From 0f960354ea2506d0c7daa4e90d1523d43c89c5ec Mon Sep 17 00:00:00 2001 From: Weijun Wang Date: Wed, 5 Mar 2008 09:52:50 +0800 Subject: [PATCH] 6641312: Fix krb5 codes indentation problems Reviewed-by: xuelei, valeriep, wetmore --- .../classes/sun/security/krb5/KrbTgsReq.java | 194 ++-- .../sun/security/krb5/internal/APRep.java | 133 ++- .../sun/security/krb5/internal/APReq.java | 160 +-- .../sun/security/krb5/internal/ASRep.java | 44 +- .../sun/security/krb5/internal/ASReq.java | 23 +- .../security/krb5/internal/Authenticator.java | 251 ++-- .../krb5/internal/AuthorizationData.java | 176 ++- .../krb5/internal/AuthorizationDataEntry.java | 144 +-- .../security/krb5/internal/EncAPRepPart.java | 180 +-- .../security/krb5/internal/EncASRepPart.java | 94 +- .../security/krb5/internal/EncKDCRepPart.java | 273 +++-- .../krb5/internal/EncKrbCredPart.java | 267 ++--- .../krb5/internal/EncKrbPrivPart.java | 197 ++-- .../security/krb5/internal/EncTGSRepPart.java | 91 +- .../security/krb5/internal/EncTicketPart.java | 247 ++-- .../sun/security/krb5/internal/KDCRep.java | 294 ++--- .../sun/security/krb5/internal/KDCReq.java | 267 ++--- .../sun/security/krb5/internal/KRBCred.java | 214 ++-- .../security/krb5/internal/KrbCredInfo.java | 22 +- .../krb5/internal/ccache/Credentials.java | 293 ++--- .../native/sun/security/krb5/NativeCreds.c | 1018 ++++++++--------- 21 files changed, 2337 insertions(+), 2245 deletions(-) diff --git a/jdk/src/share/classes/sun/security/krb5/KrbTgsReq.java b/jdk/src/share/classes/sun/security/krb5/KrbTgsReq.java index 328e255e0d6..0cc54e17c45 100644 --- a/jdk/src/share/classes/sun/security/krb5/KrbTgsReq.java +++ b/jdk/src/share/classes/sun/security/krb5/KrbTgsReq.java @@ -75,107 +75,107 @@ public class KrbTgsReq extends KrbKdcReq { null); // EncryptionKey subSessionKey } - // Called by Credentials, KrbCred - KrbTgsReq( - KDCOptions options, - Credentials asCreds, - PrincipalName sname, - KerberosTime from, - KerberosTime till, - KerberosTime rtime, - int[] eTypes, - HostAddresses addresses, - AuthorizationData authorizationData, - Ticket[] additionalTickets, - EncryptionKey subKey) throws KrbException, IOException { + // Called by Credentials, KrbCred + KrbTgsReq( + KDCOptions options, + Credentials asCreds, + PrincipalName sname, + KerberosTime from, + KerberosTime till, + KerberosTime rtime, + int[] eTypes, + HostAddresses addresses, + AuthorizationData authorizationData, + Ticket[] additionalTickets, + EncryptionKey subKey) throws KrbException, IOException { - princName = asCreds.client; - servName = sname; - ctime = new KerberosTime(KerberosTime.NOW); - - - // check if they are valid arguments. The optional fields - // should be consistent with settings in KDCOptions. - if (options.get(KDCOptions.FORWARDABLE) && - (!(asCreds.flags.get(Krb5.TKT_OPTS_FORWARDABLE)))) { - throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS); - } - if (options.get(KDCOptions.FORWARDED)) { - if (!(asCreds.flags.get(KDCOptions.FORWARDABLE))) - throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS); - } - if (options.get(KDCOptions.PROXIABLE) && - (!(asCreds.flags.get(Krb5.TKT_OPTS_PROXIABLE)))) { - throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS); - } - if (options.get(KDCOptions.PROXY)) { - if (!(asCreds.flags.get(KDCOptions.PROXIABLE))) - throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS); - } - if (options.get(KDCOptions.ALLOW_POSTDATE) && - (!(asCreds.flags.get(Krb5.TKT_OPTS_MAY_POSTDATE)))) { - throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS); - } - if (options.get(KDCOptions.RENEWABLE) && - (!(asCreds.flags.get(Krb5.TKT_OPTS_RENEWABLE)))) { - throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS); - } - - if (options.get(KDCOptions.POSTDATED)) { - if (!(asCreds.flags.get(KDCOptions.POSTDATED))) - throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS); - } else { - if (from != null) from = null; - } - if (options.get(KDCOptions.RENEWABLE)) { - if (!(asCreds.flags.get(KDCOptions.RENEWABLE))) - throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS); - } else { - if (rtime != null) rtime = null; - } - if (options.get(KDCOptions.ENC_TKT_IN_SKEY)) { - if (additionalTickets == null) - throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS); - // in TGS_REQ there could be more than one additional - // tickets, but in file-based credential cache, - // there is only one additional ticket field. - secondTicket = additionalTickets[0]; - } else { - if (additionalTickets != null) - additionalTickets = null; - } - - tgsReqMessg = createRequest( - options, - asCreds.ticket, - asCreds.key, - ctime, - princName, - princName.getRealm(), - servName, - from, - till, - rtime, - eTypes, - addresses, - authorizationData, - additionalTickets, - subKey); - obuf = tgsReqMessg.asn1Encode(); - - // XXX We need to revisit this to see if can't move it - // up such that FORWARDED flag set in the options - // is included in the marshaled request. - /* - * If this is based on a forwarded ticket, record that in the - * options, because the returned TgsRep will contain the - * FORWARDED flag set. - */ - if (asCreds.flags.get(KDCOptions.FORWARDED)) - options.set(KDCOptions.FORWARDED, true); + princName = asCreds.client; + servName = sname; + ctime = new KerberosTime(KerberosTime.NOW); + // check if they are valid arguments. The optional fields + // should be consistent with settings in KDCOptions. + if (options.get(KDCOptions.FORWARDABLE) && + (!(asCreds.flags.get(Krb5.TKT_OPTS_FORWARDABLE)))) { + throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS); } + if (options.get(KDCOptions.FORWARDED)) { + if (!(asCreds.flags.get(KDCOptions.FORWARDABLE))) + throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS); + } + if (options.get(KDCOptions.PROXIABLE) && + (!(asCreds.flags.get(Krb5.TKT_OPTS_PROXIABLE)))) { + throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS); + } + if (options.get(KDCOptions.PROXY)) { + if (!(asCreds.flags.get(KDCOptions.PROXIABLE))) + throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS); + } + if (options.get(KDCOptions.ALLOW_POSTDATE) && + (!(asCreds.flags.get(Krb5.TKT_OPTS_MAY_POSTDATE)))) { + throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS); + } + if (options.get(KDCOptions.RENEWABLE) && + (!(asCreds.flags.get(Krb5.TKT_OPTS_RENEWABLE)))) { + throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS); + } + + if (options.get(KDCOptions.POSTDATED)) { + if (!(asCreds.flags.get(KDCOptions.POSTDATED))) + throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS); + } else { + if (from != null) from = null; + } + if (options.get(KDCOptions.RENEWABLE)) { + if (!(asCreds.flags.get(KDCOptions.RENEWABLE))) + throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS); + } else { + if (rtime != null) rtime = null; + } + if (options.get(KDCOptions.ENC_TKT_IN_SKEY)) { + if (additionalTickets == null) + throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS); + // in TGS_REQ there could be more than one additional + // tickets, but in file-based credential cache, + // there is only one additional ticket field. + secondTicket = additionalTickets[0]; + } else { + if (additionalTickets != null) + additionalTickets = null; + } + + tgsReqMessg = createRequest( + options, + asCreds.ticket, + asCreds.key, + ctime, + princName, + princName.getRealm(), + servName, + from, + till, + rtime, + eTypes, + addresses, + authorizationData, + additionalTickets, + subKey); + obuf = tgsReqMessg.asn1Encode(); + + // XXX We need to revisit this to see if can't move it + // up such that FORWARDED flag set in the options + // is included in the marshaled request. + /* + * If this is based on a forwarded ticket, record that in the + * options, because the returned TgsRep will contain the + * FORWARDED flag set. + */ + if (asCreds.flags.get(KDCOptions.FORWARDED)) + options.set(KDCOptions.FORWARDED, true); + + + } /** * Sends a TGS request to the realm of the target. diff --git a/jdk/src/share/classes/sun/security/krb5/internal/APRep.java b/jdk/src/share/classes/sun/security/krb5/internal/APRep.java index 17aeb89797c..53c3b58eaac 100644 --- a/jdk/src/share/classes/sun/security/krb5/internal/APRep.java +++ b/jdk/src/share/classes/sun/security/krb5/internal/APRep.java @@ -54,81 +54,88 @@ import java.math.BigInteger; * http://www.ietf.org/rfc/rfc4120.txt. */ public class APRep { - public int pvno; - public int msgType; - public EncryptedData encPart; - public APRep(EncryptedData new_encPart) { - pvno = Krb5.PVNO; - msgType = Krb5.KRB_AP_REP; - encPart = new_encPart; - } + public int pvno; + public int msgType; + public EncryptedData encPart; - public APRep(byte[] data) throws Asn1Exception, - KrbApErrException, IOException { - init(new DerValue(data)); - } + public APRep(EncryptedData new_encPart) { + pvno = Krb5.PVNO; + msgType = Krb5.KRB_AP_REP; + encPart = new_encPart; + } + + public APRep(byte[] data) throws Asn1Exception, + KrbApErrException, IOException { + init(new DerValue(data)); + } public APRep(DerValue encoding) throws Asn1Exception, - KrbApErrException, IOException { - init(encoding); - } + KrbApErrException, IOException { + init(encoding); + } - /** - * Initializes an APRep object. - * @param encoding a single DER-encoded value. - * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. - * @exception IOException if an I/O error occurs while reading encoded data. - * @exception KrbApErrException if the value read from the DER-encoded data - * stream does not match the pre-defined value. - */ + /** + * Initializes an APRep object. + * @param encoding a single DER-encoded value. + * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. + * @exception IOException if an I/O error occurs while reading encoded data. + * @exception KrbApErrException if the value read from the DER-encoded data + * stream does not match the pre-defined value. + */ private void init(DerValue encoding) throws Asn1Exception, - KrbApErrException, IOException { + KrbApErrException, IOException { - if (((encoding.getTag() & (byte)(0x1F)) != Krb5.KRB_AP_REP) - || (encoding.isApplication() != true) - || (encoding.isConstructed() != true)) - throw new Asn1Exception(Krb5.ASN1_BAD_ID); - DerValue der = encoding.getData().getDerValue(); - if (der.getTag() != DerValue.tag_Sequence) + if (((encoding.getTag() & (byte) (0x1F)) != Krb5.KRB_AP_REP) + || (encoding.isApplication() != true) + || (encoding.isConstructed() != true)) { throw new Asn1Exception(Krb5.ASN1_BAD_ID); - DerValue subDer = der.getData().getDerValue(); - if ((subDer.getTag() & (byte)0x1F) != (byte)0x00) + } + DerValue der = encoding.getData().getDerValue(); + if (der.getTag() != DerValue.tag_Sequence) { throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + DerValue subDer = der.getData().getDerValue(); + if ((subDer.getTag() & (byte) 0x1F) != (byte) 0x00) { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } pvno = subDer.getData().getBigInteger().intValue(); - if (pvno != Krb5.PVNO) - throw new KrbApErrException(Krb5.KRB_AP_ERR_BADVERSION); - subDer = der.getData().getDerValue(); - if ((subDer.getTag() & (byte)0x1F) != (byte)0x01) - throw new Asn1Exception(Krb5.ASN1_BAD_ID); - msgType = subDer.getData().getBigInteger().intValue(); - if (msgType != Krb5.KRB_AP_REP) - throw new KrbApErrException(Krb5.KRB_AP_ERR_MSG_TYPE); - encPart = EncryptedData.parse(der.getData(), (byte)0x02, false); - if (der.getData().available() > 0) + if (pvno != Krb5.PVNO) { + throw new KrbApErrException(Krb5.KRB_AP_ERR_BADVERSION); + } + subDer = der.getData().getDerValue(); + if ((subDer.getTag() & (byte) 0x1F) != (byte) 0x01) { throw new Asn1Exception(Krb5.ASN1_BAD_ID); } + msgType = subDer.getData().getBigInteger().intValue(); + if (msgType != Krb5.KRB_AP_REP) { + throw new KrbApErrException(Krb5.KRB_AP_ERR_MSG_TYPE); + } + encPart = EncryptedData.parse(der.getData(), (byte) 0x02, false); + if (der.getData().available() > 0) { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + } - /** - * Encodes an APRep object. - * @return byte array of encoded APRep object. - * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. - * @exception IOException if an I/O error occurs while reading encoded data. - */ - public byte[] asn1Encode() throws Asn1Exception, IOException { + /** + * Encodes an APRep object. + * @return byte array of encoded APRep object. + * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. + * @exception IOException if an I/O error occurs while reading encoded data. + */ + public byte[] asn1Encode() throws Asn1Exception, IOException { DerOutputStream bytes = new DerOutputStream(); - DerOutputStream temp = new DerOutputStream(); - temp.putInteger(BigInteger.valueOf(pvno)); - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x00), temp); - temp = new DerOutputStream(); - temp.putInteger(BigInteger.valueOf(msgType)); - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x01), temp); - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x02), encPart.asn1Encode()); - temp = new DerOutputStream(); - temp.write(DerValue.tag_Sequence, bytes); - DerOutputStream aprep = new DerOutputStream(); - aprep.write(DerValue.createTag(DerValue.TAG_APPLICATION, true, (byte)0x0F), temp); - return aprep.toByteArray(); - } - + DerOutputStream temp = new DerOutputStream(); + temp.putInteger(BigInteger.valueOf(pvno)); + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x00), temp); + temp = new DerOutputStream(); + temp.putInteger(BigInteger.valueOf(msgType)); + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x01), temp); + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x02), encPart.asn1Encode()); + temp = new DerOutputStream(); + temp.write(DerValue.tag_Sequence, bytes); + DerOutputStream aprep = new DerOutputStream(); + aprep.write(DerValue.createTag(DerValue.TAG_APPLICATION, true, (byte) 0x0F), temp); + return aprep.toByteArray(); + } } diff --git a/jdk/src/share/classes/sun/security/krb5/internal/APReq.java b/jdk/src/share/classes/sun/security/krb5/internal/APReq.java index 328f833df62..3a1dc7c2222 100644 --- a/jdk/src/share/classes/sun/security/krb5/internal/APReq.java +++ b/jdk/src/share/classes/sun/security/krb5/internal/APReq.java @@ -54,94 +54,98 @@ import java.math.BigInteger; * * http://www.ietf.org/rfc/rfc4120.txt. */ - public class APReq { - public int pvno; - public int msgType; - public APOptions apOptions; - public Ticket ticket; - public EncryptedData authenticator; - public APReq( - APOptions new_apOptions, - Ticket new_ticket, - EncryptedData new_authenticator - ) { - pvno = Krb5.PVNO; - msgType = Krb5.KRB_AP_REQ; - apOptions = new_apOptions; - ticket = new_ticket; - authenticator = new_authenticator; - } + public int pvno; + public int msgType; + public APOptions apOptions; + public Ticket ticket; + public EncryptedData authenticator; - public APReq(byte[] data) throws Asn1Exception,IOException, KrbApErrException, RealmException { + public APReq( + APOptions new_apOptions, + Ticket new_ticket, + EncryptedData new_authenticator) { + pvno = Krb5.PVNO; + msgType = Krb5.KRB_AP_REQ; + apOptions = new_apOptions; + ticket = new_ticket; + authenticator = new_authenticator; + } + + public APReq(byte[] data) throws Asn1Exception, IOException, KrbApErrException, RealmException { init(new DerValue(data)); - } + } public APReq(DerValue encoding) throws Asn1Exception, IOException, KrbApErrException, RealmException { - init(encoding); - } + init(encoding); + } - /** - * Initializes an APReq object. - * @param encoding a single DER-encoded value. - * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. - * @exception IOException if an I/O error occurs while reading encoded data. - * @exception KrbApErrException if the value read from the DER-encoded data stream does not match the pre-defined value. - * @exception RealmException if an error occurs while parsing a Realm object. - */ - private void init(DerValue encoding) throws Asn1Exception, - IOException, KrbApErrException, RealmException { - DerValue der, subDer; - if (((encoding.getTag() & (byte)0x1F) != Krb5.KRB_AP_REQ) - || (encoding.isApplication() != true) - || (encoding.isConstructed() != true)) - throw new Asn1Exception(Krb5.ASN1_BAD_ID); - der = encoding.getData().getDerValue(); - if (der.getTag() != DerValue.tag_Sequence) - throw new Asn1Exception(Krb5.ASN1_BAD_ID); - subDer = der.getData().getDerValue(); - if ((subDer.getTag() & (byte)0x1F) != (byte)0x00) + /** + * Initializes an APReq object. + * @param encoding a single DER-encoded value. + * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. + * @exception IOException if an I/O error occurs while reading encoded data. + * @exception KrbApErrException if the value read from the DER-encoded data stream does not match the pre-defined value. + * @exception RealmException if an error occurs while parsing a Realm object. + */ + private void init(DerValue encoding) throws Asn1Exception, + IOException, KrbApErrException, RealmException { + DerValue der, subDer; + if (((encoding.getTag() & (byte) 0x1F) != Krb5.KRB_AP_REQ) + || (encoding.isApplication() != true) + || (encoding.isConstructed() != true)) { throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + der = encoding.getData().getDerValue(); + if (der.getTag() != DerValue.tag_Sequence) { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + subDer = der.getData().getDerValue(); + if ((subDer.getTag() & (byte) 0x1F) != (byte) 0x00) { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } pvno = subDer.getData().getBigInteger().intValue(); - if (pvno != Krb5.PVNO) - throw new KrbApErrException(Krb5.KRB_AP_ERR_BADVERSION); - subDer = der.getData().getDerValue(); - if ((subDer.getTag() & (byte)0x1F) != (byte)0x01) - throw new Asn1Exception(Krb5.ASN1_BAD_ID); - msgType = subDer.getData().getBigInteger().intValue(); - if (msgType != Krb5.KRB_AP_REQ) - throw new KrbApErrException(Krb5.KRB_AP_ERR_MSG_TYPE); - apOptions = APOptions.parse(der.getData(), (byte)0x02, false); - ticket = Ticket.parse(der.getData(), (byte)0x03, false); - authenticator = EncryptedData.parse(der.getData(), (byte)0x04, false); - if (der.getData().available() > 0) - throw new Asn1Exception(Krb5.ASN1_BAD_ID); + if (pvno != Krb5.PVNO) { + throw new KrbApErrException(Krb5.KRB_AP_ERR_BADVERSION); } + subDer = der.getData().getDerValue(); + if ((subDer.getTag() & (byte) 0x1F) != (byte) 0x01) { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + msgType = subDer.getData().getBigInteger().intValue(); + if (msgType != Krb5.KRB_AP_REQ) { + throw new KrbApErrException(Krb5.KRB_AP_ERR_MSG_TYPE); + } + apOptions = APOptions.parse(der.getData(), (byte) 0x02, false); + ticket = Ticket.parse(der.getData(), (byte) 0x03, false); + authenticator = EncryptedData.parse(der.getData(), (byte) 0x04, false); + if (der.getData().available() > 0) { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + } - /** - * Encodes an APReq object. - * @return byte array of encoded APReq object. - * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. - * @exception IOException if an I/O error occurs while reading encoded data. - */ - public byte[] asn1Encode() throws Asn1Exception, IOException { + /** + * Encodes an APReq object. + * @return byte array of encoded APReq object. + * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. + * @exception IOException if an I/O error occurs while reading encoded data. + */ + public byte[] asn1Encode() throws Asn1Exception, IOException { DerOutputStream bytes = new DerOutputStream(); - DerOutputStream temp = new DerOutputStream(); - temp.putInteger(BigInteger.valueOf(pvno)); - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x00), temp); - temp = new DerOutputStream(); - temp.putInteger(BigInteger.valueOf(msgType)); - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x01), temp); - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x02), apOptions.asn1Encode()); - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x03), ticket.asn1Encode()); - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x04), authenticator.asn1Encode()); - temp = new DerOutputStream(); - temp.write(DerValue.tag_Sequence, bytes); - DerOutputStream apreq = new DerOutputStream(); - apreq.write(DerValue.createTag(DerValue.TAG_APPLICATION, true, (byte)0x0E), temp); - return apreq.toByteArray(); - - } - + DerOutputStream temp = new DerOutputStream(); + temp.putInteger(BigInteger.valueOf(pvno)); + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x00), temp); + temp = new DerOutputStream(); + temp.putInteger(BigInteger.valueOf(msgType)); + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x01), temp); + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x02), apOptions.asn1Encode()); + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x03), ticket.asn1Encode()); + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x04), authenticator.asn1Encode()); + temp = new DerOutputStream(); + temp.write(DerValue.tag_Sequence, bytes); + DerOutputStream apreq = new DerOutputStream(); + apreq.write(DerValue.createTag(DerValue.TAG_APPLICATION, true, (byte) 0x0E), temp); + return apreq.toByteArray(); + } } diff --git a/jdk/src/share/classes/sun/security/krb5/internal/ASRep.java b/jdk/src/share/classes/sun/security/krb5/internal/ASRep.java index df0ebac6550..a59811d97f9 100644 --- a/jdk/src/share/classes/sun/security/krb5/internal/ASRep.java +++ b/jdk/src/share/classes/sun/security/krb5/internal/ASRep.java @@ -40,30 +40,28 @@ import java.io.IOException; public class ASRep extends KDCRep { - public ASRep( - PAData[] new_pAData, - Realm new_crealm, - PrincipalName new_cname, - Ticket new_ticket, - EncryptedData new_encPart - ) throws IOException { - super(new_pAData, new_crealm, new_cname, new_ticket, - new_encPart, Krb5.KRB_AS_REP); - } + public ASRep( + PAData[] new_pAData, + Realm new_crealm, + PrincipalName new_cname, + Ticket new_ticket, + EncryptedData new_encPart) throws IOException { + super(new_pAData, new_crealm, new_cname, new_ticket, + new_encPart, Krb5.KRB_AS_REP); + } - public ASRep(byte[] data) throws Asn1Exception, - RealmException, KrbApErrException, IOException { - init(new DerValue(data)); - } + public ASRep(byte[] data) throws Asn1Exception, + RealmException, KrbApErrException, IOException { + init(new DerValue(data)); + } - public ASRep(DerValue encoding) throws Asn1Exception, - RealmException, KrbApErrException, IOException { - init(encoding); - } - - private void init(DerValue encoding) throws Asn1Exception, - RealmException, KrbApErrException, IOException { - init(encoding, Krb5.KRB_AS_REP); - } + public ASRep(DerValue encoding) throws Asn1Exception, + RealmException, KrbApErrException, IOException { + init(encoding); + } + private void init(DerValue encoding) throws Asn1Exception, + RealmException, KrbApErrException, IOException { + init(encoding, Krb5.KRB_AS_REP); + } } diff --git a/jdk/src/share/classes/sun/security/krb5/internal/ASReq.java b/jdk/src/share/classes/sun/security/krb5/internal/ASReq.java index 743316c6c0c..b5907398bf7 100644 --- a/jdk/src/share/classes/sun/security/krb5/internal/ASReq.java +++ b/jdk/src/share/classes/sun/security/krb5/internal/ASReq.java @@ -36,20 +36,19 @@ import java.io.IOException; public class ASReq extends KDCReq { - public ASReq(PAData[] new_pAData, KDCReqBody new_reqBody) throws IOException { - super(new_pAData, new_reqBody, Krb5.KRB_AS_REQ); - } + public ASReq(PAData[] new_pAData, KDCReqBody new_reqBody) throws IOException { + super(new_pAData, new_reqBody, Krb5.KRB_AS_REQ); + } - public ASReq(byte[] data) throws Asn1Exception, KrbException, IOException { - init(new DerValue(data)); - } + public ASReq(byte[] data) throws Asn1Exception, KrbException, IOException { + init(new DerValue(data)); + } public ASReq(DerValue encoding) throws Asn1Exception, KrbException, IOException { - init(encoding); - } - - private void init(DerValue encoding) throws Asn1Exception, IOException, KrbException { - super.init(encoding, Krb5.KRB_AS_REQ); - } + init(encoding); + } + private void init(DerValue encoding) throws Asn1Exception, IOException, KrbException { + super.init(encoding, Krb5.KRB_AS_REQ); + } } diff --git a/jdk/src/share/classes/sun/security/krb5/internal/Authenticator.java b/jdk/src/share/classes/sun/security/krb5/internal/Authenticator.java index 57b6156c0e5..49cf1709ee2 100644 --- a/jdk/src/share/classes/sun/security/krb5/internal/Authenticator.java +++ b/jdk/src/share/classes/sun/security/krb5/internal/Authenticator.java @@ -34,6 +34,7 @@ import sun.security.util.