On 11/20/10 4:29 PM, Felix Knecht wrote:
On 11/20/2010 02:11 PM, Emmanuel Lecharny wrote:
On 11/20/10 11:52 AM, Felix Knecht wrote:
It's most certainly an issue with the way we deal with BitString.
Th pb
is that the new codec uses the modified version, so if I revert, it
will
break the new codec.
I'll try to understand why the old code is not happy with the perfect
code I injected in the kerberos part ;)
My guess is that the getBytes(int xxx) has something to do with it. In
comparison to the code before it adds some additional information in
the [0] index (A first byte containing the number of unused bits is
added) whereas in the old code it just started without additional
information.
Which is wrong. I'm looking at some PDU Stefan captured for me, and the
KdcOptions are really encoded in 5 bytes, which means the byte
containing the unused bytes is present :
0xA0 0x07
0x03 0x05 0x00 0x00 0x00 0x00 0x00
^^^^
the unused bits.
AbstractKerberosFlags isn't aware at every place, that there have 5
bytes to be in the array, but extends and used methods of BitString:
/**
* Modify a byte array to an integer value
* @param bytes The 4 bytes byte array to transform.
*/
public void setFlags( byte[] bytes )
{
if ( (bytes== null ) || ( bytes.length != 4 ) )
{
value = -1;
}
value = ( ( bytes[0] & 0x00F ) << 24 ) | ( ( bytes[1] & 0x00FF )
<< 16 ) | ( ( bytes[2] & 0x00FF ) << 8 ) | ( 0x00FF & bytes[3] );
setData( bytes );
}
This will include the first byte ([0]) for value calculation but
BitString will use the same value afterwards to set the unused bits
value. -> An array of length 5 instead of length 4 should be used.
public static byte[] getBytes( int flags )
{
return new byte[]{
(byte)( flags >>> 24),
(byte)( ( flags >> 16 ) & 0x00ff ),
(byte)( ( flags >> 8 ) & 0x00ff ),
(byte)( flags & 0x00ff ) };
}
This method doesn't returns as well a byte array not containing the
byte[0] representing the unused bits whereas the method
public byte[] getBytes()
{
return getData();
}
delivers the byte array comming inherited from BitString containing
the 'unused bits' byte.
Is it correct, that ALL classes extended BitString must use a byte
array of length 5?
If there are 32 bits, yes. But it depends on the encoding. In pure DER,
we don't necessarily uses all the bytes, we use just enough bytes to
store the bits up to the last 1. So it can be from 2 to 5 bytes.
Complicated ...
--
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com
