/*
* Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package sun.security.jgss.krb5;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.IOException;
import org.ietf.jgss.*;
import java.security.MessageDigest;
import java.security.GeneralSecurityException;
import java.security.NoSuchAlgorithmException;
import sun.security.krb5.*;
import sun.security.krb5.internal.crypto.Des3;
import sun.security.krb5.internal.crypto.Aes128;
import sun.security.krb5.internal.crypto.Aes256;
import sun.security.krb5.internal.crypto.ArcFourHmac;
class CipherHelper {
// From draft-raeburn-cat-gssapi-krb5-3des-00
// Key usage values when deriving keys
private static final int KG_USAGE_SEAL = 22;
private static final int KG_USAGE_SIGN = 23;
private static final int KG_USAGE_SEQ = 24;
private static final int DES_CHECKSUM_SIZE = 8;
private static final int DES_IV_SIZE = 8;
private static final int AES_IV_SIZE = 16;
// ARCFOUR-HMAC
// Save first 8 octets of HMAC Sgn_Cksum
private static final int HMAC_CHECKSUM_SIZE = 8;
// key usage for MIC tokens used by MS
private static final int KG_USAGE_SIGN_MS = 15;
// debug flag
private static final boolean DEBUG = Krb5Util.DEBUG;
/**
* A zero initial vector to be used for checksum calculation and for
* DesCbc application data encryption/decryption.
*/
private static final byte[] ZERO_IV = new byte[DES_IV_SIZE];
private static final byte[] ZERO_IV_AES = new byte[AES_IV_SIZE];
private int etype;
private int sgnAlg, sealAlg;
private byte[] keybytes;
// new token format from draft-ietf-krb-wg-gssapi-cfx-07
// proto is used to determine new GSS token format for "newer" etypes
private int proto = 0;
CipherHelper(EncryptionKey key) throws GSSException {
etype = key.getEType();
keybytes = key.getBytes();
switch (etype) {
case EncryptedData.ETYPE_DES_CBC_CRC:
case EncryptedData.ETYPE_DES_CBC_MD5:
sgnAlg = MessageToken.SGN_ALG_DES_MAC_MD5;
sealAlg = MessageToken.SEAL_ALG_DES;
break;
case EncryptedData.ETYPE_DES3_CBC_HMAC_SHA1_KD:
sgnAlg = MessageToken.SGN_ALG_HMAC_SHA1_DES3_KD;
sealAlg = MessageToken.SEAL_ALG_DES3_KD;
break;
case EncryptedData.ETYPE_ARCFOUR_HMAC:
sgnAlg = MessageToken.SGN_ALG_HMAC_MD5_ARCFOUR;
sealAlg = MessageToken.SEAL_ALG_ARCFOUR_HMAC;
break;
case EncryptedData.ETYPE_AES128_CTS_HMAC_SHA1_96:
case EncryptedData.ETYPE_AES256_CTS_HMAC_SHA1_96:
sgnAlg = -1;
sealAlg = -1;
proto = 1;
break;
default:
throw new GSSException(GSSException.FAILURE, -1,
"Unsupported encryption type: " + etype);
}
}
int getSgnAlg() {
return sgnAlg;
}
int getSealAlg() {
return sealAlg;
}
int getProto() {
return proto;
}
int getEType() {
return etype;
}
boolean isArcFour() {
boolean flag = false;
if (etype == EncryptedData.ETYPE_ARCFOUR_HMAC) {
flag = true;
}
return flag;
}
byte[] calculateChecksum(int alg, byte[] header, byte[] trailer,
byte[] data, int start, int len, int tokenId) throws GSSException {
switch (alg) {
case MessageToken.SGN_ALG_DES_MAC_MD5:
/*
* With this sign algorithm, first an MD5 hash is computed on the
* application data. The 16 byte hash is then DesCbc encrypted.
