Home Explore Help
Sign In
Botnet_Research
/
hostage
5
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: d4a371c9b4
Branches Tags
hostage
/
src
/
javax
/
security
/
auth
/
kerberos
/
KerberosTicket.java

KerberosTicket.java 12 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374 
  1. /*
    2. 

  2.  *  Licensed to the Apache Software Foundation (ASF) under one or more
    3. 

  3.  *  contributor license agreements.  See the NOTICE file distributed with
    4. 

  4.  *  this work for additional information regarding copyright ownership.
    5. 

  5.  *  The ASF licenses this file to You under the Apache License, Version 2.0
    6. 

  6.  *  (the "License"); you may not use this file except in compliance with
    7. 

  7.  *  the License.  You may obtain a copy of the License at
    8. 

  8.  *
    9. 

  9.  *     http://www.apache.org/licenses/LICENSE-2.0
    10. 

  10.  *
    11. 

  11.  *  Unless required by applicable law or agreed to in writing, software
    12. 

  12.  *  distributed under the License is distributed on an "AS IS" BASIS,
    13. 

  13.  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    14. 

  14.  *  See the License for the specific language governing permissions and
    15. 

  15.  *  limitations under the License.
    16. 

  16.  */
    17. 

  17. 

  18. package javax.security.auth.kerberos;
    19. 

  19. 

  20. import java.io.Serializable;
    21. 

  21. import java.net.InetAddress;
    22. 

  22. import java.util.Arrays;
    23. 

  23. import java.util.Date;
    24. 

  24. 

  25. import javax.crypto.SecretKey;
    26. 

  26. import javax.security.auth.DestroyFailedException;
    27. 

  27. import javax.security.auth.Destroyable;
    28. 

  28. import javax.security.auth.RefreshFailedException;
    29. 

  29. import javax.security.auth.Refreshable;
    30. 

  30. 

  31. import org.apache.harmony.auth.internal.kerberos.v5.KerberosException;
    32. 

  32. import org.apache.harmony.auth.internal.kerberos.v5.KrbClient;
    33. 

  33. import org.apache.harmony.auth.internal.nls.Messages;
    34. 

  34. import org.apache.harmony.security.utils.Array;
    35. 

  35. 

  36. public class KerberosTicket implements Destroyable, Refreshable, Serializable {
    37. 

  37. 

  38.     private static final long serialVersionUID = 7395334370157380539L;
    39. 

  39. 

  40.     // The description of these flags defines in the Kerberos Protocol Specification (RFC 1510).
    41. 

  41. 

  42.     // FORWARDABLE flag 
    43. 

  43.     private static final int FORWARDABLE = 1;
    44. 

  44. 

  45.     // FORWARDED flag
    46. 

  46.     private static final int FORWARDED = 2;
    47. 

  47. 

  48.     // PROXIABLE flag
    49. 

  49.     private static final int PROXIABLE = 3;
    50. 

  50. 

  51.     // PROXY flag
    52. 

  52.     private static final int PROXY = 4;
    53. 

  53. 

  54.     // POSTDATED flag
    55. 

  55.     private static final int POSTDATED = 6;
    56. 

  56. 

  57.     // RENEWABLE flag
    58. 

  58.     private static final int RENEWABLE = 8;
    59. 

  59. 

  60.     // INITIAL flag
    61. 

  61.     private static final int INITIAL = 9;
    62. 

  62. 

  63.     // number of flags used by Kerberos protocol
    64. 

  64.     private static final int FLAGS_NUM = 32;
    65. 

  65. 

  66.     // line feed 
    67. 

  67.     private static final String LF = "\n"; //$NON-NLS-1$
    68. 

  68. 

  69.     //ASN.1 encoding of the ticket
    70. 

  70.     private byte[] asn1Encoding;
    71. 

  71. 

  72.     //raw bytes for the session key
    73. 

  73.     private KeyImpl sessionKey;
    74. 

  74. 

  75.     //ticket flags
    76. 

  76.     private boolean[] flags;
    77. 

  77. 

  78.     //time of initial authentication for the client
    79. 

  79.     private Date authTime;
    80. 

  80. 

  81.     //time after which the ticket will be valid
    82. 

  82.     private Date startTime;
    83. 

  83. 

  84.     // time after which the ticket will be invalid
    85. 

  85.     private Date endTime;
    86. 

  86. 

  87.     // expiration time for the ticket
    88. 

  88.     private Date renewTill;
    89. 

  89. 

  90.     // client that owns this ticket
    91. 

  91.     private KerberosPrincipal client;
    92. 

  92. 

  93.     //service that owns this ticket
    94. 

  94.     private KerberosPrincipal server;
    95. 

  95. 

