sun.security.krb5.EncryptedData Java Examples
The following examples show how to use
sun.security.krb5.EncryptedData.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: KrbCredSubKey.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 9 votes |
|
public static void main(String[] args) throws Exception {
// We don't care about clock difference
new FileOutputStream("krb5.conf").write(
"[libdefaults]\nclockskew=999999999".getBytes());
System.setProperty("java.security.krb5.conf", "krb5.conf");
Config.refresh();
Subject subj = new Subject();
KerberosPrincipal kp = new KerberosPrincipal(princ);
KerberosKey kk = new KerberosKey(
kp, key, EncryptedData.ETYPE_AES128_CTS_HMAC_SHA1_96, 0);
subj.getPrincipals().add(kp);
subj.getPrivateCredentials().add(kk);
Subject.doAs(subj, new PrivilegedExceptionAction() {
public Object run() throws Exception {
GSSManager man = GSSManager.getInstance();
GSSContext ctxt = man.createContext(man.createCredential(
null, GSSCredential.INDEFINITE_LIFETIME,
GSSUtil.GSS_KRB5_MECH_OID, GSSCredential.ACCEPT_ONLY));
return ctxt.acceptSecContext(token, 0, token.length);
}
});
}
Example #2
| Source File: KrbCredSubKey.java From jdk8u60 with GNU General Public License v2.0 | 6 votes |
|
public static void main(String[] args) throws Exception {
// We don't care about clock difference
new FileOutputStream("krb5.conf").write(
"[libdefaults]\nclockskew=999999999".getBytes());
System.setProperty("java.security.krb5.conf", "krb5.conf");
Config.refresh();
Subject subj = new Subject();
KerberosPrincipal kp = new KerberosPrincipal(princ);
KerberosKey kk = new KerberosKey(
kp, key, EncryptedData.ETYPE_AES128_CTS_HMAC_SHA1_96, 0);
subj.getPrincipals().add(kp);
subj.getPrivateCredentials().add(kk);
Subject.doAs(subj, new PrivilegedExceptionAction() {
public Object run() throws Exception {
GSSManager man = GSSManager.getInstance();
GSSContext ctxt = man.createContext(man.createCredential(
null, GSSCredential.INDEFINITE_LIFETIME,
GSSUtil.GSS_KRB5_MECH_OID, GSSCredential.ACCEPT_ONLY));
return ctxt.acceptSecContext(token, 0, token.length);
}
});
}
Example #3
| Source File: WeakCrypto.java From hottub with GNU General Public License v2.0 | 6 votes |
|
public static void main(String[] args) throws Exception {
String conf = "[libdefaults]\n" +
(args.length > 0 ? ("allow_weak_crypto = " + args[0]) : "");
Files.write(Paths.get("krb5.conf"), conf.getBytes());
System.setProperty("java.security.krb5.conf", "krb5.conf");
boolean expected = args.length != 0 && args[0].equals("true");
int[] etypes = EType.getBuiltInDefaults();
boolean found = false;
for (int i=0, length = etypes.length; i<length; i++) {
if (etypes[i] == EncryptedData.ETYPE_DES_CBC_CRC ||
etypes[i] == EncryptedData.ETYPE_DES_CBC_MD4 ||
etypes[i] == EncryptedData.ETYPE_DES_CBC_MD5) {
found = true;
}
}
if (expected != found) {
throw new Exception();
}
}
Example #4
| Source File: KerberosPreMasterSecret.java From dragonwell8_jdk with GNU General Public License v2.0 | 6 votes |
|
/**
* Constructor used by client to generate premaster secret.
*
* Client randomly creates a pre-master secret and encrypts it
* using the Kerberos session key; only the server can decrypt
* it, using the session key available in the service ticket.
*
* @param protocolVersion used to set preMaster[0,1]
* @param generator random number generator for generating premaster secret
* @param sessionKey Kerberos session key for encrypting premaster secret
*/
KerberosPreMasterSecret(ProtocolVersion protocolVersion,
SecureRandom generator, EncryptionKey sessionKey) throws IOException {
if (sessionKey.getEType() ==
EncryptedData.ETYPE_DES3_CBC_HMAC_SHA1_KD) {
throw new IOException(
"session keys with des3-cbc-hmac-sha1-kd encryption type " +
"are not supported for TLS Kerberos cipher suites");
}
this.protocolVersion = protocolVersion;
preMaster = generatePreMaster(generator, protocolVersion);
// Encrypt premaster secret
try {
EncryptedData eData = new EncryptedData(sessionKey, preMaster,
KeyUsage.KU_UNKNOWN);
encrypted = eData.getBytes(); // not ASN.1 encoded.
