KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > ietf > jgss > ChannelBinding


1 /*
2  * @(#)ChannelBinding.java 1.8 03/12/19
3  *
4  * Copyright 2004 Sun Microsystems, Inc. All rights reserved.
5  * SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
6  */
7  
8 package org.ietf.jgss;
9
10 import java.net.InetAddress JavaDoc;
11 import java.util.Arrays JavaDoc;
12
13 /**
14  * This class encapsulates the concept of caller-provided channel
15  * binding information. Channel bindings are used to strengthen the
16  * quality with which peer entity authentication is provided during
17  * context establishment. They enable the GSS-API callers to bind the
18  * establishment of the security context to relevant characteristics
19  * like addresses or to application specific data.<p>
20  *
21  * The caller initiating the security context must determine the
22  * appropriate channel binding values to set in the GSSContext object.
23  * The acceptor must provide an identical binding in order to validate
24  * that received tokens possess correct channel-related characteristics.<p>
25  *
26  * Use of channel bindings is optional in GSS-API. ChannelBinding can be
27  * set for the {@link GSSContext GSSContext} using the {@link
28  * GSSContext#setChannelBinding(ChannelBinding) setChannelBinding} method
29  * before the first call to {@link GSSContext#initSecContext(byte[], int, int)
30  * initSecContext} or {@link GSSContext#acceptSecContext(byte[], int, int)
31  * acceptSecContext} has been performed. Unless the <code>setChannelBinding</code>
32  * method has been used to set the ChannelBinding for a GSSContext object,
33  * <code>null</code> ChannelBinding will be assumed. <p>
34  *
35  * Conceptually, the GSS-API concatenates the initiator and acceptor
36  * address information, and the application supplied byte array to form an
37  * octet string. The mechanism calculates a MIC over this octet string and
38  * binds the MIC to the context establishment token emitted by
39  * <code>initSecContext</code> method of the <code>GSSContext</code>
40  * interface. The same bindings are set by the context acceptor for its
41  * <code>GSSContext</code> object and during processing of the
42  * <code>acceptSecContext</code> method a MIC is calculated in the same
43  * way. The calculated MIC is compared with that found in the token, and if
44  * the MICs differ, accept will throw a <code>GSSException</code> with the
45  * major code set to {@link GSSException#BAD_BINDINGS BAD_BINDINGS}, and
46  * the context will not be established. Some mechanisms may include the
47  * actual channel binding data in the token (rather than just a MIC);
48  * applications should therefore not use confidential data as
49  * channel-binding components.<p>
50  *
51  * Individual mechanisms may impose additional constraints on addresses
52  * that may appear in channel bindings. For example, a mechanism may
53  * verify that the initiator address field of the channel binding
54  * contains the correct network address of the host system. Portable
55  * applications should therefore ensure that they either provide correct
56  * information for the address fields, or omit setting of the addressing
57  * information.
58  *
59  * @author Mayank Upadhyay
60  * @version 1.8, 12/19/03
61  * @since 1.4
62  */
63 public class ChannelBinding {
64
65     private InetAddress JavaDoc initiator;
66     private InetAddress JavaDoc acceptor;
67     private byte[] appData;
68     
69     /**
70      * Create a ChannelBinding object with user supplied address information
71      * and data. <code>null</code> values can be used for any fields which the
72      * application does not want to specify.
73      *
74      * @param initAddr the address of the context initiator.
75      * <code>null</code> value can be supplied to indicate that the
76      * application does not want to set this value.
77      * @param acceptAddr the address of the context
78      * acceptor. <code>null</code> value can be supplied to indicate that
79      * the application does not want to set this value.
80      * @param appData application supplied data to be used as part of the
81      * channel bindings. <code>null</code> value can be supplied to
82      * indicate that the application does not want to set this value.
83      */
84     public ChannelBinding(InetAddress JavaDoc initAddr, InetAddress JavaDoc acceptAddr,
85             byte[] appData) {
86
87     initiator = initAddr;
88     acceptor = acceptAddr;
89
90     if (appData != null) {
91         this.appData = new byte[appData.length];
92         java.lang.System.arraycopy(appData, 0, this.appData, 0,
93                 appData.length);
94     }
95     }
96     
97     /**
98      * Creates a ChannelBinding object without any addressing information.
99      *
100      * @param appData application supplied data to be used as part of the
101      * channel bindings.
102      */
103     public ChannelBinding(byte[] appData) {
104         this(null, null, appData);
105     }
106
107     /**
108      * Get the initiator's address for this channel binding.
109      *
110      * @return the initiator's address. <code>null</code> is returned if
111      * the address has not been set.
112      */
113     public InetAddress JavaDoc getInitiatorAddress() {
114     return initiator;
115     }
116
117     /**
118      * Get the acceptor's address for this channel binding.
119      *
120      * @return the acceptor's address. null is returned if the address has
121      * not been set.
122      */
123     public InetAddress JavaDoc getAcceptorAddress() {
124     return acceptor;
125     }
126   
127     /**
128      * Get the application specified data for this channel binding.
129      *
130      * @return the application data being used as part of the
131      * ChannelBinding. <code>null</code> is returned if no application data
132      * has been specified for the channel binding.
133      */
134     public byte[] getApplicationData() {
135         
136         if (appData == null) {
137             return null;
138         }
139         
140         byte[] retVal = new byte[appData.length];
141         System.arraycopy(appData, 0, retVal, 0, appData.length);
142     return retVal;
143     }
144
145     /**
146      * Compares two instances of ChannelBinding.
147      *
148      * @param obj another ChannelBinding to compare this one with
149      * @return true if the two ChannelBinding's contain
150      * the same values for the initiator and acceptor addresses and the
151      * application data.
152      */
153     public boolean equals(Object JavaDoc obj) {
154
155     if (this == obj)
156         return true;
157     
158     if (! (obj instanceof ChannelBinding JavaDoc))
159         return false;
160     
161     ChannelBinding JavaDoc cb = (ChannelBinding JavaDoc) obj;
162     
163     if ((initiator != null && cb.initiator == null) ||
164         (initiator == null && cb.initiator != null))
165         return false;
166
167     if (initiator != null && !initiator.equals(cb.initiator))
168         return false;
169
170     if ((acceptor != null && cb.acceptor == null) ||
171         (acceptor == null && cb.acceptor != null))
172         return false;
173
174     if (acceptor != null && !acceptor.equals(cb.acceptor))
175         return false;
176
177     return Arrays.equals(appData, cb.appData);
178     }
179
180     /**
181      * Returns a hashcode value for this ChannelBinding object.
182      *
183      * @return a hashCode value
184      */
185     public int hashCode() {
186     if (initiator != null)
187         return initiator.hashCode();
188     else if (acceptor != null)
189         return acceptor.hashCode();
190     else if (appData != null)
191         return new String JavaDoc(appData).hashCode();
192     else
193         return 1;
194     }
195 }
196
Popular Tags