sun.security.krb5.internal.crypto.Nonce Java Examples

The following examples show how to use sun.security.krb5.internal.crypto.Nonce. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: NegativeNonce.java    From TencentKona-8 with GNU General Public License v2.0 5 votes vote down vote up
public static void main(String[] args) throws Exception {
    for (int i=0; i<100; i++) {
        if (Nonce.value() < 0) {
            throw new Exception("Nonce value is negative. Wrong!");
        }
    }
}
 
Example #2
Source File: NegativeNonce.java    From jdk8u-dev-jdk with GNU General Public License v2.0 5 votes vote down vote up
public static void main(String[] args) throws Exception {
    for (int i=0; i<100; i++) {
        if (Nonce.value() < 0) {
            throw new Exception("Nonce value is negative. Wrong!");
        }
    }
}
 
Example #3
Source File: NegativeNonce.java    From jdk8u-jdk with GNU General Public License v2.0 5 votes vote down vote up
public static void main(String[] args) throws Exception {
    for (int i=0; i<100; i++) {
        if (Nonce.value() < 0) {
            throw new Exception("Nonce value is negative. Wrong!");
        }
    }
}
 
Example #4
Source File: NegativeNonce.java    From jdk8u_jdk with GNU General Public License v2.0 5 votes vote down vote up
public static void main(String[] args) throws Exception {
    for (int i=0; i<100; i++) {
        if (Nonce.value() < 0) {
            throw new Exception("Nonce value is negative. Wrong!");
        }
    }
}
 
Example #5
Source File: NegativeNonce.java    From openjdk-8 with GNU General Public License v2.0 5 votes vote down vote up
public static void main(String[] args) throws Exception {
    for (int i=0; i<100; i++) {
        if (Nonce.value() < 0) {
            throw new Exception("Nonce value is negative. Wrong!");
        }
    }
}
 
Example #6
Source File: NegativeNonce.java    From openjdk-8-source with GNU General Public License v2.0 5 votes vote down vote up
public static void main(String[] args) throws Exception {
    for (int i=0; i<100; i++) {
        if (Nonce.value() < 0) {
            throw new Exception("Nonce value is negative. Wrong!");
        }
    }
}
 
Example #7
Source File: NegativeNonce.java    From hottub with GNU General Public License v2.0 5 votes vote down vote up
public static void main(String[] args) throws Exception {
    for (int i=0; i<100; i++) {
        if (Nonce.value() < 0) {
            throw new Exception("Nonce value is negative. Wrong!");
        }
    }
}
 
Example #8
Source File: NegativeNonce.java    From jdk8u-jdk with GNU General Public License v2.0 5 votes vote down vote up
public static void main(String[] args) throws Exception {
    for (int i=0; i<100; i++) {
        if (Nonce.value() < 0) {
            throw new Exception("Nonce value is negative. Wrong!");
        }
    }
}
 
Example #9
Source File: NegativeNonce.java    From openjdk-jdk9 with GNU General Public License v2.0 5 votes vote down vote up
public static void main(String[] args) throws Exception {
    for (int i=0; i<100; i++) {
        if (Nonce.value() < 0) {
            throw new Exception("Nonce value is negative. Wrong!");
        }
    }
}
 
Example #10
Source File: NegativeNonce.java    From openjdk-jdk8u-backup with GNU General Public License v2.0 5 votes vote down vote up
public static void main(String[] args) throws Exception {
    for (int i=0; i<100; i++) {
        if (Nonce.value() < 0) {
            throw new Exception("Nonce value is negative. Wrong!");
        }
    }
}
 
Example #11
Source File: NegativeNonce.java    From openjdk-jdk8u with GNU General Public License v2.0 5 votes vote down vote up
public static void main(String[] args) throws Exception {
    for (int i=0; i<100; i++) {
        if (Nonce.value() < 0) {
            throw new Exception("Nonce value is negative. Wrong!");
        }
    }
}
 
Example #12
Source File: NegativeNonce.java    From jdk8u60 with GNU General Public License v2.0 5 votes vote down vote up
public static void main(String[] args) throws Exception {
    for (int i=0; i<100; i++) {
        if (Nonce.value() < 0) {
            throw new Exception("Nonce value is negative. Wrong!");
        }
    }
}
 
