Produced by Araxis Merge on 9/25/2018 2:13:23 PM Central Daylight Time. See www.araxis.com for information about Merge. This report uses XHTML and CSS2, and is best viewed with a modern standards-compliant browser. For optimum results when printing this report, use landscape orientation and enable printing of background images and colours in your browser.
# | Location | File | Last Modified |
---|---|---|---|
1 | build 3.zip\build 3\MHLTH_YS_137_Source\JavaScript\resources\javaJDF-1.8.0\src\sun\security\krb5 | EncryptionKey.java | Mon Jan 22 14:46:54 2018 UTC |
2 | build 3.zip\build 3\MHLTH_YS_137_Source\JavaScript\resources\javaJDF-1.8.0\src\sun\security\krb5 | EncryptionKey.java | Wed Sep 12 17:52:03 2018 UTC |
Description | Between Files 1 and 2 |
|
---|---|---|
Text Blocks | Lines | |
Unchanged | 4 | 1146 |
Changed | 3 | 6 |
Inserted | 0 | 0 |
Removed | 0 | 0 |
Whitespace | |
---|---|
Character case | Differences in character case are significant |
Line endings | Differences in line endings (CR and LF characters) are ignored |
CR/LF characters | Not shown in the comparison detail |
No regular expressions were active.
1 | /* | |
2 | * Copyrig ht (c) 200 0, 2013, O racle and/ or its aff iliates. A ll rights reserved. | |
3 | * DO NOT ALTER OR R EMOVE COPY RIGHT NOTI CES OR THI S FILE HEA DER. | |
4 | * | |
5 | * This co de is free software; you can r edistribut e it and/o r modify i t | |
6 | * under t he terms o f the GNU General Pu blic Licen se version 2 only, a s | |
7 | * publish ed by the Free Softw are Founda tion. Ora cle design ates this | |
8 | * particu lar file a s subject to the "Cl asspath" e xception a s provided | |
9 | * by Orac le in the LICENSE fi le that ac companied this code. | |
10 | * | |
11 | * This co de is dist ributed in the hope that it wi ll be usef ul, but WI THOUT | |
12 | * ANY WAR RANTY; wit hout even the implie d warranty of MERCHA NTABILITY or | |
13 | * FITNESS FOR A PAR TICULAR PU RPOSE. Se e the GNU General Pu blic Licen se | |
14 | * version 2 for mor e details (a copy is included in the LIC ENSE file that | |
15 | * accompa nied this code). | |
16 | * | |
17 | * You sho uld have r eceived a copy of th e GNU Gene ral Public License v ersion | |
18 | * 2 along with this work; if not, write to the Fr ee Softwar e Foundati on, | |
19 | * Inc., 5 1 Franklin St, Fifth Floor, Bo ston, MA 0 2110-1301 USA. | |
20 | * | |
21 | * Please contact Or acle, 500 Oracle Par kway, Redw ood Shores , CA 94065 USA | |
22 | * or visi t www.orac le.com if you need a dditional informatio n or have any | |
23 | * questio ns. | |
24 | */ | |
25 | ||
26 | /* | |
27 | * | |
28 | * (C) Co pyright IB M Corp. 19 99 All Rig hts Reserv ed. | |
29 | * Copyri ght 1997 T he Open Gr oup Resear ch Institu te. All r ights rese rved. | |
30 | */ | |
31 | ||
32 | package su n.security .krb5; | |
33 | ||
34 | import sun .security. util.*; | |
35 | import sun .security. krb5.inter nal.*; | |
36 | import sun .security. krb5.inter nal.crypto .*; | |
37 | import jav a.io.IOExc eption; | |
38 | import jav a.security .GeneralSe curityExce ption; | |
