fatal error org.bouncycastle.asn1.ASN1Exception after upgrade from version 1.60 to 1.71 or 1.77 #1614
Comments
|
We've been tightening up the ASN.1 parsing. The boolean at the start of the file is invalid - it's zero length! Are you seriously saying this is what Microsoft is producing? Even the openssl parser complains about it, and they're a lot more forgiving than we are. |
|
@dghgit I don't think this is quite right. Note here: https://datatracker.ietf.org/doc/html/rfc4121#section-4.1 The format of this message is: What you read as a zero byte boolean, isn't; it is a two byte token signifying the content type of the remaining part of the ANY. This means a general purpose recursive, greedy ASN.1 Parser isn't the correct way to parse this; we've got to use something incremental to handle the GSSAPI specifics, or explicitly validate the outer packet. Given we know what the constructed prefix should be ( @ivkina I'd perhaps suggest reading and verifying that prefix manually, given it is unlikely to change for your purposes: Code & outputCode: import java.io.File;
import java.io.FileInputStream;
import java.security.Security;
import java.util.Arrays;
import org.bouncycastle.asn1.*;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
public class Main {
public static void main(String[] args) {
File f = new File("/home/ascheel/Downloads/krb.txt");
FileInputStream fis = null;
ASN1InputStream ais = null;
try {
Security.addProvider(new BouncyCastleProvider());
fis = new FileInputStream(f);
byte[] expected = new byte[]{0x60, (byte)0x82, 0x09, 0x18, 0x06,
0x09, 0x2a, (byte)0x86, 0x48,
(byte)0x86, (byte)0xf7, 0x12, 0x01,
0x02, 0x02, 0x01, 0x00};
byte[] actual = new byte[expected.length];
if (fis.read(actual) != actual.length) {
throw new RuntimeException("FIXME: input buffer too short");
}
if (!Arrays.equals(actual, expected)) {
throw new RuntimeException("FIXME: input buffer has incorrect prefix");
}
// Now we can parse the inner KRB_AP_REQ directly.
ais = new ASN1InputStream(fis);
ASN1Primitive asn1p = ais.readObject();
System.out.println(asn1p);
}
catch (Exception e) {
e.printStackTrace();
}
finally {
try {
if (ais != null) {
ais.close();
}
if (fis != null) {
fis.close();
}
}
catch (Exception e) {
}
}
}
}Output: The remaining inner message is then fine to parse using the existing parser, as shown above. KRB5's GSSAPI is manually reading a 16-bit value: if (tok_type != -1) {
if (k5_input_get_uint16_be(&in) != tok_type)
return in.status ? G_BAD_TOK_HEADER : G_WRONG_TOKID;
}(called from e.g. here). We don't have an incremental ASN.1 parser in this sense, that supports arbitrary non-ASN.1 segments, AFAICT, so we can't read these 2 bytes easily (unless @dghgit knows otherwise; I don't think we have a good example for this in BC right now; X500Name has an inner AttributeTypeAndValue that is of type ANY, but it doesn't include the non-ASN1 token prefix specifier like GSS API does. |
|
Ah. All I can say is, that's a relief! Thanks for the follow up. |
|
@cipherboy, @dghgit - thanks a lot, will try the suggestion and post an update accordingly. As far as Microsoft, this is enterprise licened Windows Server 2022 domain controller, patched to the latest, so, I assume tens of millions of ADs around the world generate billions of tokens like that, in the same format ;) |
|
@ivkina I don't think this (my suggestion) actually works; you'll need to check the first byte ( |
|
@dghgit Hmm, lazy evaluation should exist per source code (I was looking at older javadocs, my bad!): /**
* Create an ASN1InputStream where no DER object will be longer than limit, and constructed
* objects such as sequences will be parsed lazily.
*
* @param input stream containing ASN.1 encoded data.
* @param lazyEvaluate true if parsing inside constructed objects can be delayed.
