client.java
来自「一个简单的实现Kerberos验证的程序」· Java 代码 · 共 627 行 · 第 1/2 页
JAVA
627 行
String result = (String)object;
if(result.equals("false"))
{
System.out.println("用户名验证结果:错误的用户名,请重新启动客户端\nAS上未通过验证");
textArea.append("用户名验证结果:错误的用户名,请重新启动客户端\nAS上未通过验证\n");
return false;
}
else{
System.out.println("AS验证出错,请重新启动客户端\nAS上未通过验证");
textArea.append("AS验证出错,请重新启动客户端\nAS上未通过验证\n");
return false;
}
}
//用户名合法
if(object!=null&&object instanceof AS_C)
{
System.out.println("用户名验证结果:正确");
textArea.append("用户名验证结果:正确,test为唯一有效用户名\n");
textArea.append("用户名验证完毕\n");
System.out.println("用户名验证完毕");
textArea.append("Msg:[ form Client to AS\n");
textArea.append("TS1:"+TS1+"\n");
textArea.append("IDc:"+IDc+"\n");
textArea.append("ADc:"+ADc+"\n");
textArea.append("]\n");
AS_C as_c = (AS_C)object;;
IDtgs = new String(decrypt(as_c.IDtgs,clientprikey));
Tickettgs = as_c.Tickettgs;
TS2 = as_c.TS2;
Lifetime1 = as_c.Lifetime1;
textArea.append("Msg:[ from AS to Client \n");
textArea.append("IDtgs:"+IDtgs+"\n");
textArea.append("Ticket_tgs:"+Tickettgs+"\n");
textArea.append("TS2:"+TS2+"\n");
textArea.append("Lifetime1:"+Lifetime1+"]\n");
//验证时间的合法性
if(!isInSession(TS1,TS2,Lifetime1)){
textArea.append("client端的时间合法性未通过验证\n");
return false;
}
textArea.append("client端的时间合法性验证通过\n");
System.out.println("时间验证通过");
break;
}
}
System.out.println("AS服务器上验证完毕");
textArea.append("Client向AS验证完毕\n");
return true;
}
catch(Exception e)
{
e.printStackTrace();
}
textArea.append("Client向AS验证完毕false\n");
return false;
}
/**
* 验证步骤
* 验证第二步,
* 向 Ticket Granting Server 认证,
*/
public boolean Step2(){
textArea.append("开始向TGS发送请求\n");
try
{
/**
* (3)C->TGS: IDs || Tickettgs || Authenticatortgs
* Tickettgs = Epub-tgs[Kpub-c || IDc || ADc || IDtgs || TS2 || Lifetime1]
* Authenticatortgs = Epri-c[IDc || ADc || TS3]
*/
IDs = "SaleServer";
byte[] IDc_m = en.encrypt(IDc,clientprikey);
byte[] ADc_m = en.encrypt(ADc,clientprikey);
TS3 = getTimeStamp();
//封装Authenticator_tgs
at= new Authenticator_tgs(IDc_m,ADc_m,TS3);
//封装C -> TGS
C_TGS c_tgs = new C_TGS(IDs.getBytes(),Tickettgs,at);
System.out.println("start to send C2TGS ");
textArea.append("发往TGS的消息封装完成\n");
sendmessage(c_tgs,this.outstream2);
textArea.append("Msg:[ form Client to TGS\n");
textArea.append("IDc:"+IDc+"\n");
textArea.append("IDs:"+IDs+"\n");
textArea.append("ADc:"+ADc+"\n");
textArea.append("TS3:"+TS3+"\n");
textArea.append("Ticket_tgs:"+Tickettgs+"\n");
textArea.append("]\n");
/**
* (4)TGS->C: Epub-c[IDs || TS4 || Tickets]
* Tickets = Epub-s[Kpub-c || IDc || ADc || IDs || TS4 || Lifetime2]
*/
while(true)
{
Object o2 = receivemessage(instream2);
if(o2!=null&&o2 instanceof String)
{
String result = (String)o2;
if(result.equals("false"))
{ System.out.println("TGS上验证未通过");
textArea.append("TGS上验证未通过\n");
return false;
}
}
if(o2!=null&&o2 instanceof TGS_C)
{
TGS_C tgs_c = (TGS_C)o2;
String IDs_from_tgs = new String(decrypt(tgs_c.IDs,clientprikey));
TS4 = tgs_c.TS4;
Tickets = tgs_c.ts;
Lifetime2 = tgs_c.Lifetime2;
textArea.append("Msg:[ from TGS to Client \n");
//textArea.append("IDs:"+IDs_from_tgs+"\n");
textArea.append("Ticket_s:"+this.Tickettgs+"\n");
textArea.append("TS4:"+this.TS4+"\n");
textArea.append("Lifetime2:"+this.Lifetime2+"]\n");
//时间合法性验证
if(!isInSession(TS3,TS4,Lifetime2))
{
System.out.println("TGS上时间验证未通过");
textArea.append("TGS上时间验证未通过\n");
return false;
}
//验证server ID是否为请求的server ID,即"SaleServer"
if(!IDs_from_tgs.equals(this.IDs))
{ System.out.println("TGS上ID service验证未通过");
textArea.append("TGS上对ID service的验证未通过\n");
