001/* 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, 013 * software distributed under the License is distributed on an 014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 015 * KIND, either express or implied. See the License for the 016 * specific language governing permissions and limitations 017 * under the License. 018 * 019 */ 020package org.apache.directory.shared.kerberos.exceptions; 021 022 023import java.util.Arrays; 024import java.util.Collections; 025import java.util.List; 026 027 028/** 029 * A type-safe enumeration of Kerberos error types. 030 * 031 * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a> 032 */ 033public final class ErrorType implements Comparable<ErrorType> 034{ 035 036 // TODO Add i18n. Don't no if these error messages are also a response to the client. 037 // If so shall they really be i18n? 038 039 /** 040 * No error. 041 */ 042 public static final ErrorType KDC_ERR_NONE = new ErrorType( 0, "No error" ); 043 044 /** 045 * Client's entry in database has expired. 046 */ 047 public static final ErrorType KDC_ERR_NAME_EXP = new ErrorType( 1, "Client's entry in database has expired" ); 048 049 /** 050 * Server's entry in database has expired. 051 */ 052 public static final ErrorType KDC_ERR_SERVICE_EXP = new ErrorType( 2, "Server's entry in database has expired" ); 053 054 /** 055 * Requested protocol version number not supported. 056 */ 057 public static final ErrorType KDC_ERR_BAD_PVNO = new ErrorType( 3, 058 "Requested protocol version number not supported" ); 059 060 /** 061 * Client's key encrypted in old master key. 062 */ 063 public static final ErrorType KDC_ERR_C_OLD_MAST_KVNO = new ErrorType( 4, 064 "Client's key encrypted in old master key" ); 065 066 /** 067 * Server's key encrypted in old master key. 068 */ 069 public static final ErrorType KDC_ERR_S_OLD_MAST_KVNO = new ErrorType( 5, 070 "Server's key encrypted in old master key" ); 071 072 /** 073 * Client not found in Kerberos database. 074 */ 075 public static final ErrorType KDC_ERR_C_PRINCIPAL_UNKNOWN = new ErrorType( 6, 076 "Client not found in Kerberos database" ); 077 078 /** 079 * Server not found in Kerberos database. 080 */ 081 public static final ErrorType KDC_ERR_S_PRINCIPAL_UNKNOWN = new ErrorType( 7, 082 "Server not found in Kerberos database" ); 083 084 /** 085 * Multiple principal entries in database. 086 */ 087 public static final ErrorType KDC_ERR_PRINCIPAL_NOT_UNIQUE = new ErrorType( 8, 088 "Multiple principal entries in database" ); 089 090 /** 091 * The client or server has a null key. 092 */ 093 public static final ErrorType KDC_ERR_NULL_KEY = new ErrorType( 9, "The client or server has a null key" ); 094 095 /** 096 * Ticket not eligible for postdating. 097 */ 098 public static final ErrorType KDC_ERR_CANNOT_POSTDATE = new ErrorType( 10, "Ticket not eligible for postdating" ); 099 100 /** 101 * Requested start time is later than end time. 102 */ 103 public static final ErrorType KDC_ERR_NEVER_VALID = new ErrorType( 11, 104 "Requested start time is later than end time" ); 105 106 /** 107 * KDC policy rejects request. 108 */ 109 public static final ErrorType KDC_ERR_POLICY = new ErrorType( 12, "KDC policy rejects request" ); 110 111 /** 112 * KDC cannot accommodate requested option. 