< prev index next >
src/java.security.jgss/share/classes/sun/security/krb5/KrbAsReq.java
Print this page
rev 54745 : 8215032: Support Kerberos cross-realm referrals (RFC 6806)
Reviewed-by: weijun
@@ -1,7 +1,7 @@
/*
- * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
@@ -34,10 +34,11 @@
import sun.security.krb5.internal.*;
import sun.security.krb5.internal.crypto.Nonce;
import sun.security.krb5.internal.crypto.KeyUsage;
import java.io.IOException;
import java.time.Instant;
+import java.util.Arrays;
/**
* This class encapsulates the KRB-AS-REQ message that the client
* sends to the KDC.
*/
@@ -56,11 +57,12 @@
PrincipalName sname, // ok, krgtgt@CREALM
KerberosTime from, // ok
KerberosTime till, // ok, will use
KerberosTime rtime, // ok
int[] eTypes, // NO
- HostAddresses addresses // ok
+ HostAddresses addresses, // ok
+ PAData[] extraPAs // ok
)
throws KrbException, IOException {
if (options == null) {
options = new KDCOptions();
@@ -91,10 +93,19 @@
KeyUsage.KU_PA_ENC_TS);
paData = new PAData[1];
paData[0] = new PAData( Krb5.PA_ENC_TIMESTAMP,
encTs.asn1Encode());
}
+ if (extraPAs != null && extraPAs.length > 0) {
+ if (paData == null) {
+ paData = new PAData[extraPAs.length];
+ } else {
+ paData = Arrays.copyOf(paData, paData.length + extraPAs.length);
+ }
+ System.arraycopy(extraPAs, 0, paData,
+ paData.length - extraPAs.length, extraPAs.length);
+ }
if (cname.getRealm() == null) {
throw new RealmException(Krb5.REALM_NULL,
"default realm not specified ");
}
< prev index next >