|
Java example source code file (WrapToken_v2.java)
The WrapToken_v2.java Java example source code/* * Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as * published by the Free Software Foundation. Oracle designates this * particular file as subject to the "Classpath" exception as provided * by Oracle in the LICENSE file that accompanied this code. * * This code is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * version 2 for more details (a copy is included in the LICENSE file that * accompanied this code). * * You should have received a copy of the GNU General Public License version * 2 along with this work; if not, write to the Free Software Foundation, * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. * * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA * or visit www.oracle.com if you need additional information or have any * questions. */ package sun.security.jgss.krb5; import org.ietf.jgss.*; import sun.security.jgss.*; import java.io.InputStream; import java.io.OutputStream; import java.io.IOException; import java.io.ByteArrayOutputStream; import java.util.Arrays; import sun.security.krb5.Confounder; /** * This class represents the new format of GSS tokens, as specified in RFC * 4121, emitted by the GSSContext.wrap() call. It is a MessageToken except * that it also contains plaintext or encrypted data at the end. A WrapToken * has certain other rules that are peculiar to it and different from a * MICToken, which is another type of MessageToken. All data in a WrapToken is * prepended by a random confounder of 16 bytes. Thus, all application data * is replaced by (confounder || data || tokenHeader || checksum). * * @author Seema Malkani */ class WrapToken_v2 extends MessageToken_v2 { // Accessed by CipherHelper byte[] confounder = null; private final boolean privacy; /** * Constructs a WrapToken from token bytes obtained from the * peer. * @param context the mechanism context associated with this * token * @param tokenBytes the bytes of the token * @param tokenOffset the offset of the token * @param tokenLen the length of the token * @param prop the MessageProp into which characteristics of the * parsed token will be stored. * @throws GSSException if the token is defective */ public WrapToken_v2(Krb5Context context, byte[] tokenBytes, int tokenOffset, int tokenLen, MessageProp prop) throws GSSException { super(Krb5Token.WRAP_ID_v2, context, tokenBytes, tokenOffset, tokenLen, prop); this.privacy = prop.getPrivacy(); } /** * Constructs a WrapToken from token bytes read on the fly from * an InputStream. * @param context the mechanism context associated with this * token * @param is the InputStream containing the token bytes * @param prop the MessageProp into which characteristics of the * parsed token will be stored. * @throws GSSException if the token is defective or if there is * a problem reading from the InputStream */ public WrapToken_v2(Krb5Context context, InputStream is, MessageProp prop) throws GSSException { super(Krb5Token.WRAP_ID_v2, context, is, prop); this.privacy = prop.getPrivacy(); } /** * Obtains the application data that was transmitted in this * WrapToken. * @return a byte array containing the application data * @throws GSSException if an error occurs while decrypting any * cipher text and checking for validity */ public byte[] getData() throws GSSException { byte[] temp = new byte[tokenDataLen]; int len = getData(temp, 0); return Arrays.copyOf(temp, len); } /** * Obtains the application data that was transmitted in this * WrapToken, writing it into an application provided output * array. * @param dataBuf the output buffer into which the data must be * written * @param dataBufOffset the offset at which to write the data * @return the size of the data written * @throws GSSException if an error occurs while decrypting any * cipher text and checking for validity */ public int getData(byte[] dataBuf, int dataBufOffset) throws GSSException { // debug("WrapToken cons: data is token is [" + // getHexBytes(tokenBytes, tokenOffset, tokenLen) + "]\n"); // Do decryption if this token was privacy protected. if (privacy) { // decrypt data cipherHelper.decryptData(this, tokenData, 0, tokenDataLen, dataBuf, dataBufOffset, getKeyUsage()); return tokenDataLen - CONFOUNDER_SIZE - TOKEN_HEADER_SIZE - cipherHelper.getChecksumLength(); } else { // Token data is in cleartext // debug("\t\tNo encryption was performed by peer.\n"); // data int data_length = tokenDataLen - cipherHelper.getChecksumLength(); System.arraycopy(tokenData, 0, dataBuf, dataBufOffset, data_length); // debug("\t\tData is: " + getHexBytes(dataBuf, data_length)); /* * Make sure checksum is not corrupt */ if (!verifySign(dataBuf, dataBufOffset, data_length)) { throw new GSSException(GSSException.BAD_MIC, -1, "Corrupt checksum in Wrap token"); } return data_length; } } /** * Writes a WrapToken_v2 object */ public WrapToken_v2(Krb5Context context, MessageProp prop, byte[] dataBytes, int dataOffset, int dataLen) throws GSSException { super(Krb5Token.WRAP_ID_v2, context); confounder = Confounder.bytes(CONFOUNDER_SIZE); // debug("\nWrapToken cons: data to wrap is [" + // getHexBytes(confounder) + " " + // getHexBytes(dataBytes, dataOffset, dataLen) + "]\n"); genSignAndSeqNumber(prop, dataBytes, dataOffset, dataLen); /* * If the application decides to ask for privacy when the context * did not negotiate for it, do not provide it. The peer might not * have support for it. The app will realize this with a call to * pop.getPrivacy() after wrap(). */ if (!context.getConfState()) prop.setPrivacy(false); privacy = prop.getPrivacy(); if (!privacy) { // Wrap Tokens (without confidentiality) = // { 16 byte token_header | plaintext | 12-byte HMAC } // where HMAC is on { plaintext | token_header } tokenData = new byte[dataLen + checksum.length]; System.arraycopy(dataBytes, dataOffset, tokenData, 0, dataLen); System.arraycopy(checksum, 0, tokenData, dataLen, checksum.length); } else { // Wrap Tokens (with confidentiality) = // { 16 byte token_header | // Encrypt(16-byte confounder | plaintext | token_header) | // 12-byte HMAC } tokenData = cipherHelper.encryptData(this, confounder, getTokenHeader(), dataBytes, dataOffset, dataLen, getKeyUsage()); } } public void encode(OutputStream os) throws IOException { encodeHeader(os); os.write(tokenData); } public byte[] encode() throws IOException { ByteArrayOutputStream bos = new ByteArrayOutputStream( MessageToken_v2.TOKEN_HEADER_SIZE + tokenData.length); encode(bos); return bos.toByteArray(); } public int encode(byte[] outToken, int offset) throws IOException { byte[] token = encode(); System.arraycopy(token, 0, outToken, offset, token.length); return token.length; } // This implementation is way to conservative. And it certainly // doesn't return the maximum limit. static int getSizeLimit(int qop, boolean confReq, int maxTokenSize, CipherHelper ch) throws GSSException { return (GSSHeader.getMaxMechTokenSize(OID, maxTokenSize) - (TOKEN_HEADER_SIZE + ch.getChecksumLength() + CONFOUNDER_SIZE) - 8 /* safety */); } } Other Java examples (source code examples)Here is a short list of links related to this Java WrapToken_v2.java source code file: |
... this post is sponsored by my books ... | |
#1 New Release! |
FP Best Seller |
Copyright 1998-2024 Alvin Alexander, alvinalexander.com
All Rights Reserved.
A percentage of advertising revenue from
pages under the /java/jwarehouse
URI on this website is
paid back to open source projects.