Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
PojavLauncherTeam
GitHub Repository: PojavLauncherTeam/mobile
 Path: blob/master/src/java.security.jgss/share/classes/sun/security/jgss/krb5/Krb5Util.java
41161 views
1
/*

2
 * Copyright (c) 2003, 2021, Oracle and/or its affiliates. All rights reserved.

3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

4
 *

5
 * This code is free software; you can redistribute it and/or modify it

6
 * under the terms of the GNU General Public License version 2 only, as

7
 * published by the Free Software Foundation.  Oracle designates this

8
 * particular file as subject to the "Classpath" exception as provided

9
 * by Oracle in the LICENSE file that accompanied this code.

10
 *

11
 * This code is distributed in the hope that it will be useful, but WITHOUT

12
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or

13
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License

14
 * version 2 for more details (a copy is included in the LICENSE file that

15
 * accompanied this code).

16
 *

17
 * You should have received a copy of the GNU General Public License version

18
 * 2 along with this work; if not, write to the Free Software Foundation,

19
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

20
 *

21
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA

22
 * or visit www.oracle.com if you need additional information or have any

23
 * questions.

24
 */

25


26
package sun.security.jgss.krb5;

27


28
import javax.security.auth.kerberos.KerberosTicket;

29
import javax.security.auth.kerberos.KerberosPrincipal;

30
import javax.security.auth.kerberos.KeyTab;

31
import javax.security.auth.Subject;

32
import javax.security.auth.login.LoginException;

33
import java.security.AccessControlContext;

34


35
import sun.security.action.GetBooleanAction;

36
import sun.security.jgss.GSSUtil;

37
import sun.security.jgss.GSSCaller;

38


39
import sun.security.krb5.Credentials;

40
import sun.security.krb5.EncryptionKey;

41
import sun.security.krb5.KrbException;

42
import java.io.IOException;

43
import sun.security.krb5.KerberosSecrets;

44
import sun.security.krb5.PrincipalName;

45


46
/**

47
 * Utilities for obtaining and converting Kerberos tickets.

48
 */

49
public class Krb5Util {

50


51
    static final boolean DEBUG = GetBooleanAction

52
            .privilegedGetProperty("sun.security.krb5.debug");

53


54
    /**

55
     * Default constructor

56
     */

57
    private Krb5Util() {  // Cannot create one of these

58
    }

59


60
    /**

61
     * Retrieves the ticket corresponding to the client/server principal

62
     * pair from the Subject in the specified AccessControlContext.

63
     */

64
    static KerberosTicket getServiceTicket(GSSCaller caller,

65
        String clientPrincipal, String serverPrincipal,

66
        @SuppressWarnings("removal") AccessControlContext acc) throws LoginException {

67


68
        // Try to get ticket from acc's Subject

69
        @SuppressWarnings("removal")

70
        Subject accSubj = Subject.getSubject(acc);

71
        KerberosTicket ticket =

72
            SubjectComber.find(accSubj, serverPrincipal, clientPrincipal,

73
                  KerberosTicket.class);

74


75
        return ticket;

76
    }

77


78
    /**

79
     * Retrieves the initial TGT corresponding to the client principal

80
     * from the Subject in the specified AccessControlContext.

81
     * If the ticket can not be found in the Subject, and if

82
     * useSubjectCredsOnly is false, then obtain ticket from

83
     * a LoginContext.

84
     */

85
    static KerberosTicket getInitialTicket(GSSCaller caller,

86
            String clientPrincipal,

87
            @SuppressWarnings("removal") AccessControlContext acc) throws LoginException {

88


89
        // Try to get ticket from acc's Subject

90
        @SuppressWarnings("removal")

91
        Subject accSubj = Subject.getSubject(acc);

92
        KerberosTicket ticket =

93
                SubjectComber.find(accSubj, null, clientPrincipal,

94
                        KerberosTicket.class);

95


96
        // Try to get ticket from Subject obtained from GSSUtil

97
        if (ticket == null && !GSSUtil.useSubjectCredsOnly(caller)) {

98
            Subject subject = GSSUtil.login(caller, GSSUtil.GSS_KRB5_MECH_OID);

99
            ticket = SubjectComber.find(subject,

100
                    null, clientPrincipal, KerberosTicket.class);

101
        }

102
        return ticket;

103
    }

104


105
    /**

106
     * Retrieves the ServiceCreds for the specified server principal from

107
     * the Subject in the specified AccessControlContext. If not found, and if

108
     * useSubjectCredsOnly is false, then obtain from a LoginContext.

