1 /*
2 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
3 *
4 * This code is free software; you can redistribute it and/or modify it
5 * under the terms of the GNU General Public License version 2 only, as
6 * published by the Free Software Foundation. Oracle designates this
7 * particular file as subject to the "Classpath" exception as provided
8 * by Oracle in the LICENSE file that accompanied this code.
9 *
10 * This code is distributed in the hope that it will be useful, but WITHOUT
11 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
12 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * version 2 for more details (a copy is included in the LICENSE file that
14 * accompanied this code).
15 *
16 * You should have received a copy of the GNU General Public License version
17 * 2 along with this work; if not, write to the Free Software Foundation,
18 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
19 *
20 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
21 * or visit www.oracle.com if you need additional information or have any
22 * questions.
23 */
24
25 /*
26 *
27 * (C) Copyright IBM Corp. 1999 All Rights Reserved.
28 * Copyright 1997 The Open Group Research Institute. All rights reserved.
29 */
30
31 package sun.security.krb5.internal;
32
33 import sun.security.krb5.*;
34 import sun.security.util.*;
35 import java.util.Vector;
36 import java.io.IOException;
37 import java.math.BigInteger;
38
39 /**
40 * Implements the ASN.1 EncKDCRepPart type.
41 *
42 * <pre>{@code
43 * EncKDCRepPart ::= SEQUENCE {
44 * key [0] EncryptionKey,
45 * last-req [1] LastReq,
46 * nonce [2] UInt32,
47 * key-expiration [3] KerberosTime OPTIONAL,
48 * flags [4] TicketFlags,
49 * authtime [5] KerberosTime,
50 * starttime [6] KerberosTime OPTIONAL,
51 * endtime [7] KerberosTime,
52 * renew-till [8] KerberosTime OPTIONAL,
53 * srealm [9] Realm,
54 * sname [10] PrincipalName,
55 * caddr [11] HostAddresses OPTIONAL,
56 * encrypted-pa-data [12] SEQUENCE OF PA-DATA OPTIONAL
57 * }
58 * }</pre>
59 *
60 * <p>
61 * This definition reflects the Network Working Group RFC 4120
62 * specification available at
63 * <a href="http://www.ietf.org/rfc/rfc4120.txt">
64 * http://www.ietf.org/rfc/rfc4120.txt</a>.
65 */
66 public class EncKDCRepPart {
67
68 public EncryptionKey key;
69 public LastReq lastReq;
70 public int nonce;
71 public KerberosTime keyExpiration; //optional
72 public TicketFlags flags;
73 public KerberosTime authtime;
74 public KerberosTime starttime; //optional
75 public KerberosTime endtime;
76 public KerberosTime renewTill; //optional
77 public PrincipalName sname;
78 public HostAddresses caddr; //optional
79 public PAData[] pAData; //optional
80 public int msgType; //not included in sequence
81
82 public EncKDCRepPart(
83 EncryptionKey new_key,
84 LastReq new_lastReq,
85 int new_nonce,
86 KerberosTime new_keyExpiration,
87 TicketFlags new_flags,
88 KerberosTime new_authtime,
89 KerberosTime new_starttime,
90 KerberosTime new_endtime,
91 KerberosTime new_renewTill,
92 PrincipalName new_sname,
93 HostAddresses new_caddr,
94 PAData[] new_pAData,
95 int new_msgType) {
96 key = new_key;
97 lastReq = new_lastReq;
98 nonce = new_nonce;
99 keyExpiration = new_keyExpiration;
100 flags = new_flags;
101 authtime = new_authtime;
102 starttime = new_starttime;
103 endtime = new_endtime;
104 renewTill = new_renewTill;
105 sname = new_sname;
106 caddr = new_caddr;
107 pAData = new_pAData;
108 msgType = new_msgType;
109 }
110
111 public EncKDCRepPart() {
112 }
113
114 public EncKDCRepPart(byte[] data, int rep_type)
115 throws Asn1Exception, IOException, RealmException {
116 init(new DerValue(data), rep_type);
117 }
118
119 public EncKDCRepPart(DerValue encoding, int rep_type)
120 throws Asn1Exception, IOException, RealmException {
121 init(encoding, rep_type);
122 }
123
124 /**
125 * Initializes an EncKDCRepPart object.
126 *
127 * @param encoding a single DER-encoded value.
128 * @param rep_type type of the encrypted reply message.
129 * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
130 * @exception IOException if an I/O error occurs while reading encoded data.
131 * @exception RealmException if an error occurs while decoding an Realm object.