*/
public ASN1InputStream(InputStream input, boolean lazyEvaluate)
{
this(input, StreamUtil.findLimit(input), lazyEvaluate);
}but this still throws the same assertion: I think providing a dedicated parser might be our best bet? |
|
@cipherboy - I did not try custom code you suggested but based on the last comment I assume the standard asn1 parser will still throw the same error, correct? |
|
@cipherboy - so, there is no really a simple way unless we want to override ASN1InputStream.readObject(), correct? |
|
@ivkina That's my understanding; even then, it is difficult because I've built a custom parser for this and pushed to an internal branch; if @dghgit likes it, we can ship it. But it likely won't make 1.78, 1.79 is more likely. :-) |
|
@cipherboy - that would be awesome! any chance you can share the parser code? I could test it as well running it against real time ms AD and trying different accounts/tokens. |
|
Here's the parser code: Parser codepackage org.bouncycastle.asn1.gssapi;
import java.io.ByteArrayInputStream;
import java.io.EOFException;
import java.io.FilterInputStream;
import java.io.IOException;
import java.io.InputStream;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.util.Arrays;
/**
* This class exists to parse GSS-API Tokens per RFC 4121 Section 4.1
* Context Establishment Tokens. This is a pseudo-ASN.1 structure given
* by:
*
* GSS-API DEFINITIONS ::=
*
* BEGIN
*
* MechType ::= OBJECT IDENTIFIER
* -- representing Kerberos V5 mechanism
*
* GSSAPI-Token ::=
* -- option indication (delegation, etc.) indicated within
* -- mechanism-specific token
* [APPLICATION 0] IMPLICIT SEQUENCE {
* thisMech MechType,
* innerToken ANY DEFINED BY thisMech
* -- contents mechanism-specific
* -- ASN.1 structure not required
* }
*
* The innerToken field starts with a two-octet token-identifier
* (TOK_ID) expressed in big-endian order, followed by a Kerberos
* message.
*
* Token TOK_ID Value in Hex
* -----------------------------------------
* KRB_AP_REQ 01 00
* KRB_AP_REP 02 00
* KRB_ERROR 03 00
*
* Further details about this structure is given in the earlier RFC 2743
* Section 3.1 Mechanism-Independent Token Format.
*
* Note that this is necessary because while lazy parsing exists in
* ASN1InputStream, (1) it doesn't work for application-specific
* tagged objects, and (2) even if we were to implement lazy parsing
* of tagged objects, we wouldn't be able to skip the two byte header.
* This means we're better off manually parsing the outer SEQUENCE and
* its members, until we hit the actual contents of the innerToken.
*
* This class makes no attempt to parse GSSAPI-Token values without
* these two byte headers; use ASN1InputStream directly instead.
*
* This parser is re-callable. If a series of concatenated GSSAPI-TOKENs
* are given in a single InputStream, these can all be parsed by repeatedly
* calling parse(...) and getting the object out of the tokenInputStream.
* Note that calling parse again prior to fetching the underlying token object
* will cause undefined behavior.
*/
public class GSSAPITokenParser
{
/**
* innerToken contains KRB_AP_REQUEST.
*/
public static short KRB_AP_REQ = 0x0100;
/**
* innerToken contains KRB_AP_REPLY.
*/
public static short KRB_AP_REP = 0x0200;
/**
* innerToken contains KRB_ERROR.
*/
public static short KRB_ERROR = 0x0300;
/**
* Create a GSSAPITokenParser based on the specified input stream.
*
* @param input stream containing ASN.1 encoded data.
*/
public GSSAPITokenParser(InputStream is)
{
this(is, null, null);
}
/**
* Create a GSSAPITokenParser based on the specified input stream where no
* object will be larger than the limit.
*
* @param input stream containing ASN.1 encoded data.
* @param limit maximum size of a DER encoded object.
*/
public GSSAPITokenParser(InputStream is, int limit)
{
this(is, limit, null);
}
/**
* Create a GSSAPITokenParser based on the specified input stream where
* constructed objects such as sequences will be parsed lazily.
