1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20 package org.apache.directory.server.kerberos.shared.store;
21
22
23 import java.io.IOException;
24 import java.net.InetAddress;
25 import java.util.Date;
26
27 import javax.security.auth.kerberos.KerberosKey;
28 import javax.security.auth.kerberos.KerberosPrincipal;
29 import javax.security.auth.kerberos.KerberosTicket;
30
31 import org.apache.directory.server.kerberos.shared.KerberosConstants;
32 import org.apache.directory.server.kerberos.shared.crypto.encryption.CipherTextHandler;
33 import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
34 import org.apache.directory.server.kerberos.shared.crypto.encryption.KeyUsage;
35 import org.apache.directory.server.kerberos.shared.crypto.encryption.RandomKeyFactory;
36 import org.apache.directory.server.kerberos.shared.exceptions.KerberosException;
37 import org.apache.directory.server.kerberos.shared.io.encoder.TicketEncoder;
38 import org.apache.directory.server.kerberos.shared.messages.components.EncTicketPart;
39 import org.apache.directory.server.kerberos.shared.messages.components.EncTicketPartModifier;
40 import org.apache.directory.server.kerberos.shared.messages.components.Ticket;
41 import org.apache.directory.server.kerberos.shared.messages.value.EncryptedData;
42 import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
43 import org.apache.directory.server.kerberos.shared.messages.value.KerberosTime;
44 import org.apache.directory.server.kerberos.shared.messages.value.TransitedEncoding;
45 import org.apache.directory.server.kerberos.shared.messages.value.flags.TicketFlag;
46 import org.apache.directory.server.kerberos.shared.messages.value.flags.TicketFlags;
47
48
49
50
51
52
53 public class TicketFactory
54 {
55
56 private static final int ONE_DAY = 86400000;
57
58
59 private static final int ONE_WEEK = 86400000 * 7;
60
61 private CipherTextHandler cipherTextHandler = new CipherTextHandler();
62
63
64
65
66
67
68
69
70
71 public EncryptionKey getServerKey( KerberosPrincipal serverPrincipal, String serverPassword )
72 {
73 KerberosKey serverKerberosKey = new KerberosKey( serverPrincipal, serverPassword.toCharArray(), "DES" );
74 byte[] serverKeyBytes = serverKerberosKey.getEncoded();
75 EncryptionKey serverKey = new EncryptionKey( EncryptionType.DES_CBC_MD5, serverKeyBytes );
76
77 return serverKey;
78 }
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95 public Ticket getTicket( KerberosPrincipal clientPrincipal, KerberosPrincipal serverPrincipal,
96 EncryptionKey serverKey ) throws KerberosException
97 {
98 EncTicketPartModifier encTicketModifier = new EncTicketPartModifier();
99
100 TicketFlags ticketFlags = new TicketFlags();
101 ticketFlags.setFlag( TicketFlag.RENEWABLE );
102 encTicketModifier.setFlags( ticketFlags );
103
104 EncryptionKey sessionKey = RandomKeyFactory.getRandomKey( EncryptionType.DES_CBC_MD5 );
105
106 encTicketModifier.setSessionKey( sessionKey );
107 encTicketModifier.setClientPrincipal( clientPrincipal );
108 encTicketModifier.setTransitedEncoding( new TransitedEncoding() );
109 encTicketModifier.setAuthTime( new KerberosTime() );
110
111 long now = System.currentTimeMillis();
112 KerberosTime endTime = new KerberosTime( now + ONE_DAY );
113 encTicketModifier.setEndTime( endTime );
114
115 KerberosTime renewTill = new KerberosTime( now + ONE_WEEK );
116 encTicketModifier.setRenewTill( renewTill );
117
118 EncTicketPart encTicketPart = encTicketModifier.getEncTicketPart();
119
120 EncryptedData encryptedTicketPart = cipherTextHandler.seal( serverKey, encTicketPart, KeyUsage.NUMBER2 );
121
122 Ticket ticket = new Ticket();
123 ticket.setTktVno( KerberosConstants.KERBEROS_V5 );
124 ticket.setServerPrincipal( serverPrincipal );
125 ticket.setEncPart( encryptedTicketPart );
126
127 ticket.setEncTicketPart( encTicketPart );
128
129 return ticket;
130 }
131
132
133
134
135
136
137
138
139
140 public KerberosTicket getKerberosTicket( Ticket ticket ) throws IOException
141 {
142 byte[] asn1Encoding = TicketEncoder.encodeTicket( ticket );
143
144 KerberosPrincipal client = ticket.getEncTicketPart().getClientPrincipal();
145 KerberosPrincipal server = ticket.getServerPrincipal();
146 byte[] sessionKey = ticket.getEncTicketPart().getSessionKey().getKeyValue();
147 int keyType = ticket.getEncTicketPart().getSessionKey().getKeyType().getOrdinal();
148
149 boolean[] flags = new boolean[32];
150
151 for ( int ii = 0; ii < flags.length; ii++ )
152 {
153 flags[ii] = ticket.getEncTicketPart().getFlags().isFlagSet( ii );
154 }
155
156 Date authTime = ticket.getEncTicketPart().getAuthTime().toDate();
157 Date endTime = ticket.getEncTicketPart().getEndTime().toDate();
158
159 Date startTime = ( ticket.getEncTicketPart().getStartTime() != null ? ticket.getEncTicketPart().getStartTime().toDate() : null );
160
161 Date renewTill = null;
162
163 if ( ticket.getEncTicketPart().getFlags().isRenewable() )
164 {
165 renewTill = ( ticket.getEncTicketPart().getRenewTill() != null ? ticket.getEncTicketPart().getRenewTill().toDate() : null );
166 }
167
168 InetAddress[] clientAddresses = new InetAddress[0];
169
170 return new KerberosTicket( asn1Encoding, client, server, sessionKey, keyType, flags, authTime, startTime,
171 endTime, renewTill, clientAddresses );
172 }
173 }