< prev index next >
src/java.security.jgss/share/classes/sun/security/krb5/KrbTgsReq.java
Print this page
rev 54745 : 8215032: Support Kerberos cross-realm referrals (RFC 6806)
Reviewed-by: weijun
@@ -1,7 +1,7 @@
/*
- * Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
@@ -34,10 +34,11 @@
import sun.security.krb5.internal.*;
import sun.security.krb5.internal.crypto.*;
import java.io.IOException;
import java.net.UnknownHostException;
import java.time.Instant;
+import java.util.Arrays;
/**
* This class encapsulates a Kerberos TGS-REQ that is sent from the
* client to the KDC.
*/
@@ -55,63 +56,27 @@
private byte[] obuf;
private byte[] ibuf;
// Used in CredentialsUtil
- public KrbTgsReq(Credentials asCreds,
- PrincipalName sname)
+ public KrbTgsReq(KDCOptions options, Credentials asCreds,
+ PrincipalName cname, PrincipalName sname,
+ Ticket[] additionalTickets, PAData[] extraPAs)
throws KrbException, IOException {
- this(new KDCOptions(),
+ this(options,
asCreds,
+ cname,
sname,
null, // KerberosTime from
null, // KerberosTime till
null, // KerberosTime rtime
- null, // eTypes, // null, // int[] eTypes
+ null, // int[] eTypes
null, // HostAddresses addresses
null, // AuthorizationData authorizationData
- null, // Ticket[] additionalTickets
- null); // EncryptionKey subSessionKey
- }
-
- // S4U2proxy
- public KrbTgsReq(Credentials asCreds,
- Ticket second,
- PrincipalName sname)
- throws KrbException, IOException {
- this(KDCOptions.with(KDCOptions.CNAME_IN_ADDL_TKT,
- KDCOptions.FORWARDABLE),
- asCreds,
- sname,
- null,
- null,
- null,
- null,
- null,
- null,
- new Ticket[] {second}, // the service ticket
- null);
- }
-
- // S4U2user
- public KrbTgsReq(Credentials asCreds,
- PrincipalName sname,
- PAData extraPA)
- throws KrbException, IOException {
- this(KDCOptions.with(KDCOptions.FORWARDABLE),
- asCreds,
- asCreds.getClient(),
- sname,
- null,
- null,
- null,
- null,
- null,
- null,
- null,
- null,
- extraPA); // the PA-FOR-USER
+ additionalTickets,
+ null, // EncryptionKey subKey
+ extraPAs);
}
// Called by Credentials, KrbCred
KrbTgsReq(
KDCOptions options,
@@ -141,11 +106,11 @@
int[] eTypes,
HostAddresses addresses,
AuthorizationData authorizationData,
Ticket[] additionalTickets,
EncryptionKey subKey,
- PAData extraPA) throws KrbException, IOException {
+ PAData[] extraPAs) throws KrbException, IOException {
princName = cname;
servName = sname;
ctime = KerberosTime.now();
@@ -214,11 +179,11 @@
eTypes,
addresses,
authorizationData,
additionalTickets,
subKey,
- extraPA);
+ extraPAs);
obuf = tgsReqMessg.asn1Encode();
// XXX We need to revisit this to see if can't move it
// up such that FORWARDED flag set in the options
// is included in the marshaled request.
@@ -280,11 +245,11 @@
int[] eTypes,
HostAddresses addresses,
AuthorizationData authorizationData,
Ticket[] additionalTickets,
EncryptionKey subKey,
- PAData extraPA)
+ PAData[] extraPAs)
throws IOException, KrbException, UnknownHostException {
KerberosTime req_till = null;
if (till == null) {
String d = Config.getInstance().get("libdefaults", "ticket_lifetime");
if (d != null) {
@@ -380,15 +345,18 @@
reqKey,
null,
null).getMessage();
PAData tgsPAData = new PAData(Krb5.PA_TGS_REQ, tgs_ap_req);
- return new TGSReq(
- extraPA != null ?
- new PAData[] {extraPA, tgsPAData } :
- new PAData[] {tgsPAData},
- reqBody);
+ PAData[] pa;
+ if (extraPAs != null) {
+ pa = Arrays.copyOf(extraPAs, extraPAs.length + 1);
+ pa[extraPAs.length] = tgsPAData;
+ } else {
+ pa = new PAData[] {tgsPAData};
+ }
+ return new TGSReq(pa, reqBody);
}
TGSReq getMessage() {
return tgsReqMessg;
}
< prev index next >