1 /*
2 * Copyright (c) 2011, 2019, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 #import "sun_security_krb5_Credentials.h"
27 #import <Kerberos/Kerberos.h>
28
29 /*
30 * Based largely on klist.c,
31 *
32 * Created by Scott Kovatch on 8/12/04.
33 *
34 * See http://www.opensource.apple.com/darwinsource/10.3.3/Kerberos-47/KerberosClients/klist/Sources/klist.c
35
36 */
37
38 /*
39 * Statics for this module
40 */
41
42 static jclass derValueClass = NULL;
43 static jclass ticketClass = NULL;
44 static jclass principalNameClass = NULL;
45 static jclass encryptionKeyClass = NULL;
46 static jclass ticketFlagsClass = NULL;
47 static jclass kerberosTimeClass = NULL;
48 static jclass javaLangStringClass = NULL;
49 static jclass javaLangIntegerClass = NULL;
50 static jclass hostAddressClass = NULL;
51 static jclass hostAddressesClass = NULL;
52
53 static jmethodID derValueConstructor = 0;
54 static jmethodID ticketConstructor = 0;
55 static jmethodID principalNameConstructor = 0;
56 static jmethodID encryptionKeyConstructor = 0;
57 static jmethodID ticketFlagsConstructor = 0;
58 static jmethodID kerberosTimeConstructor = 0;
59 static jmethodID krbcredsConstructor = 0;
60 static jmethodID integerConstructor = 0;
61 static jmethodID hostAddressConstructor = 0;
62 static jmethodID hostAddressesConstructor = 0;
63
64 /*
65 * Function prototypes for internal routines
66 */
67
68 static jobject BuildTicket(JNIEnv *env, krb5_data *encodedTicket);
69 static jobject BuildClientPrincipal(JNIEnv *env, krb5_context kcontext, krb5_principal principalName);
70 static jobject BuildEncryptionKey(JNIEnv *env, krb5_keyblock *cryptoKey);
71 static jobject BuildTicketFlags(JNIEnv *env, krb5_flags flags);
72 static jobject BuildKerberosTime(JNIEnv *env, krb5_timestamp kerbtime);
73 static jobject BuildAddressList(JNIEnv *env, krb5_address **kerbtime);
74
75 static void printiferr (errcode_t err, const char *format, ...);
76
77 static jclass FindClass(JNIEnv *env, char *className)
78 {
79 jclass cls = (*env)->FindClass(env, className);
80
81 if (cls == NULL) {
82 printf("Couldn't find %s\n", className);
83 return NULL;
84 }
85 #ifdef DEBUG
86 printf("Found %s\n", className);
87 #endif /* DEBUG */
88
89 jobject returnValue = (*env)->NewWeakGlobalRef(env,cls);
90 return returnValue;
91 }
92 /*
93 * Class: sun_security_krb5_KrbCreds
94 * Method: JNI_OnLoad
95 */
96 JNIEXPORT jint JNICALL JNI_OnLoad(JavaVM *jvm, void *reserved)
97 {
98 JNIEnv *env;
99
100 if ((*jvm)->GetEnv(jvm, (void **)&env, JNI_VERSION_1_4)) {
101 return JNI_EVERSION; /* JNI version not supported */
102 }
103
104 ticketClass = FindClass(env, "sun/security/krb5/internal/Ticket");
105 if (ticketClass == NULL) return JNI_ERR;
106
107 principalNameClass = FindClass(env, "sun/security/krb5/PrincipalName");
108 if (principalNameClass == NULL) return JNI_ERR;
109
110 derValueClass = FindClass(env, "sun/security/util/DerValue");
111 if (derValueClass == NULL) return JNI_ERR;
112
113 encryptionKeyClass = FindClass(env, "sun/security/krb5/EncryptionKey");
114 if (encryptionKeyClass == NULL) return JNI_ERR;
