Source code

001/*
002 *  Licensed to the Apache Software Foundation (ASF) under one
003 *  or more contributor license agreements.  See the NOTICE file
004 *  distributed with this work for additional information
005 *  regarding copyright ownership.  The ASF licenses this file
006 *  to you under the Apache License, Version 2.0 (the
007 *  "License"); you may not use this file except in compliance
008 *  with the License.  You may obtain a copy of the License at
009 *  
010 *    http://www.apache.org/licenses/LICENSE-2.0
011 *  
012 *  Unless required by applicable law or agreed to in writing,
013 *  software distributed under the License is distributed on an
014 *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015 *  KIND, either express or implied.  See the License for the
016 *  specific language governing permissions and limitations
017 *  under the License. 
018 *  
019 */
020package org.apache.directory.server.kerberos.shared.crypto.encryption;
021
022
023import java.util.Arrays;
024import java.util.Collections;
025import java.util.List;
026
027import org.apache.directory.server.i18n.I18n;
028
029
030/**
031 * From RFC 4120, "The Kerberos Network Authentication Service (V5)":
032 * 
033 * 7.5.1.  Key Usage Numbers
034 * 
035 * The encryption and checksum specifications in [RFC3961] require as
036 * input a "key usage number", to alter the encryption key used in any
037 * specific message in order to make certain types of cryptographic
038 * attack more difficult.  These are the key usage values assigned in
039 * [RFC 4120]:
040 * 
041 * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
042 */
043public final class KeyUsage implements Comparable<KeyUsage>
044{
045    /**
046     * AS-REQ PA-ENC-TIMESTAMP padata timestamp, encrypted with the client key (Section 5.2.7.2)
047     */
048    public static final KeyUsage AS_REQ_PA_ENC_TIMESTAMP_WITH_CKEY = new KeyUsage( 1, I18n.err( I18n.ERR_603 ) );
049
050    /**
051     * AS-REP Ticket and TGS-REP Ticket (includes TGS session key or application session key), encrypted with the service key (Section 5.3)
052     */
053    public static final KeyUsage AS_OR_TGS_REP_TICKET_WITH_SRVKEY = new KeyUsage( 2, I18n.err( I18n.ERR_604 ) );
054
055    /**
056     * AS-REP encrypted part (includes TGS session key or application session key), encrypted with the client key (Section 5.4.2)
057     */
058    public static final KeyUsage AS_REP_ENC_PART_WITH_CKEY = new KeyUsage( 3, I18n.err( I18n.ERR_605 ) );
059
060    /**
061     * TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the TGS session key (Section 5.4.1)
062     */
063    public static final KeyUsage TGS_REQ_KDC_REQ_BODY_AUTHZ_DATA_ENC_WITH_TGS_SESS_KEY = new KeyUsage( 4,
064        I18n.err( I18n.ERR_606 ) );
065
066    /**
067     * TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the TGS authenticator subkey (Section 5.4.1)
068     */
069    public static final KeyUsage TGS_REQ_KDC_REQ_BODY_AUTHZ_DATA_ENC_WITH_AUTHNT_SUB_KEY = new KeyUsage( 5,
070        I18n.err( I18n.ERR_607 ) );
071
072    /**
073     * TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator cksum, keyed with the TGS session key (Section 5.5.1)
074     */
075    public static final KeyUsage TGS_REQ_PA_TGS_REQ_PADATA_AP_REQ_AUTHNT_CKSUM_TGS_SESS_KEY = new KeyUsage( 6,
076        I18n.err( I18n.ERR_608 ) );
077
078    /**
079     * TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator (includes TGS authenticator subkey), encrypted with the TGS session key (Section 5.5.1)
080     */
081    public static final KeyUsage TGS_REQ_PA_TGS_REQ_PADATA_AP_REQ_TGS_SESS_KEY = new KeyUsage( 7,
082        I18n.err( I18n.ERR_609 ) );
083
084    /**
085     * TGS-REP encrypted part (includes application session key), encrypted with the TGS session key (Section 5.4.2)
