Author: erodriguez
Date: Fri Feb 4 17:38:11 2005
New Revision: 151463
URL: http://svn.apache.org/viewcvs?view=rev&rev=151463
Log:
Light refactoring of the ticket-granting service.
Modified:
incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/TicketGrantingService.java
Modified:
incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/TicketGrantingService.java
URL:
http://svn.apache.org/viewcvs/incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/TicketGrantingService.java?view=diff&r1=151462&r2=151463
==============================================================================
---
incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/TicketGrantingService.java
(original)
+++
incubator/directory/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/TicketGrantingService.java
Fri Feb 4 17:38:11 2005
@@ -14,6 +14,7 @@
* limitations under the License.
*
*/
+
package org.apache.kerberos.kdc;
import java.io.IOException;
@@ -55,8 +56,8 @@
/**
* RFC 1510 A.6. KRB_TGS_REQ verification and KRB_TGS_REP generation
*/
-public class TicketGrantingService extends KerberosService {
-
+public class TicketGrantingService extends KerberosService
+{
private KdcConfiguration config;
public TicketGrantingService( KdcConfiguration config, PrincipalStore
bootstrap, PrincipalStore store )
@@ -66,54 +67,62 @@
this.config = config;
}
- public TicketGrantReply getReplyFor(KdcRequest request) throws
KerberosException, IOException {
-
- ApplicationRequest authHeader = getAuthHeader(request);
+ public TicketGrantReply getReplyFor(KdcRequest request) throws
KerberosException, IOException
+ {
+ ApplicationRequest authHeader = getAuthHeader( request );
Ticket tgt = authHeader.getTicket();
- Authenticator authenticator = verifyAuthHeader(authHeader, tgt);
+ Authenticator authenticator = verifyAuthHeader( authHeader, tgt
);
- verifyTicket(tgt, request.getServerPrincipal());
+ verifyTicket( tgt, request.getServerPrincipal() );
- verifyBodyChecksum(authenticator.getChecksum(), request);
+ verifyBodyChecksum( authenticator.getChecksum(), request );
EncryptionKey sessionKey = new RandomKey().getNewSessionKey();
- EncryptionType eType =
getBestEncryptionType(request.getEType());
+ EncryptionType eType = getBestEncryptionType(
request.getEType() );
- Ticket newTicket = getNewTicket(request, tgt, sessionKey,
authenticator);
+ Ticket newTicket = getNewTicket( request, tgt, sessionKey,
authenticator );
- TicketGrantReply reply = getReply(tgt, newTicket, sessionKey,
request);
+ TicketGrantReply reply = getReply( tgt, newTicket, sessionKey,
request );
- if (authenticator.getSubSessionKey() != null) {
+ if ( authenticator.getSubSessionKey() != null )
+ {
EncryptionKey subKey = authenticator.getSubSessionKey();
- encryptReplyPart(reply, subKey);
- } else {
- encryptReplyPart(reply, tgt.getSessionKey());
+ encryptReplyPart( reply, subKey );
+ }
+ else
+ {
+ encryptReplyPart( reply, tgt.getSessionKey() );
}
return reply;
}
- private ApplicationRequest getAuthHeader(KdcRequest request) throws
KerberosException, IOException {
-
- if (request.getPreAuthData()[0].getDataType() !=
PreAuthenticationDataType.PA_TGS_REQ)
+ private ApplicationRequest getAuthHeader( KdcRequest request )
+ throws KerberosException, IOException
+ {
+ if ( request.getPreAuthData()[0].getDataType() !=
PreAuthenticationDataType.PA_TGS_REQ )
+ {
throw KerberosException.KDC_ERR_PADATA_TYPE_NOSUPP;
+ }
byte[] undecodedAuthHeader =
