|
2
|
1 |
/*
|
|
1574
|
2 |
* Copyright 2000-2008 Sun Microsystems, Inc. All Rights Reserved.
|
|
2
|
3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
|
|
4 |
*
|
|
|
5 |
* This code is free software; you can redistribute it and/or modify it
|
|
|
6 |
* under the terms of the GNU General Public License version 2 only, as
|
|
|
7 |
* published by the Free Software Foundation. Sun designates this
|
|
|
8 |
* particular file as subject to the "Classpath" exception as provided
|
|
|
9 |
* by Sun in the LICENSE file that accompanied this code.
|
|
|
10 |
*
|
|
|
11 |
* This code is distributed in the hope that it will be useful, but WITHOUT
|
|
|
12 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
|
13 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
|
14 |
* version 2 for more details (a copy is included in the LICENSE file that
|
|
|
15 |
* accompanied this code).
|
|
|
16 |
*
|
|
|
17 |
* You should have received a copy of the GNU General Public License version
|
|
|
18 |
* 2 along with this work; if not, write to the Free Software Foundation,
|
|
|
19 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
|
20 |
*
|
|
|
21 |
* Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
|
|
|
22 |
* CA 95054 USA or visit www.sun.com if you need additional information or
|
|
|
23 |
* have any questions.
|
|
|
24 |
*/
|
|
|
25 |
|
|
|
26 |
package sun.security.jgss;
|
|
|
27 |
|
|
|
28 |
import org.ietf.jgss.*;
|
|
|
29 |
import sun.security.jgss.spi.*;
|
|
|
30 |
import sun.security.jgss.*;
|
|
|
31 |
import sun.security.util.ObjectIdentifier;
|
|
|
32 |
import java.io.InputStream;
|
|
|
33 |
import java.io.OutputStream;
|
|
|
34 |
import java.io.ByteArrayInputStream;
|
|
|
35 |
import java.io.ByteArrayOutputStream;
|
|
|
36 |
import java.io.IOException;
|
|
|
37 |
|
|
|
38 |
|
|
|
39 |
/**
|
|
|
40 |
* This class represents the JGSS security context and its associated
|
|
|
41 |
* operations. JGSS security contexts are established between
|
|
|
42 |
* peers using locally established credentials. Multiple contexts
|
|
|
43 |
* may exist simultaneously between a pair of peers, using the same
|
|
|
44 |
* or different set of credentials. The JGSS is independent of
|
|
|
45 |
* the underlying transport protocols and depends on its callers to
|
|
|
46 |
* transport the tokens between peers.
|
|
|
47 |
* <p>
|
|
|
48 |
* The context object can be thought of as having 3 implicit states:
|
|
|
49 |
* before it is established, during its context establishment, and
|
|
|
50 |
* after a fully established context exists.
|
|
|
51 |
* <p>
|
|
|
52 |
* Before the context establishment phase is initiated, the context
|
|
|
53 |
* initiator may request specific characteristics desired of the
|
|
|
54 |
* established context. These can be set using the set methods. After the
|
|
|
55 |
* context is established, the caller can check the actual characteristic
|
|
|
56 |
* and services offered by the context using the query methods.
|
|
|
57 |
* <p>
|
|
|
58 |
* The context establishment phase begins with the first call to the
|
|
|
59 |
* initSecContext method by the context initiator. During this phase the
|
|
|
60 |
* initSecContext and acceptSecContext methods will produce GSS-API
|
|
|
61 |
* authentication tokens which the calling application needs to send to its
|
|
|
62 |
* peer. The initSecContext and acceptSecContext methods may
|
|
|
63 |
* return a CONTINUE_NEEDED code which indicates that a token is needed
|
|
|
64 |
* from its peer in order to continue the context establishment phase. A
|
|
|
65 |
* return code of COMPLETE signals that the local end of the context is
|
|
|
66 |
* established. This may still require that a token be sent to the peer,
|
|
|
67 |
* depending if one is produced by GSS-API. The isEstablished method can
|
|
|
68 |
* also be used to determine if the local end of the context has been
|
|
|
69 |
* fully established. During the context establishment phase, the
|
|
|
70 |
* isProtReady method may be called to determine if the context can be
|
|
|
71 |
* used for the per-message operations. This allows implementation to
|
|
|
72 |
* use per-message operations on contexts which aren't fully established.
