/*
* Copyright (C) 2006-2008 Alfresco Software Limited.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing
* the FLOSS exception, and it is also available here:
* http://www.alfresco.com/legal/licensing"
*/
package org.alfresco.jlan.server.auth.kerberos;
import java.io.IOException;
import org.alfresco.jlan.server.auth.asn.DERBitString;
import org.alfresco.jlan.server.auth.asn.DERBuffer;
import org.alfresco.jlan.server.auth.asn.DERGeneralString;
import org.alfresco.jlan.server.auth.asn.DERInteger;
import org.alfresco.jlan.server.auth.asn.DERObject;
import org.alfresco.jlan.server.auth.asn.DEROctetString;
import org.alfresco.jlan.server.auth.asn.DERSequence;
/**
* Encrypted Part Kerberos Ticket Class
*
* @author gkspencer
*/
public class EncKrbTicket {
// Encrypted ticket fields
//
// Flags
private int m_flags;
// Encryption key
private int m_encKeyType;
private byte[] m_encKey;
// Realm
private String m_realm;
// Principal name
private String m_principalName;
// Authorization data
private int m_authType = -1;
private byte[] m_authData;
/**
* Default constructor
*/
public EncKrbTicket()
{
}
/**
* Class constructor
*
* @param byte[] blob
* @exception IOException
*/
public EncKrbTicket( byte[] blob)
throws IOException
{
parseEncTicket( blob);
}
/**
* Return the flags
*
* @return int
*/
public final int getFlags()
{
return m_flags;
}
/**
* Return the realm
*
* @return String
*/
public final String getRealm()
{
return m_realm;
}
/**
* Return the encryption key type
*
* @return int
*/
public final int getEncryptionKeyType()
{
return m_encKeyType;
}
/**
* Return the encryption key
*
* @return byte[]
*/
public final byte[] getEncryptionKey()
{
return m_encKey;
}
/**
* Return the authorization data type, or -1 if not present
*
* @return int
*/
public final int getAuthorizationDataType()
{
return m_authType;
}
/**
* Return the authorization data
*
* @return byte[]
*/
public final byte[] getAuthorizationData()
{
return m_authData;
}
/**
* Parse an encrypted Kerberos ticket part
*
* @param byte[] encPart
* @exception IOException
*/
public void parseEncTicket( byte[] blob)
throws IOException
{
// Create a stream to parse the ASN.1 encoded Kerberos ticket blob
DERBuffer derBuf = new DERBuffer( blob);
DERObject derObj = derBuf.unpackObject();
if ( derObj instanceof DERSequence)
{
// Enumerate the Kerberos ticket objects
DERSequence derSeq = (DERSequence) derObj;
for ( int idx = 0; idx < derSeq.numberOfObjects(); idx++)
{
// Read an object
derObj = (DERObject) derSeq.getObjectAt(idx);
if ( derObj != null && derObj.isTagged())
{
switch ( derObj.getTagNo())
{
// Flags
case 0:
if ( derObj instanceof DERBitString)
{
DERBitString derBits = (DERBitString) derObj;
m_flags = derBits.intValue();
}
break;
// Key
case 1:
if ( derObj instanceof DERSequence)
{
DERSequence derEncSeq = (DERSequence) derObj;
// Enumerate the sequence
for ( int i = 0; i < derEncSeq.numberOfObjects(); i++)
{
// Get the current sequence element
derObj = (DERObject) derEncSeq.getObjectAt(i);
if ( derObj != null && derObj.isTagged())
{
switch ( derObj.getTagNo())
{
// Encryption key type
case 0:
if ( derObj instanceof DERInteger)
{
DERInteger derInt = (DERInteger) derObj;
m_encKeyType = (int) derInt.getValue();
}
break;
// Encryption key
case 1:
if ( derObj instanceof DEROctetString)
{
DEROctetString derOct = (DEROctetString) derObj;
m_encKey = derOct.getValue();
}
break;
}
}
}
}
break;
// Realm
case 2:
if ( derObj instanceof DERGeneralString)
{
DERGeneralString derStr = (DERGeneralString) derObj;
m_realm = derStr.getValue();
}
break;
// Principal name
case 3:
break;
// Transited encoding
case 4:
break;
// Auth time
case 5:
break;
// Start time
case 6:
break;
// End time
case 7:
break;
// Renew till
case 8:
break;
// Host address
case 9:
break;
// Authorization data
case 10:
break;
}
}
}
}
}
/**
* Return the encrypted ticket part as a string
*
* @return String
*/
public String toString()
{
StringBuilder str = new StringBuilder();
str.append("[EncKrbTkt Flags=0x");
str.append(Integer.toHexString( getFlags()));
str.append(",Key=Type=");
str.append(getEncryptionKeyType());
str.append(",Len=");
str.append(getEncryptionKey().length);
str.append(",Realm=");
str.append(getRealm());
str.append("]");
return str.toString();
}
}