edu.nyu.cs.pdsg.gsspki
Class GSSPKIContext

java.lang.Object
  extended byedu.nyu.cs.pdsg.gsspki.GSSPKIContext
All Implemented Interfaces:
org.ietf.jgss.GSSContext

public class GSSPKIContext
extends java.lang.Object
implements org.ietf.jgss.GSSContext


Field Summary
protected  java.lang.String algorithm
           
(package private)  javax.crypto.Cipher decryptor
           
protected static java.lang.String defaultAlgorithm
           
(package private)  javax.crypto.Cipher encryptor
           
private static java.util.Map generators
           
(package private)  java.util.Vector headerAccum
           
(package private)  int initState
           
(package private)  boolean isServer
           
(package private)  org.ietf.jgss.Oid mechanism
           
(package private)  java.security.KeyPair myKey
           
(package private)  java.security.PublicKey otherKey
           
protected  java.lang.String pkialgorithm
           
protected  java.security.Provider provider
           
(package private)  java.util.Random rand
           
(package private)  boolean ready
           
(package private)  javax.crypto.SecretKey sessKey
           
(package private)  boolean shouldSign
           
 
Fields inherited from interface org.ietf.jgss.GSSContext
DEFAULT_LIFETIME, INDEFINITE_LIFETIME
 
Constructor Summary
GSSPKIContext(org.ietf.jgss.Oid _mech, GSSPKICredential myCred, GSSPKIName otherCred, java.lang.String _algorithm, java.security.Provider _provider)
           
GSSPKIContext(org.ietf.jgss.Oid _mech, GSSPKICredential myCred, java.lang.String _algorithm, java.security.Provider _provider)
           
 
Method Summary
 byte[] acceptSecContext(byte[] inputBuf, int offset, int len)
           
 void acceptSecContext(java.io.InputStream inStream, java.io.OutputStream outStream)
           
protected  void accumulateBytes(byte[] inputBuf, int offset, int len)
          At the end of the handshaking process we sign everything that's been sent in the header.
protected  javax.crypto.SecretKey decodeKey(java.security.PrivateKey privkey, byte[] key)
          decode an encrypted session key off the wire
protected  java.security.PublicKey decodePublicKey(byte[] data, int offset, int len)
          Convert a byte array off the wire into a public key
 void dispose()
           
protected  byte[] encodeKey(java.security.PublicKey otherkey, javax.crypto.SecretKey key)
          encrypt a session key for transmission over the wire
protected  byte[] encodePublicKey(java.security.PublicKey key)
          Convert a public key into a byte array for transmission over the wire
 byte[] export()
           
protected  byte[] extractSection(byte[] base, int offset, int len)
          extract a section of a byte array
protected  javax.crypto.SecretKey generateSessionKey()
          Generate a generic session key
 boolean getAnonymityState()
           
 boolean getConfState()
           
 boolean getCredDelegState()
           
 org.ietf.jgss.GSSCredential getDelegCred()
           
 boolean getIntegState()
           
 int getLifetime()
           
 org.ietf.jgss.Oid getMech()
           
 byte[] getMIC(byte[] inMsg, int offset, int len, org.ietf.jgss.MessageProp msgProp)
           
 void getMIC(java.io.InputStream inStream, java.io.OutputStream outStream, org.ietf.jgss.MessageProp msgProp)
           
 boolean getMutualAuthState()
           
 boolean getReplayDetState()
           
 boolean getSequenceDetState()
           
 org.ietf.jgss.GSSName getSrcName()
           
 org.ietf.jgss.GSSName getTargName()
           
 int getWrapSizeLimit(int qop, boolean confReq, int maxTokenSize)
           
protected  void initCiphers()
          Initialize the Ciphers for use with the context
static void initGenerators(java.security.Provider _provider)
           
 byte[] initSecContext(byte[] inputBuf, int offset, int len)
           
 int initSecContext(java.io.InputStream inStream, java.io.OutputStream outStream)
           
 boolean isEstablished()
           
 boolean isInitiator()
           
 boolean isProtReady()
           
 boolean isTransferable()
           
protected  byte[] readToken(java.io.InputStream in)
          Read a token from an input stream
 void requestAnonymity(boolean state)
           
 void requestConf(boolean state)
           
 void requestCredDeleg(boolean state)
           
 void requestInteg(boolean state)
           
 void requestLifetime(int lifetime)
           
 void requestMutualAuth(boolean state)
           
 void requestReplayDet(boolean state)
           
 void requestSequenceDet(boolean state)
           
 void setChannelBinding(org.ietf.jgss.ChannelBinding binding)
           
protected  byte[] signHandshake(java.security.PrivateKey key)
          Sign the data that has been used for the handshake...
 byte[] unwrap(byte[] inBuf, int offset, int len, org.ietf.jgss.MessageProp msgProp)
           
