001    /*
002     *  Licensed to the Apache Software Foundation (ASF) under one
003     *  or more contributor license agreements.  See the NOTICE file
004     *  distributed with this work for additional information
005     *  regarding copyright ownership.  The ASF licenses this file
006     *  to you under the Apache License, Version 2.0 (the
007     *  "License"); you may not use this file except in compliance
008     *  with the License.  You may obtain a copy of the License at
009     *  
010     *    http://www.apache.org/licenses/LICENSE-2.0
011     *  
012     *  Unless required by applicable law or agreed to in writing,
013     *  software distributed under the License is distributed on an
014     *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015     *  KIND, either express or implied.  See the License for the
016     *  specific language governing permissions and limitations
017     *  under the License. 
018     *  
019     */
020    package org.apache.directory.server.kerberos.shared.exceptions;
021    
022    
023    import java.util.Arrays;
024    import java.util.Collections;
025    import java.util.List;
026    
027    
028    /**
029     * A type-safe enumeration of Kerberos error types.
030     *
031     * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
032     * @version $Rev: 902319 $, $Date: 2010-01-23 01:17:50 +0100 (Sat, 23 Jan 2010) $
033     */
034    public final class ErrorType implements Comparable<ErrorType>
035    {
036     
037        // TODO Add i18n. Don't no if these error messages are also a response to the client.
038        // If so shall they really be i18n?
039        
040        /**
041         * No error.
042         */
043        public static final ErrorType KDC_ERR_NONE = new ErrorType( 0, "No error" );
044    
045        /**
046         * Client's entry in database has expired.
047         */
048        public static final ErrorType KDC_ERR_NAME_EXP = new ErrorType( 1, "Client's entry in database has expired" );
049    
050        /**
051         * Server's entry in database has expired.
052         */
053        public static final ErrorType KDC_ERR_SERVICE_EXP = new ErrorType( 2, "Server's entry in database has expired" );
054    
055        /**
056         * Requested protocol version number not supported.
057         */
058        public static final ErrorType KDC_ERR_BAD_PVNO = new ErrorType( 3,
059            "Requested protocol version number not supported" );
060    
061        /**
062         * Client's key encrypted in old master key.
063         */
064        public static final ErrorType KDC_ERR_C_OLD_MAST_KVNO = new ErrorType( 4,
065            "Client's key encrypted in old master key" );
066    
067        /**
068         * Server's key encrypted in old master key.
069         */
070        public static final ErrorType KDC_ERR_S_OLD_MAST_KVNO = new ErrorType( 5,
071            "Server's key encrypted in old master key" );
072    
073        /**
074         * Client not found in Kerberos database.
075         */
076        public static final ErrorType KDC_ERR_C_PRINCIPAL_UNKNOWN = new ErrorType( 6,
077            "Client not found in Kerberos database" );
078    
079        /**
080         * Server not found in Kerberos database.
081         */
082        public static final ErrorType KDC_ERR_S_PRINCIPAL_UNKNOWN = new ErrorType( 7,
083            "Server not found in Kerberos database" );
084    
085        /**
086         * Multiple principal entries in database.
087         */
088        public static final ErrorType KDC_ERR_PRINCIPAL_NOT_UNIQUE = new ErrorType( 8,
089            "Multiple principal entries in database" );
090    
091        /**
092         * The client or server has a null key.
093         */
094        public static final ErrorType KDC_ERR_NULL_KEY = new ErrorType( 9, "The client or server has a null key" );
095    
096        /**
097         * Ticket not eligible for postdating.
098         */
099        public static final ErrorType KDC_ERR_CANNOT_POSTDATE = new ErrorType( 10, "Ticket not eligible for postdating" );
100    
101        /**
102         * Requested start time is later than end time.
103         */
104        public static final ErrorType KDC_ERR_NEVER_VALID = new ErrorType( 11,
105            "Requested start time is later than end time" );
106    
107        /**
108         * KDC policy rejects request.
109         */
110        public static final ErrorType KDC_ERR_POLICY = new ErrorType( 12, "KDC policy rejects request" );
111    
112        /**
113         * KDC cannot accommodate requested option.
114         */
115        public static final ErrorType KDC_ERR_BADOPTION = new ErrorType( 13, "KDC cannot accommodate requested option" );
116    
117        /**
118         * KDC has no support for encryption type.
119         */
120        public static final ErrorType KDC_ERR_ETYPE_NOSUPP = new ErrorType( 14, "KDC has no support for encryption type" );
121    
122        /**
123         * KDC has no support for checksum type.
