Java Code Examples for sun.security.krb5.internal.AuthorizationData#count()

The following examples show how to use sun.security.krb5.internal.AuthorizationData#count() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: ExtendedGSSContextImpl.java    From openjdk-jdk9 with GNU General Public License v2.0 6 votes vote down vote up
@Override
public Object inquireSecContext(InquireType type) throws GSSException {
    SecurityManager security = System.getSecurityManager();
    if (security != null) {
        security.checkPermission(
                new InquireSecContextPermission(type.toString()));
    }
    Object output = super.inquireSecContext(type.name());
    if (output != null) {
        if (type == InquireType.KRB5_GET_AUTHZ_DATA) {
            AuthorizationData ad = (AuthorizationData) output;
            AuthorizationDataEntry[] authzData =
                    new AuthorizationDataEntry[ad.count()];
            for (int i = 0; i < ad.count(); i++) {
                authzData[i] = new AuthorizationDataEntry(
                        ad.item(i).adType, ad.item(i).adData);
            }
            output = authzData;
        }
    }
    return output;
}
 
Example 2
Source File: InitSecContextToken.java    From dragonwell8_jdk with GNU General Public License v2.0 4 votes vote down vote up
/**
 * For the context acceptor to call. It reads the bytes out of an
 * InputStream and constructs an InitSecContextToken with them.
 */
InitSecContextToken(Krb5Context context, Krb5AcceptCredential cred,
                           InputStream is)
    throws IOException, GSSException, KrbException  {

    int tokenId = ((is.read()<<8) | is.read());

    if (tokenId != Krb5Token.AP_REQ_ID)
        throw new GSSException(GSSException.DEFECTIVE_TOKEN, -1,
                               "AP_REQ token id does not match!");

    // XXX Modify KrbApReq cons to take an InputStream
    byte[] apReqBytes =
        new sun.security.util.DerValue(is).toByteArray();
    //debug("=====ApReqBytes: [" + getHexBytes(apReqBytes) + "]\n");

    InetAddress addr = null;
    if (context.getChannelBinding() != null) {
        addr = context.getChannelBinding().getInitiatorAddress();
    }
    apReq = new KrbApReq(apReqBytes, cred, addr);
    //debug("\nReceived AP-REQ and authenticated it.\n");

    EncryptionKey sessionKey = apReq.getCreds().getSessionKey();

    /*
      System.out.println("\n\nSession key from service ticket is: " +
      getHexBytes(sessionKey.getBytes()));
    */

    EncryptionKey subKey = apReq.getSubKey();
    if (subKey != null) {
        context.setKey(Krb5Context.INITIATOR_SUBKEY, subKey);
        /*
          System.out.println("Sub-Session key from authenticator is: " +
          getHexBytes(subKey.getBytes()) + "\n");
        */
    } else {
        context.setKey(Krb5Context.SESSION_KEY, sessionKey);
        //System.out.println("Sub-Session Key Missing in Authenticator.\n");
    }

    OverloadedChecksum gssChecksum = new OverloadedChecksum(
            context, apReq.getChecksum(), sessionKey, subKey);
    gssChecksum.setContextFlags(context);
    Credentials delegCred = gssChecksum.getDelegatedCreds();
    if (delegCred != null) {
        Krb5CredElement credElement =
            Krb5InitCredential.getInstance(
                               (Krb5NameElement)context.getSrcName(),
                               delegCred);
        context.setDelegCred(credElement);
    }

    Integer apReqSeqNumber = apReq.getSeqNumber();
    int peerSeqNumber = (apReqSeqNumber != null ?
                         apReqSeqNumber.intValue() :
                         0);
    context.resetPeerSequenceNumber(peerSeqNumber);
    if (!context.getMutualAuthState()) {
        context.resetMySequenceNumber(
                ACCEPTOR_USE_INITIATOR_SEQNUM
                        ? peerSeqNumber
                        : 0);
    }
    context.setAuthTime(
            new KerberosTime(apReq.getCreds().getAuthTime()).toString());
    context.setTktFlags(apReq.getCreds().getFlags());
    AuthorizationData ad = apReq.getCreds().getAuthzData();
    if (ad == null) {
        context.setAuthzData(null);
    } else {
        AuthorizationDataEntry[] authzData =
                new AuthorizationDataEntry[ad.count()];
        for (int i=0; i<ad.count(); i++) {
            authzData[i] = new AuthorizationDataEntry(
                    ad.item(i).adType, ad.item(i).adData);
        }
        context.setAuthzData(authzData);
    }
}
 
Example 3
Source File: InitSecContextToken.java    From TencentKona-8 with GNU General Public License v2.0 4 votes vote down vote up
/**
 * For the context acceptor to call. It reads the bytes out of an
 * InputStream and constructs an InitSecContextToken with them.
 */
InitSecContextToken(Krb5Context context, Krb5AcceptCredential cred,
                           InputStream is)
    throws IOException, GSSException, KrbException  {

    int tokenId = ((is.read()<<8) | is.read());

    if (tokenId != Krb5Token.AP_REQ_ID)
        throw new GSSException(GSSException.DEFECTIVE_TOKEN, -1,
                               "AP_REQ token id does not match!");

    // XXX Modify KrbApReq cons to take an InputStream
    byte[] apReqBytes =
        new sun.security.util.DerValue(is).toByteArray();
    //debug("=====ApReqBytes: [" + getHexBytes(apReqBytes) + "]\n");

