Example 1 with KerberosTime
use of sun.security.krb5.internal.KerberosTime in project jdk8u_jdk by JetBrains.
the class MicroTime method main.
public static void main(String[] args) throws Exception {
// We count how many different KerberosTime values
// can be acquired within one second.
KerberosTime t1 = KerberosTime.now();
KerberosTime last = t1;
int count = 0;
while (true) {
KerberosTime t2 = KerberosTime.now();
if (t2.getTime() - t1.getTime() > 1000)
break;
if (!last.equals(t2)) {
last = t2;
count++;
}
}
// difference of 100 musec.
if (count < 10000) {
throw new Exception("What? only " + (1000000 / count) + " musec precision?");
}
}
Also used :
KerberosTime(sun.security.krb5.internal.KerberosTime)
Example 2 with KerberosTime
use of sun.security.krb5.internal.KerberosTime in project jdk8u_jdk by JetBrains.
the class ReplayCacheExpunge method main.
public static void main(String[] args) throws Exception {
// Make sure clockskew is default value
System.setProperty("java.security.krb5.conf", "nothing");
int count = Integer.parseInt(args[0]);
ReplayCache cache = ReplayCache.getInstance("dfl:./");
AuthTimeWithHash a1 = new AuthTimeWithHash(client, server, time(-400), 0, hash("1"));
AuthTimeWithHash a2 = new AuthTimeWithHash(client, server, time(0), 0, hash("4"));
KerberosTime now = new KerberosTime(time(0) * 1000L);
KerberosTime then = new KerberosTime(time(-300) * 1000L);
// Once upon a time, we added a lot of events
for (int i = 0; i < count; i++) {
a1 = new AuthTimeWithHash(client, server, time(-400), 0, hash(""));
cache.checkAndStore(then, a1);
}
// Now, we add a new one. If some conditions hold, the old ones
// will be expunged.
cache.checkAndStore(now, a2);
// and adding an old one will not trigger any error
cache.checkAndStore(now, a1);
}
Also used :
AuthTimeWithHash(sun.security.krb5.internal.rcache.AuthTimeWithHash)
ReplayCache(sun.security.krb5.internal.ReplayCache)
KerberosTime(sun.security.krb5.internal.KerberosTime)
Example 3 with KerberosTime
use of sun.security.krb5.internal.KerberosTime in project jdk8u_jdk by JetBrains.
the class KerberosTime method parse.
/**
* Parse (unmarshal) a kerberostime from a DER input stream. This form
* parsing might be used when expanding a value which is part of
* a constructed sequence and uses explicitly tagged type.
*
* @exception Asn1Exception on error.
* @param data the Der input stream value, which contains
* one or more marshaled value.
* @param explicitTag tag number.
* @param optional indicates if this data field is optional
* @return an instance of KerberosTime.
*
*/
public static KerberosTime parse(DerInputStream data, byte explicitTag, boolean optional) throws Asn1Exception, IOException {
if ((optional) && (((byte) data.peekByte() & (byte) 0x1F) != explicitTag))
return null;
DerValue der = data.getDerValue();
if (explicitTag != (der.getTag() & (byte) 0x1F)) {
throw new Asn1Exception(Krb5.ASN1_BAD_ID);
} else {
DerValue subDer = der.getData().getDerValue();
Date temp = subDer.getGeneralizedTime();
return new KerberosTime(temp.getTime(), 0);
}
}
Also used :
DerValue(sun.security.util.DerValue)
Asn1Exception(sun.security.krb5.Asn1Exception)
Date(java.util.Date)
Example 4 with KerberosTime
use of sun.security.krb5.internal.KerberosTime in project jdk8u_jdk by JetBrains.
the class KrbApReq method authenticate.
private void authenticate(Krb5AcceptCredential cred, InetAddress initiator) throws KrbException, IOException {
int encPartKeyType = apReqMessg.ticket.encPart.getEType();
Integer kvno = apReqMessg.ticket.encPart.getKeyVersionNumber();
EncryptionKey[] keys = cred.getKrb5EncryptionKeys(apReqMessg.ticket.sname);
EncryptionKey dkey = EncryptionKey.findKey(encPartKeyType, kvno, keys);
if (dkey == null) {
throw new KrbException(Krb5.API_INVALID_ARG, "Cannot find key of appropriate type to decrypt AP REP - " + EType.toString(encPartKeyType));
}
byte[] bytes = apReqMessg.ticket.encPart.decrypt(dkey, KeyUsage.KU_TICKET);
byte[] temp = apReqMessg.ticket.encPart.reset(bytes);
EncTicketPart enc_ticketPart = new EncTicketPart(temp);
checkPermittedEType(enc_ticketPart.key.getEType());
byte[] bytes2 = apReqMessg.authenticator.decrypt(enc_ticketPart.key, KeyUsage.KU_AP_REQ_AUTHENTICATOR);
byte[] temp2 = apReqMessg.authenticator.reset(bytes2);
authenticator = new Authenticator(temp2);
ctime = authenticator.ctime;
cusec = authenticator.cusec;
authenticator.ctime = authenticator.ctime.withMicroSeconds(authenticator.cusec);
if (!authenticator.cname.equals(enc_ticketPart.cname)) {
throw new KrbApErrException(Krb5.KRB_AP_ERR_BADMATCH);
}
if (!authenticator.ctime.inClockSkew())
throw new KrbApErrException(Krb5.KRB_AP_ERR_SKEW);
byte[] hash;
try {
hash = MessageDigest.getInstance("MD5").digest(apReqMessg.authenticator.cipher);
} catch (NoSuchAlgorithmException ex) {
throw new AssertionError("Impossible");
}
char[] h = new char[hash.length * 2];
for (int i = 0; i < hash.length; i++) {
h[2 * i] = hexConst[(hash[i] & 0xff) >> 4];
h[2 * i + 1] = hexConst[hash[i] & 0xf];
}
AuthTimeWithHash time = new AuthTimeWithHash(authenticator.cname.toString(), apReqMessg.ticket.sname.toString(), authenticator.ctime.getSeconds(), authenticator.cusec, new String(h));
rcache.checkAndStore(KerberosTime.now(), time);
if (initiator != null) {
// sender host address
HostAddress sender = new HostAddress(initiator);
if (enc_ticketPart.caddr != null && !enc_ticketPart.caddr.inList(sender)) {
if (DEBUG) {
System.out.println(">>> KrbApReq: initiator is " + sender.getInetAddress() + ", but caddr is " + Arrays.toString(enc_ticketPart.caddr.getInetAddresses()));
}
throw new KrbApErrException(Krb5.KRB_AP_ERR_BADADDR);
}
}
// XXX check for repeated authenticator
// if found
// throw new KrbApErrException(Krb5.KRB_AP_ERR_REPEAT);
// else
// save authenticator to check for later
KerberosTime now = KerberosTime.now();
if ((enc_ticketPart.starttime != null && enc_ticketPart.starttime.greaterThanWRTClockSkew(now)) || enc_ticketPart.flags.get(Krb5.TKT_OPTS_INVALID))
throw new KrbApErrException(Krb5.KRB_AP_ERR_TKT_NYV);
// than the allowable clock skew, throws ticket expired exception.