|
|
|
73 |
* <p>
|
|
|
74 |
* After the context has been established or the isProtReady method
|
|
|
75 |
* returns "true", the query routines can be invoked to determine the actual
|
|
|
76 |
* characteristics and services of the established context. The
|
|
|
77 |
* application can also start using the per-message methods of wrap and
|
|
|
78 |
* getMIC to obtain cryptographic operations on application supplied data.
|
|
|
79 |
* <p>
|
|
|
80 |
* When the context is no longer needed, the application should call
|
|
|
81 |
* dispose to release any system resources the context may be using.
|
|
|
82 |
* <DL><DT><B>RFC 2078</b>
|
|
|
83 |
* <DD>This class corresponds to the context level calls together with
|
|
|
84 |
* the per message calls of RFC 2078. The gss_init_sec_context and
|
|
|
85 |
* gss_accept_sec_context calls have been made simpler by only taking
|
|
|
86 |
* required parameters. The context can have its properties set before
|
|
|
87 |
* the first call to initSecContext. The supplementary status codes for the
|
|
|
88 |
* per-message operations are returned in an instance of the MessageProp
|
|
|
89 |
* class, which is used as an argument in these calls.</dl>
|
|
|
90 |
*/
|
|
|
91 |
class GSSContextImpl implements GSSContext {
|
|
|
92 |
|
|
|
93 |
private GSSManagerImpl gssManager = null;
|
|
|
94 |
|
|
|
95 |
// private flags for the context state
|
|
|
96 |
private static final int PRE_INIT = 1;
|
|
|
97 |
private static final int IN_PROGRESS = 2;
|
|
|
98 |
private static final int READY = 3;
|
|
|
99 |
private static final int DELETED = 4;
|
|
|
100 |
|
|
|
101 |
// instance variables
|
|
|
102 |
private int currentState = PRE_INIT;
|
|
|
103 |
private boolean initiator;
|
|
|
104 |
|
|
|
105 |
private GSSContextSpi mechCtxt = null;
|
|
|
106 |
private Oid mechOid = null;
|
|
|
107 |
private ObjectIdentifier objId = null;
|
|
|
108 |
|
|
|
109 |
private GSSCredentialImpl myCred = null;
|
|
|
110 |
private GSSCredentialImpl delegCred = null;
|
|
|
111 |
|
|
|
112 |
private GSSNameImpl srcName = null;
|
|
|
113 |
private GSSNameImpl targName = null;
|
|
|
114 |
|
|
|
115 |
private int reqLifetime = INDEFINITE_LIFETIME;
|
|
|
116 |
private ChannelBinding channelBindings = null;
|
|
|
117 |
|
|
|
118 |
private boolean reqConfState = true;
|
|
|
119 |
private boolean reqIntegState = true;
|
|
|
120 |
private boolean reqMutualAuthState = true;
|
|
|
121 |
private boolean reqReplayDetState = true;
|
|
|
122 |
private boolean reqSequenceDetState = true;
|
|
|
123 |
private boolean reqCredDelegState = false;
|
|
|
124 |
private boolean reqAnonState = false;
|
|
|
125 |
|
|
|
126 |
/**
|
|
|
127 |
* Creates a GSSContextImp on the context initiator's side.
|
|
|
128 |
*/
|
|
|
129 |
public GSSContextImpl(GSSManagerImpl gssManager, GSSName peer, Oid mech,
|
|
|
130 |
GSSCredential myCred, int lifetime)
|
|
|
131 |
throws GSSException {
|
|
|
132 |
if ((peer == null) || !(peer instanceof GSSNameImpl)) {
|
|
|
133 |
throw new GSSException(GSSException.BAD_NAME);
|
|
|
134 |
}
|
|
|
135 |
if (mech == null) mech = ProviderList.DEFAULT_MECH_OID;
|
|
|
136 |
|
|
|
137 |
this.gssManager = gssManager;
|
|
|
138 |
this.myCred = (GSSCredentialImpl) myCred; // XXX Check first
|
|
|
139 |
reqLifetime = lifetime;
|
|
|
140 |
targName = (GSSNameImpl)peer;
|
|
|
141 |
this.mechOid = mech;
|
|
|
142 |
initiator = true;
|
|
|
143 |
}
|
|
|
144 |
|
|
|
145 |
/**
|
|
|
146 |
* Creates a GSSContextImpl on the context acceptor's side.
|
|
|
147 |
*/
|
|
|
148 |
public GSSContextImpl(GSSManagerImpl gssManager, GSSCredential myCred)
|
|
|
149 |
throws GSSException {
|
|
|
150 |
this.gssManager = gssManager;
|
|
|
151 |
this.myCred = (GSSCredentialImpl) myCred; // XXX Check first
|
|
|
152 |
initiator = false;
|
|
|
153 |
}
|
|
|
154 |
|
|
|
155 |
/**
|
|
|
156 |
* Creates a GSSContextImpl out of a previously exported
|
|
|
157 |
* GSSContext.
|
|
|
158 |
*
|
|
|
159 |
* @see #isTransferable
|
|
|
160 |
*/
|
|
|
161 |
public GSSContextImpl(GSSManagerImpl gssManager, byte[] interProcessToken)
|
|
|
162 |
throws GSSException {
|
|
|
163 |
this.gssManager = gssManager;
|
|
|
164 |
mechCtxt = gssManager.getMechanismContext(interProcessToken);
|
|
|
165 |
initiator = mechCtxt.isInitiator();
|
|
|
166 |
this.mechOid = mechCtxt.getMech();
|
|
|
167 |
}
|
|
|
168 |
|
|
|
169 |
public byte[] initSecContext(byte inputBuf[], int offset, int len)
|
|
|
170 |
throws GSSException {
|
|
|
171 |
/*
|
|
|
172 |
* Size of ByteArrayOutputStream will double each time that extra
|
|
|
173 |
* bytes are to be written. Usually, without delegation, a GSS
|
|
|
174 |
* initial token containing the Kerberos AP-REQ is between 400 and
|
|
|
175 |
* 600 bytes.
|
|
|
176 |
*/
|
|
|
177 |
ByteArrayOutputStream bos = new ByteArrayOutputStream(600);
|
|
|
178 |
ByteArrayInputStream bin =
|
|
|
179 |
new ByteArrayInputStream(inputBuf, offset, len);
|
|
|
180 |
int size = initSecContext(bin, bos);
|
|
|
181 |
return (size == 0? null : bos.toByteArray());
|
|
|
182 |
}
|
|
|
183 |
|
|
|
184 |
public int initSecContext(InputStream inStream,
|
|
|
185 |
OutputStream outStream) throws GSSException {
|
|
|
186 |
|
|
|
187 |
if (mechCtxt != null && currentState != IN_PROGRESS) {
|
|
|
188 |
throw new GSSExceptionImpl(GSSException.FAILURE,
|
|
|
189 |
"Illegal call to initSecContext");
|
|
|
190 |
}
|
|
|
191 |
|
|
|
192 |
GSSHeader gssHeader = null;
|
|
|
193 |
int inTokenLen = -1;
|
|
|
194 |
GSSCredentialSpi credElement = null;
|
|
|
195 |
boolean firstToken = false;
|
|
|
196 |
|
|
|
197 |
try {
|
|
|
198 |
if (mechCtxt == null) {
|
|
|
199 |
if (myCred != null) {
|
|
|
200 |
try {
|
|
|
201 |
credElement = myCred.getElement(mechOid, true);
|
|
|
202 |
} catch (GSSException ge) {
|
|
|
203 |
if (GSSUtil.isSpNegoMech(mechOid) &&
|
|
|
204 |
ge.getMajor() == GSSException.NO_CRED) {
|
|
|
205 |
credElement = myCred.getElement
|
|
|
206 |
(myCred.getMechs()[0], true);
|
|
|
207 |
} else {
|
|
|
208 |
throw ge;
|
|
|
209 |
}
|
|
|
210 |
}
|
|
|
211 |
}
|
|
|
212 |
GSSNameSpi nameElement = targName.getElement(mechOid);
|
|
|
213 |