124         */
125        public static final ErrorType KDC_ERR_SUMTYPE_NOSUPP = new ErrorType( 15, "KDC has no support for checksum type" );
126    
127        /**
128         * KDC has no support for padata type.
129         */
130        public static final ErrorType KDC_ERR_PADATA_TYPE_NOSUPP = new ErrorType( 16, "KDC has no support for padata type" );
131    
132        /**
133         * KDC has no support for transited type.
134         */
135        public static final ErrorType KDC_ERR_TRTYPE_NOSUPP = new ErrorType( 17, "KDC has no support for transited type" );
136    
137        /**
138         * Clients credentials have been revoked.
139         */
140        public static final ErrorType KDC_ERR_CLIENT_REVOKED = new ErrorType( 18, "Clients credentials have been revoked" );
141    
142        /**
143         * Credentials for server have been revoked.
144         */
145        public static final ErrorType KDC_ERR_SERVICE_REVOKED = new ErrorType( 19,
146            "Credentials for server have been revoked" );
147    
148        /**
149         * TGT has been revoked.
150         */
151        public static final ErrorType KDC_ERR_TGT_REVOKED = new ErrorType( 20, "TGT has been revoked" );
152    
153        /**
154         * Client not yet valid; try again later.
155         */
156        public static final ErrorType KDC_ERR_CLIENT_NOTYET = new ErrorType( 21, "Client not yet valid; try again later" );
157    
158        /**
159         * Server not yet valid; try again later.
160         */
161        public static final ErrorType KDC_ERR_SERVICE_NOTYET = new ErrorType( 22, "Server not yet valid; try again later" );
162    
163        /**
164         * Password has expired; change password to reset.
165         */
166        public static final ErrorType KDC_ERR_KEY_EXPIRED = new ErrorType( 23,
167            "Password has expired; change password to reset" );
168    
169        /**
170         * Pre-authentication information was invalid.
171         */
172        public static final ErrorType KDC_ERR_PREAUTH_FAILED = new ErrorType( 24,
173            "Pre-authentication information was invalid" );
174    
175        /**
176         * Additional pre-authentication required.
177         */
178        public static final ErrorType KDC_ERR_PREAUTH_REQUIRED = new ErrorType( 25,
179            "Additional pre-authentication required" );
180    
181        /**
182         * Requested server and ticket don't match.
183         */
184        public static final ErrorType KDC_ERR_SERVER_NOMATCH = new ErrorType( 26, "Requested server and ticket don't match" );
185    
186        /**
187         * Server valid for user2user only.
188         */
189        public static final ErrorType KDC_ERR_MUST_USE_USER2USER = new ErrorType( 27, "Server valid for user2user only" );
190    
191        /**
192         * KDC Policy rejects transited path.
193         */
194        public static final ErrorType KDC_ERR_PATH_NOT_ACCEPTED = new ErrorType( 28, "KDC Policy rejects transited path" );
195    
196        /**
197         * A service is not available.
198         */
199        public static final ErrorType KDC_ERR_SVC_UNAVAILABLE = new ErrorType( 29, "A service is not available" );
200    
201        /**
202         * Integrity check on decrypted field failed.
203         */
204        public static final ErrorType KRB_AP_ERR_BAD_INTEGRITY = new ErrorType( 31,
205            "Integrity check on decrypted field failed" );
206    
207        /**
208         * Ticket expired.
209         */
210        public static final ErrorType KRB_AP_ERR_TKT_EXPIRED = new ErrorType( 32, "Ticket expired" );
211    
212        /**
213         * Ticket not yet valid.
214         */
215        public static final ErrorType KRB_AP_ERR_TKT_NYV = new ErrorType( 33, "Ticket not yet valid" );
216    
217        /**
218         * Request is a replay.
219         */
220        public static final ErrorType KRB_AP_ERR_REPEAT = new ErrorType( 34, "Request is a replay" );
221    
222        /**
223         * The ticket isn't for us.
224         */
225        public static final ErrorType KRB_AP_ERR_NOT_US = new ErrorType( 35, "The ticket isn't for us" );
226    
227        /**
228         * Ticket and authenticator don't match.
229         */
230        public static final ErrorType KRB_AP_ERR_BADMATCH = new ErrorType( 36, "Ticket and authenticator don't match" );
231    
232        /**
233         * Clock skew too great.
234         */
235        public static final ErrorType KRB_AP_ERR_SKEW = new ErrorType( 37, "Clock skew too great" );
236    
237        /**
238         * Incorrect net address.
