Path: blob/master/src/java.security.jgss/share/classes/sun/security/jgss/spnego/NegTokenTarg.java
41161 views
/*1* Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation. Oracle designates this7* particular file as subject to the "Classpath" exception as provided8* by Oracle in the LICENSE file that accompanied this code.9*10* This code is distributed in the hope that it will be useful, but WITHOUT11* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or12* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License13* version 2 for more details (a copy is included in the LICENSE file that14* accompanied this code).15*16* You should have received a copy of the GNU General Public License version17* 2 along with this work; if not, write to the Free Software Foundation,18* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.19*20* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA21* or visit www.oracle.com if you need additional information or have any22* questions.23*/2425package sun.security.jgss.spnego;2627import java.io.*;28import org.ietf.jgss.*;29import sun.security.jgss.*;30import sun.security.util.*;3132/**33* Implements the SPNEGO NegTokenTarg token34* as specified in RFC 247835*36* NegTokenTarg ::= SEQUENCE {37* negResult [0] ENUMERATED {38* accept_completed (0),39* accept_incomplete (1),40* reject (2) } OPTIONAL,41* supportedMech [1] MechType OPTIONAL,42* responseToken [2] OCTET STRING OPTIONAL,43* mechListMIC [3] OCTET STRING OPTIONAL44* }45*46* MechType::= OBJECT IDENTIFIER47*48*49* @author Seema Malkani50* @since 1.651*/5253public class NegTokenTarg extends SpNegoToken {5455private int negResult = 0;56private Oid supportedMech = null;57private byte[] responseToken = null;58private byte[] mechListMIC = null;5960NegTokenTarg(int result, Oid mech, byte[] token, byte[] mechListMIC)61{62super(NEG_TOKEN_TARG_ID);63this.negResult = result;64this.supportedMech = mech;65this.responseToken = token;66this.mechListMIC = mechListMIC;67}6869// Used by sun.security.jgss.wrapper.NativeGSSContext70// to parse SPNEGO tokens71public NegTokenTarg(byte[] in) throws GSSException {72super(NEG_TOKEN_TARG_ID);73parseToken(in);74}7576final byte[] encode() throws GSSException {77try {78// create negTargToken79DerOutputStream targToken = new DerOutputStream();8081// write the negotiated result with CONTEXT 0082DerOutputStream result = new DerOutputStream();83result.putEnumerated(negResult);84targToken.write(DerValue.createTag(DerValue.TAG_CONTEXT,85true, (byte) 0x00), result);8687// supportedMech with CONTEXT 0188if (supportedMech != null) {89DerOutputStream mech = new DerOutputStream();90byte[] mechType = supportedMech.getDER();91mech.write(mechType);92targToken.write(DerValue.createTag(DerValue.TAG_CONTEXT,93true, (byte) 0x01), mech);94}9596// response Token with CONTEXT 0297if (responseToken != null) {98DerOutputStream rspToken = new DerOutputStream();99rspToken.putOctetString(responseToken);100targToken.write(DerValue.createTag(DerValue.TAG_CONTEXT,101true, (byte) 0x02), rspToken);102}103104// mechListMIC with CONTEXT 03105if (mechListMIC != null) {106if (DEBUG) {107System.out.println("SpNegoToken NegTokenTarg: " +108"sending MechListMIC");109}110DerOutputStream mic = new DerOutputStream();111mic.putOctetString(mechListMIC);112targToken.write(DerValue.createTag(DerValue.TAG_CONTEXT,113true, (byte) 0x03), mic);114}115116// insert in a SEQUENCE117DerOutputStream out = new DerOutputStream();118out.write(DerValue.tag_Sequence, targToken);119120return out.toByteArray();121122} catch (IOException e) {123throw new GSSException(GSSException.DEFECTIVE_TOKEN, -1,124"Invalid SPNEGO NegTokenTarg token : " + e.getMessage());125}126}127128private void parseToken(byte[] in) throws GSSException {129try {130DerValue der = new DerValue(in);131// verify NegotiationToken type token132if (!der.isContextSpecific((byte) NEG_TOKEN_TARG_ID)) {133throw new IOException("SPNEGO NegoTokenTarg : " +134"did not have the right token type");135}136DerValue tmp1 = der.data.getDerValue();137if (tmp1.tag != DerValue.tag_Sequence) {138throw new IOException("SPNEGO NegoTokenTarg : " +139"did not have the Sequence tag");140}141142// parse various fields if present143int lastField = -1;144while (tmp1.data.available() > 0) {145DerValue tmp2 = tmp1.data.getDerValue();146if (tmp2.isContextSpecific((byte)0x00)) {147lastField = checkNextField(lastField, 0);148negResult = tmp2.data.getEnumerated();149if (DEBUG) {150System.out.println("SpNegoToken NegTokenTarg: negotiated" +151" result = " + getNegoResultString(negResult));152}153} else if (tmp2.isContextSpecific((byte)0x01)) {154lastField = checkNextField(lastField, 1);155ObjectIdentifier mech = tmp2.data.getOID();156supportedMech = new Oid(mech.toString());157if (DEBUG) {158System.out.println("SpNegoToken NegTokenTarg: " +159"supported mechanism = " + supportedMech);160}161} else if (tmp2.isContextSpecific((byte)0x02)) {162lastField = checkNextField(lastField, 2);163responseToken = tmp2.data.getOctetString();164} else if (tmp2.isContextSpecific((byte)0x03)) {165lastField = checkNextField(lastField, 3);166if (!GSSUtil.useMSInterop()) {167mechListMIC = tmp2.data.getOctetString();168if (DEBUG) {169System.out.println("SpNegoToken NegTokenTarg: " +170"MechListMIC Token = " +171getHexBytes(mechListMIC));172}173}174}175}176} catch (IOException e) {177throw new GSSException(GSSException.DEFECTIVE_TOKEN, -1,178"Invalid SPNEGO NegTokenTarg token : " + e.getMessage());179}180}181182int getNegotiatedResult() {183return negResult;184}185186// Used by sun.security.jgss.wrapper.NativeGSSContext187// to find the supported mech in SPNEGO tokens188public Oid getSupportedMech() {189return supportedMech;190}191192byte[] getResponseToken() {193return responseToken;194}195196byte[] getMechListMIC() {197return mechListMIC;198}199}200201202