115
116 ticketFlagsClass = FindClass(env,"sun/security/krb5/internal/TicketFlags");
117 if (ticketFlagsClass == NULL) return JNI_ERR;
118
119 kerberosTimeClass = FindClass(env,"sun/security/krb5/internal/KerberosTime");
120 if (kerberosTimeClass == NULL) return JNI_ERR;
121
122 javaLangStringClass = FindClass(env,"java/lang/String");
123 if (javaLangStringClass == NULL) return JNI_ERR;
124
125 javaLangIntegerClass = FindClass(env,"java/lang/Integer");
126 if (javaLangIntegerClass == NULL) return JNI_ERR;
127
128 hostAddressClass = FindClass(env,"sun/security/krb5/internal/HostAddress");
129 if (hostAddressClass == NULL) return JNI_ERR;
130
131 hostAddressesClass = FindClass(env,"sun/security/krb5/internal/HostAddresses");
132 if (hostAddressesClass == NULL) return JNI_ERR;
133
134 derValueConstructor = (*env)->GetMethodID(env, derValueClass, "<init>", "([B)V");
135 if (derValueConstructor == 0) {
136 printf("Couldn't find DerValue constructor\n");
137 return JNI_ERR;
138 }
139 #ifdef DEBUG
140 printf("Found DerValue constructor\n");
141 #endif /* DEBUG */
142
143 ticketConstructor = (*env)->GetMethodID(env, ticketClass, "<init>", "(Lsun/security/util/DerValue;)V");
144 if (ticketConstructor == 0) {
145 printf("Couldn't find Ticket constructor\n");
146 return JNI_ERR;
147 }
148 #ifdef DEBUG
149 printf("Found Ticket constructor\n");
150 #endif /* DEBUG */
151
152 principalNameConstructor = (*env)->GetMethodID(env, principalNameClass, "<init>", "(Ljava/lang/String;I)V");
153 if (principalNameConstructor == 0) {
154 printf("Couldn't find PrincipalName constructor\n");
155 return JNI_ERR;
156 }
157 #ifdef DEBUG
158 printf("Found PrincipalName constructor\n");
159 #endif /* DEBUG */
160
161 encryptionKeyConstructor = (*env)->GetMethodID(env, encryptionKeyClass, "<init>", "(I[B)V");
162 if (encryptionKeyConstructor == 0) {
163 printf("Couldn't find EncryptionKey constructor\n");
164 return JNI_ERR;
165 }
166 #ifdef DEBUG
167 printf("Found EncryptionKey constructor\n");
168 #endif /* DEBUG */
169
170 ticketFlagsConstructor = (*env)->GetMethodID(env, ticketFlagsClass, "<init>", "(I[B)V");
171 if (ticketFlagsConstructor == 0) {
172 printf("Couldn't find TicketFlags constructor\n");
173 return JNI_ERR;
174 }
175 #ifdef DEBUG
176 printf("Found TicketFlags constructor\n");
177 #endif /* DEBUG */
178
179 kerberosTimeConstructor = (*env)->GetMethodID(env, kerberosTimeClass, "<init>", "(J)V");
180 if (kerberosTimeConstructor == 0) {
181 printf("Couldn't find KerberosTime constructor\n");
182 return JNI_ERR;
183 }
184 #ifdef DEBUG
185 printf("Found KerberosTime constructor\n");
186 #endif /* DEBUG */
187
188 integerConstructor = (*env)->GetMethodID(env, javaLangIntegerClass, "<init>", "(I)V");
189 if (integerConstructor == 0) {
190 printf("Couldn't find Integer constructor\n");
191 return JNI_ERR;
192 }
193 #ifdef DEBUG
194 printf("Found Integer constructor\n");
195 #endif /* DEBUG */
196
197 hostAddressConstructor = (*env)->GetMethodID(env, hostAddressClass, "<init>", "(I[B)V");
198 if (hostAddressConstructor == 0) {