109
     *

110
     * NOTE: This method is also used by JSSE Kerberos Cipher Suites

111
     */

112
    public static ServiceCreds getServiceCreds(GSSCaller caller,

113
        String serverPrincipal, @SuppressWarnings("removal") AccessControlContext acc)

114
                throws LoginException {

115


116
        @SuppressWarnings("removal")

117
        Subject accSubj = Subject.getSubject(acc);

118
        ServiceCreds sc = null;

119
        if (accSubj != null) {

120
            sc = ServiceCreds.getInstance(accSubj, serverPrincipal);

121
        }

122
        if (sc == null && !GSSUtil.useSubjectCredsOnly(caller)) {

123
            Subject subject = GSSUtil.login(caller, GSSUtil.GSS_KRB5_MECH_OID);

124
            sc = ServiceCreds.getInstance(subject, serverPrincipal);

125
        }

126
        return sc;

127
    }

128


129
    public static KerberosTicket credsToTicket(Credentials serviceCreds) {

130
        EncryptionKey sessionKey =  serviceCreds.getSessionKey();

131
        KerberosTicket kt = new KerberosTicket(

132
            serviceCreds.getEncoded(),

133
            new KerberosPrincipal(serviceCreds.getClient().getName()),

134
            new KerberosPrincipal(serviceCreds.getServer().getName(),

135
                                KerberosPrincipal.KRB_NT_SRV_INST),

136
            sessionKey.getBytes(),

137
            sessionKey.getEType(),

138
            serviceCreds.getFlags(),

139
            serviceCreds.getAuthTime(),

140
            serviceCreds.getStartTime(),

141
            serviceCreds.getEndTime(),

142
            serviceCreds.getRenewTill(),

143
            serviceCreds.getClientAddresses());

144
        PrincipalName clientAlias = serviceCreds.getClientAlias();

145
        PrincipalName serverAlias = serviceCreds.getServerAlias();

146
        if (clientAlias != null) {

147
            KerberosSecrets.getJavaxSecurityAuthKerberosAccess()

148
                    .kerberosTicketSetClientAlias(kt, new KerberosPrincipal(

149
                            clientAlias.getName(), clientAlias.getNameType()));

150
        }

151
        if (serverAlias != null) {

152
            KerberosSecrets.getJavaxSecurityAuthKerberosAccess()

153
                    .kerberosTicketSetServerAlias(kt, new KerberosPrincipal(

154
                            serverAlias.getName(), serverAlias.getNameType()));

155
        }

156
        return kt;

157
    };

158


159
    public static Credentials ticketToCreds(KerberosTicket kerbTicket)

160
            throws KrbException, IOException {

161
        KerberosPrincipal clientAlias = KerberosSecrets

162
                .getJavaxSecurityAuthKerberosAccess()

163
                .kerberosTicketGetClientAlias(kerbTicket);

164
        KerberosPrincipal serverAlias = KerberosSecrets

165
                .getJavaxSecurityAuthKerberosAccess()

166
                .kerberosTicketGetServerAlias(kerbTicket);

167
        return new Credentials(

168
            kerbTicket.getEncoded(),

169
            kerbTicket.getClient().getName(),

170
            (clientAlias != null ? clientAlias.getName() : null),

171
            kerbTicket.getServer().getName(),

172
            (serverAlias != null ? serverAlias.getName() : null),

173
            kerbTicket.getSessionKey().getEncoded(),

174
            kerbTicket.getSessionKeyType(),

175
            kerbTicket.getFlags(),

176
            kerbTicket.getAuthTime(),

177
            kerbTicket.getStartTime(),

178
            kerbTicket.getEndTime(),

179
            kerbTicket.getRenewTill(),

180
            kerbTicket.getClientAddresses());

181
    }

182


183
    /**

184
     * A helper method to get a sun..KeyTab from a javax..KeyTab

185
     * @param ktab the javax..KeyTab object

186
     * @return the sun..KeyTab object

187
     */

188
    public static sun.security.krb5.internal.ktab.KeyTab

189
            snapshotFromJavaxKeyTab(KeyTab ktab) {

190
        return KerberosSecrets.getJavaxSecurityAuthKerberosAccess()

191
                .keyTabTakeSnapshot(ktab);

192
    }

193


194
    /**

195
     * A helper method to get EncryptionKeys from a javax..KeyTab

196
     * @param ktab the javax..KeyTab object

197
     * @param cname the PrincipalName

198
     * @return the EKeys, never null, might be empty

199
     */

200
    public static EncryptionKey[] keysFromJavaxKeyTab(

201
            KeyTab ktab, PrincipalName cname) {

202
        return snapshotFromJavaxKeyTab(ktab).readServiceKeys(cname);

203
    }

204
}

205


206