1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20 package org.apache.directory.shared.kerberos.codec;
21
22
23 import java.nio.ByteBuffer;
24
25 import org.apache.directory.server.kerberos.changepwd.exceptions.ChangePasswdErrorType;
26 import org.apache.directory.server.kerberos.changepwd.exceptions.ChangePasswordException;
27 import org.apache.directory.api.asn1.DecoderException;
28 import org.apache.directory.api.asn1.ber.Asn1Container;
29 import org.apache.directory.api.asn1.ber.Asn1Decoder;
30 import org.apache.directory.api.asn1.ber.tlv.TLVStateEnum;
31 import org.apache.directory.shared.kerberos.codec.EncKdcRepPart.EncKdcRepPartContainer;
32 import org.apache.directory.shared.kerberos.codec.apRep.ApRepContainer;
33 import org.apache.directory.shared.kerberos.codec.apReq.ApReqContainer;
34 import org.apache.directory.shared.kerberos.codec.authenticator.AuthenticatorContainer;
35 import org.apache.directory.shared.kerberos.codec.authorizationData.AuthorizationDataContainer;
36 import org.apache.directory.shared.kerberos.codec.encApRepPart.EncApRepPartContainer;
37 import org.apache.directory.shared.kerberos.codec.encAsRepPart.EncAsRepPartContainer;
38 import org.apache.directory.shared.kerberos.codec.encKrbPrivPart.EncKrbPrivPartContainer;
39 import org.apache.directory.shared.kerberos.codec.encTgsRepPart.EncTgsRepPartContainer;
40 import org.apache.directory.shared.kerberos.codec.encTicketPart.EncTicketPartContainer;
41 import org.apache.directory.shared.kerberos.codec.encryptedData.EncryptedDataContainer;
42 import org.apache.directory.shared.kerberos.codec.encryptionKey.EncryptionKeyContainer;
43 import org.apache.directory.shared.kerberos.codec.krbPriv.KrbPrivContainer;
44 import org.apache.directory.shared.kerberos.codec.paEncTsEnc.PaEncTsEncContainer;
45 import org.apache.directory.shared.kerberos.codec.principalName.PrincipalNameContainer;
46 import org.apache.directory.shared.kerberos.codec.ticket.TicketContainer;
47 import org.apache.directory.shared.kerberos.components.AuthorizationData;
48 import org.apache.directory.shared.kerberos.components.EncKdcRepPart;
49 import org.apache.directory.shared.kerberos.components.EncKrbPrivPart;
50 import org.apache.directory.shared.kerberos.components.EncTicketPart;
51 import org.apache.directory.shared.kerberos.components.EncryptedData;
52 import org.apache.directory.shared.kerberos.components.EncryptionKey;
53 import org.apache.directory.shared.kerberos.components.PaEncTsEnc;
54 import org.apache.directory.shared.kerberos.components.PrincipalName;
55 import org.apache.directory.shared.kerberos.exceptions.ErrorType;
56 import org.apache.directory.shared.kerberos.exceptions.KerberosException;
57 import org.apache.directory.shared.kerberos.messages.ApRep;
58 import org.apache.directory.shared.kerberos.messages.ApReq;
59 import org.apache.directory.shared.kerberos.messages.Authenticator;
60 import org.apache.directory.shared.kerberos.messages.EncApRepPart;
61 import org.apache.directory.shared.kerberos.messages.EncAsRepPart;
62 import org.apache.directory.shared.kerberos.messages.EncTgsRepPart;
63 import org.apache.directory.shared.kerberos.messages.KrbPriv;
64 import org.apache.directory.shared.kerberos.messages.Ticket;
65 import org.slf4j.Logger;
66 import org.slf4j.LoggerFactory;
67
68
69
70
71
72 public class KerberosDecoder
73 {
74
75
76 private static Logger LOG = LoggerFactory.getLogger( KerberosDecoder.class );
77
78
79 private static final boolean IS_DEBUG = LOG.isDebugEnabled();
80
81
82 public static Object decode( KerberosMessageContainer kerberosMessageContainer ) throws DecoderException
