Path: blob/master/src/java.security.jgss/share/classes/sun/security/krb5/KrbApRep.java
41159 views
/*1* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation. Oracle designates this7* particular file as subject to the "Classpath" exception as provided8* by Oracle in the LICENSE file that accompanied this code.9*10* This code is distributed in the hope that it will be useful, but WITHOUT11* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or12* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License13* version 2 for more details (a copy is included in the LICENSE file that14* accompanied this code).15*16* You should have received a copy of the GNU General Public License version17* 2 along with this work; if not, write to the Free Software Foundation,18* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.19*20* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA21* or visit www.oracle.com if you need additional information or have any22* questions.23*/2425/*26*27* (C) Copyright IBM Corp. 1999 All Rights Reserved.28* Copyright 1997 The Open Group Research Institute. All rights reserved.29*/3031package sun.security.krb5;3233import sun.security.krb5.internal.*;34import sun.security.krb5.internal.crypto.KeyUsage;35import sun.security.util.*;36import java.io.IOException;3738/**39* This class encapsulates a KRB-AP-REP sent from the service to the40* client.41*/42public class KrbApRep {43private byte[] obuf;44private byte[] ibuf;45private EncAPRepPart encPart; // although in plain text46private APRep apRepMessg;4748/**49* Constructs a KRB-AP-REP to send to a client.50* @throws KrbException51* @throws IOException52*/53// Used in AcceptSecContextToken54public KrbApRep(KrbApReq incomingReq,55boolean useSeqNumber,56EncryptionKey subKey)57throws KrbException, IOException {5859SeqNumber seqNum = new LocalSeqNumber();6061init(incomingReq, subKey, seqNum);62}6364/**65* Constructs a KRB-AP-REQ from the bytes received from a service.66* @throws KrbException67* @throws IOException68*/69// Used in AcceptSecContextToken70public KrbApRep(byte[] message, Credentials tgtCreds,71KrbApReq outgoingReq) throws KrbException, IOException {72this(message, tgtCreds);73authenticate(outgoingReq);74}7576private void init(KrbApReq apReq,77EncryptionKey subKey,78SeqNumber seqNumber)79throws KrbException, IOException {80createMessage(81apReq.getCreds().key,82apReq.getCtime(),83apReq.cusec(),84subKey,85seqNumber);86obuf = apRepMessg.asn1Encode();87}888990/**91* Constructs a KrbApRep object.92* @param msg a byte array of reply message.93* @param tgs_creds client's credential.94* @exception KrbException95* @exception IOException96*/97private KrbApRep(byte[] msg, Credentials tgs_creds)98throws KrbException, IOException {99this(new DerValue(msg), tgs_creds);100}101102/**103* Constructs a KrbApRep object.104* @param msg a byte array of reply message.105* @param tgs_creds client's credential.106* @exception KrbException107* @exception IOException108*/109private KrbApRep(DerValue encoding, Credentials tgs_creds)110throws KrbException, IOException {111APRep rep = null;112try {113rep = new APRep(encoding);114} catch (Asn1Exception e) {115rep = null;116KRBError err = new KRBError(encoding);117String errStr = err.getErrorString();118String eText;119if (errStr.charAt(errStr.length() - 1) == 0)120eText = errStr.substring(0, errStr.length() - 1);121else122eText = errStr;123KrbException ke = new KrbException(err.getErrorCode(), eText);124ke.initCause(e);125throw ke;126}127128byte[] temp = rep.encPart.decrypt(tgs_creds.key,129KeyUsage.KU_ENC_AP_REP_PART);130byte[] enc_ap_rep_part = rep.encPart.reset(temp);131132encoding = new DerValue(enc_ap_rep_part);133encPart = new EncAPRepPart(encoding);134}135136private void authenticate(KrbApReq apReq)137throws KrbException, IOException {138if (encPart.ctime.getSeconds() != apReq.getCtime().getSeconds() ||139encPart.cusec != apReq.getCtime().getMicroSeconds())140throw new KrbApErrException(Krb5.KRB_AP_ERR_MUT_FAIL);141}142143144/**145* Returns the optional subkey stored in146* this message. Returns null if none is stored.147*/148public EncryptionKey getSubKey() {149// XXX Can encPart be null150return encPart.getSubKey();151152}153154/**155* Returns the optional sequence number stored in the156* this message. Returns null if none is stored.157*/158public Integer getSeqNumber() {159// XXX Can encPart be null160return encPart.getSeqNumber();161}162163/**164* Returns the ASN.1 encoding that should be sent to the peer.165*/166public byte[] getMessage() {167return obuf;168}169170private void createMessage(171EncryptionKey key,172KerberosTime ctime,173int cusec,174EncryptionKey subKey,175SeqNumber seqNumber)176throws Asn1Exception, IOException,177KdcErrException, KrbCryptoException {178179Integer seqno = null;180181if (seqNumber != null)182seqno = seqNumber.current();183184encPart = new EncAPRepPart(ctime,185cusec,186subKey,187seqno);188189byte[] encPartEncoding = encPart.asn1Encode();190191EncryptedData encEncPart = new EncryptedData(key, encPartEncoding,192KeyUsage.KU_ENC_AP_REP_PART);193194apRepMessg = new APRep(encEncPart);195}196197}198199200