113 */ 114 public static final ErrorType KDC_ERR_BADOPTION = new ErrorType( 13, "KDC cannot accommodate requested option" ); 115 116 /** 117 * KDC has no support for encryption type. 118 */ 119 public static final ErrorType KDC_ERR_ETYPE_NOSUPP = new ErrorType( 14, "KDC has no support for encryption type" ); 120 121 /** 122 * KDC has no support for checksum type. 123 */ 124 public static final ErrorType KDC_ERR_SUMTYPE_NOSUPP = new ErrorType( 15, "KDC has no support for checksum type" ); 125 126 /** 127 * KDC has no support for padata type. 128 */ 129 public static final ErrorType KDC_ERR_PADATA_TYPE_NOSUPP = new ErrorType( 16, "KDC has no support for padata type" ); 130 131 /** 132 * KDC has no support for transited type. 133 */ 134 public static final ErrorType KDC_ERR_TRTYPE_NOSUPP = new ErrorType( 17, "KDC has no support for transited type" ); 135 136 /** 137 * Clients credentials have been revoked. 138 */ 139 public static final ErrorType KDC_ERR_CLIENT_REVOKED = new ErrorType( 18, "Clients credentials have been revoked" ); 140 141 /** 142 * Credentials for server have been revoked. 143 */ 144 public static final ErrorType KDC_ERR_SERVICE_REVOKED = new ErrorType( 19, 145 "Credentials for server have been revoked" ); 146 147 /** 148 * TGT has been revoked. 149 */ 150 public static final ErrorType KDC_ERR_TGT_REVOKED = new ErrorType( 20, "TGT has been revoked" ); 151 152 /** 153 * Client not yet valid; try again later. 154 */ 155 public static final ErrorType KDC_ERR_CLIENT_NOTYET = new ErrorType( 21, "Client not yet valid; try again later" ); 156 157 /** 158 * Server not yet valid; try again later. 159 */ 160 public static final ErrorType KDC_ERR_SERVICE_NOTYET = new ErrorType( 22, "Server not yet valid; try again later" ); 161 162 /** 163 * Password has expired; change password to reset. 164 */ 165 public static final ErrorType KDC_ERR_KEY_EXPIRED = new ErrorType( 23, 166 "Password has expired; change password to reset" ); 167 168 /** 169 * Pre-authentication information was invalid. 170 */ 171 public static final ErrorType KDC_ERR_PREAUTH_FAILED = new ErrorType( 24, 172 "Pre-authentication information was invalid" ); 173 174 /** 175 * Additional pre-authentication required. 176 */ 177 public static final ErrorType KDC_ERR_PREAUTH_REQUIRED = new ErrorType( 25, 178 "Additional pre-authentication required" ); 179 180 /** 181 * Requested server and ticket don't match. 182 */ 183 public static final ErrorType KDC_ERR_SERVER_NOMATCH = new ErrorType( 26, "Requested server and ticket don't match" ); 184 185 /** 186 * Server valid for user2user only. 187 */ 188 public static final ErrorType KDC_ERR_MUST_USE_USER2USER = new ErrorType( 27, "Server valid for user2user only" ); 189 190 /** 191 * KDC Policy rejects transited path. 192 */ 193 public static final ErrorType KDC_ERR_PATH_NOT_ACCEPTED = new ErrorType( 28, "KDC Policy rejects transited path" ); 194 195 /** 196 * A service is not available. 197 */ 198 public static final ErrorType KDC_ERR_SVC_UNAVAILABLE = new ErrorType( 29, "A service is not available" ); 199 200 /** 201 * Integrity check on decrypted field failed. 202 */ 203 public static final ErrorType KRB_AP_ERR_BAD_INTEGRITY = new ErrorType( 31, 204 "Integrity check on decrypted field failed" ); 205 206 /** 207 * Ticket expired. 208 */ 209 public static final ErrorType KRB_AP_ERR_TKT_EXPIRED = new ErrorType( 32, "Ticket expired" ); 210 211 /** 212 * Ticket not yet valid. 213 */ 214 public static final ErrorType KRB_AP_ERR_TKT_NYV = new ErrorType( 33, "Ticket not yet valid" ); 215 216 /** 217 * Request is a replay. 218 */ 219 public static final ErrorType KRB_AP_ERR_REPEAT = new ErrorType( 34, "Request is a replay" ); 220 221 /** 222 * The ticket isn't for us. 223 */ 224 public static final ErrorType KRB_AP_ERR_NOT_US = new ErrorType( 35, "The ticket isn't for us" ); 225 226 /** 227 * Ticket and authenticator don't match. 