*
* @param input stream containing ASN.1 encoded data.
* @param lazyEvaluate true if parsing inside constructed objects can be delayed.
*/
public GSSAPITokenParser(InputStream is, boolean lazyEvaluate)
{
this(is, null, lazyEvaluate);
}
/**
* Create a GSSAPITokenParser based on the specified input stream where no
* object will be larger than the limit and constructed objects such as
* sequences will be parsed lazily.
*
* @param input stream containing ASN.1 encoded data.
* @param limit maximum size of a DER encoded object.
* @param lazyEvaluate true if parsing inside constructed objects can be delayed.
*/
public GSSAPITokenParser(InputStream is, int limit, boolean lazyEvaluate)
{
this(is, (Integer) limit, (Boolean) lazyEvaluate);
}
/**
* Create a GSSAPITokenParser based on the input byte array.
*
* @param input array containing ASN.1 encoded data.
*/
public GSSAPITokenParser(byte[] input)
{
this(new ByteArrayInputStream(input), input.length);
}
/**
* Create a GSSAPITokenParser based on the input byte array where
* constructed objects such as sequences will be parsed lazily.
*
* @param input array containing ASN.1 encoded data.
* @param lazyEvaluate true if parsing inside constructed objects can be delayed.
*/
public GSSAPITokenParser(byte[] input, boolean lazyEvaluate)
{
this(new ByteArrayInputStream(input), input.length, lazyEvaluate);
}
// == Implementation ==
private InputStream is;
private Integer limit;
private Boolean lazyEvaluate;
private ASN1ObjectIdentifier thisMech;
private short tokenType;
private ASN1InputStream tokenInputStream;
private GSSAPITokenParser(InputStream is, Integer limit, Boolean lazyEvaluate)
{
this.is = is;
this.limit = limit;
this.lazyEvaluate = lazyEvaluate;
}
private void condDecrementLimit(int bytes)
{
if (limit == null)
{
return;
}
limit -= bytes;
}
private void condCheckLimit(int bytes)
throws IOException
{
if (bytes < 0)
{
throw new IOException("negative bytes to read: " + bytes);
}
if (limit == null)
{
return;
}
if (bytes > limit)
{
throw new IOException("wanted to read " + bytes + " > " + limit + " bytes, exceeding limit");
}
}
private void condCheckAndDecrementLimit(int bytes)
throws IOException
{
condCheckLimit(bytes);
condDecrementLimit(bytes);
}
/**
* Parse a single GSS-API Token from the provided input stream.
*
* thisMech and tokenType should be used to inform the parsing of the
* tokenInputStream; the latter must be consumed prior to calling
* parse(...) again if multiple GSS-API Tokens are present in the input
* stream.
*/
public void parse()
throws IOException
{
thisMech = null;
tokenType = 0;
tokenInputStream = null;
// This manually parses the input stream for the initial tag,
// consuming it. We then manually parse and validate the length,
// then the mech oid, and finally the token.
// 1. Tag
//
// Fetch and validate our tag against expectations. RFC 2743 is clear
// this should be exactly the byte 0x60 and nothing else.
condCheckAndDecrementLimit(1);
int sequenceTag = is.read();
if (sequenceTag != 0x60)
{
throw new IOException("invalid tag for [APPLICATION 0] SEQUENCE: " + sequenceTag);
}
int sequenceLength = readLength();
// Validate sequence length fits in expected limit.
condCheckLimit(sequenceLength);
// 2. OID
//
// Parse the OID. We read the tag and length explicitly, read those
// bytes, and then parse it as an ASN1ObjectIdentifier explicitly.