request.getPreAuthData()[0].getDataValue();
ApplicationRequestDecoder decoder = new
ApplicationRequestDecoder();
- ApplicationRequest authHeader =
decoder.decode(undecodedAuthHeader);
+ ApplicationRequest authHeader = decoder.decode(
undecodedAuthHeader );
return authHeader;
}
// TODO - configurable checksum
- private void verifyBodyChecksum(Checksum authChecksum, KdcRequest
request)
- throws KerberosException {
-
- if (authChecksum == null)
+ private void verifyBodyChecksum( Checksum authChecksum, KdcRequest
request )
+ throws KerberosException
+ {
+ if ( authChecksum == null )
+ {
throw KerberosException.KRB_AP_ERR_INAPP_CKSUM;
+ }
/*
if (auth_hdr.authenticator.cksum type is not supported) then
@@ -129,28 +138,34 @@
KdcReqBodyEncoder encoder = new KdcReqBodyEncoder();
byte[] bytes = null;
- try {
- bytes = encoder.encode(request);
- } catch (IOException ioe) {
+ try
+ {
+ bytes = encoder.encode( request );
+ }
+ catch (IOException ioe)
+ {
ioe.printStackTrace();
}
ChecksumEngine digester = new RsaMd5Checksum();
- Checksum newChecksum = new Checksum(digester.checksumType(),
digester.calculateChecksum(bytes));
+ Checksum newChecksum = new Checksum( digester.checksumType(),
digester.calculateChecksum( bytes ) );
- boolean equal = newChecksum.equals(authChecksum);
+ boolean equal = newChecksum.equals( authChecksum );
- if (!equal)
+ if ( !equal )
+ {
throw KerberosException.KRB_AP_ERR_MODIFIED;
+ }
}
- private EncryptionKey getServerKey(KerberosPrincipal serverPrincipal)
throws KerberosException {
-
+ private EncryptionKey getServerKey( KerberosPrincipal serverPrincipal )
+ throws KerberosException
+ {
EncryptionKey serverKey = null;
// TODO - allow lookup with realm
try
{
- serverKey = getKeyForPrincipal(serverPrincipal);
+ serverKey = getKeyForPrincipal( serverPrincipal );
}
catch (Exception e)
{
@@ -169,140 +184,187 @@
return serverKey;
}
- private Ticket getNewTicket(KdcRequest request, Ticket tgt,
EncryptionKey sessionKey,
- Authenticator authenticator) throws KerberosException {
-
+ private Ticket getNewTicket( KdcRequest request, Ticket tgt,
EncryptionKey sessionKey,
+ Authenticator authenticator ) throws KerberosException
+ {
KerberosPrincipal ticketPrincipal =
request.getServerPrincipal();
EncTicketPartModifier newTicketBody = new
EncTicketPartModifier();
- newTicketBody.setClientAddresses(tgt.getClientAddresses());
+ newTicketBody.setClientAddresses( tgt.getClientAddresses() );
- processFlags(request, tgt, newTicketBody);
+ processFlags( request, tgt, newTicketBody );
- newTicketBody.setSessionKey(sessionKey);
- newTicketBody.setClientPrincipal(tgt.getClientPrincipal());
+ newTicketBody.setSessionKey( sessionKey );
+ newTicketBody.setClientPrincipal( tgt.getClientPrincipal() );
- AuthorizationData authData = processAuthorizationData(request,
authenticator, tgt);
- newTicketBody.setAuthorizationData(authData);
+ AuthorizationData authData = processAuthorizationData( request,
authenticator, tgt );
+ newTicketBody.setAuthorizationData( authData );
- processTransited(newTicketBody, tgt);
+ processTransited( newTicketBody, tgt );
- processTimes(request, newTicketBody, tgt);
+ processTimes( request, newTicketBody, tgt );
- EncryptionKey serverKey =
getServerKey(request.getServerPrincipal());
+ EncryptionKey serverKey = getServerKey(
request.getServerPrincipal() );
EncTicketPart ticketPart = newTicketBody.getEncTicketPart();
- EncryptedData encryptedData = encryptTicketPart(ticketPart,
serverKey, request);
