1
/*
2
 * Copyright (c) 2011, 2019, Oracle and/or its affiliates. All rights reserved.
3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4
 *
5
 * This code is free software; you can redistribute it and/or modify it
6
 * under the terms of the GNU General Public License version 2 only, as
7
 * published by the Free Software Foundation.  Oracle designates this
8
 * particular file as subject to the "Classpath" exception as provided
9
 * by Oracle in the LICENSE file that accompanied this code.
10
 *
11
 * This code is distributed in the hope that it will be useful, but WITHOUT
12
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
14
 * version 2 for more details (a copy is included in the LICENSE file that
15
 * accompanied this code).
16
 *
17
 * You should have received a copy of the GNU General Public License version
18
 * 2 along with this work; if not, write to the Free Software Foundation,
19
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20
 *
21
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22
 * or visit www.oracle.com if you need additional information or have any
23
 * questions.
24
 */
25

26
#import "sun_security_krb5_Credentials.h"
27
#import <Kerberos/Kerberos.h>
28

29
/*
30
 * Based largely on klist.c,
31
 *
32
 * Created by Scott Kovatch on 8/12/04.
33
 *
34
 * See http://www.opensource.apple.com/darwinsource/10.3.3/Kerberos-47/KerberosClients/klist/Sources/klist.c
35

36
 */
37

38
/*
39
 * Statics for this module
40
 */
41

42
static jclass derValueClass = NULL;
43
static jclass ticketClass = NULL;
44
static jclass principalNameClass = NULL;
45
static jclass encryptionKeyClass = NULL;
46
static jclass ticketFlagsClass = NULL;
47
static jclass kerberosTimeClass = NULL;
48
static jclass javaLangStringClass = NULL;
49
static jclass javaLangIntegerClass = NULL;
50
static jclass hostAddressClass = NULL;
51
static jclass hostAddressesClass = NULL;
52

53
static jmethodID derValueConstructor = 0;
54
static jmethodID ticketConstructor = 0;
55
static jmethodID principalNameConstructor = 0;
56
static jmethodID encryptionKeyConstructor = 0;
57
static jmethodID ticketFlagsConstructor = 0;
58
static jmethodID kerberosTimeConstructor = 0;
59
static jmethodID krbcredsConstructor = 0;
60
static jmethodID integerConstructor = 0;
61
static jmethodID hostAddressConstructor = 0;
62
static jmethodID hostAddressesConstructor = 0;
63

64
/*
65
 * Function prototypes for internal routines
66
 */
67

68
static jobject BuildTicket(JNIEnv *env, krb5_data *encodedTicket);
69
static jobject BuildClientPrincipal(JNIEnv *env, krb5_context kcontext, krb5_principal principalName);
70
static jobject BuildEncryptionKey(JNIEnv *env, krb5_keyblock *cryptoKey);
71
static jobject BuildTicketFlags(JNIEnv *env, krb5_flags flags);
72
static jobject BuildKerberosTime(JNIEnv *env, krb5_timestamp kerbtime);
73
static jobject BuildAddressList(JNIEnv *env, krb5_address **kerbtime);
74

75
static void printiferr (errcode_t err, const char *format, ...);
76

77
static jclass FindClass(JNIEnv *env, char *className)
78
{
79
    jclass cls = (*env)->FindClass(env, className);
80

81
    if (cls == NULL) {
82
        printf("Couldn't find %s\n", className);
83
        return NULL;
84
    }
85
#ifdef DEBUG
86
    printf("Found %s\n", className);
87
#endif /* DEBUG */
88

89
    jobject returnValue = (*env)->NewWeakGlobalRef(env,cls);
90
    return returnValue;
91
}
92
/*
93
 * Class:     sun_security_krb5_KrbCreds
94
 * Method:    JNI_OnLoad
95
 */
96
JNIEXPORT jint JNICALL JNI_OnLoad(JavaVM *jvm, void *reserved)
97
{
98
    JNIEnv *env;
99

