001 /* ChannelBinding.java -- a channel binding in the GSS-API.
002 Copyright (C) 2004 Free Software Foundation, Inc.
003
004 This file is part of GNU Classpath.
005
006 GNU Classpath is free software; you can redistribute it and/or modify
007 it under the terms of the GNU General Public License as published by
008 the Free Software Foundation; either version 2, or (at your option)
009 any later version.
010
011 GNU Classpath is distributed in the hope that it will be useful, but
012 WITHOUT ANY WARRANTY; without even the implied warranty of
013 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
014 General Public License for more details.
015
016 You should have received a copy of the GNU General Public License
017 along with GNU Classpath; see the file COPYING. If not, write to the
018 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
019 02110-1301 USA.
020
021 Linking this library statically or dynamically with other modules is
022 making a combined work based on this library. Thus, the terms and
023 conditions of the GNU General Public License cover the whole
024 combination.
025
026 As a special exception, the copyright holders of this library give you
027 permission to link this library with independent modules to produce an
028 executable, regardless of the license terms of these independent
029 modules, and to copy and distribute the resulting executable under
030 terms of your choice, provided that you also meet, for each linked
031 independent module, the terms and conditions of the license of that
032 module. An independent module is a module which is not derived from
033 or based on this library. If you modify this library, you may extend
034 this exception to your version of the library, but you are not
035 obligated to do so. If you do not wish to do so, delete this
036 exception statement from your version.
037
038 The documentation comments of this class are derived from the text
039 of RFC 2853: Generic Security Service API Version 2: Java Bindings.
040 That document is covered under the following license notice:
041
042 Copyright (C) The Internet Society (2000). All Rights Reserved.
043
044 This document and translations of it may be copied and furnished to
045 others, and derivative works that comment on or otherwise explain it
046 or assist in its implementation may be prepared, copied, published and
047 distributed, in whole or in part, without restriction of any kind,
048 provided that the above copyright notice and this paragraph are
049 included on all such copies and derivative works. However, this
050 document itself may not be modified in any way, such as by removing
051 the copyright notice or references to the Internet Society or other
052 Internet organizations, except as needed for the purpose of developing
053 Internet standards in which case the procedures for copyrights defined
054 in the Internet Standards process must be followed, or as required to
055 translate it into languages other than English.
056
057 The limited permissions granted above are perpetual and will not be
058 revoked by the Internet Society or its successors or assigns.
059
060 This document and the information contained herein is provided on an
061 "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
062 TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT
063 NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN
064 WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
065 MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. */
066
067
068 package org.ietf.jgss;
069
070 import java.net.InetAddress;
071 import java.util.Arrays;
072
073 /**
074 * <p>The GSS-API accommodates the concept of caller-provided channel
075 * binding information. Channel bindings are used to strengthen the
076 * quality with which peer entity authentication is provided during
077 * context establishment. They enable the GSS-API callers to bind the
078 * establishment of the security context to relevant characteristics
079 * like addresses or to application specific data.</p>
080 *
081 * <p>The caller initiating the security context must determine the
082 * appropriate channel binding values to set in the {@link GSSContext}
083 * object. The acceptor must provide an identical binding in order to
084 * validate that received tokens possess correct channel-related
085 * characteristics.</p>
086 *
087 * <p>Use of channel bindings is optional in GSS-API. Since channel-binding
088 * information may be transmitted in context establishment tokens,
089 * applications should therefore not use confidential data as
090 * channel-binding components.</p>
091 */
092 public class ChannelBinding
093 {
094
095 // Fields.
096 // -------------------------------------------------------------------------
097
098 private final byte[] appData;
099 private final InetAddress initAddr;
100 private final InetAddress acceptAddr;
101
102 // Constructor.
103 // -------------------------------------------------------------------------
104
105 /**
106 * Create a ChannelBinding object with user supplied address information
107 * and data. <code>null</code> values can be used for any fields which the
108 * application does not want to specify.
109 *
110 * @param initAddr The address of the context initiator. <code>null</code>
111 * value can be supplied to indicate that the application
112 * does not want to set this value.
113 * @param acceptAddr The address of the context acceptor. <code>null</code>
114 * value can be supplied to indicate that the application
115 * does not want to set this value.
116 * @param appData Application supplied data to be used as part of the
117 * channel bindings. <code>null</code> value can be
118 * supplied to indicate that the application does not
119 * want to set this value.
120 */
121 public ChannelBinding(InetAddress initAddr, InetAddress acceptAddr,
122 byte[] appData)
123 {
124 this.appData = (appData != null) ? (byte[]) appData.clone() : null;
125 this.initAddr = initAddr;
126 this.acceptAddr = acceptAddr;
127 }
128
129 /**
130 * Creates a ChannelBinding object without any addressing information.
131 *
132 * @param appData Application supplied data to be used as part of the
133 * channel bindings.
134 */
135 public ChannelBinding(byte[] appData)
136 {
137 this(null, null, appData);
138 }
139
140 // Instance methods.
141 // -------------------------------------------------------------------------
142
143 /**
144 * Returns the initiator's address for this channel binding.
145 * <code>null</code> is returned if the address has not been set.
146 *
147 * @return The initiator's address, or <code>null</code>.
148 */
149 public InetAddress getInitiatorAddress()
150 {
151 return initAddr;
152 }
153
154 /**
155 * Returns the acceptor's address for this channel binding.
156 * <code>null</code> is returned if the address has not been set.
157 *
158 * @return The acceptor's address, or <code>null</code>.
159 */
160 public InetAddress getAcceptorAddress()
161 {
162 return acceptAddr;
163 }
164
165 /**
166 * Returns application data being used as part of the ChannelBinding.
167 * <code>null</code> is returned if no application data has been
168 * specified for the channel binding.
169 *
170 * @return The application data, or <code>null</code>.
171 */
172 public byte[] getApplicationData()
173 {
174 if (appData != null)
175 return (byte[]) appData.clone();
176 return null;
177 }
178
179 /**
180 * Returns <code>true</code> if two channel bindings match.
181 *
182 * @param obj Another channel binding to compare with.
183 * @return True if this channel binding equals the other.
184 */
185 public boolean equals(Object obj)
186 {
187 if (!(obj instanceof ChannelBinding))
188 return false;
189 ChannelBinding cb = (ChannelBinding) obj;
190 boolean b1 = Arrays.equals(appData, cb.appData);
191 boolean b2 = (initAddr == null && cb.initAddr == null)
192 || (cb.initAddr != null && initAddr.equals(cb.initAddr));
193 boolean b3 = (acceptAddr == null && cb.acceptAddr == null)
194 || (cb.acceptAddr != null && acceptAddr.equals(cb.acceptAddr));
195 return b1 && b2 && b3;
196 }
197
198 /**
199 * Returns the hash code for this channel binding.
200 *
201 * @return The hash code.
202 */
203 public int hashCode()
204 {
205 int code = 0;
206 if (appData != null)
207 for (int i = 0; i < appData.length; i++)
208 code ^= appData[i] << ((8 * i) & 31);
209 if (initAddr != null)
210 code ^= initAddr.hashCode();
211 if (acceptAddr != null)
212 code ^= acceptAddr.hashCode();
213 return code;
214 }
215 }