086     */
087    public static final KeyUsage TGS_REP_ENC_PART_TGS_SESS_KEY = new KeyUsage( 8, I18n.err( I18n.ERR_610 ) );
088
089    /**
090     * TGS-REP encrypted part (includes application session key), encrypted with the TGS authenticator subkey (Section 5.4.2)
091     */
092    public static final KeyUsage TGS_REP_ENC_PART_TGS_AUTHNT_SUB_KEY = new KeyUsage( 9, I18n.err( I18n.ERR_610 ) );
093
094    /**
095     * AP-REQ Authenticator cksum, keyed with the application session key (Section 5.5.1)
096     */
097    public static final KeyUsage AP_REQ_AUTHNT_CKSUM_SESS_KEY = new KeyUsage( 10, I18n.err( I18n.ERR_612 ) );
098
099    /**
100     * AP-REQ Authenticator (includes application authenticator subkey), encrypted with the application session key (Section 5.5.1)
101     */
102    public static final KeyUsage AP_REQ_AUTHNT_SESS_KEY = new KeyUsage( 11, I18n.err( I18n.ERR_613 ) );
103
104    /**
105     * AP-REP encrypted part (includes application session subkey), encrypted with the application session key (Section 5.5.2)
106     */
107    public static final KeyUsage AP_REP_ENC_PART_SESS_KEY = new KeyUsage( 12, I18n.err( I18n.ERR_614 ) );
108
109    /**
110     * KRB-PRIV encrypted part, encrypted with a key chosen by the application (Section 5.7.1)
111     */
112    public static final KeyUsage KRB_PRIV_ENC_PART_CHOSEN_KEY = new KeyUsage( 13, I18n.err( I18n.ERR_615 ) );
113
114    /**
115     * These two lines are all that's necessary to export a List of VALUES.
116     */
117    private static final KeyUsage[] values =
118        {
119            AS_REQ_PA_ENC_TIMESTAMP_WITH_CKEY,
120            AS_OR_TGS_REP_TICKET_WITH_SRVKEY,
121            AS_REP_ENC_PART_WITH_CKEY,
122            TGS_REQ_KDC_REQ_BODY_AUTHZ_DATA_ENC_WITH_TGS_SESS_KEY,
123            TGS_REQ_KDC_REQ_BODY_AUTHZ_DATA_ENC_WITH_AUTHNT_SUB_KEY,
124            TGS_REQ_PA_TGS_REQ_PADATA_AP_REQ_AUTHNT_CKSUM_TGS_SESS_KEY,
125            TGS_REQ_PA_TGS_REQ_PADATA_AP_REQ_TGS_SESS_KEY,
126            TGS_REP_ENC_PART_TGS_SESS_KEY,
127            TGS_REP_ENC_PART_TGS_AUTHNT_SUB_KEY,
128            AP_REQ_AUTHNT_CKSUM_SESS_KEY,
129            AP_REQ_AUTHNT_SESS_KEY,
130            AP_REP_ENC_PART_SESS_KEY,
131            KRB_PRIV_ENC_PART_CHOSEN_KEY };
132
133    /**
134     * VALUES needs to be located here, otherwise illegal forward reference.
135     */
136    public static final List<KeyUsage> VALUES = Collections.unmodifiableList( Arrays.asList( values ) );
137
138    private final int ordinal;
139    private final String name;
140
141
142    /**
143     * Private constructor prevents construction outside of this class.
144     */
145    private KeyUsage( int ordinal, String name )
146    {
147        this.ordinal = ordinal;
148        this.name = name;
149    }
150
151
152    /**
153     * Returns the key usage number type when specified by its ordinal.
154     *
155     * @param type
156     * @return The key usage number type.
157     */
158    public static KeyUsage getTypeByOrdinal( int type )
159    {
160        for ( int ii = 0; ii < values.length; ii++ )
161        {
162            if ( values[ii].ordinal == type )
163            {
164                return values[ii];
165            }
166        }
167
168        return AS_REQ_PA_ENC_TIMESTAMP_WITH_CKEY;
169    }
170
171
172    /**
173     * Returns the number associated with this key usage number.
174     *
175     * @return The key usage number
176     */
177    public int getOrdinal()
178    {
179        return ordinal;
180    }
181
182
183    public int compareTo( KeyUsage that )
184    {
185        return ordinal - that.ordinal;
186    }
187
188
189    public String toString()
190    {
191        return name + " (" + ordinal + ")";
192    }
193}