100
    if ((*jvm)->GetEnv(jvm, (void **)&env, JNI_VERSION_1_4)) {
101
        return JNI_EVERSION; /* JNI version not supported */
102
    }
103

104
    ticketClass = FindClass(env, "sun/security/krb5/internal/Ticket");
105
    if (ticketClass == NULL) return JNI_ERR;
106

107
    principalNameClass = FindClass(env, "sun/security/krb5/PrincipalName");
108
    if (principalNameClass == NULL) return JNI_ERR;
109

110
    derValueClass = FindClass(env, "sun/security/util/DerValue");
111
    if (derValueClass == NULL) return JNI_ERR;
112

113
    encryptionKeyClass = FindClass(env, "sun/security/krb5/EncryptionKey");
114
    if (encryptionKeyClass == NULL) return JNI_ERR;
115

116
    ticketFlagsClass = FindClass(env,"sun/security/krb5/internal/TicketFlags");
117
    if (ticketFlagsClass == NULL) return JNI_ERR;
118

119
    kerberosTimeClass = FindClass(env,"sun/security/krb5/internal/KerberosTime");
120
    if (kerberosTimeClass == NULL) return JNI_ERR;
121

122
    javaLangStringClass = FindClass(env,"java/lang/String");
123
    if (javaLangStringClass == NULL) return JNI_ERR;
124

125
    javaLangIntegerClass = FindClass(env,"java/lang/Integer");
126
    if (javaLangIntegerClass == NULL) return JNI_ERR;
127

128
    hostAddressClass = FindClass(env,"sun/security/krb5/internal/HostAddress");
129
    if (hostAddressClass == NULL) return JNI_ERR;
130

131
    hostAddressesClass = FindClass(env,"sun/security/krb5/internal/HostAddresses");
132
    if (hostAddressesClass == NULL) return JNI_ERR;
133

134
    derValueConstructor = (*env)->GetMethodID(env, derValueClass, "<init>", "([B)V");
135
    if (derValueConstructor == 0) {
136
        printf("Couldn't find DerValue constructor\n");
137
        return JNI_ERR;
138
    }
139
#ifdef DEBUG
140
    printf("Found DerValue constructor\n");
141
#endif /* DEBUG */
142

143
    ticketConstructor = (*env)->GetMethodID(env, ticketClass, "<init>", "(Lsun/security/util/DerValue;)V");
144
    if (ticketConstructor == 0) {
145
        printf("Couldn't find Ticket constructor\n");
146
        return JNI_ERR;
147
    }
148
#ifdef DEBUG
149
    printf("Found Ticket constructor\n");
150
#endif /* DEBUG */
151

152
    principalNameConstructor = (*env)->GetMethodID(env, principalNameClass, "<init>", "(Ljava/lang/String;I)V");
153
    if (principalNameConstructor == 0) {
154
        printf("Couldn't find PrincipalName constructor\n");
155
        return JNI_ERR;
156
    }
157
#ifdef DEBUG
158
    printf("Found PrincipalName constructor\n");
159
#endif /* DEBUG */
160

161
    encryptionKeyConstructor = (*env)->GetMethodID(env, encryptionKeyClass, "<init>", "(I[B)V");
162
    if (encryptionKeyConstructor == 0) {
163
        printf("Couldn't find EncryptionKey constructor\n");
164
        return JNI_ERR;
165
    }
166
#ifdef DEBUG
167
    printf("Found EncryptionKey constructor\n");
168
#endif /* DEBUG */
169

170
    ticketFlagsConstructor = (*env)->GetMethodID(env, ticketFlagsClass, "<init>", "(I[B)V");
171
    if (ticketFlagsConstructor == 0) {
172
        printf("Couldn't find TicketFlags constructor\n");
173
        return JNI_ERR;
174
    }
175
#ifdef DEBUG
176
    printf("Found TicketFlags constructor\n");
177
#endif /* DEBUG */
178

179
    kerberosTimeConstructor = (*env)->GetMethodID(env, kerberosTimeClass, "<init>", "(J)V");
180
    if (kerberosTimeConstructor == 0) {
181
        printf("Couldn't find KerberosTime constructor\n");
182
        return JNI_ERR;
183
    }
184
#ifdef DEBUG
185
    printf("Found KerberosTime constructor\n");
186
#endif /* DEBUG */
187