    InetAddress addr = null;
    if (context.getChannelBinding() != null) {
        addr = context.getChannelBinding().getInitiatorAddress();
    }
    apReq = new KrbApReq(apReqBytes, cred, addr);
    //debug("\nReceived AP-REQ and authenticated it.\n");

    EncryptionKey sessionKey = apReq.getCreds().getSessionKey();

    /*
      System.out.println("\n\nSession key from service ticket is: " +
      getHexBytes(sessionKey.getBytes()));
    */

    EncryptionKey subKey = apReq.getSubKey();
    if (subKey != null) {
        context.setKey(Krb5Context.INITIATOR_SUBKEY, subKey);
        /*
          System.out.println("Sub-Session key from authenticator is: " +
          getHexBytes(subKey.getBytes()) + "\n");
        */
    } else {
        context.setKey(Krb5Context.SESSION_KEY, sessionKey);
        //System.out.println("Sub-Session Key Missing in Authenticator.\n");
    }

    OverloadedChecksum gssChecksum = new OverloadedChecksum(
            context, apReq.getChecksum(), sessionKey, subKey);
    gssChecksum.setContextFlags(context);
    Credentials delegCred = gssChecksum.getDelegatedCreds();
    if (delegCred != null) {
        Krb5CredElement credElement =
            Krb5InitCredential.getInstance(
                               (Krb5NameElement)context.getSrcName(),
                               delegCred);
        context.setDelegCred(credElement);
    }

    Integer apReqSeqNumber = apReq.getSeqNumber();
    int peerSeqNumber = (apReqSeqNumber != null ?
                         apReqSeqNumber.intValue() :
                         0);
    context.resetPeerSequenceNumber(peerSeqNumber);
    if (!context.getMutualAuthState()) {
        context.resetMySequenceNumber(
                ACCEPTOR_USE_INITIATOR_SEQNUM
                        ? peerSeqNumber
                        : 0);
    }
    context.setAuthTime(
            new KerberosTime(apReq.getCreds().getAuthTime()).toString());
    context.setTktFlags(apReq.getCreds().getFlags());
    AuthorizationData ad = apReq.getCreds().getAuthzData();
    if (ad == null) {
        context.setAuthzData(null);
    } else {
        AuthorizationDataEntry[] authzData =
                new AuthorizationDataEntry[ad.count()];
        for (int i=0; i<ad.count(); i++) {
            authzData[i] = new AuthorizationDataEntry(
                    ad.item(i).adType, ad.item(i).adData);
        }
        context.setAuthzData(authzData);
    }
}
 
Example 4
Source File: InitSecContextToken.java    From jdk8u60 with GNU General Public License v2.0 4 votes vote down vote up
/**
 * For the context acceptor to call. It reads the bytes out of an
 * InputStream and constructs an InitSecContextToken with them.
 */
InitSecContextToken(Krb5Context context, Krb5AcceptCredential cred,
                           InputStream is)
    throws IOException, GSSException, KrbException  {

    int tokenId = ((is.read()<<8) | is.read());

    if (tokenId != Krb5Token.AP_REQ_ID)
        throw new GSSException(GSSException.DEFECTIVE_TOKEN, -1,
                               "AP_REQ token id does not match!");

    // XXX Modify KrbApReq cons to take an InputStream
    byte[] apReqBytes =
        new sun.security.util.DerValue(is).toByteArray();
    //debug("=====ApReqBytes: [" + getHexBytes(apReqBytes) + "]\n");

    InetAddress addr = null;
    if (context.getChannelBinding() != null) {
        addr = context.getChannelBinding().getInitiatorAddress();
    }
    apReq = new KrbApReq(apReqBytes, cred, addr);
    //debug("\nReceived AP-REQ and authenticated it.\n");

    EncryptionKey sessionKey = apReq.getCreds().getSessionKey();

    /*
      System.out.println("\n\nSession key from service ticket is: " +
      getHexBytes(sessionKey.getBytes()));
    */

    EncryptionKey subKey = apReq.getSubKey();
    if (subKey != null) {
        context.setKey(Krb5Context.INITIATOR_SUBKEY, subKey);
        /*
          System.out.println("Sub-Session key from authenticator is: " +
          getHexBytes(subKey.getBytes()) + "\n");
        */
    } else {
        context.setKey(Krb5Context.SESSION_KEY, sessionKey);
        //System.out.println("Sub-Session Key Missing in Authenticator.\n");
    }

    OverloadedChecksum gssChecksum = new OverloadedChecksum(
            context, apReq.getChecksum(), sessionKey, subKey);
    gssChecksum.setContextFlags(context);
    Credentials delegCred = gssChecksum.getDelegatedCreds();
    if (delegCred != null) {
        Krb5CredElement credElement =
            Krb5InitCredential.getInstance(
                               (Krb5NameElement)context.getSrcName(),
                               delegCred);
        context.setDelegCred(credElement);
    }