Example #13
Source File: NegativeNonce.java    From dragonwell8_jdk with GNU General Public License v2.0 5 votes vote down vote up
public static void main(String[] args) throws Exception {
    for (int i=0; i<100; i++) {
        if (Nonce.value() < 0) {
            throw new Exception("Nonce value is negative. Wrong!");
        }
    }
}
 
Example #14
Source File: KrbAsReq.java    From jdk8u-jdk with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Constructs an AS-REQ message.
 */
                                            // Can be null? has default?
public KrbAsReq(EncryptionKey pakey,        // ok
                  KDCOptions options,       // ok, new KDCOptions()
                  PrincipalName cname,      // NO and must have realm
                  PrincipalName sname,      // ok, krgtgt@CREALM
                  KerberosTime from,        // ok
                  KerberosTime till,        // ok, will use
                  KerberosTime rtime,       // ok
                  int[] eTypes,             // NO
                  HostAddresses addresses   // ok
                  )
        throws KrbException, IOException {

    if (options == null) {
        options = new KDCOptions();
    }

    // check if they are valid arguments. The optional fields should be
    // consistent with settings in KDCOptions. Mar 17 2000
    if (options.get(KDCOptions.FORWARDED) ||
        options.get(KDCOptions.PROXY) ||
        options.get(KDCOptions.ENC_TKT_IN_SKEY) ||
        options.get(KDCOptions.RENEW) ||
        options.get(KDCOptions.VALIDATE)) {
        // this option is only specified in a request to the
        // ticket-granting server
        throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS);
    }
    if (options.get(KDCOptions.POSTDATED)) {
        //  if (from == null)
        //          throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS);
    } else {
        if (from != null)  from = null;
    }
    if (options.get(KDCOptions.RENEWABLE)) {
        //  if (rtime == null)
        //          throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS);
    } else {
        if (rtime != null)  rtime = null;
    }

    PAData[] paData = null;
    if (pakey != null) {
        PAEncTSEnc ts = new PAEncTSEnc();
        byte[] temp = ts.asn1Encode();
        EncryptedData encTs = new EncryptedData(pakey, temp,
            KeyUsage.KU_PA_ENC_TS);
        paData = new PAData[1];
        paData[0] = new PAData( Krb5.PA_ENC_TIMESTAMP,
                                encTs.asn1Encode());
    }

    if (cname.getRealm() == null) {
        throw new RealmException(Krb5.REALM_NULL,
                                 "default realm not specified ");
    }

    if (DEBUG) {
        System.out.println(">>> KrbAsReq creating message");
    }

    // check to use addresses in tickets
    if (addresses == null && Config.getInstance().useAddresses()) {
        addresses = HostAddresses.getLocalAddresses();
    }

    if (sname == null) {
        String realm = cname.getRealmAsString();
        sname = PrincipalName.tgsService(realm, realm);
    }

    if (till == null) {
        till = new KerberosTime(0); // Choose KDC maximum allowed
    }

    // enc-authorization-data and additional-tickets never in AS-REQ
    KDCReqBody kdc_req_body = new KDCReqBody(options,
                                             cname,
                                             sname,
                                             from,
                                             till,
                                             rtime,
                                             Nonce.value(),
                                             eTypes,
                                             addresses,
                                             null,
                                             null);

    asReqMessg = new ASReq(
                     paData,
                     kdc_req_body);
}
 