228 */ 229 public static final ErrorType KRB_AP_ERR_BADMATCH = new ErrorType( 36, "Ticket and authenticator don't match" ); 230 231 /** 232 * Clock skew too great. 233 */ 234 public static final ErrorType KRB_AP_ERR_SKEW = new ErrorType( 37, "Clock skew too great" ); 235 236 /** 237 * Incorrect net address. 238 */ 239 public static final ErrorType KRB_AP_ERR_BADADDR = new ErrorType( 38, "Incorrect net address" ); 240 241 /** 242 * Protocol version mismatch. 243 */ 244 public static final ErrorType KRB_AP_ERR_BADVERSION = new ErrorType( 39, "Protocol version mismatch" ); 245 246 /** 247 * Invalid msg type. 248 */ 249 public static final ErrorType KRB_AP_ERR_MSG_TYPE = new ErrorType( 40, "Invalid msg type" ); 250 251 /** 252 * Message stream modified. 253 */ 254 public static final ErrorType KRB_AP_ERR_MODIFIED = new ErrorType( 41, "Message stream modified" ); 255 256 /** 257 * Message out of order. 258 */ 259 public static final ErrorType KRB_AP_ERR_BADORDER = new ErrorType( 42, "Message out of order" ); 260 261 /** 262 * Specified version of key is not available. 263 */ 264 public static final ErrorType KRB_AP_ERR_BADKEYVER = new ErrorType( 44, "Specified version of key is not available" ); 265 266 /** 267 * Service key not available. 268 */ 269 public static final ErrorType KRB_AP_ERR_NOKEY = new ErrorType( 45, "Service key not available" ); 270 271 /** 272 * Mutual authentication failed. 273 */ 274 public static final ErrorType KRB_AP_ERR_MUT_FAIL = new ErrorType( 46, "Mutual authentication failed" ); 275 276 /** 277 * Incorrect message direction. 278 */ 279 public static final ErrorType KRB_AP_ERR_BADDIRECTION = new ErrorType( 47, "Incorrect message direction" ); 280 281 /** 282 * Alternative authentication method required. 283 */ 284 public static final ErrorType KRB_AP_ERR_METHOD = new ErrorType( 48, "Alternative authentication method required" ); 285 286 /** 287 * Incorrect sequence number in message. 288 */ 289 public static final ErrorType KRB_AP_ERR_BADSEQ = new ErrorType( 49, "Incorrect sequence number in message" ); 290 291 /** 292 * Inappropriate type of checksum in message. 293 */ 294 public static final ErrorType KRB_AP_ERR_INAPP_CKSUM = new ErrorType( 50, 295 "Inappropriate type of checksum in message" ); 296 297 /** 298 * Policy rejects transited path. 299 */ 300 public static final ErrorType KRB_AP_PATH_NOT_ACCEPTED = new ErrorType( 51, "Policy rejects transited path" ); 301 302 /** 303 * Response too big for UDP; retry with TCP. 304 */ 305 public static final ErrorType KRB_ERR_RESPONSE_TOO_BIG = new ErrorType( 52, 306 "Response too big for UDP; retry with TCP" ); 307 308 /** 309 * Generic error (description in e-text). 310 */ 311 public static final ErrorType KRB_ERR_GENERIC = new ErrorType( 60, "Generic error (description in e-text)" ); 312 313 /** 314 * Field is too long for this implementation. 315 */ 316 public static final ErrorType KRB_ERR_FIELD_TOOLONG = new ErrorType( 61, 317 "Field is too long for this implementation" ); 318 319 /** 320 * Client is not trusted. 321 */ 322 public static final ErrorType KDC_ERR_CLIENT_NOT_TRUSTED = new ErrorType( 62, "Client is not trusted" ); 323 324 /** 325 * KDC is not trusted. 326 */ 327 public static final ErrorType KRB_ERR_KDC_NOT_TRUSTED = new ErrorType( 63, "KDC is not trusted" ); 328 329 /** 330 * Signature is invalid. 