< prev index next >

src/java.security.jgss/share/classes/sun/security/jgss/krb5/InitialToken.java

Print this page




  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any
  23  * questions.
  24  */
  25 
  26 package sun.security.jgss.krb5;
  27 
  28 import org.ietf.jgss.*;
  29 import javax.security.auth.kerberos.DelegationPermission;
  30 import java.io.IOException;
  31 import java.net.InetAddress;
  32 import java.net.Inet4Address;
  33 import java.net.Inet6Address;
  34 import java.security.MessageDigest;
  35 import java.security.NoSuchAlgorithmException;
  36 import java.util.Arrays;
  37 import sun.security.krb5.*;
  38 import sun.security.krb5.internal.Krb5;

  39 
  40 abstract class InitialToken extends Krb5Token {
  41 
  42     private static final int CHECKSUM_TYPE = 0x8003;
  43 
  44     private static final int CHECKSUM_LENGTH_SIZE     = 4;
  45     private static final int CHECKSUM_BINDINGS_SIZE   = 16;
  46     private static final int CHECKSUM_FLAGS_SIZE      = 4;
  47     private static final int CHECKSUM_DELEG_OPT_SIZE  = 2;
  48     private static final int CHECKSUM_DELEG_LGTH_SIZE = 2;
  49 
  50     private static final int CHECKSUM_DELEG_FLAG    = 1;
  51     private static final int CHECKSUM_MUTUAL_FLAG   = 2;
  52     private static final int CHECKSUM_REPLAY_FLAG   = 4;
  53     private static final int CHECKSUM_SEQUENCE_FLAG = 8;
  54     private static final int CHECKSUM_CONF_FLAG     = 16;
  55     private static final int CHECKSUM_INTEG_FLAG    = 32;
  56 
  57     private final byte[] CHECKSUM_FIRST_BYTES =
  58     {(byte)0x10, (byte)0x00, (byte)0x00, (byte)0x00};
  59 

  60     private static final int CHANNEL_BINDING_AF_INET = 2;
  61     private static final int CHANNEL_BINDING_AF_INET6 = 24;
  62     private static final int CHANNEL_BINDING_AF_NULL_ADDR = 255;
  63 
  64     private static final int Inet4_ADDRSZ = 4;
  65     private static final int Inet6_ADDRSZ = 16;
  66 
  67     protected class OverloadedChecksum {
  68 
  69         private byte[] checksumBytes = null;
  70         private Credentials delegCreds = null;
  71         private int flags = 0;
  72 
  73         /**
  74          * Called on the initiator side when creating the
  75          * InitSecContextToken.
  76          */
  77         public OverloadedChecksum(Krb5Context context,
  78                                   Credentials tgt,
  79                                   Credentials serviceTicket)


 316                 context.setCredDelegState(true);
 317                 // default for the following are true
 318             if ((flags & CHECKSUM_MUTUAL_FLAG) == 0) {
 319                 context.setMutualAuthState(false);
 320             }
 321             if ((flags & CHECKSUM_REPLAY_FLAG) == 0) {
 322                 context.setReplayDetState(false);
 323             }
 324             if ((flags & CHECKSUM_SEQUENCE_FLAG) == 0) {
 325                 context.setSequenceDetState(false);
 326             }
 327             if ((flags & CHECKSUM_CONF_FLAG) == 0) {
 328                 context.setConfState(false);
 329             }
 330             if ((flags & CHECKSUM_INTEG_FLAG) == 0) {
 331                 context.setIntegState(false);
 332             }
 333         }
 334     }
 335 
 336     private int getAddrType(InetAddress addr) {
 337         int addressType = CHANNEL_BINDING_AF_NULL_ADDR;
 338 
 339         if (addr instanceof Inet4Address)
 340             addressType = CHANNEL_BINDING_AF_INET;
 341         else if (addr instanceof Inet6Address)
 342             addressType = CHANNEL_BINDING_AF_INET6;
 343         return (addressType);
 344     }
 345 
 346     private byte[] getAddrBytes(InetAddress addr) throws GSSException {
 347         int addressType = getAddrType(addr);
 348         byte[] addressBytes = addr.getAddress();
 349         if (addressBytes != null) {
 350             switch (addressType) {
 351                 case CHANNEL_BINDING_AF_INET:
 352                     if (addressBytes.length != Inet4_ADDRSZ) {
 353                         throw new GSSException(GSSException.FAILURE, -1,
 354                         "Incorrect AF-INET address length in ChannelBinding.");
 355                     }
 356                     return (addressBytes);
 357                 case CHANNEL_BINDING_AF_INET6:
 358                     if (addressBytes.length != Inet6_ADDRSZ) {
 359                         throw new GSSException(GSSException.FAILURE, -1,
 360                         "Incorrect AF-INET6 address length in ChannelBinding.");
 361                     }
 362                     return (addressBytes);
 363                 default:
 364                     throw new GSSException(GSSException.FAILURE, -1,
 365                     "Cannot handle non AF-INET addresses in ChannelBinding.");
 366             }
 367         }
 368         return null;
 369     }
 370 
 371     private byte[] computeChannelBinding(ChannelBinding channelBinding)
 372         throws GSSException {
 373 
 374         InetAddress initiatorAddress = channelBinding.getInitiatorAddress();
 375         InetAddress acceptorAddress = channelBinding.getAcceptorAddress();
 376         int size = 5*4;
 377 
 378         int initiatorAddressType = getAddrType(initiatorAddress);
 379         int acceptorAddressType = getAddrType(acceptorAddress);