} catch (KrbException e) {
throw (SSLKeyException)new SSLKeyException
("Kerberos premaster secret error").initCause(e);
}
}
Example #5
| Source File: KerberosPreMasterSecret.java From jdk8u_jdk with GNU General Public License v2.0 | 6 votes |
|
/**
* Constructor used by client to generate premaster secret.
*
* Client randomly creates a pre-master secret and encrypts it
* using the Kerberos session key; only the server can decrypt
* it, using the session key available in the service ticket.
*
* @param protocolVersion used to set preMaster[0,1]
* @param generator random number generator for generating premaster secret
* @param sessionKey Kerberos session key for encrypting premaster secret
*/
KerberosPreMasterSecret(ProtocolVersion protocolVersion,
SecureRandom generator, EncryptionKey sessionKey) throws IOException {
if (sessionKey.getEType() ==
EncryptedData.ETYPE_DES3_CBC_HMAC_SHA1_KD) {
throw new IOException(
"session keys with des3-cbc-hmac-sha1-kd encryption type " +
"are not supported for TLS Kerberos cipher suites");
}
this.protocolVersion = protocolVersion;
preMaster = generatePreMaster(generator, protocolVersion);
// Encrypt premaster secret
try {
EncryptedData eData = new EncryptedData(sessionKey, preMaster,
KeyUsage.KU_UNKNOWN);
encrypted = eData.getBytes(); // not ASN.1 encoded.
} catch (KrbException e) {
throw (SSLKeyException)new SSLKeyException
("Kerberos premaster secret error").initCause(e);
}
}
Example #6
| Source File: KerberosPreMasterSecret.java From TencentKona-8 with GNU General Public License v2.0 | 6 votes |
|
/**
* Constructor used by client to generate premaster secret.
*
* Client randomly creates a pre-master secret and encrypts it
* using the Kerberos session key; only the server can decrypt
* it, using the session key available in the service ticket.
*
* @param protocolVersion used to set preMaster[0,1]
* @param generator random number generator for generating premaster secret
* @param sessionKey Kerberos session key for encrypting premaster secret
*/
KerberosPreMasterSecret(ProtocolVersion protocolVersion,
SecureRandom generator, EncryptionKey sessionKey) throws IOException {
if (sessionKey.getEType() ==
EncryptedData.ETYPE_DES3_CBC_HMAC_SHA1_KD) {
throw new IOException(
"session keys with des3-cbc-hmac-sha1-kd encryption type " +
"are not supported for TLS Kerberos cipher suites");
}
this.protocolVersion = protocolVersion;
preMaster = generatePreMaster(generator, protocolVersion);
// Encrypt premaster secret
try {
EncryptedData eData = new EncryptedData(sessionKey, preMaster,
KeyUsage.KU_UNKNOWN);
encrypted = eData.getBytes(); // not ASN.1 encoded.
} catch (KrbException e) {
throw (SSLKeyException)new SSLKeyException
("Kerberos premaster secret error").initCause(e);
}
}
Example #7
| Source File: KrbCredSubKey.java From openjdk-jdk8u with GNU General Public License v2.0 | 6 votes |
|
public static void main(String[] args) throws Exception {
// We don't care about clock difference
new FileOutputStream("krb5.conf").write(
"[libdefaults]\nclockskew=999999999".getBytes());
System.setProperty("java.security.krb5.conf", "krb5.conf");
Config.refresh();
Subject subj = new Subject();
KerberosPrincipal kp = new KerberosPrincipal(princ);
KerberosKey kk = new KerberosKey(
kp, key, EncryptedData.ETYPE_AES128_CTS_HMAC_SHA1_96, 0);
subj.getPrincipals().add(kp);
subj.getPrivateCredentials().add(kk);
Subject.doAs(subj, new PrivilegedExceptionAction() {
public Object run() throws Exception {
GSSManager man = GSSManager.getInstance();
GSSContext ctxt = man.createContext(man.createCredential(
null, GSSCredential.INDEFINITE_LIFETIME,
GSSUtil.GSS_KRB5_MECH_OID, GSSCredential.ACCEPT_ONLY));
return ctxt.acceptSecContext(token, 0, token.length);
}
});
}
Example #8
| Source File: KrbCredSubKey.java From jdk8u_jdk with GNU General Public License v2.0 | 6 votes |
|
public static void main(String[] args) throws Exception {
// We don't care about clock difference
new FileOutputStream("krb5.conf").write(
"[libdefaults]\nclockskew=999999999".getBytes());
System.setProperty("java.security.krb5.conf", "krb5.conf");
Config.refresh();
Subject subj = new Subject();
KerberosPrincipal kp = new KerberosPrincipal(princ);
KerberosKey kk = new KerberosKey(
kp, key, EncryptedData.ETYPE_AES128_CTS_HMAC_SHA1_96, 0);
subj.getPrincipals().add(kp);
subj.getPrivateCredentials().add(kk);
Subject.doAs(subj, new PrivilegedExceptionAction() {
public Object run() throws Exception {
GSSManager man = GSSManager.getInstance();
GSSContext ctxt = man.createContext(man.createCredential(
null, GSSCredential.INDEFINITE_LIFETIME,
GSSUtil.GSS_KRB5_MECH_OID, GSSCredential.ACCEPT_ONLY));
return ctxt.acceptSecContext(token, 0, token.length);
}
});
}
Example #9
| Source File: KerberosPreMasterSecret.java From jdk8u-jdk with GNU General Public License v2.0 | 6 votes |
|
/**
* Constructor used by client to generate premaster secret.
