1 /* |
1 /* |
2 * Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved. |
2 * Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 * |
4 * |
5 * This code is free software; you can redistribute it and/or modify it |
5 * This code is free software; you can redistribute it and/or modify it |
6 * under the terms of the GNU General Public License version 2 only, as |
6 * under the terms of the GNU General Public License version 2 only, as |
7 * published by the Free Software Foundation. Oracle designates this |
7 * published by the Free Software Foundation. Oracle designates this |
57 private Credentials krb5Credentials; |
57 private Credentials krb5Credentials; |
58 |
58 |
59 private Krb5InitCredential(Krb5NameElement name, |
59 private Krb5InitCredential(Krb5NameElement name, |
60 byte[] asn1Encoding, |
60 byte[] asn1Encoding, |
61 KerberosPrincipal client, |
61 KerberosPrincipal client, |
|
62 KerberosPrincipal clientAlias, |
62 KerberosPrincipal server, |
63 KerberosPrincipal server, |
|
64 KerberosPrincipal serverAlias, |
63 byte[] sessionKey, |
65 byte[] sessionKey, |
64 int keyType, |
66 int keyType, |
65 boolean[] flags, |
67 boolean[] flags, |
66 Date authTime, |
68 Date authTime, |
67 Date startTime, |
69 Date startTime, |
78 authTime, |
80 authTime, |
79 startTime, |
81 startTime, |
80 endTime, |
82 endTime, |
81 renewTill, |
83 renewTill, |
82 clientAddresses); |
84 clientAddresses); |
83 |
85 KerberosSecrets.getJavaxSecurityAuthKerberosAccess() |
|
86 .kerberosTicketSetClientAlias(this, clientAlias); |
|
87 KerberosSecrets.getJavaxSecurityAuthKerberosAccess() |
|
88 .kerberosTicketSetServerAlias(this, serverAlias); |
84 this.name = name; |
89 this.name = name; |
85 |
90 |
86 try { |
91 try { |
87 // Cache this for later use by the sun.security.krb5 package. |
92 // Cache this for later use by the sun.security.krb5 package. |
88 krb5Credentials = new Credentials(asn1Encoding, |
93 krb5Credentials = new Credentials(asn1Encoding, |
89 client.getName(), |
94 client.getName(), |
|
95 (clientAlias != null ? |
|
96 clientAlias.getName() : null), |
90 server.getName(), |
97 server.getName(), |
|
98 (serverAlias != null ? |
|
99 serverAlias.getName() : null), |
91 sessionKey, |
100 sessionKey, |
92 keyType, |
101 keyType, |
93 flags, |
102 flags, |
94 authTime, |
103 authTime, |
95 startTime, |
104 startTime, |
108 |
117 |
109 private Krb5InitCredential(Krb5NameElement name, |
118 private Krb5InitCredential(Krb5NameElement name, |
110 Credentials delegatedCred, |
119 Credentials delegatedCred, |
111 byte[] asn1Encoding, |
120 byte[] asn1Encoding, |
112 KerberosPrincipal client, |
121 KerberosPrincipal client, |
|
122 KerberosPrincipal clientAlias, |
113 KerberosPrincipal server, |
123 KerberosPrincipal server, |
|
124 KerberosPrincipal serverAlias, |
114 byte[] sessionKey, |
125 byte[] sessionKey, |
115 int keyType, |
126 int keyType, |
116 boolean[] flags, |
127 boolean[] flags, |
117 Date authTime, |
128 Date authTime, |
118 Date startTime, |
129 Date startTime, |
151 String fullName = tgt.getClient().getName(); |
165 String fullName = tgt.getClient().getName(); |
152 name = Krb5NameElement.getInstance(fullName, |
166 name = Krb5NameElement.getInstance(fullName, |
153 Krb5MechFactory.NT_GSS_KRB5_PRINCIPAL); |
167 Krb5MechFactory.NT_GSS_KRB5_PRINCIPAL); |
154 } |
168 } |
155 |
169 |
|
170 KerberosPrincipal clientAlias = KerberosSecrets |
|
