Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / libcore / 319a3b994703aac84df7bcde272adfcb3cdbbbf0 / . / jdk / src / share / classes / sun / security / krb5 / internal / KDCOptions.java
blob: 04be86c88b8d6963e0492068035605e039fbbfdf [file] [log] [blame]
J. Duke319a3b92007-12-01 00:00:00 +0000[diff] [blame^]1/*
2 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
3 *
4 * This code is free software; you can redistribute it and/or modify it
5 * under the terms of the GNU General Public License version 2 only, as
6 * published by the Free Software Foundation. Sun designates this
7 * particular file as subject to the "Classpath" exception as provided
8 * by Sun in the LICENSE file that accompanied this code.
9 *
10 * This code is distributed in the hope that it will be useful, but WITHOUT
11 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
12 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * version 2 for more details (a copy is included in the LICENSE file that
14 * accompanied this code).
15 *
16 * You should have received a copy of the GNU General Public License version
17 * 2 along with this work; if not, write to the Free Software Foundation,
18 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
19 *
20 * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
21 * CA 95054 USA or visit www.sun.com if you need additional information or
22 * have any questions.
23 */
24
25/*
26 *
27 * (C) Copyright IBM Corp. 1999 All Rights Reserved.
28 * Copyright 1997 The Open Group Research Institute. All rights reserved.
29 */
30
31package sun.security.krb5.internal;
32
33import sun.security.krb5.Config;
34import sun.security.krb5.KrbException;
35import sun.security.krb5.Asn1Exception;
36import sun.security.krb5.internal.util.KerberosFlags;
37import sun.security.util.*;
38import java.io.IOException;
39
40/**
41 * Implements the ASN.1 KDCOptions type.
42 *
43 * <xmp>
44 * KDCOptions ::= KerberosFlags
45 * -- reserved(0),
46 * -- forwardable(1),
47 * -- forwarded(2),
48 * -- proxiable(3),
49 * -- proxy(4),
50 * -- allow-postdate(5),
51 * -- postdated(6),
52 * -- unused7(7),
53 * -- renewable(8),
54 * -- unused9(9),
55 * -- unused10(10),
56 * -- opt-hardware-auth(11),
57 * -- unused12(12),
58 * -- unused13(13),
59 * -- 15 is reserved for canonicalize
60 * -- unused15(15),
61 * -- 26 was unused in 1510
62 * -- disable-transited-check(26),
63 * -- renewable-ok(27),
64 * -- enc-tkt-in-skey(28),
65 * -- renew(30),
66 * -- validate(31)
67 *
68 * KerberosFlags ::= BIT STRING (SIZE (32..MAX))
69 * -- minimum number of bits shall be sent,
70 * -- but no fewer than 32
71 *
72 * </xmp>
73 *
74 * <p>
75 * This definition reflects the Network Working Group RFC 4120
76 * specification available at
77 * <a href="http://www.ietf.org/rfc/rfc4120.txt">
78 * http://www.ietf.org/rfc/rfc4120.txt</a>.
79 *
80 * <p>
81 * This class appears as data field in the initial request(KRB_AS_REQ)
82 * or subsequent request(KRB_TGS_REQ) to the KDC and indicates the flags
83 * that the client wants to set on the tickets.
84 *
85 * The optional bits are:
86 * <UL>
87 * <LI>KDCOptions.RESERVED
88 * <LI>KDCOptions.FORWARDABLE
89 * <LI>KDCOptions.FORWARDED
90 * <LI>KDCOptions.PROXIABLE
91 * <LI>KDCOptions.PROXY
92 * <LI>KDCOptions.ALLOW_POSTDATE
93 * <LI>KDCOptions.POSTDATED
94 * <LI>KDCOptions.RENEWABLE
95 * <LI>KDCOptions.RENEWABLE_OK
96 * <LI>KDCOptions.ENC_TKT_IN_SKEY
97 * <LI>KDCOptions.RENEW
98 * <LI>KDCOptions.VALIDATE
99 * </UL>
100 * <p> Various checks must be made before honoring an option. The restrictions
101 * on the use of some options are as follows:
102 * <ol>
103 * <li> FORWARDABLE, FORWARDED, PROXIABLE, RENEWABLE options may be set in
104 * subsequent request only if the ticket_granting ticket on which it is based has
105 * the same options (FORWARDABLE, FORWARDED, PROXIABLE, RENEWABLE) set.
106 * <li> ALLOW_POSTDATE may be set in subsequent request only if the
107 * ticket-granting ticket on which it is based also has its MAY_POSTDATE flag set.
108 * <li> POSTDATED may be set in subsequent request only if the
109 * ticket-granting ticket on which it is based also has its MAY_POSTDATE flag set.
110 * <li> RENEWABLE or RENEW may be set in subsequent request only if the
111 * ticket-granting ticket on which it is based also has its RENEWABLE flag set.
112 * <li> POXY may be set in subsequent request only if the ticket-granting ticket
113 * on which it is based also has its PROXIABLE flag set, and the address(es) of
114 * the host from which the resulting ticket is to be valid should be included
115 * in the addresses field of the request.
116 * <li>FORWARDED, PROXY, ENC_TKT_IN_SKEY, RENEW, VALIDATE are used only in
117 * subsequent requests.
