Package org.apache.harmony.auth.internal.kerberos.v5

Examples of org.apache.harmony.auth.internal.kerberos.v5.EncryptedData

81
82
83
84
85
86
87
                realm = KrbClient.getRealm();
            } catch (KerberosException e) {
                throw new IllegalArgumentException(e);
            }
        }
        this.name = new PrincipalName(type, name);
    }
View Full Code Here
87
88
89
90
91
92
93
94
95
96
97
        PrincipalName krbtgt = new PrincipalName(PrincipalName.NT_SRV_XHST, new String[] {
                "krbtgt", realm }); //$NON-NLS-1$

        try {
            Ticket ticket = KrbClient.doAS(InetAddress.getByName(kdc), port, cname, realm,
                    krbtgt);

            return true; //FIXME
        } catch (Exception e) {
            LoginException ex = new LoginException();
View Full Code Here
37
38
39
40
41
42
43
44
45
46
47
48
49
50
        assertEquals("crealm", "MY.REALM", reply.getCrealm());
        assertEquals("cname", new PrincipalName(1, new String[] { "me" }),
                reply.getCname());

        // ticket
        Ticket ticket = reply.getTicket();
        assertEquals("ticket's realm", "MY.REALM", ticket.getRealm());
        assertEquals("ticket's sname", new PrincipalName(0, new String[] {
                "krbtgt", "MY.REALM" }), ticket.getSname());
       
        // enc-part
        EncryptedData encPart = reply.getEncPart();
        assertEquals("etype", 3, encPart.getEtype());
        assertEquals("kvno", 1, encPart.getKvno());
View Full Code Here
75
76
77
78
79
80
81
82
83
84
85
86
87
        this.protocolVersion = protocolVersion;
        preMaster = generatePreMaster(generator, protocolVersion);

        // Encrypt premaster secret
        try {
            EncryptedData eData = new EncryptedData(sessionKey, preMaster,
                KeyUsage.KU_UNKNOWN);
            encrypted = eData.getBytes()// not ASN.1 encoded.

        } catch (KrbException e) {
            throw (SSLKeyException)new SSLKeyException
                ("Kerberos premaster secret error").initCause(e);
        }
View Full Code Here
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
               "are not supported for TLS Kerberos cipher suites");
        }

         // Decrypt premaster secret
         try {
            EncryptedData data = new EncryptedData(sessionKey.getEType(),
                        null /* optional kvno */, encrypted);

            byte[] temp = data.decrypt(sessionKey, KeyUsage.KU_UNKNOWN);
            if (HandshakeMessage.debug != null && Debug.isOn("handshake")) {
                 if (encrypted != null) {
                     Debug.println(System.out,
                         "decrypted premaster secret", temp);
                 }
            }

            // Reset data stream after decryption, remove redundant bytes
            preMaster =  data.reset(temp, false);

            protocolVersion = ProtocolVersion.valueOf(preMaster[0],
                 preMaster[1]);
            if (HandshakeMessage.debug != null && Debug.isOn("handshake")) {
                 System.out.println("Kerberos PreMasterSecret version: "
View Full Code Here
80
81
82
83
84
85
86
87
88
89
90
91
92
        this.protocolVersion = protocolVersion;
        preMaster = generatePreMaster(generator, protocolVersion);

        // Encrypt premaster secret
        try {
            EncryptedData eData = new EncryptedData(sessionKey, preMaster,
                KeyUsage.KU_UNKNOWN);
            encrypted = eData.getBytes()// not ASN.1 encoded.