+ EncryptedData encryptedData = encryptTicketPart( ticketPart,
serverKey, request );
- Ticket newTicket = new Ticket(ticketPrincipal, encryptedData);
- newTicket.setEncTicketPart(ticketPart);
+ Ticket newTicket = new Ticket( ticketPrincipal, encryptedData );
+ newTicket.setEncTicketPart( ticketPart );
return newTicket;
}
- private void processFlags(KdcRequest request, Ticket tgt,
EncTicketPartModifier newTicketBody)
- throws KerberosException {
-
- if (request.getOption(KdcOptions.FORWARDABLE)) {
- if (!tgt.getFlag(TicketFlags.FORWARDABLE))
+ private void processFlags( KdcRequest request, Ticket tgt,
EncTicketPartModifier newTicketBody )
+ throws KerberosException
+ {
+ if ( request.getOption( KdcOptions.FORWARDABLE ) )
+ {
+ if ( !tgt.getFlag( TicketFlags.FORWARDABLE ) )
+ {
throw KerberosException.KDC_ERR_BADOPTION;
- newTicketBody.setFlag(TicketFlags.FORWARDABLE);
+ }
+
+ newTicketBody.setFlag( TicketFlags.FORWARDABLE );
}
- if (request.getOption(KdcOptions.FORWARDED)) {
- if (!tgt.getFlag(TicketFlags.FORWARDABLE))
+ if ( request.getOption( KdcOptions.FORWARDED ) )
+ {
+ if ( !tgt.getFlag( TicketFlags.FORWARDABLE ) )
+ {
throw KerberosException.KDC_ERR_BADOPTION;
- newTicketBody.setFlag(TicketFlags.FORWARDED);
-
newTicketBody.setClientAddresses(request.getAddresses());
+ }
+ newTicketBody.setFlag( TicketFlags.FORWARDED );
+ newTicketBody.setClientAddresses(
request.getAddresses() );
//
reply.setClientAddresses(request.getClientAddresses()); moved to getReply
}
- if (tgt.getFlag(TicketFlags.FORWARDED))
+ if ( tgt.getFlag( TicketFlags.FORWARDED ) )
+ {
newTicketBody.setFlag(TicketFlags.FORWARDED);
+ }
- if (request.getOption(KdcOptions.PROXIABLE)) {
- if (!tgt.getFlag(TicketFlags.PROXIABLE))
+ if ( request.getOption( KdcOptions.PROXIABLE ) )
+ {
+ if ( !tgt.getFlag( TicketFlags.PROXIABLE ) )
+ {
throw KerberosException.KDC_ERR_BADOPTION;
- newTicketBody.setFlag(TicketFlags.PROXIABLE);
+ }
+
+ newTicketBody.setFlag( TicketFlags.PROXIABLE );
}
- if (request.getOption(KdcOptions.PROXY)) {
- if (!tgt.getFlag(TicketFlags.PROXIABLE))
+ if ( request.getOption( KdcOptions.PROXY ) )
+ {
+ if ( !tgt.getFlag( TicketFlags.PROXIABLE ) )
+ {
throw KerberosException.KDC_ERR_BADOPTION;
- newTicketBody.setFlag(TicketFlags.PROXY);
-
newTicketBody.setClientAddresses(request.getAddresses());
+ }
+
+ newTicketBody.setFlag( TicketFlags.PROXY );
+ newTicketBody.setClientAddresses(
request.getAddresses() );
//
reply.setClientAddresses(request.getClientAddresses()); moved to getReply
}
- if (request.getOption(KdcOptions.ALLOW_POSTDATE)) {
- if (!tgt.getFlag(TicketFlags.MAY_POSTDATE))
+ if ( request.getOption( KdcOptions.ALLOW_POSTDATE ) )
+ {
+ if ( !tgt.getFlag( TicketFlags.MAY_POSTDATE ) )
+ {
throw KerberosException.KDC_ERR_BADOPTION;
- newTicketBody.setFlag(TicketFlags.MAY_POSTDATE);
+ }
+
+ newTicketBody.setFlag( TicketFlags.MAY_POSTDATE );
}
- if (request.getOption(KdcOptions.POSTDATED)) {
- if (!tgt.getFlag(TicketFlags.MAY_POSTDATE))
+ if ( request.getOption( KdcOptions.POSTDATED ) )
+ {
+ if ( !tgt.getFlag( TicketFlags.MAY_POSTDATE ) )
+ {
throw KerberosException.KDC_ERR_BADOPTION;
- newTicketBody.setFlag(TicketFlags.POSTDATED);
- newTicketBody.setFlag(TicketFlags.INVALID);
+ }
+
+ newTicketBody.setFlag( TicketFlags.POSTDATED );
+ newTicketBody.setFlag( TicketFlags.INVALID );
- if (!config.isPostdateAllowed())
+ if ( !config.isPostdateAllowed() )
+ {
throw KerberosException.KDC_ERR_POLICY;
+ }
