WEB开发网
开发学院软件开发Java 用 Kerberos 为 J2ME 应用程序上锁,第 3 部分: 建... 阅读

用 Kerberos 为 J2ME 应用程序上锁,第 3 部分: 建立与电子银行的安全通信(下)

 2010-03-30 00:00:00 来源:WEB开发网   
核心提示: 现在已经完成认证头,可以将它返回给给调用应用程序了,用 Kerberos 为 J2ME 应用程序上锁,第 3 部分: 建立与电子银行的安全通信(下)(10),生成服务票据请求我讨论了生成服务票据请求需要的所有低层方法,将使用 清单 1 中请求 TGT 时所使用的同一个 getTicketResp

现在已经完成认证头,可以将它返回给给调用应用程序了。

生成服务票据请求

我讨论了生成服务票据请求需要的所有低层方法。将使用 清单 1 中请求 TGT 时所使用的同一个 getTicketResponse() 方法生成服务票据请求,只需要对 清单 1 稍加修改以使它可以同时用于 TGT 和服务票据请求。让我们看一下这个过程。

看一下 清单 20,其中可以看到修改过的清单 1 中的 getTicketRespone() 方法。与 清单 1相比,修改过的版本增加了一些代码:

清单 20. getTicketResponse() 方法

  public byte[] getTicketResponse( String userName, 
                  String serverName, 
                  String realmName, 
                  byte[] kerberosTicket, 
                  byte[] key 
                 ) 
  { 
   byte ticketRequest[]; 
   byte msg_type[]; 
   byte pvno[] = getTagAndLengthBytes(ASN1DataTypes.CONTEXT_SPECIFIC, 
           1, getIntegerBytes(5)); 
   msg_type = getTagAndLengthBytes(ASN1DataTypes.CONTEXT_SPECIFIC, 
          2, getIntegerBytes(10)); 
   byte kdc_options[] = getTagAndLengthBytes(ASN1DataTypes.CONTEXT_SPECIFIC, 
               0, getBitStringBytes(new byte[5])); 
   byte generalStringSequence[] = getSequenceBytes ( 
                    getGeneralStringBytes (userName)); 
   byte name_string[] = getTagAndLengthBytes(ASN1DataTypes.CONTEXT_SPECIFIC, 
               1, generalStringSequence); 
   byte name_type[] = getTagAndLengthBytes(ASN1DataTypes.CONTEXT_SPECIFIC, 
              0, getIntegerBytes(ASN1DataTypes.NT_PRINCIPAL)); 
   byte principalNameSequence [] = getSequenceBytes( 
                concatenateBytes (name_type, name_string)); 
   byte cname[] = getTagAndLengthBytes (ASN1DataTypes.CONTEXT_SPECIFIC, 
            1, principalNameSequence); 
   byte realm[] = getTagAndLengthBytes (ASN1DataTypes.CONTEXT_SPECIFIC, 
            2, getGeneralStringBytes (realmName)); 
   byte sgeneralStringSequence[] = concatenateBytes(getGeneralStringBytes(serverName), 
                     getGeneralStringBytes (realmName)); 
   byte sname_string[] = getTagAndLengthBytes(ASN1DataTypes.CONTEXT_SPECIFIC, 
               1, getSequenceBytes(sgeneralStringSequence)); 
   byte sname_type[] = getTagAndLengthBytes(ASN1DataTypes.CONTEXT_SPECIFIC, 
              0, getIntegerBytes(ASN1DataTypes.NT_UNKNOWN)); 
   byte sprincipalNameSequence [] = getSequenceBytes( 
                 concatenateBytes (sname_type, sname_string) 
                ); 
   byte sname[] = getTagAndLengthBytes (ASN1DataTypes.CONTEXT_SPECIFIC, 
            3, sprincipalNameSequence); 
   byte till[] = getTagAndLengthBytes ( 
           ASN1DataTypes.CONTEXT_SPECIFIC, 
           5, 
           getGeneralizedTimeBytes ( 
           new String("19700101000000Z").getBytes()) 
          ); 
   byte nonce[] = getTagAndLengthBytes( 
            ASN1DataTypes.CONTEXT_SPECIFIC, 
            7, 
            getIntegerBytes (getRandomNumber()) 
           ); 
   byte etype[] = getTagAndLengthBytes( 
            ASN1DataTypes.CONTEXT_SPECIFIC, 
            8, 
            getSequenceBytes(getIntegerBytes(3)) 
           ); 
   byte req_body[] = getTagAndLengthBytes( 
             ASN1DataTypes.CONTEXT_SPECIFIC, 
             4, 
             getSequenceBytes( 
               concatenateBytes(kdc_options, 
                concatenateBytes(cname, 
                  concatenateBytes(realm, 
                   concatenateBytes(sname, 
                     concatenateBytes(till, 
                      concatenateBytes(nonce, etype) 
                     ) 
                   ) 
                  ) 
                ) 
               ) 
             ) 
            ); 
    if (kerberosTicket != null) { 
     msg_type = getTagAndLengthBytes(ASN1DataTypes.CONTEXT_SPECIFIC, 
            2, getIntegerBytes(12)); 
     sname_string = getTagAndLengthBytes(ASN1DataTypes.CONTEXT_SPECIFIC, 
              1, getSequenceBytes(getGeneralStringBytes(serverName))); 
     sname_type = getTagAndLengthBytes(ASN1DataTypes.CONTEXT_SPECIFIC, 
             0, getIntegerBytes(ASN1DataTypes.NT_UNKNOWN)); 
  
