| /* |
| * Licensed to the Apache Software Foundation (ASF) under one |
| * or more contributor license agreements. See the NOTICE file |
| * distributed with this work for additional information |
| * regarding copyright ownership. The ASF licenses this file |
| * to you under the Apache License, Version 2.0 (the |
| * "License"); you may not use this file except in compliance |
| * with the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, |
| * software distributed under the License is distributed on an |
| * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| * KIND, either express or implied. See the License for the |
| * specific language governing permissions and limitations |
| * under the License. |
| * |
| */ |
| package org.apache.directory.server.kerberos.shared.messages.value; |
| |
| |
| import java.nio.BufferOverflowException; |
| import java.nio.ByteBuffer; |
| import java.text.ParseException; |
| import java.util.ArrayList; |
| import java.util.List; |
| |
| import javax.security.auth.kerberos.KerberosPrincipal; |
| |
| import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType; |
| import org.apache.directory.server.kerberos.shared.messages.components.Ticket; |
| import org.apache.directory.server.kerberos.shared.messages.value.flags.KdcOptions; |
| import org.apache.directory.shared.asn1.AbstractAsn1Object; |
| import org.apache.directory.shared.asn1.ber.tlv.TLV; |
| import org.apache.directory.shared.asn1.ber.tlv.UniversalTag; |
| import org.apache.directory.shared.asn1.ber.tlv.Value; |
| import org.apache.directory.shared.asn1.codec.EncoderException; |
| import org.apache.directory.shared.ldap.util.StringTools; |
| import org.slf4j.Logger; |
| import org.slf4j.LoggerFactory; |
| |
| |
| /** |
| * The Request Body is used into KDC-REQ, which is either an AS-REQ or a TGS-REQ. |
| * |
| * The ASN.1 grammar is the following : |
| * |
| * KDC-REQ-BODY ::= SEQUENCE { |
| * kdc-options [0] KDCOptions, |
| * cname [1] PrincipalName OPTIONAL |
| * -- Used only in AS-REQ --, |
| * realm [2] Realm |
| * -- Server's realm |
| * -- Also client's in AS-REQ --, |
| * sname [3] PrincipalName OPTIONAL, |
| * from [4] KerberosTime OPTIONAL, |
| * till [5] KerberosTime, |
| * rtime [6] KerberosTime OPTIONAL, |
| * nonce [7] UInt32, |
| * etype [8] SEQUENCE OF Int32 -- EncryptionType |
| * -- in preference order --, |
| * addresses [9] HostAddresses OPTIONAL, |
| * enc-authorization-data [10] EncryptedData OPTIONAL |
| * -- AuthorizationData --, |
| * additional-tickets [11] SEQUENCE OF Ticket OPTIONAL |
| * -- NOTE: not empty |
| * } |
| * |
| * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a> |
| * @version $Rev: 540371 $, $Date: 2007-05-22 02:00:43 +0200 (Tue, 22 May 2007) $ |
| */ |
| public class KerberosRequestBody extends AbstractAsn1Object |
| { |
| /** The logger */ |
| private static final Logger log = LoggerFactory.getLogger( KerberosRequestBody.class ); |
| |
| /** Speedup for logs */ |
| private static final boolean IS_DEBUG = log.isDebugEnabled(); |
| |
| /** The options */ |
| private KdcOptions kdcOptions; |
| |
| /** The client principalName */ |
| private PrincipalName cName; //optional in TgsReq only |
| |
| /** The client KerberosPrincipal */ |
| private KerberosPrincipal clientPrincipal; |