39 | import jav a.util.Arr ays; | |
40 | import sun .security. krb5.inter nal.ktab.K eyTab; | |
41 | import sun .security. krb5.inter nal.ccache .CCacheOut putStream; | |
42 | import jav ax.crypto. spec.DESKe ySpec; | |
43 | import jav ax.crypto. spec.DESed eKeySpec; | |
44 | ||
45 | /** | |
46 | * This cl ass encaps ulates the concept o f an Encry ptionKey. An encrypt ion | |
47 | * key is defined in RFC 4120 as: | |
48 | * | |
49 | * Encrypt ionKey : := SEQUENC E { | |
50 | * keytype [0] Int32 -- actually e ncryption type --, | |
51 | * keyvalue [1] OCTET STR ING | |
52 | * } | |
53 | * | |
54 | * keytype | |
55 | * Thi s field sp ecifies th e encrypti on type of the encry ption key | |
56 | * tha t follows in the key value fiel d. Althou gh its nam e is | |
57 | * "ke ytype", it actually specifies an encrypt ion type. Previousl y, | |
58 | * mul tiple cryp tosystems that perfo rmed encry ption diff erently bu t | |
59 | * wer e capable of using k eys with t he same ch aracterist ics were | |
60 | * per mitted to share an a ssigned nu mber to de signate th e type of | |
61 | * key ; this usa ge is now deprecated . | |
62 | * | |
63 | * keyvalu e | |
64 | * Thi s field co ntains the key itsel f, encoded as an oct et string. | |
65 | */ | |
66 | ||
67 | public cla ss Encrypt ionKey | |
68 | implem ents Clone able { | |
69 | ||
70 | public static fi nal Encryp tionKey NU LL_KEY = | |
71 | ne w Encrypti onKey(new byte[] {}, Encrypted Data.ETYPE _NULL, nul l); | |
72 | ||
73 | privat e int keyT ype; | |
74 | privat e byte[] k eyValue; | |
75 | privat e Integer kvno; // n ot part of ASN1 enco ding; | |
76 | ||
77 | privat e static f inal boole an DEBUG = Krb5.DEBU G; | |
78 | ||
79 | public synchroni zed int ge tEType() { | |
80 | re turn keyTy pe; | |
81 | } | |
82 | ||
83 | public final Int eger getKe yVersionNu mber() { | |
84 | re turn kvno; | |
85 | } | |
86 | ||
87 | /** | |
88 | * Ret urns the r aw key byt es, not in any ASN.1 encoding. | |
89 | */ | |
90 | public final byt e[] getByt es() { | |
91 | // This meth od cannot be called outside su n.security , hence no | |
92 | // cloning. getEncoded () calls t his method . | |
93 | re turn keyVa lue; | |
94 | } | |
95 | ||
96 | public synchroni zed Object clone() { | |
97 | re turn new E ncryptionK ey(keyValu e, keyType , kvno); | |
98 | } | |
99 | ||
100 | /** | |
101 | * Obtains all versio ns of the PW key of the principal from a | |
102 | * key tab. | |
103 | * | |
104 | * @Param p rinc the p rincipal w hose PW key is des ired | |
105 | * @pa ram keytab the path to the key tab file. A value of null | |
106 | * wil l be accep ted to ind icate that the defau lt path sh ould be | |
107 | * sea rched. | |
108 | * @returns an array of PW keys or nu ll if none were foun d. | |
109 | */ | |
110 | public static En cryptionKe y[] acquir eSecretKey s(Principa lName prin c, | |
111 | String k eytab) { | |
112 | ||
113 | if (princ == null) | |
114 | throw ne w IllegalA rgumentExc eption( | |
115 | "Can not have n ull pricip al name to look in k eytab."); | |
