sun.security.mule.jgss.krb5
Class Krb5Context

java.lang.Object
  sun.security.mule.jgss.krb5.Krb5Context

All Implemented Interfaces:

GSSContextSpi

public class Krb5Context
extends Object
implements GSSContextSpi

Implements the mechanism specific context class for the Kerberos v5 GSS-API mechanism.

Since:

1.4

Author:

Mayank Upadhyay, Ram Marti

Constructor Summary

Krb5Context(int caller, byte[] interProcessToken)
Constructor for Krb5Context to import a previously exported context.

Krb5Context(int caller, sun.security.mule.jgss.krb5.Krb5CredElement myCred)
Constructor for Krb5Context to be called on the context acceptor's side.

Krb5Context(int caller, Krb5NameElement peerName, sun.security.mule.jgss.krb5.Krb5CredElement myCred, int lifetime)
Constructor for Krb5Context to be called on the context initiator's side.

Method Summary

byte[]	acceptSecContext(InputStream is, int mechTokenSize) Acceptor's context establishment call.
void	dispose() Releases context resources and terminates the context between 2 peer.
byte[]	export() Produces a token representing this context.
boolean	getAnonymityState()
boolean	getConfState() Is confidentiality available?
boolean	getCredDelegState() Is credential delegation enabled?
GSSCredentialSpi	getDelegCred() Returns the delegated credential for the context.
boolean	getIntegState() Is integrity available?
int	getLifetime() The lifetime remaining for this context.
Oid	getMech() Returns the mechanism oid.
byte[]	getMIC(byte[] inMsg, int offset, int len, MessageProp msgProp)
void	getMIC(InputStream is, OutputStream os, MessageProp msgProp) Applies per-message integrity services.
boolean	getMutualAuthState() Is mutual authentication enabled? Since this is from the client's perspective, it essentially meas that the server is being authenticated.
Provider	getProvider()
boolean	getReplayDetState() Is replay detection enabled on the GSS wrap and MIC tokens? We enable replay detection if sequence checking is enabled.
boolean	getSequenceDetState() Is sequence checking enabled on the GSS Wrap and MIC tokens? We enable sequence checking if replay detection is enabled.
GSSNameSpi	getSrcName() Returns the context initiator name.
GSSNameSpi	getTargName() Returns the context acceptor.
int	getWrapSizeLimit(int qop, boolean confReq, int maxTokSize) Queries the context for largest data size to accomodate the specified protection and be <= maxTokSize.
byte[]	initSecContext(InputStream is, int mechTokenSize) Initiator context establishment call.
boolean	isEstablished()
boolean	isInitiator() Tests if this is the initiator side of the context.
boolean	isProtReady() Tests if the context can be used for per-message service.
boolean	isTransferable() Method to determine if the context can be exported and then re-imported.
void	requestAnonymity(boolean value)
void	requestConf(boolean value) Requests that confidentiality be available.
void	requestCredDeleg(boolean value) Requests that credential delegation be done during context establishment.
void	requestInteg(boolean value) Requests that integrity be available.
void	requestLifetime(int lifetime) Requests the desired lifetime.
void	requestMutualAuth(boolean value) Requests that mutual authentication be done during context establishment.
void	requestReplayDet(boolean value) Requests that replay detection be done on the GSS wrap and MIC tokens.
void	requestSequenceDet(boolean value) Requests that sequence checking be done on the GSS wrap and MIC tokens.
void	resetStateToNew()
void	setChannelBinding(ChannelBinding channelBinding) Sets the channel bindings to be used during context establishment.
void	setKerberosConfig(Config kerberosConfig)
int	unwrap(byte[] inBuf, int inOffset, int len, byte[] outBuf, int outOffset, MessageProp msgProp)
byte[]	unwrap(byte[] inBuf, int offset, int len, MessageProp msgProp) For apps that want simplicity and dont care about buffer copies.
int	unwrap(InputStream is, byte[] outBuf, int outOffset, MessageProp msgProp)
void	unwrap(InputStream is, OutputStream os, MessageProp msgProp) Retrieves the message token previously encapsulated in the wrap call.
void	verifyMIC(byte[] inTok, int tokOffset, int tokLen, byte[] inMsg, int msgOffset, int msgLen, MessageProp msgProp)
void	verifyMIC(InputStream is, InputStream msgStr, MessageProp mProp) Checks the integrity of the supplied tokens.
int	wrap(byte[] inBuf, int inOffset, int len, byte[] outBuf, int outOffset, MessageProp msgProp)
byte[]	wrap(byte[] inBuf, int offset, int len, MessageProp msgProp) For apps that want simplicity and don't care about buffer copies.
void	wrap(byte[] inBuf, int offset, int len, OutputStream os, MessageProp msgProp)
void	wrap(InputStream is, OutputStream os, MessageProp msgProp) Provides per-message token encapsulation.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

