Java EncryptionUtil примеры использования

Язык программирования: Java

Пространство имен/Пакет: org.apache.kerby.kerberos.kerb.common

Класс/Тип: EncryptionUtil

Примеров на hotexamples.com: 2

Java EncryptionUtil - 2 примера найдено. Это лучшие примеры Java кода для org.apache.kerby.kerberos.kerb.common.EncryptionUtil, полученные из open source проектов. Вы можете ставить оценку каждому примеру, чтобы помочь нам улучшить качество примеров.

Основные методы

Показать Скрыть

seal(1)

unseal(1)

Пример #1

Показать файл

Файл: TgsRequest.java Проект: jiteshmohan/directory-kerby

  /** {@inheritDoc} */
  @Override
  protected void makeReply() throws KrbException {
    Ticket ticket = getTicket();

    TgsRep reply = new TgsRep();

    if (getClientEntry() == null) {
      reply.setCname(ticket.getEncPart().getCname());
    } else {
      reply.setCname(getClientEntry().getPrincipal());
    }
    reply.setCrealm(getKdcContext().getKdcRealm());
    reply.setTicket(ticket);

    EncKdcRepPart encKdcRepPart = makeEncKdcRepPart();
    reply.setEncPart(encKdcRepPart);

    EncryptionKey sessionKey;
    if (getToken() != null) {
      sessionKey = getSessionKey();
    } else {
      sessionKey = getTgtSessionKey();
    }
    EncryptedData encryptedData =
        EncryptionUtil.seal(encKdcRepPart, sessionKey, KeyUsage.TGS_REP_ENCPART_SESSKEY);
    reply.setEncryptedEncPart(encryptedData);

    setReply(reply);
  }

Пример #2

Показать файл

Файл: TgsRequest.java Проект: jiteshmohan/directory-kerby

  /**
   * Verify authenticator.
   *
   * @throws org.apache.kerby.kerberos.kerb.KrbException e
   * @param paDataEntry preauthentication data entry
   */
  public void verifyAuthenticator(PaDataEntry paDataEntry) throws KrbException {
    ApReq apReq = KrbCodec.decode(paDataEntry.getPaDataValue(), ApReq.class);

    if (apReq.getPvno() != KrbConstant.KRB_V5) {
      throw new KrbException(KrbErrorCode.KRB_AP_ERR_BADVERSION);
    }

    if (apReq.getMsgType() != KrbMessageType.AP_REQ) {
      throw new KrbException(KrbErrorCode.KRB_AP_ERR_MSG_TYPE);
    }

    tgtTicket = apReq.getTicket();
    EncryptionType encType = tgtTicket.getEncryptedEncPart().getEType();
    EncryptionKey tgsKey = getTgsEntry().getKeys().get(encType);
    if (tgtTicket.getTktvno() != KrbConstant.KRB_V5) {
      throw new KrbException(KrbErrorCode.KRB_AP_ERR_BADVERSION);
    }

    EncTicketPart encPart =
        EncryptionUtil.unseal(
            tgtTicket.getEncryptedEncPart(), tgsKey, KeyUsage.KDC_REP_TICKET, EncTicketPart.class);
    tgtTicket.setEncPart(encPart);

    EncryptionKey encKey = null;
    // if (apReq.getApOptions().isFlagSet(ApOptions.USE_SESSION_KEY)) {
    encKey = tgtTicket.getEncPart().getKey();

    if (encKey == null) {
      throw new KrbException(KrbErrorCode.KRB_AP_ERR_NOKEY);
    }
    Authenticator authenticator =
        EncryptionUtil.unseal(
            apReq.getEncryptedAuthenticator(), encKey, KeyUsage.TGS_REQ_AUTH, Authenticator.class);

    if (!authenticator.getCname().equals(tgtTicket.getEncPart().getCname())) {
      throw new KrbException(KrbErrorCode.KRB_AP_ERR_BADMATCH);
    }

    HostAddresses hostAddresses = tgtTicket.getEncPart().getClientAddresses();
    if (hostAddresses == null || hostAddresses.isEmpty()) {
      if (!getKdcContext().getConfig().isEmptyAddressesAllowed()) {
        throw new KrbException(KrbErrorCode.KRB_AP_ERR_BADADDR);
      }
    } else if (!hostAddresses.contains(getClientAddress())) {
      throw new KrbException(KrbErrorCode.KRB_AP_ERR_BADADDR);
    }

    PrincipalName serverPrincipal = tgtTicket.getSname();
    serverPrincipal.setRealm(tgtTicket.getRealm());
    PrincipalName clientPrincipal = authenticator.getCname();
    clientPrincipal.setRealm(authenticator.getCrealm());
    KrbIdentity clientEntry = getEntry(clientPrincipal.getName());
    setClientEntry(clientEntry);

    if (!authenticator
        .getCtime()
        .isInClockSkew(getKdcContext().getConfig().getAllowableClockSkew() * 1000)) {
      throw new KrbException(KrbErrorCode.KRB_AP_ERR_SKEW);
    }

    KerberosTime now = KerberosTime.now();
    KerberosTime startTime = tgtTicket.getEncPart().getStartTime();
    if (startTime == null) {
      startTime = tgtTicket.getEncPart().getAuthTime();
    }
    if (!startTime.lessThan(now)) {
      throw new KrbException(KrbErrorCode.KRB_AP_ERR_TKT_NYV);
    }

    KerberosTime endTime = tgtTicket.getEncPart().getEndTime();
    if (!endTime.greaterThan(now)) {
      throw new KrbException(KrbErrorCode.KRB_AP_ERR_TKT_EXPIRED);
    }

    apReq.getApOptions().setFlag(ApOption.MUTUAL_REQUIRED);

    setTgtSessionKey(tgtTicket.getEncPart().getKey());
  }