com.ibm.security.jgss.spi
Interface MechanismFactory
- public interface MechanismFactory
e.g., If a provider master file contained the a mapping from the property "GssApiMechanism.1.2.840.113554.1.2.2" to the class name "com.foo.krb5.Krb5GssFactory", then the GSS-API framework would assume that com.foo.krb5.Krb5GssFactory implements the MechanismFactory interface and that it can be used to obtain elements required by for supporting this mechanism.
Method Summary
Modifier and Type | Method and Description |
---|---|
getCredentialElement(GSSNameSpi name,int initLifetime,int acceptLifetime,int usage)
Creates a credential element for this mechanism to be included as
part of a GSSCredential implementation.
|
|
getMechanismContext(byte[] exportedContext)
Creates a security context from a previously exported (serialized)
security context.
|
|
getMechanismContext(GSSCredentialSpi myAcceptorCred)
Creates a security context for this mechanism so that it can be used
on the context acceptor's side.
|
|
getMechanismContext(GSSCredentialSpi myAcceptorCred,org.ietf.jgss.GSSContext myContext)
Creates a security context for this mechanism so that it can be used
on the context acceptor's side.
|
|
getMechanismContext(GSSNameSpi peer,GSSCredentialSpi myInitiatorCred,int lifetime)
Creates a security context for this mechanism so that it can be used
on the context initiator's side.
|
|
|
getMechanismOid()
Returns the Oid of the mechanism that this factory supports.
|
getNameElement(byte[] name,org.ietf.jgss.Oid nameType)
This is a variation of the factory method that accepts a String for
the characters that make up the name.
|
|
getNameElement(java.lang.String nameStr,org.ietf.jgss.Oid nameType)
Creates a name element for this mechanism to be included as part of
a GSSName implementation.
|
|
|
getNameTypes()
Returns the GSS-API nametypes that this mechanism can
support.
|
|
getProvider()
Returns the provider that this factory came from.
|
Method Detail
getMechanismOid
- org.ietf.jgss.Oid getMechanismOid( )
getProvider
- java.security.Provider getProvider( )
getNameTypes
- org.ietf.jgss.Oid[] getNameTypes( )
GSSName
getCredentialElement
- GSSCredentialSpi getCredentialElement( GSSNameSpi name,
- int initLifetime,
- int acceptLifetime,
- int usage)
- throws org.ietf.jgss.GSSException
Not all mechanisms support the concept of one credential element that can be used for both initiating and accepting a context. In the event that an application requests usage INITIATE_AND_ACCEPT for a credential from such a mechanism, the GSS framework will need to obtain two different credential elements from the mechanism, one that will have usage INITIATE_ONLY and another that will have usage ACCEPT_ONLY. The mechanism will help the GSS-API realize this by returning a credential element with usage INITIATE_ONLY or ACCEPT_ONLY prompting it to make another call to getCredentialElement, this time with the other usage mode. The mechanism indicates the missing mode by returning a 0 lifetime for it.
name
- the mechanism level name element for the entity whose
credential is desired. A null value indicates that a mechanism
dependent default choice is to be made. initLifetime
- indicates the lifetime (in seconds) that is
requested for this credential to be used at the context initiator's
end. This value should be ignored if the usage is
ACCEPT_ONLY. Predefined contants are available in the
org.ietf.jgss.GSSCredential interface. acceptLifetime
- indicates the lifetime (in seconds) that is
requested for this credential to be used at the context acceptor's
end. This value should be ignored if the usage is
INITIATE_ONLY. Predefined contants are available in the
org.ietf.jgss.GSSCredential interface. usage
- One of the values GSSCredential.INIATE_ONLY,
GSSCredential.ACCEPT_ONLY, and GSSCredential.INITIATE_AND_ACCEPT. org.ietf.jgss.GSSException
- if one of the error situations described in RFC
2743 with the GSS_Acquire_Cred or GSS_Add_Cred calls occurs. GSSCredential
getNameElement
- GSSNameSpi getNameElement(java.lang.String nameStr,
- org.ietf.jgss.Oid nameType)
- throws org.ietf.jgss.GSSException
nameStr
- a string containing the characters describing this
entity to the mechanism nameType
- an Oid serving as a clue as to how the mechanism should
interpret the nameStr org.ietf.jgss.GSSException
- if any of the errors described in RFC 2743 for
the GSS_Import_Name or GSS_Canonicalize_Name calls occur. getNameElement
- GSSNameSpi getNameElement(byte[] name,
- org.ietf.jgss.Oid nameType)
- throws org.ietf.jgss.GSSException
An exported name will generally be passed in using this method.
nameType
- an Oid serving as a clue as to how the mechanism should
interpret the nameStr org.ietf.jgss.GSSException
- if any of the errors described in RFC 2743 for
the GSS_Import_Name or GSS_Canonicalize_Name calls occur. getMechanismContext
- GSSContextSpi getMechanismContext( GSSNameSpi peer,
- GSSCredentialSpi myInitiatorCred,
- int lifetime)
- throws org.ietf.jgss.GSSException
peer
- the name element from this mechanism that represents the
peer myInitiatorCred
- a credential element for the context
initiator obtained previously from this mechanism. The identity of
the context initiator can be obtained from this credential. Passing
a value of null here indicates that a default entity of the
mechanism's choice should be assumed to be the context initiator and
that default credentials should be applied. lifetime
- the requested lifetime (in seconds) for the security
context. Predefined contants are available in the
org.ietf.jgss.GSSContext interface. org.ietf.jgss.GSSException
- if any of the errors described in RFC 2743 in
the GSS_Init_Sec_Context call occur. getMechanismContext
- GSSContextSpi getMechanismContext( GSSCredentialSpi myAcceptorCred)
- throws org.ietf.jgss.GSSException
myAcceptorCred
- a credential element for the context acceptor
obtained previously from this mechanism. The identity of the context
acceptor cna be obtained from this credential. Passing a value of
null here indicates that tha default entity of the mechanism's
choice should be assumed to be the context acceptor and default
credentials should be applied. org.ietf.jgss.GSSException
- if any of the errors described in RFC 2743 in
the GSS_Accept_Sec_Context call occur. getMechanismContext
- GSSContextSpi getMechanismContext( GSSCredentialSpi myAcceptorCred,
- org.ietf.jgss.GSSContext myContext)
- throws org.ietf.jgss.GSSException
myAcceptorCred
- a credential element for the context acceptor
obtained previously from this mechanism. The identity of the context
acceptor cna be obtained from this credential. Passing a value of
null here indicates that tha default entity of the mechanism's
choice should be assumed to be the context acceptor and default
credentials should be applied. myContext
- the GSSContext object to relate to this provider-specific,
mechanism-specific context object org.ietf.jgss.GSSException
- if any of the errors described in RFC 2743 in
the GSS_Accept_Sec_Context call occur. getMechanismContext
- GSSContextSpi getMechanismContext( byte[] exportedContext)
- throws org.ietf.jgss.GSSException
exportedContext
- the bytes representing this security context org.ietf.jgss.GSSException
- is any of the errors described in RFC 2743 in
the GSS_Import_Sec_Context call occur.