mechCtxt = gssManager.getMechanismContext(nameElement,
|
|
|
214 |
credElement,
|
|
|
215 |
reqLifetime,
|
|
|
216 |
mechOid);
|
|
|
217 |
mechCtxt.requestConf(reqConfState);
|
|
|
218 |
mechCtxt.requestInteg(reqIntegState);
|
|
|
219 |
mechCtxt.requestCredDeleg(reqCredDelegState);
|
|
|
220 |
mechCtxt.requestMutualAuth(reqMutualAuthState);
|
|
|
221 |
mechCtxt.requestReplayDet(reqReplayDetState);
|
|
|
222 |
mechCtxt.requestSequenceDet(reqSequenceDetState);
|
|
|
223 |
mechCtxt.requestAnonymity(reqAnonState);
|
|
|
224 |
mechCtxt.setChannelBinding(channelBindings);
|
|
|
225 |
|
|
|
226 |
objId = new ObjectIdentifier(mechOid.toString());
|
|
|
227 |
|
|
|
228 |
currentState = IN_PROGRESS;
|
|
|
229 |
firstToken = true;
|
|
|
230 |
} else {
|
|
|
231 |
if (mechCtxt.getProvider().getName().equals("SunNativeGSS") ||
|
|
|
232 |
GSSUtil.isSpNegoMech(mechOid)) {
|
|
|
233 |
// do not parse GSS header for native provider or SPNEGO
|
|
|
234 |
// mech
|
|
|
235 |
} else {
|
|
|
236 |
// parse GSS header
|
|
|
237 |
gssHeader = new GSSHeader(inStream);
|
|
|
238 |
if (!gssHeader.getOid().equals((Object) objId))
|
|
|
239 |
throw new GSSExceptionImpl
|
|
|
240 |
(GSSException.DEFECTIVE_TOKEN,
|
|
|
241 |
"Mechanism not equal to " +
|
|
|
242 |
mechOid.toString() +
|
|
|
243 |
" in initSecContext token");
|
|
|
244 |
inTokenLen = gssHeader.getMechTokenLength();
|
|
|
245 |
}
|
|
|
246 |
}
|
|
|
247 |
|
|
|
248 |
byte[] obuf = mechCtxt.initSecContext(inStream, inTokenLen);
|
|
|
249 |
|
|
|
250 |
int retVal = 0;
|
|
|
251 |
|
|
|
252 |
if (obuf != null) {
|
|
|
253 |
retVal = obuf.length;
|
|
|
254 |
if (mechCtxt.getProvider().getName().equals("SunNativeGSS") ||
|
|
|
255 |
(!firstToken && GSSUtil.isSpNegoMech(mechOid))) {
|
|
|
256 |
// do not add GSS header for native provider or SPNEGO
|
|
|
257 |
// except for the first SPNEGO token
|
|
|
258 |
} else {
|
|
|
259 |
// add GSS header
|
|
|
260 |
gssHeader = new GSSHeader(objId, obuf.length);
|
|
|
261 |
retVal += gssHeader.encode(outStream);
|
|
|
262 |
}
|
|
|
263 |
outStream.write(obuf);
|
|
|
264 |
}
|
|
|
265 |
|
|
|
266 |
if (mechCtxt.isEstablished())
|
|
|
267 |
currentState = READY;
|
|
|
268 |
|
|
|
269 |
return retVal;
|
|
|
270 |
|
|
|
271 |
} catch (IOException e) {
|
|
|
272 |
throw new GSSExceptionImpl(GSSException.DEFECTIVE_TOKEN,
|
|
|
273 |
e.getMessage());
|
|
|
274 |
}
|
|
|
275 |
}
|
|
|
276 |
|
|
|
277 |
public byte[] acceptSecContext(byte inTok[], int offset, int len)
|
|
|
278 |
throws GSSException {
|
|
|
279 |
|
|
|
280 |
/*
|
|
|
281 |
* Usually initial GSS token containing a Kerberos AP-REP is less
|
|
|
282 |
* than 100 bytes.
