Back to index...

	/*
	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
	*
	* This code is free software; you can redistribute it and/or modify it
	* under the terms of the GNU General Public License version 2 only, as
	* published by the Free Software Foundation. Oracle designates this
	* particular file as subject to the "Classpath" exception as provided
	* by Oracle in the LICENSE file that accompanied this code.
	*
	* This code is distributed in the hope that it will be useful, but WITHOUT
	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
	* version 2 for more details (a copy is included in the LICENSE file that
	* accompanied this code).
	*
	* You should have received a copy of the GNU General Public License version
	* 2 along with this work; if not, write to the Free Software Foundation,
	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
	*
	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
	* or visit www.oracle.com if you need additional information or have any
	* questions.
	*/

	/*
	*
	* (C) Copyright IBM Corp. 1999 All Rights Reserved.
	* Copyright 1997 The Open Group Research Institute. All rights reserved.
	*/

	package sun.security.krb5.internal;

	import sun.security.krb5.Asn1Exception;
	import sun.security.krb5.Config;
	import sun.security.krb5.KrbException;
	import sun.security.util.DerInputStream;
	import sun.security.util.DerOutputStream;
	import sun.security.util.DerValue;

	import java.io.IOException;
	import java.time.Instant;
	import java.util.Calendar;
	import java.util.Date;
	import java.util.TimeZone;

	/**
	* Implements the ASN.1 KerberosTime type. This is an immutable class.
	*
	* {@code KerberosTime ::= GeneralizedTime} -- with no fractional seconds
	*
	* The timestamps used in Kerberos are encoded as GeneralizedTimes. A
	* KerberosTime value shall not include any fractional portions of the
	* seconds. As required by the DER, it further shall not include any
	* separators, and it shall specify the UTC time zone (Z).
	*
	* <p>
	* This definition reflects the Network Working Group RFC 4120
	* specification available at
	* <a href="http://www.ietf.org/rfc/rfc4120.txt">
	* http://www.ietf.org/rfc/rfc4120.txt</a>.
	*
	* The implementation also includes the microseconds info so that the
	* same class can be used as a precise timestamp in Authenticator etc.
	*/

	public class KerberosTime {

	private final long kerberosTime; // milliseconds since epoch, Date.getTime()
	private final int microSeconds; // last 3 digits of the real microsecond

	// The time when this class is loaded. Used in setNow()
	private static long initMilli = System.currentTimeMillis();
	private static long initMicro = System.nanoTime() / 1000;

	private static boolean DEBUG = Krb5.DEBUG;

	// Do not make this public. It's a little confusing that micro
	// is only the last 3 digits of microsecond.
	private KerberosTime(long time, int micro) {
	kerberosTime = time;
	microSeconds = micro;
	}

	/**
	* Creates a KerberosTime object from milliseconds since epoch.
	*/
	public KerberosTime(long time) {
	this(time, 0);
	}

	// This constructor is used in the native code
	// src/windows/native/sun/security/krb5/NativeCreds.c
	public KerberosTime(String time) throws Asn1Exception {
	this(toKerberosTime(time), 0);
	}

	private static long toKerberosTime(String time) throws Asn1Exception {
	// ASN.1 GeneralizedTime format:

	// "19700101000000Z"
	// \| \| \| \| \| \| \|
	// 0 4 6 8 \| \| \|
	// 10 \| \|
	// 12 \|
	// 14

	if (time.length() != 15)
	throw new Asn1Exception(Krb5.ASN1_BAD_TIMEFORMAT);
	if (time.charAt(14) != 'Z')
	throw new Asn1Exception(Krb5.ASN1_BAD_TIMEFORMAT);
	int year = Integer.parseInt(time.substring(0, 4));
	Calendar calendar = Calendar.getInstance(TimeZone.getTimeZone("UTC"));
	calendar.clear(); // so that millisecond is zero
	calendar.set(year,
	Integer.parseInt(time.substring(4, 6)) - 1,
	Integer.parseInt(time.substring(6, 8)),
	Integer.parseInt(time.substring(8, 10)),
	Integer.parseInt(time.substring(10, 12)),
	Integer.parseInt(time.substring(12, 14)));
	return calendar.getTimeInMillis();
	}

	/**
	* Creates a KerberosTime object from a Date object.
	*/
	public KerberosTime(Date time) {
	this(time.getTime(), 0);
	}

	/**
	* Creates a KerberosTime object from an Instant object
	*/
	public KerberosTime(Instant instant) {
	this(instant.getEpochSecond()*1000 + instant.getNano()/1000000L,
	instant.getNano()/1000%1000);
	}

	/**
	* Creates a KerberosTime object for now. It uses System.nanoTime()
	* to get a more precise time than "new Date()".
	*/
	public static KerberosTime now() {
	long newMilli = System.currentTimeMillis();
	long newMicro = System.nanoTime() / 1000;
	long microElapsed = newMicro - initMicro;
	long calcMilli = initMilli + microElapsed/1000;
	if (calcMilli - newMilli > 100 \|\| newMilli - calcMilli > 100) {
	if (DEBUG) {
	System.out.println("System time adjusted");
	}
	initMilli = newMilli;
	initMicro = newMicro;
	return new KerberosTime(newMilli, 0);
	} else {
	return new KerberosTime(calcMilli, (int)(microElapsed % 1000));
	}
	}

