// 处理用户Client发送来的请求 ,并作出相关的处理 public void HandleApReq(KerbAPRequest kerbApRequest,out bool stvalid , out bool apResponse) { string errorInfo = string.Empty; //STicket sticket = kerbApRequest.sticket; string encryptSTicket = kerbApRequest.encrptSticket; string sticket = desCrypt.Decrypt(encryptSTicket, KeyType.TGS_AP_Key, KeyType.Iv); string[] ticketArray = sticket.Split('|'); string sIdentity = ticketArray[0]; DateTime ts4 = Convert.ToDateTime(ticketArray[1]); double lifetime4 = Convert.ToDouble(ticketArray[2]); string uid2 = ticketArray[3]; int adc = Convert.ToInt32(ticketArray[4]); STicket sTicket = new STicket(uid2,sIdentity,ts4,adc,lifetime4); Authenticator authen = kerbApRequest.authenticator; if ((authen.adc != sTicket.Adc1) || (authen.uid != sTicket.Uid)) { // 两者之间的认证标志不一样或者UID不一样的话 说明STicket被修改 stvalid = false; apResponse = false; errorInfo = "STikcet票据已经被修改"; } stvalid = true; //票据是合法的 // 下面就是对权限的管理和控制 apResponse = true; // 允许Client访问服务。 }
public bool Authen(string uid) { // 用户发送TGS请求的条件 : // 【TGTicket存在】 if (!string.IsNullOrEmpty(uid)) { this.kerbTgsReq = CreateKerbTGSReq(uid); this.kerbApReq = CreateKerbApReq(); if (VisitApp()) //访问 { return true; } } return false; }
//产生KerbApRequest请求 public KerbAPRequest CreateKerbApReq() { // out 可以不初始化 bool tgsvalid; string kerbTgsResp; tgServer.HandleTgsReq(this.kerbTgsReq, out tgsvalid, out kerbTgsResp); if (tgsvalid) //只有在TGS票据合法的时候 uid也是合法TGS中的用户凭证信息 { //string[] strArray0 = kerbTgsResp.Split(','); // string rsasign = strArray0[1]; string[] strArray = kerbTgsResp.Split('|'); string encryptSticket = strArray[0]; string client_ap_key = strArray[1]; string uid1 = strArray[2]; string hashdata = ""; rsaCryp.GetHash(client_ap_key, ref hashdata); //如果这里的用户非法,则不能解密STicket 也就无法修改 // 如果在APServer中接到的STicket不合法,只能说明此处用户非法 //string sticket = desCryp.Decrypt(encryptSticket, KeyType.TGS_AP_Key, KeyType.Iv); //string[] ticketArray = sticket.Split('|'); //string sIdentity = ticketArray[0]; //DateTime ts4 = Convert.ToDateTime(ticketArray[1]); //double lifetime4 = Convert.ToDouble(ticketArray[2]); //string uid2 = ticketArray[3]; //int adc = Convert.ToInt32(ticketArray[4]); //this.sTicket = new STicket(uid2,sIdentity,ts4,adc,lifetime4); //this.auth = new Authenticator(uid1, client_ap_key,adc); //this.kerbApReq = new KerbAPRequest(this.sTicket, this.auth); this.auth = new Authenticator(uid1, client_ap_key); this.kerbApReq = new KerbAPRequest(encryptSticket, this.auth); return this.kerbApReq; } else { Console.Write("Heelo"); tgServer.HandleTgsReq(this.kerbTgsReq, out tgsvalid, out kerbTgsResp); return this.kerbApReq; } }