Author: erodriguez
Date: Fri Oct 1 11:02:24 2004
New Revision: 47656
Added:
incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/io/encoder/
incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/io/encoder/EncAsRepPartEncoder.java
incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/io/encoder/EncKdcRepPartEncoder.java
incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/io/encoder/EncTgsRepPartEncoder.java
incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/io/encoder/EncTicketPartEncoder.java
incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/io/encoder/KdcReplyEncoder.java
incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/io/encoder/KdcReqBodyEncoder.java
incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/io/encoder/KerberosMessageEncoder.java
Log:
kerberos ASN.1 encoder package
Added:
incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/io/encoder/EncAsRepPartEncoder.java
==============================================================================
--- (empty file)
+++
incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/io/encoder/EncAsRepPartEncoder.java
Fri Oct 1 11:02:24 2004
@@ -0,0 +1,30 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.kerberos.io.encoder;
+
+public class EncAsRepPartEncoder extends EncKdcRepPartEncoder {
+
+ /*
+ * EncASRepPart ::= [APPLICATION 25[25]] EncKDCRepPart
+ */
+ public static final int APPLICATION_CODE = 25;
+
+ public EncAsRepPartEncoder() {
+ super(APPLICATION_CODE);
+ }
+}
+
Added:
incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/io/encoder/EncKdcRepPartEncoder.java
==============================================================================
--- (empty file)
+++
incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/io/encoder/EncKdcRepPartEncoder.java
Fri Oct 1 11:02:24 2004
@@ -0,0 +1,93 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.kerberos.io.encoder;
+
+import org.apache.kerberos.messages.*;
+import org.bouncycastle.asn1.*;
+
+import java.io.*;
+
+public abstract class EncKdcRepPartEncoder extends KerberosMessageEncoder {
+
+ private int _applicationCode;
+
+ protected EncKdcRepPartEncoder(int applicationCode) {
+ _applicationCode = applicationCode;
+ }
+
+ public byte[] encode(KdcReply app) throws IOException {
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ ASN1OutputStream aos = new ASN1OutputStream(baos);
+
+ DERSequence initialSequence = encodeInitialSequence(app);
+ aos.writeObject(new DERApplicationSpecific(_applicationCode,
initialSequence));
+
+ return baos.toByteArray();
+ }
+
+ /*
+ EncKDCRepPart ::= SEQUENCE {
+ key[0] EncryptionKey,
+ last-req[1] LastReq,
+
+ nonce[2] INTEGER,
+ key-expiration[3] KerberosTime OPTIONAL,
+ flags[4] TicketFlags,
+ authtime[5] KerberosTime,
+ starttime[6] KerberosTime OPTIONAL,
+ endtime[7] KerberosTime,
+ renew-till[8] KerberosTime OPTIONAL,
+ srealm[9] Realm,
+ sname[10] PrincipalName,
+ caddr[11] HostAddresses OPTIONAL
+ }*/
+ protected DERSequence encodeInitialSequence(KdcReply reply) {
+
+ ASN1EncodableVector vector = new ASN1EncodableVector();
+
+ vector.add(new DERTaggedObject(0,
encodeEncryptionKey(reply.getKey())));
+ vector.add(new DERTaggedObject(1,
encodeLastRequest(reply.getLastRequest())));
+ vector.add(new DERTaggedObject(2, new
DERInteger(reply.getNonce())));
+
+ // OPTIONAL
+ if (reply.getKeyExpiration() != null)
+ vector.add(new DERTaggedObject(3,
encodeKerberosTime(reply.getKeyExpiration())));
+
+ vector.add(new DERTaggedObject(4,
encodeTicketFlags(reply.getFlags())));
+ vector.add(new DERTaggedObject(5,
encodeKerberosTime(reply.getAuthTime())));
+
+ // OPTIONAL