| |
| /** The server realm */ |
| private String realm; |
| |
| /** A byte array to store the server realm */ |
| private transient byte[] realmBytes; |
| |
| /** The server principal Name */ |
| private PrincipalName sName; // optional |
| |
| /** The server kerberosPrincipal */ |
| private KerberosPrincipal serverPrincipal; |
| |
| /** the desired starttime for the requested ticket */ |
| private KerberosTime from; //optional |
| |
| /** the expiration date requested by the client */ |
| private KerberosTime till; |
| |
| /** the requested renew-till time sent from a client to a KDC */ |
| private KerberosTime rTime; //optional |
| |
| /** random number generated by the client */ |
| private int nonce; |
| |
| /** the desired encryption algorithm to be used in the response */ |
| private List<EncryptionType> eType; |
| |
| /** the addresses from which the requested ticket is to be valid */ |
| private HostAddresses addresses; //optional |
| |
| /** encoding of the desired authorization-data encrypted */ |
| private EncryptedData encAuthorizationData; //optional |
| |
| /** Additional tickets */ |
| private List<Ticket> additionalTickets; //optional |
| |
| // Storage for computed lengths |
| private transient int kdcOptionsTagLength; |
| private transient int kdcOptionsLength; |
| |
| private transient int cNameTagLength; |
| |
| private transient int realmTagLength; |
| |
| private transient int sNameTagLength; |
| |
| private transient int fromTagLength; |
| private transient int fromLength; |
| |
| private transient int tillTagLength; |
| private transient int tillLength; |
| |
| private transient int rTimeTagLength; |
| private transient int rTimeLength; |
| |
| private transient int nonceTagLength; |
| |
| private transient int eTypeTagLength; |
| private transient int eTypeSeqLength; |
| |
| private transient int addressesTagLength; |
| |
| private transient int encAuthorizationDataTagLength; |
| |
| private transient int additionalTicketsTagLength; |
| private transient int additionalTicketsSeqLength; |
| |
| private transient int requestBodySeqLength; |
| |
| |
| /** |
| * Creates a new instance of KerberosRequestBody. |
| **/ |
| public KerberosRequestBody() |
| { |
| cName = null; // Optional |
| sName = null; // Optional |
| from = null; // Optional |
| rTime = null; // Optional |
| addresses = null; // Optional |
| encAuthorizationData = null; // Optional |
| additionalTickets = null; // Optional |
| eType = new ArrayList<EncryptionType>(); |
| } |
| |
| /** |
| * Returns the additional {@link Ticket}s. |
| * |
| * @return The additional {@link Ticket}s. |
| */ |
| public List<Ticket> getAdditionalTickets() |
| { |
| return additionalTickets; |
| } |
| |
| /** |
| * Set the additional Tickets list |
| * @param additionalTickets The ticket list |
| */ |
| public void setAdditionalTickets( List<Ticket> additionalTickets ) |
| { |
| this.additionalTickets = additionalTickets; |
| } |
| |
| /** |
| * Set the additional Tickets list |
| * @param additionalTickets The ticket list |
| */ |
| public void addAdditionalTicket( Ticket additionalTicket ) |
| { |
| if ( additionalTickets == null ) |
| { |
| additionalTickets = new ArrayList<Ticket>(); |
| } |
| |
| additionalTickets.add( additionalTicket ); |
| } |
| |
| |