116 | ||
117 | // KeyTab ge tInstance( keytab) wi ll call Ke yTab.getIn stance() | |
118 | // if keytab is null | |
119 | Ke yTab ktab = KeyTab.g etInstance (keytab); | |
120 | re turn ktab. readServic eKeys(prin c); | |
121 | } | |
122 | ||
123 | /** | |
124 | * Obt ains a key for a giv en etype o f a princi pal with p ossible ne w salt | |
125 | * and s2kparams | |
126 | * @pa ram cname NOT null | |
127 | * @pa ram passwo rd NOT nul l | |
128 | * @pa ram etype | |
129 | * @pa ram snp ca n be NULL | |
130 | * @re turns neve r null | |
131 | */ | |
132 | public static En cryptionKe y acquireS ecretKey(P rincipalNa me cname, | |
133 | char[] p assword, i nt etype, PAData.Sal tAndParams snp) | |
134 | throws K rbExceptio n { | |
135 | St ring salt; | |
136 | by te[] s2kpa rams; | |
137 | if (snp != n ull) { | |
138 | salt = s np.salt != null ? sn p.salt : c name.getSa lt(); | |
139 | s2kparam s = snp.pa rams; | |
140 | } else { | |
141 | salt = c name.getSa lt(); | |
142 | s2kparam s = null; | |
143 | } | |
144 | re turn acqui reSecretKe y(password , salt, et ype, s2kpa rams); | |
145 | } | |
146 | ||
147 | /** | |
148 | * Obt ains a key for a giv en etype w ith salt a nd optiona l s2kparam s | |
149 | * @pa ram passwo rd NOT nul l | |
150 | * @pa ram salt N OT null | |
151 | * @pa ram etype | |
152 | * @pa ram s2kpar ams can be NULL | |
153 | * @re turns neve r null | |
154 | */ | |
155 | public static En cryptionKe y acquireS ecretKey(c har[] pass word, | |
156 | String s alt, int e type, byte [] s2kpara ms) | |
157 | throws K rbExceptio n { | |
158 | ||
159 | re turn new E ncryptionK ey( | |
160 | string ToKey(pass word, salt , s2kparam s, etype), | |
161 | etype, null); | |
162 | } | |
163 | ||
164 | /** | |
165 | * Gen erate a li st of keys using the given pri ncipal and password. | |
166 | * Con struct a k ey for eac h configur ed etype. | |
167 | * Cal ler is res ponsible f or clearin g password . | |
168 | */ | |
169 | /* | |
170 | * Usu ally, when keyType i s decoded from ASN.1 it will c ontain a | |
171 | * val ue indicat ing what t he algorit hm to be u sed is. Ho wever, whe n | |
172 | * con verting fr om a passw ord to a k ey for the AS-EXCHAN GE, this | |
173 | * key Type will not be ava ilable. Us e builtin list of de fault etyp es | |
174 | * as the defaul t in that case. If d efault_tkt _enctypes was set in | |
175 | * the libdefaul ts of krb5 .conf, the n use that sequence. | |
176 | */ | |
177 | public static En cryptionKe y[] acquir eSecretKey s(char[] p assword, | |
178 | String s alt) throw s KrbExcep tion { | |
179 | ||
180 | in t[] etypes = EType.g etDefaults ("default_ tkt_enctyp es"); | |
181 | ||
182 | En cryptionKe y[] encKey s = new En cryptionKe y[etypes.l ength]; | |
183 | fo r (int i = 0; i < et ypes.lengt h; i++) { | |
184 | if (ETyp e.isSuppor ted(etypes [i])) { | |
185 | encK eys[i] = n ew Encrypt ionKey( | |
186 | string ToKey(pass word, salt , null, et ypes[i]), | |
187 | etypes [i], null) ; | |
188 | } else { | |
189 | if ( DEBUG) { | |
190 | System.out .println(" Encryption Type " + | |