*
* Client randomly creates a pre-master secret and encrypts it
* using the Kerberos session key; only the server can decrypt
* it, using the session key available in the service ticket.
*
* @param protocolVersion used to set preMaster[0,1]
* @param generator random number generator for generating premaster secret
* @param sessionKey Kerberos session key for encrypting premaster secret
*/
KerberosPreMasterSecret(ProtocolVersion protocolVersion,
SecureRandom generator, EncryptionKey sessionKey) throws IOException {
if (sessionKey.getEType() ==
EncryptedData.ETYPE_DES3_CBC_HMAC_SHA1_KD) {
throw new IOException(
"session keys with des3-cbc-hmac-sha1-kd encryption type " +
"are not supported for TLS Kerberos cipher suites");
}
this.protocolVersion = protocolVersion;
preMaster = generatePreMaster(generator, protocolVersion);
// Encrypt premaster secret
try {
EncryptedData eData = new EncryptedData(sessionKey, preMaster,
KeyUsage.KU_UNKNOWN);
encrypted = eData.getBytes(); // not ASN.1 encoded.
} catch (KrbException e) {
throw (SSLKeyException)new SSLKeyException
("Kerberos premaster secret error").initCause(e);
}
}
Example #10
| Source File: KrbCredSubKey.java From hottub with GNU General Public License v2.0 | 6 votes |
|
public static void main(String[] args) throws Exception {
// We don't care about clock difference
new FileOutputStream("krb5.conf").write(
"[libdefaults]\nclockskew=999999999".getBytes());
System.setProperty("java.security.krb5.conf", "krb5.conf");
Config.refresh();
Subject subj = new Subject();
KerberosPrincipal kp = new KerberosPrincipal(princ);
KerberosKey kk = new KerberosKey(
kp, key, EncryptedData.ETYPE_AES128_CTS_HMAC_SHA1_96, 0);
subj.getPrincipals().add(kp);
subj.getPrivateCredentials().add(kk);
Subject.doAs(subj, new PrivilegedExceptionAction() {
public Object run() throws Exception {
GSSManager man = GSSManager.getInstance();
GSSContext ctxt = man.createContext(man.createCredential(
null, GSSCredential.INDEFINITE_LIFETIME,
GSSUtil.GSS_KRB5_MECH_OID, GSSCredential.ACCEPT_ONLY));
return ctxt.acceptSecContext(token, 0, token.length);
}
});
}
Example #11
| Source File: KerberosPreMasterSecret.java From jdk8u60 with GNU General Public License v2.0 | 6 votes |
|
/**
* Constructor used by client to generate premaster secret.
*
* Client randomly creates a pre-master secret and encrypts it
* using the Kerberos session key; only the server can decrypt
* it, using the session key available in the service ticket.
*
* @param protocolVersion used to set preMaster[0,1]
* @param generator random number generator for generating premaster secret
* @param sessionKey Kerberos session key for encrypting premaster secret
*/
KerberosPreMasterSecret(ProtocolVersion protocolVersion,
SecureRandom generator, EncryptionKey sessionKey) throws IOException {
if (sessionKey.getEType() ==
EncryptedData.ETYPE_DES3_CBC_HMAC_SHA1_KD) {
throw new IOException(
"session keys with des3-cbc-hmac-sha1-kd encryption type " +
"are not supported for TLS Kerberos cipher suites");
}
this.protocolVersion = protocolVersion;
preMaster = generatePreMaster(generator, protocolVersion);
// Encrypt premaster secret
try {
EncryptedData eData = new EncryptedData(sessionKey, preMaster,
KeyUsage.KU_UNKNOWN);
encrypted = eData.getBytes(); // not ASN.1 encoded.