  96.     //addresses from where the ticket may be used by the client
    97. 

  97.     private InetAddress[] clientAddresses;
    98. 

  98. 

  99.     // indicates the ticket state
    100. 

  100.     private transient boolean destroyed;
    101. 

  101. 

  102.     public KerberosTicket(byte[] asn1Encoding, KerberosPrincipal client,
    103. 

  103.             KerberosPrincipal server, byte[] keyBytes, int keyType, boolean[] flags,
    104. 

  104.             Date authTime, Date startTime, Date endTime, Date renewTill,
    105. 

  105.             InetAddress[] clientAddresses) {
    106. 

  106. 

  107.         if (asn1Encoding == null) {
    108. 

  108.             throw new IllegalArgumentException(Messages.getString("auth.3B")); //$NON-NLS-1$
    109. 

  109.         }
    110. 

  110.         if (client == null) {
    111. 

  111.             throw new IllegalArgumentException(Messages.getString("auth.3C")); //$NON-NLS-1$
    112. 

  112.         }
    113. 

  113. 

  114.         if (server == null) {
    115. 

  115.             throw new IllegalArgumentException(Messages.getString("auth.3D")); //$NON-NLS-1$
    116. 

  116.         }
    117. 

  117. 

  118.         if (keyBytes == null) {
    119. 

  119.             throw new IllegalArgumentException(Messages.getString("auth.3E")); //$NON-NLS-1$
    120. 

  120.         }
    121. 

  121. 

  122.         if (authTime == null) {
    123. 

  123.             throw new IllegalArgumentException(Messages.getString("auth.3F")); //$NON-NLS-1$
    124. 

  124.         }
    125. 

  125. 

  126.         if (endTime == null) {
    127. 

  127.             throw new IllegalArgumentException(Messages.getString("auth.40")); //$NON-NLS-1$
    128. 

  128.         }
    129. 

  129. 

  130.         this.asn1Encoding = new byte[asn1Encoding.length];
    131. 

  131.         System.arraycopy(asn1Encoding, 0, this.asn1Encoding, 0, this.asn1Encoding.length);
    132. 

  132. 

  133.         this.client = client;
    134. 

  134.         this.server = server;
    135. 

  135.         this.sessionKey = new KeyImpl(keyBytes, keyType);
    136. 

  136. 

  137.         if (flags == null) {
    138. 

  138.             this.flags = new boolean[FLAGS_NUM];
    139. 

  139.         } else if (flags.length > FLAGS_NUM) {
    140. 

  140.             this.flags = new boolean[flags.length];
    141. 

  141.             System.arraycopy(flags, 0, this.flags, 0, this.flags.length);
    142. 

  142.         } else {
    143. 

  143.             this.flags = new boolean[FLAGS_NUM];
    144. 

  144.             System.arraycopy(flags, 0, this.flags, 0, flags.length);
    145. 

  145.         }
    146. 

  146. 

  147.         if (this.flags[RENEWABLE] && renewTill == null) {
    148. 

  148.             throw new IllegalArgumentException(Messages.getString("auth.41")); //$NON-NLS-1$
    149. 

  149.         }
    150. 

  150. 

  151.         this.renewTill = renewTill;
    152. 

  152. 

  153.         if (startTime != null) {
    154. 

  154.             this.startTime = startTime;
    155. 

  155.         } else {
    156. 

  156.             this.startTime = authTime;
    157. 

  157.         }
    158. 

  158. 

  159.         if (this.startTime.getTime() > endTime.getTime()) {
    160. 

  160.             // TODO: make correct description of the exception  
    161. 

  161.             throw new IllegalArgumentException(Messages.getString("auth.42")); //$NON-NLS-1$
    162. 

  162.         }
    163. 

  163. 

  164.         this.authTime = authTime;
    165. 

  165.         this.endTime = endTime;
    166. 

  166. 

  167.         if (clientAddresses != null) {
    168. 

  168.             this.clientAddresses = new InetAddress[clientAddresses.length];
    169. 

  169.             System.arraycopy(clientAddresses, 0, this.clientAddresses, 0,
    170. 

  170.                     this.clientAddresses.length);
    171. 

  171.         }
    172. 

  172. 

  173.     }
    174. 

  174. 

  175.     public final KerberosPrincipal getClient() {
    176. 

  176.         return client;
    177. 

  177.     }
    178. 

  178. 

  179.     public final KerberosPrincipal getServer() {
    180. 

  180.         return server;
    181. 

  181.     }
    182. 

  182. 

  183.     public final SecretKey getSessionKey() {
    184. 

  184.         checkState();
    185. 

  185.         return sessionKey;
    186. 

  186.     }
    187. 

  187. 

  188.     public final int getSessionKeyType() {
    189. 

