public static ApRep readRep( byte[] buf, EncryptionKey key, long allowableClockSkew, ApReq apReq, InetAddress initiator )
throws KrbException
{
ApRep apRep = KrbCodec.decode( buf, ApRep.class );
if ( apRep.getPvno() != KrbConstant.KRB_V5 )
{
throw new KrbException( KrbErrorCode.KRB_AP_ERR_BADVERSION );
}
if ( !apRep.getMsgType().equals( KrbMessageType.AP_REP ) )
{
throw new KrbException( KrbErrorCode.KRB_AP_ERR_MSG_TYPE );
}
try {
ApRequest.validate( key, apReq, initiator, allowableClockSkew * 1000 );
} catch (KrbException e) {
logger.debug("Ap Request validation error: code={}, message={}", e.getKrbErrorCode(), e.getMessage(), e );
}
EncAPRepPart encRepPart = EncryptionUtil.unseal( apRep.getEncryptedEncPart(), key, KeyUsage.AP_REP_ENCPART, EncAPRepPart.class );
apRep.setEncRepPart( encRepPart );
ApRequest.unsealAuthenticator( key, apReq );
EncAPRepPart encAPRepPart = apRep.getEncRepPart();
Authenticator authenticator = apReq.getAuthenticator();
if ( !encAPRepPart.getCtime().equals( authenticator.getCtime() ) || encAPRepPart.getCusec() != authenticator.getCusec() )
{
throw new KrbException( KrbErrorCode.KRB_AP_ERR_MODIFIED );
}
return apRep;
}