src/share/classes/sun/security/krb5/internal/EncKDCRepPart.java

/*
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.  Oracle designates this
 * particular file as subject to the "Classpath" exception as provided
 * by Oracle in the LICENSE file that accompanied this code.
 *
 * This code is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * version 2 for more details (a copy is included in the LICENSE file that
 * accompanied this code).
 *
 * You should have received a copy of the GNU General Public License version
 * 2 along with this work; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 * or visit www.oracle.com if you need additional information or have any
 * questions.
 */

/*
 *
 *  (C) Copyright IBM Corp. 1999 All Rights Reserved.
 *  Copyright 1997 The Open Group Research Institute.  All rights reserved.
 */

package sun.security.krb5.internal;

import sun.security.krb5.*;
import sun.security.util.*;
import java.util.Vector;
import java.io.IOException;
import java.math.BigInteger;

/**
 * Implements the ASN.1 EncKDCRepPart type.
 *
 * <xmp>
 * EncKDCRepPart          ::= SEQUENCE {
 *      key               [0] EncryptionKey,
 *      last-req          [1] LastReq,
 *      nonce             [2] UInt32,
 *      key-expiration    [3] KerberosTime OPTIONAL,
 *      flags             [4] TicketFlags,
 *      authtime          [5] KerberosTime,
 *      starttime         [6] KerberosTime OPTIONAL,
 *      endtime           [7] KerberosTime,
 *      renew-till        [8] KerberosTime OPTIONAL,
 *      srealm            [9] Realm,
 *      sname             [10] PrincipalName,
 *      caddr             [11] HostAddresses OPTIONAL,
 *      encrypted-pa-data [12] SEQUENCE OF PA-DATA OPTIONAL
 * }
 * </xmp>
 *
 * <p>
 * This definition reflects the Network Working Group RFC 4120
 * specification available at
 * <a href="http://www.ietf.org/rfc/rfc4120.txt">
 * http://www.ietf.org/rfc/rfc4120.txt</a>.
 */
public class EncKDCRepPart {

    public EncryptionKey key;
    public LastReq lastReq;
    public int nonce;
    public KerberosTime keyExpiration; //optional
    public TicketFlags flags;
    public KerberosTime authtime;
    public KerberosTime starttime; //optional
    public KerberosTime endtime;
    public KerberosTime renewTill; //optional
    public PrincipalName sname;
    public HostAddresses caddr; //optional
    public PAData[] pAData; //optional
    public int msgType; //not included in sequence

    public EncKDCRepPart(
            EncryptionKey new_key,
            LastReq new_lastReq,
            int new_nonce,
            KerberosTime new_keyExpiration,
            TicketFlags new_flags,
            KerberosTime new_authtime,
            KerberosTime new_starttime,
            KerberosTime new_endtime,
            KerberosTime new_renewTill,
            PrincipalName new_sname,
            HostAddresses new_caddr,
            PAData[] new_pAData,
            int new_msgType) {
        key = new_key;
        lastReq = new_lastReq;
        nonce = new_nonce;
        keyExpiration = new_keyExpiration;
        flags = new_flags;
        authtime = new_authtime;
        starttime = new_starttime;
        endtime = new_endtime;
        renewTill = new_renewTill;
        sname = new_sname;
        caddr = new_caddr;
        pAData = new_pAData;
        msgType = new_msgType;
    }

    public EncKDCRepPart() {
    }

    public EncKDCRepPart(byte[] data, int rep_type)
            throws Asn1Exception, IOException, RealmException {
        init(new DerValue(data), rep_type);
    }

    public EncKDCRepPart(DerValue encoding, int rep_type)
            throws Asn1Exception, IOException, RealmException {
        init(encoding, rep_type);
    }

