sun.security.krb5.EncryptedData Java Examples

The following examples show how to use sun.security.krb5.EncryptedData. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source Project: openjdk-jdk8u-backup   Author: AdoptOpenJDK   File: KrbCredSubKey.java    License: GNU General Public License v2.0 9 votes vote down vote up
public static void main(String[] args) throws Exception {

        // We don't care about clock difference
        new FileOutputStream("krb5.conf").write(
                "[libdefaults]\nclockskew=999999999".getBytes());
        System.setProperty("java.security.krb5.conf", "krb5.conf");
        Config.refresh();

        Subject subj = new Subject();
        KerberosPrincipal kp = new KerberosPrincipal(princ);
        KerberosKey kk = new KerberosKey(
                kp, key, EncryptedData.ETYPE_AES128_CTS_HMAC_SHA1_96, 0);
        subj.getPrincipals().add(kp);
        subj.getPrivateCredentials().add(kk);

        Subject.doAs(subj, new PrivilegedExceptionAction() {
            public Object run() throws Exception {
                GSSManager man = GSSManager.getInstance();
                GSSContext ctxt = man.createContext(man.createCredential(
                        null, GSSCredential.INDEFINITE_LIFETIME,
                        GSSUtil.GSS_KRB5_MECH_OID, GSSCredential.ACCEPT_ONLY));
                return ctxt.acceptSecContext(token, 0, token.length);
            }
        });
    }
 
Example #2
Source Project: dragonwell8_jdk   Author: alibaba   File: KerberosPreMasterSecret.java    License: GNU General Public License v2.0 6 votes vote down vote up
/**
 * Constructor used by client to generate premaster secret.
 *
 * Client randomly creates a pre-master secret and encrypts it
 * using the Kerberos session key; only the server can decrypt
 * it, using the session key available in the service ticket.
 *
 * @param protocolVersion used to set preMaster[0,1]
 * @param generator random number generator for generating premaster secret
 * @param sessionKey Kerberos session key for encrypting premaster secret
 */
KerberosPreMasterSecret(ProtocolVersion protocolVersion,
    SecureRandom generator, EncryptionKey sessionKey) throws IOException {

    if (sessionKey.getEType() ==
        EncryptedData.ETYPE_DES3_CBC_HMAC_SHA1_KD) {
        throw new IOException(
           "session keys with des3-cbc-hmac-sha1-kd encryption type " +
           "are not supported for TLS Kerberos cipher suites");
    }

    this.protocolVersion = protocolVersion;
    preMaster = generatePreMaster(generator, protocolVersion);

    // Encrypt premaster secret
    try {
        EncryptedData eData = new EncryptedData(sessionKey, preMaster,
            KeyUsage.KU_UNKNOWN);
        encrypted = eData.getBytes();  // not ASN.1 encoded.

    } catch (KrbException e) {
        throw (SSLKeyException)new SSLKeyException
            ("Kerberos premaster secret error").initCause(e);
    }
}
 
Example #3
Source Project: hottub   Author: dsrg-uoft   File: WeakCrypto.java    License: GNU General Public License v2.0 6 votes vote down vote up
public static void main(String[] args) throws Exception {
    String conf = "[libdefaults]\n" +
            (args.length > 0 ? ("allow_weak_crypto = " + args[0]) : "");
    Files.write(Paths.get("krb5.conf"), conf.getBytes());
    System.setProperty("java.security.krb5.conf", "krb5.conf");

    boolean expected = args.length != 0 && args[0].equals("true");
    int[] etypes = EType.getBuiltInDefaults();

    boolean found = false;
    for (int i=0, length = etypes.length; i<length; i++) {
        if (etypes[i] == EncryptedData.ETYPE_DES_CBC_CRC ||
                etypes[i] == EncryptedData.ETYPE_DES_CBC_MD4 ||
                etypes[i] == EncryptedData.ETYPE_DES_CBC_MD5) {
            found = true;
        }
    }
    if (expected != found) {
        throw new Exception();
    }
}
 
