001/*
002 *  Licensed to the Apache Software Foundation (ASF) under one
003 *  or more contributor license agreements.  See the NOTICE file
004 *  distributed with this work for additional information
005 *  regarding copyright ownership.  The ASF licenses this file
006 *  to you under the Apache License, Version 2.0 (the
007 *  "License"); you may not use this file except in compliance
008 *  with the License.  You may obtain a copy of the License at
009 * 
010 *    http://www.apache.org/licenses/LICENSE-2.0
011 * 
012 *  Unless required by applicable law or agreed to in writing,
013 *  software distributed under the License is distributed on an
014 *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015 *  KIND, either express or implied.  See the License for the
016 *  specific language governing permissions and limitations
017 *  under the License.
018 * 
019 */
020package org.apache.directory.shared.kerberos;
021
022
023import static org.apache.directory.shared.kerberos.codec.types.EncryptionType.DES3_CBC_MD5;
024import static org.apache.directory.shared.kerberos.codec.types.EncryptionType.DES3_CBC_SHA1;
025import static org.apache.directory.shared.kerberos.codec.types.EncryptionType.DES3_CBC_SHA1_KD;
026import static org.apache.directory.shared.kerberos.codec.types.EncryptionType.DES_CBC_CRC;
027import static org.apache.directory.shared.kerberos.codec.types.EncryptionType.DES_CBC_MD4;
028import static org.apache.directory.shared.kerberos.codec.types.EncryptionType.DES_CBC_MD5;
029import static org.apache.directory.shared.kerberos.codec.types.EncryptionType.DES_EDE3_CBC_ENV_OID;
030import static org.apache.directory.shared.kerberos.codec.types.EncryptionType.DSAWITHSHA1_CMSOID;
031import static org.apache.directory.shared.kerberos.codec.types.EncryptionType.MD5WITHRSAENCRYPTION_CMSOID;
032import static org.apache.directory.shared.kerberos.codec.types.EncryptionType.RC2CBC_ENVOID;
033import static org.apache.directory.shared.kerberos.codec.types.EncryptionType.RC4_HMAC;
034import static org.apache.directory.shared.kerberos.codec.types.EncryptionType.RSAENCRYPTION_ENVOID;
035import static org.apache.directory.shared.kerberos.codec.types.EncryptionType.RSAES_OAEP_ENV_OID;
036import static org.apache.directory.shared.kerberos.codec.types.EncryptionType.SHA1WITHRSAENCRYPTION_CMSOID;
037
038import java.util.ArrayList;
039import java.util.HashSet;
040import java.util.LinkedHashMap;
041import java.util.List;
042import java.util.Map;
043import java.util.Set;
044
045import org.apache.directory.api.util.Strings;
046import org.apache.directory.shared.kerberos.codec.types.EncryptionType;
047
048
049/**
050 * An utility class for Kerberos.
051 *
052 * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
053 */
054public class KerberosUtils
055{
056    /** A constant for integer optional values */
057    public static final int NULL = -1;
058
059    /** An empty list of principal names */
060    public static final List<String> EMPTY_PRINCIPAL_NAME = new ArrayList<>();
061
062    /** 
063     * an order preserved map containing cipher names to the corresponding algorithm 
064     * names in the descending order of strength
065     */
066    private static final Map<String, String> cipherAlgoMap = new LinkedHashMap<>();
067
068    private static final Set<EncryptionType> oldEncTypes = new HashSet<>();
069
070    static
071    {
072        cipherAlgoMap.put( "rc4", "ArcFourHmac" );
073        cipherAlgoMap.put( "aes256", "AES256" );
074        cipherAlgoMap.put( "aes128", "AES128" );
075        cipherAlgoMap.put( "des3", "DESede" );
076        cipherAlgoMap.put( "des", "DES" );
077
078        oldEncTypes.add( DES_CBC_CRC );
079        oldEncTypes.add( DES_CBC_MD4 );
080        oldEncTypes.add( DES_CBC_MD5 );
081        oldEncTypes.add( DES_EDE3_CBC_ENV_OID );
082        oldEncTypes.add( DES3_CBC_MD5 );
083        oldEncTypes.add( DES3_CBC_SHA1 );
084        oldEncTypes.add( DES3_CBC_SHA1_KD );
085        oldEncTypes.add( DSAWITHSHA1_CMSOID );
086        oldEncTypes.add( MD5WITHRSAENCRYPTION_CMSOID );
087        oldEncTypes.add( SHA1WITHRSAENCRYPTION_CMSOID );
088        oldEncTypes.add( RC2CBC_ENVOID );
089        oldEncTypes.add( RSAENCRYPTION_ENVOID );
090        oldEncTypes.add( RSAES_OAEP_ENV_OID );
091        oldEncTypes.add( RC4_HMAC );
092    }
093
094
095    public static boolean isKerberosString( byte[] value )
096    {
097        if ( value == null )
098        {
099            return false;
100        }
101
102        for ( byte b : value )
103        {
104            if ( ( b < 0x20 ) || ( b > 0x7E ) )
105            {
106                return false;
107            }
108        }
109
110        return true;
111    }
112
113
114    public static String getAlgoNameFromEncType( EncryptionType encType )
115    {
116        String cipherName = Strings.toLowerCaseAscii( encType.getName() );
117
118        for ( Map.Entry<String, String> entry : cipherAlgoMap.entrySet() )
119        {
120            if ( cipherName.startsWith( entry.getKey() ) )
121            {
122                return entry.getValue();
123            }
124        }
125
126        throw new IllegalArgumentException( "Unknown algorithm name for the encryption type " + encType );
127    }
128}