*; import java.util.Vector; import java.io.IOException; import java.math.BigInteger; + /** * Implements the ASN.1 Authenticator type. * @@ -58,6 +59,7 @@ import java.math.BigInteger; * http://www.ietf.org/rfc/rfc4120.txt. */ public class Authenticator { + public int authenticator_vno; public Realm crealm; public PrincipalName cname; @@ -68,137 +70,145 @@ public class Authenticator { Integer seqNumber; //optional public AuthorizationData authorizationData; //optional - public Authenticator ( - Realm new_crealm, - PrincipalName new_cname, - Checksum new_cksum, - int new_cusec, - KerberosTime new_ctime, - EncryptionKey new_subKey, - Integer new_seqNumber, - AuthorizationData new_authorizationData - ) { - authenticator_vno = Krb5.AUTHNETICATOR_VNO; - crealm = new_crealm; - cname = new_cname; - cksum = new_cksum; - cusec = new_cusec; - ctime = new_ctime; - subKey = new_subKey; - seqNumber = new_seqNumber; - authorizationData = new_authorizationData; - } + public Authenticator( + Realm new_crealm, + PrincipalName new_cname, + Checksum new_cksum, + int new_cusec, + KerberosTime new_ctime, + EncryptionKey new_subKey, + Integer new_seqNumber, + AuthorizationData new_authorizationData) { + authenticator_vno = Krb5.AUTHNETICATOR_VNO; + crealm = new_crealm; + cname = new_cname; + cksum = new_cksum; + cusec = new_cusec; + ctime = new_ctime; + subKey = new_subKey; + seqNumber = new_seqNumber; + authorizationData = new_authorizationData; + } - public Authenticator(byte[] data) - throws Asn1Exception, IOException, KrbApErrException, RealmException { - init(new DerValue(data)); - } + public Authenticator(byte[] data) + throws Asn1Exception, IOException, KrbApErrException, RealmException { + init(new DerValue(data)); + } - public Authenticator(DerValue encoding) - throws Asn1Exception,IOException, KrbApErrException, RealmException { - init(encoding); - } + public Authenticator(DerValue encoding) + throws Asn1Exception, IOException, KrbApErrException, RealmException { + init(encoding); + } - /** - * Initializes an Authenticator object. - * @param encoding a single DER-encoded value. - * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. - * @exception IOException if an I/O error occurs while reading encoded data. - * @exception KrbApErrException if the value read from the DER-encoded data - * stream does not match the pre-defined value. - * @exception RealmException if an error occurs while parsing a Realm object. - */ - private void init(DerValue encoding) - throws Asn1Exception, IOException, KrbApErrException, RealmException { - DerValue der, subDer; - //may not be the correct error code for a tag - //mismatch on an encrypted structure - if (((encoding.getTag() & (byte)0x1F) != (byte)0x02) - || (encoding.isApplication() != true) - || (encoding.isConstructed() != true)) - throw new Asn1Exception(Krb5.ASN1_BAD_ID); - der = encoding.getData().getDerValue(); - if (der.getTag() != DerValue.tag_Sequence) + /** + * Initializes an Authenticator object. + * @param encoding a single DER-encoded value. + * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. + * @exception IOException if an I/O error occurs while reading encoded data. + * @exception KrbApErrException if the value read from the DER-encoded data + * stream does not match the pre-defined value. + * @exception RealmException if an error occurs while parsing a Realm object. + */ + private void init(DerValue encoding) + throws Asn1Exception, IOException, KrbApErrException, RealmException { + DerValue der, subDer; + //may not be the correct error code for a tag + //mismatch on an encrypted structure + if (((encoding.getTag() & (byte) 0x1F) != (byte) 0x02) + || (encoding.isApplication() != true) + || (encoding.isConstructed() != true)) { throw new Asn1Exception(Krb5.ASN1_BAD_ID); - subDer = der.getData().getDerValue(); - if ((subDer.getTag() & (byte)0x1F) != (byte)0x00) - throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + der = encoding.getData().getDerValue(); + if (der.getTag() != DerValue.tag_Sequence) { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + subDer = der.getData().getDerValue(); + if ((subDer.getTag() & (byte) 0x1F) != (byte) 0x00) { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } authenticator_vno = subDer.getData().getBigInteger().intValue(); - if (authenticator_vno != 5) + if (authenticator_vno != 5) { throw new KrbApErrException(Krb5.KRB_AP_ERR_BADVERSION); - crealm = Realm.parse(der.getData(), (byte)0x01, false); - cname = PrincipalName.parse(der.getData(), (byte)0x02, false); - cksum = Checksum.parse(der.getData(), (byte)0x03, true); + } + crealm = Realm.parse(der.getData(), (byte) 0x01, false); + cname = PrincipalName.parse(der.getData(), (byte) 0x02, false); + cksum = Checksum.parse(der.getData(), (byte) 0x03, true); + subDer = der.getData().getDerValue(); + if ((subDer.getTag() & (byte) 0x1F) == 0x04) { + cusec = subDer.getData().getBigInteger().intValue(); + } else { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + ctime = KerberosTime.parse(der.getData(), (byte) 0x05, false); + if (der.getData().available() > 0) { + subKey = EncryptionKey.parse(der.getData(), (byte) 0x06, true); + } else { + subKey = null; + seqNumber = null; + authorizationData = null; + } + if (der.getData().available() > 0) { + if ((der.getData().peekByte() & 0x1F) == 0x07) { subDer = der.getData().getDerValue(); - if ((subDer.getTag() & (byte)0x1F) == 0x04) { - cusec = subDer.getData().getBigInteger().intValue(); + if ((subDer.getTag() & (byte) 0x1F) == (byte) 0x07) { + seqNumber = new Integer(subDer.getData().getBigInteger().intValue()); } - else throw new Asn1Exception(Krb5.ASN1_BAD_ID); - ctime = KerberosTime.parse(der.getData(), (byte)0x05, false); - if (der.getData().available() > 0) { - subKey = EncryptionKey.parse(der.getData(), (byte)0x06, true); - } - else { - subKey = null; - seqNumber = null; - authorizationData = null; - } - if (der.getData().available() > 0) { - if ((der.getData().peekByte() & 0x1F) == 0x07) { - subDer = der.getData().getDerValue(); - if ((subDer.getTag() & (byte)0x1F) == (byte)0x07) - seqNumber = new Integer(subDer.getData().getBigInteger().intValue()); - } - } - else { - seqNumber = null; - authorizationData = null; - } - if (der.getData().available() > 0) { - authorizationData = AuthorizationData.parse(der.getData(), (byte)0x08, true); - } - else authorizationData = null; - if (der.getData().available() > 0) - throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + } else { + seqNumber = null; + authorizationData = null; } + if (der.getData().available() > 0) { + authorizationData = AuthorizationData.parse(der.getData(), (byte) 0x08, true); + } else { + authorizationData = null; + } + if (der.getData().available() > 0) { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + } - /** - * Encodes an Authenticator object. - * @return byte array of encoded Authenticator object. - * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. - * @exception IOException if an I/O error occurs while reading encoded data. - */ - public byte[] asn1Encode() throws Asn1Exception, IOException { - Vector v = new Vector (); - DerOutputStream temp = new DerOutputStream(); - temp.putInteger(BigInteger.valueOf(authenticator_vno)); - v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x00), temp.toByteArray())); - v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x01), crealm.asn1Encode())); - v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x02), cname.asn1Encode())); - if (cksum != null) - v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x03), cksum.asn1Encode())); - temp = new DerOutputStream(); - temp.putInteger(BigInteger.valueOf(cusec)); - v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x04), temp.toByteArray())); - v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x05), ctime.asn1Encode())); - if (subKey != null) - v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x06), subKey.asn1Encode())); - if (seqNumber != null) { - temp = new DerOutputStream(); - // encode as an unsigned integer (UInt32) - temp.putInteger(BigInteger.valueOf(seqNumber.longValue())); - v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x07), temp.toByteArray())); - } - if (authorizationData != null) - v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x08), authorizationData.asn1Encode())); - DerValue der[] = new DerValue[v.size()]; - v.copyInto(der); - temp = new DerOutputStream(); - temp.putSequence(der); - DerOutputStream out = new DerOutputStream(); - out.write(DerValue.createTag(DerValue.TAG_APPLICATION, true, (byte)0x02), temp); - return out.toByteArray(); + /** + * Encodes an Authenticator object. + * @return byte array of encoded Authenticator object. + * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. + * @exception IOException if an I/O error occurs while reading encoded data. + */ + public byte[] asn1Encode() throws Asn1Exception, IOException { + Vector v = new Vector(); + DerOutputStream temp = new DerOutputStream(); + temp.putInteger(BigInteger.valueOf(authenticator_vno)); + v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x00), temp.toByteArray())); + v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x01), crealm.asn1Encode())); + v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x02), cname.asn1Encode())); + if (cksum != null) { + v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x03), cksum.asn1Encode())); } + temp = new DerOutputStream(); + temp.putInteger(BigInteger.valueOf(cusec)); + v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x04), temp.toByteArray())); + v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x05), ctime.asn1Encode())); + if (subKey != null) { + v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x06), subKey.asn1Encode())); + } + if (seqNumber != null) { + temp = new DerOutputStream(); + // encode as an unsigned integer (UInt32) + temp.putInteger(BigInteger.valueOf(seqNumber.longValue())); + v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x07), temp.toByteArray())); + } + if (authorizationData != null) { + v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x08), authorizationData.asn1Encode())); + } + DerValue der[] = new DerValue[v.size()]; + v.copyInto(der); + temp = new DerOutputStream(); + temp.putSequence(der); + DerOutputStream out = new DerOutputStream(); + out.write(DerValue.createTag(DerValue.TAG_APPLICATION, true, (byte) 0x02), temp); + return out.toByteArray(); + } public final Checksum getChecksum() { return cksum; @@ -211,5 +221,4 @@ public class Authenticator { public final EncryptionKey getSubKey() { return subKey; } - } diff --git a/jdk/src/share/classes/sun/security/krb5/internal/AuthorizationData.java b/jdk/src/share/classes/sun/security/krb5/internal/AuthorizationData.java index d6f04d748b5..269edec71a1 100644 --- a/jdk/src/share/classes/sun/security/krb5/internal/AuthorizationData.java +++ b/jdk/src/share/classes/sun/security/krb5/internal/AuthorizationData.java @@ -53,82 +53,81 @@ import sun.security.krb5.internal.ccache.CCacheOutputStream; * } */ public class AuthorizationData implements Cloneable { - private AuthorizationDataEntry[] entry = null; - private AuthorizationData() { - } + private AuthorizationDataEntry[] entry = null; - public AuthorizationData( - AuthorizationDataEntry[] new_entries - ) throws IOException { - if (new_entries != null) { - entry = new AuthorizationDataEntry[new_entries.length]; - for (int i = 0; i < new_entries.length; i++) { - if (new_entries[i] == null) { - throw new IOException("Cannot create an AuthorizationData"); - } else { - entry[i] = (AuthorizationDataEntry)new_entries[i].clone(); - } - } - } - } + private AuthorizationData() { + } - public AuthorizationData( - AuthorizationDataEntry new_entry - ) { - entry = new AuthorizationDataEntry[1]; - entry[0] = new_entry; + public AuthorizationData(AuthorizationDataEntry[] new_entries) + throws IOException { + if (new_entries != null) { + entry = new AuthorizationDataEntry[new_entries.length]; + for (int i = 0; i < new_entries.length; i++) { + if (new_entries[i] == null) { + throw new IOException("Cannot create an AuthorizationData"); + } else { + entry[i] = (AuthorizationDataEntry) new_entries[i].clone(); + } + } } + } - public Object clone() { - AuthorizationData new_authorizationData = - new AuthorizationData(); - if (entry != null) { - new_authorizationData.entry = - new AuthorizationDataEntry[entry.length]; - for (int i = 0; i < entry.length; i++) - new_authorizationData.entry[i] = - (AuthorizationDataEntry)entry[i].clone(); - } - return new_authorizationData; - } + public AuthorizationData(AuthorizationDataEntry new_entry) { + entry = new AuthorizationDataEntry[1]; + entry[0] = new_entry; + } - /** - * Constructs a new AuthorizationData, instance. - * @param der a single DER-encoded value. - * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. - * @exception IOException if an I/O error occurs while reading encoded data. - */ - public AuthorizationData(DerValue der) throws Asn1Exception, IOException { - Vector v = - new Vector (); - if (der.getTag() != DerValue.tag_Sequence) { - throw new Asn1Exception(Krb5.ASN1_BAD_ID); - } - while (der.getData().available() > 0) { - v.addElement(new AuthorizationDataEntry(der.getData().getDerValue())); - } - if (v.size() > 0) { - entry = new AuthorizationDataEntry[v.size()]; - v.copyInto(entry); - } + public Object clone() { + AuthorizationData new_authorizationData = + new AuthorizationData(); + if (entry != null) { + new_authorizationData.entry = + new AuthorizationDataEntry[entry.length]; + for (int i = 0; i < entry.length; i++) { + new_authorizationData.entry[i] = + (AuthorizationDataEntry) entry[i].clone(); + } } + return new_authorizationData; + } - /** - * Encodes an AuthorizationData object. - * @return byte array of encoded AuthorizationData object. - * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. - * @exception IOException if an I/O error occurs while reading encoded data. - */ - public byte[] asn1Encode() throws Asn1Exception, IOException { - DerOutputStream bytes = new DerOutputStream(); - DerValue der[] = new DerValue[entry.length]; - for (int i = 0; i < entry.length; i++) { - der[i] = new DerValue(entry[i].asn1Encode()); - } - bytes.putSequence(der); - return bytes.toByteArray(); + /** + * Constructs a new AuthorizationData, instance. + * @param der a single DER-encoded value. + * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. + * @exception IOException if an I/O error occurs while reading encoded data. + */ + public AuthorizationData(DerValue der) throws Asn1Exception, IOException { + Vector v = + new Vector(); + if (der.getTag() != DerValue.tag_Sequence) { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); } + while (der.getData().available() > 0) { + v.addElement(new AuthorizationDataEntry(der.getData().getDerValue())); + } + if (v.size() > 0) { + entry = new AuthorizationDataEntry[v.size()]; + v.copyInto(entry); + } + } + + /** + * Encodes an AuthorizationData object. + * @return byte array of encoded AuthorizationData object. + * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. + * @exception IOException if an I/O error occurs while reading encoded data. + */ + public byte[] asn1Encode() throws Asn1Exception, IOException { + DerOutputStream bytes = new DerOutputStream(); + DerValue der[] = new DerValue[entry.length]; + for (int i = 0; i < entry.length; i++) { + der[i] = new DerValue(entry[i].asn1Encode()); + } + bytes.putSequence(der); + return bytes.toByteArray(); + } /** * Parse (unmarshal) an AuthorizationData object from a DER input stream. @@ -143,31 +142,30 @@ public class AuthorizationData implements Cloneable { * @return an instance of AuthorizationData. * */ - public static AuthorizationData parse(DerInputStream data, byte explicitTag, boolean optional) throws Asn1Exception, IOException{ - if ((optional) && (((byte)data.peekByte() & (byte)0x1F) != explicitTag)) { - return null; - } - DerValue der = data.getDerValue(); - if (explicitTag != (der.getTag() & (byte)0x1F)) { - throw new Asn1Exception(Krb5.ASN1_BAD_ID); - } - else { - DerValue subDer = der.getData().getDerValue(); - return new AuthorizationData(subDer); - } + public static AuthorizationData parse(DerInputStream data, byte explicitTag, boolean optional) throws Asn1Exception, IOException { + if ((optional) && (((byte) data.peekByte() & (byte) 0x1F) != explicitTag)) { + return null; } + DerValue der = data.getDerValue(); + if (explicitTag != (der.getTag() & (byte) 0x1F)) { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } else { + DerValue subDer = der.getData().getDerValue(); + return new AuthorizationData(subDer); + } + } - /** - * Writes AuthorizationData data fields to a output stream. - * - * @param cos a CCacheOutputStream to be written to. - * @exception IOException if an I/O exception occurs. - */ - public void writeAuth(CCacheOutputStream cos) throws IOException { - for (int i = 0; i < entry.length; i++) { - entry[i].writeEntry(cos); - } + /** + * Writes AuthorizationData data fields to a output stream. + * + * @param cos a CCacheOutputStream to be written to. + * @exception IOException if an I/O exception occurs. + */ + public void writeAuth(CCacheOutputStream cos) throws IOException { + for (int i = 0; i < entry.length; i++) { + entry[i].writeEntry(cos); } + } public String toString() { String retVal = "AuthorizationData:\n"; diff --git a/jdk/src/share/classes/sun/security/krb5/internal/AuthorizationDataEntry.java b/jdk/src/share/classes/sun/security/krb5/internal/AuthorizationDataEntry.java index 3ad64576175..e159c85fc00 100644 --- a/jdk/src/share/classes/sun/security/krb5/internal/AuthorizationDataEntry.java +++ b/jdk/src/share/classes/sun/security/krb5/internal/AuthorizationDataEntry.java @@ -35,90 +35,90 @@ import sun.security.krb5.Asn1Exception; import sun.security.krb5.internal.ccache.CCacheOutputStream; public class AuthorizationDataEntry implements Cloneable { - public int adType; - public byte[] adData; - private AuthorizationDataEntry() { + public int adType; + public byte[] adData; + + private AuthorizationDataEntry() { + } + + public AuthorizationDataEntry( + int new_adType, + byte[] new_adData) { + adType = new_adType; + adData = new_adData; + } + + public Object clone() { + AuthorizationDataEntry new_authorizationDataEntry = + new AuthorizationDataEntry(); + new_authorizationDataEntry.adType = adType; + if (adData != null) { + new_authorizationDataEntry.adData = new byte[adData.length]; + System.arraycopy(adData, 0, + new_authorizationDataEntry.adData, 0, adData.length); } + return new_authorizationDataEntry; + } - public AuthorizationDataEntry( - int new_adType, - byte[] new_adData - ) { - adType = new_adType; - adData = new_adData; - } - - public Object clone() { - AuthorizationDataEntry new_authorizationDataEntry = - new AuthorizationDataEntry(); - new_authorizationDataEntry.adType = adType; - if (adData != null) { - new_authorizationDataEntry.adData = new byte[adData.length]; - System.arraycopy(adData, 0, - new_authorizationDataEntry.adData, 0, adData.length); - } - return new_authorizationDataEntry; - } - - /** - * Constructs an instance of AuthorizationDataEntry. - * @param encoding a single DER-encoded value. - */ - public AuthorizationDataEntry(DerValue encoding) throws Asn1Exception, IOException { - DerValue der; + /** + * Constructs an instance of AuthorizationDataEntry. + * @param encoding a single DER-encoded value. + */ + public AuthorizationDataEntry(DerValue encoding) throws Asn1Exception, IOException { + DerValue der; if (encoding.getTag() != DerValue.tag_Sequence) { throw new Asn1Exception(Krb5.ASN1_BAD_ID); - } - der = encoding.getData().getDerValue(); - if ((der.getTag() & (byte)0x1F) == (byte)0x00) { - adType = der.getData().getBigInteger().intValue(); - } - else - throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } der = encoding.getData().getDerValue(); - if ((der.getTag() & (byte)0x1F) == (byte)0x01) { - adData = der.getData().getOctetString(); - } - else - throw new Asn1Exception(Krb5.ASN1_BAD_ID); - if (encoding.getData().available() > 0) - throw new Asn1Exception(Krb5.ASN1_BAD_ID); + if ((der.getTag() & (byte) 0x1F) == (byte) 0x00) { + adType = der.getData().getBigInteger().intValue(); + } else { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); } + der = encoding.getData().getDerValue(); + if ((der.getTag() & (byte) 0x1F) == (byte) 0x01) { + adData = der.getData().getOctetString(); + } else { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + if (encoding.getData().available() > 0) { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + } - /** - * Encodes an AuthorizationDataEntry object. - * @return byte array of encoded AuthorizationDataEntry object. - * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. - * @exception IOException if an I/O error occurs while reading encoded data. - */ - public byte[] asn1Encode() throws Asn1Exception, IOException { + /** + * Encodes an AuthorizationDataEntry object. + * @return byte array of encoded AuthorizationDataEntry object. + * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. + * @exception IOException if an I/O error occurs while reading encoded data. + */ + public byte[] asn1Encode() throws Asn1Exception, IOException { DerOutputStream bytes = new DerOutputStream(); - DerOutputStream temp = new DerOutputStream(); - temp.putInteger(adType); - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x00), temp); - temp = new DerOutputStream(); - temp.putOctetString(adData); - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x01), temp); - temp = new DerOutputStream(); - temp.write(DerValue.tag_Sequence, bytes); - return temp.toByteArray(); - } + DerOutputStream temp = new DerOutputStream(); + temp.putInteger(adType); + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x00), temp); + temp = new DerOutputStream(); + temp.putOctetString(adData); + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x01), temp); + temp = new DerOutputStream(); + temp.write(DerValue.tag_Sequence, bytes); + return temp.toByteArray(); + } - /** - * Writes the entry's data fields in FCC format to an output stream. - * - * @param cos a CCacheOutputStream. - * @exception IOException if an I/O exception occurs. - */ - public void writeEntry(CCacheOutputStream cos) throws IOException { - cos.write16(adType); - cos.write32(adData.length); - cos.write(adData, 0, adData.length); - } + /** + * Writes the entry's data fields in FCC format to an output stream. + * + * @param cos a CCacheOutputStream. + * @exception IOException if an I/O exception occurs. + */ + public void writeEntry(CCacheOutputStream cos) throws IOException { + cos.write16(adType); + cos.write32(adData.length); + cos.write(adData, 0, adData.length); + } public String toString() { return ("adType=" + adType + " adData.length=" + adData.length); } - } diff --git a/jdk/src/share/classes/sun/security/krb5/internal/EncAPRepPart.java b/jdk/src/share/classes/sun/security/krb5/internal/EncAPRepPart.java index 1d3381797e0..b3dcf144159 100644 --- a/jdk/src/share/classes/sun/security/krb5/internal/EncAPRepPart.java +++ b/jdk/src/share/classes/sun/security/krb5/internal/EncAPRepPart.java @@ -55,102 +55,111 @@ import java.math.BigInteger; * http://www.ietf.org/rfc/rfc4120.txt. */ public class EncAPRepPart { - public KerberosTime ctime; - public int cusec; + + public KerberosTime ctime; + public int cusec; EncryptionKey subKey; //optional Integer seqNumber; //optional - public EncAPRepPart( - KerberosTime new_ctime, - int new_cusec, - EncryptionKey new_subKey, - Integer new_seqNumber - ) { - ctime = new_ctime; - cusec = new_cusec; - subKey = new_subKey; - seqNumber = new_seqNumber; - } + public EncAPRepPart( + KerberosTime new_ctime, + int new_cusec, + EncryptionKey new_subKey, + Integer new_seqNumber) { + ctime = new_ctime; + cusec = new_cusec; + subKey = new_subKey; + seqNumber = new_seqNumber; + } - public EncAPRepPart(byte[] data) - throws Asn1Exception, IOException { - init(new DerValue(data)); - } + public EncAPRepPart(byte[] data) + throws Asn1Exception, IOException { + init(new DerValue(data)); + } - public EncAPRepPart(DerValue encoding) - throws Asn1Exception, IOException { - init(encoding); - } + public EncAPRepPart(DerValue encoding) + throws Asn1Exception, IOException { + init(encoding); + } - /** - * Initializes an EncaPRepPart object. - * @param encoding a single DER-encoded value. - * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. - * @exception IOException if an I/O error occurs while reading encoded data. - */ - private void init(DerValue encoding) throws Asn1Exception, IOException { - DerValue der, subDer; - if (((encoding.getTag() & (byte)0x1F) != (byte)0x1B) - || (encoding.isApplication() != true) - || (encoding.isConstructed() != true)) - throw new Asn1Exception(Krb5.ASN1_BAD_ID); - der = encoding.getData().getDerValue(); - if (der.getTag() != DerValue.tag_Sequence) + /** + * Initializes an EncaPRepPart object. + * @param encoding a single DER-encoded value. + * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. + * @exception IOException if an I/O error occurs while reading encoded data. + */ + private void init(DerValue encoding) throws Asn1Exception, IOException { + DerValue der, subDer; + if (((encoding.getTag() & (byte) 0x1F) != (byte) 0x1B) + || (encoding.isApplication() != true) + || (encoding.isConstructed() != true)) { throw new Asn1Exception(Krb5.ASN1_BAD_ID); - ctime = KerberosTime.parse(der.getData(), (byte)0x00, true); - subDer = der.getData().getDerValue(); - if ((subDer.getTag() & (byte)0x1F) == (byte)0x01) { - cusec = subDer.getData().getBigInteger().intValue(); - } - else - throw new Asn1Exception(Krb5.ASN1_BAD_ID); - if (der.getData().available() > 0) { - subKey = EncryptionKey.parse(der.getData(), (byte)0x02, true); - } - else { - subKey = null; - seqNumber = null; - } - if (der.getData().available() > 0) { - subDer = der.getData().getDerValue(); - if ((subDer.getTag() & 0x1F) != 0x03) { - throw new Asn1Exception(Krb5.ASN1_BAD_ID); - } - seqNumber = new Integer(subDer.getData().getBigInteger().intValue()); - } - else seqNumber = null; - if (der.getData().available() > 0) - throw new Asn1Exception(Krb5.ASN1_BAD_ID); } + der = encoding.getData().getDerValue(); + if (der.getTag() != DerValue.tag_Sequence) { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + ctime = KerberosTime.parse(der.getData(), (byte) 0x00, true); + subDer = der.getData().getDerValue(); + if ((subDer.getTag() & (byte) 0x1F) == (byte) 0x01) { + cusec = subDer.getData().getBigInteger().intValue(); + } else { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + if (der.getData().available() > 0) { + subKey = EncryptionKey.parse(der.getData(), (byte) 0x02, true); + } else { + subKey = null; + seqNumber = null; + } + if (der.getData().available() > 0) { + subDer = der.getData().getDerValue(); + if ((subDer.getTag() & 0x1F) != 0x03) { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + seqNumber = new Integer(subDer.getData().getBigInteger().intValue()); + } else { + seqNumber = null; + } + if (der.getData().available() > 0) { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + } - /** - * Encodes an EncAPRepPart object. - * @return byte array of encoded EncAPRepPart object. - * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. - * @exception IOException if an I/O error occurs while reading encoded data. - */ - public byte[] asn1Encode() throws Asn1Exception, IOException{ - Vector v = new Vector (); + /** + * Encodes an EncAPRepPart object. + * @return byte array of encoded EncAPRepPart object. + * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. + * @exception IOException if an I/O error occurs while reading encoded data. + */ + public byte[] asn1Encode() throws Asn1Exception, IOException { + Vector v = new Vector(); DerOutputStream temp = new DerOutputStream(); - v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x00), ctime.asn1Encode())); - temp.putInteger(BigInteger.valueOf(cusec)); - v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x01), temp.toByteArray())); - if (subKey != null) - v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x02), subKey.asn1Encode())); - if (seqNumber != null) { - temp = new DerOutputStream(); - // encode as an unsigned integer (UInt32) - temp.putInteger(BigInteger.valueOf(seqNumber.longValue())); - v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x03), temp.toByteArray())); - } - DerValue der[] = new DerValue[v.size()]; - v.copyInto(der); - temp = new DerOutputStream(); - temp.putSequence(der); - DerOutputStream out = new DerOutputStream(); - out.write(DerValue.createTag(DerValue.TAG_APPLICATION, true, (byte)0x1B), temp); - return out.toByteArray(); + v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x00), ctime.asn1Encode())); + temp.putInteger(BigInteger.valueOf(cusec)); + v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x01), temp.toByteArray())); + if (subKey != null) { + v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x02), subKey.asn1Encode())); } + if (seqNumber != null) { + temp = new DerOutputStream(); + // encode as an unsigned integer (UInt32) + temp.putInteger(BigInteger.valueOf(seqNumber.longValue())); + v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x03), temp.toByteArray())); + } + DerValue der[] = new DerValue[v.size()]; + v.copyInto(der); + temp = new DerOutputStream(); + temp.putSequence(der); + DerOutputStream out = new DerOutputStream(); + out.write(DerValue.createTag(DerValue.TAG_APPLICATION, + true, (byte) 0x1B), temp); + return out.toByteArray(); + } public final EncryptionKey getSubKey() { return subKey; @@ -159,5 +168,4 @@ public class EncAPRepPart { public final Integer getSeqNumber() { return seqNumber; } - } diff --git a/jdk/src/share/classes/sun/security/krb5/internal/EncASRepPart.java b/jdk/src/share/classes/sun/security/krb5/internal/EncASRepPart.java index b5526e8014d..b71238fef51 100644 --- a/jdk/src/share/classes/sun/security/krb5/internal/EncASRepPart.java +++ b/jdk/src/share/classes/sun/security/krb5/internal/EncASRepPart.java @@ -36,57 +36,55 @@ import java.io.IOException; public class EncASRepPart extends EncKDCRepPart { - public EncASRepPart( - EncryptionKey new_key, - LastReq new_lastReq, - int new_nonce, - KerberosTime new_keyExpiration, - TicketFlags new_flags, - KerberosTime new_authtime, - KerberosTime new_starttime, - KerberosTime new_endtime, - KerberosTime new_renewTill, - Realm new_srealm, - PrincipalName new_sname, - HostAddresses new_caddr - ) { - super( - new_key, - new_lastReq, - new_nonce, - new_keyExpiration, - new_flags, - new_authtime, - new_starttime, - new_endtime, - new_renewTill, - new_srealm, - new_sname, - new_caddr, - Krb5.KRB_ENC_AS_REP_PART - //may need to use Krb5.KRB_ENC_TGS_REP_PART to mimic - //behavior of other implementaions, instead of above + public EncASRepPart( + EncryptionKey new_key, + LastReq new_lastReq, + int new_nonce, + KerberosTime new_keyExpiration, + TicketFlags new_flags, + KerberosTime new_authtime, + KerberosTime new_starttime, + KerberosTime new_endtime, + KerberosTime new_renewTill, + Realm new_srealm, + PrincipalName new_sname, + HostAddresses new_caddr) { + super( + new_key, + new_lastReq, + new_nonce, + new_keyExpiration, + new_flags, + new_authtime, + new_starttime, + new_endtime, + new_renewTill, + new_srealm, + new_sname, + new_caddr, + Krb5.KRB_ENC_AS_REP_PART ); - } + //may need to use Krb5.KRB_ENC_TGS_REP_PART to mimic + //behavior of other implementaions, instead of above + } - public EncASRepPart(byte[] data) throws Asn1Exception, - IOException, KrbException { - init(new DerValue(data)); - } + public EncASRepPart(byte[] data) throws Asn1Exception, + IOException, KrbException { + init(new DerValue(data)); + } - public EncASRepPart(DerValue encoding) throws Asn1Exception, - IOException, KrbException { - init(encoding); - } + public EncASRepPart(DerValue encoding) throws Asn1Exception, + IOException, KrbException { + init(encoding); + } - private void init(DerValue encoding) throws Asn1Exception, - IOException, KrbException { - init(encoding, Krb5.KRB_ENC_AS_REP_PART); - } - - public byte[] asn1Encode() throws Asn1Exception, - IOException { - return asn1Encode(Krb5.KRB_ENC_AS_REP_PART); - } + private void init(DerValue encoding) throws Asn1Exception, + IOException, KrbException { + init(encoding, Krb5.KRB_ENC_AS_REP_PART); + } + public byte[] asn1Encode() throws Asn1Exception, + IOException { + return asn1Encode(Krb5.KRB_ENC_AS_REP_PART); + } } diff --git a/jdk/src/share/classes/sun/security/krb5/internal/EncKDCRepPart.java b/jdk/src/share/classes/sun/security/krb5/internal/EncKDCRepPart.java index 35081a0051c..e7723a41c42 100644 --- a/jdk/src/share/classes/sun/security/krb5/internal/EncKDCRepPart.java +++ b/jdk/src/share/classes/sun/security/krb5/internal/EncKDCRepPart.java @@ -36,6 +36,7 @@ import sun.security.util.*; import java.util.Vector; import java.io.IOException; import java.math.BigInteger; + /** * Implements the ASN.1 EncKDCRepPart type. * @@ -63,143 +64,163 @@ import java.math.BigInteger; * http://www.ietf.org/rfc/rfc4120.txt. */ public class EncKDCRepPart { - public EncryptionKey key; - public LastReq lastReq; - public int nonce; - public KerberosTime keyExpiration; //optional - public TicketFlags flags; - public KerberosTime authtime; - public KerberosTime starttime; //optional - public KerberosTime endtime; - public KerberosTime renewTill; //optional - public Realm srealm; - public PrincipalName sname; - public HostAddresses caddr; //optional - public int msgType; //not included in sequence - public EncKDCRepPart( - EncryptionKey new_key, - LastReq new_lastReq, - int new_nonce, - KerberosTime new_keyExpiration, - TicketFlags new_flags, - KerberosTime new_authtime, - KerberosTime new_starttime, - KerberosTime new_endtime, - KerberosTime new_renewTill, - Realm new_srealm, - PrincipalName new_sname, - HostAddresses new_caddr, - int new_msgType - ) { - key = new_key; - lastReq = new_lastReq; - nonce = new_nonce; - keyExpiration = new_keyExpiration; - flags = new_flags; - authtime = new_authtime; - starttime = new_starttime; - endtime = new_endtime; - renewTill = new_renewTill; - srealm = new_srealm; - sname = new_sname; - caddr = new_caddr; - msgType = new_msgType; - } + public EncryptionKey key; + public LastReq lastReq; + public int nonce; + public KerberosTime keyExpiration; //optional + public TicketFlags flags; + public KerberosTime authtime; + public KerberosTime starttime; //optional + public KerberosTime endtime; + public KerberosTime renewTill; //optional + public Realm srealm; + public PrincipalName sname; + public HostAddresses caddr; //optional + public int msgType; //not included in sequence - public EncKDCRepPart() { - } + public EncKDCRepPart( + EncryptionKey new_key, + LastReq new_lastReq, + int new_nonce, + KerberosTime new_keyExpiration, + TicketFlags new_flags, + KerberosTime new_authtime, + KerberosTime new_starttime, + KerberosTime new_endtime, + KerberosTime new_renewTill, + Realm new_srealm, + PrincipalName new_sname, + HostAddresses new_caddr, + int new_msgType) { + key = new_key; + lastReq = new_lastReq; + nonce = new_nonce; + keyExpiration = new_keyExpiration; + flags = new_flags; + authtime = new_authtime; + starttime = new_starttime; + endtime = new_endtime; + renewTill = new_renewTill; + srealm = new_srealm; + sname = new_sname; + caddr = new_caddr; + msgType = new_msgType; + } - public EncKDCRepPart(byte[] data, int rep_type) - throws Asn1Exception, IOException, RealmException{ - init(new DerValue(data), rep_type); - } + public EncKDCRepPart() { + } - public EncKDCRepPart(DerValue encoding, int rep_type) - throws Asn1Exception, IOException, RealmException - { - init(encoding, rep_type); - } + public EncKDCRepPart(byte[] data, int rep_type) + throws Asn1Exception, IOException, RealmException { + init(new DerValue(data), rep_type); + } - /** - * Initializes an EncKDCRepPart object. - * - * @param encoding a single DER-encoded value. - * @param rep_type type of the encrypted reply message. - * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. - * @exception IOException if an I/O error occurs while reading encoded data. - * @exception RealmException if an error occurs while decoding an Realm object. - */ - protected void init(DerValue encoding, int rep_type) - throws Asn1Exception, IOException, RealmException - { - DerValue der, subDer; - //implementations return the incorrect tag value, so - //we don't use the above line; instead we use the following - msgType = (encoding.getTag() & (byte)0x1F); + public EncKDCRepPart(DerValue encoding, int rep_type) + throws Asn1Exception, IOException, RealmException { + init(encoding, rep_type); + } + + /** + * Initializes an EncKDCRepPart object. + * + * @param encoding a single DER-encoded value. + * @param rep_type type of the encrypted reply message. + * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. + * @exception IOException if an I/O error occurs while reading encoded data. + * @exception RealmException if an error occurs while decoding an Realm object. + */ + protected void init(DerValue encoding, int rep_type) + throws Asn1Exception, IOException, RealmException { + DerValue der, subDer; + //implementations return the incorrect tag value, so + //we don't use the above line; instead we use the following + msgType = (encoding.getTag() & (byte) 0x1F); if (msgType != Krb5.KRB_ENC_AS_REP_PART && - msgType != Krb5.KRB_ENC_TGS_REP_PART) + msgType != Krb5.KRB_ENC_TGS_REP_PART) { throw new Asn1Exception(Krb5.ASN1_BAD_ID); - der = encoding.getData().getDerValue(); - if (der.getTag() != DerValue.tag_Sequence) - throw new Asn1Exception(Krb5.ASN1_BAD_ID); - key = EncryptionKey.parse(der.getData(), (byte)0x00, false); - lastReq = LastReq.parse(der.getData(), (byte)0x01, false); - subDer = der.getData().getDerValue(); - if ((subDer.getTag() & (byte)0x1F) == (byte)0x02) - nonce = subDer.getData().getBigInteger().intValue(); - else throw new Asn1Exception(Krb5.ASN1_BAD_ID); - keyExpiration = KerberosTime.parse(der.getData(), (byte)0x03, true); - flags = TicketFlags.parse(der.getData(), (byte)0x04, false); - authtime = KerberosTime.parse(der.getData(), (byte)0x05, false); - starttime = KerberosTime.parse(der.getData(), (byte)0x06, true); - endtime = KerberosTime.parse(der.getData(), (byte)0x07, false); - renewTill = KerberosTime.parse(der.getData(), (byte)0x08, true); - srealm = Realm.parse(der.getData(), (byte)0x09, false); - sname = PrincipalName.parse(der.getData(), (byte)0x0A, false); - if (der.getData().available() > 0) - caddr = HostAddresses.parse(der.getData(), (byte)0x0B, true); - if (der.getData().available() > 0) - throw new Asn1Exception(Krb5.ASN1_BAD_ID); } + der = encoding.getData().getDerValue(); + if (der.getTag() != DerValue.tag_Sequence) { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + key = EncryptionKey.parse(der.getData(), (byte) 0x00, false); + lastReq = LastReq.parse(der.getData(), (byte) 0x01, false); + subDer = der.getData().getDerValue(); + if ((subDer.getTag() & (byte) 0x1F) == (byte) 0x02) { + nonce = subDer.getData().getBigInteger().intValue(); + } else { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + keyExpiration = KerberosTime.parse(der.getData(), (byte) 0x03, true); + flags = TicketFlags.parse(der.getData(), (byte) 0x04, false); + authtime = KerberosTime.parse(der.getData(), (byte) 0x05, false); + starttime = KerberosTime.parse(der.getData(), (byte) 0x06, true); + endtime = KerberosTime.parse(der.getData(), (byte) 0x07, false); + renewTill = KerberosTime.parse(der.getData(), (byte) 0x08, true); + srealm = Realm.parse(der.getData(), (byte) 0x09, false); + sname = PrincipalName.parse(der.getData(), (byte) 0x0A, false); + if (der.getData().available() > 0) { + caddr = HostAddresses.parse(der.getData(), (byte) 0x0B, true); + } + if (der.getData().available() > 0) { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + } - /** - * Encodes an EncKDCRepPart object. - * @param rep_type type of encrypted reply message. - * @return byte array of encoded EncKDCRepPart object. - * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. - * @exception IOException if an I/O error occurs while reading encoded data. - */ - public byte[] asn1Encode(int rep_type) throws Asn1Exception, - IOException { + /** + * Encodes an EncKDCRepPart object. + * @param rep_type type of encrypted reply message. + * @return byte array of encoded EncKDCRepPart object. + * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. + * @exception IOException if an I/O error occurs while reading encoded data. + */ + public byte[] asn1Encode(int rep_type) throws Asn1Exception, + IOException { DerOutputStream temp = new DerOutputStream(); DerOutputStream bytes = new DerOutputStream(); - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x00), key.asn1Encode()); - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x01), lastReq.asn1Encode()); - temp.putInteger(BigInteger.valueOf(nonce)); - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x02), temp); + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x00), key.asn1Encode()); + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x01), lastReq.asn1Encode()); + temp.putInteger(BigInteger.valueOf(nonce)); + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x02), temp); - if (keyExpiration != null) - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x03), keyExpiration.asn1Encode()); - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x04), flags.asn1Encode()); - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x05), authtime.asn1Encode()); - if (starttime != null) - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x06), starttime.asn1Encode()); - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x07), endtime.asn1Encode()); - if (renewTill != null) - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x08), renewTill.asn1Encode()); - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x09), srealm.asn1Encode()); - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x0A), sname.asn1Encode()); - if (caddr != null) - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x0B), caddr.asn1Encode()); - //should use the rep_type to build the encoding - //but other implementations do not; it is ignored and - //the cached msgType is used instead - temp = new DerOutputStream(); - temp.write(DerValue.tag_Sequence, bytes); - bytes = new DerOutputStream(); - bytes.write(DerValue.createTag(DerValue.TAG_APPLICATION, true, (byte)msgType), temp); - return bytes.toByteArray(); + if (keyExpiration != null) { + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x03), keyExpiration.asn1Encode()); } - + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x04), flags.asn1Encode()); + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x05), authtime.asn1Encode()); + if (starttime != null) { + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x06), starttime.asn1Encode()); + } + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x07), endtime.asn1Encode()); + if (renewTill != null) { + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x08), renewTill.asn1Encode()); + } + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x09), srealm.asn1Encode()); + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x0A), sname.asn1Encode()); + if (caddr != null) { + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x0B), caddr.asn1Encode()); + } + //should use the rep_type to build the encoding + //but other implementations do not; it is ignored and + //the cached msgType is used instead + temp = new DerOutputStream(); + temp.write(DerValue.tag_Sequence, bytes); + bytes = new DerOutputStream(); + bytes.write(DerValue.createTag(DerValue.TAG_APPLICATION, + true, (byte) msgType), temp); + return bytes.toByteArray(); + } } diff --git a/jdk/src/share/classes/sun/security/krb5/internal/EncKrbCredPart.java b/jdk/src/share/classes/sun/security/krb5/internal/EncKrbCredPart.java index f37f252bbaa..c5acf6d2b1c 100644 --- a/jdk/src/share/classes/sun/security/krb5/internal/EncKrbCredPart.java +++ b/jdk/src/share/classes/sun/security/krb5/internal/EncKrbCredPart.java @@ -36,6 +36,7 @@ import sun.security.krb5.RealmException; import java.util.Vector; import java.io.IOException; import java.math.BigInteger; + /** * Implements the ASN.1 EncKrbCredPart type. * @@ -57,148 +58,158 @@ import java.math.BigInteger; * http://www.ietf.org/rfc/rfc4120.txt. */ public class EncKrbCredPart { - public KrbCredInfo[] ticketInfo = null; - public KerberosTime timeStamp; //optional - private Integer nonce; //optional - private Integer usec; //optional - private HostAddress sAddress; //optional - private HostAddresses rAddress; //optional + public KrbCredInfo[] ticketInfo = null; + public KerberosTime timeStamp; //optional + private Integer nonce; //optional + private Integer usec; //optional + private HostAddress sAddress; //optional + private HostAddresses rAddress; //optional - public EncKrbCredPart( - KrbCredInfo[] new_ticketInfo, - KerberosTime new_timeStamp, - Integer new_usec, - Integer new_nonce, - HostAddress new_sAddress, - HostAddresses new_rAddress - ) throws IOException { - if (new_ticketInfo != null) { - ticketInfo = new KrbCredInfo[new_ticketInfo.length]; - for (int i = 0; i < new_ticketInfo.length; i++) { - if (new_ticketInfo[i] == null) { - throw new IOException("Cannot create a EncKrbCredPart"); - } else { - ticketInfo[i] = (KrbCredInfo)new_ticketInfo[i].clone(); - } - } + public EncKrbCredPart( + KrbCredInfo[] new_ticketInfo, + KerberosTime new_timeStamp, + Integer new_usec, + Integer new_nonce, + HostAddress new_sAddress, + HostAddresses new_rAddress) throws IOException { + if (new_ticketInfo != null) { + ticketInfo = new KrbCredInfo[new_ticketInfo.length]; + for (int i = 0; i < new_ticketInfo.length; i++) { + if (new_ticketInfo[i] == null) { + throw new IOException("Cannot create a EncKrbCredPart"); + } else { + ticketInfo[i] = (KrbCredInfo) new_ticketInfo[i].clone(); } - timeStamp = new_timeStamp; - usec = new_usec; - nonce = new_nonce; - sAddress = new_sAddress; - rAddress = new_rAddress; + } } + timeStamp = new_timeStamp; + usec = new_usec; + nonce = new_nonce; + sAddress = new_sAddress; + rAddress = new_rAddress; + } - public EncKrbCredPart(byte[] data) throws Asn1Exception, - IOException, RealmException { - init(new DerValue(data)); - } + public EncKrbCredPart(byte[] data) throws Asn1Exception, + IOException, RealmException { + init(new DerValue(data)); + } - public EncKrbCredPart(DerValue encoding) throws Asn1Exception, - IOException, RealmException { - init(encoding); - } + public EncKrbCredPart(DerValue encoding) throws Asn1Exception, + IOException, RealmException { + init(encoding); + } - /** - * Initializes an EncKrbCredPart object. - * @param encoding a single DER-encoded value. - * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. - * @exception IOException if an I/O error occurs while reading encoded data. - * @exception RealmException if an error occurs while parsing a Realm object. - */ - private void init(DerValue encoding) throws Asn1Exception, - IOException, RealmException { - DerValue der, subDer; - //may not be the correct error code for a tag - //mismatch on an encrypted structure - nonce = null; - timeStamp = null; - usec= null; + /** + * Initializes an EncKrbCredPart object. + * @param encoding a single DER-encoded value. + * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. + * @exception IOException if an I/O error occurs while reading encoded data. + * @exception RealmException if an error occurs while parsing a Realm object. + */ + private void init(DerValue encoding) throws Asn1Exception, + IOException, RealmException { + DerValue der, subDer; + //may not be the correct error code for a tag + //mismatch on an encrypted structure + nonce = null; + timeStamp = null; + usec = null; sAddress = null; rAddress = null; - if (((encoding.getTag() & (byte)0x1F) != (byte)0x1D) - || (encoding.isApplication() != true) - || (encoding.isConstructed() != true)) - throw new Asn1Exception(Krb5.ASN1_BAD_ID); - der = encoding.getData().getDerValue(); - if (der.getTag() != DerValue.tag_Sequence) + if (((encoding.getTag() & (byte) 0x1F) != (byte) 0x1D) + || (encoding.isApplication() != true) + || (encoding.isConstructed() != true)) { throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + der = encoding.getData().getDerValue(); + if (der.getTag() != DerValue.tag_Sequence) { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + subDer = der.getData().getDerValue(); + if ((subDer.getTag() & (byte) 0x1F) == (byte) 0x00) { + DerValue derValues[] = subDer.getData().getSequence(1); + ticketInfo = new KrbCredInfo[derValues.length]; + for (int i = 0; i < derValues.length; i++) { + ticketInfo[i] = new KrbCredInfo(derValues[i]); + } + } else { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + if (der.getData().available() > 0) { + if (((byte) (der.getData().peekByte()) & (byte) 0x1F) == (byte) 0x01) { subDer = der.getData().getDerValue(); - if ((subDer.getTag() & (byte)0x1F) == (byte)0x00) { - DerValue derValues[] = subDer.getData().getSequence(1); - ticketInfo = new KrbCredInfo[derValues.length]; - for (int i = 0; i < derValues.length; i++) { - ticketInfo[i] = new KrbCredInfo(derValues[i]); - } - } - else - throw new Asn1Exception(Krb5.ASN1_BAD_ID); - if (der.getData().available() > 0) { - if (((byte)(der.getData().peekByte()) & (byte)0x1F) == (byte)0x01) { - subDer = der.getData().getDerValue(); - nonce = new Integer(subDer.getData().getBigInteger().intValue()); - } - } - if (der.getData().available() >0) { - timeStamp = KerberosTime.parse(der.getData(), (byte)0x02, true); - } - if (der.getData().available() >0) { - if (((byte)(der.getData().peekByte()) & (byte)0x1F) == (byte)0x03) { - subDer = der.getData().getDerValue(); - usec = new Integer(subDer.getData().getBigInteger().intValue()); - } - } - if (der.getData().available() >0) { - sAddress = HostAddress.parse(der.getData(), (byte)0x04, true); - } - if (der.getData().available() >0) { - rAddress = HostAddresses.parse(der.getData(), (byte)0x05, true); - } - if (der.getData().available() >0) - throw new Asn1Exception(Krb5.ASN1_BAD_ID); + nonce = new Integer(subDer.getData().getBigInteger().intValue()); + } } + if (der.getData().available() > 0) { + timeStamp = KerberosTime.parse(der.getData(), (byte) 0x02, true); + } + if (der.getData().available() > 0) { + if (((byte) (der.getData().peekByte()) & (byte) 0x1F) == (byte) 0x03) { + subDer = der.getData().getDerValue(); + usec = new Integer(subDer.getData().getBigInteger().intValue()); + } + } + if (der.getData().available() > 0) { + sAddress = HostAddress.parse(der.getData(), (byte) 0x04, true); + } + if (der.getData().available() > 0) { + rAddress = HostAddresses.parse(der.getData(), (byte) 0x05, true); + } + if (der.getData().available() > 0) { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + } - /** - * Encodes an EncKrbCredPart object. - * @return byte array of encoded EncKrbCredPart object. - * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. - * @exception IOException if an I/O error occurs while reading encoded data. - * - */ - public byte[] asn1Encode() throws Asn1Exception, IOException{ + /** + * Encodes an EncKrbCredPart object. + * @return byte array of encoded EncKrbCredPart object. + * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. + * @exception IOException if an I/O error occurs while reading encoded data. + * + */ + public byte[] asn1Encode() throws Asn1Exception, IOException { DerOutputStream bytes = new DerOutputStream(); - DerOutputStream temp = new DerOutputStream(); - DerValue[] tickets = new DerValue[ticketInfo.length]; - for (int i = 0; i < ticketInfo.length; i++) - tickets[i] = new DerValue(ticketInfo[i].asn1Encode()); - temp.putSequence(tickets); - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x00), temp); - - if (nonce != null) { - temp = new DerOutputStream(); - temp.putInteger(BigInteger.valueOf(nonce.intValue())); - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x01), temp); - } - if (timeStamp != null) { - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x02), timeStamp.asn1Encode()); - } - if (usec != null) { - temp = new DerOutputStream(); - temp.putInteger(BigInteger.valueOf(usec.intValue())); - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x03), temp); - } - if (sAddress != null) { - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x04), sAddress.asn1Encode()); - } - if (rAddress != null) { - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x05), rAddress.asn1Encode()); - } - temp = new DerOutputStream(); - temp.write(DerValue.tag_Sequence, bytes); - bytes = new DerOutputStream(); - bytes.write(DerValue.createTag(DerValue.TAG_APPLICATION, true, (byte)0x1D), temp); - return bytes.toByteArray(); + DerOutputStream temp = new DerOutputStream(); + DerValue[] tickets = new DerValue[ticketInfo.length]; + for (int i = 0; i < ticketInfo.length; i++) { + tickets[i] = new DerValue(ticketInfo[i].asn1Encode()); } + temp.putSequence(tickets); + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x00), temp); + + if (nonce != null) { + temp = new DerOutputStream(); + temp.putInteger(BigInteger.valueOf(nonce.intValue())); + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x01), temp); + } + if (timeStamp != null) { + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x02), timeStamp.asn1Encode()); + } + if (usec != null) { + temp = new DerOutputStream(); + temp.putInteger(BigInteger.valueOf(usec.intValue())); + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x03), temp); + } + if (sAddress != null) { + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x04), sAddress.asn1Encode()); + } + if (rAddress != null) { + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x05), rAddress.asn1Encode()); + } + temp = new DerOutputStream(); + temp.write(DerValue.tag_Sequence, bytes); + bytes = new DerOutputStream(); + bytes.write(DerValue.createTag(DerValue.TAG_APPLICATION, + true, (byte) 0x1D), temp); + return bytes.toByteArray(); + } } diff --git a/jdk/src/share/classes/sun/security/krb5/internal/EncKrbPrivPart.java b/jdk/src/share/classes/sun/security/krb5/internal/EncKrbPrivPart.java index e4ed50b4ba1..292dd58be3b 100644 --- a/jdk/src/share/classes/sun/security/krb5/internal/EncKrbPrivPart.java +++ b/jdk/src/share/classes/sun/security/krb5/internal/EncKrbPrivPart.java @@ -55,114 +55,119 @@ import java.math.BigInteger; * * http://www.ietf.org/rfc/rfc4120.txt. */ - public class EncKrbPrivPart { - public byte[] userData = null; - public KerberosTime timestamp; //optional - public Integer usec; //optional - public Integer seqNumber; //optional - public HostAddress sAddress; //optional - public HostAddress rAddress; //optional - public EncKrbPrivPart( - byte[] new_userData, - KerberosTime new_timestamp, - Integer new_usec, - Integer new_seqNumber, - HostAddress new_sAddress, - HostAddress new_rAddress - ) { - if (new_userData != null) { - userData = new_userData.clone(); - } - timestamp = new_timestamp; - usec = new_usec; - seqNumber = new_seqNumber; - sAddress = new_sAddress; - rAddress = new_rAddress; + public byte[] userData = null; + public KerberosTime timestamp; //optional + public Integer usec; //optional + public Integer seqNumber; //optional + public HostAddress sAddress; //optional + public HostAddress rAddress; //optional + + public EncKrbPrivPart( + byte[] new_userData, + KerberosTime new_timestamp, + Integer new_usec, + Integer new_seqNumber, + HostAddress new_sAddress, + HostAddress new_rAddress) { + if (new_userData != null) { + userData = new_userData.clone(); } + timestamp = new_timestamp; + usec = new_usec; + seqNumber = new_seqNumber; + sAddress = new_sAddress; + rAddress = new_rAddress; + } - public EncKrbPrivPart(byte[] data) throws Asn1Exception, IOException { - init(new DerValue(data)); - } + public EncKrbPrivPart(byte[] data) throws Asn1Exception, IOException { + init(new DerValue(data)); + } - public EncKrbPrivPart(DerValue encoding) throws Asn1Exception, IOException { - init(encoding); - } + public EncKrbPrivPart(DerValue encoding) throws Asn1Exception, IOException { + init(encoding); + } - /** - * Initializes an EncKrbPrivPart object. - * @param encoding a single DER-encoded value. - * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. - * @exception IOException if an I/O error occurs while reading encoded data. - */ - private void init(DerValue encoding) throws Asn1Exception, IOException { + /** + * Initializes an EncKrbPrivPart object. + * @param encoding a single DER-encoded value. + * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. + * @exception IOException if an I/O error occurs while reading encoded data. + */ + private void init(DerValue encoding) throws Asn1Exception, IOException { DerValue der, subDer; - if (((encoding.getTag() & (byte)0x1F) != (byte)0x1C) - || (encoding.isApplication() != true) - || (encoding.isConstructed() != true)) - throw new Asn1Exception(Krb5.ASN1_BAD_ID); - der = encoding.getData().getDerValue(); - if (der.getTag() != DerValue.tag_Sequence) + if (((encoding.getTag() & (byte) 0x1F) != (byte) 0x1C) + || (encoding.isApplication() != true) + || (encoding.isConstructed() != true)) { throw new Asn1Exception(Krb5.ASN1_BAD_ID); - subDer = der.getData().getDerValue(); - if ((subDer.getTag() & (byte)0x1F) == (byte)0x00) { - userData = subDer.getData().getOctetString(); - } - else - throw new Asn1Exception(Krb5.ASN1_BAD_ID); - timestamp = KerberosTime.parse(der.getData(), (byte)0x01, true); - if ((der.getData().peekByte() & 0x1F) == 0x02) { - subDer = der.getData().getDerValue(); - usec = new Integer(subDer.getData().getBigInteger().intValue()); - } - else usec = null; - if ((der.getData().peekByte() & 0x1F) == 0x03 ) { - subDer = der.getData().getDerValue(); - seqNumber = new Integer(subDer.getData().getBigInteger().intValue()); - } - else seqNumber = null; - sAddress = HostAddress.parse(der.getData(), (byte)0x04, false); - if (der.getData().available() > 0) { - rAddress = HostAddress.parse(der.getData(), (byte)0x05, true); - } - if (der.getData().available() > 0) - throw new Asn1Exception(Krb5.ASN1_BAD_ID); } + der = encoding.getData().getDerValue(); + if (der.getTag() != DerValue.tag_Sequence) { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + subDer = der.getData().getDerValue(); + if ((subDer.getTag() & (byte) 0x1F) == (byte) 0x00) { + userData = subDer.getData().getOctetString(); + } else { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + timestamp = KerberosTime.parse(der.getData(), (byte) 0x01, true); + if ((der.getData().peekByte() & 0x1F) == 0x02) { + subDer = der.getData().getDerValue(); + usec = new Integer(subDer.getData().getBigInteger().intValue()); + } else { + usec = null; + } + if ((der.getData().peekByte() & 0x1F) == 0x03) { + subDer = der.getData().getDerValue(); + seqNumber = new Integer(subDer.getData().getBigInteger().intValue()); + } else { + seqNumber = null; + } + sAddress = HostAddress.parse(der.getData(), (byte) 0x04, false); + if (der.getData().available() > 0) { + rAddress = HostAddress.parse(der.getData(), (byte) 0x05, true); + } + if (der.getData().available() > 0) { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + } - /** - * Encodes an EncKrbPrivPart object. - * @return byte array of encoded EncKrbPrivPart object. - * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. - * @exception IOException if an I/O error occurs while reading encoded data. - */ - public byte[] asn1Encode() throws Asn1Exception, IOException { + /** + * Encodes an EncKrbPrivPart object. + * @return byte array of encoded EncKrbPrivPart object. + * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. + * @exception IOException if an I/O error occurs while reading encoded data. + */ + public byte[] asn1Encode() throws Asn1Exception, IOException { DerOutputStream temp = new DerOutputStream(); DerOutputStream bytes = new DerOutputStream(); - temp.putOctetString(userData); - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x00), temp); - if (timestamp != null) - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x01), timestamp.asn1Encode()); - if (usec != null) { - temp = new DerOutputStream(); - temp.putInteger(BigInteger.valueOf(usec.intValue())); - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x02), temp); - } - if (seqNumber != null) { - temp = new DerOutputStream(); - // encode as an unsigned integer (UInt32) - temp.putInteger(BigInteger.valueOf(seqNumber.longValue())); - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x03), temp); - } - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x04), sAddress.asn1Encode()); - if (rAddress != null) { - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x05), rAddress.asn1Encode()); - } - temp = new DerOutputStream(); - temp.write(DerValue.tag_Sequence, bytes); - bytes = new DerOutputStream(); - bytes.write(DerValue.createTag(DerValue.TAG_APPLICATION, true, (byte)0x1C), temp); - return bytes.toByteArray(); + temp.putOctetString(userData); + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x00), temp); + if (timestamp != null) { + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x01), timestamp.asn1Encode()); } + if (usec != null) { + temp = new DerOutputStream(); + temp.putInteger(BigInteger.valueOf(usec.intValue())); + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x02), temp); + } + if (seqNumber != null) { + temp = new DerOutputStream(); + // encode as an unsigned integer (UInt32) + temp.putInteger(BigInteger.valueOf(seqNumber.longValue())); + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x03), temp); + } + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x04), sAddress.asn1Encode()); + if (rAddress != null) { + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x05), rAddress.asn1Encode()); + } + temp = new DerOutputStream(); + temp.write(DerValue.tag_Sequence, bytes); + bytes = new DerOutputStream(); + bytes.write(DerValue.createTag(DerValue.TAG_APPLICATION, true, (byte) 0x1C), temp); + return bytes.toByteArray(); + } } diff --git a/jdk/src/share/classes/sun/security/krb5/internal/EncTGSRepPart.java b/jdk/src/share/classes/sun/security/krb5/internal/EncTGSRepPart.java index 95c100a020a..864115e52e9 100644 --- a/jdk/src/share/classes/sun/security/krb5/internal/EncTGSRepPart.java +++ b/jdk/src/share/classes/sun/security/krb5/internal/EncTGSRepPart.java @@ -35,55 +35,52 @@ import java.io.IOException; public class EncTGSRepPart extends EncKDCRepPart { - public EncTGSRepPart( - EncryptionKey new_key, - LastReq new_lastReq, - int new_nonce, - KerberosTime new_keyExpiration, - TicketFlags new_flags, - KerberosTime new_authtime, - KerberosTime new_starttime, - KerberosTime new_endtime, - KerberosTime new_renewTill, - Realm new_srealm, - PrincipalName new_sname, - HostAddresses new_caddr - ) { - super( - new_key, - new_lastReq, - new_nonce, - new_keyExpiration, - new_flags, - new_authtime, - new_starttime, - new_endtime, - new_renewTill, - new_srealm, - new_sname, - new_caddr, - Krb5.KRB_ENC_TGS_REP_PART - ); - } + public EncTGSRepPart( + EncryptionKey new_key, + LastReq new_lastReq, + int new_nonce, + KerberosTime new_keyExpiration, + TicketFlags new_flags, + KerberosTime new_authtime, + KerberosTime new_starttime, + KerberosTime new_endtime, + KerberosTime new_renewTill, + Realm new_srealm, + PrincipalName new_sname, + HostAddresses new_caddr) { + super( + new_key, + new_lastReq, + new_nonce, + new_keyExpiration, + new_flags, + new_authtime, + new_starttime, + new_endtime, + new_renewTill, + new_srealm, + new_sname, + new_caddr, + Krb5.KRB_ENC_TGS_REP_PART); + } - public EncTGSRepPart(byte[] data) throws Asn1Exception, - IOException, KrbException { - init(new DerValue(data)); - } + public EncTGSRepPart(byte[] data) throws Asn1Exception, + IOException, KrbException { + init(new DerValue(data)); + } - public EncTGSRepPart(DerValue encoding) throws Asn1Exception, - IOException, KrbException { - init(encoding); - } + public EncTGSRepPart(DerValue encoding) throws Asn1Exception, + IOException, KrbException { + init(encoding); + } - private void init(DerValue encoding) throws Asn1Exception, - IOException, KrbException { - init(encoding, Krb5.KRB_ENC_TGS_REP_PART); - } - - public byte[] asn1Encode() throws Asn1Exception, - IOException { - return asn1Encode(Krb5.KRB_ENC_TGS_REP_PART); - } + private void init(DerValue encoding) throws Asn1Exception, + IOException, KrbException { + init(encoding, Krb5.KRB_ENC_TGS_REP_PART); + } + public byte[] asn1Encode() throws Asn1Exception, + IOException { + return asn1Encode(Krb5.KRB_ENC_TGS_REP_PART); + } } diff --git a/jdk/src/share/classes/sun/security/krb5/internal/EncTicketPart.java b/jdk/src/share/classes/sun/security/krb5/internal/EncTicketPart.java index 5f315095825..73eb814445b 100644 --- a/jdk/src/share/classes/sun/security/krb5/internal/EncTicketPart.java +++ b/jdk/src/share/classes/sun/security/krb5/internal/EncTicketPart.java @@ -62,69 +62,68 @@ import java.io.