sun.security.mule.jgss.spnego
Class SpNegoContext

java.lang.Object
  sun.security.mule.jgss.spnego.SpNegoContext

All Implemented Interfaces:

GSSContextSpi

public class SpNegoContext
extends Object
implements GSSContextSpi

Implements the mechanism specific context class for SPNEGO GSS-API mechanism

Since:

1.6

Author:

Seema Malkani

Constructor Summary

SpNegoContext(SpNegoMechFactory factory, byte[] interProcessToken)
Constructor for SpNegoContext to import a previously exported context.

SpNegoContext(SpNegoMechFactory factory, GSSCredentialSpi myCred)
Constructor for SpNegoContext to be called on the context acceptor's side.

SpNegoContext(SpNegoMechFactory factory, GSSNameSpi peerName, GSSCredentialSpi myCred, int lifetime)
Constructor for SpNegoContext to be called on the context initiator's side.

Method Summary

byte[]	acceptSecContext(InputStream is, int mechTokenSize) Acceptor's context establishment call.
void	dispose() Releases context resources and terminates the context between 2 peer.
byte[]	export() Produces a token representing this context.
boolean	getAnonymityState()
boolean	getConfState() Is confidentiality available?
boolean	getCredDelegState() Is credential delegation enabled?
GSSCredentialSpi	getDelegCred() Returns the delegated credential for the context.
boolean	getIntegState() Is integrity available?
int	getLifetime() The lifetime remaining for this context.
Oid	getMech() Returns the mechanism oid.
byte[]	getMIC(byte[] inMsg, int offset, int len, MessageProp msgProp)
void	getMIC(InputStream is, OutputStream os, MessageProp msgProp) Applies per-message integrity services.
boolean	getMutualAuthState() Is mutual authentication enabled? Since this is from the client's perspective, it essentially meas that the server is being authenticated.
Oid	getNegotiatedMech()
Provider	getProvider()
boolean	getReplayDetState() Is replay detection enabled on the GSS wrap and MIC tokens? We enable replay detection if sequence checking is enabled.
boolean	getSequenceDetState() Is sequence checking enabled on the GSS Wrap and MIC tokens? We enable sequence checking if replay detection is enabled.
GSSNameSpi	getSrcName()
GSSNameSpi	getTargName()
int	getWrapSizeLimit(int qop, boolean confReq, int maxTokSize) Queries the context for largest data size to accomodate the specified protection and for the token to remain less then maxTokSize.
byte[]	initSecContext(InputStream is, int mechTokenSize) Initiator context establishment call.
boolean	isEstablished()
boolean	isInitiator() Tests if this is the initiator side of the context.
boolean	isMechContextEstablished()
boolean	isProtReady() Tests if the context can be used for per-message service.
boolean	isTransferable()
void	requestAnonymity(boolean value)
void	requestConf(boolean value) Requests that confidentiality be available.
void	requestCredDeleg(boolean value) Requests that credential delegation be done during context establishment.
void	requestInteg(boolean value) Requests that integrity be available.
void	requestLifetime(int lifetime) Requests the desired lifetime.
void	requestMutualAuth(boolean value) Requests that mutual authentication be done during context establishment.
void	requestReplayDet(boolean value) Requests that replay detection be done on the GSS wrap and MIC tokens.
void	requestSequenceDet(boolean value) Requests that sequence checking be done on the GSS wrap and MIC tokens.
void	setChannelBinding(ChannelBinding channelBinding) Sets the channel bindings to be used during context establishment.
byte[]	unwrap(byte[] inBuf, int offset, int len, MessageProp msgProp) For apps that want simplicity and dont care about buffer copies.
void	unwrap(InputStream is, OutputStream os, MessageProp msgProp) Retrieves the message token previously encapsulated in the wrap call.
void	verifyMIC(byte[] inTok, int tokOffset, int tokLen, byte[] inMsg, int msgOffset, int msgLen, MessageProp msgProp)
void	verifyMIC(InputStream is, InputStream msgStr, MessageProp msgProp) Checks the integrity of the supplied tokens.
byte[]	wrap(byte[] inBuf, int offset, int len, MessageProp msgProp) For apps that want simplicity and don't care about buffer copies.
void	wrap(InputStream is, OutputStream os, MessageProp msgProp) Provides per-message token encapsulation.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SpNegoContext

public SpNegoContext(SpNegoMechFactory factory,
                     GSSNameSpi peerName,
                     GSSCredentialSpi myCred,
                     int lifetime)
              throws GSSException

