Package org.globus.gsi.gssapi
Class GlobusGSSContextImpl
- java.lang.Object
-
- org.globus.gsi.gssapi.GlobusGSSContextImpl
-
- All Implemented Interfaces:
ExtendedGSSContext
,org.ietf.jgss.GSSContext
public class GlobusGSSContextImpl extends java.lang.Object implements ExtendedGSSContext
Implementation of SSL/GSI mechanism for Java GSS-API. The implementation is based on JSSE (for SSL API) and the BouncyCastle library (for certificate processing API).
The implementation is not designed to be thread-safe.
-
-
Field Summary
Fields Modifier and Type Field Description private static int
ACCEPT
protected java.lang.Boolean
acceptNoClientCerts
protected boolean
anonymity
private java.lang.String[]
bannedCiphers
protected BouncyCastleCertProcessingFactory
certFactory
protected java.lang.Boolean
checkContextExpiration
private static int
CLIENT_END_DEL
private static int
CLIENT_START_DEL
protected boolean
conn
protected boolean
credentialDelegation
protected GlobusGSSCredentialImpl
ctxCred
Credential of this context.protected ExtendedGSSCredential
delegatedCred
Credential delegated using delegation APIprivate static int
DELEGATION_COMPLETE_CRED
private static int
DELEGATION_SIGN_CERT
private static int
DELEGATION_START
private static byte[]
DELEGATION_TOKEN
protected boolean
delegationFinished
Delegation finished indicatorprotected int
delegationState
Delegation stateprotected GSIConstants.DelegationType
delegationType
protected ExtendedGSSCredential
delegCred
Credential delegated during context establishmentprotected boolean
encryption
protected boolean
established
protected org.ietf.jgss.GSSName
expectedTargetName
Expected target name.protected java.util.Date
goodUntil
Context expiration date.private static int
GSI_MESSAGE_DIGEST_PADDING
private static int
GSI_SEQUENCE_SIZE
SSL3_RT_GSSAPI_OPENSSLstatic int
GSI_WRAP
Used to distinguish between a token created bywrap
withGSSConstants.GSI_BIG
QoP and a regular token created bywrap
.protected java.lang.Integer
gssMode
private static int
HANDSHAKE
private static I18n
i18n
private static int
INITIATE
protected java.security.KeyPair
keyPair
Used during delegationprivate KeyPairCache
keyPairCache
KeyPair generation with cache of keypairs if configuredprivate static org.apache.commons.logging.Log
logger
private static java.lang.String[]
NO_ENCRYPTION
private java.nio.ByteBuffer
outByteBuff
protected java.lang.Boolean
peerLimited
Limited peer credentialsprotected java.util.Map
proxyPolicyHandlers
protected java.lang.Boolean
rejectLimitedProxy
protected java.lang.Boolean
requireAuthzWithDelegation
protected java.lang.Boolean
requireClientAuth
protected int
role
Context roleprivate byte[]
savedInBytes
private static int
SERVER_END_DEL
private static int
SERVER_START_DEL
protected org.ietf.jgss.GSSName
sourceName
The name of the context initiatorprotected SSLConfigurator
sslConfigurator
protected javax.net.ssl.SSLContext
sslContext
protected javax.net.ssl.SSLEngine
sslEngine
protected int
state
Handshake stateprotected org.ietf.jgss.GSSName
targetName
The name of the context acceptorprotected TrustedCertificates
tc
private static int
UNDEFINED
-
Constructor Summary
Constructors Constructor Description GlobusGSSContextImpl(org.ietf.jgss.GSSName target, GlobusGSSCredentialImpl cred)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description byte[]
acceptDelegation(int lifetime, byte[] buf, int off, int len)
Accept a delegated credential.byte[]
acceptSecContext(byte[] inBuff, int off, int len)
This function drives the accepting side of the context establishment process.void
acceptSecContext(java.io.InputStream in, java.io.OutputStream out)
It works just likeacceptSecContext
method.private java.security.cert.X509Certificate
bcConvert(java.security.cert.X509Certificate cert)
protected void
checkContext()
void
dispose()
byte[]
export()
Currently not implemented.protected byte[]
generateCertRequest(java.security.cert.X509Certificate cert)
boolean
getAnonymityState()
boolean
getConfState()
boolean
getCredDelegState()
org.ietf.jgss.GSSCredential
getDelegatedCredential()
Returns the delegated credential that was delegated using theinitDelegation
andacceptDelegation
