package org.apache.kerberos.kerb.crypto;
/**
* Based on MIT krb5 enc_rc4.c
*/
public class Rc4 {
private static byte[] L40 = "fortybits".getBytes();
public static byte[] getSalt(int usage, boolean exportable) {
int newUsage = convertUsage(usage);
byte[] salt;
if (exportable) {
salt = new byte[14];
System.arraycopy(L40, 0, salt, 0, 9);
BytesUtil.int2bytes(newUsage, salt, 10, false);
} else {
salt = new byte[4];
BytesUtil.int2bytes(newUsage, salt, 0, false);
}
return salt;
}
private static int convertUsage(int usage) {
switch (usage) {
case 1: return 1; /* AS-REQ PA-ENC-TIMESTAMP padata timestamp, */
case 2: return 2; /* ticket from kdc */
case 3: return 8; /* as-rep encrypted part */
case 4: return 4; /* tgs-req authz data */
case 5: return 5; /* tgs-req authz data in subkey */
case 6: return 6; /* tgs-req authenticator cksum */
case 7: return 7; /* tgs-req authenticator */
case 8: return 8;
case 9: return 9; /* tgs-rep encrypted with subkey */
case 10: return 10; /* ap-rep authentication cksum (never used by MS) */
case 11: return 11; /* app-req authenticator */
case 12: return 12; /* app-rep encrypted part */
case 23: return 13; /* sign wrap token*/
default: return usage;
}
}
}