View Javadoc

1   /*
2    *  Licensed to the Apache Software Foundation (ASF) under one
3    *  or more contributor license agreements.  See the NOTICE file
4    *  distributed with this work for additional information
5    *  regarding copyright ownership.  The ASF licenses this file
6    *  to you under the Apache License, Version 2.0 (the
7    *  "License"); you may not use this file except in compliance
8    *  with the License.  You may obtain a copy of the License at
9    *  
10   *    http://www.apache.org/licenses/LICENSE-2.0
11   *  
12   *  Unless required by applicable law or agreed to in writing,
13   *  software distributed under the License is distributed on an
14   *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   *  KIND, either express or implied.  See the License for the
16   *  specific language governing permissions and limitations
17   *  under the License. 
18   *  
19   */
20  package org.apache.directory.server.kerberos.shared.crypto.encryption;
21  
22  
23  import java.util.Arrays;
24  import java.util.Collections;
25  import java.util.List;
26  
27  
28  /**
29   * From RFC 4120, "The Kerberos Network Authentication Service (V5)":
30   * 
31   * 7.5.1.  Key Usage Numbers
32   * 
33   * The encryption and checksum specifications in [RFC3961] require as
34   * input a "key usage number", to alter the encryption key used in any
35   * specific message in order to make certain types of cryptographic
36   * attack more difficult.  These are the key usage values assigned in
37   * [RFC 4120]:
38   * 
39   * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
40   * @version $Rev$, $Date$
41   */
42  public final class KeyUsage implements Comparable<KeyUsage>
43  {
44      /**
45       * AS-REQ PA-ENC-TIMESTAMP padata timestamp, encrypted with the client key (Section 5.2.7.2)
46       */
47      public static final KeyUsage NUMBER1 = new KeyUsage( 1,
48          "AS-REQ PA-ENC-TIMESTAMP padata timestamp, encrypted with the client key" );
49  
50      /**
51       * AS-REP Ticket and TGS-REP Ticket (includes TGS session key or application session key), encrypted with the service key (Section 5.3)
52       */
53      public static final KeyUsage NUMBER2 = new KeyUsage(
54          2,
55          "AS-REP Ticket and TGS-REP Ticket (includes TGS session key or application session key), encrypted with the service key" );
56  
57      /**
58       * AS-REP encrypted part (includes TGS session key or application session key), encrypted with the client key (Section 5.4.2)
59       */
60      public static final KeyUsage NUMBER3 = new KeyUsage( 3,
61          "AS-REP encrypted part (includes TGS session key or application session key), encrypted with the client key" );
62  
63      /**
64       * TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the TGS session key (Section 5.4.1)
65       */
66      public static final KeyUsage NUMBER4 = new KeyUsage( 4,
67          "TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the TGS session key" );
68  
69      /**
70       * TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the TGS authenticator subkey (Section 5.4.1)
71       */
72      public static final KeyUsage NUMBER5 = new KeyUsage( 5,
73          "TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the TGS authenticator subkey" );
74  
75      /**
76       * TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator cksum, keyed with the TGS session key (Section 5.5.1)
77       */
78      public static final KeyUsage NUMBER6 = new KeyUsage( 6,
79          "TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator cksum, keyed with the TGS session key" );
80  
81      /**
82       * TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator (includes TGS authenticator subkey), encrypted with the TGS session key (Section 5.5.1)
83       */
84      public static final KeyUsage NUMBER7 = new KeyUsage(
85          7,
86          "TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator (includes TGS authenticator subkey), encrypted with the TGS session key" );
87  
88      /**
89       * TGS-REP encrypted part (includes application session key), encrypted with the TGS session key (Section 5.4.2)
90       */
91      public static final KeyUsage NUMBER8 = new KeyUsage( 8,
92          "TGS-REP encrypted part (includes application session key), encrypted with the TGS session key" );
93  
94      /**
95       * TGS-REP encrypted part (includes application session key), encrypted with the TGS authenticator subkey (Section 5.4.2)
96       */
97      public static final KeyUsage NUMBER9 = new KeyUsage( 9,
98          "TGS-REP encrypted part (includes application session key), encrypted with the TGS authenticator subkey" );
99  
100     /**
101      * AP-REQ Authenticator cksum, keyed with the application session key (Section 5.5.1)
102      */
103     public static final KeyUsage NUMBER10 = new KeyUsage( 10,
104         "AP-REQ Authenticator cksum, keyed with the application session key" );
105 
106     /**
107      * AP-REQ Authenticator (includes application authenticator subkey), encrypted with the application session key (Section 5.5.1)
108      */
109     public static final KeyUsage NUMBER11 = new KeyUsage( 11,
110         "AP-REQ Authenticator (includes application authenticator subkey), encrypted with the application session key" );
111 
112     /**
113      * AP-REP encrypted part (includes application session subkey), encrypted with the application session key (Section 5.5.2)
114      */
115     public static final KeyUsage NUMBER12 = new KeyUsage( 12,
116         "AP-REP encrypted part (includes application session subkey), encrypted with the application session key" );
117 
118     /**
119      * KRB-PRIV encrypted part, encrypted with a key chosen by the application (Section 5.7.1)
120      */
121     public static final KeyUsage NUMBER13 = new KeyUsage( 13,
122         "KRB-PRIV encrypted part, encrypted with a key chosen by the application" );
123 
124     /**
125      * These two lines are all that's necessary to export a List of VALUES.
126      */
127     private static final KeyUsage[] values =
128         { NUMBER1, NUMBER2, NUMBER3, NUMBER4, NUMBER5, NUMBER6, NUMBER7, NUMBER8, NUMBER9, NUMBER10, NUMBER11,
129             NUMBER12, NUMBER13 };
130 
131     /**
132      * VALUES needs to be located here, otherwise illegal forward reference.
133      */
134     public static final List<KeyUsage> VALUES = Collections.unmodifiableList( Arrays.asList( values ) );
135 
136     private final int ordinal;
137     private final String name;
138 
139 
140     /**
141      * Private constructor prevents construction outside of this class.
142      */
143     private KeyUsage( int ordinal, String name )
144     {
145         this.ordinal = ordinal;
146         this.name = name;
147     }
148 
149 
150     /**
151      * Returns the key usage number type when specified by its ordinal.
152      *
153      * @param type
154      * @return The key usage number type.
155      */
156     public static KeyUsage getTypeByOrdinal( int type )
157     {
158         for ( int ii = 0; ii < values.length; ii++ )
159         {
160             if ( values[ii].ordinal == type )
161             {
162                 return values[ii];
163             }
164         }
165 
166         return NUMBER1;
167     }
168 
169 
170     /**
171      * Returns the number associated with this key usage number.
172      *
173      * @return The key usage number
174      */
175     public int getOrdinal()
176     {
177         return ordinal;
178     }
179 
180 
181     public int compareTo( KeyUsage that )
182     {
183         return ordinal - that.ordinal;
184     }
185 
186 
187     public String toString()
188     {
189         return name + " (" + ordinal + ")";
190     }
191 }