199 printf("Couldn't find HostAddress constructor\n");
200 return JNI_ERR;
201 }
202 #ifdef DEBUG
203 printf("Found HostAddress constructor\n");
204 #endif /* DEBUG */
205
206 hostAddressesConstructor = (*env)->GetMethodID(env, hostAddressesClass, "<init>", "([Lsun/security/krb5/internal/HostAddress;)V");
207 if (hostAddressesConstructor == 0) {
208 printf("Couldn't find HostAddresses constructor\n");
209 return JNI_ERR;
210 }
211 #ifdef DEBUG
212 printf("Found HostAddresses constructor\n");
213 #endif /* DEBUG */
214
215 #ifdef DEBUG
216 printf("Finished OnLoad processing\n");
217 #endif /* DEBUG */
218
219 return JNI_VERSION_1_2;
220 }
221
222 /*
223 * Class: sun_security_jgss_KrbCreds
224 * Method: JNI_OnUnload
225 */
226 JNIEXPORT void JNICALL JNI_OnUnload(JavaVM *jvm, void *reserved)
227 {
228 JNIEnv *env;
229
230 if ((*jvm)->GetEnv(jvm, (void **)&env, JNI_VERSION_1_2)) {
231 return; /* Nothing else we can do */
232 }
233
234 if (ticketClass != NULL) {
235 (*env)->DeleteWeakGlobalRef(env,ticketClass);
236 }
237 if (derValueClass != NULL) {
238 (*env)->DeleteWeakGlobalRef(env,derValueClass);
239 }
240 if (principalNameClass != NULL) {
241 (*env)->DeleteWeakGlobalRef(env,principalNameClass);
242 }
243 if (encryptionKeyClass != NULL) {
244 (*env)->DeleteWeakGlobalRef(env,encryptionKeyClass);
245 }
246 if (ticketFlagsClass != NULL) {
247 (*env)->DeleteWeakGlobalRef(env,ticketFlagsClass);
248 }
249 if (kerberosTimeClass != NULL) {
250 (*env)->DeleteWeakGlobalRef(env,kerberosTimeClass);
251 }
252 if (javaLangStringClass != NULL) {
253 (*env)->DeleteWeakGlobalRef(env,javaLangStringClass);
254 }
255 if (javaLangIntegerClass != NULL) {
256 (*env)->DeleteWeakGlobalRef(env,javaLangIntegerClass);
257 }
258 if (hostAddressClass != NULL) {
259 (*env)->DeleteWeakGlobalRef(env,hostAddressClass);
260 }
261 if (hostAddressesClass != NULL) {
262 (*env)->DeleteWeakGlobalRef(env,hostAddressesClass);
263 }
264
265 }
266
267 int isIn(krb5_enctype e, int n, jint* etypes)
268 {
269 int i;
270 for (i=0; i<n; i++) {
271 if (e == etypes[i]) return 1;
272 }
273 return 0;
274 }
275
276 /*
277 * Class: sun_security_krb5_Credentials
278 * Method: acquireDefaultNativeCreds
279 * Signature: ([I])Lsun/security/krb5/Credentials;
280 */
281 JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativeCreds
282 (JNIEnv *env, jclass krbcredsClass, jintArray jetypes)
283 {
284 jobject krbCreds = NULL;
285 krb5_error_code err = 0;
286 krb5_ccache ccache = NULL;
287 krb5_cc_cursor cursor = NULL;
288 krb5_creds creds;
289 krb5_flags flags = 0;
290 krb5_context kcontext = NULL;
291
292 int netypes;
293 jint *etypes = NULL;
294 int proxy_flag = 0;
295
296 /* Initialize the Kerberos 5 context */
297 err = krb5_init_context (&kcontext);
298
299 if (!err) {
300 err = krb5_cc_default (kcontext, &ccache);
301 }
302
303 if (!err) {
304 err = krb5_cc_set_flags (kcontext, ccache, flags); /* turn off OPENCLOSE */
305 }
306
307 // First round read. The proxy_impersonator config flag is not supported.
308 // This ccache will not be used if this flag exists.
