com.ibm.security.jgss.mech.spnego
Class SPNEGOContext
- java.lang.Object
com.ibm.security.jgss.mech.spnego.SPNEGOContext
- public class SPNEGOContext
- extends java.lang.Object
- implements GSSContextSpi
A GSSContextSpi object can be thought of having 3 states: -before initialization -during initialization with its peer -after it is established
The context options can only be requested in state 1. In state 3, the per message operations are available to the callers. The get methods for the context options will return the requested options while in state 1 and 2, and the established values in state 3. Some mechanisms may allow the access to the per-message operations and the context flags before the context is fully established. The isProtReady method is used to indicate that these services are available.
Constructor Summary
Constructor and Description |
---|
SPNEGOContext(byte[] interProcessToken)
|
SPNEGOContext(GSSCredentialSpi acceptCred)
Constructs a security context to be used on context acceptor side
|
SPNEGOContext(GSSCredentialSpi acceptCred,GSSContext ctx)
|
SPNEGOContext(GSSNameSpi peer,GSSCredentialSpi initCred,int lifetime)
Constructor.
|
Method Summary
Modifier and Type | Method and Description |
---|---|
|
acceptSecContext(java.io.InputStream is,int mechTokenSize)
Acceptor's context establishment call.
|
|
dispose()
Releases context resources and terminates the
context between 2 peer.This will invalidate the context.
|
|
export()
Produces a token representing this context.
|
|
getAnonymityState()
|
|
getConfState()
|
|
getCredDelegState()
|
getDelegCred()
|
|
|
getIntegState()
|
|
getLifetime()
|
getMech()
|
|
|
getMIC(byte[] inMsg,int offset,int len,MessageProp msgProp)
|
|
getMIC(java.io.InputStream is,java.io.OutputStream os,MessageProp msgProp)
Applies per-message integrity services.
|
|
getMutualAuthState()
|
|
getProvider()
Returns the provider that facilitated the creation of this mechanism
context.
|
|
getReplayDetState()
|
|
getSequenceDetState()
|
getSrcName()
|
|
getTargName()
|
|
|
getWrapSizeLimit(int qop,boolean confReq,int maxTokSize)
Queries the context for largest data size to accomodate
the specified protection and for the token to remain less then
maxTokSize.
|
|
initSecContext(java.io.InputStream is,int mechTokenSize)
Initiator context establishment call.
|
|
isEstablished()
Used during context establishment to determine the state of the context.
|
|
isProtReady()
|
|
isTransferable()
|
|
requestAnonymity(boolean state)
|
|
requestConf(boolean state)
|
|
requestCredDeleg(boolean state)
|
|
requestInteg(boolean state)
|
|
requestLifetime(int lifetime)
|
|
requestMutualAuth(boolean state)
|
|
requestReplayDet(boolean state)
|
|
requestSequenceDet(boolean state)
|
|
setCaller(int caller)
|
|
setChannelBinding(ChannelBinding cb)
|
|
setNegMechs(Oid[] mechTypes,GSSCredential credential)
Sets the list of security mechanism
Oid s available for negotiation.
|
|
unwrap(byte[] inBuf,int inOffset,int len,byte[] outBuf,int outOffset,MessageProp msgProp)
For apps that care about buffer copies but either cannot use streams
or want to avoid them for whatever reason.
|
|
unwrap(byte[] inBuf,int offset,int len,MessageProp msgProp)
For apps that want simplicity and dont care about buffer copies.
|
|
unwrap(java.io.InputStream is,byte[] outBuf,int outOffset,MessageProp msgProp)
For apps that care about buffer copies and want to read
straight from the network, but also want the output in a specific
application provided buffer, say to reduce buffer allocation or
subsequent copy.
|
|
unwrap(java.io.InputStream is,java.io.OutputStream os,MessageProp msgProp)
Retrieves the message token previously encapsulated in the wrap
call.
|
|
verifyMIC(byte[] inTok,int tokOffset,int tokLen,byte[] inMsg,int msgOffset,int msgLen,MessageProp msgProp)
|
|
verifyMIC(java.io.InputStream is,java.io.InputStream msgStr,MessageProp mProp)
Checks the integrity of the supplied tokens.
|
|
wrap(byte[] inBuf,int inOffset,int len,byte[] outBuf,int outOffset,MessageProp msgProp)
For apps that care about buffer copies but either cannot use streams
or want to avoid them for whatever reason.
|
|
wrap(byte[] inBuf,int offset,int len,MessageProp msgProp)
For apps that want simplicity and don't care about buffer copies.
|
|
wrap(byte[] inBuf,int offset,int len,java.io.OutputStream os,MessageProp msgProp)
For apps that want to read from a specific application provided
buffer but want to write directly to the network stream.
|
|
wrap(java.io.InputStream is,java.io.OutputStream os,MessageProp msgProp)
Provides per-message token encapsulation.