|
|
|
283 |
*/
|
|
|
284 |
ByteArrayOutputStream bos = new ByteArrayOutputStream(100);
|
|
|
285 |
acceptSecContext(new ByteArrayInputStream(inTok, offset, len),
|
|
|
286 |
bos);
|
|
1574
|
287 |
byte[] out = bos.toByteArray();
|
|
|
288 |
return (out.length == 0) ? null : out;
|
|
2
|
289 |
}
|
|
|
290 |
|
|
|
291 |
public void acceptSecContext(InputStream inStream,
|
|
|
292 |
OutputStream outStream) throws GSSException {
|
|
|
293 |
|
|
|
294 |
if (mechCtxt != null && currentState != IN_PROGRESS) {
|
|
|
295 |
throw new GSSExceptionImpl(GSSException.FAILURE,
|
|
|
296 |
"Illegal call to acceptSecContext");
|
|
|
297 |
}
|
|
|
298 |
|
|
|
299 |
GSSHeader gssHeader = null;
|
|
|
300 |
int inTokenLen = -1;
|
|
|
301 |
GSSCredentialSpi credElement = null;
|
|
|
302 |
|
|
|
303 |
try {
|
|
|
304 |
if (mechCtxt == null) {
|
|
|
305 |
// mechOid will be null for an acceptor's context
|
|
|
306 |
gssHeader = new GSSHeader(inStream);
|
|
|
307 |
inTokenLen = gssHeader.getMechTokenLength();
|
|
|
308 |
|
|
|
309 |
/*
|
|
|
310 |
* Convert ObjectIdentifier to Oid
|
|
|
311 |
*/
|
|
|
312 |
objId = gssHeader.getOid();
|
|
|
313 |
mechOid = new Oid(objId.toString());
|
|
|
314 |
// System.out.println("Entered GSSContextImpl.acceptSecContext"
|
|
|
315 |
// + " with mechanism = " + mechOid);
|
|
|
316 |
if (myCred != null) {
|
|
|
317 |
credElement = myCred.getElement(mechOid, false);
|
|
|
318 |
}
|
|
|
319 |
|
|
|
320 |
mechCtxt = gssManager.getMechanismContext(credElement,
|
|
|
321 |
mechOid);
|
|
|
322 |
mechCtxt.setChannelBinding(channelBindings);
|
|
|
323 |
|
|
|
324 |
currentState = IN_PROGRESS;
|
|
|
325 |
} else {
|
|
|
326 |
if (mechCtxt.getProvider().getName().equals("SunNativeGSS") ||
|
|
|
327 |
(GSSUtil.isSpNegoMech(mechOid))) {
|
|
|
328 |
// do not parse GSS header for native provider and SPNEGO
|
|
|
329 |
} else {
|
|
|
330 |
// parse GSS Header
|
|
|
331 |
gssHeader = new GSSHeader(inStream);
|
|
|
332 |
if (!gssHeader.getOid().equals((Object) objId))
|
|
|
333 |
throw new GSSExceptionImpl
|
|
|
334 |
(GSSException.DEFECTIVE_TOKEN,
|
|
|
335 |
"Mechanism not equal to " +
|
|
|
336 |
mechOid.toString() +
|
|
|
337 |
" in acceptSecContext token");
|
|
|
338 |
inTokenLen = gssHeader.getMechTokenLength();
|
|
|
339 |
}
|
|
|
340 |
}
|
|
|
341 |
|
|
|
342 |
byte[] obuf = mechCtxt.acceptSecContext(inStream, inTokenLen);
|
|
|
343 |
|
|
|
344 |
if (obuf != null) {
|
|
|
345 |
int retVal = obuf.length;
|
|
|
346 |
if (mechCtxt.getProvider().getName().equals("SunNativeGSS") ||
|
|
|
347 |
(GSSUtil.isSpNegoMech(mechOid))) {
|
|
|
348 |
// do not add GSS header for native provider and SPNEGO
|
|
|
349 |
} else {
|
|
|
350 |
// add GSS header
|
|
|
351 |
gssHeader = new GSSHeader(objId, obuf.length);
|
|
|
352 |
retVal += gssHeader.encode(outStream);
|
|
|
353 |
}
|
|
|
354 |
outStream.write(obuf);
|
|
|
355 |
}
|
|
|
356 |
|
|
|
357 |
if (mechCtxt.isEstablished()) {
|
|
|
358 |
currentState = READY;
|
|
|
359 |
}
|
|
|
360 |
} catch (IOException e) {
|
|
|
361 |
throw new GSSExceptionImpl(GSSException.DEFECTIVE_TOKEN,
|
|
|
362 |
e.getMessage());
|
|
|
363 |
}
|
|
|
364 |
}
|
|
|
365 |
|
|
|