// Validate the OID tag against expectations. RFC 2743 is clear this
// should be exactly the byte 0x06 and nothing else.
condCheckAndDecrementLimit(1);
int oidTag = is.read();
if (oidTag != 0x06)
{
throw new IOException("invalid tag for inner OBJECT IDENTIFIER: " + oidTag);
}
int oidLength = readLength();
// Read the OID now.
condCheckAndDecrementLimit(oidLength);
byte[] oidValue = new byte[oidLength];
int oidReadLength = is.read(oidValue);
if (oidReadLength != oidLength)
{
throw new IOException("read " + oidReadLength + " < " + oidLength + " expected octets in OID");
}
// Place the OID into an ASN1ObjectIdentifier.
thisMech = ASN1ObjectIdentifier.fromContents(oidValue);
// 3. Token
//
// Read two more bytes; this should be the type of the inner contents
// under RFC 4121.
condCheckAndDecrementLimit(1);
int highOrderTokenId = is.read();
condCheckAndDecrementLimit(1);
int lowOrderTokenId = is.read();
tokenType = (short)((highOrderTokenId << 8) | lowOrderTokenId);
// Now place the remaining input stream in the parser for the token.
if (limit == null && lazyEvaluate == null)
{
tokenInputStream = new ASN1InputStream(is);
}
else if (limit == null)
{
tokenInputStream = new ASN1InputStream(is, (boolean) lazyEvaluate);
}
else if (lazyEvaluate == null)
{
tokenInputStream = new ASN1InputStream(is, (int) limit);
}
else
{
tokenInputStream = new ASN1InputStream(is, (int) limit, (boolean) lazyEvaluate);
}
}
/**
* Return thisMech from the GSS-API Token description.
*/
public ASN1ObjectIdentifier getThisMech()
{
return thisMech;
}
/**
* Returns the tokenType from the GSS-API token description.
*/
public short getTokenType()
{
return tokenType;
}
/**
* Returns the innerToken ASN.1 stream (after 2-byte tokenType).
*/
public ASN1InputStream getTokenInputStream()
{
return tokenInputStream;
}
private int readLength() throws IOException
{
// Compute the length of this segment.
int result = 0;
condCheckAndDecrementLimit(1);
int lengthByte = is.read();
if (lengthByte < 127)
{
// 2.a: length fits in a single byte; definite length.
result = (int)lengthByte;
}
else
{
// 2.b: Bits 1..7 are the length of the length; the remaining
// bytes are read and validated.
int numOctets = lengthByte & 0x7f;
if (numOctets > 4)
{
throw new IOException(numOctets + " bytes of length is excessively long");
}
else if (numOctets == 0)
{
throw new IOException("got zero for multi-octet length encoding; refusing to parse indefinite length token");
}
condCheckAndDecrementLimit(numOctets);
byte[] rawLength = new byte[numOctets];
int readLength = is.read(rawLength);
if (readLength != numOctets)
{
throw new IOException("read " + readLength + " < " + numOctets + " expected octets in length encoding");
}
// There cannot be any leading zeros. Direct zero indexing is
// fine as we know numOctets > 0, readLength == numOctets and
// thus we have at least one element here.
