001 /* 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, 013 * software distributed under the License is distributed on an 014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 015 * KIND, either express or implied. See the License for the 016 * specific language governing permissions and limitations 017 * under the License. 018 * 019 */ 020 package org.apache.directory.server.kerberos.shared.exceptions; 021 022 023 import java.util.Arrays; 024 import java.util.Collections; 025 import java.util.List; 026 027 028 /** 029 * A type-safe enumeration of Kerberos error types. 030 * 031 * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a> 032 * @version $Rev: 902319 $, $Date: 2010-01-23 01:17:50 +0100 (Sat, 23 Jan 2010) $ 033 */ 034 public final class ErrorType implements Comparable<ErrorType> 035 { 036 037 // TODO Add i18n. Don't no if these error messages are also a response to the client. 038 // If so shall they really be i18n? 039 040 /** 041 * No error. 042 */ 043 public static final ErrorType KDC_ERR_NONE = new ErrorType( 0, "No error" ); 044 045 /** 046 * Client's entry in database has expired. 047 */ 048 public static final ErrorType KDC_ERR_NAME_EXP = new ErrorType( 1, "Client's entry in database has expired" ); 049 050 /** 051 * Server's entry in database has expired. 052 */ 053 public static final ErrorType KDC_ERR_SERVICE_EXP = new ErrorType( 2, "Server's entry in database has expired" ); 054 055 /** 056 * Requested protocol version number not supported. 057 */ 058 public static final ErrorType KDC_ERR_BAD_PVNO = new ErrorType( 3, 059 "Requested protocol version number not supported" ); 060 061 /** 062 * Client's key encrypted in old master key. 063 */ 064 public static final ErrorType KDC_ERR_C_OLD_MAST_KVNO = new ErrorType( 4, 065 "Client's key encrypted in old master key" ); 066 067 /** 068 * Server's key encrypted in old master key. 069 */ 070 public static final ErrorType KDC_ERR_S_OLD_MAST_KVNO = new ErrorType( 5, 071 "Server's key encrypted in old master key" ); 072 073 /** 074 * Client not found in Kerberos database. 075 */ 076 public static final ErrorType KDC_ERR_C_PRINCIPAL_UNKNOWN = new ErrorType( 6, 077 "Client not found in Kerberos database" ); 078 079 /** 080 * Server not found in Kerberos database. 081 */ 082 public static final ErrorType KDC_ERR_S_PRINCIPAL_UNKNOWN = new ErrorType( 7, 083 "Server not found in Kerberos database" ); 084 085 /** 086 * Multiple principal entries in database. 087 */ 088 public static final ErrorType KDC_ERR_PRINCIPAL_NOT_UNIQUE = new ErrorType( 8, 089 "Multiple principal entries in database" ); 090 091 /** 092 * The client or server has a null key. 093 */ 094 public static final ErrorType KDC_ERR_NULL_KEY = new ErrorType( 9, "The client or server has a null key" ); 095 096 /** 097 * Ticket not eligible for postdating. 098 */ 099 public static final ErrorType KDC_ERR_CANNOT_POSTDATE = new ErrorType( 10, "Ticket not eligible for postdating" ); 100 101 /** 102 * Requested start time is later than end time. 103 */ 104 public static final ErrorType KDC_ERR_NEVER_VALID = new ErrorType( 11, 105 "Requested start time is later than end time" ); 106 107 /** 108 * KDC policy rejects request. 109 */ 110 public static final ErrorType KDC_ERR_POLICY = new ErrorType( 12, "KDC policy rejects request" ); 111 112 /** 113 * KDC cannot accommodate requested option. 