You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by co...@apache.org on 2017/07/21 15:03:32 UTC
[15/18] directory-kerby git commit: Fixing some problems with the
merges
Fixing some problems with the merges
Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/ee2e516a
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/ee2e516a
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/ee2e516a
Branch: refs/heads/trunk
Commit: ee2e516ac6b2ff3a60186d1fa1c2bcfaae4dc040
Parents: 976b16c
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Fri Jul 21 15:01:11 2017 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Fri Jul 21 15:01:11 2017 +0100
----------------------------------------------------------------------
.../kerberos/kerb/gss/impl/GssContext.java | 102 ++++++++++++++++---
1 file changed, 87 insertions(+), 15 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ee2e516a/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gss/impl/GssContext.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gss/impl/GssContext.java b/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gss/impl/GssContext.java
index bbb149a..9d63d1c 100644
--- a/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gss/impl/GssContext.java
+++ b/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gss/impl/GssContext.java
@@ -442,7 +442,8 @@ public class GssContext implements GSSContextSpi {
}
try {
- ApRequest.validate(serverKey, apReq, channelBinding.getInitiatorAddress(), 5 * 60 * 1000);
+ ApRequest.validate(serverKey, apReq,
+ channelBinding == null ? null : channelBinding.getInitiatorAddress(), 5 * 60 * 1000);
} catch (KrbException e) {
throw new GSSException(GSSException.UNAUTHORIZED, -1, "ApReq verification failed: " + e.getMessage());
}
@@ -502,12 +503,22 @@ public class GssContext implements GSSContextSpi {
if (ctxState != STATE_ESTABLISHED) {
throw new GSSException(GSSException.NO_CONTEXT, -1, "Context invalid for wrap");
}
+
+ int len;
+ byte[] inBuf;
+ try {
+ len = is.available();
+ inBuf = new byte[len];
+ is.read(inBuf);
+ } catch (IOException e) {
+ throw new GSSException(GSSException.FAILURE, -1, "Error when get user data:" + e.getMessage());
+ }
if (gssEncryptor.isV2()) {
- WrapTokenV2 token = new WrapTokenV2(this, inBuf, 0, len, msgProp);
- token.wrap(os);
+ WrapTokenV2 token = new WrapTokenV2(this, inBuf, 0, len, msgProp);
+ token.wrap(os);
} else {
- WrapTokenV1 token = new WrapTokenV1(this, inBuf, 0, len, msgProp);
- token.wrap(os);
+ WrapTokenV1 token = new WrapTokenV1(this, inBuf, 0, len, msgProp);
+ token.wrap(os);
}
}
@@ -518,17 +529,21 @@ public class GssContext implements GSSContextSpi {
}
byte[] ret;
if (gssEncryptor.isV2()) {
- WrapTokenV2 token = new WrapTokenV2(this, inBuf, offset, len, msgProp);
- ret = token.wrap();
+ WrapTokenV2 token = new WrapTokenV2(this, inBuf, offset, len, msgProp);
+ ret = token.wrap();
} else {
- WrapTokenV1 token = new WrapTokenV1(this, inBuf, offset, len, msgProp);
- ret = token.wrap();
+ WrapTokenV1 token = new WrapTokenV1(this, inBuf, offset, len, msgProp);
+ ret = token.wrap();
}
return ret;
}
public void unwrap(InputStream is, OutputStream os,
MessageProp msgProp) throws GSSException {
+ if (ctxState != STATE_ESTABLISHED) {
+ throw new GSSException(GSSException.NO_CONTEXT, -1, "Context invalid for unwrap");
+ }
+
if (gssEncryptor.isV2()) {
WrapTokenV2 token = new WrapTokenV2(this, msgProp, is);
