< prev index next >
src/java.security.jgss/share/classes/sun/security/jgss/krb5/InitialToken.java
Print this page
@@ -34,10 +34,11 @@
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import sun.security.krb5.*;
import sun.security.krb5.internal.Krb5;
+import sun.security.jgss.krb5.internal.TlsChannelBindingImpl;
abstract class InitialToken extends Krb5Token {
private static final int CHECKSUM_TYPE = 0x8003;
@@ -55,10 +56,11 @@
private static final int CHECKSUM_INTEG_FLAG = 32;
private final byte[] CHECKSUM_FIRST_BYTES =
{(byte)0x10, (byte)0x00, (byte)0x00, (byte)0x00};
+ private static final int CHANNEL_BINDING_AF_UNSPEC = 0;
private static final int CHANNEL_BINDING_AF_INET = 2;
private static final int CHANNEL_BINDING_AF_INET6 = 24;
private static final int CHANNEL_BINDING_AF_NULL_ADDR = 255;
private static final int Inet4_ADDRSZ = 4;
@@ -331,22 +333,22 @@
context.setIntegState(false);
}
}
}
- private int getAddrType(InetAddress addr) {
- int addressType = CHANNEL_BINDING_AF_NULL_ADDR;
+ private int getAddrType(InetAddress addr, int defValue) {
+ int addressType = defValue;
if (addr instanceof Inet4Address)
addressType = CHANNEL_BINDING_AF_INET;
else if (addr instanceof Inet6Address)
addressType = CHANNEL_BINDING_AF_INET6;
return (addressType);
}
private byte[] getAddrBytes(InetAddress addr) throws GSSException {
- int addressType = getAddrType(addr);
+ int addressType = getAddrType(addr, CHANNEL_BINDING_AF_NULL_ADDR);
byte[] addressBytes = addr.getAddress();
if (addressBytes != null) {
switch (addressType) {
case CHANNEL_BINDING_AF_INET:
if (addressBytes.length != Inet4_ADDRSZ) {
@@ -373,12 +375,20 @@
InetAddress initiatorAddress = channelBinding.getInitiatorAddress();
InetAddress acceptorAddress = channelBinding.getAcceptorAddress();
int size = 5*4;
- int initiatorAddressType = getAddrType(initiatorAddress);
- int acceptorAddressType = getAddrType(acceptorAddress);
+ // LDAP TLS Channel Binding requires CHANNEL_BINDING_AF_UNSPEC address type
+ // for unspecified initiator and acceptor addresses.
+ // CHANNEL_BINDING_AF_NULL_ADDR value should be used for unspecified address
+ // in all other cases.
+ int initiatorAddressType = getAddrType(initiatorAddress,
+ (channelBinding instanceof TlsChannelBindingImpl)?
+ CHANNEL_BINDING_AF_UNSPEC:CHANNEL_BINDING_AF_NULL_ADDR);
+ int acceptorAddressType = getAddrType(acceptorAddress,
+ (channelBinding instanceof TlsChannelBindingImpl)?
+ CHANNEL_BINDING_AF_UNSPEC:CHANNEL_BINDING_AF_NULL_ADDR);
byte[] initiatorAddressBytes = null;
if (initiatorAddress != null) {
initiatorAddressBytes = getAddrBytes(initiatorAddress);
size += initiatorAddressBytes.length;
< prev index next >