@Override public byte[] unwrap(byte[] incoming, int offset, int len) throws SaslException { MessageProp prop = new MessageProp(0, confidential); try { byte[] response = gssContext.unwrap(incoming, offset, len, prop); saslGssapi.tracef("Unwrapping message of length '%d' resulting message of length '%d'", len, response.length); return response; } catch (GSSException e) { throw saslGssapi.mechUnableToUnwrapMessage(e).toSaslException(); } }
protected void doWith(GSSContext context, Transport.Connection conn) throws Exception { //if (context.getMutualAuthState()) { // System.out.println("Mutual authentication took place!"); //} MessageProp prop = new MessageProp(0, false); byte[] token = conn.recvToken(); byte[] bytes = context.unwrap(token, 0, token.length, prop); //String str = new String(bytes, StandardCharsets.UTF_8); // System.out.println("Received data \"" // + str + "\" of length " + str.length()); //System.out.println("Confidentiality applied: " // + prop.getPrivacy()); prop.setQOP(0); token = context.getMIC(bytes, 0, bytes.length, prop); //System.out.println("Will send MIC token of size " //+ token.length); conn.sendToken(token); }
if (prop.getQOP() != 0 && prop.getQOP() != GSSConstants.GSI_BIG) { throw new GSSException(GSSException.BAD_QOP); doGSIWrap = (!prop.getPrivacy() && prop.getQOP() == GSSConstants.GSI_BIG); prop.setPrivacy(this.encryption); prop.setQOP(0);
protected void calcPrivacyInfo(MessageProp prop, byte[] confounder, byte[] data, int dataOffset, int dataLength, int paddingLen) throws GSSException { prop.setQOP(0); if (!confState) { prop.setPrivacy(false); } checkSum = calcCheckSum(confounder, commHeader, data, dataOffset, dataLength, paddingLen); encryptSequenceNumber(); }
public WrapTokenV1(GssContext context, byte[] inMsg, int msgOffset, int msgLength, MessageProp prop) throws GSSException { super(TOKEN_WRAP_V1, context); paddingLen = getPaddingLength(msgLength); confounder = Random.makeBytes(CONFOUNDER_SIZE); tokenBodyLen = CONFOUNDER_SIZE + msgLength + paddingLen; calcPrivacyInfo(prop, confounder, inMsg, msgOffset, msgLength, paddingLen); if (!context.getConfState()) { prop.setPrivacy(false); } privacy = prop.getPrivacy(); inData = inMsg; inOffset = msgOffset; inLen = msgLength; }
/** * Generate a message integrity check for a given received message. * @param context GSSContext for which a connection has been established to the remote peer * @param prop the MessageProp used for exchanging messages * @param message the bytes of the received message * @return the bytes of the message integrity check (like a checksum) that is * sent to a peer for verifying that the message was received correctly */ @Function public static byte[] generateMIC(GSSContext context, MessageProp prop, byte[] message) { try { // Ensure the default Quality-of-Protection is applied. prop.setQOP(0); byte[] initialToken = context.getMIC(message, 0, message.length, prop); return getTokenWithLengthPrefix(initialToken); } catch (GSSException ex) { throw new RuntimeException("Exception generating MIC for message", ex); } }
public void generateCheckSum(MessageProp prop, byte[] data, int offset, int len) throws GSSException { // generate token header createTokenHeader(prop.getPrivacy()); if (tokenType == TOKEN_MIC_V2 || !prop.getPrivacy() && tokenType == TOKEN_WRAP_V2) { checkSum = getCheckSum(data, offset, len); } if (!prop.getPrivacy() && tokenType == TOKEN_WRAP_V2) { header[4] = (byte) (checkSum.length >>> 8); header[5] = (byte) (checkSum.length & 0xFF); } }
private void reconstructInitializaion(int tokenType, GssContext context, MessageProp prop, InputStream is) throws GSSException { initialize(tokenType, context, true); if (!confState) { prop.setPrivacy(false); } try { gssHeader = new GSSHeader(is); } catch (IOException e) { throw new GSSException(GSSException.DEFECTIVE_TOKEN, -1, "Invalid token:" + e.getMessage()); } if (!gssHeader.getOid().equals((Object) objId)) { throw new GSSException(GSSException.DEFECTIVE_TOKEN, -1, "Invalid token OID"); } reconstructTokenHeader(is, prop); }
if (prop.getQOP() != 0 && prop.getQOP() != GSSConstants.GSI_BIG) { throw new GSSException(GSSException.BAD_QOP); doGSIWrap = (!prop.getPrivacy() && prop.getQOP() == GSSConstants.GSI_BIG); prop.setPrivacy(this.encryption); prop.setQOP(0);
