Path: blob/aarch64-shenandoah-jdk8u272-b10/jdk/src/share/classes/sun/security/jgss/krb5/AcceptSecContextToken.java
38922 views
/*1* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation. Oracle designates this7* particular file as subject to the "Classpath" exception as provided8* by Oracle in the LICENSE file that accompanied this code.9*10* This code is distributed in the hope that it will be useful, but WITHOUT11* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or12* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License13* version 2 for more details (a copy is included in the LICENSE file that14* accompanied this code).15*16* You should have received a copy of the GNU General Public License version17* 2 along with this work; if not, write to the Free Software Foundation,18* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.19*20* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA21* or visit www.oracle.com if you need additional information or have any22* questions.23*/2425package sun.security.jgss.krb5;2627import org.ietf.jgss.*;28import java.io.InputStream;29import java.io.IOException;30import java.security.AccessController;3132import sun.security.action.GetBooleanAction;33import sun.security.krb5.*;3435class AcceptSecContextToken extends InitialToken {3637private KrbApRep apRep = null;3839/**40* Creates an AcceptSecContextToken for the context acceptor to send to41* the context initiator.42*/43public AcceptSecContextToken(Krb5Context context,44KrbApReq apReq)45throws KrbException, IOException, GSSException {4647boolean useSubkey = AccessController.doPrivileged(48new GetBooleanAction("sun.security.krb5.acceptor.subkey"));4950boolean useSequenceNumber = true;5152EncryptionKey subKey = null;53if (useSubkey) {54subKey = new EncryptionKey(apReq.getCreds().getSessionKey());55context.setKey(Krb5Context.ACCEPTOR_SUBKEY, subKey);56}57apRep = new KrbApRep(apReq, useSequenceNumber, subKey);5859context.resetMySequenceNumber(apRep.getSeqNumber().intValue());6061/*62* Note: The acceptor side context key was set when the63* InitSecContextToken was received.64*/65}6667/**68* Creates an AcceptSecContextToken at the context initiator's side69* using the bytes received from the acceptor.70*/71public AcceptSecContextToken(Krb5Context context,72Credentials serviceCreds, KrbApReq apReq,73InputStream is)74throws IOException, GSSException, KrbException {7576int tokenId = ((is.read()<<8) | is.read());7778if (tokenId != Krb5Token.AP_REP_ID)79throw new GSSException(GSSException.DEFECTIVE_TOKEN, -1,80"AP_REP token id does not match!");8182byte[] apRepBytes =83new sun.security.util.DerValue(is).toByteArray();8485KrbApRep apRep = new KrbApRep(apRepBytes, serviceCreds, apReq);8687/*88* Allow the context acceptor to set a subkey if desired, even89* though our context acceptor will not do so.90*/91EncryptionKey subKey = apRep.getSubKey();92if (subKey != null) {93context.setKey(Krb5Context.ACCEPTOR_SUBKEY, subKey);94/*95System.out.println("\n\nSub-Session key from AP-REP is: " +96getHexBytes(subKey.getBytes()) + "\n");97*/98}99100Integer apRepSeqNumber = apRep.getSeqNumber();101int peerSeqNumber = (apRepSeqNumber != null ?102apRepSeqNumber.intValue() :1030);104context.resetPeerSequenceNumber(peerSeqNumber);105}106107public final byte[] encode() throws IOException {108byte[] apRepBytes = apRep.getMessage();109byte[] retVal = new byte[2 + apRepBytes.length];110writeInt(Krb5Token.AP_REP_ID, retVal, 0);111System.arraycopy(apRepBytes, 0, retVal, 2, apRepBytes.length);112return retVal;113}114}115116117