001    /* ChannelBinding.java -- a channel binding in the GSS-API.
002       Copyright (C) 2004 Free Software Foundation, Inc.
003    
004    This file is part of GNU Classpath.
005    
006    GNU Classpath is free software; you can redistribute it and/or modify
007    it under the terms of the GNU General Public License as published by
008    the Free Software Foundation; either version 2, or (at your option)
009    any later version.
010    
011    GNU Classpath is distributed in the hope that it will be useful, but
012    WITHOUT ANY WARRANTY; without even the implied warranty of
013    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
014    General Public License for more details.
015    
016    You should have received a copy of the GNU General Public License
017    along with GNU Classpath; see the file COPYING.  If not, write to the
018    Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
019    02110-1301 USA.
020    
021    Linking this library statically or dynamically with other modules is
022    making a combined work based on this library.  Thus, the terms and
023    conditions of the GNU General Public License cover the whole
024    combination.
025    
026    As a special exception, the copyright holders of this library give you
027    permission to link this library with independent modules to produce an
028    executable, regardless of the license terms of these independent
029    modules, and to copy and distribute the resulting executable under
030    terms of your choice, provided that you also meet, for each linked
031    independent module, the terms and conditions of the license of that
032    module.  An independent module is a module which is not derived from
033    or based on this library.  If you modify this library, you may extend
034    this exception to your version of the library, but you are not
035    obligated to do so.  If you do not wish to do so, delete this
036    exception statement from your version.
037    
038       The documentation comments of this class are derived from the text
039       of RFC 2853:  Generic Security Service API Version 2: Java Bindings.
040       That document is covered under the following license notice:
041    
042    Copyright (C) The Internet Society (2000).  All Rights Reserved.
043    
044    This document and translations of it may be copied and furnished to
045    others, and derivative works that comment on or otherwise explain it
046    or assist in its implementation may be prepared, copied, published and
047    distributed, in whole or in part, without restriction of any kind,
048    provided that the above copyright notice and this paragraph are
049    included on all such copies and derivative works.  However, this
050    document itself may not be modified in any way, such as by removing
051    the copyright notice or references to the Internet Society or other
052    Internet organizations, except as needed for the purpose of developing
053    Internet standards in which case the procedures for copyrights defined
054    in the Internet Standards process must be followed, or as required to
055    translate it into languages other than English.
056    
057    The limited permissions granted above are perpetual and will not be
058    revoked by the Internet Society or its successors or assigns.
059    
060    This document and the information contained herein is provided on an
061    "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
062    TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT
063    NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN
064    WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
065    MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. */
066    
067    
068    package org.ietf.jgss;
069    
070    import java.net.InetAddress;
071    import java.util.Arrays;
072    
073    /**
074     * <p>The GSS-API accommodates the concept of caller-provided channel
075     * binding information.  Channel bindings are used to strengthen the
076     * quality with which peer entity authentication is provided during
077     * context establishment.  They enable the GSS-API callers to bind the
078     * establishment of the security context to relevant characteristics
079     * like addresses or to application specific data.</p>
080     *
081     * <p>The caller initiating the security context must determine the
082     * appropriate channel binding values to set in the {@link GSSContext}
083     * object. The acceptor must provide an identical binding in order to
084     * validate that received tokens possess correct channel-related
085     * characteristics.</p>
086     *
087     * <p>Use of channel bindings is optional in GSS-API.  Since channel-binding
088     * information may be transmitted in context establishment tokens,
089     * applications should therefore not use confidential data as
090     * channel-binding components.</p>
091     */
092    public class ChannelBinding
093    {
094    
095      // Fields.
096      // -------------------------------------------------------------------------
097    
098      private final byte[] appData;
099      private final InetAddress initAddr;
100      private final InetAddress acceptAddr;
101    
102      // Constructor.
103      // -------------------------------------------------------------------------
104    
105      /**
106       * Create a ChannelBinding object with user supplied address information
107       * and data. <code>null</code> values can be used for any fields which the
108       * application does not want to specify.
109       *
110       * @param initAddr   The address of the context initiator. <code>null</code>
111       *                   value can be supplied to indicate that the application
112       *                   does not want to set this value.
113       * @param acceptAddr The address of the context acceptor. <code>null</code>
114       *                   value can be supplied to indicate that the application
115       *                   does not want to set this value.
116       * @param appData    Application supplied data to be used as part of the
117       *                   channel bindings. <code>null</code> value can be
118       *                   supplied to indicate that the application does not
119       *                   want to set this value.
120       */
121      public ChannelBinding(InetAddress initAddr, InetAddress acceptAddr,
122                            byte[] appData)
123      {
124        this.appData = (appData != null) ? (byte[]) appData.clone() : null;
125        this.initAddr = initAddr;
126        this.acceptAddr = acceptAddr;
127      }
128    
129      /**
130       * Creates a ChannelBinding object without any addressing information.
131       *
132       * @param appData Application supplied data to be used as part of the
133       *                channel bindings.
134       */
135      public ChannelBinding(byte[] appData)
136      {
137        this(null, null, appData);
138      }
139    
140      // Instance methods.
141      // -------------------------------------------------------------------------
142    
143      /**
144       * Returns the initiator's address for this channel binding.
145       * <code>null</code> is returned if the address has not been set.
146       *
147       * @return The initiator's address, or <code>null</code>.
148       */
149      public InetAddress getInitiatorAddress()
150      {
151        return initAddr;
152      }
153    
154      /**
155       * Returns the acceptor's address for this channel binding.
156       * <code>null</code> is returned if the address has not been set.
157       *
158       * @return The acceptor's address, or <code>null</code>.
159       */
160      public InetAddress getAcceptorAddress()
161      {
162        return acceptAddr;
163      }
164    
165      /**
166       * Returns application data being used as part of the ChannelBinding.
167       * <code>null</code> is returned if no application data has been
168       * specified for the channel binding.
169       *
170       * @return The application data, or <code>null</code>.
171       */
172      public byte[] getApplicationData()
173      {
174        if (appData != null)
175          return (byte[]) appData.clone();
176        return null;
177      }
178    
179      /**
180       * Returns <code>true</code> if two channel bindings match.
181       *
182       * @param obj Another channel binding to compare with.
183       * @return True if this channel binding equals the other.
184       */
185      public boolean equals(Object obj)
186      {
187        if (!(obj instanceof ChannelBinding))
188          return false;
189        ChannelBinding cb = (ChannelBinding) obj;
190        boolean b1 = Arrays.equals(appData, cb.appData);
191        boolean b2 = (initAddr == null && cb.initAddr == null)
192          || (cb.initAddr != null && initAddr.equals(cb.initAddr));
193        boolean b3 = (acceptAddr == null && cb.acceptAddr == null)
194          || (cb.acceptAddr != null && acceptAddr.equals(cb.acceptAddr));
195        return b1 && b2 && b3;
196      }
197    
198      /**
199       * Returns the hash code for this channel binding.
200       *
201       * @return The hash code.
202       */
203      public int hashCode()
204      {
205        int code = 0;
206        if (appData != null)
207          for (int i = 0; i < appData.length; i++)
208            code ^= appData[i] << ((8 * i) & 31);
209        if (initAddr != null)
210          code ^= initAddr.hashCode();
211        if (acceptAddr != null)
212          code ^= acceptAddr.hashCode();
213        return code;
214      }
215    }