001 /* 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, 013 * software distributed under the License is distributed on an 014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 015 * KIND, either express or implied. See the License for the 016 * specific language governing permissions and limitations 017 * under the License. 018 * 019 */ 020 package org.apache.directory.server.kerberos.shared.crypto.encryption; 021 022 023 import java.util.Arrays; 024 import java.util.Collections; 025 import java.util.List; 026 027 import org.apache.directory.server.i18n.I18n; 028 029 030 /** 031 * From RFC 4120, "The Kerberos Network Authentication Service (V5)": 032 * 033 * 7.5.1. Key Usage Numbers 034 * 035 * The encryption and checksum specifications in [RFC3961] require as 036 * input a "key usage number", to alter the encryption key used in any 037 * specific message in order to make certain types of cryptographic 038 * attack more difficult. These are the key usage values assigned in 039 * [RFC 4120]: 040 * 041 * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a> 042 * @version $Rev$, $Date$ 043 */ 044 public final class KeyUsage implements Comparable<KeyUsage> 045 { 046 /** 047 * AS-REQ PA-ENC-TIMESTAMP padata timestamp, encrypted with the client key (Section 5.2.7.2) 048 */ 049 public static final KeyUsage NUMBER1 = new KeyUsage( 1, I18n.err( I18n.ERR_603 ) ); 050 051 /** 052 * AS-REP Ticket and TGS-REP Ticket (includes TGS session key or application session key), encrypted with the service key (Section 5.3) 053 */ 054 public static final KeyUsage NUMBER2 = new KeyUsage( 2, I18n.err( I18n.ERR_604 ) ); 055 056 /** 057 * AS-REP encrypted part (includes TGS session key or application session key), encrypted with the client key (Section 5.4.2) 058 */ 059 public static final KeyUsage NUMBER3 = new KeyUsage( 3, I18n.err( I18n.ERR_605 ) ); 060 061 /** 062 * TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the TGS session key (Section 5.4.1) 063 */ 064 public static final KeyUsage NUMBER4 = new KeyUsage( 4, I18n.err( I18n.ERR_606 ) ); 065 066 /** 067 * TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the TGS authenticator subkey (Section 5.4.1) 068 */ 069 public static final KeyUsage NUMBER5 = new KeyUsage( 5, I18n.err( I18n.ERR_607 ) ); 070 071 /** 072 * TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator cksum, keyed with the TGS session key (Section 5.5.1) 073 */ 074 public static final KeyUsage NUMBER6 = new KeyUsage( 6, I18n.err( I18n.ERR_608 ) ); 075 076 /** 077 * TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator (includes TGS authenticator subkey), encrypted with the TGS session key (Section 5.5.1) 078 */ 079 public static final KeyUsage NUMBER7 = new KeyUsage( 7, I18n.err( I18n.ERR_609 ) ); 080 081 /** 082 * TGS-REP encrypted part (includes application session key), encrypted with the TGS session key (Section 5.4.2) 083 */ 084 public static final KeyUsage NUMBER8 = new KeyUsage( 8, I18n.err( I18n.ERR_610 ) ); 085 086 /** 087 * TGS-REP encrypted part (includes application session key), encrypted with the TGS authenticator subkey (Section 5.4.2) 088 */ 089 public static final KeyUsage NUMBER9 = new KeyUsage( 9, I18n.err( I18n.ERR_610 ) ); 090 091 /** 092 * AP-REQ Authenticator cksum, keyed with the application session key (Section 5.5.1) 093 */ 094 public static final KeyUsage NUMBER10 = new KeyUsage( 10, I18n.err( I18n.ERR_612 ) ); 095 096 /** 097 * AP-REQ Authenticator (includes application authenticator subkey), encrypted with the application session key (Section 5.5.1) 098 */ 099 public static final KeyUsage NUMBER11 = new KeyUsage( 11, I18n.err( I18n.ERR_613 ) ); 100 101 /** 102 * AP-REP encrypted part (includes application session subkey), encrypted with the application session key (Section 5.5.2) 103 */ 104 public static final KeyUsage NUMBER12 = new KeyUsage( 12, I18n.err( I18n.ERR_614 ) ); 105 106 /** 107 * KRB-PRIV encrypted part, encrypted with a key chosen by the application (Section 5.7.1) 108 */ 109 public static final KeyUsage NUMBER13 = new KeyUsage( 13, I18n.err( I18n.ERR_615 ) ); 110 111 /** 112 * These two lines are all that's necessary to export a List of VALUES. 113 */ 114 private static final KeyUsage[] values = 115 { NUMBER1, NUMBER2, NUMBER3, NUMBER4, NUMBER5, NUMBER6, NUMBER7, NUMBER8, NUMBER9, NUMBER10, NUMBER11, 116 NUMBER12, NUMBER13 }; 117 118 /** 119 * VALUES needs to be located here, otherwise illegal forward reference. 120 */ 121 public static final List<KeyUsage> VALUES = Collections.unmodifiableList( Arrays.asList( values ) ); 122 123 private final int ordinal; 124 private final String name; 125 126 127 /** 128 * Private constructor prevents construction outside of this class. 129 */ 130 private KeyUsage( int ordinal, String name ) 131 { 132 this.ordinal = ordinal; 133 this.name = name; 134 } 135 136 137 /** 138 * Returns the key usage number type when specified by its ordinal. 139 * 140 * @param type 141 * @return The key usage number type. 142 */ 143 public static KeyUsage getTypeByOrdinal( int type ) 144 { 145 for ( int ii = 0; ii < values.length; ii++ ) 146 { 147 if ( values[ii].ordinal == type ) 148 { 149 return values[ii]; 150 } 151 } 152 153 return NUMBER1; 154 } 155 156 157 /** 158 * Returns the number associated with this key usage number. 159 * 160 * @return The key usage number 161 */ 162 public int getOrdinal() 163 { 164 return ordinal; 165 } 166 167 168 public int compareTo( KeyUsage that ) 169 { 170 return ordinal - that.ordinal; 171 } 172 173 174 public String toString() 175 { 176 return name + " (" + ordinal + ")"; 177 } 178 }