1. /*

  2.  * @(#)KeyImpl.java	1.9 03/01/23

  3.  *

  4.  * Copyright 2003 Sun Microsystems, Inc. All rights reserved.

  5.  * SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.

  6.  */

  7. 

  8. package javax.security.auth.kerberos;

  9. 

  10. import java.io.*;

  11. import java.util.Arrays;

  12. import javax.crypto.SecretKey;

  13. import javax.security.auth.Destroyable;

  14. import javax.security.auth.DestroyFailedException;

  15. import sun.misc.HexDumpEncoder;

  16. import sun.security.krb5.Asn1Exception;

  17. import sun.security.krb5.PrincipalName;

  18. import sun.security.krb5.EncryptionKey;

  19. import sun.security.krb5.EncryptedData;

  20. import sun.security.krb5.KrbException;

  21. import sun.security.krb5.KrbCryptoException;

  22. import sun.security.util.DerValue;

  23. 

  24. /**

  25.  * This class encapsulates a Kerberos encryption key. It is not associated

  26.  * with a principal and may represent an ephemeral session key.

  27.  *

  28.  * @author Mayank Upadhyay

  29.  * @version 1.9, 01/23/03

  30.  * @since 1.4

  31.  */

  32. class KeyImpl implements SecretKey, Destroyable, Serializable {

  33. 

  34.     private transient byte[] keyBytes;

  35.     private transient int keyType;

  36.     private transient boolean destroyed = false;

  37. 

  38. 

  39.     /**

  40.      * Constructs a KeyImpl from the given bytes.

  41.      * 

  42.      * @param keyBytes the raw bytes for the secret key

  43.      * @param keyType the key type for the secret key as defined by the

  44.      * Kerberos protocol specification.

  45.      */

  46.     public KeyImpl(byte[] keyBytes, 

  47. 		       int keyType) {

  48. 	this.keyBytes = (byte[]) keyBytes.clone();

  49. 	this.keyType = keyType;

  50.     }

  51. 

  52.     /**

  53.      * Constructs a KeyImpl from a password.

  54.      *

  55.      * @param principal the principal from which to derive the salt

  56.      * @param password the password that should be used to compute the

  57.      * key.

  58.      * @param algorithm the name for the algorithm that this key wil be

  59.      * used for. This parameter may be null in which case "DES" will be

  60.      * assumed.

  61.      */

  62.     public KeyImpl(KerberosPrincipal principal,

  63. 		   char[] password,

  64. 		   String algorithm) {

  65. 

  66. 	try {

  67. 	    PrincipalName princ = new PrincipalName(principal.getName());

  68. 	    EncryptionKey key = 

  69. 		new EncryptionKey(new StringBuffer().append(password), 

  70. 				princ.getSalt(),algorithm);

  71. 	    this.keyBytes = key.getBytes();

  72. 	    this.keyType = key.getEType();

  73. 	} catch (KrbException e) {

  74. 	    throw new IllegalArgumentException(e.getMessage());

  75. 	}

  76.     }

  77. 

  78.     /**

  79.      * Returns the keyType for this key as defined in the Kerberos Spec.

  80.      */

  81.     public final int getKeyType() {

  82. 	if (destroyed)

  83. 	    throw new IllegalStateException("This key is no longer valid");

  84. 	return keyType;

  85.     }

  86. 

  87.     /*

  88.      * Methods from java.security.Key

  89.      */

  90.     

  91.     public final String getAlgorithm() {

  92. 	return getAlgorithmName(keyType);

  93.     }

  94. 

  95.     private String getAlgorithmName(int eType) {

  96. 	if (destroyed)

  97. 	    throw new IllegalStateException("This key is no longer valid");

  98. 	if (eType == EncryptedData.ETYPE_NULL)

  99. 	    return "NULL";

  100. 	else 

  101. 	    //	    if (eType == ETYPE_DES_CBC_CRC ||

  102. 	    //		eType == ETYPE_DES_CBC_MD5)

  103. 	    return "DES";

  104.     }

  105.     

  106.     public final String getFormat() {

  107. 	if (destroyed)

  108. 	    throw new IllegalStateException("This key is no longer valid");

  109. 	return "RAW";

  110.     }

  111.     

  112.     public final byte[] getEncoded() {

  113. 	if (destroyed)

  114. 	    throw new IllegalStateException("This key is no longer valid");

  115. 	return (byte[])keyBytes.clone();

  116.     }

  117. 

  118.     public void destroy() throws DestroyFailedException {

  119. 	if (!destroyed) {

  120. 	    Arrays.fill(keyBytes, (byte) 0);

  121. 	    destroyed = true;

  122. 	}

  123.     }

  124. 

  125.     public boolean isDestroyed() {

  126. 	return destroyed;

  127.     }

  128. 

  129.    /**

  130.     * @serialData this <code>KeyImpl</code> is serialized by

  131.     *			writing out the ASN1 Encoded bytes of the

  132.     *			encryption key. The ASN1 encoding is defined in 

  133.     *			RFC1510 and as  follows:

  134.     *			EncryptionKey ::=   SEQUENCE {

  135.     *				keytype[0]    INTEGER,

  136.     *				keyvalue[1]   OCTET STRING    	

  137.     *				}

  138.     **/

  139. 

  140.     private synchronized void writeObject(ObjectOutputStream ois) 

  141. 		throws IOException {

  142. 	if (destroyed) {

  143. 	   throw new IOException ("This key is no longer valid");

  144. 	}

  145. 

  146. 	try {

  147. 	   ois.writeObject((new EncryptionKey(keyType,keyBytes)).asn1Encode());

  148. 	} catch (Asn1Exception ae) {

  149. 	   throw new IOException(ae.getMessage());

  150. 	}

  151.     }

  152. 

  153.     private synchronized void readObject(ObjectInputStream ois) 

  154. 		throws IOException , ClassNotFoundException {

  155. 	try {

  156. 	    EncryptionKey encKey = new EncryptionKey(new 

  157. 				     DerValue((byte[])ois.readObject()));

  158. 	    keyType = encKey.getEType();

  159. 	    keyBytes = encKey.getBytes();

  160. 	} catch (Asn1Exception ae) {

  161. 	    throw new IOException (ae.getMessage());

  162. 	}

  163.     }

  164. 

  165.     public String toString() {

  166. 	HexDumpEncoder hd = new HexDumpEncoder();	

  167. 	return new String("EncryptionKey: keyType=" + keyType

  168.                           + " keyBytes (hex dump)="

  169.                           + (keyBytes == null || keyBytes.length == 0 ?

  170.                              " Empty Key" :

  171.                              '\n' + hd.encode(keyBytes)

  172.                           + '\n'));

  173. 

  174. 	

  175.     }

  176. }