Search in sources :

Example 1 with KrbApErrException

use of sun.security.krb5.internal.KrbApErrException in project jdk8u_jdk by JetBrains.

the class KRBPriv method init.

/**
     * Initializes an KRBPriv object.
     * @param encoding a single DER-encoded value.
     * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
     * @exception IOException if an I/O error occurs while reading encoded data.
     * @exception KrbApErrException if the value read from the DER-encoded data
     *  stream does not match the pre-defined value.
     */
private void init(DerValue encoding) throws Asn1Exception, KrbApErrException, IOException {
    DerValue der, subDer;
    if (((encoding.getTag() & (byte) 0x1F) != (byte) 0x15) || (encoding.isApplication() != true) || (encoding.isConstructed() != true))
        throw new Asn1Exception(Krb5.ASN1_BAD_ID);
    der = encoding.getData().getDerValue();
    if (der.getTag() != DerValue.tag_Sequence)
        throw new Asn1Exception(Krb5.ASN1_BAD_ID);
    subDer = der.getData().getDerValue();
    if ((subDer.getTag() & 0x1F) == 0x00) {
        pvno = subDer.getData().getBigInteger().intValue();
        if (pvno != Krb5.PVNO) {
            throw new KrbApErrException(Krb5.KRB_AP_ERR_BADVERSION);
        }
    } else
        throw new Asn1Exception(Krb5.ASN1_BAD_ID);
    subDer = der.getData().getDerValue();
    if ((subDer.getTag() & 0x1F) == 0x01) {
        msgType = subDer.getData().getBigInteger().intValue();
        if (msgType != Krb5.KRB_PRIV)
            throw new KrbApErrException(Krb5.KRB_AP_ERR_MSG_TYPE);
    } else
        throw new Asn1Exception(Krb5.ASN1_BAD_ID);
    encPart = EncryptedData.parse(der.getData(), (byte) 0x03, false);
    if (der.getData().available() > 0)
        throw new Asn1Exception(Krb5.ASN1_BAD_ID);
}
Also used : Asn1Exception(sun.security.krb5.Asn1Exception)

Example 2 with KrbApErrException

use of sun.security.krb5.internal.KrbApErrException in project jdk8u_jdk by JetBrains.

the class KRBSafe method init.

/**
     * Initializes an KRBSafe object.
     * @param encoding a single DER-encoded value.
     * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
     * @exception IOException if an I/O error occurs while reading encoded data.
     * @exception RealmException if an error occurs while parsing a Realm object.
     * @exception KrbApErrException if the value read from the DER-encoded data
     *  stream does not match the pre-defined value.
     */
private void init(DerValue encoding) throws Asn1Exception, RealmException, KrbApErrException, IOException {
    DerValue der, subDer;
    if (((encoding.getTag() & (byte) 0x1F) != (byte) 0x14) || (encoding.isApplication() != true) || (encoding.isConstructed() != true))
        throw new Asn1Exception(Krb5.ASN1_BAD_ID);
    der = encoding.getData().getDerValue();
    if (der.getTag() != DerValue.tag_Sequence)
        throw new Asn1Exception(Krb5.ASN1_BAD_ID);
    subDer = der.getData().getDerValue();
    if ((subDer.getTag() & 0x1F) == 0x00) {
        pvno = subDer.getData().getBigInteger().intValue();
        if (pvno != Krb5.PVNO)
            throw new KrbApErrException(Krb5.KRB_AP_ERR_BADVERSION);
    } else
        throw new Asn1Exception(Krb5.ASN1_BAD_ID);
    subDer = der.getData().getDerValue();
    if ((subDer.getTag() & 0x1F) == 0x01) {
        msgType = subDer.getData().getBigInteger().intValue();
        if (msgType != Krb5.KRB_SAFE)
            throw new KrbApErrException(Krb5.KRB_AP_ERR_MSG_TYPE);
    } else
        throw new Asn1Exception(Krb5.ASN1_BAD_ID);
    safeBody = KRBSafeBody.parse(der.getData(), (byte) 0x02, false);
    cksum = Checksum.parse(der.getData(), (byte) 0x03, false);
    if (der.getData().available() > 0)
        throw new Asn1Exception(Krb5.ASN1_BAD_ID);
}
Also used : Asn1Exception(sun.security.krb5.Asn1Exception)