    Integer apReqSeqNumber = apReq.getSeqNumber();
    int peerSeqNumber = (apReqSeqNumber != null ?
                         apReqSeqNumber.intValue() :
                         0);
    context.resetPeerSequenceNumber(peerSeqNumber);
    if (!context.getMutualAuthState())
        // Use the same sequence number as the peer
        // (Behaviour exhibited by the Windows SSPI server)
        context.resetMySequenceNumber(peerSeqNumber);
    context.setAuthTime(
            new KerberosTime(apReq.getCreds().getAuthTime()).toString());
    context.setTktFlags(apReq.getCreds().getFlags());
    AuthorizationData ad = apReq.getCreds().getAuthzData();
    if (ad == null) {
        context.setAuthzData(null);
    } else {
        AuthorizationDataEntry[] authzData =
                new AuthorizationDataEntry[ad.count()];
        for (int i=0; i<ad.count(); i++) {
            authzData[i] = new AuthorizationDataEntry(
                    ad.item(i).adType, ad.item(i).adData);
        }
        context.setAuthzData(authzData);
    }
}
 
Example 5
Source File: InitSecContextToken.java    From openjdk-jdk8u with GNU General Public License v2.0 4 votes vote down vote up
/**
 * For the context acceptor to call. It reads the bytes out of an
 * InputStream and constructs an InitSecContextToken with them.
 */
InitSecContextToken(Krb5Context context, Krb5AcceptCredential cred,
                           InputStream is)
    throws IOException, GSSException, KrbException  {

    int tokenId = ((is.read()<<8) | is.read());

    if (tokenId != Krb5Token.AP_REQ_ID)
        throw new GSSException(GSSException.DEFECTIVE_TOKEN, -1,
                               "AP_REQ token id does not match!");

    // XXX Modify KrbApReq cons to take an InputStream
    byte[] apReqBytes =
        new sun.security.util.DerValue(is).toByteArray();
    //debug("=====ApReqBytes: [" + getHexBytes(apReqBytes) + "]\n");

    InetAddress addr = null;
    if (context.getChannelBinding() != null) {
        addr = context.getChannelBinding().getInitiatorAddress();
    }
    apReq = new KrbApReq(apReqBytes, cred, addr);
    //debug("\nReceived AP-REQ and authenticated it.\n");

    EncryptionKey sessionKey = apReq.getCreds().getSessionKey();

    /*
      System.out.println("\n\nSession key from service ticket is: " +
      getHexBytes(sessionKey.getBytes()));
    */

    EncryptionKey subKey = apReq.getSubKey();
    if (subKey != null) {
        context.setKey(Krb5Context.INITIATOR_SUBKEY, subKey);
        /*
          System.out.println("Sub-Session key from authenticator is: " +
          getHexBytes(subKey.getBytes()) + "\n");
        */
    } else {
        context.setKey(Krb5Context.SESSION_KEY, sessionKey);
        //System.out.println("Sub-Session Key Missing in Authenticator.\n");
    }

    OverloadedChecksum gssChecksum = new OverloadedChecksum(
            context, apReq.getChecksum(), sessionKey, subKey);
    gssChecksum.setContextFlags(context);
    Credentials delegCred = gssChecksum.getDelegatedCreds();
    if (delegCred != null) {
        Krb5CredElement credElement =
            Krb5InitCredential.getInstance(
                               (Krb5NameElement)context.getSrcName(),
                               delegCred);
        context.setDelegCred(credElement);
    }

    Integer apReqSeqNumber = apReq.getSeqNumber();
    int peerSeqNumber = (apReqSeqNumber != null ?
                         apReqSeqNumber.intValue() :
                         0);
    context.resetPeerSequenceNumber(peerSeqNumber);
    if (!context.getMutualAuthState()) {
        context.resetMySequenceNumber(
                ACCEPTOR_USE_INITIATOR_SEQNUM
                        ? peerSeqNumber
                        : 0);
    }
    context.setAuthTime(
            new KerberosTime(apReq.getCreds().getAuthTime()).toString());
    context.setTktFlags(apReq.getCreds().getFlags());
    AuthorizationData ad = apReq.getCreds().getAuthzData();
    if (ad == null) {
        context.setAuthzData(null);
    } else {
        AuthorizationDataEntry[] authzData =
                new AuthorizationDataEntry[ad.count()];
        for (int i=0; i<ad.count(); i++) {
            authzData[i] = new AuthorizationDataEntry(
                    ad.item(i).adType, ad.item(i).adData);
        }
        context.setAuthzData(authzData);
    }
}
 
Example 6
Source File: InitSecContextToken.java    From openjdk-jdk8u-backup with GNU General Public License v2.0 4 votes vote down vote up
/**
 * For the context acceptor to call. It reads the bytes out of an
 * InputStream and constructs an InitSecContextToken with them.
 */
InitSecContextToken(Krb5Context context, Krb5AcceptCredential cred,
                           InputStream is)
    throws IOException, GSSException, KrbException  {

    int tokenId = ((is.read()<<8) | is.read());

    if (tokenId != Krb5Token.AP_REQ_ID)
        throw new GSSException(GSSException.DEFECTIVE_TOKEN, -1,
                               "AP_REQ token id does not match!");

    // XXX Modify KrbApReq cons to take an InputStream
    byte[] apReqBytes =
        new sun.security.util.DerValue(is).toByteArray();
    //debug("=====ApReqBytes: [" + getHexBytes(apReqBytes) + "]\n");

    InetAddress addr = null;
    if (context.getChannelBinding() != null) {
        addr = context.getChannelBinding().getInitiatorAddress();
    }
    apReq = new KrbApReq(apReqBytes, cred, addr);
    //debug("\nReceived AP-REQ and authenticated it.\n");

    EncryptionKey sessionKey = apReq.getCreds().getSessionKey();

    /*
      System.out.println("\n\nSession key from service ticket is: " +
      getHexBytes(sessionKey.getBytes()));
    */

    EncryptionKey subKey = apReq.getSubKey();
    if (subKey != null) {
        context.setKey(Krb5Context.INITIATOR_SUBKEY, subKey);
        /*
          System.out.println("Sub-Session key from authenticator is: " +
          getHexBytes(subKey.getBytes()) + "\n");
        */
    } else {
        context.setKey(Krb5Context.SESSION_KEY, sessionKey);
        //System.out.println("Sub-Session Key Missing in Authenticator.\n");
    }

    OverloadedChecksum gssChecksum = new OverloadedChecksum(
            context, apReq.getChecksum(), sessionKey, subKey);
    gssChecksum.setContextFlags(context);
    Credentials delegCred = gssChecksum.getDelegatedCreds();
    if (delegCred != null) {
        Krb5CredElement credElement =
            Krb5InitCredential.getInstance(
                               (Krb5NameElement)context.getSrcName(),
                               delegCred);
        context.setDelegCred(credElement);
    }

    Integer apReqSeqNumber = apReq.getSeqNumber();
    int peerSeqNumber = (apReqSeqNumber != null ?
                         apReqSeqNumber.intValue() :
                         0);
    context.resetPeerSequenceNumber(peerSeqNumber);
    if (!context.getMutualAuthState())
        // Use the same sequence number as the peer
        // (Behaviour exhibited by the Windows SSPI server)
        context.resetMySequenceNumber(peerSeqNumber);
    context.setAuthTime(
            new KerberosTime(apReq.getCreds().getAuthTime()).toString());
    context.setTktFlags(apReq.getCreds().getFlags());
    AuthorizationData ad = apReq.getCreds().getAuthzData();
    if (ad == null) {
        context.setAuthzData(null);
    } else {
        AuthorizationDataEntry[] authzData =
                new AuthorizationDataEntry[ad.count()];
        for (int i=0; i<ad.count(); i++) {
            authzData[i] = new AuthorizationDataEntry(
                    ad.item(i).adType, ad.item(i).adData);
        }
        context.setAuthzData(authzData);
    }
}
 
Example 7
Source File: InitSecContextToken.java    From jdk8u-jdk with GNU General Public License v2.0 4 votes vote down vote up
/**
 * For the context acceptor to call. It reads the bytes out of an
 * InputStream and constructs an InitSecContextToken with them.
 */
InitSecContextToken(Krb5Context context, Krb5AcceptCredential cred,
                           InputStream is)
    throws IOException, GSSException, KrbException  {

    int tokenId = ((is.read()<<8) | is.read());

    if (tokenId != Krb5Token.AP_REQ_ID)
        throw new GSSException(GSSException.DEFECTIVE_TOKEN, -1,
                               "AP_REQ token id does not match!");

    // XXX Modify KrbApReq cons to take an InputStream
    byte[] apReqBytes =
        new sun.security.util.DerValue(is).toByteArray();
    //debug("=====ApReqBytes: [" + getHexBytes(apReqBytes) + "]\n");

    InetAddress addr = null;
    if (context.getChannelBinding() != null) {
        addr = context.getChannelBinding().getInitiatorAddress();
    }
    apReq = new KrbApReq(apReqBytes, cred, addr);
    //debug("\nReceived AP-REQ and authenticated it.\n");

    EncryptionKey sessionKey = apReq.getCreds().getSessionKey();

    /*
      System.out.println("\n\nSession key from service ticket is: " +
      getHexBytes(sessionKey.getBytes()));
    */

    EncryptionKey subKey = apReq.getSubKey();
    if (subKey != null) {
        context.setKey(Krb5Context.INITIATOR_SUBKEY, subKey);
        /*
          System.out.println("Sub-Session key from authenticator is: " +
          getHexBytes(subKey.getBytes()) + "\n");
        */
    } else {
        context.setKey(Krb5Context.SESSION_KEY, sessionKey);
        //System.out.println("Sub-Session Key Missing in Authenticator.\n");
    }

    OverloadedChecksum gssChecksum = new OverloadedChecksum(
            context, apReq.getChecksum(), sessionKey, subKey);
    gssChecksum.setContextFlags(context);
    Credentials delegCred = gssChecksum.getDelegatedCreds();
    if (delegCred != null) {
        Krb5CredElement credElement =
            Krb5InitCredential.getInstance(
                               (Krb5NameElement)context.getSrcName(),
                               delegCred);
        context.setDelegCred(credElement);
    }