Krb5Context

public Krb5Context(int caller,
                   Krb5NameElement peerName,
                   sun.security.mule.jgss.krb5.Krb5CredElement myCred,
                   int lifetime)
            throws GSSException

Constructor for Krb5Context to be called on the context initiator's side.

Throws:

GSSException

Krb5Context

public Krb5Context(int caller,
                   sun.security.mule.jgss.krb5.Krb5CredElement myCred)
            throws GSSException

Constructor for Krb5Context to be called on the context acceptor's side.

Throws:

GSSException

Krb5Context

public Krb5Context(int caller,
                   byte[] interProcessToken)
            throws GSSException

Constructor for Krb5Context to import a previously exported context.

Throws:

GSSException

Method Detail

setKerberosConfig

public void setKerberosConfig(Config kerberosConfig)

resetStateToNew

public void resetStateToNew()

isTransferable

public final boolean isTransferable()
                             throws GSSException

Method to determine if the context can be exported and then re-imported.

Specified by:

isTransferable in interface GSSContextSpi

Throws:

GSSException

getLifetime

public final int getLifetime()

The lifetime remaining for this context.

Specified by:

getLifetime in interface GSSContextSpi

requestLifetime

public void requestLifetime(int lifetime)
                     throws GSSException

Requests the desired lifetime. Can only be used on the context initiator's side.

Specified by:

requestLifetime in interface GSSContextSpi

Throws:

GSSException

requestConf

public final void requestConf(boolean value)
                       throws GSSException

Requests that confidentiality be available.

Specified by:

requestConf in interface GSSContextSpi

Throws:

GSSException

getConfState

public final boolean getConfState()

Is confidentiality available?

Specified by:

getConfState in interface GSSContextSpi

requestInteg

public final void requestInteg(boolean value)
                        throws GSSException

Requests that integrity be available.

Specified by:

requestInteg in interface GSSContextSpi

Throws:

GSSException

getIntegState

public final boolean getIntegState()

Is integrity available?

Specified by:

getIntegState in interface GSSContextSpi

requestCredDeleg

public final void requestCredDeleg(boolean value)
                            throws GSSException

Requests that credential delegation be done during context establishment.

Specified by:

requestCredDeleg in interface GSSContextSpi

Throws:

GSSException

getCredDelegState

public final boolean getCredDelegState()

Is credential delegation enabled?

Specified by:

getCredDelegState in interface GSSContextSpi

requestMutualAuth

public final void requestMutualAuth(boolean value)
                             throws GSSException

Requests that mutual authentication be done during context establishment. Since this is fromm the client's perspective, it essentially requests that the server be authenticated.

Specified by:

requestMutualAuth in interface GSSContextSpi

Throws:

GSSException

getMutualAuthState

public final boolean getMutualAuthState()

Is mutual authentication enabled? Since this is from the client's perspective, it essentially meas that the server is being authenticated.

Specified by:

getMutualAuthState in interface GSSContextSpi

requestReplayDet

public final void requestReplayDet(boolean value)
                            throws GSSException

Requests that replay detection be done on the GSS wrap and MIC tokens.

Specified by:

requestReplayDet in interface GSSContextSpi

Throws:

GSSException

getReplayDetState

public final boolean getReplayDetState()

Is replay detection enabled on the GSS wrap and MIC tokens? We enable replay detection if sequence checking is enabled.

Specified by:

getReplayDetState in interface GSSContextSpi

requestSequenceDet

public final void requestSequenceDet(boolean value)
                              throws GSSException

Requests that sequence checking be done on the GSS wrap and MIC tokens.

Specified by:

requestSequenceDet in interface GSSContextSpi

Throws:

GSSException

getSequenceDetState

public final boolean getSequenceDetState()

Is sequence checking enabled on the GSS Wrap and MIC tokens? We enable sequence checking if replay detection is enabled.

