kerberosauthenticationclient.java

java kerberos implementation

/*
  Simple Implementation of Kerberos protocol v5
  Copyright (C) 2003 Thia Yeo Ching (tycordinal@yahoo.co.uk)

  This program is free software; you can redistribute it and/or
  modify it under the terms of the GNU General Public License
  as published by the Free Software Foundation; either version 2
  of the License, or (at your option) any later version.

  This program is distributed in the hope that it will be useful,
  but WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  GNU General Public License for more details.

  You should have received a copy of the GNU General Public License
  along with this program; if not, write to the Free Software
  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.

*/
package SimpleKerberos.guitool;

import SimpleKerberos.*;
import SimpleKerberos.tool.ICryptor;
import SimpleKerberos.tool.HashedNormalCryptor;
import SimpleKerberos.config.DefaultSettings;

import javax.swing.*;
import javax.crypto.SealedObject;
import java.awt.*;
import java.awt.event.ActionEvent;
import java.awt.event.ActionListener;

/**
 * Author: Thia Yeo Ching, tycordinal@yahoo.co.uk
 * Date: Mar 24, 2003
 * Time: 9:22:11 PM
 * Submitted in Partial Fulfillment of the Requirements
 * for the Degree of Bachelor of Computer Engineering
 * of the Nanyang Technological University
 */
public class KerberosAuthenticationClient extends JFrame
  implements ActionListener

{
  public static final String TITLE = "Kerberos Authentication Client";
  private static final String KERBEROS_HOST_NAME = "Kerberos Host Name";
  private static final String EMPTY = "";
  private static final String ELLIPSIS = "...";
  private static final String EXCEPTION = "Exception:";
  private static final String SUCCESS_LOGIN = "*** success login";
  private static final String FAILED_LOGIN = "*** failed to login: incorrect name or password";
  private static final String ENTER_HOST = "Please enter your host";
  private static final String  ENTER_PWD = "Please enter your password";
  private static final String FAILED_CONTACT_HOST = "failed to contact host ";
  private static final String CONTACT_HOST = "Contacting host ";

  public SealedObject getSoTGSTicket()
  {
    return soTGSTicket_;
  }

  public String getTgsSessionKey()
  {
    return tgsSessionKey_;
  }

  public String getClientName()
  {
    return clientName_;
  }

  private SealedObject soTGSTicket_ = null;
  private String tgsSessionKey_ = null;
  private String clientName_ = null;

  private JTextField hostText;
  private JLabel hostLabel;

  private JLabel nameLabel;
  private JLabel pwdLabel;
  private JTextField nameText;
  private JPasswordField pwdText;
  private JButton okButton;
  private StatusArea statusArea;

  private static final String OK = "OK";
  private static final String ENTER_NAME = "Please enter your name";

  public static void main(String args[])
  {
    new KerberosAuthenticationClient().setVisible(true);
  }

  public KerberosAuthenticationClient()
  {
    super(TITLE);

    hostLabel = new JLabel(KERBEROS_HOST_NAME);
    hostText = new JTextField();

    nameLabel = new JLabel("Name");
    pwdLabel = new JLabel("Password");
    nameText = new JTextField();
    pwdText = new JPasswordField();
    okButton = new JButton(OK);
    statusArea = new StatusArea();


    LayoutManager detailsLayout = new GridLayout(3, 2);
    Container detailsPane = new Container();
    detailsPane.setLayout(detailsLayout);

    detailsPane.add(hostLabel);
    detailsPane.add(hostText);
    detailsPane.add(nameLabel);
    detailsPane.add(nameText);
    detailsPane.add(pwdLabel);
    detailsPane.add(pwdText);

    LayoutManager contentLayout = new GridLayout(3, 1);
    Container contentPane = this.getContentPane();
    contentPane.setLayout(contentLayout);
    contentPane.add(detailsPane);
    contentPane.add(okButton);
    contentPane.add(statusArea);

    okButton.addActionListener(this);
    this.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
    this.pack();

