From c0fddce0f5ba22e06cfbe12c0393db45295686ad Mon Sep 17 00:00:00 2001
From: Weijun Wang <weijun@openjdk.org>
Date: Thu, 4 Jul 2019 07:25:11 +0800
Subject: [PATCH] 8227061: KDC.java test behaves incorrectly when AS-REQ
 contains a PAData not PA-ENC-TS-ENC

Reviewed-by: mullan
---
 test/jdk/sun/security/krb5/auto/KDC.java | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/test/jdk/sun/security/krb5/auto/KDC.java b/test/jdk/sun/security/krb5/auto/KDC.java
index c03f7ff63cc..e3062d6ba22 100644
--- a/test/jdk/sun/security/krb5/auto/KDC.java
+++ b/test/jdk/sun/security/krb5/auto/KDC.java
@@ -1274,7 +1274,17 @@ public class KDC {
 
             PAData[] inPAs = KDCReqDotPAData(asReq);
             List<PAData> enc_outPAs = new ArrayList<>();
-            if (inPAs == null || inPAs.length == 0) {
+
+            byte[] paEncTimestamp = null;
+            if (inPAs != null) {
+                for (PAData inPA : inPAs) {
+                    if (inPA.getType() == Krb5.PA_ENC_TIMESTAMP) {
+                        paEncTimestamp = inPA.getValue();
+                    }
+                }
+            }
+
+            if (paEncTimestamp == null) {
                 Object preauth = options.get(Option.PREAUTH_REQUIRED);
                 if (preauth == null || preauth.equals(Boolean.TRUE)) {
                     throw new KrbException(Krb5.KDC_ERR_PREAUTH_REQUIRED);
@@ -1283,7 +1293,7 @@ public class KDC {
                 EncryptionKey pakey = null;
                 try {
                     EncryptedData data = newEncryptedData(
-                            new DerValue(inPAs[0].getValue()));
+                            new DerValue(paEncTimestamp));
                     pakey = keyForUser(body.cname, data.getEType(), false);
                     data.decrypt(pakey, KeyUsage.KU_PA_ENC_TS);
                 } catch (Exception e) {