private void readObject(ObjectInputStream ois) throws IOException, ClassNotFoundException {
try {
EncryptionKey encKey = new EncryptionKey(new DerValue((byte[]) ois.readObject()));
keyType = encKey.getEType();
keyBytes = encKey.getBytes();
} catch (Asn1Exception ae) {
throw new IOException(ae.getMessage());
}
}
/**
* Constructs a KeyImpl from a password.
*
* @param principal the principal from which to derive the salt
* @param password the password that should be used to compute the key.
* @param algorithm the name for the algorithm that this key wil be used for. This parameter may
* be null in which case "DES" will be assumed.
*/
public KeyImpl(KerberosPrincipal principal, char[] password, String algorithm) {
try {
PrincipalName princ = new PrincipalName(principal.getName());
EncryptionKey key = new EncryptionKey(password, princ.getSalt(), algorithm);
this.keyBytes = key.getBytes();
this.keyType = key.getEType();
} catch (KrbException e) {
throw new IllegalArgumentException(e.getMessage());
}
}
static Krb5InitCredential getInstance(Krb5NameElement name, Credentials delegatedCred)
throws GSSException {
EncryptionKey sessionKey = delegatedCred.getSessionKey();
/*
* all of the following data is optional in a KRB-CRED
* messages. This check for each field.
*/
PrincipalName cPrinc = delegatedCred.getClient();
PrincipalName sPrinc = delegatedCred.getServer();
KerberosPrincipal client = null;
KerberosPrincipal server = null;
Krb5NameElement credName = null;
if (cPrinc != null) {
String fullName = cPrinc.getName();
credName = Krb5NameElement.getInstance(fullName, Krb5MechFactory.NT_GSS_KRB5_PRINCIPAL);
client = new KerberosPrincipal(fullName);
}
// XXX Compare name to credName
if (sPrinc != null) {
server = new KerberosPrincipal(sPrinc.getName(), KerberosPrincipal.KRB_NT_SRV_INST);
}
return new Krb5InitCredential(
credName,
delegatedCred,
delegatedCred.getEncoded(),
client,
server,
sessionKey.getBytes(),
sessionKey.getEType(),
delegatedCred.getFlags(),
delegatedCred.getAuthTime(),
delegatedCred.getStartTime(),
delegatedCred.getEndTime(),
delegatedCred.getRenewTill(),
delegatedCred.getClientAddresses());
}
/* */ public void addEntry(
PrincipalName paramPrincipalName, char[] paramArrayOfChar, int paramInt, boolean paramBoolean)
/* */ throws KrbException
/* */ {
/* 381 */ EncryptionKey[] arrayOfEncryptionKey =
EncryptionKey.acquireSecretKeys(paramArrayOfChar, paramPrincipalName.getSalt());
/* */
/* 387 */ int i = 0;
/* 388 */ for (int j = this.entries.size() - 1; j >= 0; j--) {
/* 389 */ KeyTabEntry localKeyTabEntry1 = (KeyTabEntry) this.entries.get(j);
/* 390 */ if (localKeyTabEntry1.service.match(paramPrincipalName)) {
/* 391 */ if (localKeyTabEntry1.keyVersion > i) {
/* 392 */ i = localKeyTabEntry1.keyVersion;
/* */ }
/* 394 */ if ((!paramBoolean) || (localKeyTabEntry1.keyVersion == paramInt)) {
/* 395 */ this.entries.removeElementAt(j);
/* */ }
/* */ }
/* */ }
/* 399 */ if (paramInt == -1) {
/* 400 */ paramInt = i + 1;
/* */ }
/* */
/* 403 */ for (j = 0;
(arrayOfEncryptionKey != null) && (j < arrayOfEncryptionKey.length);
j++) {
/* 404 */ int k = arrayOfEncryptionKey[j].getEType();
/* 405 */ byte[] arrayOfByte = arrayOfEncryptionKey[j].getBytes();
/* */
/* 407 */ KeyTabEntry localKeyTabEntry2 =
new KeyTabEntry(
paramPrincipalName,
paramPrincipalName.getRealm(),
new KerberosTime(System.currentTimeMillis()),
paramInt,
k,
arrayOfByte);
/* */
/* 411 */ this.entries.addElement(localKeyTabEntry2);
/* */ }
/* */ }
/**
* Encodes an EncTicketPart object.
*
* @return byte array of encoded EncTicketPart object.
* @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
* @exception IOException if an I/O error occurs while reading encoded data.
