示例#1
0
 private void readObject(ObjectInputStream ois) throws IOException, ClassNotFoundException {
   try {
     EncryptionKey encKey = new EncryptionKey(new DerValue((byte[]) ois.readObject()));
     keyType = encKey.getEType();
     keyBytes = encKey.getBytes();
   } catch (Asn1Exception ae) {
     throw new IOException(ae.getMessage());
   }
 }
示例#2
0
  /**
   * Constructs a KeyImpl from a password.
   *
   * @param principal the principal from which to derive the salt
   * @param password the password that should be used to compute the key.
   * @param algorithm the name for the algorithm that this key wil be used for. This parameter may
   *     be null in which case "DES" will be assumed.
   */
  public KeyImpl(KerberosPrincipal principal, char[] password, String algorithm) {

    try {
      PrincipalName princ = new PrincipalName(principal.getName());
      EncryptionKey key = new EncryptionKey(password, princ.getSalt(), algorithm);
      this.keyBytes = key.getBytes();
      this.keyType = key.getEType();
    } catch (KrbException e) {
      throw new IllegalArgumentException(e.getMessage());
    }
  }
  static Krb5InitCredential getInstance(Krb5NameElement name, Credentials delegatedCred)
      throws GSSException {

    EncryptionKey sessionKey = delegatedCred.getSessionKey();

    /*
     * all of the following data is optional in a KRB-CRED
     * messages. This check for each field.
     */

    PrincipalName cPrinc = delegatedCred.getClient();
    PrincipalName sPrinc = delegatedCred.getServer();

    KerberosPrincipal client = null;
    KerberosPrincipal server = null;

    Krb5NameElement credName = null;

    if (cPrinc != null) {
      String fullName = cPrinc.getName();
      credName = Krb5NameElement.getInstance(fullName, Krb5MechFactory.NT_GSS_KRB5_PRINCIPAL);
      client = new KerberosPrincipal(fullName);
    }

    // XXX Compare name to credName

    if (sPrinc != null) {
      server = new KerberosPrincipal(sPrinc.getName(), KerberosPrincipal.KRB_NT_SRV_INST);
    }

    return new Krb5InitCredential(
        credName,
        delegatedCred,
        delegatedCred.getEncoded(),
        client,
        server,
        sessionKey.getBytes(),
        sessionKey.getEType(),
        delegatedCred.getFlags(),
        delegatedCred.getAuthTime(),
        delegatedCred.getStartTime(),
        delegatedCred.getEndTime(),
        delegatedCred.getRenewTill(),
        delegatedCred.getClientAddresses());
  }
示例#4
0
 /*     */ public void addEntry(
     PrincipalName paramPrincipalName, char[] paramArrayOfChar, int paramInt, boolean paramBoolean)
     /*     */ throws KrbException
       /*     */ {
   /* 381 */ EncryptionKey[] arrayOfEncryptionKey =
       EncryptionKey.acquireSecretKeys(paramArrayOfChar, paramPrincipalName.getSalt());
   /*     */
   /* 387 */ int i = 0;
   /* 388 */ for (int j = this.entries.size() - 1; j >= 0; j--) {
     /* 389 */ KeyTabEntry localKeyTabEntry1 = (KeyTabEntry) this.entries.get(j);
     /* 390 */ if (localKeyTabEntry1.service.match(paramPrincipalName)) {
       /* 391 */ if (localKeyTabEntry1.keyVersion > i) {
         /* 392 */ i = localKeyTabEntry1.keyVersion;
         /*     */ }
       /* 394 */ if ((!paramBoolean) || (localKeyTabEntry1.keyVersion == paramInt)) {
         /* 395 */ this.entries.removeElementAt(j);
         /*     */ }
       /*     */ }
     /*     */ }
   /* 399 */ if (paramInt == -1) {
     /* 400 */ paramInt = i + 1;
     /*     */ }
   /*     */
   /* 403 */ for (j = 0;
       (arrayOfEncryptionKey != null) && (j < arrayOfEncryptionKey.length);
       j++) {
     /* 404 */ int k = arrayOfEncryptionKey[j].getEType();
     /* 405 */ byte[] arrayOfByte = arrayOfEncryptionKey[j].getBytes();
     /*     */
     /* 407 */ KeyTabEntry localKeyTabEntry2 =
         new KeyTabEntry(
             paramPrincipalName,
             paramPrincipalName.getRealm(),
             new KerberosTime(System.currentTimeMillis()),
             paramInt,
             k,
             arrayOfByte);
     /*     */
     /* 411 */ this.entries.addElement(localKeyTabEntry2);
     /*     */ }
   /*     */ }
示例#5
0
  /**
   * Encodes an EncTicketPart object.
   *
   * @return byte array of encoded EncTicketPart object.
   * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
   * @exception IOException if an I/O error occurs while reading encoded data.
   */
  public byte[] asn1Encode() throws Asn1Exception, IOException {
    DerOutputStream bytes = new DerOutputStream();
    DerOutputStream temp = new DerOutputStream();
    bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x00), flags.asn1Encode());
    bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x01), key.asn1Encode());
    bytes.write(
        DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x02), cname.getRealm().asn1Encode());
    bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x03), cname.asn1Encode());
    bytes.write(
        DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x04), transited.asn1Encode());
    bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x05), authtime.asn1Encode());
    if (starttime != null) {
      bytes.write(
          DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x06), starttime.asn1Encode());
    }
    bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x07), endtime.asn1Encode());

