/*
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.  Oracle designates this
 * particular file as subject to the "Classpath" exception as provided
 * by Oracle in the LICENSE file that accompanied this code.
 *
 * This code is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * version 2 for more details (a copy is included in the LICENSE file that
 * accompanied this code).
 *
 * You should have received a copy of the GNU General Public License version
 * 2 along with this work; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 * or visit www.oracle.com if you need additional information or have any
 * questions.
 */

/*
 *
 *  (C) Copyright IBM Corp. 1999 All Rights Reserved.
 *  Copyright 1997 The Open Group Research Institute.  All rights reserved.
 */

package sun.security.krb5.internal;

import sun.security.krb5.*;
import sun.security.util.*;
import java.util.Vector;
import java.io.IOException;
import java.math.BigInteger;

Implements the ASN.1 EncKDCRepPart type.

EncKDCRepPart          ::= SEQUENCE {
     key               [0] EncryptionKey,
     last-req          [1] LastReq,
     nonce             [2] UInt32,
     key-expiration    [3] KerberosTime OPTIONAL,
     flags             [4] TicketFlags,
     authtime          [5] KerberosTime,
     starttime         [6] KerberosTime OPTIONAL,
     endtime           [7] KerberosTime,
     renew-till        [8] KerberosTime OPTIONAL,
     srealm            [9] Realm,
     sname             [10] PrincipalName,
     caddr             [11] HostAddresses OPTIONAL,
     encrypted-pa-data [12] SEQUENCE OF PA-DATA OPTIONAL
 }

This definition reflects the Network Working Group RFC 4120 specification available at http://www.ietf.org/rfc/rfc4120.txt.