366 |
public boolean isEstablished() {
|
|
|
367 |
if (mechCtxt == null)
|
|
|
368 |
return false;
|
|
|
369 |
else
|
|
|
370 |
return (currentState == READY);
|
|
|
371 |
}
|
|
|
372 |
|
|
|
373 |
public int getWrapSizeLimit(int qop, boolean confReq,
|
|
|
374 |
int maxTokenSize) throws GSSException {
|
|
|
375 |
if (mechCtxt != null)
|
|
|
376 |
return mechCtxt.getWrapSizeLimit(qop, confReq, maxTokenSize);
|
|
|
377 |
else
|
|
|
378 |
throw new GSSExceptionImpl(GSSException.NO_CONTEXT,
|
|
|
379 |
"No mechanism context yet!");
|
|
|
380 |
}
|
|
|
381 |
|
|
|
382 |
public byte[] wrap(byte inBuf[], int offset, int len,
|
|
|
383 |
MessageProp msgProp) throws GSSException {
|
|
|
384 |
if (mechCtxt != null)
|
|
|
385 |
return mechCtxt.wrap(inBuf, offset, len, msgProp);
|
|
|
386 |
else
|
|
|
387 |
throw new GSSExceptionImpl(GSSException.NO_CONTEXT,
|
|
|
388 |
"No mechanism context yet!");
|
|
|
389 |
}
|
|
|
390 |
|
|
|
391 |
public void wrap(InputStream inStream, OutputStream outStream,
|
|
|
392 |
MessageProp msgProp) throws GSSException {
|
|
|
393 |
if (mechCtxt != null)
|
|
|
394 |
mechCtxt.wrap(inStream, outStream, msgProp);
|
|
|
395 |
else
|
|
|
396 |
throw new GSSExceptionImpl(GSSException.NO_CONTEXT,
|
|
|
397 |
"No mechanism context yet!");
|
|
|
398 |
}
|
|
|
399 |
|
|
|
400 |
public byte [] unwrap(byte[] inBuf, int offset, int len,
|
|
|
401 |
MessageProp msgProp) throws GSSException {
|
|
|
402 |
if (mechCtxt != null)
|
|
|
403 |
return mechCtxt.unwrap(inBuf, offset, len, msgProp);
|
|
|
404 |
else
|
|
|
405 |
throw new GSSExceptionImpl(GSSException.NO_CONTEXT,
|
|
|
406 |
"No mechanism context yet!");
|
|
|
407 |
}
|
|
|
408 |
|
|
|
409 |
public void unwrap(InputStream inStream, OutputStream outStream,
|
|
|
410 |
MessageProp msgProp) throws GSSException {
|
|
|
411 |
if (mechCtxt != null)
|
|
|
412 |
mechCtxt.unwrap(inStream, outStream, msgProp);
|
|
|
413 |
else
|
|
|
414 |
throw new GSSExceptionImpl(GSSException.NO_CONTEXT,
|
|
|
415 |
"No mechanism context yet!");
|
|
|
416 |
}
|
|
|
417 |
|
|
|
418 |
public byte[] getMIC(byte []inMsg, int offset, int len,
|
|
|
419 |
MessageProp msgProp) throws GSSException {
|
|
|
420 |
if (mechCtxt != null)
|
|
|
421 |
return mechCtxt.getMIC(inMsg, offset, len, msgProp);
|
|
|
422 |
else
|
|
|
423 |
throw new GSSExceptionImpl(GSSException.NO_CONTEXT,
|
|
|
424 |
"No mechanism context yet!");
|
|
|
425 |
}
|
|
|
426 |
|
|
|
427 |
public void getMIC(InputStream inStream, OutputStream outStream,
|
|
|
428 |
MessageProp msgProp) throws GSSException {
|
|
|
429 |
if (mechCtxt != null)
|
|
|
430 |
mechCtxt.getMIC(inStream, outStream, msgProp);
|
|
|
431 |
else
|
|
|
432 |
throw new GSSExceptionImpl(GSSException.NO_CONTEXT,
|
|
|
433 |
"No mechanism context yet!");
|
|
|
434 |
}
|
|
|
435 |
|
|
|
436 |
public void verifyMIC(byte[] inTok, int tokOffset, int tokLen,
|
|
|
437 |
byte[] inMsg, int msgOffset, int msgLen,
|
|
|
438 |
MessageProp msgProp) throws GSSException {
|
|
|
439 |
if (mechCtxt != null)
|
|
|
440 |
mechCtxt.verifyMIC(inTok, tokOffset, tokLen,
|
|
|
441 |
inMsg, msgOffset, msgLen, msgProp);
|
|
|
442 |
else
|
|
|
443 |
