File Doc Category Size Date Package
GSSUtils.java API Doc Glassfish v2 API 18396 Fri May 04 22:34:58 BST 2007 com.sun.enterprise.iiop.security

GSSUtils

java.lang.Object

public class GSSUtils extends Object

Fields Summary
private static final Logger
_logger
public static final ObjectIdentifier
GSSUP_MECH_OID
public static final ObjectIdentifier
GSS_NT_EXPORT_NAME_OID
public static final ObjectIdentifier
GSS_NT_SCOPED_USERNAME_OID
Constructors Summary
Methods Summary
public static byte[] createExportedName(sun.security.util.ObjectIdentifier oid, byte[] extName)
byte[] oidDER = getDER(oid); int tokensize = 2 + 2 + oidDER.length + 4 + extName.length; byte[] token = new byte[tokensize]; // construct the Exported Name int pos = 0; token[0] = 0x04; token[1] = 0x01; token[2] = (byte)(oidDER.length & 0xFF00); token[3] = (byte)(oidDER.length & 0x00FF); pos = 4; System.arraycopy(oidDER, 0, token, pos, oidDER.length); pos += oidDER.length; int namelen = extName.length; token[pos++] = (byte)(namelen & 0xFF000000); token[pos++] = (byte)(namelen & 0x00FF0000); token[pos++] = (byte)(namelen & 0x0000FF00); token[pos++] = (byte)(namelen & 0x000000FF); System.arraycopy(extName, 0, token, pos, namelen); return token;
public static byte[] createMechIndToken(sun.security.util.ObjectIdentifier mechoid, byte[] mechtok)
byte [] deroid = getDER(mechoid); byte [] token = new byte[ 1 // for 0x60 + getDERLengthSize(deroid.length+mechtok.length) + deroid.length + mechtok.length]; if(_logger.isLoggable(Level.FINE)){ _logger.log(Level.FINE,"Going to create a mechanism independent token"); } int index=0; token[index++] = 0x60; index = writeDERLength(token, index, deroid.length + mechtok.length); System.arraycopy(deroid, 0, token, index, deroid.length); index += deroid.length; System.arraycopy(mechtok, 0, token, index, mechtok.length); if(_logger.isLoggable(Level.FINE)){ _logger.log(Level.FINE,"Mechanism independent token created: "); _logger.log(Level.FINE,dumpHex(token)); } return token;
public static java.lang.String dumpHex(byte[] octets)
int i ; // index ObjectIdentifier x = null; /* Construct an ObjectIdentifer by extracting each OID */ try { i = GSSUPMechOID.value.indexOf(':"); x = new ObjectIdentifier( GSSUPMechOID.value.substring(i+1)); } catch(IOException e) { x = null; _logger.log(Level.SEVERE,"iiop.IOexception",e); } GSSUP_MECH_OID = x; try { i = GSS_NT_Export_Name_OID.value.indexOf(':"); x = new ObjectIdentifier( GSS_NT_Export_Name_OID.value.substring(i+1)); } catch(IOException e) { x = null; _logger.log(Level.SEVERE,"iiop.IOexception",e); } GSS_NT_EXPORT_NAME_OID = x; try { i = GSS_NT_Scoped_Username_OID.value.indexOf(':"); x = new ObjectIdentifier( GSS_NT_Scoped_Username_OID.value.substring(i+1)); } catch(IOException e) { x = null; _logger.log(Level.SEVERE,"iiop.IOexception",e); } GSS_NT_SCOPED_USERNAME_OID = x; try { if(_logger.isLoggable(Level.FINE)) { _logger.log(Level.FINE,"GSSUP_MECH_OID: " + dumpHex(getDER(GSSUP_MECH_OID))); _logger.log(Level.FINE,"GSS_NT_EXPORT_NAME_OID: " + dumpHex(getDER(GSS_NT_EXPORT_NAME_OID))); _logger.log(Level.FINE,"GSS_NT_SCOPED_USERNAME_OID: " + dumpHex(getDER(GSS_NT_SCOPED_USERNAME_OID))); } } catch(IOException e) { _logger.log(Level.SEVERE,"iiop.IOexception",e); } StringBuffer result = new StringBuffer( "" ); for( int i = 0; i < octets.length; i++ ) { if( (i != 0) && ((i % 16) == 0) ) result.append( "\n " ); int b = octets[i]; if( b < 0 ) b = 256 + b; String hex = Integer.toHexString( b ); if( hex.length() == 1 ) { hex = "0" + hex; } result.append( hex + " " ); } return result.toString();
public static byte[] getDER(sun.security.util.ObjectIdentifier id)