} catch (KrbException e) {
throw (SSLKeyException)new SSLKeyException
("Kerberos premaster secret error").initCause(e);
}
}
Example #12
| Source File: Ticket.java From openjdk-jdk9 with GNU General Public License v2.0 | 6 votes |
|
/**
* Initializes a Ticket object.
* @param encoding a single DER-encoded value.
* @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
* @exception IOException if an I/O error occurs while reading encoded data.
* @exception KrbApErrException if the value read from the DER-encoded data stream does not match the pre-defined value.
* @exception RealmException if an error occurs while parsing a Realm object.
*/
private void init(DerValue encoding) throws Asn1Exception,
RealmException, KrbApErrException, IOException {
DerValue der;
DerValue subDer;
if (((encoding.getTag() & (byte)0x1F) != Krb5.KRB_TKT)
|| (encoding.isApplication() != true)
|| (encoding.isConstructed() != true))
throw new Asn1Exception(Krb5.ASN1_BAD_ID);
der = encoding.getData().getDerValue();
if (der.getTag() != DerValue.tag_Sequence)
throw new Asn1Exception(Krb5.ASN1_BAD_ID);
subDer = der.getData().getDerValue();
if ((subDer.getTag() & (byte)0x1F) != (byte)0x00)
throw new Asn1Exception(Krb5.ASN1_BAD_ID);
tkt_vno = subDer.getData().getBigInteger().intValue();
if (tkt_vno != Krb5.TICKET_VNO)
throw new KrbApErrException(Krb5.KRB_AP_ERR_BADVERSION);
Realm srealm = Realm.parse(der.getData(), (byte)0x01, false);
sname = PrincipalName.parse(der.getData(), (byte)0x02, false, srealm);
encPart = EncryptedData.parse(der.getData(), (byte)0x03, false);
if (der.getData().available() > 0)
throw new Asn1Exception(Krb5.ASN1_BAD_ID);
}
Example #13
| Source File: KerberosPreMasterSecret.java From jdk8u-jdk with GNU General Public License v2.0 | 6 votes |
|
/**
* Constructor used by client to generate premaster secret.
*
* Client randomly creates a pre-master secret and encrypts it
* using the Kerberos session key; only the server can decrypt
* it, using the session key available in the service ticket.
*
* @param protocolVersion used to set preMaster[0,1]
* @param generator random number generator for generating premaster secret
* @param sessionKey Kerberos session key for encrypting premaster secret
*/
KerberosPreMasterSecret(ProtocolVersion protocolVersion,
SecureRandom generator, EncryptionKey sessionKey) throws IOException {
if (sessionKey.getEType() ==
EncryptedData.ETYPE_DES3_CBC_HMAC_SHA1_KD) {
throw new IOException(
"session keys with des3-cbc-hmac-sha1-kd encryption type " +
"are not supported for TLS Kerberos cipher suites");
}
this.protocolVersion = protocolVersion;
preMaster = generatePreMaster(generator, protocolVersion);
// Encrypt premaster secret
try {
EncryptedData eData = new EncryptedData(sessionKey, preMaster,
KeyUsage.KU_UNKNOWN);
encrypted = eData.getBytes(); // not ASN.1 encoded.
} catch (KrbException e) {
throw (SSLKeyException)new SSLKeyException
("Kerberos premaster secret error").initCause(e);
}
}
Example #14
| Source File: Ticket.java From jdk8u60 with GNU General Public License v2.0 | 6 votes |
|
/**
* Initializes a Ticket object.
* @param encoding a single DER-encoded value.
* @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
* @exception IOException if an I/O error occurs while reading encoded data.
* @exception KrbApErrException if the value read from the DER-encoded data stream does not match the pre-defined value.
* @exception RealmException if an error occurs while parsing a Realm object.