239         */
240        public static final ErrorType KRB_AP_ERR_BADADDR = new ErrorType( 38, "Incorrect net address" );
241    
242        /**
243         * Protocol version mismatch.
244         */
245        public static final ErrorType KRB_AP_ERR_BADVERSION = new ErrorType( 39, "Protocol version mismatch" );
246    
247        /**
248         * Invalid msg type.
249         */
250        public static final ErrorType KRB_AP_ERR_MSG_TYPE = new ErrorType( 40, "Invalid msg type" );
251    
252        /**
253         * Message stream modified.
254         */
255        public static final ErrorType KRB_AP_ERR_MODIFIED = new ErrorType( 41, "Message stream modified" );
256    
257        /**
258         * Message out of order.
259         */
260        public static final ErrorType KRB_AP_ERR_BADORDER = new ErrorType( 42, "Message out of order" );
261    
262        /**
263         * Specified version of key is not available.
264         */
265        public static final ErrorType KRB_AP_ERR_BADKEYVER = new ErrorType( 44, "Specified version of key is not available" );
266    
267        /**
268         * Service key not available.
269         */
270        public static final ErrorType KRB_AP_ERR_NOKEY = new ErrorType( 45, "Service key not available" );
271    
272        /**
273         * Mutual authentication failed.
274         */
275        public static final ErrorType KRB_AP_ERR_MUT_FAIL = new ErrorType( 46, "Mutual authentication failed" );
276    
277        /**
278         * Incorrect message direction.
279         */
280        public static final ErrorType KRB_AP_ERR_BADDIRECTION = new ErrorType( 47, "Incorrect message direction" );
281    
282        /**
283         * Alternative authentication method required.
284         */
285        public static final ErrorType KRB_AP_ERR_METHOD = new ErrorType( 48, "Alternative authentication method required" );
286    
287        /**
288         * Incorrect sequence number in message.
289         */
290        public static final ErrorType KRB_AP_ERR_BADSEQ = new ErrorType( 49, "Incorrect sequence number in message" );
291    
292        /**
293         * Inappropriate type of checksum in message.
294         */
295        public static final ErrorType KRB_AP_ERR_INAPP_CKSUM = new ErrorType( 50,
296            "Inappropriate type of checksum in message" );
297    
298        /**
299         * Policy rejects transited path.
300         */
301        public static final ErrorType KRB_AP_PATH_NOT_ACCEPTED = new ErrorType( 51, "Policy rejects transited path" );
302    
303        /**
304         * Response too big for UDP; retry with TCP.
305         */
306        public static final ErrorType KRB_ERR_RESPONSE_TOO_BIG = new ErrorType( 52,
307            "Response too big for UDP; retry with TCP" );
308    
309        /**
310         * Generic error (description in e-text).
311         */
312        public static final ErrorType KRB_ERR_GENERIC = new ErrorType( 60, "Generic error (description in e-text)" );
313    
314        /**
315         * Field is too long for this implementation.
316         */
317        public static final ErrorType KRB_ERR_FIELD_TOOLONG = new ErrorType( 61,
318            "Field is too long for this implementation" );
319    
320        /**
321         * Client is not trusted.
322         */
323        public static final ErrorType KDC_ERR_CLIENT_NOT_TRUSTED = new ErrorType( 62, "Client is not trusted" );
324    
325        /**
326         * KDC is not trusted.
327         */
328        public static final ErrorType KRB_ERR_KDC_NOT_TRUSTED = new ErrorType( 63, "KDC is not trusted" );
329    
330        /**
331         * Signature is invalid.
332         */
333        public static final ErrorType KDC_ERR_INVALID_SIG = new ErrorType( 64, "Signature is invalid" );
334    
335        /**
336         * Diffie-Hellman (DH) key parameters not accepted.
337         */
338        public static final ErrorType KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED = new ErrorType( 65,
339            "Diffie-Hellman (DH) key parameters not accepted." );
340    
341        /**
342         * Certificates do not match.
343         */
344        public static final ErrorType KRB_ERR_CERTIFICATE_MISMATCH = new ErrorType( 66, "Certificates do not match" );
345    
346        /**
347         * No TGT available to validate USER-TO-USER.
348         */
349        public static final ErrorType KRB_AP_ERR_NO_TGT = new ErrorType( 67, "No TGT available to validate USER-TO-USER" );
350    
351        /**
352         * Wrong realm.
353         */
354        public static final ErrorType KRB_ERR_WRONG_REALM = new ErrorType( 68, "Wrong realm" );
355    
356        /**
357         * Ticket must be for USER-TO-USER.