Example #4
Source Project: jdk8u_jdk   Author: JetBrains   File: KerberosPreMasterSecret.java    License: GNU General Public License v2.0 6 votes vote down vote up
/**
 * Constructor used by client to generate premaster secret.
 *
 * Client randomly creates a pre-master secret and encrypts it
 * using the Kerberos session key; only the server can decrypt
 * it, using the session key available in the service ticket.
 *
 * @param protocolVersion used to set preMaster[0,1]
 * @param generator random number generator for generating premaster secret
 * @param sessionKey Kerberos session key for encrypting premaster secret
 */
KerberosPreMasterSecret(ProtocolVersion protocolVersion,
    SecureRandom generator, EncryptionKey sessionKey) throws IOException {

    if (sessionKey.getEType() ==
        EncryptedData.ETYPE_DES3_CBC_HMAC_SHA1_KD) {
        throw new IOException(
           "session keys with des3-cbc-hmac-sha1-kd encryption type " +
           "are not supported for TLS Kerberos cipher suites");
    }

    this.protocolVersion = protocolVersion;
    preMaster = generatePreMaster(generator, protocolVersion);

    // Encrypt premaster secret
    try {
        EncryptedData eData = new EncryptedData(sessionKey, preMaster,
            KeyUsage.KU_UNKNOWN);
        encrypted = eData.getBytes();  // not ASN.1 encoded.

    } catch (KrbException e) {
        throw (SSLKeyException)new SSLKeyException
            ("Kerberos premaster secret error").initCause(e);
    }
}
 
Example #5
Source Project: TencentKona-8   Author: Tencent   File: KerberosPreMasterSecret.java    License: GNU General Public License v2.0 6 votes vote down vote up
/**
 * Constructor used by client to generate premaster secret.
 *
 * Client randomly creates a pre-master secret and encrypts it
 * using the Kerberos session key; only the server can decrypt
 * it, using the session key available in the service ticket.
 *
 * @param protocolVersion used to set preMaster[0,1]
 * @param generator random number generator for generating premaster secret
 * @param sessionKey Kerberos session key for encrypting premaster secret
 */
KerberosPreMasterSecret(ProtocolVersion protocolVersion,
    SecureRandom generator, EncryptionKey sessionKey) throws IOException {

    if (sessionKey.getEType() ==
        EncryptedData.ETYPE_DES3_CBC_HMAC_SHA1_KD) {
        throw new IOException(
           "session keys with des3-cbc-hmac-sha1-kd encryption type " +
           "are not supported for TLS Kerberos cipher suites");
    }

    this.protocolVersion = protocolVersion;
    preMaster = generatePreMaster(generator, protocolVersion);

    // Encrypt premaster secret
    try {
        EncryptedData eData = new EncryptedData(sessionKey, preMaster,
            KeyUsage.KU_UNKNOWN);
        encrypted = eData.getBytes();  // not ASN.1 encoded.

    } catch (KrbException e) {
        throw (SSLKeyException)new SSLKeyException
            ("Kerberos premaster secret error").initCause(e);
    }
}
 
Example #6
Source Project: openjdk-jdk8u   Author: AdoptOpenJDK   File: KrbCredSubKey.java    License: GNU General Public License v2.0 6 votes vote down vote up
public static void main(String[] args) throws Exception {

        // We don't care about clock difference
        new FileOutputStream("krb5.conf").write(
                "[libdefaults]\nclockskew=999999999".getBytes());
        System.setProperty("java.security.krb5.conf", "krb5.conf");
        Config.refresh();

        Subject subj = new Subject();
        KerberosPrincipal kp = new KerberosPrincipal(princ);
        KerberosKey kk = new KerberosKey(
                kp, key, EncryptedData.ETYPE_AES128_CTS_HMAC_SHA1_96, 0);
        subj.getPrincipals().add(kp);
        subj.getPrivateCredentials().add(kk);

        Subject.doAs(subj, new PrivilegedExceptionAction() {
            public Object run() throws Exception {
                GSSManager man = GSSManager.getInstance();
                GSSContext ctxt = man.createContext(man.createCredential(
                        null, GSSCredential.INDEFINITE_LIFETIME,
                        GSSUtil.GSS_KRB5_MECH_OID, GSSCredential.ACCEPT_ONLY));
                return ctxt.acceptSecContext(token, 0, token.length);
            }
        });
    }
 
Example #7
Source Project: jdk8u_jdk   Author: JetBrains   File: KrbCredSubKey.java    License: GNU General Public License v2.0 6 votes vote down vote up
public static void main(String[] args) throws Exception {

        // We don't care about clock difference
        new FileOutputStream("krb5.conf").write(
                "[libdefaults]\nclockskew=999999999".getBytes());
        System.setProperty("java.security.krb5.conf", "krb5.conf");
        Config.refresh();

        Subject subj = new Subject();
        KerberosPrincipal kp = new KerberosPrincipal(princ);
        KerberosKey kk = new KerberosKey(
                kp, key, EncryptedData.ETYPE_AES128_CTS_HMAC_SHA1_96, 0);
        subj.getPrincipals().add(kp);
        subj.getPrivateCredentials().add(kk);

