0N/A/*
4152N/A * Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved.
0N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
0N/A *
0N/A * This code is free software; you can redistribute it and/or modify it
0N/A * under the terms of the GNU General Public License version 2 only, as
2362N/A * published by the Free Software Foundation. Oracle designates this
0N/A * particular file as subject to the "Classpath" exception as provided
2362N/A * by Oracle in the LICENSE file that accompanied this code.
0N/A *
0N/A * This code is distributed in the hope that it will be useful, but WITHOUT
0N/A * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
0N/A * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
0N/A * version 2 for more details (a copy is included in the LICENSE file that
0N/A * accompanied this code).
0N/A *
0N/A * You should have received a copy of the GNU General Public License version
0N/A * 2 along with this work; if not, write to the Free Software Foundation,
0N/A * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
0N/A *
2362N/A * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
2362N/A * or visit www.oracle.com if you need additional information or have any
2362N/A * questions.
0N/A */
0N/A
0N/Apackage sun.security.jgss.spnego;
0N/A
0N/Aimport java.io.*;
0N/Aimport java.util.*;
0N/Aimport org.ietf.jgss.*;
0N/Aimport sun.security.jgss.*;
0N/Aimport sun.security.util.*;
0N/A
0N/A/**
0N/A * Implements the SPNEGO NegTokenInit token
0N/A * as specified in RFC 2478
0N/A *
0N/A * NegTokenInit ::= SEQUENCE {
0N/A * mechTypes [0] MechTypeList OPTIONAL,
0N/A * reqFlags [1] ContextFlags OPTIONAL,
0N/A * mechToken [2] OCTET STRING OPTIONAL,
0N/A * mechListMIC [3] OCTET STRING OPTIONAL
0N/A * }
0N/A *
0N/A * MechTypeList ::= SEQUENCE OF MechType
0N/A *
0N/A * MechType::= OBJECT IDENTIFIER
0N/A *
0N/A * ContextFlags ::= BIT STRING {
0N/A * delegFlag (0),
0N/A * mutualFlag (1),
0N/A * replayFlag (2),
0N/A * sequenceFlag (3),
0N/A * anonFlag (4),
0N/A * confFlag (5),
0N/A * integFlag (6)
0N/A * }
0N/A *
0N/A * @author Seema Malkani
0N/A * @since 1.6
0N/A */
0N/A
0N/Apublic class NegTokenInit extends SpNegoToken {
0N/A
0N/A // DER-encoded mechTypes
0N/A private byte[] mechTypes = null;
0N/A private Oid[] mechTypeList = null;
0N/A
949N/A private BitArray reqFlags = null;
0N/A private byte[] mechToken = null;
0N/A private byte[] mechListMIC = null;
0N/A
949N/A NegTokenInit(byte[] mechTypes, BitArray flags,
0N/A byte[] token, byte[] mechListMIC)
0N/A {
0N/A super(NEG_TOKEN_INIT_ID);
0N/A this.mechTypes = mechTypes;
0N/A this.reqFlags = flags;
0N/A this.mechToken = token;
0N/A this.mechListMIC = mechListMIC;
0N/A }
0N/A
0N/A // Used by sun.security.jgss.wrapper.NativeGSSContext
0N/A // to parse SPNEGO tokens
0N/A public NegTokenInit(byte[] in) throws GSSException {
0N/A super(NEG_TOKEN_INIT_ID);
0N/A parseToken(in);
0N/A }
0N/A
0N/A final byte[] encode() throws GSSException {
0N/A try {
0N/A // create negInitToken
0N/A DerOutputStream initToken = new DerOutputStream();
0N/A
0N/A // DER-encoded mechTypes with CONTEXT 00
0N/A if (mechTypes != null) {
0N/A initToken.write(DerValue.createTag(DerValue.TAG_CONTEXT,
0N/A true, (byte) 0x00), mechTypes);
0N/A }
0N/A
0N/A // write context flags with CONTEXT 01
0N/A if (reqFlags != null) {
0N/A DerOutputStream flags = new DerOutputStream();
949N/A flags.putUnalignedBitString(reqFlags);
0N/A initToken.write(DerValue.createTag(DerValue.TAG_CONTEXT,
0N/A true, (byte) 0x01), flags);
0N/A }
0N/A
0N/A // mechToken with CONTEXT 02
0N/A if (mechToken != null) {
0N/A DerOutputStream dataValue = new DerOutputStream();
0N/A dataValue.putOctetString(mechToken);