114 */ 115 public static final ErrorType KDC_ERR_BADOPTION = new ErrorType( 13, "KDC cannot accommodate requested option" ); 116 117 /** 118 * KDC has no support for encryption type. 119 */ 120 public static final ErrorType KDC_ERR_ETYPE_NOSUPP = new ErrorType( 14, "KDC has no support for encryption type" ); 121 122 /** 123 * KDC has no support for checksum type. 124 */ 125 public static final ErrorType KDC_ERR_SUMTYPE_NOSUPP = new ErrorType( 15, "KDC has no support for checksum type" ); 126 127 /** 128 * KDC has no support for padata type. 129 */ 130 public static final ErrorType KDC_ERR_PADATA_TYPE_NOSUPP = new ErrorType( 16, "KDC has no support for padata type" ); 131 132 /** 133 * KDC has no support for transited type. 134 */ 135 public static final ErrorType KDC_ERR_TRTYPE_NOSUPP = new ErrorType( 17, "KDC has no support for transited type" ); 136 137 /** 138 * Clients credentials have been revoked. 139 */ 140 public static final ErrorType KDC_ERR_CLIENT_REVOKED = new ErrorType( 18, "Clients credentials have been revoked" ); 141 142 /** 143 * Credentials for server have been revoked. 144 */ 145 public static final ErrorType KDC_ERR_SERVICE_REVOKED = new ErrorType( 19, 146 "Credentials for server have been revoked" ); 147 148 /** 149 * TGT has been revoked. 150 */ 151 public static final ErrorType KDC_ERR_TGT_REVOKED = new ErrorType( 20, "TGT has been revoked" ); 152 153 /** 154 * Client not yet valid; try again later. 155 */ 156 public static final ErrorType KDC_ERR_CLIENT_NOTYET = new ErrorType( 21, "Client not yet valid; try again later" ); 157 158 /** 159 * Server not yet valid; try again later. 160 */ 161 public static final ErrorType KDC_ERR_SERVICE_NOTYET = new ErrorType( 22, "Server not yet valid; try again later" ); 162 163 /** 164 * Password has expired; change password to reset. 165 */ 166 public static final ErrorType KDC_ERR_KEY_EXPIRED = new ErrorType( 23, 167 "Password has expired; change password to reset" ); 168 169 /** 170 * Pre-authentication information was invalid. 171 */ 172 public static final ErrorType KDC_ERR_PREAUTH_FAILED = new ErrorType( 24, 173 "Pre-authentication information was invalid" ); 174 175 /** 176 * Additional pre-authentication required. 177 */ 178 public static final ErrorType KDC_ERR_PREAUTH_REQUIRED = new ErrorType( 25, 179 "Additional pre-authentication required" ); 180 181 /** 182 * Requested server and ticket don't match. 183 */ 184 public static final ErrorType KDC_ERR_SERVER_NOMATCH = new ErrorType( 26, "Requested server and ticket don't match" ); 185 186 /** 187 * Server valid for user2user only. 188 */ 189 public static final ErrorType KDC_ERR_MUST_USE_USER2USER = new ErrorType( 27, "Server valid for user2user only" ); 190 191 /** 192 * KDC Policy rejects transited path. 193 */ 194 public static final ErrorType KDC_ERR_PATH_NOT_ACCEPTED = new ErrorType( 28, "KDC Policy rejects transited path" ); 195 196 /** 197 * A service is not available. 198 */ 199 public static final ErrorType KDC_ERR_SVC_UNAVAILABLE = new ErrorType( 29, "A service is not available" ); 200 201 /** 202 * Integrity check on decrypted field failed. 203 */ 204 public static final ErrorType KRB_AP_ERR_BAD_INTEGRITY = new ErrorType( 31, 205 "Integrity check on decrypted field failed" ); 206 207 /** 208 * Ticket expired. 209 */ 210 public static final ErrorType KRB_AP_ERR_TKT_EXPIRED = new ErrorType( 32, "Ticket expired" ); 211 212 /** 213 * Ticket not yet valid. 214 */ 215 public static final ErrorType KRB_AP_ERR_TKT_NYV = new ErrorType( 33, "Ticket not yet valid" ); 216 217 /** 218 * Request is a replay. 