- newTicketBody.setStartTime(request.getFrom());
+ newTicketBody.setStartTime( request.getFrom() );
}
- if (request.getOption(KdcOptions.VALIDATE)) {
- if (!tgt.getFlag(TicketFlags.INVALID))
+ if ( request.getOption( KdcOptions.VALIDATE ) )
+ {
+ if ( !tgt.getFlag( TicketFlags.INVALID ) )
+ {
throw KerberosException.KDC_ERR_POLICY;
- if (tgt.getStartTime().greaterThan(new KerberosTime()))
+ }
+
+ if ( tgt.getStartTime().greaterThan( new KerberosTime()
) )
+ {
throw KerberosException.KRB_AP_ERR_TKT_NYV;
+ }
+
/*
if (check_hot_list(tgt)) then
error_out(KRB_AP_ERR_REPEAT);
endif
*/
- echoTicket(newTicketBody, tgt);
- newTicketBody.clearFlag(TicketFlags.INVALID);
+ echoTicket( newTicketBody, tgt );
+ newTicketBody.clearFlag( TicketFlags.INVALID );
}
- if (request.getOption(KdcOptions.RESERVED) ||
- request.getOption(KdcOptions.RENEWABLE) ||
- request.getOption(KdcOptions.RENEWABLE_OK))
+ if ( request.getOption( KdcOptions.RESERVED ) ||
+ request.getOption( KdcOptions.RENEWABLE ) ||
+ request.getOption( KdcOptions.RENEWABLE_OK ) )
+ {
throw KerberosException.KRB_AP_ERR_TKT_NYV;
+ }
}
- private void processTimes(KdcRequest request, EncTicketPartModifier
newTicketBody, Ticket tgt)
- throws KerberosException {
-
+ private void processTimes( KdcRequest request, EncTicketPartModifier
newTicketBody, Ticket tgt )
+ throws KerberosException
+ {
KerberosTime now = new KerberosTime();
- newTicketBody.setAuthTime(tgt.getAuthTime());
+ newTicketBody.setAuthTime( tgt.getAuthTime() );
KerberosTime renewalTime = null;
- if (request.getOption(KdcOptions.RENEW))
+ if ( request.getOption( KdcOptions.RENEW ) )
{
- if (!tgt.getFlag(TicketFlags.RENEWABLE))
+ if ( !tgt.getFlag( TicketFlags.RENEWABLE ) )
+ {
throw KerberosException.KDC_ERR_BADOPTION;
- if (tgt.getRenewTill().greaterThan(now))
+ }
+
+ if ( tgt.getRenewTill().greaterThan( now ) )
+ {
throw KerberosException.KRB_AP_ERR_TKT_EXPIRED;
+ }
- echoTicket(newTicketBody, tgt);
+ echoTicket( newTicketBody, tgt );
- newTicketBody.setStartTime(now);
+ newTicketBody.setStartTime( now );
long oldLife = tgt.getEndTime().getTime() -
tgt.getStartTime().getTime();
- newTicketBody.setEndTime(new
KerberosTime(Math.min(tgt.getRenewTill().getTime(), now.getTime() + oldLife)));
- } else {
- newTicketBody.setStartTime(now);
+ newTicketBody.setEndTime( new KerberosTime( Math.min(
tgt.getRenewTill().getTime(), now.getTime() + oldLife ) ) );
+ }
+ else
+ {
+ newTicketBody.setStartTime( now );
KerberosTime till;
- if (request.getTill().isZero())
+ if ( request.getTill().isZero() )
+ {
till = KerberosTime.INFINITY;
+ }
else
+ {
till = request.getTill();
+ }
// TODO - config; requires store
/*
@@ -310,35 +372,42 @@
new_tkt.starttime+server.max_life,
*/
List minimizer = new ArrayList();
- minimizer.add(till);
- minimizer.add(new KerberosTime(now.getTime() +
config.getMaximumTicketLifetime()));
- minimizer.add(tgt.getEndTime());
- KerberosTime minTime =
(KerberosTime)Collections.min(minimizer);
- newTicketBody.setEndTime(minTime);
-
- if (request.getOption(KdcOptions.RENEWABLE_OK) &&
- minTime.lessThan(request.getTill()) &&
- tgt.getFlag(TicketFlags.RENEWABLE)) {
+ minimizer.add( till );
+ minimizer.add( new KerberosTime( now.getTime() +
config.getMaximumTicketLifetime() ) );
+ minimizer.add( tgt.getEndTime() );
+ KerberosTime minTime = (KerberosTime)Collections.min(
minimizer );
+ newTicketBody.setEndTime( minTime );
+
+ if ( request.getOption( KdcOptions.RENEWABLE_OK ) &&