private void initTokenHeader(byte[] tokenBytes, MessageProp prop) throws GSSException { int tokenIDRecv = (((int) tokenBytes[0]) << 8) + tokenBytes[1]; if (tokenType != tokenIDRecv) { throw new GSSException(GSSException.DEFECTIVE_TOKEN, -1, "Token ID should be " + tokenType + " instead of " + tokenIDRecv); } sgnAlg = (((int) tokenBytes[2]) << 8) + tokenBytes[3]; sealAlg = (((int) tokenBytes[4]) << 8) + tokenBytes[5]; if (tokenBytes[6] != (byte) 0xFF || tokenBytes[7] != (byte) 0xFF) { throw new GSSException(GSSException.DEFECTIVE_TOKEN, -1, "Invalid token head filler"); } prop.setQOP(0); prop.setPrivacy(sealAlg != SEAL_ALG_NONE); }
prop.setPrivacy(false); if (tokenType == TOKEN_WRAP_V2 && prop.getPrivacy()) { minSize = CONFOUNDER_SIZE + TOKEN_HEADER_SIZE + encryptor.getCheckSumSize(); } else { || tokenType == TOKEN_WRAP_V2 && !prop.getPrivacy()) { int checksumLen = encryptor.getCheckSumSize();
/** * Get plain text data from token bytes * @param outBuffer * @param offset * @return plain text contained in the wrap token * @throws GSSException */ public byte[] unwrap(byte[] outBuffer, int offset) throws GSSException { int lenToCopy; if (prop.getPrivacy()) { byte[] plainText = encryptor.decryptData(tokenData, getKeyUsage()); lenToCopy = plainText.length - TOKEN_HEADER_SIZE; if (outBuffer == null) { outBuffer = new byte[lenToCopy]; offset = 0; } System.arraycopy(plainText, 0, outBuffer, offset, lenToCopy); } else { lenToCopy = tokenData.length - encryptor.getCheckSumSize(); if (outBuffer == null) { outBuffer = new byte[lenToCopy]; offset = 0; } System.arraycopy(tokenData, 0, outBuffer, offset, lenToCopy); if (!verifyCheckSum(outBuffer, offset, lenToCopy)) { throw new GSSException(GSSException.BAD_MIC, -1, "Corrupt token checksum"); } } return outBuffer; }
@Override public byte[] wrap(byte[] outgoing, int offset, int len) throws SaslException { MessageProp prop = new MessageProp(0, confidential); try { byte[] response = gssContext.wrap(outgoing, offset, len, prop); saslGssapi.tracef("Wrapping message of length '%d' resulting message of length '%d'", len, response.length); return response; } catch (GSSException e) { throw saslGssapi.mechUnableToWrapMessage(e).toSaslException(); } }
WrapTokenV2(GssContext context, byte[] data, int dataOffset, int dataLength, MessageProp messageProp) throws GSSException { super(TOKEN_WRAP_V2, context); prop = messageProp; if (prop.getQOP() != 0) { prop.setQOP(0); } if (!context.getConfState()) { prop.setPrivacy(false); } generateCheckSum(prop, data, dataOffset, dataLength); if (prop.getPrivacy()) { byte[] toProcess = new byte[dataLength + TOKEN_HEADER_SIZE]; System.arraycopy(data, dataOffset, toProcess, 0, dataLength); encodeHeader(toProcess, dataLength); tokenData = encryptor.encryptData(toProcess, getKeyUsage()); } else { tokenData = data; // keep it for now } }
prop.setPrivacy(this.encryption); prop.setQOP(0);
private void getRawData(MessageProp prop) throws GSSException { privacy = prop.getPrivacy(); tokenBodyLen = getGssHeader().getMechTokenLength() - getTokenHeaderSize(); if (bodyLen < tokenBodyLen) { throw new GSSException(GSSException.FAILURE, -1, "Insufficient data for Wrap token V1"); } if (privacy) { rawData = encryptor.encryptTokenV1(null, bodyData, bodyOffset, tokenBodyLen, 0, encryptor.isArcFourHmac() ? getPlainSequenceBytes() : null, false); paddingLen = rawData[rawData.length - 1]; rawDataOffset = CONFOUNDER_SIZE; } else { rawData = bodyData; paddingLen = bodyData[bodyOffset + tokenBodyLen - 1]; rawDataOffset = bodyOffset + CONFOUNDER_SIZE; } rawDataLength = tokenBodyLen - CONFOUNDER_SIZE - paddingLen; verifyToken(null, rawData, rawDataOffset - CONFOUNDER_SIZE, tokenBodyLen, 0); }
assert gssContext.isEstablished(); MessageProp msgProp = new MessageProp(0, false); try { byte[] unwrapped = gssContext.unwrap(message, 0, message.length, msgProp); msgProp = new MessageProp(0, false); response = gssContext.wrap(response, 0, response.length, msgProp);
prop.setPrivacy(this.encryption); prop.setQOP(0);
MessageProp msgProp = new MessageProp(0, false); response = gssContext.wrap(response, 0, 4, msgProp); } catch (GSSException e) { MessageProp msgProp = new MessageProp(0, false); byte[] unwrapped; try {
prop.setPrivacy(true); } else { prop.setPrivacy(false); prop.setQOP(0); sequenceNumber = (int) BytesUtil.bytes2long(header, 0, true); } catch (IOException e) {