/*
 * Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.  Oracle designates this
 * particular file as subject to the "Classpath" exception as provided
 * by Oracle in the LICENSE file that accompanied this code.
 *
 * This code is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * version 2 for more details (a copy is included in the LICENSE file that
 * accompanied this code).
 *
 * You should have received a copy of the GNU General Public License version
 * 2 along with this work; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 * or visit www.oracle.com if you need additional information or have any
 * questions.
 */

package sun.security.jgss.krb5;

import org.ietf.jgss.*;
import sun.security.jgss.*;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.IOException;
import java.io.ByteArrayOutputStream;
import java.util.Arrays;
import sun.security.krb5.Confounder;

This class represents the new format of GSS tokens, as specified in RFC 4121, emitted by the GSSContext.wrap() call. It is a MessageToken except that it also contains plaintext or encrypted data at the end. A WrapToken has certain other rules that are peculiar to it and different from a MICToken, which is another type of MessageToken. All data in a WrapToken is prepended by a random confounder of 16 bytes. Thus, all application data is replaced by (confounder || data || tokenHeader || checksum).
Author:Seema Malkani
/** * This class represents the new format of GSS tokens, as specified in RFC * 4121, emitted by the GSSContext.wrap() call. It is a MessageToken except * that it also contains plaintext or encrypted data at the end. A WrapToken * has certain other rules that are peculiar to it and different from a * MICToken, which is another type of MessageToken. All data in a WrapToken is * prepended by a random confounder of 16 bytes. Thus, all application data * is replaced by (confounder || data || tokenHeader || checksum). * * @author Seema Malkani */
class WrapToken_v2 extends MessageToken_v2 { // Accessed by CipherHelper byte[] confounder = null; private final boolean privacy;
Constructs a WrapToken from token bytes obtained from the peer.
Params:
  • context – the mechanism context associated with this token
  • tokenBytes – the bytes of the token
  • tokenOffset – the offset of the token
  • tokenLen – the length of the token
  • prop – the MessageProp into which characteristics of the parsed token will be stored.
Throws:
/** * Constructs a WrapToken from token bytes obtained from the * peer. * @param context the mechanism context associated with this * token * @param tokenBytes the bytes of the token * @param tokenOffset the offset of the token * @param tokenLen the length of the token * @param prop the MessageProp into which characteristics of the * parsed token will be stored. * @throws GSSException if the token is defective */
public WrapToken_v2(Krb5Context context, byte[] tokenBytes, int tokenOffset, int tokenLen, MessageProp prop) throws GSSException { super(Krb5Token.WRAP_ID_v2, context, tokenBytes, tokenOffset, tokenLen, prop); this.privacy = prop.getPrivacy(); }
Constructs a WrapToken from token bytes read on the fly from an InputStream.
Params:
  • context – the mechanism context associated with this token
  • is – the InputStream containing the token bytes
  • prop – the MessageProp into which characteristics of the parsed token will be stored.
Throws:
  • GSSException – if the token is defective or if there is a problem reading from the InputStream
/** * Constructs a WrapToken from token bytes read on the fly from * an InputStream. * @param context the mechanism context associated with this * token * @param is the InputStream containing the token bytes * @param prop the MessageProp into which characteristics of the * parsed token will be stored. * @throws GSSException if the token is defective or if there is * a problem reading from the InputStream */
public WrapToken_v2(Krb5Context context, InputStream is, MessageProp prop) throws GSSException { super(Krb5Token.WRAP_ID_v2, context, is, prop); this.privacy = prop.getPrivacy(); }
Obtains the application data that was transmitted in this WrapToken.
Throws:
  • GSSException – if an error occurs while decrypting any cipher text and checking for validity
Returns:a byte array containing the application data
