Example #1
0
        // 处理用户Client发送来的请求 ,并作出相关的处理
        public void HandleApReq(KerbAPRequest kerbApRequest,out bool stvalid , out bool apResponse)
        {
            string errorInfo = string.Empty;
            //STicket sticket = kerbApRequest.sticket;
            string encryptSTicket = kerbApRequest.encrptSticket;
            string sticket = desCrypt.Decrypt(encryptSTicket, KeyType.TGS_AP_Key, KeyType.Iv);
            string[] ticketArray = sticket.Split('|');
            string sIdentity = ticketArray[0];
            DateTime ts4 = Convert.ToDateTime(ticketArray[1]);
            double lifetime4 = Convert.ToDouble(ticketArray[2]);
            string uid2 = ticketArray[3];
            int adc = Convert.ToInt32(ticketArray[4]);

            STicket sTicket =  new STicket(uid2,sIdentity,ts4,adc,lifetime4);

            Authenticator authen = kerbApRequest.authenticator;
            if ((authen.adc != sTicket.Adc1) || (authen.uid != sTicket.Uid))
            {
                // 两者之间的认证标志不一样或者UID不一样的话   说明STicket被修改
                stvalid = false;
                apResponse = false;
                errorInfo = "STikcet票据已经被修改";
            }
            stvalid = true;    //票据是合法的
            // 下面就是对权限的管理和控制
            apResponse = true;   // 允许Client访问服务。
        }
Example #2
0
        /*
         *
         * TGT解密的过程不是在:Client端被解密,而是在TGSServer端被解密
         *
         * TGS服务器处理KerbTGSRequest请求,并判断TGTicket是否有效;
         * 有效的话,则直接产生STicket
         * **/
        public void HandleTgsReq(KerbTGSRequest kerbTgsRequest, out bool tgsvalid, out string kerbTgsResponse)
        {
            // out型参数可以不被初始化
            string session_key_1 = kerbTgsRequest.session_key_1;
            string encryptUid = kerbTgsRequest.encryptUid;
            //TGTicket tgticket = kerbTgsRequest.tgticket;
            string encrptTgsTicket = kerbTgsRequest.encyptgsTicket;

            string tgticket = desCrypt.Decrypt(encrptTgsTicket, KeyType.AS_TGS_Key, KeyType.Iv);
            string[] ticketArray = tgticket.Split('|');
            string uid = ticketArray[0];
            DateTime ts2 = Convert.ToDateTime(ticketArray[1]);
            double lifetime2 = Convert.ToDouble(ticketArray[2]);

            TGTicket tgtTicket = new TGTicket(uid, ts2, lifetime2);

            string validUid = desCrypt.Decrypt(encryptUid, session_key_1, KeyType.Iv);

            string errorInfo = string.Empty;
            if ((!validUid.Equals(uid)) || (string.IsNullOrEmpty(validUid)))
            {
                errorInfo = "TGS票据被修改,uid的值已经被改变";
                tgsvalid = false;
                kerbTgsResponse = "";
                HandleTgsReq(kerbTgsRequest, out tgsvalid, out kerbTgsResponse);
            }
            else if (IsTGTExpired(tgtTicket))
            {
                errorInfo = "TGS票据过期";
                tgsvalid = false;
                kerbTgsResponse = "";
                HandleTgsReq(kerbTgsRequest, out tgsvalid, out kerbTgsResponse); //重新获取tgsResp请求
            }
            else
            {
                // 下面就是TGS服务器向Client发送的  uid与STicket中的uid是一样的
                STicket sticket = new STicket(uid);
                string key1 = KeyType.Client_AP_Key;  //Client与AP应用服务之间的会话密钥
                string iv = KeyType.Iv;  // Or "********"
                string strBuilder1 = string.Concat(sticket.STIdentity, "|", Convert.ToString(sticket.TS4));
                string strBuilder2 = string.Concat(strBuilder1, "|", Convert.ToString(sticket.LifeTime4));
                string strBuilder3 = string.Concat(strBuilder2, "|", uid);
                string strBuilder = string.Concat(strBuilder3, "|", Convert.ToString(sticket.Adc1));

                string encryptSticket = desCrypt.Encrypt(strBuilder, KeyType.TGS_AP_Key, KeyType.Iv);  //加密过后的STicket
                // 下面实现一个时间戳验证
                //DateTime ts4_1 = DateTime.Now;
                //string test = desCrypt.GenerateDesCryProvider(ref key1,ref iv);

                // 主要是确保随机密钥的安全性:下面就是数字签名的流程
                key1 = desCrypt.GenerateDesCryProvider(ref key1, ref iv);//desCrypt.GenerateDesCryProvider(ref key1, ref iv);
                //string key1text = rsaCrpt.RSAEncrypt(HttpUtility.HtmlDecode(publicKey), key1);
                string hashData = "";
                rsaCrpt.GetHash(key1, ref hashData);
                string rsasign = "";  //key1text的数字签名
                rsaCrpt.SignatureFormatter(HttpUtility.HtmlDecode(privateKey), hashData, ref rsasign);

                string kerbTgsResp = string.Concat(string.Concat(encryptSticket, "|", key1), "|", uid);  // AS向Client发回的响应
                //kerbTgsResp = string.Concat(kerbTgsResp, ",", rsasign);
                tgsvalid = true;
                kerbTgsResponse = kerbTgsResp;

            }
        }