+ if (reply.getStartTime() != null)
+ vector.add(new DERTaggedObject(6,
encodeKerberosTime(reply.getStartTime())));
+
+ vector.add(new DERTaggedObject(7,
encodeKerberosTime(reply.getEndTime())));
+
+ // OPTIONAL
+ if (reply.getRenewTill() != null)
+ vector.add(new DERTaggedObject(8,
encodeKerberosTime(reply.getRenewTill())));
+
+ vector.add(new DERTaggedObject(9,
encodeRealm(reply.getServerRealm())));
+ vector.add(new DERTaggedObject(10,
encodePrincipalName(reply.getServerName())));
+
+ // OPTIONAL
+ if (reply.getClientAddresses() != null)
+ vector.add(new DERTaggedObject(11,
encodeHostAddresses(reply.getClientAddresses())));
+
+ return new DERSequence(vector);
+ }
+}
+
Added:
incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/io/encoder/EncTgsRepPartEncoder.java
==============================================================================
--- (empty file)
+++
incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/io/encoder/EncTgsRepPartEncoder.java
Fri Oct 1 11:02:24 2004
@@ -0,0 +1,30 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.kerberos.io.encoder;
+
+public class EncTgsRepPartEncoder extends EncKdcRepPartEncoder {
+
+ /*
+ * EncTGSRepPart ::= [APPLICATION 26] EncKDCRepPart
+ */
+ public static final int APPLICATION_CODE = 26;
+
+ public EncTgsRepPartEncoder() {
+ super(APPLICATION_CODE);
+ }
+}
+
Added:
incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/io/encoder/EncTicketPartEncoder.java
==============================================================================
--- (empty file)
+++
incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/io/encoder/EncTicketPartEncoder.java
Fri Oct 1 11:02:24 2004
@@ -0,0 +1,81 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.kerberos.io.encoder;
+
+import org.apache.kerberos.messages.components.*;
+import org.bouncycastle.asn1.*;
+
+import java.io.*;
+
+public class EncTicketPartEncoder extends KerberosMessageEncoder {
+
+ public static final int APPLICATION_CODE = 3;
+
+ public byte[] encode(Ticket ticket) throws IOException {
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ ASN1OutputStream aos = new ASN1OutputStream(baos);
+
+ DERSequence ticketSequence = encodeInitialSequence(ticket);
+ aos.writeObject(new DERApplicationSpecific(APPLICATION_CODE,
ticketSequence));
+ aos.close();
+
+ return baos.toByteArray();
+ }
+
+ /*
+ -- Encrypted part of ticket
+ EncTicketPart ::= [APPLICATION 3] SEQUENCE {
+ flags[0] TicketFlags,
+ key[1] EncryptionKey,
+ crealm[2] Realm,
+ cname[3] PrincipalName,
+ transited[4] TransitedEncoding,
+ authtime[5] KerberosTime,
+ starttime[6] KerberosTime OPTIONAL,
+ endtime[7] KerberosTime,
+ renew-till[8] KerberosTime OPTIONAL,
+ caddr[9] HostAddresses OPTIONAL,
+ authorization-data[10] AuthorizationData
OPTIONAL
+ }*/
+ public DERSequence encodeInitialSequence(Ticket ticket) {
+ ASN1EncodableVector vector = new ASN1EncodableVector();
+
+ vector.add(new DERTaggedObject(0,
encodeTicketFlags(ticket.getFlags())));
+ vector.add(new DERTaggedObject(1,
encodeEncryptionKey(ticket.getSessionKey())));
+ vector.add(new DERTaggedObject(2,
encodeRealm(ticket.getClientRealm())));
+ vector.add(new DERTaggedObject(3,
encodePrincipalName(ticket.getClientName())));
+ vector.add(new DERTaggedObject(4,
encodeTransitedEncoding(ticket.getTransitedEncoding())));
+ vector.add(new DERTaggedObject(5,
encodeKerberosTime(ticket.getAuthtime())));
+
+ // OPTIONAL
+ if (ticket.getStartTime() != null)
+ vector.add(new DERTaggedObject(6,
encodeKerberosTime(ticket.getStartTime())));
+
+ vector.add(new DERTaggedObject(7,
encodeKerberosTime(ticket.getEndTime())));
+
+ // OPTIONAL