191 | EType. toString(e types[i]) + | |
192 | " is n ot support ed/enabled "); | |
193 | } | |
194 | } | |
195 | } | |
196 | re turn encKe ys; | |
197 | } | |
198 | ||
199 | // Use d in Krb5A cceptCrede ntial, sel f | |
200 | public Encryptio nKey(byte[ ] keyValue , | |
201 | int k eyType, | |
202 | Integ er kvno) { | |
203 | ||
204 | if (keyValue != null) { | |
205 | this.key Value = ne w byte[key Value.leng th]; | |
206 | System.a rraycopy(k eyValue, 0 , this.key Value, 0, keyValue.l ength); | |
207 | } else { | |
208 | throw ne w IllegalA rgumentExc eption("En cryptionKe y: " + | |
209 | "Ke y bytes ca nnot be nu ll!"); | |
210 | } | |
211 | th is.keyType = keyType ; | |
212 | th is.kvno = kvno; | |
213 | } | |
214 | ||
215 | /** | |
216 | * Con structs an Encryptio nKey by us ing the sp ecified ke y type and key | |
217 | * val ue. It is used to r ecover the key when retrieving data from | |
218 | * cre dential ca che file. | |
219 | * | |
220 | */ | |
221 | // Us ed in JSSE (Kerberos Wrapper), Credential s, | |
222 | // ja vax.securi ty.auth.ke rberos.Key Impl | |
223 | public Encryptio nKey(int k eyType, | |
224 | byte[ ] keyValue ) { | |
225 | th is(keyValu e, keyType , null); | |
226 | } | |
227 | ||
228 | privat e static b yte[] stri ngToKey(ch ar[] passw ord, Strin g salt, | |
229 | by te[] s2kpa rams, int keyType) t hrows KrbC ryptoExcep tion { | |
230 | ||
231 | ch ar[] slt = salt.toCh arArray(); | |
232 | ch ar[] pwsal t = new ch ar[passwor d.length + slt.lengt h]; | |
233 | Sy stem.array copy(passw ord, 0, pw salt, 0, p assword.le ngth); | |
234 | Sy stem.array copy(slt, 0, pwsalt, password. length, sl t.length); | |
235 | Ar rays.fill( slt, '0'); | |
236 | ||
237 | tr y { | |
238 | switch ( keyType) { | |
239 | case Encrypted Data.ETYPE _DES_CBC_C RC: | |
240 | case Encrypted Data.ETYPE _DES_CBC_M D5: | |
241 | return Des.strin g_to_key_b ytes(pwsal t); | |
242 | ||
243 | case Encrypted Data.ETYPE _DES3_CBC_ HMAC_SHA1_ KD: | |
244 | return Des3.stri ngToKey(pw salt); | |
245 | ||
246 | case Encrypted Data.ETYPE _ARCFOUR_H MAC: | |
247 | return ArcFourHm ac.stringT oKey(passw ord); | |
248 | ||
249 | case Encrypted Data.ETYPE _AES128_CT S_HMAC_SHA 1_96: | |
250 | return Aes128.st ringToKey( password, salt, s2kp arams); | |
251 | ||
252 | case Encrypted Data.ETYPE _AES256_CT S_HMAC_SHA 1_96: | |
253 | return Aes256.st ringToKey( password, salt, s2kp arams); | |
254 | ||
255 | defa ult: | |
256 | throw new Illega lArgumentE xception(" encryption type " + | |
257 | EType. toString(k eyType) + " not supp orted"); | |
258 | } | |
259 | ||
260 | } catch (Gen eralSecuri tyExceptio n e) { | |
261 | KrbCrypt oException ke = new KrbCryptoE xception(e .getMessag e()); | |
262 | ke.initC ause(e); | |
263 | throw ke ; | |
264 | } finally { | |
265 | Arrays.f ill(pwsalt , '0'); | |
266 | } | |
267 | } | |
268 | ||
269 | // Use d in javax .security. auth.kerbe ros.KeyImp l | |
270 | public Encryptio nKey(char[ ] password , | |
271 | Strin g salt, | |
272 | Strin g algorith m) throws KrbCryptoE xception { | |