83 {
84 ByteBuffer buf = kerberosMessageContainer.getStream();
85
86 if ( kerberosMessageContainer.isTCP() )
87 {
88 if ( buf.remaining() > 4 )
89 {
90 kerberosMessageContainer.setTcpLength( buf.getInt() );
91 buf.mark();
92 }
93 else
94 {
95 return null;
96 }
97 }
98 else
99 {
100 buf.mark();
101 }
102
103 while ( buf.hasRemaining() )
104 {
105 try
106 {
107 Asn1Decoder.decode( buf, kerberosMessageContainer );
108
109 if ( kerberosMessageContainer.getState() == TLVStateEnum.PDU_DECODED )
110 {
111 if ( IS_DEBUG )
112 {
113 LOG.debug( "Decoded KerberosMessage : {}", kerberosMessageContainer.getMessage() );
114 buf.mark();
115 }
116
117 return kerberosMessageContainer.getMessage();
118 }
119 }
120 catch ( DecoderException de )
121 {
122 LOG.warn( "error while decoding", de );
123 buf.clear();
124 kerberosMessageContainer.clean();
125 throw de;
126 }
127 }
128
129 return null;
130 }
131
132
133
134
135
136
137
138
139
140 public static EncryptedData decodeEncryptedData( byte[] data ) throws KerberosException
141 {
142 ByteBuffer stream = ByteBuffer.allocate( data.length );
143 stream.put( data );
144 stream.flip();
145
146
147 Asn1Container encryptedDataContainer = new EncryptedDataContainer();
148
149
150 try
151 {
152 Asn1Decoder.decode( stream, encryptedDataContainer );
153 }
154 catch ( DecoderException de )
155 {
156 throw new KerberosException( ErrorType.KRB_AP_ERR_BAD_INTEGRITY, de );
157 }
158
159
160 return ( ( EncryptedDataContainer ) encryptedDataContainer ).getEncryptedData();
161 }
162
163
164
165
166
167
168
169
170
171 public static PaEncTsEnc decodePaEncTsEnc( byte[] data ) throws KerberosException
172 {
173 ByteBuffer stream = ByteBuffer.allocate( data.length );
174 stream.put( data );
175 stream.flip();
176
177
178 Asn1Container paEncTsEncContainer = new PaEncTsEncContainer();
179
180
181 try
182 {
183 Asn1Decoder.decode( stream, paEncTsEncContainer );
184 }
185 catch ( DecoderException de )
186 {
187 throw new KerberosException( ErrorType.KRB_AP_ERR_BAD_INTEGRITY, de );
188 }
189
190
191 return ( ( PaEncTsEncContainer ) paEncTsEncContainer ).getPaEncTsEnc();
192 }
193
194
195
196
197
198
199
200
201
202 public static EncApRepPart decodeEncApRepPart( byte[] data ) throws KerberosException
203 {
204 ByteBuffer stream = ByteBuffer.allocate( data.length );
205 stream.put( data );
206 stream.flip();
207
208
209 Asn1Container encApRepPartContainer = new EncApRepPartContainer( stream );
210
211
212 try
213 {
214 Asn1Decoder.decode( stream, encApRepPartContainer );
215 }
216 catch ( DecoderException de )
217 {
218 throw new KerberosException( ErrorType.KRB_AP_ERR_BAD_INTEGRITY, de );
219 }
220
221
222 return ( ( EncApRepPartContainer ) encApRepPartContainer ).getEncApRepPart();
223 }
224
225
226
227
228
229
230
231
232
233 public static EncKdcRepPart decodeEncKdcRepPart( byte[] data ) throws KerberosException
234 {
235 ByteBuffer stream = ByteBuffer.allocate( data.length );
236 stream.put( data );
237 stream.flip();
238
239
240 Asn1Container encKdcRepPartContainer = new EncKdcRepPartContainer( stream );
241
242
243 try
244 {
245 Asn1Decoder.decode( stream, encKdcRepPartContainer );
246 }
247 catch ( DecoderException de )
248 {
249 throw new KerberosException( ErrorType.KRB_AP_ERR_BAD_INTEGRITY, de );
250 }
251
252
253 return ( ( EncKdcRepPartContainer ) encKdcRepPartContainer ).getEncKdcRepPart();
254 }
255
256
257
258
259
260
261
262
263
264 public static EncKrbPrivPart decodeEncKrbPrivPart( byte[] data ) throws KerberosException
265 {
266 ByteBuffer stream = ByteBuffer.allocate( data.length );
