📄 authentication.java
字号:
package com.ibm.atp.auth;/* * @(#)Authentication.java * * IBM Confidential-Restricted * * OCO Source Materials * * 03L7246 (c) Copyright IBM Corp. 1996, 1998 * * The source code for this program is not published or otherwise * divested of its trade secrets, irrespective of what has been * deposited with the U.S. Copyright Office. */import java.security.AccessController;// - import java.io.InputStream;import java.io.OutputStream;import java.io.DataInput;// - import java.io.FileInputStream;// - import java.io.FileOutputStream;// - import java.io.ObjectInputStream;// - import java.io.ObjectOutputStream;// - import java.io.FileNotFoundException;import java.io.IOException;import java.net.Socket;import java.net.InetAddress;// - import java.security.PrivateKey;// - import java.security.PublicKey;// - import java.security.KeyPairGenerator;// - import java.security.KeyPair;// - import java.security.KeyManagementException;// - import java.security.NoSuchAlgorithmException;import com.ibm.atp.AtpConstants;// - import com.ibm.aglets.security.Randoms;// - import com.ibm.awb.misc.Resource;// - import com.ibm.awb.misc.FileUtils;/** * The <tt>Authentication</tt> class is the authentication protocol class. * * @version 1.00 $Date: 2001/07/28 06:33:47 $ * @author ONO Kouichi */public class Authentication { /** * */ private boolean _authenticatedMyself = false; private boolean _authenticatedOpponent = false; /** * Turn of protocol */ private int _turn = Auth.NO_TURNS; /** * Socket to be connected/bound */ private Socket _socket = null; /** * Local/Remote IP address of socket */ private InetAddress _localAddr = null; private InetAddress _remoteAddr = null; /** * Server Identifier */ private ServerIdentifier _serverIdentifier = null; /** * Input/Output stream of socket */ // - private InputStream _inputStream = null; private DataInput _dataInput = null; private OutputStream _outputStream = null; /** * Shared Secret */ private static SharedSecrets _secrets = null; // - /** // - * The Key Pair Generator algorithm // - */ // - private final static String KEYPAIRGENERATORALGORITHM = "DSA"; // - // - /** // - * Strength of the key (modulus length) // - */ // - private final static int KEYSTRENGTH = 1024; // - // - /** // - * length of seed // - */ // - private final static int SEEDLENGTH = 32; // - // - /** // - * A public/private key pair generator // - */ // - private static KeyPairGenerator _keyPairGen = null; // - // - /** // - * Private/Public Key // - */ // - private static PrivateKey _privateKey = null; // - private static PublicKey _publicKey = null; // - private static PublicKey _publicKeyOpponent = null; /** * Authentication manner */ private final static int DEFAULT_AUTHENTICATION_MANNER = AtpConstants.AUTHENTICATION_MANNER_DIGEST; // - private static int defaultAuthManner = DEFAULT_AUTHENTICATION_MANNER; // - // - private static void setup() { // - Resource res = Resource.getResourceFor("atp"); // - final String manner = res.getString("atp.defaultAuthManner"); // - defaultAuthManner = AuthPacket.toAuthManner(manner, DEFAULT_AUTHENTICATION_MANNER); // - } // - // - private int _manner = defaultAuthManner; private int _manner = DEFAULT_AUTHENTICATION_MANNER; /** * Step of authentication protocol */ final static int STEP_NOT_AUTHENTICATED = 0; final static int STEP_START = 1; final static int STEP_FIRST_TURN = 2; final static int STEP_SECOND_TURN = 3; final static int STEP_END = 4; private int _step = STEP_NOT_AUTHENTICATED; /** * Status of authentication */ final static int STATUS_NORMAL = 0; final static int STATUS_AUTHENTICATION_FAILED = 1; final static int STATUS_ILLEGAL_STEP = 2; final static int STATUS_UNKNOWN_DOMAIN = 3; final static int STATUS_UNKNOWN_MANNER = 4; final static int STATUS_INCONSISTENT_MANNER = 5; final static int STATUS_ERROR = 9; private int _status = STATUS_NORMAL; /** * Security domains */ private SharedSecret _selectedSecret = null; private String _selectedDomainname = null; /** * Default constructor creates an challenge-response authentication protocol handler. * @param turn turn of protocol * @param di data input of packet * @param socket socket to be connected/bound */ public Authentication(int turn, DataInput di, Socket socket) { this(turn, di, socket, DEFAULT_AUTHENTICATION_MANNER); } /** * Constructor creates an challenge-response authentication protocol handler. * @param turn turn of protocol * @param di data input of packet * @param socket socket to be connected/bound * @param manner challenge-response authentication manner */ public Authentication(int turn, DataInput di, Socket socket, int manner) { setTurn(turn); setDataInput(di); setSocket(socket); setAuthManner(manner); } /** * Process authentication protocol. * @exception AuthenticationProtocolException incorrect protocol * @exception IOException */ public final synchronized boolean authenticate() throws AuthenticationProtocolException, IOException { if (_step != STEP_NOT_AUTHENTICATED) { _status = STATUS_ERROR; throw new AuthenticationProtocolException("Illegal initial step."); } verboseOut("Authentication start."); if (_turn == Auth.FIRST_TURN) { authenticateFirstTurn(); } else if (_turn == Auth.SECOND_TURN) { authenticateSecondTurn(); } else { _status = STATUS_ERROR; throw new AuthenticationProtocolException("Illegal turn : " + _turn); } verboseOut("Authentication end."); if (_status != STATUS_NORMAL) { return false; } return true; } /** * Process authentication protocol for first turn individual. * @exception IOException */ private final synchronized void authenticateFirstTurn() throws IOException { if (_turn != Auth.FIRST_TURN) { System.err.println("Not 1st turn."); _status = STATUS_ERROR; return; } verboseOut("Authentication : 1st turn."); int manner = AtpConstants.NO_AUTHENTICATION_MANNER; Auth auth = null; Challenge challenge = null; Response response = null; AuthPacket packet = null; // 1 : STEP_START // send packet verboseOut("Authentication : 1st turn : step=START"); _step = STEP_START; SharedSecrets secrets = SharedSecrets.getSharedSecrets(); packet = new AuthPacket(_step, _status, secrets.getDomainNames(), AtpConstants.NO_AUTHENTICATION_MANNER, null, null); verboseOut("Authentication : 1st turn : step=START : sending packet ... "); packet.writeTo(_outputStream); verboseOut("packet sent."); _status = STATUS_NORMAL; // 2 : STEP_FIRST_TURN // receive packet verboseOut("Authentication : 1st turn : step=FIRST_TURN"); verboseOut("Authentication : 1st turn : step=FIRST_TURN : receiving packet ... "); // packet = new AuthPacket(_inputStream); packet = new AuthPacket(_dataInput); verboseOut("packet received."); _status = packet.getStatus(); verboseOut("Authentication : status=" + _status); if (_status != STATUS_NORMAL) { // something wrong // do nothing ? return; // # } if (packet.getStep() != STEP_FIRST_TURN) { // something wrong verboseOut("Authentication : step=" + packet.getStep()); _status = STATUS_ILLEGAL_STEP; return; // # } _selectedSecret = secrets.getSharedSecret(packet.getSecurityDomain()); if (_selectedSecret == null) { // selected security domain is unknown verboseOut("Authentication : unknown domain=" + packet.getSecurityDomain()); _status = STATUS_UNKNOWN_DOMAIN; return; // # } else { // selected security domain _selectedDomainname = _selectedSecret.getDomainName(); verboseOut("Authentication : selected domain=" + _selectedDomainname); } // _status = STATUS_NORMAL; // 3 : STEP_SECOND_TURN // send packet verboseOut("Authentication : 1st turn : step=SECOND_TURN"); _step = STEP_SECOND_TURN; manner = packet.getAuthManner(); verboseOut("Authentication : 1st turn : step=SECOND_TURN : manner=" + manner); setAuthManner(manner); challenge = packet.getChallenge(); if (challenge != null) { // challenge is given; to be authenticated verboseOut("Authentication : 1st turn : step=SECOND_TURN : response of challenge is requested."); if (manner == AtpConstants.AUTHENTICATION_MANNER_DIGEST) { // authentication procedure with shared secret auth = new AuthByDigest(_selectedSecret); } else if (manner == AtpConstants.AUTHENTICATION_MANNER_SIGNATURE) { // authentication procedure with digital signature // ? auth = new AuthBySignature(_privateKey, _publicKeyOpponent); } else { // something wrong _status = STATUS_UNKNOWN_MANNER; return; // # } if (auth != null) { auth.setFirstTurnIdentifier(_localAddr.getHostAddress()); auth.setSecondTurnIdentifier(_remoteAddr.getHostAddress()); try { response = new Response(auth.calculateResponse(Auth.FIRST_TURN, challenge)); } catch (AuthenticationException excpt) { // authentication is failed System.err.println(excpt); response = null; _status = STATUS_ERROR; return; // # } } } else { // challenge is not given; not need to send response verboseOut("Authentication : 1st turn : step=SECOND_TURN : response of challenge is NOT requested."); response = null; } // ! if(AuthenticationManager.isAuthenticated(packet.getServerID())) { // ! // already authenticated; need no more authentication // ! verboseOut("Authentication : 1st turn : step=SECOND_TURN : already authenticated."); // ! _authenticatedOpponent = true; // ! challenge = null; // ! } else { // ! // not authenticated; need authentication // ! verboseOut("Authentication : 1st turn : step=SECOND_TURN : NOT authenticated."); _authenticatedOpponent = false; challenge = new Challenge(); // ! } packet = new AuthPacket(_step, _status, _selectedDomainname, manner, challenge, response); verboseOut("Authentication : 1st turn : step=SECOND_TURN : sending packet ... "); packet.writeTo(_outputStream); verboseOut("packet sent."); _status = STATUS_NORMAL; // 4 : STEP_END // receive packet verboseOut("Authentication : 1st turn : step=END"); verboseOut("Authentication : 1st turn : step=END : receiving packet ... "); // packet = new AuthPacket(_inputStream); packet = new AuthPacket(_dataInput);⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -