Class ChannelBinding
public class ChannelBinding extends Object
The caller initiating the security context must determine the appropriate channel binding values to set in the GSSContext object. The acceptor must provide an identical binding in order to validate that received tokens possess correct channel-related characteristics.
Use of channel bindings is optional in GSS-API. ChannelBinding can be set for the GSSContext
using the setChannelBinding
method before the first call to initSecContext
or acceptSecContext
has been performed. Unless the setChannelBinding
method has been used to set the ChannelBinding for a GSSContext object, null
ChannelBinding will be assumed.
Conceptually, the GSS-API concatenates the initiator and acceptor address information, and the application supplied byte array to form an octet string. The mechanism calculates a MIC over this octet string and binds the MIC to the context establishment token emitted by initSecContext
method of the GSSContext
interface. The same bindings are set by the context acceptor for its GSSContext
object and during processing of the acceptSecContext
method a MIC is calculated in the same way. The calculated MIC is compared with that found in the token, and if the MICs differ, accept will throw a GSSException
with the major code set to BAD_BINDINGS
, and the context will not be established. Some mechanisms may include the actual channel binding data in the token (rather than just a MIC); applications should therefore not use confidential data as channel-binding components.
Individual mechanisms may impose additional constraints on addresses that may appear in channel bindings. For example, a mechanism may verify that the initiator address field of the channel binding contains the correct network address of the host system. Portable applications should therefore ensure that they either provide correct information for the address fields, or omit setting of the addressing information.
- Since:
- 1.4
Constructor Summary
Constructor | Description |
---|---|
ChannelBinding |
Creates a ChannelBinding object without any addressing information. |
ChannelBinding |
Create a ChannelBinding object with user supplied address information and data. |
Method Summary
Modifier and Type | Method | Description |
---|---|---|
boolean |
equals |
Compares two instances of ChannelBinding. |
InetAddress |
getAcceptorAddress() |
Get the acceptor's address for this channel binding. |
byte[] |
getApplicationData() |
Get the application specified data for this channel binding. |
InetAddress |
getInitiatorAddress() |
Get the initiator's address for this channel binding. |
int |
hashCode() |
Returns a hashcode value for this ChannelBinding object. |
Constructor Details
ChannelBinding
public ChannelBinding(InetAddress initAddr, InetAddress acceptAddr, byte[] appData)
null
values can be used for any fields which the application does not want to specify.- Parameters:
-
initAddr
- the address of the context initiator.null
value can be supplied to indicate that the application does not want to set this value. -
acceptAddr
- the address of the context acceptor.null
value can be supplied to indicate that the application does not want to set this value. -
appData
- application supplied data to be used as part of the channel bindings.null
value can be supplied to indicate that the application does not want to set this value.
ChannelBinding
public ChannelBinding(byte[] appData)
- Parameters:
-
appData
- application supplied data to be used as part of the channel bindings.
Method Details
getInitiatorAddress
public InetAddress getInitiatorAddress()
- Returns:
- the initiator's address.
null
is returned if the address has not been set.
getAcceptorAddress
public InetAddress getAcceptorAddress()
- Returns:
- the acceptor's address. null is returned if the address has not been set.
getApplicationData
public byte[] getApplicationData()
- Returns:
- the application data being used as part of the ChannelBinding.
null
is returned if no application data has been specified for the channel binding.
equals
public boolean equals(Object obj)
hashCode
public int hashCode()
© 1993, 2021, Oracle and/or its affiliates. All rights reserved.
Documentation extracted from Debian's OpenJDK Development Kit package.
Licensed under the GNU General Public License, version 2, with the Classpath Exception.
Various third party code in OpenJDK is licensed under different licenses (see Debian package).
Java and OpenJDK are trademarks or registered trademarks of Oracle and/or its affiliates.
https://docs.oracle.com/en/java/javase/17/docs/api/java.security.jgss/org/ietf/jgss/ChannelBinding.html