    Integer apReqSeqNumber = apReq.getSeqNumber();
    int peerSeqNumber = (apReqSeqNumber != null ?
                         apReqSeqNumber.intValue() :
                         0);
    context.resetPeerSequenceNumber(peerSeqNumber);
    if (!context.getMutualAuthState())
        // Use the same sequence number as the peer
        // (Behaviour exhibited by the Windows SSPI server)
        context.resetMySequenceNumber(peerSeqNumber);
    context.setAuthTime(
            new KerberosTime(apReq.getCreds().getAuthTime()).toString());
    context.setTktFlags(apReq.getCreds().getFlags());
    AuthorizationData ad = apReq.getCreds().getAuthzData();
    if (ad == null) {
        context.setAuthzData(null);
    } else {
        AuthorizationDataEntry[] authzData =
                new AuthorizationDataEntry[ad.count()];
        for (int i=0; i<ad.count(); i++) {
            authzData[i] = new AuthorizationDataEntry(
                    ad.item(i).adType, ad.item(i).adData);
        }
        context.setAuthzData(authzData);
    }
}
 
Example 8
Source File: InitSecContextToken.java    From hottub with GNU General Public License v2.0 4 votes vote down vote up
/**
 * For the context acceptor to call. It reads the bytes out of an
 * InputStream and constructs an InitSecContextToken with them.
 */
InitSecContextToken(Krb5Context context, Krb5AcceptCredential cred,
                           InputStream is)
    throws IOException, GSSException, KrbException  {

    int tokenId = ((is.read()<<8) | is.read());

    if (tokenId != Krb5Token.AP_REQ_ID)
        throw new GSSException(GSSException.DEFECTIVE_TOKEN, -1,
                               "AP_REQ token id does not match!");

    // XXX Modify KrbApReq cons to take an InputStream
    byte[] apReqBytes =
        new sun.security.util.DerValue(is).toByteArray();
    //debug("=====ApReqBytes: [" + getHexBytes(apReqBytes) + "]\n");

    InetAddress addr = null;
    if (context.getChannelBinding() != null) {
        addr = context.getChannelBinding().getInitiatorAddress();
    }
    apReq = new KrbApReq(apReqBytes, cred, addr);
    //debug("\nReceived AP-REQ and authenticated it.\n");

    EncryptionKey sessionKey = apReq.getCreds().getSessionKey();

    /*
      System.out.println("\n\nSession key from service ticket is: " +
      getHexBytes(sessionKey.getBytes()));
    */

    EncryptionKey subKey = apReq.getSubKey();
    if (subKey != null) {
        context.setKey(Krb5Context.INITIATOR_SUBKEY, subKey);
        /*
          System.out.println("Sub-Session key from authenticator is: " +
          getHexBytes(subKey.getBytes()) + "\n");
        */
    } else {
        context.setKey(Krb5Context.SESSION_KEY, sessionKey);
        //System.out.println("Sub-Session Key Missing in Authenticator.\n");
    }

    OverloadedChecksum gssChecksum = new OverloadedChecksum(
            context, apReq.getChecksum(), sessionKey, subKey);
    gssChecksum.setContextFlags(context);
    Credentials delegCred = gssChecksum.getDelegatedCreds();
    if (delegCred != null) {
        Krb5CredElement credElement =
            Krb5InitCredential.getInstance(
                               (Krb5NameElement)context.getSrcName(),
                               delegCred);
        context.setDelegCred(credElement);
    }

    Integer apReqSeqNumber = apReq.getSeqNumber();
    int peerSeqNumber = (apReqSeqNumber != null ?
                         apReqSeqNumber.intValue() :
                         0);
    context.resetPeerSequenceNumber(peerSeqNumber);
    if (!context.getMutualAuthState())
        // Use the same sequence number as the peer
        // (Behaviour exhibited by the Windows SSPI server)
        context.resetMySequenceNumber(peerSeqNumber);
    context.setAuthTime(
            new KerberosTime(apReq.getCreds().getAuthTime()).toString());
    context.setTktFlags(apReq.getCreds().getFlags());
    AuthorizationData ad = apReq.getCreds().getAuthzData();
    if (ad == null) {
        context.setAuthzData(null);
    } else {
        AuthorizationDataEntry[] authzData =
                new AuthorizationDataEntry[ad.count()];
        for (int i=0; i<ad.count(); i++) {
            authzData[i] = new AuthorizationDataEntry(
                    ad.item(i).adType, ad.item(i).adData);
        }
        context.setAuthzData(authzData);
    }
}
 
Example 9
Source File: InitSecContextToken.java    From openjdk-8-source with GNU General Public License v2.0 4 votes vote down vote up
/**
 * For the context acceptor to call. It reads the bytes out of an
 * InputStream and constructs an InitSecContextToken with them.
 */
InitSecContextToken(Krb5Context context, Krb5AcceptCredential cred,
                           InputStream is)
    throws IOException, GSSException, KrbException  {

    int tokenId = ((is.read()<<8) | is.read());

    if (tokenId != Krb5Token.AP_REQ_ID)
        throw new GSSException(GSSException.DEFECTIVE_TOKEN, -1,
                               "AP_REQ token id does not match!");

    // XXX Modify KrbApReq cons to take an InputStream
    byte[] apReqBytes =
        new sun.security.util.DerValue(is).toByteArray();
    //debug("=====ApReqBytes: [" + getHexBytes(apReqBytes) + "]\n");

    InetAddress addr = null;
    if (context.getChannelBinding() != null) {
        addr = context.getChannelBinding().getInitiatorAddress();
    }
    apReq = new KrbApReq(apReqBytes, cred, addr);
    //debug("\nReceived AP-REQ and authenticated it.\n");

    EncryptionKey sessionKey = apReq.getCreds().getSessionKey();