219 */ 220 public static final ErrorType KRB_AP_ERR_REPEAT = new ErrorType( 34, "Request is a replay" ); 221 222 /** 223 * The ticket isn't for us. 224 */ 225 public static final ErrorType KRB_AP_ERR_NOT_US = new ErrorType( 35, "The ticket isn't for us" ); 226 227 /** 228 * Ticket and authenticator don't match. 229 */ 230 public static final ErrorType KRB_AP_ERR_BADMATCH = new ErrorType( 36, "Ticket and authenticator don't match" ); 231 232 /** 233 * Clock skew too great. 234 */ 235 public static final ErrorType KRB_AP_ERR_SKEW = new ErrorType( 37, "Clock skew too great" ); 236 237 /** 238 * Incorrect net address. 239 */ 240 public static final ErrorType KRB_AP_ERR_BADADDR = new ErrorType( 38, "Incorrect net address" ); 241 242 /** 243 * Protocol version mismatch. 244 */ 245 public static final ErrorType KRB_AP_ERR_BADVERSION = new ErrorType( 39, "Protocol version mismatch" ); 246 247 /** 248 * Invalid msg type. 249 */ 250 public static final ErrorType KRB_AP_ERR_MSG_TYPE = new ErrorType( 40, "Invalid msg type" ); 251 252 /** 253 * Message stream modified. 254 */ 255 public static final ErrorType KRB_AP_ERR_MODIFIED = new ErrorType( 41, "Message stream modified" ); 256 257 /** 258 * Message out of order. 259 */ 260 public static final ErrorType KRB_AP_ERR_BADORDER = new ErrorType( 42, "Message out of order" ); 261 262 /** 263 * Specified version of key is not available. 264 */ 265 public static final ErrorType KRB_AP_ERR_BADKEYVER = new ErrorType( 44, "Specified version of key is not available" ); 266 267 /** 268 * Service key not available. 269 */ 270 public static final ErrorType KRB_AP_ERR_NOKEY = new ErrorType( 45, "Service key not available" ); 271 272 /** 273 * Mutual authentication failed. 274 */ 275 public static final ErrorType KRB_AP_ERR_MUT_FAIL = new ErrorType( 46, "Mutual authentication failed" ); 276 277 /** 278 * Incorrect message direction. 279 */ 280 public static final ErrorType KRB_AP_ERR_BADDIRECTION = new ErrorType( 47, "Incorrect message direction" ); 281 282 /** 283 * Alternative authentication method required. 284 */ 285 public static final ErrorType KRB_AP_ERR_METHOD = new ErrorType( 48, "Alternative authentication method required" ); 286 287 /** 288 * Incorrect sequence number in message. 289 */ 290 public static final ErrorType KRB_AP_ERR_BADSEQ = new ErrorType( 49, "Incorrect sequence number in message" ); 291 292 /** 293 * Inappropriate type of checksum in message. 294 */ 295 public static final ErrorType KRB_AP_ERR_INAPP_CKSUM = new ErrorType( 50, 296 "Inappropriate type of checksum in message" ); 297 298 /** 299 * Policy rejects transited path. 300 */ 301 public static final ErrorType KRB_AP_PATH_NOT_ACCEPTED = new ErrorType( 51, "Policy rejects transited path" ); 302 303 /** 304 * Response too big for UDP; retry with TCP. 305 */ 306 public static final ErrorType KRB_ERR_RESPONSE_TOO_BIG = new ErrorType( 52, 307 "Response too big for UDP; retry with TCP" ); 308 309 /** 310 * Generic error (description in e-text). 311 */ 312 public static final ErrorType KRB_ERR_GENERIC = new ErrorType( 60, "Generic error (description in e-text)" ); 313 314 /** 315 * Field is too long for this implementation. 316 */ 317 public static final ErrorType KRB_ERR_FIELD_TOOLONG = new ErrorType( 61, 318 "Field is too long for this implementation" ); 319 320 /** 321 * Client is not trusted. 322 */ 323 public static final ErrorType KDC_ERR_CLIENT_NOT_TRUSTED = new ErrorType( 62, "Client is not trusted" ); 324 325 /** 326 * KDC is not trusted. 327 */ 328 public static final ErrorType KRB_ERR_KDC_NOT_TRUSTED = new ErrorType( 63, "KDC is not trusted" ); 329 330 /** 331 * Signature is invalid. 