 void unwrap(java.io.InputStream inStream, java.io.OutputStream outStream, org.ietf.jgss.MessageProp msgProp)
           
protected  boolean verifyHandshake(java.security.PublicKey key, byte[] data)
          Verify a handshake signature
 void verifyMIC(byte[] inToken, int tokOffset, int tokLen, byte[] inMsg, int msgOffset, int msgLen, org.ietf.jgss.MessageProp msgProp)
           
 void verifyMIC(java.io.InputStream tokStream, java.io.InputStream msgStream, org.ietf.jgss.MessageProp msgProp)
           
 byte[] wrap(byte[] inBuf, int offset, int len, org.ietf.jgss.MessageProp msgProp)
           
 void wrap(java.io.InputStream inStream, java.io.OutputStream outStream, org.ietf.jgss.MessageProp msgProp)
           
protected  void writeToken(java.io.OutputStream out, byte[] tok)
          Write a token to an output stream
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

headerAccum

java.util.Vector headerAccum

rand

java.util.Random rand

sessKey

javax.crypto.SecretKey sessKey

myKey

java.security.KeyPair myKey

otherKey

java.security.PublicKey otherKey

ready

boolean ready

shouldSign

boolean shouldSign

isServer

boolean isServer

initState

int initState

defaultAlgorithm

protected static final java.lang.String defaultAlgorithm
See Also:
Constant Field Values

algorithm

protected final java.lang.String algorithm

pkialgorithm

protected final java.lang.String pkialgorithm

provider

protected final java.security.Provider provider

generators

private static java.util.Map generators

encryptor

javax.crypto.Cipher encryptor

decryptor

javax.crypto.Cipher decryptor

mechanism

org.ietf.jgss.Oid mechanism
Constructor Detail

GSSPKIContext

public GSSPKIContext(org.ietf.jgss.Oid _mech,
                     GSSPKICredential myCred,
                     java.lang.String _algorithm,
                     java.security.Provider _provider)
              throws org.ietf.jgss.GSSException

GSSPKIContext

public GSSPKIContext(org.ietf.jgss.Oid _mech,
                     GSSPKICredential myCred,
                     GSSPKIName otherCred,
                     java.lang.String _algorithm,
                     java.security.Provider _provider)
              throws org.ietf.jgss.GSSException
Method Detail

initGenerators

public static void initGenerators(java.security.Provider _provider)
                           throws java.security.NoSuchAlgorithmException,
                                  java.lang.IllegalArgumentException,
                                  java.security.InvalidParameterException
Throws:
java.security.NoSuchAlgorithmException
java.lang.IllegalArgumentException
java.security.InvalidParameterException

accumulateBytes

protected void accumulateBytes(byte[] inputBuf,
                               int offset,
                               int len)
At the end of the handshaking process we sign everything that's been sent in the header. This adds the bytes to a vector that keeps track of what's been sent so it can be signed

Parameters:
inputBuf - the data that has been recieved/sent
offset - the offset into the data
len - the length of the data

generateSessionKey

protected javax.crypto.SecretKey generateSessionKey()
                                             throws org.ietf.jgss.GSSException
Generate a generic session key

Returns:
a randomly generated session key
Throws:
org.ietf.jgss.GSSException

extractSection

protected byte[] extractSection(byte[] base,
                                int offset,
                                int len)
extract a section of a byte array

Parameters:
base - the byte array to extract from
offset - the offset into the array to start extracting from
len - the length of the section to extract
Returns:
the subsection of the array

encodeKey

protected byte[] encodeKey(java.security.PublicKey otherkey,
                           javax.crypto.SecretKey key)
                    throws org.ietf.jgss.GSSException
encrypt a session key for transmission over the wire

Parameters:
key - the key to encode/encrypt
Returns:
the encoded/encrypted key
Throws:
org.ietf.jgss.GSSException

decodeKey

protected javax.crypto.SecretKey decodeKey(java.security.PrivateKey privkey,
                                           byte[] key)
                                    throws org.ietf.jgss.GSSException
decode an encrypted session key off the wire

Parameters:
key - the encrypted/encoded key
Returns:
the decoded/decrypted key
Throws:
org.ietf.jgss.GSSException

decodePublicKey

protected java.security.PublicKey decodePublicKey(byte[] data,
                                                  int offset,
                                                  int len)
                                           throws org.ietf.jgss.GSSException
Convert a byte array off the wire into a public key

Parameters:
data - the byte representation of the key
offset - the offset into the byte array where the representation starts
len - the length of the representation
Returns:
the decoded public key
Throws:
org.ietf.jgss.GSSException

encodePublicKey

protected byte[] encodePublicKey(java.security.PublicKey key)
                          throws org.ietf.jgss.GSSException
Convert a public key into a byte array for transmission over the wire

Parameters:
key - the key to be transmitted
Returns:
the encoded version of the key
Throws:
org.ietf.jgss.GSSException

signHandshake

protected byte[] signHandshake(java.security.PrivateKey key)
                        throws org.ietf.jgss.GSSException
Sign the data that has been used for the handshake...