/** * Implements the ASN.1 EncKDCRepPart type. * * <pre>{@code * EncKDCRepPart ::= SEQUENCE { * key [0] EncryptionKey, * last-req [1] LastReq, * nonce [2] UInt32, * key-expiration [3] KerberosTime OPTIONAL, * flags [4] TicketFlags, * authtime [5] KerberosTime, * starttime [6] KerberosTime OPTIONAL, * endtime [7] KerberosTime, * renew-till [8] KerberosTime OPTIONAL, * srealm [9] Realm, * sname [10] PrincipalName, * caddr [11] HostAddresses OPTIONAL, * encrypted-pa-data [12] SEQUENCE OF PA-DATA OPTIONAL * } * }</pre> * * <p> * This definition reflects the Network Working Group RFC 4120 * specification available at * <a href="http://www.ietf.org/rfc/rfc4120.txt"> * http://www.ietf.org/rfc/rfc4120.txt</a>. */
public class EncKDCRepPart { public EncryptionKey key; public LastReq lastReq; public int nonce; public KerberosTime keyExpiration; //optional public TicketFlags flags; public KerberosTime authtime; public KerberosTime starttime; //optional public KerberosTime endtime; public KerberosTime renewTill; //optional public PrincipalName sname; public HostAddresses caddr; //optional public PAData[] pAData; //optional public int msgType; //not included in sequence public EncKDCRepPart( EncryptionKey new_key, LastReq new_lastReq, int new_nonce, KerberosTime new_keyExpiration, TicketFlags new_flags, KerberosTime new_authtime, KerberosTime new_starttime, KerberosTime new_endtime, KerberosTime new_renewTill, PrincipalName new_sname, HostAddresses new_caddr, PAData[] new_pAData, int new_msgType) { key = new_key; lastReq = new_lastReq; nonce = new_nonce; keyExpiration = new_keyExpiration; flags = new_flags; authtime = new_authtime; starttime = new_starttime; endtime = new_endtime; renewTill = new_renewTill; sname = new_sname; caddr = new_caddr; pAData = new_pAData; msgType = new_msgType; } public EncKDCRepPart() { } public EncKDCRepPart(byte[] data, int rep_type) throws Asn1Exception, IOException, RealmException { init(new DerValue(data), rep_type); } public EncKDCRepPart(DerValue encoding, int rep_type) throws Asn1Exception, IOException, RealmException { init(encoding, rep_type); }
Initializes an EncKDCRepPart object.
Params:
  • encoding – a single DER-encoded value.
  • rep_type – type of the encrypted reply message.
Throws:
  • Asn1Exception – if an error occurs while decoding an ASN1 encoded data.
  • IOException – if an I/O error occurs while reading encoded data.
  • RealmException – if an error occurs while decoding an Realm object.
/** * Initializes an EncKDCRepPart object. * * @param encoding a single DER-encoded value. * @param rep_type type of the encrypted reply message. * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. * @exception IOException if an I/O error occurs while reading encoded data. * @exception RealmException if an error occurs while decoding an Realm object. */
protected void init(DerValue encoding, int rep_type) throws Asn1Exception, IOException, RealmException { DerValue der, subDer; //implementations return the incorrect tag value, so //we don't use the above line; instead we use the following msgType = (encoding.getTag() & (byte) 0x1F); if (msgType != Krb5.KRB_ENC_AS_REP_PART && msgType != Krb5.KRB_ENC_TGS_REP_PART) { throw new Asn1Exception(Krb5.ASN1_BAD_ID); } der = encoding.getData().getDerValue(); if (der.getTag() != DerValue.tag_Sequence) { throw new Asn1Exception(Krb5.ASN1_BAD_ID); } key = EncryptionKey.parse(der.getData(), (byte) 0x00, false); lastReq = LastReq.parse(der.getData(), (byte) 0x01, false); subDer = der.getData().getDerValue(); if ((subDer.getTag() & (byte) 0x1F) == (byte) 0x02) { nonce = subDer.getData().getBigInteger().intValue(); } else { throw new Asn1Exception(Krb5.ASN1_BAD_ID); } keyExpiration = KerberosTime.parse(der.getData(), (byte) 0x03, true); flags = TicketFlags.parse(der.getData(), (byte) 0x04, false); authtime = KerberosTime.parse(der.getData(), (byte) 0x05, false); starttime = KerberosTime.parse(der.getData(), (byte) 0x06, true); endtime = KerberosTime.parse(der.getData(), (byte) 0x07, false); renewTill = KerberosTime.parse(der.getData(), (byte) 0x08, true); Realm srealm = Realm.parse(der.getData(), (byte) 0x09, false); sname = PrincipalName.parse(der.getData(), (byte) 0x0A, false, srealm); if (der.getData().available() > 0) { caddr = HostAddresses.parse(der.getData(), (byte) 0x0B, true); } if (der.getData().available() > 0) { pAData = PAData.parseSequence(der.getData(), (byte) 0x0C, true); } // We observe extra data from MSAD /*if (der.getData().available() > 0) { throw new Asn1Exception(Krb5.ASN1_BAD_ID); }*/ }
Encodes an EncKDCRepPart object.
Params:
  • rep_type – type of encrypted reply message.
Throws:
  • Asn1Exception – if an error occurs while decoding an ASN1 encoded data.
  • IOException – if an I/O error occurs while reading encoded data.
Returns:byte array of encoded EncKDCRepPart object.
/** * Encodes an EncKDCRepPart object. * @param rep_type type of encrypted reply message. * @return byte array of encoded EncKDCRepPart object. * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data. * @exception IOException if an I/O error occurs while reading encoded data. */
public byte[] asn1Encode(int rep_type) throws Asn1Exception, IOException { DerOutputStream bytes; DerOutputStream temp = new DerOutputStream(); DerOutputStream out = new DerOutputStream(); out.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x00), key.asn1Encode()); out.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x01), lastReq.asn1Encode()); temp.putInteger(BigInteger.valueOf(nonce)); out.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x02), temp); if (keyExpiration != null) { out.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x03), keyExpiration.asn1Encode()); } out.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x04), flags.asn1Encode()); out.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x05), authtime.asn1Encode()); if (starttime != null) { out.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x06), starttime.asn1Encode()); } out.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x07), endtime.asn1Encode()); if (renewTill != null) { out.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x08), renewTill.asn1Encode()); } out.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x09), sname.getRealm().asn1Encode()); out.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x0A), sname.asn1Encode()); if (caddr != null) { out.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x0B), caddr.asn1Encode()); } if (pAData != null && pAData.length > 0) { temp = new DerOutputStream(); for (int i = 0; i < pAData.length; i++) { temp.write(pAData[i].asn1Encode()); } bytes = new DerOutputStream(); bytes.write(DerValue.tag_SequenceOf, temp); out.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x0C), bytes); } //should use the rep_type to build the encoding //but other implementations do not; it is ignored and //the cached msgType is used instead temp = new DerOutputStream(); temp.write(DerValue.tag_Sequence, out); bytes = new DerOutputStream(); bytes.write(DerValue.createTag(DerValue.TAG_APPLICATION, true, (byte) msgType), temp); return bytes.toByteArray(); } }