Package org.apache.directory.shared.kerberos.messages

Examples of org.apache.directory.shared.kerberos.messages.Ticket

199
200
201
202
203
204
205
206
207
208
209
    }
   
   
    private static void getServerEntry( ChangePasswordContext changepwContext ) throws KerberosException
    {
        Ticket ticket = changepwContext.getTicket();
        KerberosPrincipal principal =  KerberosUtils.getKerberosPrincipal( ticket.getSName(), ticket.getRealm() );
        PrincipalStore store = changepwContext.getStore();

        changepwContext.setServerEntry( KerberosUtils.getEntry( principal, store, ErrorType.KDC_ERR_S_PRINCIPAL_UNKNOWN ) );
    }
View Full Code Here
210
211
212
213
214
215
216
217
218
219
220
221
222
   
   
    private static void verifyServiceTicketAuthHeader( ChangePasswordContext changepwContext ) throws KerberosException
    {
        ApReq authHeader = changepwContext.getAuthHeader();
        Ticket ticket = changepwContext.getTicket();

        EncryptionType encryptionType = ticket.getEncPart().getEType();
        EncryptionKey serverKey = changepwContext.getServerEntry().getKeyMap().get( encryptionType );

        long clockSkew = changepwContext.getConfig().getAllowableClockSkew();
        ReplayCache replayCache = changepwContext.getReplayCache();
        boolean emptyAddressesAllowed = changepwContext.getConfig().isEmptyAddressesAllowed();
View Full Code Here
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
    {
        try
        {
            PrincipalStore store = changepwContext.getStore();
            ApReq authHeader = changepwContext.getAuthHeader();
            Ticket ticket = changepwContext.getTicket();
            ReplayCache replayCache = changepwContext.getReplayCache();
            long clockSkew = changepwContext.getConfig().getAllowableClockSkew();

            Authenticator authenticator = changepwContext.getAuthenticator();
            KerberosPrincipal clientPrincipal = KerberosUtils.getKerberosPrincipal(
                authenticator.getCName(), authenticator.getCRealm() );

            InetAddress clientAddress = changepwContext.getClientAddress();
            HostAddresses clientAddresses = ticket.getEncTicketPart().getClientAddresses();

            boolean caddrContainsSender = false;

            if ( ticket.getEncTicketPart().getClientAddresses() != null )
            {
                caddrContainsSender = ticket.getEncTicketPart().getClientAddresses().contains( new HostAddress( clientAddress ) );
            }

            StringBuffer sb = new StringBuffer();
            sb.append( "Monitoring context:" );
            sb.append( "\n\t" + "store                  " + store );
            sb.append( "\n\t" + "authHeader             " + authHeader );
            sb.append( "\n\t" + "ticket                 " + ticket );
            sb.append( "\n\t" + "replayCache            " + replayCache );
            sb.append( "\n\t" + "clockSkew              " + clockSkew );
            sb.append( "\n\t" + "clientPrincipal        " + clientPrincipal );
            sb.append( "\n\t" + "ChangePasswdData        " + changepwContext.getPasswordData() );
            sb.append( "\n\t" + "clientAddress          " + clientAddress );
            sb.append( "\n\t" + "clientAddresses        " + clientAddresses );
            sb.append( "\n\t" + "caddr contains sender  " + caddrContainsSender );
            sb.append( "\n\t" + "Ticket principal       " + ticket.getSName() );

            PrincipalStoreEntry ticketPrincipal = changepwContext.getServerEntry();
           
            sb.append( "\n\t" + "cn                     " + ticketPrincipal.getCommonName() );
            sb.append( "\n\t" + "realm                  " + ticketPrincipal.getRealmName() );
            sb.append( "\n\t" + "Service principal      " + ticketPrincipal.getPrincipal() );
            sb.append( "\n\t" + "SAM type               " + ticketPrincipal.getSamType() );

            EncryptionType encryptionType = ticket.getEncPart().getEType();
            int keyVersion = ticketPrincipal.getKeyMap().get( encryptionType ).getKeyVersion();
            sb.append( "\n\t" + "Ticket key type        " + encryptionType );
            sb.append( "\n\t" + "Service key version    " + keyVersion );

            LOG.debug( sb.toString() );
View Full Code Here
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
   
   
    private static void buildReply( ChangePasswordContext changepwContext ) throws KerberosException, UnknownHostException
    {
        Authenticator authenticator = changepwContext.getAuthenticator();
        Ticket ticket = changepwContext.getTicket();
        CipherTextHandler cipherTextHandler = changepwContext.getCipherTextHandler();

        // begin building reply

        // create priv message
        // user-data component is short result code
        EncKrbPrivPart privPart = new EncKrbPrivPart();
        // first two bytes are the result code, rest is the string 'Password Changed' followed by a null char
        byte[] resultCode =
            { ( byte ) 0x00, ( byte ) 0x00, (byte)0x50, (byte)0x61, (byte)0x73, (byte)0x73, (byte)0x77, (byte)0x6F, (byte)0x72, (byte)0x64, (byte)0x20, (byte)0x63, (byte)0x68, (byte)0x61, (byte)0x6E, (byte)0x67, (byte)0x65, (byte)0x64, (byte)0x00 };
        privPart.setUserData( resultCode );

        privPart.setSenderAddress( new HostAddress( InetAddress.getLocalHost() ) );

        // get the subsession key from the Authenticator
        EncryptionKey subSessionKey = authenticator.getSubKey();

