@Override
protected void getValues(Object object, Object[] values) {
GeneralSubtree gs = (GeneralSubtree) object;
values[0] = gs.base;
values[1] = ASN1Integer.fromIntValue(gs.minimum);
if (gs.maximum > -1) {
values[2] = ASN1Integer.fromIntValue(gs.maximum);
}
}
@Override
protected Object getDecodedObject(BerInputStream in) {
Object[] values = (Object[]) in.content;
int maximum = -1; // is optional maximum missing?
if (values[2] != null) {
maximum = ASN1Integer.toIntValue(values[2]); // no!
}
return new GeneralSubtree(
(GeneralName) values[0], ASN1Integer.toIntValue(values[1]), maximum);
}
/**
* Certificate(TBSCertificate tbsCertificate, AlgorithmIdentifier signatureAlgorithm, byte[]
* signatureValue) method testing. Makes the certificate, gets its encoded form, makes new
* certificate from this encoded form by CertificateFactory, and decodes encoded form.
*/
public void testCertificate() throws Exception {
// make the TBSCertificate for Certificate
int version = 2; // v3
BigInteger serialNumber = BigInteger.valueOf(555L);
AlgorithmIdentifier signature = new AlgorithmIdentifier("1.2.3.44.555"); // random value
Name issuer = new Name("O=Certificate Issuer");
Validity validity = new Validity(new Date(100000000), new Date(200000000));
Name subject = new Name("O=Subject Organization");
SubjectPublicKeyInfo subjectPublicKeyInfo =
new SubjectPublicKeyInfo(new AlgorithmIdentifier("1.2.840.113549.1.1.2"), new byte[10]);
boolean[] issuerUniqueID =
new boolean[] {true, false, true, false, true, false, true, false}; // random value
boolean[] subjectUniqueID =
new boolean[] {false, true, false, true, false, true, false, true}; // random value
// make the Extensions for TBSCertificate
// Subject Alternative Names
GeneralName[] san =
new GeneralName[] {
new GeneralName(
new OtherName(
"1.2.3.4.5",
ASN1Integer.getInstance().encode(BigInteger.valueOf(55L).toByteArray()))),
new GeneralName(1, "*****@*****.**"),
new GeneralName(2, "dNSName"),
new GeneralName(new ORAddress()),
new GeneralName(4, "O=Organization"),
new GeneralName(new EDIPartyName("assigner", "party")),
new GeneralName(6, "http://Resource.Id"),
new GeneralName(new byte[] {1, 1, 1, 1}),
new GeneralName(8, "1.2.3.4444.55555")
};
GeneralNames sans = new GeneralNames(Arrays.asList(san));
Extension extension = new Extension("2.5.29.17", true, sans.getEncoded());
Extensions extensions = new Extensions();
extensions.addExtension(extension);
byte[] encoding = extensions.getEncoded();
Extensions.ASN1.decode(encoding);
TBSCertificate tbsCertificate =
new TBSCertificate(
version,
serialNumber,
signature,
issuer,
validity,
subject,
subjectPublicKeyInfo,
issuerUniqueID,
subjectUniqueID,
extensions);
encoding = tbsCertificate.getEncoded();
TBSCertificate.ASN1.decode(encoding);
Certificate certificate = new Certificate(tbsCertificate, signature, new byte[10]);
encoding = certificate.getEncoded();
Certificate.ASN1.decode(encoding);
encoding = Certificate.ASN1.encode(certificate);
ByteArrayInputStream bais = new ByteArrayInputStream(encoding);
// try {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
cf.generateCertificate(bais);
// } catch (CertificateException e) {
// there is no X.509 certificate factory implementation installed
// }
}
/**
* @see http://www.ietf.org/rfc/rfc3961.txt
* @see http://www.ietf.org/rfc/rfc4120.txt
*/
public class KDCRequest {
/** Authentication Service request message type */
public static final int AS_REQ = 10;
/** Ticket-Granting Service request message type */
public static final int TGS_REQ = 12;
// type of a protocol message: AS_REQ or TGS_REQ
private final int msgType;
private final PrincipalName cname;
private final String realm;
private final PrincipalName sname;
KDCRequest(int msgType, PrincipalName cname, String realm, PrincipalName sname) {
super();
this.msgType = msgType;
this.cname = cname;
this.realm = realm;
this.sname = sname;
}
public DatagramSocket send(InetAddress address, int port) throws IOException {
if (msgType != AS_REQ) {
throw new RuntimeException("Not implemented");