273 | ||
274 | if (algorith m == null || algorit hm.equalsI gnoreCase( "DES")) { | |
275 | keyType = Encrypte dData.ETYP E_DES_CBC_ MD5; | |
276 | } else if (a lgorithm.e qualsIgnor eCase("DES ede")) { | |
277 | keyType = Encrypte dData.ETYP E_DES3_CBC _HMAC_SHA1 _KD; | |
278 | } else if (a lgorithm.e qualsIgnor eCase("AES 128")) { | |
279 | keyType = Encrypte dData.ETYP E_AES128_C TS_HMAC_SH A1_96; | |
280 | } else if (a lgorithm.e qualsIgnor eCase("Arc FourHmac") ) { | |
281 | keyType = Encrypte dData.ETYP E_ARCFOUR_ HMAC; | |
282 | } else if (a lgorithm.e qualsIgnor eCase("AES 256")) { | |
283 | keyType = Encrypte dData.ETYP E_AES256_C TS_HMAC_SH A1_96; | |
284 | // valid ate if AES 256 is ena bled | |
285 | if (!ETy pe.isSuppo rted(keyTy pe)) { | |
286 | thro w new Ille galArgumen tException ("Algorith m " + algo rithm + | |
287 | " not enabled"); | |
288 | } | |
289 | } else { | |
290 | throw ne w IllegalA rgumentExc eption("Al gorithm " + algorith m + | |
291 | " no t supporte d"); | |
292 | } | |
293 | ||
294 | ke yValue = s tringToKey (password, salt, nul l, keyType ); | |
295 | kv no = null; | |
296 | } | |
297 | ||
298 | /** | |
299 | * Gen erates a s ub-session key from a given ses sion key. | |
300 | * | |
301 | * Use d in Accep tSecContex tToken and KrbApReq by accepto r- and ini tiator- | |
302 | * sid e respecti vely. | |
303 | */ | |
304 | public Encryptio nKey(Encry ptionKey k ey) throws KrbCrypto Exception { | |
305 | // generate random sub -session k ey | |
306 | ke yValue = C onfounder. bytes(key. keyValue.l ength); | |
307 | fo r (int i = 0; i < ke yValue.len gth; i++) { | |
308 | keyValue[i ] ^= key.k eyValue[i] ; | |
309 | } | |
310 | ke yType = ke y.keyType; | |
311 | ||
312 | // check for key parit y and weak keys | |
313 | tr y { | |
314 | // check for DES k ey | |
315 | if ((key Type == En cryptedDat a.ETYPE_DE S_CBC_MD5) || | |
316 | (key Type == En cryptedDat a.ETYPE_DE S_CBC_CRC) ) { | |
317 | // f ix DES key parity | |
318 | if ( !DESKeySpe c.isParity Adjusted(k eyValue, 0 )) { | |
319 | keyValue = Des.set_p arity(keyV alue); | |
320 | } | |
321 | // c heck for w eak key | |
322 | if ( DESKeySpec .isWeak(ke yValue, 0) ) { | |
323 | keyValue[7 ] = (byte) (keyValue[ 7] ^ 0xF0) ; | |
324 | } | |
325 | } | |
326 | // check for 3DES key | |
327 | if (keyT ype == Enc ryptedData .ETYPE_DES 3_CBC_HMAC _SHA1_KD) { | |
328 | // f ix 3DES ke y parity | |
329 | if ( !DESedeKey Spec.isPar ityAdjuste d(keyValue , 0)) { | |
330 | keyValue = Des3.pari tyFix(keyV alue); | |
331 | } | |
332 | // c heck for w eak keys | |
333 | byte [] oneKey = new byte [8]; | |
334 | for (int i=0; i<keyValue .length; i +=8) { | |
335 | System.arr aycopy(key Value, i, oneKey, 0, 8); | |
336 | if (DESKey Spec.isWea k(oneKey, 0)) { | |
337 | keyVal ue[i+7] = (byte)(key Value[i+7] ^ 0xF0); | |
338 | } | |
339 | } | |
340 | } | |
341 | } catch (Gen eralSecuri tyExceptio n e) { | |
342 | KrbCrypt oException ke = new KrbCryptoE xception(e .getMessag e()); | |
343 | ke.initC ause(e); | |
344 | throw ke ; | |
345 | } | |
346 | } | |