    /*
      System.out.println("\n\nSession key from service ticket is: " +
      getHexBytes(sessionKey.getBytes()));
    */

    EncryptionKey subKey = apReq.getSubKey();
    if (subKey != null) {
        context.setKey(Krb5Context.INITIATOR_SUBKEY, subKey);
        /*
          System.out.println("Sub-Session key from authenticator is: " +
          getHexBytes(subKey.getBytes()) + "\n");
        */
    } else {
        context.setKey(Krb5Context.SESSION_KEY, sessionKey);
        //System.out.println("Sub-Session Key Missing in Authenticator.\n");
    }

    OverloadedChecksum gssChecksum = new OverloadedChecksum(
            context, apReq.getChecksum(), sessionKey, subKey);
    gssChecksum.setContextFlags(context);
    Credentials delegCred = gssChecksum.getDelegatedCreds();
    if (delegCred != null) {
        Krb5CredElement credElement =
            Krb5InitCredential.getInstance(
                               (Krb5NameElement)context.getSrcName(),
                               delegCred);
        context.setDelegCred(credElement);
    }

    Integer apReqSeqNumber = apReq.getSeqNumber();
    int peerSeqNumber = (apReqSeqNumber != null ?
                         apReqSeqNumber.intValue() :
                         0);
    context.resetPeerSequenceNumber(peerSeqNumber);
    if (!context.getMutualAuthState())
        // Use the same sequence number as the peer
        // (Behaviour exhibited by the Windows SSPI server)
        context.resetMySequenceNumber(peerSeqNumber);
    context.setAuthTime(
            new KerberosTime(apReq.getCreds().getAuthTime()).toString());
    context.setTktFlags(apReq.getCreds().getFlags());
    AuthorizationData ad = apReq.getCreds().getAuthzData();
    if (ad == null) {
        context.setAuthzData(null);
    } else {
        AuthorizationDataEntry[] authzData =
                new AuthorizationDataEntry[ad.count()];
        for (int i=0; i<ad.count(); i++) {
            authzData[i] = new AuthorizationDataEntry(
                    ad.item(i).adType, ad.item(i).adData);
        }
        context.setAuthzData(authzData);
    }
}
 
Example 10
Source File: InitSecContextToken.java    From openjdk-8 with GNU General Public License v2.0 4 votes vote down vote up
/**
 * For the context acceptor to call. It reads the bytes out of an
 * InputStream and constructs an InitSecContextToken with them.
 */
InitSecContextToken(Krb5Context context, Krb5AcceptCredential cred,
                           InputStream is)
    throws IOException, GSSException, KrbException  {

    int tokenId = ((is.read()<<8) | is.read());

    if (tokenId != Krb5Token.AP_REQ_ID)
        throw new GSSException(GSSException.DEFECTIVE_TOKEN, -1,
                               "AP_REQ token id does not match!");

    // XXX Modify KrbApReq cons to take an InputStream
    byte[] apReqBytes =
        new sun.security.util.DerValue(is).toByteArray();
    //debug("=====ApReqBytes: [" + getHexBytes(apReqBytes) + "]\n");

    InetAddress addr = null;
    if (context.getChannelBinding() != null) {
        addr = context.getChannelBinding().getInitiatorAddress();
    }
    apReq = new KrbApReq(apReqBytes, cred, addr);
    //debug("\nReceived AP-REQ and authenticated it.\n");

    EncryptionKey sessionKey = apReq.getCreds().getSessionKey();

    /*
      System.out.println("\n\nSession key from service ticket is: " +
      getHexBytes(sessionKey.getBytes()));
    */

    EncryptionKey subKey = apReq.getSubKey();
    if (subKey != null) {
        context.setKey(Krb5Context.INITIATOR_SUBKEY, subKey);
        /*
          System.out.println("Sub-Session key from authenticator is: " +
          getHexBytes(subKey.getBytes()) + "\n");
        */
    } else {
        context.setKey(Krb5Context.SESSION_KEY, sessionKey);
        //System.out.println("Sub-Session Key Missing in Authenticator.\n");
    }

    OverloadedChecksum gssChecksum = new OverloadedChecksum(
            context, apReq.getChecksum(), sessionKey, subKey);
    gssChecksum.setContextFlags(context);
    Credentials delegCred = gssChecksum.getDelegatedCreds();
    if (delegCred != null) {
        Krb5CredElement credElement =
            Krb5InitCredential.getInstance(
                               (Krb5NameElement)context.getSrcName(),
                               delegCred);
        context.setDelegCred(credElement);
    }

    Integer apReqSeqNumber = apReq.getSeqNumber();
    int peerSeqNumber = (apReqSeqNumber != null ?
                         apReqSeqNumber.intValue() :
                         0);
    context.resetPeerSequenceNumber(peerSeqNumber);
    if (!context.getMutualAuthState())
        // Use the same sequence number as the peer
        // (Behaviour exhibited by the Windows SSPI server)
        context.resetMySequenceNumber(peerSeqNumber);
    context.setAuthTime(
            new KerberosTime(apReq.getCreds().getAuthTime()).toString());
    context.setTktFlags(apReq.getCreds().getFlags());
    AuthorizationData ad = apReq.getCreds().getAuthzData();
    if (ad == null) {
        context.setAuthzData(null);
    } else {
        AuthorizationDataEntry[] authzData =
                new AuthorizationDataEntry[ad.count()];
        for (int i=0; i<ad.count(); i++) {
            authzData[i] = new AuthorizationDataEntry(
                    ad.item(i).adType, ad.item(i).adData);
        }
        context.setAuthzData(authzData);
    }
}
 