if(_logger.isLoggable(Level.FINE)) { _logger.log(Level.FINE,"Returning OID in DER format"); _logger.log(Level.FINE," OID = " + id.toString()); } DerOutputStream dos = new DerOutputStream(); dos.putOID(id); byte[] oid = dos.toByteArray(); if(_logger.isLoggable(Level.FINE)) { _logger.log(Level.FINE," DER OID: " + dumpHex(oid)); } return oid;
static int getDERLengthSize(int length)
if (length < (1<<7)) return (1); else if (length < (1<<8)) return (2); else if (length < (1<<16)) return (3); else if (length < (1<<24)) return (4); else return (5);
public static byte[] getMechToken(sun.security.util.ObjectIdentifier oid, byte[] token)
byte[] mechtoken = null; if(_logger.isLoggable(Level.FINE)) { _logger.log(Level.FINE,"Received mechanism independent token: "); _logger.log(Level.FINE,dumpHex(token)); } try { int index = verifyTokenHeader(oid, token); int mechtoklen = token.length - index; mechtoken = new byte[mechtoklen]; System.arraycopy(token, index, mechtoken, 0, mechtoklen); if(_logger.isLoggable(Level.FINE)) { _logger.log(Level.FINE,"Mechanism specific token : "); _logger.log(Level.FINE,dumpHex(mechtoken)); } } catch(IOException e) { _logger.log(Level.SEVERE,"iiop.IOexception",e); } return mechtoken;
public static sun.security.util.ObjectIdentifier getOID(byte[] derOID)
DerInputStream dis = new DerInputStream(derOID); ObjectIdentifier oid = dis.getOID(); /* Note: getOID() method call generates an IOException * if derOID contains any malformed data */ return oid;
public static byte[] importName(sun.security.util.ObjectIdentifier oid, byte[] externalName)
if(_logger.isLoggable(Level.FINE)) { _logger.log(Level.FINE,"Attempting to import mechanism independent name"); _logger.log(Level.FINE,dumpHex(externalName)); } IOException e = new IOException("Invalid Name"); if (externalName[0] != 0x04) throw e; if (externalName[1] != 0x01) throw e; int mechoidlen = (((int)externalName[2]) << 8)+ externalName[3]; if(_logger.isLoggable(Level.FINE)) _logger.log(Level.FINE,"Mech OID length = " + mechoidlen); if (externalName.length < (4 + mechoidlen + 4)) throw e; /* get the mechanism OID and verify it is the same as oid * passed as an argument. */ byte[] deroid = new byte[mechoidlen]; System.arraycopy(externalName, 4, deroid, 0, mechoidlen); ObjectIdentifier oid1 = getOID(deroid); if ( ! oid1.equals(oid) ) throw e; int pos = 4 + mechoidlen; int namelen = (((int) externalName[pos]) << 24) + (((int) externalName[pos+1]) << 16) + (((int) externalName[pos+2]) << 8) + (((int) externalName[pos+3])); pos += 4; // start of the mechanism specific exported name if (externalName.length != (4 + mechoidlen + 4 + namelen)) throw e; byte[] name = new byte[externalName.length - pos]; System.arraycopy(externalName, pos, name, 0, externalName.length - pos); if(_logger.isLoggable(Level.FINE)) { _logger.log(Level.FINE,"Mechanism specific name:"); _logger.log(Level.FINE,dumpHex(name)); _logger.log(Level.FINE,"Successfully imported mechanism independent name"); } return name;
public static void main(java.lang.String[] args)
try { byte[] len = new byte[3]; len[0] = (byte) 0x82; len[1] = (byte) 0x01; len[2] = (byte) 0xd3; if(_logger.isLoggable(Level.FINE)) { _logger.log(Level.FINE,"Length byte array : " + dumpHex(len)); _logger.log(Level.FINE," Der length = " + readDERLength(len,0)); } String name = "default"; byte[] externalName = createExportedName(GSSUtils.GSSUP_MECH_OID, name.getBytes()); byte[] m = importName(GSSUtils.GSSUP_MECH_OID, externalName); if(_logger.isLoggable(Level.FINE)) _logger.log(Level.FINE,"BAR:" + new String(m)); String msg = "dummy_gss_export_sec_context" ; byte[] foo = createMechIndToken(GSSUtils.GSSUP_MECH_OID, msg.getBytes()); if(_logger.isLoggable(Level.FINE)) _logger.log(Level.FINE,"FOO:" + dumpHex(foo)); byte[] msg1 = getMechToken(GSSUtils.GSSUP_MECH_OID, foo); if(_logger.isLoggable(Level.FINE)) { _logger.log(Level.FINE,"BAR:" + dumpHex(msg1)); _logger.log(Level.FINE,"BAR string: " + new String(msg1)); } } catch(Exception e) { _logger.log(Level.SEVERE,"iiop.name_exception",e); }
