public void refresh() throws RefreshFailedException {
checkState();
if (!flags[RENEWABLE]) {
throw new RefreshFailedException(Messages.getString("auth.44")); // $NON-NLS-1$
}
if (System.currentTimeMillis() > this.renewTill.getTime()) {
throw new RefreshFailedException(Messages.getString("auth.45")); // $NON-NLS-1$
}
try {
KrbClient.doTGS();
} catch (KerberosException e) {
throw new RefreshFailedException(e.getMessage());
}
}
public ACTION checkLogin() throws LoginException {
switch (phase) {
case uninitialized:
throw new LoginException(Messages.getString("auth.60"));
case initialized:
return ACTION.login;
default:
return ACTION.no_action;
}
}
private void writeObject(ObjectOutputStream s) throws IOException {
if (destroyed) {
throw new IOException(Messages.getString("auth.48")); // $NON-NLS-1$
}
s.defaultWriteObject();
byte[] enc = EncryptionKey.ASN1.encode(new EncryptionKey(keyType, keyBytes));
s.writeObject(enc);
}
public AppConfigurationEntry(
String loginModuleName,
AppConfigurationEntry.LoginModuleControlFlag controlFlag,
Map<String, ?> options) {
if (loginModuleName == null || loginModuleName.length() == 0) {
throw new IllegalArgumentException(Messages.getString("auth.26")); // $NON-NLS-1$
}
if (controlFlag == null) {
throw new IllegalArgumentException(Messages.getString("auth.27")); // $NON-NLS-1$
}
if (options == null) {
throw new IllegalArgumentException(Messages.getString("auth.1A")); // $NON-NLS-1$
}
this.loginModuleName = loginModuleName;
this.controlFlag = controlFlag;
this.options = Collections.unmodifiableMap(options);
}
@Override
public String toString() {
checkState();
StringBuilder sb = new StringBuilder();
sb.append("Ticket = ")
.append(Array.toString(asn1Encoding, "(hex) ") + LF); // $NON-NLS-1$ //$NON-NLS-2$
sb.append("Client Principal = ").append(client.getName() + LF); // $NON-NLS-1$
sb.append("Server Principal = ").append(server.getName() + LF); // $NON-NLS-1$
// TODO: append session key
sb.append("Session Key = ").append(sessionKey.toString() + LF); // $NON-NLS-1$
sb.append("Forwardable Ticket = ").append(flags[FORWARDABLE] + LF); // $NON-NLS-1$
sb.append("Forwarded Ticket = ").append(flags[FORWARDED] + LF); // $NON-NLS-1$
sb.append("Proxiable Ticket = ").append(flags[PROXIABLE] + LF); // $NON-NLS-1$
sb.append("Proxy Ticket = ").append(flags[PROXY] + LF); // $NON-NLS-1$
sb.append("Postdated Ticket = ").append(flags[POSTDATED] + LF); // $NON-NLS-1$
sb.append("Renewable Ticket = ").append(flags[RENEWABLE] + LF); // $NON-NLS-1$
sb.append("Initial Ticket = ").append(flags[INITIAL] + LF); // $NON-NLS-1$
sb.append("Auth Time = ").append(this.authTime.toString() + LF); // $NON-NLS-1$
sb.append("Start Time = ").append(this.startTime.toString() + LF); // $NON-NLS-1$
sb.append("End Time = ").append(this.endTime.toString() + LF); // $NON-NLS-1$
sb.append("Renew Till = ").append(this.renewTill.toString() + LF); // $NON-NLS-1$
sb.append("Client Addresses "); // $NON-NLS-1$
if (clientAddresses != null) {
for (int i = 0; i < clientAddresses.length; i++) {
if (clientAddresses[i] == null) {
throw new NullPointerException(Messages.getString("auth.46")); // $NON-NLS-1$
}
sb.append("clientAddresses[" + i + "] = ")
.append(
clientAddresses[i].toString()
+ LF
+ "\t\t"); //$NON-NLS-1$ //$NON-NLS-2$ //$NON-NLS-3$
}
} else {
sb.append("null"); // $NON-NLS-1$
}
return sb.toString();
}
/** if a key is destroyed then IllegalStateException should be thrown */
private void checkState() {
if (destroyed) {
throw new IllegalStateException(Messages.getString("auth.48")); // $NON-NLS-1$
}
}
/**
* creates a secret key from a given password
*
* @param principal
* @param password
* @param algorithm
*/
public KeyImpl(KerberosPrincipal principal, char[] password, String algorithm) {
//
// See http://www.ietf.org/rfc/rfc3961.txt for algorithm description
//
if (principal == null || password == null) {
throw new NullPointerException();
}
if (algorithm != null && "DES".compareTo(algorithm) != 0) { // $NON-NLS-1$
throw new IllegalArgumentException(Messages.getString("auth.49")); // $NON-NLS-1$
}
keyType = 3; // DES algorithm