347 | ||
348 | /** | |
349 | * Con structs an instance of Encrypt ionKey typ e. | |
350 | * @pa ram encodi ng a singl e DER-enco ded value. | |
351 | * @ex ception As n1Exceptio n if an er ror occurs while dec oding an A SN1 | |
352 | * enc oded data. | |
353 | * @ex ception IO Exception if an I/O error occu rs while r eading enc oded | |
354 | * dat a. | |
355 | * | |
356 | * | |
357 | */ | |
358 | / / Used in javax.secu rity.auth. kerberos.K eyImpl | |
359 | public Encryptio nKey(DerVa lue encodi ng) throws Asn1Excep tion, IOEx ception { | |
360 | De rValue der ; | |
361 | if (encoding .getTag() != DerValu e.tag_Sequ ence) { | |
362 | throw ne w Asn1Exce ption(Krb5 .ASN1_BAD_ ID); | |
363 | } | |
364 | de r = encodi ng.getData ().getDerV alue(); | |
365 | if ((der.get Tag() & (b yte)0x1F) == (byte)0 x00) { | |
366 | keyType = der.getD ata().getB igInteger( ).intValue (); | |
367 | } | |
368 | el se | |
369 | throw ne w Asn1Exce ption(Krb5 .ASN1_BAD_ ID); | |
370 | de r = encodi ng.getData ().getDerV alue(); | |
371 | if ((der.get Tag() & (b yte)0x1F) == (byte)0 x01) { | |
372 | keyValue = der.get Data().get OctetStrin g(); | |
373 | } | |
374 | el se | |
375 | throw ne w Asn1Exce ption(Krb5 .ASN1_BAD_ ID); | |
376 | if (der.getD ata().avai lable() > 0) { | |
377 | throw ne w Asn1Exce ption(Krb5 .ASN1_BAD_ ID); | |
378 | } | |
379 | } | |
380 | ||
381 | /** | |
382 | * Ret urns the A SN.1 encod ing of thi s Encrypti onKey. | |
383 | * | |
384 | * <xm p> | |
385 | * Enc ryptionKey ::= SEQ UENCE { | |
386 | * keyty pe[0] I NTEGER, | |
387 | * keyva lue[1] O CTET STRIN G } | |
388 | * </x mp> | |
389 | * | |
390 | * <p> | |
391 | * Thi s definiti on reflect s the Netw ork Workin g Group RF C 4120 | |
392 | * spe cification available at | |
393 | * <a href="http ://www.iet f.org/rfc/ rfc4120.tx t"> | |
394 | * htt p://www.ie tf.org/rfc /rfc4120.t xt</a>. | |
395 | * | |
396 | * @re turn byte array of e ncoded Enc ryptionKey object. | |
397 | * @ex ception As n1Exceptio n if an er ror occurs while dec oding an A SN1 | |
398 | * enc oded data. | |
399 | * @ex ception IO Exception if an I/O error occu rs while r eading enc oded | |
400 | * dat a. | |
401 | * | |
402 | */ | |
403 | public synchroni zed byte[] asn1Encod e() throws Asn1Excep tion, IOEx ception { | |
404 | De rOutputStr eam bytes = new DerO utputStrea m(); | |
405 | De rOutputStr eam temp = new DerOu tputStream (); | |
406 | te mp.putInte ger(keyTyp e); | |
407 | by tes.write( DerValue.c reateTag(D erValue.TA G_CONTEXT, true, | |
408 | ( byte)0x00) , temp); | |
409 | te mp = new D erOutputSt ream(); | |
410 | te mp.putOcte tString(ke yValue); | |
411 | by tes.write( DerValue.c reateTag(D erValue.TA G_CONTEXT, true, | |
412 | ( byte)0x01) , temp); | |
413 | te mp = new D erOutputSt ream(); | |
414 | te mp.write(D erValue.ta g_Sequence , bytes); | |
415 | re turn temp. toByteArra y(); | |
416 | } | |
417 | ||
418 | public synchroni zed void d estroy() { | |
419 | if (keyValue != null) | |
420 | for (int i = 0; i < keyValue .length; i ++) | |
421 | keyV alue[i] = 0; | |