}
byte[] enc = AS_REQ_ASN1.encode(this);
DatagramPacket req = new DatagramPacket(enc, enc.length, address, port);
DatagramSocket socket = new DatagramSocket();
socket.send(req);
return socket;
}
/**
*
*
* <pre>
* KDC-REQ-BODY ::= SEQUENCE {
* kdc-options [0] KDCOptions,
* cname [1] PrincipalName OPTIONAL
* -- Used only in AS-REQ --,
* realm [2] Realm
* -- Server's realm
* -- Also client's in AS-REQ --,
* sname [3] PrincipalName OPTIONAL,
* from [4] KerberosTime OPTIONAL,
* till [5] KerberosTime,
* rtime [6] KerberosTime OPTIONAL,
* nonce [7] UInt32,
* etype [8] SEQUENCE OF Int32 -- EncryptionType
* -- in preference order --,
* addresses [9] HostAddresses OPTIONAL,
* enc-authorization-data [10] EncryptedData OPTIONAL
* -- AuthorizationData --,
* additional-tickets [11] SEQUENCE OF Ticket OPTIONAL
* -- NOTE: not empty
* }
* </pre>
*/
private static final ASN1Sequence KDC_REQ_BODY =
new ASN1Sequence(
new ASN1Type[] {
new ASN1Explicit(0, ASN1Any.getInstance()), // TODO: ignored
new ASN1Explicit(1, PrincipalName.ASN1),
// TODO should we define Realm type?
new ASN1Explicit(2, ASN1StringType.GENERALSTRING),
new ASN1Explicit(3, PrincipalName.ASN1),
new ASN1Explicit(4, ASN1Any.getInstance()), // TODO: ignored
new ASN1Explicit(5, KerberosTime.getASN1()),
new ASN1Explicit(6, ASN1Any.getInstance()), // TODO: ignored
new ASN1Explicit(7, ASN1Integer.getInstance()),
new ASN1Explicit(8, new ASN1SequenceOf(ASN1Integer.getInstance())),
new ASN1Explicit(9, ASN1Any.getInstance()), // TODO: ignored
new ASN1Explicit(10, ASN1Any.getInstance()), // TODO: ignored
new ASN1Explicit(11, ASN1Any.getInstance()), // TODO: ignored
}) {
{
setOptional(1); // cname
setOptional(3); // sname
setOptional(4); // from
setOptional(6); // rtime
setOptional(9); // addresses
setOptional(10); // enc-authorization-data
setOptional(11); // additional-tickets
}
@Override
protected void getValues(Object object, Object[] values) {
KDCRequest request = (KDCRequest) object;
// FIXME: hardcoded - no KDCOptions are set
// note: number of bits should be >= 32
// (see RFC 4120, 5.2.8. KerberosFlags)
values[0] =
new byte[] {
(byte) 0x03,
(byte) 0x05,
(byte) 0x00,
(byte) 0x00,
(byte) 0x00,
(byte) 0x00,
(byte) 0x00,
};
values[1] = request.cname;
values[2] = request.realm;
values[3] = request.sname;
// value[4] = from; //TODO
// till: requested: "19700101000000Z" FIXME
values[5] = new Date(0);
// values[6] = rtime //TODO
// nonce FIXME: hardcoded
values[7] = BigInteger.valueOf(0).toByteArray();
// etype FIXME
ArrayList<byte[]> list = new ArrayList<byte[]>();
// see RFC 3961 (Section 8)
list.add(BigInteger.valueOf(1).toByteArray()); // des-cbc-crc
list.add(BigInteger.valueOf(2).toByteArray()); // des-cbc-md4
list.add(BigInteger.valueOf(3).toByteArray()); // des-cbc-md5
values[8] = list;
// value[9] = FIXME
// value[10] = FIXME
// value[11] = FIXME
}
};
/**
*
*
* <pre>
* KDC-REQ ::= SEQUENCE {
* -- NOTE: first tag is [1], not [0]
* pvno [1] INTEGER (5) ,
* msg-type [2] INTEGER (10 -- AS -- | 12 -- TGS --),
* padata [3] SEQUENCE OF PA-DATA OPTIONAL
* -- NOTE: not empty --,
* req-body [4] KDC-REQ-BODY
* }
* </pre>
*/
static final ASN1Sequence KDC_REQ_ASN1 =
new ASN1Sequence(
new ASN1Type[] {
// pvno [1] INTEGER (5)
new ASN1Explicit(1, ASN1Integer.getInstance()),
// msg-type [2] INTEGER
new ASN1Explicit(2, ASN1Integer.getInstance()),
// padata [3] SEQUENCE OF PA-DATA OPTIONAL
new ASN1Explicit(3, new ASN1SequenceOf(ASN1Any.getInstance())),
// req-body [4] KDC-REQ-BODY
new ASN1Explicit(4, KDC_REQ_BODY),
}) {
{
setOptional(2); // padata
}
@Override
protected void getValues(Object object, Object[] values) {
KDCRequest request = (KDCRequest) object;
values[0] = BigInteger.valueOf(5).toByteArray();
values[1] = BigInteger.valueOf(request.msgType).toByteArray();
// values[2] = //FIXME
values[3] = request; // pass for further use
}
};
static final ASN1Explicit AS_REQ_ASN1 =
new ASN1Explicit(ASN1Constants.CLASS_APPLICATION, AS_REQ, KDC_REQ_ASN1);
}
/**
* Returns ASN.1 encoded form of the object.