171 .getJavaxSecurityAuthKerberosAccess() |
|
172 .kerberosTicketGetClientAlias(tgt); |
|
173 KerberosPrincipal serverAlias = KerberosSecrets |
|
174 .getJavaxSecurityAuthKerberosAccess() |
|
175 .kerberosTicketGetServerAlias(tgt); |
156 return new Krb5InitCredential(name, |
176 return new Krb5InitCredential(name, |
157 tgt.getEncoded(), |
177 tgt.getEncoded(), |
158 tgt.getClient(), |
178 tgt.getClient(), |
|
179 clientAlias, |
159 tgt.getServer(), |
180 tgt.getServer(), |
|
181 serverAlias, |
160 tgt.getSessionKey().getEncoded(), |
182 tgt.getSessionKey().getEncoded(), |
161 tgt.getSessionKeyType(), |
183 tgt.getSessionKeyType(), |
162 tgt.getFlags(), |
184 tgt.getFlags(), |
163 tgt.getAuthTime(), |
185 tgt.getAuthTime(), |
164 tgt.getStartTime(), |
186 tgt.getStartTime(), |
177 * all of the following data is optional in a KRB-CRED |
199 * all of the following data is optional in a KRB-CRED |
178 * messages. This check for each field. |
200 * messages. This check for each field. |
179 */ |
201 */ |
180 |
202 |
181 PrincipalName cPrinc = delegatedCred.getClient(); |
203 PrincipalName cPrinc = delegatedCred.getClient(); |
|
204 PrincipalName cAPrinc = delegatedCred.getClientAlias(); |
182 PrincipalName sPrinc = delegatedCred.getServer(); |
205 PrincipalName sPrinc = delegatedCred.getServer(); |
|
206 PrincipalName sAPrinc = delegatedCred.getServerAlias(); |
183 |
207 |
184 KerberosPrincipal client = null; |
208 KerberosPrincipal client = null; |
|
209 KerberosPrincipal clientAlias = null; |
185 KerberosPrincipal server = null; |
210 KerberosPrincipal server = null; |
|
211 KerberosPrincipal serverAlias = null; |
186 |
212 |
187 Krb5NameElement credName = null; |
213 Krb5NameElement credName = null; |
188 |
214 |
189 if (cPrinc != null) { |
215 if (cPrinc != null) { |
190 String fullName = cPrinc.getName(); |
216 String fullName = cPrinc.getName(); |
191 credName = Krb5NameElement.getInstance(fullName, |
217 credName = Krb5NameElement.getInstance(fullName, |
192 Krb5MechFactory.NT_GSS_KRB5_PRINCIPAL); |
218 Krb5MechFactory.NT_GSS_KRB5_PRINCIPAL); |
193 client = new KerberosPrincipal(fullName); |
219 client = new KerberosPrincipal(fullName); |
194 } |
220 } |
195 |
221 |
|
222 if (cAPrinc != null) { |
|
223 clientAlias = new KerberosPrincipal(cAPrinc.getName()); |
|
224 } |
|
225 |
196 // XXX Compare name to credName |
226 // XXX Compare name to credName |
197 |
227 |
198 if (sPrinc != null) { |
228 if (sPrinc != null) { |
199 server = |
229 server = |
200 new KerberosPrincipal(sPrinc.getName(), |
230 new KerberosPrincipal(sPrinc.getName(), |
201 KerberosPrincipal.KRB_NT_SRV_INST); |
231 KerberosPrincipal.KRB_NT_SRV_INST); |
202 } |
232 } |
203 |
233 |
|
234 if (sAPrinc != null) { |
|
235 serverAlias = new KerberosPrincipal(sAPrinc.getName()); |
|
236 } |
|
237 |
204 return new Krb5InitCredential(credName, |
238 return new Krb5InitCredential(credName, |
205 delegatedCred, |
239 delegatedCred, |
206 delegatedCred.getEncoded(), |
240 delegatedCred.getEncoded(), |
207 client, |
241 client, |
|
242 clientAlias, |
208 server, |
243 server, |
|
244 serverAlias, |
209 sessionKey.getBytes(), |
245 sessionKey.getBytes(), |
210 sessionKey.getEType(), |
246 sessionKey.getEType(), |
211 delegatedCred.getFlags(), |
247 delegatedCred.getFlags(), |
212 delegatedCred.getAuthTime(), |
248 delegatedCred.getAuthTime(), |
213 delegatedCred.getStartTime(), |
249 delegatedCred.getStartTime(), |