1 /* 2 * Licensed to the Apache Software Foundation (ASF) under one 3 * or more contributor license agreements. See the NOTICE file 4 * distributed with this work for additional information 5 * regarding copyright ownership. The ASF licenses this file 6 * to you under the Apache License, Version 2.0 (the 7 * "License"); you may not use this file except in compliance 8 * with the License. You may obtain a copy of the License at 9 * 10 * http://www.apache.org/licenses/LICENSE-2.0 11 * 12 * Unless required by applicable law or agreed to in writing, 13 * software distributed under the License is distributed on an 14 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 * KIND, either express or implied. See the License for the 16 * specific language governing permissions and limitations 17 * under the License. 18 * 19 */ 20 package org.apache.directory.server.kerberos.sam; 21 22 23 import javax.security.auth.kerberos.KerberosKey; 24 25 import org.apache.directory.server.kerberos.shared.crypto.encryption.CipherTextHandler; 26 27 28 /** 29 * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a> 30 */ 31 public class TimestampChecker implements KeyIntegrityChecker 32 { 33 private static final long FIVE_MINUTES = 300000; 34 private static final CipherTextHandlerypto/encryption/CipherTextHandler.html#CipherTextHandler">CipherTextHandler CIPHER_TEXT_HANDLER = new CipherTextHandler(); 35 36 37 // FIXME this whole function seems to be buggy and also I don't find any references to this function in code- kayyagari 38 public boolean checkKeyIntegrity( byte[] encryptedData, KerberosKey kerberosKey ) 39 { 40 /* 41 EncryptionType keyType = EncryptionType.getTypeByValue( kerberosKey.getKeyType() ); 42 EncryptionKey key = new EncryptionKey( keyType, kerberosKey.getEncoded() ); 43 44 try 45 { 46 /* 47 * Since the pre-auth value is of type PA-ENC-TIMESTAMP, it should be a valid 48 * ASN.1 PA-ENC-TS-ENC structure, so we can decode it into EncryptedData. 49 * 50 EncryptedData sadValue = KerberosDecoder.decodeEncryptedData( encryptedData ); 51 52 /* 53 * Decrypt the EncryptedData structure to get the PA-ENC-TS-ENC. Decode the 54 * decrypted timestamp into our timestamp object. 55 * 56 PaEncTsEnc timestamp = ( PaEncTsEnc ) cipherTextHandler.unseal( PAEncTSEnc.class, 57 key, sadValue, KeyUsage.NUMBER1 ); 58 59 /* 60 * Since we got here we must have a valid timestamp structure that we can 61 * validate to be within a five minute skew. 62 * 63 KerberosTime time = timestamp.getPaTimestamp(); 64 65 if ( time.isInClockSkew( FIVE_MINUTES ) ) 66 { 67 return true; 68 } 69 } 70 catch ( IOException ioe ) 71 { 72 return false; 73 } 74 catch ( KerberosException ke ) 75 { 76 return false; 77 } 78 catch ( ClassCastException cce ) 79 { 80 return false; 81 } 82 */ 83 return false; 84 } 85 }