| /** |
| * Returns the {@link HostAddresses}. |
| * |
| * @return The {@link HostAddresses}. |
| */ |
| public HostAddresses getAddresses() |
| { |
| return addresses; |
| } |
| |
| /** |
| * Set the host addresses |
| * |
| * @param addresses The host addresses structure |
| */ |
| public void setAddresses( HostAddresses addresses ) |
| { |
| this.addresses = addresses; |
| } |
| |
| |
| /** |
| * Returns the client {@link KerberosPrincipal}. |
| * |
| * @return The client {@link KerberosPrincipal}. |
| */ |
| public KerberosPrincipal getClientPrincipal() |
| { |
| return clientPrincipal; |
| } |
| |
| |
| /** |
| * Set the client KerberosPrincipal |
| * @param clientPrincipal the client KerberosPrincipal |
| */ |
| public void setClientPrincipal( KerberosPrincipal clientPrincipal ) |
| { |
| this.clientPrincipal = clientPrincipal; |
| |
| try |
| { |
| cName = new PrincipalName( clientPrincipal.getName(), clientPrincipal.getNameType() ); |
| } |
| catch ( ParseException pe ) |
| { |
| log.error( "The KerberosPrincipal is invalid : {}", clientPrincipal ); |
| cName = null; |
| } |
| } |
| |
| |
| /** |
| * Returns the server {@link PrincipalName}. |
| * |
| * @return The server {@link PrincipalName}. |
| */ |
| public PrincipalName getServerPrincipalName() |
| { |
| return sName; |
| } |
| |
| |
| /** |
| * Returns the server {@link KerberosPrincipal}. |
| * |
| * @return The server {@link KerberosPrincipal}. |
| */ |
| public KerberosPrincipal getServerPrincipal() |
| { |
| return serverPrincipal; |
| } |
| |
| |
| /** |
| * Returns the encrypted {@link AuthorizationData} as {@link EncryptedData}. |
| * |
| * @return The encrypted {@link AuthorizationData} as {@link EncryptedData}. |
| */ |
| public EncryptedData getEncAuthorizationData() |
| { |
| return encAuthorizationData; |
| } |
| |
| /** |
| * Set the encrypted {@link AuthorizationData} as {@link EncryptedData}. |
| * @param encAuthorizationData the encrypted {@link AuthorizationData} as {@link EncryptedData}. |
| */ |
| public void setEncAuthorizationData( EncryptedData encAuthorizationData ) |
| { |
| this.encAuthorizationData = encAuthorizationData; |
| } |
| |
| |
| /** |
| * Returns the requested {@link EncryptionType}s. |
| * |
| * @return The requested {@link EncryptionType}s. |
| */ |
| public List<EncryptionType> getEType() |
| { |
| return eType; |
| } |
| |
| |
| /** |
| * Returns the from {@link KerberosTime}. |
| * |
| * @return The from {@link KerberosTime}. |
| */ |
| public KerberosTime getFrom() |
| { |
| return from; |
| } |
| |
| /** |
| * Set the from date |
| * @param from The from date |
| */ |
| public void setFrom( KerberosTime from ) |
| { |
| this.from = from; |
| } |
| |
| |
| /** |
| * Returns the {@link KdcOptions}. |
| * |
| * @return The {@link KdcOptions}. |
| */ |
| public KdcOptions getKdcOptions() |
| { |
| return kdcOptions; |
| } |
| |
| /** |
| * Set the KdcOptions |
| * @param kdcOptions The KdcOptions |
| */ |
| public void setKdcOptions( KdcOptions kdcOptions ) |
| { |
| this.kdcOptions = kdcOptions; |
| } |
| |
| |
| /** |
| * Returns the nonce. |
| * |
| * @return The nonce. |
| */ |
| public int getNonce() |
| { |
| return nonce; |
| } |
| |
| /** |
| * Set the nonce |
| * @param nonce The nonce |
| */ |
| public void setNonce( int nonce ) |