/** * Obtains the application data that was transmitted in this * WrapToken. * @return a byte array containing the application data * @throws GSSException if an error occurs while decrypting any * cipher text and checking for validity */
public byte[] getData() throws GSSException { byte[] temp = new byte[tokenDataLen]; int len = getData(temp, 0); return Arrays.copyOf(temp, len); }
Obtains the application data that was transmitted in this WrapToken, writing it into an application provided output array.
Params:
  • dataBuf – the output buffer into which the data must be written
  • dataBufOffset – the offset at which to write the data
Throws:
  • GSSException – if an error occurs while decrypting any cipher text and checking for validity
Returns:the size of the data written
/** * Obtains the application data that was transmitted in this * WrapToken, writing it into an application provided output * array. * @param dataBuf the output buffer into which the data must be * written * @param dataBufOffset the offset at which to write the data * @return the size of the data written * @throws GSSException if an error occurs while decrypting any * cipher text and checking for validity */
public int getData(byte[] dataBuf, int dataBufOffset) throws GSSException { // debug("WrapToken cons: data is token is [" + // getHexBytes(tokenBytes, tokenOffset, tokenLen) + "]\n"); // Do decryption if this token was privacy protected. if (privacy) { // decrypt data cipherHelper.decryptData(this, tokenData, 0, tokenDataLen, dataBuf, dataBufOffset, getKeyUsage()); return tokenDataLen - CONFOUNDER_SIZE - TOKEN_HEADER_SIZE - cipherHelper.getChecksumLength(); } else { // Token data is in cleartext // debug("\t\tNo encryption was performed by peer.\n"); // data int data_length = tokenDataLen - cipherHelper.getChecksumLength(); System.arraycopy(tokenData, 0, dataBuf, dataBufOffset, data_length); // debug("\t\tData is: " + getHexBytes(dataBuf, data_length)); /* * Make sure checksum is not corrupt */ if (!verifySign(dataBuf, dataBufOffset, data_length)) { throw new GSSException(GSSException.BAD_MIC, -1, "Corrupt checksum in Wrap token"); } return data_length; } }
Writes a WrapToken_v2 object
/** * Writes a WrapToken_v2 object */
public WrapToken_v2(Krb5Context context, MessageProp prop, byte[] dataBytes, int dataOffset, int dataLen) throws GSSException { super(Krb5Token.WRAP_ID_v2, context); confounder = Confounder.bytes(CONFOUNDER_SIZE); // debug("\nWrapToken cons: data to wrap is [" + // getHexBytes(confounder) + " " + // getHexBytes(dataBytes, dataOffset, dataLen) + "]\n"); genSignAndSeqNumber(prop, dataBytes, dataOffset, dataLen); /* * If the application decides to ask for privacy when the context * did not negotiate for it, do not provide it. The peer might not * have support for it. The app will realize this with a call to * pop.getPrivacy() after wrap(). */ if (!context.getConfState()) prop.setPrivacy(false); privacy = prop.getPrivacy(); if (!privacy) { // Wrap Tokens (without confidentiality) = // { 16 byte token_header | plaintext | 12-byte HMAC } // where HMAC is on { plaintext | token_header } tokenData = new byte[dataLen + checksum.length]; System.arraycopy(dataBytes, dataOffset, tokenData, 0, dataLen); System.arraycopy(checksum, 0, tokenData, dataLen, checksum.length); } else { // Wrap Tokens (with confidentiality) = // { 16 byte token_header | // Encrypt(16-byte confounder | plaintext | token_header) | // 12-byte HMAC } tokenData = cipherHelper.encryptData(this, confounder, getTokenHeader(), dataBytes, dataOffset, dataLen, getKeyUsage()); } } public void encode(OutputStream os) throws IOException { encodeHeader(os); os.write(tokenData); } public byte[] encode() throws IOException { ByteArrayOutputStream bos = new ByteArrayOutputStream( MessageToken_v2.TOKEN_HEADER_SIZE + tokenData.length); encode(bos); return bos.toByteArray(); } public int encode(byte[] outToken, int offset) throws IOException { byte[] token = encode(); System.arraycopy(token, 0, outToken, offset, token.length); return token.length; } // This implementation is way to conservative. And it certainly // doesn't return the maximum limit. static int getSizeLimit(int qop, boolean confReq, int maxTokenSize, CipherHelper ch) throws GSSException { return (GSSHeader.getMaxMechTokenSize(OID, maxTokenSize) - (TOKEN_HEADER_SIZE + ch.getChecksumLength() + CONFOUNDER_SIZE) - 8 /* safety */); } }