| java.lang.Object | |
| ↳ | sun.security.jgss.spnego.SpNegoContext |
Class Overview
Implements the mechanism specific context class for SPNEGO GSS-API mechanism
Summary
| Public Constructors | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
Constructor for SpNegoContext to be called on the context initiator's
side.
| |||||||||||
Constructor for SpNegoContext to be called on the context acceptor's
side.
| |||||||||||
Constructor for SpNegoContext to import a previously exported context.
| |||||||||||
| Public Methods | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
Acceptor's context establishment call.
| |||||||||||
Releases context resources and terminates the
context between 2 peer.
| |||||||||||
Produces a token representing this context.
| |||||||||||
Is confidentiality available?
| |||||||||||
Is credential delegation enabled?
| |||||||||||
Returns the delegated credential for the context.
| |||||||||||
Is integrity available?
| |||||||||||
The lifetime remaining for this context.
| |||||||||||
Applies per-message integrity services.
| |||||||||||
Returns the mechanism oid.
| |||||||||||
Is mutual authentication enabled? Since this is from the client's
perspective, it essentially meas that the server is being
authenticated.
| |||||||||||
Is replay detection enabled on the GSS wrap and MIC tokens?
We enable replay detection if sequence checking is enabled.
| |||||||||||
Is sequence checking enabled on the GSS Wrap and MIC tokens?
We enable sequence checking if replay detection is enabled.
| |||||||||||
Queries the context for largest data size to accomodate
the specified protection and for the token to remain less then
maxTokSize.
| |||||||||||
Initiator context establishment call.
| |||||||||||
Tests if this is the initiator side of the context.
| |||||||||||
Tests if the context can be used for per-message service.
| |||||||||||
Requests that confidentiality be available.
| |||||||||||
Requests that credential delegation be done during context
establishment.
| |||||||||||
Requests that integrity be available.
| |||||||||||
Requests the desired lifetime.
| |||||||||||
Requests that mutual authentication be done during context
establishment.
| |||||||||||
Requests that replay detection be done on the GSS wrap and MIC
tokens.
| |||||||||||
Requests that sequence checking be done on the GSS wrap and MIC
tokens.
| |||||||||||
Sets the channel bindings to be used during context
establishment.
| |||||||||||
For apps that want simplicity and dont care about buffer copies.
| |||||||||||
Retrieves the message token previously encapsulated in the wrap
call.
| |||||||||||
Checks the integrity of the supplied tokens.
| |||||||||||
For apps that want simplicity and don't care about buffer copies.
| |||||||||||
Provides per-message token encapsulation.
| |||||||||||
|
[Expand]
Inherited Methods | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
From class
java.lang.Object
| |||||||||||
|
From interface
sun.security.jgss.spi.GSSContextSpi
| |||||||||||
Public Constructors
public SpNegoContext (SpNegoMechFactory factory, GSSNameSpi peerName, GSSCredentialSpi myCred, int lifetime)
Constructor for SpNegoContext to be called on the context initiator's side.
Throws
| GSSException |
|---|
public SpNegoContext (SpNegoMechFactory factory, GSSCredentialSpi myCred)
Constructor for SpNegoContext to be called on the context acceptor's side.
Throws
| GSSException |
|---|
public SpNegoContext (SpNegoMechFactory factory, byte[] interProcessToken)
Constructor for SpNegoContext to import a previously exported context.
Throws
| GSSException |
|---|
Public Methods
public final byte[] acceptSecContext (InputStream is, int mechTokenSize)
Acceptor's context establishment call. This method may be required to be called several times. A CONTINUE_NEEDED return call indicates that more calls are needed after the next token is received from the peer.
Parameters
| is | contains the token received from the peer. |
|---|---|
| mechTokenSize | the size of the inner context token as read by the GSS-Framework from the mechanism independent GSS-API level header. |
Returns
- any token required to be sent to the peer It is responsibility of the caller to send the token to its peer for processing.
Throws
| GSSException |
|---|
public final void dispose ()
Releases context resources and terminates the context between 2 peer.
Throws
| GSSException |
|---|
public final byte[] export ()
Produces a token representing this context. After this call the context will no longer be usable until an import is performed on the returned token.
Returns
- exported context token
Throws
| GSSException |
|---|
public final boolean getAnonymityState ()
public final boolean getConfState ()
Is confidentiality available?
public final boolean getCredDelegState ()
Is credential delegation enabled?
public final GSSCredentialSpi getDelegCred ()
Returns the delegated credential for the context. This is an optional feature of contexts which not all mechanisms will support. A context can be requested to support credential delegation by using the CRED_DELEG. This is only valid on the acceptor side of the context.
Returns
- GSSCredentialSpi object for the delegated credential
Throws
| GSSException | |
| GSSException |
See Also
- GSSContext#getDelegCredState
public final boolean getIntegState ()
Is integrity available?
public final int getLifetime ()
The lifetime remaining for this context.
public final byte[] getMIC (byte[] inMsg, int offset, int len, MessageProp msgProp)
Throws
| GSSException |
|---|
public final void getMIC (InputStream is, OutputStream os, MessageProp msgProp)
Applies per-message integrity services.
