1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20 package org.apache.directory.shared.kerberos.messages;
21
22
23 import java.nio.BufferOverflowException;
24 import java.nio.ByteBuffer;
25
26 import org.apache.directory.api.asn1.EncoderException;
27 import org.apache.directory.api.asn1.ber.tlv.BerValue;
28 import org.apache.directory.api.asn1.ber.tlv.TLV;
29 import org.apache.directory.api.asn1.ber.tlv.UniversalTag;
30 import org.apache.directory.api.util.Strings;
31 import org.apache.directory.server.i18n.I18n;
32 import org.apache.directory.shared.kerberos.KerberosConstants;
33 import org.apache.directory.shared.kerberos.KerberosMessageType;
34 import org.apache.directory.shared.kerberos.KerberosTime;
35 import org.apache.directory.shared.kerberos.components.AuthorizationData;
36 import org.apache.directory.shared.kerberos.components.Checksum;
37 import org.apache.directory.shared.kerberos.components.EncryptionKey;
38 import org.apache.directory.shared.kerberos.components.PrincipalName;
39 import org.slf4j.Logger;
40 import org.slf4j.LoggerFactory;
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61 public class Authenticator extends KerberosMessage
62 {
63
64 private static final Logger LOG = LoggerFactory.getLogger( Authenticator.class );
65
66
67 private static final boolean IS_DEBUG = LOG.isDebugEnabled();
68
69
70 private int versionNumber;
71
72
73 private String crealm;
74
75
76 private PrincipalName cname;
77
78
79 private Checksum cksum;
80
81
82 private int cusec;
83
84
85 private KerberosTime ctime;
86
87
88 private EncryptionKey subKey;
89
90
91 private Integer seqNumber;
92
93
94 private AuthorizationData authorizationData;
95
96
97 private int authenticatorVnoLength;
98 private int crealmLength;
99 private byte[] crealmBytes;
100 private int cnameLength;
101 private int cksumLength;
102 private int cusecLength;
103 private int ctimeLength;
104 private int subkeyLength;
105 private int seqNumberLength;
106 private int authorizationDataLength;
107 private int authenticatorSeqLength;
108 private int authenticatorLength;
109
110
111
112
113
114 public Authenticator()
115 {
116 super( KerberosMessageType.AUTHENTICATOR );
117 versionNumber = getProtocolVersionNumber();
118 }
119
120
121
122
123
124
125
126 public AuthorizationData getAuthorizationData()
127 {
128 return authorizationData;
129 }
130
131
132
133
134
135 public void setAuthorizationData( AuthorizationData authorizationData )
136 {
137 this.authorizationData = authorizationData;
138 }
139
140
141
142
143
144 public Checksum getCksum()
145 {
146 return cksum;
147 }
148
149
150
151
152
153 public void setCksum( Checksum cksum )
154 {
155 this.cksum = cksum;
156 }
157
158
159
160
161
162 public PrincipalName getCName()
163 {
164 return cname;
165 }
166
167
168
169
170
171 public void setCName( PrincipalName cname )
172 {
173 this.cname = cname;
174 }
175
176
177
178
179
180 public String getCRealm()
181 {
182 return crealm;
183 }
184
185
186
187
188
189 public void setCRealm( String crealm )
190 {
191 this.crealm = crealm;
192 }
193
194
195
196
197
198 public KerberosTime getCtime()
199 {
200 return ctime;
201 }
202
203
204
205
206
207 public void setCTime( KerberosTime ctime )
208 {
209 this.ctime = ctime;
210 }
211
212
213
214
215
216 public int getCusec()
217 {
218 return cusec;
219 }
220
221
222
223
224
225 public void setCusec( int cusec )
