Source code

001/*
002 *  Licensed to the Apache Software Foundation (ASF) under one
003 *  or more contributor license agreements.  See the NOTICE file
004 *  distributed with this work for additional information
005 *  regarding copyright ownership.  The ASF licenses this file
006 *  to you under the Apache License, Version 2.0 (the
007 *  "License"); you may not use this file except in compliance
008 *  with the License.  You may obtain a copy of the License at
009 *  
010 *    http://www.apache.org/licenses/LICENSE-2.0
011 *  
012 *  Unless required by applicable law or agreed to in writing,
013 *  software distributed under the License is distributed on an
014 *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015 *  KIND, either express or implied.  See the License for the
016 *  specific language governing permissions and limitations
017 *  under the License. 
018 *  
019 */
020package org.apache.directory.shared.kerberos.exceptions;
021
022
023import java.util.Arrays;
024import java.util.Collections;
025import java.util.List;
026
027
028/**
029 * A type-safe enumeration of Kerberos error types.
030 *
031 * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
032 */
033public final class ErrorType implements Comparable<ErrorType>
034{
035
036    // TODO Add i18n. Don't no if these error messages are also a response to the client.
037    // If so shall they really be i18n?
038
039    /**
040     * No error.
041     */
042    public static final ErrorType KDC_ERR_NONE = new ErrorType( 0, "No error" );
043
044    /**
045     * Client's entry in database has expired.
046     */
047    public static final ErrorType KDC_ERR_NAME_EXP = new ErrorType( 1, "Client's entry in database has expired" );
048
049    /**
050     * Server's entry in database has expired.
051     */
052    public static final ErrorType KDC_ERR_SERVICE_EXP = new ErrorType( 2, "Server's entry in database has expired" );
053
054    /**
055     * Requested protocol version number not supported.
056     */
057    public static final ErrorType KDC_ERR_BAD_PVNO = new ErrorType( 3,
058        "Requested protocol version number not supported" );
059
060    /**
061     * Client's key encrypted in old master key.
062     */
063    public static final ErrorType KDC_ERR_C_OLD_MAST_KVNO = new ErrorType( 4,
064        "Client's key encrypted in old master key" );
065
066    /**
067     * Server's key encrypted in old master key.
068     */
069    public static final ErrorType KDC_ERR_S_OLD_MAST_KVNO = new ErrorType( 5,
070        "Server's key encrypted in old master key" );
071
072    /**
073     * Client not found in Kerberos database.
074     */
075    public static final ErrorType KDC_ERR_C_PRINCIPAL_UNKNOWN = new ErrorType( 6,
076        "Client not found in Kerberos database" );
077
078    /**
079     * Server not found in Kerberos database.
080     */
081    public static final ErrorType KDC_ERR_S_PRINCIPAL_UNKNOWN = new ErrorType( 7,
082        "Server not found in Kerberos database" );
083
084    /**
085     * Multiple principal entries in database.
086     */
087    public static final ErrorType KDC_ERR_PRINCIPAL_NOT_UNIQUE = new ErrorType( 8,
088        "Multiple principal entries in database" );
089
090    /**
091     * The client or server has a null key.
092     */
093    public static final ErrorType KDC_ERR_NULL_KEY = new ErrorType( 9, "The client or server has a null key" );
094
095    /**
096     * Ticket not eligible for postdating.
097     */
098    public static final ErrorType KDC_ERR_CANNOT_POSTDATE = new ErrorType( 10, "Ticket not eligible for postdating" );
099
100    /**
101     * Requested start time is later than end time.
102     */
103    public static final ErrorType KDC_ERR_NEVER_VALID = new ErrorType( 11,
104        "Requested start time is later than end time" );
105
106    /**
107     * KDC policy rejects request.
108     */
109    public static final ErrorType KDC_ERR_POLICY = new ErrorType( 12, "KDC policy rejects request" );
110
111    /**
112     * KDC cannot accommodate requested option.
113     */
114    public static final ErrorType KDC_ERR_BADOPTION = new ErrorType( 13, "KDC cannot accommodate requested option" );
115
116    /**
117     * KDC has no support for encryption type.
118     */
119    public static final ErrorType KDC_ERR_ETYPE_NOSUPP = new ErrorType( 14, "KDC has no support for encryption type" );
120
121    /**
122     * KDC has no support for checksum type.