keyBytes = new byte[8];
String realm = principal.getRealm();
String pname = principal.getName();
StringBuilder buf = new StringBuilder();
buf.append(password);
buf.append(realm);
buf.append(pname.substring(0, pname.length() - realm.length() - 1));
byte[] tmp = org.apache.harmony.luni.util.Util.getUTF8Bytes(buf.toString());
// pad with 0x00 to 8 byte boundary
byte[] raw = new byte[tmp.length + ((tmp.length % 8) == 0 ? 0 : (8 - tmp.length % 8))];
System.arraycopy(tmp, 0, raw, 0, tmp.length);
long k1, k2 = 0;
boolean isOdd = false;
// for each 8-byte block in raw byte array
for (int i = 0; i < raw.length; i = i + 8, isOdd = !isOdd) {
k1 = 0;
if (isOdd) {
// reverse
for (int j = 7; j > -1; j--) {
k1 = (k1 << 7) + REVERSE[raw[i + j] & 0x7F];
}
} else {
for (int j = 0; j < 8; j++) {
k1 = (k1 << 7) + (raw[i + j] & 0x7F);
}
}
k2 = k2 ^ k1;
}
// 56-bit long to byte array (8 bytes)
for (int i = 7; i > -1; i--) {
keyBytes[i] = (byte) k2;
keyBytes[i] = (byte) (keyBytes[i] << 1);
k2 = k2 >> 7;
}
keyCorrection(keyBytes);
// calculate DES-CBC check sum
try {
Cipher cipher = Cipher.getInstance("DES/CBC/NoPadding"); // $NON-NLS-1$
// use tmp key as IV
IvParameterSpec IV = new IvParameterSpec(keyBytes);
// do DES encryption
SecretKey secretKey = new SecretKeySpec(keyBytes, "DES"); // $NON-NLS-1$
cipher.init(Cipher.ENCRYPT_MODE, secretKey, IV);
byte[] enc = cipher.doFinal(raw);
// final last block is check sum
System.arraycopy(enc, enc.length - 8, keyBytes, 0, 8);
keyCorrection(keyBytes);
} catch (Exception e) {
throw new RuntimeException(Messages.getString("auth.4A"), e); // $NON-NLS-1$
}
}
public KerberosTicket(
byte[] asn1Encoding,
KerberosPrincipal client,
KerberosPrincipal server,
byte[] keyBytes,
int keyType,
boolean[] flags,
Date authTime,
Date startTime,
Date endTime,
Date renewTill,
InetAddress[] clientAddresses) {
if (asn1Encoding == null) {
throw new IllegalArgumentException(Messages.getString("auth.3B")); // $NON-NLS-1$
}
if (client == null) {
throw new IllegalArgumentException(Messages.getString("auth.3C")); // $NON-NLS-1$
}
if (server == null) {
throw new IllegalArgumentException(Messages.getString("auth.3D")); // $NON-NLS-1$
}
if (keyBytes == null) {
throw new IllegalArgumentException(Messages.getString("auth.3E")); // $NON-NLS-1$
}
if (authTime == null) {
throw new IllegalArgumentException(Messages.getString("auth.3F")); // $NON-NLS-1$
}
if (endTime == null) {
throw new IllegalArgumentException(Messages.getString("auth.40")); // $NON-NLS-1$
}
this.asn1Encoding = new byte[asn1Encoding.length];
System.arraycopy(asn1Encoding, 0, this.asn1Encoding, 0, this.asn1Encoding.length);
this.client = client;
this.server = server;
this.sessionKey = new KeyImpl(keyBytes, keyType);
if (flags == null) {
this.flags = new boolean[FLAGS_NUM];
} else if (flags.length > FLAGS_NUM) {
this.flags = new boolean[flags.length];
System.arraycopy(flags, 0, this.flags, 0, this.flags.length);
} else {
this.flags = new boolean[FLAGS_NUM];
System.arraycopy(flags, 0, this.flags, 0, flags.length);
}
if (this.flags[RENEWABLE] && renewTill == null) {
throw new IllegalArgumentException(Messages.getString("auth.41")); // $NON-NLS-1$
}
this.renewTill = renewTill;
if (startTime != null) {
this.startTime = startTime;
} else {
this.startTime = authTime;
}
if (this.startTime.getTime() > endTime.getTime()) {
// TODO: make correct description of the exception
throw new IllegalArgumentException(Messages.getString("auth.42")); // $NON-NLS-1$
}
this.authTime = authTime;
this.endTime = endTime;
if (clientAddresses != null) {
this.clientAddresses = new InetAddress[clientAddresses.length];
System.arraycopy(clientAddresses, 0, this.clientAddresses, 0, this.clientAddresses.length);
}
}
/**
* Creates the object using a String representation of gid.
*
* @param gid string representation of gid
* @param primary shows whether the group is primary throws NullPointerException if gid is null
*/
public UnixNumericGroupPrincipal(String gid, boolean primary) {
if (gid == null) {
throw new NullPointerException(Messages.getString("auth.07")); // $NON-NLS-1$
}
this.gid = Long.parseLong(gid);
}