*/
private void init(DerValue encoding) throws Asn1Exception,
RealmException, KrbApErrException, IOException {
DerValue der;
DerValue subDer;
if (((encoding.getTag() & (byte)0x1F) != Krb5.KRB_TKT)
|| (encoding.isApplication() != true)
|| (encoding.isConstructed() != true))
throw new Asn1Exception(Krb5.ASN1_BAD_ID);
der = encoding.getData().getDerValue();
if (der.getTag() != DerValue.tag_Sequence)
throw new Asn1Exception(Krb5.ASN1_BAD_ID);
subDer = der.getData().getDerValue();
if ((subDer.getTag() & (byte)0x1F) != (byte)0x00)
throw new Asn1Exception(Krb5.ASN1_BAD_ID);
tkt_vno = subDer.getData().getBigInteger().intValue();
if (tkt_vno != Krb5.TICKET_VNO)
throw new KrbApErrException(Krb5.KRB_AP_ERR_BADVERSION);
Realm srealm = Realm.parse(der.getData(), (byte)0x01, false);
sname = PrincipalName.parse(der.getData(), (byte)0x02, false, srealm);
encPart = EncryptedData.parse(der.getData(), (byte)0x03, false);
if (der.getData().available() > 0)
throw new Asn1Exception(Krb5.ASN1_BAD_ID);
}
Example #15
| Source File: Ticket.java From jdk8u60 with GNU General Public License v2.0 | 5 votes |
|
public Object clone() {
Ticket new_ticket = new Ticket();
new_ticket.sname = (PrincipalName)sname.clone();
new_ticket.encPart = (EncryptedData)encPart.clone();
new_ticket.tkt_vno = tkt_vno;
return new_ticket;
}
Example #16
| Source File: APRep.java From jdk8u60 with GNU General Public License v2.0 | 5 votes |
|
/**
* Initializes an APRep object.
* @param encoding a single DER-encoded value.
* @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
* @exception IOException if an I/O error occurs while reading encoded data.
* @exception KrbApErrException if the value read from the DER-encoded data
* stream does not match the pre-defined value.
*/
private void init(DerValue encoding) throws Asn1Exception,
KrbApErrException, IOException {
if (((encoding.getTag() & (byte) (0x1F)) != Krb5.KRB_AP_REP)
|| (encoding.isApplication() != true)
|| (encoding.isConstructed() != true)) {
throw new Asn1Exception(Krb5.ASN1_BAD_ID);
}
DerValue der = encoding.getData().getDerValue();
if (der.getTag() != DerValue.tag_Sequence) {
throw new Asn1Exception(Krb5.ASN1_BAD_ID);
}
DerValue subDer = der.getData().getDerValue();
if ((subDer.getTag() & (byte) 0x1F) != (byte) 0x00) {
throw new Asn1Exception(Krb5.ASN1_BAD_ID);
}
pvno = subDer.getData().getBigInteger().intValue();
if (pvno != Krb5.PVNO) {
throw new KrbApErrException(Krb5.KRB_AP_ERR_BADVERSION);
}
subDer = der.getData().getDerValue();
if ((subDer.getTag() & (byte) 0x1F) != (byte) 0x01) {
throw new Asn1Exception(Krb5.ASN1_BAD_ID);
}
msgType = subDer.getData().getBigInteger().intValue();
if (msgType != Krb5.KRB_AP_REP) {
throw new KrbApErrException(Krb5.KRB_AP_ERR_MSG_TYPE);
}
encPart = EncryptedData.parse(der.getData(), (byte) 0x02, false);
if (der.getData().available() > 0) {
throw new Asn1Exception(Krb5.ASN1_BAD_ID);
}
}
Example #17
| Source File: Ticket.java From openjdk-jdk8u with GNU General Public License v2.0 | 5 votes |
|
public Object clone() {
Ticket new_ticket = new Ticket();
new_ticket.sname = (PrincipalName)sname.clone();
new_ticket.encPart = (EncryptedData)encPart.clone();
new_ticket.tkt_vno = tkt_vno;
return new_ticket;
}
Example #18
| Source File: W83.java From jdk8u60 with GNU General Public License v2.0 | 5 votes |
|
public static void main(String[] args) throws Exception {
W83 x = new W83();
// Cannot use OneKDC. kinit command cannot resolve
// hostname kdc.rabbit.hole
KDC kdc = new KDC(OneKDC.REALM, "127.0.0.1", 0, true);
kdc.addPrincipal(OneKDC.USER, OneKDC.PASS);
kdc.addPrincipalRandKey("krbtgt/" + OneKDC.REALM);
KDC.saveConfig(OneKDC.KRB5_CONF, kdc);
System.setProperty("java.security.krb5.conf", OneKDC.KRB5_CONF);
Config.refresh();
kdc.writeKtab(OneKDC.KTAB);
KeyTab ktab = KeyTab.getInstance(OneKDC.KTAB);
for (int etype: EType.getBuiltInDefaults()) {
if (etype != EncryptedData.ETYPE_ARCFOUR_HMAC) {
ktab.deleteEntries(new PrincipalName(OneKDC.USER), etype, -1);
}
}
ktab.save();
if (System.getProperty("6932525") != null) {
// For 6932525 and 6951366, make sure the etypes sent in 2nd AS-REQ
// is not restricted to that of preauth
kdc.setOption(KDC.Option.ONLY_RC4_TGT, true);
}
if (System.getProperty("6959292") != null) {
// For 6959292, make sure that when etype for enc-part in 2nd AS-REQ
// is different from that of preauth, client can still decrypt it
kdc.setOption(KDC.Option.RC4_FIRST_PREAUTH, true);
}
x.go();
}
Example #19
| Source File: Ticket.java From openjdk-jdk9 with GNU General Public License v2.0 | 5 votes |
|
public Object clone() {
Ticket new_ticket = new Ticket();
new_ticket.sname = (PrincipalName)sname.clone();
new_ticket.encPart = (EncryptedData)encPart.clone();
new_ticket.tkt_vno = tkt_vno;
return new_ticket;
}
Example #20
| Source File: APRep.java From jdk8u-jdk with GNU General Public License v2.0 | 5 votes |
|
/**
* Initializes an APRep object.