422 | } | |
423 | ||
424 | ||
425 | /** | |
426 | * Par se (unmars hal) an En cryption k ey from a DER input stream. T his form | |
427 | * par sing might be used w hen expand ing a valu e which is part of | |
428 | * a c onstructed sequence and uses e xplicitly tagged typ e. | |
429 | * | |
430 | * @pa ram data t he Der inp ut stream value, whi ch contain s one or m ore | |
431 | * mar shaled val ue. | |
432 | * @pa ram explic itTag tag number. | |
433 | * @pa ram option al indicat e if this data field is option al | |
434 | * @ex ception As n1Exceptio n if an er ror occurs while dec oding an A SN1 | |
435 | * enc oded data. | |
436 | * @ex ception IO Exception if an I/O error occu rs while r eading enc oded | |
437 | * dat a. | |
438 | * @re turn an in stance of Encryption Key. | |
439 | * | |
440 | */ | |
441 | public static En cryptionKe y parse(De rInputStre am data, b yte | |
442 | ex plicitTag, boolean o ptional) t hrows | |
443 | As n1Exceptio n, IOExcep tion { | |
444 | if ((optiona l) && (((b yte)data.p eekByte() & (byte)0x 1F) != | |
445 | exp licitTag)) { | |
446 | return n ull; | |
447 | } | |
448 | De rValue der = data.ge tDerValue( ); | |
449 | if (explicit Tag != (de r.getTag() & (byte)0 x1F)) { | |
450 | throw ne w Asn1Exce ption(Krb5 .ASN1_BAD_ ID); | |
451 | } else { | |
452 | DerValue subDer = der.getDat a().getDer Value(); | |
453 | return n ew Encrypt ionKey(sub Der); | |
454 | } | |
455 | } | |
456 | ||
457 | /** | |
458 | * Wri tes key va lue in FCC format to a <code>C CacheOutpu tStream</c ode>. | |
459 | * | |
460 | * @pa ram cos a <code>CCac heOutputSt ream</code > to be wr itten to. | |
461 | * @ex ception IO Exception if an I/O exception occurs. | |
462 | * @se e sun.secu rity.krb5. internal.c cache.CCac heOutputSt ream | |
463 | * | |
464 | */ | |
465 | public synchroni zed void w riteKey(CC acheOutput Stream cos ) | |
466 | th rows IOExc eption { | |
467 | ||
468 | co s.write16( keyType); | |
469 | // we use KR B5_FCC_FVN O_3 | |
470 | co s.write16( keyType); // key typ e is recor ded twice. | |
471 | co s.write32( keyValue.l ength); | |
472 | fo r (int i = 0; i < ke yValue.len gth; i++) { | |
473 | cos.writ e8(keyValu e[i]); | |
474 | } | |
475 | } | |
476 | ||
477 | public String to String() { | |
478 | re turn new S tring("Enc ryptionKey : keyType= " + keyTyp e | |
479 | + " kvno=" + k vno | |
480 | + " keyValue ( hex dump)= " | |
481 | + (k eyValue == null || k eyValue.le ngth == 0 ? | |
482 | " Empt y Key" : ' \n' | |
483 | + Krb5 .hexDumper .encodeBuf fer(keyVal ue) | |
484 | + '\n' )); | |
485 | } | |
486 | ||
487 | /** | |
488 | * Fin d a key wi th given e type | |
489 | */ | |
490 | public static En cryptionKe y findKey( int etype, Encryptio nKey[] key s) | |
491 | throws K rbExceptio n { | |
492 | re turn findK ey(etype, null, keys ); | |
493 | } | |
494 | ||
495 | /** | |
496 | * Det ermines if a kvno ma tches anot her kvno. Used in th e method | |
497 | * fin dKey(type, kvno, key s). Always returns t rue if eit her input | |
498 | * is null or ze ro, in cas e any side does not have kvno info avail able. | |