if (rawLength[0] == 0x00)
{
throw new IOException("malformed length: has leading zeros");
}
for (byte rawLengthByte : rawLength)
{
result = (result << 8) + rawLengthByte;
if ((result >>> 23) != 0)
{
// check preserved from readLength() of ASN1InputStream
throw new IOException("long form definite-length more than 2^23 bits");
}
}
}
return result;
}
}Let me know if it works for you! Not sure I'm quite happy with the inner parsing yet, still gotta look around to see if I can reuse some things. |
|
@cipherboy - thanks! will give it a try next week and will post an update |
|
@cipherboy - I think I got it working with your parser...-:) again, many, many thanks for such quick turnaround, really appreaciate that! One comment - the overall model/hierarchy of asn1 objects changed quite a bit between versions 1.60 and 1.71. everything seems to be built around another example was when you can run the code using the same krb.txt attached to the case. package com;
import java.io.ByteArrayInputStream;
import java.io.DataInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.Security;
import java.util.Enumeration;
import org.bouncycastle.asn1.ASN1GeneralString;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1TaggedObject;
import org.bouncycastle.asn1.BERTags;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
public class TestASN1 {
public static void main(String[] args) {
File f = new File("c:/temp/krb.txt");
FileInputStream fis = null;
DataInputStream dis = null;
ASN1InputStream ais = null;
try {
Security.addProvider(new BouncyCastleProvider());
fis = new FileInputStream(f);
dis = new DataInputStream(fis);
byte[] token = new byte[(int) f.length()];
dis.readFully(token);
ais = toASN1Stream(token);
ASN1TaggedObject to = (ASN1TaggedObject) ais.readObject();
ais.close();
Enumeration<ASN1TaggedObject> e = ((ASN1Sequence) to.getBaseUniversal(true, BERTags.SEQUENCE)).getObjects();
while (e.hasMoreElements()) {
ASN1TaggedObject tagged = e.nextElement();
switch (tagged.getTagNo()) {
case 0:
ASN1Integer pvno = (ASN1Integer) tagged.getBaseUniversal(true, BERTags.INTEGER);
if (!pvno.getValue().equals(new BigInteger("5"))) {
throw new Exception("Kerberos version invalid - " + pvno);
}
break;
case 1:
ASN1Integer msgType = (ASN1Integer) tagged.getBaseUniversal(true, BERTags.INTEGER);
if (!msgType.getValue().equals(new BigInteger("14"))) {
throw new Exception("Kerberos request invalid - " + msgType.getValue());
}
break;
case 2:
DERBitString bitString = (DERBitString) tagged.getBaseUniversal(true, BERTags.BIT_STRING);
// byte apOptions = bitString.getBytes()[0];
break;
case 3:
// this line throws java.lang.IllegalStateException: unexpected object: org.bouncycastle.asn1.DLApplicationSpecific
// ASN1Sequence seq = (ASN1Sequence) tagged.getBaseUniversal(true, BERTags.SEQUENCE);
// but this line works - what is the right way to use tagged object??? why do I need to call getBaseObject() intermediary ???
ASN1Sequence seq = (ASN1Sequence) ((ASN1TaggedObject) tagged.getBaseObject()).getBaseUniversal(true, BERTags.SEQUENCE);
Enumeration<ASN1TaggedObject> e2 = seq.getObjects();
while (e2.hasMoreElements()) {
tagged = e2.nextElement();
switch (tagged.getTagNo()) {
case 0:
// version
pvno = (ASN1Integer) tagged.getBaseUniversal(true, BERTags.INTEGER);
break;
case 1:
// spn realm
ASN1GeneralString realm = (ASN1GeneralString) tagged.getBaseUniversal(true, BERTags.GENERAL_STRING);
break;
case 2:
// spn name
ASN1TaggedObject taggedSpn = (ASN1TaggedObject) ((ASN1Sequence) tagged.getBaseUniversal(true, BERTags.SEQUENCE)).getObjectAt(1);
Enumeration e3 = ((ASN1Sequence) taggedSpn.getBaseUniversal(true, BERTags.SEQUENCE)).getObjects();
StringBuilder sb = new StringBuilder();
while (e3.hasMoreElements()) {
// not ASN1TaggedObject but DERGeneralString
// ASN1TaggedObject taggedPart = e3.nextElement();
// sb.append(((ASN1GeneralString) taggedPart.getBaseUniversal(true, BERTags.GENERAL_STRING)).getString() + "/");
sb.append(((ASN1GeneralString) e3.nextElement()).getString() + "/");
}
sb.setLength(sb.length() - 1);
break;
case 3:
// encrypted part
ASN1Sequence encSeq = ((ASN1Sequence) tagged.getBaseUniversal(true, BERTags.SEQUENCE));
ASN1Integer encType = (ASN1Integer) ((ASN1TaggedObject) encSeq.getObjectAt(0)).getBaseUniversal(true, BERTags.INTEGER);
ASN1OctetString encOctets = (ASN1OctetString) ((ASN1TaggedObject) encSeq.getObjectAt(2)).getBaseUniversal(true, BERTags.OCTET_STRING);
byte[] cipher = encOctets.getOctets();
// run decrypt...