309 if (!err) {
310 err = krb5_cc_start_seq_get (kcontext, ccache, &cursor);
311 }
312
313 if (!err) {
314 while ((err = krb5_cc_next_cred (kcontext, ccache, &cursor, &creds)) == 0) {
315 char *serverName = NULL;
316
317 if (!err) {
318 err = krb5_unparse_name (kcontext, creds.server, &serverName);
319 printiferr (err, "while unparsing server name");
320 }
321
322 if (!err) {
323 if (!strcmp(serverName, "krb5_ccache_conf_data/proxy_impersonator@X-CACHECONF:")) {
324 proxy_flag = 1;
325 }
326 }
327
328 if (serverName != NULL) { krb5_free_unparsed_name (kcontext, serverName); }
329
330 krb5_free_cred_contents (kcontext, &creds);
331
332 if (proxy_flag) break;
333 }
334
335 if (err == KRB5_CC_END) { err = 0; }
336 printiferr (err, "while retrieving a ticket");
337 }
338
339 if (!err) {
340 err = krb5_cc_end_seq_get (kcontext, ccache, &cursor);
341 printiferr (err, "while finishing ticket retrieval");
342 }
343
344 if (proxy_flag) {
345 goto outer_cleanup;
346 }
347 // End of first round read
348
349 if (!err) {
350 err = krb5_cc_start_seq_get (kcontext, ccache, &cursor);
351 }
352
353 netypes = (*env)->GetArrayLength(env, jetypes);
354 etypes = (jint *) (*env)->GetIntArrayElements(env, jetypes, NULL);
355
356 if (etypes != NULL && !err) {
357 while ((err = krb5_cc_next_cred (kcontext, ccache, &cursor, &creds)) == 0) {
358 char *serverName = NULL;
359
360 if (!err) {
361 err = krb5_unparse_name (kcontext, creds.server, &serverName);
362 printiferr (err, "while unparsing server name");
363 }
364
365 if (!err) {
366 char* slash = strchr(serverName, '/');
367 char* at = strchr(serverName, '@');
368 // Make sure the server's name is krbtgt/REALM@REALM, the etype
369 // is supported, and the ticket has not expired
370 if (slash && at &&
371 strncmp (serverName, "krbtgt", slash-serverName) == 0 &&
372 // the ablove line shows at must be after slash
373 strncmp (slash+1, at+1, at-slash-1) == 0 &&
374 isIn (creds.keyblock.enctype, netypes, etypes) &&
375 creds.times.endtime > time(0)) {
376 jobject ticket, clientPrincipal, targetPrincipal, encryptionKey;
377 jobject ticketFlags, startTime, endTime;
378 jobject authTime, renewTillTime, hostAddresses;
379
380 ticket = clientPrincipal = targetPrincipal = encryptionKey = NULL;
381 ticketFlags = startTime = endTime = NULL;
382 authTime = renewTillTime = hostAddresses = NULL;
383
384 // For the default credentials we're only interested in the krbtgt server.
385 clientPrincipal = BuildClientPrincipal(env, kcontext, creds.client);
386 if (clientPrincipal == NULL) goto cleanup;
387
388 targetPrincipal = BuildClientPrincipal(env, kcontext, creds.server);
389 if (targetPrincipal == NULL) goto cleanup;
390
391 // Build a sun/security/krb5/internal/Ticket
392 ticket = BuildTicket(env, &creds.ticket);
393 if (ticket == NULL) goto cleanup;
394
395 // Get the encryption key
396 encryptionKey = BuildEncryptionKey(env, &creds.keyblock);
397 if (encryptionKey == NULL) goto cleanup;
398
399 // and the ticket flags
400 ticketFlags = BuildTicketFlags(env, creds.ticket_flags);
401 if (ticketFlags == NULL) goto cleanup;
402
403 // Get the timestamps out.
404 startTime = BuildKerberosTime(env, creds.times.starttime);
405 if (startTime == NULL) goto cleanup;
406
407 authTime = BuildKerberosTime(env, creds.times.authtime);
408 if (authTime == NULL) goto cleanup;
409
410 endTime = BuildKerberosTime(env, creds.times.endtime);
411 if (endTime == NULL) goto cleanup;
412
413 renewTillTime = BuildKerberosTime(env, creds.times.renew_till);
414 if (renewTillTime == NULL) goto cleanup;
415
416 // Create the addresses object.
