private Krb5InitCredential( Krb5NameElement name, byte[] asn1Encoding, KerberosPrincipal client, KerberosPrincipal server, byte[] sessionKey, int keyType, boolean[] flags, Date authTime, Date startTime, Date endTime, Date renewTill, InetAddress[] clientAddresses) throws GSSException { super( asn1Encoding, client, server, sessionKey, keyType, flags, authTime, startTime, endTime, renewTill, clientAddresses); this.name = name; try { // Cache this for later use by the sun.security.krb5 package. krb5Credentials = new Credentials( asn1Encoding, client.getName(), server.getName(), sessionKey, keyType, flags, authTime, startTime, endTime, renewTill, clientAddresses); } catch (KrbException e) { throw new GSSException(GSSException.NO_CRED, -1, e.getMessage()); } catch (IOException e) { throw new GSSException(GSSException.NO_CRED, -1, e.getMessage()); } }
/** * Constructs a KeyImpl from a password. * * @param principal the principal from which to derive the salt * @param password the password that should be used to compute the key. * @param algorithm the name for the algorithm that this key wil be used for. This parameter may * be null in which case "DES" will be assumed. */ public KeyImpl(KerberosPrincipal principal, char[] password, String algorithm) { try { PrincipalName princ = new PrincipalName(principal.getName()); EncryptionKey key = new EncryptionKey(password, princ.getSalt(), algorithm); this.keyBytes = key.getBytes(); this.keyType = key.getEType(); } catch (KrbException e) { throw new IllegalArgumentException(e.getMessage()); } }
@Override public String toString() { checkState(); StringBuilder sb = new StringBuilder(); sb.append("Ticket = ") .append(Array.toString(asn1Encoding, "(hex) ") + LF); // $NON-NLS-1$ //$NON-NLS-2$ sb.append("Client Principal = ").append(client.getName() + LF); // $NON-NLS-1$ sb.append("Server Principal = ").append(server.getName() + LF); // $NON-NLS-1$ // TODO: append session key sb.append("Session Key = ").append(sessionKey.toString() + LF); // $NON-NLS-1$ sb.append("Forwardable Ticket = ").append(flags[FORWARDABLE] + LF); // $NON-NLS-1$ sb.append("Forwarded Ticket = ").append(flags[FORWARDED] + LF); // $NON-NLS-1$ sb.append("Proxiable Ticket = ").append(flags[PROXIABLE] + LF); // $NON-NLS-1$ sb.append("Proxy Ticket = ").append(flags[PROXY] + LF); // $NON-NLS-1$ sb.append("Postdated Ticket = ").append(flags[POSTDATED] + LF); // $NON-NLS-1$ sb.append("Renewable Ticket = ").append(flags[RENEWABLE] + LF); // $NON-NLS-1$ sb.append("Initial Ticket = ").append(flags[INITIAL] + LF); // $NON-NLS-1$ sb.append("Auth Time = ").append(this.authTime.toString() + LF); // $NON-NLS-1$ sb.append("Start Time = ").append(this.startTime.toString() + LF); // $NON-NLS-1$ sb.append("End Time = ").append(this.endTime.toString() + LF); // $NON-NLS-1$ sb.append("Renew Till = ").append(this.renewTill.toString() + LF); // $NON-NLS-1$ sb.append("Client Addresses "); // $NON-NLS-1$ if (clientAddresses != null) { for (int i = 0; i < clientAddresses.length; i++) { if (clientAddresses[i] == null) { throw new NullPointerException(Messages.getString("auth.46")); // $NON-NLS-1$ } sb.append("clientAddresses[" + i + "] = ") .append( clientAddresses[i].toString() + LF + "\t\t"); //$NON-NLS-1$ //$NON-NLS-2$ //$NON-NLS-3$ } } else { sb.append("null"); // $NON-NLS-1$ } return sb.toString(); }
/** * creates a secret key from a given password * * @param principal * @param password * @param algorithm */ public KeyImpl(KerberosPrincipal principal, char[] password, String algorithm) { // // See http://www.ietf.org/rfc/rfc3961.txt for algorithm description // if (principal == null || password == null) { throw new NullPointerException(); } if (algorithm != null && "DES".compareTo(algorithm) != 0) { // $NON-NLS-1$ throw new IllegalArgumentException(Messages.getString("auth.49")); // $NON-NLS-1$ } keyType = 3; // DES algorithm keyBytes = new byte[8]; String realm = principal.getRealm(); String pname = principal.getName(); StringBuilder buf = new StringBuilder(); buf.append(password); buf.append(realm); buf.append(pname.substring(0, pname.length() - realm.length() - 1)); byte[] tmp = org.apache.harmony.luni.util.Util.getUTF8Bytes(buf.toString()); // pad with 0x00 to 8 byte boundary byte[] raw = new byte[tmp.length + ((tmp.length % 8) == 0 ? 0 : (8 - tmp.length % 8))]; System.arraycopy(tmp, 0, raw, 0, tmp.length); long k1, k2 = 0; boolean isOdd = false; // for each 8-byte block in raw byte array for (int i = 0; i < raw.length; i = i + 8, isOdd = !isOdd) { k1 = 0; if (isOdd) { // reverse for (int j = 7; j > -1; j--) { k1 = (k1 << 7) + REVERSE[raw[i + j] & 0x7F]; } } else { for (int j = 0; j < 8; j++) { k1 = (k1 << 7) + (raw[i + j] & 0x7F); } } k2 = k2 ^ k1; } // 56-bit long to byte array (8 bytes) for (int i = 7; i > -1; i--) { keyBytes[i] = (byte) k2; keyBytes[i] = (byte) (keyBytes[i] << 1); k2 = k2 >> 7; } keyCorrection(keyBytes); // calculate DES-CBC check sum try { Cipher cipher = Cipher.getInstance("DES/CBC/NoPadding"); // $NON-NLS-1$ // use tmp key as IV IvParameterSpec IV = new IvParameterSpec(keyBytes); // do DES encryption SecretKey secretKey = new SecretKeySpec(keyBytes, "DES"); // $NON-NLS-1$ cipher.init(Cipher.ENCRYPT_MODE, secretKey, IV); byte[] enc = cipher.doFinal(raw); // final last block is check sum System.arraycopy(enc, enc.length - 8, keyBytes, 0, 8); keyCorrection(keyBytes); } catch (Exception e) { throw new RuntimeException(Messages.getString("auth.4A"), e); // $NON-NLS-1$ } }