/** * Each digest method has its own ASN1 header * * @return the ASN1 header bytes for the signatureValue / digestInfo * * @see <a href="https://tools.ietf.org/html/rfc2313#section-10.1.2">Data encoding</a> */ byte[] getHashMagic() { // in an earlier release the hashMagic (aka DigestAlgorithmIdentifier) contained only // an object identifier, but to conform with the header generated by the // javax-signature API, the empty <associated parameters> are also included try { final byte[] oidBytes = new Oid(algo.rsaOid).getDER(); final ByteArrayOutputStream bos = new ByteArrayOutputStream(); bos.write(0x30); bos.write(algo.hashSize+oidBytes.length+6); bos.write(0x30); bos.write(oidBytes.length+2); bos.write(oidBytes); bos.write(new byte[] {5,0,4}); bos.write(algo.hashSize); return bos.toByteArray(); } catch (GSSException|IOException e) { throw new IllegalStateException(e); } } }
/** * <p> * Create an ASN.1, DER encoded representation for the GSSUP OID mechanism. * </p> * * @return the DER encoded representation of the GSSUP OID. */ public static byte[] createGSSUPMechOID() { // kudos to org.ietf.jgss.Oid for the Oid utility need to strip the "oid:" part of the GSSUPMechOID first. byte[] retval = {}; try { Oid oid = new Oid(GSSUPMechOID.value.substring(4)); retval = oid.getDER(); } catch (GSSException e) { IIOPLogger.ROOT_LOGGER.caughtExceptionEncodingGSSUPMechOID(e); } return retval; }
@Override public SSHPacket buildReq() throws UserAuthException { SSHPacket packet = super.buildReq() // the generic stuff .putUInt32(mechanismOids.size()); // number of OIDs we support for (Oid oid : mechanismOids) { try { packet.putString(oid.getDER()); } catch (GSSException e) { throw new UserAuthException("Mechanism OID could not be encoded: " + oid.toString(), e); } } return packet; }
throw new GSSException(GSSException.FAILURE); messageDigest.update(mechanismOid.getDER()); byte[] digest = messageDigest.digest(); digest[6] &= 0xfe;
/** * Recompute and restore the initial context token header for the given token. * * @param token the initial context token without the token header * @return the initial context token with the token header restored * @throws ASN1Exception if the mechanism OID cannot be DER encoded */ private byte[] restoreTokenHeader(byte[] token) throws ASN1Exception { final DEREncoder encoder = new DEREncoder(); encoder.encodeImplicit(APPLICATION_SPECIFIC_MASK, 0); encoder.startSequence(); try { encoder.writeEncoded(mechanism.getDER()); } catch (GSSException e) { throw new ASN1Exception(e); } encoder.writeEncoded(token); encoder.endSequence(); return encoder.getEncoded(); }
private static DER getDER(Oid oid) { try { return new DER(oid.getDER()); } catch (GSSException ex) { // won't happen. a proper OID is encodable. throw new IllegalArgumentException(ex); } }
protected static void encodeSupportedMech(final List<byte[]> tokens, final Oid supportedMech) throws GSSException { if (supportedMech == null) return; byte[] supportedMechToken = supportedMech.getDER(); byte[] sequenceLength = createTypeLength((byte) 0xa1, supportedMechToken.length); tokens.add(0, supportedMechToken); tokens.add(0, sequenceLength); }
/** * Each digest method has its own ASN1 header * * @return the ASN1 header bytes for the signatureValue / digestInfo * * @see <a href="https://tools.ietf.org/html/rfc2313#section-10.1.2">Data encoding</a> */ byte[] getHashMagic() { // in an earlier release the hashMagic (aka DigestAlgorithmIdentifier) contained only // an object identifier, but to conform with the header generated by the // javax-signature API, the empty <associated parameters> are also included try { final byte[] oidBytes = new Oid(algo.rsaOid).getDER(); final ByteArrayOutputStream bos = new ByteArrayOutputStream(); bos.write(0x30); bos.write(algo.hashSize+oidBytes.length+6); bos.write(0x30); bos.write(oidBytes.length+2); bos.write(oidBytes); bos.write(new byte[] {5,0,4}); bos.write(algo.hashSize); return bos.toByteArray(); } catch (GSSException|IOException e) { throw new IllegalStateException(e); } } }
/** * <p> * Create an ASN.1, DER encoded representation for the GSSUP OID mechanism. * </p> * * @return the DER encoded representation of the GSSUP OID. */ public static byte[] createGSSUPMechOID() { // kudos to org.ietf.jgss.Oid for the Oid utility need to strip the "oid:" part of the GSSUPMechOID first. byte[] retval = {}; try { Oid oid = new Oid(GSSUPMechOID.value.substring(4)); retval = oid.getDER(); } catch (GSSException e) { IIOPLogger.ROOT_LOGGER.caughtExceptionEncodingGSSUPMechOID(e); } return retval; }
/** * <p> * Create an ASN.1, DER encoded representation for the GSSUP OID mechanism. * </p> * * @return the DER encoded representation of the GSSUP OID. */ public static byte[] createGSSUPMechOID() { // kudos to org.ietf.jgss.Oid for the Oid utility need to strip the "oid:" part of the GSSUPMechOID first. byte[] retval = {}; try { Oid oid = new Oid(GSSUPMechOID.value.substring(4)); retval = oid.getDER(); } catch (GSSException e) { IIOPLogger.ROOT_LOGGER.caughtExceptionEncodingGSSUPMechOID(e); } return retval; }
