kerby-kerb/kerb-util/src/main/java/org/apache/kerby/kerberos/kerb/ccache/Credential.java - directory-kerby - Git at Google

 /**
  *  Licensed to the Apache Software Foundation (ASF) under one
  *  or more contributor license agreements.  See the NOTICE file
  *  distributed with this work for additional information
  *  regarding copyright ownership.  The ASF licenses this file
  *  to you under the Apache License, Version 2.0 (the
  *  "License"); you may not use this file except in compliance
  *  with the License.  You may obtain a copy of the License at
  *
  *    http://www.apache.org/licenses/LICENSE-2.0
  *
  *  Unless required by applicable law or agreed to in writing,
  *  software distributed under the License is distributed on an
  *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  *  KIND, either express or implied.  See the License for the
  *  specific language governing permissions and limitations
  *  under the License.
  *
  */
 package org.apache.kerby.kerberos.kerb.ccache;

 import org.apache.kerby.kerberos.kerb.type.KerberosTime;
 import org.apache.kerby.kerberos.kerb.type.ad.AuthorizationData;
 import org.apache.kerby.kerberos.kerb.type.base.EncryptionKey;
 import org.apache.kerby.kerberos.kerb.type.base.HostAddresses;
 import org.apache.kerby.kerberos.kerb.type.base.PrincipalName;
 import org.apache.kerby.kerberos.kerb.type.kdc.EncKdcRepPart;
 import org.apache.kerby.kerberos.kerb.type.ticket.KrbTicket;
 import org.apache.kerby.kerberos.kerb.type.ticket.TgtTicket;
 import org.apache.kerby.kerberos.kerb.type.ticket.Ticket;
 import org.apache.kerby.kerberos.kerb.type.ticket.TicketFlags;

 import java.io.IOException;

 public class Credential {
     private static final String CONF_REALM = "X-CACHECONF:";

     private PrincipalName clientName;
     private String clientRealm;
     private PrincipalName serverName;
     private String serverRealm;
     private EncryptionKey key;
     private KerberosTime authTime;
     private KerberosTime startTime;
     private KerberosTime endTime;
     private KerberosTime renewTill;
     private HostAddresses clientAddresses;
     private AuthorizationData authzData;
     private boolean isEncInSKey;
     private TicketFlags ticketFlags;
     private Ticket ticket;
     private Ticket secondTicket;

     public Credential() {

     }

     public Credential(TgtTicket tgt) {
         PrincipalName clientPrincipal = tgt.getClientPrincipal();

         clientPrincipal.setRealm(tgt.getRealm());

         init(tgt, clientPrincipal);
     }

     public Credential(KrbTicket tkt, PrincipalName clientPrincipal) {
         init(tkt, clientPrincipal);
     }

     private void init(KrbTicket tkt, PrincipalName clientPrincipal) {
         EncKdcRepPart kdcRepPart = tkt.getEncKdcRepPart();

         this.serverName = kdcRepPart.getSname();
         this.serverRealm = kdcRepPart.getSrealm();
         this.serverName.setRealm(serverRealm);

         this.clientName = clientPrincipal;

         this.key = kdcRepPart.getKey();
         this.authTime = kdcRepPart.getAuthTime();
         this.startTime = kdcRepPart.getStartTime();
         this.endTime = kdcRepPart.getEndTime();

         this.renewTill = kdcRepPart.getRenewTill();

         this.ticketFlags = kdcRepPart.getFlags();
         this.clientAddresses = kdcRepPart.getCaddr();

         this.ticket = tkt.getTicket();

         this.clientRealm = kdcRepPart.getSrealm();

         this.isEncInSKey = false;

         this.secondTicket = null;
     }

     public PrincipalName getServicePrincipal() {
         return serverName;
     }

     public KerberosTime getAuthTime() {
         return authTime;
     }

     public KerberosTime getEndTime() {
         return endTime;
     }

     public int getEType() {
         return key.getKeyType().getValue();
     }

     public PrincipalName getClientName() {
         return clientName;
     }

     public PrincipalName getServerName() {
         return serverName;
     }

     public String getClientRealm() {
         return clientRealm;
     }

     public EncryptionKey getKey() {
         return key;
     }

     public KerberosTime getStartTime() {
         return startTime;
     }

     public KerberosTime getRenewTill() {
         return renewTill;
     }

     public HostAddresses getClientAddresses() {
         return clientAddresses;
     }

