in kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/KdcRequest.java [209:297]
private void kdcFindFast() throws KrbException {
PaData paData = getKdcReq().getPaData();
if (paData != null) {
for (PaDataEntry paEntry : paData.getElements()) {
if (paEntry.getPaDataType() == PaDataType.FX_FAST) {
LOG.info("Found fast padata and starting to process it.");
PaFxFastRequest paFxFastRequest = null;
try {
paFxFastRequest = KrbCodec.decode(paEntry.getPaDataValue(), PaFxFastRequest.class);
} catch (KrbException e) {
String errMessage = "Decode PaFxFastRequest failed. " + e.getMessage();
LOG.error(errMessage);
throw new KrbException(errMessage);
}
KrbFastArmoredReq fastArmoredReq = paFxFastRequest.getFastArmoredReq();
if (fastArmoredReq == null) {
return;
}
KrbFastArmor fastArmor = fastArmoredReq.getArmor();
if (fastArmor == null) {
return;
}
try {
armorApRequest(fastArmor);
} catch (KrbException e) {
String errMessage = "Get armor key failed. " + e.getMessage();
LOG.error(errMessage);
throw new KrbException(errMessage);
}
if (getArmorKey() == null) {
return;
}
EncryptedData encryptedData = fastArmoredReq.getEncryptedFastReq();
KrbFastReq fastReq;
try {
fastReq = KrbCodec.decode(
EncryptionHandler.decrypt(encryptedData, getArmorKey(), KeyUsage.FAST_ENC),
KrbFastReq.class);
} catch (KrbException e) {
String errMessage = "Decode KrbFastReq failed. " + e.getMessage();
LOG.error(errMessage);
throw new KrbException(errMessage);
}
try {
innerBodyout = KrbCodec.encode(fastReq.getKdcReqBody());
} catch (KrbException e) {
String errMessage = "Encode KdcReqBody failed. " + e.getMessage();
LOG.error(errMessage);
throw new KrbException(errMessage);
}
// TODO: get checksumed data in stream
CheckSum checkSum = fastArmoredReq.getReqChecksum();
if (checkSum == null) {
LOG.warn("Checksum is empty.");
throw new KrbException(KrbErrorCode.KDC_ERR_PA_CHECKSUM_MUST_BE_INCLUDED);
}
byte[] reqBody;
try {
reqBody = KrbCodec.encode(getKdcReq().getReqBody());
} catch (KrbException e) {
String errMessage = "Encode the ReqBody failed. " + e.getMessage();
LOG.error(errMessage);
throw new KrbException(errMessage);
}
boolean success;
try {
success = CheckSumHandler.verifyWithKey(checkSum, reqBody,
getArmorKey().getKeyData(), KeyUsage.FAST_REQ_CHKSUM);
} catch (KrbException e) {
String errMessage = "Verify the KdcReqBody failed. " + e.getMessage();
LOG.error(errMessage);
throw new KrbException(errMessage);
}
if (!success) {
LOG.error("Verify the KdcReqBody failed.");
throw new KrbException("Verify the KdcReqBody failed. ");
}
}
}
}
}