Author: erodriguez
Date: Fri Oct 1 08:40:52 2004
New Revision: 47650
Added:
incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/io/
incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/io/decoder/
incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/io/decoder/ApplicationRequestDecoder.java
incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/io/decoder/AuthenticatorDecoder.java
incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/io/decoder/AuthorizationDataDecoder.java
incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/io/decoder/EncTicketPartDecoder.java
incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/io/decoder/KdcRequestDecoder.java
incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/io/decoder/KerberosMessageDecoder.java
Log:
Kerberos ASN.1 DER decoders
Added:
incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/io/decoder/ApplicationRequestDecoder.java
==============================================================================
--- (empty file)
+++
incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/io/decoder/ApplicationRequestDecoder.java
Fri Oct 1 08:40:52 2004
@@ -0,0 +1,87 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.kerberos.io.decoder;
+
+import org.apache.kerberos.messages.*;
+import org.apache.kerberos.messages.value.*;
+import org.bouncycastle.asn1.*;
+
+import java.io.*;
+import java.util.*;
+
+public class ApplicationRequestDecoder extends KerberosMessageDecoder {
+
+ public ApplicationRequest decode(byte[] encodedAuthHeader) throws
IOException {
+
+ ByteArrayInputStream bais = new
ByteArrayInputStream(encodedAuthHeader);
+ ASN1InputStream ais = new ASN1InputStream(bais);
+
+ DERApplicationSpecific app = (DERApplicationSpecific)
ais.readObject();
+
+ DERSequence apreq = (DERSequence) app.getObject();
+ return decodeApplicationRequestSequence(apreq);
+ }
+
+ /*
+ AP-REQ ::= [APPLICATION 14] SEQUENCE {
+ pvno[0] INTEGER,
+ msg-type[1] INTEGER,
+
+ ap-options[2] APOptions,
+ ticket[3] Ticket,
+ authenticator[4] EncryptedData
+ }
+ */
+ private ApplicationRequest decodeApplicationRequestSequence(DERSequence
sequence) throws IOException {
+
+ ApplicationRequest authHeader = new ApplicationRequest();
+
+ for (Enumeration e = sequence.getObjects();
e.hasMoreElements();) {
+ DERTaggedObject object = ((DERTaggedObject)
e.nextElement());
+ int tag = object.getTagNo();
+ DERObject derObject = object.getObject();
+ System.out.println(tag);
+ switch (tag) {
+ case 0:
+ DERInteger tag0 = (DERInteger)
derObject;
+
authHeader.setProtocolVersionNumber(tag0.getValue().intValue());
+ break;
+ case 1:
+ DERInteger tag1 = (DERInteger)
derObject;
+
authHeader.setMessageType(MessageType.getTypeByOrdinal(tag1.getValue().intValue()));
+ break;
+ case 2:
+ DERBitString apOptions =
(DERBitString)derObject;
+ authHeader.setApOptions(new
ApOptions(apOptions.getBytes()));
+ break;
+ case 3:
+ DERApplicationSpecific tag3 =
(DERApplicationSpecific)derObject;
+
authHeader.setTicket(decodeTicket(tag3));
+ break;
+ case 4:
+ DERSequence tag4 =
(DERSequence)derObject;
+
authHeader.setEncPart(decodeEncryptedData(tag4));
+ break;
+ default:
+ System.out.println(derObject);
+ break;
+ }
+ }
+ return authHeader;
+ }
+}
+
Added:
incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/io/decoder/AuthenticatorDecoder.java
