/* */ private void createMessage(
APOptions paramAPOptions,
Ticket paramTicket,
EncryptionKey paramEncryptionKey1,
Realm paramRealm,
PrincipalName paramPrincipalName,
Checksum paramChecksum,
KerberosTime paramKerberosTime,
EncryptionKey paramEncryptionKey2,
SeqNumber paramSeqNumber,
AuthorizationData paramAuthorizationData,
int paramInt)
/* */ throws Asn1Exception, IOException, KdcErrException, KrbCryptoException
/* */ {
/* 471 */ Integer localInteger = null;
/* */
/* 473 */ if (paramSeqNumber != null) {
/* 474 */ localInteger = new Integer(paramSeqNumber.current());
/* */ }
/* 476 */ this.authenticator =
new Authenticator(
paramRealm,
paramPrincipalName,
paramChecksum,
paramKerberosTime.getMicroSeconds(),
paramKerberosTime,
paramEncryptionKey2,
localInteger,
paramAuthorizationData);
/* */
/* 486 */ byte[] arrayOfByte = this.authenticator.asn1Encode();
/* */
/* 488 */ EncryptedData localEncryptedData =
new EncryptedData(paramEncryptionKey1, arrayOfByte, paramInt);
/* */
/* 491 */ this.apReqMessg = new APReq(paramAPOptions, paramTicket, localEncryptedData);
/* */ }
/* */ private void authenticate(
EncryptionKey[] paramArrayOfEncryptionKey, InetAddress paramInetAddress)
throws KrbException, IOException
/* */ {
/* 268 */ int i = this.apReqMessg.ticket.encPart.getEType();
/* 269 */ Integer localInteger = this.apReqMessg.ticket.encPart.getKeyVersionNumber();
/* 270 */ EncryptionKey localEncryptionKey =
EncryptionKey.findKey(i, localInteger, paramArrayOfEncryptionKey);
/* */
/* 272 */ if (localEncryptionKey == null) {
/* 273 */ throw new KrbException(
400, "Cannot find key of appropriate type to decrypt AP REP - " + EType.toString(i));
/* */ }
/* */
/* 278 */ byte[] arrayOfByte1 = this.apReqMessg.ticket.encPart.decrypt(localEncryptionKey, 2);
/* */
/* 280 */ byte[] arrayOfByte2 = this.apReqMessg.ticket.encPart.reset(arrayOfByte1);
/* 281 */ EncTicketPart localEncTicketPart = new EncTicketPart(arrayOfByte2);
/* */
/* 283 */ checkPermittedEType(localEncTicketPart.key.getEType());
/* */
/* 285 */ byte[] arrayOfByte3 =
this.apReqMessg.authenticator.decrypt(localEncTicketPart.key, 11);
/* */
/* 287 */ byte[] arrayOfByte4 = this.apReqMessg.authenticator.reset(arrayOfByte3);
/* 288 */ this.authenticator = new Authenticator(arrayOfByte4);
/* 289 */ this.ctime = this.authenticator.ctime;
/* 290 */ this.cusec = this.authenticator.cusec;
/* 291 */ this.authenticator.ctime.setMicroSeconds(this.authenticator.cusec);
/* 292 */ this.authenticator.cname.setRealm(this.authenticator.crealm);
/* 293 */ this.apReqMessg.ticket.sname.setRealm(this.apReqMessg.ticket.realm);
/* 294 */ localEncTicketPart.cname.setRealm(localEncTicketPart.crealm);
/* */
/* 296 */ if (!this.authenticator.cname.equals(localEncTicketPart.cname)) {
/* 297 */ throw new KrbApErrException(36);
/* */ }
/* 299 */ KerberosTime localKerberosTime = new KerberosTime(true);
/* 300 */ if (!this.authenticator.ctime.inClockSkew(localKerberosTime)) {
/* 301 */ throw new KrbApErrException(37);
/* */ }
/* */
/* 304 */ AuthTime localAuthTime =
new AuthTime(this.authenticator.ctime.getTime(), this.authenticator.cusec);
/* */
/* 306 */ String str = this.authenticator.cname.toString();
/* 307 */ if (table.get(localAuthTime, this.authenticator.cname.toString()) != null) {
/* 308 */ throw new KrbApErrException(34);
/* */ }
/* 310 */ table.put(str, localAuthTime, localKerberosTime.getTime());
/* */
/* 313 */ if (paramInetAddress != null)
/* */ {
/* 315 */ localObject = new HostAddress(paramInetAddress);
/* 316 */ if ((localEncTicketPart.caddr != null)
&& (!localEncTicketPart.caddr.inList((HostAddress) localObject)))
/* */ {
/* 318 */ if (DEBUG) {
/* 319 */ System.out.println(
">>> KrbApReq: initiator is "
+ ((HostAddress) localObject).getInetAddress()
+ ", but caddr is "
+ Arrays.toString(localEncTicketPart.caddr.getInetAddresses()));
/* */ }
/* */
/* 325 */ throw new KrbApErrException(38);
/* */ }
/* */
/* */ }
/* */
/* 335 */ Object localObject = new KerberosTime(true);
/* */
/* 337 */ if (((localEncTicketPart.starttime != null)
&& (localEncTicketPart.starttime.greaterThanWRTClockSkew((KerberosTime) localObject)))
|| (localEncTicketPart.flags.get(7)))
/* */ {
/* 340 */ throw new KrbApErrException(33);
/* */ }
/* */
/* 344 */ if ((localEncTicketPart.endtime != null)
&& (((KerberosTime) localObject).greaterThanWRTClockSkew(localEncTicketPart.endtime)))
/* */ {
/* 346 */ throw new KrbApErrException(32);
/* */ }
/* */
/* 349 */ this.creds =
new Credentials(
this.apReqMessg.ticket,
this.authenticator.cname,
this.apReqMessg.ticket.sname,
localEncTicketPart.key,
localEncTicketPart.flags,
localEncTicketPart.authtime,
localEncTicketPart.starttime,
localEncTicketPart.endtime,
localEncTicketPart.renewTill,
localEncTicketPart.caddr,
localEncTicketPart.authorizationData);
/* */
/* 361 */ if (DEBUG) /* 362 */ System.out.println(">>> KrbApReq: authenticate succeed.");
/* */ }