CoCalc -- KrbTgsRep.java

GitHub Repository: PojavLauncherTeam/openjdk-multiarch-jdk8u
Path: blob/aarch64-shenandoah-jdk8u272-b10/jdk/src/share/classes/sun/security/krb5/KrbTgsRep.java
³⁸⁸³⁰ views
1
/*
2
 * Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4
 *
5
 * This code is free software; you can redistribute it and/or modify it
6
 * under the terms of the GNU General Public License version 2 only, as
7
 * published by the Free Software Foundation.  Oracle designates this
8
 * particular file as subject to the "Classpath" exception as provided
9
 * by Oracle in the LICENSE file that accompanied this code.
10
 *
11
 * This code is distributed in the hope that it will be useful, but WITHOUT
12
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
14
 * version 2 for more details (a copy is included in the LICENSE file that
15
 * accompanied this code).
16
 *
17
 * You should have received a copy of the GNU General Public License version
18
 * 2 along with this work; if not, write to the Free Software Foundation,
19
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20
 *
21
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22
 * or visit www.oracle.com if you need additional information or have any
23
 * questions.
24
 */
25

26
/*
27
 *
28
 *  (C) Copyright IBM Corp. 1999 All Rights Reserved.
29
 *  Copyright 1997 The Open Group Research Institute.  All rights reserved.
30
 */
31

32
package sun.security.krb5;
33

34
import sun.security.krb5.internal.*;
35
import sun.security.krb5.internal.crypto.KeyUsage;
36
import sun.security.util.*;
37
import java.io.IOException;
38

39
/**
40
 * This class encapsulates a TGS-REP that is sent from the KDC to the
41
 * Kerberos client.
42
 */
43
public class KrbTgsRep extends KrbKdcRep {
44
    private TGSRep rep;
45
    private Credentials creds;
46
    private Ticket secondTicket;
47
    private static final boolean DEBUG = Krb5.DEBUG;
48

49
    KrbTgsRep(byte[] ibuf, KrbTgsReq tgsReq)
50
        throws KrbException, IOException {
51
        DerValue ref = new DerValue(ibuf);
52
        TGSReq req = tgsReq.getMessage();
53
        TGSRep rep = null;
54
        try {
55
            rep = new TGSRep(ref);
56
        } catch (Asn1Exception e) {
57
            rep = null;
58
            KRBError err = new KRBError(ref);
59
            String errStr = err.getErrorString();
60
            String eText = null; // pick up text sent by the server (if any)
61
            if (errStr != null && errStr.length() > 0) {
62
                if (errStr.charAt(errStr.length() - 1) == 0)
63
                    eText = errStr.substring(0, errStr.length() - 1);
64
                else
65
                    eText = errStr;
66
            }
67
            KrbException ke;
68
            if (eText == null) {
69
                // no text sent from server
70
                ke = new KrbException(err.getErrorCode());
71
            } else {
72
                // override default text with server text
73
                ke = new KrbException(err.getErrorCode(), eText);
74
            }
75
            ke.initCause(e);
76
            throw ke;
77
        }
78
        byte[] enc_tgs_rep_bytes = rep.encPart.decrypt(tgsReq.tgsReqKey,
79
            tgsReq.usedSubkey() ? KeyUsage.KU_ENC_TGS_REP_PART_SUBKEY :
80
            KeyUsage.KU_ENC_TGS_REP_PART_SESSKEY);
81

82
        byte[] enc_tgs_rep_part = rep.encPart.reset(enc_tgs_rep_bytes);
83
        ref = new DerValue(enc_tgs_rep_part);
84
        EncTGSRepPart enc_part = new EncTGSRepPart(ref);
85
        rep.encKDCRepPart = enc_part;
86

87
        check(false, req, rep, tgsReq.tgsReqKey);
88

89
        PrincipalName serverAlias = tgsReq.getServerAlias();
90
        if (serverAlias != null) {
91
            PrincipalName repSname = enc_part.sname;
92
            if (serverAlias.equals(repSname) ||
93
                    isReferralSname(repSname)) {
94
                serverAlias = null;
95
            }
96
        }
97

98
        PrincipalName clientAlias = null;
99
        if (rep.cname.equals(req.reqBody.cname)) {
100
            // Only propagate the client alias if it is not an
101
            // impersonation ticket (S4U2Self or S4U2Proxy).
102
            clientAlias = tgsReq.getClientAlias();
103
        }
104

105
        this.creds = new Credentials(rep.ticket,
106
                                rep.cname,
107
                                clientAlias,
108
                                enc_part.sname,
109
                                serverAlias,
110
                                enc_part.key,
111
                                enc_part.flags,
112
                                enc_part.authtime,
113
                                enc_part.starttime,
114
                                enc_part.endtime,
115
                                enc_part.renewTill,
116
                                enc_part.caddr
117
                                );
118
        this.rep = rep;
119
        this.secondTicket = tgsReq.getSecondTicket();
120
    }
121

122
    /**
123
     * Return the credentials that were contained in this KRB-TGS-REP.
124
     */
125
    public Credentials getCreds() {
126
        return creds;
127
    }
128

129
    sun.security.krb5.internal.ccache.Credentials setCredentials() {
130
        return new sun.security.krb5.internal.ccache.Credentials(rep, secondTicket);
131
    }
132

133
    private static boolean isReferralSname(PrincipalName sname) {
134
        if (sname != null) {
135
            String[] snameStrings = sname.getNameStrings();
136
            if (snameStrings.length == 2 &&
137
                    snameStrings[0].equals(
138
                            PrincipalName.TGS_DEFAULT_SRV_NAME)) {
139
                return true;
140
            }
141
        }
142
        return false;
143
    }
144
}
145

146
Product

Resources

Company