==============================================================================
--- (empty file)
+++
incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/io/decoder/AuthenticatorDecoder.java
Fri Oct 1 08:40:52 2004
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.kerberos.io.decoder;
+
+import org.apache.kerberos.messages.components.*;
+import org.bouncycastle.asn1.*;
+
+import java.io.*;
+
+public class AuthenticatorDecoder extends KerberosMessageDecoder {
+
+ public Authenticator decode(byte[] encodedAuthenticator) throws
IOException {
+
+ ByteArrayInputStream bais = new
ByteArrayInputStream(encodedAuthenticator);
+ ASN1InputStream ais = new ASN1InputStream(bais);
+
+ DERApplicationSpecific app = (DERApplicationSpecific)
ais.readObject();
+
+ DERSequence sequence = (DERSequence) app.getObject();
+
+ return decodeAuthenticator(sequence);
+ }
+}
+
Added:
incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/io/decoder/AuthorizationDataDecoder.java
==============================================================================
--- (empty file)
+++
incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/io/decoder/AuthorizationDataDecoder.java
Fri Oct 1 08:40:52 2004
@@ -0,0 +1,36 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.kerberos.io.decoder;
+
+import org.apache.kerberos.messages.value.*;
+import org.bouncycastle.asn1.*;
+
+import java.io.*;
+
+public class AuthorizationDataDecoder extends KerberosMessageDecoder {
+
+ public AuthorizationData decode(byte[] encodedAuthData) throws
IOException {
+
+ ByteArrayInputStream bais = new
ByteArrayInputStream(encodedAuthData);
+ ASN1InputStream ais = new ASN1InputStream(bais);
+
+ DERSequence sequence = (DERSequence) ais.readObject();
+
+ return decodeAuthorizationData(sequence);
+ }
+}
+
Added:
incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/io/decoder/EncTicketPartDecoder.java
==============================================================================
--- (empty file)
+++
incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/io/decoder/EncTicketPartDecoder.java
Fri Oct 1 08:40:52 2004
@@ -0,0 +1,118 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.kerberos.io.decoder;
+
+import org.apache.kerberos.messages.components.*;
+import org.apache.kerberos.messages.value.*;
+import org.bouncycastle.asn1.*;
+
+import java.io.*;
+import java.util.*;
+
+public class EncTicketPartDecoder extends KerberosMessageDecoder {
+
+ public EncTicketPart decode(byte[] encodedTicket) throws IOException {
+
+ ByteArrayInputStream bais = new
ByteArrayInputStream(encodedTicket);
+ ASN1InputStream ais = new ASN1InputStream(bais);
+
+ DERApplicationSpecific app = (DERApplicationSpecific)
ais.readObject();
+
+ DERSequence sequence = (DERSequence) app.getObject();
+
+ return decodeEncTicketPartSequence(sequence);
+
+ }
+
+ /*
+ -- Encrypted part of ticket
+ EncTicketPart ::= [APPLICATION 3] SEQUENCE {
+ flags[0] TicketFlags,
+ key[1] EncryptionKey,
+ crealm[2] Realm,
+ cname[3] PrincipalName,
+ transited[4] TransitedEncoding,
+ authtime[5] KerberosTime,
+ starttime[6] KerberosTime OPTIONAL,
+ endtime[7] KerberosTime,
+ renew-till[8] KerberosTime OPTIONAL,
+ caddr[9] HostAddresses OPTIONAL,
+ authorization-data[10] AuthorizationData
OPTIONAL
+ }*/