| { |
| this.nonce = nonce; |
| } |
| |
| /** |
| * Returns the renew-time {@link KerberosTime}. |
| * |
| * @return The renew-time {@link KerberosTime}. |
| */ |
| public KerberosTime getRenewtime() |
| { |
| return rTime; |
| } |
| |
| /** |
| * Set the renew-till time sent from a client to |
| * the KDC |
| * @param rtime the renew-till time sent from a client to |
| * the KDC |
| */ |
| public void setRenewtime( KerberosTime rtime ) |
| { |
| this.rTime = rtime; |
| } |
| |
| /** |
| * Returns the till {@link KerberosTime}. |
| * |
| * @return The till {@link KerberosTime}. |
| */ |
| public KerberosTime getTill() |
| { |
| return till; |
| } |
| |
| /** |
| * Set the expiration date requested by the client |
| * @param till Expiration date requested by the client |
| */ |
| public void setTill( KerberosTime till ) |
| { |
| this.till = till; |
| } |
| |
| /** |
| * @return The client principalName |
| */ |
| public PrincipalName getClientPrincipalName() |
| { |
| return cName; |
| } |
| |
| /** |
| * Set the server PrincipalName |
| * @param name the server PrincipalName |
| */ |
| public void setServerPrincipalName( PrincipalName sName ) |
| { |
| this.sName = sName; |
| serverPrincipal = new KerberosPrincipal( sName.getNameComponent(), sName.getNameType().getOrdinal() ); |
| } |
| |
| /** |
| * Set the server {@link KerberosPrincipal} |
| * @param name the server {@link KerberosPrincipal} |
| */ |
| public void setServerPrincipal( KerberosPrincipal serverPrincipal ) |
| { |
| this.serverPrincipal = serverPrincipal; |
| |
| try |
| { |
| sName = new PrincipalName( serverPrincipal.getName(), serverPrincipal.getNameType() ); |
| } |
| catch ( ParseException pe ) |
| { |
| log.error( "The KerberosPrincipal is invalid : {}", serverPrincipal ); |
| sName = null; |
| } |
| } |
| |
| /** |
| * @return The server realm |
| */ |
| public String getRealm() |
| { |
| return realm; |
| } |
| |
| /** |
| * Set the server realm |
| * @param realm The server realm |
| */ |
| public void setRealm( String realm ) |
| { |
| this.realm = realm; |
| } |
| |
| /** |
| * Set the list of Encryption types |
| * @param type the list of Encryption types |
| */ |
| public void setEncryptionType( List<EncryptionType> eType ) |
| { |
| this.eType = eType; |
| } |
| |
| /** |
| * Add a new Encryption type to the eType list |
| * @param eType The EncryptionType to add |
| */ |
| public void addEncryptionType( EncryptionType eType ) |
| { |
| this.eType.add( eType ); |
| } |
| |
| /** |
| * Compute the KDC-REQ-BODY length |
| * |
| * KerberosRequestBody : |
| * |
| * 0x30 L1 KerberosRequestBody sequence |
| * | |
| * +--> 0xA0 L2 kdc-options tag |
| * | | |
| * | +--> 0x02 L2-1 kdc-options (BIT STRING) |
| * | |
| * +--> [0xA1 L3 cname tag |
| * | | |
| * | +--> 0x30 L3-1 cname (PrincipalName)] (optional) |
| * | |
| * +--> 0xA2 L4 realm tag |
| * | | |
| * | +--> 0x04 L4-1 realm (String) |
| * | |
| * +--> [0xA3 L5 sname tag |
| * | | |
| * | +--> 0x02 L5-1 sname (PrincipalName)] (optional) |
| * | |
| * +--> [0xA4 L6 from tag |
| * | | |
| * | +--> 0x02 L6-1 from (KerberosTime)] (optional) |
| * | |
| * +--> 0xA5 L7 till tag |
| * | | |
| * | +--> 0x02 L7-1 till (KerberosTime) |
| * | |
| * +--> [0xA6 L8 rtime tag |
| * | | |
