--- a/src/java.security.jgss/share/classes/sun/security/krb5/KrbTgsReq.java Thu Oct 17 20:27:44 2019 +0100
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/KrbTgsReq.java Thu Oct 17 20:53:35 2019 +0100
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -36,6 +36,7 @@
import java.io.IOException;
import java.net.UnknownHostException;
import java.time.Instant;
+import java.util.Arrays;
/**
* This class encapsulates a Kerberos TGS-REQ that is sent from the
@@ -44,7 +45,9 @@
public class KrbTgsReq {
private PrincipalName princName;
+ private PrincipalName clientAlias;
private PrincipalName servName;
+ private PrincipalName serverAlias;
private TGSReq tgsReqMessg;
private KerberosTime ctime;
private Ticket secondTicket = null;
@@ -57,59 +60,26 @@
private byte[] ibuf;
// Used in CredentialsUtil
- public KrbTgsReq(Credentials asCreds,
- PrincipalName sname)
+ public KrbTgsReq(KDCOptions options, Credentials asCreds,
+ PrincipalName cname, PrincipalName clientAlias,
+ PrincipalName sname, PrincipalName serverAlias,
+ Ticket[] additionalTickets, PAData[] extraPAs)
throws KrbException, IOException {
- this(new KDCOptions(),
- asCreds,
- sname,
- null, // KerberosTime from
- null, // KerberosTime till
- null, // KerberosTime rtime
- null, // eTypes, // null, // int[] eTypes
- null, // HostAddresses addresses
- null, // AuthorizationData authorizationData
- null, // Ticket[] additionalTickets
- null); // EncryptionKey subSessionKey
- }
-
- // S4U2proxy
- public KrbTgsReq(Credentials asCreds,
- Ticket second,
- PrincipalName sname)
- throws KrbException, IOException {
- this(KDCOptions.with(KDCOptions.CNAME_IN_ADDL_TKT,
- KDCOptions.FORWARDABLE),
- asCreds,
- sname,
- null,
- null,
- null,
- null,
- null,
- null,
- new Ticket[] {second}, // the service ticket
- null);
- }
-
- // S4U2user
- public KrbTgsReq(Credentials asCreds,
- PrincipalName sname,
- PAData extraPA)
- throws KrbException, IOException {
- this(KDCOptions.with(KDCOptions.FORWARDABLE),
- asCreds,
- asCreds.getClient(),
- sname,
- null,
- null,
- null,
- null,
- null,
- null,
- null,
- null,
- extraPA); // the PA-FOR-USER
+ this(options,
+ asCreds,
+ cname,
+ clientAlias,
+ sname,
+ serverAlias,
+ null, // KerberosTime from
+ null, // KerberosTime till
+ null, // KerberosTime rtime
+ null, // int[] eTypes
+ null, // HostAddresses addresses
+ null, // AuthorizationData authorizationData
+ additionalTickets,
+ null, // EncryptionKey subKey
+ extraPAs);
}
// Called by Credentials, KrbCred
@@ -117,6 +87,7 @@
KDCOptions options,
Credentials asCreds,
PrincipalName sname,
+ PrincipalName serverAlias,
KerberosTime from,
KerberosTime till,
KerberosTime rtime,
@@ -125,16 +96,18 @@
AuthorizationData authorizationData,
Ticket[] additionalTickets,
EncryptionKey subKey) throws KrbException, IOException {
- this(options, asCreds, asCreds.getClient(), sname,
- from, till, rtime, eTypes, addresses,
- authorizationData, additionalTickets, subKey, null);
+ this(options, asCreds, asCreds.getClient(), asCreds.getClientAlias(),
+ sname, serverAlias, from, till, rtime, eTypes,
+ addresses, authorizationData, additionalTickets, subKey, null);
}
private KrbTgsReq(
KDCOptions options,
Credentials asCreds,
PrincipalName cname,
+ PrincipalName clientAlias,
PrincipalName sname,
+ PrincipalName serverAlias,
KerberosTime from,
KerberosTime till,
KerberosTime rtime,
@@ -143,10 +116,12 @@
AuthorizationData authorizationData,
Ticket[] additionalTickets,
EncryptionKey subKey,
- PAData extraPA) throws KrbException, IOException {
+ PAData[] extraPAs) throws KrbException, IOException {
princName = cname;
+ this.clientAlias = clientAlias;
servName = sname;
+ this.serverAlias = serverAlias;
ctime = KerberosTime.now();
// check if they are valid arguments. The optional fields
@@ -216,7 +191,7 @@
authorizationData,
additionalTickets,
subKey,
- extraPA);
+ extraPAs);
obuf = tgsReqMessg.asn1Encode();
// XXX We need to revisit this to see if can't move it
@@ -282,7 +257,7 @@
AuthorizationData authorizationData,
Ticket[] additionalTickets,
EncryptionKey subKey,
- PAData extraPA)
+ PAData[] extraPAs)
throws IOException, KrbException, UnknownHostException {
KerberosTime req_till = null;
if (till == null) {
@@ -382,11 +357,14 @@
null).getMessage();
PAData tgsPAData = new PAData(Krb5.PA_TGS_REQ, tgs_ap_req);
- return new TGSReq(
- extraPA != null ?
- new PAData[] {extraPA, tgsPAData } :
- new PAData[] {tgsPAData},
- reqBody);
+ PAData[] pa;
+ if (extraPAs != null) {
+ pa = Arrays.copyOf(extraPAs, extraPAs.length + 1);
+ pa[extraPAs.length] = tgsPAData;
+ } else {
+ pa = new PAData[] {tgsPAData};
+ }
+ return new TGSReq(pa, reqBody);
}
TGSReq getMessage() {
@@ -397,6 +375,14 @@
return secondTicket;
}
+ PrincipalName getClientAlias() {
+ return clientAlias;
+ }
+
+ PrincipalName getServerAlias() {
+ return serverAlias;
+ }
+
private static void debug(String message) {
// System.err.println(">>> KrbTgsReq: " + message);
}