Example #15
Source File: KrbAsReq.java    From hottub with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Constructs an AS-REQ message.
 */
                                            // Can be null? has default?
public KrbAsReq(EncryptionKey pakey,        // ok
                  KDCOptions options,       // ok, new KDCOptions()
                  PrincipalName cname,      // NO and must have realm
                  PrincipalName sname,      // ok, krgtgt@CREALM
                  KerberosTime from,        // ok
                  KerberosTime till,        // ok, will use
                  KerberosTime rtime,       // ok
                  int[] eTypes,             // NO
                  HostAddresses addresses   // ok
                  )
        throws KrbException, IOException {

    if (options == null) {
        options = new KDCOptions();
    }

    // check if they are valid arguments. The optional fields should be
    // consistent with settings in KDCOptions. Mar 17 2000
    if (options.get(KDCOptions.FORWARDED) ||
        options.get(KDCOptions.PROXY) ||
        options.get(KDCOptions.ENC_TKT_IN_SKEY) ||
        options.get(KDCOptions.RENEW) ||
        options.get(KDCOptions.VALIDATE)) {
        // this option is only specified in a request to the
        // ticket-granting server
        throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS);
    }
    if (options.get(KDCOptions.POSTDATED)) {
        //  if (from == null)
        //          throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS);
    } else {
        if (from != null)  from = null;
    }
    if (options.get(KDCOptions.RENEWABLE)) {
        //  if (rtime == null)
        //          throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS);
    } else {
        if (rtime != null)  rtime = null;
    }

    PAData[] paData = null;
    if (pakey != null) {
        PAEncTSEnc ts = new PAEncTSEnc();
        byte[] temp = ts.asn1Encode();
        EncryptedData encTs = new EncryptedData(pakey, temp,
            KeyUsage.KU_PA_ENC_TS);
        paData = new PAData[1];
        paData[0] = new PAData( Krb5.PA_ENC_TIMESTAMP,
                                encTs.asn1Encode());
    }

    if (cname.getRealm() == null) {
        throw new RealmException(Krb5.REALM_NULL,
                                 "default realm not specified ");
    }

    if (DEBUG) {
        System.out.println(">>> KrbAsReq creating message");
    }

    // check to use addresses in tickets
    if (addresses == null && Config.getInstance().useAddresses()) {
        addresses = HostAddresses.getLocalAddresses();
    }

    if (sname == null) {
        String realm = cname.getRealmAsString();
        sname = PrincipalName.tgsService(realm, realm);
    }

    if (till == null) {
        till = new KerberosTime(0); // Choose KDC maximum allowed
    }

    // enc-authorization-data and additional-tickets never in AS-REQ
    KDCReqBody kdc_req_body = new KDCReqBody(options,
                                             cname,
                                             sname,
                                             from,
                                             till,
                                             rtime,
                                             Nonce.value(),
                                             eTypes,
                                             addresses,
                                             null,
                                             null);

    asReqMessg = new ASReq(
                     paData,
                     kdc_req_body);
}
 
Example #16
Source File: KrbAsReq.java    From openjdk-8-source with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Constructs an AS-REQ message.
 */
                                            // Can be null? has default?
public KrbAsReq(EncryptionKey pakey,        // ok
                  KDCOptions options,       // ok, new KDCOptions()
                  PrincipalName cname,      // NO and must have realm
                  PrincipalName sname,      // ok, krgtgt@CREALM
                  KerberosTime from,        // ok
                  KerberosTime till,        // ok, will use
                  KerberosTime rtime,       // ok
                  int[] eTypes,             // NO
                  HostAddresses addresses   // ok
                  )
        throws KrbException, IOException {

    if (options == null) {
        options = new KDCOptions();
    }

    // check if they are valid arguments. The optional fields should be
    // consistent with settings in KDCOptions. Mar 17 2000
    if (options.get(KDCOptions.FORWARDED) ||
        options.get(KDCOptions.PROXY) ||
        options.get(KDCOptions.ENC_TKT_IN_SKEY) ||
        options.get(KDCOptions.RENEW) ||
        options.get(KDCOptions.VALIDATE)) {
        // this option is only specified in a request to the
        // ticket-granting server
        throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS);
    }
    if (options.get(KDCOptions.POSTDATED)) {
        //  if (from == null)
        //          throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS);
    } else {
        if (from != null)  from = null;
    }
    if (options.get(KDCOptions.RENEWABLE)) {
        //  if (rtime == null)
        //          throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS);
    } else {
        if (rtime != null)  rtime = null;
    }

