jdk-sandbox: jdk/src/share/classes/sun/security/krb5/KrbAsReqBuilder.java@d8ccc1c73358 (annotated)

7183 d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	1	/*
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	2	* Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	4	*
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	7	* published by the Free Software Foundation. Oracle designates this
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	8	* particular file as subject to the "Classpath" exception as provided
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	9	* by Oracle in the LICENSE file that accompanied this code.
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	10	*
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	11	* This code is distributed in the hope that it will be useful, but WITHOUT
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	12	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	13	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	14	* version 2 for more details (a copy is included in the LICENSE file that
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	15	* accompanied this code).
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	16	*
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	17	* You should have received a copy of the GNU General Public License version
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	18	* 2 along with this work; if not, write to the Free Software Foundation,
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	19	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	20	*
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	21	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	22	* or visit www.oracle.com if you need additional information or have any
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	23	* questions.
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	24	*/
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	25
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	26	package sun.security.krb5;
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	27
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	28	import java.io.IOException;
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	29	import java.util.Arrays;
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	30	import sun.security.krb5.internal.HostAddresses;
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	31	import sun.security.krb5.internal.KDCOptions;
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	32	import sun.security.krb5.internal.KRBError;
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	33	import sun.security.krb5.internal.KerberosTime;
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	34	import sun.security.krb5.internal.Krb5;
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	35	import sun.security.krb5.internal.PAData;
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	36	import sun.security.krb5.internal.crypto.EType;
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	37
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	38	/**
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	39	* A manager class for AS-REQ communications.
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	40	*
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	41	* This class does:
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	42	* 1. Gather information to create AS-REQ
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	43	* 2. Create and send AS-REQ
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	44	* 3. Receive AS-REP and KRB-ERROR (-KRB_ERR_RESPONSE_TOO_BIG) and parse them
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	45	* 4. Emit credentials and secret keys (for JAAS storeKey=true)
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	46	*
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	47	* This class does not:
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	48	* 1. Deal with real communications (KdcComm does it, and TGS-REQ)
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	49	* a. Name of KDCs for a realm
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	50	* b. Server availability, timeout, UDP or TCP
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	51	* d. KRB_ERR_RESPONSE_TOO_BIG
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	52	*
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	53	* With this class:
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	54	* 1. KrbAsReq has only one constructor
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	55	* 2. Krb5LoginModule and Kinit call a single builder
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	56	* 3. Better handling of sensitive info
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	57	*
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	58	* @since 1.7
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	59	*/
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	60
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	61	public final class KrbAsReqBuilder {
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	62
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	63	// Common data for AS-REQ fields
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	64	private KDCOptions options;
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	65	private PrincipalName cname;
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	66	private PrincipalName sname;
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	67	private KerberosTime from;
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	68	private KerberosTime till;
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	69	private KerberosTime rtime;
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	70	private HostAddresses addresses;
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	71
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	72	// Secret source: can't be changed once assigned, only one (of the two
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	73	// sources) can be set and should be non-null
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	74	private EncryptionKey[] keys;
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	75	private char[] password;
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	76
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	77	// Used to create a ENC-TIMESTAMP in the 2nd AS-REQ
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	78	private EncryptionKey pakey;
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	79	private PAData[] paList; // PA-DATA from both KRB-ERROR and AS-REP.
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	80	// Used by getKeys() only.
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	81	// Only AS-REP should be enough per RFC,
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	82	// combined in case etypes are different.
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	83
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	84	// The generated and received:
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	85	int[] eTypes;
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	86	private KrbAsReq req;
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	87	private KrbAsRep rep;
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	88
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	89	private static enum State {
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	90	INIT, // Initialized, can still add more initialization info
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	91	REQ_OK, // AS-REQ performed
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	92	DESTROYED, // Destroyed, not usable anymore
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	93	}
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	94	private State state;
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	95
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	96	// Called by other constructors
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	97	private KrbAsReqBuilder(PrincipalName cname)
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	98	throws KrbException {
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	99	if (cname.getRealm() == null) {
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	100	cname.setRealm(Config.getInstance().getDefaultRealm());
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	101	}
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	102	this.cname = cname;
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	103	state = State.INIT;
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	104	}
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	105
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	106	/**
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	107	* Creates a builder to be used by {@code cname} with existing keys.