123     */
124    public static final ErrorType KDC_ERR_SUMTYPE_NOSUPP = new ErrorType( 15, "KDC has no support for checksum type" );
125
126    /**
127     * KDC has no support for padata type.
128     */
129    public static final ErrorType KDC_ERR_PADATA_TYPE_NOSUPP = new ErrorType( 16, "KDC has no support for padata type" );
130
131    /**
132     * KDC has no support for transited type.
133     */
134    public static final ErrorType KDC_ERR_TRTYPE_NOSUPP = new ErrorType( 17, "KDC has no support for transited type" );
135
136    /**
137     * Clients credentials have been revoked.
138     */
139    public static final ErrorType KDC_ERR_CLIENT_REVOKED = new ErrorType( 18, "Clients credentials have been revoked" );
140
141    /**
142     * Credentials for server have been revoked.
143     */
144    public static final ErrorType KDC_ERR_SERVICE_REVOKED = new ErrorType( 19,
145        "Credentials for server have been revoked" );
146
147    /**
148     * TGT has been revoked.
149     */
150    public static final ErrorType KDC_ERR_TGT_REVOKED = new ErrorType( 20, "TGT has been revoked" );
151
152    /**
153     * Client not yet valid; try again later.
154     */
155    public static final ErrorType KDC_ERR_CLIENT_NOTYET = new ErrorType( 21, "Client not yet valid; try again later" );
156
157    /**
158     * Server not yet valid; try again later.
159     */
160    public static final ErrorType KDC_ERR_SERVICE_NOTYET = new ErrorType( 22, "Server not yet valid; try again later" );
161
162    /**
163     * Password has expired; change password to reset.
164     */
165    public static final ErrorType KDC_ERR_KEY_EXPIRED = new ErrorType( 23,
166        "Password has expired; change password to reset" );
167
168    /**
169     * Pre-authentication information was invalid.
170     */
171    public static final ErrorType KDC_ERR_PREAUTH_FAILED = new ErrorType( 24,
172        "Pre-authentication information was invalid" );
173
174    /**
175     * Additional pre-authentication required.
176     */
177    public static final ErrorType KDC_ERR_PREAUTH_REQUIRED = new ErrorType( 25,
178        "Additional pre-authentication required" );
179
180    /**
181     * Requested server and ticket don't match.
182     */
183    public static final ErrorType KDC_ERR_SERVER_NOMATCH = new ErrorType( 26, "Requested server and ticket don't match" );
184
185    /**
186     * Server valid for user2user only.
187     */
188    public static final ErrorType KDC_ERR_MUST_USE_USER2USER = new ErrorType( 27, "Server valid for user2user only" );
189
190    /**
191     * KDC Policy rejects transited path.
192     */
193    public static final ErrorType KDC_ERR_PATH_NOT_ACCEPTED = new ErrorType( 28, "KDC Policy rejects transited path" );
194
195    /**
196     * A service is not available.
197     */
198    public static final ErrorType KDC_ERR_SVC_UNAVAILABLE = new ErrorType( 29, "A service is not available" );
199
200    /**
201     * Integrity check on decrypted field failed.
202     */
203    public static final ErrorType KRB_AP_ERR_BAD_INTEGRITY = new ErrorType( 31,
204        "Integrity check on decrypted field failed" );
205
206    /**
207     * Ticket expired.
208     */
209    public static final ErrorType KRB_AP_ERR_TKT_EXPIRED = new ErrorType( 32, "Ticket expired" );
210
211    /**
212     * Ticket not yet valid.
213     */
214    public static final ErrorType KRB_AP_ERR_TKT_NYV = new ErrorType( 33, "Ticket not yet valid" );
215
216    /**
217     * Request is a replay.
218     */
219    public static final ErrorType KRB_AP_ERR_REPEAT = new ErrorType( 34, "Request is a replay" );
220
221    /**
222     * The ticket isn't for us.
223     */
224    public static final ErrorType KRB_AP_ERR_NOT_US = new ErrorType( 35, "The ticket isn't for us" );
225
226    /**
227     * Ticket and authenticator don't match.
228     */
229    public static final ErrorType KRB_AP_ERR_BADMATCH = new ErrorType( 36, "Ticket and authenticator don't match" );
230
231    /**
232     * Clock skew too great.
233     */
234    public static final ErrorType KRB_AP_ERR_SKEW = new ErrorType( 37, "Clock skew too great" );
235
236    /**
237     * Incorrect net address.