        Subject.doAs(subj, new PrivilegedExceptionAction() {
            public Object run() throws Exception {
                GSSManager man = GSSManager.getInstance();
                GSSContext ctxt = man.createContext(man.createCredential(
                        null, GSSCredential.INDEFINITE_LIFETIME,
                        GSSUtil.GSS_KRB5_MECH_OID, GSSCredential.ACCEPT_ONLY));
                return ctxt.acceptSecContext(token, 0, token.length);
            }
        });
    }
 
Example #8
Source Project: jdk8u-jdk   Author: frohoff   File: KerberosPreMasterSecret.java    License: GNU General Public License v2.0 6 votes vote down vote up
/**
 * Constructor used by client to generate premaster secret.
 *
 * Client randomly creates a pre-master secret and encrypts it
 * using the Kerberos session key; only the server can decrypt
 * it, using the session key available in the service ticket.
 *
 * @param protocolVersion used to set preMaster[0,1]
 * @param generator random number generator for generating premaster secret
 * @param sessionKey Kerberos session key for encrypting premaster secret
 */
KerberosPreMasterSecret(ProtocolVersion protocolVersion,
    SecureRandom generator, EncryptionKey sessionKey) throws IOException {

    if (sessionKey.getEType() ==
        EncryptedData.ETYPE_DES3_CBC_HMAC_SHA1_KD) {
        throw new IOException(
           "session keys with des3-cbc-hmac-sha1-kd encryption type " +
           "are not supported for TLS Kerberos cipher suites");
    }

    this.protocolVersion = protocolVersion;
    preMaster = generatePreMaster(generator, protocolVersion);

    // Encrypt premaster secret
    try {
        EncryptedData eData = new EncryptedData(sessionKey, preMaster,
            KeyUsage.KU_UNKNOWN);
        encrypted = eData.getBytes();  // not ASN.1 encoded.

    } catch (KrbException e) {
        throw (SSLKeyException)new SSLKeyException
            ("Kerberos premaster secret error").initCause(e);
    }
}
 
Example #9
Source Project: hottub   Author: dsrg-uoft   File: KrbCredSubKey.java    License: GNU General Public License v2.0 6 votes vote down vote up
public static void main(String[] args) throws Exception {

        // We don't care about clock difference
        new FileOutputStream("krb5.conf").write(
                "[libdefaults]\nclockskew=999999999".getBytes());
        System.setProperty("java.security.krb5.conf", "krb5.conf");
        Config.refresh();

        Subject subj = new Subject();
        KerberosPrincipal kp = new KerberosPrincipal(princ);
        KerberosKey kk = new KerberosKey(
                kp, key, EncryptedData.ETYPE_AES128_CTS_HMAC_SHA1_96, 0);
        subj.getPrincipals().add(kp);
        subj.getPrivateCredentials().add(kk);

        Subject.doAs(subj, new PrivilegedExceptionAction() {
            public Object run() throws Exception {
                GSSManager man = GSSManager.getInstance();
                GSSContext ctxt = man.createContext(man.createCredential(
                        null, GSSCredential.INDEFINITE_LIFETIME,
                        GSSUtil.GSS_KRB5_MECH_OID, GSSCredential.ACCEPT_ONLY));
                return ctxt.acceptSecContext(token, 0, token.length);
            }
        });
    }
 
Example #10
Source Project: jdk8u60   Author: chenghanpeng   File: KerberosPreMasterSecret.java    License: GNU General Public License v2.0 6 votes vote down vote up
/**
 * Constructor used by client to generate premaster secret.
 *
 * Client randomly creates a pre-master secret and encrypts it
 * using the Kerberos session key; only the server can decrypt
 * it, using the session key available in the service ticket.
 *
 * @param protocolVersion used to set preMaster[0,1]
 * @param generator random number generator for generating premaster secret
 * @param sessionKey Kerberos session key for encrypting premaster secret
 */
KerberosPreMasterSecret(ProtocolVersion protocolVersion,
    SecureRandom generator, EncryptionKey sessionKey) throws IOException {

    if (sessionKey.getEType() ==
        EncryptedData.ETYPE_DES3_CBC_HMAC_SHA1_KD) {
        throw new IOException(
           "session keys with des3-cbc-hmac-sha1-kd encryption type " +
           "are not supported for TLS Kerberos cipher suites");
    }

    this.protocolVersion = protocolVersion;
    preMaster = generatePreMaster(generator, protocolVersion);

    // Encrypt premaster secret
    try {
        EncryptedData eData = new EncryptedData(sessionKey, preMaster,
            KeyUsage.KU_UNKNOWN);
        encrypted = eData.getBytes();  // not ASN.1 encoded.

    } catch (KrbException e) {
        throw (SSLKeyException)new SSLKeyException
            ("Kerberos premaster secret error").initCause(e);
    }
}
 
Example #11
Source Project: openjdk-jdk9   Author: AdoptOpenJDK   File: Ticket.java    License: GNU General Public License v2.0 6 votes vote down vote up
/**
 * Initializes a Ticket object.
 * @param encoding a single DER-encoded value.
 * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
 * @exception IOException if an I/O error occurs while reading encoded data.
 * @exception KrbApErrException if the value read from the DER-encoded data stream does not match the pre-defined value.
 * @exception RealmException if an error occurs while parsing a Realm object.
 */

private void init(DerValue encoding) throws Asn1Exception,
RealmException, KrbApErrException, IOException {
    DerValue der;
    DerValue subDer;
    if (((encoding.getTag() & (byte)0x1F) != Krb5.KRB_TKT)
        || (encoding.isApplication() != true)
        || (encoding.isConstructed() != true))
        throw new Asn1Exception(Krb5.ASN1_BAD_ID);
    der = encoding.getData().getDerValue();
    if (der.getTag() != DerValue.tag_Sequence)
        throw new Asn1Exception(Krb5.ASN1_BAD_ID);
    subDer = der.getData().getDerValue();
    if ((subDer.getTag() & (byte)0x1F) != (byte)0x00)
        throw new Asn1Exception(Krb5.ASN1_BAD_ID);
    tkt_vno = subDer.getData().getBigInteger().intValue();
    if (tkt_vno != Krb5.TICKET_VNO)
        throw new KrbApErrException(Krb5.KRB_AP_ERR_BADVERSION);
    Realm srealm = Realm.parse(der.getData(), (byte)0x01, false);
    sname = PrincipalName.parse(der.getData(), (byte)0x02, false, srealm);
    encPart = EncryptedData.parse(der.getData(), (byte)0x03, false);
    if (der.getData().available() > 0)
        throw new Asn1Exception(Krb5.ASN1_BAD_ID);
}
 
Example #12
Source Project: jdk8u-jdk   Author: lambdalab-mirror   File: KerberosPreMasterSecret.java    License: GNU General Public License v2.0 6 votes vote down vote up
/**
 * Constructor used by client to generate premaster secret.
 *
 * Client randomly creates a pre-master secret and encrypts it
 * using the Kerberos session key; only the server can decrypt
 * it, using the session key available in the service ticket.
 *
 * @param protocolVersion used to set preMaster[0,1]
 * @param generator random number generator for generating premaster secret
 * @param sessionKey Kerberos session key for encrypting premaster secret
 */
KerberosPreMasterSecret(ProtocolVersion protocolVersion,
    SecureRandom generator, EncryptionKey sessionKey) throws IOException {

    if (sessionKey.getEType() ==
        EncryptedData.ETYPE_DES3_CBC_HMAC_SHA1_KD) {
        throw new IOException(
           "session keys with des3-cbc-hmac-sha1-kd encryption type " +
           "are not supported for TLS Kerberos cipher suites");
    }

    this.protocolVersion = protocolVersion;
    preMaster = generatePreMaster(generator, protocolVersion);

    // Encrypt premaster secret
    try {
        EncryptedData eData = new EncryptedData(sessionKey, preMaster,
            KeyUsage.KU_UNKNOWN);
        encrypted = eData.getBytes();  // not ASN.1 encoded.

    } catch (KrbException e) {
        throw (SSLKeyException)new SSLKeyException
            ("Kerberos premaster secret error").initCause(e);
    }
}
 