Specified by:

getSequenceDetState in interface GSSContextSpi

requestAnonymity

public final void requestAnonymity(boolean value)
                            throws GSSException

Specified by:

requestAnonymity in interface GSSContextSpi

Throws:

GSSException

getAnonymityState

public final boolean getAnonymityState()

Specified by:

getAnonymityState in interface GSSContextSpi

setChannelBinding

public final void setChannelBinding(ChannelBinding channelBinding)
                             throws GSSException

Sets the channel bindings to be used during context establishment.

Specified by:

setChannelBinding in interface GSSContextSpi

Throws:

GSSException

getMech

public final Oid getMech()

Returns the mechanism oid.

Specified by:

getMech in interface GSSContextSpi

Returns:

the Oid of this context

getSrcName

public final GSSNameSpi getSrcName()
                            throws GSSException

Returns the context initiator name.

Specified by:

getSrcName in interface GSSContextSpi

Returns:

initiator name

Throws:

GSSException

getTargName

public final GSSNameSpi getTargName()
                             throws GSSException

Returns the context acceptor.

Specified by:

getTargName in interface GSSContextSpi

Returns:

context acceptor(target) name

Throws:

GSSException

getDelegCred

public final GSSCredentialSpi getDelegCred()
                                    throws GSSException

Returns the delegated credential for the context. This is an optional feature of contexts which not all mechanisms will support. A context can be requested to support credential delegation by using the CRED_DELEG. This is only valid on the acceptor side of the context.

Specified by:

getDelegCred in interface GSSContextSpi

Returns:

GSSCredentialSpi object for the delegated credential

Throws:

GSSException

See Also:

GSSContext#getDelegCredState

isInitiator

public final boolean isInitiator()

Tests if this is the initiator side of the context.

Specified by:

isInitiator in interface GSSContextSpi

Returns:

boolean indicating if this is initiator (true) or target (false)

isProtReady

public final boolean isProtReady()

Tests if the context can be used for per-message service. Context may allow the calls to the per-message service functions before being fully established.

Specified by:

isProtReady in interface GSSContextSpi

Returns:

boolean indicating if per-message methods can be called.

initSecContext

public final byte[] initSecContext(InputStream is,
                                   int mechTokenSize)
                            throws GSSException

Initiator context establishment call. This method may be required to be called several times. A CONTINUE_NEEDED return call indicates that more calls are needed after the next token is received from the peer.

Specified by:

initSecContext in interface GSSContextSpi

Parameters:

is - contains the token received from the peer. On the first call it will be ignored.

mechTokenSize - the size of the inner context token as read by the GSS-Framework from the mechanism independent GSS-API level header.

Returns:

any token required to be sent to the peer It is responsibility of the caller to send the token to its peer for processing.

Throws:

GSSException

isEstablished

public final boolean isEstablished()

Specified by:

isEstablished in interface GSSContextSpi

acceptSecContext

public final byte[] acceptSecContext(InputStream is,
                                     int mechTokenSize)
                              throws GSSException

Acceptor's context establishment call. This method may be required to be called several times. A CONTINUE_NEEDED return call indicates that more calls are needed after the next token is received from the peer.

Specified by:

acceptSecContext in interface GSSContextSpi

Parameters:

is - contains the token received from the peer.

mechTokenSize - the size of the inner context token as read by the GSS-Framework from the mechanism independent GSS-API level header.

Returns:

any token required to be sent to the peer It is responsibility of the caller to send the token to its peer for processing.

Throws:

GSSException

getWrapSizeLimit

public final int getWrapSizeLimit(int qop,
                                  boolean confReq,
                                  int maxTokSize)
                           throws GSSException

Queries the context for largest data size to accomodate the specified protection and be <= maxTokSize.

Specified by:

getWrapSizeLimit in interface GSSContextSpi

Parameters:

qop - the quality of protection that the context will be asked to provide.

confReq - a flag indicating whether confidentiality will be requested or not

outputSize - the maximum size of the output token

Returns:

the maximum size for the input message that can be provided to the wrap() method in order to guarantee that these requirements are met.

Throws:

GSSException

wrap

public final byte[] wrap(byte[] inBuf,
                         int offset,
                         int len,
                         MessageProp msgProp)
                  throws GSSException

Description copied from interface: GSSContextSpi

For apps that want simplicity and don't care about buffer copies.