Parameters
| is | the user-provided message |
|---|---|
| os | the token to be sent to the peer along with the message token. The message token is not encapsulated. |
| msgProp | on input the desired QOP and output the applied QOP |
Throws
| GSSException |
|---|
public final boolean getMutualAuthState ()
Is mutual authentication enabled? Since this is from the client's perspective, it essentially meas that the server is being authenticated.
public final boolean getReplayDetState ()
Is replay detection enabled on the GSS wrap and MIC tokens? We enable replay detection if sequence checking is enabled.
public final boolean getSequenceDetState ()
Is sequence checking enabled on the GSS Wrap and MIC tokens? We enable sequence checking if replay detection is enabled.
public final int getWrapSizeLimit (int qop, boolean confReq, int maxTokSize)
Queries the context for largest data size to accomodate the specified protection and for the token to remain less then maxTokSize.
Parameters
| qop | the quality of protection that the context will be asked to provide. |
|---|---|
| confReq | a flag indicating whether confidentiality will be requested or not |
Returns
- the maximum size for the input message that can be provided to the wrap() method in order to guarantee that these requirements are met.
Throws
| GSSException |
|---|
public final byte[] initSecContext (InputStream is, int mechTokenSize)
Initiator context establishment call. This method may be required to be called several times. A CONTINUE_NEEDED return call indicates that more calls are needed after the next token is received from the peer.
Parameters
| is | contains the token received from the peer. On the first call it will be ignored. |
|---|---|
| mechTokenSize | the size of the inner context token as read by the GSS-Framework from the mechanism independent GSS-API level header. |
Returns
- any token required to be sent to the peer It is responsibility of the caller to send the token to its peer for processing.
Throws
| GSSException |
|---|
public final boolean isEstablished ()
public final boolean isInitiator ()
Tests if this is the initiator side of the context.
Returns
- boolean indicating if this is initiator (true) or target (false)
public final boolean isMechContextEstablished ()
public final boolean isProtReady ()
Tests if the context can be used for per-message service. Context may allow the calls to the per-message service functions before being fully established.
Returns
- boolean indicating if per-message methods can be called.
public final void requestConf (boolean value)
Requests that confidentiality be available.
Throws
| GSSException |
|---|
public final void requestCredDeleg (boolean value)
Requests that credential delegation be done during context establishment.
Throws
| GSSException |
|---|
public final void requestInteg (boolean value)
Requests that integrity be available.
Throws
| GSSException |
|---|
public void requestLifetime (int lifetime)
Requests the desired lifetime. Can only be used on the context initiator's side.
Throws
| GSSException |
|---|
public final void requestMutualAuth (boolean value)
Requests that mutual authentication be done during context establishment. Since this is fromm the client's perspective, it essentially requests that the server be authenticated.
Throws
| GSSException |
|---|
public final void requestReplayDet (boolean value)
Requests that replay detection be done on the GSS wrap and MIC tokens.
Throws
| GSSException |
|---|
public final void requestSequenceDet (boolean value)
Requests that sequence checking be done on the GSS wrap and MIC tokens.
Throws
| GSSException |
|---|
public final void setChannelBinding (ChannelBinding channelBinding)
Sets the channel bindings to be used during context establishment.
Throws
| GSSException |
|---|
public final byte[] unwrap (byte[] inBuf, int offset, int len, MessageProp msgProp)
For apps that want simplicity and dont care about buffer copies.
Throws
| GSSException |
|---|
public final void unwrap (InputStream is, OutputStream os, MessageProp msgProp)
Retrieves the message token previously encapsulated in the wrap call.
Parameters
| is | the token from the peer |
|---|---|
| os | unprotected message data |
| msgProp | will contain the applied qop and confidentiality of the input token and any informatory status values |
Throws
| GSSException |
|---|
public final void verifyMIC (InputStream is, InputStream msgStr, MessageProp msgProp)
Checks the integrity of the supplied tokens. This token was previously generated by getMIC.
Parameters
| is | token generated by getMIC |
|---|---|
| msgStr | the message to check integrity for |
Throws
| GSSException |
|---|
public final void verifyMIC (byte[] inTok, int tokOffset, int tokLen, byte[] inMsg, int msgOffset, int msgLen, MessageProp msgProp)
Throws
| GSSException |
|---|
public final byte[] wrap (byte[] inBuf, int offset, int len, MessageProp msgProp)
For apps that want simplicity and don't care about buffer copies.
Throws
| GSSException |
|---|
public final void wrap (InputStream is, OutputStream os, MessageProp msgProp)
Provides per-message token encapsulation.
Parameters
| is | the user-provided message to be protected |
|---|---|
| os | the token to be sent to the peer. It includes the message from is with the requested protection. |
Throws
| GSSException |
|---|