Example #13
Source Project: jdk8u60   Author: chenghanpeng   File: Ticket.java    License: GNU General Public License v2.0 6 votes vote down vote up
/**
 * Initializes a Ticket object.
 * @param encoding a single DER-encoded value.
 * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
 * @exception IOException if an I/O error occurs while reading encoded data.
 * @exception KrbApErrException if the value read from the DER-encoded data stream does not match the pre-defined value.
 * @exception RealmException if an error occurs while parsing a Realm object.
 */

private void init(DerValue encoding) throws Asn1Exception,
RealmException, KrbApErrException, IOException {
    DerValue der;
    DerValue subDer;
    if (((encoding.getTag() & (byte)0x1F) != Krb5.KRB_TKT)
        || (encoding.isApplication() != true)
        || (encoding.isConstructed() != true))
        throw new Asn1Exception(Krb5.ASN1_BAD_ID);
    der = encoding.getData().getDerValue();
    if (der.getTag() != DerValue.tag_Sequence)
        throw new Asn1Exception(Krb5.ASN1_BAD_ID);
    subDer = der.getData().getDerValue();
    if ((subDer.getTag() & (byte)0x1F) != (byte)0x00)
        throw new Asn1Exception(Krb5.ASN1_BAD_ID);
    tkt_vno = subDer.getData().getBigInteger().intValue();
    if (tkt_vno != Krb5.TICKET_VNO)
        throw new KrbApErrException(Krb5.KRB_AP_ERR_BADVERSION);
    Realm srealm = Realm.parse(der.getData(), (byte)0x01, false);
    sname = PrincipalName.parse(der.getData(), (byte)0x02, false, srealm);
    encPart = EncryptedData.parse(der.getData(), (byte)0x03, false);
    if (der.getData().available() > 0)
        throw new Asn1Exception(Krb5.ASN1_BAD_ID);
}
 
Example #14
Source Project: jdk8u60   Author: chenghanpeng   File: KrbCredSubKey.java    License: GNU General Public License v2.0 6 votes vote down vote up
public static void main(String[] args) throws Exception {

        // We don't care about clock difference
        new FileOutputStream("krb5.conf").write(
                "[libdefaults]\nclockskew=999999999".getBytes());
        System.setProperty("java.security.krb5.conf", "krb5.conf");
        Config.refresh();

        Subject subj = new Subject();
        KerberosPrincipal kp = new KerberosPrincipal(princ);
        KerberosKey kk = new KerberosKey(
                kp, key, EncryptedData.ETYPE_AES128_CTS_HMAC_SHA1_96, 0);
        subj.getPrincipals().add(kp);
        subj.getPrivateCredentials().add(kk);

        Subject.doAs(subj, new PrivilegedExceptionAction() {
            public Object run() throws Exception {
                GSSManager man = GSSManager.getInstance();
                GSSContext ctxt = man.createContext(man.createCredential(
                        null, GSSCredential.INDEFINITE_LIFETIME,
                        GSSUtil.GSS_KRB5_MECH_OID, GSSCredential.ACCEPT_ONLY));
                return ctxt.acceptSecContext(token, 0, token.length);
            }
        });
    }
 
Example #15
Source Project: jdk1.8-source-analysis   Author: raysonfang   File: KeyImpl.java    License: Apache License 2.0 5 votes vote down vote up
private String getAlgorithmName(int eType) {
    if (destroyed)
        throw new IllegalStateException("This key is no longer valid");

    switch (eType) {
    case EncryptedData.ETYPE_DES_CBC_CRC:
    case EncryptedData.ETYPE_DES_CBC_MD5:
        return "DES";

    case EncryptedData.ETYPE_DES3_CBC_HMAC_SHA1_KD:
        return "DESede";

    case EncryptedData.ETYPE_ARCFOUR_HMAC:
        return "ArcFourHmac";

    case EncryptedData.ETYPE_AES128_CTS_HMAC_SHA1_96:
        return "AES128";

    case EncryptedData.ETYPE_AES256_CTS_HMAC_SHA1_96:
        return "AES256";

    case EncryptedData.ETYPE_NULL:
        return "NULL";

    default:
        throw new IllegalArgumentException(
            "Unsupported encryption type: " + eType);
    }
}
 
Example #16
Source Project: jdk8u_jdk   Author: JetBrains   File: KeyImpl.java    License: GNU General Public License v2.0 5 votes vote down vote up
private String getAlgorithmName(int eType) {
    if (destroyed)
        throw new IllegalStateException("This key is no longer valid");

    switch (eType) {
    case EncryptedData.ETYPE_DES_CBC_CRC:
    case EncryptedData.ETYPE_DES_CBC_MD5:
        return "DES";

    case EncryptedData.ETYPE_DES3_CBC_HMAC_SHA1_KD:
        return "DESede";

    case EncryptedData.ETYPE_ARCFOUR_HMAC:
        return "ArcFourHmac";

    case EncryptedData.ETYPE_AES128_CTS_HMAC_SHA1_96:
        return "AES128";

    case EncryptedData.ETYPE_AES256_CTS_HMAC_SHA1_96:
        return "AES256";

    case EncryptedData.ETYPE_NULL:
        return "NULL";

    default:
        throw new IllegalArgumentException(
            "Unsupported encryption type: " + eType);
    }
}
 
