View Javadoc
1   /*
2    *  Licensed to the Apache Software Foundation (ASF) under one
3    *  or more contributor license agreements.  See the NOTICE file
4    *  distributed with this work for additional information
5    *  regarding copyright ownership.  The ASF licenses this file
6    *  to you under the Apache License, Version 2.0 (the
7    *  "License"); you may not use this file except in compliance
8    *  with the License.  You may obtain a copy of the License at
9    *  
10   *    http://www.apache.org/licenses/LICENSE-2.0
11   *  
12   *  Unless required by applicable law or agreed to in writing,
13   *  software distributed under the License is distributed on an
14   *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   *  KIND, either express or implied.  See the License for the
16   *  specific language governing permissions and limitations
17   *  under the License. 
18   *  
19   */
20  package org.apache.directory.server.kerberos.sam;
21  
22  
23  import javax.security.auth.kerberos.KerberosKey;
24  
25  import org.apache.directory.server.kerberos.shared.crypto.encryption.CipherTextHandler;
26  
27  
28  /**
29   * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
30   */
31  public class TimestampChecker implements KeyIntegrityChecker
32  {
33      private static final long FIVE_MINUTES = 300000;
34      private static final CipherTextHandlerypto/encryption/CipherTextHandler.html#CipherTextHandler">CipherTextHandler CIPHER_TEXT_HANDLER = new CipherTextHandler();
35  
36  
37      // FIXME this whole function seems to be buggy and also I don't find any references to this function in code- kayyagari
38      public boolean checkKeyIntegrity( byte[] encryptedData, KerberosKey kerberosKey )
39      {
40          /*
41          EncryptionType keyType = EncryptionType.getTypeByValue( kerberosKey.getKeyType() );
42          EncryptionKey key = new EncryptionKey( keyType, kerberosKey.getEncoded() );
43  
44          try
45          {
46              /*
47               * Since the pre-auth value is of type PA-ENC-TIMESTAMP, it should be a valid
48               * ASN.1 PA-ENC-TS-ENC structure, so we can decode it into EncryptedData.
49               *
50              EncryptedData sadValue = KerberosDecoder.decodeEncryptedData( encryptedData );
51  
52              /*
53               * Decrypt the EncryptedData structure to get the PA-ENC-TS-ENC.  Decode the
54               * decrypted timestamp into our timestamp object.
55               *
56              PaEncTsEnc timestamp = ( PaEncTsEnc ) cipherTextHandler.unseal( PAEncTSEnc.class,
57                  key, sadValue, KeyUsage.NUMBER1 );
58  
59              /*
60               * Since we got here we must have a valid timestamp structure that we can
61               * validate to be within a five minute skew.
62               *
63              KerberosTime time = timestamp.getPaTimestamp();
64  
65              if ( time.isInClockSkew( FIVE_MINUTES ) )
66              {
67                  return true;
68              }
69          }
70          catch ( IOException ioe )
71          {
72              return false;
73          }
74          catch ( KerberosException ke )
75          {
76              return false;
77          }
78          catch ( ClassCastException cce )
79          {
80              return false;
81          }
82          */
83          return false;
84      }
85  }