+ private EncTicketPart decodeEncTicketPartSequence(DERSequence sequence)
{
+
+ EncTicketPart encPart = new EncTicketPart();
+
+ for (Enumeration e = sequence.getObjects();
e.hasMoreElements();) {
+ DERTaggedObject object = ((DERTaggedObject)
e.nextElement());
+ int tag = object.getTagNo();
+ DERObject derObject = object.getObject();
+ System.out.println(tag);
+ switch (tag) {
+ case 0:
+ DERBitString tag0 =
(DERBitString)derObject;
+ encPart.setFlags(new
TicketFlags(tag0.getBytes()));
+ break;
+ case 1:
+ DERSequence tag1 = (DERSequence)
derObject;
+
encPart.setSessionKey(decodeEncryptionKey(tag1));
+ break;
+ case 2:
+ DERGeneralString tag2 =
(DERGeneralString)derObject;
+ encPart.setClientRealm(new
Realm(tag2.getString()));
+ break;
+ case 3:
+ DERSequence tag3 =
(DERSequence)derObject;
+
encPart.setClientName(decodePrincipalName(tag3));
+ break;
+ case 4:
+ DERSequence tag4 =
(DERSequence)derObject;
+
encPart.setTransitedEncoding(decodeTransitedEncoding(tag4));
+ break;
+ case 5:
+ DERGeneralizedTime tag5 =
(DERGeneralizedTime)derObject;
+
encPart.setAuthtime(decodeKerberosTime(tag5));
+ break;
+ case 6:
+ DERGeneralizedTime tag6 =
(DERGeneralizedTime)derObject;
+
encPart.setStartTime(decodeKerberosTime(tag6));
+ break;
+ case 7:
+ DERGeneralizedTime tag7 =
(DERGeneralizedTime)derObject;
+
encPart.setEndTime(decodeKerberosTime(tag7));
+ break;
+ case 8:
+ DERGeneralizedTime tag8 =
(DERGeneralizedTime)derObject;
+
encPart.setRenewTill(decodeKerberosTime(tag8));
+ break;
+ case 9:
+ DERSequence tag9 =
(DERSequence)derObject;
+
encPart.setClientAddresses(decodeHostAddresses(tag9));
+ break;
+ case 10:
+ DERSequence tag10 =
(DERSequence)derObject;
+
encPart.setAuthorizationData(decodeAuthorizationData(tag10));
+ break;
+ default:
+ System.out.println(derObject);
+ break;
+ }
+ }
+ return encPart;
+ }
+}
+
Added:
incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/io/decoder/KdcRequestDecoder.java
==============================================================================
--- (empty file)
+++
incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/io/decoder/KdcRequestDecoder.java
Fri Oct 1 08:40:52 2004
@@ -0,0 +1,227 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.kerberos.io.decoder;
+
+import org.apache.kerberos.messages.*;
+import org.apache.kerberos.messages.components.*;
+import org.apache.kerberos.messages.value.*;
+import org.bouncycastle.asn1.*;
+
+import java.io.*;
+import java.util.*;
+
+public class KdcRequestDecoder extends KerberosMessageDecoder {
+
+ public KdcRequest decode(InputStream is) throws IOException {
+
+ ASN1InputStream ais = new ASN1InputStream(is);
+
+ DERApplicationSpecific app = (DERApplicationSpecific)
ais.readObject();
+
+ DERSequence kdcreq = (DERSequence) app.getObject();
+ return decodeKdcRequestSequence(kdcreq);
+ }
+
+ /*
+ AS-REQ ::= [APPLICATION 10] KDC-REQ
+ TGS-REQ ::= [APPLICATION 12] KDC-REQ
+
+ KDC-REQ ::= SEQUENCE {
+ pvno[1] INTEGER,
+ msg-type[2] INTEGER,
+ padata[3] SEQUENCE OF PA-DATA OPTIONAL,
+ req-body[4] KDC-REQ-BODY
+ }*/
+ private KdcRequest decodeKdcRequestSequence(DERSequence sequence)
throws IOException {
+
+ int pvno = 5;
+ MessageType msgType = MessageType.NULL;
+
+ PreAuthenticationData[] paData = null;
+ KdcReqBody reqBody = null;
+
+ for (Enumeration e = sequence.getObjects();
