< prev index next >

src/java.security.jgss/share/classes/sun/security/krb5/KrbAsReq.java

Print this page


   1 /*
   2  * Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.  Oracle designates this
   8  * particular file as subject to the "Classpath" exception as provided
   9  * by Oracle in the LICENSE file that accompanied this code.
  10  *
  11  * This code is distributed in the hope that it will be useful, but WITHOUT
  12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any
  23  * questions.
  24  */
  25 
  26 /*
  27  *
  28  *  (C) Copyright IBM Corp. 1999 All Rights Reserved.
  29  *  Copyright 1997 The Open Group Research Institute.  All rights reserved.
  30  */
  31 
  32 package sun.security.krb5;
  33 
  34 import sun.security.krb5.internal.*;
  35 import sun.security.krb5.internal.crypto.Nonce;
  36 import sun.security.krb5.internal.crypto.KeyUsage;
  37 import java.io.IOException;
  38 import java.time.Instant;
  39 import java.util.Arrays;
  40 
  41 /**
  42  * This class encapsulates the KRB-AS-REQ message that the client
  43  * sends to the KDC.
  44  */
  45 public class KrbAsReq {
  46     private ASReq asReqMessg;
  47 
  48     private boolean DEBUG = Krb5.DEBUG;
  49 
  50     /**
  51      * Constructs an AS-REQ message.
  52      */
  53                                                 // Can be null? has default?
  54     public KrbAsReq(EncryptionKey pakey,        // ok
  55                       KDCOptions options,       // ok, new KDCOptions()
  56                       PrincipalName cname,      // NO and must have realm
  57                       PrincipalName sname,      // ok, krgtgt@CREALM
  58                       KerberosTime from,        // ok
  59                       KerberosTime till,        // ok, will use
  60                       KerberosTime rtime,       // ok
  61                       int[] eTypes,             // NO
  62                       HostAddresses addresses,  // ok
  63                       PAData[] extraPAs         // ok
  64                       )
  65             throws KrbException, IOException {
  66 
  67         if (options == null) {
  68             options = new KDCOptions();
  69         }
  70         // check if they are valid arguments. The optional fields should be
  71         // consistent with settings in KDCOptions. Mar 17 2000
  72         if (options.get(KDCOptions.FORWARDED) ||
  73             options.get(KDCOptions.PROXY) ||
  74             options.get(KDCOptions.ENC_TKT_IN_SKEY) ||
  75             options.get(KDCOptions.RENEW) ||
  76             options.get(KDCOptions.VALIDATE)) {
  77             // this option is only specified in a request to the
  78             // ticket-granting server
  79             throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS);
  80         }
  81         if (options.get(KDCOptions.POSTDATED)) {
  82             //  if (from == null)
  83             //          throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS);
  84         } else {
  85             if (from != null)  from = null;
  86         }
  87 
  88         PAData[] paData = null;
  89         if (pakey != null) {
  90             PAEncTSEnc ts = new PAEncTSEnc();
  91             byte[] temp = ts.asn1Encode();
  92             EncryptedData encTs = new EncryptedData(pakey, temp,
  93                 KeyUsage.KU_PA_ENC_TS);
  94             paData = new PAData[1];
  95             paData[0] = new PAData( Krb5.PA_ENC_TIMESTAMP,
  96                                     encTs.asn1Encode());
  97         }
  98         if (extraPAs != null && extraPAs.length > 0) {
  99             if (paData == null) {
 100                 paData = new PAData[extraPAs.length];
 101             } else {
 102                 paData = Arrays.copyOf(paData, paData.length + extraPAs.length);
 103             }
 104             System.arraycopy(extraPAs, 0, paData,
 105                     paData.length - extraPAs.length, extraPAs.length);
 106         }
 107 
 108         if (cname.getRealm() == null) {
 109             throw new RealmException(Krb5.REALM_NULL,
 110                                      "default realm not specified ");
 111         }
 112 
 113         if (DEBUG) {
 114             System.out.println(">>> KrbAsReq creating message");
 115         }
 116 
 117         Config cfg = Config.getInstance();
 118 
 119         // check to use addresses in tickets
 120         if (addresses == null && cfg.useAddresses()) {
 121             addresses = HostAddresses.getLocalAddresses();
 122         }
 123 
 124         if (sname == null) {
 125             String realm = cname.getRealmAsString();