Constructor for SpNegoContext to be called on the context initiator's side.

Throws:

GSSException

SpNegoContext

public SpNegoContext(SpNegoMechFactory factory,
                     GSSCredentialSpi myCred)
              throws GSSException

Constructor for SpNegoContext to be called on the context acceptor's side.

Throws:

GSSException

SpNegoContext

public SpNegoContext(SpNegoMechFactory factory,
                     byte[] interProcessToken)
              throws GSSException

Constructor for SpNegoContext to import a previously exported context.

Throws:

GSSException

Method Detail

requestConf

public final void requestConf(boolean value)
                       throws GSSException

Requests that confidentiality be available.

Specified by:

requestConf in interface GSSContextSpi

Throws:

GSSException

getConfState

public final boolean getConfState()

Is confidentiality available?

Specified by:

getConfState in interface GSSContextSpi

requestInteg

public final void requestInteg(boolean value)
                        throws GSSException

Requests that integrity be available.

Specified by:

requestInteg in interface GSSContextSpi

Throws:

GSSException

getIntegState

public final boolean getIntegState()

Is integrity available?

Specified by:

getIntegState in interface GSSContextSpi

requestCredDeleg

public final void requestCredDeleg(boolean value)
                            throws GSSException

Requests that credential delegation be done during context establishment.

Specified by:

requestCredDeleg in interface GSSContextSpi

Throws:

GSSException

getCredDelegState

public final boolean getCredDelegState()

Is credential delegation enabled?

Specified by:

getCredDelegState in interface GSSContextSpi

requestMutualAuth

public final void requestMutualAuth(boolean value)
                             throws GSSException

Requests that mutual authentication be done during context establishment. Since this is fromm the client's perspective, it essentially requests that the server be authenticated.

Specified by:

requestMutualAuth in interface GSSContextSpi

Throws:

GSSException

getMutualAuthState

public final boolean getMutualAuthState()

Is mutual authentication enabled? Since this is from the client's perspective, it essentially meas that the server is being authenticated.

Specified by:

getMutualAuthState in interface GSSContextSpi

getMech

public final Oid getMech()

Returns the mechanism oid.

Specified by:

getMech in interface GSSContextSpi

Returns:

the Oid of this context

getNegotiatedMech

public final Oid getNegotiatedMech()

getProvider

public final Provider getProvider()

Specified by:

getProvider in interface GSSContextSpi

dispose

public final void dispose()
                   throws GSSException

Description copied from interface: GSSContextSpi

Releases context resources and terminates the context between 2 peer.

Specified by:

dispose in interface GSSContextSpi

Throws:

GSSException - may be thrown

isInitiator

public final boolean isInitiator()

Tests if this is the initiator side of the context.

Specified by:

isInitiator in interface GSSContextSpi

Returns:

boolean indicating if this is initiator (true) or target (false)

isProtReady

public final boolean isProtReady()

Tests if the context can be used for per-message service. Context may allow the calls to the per-message service functions before being fully established.

Specified by:

isProtReady in interface GSSContextSpi

Returns:

boolean indicating if per-message methods can be called.

initSecContext

public final byte[] initSecContext(InputStream is,
                                   int mechTokenSize)
                            throws GSSException

Initiator context establishment call. This method may be required to be called several times. A CONTINUE_NEEDED return call indicates that more calls are needed after the next token is received from the peer.