    PAData[] paData = null;
    if (pakey != null) {
        PAEncTSEnc ts = new PAEncTSEnc();
        byte[] temp = ts.asn1Encode();
        EncryptedData encTs = new EncryptedData(pakey, temp,
            KeyUsage.KU_PA_ENC_TS);
        paData = new PAData[1];
        paData[0] = new PAData( Krb5.PA_ENC_TIMESTAMP,
                                encTs.asn1Encode());
    }

    if (cname.getRealm() == null) {
        throw new RealmException(Krb5.REALM_NULL,
                                 "default realm not specified ");
    }

    if (DEBUG) {
        System.out.println(">>> KrbAsReq creating message");
    }

    // check to use addresses in tickets
    if (addresses == null && Config.getInstance().useAddresses()) {
        addresses = HostAddresses.getLocalAddresses();
    }

    if (sname == null) {
        String realm = cname.getRealmAsString();
        sname = PrincipalName.tgsService(realm, realm);
    }

    if (till == null) {
        till = new KerberosTime(0); // Choose KDC maximum allowed
    }

    // enc-authorization-data and additional-tickets never in AS-REQ
    KDCReqBody kdc_req_body = new KDCReqBody(options,
                                             cname,
                                             sname,
                                             from,
                                             till,
                                             rtime,
                                             Nonce.value(),
                                             eTypes,
                                             addresses,
                                             null,
                                             null);

    asReqMessg = new ASReq(
                     paData,
                     kdc_req_body);
}
 
Example #17
Source File: KrbAsReq.java    From openjdk-jdk8u-backup with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Constructs an AS-REQ message.
 */
                                            // Can be null? has default?
public KrbAsReq(EncryptionKey pakey,        // ok
                  KDCOptions options,       // ok, new KDCOptions()
                  PrincipalName cname,      // NO and must have realm
                  PrincipalName sname,      // ok, krgtgt@CREALM
                  KerberosTime from,        // ok
                  KerberosTime till,        // ok, will use
                  KerberosTime rtime,       // ok
                  int[] eTypes,             // NO
                  HostAddresses addresses   // ok
                  )
        throws KrbException, IOException {

    if (options == null) {
        options = new KDCOptions();
    }

    // check if they are valid arguments. The optional fields should be
    // consistent with settings in KDCOptions. Mar 17 2000
    if (options.get(KDCOptions.FORWARDED) ||
        options.get(KDCOptions.PROXY) ||
        options.get(KDCOptions.ENC_TKT_IN_SKEY) ||
        options.get(KDCOptions.RENEW) ||
        options.get(KDCOptions.VALIDATE)) {
        // this option is only specified in a request to the
        // ticket-granting server
        throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS);
    }
    if (options.get(KDCOptions.POSTDATED)) {
        //  if (from == null)
        //          throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS);
    } else {
        if (from != null)  from = null;
    }
    if (options.get(KDCOptions.RENEWABLE)) {
        //  if (rtime == null)
        //          throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS);
    } else {
        if (rtime != null)  rtime = null;
    }

    PAData[] paData = null;
    if (pakey != null) {
        PAEncTSEnc ts = new PAEncTSEnc();
        byte[] temp = ts.asn1Encode();
        EncryptedData encTs = new EncryptedData(pakey, temp,
            KeyUsage.KU_PA_ENC_TS);
        paData = new PAData[1];
        paData[0] = new PAData( Krb5.PA_ENC_TIMESTAMP,
                                encTs.asn1Encode());
    }

    if (cname.getRealm() == null) {
        throw new RealmException(Krb5.REALM_NULL,
                                 "default realm not specified ");
    }

    if (DEBUG) {
        System.out.println(">>> KrbAsReq creating message");
    }

    // check to use addresses in tickets
    if (addresses == null && Config.getInstance().useAddresses()) {
        addresses = HostAddresses.getLocalAddresses();
    }

    if (sname == null) {
        String realm = cname.getRealmAsString();
        sname = PrincipalName.tgsService(realm, realm);
    }

    if (till == null) {
        till = new KerberosTime(0); // Choose KDC maximum allowed
    }