*/
public byte[] asn1Encode() throws Asn1Exception, IOException {
DerOutputStream bytes = new DerOutputStream();
DerOutputStream temp = new DerOutputStream();
bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x00), flags.asn1Encode());
bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x01), key.asn1Encode());
bytes.write(
DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x02), cname.getRealm().asn1Encode());
bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x03), cname.asn1Encode());
bytes.write(
DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x04), transited.asn1Encode());
bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x05), authtime.asn1Encode());
if (starttime != null) {
bytes.write(
DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x06), starttime.asn1Encode());
}
bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x07), endtime.asn1Encode());
if (renewTill != null) {
bytes.write(
DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x08), renewTill.asn1Encode());
}
if (caddr != null) {
bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x09), caddr.asn1Encode());
}
if (authorizationData != null) {
bytes.write(
DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x0A),
authorizationData.asn1Encode());
}
temp.write(DerValue.tag_Sequence, bytes);
bytes = new DerOutputStream();
bytes.write(DerValue.createTag(DerValue.TAG_APPLICATION, true, (byte) 0x03), temp);
return bytes.toByteArray();
}
private void init(DerValue encoding) throws Asn1Exception, IOException, RealmException {
DerValue der, subDer;
renewTill = null;
caddr = null;
authorizationData = null;
if (((encoding.getTag() & (byte) 0x1F) != (byte) 0x03)
|| (encoding.isApplication() != true)
|| (encoding.isConstructed() != true)) {
throw new Asn1Exception(Krb5.ASN1_BAD_ID);
}
der = encoding.getData().getDerValue();
if (der.getTag() != DerValue.tag_Sequence) {
throw new Asn1Exception(Krb5.ASN1_BAD_ID);
}
flags = TicketFlags.parse(der.getData(), (byte) 0x00, false);
key = EncryptionKey.parse(der.getData(), (byte) 0x01, false);
Realm crealm = Realm.parse(der.getData(), (byte) 0x02, false);
cname = PrincipalName.parse(der.getData(), (byte) 0x03, false, crealm);
transited = TransitedEncoding.parse(der.getData(), (byte) 0x04, false);
authtime = KerberosTime.parse(der.getData(), (byte) 0x05, false);
starttime = KerberosTime.parse(der.getData(), (byte) 0x06, true);
endtime = KerberosTime.parse(der.getData(), (byte) 0x07, false);
if (der.getData().available() > 0) {
renewTill = KerberosTime.parse(der.getData(), (byte) 0x08, true);
}
if (der.getData().available() > 0) {
caddr = HostAddresses.parse(der.getData(), (byte) 0x09, true);
}
if (der.getData().available() > 0) {
authorizationData = AuthorizationData.parse(der.getData(), (byte) 0x0A, true);
}
if (der.getData().available() > 0) {
throw new Asn1Exception(Krb5.ASN1_BAD_ID);
}
}
/* */ private void init(DerValue paramDerValue)
/* */ throws Asn1Exception, IOException, RealmException
/* */ {
/* 140 */ this.renewTill = null;
/* 141 */ this.caddr = null;
/* 142 */ this.authorizationData = null;
/* 143 */ if (((paramDerValue.getTag() & 0x1F) != 3)
|| (paramDerValue.isApplication() != true)
|| (paramDerValue.isConstructed() != true))
/* */ {
/* 146 */ throw new Asn1Exception(906);
/* */ }
/* 148 */ DerValue localDerValue = paramDerValue.getData().getDerValue();
/* 149 */ if (localDerValue.getTag() != 48) {
/* 150 */ throw new Asn1Exception(906);
/* */ }
/* 152 */ this.flags = TicketFlags.parse(localDerValue.getData(), (byte) 0, false);
/* 153 */ this.key = EncryptionKey.parse(localDerValue.getData(), (byte) 1, false);
/* 154 */ this.crealm = Realm.parse(localDerValue.getData(), (byte) 2, false);
/* 155 */ this.cname = PrincipalName.parse(localDerValue.getData(), (byte) 3, false);
/* 156 */ this.transited = TransitedEncoding.parse(localDerValue.getData(), (byte) 4, false);
/* 157 */ this.authtime = KerberosTime.parse(localDerValue.getData(), (byte) 5, false);
/* 158 */ this.starttime = KerberosTime.parse(localDerValue.getData(), (byte) 6, true);
/* 159 */ this.endtime = KerberosTime.parse(localDerValue.getData(), (byte) 7, false);
/* 160 */ if (localDerValue.getData().available() > 0) {
/* 161 */ this.renewTill = KerberosTime.parse(localDerValue.getData(), (byte) 8, true);
/* */ }
/* 163 */ if (localDerValue.getData().available() > 0) {
/* 164 */ this.caddr = HostAddresses.parse(localDerValue.getData(), (byte) 9, true);
/* */ }
/* 166 */ if (localDerValue.getData().available() > 0) {
/* 167 */ this.authorizationData =
AuthorizationData.parse(localDerValue.getData(), (byte) 10, true);
/* */ }
/* 169 */ if (localDerValue.getData().available() > 0) /* 170 */ throw new Asn1Exception(906);
/* */ }