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	108	*
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	109	* @param cname the client of the AS-REQ. Must not be null. Might have no
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	110	* realm, where default realm will be used. This realm will be the target
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	111	* realm for AS-REQ. I believe a client should only get initial TGT from
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	112	* its own realm.
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	113	* @param keys must not be null. if empty, might be quite useless.
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	114	* This argument will neither be modified nor stored by the method.
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	115	* @throws KrbException
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	116	*/
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	117	public KrbAsReqBuilder(PrincipalName cname, EncryptionKey[] keys)
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	118	throws KrbException {
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	119	this(cname);
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	120	this.keys = new EncryptionKey[keys.length];
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	121	for (int i=0; i<keys.length; i++) {
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	122	this.keys[i] = (EncryptionKey)keys[i].clone();
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	123	}
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	124	eTypes = EType.getDefaults("default_tkt_enctypes", keys);
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	125	}
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	126
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	127	/**
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	128	* Creates a builder to be used by {@code cname} with a known password.
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	129	*
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	130	* @param cname the client of the AS-REQ. Must not be null. Might have no
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	131	* realm, where default realm will be used. This realm will be the target
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	132	* realm for AS-REQ. I believe a client should only get initial TGT from
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	133	* its own realm.
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	134	* @param pass must not be null. This argument will neither be modified
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	135	* nor stored by the method.
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	136	* @throws KrbException
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	137	*/
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	138	public KrbAsReqBuilder(PrincipalName cname, char[] pass)
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	139	throws KrbException {
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	140	this(cname);
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	141	this.password = pass.clone();
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	142	eTypes = EType.getDefaults("default_tkt_enctypes");
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	143	}
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	144
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	145	/**
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	146	* Retrieves an array of secret keys for the client. This is useful if
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	147	* the client supplies password but need keys to act as an acceptor
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	148	* (in JAAS words, isInitiator=true and storeKey=true)
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	149	* @return original keys if initiated with keys, or generated keys if
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	150	* password. In latter case, PA-DATA from server might be used to
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	151	* generate keys. All "default_tkt_enctypes" keys will be generated,
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	152	* Never null.
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	153	* @throws KrbException
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	154	*/
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	155	public EncryptionKey[] getKeys() throws KrbException {
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	156	checkState(State.REQ_OK, "Cannot get keys");
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	157	if (keys != null) {
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	158	EncryptionKey[] result = new EncryptionKey[keys.length];
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	159	for (int i=0; i<keys.length; i++) {
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	160	result[i] = (EncryptionKey)keys[i].clone();
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	161	}
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	162	return result;
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	163	} else {
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	164	EncryptionKey[] result = new EncryptionKey[eTypes.length];
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	165
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	166	/*
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	167	* Returns an array of keys. Before KrbAsReqBuilder, all etypes
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	168	* use the same salt which is either the default one or a new salt
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	169	* coming from PA-DATA. After KrbAsReqBuilder, each etype uses its
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	170	* own new salt from PA-DATA. For an etype with no PA-DATA new salt
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	171	* at all, what salt should it use?
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	172	*
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	173	* Commonly, the stored keys are only to be used by an acceptor to
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	174	* decrypt service ticket in AP-REQ. Most impls only allow keys
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	175	* from a keytab on acceptor, but unfortunately (?) Java supports
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	176	* acceptor using password. In this case, if the service ticket is
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	177	* encrypted using an etype which we don't have PA-DATA new salt,
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	178	* using the default salt is normally wrong (say, case-insensitive
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	179	* user name). Instead, we would use the new salt of another etype.
