1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20 package org.apache.directory.shared.kerberos.messages;
21
22
23 import java.nio.BufferOverflowException;
24 import java.nio.ByteBuffer;
25
26 import org.apache.directory.api.asn1.EncoderException;
27 import org.apache.directory.api.asn1.ber.tlv.BerValue;
28 import org.apache.directory.api.asn1.ber.tlv.TLV;
29 import org.apache.directory.api.asn1.ber.tlv.UniversalTag;
30 import org.apache.directory.api.util.Strings;
31 import org.apache.directory.server.i18n.I18n;
32 import org.apache.directory.shared.kerberos.KerberosConstants;
33 import org.apache.directory.shared.kerberos.KerberosMessageType;
34 import org.apache.directory.shared.kerberos.KerberosTime;
35 import org.apache.directory.shared.kerberos.components.PrincipalName;
36 import org.apache.directory.shared.kerberos.exceptions.ErrorType;
37 import org.slf4j.Logger;
38 import org.slf4j.LoggerFactory;
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63 public class KrbError extends KerberosMessage
64 {
65
66
67 private static final Logger log = LoggerFactory.getLogger( KrbError.class );
68
69
70 private static final boolean IS_DEBUG = log.isDebugEnabled();
71
72
73 private KerberosTime cTime;
74
75
76 private Integer cusec;
77
78
79 private KerberosTime sTime;
80
81
82 private int susec;
83
84
85 private ErrorType errorCode;
86
87
88 private String cRealm;
89
90
91 private PrincipalName cName;
92
93
94 private String realm;
95
96
97 private PrincipalName sName;
98
99
100 private String eText;
101
102
103 private byte[] eData;
104
105
106 private int pvnoLength;
107 private int msgTypeLength;
108 private int cTimeLength;
109 private int cusecLength;
110 private int sTimeLength;
111 private int susecLength;
112 private int errorCodeLength;
113 private int cRealmLength;
114 private byte[] crealmBytes;
115 private int cNameLength;
116 private int realmLength;
117 private byte[] realmBytes;
118 private int sNameLength;
119 private int eTextLength;
120 private byte[] eTextBytes;
121 private int eDataLength;
122 private int krbErrorSeqLength;
123 private int krbErrorLength;
124
125
126
127
128
129 public KrbError()
130 {
131 super( KerberosMessageType.KRB_ERROR );
132 }
133
134
135
136
137
138 public KerberosTime getCTime()
139 {
140 return cTime;
141 }
142
143
144
145
146
147 public void setCTime( KerberosTime cTime )
148 {
149 this.cTime = cTime;
150 }
151
152
153
154
155
156 public int getCusec()
157 {
158 if ( cusec == null )
159 {
160 return 0;
161 }
162
163 return cusec;
164 }
165
166
167
168
169
170 public void setCusec( int cusec )
171 {
172 this.cusec = cusec;
173 }
174
175
176
177
178
179 public KerberosTime getSTime()
180 {
181 return sTime;
182 }
183
184
185
186
187
188 public void setSTime( KerberosTime sTime )
189 {
190 this.sTime = sTime;
191 }
192
193
194
195
196
197 public int getSusec()
198 {
199 return susec;
200 }
201
202
203
204
205
206 public void setSusec( int susec )
207 {
208 this.susec = susec;
209 }
210
211
212
213
214
215 public ErrorType getErrorCode()
216 {
217 return errorCode;
218 }
219
220
221
222
223
224 public void setErrorCode( ErrorType errorCode )
225 {
226 this.errorCode = errorCode;
227 }
228
229
230
231
232
233 public String getCRealm()
234 {
235 return cRealm;
236 }
237
238
239
240
241
242 public void setCRealm( String cRealm )
243 {
244 this.cRealm = cRealm;
245 }
246
247
248
249
250
251 public PrincipalName getCName()
252 {
253 return cName;
254 }
255
256
257
258
259
260 public void setCName( PrincipalName cName )
261 {
262 this.cName = cName;
263 }
264
265
266
267
268
269 public String getRealm()
270 {
271 return realm;
272 }
273
274
275
276
277
278 public void setRealm( String realm )
279 {
280 this.realm = realm;
281 }
282
283
284
285
286
287 public PrincipalName getSName()
288 {
289 return sName;
290 }
291
292
293
294
295
296 public void setSName( PrincipalName sName )
297 {
298 this.sName = sName;
299 }
300
301
302
303
304
305 public String getEText()
306 {