132 */
133 protected void init(DerValue encoding, int rep_type)
134 throws Asn1Exception, IOException, RealmException {
135 DerValue der, subDer;
136 //implementations return the incorrect tag value, so
137 //we don't use the above line; instead we use the following
138 msgType = (encoding.getTag() & (byte) 0x1F);
139 if (msgType != Krb5.KRB_ENC_AS_REP_PART &&
140 msgType != Krb5.KRB_ENC_TGS_REP_PART) {
141 throw new Asn1Exception(Krb5.ASN1_BAD_ID);
142 }
143 der = encoding.getData().getDerValue();
144 if (der.getTag() != DerValue.tag_Sequence) {
145 throw new Asn1Exception(Krb5.ASN1_BAD_ID);
146 }
147 key = EncryptionKey.parse(der.getData(), (byte) 0x00, false);
148 lastReq = LastReq.parse(der.getData(), (byte) 0x01, false);
149 subDer = der.getData().getDerValue();
150 if ((subDer.getTag() & (byte) 0x1F) == (byte) 0x02) {
151 nonce = subDer.getData().getBigInteger().intValue();
152 } else {
153 throw new Asn1Exception(Krb5.ASN1_BAD_ID);
154 }
155 keyExpiration = KerberosTime.parse(der.getData(), (byte) 0x03, true);
156 flags = TicketFlags.parse(der.getData(), (byte) 0x04, false);
157 authtime = KerberosTime.parse(der.getData(), (byte) 0x05, false);
158 starttime = KerberosTime.parse(der.getData(), (byte) 0x06, true);
159 endtime = KerberosTime.parse(der.getData(), (byte) 0x07, false);
160 renewTill = KerberosTime.parse(der.getData(), (byte) 0x08, true);
161 Realm srealm = Realm.parse(der.getData(), (byte) 0x09, false);
162 sname = PrincipalName.parse(der.getData(), (byte) 0x0A, false, srealm);
163 if (der.getData().available() > 0) {
164 caddr = HostAddresses.parse(der.getData(), (byte) 0x0B, true);
165 }
166 if (der.getData().available() > 0) {
167 pAData = PAData.parseSequence(der.getData(), (byte) 0x0C, true);
168 }
169 // We observe extra data from MSAD
170 /*if (der.getData().available() > 0) {
171 throw new Asn1Exception(Krb5.ASN1_BAD_ID);
172 }*/
173 }
174
175 /**
176 * Encodes an EncKDCRepPart object.
177 * @param rep_type type of encrypted reply message.
178 * @return byte array of encoded EncKDCRepPart object.
179 * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
180 * @exception IOException if an I/O error occurs while reading encoded data.
181 */
182 public byte[] asn1Encode(int rep_type) throws Asn1Exception,
183 IOException {
184 DerOutputStream bytes;
185 DerOutputStream temp = new DerOutputStream();
186 DerOutputStream out = new DerOutputStream();
187 out.write(DerValue.createTag(DerValue.TAG_CONTEXT,
188 true, (byte) 0x00), key.asn1Encode());
189 out.write(DerValue.createTag(DerValue.TAG_CONTEXT,
190 true, (byte) 0x01), lastReq.asn1Encode());
191 temp.putInteger(BigInteger.valueOf(nonce));
192 out.write(DerValue.createTag(DerValue.TAG_CONTEXT,
193 true, (byte) 0x02), temp);
194
195 if (keyExpiration != null) {
196 out.write(DerValue.createTag(DerValue.TAG_CONTEXT,
197 true, (byte) 0x03), keyExpiration.asn1Encode());
198 }
199 out.write(DerValue.createTag(DerValue.TAG_CONTEXT,
200 true, (byte) 0x04), flags.asn1Encode());
201 out.write(DerValue.createTag(DerValue.TAG_CONTEXT,
202 true, (byte) 0x05), authtime.asn1Encode());
203 if (starttime != null) {
204 out.write(DerValue.createTag(DerValue.TAG_CONTEXT,
205 true, (byte) 0x06), starttime.asn1Encode());
206 }
207 out.write(DerValue.createTag(DerValue.TAG_CONTEXT,
208 true, (byte) 0x07), endtime.asn1Encode());
209 if (renewTill != null) {
210 out.write(DerValue.createTag(DerValue.TAG_CONTEXT,
211 true, (byte) 0x08), renewTill.asn1Encode());
212 }
213 out.write(DerValue.createTag(DerValue.TAG_CONTEXT,
214 true, (byte) 0x09), sname.getRealm().asn1Encode());
215 out.write(DerValue.createTag(DerValue.TAG_CONTEXT,
216 true, (byte) 0x0A), sname.asn1Encode());
217 if (caddr != null) {
218 out.write(DerValue.createTag(DerValue.TAG_CONTEXT,
219 true, (byte) 0x0B), caddr.asn1Encode());
220 }
221 if (pAData != null && pAData.length > 0) {
222 temp = new DerOutputStream();
223 for (int i = 0; i < pAData.length; i++) {
224 temp.write(pAData[i].asn1Encode());
225 }
226 bytes = new DerOutputStream();
227 bytes.write(DerValue.tag_SequenceOf, temp);
228 out.write(DerValue.createTag(DerValue.TAG_CONTEXT,
229 true, (byte) 0x0C), bytes);
230 }
231 //should use the rep_type to build the encoding
232 //but other implementations do not; it is ignored and
233 //the cached msgType is used instead
234 temp = new DerOutputStream();
235 temp.write(DerValue.tag_Sequence, out);
236 bytes = new DerOutputStream();
237 bytes.write(DerValue.createTag(DerValue.TAG_APPLICATION,
238 true, (byte) msgType), temp);
239 return bytes.toByteArray();
240 }
241 }