*; * http://www.ietf.org/rfc/rfc4120.txt. */ public class EncTicketPart { - public TicketFlags flags; - public EncryptionKey key; - public Realm crealm; - public PrincipalName cname; - public TransitedEncoding transited; - public KerberosTime authtime; - public KerberosTime starttime; //optional - public KerberosTime endtime; - public KerberosTime renewTill; //optional - public HostAddresses caddr; //optional - public AuthorizationData authorizationData; //optional - public EncTicketPart( - TicketFlags new_flags, - EncryptionKey new_key, - Realm new_crealm, - PrincipalName new_cname, - TransitedEncoding new_transited, - KerberosTime new_authtime, - KerberosTime new_starttime, - KerberosTime new_endtime, - KerberosTime new_renewTill, - HostAddresses new_caddr, - AuthorizationData new_authorizationData - ) { - flags = new_flags; - key = new_key; - crealm = new_crealm; - cname = new_cname; - transited = new_transited; - authtime = new_authtime; - starttime = new_starttime; - endtime = new_endtime; - renewTill = new_renewTill; - caddr = new_caddr; - authorizationData = new_authorizationData; - } + public TicketFlags flags; + public EncryptionKey key; + public Realm crealm; + public PrincipalName cname; + public TransitedEncoding transited; + public KerberosTime authtime; + public KerberosTime starttime; //optional + public KerberosTime endtime; + public KerberosTime renewTill; //optional + public HostAddresses caddr; //optional + public AuthorizationData authorizationData; //optional - public EncTicketPart(byte[] data) - throws Asn1Exception, KrbException, IOException { - init(new DerValue(data)); - } + public EncTicketPart( + TicketFlags new_flags, + EncryptionKey new_key, + Realm new_crealm, + PrincipalName new_cname, + TransitedEncoding new_transited, + KerberosTime new_authtime, + KerberosTime new_starttime, + KerberosTime new_endtime, + KerberosTime new_renewTill, + HostAddresses new_caddr, + AuthorizationData new_authorizationData) { + flags = new_flags; + key = new_key; + crealm = new_crealm; + cname = new_cname; + transited = new_transited; + authtime = new_authtime; + starttime = new_starttime; + endtime = new_endtime; + renewTill = new_renewTill; + caddr = new_caddr; + authorizationData = new_authorizationData; + } - public EncTicketPart(DerValue encoding) - throws Asn1Exception, KrbException, IOException { - init(encoding); - } + public EncTicketPart(byte[] data) + throws Asn1Exception, KrbException, IOException { + init(new DerValue(data)); + } - /** - * Initializes an EncTicketPart object. - * @param encoding a single DER-encoded value. - * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. - * @exception IOException if an I/O error occurs while reading encoded data. - * @exception RealmException if an error occurs while parsing a Realm object. - */ + public EncTicketPart(DerValue encoding) + throws Asn1Exception, KrbException, IOException { + init(encoding); + } + /** + * Initializes an EncTicketPart object. + * @param encoding a single DER-encoded value. + * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. + * @exception IOException if an I/O error occurs while reading encoded data. + * @exception RealmException if an error occurs while parsing a Realm object. + */ private static String getHexBytes(byte[] bytes, int len) - throws IOException { + throws IOException { StringBuffer sb = new StringBuffer(); for (int i = 0; i < len; i++) { - int b1 = (bytes[i]>>4) & 0x0f; + int b1 = (bytes[i] >> 4) & 0x0f; int b2 = bytes[i] & 0x0f; sb.append(Integer.toHexString(b1)); @@ -134,73 +133,91 @@ public class EncTicketPart { return sb.toString(); } - private void init(DerValue encoding) - throws Asn1Exception, IOException, RealmException { - DerValue der, subDer; + private void init(DerValue encoding) + throws Asn1Exception, IOException, RealmException { + DerValue der, subDer; - renewTill = null; - caddr = null; - authorizationData = null; - if (((encoding.getTag() & (byte)0x1F) != (byte)0x03) + renewTill = null; + caddr = null; + authorizationData = null; + if (((encoding.getTag() & (byte) 0x1F) != (byte) 0x03) || (encoding.isApplication() != true) - || (encoding.isConstructed() != true)) - throw new Asn1Exception(Krb5.ASN1_BAD_ID); - der = encoding.getData().getDerValue(); - if (der.getTag() != DerValue.tag_Sequence) - throw new Asn1Exception(Krb5.ASN1_BAD_ID); - flags = TicketFlags.parse(der.getData(), (byte)0x00, false); - key = EncryptionKey.parse(der.getData(), (byte)0x01, false); - crealm = Realm.parse(der.getData(), (byte)0x02, false); - cname = PrincipalName.parse(der.getData(), (byte)0x03, false); - transited = TransitedEncoding.parse(der.getData(), (byte)0x04, false); - authtime = KerberosTime.parse(der.getData(), (byte)0x05, false); - starttime = KerberosTime.parse(der.getData(), (byte)0x06, true); - endtime = KerberosTime.parse(der.getData(), (byte)0x07, false); - if (der.getData().available() > 0) { - renewTill = KerberosTime.parse(der.getData(), (byte)0x08, true); - } - if (der.getData().available() > 0) { - caddr = HostAddresses.parse(der.getData(), (byte)0x09, true); - } - if (der.getData().available() > 0) { - authorizationData = AuthorizationData.parse(der.getData(), (byte)0x0A, true); - } - if (der.getData().available() > 0) - throw new Asn1Exception(Krb5.ASN1_BAD_ID); - + || (encoding.isConstructed() != true)) { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + der = encoding.getData().getDerValue(); + if (der.getTag() != DerValue.tag_Sequence) { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + flags = TicketFlags.parse(der.getData(), (byte) 0x00, false); + key = EncryptionKey.parse(der.getData(), (byte) 0x01, false); + crealm = Realm.parse(der.getData(), (byte) 0x02, false); + cname = PrincipalName.parse(der.getData(), (byte) 0x03, false); + transited = TransitedEncoding.parse(der.getData(), (byte) 0x04, false); + authtime = KerberosTime.parse(der.getData(), (byte) 0x05, false); + starttime = KerberosTime.parse(der.getData(), (byte) 0x06, true); + endtime = KerberosTime.parse(der.getData(), (byte) 0x07, false); + if (der.getData().available() > 0) { + renewTill = KerberosTime.parse(der.getData(), (byte) 0x08, true); + } + if (der.getData().available() > 0) { + caddr = HostAddresses.parse(der.getData(), (byte) 0x09, true); + } + if (der.getData().available() > 0) { + authorizationData = AuthorizationData.parse(der.getData(), (byte) 0x0A, true); + } + if (der.getData().available() > 0) { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); } - /** - * Encodes an EncTicketPart object. - * @return byte array of encoded EncTicketPart object. - * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. - * @exception IOException if an I/O error occurs while reading encoded data. - */ + } - public byte[] asn1Encode() throws Asn1Exception, IOException { + /** + * Encodes an EncTicketPart object. + * @return byte array of encoded EncTicketPart object. + * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. + * @exception IOException if an I/O error occurs while reading encoded data. + */ + public byte[] asn1Encode() throws Asn1Exception, IOException { DerOutputStream bytes = new DerOutputStream(); - DerOutputStream temp = new DerOutputStream(); - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x00), flags.asn1Encode()); - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x01), key.asn1Encode()); - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x02), crealm.asn1Encode()); - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x03), cname.asn1Encode()); - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x04), transited.asn1Encode()); - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x05), authtime.asn1Encode()); - if (starttime != null) - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x06), starttime.asn1Encode()); - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x07), endtime.asn1Encode()); - - if (renewTill != null) - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x08), renewTill.asn1Encode()); - - if (caddr != null) - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x09), caddr.asn1Encode()); - - if (authorizationData != null) - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x0A), authorizationData.asn1Encode()); - temp.write(DerValue.tag_Sequence, bytes); - bytes = new DerOutputStream(); - bytes.write(DerValue.createTag(DerValue.TAG_APPLICATION, true, (byte)0x03), temp); - return bytes.toByteArray(); + DerOutputStream temp = new DerOutputStream(); + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x00), flags.asn1Encode()); + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x01), key.asn1Encode()); + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x02), crealm.asn1Encode()); + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x03), cname.asn1Encode()); + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x04), transited.asn1Encode()); + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x05), authtime.asn1Encode()); + if (starttime != null) { + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x06), starttime.asn1Encode()); } + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x07), endtime.asn1Encode()); + + if (renewTill != null) { + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x08), renewTill.asn1Encode()); + } + + if (caddr != null) { + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x09), caddr.asn1Encode()); + } + + if (authorizationData != null) { + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x0A), authorizationData.asn1Encode()); + } + temp.write(DerValue.tag_Sequence, bytes); + bytes = new DerOutputStream(); + bytes.write(DerValue.createTag(DerValue.TAG_APPLICATION, + true, (byte) 0x03), temp); + return bytes.toByteArray(); + } } diff --git a/jdk/src/share/classes/sun/security/krb5/internal/KDCRep.java b/jdk/src/share/classes/sun/security/krb5/internal/KDCRep.java index ca1d777ed23..f7cc7180082 100644 --- a/jdk/src/share/classes/sun/security/krb5/internal/KDCRep.java +++ b/jdk/src/share/classes/sun/security/krb5/internal/KDCRep.java @@ -35,6 +35,7 @@ import sun.security.util.*; import java.util.Vector; import java.io.IOException; import java.math.BigInteger; + /** * Implements the ASN.1 KDC-REP type. * @@ -59,163 +60,168 @@ import java.math.BigInteger; * * http://www.ietf.org/rfc/rfc4120.txt. */ - public class KDCRep { - public Realm crealm; - public PrincipalName cname; - public Ticket ticket; - public EncryptedData encPart; - public EncKDCRepPart encKDCRepPart; //not part of ASN.1 encoding - private int pvno; - private int msgType; - private PAData[] pAData = null; //optional - private boolean DEBUG = Krb5.DEBUG; + public Realm crealm; + public PrincipalName cname; + public Ticket ticket; + public EncryptedData encPart; + public EncKDCRepPart encKDCRepPart; //not part of ASN.1 encoding + private int pvno; + private int msgType; + private PAData[] pAData = null; //optional + private boolean DEBUG = Krb5.DEBUG; - public KDCRep( - PAData[] new_pAData, - Realm new_crealm, - PrincipalName new_cname, - Ticket new_ticket, - EncryptedData new_encPart, - int req_type - ) throws IOException { - pvno = Krb5.PVNO; - msgType = req_type; - if (new_pAData != null) { - pAData = new PAData[new_pAData.length]; - for (int i = 0; i < new_pAData.length; i++) { - if (new_pAData[i] == null) { - throw new IOException("Cannot create a KDCRep"); - } else { - pAData[i] = (PAData)new_pAData[i].clone(); - } - } + public KDCRep( + PAData[] new_pAData, + Realm new_crealm, + PrincipalName new_cname, + Ticket new_ticket, + EncryptedData new_encPart, + int req_type) throws IOException { + pvno = Krb5.PVNO; + msgType = req_type; + if (new_pAData != null) { + pAData = new PAData[new_pAData.length]; + for (int i = 0; i < new_pAData.length; i++) { + if (new_pAData[i] == null) { + throw new IOException("Cannot create a KDCRep"); + } else { + pAData[i] = (PAData) new_pAData[i].clone(); } - crealm = new_crealm; - cname = new_cname; - ticket = new_ticket; - encPart = new_encPart; + } } + crealm = new_crealm; + cname = new_cname; + ticket = new_ticket; + encPart = new_encPart; + } - public KDCRep() { - } + public KDCRep() { + } - public KDCRep(byte[] data, int req_type) throws Asn1Exception, KrbApErrException, RealmException, IOException { - init(new DerValue(data), req_type); - } + public KDCRep(byte[] data, int req_type) throws Asn1Exception, + KrbApErrException, RealmException, IOException { + init(new DerValue(data), req_type); + } - public KDCRep(DerValue encoding, int req_type) throws Asn1Exception, - RealmException, KrbApErrException, IOException { - init(encoding, req_type); - } + public KDCRep(DerValue encoding, int req_type) throws Asn1Exception, + RealmException, KrbApErrException, IOException { + init(encoding, req_type); + } /* // Not used? Don't know what keyusage to use here %%% - - public void decrypt(EncryptionKey key) throws Asn1Exception, - IOException, KrbException, RealmException { - encKDCRepPart = new EncKDCRepPart(encPart.decrypt(key), - msgType); - } -*/ - - /** - * Initializes an KDCRep object. - * - * @param encoding a single DER-encoded value. - * @param req_type reply message type. - * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. - * @exception IOException if an I/O error occurs while reading encoded data. - * @exception RealmException if an error occurs while constructing a Realm object from DER-encoded data. - * @exception KrbApErrException if the value read from the DER-encoded data stream does not match the pre-defined value. - * - */ - protected void init(DerValue encoding, int req_type) + public void decrypt(EncryptionKey key) throws Asn1Exception, + IOException, KrbException, RealmException { + encKDCRepPart = new EncKDCRepPart(encPart.decrypt(key), msgType); + } + */ + /** + * Initializes an KDCRep object. + * + * @param encoding a single DER-encoded value. + * @param req_type reply message type. + * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. + * @exception IOException if an I/O error occurs while reading encoded data. + * @exception RealmException if an error occurs while constructing + * a Realm object from DER-encoded data. + * @exception KrbApErrException if the value read from the DER-encoded + * data stream does not match the pre-defined value. + * + */ + protected void init(DerValue encoding, int req_type) throws Asn1Exception, RealmException, IOException, - KrbApErrException { - DerValue der, subDer; - if ((encoding.getTag() & 0x1F) != req_type) { - if (DEBUG) { - System.out.println(">>> KDCRep: init() " + - "encoding tag is " + - encoding.getTag() + - " req type is " + req_type); - } - throw new Asn1Exception(Krb5.ASN1_BAD_ID); - } - der = encoding.getData().getDerValue(); - if (der.getTag() != DerValue.tag_Sequence) { - throw new Asn1Exception(Krb5.ASN1_BAD_ID); - } - subDer = der.getData().getDerValue(); - if ((subDer.getTag() & 0x1F) == 0x00) { - pvno = subDer.getData().getBigInteger().intValue(); - if (pvno != Krb5.PVNO) - throw new KrbApErrException(Krb5.KRB_AP_ERR_BADVERSION); - } else { - throw new Asn1Exception(Krb5.ASN1_BAD_ID); - } - subDer = der.getData().getDerValue(); - if ((subDer.getTag() & 0x1F) == 0x01) { - msgType = subDer.getData().getBigInteger().intValue(); - if (msgType != req_type) { - throw new KrbApErrException(Krb5.KRB_AP_ERR_MSG_TYPE); - } - } else { - throw new Asn1Exception(Krb5.ASN1_BAD_ID); - } - if ((der.getData().peekByte() & 0x1F) == 0x02) { - subDer = der.getData().getDerValue(); - DerValue[] padata = subDer.getData().getSequence(1); - pAData = new PAData[padata.length]; - for (int i = 0; i < padata.length; i++) { - pAData[i] = new PAData(padata[i]); - } - } else { - pAData = null; - } - crealm = Realm.parse(der.getData(), (byte)0x03, false); - cname = PrincipalName.parse(der.getData(), (byte)0x04, false); - ticket = Ticket.parse(der.getData(), (byte)0x05, false); - encPart = EncryptedData.parse(der.getData(), (byte)0x06, false); - if (der.getData().available() > 0) { - throw new Asn1Exception(Krb5.ASN1_BAD_ID); + KrbApErrException { + DerValue der, subDer; + if ((encoding.getTag() & 0x1F) != req_type) { + if (DEBUG) { + System.out.println(">>> KDCRep: init() " + + "encoding tag is " + + encoding.getTag() + + " req type is " + req_type); } + throw new Asn1Exception(Krb5.ASN1_BAD_ID); } - - - /** - * Encodes this object to a byte array. - * @return byte array of encoded APReq object. - * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. - * @exception IOException if an I/O error occurs while reading encoded data. - * - */ - public byte[] asn1Encode() throws Asn1Exception, IOException { - - DerOutputStream bytes = new DerOutputStream(); - DerOutputStream temp = new DerOutputStream(); - temp.putInteger(BigInteger.valueOf(pvno)); - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x00), temp); - temp = new DerOutputStream(); - temp.putInteger(BigInteger.valueOf(msgType)); - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x01), temp); - if (pAData != null && pAData.length > 0) { - DerOutputStream padata_stream = new DerOutputStream(); - for (int i = 0; i < pAData.length; i++) { - padata_stream.write(pAData[i].asn1Encode()); - } - temp = new DerOutputStream(); - temp.write(DerValue.tag_SequenceOf, padata_stream); - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x02), temp); - } - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x03), crealm.asn1Encode()); - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x04), cname.asn1Encode()); - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x05), ticket.asn1Encode()); - bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x06), encPart.asn1Encode()); - temp = new DerOutputStream(); - temp.write(DerValue.tag_Sequence, bytes); - return temp.toByteArray(); + der = encoding.getData().getDerValue(); + if (der.getTag() != DerValue.tag_Sequence) { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); } + subDer = der.getData().getDerValue(); + if ((subDer.getTag() & 0x1F) == 0x00) { + pvno = subDer.getData().getBigInteger().intValue(); + if (pvno != Krb5.PVNO) { + throw new KrbApErrException(Krb5.KRB_AP_ERR_BADVERSION); + } + } else { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + subDer = der.getData().getDerValue(); + if ((subDer.getTag() & 0x1F) == 0x01) { + msgType = subDer.getData().getBigInteger().intValue(); + if (msgType != req_type) { + throw new KrbApErrException(Krb5.KRB_AP_ERR_MSG_TYPE); + } + } else { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + if ((der.getData().peekByte() & 0x1F) == 0x02) { + subDer = der.getData().getDerValue(); + DerValue[] padata = subDer.getData().getSequence(1); + pAData = new PAData[padata.length]; + for (int i = 0; i < padata.length; i++) { + pAData[i] = new PAData(padata[i]); + } + } else { + pAData = null; + } + crealm = Realm.parse(der.getData(), (byte) 0x03, false); + cname = PrincipalName.parse(der.getData(), (byte) 0x04, false); + ticket = Ticket.parse(der.getData(), (byte) 0x05, false); + encPart = EncryptedData.parse(der.getData(), (byte) 0x06, false); + if (der.getData().available() > 0) { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + } + + /** + * Encodes this object to a byte array. + * @return byte array of encoded APReq object. + * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. + * @exception IOException if an I/O error occurs while reading encoded data. + * + */ + public byte[] asn1Encode() throws Asn1Exception, IOException { + + DerOutputStream bytes = new DerOutputStream(); + DerOutputStream temp = new DerOutputStream(); + temp.putInteger(BigInteger.valueOf(pvno)); + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x00), temp); + temp = new DerOutputStream(); + temp.putInteger(BigInteger.valueOf(msgType)); + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x01), temp); + if (pAData != null && pAData.length > 0) { + DerOutputStream padata_stream = new DerOutputStream(); + for (int i = 0; i < pAData.length; i++) { + padata_stream.write(pAData[i].asn1Encode()); + } + temp = new DerOutputStream(); + temp.write(DerValue.tag_SequenceOf, padata_stream); + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x02), temp); + } + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x03), crealm.asn1Encode()); + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x04), cname.asn1Encode()); + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x05), ticket.asn1Encode()); + bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x06), encPart.asn1Encode()); + temp = new DerOutputStream(); + temp.write(DerValue.tag_Sequence, bytes); + return temp.toByteArray(); + } } diff --git a/jdk/src/share/classes/sun/security/krb5/internal/KDCReq.java b/jdk/src/share/classes/sun/security/krb5/internal/KDCReq.java index 2f049895695..fee4567c3c6 100644 --- a/jdk/src/share/classes/sun/security/krb5/internal/KDCReq.java +++ b/jdk/src/share/classes/sun/security/krb5/internal/KDCReq.java @@ -56,155 +56,160 @@ import java.math.BigInteger; * * http://www.ietf.org/rfc/rfc4120.txt. */ - public class KDCReq { - public KDCReqBody reqBody; - private int pvno; - private int msgType; - private PAData[] pAData = null; //optional + public KDCReqBody reqBody; + private int pvno; + private int msgType; + private PAData[] pAData = null; //optional - public KDCReq(PAData[] new_pAData, KDCReqBody new_reqBody, - int req_type) throws IOException { - pvno = Krb5.PVNO; - msgType = req_type; - if (new_pAData != null) { - pAData = new PAData[new_pAData.length]; - for (int i = 0; i < new_pAData.length; i++) { - if (new_pAData[i] == null) { - throw new IOException("Cannot create a KDCRep"); - } else { - pAData[i] = (PAData)new_pAData[i].clone(); - } - } + public KDCReq(PAData[] new_pAData, KDCReqBody new_reqBody, + int req_type) throws IOException { + pvno = Krb5.PVNO; + msgType = req_type; + if (new_pAData != null) { + pAData = new PAData[new_pAData.length]; + for (int i = 0; i < new_pAData.length; i++) { + if (new_pAData[i] == null) { + throw new IOException("Cannot create a KDCRep"); + } else { + pAData[i] = (PAData) new_pAData[i].clone(); } - reqBody = new_reqBody; + } } + reqBody = new_reqBody; + } - public KDCReq() { - } + public KDCReq() { + } - public KDCReq(byte[] data, int req_type) throws Asn1Exception, - IOException, KrbException { + public KDCReq(byte[] data, int req_type) throws Asn1Exception, + IOException, KrbException { init(new DerValue(data), req_type); - } + } /** - * Creates an KDCReq object from a DerValue object and asn1 type. - * - * @param der a DER value of an KDCReq object. - * @param req_type a encoded asn1 type value. - * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. - * @exception IOException if an I/O error occurs while reading encoded data. - * @exceptoin KrbErrException - */ + * Creates an KDCReq object from a DerValue object and asn1 type. + * + * @param der a DER value of an KDCReq object. + * @param req_type a encoded asn1 type value. + * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. + * @exception IOException if an I/O error occurs while reading encoded data. + * @exceptoin KrbErrException + */ public KDCReq(DerValue der, int req_type) throws Asn1Exception, - IOException, KrbException { - init(der, req_type); - } + IOException, KrbException { + init(der, req_type); + } - /** - * Initializes a KDCReq object from a DerValue. The DER encoding - * must be in the format specified by the KRB_KDC_REQ ASN.1 notation. - * - * @param encoding a DER-encoded KDCReq object. - * @param req_type an int indicating whether it's KRB_AS_REQ or KRB_TGS_REQ type - * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. - * @exception IOException if an I/O error occurs while reading encoded data. - * @exception KrbException if an error occurs while constructing a Realm object, - * or a Krb object from DER-encoded data. - */ + /** + * Initializes a KDCReq object from a DerValue. The DER encoding + * must be in the format specified by the KRB_KDC_REQ ASN.1 notation. + * + * @param encoding a DER-encoded KDCReq object. + * @param req_type an int indicating whether it's KRB_AS_REQ or KRB_TGS_REQ type + * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. + * @exception IOException if an I/O error occurs while reading encoded data. + * @exception KrbException if an error occurs while constructing a Realm object, + * or a Krb object from DER-encoded data. + */ protected void init(DerValue encoding, int req_type) throws Asn1Exception, - IOException, KrbException { - DerValue der, subDer; - BigInteger bint; - if ((encoding.getTag() & 0x1F) != req_type) { - throw new Asn1Exception(Krb5.ASN1_BAD_ID); - } - der = encoding.getData().getDerValue(); - if (der.getTag() != DerValue.tag_Sequence) { + IOException, KrbException { + DerValue der, subDer; + BigInteger bint; + if ((encoding.getTag() & 0x1F) != req_type) { throw new Asn1Exception(Krb5.ASN1_BAD_ID); - } - subDer = der.getData().getDerValue(); - if ((subDer.getTag() & 0x01F) == 0x01) { - bint = subDer.getData().getBigInteger(); - this.pvno = bint.intValue(); - if (this.pvno != Krb5.PVNO) - throw new KrbApErrException(Krb5.KRB_AP_ERR_BADVERSION); - } - else - throw new Asn1Exception(Krb5.ASN1_BAD_ID); - subDer = der.getData().getDerValue(); - if ((subDer.getTag() & 0x01F) == 0x02) { - bint = subDer.getData().getBigInteger(); - this.msgType = bint.intValue(); - if (this.msgType != req_type) - throw new KrbApErrException(Krb5.KRB_AP_ERR_MSG_TYPE); - } - else - throw new Asn1Exception(Krb5.ASN1_BAD_ID); - subDer = der.getData().getDerValue(); - if ((subDer.getTag() & 0x01F) == 0x03) { - DerValue subsubDer = subDer.getData().getDerValue(); - if (subsubDer.getTag() != DerValue.tag_SequenceOf) { - throw new Asn1Exception(Krb5.ASN1_BAD_ID); - } - Vector v = new Vector (); - while (subsubDer.getData().available() > 0) { - v.addElement(new PAData(subsubDer.getData().getDerValue())); - } - if (v.size() > 0) { - pAData = new PAData[v.size()]; - v.copyInto(pAData); - } - } - else pAData = null; - subDer = der.getData().getDerValue(); - if ((subDer.getTag() & 0x01F) == 0x04) { - DerValue subsubDer = subDer.getData().getDerValue(); - reqBody = new KDCReqBody(subsubDer, msgType); - } - else - throw new Asn1Exception(Krb5.ASN1_BAD_ID); } + der = encoding.getData().getDerValue(); + if (der.getTag() != DerValue.tag_Sequence) { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + subDer = der.getData().getDerValue(); + if ((subDer.getTag() & 0x01F) == 0x01) { + bint = subDer.getData().getBigInteger(); + this.pvno = bint.intValue(); + if (this.pvno != Krb5.PVNO) { + throw new KrbApErrException(Krb5.KRB_AP_ERR_BADVERSION); + } + } else { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + subDer = der.getData().getDerValue(); + if ((subDer.getTag() & 0x01F) == 0x02) { + bint = subDer.getData().getBigInteger(); + this.msgType = bint.intValue(); + if (this.msgType != req_type) { + throw new KrbApErrException(Krb5.KRB_AP_ERR_MSG_TYPE); + } + } else { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + subDer = der.getData().getDerValue(); + if ((subDer.getTag() & 0x01F) == 0x03) { + DerValue subsubDer = subDer.getData().getDerValue(); + if (subsubDer.getTag() != DerValue.tag_SequenceOf) { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + Vector v = new Vector(); + while (subsubDer.getData().available() > 0) { + v.addElement(new PAData(subsubDer.getData().getDerValue())); + } + if (v.size() > 0) { + pAData = new PAData[v.size()]; + v.copyInto(pAData); + } + } else { + pAData = null; + } + subDer = der.getData().getDerValue(); + if ((subDer.getTag() & 0x01F) == 0x04) { + DerValue subsubDer = subDer.getData().getDerValue(); + reqBody = new KDCReqBody(subsubDer, msgType); + } else { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + } - /** - * Encodes this object to a byte array. - * - * @return an byte array of encoded data. - * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. - * @exception IOException if an I/O error occurs while reading encoded data. - * - */ + /** + * Encodes this object to a byte array. + * + * @return an byte array of encoded data. + * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. + * @exception IOException if an I/O error occurs while reading encoded data. + * + */ public byte[] asn1Encode() throws Asn1Exception, IOException { - DerOutputStream temp, bytes, out; - temp = new DerOutputStream(); - temp.putInteger(BigInteger.valueOf(pvno)); - out = new DerOutputStream(); - out.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x01), temp); - temp = new DerOutputStream(); - temp.putInteger(BigInteger.valueOf(msgType)); - out.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x02), temp); + DerOutputStream temp, bytes, out; + temp = new DerOutputStream(); + temp.putInteger(BigInteger.valueOf(pvno)); + out = new DerOutputStream(); + out.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x01), temp); + temp = new DerOutputStream(); + temp.putInteger(BigInteger.valueOf(msgType)); + out.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x02), temp); if (pAData != null && pAData.length > 0) { - temp = new DerOutputStream(); - for (int i = 0; i < pAData.length; i++) { - temp.write(pAData[i].asn1Encode()); - } - bytes = new DerOutputStream(); - bytes.write(DerValue.tag_SequenceOf, temp); - out.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x03), bytes); - } - out.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x04), reqBody.asn1Encode(msgType)); - bytes = new DerOutputStream(); - bytes.write(DerValue.tag_Sequence, out); - out = new DerOutputStream(); - out.write(DerValue.createTag(DerValue.TAG_APPLICATION, true, (byte)msgType), bytes); - return out.toByteArray(); - } - - public byte[] asn1EncodeReqBody() throws Asn1Exception, IOException - { - return reqBody.asn1Encode(msgType); + temp = new DerOutputStream(); + for (int i = 0; i < pAData.length; i++) { + temp.write(pAData[i].asn1Encode()); + } + bytes = new DerOutputStream(); + bytes.write(DerValue.tag_SequenceOf, temp); + out.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x03), bytes); } + out.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x04), reqBody.asn1Encode(msgType)); + bytes = new DerOutputStream(); + bytes.write(DerValue.tag_Sequence, out); + out = new DerOutputStream(); + out.write(DerValue.createTag(DerValue.TAG_APPLICATION, + true, (byte) msgType), bytes); + return out.toByteArray(); + } + public byte[] asn1EncodeReqBody() throws Asn1Exception, IOException { + return reqBody.asn1Encode(msgType); + } } diff --git a/jdk/src/share/classes/sun/security/krb5/internal/KRBCred.java b/jdk/src/share/classes/sun/security/krb5/internal/KRBCred.java index 2c364e834b0..a30ca6d2929 100644 --- a/jdk/src/share/classes/sun/security/krb5/internal/KRBCred.java +++ b/jdk/src/share/classes/sun/security/krb5/internal/KRBCred.java @@ -56,128 +56,134 @@ import java.math.BigInteger; * * http://www.ietf.org/rfc/rfc4120.txt. */ - public class KRBCred { - public Ticket[] tickets = null; - public EncryptedData encPart; - private int pvno; - private int msgType; + public Ticket[] tickets = null; + public EncryptedData encPart; + private int pvno; + private int msgType; - public KRBCred(Ticket[] new_tickets, EncryptedData new_encPart) throws IOException { - pvno = Krb5.PVNO; - msgType = Krb5.KRB_CRED; - if (new_tickets != null) { - tickets = new Ticket[new_tickets.length]; - for (int i = 0; i < new_tickets.length; i++) { - if (new_tickets[i] == null) { - throw new IOException("Cannot create a KRBCred"); - } else { - tickets[i] = (Ticket)new_tickets[i].clone(); - } - } + public KRBCred(Ticket[] new_tickets, EncryptedData new_encPart) throws IOException { + pvno = Krb5.PVNO; + msgType = Krb5.KRB_CRED; + if (new_tickets != null) { + tickets = new Ticket[new_tickets.length]; + for (int i = 0; i < new_tickets.length; i++) { + if (new_tickets[i] == null) { + throw new IOException("Cannot create a KRBCred"); + } else { + tickets[i] = (Ticket) new_tickets[i].clone(); } - encPart = new_encPart; + } } + encPart = new_encPart; + } - public KRBCred(byte[] data) throws Asn1Exception, - RealmException, KrbApErrException, IOException { - init(new DerValue(data)); + public KRBCred(byte[] data) throws Asn1Exception, + RealmException, KrbApErrException, IOException { + init(new DerValue(data)); + } + + public KRBCred(DerValue encoding) throws Asn1Exception, + RealmException, KrbApErrException, IOException { + init(encoding); + } + + /** + * Initializes an KRBCred object. + * @param encoding a single DER-encoded value. + * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. + * @exception IOException if an I/O error occurs while reading encoded data. + * @exception KrbApErrException if the value read from the DER-encoded data + * stream does not match the pre-defined value. + * @exception RealmException if an error occurs while parsing a Realm object. + */ + private void init(DerValue encoding) throws Asn1Exception, + RealmException, KrbApErrException, IOException { + if (((encoding.getTag() & (byte) 0x1F) != (byte) 0x16) + || (encoding.isApplication() != true) + || (encoding.isConstructed() != true)) { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); } - - public KRBCred(DerValue encoding) throws Asn1Exception, - RealmException, KrbApErrException, IOException { - init(encoding); - } - - /** - * Initializes an KRBCred object. - * @param encoding a single DER-encoded value. - * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. - * @exception IOException if an I/O error occurs while reading encoded data. - * @exception KrbApErrException if the value read from the DER-encoded data - * stream does not match the pre-defined value. - * @exception RealmException if an error occurs while parsing a Realm object. - */ - private void init(DerValue encoding) throws Asn1Exception, - RealmException, KrbApErrException, IOException { - if (((encoding.getTag() & (byte)0x1F) != (byte)0x16) - || (encoding.isApplication() != true) - || (encoding.isConstructed() != true)) - throw new Asn1Exception(Krb5.ASN1_BAD_ID); DerValue der, subDer; - der = encoding.getData().getDerValue(); - if (der.getTag() != DerValue.tag_Sequence) - throw new Asn1Exception(Krb5.ASN1_BAD_ID); - subDer = der.getData().getDerValue(); - if ((subDer.getTag() & 0x1F) == 0x00) { - pvno = subDer.getData().getBigInteger().intValue(); - if (pvno != Krb5.PVNO) { - throw new KrbApErrException(Krb5.KRB_AP_ERR_BADVERSION); - } - } - else - throw new Asn1Exception(Krb5.ASN1_BAD_ID); - subDer = der.getData().getDerValue(); - if ((subDer.getTag() & 0x1F) == 0x01) { - msgType = subDer.getData().getBigInteger().intValue(); - if (msgType != Krb5.KRB_CRED) - throw new KrbApErrException(Krb5.KRB_AP_ERR_MSG_TYPE); - } - else - throw new Asn1Exception(Krb5.ASN1_BAD_ID); - subDer = der.getData().getDerValue(); - if ((subDer.getTag() & 0x1F) == 0x02) { - DerValue subsubDer = subDer.getData().getDerValue(); - if (subsubDer.getTag() != DerValue.tag_SequenceOf) { - throw new Asn1Exception(Krb5.ASN1_BAD_ID); - } - Vector v = new Vector (); - while (subsubDer.getData().available() > 0) { - v.addElement(new Ticket(subsubDer.getData().getDerValue())); - } - if (v.size() > 0) { - tickets = new Ticket[v.size()]; - v.copyInto(tickets); - } - } - else - throw new Asn1Exception(Krb5.ASN1_BAD_ID); - encPart = EncryptedData.parse(der.getData(), (byte)0x03, false); - - if (der.getData().available() > 0) - throw new Asn1Exception(Krb5.ASN1_BAD_ID); + der = encoding.getData().getDerValue(); + if (der.getTag() != DerValue.tag_Sequence) { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); } + subDer = der.getData().getDerValue(); + if ((subDer.getTag() & 0x1F) == 0x00) { + pvno = subDer.getData().getBigInteger().intValue(); + if (pvno != Krb5.PVNO) { + throw new KrbApErrException(Krb5.KRB_AP_ERR_BADVERSION); + } + } else { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + subDer = der.getData().getDerValue(); + if ((subDer.getTag() & 0x1F) == 0x01) { + msgType = subDer.getData().getBigInteger().intValue(); + if (msgType != Krb5.KRB_CRED) { + throw new KrbApErrException(Krb5.KRB_AP_ERR_MSG_TYPE); + } + } else { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + subDer = der.getData().getDerValue(); + if ((subDer.getTag() & 0x1F) == 0x02) { + DerValue subsubDer = subDer.getData().getDerValue(); + if (subsubDer.getTag() != DerValue.tag_SequenceOf) { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + Vector v = new Vector(); + while (subsubDer.getData().available() > 0) { + v.addElement(new Ticket(subsubDer.getData().getDerValue())); + } + if (v.size() > 0) { + tickets = new Ticket[v.size()]; + v.copyInto(tickets); + } + } else { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + encPart = EncryptedData.parse(der.getData(), (byte) 0x03, false); + if (der.getData().available() > 0) { + throw new Asn1Exception(Krb5.ASN1_BAD_ID); + } + } - /** - * Encodes an KRBCred object. - * @return the data of encoded EncAPRepPart object. - * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. - * @exception IOException if an I/O error occurs while reading encoded data. - */ - public byte[] asn1Encode() throws Asn1Exception, IOException { + /** + * Encodes an KRBCred object. + * @return the data of encoded EncAPRepPart object. + * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. + * @exception IOException if an I/O error occurs while reading encoded data. + */ + public byte[] asn1Encode() throws Asn1Exception, IOException { DerOutputStream temp, bytes, out; temp = new DerOutputStream(); temp.putInteger(BigInteger.valueOf(pvno)); out = new DerOutputStream(); - out.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x00), temp); - temp = new DerOutputStream(); - temp.putInteger(BigInteger.valueOf(msgType)); - out.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x01), temp); + out.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x00), temp); temp = new DerOutputStream(); - for (int i = 0; i < tickets.length; i++) { - temp.write(tickets[i].asn1Encode()); - } + temp.putInteger(BigInteger.valueOf(msgType)); + out.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x01), temp); + temp = new DerOutputStream(); + for (int i = 0; i < tickets.length; i++) { + temp.write(tickets[i].asn1Encode()); + } bytes = new DerOutputStream(); bytes.write(DerValue.tag_SequenceOf, temp); - out.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x02), bytes); - out.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x03), encPart.asn1Encode()); + out.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x02), bytes); + out.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) 0x03), encPart.asn1Encode()); bytes = new DerOutputStream(); bytes.write(DerValue.tag_Sequence, out); - out = new DerOutputStream(); - out.write(DerValue.createTag(DerValue.TAG_APPLICATION, true, (byte)0x16), bytes); - return out.toByteArray(); - } - + out = new DerOutputStream(); + out.write(DerValue.createTag(DerValue.TAG_APPLICATION, + true, (byte) 0x16), bytes); + return out.toByteArray(); + } } diff --git a/jdk/src/share/classes/sun/security/krb5/internal/KrbCredInfo.java b/jdk/src/share/classes/sun/security/krb5/internal/KrbCredInfo.java index 3853ab579cc..08a21b66589 100644 --- a/jdk/src/share/classes/sun/security/krb5/internal/KrbCredInfo.java +++ b/jdk/src/share/classes/sun/security/krb5/internal/KrbCredInfo.java @@ -111,7 +111,7 @@ public class KrbCredInfo { * @exception RealmException if an error occurs while parsing a Realm object. */ public KrbCredInfo(DerValue encoding) - throws Asn1Exception, IOException, RealmException{ + throws Asn1Exception, IOException, RealmException{ if (encoding.getTag() != DerValue.tag_Sequence) { throw new Asn1Exception(Krb5.ASN1_BAD_ID); } @@ -160,25 +160,25 @@ public class KrbCredInfo { Vector v = new Vector (); v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x00), key.asn1Encode())); if (prealm != null) - v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x01), prealm.asn1Encode())); + v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x01), prealm.asn1Encode())); if (pname != null) - v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x02), pname.asn1Encode())); + v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x02), pname.asn1Encode())); if (flags != null) - v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x03), flags.asn1Encode())); + v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x03), flags.asn1Encode())); if (authtime != null) - v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x04), authtime.asn1Encode())); + v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x04), authtime.asn1Encode())); if (starttime != null) - v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x05), starttime.asn1Encode())); + v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x05), starttime.asn1Encode())); if (endtime != null) - v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x06), endtime.asn1Encode())); + v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x06), endtime.asn1Encode())); if (renewTill != null) - v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x07), renewTill.asn1Encode())); + v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x07), renewTill.asn1Encode())); if (srealm != null) - v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x08), srealm.asn1Encode())); + v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x08), srealm.asn1Encode())); if (sname != null) - v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x09), sname.asn1Encode())); + v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x09), sname.asn1Encode())); if (caddr != null) - v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x0A), caddr.asn1Encode())); + v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x0A), caddr.asn1Encode())); DerValue der[] = new DerValue[v.size()]; v.copyInto(der); DerOutputStream out = new DerOutputStream(); diff --git a/jdk/src/share/classes/sun/security/krb5/internal/ccache/Credentials.java b/jdk/src/share/classes/sun/security/krb5/internal/ccache/Credentials.java index 4665d9f63dc..0c7b1ed32b2 100644 --- a/jdk/src/share/classes/sun/security/krb5/internal/ccache/Credentials.java +++ b/jdk/src/share/classes/sun/security/krb5/internal/ccache/Credentials.java @@ -34,168 +34,171 @@ import sun.security.krb5.*; import sun.security.krb5.internal.