/* */ private static void checkPermittedEType(int paramInt) /* */ throws KrbException
/* */ {
/* 497 */ int[] arrayOfInt = EType.getDefaults("permitted_enctypes");
/* 498 */ if (arrayOfInt == null) {
/* 499 */ throw new KrbException(
"No supported encryption types listed in permitted_enctypes");
/* */ }
/* */
/* 502 */ if (!EType.isSupported(paramInt, arrayOfInt))
/* 503 */ throw new KrbException(
EType.toString(paramInt) + " encryption type not in permitted_enctypes list");
/* */ }
/* */ public boolean findServiceEntry(PrincipalName paramPrincipalName) /* */ {
/* 349 */ for (int i = 0; i < this.entries.size(); i++) {
/* 350 */ KeyTabEntry localKeyTabEntry = (KeyTabEntry) this.entries.elementAt(i);
/* 351 */ if (localKeyTabEntry.service.match(paramPrincipalName)) {
/* 352 */ if (EType.isSupported(localKeyTabEntry.keyType)) /* 353 */ return true;
/* 354 */ if (DEBUG) {
/* 355 */ System.out.println(
"Found unsupported keytype ("
+ localKeyTabEntry.keyType
+ ") for "
+ paramPrincipalName);
/* */ }
/* */ }
/* */ }
/* */
/* 360 */ return false;
/* */ }
/* */ private void authenticate(
EncryptionKey[] paramArrayOfEncryptionKey, InetAddress paramInetAddress)
throws KrbException, IOException
/* */ {
/* 268 */ int i = this.apReqMessg.ticket.encPart.getEType();
/* 269 */ Integer localInteger = this.apReqMessg.ticket.encPart.getKeyVersionNumber();
/* 270 */ EncryptionKey localEncryptionKey =
EncryptionKey.findKey(i, localInteger, paramArrayOfEncryptionKey);
/* */
/* 272 */ if (localEncryptionKey == null) {
/* 273 */ throw new KrbException(
400, "Cannot find key of appropriate type to decrypt AP REP - " + EType.toString(i));
/* */ }
/* */
/* 278 */ byte[] arrayOfByte1 = this.apReqMessg.ticket.encPart.decrypt(localEncryptionKey, 2);
/* */
/* 280 */ byte[] arrayOfByte2 = this.apReqMessg.ticket.encPart.reset(arrayOfByte1);
/* 281 */ EncTicketPart localEncTicketPart = new EncTicketPart(arrayOfByte2);
/* */
/* 283 */ checkPermittedEType(localEncTicketPart.key.getEType());
/* */
/* 285 */ byte[] arrayOfByte3 =
this.apReqMessg.authenticator.decrypt(localEncTicketPart.key, 11);
/* */
/* 287 */ byte[] arrayOfByte4 = this.apReqMessg.authenticator.reset(arrayOfByte3);
/* 288 */ this.authenticator = new Authenticator(arrayOfByte4);
/* 289 */ this.ctime = this.authenticator.ctime;
/* 290 */ this.cusec = this.authenticator.cusec;
/* 291 */ this.authenticator.ctime.setMicroSeconds(this.authenticator.cusec);
/* 292 */ this.authenticator.cname.setRealm(this.authenticator.crealm);
/* 293 */ this.apReqMessg.ticket.sname.setRealm(this.apReqMessg.ticket.realm);
/* 294 */ localEncTicketPart.cname.setRealm(localEncTicketPart.crealm);
/* */
/* 296 */ if (!this.authenticator.cname.equals(localEncTicketPart.cname)) {
/* 297 */ throw new KrbApErrException(36);
/* */ }
/* 299 */ KerberosTime localKerberosTime = new KerberosTime(true);
/* 300 */ if (!this.authenticator.ctime.inClockSkew(localKerberosTime)) {
/* 301 */ throw new KrbApErrException(37);
/* */ }
/* */
/* 304 */ AuthTime localAuthTime =
new AuthTime(this.authenticator.ctime.getTime(), this.authenticator.cusec);
/* */
/* 306 */ String str = this.authenticator.cname.toString();
/* 307 */ if (table.get(localAuthTime, this.authenticator.cname.toString()) != null) {
/* 308 */ throw new KrbApErrException(34);
/* */ }
/* 310 */ table.put(str, localAuthTime, localKerberosTime.getTime());
/* */
/* 313 */ if (paramInetAddress != null)
/* */ {
/* 315 */ localObject = new HostAddress(paramInetAddress);