e.hasMoreElements();) {
+ DERTaggedObject object = ((DERTaggedObject)
e.nextElement());
+ int tag = object.getTagNo();
+ DERObject derObject = object.getObject();
+ System.out.println(tag);
+ switch (tag) {
+ case 1:
+ DERInteger tag1 = (DERInteger)derObject;
+ pvno = tag1.getValue().intValue();
+ break;
+ case 2:
+ DERInteger tag2 = (DERInteger)derObject;
+ msgType =
MessageType.getTypeByOrdinal(tag2.getValue().intValue());
+ break;
+ case 3:
+ DERSequence tag3 =
(DERSequence)derObject;
+ paData = decodePaData(tag3);
+ break;
+ case 4:
+ DERSequence tag4 =
(DERSequence)derObject;
+ reqBody = decodeKdcRequestBody(tag4);
+ break;
+ default:
+ System.out.println(derObject);
+ break;
+ }
+ }
+
+ return new KdcRequest(pvno, msgType, paData, reqBody);
+ }
+
+ /*
+ PA-DATA ::= SEQUENCE {
+ padata-type[1] INTEGER,
+ padata-value[2] OCTET STRING,
+ -- might be encoded AP-REQ
+ }*/
+ private PreAuthenticationData[] decodePaData(DERSequence sequence) {
+
+ PreAuthenticationData[] paDataSequence = new
PreAuthenticationData[2];
+ int i = 0;
+
+ for (Enumeration e = sequence.getObjects();
e.hasMoreElements();) {
+ DERSequence pa = (DERSequence) e.nextElement();
+
+ paDataSequence[i] = new PreAuthenticationData();
+
+ for (Enumeration e2 = pa.getObjects();
e2.hasMoreElements();) {
+ DERTaggedObject object = ((DERTaggedObject)
e2.nextElement());
+ int tag = object.getTagNo();
+ DERObject derObject = object.getObject();
+ System.out.println(tag);
+ switch (tag) {
+ case 1:
+ DERInteger padataType =
(DERInteger) derObject;
+
paDataSequence[i].setDataType(padataType.getValue().intValue());
+ break;
+ case 2:
+ DEROctetString padataValue =
(DEROctetString) derObject;
+
paDataSequence[i].setDataValue(padataValue.getOctets());
+ break;
+ default:
+ System.out.println(derObject);
+ break;
+ }
+ }
+
+ i++;
+ }
+ return paDataSequence;
+ }
+
+ /*
+ KDC-REQ-BODY ::= SEQUENCE {
+ kdc-options[0] KdcOptions,
+ cname[1] PrincipalName OPTIONAL,
+ -- Used only in AS-REQ
+ realm[2] Realm, -- Server's realm
+ -- Also client's in AS-REQ
+ sname[3] PrincipalName OPTIONAL,
+ from[4] KerberosTime OPTIONAL,
+ till[5] KerberosTime,
+ rtime[6] KerberosTime OPTIONAL,
+ nonce[7] INTEGER,
+ etype[8] SEQUENCE OF INTEGER, --
EncryptionEngine,
+ -- in preference order
+ addresses[9] HostAddresses OPTIONAL,
+ enc-authorization-data[10] EncryptedData OPTIONAL,
+ -- Encrypted AuthorizationData encoding
+ additional-tickets[11] SEQUENCE OF Ticket OPTIONAL
+ }*/
+ private KdcReqBody decodeKdcRequestBody(DERSequence sequence) throws
IOException {
+
+ KdcReqBody reqBody = new KdcReqBody();
+
+ for (Enumeration e = sequence.getObjects();
e.hasMoreElements();) {
+ DERTaggedObject object = ((DERTaggedObject)
e.nextElement());
+ int tag = object.getTagNo();
+ DERObject derObject = object.getObject();
+ System.out.println(tag);
+ switch (tag) {
+ case 0:
+ DERBitString kdcOptions =
(DERBitString)derObject;
+ reqBody.setKdcOptions(new
KdcOptions(kdcOptions.getBytes()));
+ break;
+ case 1:
+ DERSequence cName =
(DERSequence)derObject;
+
reqBody.setCname(decodePrincipalName(cName));
+ break;
+ case 2:
+ DERGeneralString realm =
(DERGeneralString)derObject;
+ reqBody.setRealm(new
Realm(realm.getString()));
+ break;
+ case 3:
+ DERSequence sname =
(DERSequence)derObject;
+
