2
|
1 |
/*
|
|
2 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
|
3 |
*
|
|
4 |
* This code is free software; you can redistribute it and/or modify it
|
|
5 |
* under the terms of the GNU General Public License version 2 only, as
|
|
6 |
* published by the Free Software Foundation. Sun designates this
|
|
7 |
* particular file as subject to the "Classpath" exception as provided
|
|
8 |
* by Sun in the LICENSE file that accompanied this code.
|
|
9 |
*
|
|
10 |
* This code is distributed in the hope that it will be useful, but WITHOUT
|
|
11 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
12 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
13 |
* version 2 for more details (a copy is included in the LICENSE file that
|
|
14 |
* accompanied this code).
|
|
15 |
*
|
|
16 |
* You should have received a copy of the GNU General Public License version
|
|
17 |
* 2 along with this work; if not, write to the Free Software Foundation,
|
|
18 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
19 |
*
|
|
20 |
* Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
|
|
21 |
* CA 95054 USA or visit www.sun.com if you need additional information or
|
|
22 |
* have any questions.
|
|
23 |
*/
|
|
24 |
|
|
25 |
/*
|
|
26 |
*
|
|
27 |
* (C) Copyright IBM Corp. 1999 All Rights Reserved.
|
|
28 |
* Copyright 1997 The Open Group Research Institute. All rights reserved.
|
|
29 |
*/
|
|
30 |
|
|
31 |
package sun.security.krb5.internal.ccache;
|
|
32 |
|
|
33 |
import sun.security.krb5.*;
|
|
34 |
import sun.security.krb5.internal.*;
|
|
35 |
|
|
36 |
public class Credentials {
|
73
|
37 |
|
|
38 |
PrincipalName cname;
|
|
39 |
Realm crealm;
|
2
|
40 |
PrincipalName sname;
|
73
|
41 |
Realm srealm;
|
|
42 |
EncryptionKey key;
|
|
43 |
KerberosTime authtime;
|
|
44 |
KerberosTime starttime;//optional
|
|
45 |
KerberosTime endtime;
|
|
46 |
KerberosTime renewTill; //optional
|
|
47 |
HostAddresses caddr; //optional; for proxied tickets only
|
2
|
48 |
AuthorizationData authorizationData; //optional, not being actually used
|
|
49 |
public boolean isEncInSKey; // true if ticket is encrypted in another ticket's skey
|
73
|
50 |
TicketFlags flags;
|
2
|
51 |
Ticket ticket;
|
73
|
52 |
Ticket secondTicket; //optional
|
|
53 |
private boolean DEBUG = Krb5.DEBUG;
|
2
|
54 |
|
73
|
55 |
public Credentials(
|
|
56 |
PrincipalName new_cname,
|
|
57 |
PrincipalName new_sname,
|
|
58 |
EncryptionKey new_key,
|
|
59 |
KerberosTime new_authtime,
|
|
60 |
KerberosTime new_starttime,
|
|
61 |
KerberosTime new_endtime,
|
|
62 |
KerberosTime new_renewTill,
|
|
63 |
boolean new_isEncInSKey,
|
|
64 |
TicketFlags new_flags,
|
|
65 |
HostAddresses new_caddr,
|
|
66 |
AuthorizationData new_authData,
|
|
67 |
Ticket new_ticket,
|
|
68 |
Ticket new_secondTicket) {
|
|
69 |