break;
}
}
break;
case 4:
break;
default:
throw new Exception("Kerberos field invalid - " + tagged.getTagNo());
}
}
}
catch (Exception e) {
e.printStackTrace();
}
finally {
try {
if (ais != null) {
ais.close();
}
if (dis != null) {
dis.close();
}
if (fis != null) {
fis.close();
}
}
catch (Exception e) {
}
}
}
/**
* innerToken contains KRB_AP_REQUEST.
*/
public static short KRB_AP_REQ = 0x0100;
/**
* innerToken contains KRB_AP_REPLY.
*/
public static short KRB_AP_REP = 0x0200;
/**
* innerToken contains KRB_ERROR.
*/
public static short KRB_ERROR = 0x0300;
public static ASN1InputStream toASN1Stream(byte[] token) throws Exception {
KerberosTokenParser ktp = (new TestASN1()).new KerberosTokenParser(new ByteArrayInputStream(token));
try {
ktp.parse();
}
catch (IOException e) {
throw new Exception("Failed to parse kerberos token.", e);
}
return ktp.getTokenInputStream();
}
class KerberosTokenParser {
/**
* Create a KerberosTokenParser based on the specified input stream.
*
* @param input
* stream containing ASN.1 encoded data.
*/
public KerberosTokenParser(InputStream is) {
this(is, null, null);
}
/**
* Create a KerberosTokenParser based on the specified input stream where no object will be larger than the limit.
*
* @param input
* stream containing ASN.1 encoded data.
* @param limit
* maximum size of a DER encoded object.
*/
public KerberosTokenParser(InputStream is, int limit) {
this(is, limit, null);
}
/**
* Create a KerberosTokenParser based on the specified input stream where constructed objects such as sequences will be parsed lazily.
*
* @param input
* stream containing ASN.1 encoded data.
* @param lazyEvaluate
* true if parsing inside constructed objects can be delayed.
*/
public KerberosTokenParser(InputStream is, boolean lazyEvaluate) {
this(is, null, lazyEvaluate);
}
/**
* Create a KerberosTokenParser based on the specified input stream where no object will be larger than the limit and constructed objects such as sequences
* will be parsed lazily.
*
* @param input
* stream containing ASN.1 encoded data.
* @param limit
* maximum size of a DER encoded object.
* @param lazyEvaluate
* true if parsing inside constructed objects can be delayed.
*/
public KerberosTokenParser(InputStream is, int limit, boolean lazyEvaluate) {
this(is, (Integer) limit, (Boolean) lazyEvaluate);
}
/**
* Create a KerberosTokenParser based on the input byte array.
*
* @param input
* array containing ASN.1 encoded data.
*/
public KerberosTokenParser(byte[] input) {
this(new ByteArrayInputStream(input), input.length);
}
/**
* Create a KerberosTokenParser based on the input byte array where constructed objects such as sequences will be parsed lazily.
*
* @param input
* array containing ASN.1 encoded data.
* @param lazyEvaluate
* true if parsing inside constructed objects can be delayed.
*/
public KerberosTokenParser(byte[] input, boolean lazyEvaluate) {
this(new ByteArrayInputStream(input), input.length, lazyEvaluate);
}
// == Implementation ==
private InputStream is;
private Integer limit;
private Boolean lazyEvaluate;
private ASN1ObjectIdentifier thisMech;
private short tokenType;
private ASN1InputStream tokenInputStream;
private KerberosTokenParser(InputStream is, Integer limit, Boolean lazyEvaluate) {
this.is = is;
this.limit = limit;
this.lazyEvaluate = lazyEvaluate;
}
private void condDecrementLimit(int bytes) {
if (limit == null) {
return;
}
limit -= bytes;
}
private void condCheckLimit(int bytes)
throws IOException {
if (bytes < 0) {
throw new IOException("negative bytes to read: " + bytes);
}
if (limit == null) {
return;
}
if (bytes > limit) {
throw new IOException("wanted to read " + bytes + " > " + limit + " bytes, exceeding limit");
}
}
private void condCheckAndDecrementLimit(int bytes)
throws IOException {
condCheckLimit(bytes);
condDecrementLimit(bytes);
}
/**
* Parse a single GSS-API Token from the provided input stream.
