001 /* 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, 013 * software distributed under the License is distributed on an 014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 015 * KIND, either express or implied. See the License for the 016 * specific language governing permissions and limitations 017 * under the License. 018 * 019 */ 020 package org.apache.directory.server.kerberos.shared.crypto.encryption; 021 022 023 import java.security.NoSuchAlgorithmException; 024 import java.util.Collections; 025 import java.util.HashMap; 026 import java.util.Iterator; 027 import java.util.Map; 028 import java.util.Set; 029 030 import javax.crypto.KeyGenerator; 031 import javax.crypto.SecretKey; 032 033 import org.apache.directory.server.i18n.I18n; 034 import org.apache.directory.server.kerberos.shared.exceptions.ErrorType; 035 import org.apache.directory.server.kerberos.shared.exceptions.KerberosException; 036 import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey; 037 038 039 /** 040 * A factory class for producing random keys, suitable for use as session keys. For a 041 * list of desired cipher types, Kerberos random-to-key functions are used to derive 042 * keys for DES-, DES3-, AES-, and RC4-based encryption types. 043 * 044 * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a> 045 * @version $Rev$, $Date$ 046 */ 047 public class RandomKeyFactory 048 { 049 /** A map of default encryption types mapped to cipher names. */ 050 private static final Map<EncryptionType, String> DEFAULT_CIPHERS; 051 052 static 053 { 054 Map<EncryptionType, String> map = new HashMap<EncryptionType, String>(); 055 056 map.put( EncryptionType.DES_CBC_MD5, "DES" ); 057 map.put( EncryptionType.DES3_CBC_SHA1_KD, "DESede" ); 058 map.put( EncryptionType.RC4_HMAC, "RC4" ); 059 map.put( EncryptionType.AES128_CTS_HMAC_SHA1_96, "AES" ); 060 map.put( EncryptionType.AES256_CTS_HMAC_SHA1_96, "AES" ); 061 062 DEFAULT_CIPHERS = Collections.unmodifiableMap( map ); 063 } 064 065 066 /** 067 * Get a map of random keys. The default set of encryption types is used. 068 * 069 * @return The map of random keys. 070 * @throws KerberosException 071 */ 072 public static Map<EncryptionType, EncryptionKey> getRandomKeys() throws KerberosException 073 { 074 return getRandomKeys( DEFAULT_CIPHERS.keySet() ); 075 } 076 077 078 /** 079 * Get a map of random keys for a list of cipher types to derive keys for. 080 * 081 * @param ciphers The list of ciphers to derive keys for. 082 * @return The list of KerberosKey's. 083 * @throws KerberosException 084 */ 085 public static Map<EncryptionType, EncryptionKey> getRandomKeys( Set<EncryptionType> ciphers ) 086 throws KerberosException 087 { 088 Map<EncryptionType, EncryptionKey> map = new HashMap<EncryptionType, EncryptionKey>(); 089 090 Iterator<EncryptionType> it = ciphers.iterator(); 091 while ( it.hasNext() ) 092 { 093 EncryptionType type = it.next(); 094 map.put( type, getRandomKey( type ) ); 095 } 096 097 return map; 098 } 099 100 101 /** 102 * Get a new random key for a given {@link EncryptionType}. 103 * 104 * @param encryptionType 105 * 106 * @return The new random key. 107 * @throws KerberosException 108 */ 109 public static EncryptionKey getRandomKey( EncryptionType encryptionType ) throws KerberosException 110 { 111 String algorithm = DEFAULT_CIPHERS.get( encryptionType ); 112 113 if ( algorithm == null ) 114 { 115 throw new KerberosException( ErrorType.KDC_ERR_ETYPE_NOSUPP, I18n.err( I18n.ERR_616, encryptionType.getName() ) ); 116 } 117 118 try 119 { 120 KeyGenerator keyGenerator = KeyGenerator.getInstance( algorithm ); 121 122 if ( encryptionType.equals( EncryptionType.AES128_CTS_HMAC_SHA1_96 ) ) 123 { 124 keyGenerator.init( 128 ); 125 } 126 127 if ( encryptionType.equals( EncryptionType.AES256_CTS_HMAC_SHA1_96 ) ) 128 { 129 keyGenerator.init( 256 ); 130 } 131 132 SecretKey key = keyGenerator.generateKey(); 133 134 byte[] keyBytes = key.getEncoded(); 135 136 return new EncryptionKey( encryptionType, keyBytes ); 137 } 138 catch ( NoSuchAlgorithmException nsae ) 139 { 140 throw new KerberosException( ErrorType.KDC_ERR_ETYPE_NOSUPP, nsae ); 141 } 142 } 143 }