001/* 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, 013 * software distributed under the License is distributed on an 014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 015 * KIND, either express or implied. See the License for the 016 * specific language governing permissions and limitations 017 * under the License. 018 * 019 */ 020package org.apache.directory.kerberos.credentials.cache; 021 022 023import java.text.ParseException; 024 025import org.apache.directory.kerberos.client.AbstractTicket; 026import org.apache.directory.kerberos.client.TgTicket; 027import org.apache.directory.shared.kerberos.KerberosTime; 028import org.apache.directory.shared.kerberos.codec.types.PrincipalNameType; 029import org.apache.directory.shared.kerberos.components.AuthorizationData; 030import org.apache.directory.shared.kerberos.components.EncKdcRepPart; 031import org.apache.directory.shared.kerberos.components.EncryptionKey; 032import org.apache.directory.shared.kerberos.components.HostAddresses; 033import org.apache.directory.shared.kerberos.components.PrincipalName; 034import org.apache.directory.shared.kerberos.flags.TicketFlags; 035import org.apache.directory.shared.kerberos.messages.Ticket; 036 037 038/** 039 * Looks like KrbCredInfo can be used here, however it's not enough for this 040 * 041 * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a> 042 */ 043public class Credentials 044{ 045 046 private PrincipalName clientName; 047 private String clientRealm; 048 private PrincipalName serverName; 049 private String serverRealm; 050 private EncryptionKey key; 051 private KerberosTime authTime; 052 private KerberosTime startTime; 053 private KerberosTime endTime; 054 private KerberosTime renewTill; 055 private HostAddresses clientAddresses; 056 private AuthorizationData authzData; 057 private boolean isEncInSKey; 058 private TicketFlags flags; 059 private Ticket ticket; 060 private Ticket secondTicket; 061 062 063 public Credentials( 064 PrincipalName cname, 065 PrincipalName sname, 066 EncryptionKey ekey, 067 KerberosTime authtime, 068 KerberosTime starttime, 069 KerberosTime endtime, 070 KerberosTime renewTill, 071 boolean isEncInSKey, 072 TicketFlags flags, 073 HostAddresses caddr, 074 AuthorizationData authData, 075 Ticket ticket, 076 Ticket secondTicket ) 077 { 078 this.clientName = ( PrincipalName ) cname; 079 080 if ( cname.getRealm() != null ) 081 { 082 clientRealm = cname.getRealm(); 083 } 084 085 this.serverName = ( PrincipalName ) sname; 086 087 if ( sname.getRealm() != null ) 088 { 089 serverRealm = sname.getRealm(); 090 } 091 092 this.key = ekey; 093 094 this.authTime = authtime; 095 this.startTime = starttime; 096 this.endTime = endtime; 097 this.renewTill = renewTill; 098 this.clientAddresses = caddr; 099 this.authzData = authData; 100 this.isEncInSKey = isEncInSKey; 101 this.flags = flags; 102 this.ticket = ticket; 103 this.secondTicket = secondTicket; 104 } 105 106 107 public Credentials( TgTicket tgt ) 108 { 109 PrincipalName clientPrincipal = null; 110 try 111 { 112 clientPrincipal = new PrincipalName( tgt.getClientName(), 113 PrincipalNameType.KRB_NT_PRINCIPAL ); 114 } 115 catch ( ParseException e ) 116 { 117 throw new RuntimeException( "Invalid tgt with bad client name" ); 118 } 119 120 clientPrincipal.setRealm( tgt.getRealm() ); 121 122 init( tgt, clientPrincipal ); 123 } 124 125 126 public Credentials( AbstractTicket tkt, PrincipalName clientPrincipal ) 127 { 128 init( tkt, clientPrincipal ); 129 } 130 131 132 private void init( AbstractTicket tkt, PrincipalName clientPrincipal ) 133 { 134 EncKdcRepPart kdcRepPart = tkt.getEncKdcRepPart(); 135 136 this.serverName = kdcRepPart.getSName(); 137 this.serverRealm = kdcRepPart.getSRealm(); 138 this.serverName.setRealm( serverRealm ); 139 140 this.clientName = clientPrincipal; 141 142 this.key = kdcRepPart.getKey(); 143 this.authTime = kdcRepPart.getAuthTime(); 144 this.startTime = kdcRepPart.getStartTime(); 145 this.endTime = kdcRepPart.getEndTime(); 146 147 this.renewTill = kdcRepPart.getRenewTill(); 148 149 this.flags = kdcRepPart.getFlags(); 150 this.clientAddresses = kdcRepPart.getClientAddresses(); 151 152 this.ticket = tkt.getTicket(); 153 154 this.isEncInSKey = false; 155 156 this.secondTicket = null; 157 } 158 159 160 public PrincipalName getServicePrincipal() 161 { 162 return serverName; 163 } 164 165 166 public KerberosTime getAuthTime() 167 { 168 return authTime; 169 } 170 171 172 public KerberosTime getEndTime() 173 { 174 return endTime; 175 } 176 177 178 public TicketFlags getTicketFlags() 179 { 180 return flags; 181 } 182 183 184 public int getEType() 185 { 186 return key.getKeyType().getValue(); 187 } 188 189 190 public PrincipalName getClientName() 191 { 192 return clientName; 193 } 194 195 196 public PrincipalName getServerName() 197 { 198 return serverName; 199 } 200 201 202 public String getClientRealm() 203 { 204 return clientRealm; 205 } 206 207 208 public EncryptionKey getKey() 209 { 210 return key; 211 } 212 213 214 public KerberosTime getStartTime() 215 { 216 return startTime; 217 } 218 219 220 public KerberosTime getRenewTill() 221 { 222 return renewTill; 223 } 224 225 226 public HostAddresses getClientAddresses() 227 { 228 return clientAddresses; 229 } 230 231 232 public AuthorizationData getAuthzData() 233 { 234 return authzData; 235 } 236 237 238 public boolean isEncInSKey() 239 { 240 return isEncInSKey; 241 } 242 243 244 public TicketFlags getFlags() 245 { 246 return flags; 247 } 248 249 250 public Ticket getTicket() 251 { 252 return ticket; 253 } 254 255 256 public Ticket getSecondTicket() 257 { 258 return secondTicket; 259 } 260}