  }

  private void clearPassword()
  {
    pwdText.setText(EMPTY);
  }

  private boolean checkPassword()
  {
    if (pwdText.getPassword().length > 0)
    {
      return true;
    }

    statusArea.appendStatus(ENTER_PWD);
    return false;

  }
  private boolean checkName()
  {
    if (nameText.getText().length() > 0)
    {
      return true;
    }

    statusArea.appendStatus(ENTER_NAME);
    return false;
  }

  public void actionPerformed(ActionEvent e)
  {
    if (e.getSource() == okButton)
    {
      statusArea.clearStatus();
      if (checkDetails())
      {
        if (loginKerberos(hostText.getText(), nameText.getText(), new String(pwdText.getPassword())))
        {
          statusArea.appendStatus(SUCCESS_LOGIN);
        }
        else
        {
          statusArea.appendStatus(FAILED_LOGIN);
        }

        clearPassword();
      }
    }
  }

  private boolean checkDetails()
  {
    boolean c1 = checkPassword();
    boolean c2 = checkName();
    boolean c3 = checkHost();

    return c1 && c2 && c3;
  }

  private boolean checkHost()
  {
    if (hostText.getText().length() > 0)
    {
      return true;
    }

    statusArea.appendStatus(ENTER_HOST);
    return false;
  }

  private boolean loginKerberos(String host, String name, String pwd)
  {
    statusArea.appendStatus(CONTACT_HOST + host + ELLIPSIS);
    // assuming that the services are running
    IAuthenticationService auth = AuthenticationServiceFactory.getRemoteInstance(host);
    if (auth != null)
    {
      return do_loginKerberos(auth, name, pwd);
    }

    //clearStatus();
    statusArea.appendStatus(FAILED_CONTACT_HOST + host);
    return false;
  }



  /**
   * init soTGSTicket_, tgsSessionKey_,
   * soServiceTicket_, serviceSessionKey_
   *
   * @param auth
   * @param clientName
   * @param clientPassword
   * @return true if success login and got service ticket
   */
  private boolean do_loginKerberos(IAuthenticationService auth,
    String clientName, String clientPassword)
  {
    // Kerberos authentication

    Nounce authnounce = new Nounce();

    // C, T, n
    AuthenticationRequestMsg authreq = new AuthenticationRequestMsg(
      clientName,
      DefaultSettings.TGS_NAME, authnounce);
    assert (authreq.getClientName().equals(clientName));
    assert (authreq.getTGSName().equals(DefaultSettings.TGS_NAME));
    assert (authreq.getNounce().getValue() == authnounce.getValue());
    statusArea.appendStatus("AuthenticationRequestMsg passed");

    try
    {
      KDCServiceReplyMsg authreply = auth.authenticate(authreq);
      // decrypt sealed objects here
      // for testing, also decrypt the ticket
      ICryptor clientCryptor = new HashedNormalCryptor(clientPassword);
      ICryptor TGSCryptor = new HashedNormalCryptor(DefaultSettings.TGS_PWD);

      Challenge challenge = authreply.extractChallenge(clientCryptor);
      Ticket ticket = authreply.extractTicket(TGSCryptor);

      assert (challenge != null);
      assert (ticket != null);

      assert (challenge.getNounce().getValue() == authnounce.getValue());
      assert (challenge.getSessionKey().equals(ticket.getSessionKey()));
      assert (authreq.getClientName().equals(ticket.getClientName()));
      assert (authreq.getTGSName().equals(ticket.getServiceName()));
      ticket.checkValid();

      statusArea.appendStatus("Authentication: KDCServiceReplyMsg passed");
      statusArea.appendStatus("Dump:");
      statusArea.appendStatus(challenge.toString());
      statusArea.appendStatus(ticket.toString());

      // store for future usage
      soTGSTicket_ = authreply.getSoTicket();
      tgsSessionKey_ = challenge.getSessionKey();
      clientName_ = clientName;

      return true;

    }
    catch (Exception e)
    {
      statusArea.appendStatus(EXCEPTION + e.getMessage());
      e.printStackTrace();

    }

    return false;
  }

}