throw new GSSExceptionImpl(GSSException.NO_CONTEXT,
|
|
|
444 |
"No mechanism context yet!");
|
|
|
445 |
}
|
|
|
446 |
|
|
|
447 |
public void verifyMIC(InputStream tokStream, InputStream msgStream,
|
|
|
448 |
MessageProp msgProp) throws GSSException {
|
|
|
449 |
if (mechCtxt != null)
|
|
|
450 |
mechCtxt.verifyMIC(tokStream, msgStream, msgProp);
|
|
|
451 |
else
|
|
|
452 |
throw new GSSExceptionImpl(GSSException.NO_CONTEXT,
|
|
|
453 |
"No mechanism context yet!");
|
|
|
454 |
}
|
|
|
455 |
|
|
|
456 |
public byte[] export() throws GSSException {
|
|
|
457 |
// Defaults to null to match old behavior
|
|
|
458 |
byte[] result = null;
|
|
|
459 |
// Only allow context export from native provider since JGSS
|
|
|
460 |
// still has not defined its own interprocess token format
|
|
|
461 |
if (mechCtxt.isTransferable() &&
|
|
|
462 |
mechCtxt.getProvider().getName().equals("SunNativeGSS")) {
|
|
|
463 |
result = mechCtxt.export();
|
|
|
464 |
}
|
|
|
465 |
return result;
|
|
|
466 |
}
|
|
|
467 |
|
|
|
468 |
public void requestMutualAuth(boolean state) throws GSSException {
|
|
|
469 |
if (mechCtxt == null)
|
|
|
470 |
reqMutualAuthState = state;
|
|
|
471 |
}
|
|
|
472 |
|
|
|
473 |
public void requestReplayDet(boolean state) throws GSSException {
|
|
|
474 |
if (mechCtxt == null)
|
|
|
475 |
reqReplayDetState = state;
|
|
|
476 |
}
|
|
|
477 |
|
|
|
478 |
public void requestSequenceDet(boolean state) throws GSSException {
|
|
|
479 |
if (mechCtxt == null)
|
|
|
480 |
reqSequenceDetState = state;
|
|
|
481 |
}
|
|
|
482 |
|
|
|
483 |
public void requestCredDeleg(boolean state) throws GSSException {
|
|
|
484 |
if (mechCtxt == null)
|
|
|
485 |
reqCredDelegState = state;
|
|
|
486 |
}
|
|
|
487 |
|
|
|
488 |
public void requestAnonymity(boolean state) throws GSSException {
|
|
|
489 |
if (mechCtxt == null)
|
|
|
490 |
reqAnonState = state;
|
|
|
491 |
}
|
|
|
492 |
|
|
|
493 |
public void requestConf(boolean state) throws GSSException {
|
|
|
494 |
if (mechCtxt == null)
|
|
|
495 |
reqConfState = state;
|
|
|
496 |
}
|
|
|
497 |
|
|
|
498 |
public void requestInteg(boolean state) throws GSSException {
|
|
|
499 |
if (mechCtxt == null)
|
|
|
500 |
reqIntegState = state;
|
|
|
501 |
}
|
|
|
502 |
|
|
|
503 |
public void requestLifetime(int lifetime) throws GSSException {
|
|
|
504 |
if (mechCtxt == null)
|
|
|
505 |
reqLifetime = lifetime;
|
|
|
506 |
}
|
|
|
507 |
|
|
|
508 |
public void setChannelBinding(ChannelBinding channelBindings)
|
|
|
509 |
throws GSSException {
|
|
|
510 |
|
|
|
511 |
if (mechCtxt == null)
|
|
|
512 |
this.channelBindings = channelBindings;
|
|
|
513 |
|
|
|
514 |
}
|
|
|
515 |
|
|
|
516 |
public boolean getCredDelegState() {
|
|
|
517 |
if (mechCtxt != null)
|
|
|
518 |
return mechCtxt.getCredDelegState();
|
|
|
519 |
else
|
|
|
520 |
return reqCredDelegState;
|
|
|
521 |
}
|
|
|
522 |
|
|
|
523 |
public boolean getMutualAuthState() {
|
|
|
524 |
if (mechCtxt != null)
|
|
|
525 |
return mechCtxt.getMutualAuthState();
|
|
|
526 |
else
|
|
|
527 |
return reqMutualAuthState;
|
|
|
528 |
}
|
|
|
529 |
|
|
|
530 |
public boolean getReplayDetState() {
|
|
|
531 |
if (mechCtxt != null)
