1 /*
2 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
3 *
4 * This code is free software; you can redistribute it and/or modify it
5 * under the terms of the GNU General Public License version 2 only, as
6 * published by the Free Software Foundation. Oracle designates this
7 * particular file as subject to the "Classpath" exception as provided
8 * by Oracle in the LICENSE file that accompanied this code.
9 *
10 * This code is distributed in the hope that it will be useful, but WITHOUT
11 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
12 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * version 2 for more details (a copy is included in the LICENSE file that
14 * accompanied this code).
15 *
16 * You should have received a copy of the GNU General Public License version
17 * 2 along with this work; if not, write to the Free Software Foundation,
18 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
19 *
20 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
21 * or visit www.oracle.com if you need additional information or have any
22 * questions.
23 */
24
25 /*
26 *
27 * (C) Copyright IBM Corp. 1999 All Rights Reserved.
28 * Copyright 1997 The Open Group Research Institute. All rights reserved.
29 */
30
31 package sun.security.krb5.internal;
32
33 import sun.security.krb5.*;
34 import sun.security.krb5.EncryptionKey;
35 import sun.security.util.*;
36 import java.util.Vector;
37 import java.io.IOException;
38 import java.math.BigInteger;
39
40 /**
41 * Implements the ASN.1 EncKDCRepPart type.
42 *
43 * <pre>{@code
44 * EncKDCRepPart ::= SEQUENCE {
45 * key [0] EncryptionKey,
46 * last-req [1] LastReq,
47 * nonce [2] UInt32,
48 * key-expiration [3] KerberosTime OPTIONAL,
49 * flags [4] TicketFlags,
50 * authtime [5] KerberosTime,
51 * starttime [6] KerberosTime OPTIONAL,
52 * endtime [7] KerberosTime,
53 * renew-till [8] KerberosTime OPTIONAL,
54 * srealm [9] Realm,
55 * sname [10] PrincipalName,
56 * caddr [11] HostAddresses OPTIONAL
57 * }
58 * }</pre>
59 *
60 * <p>
61 * This definition reflects the Network Working Group RFC 4120
62 * specification available at
63 * <a href="http://www.ietf.org/rfc/rfc4120.txt">
64 * http://www.ietf.org/rfc/rfc4120.txt</a>.
65 */
66 public class EncKDCRepPart {
67
68 public EncryptionKey key;
69 public LastReq lastReq;
70 public int nonce;
71 public KerberosTime keyExpiration; //optional
72 public TicketFlags flags;
73 public KerberosTime authtime;
74 public KerberosTime starttime; //optional
75 public KerberosTime endtime;
76 public KerberosTime renewTill; //optional
77 public PrincipalName sname;
78 public HostAddresses caddr; //optional
79 public int msgType; //not included in sequence
80
81 public EncKDCRepPart(
82 EncryptionKey new_key,
83 LastReq new_lastReq,
84 int new_nonce,
85 KerberosTime new_keyExpiration,
86 TicketFlags new_flags,
87 KerberosTime new_authtime,
88 KerberosTime new_starttime,
89 KerberosTime new_endtime,
90 KerberosTime new_renewTill,
91 PrincipalName new_sname,
92 HostAddresses new_caddr,
93 int new_msgType) {
94 key = new_key;
95 lastReq = new_lastReq;
96 nonce = new_nonce;
97 keyExpiration = new_keyExpiration;
98 flags = new_flags;
99 authtime = new_authtime;
100 starttime = new_starttime;
101 endtime = new_endtime;
102 renewTill = new_renewTill;
103 sname = new_sname;
104 caddr = new_caddr;
105 msgType = new_msgType;
106 }
107
108 public EncKDCRepPart() {
109 }
110
111 public EncKDCRepPart(byte[] data, int rep_type)
112 throws Asn1Exception, IOException, RealmException {
113 init(new DerValue(data), rep_type);
114 }
115
116 public EncKDCRepPart(DerValue encoding, int rep_type)
117 throws Asn1Exception, IOException, RealmException {
118 init(encoding, rep_type);
119 }
120
121 /**
122 * Initializes an EncKDCRepPart object.
123 *
124 * @param encoding a single DER-encoded value.
125 * @param rep_type type of the encrypted reply message.
126 * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
127 * @exception IOException if an I/O error occurs while reading encoded data.
128 * @exception RealmException if an error occurs while decoding an Realm object.