        EncryptedData encPrivPart;

        try
        {
            encPrivPart = cipherTextHandler.seal( subSessionKey, privPart, KeyUsage.KRB_PRIV_ENC_PART_CHOSEN_KEY );
        }
        catch ( KerberosException ke )
        {
            throw new ChangePasswordException( ChangePasswdErrorType.KRB5_KPASSWD_SOFTERROR, ke );
        }

        KrbPriv privateMessage = new KrbPriv();
        privateMessage.setEncPart( encPrivPart );

        // Begin AP_REP generation
        EncApRepPart repPart = new EncApRepPart();
        repPart.setCTime( authenticator.getCtime() );
        repPart.setCusec( authenticator.getCusec() );
       
        if ( authenticator.getSeqNumber() != null )
        {
            repPart.setSeqNumber( authenticator.getSeqNumber() );
        }
       
        repPart.setSubkey( subSessionKey );

        EncryptedData encRepPart;

        try
        {
            encRepPart = cipherTextHandler.seal( ticket.getEncTicketPart().getKey(), repPart, KeyUsage.AP_REP_ENC_PART_SESS_KEY );
        }
        catch ( KerberosException ke )
        {
            throw new ChangePasswordException( ChangePasswdErrorType.KRB5_KPASSWD_SOFTERROR, ke );
        }
View Full Code Here
92
93
94
95
96
97
98
99
100
101
102
        // Update the parent
        apReqContainer.updateParent();

        // Store the Ticket in the container
        Ticket ticket = ticketContainer.getTicket();
        ApReq apReq = apReqContainer.getApReq();
        apReq.setTicket( ticket );

        if ( IS_DEBUG )
        {
View Full Code Here
438
439
440
441
442
443
444
445
446
        {
            throw new KerberosException( ErrorType.KRB_AP_ERR_BAD_INTEGRITY, de );
        }

        // get the decoded Ticket
        Ticket ticket = ( ( TicketContainer ) ticketContainer ).getTicket();

        return ticket;
    }
View Full Code Here
92
93
94
95
96
97
98
99
100
101
102
        // Update the parent
        kdcRepContainer.updateParent();

        // Store the Ticket in the container
        Ticket ticket = ticketContainer.getTicket();
        KdcRep kdcRep = kdcRepContainer.getKdcRep();
        kdcRep.setTicket( ticket );

        if ( IS_DEBUG )
        {
View Full Code Here
54
55
56
57
58
59
60
61
62
63
64
65
66
        KerberosPrincipal serverPrincipal = new KerberosPrincipal( "kadmin/changepw@EXAMPLE.COM" );
        String serverPassword = "s3crEt";

        EncryptionKey serverKey = ticketFactory.getServerKey( serverPrincipal, serverPassword );

        Ticket serviceTicket = ticketFactory.getTicket( clientPrincipal, serverPrincipal, serverKey );

        byte[] encodedTicket = serviceTicket.encode( null ).array();

        byte[] expectedResult = new byte[]
            {
                0x61, ( byte ) 0x81, ( byte ) 0xE7,
                0x30, ( byte ) 0x81, ( byte ) 0xE4,
View Full Code Here
139
140
141
142
143
144
145
146
147
148
149
150
151
152
        encTicketPart.setRenewTill( renewTill );

        EncryptedData encryptedTicketPart = lockBox.seal( serverKey, encTicketPart,
            KeyUsage.AS_OR_TGS_REP_TICKET_WITH_SRVKEY );

        Ticket ticket = new Ticket();
        ticket.setSName( new PrincipalName( serverPrincipal.getName(), serverPrincipal.getNameType() ) );
        ticket.setRealm( serverPrincipal.getRealm() );
        ticket.setEncPart( encryptedTicketPart );

        ticket.setEncTicketPart( encTicketPart );

        return ticket;
    }
View Full Code Here
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
        EncryptionKey serverKey ) throws KerberosException, ParseException
    {
        EncryptedData encryptedTicketPart = lockBox.seal( serverKey, encTicketPart,
            KeyUsage.AS_OR_TGS_REP_TICKET_WITH_SRVKEY );

        Ticket ticket = new Ticket();
        ticket.setTktVno( 5 );
        ticket.setSName( new PrincipalName( serverPrincipal.getName(), PrincipalNameType.KRB_NT_PRINCIPAL ) );
        ticket.setRealm( serverPrincipal.getRealm() );
        ticket.setEncPart( encryptedTicketPart );

        ticket.setEncTicketPart( encTicketPart );

        return ticket;
    }
View Full Code Here
TOP

Related Classes of org.apache.directory.shared.kerberos.messages.Ticket

  • org.apache.directory.server.changepw.protocol.ChangepwProtocolHandlerTest
  • org.apache.directory.server.changepw.service.ChangePasswordService
  • org.apache.directory.server.kerberos.changepwd.service.ChangePasswordService
  • org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService
  • org.apache.directory.server.kerberos.kdc.ticketgrant.TicketGrantingService
  • org.apache.directory.server.kerberos.protocol.AbstractTicketGrantingServiceTest
  • org.apache.directory.server.kerberos.protocol.codec.KerberosDecoder
  • org.apache.directory.server.kerberos.protocol.EncTktInSkeyTest
  • org.apache.directory.server.kerberos.protocol.KerberosDecoder
  • org.apache.directory.server.kerberos.protocol.TicketGrantingEncryptionTypeTest
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.