188
    integerConstructor = (*env)->GetMethodID(env, javaLangIntegerClass, "<init>", "(I)V");
189
    if (integerConstructor == 0) {
190
        printf("Couldn't find Integer constructor\n");
191
        return JNI_ERR;
192
    }
193
#ifdef DEBUG
194
    printf("Found Integer constructor\n");
195
#endif /* DEBUG */
196

197
    hostAddressConstructor = (*env)->GetMethodID(env, hostAddressClass, "<init>", "(I[B)V");
198
    if (hostAddressConstructor == 0) {
199
        printf("Couldn't find HostAddress constructor\n");
200
        return JNI_ERR;
201
    }
202
#ifdef DEBUG
203
    printf("Found HostAddress constructor\n");
204
#endif /* DEBUG */
205

206
    hostAddressesConstructor = (*env)->GetMethodID(env, hostAddressesClass, "<init>", "([Lsun/security/krb5/internal/HostAddress;)V");
207
    if (hostAddressesConstructor == 0) {
208
        printf("Couldn't find HostAddresses constructor\n");
209
        return JNI_ERR;
210
    }
211
#ifdef DEBUG
212
    printf("Found HostAddresses constructor\n");
213
#endif /* DEBUG */
214

215
#ifdef DEBUG
216
    printf("Finished OnLoad processing\n");
217
#endif /* DEBUG */
218

219
    return JNI_VERSION_1_2;
220
}
221

222
/*
223
 * Class:     sun_security_jgss_KrbCreds
224
 * Method:    JNI_OnUnload
225
 */
226
JNIEXPORT void JNICALL JNI_OnUnload(JavaVM *jvm, void *reserved)
227
{
228
    JNIEnv *env;
229

230
    if ((*jvm)->GetEnv(jvm, (void **)&env, JNI_VERSION_1_2)) {
231
        return; /* Nothing else we can do */
232
    }
233

234
    if (ticketClass != NULL) {
235
        (*env)->DeleteWeakGlobalRef(env,ticketClass);
236
    }
237
    if (derValueClass != NULL) {
238
        (*env)->DeleteWeakGlobalRef(env,derValueClass);
239
    }
240
    if (principalNameClass != NULL) {
241
        (*env)->DeleteWeakGlobalRef(env,principalNameClass);
242
    }
243
    if (encryptionKeyClass != NULL) {
244
        (*env)->DeleteWeakGlobalRef(env,encryptionKeyClass);
245
    }
246
    if (ticketFlagsClass != NULL) {
247
        (*env)->DeleteWeakGlobalRef(env,ticketFlagsClass);
248
    }
249
    if (kerberosTimeClass != NULL) {
250
        (*env)->DeleteWeakGlobalRef(env,kerberosTimeClass);
251
    }
252
    if (javaLangStringClass != NULL) {
253
        (*env)->DeleteWeakGlobalRef(env,javaLangStringClass);
254
    }
255
    if (javaLangIntegerClass != NULL) {
256
        (*env)->DeleteWeakGlobalRef(env,javaLangIntegerClass);
257
    }
258
    if (hostAddressClass != NULL) {
259
        (*env)->DeleteWeakGlobalRef(env,hostAddressClass);
260
    }
261
    if (hostAddressesClass != NULL) {
262
        (*env)->DeleteWeakGlobalRef(env,hostAddressesClass);
263
    }
264

265
}
266

267
int isIn(krb5_enctype e, int n, jint* etypes)
268
{
269
    int i;
270
    for (i=0; i<n; i++) {
271
        if (e == etypes[i]) return 1;
272
    }
273
    return 0;
274
}
275