     public AuthorizationData getAuthzData() {
         return authzData;
     }

     public boolean isEncInSKey() {
         return isEncInSKey;
     }

     public TicketFlags getTicketFlags() {
         return ticketFlags;
     }

     public Ticket getTicket() {
         return ticket;
     }

     public Ticket getSecondTicket() {
         return secondTicket;
     }

     public void load(CredCacheInputStream ccis, int version) throws IOException {
         this.clientName = ccis.readPrincipal(version);
         if (clientName == null) {
             throw new IOException("Invalid client principal name");
         }

         this.serverName = ccis.readPrincipal(version);
         if (serverName == null) {
             throw new IOException("Invalid server principal name");
         }

         boolean isConfEntry = false;

         if (serverName.getRealm().equals(CONF_REALM)) {
             isConfEntry = true;
         }
         this.key = ccis.readKey(version);

         KerberosTime[] times = ccis.readTimes();
         this.authTime = times[0];
         this.startTime = times[1];
         this.endTime = times[2];
         this.renewTill = times[3];

         this.isEncInSKey = ccis.readIsSkey();

         this.ticketFlags = ccis.readTicketFlags();

         this.clientAddresses = ccis.readAddr();

         this.authzData = ccis.readAuthzData();

         if (isConfEntry) {
             byte[] confData = ccis.readCountedOctets();
             // ignoring confData for now
         } else {
             this.ticket = ccis.readTicket();
         }

         this.secondTicket = ccis.readTicket();

         // might skip krb5_ccache_conf_data/fast_avail/krbtgt/REALM@REALM in MIT KRB5
     }

     public void store(CredCacheOutputStream ccos, int version) throws IOException {
         ccos.writePrincipal(clientName, version);
         ccos.writePrincipal(serverName, version);
         ccos.writeKey(key, version);

         ccos.writeTimes(new KerberosTime[]{authTime, startTime, endTime, renewTill});

         ccos.writeIsSkey(isEncInSKey);

         ccos.writeTicketFlags(ticketFlags);

         ccos.writeAddresses(clientAddresses);

         ccos.writeAuthzData(authzData);

         ccos.writeTicket(ticket);

         ccos.writeTicket(secondTicket);
     }
 }
	/**
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*
	*/
	package org.apache.kerby.kerberos.kerb.ccache;

	import org.apache.kerby.kerberos.kerb.type.KerberosTime;
	import org.apache.kerby.kerberos.kerb.type.ad.AuthorizationData;
	import org.apache.kerby.kerberos.kerb.type.base.EncryptionKey;
	import org.apache.kerby.kerberos.kerb.type.base.HostAddresses;
	import org.apache.kerby.kerberos.kerb.type.base.PrincipalName;
	import org.apache.kerby.kerberos.kerb.type.kdc.EncKdcRepPart;
	import org.apache.kerby.kerberos.kerb.type.ticket.KrbTicket;
	import org.apache.kerby.kerberos.kerb.type.ticket.TgtTicket;
	import org.apache.kerby.kerberos.kerb.type.ticket.Ticket;
	import org.apache.kerby.kerberos.kerb.type.ticket.TicketFlags;

	import java.io.IOException;

	public class Credential {
	private static final String CONF_REALM = "X-CACHECONF:";

	private PrincipalName clientName;
	private String clientRealm;
	private PrincipalName serverName;
	private String serverRealm;
	private EncryptionKey key;
	private KerberosTime authTime;
	private KerberosTime startTime;
	private KerberosTime endTime;
	private KerberosTime renewTill;
	private HostAddresses clientAddresses;
	private AuthorizationData authzData;
	private boolean isEncInSKey;
	private TicketFlags ticketFlags;
	private Ticket ticket;
	private Ticket secondTicket;

	public Credential() {

	}

	public Credential(TgtTicket tgt) {
	PrincipalName clientPrincipal = tgt.getClientPrincipal();

