001/* 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, 013 * software distributed under the License is distributed on an 014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 015 * KIND, either express or implied. See the License for the 016 * specific language governing permissions and limitations 017 * under the License. 018 * 019 */ 020package org.apache.directory.server.kerberos.shared.crypto.encryption; 021 022 023import java.util.Arrays; 024import java.util.Collections; 025import java.util.List; 026 027import org.apache.directory.server.i18n.I18n; 028 029 030/** 031 * From RFC 4120, "The Kerberos Network Authentication Service (V5)": 032 * 033 * 7.5.1. Key Usage Numbers 034 * 035 * The encryption and checksum specifications in [RFC3961] require as 036 * input a "key usage number", to alter the encryption key used in any 037 * specific message in order to make certain types of cryptographic 038 * attack more difficult. These are the key usage values assigned in 039 * [RFC 4120]: 040 * 041 * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a> 042 */ 043public final class KeyUsage implements Comparable<KeyUsage> 044{ 045 /** 046 * AS-REQ PA-ENC-TIMESTAMP padata timestamp, encrypted with the client key (Section 5.2.7.2) 047 */ 048 public static final KeyUsage AS_REQ_PA_ENC_TIMESTAMP_WITH_CKEY = new KeyUsage( 1, I18n.err( I18n.ERR_603 ) ); 049 050 /** 051 * AS-REP Ticket and TGS-REP Ticket (includes TGS session key or application session key), encrypted with the service key (Section 5.3) 052 */ 053 public static final KeyUsage AS_OR_TGS_REP_TICKET_WITH_SRVKEY = new KeyUsage( 2, I18n.err( I18n.ERR_604 ) ); 054 055 /** 056 * AS-REP encrypted part (includes TGS session key or application session key), encrypted with the client key (Section 5.4.2) 057 */ 058 public static final KeyUsage AS_REP_ENC_PART_WITH_CKEY = new KeyUsage( 3, I18n.err( I18n.ERR_605 ) ); 059 060 /** 061 * TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the TGS session key (Section 5.4.1) 062 */ 063 public static final KeyUsage TGS_REQ_KDC_REQ_BODY_AUTHZ_DATA_ENC_WITH_TGS_SESS_KEY = new KeyUsage( 4, 064 I18n.err( I18n.ERR_606 ) ); 065 066 /** 067 * TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the TGS authenticator subkey (Section 5.4.1) 068 */ 069 public static final KeyUsage TGS_REQ_KDC_REQ_BODY_AUTHZ_DATA_ENC_WITH_AUTHNT_SUB_KEY = new KeyUsage( 5, 070 I18n.err( I18n.ERR_607 ) ); 071 072 /** 073 * TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator cksum, keyed with the TGS session key (Section 5.5.1) 074 */ 075 public static final KeyUsage TGS_REQ_PA_TGS_REQ_PADATA_AP_REQ_AUTHNT_CKSUM_TGS_SESS_KEY = new KeyUsage( 6, 076 I18n.err( I18n.ERR_608 ) ); 077 078 /** 079 * TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator (includes TGS authenticator subkey), encrypted with the TGS session key (Section 5.5.1) 080 */ 081 public static final KeyUsage TGS_REQ_PA_TGS_REQ_PADATA_AP_REQ_TGS_SESS_KEY = new KeyUsage( 7, 082 I18n.err( I18n.ERR_609 ) ); 083 084 /** 085 * TGS-REP encrypted part (includes application session key), encrypted with the TGS session key (Section 5.4.2) 086 */ 087 public static final KeyUsage TGS_REP_ENC_PART_TGS_SESS_KEY = new