|
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail
SPNEGOContext
- public SPNEGOContext(GSSCredentialSpi acceptCred)
- throws GSSException
SPNEGOContext
- public SPNEGOContext(GSSCredentialSpi acceptCred,
- GSSContext ctx)
- throws GSSException
SPNEGOContext
- public SPNEGOContext(GSSNameSpi peer,
- GSSCredentialSpi initCred,
- int lifetime)
- throws GSSException
peer
- Name of the target peer. initCred
- Credentials of the initiator. lifetime
- The request lifetime, in seconds, for the credential. SPNEGOContext
- public SPNEGOContext(byte[] interProcessToken)
- throws GSSException
Method Detail
setCaller
- public void setCaller(int caller)
getProvider
- public java.security.Provider getProvider( )
getProvider
in interface GSSContextSpi
requestMutualAuth
- public void requestMutualAuth(boolean state)
- throws GSSException
requestMutualAuth
in interface GSSContextSpi
requestReplayDet
- public void requestReplayDet(boolean state)
- throws GSSException
requestReplayDet
in interface GSSContextSpi
requestSequenceDet
- public void requestSequenceDet( boolean state)
- throws GSSException
requestSequenceDet
in interface GSSContextSpi
requestCredDeleg
- public void requestCredDeleg(boolean state)
- throws GSSException
requestCredDeleg
in interface GSSContextSpi
requestAnonymity
- public void requestAnonymity(boolean state)
- throws GSSException
requestAnonymity
in interface GSSContextSpi
requestConf
- public void requestConf(boolean state)
- throws GSSException
requestConf
in interface GSSContextSpi
requestInteg
- public void requestInteg(boolean state)
- throws GSSException
requestInteg
in interface GSSContextSpi
requestLifetime
- public void requestLifetime(int lifetime)
- throws GSSException
requestLifetime
in interface GSSContextSpi
setChannelBinding
- public void setChannelBinding(ChannelBinding cb)
- throws GSSException
setChannelBinding
in interface GSSContextSpi
setNegMechs
- public void setNegMechs(Oid[] mechTypes,
- GSSCredential credential)
- throws GSSException
Oid
s available for negotiation.
If more than one mechanism is specified in mechTypes
,
the order in which those mechanisms are specified implies a
relative mechanism preference for the target.
setNegMechs
in interface GSSContextSpi
mechTypes
- The array list of Oid
s representing
a set or subset of available security mechanisms
based on the credential.
Must contain at least one element. credential
- The GSSCredential
.
User null
to request the default
credential. GSSException
- containing the following major error codes:
GSSException.FAILURE
, GSSException.BAD_MECH
getCredDelegState
- public boolean getCredDelegState( )
getCredDelegState
in interface GSSContextSpi
getMutualAuthState
- public boolean getMutualAuthState( )
getMutualAuthState
in interface GSSContextSpi
getReplayDetState
- public boolean getReplayDetState( )
getReplayDetState
in interface GSSContextSpi
getSequenceDetState
- public boolean getSequenceDetState( )
getSequenceDetState
in interface GSSContextSpi
getAnonymityState
- public boolean getAnonymityState( )
getAnonymityState
in interface GSSContextSpi
isTransferable
- public boolean isTransferable()
- throws GSSException
isTransferable
in interface GSSContextSpi
isProtReady
- public boolean isProtReady()
isProtReady
in interface GSSContextSpi
getConfState
- public boolean getConfState()
getConfState
in interface GSSContextSpi
getIntegState
- public boolean getIntegState()
getIntegState
in interface GSSContextSpi
getLifetime
- public int getLifetime()
getLifetime
in interface GSSContextSpi
isEstablished
- public boolean isEstablished()
isEstablished
in interface GSSContextSpi
true
if this is a fully established context on the caller's side
and no more tokens are needed from the peer. getSrcName
- public GSSNameSpi getSrcName()
- throws GSSException
getSrcName
in interface GSSContextSpi
getTargName
- public GSSNameSpi getTargName()
- throws GSSException
getTargName
in interface GSSContextSpi
getMech
- public Oid getMech()
- throws GSSException
getMech
in interface GSSContextSpi
getDelegCred
- public GSSCredentialSpi getDelegCred( )
- throws GSSException
getDelegCred
in interface GSSContextSpi
initSecContext
- public byte[] initSecContext(java.io.InputStream is,
- int mechTokenSize)
- throws GSSException
This method is called by the GSS-Framework when the application calls the initSecContext method on the GSSContext implementation that it has a reference to.
All overloaded forms of GSSContext.initSecContext() can be handled with this mechanism level initSecContext. Since the output token from this method is a fixed size, not exeedingly large, and a one time deal, an overloaded form that takes an OutputStream has not been defined. The GSS-Framwork can write the returned byte[] to any application provided OutputStream. Similarly, any application input int he form of byte arrays will be wrapped in an input stream by the GSS-Framework and then passed here.