*
* thisMech and tokenType should be used to inform the parsing of the tokenInputStream; the latter must be consumed prior to calling parse(...) again if
* multiple GSS-API Tokens are present in the input stream.
*/
public void parse()
throws IOException {
thisMech = null;
tokenType = 0;
tokenInputStream = null;
// This manually parses the input stream for the initial tag,
// consuming it. We then manually parse and validate the length,
// then the mech oid, and finally the token.
// 1. Tag
//
// Fetch and validate our tag against expectations. RFC 2743 is clear
// this should be exactly the byte 0x60 and nothing else.
condCheckAndDecrementLimit(1);
int sequenceTag = is.read();
if (sequenceTag != 0x60) {
throw new IOException("invalid tag for [APPLICATION 0] SEQUENCE: " + sequenceTag);
}
int sequenceLength = readLength();
// Validate sequence length fits in expected limit.
condCheckLimit(sequenceLength);
// 2. OID
//
// Parse the OID. We read the tag and length explicitly, read those
// bytes, and then parse it as an ASN1ObjectIdentifier explicitly.
// Validate the OID tag against expectations. RFC 2743 is clear this
// should be exactly the byte 0x06 and nothing else.
condCheckAndDecrementLimit(1);
int oidTag = is.read();
if (oidTag != 0x06) {
throw new IOException("invalid tag for inner OBJECT IDENTIFIER: " + oidTag);
}
int oidLength = readLength();
// Read the OID now.
condCheckAndDecrementLimit(oidLength);
byte[] oidValue = new byte[oidLength];
int oidReadLength = is.read(oidValue);
if (oidReadLength != oidLength) {
throw new IOException("read " + oidReadLength + " < " + oidLength + " expected octets in OID");
}
// Place the OID into an ASN1ObjectIdentifier.
thisMech = ASN1ObjectIdentifier.fromContents(oidValue);
// 3. Token
//
// Read two more bytes; this should be the type of the inner contents
// under RFC 4121.
condCheckAndDecrementLimit(1);
int highOrderTokenId = is.read();
condCheckAndDecrementLimit(1);
int lowOrderTokenId = is.read();
tokenType = (short) ((highOrderTokenId << 8) | lowOrderTokenId);
// Now place the remaining input stream in the parser for the token.
if (limit == null && lazyEvaluate == null) {
tokenInputStream = new ASN1InputStream(is);
}
else if (limit == null) {
tokenInputStream = new ASN1InputStream(is, (boolean) lazyEvaluate);
}
else if (lazyEvaluate == null) {
tokenInputStream = new ASN1InputStream(is, (int) limit);
}
else {
tokenInputStream = new ASN1InputStream(is, (int) limit, (boolean) lazyEvaluate);
}
}
/**
* Return thisMech from the GSS-API Token description.
*/
public ASN1ObjectIdentifier getThisMech() {
return thisMech;
}
/**
* Returns the tokenType from the GSS-API token description.
*/
public short getTokenType() {
return tokenType;
}
/**
* Returns the innerToken ASN.1 stream (after 2-byte tokenType).
