src/java.security.jgss/share/classes/sun/security/krb5/internal/Authenticator.java
author igerasim
Tue, 12 Nov 2019 01:36:17 -0800
changeset 59024 b046ba510bbc
parent 47216 71c04702a3d5
permissions -rw-r--r--
8233884: Avoid looking up standard charsets in security libraries Reviewed-by: coffeys

/*
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.  Oracle designates this
 * particular file as subject to the "Classpath" exception as provided
 * by Oracle in the LICENSE file that accompanied this code.
 *
 * This code is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * version 2 for more details (a copy is included in the LICENSE file that
 * accompanied this code).
 *
 * You should have received a copy of the GNU General Public License version
 * 2 along with this work; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 * or visit www.oracle.com if you need additional information or have any
 * questions.
 */

/*
 *  (C) Copyright IBM Corp. 1999 All Rights Reserved.
 *  Copyright 1997 The Open Group Research Institute.  All rights reserved.
 */

package sun.security.krb5.internal;

import sun.security.krb5.*;
import sun.security.util.*;
import java.util.Vector;
import java.io.IOException;
import java.math.BigInteger;

/**
 * Implements the ASN.1 Authenticator type.
 *
 * <pre>{@code
 * Authenticator   ::= [APPLICATION 2] SEQUENCE  {
 *         authenticator-vno       [0] INTEGER (5),
 *         crealm                  [1] Realm,
 *         cname                   [2] PrincipalName,
 *         cksum                   [3] Checksum OPTIONAL,
 *         cusec                   [4] Microseconds,
 *         ctime                   [5] KerberosTime,
 *         subkey                  [6] EncryptionKey OPTIONAL,
 *         seq-number              [7] UInt32 OPTIONAL,
 *         authorization-data      [8] AuthorizationData OPTIONAL
 * }
 * }</pre>
 *
 * <p>
 * This definition reflects the Network Working Group RFC 4120
 * specification available at
 * <a href="http://www.ietf.org/rfc/rfc4120.txt">
 * http://www.ietf.org/rfc/rfc4120.txt</a>.
 */
public class Authenticator {

    public int authenticator_vno;
    public PrincipalName cname;
    Checksum cksum; //optional
    public int cusec;
    public KerberosTime ctime;
    EncryptionKey subKey; //optional
    Integer seqNumber; //optional
    public AuthorizationData authorizationData; //optional

    public Authenticator(
            PrincipalName new_cname,
            Checksum new_cksum,
            int new_cusec,
            KerberosTime new_ctime,
            EncryptionKey new_subKey,
            Integer new_seqNumber,
            AuthorizationData new_authorizationData) {
        authenticator_vno = Krb5.AUTHNETICATOR_VNO;
        cname = new_cname;
        cksum = new_cksum;
        cusec = new_cusec;
        ctime = new_ctime;
        subKey = new_subKey;
        seqNumber = new_seqNumber;
        authorizationData = new_authorizationData;
    }

    public Authenticator(byte[] data)
            throws Asn1Exception, IOException, KrbApErrException, RealmException {
        init(new DerValue(data));
    }

    public Authenticator(DerValue encoding)
            throws Asn1Exception, IOException, KrbApErrException, RealmException {
        init(encoding);
    }