functions.org.ietf.jgss.GSSCredential
getDelegCred()
boolean
getIntegState()
int
getLifetime()
org.ietf.jgss.Oid
getMech()
byte[]
getMIC(byte[] inBuf, int off, int len, org.ietf.jgss.MessageProp prop)
Returns a cryptographic MIC (message integrity check) of a specified message.void
getMIC(java.io.InputStream inStream, java.io.OutputStream outStream, org.ietf.jgss.MessageProp msgProp)
Currently not implemented.boolean
getMutualAuthState()
java.lang.Object
getOption(org.ietf.jgss.Oid option)
Gets a context option.boolean
getReplayDetState()
boolean
getSequenceDetState()
org.ietf.jgss.GSSName
getSrcName()
org.ietf.jgss.GSSName
getTargName()
int
getWrapSizeLimit(int qop, boolean confReq, int maxTokenSize)
Currently not implemented.private void
handshakeFinished()
private void
init(int how)
byte[]
initDelegation(org.ietf.jgss.GSSCredential credential, org.ietf.jgss.Oid mechanism, int lifetime, byte[] buf, int off, int len)
Initiate the delegation of a credential.byte[]
initSecContext(byte[] inBuff, int off, int len)
This function drives the initiating side of the context establishment process.int
initSecContext(java.io.InputStream in, java.io.OutputStream out)
It works just likeinitSecContext
method.java.lang.Object
inquireByOid(org.ietf.jgss.Oid oid)
Retrieves arbitrary data about this context.boolean
isDelegationFinished()
Used during delegation to determine the state of the delegation.boolean
isEstablished()
boolean
isInitiator()
boolean
isProtReady()
boolean
isTransferable()
Currently not implemented.void
requestAnonymity(boolean state)
void
requestConf(boolean state)
void
requestCredDeleg(boolean state)
void
requestInteg(boolean state)
void
requestLifetime(int lifetime)
void
requestMutualAuth(boolean state)
void
requestReplayDet(boolean state)
void
requestSequenceDet(boolean state)
private void
runDelegatedTasks(javax.net.ssl.SSLEngine engine)
protected void
setAcceptNoClientCerts(java.lang.Object value)
void
setBannedCiphers(java.lang.String[] ciphers)
Specifies a list of ciphers that will not be used.void
setChannelBinding(org.ietf.jgss.ChannelBinding cb)
Currently not implemented.protected void
setCheckContextExpired(java.lang.Object value)
private void
setCredential()
protected void
setDelegationType(java.lang.Object value)
private void
setDone()
private void
setGoodUntil(java.util.Date date)
protected void
setGssMode(java.lang.Object value)
void
setOption(org.ietf.jgss.Oid option, java.lang.Object value)
Sets a context option.protected void
setProxyPolicyHandlers(java.lang.Object value)
protected void
setRejectLimitedProxy(java.lang.Object value)
protected void
setRequireAuthzWithDelegation(java.lang.Object value)
protected void
setRequireClientAuth(java.lang.Object value)
protected void
setTrustedCertificates(java.lang.Object value)
private java.nio.ByteBuffer
sslDataUnwrap(java.nio.ByteBuffer inBBuff, java.nio.ByteBuffer outBBuff)
private java.nio.ByteBuffer
sslDataWrap(java.nio.ByteBuffer inBBuff, java.nio.ByteBuffer outBBuff)
private java.nio.ByteBuffer
sslProcessHandshake(java.nio.ByteBuffer inBBuff, java.nio.ByteBuffer outBBuff)
private byte[]
unwrap(byte[] inBuf, int off, int len)
byte[]
unwrap(byte[] inBuf, int off, int len, org.ietf.jgss.MessageProp prop)
Unwraps a token generated bywrap
method on the other side of the context.void
unwrap(java.io.InputStream inStream, java.io.OutputStream outStream, org.ietf.jgss.MessageProp msgProp)
Currently not implemented.protected void
verifyDelegatedCert(java.security.cert.X509Certificate certificate)
void
verifyMIC(byte[] inTok, int tokOff, int tokLen, byte[] inMsg, int msgOff, int msgLen, org.ietf.jgss.MessageProp prop)
Verifies a cryptographic MIC (message integrity check) of a specified message.void
verifyMIC(java.io.InputStream tokStream, java.io.InputStream msgStream, org.ietf.jgss.MessageProp msgProp)
Currently not implemented.private byte[]
wrap(byte[] inBuf, int off, int len)
byte[]
wrap(byte[] inBuf, int off, int len, org.ietf.jgss.MessageProp prop)
Wraps a message for integrity and protection.void
wrap(java.io.InputStream inStream, java.io.OutputStream outStream, org.ietf.jgss.MessageProp msgProp)
Currently not implemented.
-
-
-
Field Detail
-
logger
private static org.apache.commons.logging.Log logger
-
i18n
private static I18n i18n
-
keyPairCache
private KeyPairCache keyPairCache
KeyPair generation with cache of keypairs if configured
-
GSI_WRAP
public static final int GSI_WRAP
Used to distinguish between a token created bywrap
withGSSConstants.GSI_BIG
QoP and a regular token created bywrap
.- See Also:
- Constant Field Values
-
GSI_SEQUENCE_SIZE
private static final int GSI_SEQUENCE_SIZE
SSL3_RT_GSSAPI_OPENSSL- See Also:
- Constant Field Values
-
GSI_MESSAGE_DIGEST_PADDING
private static final int GSI_MESSAGE_DIGEST_PADDING
- See Also:
- Constant Field Values
-
NO_ENCRYPTION
private static final java.lang.String[] NO_ENCRYPTION
-
DELEGATION_TOKEN
private static final byte[] DELEGATION_TOKEN
-
UNDEFINED
private static final int UNDEFINED
- See Also:
- Constant Field Values
-
INITIATE
private static final int INITIATE
- See Also:
- Constant Field Values
-
ACCEPT
private static final int ACCEPT
- See Also:
- Constant Field Values
-
state
protected int state
Handshake state
-
HANDSHAKE
private static final int HANDSHAKE
- See Also:
- Constant Field Values
-
CLIENT_START_DEL
private static final int CLIENT_START_DEL
- See Also:
- Constant Field Values
-
CLIENT_END_DEL
private static final int CLIENT_END_DEL
- See Also:
- Constant Field Values
-
SERVER_START_DEL
private static final int SERVER_START_DEL
- See Also:
- Constant Field Values
-
SERVER_END_DEL
private static final int SERVER_END_DEL
- See Also:
- Constant Field Values
-
delegationState
protected int delegationState
Delegation state
-
DELEGATION_START
private static final int DELEGATION_START
- See Also:
- Constant Field Values
-
DELEGATION_SIGN_CERT
private static final int DELEGATION_SIGN_CERT
- See Also:
- Constant Field Values
-
DELEGATION_COMPLETE_CRED
private static final int DELEGATION_COMPLETE_CRED
- See Also:
- Constant Field Values
-
delegatedCred
protected ExtendedGSSCredential delegatedCred
Credential delegated using delegation API
-
delegationFinished
protected boolean delegationFinished
Delegation finished indicator
-
credentialDelegation
protected boolean credentialDelegation
-
anonymity
protected boolean anonymity
-
encryption
protected boolean encryption
-
established
protected boolean established
-
sourceName
protected org.ietf.jgss.GSSName sourceName
The name of the context initiator
-
targetName
protected org.ietf.jgss.GSSName targetName
The name of the context acceptor
-
role
protected int role
Context role
-
delegCred
protected ExtendedGSSCredential delegCred
Credential delegated during context establishment
-
delegationType
protected GSIConstants.DelegationType delegationType
-
gssMode
protected java.lang.Integer gssMode
-
checkContextExpiration
protected java.lang.Boolean checkContextExpiration
-
rejectLimitedProxy
protected java.lang.Boolean rejectLimitedProxy
-
requireClientAuth
protected java.lang.Boolean requireClientAuth
-
acceptNoClientCerts
protected java.lang.Boolean acceptNoClientCerts
-
requireAuthzWithDelegation
protected java.lang.Boolean requireAuthzWithDelegation
-
ctxCred
protected GlobusGSSCredentialImpl ctxCred
Credential of this context. Might be anonymous
-
expectedTargetName
protected org.ietf.jgss.GSSName expectedTargetName
Expected target name. Used for authorization in initiator
-
goodUntil
protected java.util.Date goodUntil
Context expiration date.