KeyUsage( 8, I18n.err( I18n.ERR_610 ) ); 088 089 /** 090 * TGS-REP encrypted part (includes application session key), encrypted with the TGS authenticator subkey (Section 5.4.2) 091 */ 092 public static final KeyUsage TGS_REP_ENC_PART_TGS_AUTHNT_SUB_KEY = new KeyUsage( 9, I18n.err( I18n.ERR_610 ) ); 093 094 /** 095 * AP-REQ Authenticator cksum, keyed with the application session key (Section 5.5.1) 096 */ 097 public static final KeyUsage AP_REQ_AUTHNT_CKSUM_SESS_KEY = new KeyUsage( 10, I18n.err( I18n.ERR_612 ) ); 098 099 /** 100 * AP-REQ Authenticator (includes application authenticator subkey), encrypted with the application session key (Section 5.5.1) 101 */ 102 public static final KeyUsage AP_REQ_AUTHNT_SESS_KEY = new KeyUsage( 11, I18n.err( I18n.ERR_613 ) ); 103 104 /** 105 * AP-REP encrypted part (includes application session subkey), encrypted with the application session key (Section 5.5.2) 106 */ 107 public static final KeyUsage AP_REP_ENC_PART_SESS_KEY = new KeyUsage( 12, I18n.err( I18n.ERR_614 ) ); 108 109 /** 110 * KRB-PRIV encrypted part, encrypted with a key chosen by the application (Section 5.7.1) 111 */ 112 public static final KeyUsage KRB_PRIV_ENC_PART_CHOSEN_KEY = new KeyUsage( 13, I18n.err( I18n.ERR_615 ) ); 113 114 /** 115 * These two lines are all that's necessary to export a List of VALUES. 116 */ 117 private static final KeyUsage[] values = 118 { 119 AS_REQ_PA_ENC_TIMESTAMP_WITH_CKEY, 120 AS_OR_TGS_REP_TICKET_WITH_SRVKEY, 121 AS_REP_ENC_PART_WITH_CKEY, 122 TGS_REQ_KDC_REQ_BODY_AUTHZ_DATA_ENC_WITH_TGS_SESS_KEY, 123 TGS_REQ_KDC_REQ_BODY_AUTHZ_DATA_ENC_WITH_AUTHNT_SUB_KEY, 124 TGS_REQ_PA_TGS_REQ_PADATA_AP_REQ_AUTHNT_CKSUM_TGS_SESS_KEY, 125 TGS_REQ_PA_TGS_REQ_PADATA_AP_REQ_TGS_SESS_KEY, 126 TGS_REP_ENC_PART_TGS_SESS_KEY, 127 TGS_REP_ENC_PART_TGS_AUTHNT_SUB_KEY, 128 AP_REQ_AUTHNT_CKSUM_SESS_KEY, 129 AP_REQ_AUTHNT_SESS_KEY, 130 AP_REP_ENC_PART_SESS_KEY, 131 KRB_PRIV_ENC_PART_CHOSEN_KEY }; 132 133 /** 134 * VALUES needs to be located here, otherwise illegal forward reference. 135 */ 136 public static final List<KeyUsage> VALUES = Collections.unmodifiableList( Arrays.asList( values ) ); 137 138 private final int ordinal; 139 private final String name; 140 141 142 /** 143 * Private constructor prevents construction outside of this class. 144 */ 145 private KeyUsage( int ordinal, String name ) 146 { 147 this.ordinal = ordinal; 148 this.name = name; 149 } 150 151 152 /** 153 * Returns the key usage number type when specified by its ordinal. 154 * 155 * @param type 156 * @return The key usage number type. 157 */ 158 public static KeyUsage getTypeByOrdinal( int type ) 159 { 160 for ( int ii = 0; ii < values.length; ii++ ) 161 { 162 if ( values[ii].ordinal == type ) 163 { 164 return values[ii]; 165 } 166 } 167 168 return AS_REQ_PA_ENC_TIMESTAMP_WITH_CKEY; 169 } 170 171 172 /** 173 * Returns the number associated with this key usage number. 174 * 175 * @return The key usage number 176 */ 177 public int getOrdinal() 178 { 179 return ordinal; 180 } 181 182 183 public int compareTo( KeyUsage that ) 184 { 185 return ordinal - that.ordinal; 186 } 187 188 189 public String toString() 190 { 191 return name + " (" + ordinal + ")"; 192 } 193}