0N/A initToken.write(DerValue.createTag(DerValue.TAG_CONTEXT,
0N/A true, (byte) 0x02), dataValue);
0N/A }
0N/A
0N/A // mechListMIC with CONTEXT 03
0N/A if (mechListMIC != null) {
0N/A if (DEBUG) {
0N/A System.out.println("SpNegoToken NegTokenInit: " +
0N/A "sending MechListMIC");
0N/A }
0N/A DerOutputStream mic = new DerOutputStream();
0N/A mic.putOctetString(mechListMIC);
0N/A initToken.write(DerValue.createTag(DerValue.TAG_CONTEXT,
0N/A true, (byte) 0x03), mic);
0N/A }
0N/A
0N/A // insert in a SEQUENCE
0N/A DerOutputStream out = new DerOutputStream();
0N/A out.write(DerValue.tag_Sequence, initToken);
0N/A
0N/A return out.toByteArray();
0N/A
0N/A } catch (IOException e) {
0N/A throw new GSSException(GSSException.DEFECTIVE_TOKEN, -1,
0N/A "Invalid SPNEGO NegTokenInit token : " + e.getMessage());
0N/A }
0N/A }
0N/A
0N/A private void parseToken(byte[] in) throws GSSException {
0N/A try {
0N/A DerValue der = new DerValue(in);
0N/A // verify NegotiationToken type token
0N/A if (!der.isContextSpecific((byte) NEG_TOKEN_INIT_ID)) {
0N/A throw new IOException("SPNEGO NegoTokenInit : " +
0N/A "did not have right token type");
0N/A }
0N/A DerValue tmp1 = der.data.getDerValue();
0N/A if (tmp1.tag != DerValue.tag_Sequence) {
0N/A throw new IOException("SPNEGO NegoTokenInit : " +
0N/A "did not have the Sequence tag");
0N/A }
0N/A
4152N/A // parse various fields if present
4152N/A int lastField = -1;
4152N/A while (tmp1.data.available() > 0) {
0N/A DerValue tmp2 = tmp1.data.getDerValue();
4152N/A if (tmp2.isContextSpecific((byte)0x00)) {
4152N/A // get the DER-encoded sequence of mechTypes
4152N/A lastField = checkNextField(lastField, 0);
4152N/A DerInputStream mValue = tmp2.data;
4152N/A mechTypes = mValue.toByteArray();
0N/A
4152N/A // read all the mechTypes
4152N/A DerValue[] mList = mValue.getSequence(0);
4152N/A mechTypeList = new Oid[mList.length];
4152N/A ObjectIdentifier mech = null;
4152N/A for (int i = 0; i < mList.length; i++) {
4152N/A mech = mList[i].getOID();
4152N/A if (DEBUG) {
4152N/A System.out.println("SpNegoToken NegTokenInit: " +
4152N/A "reading Mechanism Oid = " + mech);
4152N/A }
4152N/A mechTypeList[i] = new Oid(mech.toString());
4152N/A }
4152N/A } else if (tmp2.isContextSpecific((byte)0x01)) {
4152N/A lastField = checkNextField(lastField, 1);
4152N/A // received reqFlags, skip it
4152N/A } else if (tmp2.isContextSpecific((byte)0x02)) {
4152N/A lastField = checkNextField(lastField, 2);
0N/A if (DEBUG) {
0N/A System.out.println("SpNegoToken NegTokenInit: " +
4152N/A "reading Mech Token");
0N/A }
4152N/A mechToken = tmp2.data.getOctetString();
4152N/A } else if (tmp2.isContextSpecific((byte)0x03)) {
4152N/A lastField = checkNextField(lastField, 3);
4152N/A if (!GSSUtil.useMSInterop()) {
4152N/A mechListMIC = tmp2.data.getOctetString();
4152N/A if (DEBUG) {
4152N/A System.out.println("SpNegoToken NegTokenInit: " +
4152N/A "MechListMIC Token = " +
4152N/A getHexBytes(mechListMIC));
4152N/A }
0N/A }
0N/A }
0N/A }
0N/A } catch (IOException e) {
0N/A throw new GSSException(GSSException.DEFECTIVE_TOKEN, -1,
0N/A "Invalid SPNEGO NegTokenInit token : " + e.getMessage());
0N/A }
0N/A }
0N/A
0N/A byte[] getMechTypes() {
0N/A return mechTypes;
0N/A }
0N/A
0N/A // Used by sun.security.jgss.wrapper.NativeGSSContext
0N/A // to find the mechs in SPNEGO tokens
0N/A public Oid[] getMechTypeList() {
0N/A return mechTypeList;
0N/A }
0N/A
949N/A BitArray getReqFlags() {
0N/A return reqFlags;
0N/A }
0N/A
0N/A // Used by sun.security.jgss.wrapper.NativeGSSContext
0N/A // to access the mech token portion of SPNEGO tokens
0N/A public byte[] getMechToken() {
0N/A return mechToken;
0N/A }
0N/A
0N/A byte[] getMechListMIC() {
0N/A return mechListMIC;
0N/A }
0N/A
0N/A}