-
sslConfigurator
protected SSLConfigurator sslConfigurator
-
sslContext
protected javax.net.ssl.SSLContext sslContext
-
sslEngine
protected javax.net.ssl.SSLEngine sslEngine
-
conn
protected boolean conn
-
savedInBytes
private byte[] savedInBytes
-
outByteBuff
private java.nio.ByteBuffer outByteBuff
-
certFactory
protected BouncyCastleCertProcessingFactory certFactory
-
keyPair
protected java.security.KeyPair keyPair
Used during delegation
-
tc
protected TrustedCertificates tc
-
proxyPolicyHandlers
protected java.util.Map proxyPolicyHandlers
-
peerLimited
protected java.lang.Boolean peerLimited
Limited peer credentials
-
bannedCiphers
private java.lang.String[] bannedCiphers
-
-
Constructor Detail
-
GlobusGSSContextImpl
public GlobusGSSContextImpl(org.ietf.jgss.GSSName target, GlobusGSSCredentialImpl cred) throws org.ietf.jgss.GSSException
- Parameters:
target
- expected target name. Can be null.cred
- credential. Cannot be null. Might be anonymous.- Throws:
org.ietf.jgss.GSSException
-
-
Method Detail
-
runDelegatedTasks
private void runDelegatedTasks(javax.net.ssl.SSLEngine engine) throws java.lang.Exception
- Throws:
java.lang.Exception
-
bcConvert
private java.security.cert.X509Certificate bcConvert(java.security.cert.X509Certificate cert) throws org.ietf.jgss.GSSException
- Throws:
org.ietf.jgss.GSSException
-
acceptSecContext
public byte[] acceptSecContext(byte[] inBuff, int off, int len) throws org.ietf.jgss.GSSException
This function drives the accepting side of the context establishment process. It is expected to be called in tandem with theinitSecContext
function.
The behavior of context establishment process can be modified byGSSConstants.GSS_MODE
andGSSConstants.REJECT_LIMITED_PROXY
context options. If theGSSConstants.GSS_MODE
option is set toGSIConstants.MODE_SSL
the context establishment process will be compatible with regular SSL (no credential delegation support). If the option is set toGSIConstants.MODE_GSI
credential delegation during context establishment process will be accepted. If theGSSConstants.REJECT_LIMITED_PROXY
option is enabled, a peer presenting limited proxy credential will be automatically rejected and the context establishment process will be aborted.- Specified by:
acceptSecContext
in interfaceorg.ietf.jgss.GSSContext
- Returns:
- a byte[] containing the token to be sent to the peer. null indicates that no token is generated (needs more data)
- Throws:
org.ietf.jgss.GSSException
-
sslDataWrap
private java.nio.ByteBuffer sslDataWrap(java.nio.ByteBuffer inBBuff, java.nio.ByteBuffer outBBuff) throws org.ietf.jgss.GSSException
- Throws:
org.ietf.jgss.GSSException
-
sslDataUnwrap
private java.nio.ByteBuffer sslDataUnwrap(java.nio.ByteBuffer inBBuff, java.nio.ByteBuffer outBBuff) throws org.ietf.jgss.GSSException
- Throws:
org.ietf.jgss.GSSException
-
sslProcessHandshake
private java.nio.ByteBuffer sslProcessHandshake(java.nio.ByteBuffer inBBuff, java.nio.ByteBuffer outBBuff) throws org.ietf.jgss.GSSException
- Throws:
org.ietf.jgss.GSSException
-
initSecContext
public byte[] initSecContext(byte[] inBuff, int off, int len) throws org.ietf.jgss.GSSException
This function drives the initiating side of the context establishment process. It is expected to be called in tandem with theacceptSecContext
function.
The behavior of context establishment process can be modified byGSSConstants.GSS_MODE
,GSSConstants.DELEGATION_TYPE
, andGSSConstants.REJECT_LIMITED_PROXY
context options. If theGSSConstants.GSS_MODE
option is set toGSIConstants.MODE_SSL
the context establishment process will be compatible with regular SSL (no credential delegation support). If the option is set toGSIConstants.GSS_MODE_GSI
credential delegation during context establishment process will performed. The delegation type to be performed can be set using theGSSConstants.DELEGATION_TYPE
context option. If theGSSConstants.REJECT_LIMITED_PROXY
option is enabled, a peer presenting limited proxy credential will be automatically rejected and the context establishment process will be aborted.- Specified by:
initSecContext
in interfaceorg.ietf.jgss.GSSContext
- Returns:
- a byte[] containing the token to be sent to the peer. null indicates that no token is generated (needs more data).