276
/*
277
 * Class:     sun_security_krb5_Credentials
278
 * Method:    acquireDefaultNativeCreds
279
 * Signature: ([I])Lsun/security/krb5/Credentials;
280
 */
281
JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativeCreds
282
(JNIEnv *env, jclass krbcredsClass, jintArray jetypes)
283
{
284
    jobject krbCreds = NULL;
285
    krb5_error_code err = 0;
286
    krb5_ccache ccache = NULL;
287
    krb5_cc_cursor cursor = NULL;
288
    krb5_creds creds;
289
    krb5_flags flags = 0;
290
    krb5_context kcontext = NULL;
291

292
    int netypes;
293
    jint *etypes = NULL;
294
    int proxy_flag = 0;
295

296
    /* Initialize the Kerberos 5 context */
297
    err = krb5_init_context (&kcontext);
298

299
    if (!err) {
300
        err = krb5_cc_default (kcontext, &ccache);
301
    }
302

303
    if (!err) {
304
        err = krb5_cc_set_flags (kcontext, ccache, flags); /* turn off OPENCLOSE */
305
    }
306

307
    // First round read. The proxy_impersonator config flag is not supported.
308
    // This ccache will not be used if this flag exists.
309
    if (!err) {
310
        err = krb5_cc_start_seq_get (kcontext, ccache, &cursor);
311
    }
312

313
    if (!err) {
314
        while ((err = krb5_cc_next_cred (kcontext, ccache, &cursor, &creds)) == 0) {
315
            char *serverName = NULL;
316

317
            if (!err) {
318
                err = krb5_unparse_name (kcontext, creds.server, &serverName);
319
                printiferr (err, "while unparsing server name");
320
            }
321

322
            if (!err) {
323
                if (!strcmp(serverName, "krb5_ccache_conf_data/proxy_impersonator@X-CACHECONF:")) {
324
                    proxy_flag = 1;
325
                }
326
            }
327

328
            if (serverName != NULL) { krb5_free_unparsed_name (kcontext, serverName); }
329

330
            krb5_free_cred_contents (kcontext, &creds);
331

332
            if (proxy_flag) break;
333
        }
334

335
        if (err == KRB5_CC_END) { err = 0; }
336
        printiferr (err, "while retrieving a ticket");
337
    }
338

339
    if (!err) {
340
        err = krb5_cc_end_seq_get (kcontext, ccache, &cursor);
341
        printiferr (err, "while finishing ticket retrieval");
342
    }
343

344
    if (proxy_flag) {
345
        goto outer_cleanup;
346
    }
347
    // End of first round read
348

349
    if (!err) {
350
        err = krb5_cc_start_seq_get (kcontext, ccache, &cursor);
351
    }
352

353
    netypes = (*env)->GetArrayLength(env, jetypes);
354
    etypes = (jint *) (*env)->GetIntArrayElements(env, jetypes, NULL);
355

356
    if (etypes != NULL && !err) {
357
        while ((err = krb5_cc_next_cred (kcontext, ccache, &cursor, &creds)) == 0) {
358
            char *serverName = NULL;
359

360
            if (!err) {
361
                err = krb5_unparse_name (kcontext, creds.server, &serverName);
362
                printiferr (err, "while unparsing server name");
363
            }
364

365
            if (!err) {
366
                char* slash = strchr(serverName, '/');
367
                char* at = strchr(serverName, '@');
368
                // Make sure the server's name is krbtgt/REALM@REALM, the etype
369
                // is supported, and the ticket has not expired
370
                if (slash && at &&
371
                        strncmp (serverName, "krbtgt", slash-serverName) == 0 &&
372
                            // the ablove line shows at must be after slash
373
                        strncmp (slash+1, at+1, at-slash-1) == 0 &&
374
                        isIn (creds.keyblock.enctype, netypes, etypes) &&
375
                        creds.times.endtime > time(0)) {
376
                    jobject ticket, clientPrincipal, targetPrincipal, encryptionKey;
377
                    jobject ticketFlags, startTime, endTime;
378
                    jobject authTime, renewTillTime, hostAddresses;
379

380
                    ticket = clientPrincipal = targetPrincipal = encryptionKey = NULL;
381
                    ticketFlags = startTime = endTime = NULL;
382
                    authTime = renewTillTime = hostAddresses = NULL;
383