238     */
239    public static final ErrorType KRB_AP_ERR_BADADDR = new ErrorType( 38, "Incorrect net address" );
240
241    /**
242     * Protocol version mismatch.
243     */
244    public static final ErrorType KRB_AP_ERR_BADVERSION = new ErrorType( 39, "Protocol version mismatch" );
245
246    /**
247     * Invalid msg type.
248     */
249    public static final ErrorType KRB_AP_ERR_MSG_TYPE = new ErrorType( 40, "Invalid msg type" );
250
251    /**
252     * Message stream modified.
253     */
254    public static final ErrorType KRB_AP_ERR_MODIFIED = new ErrorType( 41, "Message stream modified" );
255
256    /**
257     * Message out of order.
258     */
259    public static final ErrorType KRB_AP_ERR_BADORDER = new ErrorType( 42, "Message out of order" );
260
261    /**
262     * Specified version of key is not available.
263     */
264    public static final ErrorType KRB_AP_ERR_BADKEYVER = new ErrorType( 44, "Specified version of key is not available" );
265
266    /**
267     * Service key not available.
268     */
269    public static final ErrorType KRB_AP_ERR_NOKEY = new ErrorType( 45, "Service key not available" );
270
271    /**
272     * Mutual authentication failed.
273     */
274    public static final ErrorType KRB_AP_ERR_MUT_FAIL = new ErrorType( 46, "Mutual authentication failed" );
275
276    /**
277     * Incorrect message direction.
278     */
279    public static final ErrorType KRB_AP_ERR_BADDIRECTION = new ErrorType( 47, "Incorrect message direction" );
280
281    /**
282     * Alternative authentication method required.
283     */
284    public static final ErrorType KRB_AP_ERR_METHOD = new ErrorType( 48, "Alternative authentication method required" );
285
286    /**
287     * Incorrect sequence number in message.
288     */
289    public static final ErrorType KRB_AP_ERR_BADSEQ = new ErrorType( 49, "Incorrect sequence number in message" );
290
291    /**
292     * Inappropriate type of checksum in message.
293     */
294    public static final ErrorType KRB_AP_ERR_INAPP_CKSUM = new ErrorType( 50,
295        "Inappropriate type of checksum in message" );
296
297    /**
298     * Policy rejects transited path.
299     */
300    public static final ErrorType KRB_AP_PATH_NOT_ACCEPTED = new ErrorType( 51, "Policy rejects transited path" );
301
302    /**
303     * Response too big for UDP; retry with TCP.
304     */
305    public static final ErrorType KRB_ERR_RESPONSE_TOO_BIG = new ErrorType( 52,
306        "Response too big for UDP; retry with TCP" );
307
308    /**
309     * Generic error (description in e-text).
310     */
311    public static final ErrorType KRB_ERR_GENERIC = new ErrorType( 60, "Generic error (description in e-text)" );
312
313    /**
314     * Field is too long for this implementation.
315     */
316    public static final ErrorType KRB_ERR_FIELD_TOOLONG = new ErrorType( 61,
317        "Field is too long for this implementation" );
318
319    /**
320     * Client is not trusted.
321     */
322    public static final ErrorType KDC_ERR_CLIENT_NOT_TRUSTED = new ErrorType( 62, "Client is not trusted" );
323
324    /**
325     * KDC is not trusted.
326     */
327    public static final ErrorType KRB_ERR_KDC_NOT_TRUSTED = new ErrorType( 63, "KDC is not trusted" );
328
329    /**
330     * Signature is invalid.
331     */
332    public static final ErrorType KDC_ERR_INVALID_SIG = new ErrorType( 64, "Signature is invalid" );
333
334    /**
335     * Diffie-Hellman (DH) key parameters not accepted.
336     */
337    public static final ErrorType KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED = new ErrorType( 65,
338        "Diffie-Hellman (DH) key parameters not accepted." );
339
340    /**
341     * Certificates do not match.
342     */
343    public static final ErrorType KRB_ERR_CERTIFICATE_MISMATCH = new ErrorType( 66, "Certificates do not match" );
344
345    /**
346     * No TGT available to validate USER-TO-USER.
347     */
348    public static final ErrorType KRB_AP_ERR_NO_TGT = new ErrorType( 67, "No TGT available to validate USER-TO-USER" );
349
350    /**
351     * Wrong realm.
352     */
353    public static final ErrorType KRB_ERR_WRONG_REALM = new ErrorType( 68, "Wrong realm" );
354
355    /**
356     * Ticket must be for USER-TO-USER.