307 return eText;
308 }
309
310
311
312
313
314 public void setEText( String eText )
315 {
316 this.eText = eText;
317 }
318
319
320
321
322
323 public byte[] getEData()
324 {
325 return eData;
326 }
327
328
329
330
331
332 public void setEData( byte[] eData )
333 {
334 this.eData = eData;
335 }
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400 public int computeLength()
401 {
402
403 pvnoLength = 1 + 1 + 1;
404 krbErrorSeqLength = 1 + TLV.getNbBytes( pvnoLength ) + pvnoLength;
405
406
407 msgTypeLength = 1 + 1 + BerValue.getNbBytes( getMessageType().getValue() );
408 krbErrorSeqLength += 1 + TLV.getNbBytes( msgTypeLength ) + msgTypeLength;
409
410
411 if ( cTime != null )
412 {
413 cTimeLength = 1 + 1 + 0x0F;
414 krbErrorSeqLength += 1 + TLV.getNbBytes( cTimeLength ) + cTimeLength;
415 }
416
417
418 if ( cusec != null )
419 {
420 int cusecLen = BerValue.getNbBytes( cusec );
421 cusecLength = 1 + TLV.getNbBytes( cusecLen ) + cusecLen;
422 krbErrorSeqLength += 1 + TLV.getNbBytes( cusecLength ) + cusecLength;
423 }
424
425
426 sTimeLength = 1 + 1 + 0x0F;
427 krbErrorSeqLength += 1 + TLV.getNbBytes( sTimeLength ) + sTimeLength;
428
429
430 int susecLen = BerValue.getNbBytes( susec );
431 susecLength = 1 + TLV.getNbBytes( susecLen ) + susecLen;
432 krbErrorSeqLength += 1 + TLV.getNbBytes( susecLength ) + susecLength;
433
434
435 errorCodeLength = 1 + 1 + BerValue.getNbBytes( errorCode.getValue() );
436 krbErrorSeqLength += 1 + TLV.getNbBytes( errorCodeLength ) + errorCodeLength;
437
438
439 if ( cRealm != null )
440 {
441 crealmBytes = Strings.getBytesUtf8( cRealm );
442 cRealmLength = 1 + TLV.getNbBytes( crealmBytes.length ) + crealmBytes.length;
443 krbErrorSeqLength += 1 + TLV.getNbBytes( cRealmLength ) + cRealmLength;
444 }
445
446
447 if ( cName != null )
448 {
449 cNameLength = cName.computeLength();
450 krbErrorSeqLength += 1 + TLV.getNbBytes( cNameLength ) + cNameLength;
451 }
452
453
454 realmBytes = Strings.getBytesUtf8( realm );
455 realmLength = 1 + TLV.getNbBytes( realmBytes.length ) + realmBytes.length;
456 krbErrorSeqLength += 1 + TLV.getNbBytes( realmLength ) + realmLength;
457
458
459 sNameLength = sName.computeLength();
460 krbErrorSeqLength += 1 + TLV.getNbBytes( sNameLength ) + sNameLength;
461
462
463 if ( eText != null )
464 {
465 eTextBytes = Strings.getBytesUtf8( eText );
466 eTextLength = 1 + TLV.getNbBytes( eTextBytes.length ) + eTextBytes.length;
467 krbErrorSeqLength += 1 + TLV.getNbBytes( eTextLength ) + eTextLength;
468 }
469
470
471 if ( eData != null )
472 {
473 eDataLength = 1 + TLV.getNbBytes( eData.length ) + eData.length;
474 krbErrorSeqLength += 1 + TLV.getNbBytes( eDataLength ) + eDataLength;
475 }
476
477
478 krbErrorLength = 1 + TLV.getNbBytes( krbErrorSeqLength ) + krbErrorSeqLength;
479
480 return 1 + TLV.getNbBytes( krbErrorLength ) + krbErrorLength;
481 }
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520 public ByteBuffer encode( ByteBuffer buffer ) throws EncoderException
521 {
522 if ( buffer == null )
523 {
524 throw new EncoderException( I18n.err( I18n.ERR_148 ) );
525 }
526
527 try
528 {
529
530 buffer.put( ( byte ) KerberosConstants.KRB_ERROR_TAG );
531 buffer.put( TLV.getBytes( krbErrorLength ) );
532
533
534 buffer.put( UniversalTag.SEQUENCE.getValue() );
535 buffer.put( TLV.getBytes( krbErrorSeqLength ) );
536
537
538 buffer.put( ( byte ) KerberosConstants.KRB_ERROR_PVNO_TAG );
539 buffer.put( TLV.getBytes( pvnoLength ) );
540 BerValue.encode( buffer, getProtocolVersionNumber() );
541
542
543 buffer.put( ( byte ) KerberosConstants.KRB_ERROR_MSGTYPE_TAG );
544 buffer.put( TLV.getBytes( msgTypeLength ) );
545 BerValue.encode( buffer, getMessageType().getValue() );
546
547
548 if ( cTimeLength > 0 )
549 {
550
551 buffer.put( ( byte ) KerberosConstants.KRB_ERROR_CTIME_TAG );
552 buffer.put( TLV.getBytes( cTimeLength ) );
553
554
555 buffer.put( UniversalTag.GENERALIZED_TIME.getValue() );
556 buffer.put( ( byte ) 0x0F );
557 buffer.put( cTime.getBytes() );
558 }
559