|
|
|
532 |
return mechCtxt.getReplayDetState();
|
|
|
533 |
else
|
|
|
534 |
return reqReplayDetState;
|
|
|
535 |
}
|
|
|
536 |
|
|
|
537 |
public boolean getSequenceDetState() {
|
|
|
538 |
if (mechCtxt != null)
|
|
|
539 |
return mechCtxt.getSequenceDetState();
|
|
|
540 |
else
|
|
|
541 |
return reqSequenceDetState;
|
|
|
542 |
}
|
|
|
543 |
|
|
|
544 |
public boolean getAnonymityState() {
|
|
|
545 |
if (mechCtxt != null)
|
|
|
546 |
return mechCtxt.getAnonymityState();
|
|
|
547 |
else
|
|
|
548 |
return reqAnonState;
|
|
|
549 |
}
|
|
|
550 |
|
|
|
551 |
public boolean isTransferable() throws GSSException {
|
|
|
552 |
if (mechCtxt != null)
|
|
|
553 |
return mechCtxt.isTransferable();
|
|
|
554 |
else
|
|
|
555 |
return false;
|
|
|
556 |
}
|
|
|
557 |
|
|
|
558 |
public boolean isProtReady() {
|
|
|
559 |
if (mechCtxt != null)
|
|
|
560 |
return mechCtxt.isProtReady();
|
|
|
561 |
else
|
|
|
562 |
return false;
|
|
|
563 |
}
|
|
|
564 |
|
|
|
565 |
public boolean getConfState() {
|
|
|
566 |
if (mechCtxt != null)
|
|
|
567 |
return mechCtxt.getConfState();
|
|
|
568 |
else
|
|
|
569 |
return reqConfState;
|
|
|
570 |
}
|
|
|
571 |
|
|
|
572 |
public boolean getIntegState() {
|
|
|
573 |
if (mechCtxt != null)
|
|
|
574 |
return mechCtxt.getIntegState();
|
|
|
575 |
else
|
|
|
576 |
return reqIntegState;
|
|
|
577 |
}
|
|
|
578 |
|
|
|
579 |
public int getLifetime() {
|
|
|
580 |
if (mechCtxt != null)
|
|
|
581 |
return mechCtxt.getLifetime();
|
|
|
582 |
else
|
|
|
583 |
return reqLifetime;
|
|
|
584 |
}
|
|
|
585 |
|
|
|
586 |
public GSSName getSrcName() throws GSSException {
|
|
|
587 |
if (srcName == null) {
|
|
|
588 |
srcName = GSSNameImpl.wrapElement
|
|
|
589 |
(gssManager, mechCtxt.getSrcName());
|
|
|
590 |
}
|
|
|
591 |
return srcName;
|
|
|
592 |
}
|
|
|
593 |
|
|
|
594 |
public GSSName getTargName() throws GSSException {
|
|
|
595 |
if (targName == null) {
|
|
|
596 |
targName = GSSNameImpl.wrapElement
|
|
|
597 |
(gssManager, mechCtxt.getTargName());
|
|
|
598 |
}
|
|
|
599 |
return targName;
|
|
|
600 |
}
|
|
|
601 |
|
|
|
602 |
public Oid getMech() throws GSSException {
|
|
|
603 |
if (mechCtxt != null) {
|
|
|
604 |
return mechCtxt.getMech();
|
|
|
605 |
}
|
|
|
606 |
return mechOid;
|
|
|
607 |
}
|
|
|
608 |
|
|
|
609 |
public GSSCredential getDelegCred() throws GSSException {
|
|
|
610 |
|
|
|
611 |
if (mechCtxt == null)
|
|
|
612 |
throw new GSSExceptionImpl(GSSException.NO_CONTEXT,
|
|
|
613 |
"No mechanism context yet!");
|
|
|
614 |
GSSCredentialSpi delCredElement = mechCtxt.getDelegCred();
|
|
|
615 |
return (delCredElement == null ?
|
|
|
616 |
null : new GSSCredentialImpl(gssManager, delCredElement));
|
|
|
617 |
}
|
|
|
618 |
|
|
|
619 |
public boolean isInitiator() throws GSSException {
|
|
|
620 |
return initiator;
|
|
|
621 |
}
|
|
|
622 |
|
|
|
623 |
public void dispose() throws GSSException {
|
|
|
624 |
currentState = DELETED;
|
|
|
625 |
if (mechCtxt != null) {
|
|
|
626 |
mechCtxt.dispose();
|
|
|
627 |
mechCtxt = null;
|
|
|
628 |
}
|
|
|
629 |
myCred = null;
|
|
|
630 |
srcName = null;
|
|
|
631 |
targName = null;
|
|
|
632 |
}
|
|
|
633 |
}
|