in kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java [305:360]
private void armorApRequest(KrbFastArmor fastArmor) throws KrbException {
if (fastArmor.getArmorType() == ArmorType.ARMOR_AP_REQUEST) {
ApReq apReq;
try {
apReq = KrbCodec.decode(fastArmor.getArmorValue(), ApReq.class);
} catch (KrbException e) {
String errMessage = "Decode ApReq failed. " + e.getMessage();
LOG.error(errMessage);
throw new KrbException(errMessage);
}
Ticket ticket = apReq.getTicket();
EncryptionType encType = ticket.getEncryptedEncPart().getEType();
EncryptionKey tgsKey = getTgsEntry().getKeys().get(encType);
if (ticket.getTktvno() != KrbConstant.KRB_V5) {
LOG.error(KrbErrorCode.KRB_AP_ERR_BADVERSION.getMessage());
throw new KrbException(KrbErrorCode.KRB_AP_ERR_BADVERSION);
}
EncTicketPart encPart = null;
try {
encPart = EncryptionUtil.unseal(ticket.getEncryptedEncPart(),
tgsKey, KeyUsage.KDC_REP_TICKET, EncTicketPart.class);
} catch (KrbException e) {
String errMessage = "Unseal EncTicketPart failed. " + e.getMessage();
LOG.error(errMessage);
throw new KrbException(errMessage);
}
ticket.setEncPart(encPart);
EncryptionKey encKey = ticket.getEncPart().getKey();
setSessionKey(encKey);
Authenticator authenticator = null;
try {
authenticator = EncryptionUtil.unseal(apReq.getEncryptedAuthenticator(),
encKey, KeyUsage.AP_REQ_AUTH, Authenticator.class);
} catch (KrbException e) {
String errMessage = "Unseal Authenticator failed. " + e.getMessage();
LOG.error(errMessage);
throw new KrbException(errMessage);
}
EncryptionKey armorKey = null;
try {
armorKey = FastUtil.cf2(authenticator.getSubKey(), "subkeyarmor",
encKey, "ticketarmor");
} catch (KrbException e) {
String errMessage = "Create armor key failed. " + e.getMessage();
LOG.error(errMessage);
throw new KrbException(errMessage);
}
setArmorKey(armorKey);
}
}