417 hostAddresses = BuildAddressList(env, creds.addresses);
418
419 if (krbcredsConstructor == 0) {
420 krbcredsConstructor = (*env)->GetMethodID(env, krbcredsClass, "<init>",
421 "(Lsun/security/krb5/internal/Ticket;Lsun/security/krb5/PrincipalName;Lsun/security/krb5/PrincipalName;Lsun/security/krb5/PrincipalName;Lsun/security/krb5/PrincipalName;Lsun/security/krb5/EncryptionKey;Lsun/security/krb5/internal/TicketFlags;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/HostAddresses;)V");
422 if (krbcredsConstructor == 0) {
423 printf("Couldn't find sun.security.krb5.internal.Ticket constructor\n");
424 break;
425 }
426 }
427
428 // and now go build a KrbCreds object
429 krbCreds = (*env)->NewObject(
430 env,
431 krbcredsClass,
432 krbcredsConstructor,
433 ticket,
434 clientPrincipal,
435 NULL,
436 targetPrincipal,
437 NULL,
438 encryptionKey,
439 ticketFlags,
440 authTime,
441 startTime,
442 endTime,
443 renewTillTime,
444 hostAddresses);
445 cleanup:
446 if (ticket) (*env)->DeleteLocalRef(env, ticket);
447 if (clientPrincipal) (*env)->DeleteLocalRef(env, clientPrincipal);
448 if (targetPrincipal) (*env)->DeleteLocalRef(env, targetPrincipal);
449 if (encryptionKey) (*env)->DeleteLocalRef(env, encryptionKey);
450 if (ticketFlags) (*env)->DeleteLocalRef(env, ticketFlags);
451 if (authTime) (*env)->DeleteLocalRef(env, authTime);
452 if (startTime) (*env)->DeleteLocalRef(env, startTime);
453 if (endTime) (*env)->DeleteLocalRef(env, endTime);
454 if (renewTillTime) (*env)->DeleteLocalRef(env, renewTillTime);
455 if (hostAddresses) (*env)->DeleteLocalRef(env, hostAddresses);
456
457 // Stop if there is an exception or we already found the initial TGT
458 if ((*env)->ExceptionCheck(env) || krbCreds) {
459 break;
460 }
461 }
462 }
463
464 if (serverName != NULL) { krb5_free_unparsed_name (kcontext, serverName); }
465
466 krb5_free_cred_contents (kcontext, &creds);
467 }
468
469 if (err == KRB5_CC_END) { err = 0; }
470 printiferr (err, "while retrieving a ticket");
471 }
472
473 if (!err) {
474 err = krb5_cc_end_seq_get (kcontext, ccache, &cursor);
475 printiferr (err, "while finishing ticket retrieval");
476 }
477
478 outer_cleanup:
479 if (!err) {
480 flags = KRB5_TC_OPENCLOSE; /* restore OPENCLOSE mode */
481 err = krb5_cc_set_flags (kcontext, ccache, flags);
482 printiferr (err, "while finishing ticket retrieval");
483 }
484
485 if (etypes != NULL) {
486 (*env)->ReleaseIntArrayElements(env, jetypes, etypes, 0);
487 }
488
489 krb5_free_context (kcontext);
490 return krbCreds;
491 }
492
493
494 #pragma mark -
495
496 jobject BuildTicket(JNIEnv *env, krb5_data *encodedTicket)
497 {
498 /* To build a Ticket, we first need to build a DerValue out of the EncodedTicket.
499 * But before we can do that, we need to make a byte array out of the ET.
500 */
501
502 jobject derValue, ticket;
503 jbyteArray ary;
504
505 ary = (*env)->NewByteArray(env, encodedTicket->length);
506 if ((*env)->ExceptionCheck(env)) {
507 return (jobject) NULL;
508 }
509
510 (*env)->SetByteArrayRegion(env, ary, (jsize) 0, encodedTicket->length, (jbyte *)encodedTicket->data);
511 if ((*env)->ExceptionCheck(env)) {
512 (*env)->DeleteLocalRef(env, ary);
513 return (jobject) NULL;
514 }
515
516 derValue = (*env)->NewObject(env, derValueClass, derValueConstructor, ary);
517 if ((*env)->ExceptionCheck(env)) {
518 (*env)->DeleteLocalRef(env, ary);
519 return (jobject) NULL;
520 }
521
522 (*env)->DeleteLocalRef(env, ary);
523 ticket = (*env)->NewObject(env, ticketClass, ticketConstructor, derValue);
524 if ((*env)->ExceptionCheck(env)) {
525 (*env)->DeleteLocalRef(env, derValue);
526 return (jobject) NULL;
527 }
528 (*env)->DeleteLocalRef(env, derValue);
529 return ticket;
530 }
531
532 jobject BuildClientPrincipal(JNIEnv *env, krb5_context kcontext, krb5_principal principalName) {
533 // Get the full principal string.
534 char *principalString = NULL;
535 jobject principal = NULL;
536 int err = krb5_unparse_name (kcontext, principalName, &principalString);
537
538 if (!err) {
539 // Make a PrincipalName from the full string and the type. Let the PrincipalName class parse it out.