+ if (ticket.getRenewTill() != null)
+ vector.add(new DERTaggedObject(8,
encodeKerberosTime(ticket.getRenewTill())));
+ if (ticket.getClientAddresses() != null)
+ vector.add(new DERTaggedObject(9,
encodeHostAddresses(ticket.getClientAddresses())));
+ if (ticket.getAuthorizationData() != null)
+ vector.add(new DERTaggedObject(10,
encodeAuthorizationData(ticket.getAuthorizationData())));
+
+ return new DERSequence(vector);
+ }
+}
+
Added:
incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/io/encoder/KdcReplyEncoder.java
==============================================================================
--- (empty file)
+++
incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/io/encoder/KdcReplyEncoder.java
Fri Oct 1 11:02:24 2004
@@ -0,0 +1,89 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.kerberos.io.encoder;
+
+import org.apache.kerberos.messages.*;
+import org.apache.kerberos.messages.value.*;
+import org.bouncycastle.asn1.*;
+
+import java.io.*;
+
+public class KdcReplyEncoder extends KerberosMessageEncoder {
+ /*
+ AS-REP ::= [APPLICATION 11] KDC-REP
+ TGS-REP ::= [APPLICATION 13] KDC-REP
+ */
+ public OutputStream encode(KdcReply app, OutputStream os) throws
IOException {
+
+ ASN1OutputStream aos = new ASN1OutputStream(os);
+
+ DERSequence kdcrep = encodeKdcReplySequence(app);
+ aos.writeObject(new
DERApplicationSpecific(app.getMessageType().getOrdinal(), kdcrep));
+
+ aos.close();
+
+ return aos;
+ }
+
+ /*
+ KDC-REP ::= SEQUENCE {
+ pvno[0] INTEGER,
+ msg-type[1] INTEGER,
+ padata[2] SEQUENCE OF PA-DATA OPTIONAL,
+ crealm[3] Realm,
+ cname[4] PrincipalName,
+ ticket[5] Ticket,
+ enc-part[6] EncryptedData
+ }*/
+ private DERSequence encodeKdcReplySequence(KdcReply app) {
+
+ ASN1EncodableVector vector = new ASN1EncodableVector();
+
+ vector.add(new DERTaggedObject(0, new
DERInteger(app.getProtocolVersionNumber())));
+ vector.add(new DERTaggedObject(1, new
DERInteger(app.getMessageType().getOrdinal())));
+ if (app.getPaData() != null)
+ vector.add(new DERTaggedObject(2,
encodePaData(app.getPaData())));
+ vector.add(new DERTaggedObject(3,
encodeRealm(app.getCrealm())));
+ vector.add(new DERTaggedObject(4,
encodePrincipalName(app.getCname())));
+ vector.add(new DERTaggedObject(5,
encodeTicket(app.getTicket())));
+ vector.add(new DERTaggedObject(6,
encodeEncryptedData(app.getEncPart())));
+
+ return new DERSequence(vector);
+ }
+
+ /*
+ PA-DATA ::= SEQUENCE {
+ padata-type[1] INTEGER,
+ padata-value[2] OCTET STRING,
+ -- might be encoded AP-REQ
+ }*/
+ private DERSequence encodePaData(PreAuthenticationData[] paData) {
+
+ ASN1EncodableVector pa = new ASN1EncodableVector();
+
+ for (int i = 0; i < paData.length; i++) {
+ ASN1EncodableVector vector = new ASN1EncodableVector();
+
+ vector.add(new DERTaggedObject(1, new
DERInteger(paData[i].getDataType())));
+ vector.add(new DERTaggedObject(2, new
DEROctetString(paData[i].getDataValue())));
+ pa.add(new DERSequence(vector));
+ }
+
+ return new DERSequence(pa);
+ }
+}
+
Added:
incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/io/encoder/KdcReqBodyEncoder.java
==============================================================================
--- (empty file)
+++
incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/io/encoder/KdcReqBodyEncoder.java
Fri Oct 1 11:02:24 2004
@@ -0,0 +1,90 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.kerberos.io.encoder;
+
+import org.apache.kerberos.messages.*;
+import org.bouncycastle.asn1.*;
+
+import java.io.*;
+
+public class KdcReqBodyEncoder extends KerberosMessageEncoder {
+
+ public byte[] encode(KdcRequest request) throws IOException {
