com.ibm.security.jgss.mech.krb5
Class Krb5MechFactory
- java.lang.Object
com.ibm.security.jgss.mech.krb5.Krb5MechFactory
- public final class Krb5MechFactory
- extends java.lang.Object
- implements MechanismFactory
Constructor Summary
Constructor and Description |
---|
Krb5MechFactory(int caller)
|
Method Summary
Modifier and Type | Method and Description |
---|---|
getCredentialElement(GSSNameSpi name,int initLifeTime,int acceptLifeTime,int usage)
|
|
getMechanismContext(byte[] exportedContext)
|
|
getMechanismContext(GSSCredentialSpi myAcceptorCred)
|
|
getMechanismContext(GSSCredentialSpi myAcceptorCred,GSSContext myContext)
|
|
getMechanismContext(GSSNameSpi peer,GSSCredentialSpi myInitiatorCred,int lifetime)
|
|
getMechanismOid()
|
|
getNameElement(byte[] nameStr,Oid nameType)
|
|
getNameElement(java.lang.String nameStr,Oid nameType)
|
|
|
getNameTypes()
|
|
getProvider()
|
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail
Krb5MechFactory
- public Krb5MechFactory(int caller)
Method Detail
getMechanismOid
- public Oid getMechanismOid()
getMechanismOid
in interface MechanismFactory
getProvider
- public java.security.Provider getProvider( )
MechanismFactory
getProvider
in interface MechanismFactory
getNameTypes
- public Oid[] getNameTypes()
MechanismFactory
getNameTypes
in interface MechanismFactory
getCredentialElement
- public GSSCredentialSpi getCredentialElement( GSSNameSpi name,
- int initLifeTime,
- int acceptLifeTime,
- int usage)
- throws GSSException
MechanismFactory
Not all mechanisms support the concept of one credential element that can be used for both initiating and accepting a context. In the event that an application requests usage INITIATE_AND_ACCEPT for a credential from such a mechanism, the GSS framework will need to obtain two different credential elements from the mechanism, one that will have usage INITIATE_ONLY and another that will have usage ACCEPT_ONLY. The mechanism will help the GSS-API realize this by returning a credential element with usage INITIATE_ONLY or ACCEPT_ONLY prompting it to make another call to getCredentialElement, this time with the other usage mode. The mechanism indicates the missing mode by returning a 0 lifetime for it.
getCredentialElement
in interface MechanismFactory
name
- the mechanism level name element for the entity whose
credential is desired. A null value indicates that a mechanism
dependent default choice is to be made. initLifeTime
- indicates the lifetime (in seconds) that is
requested for this credential to be used at the context initiator's
end. This value should be ignored if the usage is
ACCEPT_ONLY. Predefined contants are available in the
org.ietf.jgss.GSSCredential interface. acceptLifeTime
- indicates the lifetime (in seconds) that is
requested for this credential to be used at the context acceptor's
end. This value should be ignored if the usage is
INITIATE_ONLY. Predefined contants are available in the
org.ietf.jgss.GSSCredential interface. usage
- One of the values GSSCredential.INIATE_ONLY,
GSSCredential.ACCEPT_ONLY, and GSSCredential.INITIATE_AND_ACCEPT. GSSException
- if one of the error situations described in RFC
2743 with the GSS_Acquire_Cred or GSS_Add_Cred calls occurs. getNameElement
- public GSSNameSpi getNameElement( java.lang.String nameStr,
- Oid nameType)
- throws GSSException
MechanismFactory
getNameElement
in interface MechanismFactory
nameStr
- a string containing the characters describing this
entity to the mechanism nameType
- an Oid serving as a clue as to how the mechanism should
interpret the nameStr GSSException
- if any of the errors described in RFC 2743 for
the GSS_Import_Name or GSS_Canonicalize_Name calls occur. getNameElement
- public GSSNameSpi getNameElement( byte[] nameStr,
- Oid nameType)
- throws GSSException
MechanismFactory
An exported name will generally be passed in using this method.
getNameElement
in interface MechanismFactory
nameType
- an Oid serving as a clue as to how the mechanism should
interpret the nameStr GSSException
- if any of the errors described in RFC 2743 for
the GSS_Import_Name or GSS_Canonicalize_Name calls occur. getMechanismContext
- public GSSContextSpi getMechanismContext( GSSNameSpi peer,
- GSSCredentialSpi myInitiatorCred,
- int lifetime)
- throws GSSException
MechanismFactory
getMechanismContext
in interface MechanismFactory
peer
- the name element from this mechanism that represents the
peer myInitiatorCred
- a credential element for the context
initiator obtained previously from this mechanism. The identity of
the context initiator can be obtained from this credential. Passing
a value of null here indicates that a default entity of the
mechanism's choice should be assumed to be the context initiator and
that default credentials should be applied. lifetime
- the requested lifetime (in seconds) for the security
context. Predefined contants are available in the
org.ietf.jgss.GSSContext interface. GSSException
- if any of the errors described in RFC 2743 in
the GSS_Init_Sec_Context call occur. getMechanismContext
- public GSSContextSpi getMechanismContext( GSSCredentialSpi myAcceptorCred)
- throws GSSException
MechanismFactory
getMechanismContext
in interface MechanismFactory
myAcceptorCred
- a credential element for the context acceptor
obtained previously from this mechanism. The identity of the context
acceptor cna be obtained from this credential. Passing a value of
null here indicates that tha default entity of the mechanism's
choice should be assumed to be the context acceptor and default
credentials should be applied. GSSException
- if any of the errors described in RFC 2743 in
the GSS_Accept_Sec_Context call occur. getMechanismContext
- public GSSContextSpi getMechanismContext( GSSCredentialSpi myAcceptorCred,
- GSSContext myContext)
- throws GSSException
MechanismFactory
getMechanismContext
in interface MechanismFactory
myAcceptorCred
- a credential element for the context acceptor
obtained previously from this mechanism. The identity of the context
acceptor cna be obtained from this credential. Passing a value of
null here indicates that tha default entity of the mechanism's
choice should be assumed to be the context acceptor and default
credentials should be applied. myContext
- the GSSContext object to relate to this provider-specific,
mechanism-specific context object GSSException
- if any of the errors described in RFC 2743 in
the GSS_Accept_Sec_Context call occur. getMechanismContext
- public GSSContextSpi getMechanismContext( byte[] exportedContext)
- throws GSSException
MechanismFactory
getMechanismContext
in interface MechanismFactory
exportedContext
- the bytes representing this security context GSSException
- is any of the errors described in RFC 2743 in
the GSS_Import_Sec_Context call occur.
MechanismFactory