if (enc_ticketPart.endtime != null && now.greaterThanWRTClockSkew(enc_ticketPart.endtime)) {
throw new KrbApErrException(Krb5.KRB_AP_ERR_TKT_EXPIRED);
}
creds = new Credentials(apReqMessg.ticket, authenticator.cname, apReqMessg.ticket.sname, enc_ticketPart.key, enc_ticketPart.flags, enc_ticketPart.authtime, enc_ticketPart.starttime, enc_ticketPart.endtime, enc_ticketPart.renewTill, enc_ticketPart.caddr, enc_ticketPart.authorizationData);
if (DEBUG) {
System.out.println(">>> KrbApReq: authenticate succeed.");
}
}
Also used :
AuthTimeWithHash(sun.security.krb5.internal.rcache.AuthTimeWithHash)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
Example 5 with KerberosTime
use of sun.security.krb5.internal.KerberosTime in project jdk8u_jdk by JetBrains.
the class KeyTabInputStream method readEntry.
KeyTabEntry readEntry(int entryLen, int ktVersion) throws IOException, RealmException {
index = entryLen;
if (index == 0) {
//in native implementation, when the last entry is deleted, a byte 0 is left.
return null;
}
if (index < 0) {
//in native implementation, when one of the entries is deleted, the entry length turns to be negative, and
//the fields are left with 0 bytes
skip(Math.abs(index));
return null;
}
//the number of service names.
int principalNum = read(2);
index -= 2;
if (ktVersion == KRB5_KT_VNO_1) {
//V1 includes realm in the count.
principalNum -= 1;
}
Realm realm = new Realm(readName());
String[] nameParts = new String[principalNum];
for (int i = 0; i < principalNum; i++) {
nameParts[i] = readName();
}
int nameType = read(4);
index -= 4;
PrincipalName service = new PrincipalName(nameType, nameParts, realm);
KerberosTime timeStamp = readTimeStamp();
int keyVersion = read() & 0xff;
index -= 1;
int keyType = read(2);
index -= 2;
int keyLength = read(2);
index -= 2;
byte[] keyblock = readKey(keyLength);
index -= keyLength;
// right, otherwise trust the new nonzero value.
if (index >= 4) {
int extKvno = read(4);
if (extKvno != 0) {
keyVersion = extKvno;
}
index -= 4;
}
// if index is negative, the keytab format must be wrong.
if (index < 0) {
throw new RealmException("Keytab is corrupted");
}
// ignore the left bytes.
skip(index);
return new KeyTabEntry(service, realm, timeStamp, keyVersion, keyType, keyblock);
}
Also used :
PrincipalName(sun.security.krb5.PrincipalName)
Realm(sun.security.krb5.Realm)
RealmException(sun.security.krb5.RealmException)
Aggregations
KerberosTime (sun.security.krb5.internal.KerberosTime)3
AuthTimeWithHash (sun.security.krb5.internal.rcache.AuthTimeWithHash)3
ReplayCache (sun.security.krb5.internal.ReplayCache)2
DerValue (sun.security.util.DerValue)2
InvocationTargetException (java.lang.reflect.InvocationTargetException)1
SeekableByteChannel (java.nio.channels.SeekableByteChannel)1
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1
Date (java.util.Date)1
ListIterator (java.util.ListIterator)1
sun.security.krb5 (sun.security.krb5)1
Asn1Exception (sun.security.krb5.Asn1Exception)1
KrbException (sun.security.krb5.KrbException)1
PrincipalName (sun.security.krb5.PrincipalName)1
Realm (sun.security.krb5.Realm)1
RealmException (sun.security.krb5.RealmException)1
sun.security.krb5.internal (sun.security.krb5.internal)1
KrbApErrException (sun.security.krb5.internal.KrbApErrException)1
CredentialsCache (sun.security.krb5.internal.ccache.CredentialsCache)1
DerOutputStream (sun.security.util.DerOutputStream)1