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ ASN1OutputStream aos = new ASN1OutputStream(baos);
+
+ aos.writeObject(encodeInitialSequence(request));
+ aos.flush();
+ aos.close();
+
+ return baos.toByteArray();
+ }
+
+ /*
+ KDC-REQ-BODY ::= SEQUENCE {
+ kdc-options[0] KDCOptions,
+ cname[1] PrincipalName OPTIONAL,
+ -- Used only in AS-REQ
+ realm[2] Realm, -- Server's realm
+ -- Also client's in AS-REQ
+ sname[3] PrincipalName OPTIONAL,
+ from[4] KerberosTime OPTIONAL,
+ till[5] KerberosTime,
+ rtime[6] KerberosTime OPTIONAL,
+ nonce[7] INTEGER,
+
+ etype[8] SEQUENCE OF INTEGER, -- EncryptionEngine,
+ -- in preference order
+ addresses[9] HostAddresses OPTIONAL,
+ enc-authorization-data[10] EncryptedData OPTIONAL,
+ -- Encrypted AuthorizationData encoding
+ additional-tickets[11] SEQUENCE OF Ticket OPTIONAL
+ }*/
+ private DERSequence encodeInitialSequence(KdcRequest request) {
+ ASN1EncodableVector vector = new ASN1EncodableVector();
+
+ vector.add(new DERTaggedObject(0,
encodeKdcOptions(request.getKdcOptions())));
+ // OPTIONAL
+ if (request.getCname() != null)
+ vector.add(new DERTaggedObject(1,
encodePrincipalName(request.getCname())));
+ vector.add(new DERTaggedObject(2,
encodeRealm(request.getRealm())));
+ // OPTIONAL
+ if (request.getSname() != null)
+ vector.add(new DERTaggedObject(3,
encodePrincipalName(request.getSname())));
+ // OPTIONAL
+ if (request.getFrom() != null)
+ vector.add(new DERTaggedObject(4,
encodeKerberosTime(request.getFrom())));
+ vector.add(new DERTaggedObject(5,
encodeKerberosTime(request.getTill())));
+ // OPTIONAL
+ if (request.getRtime() != null)
+ vector.add(new DERTaggedObject(6,
encodeKerberosTime(request.getRtime())));
+ vector.add(new DERTaggedObject(7, new
DERInteger(request.getNonce())));
+ vector.add(new DERTaggedObject(8,
encodeEncryptionType(request.getEType())));
+ // OPTIONAL
+ if (request.getAddresses() != null)
+ vector.add(new DERTaggedObject(9,
encodeHostAddresses(request.getAddresses())));
+ // OPTIONAL
+ if (request.getEncAuthorizationData() != null)
+ vector.add(new DERTaggedObject(10,
encodeEncryptedData(request.getEncAuthorizationData())));
+ // OPTIONAL
+ if (request.getAdditionalTickets() != null)
+ vector.add(new DERTaggedObject(11,
encodeAdditionalTickets(request.getAdditionalTickets())));
+
+ return new DERSequence(vector);
+ }
+}
+
Added:
incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/io/encoder/KerberosMessageEncoder.java
==============================================================================
--- (empty file)
+++
incubator/directory/kerberos/trunk/source/main/org/apache/kerberos/io/encoder/KerberosMessageEncoder.java
Fri Oct 1 11:02:24 2004
@@ -0,0 +1,299 @@
+/*
+ * Copyright 2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.kerberos.io.encoder;
+
+import org.apache.kerberos.crypto.encryption.*;
+import org.apache.kerberos.messages.components.*;
+import org.apache.kerberos.messages.value.*;
+import org.bouncycastle.asn1.*;
+
+import java.util.*;
+
+public abstract class KerberosMessageEncoder {
+
+ /*
+ PrincipalName ::= SEQUENCE {
+ name-type[0] INTEGER,
+ name-string[1] SEQUENCE OF GeneralString
+ }*/
+ protected DERSequence encodePrincipalName(PrincipalName name) {
+
+ ASN1EncodableVector vector = new ASN1EncodableVector();
+
+ vector.add(new DERTaggedObject(0, new
DERInteger(name.getNameType())));
+ vector.add(new DERTaggedObject(1, encodeNameSequence(name)));
+
+ return new DERSequence(vector);
+ }
+
+ protected DERSequence encodeNameSequence(PrincipalName name) {
+ Iterator it = name.getNameStrings().iterator();
+
+ ASN1EncodableVector vector = new ASN1EncodableVector();
+