357     */
358    public static final ErrorType KRB_AP_ERR_USER_TO_USER_REQUIRED = new ErrorType( 69,
359        "Ticket must be for USER-TO-USER" );
360
361    /**
362     * Can't verify certificate.
363     */
364    public static final ErrorType KDC_ERR_CANT_VERIFY_CERTIFICATE = new ErrorType( 70, "Can't verify certificate" );
365
366    /**
367     * Invalid certificate.
368     */
369    public static final ErrorType KDC_ERR_INVALID_CERTIFICATE = new ErrorType( 71, "Invalid certificate" );
370
371    /**
372     * Revoked certificate.
373     */
374    public static final ErrorType KDC_ERR_REVOKED_CERTIFICATE = new ErrorType( 72, "Revoked certificate" );
375
376    /**
377     * Revocation status unknown.
378     */
379    public static final ErrorType KDC_ERR_REVOCATION_STATUS_UNKNOWN = new ErrorType( 73, "Revocation status unknown" );
380
381    /**
382     * Revocation status unavailable.
383     */
384    public static final ErrorType KRB_ERR_REVOCATION_STATUS_UNAVAILABLE = new ErrorType( 74,
385        "Revocation status unavailable" );
386
387    /**
388     * Client names do not match.
389     */
390    public static final ErrorType KDC_ERR_CLIENT_NAME_MISMATCH = new ErrorType( 75, "Client names do not match" );
391
392    /**
393     * KDC names do not match.
394     */
395    public static final ErrorType KRB_ERR_KDC_NAME_MISMATCH = new ErrorType( 76, "KDC names do not match" );
396
397    /**
398     * Inconsistent key purpose.
399     */
400    public static final ErrorType KDC_ERR_INCONSISTENT_KEY_PURPOSE = new ErrorType( 77, "Inconsistent key purpose" );
401
402    /**
403     * Digest in certificate not accepted.
404     */
405    public static final ErrorType KDC_ERR_DIGEST_IN_CERT_NOT_ACCEPTED = new ErrorType( 78,
406        "Digest in certificate not accepted" );
407
408    /**
409     * PA checksum must be included.
410     */
411    public static final ErrorType KDC_ERR_PA_CHECKSUM_MUST_BE_INCLUDED = new ErrorType( 79,
412        "PA checksum must be included" );
413
414    /**
415     * Digest in signed data not accepted.
416     */
417    public static final ErrorType KDC_ERR_DIGEST_IN_SIGNED_DATA_NOT_ACCEPTED = new ErrorType( 80,
418        "Digest in signed data not accepted" );
419
420    /**
421     * Public key encryption not supported.
422     */
423    public static final ErrorType KDC_ERR_PUBLIC_KEY_ENCRYPTION_NOT_SUPPORTED = new ErrorType( 81,
424        "Public key encryption not supported" );
425
426    /**
427     * Array for building a List of VALUES.
428     */
429    private static final ErrorType[] values =
430        { KDC_ERR_NONE, KDC_ERR_NAME_EXP, KDC_ERR_SERVICE_EXP, KDC_ERR_BAD_PVNO, KDC_ERR_C_OLD_MAST_KVNO,
431            KDC_ERR_S_OLD_MAST_KVNO, KDC_ERR_C_PRINCIPAL_UNKNOWN, KDC_ERR_S_PRINCIPAL_UNKNOWN,
432            KDC_ERR_PRINCIPAL_NOT_UNIQUE, KDC_ERR_NULL_KEY, KDC_ERR_CANNOT_POSTDATE, KDC_ERR_NEVER_VALID,
433            KDC_ERR_POLICY, KDC_ERR_BADOPTION, KDC_ERR_ETYPE_NOSUPP, KDC_ERR_SUMTYPE_NOSUPP,
434            KDC_ERR_PADATA_TYPE_NOSUPP, KDC_ERR_TRTYPE_NOSUPP, KDC_ERR_CLIENT_REVOKED, KDC_ERR_SERVICE_REVOKED,
435            KDC_ERR_TGT_REVOKED, KDC_ERR_CLIENT_NOTYET, KDC_ERR_SERVICE_NOTYET, KDC_ERR_KEY_EXPIRED,
436            KDC_ERR_PREAUTH_FAILED, KDC_ERR_PREAUTH_REQUIRED, KDC_ERR_SERVER_NOMATCH, KDC_ERR_MUST_USE_USER2USER,
437            KDC_ERR_PATH_NOT_ACCEPTED, KDC_ERR_SVC_UNAVAILABLE, KRB_AP_ERR_BAD_INTEGRITY, KRB_AP_ERR_TKT_EXPIRED,