Example 3 with KrbApErrException

use of sun.security.krb5.internal.KrbApErrException in project jdk8u_jdk by JetBrains.

the class KrbApReq method authenticate.

private void authenticate(Krb5AcceptCredential cred, InetAddress initiator) throws KrbException, IOException {
    int encPartKeyType = apReqMessg.ticket.encPart.getEType();
    Integer kvno = apReqMessg.ticket.encPart.getKeyVersionNumber();
    EncryptionKey[] keys = cred.getKrb5EncryptionKeys(apReqMessg.ticket.sname);
    EncryptionKey dkey = EncryptionKey.findKey(encPartKeyType, kvno, keys);
    if (dkey == null) {
        throw new KrbException(Krb5.API_INVALID_ARG, "Cannot find key of appropriate type to decrypt AP REP - " + EType.toString(encPartKeyType));
    }
    byte[] bytes = apReqMessg.ticket.encPart.decrypt(dkey, KeyUsage.KU_TICKET);
    byte[] temp = apReqMessg.ticket.encPart.reset(bytes);
    EncTicketPart enc_ticketPart = new EncTicketPart(temp);
    checkPermittedEType(enc_ticketPart.key.getEType());
    byte[] bytes2 = apReqMessg.authenticator.decrypt(enc_ticketPart.key, KeyUsage.KU_AP_REQ_AUTHENTICATOR);
    byte[] temp2 = apReqMessg.authenticator.reset(bytes2);
    authenticator = new Authenticator(temp2);
    ctime = authenticator.ctime;
    cusec = authenticator.cusec;
    authenticator.ctime = authenticator.ctime.withMicroSeconds(authenticator.cusec);
    if (!authenticator.cname.equals(enc_ticketPart.cname)) {
        throw new KrbApErrException(Krb5.KRB_AP_ERR_BADMATCH);
    }
    if (!authenticator.ctime.inClockSkew())
        throw new KrbApErrException(Krb5.KRB_AP_ERR_SKEW);
    byte[] hash;
    try {
        hash = MessageDigest.getInstance("MD5").digest(apReqMessg.authenticator.cipher);
    } catch (NoSuchAlgorithmException ex) {
        throw new AssertionError("Impossible");
    }
    char[] h = new char[hash.length * 2];
    for (int i = 0; i < hash.length; i++) {
        h[2 * i] = hexConst[(hash[i] & 0xff) >> 4];
        h[2 * i + 1] = hexConst[hash[i] & 0xf];
    }
    AuthTimeWithHash time = new AuthTimeWithHash(authenticator.cname.toString(), apReqMessg.ticket.sname.toString(), authenticator.ctime.getSeconds(), authenticator.cusec, new String(h));
    rcache.checkAndStore(KerberosTime.now(), time);
    if (initiator != null) {
        // sender host address
        HostAddress sender = new HostAddress(initiator);
        if (enc_ticketPart.caddr != null && !enc_ticketPart.caddr.inList(sender)) {
            if (DEBUG) {
                System.out.println(">>> KrbApReq: initiator is " + sender.getInetAddress() + ", but caddr is " + Arrays.toString(enc_ticketPart.caddr.getInetAddresses()));
            }
            throw new KrbApErrException(Krb5.KRB_AP_ERR_BADADDR);
        }
    }
    // XXX check for repeated authenticator
    // if found
    //    throw new KrbApErrException(Krb5.KRB_AP_ERR_REPEAT);
    // else
    //    save authenticator to check for later
    KerberosTime now = KerberosTime.now();
    if ((enc_ticketPart.starttime != null && enc_ticketPart.starttime.greaterThanWRTClockSkew(now)) || enc_ticketPart.flags.get(Krb5.TKT_OPTS_INVALID))
        throw new KrbApErrException(Krb5.KRB_AP_ERR_TKT_NYV);
    // than the allowable clock skew, throws ticket expired exception.
    if (enc_ticketPart.endtime != null && now.greaterThanWRTClockSkew(enc_ticketPart.endtime)) {
        throw new KrbApErrException(Krb5.KRB_AP_ERR_TKT_EXPIRED);
    }
    creds = new Credentials(apReqMessg.ticket, authenticator.cname, apReqMessg.ticket.sname, enc_ticketPart.key, enc_ticketPart.flags, enc_ticketPart.authtime, enc_ticketPart.starttime, enc_ticketPart.endtime, enc_ticketPart.renewTill, enc_ticketPart.caddr, enc_ticketPart.authorizationData);
    if (DEBUG) {
        System.out.println(">>> KrbApReq: authenticate succeed.");
    }
}
Also used : AuthTimeWithHash(sun.security.krb5.internal.rcache.AuthTimeWithHash) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)

Example 4 with KrbApErrException

use of sun.security.krb5.internal.KrbApErrException in project jdk8u_jdk by JetBrains.

the class DesCbcEType method decrypt.