  189.         checkState();
    190. 

  190.         return sessionKey.getKeyType();
    191. 

  191.     }
    192. 

  192. 

  193.     public final byte[] getEncoded() {
    194. 

  194.         checkState();
    195. 

  195.         byte[] tmp = new byte[this.asn1Encoding.length];
    196. 

  196.         System.arraycopy(this.asn1Encoding, 0, tmp, 0, tmp.length);
    197. 

  197.         return tmp;
    198. 

  198.     }
    199. 

  199. 

  200.     public final boolean isForwardable() {
    201. 

  201.         checkState();
    202. 

  202.         return flags[FORWARDABLE];
    203. 

  203.     }
    204. 

  204. 

  205.     public final boolean isForwarded() {
    206. 

  206.         checkState();
    207. 

  207.         //TODO: was based on authentication involving a forwarded TGT ?
    208. 

  208.         return flags[FORWARDED];
    209. 

  209.     }
    210. 

  210. 

  211.     public final boolean isProxiable() {
    212. 

  212.         checkState();
    213. 

  213.         return flags[PROXIABLE];
    214. 

  214.     }
    215. 

  215. 

  216.     public final boolean isProxy() {
    217. 

  217.         checkState();
    218. 

  218.         return flags[PROXY];
    219. 

  219.     }
    220. 

  220. 

  221.     public final boolean isPostdated() {
    222. 

  222.         checkState();
    223. 

  223.         return flags[POSTDATED];
    224. 

  224.     }
    225. 

  225. 

  226.     public final boolean isRenewable() {
    227. 

  227.         checkState();
    228. 

  228.         return flags[RENEWABLE];
    229. 

  229.     }
    230. 

  230. 

  231.     public final boolean isInitial() {
    232. 

  232.         checkState();
    233. 

  233.         return flags[INITIAL];
    234. 

  234.     }
    235. 

  235. 

  236.     public final boolean[] getFlags() {
    237. 

  237.         if (destroyed) {
    238. 

  238.             return null;
    239. 

  239.         }
    240. 

  240.         boolean[] tmp = new boolean[flags.length];
    241. 

  241.         System.arraycopy(flags, 0, tmp, 0, tmp.length);
    242. 

  242.         return tmp;
    243. 

  243. 

  244.     }
    245. 

  245. 

  246.     public final Date getAuthTime() {
    247. 

  247.         if (destroyed) {
    248. 

  248.             return null;
    249. 

  249.         }
    250. 

  250.         return new Date(authTime.getTime());
    251. 

  251.     }
    252. 

  252. 

  253.     public final Date getStartTime() {
    254. 

  254.         checkState();
    255. 

  255.         return new Date(startTime.getTime());
    256. 

  256.     }
    257. 

  257. 

  258.     public final Date getEndTime() {
    259. 

  259.         if (destroyed) {
    260. 

  260.             return null;
    261. 

  261.         }
    262. 

  262.         return new Date(endTime.getTime());
    263. 

  263.     }
    264. 

  264. 

  265.     public final Date getRenewTill() {
    266. 

  266.         if (destroyed) {
    267. 

  267.             return null;
    268. 

  268.         }
    269. 

  269.         return renewTill;
    270. 

  270.     }
    271. 

  271. 

  272.     public final InetAddress[] getClientAddresses() {
    273. 

  273.         if (this.clientAddresses != null) {
    274. 

  274.             InetAddress[] tmp = new InetAddress[this.clientAddresses.length];
    275. 

  275.             System.arraycopy(clientAddresses, 0, tmp, 0, tmp.length);
    276. 

  276.             return tmp;
    277. 

  277.         }
    278. 

  278.         return null;
    279. 

  279.     }
    280. 

  280. 

  281.     public void destroy() throws DestroyFailedException {
    282. 

  282.         if (destroyed) {
    283. 

  283.             return;
    284. 

  284.         }
    285. 

  285.         Arrays.fill(this.asn1Encoding, (byte) 0);
    286. 

  286.         this.client = null;
    287. 

  287.         this.server = null;
    288. 

  288.         this.sessionKey.destroy();
    289. 

  289.         this.flags = null;
    290. 

  290.         this.authTime = null;
    291. 

  291.         this.startTime = null;
    292. 

  292.         this.endTime = null;
    293. 

  293.         this.renewTill = null;
    294. 

  294.         this.clientAddresses = null;
    295. 

  295.         destroyed = true;
    296. 

  296.     }
    297. 

  297. 

  298.     public boolean isDestroyed() {
    299. 

  299.         return destroyed;
    300. 

  300.     }
    301. 

  301. 

  302.     public void refresh() throws RefreshFailedException {
    303. 

  303. 

  304.         checkState();
    305. 

  305. 