    if (renewTill != null) {
      bytes.write(
          DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x08), renewTill.asn1Encode());
    }

    if (caddr != null) {
      bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x09), caddr.asn1Encode());
    }

    if (authorizationData != null) {
      bytes.write(
          DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x0A),
          authorizationData.asn1Encode());
    }
    temp.write(DerValue.tag_Sequence, bytes);
    bytes = new DerOutputStream();
    bytes.write(DerValue.createTag(DerValue.TAG_APPLICATION, true, (byte) 0x03), temp);
    return bytes.toByteArray();
  }
示例#6
0
  private void init(DerValue encoding) throws Asn1Exception, IOException, RealmException {
    DerValue der, subDer;

    renewTill = null;
    caddr = null;
    authorizationData = null;
    if (((encoding.getTag() & (byte) 0x1F) != (byte) 0x03)
        || (encoding.isApplication() != true)
        || (encoding.isConstructed() != true)) {
      throw new Asn1Exception(Krb5.ASN1_BAD_ID);
    }
    der = encoding.getData().getDerValue();
    if (der.getTag() != DerValue.tag_Sequence) {
      throw new Asn1Exception(Krb5.ASN1_BAD_ID);
    }
    flags = TicketFlags.parse(der.getData(), (byte) 0x00, false);
    key = EncryptionKey.parse(der.getData(), (byte) 0x01, false);
    Realm crealm = Realm.parse(der.getData(), (byte) 0x02, false);
    cname = PrincipalName.parse(der.getData(), (byte) 0x03, false, crealm);
    transited = TransitedEncoding.parse(der.getData(), (byte) 0x04, false);
    authtime = KerberosTime.parse(der.getData(), (byte) 0x05, false);
    starttime = KerberosTime.parse(der.getData(), (byte) 0x06, true);
    endtime = KerberosTime.parse(der.getData(), (byte) 0x07, false);
    if (der.getData().available() > 0) {
      renewTill = KerberosTime.parse(der.getData(), (byte) 0x08, true);
    }
    if (der.getData().available() > 0) {
      caddr = HostAddresses.parse(der.getData(), (byte) 0x09, true);
    }
    if (der.getData().available() > 0) {
      authorizationData = AuthorizationData.parse(der.getData(), (byte) 0x0A, true);
    }
    if (der.getData().available() > 0) {
      throw new Asn1Exception(Krb5.ASN1_BAD_ID);
    }
  }
 /*     */ private void init(DerValue paramDerValue)
     /*     */ throws Asn1Exception, IOException, RealmException
       /*     */ {
   /* 140 */ this.renewTill = null;
   /* 141 */ this.caddr = null;
   /* 142 */ this.authorizationData = null;
   /* 143 */ if (((paramDerValue.getTag() & 0x1F) != 3)
       || (paramDerValue.isApplication() != true)
       || (paramDerValue.isConstructed() != true))
   /*     */ {
     /* 146 */ throw new Asn1Exception(906);
     /*     */ }
   /* 148 */ DerValue localDerValue = paramDerValue.getData().getDerValue();
   /* 149 */ if (localDerValue.getTag() != 48) {
     /* 150 */ throw new Asn1Exception(906);
     /*     */ }
   /* 152 */ this.flags = TicketFlags.parse(localDerValue.getData(), (byte) 0, false);
   /* 153 */ this.key = EncryptionKey.parse(localDerValue.getData(), (byte) 1, false);
   /* 154 */ this.crealm = Realm.parse(localDerValue.getData(), (byte) 2, false);
   /* 155 */ this.cname = PrincipalName.parse(localDerValue.getData(), (byte) 3, false);
   /* 156 */ this.transited = TransitedEncoding.parse(localDerValue.getData(), (byte) 4, false);
   /* 157 */ this.authtime = KerberosTime.parse(localDerValue.getData(), (byte) 5, false);
   /* 158 */ this.starttime = KerberosTime.parse(localDerValue.getData(), (byte) 6, true);
   /* 159 */ this.endtime = KerberosTime.parse(localDerValue.getData(), (byte) 7, false);
   /* 160 */ if (localDerValue.getData().available() > 0) {
     /* 161 */ this.renewTill = KerberosTime.parse(localDerValue.getData(), (byte) 8, true);
     /*     */ }
   /* 163 */ if (localDerValue.getData().available() > 0) {
     /* 164 */ this.caddr = HostAddresses.parse(localDerValue.getData(), (byte) 9, true);
     /*     */ }
   /* 166 */ if (localDerValue.getData().available() > 0) {
     /* 167 */ this.authorizationData =
         AuthorizationData.parse(localDerValue.getData(), (byte) 10, true);
     /*     */ }
   /* 169 */ if (localDerValue.getData().available() > 0) /* 170 */ throw new Asn1Exception(906);
   /*     */ }