Parameters:
key - the key to sign the handshake with
Returns:
the signed handshake
Throws:
org.ietf.jgss.GSSException

verifyHandshake

protected boolean verifyHandshake(java.security.PublicKey key,
                                  byte[] data)
Verify a handshake signature

Parameters:
key - the public key corresponding to the private key used to sign the handshake
data - the signature
Returns:
true if the signature is valid

readToken

protected byte[] readToken(java.io.InputStream in)
                    throws org.ietf.jgss.GSSException
Read a token from an input stream

Parameters:
in - the input stream to read from
Returns:
the token read
Throws:
org.ietf.jgss.GSSException

writeToken

protected void writeToken(java.io.OutputStream out,
                          byte[] tok)
                   throws org.ietf.jgss.GSSException
Write a token to an output stream

Parameters:
out - the output stream to write to
tok - the token to write
Throws:
org.ietf.jgss.GSSException

initCiphers

protected void initCiphers()
                    throws org.ietf.jgss.GSSException
Initialize the Ciphers for use with the context

Throws:
org.ietf.jgss.GSSException

acceptSecContext

public byte[] acceptSecContext(byte[] inputBuf,
                               int offset,
                               int len)
                        throws org.ietf.jgss.GSSException
Specified by:
acceptSecContext in interface org.ietf.jgss.GSSContext
Throws:
org.ietf.jgss.GSSException

initSecContext

public byte[] initSecContext(byte[] inputBuf,
                             int offset,
                             int len)
                      throws org.ietf.jgss.GSSException
Specified by:
initSecContext in interface org.ietf.jgss.GSSContext
Throws:
org.ietf.jgss.GSSException

acceptSecContext

public void acceptSecContext(java.io.InputStream inStream,
                             java.io.OutputStream outStream)
                      throws org.ietf.jgss.GSSException
Specified by:
acceptSecContext in interface org.ietf.jgss.GSSContext
Throws:
org.ietf.jgss.GSSException

initSecContext

public int initSecContext(java.io.InputStream inStream,
                          java.io.OutputStream outStream)
                   throws org.ietf.jgss.GSSException
Specified by:
initSecContext in interface org.ietf.jgss.GSSContext
Throws:
org.ietf.jgss.GSSException

dispose

public void dispose()
Specified by:
dispose in interface org.ietf.jgss.GSSContext

setChannelBinding

public void setChannelBinding(org.ietf.jgss.ChannelBinding binding)
                       throws org.ietf.jgss.GSSException
Specified by:
setChannelBinding in interface org.ietf.jgss.GSSContext
Throws:
org.ietf.jgss.GSSException

getMIC

public byte[] getMIC(byte[] inMsg,
                     int offset,
                     int len,
                     org.ietf.jgss.MessageProp msgProp)
              throws org.ietf.jgss.GSSException
Specified by:
getMIC in interface org.ietf.jgss.GSSContext
Throws:
org.ietf.jgss.GSSException

verifyMIC

public void verifyMIC(byte[] inToken,
                      int tokOffset,
                      int tokLen,
                      byte[] inMsg,
                      int msgOffset,
                      int msgLen,
                      org.ietf.jgss.MessageProp msgProp)
               throws org.ietf.jgss.GSSException
Specified by:
verifyMIC in interface org.ietf.jgss.GSSContext
Throws:
org.ietf.jgss.GSSException

getMIC

public void getMIC(java.io.InputStream inStream,
                   java.io.OutputStream outStream,
                   org.ietf.jgss.MessageProp msgProp)
            throws org.ietf.jgss.GSSException
Specified by:
getMIC in interface org.ietf.jgss.GSSContext
Throws:
org.ietf.jgss.GSSException

verifyMIC

public void verifyMIC(java.io.InputStream tokStream,
                      java.io.InputStream msgStream,
                      org.ietf.jgss.MessageProp msgProp)
               throws org.ietf.jgss.GSSException
Specified by:
verifyMIC in interface org.ietf.jgss.GSSContext
Throws:
org.ietf.jgss.GSSException

wrap

public byte[] wrap(byte[] inBuf,
                   int offset,
                   int len,
                   org.ietf.jgss.MessageProp msgProp)
            throws org.ietf.jgss.GSSException
Specified by:
wrap in interface org.ietf.jgss.GSSContext
Throws:
org.ietf.jgss.GSSException

