AP-REQ ::= [APPLICATION 14] SEQUENCE { pvno [0] INTEGER (5), msg-type [1] INTEGER (14), ap-options [2] APOptions, ticket [3] Ticket, authenticator [4] EncryptedData -- Authenticator }
250251252253254255256257258259260
} private static void verifyTgtAuthHeader( TicketGrantingContext tgsContext ) throws KerberosException { ApReq authHeader = tgsContext.getAuthHeader(); Ticket tgt = tgsContext.getTgt(); boolean isValidate = tgsContext.getRequest().getKdcReqBody().getKdcOptions().get( KdcOptions.VALIDATE ); EncryptionType encryptionType = tgt.getEncPart().getEType();
164165166167168169170171172173174
if ( request.getAuthHeader() == null || request.getAuthHeader().getTicket() == null ) { throw new ChangePasswordException( ErrorType.KRB5_KPASSWD_AUTHERROR ); } ApReq authHeader = request.getAuthHeader(); Ticket ticket = authHeader.getTicket(); changepwContext.setAuthHeader( authHeader ); changepwContext.setTicket( ticket ); }
198199200201202203204205206207208
} private static void verifyServiceTicketAuthHeader( ChangePasswordContext changepwContext ) throws KerberosException { ApReq authHeader = changepwContext.getAuthHeader(); Ticket ticket = changepwContext.getTicket(); EncryptionType encryptionType = ticket.getEncPart().getEType(); EncryptionKey serverKey = changepwContext.getServerEntry().getKeyMap().get( encryptionType );
285286287288289290291292293294295
private static void monitorContext( ChangePasswordContext changepwContext ) throws KerberosException { try { PrincipalStore store = changepwContext.getStore(); ApReq authHeader = changepwContext.getAuthHeader(); Ticket ticket = changepwContext.getTicket(); ReplayCache replayCache = changepwContext.getConfig().getReplayCache(); long clockSkew = changepwContext.getConfig().getAllowableClockSkew(); Authenticator authenticator = changepwContext.getAuthenticator();
4445464748495051525354
* @throws IOException */ public void encode( ByteBuffer buf, ChangePasswordRequest message ) throws IOException { // Build application request bytes ApReq appRequest = message.getAuthHeader(); ApplicationRequestEncoder appEncoder = new ApplicationRequestEncoder(); byte[] encodedAppRequest = appEncoder.encode( appRequest ); // Build private message bytes PrivateMessage privateMessage = message.getPrivateMessage();
5354555657585960616263
short authHeaderLength = buf.getShort(); byte[] undecodedAuthHeader = new byte[authHeaderLength]; buf.get( undecodedAuthHeader, 0, authHeaderLength ); ApReq authHeader = KerberosDecoder.decodeApReq( undecodedAuthHeader ); modifier.setAuthHeader( authHeader ); byte[] encodedPrivate = new byte[buf.remaining()]; buf.get( encodedPrivate, 0, buf.remaining() );
578579580581582583584585586
{ throw new KerberosException( ErrorType.KRB_AP_ERR_BAD_INTEGRITY, de ); } // get the decoded ApReq ApReq apReq = ( ( ApReqContainer ) apReqContainer ).getApReq(); return apReq; }
6869707172737475767778798081
// This will generate a PROTOCOL_ERROR throw new DecoderException( I18n.err( I18n.ERR_04067 ) ); } ApReq apReq = apReqContainer.getApReq(); ApOptions apOptions = new ApOptions( tlv.getValue().getData() ); apReq.setApOptions( apOptions ); if ( IS_DEBUG ) { LOG.debug( "APOptions : {}", apOptions ); }
646566676869707172
// This will generate a PROTOCOL_ERROR throw new DecoderException( I18n.err( I18n.ERR_04067 ) ); } // Create the AP-REQ now ApReq apReq = new ApReq(); apReqContainer.setApReq( apReq ); }
9293949596979899100101102103
// Update the parent apReqContainer.updateParent(); // Store the Ticket in the container Ticket ticket = ticketContainer.getTicket(); ApReq apReq = apReqContainer.getApReq(); apReq.setTicket( ticket ); if ( IS_DEBUG ) { LOG.debug( "Stored ticket: {}", ticket ); }