540 jstring principalStringObj = (*env)->NewStringUTF(env, principalString);
541 if (principalStringObj == NULL) {
542 if (principalString != NULL) { krb5_free_unparsed_name (kcontext, principalString); }
543 return (jobject) NULL;
544 }
545 principal = (*env)->NewObject(env, principalNameClass, principalNameConstructor, principalStringObj, principalName->type);
546 if (principalString != NULL) { krb5_free_unparsed_name (kcontext, principalString); }
547 (*env)->DeleteLocalRef(env, principalStringObj);
548 }
549
550 return principal;
551 }
552
553 jobject BuildEncryptionKey(JNIEnv *env, krb5_keyblock *cryptoKey) {
554 // First, need to build a byte array
555 jbyteArray ary;
556 jobject encryptionKey = NULL;
557
558 ary = (*env)->NewByteArray(env,cryptoKey->length);
559
560 if (ary == NULL) {
561 return (jobject) NULL;
562 }
563
564 (*env)->SetByteArrayRegion(env, ary, (jsize) 0, cryptoKey->length, (jbyte *)cryptoKey->contents);
565 if (!(*env)->ExceptionCheck(env)) {
566 encryptionKey = (*env)->NewObject(env, encryptionKeyClass, encryptionKeyConstructor, cryptoKey->enctype, ary);
567 }
568
569 (*env)->DeleteLocalRef(env, ary);
570 return encryptionKey;
571 }
572
573 jobject BuildTicketFlags(JNIEnv *env, krb5_flags flags) {
574 jobject ticketFlags = NULL;
575 jbyteArray ary;
576
577 /*
578 * Convert the bytes to network byte order before copying
579 * them to a Java byte array.
580 */
581 unsigned long nlflags = htonl(flags);
582
583 ary = (*env)->NewByteArray(env, sizeof(flags));
584
585 if (ary == NULL) {
586 return (jobject) NULL;
587 }
588
589 (*env)->SetByteArrayRegion(env, ary, (jsize) 0, sizeof(flags), (jbyte *)&nlflags);
590
591 if (!(*env)->ExceptionCheck(env)) {
592 ticketFlags = (*env)->NewObject(env, ticketFlagsClass, ticketFlagsConstructor, sizeof(flags)*8, ary);
593 }
594
595 (*env)->DeleteLocalRef(env, ary);
596 return ticketFlags;
597 }
598
599 jobject BuildKerberosTime(JNIEnv *env, krb5_timestamp kerbtime) {
600 jlong time = kerbtime;
601
602 // Kerberos time is in seconds, but the KerberosTime class assumes milliseconds, so multiply by 1000.
603 time *= 1000;
604 return (*env)->NewObject(env, kerberosTimeClass, kerberosTimeConstructor, time);
605 }
606
607 jobject BuildAddressList(JNIEnv *env, krb5_address **addresses) {
608
609 if (addresses == NULL) {
610 return NULL;
611 }
612
613 int addressCount = 0;
614
615 // See how many we have.
616 krb5_address **p = addresses;
617
618 while (*p != 0) {
619 addressCount++;
620 p++;
621 }
622
623 jobject address_list = (*env)->NewObjectArray(env, addressCount, hostAddressClass, NULL);
624
625 if (address_list == NULL) {
626 return (jobject) NULL;
627 }
628
629 // Create a new HostAddress object for each address block.
630 // First, reset the iterator.
631 p = addresses;
632 jsize index = 0;
633 while (*p != 0) {
634 krb5_address *currAddress = *p;
635
636 // HostAddres needs a byte array of the host data.
637 jbyteArray ary = (*env)->NewByteArray(env, currAddress->length);
638
639 if (ary == NULL) return NULL;
640
641 (*env)->SetByteArrayRegion(env, ary, (jsize) 0, currAddress->length, (jbyte *)currAddress->contents);
642 jobject address = (*env)->NewObject(env, hostAddressClass, hostAddressConstructor, currAddress->length, ary);
643
644 (*env)->DeleteLocalRef(env, ary);
645
646 if (address == NULL) {
647 return (jobject) NULL;
648 }
649 // Add the HostAddress to the arrray.
650 (*env)->SetObjectArrayElement(env, address_list, index, address);
651
652 if ((*env)->ExceptionCheck(env)) {
653 return (jobject) NULL;
654 }
655
656 index++;
657 p++;
658 }
659
660 return address_list;
661 }
662
663 #pragma mark - Utility methods -
664
665 static void printiferr (errcode_t err, const char *format, ...)
666 {
667 if (err) {
668 va_list pvar;
669
670 va_start (pvar, format);
671 com_err_va ("ticketParser:", err, format, pvar);
672 va_end (pvar);
673 }
674 }
675