   1 /*
   2  * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.  Oracle designates this
   8  * particular file as subject to the "Classpath" exception as provided
   9  * by Oracle in the LICENSE file that accompanied this code.
  10  *
  11  * This code is distributed in the hope that it will be useful, but WITHOUT
  12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any
  23  * questions.
  24  */
  25 
  26 /*
  27  *
  28  *  (C) Copyright IBM Corp. 1999 All Rights Reserved.
  29  *  Copyright 1997 The Open Group Research Institute.  All rights reserved.
  30  */
  31 
  32 package sun.security.krb5;
  33 
  34 import sun.security.krb5.internal.*;
  35 import sun.security.krb5.internal.crypto.Nonce;
  36 import sun.security.krb5.internal.crypto.KeyUsage;
  37 import java.io.IOException;
  38 import java.time.Instant;

  39 
  40 /**
  41  * This class encapsulates the KRB-AS-REQ message that the client
  42  * sends to the KDC.
  43  */
  44 public class KrbAsReq {
  45     private ASReq asReqMessg;
  46 
  47     private boolean DEBUG = Krb5.DEBUG;
  48 
  49     /**
  50      * Constructs an AS-REQ message.
  51      */
  52                                                 // Can be null? has default?
  53     public KrbAsReq(EncryptionKey pakey,        // ok
  54                       KDCOptions options,       // ok, new KDCOptions()
  55                       PrincipalName cname,      // NO and must have realm
  56                       PrincipalName sname,      // ok, krgtgt@CREALM
  57                       KerberosTime from,        // ok
  58                       KerberosTime till,        // ok, will use
  59                       KerberosTime rtime,       // ok
  60                       int[] eTypes,             // NO
  61                       HostAddresses addresses   // ok

  62                       )
  63             throws KrbException, IOException {
  64 
  65         if (options == null) {
  66             options = new KDCOptions();
  67         }
  68         // check if they are valid arguments. The optional fields should be
  69         // consistent with settings in KDCOptions. Mar 17 2000
  70         if (options.get(KDCOptions.FORWARDED) ||
  71             options.get(KDCOptions.PROXY) ||
  72             options.get(KDCOptions.ENC_TKT_IN_SKEY) ||
  73             options.get(KDCOptions.RENEW) ||
  74             options.get(KDCOptions.VALIDATE)) {
  75             // this option is only specified in a request to the
  76             // ticket-granting server
  77             throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS);
  78         }
  79         if (options.get(KDCOptions.POSTDATED)) {
  80             //  if (from == null)
  81             //          throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS);
  82         } else {
  83             if (from != null)  from = null;
  84         }
  85 
  86         PAData[] paData = null;
  87         if (pakey != null) {
  88             PAEncTSEnc ts = new PAEncTSEnc();
  89             byte[] temp = ts.asn1Encode();
  90             EncryptedData encTs = new EncryptedData(pakey, temp,
  91                 KeyUsage.KU_PA_ENC_TS);
  92             paData = new PAData[1];
  93             paData[0] = new PAData( Krb5.PA_ENC_TIMESTAMP,
  94                                     encTs.asn1Encode());









  95         }
  96 
  97         if (cname.getRealm() == null) {
  98             throw new RealmException(Krb5.REALM_NULL,
  99                                      "default realm not specified ");
 100         }
 101 
 102         if (DEBUG) {
 103             System.out.println(">>> KrbAsReq creating message");
 104         }
 105 
 106         Config cfg = Config.getInstance();
 107 
 108         // check to use addresses in tickets
 109         if (addresses == null && cfg.useAddresses()) {
 110             addresses = HostAddresses.getLocalAddresses();
 111         }
 112 
 113         if (sname == null) {
 114             String realm = cname.getRealmAsString();


< prev index next >