226 {
227 this.cusec = cusec;
228 }
229
230
231
232
233
234 public Integer getSeqNumber()
235 {
236 return seqNumber;
237 }
238
239
240
241
242
243 public void setSeqNumber( int seqNumber )
244 {
245 this.seqNumber = Integer.valueOf( seqNumber );
246 }
247
248
249
250
251
252 public EncryptionKey getSubKey()
253 {
254 return subKey;
255 }
256
257
258
259
260
261 public void setSubKey( EncryptionKey subKey )
262 {
263 this.subKey = subKey;
264 }
265
266
267
268
269
270
271
272 public int getVersionNumber()
273 {
274 return versionNumber;
275 }
276
277
278
279
280
281 public void setVersionNumber( int versionNumber )
282 {
283 this.versionNumber = versionNumber;
284 }
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325 @Override
326 public int computeLength()
327 {
328 reset();
329
330
331 authenticatorVnoLength = 1 + 1 + BerValue.getNbBytes( getVersionNumber() );
332 authenticatorSeqLength = 1 + TLV.getNbBytes( authenticatorVnoLength ) + authenticatorVnoLength;
333
334
335 crealmBytes = Strings.getBytesUtf8( crealm );
336 crealmLength = 1 + TLV.getNbBytes( crealmBytes.length ) + crealmBytes.length;
337 authenticatorSeqLength += 1 + TLV.getNbBytes( crealmLength ) + crealmLength;
338
339
340 cnameLength = cname.computeLength();
341 authenticatorSeqLength += 1 + TLV.getNbBytes( cnameLength ) + cnameLength;
342
343
344 if ( cksum != null )
345 {
346 cksumLength = cksum.computeLength();
347 authenticatorSeqLength += 1 + TLV.getNbBytes( cksumLength ) + cksumLength;
348 }
349
350
351 cusecLength = 1 + 1 + BerValue.getNbBytes( cusec );
352 authenticatorSeqLength += 1 + TLV.getNbBytes( cusecLength ) + cusecLength;
353
354
355 ctimeLength = 1 + 1 + 0x0F;
356 authenticatorSeqLength += 1 + 1 + ctimeLength;
357
358
359 if ( subKey != null )
360 {
361 subkeyLength = subKey.computeLength();
362 authenticatorSeqLength += 1 + TLV.getNbBytes( subkeyLength ) + subkeyLength;
363 }
364
365
366 if ( seqNumber != null )
367 {
368 seqNumberLength = 1 + 1 + BerValue.getNbBytes( seqNumber );
369 authenticatorSeqLength += 1 + TLV.getNbBytes( seqNumberLength ) + seqNumberLength;
370 }
371
372
373 if ( authorizationData != null )
374 {
375 authorizationDataLength = authorizationData.computeLength();
376 authenticatorSeqLength += 1 + TLV.getNbBytes( authorizationDataLength ) + authorizationDataLength;
377 }
378
379
380 authenticatorLength = 1 + TLV.getNbBytes( authenticatorSeqLength ) + authenticatorSeqLength;
381
382 return 1 + TLV.getNbBytes( authenticatorLength ) + authenticatorLength;
383 }
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414 @Override
415 public ByteBuffer encode( ByteBuffer buffer ) throws EncoderException
416 {
417 if ( buffer == null )
418 {
419 buffer = ByteBuffer.allocate( computeLength() );
420 }
421
422 try
423 {
424
425 buffer.put( ( byte ) KerberosConstants.AUTHENTICATOR_TAG );
426 buffer.put( TLV.getBytes( authenticatorLength ) );
427
428
429 buffer.put( UniversalTag.SEQUENCE.getValue() );
430 buffer.put( TLV.getBytes( authenticatorSeqLength ) );
431
432
433
434 buffer.put( ( byte ) KerberosConstants.AUTHENTICATOR_AUTHENTICATOR_VNO_TAG );
435 buffer.put( TLV.getBytes( authenticatorVnoLength ) );
436
437
438 BerValue.encode( buffer, getVersionNumber() );
439
440
441
442 buffer.put( ( byte ) KerberosConstants.AUTHENTICATOR_CREALM_TAG );
443 buffer.put( TLV.getBytes( crealmLength ) );
444
445