129 */
130 protected void init(DerValue encoding, int rep_type)
131 throws Asn1Exception, IOException, RealmException {
132 DerValue der, subDer;
133 //implementations return the incorrect tag value, so
134 //we don't use the above line; instead we use the following
135 msgType = (encoding.getTag() & (byte) 0x1F);
136 if (msgType != Krb5.KRB_ENC_AS_REP_PART &&
137 msgType != Krb5.KRB_ENC_TGS_REP_PART) {
138 throw new Asn1Exception(Krb5.ASN1_BAD_ID);
139 }
140 der = encoding.getData().getDerValue();
141 if (der.getTag() != DerValue.tag_Sequence) {
142 throw new Asn1Exception(Krb5.ASN1_BAD_ID);
143 }
144 key = EncryptionKey.parse(der.getData(), (byte) 0x00, false);
145 lastReq = LastReq.parse(der.getData(), (byte) 0x01, false);
146 subDer = der.getData().getDerValue();
147 if ((subDer.getTag() & (byte) 0x1F) == (byte) 0x02) {
148 nonce = subDer.getData().getBigInteger().intValue();
149 } else {
150 throw new Asn1Exception(Krb5.ASN1_BAD_ID);
151 }
152 keyExpiration = KerberosTime.parse(der.getData(), (byte) 0x03, true);
153 flags = TicketFlags.parse(der.getData(), (byte) 0x04, false);
154 authtime = KerberosTime.parse(der.getData(), (byte) 0x05, false);
155 starttime = KerberosTime.parse(der.getData(), (byte) 0x06, true);
156 endtime = KerberosTime.parse(der.getData(), (byte) 0x07, false);
157 renewTill = KerberosTime.parse(der.getData(), (byte) 0x08, true);
158 Realm srealm = Realm.parse(der.getData(), (byte) 0x09, false);
159 sname = PrincipalName.parse(der.getData(), (byte) 0x0A, false, srealm);
160 if (der.getData().available() > 0) {
161 caddr = HostAddresses.parse(der.getData(), (byte) 0x0B, true);
162 }
163 // We observe extra data from MSAD
164 /*if (der.getData().available() > 0) {
165 throw new Asn1Exception(Krb5.ASN1_BAD_ID);
166 }*/
167 }
168
169 /**
170 * Encodes an EncKDCRepPart object.
171 * @param rep_type type of encrypted reply message.
172 * @return byte array of encoded EncKDCRepPart object.
173 * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
174 * @exception IOException if an I/O error occurs while reading encoded data.
175 */
176 public byte[] asn1Encode(int rep_type) throws Asn1Exception,
177 IOException {
178 DerOutputStream temp = new DerOutputStream();
179 DerOutputStream bytes = new DerOutputStream();
180 bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT,
181 true, (byte) 0x00), key.asn1Encode());
182 bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT,
183 true, (byte) 0x01), lastReq.asn1Encode());
184 temp.putInteger(BigInteger.valueOf(nonce));
185 bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT,
186 true, (byte) 0x02), temp);
187
188 if (keyExpiration != null) {
189 bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT,
190 true, (byte) 0x03), keyExpiration.asn1Encode());
191 }
192 bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT,
193 true, (byte) 0x04), flags.asn1Encode());
194 bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT,
195 true, (byte) 0x05), authtime.asn1Encode());
196 if (starttime != null) {
197 bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT,
198 true, (byte) 0x06), starttime.asn1Encode());
199 }
200 bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT,
201 true, (byte) 0x07), endtime.asn1Encode());
202 if (renewTill != null) {
203 bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT,
204 true, (byte) 0x08), renewTill.asn1Encode());
205 }
206 bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT,
207 true, (byte) 0x09), sname.getRealm().asn1Encode());
208 bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT,
209 true, (byte) 0x0A), sname.asn1Encode());
210 if (caddr != null) {
211 bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT,
212 true, (byte) 0x0B), caddr.asn1Encode());
213 }
214 //should use the rep_type to build the encoding
215 //but other implementations do not; it is ignored and
216 //the cached msgType is used instead
217 temp = new DerOutputStream();
218 temp.write(DerValue.tag_Sequence, bytes);
219 bytes = new DerOutputStream();
220 bytes.write(DerValue.createTag(DerValue.TAG_APPLICATION,
221 true, (byte) msgType), temp);
222 return bytes.toByteArray();
223 }
224 }