*/
try {
MessageDigest md5 = MessageDigest.getInstance("MD5");
// debug("\t\tdata=[");
// debug(getHexBytes(checksumDataHeader,
// checksumDataHeader.length) + " ");
md5.update(header);
// debug(getHexBytes(data, start, len));
md5.update(data, start, len);
if (trailer != null) {
// debug(" " +
// getHexBytes(trailer,
// optionalTrailer.length));
md5.update(trailer);
}
// debug("]\n");
data = md5.digest();
start = 0;
len = data.length;
// System.out.println("\tMD5 Checksum is [" +
// getHexBytes(data) + "]\n");
header = null;
trailer = null;
} catch (NoSuchAlgorithmException e) {
GSSException ge = new GSSException(GSSException.FAILURE, -1,
"Could not get MD5 Message Digest - " + e.getMessage());
ge.initCause(e);
throw ge;
}
// fall through to encrypt checksum
case MessageToken.SGN_ALG_DES_MAC:
return getDesCbcChecksum(keybytes, header, data, start, len);
case MessageToken.SGN_ALG_HMAC_SHA1_DES3_KD:
byte[] buf;
int offset, total;
if (header == null && trailer == null) {
buf = data;
total = len;
offset = start;
} else {
total = ((header != null ? header.length : 0) + len +
(trailer != null ? trailer.length : 0));
buf = new byte[total];
int pos = 0;
if (header != null) {
System.arraycopy(header, 0, buf, 0, header.length);
pos = header.length;
}
System.arraycopy(data, start, buf, pos, len);
pos += len;
if (trailer != null) {
System.arraycopy(trailer, 0, buf, pos, trailer.length);
}
offset = 0;
}
try {
/*
Krb5Token.debug("\nkeybytes: " +
Krb5Token.getHexBytes(keybytes));
Krb5Token.debug("\nheader: " + (header == null ? "NONE" :
Krb5Token.getHexBytes(header)));
Krb5Token.debug("\ntrailer: " + (trailer == null ? "NONE" :
Krb5Token.getHexBytes(trailer)));
Krb5Token.debug("\ndata: " +
Krb5Token.getHexBytes(data, start, len));
Krb5Token.debug("\nbuf: " + Krb5Token.getHexBytes(buf, offset,
thqt-code.rar (50个子文件) 
wrapper 
GSSCredElement.java 4KB NativeGSSContext.java 23KB GSSNameElement.java 10KB Krb5Util.java 2KB SunNativeProvider.java 5KB GSSLibStub.java 5KB NativeGSSFactory.java 7KB VGSSCaller.java 2KB ZGSSExceptionImpl.java 3KB spnego NegTokenTarg.java 8KB SpNegoCredElement.java 3KB SpNegoMechFactory.java 7KB NegTokenInit.java 8KB SpNegoContext.java 42KB SpNegoToken.java 6KB jAGSSManagerImpl.java 9KB krb5 CipherHelper.java 55KB Krb5MechFactory.java 9KB SubjectComber.java 8KB MessageToken.java 26KB Krb5NameElement.java 11KB Krb5Util.java 15KB Krb5CredElement.java 1KB MicToken.java 4KB Krb5Context.java 49KB InitialToken.java 18KB AcceptSecContextToken.java 4KB Krb5Token.java 4KB WrapToken_v2.java 9KB Krb5AcceptCredential.java 6KB Krb5InitCredential.java 13KB MessageToken_v2.java 24KB MicToken_v2.java 4KB WrapToken.java 19KB InitSecContextToken.java 7KB e3GSSUtil.java 15KB spi GSSNameSpi.java 4KB GSSCredentialSpi.java 3KB MechanismFactory.java 10KB GSSContextSpi.java 16KB ProviderList.java 21KB ZBGSSToken.java 8KB SunProvider.java 3KB uGSSHeader.java 11KB qGSSCredentialImpl.java 23KB TokenTracker.java 14KB HttpCaller.java 2KB yGSSNameImpl.java 17KB IGSSContextImpl.java 24KB LoginConfigImpl.java 7KB
我虽横行却不霸道
- 粉丝: 91
- 资源: 1万+
最新资源
- Wafer - 企业级微信小程序全栈方案.zip
- Vue,React,微信小程序,快应用,TS , Koa, JS 一把梭.zip
- unocss微信小程序预设,unocss小程序默认,在 taro uniapp 原生小程序中使用unocss.zip
- c++ -msvc-chrono.hpp 时间类: 对本头文件的注释,以便于理解 STL 里引入的时间方面的操作
- uni-app小程序.zip
- uni-app echarts vue2专用小程序.zip
- spritejs 小程序版.zip
- scrm小程序.zip
- Java制作统计工资的示例工程
- paho.mqtt.wxapp可以让你在微信小程序里连接MQTT代理,在小程序里实现控制硬件,也可用于游戏 .zip
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
评论0