 380 
 381         byte[] initiatorAddressBytes = null;
 382         if (initiatorAddress != null) {
 383             initiatorAddressBytes = getAddrBytes(initiatorAddress);
 384             size += initiatorAddressBytes.length;
 385         }
 386 
 387         byte[] acceptorAddressBytes = null;
 388         if (acceptorAddress != null) {
 389             acceptorAddressBytes = getAddrBytes(acceptorAddress);
 390             size += acceptorAddressBytes.length;
 391         }
 392 
 393         byte[] appDataBytes = channelBinding.getApplicationData();
 394         if (appDataBytes != null) {
 395             size += appDataBytes.length;
 396         }
 397 
 398         byte[] data = new byte[size];
 399 




  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any
  23  * questions.
  24  */
  25 
  26 package sun.security.jgss.krb5;
  27 
  28 import org.ietf.jgss.*;
  29 import javax.security.auth.kerberos.DelegationPermission;
  30 import java.io.IOException;
  31 import java.net.InetAddress;
  32 import java.net.Inet4Address;
  33 import java.net.Inet6Address;
  34 import java.security.MessageDigest;
  35 import java.security.NoSuchAlgorithmException;
  36 import java.util.Arrays;
  37 import sun.security.krb5.*;
  38 import sun.security.krb5.internal.Krb5;
  39 import sun.security.jgss.krb5.internal.TlsChannelBindingImpl;
  40 
  41 abstract class InitialToken extends Krb5Token {
  42 
  43     private static final int CHECKSUM_TYPE = 0x8003;
  44 
  45     private static final int CHECKSUM_LENGTH_SIZE     = 4;
  46     private static final int CHECKSUM_BINDINGS_SIZE   = 16;
  47     private static final int CHECKSUM_FLAGS_SIZE      = 4;
  48     private static final int CHECKSUM_DELEG_OPT_SIZE  = 2;
  49     private static final int CHECKSUM_DELEG_LGTH_SIZE = 2;
  50 
  51     private static final int CHECKSUM_DELEG_FLAG    = 1;
  52     private static final int CHECKSUM_MUTUAL_FLAG   = 2;
  53     private static final int CHECKSUM_REPLAY_FLAG   = 4;
  54     private static final int CHECKSUM_SEQUENCE_FLAG = 8;
  55     private static final int CHECKSUM_CONF_FLAG     = 16;
  56     private static final int CHECKSUM_INTEG_FLAG    = 32;
  57 
  58     private final byte[] CHECKSUM_FIRST_BYTES =
  59     {(byte)0x10, (byte)0x00, (byte)0x00, (byte)0x00};
  60 
  61     private static final int CHANNEL_BINDING_AF_UNSPEC = 0;
  62     private static final int CHANNEL_BINDING_AF_INET = 2;
  63     private static final int CHANNEL_BINDING_AF_INET6 = 24;
  64     private static final int CHANNEL_BINDING_AF_NULL_ADDR = 255;
  65 
  66     private static final int Inet4_ADDRSZ = 4;
  67     private static final int Inet6_ADDRSZ = 16;
  68 
  69     protected class OverloadedChecksum {
  70 
  71         private byte[] checksumBytes = null;
  72         private Credentials delegCreds = null;
  73         private int flags = 0;
  74 
  75         /**
  76          * Called on the initiator side when creating the
  77          * InitSecContextToken.
  78          */
  79         public OverloadedChecksum(Krb5Context context,
  80                                   Credentials tgt,
  81                                   Credentials serviceTicket)