Example 11
Source File: InitSecContextToken.java    From jdk8u_jdk with GNU General Public License v2.0 4 votes vote down vote up
/**
 * For the context acceptor to call. It reads the bytes out of an
 * InputStream and constructs an InitSecContextToken with them.
 */
InitSecContextToken(Krb5Context context, Krb5AcceptCredential cred,
                           InputStream is)
    throws IOException, GSSException, KrbException  {

    int tokenId = ((is.read()<<8) | is.read());

    if (tokenId != Krb5Token.AP_REQ_ID)
        throw new GSSException(GSSException.DEFECTIVE_TOKEN, -1,
                               "AP_REQ token id does not match!");

    // XXX Modify KrbApReq cons to take an InputStream
    byte[] apReqBytes =
        new sun.security.util.DerValue(is).toByteArray();
    //debug("=====ApReqBytes: [" + getHexBytes(apReqBytes) + "]\n");

    InetAddress addr = null;
    if (context.getChannelBinding() != null) {
        addr = context.getChannelBinding().getInitiatorAddress();
    }
    apReq = new KrbApReq(apReqBytes, cred, addr);
    //debug("\nReceived AP-REQ and authenticated it.\n");

    EncryptionKey sessionKey = apReq.getCreds().getSessionKey();

    /*
      System.out.println("\n\nSession key from service ticket is: " +
      getHexBytes(sessionKey.getBytes()));
    */

    EncryptionKey subKey = apReq.getSubKey();
    if (subKey != null) {
        context.setKey(Krb5Context.INITIATOR_SUBKEY, subKey);
        /*
          System.out.println("Sub-Session key from authenticator is: " +
          getHexBytes(subKey.getBytes()) + "\n");
        */
    } else {
        context.setKey(Krb5Context.SESSION_KEY, sessionKey);
        //System.out.println("Sub-Session Key Missing in Authenticator.\n");
    }

    OverloadedChecksum gssChecksum = new OverloadedChecksum(
            context, apReq.getChecksum(), sessionKey, subKey);
    gssChecksum.setContextFlags(context);
    Credentials delegCred = gssChecksum.getDelegatedCreds();
    if (delegCred != null) {
        Krb5CredElement credElement =
            Krb5InitCredential.getInstance(
                               (Krb5NameElement)context.getSrcName(),
                               delegCred);
        context.setDelegCred(credElement);
    }

    Integer apReqSeqNumber = apReq.getSeqNumber();
    int peerSeqNumber = (apReqSeqNumber != null ?
                         apReqSeqNumber.intValue() :
                         0);
    context.resetPeerSequenceNumber(peerSeqNumber);
    if (!context.getMutualAuthState()) {
        context.resetMySequenceNumber(
                ACCEPTOR_USE_INITIATOR_SEQNUM
                        ? peerSeqNumber
                        : 0);
    }
    context.setAuthTime(
            new KerberosTime(apReq.getCreds().getAuthTime()).toString());
    context.setTktFlags(apReq.getCreds().getFlags());
    AuthorizationData ad = apReq.getCreds().getAuthzData();
    if (ad == null) {
        context.setAuthzData(null);
    } else {
        AuthorizationDataEntry[] authzData =
                new AuthorizationDataEntry[ad.count()];
        for (int i=0; i<ad.count(); i++) {
            authzData[i] = new AuthorizationDataEntry(
                    ad.item(i).adType, ad.item(i).adData);
        }
        context.setAuthzData(authzData);
    }
}
 
Example 12
Source File: InitSecContextToken.java    From jdk8u-jdk with GNU General Public License v2.0 4 votes vote down vote up
/**
 * For the context acceptor to call. It reads the bytes out of an
 * InputStream and constructs an InitSecContextToken with them.
 */
InitSecContextToken(Krb5Context context, Krb5AcceptCredential cred,
                           InputStream is)
    throws IOException, GSSException, KrbException  {

    int tokenId = ((is.read()<<8) | is.read());

    if (tokenId != Krb5Token.AP_REQ_ID)
        throw new GSSException(GSSException.DEFECTIVE_TOKEN, -1,
                               "AP_REQ token id does not match!");

    // XXX Modify KrbApReq cons to take an InputStream
    byte[] apReqBytes =
        new sun.security.util.DerValue(is).toByteArray();
    //debug("=====ApReqBytes: [" + getHexBytes(apReqBytes) + "]\n");

    InetAddress addr = null;
    if (context.getChannelBinding() != null) {
        addr = context.getChannelBinding().getInitiatorAddress();
    }
    apReq = new KrbApReq(apReqBytes, cred, addr);
    //debug("\nReceived AP-REQ and authenticated it.\n");

    EncryptionKey sessionKey = apReq.getCreds().getSessionKey();

    /*
      System.out.println("\n\nSession key from service ticket is: " +
      getHexBytes(sessionKey.getBytes()));
    */