| * | +--> 0x02 L8-1 kdc-options (KerberosTime)] (optional) |
| * | |
| * +--> 0xA7 L9 nonce tag |
| * | | |
| * | +--> 0x02 L9-1 nonce (int) |
| * | |
| * +--> 0xA8 L10 kdc-options tag |
| * | | |
| * | +--> 0x30 L10-1 |
| * | | |
| * | +--> 0x02 L10-2 etype (int) |
| * | | |
| * | +--> ... |
| * | | |
| * | +--> 0x02 L10-N etype (int) |
| * | |
| * +--> [0xA9 L11 hostAdresses tag |
| * | | |
| * | +--> 0x30 L11-1 hostAdresses (HostAddresses)] (optional) |
| * | |
| * +--> [0xAA L12 enc-authorization-data tag |
| * | | |
| * | +--> 0x30 L12-1 enc-authorization-data (EncryptedData)] (optional) |
| * | |
| * +--> [0xAB L13 additional-tickets tag |
| * | |
| * +--> 0x30 L13-1 additional-tickets (Ticket) |
| * | |
| * +--> 0x61 L13-2 Ticket |
| * | |
| * +--> ... |
| * | |
| * +--> 0x61 L13-N Ticket](optional) |
| */ |
| public int computeLength() |
| { |
| requestBodySeqLength = 0; |
| |
| // Compute the kdc-options length |
| kdcOptionsLength = 1 + kdcOptions.getData().length; |
| kdcOptionsTagLength = 1 + TLV.getNbBytes( kdcOptionsLength ) + kdcOptionsLength; |
| requestBodySeqLength = 1 + TLV.getNbBytes( kdcOptionsTagLength ) + kdcOptionsTagLength; |
| |
| // Compute the clientPrincipalName if any |
| if ( cName != null ) |
| { |
| cNameTagLength = cName.computeLength(); |
| requestBodySeqLength += 1 + TLV.getNbBytes( cNameTagLength ) + cNameTagLength; |
| } |
| |
| // Compute the server Realm |
| realmBytes = StringTools.getBytesUtf8( realm ); |
| realmTagLength = 1 + TLV.getNbBytes( realmBytes.length ) + realmBytes.length; |
| requestBodySeqLength += 1 + TLV.getNbBytes( realmTagLength ) + realmTagLength; |
| |
| // Compute the serverPrincipalName if any |
| if ( sName != null ) |
| { |
| sNameTagLength = sName.computeLength(); |
| requestBodySeqLength += 1 + TLV.getNbBytes( sNameTagLength ) + sNameTagLength; |
| } |
| |
| // Compute the from KerberosTime length, if any |
| if ( from != null ) |
| { |
| fromLength = 15; |
| fromTagLength = 1 + 1 + fromLength; |
| |
| requestBodySeqLength += |
| 1 + TLV.getNbBytes( fromTagLength ) + fromTagLength; |
| } |
| |
| // Compute the till KerberosTime length |
| tillLength = 15; |
| tillTagLength = 1 + 1 + tillLength; |
| |
| requestBodySeqLength += |
| 1 + TLV.getNbBytes( tillTagLength ) + tillTagLength; |
| |
| // Compute the renew KerberosTime length, if any |
| if ( rTime != null ) |
| { |
| rTimeLength = 15; |
| rTimeTagLength = 1 + 1 + rTimeLength; |
| |
| requestBodySeqLength += |
| 1 + TLV.getNbBytes( rTimeTagLength ) + rTimeTagLength; |
| } |
| |
| // Compute the nonce length |
| int nonceLength = Value.getNbBytes( nonce ); |
| nonceTagLength = 1 + TLV.getNbBytes( nonceLength ) + nonceLength; |
| requestBodySeqLength += 1 + TLV.getNbBytes( nonceTagLength ) + nonceTagLength; |
| |
| // Compute the EncryptionType length |
| if ( ( eType == null ) || ( eType.size() == 0 ) ) |
| { |
| return -1; |
| } |
| |
| for ( EncryptionType type:eType ) |
| { |
| int eTypeLength = Value.getNbBytes( type.getOrdinal() ); |
| eTypeSeqLength += 1 + TLV.getNbBytes( eTypeLength ) + eTypeLength; |
| } |
| |
| eTypeTagLength = 1 +TLV.getNbBytes( eTypeSeqLength ) + eTypeSeqLength; |
| requestBodySeqLength += 1 + TLV.getNbBytes( eTypeTagLength ) + eTypeTagLength; |
| |
| // Compute the addresses length, if any |
