Examples of AsRep

org.apache.directory.shared.kerberos.messages.AsRep
AS-REQ message. It's just a KDC-REP message with a message type set to 11. It will store the object described by the ASN.1 grammar :
```
 AS-REP          ::= [APPLICATION 11]  
```
@author Apache Directory Project

Examples of org.apache.directory.shared.kerberos.messages.AsRep


        handler.messageReceived( session, message );


        Object msg = session.getMessage();
        assertEquals( "session.getMessage() instanceOf", AsRep.class, msg.getClass() );
        AsRep reply = ( AsRep ) msg;


        assertTrue( "Requested end time", requestedEndTime.equals( reply.getEndTime() ) );


        assertTrue( "PRE_AUTHENT flag", reply.getTicket().getEncTicketPart().getFlags().isPreAuth() );
    }

View Full Code Here

Examples of org.apache.directory.shared.kerberos.messages.AsRep

        Asn1Decoder kdcRepDecoder = new Asn1Decoder();


        KdcRepContainer kdcRepContainer = new KdcRepContainer( asRepContainer.getStream() );


        // Store the created AS-REP object into the KDC-REP container
        AsRep asRep = new AsRep();
        kdcRepContainer.setKdcRep( asRep );


        // Decode the KDC_REP PDU
        try
        {
            kdcRepDecoder.decode( asRepContainer.getStream(), kdcRepContainer );
        }
        catch ( DecoderException de )
        {
            throw de;
        }


        // Update the expected length for the current TLV
        tlv.setExpectedLength( tlv.getExpectedLength() - tlv.getLength() );


        // Update the parent
        asRepContainer.updateParent();


        if ( asRep.getMessageType() != KerberosMessageType.AS_REP )
        {
            throw new DecoderException( "Bad message type" );
        }


        asRepContainer.setAsRep( asRep );

View Full Code Here

Examples of org.apache.directory.shared.kerberos.messages.AsRep

        KerberosMessageContainer kerberosMessageContainer = new KerberosMessageContainer();
        kerberosMessageContainer.setStream( repData );
        kerberosMessageContainer.setGathering( true );
        kerberosMessageContainer.setTCP( false );


        AsRep asReply = ( AsRep ) KerberosDecoder.decode( kerberosMessageContainer, new Asn1Decoder() );


        System.out.println( asReply );
        byte[] decryptedEncAsRepPart = cipherTextHandler.decrypt( clientKey, asReply.getEncPart(), KeyUsage.AS_REP_ENC_PART_WITH_CKEY );
        byte[] tmp = new byte[182];
        System.arraycopy( decryptedEncAsRepPart, 0, tmp, 0, 182 );
        EncAsRepPart encAsRepPart = KerberosDecoder.decodeEncAsRepPart( tmp );
        sessionKey = encAsRepPart.getEncKdcRepPart().getKey();
    }

View Full Code Here

Examples of org.apache.directory.shared.kerberos.messages.AsRep

                // We have an error
                LOG.debug( "Authentication failed : {}", kdcRep );
                throw new KerberosException( ( KrbError ) kdcRep );
            }


            AsRep rep = ( AsRep ) kdcRep;
            
            if ( !cName.getNameString().equals( rep.getCName().getNameString() ) )
            {
                throw new KerberosException( ErrorType.KDC_ERR_CLIENT_NAME_MISMATCH );
            }
            
            if ( !realm.equals( rep.getCRealm() ) )
            {
                throw new KerberosException( ErrorType.KRB_ERR_WRONG_REALM );
            }
            
            if ( encryptionType != rep.getEncPart().getEType() )
            {
                encryptionType = rep.getEncPart().getEType();
                clientKey = KerberosKeyFactory.string2Key( clientTgtReq.getClientPrincipal(), clientTgtReq.getPassword(), encryptionType );
            }
            
            byte[] decryptedEncAsRepPart = cipherTextHandler.decrypt( clientKey, rep.getEncPart(), KeyUsage.AS_REP_ENC_PART_WITH_CKEY );
            