*/
public ASN1InputStream getTokenInputStream() {
return tokenInputStream;
}
private int readLength() throws IOException {
// Compute the length of this segment.
int result = 0;
condCheckAndDecrementLimit(1);
int lengthByte = is.read();
if (lengthByte < 127) {
// 2.a: length fits in a single byte; definite length.
result = (int) lengthByte;
}
else {
// 2.b: Bits 1..7 are the length of the length; the remaining
// bytes are read and validated.
int numOctets = lengthByte & 0x7f;
if (numOctets > 4) {
throw new IOException(numOctets + " bytes of length is excessively long");
}
else if (numOctets == 0) {
throw new IOException("got zero for multi-octet length encoding; refusing to parse indefinite length token");
}
condCheckAndDecrementLimit(numOctets);
byte[] rawLength = new byte[numOctets];
int readLength = is.read(rawLength);
if (readLength != numOctets) {
throw new IOException("read " + readLength + " < " + numOctets + " expected octets in length encoding");
}
// There cannot be any leading zeros. Direct zero indexing is
// fine as we know numOctets > 0, readLength == numOctets and
// thus we have at least one element here.
if (rawLength[0] == 0x00) {
throw new IOException("malformed length: has leading zeros");
}
for (byte rawLengthByte : rawLength) {
result = (result << 8) + rawLengthByte;
if ((result >>> 23) != 0) {
// check preserved from readLength() of ASN1InputStream
throw new IOException("long form definite-length more than 2^23 bits");
}
}
}
return result;
}
}
}edited by @cipherboy for formatting. |
|
@ivkina I infer your example code is parsing an AP-REQ structure, so I refer to the ASN.1 module in Appendix A of RFC 4120 (https://datatracker.ietf.org/doc/html/rfc4120#appendix-A). As to your first question, lines 64 - 70 are dealing with the parsing of the 'ticket' field, so i.e. there are two levels of tagging involved (and tags are EXPLICIT by default in this module per the To your second question, lines 88-91 are dealing with the 'sname' field of a Ticket, which is a The I appreciate this is example code only, but there is quite a bit of validation missing, e.g. checking that sequences are the correct length (when exact), checking the tag class of tagged objects (not just the tag number). Also, tagged fields of a Probably this should all be broken up into proper ASN.1 classes handling each type, and that should also make things clearer. Recent versions of BC have a bunch of helper methods to simplify much of it too, but it's still quite a bit of work to rewrite. |
|
@peterdettman, @cipherboy - thanks for valuable insights. Unfortunately, with our product which is a large erp app we have to support it running on both oracle weblogic 12.x and weblogic 14.x. weblogic 12 internally uses bc 1.60, weblogic 14 uses bc 1.71. the bc api changed so much that it looks like we need to have 2 totally different parser versions for kerberos alone -:( |
|
@ivkina Is there a reason why you couldn't include your own version of BC jars within your app and use either |
|
@peterdettman the code that parses out spnego/kerberos token and extracts user's PAC info runs under weblogic global security provider (global/main classloader context under kernell), it's not web app specific. kerberos token format and PAC data format did not change for years, the specs stay the same and it would be nice of course to have some support for that in the common libraries like bc, so you don't have to reinvent the wheel...but if writing your own parser for this purpose is the only option, then I guess this is is the only option... anyway, thank you for insights here, really appreciate that. |
krb.txt
Please, see krb.txt uploaded to the case. The file contains standard Windows Domain Controller Kerberos ticket issued by Windows AD to a specific user account. It is a corp network, all patches and versions are up to date. The sample code below works just fine with version 1.60 (bcprov-jdk15on-1.60.jar). At some point after version 1.60, the implementation of ASN1InputStream.readObject() changed in a way that it no longer works. Verified that version 1.77 fails. Version 1.71 fails as well (bcprov-jdk18on-1.71).
The production use case is of course is more complex vs what the sample code below does. In production it parses out an then decyptes kerberos/spnego token to extract Windows PAC data (user authorization data aka user groups, roles etc).
The code throws an error on line ASN1Primitive asn1p = ais.readObject();. Stack trace:
Edited for formatting by @cipherboy.
The text was updated successfully, but these errors were encountered: