001/* 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, 013 * software distributed under the License is distributed on an 014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 015 * KIND, either express or implied. See the License for the 016 * specific language governing permissions and limitations 017 * under the License. 018 * 019 */ 020package org.apache.directory.kerberos.client; 021 022 023import java.nio.ByteBuffer; 024 025import org.apache.directory.server.kerberos.changepwd.io.ChangePasswordDecoder; 026import org.apache.directory.server.kerberos.changepwd.messages.ChangePasswordReply; 027import org.apache.directory.server.kerberos.changepwd.messages.ChangePasswordRequest; 028import org.apache.directory.server.kerberos.shared.crypto.encryption.CipherTextHandler; 029import org.apache.directory.server.kerberos.shared.crypto.encryption.KerberosKeyFactory; 030import org.apache.directory.server.kerberos.shared.crypto.encryption.KeyUsage; 031import org.apache.directory.shared.kerberos.codec.KerberosDecoder; 032import org.apache.directory.shared.kerberos.codec.KerberosMessageContainer; 033import org.apache.directory.shared.kerberos.codec.types.EncryptionType; 034import org.apache.directory.shared.kerberos.components.EncKrbPrivPart; 035import org.apache.directory.shared.kerberos.components.EncryptionKey; 036import org.apache.directory.shared.kerberos.messages.ApRep; 037import org.apache.directory.shared.kerberos.messages.ApReq; 038import org.apache.directory.shared.kerberos.messages.AsRep; 039import org.apache.directory.shared.kerberos.messages.Authenticator; 040import org.apache.directory.shared.kerberos.messages.EncAsRepPart; 041import org.apache.directory.shared.kerberos.messages.KrbPriv; 042 043 044public abstract class KpasswdDecode 045{ 046 private CipherTextHandler cipherTextHandler = new CipherTextHandler(); 047 048 private EncryptionKey clientKey; 049 050 private EncryptionKey sessionKey; 051 052 private EncryptionKey subSessionKey; 053 054 055 public KpasswdDecode( String principal, String password, EncryptionType eType ) 056 { 057 clientKey = KerberosKeyFactory.string2Key( principal, password, eType ); 058 } 059 060 061 public void decodeAsRep( byte[] asReppkt ) throws Exception 062 { 063 ByteBuffer repData = ByteBuffer.wrap( asReppkt ); 064 065 KerberosMessageContainer kerberosMessageContainer = new KerberosMessageContainer(); 066 kerberosMessageContainer.setStream( repData ); 067 kerberosMessageContainer.setGathering( true ); 068 kerberosMessageContainer.setTCP( false ); 069 070 AsRep asReply = ( AsRep ) KerberosDecoder.decode( kerberosMessageContainer ); 071 072 System.out.println( asReply ); 073 byte[] decryptedEncAsRepPart = cipherTextHandler.decrypt( clientKey, asReply.getEncPart(), 074 KeyUsage.AS_REP_ENC_PART_WITH_CKEY ); 075 byte[] tmp = new byte[182]; 076 System.arraycopy( decryptedEncAsRepPart, 0, tmp, 0, 182 ); 077 EncAsRepPart encAsRepPart = KerberosDecoder.decodeEncAsRepPart( tmp ); 078 sessionKey = encAsRepPart.getEncKdcRepPart().getKey(); 079 } 080 081 082 public void decodeApReq( byte[] kpasswdApReqpkt ) throws Exception 083 { 084 ByteBuffer chngpwdReqData = ByteBuffer.wrap( kpasswdApReqpkt ); 085 086 ChangePasswordRequest chngPwdReq = ( ChangePasswordRequest ) ChangePasswordDecoder.decode( chngpwdReqData, 087 false ); 088 089 ApReq apReq = chngPwdReq.getAuthHeader(); 090 byte[] decryptedAuthenticator = cipherTextHandler.decrypt( sessionKey, apReq.getAuthenticator(), 091 KeyUsage.AP_REQ_AUTHNT_SESS_KEY ); 092 Authenticator authenticator = KerberosDecoder.decodeAuthenticator( decryptedAuthenticator ); 093 subSessionKey = authenticator.getSubKey(); 094 } 095 096 097 public void decodeApRep( byte[] kpasswdReplypkt ) throws Exception 098 { 099 ByteBuffer chngpwdReplyData = ByteBuffer.wrap( kpasswdReplypkt ); 100 101 ChangePasswordReply chngPwdReply = ( ChangePasswordReply ) ChangePasswordDecoder.decode( chngpwdReplyData, 102 false ); 103 104 ApRep apRep = chngPwdReply.getApplicationReply(); 105 106 KrbPriv krbPriv = chngPwdReply.getPrivateMessage(); 107 byte[] decryptedKrbPrivPart = cipherTextHandler.decrypt( subSessionKey, krbPriv.getEncPart(), 108 KeyUsage.KRB_PRIV_ENC_PART_CHOSEN_KEY ); 109 EncKrbPrivPart krbPrivPart = KerberosDecoder.decodeEncKrbPrivPart( decryptedKrbPrivPart ); 110 System.out.println( krbPrivPart ); 111 } 112 113}