384
                    // For the default credentials we're only interested in the krbtgt server.
385
                    clientPrincipal = BuildClientPrincipal(env, kcontext, creds.client);
386
                    if (clientPrincipal == NULL) goto cleanup;
387

388
                    targetPrincipal = BuildClientPrincipal(env, kcontext, creds.server);
389
                    if (targetPrincipal == NULL) goto cleanup;
390

391
                    // Build a sun/security/krb5/internal/Ticket
392
                    ticket = BuildTicket(env, &creds.ticket);
393
                    if (ticket == NULL) goto cleanup;
394

395
                    // Get the encryption key
396
                    encryptionKey = BuildEncryptionKey(env, &creds.keyblock);
397
                    if (encryptionKey == NULL) goto cleanup;
398

399
                    // and the ticket flags
400
                    ticketFlags = BuildTicketFlags(env, creds.ticket_flags);
401
                    if (ticketFlags == NULL) goto cleanup;
402

403
                    // Get the timestamps out.
404
                    startTime = BuildKerberosTime(env, creds.times.starttime);
405
                    if (startTime == NULL) goto cleanup;
406

407
                    authTime = BuildKerberosTime(env, creds.times.authtime);
408
                    if (authTime == NULL) goto cleanup;
409

410
                    endTime = BuildKerberosTime(env, creds.times.endtime);
411
                    if (endTime == NULL) goto cleanup;
412

413
                    renewTillTime = BuildKerberosTime(env, creds.times.renew_till);
414
                    if (renewTillTime == NULL) goto cleanup;
415

416
                    // Create the addresses object.
417
                    hostAddresses = BuildAddressList(env, creds.addresses);
418

419
                    if (krbcredsConstructor == 0) {
420
                        krbcredsConstructor = (*env)->GetMethodID(env, krbcredsClass, "<init>",
421
                                                                  "(Lsun/security/krb5/internal/Ticket;Lsun/security/krb5/PrincipalName;Lsun/security/krb5/PrincipalName;Lsun/security/krb5/PrincipalName;Lsun/security/krb5/PrincipalName;Lsun/security/krb5/EncryptionKey;Lsun/security/krb5/internal/TicketFlags;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/HostAddresses;)V");
422
                        if (krbcredsConstructor == 0) {
423
                            printf("Couldn't find sun.security.krb5.internal.Ticket constructor\n");
424
                            break;
425
                        }
426
                    }
427

428
                    // and now go build a KrbCreds object
429
                    krbCreds = (*env)->NewObject(
430
                                                 env,
431
                                                 krbcredsClass,
432
                                                 krbcredsConstructor,
433
                                                 ticket,
434
                                                 clientPrincipal,
435
                                                 NULL,
436
                                                 targetPrincipal,
437
                                                 NULL,
438
                                                 encryptionKey,
439
                                                 ticketFlags,
440
                                                 authTime,
441
                                                 startTime,
442
                                                 endTime,
443
                                                 renewTillTime,
444
                                                 hostAddresses);
445
cleanup:
446
                    if (ticket) (*env)->DeleteLocalRef(env, ticket);
447
                    if (clientPrincipal) (*env)->DeleteLocalRef(env, clientPrincipal);
448
                    if (targetPrincipal) (*env)->DeleteLocalRef(env, targetPrincipal);
449
                    if (encryptionKey) (*env)->DeleteLocalRef(env, encryptionKey);
450
                    if (ticketFlags) (*env)->DeleteLocalRef(env, ticketFlags);
451
                    if (authTime) (*env)->DeleteLocalRef(env, authTime);
452
                    if (startTime) (*env)->DeleteLocalRef(env, startTime);
453
                    if (endTime) (*env)->DeleteLocalRef(env, endTime);
454
                    if (renewTillTime) (*env)->DeleteLocalRef(env, renewTillTime);
455
                    if (hostAddresses) (*env)->DeleteLocalRef(env, hostAddresses);
456

457
                    // Stop if there is an exception or we already found the initial TGT
458
                    if ((*env)->ExceptionCheck(env) || krbCreds) {
459
                        break;
460
                    }
461
                }
462
            }
463