reqBody.setSname(decodePrincipalName(sname));
+ break;
+ case 4:
+ DERGeneralizedTime from =
(DERGeneralizedTime)derObject;
+
reqBody.setFrom(decodeKerberosTime(from));
+ break;
+ case 5:
+ DERGeneralizedTime till =
(DERGeneralizedTime)derObject;
+
reqBody.setTill(decodeKerberosTime(till));
+ break;
+ case 6:
+ DERGeneralizedTime rtime =
(DERGeneralizedTime)derObject;
+
reqBody.setRtime(decodeKerberosTime(rtime));
+ break;
+ case 7:
+ DERInteger nonce =
(DERInteger)derObject;
+
reqBody.setNonce(nonce.getValue().intValue());
+ break;
+ case 8:
+ DERSequence etype =
(DERSequence)derObject;
+
reqBody.setEType(decodeEncryptionType(etype));
+ break;
+ case 9:
+ DERSequence hostAddresses =
(DERSequence)derObject;
+
reqBody.setAddresses(decodeHostAddresses(hostAddresses));
+ break;
+ case 10:
+ DERSequence encryptedData =
(DERSequence)derObject;
+
reqBody.setEncAuthorizationData(decodeEncryptedData(encryptedData));
+ break;
+ case 11:
+ DERSequence tag11 =
(DERSequence)derObject;
+
reqBody.setAdditionalTickets(decodeTickets(tag11));
+ break;
+ default:
+ System.out.println("****** " +
object.getObject());
+ break;
+ }
+ }
+
+ return reqBody;
+ }
+
+ protected Ticket[] decodeTickets(DERSequence sequence) throws
IOException {
+
+ Ticket[] tickets = new Ticket[sequence.size()];
+
+ int i = 0;
+ for (Enumeration e = sequence.getObjects();
e.hasMoreElements();) {
+ DERApplicationSpecific object =
((DERApplicationSpecific) e.nextElement());
+ tickets[i] = decodeTicket(object);
+ }
+ return tickets;
+ }
+}
+
Added:
incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/io/decoder/KerberosMessageDecoder.java
==============================================================================
--- (empty file)
+++
incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/io/decoder/KerberosMessageDecoder.java
Fri Oct 1 08:40:52 2004
@@ -0,0 +1,444 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.kerberos.io.decoder;
+
+import org.apache.kerberos.crypto.checksum.*;
+import org.apache.kerberos.crypto.encryption.*;
+import org.apache.kerberos.messages.components.*;
+import org.apache.kerberos.messages.value.*;
+import org.bouncycastle.asn1.*;
+
+import java.io.*;
+import java.text.*;
+import java.util.*;
+
+public abstract class KerberosMessageDecoder {
+
+ /*
+ Ticket ::= [APPLICATION 1] SEQUENCE {
+ tkt-vno[0] INTEGER,
+ realm[1] Realm,
+ sname[2] PrincipalName,
+ enc-part[3] EncryptedData
+ }*/
+ protected Ticket decodeTicket(DERApplicationSpecific app) throws
IOException{
+
+ DERSequence sequence = (DERSequence) app.getObject();
+
+ Ticket ticket = new Ticket();
+
+ for (Enumeration e = sequence.getObjects();
e.hasMoreElements();) {
+ DERTaggedObject object = ((DERTaggedObject)
e.nextElement());
+ int tag = object.getTagNo();
+ DERObject derObject = object.getObject();
+ System.out.println(tag + " " + derObject);
+ switch (tag) {
+ case 0:
+ DERInteger etype =
(DERInteger)derObject;
+
ticket.setTicketVersionNumber(etype.getValue().intValue());
+ break;
+ case 1:
+ DERGeneralString tag1 =
(DERGeneralString)derObject;
+ ticket.setRealm(new
Realm(tag1.getString()));
+ break;
+ case 2:
+ DERSequence tag2 =
(DERSequence)derObject;
+
ticket.setServerName(decodePrincipalName(tag2));
+ break;
+ case 3:
+ DERSequence tag3 =
(DERSequence)derObject;
+
