Exemplo n.º 1
0
        // 处理用户Client发送来的请求 ,并作出相关的处理
        public void HandleApReq(KerbAPRequest kerbApRequest,out bool stvalid , out bool apResponse)
        {
            string errorInfo = string.Empty;
            //STicket sticket = kerbApRequest.sticket;
            string encryptSTicket = kerbApRequest.encrptSticket;
            string sticket = desCrypt.Decrypt(encryptSTicket, KeyType.TGS_AP_Key, KeyType.Iv);
            string[] ticketArray = sticket.Split('|');
            string sIdentity = ticketArray[0];
            DateTime ts4 = Convert.ToDateTime(ticketArray[1]);
            double lifetime4 = Convert.ToDouble(ticketArray[2]);
            string uid2 = ticketArray[3];
            int adc = Convert.ToInt32(ticketArray[4]);

            STicket sTicket =  new STicket(uid2,sIdentity,ts4,adc,lifetime4);

            Authenticator authen = kerbApRequest.authenticator;
            if ((authen.adc != sTicket.Adc1) || (authen.uid != sTicket.Uid))
            {
                // 两者之间的认证标志不一样或者UID不一样的话   说明STicket被修改
                stvalid = false;
                apResponse = false;
                errorInfo = "STikcet票据已经被修改";
            }
            stvalid = true;    //票据是合法的
            // 下面就是对权限的管理和控制
            apResponse = true;   // 允许Client访问服务。
        }
Exemplo n.º 2
0
        public bool Authen(string uid)
        {
            // 用户发送TGS请求的条件 :
            // 【TGTicket存在】
            if (!string.IsNullOrEmpty(uid))
            {
                this.kerbTgsReq = CreateKerbTGSReq(uid);

                this.kerbApReq = CreateKerbApReq();
                if (VisitApp())  //访问
                {
                    return true;
                }
            }
            return false;
        }
Exemplo n.º 3
0
        //产生KerbApRequest请求
        public KerbAPRequest CreateKerbApReq()
        {
            // out 可以不初始化
            bool tgsvalid;
            string kerbTgsResp;
            tgServer.HandleTgsReq(this.kerbTgsReq, out tgsvalid, out kerbTgsResp);

            if (tgsvalid)   //只有在TGS票据合法的时候  uid也是合法TGS中的用户凭证信息
            {
                //string[] strArray0 = kerbTgsResp.Split(',');
                // string rsasign = strArray0[1];
                string[] strArray = kerbTgsResp.Split('|');
                string encryptSticket = strArray[0];
                string client_ap_key = strArray[1];
                string uid1 = strArray[2];

                string hashdata = "";
                rsaCryp.GetHash(client_ap_key, ref hashdata);

                //如果这里的用户非法,则不能解密STicket 也就无法修改
                // 如果在APServer中接到的STicket不合法,只能说明此处用户非法
                //string sticket = desCryp.Decrypt(encryptSticket, KeyType.TGS_AP_Key, KeyType.Iv);
                //string[] ticketArray = sticket.Split('|');
                //string sIdentity = ticketArray[0];
                //DateTime ts4 = Convert.ToDateTime(ticketArray[1]);
                //double lifetime4 = Convert.ToDouble(ticketArray[2]);
                //string uid2 = ticketArray[3];
                //int adc = Convert.ToInt32(ticketArray[4]);

                //this.sTicket = new STicket(uid2,sIdentity,ts4,adc,lifetime4);
                //this.auth = new Authenticator(uid1, client_ap_key,adc);
                //this.kerbApReq = new KerbAPRequest(this.sTicket, this.auth);
                this.auth = new Authenticator(uid1, client_ap_key);
                this.kerbApReq = new KerbAPRequest(encryptSticket, this.auth);
                return this.kerbApReq;

            }

            else
            {
                Console.Write("Heelo");
                tgServer.HandleTgsReq(this.kerbTgsReq, out tgsvalid, out kerbTgsResp);
                return this.kerbApReq;
            }
        }