331 */ 332 public static final ErrorType KDC_ERR_INVALID_SIG = new ErrorType( 64, "Signature is invalid" ); 333 334 /** 335 * Diffie-Hellman (DH) key parameters not accepted. 336 */ 337 public static final ErrorType KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED = new ErrorType( 65, 338 "Diffie-Hellman (DH) key parameters not accepted." ); 339 340 /** 341 * Certificates do not match. 342 */ 343 public static final ErrorType KRB_ERR_CERTIFICATE_MISMATCH = new ErrorType( 66, "Certificates do not match" ); 344 345 /** 346 * No TGT available to validate USER-TO-USER. 347 */ 348 public static final ErrorType KRB_AP_ERR_NO_TGT = new ErrorType( 67, "No TGT available to validate USER-TO-USER" ); 349 350 /** 351 * Wrong realm. 352 */ 353 public static final ErrorType KRB_ERR_WRONG_REALM = new ErrorType( 68, "Wrong realm" ); 354 355 /** 356 * Ticket must be for USER-TO-USER. 357 */ 358 public static final ErrorType KRB_AP_ERR_USER_TO_USER_REQUIRED = new ErrorType( 69, 359 "Ticket must be for USER-TO-USER" ); 360 361 /** 362 * Can't verify certificate. 363 */ 364 public static final ErrorType KDC_ERR_CANT_VERIFY_CERTIFICATE = new ErrorType( 70, "Can't verify certificate" ); 365 366 /** 367 * Invalid certificate. 368 */ 369 public static final ErrorType KDC_ERR_INVALID_CERTIFICATE = new ErrorType( 71, "Invalid certificate" ); 370 371 /** 372 * Revoked certificate. 373 */ 374 public static final ErrorType KDC_ERR_REVOKED_CERTIFICATE = new ErrorType( 72, "Revoked certificate" ); 375 376 /** 377 * Revocation status unknown. 378 */ 379 public static final ErrorType KDC_ERR_REVOCATION_STATUS_UNKNOWN = new ErrorType( 73, "Revocation status unknown" ); 380 381 /** 382 * Revocation status unavailable. 383 */ 384 public static final ErrorType KRB_ERR_REVOCATION_STATUS_UNAVAILABLE = new ErrorType( 74, 385 "Revocation status unavailable" ); 386 387 /** 388 * Client names do not match. 389 */ 390 public static final ErrorType KDC_ERR_CLIENT_NAME_MISMATCH = new ErrorType( 75, "Client names do not match" ); 391 392 /** 393 * KDC names do not match. 394 */ 395 public static final ErrorType KRB_ERR_KDC_NAME_MISMATCH = new ErrorType( 76, "KDC names do not match" ); 396 397 /** 398 * Inconsistent key purpose. 399 */ 400 public static final ErrorType KDC_ERR_INCONSISTENT_KEY_PURPOSE = new ErrorType( 77, "Inconsistent key purpose" ); 401 402 /** 403 * Digest in certificate not accepted. 404 */ 405 public static final ErrorType KDC_ERR_DIGEST_IN_CERT_NOT_ACCEPTED = new ErrorType( 78, 406 "Digest in certificate not accepted" ); 407 408 /** 409 * PA checksum must be included. 410 */ 411 public static final ErrorType KDC_ERR_PA_CHECKSUM_MUST_BE_INCLUDED = new ErrorType( 79, 412 "PA checksum must be included" ); 413 414 /** 415 * Digest in signed data not accepted. 416 */ 417 public static final ErrorType KDC_ERR_DIGEST_IN_SIGNED_DATA_NOT_ACCEPTED = new ErrorType( 80, 418 "Digest in signed data not accepted" ); 419 420 /** 421 * Public key encryption not supported. 422 */ 423 public static final ErrorType KDC_ERR_PUBLIC_KEY_ENCRYPTION_NOT_SUPPORTED = new ErrorType( 81, 424 "Public key encryption not supported" ); 425 426 /** 427 * Array for building a List of VALUES. 