cname = (PrincipalName) new_cname.clone();
|
|
70 |
if (new_cname.getRealm() != null) {
|
|
71 |
crealm = (Realm) new_cname.getRealm().clone();
|
|
72 |
}
|
2
|
73 |
|
73
|
74 |
sname = (PrincipalName) new_sname.clone();
|
|
75 |
if (new_sname.getRealm() != null) {
|
|
76 |
srealm = (Realm) new_sname.getRealm().clone();
|
|
77 |
}
|
|
78 |
|
|
79 |
key = (EncryptionKey) new_key.clone();
|
2
|
80 |
|
73
|
81 |
authtime = (KerberosTime) new_authtime.clone();
|
|
82 |
starttime = (KerberosTime) new_starttime.clone();
|
|
83 |
endtime = (KerberosTime) new_endtime.clone();
|
|
84 |
renewTill = (KerberosTime) new_renewTill.clone();
|
|
85 |
if (new_caddr != null) {
|
|
86 |
caddr = (HostAddresses) new_caddr.clone();
|
|
87 |
}
|
|
88 |
if (new_authData != null) {
|
|
89 |
authorizationData = (AuthorizationData) new_authData.clone();
|
2
|
90 |
}
|
|
91 |
|
73
|
92 |
isEncInSKey = new_isEncInSKey;
|
|
93 |
flags = (TicketFlags) new_flags.clone();
|
|
94 |
ticket = (Ticket) (new_ticket.clone());
|
|
95 |
if (new_secondTicket != null) {
|
|
96 |
secondTicket = (Ticket) new_secondTicket.clone();
|
|
97 |
}
|
|
98 |
}
|
2
|
99 |
|
73
|
100 |
public Credentials(
|
|
101 |
KDCRep kdcRep,
|
|
102 |
Ticket new_secondTicket,
|
|
103 |
AuthorizationData new_authorizationData,
|
|
104 |
boolean new_isEncInSKey) {
|
|
105 |
if (kdcRep.encKDCRepPart == null) //can't store while encrypted
|
|
106 |
{
|
|
107 |
return;
|
2
|
108 |
}
|
73
|
109 |
crealm = (Realm) kdcRep.crealm.clone();
|
|
110 |
cname = (PrincipalName) kdcRep.cname.clone();
|
|
111 |
ticket = (Ticket) kdcRep.ticket.clone();
|
|
112 |
key = (EncryptionKey) kdcRep.encKDCRepPart.key.clone();
|
|
113 |
flags = (TicketFlags) kdcRep.encKDCRepPart.flags.clone();
|
|
114 |
authtime = (KerberosTime) kdcRep.encKDCRepPart.authtime.clone();
|
|
115 |
starttime = (KerberosTime) kdcRep.encKDCRepPart.starttime.clone();
|
|
116 |
endtime = (KerberosTime) kdcRep.encKDCRepPart.endtime.clone();
|
|
117 |
renewTill = (KerberosTime) kdcRep.encKDCRepPart.renewTill.clone();
|
|
118 |
srealm = (Realm) kdcRep.encKDCRepPart.srealm.clone();
|
|
119 |
sname = (PrincipalName) kdcRep.encKDCRepPart.sname.clone();
|
|
120 |
caddr = (HostAddresses) kdcRep.encKDCRepPart.caddr.clone();
|
|
121 |
secondTicket = (Ticket) new_secondTicket.clone();
|
|
122 |
authorizationData =
|
|
123 |
(AuthorizationData) new_authorizationData.clone();
|
|
124 |
isEncInSKey = new_isEncInSKey;
|
|
125 |
}
|
2
|
126 |
|
73
|
127 |
public Credentials(KDCRep kdcRep) {
|
|
128 |
this(kdcRep, null);
|
|
129 |
}
|
2
|
130 |
|
73
|
131 |
public Credentials(KDCRep kdcRep, Ticket new_ticket) {
|
|
132 |
sname = (PrincipalName) kdcRep.encKDCRepPart.sname.clone();
|
|
133 |
srealm = (Realm) kdcRep.encKDCRepPart.srealm.clone();
|
|
134 |
try {
|
|
135 |
sname.setRealm(srealm);
|
|
136 |
} catch (RealmException e) {
|
|
137 |
}
|
|
138 |
cname = (PrincipalName) kdcRep.cname.clone();
|
|
139 |
crealm = (Realm) kdcRep.crealm.clone();
|
|
140 |
try {
|
|
141 |
cname.setRealm(crealm);
|
|
142 |
} catch (RealmException e) {
|
|
143 |
}
|
|
144 |
key = (EncryptionKey) kdcRep.encKDCRepPart.key.clone();
|
|
145 |
authtime = (KerberosTime) kdcRep.encKDCRepPart.authtime.clone();
|
|
146 |
if (kdcRep.encKDCRepPart.starttime != null) {
|
|
147 |
starttime = (KerberosTime) kdcRep.encKDCRepPart.starttime.clone();
|
|
148 |
} else {
|
|
149 |
starttime = null;
|
|
150 |
}
|
|
151 |
endtime = (KerberosTime) kdcRep.encKDCRepPart.endtime.clone();
|
|
152 |
if (kdcRep.encKDCRepPart.renewTill != null) {
|
|
153 |
renewTill = (KerberosTime) kdcRep.encKDCRepPart.renewTill.clone();
|
|
154 |
} else {
|
|
155 |
renewTill = null;
|
|
156 |
}
|
|
157 |
// if (kdcRep.msgType == Krb5.KRB_AS_REP) {
|
|
158 |
// isEncInSKey = false;
|
|
159 |
// secondTicket = null;
|
|
160 |
// }
|
|
161 |
flags = kdcRep.encKDCRepPart.flags;
|
|
162 |
if (kdcRep.encKDCRepPart.caddr != null) {
|
|
163 |
caddr = (HostAddresses) kdcRep.encKDCRepPart.caddr.clone();
|
|
164 |
} else {
|
|
165 |
caddr = null;
|
2
|
166 |
}
|
73
|
167 |
ticket = (Ticket) kdcRep.ticket.clone();
|
|
168 |
if (new_ticket != null) {
|
|
169 |
secondTicket = (Ticket) new_ticket.clone();
|
|
170 |
isEncInSKey = true;
|
|
171 |
} else {
|
|
172 |
secondTicket = null;
|
|
173 |
isEncInSKey = false;
|
|
174 |
}
|
|
175 |
}
|
2
|
176 |
|
73
|
177 |
/**
|
|
178 |
* Checks if this credential is expired
|
|
179 |
*/
|
|
180 |
public boolean isValid() {
|
|
181 |
boolean valid = true;
|
|
182 |
if (endtime.getTime() < System.currentTimeMillis()) {
|
|
183 |
valid = false;
|
|
184 |
} else if ((starttime.getTime() > System.currentTimeMillis())
|
|
185 |
|| ((starttime == null) && (authtime.getTime() > System.currentTimeMillis()))) {
|
|
186 |
valid = false;
|
2
|
187 |
}
|
73
|
188 |
return valid;
|
|
189 |
}
|
2
|
190 |
|
73
|
191 |
public PrincipalName getServicePrincipal() throws RealmException {
|
|
192 |
if (sname.getRealm() == null) {
|
|
193 |
sname.setRealm(srealm);
|
2
|
194 |
}
|
73
|
195 |
return sname;
|
|
196 |
}
|
2
|
197 |
|
73
|
198 |
public sun.security.krb5.Credentials setKrbCreds() {
|
|
199 |
return new sun.security.krb5.Credentials(ticket,
|
|
200 |
cname, sname, key, flags, authtime, starttime, endtime, renewTill, caddr);
|
|
201 |
}
|
2
|
202 |
|
|
203 |
public KerberosTime getAuthTime() {
|
|
204 |
return authtime;
|
|
205 |
}
|
|
206 |
|
|
207 |
public KerberosTime getEndTime() {
|
|
208 |
return endtime;
|
|
209 |
}
|
|
210 |
|
|
211 |
public TicketFlags getTicketFlags() {
|
|
212 |
return flags;
|
|
213 |
}
|
|
214 |
|
|
215 |
public int getEType() {
|
|
216 |
return key.getEType();
|
|
217 |
}
|
|
218 |
}
|