Specified by:

initSecContext in interface GSSContextSpi

Parameters:

is - contains the token received from the peer. On the first call it will be ignored.

mechTokenSize - the size of the inner context token as read by the GSS-Framework from the mechanism independent GSS-API level header.

Returns:

any token required to be sent to the peer It is responsibility of the caller to send the token to its peer for processing.

Throws:

GSSException

acceptSecContext

public final byte[] acceptSecContext(InputStream is,
                                     int mechTokenSize)
                              throws GSSException

Acceptor's context establishment call. This method may be required to be called several times. A CONTINUE_NEEDED return call indicates that more calls are needed after the next token is received from the peer.

Specified by:

acceptSecContext in interface GSSContextSpi

Parameters:

is - contains the token received from the peer.

mechTokenSize - the size of the inner context token as read by the GSS-Framework from the mechanism independent GSS-API level header.

Returns:

any token required to be sent to the peer It is responsibility of the caller to send the token to its peer for processing.

Throws:

GSSException

isEstablished

public final boolean isEstablished()

Specified by:

isEstablished in interface GSSContextSpi

isMechContextEstablished

public final boolean isMechContextEstablished()

export

public final byte[] export()
                    throws GSSException

Description copied from interface: GSSContextSpi

Produces a token representing this context. After this call the context will no longer be usable until an import is performed on the returned token.

Specified by:

export in interface GSSContextSpi

Returns:

exported context token

Throws:

GSSException - may be thrown

setChannelBinding

public final void setChannelBinding(ChannelBinding channelBinding)
                             throws GSSException

Sets the channel bindings to be used during context establishment.

Specified by:

setChannelBinding in interface GSSContextSpi

Throws:

GSSException

requestAnonymity

public final void requestAnonymity(boolean value)
                            throws GSSException

Specified by:

requestAnonymity in interface GSSContextSpi

Throws:

GSSException

getAnonymityState

public final boolean getAnonymityState()

Specified by:

getAnonymityState in interface GSSContextSpi

requestLifetime

public void requestLifetime(int lifetime)
                     throws GSSException

Requests the desired lifetime. Can only be used on the context initiator's side.

Specified by:

requestLifetime in interface GSSContextSpi

Throws:

GSSException

getLifetime

public final int getLifetime()

The lifetime remaining for this context.

Specified by:

getLifetime in interface GSSContextSpi

isTransferable

public final boolean isTransferable()
                             throws GSSException

Specified by:

isTransferable in interface GSSContextSpi

Throws:

GSSException

requestSequenceDet

public final void requestSequenceDet(boolean value)
                              throws GSSException

Requests that sequence checking be done on the GSS wrap and MIC tokens.

Specified by:

requestSequenceDet in interface GSSContextSpi

Throws:

GSSException

getSequenceDetState

public final boolean getSequenceDetState()

Is sequence checking enabled on the GSS Wrap and MIC tokens? We enable sequence checking if replay detection is enabled.

Specified by:

getSequenceDetState in interface GSSContextSpi

requestReplayDet

public final void requestReplayDet(boolean value)
                            throws GSSException

Requests that replay detection be done on the GSS wrap and MIC tokens.

Specified by:

requestReplayDet in interface GSSContextSpi

Throws:

GSSException

getReplayDetState

public final boolean getReplayDetState()

Is replay detection enabled on the GSS wrap and MIC tokens? We enable replay detection if sequence checking is enabled.

Specified by:

getReplayDetState in interface GSSContextSpi

getTargName

public final GSSNameSpi getTargName()
                             throws GSSException

Specified by:

getTargName in interface GSSContextSpi

Throws:

GSSException

getSrcName

public final GSSNameSpi getSrcName()
                            throws GSSException

Specified by:

getSrcName in interface GSSContextSpi

Throws:

GSSException

getDelegCred

public final GSSCredentialSpi getDelegCred()
                                    throws GSSException

Returns the delegated credential for the context. This is an optional feature of contexts which not all mechanisms will support. A context can be requested to support credential delegation by using the CRED_DELEG. This is only valid on the acceptor side of the context.