    // enc-authorization-data and additional-tickets never in AS-REQ
    KDCReqBody kdc_req_body = new KDCReqBody(options,
                                             cname,
                                             sname,
                                             from,
                                             till,
                                             rtime,
                                             Nonce.value(),
                                             eTypes,
                                             addresses,
                                             null,
                                             null);

    asReqMessg = new ASReq(
                     paData,
                     kdc_req_body);
}
 
Example #18
Source File: KrbAsReq.java    From openjdk-8 with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Constructs an AS-REQ message.
 */
                                            // Can be null? has default?
public KrbAsReq(EncryptionKey pakey,        // ok
                  KDCOptions options,       // ok, new KDCOptions()
                  PrincipalName cname,      // NO and must have realm
                  PrincipalName sname,      // ok, krgtgt@CREALM
                  KerberosTime from,        // ok
                  KerberosTime till,        // ok, will use
                  KerberosTime rtime,       // ok
                  int[] eTypes,             // NO
                  HostAddresses addresses   // ok
                  )
        throws KrbException, IOException {

    if (options == null) {
        options = new KDCOptions();
    }

    // check if they are valid arguments. The optional fields should be
    // consistent with settings in KDCOptions. Mar 17 2000
    if (options.get(KDCOptions.FORWARDED) ||
        options.get(KDCOptions.PROXY) ||
        options.get(KDCOptions.ENC_TKT_IN_SKEY) ||
        options.get(KDCOptions.RENEW) ||
        options.get(KDCOptions.VALIDATE)) {
        // this option is only specified in a request to the
        // ticket-granting server
        throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS);
    }
    if (options.get(KDCOptions.POSTDATED)) {
        //  if (from == null)
        //          throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS);
    } else {
        if (from != null)  from = null;
    }
    if (options.get(KDCOptions.RENEWABLE)) {
        //  if (rtime == null)
        //          throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS);
    } else {
        if (rtime != null)  rtime = null;
    }

    PAData[] paData = null;
    if (pakey != null) {
        PAEncTSEnc ts = new PAEncTSEnc();
        byte[] temp = ts.asn1Encode();
        EncryptedData encTs = new EncryptedData(pakey, temp,
            KeyUsage.KU_PA_ENC_TS);
        paData = new PAData[1];
        paData[0] = new PAData( Krb5.PA_ENC_TIMESTAMP,
                                encTs.asn1Encode());
    }

    if (cname.getRealm() == null) {
        throw new RealmException(Krb5.REALM_NULL,
                                 "default realm not specified ");
    }

    if (DEBUG) {
        System.out.println(">>> KrbAsReq creating message");
    }

    // check to use addresses in tickets
    if (addresses == null && Config.getInstance().useAddresses()) {
        addresses = HostAddresses.getLocalAddresses();
    }

    if (sname == null) {
        String realm = cname.getRealmAsString();
        sname = PrincipalName.tgsService(realm, realm);
    }

    if (till == null) {
        till = new KerberosTime(0); // Choose KDC maximum allowed
    }

    // enc-authorization-data and additional-tickets never in AS-REQ
    KDCReqBody kdc_req_body = new KDCReqBody(options,
                                             cname,
                                             sname,
                                             from,
                                             till,
                                             rtime,
                                             Nonce.value(),
                                             eTypes,
                                             addresses,
                                             null,
                                             null);

    asReqMessg = new ASReq(
                     paData,
                     kdc_req_body);
}
 
Example #19
Source File: KrbAsReq.java    From jdk8u-jdk with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Constructs an AS-REQ message.
 */
                                            // Can be null? has default?
public KrbAsReq(EncryptionKey pakey,        // ok
                  KDCOptions options,       // ok, new KDCOptions()
                  PrincipalName cname,      // NO and must have realm
                  PrincipalName sname,      // ok, krgtgt@CREALM
                  KerberosTime from,        // ok
                  KerberosTime till,        // ok, will use
                  KerberosTime rtime,       // ok
                  int[] eTypes,             // NO
                  HostAddresses addresses   // ok
                  )
        throws KrbException, IOException {