Specified by:

wrap in interface GSSContextSpi

Throws:

GSSException

wrap

public final int wrap(byte[] inBuf,
                      int inOffset,
                      int len,
                      byte[] outBuf,
                      int outOffset,
                      MessageProp msgProp)
               throws GSSException

Throws:

GSSException

wrap

public final void wrap(byte[] inBuf,
                       int offset,
                       int len,
                       OutputStream os,
                       MessageProp msgProp)
                throws GSSException

Throws:

GSSException

wrap

public final void wrap(InputStream is,
                       OutputStream os,
                       MessageProp msgProp)
                throws GSSException

Description copied from interface: GSSContextSpi

Provides per-message token encapsulation.

Specified by:

wrap in interface GSSContextSpi

Parameters:

is - the user-provided message to be protected

os - the token to be sent to the peer. It includes the message from is with the requested protection.

Throws:

GSSException - may be thrown

See Also:

MessageInfo, unwrap

unwrap

public final byte[] unwrap(byte[] inBuf,
                           int offset,
                           int len,
                           MessageProp msgProp)
                    throws GSSException

Description copied from interface: GSSContextSpi

For apps that want simplicity and dont care about buffer copies.

Specified by:

unwrap in interface GSSContextSpi

Throws:

GSSException

unwrap

public final int unwrap(byte[] inBuf,
                        int inOffset,
                        int len,
                        byte[] outBuf,
                        int outOffset,
                        MessageProp msgProp)
                 throws GSSException

Throws:

GSSException

unwrap

public final int unwrap(InputStream is,
                        byte[] outBuf,
                        int outOffset,
                        MessageProp msgProp)
                 throws GSSException

Throws:

GSSException

unwrap

public final void unwrap(InputStream is,
                         OutputStream os,
                         MessageProp msgProp)
                  throws GSSException

Description copied from interface: GSSContextSpi

Retrieves the message token previously encapsulated in the wrap call.

Specified by:

unwrap in interface GSSContextSpi

Parameters:

is - the token from the peer

os - unprotected message data

msgProp - will contain the applied qop and confidentiality of the input token and any informatory status values

Throws:

GSSException - may be thrown

See Also:

MessageInfo, wrap

getMIC

public final byte[] getMIC(byte[] inMsg,
                           int offset,
                           int len,
                           MessageProp msgProp)
                    throws GSSException

Specified by:

getMIC in interface GSSContextSpi

Throws:

GSSException

getMIC

public final void getMIC(InputStream is,
                         OutputStream os,
                         MessageProp msgProp)
                  throws GSSException

Description copied from interface: GSSContextSpi

Applies per-message integrity services.

Specified by:

getMIC in interface GSSContextSpi

Parameters:

is - the user-provided message

os - the token to be sent to the peer along with the message token. The message token is not encapsulated.

msgProp - on input the desired QOP and output the applied QOP

Throws:

GSSException

verifyMIC

public final void verifyMIC(byte[] inTok,
                            int tokOffset,
                            int tokLen,
                            byte[] inMsg,
                            int msgOffset,
                            int msgLen,
                            MessageProp msgProp)
                     throws GSSException

Specified by:

verifyMIC in interface GSSContextSpi

Throws:

GSSException

verifyMIC

public final void verifyMIC(InputStream is,
                            InputStream msgStr,
                            MessageProp mProp)
                     throws GSSException

Description copied from interface: GSSContextSpi

Checks the integrity of the supplied tokens. This token was previously generated by getMIC.

Specified by:

verifyMIC in interface GSSContextSpi

Parameters:

is - token generated by getMIC

msgStr - the message to check integrity for

Throws:

GSSException - may be thrown

export

public final byte[] export()
                    throws GSSException

Produces a token representing this context. After this call the context will no longer be usable until an import is performed on the returned token.

Specified by:

export in interface GSSContextSpi

Parameters:

os - the output token will be written to this stream

Returns:

exported context token

Throws:

GSSException

dispose

public final void dispose()
                   throws GSSException

Releases context resources and terminates the context between 2 peer.

Specified by:

dispose in interface GSSContextSpi

Throws:

GSSException - with major codes NO_CONTEXT, FAILURE.

getProvider

public final Provider getProvider()

Specified by:

getProvider in interface GSSContextSpi