Back to index...

	/*
	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
	*
	* This code is free software; you can redistribute it and/or modify it
	* under the terms of the GNU General Public License version 2 only, as
	* published by the Free Software Foundation. Oracle designates this
	* particular file as subject to the "Classpath" exception as provided
	* by Oracle in the LICENSE file that accompanied this code.
	*
	* This code is distributed in the hope that it will be useful, but WITHOUT
	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
	* version 2 for more details (a copy is included in the LICENSE file that
	* accompanied this code).
	*
	* You should have received a copy of the GNU General Public License version
	* 2 along with this work; if not, write to the Free Software Foundation,
	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
	*
	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
	* or visit www.oracle.com if you need additional information or have any
	* questions.
	*/

	/*
	*
	* (C) Copyright IBM Corp. 1999 All Rights Reserved.
	* Copyright 1997 The Open Group Research Institute. All rights reserved.
	*/

	package sun.security.krb5.internal;

	import sun.security.krb5.*;
	import sun.security.util.*;
	import java.util.Vector;
	import java.io.IOException;
	import java.math.BigInteger;

	/**
	* Implements the ASN.1 KDC-REQ-BODY type.
	*
	* <pre>{@code
	* KDC-REQ-BODY ::= SEQUENCE {
	* kdc-options [0] KDCOptions,
	* cname [1] PrincipalName OPTIONAL
	* -- Used only in AS-REQ --,
	* realm [2] Realm
	* -- Server's realm
	* -- Also client's in AS-REQ --,
	* sname [3] PrincipalName OPTIONAL,
	* from [4] KerberosTime OPTIONAL,
	* till [5] KerberosTime,
	* rtime [6] KerberosTime OPTIONAL,
	* nonce [7] UInt32,
	* etype [8] SEQUENCE OF Int32 -- EncryptionType
	* -- in preference order --,
	* addresses [9] HostAddresses OPTIONAL,
	* enc-authorization-data [10] EncryptedData OPTIONAL
	* -- AuthorizationData --,
	* additional-tickets [11] SEQUENCE OF Ticket OPTIONAL
	* -- NOTE: not empty
	* }
	* }</pre>
	*
	* <p>
	* This definition reflects the Network Working Group RFC 4120
	* specification available at
	* <a href="http://www.ietf.org/rfc/rfc4120.txt">
	* http://www.ietf.org/rfc/rfc4120.txt</a>.
	*/

	public class KDCReqBody {
	public KDCOptions kdcOptions;
	public PrincipalName cname; //optional in ASReq only
	public PrincipalName sname; //optional
	public KerberosTime from; //optional
	public KerberosTime till;
	public KerberosTime rtime; //optional
	public HostAddresses addresses; //optional

	private int nonce;
	private int[] eType = null; //a sequence; not optional
	private EncryptedData encAuthorizationData; //optional
	private Ticket[] additionalTickets; //optional

	public KDCReqBody(
	KDCOptions new_kdcOptions,
	PrincipalName new_cname, //optional in ASReq only
	PrincipalName new_sname, //optional
	KerberosTime new_from, //optional
	KerberosTime new_till,
	KerberosTime new_rtime, //optional
	int new_nonce,
	int[] new_eType, //a sequence; not optional
	HostAddresses new_addresses, //optional
	EncryptedData new_encAuthorizationData, //optional
	Ticket[] new_additionalTickets //optional
	) throws IOException {
	kdcOptions = new_kdcOptions;
	cname = new_cname;
	sname = new_sname;
	from = new_from;
	till = new_till;
	rtime = new_rtime;
	nonce = new_nonce;
	if (new_eType != null) {
	eType = new_eType.clone();
	}
	addresses = new_addresses;
	encAuthorizationData = new_encAuthorizationData;
	if (new_additionalTickets != null) {
	additionalTickets = new Ticket[new_additionalTickets.length];
	for (int i = 0; i < new_additionalTickets.length; i++) {
	if (new_additionalTickets[i] == null) {
	throw new IOException("Cannot create a KDCReqBody");
	} else {
	additionalTickets[i] = (Ticket)new_additionalTickets[i].clone();
	}
	}
	}
	}

	/**
	* Constructs a KDCReqBody object.
	* @param encoding a DER-encoded data.
	* @param msgType an int indicating whether it's KRB_AS_REQ or KRB_TGS_REQ type.
	* @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
	* @exception IOException if an I/O error occurs while reading encoded data.
	* @exception RealmException if an error occurs while constructing a Realm object from the encoded data.
	*
	*/
	public KDCReqBody(DerValue encoding, int msgType)
	throws Asn1Exception, RealmException, KrbException, IOException {
	DerValue der, subDer;
	addresses = null;
	encAuthorizationData = null;
	additionalTickets = null;
	if (encoding.getTag() != DerValue.tag_Sequence) {
	throw new Asn1Exception(Krb5.ASN1_BAD_ID);
	}
	kdcOptions = KDCOptions.parse(encoding.getData(), (byte)0x00, false);