    if (options == null) {
        options = new KDCOptions();
    }

    // check if they are valid arguments. The optional fields should be
    // consistent with settings in KDCOptions. Mar 17 2000
    if (options.get(KDCOptions.FORWARDED) ||
        options.get(KDCOptions.PROXY) ||
        options.get(KDCOptions.ENC_TKT_IN_SKEY) ||
        options.get(KDCOptions.RENEW) ||
        options.get(KDCOptions.VALIDATE)) {
        // this option is only specified in a request to the
        // ticket-granting server
        throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS);
    }
    if (options.get(KDCOptions.POSTDATED)) {
        //  if (from == null)
        //          throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS);
    } else {
        if (from != null)  from = null;
    }
    if (options.get(KDCOptions.RENEWABLE)) {
        //  if (rtime == null)
        //          throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS);
    } else {
        if (rtime != null)  rtime = null;
    }

    PAData[] paData = null;
    if (pakey != null) {
        PAEncTSEnc ts = new PAEncTSEnc();
        byte[] temp = ts.asn1Encode();
        EncryptedData encTs = new EncryptedData(pakey, temp,
            KeyUsage.KU_PA_ENC_TS);
        paData = new PAData[1];
        paData[0] = new PAData( Krb5.PA_ENC_TIMESTAMP,
                                encTs.asn1Encode());
    }

    if (cname.getRealm() == null) {
        throw new RealmException(Krb5.REALM_NULL,
                                 "default realm not specified ");
    }

    if (DEBUG) {
        System.out.println(">>> KrbAsReq creating message");
    }

    // check to use addresses in tickets
    if (addresses == null && Config.getInstance().useAddresses()) {
        addresses = HostAddresses.getLocalAddresses();
    }

    if (sname == null) {
        String realm = cname.getRealmAsString();
        sname = PrincipalName.tgsService(realm, realm);
    }

    if (till == null) {
        till = new KerberosTime(0); // Choose KDC maximum allowed
    }

    // enc-authorization-data and additional-tickets never in AS-REQ
    KDCReqBody kdc_req_body = new KDCReqBody(options,
                                             cname,
                                             sname,
                                             from,
                                             till,
                                             rtime,
                                             Nonce.value(),
                                             eTypes,
                                             addresses,
                                             null,
                                             null);

    asReqMessg = new ASReq(
                     paData,
                     kdc_req_body);
}
 
Example #20
Source File: KrbAsReq.java    From jdk8u60 with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Constructs an AS-REQ message.
 */
                                            // Can be null? has default?
public KrbAsReq(EncryptionKey pakey,        // ok
                  KDCOptions options,       // ok, new KDCOptions()
                  PrincipalName cname,      // NO and must have realm
                  PrincipalName sname,      // ok, krgtgt@CREALM
                  KerberosTime from,        // ok
                  KerberosTime till,        // ok, will use
                  KerberosTime rtime,       // ok
                  int[] eTypes,             // NO
                  HostAddresses addresses   // ok
                  )
        throws KrbException, IOException {

    if (options == null) {
        options = new KDCOptions();
    }

    // check if they are valid arguments. The optional fields should be
    // consistent with settings in KDCOptions. Mar 17 2000
    if (options.get(KDCOptions.FORWARDED) ||
        options.get(KDCOptions.PROXY) ||
        options.get(KDCOptions.ENC_TKT_IN_SKEY) ||
        options.get(KDCOptions.RENEW) ||
        options.get(KDCOptions.VALIDATE)) {
        // this option is only specified in a request to the
        // ticket-granting server
        throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS);
    }
    if (options.get(KDCOptions.POSTDATED)) {
        //  if (from == null)
        //          throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS);
    } else {
        if (from != null)  from = null;
    }
    if (options.get(KDCOptions.RENEWABLE)) {
        //  if (rtime == null)
        //          throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS);
    } else {
        if (rtime != null)  rtime = null;
    }