/**
     * Decrypts the data using DES in CBC mode.
     * @param cipher the input buffer.
     * @param key the key to decrypt the data.
     * @param ivec initialization vector.
     *
     * @modified by Yanni Zhang, Dec 6 99.
     */
public byte[] decrypt(byte[] cipher, byte[] key, byte[] ivec, int usage) throws KrbApErrException, KrbCryptoException {
    /*
         * To meet export control requirements, double check that the
         * key being used is no longer than 64 bits.
         *
         * Note that from a protocol point of view, an
         * algorithm that is not DES will be rejected before this
         * point. Also, a DES key that is not 64 bits will be
         * rejected by a good JCE provider.
         */
    if (key.length > 8)
        throw new KrbCryptoException("Invalid DES Key!");
    byte[] data = new byte[cipher.length];
    Des.cbc_encrypt(cipher, data, key, ivec, false);
    if (!isChecksumValid(data))
        throw new KrbApErrException(Krb5.KRB_AP_ERR_BAD_INTEGRITY);
    return data;
}
Also used : KrbCryptoException(sun.security.krb5.KrbCryptoException)

Example 5 with KrbApErrException

use of sun.security.krb5.internal.KrbApErrException in project jdk8u_jdk by JetBrains.

the class Ticket method init.

/**
     * Initializes a Ticket object.
     * @param encoding a single DER-encoded value.
     * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
     * @exception IOException if an I/O error occurs while reading encoded data.
     * @exception KrbApErrException if the value read from the DER-encoded data stream does not match the pre-defined value.
     * @exception RealmException if an error occurs while parsing a Realm object.
     */
private void init(DerValue encoding) throws Asn1Exception, RealmException, KrbApErrException, IOException {
    DerValue der;
    DerValue subDer;
    if (((encoding.getTag() & (byte) 0x1F) != Krb5.KRB_TKT) || (encoding.isApplication() != true) || (encoding.isConstructed() != true))
        throw new Asn1Exception(Krb5.ASN1_BAD_ID);
    der = encoding.getData().getDerValue();
    if (der.getTag() != DerValue.tag_Sequence)
        throw new Asn1Exception(Krb5.ASN1_BAD_ID);
    subDer = der.getData().getDerValue();
    if ((subDer.getTag() & (byte) 0x1F) != (byte) 0x00)
        throw new Asn1Exception(Krb5.ASN1_BAD_ID);
    tkt_vno = subDer.getData().getBigInteger().intValue();
    if (tkt_vno != Krb5.TICKET_VNO)
        throw new KrbApErrException(Krb5.KRB_AP_ERR_BADVERSION);
    Realm srealm = Realm.parse(der.getData(), (byte) 0x01, false);
    sname = PrincipalName.parse(der.getData(), (byte) 0x02, false, srealm);
    encPart = EncryptedData.parse(der.getData(), (byte) 0x03, false);
    if (der.getData().available() > 0)
        throw new Asn1Exception(Krb5.ASN1_BAD_ID);
}
Also used : Asn1Exception(sun.security.krb5.Asn1Exception) Realm(sun.security.krb5.Realm)

Aggregations

Asn1Exception (sun.security.krb5.Asn1Exception)4 Realm (sun.security.krb5.Realm)2 BigInteger (java.math.BigInteger)1 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1 ListIterator (java.util.ListIterator)1 KrbCryptoException (sun.security.krb5.KrbCryptoException)1 KrbApErrException (sun.security.krb5.internal.KrbApErrException)1 AuthTimeWithHash (sun.security.krb5.internal.rcache.AuthTimeWithHash)1 KerberosString (sun.security.krb5.internal.util.KerberosString)1