+ while (it.hasNext())
+ vector.add(new DERGeneralString((String)it.next()));
+
+ return new DERSequence(vector);
+
+ }
+
+ /*
+ Ticket ::= [APPLICATION 1] SEQUENCE {
+ tkt-vno[0] INTEGER,
+ realm[1] Realm,
+ sname[2] PrincipalName,
+ enc-part[3] EncryptedData
+ }*/
+ protected DERApplicationSpecific encodeTicket(Ticket ticket) {
+
+ ASN1EncodableVector vector = new ASN1EncodableVector();
+
+ vector.add(new DERTaggedObject(0, new
DERInteger(ticket.getTicketVersionNumber())));
+ vector.add(new DERTaggedObject(1, new
DERGeneralString(ticket.getRealm().toString())));
+ vector.add(new DERTaggedObject(2,
encodePrincipalName(ticket.getServerName())));
+ vector.add(new DERTaggedObject(3,
encodeEncryptedData(ticket.getEncPart())));
+
+ DERApplicationSpecific ticketSequence = null;
+ try {
+ ticketSequence = new DERApplicationSpecific(1, new
DERSequence(vector));
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ return ticketSequence;
+ }
+
+ /*
+ KerberosTime ::= GeneralizedTime
+ -- Specifying UTC time zone (Z)
+ */
+ protected DERGeneralizedTime encodeKerberosTime(KerberosTime time) {
+ return new DERGeneralizedTime(time.toDate());
+ }
+
+ /*
+ etype[8] SEQUENCE OF INTEGER, -- EncryptionEngine,
+ -- in preference order
+ */
+ protected DERSequence encodeEncryptionType(EncryptionType[] eType) {
+
+ ASN1EncodableVector outerVector = new ASN1EncodableVector();
+
+ for (int i = 0; i < eType.length; i++) {
+ outerVector.add(new DERInteger(eType[i].getOrdinal()));
+ }
+ return new DERSequence(outerVector);
+ }
+
+ /*
+ HostAddress ::= SEQUENCE {
+ addr-type[0] INTEGER,
+ address[1] OCTET STRING
+ }*/
+ protected DERSequence encodeHostAddress(HostAddress host) {
+ ASN1EncodableVector vector = new ASN1EncodableVector();
+
+ vector.add(new DERTaggedObject(0, new
DERInteger(host.getAddrType())));
+ vector.add(new DERTaggedObject(1, new
DEROctetString(host.getAddress())));
+
+ return new DERSequence(vector);
+ }
+
+ /*
+ HostAddresses ::= SEQUENCE OF SEQUENCE {
+ addr-type[0] INTEGER,
+ address[1] OCTET STRING
+ }*/
+ protected DERSequence encodeHostAddresses(HostAddresses hosts) {
+
+ HostAddress[] addresses = hosts.getAddresses();
+ ASN1EncodableVector outerVector = new ASN1EncodableVector();
+
+ for (int i = 0; i < addresses.length; i++) {
+ ASN1EncodableVector vector = new ASN1EncodableVector();
+ vector.add(new DERTaggedObject(0, new
DERInteger(addresses[i].getAddrType())));
+ vector.add(new DERTaggedObject(1, new
DEROctetString(addresses[i].getAddress())));
+ outerVector.add(new DERSequence(vector));
+ }
+ return new DERSequence(outerVector);
+ }
+
+ /*
+ EncryptedData ::= SEQUENCE {
+ etype[0] INTEGER, -- EncryptionEngine
+ kvno[1] INTEGER OPTIONAL,
+ cipher[2] OCTET STRING -- ciphertext
+ }*/
+ protected DERSequence encodeEncryptedData(EncryptedData encPart) {
+ ASN1EncodableVector vector = new ASN1EncodableVector();
+
+ vector.add(new DERTaggedObject(0, new
DERInteger(encPart.getEncryptionType().getOrdinal())));
+ if (encPart.getKeyVersion() > 0)
+ vector.add(new DERTaggedObject(1, new
DERInteger(encPart.getKeyVersion())));
+ vector.add(new DERTaggedObject(2, new
DEROctetString(encPart.getCipherText())));
+
+ return new DERSequence(vector);
+ }
+
+ protected DERGeneralString encodeRealm(Realm realm) {
+ return new DERGeneralString(realm.toString());
+ }
+
+ protected DERSequence encodeEncryptionKey(EncryptionKey key) {
+ ASN1EncodableVector vector = new ASN1EncodableVector();
+
+ vector.add(new DERTaggedObject(0, new
DERInteger(key.getKeyType().getOrdinal())));
+ vector.add(new DERTaggedObject(1, new
DEROctetString(key.getKeyValue())));
+
+ return new DERSequence(vector);