     sprincipalNameSequence = getSequenceBytes( 
                   concatenateBytes (sname_type, sname_string) 
                  ); 
     sname = getTagAndLengthBytes ( 
          ASN1DataTypes.CONTEXT_SPECIFIC, 
          3, sprincipalNameSequence 
         ); 
     byte[] req_body_sequence = getSequenceBytes( 
                    concatenateBytes(kdc_options, 
                     concatenateBytes(realm, 
                      concatenateBytes(sname, 
                       concatenateBytes(till, 
                        concatenateBytes(nonce, etype) 
                       ) 
                      ) 
                     ) 
                    ) 
                   ); 
     req_body = getTagAndLengthBytes ( 
             ASN1DataTypes.CONTEXT_SPECIFIC, 
             4, req_body_sequence 
           ); 
     byte[] cksum = getChecksumBytes( 
              getMD5DigestValue(req_body_sequence), 
              getIntegerBytes(7) 
            ); 
     byte[] authenticationHeader = getAuthenticationHeader( 
                     kerberosTicket, 
                     realmName, 
                     userName, 
                     cksum, 
                     key, 
                     0 
                    ); 
     byte[] padata_sequence = getSequenceBytes(concatenateBytes( 
                  getTagAndLengthBytes( 
                    ASN1DataTypes.CONTEXT_SPECIFIC, 
                  1,getIntegerBytes(1)), 
                  getTagAndLengthBytes( 
                     ASN1DataTypes.CONTEXT_SPECIFIC, 
                       2, getOctetStringBytes(authenticationHeader) 
                    ) 
                  ) 
                 ); 
     byte[] padata_sequences = getSequenceBytes(padata_sequence); 
     byte[] padata = getTagAndLengthBytes( 
              ASN1DataTypes.CONTEXT_SPECIFIC, 
                3, padata_sequences 
             ); 
     ticketRequest = getTagAndLengthBytes( 
              ASN1DataTypes.APPLICATION_TYPE, 
              12, getSequenceBytes( 
                concatenateBytes(pvno, 
                 concatenateBytes(msg_type, 
                   concatenateBytes(padata, req_body) 
                 ) 
                ) 
              ) 
             ); 
    } else { 
     ticketRequest = getTagAndLengthBytes( 
              ASN1DataTypes.APPLICATION_TYPE, 
              10, getSequenceBytes( 
                concatenateBytes(pvno, 
                 concatenateBytes(msg_type, req_body) 
                ) 
              ) 
             ); 
    } 
   try { 
     Datagram dg = dc.newDatagram(ticketRequest, ticketRequest.length); 
     dc.send(dg); 
    } catch (IllegalArgumentException il) { 
       il.printStackTrace(); 
    } 
    catch (Exception io) { 
       io.printStackTrace(); 
    } 
    byte ticketResponse[] = null; 
    try { 
     Datagram dg = dc.newDatagram(700); 
     dc.receive(dg); 
     if (dg.getLength() > 0) { 
       ticketResponse = new byte[dg.getLength()]; 
       System.arraycopy(dg.getData(), 0, ticketResponse, 0, dg.getLength()); 
     } else 
      return null; 
   } catch (IOException ie){ 
     ie.printStackTrace(); 
   } 
   return ticketResponse; 
  }//getTicketResponse 

上一页  5 6 7 8 9 10 

Tags:Kerberos JME 应用程序

编辑录入:爽爽 [复制链接] [打 印]
更多精彩
赞助商链接

热点阅读
焦点图片
最新推荐
精彩阅读