/** * @return GSSUP mechOid in DER format */ public static byte[] getMechOidDer() { Oid oid = null; byte[] gssupDerEncoding = null; try { oid = new Oid(getMechOID()); gssupDerEncoding = oid.getDER(); } catch (GSSException gsse) { TraceCarol.error("Error while getting MechOID"); return null; } return gssupDerEncoding; }
@Override public SSHPacket buildReq() throws UserAuthException { SSHPacket packet = super.buildReq() // the generic stuff .putUInt32(mechanismOids.size()); // number of OIDs we support for (Oid oid : mechanismOids) { try { packet.putString(oid.getDER()); } catch (GSSException e) { throw new UserAuthException("Mechanism OID could not be encoded: " + oid.toString(), e); } } return packet; }
private static rpcsec_gss_info gssInfoOf(FsExport.Sec sec) throws GSSException { final rpcsec_gss_info gssInfo = new rpcsec_gss_info(); final Oid oid = new Oid(K5OID); gssInfo.oid = new sec_oid4(oid.getDER()); gssInfo.qop = new qop4(DEFAULT_QOP); switch (sec) { case KRB5: gssInfo.service = RpcGssService.RPC_GSS_SVC_NONE; break; case KRB5I: gssInfo.service = RpcGssService.RPC_GSS_SVC_INTEGRITY; break; case KRB5P: gssInfo.service = RpcGssService.RPC_GSS_SVC_PRIVACY; break; default: throw new IllegalArgumentException("Bad flavor: " + sec); } return gssInfo; }
new Oid("1.2.840.113554.1.2.2").getDER(); System.out.println("Process ID (PID) = " + getPID()); new IntHolder(11)._type();
throw new GSSException(GSSException.FAILURE); messageDigest.update(mechanismOid.getDER()); byte[] digest = messageDigest.digest(); digest[6] &= 0xfe;
/** * Recompute and restore the initial context token header for the given token. * * @param token the initial context token without the token header * @return the initial context token with the token header restored * @throws ASN1Exception if the mechanism OID cannot be DER encoded */ private byte[] restoreTokenHeader(byte[] token) throws ASN1Exception { final DEREncoder encoder = new DEREncoder(); encoder.encodeImplicit(APPLICATION_SPECIFIC_MASK, 0); encoder.startSequence(); try { encoder.writeEncoded(mechanism.getDER()); } catch (GSSException e) { throw new ASN1Exception(e); } encoder.writeEncoded(token); encoder.endSequence(); return encoder.getEncoded(); }
/** * Recompute and restore the initial context token header for the given token. * * @param token the initial context token without the token header * @return the initial context token with the token header restored * @throws ASN1Exception if the mechanism OID cannot be DER encoded */ private byte[] restoreTokenHeader(byte[] token) throws ASN1Exception { final DEREncoder encoder = new DEREncoder(); encoder.encodeImplicit(APPLICATION_SPECIFIC_MASK, 0); encoder.startSequence(); try { encoder.writeEncoded(mechanism.getDER()); } catch (GSSException e) { throw new ASN1Exception(e); } encoder.writeEncoded(token); encoder.endSequence(); return encoder.getEncoded(); }
/** * Recompute and restore the initial context token header for the given token. * * @param token the initial context token without the token header * @return the initial context token with the token header restored * @throws ASN1Exception if the mechanism OID cannot be DER encoded */ private byte[] restoreTokenHeader(byte[] token) throws ASN1Exception { final DEREncoder encoder = new DEREncoder(); encoder.encodeImplicit(APPLICATION_SPECIFIC_MASK, 0); encoder.startSequence(); try { encoder.writeEncoded(mechanism.getDER()); } catch (GSSException e) { throw new ASN1Exception(e); } encoder.writeEncoded(token); encoder.endSequence(); return encoder.getEncoded(); }
Key searchSessionKey ( Subject subject ) throws GSSException { MIEName src = new MIEName(this.gssContext.getSrcName().export()); MIEName targ = new MIEName(this.gssContext.getTargName().export()); ASN1ObjectIdentifier mech = ASN1ObjectIdentifier.getInstance(this.gssContext.getMech().getDER()); for ( KerberosTicket ticket : subject.getPrivateCredentials(KerberosTicket.class) ) { MIEName client = new MIEName(mech, ticket.getClient().getName()); MIEName server = new MIEName(mech, ticket.getServer().getName()); if ( src.equals(client) && targ.equals(server) ) { return ticket.getSessionKey(); } } return null; }
Key searchSessionKey ( Subject subject ) throws GSSException { MIEName src = new MIEName(this.gssContext.getSrcName().export()); MIEName targ = new MIEName(this.gssContext.getTargName().export()); ASN1ObjectIdentifier mech = ASN1ObjectIdentifier.getInstance(this.gssContext.getMech().getDER()); for ( KerberosTicket ticket : subject.getPrivateCredentials(KerberosTicket.class) ) { MIEName client = new MIEName(mech, ticket.getClient().getName()); MIEName server = new MIEName(mech, ticket.getServer().getName()); if ( src.equals(client) && targ.equals(server) ) { return ticket.getSessionKey(); } } return null; }