204 private byte[] doHandshake1(byte[] responseData) throws SaslException {
205 try {
206 // Security context already established. responseData
207 // should contain no data
208 if (responseData != null && responseData.length > 0) {
209 throw new SaslException(
210 "Handshake expecting no response data from server");
211 }
212
213 // Construct 4 octets of data:
214 // First octet contains bitmask specifying protections supported
215 // 2nd-4th octets contains max receive buffer of server
216
217 byte[] gssInToken = new byte[4];
218 gssInToken[0] = allQop;
219 intToNetworkByteOrder(recvMaxBufSize, gssInToken, 1, 3);
220
221 if (logger.isLoggable(Level.FINE)) {
222 logger.log(Level.FINE,
223 "KRB5SRV06:Supported protections: {0}; recv max buf size: {1}",
224 new Object[]{new Byte(allQop),
225 new Integer(recvMaxBufSize)});
226 }
227
228 handshakeStage = 2; // progress to next stage
229
230 if (logger.isLoggable(Level.FINER)) {
231 traceOutput(MY_CLASS_NAME, "doHandshake1",
232 "KRB5SRV07:Challenge [raw]", gssInToken);
233 }
234
235 byte[] gssOutToken = secCtx.wrap(gssInToken, 0, gssInToken.length,
236 new MessageProp(0 /* gop */, false /* privacy */));
237
238 if (logger.isLoggable(Level.FINER)) {
239 traceOutput(MY_CLASS_NAME, "doHandshake1",
240 "KRB5SRV08:Challenge [after wrap]", gssOutToken);
241 }
242 return gssOutToken;
243
244 } catch (GSSException e) {
271 integrity = true;
272 }
273
274 // 2nd-4th octets specifies maximum buffer size expected by
275 // client (in network byte order). This is the server's send
276 // buffer maximum.
277 int clntMaxBufSize = networkByteOrderToInt(gssOutToken, 1, 3);
278
279 // Determine the max send buffer size based on what the
280 // client is able to receive and our specified max
281 sendMaxBufSize = (sendMaxBufSize == 0) ? clntMaxBufSize :
282 Math.min(sendMaxBufSize, clntMaxBufSize);
283
284 // Update context to limit size of returned buffer
285 rawSendSize = secCtx.getWrapSizeLimit(JGSS_QOP, privacy,
286 sendMaxBufSize);
287
288 if (logger.isLoggable(Level.FINE)) {
289 logger.log(Level.FINE,
290 "KRB5SRV10:Selected protection: {0}; privacy: {1}; integrity: {2}",
291 new Object[]{new Byte(selectedQop),
292 Boolean.valueOf(privacy),
293 Boolean.valueOf(integrity)});
294 logger.log(Level.FINE,
295 "KRB5SRV11:Client max recv size: {0}; server max send size: {1}; rawSendSize: {2}",
296 new Object[] {new Integer(clntMaxBufSize),
297 new Integer(sendMaxBufSize),
298 new Integer(rawSendSize)});
299 }
300
301 // Get authorization identity, if any
302 if (gssOutToken.length > 4) {
303 try {
304 authzid = new String(gssOutToken, 4,
305 gssOutToken.length - 4, "UTF-8");
306 } catch (UnsupportedEncodingException uee) {
307 throw new SaslException ("Cannot decode authzid", uee);
308 }
309 } else {
310 authzid = peer;
311 }
|
204 private byte[] doHandshake1(byte[] responseData) throws SaslException {
205 try {
206 // Security context already established. responseData
207 // should contain no data
208 if (responseData != null && responseData.length > 0) {
209 throw new SaslException(
210 "Handshake expecting no response data from server");
211 }
212
213 // Construct 4 octets of data:
214 // First octet contains bitmask specifying protections supported
215 // 2nd-4th octets contains max receive buffer of server
216
217 byte[] gssInToken = new byte[4];
218 gssInToken[0] = allQop;
219 intToNetworkByteOrder(recvMaxBufSize, gssInToken, 1, 3);
220
221 if (logger.isLoggable(Level.FINE)) {
222 logger.log(Level.FINE,
223 "KRB5SRV06:Supported protections: {0}; recv max buf size: {1}",
224 new Object[]{allQop,
225 new Integer(recvMaxBufSize)});
226 }
227
228 handshakeStage = 2; // progress to next stage
229
230 if (logger.isLoggable(Level.FINER)) {
231 traceOutput(MY_CLASS_NAME, "doHandshake1",
232 "KRB5SRV07:Challenge [raw]", gssInToken);
233 }
234
235 byte[] gssOutToken = secCtx.wrap(gssInToken, 0, gssInToken.length,
236 new MessageProp(0 /* gop */, false /* privacy */));
237
238 if (logger.isLoggable(Level.FINER)) {
239 traceOutput(MY_CLASS_NAME, "doHandshake1",
240 "KRB5SRV08:Challenge [after wrap]", gssOutToken);
241 }
242 return gssOutToken;
243
244 } catch (GSSException e) {
271 integrity = true;
272 }
273
274 // 2nd-4th octets specifies maximum buffer size expected by
275 // client (in network byte order). This is the server's send
276 // buffer maximum.
277 int clntMaxBufSize = networkByteOrderToInt(gssOutToken, 1, 3);
278
279 // Determine the max send buffer size based on what the
280 // client is able to receive and our specified max
281 sendMaxBufSize = (sendMaxBufSize == 0) ? clntMaxBufSize :
282 Math.min(sendMaxBufSize, clntMaxBufSize);
283
284 // Update context to limit size of returned buffer
285 rawSendSize = secCtx.getWrapSizeLimit(JGSS_QOP, privacy,
286 sendMaxBufSize);
287
288 if (logger.isLoggable(Level.FINE)) {
289 logger.log(Level.FINE,
290 "KRB5SRV10:Selected protection: {0}; privacy: {1}; integrity: {2}",
291 new Object[]{selectedQop,
292 Boolean.valueOf(privacy),
293 Boolean.valueOf(integrity)});
294 logger.log(Level.FINE,
295 "KRB5SRV11:Client max recv size: {0}; server max send size: {1}; rawSendSize: {2}",
296 new Object[] {new Integer(clntMaxBufSize),
297 new Integer(sendMaxBufSize),
298 new Integer(rawSendSize)});
299 }
300
301 // Get authorization identity, if any
302 if (gssOutToken.length > 4) {
303 try {
304 authzid = new String(gssOutToken, 4,
305 gssOutToken.length - 4, "UTF-8");
306 } catch (UnsupportedEncodingException uee) {
307 throw new SaslException ("Cannot decode authzid", uee);
308 }
309 } else {
310 authzid = peer;
311 }
|