+ minTime.lessThan( request.getTill() ) &&
+ tgt.getFlag( TicketFlags.RENEWABLE ) )
+ {
// we set the RENEWABLE option for later processing
- request.setOption(KdcOptions.RENEWABLE);
- long rtime =
Math.min(request.getTill().getTime(), tgt.getRenewTill().getTime());
- renewalTime = new KerberosTime(rtime);
+ request.setOption( KdcOptions.RENEWABLE );
+ long rtime = Math.min(
request.getTill().getTime(), tgt.getRenewTill().getTime() );
+ renewalTime = new KerberosTime( rtime );
}
}
- if (renewalTime == null) {
+ if ( renewalTime == null )
+ {
renewalTime = request.getRtime();
}
KerberosTime rtime;
- if (renewalTime != null && renewalTime.isZero())
+ if ( renewalTime != null && renewalTime.isZero() )
+ {
rtime = KerberosTime.INFINITY;
+ }
else
+ {
rtime = renewalTime;
+ }
- if (request.getOption(KdcOptions.RENEWABLE) &&
- tgt.getFlag(TicketFlags.RENEWABLE)) {
- newTicketBody.setFlag(TicketFlags.RENEWABLE);
+ if ( request.getOption( KdcOptions.RENEWABLE ) &&
+ tgt.getFlag( TicketFlags.RENEWABLE ) )
+ {
+ newTicketBody.setFlag( TicketFlags.RENEWABLE );
/*
new_tkt.starttime+client.max_rlife,
@@ -346,34 +415,40 @@
*/
// TODO - client and server configurable; requires
store
List minimizer = new ArrayList();
- minimizer.add(rtime);
- minimizer.add(new KerberosTime(now.getTime() +
config.getMaximumRenewableLifetime()));
- minimizer.add(tgt.getRenewTill());
-
newTicketBody.setRenewTill((KerberosTime)Collections.min(minimizer));
+ minimizer.add( rtime );
+ minimizer.add( new KerberosTime( now.getTime() +
config.getMaximumRenewableLifetime() ) );
+ minimizer.add( tgt.getRenewTill() );
+ newTicketBody.setRenewTill(
(KerberosTime)Collections.min( minimizer ) );
}
}
- private AuthorizationData processAuthorizationData(KdcRequest request,
- Authenticator authHeader, Ticket tgt) throws
KerberosException {
-
+ private AuthorizationData processAuthorizationData( KdcRequest request,
+ Authenticator authHeader, Ticket tgt ) throws
KerberosException
+ {
AuthorizationData authData = null;
- if (request.getEncAuthorizationData() != null) {
- try {
+ if ( request.getEncAuthorizationData() != null )
+ {
+ try
+ {
EncryptionEngine engine =
EncryptionEngineFactory.getEncryptionEngineFor( authHeader.getSubSessionKey() );
-
- byte[] decryptedAuthData =
engine.getDecryptedData(authHeader.getSubSessionKey(),
-
request.getEncAuthorizationData());
+
+ byte[] decryptedAuthData =
engine.getDecryptedData( authHeader.getSubSessionKey(),
+
request.getEncAuthorizationData() );
AuthorizationDataDecoder decoder = new
AuthorizationDataDecoder();
- authData = decoder.decode(decryptedAuthData);
- } catch (KerberosException e) {
+ authData = decoder.decode( decryptedAuthData );
+ }
+ catch (KerberosException e)
+ {
throw
KerberosException.KRB_AP_ERR_BAD_INTEGRITY;
- } catch (IOException ioe) {
+ }
+ catch (IOException ioe)
+ {
throw
KerberosException.KRB_AP_ERR_BAD_INTEGRITY;
}
AuthorizationData ticketData =
tgt.getAuthorizationData();
- authData.add(ticketData);
+ authData.add( ticketData );
}
return authData;
@@ -391,27 +466,29 @@
new_tkt.transited := compress_transited(tgt.transited +
tgt.realm)
endif
*/
- private void processTransited(EncTicketPartModifier newTicketBody,
Ticket tgt) {
+ private void processTransited( EncTicketPartModifier newTicketBody,
Ticket tgt )
+ {
// TODO - currently no transited support other than local
- newTicketBody.setTransitedEncoding(tgt.getTransitedEncoding());
