Package | Description |
---|---|
org.apache.directory.server.kerberos.shared.crypto.checksum |
Provides support for checksum calculations.
|
org.apache.directory.server.kerberos.shared.crypto.encryption |
Provides support for Kerberos CipherText operations.
|
org.apache.directory.shared.kerberos |
Modifier and Type | Method and Description |
---|---|
byte[] |
ChecksumEngine.calculateChecksum(byte[] data,
byte[] key,
KeyUsage usage)
Calculate a checksum given raw bytes and an (optional) key.
|
Checksum |
ChecksumHandler.calculateChecksum(ChecksumType checksumType,
byte[] bytes,
byte[] key,
KeyUsage usage)
Calculate a checksum based on raw bytes and an (optional) key for keyed checksums.
|
void |
ChecksumHandler.verifyChecksum(Checksum checksum,
byte[] bytes,
byte[] key,
KeyUsage usage)
Verify a checksum by providing the raw bytes and an (optional) key for keyed checksums.
|
Modifier and Type | Field and Description |
---|---|
static KeyUsage |
KeyUsage.AP_REP_ENC_PART_SESS_KEY
AP-REP encrypted part (includes application session subkey), encrypted with the application session key (Section 5.5.2)
|
static KeyUsage |
KeyUsage.AP_REQ_AUTHNT_CKSUM_SESS_KEY
AP-REQ Authenticator cksum, keyed with the application session key (Section 5.5.1)
|
static KeyUsage |
KeyUsage.AP_REQ_AUTHNT_SESS_KEY
AP-REQ Authenticator (includes application authenticator subkey), encrypted with the application session key (Section 5.5.1)
|
static KeyUsage |
KeyUsage.AS_OR_TGS_REP_TICKET_WITH_SRVKEY
AS-REP Ticket and TGS-REP Ticket (includes TGS session key or application session key), encrypted with the service key (Section 5.3)
|
static KeyUsage |
KeyUsage.AS_REP_ENC_PART_WITH_CKEY
AS-REP encrypted part (includes TGS session key or application session key), encrypted with the client key (Section 5.4.2)
|
static KeyUsage |
KeyUsage.AS_REQ_PA_ENC_TIMESTAMP_WITH_CKEY
AS-REQ PA-ENC-TIMESTAMP padata timestamp, encrypted with the client key (Section 5.2.7.2)
|
static KeyUsage |
KeyUsage.KRB_PRIV_ENC_PART_CHOSEN_KEY
KRB-PRIV encrypted part, encrypted with a key chosen by the application (Section 5.7.1)
|
static KeyUsage |
KeyUsage.TGS_REP_ENC_PART_TGS_AUTHNT_SUB_KEY
TGS-REP encrypted part (includes application session key), encrypted with the TGS authenticator subkey (Section 5.4.2)
|
static KeyUsage |
KeyUsage.TGS_REP_ENC_PART_TGS_SESS_KEY
TGS-REP encrypted part (includes application session key), encrypted with the TGS session key (Section 5.4.2)
|
static KeyUsage |
KeyUsage.TGS_REQ_KDC_REQ_BODY_AUTHZ_DATA_ENC_WITH_AUTHNT_SUB_KEY
TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the TGS authenticator subkey (Section 5.4.1)
|
static KeyUsage |
KeyUsage.TGS_REQ_KDC_REQ_BODY_AUTHZ_DATA_ENC_WITH_TGS_SESS_KEY
TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the TGS session key (Section 5.4.1)
|
static KeyUsage |
KeyUsage.TGS_REQ_PA_TGS_REQ_PADATA_AP_REQ_AUTHNT_CKSUM_TGS_SESS_KEY
TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator cksum, keyed with the TGS session key (Section 5.5.1)
|
static KeyUsage |
KeyUsage.TGS_REQ_PA_TGS_REQ_PADATA_AP_REQ_TGS_SESS_KEY
TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator (includes TGS authenticator subkey), encrypted with the TGS session key (Section 5.5.1)
|
Modifier and Type | Field and Description |
---|---|
static List<KeyUsage> |
KeyUsage.VALUES
VALUES needs to be located here, otherwise illegal forward reference.
|
Modifier and Type | Method and Description |
---|---|
static KeyUsage |
KeyUsage.getTypeByOrdinal(int type)
Returns the key usage number type when specified by its ordinal.
|
Modifier and Type | Method and Description |
---|---|
byte[] |
Des3CbcSha1KdEncryption.calculateChecksum(byte[] data,
byte[] key,
KeyUsage usage) |
protected abstract byte[] |
EncryptionEngine.calculateIntegrity(byte[] plainText,
byte[] key,
KeyUsage usage) |
byte[] |
Des3CbcSha1KdEncryption.calculateIntegrity(byte[] data,
byte[] key,
KeyUsage usage) |
byte[] |
DesCbcCrcEncryption.calculateIntegrity(byte[] data,
byte[] key,
KeyUsage usage) |
int |
KeyUsage.compareTo(KeyUsage that) |
byte[] |
CipherTextHandler.decrypt(EncryptionKey key,
EncryptedData data,
KeyUsage usage)
Decrypt a block of data.
|
EncryptedData |
CipherTextHandler.encrypt(EncryptionKey key,
byte[] plainText,
KeyUsage usage) |
protected abstract byte[] |
EncryptionEngine.getDecryptedData(EncryptionKey key,
EncryptedData data,
KeyUsage usage) |
byte[] |
Des3CbcSha1KdEncryption.getDecryptedData(EncryptionKey key,
EncryptedData data,
KeyUsage usage) |
byte[] |
DesCbcCrcEncryption.getDecryptedData(EncryptionKey key,
EncryptedData data,
KeyUsage usage) |
protected abstract EncryptedData |
EncryptionEngine.getEncryptedData(EncryptionKey key,
byte[] plainText,
KeyUsage usage) |
EncryptedData |
Des3CbcSha1KdEncryption.getEncryptedData(EncryptionKey key,
byte[] plainText,
KeyUsage usage) |
EncryptedData |
DesCbcCrcEncryption.getEncryptedData(EncryptionKey key,
byte[] plainText,
KeyUsage usage) |
protected byte[] |
EncryptionEngine.getUsageKc(KeyUsage usage)
The "well-known constant" used for the DK function is the key
usage number, expressed as four octets in big-endian order,
followed by one octet indicated below.
|
protected byte[] |
EncryptionEngine.getUsageKe(KeyUsage usage)
The "well-known constant" used for the DK function is the key
usage number, expressed as four octets in big-endian order,
followed by one octet indicated below.
|
protected byte[] |
EncryptionEngine.getUsageKi(KeyUsage usage)
The "well-known constant" used for the DK function is the key
usage number, expressed as four octets in big-endian order,
followed by one octet indicated below.
|
EncryptedData |
CipherTextHandler.seal(EncryptionKey key,
org.apache.directory.api.asn1.Asn1Object message,
KeyUsage usage)
Performs an encode and an encrypt.
|
Modifier and Type | Method and Description |
---|---|
static Authenticator |
KerberosUtils.verifyAuthHeader(ApReq authHeader,
Ticket ticket,
EncryptionKey serverKey,
long clockSkew,
ReplayCache replayCache,
boolean emptyAddressesAllowed,
InetAddress clientAddress,
CipherTextHandler lockBox,
KeyUsage authenticatorKeyUsage,
boolean isValidate)
Verifies an AuthHeader using guidelines from RFC 1510 section A.10., "KRB_AP_REQ verification."
|
Copyright © 2003–2020 The Apache Software Foundation. All rights reserved.