- Throws:
org.ietf.jgss.GSSException
-
setDone
private void setDone()
-
setGoodUntil
private void setGoodUntil(java.util.Date date)
-
init
private void init(int how) throws org.ietf.jgss.GSSException, javax.net.ssl.SSLException
- Throws:
org.ietf.jgss.GSSException
javax.net.ssl.SSLException
-
handshakeFinished
private void handshakeFinished() throws java.io.IOException
- Throws:
java.io.IOException
-
setCredential
private void setCredential() throws org.ietf.jgss.GSSException
- Throws:
org.ietf.jgss.GSSException
-
wrap
public byte[] wrap(byte[] inBuf, int off, int len, org.ietf.jgss.MessageProp prop) throws org.ietf.jgss.GSSException
Wraps a message for integrity and protection. A regular SSL-wrapped token is returned.- Specified by:
wrap
in interfaceorg.ietf.jgss.GSSContext
- Throws:
org.ietf.jgss.GSSException
-
wrap
private byte[] wrap(byte[] inBuf, int off, int len) throws org.ietf.jgss.GSSException
- Throws:
org.ietf.jgss.GSSException
-
unwrap
public byte[] unwrap(byte[] inBuf, int off, int len, org.ietf.jgss.MessageProp prop) throws org.ietf.jgss.GSSException
Unwraps a token generated bywrap
method on the other side of the context.- Specified by:
unwrap
in interfaceorg.ietf.jgss.GSSContext
- Throws:
org.ietf.jgss.GSSException
-
unwrap
private byte[] unwrap(byte[] inBuf, int off, int len) throws org.ietf.jgss.GSSException
- Throws:
org.ietf.jgss.GSSException
-
dispose
public void dispose() throws org.ietf.jgss.GSSException
- Specified by:
dispose
in interfaceorg.ietf.jgss.GSSContext
- Throws:
org.ietf.jgss.GSSException
-
isEstablished
public boolean isEstablished()
- Specified by:
isEstablished
in interfaceorg.ietf.jgss.GSSContext
-
requestCredDeleg
public void requestCredDeleg(boolean state) throws org.ietf.jgss.GSSException
- Specified by:
requestCredDeleg
in interfaceorg.ietf.jgss.GSSContext
- Throws:
org.ietf.jgss.GSSException
-
getCredDelegState
public boolean getCredDelegState()
- Specified by:
getCredDelegState
in interfaceorg.ietf.jgss.GSSContext
-
isInitiator
public boolean isInitiator() throws org.ietf.jgss.GSSException
- Specified by:
isInitiator
in interfaceorg.ietf.jgss.GSSContext
- Throws:
org.ietf.jgss.GSSException
-
isProtReady
public boolean isProtReady()
- Specified by:
isProtReady
in interfaceorg.ietf.jgss.GSSContext
-
requestLifetime
public void requestLifetime(int lifetime) throws org.ietf.jgss.GSSException
- Specified by:
requestLifetime
in interfaceorg.ietf.jgss.GSSContext
- Throws:
org.ietf.jgss.GSSException
-
getLifetime
public int getLifetime()
- Specified by:
getLifetime
in interfaceorg.ietf.jgss.GSSContext
-
getMech
public org.ietf.jgss.Oid getMech() throws org.ietf.jgss.GSSException
- Specified by:
getMech
in interfaceorg.ietf.jgss.GSSContext
- Throws:
org.ietf.jgss.GSSException
-
getDelegCred
public org.ietf.jgss.GSSCredential getDelegCred() throws org.ietf.jgss.GSSException
- Specified by:
getDelegCred
in interfaceorg.ietf.jgss.GSSContext
- Throws:
org.ietf.jgss.GSSException
-
requestConf
public void requestConf(boolean state) throws org.ietf.jgss.GSSException
- Specified by:
requestConf
in interfaceorg.ietf.jgss.GSSContext
- Throws:
org.ietf.jgss.GSSException
-
getConfState
public boolean getConfState()
- Specified by:
getConfState
in interfaceorg.ietf.jgss.GSSContext
-
getMIC
public byte[] getMIC(byte[] inBuf, int off, int len, org.ietf.jgss.MessageProp prop) throws org.ietf.jgss.GSSException
Returns a cryptographic MIC (message integrity check) of a specified message.- Specified by:
getMIC
in interfaceorg.ietf.jgss.GSSContext
- Throws:
org.ietf.jgss.GSSException
-
verifyMIC
public void verifyMIC(byte[] inTok, int tokOff, int tokLen, byte[] inMsg, int msgOff, int msgLen, org.ietf.jgss.MessageProp prop) throws org.ietf.jgss.GSSException