*; public class Credentials { - PrincipalName cname; - Realm crealm; + + PrincipalName cname; + Realm crealm; PrincipalName sname; - Realm srealm; - EncryptionKey key; - KerberosTime authtime; - KerberosTime starttime;//optional - KerberosTime endtime; - KerberosTime renewTill; //optional - HostAddresses caddr; //optional; for proxied tickets only + Realm srealm; + EncryptionKey key; + KerberosTime authtime; + KerberosTime starttime;//optional + KerberosTime endtime; + KerberosTime renewTill; //optional + HostAddresses caddr; //optional; for proxied tickets only AuthorizationData authorizationData; //optional, not being actually used public boolean isEncInSKey; // true if ticket is encrypted in another ticket's skey - TicketFlags flags; + TicketFlags flags; Ticket ticket; - Ticket secondTicket; //optional - private boolean DEBUG = Krb5.DEBUG; + Ticket secondTicket; //optional + private boolean DEBUG = Krb5.DEBUG; - public Credentials( - PrincipalName new_cname, - PrincipalName new_sname, - EncryptionKey new_key, - KerberosTime new_authtime, - KerberosTime new_starttime, - KerberosTime new_endtime, - KerberosTime new_renewTill, - boolean new_isEncInSKey, - TicketFlags new_flags, - HostAddresses new_caddr, - AuthorizationData new_authData, - Ticket new_ticket, - Ticket new_secondTicket) { - cname = (PrincipalName)new_cname.clone(); - if (new_cname.getRealm() != null) - crealm = (Realm)new_cname.getRealm().clone(); - - sname = (PrincipalName)new_sname.clone(); - if (new_sname.getRealm() != null) - srealm = (Realm)new_sname.getRealm().clone(); - - key = (EncryptionKey)new_key.clone(); - - authtime = (KerberosTime)new_authtime.clone(); - starttime = (KerberosTime)new_starttime.clone(); - endtime = (KerberosTime)new_endtime.clone(); - renewTill = (KerberosTime)new_renewTill.clone(); - if (new_caddr != null) - caddr = (HostAddresses)new_caddr.clone(); - if (new_authData != null) { - authorizationData - = (AuthorizationData)new_authData.clone(); - } - - isEncInSKey = new_isEncInSKey; - flags = (TicketFlags)new_flags.clone(); - ticket = (Ticket)(new_ticket.clone()); - if (new_secondTicket != null) - secondTicket = (Ticket)new_secondTicket.clone(); + public Credentials( + PrincipalName new_cname, + PrincipalName new_sname, + EncryptionKey new_key, + KerberosTime new_authtime, + KerberosTime new_starttime, + KerberosTime new_endtime, + KerberosTime new_renewTill, + boolean new_isEncInSKey, + TicketFlags new_flags, + HostAddresses new_caddr, + AuthorizationData new_authData, + Ticket new_ticket, + Ticket new_secondTicket) { + cname = (PrincipalName) new_cname.clone(); + if (new_cname.getRealm() != null) { + crealm = (Realm) new_cname.getRealm().clone(); } - - - public Credentials( - KDCRep kdcRep, - Ticket new_secondTicket, - AuthorizationData new_authorizationData, - boolean new_isEncInSKey - ) { - if (kdcRep.encKDCRepPart == null) //can't store while encrypted - return; - crealm = (Realm)kdcRep.crealm.clone(); - cname = (PrincipalName)kdcRep.cname.clone(); - ticket = (Ticket)kdcRep.ticket.clone(); - key = (EncryptionKey)kdcRep.encKDCRepPart.key.clone(); - flags = (TicketFlags)kdcRep.encKDCRepPart.flags.clone(); - authtime = (KerberosTime)kdcRep.encKDCRepPart.authtime.clone(); - starttime = (KerberosTime)kdcRep.encKDCRepPart.starttime.clone(); - endtime = (KerberosTime)kdcRep.encKDCRepPart.endtime.clone(); - renewTill = (KerberosTime)kdcRep.encKDCRepPart.renewTill.clone(); - srealm = (Realm)kdcRep.encKDCRepPart.srealm.clone(); - sname = (PrincipalName)kdcRep.encKDCRepPart.sname.clone(); - caddr = (HostAddresses)kdcRep.encKDCRepPart.caddr.clone(); - secondTicket = (Ticket)new_secondTicket.clone(); - authorizationData = - (AuthorizationData)new_authorizationData.clone(); - isEncInSKey = new_isEncInSKey; + sname = (PrincipalName) new_sname.clone(); + if (new_sname.getRealm() != null) { + srealm = (Realm) new_sname.getRealm().clone(); } - public Credentials(KDCRep kdcRep) { - this(kdcRep, null); + key = (EncryptionKey) new_key.clone(); + + authtime = (KerberosTime) new_authtime.clone(); + starttime = (KerberosTime) new_starttime.clone(); + endtime = (KerberosTime) new_endtime.clone(); + renewTill = (KerberosTime) new_renewTill.clone(); + if (new_caddr != null) { + caddr = (HostAddresses) new_caddr.clone(); + } + if (new_authData != null) { + authorizationData = (AuthorizationData) new_authData.clone(); } - public Credentials(KDCRep kdcRep, Ticket new_ticket) { - sname = (PrincipalName)kdcRep.encKDCRepPart.sname.clone(); - srealm = (Realm)kdcRep.encKDCRepPart.srealm.clone(); - try { - sname.setRealm(srealm); - } - catch (RealmException e) { - } - cname = (PrincipalName)kdcRep.cname.clone(); - crealm = (Realm)kdcRep.crealm.clone(); - try { - cname.setRealm(crealm); - } - catch (RealmException e) { - } - key = (EncryptionKey)kdcRep.encKDCRepPart.key.clone(); - authtime = (KerberosTime)kdcRep.encKDCRepPart.authtime.clone(); - if (kdcRep.encKDCRepPart.starttime != null) { - starttime = (KerberosTime)kdcRep.encKDCRepPart.starttime.clone(); - } - else starttime = null; - endtime = (KerberosTime)kdcRep.encKDCRepPart.endtime.clone(); - if (kdcRep.encKDCRepPart.renewTill != null) { - renewTill = (KerberosTime)kdcRep.encKDCRepPart.renewTill.clone(); - } - else renewTill = null; - // if (kdcRep.msgType == Krb5.KRB_AS_REP) { - // isEncInSKey = false; - // secondTicket = null; - // } - flags = kdcRep.encKDCRepPart.flags; - if (kdcRep.encKDCRepPart.caddr != null) - caddr = (HostAddresses)kdcRep.encKDCRepPart.caddr.clone(); - else caddr = null; - ticket = (Ticket)kdcRep.ticket.clone(); - if (new_ticket != null) { - secondTicket = (Ticket)new_ticket.clone(); - isEncInSKey = true; - } else { - secondTicket = null; - isEncInSKey = false; - } + isEncInSKey = new_isEncInSKey; + flags = (TicketFlags) new_flags.clone(); + ticket = (Ticket) (new_ticket.clone()); + if (new_secondTicket != null) { + secondTicket = (Ticket) new_secondTicket.clone(); } + } - /** - * Checks if this credential is expired - */ - public boolean isValid() { - boolean valid = true; - if (endtime.getTime() < System.currentTimeMillis()) { - valid = false; - } - else if ((starttime.getTime() > System.currentTimeMillis()) - || ((starttime == null) && (authtime.getTime() > System.currentTimeMillis()))) - { - valid = false; - } - return valid; + public Credentials( + KDCRep kdcRep, + Ticket new_secondTicket, + AuthorizationData new_authorizationData, + boolean new_isEncInSKey) { + if (kdcRep.encKDCRepPart == null) //can't store while encrypted + { + return; } + crealm = (Realm) kdcRep.crealm.clone(); + cname = (PrincipalName) kdcRep.cname.clone(); + ticket = (Ticket) kdcRep.ticket.clone(); + key = (EncryptionKey) kdcRep.encKDCRepPart.key.clone(); + flags = (TicketFlags) kdcRep.encKDCRepPart.flags.clone(); + authtime = (KerberosTime) kdcRep.encKDCRepPart.authtime.clone(); + starttime = (KerberosTime) kdcRep.encKDCRepPart.starttime.clone(); + endtime = (KerberosTime) kdcRep.encKDCRepPart.endtime.clone(); + renewTill = (KerberosTime) kdcRep.encKDCRepPart.renewTill.clone(); + srealm = (Realm) kdcRep.encKDCRepPart.srealm.clone(); + sname = (PrincipalName) kdcRep.encKDCRepPart.sname.clone(); + caddr = (HostAddresses) kdcRep.encKDCRepPart.caddr.clone(); + secondTicket = (Ticket) new_secondTicket.clone(); + authorizationData = + (AuthorizationData) new_authorizationData.clone(); + isEncInSKey = new_isEncInSKey; + } - public PrincipalName getServicePrincipal() throws RealmException{ - if (sname.getRealm() == null) { - sname.setRealm(srealm); - } - return sname; - } + public Credentials(KDCRep kdcRep) { + this(kdcRep, null); + } - public sun.security.krb5.Credentials setKrbCreds() { - return new sun.security.krb5.Credentials(ticket, - cname, sname, key, flags, authtime, starttime, endtime, renewTill, caddr); + public Credentials(KDCRep kdcRep, Ticket new_ticket) { + sname = (PrincipalName) kdcRep.encKDCRepPart.sname.clone(); + srealm = (Realm) kdcRep.encKDCRepPart.srealm.clone(); + try { + sname.setRealm(srealm); + } catch (RealmException e) { } + cname = (PrincipalName) kdcRep.cname.clone(); + crealm = (Realm) kdcRep.crealm.clone(); + try { + cname.setRealm(crealm); + } catch (RealmException e) { + } + key = (EncryptionKey) kdcRep.encKDCRepPart.key.clone(); + authtime = (KerberosTime) kdcRep.encKDCRepPart.authtime.clone(); + if (kdcRep.encKDCRepPart.starttime != null) { + starttime = (KerberosTime) kdcRep.encKDCRepPart.starttime.clone(); + } else { + starttime = null; + } + endtime = (KerberosTime) kdcRep.encKDCRepPart.endtime.clone(); + if (kdcRep.encKDCRepPart.renewTill != null) { + renewTill = (KerberosTime) kdcRep.encKDCRepPart.renewTill.clone(); + } else { + renewTill = null; + } + // if (kdcRep.msgType == Krb5.KRB_AS_REP) { + // isEncInSKey = false; + // secondTicket = null; + // } + flags = kdcRep.encKDCRepPart.flags; + if (kdcRep.encKDCRepPart.caddr != null) { + caddr = (HostAddresses) kdcRep.encKDCRepPart.caddr.clone(); + } else { + caddr = null; + } + ticket = (Ticket) kdcRep.ticket.clone(); + if (new_ticket != null) { + secondTicket = (Ticket) new_ticket.clone(); + isEncInSKey = true; + } else { + secondTicket = null; + isEncInSKey = false; + } + } + + /** + * Checks if this credential is expired + */ + public boolean isValid() { + boolean valid = true; + if (endtime.getTime() < System.currentTimeMillis()) { + valid = false; + } else if ((starttime.getTime() > System.currentTimeMillis()) + || ((starttime == null) && (authtime.getTime() > System.currentTimeMillis()))) { + valid = false; + } + return valid; + } + + public PrincipalName getServicePrincipal() throws RealmException { + if (sname.getRealm() == null) { + sname.setRealm(srealm); + } + return sname; + } + + public sun.security.krb5.Credentials setKrbCreds() { + return new sun.security.krb5.Credentials(ticket, + cname, sname, key, flags, authtime, starttime, endtime, renewTill, caddr); + } public KerberosTime getAuthTime() { return authtime; diff --git a/jdk/src/windows/native/sun/security/krb5/NativeCreds.c b/jdk/src/windows/native/sun/security/krb5/NativeCreds.c index 879dab47388..5d2365a415a 100644 --- a/jdk/src/windows/native/sun/security/krb5/NativeCreds.c +++ b/jdk/src/windows/native/sun/security/krb5/NativeCreds.c @@ -88,9 +88,9 @@ VOID ShowNTError(LPSTR,NTSTATUS); VOID InitUnicodeString( - PUNICODE_STRING DestinationString, + PUNICODE_STRING DestinationString, PCWSTR SourceString OPTIONAL - ); +); jobject BuildTicket(JNIEnv *env, PUCHAR encodedTicket, ULONG encodedTicketSize); @@ -108,215 +108,215 @@ jobject BuildKerberosTime(JNIEnv *env, PLARGE_INTEGER kerbtime); */ JNIEXPORT jint JNICALL JNI_OnLoad( - JavaVM *jvm, - void *reserved) { + JavaVM *jvm, + void *reserved) { - jclass cls; - JNIEnv *env; + jclass cls; + JNIEnv *env; - if ((*jvm)->GetEnv(jvm, (void **)&env, JNI_VERSION_1_2)) { - return JNI_EVERSION; /* JNI version not supported */ - } + if ((*jvm)->GetEnv(jvm, (void **)&env, JNI_VERSION_1_2)) { + return JNI_EVERSION; /* JNI version not supported */ + } - cls = (*env)->FindClass(env,"sun/security/krb5/internal/Ticket"); + cls = (*env)->FindClass(env,"sun/security/krb5/internal/Ticket"); - if (cls == NULL) { - printf("Couldn't find Ticket\n"); - return JNI_ERR; - } - #ifdef DEBUG - printf("Found Ticket\n"); - #endif /* DEBUG */ + if (cls == NULL) { + printf("Couldn't find Ticket\n"); + return JNI_ERR; + } + #ifdef DEBUG + printf("Found Ticket\n"); + #endif /* DEBUG */ - ticketClass = (*env)->NewWeakGlobalRef(env,cls); - if (ticketClass == NULL) { - return JNI_ERR; - } - #ifdef DEBUG - printf("Made NewWeakGlobalRef\n"); - #endif /* DEBUG */ + ticketClass = (*env)->NewWeakGlobalRef(env,cls); + if (ticketClass == NULL) { + return JNI_ERR; + } + #ifdef DEBUG + printf("Made NewWeakGlobalRef\n"); + #endif /* DEBUG */ - cls = (*env)->FindClass(env, "sun/security/krb5/PrincipalName"); + cls = (*env)->FindClass(env, "sun/security/krb5/PrincipalName"); - if (cls == NULL) { - printf("Couldn't find PrincipalName\n"); - return JNI_ERR; - } - #ifdef DEBUG - printf("Found PrincipalName\n"); - #endif /* DEBUG */ + if (cls == NULL) { + printf("Couldn't find PrincipalName\n"); + return JNI_ERR; + } + #ifdef DEBUG + printf("Found PrincipalName\n"); + #endif /* DEBUG */ - principalNameClass = (*env)->NewWeakGlobalRef(env,cls); - if (principalNameClass == NULL) { - return JNI_ERR; - } - #ifdef DEBUG - printf("Made NewWeakGlobalRef\n"); - #endif /* DEBUG */ + principalNameClass = (*env)->NewWeakGlobalRef(env,cls); + if (principalNameClass == NULL) { + return JNI_ERR; + } + #ifdef DEBUG + printf("Made NewWeakGlobalRef\n"); + #endif /* DEBUG */ - cls = (*env)->FindClass(env,"sun/security/util/DerValue"); + cls = (*env)->FindClass(env,"sun/security/util/DerValue"); - if (cls == NULL) { - printf("Couldn't find DerValue\n"); - return JNI_ERR; - } - #ifdef DEBUG - printf("Found DerValue\n"); - #endif /* DEBUG */ + if (cls == NULL) { + printf("Couldn't find DerValue\n"); + return JNI_ERR; + } + #ifdef DEBUG + printf("Found DerValue\n"); + #endif /* DEBUG */ - derValueClass = (*env)->NewWeakGlobalRef(env,cls); - if (derValueClass == NULL) { - return JNI_ERR; - } - #ifdef DEBUG - printf("Made NewWeakGlobalRef\n"); - #endif /* DEBUG */ + derValueClass = (*env)->NewWeakGlobalRef(env,cls); + if (derValueClass == NULL) { + return JNI_ERR; + } + #ifdef DEBUG + printf("Made NewWeakGlobalRef\n"); + #endif /* DEBUG */ - cls = (*env)->FindClass(env,"sun/security/krb5/EncryptionKey"); + cls = (*env)->FindClass(env,"sun/security/krb5/EncryptionKey"); - if (cls == NULL) { - printf("Couldn't find EncryptionKey\n"); - return JNI_ERR; - } - #ifdef DEBUG - printf("Found EncryptionKey\n"); - #endif /* DEBUG */ + if (cls == NULL) { + printf("Couldn't find EncryptionKey\n"); + return JNI_ERR; + } + #ifdef DEBUG + printf("Found EncryptionKey\n"); + #endif /* DEBUG */ - encryptionKeyClass = (*env)->NewWeakGlobalRef(env,cls); - if (encryptionKeyClass == NULL) { - return JNI_ERR; - } - #ifdef DEBUG - printf("Made NewWeakGlobalRef\n"); - #endif /* DEBUG */ + encryptionKeyClass = (*env)->NewWeakGlobalRef(env,cls); + if (encryptionKeyClass == NULL) { + return JNI_ERR; + } + #ifdef DEBUG + printf("Made NewWeakGlobalRef\n"); + #endif /* DEBUG */ - cls = (*env)->FindClass(env,"sun/security/krb5/internal/TicketFlags"); + cls = (*env)->FindClass(env,"sun/security/krb5/internal/TicketFlags"); - if (cls == NULL) { - printf("Couldn't find TicketFlags\n"); - return JNI_ERR; - } - #ifdef DEBUG - printf("Found TicketFlags\n"); - #endif /* DEBUG */ + if (cls == NULL) { + printf("Couldn't find TicketFlags\n"); + return JNI_ERR; + } + #ifdef DEBUG + printf("Found TicketFlags\n"); + #endif /* DEBUG */ - ticketFlagsClass = (*env)->NewWeakGlobalRef(env,cls); - if (ticketFlagsClass == NULL) { - return JNI_ERR; - } - #ifdef DEBUG - printf("Made NewWeakGlobalRef\n"); - #endif /* DEBUG */ + ticketFlagsClass = (*env)->NewWeakGlobalRef(env,cls); + if (ticketFlagsClass == NULL) { + return JNI_ERR; + } + #ifdef DEBUG + printf("Made NewWeakGlobalRef\n"); + #endif /* DEBUG */ - cls = (*env)->FindClass(env,"sun/security/krb5/internal/KerberosTime"); + cls = (*env)->FindClass(env,"sun/security/krb5/internal/KerberosTime"); - if (cls == NULL) { - printf("Couldn't find KerberosTime\n"); - return JNI_ERR; - } - #ifdef DEBUG - printf("Found KerberosTime\n"); - #endif /* DEBUG */ + if (cls == NULL) { + printf("Couldn't find KerberosTime\n"); + return JNI_ERR; + } + #ifdef DEBUG + printf("Found KerberosTime\n"); + #endif /* DEBUG */ - kerberosTimeClass = (*env)->NewWeakGlobalRef(env,cls); - if (kerberosTimeClass == NULL) { - return JNI_ERR; - } - #ifdef DEBUG - printf("Made NewWeakGlobalRef\n"); - #endif /* DEBUG */ + kerberosTimeClass = (*env)->NewWeakGlobalRef(env,cls); + if (kerberosTimeClass == NULL) { + return JNI_ERR; + } + #ifdef DEBUG + printf("Made NewWeakGlobalRef\n"); + #endif /* DEBUG */ - cls = (*env)->FindClass(env,"java/lang/String"); + cls = (*env)->FindClass(env,"java/lang/String"); - if (cls == NULL) { - printf("Couldn't find String\n"); - return JNI_ERR; - } - #ifdef DEBUG - printf("Found String\n"); - #endif /* DEBUG */ + if (cls == NULL) { + printf("Couldn't find String\n"); + return JNI_ERR; + } + #ifdef DEBUG + printf("Found String\n"); + #endif /* DEBUG */ - javaLangStringClass = (*env)->NewWeakGlobalRef(env,cls); - if (javaLangStringClass == NULL) { - return JNI_ERR; - } - #ifdef DEBUG - printf("Made NewWeakGlobalRef\n"); - #endif /* DEBUG */ + javaLangStringClass = (*env)->NewWeakGlobalRef(env,cls); + if (javaLangStringClass == NULL) { + return JNI_ERR; + } + #ifdef DEBUG + printf("Made NewWeakGlobalRef\n"); + #endif /* DEBUG */ - derValueConstructor = (*env)->GetMethodID(env, derValueClass, - "", "([B)V"); - if (derValueConstructor == 0) { - printf("Couldn't find DerValue constructor\n"); - return JNI_ERR; - } - #ifdef DEBUG - printf("Found DerValue constructor\n"); - #endif /* DEBUG */ + derValueConstructor = (*env)->GetMethodID(env, derValueClass, + "", "([B)V"); + if (derValueConstructor == 0) { + printf("Couldn't find DerValue constructor\n"); + return JNI_ERR; + } + #ifdef DEBUG + printf("Found DerValue constructor\n"); + #endif /* DEBUG */ - ticketConstructor = (*env)->GetMethodID(env, ticketClass, - "", "(Lsun/security/util/DerValue;)V"); - if (ticketConstructor == 0) { - printf("Couldn't find Ticket constructor\n"); - return JNI_ERR; - } - #ifdef DEBUG - printf("Found Ticket constructor\n"); - #endif /* DEBUG */ + ticketConstructor = (*env)->GetMethodID(env, ticketClass, + "", "(Lsun/security/util/DerValue;)V"); + if (ticketConstructor == 0) { + printf("Couldn't find Ticket constructor\n"); + return JNI_ERR; + } + #ifdef DEBUG + printf("Found Ticket constructor\n"); + #endif /* DEBUG */ - principalNameConstructor = (*env)->GetMethodID(env, principalNameClass, - "", "([Ljava/lang/String;)V"); - if (principalNameConstructor == 0) { - printf("Couldn't find PrincipalName constructor\n"); - return JNI_ERR; - } - #ifdef DEBUG - printf("Found PrincipalName constructor\n"); - #endif /* DEBUG */ + principalNameConstructor = (*env)->GetMethodID(env, principalNameClass, + "", "([Ljava/lang/String;)V"); + if (principalNameConstructor == 0) { + printf("Couldn't find PrincipalName constructor\n"); + return JNI_ERR; + } + #ifdef DEBUG + printf("Found PrincipalName constructor\n"); + #endif /* DEBUG */ - encryptionKeyConstructor = (*env)->GetMethodID(env, encryptionKeyClass, - "", "(I[B)V"); - if (encryptionKeyConstructor == 0) { - printf("Couldn't find EncryptionKey constructor\n"); - return JNI_ERR; - } - #ifdef DEBUG - printf("Found EncryptionKey constructor\n"); - #endif /* DEBUG */ + encryptionKeyConstructor = (*env)->GetMethodID(env, encryptionKeyClass, + "", "(I[B)V"); + if (encryptionKeyConstructor == 0) { + printf("Couldn't find EncryptionKey constructor\n"); + return JNI_ERR; + } + #ifdef DEBUG + printf("Found EncryptionKey constructor\n"); + #endif /* DEBUG */ - ticketFlagsConstructor = (*env)->GetMethodID(env, ticketFlagsClass, - "", "(I[B)V"); - if (ticketFlagsConstructor == 0) { - printf("Couldn't find TicketFlags constructor\n"); - return JNI_ERR; - } - #ifdef DEBUG - printf("Found TicketFlags constructor\n"); - #endif /* DEBUG */ + ticketFlagsConstructor = (*env)->GetMethodID(env, ticketFlagsClass, + "", "(I[B)V"); + if (ticketFlagsConstructor == 0) { + printf("Couldn't find TicketFlags constructor\n"); + return JNI_ERR; + } + #ifdef DEBUG + printf("Found TicketFlags constructor\n"); + #endif /* DEBUG */ - kerberosTimeConstructor = (*env)->GetMethodID(env, kerberosTimeClass, - "", "(Ljava/lang/String;)V"); - if (kerberosTimeConstructor == 0) { - printf("Couldn't find KerberosTime constructor\n"); - return JNI_ERR; - } - #ifdef DEBUG - printf("Found KerberosTime constructor\n"); - #endif /* DEBUG */ + kerberosTimeConstructor = (*env)->GetMethodID(env, kerberosTimeClass, + "", "(Ljava/lang/String;)V"); + if (kerberosTimeConstructor == 0) { + printf("Couldn't find KerberosTime constructor\n"); + return JNI_ERR; + } + #ifdef DEBUG + printf("Found KerberosTime constructor\n"); + #endif /* DEBUG */ - // load the setRealm method in PrincipalName - setRealmMethod = (*env)->GetMethodID(env, principalNameClass, - "setRealm", "(Ljava/lang/String;)V"); - if (setRealmMethod == 0) { - printf("Couldn't find setRealm in PrincipalName\n"); - return JNI_ERR; - } + // load the setRealm method in PrincipalName + setRealmMethod = (*env)->GetMethodID(env, principalNameClass, + "setRealm", "(Ljava/lang/String;)V"); + if (setRealmMethod == 0) { + printf("Couldn't find setRealm in PrincipalName\n"); + return JNI_ERR; + } - #ifdef DEBUG - printf("Finished OnLoad processing\n"); - #endif /* DEBUG */ + #ifdef DEBUG + printf("Finished OnLoad processing\n"); + #endif /* DEBUG */ - return JNI_VERSION_1_2; + return JNI_VERSION_1_2; } /* @@ -325,38 +325,38 @@ JNIEXPORT jint JNICALL JNI_OnLoad( */ JNIEXPORT void JNICALL JNI_OnUnload( - JavaVM *jvm, - void *reserved) { + JavaVM *jvm, + void *reserved) { - JNIEnv *env; + JNIEnv *env; - if ((*jvm)->GetEnv(jvm, (void **)&env, JNI_VERSION_1_2)) { - return; /* Nothing else we can do */ - } + if ((*jvm)->GetEnv(jvm, (void **)&env, JNI_VERSION_1_2)) { + return; /* Nothing else we can do */ + } - if (ticketClass != NULL) { - (*env)->DeleteWeakGlobalRef(env,ticketClass); - } - if (derValueClass != NULL) { - (*env)->DeleteWeakGlobalRef(env,derValueClass); - } - if (principalNameClass != NULL) { - (*env)->DeleteWeakGlobalRef(env,principalNameClass); - } - if (encryptionKeyClass != NULL) { - (*env)->DeleteWeakGlobalRef(env,encryptionKeyClass); - } - if (ticketFlagsClass != NULL) { - (*env)->DeleteWeakGlobalRef(env,ticketFlagsClass); - } - if (kerberosTimeClass != NULL) { - (*env)->DeleteWeakGlobalRef(env,kerberosTimeClass); - } - if (javaLangStringClass != NULL) { - (*env)->DeleteWeakGlobalRef(env,javaLangStringClass); - } + if (ticketClass != NULL) { + (*env)->DeleteWeakGlobalRef(env,ticketClass); + } + if (derValueClass != NULL) { + (*env)->DeleteWeakGlobalRef(env,derValueClass); + } + if (principalNameClass != NULL) { + (*env)->DeleteWeakGlobalRef(env,principalNameClass); + } + if (encryptionKeyClass != NULL) { + (*env)->DeleteWeakGlobalRef(env,encryptionKeyClass); + } + if (ticketFlagsClass != NULL) { + (*env)->DeleteWeakGlobalRef(env,ticketFlagsClass); + } + if (kerberosTimeClass != NULL) { + (*env)->DeleteWeakGlobalRef(env,kerberosTimeClass); + } + if (javaLangStringClass != NULL) { + (*env)->DeleteWeakGlobalRef(env,javaLangStringClass); + } - return; + return; } /* @@ -365,31 +365,31 @@ JNIEXPORT void JNICALL JNI_OnUnload( * Signature: ()Lsun/security/krb5/Credentials; */ JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativeCreds( - JNIEnv *env, - jclass krbcredsClass) { + JNIEnv *env, + jclass krbcredsClass) { - KERB_QUERY_TKT_CACHE_REQUEST CacheRequest; - PKERB_RETRIEVE_TKT_RESPONSE TktCacheResponse = NULL; - PKERB_RETRIEVE_TKT_REQUEST pTicketRequest = NULL; - PKERB_RETRIEVE_TKT_RESPONSE pTicketResponse = NULL; - NTSTATUS Status, SubStatus; - ULONG requestSize = 0; - ULONG responseSize = 0; - ULONG rspSize = 0; - HANDLE LogonHandle = NULL; - ULONG PackageId; - jobject