267 stream.put( data );
268 stream.flip();
269
270
271 Asn1Container encKrbPrivPartContainer = new EncKrbPrivPartContainer( stream );
272
273
274 try
275 {
276 Asn1Decoder.decode( stream, encKrbPrivPartContainer );
277 }
278 catch ( DecoderException de )
279 {
280 throw new KerberosException( ErrorType.KRB_AP_ERR_BAD_INTEGRITY, de );
281 }
282
283
284 return ( ( EncKrbPrivPartContainer ) encKrbPrivPartContainer ).getEncKrbPrivPart();
285 }
286
287
288
289
290
291
292
293
294
295 public static EncTicketPart decodeEncTicketPart( byte[] data ) throws KerberosException
296 {
297 ByteBuffer stream = ByteBuffer.allocate( data.length );
298 stream.put( data );
299 stream.flip();
300
301
302 Asn1Container encTicketPartContainer = new EncTicketPartContainer( stream );
303
304
305 try
306 {
307 Asn1Decoder.decode( stream, encTicketPartContainer );
308 }
309 catch ( DecoderException de )
310 {
311 throw new KerberosException( ErrorType.KRB_AP_ERR_BAD_INTEGRITY, de );
312 }
313
314
315 return ( ( EncTicketPartContainer ) encTicketPartContainer ).getEncTicketPart();
316 }
317
318
319
320
321
322
323
324
325
326 public static EncryptionKey decodeEncryptionKey( byte[] data ) throws KerberosException
327 {
328 ByteBuffer stream = ByteBuffer.allocate( data.length );
329 stream.put( data );
330 stream.flip();
331
332
333 Asn1Container encryptionKeyContainer = new EncryptionKeyContainer();
334
335
336 try
337 {
338 Asn1Decoder.decode( stream, encryptionKeyContainer );
339 }
340 catch ( DecoderException de )
341 {
342 throw new KerberosException( ErrorType.KRB_AP_ERR_BAD_INTEGRITY, de );
343 }
344
345
346 return ( ( EncryptionKeyContainer ) encryptionKeyContainer ).getEncryptionKey();
347 }
348
349
350
351
352
353
354
355
356
357 public static PrincipalName decodePrincipalName( byte[] data ) throws KerberosException
358 {
359 ByteBuffer stream = ByteBuffer.allocate( data.length );
360 stream.put( data );
361 stream.flip();
362
363
364 Asn1Container principalNameContainer = new PrincipalNameContainer();
365
366
367 try
368 {
369 Asn1Decoder.decode( stream, principalNameContainer );
370 }
371 catch ( DecoderException de )
372 {
373 throw new KerberosException( ErrorType.KRB_AP_ERR_BAD_INTEGRITY, de );
374 }
375
376
377 return ( ( PrincipalNameContainer ) principalNameContainer ).getPrincipalName();
378 }
379
380
381
382
383
384
385
386
387
388 public static Ticket decodeTicket( byte[] data ) throws KerberosException
389 {
390 ByteBuffer stream = ByteBuffer.allocate( data.length );
391 stream.put( data );
392 stream.flip();
393
394
395 Asn1Container ticketContainer = new TicketContainer( stream );
396
397
398 try
399 {
400 Asn1Decoder.decode( stream, ticketContainer );
401 }
402 catch ( DecoderException de )
403 {
404 throw new KerberosException( ErrorType.KRB_AP_ERR_BAD_INTEGRITY, de );
405 }
406
407
408 return ( ( TicketContainer ) ticketContainer ).getTicket();
409 }
410
411
412
413
414
415
416
417
418
419 public static Authenticator decodeAuthenticator( byte[] data ) throws KerberosException
420 {
421 ByteBuffer stream = ByteBuffer.allocate( data.length );
422 stream.put( data );
423 stream.flip();
424
425
426 Asn1Container authenticatorContainer = new AuthenticatorContainer( stream );
427
428
429 try
430 {
431 Asn1Decoder.decode( stream, authenticatorContainer );
432 }
433 catch ( DecoderException de )
434 {
435 throw new KerberosException( ErrorType.KRB_AP_ERR_BAD_INTEGRITY, de );
436 }
437
438
439 return ( ( AuthenticatorContainer ) authenticatorContainer ).getAuthenticator();
440 }
441
442
443
444
445
446
447
448
449
