private static void generateTicket( TicketGrantingContext tgsContext ) throws KerberosException,
InvalidTicketException
{
KdcReq request = tgsContext.getRequest();
Ticket tgt = tgsContext.getTgt();
Authenticator authenticator = tgsContext.getAuthenticator();
CipherTextHandler cipherTextHandler = tgsContext.getCipherTextHandler();
KerberosPrincipal ticketPrincipal = KerberosUtils.getKerberosPrincipal(
request.getKdcReqBody().getSName(), request.getKdcReqBody().getRealm() );
EncryptionType encryptionType = tgsContext.getEncryptionType();
EncryptionKey serverKey = tgsContext.getRequestPrincipalEntry().getKeyMap().get( encryptionType );
KerberosConfig config = tgsContext.getConfig();
tgsContext.getRequest().getKdcReqBody().getAdditionalTickets();
EncTicketPart newTicketPart = new EncTicketPart();
newTicketPart.setClientAddresses( tgt.getEncTicketPart().getClientAddresses() );
processFlags( config, request, tgt, newTicketPart );
EncryptionKey sessionKey = RandomKeyFactory.getRandomKey( tgsContext.getEncryptionType() );
newTicketPart.setKey( sessionKey );
newTicketPart.setCName( tgt.getEncTicketPart().getCName() );
newTicketPart.setCRealm( tgt.getEncTicketPart().getCRealm() );
if ( request.getKdcReqBody().getEncAuthorizationData() != null )
{
byte[] authorizationData = cipherTextHandler.decrypt( authenticator.getSubKey(), request.getKdcReqBody()
.getEncAuthorizationData(), KeyUsage.TGS_REQ_KDC_REQ_BODY_AUTHZ_DATA_ENC_WITH_TGS_SESS_KEY );
AuthorizationData authData = KerberosDecoder.decodeAuthorizationData( authorizationData );
authData.addEntry( tgt.getEncTicketPart().getAuthorizationData().getCurrentAD() );
newTicketPart.setAuthorizationData( authData );
}