Specified by:

getDelegCred in interface GSSContextSpi

Returns:

GSSCredentialSpi object for the delegated credential

Throws:

GSSException

See Also:

GSSContext#getDelegCredState

getWrapSizeLimit

public final int getWrapSizeLimit(int qop,
                                  boolean confReq,
                                  int maxTokSize)
                           throws GSSException

Description copied from interface: GSSContextSpi

Queries the context for largest data size to accomodate the specified protection and for the token to remain less then maxTokSize.

Specified by:

getWrapSizeLimit in interface GSSContextSpi

Parameters:

qop - the quality of protection that the context will be asked to provide.

confReq - a flag indicating whether confidentiality will be requested or not

Returns:

the maximum size for the input message that can be provided to the wrap() method in order to guarantee that these requirements are met.

Throws:

GSSException - may be thrown

wrap

public final byte[] wrap(byte[] inBuf,
                         int offset,
                         int len,
                         MessageProp msgProp)
                  throws GSSException

Description copied from interface: GSSContextSpi

For apps that want simplicity and don't care about buffer copies.

Specified by:

wrap in interface GSSContextSpi

Throws:

GSSException

wrap

public final void wrap(InputStream is,
                       OutputStream os,
                       MessageProp msgProp)
                throws GSSException

Description copied from interface: GSSContextSpi

Provides per-message token encapsulation.

Specified by:

wrap in interface GSSContextSpi

Parameters:

is - the user-provided message to be protected

os - the token to be sent to the peer. It includes the message from is with the requested protection.

Throws:

GSSException - may be thrown

See Also:

MessageInfo, unwrap

unwrap

public final byte[] unwrap(byte[] inBuf,
                           int offset,
                           int len,
                           MessageProp msgProp)
                    throws GSSException

Description copied from interface: GSSContextSpi

For apps that want simplicity and dont care about buffer copies.

Specified by:

unwrap in interface GSSContextSpi

Throws:

GSSException

unwrap

public final void unwrap(InputStream is,
                         OutputStream os,
                         MessageProp msgProp)
                  throws GSSException

Description copied from interface: GSSContextSpi

Retrieves the message token previously encapsulated in the wrap call.

Specified by:

unwrap in interface GSSContextSpi

Parameters:

is - the token from the peer

os - unprotected message data

msgProp - will contain the applied qop and confidentiality of the input token and any informatory status values

Throws:

GSSException - may be thrown

See Also:

MessageInfo, wrap

getMIC

public final byte[] getMIC(byte[] inMsg,
                           int offset,
                           int len,
                           MessageProp msgProp)
                    throws GSSException

Specified by:

getMIC in interface GSSContextSpi

Throws:

GSSException

getMIC

public final void getMIC(InputStream is,
                         OutputStream os,
                         MessageProp msgProp)
                  throws GSSException

Description copied from interface: GSSContextSpi

Applies per-message integrity services.

Specified by:

getMIC in interface GSSContextSpi

Parameters:

is - the user-provided message

os - the token to be sent to the peer along with the message token. The message token is not encapsulated.

msgProp - on input the desired QOP and output the applied QOP

Throws:

GSSException

verifyMIC

public final void verifyMIC(byte[] inTok,
                            int tokOffset,
                            int tokLen,
                            byte[] inMsg,
                            int msgOffset,
                            int msgLen,
                            MessageProp msgProp)
                     throws GSSException

Specified by:

verifyMIC in interface GSSContextSpi

Throws:

GSSException

verifyMIC

public final void verifyMIC(InputStream is,
                            InputStream msgStr,
                            MessageProp msgProp)
                     throws GSSException

Description copied from interface: GSSContextSpi

Checks the integrity of the supplied tokens. This token was previously generated by getMIC.

Specified by:

verifyMIC in interface GSSContextSpi

Parameters:

is - token generated by getMIC

msgStr - the message to check integrity for

Throws:

GSSException - may be thrown