499 | * | |
500 | * Not e: zero is included because N/ A is not a legal val ue for kvn o | |
501 | * in javax.secu rity.auth. kerberos.K erberosKey . Therefor e, the inf o | |
502 | * tha t the kvno is N/A mi ght be los t when con verting be tween this | |
503 | * cla ss and Ker berosKey. | |
504 | */ | |
505 | privat e static b oolean ver sionMatche s(Integer v1, Intege r v2) { | |
506 | if (v1 == nu ll || v1 = = 0 || v2 == null || v2 == 0) { | |
507 | return t rue; | |
508 | } | |
509 | re turn v1.eq uals(v2); | |
510 | } | |
511 | ||
512 | /** | |
513 | * Fin d a key wi th given e type and k vno | |
514 | * @pa ram kvno i f null, re turn any ( first?) ke y | |
515 | */ | |
516 | public static En cryptionKe y findKey( int etype, Integer k vno, Encry ptionKey[] keys) | |
517 | th rows KrbEx ception { | |
518 | ||
519 | // check if encryption type is s upported | |
520 | if (!EType.i sSupported (etype)) { | |
521 | throw ne w KrbExcep tion("Encr yption typ e " + | |
522 | ETyp e.toString (etype) + " is not s upported/e nabled"); | |
523 | } | |
524 | ||
525 | in t ktype; | |
526 | bo olean etyp eFound = f alse; | |
527 | ||
528 | // When no m atched kvn o is found , returns tke key of the same | |
529 | // etype wit h the high est kvno | |
530 | in t kvno_fou nd = 0; | |
531 | En cryptionKe y key_foun d = null; | |
532 | ||
533 | fo r (int i = 0; i < ke ys.length; i++) { | |
534 | ktype = keys[i].ge tEType(); | |
535 | if (ETyp e.isSuppor ted(ktype) ) { | |
536 | Inte ger kv = k eys[i].get KeyVersion Number(); | |
537 | if ( etype == k type) { | |
538 | etypeFound = true; | |
539 | if (versio nMatches(k vno, kv)) { | |
540 | return keys[i]; | |
541 | } else if (kv > kvno _found) { | |
542 | // kv is not nul l | |
543 | key_fo und = keys [i]; | |
544 | kvno_f ound = kv; | |
545 | } | |
546 | } | |
547 | } | |
548 | } | |
549 | ||
550 | // Key not f ound. | |
551 | // allow DES key to be used for the DES et ypes | |
552 | if ((etype = = Encrypte dData.ETYP E_DES_CBC_ CRC || | |
553 | etype == Encrypted Data.ETYPE _DES_CBC_M D5)) { | |
554 | for (int i = 0; i < keys.len gth; i++) { | |
555 | ktyp e = keys[i ].getEType (); | |
556 | if ( ktype == E ncryptedDa ta.ETYPE_D ES_CBC_CRC || | |
557 | ktype == Encrypt edData.ETY PE_DES_CBC _MD5) { | |
558 | Integer kv = keys[i] .getKeyVer sionNumber (); | |
559 | etypeFound = true; | |
560 | if (versio nMatches(k vno, kv)) { | |
561 | return new Encry ptionKey(e type, keys [i].getByt es()); | |
562 | } else if (kv > kvno _found) { | |
563 | key_fo und = new Encryption Key(etype, keys[i].g etBytes()) ; | |
564 | kvno_f ound = kv; | |
565 | } | |
566 | } | |
567 | } | |
568 | } | |
569 | if (etypeFou nd) { | |
570 | return k ey_found; | |
571 | // For c ompatibili ty, will n ot fail he re. | |
572 | //throw new KrbExc eption(Krb 5.KRB_AP_E RR_BADKEYV ER); | |
573 | } | |
574 | re turn null; | |
575 | } | |
576 | } |
Araxis Merge (but not the data content of this report) is Copyright © 1993-2016 Araxis Ltd (www.araxis.com). All rights reserved.