* @param encoding a single DER-encoded value.
* @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
* @exception IOException if an I/O error occurs while reading encoded data.
* @exception KrbApErrException if the value read from the DER-encoded data
* stream does not match the pre-defined value.
*/
private void init(DerValue encoding) throws Asn1Exception,
KrbApErrException, IOException {
if (((encoding.getTag() & (byte) (0x1F)) != Krb5.KRB_AP_REP)
|| (encoding.isApplication() != true)
|| (encoding.isConstructed() != true)) {
throw new Asn1Exception(Krb5.ASN1_BAD_ID);
}
DerValue der = encoding.getData().getDerValue();
if (der.getTag() != DerValue.tag_Sequence) {
throw new Asn1Exception(Krb5.ASN1_BAD_ID);
}
DerValue subDer = der.getData().getDerValue();
if ((subDer.getTag() & (byte) 0x1F) != (byte) 0x00) {
throw new Asn1Exception(Krb5.ASN1_BAD_ID);
}
pvno = subDer.getData().getBigInteger().intValue();
if (pvno != Krb5.PVNO) {
throw new KrbApErrException(Krb5.KRB_AP_ERR_BADVERSION);
}
subDer = der.getData().getDerValue();
if ((subDer.getTag() & (byte) 0x1F) != (byte) 0x01) {
throw new Asn1Exception(Krb5.ASN1_BAD_ID);
}
msgType = subDer.getData().getBigInteger().intValue();
if (msgType != Krb5.KRB_AP_REP) {
throw new KrbApErrException(Krb5.KRB_AP_ERR_MSG_TYPE);
}
encPart = EncryptedData.parse(der.getData(), (byte) 0x02, false);
if (der.getData().available() > 0) {
throw new Asn1Exception(Krb5.ASN1_BAD_ID);
}
}
Example #21
| Source File: Ticket.java From hottub with GNU General Public License v2.0 | 5 votes |
|
public Ticket(
PrincipalName new_sname,
EncryptedData new_encPart
) {
tkt_vno = Krb5.TICKET_VNO;
sname = new_sname;
encPart = new_encPart;
}
Example #22
| Source File: TGSRep.java From jdk8u_jdk with GNU General Public License v2.0 | 5 votes |
|
public TGSRep(
PAData[] new_pAData,
PrincipalName new_cname,
Ticket new_ticket,
EncryptedData new_encPart
) throws IOException {
super(new_pAData, new_cname, new_ticket,
new_encPart, Krb5.KRB_TGS_REP);
}
Example #23
| Source File: APRep.java From jdk8u_jdk with GNU General Public License v2.0 | 5 votes |
|
/**
* Initializes an APRep object.
* @param encoding a single DER-encoded value.
* @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
* @exception IOException if an I/O error occurs while reading encoded data.
* @exception KrbApErrException if the value read from the DER-encoded data
* stream does not match the pre-defined value.
