001 /* ChannelBinding.java -- a channel binding in the GSS-API. 002 Copyright (C) 2004 Free Software Foundation, Inc. 003 004 This file is part of GNU Classpath. 005 006 GNU Classpath is free software; you can redistribute it and/or modify 007 it under the terms of the GNU General Public License as published by 008 the Free Software Foundation; either version 2, or (at your option) 009 any later version. 010 011 GNU Classpath is distributed in the hope that it will be useful, but 012 WITHOUT ANY WARRANTY; without even the implied warranty of 013 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 014 General Public License for more details. 015 016 You should have received a copy of the GNU General Public License 017 along with GNU Classpath; see the file COPYING. If not, write to the 018 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 019 02110-1301 USA. 020 021 Linking this library statically or dynamically with other modules is 022 making a combined work based on this library. Thus, the terms and 023 conditions of the GNU General Public License cover the whole 024 combination. 025 026 As a special exception, the copyright holders of this library give you 027 permission to link this library with independent modules to produce an 028 executable, regardless of the license terms of these independent 029 modules, and to copy and distribute the resulting executable under 030 terms of your choice, provided that you also meet, for each linked 031 independent module, the terms and conditions of the license of that 032 module. An independent module is a module which is not derived from 033 or based on this library. If you modify this library, you may extend 034 this exception to your version of the library, but you are not 035 obligated to do so. If you do not wish to do so, delete this 036 exception statement from your version. 037 038 The documentation comments of this class are derived from the text 039 of RFC 2853: Generic Security Service API Version 2: Java Bindings. 040 That document is covered under the following license notice: 041 042 Copyright (C) The Internet Society (2000). All Rights Reserved. 043 044 This document and translations of it may be copied and furnished to 045 others, and derivative works that comment on or otherwise explain it 046 or assist in its implementation may be prepared, copied, published and 047 distributed, in whole or in part, without restriction of any kind, 048 provided that the above copyright notice and this paragraph are 049 included on all such copies and derivative works. However, this 050 document itself may not be modified in any way, such as by removing 051 the copyright notice or references to the Internet Society or other 052 Internet organizations, except as needed for the purpose of developing 053 Internet standards in which case the procedures for copyrights defined 054 in the Internet Standards process must be followed, or as required to 055 translate it into languages other than English. 056 057 The limited permissions granted above are perpetual and will not be 058 revoked by the Internet Society or its successors or assigns. 059 060 This document and the information contained herein is provided on an 061 "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING 062 TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT 063 NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN 064 WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF 065 MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. */ 066 067 068 package org.ietf.jgss; 069 070 import java.net.InetAddress; 071 import java.util.Arrays; 072 073 /** 074 * <p>The GSS-API accommodates the concept of caller-provided channel 075 * binding information. Channel bindings are used to strengthen the 076 * quality with which peer entity authentication is provided during 077 * context establishment. They enable the GSS-API callers to bind the 078 * establishment of the security context to relevant characteristics 079 * like addresses or to application specific data.</p> 080 * 081 * <p>The caller initiating the security context must determine the 082 * appropriate channel binding values to set in the {@link GSSContext} 083 * object. The acceptor must provide an identical binding in order to 084 * validate that received tokens possess correct channel-related 085 * characteristics.</p> 086 * 087 * <p>Use of channel bindings is optional in GSS-API. Since channel-binding 088 * information may be transmitted in context establishment tokens, 089 * applications should therefore not use confidential data as 090 * channel-binding components.</p> 091 */ 092 public class ChannelBinding 093 { 094 095 // Fields. 096 // ------------------------------------------------------------------------- 097 098 private final byte[] appData; 099 private final InetAddress initAddr; 100 private final InetAddress acceptAddr; 101 102 // Constructor. 103 // ------------------------------------------------------------------------- 104 105 /** 106 * Create a ChannelBinding object with user supplied address information 107 * and data. <code>null</code> values can be used for any fields which the 108 * application does not want to specify. 109 * 110 * @param initAddr The address of the context initiator. <code>null</code> 111 * value can be supplied to indicate that the application 112 * does not want to set this value. 113 * @param acceptAddr The address of the context acceptor. <code>null</code> 114 * value can be supplied to indicate that the application 115 * does not want to set this value. 116 * @param appData Application supplied data to be used as part of the 117 * channel bindings. <code>null</code> value can be 118 * supplied to indicate that the application does not 119 * want to set this value. 120 */ 121 public ChannelBinding(InetAddress initAddr, InetAddress acceptAddr, 122 byte[] appData) 123 { 124 this.appData = (appData != null) ? (byte[]) appData.clone() : null; 125 this.initAddr = initAddr; 126 this.acceptAddr = acceptAddr; 127 } 128 129 /** 130 * Creates a ChannelBinding object without any addressing information. 131 * 132 * @param appData Application supplied data to be used as part of the 133 * channel bindings. 134 */ 135 public ChannelBinding(byte[] appData) 136 { 137 this(null, null, appData); 138 } 139 140 // Instance methods. 141 // ------------------------------------------------------------------------- 142 143 /** 144 * Returns the initiator's address for this channel binding. 145 * <code>null</code> is returned if the address has not been set. 146 * 147 * @return The initiator's address, or <code>null</code>. 148 */ 149 public InetAddress getInitiatorAddress() 150 { 151 return initAddr; 152 } 153 154 /** 155 * Returns the acceptor's address for this channel binding. 156 * <code>null</code> is returned if the address has not been set. 157 * 158 * @return The acceptor's address, or <code>null</code>. 159 */ 160 public InetAddress getAcceptorAddress() 161 { 162 return acceptAddr; 163 } 164 165 /** 166 * Returns application data being used as part of the ChannelBinding. 167 * <code>null</code> is returned if no application data has been 168 * specified for the channel binding. 169 * 170 * @return The application data, or <code>null</code>. 171 */ 172 public byte[] getApplicationData() 173 { 174 if (appData != null) 175 return (byte[]) appData.clone(); 176 return null; 177 } 178 179 /** 180 * Returns <code>true</code> if two channel bindings match. 181 * 182 * @param obj Another channel binding to compare with. 183 * @return True if this channel binding equals the other. 184 */ 185 public boolean equals(Object obj) 186 { 187 if (!(obj instanceof ChannelBinding)) 188 return false; 189 ChannelBinding cb = (ChannelBinding) obj; 190 boolean b1 = Arrays.equals(appData, cb.appData); 191 boolean b2 = (initAddr == null && cb.initAddr == null) 192 || (cb.initAddr != null && initAddr.equals(cb.initAddr)); 193 boolean b3 = (acceptAddr == null && cb.acceptAddr == null) 194 || (cb.acceptAddr != null && acceptAddr.equals(cb.acceptAddr)); 195 return b1 && b2 && b3; 196 } 197 198 /** 199 * Returns the hash code for this channel binding. 200 * 201 * @return The hash code. 202 */ 203 public int hashCode() 204 { 205 int code = 0; 206 if (appData != null) 207 for (int i = 0; i < appData.length; i++) 208 code ^= appData[i] << ((8 * i) & 31); 209 if (initAddr != null) 210 code ^= initAddr.hashCode(); 211 if (acceptAddr != null) 212 code ^= acceptAddr.hashCode(); 213 return code; 214 } 215 }