+ }
+
+ /*
+ Checksum ::= SEQUENCE {
+ cksumtype[0] INTEGER,
+ checksum[1] OCTET STRING
+ }
+ */
+ protected DERSequence encodeChecksum(Checksum checksum) {
+ ASN1EncodableVector vector = new ASN1EncodableVector();
+
+ vector.add(new DERTaggedObject(0, new
DERInteger(checksum.getChecksumType().getOrdinal())));
+ vector.add(new DERTaggedObject(1, new
DEROctetString(checksum.getChecksumValue())));
+
+ return new DERSequence(vector);
+ }
+
+ /*
+ LastReq ::= SEQUENCE OF SEQUENCE {
+ lr-type[0] INTEGER,
+ lr-value[1] KerberosTime
+ }*/
+ protected DERSequence encodeLastRequest(LastRequest lastReq) {
+
+ LastRequestEntry[] entries = lastReq.getEntries();
+ ASN1EncodableVector outerVector = new ASN1EncodableVector();
+ for (int i = 0; i < entries.length; i++) {
+ ASN1EncodableVector vector = new ASN1EncodableVector();
+ vector.add(new DERTaggedObject(0, new
DERInteger(entries[i].getLastRequestType())));
+ vector.add(new DERTaggedObject(1, new
DERGeneralizedTime(entries[i].getLastRequestValue().toDate())));
+ outerVector.add(new DERSequence(vector));
+ }
+
+ return new DERSequence(outerVector);
+ }
+
+ /*
+ APOptions ::= BIT STRING {
+ reserved(0),
+ use-session-key(1),
+ mutual-required(2)
+ }*/
+ protected DERBitString encodeApOptions(ApOptions options) {
+ return new DERBitString(options.getBytes());
+ }
+
+ /*
+ TicketFlags ::= BIT STRING {
+ reserved(0),
+ forwardable(1),
+ forwarded(2),
+ proxiable(3),
+ proxy(4),
+ may-postdate(5),
+ postdated(6),
+ invalid(7),
+ renewable(8),
+ initial(9),
+ pre-authent(10),
+ hw-authent(11)
+ }*/
+ protected DERBitString encodeTicketFlags(TicketFlags flags) {
+ return new DERBitString(flags.getBytes());
+ }
+
+ /*
+ KDCOptions ::= BIT STRING {
+ reserved(0),
+ forwardable(1),
+ forwarded(2),
+ proxiable(3),
+ proxy(4),
+ allow-postdate(5),
+ postdated(6),
+
+ unused7(7),
+ renewable(8),
+ unused9(9),
+ unused10(10),
+ unused11(11),
+ renewable-ok(27),
+ enc-tkt-in-skey(28),
+ renew(30),
+ validate(31)
+ }*/
+ protected DERBitString encodeKdcOptions(KdcOptions options) {
+ return new DERBitString(options.getBytes());
+ }
+
+ /*
+ TransitedEncoding ::= SEQUENCE {
+ tr-type[0] INTEGER, -- must be registered
+ contents[1] OCTET STRING
+ }*/
+ protected DERSequence encodeTransitedEncoding(TransitedEncoding te) {
+
+ ASN1EncodableVector vector = new ASN1EncodableVector();
+
+ vector.add(new DERTaggedObject(0, new
DERInteger(te.getType())));
+ vector.add(new DERTaggedObject(1, new
DEROctetString(te.getContents())));
+
+ return new DERSequence(vector);
+ }
+
+ /*
+ AuthorizationData ::= SEQUENCE OF SEQUENCE {
+ ad-type[0] INTEGER,
+ ad-data[1] OCTET STRING
+ }*/
+ protected DERSequence encodeAuthorizationData(AuthorizationData data) {
+
+ Iterator it = data.iterator();
+ ASN1EncodableVector outerVector = new ASN1EncodableVector();
+
+ while (it.hasNext()) {
+ AuthorizationDataEntry entry =
(AuthorizationDataEntry)it.next();
+ ASN1EncodableVector vector = new ASN1EncodableVector();
+ vector.add(new DERTaggedObject(0, new
DERInteger(entry.getAuthorizationDataType())));
+ vector.add(new DERTaggedObject(1, new
DEROctetString(entry.getAuthorizationData())));
+ outerVector.add(new DERSequence(vector));
+ }
+ return new DERSequence(outerVector);
+ }
+
+ protected DERSequence encodeAdditionalTickets(Ticket[] tickets) {
+
+ ASN1EncodableVector outerVector = new ASN1EncodableVector();
+
+ for (int i = 0; i < tickets.length; i++) {
+ ASN1EncodableVector vector = new ASN1EncodableVector();
+ vector.add(encodeTicket(tickets[i]));
+ outerVector.add(new DERSequence(vector));
+ }
+ return new DERSequence(outerVector);
+ }
+}
+
