// 处理用户Client发送来的请求 ,并作出相关的处理
public void HandleApReq(KerbAPRequest kerbApRequest,out bool stvalid , out bool apResponse)
{
string errorInfo = string.Empty;
//STicket sticket = kerbApRequest.sticket;
string encryptSTicket = kerbApRequest.encrptSticket;
string sticket = desCrypt.Decrypt(encryptSTicket, KeyType.TGS_AP_Key, KeyType.Iv);
string[] ticketArray = sticket.Split('|');
string sIdentity = ticketArray[0];
DateTime ts4 = Convert.ToDateTime(ticketArray[1]);
double lifetime4 = Convert.ToDouble(ticketArray[2]);
string uid2 = ticketArray[3];
int adc = Convert.ToInt32(ticketArray[4]);
STicket sTicket = new STicket(uid2,sIdentity,ts4,adc,lifetime4);
Authenticator authen = kerbApRequest.authenticator;
if ((authen.adc != sTicket.Adc1) || (authen.uid != sTicket.Uid))
{
// 两者之间的认证标志不一样或者UID不一样的话 说明STicket被修改
stvalid = false;
apResponse = false;
errorInfo = "STikcet票据已经被修改";
}
stvalid = true; //票据是合法的
// 下面就是对权限的管理和控制
apResponse = true; // 允许Client访问服务。
}
public bool Authen(string uid)
{
// 用户发送TGS请求的条件 :
// 【TGTicket存在】
if (!string.IsNullOrEmpty(uid))
{
this.kerbTgsReq = CreateKerbTGSReq(uid);
this.kerbApReq = CreateKerbApReq();
if (VisitApp()) //访问
{
return true;
}
}
return false;
}
//产生KerbApRequest请求
public KerbAPRequest CreateKerbApReq()
{
// out 可以不初始化
bool tgsvalid;
string kerbTgsResp;
tgServer.HandleTgsReq(this.kerbTgsReq, out tgsvalid, out kerbTgsResp);
if (tgsvalid) //只有在TGS票据合法的时候 uid也是合法TGS中的用户凭证信息
{
//string[] strArray0 = kerbTgsResp.Split(',');
// string rsasign = strArray0[1];
string[] strArray = kerbTgsResp.Split('|');
string encryptSticket = strArray[0];
string client_ap_key = strArray[1];
string uid1 = strArray[2];
string hashdata = "";
rsaCryp.GetHash(client_ap_key, ref hashdata);
//如果这里的用户非法,则不能解密STicket 也就无法修改
// 如果在APServer中接到的STicket不合法,只能说明此处用户非法
//string sticket = desCryp.Decrypt(encryptSticket, KeyType.TGS_AP_Key, KeyType.Iv);
//string[] ticketArray = sticket.Split('|');
//string sIdentity = ticketArray[0];
//DateTime ts4 = Convert.ToDateTime(ticketArray[1]);
//double lifetime4 = Convert.ToDouble(ticketArray[2]);
//string uid2 = ticketArray[3];
//int adc = Convert.ToInt32(ticketArray[4]);
//this.sTicket = new STicket(uid2,sIdentity,ts4,adc,lifetime4);
//this.auth = new Authenticator(uid1, client_ap_key,adc);
//this.kerbApReq = new KerbAPRequest(this.sTicket, this.auth);
this.auth = new Authenticator(uid1, client_ap_key);
this.kerbApReq = new KerbAPRequest(encryptSticket, this.auth);
return this.kerbApReq;
}
else
{
Console.Write("Heelo");
tgServer.HandleTgsReq(this.kerbTgsReq, out tgsvalid, out kerbTgsResp);
return this.kerbApReq;
}
}
