AuthenticatorContainer ) authenticatorContainer ).getAuthenticator();

        // Check the encoding
        int length = authenticator.computeLength();

        // Check the length
        assertEquals( 0x95, length );

        // Check the encoding
        ByteBuffer encodedPdu = ByteBuffer.allocate( length );

        try
        {
            encodedPdu = authenticator.encode( encodedPdu );

            // Check the length
            assertEquals( 0x95, encodedPdu.limit() );
            assertEquals( decodedPdu, Strings.dumpBytes( encodedPdu.array() ) );
        }
View Full Code Here
491
492
493
494
495
496
497
498
499
        {
            throw new KerberosException( ErrorType.KRB_AP_ERR_BAD_INTEGRITY, de );
        }

        // get the decoded Authenticator
        Authenticator authenticator = ( ( AuthenticatorContainer ) authenticatorContainer ).getAuthenticator();

        return authenticator;
    }
View Full Code Here
262
263
264
265
266
267
268
269
270
271
        ReplayCache replayCache = tgsContext.getConfig().getReplayCache();
        boolean emptyAddressesAllowed = tgsContext.getConfig().isEmptyAddressesAllowed();
        InetAddress clientAddress = tgsContext.getClientAddress();
        CipherTextHandler cipherTextHandler = tgsContext.getCipherTextHandler();

        Authenticator authenticator = verifyAuthHeader( authHeader, tgt, serverKey, clockSkew, replayCache,
            emptyAddressesAllowed, clientAddress, cipherTextHandler, KeyUsage.TGS_REQ_PA_TGS_REQ_PADATA_AP_REQ_TGS_SESS_KEY, isValidate );

        tgsContext.setAuthenticator( authenticator );
    }
View Full Code Here
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
   
    private static void generateTicket( TicketGrantingContext tgsContext ) throws KerberosException, InvalidTicketException
    {
        KdcReq request = tgsContext.getRequest();
        Ticket tgt = tgsContext.getTgt();
        Authenticator authenticator = tgsContext.getAuthenticator();
        CipherTextHandler cipherTextHandler = tgsContext.getCipherTextHandler();
        KerberosPrincipal ticketPrincipal = KerberosUtils.getKerberosPrincipal(
            request.getKdcReqBody().getSName(), request.getKdcReqBody().getRealm() );

        EncryptionType encryptionType = tgsContext.getEncryptionType();
        EncryptionKey serverKey = tgsContext.getRequestPrincipalEntry().getKeyMap().get( encryptionType );

        KdcServer config = tgsContext.getConfig();

        EncTicketPart newTicketPart = new EncTicketPart();

        newTicketPart.setClientAddresses( tgt.getEncTicketPart().getClientAddresses() );

        processFlags( config, request, tgt, newTicketPart );

        EncryptionKey sessionKey = RandomKeyFactory.getRandomKey( tgsContext.getEncryptionType() );
        newTicketPart.setKey( sessionKey );

        newTicketPart.setCName( tgt.getEncTicketPart().getCName() );
        newTicketPart.setCRealm( tgt.getEncTicketPart().getCRealm() );

        if ( request.getKdcReqBody().getEncAuthorizationData() != null )
        {
            byte[] authorizationData = cipherTextHandler.decrypt( authenticator.getSubKey(), request.getKdcReqBody().getEncAuthorizationData(), KeyUsage.TGS_REQ_KDC_REQ_BODY_AUTHZ_DATA_ENC_WITH_TGS_SESS_KEY );
            AuthorizationData authData = KerberosDecoder.decodeAuthorizationData( authorizationData );
            authData.addEntry( tgt.getEncTicketPart().getAuthorizationData().getCurrentAD() );
            newTicketPart.setAuthorizationData( authData );
        }
View Full Code Here
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
        }

        EncTgsRepPart encTgsRepPart = new EncTgsRepPart();
        encTgsRepPart.setEncKdcRepPart( encKdcRepPart );
       
        Authenticator authenticator = tgsContext.getAuthenticator();
       
        EncryptedData encryptedData;
       
        if ( authenticator.getSubKey() != null )
        {
            encryptedData = cipherTextHandler.seal( authenticator.getSubKey(), encTgsRepPart, KeyUsage.TGS_REP_ENC_PART_TGS_AUTHNT_SUB_KEY );
        }
        else
        {
            encryptedData = cipherTextHandler.seal( tgt.getEncTicketPart().getKey(), encTgsRepPart, KeyUsage.TGS_REP_ENC_PART_TGS_SESS_KEY );
        }
View Full Code Here
TOP

Related Classes of org.apache.directory.shared.kerberos.messages.Authenticator

  • org.apache.directory.kerberos.client.KdcConnection
  • org.apache.directory.kerberos.client.KpasswdDecode
  • org.apache.directory.server.changepw.protocol.ChangepwProtocolHandlerTest
  • org.apache.directory.server.changepw.service.ChangePasswordService
  • org.apache.directory.server.changepw.service.CheckPasswordPolicy
  • org.apache.directory.server.kerberos.changepwd.service.ChangePasswordService
  • org.apache.directory.server.kerberos.kdc.ticketgrant.TicketGrantingService
  • org.apache.directory.server.kerberos.protocol.AbstractTicketGrantingServiceTest
  • org.apache.directory.server.kerberos.protocol.codec.KerberosDecoder
  • org.apache.directory.server.kerberos.protocol.KerberosDecoder
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.