    PAData[] paData = null;
    if (pakey != null) {
        PAEncTSEnc ts = new PAEncTSEnc();
        byte[] temp = ts.asn1Encode();
        EncryptedData encTs = new EncryptedData(pakey, temp,
            KeyUsage.KU_PA_ENC_TS);
        paData = new PAData[1];
        paData[0] = new PAData( Krb5.PA_ENC_TIMESTAMP,
                                encTs.asn1Encode());
    }

    if (cname.getRealm() == null) {
        throw new RealmException(Krb5.REALM_NULL,
                                 "default realm not specified ");
    }

    if (DEBUG) {
        System.out.println(">>> KrbAsReq creating message");
    }

    // check to use addresses in tickets
    if (addresses == null && Config.getInstance().useAddresses()) {
        addresses = HostAddresses.getLocalAddresses();
    }

    if (sname == null) {
        String realm = cname.getRealmAsString();
        sname = PrincipalName.tgsService(realm, realm);
    }

    if (till == null) {
        till = new KerberosTime(0); // Choose KDC maximum allowed
    }

    // enc-authorization-data and additional-tickets never in AS-REQ
    KDCReqBody kdc_req_body = new KDCReqBody(options,
                                             cname,
                                             sname,
                                             from,
                                             till,
                                             rtime,
                                             Nonce.value(),
                                             eTypes,
                                             addresses,
                                             null,
                                             null);

    asReqMessg = new ASReq(
                     paData,
                     kdc_req_body);
}
 
Example #21
Source File: KrbAsReq.java    From jdk8u-dev-jdk with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Constructs an AS-REQ message.
 */
                                            // Can be null? has default?
public KrbAsReq(EncryptionKey pakey,        // ok
                  KDCOptions options,       // ok, new KDCOptions()
                  PrincipalName cname,      // NO and must have realm
                  PrincipalName sname,      // ok, krgtgt@CREALM
                  KerberosTime from,        // ok
                  KerberosTime till,        // ok, will use
                  KerberosTime rtime,       // ok
                  int[] eTypes,             // NO
                  HostAddresses addresses   // ok
                  )
        throws KrbException, IOException {

    if (options == null) {
        options = new KDCOptions();
    }

    // check if they are valid arguments. The optional fields should be
    // consistent with settings in KDCOptions. Mar 17 2000
    if (options.get(KDCOptions.FORWARDED) ||
        options.get(KDCOptions.PROXY) ||
        options.get(KDCOptions.ENC_TKT_IN_SKEY) ||
        options.get(KDCOptions.RENEW) ||
        options.get(KDCOptions.VALIDATE)) {
        // this option is only specified in a request to the
        // ticket-granting server
        throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS);
    }
    if (options.get(KDCOptions.POSTDATED)) {
        //  if (from == null)
        //          throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS);
    } else {
        if (from != null)  from = null;
    }
    if (options.get(KDCOptions.RENEWABLE)) {
        //  if (rtime == null)
        //          throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS);
    } else {
        if (rtime != null)  rtime = null;
    }

    PAData[] paData = null;
    if (pakey != null) {
        PAEncTSEnc ts = new PAEncTSEnc();
        byte[] temp = ts.asn1Encode();
        EncryptedData encTs = new EncryptedData(pakey, temp,
            KeyUsage.KU_PA_ENC_TS);
        paData = new PAData[1];
        paData[0] = new PAData( Krb5.PA_ENC_TIMESTAMP,
                                encTs.asn1Encode());
    }

    if (cname.getRealm() == null) {
        throw new RealmException(Krb5.REALM_NULL,
                                 "default realm not specified ");
    }

    if (DEBUG) {
        System.out.println(">>> KrbAsReq creating message");
    }

    // check to use addresses in tickets
    if (addresses == null && Config.getInstance().useAddresses()) {
        addresses = HostAddresses.getLocalAddresses();
    }

    if (sname == null) {
        String realm = cname.getRealmAsString();
        sname = PrincipalName.tgsService(realm, realm);
    }

    if (till == null) {
        till = new KerberosTime(0); // Choose KDC maximum allowed
    }

    // enc-authorization-data and additional-tickets never in AS-REQ
    KDCReqBody kdc_req_body = new KDCReqBody(options,
                                             cname,
                                             sname,
                                             from,
                                             till,
                                             rtime,
                                             Nonce.value(),
                                             eTypes,
                                             addresses,
                                             null,
                                             null);

    asReqMessg = new ASReq(
                     paData,
                     kdc_req_body);
}