private Krb5InitCredential(
Krb5NameElement name,
byte[] asn1Encoding,
KerberosPrincipal client,
KerberosPrincipal server,
byte[] sessionKey,
int keyType,
boolean[] flags,
Date authTime,
Date startTime,
Date endTime,
Date renewTill,
InetAddress[] clientAddresses)
throws GSSException {
super(
asn1Encoding,
client,
server,
sessionKey,
keyType,
flags,
authTime,
startTime,
endTime,
renewTill,
clientAddresses);
this.name = name;
try {
// Cache this for later use by the sun.security.krb5 package.
krb5Credentials =
new Credentials(
asn1Encoding,
client.getName(),
server.getName(),
sessionKey,
keyType,
flags,
authTime,
startTime,
endTime,
renewTill,
clientAddresses);
} catch (KrbException e) {
throw new GSSException(GSSException.NO_CRED, -1, e.getMessage());
} catch (IOException e) {
throw new GSSException(GSSException.NO_CRED, -1, e.getMessage());
}
}
/**
* Constructs a KeyImpl from a password.
*
* @param principal the principal from which to derive the salt
* @param password the password that should be used to compute the key.
* @param algorithm the name for the algorithm that this key wil be used for. This parameter may
* be null in which case "DES" will be assumed.
*/
public KeyImpl(KerberosPrincipal principal, char[] password, String algorithm) {
try {
PrincipalName princ = new PrincipalName(principal.getName());
EncryptionKey key = new EncryptionKey(password, princ.getSalt(), algorithm);
this.keyBytes = key.getBytes();
this.keyType = key.getEType();
} catch (KrbException e) {
throw new IllegalArgumentException(e.getMessage());
}
}
@Override
public String toString() {
checkState();
StringBuilder sb = new StringBuilder();
sb.append("Ticket = ")
.append(Array.toString(asn1Encoding, "(hex) ") + LF); // $NON-NLS-1$ //$NON-NLS-2$
sb.append("Client Principal = ").append(client.getName() + LF); // $NON-NLS-1$
sb.append("Server Principal = ").append(server.getName() + LF); // $NON-NLS-1$
// TODO: append session key
sb.append("Session Key = ").append(sessionKey.toString() + LF); // $NON-NLS-1$
sb.append("Forwardable Ticket = ").append(flags[FORWARDABLE] + LF); // $NON-NLS-1$
sb.append("Forwarded Ticket = ").append(flags[FORWARDED] + LF); // $NON-NLS-1$
sb.append("Proxiable Ticket = ").append(flags[PROXIABLE] + LF); // $NON-NLS-1$
sb.append("Proxy Ticket = ").append(flags[PROXY] + LF); // $NON-NLS-1$
sb.append("Postdated Ticket = ").append(flags[POSTDATED] + LF); // $NON-NLS-1$
sb.append("Renewable Ticket = ").append(flags[RENEWABLE] + LF); // $NON-NLS-1$
sb.append("Initial Ticket = ").append(flags[INITIAL] + LF); // $NON-NLS-1$
sb.append("Auth Time = ").append(this.authTime.toString() + LF); // $NON-NLS-1$
sb.append("Start Time = ").append(this.startTime.toString() + LF); // $NON-NLS-1$
sb.append("End Time = ").append(this.endTime.toString() + LF); // $NON-NLS-1$
sb.append("Renew Till = ").append(this.renewTill.toString() + LF); // $NON-NLS-1$
sb.append("Client Addresses "); // $NON-NLS-1$
if (clientAddresses != null) {
for (int i = 0; i < clientAddresses.length; i++) {
if (clientAddresses[i] == null) {
throw new NullPointerException(Messages.getString("auth.46")); // $NON-NLS-1$
}
sb.append("clientAddresses[" + i + "] = ")
.append(
clientAddresses[i].toString()
+ LF
+ "\t\t"); //$NON-NLS-1$ //$NON-NLS-2$ //$NON-NLS-3$
}
} else {
sb.append("null"); // $NON-NLS-1$
}
return sb.toString();
}
/**
* creates a secret key from a given password
*
* @param principal
* @param password
* @param algorithm
*/
public KeyImpl(KerberosPrincipal principal, char[] password, String algorithm) {
//
// See http://www.ietf.org/rfc/rfc3961.txt for algorithm description
//
if (principal == null || password == null) {
throw new NullPointerException();
}
if (algorithm != null && "DES".compareTo(algorithm) != 0) { // $NON-NLS-1$
throw new IllegalArgumentException(Messages.getString("auth.49")); // $NON-NLS-1$
}
keyType = 3; // DES algorithm
keyBytes = new byte[8];
String realm = principal.getRealm();
String pname = principal.getName();
StringBuilder buf = new StringBuilder();
buf.append(password);
buf.append(realm);
buf.append(pname.substring(0, pname.length() - realm.length() - 1));
byte[] tmp = org.apache.harmony.luni.util.Util.getUTF8Bytes(buf.toString());
// pad with 0x00 to 8 byte boundary
byte[] raw = new byte[tmp.length + ((tmp.length % 8) == 0 ? 0 : (8 - tmp.length % 8))];
System.arraycopy(tmp, 0, raw, 0, tmp.length);
long k1, k2 = 0;
boolean isOdd = false;
// for each 8-byte block in raw byte array
for (int i = 0; i < raw.length; i = i + 8, isOdd = !isOdd) {
k1 = 0;
if (isOdd) {
// reverse
for (int j = 7; j > -1; j--) {
k1 = (k1 << 7) + REVERSE[raw[i + j] & 0x7F];
}
} else {
for (int j = 0; j < 8; j++) {
k1 = (k1 << 7) + (raw[i + j] & 0x7F);
}
}
k2 = k2 ^ k1;
}
// 56-bit long to byte array (8 bytes)
for (int i = 7; i > -1; i--) {
keyBytes[i] = (byte) k2;
keyBytes[i] = (byte) (keyBytes[i] << 1);
k2 = k2 >> 7;
}
keyCorrection(keyBytes);
// calculate DES-CBC check sum
try {
Cipher cipher = Cipher.getInstance("DES/CBC/NoPadding"); // $NON-NLS-1$
// use tmp key as IV
IvParameterSpec IV = new IvParameterSpec(keyBytes);
// do DES encryption
SecretKey secretKey = new SecretKeySpec(keyBytes, "DES"); // $NON-NLS-1$
cipher.init(Cipher.ENCRYPT_MODE, secretKey, IV);
byte[] enc = cipher.doFinal(raw);
// final last block is check sum
System.arraycopy(enc, enc.length - 8, keyBytes, 0, 8);
keyCorrection(keyBytes);
} catch (Exception e) {
throw new RuntimeException(Messages.getString("auth.4A"), e); // $NON-NLS-1$
}
}