  306.         if (!flags[RENEWABLE]) {
    307. 

  307.             throw new RefreshFailedException(Messages.getString("auth.44")); //$NON-NLS-1$
    308. 

  308.         }
    309. 

  309. 

  310.         if (System.currentTimeMillis() > this.renewTill.getTime()) {
    311. 

  311.             throw new RefreshFailedException(Messages.getString("auth.45")); //$NON-NLS-1$
    312. 

  312.         }
    313. 

  313. 

  314.         try {
    315. 

  315.             KrbClient.doTGS();
    316. 

  316.         } catch (KerberosException e) {
    317. 

  317.             throw new RefreshFailedException(e.getMessage());
    318. 

  318.         }
    319. 

  319.     }
    320. 

  320. 

  321.     public boolean isCurrent() {
    322. 

  322.         checkState();
    323. 

  323.         if (this.getStartTime().getTime() <= System.currentTimeMillis()
    324. 

  324.                 && System.currentTimeMillis() <= this.getEndTime().getTime()) {
    325. 

  325.             return true;
    326. 

  326.         }
    327. 

  327.         return false;
    328. 

  328.     }
    329. 

  329. 

  330.     @Override
    331. 

  331.     public String toString() {
    332. 

  332.         checkState();
    333. 

  333.         StringBuilder sb = new StringBuilder();
    334. 

  334.         sb.append("Ticket = ").append(Array.toString(asn1Encoding, "(hex) ") + LF); //$NON-NLS-1$ //$NON-NLS-2$
    335. 

  335.         sb.append("Client Principal = ").append(client.getName() + LF); //$NON-NLS-1$
    336. 

  336.         sb.append("Server Principal = ").append(server.getName() + LF); //$NON-NLS-1$
    337. 

  337.         //TODO: append session key
    338. 

  338.         sb.append("Session Key = ").append(sessionKey.toString() + LF); //$NON-NLS-1$
    339. 

  339.         sb.append("Forwardable Ticket = ").append(flags[FORWARDABLE] + LF); //$NON-NLS-1$
    340. 

  340.         sb.append("Forwarded Ticket = ").append(flags[FORWARDED] + LF); //$NON-NLS-1$
    341. 

  341.         sb.append("Proxiable Ticket = ").append(flags[PROXIABLE] + LF); //$NON-NLS-1$
    342. 

  342.         sb.append("Proxy Ticket = ").append(flags[PROXY] + LF); //$NON-NLS-1$
    343. 

  343.         sb.append("Postdated Ticket = ").append(flags[POSTDATED] + LF); //$NON-NLS-1$
    344. 

  344.         sb.append("Renewable Ticket = ").append(flags[RENEWABLE] + LF); //$NON-NLS-1$
    345. 

  345.         sb.append("Initial Ticket = ").append(flags[INITIAL] + LF); //$NON-NLS-1$
    346. 

  346.         sb.append("Auth Time = ").append(this.authTime.toString() + LF); //$NON-NLS-1$
    347. 

  347.         sb.append("Start Time = ").append(this.startTime.toString() + LF); //$NON-NLS-1$
    348. 

  348.         sb.append("End Time = ").append(this.endTime.toString() + LF); //$NON-NLS-1$
    349. 

  349.         sb.append("Renew Till = ").append(this.renewTill.toString() + LF); //$NON-NLS-1$
    350. 

  350.         sb.append("Client Addresses "); //$NON-NLS-1$
    351. 

  351.         if (clientAddresses != null) {
    352. 

  352.             for (int i = 0; i < clientAddresses.length; i++) {
    353. 

  353.                 if (clientAddresses[i] == null) {
    354. 

  354.                     throw new NullPointerException(Messages.getString("auth.46")); //$NON-NLS-1$
    355. 

  355.                 }
    356. 

  356.                 sb
    357. 

  357.                         .append("clientAddresses[" + i + "] = ").append(clientAddresses[i].toString() + LF + "\t\t"); //$NON-NLS-1$ //$NON-NLS-2$ //$NON-NLS-3$
    358. 

  358.             }
    359. 

  359.         } else {
    360. 

  360.             sb.append("null"); //$NON-NLS-1$
    361. 

  361.         }
    362. 

  362. 

  363.         return sb.toString();
    364. 

  364.     }
    365. 

  365. 

  366.     /** 
    367. 

  367.      * if a key is destroyed then IllegalStateException must be thrown 
    368. 

  368.      */
    369. 

  369.     private void checkState() {
    370. 

  370.         if (destroyed) {
    371. 

  371.             throw new IllegalStateException(Messages.getString("auth.43")); //$NON-NLS-1$
    372. 

  372.         }
    373. 

  373.     }
    374. 

  374. }
    375.