450 public static AuthorizationData decodeAuthorizationData( byte[] data ) throws KerberosException
451 {
452 ByteBuffer stream = ByteBuffer.allocate( data.length );
453 stream.put( data );
454 stream.flip();
455
456
457 Asn1Container authorizationDataContainer = new AuthorizationDataContainer();
458
459
460 try
461 {
462 Asn1Decoder.decode( stream, authorizationDataContainer );
463 }
464 catch ( DecoderException de )
465 {
466 throw new KerberosException( ErrorType.KRB_AP_ERR_BAD_INTEGRITY, de );
467 }
468
469
470 return ( ( AuthorizationDataContainer ) authorizationDataContainer ).getAuthorizationData();
471 }
472
473
474
475
476
477
478
479
480
481 public static ApRep decodeApRep( byte[] data ) throws KerberosException
482 {
483 ByteBuffer stream = ByteBuffer.allocate( data.length );
484 stream.put( data );
485 stream.flip();
486
487
488 Asn1Container apRepContainer = new ApRepContainer( stream );
489
490
491 try
492 {
493 Asn1Decoder.decode( stream, apRepContainer );
494 }
495 catch ( DecoderException de )
496 {
497 throw new KerberosException( ErrorType.KRB_AP_ERR_BAD_INTEGRITY, de );
498 }
499
500
501 return ( ( ApRepContainer ) apRepContainer ).getApRep();
502 }
503
504
505
506
507
508
509
510
511
512 public static ApReq decodeApReq( byte[] data ) throws KerberosException
513 {
514 ByteBuffer stream = ByteBuffer.allocate( data.length );
515 stream.put( data );
516 stream.flip();
517
518
519 Asn1Container apReqContainer = new ApReqContainer( stream );
520
521
522 try
523 {
524 Asn1Decoder.decode( stream, apReqContainer );
525 }
526 catch ( DecoderException de )
527 {
528 throw new KerberosException( ErrorType.KRB_AP_ERR_BAD_INTEGRITY, de );
529 }
530
531
532 return ( ( ApReqContainer ) apReqContainer ).getApReq();
533 }
534
535
536
537
538
539
540
541
542
543 public static KrbPriv decodeKrbPriv( byte[] data ) throws KerberosException
544 {
545 ByteBuffer stream = ByteBuffer.allocate( data.length );
546 stream.put( data );
547 stream.flip();
548
549
550 Asn1Container krbPrivContainer = new KrbPrivContainer( stream );
551
552
553 try
554 {
555 Asn1Decoder.decode( stream, krbPrivContainer );
556 }
557 catch ( DecoderException de )
558 {
559 throw new KerberosException( ErrorType.KRB_AP_ERR_BAD_INTEGRITY, de );
560 }
561
562
563 return ( ( KrbPrivContainer ) krbPrivContainer ).getKrbPriv();
564 }
565
566
567
568
569
570
571
572
573
574 public static EncAsRepPart decodeEncAsRepPart( byte[] data ) throws KerberosException
575 {
576 ByteBuffer stream = ByteBuffer.allocate( data.length );
577 stream.put( data );
578 stream.flip();
579
580
581 Asn1Container encAsRepPartContainer = new EncAsRepPartContainer( stream );
582
583
584 try
585 {
586 Asn1Decoder.decode( stream, encAsRepPartContainer );
587 }
588 catch ( DecoderException de )
589 {
590 throw new KerberosException( ErrorType.KRB_AP_ERR_BAD_INTEGRITY, de );
591 }
592
593
594 return ( ( EncAsRepPartContainer ) encAsRepPartContainer ).getEncAsRepPart();
595 }
596
597
598
599
600
601
602
603
604
605 public static EncTgsRepPart decodeEncTgsRepPart( byte[] data ) throws ChangePasswordException
606 {
607 ByteBuffer stream = ByteBuffer.allocate( data.length );
608 stream.put( data );
609 stream.flip();
610
611
612 Asn1Container encTgsRepPartContainer = new EncTgsRepPartContainer( stream );
613
614
615 try
616 {
617 Asn1Decoder.decode( stream, encTgsRepPartContainer );
618 }
619 catch ( DecoderException de )
620 {
621 throw new ChangePasswordException( ChangePasswdErrorType.KRB5_KPASSWD_MALFORMED, de );
622 }
623
624
625 return ( ( EncTgsRepPartContainer ) encTgsRepPartContainer ).getEncTgsRepPart();
626 }
627 }