Source code

001/*
002 *  Licensed to the Apache Software Foundation (ASF) under one
003 *  or more contributor license agreements.  See the NOTICE file
004 *  distributed with this work for additional information
005 *  regarding copyright ownership.  The ASF licenses this file
006 *  to you under the Apache License, Version 2.0 (the
007 *  "License"); you may not use this file except in compliance
008 *  with the License.  You may obtain a copy of the License at
009 *  
010 *    http://www.apache.org/licenses/LICENSE-2.0
011 *  
012 *  Unless required by applicable law or agreed to in writing,
013 *  software distributed under the License is distributed on an
014 *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015 *  KIND, either express or implied.  See the License for the
016 *  specific language governing permissions and limitations
017 *  under the License. 
018 *  
019 */
020package org.apache.directory.server.kerberos.sam;
021
022
023import javax.security.auth.kerberos.KerberosKey;
024
025import org.apache.directory.server.kerberos.shared.crypto.encryption.CipherTextHandler;
026
027
028/**
029 * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
030 */
031public class TimestampChecker implements KeyIntegrityChecker
032{
033    private static final long FIVE_MINUTES = 300000;
034    private static final CipherTextHandler CIPHER_TEXT_HANDLER = new CipherTextHandler();
035
036
037    // FIXME this whole function seems to be buggy and also I don't find any references to this function in code- kayyagari
038    public boolean checkKeyIntegrity( byte[] encryptedData, KerberosKey kerberosKey )
039    {
040        /*
041        EncryptionType keyType = EncryptionType.getTypeByValue( kerberosKey.getKeyType() );
042        EncryptionKey key = new EncryptionKey( keyType, kerberosKey.getEncoded() );
043
044        try
045        {
046            /*
047             * Since the pre-auth value is of type PA-ENC-TIMESTAMP, it should be a valid
048             * ASN.1 PA-ENC-TS-ENC structure, so we can decode it into EncryptedData.
049             *
050            EncryptedData sadValue = KerberosDecoder.decodeEncryptedData( encryptedData );
051
052            /*
053             * Decrypt the EncryptedData structure to get the PA-ENC-TS-ENC.  Decode the
054             * decrypted timestamp into our timestamp object.
055             *
056            PaEncTsEnc timestamp = ( PaEncTsEnc ) cipherTextHandler.unseal( PAEncTSEnc.class,
057                key, sadValue, KeyUsage.NUMBER1 );
058
059            /*
060             * Since we got here we must have a valid timestamp structure that we can
061             * validate to be within a five minute skew.
062             *
063            KerberosTime time = timestamp.getPaTimestamp();
064
065            if ( time.isInClockSkew( FIVE_MINUTES ) )
066            {
067                return true;
068            }
069        }
070        catch ( IOException ioe )
071        {
072            return false;
073        }
074        catch ( KerberosException ke )
075        {
076            return false;
077        }
078        catch ( ClassCastException cce )
079        {
080            return false;
081        }
082        */
083        return false;
084    }
085}