Path: blob/master/src/java.security.jgss/share/classes/sun/security/jgss/krb5/AcceptSecContextToken.java
41161 views
/*1* Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation. Oracle designates this7* particular file as subject to the "Classpath" exception as provided8* by Oracle in the LICENSE file that accompanied this code.9*10* This code is distributed in the hope that it will be useful, but WITHOUT11* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or12* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License13* version 2 for more details (a copy is included in the LICENSE file that14* accompanied this code).15*16* You should have received a copy of the GNU General Public License version17* 2 along with this work; if not, write to the Free Software Foundation,18* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.19*20* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA21* or visit www.oracle.com if you need additional information or have any22* questions.23*/2425package sun.security.jgss.krb5;2627import org.ietf.jgss.*;28import java.io.InputStream;29import java.io.IOException;3031import sun.security.action.GetBooleanAction;32import sun.security.krb5.*;3334class AcceptSecContextToken extends InitialToken {3536private KrbApRep apRep = null;3738/**39* Creates an AcceptSecContextToken for the context acceptor to send to40* the context initiator.41*/42public AcceptSecContextToken(Krb5Context context,43KrbApReq apReq)44throws KrbException, IOException, GSSException {4546boolean useSubkey = GetBooleanAction47.privilegedGetProperty("sun.security.krb5.acceptor.subkey");4849boolean useSequenceNumber = true;5051EncryptionKey subKey = null;52if (useSubkey) {53subKey = new EncryptionKey(apReq.getCreds().getSessionKey());54context.setKey(Krb5Context.ACCEPTOR_SUBKEY, subKey);55}56apRep = new KrbApRep(apReq, useSequenceNumber, subKey);5758context.resetMySequenceNumber(apRep.getSeqNumber().intValue());5960/*61* Note: The acceptor side context key was set when the62* InitSecContextToken was received.63*/64}6566/**67* Creates an AcceptSecContextToken at the context initiator's side68* using the bytes received from the acceptor.69*/70public AcceptSecContextToken(Krb5Context context,71Credentials serviceCreds, KrbApReq apReq,72InputStream is)73throws IOException, GSSException, KrbException {7475int tokenId = ((is.read()<<8) | is.read());7677if (tokenId != Krb5Token.AP_REP_ID)78throw new GSSException(GSSException.DEFECTIVE_TOKEN, -1,79"AP_REP token id does not match!");8081byte[] apRepBytes =82new sun.security.util.DerValue(is).toByteArray();8384KrbApRep apRep = new KrbApRep(apRepBytes, serviceCreds, apReq);8586/*87* Allow the context acceptor to set a subkey if desired, even88* though our context acceptor will not do so.89*/90EncryptionKey subKey = apRep.getSubKey();91if (subKey != null) {92context.setKey(Krb5Context.ACCEPTOR_SUBKEY, subKey);93/*94System.out.println("\n\nSub-Session key from AP-REP is: " +95getHexBytes(subKey.getBytes()) + "\n");96*/97}9899Integer apRepSeqNumber = apRep.getSeqNumber();100int peerSeqNumber = (apRepSeqNumber != null ?101apRepSeqNumber.intValue() :1020);103context.resetPeerSequenceNumber(peerSeqNumber);104}105106public final byte[] encode() throws IOException {107byte[] apRepBytes = apRep.getMessage();108byte[] retVal = new byte[2 + apRepBytes.length];109writeInt(Krb5Token.AP_REP_ID, retVal, 0);110System.arraycopy(apRepBytes, 0, retVal, 2, apRepBytes.length);111return retVal;112}113}114115116