428 */ 429 private static final ErrorType[] values = 430 { KDC_ERR_NONE, KDC_ERR_NAME_EXP, KDC_ERR_SERVICE_EXP, KDC_ERR_BAD_PVNO, KDC_ERR_C_OLD_MAST_KVNO, 431 KDC_ERR_S_OLD_MAST_KVNO, KDC_ERR_C_PRINCIPAL_UNKNOWN, KDC_ERR_S_PRINCIPAL_UNKNOWN, 432 KDC_ERR_PRINCIPAL_NOT_UNIQUE, KDC_ERR_NULL_KEY, KDC_ERR_CANNOT_POSTDATE, KDC_ERR_NEVER_VALID, 433 KDC_ERR_POLICY, KDC_ERR_BADOPTION, KDC_ERR_ETYPE_NOSUPP, KDC_ERR_SUMTYPE_NOSUPP, 434 KDC_ERR_PADATA_TYPE_NOSUPP, KDC_ERR_TRTYPE_NOSUPP, KDC_ERR_CLIENT_REVOKED, KDC_ERR_SERVICE_REVOKED, 435 KDC_ERR_TGT_REVOKED, KDC_ERR_CLIENT_NOTYET, KDC_ERR_SERVICE_NOTYET, KDC_ERR_KEY_EXPIRED, 436 KDC_ERR_PREAUTH_FAILED, KDC_ERR_PREAUTH_REQUIRED, KDC_ERR_SERVER_NOMATCH, KDC_ERR_MUST_USE_USER2USER, 437 KDC_ERR_PATH_NOT_ACCEPTED, KDC_ERR_SVC_UNAVAILABLE, KRB_AP_ERR_BAD_INTEGRITY, KRB_AP_ERR_TKT_EXPIRED, 438 KRB_AP_ERR_TKT_NYV, KRB_AP_ERR_REPEAT, KRB_AP_ERR_NOT_US, KRB_AP_ERR_BADMATCH, KRB_AP_ERR_SKEW, 439 KRB_AP_ERR_BADADDR, KRB_AP_ERR_BADVERSION, KRB_AP_ERR_MSG_TYPE, KRB_AP_ERR_MODIFIED, KRB_AP_ERR_BADORDER, 440 KRB_AP_ERR_BADKEYVER, KRB_AP_ERR_NOKEY, KRB_AP_ERR_MUT_FAIL, KRB_AP_ERR_BADDIRECTION, KRB_AP_ERR_METHOD, 441 KRB_AP_ERR_BADSEQ, KRB_AP_ERR_INAPP_CKSUM, KRB_AP_PATH_NOT_ACCEPTED, KRB_ERR_RESPONSE_TOO_BIG, 442 KRB_ERR_GENERIC, KRB_ERR_FIELD_TOOLONG, KDC_ERR_CLIENT_NOT_TRUSTED, KRB_ERR_KDC_NOT_TRUSTED, 443 KDC_ERR_INVALID_SIG, KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED, KRB_ERR_CERTIFICATE_MISMATCH, 444 KRB_AP_ERR_NO_TGT, KRB_ERR_WRONG_REALM, KRB_AP_ERR_USER_TO_USER_REQUIRED, KDC_ERR_CANT_VERIFY_CERTIFICATE, 445 KDC_ERR_INVALID_CERTIFICATE, KDC_ERR_REVOKED_CERTIFICATE, KDC_ERR_REVOCATION_STATUS_UNKNOWN, 446 KRB_ERR_REVOCATION_STATUS_UNAVAILABLE, KDC_ERR_CLIENT_NAME_MISMATCH, KRB_ERR_KDC_NAME_MISMATCH, 447 KDC_ERR_INCONSISTENT_KEY_PURPOSE, KDC_ERR_DIGEST_IN_CERT_NOT_ACCEPTED, 448 KDC_ERR_PA_CHECKSUM_MUST_BE_INCLUDED, KDC_ERR_DIGEST_IN_SIGNED_DATA_NOT_ACCEPTED, 449 KDC_ERR_PUBLIC_KEY_ENCRYPTION_NOT_SUPPORTED }; 450 451 /** 452 * A List of all the error type constants. 453 */ 454 public static final List<ErrorType> VALUES = Collections.unmodifiableList( Arrays.asList( values ) ); 455 456 /** 457 * The name of the error type. 458 */ 459 private final String name; 460 461 /** 462 * The value/code for the error type. 463 */ 464 private final int value; 465 466 467 /** 468 * Private constructor prevents construction outside of this class. 469 */ 470 private ErrorType( int value, String name ) 471 { 472 this.value = value; 473 this.name = name; 474 } 475 476 477 /** 478 * Returns the message for this Kerberos error. 479 * 480 * @return the message for this Kerberos error. 481 */ 482 public String getMessage() 483 { 484 return name; 485 } 486 487 488 /** 489 * Returns the message for this Kerberos error. 490 * 491 * @return the message for this Kerberos error. 492 */ 493 public String toString() 494 { 495 return name; 496 } 497 498 499 /** 500 * Compares this type to another object hopefully one that is of the same 501 * type. 502 * 503 * @param that the object to compare this KerberosError to 504 * @return value - ( ( KerberosError ) that ).ordinal; 505 */ 506 public int compareTo( ErrorType that ) 507 { 508 return value - that.value; 509 } 510 511 512 /** 513 * Gets the value by its value value. 514 * 515 * @param ordinal the value value of the value 516 * @return the type corresponding to the value value 517 */ 518 public static ErrorType getTypeByValue( int ordinal ) 519 { 520 for ( int ii = 0; ii < values.length; ii++ ) 521 { 522 if ( values[ii].value == ordinal ) 523 { 524 return values[ii]; 525 } 526 } 527 528 return KRB_ERR_GENERIC; 529 } 530 531 532 /** 533 * Gets the value value associated with this Kerberos error. 534 * 535 * @return the value value associated with this Kerberos error 536 */ 537 public int getValue() 538 { 539 return value; 540 } 541}