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	180	*/
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	181
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	182	String salt = null; // the saved new salt
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	183	for (int i=0; i<eTypes.length; i++) {
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	184	PAData.SaltAndParams snp =
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	185	PAData.getSaltAndParams(eTypes[i], paList);
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	186	// First round, only calculate those with new salt
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	187	if (snp.salt != null) {
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	188	salt = snp.salt;
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	189	result[i] = EncryptionKey.acquireSecretKey(password,
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	190	snp.salt,
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	191	eTypes[i],
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	192	snp.params);
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	193	}
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	194	}
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	195	if (salt == null) salt = cname.getSalt();
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	196	for (int i=0; i<eTypes.length; i++) {
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	197	// Second round, calculate those with no new salt
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	198	if (result[i] == null) {
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	199	PAData.SaltAndParams snp =
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	200	PAData.getSaltAndParams(eTypes[i], paList);
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	201	result[i] = EncryptionKey.acquireSecretKey(password,
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	202	salt,
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	203	eTypes[i],
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	204	snp.params);
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	205	}
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	206	}
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	207	return result;
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	208	}
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	209	}
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	210
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	211	/**
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	212	* Sets or clears options. If cleared, default options will be used
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	213	* at creation time.
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	214	* @param options
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	215	*/
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	216	public void setOptions(KDCOptions options) {
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	217	checkState(State.INIT, "Cannot specify options");
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	218	this.options = options;
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	219	}
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	220
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	221	/**
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	222	* Sets or clears target. If cleared, KrbAsReq might choose krbtgt
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	223	* for cname realm
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	224	* @param sname
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	225	*/
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	226	public void setTarget(PrincipalName sname) {
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	227	checkState(State.INIT, "Cannot specify target");
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	228	this.sname = sname;
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	229	}
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	230
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	231	/**
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	232	* Adds or clears addresses. KrbAsReq might add some if empty
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	233	* field not allowed
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	234	* @param addresses
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	235	*/
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	236	public void setAddresses(HostAddresses addresses) {
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	237	checkState(State.INIT, "Cannot specify addresses");
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	238	this.addresses = addresses;
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	239	}
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	240
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	241	/**
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	242	* Build a KrbAsReq object from all info fed above. Normally this method
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	243	* will be called twice: initial AS-REQ and second with pakey
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	244	* @return the KrbAsReq object
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	245	* @throws KrbException
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	246	* @throws IOException
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	247	*/
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	248	private KrbAsReq build() throws KrbException, IOException {
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	249	return new KrbAsReq(pakey,
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	250	options,
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	251	cname,
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	252	sname,
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	253	from,
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	254	till,
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	255	rtime,
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	256	eTypes,
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	257	addresses);
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	258	}
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	259
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	260	/**
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	261	* Parses AS-REP, decrypts enc-part, retrieves ticket and session key
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	262	* @throws KrbException
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	263	* @throws Asn1Exception
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	264	* @throws IOException
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	265	*/
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	266	private KrbAsReqBuilder resolve() throws KrbException, Asn1Exception, IOException {
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	267	if (keys != null) {
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	268	rep.decryptUsingKeys(keys, req);
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	269	} else {
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	270	rep.decryptUsingPassword(password, req, cname);
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	271	}
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	272	if (rep.getPA() != null) {
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	273	if (paList == null \|\| paList.length == 0) {
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	274	paList = rep.getPA();
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	275	} else {
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	276	int extraLen = rep.getPA().length;
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	277	if (extraLen > 0) {
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	278	int oldLen = paList.length;
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	279	paList = Arrays.copyOf(paList, paList.length + extraLen);
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	280	System.arraycopy(rep.getPA(), 0, paList, oldLen, extraLen);
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	281	}
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	282	}
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	283	}
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	284	return this;
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	285	}
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	286
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	287	/**
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	288	* Communication until AS-REP or non preauth-related KRB-ERROR received
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	289	* @throws KrbException