358         */
359        public static final ErrorType KRB_AP_ERR_USER_TO_USER_REQUIRED = new ErrorType( 69,
360            "Ticket must be for USER-TO-USER" );
361    
362        /**
363         * Can't verify certificate.
364         */
365        public static final ErrorType KDC_ERR_CANT_VERIFY_CERTIFICATE = new ErrorType( 70, "Can't verify certificate" );
366    
367        /**
368         * Invalid certificate.
369         */
370        public static final ErrorType KDC_ERR_INVALID_CERTIFICATE = new ErrorType( 71, "Invalid certificate" );
371    
372        /**
373         * Revoked certificate.
374         */
375        public static final ErrorType KDC_ERR_REVOKED_CERTIFICATE = new ErrorType( 72, "Revoked certificate" );
376    
377        /**
378         * Revocation status unknown.
379         */
380        public static final ErrorType KDC_ERR_REVOCATION_STATUS_UNKNOWN = new ErrorType( 73, "Revocation status unknown" );
381    
382        /**
383         * Revocation status unavailable.
384         */
385        public static final ErrorType KRB_ERR_REVOCATION_STATUS_UNAVAILABLE = new ErrorType( 74,
386            "Revocation status unavailable" );
387    
388        /**
389         * Client names do not match.
390         */
391        public static final ErrorType KDC_ERR_CLIENT_NAME_MISMATCH = new ErrorType( 75, "Client names do not match" );
392    
393        /**
394         * KDC names do not match.
395         */
396        public static final ErrorType KRB_ERR_KDC_NAME_MISMATCH = new ErrorType( 76, "KDC names do not match" );
397    
398        /**
399         * Inconsistent key purpose.
400         */
401        public static final ErrorType KDC_ERR_INCONSISTENT_KEY_PURPOSE = new ErrorType( 77, "Inconsistent key purpose" );
402    
403        /**
404         * Digest in certificate not accepted.
405         */
406        public static final ErrorType KDC_ERR_DIGEST_IN_CERT_NOT_ACCEPTED = new ErrorType( 78,
407            "Digest in certificate not accepted" );
408    
409        /**
410         * PA checksum must be included.
411         */
412        public static final ErrorType KDC_ERR_PA_CHECKSUM_MUST_BE_INCLUDED = new ErrorType( 79,
413            "PA checksum must be included" );
414    
415        /**
416         * Digest in signed data not accepted.
417         */
418        public static final ErrorType KDC_ERR_DIGEST_IN_SIGNED_DATA_NOT_ACCEPTED = new ErrorType( 80,
419            "Digest in signed data not accepted" );
420    
421        /**
422         * Public key encryption not supported.
423         */
424        public static final ErrorType KDC_ERR_PUBLIC_KEY_ENCRYPTION_NOT_SUPPORTED = new ErrorType( 81,
425            "Public key encryption not supported" );
426    
427        /**
428         * Array for building a List of VALUES.
429         */
430        private static final ErrorType[] values =
431            { KDC_ERR_NONE, KDC_ERR_NAME_EXP, KDC_ERR_SERVICE_EXP, KDC_ERR_BAD_PVNO, KDC_ERR_C_OLD_MAST_KVNO,
432                KDC_ERR_S_OLD_MAST_KVNO, KDC_ERR_C_PRINCIPAL_UNKNOWN, KDC_ERR_S_PRINCIPAL_UNKNOWN,
433                KDC_ERR_PRINCIPAL_NOT_UNIQUE, KDC_ERR_NULL_KEY, KDC_ERR_CANNOT_POSTDATE, KDC_ERR_NEVER_VALID,
434                KDC_ERR_POLICY, KDC_ERR_BADOPTION, KDC_ERR_ETYPE_NOSUPP, KDC_ERR_SUMTYPE_NOSUPP,
435                KDC_ERR_PADATA_TYPE_NOSUPP, KDC_ERR_TRTYPE_NOSUPP, KDC_ERR_CLIENT_REVOKED, KDC_ERR_SERVICE_REVOKED,
436                KDC_ERR_TGT_REVOKED, KDC_ERR_CLIENT_NOTYET, KDC_ERR_SERVICE_NOTYET, KDC_ERR_KEY_EXPIRED,
437                KDC_ERR_PREAUTH_FAILED, KDC_ERR_PREAUTH_REQUIRED, KDC_ERR_SERVER_NOMATCH, KDC_ERR_MUST_USE_USER2USER,
438                KDC_ERR_PATH_NOT_ACCEPTED, KDC_ERR_SVC_UNAVAILABLE, KRB_AP_ERR_BAD_INTEGRITY, KRB_AP_ERR_TKT_EXPIRED,
439                KRB_AP_ERR_TKT_NYV, KRB_AP_ERR_REPEAT, KRB_AP_ERR_NOT_US, KRB_AP_ERR_BADMATCH, KRB_AP_ERR_SKEW,
