changeset 13775:968f12f8a2f9

8227061: KDC.java test behaves incorrectly when AS-REQ contains a PAData not PA-ENC-TS-ENC Reviewed-by: mullan
author weijun
date Thu, 04 Jul 2019 07:25:11 +0800
parents 52b4ca5a31fa
children a44331c37c67
files test/sun/security/krb5/auto/KDC.java
diffstat 1 files changed, 12 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/test/sun/security/krb5/auto/KDC.java	Sun Jan 12 01:59:01 2020 +0000
+++ b/test/sun/security/krb5/auto/KDC.java	Thu Jul 04 07:25:11 2019 +0800
@@ -1279,7 +1279,17 @@
 
             PAData[] inPAs = KDCReqDotPAData(asReq);
             List<PAData> enc_outPAs = new ArrayList<>();
-            if (inPAs == null || inPAs.length == 0) {
+
+            byte[] paEncTimestamp = null;
+            if (inPAs != null) {
+                for (PAData inPA : inPAs) {
+                    if (inPA.getType() == Krb5.PA_ENC_TIMESTAMP) {
+                        paEncTimestamp = inPA.getValue();
+                    }
+                }
+            }
+
+            if (paEncTimestamp == null) {
                 Object preauth = options.get(Option.PREAUTH_REQUIRED);
                 if (preauth == null || preauth.equals(Boolean.TRUE)) {
                     throw new KrbException(Krb5.KDC_ERR_PREAUTH_REQUIRED);
@@ -1288,7 +1298,7 @@
                 EncryptionKey pakey = null;
                 try {
                     EncryptedData data = newEncryptedData(
-                            new DerValue(inPAs[0].getValue()));
+                            new DerValue(paEncTimestamp));
                     pakey = keyForUser(body.cname, data.getEType(), false);
                     data.decrypt(pakey, KeyUsage.KU_PA_ENC_TS);
                 } catch (Exception e) {