private PaPkAsReq makePaPkAsReq()

in kerby-kerb/kerb-client/src/main/java/org/apache/kerby/kerberos/kerb/client/preauth/pkinit/PkinitPreauth.java [235:311]

• 55 lines of code
• 4 McCabe index (conditional complexity)

    private PaPkAsReq makePaPkAsReq(KdcRequest kdcRequest,
                                    PkinitRequestContext reqCtx,
                                    int cusec, KerberosTime ctime, int nonce, CheckSum checkSum) throws KrbException {
        LOG.info("Making the PK_AS_REQ.");
        PaPkAsReq paPkAsReq = new PaPkAsReq();
        AuthPack authPack = new AuthPack();
        PkAuthenticator pkAuthen = new PkAuthenticator();

        boolean usingRsa = pkinitContext.getPluginOpts().isUsingRsa();
        reqCtx.setPaType(PaDataType.PK_AS_REQ);

        pkAuthen.setCusec(cusec);
        pkAuthen.setCtime(ctime);
        pkAuthen.setNonce(nonce);
        pkAuthen.setPaChecksum(checkSum.getChecksum());
        authPack.setPkAuthenticator(pkAuthen);
        authPack.setsupportedCmsTypes(pkinitContext.getPluginOpts().createSupportedCMSTypes());

        if (!usingRsa) {
            // DH case
            LOG.info("DH key transport algorithm.");

            String content = "0x06 07 2A 86 48 ce 3e 02 01";
            Asn1ObjectIdentifier dhOid = PkinitCrypto.createOid(content);
            AlgorithmIdentifier dhAlg = new AlgorithmIdentifier();
            dhAlg.setAlgorithm(dhOid.getValue());

            DiffieHellmanClient client = new DiffieHellmanClient();

            DHPublicKey clientPubKey = null;
            try {
                clientPubKey = client.init(DhGroup.MODP_GROUP2);
            } catch (Exception e) {
                LOG.error("DiffieHellmanClient init with failure. " + e);
            }

            reqCtx.setDhClient(client);

            DHParameterSpec type = null;
            try {
                type = clientPubKey.getParams();
            } catch (Exception e) {
                LOG.error("Fail to get params from client public key. " + e);
            }
            BigInteger q = type.getP().shiftRight(1);
            DhParameter dhParameter = new DhParameter();
            dhParameter.setP(type.getP());
            dhParameter.setG(type.getG());
            dhParameter.setQ(q);
            dhAlg.setParameters(dhParameter);

            SubjectPublicKeyInfo pubInfo = new SubjectPublicKeyInfo();
            pubInfo.setAlgorithm(dhAlg);

            Asn1Integer publickey = new Asn1Integer(clientPubKey.getY());
            pubInfo.setSubjectPubKey(KrbCodec.encode(publickey));

            authPack.setClientPublicValue(pubInfo);

            // DhNonce dhNonce = new DhNonce();
            // authPack.setClientDhNonce(dhNonce);
            byte[] signedAuthPack = signAuthPack(authPack);
            paPkAsReq.setSignedAuthPack(signedAuthPack);

        } else {
            LOG.info("RSA key transport algorithm");
            // authPack.setClientPublicValue(null);
        }

        TrustedCertifiers trustedCertifiers = pkinitContext.getPluginOpts().createTrustedCertifiers();
        paPkAsReq.setTrustedCertifiers(trustedCertifiers);

        // byte[] kdcPkId = pkinitContext.pluginOpts.createIssuerAndSerial();
        // paPkAsReq.setKdcPkId(kdcPkId);

        return paPkAsReq;
    }