*
* @return a byte array containing ASN.1 encoded form.
*/
public byte[] getEncoded() {
if (encoding == null) {
encoding = ASN1Integer.getInstance().encode(ASN1Integer.fromIntValue(skipCerts));
}
return encoding;
}
/** Creates an object on the base of its encoded form. */
public InhibitAnyPolicy(byte[] encoding) throws IOException {
super(encoding);
this.skipCerts = new BigInteger((byte[]) ASN1Integer.getInstance().decode(encoding)).intValue();
}
/**
* The class encapsulates the ASN.1 DER encoding/decoding work with the GeneralSubtree structure
* which is a part of X.509 certificate: (as specified in RFC 3280 - Internet X.509 Public Key
* Infrastructure. Certificate and Certificate Revocation List (CRL) Profile.
* http://www.ietf.org/rfc/rfc3280.txt):
*
* <pre>
*
* GeneralSubtree ::= SEQUENCE {
* base GeneralName,
* minimum [0] BaseDistance DEFAULT 0,
* maximum [1] BaseDistance OPTIONAL }
*
* BaseDistance ::= INTEGER (0..MAX)
*
* </pre>
*
* @see org.apache.harmony.security.x509.NameConstraints
* @see org.apache.harmony.security.x509.GeneralName
*/
public final class GeneralSubtree {
/** the value of base field of the structure */
private final GeneralName base;
/** the value of minimum field of the structure */
private final int minimum;
/** the value of maximum field of the structure */
private final int maximum;
/** the ASN.1 encoded form of GeneralSubtree */
private byte[] encoding;
public GeneralSubtree(GeneralName base, int minimum, int maximum) {
this.base = base;
this.minimum = minimum;
this.maximum = maximum;
}
/** Returns the value of base field of the structure. */
public GeneralName getBase() {
return base;
}
/** Returns ASN.1 encoded form of this X.509 GeneralSubtree value. */
public byte[] getEncoded() {
if (encoding == null) {
encoding = ASN1.encode(this);
}
return encoding;
}
public void dumpValue(StringBuilder sb, String prefix) {
sb.append(prefix).append("General Subtree: [\n");
sb.append(prefix).append(" base: ").append(base).append('\n');
sb.append(prefix).append(" minimum: ").append(minimum).append('\n');
if (maximum >= 0) {
sb.append(prefix).append(" maximum: ").append(maximum).append('\n');
}
sb.append(prefix).append("]\n");
}
/** ASN.1 DER X.509 GeneralSubtree encoder/decoder class. */
public static final ASN1Sequence ASN1 =
new ASN1Sequence(
new ASN1Type[] {
GeneralName.ASN1,
new ASN1Implicit(0, ASN1Integer.getInstance()),
new ASN1Implicit(1, ASN1Integer.getInstance())
}) {
{
setDefault(new byte[] {0}, 1); // minimum 0
setOptional(2); // maximum optional
}
@Override
protected Object getDecodedObject(BerInputStream in) {
Object[] values = (Object[]) in.content;
int maximum = -1; // is optional maximum missing?
if (values[2] != null) {
maximum = ASN1Integer.toIntValue(values[2]); // no!
}
return new GeneralSubtree(
(GeneralName) values[0], ASN1Integer.toIntValue(values[1]), maximum);
}
@Override
protected void getValues(Object object, Object[] values) {
GeneralSubtree gs = (GeneralSubtree) object;
values[0] = gs.base;
values[1] = ASN1Integer.fromIntValue(gs.minimum);
if (gs.maximum > -1) {
values[2] = ASN1Integer.fromIntValue(gs.maximum);
}
}
};
}