 318                 context.setCredDelegState(true);
 319                 // default for the following are true
 320             if ((flags & CHECKSUM_MUTUAL_FLAG) == 0) {
 321                 context.setMutualAuthState(false);
 322             }
 323             if ((flags & CHECKSUM_REPLAY_FLAG) == 0) {
 324                 context.setReplayDetState(false);
 325             }
 326             if ((flags & CHECKSUM_SEQUENCE_FLAG) == 0) {
 327                 context.setSequenceDetState(false);
 328             }
 329             if ((flags & CHECKSUM_CONF_FLAG) == 0) {
 330                 context.setConfState(false);
 331             }
 332             if ((flags & CHECKSUM_INTEG_FLAG) == 0) {
 333                 context.setIntegState(false);
 334             }
 335         }
 336     }
 337 
 338     private int getAddrType(InetAddress addr, int defValue) {
 339         int addressType = defValue;
 340 
 341         if (addr instanceof Inet4Address)
 342             addressType = CHANNEL_BINDING_AF_INET;
 343         else if (addr instanceof Inet6Address)
 344             addressType = CHANNEL_BINDING_AF_INET6;
 345         return (addressType);
 346     }
 347 
 348     private byte[] getAddrBytes(InetAddress addr) throws GSSException {
 349         int addressType = getAddrType(addr, CHANNEL_BINDING_AF_NULL_ADDR);
 350         byte[] addressBytes = addr.getAddress();
 351         if (addressBytes != null) {
 352             switch (addressType) {
 353                 case CHANNEL_BINDING_AF_INET:
 354                     if (addressBytes.length != Inet4_ADDRSZ) {
 355                         throw new GSSException(GSSException.FAILURE, -1,
 356                         "Incorrect AF-INET address length in ChannelBinding.");
 357                     }
 358                     return (addressBytes);
 359                 case CHANNEL_BINDING_AF_INET6:
 360                     if (addressBytes.length != Inet6_ADDRSZ) {
 361                         throw new GSSException(GSSException.FAILURE, -1,
 362                         "Incorrect AF-INET6 address length in ChannelBinding.");
 363                     }
 364                     return (addressBytes);
 365                 default:
 366                     throw new GSSException(GSSException.FAILURE, -1,
 367                     "Cannot handle non AF-INET addresses in ChannelBinding.");
 368             }
 369         }
 370         return null;
 371     }
 372 
 373     private byte[] computeChannelBinding(ChannelBinding channelBinding)
 374         throws GSSException {
 375 
 376         InetAddress initiatorAddress = channelBinding.getInitiatorAddress();
 377         InetAddress acceptorAddress = channelBinding.getAcceptorAddress();
 378         int size = 5*4;
 379 
 380         // LDAP TLS Channel Binding requires CHANNEL_BINDING_AF_UNSPEC address type
 381         // for unspecified initiator and acceptor addresses.
 382         // CHANNEL_BINDING_AF_NULL_ADDR value should be used for unspecified address
 383         // in all other cases.
 384         int initiatorAddressType = getAddrType(initiatorAddress,
 385                 (channelBinding instanceof TlsChannelBindingImpl)?
 386                         CHANNEL_BINDING_AF_UNSPEC:CHANNEL_BINDING_AF_NULL_ADDR);
 387         int acceptorAddressType = getAddrType(acceptorAddress,
 388                 (channelBinding instanceof TlsChannelBindingImpl)?
 389                         CHANNEL_BINDING_AF_UNSPEC:CHANNEL_BINDING_AF_NULL_ADDR);
 390 
 391         byte[] initiatorAddressBytes = null;
 392         if (initiatorAddress != null) {
 393             initiatorAddressBytes = getAddrBytes(initiatorAddress);
 394             size += initiatorAddressBytes.length;
 395         }
 396 
 397         byte[] acceptorAddressBytes = null;
 398         if (acceptorAddress != null) {
 399             acceptorAddressBytes = getAddrBytes(acceptorAddress);
 400             size += acceptorAddressBytes.length;
 401         }
 402 
 403         byte[] appDataBytes = channelBinding.getApplicationData();
 404         if (appDataBytes != null) {
 405             size += appDataBytes.length;
 406         }
 407 
 408         byte[] data = new byte[size];
 409 


< prev index next >