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	290	* @throws IOException
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	291	*/
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	292	private KrbAsReqBuilder send() throws KrbException, IOException {
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	293	boolean preAuthFailedOnce = false;
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	294	KdcComm comm = new KdcComm(cname.getRealmAsString());
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	295	while (true) {
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	296	try {
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	297	req = build();
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	298	rep = new KrbAsRep(comm.send(req.encoding()));
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	299	return this;
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	300	} catch (KrbException ke) {
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	301	if (!preAuthFailedOnce && (
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	302	ke.returnCode() == Krb5.KDC_ERR_PREAUTH_FAILED \|\|
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	303	ke.returnCode() == Krb5.KDC_ERR_PREAUTH_REQUIRED)) {
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	304	if (Krb5.DEBUG) {
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	305	System.out.println("KrbAsReqBuilder: " +
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	306	"PREAUTH FAILED/REQ, re-send AS-REQ");
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	307	}
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	308	preAuthFailedOnce = true;
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	309	KRBError kerr = ke.getError();
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	310	if (password == null) {
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	311	pakey = EncryptionKey.findKey(kerr.getEType(), keys);
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	312	} else {
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	313	PAData.SaltAndParams snp = PAData.getSaltAndParams(
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	314	kerr.getEType(), kerr.getPA());
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	315	if (kerr.getEType() == 0) {
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	316	// Possible if PA-PW-SALT is in KRB-ERROR. RFC
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	317	// does not recommend this
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	318	pakey = EncryptionKey.acquireSecretKey(password,
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	319	snp.salt == null ? cname.getSalt() : snp.salt,
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	320	eTypes[0],
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	321	null);
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	322	} else {
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	323	pakey = EncryptionKey.acquireSecretKey(password,
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	324	snp.salt == null ? cname.getSalt() : snp.salt,
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	325	kerr.getEType(),
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	326	snp.params);
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	327	}
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	328	}
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	329	paList = kerr.getPA(); // Update current paList
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	330	} else {
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	331	throw ke;
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	332	}
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	333	}
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	334	}
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	335	}
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	336
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	337	/**
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	338	* Performs AS-REQ send and AS-REP receive.
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	339	* Maybe a state is needed here, to divide prepare process and getCreds.
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	340	* @throws KrbException
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	341	* @throws Asn1Exception
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	342	* @throws IOException
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	343	*/
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	344	public KrbAsReqBuilder action()
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	345	throws KrbException, Asn1Exception, IOException {
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	346	checkState(State.INIT, "Cannot call action");
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	347	state = State.REQ_OK;
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	348	return send().resolve();
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	349	}
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	350
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	351	/**
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	352	* Gets Credentials object after action
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	353	*/
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	354	public Credentials getCreds() {
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	355	checkState(State.REQ_OK, "Cannot retrieve creds");
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	356	return rep.getCreds();
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	357	}
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	358
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	359	/**
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	360	* Gets another type of Credentials after action
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	361	*/
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	362	public sun.security.krb5.internal.ccache.Credentials getCCreds() {
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	363	checkState(State.REQ_OK, "Cannot retrieve CCreds");
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	364	return rep.getCCreds();
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	365	}
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	366
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	367	/**
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	368	* Destroys the object and clears keys and password info.
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	369	*/
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	370	public void destroy() {
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	371	state = State.DESTROYED;
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	372	if (keys != null) {
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	373	for (EncryptionKey k: keys) {
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	374	k.destroy();
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	375	}
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	376	keys = null;
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	377	}
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	378	if (password != null) {
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	379	Arrays.fill(password, (char)0);
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	380	password = null;
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	381	}
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	382	}
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	383
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	384	/**
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	385	* Checks if the current state is the specified one.
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	386	* @param st the expected state
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	387	* @param msg error message if state is not correct
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	388	* @throws IllegalStateException if state is not correct
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	389	*/
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	390	private void checkState(State st, String msg) {
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	391	if (state != st) {
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	392	throw new IllegalStateException(msg + " at " + st + " state");
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	393	}
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	394	}
d8ccc1c73358 6960894: Better AS-REQ creation and processing weijun parents: diff changeset	395	}

author	weijun
	Fri, 12 Nov 2010 21:33:14 +0800
changeset 7183	d8ccc1c73358
child 9499	f3115698a012
permissions	-rw-r--r--