Example #17
Source Project: hottub   Author: dsrg-uoft   File: Ticket.java    License: GNU General Public License v2.0 5 votes vote down vote up
public Ticket(
              PrincipalName new_sname,
              EncryptedData new_encPart
                  ) {
    tkt_vno = Krb5.TICKET_VNO;
    sname = new_sname;
    encPart = new_encPart;
}
 
Example #18
Source Project: openjdk-jdk8u   Author: AdoptOpenJDK   File: KeyImpl.java    License: GNU General Public License v2.0 5 votes vote down vote up
private String getAlgorithmName(int eType) {
    if (destroyed)
        throw new IllegalStateException("This key is no longer valid");

    switch (eType) {
    case EncryptedData.ETYPE_DES_CBC_CRC:
    case EncryptedData.ETYPE_DES_CBC_MD5:
        return "DES";

    case EncryptedData.ETYPE_DES3_CBC_HMAC_SHA1_KD:
        return "DESede";

    case EncryptedData.ETYPE_ARCFOUR_HMAC:
        return "ArcFourHmac";

    case EncryptedData.ETYPE_AES128_CTS_HMAC_SHA1_96:
        return "AES128";

    case EncryptedData.ETYPE_AES256_CTS_HMAC_SHA1_96:
        return "AES256";

    case EncryptedData.ETYPE_NULL:
        return "NULL";

    default:
        throw new IllegalArgumentException(
            "Unsupported encryption type: " + eType);
    }
}
 
Example #19
Source Project: jdk8u_jdk   Author: JetBrains   File: Ticket.java    License: GNU General Public License v2.0 5 votes vote down vote up
public Ticket(
              PrincipalName new_sname,
              EncryptedData new_encPart
                  ) {
    tkt_vno = Krb5.TICKET_VNO;
    sname = new_sname;
    encPart = new_encPart;
}
 
Example #20
Source Project: openjdk-8-source   Author: keerath   File: KRBPriv.java    License: GNU General Public License v2.0 5 votes vote down vote up
/**
 * Initializes an KRBPriv object.
 * @param encoding a single DER-encoded value.
 * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
 * @exception IOException if an I/O error occurs while reading encoded data.
 * @exception KrbApErrException if the value read from the DER-encoded data
 *  stream does not match the pre-defined value.
 */
private void init(DerValue encoding) throws Asn1Exception,
KrbApErrException, IOException {
    DerValue der, subDer;
    if (((encoding.getTag() & (byte)0x1F) != (byte)0x15)
        || (encoding.isApplication() != true)
        || (encoding.isConstructed() != true))
        throw new Asn1Exception(Krb5.ASN1_BAD_ID);
    der = encoding.getData().getDerValue();
    if (der.getTag() != DerValue.tag_Sequence)
        throw new Asn1Exception(Krb5.ASN1_BAD_ID);
    subDer = der.getData().getDerValue();
    if ((subDer.getTag() & 0x1F) == 0x00) {
        pvno = subDer.getData().getBigInteger().intValue();
        if (pvno != Krb5.PVNO) {
            throw new KrbApErrException(Krb5.KRB_AP_ERR_BADVERSION);
        }
    }
    else
        throw new Asn1Exception(Krb5.ASN1_BAD_ID);
    subDer = der.getData().getDerValue();
    if ((subDer.getTag() & 0x1F) == 0x01) {
        msgType = subDer.getData().getBigInteger().intValue();
        if (msgType != Krb5.KRB_PRIV)
            throw new KrbApErrException(Krb5.KRB_AP_ERR_MSG_TYPE);
    }
    else
        throw new Asn1Exception(Krb5.ASN1_BAD_ID);
    encPart = EncryptedData.parse(der.getData(), (byte)0x03, false);
    if (der.getData().available() >0)
        throw new Asn1Exception(Krb5.ASN1_BAD_ID);
}
 
Example #21
Source Project: dragonwell8_jdk   Author: alibaba   File: Ticket.java    License: GNU General Public License v2.0 5 votes vote down vote up
public Object clone() {
    Ticket new_ticket = new Ticket();
    new_ticket.sname = (PrincipalName)sname.clone();
    new_ticket.encPart = (EncryptedData)encPart.clone();
    new_ticket.tkt_vno = tkt_vno;
    return new_ticket;
}
 
