View Javadoc
1   /*
2    *  Licensed to the Apache Software Foundation (ASF) under one
3    *  or more contributor license agreements.  See the NOTICE file
4    *  distributed with this work for additional information
5    *  regarding copyright ownership.  The ASF licenses this file
6    *  to you under the Apache License, Version 2.0 (the
7    *  "License"); you may not use this file except in compliance
8    *  with the License.  You may obtain a copy of the License at
9    *
10   *    http://www.apache.org/licenses/LICENSE-2.0
11   *
12   *  Unless required by applicable law or agreed to in writing,
13   *  software distributed under the License is distributed on an
14   *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   *  KIND, either express or implied.  See the License for the
16   *  specific language governing permissions and limitations
17   *  under the License.
18   *
19   */
20  package org.apache.directory.kerberos.credentials.cache;
21  
22  
23  import java.text.ParseException;
24  
25  import org.apache.directory.kerberos.client.AbstractTicket;
26  import org.apache.directory.kerberos.client.TgTicket;
27  import org.apache.directory.shared.kerberos.KerberosTime;
28  import org.apache.directory.shared.kerberos.codec.types.PrincipalNameType;
29  import org.apache.directory.shared.kerberos.components.AuthorizationData;
30  import org.apache.directory.shared.kerberos.components.EncKdcRepPart;
31  import org.apache.directory.shared.kerberos.components.EncryptionKey;
32  import org.apache.directory.shared.kerberos.components.HostAddresses;
33  import org.apache.directory.shared.kerberos.components.PrincipalName;
34  import org.apache.directory.shared.kerberos.flags.TicketFlags;
35  import org.apache.directory.shared.kerberos.messages.Ticket;
36  
37  
38  /**
39   * Looks like KrbCredInfo can be used here, however it's not enough for this
40   * 
41   * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
42   */
43  public class Credentials
44  {
45  
46      private PrincipalName clientName;
47      private String clientRealm;
48      private PrincipalName serverName;
49      private String serverRealm;
50      private EncryptionKey key;
51      private KerberosTime authTime;
52      private KerberosTime startTime;
53      private KerberosTime endTime;
54      private KerberosTime renewTill;
55      private HostAddresses clientAddresses;
56      private AuthorizationData authzData;
57      private boolean isEncInSKey;
58      private TicketFlags flags;
59      private Ticket ticket;
60      private Ticket secondTicket;
61  
62  
63      public Credentials(
64          PrincipalName cname,
65          PrincipalName sname,
66          EncryptionKey ekey,
67          KerberosTime authtime,
68          KerberosTime starttime,
69          KerberosTime endtime,
70          KerberosTime renewTill,
71          boolean isEncInSKey,
72          TicketFlags flags,
73          HostAddresses caddr,
74          AuthorizationData authData,
75          Ticket ticket,
76          Ticket secondTicket )
77      {
78          this.clientName = ( PrincipalName ) cname;
79  
80          if ( cname.getRealm() != null )
81          {
82              clientRealm = cname.getRealm();
83          }
84  
85          this.serverName = ( PrincipalName ) sname;
86  
87          if ( sname.getRealm() != null )
88          {
89              serverRealm = sname.getRealm();
90          }
91  
92          this.key = ekey;
93  
94          this.authTime = authtime;
95          this.startTime = starttime;
96          this.endTime = endtime;
97          this.renewTill = renewTill;
98          this.clientAddresses = caddr;
99          this.authzData = authData;
100         this.isEncInSKey = isEncInSKey;
101         this.flags = flags;
102         this.ticket = ticket;
103         this.secondTicket = secondTicket;
104     }
105 
106 
107     public Credentials( TgTicket tgt )
108     {
109         PrincipalName clientPrincipal = null;
110         try
111         {
112             clientPrincipal = new PrincipalName( tgt.getClientName(),
113                 PrincipalNameType.KRB_NT_PRINCIPAL );
114         }
115         catch ( ParseException e )
116         {
117             throw new RuntimeException( "Invalid tgt with bad client name" );
118         }
119 
120         clientPrincipal.setRealm( tgt.getRealm() );
121 
122         init( tgt, clientPrincipal );
123     }
124 
125 
126     public Credentials( AbstractTicket tkt, PrincipalName clientPrincipal )
127     {
128         init( tkt, clientPrincipal );
129     }
130 
131 
132     private void init( AbstractTicket tkt, PrincipalName clientPrincipal )
133     {
134         EncKdcRepPart kdcRepPart = tkt.getEncKdcRepPart();
135 
136         this.serverName = kdcRepPart.getSName();
137         this.serverRealm = kdcRepPart.getSRealm();
138         this.serverName.setRealm( serverRealm );
139 
140         this.clientName = clientPrincipal;
141 
142         this.key = kdcRepPart.getKey();
143         this.authTime = kdcRepPart.getAuthTime();
144         this.startTime = kdcRepPart.getStartTime();
145         this.endTime = kdcRepPart.getEndTime();
146 
147         this.renewTill = kdcRepPart.getRenewTill();
148 
149         this.flags = kdcRepPart.getFlags();
150         this.clientAddresses = kdcRepPart.getClientAddresses();
151 
152         this.ticket = tkt.getTicket();
153 
154         this.isEncInSKey = false;
155 
156         this.secondTicket = null;
157     }
158 
159 
160     public PrincipalName getServicePrincipal()
161     {
162         return serverName;
163     }
164 
165 
166     public KerberosTime getAuthTime()
167     {
168         return authTime;
169     }
170 
171 
172     public KerberosTime getEndTime()
173     {
174         return endTime;
175     }
176 
177 
178     public TicketFlags getTicketFlags()
179     {
180         return flags;
181     }
182 
183 
184     public int getEType()
185     {
186         return key.getKeyType().getValue();
187     }
188 
189 
190     public PrincipalName getClientName()
191     {
192         return clientName;
193     }
194 
195 
196     public PrincipalName getServerName()
197     {
198         return serverName;
199     }
200 
201 
202     public String getClientRealm()
203     {
204         return clientRealm;
205     }
206 
207 
208     public EncryptionKey getKey()
209     {
210         return key;
211     }
212 
213 
214     public KerberosTime getStartTime()
215     {
216         return startTime;
217     }
218 
219 
220     public KerberosTime getRenewTill()
221     {
222         return renewTill;
223     }
224 
225 
226     public HostAddresses getClientAddresses()
227     {
228         return clientAddresses;
229     }
230 
231 
232     public AuthorizationData getAuthzData()
233     {
234         return authzData;
235     }
236 
237 
238     public boolean isEncInSKey()
239     {
240         return isEncInSKey;
241     }
242 
243 
244     public TicketFlags getFlags()
245     {
246         return flags;
247     }
248 
249 
250     public Ticket getTicket()
251     {
252         return ticket;
253     }
254 
255 
256     public Ticket getSecondTicket()
257     {
258         return secondTicket;
259     }
260 }