unwrap

public byte[] unwrap(byte[] inBuf,
                     int offset,
                     int len,
                     org.ietf.jgss.MessageProp msgProp)
              throws org.ietf.jgss.GSSException
Specified by:
unwrap in interface org.ietf.jgss.GSSContext
Throws:
org.ietf.jgss.GSSException

unwrap

public void unwrap(java.io.InputStream inStream,
                   java.io.OutputStream outStream,
                   org.ietf.jgss.MessageProp msgProp)
            throws org.ietf.jgss.GSSException
Specified by:
unwrap in interface org.ietf.jgss.GSSContext
Throws:
org.ietf.jgss.GSSException

wrap

public void wrap(java.io.InputStream inStream,
                 java.io.OutputStream outStream,
                 org.ietf.jgss.MessageProp msgProp)
          throws org.ietf.jgss.GSSException
Specified by:
wrap in interface org.ietf.jgss.GSSContext
Throws:
org.ietf.jgss.GSSException

getDelegCred

public org.ietf.jgss.GSSCredential getDelegCred()
Specified by:
getDelegCred in interface org.ietf.jgss.GSSContext

getLifetime

public int getLifetime()
Specified by:
getLifetime in interface org.ietf.jgss.GSSContext

requestLifetime

public void requestLifetime(int lifetime)
Specified by:
requestLifetime in interface org.ietf.jgss.GSSContext

getMech

public org.ietf.jgss.Oid getMech()
                          throws org.ietf.jgss.GSSException
Specified by:
getMech in interface org.ietf.jgss.GSSContext
Throws:
org.ietf.jgss.GSSException

getSrcName

public org.ietf.jgss.GSSName getSrcName()
Specified by:
getSrcName in interface org.ietf.jgss.GSSContext

getTargName

public org.ietf.jgss.GSSName getTargName()
Specified by:
getTargName in interface org.ietf.jgss.GSSContext

getWrapSizeLimit

public int getWrapSizeLimit(int qop,
                            boolean confReq,
                            int maxTokenSize)
                     throws org.ietf.jgss.GSSException
Specified by:
getWrapSizeLimit in interface org.ietf.jgss.GSSContext
Throws:
org.ietf.jgss.GSSException

isEstablished

public boolean isEstablished()
Specified by:
isEstablished in interface org.ietf.jgss.GSSContext

isInitiator

public boolean isInitiator()
Specified by:
isInitiator in interface org.ietf.jgss.GSSContext

isProtReady

public boolean isProtReady()
Specified by:
isProtReady in interface org.ietf.jgss.GSSContext

isTransferable

public boolean isTransferable()
Specified by:
isTransferable in interface org.ietf.jgss.GSSContext

export

public byte[] export()
              throws org.ietf.jgss.GSSException
Specified by:
export in interface org.ietf.jgss.GSSContext
Throws:
org.ietf.jgss.GSSException

getAnonymityState

public boolean getAnonymityState()
Specified by:
getAnonymityState in interface org.ietf.jgss.GSSContext

requestAnonymity

public void requestAnonymity(boolean state)
Specified by:
requestAnonymity in interface org.ietf.jgss.GSSContext

getConfState

public boolean getConfState()
Specified by:
getConfState in interface org.ietf.jgss.GSSContext

requestConf

public void requestConf(boolean state)
Specified by:
requestConf in interface org.ietf.jgss.GSSContext

getCredDelegState

public boolean getCredDelegState()
Specified by:
getCredDelegState in interface org.ietf.jgss.GSSContext

requestCredDeleg

public void requestCredDeleg(boolean state)
Specified by:
requestCredDeleg in interface org.ietf.jgss.GSSContext

getIntegState

public boolean getIntegState()
Specified by:
getIntegState in interface org.ietf.jgss.GSSContext

requestInteg

public void requestInteg(boolean state)
Specified by:
requestInteg in interface org.ietf.jgss.GSSContext

getMutualAuthState

public boolean getMutualAuthState()
Specified by:
getMutualAuthState in interface org.ietf.jgss.GSSContext

requestMutualAuth

public void requestMutualAuth(boolean state)
Specified by:
requestMutualAuth in interface org.ietf.jgss.GSSContext

getReplayDetState

public boolean getReplayDetState()
Specified by:
getReplayDetState in interface org.ietf.jgss.GSSContext

requestReplayDet

public void requestReplayDet(boolean state)
Specified by:
requestReplayDet in interface org.ietf.jgss.GSSContext

getSequenceDetState

public boolean getSequenceDetState()
Specified by:
getSequenceDetState in interface org.ietf.jgss.GSSContext

requestSequenceDet

public void requestSequenceDet(boolean state)
Specified by:
requestSequenceDet in interface org.ietf.jgss.GSSContext


Copyright (c) 2002-2003 New York University RLAB