    EncryptionKey subKey = apReq.getSubKey();
    if (subKey != null) {
        context.setKey(Krb5Context.INITIATOR_SUBKEY, subKey);
        /*
          System.out.println("Sub-Session key from authenticator is: " +
          getHexBytes(subKey.getBytes()) + "\n");
        */
    } else {
        context.setKey(Krb5Context.SESSION_KEY, sessionKey);
        //System.out.println("Sub-Session Key Missing in Authenticator.\n");
    }

    OverloadedChecksum gssChecksum = new OverloadedChecksum(
            context, apReq.getChecksum(), sessionKey, subKey);
    gssChecksum.setContextFlags(context);
    Credentials delegCred = gssChecksum.getDelegatedCreds();
    if (delegCred != null) {
        Krb5CredElement credElement =
            Krb5InitCredential.getInstance(
                               (Krb5NameElement)context.getSrcName(),
                               delegCred);
        context.setDelegCred(credElement);
    }

    Integer apReqSeqNumber = apReq.getSeqNumber();
    int peerSeqNumber = (apReqSeqNumber != null ?
                         apReqSeqNumber.intValue() :
                         0);
    context.resetPeerSequenceNumber(peerSeqNumber);
    if (!context.getMutualAuthState())
        // Use the same sequence number as the peer
        // (Behaviour exhibited by the Windows SSPI server)
        context.resetMySequenceNumber(peerSeqNumber);
    context.setAuthTime(
            new KerberosTime(apReq.getCreds().getAuthTime()).toString());
    context.setTktFlags(apReq.getCreds().getFlags());
    AuthorizationData ad = apReq.getCreds().getAuthzData();
    if (ad == null) {
        context.setAuthzData(null);
    } else {
        AuthorizationDataEntry[] authzData =
                new AuthorizationDataEntry[ad.count()];
        for (int i=0; i<ad.count(); i++) {
            authzData[i] = new AuthorizationDataEntry(
                    ad.item(i).adType, ad.item(i).adData);
        }
        context.setAuthzData(authzData);
    }
}
 
Example 13
Source File: InitSecContextToken.java    From jdk8u-dev-jdk with GNU General Public License v2.0 4 votes vote down vote up
/**
 * For the context acceptor to call. It reads the bytes out of an
 * InputStream and constructs an InitSecContextToken with them.
 */
InitSecContextToken(Krb5Context context, Krb5AcceptCredential cred,
                           InputStream is)
    throws IOException, GSSException, KrbException  {

    int tokenId = ((is.read()<<8) | is.read());

    if (tokenId != Krb5Token.AP_REQ_ID)
        throw new GSSException(GSSException.DEFECTIVE_TOKEN, -1,
                               "AP_REQ token id does not match!");

    // XXX Modify KrbApReq cons to take an InputStream
    byte[] apReqBytes =
        new sun.security.util.DerValue(is).toByteArray();
    //debug("=====ApReqBytes: [" + getHexBytes(apReqBytes) + "]\n");

    InetAddress addr = null;
    if (context.getChannelBinding() != null) {
        addr = context.getChannelBinding().getInitiatorAddress();
    }
    apReq = new KrbApReq(apReqBytes, cred, addr);
    //debug("\nReceived AP-REQ and authenticated it.\n");

    EncryptionKey sessionKey = apReq.getCreds().getSessionKey();

    /*
      System.out.println("\n\nSession key from service ticket is: " +
      getHexBytes(sessionKey.getBytes()));
    */

    EncryptionKey subKey = apReq.getSubKey();
    if (subKey != null) {
        context.setKey(Krb5Context.INITIATOR_SUBKEY, subKey);
        /*
          System.out.println("Sub-Session key from authenticator is: " +
          getHexBytes(subKey.getBytes()) + "\n");
        */
    } else {
        context.setKey(Krb5Context.SESSION_KEY, sessionKey);
        //System.out.println("Sub-Session Key Missing in Authenticator.\n");
    }

    OverloadedChecksum gssChecksum = new OverloadedChecksum(
            context, apReq.getChecksum(), sessionKey, subKey);
    gssChecksum.setContextFlags(context);
    Credentials delegCred = gssChecksum.getDelegatedCreds();
    if (delegCred != null) {
        Krb5CredElement credElement =
            Krb5InitCredential.getInstance(
                               (Krb5NameElement)context.getSrcName(),
                               delegCred);
        context.setDelegCred(credElement);
    }

    Integer apReqSeqNumber = apReq.getSeqNumber();
    int peerSeqNumber = (apReqSeqNumber != null ?
                         apReqSeqNumber.intValue() :
                         0);
    context.resetPeerSequenceNumber(peerSeqNumber);
    if (!context.getMutualAuthState())
        // Use the same sequence number as the peer
        // (Behaviour exhibited by the Windows SSPI server)
        context.resetMySequenceNumber(peerSeqNumber);
    context.setAuthTime(
            new KerberosTime(apReq.getCreds().getAuthTime()).toString());
    context.setTktFlags(apReq.getCreds().getFlags());
    AuthorizationData ad = apReq.getCreds().getAuthzData();
    if (ad == null) {
        context.setAuthzData(null);
    } else {
        AuthorizationDataEntry[] authzData =
                new AuthorizationDataEntry[ad.count()];
        for (int i=0; i<ad.count(); i++) {
            authzData[i] = new AuthorizationDataEntry(
                    ad.item(i).adType, ad.item(i).adData);
        }
        context.setAuthzData(authzData);
    }
}