Verifies a cryptographic MIC (message integrity check) of a specified message.- Specified by:
verifyMIC
in interfaceorg.ietf.jgss.GSSContext
- Throws:
org.ietf.jgss.GSSException
-
initSecContext
public int initSecContext(java.io.InputStream in, java.io.OutputStream out) throws org.ietf.jgss.GSSException
It works just likeinitSecContext
method. It reads one SSL token from input stream, callsinitSecContext
method and writes the output token to the output stream (if any) SSL token is not read on the initial call.- Specified by:
initSecContext
in interfaceorg.ietf.jgss.GSSContext
- Throws:
org.ietf.jgss.GSSException
-
acceptSecContext
public void acceptSecContext(java.io.InputStream in, java.io.OutputStream out) throws org.ietf.jgss.GSSException
It works just likeacceptSecContext
method. It reads one SSL token from input stream, callsacceptSecContext
method and writes the output token to the output stream (if any)- Specified by:
acceptSecContext
in interfaceorg.ietf.jgss.GSSContext
- Throws:
org.ietf.jgss.GSSException
-
getSrcName
public org.ietf.jgss.GSSName getSrcName() throws org.ietf.jgss.GSSException
- Specified by:
getSrcName
in interfaceorg.ietf.jgss.GSSContext
- Throws:
org.ietf.jgss.GSSException
-
getTargName
public org.ietf.jgss.GSSName getTargName() throws org.ietf.jgss.GSSException
- Specified by:
getTargName
in interfaceorg.ietf.jgss.GSSContext
- Throws:
org.ietf.jgss.GSSException
-
requestInteg
public void requestInteg(boolean state) throws org.ietf.jgss.GSSException
- Specified by:
requestInteg
in interfaceorg.ietf.jgss.GSSContext
- Throws:
org.ietf.jgss.GSSException
-
getIntegState
public boolean getIntegState()
- Specified by:
getIntegState
in interfaceorg.ietf.jgss.GSSContext
-
requestSequenceDet
public void requestSequenceDet(boolean state) throws org.ietf.jgss.GSSException
- Specified by:
requestSequenceDet
in interfaceorg.ietf.jgss.GSSContext
- Throws:
org.ietf.jgss.GSSException
-
getSequenceDetState
public boolean getSequenceDetState()
- Specified by:
getSequenceDetState
in interfaceorg.ietf.jgss.GSSContext
-
requestReplayDet
public void requestReplayDet(boolean state) throws org.ietf.jgss.GSSException
- Specified by:
requestReplayDet
in interfaceorg.ietf.jgss.GSSContext
- Throws:
org.ietf.jgss.GSSException
-
getReplayDetState
public boolean getReplayDetState()
- Specified by:
getReplayDetState
in interfaceorg.ietf.jgss.GSSContext
-
requestAnonymity
public void requestAnonymity(boolean state) throws org.ietf.jgss.GSSException
- Specified by:
requestAnonymity
in interfaceorg.ietf.jgss.GSSContext
- Throws:
org.ietf.jgss.GSSException
-
getAnonymityState
public boolean getAnonymityState()
- Specified by:
getAnonymityState
in interfaceorg.ietf.jgss.GSSContext
-
requestMutualAuth
public void requestMutualAuth(boolean state) throws org.ietf.jgss.GSSException
- Specified by:
requestMutualAuth
in interfaceorg.ietf.jgss.GSSContext
- Throws:
org.ietf.jgss.GSSException
-
getMutualAuthState
public boolean getMutualAuthState()
- Specified by:
getMutualAuthState
in interfaceorg.ietf.jgss.GSSContext
-
generateCertRequest
protected byte[] generateCertRequest(java.security.cert.X509Certificate cert) throws java.security.GeneralSecurityException
- Throws:
java.security.GeneralSecurityException
-
verifyDelegatedCert
protected void verifyDelegatedCert(java.security.cert.X509Certificate certificate) throws java.security.GeneralSecurityException
- Throws:
java.security.GeneralSecurityException
-
checkContext
protected void checkContext() throws org.ietf.jgss.GSSException
- Throws:
org.ietf.jgss.GSSException
-
setGssMode
protected void setGssMode(java.lang.Object value) throws org.ietf.jgss.GSSException
- Throws:
org.ietf.jgss.GSSException
-
setDelegationType
protected void setDelegationType(java.lang.Object value) throws org.ietf.jgss.GSSException