ticket.setEncPart(decodeEncryptedData(tag3));
+ break;
+ default:
+ System.out.println(object.getObject());
+ break;
+ }
+ }
+ return ticket;
+ }
+
+ /*
+ EncryptedData ::= SEQUENCE {
+ etype[0] INTEGER, -- EncryptionEngine
+ kvno[1] INTEGER OPTIONAL,
+ cipher[2] OCTET STRING -- ciphertext
+ }*/
+ protected EncryptedData decodeEncryptedData(DERSequence sequence) {
+
+ EncryptedData data = new EncryptedData();
+
+ for (Enumeration e = sequence.getObjects();
e.hasMoreElements();) {
+ DERTaggedObject object = ((DERTaggedObject)
e.nextElement());
+ int tag = object.getTagNo();
+ DERObject derObject = object.getObject();
+ System.out.println(tag + " " + derObject);
+ switch (tag) {
+ case 0:
+ DERInteger etype =
(DERInteger)derObject;
+
data.setEncryptionType(EncryptionType.getTypeByOrdinal(etype.getValue().intValue()));
+ break;
+ case 1:
+ DERInteger kvno = (DERInteger)derObject;
+
data.setKeyVersion(kvno.getValue().intValue());
+ break;
+ case 2:
+ DEROctetString cipher =
(DEROctetString)derObject;
+ data.setCipherText(cipher.getOctets());
+ break;
+ default:
+ System.out.println(object.getObject());
+ break;
+ }
+ }
+ return data;
+ }
+
+ /*
+ PrincipalName ::= SEQUENCE {
+ name-type[0] INTEGER,
+ name-string[1] SEQUENCE OF GeneralString
+ }*/
+ protected PrincipalName decodePrincipalName(DERSequence sequence) {
+
+ PrincipalName name = new PrincipalName();
+
+ for (Enumeration e = sequence.getObjects();
e.hasMoreElements();) {
+ DERTaggedObject object = ((DERTaggedObject)
e.nextElement());
+ int tag = object.getTagNo();
+ DERObject derObject = object.getObject();
+ System.out.println(tag);
+ switch (tag) {
+ case 0:
+ DERInteger nameType =
(DERInteger)derObject;
+
name.setNameType(nameType.getValue().intValue());
+ break;
+ case 1:
+ DERSequence nameString =
(DERSequence)derObject;
+ decodeNameString(nameString, name);
+ break;
+ default:
+ System.out.println(derObject);
+ break;
+ }
+ }
+ return name;
+ }
+
+ private void decodeNameString(DERSequence sequence, PrincipalName name)
{
+ for (Enumeration e = sequence.getObjects();
e.hasMoreElements();) {
+ DERGeneralString object = ((DERGeneralString)
e.nextElement());
+ name.addName(object.getString());
+ }
+ }
+
+ /*
+ KerberosTime ::= GeneralizedTime
+ -- Specifying UTC time zone (Z)
+ */
+ protected KerberosTime decodeKerberosTime(DERGeneralizedTime time) {
+ Date date = null;
+ try {
+ date = time.getDate();
+ } catch (ParseException pe) {
+ pe.printStackTrace();
+ }
+ return new KerberosTime(date);
+ }
+
+ /*
+ etype[8] SEQUENCE OF INTEGER, -- EncryptionEngine,
+ -- in preference order
+ */
+ protected EncryptionType[] decodeEncryptionType(DERSequence sequence) {
+
+ EncryptionType[] eTypes = new EncryptionType[sequence.size()];
+ int i = 0;
+
+ for (Enumeration e = sequence.getObjects();
e.hasMoreElements();) {
+ DERInteger object = ((DERInteger) e.nextElement());
+ eTypes[i] =
EncryptionType.getTypeByOrdinal(object.getValue().intValue());
+ i++;
+ }
+ return eTypes;
+ }
+
+ /*
+ HostAddress ::= SEQUENCE {
+ addr-type[0] INTEGER,
+ address[1] OCTET STRING
+ }*/
+ protected HostAddress decodeHostAddress(DERSequence sequence) {
+
+ int type = 0;
+ byte[] value = new byte[0];
+
+ for (Enumeration e = sequence.getObjects();
e.hasMoreElements();) {
+ DERTaggedObject object = ((DERTaggedObject)
e.nextElement());
