Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
PojavLauncherTeam
GitHub Repository: PojavLauncherTeam/mobile
 Path: blob/master/src/java.security.jgss/share/classes/sun/security/krb5/KrbAsReq.java
41159 views
1
/*

2
 * Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.

3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

4
 *

5
 * This code is free software; you can redistribute it and/or modify it

6
 * under the terms of the GNU General Public License version 2 only, as

7
 * published by the Free Software Foundation.  Oracle designates this

8
 * particular file as subject to the "Classpath" exception as provided

9
 * by Oracle in the LICENSE file that accompanied this code.

10
 *

11
 * This code is distributed in the hope that it will be useful, but WITHOUT

12
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or

13
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License

14
 * version 2 for more details (a copy is included in the LICENSE file that

15
 * accompanied this code).

16
 *

17
 * You should have received a copy of the GNU General Public License version

18
 * 2 along with this work; if not, write to the Free Software Foundation,

19
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

20
 *

21
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA

22
 * or visit www.oracle.com if you need additional information or have any

23
 * questions.

24
 */

25


26
/*

27
 *

28
 *  (C) Copyright IBM Corp. 1999 All Rights Reserved.

29
 *  Copyright 1997 The Open Group Research Institute.  All rights reserved.

30
 */

31


32
package sun.security.krb5;

33


34
import sun.security.krb5.internal.*;

35
import sun.security.krb5.internal.crypto.Nonce;

36
import sun.security.krb5.internal.crypto.KeyUsage;

37
import java.io.IOException;

38
import java.time.Instant;

39
import java.util.Arrays;

40


41
/**

42
 * This class encapsulates the KRB-AS-REQ message that the client

43
 * sends to the KDC.

44
 */

45
public class KrbAsReq {

46
    private ASReq asReqMessg;

47


48
    private boolean DEBUG = Krb5.DEBUG;

49


50
    /**

51
     * Constructs an AS-REQ message.

52
     */

53
                                                // Can be null? has default?

54
    public KrbAsReq(EncryptionKey pakey,        // ok

55
                      KDCOptions options,       // ok, new KDCOptions()

56
                      PrincipalName cname,      // NO and must have realm

57
                      PrincipalName sname,      // ok, krgtgt@CREALM

58
                      KerberosTime from,        // ok

59
                      KerberosTime till,        // ok, will use

60
                      KerberosTime rtime,       // ok

61
                      int[] eTypes,             // NO

62
                      HostAddresses addresses,  // ok

63
                      PAData[] extraPAs         // ok

64
                      )

65
            throws KrbException, IOException {

66


67
        if (options == null) {

68
            options = new KDCOptions();

69
        }

70
        // check if they are valid arguments. The optional fields should be

71
        // consistent with settings in KDCOptions. Mar 17 2000

72
        if (options.get(KDCOptions.FORWARDED) ||

73
            options.get(KDCOptions.PROXY) ||

74
            options.get(KDCOptions.ENC_TKT_IN_SKEY) ||

75
            options.get(KDCOptions.RENEW) ||

76
            options.get(KDCOptions.VALIDATE)) {

77
            // this option is only specified in a request to the

78
            // ticket-granting server

79
            throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS);

80
        }

81
        if (options.get(KDCOptions.POSTDATED)) {

82
            //  if (from == null)

83
            //          throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS);

84
        } else {

85
            if (from != null)  from = null;

86
        }

87


88
        PAData[] paData = null;

89
        if (pakey != null) {

90
            PAEncTSEnc ts = new PAEncTSEnc();

91
            byte[] temp = ts.asn1Encode();

92
            EncryptedData encTs = new EncryptedData(pakey, temp,

93
                KeyUsage.KU_PA_ENC_TS);

94
            paData = new PAData[1];

95
            paData[0] = new PAData( Krb5.PA_ENC_TIMESTAMP,

96
                                    encTs.asn1Encode());

97
        }

98
        if (extraPAs != null && extraPAs.length > 0) {

99
            if (paData == null) {

100
                paData = new PAData[extraPAs.length];

101
            } else {

102
                paData = Arrays.copyOf(paData, paData.length + extraPAs.length);

103
            }

104
            System.arraycopy(extraPAs, 0, paData,

105
                    paData.length - extraPAs.length, extraPAs.length);

106
        }

107


108
        if (cname.getRealm() == null) {

109
            throw new RealmException(Krb5.REALM_NULL,

110
                                     "default realm not specified ");

111
        }

112


113
        if (DEBUG) {

114
            System.out.println(">>> KrbAsReq creating message");

115
        }

116


117
        Config cfg = Config.getInstance();

118


119
        // check to use addresses in tickets

120
        if (addresses == null && cfg.useAddresses()) {

121
            addresses = HostAddresses.getLocalAddresses();

122
        }

123


124
        if (sname == null) {

125
            String realm = cname.getRealmAsString();

126
            sname = PrincipalName.tgsService(realm, realm);

127
        }

128


129
        if (till == null) {

130
            String d = cfg.get("libdefaults", "ticket_lifetime");

131
            if (d != null) {

132
                till = new KerberosTime(Instant.now().plusSeconds(Config.duration(d)));

133
            } else {

134
                till = new KerberosTime(0); // Choose KDC maximum allowed

135
            }

136
        }

137


138
        if (rtime == null) {

139
            String d = cfg.get("libdefaults", "renew_lifetime");

140
            if (d != null) {

141
                rtime = new KerberosTime(Instant.now().plusSeconds(Config.duration(d)));

142
            }

143
        }

144


145
        if (rtime != null) {

146
            options.set(KDCOptions.RENEWABLE, true);

147
            if (till.greaterThan(rtime)) {

148
                rtime = till;

149
            }

150
        }

151


152
        // enc-authorization-data and additional-tickets never in AS-REQ

153
        KDCReqBody kdc_req_body = new KDCReqBody(options,

154
                                                 cname,

155
                                                 sname,

156
                                                 from,

157
                                                 till,

158
                                                 rtime,

159
                                                 Nonce.value(),

160
                                                 eTypes,

161
                                                 addresses,

162
                                                 null,

163
                                                 null);

164


165
        asReqMessg = new ASReq(

166
                         paData,

167
                         kdc_req_body);

168
    }

169


170
    byte[] encoding() throws IOException, Asn1Exception {

171
        return asReqMessg.asn1Encode();

172
    }

173


174
    // Used by KrbAsRep to validate AS-REP

175
    ASReq getMessage() {

176
        return asReqMessg;

177
    }

178
}

179


180