| if ( addresses != null ) |
| { |
| addressesTagLength = addresses.computeLength(); |
| requestBodySeqLength += 1 + TLV.getNbBytes( addressesTagLength ) + addressesTagLength; |
| } |
| |
| // Compute the encAuthorizationData length |
| if ( encAuthorizationData != null ) |
| { |
| encAuthorizationDataTagLength = encAuthorizationData.computeLength(); |
| requestBodySeqLength += 1 + TLV.getNbBytes( encAuthorizationDataTagLength ) + encAuthorizationDataTagLength; |
| } |
| |
| if ( additionalTickets != null ) |
| { |
| additionalTicketsSeqLength = 0; |
| |
| for ( Ticket ticket:additionalTickets ) |
| { |
| additionalTicketsSeqLength += ticket.computeLength(); |
| } |
| |
| additionalTicketsTagLength = 1 + TLV.getNbBytes( additionalTicketsSeqLength ) + additionalTicketsSeqLength; |
| requestBodySeqLength += 1 + TLV.getNbBytes( additionalTicketsTagLength ) + additionalTicketsTagLength; |
| |
| } |
| |
| // Compute the whole sequence length |
| return 1 + TLV.getNbBytes( requestBodySeqLength ) + requestBodySeqLength; |
| } |
| |
| /** |
| * Encode the KRB-REQ-BODY message to a PDU. |
| * |
| * KRB-REQ-BODY : |
| * |
| * 0x30 LL |
| * 0xA0 LL |
| * 0x03 LL kdc-options (BIT STRING) |
| * [0xA1 LL |
| * 0x30 LL cname (PrincipalName) (optional)] |
| * 0xA2 LL |
| * 0x1B LL realm (KerberosString) |
| * [0xA3 LL |
| * 0x30 LL sname (PrincipalName) (optional)] |
| * [0xA4 LL |
| * 0x18 0x0F from (KerberosTime) (optional)] |
| * 0xA5 LL |
| * 0x18 0x0F till (KerberosTime) |
| * [0xA6 LL |
| * 0x18 0x0F renew (KerberosTime) (optional)] |
| * 0xA7 LL |
| * 0x02 LL nounce (int) |
| * 0xA8 LL |
| * 0x30 LL |
| * 0x02 LL etype |
| * ... |
| * 0x02 LL etype |
| * [0xA9 LL |
| * 0x30 LL addresses (HostAddresses) (optional)] |
| * [0xAA LL |
| * 0x30 LL enc-authorization-data (EncryptedData) (optional)] |
| * [0xAB LL |
| * 0x30 LL additional-tickets |
| * 0x61 LL Ticket |
| * ... |
| * 0x61 LL Ticket (optional)] |
| * |
| * @param buffer The buffer where to put the PDU. It should have been allocated |
| * before, with the right size. |
| * @return The constructed PDU. |
| */ |
| public ByteBuffer encode( ByteBuffer buffer ) throws EncoderException |
| { |
| if ( buffer == null ) |
| { |
| throw new EncoderException( "Cannot put a PDU in a null buffer !" ); |
| } |
| |
| try |
| { |
| // The RequestBody SEQ Tag |
| buffer.put( UniversalTag.SEQUENCE_TAG ); |
| buffer.put( TLV.getBytes( requestBodySeqLength ) ); |
| |
| // The kdc-options, first the tag, then the value |
| buffer.put( ( byte ) 0xA0 ); |
| buffer.put( TLV.getBytes( kdcOptionsTagLength ) ); |
| |
| Value.encode( buffer, kdcOptions ); |
| |
| // The clientprincipalName, if any |
| if ( cName != null ) |
| { |
| buffer.put( (byte)0xA1 ); |
| buffer.put( TLV.getBytes( cNameTagLength ) ); |
| cName.encode( buffer ); |
| } |
| |
| // The server realm |
| buffer.put( (byte)0xA2 ); |
| buffer.put( TLV.getBytes( realmTagLength ) ); |
| |
| buffer.put( UniversalTag.GENERALIZED_STRING_TAG ); |
| buffer.put( TLV.getBytes( realmBytes.length ) ); |
| buffer.put( realmBytes ); |
| |
| // The serverprincipalName, if any |
| if ( sName != null ) |
| { |
| buffer.put( (byte)0xA3 ); |
| buffer.put( TLV.getBytes( sNameTagLength ) ); |
| sName.encode( buffer ); |
| } |
| |
