1272 outPAs.add(new PAData(Krb5.PA_ETYPE_INFO, eid.toByteArray())); |
1272 outPAs.add(new PAData(Krb5.PA_ETYPE_INFO, eid.toByteArray())); |
1273 } |
1273 } |
1274 |
1274 |
1275 PAData[] inPAs = KDCReqDotPAData(asReq); |
1275 PAData[] inPAs = KDCReqDotPAData(asReq); |
1276 List<PAData> enc_outPAs = new ArrayList<>(); |
1276 List<PAData> enc_outPAs = new ArrayList<>(); |
1277 if (inPAs == null || inPAs.length == 0) { |
1277 |
|
1278 byte[] paEncTimestamp = null; |
|
1279 if (inPAs != null) { |
|
1280 for (PAData inPA : inPAs) { |
|
1281 if (inPA.getType() == Krb5.PA_ENC_TIMESTAMP) { |
|
1282 paEncTimestamp = inPA.getValue(); |
|
1283 } |
|
1284 } |
|
1285 } |
|
1286 |
|
1287 if (paEncTimestamp == null) { |
1278 Object preauth = options.get(Option.PREAUTH_REQUIRED); |
1288 Object preauth = options.get(Option.PREAUTH_REQUIRED); |
1279 if (preauth == null || preauth.equals(Boolean.TRUE)) { |
1289 if (preauth == null || preauth.equals(Boolean.TRUE)) { |
1280 throw new KrbException(Krb5.KDC_ERR_PREAUTH_REQUIRED); |
1290 throw new KrbException(Krb5.KDC_ERR_PREAUTH_REQUIRED); |
1281 } |
1291 } |
1282 } else { |
1292 } else { |
1283 EncryptionKey pakey = null; |
1293 EncryptionKey pakey = null; |
1284 try { |
1294 try { |
1285 EncryptedData data = newEncryptedData( |
1295 EncryptedData data = newEncryptedData( |
1286 new DerValue(inPAs[0].getValue())); |
1296 new DerValue(paEncTimestamp)); |
1287 pakey = keyForUser(body.cname, data.getEType(), false); |
1297 pakey = keyForUser(body.cname, data.getEType(), false); |
1288 data.decrypt(pakey, KeyUsage.KU_PA_ENC_TS); |
1298 data.decrypt(pakey, KeyUsage.KU_PA_ENC_TS); |
1289 } catch (Exception e) { |
1299 } catch (Exception e) { |
1290 KrbException ke = new KrbException(Krb5.KDC_ERR_PREAUTH_FAILED); |
1300 KrbException ke = new KrbException(Krb5.KDC_ERR_PREAUTH_FAILED); |
1291 ke.initCause(e); |
1301 ke.initCause(e); |