- Throws:
org.ietf.jgss.GSSException
-
setCheckContextExpired
protected void setCheckContextExpired(java.lang.Object value) throws org.ietf.jgss.GSSException
- Throws:
org.ietf.jgss.GSSException
-
setRejectLimitedProxy
protected void setRejectLimitedProxy(java.lang.Object value) throws org.ietf.jgss.GSSException
- Throws:
org.ietf.jgss.GSSException
-
setRequireClientAuth
protected void setRequireClientAuth(java.lang.Object value) throws org.ietf.jgss.GSSException
- Throws:
org.ietf.jgss.GSSException
-
setRequireAuthzWithDelegation
protected void setRequireAuthzWithDelegation(java.lang.Object value) throws org.ietf.jgss.GSSException
- Throws:
org.ietf.jgss.GSSException
-
setAcceptNoClientCerts
protected void setAcceptNoClientCerts(java.lang.Object value) throws org.ietf.jgss.GSSException
- Throws:
org.ietf.jgss.GSSException
-
setProxyPolicyHandlers
protected void setProxyPolicyHandlers(java.lang.Object value) throws org.ietf.jgss.GSSException
- Throws:
org.ietf.jgss.GSSException
-
setTrustedCertificates
protected void setTrustedCertificates(java.lang.Object value) throws org.ietf.jgss.GSSException
- Throws:
org.ietf.jgss.GSSException
-
setOption
public void setOption(org.ietf.jgss.Oid option, java.lang.Object value) throws org.ietf.jgss.GSSException
Description copied from interface:ExtendedGSSContext
Sets a context option. It can be called by context initiator or acceptor but prior to the first call to initSecContext, acceptSecContext, initDelegation or acceptDelegation.- Specified by:
setOption
in interfaceExtendedGSSContext
- Parameters:
option
- option type.value
- option value.- Throws:
org.ietf.jgss.GSSException
- containing the following major error codes:GSSException.FAILURE
-
getOption
public java.lang.Object getOption(org.ietf.jgss.Oid option) throws org.ietf.jgss.GSSException
Description copied from interface:ExtendedGSSContext
Gets a context option. It can be called by context initiator or acceptor.- Specified by:
getOption
in interfaceExtendedGSSContext
- Parameters:
option
- option type.- Returns:
- value option value. Maybe be null.
- Throws:
org.ietf.jgss.GSSException
- containing the following major error codes:GSSException.FAILURE
-
initDelegation
public byte[] initDelegation(org.ietf.jgss.GSSCredential credential, org.ietf.jgss.Oid mechanism, int lifetime, byte[] buf, int off, int len) throws org.ietf.jgss.GSSException
Initiate the delegation of a credential. This function drives the initiating side of the credential delegation process. It is expected to be called in tandem with theacceptDelegation
function.
The behavior of this function can be modified byGSSConstants.DELEGATION_TYPE
andGSSConstants.GSS_MODE
context options. TheGSSConstants.DELEGATION_TYPE
option controls delegation type to be performed. TheGSSConstants.GSS_MODE
option if set toGSIConstants.MODE_SSL
results in tokens that are not wrapped.- Specified by:
initDelegation
in interfaceExtendedGSSContext
- Parameters:
credential
- The credential to be delegated. May be null in which case the credential associated with the security context is used.mechanism
- The desired security mechanism. May be null.lifetime
- The requested period of validity (seconds) of the delegated credential.- Returns:
- A token that should be passed to
acceptDelegation
ifisDelegationFinished
returns false. May be null. - Throws:
org.ietf.jgss.GSSException
- containing the following major error codes:GSSException.FAILURE
-
acceptDelegation
public byte[] acceptDelegation(int lifetime, byte[] buf, int off, int len) throws org.ietf.jgss.GSSException
Accept a delegated credential. This function drives the accepting side of the credential delegation process. It is expected to be called in tandem with theinitDelegation
function.