Example #22
Source Project: openjdk-8   Author: bpupadhyaya   File: KRBCred.java    License: GNU General Public License v2.0 5 votes vote down vote up
public KRBCred(Ticket[] new_tickets, EncryptedData new_encPart) throws IOException {
    pvno = Krb5.PVNO;
    msgType = Krb5.KRB_CRED;
    if (new_tickets != null) {
        tickets = new Ticket[new_tickets.length];
        for (int i = 0; i < new_tickets.length; i++) {
            if (new_tickets[i] == null) {
                throw new IOException("Cannot create a KRBCred");
            } else {
                tickets[i] = (Ticket) new_tickets[i].clone();
            }
        }
    }
    encPart = new_encPart;
}
 
Example #23
Source Project: dragonwell8_jdk   Author: alibaba   File: W83.java    License: GNU General Public License v2.0 5 votes vote down vote up
public static void main(String[] args) throws Exception {

        W83 x = new W83();

        // Cannot use OneKDC. kinit command cannot resolve
        // hostname kdc.rabbit.hole
        KDC kdc = new KDC(OneKDC.REALM, "127.0.0.1", 0, true);
        kdc.addPrincipal(OneKDC.USER, OneKDC.PASS);
        kdc.addPrincipalRandKey("krbtgt/" + OneKDC.REALM);
        KDC.saveConfig(OneKDC.KRB5_CONF, kdc);
        System.setProperty("java.security.krb5.conf", OneKDC.KRB5_CONF);
        Config.refresh();

        kdc.writeKtab(OneKDC.KTAB);

        KeyTab ktab = KeyTab.getInstance(OneKDC.KTAB);
        for (int etype: EType.getBuiltInDefaults()) {
            if (etype != EncryptedData.ETYPE_ARCFOUR_HMAC) {
                ktab.deleteEntries(new PrincipalName(OneKDC.USER), etype, -1);
            }
        }
        ktab.save();

        if (System.getProperty("6932525") != null) {
            // For 6932525 and 6951366, make sure the etypes sent in 2nd AS-REQ
            // is not restricted to that of preauth
            kdc.setOption(KDC.Option.ONLY_RC4_TGT, true);
        }
        if (System.getProperty("6959292") != null) {
            // For 6959292, make sure that when etype for enc-part in 2nd AS-REQ
            // is different from that of preauth, client can still decrypt it
            kdc.setOption(KDC.Option.RC4_FIRST_PREAUTH, true);
        }
        x.go();
    }
 
Example #24
Source Project: hottub   Author: dsrg-uoft   File: KRBCred.java    License: GNU General Public License v2.0 5 votes vote down vote up
public KRBCred(Ticket[] new_tickets, EncryptedData new_encPart) throws IOException {
    pvno = Krb5.PVNO;
    msgType = Krb5.KRB_CRED;
    if (new_tickets != null) {
        tickets = new Ticket[new_tickets.length];
        for (int i = 0; i < new_tickets.length; i++) {
            if (new_tickets[i] == null) {
                throw new IOException("Cannot create a KRBCred");
            } else {
                tickets[i] = (Ticket) new_tickets[i].clone();
            }
        }
    }
    encPart = new_encPart;
}
 
Example #25
Source Project: openjdk-jdk8u   Author: AdoptOpenJDK   File: Ticket.java    License: GNU General Public License v2.0 5 votes vote down vote up
public Object clone() {
    Ticket new_ticket = new Ticket();
    new_ticket.sname = (PrincipalName)sname.clone();
    new_ticket.encPart = (EncryptedData)encPart.clone();
    new_ticket.tkt_vno = tkt_vno;
    return new_ticket;
}
 
Example #26
Source Project: openjdk-jdk9   Author: AdoptOpenJDK   File: Ticket.java    License: GNU General Public License v2.0 5 votes vote down vote up
public Object clone() {
    Ticket new_ticket = new Ticket();
    new_ticket.sname = (PrincipalName)sname.clone();
    new_ticket.encPart = (EncryptedData)encPart.clone();
    new_ticket.tkt_vno = tkt_vno;
    return new_ticket;
}
 