	/**
	* Returns a string representation of KerberosTime object.
	* @return a string representation of this object.
	*/
	public String toGeneralizedTimeString() {
	Calendar calendar = Calendar.getInstance(TimeZone.getTimeZone("UTC"));
	calendar.clear();

	calendar.setTimeInMillis(kerberosTime);
	return String.format("%04d%02d%02d%02d%02d%02dZ",
	calendar.get(Calendar.YEAR),
	calendar.get(Calendar.MONTH) + 1,
	calendar.get(Calendar.DAY_OF_MONTH),
	calendar.get(Calendar.HOUR_OF_DAY),
	calendar.get(Calendar.MINUTE),
	calendar.get(Calendar.SECOND));
	}

	/**
	* Encodes this object to a byte array.
	* @return a byte array of encoded data.
	* @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
	* @exception IOException if an I/O error occurs while reading encoded data.
	*/
	public byte[] asn1Encode() throws Asn1Exception, IOException {
	DerOutputStream out = new DerOutputStream();
	out.putGeneralizedTime(this.toDate());
	return out.toByteArray();
	}

	public long getTime() {
	return kerberosTime;
	}

	public Date toDate() {
	return new Date(kerberosTime);
	}

	public int getMicroSeconds() {
	Long temp_long = new Long((kerberosTime % 1000L) * 1000L);
	return temp_long.intValue() + microSeconds;
	}

	/**
	* Returns a new KerberosTime object with the original seconds
	* and the given microseconds.
	*/
	public KerberosTime withMicroSeconds(int usec) {
	return new KerberosTime(
	kerberosTime - kerberosTime%1000L + usec/1000L,
	usec%1000);
	}

	private boolean inClockSkew(int clockSkew) {
	return java.lang.Math.abs(kerberosTime - System.currentTimeMillis())
	<= clockSkew * 1000L;
	}

	public boolean inClockSkew() {
	return inClockSkew(getDefaultSkew());
	}

	public boolean greaterThanWRTClockSkew(KerberosTime time, int clockSkew) {
	if ((kerberosTime - time.kerberosTime) > clockSkew * 1000L)
	return true;
	return false;
	}

	public boolean greaterThanWRTClockSkew(KerberosTime time) {
	return greaterThanWRTClockSkew(time, getDefaultSkew());
	}

	public boolean greaterThan(KerberosTime time) {
	return kerberosTime > time.kerberosTime \|\|
	kerberosTime == time.kerberosTime &&
	microSeconds > time.microSeconds;
	}

	public boolean equals(Object obj) {
	if (this == obj) {
	return true;
	}

	if (!(obj instanceof KerberosTime)) {
	return false;
	}

	return kerberosTime == ((KerberosTime)obj).kerberosTime &&
	microSeconds == ((KerberosTime)obj).microSeconds;
	}

	public int hashCode() {
	int result = 37 * 17 + (int)(kerberosTime ^ (kerberosTime >>> 32));
	return result * 17 + microSeconds;
	}

	public boolean isZero() {
	return kerberosTime == 0 && microSeconds == 0;
	}

	public int getSeconds() {
	Long temp_long = new Long(kerberosTime / 1000L);
	return temp_long.intValue();
	}

	/**
	* Parse (unmarshal) a kerberostime from a DER input stream. This form
	* parsing might be used when expanding a value which is part of
	* a constructed sequence and uses explicitly tagged type.
	*
	* @exception Asn1Exception on error.
	* @param data the Der input stream value, which contains
	* one or more marshaled value.
	* @param explicitTag tag number.
	* @param optional indicates if this data field is optional
	* @return an instance of KerberosTime.
	*
	*/
	public static KerberosTime parse(
	DerInputStream data, byte explicitTag, boolean optional)
	throws Asn1Exception, IOException {
	if ((optional) && (((byte)data.peekByte() & (byte)0x1F)!= explicitTag))
	return null;
	DerValue der = data.getDerValue();
	if (explicitTag != (der.getTag() & (byte)0x1F)) {
	throw new Asn1Exception(Krb5.ASN1_BAD_ID);
	}
	else {
	DerValue subDer = der.getData().getDerValue();
	Date temp = subDer.getGeneralizedTime();
	return new KerberosTime(temp.getTime(), 0);
	}
	}

	public static int getDefaultSkew() {
	int tdiff = Krb5.DEFAULT_ALLOWABLE_CLOCKSKEW;
	try {
	if ((tdiff = Config.getInstance().getIntValue(
	"libdefaults", "clockskew"))
	== Integer.MIN_VALUE) { //value is not defined
	tdiff = Krb5.DEFAULT_ALLOWABLE_CLOCKSKEW;
	}
	} catch (KrbException e) {
	if (DEBUG) {
	System.out.println("Exception in getting clockskew from " +
	"Configuration " +
	"using default value " +
	e.getMessage());
	}
	}
	return tdiff;
	}

	public String toString() {
	return toGeneralizedTimeString();
	}
	}

Back to index...