+ int tag = object.getTagNo();
+ DERObject derObject = object.getObject();
+ System.out.println(tag);
+ switch (tag) {
+ case 0:
+ DERInteger addressType =
(DERInteger)derObject;
+ type =
addressType.getValue().intValue();
+ break;
+ case 1:
+ DEROctetString address =
(DEROctetString)derObject;
+ value = address.getOctets();
+ break;
+ default:
+ System.out.println(derObject);
+ break;
+ }
+ }
+ return new HostAddress(type, value);
+ }
+
+ /*
+ HostAddresses ::= SEQUENCE OF SEQUENCE {
+ addr-type[0] INTEGER,
+ address[1] OCTET STRING
+ }*/
+ protected HostAddresses decodeHostAddresses(DERSequence sequence) {
+
+ HostAddress[] addresses = new HostAddress[sequence.size()];
+ int i = 0;
+ for (Enumeration e = sequence.getObjects();
e.hasMoreElements();) {
+ DERSequence object = ((DERSequence) e.nextElement());
+ HostAddress address = decodeHostAddress(object);
+ addresses[i] = address;
+ i++;
+ }
+ return new HostAddresses(addresses);
+ }
+
+ /*
+ Checksum ::= SEQUENCE {
+ cksumtype[0] INTEGER,
+ checksum[1] OCTET STRING
+ }
+ */
+ protected Checksum decodeChecksum(DERSequence sequence) {
+ ChecksumType type = ChecksumType.NULL;
+ byte[] data = null;
+
+ for (Enumeration e = sequence.getObjects();
e.hasMoreElements();) {
+ DERTaggedObject object = ((DERTaggedObject)
e.nextElement());
+ int tag = object.getTagNo();
+ DERObject derObject = object.getObject();
+ System.out.println(tag);
+ switch (tag) {
+ case 0:
+ DERInteger tag0 = (DERInteger)derObject;
+ type =
ChecksumType.getTypeByOrdinal(tag0.getValue().intValue());
+ break;
+ case 1:
+ DEROctetString tag1 =
(DEROctetString)derObject;
+ data = tag1.getOctets();
+ break;
+ default:
+ System.out.println(derObject);
+ break;
+ }
+ }
+ return new Checksum(type, data);
+ }
+
+ /*
+ EncryptionKey ::= SEQUENCE {
+ keytype[0] INTEGER,
+ keyvalue[1] OCTET STRING
+ }*/
+ protected EncryptionKey decodeEncryptionKey(DERSequence sequence) {
+ EncryptionType type = EncryptionType.NULL;
+ byte[] data = null;
+
+ for (Enumeration e = sequence.getObjects();
e.hasMoreElements();) {
+ DERTaggedObject object = ((DERTaggedObject)
e.nextElement());
+ int tag = object.getTagNo();
+ DERObject derObject = object.getObject();
+ System.out.println(tag);
+ switch (tag) {
+ case 0:
+ DERInteger tag0 = (DERInteger)derObject;
+ type =
EncryptionType.getTypeByOrdinal(tag0.getValue().intValue());
+ break;
+ case 1:
+ DEROctetString tag1 =
(DEROctetString)derObject;
+ data = tag1.getOctets();
+ break;
+ default:
+ System.out.println(derObject);
+ break;
+ }
+ }
+ return new EncryptionKey(type, data);
+ }
+
+ /*
+ LastReq ::= SEQUENCE OF SEQUENCE {
+ lr-type[0] INTEGER,
+ lr-value[1] KerberosTime
+ }*/
+ protected void decodeLastRequest() {};
+
+ /*
+ TransitedEncoding ::= SEQUENCE {
+ tr-type[0] INTEGER, -- must be registered
+ contents[1] OCTET STRING
+ }*/
+ protected TransitedEncoding decodeTransitedEncoding(DERSequence
sequence) {
+ int type = 0;
+ byte[] contents = null;
+
+ for (Enumeration e = sequence.getObjects();
e.hasMoreElements();) {
+ DERTaggedObject object = ((DERTaggedObject)
e.nextElement());
+ int tag = object.getTagNo();
+ DERObject derObject = object.getObject();
+ System.out.println(tag);
+ switch (tag) {
+ case 0:
+ DERInteger tag0 = (DERInteger)
derObject;
+ type = tag0.getValue().intValue();