The behavior of this function can be modified byGSSConstants.GSS_MODE
context option. TheGSSConstants.GSS_MODE
option if set toGSIConstants.MODE_SSL
results in tokens that are not wrapped.- Specified by:
acceptDelegation
in interfaceExtendedGSSContext
- Parameters:
lifetime
- The requested period of validity (seconds) of the delegated credential.- Returns:
- A token that should be passed to
initDelegation
ifisDelegationFinished
returns false. May be null. - Throws:
org.ietf.jgss.GSSException
- containing the following major error codes:GSSException.FAILURE
-
getDelegatedCredential
public org.ietf.jgss.GSSCredential getDelegatedCredential()
Description copied from interface:ExtendedGSSContext
Returns the delegated credential that was delegated using theinitDelegation
andacceptDelegation
functions. This is to be called on the delegation accepting side once onceisDelegationFinished
returns true.- Specified by:
getDelegatedCredential
in interfaceExtendedGSSContext
- Returns:
- The delegated credential. Might be null if credential delegation is not finished.
-
isDelegationFinished
public boolean isDelegationFinished()
Description copied from interface:ExtendedGSSContext
Used during delegation to determine the state of the delegation.- Specified by:
isDelegationFinished
in interfaceExtendedGSSContext
- Returns:
- true if delegation was completed, false otherwise.
-
inquireByOid
public java.lang.Object inquireByOid(org.ietf.jgss.Oid oid) throws org.ietf.jgss.GSSException
Retrieves arbitrary data about this context. Currently supported oid:-
GSSConstants.X509_CERT_CHAIN
returns certificate chain of the peer (X509Certificate[]
).
- Specified by:
inquireByOid
in interfaceExtendedGSSContext
- Parameters:
oid
- the oid of the information desired.- Returns:
- the information desired. Might be null.
- Throws:
org.ietf.jgss.GSSException
- containing the following major error codes:GSSException.FAILURE
-
-
setBannedCiphers
public void setBannedCiphers(java.lang.String[] ciphers)
Description copied from interface:ExtendedGSSContext
Specifies a list of ciphers that will not be used.- Specified by:
setBannedCiphers
in interfaceExtendedGSSContext
- Parameters:
ciphers
- The list of banned ciphers.
-
getWrapSizeLimit
public int getWrapSizeLimit(int qop, boolean confReq, int maxTokenSize) throws org.ietf.jgss.GSSException
Currently not implemented.- Specified by:
getWrapSizeLimit
in interfaceorg.ietf.jgss.GSSContext
- Throws:
org.ietf.jgss.GSSException
-
wrap
public void wrap(java.io.InputStream inStream, java.io.OutputStream outStream, org.ietf.jgss.MessageProp msgProp) throws org.ietf.jgss.GSSException
Currently not implemented.- Specified by:
wrap
in interfaceorg.ietf.jgss.GSSContext
- Throws:
org.ietf.jgss.GSSException
-
unwrap
public void unwrap(java.io.InputStream inStream, java.io.OutputStream outStream, org.ietf.jgss.MessageProp msgProp) throws org.ietf.jgss.GSSException
Currently not implemented.- Specified by:
unwrap
in interfaceorg.ietf.jgss.GSSContext
- Throws:
org.ietf.jgss.GSSException
-
getMIC
public void getMIC(java.io.InputStream inStream, java.io.OutputStream outStream, org.ietf.jgss.MessageProp msgProp) throws org.ietf.jgss.GSSException
Currently not implemented.- Specified by:
getMIC
in interfaceorg.ietf.jgss.GSSContext
- Throws:
org.ietf.jgss.GSSException
-
verifyMIC
public void verifyMIC(java.io.InputStream tokStream, java.io.InputStream msgStream, org.ietf.jgss.MessageProp msgProp) throws org.ietf.jgss.GSSException
Currently not implemented.- Specified by:
verifyMIC
in interfaceorg.ietf.jgss.GSSContext
- Throws:
org.ietf.jgss.GSSException
-
setChannelBinding
public void setChannelBinding(org.ietf.jgss.ChannelBinding cb) throws org.ietf.jgss.GSSException
Currently not implemented.- Specified by:
setChannelBinding
in interfaceorg.ietf.jgss.GSSContext
- Throws:
org.ietf.jgss.GSSException
-
isTransferable
public boolean isTransferable() throws org.ietf.jgss.GSSException
Currently not implemented.- Specified by:
isTransferable
in interfaceorg.ietf.jgss.GSSContext
- Throws:
org.ietf.jgss.GSSException
-
export
public byte[] export() throws org.ietf.jgss.GSSException
Currently not implemented.- Specified by:
export
in interfaceorg.ietf.jgss.GSSContext
- Throws:
org.ietf.jgss.GSSException
-
-