464
            if (serverName != NULL) { krb5_free_unparsed_name (kcontext, serverName); }
465

466
            krb5_free_cred_contents (kcontext, &creds);
467
        }
468

469
        if (err == KRB5_CC_END) { err = 0; }
470
        printiferr (err, "while retrieving a ticket");
471
    }
472

473
    if (!err) {
474
        err = krb5_cc_end_seq_get (kcontext, ccache, &cursor);
475
        printiferr (err, "while finishing ticket retrieval");
476
    }
477

478
outer_cleanup:
479
    if (!err) {
480
        flags = KRB5_TC_OPENCLOSE; /* restore OPENCLOSE mode */
481
        err = krb5_cc_set_flags (kcontext, ccache, flags);
482
        printiferr (err, "while finishing ticket retrieval");
483
    }
484

485
    if (etypes != NULL) {
486
        (*env)->ReleaseIntArrayElements(env, jetypes, etypes, 0);
487
    }
488

489
    krb5_free_context (kcontext);
490
    return krbCreds;
491
}
492

493

494
#pragma mark -
495

496
jobject BuildTicket(JNIEnv *env, krb5_data *encodedTicket)
497
{
498
    /* To build a Ticket, we first need to build a DerValue out of the EncodedTicket.
499
    * But before we can do that, we need to make a byte array out of the ET.
500
    */
501

502
    jobject derValue, ticket;
503
    jbyteArray ary;
504

505
    ary = (*env)->NewByteArray(env, encodedTicket->length);
506
    if ((*env)->ExceptionCheck(env)) {
507
        return (jobject) NULL;
508
    }
509

510
    (*env)->SetByteArrayRegion(env, ary, (jsize) 0, encodedTicket->length, (jbyte *)encodedTicket->data);
511
    if ((*env)->ExceptionCheck(env)) {
512
        (*env)->DeleteLocalRef(env, ary);
513
        return (jobject) NULL;
514
    }
515

516
    derValue = (*env)->NewObject(env, derValueClass, derValueConstructor, ary);
517
    if ((*env)->ExceptionCheck(env)) {
518
        (*env)->DeleteLocalRef(env, ary);
519
        return (jobject) NULL;
520
    }
521

522
    (*env)->DeleteLocalRef(env, ary);
523
    ticket = (*env)->NewObject(env, ticketClass, ticketConstructor, derValue);
524
    if ((*env)->ExceptionCheck(env)) {
525
        (*env)->DeleteLocalRef(env, derValue);
526
        return (jobject) NULL;
527
    }
528
    (*env)->DeleteLocalRef(env, derValue);
529
    return ticket;
530
}
531

532
jobject BuildClientPrincipal(JNIEnv *env, krb5_context kcontext, krb5_principal principalName) {
533
    // Get the full principal string.
534
    char *principalString = NULL;
535
    jobject principal = NULL;
536
    int err = krb5_unparse_name (kcontext, principalName, &principalString);
537

538
    if (!err) {
539
        // Make a PrincipalName from the full string and the type.  Let the PrincipalName class parse it out.
540
        jstring principalStringObj = (*env)->NewStringUTF(env, principalString);
541
        if (principalStringObj == NULL) {
542
            if (principalString != NULL) { krb5_free_unparsed_name (kcontext, principalString); }
543
            return (jobject) NULL;
544
        }
545
        principal = (*env)->NewObject(env, principalNameClass, principalNameConstructor, principalStringObj, principalName->type);
546
        if (principalString != NULL) { krb5_free_unparsed_name (kcontext, principalString); }
547
        (*env)->DeleteLocalRef(env, principalStringObj);
548
    }
549

550
    return principal;
551
}
552

553
jobject BuildEncryptionKey(JNIEnv *env, krb5_keyblock *cryptoKey) {
554
    // First, need to build a byte array
555
    jbyteArray ary;
556
    jobject encryptionKey = NULL;
557