/* 316 */ if ((localEncTicketPart.caddr != null)
&& (!localEncTicketPart.caddr.inList((HostAddress) localObject)))
/* */ {
/* 318 */ if (DEBUG) {
/* 319 */ System.out.println(
">>> KrbApReq: initiator is "
+ ((HostAddress) localObject).getInetAddress()
+ ", but caddr is "
+ Arrays.toString(localEncTicketPart.caddr.getInetAddresses()));
/* */ }
/* */
/* 325 */ throw new KrbApErrException(38);
/* */ }
/* */
/* */ }
/* */
/* 335 */ Object localObject = new KerberosTime(true);
/* */
/* 337 */ if (((localEncTicketPart.starttime != null)
&& (localEncTicketPart.starttime.greaterThanWRTClockSkew((KerberosTime) localObject)))
|| (localEncTicketPart.flags.get(7)))
/* */ {
/* 340 */ throw new KrbApErrException(33);
/* */ }
/* */
/* 344 */ if ((localEncTicketPart.endtime != null)
&& (((KerberosTime) localObject).greaterThanWRTClockSkew(localEncTicketPart.endtime)))
/* */ {
/* 346 */ throw new KrbApErrException(32);
/* */ }
/* */
/* 349 */ this.creds =
new Credentials(
this.apReqMessg.ticket,
this.authenticator.cname,
this.apReqMessg.ticket.sname,
localEncTicketPart.key,
localEncTicketPart.flags,
localEncTicketPart.authtime,
localEncTicketPart.starttime,
localEncTicketPart.endtime,
localEncTicketPart.renewTill,
localEncTicketPart.caddr,
localEncTicketPart.authorizationData);
/* */
/* 361 */ if (DEBUG) /* 362 */ System.out.println(">>> KrbApReq: authenticate succeed.");
/* */ }
/* */ public EncryptionKey[] readServiceKeys(PrincipalName paramPrincipalName) /* */ {
/* 278 */ int i = this.entries.size();
/* 279 */ ArrayList localArrayList = new ArrayList(i);
/* 280 */ for (int j = i - 1; j >= 0; j--) {
/* 281 */ KeyTabEntry localKeyTabEntry = (KeyTabEntry) this.entries.elementAt(j);
/* 282 */ if (localKeyTabEntry.service.match(paramPrincipalName)) {
/* 283 */ if (EType.isSupported(localKeyTabEntry.keyType)) {
/* 284 */ EncryptionKey localEncryptionKey =
new EncryptionKey(
localKeyTabEntry.keyblock,
localKeyTabEntry.keyType,
new Integer(localKeyTabEntry.keyVersion));
/* */
/* 287 */ localArrayList.add(localEncryptionKey);
/* 288 */ if (DEBUG) {
/* 289 */ System.out.println(
"Added key: "
+ localKeyTabEntry.keyType
+ "version: "
+ localKeyTabEntry.keyVersion);
/* */ }
/* */ }
/* 292 */ else if (DEBUG) {
/* 293 */ System.out.println(
"Found unsupported keytype ("
+ localKeyTabEntry.keyType
+ ") for "
+ paramPrincipalName);
/* */ }
/* */ }
/* */ }
/* */
/* 298 */ i = localArrayList.size();
/* 299 */ EncryptionKey[] arrayOfEncryptionKey =
(EncryptionKey[]) localArrayList.toArray(new EncryptionKey[i]);
/* */
/* 302 */ if (DEBUG) {
/* 303 */ System.out.println("Ordering keys wrt default_tkt_enctypes list");
/* */ }
/* *//* 306 */ final int[] arrayOfInt = EType.getDefaults("default_tkt_enctypes");
/* */
/* 311 */ Arrays.sort(
arrayOfEncryptionKey,
new Comparator()
/* */ {
/* */ public int compare(
EncryptionKey paramAnonymousEncryptionKey1,
EncryptionKey paramAnonymousEncryptionKey2) {
/* 314 */ if (arrayOfInt != null) {
/* 315 */ int i = paramAnonymousEncryptionKey1.getEType();
/* 316 */ int j = paramAnonymousEncryptionKey2.getEType();
/* 317 */ if (i != j) {
/* 318 */ for (int k = 0; k < arrayOfInt.length; k++) {
/* 319 */ if (arrayOfInt[k] == i) /* 320 */ return -1;
/* 321 */ if (arrayOfInt[k] == j) {
/* 322 */ return 1;
/* */ }
/* */ }
/* */
/* */ }
/* */
/* */ }
/* */
/* 330 */ return paramAnonymousEncryptionKey2.getKeyVersionNumber().intValue()
- paramAnonymousEncryptionKey1.getKeyVersionNumber().intValue();
/* */ }
/* */ });
/* 335 */ return arrayOfEncryptionKey;
/* */ }