Path: blob/master/src/java.security.jgss/share/classes/sun/security/krb5/KrbAppMessage.java
41159 views
/*1* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.2*3* This code is free software; you can redistribute it and/or modify it4* under the terms of the GNU General Public License version 2 only, as5* published by the Free Software Foundation. Oracle designates this6* particular file as subject to the "Classpath" exception as provided7* by Oracle in the LICENSE file that accompanied this code.8*9* This code is distributed in the hope that it will be useful, but WITHOUT10* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or11* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License12* version 2 for more details (a copy is included in the LICENSE file that13* accompanied this code).14*15* You should have received a copy of the GNU General Public License version16* 2 along with this work; if not, write to the Free Software Foundation,17* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.18*19* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA20* or visit www.oracle.com if you need additional information or have any21* questions.22*/2324/*25*26* (C) Copyright IBM Corp. 1999 All Rights Reserved.27* Copyright 1997 The Open Group Research Institute. All rights reserved.28*/2930package sun.security.krb5;3132import sun.security.krb5.internal.*;3334abstract class KrbAppMessage {3536private static boolean DEBUG = Krb5.DEBUG;37/**38* Common checks for KRB-PRIV and KRB-SAFE39*/40void check(KerberosTime packetTimestamp,41Integer packetUsec,42Integer packetSeqNumber,43HostAddress packetSAddress,44HostAddress packetRAddress,45SeqNumber seqNumber,46HostAddress sAddress,47HostAddress rAddress,48boolean timestampRequired,49boolean seqNumberRequired,50PrincipalName packetPrincipal)51throws KrbApErrException {5253if (!Krb5.AP_EMPTY_ADDRESSES_ALLOWED || sAddress != null) {54if (packetSAddress == null || sAddress == null ||55!packetSAddress.equals(sAddress)) {56if (DEBUG && packetSAddress == null) {57System.out.println("packetSAddress is null");58}59if (DEBUG && sAddress == null) {60System.out.println("sAddress is null");61}62throw new KrbApErrException(Krb5.KRB_AP_ERR_BADADDR);63}64}6566if (!Krb5.AP_EMPTY_ADDRESSES_ALLOWED || rAddress != null) {67if (packetRAddress == null || rAddress == null ||68!packetRAddress.equals(rAddress))69throw new KrbApErrException(Krb5.KRB_AP_ERR_BADADDR);70}7172if (packetTimestamp != null) {73if (packetUsec != null) {74packetTimestamp =75packetTimestamp.withMicroSeconds(packetUsec.intValue());76}77if (!packetTimestamp.inClockSkew()) {78throw new KrbApErrException(Krb5.KRB_AP_ERR_SKEW);79}80} else {81if (timestampRequired) {82throw new KrbApErrException(Krb5.KRB_AP_ERR_SKEW);83}84}8586// XXX check replay cache87// if (rcache.repeated(packetTimestamp, packetUsec, packetSAddress))88// throw new KrbApErrException(Krb5.KRB_AP_ERR_REPEAT);8990// XXX consider moving up to api level91if (seqNumber == null && seqNumberRequired == true)92throw new KrbApErrException(Krb5.API_INVALID_ARG);9394if (packetSeqNumber != null && seqNumber != null) {95if (packetSeqNumber.intValue() != seqNumber.current())96throw new KrbApErrException(Krb5.KRB_AP_ERR_BADORDER);97// should be done only when no more exceptions are possible98seqNumber.step();99} else {100if (seqNumberRequired) {101throw new KrbApErrException(Krb5.KRB_AP_ERR_BADORDER);102}103}104105// Must not be relaxed, per RFC 4120106if (packetTimestamp == null && packetSeqNumber == null)107throw new KrbApErrException(Krb5.KRB_AP_ERR_MODIFIED);108109// XXX check replay cache110// rcache.save_identifier(packetTimestamp, packetUsec, packetSAddress,111// packetPrincipal, pcaketRealm);112}113114}115116117