ticket, clientPrincipal, targetPrincipal, encryptionKey; - jobject ticketFlags, startTime, endTime, krbCreds = NULL; - jobject authTime, renewTillTime, hostAddresses = NULL; - KERB_EXTERNAL_TICKET *msticket; - int ignore_cache = 0; - FILETIME Now, EndTime, LocalEndTime; + KERB_QUERY_TKT_CACHE_REQUEST CacheRequest; + PKERB_RETRIEVE_TKT_RESPONSE TktCacheResponse = NULL; + PKERB_RETRIEVE_TKT_REQUEST pTicketRequest = NULL; + PKERB_RETRIEVE_TKT_RESPONSE pTicketResponse = NULL; + NTSTATUS Status, SubStatus; + ULONG requestSize = 0; + ULONG responseSize = 0; + ULONG rspSize = 0; + HANDLE LogonHandle = NULL; + ULONG PackageId; + jobject ticket, clientPrincipal, targetPrincipal, encryptionKey; + jobject ticketFlags, startTime, endTime, krbCreds = NULL; + jobject authTime, renewTillTime, hostAddresses = NULL; + KERB_EXTERNAL_TICKET *msticket; + int ignore_cache = 0; + FILETIME Now, EndTime, LocalEndTime; - while (TRUE) { + while (TRUE) { if (krbcredsConstructor == 0) { - krbcredsConstructor = (*env)->GetMethodID(env, krbcredsClass, "", - "(Lsun/security/krb5/internal/Ticket;Lsun/security/krb5/PrincipalName;Lsun/security/krb5/PrincipalName;Lsun/security/krb5/EncryptionKey;Lsun/security/krb5/internal/TicketFlags;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/HostAddresses;)V"); + krbcredsConstructor = (*env)->GetMethodID(env, krbcredsClass, "", + "(Lsun/security/krb5/internal/Ticket;Lsun/security/krb5/PrincipalName;Lsun/security/krb5/PrincipalName;Lsun/security/krb5/EncryptionKey;Lsun/security/krb5/internal/TicketFlags;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/KerberosTime;Lsun/security/krb5/internal/HostAddresses;)V"); if (krbcredsConstructor == 0) { printf("Couldn't find sun.security.krb5.Credentials constructor\n"); break; @@ -510,88 +510,88 @@ JNIEXPORT jobject JNICALL Java_sun_security_krb5_Credentials_acquireDefaultNativ msticket = &(pTicketResponse->Ticket); } -/* + /* -typedef struct _KERB_RETRIEVE_TKT_RESPONSE { - KERB_EXTERNAL_TICKET Ticket; -} KERB_RETRIEVE_TKT_RESPONSE, *PKERB_RETRIEVE_TKT_RESPONSE; + typedef struct _KERB_RETRIEVE_TKT_RESPONSE { + KERB_EXTERNAL_TICKET Ticket; + } KERB_RETRIEVE_TKT_RESPONSE, *PKERB_RETRIEVE_TKT_RESPONSE; -typedef struct _KERB_EXTERNAL_TICKET { - PKERB_EXTERNAL_NAME ServiceName; - PKERB_EXTERNAL_NAME TargetName; - PKERB_EXTERNAL_NAME ClientName; - UNICODE_STRING DomainName; - UNICODE_STRING TargetDomainName; - UNICODE_STRING AltTargetDomainName; - KERB_CRYPTO_KEY SessionKey; - ULONG TicketFlags; - ULONG Flags; - LARGE_INTEGER KeyExpirationTime; - LARGE_INTEGER StartTime; - LARGE_INTEGER EndTime; - LARGE_INTEGER RenewUntil; - LARGE_INTEGER TimeSkew; - ULONG EncodedTicketSize; - PUCHAR EncodedTicket; <========== Here's the good stuff -} KERB_EXTERNAL_TICKET, *PKERB_EXTERNAL_TICKET; + typedef struct _KERB_EXTERNAL_TICKET { + PKERB_EXTERNAL_NAME ServiceName; + PKERB_EXTERNAL_NAME TargetName; + PKERB_EXTERNAL_NAME ClientName; + UNICODE_STRING DomainName; + UNICODE_STRING TargetDomainName; + UNICODE_STRING AltTargetDomainName; + KERB_CRYPTO_KEY SessionKey; + ULONG TicketFlags; + ULONG Flags; + LARGE_INTEGER KeyExpirationTime; + LARGE_INTEGER StartTime; + LARGE_INTEGER EndTime; + LARGE_INTEGER RenewUntil; + LARGE_INTEGER TimeSkew; + ULONG EncodedTicketSize; + PUCHAR EncodedTicket; <========== Here's the good stuff + } KERB_EXTERNAL_TICKET, *PKERB_EXTERNAL_TICKET; -typedef struct _KERB_EXTERNAL_NAME { - SHORT NameType; - USHORT NameCount; - UNICODE_STRING Names[ANYSIZE_ARRAY]; -} KERB_EXTERNAL_NAME, *PKERB_EXTERNAL_NAME; + typedef struct _KERB_EXTERNAL_NAME { + SHORT NameType; + USHORT NameCount; + UNICODE_STRING Names[ANYSIZE_ARRAY]; + } KERB_EXTERNAL_NAME, *PKERB_EXTERNAL_NAME; -typedef struct _LSA_UNICODE_STRING { - USHORT Length; - USHORT MaximumLength; - PWSTR Buffer; -} LSA_UNICODE_STRING, *PLSA_UNICODE_STRING; + typedef struct _LSA_UNICODE_STRING { + USHORT Length; + USHORT MaximumLength; + PWSTR Buffer; + } LSA_UNICODE_STRING, *PLSA_UNICODE_STRING; -typedef LSA_UNICODE_STRING UNICODE_STRING, *PUNICODE_STRING; + typedef LSA_UNICODE_STRING UNICODE_STRING, *PUNICODE_STRING; -typedef struct KERB_CRYPTO_KEY { - LONG KeyType; - ULONG Length; - PUCHAR Value; -} KERB_CRYPTO_KEY, *PKERB_CRYPTO_KEY; + typedef struct KERB_CRYPTO_KEY { + LONG KeyType; + ULONG Length; + PUCHAR Value; + } KERB_CRYPTO_KEY, *PKERB_CRYPTO_KEY; -*/ + */ // Build a com.sun.security.krb5.Ticket ticket = BuildTicket(env, msticket->EncodedTicket, msticket->EncodedTicketSize); if (ticket == NULL) { - break; + break; } // OK, have a Ticket, now need to get the client name clientPrincipal = BuildPrincipal(env, msticket->ClientName, msticket->TargetDomainName); // mdu if (clientPrincipal == NULL) { - break; + break; } // and the "name" of tgt targetPrincipal = BuildPrincipal(env, msticket->ServiceName, msticket->DomainName); if (targetPrincipal == NULL) { - break; + break; } // Get the encryption key encryptionKey = BuildEncryptionKey(env, &(msticket->SessionKey)); if (encryptionKey == NULL) { - break; + break; } // and the ticket flags ticketFlags = BuildTicketFlags(env, &(msticket->TicketFlags)); if (ticketFlags == NULL) { - break; + break; } // Get the start time startTime = BuildKerberosTime(env, &(msticket->StartTime)); if (startTime == NULL) { - break; + break; } /* @@ -604,13 +604,13 @@ typedef struct KERB_CRYPTO_KEY { // and the end time endTime = BuildKerberosTime(env, &(msticket->EndTime)); if (endTime == NULL) { - break; + break; } // Get the renew till time renewTillTime = BuildKerberosTime(env, &(msticket->RenewUntil)); if (renewTillTime == NULL) { - break; + break; } // and now go build a KrbCreds object @@ -630,87 +630,87 @@ typedef struct KERB_CRYPTO_KEY { hostAddresses); break; - } // end of WHILE + } // end of WHILE - // clean up resources - if (TktCacheResponse != NULL) { - LsaFreeReturnBuffer(TktCacheResponse); - } - if (pTicketRequest) { - LocalFree(pTicketRequest); - } - if (pTicketResponse != NULL) { - LsaFreeReturnBuffer(pTicketResponse); - } + // clean up resources + if (TktCacheResponse != NULL) { + LsaFreeReturnBuffer(TktCacheResponse); + } + if (pTicketRequest) { + LocalFree(pTicketRequest); + } + if (pTicketResponse != NULL) { + LsaFreeReturnBuffer(pTicketResponse); + } - return krbCreds; + return krbCreds; } static NTSTATUS ConstructTicketRequest(UNICODE_STRING DomainName, PKERB_RETRIEVE_TKT_REQUEST *outRequest, ULONG *outSize) { - NTSTATUS Status; - UNICODE_STRING TargetPrefix; - USHORT TargetSize; - ULONG RequestSize; - ULONG Length; - PKERB_RETRIEVE_TKT_REQUEST pTicketRequest = NULL; + NTSTATUS Status; + UNICODE_STRING TargetPrefix; + USHORT TargetSize; + ULONG RequestSize; + ULONG Length; + PKERB_RETRIEVE_TKT_REQUEST pTicketRequest = NULL; - *outRequest = NULL; - *outSize = 0; + *outRequest = NULL; + *outSize = 0; - // - // Set up the "krbtgt/" target prefix into a UNICODE_STRING so we - // can easily concatenate it later. - // + // + // Set up the "krbtgt/" target prefix into a UNICODE_STRING so we + // can easily concatenate it later. + // - TargetPrefix.Buffer = L"krbtgt/"; - Length = (ULONG)wcslen(TargetPrefix.Buffer) * sizeof(WCHAR); - TargetPrefix.Length = (USHORT)Length; - TargetPrefix.MaximumLength = TargetPrefix.Length; + TargetPrefix.Buffer = L"krbtgt/"; + Length = (ULONG)wcslen(TargetPrefix.Buffer) * sizeof(WCHAR); + TargetPrefix.Length = (USHORT)Length; + TargetPrefix.MaximumLength = TargetPrefix.Length; - // - // We will need to concatenate the "krbtgt/" prefix and the - // Logon Session's DnsDomainName into our request's target name. - // - // Therefore, first compute the necessary buffer size for that. - // - // Note that we might theoretically have integer overflow. - // + // + // We will need to concatenate the "krbtgt/" prefix and the + // Logon Session's DnsDomainName into our request's target name. + // + // Therefore, first compute the necessary buffer size for that. + // + // Note that we might theoretically have integer overflow. + // - TargetSize = TargetPrefix.Length + DomainName.Length; + TargetSize = TargetPrefix.Length + DomainName.Length; - // - // The ticket request buffer needs to be a single buffer. That buffer - // needs to include the buffer for the target name. - // + // + // The ticket request buffer needs to be a single buffer. That buffer + // needs to include the buffer for the target name. + // - RequestSize = sizeof (*pTicketRequest) + TargetSize; + RequestSize = sizeof (*pTicketRequest) + TargetSize; - // - // Allocate the request buffer and make sure it's zero-filled. - // + // + // Allocate the request buffer and make sure it's zero-filled. + // - pTicketRequest = (PKERB_RETRIEVE_TKT_REQUEST) - LocalAlloc(LMEM_ZEROINIT, RequestSize); - if (!pTicketRequest) - return GetLastError(); + pTicketRequest = (PKERB_RETRIEVE_TKT_REQUEST) + LocalAlloc(LMEM_ZEROINIT, RequestSize); + if (!pTicketRequest) + return GetLastError(); - // - // Concatenate the target prefix with the previous reponse's - // target domain. - // + // + // Concatenate the target prefix with the previous reponse's + // target domain. + // - pTicketRequest->TargetName.Length = 0; - pTicketRequest->TargetName.MaximumLength = TargetSize; - pTicketRequest->TargetName.Buffer = (PWSTR) (pTicketRequest + 1); - Status = ConcatenateUnicodeStrings(&(pTicketRequest->TargetName), - TargetPrefix, - DomainName); - *outRequest = pTicketRequest; - *outSize = RequestSize; - return Status; + pTicketRequest->TargetName.Length = 0; + pTicketRequest->TargetName.MaximumLength = TargetSize; + pTicketRequest->TargetName.Buffer = (PWSTR) (pTicketRequest + 1); + Status = ConcatenateUnicodeStrings(&(pTicketRequest->TargetName), + TargetPrefix, + DomainName); + *outRequest = pTicketRequest; + *outSize = RequestSize; + return Status; } DWORD @@ -720,22 +720,22 @@ ConcatenateUnicodeStrings( UNICODE_STRING Source2 ) { - // - // The buffers for Source1 and Source2 cannot overlap pTarget's - // buffer. Source1.Length + Source2.Length must be <= 0xFFFF, - // otherwise we overflow... - // + // + // The buffers for Source1 and Source2 cannot overlap pTarget's + // buffer. Source1.Length + Source2.Length must be <= 0xFFFF, + // otherwise we overflow... + // - USHORT TotalSize = Source1.Length + Source2.Length; - PBYTE buffer = (PBYTE) pTarget->Buffer; + USHORT TotalSize = Source1.Length + Source2.Length; + PBYTE buffer = (PBYTE) pTarget->Buffer; - if (TotalSize > pTarget->MaximumLength) - return ERROR_INSUFFICIENT_BUFFER; + if (TotalSize > pTarget->MaximumLength) + return ERROR_INSUFFICIENT_BUFFER; - pTarget->Length = TotalSize; - memcpy(buffer, Source1.Buffer, Source1.Length); - memcpy(buffer + Source1.Length, Source2.Buffer, Source2.Length); - return ERROR_SUCCESS; + pTarget->Length = TotalSize; + memcpy(buffer, Source1.Buffer, Source1.Length); + memcpy(buffer + Source1.Length, Source2.Buffer, Source2.Length); + return ERROR_SUCCESS; } BOOL @@ -783,27 +783,27 @@ ShowLastError( DWORD dwError ) { - #define MAX_MSG_SIZE 256 + #define MAX_MSG_SIZE 256 - static WCHAR szMsgBuf[MAX_MSG_SIZE]; - DWORD dwRes; + static WCHAR szMsgBuf[MAX_MSG_SIZE]; + DWORD dwRes; - printf("Error calling function %s: %lu\n", szAPI, dwError); + printf("Error calling function %s: %lu\n", szAPI, dwError); - dwRes = FormatMessage ( - FORMAT_MESSAGE_FROM_SYSTEM, - NULL, - dwError, - 0, - szMsgBuf, - MAX_MSG_SIZE, - NULL); - if (0 == dwRes) { - printf("FormatMessage failed with %d\n", GetLastError()); - // ExitProcess(EXIT_FAILURE); - } else { - printf("%S",szMsgBuf); - } + dwRes = FormatMessage ( + FORMAT_MESSAGE_FROM_SYSTEM, + NULL, + dwError, + 0, + szMsgBuf, + MAX_MSG_SIZE, + NULL); + if (0 == dwRes) { + printf("FormatMessage failed with %d\n", GetLastError()); + // ExitProcess(EXIT_FAILURE); + } else { + printf("%S",szMsgBuf); + } } VOID @@ -831,189 +831,189 @@ InitUnicodeString( Length = (ULONG)wcslen( SourceString ) * sizeof( WCHAR ); DestinationString->Length = (USHORT)Length; DestinationString->MaximumLength = (USHORT)(Length + sizeof(UNICODE_NULL)); - } + } else { DestinationString->MaximumLength = 0; DestinationString->Length = 0; - } + } } jobject BuildTicket(JNIEnv *env, PUCHAR encodedTicket, ULONG encodedTicketSize) { - /* To build a Ticket, we first need to build a DerValue out of the EncodedTicket. - * But before we can do that, we need to make a byte array out of the ET. - */ + /* To build a Ticket, we first need to build a DerValue out of the EncodedTicket. + * But before we can do that, we need to make a byte array out of the ET. + */ - jobject derValue, ticket; - jbyteArray ary; + jobject derValue, ticket; + jbyteArray ary; - ary = (*env)->NewByteArray(env,encodedTicketSize); - if ((*env)->ExceptionOccurred(env)) { - return (jobject) NULL; - } - - (*env)->SetByteArrayRegion(env, ary, (jsize) 0, encodedTicketSize, - (jbyte *)encodedTicket); - if ((*env)->ExceptionOccurred(env)) { - (*env)->DeleteLocalRef(env, ary); - return (jobject) NULL; - } - - derValue = (*env)->NewObject(env, derValueClass, derValueConstructor, ary); - if ((*env)->ExceptionOccurred(env)) { - (*env)->DeleteLocalRef(env, ary); - return (jobject) NULL; - } + ary = (*env)->NewByteArray(env,encodedTicketSize); + if ((*env)->ExceptionOccurred(env)) { + return (jobject) NULL; + } + (*env)->SetByteArrayRegion(env, ary, (jsize) 0, encodedTicketSize, + (jbyte *)encodedTicket); + if ((*env)->ExceptionOccurred(env)) { (*env)->DeleteLocalRef(env, ary); - ticket = (*env)->NewObject(env, ticketClass, ticketConstructor, derValue); - if ((*env)->ExceptionOccurred(env)) { - (*env)->DeleteLocalRef(env, derValue); - return (jobject) NULL; - } + return (jobject) NULL; + } + + derValue = (*env)->NewObject(env, derValueClass, derValueConstructor, ary); + if ((*env)->ExceptionOccurred(env)) { + (*env)->DeleteLocalRef(env, ary); + return (jobject) NULL; + } + + (*env)->DeleteLocalRef(env, ary); + ticket = (*env)->NewObject(env, ticketClass, ticketConstructor, derValue); + if ((*env)->ExceptionOccurred(env)) { (*env)->DeleteLocalRef(env, derValue); - return ticket; + return (jobject) NULL; + } + (*env)->DeleteLocalRef(env, derValue); + return ticket; } // mdu jobject BuildPrincipal(JNIEnv *env, PKERB_EXTERNAL_NAME principalName, UNICODE_STRING domainName) { - /* - * To build the Principal, we need to get the names out of - * this goofy MS structure - */ - jobject principal = NULL; - jobject realmStr = NULL; - jobjectArray stringArray; - jstring tempString; - int nameCount,i; - PUNICODE_STRING scanner; - WCHAR *realm; - ULONG realmLen; + /* + * To build the Principal, we need to get the names out of + * this goofy MS structure + */ + jobject principal = NULL; + jobject realmStr = NULL; + jobjectArray stringArray; + jstring tempString; + int nameCount,i; + PUNICODE_STRING scanner; + WCHAR *realm; + ULONG realmLen; - realm = (WCHAR *) LocalAlloc(LMEM_ZEROINIT, - ((domainName.Length)*sizeof(WCHAR) + sizeof(UNICODE_NULL))); - wcsncpy(realm, domainName.Buffer, domainName.Length/sizeof(WCHAR)); + realm = (WCHAR *) LocalAlloc(LMEM_ZEROINIT, + ((domainName.Length)*sizeof(WCHAR) + sizeof(UNICODE_NULL))); + wcsncpy(realm, domainName.Buffer, domainName.Length/sizeof(WCHAR)); - #ifdef DEBUG - printf("Principal domain is %S\n", realm); - printf("Name type is %x\n", principalName->NameType); - printf("Name count is %x\n", principalName->NameCount); - #endif + #ifdef DEBUG + printf("Principal domain is %S\n", realm); + printf("Name type is %x\n", principalName->NameType); + printf("Name count is %x\n", principalName->NameCount); + #endif - nameCount = principalName->NameCount; - stringArray = (*env)->NewObjectArray(env, nameCount, - javaLangStringClass, NULL); - if (stringArray == NULL) { - printf("Can't allocate String array for Principal\n"); - LocalFree(realm); - return principal; - } - - for (i=0; iNames[i]); - - // OK, got a Char array, so construct a String - tempString = (*env)->NewString(env, (const jchar*)scanner->Buffer, - scanner->Length/sizeof(WCHAR)); - // Set the String into the StringArray - (*env)->SetObjectArrayElement(env, stringArray, i, tempString); - - // Do I have to worry about storage reclamation here? - } - principal = (*env)->NewObject(env, principalNameClass, - principalNameConstructor, stringArray); - - // now set the realm in the principal - realmLen = (ULONG)wcslen((PWCHAR)realm); - realmStr = (*env)->NewString(env, (PWCHAR)realm, (USHORT)realmLen); - (*env)->CallVoidMethod(env, principal, setRealmMethod, realmStr); - - // free local resources + nameCount = principalName->NameCount; + stringArray = (*env)->NewObjectArray(env, nameCount, + javaLangStringClass, NULL); + if (stringArray == NULL) { + printf("Can't allocate String array for Principal\n"); LocalFree(realm); - return principal; + } + + for (i=0; iNames[i]); + + // OK, got a Char array, so construct a String + tempString = (*env)->NewString(env, (const jchar*)scanner->Buffer, + scanner->Length/sizeof(WCHAR)); + // Set the String into the StringArray + (*env)->SetObjectArrayElement(env, stringArray, i, tempString); + + // Do I have to worry about storage reclamation here? + } + principal = (*env)->NewObject(env, principalNameClass, + principalNameConstructor, stringArray); + + // now set the realm in the principal + realmLen = (ULONG)wcslen((PWCHAR)realm); + realmStr = (*env)->NewString(env, (PWCHAR)realm, (USHORT)realmLen); + (*env)->CallVoidMethod(env, principal, setRealmMethod, realmStr); + + // free local resources + LocalFree(realm); + + return principal; } jobject BuildEncryptionKey(JNIEnv *env, PKERB_CRYPTO_KEY cryptoKey) { - // First, need to build a byte array - jbyteArray ary; - jobject encryptionKey = NULL; + // First, need to build a byte array + jbyteArray ary; + jobject encryptionKey = NULL; - ary = (*env)->NewByteArray(env,cryptoKey->Length); - (*env)->SetByteArrayRegion(env, ary, (jsize) 0, cryptoKey->Length, - (jbyte *)cryptoKey->Value); - if ((*env)->ExceptionOccurred(env)) { - (*env)->DeleteLocalRef(env, ary); - } else { - encryptionKey = (*env)->NewObject(env, encryptionKeyClass, - encryptionKeyConstructor, cryptoKey->KeyType, ary); - } + ary = (*env)->NewByteArray(env,cryptoKey->Length); + (*env)->SetByteArrayRegion(env, ary, (jsize) 0, cryptoKey->Length, + (jbyte *)cryptoKey->Value); + if ((*env)->ExceptionOccurred(env)) { + (*env)->DeleteLocalRef(env, ary); + } else { + encryptionKey = (*env)->NewObject(env, encryptionKeyClass, + encryptionKeyConstructor, cryptoKey->KeyType, ary); + } - return encryptionKey; + return encryptionKey; } jobject BuildTicketFlags(JNIEnv *env, PULONG flags) { - jobject ticketFlags = NULL; - jbyteArray ary; - /* - * mdu: Convert the bytes to nework byte order before copying - * them to a Java byte array. - */ - ULONG nlflags = htonl(*flags); + jobject ticketFlags = NULL; + jbyteArray ary; + /* + * mdu: Convert the bytes to nework byte order before copying + * them to a Java byte array. + */ + ULONG nlflags = htonl(*flags); - ary = (*env)->NewByteArray(env, sizeof(*flags)); - (*env)->SetByteArrayRegion(env, ary, (jsize) 0, sizeof(*flags), - (jbyte *)&nlflags); - if ((*env)->ExceptionOccurred(env)) { - (*env)->DeleteLocalRef(env, ary); - } else { - ticketFlags = (*env)->NewObject(env, ticketFlagsClass, - ticketFlagsConstructor, sizeof(*flags)*8, ary); - } + ary = (*env)->NewByteArray(env, sizeof(*flags)); + (*env)->SetByteArrayRegion(env, ary, (jsize) 0, sizeof(*flags), + (jbyte *)&nlflags); + if ((*env)->ExceptionOccurred(env)) { + (*env)->DeleteLocalRef(env, ary); + } else { + ticketFlags = (*env)->NewObject(env, ticketFlagsClass, + ticketFlagsConstructor, sizeof(*flags)*8, ary); + } - return ticketFlags; + return ticketFlags; } jobject BuildKerberosTime(JNIEnv *env, PLARGE_INTEGER kerbtime) { - jobject kerberosTime = NULL; - jstring stringTime = NULL; - SYSTEMTIME systemTime; - WCHAR timeString[16]; - WCHAR month[3]; - WCHAR day[3]; - WCHAR hour[3]; - WCHAR minute[3]; - WCHAR second[3]; + jobject kerberosTime = NULL; + jstring stringTime = NULL; + SYSTEMTIME systemTime; + WCHAR timeString[16]; + WCHAR month[3]; + WCHAR day[3]; + WCHAR hour[3]; + WCHAR minute[3]; + WCHAR second[3]; - if (FileTimeToSystemTime((FILETIME *)kerbtime, &systemTime)) { -// XXX Cannot use %02.2ld, because the leading 0 is ignored for integers. -// So, print them to strings, and then print them to the master string with a -// format pattern that makes it two digits and prefix with a 0 if necessary. - swprintf( (wchar_t *)month, L"%2.2d", systemTime.wMonth); - swprintf( (wchar_t *)day, L"%2.2d", systemTime.wDay); - swprintf( (wchar_t *)hour, L"%2.2d", systemTime.wHour); - swprintf( (wchar_t *)minute, L"%2.2d", systemTime.wMinute); - swprintf( (wchar_t *)second, L"%2.2d", systemTime.wSecond); - swprintf( (wchar_t *)timeString, - L"%ld%02.2s%02.2s%02.2s%02.2s%02.2sZ", + if (FileTimeToSystemTime((FILETIME *)kerbtime, &systemTime)) { + // XXX Cannot use %02.2ld, because the leading 0 is ignored for integers. + // So, print them to strings, and then print them to the master string with a + // format pattern that makes it two digits and prefix with a 0 if necessary. + swprintf( (wchar_t *)month, L"%2.2d", systemTime.wMonth); + swprintf( (wchar_t *)day, L"%2.2d", systemTime.wDay); + swprintf( (wchar_t *)hour, L"%2.2d", systemTime.wHour); + swprintf( (wchar_t *)minute, L"%2.2d", systemTime.wMinute); + swprintf( (wchar_t *)second, L"%2.2d", systemTime.wSecond); + swprintf( (wchar_t *)timeString, + L"%ld%02.2s%02.2s%02.2s%02.2s%02.2sZ", systemTime.wYear, month, day, hour, minute, second ); - #ifdef DEBUG - printf("%S\n", (wchar_t *)timeString); - #endif /* DEBUG */ - stringTime = (*env)->NewString(env, timeString, - (sizeof(timeString)/sizeof(WCHAR))-1); - if (stringTime != NULL) { // everything's OK so far - kerberosTime = (*env)->NewObject(env, kerberosTimeClass, - kerberosTimeConstructor, stringTime); - } + #ifdef DEBUG + printf("%S\n", (wchar_t *)timeString); + #endif /* DEBUG */ + stringTime = (*env)->NewString(env, timeString, + (sizeof(timeString)/sizeof(WCHAR))-1); + if (stringTime != NULL) { // everything's OK so far + kerberosTime = (*env)->NewObject(env, kerberosTimeClass, + kerberosTimeConstructor, stringTime); } - return kerberosTime; + } + return kerberosTime; }