440                KRB_AP_ERR_BADADDR, KRB_AP_ERR_BADVERSION, KRB_AP_ERR_MSG_TYPE, KRB_AP_ERR_MODIFIED, KRB_AP_ERR_BADORDER,
441                KRB_AP_ERR_BADKEYVER, KRB_AP_ERR_NOKEY, KRB_AP_ERR_MUT_FAIL, KRB_AP_ERR_BADDIRECTION, KRB_AP_ERR_METHOD,
442                KRB_AP_ERR_BADSEQ, KRB_AP_ERR_INAPP_CKSUM, KRB_AP_PATH_NOT_ACCEPTED, KRB_ERR_RESPONSE_TOO_BIG,
443                KRB_ERR_GENERIC, KRB_ERR_FIELD_TOOLONG, KDC_ERR_CLIENT_NOT_TRUSTED, KRB_ERR_KDC_NOT_TRUSTED,
444                KDC_ERR_INVALID_SIG, KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED, KRB_ERR_CERTIFICATE_MISMATCH,
445                KRB_AP_ERR_NO_TGT, KRB_ERR_WRONG_REALM, KRB_AP_ERR_USER_TO_USER_REQUIRED, KDC_ERR_CANT_VERIFY_CERTIFICATE,
446                KDC_ERR_INVALID_CERTIFICATE, KDC_ERR_REVOKED_CERTIFICATE, KDC_ERR_REVOCATION_STATUS_UNKNOWN,
447                KRB_ERR_REVOCATION_STATUS_UNAVAILABLE, KDC_ERR_CLIENT_NAME_MISMATCH, KRB_ERR_KDC_NAME_MISMATCH,
448                KDC_ERR_INCONSISTENT_KEY_PURPOSE, KDC_ERR_DIGEST_IN_CERT_NOT_ACCEPTED,
449                KDC_ERR_PA_CHECKSUM_MUST_BE_INCLUDED, KDC_ERR_DIGEST_IN_SIGNED_DATA_NOT_ACCEPTED,
450                KDC_ERR_PUBLIC_KEY_ENCRYPTION_NOT_SUPPORTED };
451    
452        /**
453         * A List of all the error type constants.
454         */
455        public static final List<ErrorType> VALUES = Collections.unmodifiableList( Arrays.asList( values ) );
456    
457        /**
458         * The name of the error type.
459         */
460        private final String name;
461    
462        /**
463         * The value/code for the error type.
464         */
465        private final int ordinal;
466    
467    
468        /**
469         * Private constructor prevents construction outside of this class.
470         */
471        private ErrorType( int ordinal, String name )
472        {
473            this.ordinal = ordinal;
474            this.name = name;
475        }
476    
477    
478        /**
479         * Returns the message for this Kerberos error.
480         *
481         * @return the message for this Kerberos error.
482         */
483        public String getMessage()
484        {
485            return name;
486        }
487    
488    
489        /**
490         * Returns the message for this Kerberos error.
491         *
492         * @return the message for this Kerberos error.
493         */
494        public String toString()
495        {
496            return name;
497        }
498    
499    
500        /**
501         * Compares this type to another object hopefully one that is of the same
502         * type.
503         *
504         * @param that the object to compare this KerberosError to
505         * @return ordinal - ( ( KerberosError ) that ).ordinal;
506         */
507        public int compareTo( ErrorType that )
508        {
509            return ordinal - that.ordinal;
510        }
511    
512    
513        /**
514         * Gets the ordinal by its ordinal value.
515         *
516         * @param ordinal the ordinal value of the ordinal
517         * @return the type corresponding to the ordinal value
518         */
519        public static ErrorType getTypeByOrdinal( int ordinal )
520        {
521            for ( int ii = 0; ii < values.length; ii++ )
522            {
523                if ( values[ii].ordinal == ordinal )
524                {
525                    return values[ii];
526                }
527            }
528    
529            return KRB_ERR_GENERIC;
530        }
531    
532    
533        /**
534         * Gets the ordinal value associated with this Kerberos error.
535         *
536         * @return the ordinal value associated with this Kerberos error
537         */
538        public int getOrdinal()
539        {
540            return ordinal;
541        }
542    }