    /**
     * Initializes an EncKDCRepPart object.
     *
     * @param encoding a single DER-encoded value.
     * @param rep_type type of the encrypted reply message.
     * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
     * @exception IOException if an I/O error occurs while reading encoded data.
     * @exception RealmException if an error occurs while decoding an Realm object.
     */
    protected void init(DerValue encoding, int rep_type)
            throws Asn1Exception, IOException, RealmException {
        DerValue der, subDer;
        //implementations return the incorrect tag value, so
        //we don't use the above line; instead we use the following
        msgType = (encoding.getTag() & (byte) 0x1F);
        if (msgType != Krb5.KRB_ENC_AS_REP_PART &&
                msgType != Krb5.KRB_ENC_TGS_REP_PART) {
            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
        }
        der = encoding.getData().getDerValue();
        if (der.getTag() != DerValue.tag_Sequence) {
            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
        }
        key = EncryptionKey.parse(der.getData(), (byte) 0x00, false);
        lastReq = LastReq.parse(der.getData(), (byte) 0x01, false);
        subDer = der.getData().getDerValue();
        if ((subDer.getTag() & (byte) 0x1F) == (byte) 0x02) {
            nonce = subDer.getData().getBigInteger().intValue();
        } else {
            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
        }
        keyExpiration = KerberosTime.parse(der.getData(), (byte) 0x03, true);
        flags = TicketFlags.parse(der.getData(), (byte) 0x04, false);
        authtime = KerberosTime.parse(der.getData(), (byte) 0x05, false);
        starttime = KerberosTime.parse(der.getData(), (byte) 0x06, true);
        endtime = KerberosTime.parse(der.getData(), (byte) 0x07, false);
        renewTill = KerberosTime.parse(der.getData(), (byte) 0x08, true);
        Realm srealm = Realm.parse(der.getData(), (byte) 0x09, false);
        sname = PrincipalName.parse(der.getData(), (byte) 0x0A, false, srealm);
        if (der.getData().available() > 0) {
            caddr = HostAddresses.parse(der.getData(), (byte) 0x0B, true);
        }
        if (der.getData().available() > 0) {
            pAData = PAData.parseSequence(der.getData(), (byte) 0x0C, true);
        }
        // We observe extra data from MSAD
        /*if (der.getData().available() > 0) {
            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
        }*/
    }

    /**
     * Encodes an EncKDCRepPart object.
     * @param rep_type type of encrypted reply message.
     * @return byte array of encoded EncKDCRepPart object.
     * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
     * @exception IOException if an I/O error occurs while reading encoded data.
     */
    public byte[] asn1Encode(int rep_type) throws Asn1Exception,
            IOException {
        DerOutputStream bytes;
        DerOutputStream temp = new DerOutputStream();
        DerOutputStream out = new DerOutputStream();
        out.write(DerValue.createTag(DerValue.TAG_CONTEXT,
                true, (byte) 0x00), key.asn1Encode());
        out.write(DerValue.createTag(DerValue.TAG_CONTEXT,
                true, (byte) 0x01), lastReq.asn1Encode());
        temp.putInteger(BigInteger.valueOf(nonce));
        out.write(DerValue.createTag(DerValue.TAG_CONTEXT,
                true, (byte) 0x02), temp);

        if (keyExpiration != null) {
            out.write(DerValue.createTag(DerValue.TAG_CONTEXT,
                    true, (byte) 0x03), keyExpiration.asn1Encode());
        }
        out.write(DerValue.createTag(DerValue.TAG_CONTEXT,
                true, (byte) 0x04), flags.asn1Encode());
        out.write(DerValue.createTag(DerValue.TAG_CONTEXT,
                true, (byte) 0x05), authtime.asn1Encode());
        if (starttime != null) {
            out.write(DerValue.createTag(DerValue.TAG_CONTEXT,
                    true, (byte) 0x06), starttime.asn1Encode());
        }
        out.write(DerValue.createTag(DerValue.TAG_CONTEXT,
                true, (byte) 0x07), endtime.asn1Encode());
        if (renewTill != null) {
            out.write(DerValue.createTag(DerValue.TAG_CONTEXT,
                    true, (byte) 0x08), renewTill.asn1Encode());
        }
        out.write(DerValue.createTag(DerValue.TAG_CONTEXT,
                true, (byte) 0x09), sname.getRealm().asn1Encode());
        out.write(DerValue.createTag(DerValue.TAG_CONTEXT,
                true, (byte) 0x0A), sname.asn1Encode());
        if (caddr != null) {
            out.write(DerValue.createTag(DerValue.TAG_CONTEXT,
                    true, (byte) 0x0B), caddr.asn1Encode());
        }
        if (pAData != null && pAData.length > 0) {
            temp = new DerOutputStream();
            for (int i = 0; i < pAData.length; i++) {
                temp.write(pAData[i].asn1Encode());
            }
            bytes = new DerOutputStream();
            bytes.write(DerValue.tag_SequenceOf, temp);
            out.write(DerValue.createTag(DerValue.TAG_CONTEXT,
                    true, (byte) 0x0C), bytes);
        }
        //should use the rep_type to build the encoding
        //but other implementations do not; it is ignored and
        //the cached msgType is used instead
        temp = new DerOutputStream();
        temp.write(DerValue.tag_Sequence, out);
        bytes = new DerOutputStream();
        bytes.write(DerValue.createTag(DerValue.TAG_APPLICATION,
                true, (byte) msgType), temp);
        return bytes.toByteArray();
    }
}