return false;
}
break;
}
}
textArea.append("TGS上的验证完毕:通过\n");
System.out.println("TGS服务器上验证完毕");
return true;
}
catch(Exception ex)
{
ex.printStackTrace();
}
return false;
}
/**
* 验证步骤
* 验证第三步,
* 提供服务的 Server 认证
*/
public boolean Step3(){
textArea.append("开始向Service Server发送请求\n");
try
{
/**
* (5)C->S: Tickets || Authenticators
* Tickets = Epub-s[Kpub-c || IDc || ADc || IDs || TS4 || Lifetime2]
* Authenticators = Epri-c[IDc || ADc || TS5 ]
*/
TS5 = this.getTimeStamp();
byte[] IDc_m = en.encrypt(IDc,clientprikey);
byte[] ADc_m = en.encrypt(ADc,clientprikey);
this.as = new Authenticator_s(IDc_m,ADc_m,TS5);
C_S c_s = new C_S(Tickets,as);
textArea.append("Msg:[ from Client to Service Server \n");
textArea.append("IDc:"+IDc+"\n");
textArea.append("ADc:"+ADc+"\n");
textArea.append("TS5:"+TS5+"\n");
textArea.append("Ticket_s:"+Tickets+"\n");
textArea.append("]\n");
sendmessage(c_s,outstream3);
System.out.println("send service msg(C_S) ok");
/**
* (6)S->C: Epub-c [TS5 + 1 || Subkey2]
* SessionKey = Subkey2
*/
while(true)
{
Object o3 = receivemessage(instream3);
if(o3!=null&&o3 instanceof String)
{
String result = (String)o3;
if(result.equals("false"))
{
System.out.println("SServer上验证未通过");
textArea.append("SServer上验证未通过\n");
return false;
}
}
if(o3!=null && o3 instanceof S_C)
{
S_C s_c = (S_C)o3;
long new_TS = s_c.TS5;
textArea.append("Msg:[ from Service Server to Client \n");
textArea.append("TS5:"+new_TS+"\n");
textArea.append("Session Key:"+new String(s_c.subkey2,"utf-8")+"\n");
textArea.append("]\n");
if(!isInSession(this.TS5,new_TS,this.Lifetime2))
{
System.out.println("Client上时间验证未通过");
textArea.append("Client上对Server传来的时间戳的验证未通过\n");
return false;
}
subkey1 = s_c.subkey2;
textArea.append("Client上对Server传来的时间戳的验证通过\n");
System.out.println("Client上时间验证通过");
break;
}
}
textArea.append("SaleServer服务器上验证完毕,获得的sessionkey为'"+subkey1+"',可以开始通信\n");
System.out.println("SaleServer服务器上验证完毕,获得的sessionkey为'"+subkey1+"',可以开始通信");
return true;
}
catch(Exception ex)
{
ex.printStackTrace();
}
return false;
}
/**
* 认证的整个流程
* 分为3个部分,
* 向 Authenticator Server 认证,包括用户名认证,
* 向 Ticket Granting Server 认证,
* 向 提供服务的 Server 认证
* @return
*/
public boolean authentication()throws Exception
{
initClientASSocket(5000);
getKeyFromFile();
if(Step1()){
clientASSocket.close();
initClientTGSSocket(6000);
if(Step2()){
clientTGSSocket.close();
initClientServerSocket(9000);
if(this.Step3()){
pass = true;
return true;
}
}
}
return false;
}
//发送消息方法
public void sendmessage(Object object,ObjectOutputStream outstream)
{
try
{
outstream.writeObject(object);
System.out.println("send a message ok");
}
catch(Exception e)
{
e.printStackTrace();
}
}
//接收信息方法
public Object receivemessage(ObjectInputStream instream)
{
try
{
return instream.readObject();
}
catch(Exception ex)
{
ex.printStackTrace();
}
return null;
}
//通讯
public void talkToServer(String str)
{
try
{
SecretKeySpec sessionKey = new SecretKeySpec(this.subkey1,"AES");
byte[] cipher = AESencrypt(str.getBytes("utf-8"),sessionKey);
System.out.println(new String(cipher,"utf-8"));
System.out.println("..."+cipher.length);
sendmessage(cipher,outstream3);
System.out.println("send a msg Service Server ");
textArea.append("send a msg Service Server\n");
}
catch(Exception e)
{
e.printStackTrace();
}
}
public static void main(String args[]) throws Exception{
Client applocation = new Client();
applocation.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
}
}
⌨️ 快捷键说明
复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?