    /**
     * Initializes an Authenticator object.
     * @param encoding a single DER-encoded value.
     * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
     * @exception IOException if an I/O error occurs while reading encoded data.
     * @exception KrbApErrException if the value read from the DER-encoded data
     *  stream does not match the pre-defined value.
     * @exception RealmException if an error occurs while parsing a Realm object.
     */
    private void init(DerValue encoding)
            throws Asn1Exception, IOException, KrbApErrException, RealmException {
        DerValue der, subDer;
        //may not be the correct error code for a tag
        //mismatch on an encrypted structure
        if (((encoding.getTag() & (byte) 0x1F) != (byte) 0x02)
                || (encoding.isApplication() != true)
                || (encoding.isConstructed() != true)) {
            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
        }
        der = encoding.getData().getDerValue();
        if (der.getTag() != DerValue.tag_Sequence) {
            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
        }
        subDer = der.getData().getDerValue();
        if ((subDer.getTag() & (byte) 0x1F) != (byte) 0x00) {
            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
        }
        authenticator_vno = subDer.getData().getBigInteger().intValue();
        if (authenticator_vno != 5) {
            throw new KrbApErrException(Krb5.KRB_AP_ERR_BADVERSION);
        }
        Realm crealm = Realm.parse(der.getData(), (byte) 0x01, false);
        cname = PrincipalName.parse(der.getData(), (byte) 0x02, false, crealm);
        cksum = Checksum.parse(der.getData(), (byte) 0x03, true);
        subDer = der.getData().getDerValue();
        if ((subDer.getTag() & (byte) 0x1F) == 0x04) {
            cusec = subDer.getData().getBigInteger().intValue();
        } else {
            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
        }
        ctime = KerberosTime.parse(der.getData(), (byte) 0x05, false);
        if (der.getData().available() > 0) {
            subKey = EncryptionKey.parse(der.getData(), (byte) 0x06, true);
        } else {
            subKey = null;
            seqNumber = null;
            authorizationData = null;
        }
        if (der.getData().available() > 0) {
            if ((der.getData().peekByte() & 0x1F) == 0x07) {
                subDer = der.getData().getDerValue();
                if ((subDer.getTag() & (byte) 0x1F) == (byte) 0x07) {
                    seqNumber = subDer.getData().getBigInteger().intValue();
                }
            }
        } else {
            seqNumber = null;
            authorizationData = null;
        }
        if (der.getData().available() > 0) {
            authorizationData = AuthorizationData.parse(der.getData(), (byte) 0x08, true);
        } else {
            authorizationData = null;
        }
        if (der.getData().available() > 0) {
            throw new Asn1Exception(Krb5.ASN1_BAD_ID);
        }
    }

    /**
     * Encodes an Authenticator object.
     * @return byte array of encoded Authenticator object.
     * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
     * @exception IOException if an I/O error occurs while reading encoded data.
     */
    public byte[] asn1Encode() throws Asn1Exception, IOException {
        Vector<DerValue> v = new Vector<>();
        DerOutputStream temp = new DerOutputStream();
        temp.putInteger(BigInteger.valueOf(authenticator_vno));
        v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x00), temp.toByteArray()));
        v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x01), cname.getRealm().asn1Encode()));
        v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x02), cname.asn1Encode()));
        if (cksum != null) {
            v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x03), cksum.asn1Encode()));
        }
        temp = new DerOutputStream();
        temp.putInteger(BigInteger.valueOf(cusec));
        v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x04), temp.toByteArray()));
        v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x05), ctime.asn1Encode()));
        if (subKey != null) {
            v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x06), subKey.asn1Encode()));
        }
        if (seqNumber != null) {
            temp = new DerOutputStream();
            // encode as an unsigned integer (UInt32)
            temp.putInteger(BigInteger.valueOf(seqNumber.longValue()));
            v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x07), temp.toByteArray()));
        }
        if (authorizationData != null) {
            v.addElement(new DerValue(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0x08), authorizationData.asn1Encode()));
        }
        DerValue[] der = new DerValue[v.size()];
        v.copyInto(der);
        temp = new DerOutputStream();
        temp.putSequence(der);
        DerOutputStream out = new DerOutputStream();
        out.write(DerValue.createTag(DerValue.TAG_APPLICATION, true, (byte) 0x02), temp);
        return out.toByteArray();
    }

    public final Checksum getChecksum() {
        return cksum;
    }

    public final Integer getSeqNumber() {
        return seqNumber;
    }

    public final EncryptionKey getSubKey() {
        return subKey;
    }
}