< prev index next >

src/java.security.jgss/share/classes/sun/security/krb5/KrbTgsReq.java

Print this page

        

@@ -1,7 +1,7 @@
 /*
- * Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License version 2 only, as
  * published by the Free Software Foundation.  Oracle designates this

@@ -34,11 +34,10 @@
 import sun.security.krb5.internal.*;
 import sun.security.krb5.internal.crypto.*;
 import java.io.IOException;
 import java.net.UnknownHostException;
 import java.time.Instant;
-import java.util.Arrays;
 
 /**
  * This class encapsulates a Kerberos TGS-REQ that is sent from the
  * client to the KDC.
  */

@@ -56,27 +55,63 @@
 
     private byte[] obuf;
     private byte[] ibuf;
 
     // Used in CredentialsUtil
-    public KrbTgsReq(KDCOptions options, Credentials asCreds,
-            PrincipalName cname, PrincipalName sname,
-            Ticket[] additionalTickets, PAData[] extraPAs)
+    public KrbTgsReq(Credentials asCreds,
+                     PrincipalName sname)
         throws KrbException, IOException {
-        this(options,
-             asCreds,
-             cname,
-             sname,
-             null, // KerberosTime from
-             null, // KerberosTime till
-             null, // KerberosTime rtime
-             null, // int[] eTypes
-             null, // HostAddresses addresses
-             null, // AuthorizationData authorizationData
-             additionalTickets,
-             null, // EncryptionKey subKey
-             extraPAs);
+        this(new KDCOptions(),
+            asCreds,
+            sname,
+            null, // KerberosTime from
+            null, // KerberosTime till
+            null, // KerberosTime rtime
+            null, // eTypes, // null, // int[] eTypes
+            null, // HostAddresses addresses
+            null, // AuthorizationData authorizationData
+            null, // Ticket[] additionalTickets
+            null); // EncryptionKey subSessionKey
+    }
+
+    // S4U2proxy
+    public KrbTgsReq(Credentials asCreds,
+                     Ticket second,
+                     PrincipalName sname)
+            throws KrbException, IOException {
+        this(KDCOptions.with(KDCOptions.CNAME_IN_ADDL_TKT,
+                KDCOptions.FORWARDABLE),
+            asCreds,
+            sname,
+            null,
+            null,
+            null,
+            null,
+            null,
+            null,
+            new Ticket[] {second}, // the service ticket
+            null);
+    }
+
+    // S4U2user
+    public KrbTgsReq(Credentials asCreds,
+                     PrincipalName sname,
+                     PAData extraPA)
+        throws KrbException, IOException {
+        this(KDCOptions.with(KDCOptions.FORWARDABLE),
+            asCreds,
+            asCreds.getClient(),
+            sname,
+            null,
+            null,
+            null,
+            null,
+            null,
+            null,
+            null,
+            null,
+            extraPA); // the PA-FOR-USER
     }
 
     // Called by Credentials, KrbCred
     KrbTgsReq(
             KDCOptions options,

@@ -106,11 +141,11 @@
             int[] eTypes,
             HostAddresses addresses,
             AuthorizationData authorizationData,
             Ticket[] additionalTickets,
             EncryptionKey subKey,
-            PAData[] extraPAs) throws KrbException, IOException {
+            PAData extraPA) throws KrbException, IOException {
 
         princName = cname;
         servName = sname;
         ctime = KerberosTime.now();
 

@@ -179,11 +214,11 @@
                 eTypes,
                 addresses,
                 authorizationData,
                 additionalTickets,
                 subKey,
-                extraPAs);
+                extraPA);
         obuf = tgsReqMessg.asn1Encode();
 
         // XXX We need to revisit this to see if can't move it
         // up such that FORWARDED flag set in the options
         // is included in the marshaled request.

@@ -245,11 +280,11 @@
                          int[] eTypes,
                          HostAddresses addresses,
                          AuthorizationData authorizationData,
                          Ticket[] additionalTickets,
                          EncryptionKey subKey,
-                         PAData[] extraPAs)
+                         PAData extraPA)
         throws IOException, KrbException, UnknownHostException {
         KerberosTime req_till = null;
         if (till == null) {
             String d = Config.getInstance().get("libdefaults", "ticket_lifetime");
             if (d != null) {

@@ -345,18 +380,15 @@
                                          reqKey,
                                          null,
                                          null).getMessage();
 
         PAData tgsPAData = new PAData(Krb5.PA_TGS_REQ, tgs_ap_req);
-        PAData[] pa;
-        if (extraPAs != null) {
-            pa = Arrays.copyOf(extraPAs, extraPAs.length + 1);
-            pa[extraPAs.length] = tgsPAData;
-        } else {
-            pa = new PAData[] {tgsPAData};
-        }
-        return new TGSReq(pa, reqBody);
+        return new TGSReq(
+                extraPA != null ?
+                    new PAData[] {extraPA, tgsPAData } :
+                    new PAData[] {tgsPAData},
+                reqBody);
     }
 
     TGSReq getMessage() {
         return tgsReqMessg;
     }
< prev index next >