Author: erodriguez
Date: Tue Nov 9 06:42:13 2004
New Revision: 57042
Modified:
incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/crypto/CryptoService.java
Log:
General CryptoService refactoring in preparation for rolling it into the
EncryptionEngine.
Modified:
incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/crypto/CryptoService.java
==============================================================================
---
incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/crypto/CryptoService.java
(original)
+++
incubator/directory/kerberos/trunk/kerberos/src/java/org/apache/kerberos/crypto/CryptoService.java
Tue Nov 9 06:42:13 2004
@@ -25,19 +25,18 @@
import javax.security.auth.kerberos.KerberosKey;
import javax.security.auth.kerberos.KerberosPrincipal;
import java.security.SecureRandom;
-import java.util.Date;
import java.util.HashMap;
import java.util.Map;
-public class CryptoService {
-
+public class CryptoService
+{
private static final SecureRandom random = new SecureRandom();
private static final Map _encryptionEngines = new HashMap();
private static final Map _checksumEngines = new HashMap();
- public CryptoService() {
-
+ public CryptoService()
+ {
_encryptionEngines.put(EncryptionType.NULL, new
NullEncryption());
_encryptionEngines.put(EncryptionType.DES_CBC_CRC, new
DesCbcCrcEncryption());
_encryptionEngines.put(EncryptionType.DES_CBC_MD4, new
DesCbcMd4Encryption());
@@ -51,24 +50,27 @@
_checksumEngines.put(ChecksumType.SHA1, new Sha1Checksum());
}
- public static ChecksumEngine getInstance(ChecksumType type) throws
KerberosException {
+ public static ChecksumEngine getInstance(ChecksumType type) throws
KerberosException
+ {
if (!_checksumEngines.containsKey(type))
throw KerberosException.KDC_ERR_SUMTYPE_NOSUPP;
return (ChecksumEngine)_checksumEngines.get(type);
}
- public static EncryptionEngine getInstance(EncryptionType type) throws
KerberosException {
+ public static EncryptionEngine getInstance(EncryptionType type) throws
KerberosException
+ {
if (!_encryptionEngines.containsKey(type))
throw KerberosException.KDC_ERR_ETYPE_NOSUPP;
return (EncryptionEngine)_encryptionEngines.get(type);
}
- public EncryptionKey getNewSessionKey() {
- byte[] confounder = getRandomBytes(8);
+ public EncryptionKey getNewSessionKey()
+ {
+ byte[] confounder = getRandomBytes( 8 );
DesStringToKey subSessionKey = new DesStringToKey(new
String(confounder));
return new EncryptionKey(EncryptionType.DES_CBC_MD5,
subSessionKey.getKey());
}
-
+
public static KerberosKey getRandomKeyFor(KerberosPrincipal principal)
{
final int DES_KEY_TYPE = 3;
@@ -80,7 +82,8 @@
return new KerberosKey( principal, randomKey.getKey(),
DES_KEY_TYPE, keyVersion );
}
- public byte[] decrypt(EncryptionKey key, EncryptedData data) throws
KerberosException {
+ public byte[] decrypt(EncryptionKey key, EncryptedData data) throws
KerberosException
+ {
// TODO - check for matching encryptionType and keyVersion
EncryptionEngine type = getInstance(key.getKeyType());
@@ -92,21 +95,25 @@
}
public EncryptedData getEncryptedData(EncryptionKey key, byte[]
plainText)
- throws KerberosException {
-
- EncryptionEngine type = getInstance(key.getKeyType());
+ throws KerberosException
+ {
+ EncryptionEngine engine = getInstance(key.getKeyType());
- byte[] conFounder = getRandomBytes(type.confounderSize());
- byte[] zeroedChecksum = new byte[type.checksumSize()];
- byte[] dataBytes = concatenateBytes(conFounder,
concatenateBytes(zeroedChecksum,
- padString(plainText)));
- byte[] checksumBytes = type.calculateChecksum(dataBytes);
+ byte[] conFounder =
getRandomBytes(engine.confounderSize());
+ byte[] zeroedChecksum = new byte[engine.checksumSize()];
+ byte[] paddedPlainText = padString(plainText);
+ byte[] dataBytes = concatenateBytes(conFounder,
concatenateBytes(zeroedChecksum, paddedPlainText));
+ byte[] checksumBytes = engine.calculateChecksum(dataBytes);
byte[] paddedDataBytes = padString(dataBytes);
- for (int i = type.confounderSize(); i < type.confounderSize() +
type.checksumSize(); i++)
- paddedDataBytes[i] = checksumBytes[i -
type.confounderSize()];
- byte[] encryptedData = encrypt(key, paddedDataBytes);
-
- return new EncryptedData(type.encryptionType(),
key.getKeyVersion(), encryptedData);
+
+ for (int i = engine.confounderSize(); i <
engine.confounderSize() + engine.checksumSize(); i++)
+ {
+ paddedDataBytes[i] = checksumBytes[i -
engine.confounderSize()];
+ }
+
+ byte[] encryptedData = engine.encrypt(paddedDataBytes,
key.getKeyValue());
+
+ return new EncryptedData(engine.encryptionType(),
key.getKeyVersion(), encryptedData);
}
private static synchronized byte[] getRandomBytes(int size)
@@ -116,23 +123,10 @@
return bytes;
}
- private static byte[] long2octet(long input) {
- byte[] output = new byte[8];
- for (int i = 0; i < 8; i++) {
- output[i] = (byte)((input >>> ((7 - i) * 8)) &
0xffL);
- }
- return output;
- }
-
// TODO - The classes below are key production util code and I can
picture them moving
// to a key production base class when I add DES3 and/or AES
support.
-
- private byte[] encrypt(EncryptionKey key, byte[] plaintext) throws
KerberosException {
- EncryptionEngine encryptionEngine =
getInstance(key.getKeyType());
- return encryptionEngine.encrypt(plaintext, key.getKeyValue());
- }
-
- private byte[] padString(byte encodedString[]) {
+ private byte[] padString(byte encodedString[])
+ {
int x;
if (encodedString.length < 8)
x = encodedString.length;
@@ -151,7 +145,8 @@
return paddedByteArray;
}
- private byte[] concatenateBytes(byte[] array1, byte[] array2) {
+ private byte[] concatenateBytes(byte[] array1, byte[] array2)
+ {
byte concatenatedBytes[] = new byte[array1.length +
array2.length];
for (int i = 0; i < array1.length; i++)
@@ -163,7 +158,8 @@
return concatenatedBytes;
}
- private byte[] removeBytes(byte[] array, int confounder, int checksum) {
+ private byte[] removeBytes(byte[] array, int confounder, int checksum)
+ {
byte lessBytes[] = new byte[array.length - confounder -
checksum];
int j = 0;