+ break;
+ case 1:
+ DEROctetString tag1 = (DEROctetString)
derObject;
+ contents = tag1.getOctets();
+ break;
+ default:
+ System.out.println(derObject);
+ break;
+ }
+ }
+ return new TransitedEncoding(type, contents);
+ }
+
+ /*
+ AuthorizationData ::= SEQUENCE OF SEQUENCE {
+ ad-type[0] INTEGER,
+ ad-data[1] OCTET STRING
+ }*/
+ protected AuthorizationData decodeAuthorizationData(DERSequence
sequence) {
+
+ AuthorizationData authData = new AuthorizationData();
+
+ for (Enumeration e = sequence.getObjects();
e.hasMoreElements();) {
+ DERSequence object = ((DERSequence) e.nextElement());
+ AuthorizationDataEntry entry =
decodeAuthorizationEntry(object);
+ authData.add(entry);
+ }
+
+ return authData;
+ }
+
+ protected AuthorizationDataEntry decodeAuthorizationEntry(DERSequence
sequence) {
+
+ int type = 0;
+ byte[] data = null;
+
+ for (Enumeration e = sequence.getObjects();
e.hasMoreElements();) {
+ DERTaggedObject object = ((DERTaggedObject)
e.nextElement());
+ int tag = object.getTagNo();
+ DERObject derObject = object.getObject();
+ System.out.println(tag);
+ switch (tag) {
+ case 0:
+ DERInteger tag0 = (DERInteger)derObject;
+ type = tag0.getValue().intValue();
+ break;
+ case 1:
+ DEROctetString tag1 =
(DEROctetString)derObject;
+ data = tag1.getOctets();
+ break;
+ default:
+ System.out.println(derObject);
+ break;
+ }
+ }
+ return new AuthorizationDataEntry(type, data);
+ }
+
+ /*
+ -- Unencrypted authenticator
+ Authenticator ::= [APPLICATION 2] SEQUENCE {
+ authenticator-vno[0] INTEGER,
+ crealm[1] Realm,
+ cname[2] PrincipalName,
+ cksum[3] Checksum OPTIONAL,
+ cusec[4] INTEGER,
+ ctime[5] KerberosTime,
+ subkey[6] EncryptionKey OPTIONAL,
+ seq-number[7] INTEGER OPTIONAL,
+
+ authorization-data[8] AuthorizationData OPTIONAL
+ }
+ */
+ protected Authenticator decodeAuthenticator(DERSequence sequence) {
+
+ Authenticator auth = new Authenticator();
+
+ for (Enumeration e = sequence.getObjects();
e.hasMoreElements();) {
+ DERTaggedObject object = ((DERTaggedObject)
e.nextElement());
+ int tag = object.getTagNo();
+ DERObject derObject = object.getObject();
+ System.out.println(tag);
+ switch (tag) {
+ case 0:
+ DERInteger tag0 = (DERInteger)derObject;
+
auth.setVersionNumber(tag0.getValue().intValue());
+ break;
+ case 1:
+ DERGeneralString tag1 =
(DERGeneralString)derObject;
+ auth.setClientRealm(new
Realm(tag1.getString()));
+ break;
+ case 2:
+ DERSequence tag2 =
(DERSequence)derObject;
+
auth.setClientName(decodePrincipalName(tag2));
+ break;
+ case 3:
+ DERSequence tag3 =
(DERSequence)derObject;
+ auth.setChecksum(decodeChecksum(tag3));
+ break;
+ case 4:
+ DERInteger tag4 = (DERInteger)derObject;
+
auth.setClientMicroSecond(tag4.getValue().intValue());
+ break;
+ case 5:
+ DERGeneralizedTime tag5 =
(DERGeneralizedTime)derObject;
+
auth.setClientTime(decodeKerberosTime(tag5));
+ break;
+ case 6:
+ DERSequence tag6 = (DERSequence)
derObject;
+
auth.setSubSessionKey(decodeEncryptionKey(tag6));
+ break;
+ case 7:
+ DERInteger tag7 = (DERInteger)derObject;
+
auth.setSequenceNumber(tag7.getValue().intValue());
+ break;
+ case 8:
+ DERSequence tag8 =
(DERSequence)derObject;
+
auth.setAuthorizationData(decodeAuthorizationData(tag8));
+ break;
+ default:
+ System.out.println(derObject);
+ break;
+ }
+ }
+ return auth;
+ }
+}
+