static int readDERLength(byte[] token, int index)
byte sf; int ret = 0; int nooctets; sf = token[index++]; if ((sf & 0x80) == 0x80) { // value > 128 // bit 8 is 1 ; bits 0-7 of first bye is the number of octets nooctets = (sf & 0x7f) ; // remove the 8th bit for (; nooctets != 0; nooctets--) ret = (ret<<8) + (token[index++] & 0x00FF); } else ret = sf; return(ret);
public static boolean verifyMechOID(sun.security.util.ObjectIdentifier oid, byte[] externalName)
if(_logger.isLoggable(Level.FINE)) { _logger.log(Level.FINE,"Attempting to verify mechanism independent name"); _logger.log(Level.FINE,dumpHex(externalName)); } IOException e = new IOException("Invalid Name"); if (externalName[0] != 0x04) throw e; if (externalName[1] != 0x01) throw e; int mechoidlen = (((int)externalName[2]) << 8)+ externalName[3]; if(_logger.isLoggable(Level.FINE)) { _logger.log(Level.FINE,"Mech OID length = " + mechoidlen); } if (externalName.length < (4 + mechoidlen + 4)) throw e; /* get the mechanism OID and verify it is the same as oid * passed as an argument. */ byte[] deroid = new byte[mechoidlen]; System.arraycopy(externalName, 4, deroid, 0, mechoidlen); ObjectIdentifier oid1 = getOID(deroid); if ( ! oid1.equals(oid) ) return false; else return true;
private static int verifyTokenHeader(sun.security.util.ObjectIdentifier oid, byte[] token)
int index=0; if(_logger.isLoggable(Level.FINE)){ _logger.log(Level.FINE,"Attempting to verify tokenheader in the mechanism independent token."); } // verify header if (token[index++] != 0x60) throw new IOException("Defective Token"); int toklen = readDERLength(token, index); // derOID length + token length if(_logger.isLoggable(Level.FINE)) { _logger.log(Level.FINE,"Mech OID length + Mech specific length = " + toklen); } index += getDERLengthSize(toklen); if(_logger.isLoggable(Level.FINE)){ _logger.log(Level.FINE,"Mechanism OID index : " + index); } if (token[index] != 0x06) throw new IOException("Defective Token"); byte[] buf = new byte[ token.length - index ]; System.arraycopy(token, index, buf, 0, token.length - index); ObjectIdentifier mechoid = getOID(buf); if(_logger.isLoggable(Level.FINE)) { _logger.log(Level.FINE,"Comparing mech OID in token with the expected mech OID"); _logger.log(Level.FINE,"mech OID: " + dumpHex(getDER(mechoid))); _logger.log(Level.FINE,"expected mech OID: " + dumpHex(getDER(oid))); } if ( ! mechoid.equals(oid)) { if(_logger.isLoggable(Level.FINE)) { _logger.log(Level.FINE,"mech OID in token does not match expected mech OID"); } throw new IOException("Defective token"); } int mechoidlen = getDER(oid).length; if(_logger.isLoggable(Level.FINE)) { _logger.log(Level.FINE,"Mechanism specific token index : " + index + mechoidlen); _logger.log(Level.FINE,"Successfully verified header in the mechanism independent token."); } return (index + mechoidlen); // starting position of mech specific token
static int writeDERLength(byte[] token, int index, int length)
if (length < (1<<7)) { token[index++] = (byte)length; } else { token[index++] = (byte)(getDERLengthSize(length)+127); if (length >= (1<<24)) token[index++] = (byte)(length>>24); if (length >= (1<<16)) token[index++] = (byte)((length>>16)&0xff); if (length >= (1<<8)) token[index++] = (byte)((length>>8)&0xff); token[index++] = (byte)(length&0xff); } return (index);