446 buffer.put( UniversalTag.GENERAL_STRING.getValue() );
447 buffer.put( TLV.getBytes( crealmBytes.length ) );
448 buffer.put( crealmBytes );
449
450
451
452 buffer.put( ( byte ) KerberosConstants.AUTHENTICATOR_CNAME_TAG );
453 buffer.put( TLV.getBytes( cnameLength ) );
454
455
456 cname.encode( buffer );
457
458
459 if ( cksum != null )
460 {
461
462 buffer.put( ( byte ) KerberosConstants.AUTHENTICATOR_CKSUM_TAG );
463 buffer.put( TLV.getBytes( cksumLength ) );
464
465
466 cksum.encode( buffer );
467 }
468
469
470
471 buffer.put( ( byte ) KerberosConstants.AUTHENTICATOR_CUSEC_TAG );
472 buffer.put( TLV.getBytes( cusecLength ) );
473
474
475 BerValue.encode( buffer, cusec );
476
477
478
479 buffer.put( ( byte ) KerberosConstants.AUTHENTICATOR_CTIME_TAG );
480 buffer.put( TLV.getBytes( ctimeLength ) );
481
482
483 buffer.put( UniversalTag.GENERALIZED_TIME.getValue() );
484 buffer.put( ( byte ) 0x0F );
485 buffer.put( ctime.getBytes() );
486
487
488 if ( subKey != null )
489 {
490
491 buffer.put( ( byte ) KerberosConstants.AUTHENTICATOR_SUBKEY_TAG );
492 buffer.put( TLV.getBytes( subkeyLength ) );
493
494
495 subKey.encode( buffer );
496 }
497
498
499 if ( seqNumber != null )
500 {
501
502 buffer.put( (byte)KerberosConstants.AUTHENTICATOR_SEQ_NUMBER_TAG );
503 buffer.put( TLV.getBytes( seqNumberLength ) );
504
505
506 BerValue.encode( buffer, seqNumber );
507 }
508
509
510 if ( authorizationData != null )
511 {
512
513 buffer.put( ( byte ) KerberosConstants.AUTHENTICATOR_AUTHORIZATION_DATA_TAG );
514 buffer.put( TLV.getBytes( authorizationDataLength ) );
515
516
517 authorizationData.encode( buffer );
518 }
519 }
520 catch ( BufferOverflowException boe )
521 {
522 LOG.error( I18n.err( I18n.ERR_139, 1 + TLV.getNbBytes( 0 )
523 + 0, buffer.capacity() ) );
524 throw new EncoderException( I18n.err( I18n.ERR_138 ), boe );
525 }
526
527 if ( IS_DEBUG )
528 {
529 LOG.debug( "Authenticator encoding : {}", Strings.dumpBytes( buffer.array() ) );
530 LOG.debug( "Authenticator initial value : {}", this );
531 }
532
533 return buffer;
534 }
535
536
537
538
539
540 private void reset()
541 {
542 authenticatorVnoLength = 0;
543 crealmLength = 0;
544 crealmBytes = null;
545 cnameLength = 0;
546 cksumLength = 0;
547 cusecLength = 0;
548 ctimeLength = 0;
549 subkeyLength = 0;
550 seqNumberLength = 0;
551 authorizationDataLength = 0;
552 authenticatorSeqLength = 0;
553 authenticatorLength = 0;
554 }
555
556
557
558
559
560 public String toString()
561 {
562 StringBuilder sb = new StringBuilder();
563
564 sb.append( "Authenticator : \n" );
565
566 sb.append( " authenticator-vno : " ).append( getVersionNumber() ).append( '\n' );
567 sb.append( " crealm : " ).append( crealm ).append( '\n' );
568 sb.append( " cname : " ).append( cname ).append( '\n' );
569
570 if ( cksum != null )
571 {
572 sb.append( " cksum : " ).append( cksum ).append( '\n' );
573 }
574
575 sb.append( " cusec : " ).append( cusec ).append( '\n' );
576 sb.append( " ctime : " ).append( ctime ).append( '\n' );
577
578 if ( subKey != null )
579 {
580 sb.append( " subkey : " ).append( subKey ).append( '\n' );
581 }
582
583 if ( seqNumber != null )
584 {
585 sb.append( " seq-number : " ).append( seqNumber ).append( '\n' );
586 }
587
588 if ( authorizationData != null )
589 {
590 sb.append( " authorization-data : " ).append( authorizationData ).append( '\n' );
591 }
592
593 return sb.toString();
594 }
595 }