Source code

001/*
002 *  Licensed to the Apache Software Foundation (ASF) under one
003 *  or more contributor license agreements.  See the NOTICE file
004 *  distributed with this work for additional information
005 *  regarding copyright ownership.  The ASF licenses this file
006 *  to you under the Apache License, Version 2.0 (the
007 *  "License"); you may not use this file except in compliance
008 *  with the License.  You may obtain a copy of the License at
009 *  
010 *    http://www.apache.org/licenses/LICENSE-2.0
011 *  
012 *  Unless required by applicable law or agreed to in writing,
013 *  software distributed under the License is distributed on an
014 *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015 *  KIND, either express or implied.  See the License for the
016 *  specific language governing permissions and limitations
017 *  under the License. 
018 *  
019 */
020package org.apache.directory.kerberos.client;
021
022
023import java.nio.ByteBuffer;
024
025import org.apache.directory.server.kerberos.changepwd.io.ChangePasswordDecoder;
026import org.apache.directory.server.kerberos.changepwd.messages.ChangePasswordReply;
027import org.apache.directory.server.kerberos.changepwd.messages.ChangePasswordRequest;
028import org.apache.directory.server.kerberos.shared.crypto.encryption.CipherTextHandler;
029import org.apache.directory.server.kerberos.shared.crypto.encryption.KerberosKeyFactory;
030import org.apache.directory.server.kerberos.shared.crypto.encryption.KeyUsage;
031import org.apache.directory.shared.kerberos.codec.KerberosDecoder;
032import org.apache.directory.shared.kerberos.codec.KerberosMessageContainer;
033import org.apache.directory.shared.kerberos.codec.types.EncryptionType;
034import org.apache.directory.shared.kerberos.components.EncKrbPrivPart;
035import org.apache.directory.shared.kerberos.components.EncryptionKey;
036import org.apache.directory.shared.kerberos.messages.ApRep;
037import org.apache.directory.shared.kerberos.messages.ApReq;
038import org.apache.directory.shared.kerberos.messages.AsRep;
039import org.apache.directory.shared.kerberos.messages.Authenticator;
040import org.apache.directory.shared.kerberos.messages.EncAsRepPart;
041import org.apache.directory.shared.kerberos.messages.KrbPriv;
042
043
044public abstract class KpasswdDecode
045{
046    private CipherTextHandler cipherTextHandler = new CipherTextHandler();
047
048    private EncryptionKey clientKey;
049
050    private EncryptionKey sessionKey;
051
052    private EncryptionKey subSessionKey;
053
054
055    public KpasswdDecode( String principal, String password, EncryptionType eType )
056    {
057        clientKey = KerberosKeyFactory.string2Key( principal, password, eType );
058    }
059
060
061    public void decodeAsRep( byte[] asReppkt ) throws Exception
062    {
063        ByteBuffer repData = ByteBuffer.wrap( asReppkt );
064
065        KerberosMessageContainer kerberosMessageContainer = new KerberosMessageContainer();
066        kerberosMessageContainer.setStream( repData );
067        kerberosMessageContainer.setGathering( true );
068        kerberosMessageContainer.setTCP( false );
069
070        AsRep asReply = ( AsRep ) KerberosDecoder.decode( kerberosMessageContainer );
071
072        System.out.println( asReply );
073        byte[] decryptedEncAsRepPart = cipherTextHandler.decrypt( clientKey, asReply.getEncPart(),
074            KeyUsage.AS_REP_ENC_PART_WITH_CKEY );
075        byte[] tmp = new byte[182];
076        System.arraycopy( decryptedEncAsRepPart, 0, tmp, 0, 182 );
077        EncAsRepPart encAsRepPart = KerberosDecoder.decodeEncAsRepPart( tmp );
078        sessionKey = encAsRepPart.getEncKdcRepPart().getKey();
079    }
080
081
082    public void decodeApReq( byte[] kpasswdApReqpkt ) throws Exception
083    {
084        ByteBuffer chngpwdReqData = ByteBuffer.wrap( kpasswdApReqpkt );
085
086        ChangePasswordRequest chngPwdReq = ( ChangePasswordRequest ) ChangePasswordDecoder.decode( chngpwdReqData,
087            false );
088
089        ApReq apReq = chngPwdReq.getAuthHeader();
090        byte[] decryptedAuthenticator = cipherTextHandler.decrypt( sessionKey, apReq.getAuthenticator(),
091            KeyUsage.AP_REQ_AUTHNT_SESS_KEY );
092        Authenticator authenticator = KerberosDecoder.decodeAuthenticator( decryptedAuthenticator );
093        subSessionKey = authenticator.getSubKey();
094    }
095
096
097    public void decodeApRep( byte[] kpasswdReplypkt ) throws Exception
098    {
099        ByteBuffer chngpwdReplyData = ByteBuffer.wrap( kpasswdReplypkt );
100
101        ChangePasswordReply chngPwdReply = ( ChangePasswordReply ) ChangePasswordDecoder.decode( chngpwdReplyData,
102            false );
103
104        ApRep apRep = chngPwdReply.getApplicationReply();
105
106        KrbPriv krbPriv = chngPwdReply.getPrivateMessage();
107        byte[] decryptedKrbPrivPart = cipherTextHandler.decrypt( subSessionKey, krbPriv.getEncPart(),
108            KeyUsage.KRB_PRIV_ENC_PART_CHOSEN_KEY );
109        EncKrbPrivPart krbPrivPart = KerberosDecoder.decodeEncKrbPrivPart( decryptedKrbPrivPart );
110        System.out.println( krbPrivPart );
111    }
112
113}