332 */ 333 public static final ErrorType KDC_ERR_INVALID_SIG = new ErrorType( 64, "Signature is invalid" ); 334 335 /** 336 * Diffie-Hellman (DH) key parameters not accepted. 337 */ 338 public static final ErrorType KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED = new ErrorType( 65, 339 "Diffie-Hellman (DH) key parameters not accepted." ); 340 341 /** 342 * Certificates do not match. 343 */ 344 public static final ErrorType KRB_ERR_CERTIFICATE_MISMATCH = new ErrorType( 66, "Certificates do not match" ); 345 346 /** 347 * No TGT available to validate USER-TO-USER. 348 */ 349 public static final ErrorType KRB_AP_ERR_NO_TGT = new ErrorType( 67, "No TGT available to validate USER-TO-USER" ); 350 351 /** 352 * Wrong realm. 353 */ 354 public static final ErrorType KRB_ERR_WRONG_REALM = new ErrorType( 68, "Wrong realm" ); 355 356 /** 357 * Ticket must be for USER-TO-USER. 358 */ 359 public static final ErrorType KRB_AP_ERR_USER_TO_USER_REQUIRED = new ErrorType( 69, 360 "Ticket must be for USER-TO-USER" ); 361 362 /** 363 * Can't verify certificate. 364 */ 365 public static final ErrorType KDC_ERR_CANT_VERIFY_CERTIFICATE = new ErrorType( 70, "Can't verify certificate" ); 366 367 /** 368 * Invalid certificate. 369 */ 370 public static final ErrorType KDC_ERR_INVALID_CERTIFICATE = new ErrorType( 71, "Invalid certificate" ); 371 372 /** 373 * Revoked certificate. 374 */ 375 public static final ErrorType KDC_ERR_REVOKED_CERTIFICATE = new ErrorType( 72, "Revoked certificate" ); 376 377 /** 378 * Revocation status unknown. 379 */ 380 public static final ErrorType KDC_ERR_REVOCATION_STATUS_UNKNOWN = new ErrorType( 73, "Revocation status unknown" ); 381 382 /** 383 * Revocation status unavailable. 384 */ 385 public static final ErrorType KRB_ERR_REVOCATION_STATUS_UNAVAILABLE = new ErrorType( 74, 386 "Revocation status unavailable" ); 387 388 /** 389 * Client names do not match. 390 */ 391 public static final ErrorType KDC_ERR_CLIENT_NAME_MISMATCH = new ErrorType( 75, "Client names do not match" ); 392 393 /** 394 * KDC names do not match. 395 */ 396 public static final ErrorType KRB_ERR_KDC_NAME_MISMATCH = new ErrorType( 76, "KDC names do not match" ); 397 398 /** 399 * Inconsistent key purpose. 400 */ 401 public static final ErrorType KDC_ERR_INCONSISTENT_KEY_PURPOSE = new ErrorType( 77, "Inconsistent key purpose" ); 402 403 /** 404 * Digest in certificate not accepted. 405 */ 406 public static final ErrorType KDC_ERR_DIGEST_IN_CERT_NOT_ACCEPTED = new ErrorType( 78, 407 "Digest in certificate not accepted" ); 408 409 /** 410 * PA checksum must be included. 411 */ 412 public static final ErrorType KDC_ERR_PA_CHECKSUM_MUST_BE_INCLUDED = new ErrorType( 79, 413 "PA checksum must be included" ); 414 415 /** 416 * Digest in signed data not accepted. 417 */ 418 public static final ErrorType KDC_ERR_DIGEST_IN_SIGNED_DATA_NOT_ACCEPTED = new ErrorType( 80, 419 "Digest in signed data not accepted" ); 420 421 /** 422 * Public key encryption not supported. 423 */ 424 public static final ErrorType KDC_ERR_PUBLIC_KEY_ENCRYPTION_NOT_SUPPORTED = new ErrorType( 81, 425 "Public key encryption not supported" ); 426 427 /** 428 * Array for building a List of VALUES. 