/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
*
* (C) Copyright IBM Corp. 1999 All Rights Reserved.
* Copyright 1997 The Open Group Research Institute. All rights reserved.
*/
/**
* This class encapsulates a Kerberos TGS-REQ that is sent from the
* client to the KDC.
*/
public class KrbTgsReq {
private boolean useSubkey = false;
private byte[] obuf;
private byte[] ibuf;
// Used in CredentialsUtil
throws KrbException, IOException {
this(new KDCOptions(),
null, // KerberosTime from
null, // KerberosTime till
null, // KerberosTime rtime
null, // eTypes, // null, // int[] eTypes
null, // HostAddresses addresses
null, // AuthorizationData authorizationData
null, // Ticket[] additionalTickets
null); // EncryptionKey subSessionKey
}
// Called by Credentials, KrbCred
int[] eTypes,
// check if they are valid arguments. The optional fields
// should be consistent with settings in KDCOptions.
}
}
}
}
}
}
} else {
}
} else {
}
if (additionalTickets == null)
// in TGS_REQ there could be more than one additional
// tickets, but in file-based credential cache,
// there is only one additional ticket field.
} else {
if (additionalTickets != null)
}
from,
till,
subKey);
// XXX We need to revisit this to see if can't move it
// up such that FORWARDED flag set in the options
// is included in the marshaled request.
/*
* If this is based on a forwarded ticket, record that in the
* options, because the returned TgsRep will contain the
* FORWARDED flag set.
*/
}
/**
* Sends a TGS request to the realm of the target.
* @throws KrbException
* @throws IOException
*/
}
throws KrbException, IOException {
}
/**
* Sends the request, waits for a reply, and returns the Credentials.
* Used in Credentials, KrbCred, and internal/CredentialsUtil.
*/
send();
}
return ctime;
}
int[] eTypes,
} else {
}
/*
* RFC 4120, Section 5.4.2.
* For KRB_TGS_REP, the ciphertext is encrypted in the
* sub-session key from the Authenticator, or if absent,
* the session key from the ticket-granting ticket used
* in the request.
*
* To support this, use tgsReqKey to remember which key to use.
*/
int[] req_eTypes = null;
if (req_eTypes == null) {
throw new KrbCryptoException(
"No supported encryption types listed in default_tgs_enctypes");
}
} else {
req_eTypes = eTypes;
}
if (authorizationData != null) {
useSubkey = true;
} else
}
// crealm,
from,
// if the checksum type is one of the keyed checksum types,
// use session key.
switch (Checksum.CKSUMTYPE_DEFAULT) {
case Checksum.CKSUMTYPE_DES_MAC:
case Checksum.CKSUMTYPE_DES_MAC_K:
break;
case Checksum.CKSUMTYPE_CRC32:
case Checksum.CKSUMTYPE_RSA_MD4:
case Checksum.CKSUMTYPE_RSA_MD5:
default:
}
// Usage will be KeyUsage.KU_PA_TGS_REQ_AUTHENTICATOR
byte[] tgs_ap_req = new KrbApReq(
new APOptions(),
key,
null,
null).getMessage();
}
return tgsReqMessg;
}
return secondTicket;
}
// System.err.println(">>> KrbTgsReq: " + message);
}
boolean usedSubkey() {
return useSubkey;
}
}