security/krb5/KrbAsReq.java

0N/A/*
2418N/A * Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
0N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
0N/A *
0N/A * This code is free software; you can redistribute it and/or modify it
0N/A * under the terms of the GNU General Public License version 2 only, as
2362N/A * published by the Free Software Foundation.  Oracle designates this
0N/A * particular file as subject to the "Classpath" exception as provided
2362N/A * by Oracle in the LICENSE file that accompanied this code.
0N/A *
0N/A * This code is distributed in the hope that it will be useful, but WITHOUT
0N/A * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
0N/A * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
0N/A * version 2 for more details (a copy is included in the LICENSE file that
0N/A * accompanied this code).
0N/A *
0N/A * You should have received a copy of the GNU General Public License version
0N/A * 2 along with this work; if not, write to the Free Software Foundation,
0N/A * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
0N/A *
2362N/A * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
2362N/A * or visit www.oracle.com if you need additional information or have any
2362N/A * questions.
0N/A */
0N/A
0N/A/*
0N/A *
0N/A *  (C) Copyright IBM Corp. 1999 All Rights Reserved.
0N/A *  Copyright 1997 The Open Group Research Institute.  All rights reserved.
0N/A */
0N/A
0N/Apackage sun.security.krb5;
0N/A
0N/Aimport sun.security.krb5.internal.*;
0N/Aimport sun.security.krb5.internal.crypto.Nonce;
0N/Aimport sun.security.krb5.internal.crypto.KeyUsage;
0N/Aimport java.io.IOException;
0N/A
0N/A/**
0N/A * This class encapsulates the KRB-AS-REQ message that the client
0N/A * sends to the KDC.
0N/A */
3054N/Apublic class KrbAsReq {
0N/A    private ASReq asReqMessg;
0N/A
0N/A    private boolean DEBUG = Krb5.DEBUG;
0N/A
0N/A    /**
3054N/A     * Constructs an AS-REQ message.
0N/A     */
3054N/A                                                // Can be null? has default?
3054N/A    public KrbAsReq(EncryptionKey pakey,        // ok
3054N/A                      KDCOptions options,       // ok, new KDCOptions()
3054N/A                      PrincipalName cname,      // NO and must have realm
3054N/A                      PrincipalName sname,      // ok, krgtgt@CREALM
3054N/A                      KerberosTime from,        // ok
3054N/A                      KerberosTime till,        // ok, will use
3054N/A                      KerberosTime rtime,       // ok
3054N/A                      int[] eTypes,             // NO
3054N/A                      HostAddresses addresses   // ok
3054N/A                      )
3054N/A            throws KrbException, IOException {
0N/A
3054N/A        if (options == null) {
3054N/A            options = new KDCOptions();
0N/A        }
0N/A
0N/A        // check if they are valid arguments. The optional fields should be
0N/A        // consistent with settings in KDCOptions. Mar 17 2000
0N/A        if (options.get(KDCOptions.FORWARDED) ||
0N/A            options.get(KDCOptions.PROXY) ||
0N/A            options.get(KDCOptions.ENC_TKT_IN_SKEY) ||
0N/A            options.get(KDCOptions.RENEW) ||
0N/A            options.get(KDCOptions.VALIDATE)) {
0N/A            // this option is only specified in a request to the
0N/A            // ticket-granting server
0N/A            throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS);
0N/A        }
0N/A        if (options.get(KDCOptions.POSTDATED)) {
0N/A            //  if (from == null)
0N/A            //          throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS);
0N/A        } else {
0N/A            if (from != null)  from = null;
0N/A        }
0N/A        if (options.get(KDCOptions.RENEWABLE)) {
0N/A            //  if (rtime == null)
0N/A            //          throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS);
0N/A        } else {
0N/A            if (rtime != null)  rtime = null;
0N/A        }
0N/A
0N/A        PAData[] paData = null;
3054N/A        if (pakey != null) {
0N/A            PAEncTSEnc ts = new PAEncTSEnc();
0N/A            byte[] temp = ts.asn1Encode();
3054N/A            EncryptedData encTs = new EncryptedData(pakey, temp,
3054N/A                KeyUsage.KU_PA_ENC_TS);
3054N/A            paData = new PAData[1];
3054N/A            paData[0] = new PAData( Krb5.PA_ENC_TIMESTAMP,
3054N/A                                    encTs.asn1Encode());
3054N/A        }
3054N/A
3054N/A        if (cname.getRealm() == null) {
3054N/A            throw new RealmException(Krb5.REALM_NULL,
3054N/A                                     "default realm not specified ");
0N/A        }
0N/A
0N/A        if (DEBUG) {
3054N/A            System.out.println(">>> KrbAsReq creating message");
0N/A        }
0N/A
0N/A        // check to use addresses in tickets
3054N/A        if (addresses == null && Config.getInstance().useAddresses()) {
0N/A            addresses = HostAddresses.getLocalAddresses();
0N/A        }
0N/A
3054N/A        if (sname == null) {
3054N/A            sname = new PrincipalName("krbtgt" +
3054N/A                                      PrincipalName.NAME_COMPONENT_SEPARATOR +
3054N/A                                      cname.getRealmAsString(),
3054N/A                            PrincipalName.KRB_NT_SRV_INST);
0N/A        }
0N/A
0N/A        if (till == null) {
3054N/A            till = new KerberosTime(0); // Choose KDC maximum allowed
0N/A        }
0N/A
3054N/A        // enc-authorization-data and additional-tickets never in AS-REQ
3054N/A        KDCReqBody kdc_req_body = new KDCReqBody(options,
0N/A                                                 cname,
3054N/A                                                 cname.getRealm(),
3054N/A                                                 sname,
0N/A                                                 from,
3054N/A                                                 till,
0N/A                                                 rtime,
0N/A                                                 Nonce.value(),
0N/A                                                 eTypes,
0N/A                                                 addresses,
0N/A                                                 null,
3054N/A                                                 null);
0N/A
3054N/A        asReqMessg = new ASReq(
0N/A                         paData,
0N/A                         kdc_req_body);
0N/A    }
0N/A
3054N/A    byte[] encoding() throws IOException, Asn1Exception {
3054N/A        return asReqMessg.asn1Encode();
3054N/A    }
3054N/A
3054N/A    // Used by KrbAsRep to validate AS-REP
0N/A    ASReq getMessage() {
0N/A        return asReqMessg;
0N/A    }
0N/A}