*/
private void init(DerValue encoding) throws Asn1Exception,
KrbApErrException, IOException {
if (((encoding.getTag() & (byte) (0x1F)) != Krb5.KRB_AP_REP)
|| (encoding.isApplication() != true)
|| (encoding.isConstructed() != true)) {
throw new Asn1Exception(Krb5.ASN1_BAD_ID);
}
DerValue der = encoding.getData().getDerValue();
if (der.getTag() != DerValue.tag_Sequence) {
throw new Asn1Exception(Krb5.ASN1_BAD_ID);
}
DerValue subDer = der.getData().getDerValue();
if ((subDer.getTag() & (byte) 0x1F) != (byte) 0x00) {
throw new Asn1Exception(Krb5.ASN1_BAD_ID);
}
pvno = subDer.getData().getBigInteger().intValue();
if (pvno != Krb5.PVNO) {
throw new KrbApErrException(Krb5.KRB_AP_ERR_BADVERSION);
}
subDer = der.getData().getDerValue();
if ((subDer.getTag() & (byte) 0x1F) != (byte) 0x01) {
throw new Asn1Exception(Krb5.ASN1_BAD_ID);
}
msgType = subDer.getData().getBigInteger().intValue();
if (msgType != Krb5.KRB_AP_REP) {
throw new KrbApErrException(Krb5.KRB_AP_ERR_MSG_TYPE);
}
encPart = EncryptedData.parse(der.getData(), (byte) 0x02, false);
if (der.getData().available() > 0) {
throw new Asn1Exception(Krb5.ASN1_BAD_ID);
}
}
Example #24
| Source File: Ticket.java From TencentKona-8 with GNU General Public License v2.0 | 5 votes |
|
public Ticket(
PrincipalName new_sname,
EncryptedData new_encPart
) {
tkt_vno = Krb5.TICKET_VNO;
sname = new_sname;
encPart = new_encPart;
}
Example #25
| Source File: KeyImpl.java From TencentKona-8 with GNU General Public License v2.0 | 5 votes |
|
private String getAlgorithmName(int eType) {
if (destroyed)
throw new IllegalStateException("This key is no longer valid");
switch (eType) {
case EncryptedData.ETYPE_DES_CBC_CRC:
case EncryptedData.ETYPE_DES_CBC_MD5:
return "DES";
case EncryptedData.ETYPE_DES3_CBC_HMAC_SHA1_KD:
return "DESede";
case EncryptedData.ETYPE_ARCFOUR_HMAC:
return "ArcFourHmac";
case EncryptedData.ETYPE_AES128_CTS_HMAC_SHA1_96:
return "AES128";
case EncryptedData.ETYPE_AES256_CTS_HMAC_SHA1_96:
return "AES256";
case EncryptedData.ETYPE_NULL:
return "NULL";
default:
throw new IllegalArgumentException(
"Unsupported encryption type: " + eType);
}
}
Example #26
| Source File: KRBPriv.java From jdk8u_jdk with GNU General Public License v2.0 | 5 votes |
|
/**
* Initializes an KRBPriv object.
* @param encoding a single DER-encoded value.
* @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
* @exception IOException if an I/O error occurs while reading encoded data.
* @exception KrbApErrException if the value read from the DER-encoded data
* stream does not match the pre-defined value.
*/
private void init(DerValue encoding) throws Asn1Exception,
KrbApErrException, IOException {
DerValue der, subDer;
if (((encoding.getTag() & (byte)0x1F) != (byte)0x15)
|| (encoding.isApplication() != true)
|| (encoding.isConstructed() != true))
throw new Asn1Exception(Krb5.ASN1_BAD_ID);
der = encoding.getData().getDerValue();
if (der.getTag() != DerValue.tag_Sequence)
throw new Asn1Exception(Krb5.ASN1_BAD_ID);
subDer = der.getData().getDerValue();
if ((subDer.getTag() & 0x1F) == 0x00) {
pvno = subDer.getData().getBigInteger().intValue();
if (pvno != Krb5.PVNO) {
throw new KrbApErrException(Krb5.KRB_AP_ERR_BADVERSION);
}
}
else
throw new Asn1Exception(Krb5.ASN1_BAD_ID);
subDer = der.getData().getDerValue();
if ((subDer.getTag() & 0x1F) == 0x01) {
msgType = subDer.getData().getBigInteger().intValue();
if (msgType != Krb5.KRB_PRIV)
throw new KrbApErrException(Krb5.KRB_AP_ERR_MSG_TYPE);
}
else
throw new Asn1Exception(Krb5.ASN1_BAD_ID);
encPart = EncryptedData.parse(der.getData(), (byte)0x03, false);
if (der.getData().available() >0)
throw new Asn1Exception(Krb5.ASN1_BAD_ID);
}
Example #27
| Source File: KeyImpl.java From jdk8u_jdk with GNU General Public License v2.0 | 5 votes |
|
private String getAlgorithmName(int eType) {
if (destroyed)
throw new IllegalStateException("This key is no longer valid");
switch (eType) {
case EncryptedData.ETYPE_DES_CBC_CRC:
case EncryptedData.ETYPE_DES_CBC_MD5:
return "DES";
case EncryptedData.ETYPE_DES3_CBC_HMAC_SHA1_KD:
return "DESede";
case EncryptedData.ETYPE_ARCFOUR_HMAC:
return "ArcFourHmac";
case EncryptedData.ETYPE_AES128_CTS_HMAC_SHA1_96:
return "AES128";
case EncryptedData.ETYPE_AES256_CTS_HMAC_SHA1_96:
return "AES256";
case EncryptedData.ETYPE_NULL:
return "NULL";
default:
throw new IllegalArgumentException(
"Unsupported encryption type: " + eType);
}
}
Example #28
| Source File: KRBPriv.java From jdk8u60 with GNU General Public License v2.0 | 5 votes |
|
/**
* Initializes an KRBPriv object.
