public synchronized GSSNameSpi getElement(Oid mechOid) throws GSSException { GSSNameSpi retVal = elements.get(mechOid); if (retVal == null) { if (appNameStr != null) { retVal = gssManager.getNameElement(appNameStr, appNameType, mechOid); } else { retVal = gssManager.getNameElement(appNameBytes, appNameType, mechOid); } elements.put(mechOid, retVal); } return retVal; }
/** * This method may return false negatives. But if it says two names are equals, then there is some * mechanism that authenticates them as the same principal. */ public boolean equals(GSSName other) throws GSSException { if (this.isAnonymous() || other.isAnonymous()) return false; if (other == this) return true; if (!(other instanceof GSSNameImpl)) return equals(gssManager.createName(other.toString(), other.getStringNameType())); /* * XXX Do a comparison of the appNameStr/appNameBytes if * available. If that fails, then proceed with this test. */ GSSNameImpl that = (GSSNameImpl) other; GSSNameSpi myElement = this.mechElement; GSSNameSpi element = that.mechElement; /* * XXX If they are not of the same mechanism type, convert both to * Kerberos since it is guaranteed to be present. */ if ((myElement == null) && (element != null)) { myElement = this.getElement(element.getMechanism()); } else if ((myElement != null) && (element == null)) { element = that.getElement(myElement.getMechanism()); } if (myElement != null && element != null) { return myElement.equals(element); } if ((this.appNameType != null) && (that.appNameType != null)) { if (!this.appNameType.equals(that.appNameType)) { return false; } byte[] myBytes = null; byte[] bytes = null; try { myBytes = (this.appNameStr != null ? this.appNameStr.getBytes("UTF-8") : this.appNameBytes); bytes = (that.appNameStr != null ? that.appNameStr.getBytes("UTF-8") : that.appNameBytes); } catch (UnsupportedEncodingException e) { // Won't happen } return Arrays.equals(myBytes, bytes); } return false; }
private void init(GSSManagerImpl gssManager, Object appName, Oid appNameType, Oid mech) throws GSSException { this.gssManager = gssManager; this.elements = new HashMap<Oid, GSSNameSpi>(gssManager.getMechs().length); if (appName instanceof String) { this.appNameStr = (String) appName; /* * If appNameType is null, then the nametype for this printable * string is determined only by interrogating the * mechanism. Thus, defer the setting of printableName and * printableNameType till later. */ if (appNameType != null) { printableName = appNameStr; printableNameType = appNameType; } } else { this.appNameBytes = (byte[]) appName; } this.appNameType = appNameType; mechElement = getElement(mech); /* * printableName will be null if appName was in a byte[] or if * appName was in a String but appNameType was null. */ if (printableName == null) { printableName = mechElement.toString(); printableNameType = mechElement.getStringNameType(); } /* * At this point the GSSNameImpl has the following set: * appNameStr or appNameBytes * appNameType (could be null) * printableName * printableNameType * mechElement (which also exists in the hashmap of elements) */ }
public void acceptSecContext(InputStream inStream, OutputStream outStream) throws GSSException { if (mechCtxt != null && currentState != IN_PROGRESS) { throw new GSSExceptionImpl(GSSException.FAILURE, "Illegal call to acceptSecContext"); } GSSHeader gssHeader = null; int inTokenLen = -1; GSSCredentialSpi credElement = null; try { if (mechCtxt == null) { // mechOid will be null for an acceptor's context gssHeader = new GSSHeader(inStream); inTokenLen = gssHeader.getMechTokenLength(); /* * Convert ObjectIdentifier to Oid */ objId = gssHeader.getOid(); mechOid = new Oid(objId.toString()); // System.out.println("Entered GSSContextImpl.acceptSecContext" // + " with mechanism = " + mechOid); if (myCred != null) { credElement = myCred.getElement(mechOid, false); } mechCtxt = gssManager.getMechanismContext(credElement, mechOid); mechCtxt.setChannelBinding(channelBindings); currentState = IN_PROGRESS; } else { if (mechCtxt.getProvider().getName().equals("SunNativeGSS") || (GSSUtil.isSpNegoMech(mechOid))) { // do not parse GSS header for native provider and SPNEGO } else { // parse GSS Header gssHeader = new GSSHeader(inStream); if (!gssHeader.getOid().equals((Object) objId)) throw new GSSExceptionImpl( GSSException.DEFECTIVE_TOKEN, "Mechanism not equal to " + mechOid.toString() + " in acceptSecContext token"); inTokenLen = gssHeader.getMechTokenLength(); } } byte[] obuf = mechCtxt.acceptSecContext(inStream, inTokenLen); if (obuf != null) { int retVal = obuf.length; if (mechCtxt.getProvider().getName().equals("SunNativeGSS") || (GSSUtil.isSpNegoMech(mechOid))) { // do not add GSS header for native provider and SPNEGO } else { // add GSS header gssHeader = new GSSHeader(objId, obuf.length); retVal += gssHeader.encode(outStream); } outStream.write(obuf); } if (mechCtxt.isEstablished()) { currentState = READY; } } catch (IOException e) { throw new GSSExceptionImpl(GSSException.DEFECTIVE_TOKEN, e.getMessage()); } }
public int initSecContext(InputStream inStream, OutputStream outStream) throws GSSException { if (mechCtxt != null && currentState != IN_PROGRESS) { throw new GSSExceptionImpl(GSSException.FAILURE, "Illegal call to initSecContext"); } GSSHeader gssHeader = null; int inTokenLen = -1; GSSCredentialSpi credElement = null; boolean firstToken = false; try { if (mechCtxt == null) { if (myCred != null) { try { credElement = myCred.getElement(mechOid, true); } catch (GSSException ge) { if (GSSUtil.isSpNegoMech(mechOid) && ge.getMajor() == GSSException.NO_CRED) { credElement = myCred.getElement(myCred.getMechs()[0], true); } else { throw ge; } } } GSSNameSpi nameElement = targName.getElement(mechOid); mechCtxt = gssManager.getMechanismContext(nameElement, credElement, reqLifetime, mechOid); mechCtxt.requestConf(reqConfState); mechCtxt.requestInteg(reqIntegState); mechCtxt.requestCredDeleg(reqCredDelegState); mechCtxt.requestMutualAuth(reqMutualAuthState); mechCtxt.requestReplayDet(reqReplayDetState); mechCtxt.requestSequenceDet(reqSequenceDetState); mechCtxt.requestAnonymity(reqAnonState); mechCtxt.setChannelBinding(channelBindings); mechCtxt.requestDelegPolicy(reqDelegPolicyState); objId = new ObjectIdentifier(mechOid.toString()); currentState = IN_PROGRESS; firstToken = true; } else { if (mechCtxt.getProvider().getName().equals("SunNativeGSS") || GSSUtil.isSpNegoMech(mechOid)) { // do not parse GSS header for native provider or SPNEGO // mech } else { // parse GSS header gssHeader = new GSSHeader(inStream); if (!gssHeader.getOid().equals((Object) objId)) throw new GSSExceptionImpl( GSSException.DEFECTIVE_TOKEN, "Mechanism not equal to " + mechOid.toString() + " in initSecContext token"); inTokenLen = gssHeader.getMechTokenLength(); } } byte[] obuf = mechCtxt.initSecContext(inStream, inTokenLen); int retVal = 0; if (obuf != null) { retVal = obuf.length; if (mechCtxt.getProvider().getName().equals("SunNativeGSS") || (!firstToken && GSSUtil.isSpNegoMech(mechOid))) { // do not add GSS header for native provider or SPNEGO // except for the first SPNEGO token } else { // add GSS header gssHeader = new GSSHeader(objId, obuf.length); retVal += gssHeader.encode(outStream); } outStream.write(obuf); } if (mechCtxt.isEstablished()) currentState = READY; return retVal; } catch (IOException e) { throw new GSSExceptionImpl(GSSException.DEFECTIVE_TOKEN, e.getMessage()); } }
/** * Creates a GSSContextImpl out of a previously exported GSSContext. * * @see #isTransferable */ public GSSContextImpl(GSSManagerImpl gssManager, byte[] interProcessToken) throws GSSException { this.gssManager = gssManager; mechCtxt = gssManager.getMechanismContext(interProcessToken); initiator = mechCtxt.isInitiator(); this.mechOid = mechCtxt.getMech(); }