changeset 55599:e6c430d4d217

8226963: More clarification on possible sequencing error in GSSContext::unwrap Reviewed-by: mullan
author weijun
date Thu, 04 Jul 2019 07:25:47 +0800
parents 091ea1a285dc
children 3dcc40f328ea
files src/java.security.jgss/share/classes/org/ietf/jgss/GSSContext.java
diffstat 1 files changed, 34 insertions(+), 13 deletions(-) [+]
line wrap: on
line diff
--- a/src/java.security.jgss/share/classes/org/ietf/jgss/GSSContext.java	Thu Jul 04 07:25:11 2019 +0800
+++ b/src/java.security.jgss/share/classes/org/ietf/jgss/GSSContext.java	Thu Jul 04 07:25:47 2019 +0800
@@ -128,8 +128,8 @@
  * <pre>
  *    // Create a context using default credentials
  *    // and the implementation specific default mechanism
- *    GSSManager manager ...
- *    GSSName targetName ...
+ *    GSSManager manager = ...
+ *    GSSName targetName = ...
  *    GSSContext context = manager.createContext(targetName, null, null,
  *                                           GSSContext.INDEFINITE_LIFETIME);
  *
@@ -141,21 +141,23 @@
  *
  *    // establish a context between peers
  *
- *    byte []inToken = new byte[0];
+ *    byte[] inToken = new byte[0];
+ *    byte[] outToken;
  *
  *    // Loop while there still is a token to be processed
  *
  *    while (!context.isEstablished()) {
  *
- *        byte[] outToken
- *            = context.initSecContext(inToken, 0, inToken.length);
+ *        outToken = context.initSecContext(inToken, 0, inToken.length);
  *
  *        // send the output token if generated
- *        if (outToken != null)
+ *        if (outToken != null) {
  *            sendToken(outToken);
+ *        }
  *
  *        if (!context.isEstablished()) {
  *            inToken = readToken();
+ *        }
  *    }
  *
  *     // display context information
@@ -165,21 +167,40 @@
  *     System.out.println("Initiator = " + context.getSrcName());
  *     System.out.println("Acceptor = " + context.getTargName());
  *
- *     if (context.getConfState())
- *             System.out.println("Confidentiality (i.e., privacy) is available");
+ *     if (context.getConfState()) {
+ *         System.out.println("Confidentiality (i.e., privacy) is available");
+ *     }
  *
- *     if (context.getIntegState())
- *             System.out.println("Integrity is available");
+ *     if (context.getIntegState()) {
+ *         System.out.println("Integrity is available");
+ *     }
  *
  *     // perform wrap on an application supplied message, appMsg,
  *     // using QOP = 0, and requesting privacy service
- *     byte [] appMsg ...
+ *     byte[] appMsg = ...
  *
  *     MessageProp mProp = new MessageProp(0, true);
  *
- *     byte []tok = context.wrap(appMsg, 0, appMsg.length, mProp);
+ *     outToken = context.wrap(appMsg, 0, appMsg.length, mProp);
  *
- *     sendToken(tok);
+ *     sendToken(outToken);
+ *
+ *     // perform unwrap on an incoming application message, and check
+ *     // its privacy state and supplementary information
+ *     inToken = readToken();
+ *
+ *     mProp = new MessageProp(0, true);
+ *
+ *     appMsg = context.unwrap(inToken, 0, inToken.length, mProp);
+ *
+ *     System.out.println("Was it encrypted? " + mProp.getPrivacy());
+ *     System.out.println("Duplicate Token? " + mProp.isDuplicateToken());
+ *     System.out.println("Old Token? " + mProp.isOldToken());
+ *     System.out.println("Unsequenced Token? " + mProp.isUnseqToken());
+ *     System.out.println("Gap Token? " + mProp.isGapToken());
+ *
+ *     // the application determines if the privacy state and supplementary
+ *     // information are acceptable
  *
  *     // release the local-end of the context
  *     context.dispose();