            EncKdcRepPart encKdcRepPart = null;
            try
            {
                EncAsRepPart encAsRepPart = KerberosDecoder.decodeEncAsRepPart( decryptedEncAsRepPart );
                encKdcRepPart = encAsRepPart.getEncKdcRepPart();
            } 
            catch( KerberosException e ) 
            {
                LOG.info("Trying an encTgsRepPart instead");
                EncTgsRepPart encTgsRepPart = KerberosDecoder.decodeEncTgsRepPart( decryptedEncAsRepPart );
                encKdcRepPart = encTgsRepPart.getEncKdcRepPart();
            }
            
            if ( currentNonce != encKdcRepPart.getNonce() )
            {
                throw new KerberosException( ErrorType.KRB_ERR_GENERIC, "received nonce didn't match with the nonce sent in the request" );
            }
                       
            if ( !encKdcRepPart.getSName().getNameString().equals( clientTgtReq.getSName() ) )
            {
                throw new KerberosException( ErrorType.KDC_ERR_SERVER_NOMATCH );
            }
            
            if ( !encKdcRepPart.getSRealm().equals( clientTgtReq.getRealm() ) )
            {
                throw new KerberosException( ErrorType.KRB_ERR_GENERIC, "received server realm does not match with requested server realm" );
            }
            
            List<HostAddress> hosts = clientTgtReq.getHostAddresses();
            
            if( !hosts.isEmpty() )
            {
                HostAddresses addresses = encKdcRepPart.getClientAddresses();
                for( HostAddress h : hosts )
                {
                    if ( !addresses.contains( h ) )
                    {
                        throw new KerberosException( ErrorType.KRB_ERR_GENERIC, "requested client address" + h + " is not found in the ticket" );
                    }
                }
            }
            
            // Everything is fine, return the response
            LOG.debug( "Authentication successful : {}", kdcRep );
            
            TgTicket tgTicket = new TgTicket( rep.getTicket(), encKdcRepPart, rep.getCName().getNameString() );
            
            return tgTicket;
        }
        catch( KerberosException ke )
        {

View Full Code Here

Examples of org.apache.directory.shared.kerberos.messages.AsRep

    {
        LOG_KRB.debug( "--> Building reply" );
        KdcReq request = authContext.getRequest();
        Ticket ticket = authContext.getTicket();


        AsRep reply = new AsRep();


        reply.setCName( request.getKdcReqBody().getCName() );
        reply.setCRealm( request.getKdcReqBody().getRealm() );
        reply.setTicket( ticket );


        EncKdcRepPart encKdcRepPart = new EncKdcRepPart();
        //session key
        encKdcRepPart.setKey( ticket.getEncTicketPart().getKey() );


        // TODO - fetch lastReq for this client; requires store
        // FIXME temporary fix, IMO we should create some new ATs to store this info in DIT
        LastReq lastReq = new LastReq();
        lastReq.addEntry( new LastReqEntry( LastReqType.TIME_OF_INITIAL_REQ, new KerberosTime() ) );
        encKdcRepPart.setLastReq( lastReq );
        // TODO - resp.key-expiration := client.expiration; requires store


        encKdcRepPart.setNonce( request.getKdcReqBody().getNonce() );


        encKdcRepPart.setFlags( ticket.getEncTicketPart().getFlags() );
        encKdcRepPart.setAuthTime( ticket.getEncTicketPart().getAuthTime() );
        encKdcRepPart.setStartTime( ticket.getEncTicketPart().getStartTime() );
        encKdcRepPart.setEndTime( ticket.getEncTicketPart().getEndTime() );


        if ( ticket.getEncTicketPart().getFlags().isRenewable() )
        {
            encKdcRepPart.setRenewTill( ticket.getEncTicketPart().getRenewTill() );
        }


        encKdcRepPart.setSName( ticket.getSName() );
        encKdcRepPart.setSRealm( ticket.getRealm() );
        encKdcRepPart.setClientAddresses( ticket.getEncTicketPart().getClientAddresses() );


        EncAsRepPart encAsRepPart = new EncAsRepPart();
        encAsRepPart.setEncKdcRepPart( encKdcRepPart );


        if ( LOG_KRB.isDebugEnabled() )
        {
            monitorContext( authContext );
            monitorReply( reply, encKdcRepPart );
        }


        EncryptionKey clientKey = authContext.getClientKey();
        EncryptedData encryptedData = cipherTextHandler.seal( clientKey, encAsRepPart,
            KeyUsage.AS_REP_ENC_PART_WITH_CKEY );
        reply.setEncPart( encryptedData );
        //FIXME the below setter is useless, remove it
        reply.setEncKdcRepPart( encKdcRepPart );


        authContext.setReply( reply );
    }

View Full Code Here

Examples of org.apache.directory.shared.kerberos.messages.AsRep


        stream.flip();


        // Allocate a KdcRep Container
        KdcRepContainer kdcRepContainer = new KdcRepContainer( stream );
        kdcRepContainer.setKdcRep( new AsRep() );


        // Decode the KdcRep PDU
        try
        {
            kerberosDecoder.decode( stream, kdcRepContainer );

View Full Code Here

Examples of org.apache.directory.shared.kerberos.messages.AsRep


        handler.messageReceived( session, message );


        Object msg = session.getMessage();
        assertEquals( "session.getMessage() instanceOf", AsRep.class, msg.getClass() );
        AsRep reply = ( AsRep ) msg;


        KerberosTime expectedEndTime = new KerberosTime( now + KerberosTime.DAY );
        boolean isClose = Math.abs( reply.getEndTime().getTime() - expectedEndTime.getTime() ) < 5000;
        assertTrue( "Expected end time", isClose );
    }

View Full Code Here

Examples of org.apache.directory.shared.kerberos.messages.AsRep


        handler.messageReceived( session, message );


        Object msg = session.getMessage();
        assertEquals( "session.getMessage() instanceOf", AsRep.class, msg.getClass() );
        AsRep reply = ( AsRep ) msg;


        long now = System.currentTimeMillis();
        KerberosTime expectedEndTime = new KerberosTime( now + KerberosTime.DAY );
        boolean isClose = Math.abs( reply.getEndTime().getTime() - expectedEndTime.getTime() ) < 5000;
        assertTrue( "Expected end time", isClose );
    }

View Full Code Here

Examples of org.apache.directory.shared.kerberos.messages.AsRep


        handler.messageReceived( session, message );


        Object msg = session.getMessage();
        assertEquals( "session.getMessage() instanceOf", AsRep.class, msg.getClass() );
        AsRep reply = ( AsRep ) msg;


        assertTrue( "INITIAL flag", reply.getFlags().isInitial() );
        assertFalse( "INVALID flag", reply.getFlags().isInvalid() );


        assertTrue( "INITIAL flag", reply.getTicket().getEncTicketPart().getFlags().isInitial() );
        assertFalse( "INVALID flag", reply.getTicket().getEncTicketPart().getFlags().isInvalid() );


        assertEquals( "Service principal name", "ldap/ldap.example.com", reply.getSName().getNameString() );
        assertEquals( "Service principal name", "ldap/ldap.example.com", reply.getTicket().getSName().getNameString() );
    }

View Full Code Here

Examples of org.apache.directory.shared.kerberos.messages.AsRep


        handler.messageReceived( session, message );


        Object msg = session.getMessage();
        assertEquals( "session.getMessage() instanceOf", AsRep.class, msg.getClass() );
        AsRep reply = ( AsRep ) msg;


        KerberosTime expectedEndTime = new KerberosTime( now + KerberosTime.DAY );
        boolean isClose = Math.abs( reply.getEndTime().getTime() - expectedEndTime.getTime() ) < 5000;
        assertTrue( "Expected end time", isClose );


        assertTrue( "RENEWABLE flag", reply.getFlags().isRenewable() );
        assertFalse( "INVALID flag", reply.getFlags().isInvalid() );


        KerberosTime expectedRenewTillTime = new KerberosTime( now + KerberosTime.WEEK );
        isClose = Math.abs( reply.getRenewTill().getTime() - expectedRenewTillTime.getTime() ) < 5000;
        assertTrue( "Expected renew-till time", isClose );
    }

View Full Code Here

0 1 2 3 4 5

TOP

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.