KrbCred.java :  » 6.0-JDK-Modules-sun » security » sun » security » krb5 » Java Open Source

Java Open Source » 6.0 JDK Modules sun » security 
security » sun » security » krb5 » KrbCred.java
/*
 * Portions Copyright 2000-2006 Sun Microsystems, Inc.  All Rights Reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.  Sun designates this
 * particular file as subject to the "Classpath" exception as provided
 * by Sun in the LICENSE file that accompanied this code.
 *
 * This code is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * version 2 for more details (a copy is included in the LICENSE file that
 * accompanied this code).
 *
 * You should have received a copy of the GNU General Public License version
 * 2 along with this work; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
 * CA 95054 USA or visit www.sun.com if you need additional information or
 * have any questions.
 */

/*
 * @(#)KrbCred.java  1.22 07/07/05
 * 
 *  (C) Copyright IBM Corp. 1999 All Rights Reserved.
 *  Copyright 1997 The Open Group Research Institute.  All rights reserved.
 */

package sun.security.krb5;

import sun.security.krb5.internal.*;
import sun.security.krb5.internal.crypto.KeyUsage;
import java.io.IOException;
import sun.security.util.DerValue;

/**
 * This class encapsulates the KRB-CRED message that a client uses to
 * send its delegated credentials to a server.
 *
 * Supports delegation of one ticket only.
 * @author Mayank Upadhyay
 * @version 1.22, 07/05/07
 */
public class KrbCred {

    private static boolean DEBUG = Krb5.DEBUG;

    private byte[] obuf = null;
    private KRBCred credMessg = null;
    private Ticket ticket = null;
    private EncKrbCredPart encPart = null;
    private Credentials creds = null;
    private KerberosTime timeStamp = null;

   // Used in InitialToken with null key
    public KrbCred(Credentials tgt,
       Credentials serviceTicket,
       EncryptionKey key)
  throws KrbException, IOException {

  PrincipalName client = tgt.getClient();
  PrincipalName tgService = tgt.getServer();
  PrincipalName server = serviceTicket.getServer();
  if (!serviceTicket.getClient().equals(client))
      throw new KrbException(Krb5.KRB_ERR_GENERIC,
                                "Client principal does not match");
  
  // XXX Check Windows flag OK-TO-FORWARD-TO

  // Invoke TGS-REQ to get a forwarded TGT for the peer

  KDCOptions options = new KDCOptions();
  options.set(KDCOptions.FORWARDED, true);
  options.set(KDCOptions.FORWARDABLE, true);

  HostAddresses sAddrs = null;
  // XXX Also NT_GSS_KRB5_PRINCIPAL can be a host based principal
  // GSSName.NT_HOSTBASED_SERVICE should display with KRB_NT_SRV_HST
  if (server.getNameType() == PrincipalName.KRB_NT_SRV_HST)
      sAddrs=  new HostAddresses(server);

  KrbTgsReq tgsReq = new KrbTgsReq(options, tgt, tgService,
           null, null, null, null, sAddrs, null, null, null);
  credMessg = createMessage(tgsReq.sendAndGetCreds(), key);

  obuf = credMessg.asn1Encode();
    }

    KRBCred createMessage(Credentials delegatedCreds, EncryptionKey key) 
  throws KrbException, IOException {

  EncryptionKey sessionKey 
      = delegatedCreds.getSessionKey();
  PrincipalName princ = delegatedCreds.getClient();
  Realm realm = princ.getRealm();
  PrincipalName tgService = delegatedCreds.getServer();
  Realm tgsRealm = tgService.getRealm();

  KrbCredInfo credInfo = new KrbCredInfo(sessionKey, realm,
                 princ, delegatedCreds.flags, delegatedCreds.authTime,
                 delegatedCreds.startTime, delegatedCreds.endTime,
                 delegatedCreds.renewTill, tgsRealm, tgService,
                 delegatedCreds.cAddr); 
       
  timeStamp = new KerberosTime(KerberosTime.NOW);
  KrbCredInfo[] credInfos = {credInfo};
  EncKrbCredPart encPart = 
      new EncKrbCredPart(credInfos,
             timeStamp, null, null, null, null);

  EncryptedData encEncPart = new EncryptedData(key,
      encPart.asn1Encode(), KeyUsage.KU_ENC_KRB_CRED_PART);

  Ticket[] tickets = {delegatedCreds.ticket};

  credMessg = new KRBCred(tickets, encEncPart);

  return credMessg;
    }

   // Used in InitialToken, key always NULL_KEY
    public KrbCred(byte[] asn1Message, EncryptionKey key) 
  throws KrbException, IOException {
  
  credMessg = new KRBCred(asn1Message);

  ticket = credMessg.tickets[0];

  byte[] temp = credMessg.encPart.decrypt(key, 
      KeyUsage.KU_ENC_KRB_CRED_PART);
  byte[] plainText = credMessg.encPart.reset(temp, true); 
  DerValue encoding = new DerValue(plainText);
  EncKrbCredPart encPart = new EncKrbCredPart(encoding);

  timeStamp = encPart.timeStamp;

  KrbCredInfo credInfo = encPart.ticketInfo[0];
  EncryptionKey credInfoKey = credInfo.key;
  Realm prealm = credInfo.prealm; 
  // XXX PrincipalName can store realm + principalname or
  // just principal name.
  PrincipalName pname = credInfo.pname; 
  pname.setRealm(prealm);
  TicketFlags flags = credInfo.flags; 
  KerberosTime authtime = credInfo.authtime; 
  KerberosTime starttime = credInfo.starttime; 
  KerberosTime endtime = credInfo.endtime; 
  KerberosTime renewTill = credInfo.renewTill; 
  Realm srealm = credInfo.srealm; 
  PrincipalName sname = credInfo.sname; 
  sname.setRealm(srealm);
  HostAddresses caddr = credInfo.caddr; 

  if (DEBUG) {
      System.out.println(">>>Delegated Creds have pname=" + pname
             + " sname=" + sname
             + " authtime=" + authtime
             + " starttime=" + starttime
             + " endtime=" + endtime
             + "renewTill=" + renewTill);
  }
  creds = new Credentials(ticket, pname, sname, credInfoKey, 
        flags, authtime, starttime, endtime, renewTill, caddr);
    }

    /**
     * Returns the delegated credentials from the peer.
     */
    public Credentials[] getDelegatedCreds() {

  Credentials[] allCreds = {creds};
  return allCreds;
    }

    /**
     * Returns the ASN.1 encoding that should be sent to the peer.
     */
    public byte[] getMessage() {
  return obuf;
    }
}
java2s.com  | Contact Us | Privacy Policy
Copyright 2009 - 12 Demo Source and Support. All rights reserved.
All other trademarks are property of their respective owners.