429 */ 430 private static final ErrorType[] values = 431 { KDC_ERR_NONE, KDC_ERR_NAME_EXP, KDC_ERR_SERVICE_EXP, KDC_ERR_BAD_PVNO, KDC_ERR_C_OLD_MAST_KVNO, 432 KDC_ERR_S_OLD_MAST_KVNO, KDC_ERR_C_PRINCIPAL_UNKNOWN, KDC_ERR_S_PRINCIPAL_UNKNOWN, 433 KDC_ERR_PRINCIPAL_NOT_UNIQUE, KDC_ERR_NULL_KEY, KDC_ERR_CANNOT_POSTDATE, KDC_ERR_NEVER_VALID, 434 KDC_ERR_POLICY, KDC_ERR_BADOPTION, KDC_ERR_ETYPE_NOSUPP, KDC_ERR_SUMTYPE_NOSUPP, 435 KDC_ERR_PADATA_TYPE_NOSUPP, KDC_ERR_TRTYPE_NOSUPP, KDC_ERR_CLIENT_REVOKED, KDC_ERR_SERVICE_REVOKED, 436 KDC_ERR_TGT_REVOKED, KDC_ERR_CLIENT_NOTYET, KDC_ERR_SERVICE_NOTYET, KDC_ERR_KEY_EXPIRED, 437 KDC_ERR_PREAUTH_FAILED, KDC_ERR_PREAUTH_REQUIRED, KDC_ERR_SERVER_NOMATCH, KDC_ERR_MUST_USE_USER2USER, 438 KDC_ERR_PATH_NOT_ACCEPTED, KDC_ERR_SVC_UNAVAILABLE, KRB_AP_ERR_BAD_INTEGRITY, KRB_AP_ERR_TKT_EXPIRED, 439 KRB_AP_ERR_TKT_NYV, KRB_AP_ERR_REPEAT, KRB_AP_ERR_NOT_US, KRB_AP_ERR_BADMATCH, KRB_AP_ERR_SKEW, 440 KRB_AP_ERR_BADADDR, KRB_AP_ERR_BADVERSION, KRB_AP_ERR_MSG_TYPE, KRB_AP_ERR_MODIFIED, KRB_AP_ERR_BADORDER, 441 KRB_AP_ERR_BADKEYVER, KRB_AP_ERR_NOKEY, KRB_AP_ERR_MUT_FAIL, KRB_AP_ERR_BADDIRECTION, KRB_AP_ERR_METHOD, 442 KRB_AP_ERR_BADSEQ, KRB_AP_ERR_INAPP_CKSUM, KRB_AP_PATH_NOT_ACCEPTED, KRB_ERR_RESPONSE_TOO_BIG, 443 KRB_ERR_GENERIC, KRB_ERR_FIELD_TOOLONG, KDC_ERR_CLIENT_NOT_TRUSTED, KRB_ERR_KDC_NOT_TRUSTED, 444 KDC_ERR_INVALID_SIG, KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED, KRB_ERR_CERTIFICATE_MISMATCH, 445 KRB_AP_ERR_NO_TGT, KRB_ERR_WRONG_REALM, KRB_AP_ERR_USER_TO_USER_REQUIRED, KDC_ERR_CANT_VERIFY_CERTIFICATE, 446 KDC_ERR_INVALID_CERTIFICATE, KDC_ERR_REVOKED_CERTIFICATE, KDC_ERR_REVOCATION_STATUS_UNKNOWN, 447 KRB_ERR_REVOCATION_STATUS_UNAVAILABLE, KDC_ERR_CLIENT_NAME_MISMATCH, KRB_ERR_KDC_NAME_MISMATCH, 448 KDC_ERR_INCONSISTENT_KEY_PURPOSE, KDC_ERR_DIGEST_IN_CERT_NOT_ACCEPTED, 449 KDC_ERR_PA_CHECKSUM_MUST_BE_INCLUDED, KDC_ERR_DIGEST_IN_SIGNED_DATA_NOT_ACCEPTED, 450 KDC_ERR_PUBLIC_KEY_ENCRYPTION_NOT_SUPPORTED }; 451 452 /** 453 * A List of all the error type constants. 454 */ 455 public static final List<ErrorType> VALUES = Collections.unmodifiableList( Arrays.asList( values ) ); 456 457 /** 458 * The name of the error type. 459 */ 460 private final String name; 461 462 /** 463 * The value/code for the error type. 464 */ 465 private final int ordinal; 466 467 468 /** 469 * Private constructor prevents construction outside of this class. 470 */ 471 private ErrorType( int ordinal, String name ) 472 { 473 this.ordinal = ordinal; 474 this.name = name; 475 } 476 477 478 /** 479 * Returns the message for this Kerberos error. 480 * 481 * @return the message for this Kerberos error. 482 */ 483 public String getMessage() 484 { 485 return name; 486 } 487 488 489 /** 490 * Returns the message for this Kerberos error. 491 * 492 * @return the message for this Kerberos error. 493 */ 494 public String toString() 495 { 496 return name; 497 } 498 499 500 /** 501 * Compares this type to another object hopefully one that is of the same 502 * type. 503 * 504 * @param that the object to compare this KerberosError to 505 * @return ordinal - ( ( KerberosError ) that ).ordinal; 506 */ 507 public int compareTo( ErrorType that ) 508 { 509 return ordinal - that.ordinal; 510 } 511 512 513 /** 514 * Gets the ordinal by its ordinal value. 515 * 516 * @param ordinal the ordinal value of the ordinal 517 * @return the type corresponding to the ordinal value 518 */ 519 public static ErrorType getTypeByOrdinal( int ordinal ) 520 { 521 for ( int ii = 0; ii < values.length; ii++ ) 522 { 523 if ( values[ii].ordinal == ordinal ) 524 { 525 return values[ii]; 526 } 527 } 528 529 return KRB_ERR_GENERIC; 530 } 531 532 533 /** 534 * Gets the ordinal value associated with this Kerberos error. 535 * 536 * @return the ordinal value associated with this Kerberos error 537 */ 538 public int getOrdinal() 539 { 540 return ordinal; 541 } 542 }