118 * </ol><p>
119 */
120
121public class KDCOptions extends KerberosFlags {
122
123 public final int KDC_OPT_PROXIABLE = 0x10000000;
124 public final int KDC_OPT_RENEWABLE_OK = 0x00000010;
125 public final int KDC_OPT_FORWARDABLE = 0x40000000;
126
127
128 // KDC Options
129
130 public static final int RESERVED = 0;
131 public static final int FORWARDABLE = 1;
132 public static final int FORWARDED = 2;
133 public static final int PROXIABLE = 3;
134 public static final int PROXY = 4;
135 public static final int ALLOW_POSTDATE = 5;
136 public static final int POSTDATED = 6;
137 public static final int UNUSED7 = 7;
138 public static final int RENEWABLE = 8;
139 public static final int UNUSED9 = 9;
140 public static final int UNUSED10 = 10;
141 public static final int UNUSED11 = 11;
142 public static final int RENEWABLE_OK = 27;
143 public static final int ENC_TKT_IN_SKEY = 28;
144 public static final int RENEW = 30;
145 public static final int VALIDATE = 31;
146
147 private boolean DEBUG = Krb5.DEBUG;
148
149 public KDCOptions() {
150 super(Krb5.KDC_OPTS_MAX + 1);
151 setDefault();
152 }
153
154 public KDCOptions(int size, byte[] data) throws Asn1Exception {
155 super(size, data);
156 if ((size > data.length * BITS_PER_UNIT) || (size > Krb5.KDC_OPTS_MAX + 1))
157 throw new Asn1Exception(Krb5.BITSTRING_BAD_LENGTH);
158 }
159
160 /**
161 * Constructs a KDCOptions from the specified bit settings.
162 *
163 * @param data the bits to be set for the KDCOptions.
164 * @exception Asn1Exception if an error occurs while decoding an ASN1
165 * encoded data.
166 *
167 */
168 public KDCOptions(boolean[] data) throws Asn1Exception {
169 super(data);
170 if (data.length > Krb5.KDC_OPTS_MAX + 1) {
171 throw new Asn1Exception(Krb5.BITSTRING_BAD_LENGTH);
172 }
173 }
174
175 public KDCOptions(DerValue encoding) throws Asn1Exception, IOException {
176 this(encoding.getUnalignedBitString(true).toBooleanArray());
177 }
178
179 /**
180 * Constructs a KDCOptions from the passed bit settings.
181 *
182 * @param options the bits to be set for the KDCOptions.
183 *
184 */
185 public KDCOptions(byte[] options) {
186 super(options.length * BITS_PER_UNIT, options);
187 }
188
189 /**
190 * Parse (unmarshal) a KDCOptions from a DER input stream. This form
191 * parsing might be used when expanding a value which is part of
192 * a constructed sequence and uses explicitly tagged type.
193 *
194 * @param data the Der input stream value, which contains one or more
195 * marshaled value.
196 * @param explicitTag tag number.
197 * @param optional indicate if this data field is optional
198 * @return an instance of KDCOptions.
199 * @exception Asn1Exception if an error occurs while decoding an ASN1 encoded data.
200 * @exception IOException if an I/O error occurs while reading encoded data.
201 *
202 */
203
204 public static KDCOptions parse(DerInputStream data, byte explicitTag, boolean optional) throws Asn1Exception, IOException {
205 if ((optional) && (((byte)data.peekByte() & (byte)0x1F) != explicitTag))
206 return null;
207 DerValue der = data.getDerValue();
208 if (explicitTag != (der.getTag() & (byte)0x1F)) {
209 throw new Asn1Exception(Krb5.ASN1_BAD_ID);
210 } else {
211 DerValue subDer = der.getData().getDerValue();
212 return new KDCOptions(subDer);
213 }
214 }
215
216 /**
217 * Sets the value(true/false) for one of the <code>KDCOptions</code>.
218 *
219 * @param option an option bit.
220 * @param value true if the option is selected, false if the option is not selected.
221 * @exception ArrayIndexOutOfBoundsException if array index out of bound occurs.
222 * @see sun.security.krb5.internal.Krb5
223 */
224 public void set(int option, boolean value) throws ArrayIndexOutOfBoundsException {
225 super.set(option, value);
226 }
227
228 /**
229 * Gets the value(true/false) for one of the <code>KDCOptions</code>.
230 *
231 * @param option an option bit.
232 * @return value true if the option is selected, false if the option is not selected.
233 * @exception ArrayIndexOutOfBoundsException if array index out of bound occurs.
234 * @see sun.security.krb5.internal.Krb5
235 */
236
237 public boolean get(int option) throws ArrayIndexOutOfBoundsException {
238 return super.get(option);
239 }
240
241
242 private void setDefault() {
243 try {
244
245 Config config = Config.getInstance();
246
247 /*
248 * First see if the IBM hex format is being used.
249 * If not, try the Sun's string (boolean) format.
250 */
251
252 int options =config.getDefaultIntValue("kdc_default_options",
253 "libdefaults");
254
255 if ((options & RENEWABLE_OK) == RENEWABLE_OK) {
256 set(RENEWABLE_OK, true);
257 } else {
258 if (config.getDefaultBooleanValue("renewable", "libdefaults")) {
259 set(RENEWABLE_OK, true);
260 }
261 }
262 if ((options & PROXIABLE) == PROXIABLE) {
263 set(PROXIABLE, true);
264 } else {
265 if (config.getDefaultBooleanValue("proxiable", "libdefaults")) {
266 set(PROXIABLE, true);
267 }
268 }
269
270 if ((options & FORWARDABLE) == FORWARDABLE) {
271 set(FORWARDABLE, true);
272 } else {
273 if (config.getDefaultBooleanValue("forwardable", "libdefaults")) {
274 set(FORWARDABLE, true);
275 }
276 }
277 } catch (KrbException e) {
278 if (DEBUG) {
279 System.out.println("Exception in getting default values for " +
280 "KDC Options from the configuration ");
281 e.printStackTrace();
282
283 }
284 }
285 }
286}