213 allowed = Cipher.getMaxAllowedKeyLength("AES");
214 } catch (Exception e) {
215 // should not happen
216 }
217 int[] result;
218 if (allowed < 256) {
219 result = BUILTIN_ETYPES_NOAES256;
220 } else {
221 result = BUILTIN_ETYPES;
222 }
223 if (!allowWeakCrypto) {
224 // The last 2 etypes are now weak ones
225 return Arrays.copyOfRange(result, 0, result.length - 2);
226 }
227 return result;
228 }
229
230 /**
231 * Retrieves the default etypes from the configuration file, or
232 * if that's not available, return the built-in list of default etypes.
233 */
234 // used in KrbAsReq, KeyTab
235 public static int[] getDefaults(String configName) {
236 try {
237 return Config.getInstance().defaultEtype(configName);
238 } catch (KrbException exc) {
239 if (DEBUG) {
240 System.out.println("Exception while getting " +
241 configName + exc.getMessage());
242 System.out.println("Using default builtin etypes");
243 }
244 return getBuiltInDefaults();
245 }
246 }
247
248 /**
249 * Retrieve the default etypes from the configuration file for
250 * those etypes for which there are corresponding keys.
251 * Used in scenario we have some keys from a keytab with etypes
252 * different from those named in configName. Then, in order
253 * to decrypt an AS-REP, we should only ask for etypes for which
254 * we have keys.
255 */
256 public static int[] getDefaults(String configName, EncryptionKey[] keys)
257 throws KrbException {
258 int[] answer = getDefaults(configName);
259 if (answer == null) {
260 throw new KrbException("No supported encryption types listed in "
261 + configName);
262 }
263
264 List<Integer> list = new ArrayList<>(answer.length);
265 for (int i = 0; i < answer.length; i++) {
266 if (EncryptionKey.findKey(answer[i], keys) != null) {
267 list.add(answer[i]);
268 }
269 }
270 int len = list.size();
271 if (len <= 0) {
272 StringBuffer keystr = new StringBuffer();
273 for (int i = 0; i < keys.length; i++) {
274 keystr.append(toString(keys[i].getEType()));
275 keystr.append(" ");
276 }
277 throw new KrbException(
278 "Do not have keys of types listed in " + configName +
279 " available; only have keys of following type: " +
280 keystr.toString());
281 } else {
282 answer = new int[len];
|
213 allowed = Cipher.getMaxAllowedKeyLength("AES");
214 } catch (Exception e) {
215 // should not happen
216 }
217 int[] result;
218 if (allowed < 256) {
219 result = BUILTIN_ETYPES_NOAES256;
220 } else {
221 result = BUILTIN_ETYPES;
222 }
223 if (!allowWeakCrypto) {
224 // The last 2 etypes are now weak ones
225 return Arrays.copyOfRange(result, 0, result.length - 2);
226 }
227 return result;
228 }
229
230 /**
231 * Retrieves the default etypes from the configuration file, or
232 * if that's not available, return the built-in list of default etypes.
233 * This result is always non-empty. If no etypes are found,
234 * an exception is thrown.
235 */
236 public static int[] getDefaults(String configName)
237 throws KrbException {
238 Config config = null;
239 try {
240 config = Config.getInstance();
241 } catch (KrbException exc) {
242 if (DEBUG) {
243 System.out.println("Exception while getting " +
244 configName + exc.getMessage());
245 System.out.println("Using default builtin etypes");
246 }
247 return getBuiltInDefaults();
248 }
249 return config.defaultEtype(configName);
250 }
251
252 /**
253 * Retrieve the default etypes from the configuration file for
254 * those etypes for which there are corresponding keys.
255 * Used in scenario we have some keys from a keytab with etypes
256 * different from those named in configName. Then, in order
257 * to decrypt an AS-REP, we should only ask for etypes for which
258 * we have keys.
259 */
260 public static int[] getDefaults(String configName, EncryptionKey[] keys)
261 throws KrbException {
262 int[] answer = getDefaults(configName);
263
264 List<Integer> list = new ArrayList<>(answer.length);
265 for (int i = 0; i < answer.length; i++) {
266 if (EncryptionKey.findKey(answer[i], keys) != null) {
267 list.add(answer[i]);
268 }
269 }
270 int len = list.size();
271 if (len <= 0) {
272 StringBuffer keystr = new StringBuffer();
273 for (int i = 0; i < keys.length; i++) {
274 keystr.append(toString(keys[i].getEType()));
275 keystr.append(" ");
276 }
277 throw new KrbException(
278 "Do not have keys of types listed in " + configName +
279 " available; only have keys of following type: " +
280 keystr.toString());
281 } else {
282 answer = new int[len];
|