560
561 if ( cusec != null )
562 {
563 buffer.put( ( byte ) KerberosConstants.KRB_ERROR_CUSEC_TAG );
564 buffer.put( TLV.getBytes( cusecLength ) );
565 BerValue.encode( buffer, cusec );
566 }
567
568
569
570 buffer.put( ( byte ) KerberosConstants.KRB_ERROR_STIME_TAG );
571 buffer.put( TLV.getBytes( sTimeLength ) );
572
573
574 buffer.put( UniversalTag.GENERALIZED_TIME.getValue() );
575 buffer.put( ( byte ) 0x0F );
576 buffer.put( sTime.getBytes() );
577
578
579 buffer.put( ( byte ) KerberosConstants.KRB_ERROR_SUSEC_TAG );
580 buffer.put( TLV.getBytes( susecLength ) );
581 BerValue.encode( buffer, susec );
582
583
584 buffer.put( ( byte ) KerberosConstants.KRB_ERROR_ERROR_CODE_TAG );
585 buffer.put( TLV.getBytes( errorCodeLength ) );
586 BerValue.encode( buffer, errorCode.getValue() );
587
588
589 if ( cRealm != null )
590 {
591 buffer.put( ( byte ) KerberosConstants.KRB_ERROR_CREALM_TAG );
592 buffer.put( TLV.getBytes( cRealmLength ) );
593
594 buffer.put( UniversalTag.GENERAL_STRING.getValue() );
595 buffer.put( TLV.getBytes( crealmBytes.length ) );
596 buffer.put( crealmBytes );
597 }
598
599
600 if ( cName != null )
601 {
602 buffer.put( ( byte ) KerberosConstants.KRB_ERROR_CNAME_TAG );
603 buffer.put( TLV.getBytes( cNameLength ) );
604 cName.encode( buffer );
605 }
606
607
608
609 buffer.put( ( byte ) KerberosConstants.KRB_ERROR_REALM_TAG );
610 buffer.put( TLV.getBytes( realmLength ) );
611
612
613 buffer.put( UniversalTag.GENERAL_STRING.getValue() );
614 buffer.put( TLV.getBytes( realmBytes.length ) );
615 buffer.put( realmBytes );
616
617
618 buffer.put( ( byte ) KerberosConstants.KRB_ERROR_SNAME_TAG );
619 buffer.put( TLV.getBytes( sNameLength ) );
620 sName.encode( buffer );
621
622
623 if ( eText != null )
624 {
625 buffer.put( ( byte ) KerberosConstants.KRB_ERROR_ETEXT_TAG );
626 buffer.put( TLV.getBytes( eTextLength ) );
627
628 buffer.put( UniversalTag.GENERAL_STRING.getValue() );
629 buffer.put( TLV.getBytes( eTextBytes.length ) );
630 buffer.put( eTextBytes );
631 }
632
633
634 if ( eData != null )
635 {
636 buffer.put( ( byte ) KerberosConstants.KRB_ERROR_EDATA_TAG );
637 buffer.put( TLV.getBytes( eDataLength ) );
638 BerValue.encode( buffer, eData );
639 }
640 }
641 catch ( BufferOverflowException boe )
642 {
643 log.error( I18n.err( I18n.ERR_734_CANNOT_ENCODE_KRBERROR, 1 + TLV.getNbBytes( krbErrorLength )
644 + krbErrorLength, buffer.capacity() ) );
645 throw new EncoderException( I18n.err( I18n.ERR_138 ), boe );
646 }
647
648 if ( IS_DEBUG )
649 {
650 log.debug( "KrbError encoding : {}", Strings.dumpBytes( buffer.array() ) );
651 log.debug( "KrbError initial value : {}", this );
652 }
653
654 return buffer;
655 }
656
657
658
659
660
661 public String toString()
662 {
663 StringBuilder sb = new StringBuilder();
664
665 sb.append( "\nKRB-ERROR : {\n" );
666 sb.append( " pvno: " ).append( getProtocolVersionNumber() ).append( '\n' );
667 sb.append( " msgType: " ).append( getMessageType() ).append( '\n' );
668
669 if ( cTime != null )
670 {
671 sb.append( " cTime: " ).append( cTime ).append( '\n' );
672 }
673
674 if ( cusec != null )
675 {
676 sb.append( " cusec: " ).append( cusec ).append( '\n' );
677 }
678
679 sb.append( " sTime: " ).append( sTime ).append( '\n' );
680 sb.append( " susec: " ).append( susec ).append( '\n' );
681 sb.append( " errorCode: " ).append( errorCode ).append( '\n' );
682
683 if ( cRealm != null )
684 {
685 sb.append( " cRealm: " ).append( cRealm ).append( '\n' );
686 }
687
688 if ( cName != null )
689 {
690 sb.append( " cName: " ).append( cName ).append( '\n' );
691 }
692
693 sb.append( " realm: " ).append( realm ).append( '\n' );
694
695 sb.append( " sName: " ).append( sName ).append( '\n' );
696
697 if ( eText != null )
698 {
699 sb.append( " eText: " ).append( eText ).append( '\n' );
700 }
701
702 if ( eData != null )
703 {
704 sb.append( " eData: " ).append( Strings.dumpBytes( eData ) ).append( '\n' );
705 }
706
707 sb.append( "}\n" );
708
709 return sb.toString();
710 }
711 }