| // The from KerberosTime Tag and value, if any |
| if ( from != null ) |
| { |
| buffer.put( (byte)0xA4 ); |
| buffer.put( TLV.getBytes( fromTagLength ) ); |
| buffer.put( UniversalTag.GENERALIZED_TIME_TAG ); |
| buffer.put( TLV.getBytes( fromLength ) ); |
| buffer.put( StringTools.getBytesUtf8( from.toString() ) ); |
| } |
| |
| // The till KerberosTime Tag and value, if any |
| buffer.put( (byte)0xA5 ); |
| buffer.put( TLV.getBytes( tillTagLength ) ); |
| buffer.put( UniversalTag.GENERALIZED_TIME_TAG ); |
| buffer.put( TLV.getBytes( tillLength ) ); |
| buffer.put( StringTools.getBytesUtf8( till.toString() ) ); |
| |
| // The from KerberosTime Tag and value, if any |
| if ( rTime != null ) |
| { |
| buffer.put( (byte)0xA6 ); |
| buffer.put( TLV.getBytes( rTimeTagLength ) ); |
| buffer.put( UniversalTag.GENERALIZED_TIME_TAG ); |
| buffer.put( TLV.getBytes( rTimeLength ) ); |
| buffer.put( StringTools.getBytesUtf8( rTime.toString() ) ); |
| } |
| |
| // The nonce, first the tag, then the value |
| buffer.put( ( byte ) 0xA7 ); |
| buffer.put( TLV.getBytes( nonceTagLength ) ); |
| Value.encode( buffer, nonce ); |
| |
| // The EncryptionTypes |
| if ( ( eType == null ) || ( eType.size() == 0 ) ) |
| { |
| log.error( "We should have at least one encryption type" ); |
| throw new EncoderException( "No encryptionType available" ); |
| } |
| |
| // Fisrt, the tag |
| buffer.put( (byte)0xA8 ); |
| buffer.put( TLV.getBytes( eTypeTagLength ) ); |
| |
| // Then the sequence |
| buffer.put( (byte)0x30 ); |
| buffer.put( TLV.getBytes( eTypeSeqLength ) ); |
| |
| // Now, the eTypes |
| for ( EncryptionType type:eType ) |
| { |
| Value.encode( buffer, type.getOrdinal() ); |
| } |
| |
| // The addresses |
| if ( addresses != null ) |
| { |
| buffer.put( (byte)0xA9 ); |
| buffer.put( TLV.getBytes( addressesTagLength ) ); |
| addresses.encode( buffer ); |
| } |
| |
| // The enc-authorization-data |
| if ( encAuthorizationData != null ) |
| { |
| buffer.put( (byte)0xAA ); |
| buffer.put( TLV.getBytes( encAuthorizationDataTagLength ) ); |
| encAuthorizationData.encode( buffer ); |
| } |
| |
| // The additional tickets |
| if ( additionalTickets != null ) |
| { |
| buffer.put( (byte)0xAB ); |
| buffer.put( TLV.getBytes( additionalTicketsTagLength ) ); |
| |
| buffer.put( UniversalTag.SEQUENCE_TAG ); |
| buffer.put( TLV.getBytes( additionalTicketsSeqLength ) ); |
| |
| for ( Ticket ticket:additionalTickets ) |
| { |
| ticket.encode( buffer ); |
| } |
| } |
| } |
| catch ( BufferOverflowException boe ) |
| { |
| log.error( |
| "Cannot encode the KerberosRequestBody object, the PDU size is {} when only {} bytes has been allocated", 1 |
| + TLV.getNbBytes( requestBodySeqLength ) + requestBodySeqLength, buffer.capacity() ); |
| throw new EncoderException( "The PDU buffer size is too small !" ); |
| } |
| |
| if ( IS_DEBUG ) |
| { |
| log.debug( "KerberosRequestBody encoding : {}", StringTools.dumpBytes( buffer.array() ) ); |
| log.debug( "KerberosRequestBody initial value : {}", toString() ); |
| } |
| |
| return buffer; |
| } |
| |
| /** |
| * @see Object#toString() |
| */ |
| public String toString( String tabs ) |
| { |
| return tabs + "NYI"; |
| } |
| |
| /** |
| * @see Object#toString() |
| */ |
| public String toString() |
| { |
| return toString( "" ); |
| } |
| } |