token.unwrap(os);
@@ -543,10 +558,11 @@ public class GssContext implements GSSContextSpi {
if (ctxState != STATE_ESTABLISHED) {
throw new GSSException(GSSException.NO_CONTEXT, -1, "Context invalid for unwrap");
}
+
byte[] ret;
if (gssEncryptor.isV2()) {
- WrapTokenV2 token = new WrapTokenV2(this, msgProp, inBuf, offset, len);
- ret = token.unwrap();
+ WrapTokenV2 token = new WrapTokenV2(this, msgProp, inBuf, offset, len);
+ ret = token.unwrap();
} else {
WrapTokenV1 token = new WrapTokenV1(this, msgProp, inBuf, offset, len);
ret = token.unwrap();
@@ -555,26 +571,81 @@ public class GssContext implements GSSContextSpi {
}
public void getMIC(InputStream is, OutputStream os,
- MessageProp msgProp)
- throws GSSException {
+ MessageProp msgProp) throws GSSException {
+ if (ctxState != STATE_ESTABLISHED) {
+ throw new GSSException(GSSException.NO_CONTEXT, -1, "Context invalid for getMIC");
+ }
+
+ try {
+ int len = is.available();
+ byte[] inMsg = new byte[len];
+ is.read(inMsg);
+ if (gssEncryptor.isV2()) {
+ MicTokenV2 token = new MicTokenV2(this, inMsg, 0, len, msgProp);
+ token.getMic(os);
+ } else {
+ MicTokenV1 token = new MicTokenV1(this, inMsg, 0, len, msgProp);
+ token.getMic(os);
+ }
+ } catch (IOException e) {
+ throw new GSSException(GSSException.FAILURE, -1, "Error when get user data in getMIC:" + e.getMessage());
+ }
}
public byte[] getMIC(byte[] inMsg, int offset, int len,
MessageProp msgProp) throws GSSException {
- return null; // TODO: to be implemented
+ if (ctxState != STATE_ESTABLISHED) {
+ throw new GSSException(GSSException.NO_CONTEXT, -1, "Context invalid for getMIC");
+ }
+
+ byte[] ret;
+ if (gssEncryptor.isV2()) {
+ MicTokenV2 token = new MicTokenV2(this, inMsg, offset, len, msgProp);
+ ret = token.getMic();
+ } else {
+ MicTokenV1 token = new MicTokenV1(this, inMsg, offset, len, msgProp);
+ ret = token.getMic();
+ }
+ return ret;
}
public void verifyMIC(InputStream is, InputStream msgStr,
MessageProp msgProp) throws GSSException {
+ if (ctxState != STATE_ESTABLISHED) {
+ throw new GSSException(GSSException.NO_CONTEXT, -1, "Context invalid for verifyMIC");
+ }
+
+ try {
+ int tokLen = is.available();
+ byte[] inTok = new byte[tokLen];
+ int msgLen = msgStr.available();
+ byte[] inMsg = new byte[msgLen];
+
+ verifyMIC(inTok, 0, tokLen, inMsg, 0, msgLen, msgProp);
+ } catch (IOException e) {
+ throw new GSSException(GSSException.FAILURE, -1,
+ "Error when get user data in verifyMIC:" + e.getMessage());
+ }
}
public void verifyMIC(byte[]inTok, int tokOffset, int tokLen,
byte[] inMsg, int msgOffset, int msgLen,
MessageProp msgProp) throws GSSException {
+ if (ctxState != STATE_ESTABLISHED) {
+ throw new GSSException(GSSException.NO_CONTEXT, -1, "Context invalid for verifyMIC");
+ }
+
+ if (gssEncryptor.isV2()) {
+ MicTokenV2 token = new MicTokenV2(this, msgProp, inTok, tokOffset, tokLen);
+ token.verify(inMsg, msgOffset, msgLen);
+ } else {
+ MicTokenV1 token = new MicTokenV1(this, msgProp, inTok, tokOffset, tokLen);
+ token.verify(inMsg, msgOffset, msgLen);
+ }
}
public byte[] export() throws GSSException {
- throw new GSSException(GSSException.UNAVAILABLE, -1, "Unsupported export method");
+ throw new GSSException(GSSException.UNAVAILABLE, -1, "Unsupported export() method");
}
public void dispose() throws GSSException {
@@ -672,3 +743,4 @@ public class GssContext implements GSSContextSpi {
return gssEncryptor;
}
}
+