com.ibm.security.jgss.mech.spnego
Class SPNEGOMechFactory
- java.lang.Object
com.ibm.security.jgss.mech.spnego.SPNEGOMechFactory
- public class SPNEGOMechFactory
- extends java.lang.Object
- implements MechanismFactory
Constructor Summary
Constructor and Description |
---|
SPNEGOMechFactory(int caller)
|
Method Summary
Modifier and Type | Method and Description |
---|---|
getCredentialElement(GSSNameSpi name,int initLifetime,int acceptLifetime,int usage)
Creates a credential element for this mechanism to be included as
part of a GSSCredential implementation.
|
|
getMechanismContext(byte[] exportedContext)
Creates a security context from a previously exported (serialized)
security context.
|
|
getMechanismContext(GSSCredentialSpi myAcceptorCred)
Creates a security context for this mechanism so that it can be used
on the context acceptor's side.
|
|
getMechanismContext(GSSCredentialSpi myAcceptorCred,GSSContext myContext)
|
|
getMechanismContext(GSSNameSpi peer,GSSCredentialSpi myInitiatorCred,int lifetime)
Creates a security context for this mechanism so that it can be used
on the context initiator's side.
|
|
getMechanismOid()
Returns the Oid of the mechanism that this factory supports.
|
|
getNameElement(byte[] name,Oid nameType)
This is a variation of the factory method that accepts a String for
the characters that make up the name.
|
|
getNameElement(java.lang.String nameStr,Oid nameType)
Creates a name element for this mechanism to be included as part of
a GSSName implementation.
|
|
|
getNameTypes()
Returns the GSS-API nametypes that this mechanism can
support.
|
|
getProvider()
Returns the provider that this factory came from.
|
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail
SPNEGOMechFactory
- public SPNEGOMechFactory(int caller)
Method Detail
getMechanismOid
- public Oid getMechanismOid()
getMechanismOid
in interface MechanismFactory
getProvider
- public java.security.Provider getProvider( )
getProvider
in interface MechanismFactory
getNameTypes
- public Oid[] getNameTypes()
getNameTypes
in interface MechanismFactory
getCredentialElement
- public GSSCredentialSpi getCredentialElement( GSSNameSpi name,
- int initLifetime,
- int acceptLifetime,
- int usage)
- throws GSSException
Not all mechanisms support the concept of one credential element that can be used for both initiating and accepting a context. In the event that an application requests usage INITIATE_AND_ACCEPT for a credential from such a mechanism, the GSS framework will need to obtain two different credential elements from the mechanism, one that will have usage INITIATE_ONLY and another that will have usage ACCEPT_ONLY. The mechanism will help the GSS-API realize this by returning a credential element with usage INITIATE_ONLY or ACCEPT_ONLY prompting it to make another call to getCredentialElement, this time with the other usage mode. The mechanism indicates the missing mode by returning a 0 lifetime for it.
getCredentialElement
in interface MechanismFactory
name
- the mechanism level name element for the entity whose
credential is desired. A null value indicates that a mechanism
dependent default choice is to be made. initLifetime
- indicates the lifetime (in seconds) that is
requested for this credential to be used at the context initiator's
end. This value should be ignored if the usage is
ACCEPT_ONLY. Predefined contants are available in the
org.ietf.jgss.GSSCredential interface. acceptLifetime
- indicates the lifetime (in seconds) that is
requested for this credential to be used at the context acceptor's
end. This value should be ignored if the usage is
INITIATE_ONLY. Predefined contants are available in the
org.ietf.jgss.GSSCredential interface. usage
- One of the values GSSCredential.INIATE_ONLY,
GSSCredential.ACCEPT_ONLY, and GSSCredential.INITIATE_AND_ACCEPT. GSSException
- if one of the error situations described in RFC
2743 with the GSS_Acquire_Cred or GSS_Add_Cred calls occurs. getNameElement
- public GSSNameSpi getNameElement( java.lang.String nameStr,
- Oid nameType)
- throws GSSException
getNameElement
in interface MechanismFactory
nameStr
- a string containing the characters describing this
entity to the mechanism nameType
- an Oid serving as a clue as to how the mechanism should
interpret the nameStr GSSException
- if any of the errors described in RFC 2743 for
the GSS_Import_Name or GSS_Canonicalize_Name calls occur. getNameElement
- public GSSNameSpi getNameElement( byte[] name,
- Oid nameType)
- throws GSSException
An exported name will generally be passed in using this method.
getNameElement
in interface MechanismFactory
nameType
- an Oid serving as a clue as to how the mechanism should
interpret the nameStr GSSException
- if any of the errors described in RFC 2743 for
the GSS_Import_Name or GSS_Canonicalize_Name calls occur. getMechanismContext
- public GSSContextSpi getMechanismContext( GSSNameSpi peer,
- GSSCredentialSpi myInitiatorCred,
- int lifetime)
- throws GSSException
getMechanismContext
in interface MechanismFactory
peer
- the name element from this mechanism that represents the
peer myInitiatorCred
- a credential element for the context
initiator obtained previously from this mechanism. The identity of
the context initiator can be obtained from this credential. Passing
a value of null here indicates that a default entity of the
mechanism's choice should be assumed to be the context initiator and
that default credentials should be applied. lifetime
- the requested lifetime (in seconds) for the security
context. Predefined contants are available in the
org.ietf.jgss.GSSContext interface. GSSException
- if any of the errors described in RFC 2743 in
the GSS_Init_Sec_Context call occur. getMechanismContext
- public GSSContextSpi getMechanismContext( GSSCredentialSpi myAcceptorCred)
- throws GSSException
getMechanismContext
in interface MechanismFactory
myAcceptorCred
- a credential element for the context acceptor
obtained previously from this mechanism. The identity of the context
acceptor cna be obtained from this credential. Passing a value of
null here indicates that tha default entity of the mechanism's
choice should be assumed to be the context acceptor and default
credentials should be applied. GSSException
- if any of the errors described in RFC 2743 in
the GSS_Accept_Sec_Context call occur. getMechanismContext
- public GSSContextSpi getMechanismContext( byte[] exportedContext)
- throws GSSException
getMechanismContext
in interface MechanismFactory
exportedContext
- the bytes representing this security context GSSException
- is any of the errors described in RFC 2743 in
the GSS_Import_Sec_Context call occur. getMechanismContext
- public GSSContextSpi getMechanismContext( GSSCredentialSpi myAcceptorCred,
- GSSContext myContext)
- throws GSSException
MechanismFactory
getMechanismContext
in interface MechanismFactory
myAcceptorCred
- a credential element for the context acceptor
obtained previously from this mechanism. The identity of the context
acceptor cna be obtained from this credential. Passing a value of
null here indicates that tha default entity of the mechanism's
choice should be assumed to be the context acceptor and default
credentials should be applied. myContext
- the GSSContext object to relate to this provider-specific,
mechanism-specific context object GSSException
- if any of the errors described in RFC 2743 in
the GSS_Accept_Sec_Context call occur.