* @param encoding a single DER-encoded value.
* @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
* @exception IOException if an I/O error occurs while reading encoded data.
* @exception KrbApErrException if the value read from the DER-encoded data
* stream does not match the pre-defined value.
*/
private void init(DerValue encoding) throws Asn1Exception,
KrbApErrException, IOException {
DerValue der, subDer;
if (((encoding.getTag() & (byte)0x1F) != (byte)0x15)
|| (encoding.isApplication() != true)
|| (encoding.isConstructed() != true))
throw new Asn1Exception(Krb5.ASN1_BAD_ID);
der = encoding.getData().getDerValue();
if (der.getTag() != DerValue.tag_Sequence)
throw new Asn1Exception(Krb5.ASN1_BAD_ID);
subDer = der.getData().getDerValue();
if ((subDer.getTag() & 0x1F) == 0x00) {
pvno = subDer.getData().getBigInteger().intValue();
if (pvno != Krb5.PVNO) {
throw new KrbApErrException(Krb5.KRB_AP_ERR_BADVERSION);
}
}
else
throw new Asn1Exception(Krb5.ASN1_BAD_ID);
subDer = der.getData().getDerValue();
if ((subDer.getTag() & 0x1F) == 0x01) {
msgType = subDer.getData().getBigInteger().intValue();
if (msgType != Krb5.KRB_PRIV)
throw new KrbApErrException(Krb5.KRB_AP_ERR_MSG_TYPE);
}
else
throw new Asn1Exception(Krb5.ASN1_BAD_ID);
encPart = EncryptedData.parse(der.getData(), (byte)0x03, false);
if (der.getData().available() >0)
throw new Asn1Exception(Krb5.ASN1_BAD_ID);
}
Example #29
| Source File: KeyImpl.java From Java8CN with Apache License 2.0 | 5 votes |
|
private String getAlgorithmName(int eType) {
if (destroyed)
throw new IllegalStateException("This key is no longer valid");
switch (eType) {
case EncryptedData.ETYPE_DES_CBC_CRC:
case EncryptedData.ETYPE_DES_CBC_MD5:
return "DES";
case EncryptedData.ETYPE_DES3_CBC_HMAC_SHA1_KD:
return "DESede";
case EncryptedData.ETYPE_ARCFOUR_HMAC:
return "ArcFourHmac";
case EncryptedData.ETYPE_AES128_CTS_HMAC_SHA1_96:
return "AES128";
case EncryptedData.ETYPE_AES256_CTS_HMAC_SHA1_96:
return "AES256";
case EncryptedData.ETYPE_NULL:
return "NULL";
default:
throw new IllegalArgumentException(
"Unsupported encryption type: " + eType);
}
}
Example #30
| Source File: W83.java From openjdk-jdk9 with GNU General Public License v2.0 | 5 votes |
|
public static void main(String[] args) throws Exception {
W83 x = new W83();
// Cannot use OneKDC. kinit command cannot resolve
// hostname kdc.rabbit.hole
KDC kdc = new KDC(OneKDC.REALM, "127.0.0.1", 0, true);
kdc.addPrincipal(OneKDC.USER, OneKDC.PASS);
kdc.addPrincipalRandKey("krbtgt/" + OneKDC.REALM);
KDC.saveConfig(OneKDC.KRB5_CONF, kdc);
System.setProperty("java.security.krb5.conf", OneKDC.KRB5_CONF);
Config.refresh();
kdc.writeKtab(OneKDC.KTAB);
KeyTab ktab = KeyTab.getInstance(OneKDC.KTAB);
for (int etype: EType.getBuiltInDefaults()) {
if (etype != EncryptedData.ETYPE_ARCFOUR_HMAC) {
ktab.deleteEntries(new PrincipalName(OneKDC.USER), etype, -1);
}
}
ktab.save();
if (System.getProperty("6932525") != null) {
// For 6932525 and 6951366, make sure the etypes sent in 2nd AS-REQ
// is not restricted to that of preauth
kdc.setOption(KDC.Option.ONLY_RC4_TGT, true);
}
if (System.getProperty("6959292") != null) {
// For 6959292, make sure that when etype for enc-part in 2nd AS-REQ
// is different from that of preauth, client can still decrypt it
kdc.setOption(KDC.Option.RC4_FIRST_PREAUTH, true);
}
x.go();
}