	// cname only appears in AS-REQ and it shares the realm field with
	// sname. This is the only place where realm comes after the name.
	// We first give cname a fake realm and reassign it the correct
	// realm after the realm field is read.
	cname = PrincipalName.parse(encoding.getData(), (byte)0x01, true,
	new Realm("PLACEHOLDER"));
	if ((msgType != Krb5.KRB_AS_REQ) && (cname != null)) {
	throw new Asn1Exception(Krb5.ASN1_BAD_ID);
	}
	Realm realm = Realm.parse(encoding.getData(), (byte)0x02, false);
	if (cname != null) {
	cname = new PrincipalName(
	cname.getNameType(), cname.getNameStrings(), realm);
	}
	sname = PrincipalName.parse(encoding.getData(), (byte)0x03, true, realm);
	from = KerberosTime.parse(encoding.getData(), (byte)0x04, true);
	till = KerberosTime.parse(encoding.getData(), (byte)0x05, false);
	rtime = KerberosTime.parse(encoding.getData(), (byte)0x06, true);
	der = encoding.getData().getDerValue();
	if ((der.getTag() & (byte)0x1F) == (byte)0x07) {
	nonce = der.getData().getBigInteger().intValue();
	} else {
	throw new Asn1Exception(Krb5.ASN1_BAD_ID);
	}
	der = encoding.getData().getDerValue();
	Vector<Integer> v = new Vector<>();
	if ((der.getTag() & (byte)0x1F) == (byte)0x08) {
	subDer = der.getData().getDerValue();

	if (subDer.getTag() == DerValue.tag_SequenceOf) {
	while(subDer.getData().available() > 0) {
	v.addElement(subDer.getData().getBigInteger().intValue());
	}
	eType = new int[v.size()];
	for (int i = 0; i < v.size(); i++) {
	eType[i] = v.elementAt(i);
	}
	} else {
	throw new Asn1Exception(Krb5.ASN1_BAD_ID);
	}
	} else {
	throw new Asn1Exception(Krb5.ASN1_BAD_ID);
	}
	if (encoding.getData().available() > 0) {
	addresses = HostAddresses.parse(encoding.getData(), (byte)0x09, true);
	}
	if (encoding.getData().available() > 0) {
	encAuthorizationData = EncryptedData.parse(encoding.getData(), (byte)0x0A, true);
	}
	if (encoding.getData().available() > 0) {
	Vector<Ticket> tempTickets = new Vector<>();
	der = encoding.getData().getDerValue();
	if ((der.getTag() & (byte)0x1F) == (byte)0x0B) {
	subDer = der.getData().getDerValue();
	if (subDer.getTag() == DerValue.tag_SequenceOf) {
	while (subDer.getData().available() > 0) {
	tempTickets.addElement(new Ticket(subDer.getData().getDerValue()));
	}
	} else {
	throw new Asn1Exception(Krb5.ASN1_BAD_ID);
	}
	if (tempTickets.size() > 0) {
	additionalTickets = new Ticket[tempTickets.size()];
	tempTickets.copyInto(additionalTickets);
	}
	} else {
	throw new Asn1Exception(Krb5.ASN1_BAD_ID);
	}
	}
	if (encoding.getData().available() > 0) {
	throw new Asn1Exception(Krb5.ASN1_BAD_ID);
	}
	}

	/**
	* Encodes this object to an OutputStream.
	*
	* @return an byte array of encoded data.
	* @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
	* @exception IOException if an I/O error occurs while reading encoded data.
	*
	*/
	public byte[] asn1Encode(int msgType) throws Asn1Exception, IOException {
	Vector<DerValue> v = new Vector<>();
	v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x00), kdcOptions.asn1Encode()));
	if (msgType == Krb5.KRB_AS_REQ) {
	if (cname != null) {
	v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x01), cname.asn1Encode()));
	}
	}
	if (sname != null) {
	v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x02), sname.getRealm().asn1Encode()));
	v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x03), sname.asn1Encode()));
	} else if (cname != null) {
	v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x02), cname.getRealm().asn1Encode()));
	}
	if (from != null) {
	v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x04), from.asn1Encode()));
	}
	v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x05), till.asn1Encode()));
	if (rtime != null) {
	v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x06), rtime.asn1Encode()));
	}
	DerOutputStream temp = new DerOutputStream();
	temp.putInteger(BigInteger.valueOf(nonce));
	v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x07), temp.toByteArray()));
	//revisit, if empty eType sequences are allowed
	temp = new DerOutputStream();
	for (int i = 0; i < eType.length; i++) {
	temp.putInteger(BigInteger.valueOf(eType[i]));
	}
	DerOutputStream eTypetemp = new DerOutputStream();
	eTypetemp.write(DerValue.tag_SequenceOf, temp);
	v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x08), eTypetemp.toByteArray()));
	if (addresses != null) {
	v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x09), addresses.asn1Encode()));
	}
	if (encAuthorizationData != null) {
	v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x0A), encAuthorizationData.asn1Encode()));
	}
	if (additionalTickets != null && additionalTickets.length > 0) {
	temp = new DerOutputStream();
	for (int i = 0; i < additionalTickets.length; i++) {
	temp.write(additionalTickets[i].asn1Encode());
	}
	DerOutputStream ticketsTemp = new DerOutputStream();
	ticketsTemp.write(DerValue.tag_SequenceOf, temp);
	v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x0B), ticketsTemp.toByteArray()));
	}
	DerValue der[] = new DerValue[v.size()];
	v.copyInto(der);
	temp = new DerOutputStream();
	temp.putSequence(der);
	return temp.toByteArray();
	}

	public int getNonce() {
	return nonce;
	}
	}

Back to index...