The GSS-Framework will strip off the leading mechanism independent GSS-API header. In other words, only the mechanism specific inner-context token of RFC 2743 section 3.1 will be available on the InputStream.
initSecContext
in interface GSSContextSpi
is
- contains the inner context token portion of the GSS token
received from the peer. On the first call to initSecContext, there
will be no token hence it will be ignored. mechTokenSize
- the size of the inner context token as read by
the GSS-Framework from the mechanism independent GSS-API level
header. GSSException
- may be thrown acceptSecContext
- public byte[] acceptSecContext( java.io.InputStream is,
- int mechTokenSize)
- throws GSSException
This method is called by the GSS-Framework when the application calls the acceptSecContext method on the GSSContext implementation that it has a reference to.
All overloaded forms of GSSContext.acceptSecContext() can be handled with this mechanism level acceptSecContext. Since the output token from this method is a fixed size, not exeedingly large, and a one time deal, an overloaded form that takes an OutputStream has not been defined. The GSS-Framwork can write the returned byte[] to any application provided OutputStream. Similarly, any application input int he form of byte arrays will be wrapped in an input stream by the GSS-Framework and then passed here.
The GSS-Framework will strip off the leading mechanism independent GSS-API header. In other words, only the mechanism specific inner-context token of RFC 2743 section 3.1 will be available on the InputStream.
acceptSecContext
in interface GSSContextSpi
is
- contains the inner context token portion of the GSS token
received from the peer. mechTokenSize
- the size of the inner context token as read by
the GSS-Framework from the mechanism independent GSS-API level
header. GSSException
- may be thrown getWrapSizeLimit
- public int getWrapSizeLimit(int qop,
- boolean confReq,
- int maxTokSize)
- throws GSSException
getWrapSizeLimit
in interface GSSContextSpi
qop
- the quality of protection that the context will be
asked to provide. confReq
- a flag indicating whether confidentiality will be
requested or not GSSException
- may be thrown wrap
- public void wrap(java.io.InputStream is,
- java.io.OutputStream os,
- MessageProp msgProp)
- throws GSSException
wrap
in interface GSSContextSpi
is
- the user-provided message to be protected os
- the token to be sent to the peer. It includes
the message from is with the requested protection. msgProp
- on input it contains the requested qop and
confidentiality state, on output, the applied values GSSException
- may be thrown wrap
- public byte[] wrap(byte[] inBuf,
- int offset,
- int len,
- MessageProp msgProp)
- throws GSSException
wrap
in interface GSSContextSpi
wrap
- public int wrap(byte[] inBuf,
- int inOffset,
- int len,
- byte[] outBuf,
- int outOffset,
- MessageProp msgProp)
- throws GSSException
wrap
in interface GSSContextSpi
wrap
- public void wrap(byte[] inBuf,
- int offset,
- int len,
- java.io.OutputStream os,
- MessageProp msgProp)
- throws GSSException
wrap
in interface GSSContextSpi
unwrap
- public void unwrap(java.io.InputStream is,
- java.io.OutputStream os,
- MessageProp msgProp)
- throws GSSException
unwrap
in interface GSSContextSpi
is
- the token from the peer os
- unprotected message data msgProp
- will contain the applied qop and confidentiality
of the input token and any informatory status values GSSException
- may be thrown unwrap
- public byte[] unwrap(byte[] inBuf,
- int offset,
- int len,
- MessageProp msgProp)
- throws GSSException
unwrap
in interface GSSContextSpi
unwrap
- public int unwrap(byte[] inBuf,
- int inOffset,
- int len,
- byte[] outBuf,
- int outOffset,
- MessageProp msgProp)
- throws GSSException
unwrap
in interface GSSContextSpi
unwrap
- public int unwrap(java.io.InputStream is,
- byte[] outBuf,
- int outOffset,
- MessageProp msgProp)
- throws GSSException
unwrap
in interface GSSContextSpi
getMIC
- public void getMIC(java.io.InputStream is,
- java.io.OutputStream os,
- MessageProp msgProp)
- throws GSSException
getMIC
in interface GSSContextSpi
is
- the user-provided message os
- the token to be sent to the peer along with the
message token. The message token is not encapsulated. msgProp
- on input the desired QOP and output the applied QOP getMIC
- public byte[] getMIC(byte[] inMsg,
- int offset,
- int len,
- MessageProp msgProp)
- throws GSSException
getMIC
in interface GSSContextSpi
verifyMIC
- public void verifyMIC(java.io.InputStream is,
- java.io.InputStream msgStr,
- MessageProp mProp)
- throws GSSException
verifyMIC
in interface GSSContextSpi
is
- token generated by getMIC msgStr
- the message to check integrity for GSSException
- may be thrown verifyMIC
- public void verifyMIC(byte[] inTok,
- int tokOffset,
- int tokLen,
- byte[] inMsg,
- int msgOffset,
- int msgLen,
- MessageProp msgProp)
- throws GSSException
verifyMIC
in interface GSSContextSpi
export
- public byte[] export()
- throws GSSException
export
in interface GSSContextSpi
dispose
- public void dispose()
- throws GSSException
dispose
in interface GSSContextSpi
GSSException
- may be thrown © Portions Copyright 2003, 2011, Oracle and/or its affiliates. All rights reserved.