	clientPrincipal.setRealm(tgt.getRealm());

	init(tgt, clientPrincipal);
	}

	public Credential(KrbTicket tkt, PrincipalName clientPrincipal) {
	init(tkt, clientPrincipal);
	}

	private void init(KrbTicket tkt, PrincipalName clientPrincipal) {
	EncKdcRepPart kdcRepPart = tkt.getEncKdcRepPart();

	this.serverName = kdcRepPart.getSname();
	this.serverRealm = kdcRepPart.getSrealm();
	this.serverName.setRealm(serverRealm);

	this.clientName = clientPrincipal;

	this.key = kdcRepPart.getKey();
	this.authTime = kdcRepPart.getAuthTime();
	this.startTime = kdcRepPart.getStartTime();
	this.endTime = kdcRepPart.getEndTime();

	this.renewTill = kdcRepPart.getRenewTill();

	this.ticketFlags = kdcRepPart.getFlags();
	this.clientAddresses = kdcRepPart.getCaddr();

	this.ticket = tkt.getTicket();

	this.clientRealm = kdcRepPart.getSrealm();

	this.isEncInSKey = false;

	this.secondTicket = null;
	}

	public PrincipalName getServicePrincipal() {
	return serverName;
	}

	public KerberosTime getAuthTime() {
	return authTime;
	}

	public KerberosTime getEndTime() {
	return endTime;
	}

	public int getEType() {
	return key.getKeyType().getValue();
	}

	public PrincipalName getClientName() {
	return clientName;
	}

	public PrincipalName getServerName() {
	return serverName;
	}

	public String getClientRealm() {
	return clientRealm;
	}

	public EncryptionKey getKey() {
	return key;
	}

	public KerberosTime getStartTime() {
	return startTime;
	}

	public KerberosTime getRenewTill() {
	return renewTill;
	}

	public HostAddresses getClientAddresses() {
	return clientAddresses;
	}

	public AuthorizationData getAuthzData() {
	return authzData;
	}

	public boolean isEncInSKey() {
	return isEncInSKey;
	}

	public TicketFlags getTicketFlags() {
	return ticketFlags;
	}

	public Ticket getTicket() {
	return ticket;
	}

	public Ticket getSecondTicket() {
	return secondTicket;
	}

	public void load(CredCacheInputStream ccis, int version) throws IOException {
	this.clientName = ccis.readPrincipal(version);
	if (clientName == null) {
	throw new IOException("Invalid client principal name");
	}

	this.serverName = ccis.readPrincipal(version);
	if (serverName == null) {
	throw new IOException("Invalid server principal name");
	}

	boolean isConfEntry = false;

	if (serverName.getRealm().equals(CONF_REALM)) {
	isConfEntry = true;
	}
	this.key = ccis.readKey(version);

	KerberosTime[] times = ccis.readTimes();
	this.authTime = times[0];
	this.startTime = times[1];
	this.endTime = times[2];
	this.renewTill = times[3];

	this.isEncInSKey = ccis.readIsSkey();

	this.ticketFlags = ccis.readTicketFlags();

	this.clientAddresses = ccis.readAddr();

	this.authzData = ccis.readAuthzData();

	if (isConfEntry) {
	byte[] confData = ccis.readCountedOctets();
	// ignoring confData for now
	} else {
	this.ticket = ccis.readTicket();
	}

	this.secondTicket = ccis.readTicket();

	// might skip krb5_ccache_conf_data/fast_avail/krbtgt/REALM@REALM in MIT KRB5
	}

	public void store(CredCacheOutputStream ccos, int version) throws IOException {
	ccos.writePrincipal(clientName, version);
	ccos.writePrincipal(serverName, version);
	ccos.writeKey(key, version);

	ccos.writeTimes(new KerberosTime[]{authTime, startTime, endTime, renewTill});

	ccos.writeIsSkey(isEncInSKey);

	ccos.writeTicketFlags(ticketFlags);

	ccos.writeAddresses(clientAddresses);

	ccos.writeAuthzData(authzData);

	ccos.writeTicket(ticket);

	ccos.writeTicket(secondTicket);
	}
	}