        } catch (KrbException e) {
            throw (SSLKeyException)new SSLKeyException
                ("Kerberos premaster secret error").initCause(e);
        }
View Full Code Here
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
               "are not supported for TLS Kerberos cipher suites");
        }

        // Decrypt premaster secret
        try {
            EncryptedData data = new EncryptedData(sessionKey.getEType(),
                        null /* optional kvno */, encrypted);

            byte[] temp = data.decrypt(sessionKey, KeyUsage.KU_UNKNOWN);
            if (HandshakeMessage.debug != null && Debug.isOn("handshake")) {
                 if (encrypted != null) {
                     Debug.println(System.out,
                         "decrypted premaster secret", temp);
                 }
            }

            // Remove padding bytes after decryption. Only DES and DES3 have
            // paddings and we don't support DES3 in TLS (see above)

            if (temp.length == 52 &&
                    data.getEType() == EncryptedData.ETYPE_DES_CBC_CRC) {
                // For des-cbc-crc, 4 paddings. Value can be 0x04 or 0x00.
                if (paddingByteIs(temp, 52, (byte)4) ||
                        paddingByteIs(temp, 52, (byte)0)) {
                    temp = Arrays.copyOf(temp, 48);
                }
            } else if (temp.length == 56 &&
                    data.getEType() == EncryptedData.ETYPE_DES_CBC_MD5) {
                // For des-cbc-md5, 8 paddings with 0x08, or no padding
                if (paddingByteIs(temp, 56, (byte)8)) {
                    temp = Arrays.copyOf(temp, 48);
                }
            }
View Full Code Here
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
        EncryptionKey sessionKey = null;

        try {
            Ticket t = new Ticket(encodedTicket);

            EncryptedData encPart = t.encPart;
            PrincipalName ticketSname = t.sname;
            Realm ticketRealm = t.realm;

            String serverPrincipal = serverKeys[0].getPrincipal().getName();

            /*
             * permission to access and use the secret key of the Kerberized
             * "host" service is done in ServerHandshaker.getKerberosKeys()
             * to ensure server has the permission to use the secret key
             * before promising the client
             */

            // Check that ticket Sname matches serverPrincipal
            String ticketPrinc = ticketSname.toString().concat("@" +
                                        ticketRealm.toString());
            if (!ticketPrinc.equals(serverPrincipal)) {
                if (debug != null && Debug.isOn("handshake"))
                   System.out.println("Service principal in Ticket does not"
                        + " match associated principal in KerberosKey");
                throw new IOException("Server principal is " +
                    serverPrincipal + " but ticket is for " +
                    ticketPrinc);
            }

            // See if we have the right key to decrypt the ticket to get
            // the session key.
            int encPartKeyType = encPart.getEType();
            Integer encPartKeyVersion = encPart.getKeyVersionNumber();
            KerberosKey dkey = null;
            try {
                dkey = findKey(encPartKeyType, encPartKeyVersion, serverKeys);
            } catch (KrbException ke) { // a kvno mismatch
                throw new IOException(
                        "Cannot find key matching version number", ke);
            }
            if (dkey == null) {
                // %%% Should print string repr of etype
                throw new IOException(
        "Cannot find key of appropriate type to decrypt ticket - need etype " +
                                   encPartKeyType);
            }

            EncryptionKey secretKey = new EncryptionKey(
                encPartKeyType,
                dkey.getEncoded());

            // Decrypt encPart using server's secret key
            byte[] bytes = encPart.decrypt(secretKey, KeyUsage.KU_TICKET);

            // Reset data stream after decryption, remove redundant bytes
            byte[] temp = encPart.reset(bytes);
            EncTicketPart encTicketPart = new EncTicketPart(temp);

            // Record the Kerberos Principals
            peerPrincipal =
                new KerberosPrincipal(encTicketPart.cname.getName());
View Full Code Here
TOP

Related Classes of org.apache.harmony.auth.internal.kerberos.v5.EncryptedData

  • codec.asn1.ASN1Integer
  • codec.asn1.ASN1ObjectIdentifier
  • codec.pkcs12.AuthenticatedSafe
  • org.apache.harmony.auth.module.Krb5LoginModule
  • org.apache.harmony.auth.tests.internal.kerberos.v5.KDCReplyTest
  • org.apache.harmony.auth.tests.internal.kerberos.v5.KerberosErrorMessageTest
  • org.apache.harmony.auth.tests.internal.kerberos.v5.KrbConfigTest
  • org.apache.harmony.security.asn1.DerInputStream
  • java.io.File
  • java.io.InputStreamReader
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.