+ newTicketBody.setTransitedEncoding( tgt.getTransitedEncoding()
);
}
- private EncryptedData encryptTicketPart(EncTicketPart newTicketBody,
EncryptionKey serverKey,
- KdcRequest request) throws KerberosException {
-
+ private EncryptedData encryptTicketPart( EncTicketPart newTicketBody,
EncryptionKey serverKey,
+ KdcRequest request ) throws KerberosException
+ {
byte[] encodedTicket = null;
EncTicketPartEncoder encoder = new EncTicketPartEncoder();
try
{
- encodedTicket = encoder.encode(newTicketBody);
+ encodedTicket = encoder.encode( newTicketBody );
}
catch (IOException ioe)
{
ioe.printStackTrace();
}
- if (request.getOption(KdcOptions.ENC_TKT_IN_SKEY)) {
+ if ( request.getOption( KdcOptions.ENC_TKT_IN_SKEY ) )
+ {
/*
if (server not specified) then
server = req.second_ticket.client;
@@ -423,48 +500,57 @@
new_tkt.enc-part := encrypt OCTET STRING
using etype_for_key(second-ticket.key),
second-ticket.key;
*/
- } else {
+ }
+ else
+ {
// encrypt with serverKey
}
+
EncryptionEngine engine =
EncryptionEngineFactory.getEncryptionEngineFor( serverKey );
- return engine.getEncryptedData(serverKey, encodedTicket);
+ return engine.getEncryptedData( serverKey, encodedTicket );
}
- private void encryptReplyPart(TicketGrantReply reply, EncryptionKey
key) {
+ private void encryptReplyPart( TicketGrantReply reply, EncryptionKey
key )
+ {
EncTgsRepPartEncoder encoder = new EncTgsRepPartEncoder();
- try {
- byte[] plainText = encoder.encode(reply);
+ try
+ {
+ byte[] plainText = encoder.encode( reply );
EncryptionEngine engine =
EncryptionEngineFactory.getEncryptionEngineFor( key );
- EncryptedData cipherText = engine.getEncryptedData(key,
plainText);
+ EncryptedData cipherText = engine.getEncryptedData(
key, plainText );
- reply.setEncPart(cipherText);
+ reply.setEncPart( cipherText );
- } catch (Exception e) {
+ }
+ catch (Exception e)
+ {
e.printStackTrace();
}
}
- private TicketGrantReply getReply(Ticket tgt, Ticket newTicket,
- EncryptionKey sessionKey, KdcRequest request) {
-
+ private TicketGrantReply getReply( Ticket tgt, Ticket newTicket,
+ EncryptionKey sessionKey, KdcRequest request )
+ {
TicketGrantReply reply = new TicketGrantReply();
- reply.setClientPrincipal(tgt.getClientPrincipal());
- reply.setTicket(newTicket);
- reply.setKey(sessionKey);
- reply.setNonce(request.getNonce());
+ reply.setClientPrincipal( tgt.getClientPrincipal() );
+ reply.setTicket( newTicket );
+ reply.setKey( sessionKey );
+ reply.setNonce( request.getNonce() );
// TODO - resp.last-req := fetch_last_request_info(client);
requires store
- reply.setLastRequest(new LastRequest());
- reply.setFlags(newTicket.getFlags());
- reply.setClientAddresses(newTicket.getClientAddresses());
- reply.setAuthTime(newTicket.getAuthTime());
- reply.setStartTime(newTicket.getStartTime());
- reply.setEndTime(newTicket.getEndTime());
- reply.setServerPrincipal(newTicket.getServerPrincipal());
-
- if (newTicket.getFlag(TicketFlags.RENEWABLE))
- reply.setRenewTill(newTicket.getRenewTill());
+ reply.setLastRequest( new LastRequest() );
+ reply.setFlags( newTicket.getFlags() );
+ reply.setClientAddresses( newTicket.getClientAddresses() );
+ reply.setAuthTime( newTicket.getAuthTime() );
+ reply.setStartTime( newTicket.getStartTime() );
+ reply.setEndTime( newTicket.getEndTime() );
+ reply.setServerPrincipal( newTicket.getServerPrincipal() );
+
+ if ( newTicket.getFlag( TicketFlags.RENEWABLE ) )
+ {
+ reply.setRenewTill( newTicket.getRenewTill() );
+ }
return reply;
}
