|
Java example source code file (PAForUserEnc.java)
The PAForUserEnc.java Java example source code/* * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as * published by the Free Software Foundation. Oracle designates this * particular file as subject to the "Classpath" exception as provided * by Oracle in the LICENSE file that accompanied this code. * * This code is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * version 2 for more details (a copy is included in the LICENSE file that * accompanied this code). * * You should have received a copy of the GNU General Public License version * 2 along with this work; if not, write to the Free Software Foundation, * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. * * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA * or visit www.oracle.com if you need additional information or have any * questions. */ package sun.security.krb5.internal; import java.io.ByteArrayOutputStream; import java.io.IOException; import sun.security.krb5.*; import sun.security.krb5.internal.crypto.KeyUsage; import sun.security.krb5.internal.util.KerberosString; import sun.security.util.DerOutputStream; import sun.security.util.DerValue; /** * Implements the ASN.1 PA-FOR-USER type. * * <xmp> * padata-type ::= PA-FOR-USER * -- value 129 * padata-value ::= EncryptedData * -- PA-FOR-USER-ENC * PA-FOR-USER-ENC ::= SEQUENCE { * userName[0] PrincipalName, * userRealm[1] Realm, * cksum[2] Checksum, * auth-package[3] KerberosString * } * </xmp> * * <p> * This definition reflects MS-SFU. */ public class PAForUserEnc { final public PrincipalName name; final private EncryptionKey key; final public static String AUTH_PACKAGE = "Kerberos"; public PAForUserEnc(PrincipalName name, EncryptionKey key) { this.name = name; this.key = key; } /** * Constructs a PA-FOR-USER object from a DER encoding. * @param encoding the input object * @param key the key to verify the checksum inside encoding * @throws KrbException if the verification fails. * Note: this method is now only used by test KDC, therefore * the verification is ignored (at the moment). */ public PAForUserEnc(DerValue encoding, EncryptionKey key) throws Asn1Exception, KrbException, IOException { DerValue der = null; this.key = key; if (encoding.getTag() != DerValue.tag_Sequence) { throw new Asn1Exception(Krb5.ASN1_BAD_ID); } // Realm after name? Quite abnormal. PrincipalName tmpName = null; der = encoding.getData().getDerValue(); if ((der.getTag() & 0x1F) == 0x00) { try { tmpName = new PrincipalName(der.getData().getDerValue(), new Realm("PLACEHOLDER")); } catch (RealmException re) { // Impossible } } else { throw new Asn1Exception(Krb5.ASN1_BAD_ID); } der = encoding.getData().getDerValue(); if ((der.getTag() & 0x1F) == 0x01) { try { Realm realm = new Realm(der.getData().getDerValue()); name = new PrincipalName( tmpName.getNameType(), tmpName.getNameStrings(), realm); } catch (RealmException re) { throw new IOException(re); } } else { throw new Asn1Exception(Krb5.ASN1_BAD_ID); } der = encoding.getData().getDerValue(); if ((der.getTag() & 0x1F) == 0x02) { // Deal with the checksum } else { throw new Asn1Exception(Krb5.ASN1_BAD_ID); } der = encoding.getData().getDerValue(); if ((der.getTag() & 0x1F) == 0x03) { String authPackage = new KerberosString(der.getData().getDerValue()).toString(); if (!authPackage.equalsIgnoreCase(AUTH_PACKAGE)) { throw new IOException("Incorrect auth-package"); } } else { throw new Asn1Exception(Krb5.ASN1_BAD_ID); } if (encoding.getData().available() > 0) throw new Asn1Exception(Krb5.ASN1_BAD_ID); } public byte[] asn1Encode() throws Asn1Exception, IOException { DerOutputStream bytes = new DerOutputStream(); bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x00), name.asn1Encode()); bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x01), name.getRealm().asn1Encode()); try { Checksum cks = new Checksum( Checksum.CKSUMTYPE_HMAC_MD5_ARCFOUR, getS4UByteArray(), key, KeyUsage.KU_PA_FOR_USER_ENC_CKSUM); bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x02), cks.asn1Encode()); } catch (KrbException ke) { throw new IOException(ke); } DerOutputStream temp = new DerOutputStream(); temp.putDerValue(new KerberosString(AUTH_PACKAGE).toDerValue()); bytes.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0x03), temp); temp = new DerOutputStream(); temp.write(DerValue.tag_Sequence, bytes); return temp.toByteArray(); } /** * Returns S4UByteArray, the block to calculate checksum inside a * PA-FOR-USER-ENC data structure. It includes: * 1. userName.name-type encoded as a 4-byte integer in little endian * byte order * 2. all string values in the sequence of strings contained in the * userName.name-string field * 3. the string value of the userRealm field * 4. the string value of auth-package field */ public byte[] getS4UByteArray() { try { ByteArrayOutputStream ba = new ByteArrayOutputStream(); ba.write(new byte[4]); for (String s: name.getNameStrings()) { ba.write(s.getBytes("UTF-8")); } ba.write(name.getRealm().toString().getBytes("UTF-8")); ba.write(AUTH_PACKAGE.getBytes("UTF-8")); byte[] output = ba.toByteArray(); int pnType = name.getNameType(); output[0] = (byte)(pnType & 0xff); output[1] = (byte)((pnType>>8) & 0xff); output[2] = (byte)((pnType>>16) & 0xff); output[3] = (byte)((pnType>>24) & 0xff); return output; } catch (IOException ioe) { // not possible throw new AssertionError("Cannot write ByteArrayOutputStream", ioe); } } public String toString() { return "PA-FOR-USER: " + name; } } Other Java examples (source code examples)Here is a short list of links related to this Java PAForUserEnc.java source code file: |
... this post is sponsored by my books ... | |
#1 New Release! |
FP Best Seller |
Copyright 1998-2024 Alvin Alexander, alvinalexander.com
All Rights Reserved.
A percentage of advertising revenue from
pages under the /java/jwarehouse
URI on this website is
paid back to open source projects.