558
    ary = (*env)->NewByteArray(env,cryptoKey->length);
559

560
    if (ary == NULL) {
561
        return (jobject) NULL;
562
    }
563

564
    (*env)->SetByteArrayRegion(env, ary, (jsize) 0, cryptoKey->length, (jbyte *)cryptoKey->contents);
565
    if (!(*env)->ExceptionCheck(env)) {
566
        encryptionKey = (*env)->NewObject(env, encryptionKeyClass, encryptionKeyConstructor, cryptoKey->enctype, ary);
567
    }
568

569
    (*env)->DeleteLocalRef(env, ary);
570
    return encryptionKey;
571
}
572

573
jobject BuildTicketFlags(JNIEnv *env, krb5_flags flags) {
574
    jobject ticketFlags = NULL;
575
    jbyteArray ary;
576

577
    /*
578
     * Convert the bytes to network byte order before copying
579
     * them to a Java byte array.
580
     */
581
    unsigned long nlflags = htonl(flags);
582

583
    ary = (*env)->NewByteArray(env, sizeof(flags));
584

585
    if (ary == NULL) {
586
        return (jobject) NULL;
587
    }
588

589
    (*env)->SetByteArrayRegion(env, ary, (jsize) 0, sizeof(flags), (jbyte *)&nlflags);
590

591
    if (!(*env)->ExceptionCheck(env)) {
592
        ticketFlags = (*env)->NewObject(env, ticketFlagsClass, ticketFlagsConstructor, sizeof(flags)*8, ary);
593
    }
594

595
    (*env)->DeleteLocalRef(env, ary);
596
    return ticketFlags;
597
}
598

599
jobject BuildKerberosTime(JNIEnv *env, krb5_timestamp kerbtime) {
600
    jlong time = kerbtime;
601

602
    // Kerberos time is in seconds, but the KerberosTime class assumes milliseconds, so multiply by 1000.
603
    time *= 1000;
604
    return (*env)->NewObject(env, kerberosTimeClass, kerberosTimeConstructor, time);
605
}
606

607
jobject BuildAddressList(JNIEnv *env, krb5_address **addresses) {
608

609
    if (addresses == NULL) {
610
        return NULL;
611
    }
612

613
    int addressCount = 0;
614

615
    // See how many we have.
616
    krb5_address **p = addresses;
617

618
    while (*p != 0) {
619
        addressCount++;
620
        p++;
621
    }
622

623
    jobject address_list = (*env)->NewObjectArray(env, addressCount, hostAddressClass, NULL);
624

625
    if (address_list == NULL) {
626
        return (jobject) NULL;
627
    }
628

629
    // Create a new HostAddress object for each address block.
630
    // First, reset the iterator.
631
    p = addresses;
632
    jsize index = 0;
633
    while (*p != 0) {
634
        krb5_address *currAddress = *p;
635

636
        // HostAddres needs a byte array of the host data.
637
        jbyteArray ary = (*env)->NewByteArray(env, currAddress->length);
638

639
        if (ary == NULL) return NULL;
640

641
        (*env)->SetByteArrayRegion(env, ary, (jsize) 0, currAddress->length, (jbyte *)currAddress->contents);
642
        jobject address = (*env)->NewObject(env, hostAddressClass, hostAddressConstructor, currAddress->length, ary);
643

644
        (*env)->DeleteLocalRef(env, ary);
645

646
        if (address == NULL) {
647
            return (jobject) NULL;
648
        }
649
        // Add the HostAddress to the arrray.
650
        (*env)->SetObjectArrayElement(env, address_list, index, address);
651

652
        if ((*env)->ExceptionCheck(env)) {
653
            return (jobject) NULL;
654
        }
655

656
        index++;
657
        p++;
658
    }
659

660
    return address_list;
661
}
662

663
#pragma mark - Utility methods -
664

665
static void printiferr (errcode_t err, const char *format, ...)
666
{
667
    if (err) {
668
        va_list pvar;
669

670
        va_start (pvar, format);
671
        com_err_va ("ticketParser:", err, format, pvar);
672
        va_end (pvar);
673
    }
674
}
675

676

677