Example #27
Source Project: jdk8u-jdk   Author: frohoff   File: APRep.java    License: GNU General Public License v2.0 5 votes vote down vote up
/**
 * Initializes an APRep object.
 * @param encoding a single DER-encoded value.
 * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
 * @exception IOException if an I/O error occurs while reading encoded data.
 * @exception KrbApErrException if the value read from the DER-encoded data
 *  stream does not match the pre-defined value.
 */
private void init(DerValue encoding) throws Asn1Exception,
        KrbApErrException, IOException {

    if (((encoding.getTag() & (byte) (0x1F)) != Krb5.KRB_AP_REP)
            || (encoding.isApplication() != true)
            || (encoding.isConstructed() != true)) {
        throw new Asn1Exception(Krb5.ASN1_BAD_ID);
    }
    DerValue der = encoding.getData().getDerValue();
    if (der.getTag() != DerValue.tag_Sequence) {
        throw new Asn1Exception(Krb5.ASN1_BAD_ID);
    }
    DerValue subDer = der.getData().getDerValue();
    if ((subDer.getTag() & (byte) 0x1F) != (byte) 0x00) {
        throw new Asn1Exception(Krb5.ASN1_BAD_ID);
    }
    pvno = subDer.getData().getBigInteger().intValue();
    if (pvno != Krb5.PVNO) {
        throw new KrbApErrException(Krb5.KRB_AP_ERR_BADVERSION);
    }
    subDer = der.getData().getDerValue();
    if ((subDer.getTag() & (byte) 0x1F) != (byte) 0x01) {
        throw new Asn1Exception(Krb5.ASN1_BAD_ID);
    }
    msgType = subDer.getData().getBigInteger().intValue();
    if (msgType != Krb5.KRB_AP_REP) {
        throw new KrbApErrException(Krb5.KRB_AP_ERR_MSG_TYPE);
    }
    encPart = EncryptedData.parse(der.getData(), (byte) 0x02, false);
    if (der.getData().available() > 0) {
        throw new Asn1Exception(Krb5.ASN1_BAD_ID);
    }
}
 
Example #28
Source Project: jdk8u_jdk   Author: JetBrains   File: TGSRep.java    License: GNU General Public License v2.0 5 votes vote down vote up
public TGSRep(
              PAData[] new_pAData,
              PrincipalName new_cname,
              Ticket new_ticket,
              EncryptedData new_encPart
                  ) throws IOException {
    super(new_pAData, new_cname, new_ticket,
          new_encPart, Krb5.KRB_TGS_REP);
}
 
Example #29
Source Project: jdk8u_jdk   Author: JetBrains   File: APRep.java    License: GNU General Public License v2.0 5 votes vote down vote up
/**
 * Initializes an APRep object.
 * @param encoding a single DER-encoded value.
 * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
 * @exception IOException if an I/O error occurs while reading encoded data.
 * @exception KrbApErrException if the value read from the DER-encoded data
 *  stream does not match the pre-defined value.
 */
private void init(DerValue encoding) throws Asn1Exception,
        KrbApErrException, IOException {

    if (((encoding.getTag() & (byte) (0x1F)) != Krb5.KRB_AP_REP)
            || (encoding.isApplication() != true)
            || (encoding.isConstructed() != true)) {
        throw new Asn1Exception(Krb5.ASN1_BAD_ID);
    }
    DerValue der = encoding.getData().getDerValue();
    if (der.getTag() != DerValue.tag_Sequence) {
        throw new Asn1Exception(Krb5.ASN1_BAD_ID);
    }
    DerValue subDer = der.getData().getDerValue();
    if ((subDer.getTag() & (byte) 0x1F) != (byte) 0x00) {
        throw new Asn1Exception(Krb5.ASN1_BAD_ID);
    }
    pvno = subDer.getData().getBigInteger().intValue();
    if (pvno != Krb5.PVNO) {
        throw new KrbApErrException(Krb5.KRB_AP_ERR_BADVERSION);
    }
    subDer = der.getData().getDerValue();
    if ((subDer.getTag() & (byte) 0x1F) != (byte) 0x01) {
        throw new Asn1Exception(Krb5.ASN1_BAD_ID);
    }
    msgType = subDer.getData().getBigInteger().intValue();
    if (msgType != Krb5.KRB_AP_REP) {
        throw new KrbApErrException(Krb5.KRB_AP_ERR_MSG_TYPE);
    }
    encPart = EncryptedData.parse(der.getData(), (byte) 0x02, false);
    if (der.getData().available() > 0) {
        throw new Asn1Exception(Krb5.ASN1_BAD_ID);
    }
}
 
Example #30
Source Project: TencentKona-8   Author: Tencent   File: Ticket.java    License: GNU General Public License v2.0 5 votes vote down vote up
public Ticket(
              PrincipalName new_sname,
              EncryptedData new_encPart
                  ) {
    tkt_vno = Krb5.TICKET_VNO;
    sname = new_sname;
    encPart = new_encPart;
}