1 /*
2 * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
138 PAData.getSaltAndParams(encPartKeyType, rep.pAData));
139 decrypt(dkey, asReq);
140 }
141
142 /**
143 * Decrypts encrypted content inside AS-REP. Called by initiator.
144 * @param dkey the decryption key to use
145 * @param asReq the original AS-REQ sent, used to validate AS-REP
146 */
147 private void decrypt(EncryptionKey dkey, KrbAsReq asReq)
148 throws KrbException, Asn1Exception, IOException {
149 byte[] enc_as_rep_bytes = rep.encPart.decrypt(dkey,
150 KeyUsage.KU_ENC_AS_REP_PART);
151 byte[] enc_as_rep_part = rep.encPart.reset(enc_as_rep_bytes);
152
153 DerValue encoding = new DerValue(enc_as_rep_part);
154 EncASRepPart enc_part = new EncASRepPart(encoding);
155 rep.encKDCRepPart = enc_part;
156
157 ASReq req = asReq.getMessage();
158 check(true, req, rep);
159
160 creds = new Credentials(
161 rep.ticket,
162 req.reqBody.cname,
163 enc_part.sname,
164 enc_part.key,
165 enc_part.flags,
166 enc_part.authtime,
167 enc_part.starttime,
168 enc_part.endtime,
169 enc_part.renewTill,
170 enc_part.caddr);
171 if (DEBUG) {
172 System.out.println(">>> KrbAsRep cons in KrbAsReq.getReply " +
173 req.reqBody.cname.getNameString());
174 }
175 }
176
177 Credentials getCreds() {
178 return Objects.requireNonNull(creds, "Creds not available yet.");
179 }
180
181 sun.security.krb5.internal.ccache.Credentials getCCreds() {
182 return new sun.security.krb5.internal.ccache.Credentials(rep);
|
1 /*
2 * Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
138 PAData.getSaltAndParams(encPartKeyType, rep.pAData));
139 decrypt(dkey, asReq);
140 }
141
142 /**
143 * Decrypts encrypted content inside AS-REP. Called by initiator.
144 * @param dkey the decryption key to use
145 * @param asReq the original AS-REQ sent, used to validate AS-REP
146 */
147 private void decrypt(EncryptionKey dkey, KrbAsReq asReq)
148 throws KrbException, Asn1Exception, IOException {
149 byte[] enc_as_rep_bytes = rep.encPart.decrypt(dkey,
150 KeyUsage.KU_ENC_AS_REP_PART);
151 byte[] enc_as_rep_part = rep.encPart.reset(enc_as_rep_bytes);
152
153 DerValue encoding = new DerValue(enc_as_rep_part);
154 EncASRepPart enc_part = new EncASRepPart(encoding);
155 rep.encKDCRepPart = enc_part;
156
157 ASReq req = asReq.getMessage();
158 check(true, req, rep, dkey);
159
160 creds = new Credentials(
161 rep.ticket,
162 rep.cname,
163 enc_part.sname,
164 enc_part.key,
165 enc_part.flags,
166 enc_part.authtime,
167 enc_part.starttime,
168 enc_part.endtime,
169 enc_part.renewTill,
170 enc_part.caddr);
171 if (DEBUG) {
172 System.out.println(">>> KrbAsRep cons in KrbAsReq.getReply " +
173 req.reqBody.cname.getNameString());
174 }
175 }
176
177 Credentials getCreds() {
178 return Objects.requireNonNull(creds, "Creds not available yet.");
179 }
180
181 sun.security.krb5.internal.ccache.Credentials getCCreds() {
182 return new sun.security.krb5.internal.ccache.Credentials(rep);
|