438            KRB_AP_ERR_TKT_NYV, KRB_AP_ERR_REPEAT, KRB_AP_ERR_NOT_US, KRB_AP_ERR_BADMATCH, KRB_AP_ERR_SKEW,
439            KRB_AP_ERR_BADADDR, KRB_AP_ERR_BADVERSION, KRB_AP_ERR_MSG_TYPE, KRB_AP_ERR_MODIFIED, KRB_AP_ERR_BADORDER,
440            KRB_AP_ERR_BADKEYVER, KRB_AP_ERR_NOKEY, KRB_AP_ERR_MUT_FAIL, KRB_AP_ERR_BADDIRECTION, KRB_AP_ERR_METHOD,
441            KRB_AP_ERR_BADSEQ, KRB_AP_ERR_INAPP_CKSUM, KRB_AP_PATH_NOT_ACCEPTED, KRB_ERR_RESPONSE_TOO_BIG,
442            KRB_ERR_GENERIC, KRB_ERR_FIELD_TOOLONG, KDC_ERR_CLIENT_NOT_TRUSTED, KRB_ERR_KDC_NOT_TRUSTED,
443            KDC_ERR_INVALID_SIG, KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED, KRB_ERR_CERTIFICATE_MISMATCH,
444            KRB_AP_ERR_NO_TGT, KRB_ERR_WRONG_REALM, KRB_AP_ERR_USER_TO_USER_REQUIRED, KDC_ERR_CANT_VERIFY_CERTIFICATE,
445            KDC_ERR_INVALID_CERTIFICATE, KDC_ERR_REVOKED_CERTIFICATE, KDC_ERR_REVOCATION_STATUS_UNKNOWN,
446            KRB_ERR_REVOCATION_STATUS_UNAVAILABLE, KDC_ERR_CLIENT_NAME_MISMATCH, KRB_ERR_KDC_NAME_MISMATCH,
447            KDC_ERR_INCONSISTENT_KEY_PURPOSE, KDC_ERR_DIGEST_IN_CERT_NOT_ACCEPTED,
448            KDC_ERR_PA_CHECKSUM_MUST_BE_INCLUDED, KDC_ERR_DIGEST_IN_SIGNED_DATA_NOT_ACCEPTED,
449            KDC_ERR_PUBLIC_KEY_ENCRYPTION_NOT_SUPPORTED };
450
451    /**
452     * A List of all the error type constants.
453     */
454    public static final List<ErrorType> VALUES = Collections.unmodifiableList( Arrays.asList( values ) );
455
456    /**
457     * The name of the error type.
458     */
459    private final String name;
460
461    /**
462     * The value/code for the error type.
463     */
464    private final int value;
465
466
467    /**
468     * Private constructor prevents construction outside of this class.
469     */
470    private ErrorType( int value, String name )
471    {
472        this.value = value;
473        this.name = name;
474    }
475
476
477    /**
478     * Returns the message for this Kerberos error.
479     *
480     * @return the message for this Kerberos error.
481     */
482    public String getMessage()
483    {
484        return name;
485    }
486
487
488    /**
489     * Returns the message for this Kerberos error.
490     *
491     * @return the message for this Kerberos error.
492     */
493    public String toString()
494    {
495        return name;
496    }
497
498
499    /**
500     * Compares this type to another object hopefully one that is of the same
501     * type.
502     *
503     * @param that the object to compare this KerberosError to
504     * @return value - ( ( KerberosError ) that ).ordinal;
505     */
506    public int compareTo( ErrorType that )
507    {
508        return value - that.value;
509    }
510
511
512    /**
513     * Gets the value by its value value.
514     *
515     * @param ordinal the value value of the value
516     * @return the type corresponding to the value value
517     */
518    public static ErrorType getTypeByValue( int ordinal )
519    {
520        for ( int ii = 0; ii < values.length; ii++ )
521        {
522            if ( values[ii].value == ordinal )
523            {
524                return values[ii];
525            }
526        }
527
528        return KRB_ERR_GENERIC;
529    }
530
531
532    /**
533     * Gets the value value associated with this Kerberos error.
534     *
535     * @return the value value associated with this Kerberos error
536     */
537    public int getValue()
538    {
539        return value;
540    }
541}